- Switched to automake 1.11.6, see CVE-2012-3386.
- #14669: Fixed extraction of CC from gmp.h.
- Fixed case of intermediate zero real or imaginary part in mpc_fma,
found by hydra with GMP_CHECK_RANDOMIZE=1346362345.
This is on top of the following changes from version 1.0
- Licence change towards LGPLv3+ for the code and GFDLv1.3+ (with no
invariant sections) for the documentation.
- 100% of all lines are covered by tests
- Renamed functions
. mpc_mul_2exp to mpc_mul_2ui
. mpc_div_2exp to mpc_div_2ui
- 0^0, which returned (NaN,NaN) previously, now returns (1,+0).
- Removed compatibility with K&R compilers, which was untestable due
to lack of such compilers.
- New functions
. mpc_log10
. mpc_mul_2si, mpc_div_2si
- Speed-ups
. mpc_fma
- Bug fixes
. mpc_div and mpc_norm now return a value indicating the effective
rounding direction, as the other functions.
. mpc_mul, mpc_sqr and mpc_norm now return correct results even if
there are over- or underflows during the computation.
. mpc_asin, mpc_proj, mpc_sqr: Wrong result when input variable has
infinite part and equals output variable is corrected.
. mpc_fr_sub: Wrong return value for imaginary part is corrected.
Convert to the new LIB_DEPENDS standard and remove hard-coded
.so versions from a couple of dependent ports.
Bump PORTREVISIONS of all dependent ports.
PR: 183141
Approved by: portmgr (bdrewery)
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.
* A CSRF vulnerability in attachment.cgi can lead to an attachment
being edited without the user consent.
* Several unfiltered parameters when editing flagtypes can lead to XSS.
* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
field values in tabular reports can lead to XSS.
All affected installations are encouraged to upgrade as soon as
possible.
[1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend
Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
CVE-2013-1733
CVE-2013-1734
CVE-2013-1742
CVE-2013-1743
Unfortunately, this also affects some ports using QT3 as a GUI toolkit.
Changes to infrastructure files:
- bsd.kde.mk : obsolete, remove
- bsd.qt.mk : note that a CONFLICTS_BUILD line can probably go after a while
- CHANGES : document the removals from bsd.port.mk
- KNOBS : remove KDE and QT (KDE4 and QT4 should be used instead)
- MOVED : add the removed ports
PR: ports/180745
Submitted by: rene
Approved by: portmgr (bapt)
Exp-run by: bapt
- Remove an entry from all plists that slipped under radar and made
packaging fail.
- Properly save the OPTIONS defined by the user in the l10n ports. [1]
Quoting bapt, master of all things ports:
That is because misc/kde4-l10n/files/bsd.l10n.mk is totally wrong it does
...
.include <bsd.port.pre.mk>
...
.include <bsd.port.options.mk>
...
.include <bsd.port.post.mk>
First the right order in that case should be:
...
.include <bsd.port.options.mk>
...
.include <bsd.port.pre.mk>
...
.include <bsd.port.post.mk>
Second in that case (kde) the pre.mk/post.mk can be removed just keeping
the options.mk and given that we now have the helpers options.mk can also
be removed.
The check for variables in OPTIONS_DEFINE is also useless (already done
by the framework) defining OPTIONS_DEFINE and OPTIONS_DEFAULT to some
empty values is also useless.
No PORTREVISION bump because the generated packages do not change regardless
of the changes/fixes in behavior here.
Reported by: avg [1]
Submitted by: bapt [1]
- Change pkgconfig:build to pkgconfig since it's the same and it's bad practice.
It accidentally slipped in during the original introduction
- Trim header
Proudly brought to you by the KDE on FreeBSD team. We're sorry to ship two
KDE updates in just a few days, but the work on 4.10.5 was very light
compared to 4.10.4 so it was ready much faster.
The release announcement can be found in [1].
[1] http://www.kde.org/announcements/announce-4.10.5.php
The biggest news for us on FreeBSD is that the Ruby bindings should work
with Ruby 1.9 now.
I will probably add a note to UPDATING later about this, but as avilla@
pointed out, the clang support we mentioned that was improved in 4.10.4
requires a rebuild of the ports that depend on kdelibs4. Most of them are
covered by this update, but those which are not part of the Software
Compilation need to be rebuilt manually to make sure the previous issues
(proper symbol visibility being the most annoying of them) are solved.
