release can be found at http://library.gnome.org/misc/release-notes/2.28/ .
Officially, this is mostly a polishing release in preparation for GNOME 3.0
due in about a year.
On the FreeBSD front, though, a lot went into this release. Major thanks
goes to kwm and avl who did a lot of the porting work for this release.
In particular, kwm brought in Evolution MAPI support for better Microsoft
Exchange integration. Avl made sure that the new gobject introspection
repository ports were nicely compartmentalized so that large dependencies
aren't brought in wholesale.
But, every GNOME team member (ahze, avl, bland, kwm, mezz, and myself)
contributed to this release.
Other major improvements include an updated HAL with better volume
probing code, ufsid integration, and support for volume names containing
spaces (big thanks to J.R. Oldroyd); a new WebKit; updated AbiWord;
an updated Gimp; and a preview of the new GNOME Shell project (thanks to
Pawel Worach).
The FreeBSD GNOME Team would like to that the following additional
contributors to this release whose patches and testing really helped
make it a success:
Andrius Morkunas
Dominique Goncalves
Eric L. Chen
J.R. Oldroyd
Joseph S. Atkinson
Li
Pawel Worach
Romain Tartière
Thomas Vogt
Yasuda Keisuke
Rui Paulo
Martin Wilke
(and an extra shout out to miwi and pav for pointyhat runs)
We would like to send this release out to Alexander Loginov (avl) in
hopes that he feels better soon.
PR: 136676
136967
138872 (obsolete with new epiphany-webkit)
139160
134737
139941
140097
140838
140929
Ark input sanitization errors:
The KDE archiving tool, Ark, performs insufficient validation
which leads to specially crafted archive files, using unknown
MIME types, to be rendered using a KHTML instance, this can
trigger uncontrolled XMLHTTPRequests to remote sites.
IO Slaves input sanitization errors:
KDE protocol handlers perform insufficient input validation, an
attacker can craft malicious URI that would trigger JavaScript
execution. Additionally the 'help://' protocol handler suffer
from directory traversal. It should be noted that the scope of
this issue is limited as the malicious URIs cannot be embedded
in Internet hosted content.
KMail input sanitization errors:
The KDE mail client, KMail, performs insufficient validation which
leads to specially crafted email attachments, using unknown MIME
types, to be rendered using a KHTML instance, this can trigger
uncontrolled XMLHTTPRequests to remote sites.
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> (based on)
Approved by: secteam (myself), portmgr
Security: http://www.vuxml.org/freebsd/6f358f5a-c7ea-11de-a9f3-0030843d3802.html
- Pass maintainership to submitter
note:
x11/slim, does not setlogin(). Some software use getlogin()
to decide the user name, so when user is using slim as the
login manager, those software would get wrong results, and
some programs refuse to start
PR: 139594
Submitted by: Henry Hu <henry.hu.sh@gmail.com>
Approved by: maintainer
numerous "issues" over the last couple of years, and the most recent
incarnation has no source tarball available for download. Additionally,
the "Linux" version of the code is not currently maintained, and some
of the features do not work.
- Register CONFLICTS with number of Linux DRI ports [2]
- Improve grammar in comment while here
PRs: ports/138598 [1], ports/135322 [2]
Reviewed by: bsam [2]
Feature safe: yes
