- Remove header from Makefiles.
This release contains a number of important bug fixes to 2.5.0 and we
recommend everybody to update. Release notes can be found in the
official announcement:
http://www.calligra.org/news/calligra-2-5-1-released
coming to the ports tree after a short testing period which showed it
to be quite stable.
For the productivity part of the suite (word processor, spreadsheet,
and presentation program) the target user of version 2.5 is still the
student or academic user. This version has a number of new features
that will make it more suitable for these users.
The artistic applications of the Calligra Suite are the most mature
ones and are already used by professional users everywhere.
As usual, detailed release notes can be found in the official
announcement:
http://www.calligra.org/news/calligra-2-5-released
Meanwhile, new translations were added:
- editors/calligra-l10n-gl (Gallegan)
- Use system mdds.
- Fix build with the recent Clang (CURRENT).
- Enable visibility for recent Clang (9.1 and CURRENT).
- Attempt to fix build on 7.x and 8.x (not tested).
- remove redundand PKGNAMESUFFIX (-ru) since we have already PKGNAMEPREFIX?=ru-
- use PORTVERSION and DISTNAME instead DISTVERSION so we end up with a pretty
PKGNAME and INDEX entry
Example output for bugzilla:
make -V PKGNAME
ru-bugzilla-4.0.7 (now)
ru-bugzilla-ru-4.0.7.r.201200809 (before)
The changes where done with the view to pkgNG, so users can do an easy
install/update of the package.
Approved by: skv (impicit)
- switch and force compiler to clang using the one from base on 9 and CURRENT, the one
from ports if not found in base
- now only build en_US version, all localisation are available through separated
ports.
- Graphite smart font is now used by default
- Rebundle boost to easier upgrading boost
- Rebundle mdds the one from the ports seems incompatible with clang
- Unbundle all the fonts
Thank you to jgh and Kuan-Chung Chiu <buganini@gmail.com> for testings and
feedback
Thank you to iXsystems for providing resources to build/test libreoffice
Vulnerability Details
=====================
Class: Cross-Site Request Forgery
Versions: 4.0.2 to 4.0.4, 4.1.1 to 4.2rc2
Fixed In: 4.0.5, 4.2
Description: Due to a lack of validation of the enctype form
attribute when making POST requests to xmlrpc.cgi,
a possible CSRF vulnerability was discovered. If a user
visits an HTML page with some malicious HTML code in it,
an attacker could make changes to a remote Bugzilla installation
on behalf of the victim's account by using the XML-RPC API
on a site running mod_perl. Sites running under mod_cgi
are not affected. Also the user would have had to be
already logged in to the target site for the vulnerability
to work.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=725663
CVE Number: CVE-2012-0453
Approved by: skv (implicit)
- Add USE_PHP=curl [2]
- Use files/pkg-message.in: show value of WWWDIR [2]
PR: ports/163644 [1]
Submitted by: Mihail Timofeev <9267096@gmail.com> [1]
Takefu <takefu@airport.fm> [2]
* russian/apache13
* russian/apache13-modssl
Ports have reached EXPIRATION_DATE
Approved by lev@ (maintainer) via PM.
with hat apache@
Approved by: lev@ (maintainer) via PM
Feature safe: yes
* There are no patches from upstream and already existing
exploids in the wild.
- ru-apache13 ports have long outstanding issues and are far
behind last apache13 patches.
with hat apache@
Feature safe: yes