protocol, BJNP. This backend is based on reverse engineering using
TCP/IP. It can be used with CUPS 1.2 and 1.3. This backend allows Cups
to connect over the network to a Canon printers
WWW: http://cups-bjnp.sourceforge.net/
PR: ports/134075
Submitted by: Stephen Hurd <shurd@sasktel.net>
Currently it contains two subpackages:
* yapbib: Yet Another Python BIBliography manager tool,
mainly for Bibtex files.
* query_ads: A simple python tool that permits to query
Harvard Database
WWW: http://cabcat2.cnea.gov.ar/staff/fiol/biblio-py.html
PR: ports/134418
Submitted by: Wen Heping <wenheping at gmail.com>
- CVE-2009-1492
The getAnnots Doc method in the JavaScript API in Adobe Reader
and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote
attackers to cause a denial of service (memory corruption) or
execute arbitrary code via a PDF file that contains an
annotation, and has an OpenAction entry with JavaScript code
that calls this method with crafted integer arguments.
- CVE-2009-1493
The customDictionaryOpen spell method in the JavaScript API in
Adobe Reader 8.1.4 and 9.1 on Linux allows remote attackers to
cause a denial of service (memory corruption) or execute
arbitrary code via a PDF file that triggers a call to this
method with a long string in the second argument.
Security: CVE-2009-1492
Security: CVE-2009-1493
Security: http://www.adobe.com/support/security/bulletins/apsb09-06.html
- CVE-2009-1492
The getAnnots Doc method in the JavaScript API in Adobe Reader
and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote
attackers to cause a denial of service (memory corruption) or
execute arbitrary code via a PDF file that contains an
annotation, and has an OpenAction entry with JavaScript code
that calls this method with crafted integer arguments.
- CVE-2009-1493
The customDictionaryOpen spell method in the JavaScript API in
Adobe Reader 8.1.4 and 9.1 on Linux allows remote attackers to
cause a denial of service (memory corruption) or execute
arbitrary code via a PDF file that triggers a call to this
method with a long string in the second argument.
Security: CVE-2009-1492
Security: CVE-2009-1493
Security: http://www.adobe.com/support/security/bulletins/apsb09-06.html
See original release announcement for details:
http://kde.org/announcements/announce-4.2.3.php
New ports:
devel/kdebindings4:
Meta port of KDE bindings for C#, Java, PHP, Python and Ruby.
Currently only Python bindings are supported.
devel/kdebindings4-python, devel/kdebindings4-python-krosspython,
devel/kdebindings4-python-pykde4:
Python bindings for KDE.
print/kdeutils4-printer-applet:
printer-applet is a system tray utility. It shows current print jobs,
shows printer warnings and errors and shows when printers that have
been plugged in for the first time are being auto-configured by
hal-cups-utils. It replaces kjobviewer in KDE 3.
print/system-config-printer-kde
A port of Gnome system-config-printer to KDE.
all kind of different files (odt, ods, png, svg, ...). Adding support
for more filetype is easy: you just have to create a plugin for this.
relatorio also provides a report repository allowing you to link python
objects and report together, find reports by mimetypes/name/python
objects.
WWW: http://relatorio.openhex.org/
PR: ports/133958
Submitted by: Wen Heping <wenheping at gmail.com>
and marked as CVE-2009-583 and CVE-2009-584:
CVE-2009-583:
Multiple integer overflows in icc.c in the International Color
Consortium (ICC) Format library (aka icclib), as used in
Ghostscript 8.64 and earlier and Argyll Color Management
System (CMS) 1.0.3 and earlier, allow context-dependent
attackers to cause a denial of service (heap-based buffer
overflow and application crash) or possibly execute arbitrary
code by using a device file for a translation request that
operates on a crafted image file and targets a certain "native
color space," related to an ICC profile in a (1) PostScript
or (2) PDF file with embedded images.
CVE-2009-584:
icc.c in the International Color Consortium (ICC) Format
library (aka icclib), as used in Ghostscript 8.64 and earlier
and Argyll Color Management System (CMS) 1.0.3 and earlier,
allows context-dependent attackers to cause a denial of
service (application crash) or possibly execute arbitrary code
by using a device file for processing a crafted image file
associated with large integer values for certain sizes, related
to an ICC profile in a (1) PostScript or (2) PDF file with
embedded images.
Security: CVE-2009-583
Security: CVE-2009-584
Approved by: portmgr (pav)
Note:
An integer overflow error within the "cff_charset_compute_cids()"
function in cff/cffload.c can be exploited to potentially cause
a heap-based buffer overflow via a specially crafted font.
Multiple integer overflow errors within validation functions in
sfnt/ttcmap.c can be exploited to bypass length validations and
potentially cause buffer overflows via specially crafted fonts.
An integer overflow error within the "ft_smooth_render_generic()"
function in smooth/ftsmooth.c can be exploited to potentially cause
a heap-based buffer overflow via a specially crafted font.
Approved by: portmgr (pav)
Obtained from: freetype git repo
Security: http://www.vuxml.org/freebsd/20b4f284-2bfc-11de-bdeb-0030843d3802.html
- Fix devel/cil build with 3.11.0 by using proper object file name
- Fix devel/deputy build with 3.11.0 by using proper object file name
- Fix lang/mtasc. Ocamlp4 syntax has changed and usage of ';' as delimiters
is not allowed now.
- Fix usage message in lang/mtasc.
- Implement a FreeBSD specific code for retriving the executable path in lang/mtasc.
- Update devel/omake to 0.9.8.5.
- Fix devel/omake compilation with 3.11 by dropping an unused reference from the code.
- Fix www/geneweb build with 3.11 by not emitting errors for warnings.
- Fix print/advi build. [2]
- Update lang/cduce to 0.5.3 (this fixes build with ocaml 3.11.0).
PR: ports/130845 [1] [2] (based on)
Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp> [1],
Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> [2]
http://library.gnome.org/misc/release-notes/2.26/ for a list of what's new.
On the FreeBSD front, we introduced a port of libxul 1.9 as an alternative
for Firefox 2.0 as a Gecko provider. Almost all of the Gecko consumers
can make use of this provider by setting:
WITH_GECKO=libxul
The GNOME 2.26 port was done by ahze, kwm, marcus, and mezz with
contributions by Joseph S. Atkinson, Peter Wemm, Eric L. Chen,
Martin Matuska, Craig Butler, and Pawel Worach.
remove x-generate-plist and friends
- use RF macro and remove SUBDIR where possible
- remove some uneeded GEM_NAME=${DISTNAME}
(this c/should be handled better in bsd.*.mk)
other deltas specific to individual ports:
audio/rubygem-mp3info - unbreak, fix packaging, bump PORTREVISION
devel/rubygem-rapt - adopt
devel/rubygem-rspec - remove BUILD_DEPENDS=RUN_DEPENDS -- neither set
devel/rubygem-ruby2ruby - add #' for vim highlight
graphics/rubygem-extifr - drop PORTREVISION=0
graphics/rubygem-gd2 - add #' for vim highlight
www/rubygem-rubyfulsoup - swap GEM_NAME / DISTNAME for constistency
Sponsored by: RideCharge Inc.
Tested on: RideCharge's Tinderbox
Reviewed by: stas
