and marked as CVE-2009-583 and CVE-2009-584:
CVE-2009-583:
Multiple integer overflows in icc.c in the International Color
Consortium (ICC) Format library (aka icclib), as used in
Ghostscript 8.64 and earlier and Argyll Color Management
System (CMS) 1.0.3 and earlier, allow context-dependent
attackers to cause a denial of service (heap-based buffer
overflow and application crash) or possibly execute arbitrary
code by using a device file for a translation request that
operates on a crafted image file and targets a certain "native
color space," related to an ICC profile in a (1) PostScript
or (2) PDF file with embedded images.
CVE-2009-584:
icc.c in the International Color Consortium (ICC) Format
library (aka icclib), as used in Ghostscript 8.64 and earlier
and Argyll Color Management System (CMS) 1.0.3 and earlier,
allows context-dependent attackers to cause a denial of
service (application crash) or possibly execute arbitrary code
by using a device file for processing a crafted image file
associated with large integer values for certain sizes, related
to an ICC profile in a (1) PostScript or (2) PDF file with
embedded images.
Security: CVE-2009-583
Security: CVE-2009-584
Approved by: portmgr (pav)
Note:
An integer overflow error within the "cff_charset_compute_cids()"
function in cff/cffload.c can be exploited to potentially cause
a heap-based buffer overflow via a specially crafted font.
Multiple integer overflow errors within validation functions in
sfnt/ttcmap.c can be exploited to bypass length validations and
potentially cause buffer overflows via specially crafted fonts.
An integer overflow error within the "ft_smooth_render_generic()"
function in smooth/ftsmooth.c can be exploited to potentially cause
a heap-based buffer overflow via a specially crafted font.
Approved by: portmgr (pav)
Obtained from: freetype git repo
Security: http://www.vuxml.org/freebsd/20b4f284-2bfc-11de-bdeb-0030843d3802.html
- Fix devel/cil build with 3.11.0 by using proper object file name
- Fix devel/deputy build with 3.11.0 by using proper object file name
- Fix lang/mtasc. Ocamlp4 syntax has changed and usage of ';' as delimiters
is not allowed now.
- Fix usage message in lang/mtasc.
- Implement a FreeBSD specific code for retriving the executable path in lang/mtasc.
- Update devel/omake to 0.9.8.5.
- Fix devel/omake compilation with 3.11 by dropping an unused reference from the code.
- Fix www/geneweb build with 3.11 by not emitting errors for warnings.
- Fix print/advi build. [2]
- Update lang/cduce to 0.5.3 (this fixes build with ocaml 3.11.0).
PR: ports/130845 [1] [2] (based on)
Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp> [1],
Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> [2]
http://library.gnome.org/misc/release-notes/2.26/ for a list of what's new.
On the FreeBSD front, we introduced a port of libxul 1.9 as an alternative
for Firefox 2.0 as a Gecko provider. Almost all of the Gecko consumers
can make use of this provider by setting:
WITH_GECKO=libxul
The GNOME 2.26 port was done by ahze, kwm, marcus, and mezz with
contributions by Joseph S. Atkinson, Peter Wemm, Eric L. Chen,
Martin Matuska, Craig Butler, and Pawel Worach.
remove x-generate-plist and friends
- use RF macro and remove SUBDIR where possible
- remove some uneeded GEM_NAME=${DISTNAME}
(this c/should be handled better in bsd.*.mk)
other deltas specific to individual ports:
audio/rubygem-mp3info - unbreak, fix packaging, bump PORTREVISION
devel/rubygem-rapt - adopt
devel/rubygem-rspec - remove BUILD_DEPENDS=RUN_DEPENDS -- neither set
devel/rubygem-ruby2ruby - add #' for vim highlight
graphics/rubygem-extifr - drop PORTREVISION=0
graphics/rubygem-gd2 - add #' for vim highlight
www/rubygem-rubyfulsoup - swap GEM_NAME / DISTNAME for constistency
Sponsored by: RideCharge Inc.
Tested on: RideCharge's Tinderbox
Reviewed by: stas
- Improvements to overprint and spot color support in documents with
transparency, improvements to PDF and PS output, proper handling of
PDF-specific text rendering modes and support for reading
AES-encrypted PDF documents.
- Improved handling of CJK text, especially in vertical writing modes.
- Improved memory footprint processing some files at high resolution.
- The handling of color spaces has been moved from PostScript code to
C.
- A number of the included printer drivers and cups wrappers have been
updated to support a PDF-based workflow. Also fixed are several
long-standing bugs in the pcl drivers with respect to duplex,
resolution and paper tray selection.
both current (fc4) and future linux (f8) distributions at one
ports tree.
The patch contains full changes to ports/Mk files and all ports involved.
But only infrastructure is changed. The resulting packages are the same as
before. Hence no need to bump PORTREVISIONs.
The idea was taken from bsd.gnome.mk and others.
More than 130 ports are switched to follow a new linux infrastructure
introduced by changes to bsd.port.mk, bsd.linux-rpm.mk and a new
bsd.linux-apps.mk.
Thanks for all who was involved and helped me with this work.
And help from Alexander Leidinger was incredible.
Other changes are coming. Stay tuned!
PR: ports/132510
Submitted by: bsam (me)
Exp-run by: portmgr (pav)
It has graphics primitives that allow lines, circles and boxes to be drawn.
WWW: http://search.cpan.org/dist/PostScript/
PR: ports/131990
Submitted by: Fernan Aguero <fernan.aguero at gmail.com>
yet to hit the ports tree. However, some people have already started
using LyX-1.6.x on other systems and 1.5.7 is required for upward
compatibility with 1.6. So, here we are -- unfortunately, with teTeX
things like unusual paper-sizes are likely to come out wrong.
As soon as TeXLive is available, I'll upgrade the sibling-port print/lyx
from 1.4.x to 1.6.x directly.
2009-02-01 devel/subversion-devel: Use devel/subversion or devel/subversion-freebsd instead of this port
2009-01-19 devel/hs-hat: has been broken for more than 6 months
2009-01-19 devel/hs-hpl: has been broken for more than 6 months
2009-01-19 databases/mysqlbigram: has been broken for more than 6 months
2009-01-19 mail/claws-mail-clamav: has been broken for more than 6 months
2009-01-19 mail/sylpheed2-devel: has been broken for more than 6 months
2009-01-19 www/pecl-mnogosearch: has been broken for more than 6 months
2009-01-31 x11-fonts/mathfonts: This port was supported by Mozilla 1.8 (including Firefox 2.0) - to be replaced by STIX fonts for Firefox 3.x
2009-01-19 x11-wm/fluxspace: has been broken for more than 6 months
2009-01-31 x11-wm/expocity: project has been abandoned
2009-01-19 x11/bbuname: has been broken for more than 6 months
2009-01-19 security/squidclam: has been broken for more than 6 months
2009-01-19 print/virtualpaper: depends on broken, expired port
2009-01-19 print/ifhp: has been broken for more than 6 months
2009-01-19 net-p2p/peercast: has been forbidden for more than 6 months
2009-01-19 palm/pdbc: has been broken for more than 6 months
2009-01-19 net-mgmt/NeTraMet: has been broken for more than 6 months
2009-01-19 net-im/sulci: has been broken for more than 6 months
2009-01-19 multimedia/mjpegtools-yuvfilters: has been broken for more than 6 months
2009-01-19 multimedia/helixplayer: has been broken for more than 6 months
2009-01-19 lang/quack: has been broken for more than 6 months
2009-01-19 misc/pybliographer: has been broken for more than 6 months
2009-01-19 net/versuch: has been broken for more than 6 months
2009-01-19 net/py-mantissa: has been broken for more than 6 months
2009-01-19 net/libunpipc: has been broken for more than 6 months
2009-01-19 net/gnometelnet: has been broken for more than 6 months
2009-01-19 net/gacxtool: depends on expired, broken port
2009-01-19 devel/py-coro: has been broken for more than 6 months
2009-01-19 chinese/stardict2-dict-zh_TW: has been broken for more than 6 months
2009-01-19 x11-themes/gtk-industrial-theme: has been broken for more than 6 months
- Bump PORTREVISION for all ports depending on libglut since the shlib
version number went from 4 to 3.
- Bump PORTREVISION for all ports depending on libXaw as libXaw.so.8 isn't
installed anymore.
- Couple of ports fixes (mostly missing xorg components added to USE_XORG).
pkipplib is a Python library which can prepare IPP requests with the
help of a somewhat high level API. These requests can then be sent to
an IPP printer or print server (e.g. CUPS). This library can also parse
IPP answers received, and create high level Python objects from them.
WWW: http://www.pykota.com/software/pkipplib/
See http://library.gnome.org/misc/release-notes/2.24/ for the general
release notes. On the FreeBSD front, this release introduces Fuse support
in HAL, adds multi-CPU support to libgtop, WebKit updates, and fixes some
long-standing seahorse and gnome-keyring bugs. The documentation updates
to the website are forthcoming.
This release features commits by adamw, ahze, kwm, mezz, and myself. It would
not have been possible without are contributors and testers:
Alexander Loginov
Craig Butler [1]
Dmitry Marakasov [6]
Eric L. Chen
Joseph S. Atkinson
Kris Moore
Lapo Luchini [7]
Nikos Ntarmos
Pawel Worach
Romain Tartiere
TAOKA Fumiyoshi [3]
Yasuda Keisuke
Zyl
aZ [4]
bf [2] [5]
Florent Thoumie
Peter Wemm
pluknet
PR: 125857 [1]
126993 [2]
130031 [3]
127399 [4]
127661 [5]
124302 [6]
129570 [7]
129936
123790
- Correct the path of snmp (lib -> libexec).
- Do not comment out the debugprint or it crashes when try to add printer from
samba.
Approved by: ahze (maintainer)
This can be exploited to crash the service by sending specially crafted
requests to the default port 2207/TCP.
PR: 129097
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Approved by: maintainer
Security: http://www.vuxml.org/freebsd/37940643-be1b-11dd-a578-0030843d3802.html
PDF documents to the screen using Java2D.
Some features:
* view PDFs in your own app
* print-preview before exporting PDF files
* render PDFs to PNGs in a server-side web application
* view PDFs in a 3D scene
* draw on top of PDFs and annotate them in a networked viewer
WWW: https://pdf-renderer.dev.java.net/
libHaru library. libHaru is a free, cross platform,
and Open Source library for generating PDF files.
WWW: http://pecl.php.net/package/haru/
PR: ports/129033
Submitted by: Wen Heping <wenheping at gmail.com>
environments. They make it possible to have a tabular that spans multiple
pages. Each page is its own tabular environment, thus the various parts may
have different widths.
WWW: http://www.ctan.org/tex-archive/macros/latex/contrib/supertabular/
PR: ports/126673
Submitted by: Jorge Niedbalski <niedbalski@gmail.com>
LaTeX files. It translates text formatting, tables, figures, and equations.
The resulting LaTeX files are quite readable and suitable for editing.
WWW: http://sourceforge.net/project/showfiles.php?group_id=22324
PR: ports/128041
Submitted by: Martin Dieringer <martin.dieringer at gmx.de>
with the long term goal of providing a suitable
replacement for PDF::Writer. It is being developed
under the auspices of the Ruby Mendicant project
with copious help from a number of mighty fine
contributors.
WWW: http://rubyforge.org/projects/prawn/
PR: ports/128455
Submitted by: wenheping at gmail.com
|Approximately 238 bugs have been fixed since version 8.62. Of particular note
|are robustness and performance improvements with large files, invalid PDF, and
|font handling.
|
|The major new feature of this release is multithreaded rendering. This can be
|requested by passing -dNumRenderingThreads=n on the command line. The input
|document is first parsed, and then each page is split into n bands which are
|rendered concurrently. This can provide a significant reduction in processing
|time on multi-core systems.
|
|Images are now always interpolated in their source colorspace. This improves
|correctness for XPS documents and avoids bypassing the custom color management
|callbacks for interpolated images. Interpolation and color management are both
|expensive operations, so this affects performance with large images. The effect
|can be positive or negative depending on the file and the target resolution. If
|performance is a problem, we suggest running with -dNOINTERPOLATION.
|
|Support for OpenPrinting Vector devices has been upgraded to version 1.0.
|
|There are two new devices in this release, both experimental. Behdad Esfahbod
|has contributed a cairo output device which uses the cairo graphics library to
|generate PDF, SVG, EPS, or PNG files, based on the requested filename
|extension. The svgwrite device directly outputs Scalable Vector Graphics, the
|W3C XML vector graphics format. Both support only vector art at this point;
|text and images will not be represented efficiently.
|
|Incompatible changes
|
|The maximum number of color components has been reduced to 8 (from 252) as a
|performance improvement. Eight is the largest number commonly used and the
|largest number for which we support continuous tone images. Users with special
|needs can restore the previous behavior by setting the
|GS_CLIENT_COLOR_MAX_COMPONENTS preprocessor symbol to the required number of
|components at compile time.
|
|The -Z: debugging option now uses 'realtime' instead of 'usertime' when
|reporting timing information on unix-like systems. This has always been the
|case on windows-like systems.
|
|Obsolete makefiles for the DesqView environment have been removed.
the \ifxetex boolean for testing whether the TeX-variant
XeTeX is being used for typesetting.
Also provides the \RequireXeTeX command which throws
an error if XeTeX is not the engine in use.
WWW: http://www.ctan.org/tex-archive/macros/generic/ifxetex/
PR: ports/127607
Submitted by: Martin Dieringer <martin.dieringer@gmx.de>
following way:
print/ghostscript-gnu -> print/ghostscript7
print/ghostscript-gnu-nox11 -> print/ghostscript7-nox11
print/ghostscript-gnu-commfont -> print/ghostscript7-commfont
print/ghostscript-gpl -> print/ghostscript8
print/ghostscript-gpl-nox11 -> print/ghostscript8-nox11
japanese/ghostscript-gnu-jpnfont -> print/ghostscript7-jpnfont
korean/ghostscript-gnu-korfont -> print/ghostscript7-korfont
* USE_GHOSTSCRIPT now supports a version number which the port
requires. The valid value is "7" or "8". If other value is
specified, value of WITH_GHOSTSCRIPT_VER is used.
* WITH_GHOSTSCRIPT_GNU has been removed in favor of
WITH_GHOSTSCRIPT_VER. The valid value of WITH_GHOSTSCRIPT_VER is
"7" or "8", and the default value is "8".
Approved by: portmgr (pav)
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.
To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.
To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.
Changes to Mk/*:
- Add runtime detection magic in bsd.port.mk
- Remove CONFIGURE_TARGET hack in various bsd.*.mk
- USE_GNOME=gnometarget is now an no-op
Changes to individual ports, other than removing the CONFIGURE_TARGET hack:
= pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables)
- comms/gnuradio
- science/abinit
- science/elmer-fem
- science/elmer-matc
- science/elmer-meshgen2d
- science/elmerfront
- science/elmerpost
= use x86_64 as ARCH
- devel/g-wrap
= other changes
- print/magicfilter
GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf
Total # of ports modified: 1,027
Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes)
PR: 126524 (obsoletes 52917)
Submitted by: rafan
Tested on: two pointyhat 7-amd64 exp runs (by pav)
Approved by: portmgr (pav)
| A critical vulnerability has been identified in Adobe Reader and
| Acrobat 8.1.2. This vulnerability would cause the application to
| crash and could potentially allow an attacker to take control of
| the affected system.
Security: CVE-2008-2641
Security: CVE-2008-0883
Security: http://www.adobe.com/support/security/bulletins/apsb08-15.html
- Font locking has been improved significantly. It is now less
prone to color bleeding which could lead to high resource
usage. In addition it now includes information about LaTeX
macro syntax and can indicate syntactically incorrect macros in
LaTeX mode.
- The license was updated to GPLv3.
- Support for the nomencl, flashcards and comment LaTeX packages
as well as the Icelandic language option of babel were added.
- Support for folding of math macros was added.
- Lots of minor bugs in features and documentation were fixed.
- IMPORTANT: Many of the new features in the 11.x series rely on
special properties in the variable `TeX-command-list' and will
not work if you customized this variable for a pre-11.5x
release of AUCTeX. If this is the case for you, please
re-initialize the variable by erasing the customization,
thereby setting the variable to the new default, and re-adding
your changes afterwards.
PR: ports/125737
interpreter for the PostScript page description language used by
laser printers.) For documents following the Adobe PostScript Document
Structuring Conventions, GSview allows selected pages to be viewed or
printed. Features include:
* Display and print PostScript and PDF files.
* View pages in arbitrary order (Next, Previous, Goto).
* Page size and Orientation are automatically selected from DSC
comments or can be selected using the menu.
* Print selected pages using Ghostscript.
* Convert pages to bitmap, PDF or PostScript.
* Selectable display resolution, depth, alpha.
* Single button zoom.
* Extract selected pages to another file.
* Copy display bitmap to clipboard, and save clipboard bitmap as BMP file.
* Add bitmap or user preview to EPS file (Interchange, TIFF or Windows
Metafile)
* Graphically select and show bounding box for EPS file.
* Extract bitmap preview or PostScript from DOS EPS file.
* Extract text or search for text.
* Can read gzip and bzip2 compressed PostScript and PDF files.
* On-line help.
* English, Catalan, Dutch, French, German, Greek, Italian, Russian,
Slovak, Spanish and Swedish languages.
PR: ports/125602
Submitted by: bf <bf2006a at yahoo.com>
- ${RUBY_SITEARCHLIBDIR} -> ${RUBY_SITEARCHLIBDIR:S/${PREFIX}/${LOCALBASE}/}
in the *_DEPENDS, that way it will finding correct file when I tweak the
PREFIX.
- NOPORTDOCS -> NOPORTEXAMPLES on example/demo/test files.
merely pick up and help him. Thanks to many testers in both private and
mailing list emails for report a few of build and dependencies problems.
Also, thanks to marcus and Chess Griffin for test in their tinderboxes.
x11/pixman: Update to 0.10.0
-------------------------------------------------------
Firefox 3 needs it. Orignal, the shared library was bumped and ahze has
added a new feature in our USE_GNOME=ltverhack by can control the number
of shared library. To control the number of shared library, add the
ltverhack:N. Right now pixman has USE_GNOME=ltverhack:9 to make it stays
same at libpixman-1.so.9. If anyone want to use ltverhack:N in one of your
port, you need to make sure the ABI doesn't change to use it..
-------------------------------------------------------
graphics/cairo: Update to 1.6.4
-------------------------------------------------------
Firefox 3 needs it. We have updated most cairo binding ports too.
-------------------------------------------------------
graphics/poppler: Update to 0.8.3
-------------------------------------------------------
The shared libraries version have been changed. All ports that depend on
poppler have PORTREVISION bump. The graphics/py-poppler has been updated
to 0.8.1 to work with newer poppler better. As for the poppler-qt, there
is no shared library version change.
-------------------------------------------------------
www/firefox3 and gecko ports related: Update to 3.0 final
-------------------------------------------------------
The bsd.gecko.mk has been moved from www/mozilla/ to Mk/. You no longer
need to include bsd.gecko.mk/Makefile.common by manual. We are keeping it
in backward compatibility, so the rest ports won't be break. We haven't
add some other ports to have Firefox 3 support yet, so feel free to send
us patch or commit it by yourself (to committers). However, view in
bsd.gecko.mk for document.
-------------------------------------------------------
Approved by: portmgr (marcus)
- Use OPTIONS for driver selection.
- Split driver-specific procedure into files/Makefile.*
- Use configure script and Makefile.in.
- Fix installation directory of document files.
