Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 29 Nov 2012 20:33:20 +0000 (UTC)
From:      Olli Hauer <ohauer@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r307978 - in head: security/vuxml www/yahoo-ui
Message-ID:  <201211292033.qATKXKpS051007@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: ohauer
Date: Thu Nov 29 20:33:19 2012
New Revision: 307978
URL: http://svnweb.freebsd.org/changeset/ports/307978

Log:
  www/yahoo-ui
   - fix CVE-2012-5881
  
  security/vuxml
   - adjust version (we have only 2.8.2 in the tree)
  
  Feature safe: yes
  
  Approved by:	glarkin (maintainer) explicit

Modified:
  head/security/vuxml/vuln.xml
  head/www/yahoo-ui/Makefile   (contents, props changed)
  head/www/yahoo-ui/distinfo   (contents, props changed)

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Nov 29 19:45:24 2012	(r307977)
+++ head/security/vuxml/vuln.xml	Thu Nov 29 20:33:19 2012	(r307978)
@@ -56,7 +56,7 @@ Note:  Please add new entries to the beg
     <affects>
       <package>
 	<name>yahoo-ui</name>
-	<range><lt>3.0.0</lt></range>
+	<range><le>2.8.2</le></range>
       </package>
     </affects>
     <description>
@@ -82,7 +82,7 @@ Note:  Please add new entries to the beg
     <dates>
       <discovery>2012-10-30</discovery>
       <entry>2012-11-27</entry>
-      <modified>2012-11-28</modified>
+      <modified>2012-11-29</modified>
     </dates>
   </vuln>
 

Modified: head/www/yahoo-ui/Makefile
==============================================================================
--- head/www/yahoo-ui/Makefile	Thu Nov 29 19:45:24 2012	(r307977)
+++ head/www/yahoo-ui/Makefile	Thu Nov 29 20:33:19 2012	(r307978)
@@ -1,19 +1,22 @@
 # $FreeBSD$
 
 PORTNAME=	yahoo
-PORTVERSION=	2.8.2
+DISTVERSION=	2.8.2
+PORTREVISION=	1
 CATEGORIES=	www
-MASTER_SITES=	http://yuilibrary.com/downloads/yui2/
+MASTER_SITES=	http://yuilibrary.com/downloads/yui2/:main \
+		http://yuilibrary.com/support/20121030-vulnerability/dropin_patches/:patch
 PKGNAMESUFFIX=	-ui
-DISTNAME=	yui_${PORTVERSION}r1
+DISTFILES=	yui_${DISTVERSION}r1.zip:main \
+		charts-${DISTVERSION:S/.//g}.zip:patch \
+		swfstore-${DISTVERSION:S/.//g}.zip:patch \
+		uploader-${DISTVERSION:S/.//g}.zip:patch
 
 MAINTAINER=	glarkin@FreeBSD.org
 COMMENT=	The Yahoo! User Interface (YUI) Library
 
 LICENSE=	BSD
 
-FORBIDDEN=	CVE-2012-5881 Cross-site scripting (XSS) vulnerability in the Flash component infrastructure
-
 USE_ZIP=	yes
 
 WRKSRC=		${WRKDIR}/yui
@@ -53,6 +56,17 @@ SUB_LIST+=	HASHMARK2=
 PLIST_SUB+=	NOAPACHE="@comment "
 .endif
 
+pre-patch:
+	@${FIND} ${WRKSRC} -type f \( -name charts.swf -o -name swfstore.swf -o -name uploader.swf \) -delete
+
+post-patch: .SILENT
+	${INSTALL_DATA} ${WRKDIR}/charts-${DISTVERSION:S/.//g}/charts.swf ${WRKSRC}/build/charts/assets/charts.swf
+	${INSTALL_DATA} ${WRKDIR}/swfstore-${DISTVERSION:S/.//g}/swfstore.swf ${WRKSRC}/build/swfstore/swfstore.swf
+	${INSTALL_DATA} ${WRKDIR}/swfstore-${DISTVERSION:S/.//g}/swfstore.swf ${WRKSRC}/examples/storage/swfstore.swf
+	${INSTALL_DATA} ${WRKDIR}/swfstore-${DISTVERSION:S/.//g}/swfstore.swf ${WRKSRC}/examples/swfstore/swfstore.swf
+	${INSTALL_DATA} ${WRKDIR}/uploader-${DISTVERSION:S/.//g}/uploader.swf ${WRKSRC}/build/uploader/assets/uploader.swf
+	${INSTALL_DATA} ${WRKDIR}/uploader-${DISTVERSION:S/.//g}/uploader.swf ${WRKSRC}/examples/uploader/assets/uploader.swf
+
 do-install:
 	@cd ${WRKSRC} && ${COPYTREE_SHARE} "assets build index.html \
 		tests" ${WWWDIR}

Modified: head/www/yahoo-ui/distinfo
==============================================================================
--- head/www/yahoo-ui/distinfo	Thu Nov 29 19:45:24 2012	(r307977)
+++ head/www/yahoo-ui/distinfo	Thu Nov 29 20:33:19 2012	(r307978)
@@ -1,2 +1,8 @@
 SHA256 (yui_2.8.2r1.zip) = 45ef73ca1956af72006ed07daa670bd552c2bccb6c25d8bd7fcf82054277c67c
 SIZE (yui_2.8.2r1.zip) = 13627195
+SHA256 (charts-282.zip) = 43b9085a4e3406c7fd49c32cf4f27487edd23596a31c65ce24e0dbdd466e719d
+SIZE (charts-282.zip) = 81636
+SHA256 (swfstore-282.zip) = 8a2b91dc76e49165be71b79f5567325719e80562c78d2812a4f879350920b162
+SIZE (swfstore-282.zip) = 5042
+SHA256 (uploader-282.zip) = 6c7dd6c6379e571f6d3efb3f978c429b3763adddc9fdd3c94b06830b988bc251
+SIZE (uploader-282.zip) = 7440



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211292033.qATKXKpS051007>