which officially fixes the setuid security exploit by the vendors.
Additionally, from the PR:
* adds in distribution patches to allow it to interoperate
with libtiff-3.5.5 (the current version in the ports tree),
and replace an original FreeBSD patch.
* includes security patches (replacements of 'strcpy' and
'sprintf', primarily), mostly based on patches originally
submitted by Alex Langer [1] for 4.0pl2 and not yet commited,
although some new work was done too.
[1] I don't think, that these were my patches but those submitted by
John Holland <john@zoner.org> in PR 19180.
* Fixes some issues with the configure/setup scripts introduced
since the previous version.
* Additionally, original FreeBSD patches from 4.0pl2 were
merged in where they were not addressed by anything else.
(except the I18N patch, sorry).
I removed the FORBIDDEN line since there are at least no obvious security
concerns left.
PR: 19237
Submitted by: Andy Sparrow <andy@geek4food.org>
control word to use 64-bit (extended) precision instead of FreeBSDs
default 53-bit (double) precision.
Submitted by: Sune Falck <sunef@hem.passagen.se>
Also provide following enhancements:
- Remove PLIST.perl and merge its contents into main PLIST using Satoshi's
%%PORTDOCS:%% hack;
- the same as previous for Gnome bits;
- automatically generate and substitute shared libraries version;
- slightly reorder Makefile to be more organised;
- remove mailformed pieces from configure patch (it is appears that somebody
did diff after USE_LIBTOOL hack has been applied).
The problem with temporary file/directory permission, which have been
dealt with by patches/patch-a[b-i] seems to have gone away.
However, I haven't examined the rest of the code to determine whether
security problems with this program have been corrected.
(CF: FreeBSD-SA-00:04.)
Correct typo from 1.33 which made rnews setuid news, not setgid uucp which it actually
required to implement the intended change.
Submitted by: Russ Allbery <rra@STANFORD.EDU> (first change) via Bugtraq
Update to 0.1.5. (Sorry pkg_version, I changed the PORTVERSION'ing scheme
here to respect its version number rather than to use the date.)
Now USE_AUTOMAKE.
Install documents unless NOPORTDOCS.
A new command `cvsdo' has added.
