- Fix unsafe handling of local variables iin hack-local-variables
(CVE-2007-5795).
- Prevent symlink attack on arbitrary files using the temp files vcdiff
generates (CVE-2008-1694).
(1) Get rid of "nox11" -- the concept of "no" in package options is
expressed by negating an option; use "-x11" instead.
(2) Teach editors/emacs20 to use package options instead of EMACS_USE_POP,
EMACS_USE_X, EMACS_USE_X_TOOLKIT and USE_INET6. We now use similar
options as the other emacs packages, i.e. "x11", "motif", "xaw",
as well as "pop" and "inet6".
(3) Make the emacs*-nox11 packages simply remove all X11 options by
setting PKG_OPTIONS.emacs appropriately and include the corresponding
emacs Makefile. This allows for modifications to the emacs "X11"
versions to be automatically picked up by the "non-X11" versions.
The two corresponding versions of emacs now share the same version
numbering, including PKGREVISIONs.
Bump the PKGREVISIONs on all Emacs editor packages.
packages with the modular Xorg equivalent. Those are falling back
to the old location by default, so this commmit doesn't change
dependencies.
graphics/xpm ==> x11/libXpm
fonts/Xft2 ==> x11/libXft
x11/Xfixes ==> x11/libXfixes
x11/xcursor ==> x11/libXcursor
x11/Xrender ==> x11/libXrender
x11/Xrandr ==> libXrandr
NetBSD sort objects to setting the field separator to the same value as
the record separator. Since in this case the surrounding code guarantees
there will be no tabs in the input set the field separator to tab.
Bump PKGREVISION.
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
so that on 64bit systems it is actually a negative number, not a very
large positive one. Should fix PR pkg/29351.
Thanks to Martijn van Buul for giving me access to an amd64 box so I
could track this down. Bump PKGREVISION.
