- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.
* A CSRF vulnerability in attachment.cgi can lead to an attachment
being edited without the user consent.
* Several unfiltered parameters when editing flagtypes can lead to XSS.
* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
field values in tabular reports can lead to XSS.
All affected installations are encouraged to upgrade as soon as
possible.
[1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend
Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
CVE-2013-1733
CVE-2013-1734
CVE-2013-1742
CVE-2013-1743
- While I'm here, add LICENSE and NO_STAGE
Determine positions for hyphens inside words based on Text::Hyphen
WWW: http://search.cpan.org/dist/Text-Hyphen-RU/
PR: ports/180317
Submitted by: Anes Mukhametov <anes@anes.su>
Unfortunately, this also affects some ports using QT3 as a GUI toolkit.
Changes to infrastructure files:
- bsd.kde.mk : obsolete, remove
- bsd.qt.mk : note that a CONFLICTS_BUILD line can probably go after a while
- CHANGES : document the removals from bsd.port.mk
- KNOBS : remove KDE and QT (KDE4 and QT4 should be used instead)
- MOVED : add the removed ports
PR: ports/180745
Submitted by: rene
Approved by: portmgr (bapt)
Exp-run by: bapt
2012-10-20 security/py-rijndael: No more public distfiles
2012-10-20 security/pam_af: No more public distfiles
2012-10-20 security/its4: No more public distfiles
2012-10-20 russian/xcyrBGR: No more public distfiles
2012-10-20 russian/wmcyrx: No more public distfiles
2012-10-20 print/advi: No more public distfiles
2012-10-20 palm/plucker: No more public distfiles
2012-10-20 net-p2p/py-bittornado-core: Depends on the deprecated wx 2.4
2012-10-20 net-p2p/py-bittornado: Depends on the deprecated wx 2.4
2012-10-20 net-mgmt/nagios-radauth-plugin: No more public distfiles
2012-10-20 net-mgmt/nagios-check_nick: No more public distfiles
Feature safe: yes
- remove redundand PKGNAMESUFFIX (-ru) since we have already PKGNAMEPREFIX?=ru-
- use PORTVERSION and DISTNAME instead DISTVERSION so we end up with a pretty
PKGNAME and INDEX entry
Example output for bugzilla:
make -V PKGNAME
ru-bugzilla-4.0.7 (now)
ru-bugzilla-ru-4.0.7.r.201200809 (before)
The changes where done with the view to pkgNG, so users can do an easy
install/update of the package.
Approved by: skv (impicit)
- switch and force compiler to clang using the one from base on 9 and CURRENT, the one
from ports if not found in base
- now only build en_US version, all localisation are available through separated
ports.
- Graphite smart font is now used by default
- Rebundle boost to easier upgrading boost
- Rebundle mdds the one from the ports seems incompatible with clang
- Unbundle all the fonts
Thank you to jgh and Kuan-Chung Chiu <buganini@gmail.com> for testings and
feedback
Thank you to iXsystems for providing resources to build/test libreoffice
- Add USE_PHP=curl [2]
- Use files/pkg-message.in: show value of WWWDIR [2]
PR: ports/163644 [1]
Submitted by: Mihail Timofeev <9267096@gmail.com> [1]
Takefu <takefu@airport.fm> [2]
* russian/apache13
* russian/apache13-modssl
Ports have reached EXPIRATION_DATE
Approved by lev@ (maintainer) via PM.
with hat apache@
Approved by: lev@ (maintainer) via PM
Feature safe: yes
audio/shoutcast Unfetchable; website rearranged
audio/linux-shoutcast Unfetchable; website rearranged
chinese/scim-chewing Does not configure
converters/py-cjkcodecs Integrated into every python version in the tree
databases/kpogre Does not compile
deskutils/mhc Does not fetch
deskutils/org-mode.el6 Does not fetch
deskutils/gemcal Does not fetch
devel/erlang-thrift Does not build
dns/domtools Does not fetch
editors/richtext Does not compile
games/vultures-claw Does not fetch
games/bomb Does not fetch
games/lgeneral-data Bad plist
games/linux-enemyterritory-jaymod Does not fetch
games/xphotohunter Does not fetch
graphics/gimpshop Fails to patch
graphics/lightspark-devel Does not compile
graphics/xmms-plazma Does not fetch
graphics/py-cgkit Does not fetch, does not compile on ia64, powerpc, or sparc64
japanese/rxvt Does not fetch, fails to build with new utmpx
japanese/epic4 Some distfiles do not fetch
java/jde Does not fetch
java/kaffe Does not fetch
korean/gdick HTMLs from the Yahoo! Korea Dictionary cannot be parsed, other runtime problems
korean/hanterm-xf86 Does not compile
korean/stardict2-dict-kr Does not fetch
lang/p5-JavaScript Does not fetch
lang/TenDRA Website disappeared; last release 2006, Does not compile on recent FreeBSD-9
mail/freepops Does not build
mail/itraxp Does not build
misc/tellico Leaves file behind on deinstall
net/gsambad Does not fetch
net/nocatauth-gateway Uses a UID registered to another port
net/nocatauth-server Uses a UID registered to another port
net/libosip2 Does not fetch
net/kmuddy Does not fetch
net/netboot Does not build
net-mgmt/jffnms Does not fetch
net-p2p/frostwire Does not fetch
net-p2p/azureus Does not fetch
news/cleanscore Does not fetch
news/nntpswitch Does not fetch
news/p5-NewsLib Does not fetch
russian/cyrproxy Does not fetch
science/gerris Does not fetch
security/opensaml Does not fetch
sysutils/wmbattery Does not fetch
sysutils/cpuburn No more public distfiles
textproc/tei-guidelines-p4 Does not fetch
textproc/tei-p4 Does not fetch
textproc/py-hyperestraier Does not fetch
textproc/tdtd.el Does not fetch
textproc/tei-lite Does not fetch
www/phpwiki13 Does not fetch
www/p5-Apache-Scoreboard Depends on mod_perl
www/p5-B-LexInfo Broken due the new mod_perl2 API
www/phpwiki Does not fetch
www/smb2www Apache13 is deprecated, migrate to 2.2.x+ now
www/spip Checksum is changing daily
www/monkey Does not fetch
x11-toolkits/jdic Does not fetch
x11-toolkits/py-kde Does not compile
2011-08-08 russian/messarge: Has expired: Looks like an abandonware, no more public distfiles
2011-08-08 russian/pgp.language: Has expired: Looks like an abandonware, no more public distfiles
2011-08-08 security/ifd-gempc410: Has expired: Looks like an abandonware, no more public distfiles
2011-08-08 security/libidea: Has expired: Looks like an abandonware, no more public distfiles
2011-08-08 security/rain: Has expired: Looks like an abandonware, no more public distfiles
2011-08-08 sysutils/Tee: Has expired: No more public distfile
2011-08-08 sysutils/curly: Has expired: No more public distfiles
2011-08-08 sysutils/i855vidctl10: Has expired: No more public distfiles
2011-08-08 sysutils/ltrace: Has expired: Looks like an abandonware, no more public distfiles
2011-08-08 sysutils/rsyslog3-snmp: Has expired: unsupported upstream
2011-08-08 sysutils/xapply: Has expired: No more public distfiles
2011-08-08 textproc/asm2html: Has expired: Looks like an abandonware, no more public distfiles
2011-08-08 textproc/diff-mode.el: Has expired: Looks like an abandonware, no more public distfiles
2011-08-08 vietnamese/gtk-im-vi: Has expired: Looks like an abandonware, no more public distfiles
2011-08-08 www/campsite: Has expired: Does not work
2011-08-08 www/p5-PLP: Has expired: No more upstream, looks like an abandonware
2011-08-08 www/wcol: Has expired: Looks like an abandonware, no more public distfiles
2011-08-08 x11-toolkits/sdl_gui: Has expired: Looks like an abandonware, no more public distfiles
Lingua::DetectCyrillic. The package detects 7 Cyrillic codings as well as the
language - Russian or Ukrainian. Uses embedded frequency dictionaries; usually
one word is enough for correct detection.
WWW: http://search.cpan.org/dist/Lingua-DetectCyrillic/
PR: ports/157941
Submitted by: Dmitry Liakh <dliakh@ukr.net>
2010-08-31 multimedia/vlconwooztalk: wooztalk website not responding as of 20100731
2010-08-31 net-im/wooztalk: wooztalk website not responding as of 20100731
2009-12-31 russian/php_doc: Support for the Russian translation of the PHP manual seems to have stopped
2010-01-15 sysutils/ipmi-kmod: in base system since 6.2-RELEASE
2010-08-31 www/p5-Plack-Server-AnyEvent: yes
2010-08-31 www/xpi-dailymotiononwooztalk: wooztalk website not responding as of 20100731
2010-08-31 www/xpi-deezeronwooztalk: wooztalk website not responding as of 20100731
2010-08-31 www/xpi-firefoxonwooztalk: wooztalk website not responding as of 20100731
2010-08-31 www/xpi-googlevideoonwooztalk: wooztalk website not responding as of 20100731
2010-08-31 www/xpi-imeemonwooztalk: wooztalk website not responding as of 20100731
2010-08-31 www/xpi-jiwaonwooztalk: wooztalk website not responding as of 20100731
2010-08-31 www/xpi-lastfmonwooztalk: wooztalk website not responding as of 20100731
2010-08-31 www/xpi-vimeoonwooztalk: wooztalk website not responding as of 20100731
2010-08-31 www/xpi-youtubeonwooztalk: wooztalk website not responding as of 20100731
2010-07-01 x11/chameleon: No longer under development, master site disappeared years ago
one cyrillic charset to another. It is intended to be used from cgi's which
need built-in support for translations. For example, you may wish to use it in
form processor to translate from user encoding to one used by your site.
WWW: http://search.cpan.org/dist/cyrillic/
PR: ports/134332
Submitted by: Sergey Kandaurov <pluknet at gmail.com>
for FreeBSD. The official KDE 4.1.0 release notes can be found at
http://www.kde.org/announcements/4.1/.
Some note:
* Prefix
KDE4 will be install into a custom prefixes namely ${LOCALBASE}/kde4.
KDE4 and KDE3 can co-exist
* Sound
For sound to work, it is necessary to have dbus and hal enabled
in your system. Please see the respective documentation on how
to enable these.
For more Informations see the HEADS UP at ports@ and kde-freebsd@
or our wiki page http://wiki.freebsd.org/KDE4/Install.
Have fun!
It is based on the cross platform Qt gui toolkit, integrating the highly
flexible Scintilla editor control. It is designed to be usable as everdays'
quick and dirty editor as well as being usable as a professional project
management tool integrating many advanced features Python offers
the professional coder.
This is a port of eric4 (based on Qt4, development version).
WWW: http://www.die-offenbachs.de/detlev/eric.html
Also it contains example script to keep your bash.org.ru fortunes up to date.
WWW: http://bash.org.ru
PR: ports/111932
Submitted by: dindin at dindin.ru
2007-03-28 graphics/hobbes-icons-xpm: Archaic port
2007-04-10 japanese/firefox-ja: Incomplete pkg-plist
2007-04-10 japanese/lookup-xemacs: Does not install
2007-04-10 lang/linux-hla: Does not compile
2007-04-10 mail/vmailmgr: Incomplete pkg-plist
2007-04-10 multimedia/qvamps: Touches filesystem prior to 'make install'
2007-03-10 net-mgmt/sting: Broken on all supported versions of FreeBSD
2007-04-10 net-mgmt/tas: Incomplete pkg-plist
2007-04-10 net-p2p/verlihub-plugins: Does not configure, it needs at least verlihub 1.0
2007-04-10 news/inn-stable: Fails to patch
2007-04-10 palm/malsync: Does not build with new pilot-link
2007-04-10 russian/elm.language: Leaves behind files on deinstall
2007-04-10 russian/pine.language: Leaves behind config file on deinstall
2007-04-01 science/py-scipy03: Replaced by py-scipy
2007-04-10 security/php4-cryptopp: Does not compile
Image zoom gives you complete control of the size of most images displayed in
mozilla based software. Both individual images or whole pages of images can be
zoomed.
WWW: http://imagezoom.yellowgorilla.net/
russian/xpi-imagezoom is obsolete now that www/xpi-imagezoom comes with russian
locale bundled.
PR: ports/101584
Submitted by: Alexander V. Ribchansky <triosoft@triosoft.com.ua>
Russian version of Tabbrowsing Extensions for Firefox.
This is an extension for extending operations of tabbed browsing, e.g., tabs
become re-ordable by drag and drop, show tabs like a tree, and so on.
PR: ports/97778
Submitted by: Alexander V. Ribchansky <triosoft@triosoft.com.ua>
