svn commit: r307978 - in head: security/vuxml www/yahoo-ui
Olli Hauer
ohauer at FreeBSD.org
Thu Nov 29 20:33:21 UTC 2012
Author: ohauer
Date: Thu Nov 29 20:33:19 2012
New Revision: 307978
URL: http://svnweb.freebsd.org/changeset/ports/307978
Log:
www/yahoo-ui
- fix CVE-2012-5881
security/vuxml
- adjust version (we have only 2.8.2 in the tree)
Feature safe: yes
Approved by: glarkin (maintainer) explicit
Modified:
head/security/vuxml/vuln.xml
head/www/yahoo-ui/Makefile (contents, props changed)
head/www/yahoo-ui/distinfo (contents, props changed)
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Nov 29 19:45:24 2012 (r307977)
+++ head/security/vuxml/vuln.xml Thu Nov 29 20:33:19 2012 (r307978)
@@ -56,7 +56,7 @@ Note: Please add new entries to the beg
<affects>
<package>
<name>yahoo-ui</name>
- <range><lt>3.0.0</lt></range>
+ <range><le>2.8.2</le></range>
</package>
</affects>
<description>
@@ -82,7 +82,7 @@ Note: Please add new entries to the beg
<dates>
<discovery>2012-10-30</discovery>
<entry>2012-11-27</entry>
- <modified>2012-11-28</modified>
+ <modified>2012-11-29</modified>
</dates>
</vuln>
Modified: head/www/yahoo-ui/Makefile
==============================================================================
--- head/www/yahoo-ui/Makefile Thu Nov 29 19:45:24 2012 (r307977)
+++ head/www/yahoo-ui/Makefile Thu Nov 29 20:33:19 2012 (r307978)
@@ -1,19 +1,22 @@
# $FreeBSD$
PORTNAME= yahoo
-PORTVERSION= 2.8.2
+DISTVERSION= 2.8.2
+PORTREVISION= 1
CATEGORIES= www
-MASTER_SITES= http://yuilibrary.com/downloads/yui2/
+MASTER_SITES= http://yuilibrary.com/downloads/yui2/:main \
+ http://yuilibrary.com/support/20121030-vulnerability/dropin_patches/:patch
PKGNAMESUFFIX= -ui
-DISTNAME= yui_${PORTVERSION}r1
+DISTFILES= yui_${DISTVERSION}r1.zip:main \
+ charts-${DISTVERSION:S/.//g}.zip:patch \
+ swfstore-${DISTVERSION:S/.//g}.zip:patch \
+ uploader-${DISTVERSION:S/.//g}.zip:patch
MAINTAINER= glarkin at FreeBSD.org
COMMENT= The Yahoo! User Interface (YUI) Library
LICENSE= BSD
-FORBIDDEN= CVE-2012-5881 Cross-site scripting (XSS) vulnerability in the Flash component infrastructure
-
USE_ZIP= yes
WRKSRC= ${WRKDIR}/yui
@@ -53,6 +56,17 @@ SUB_LIST+= HASHMARK2=
PLIST_SUB+= NOAPACHE="@comment "
.endif
+pre-patch:
+ @${FIND} ${WRKSRC} -type f \( -name charts.swf -o -name swfstore.swf -o -name uploader.swf \) -delete
+
+post-patch: .SILENT
+ ${INSTALL_DATA} ${WRKDIR}/charts-${DISTVERSION:S/.//g}/charts.swf ${WRKSRC}/build/charts/assets/charts.swf
+ ${INSTALL_DATA} ${WRKDIR}/swfstore-${DISTVERSION:S/.//g}/swfstore.swf ${WRKSRC}/build/swfstore/swfstore.swf
+ ${INSTALL_DATA} ${WRKDIR}/swfstore-${DISTVERSION:S/.//g}/swfstore.swf ${WRKSRC}/examples/storage/swfstore.swf
+ ${INSTALL_DATA} ${WRKDIR}/swfstore-${DISTVERSION:S/.//g}/swfstore.swf ${WRKSRC}/examples/swfstore/swfstore.swf
+ ${INSTALL_DATA} ${WRKDIR}/uploader-${DISTVERSION:S/.//g}/uploader.swf ${WRKSRC}/build/uploader/assets/uploader.swf
+ ${INSTALL_DATA} ${WRKDIR}/uploader-${DISTVERSION:S/.//g}/uploader.swf ${WRKSRC}/examples/uploader/assets/uploader.swf
+
do-install:
@cd ${WRKSRC} && ${COPYTREE_SHARE} "assets build index.html \
tests" ${WWWDIR}
Modified: head/www/yahoo-ui/distinfo
==============================================================================
--- head/www/yahoo-ui/distinfo Thu Nov 29 19:45:24 2012 (r307977)
+++ head/www/yahoo-ui/distinfo Thu Nov 29 20:33:19 2012 (r307978)
@@ -1,2 +1,8 @@
SHA256 (yui_2.8.2r1.zip) = 45ef73ca1956af72006ed07daa670bd552c2bccb6c25d8bd7fcf82054277c67c
SIZE (yui_2.8.2r1.zip) = 13627195
+SHA256 (charts-282.zip) = 43b9085a4e3406c7fd49c32cf4f27487edd23596a31c65ce24e0dbdd466e719d
+SIZE (charts-282.zip) = 81636
+SHA256 (swfstore-282.zip) = 8a2b91dc76e49165be71b79f5567325719e80562c78d2812a4f879350920b162
+SIZE (swfstore-282.zip) = 5042
+SHA256 (uploader-282.zip) = 6c7dd6c6379e571f6d3efb3f978c429b3763adddc9fdd3c94b06830b988bc251
+SIZE (uploader-282.zip) = 7440
More information about the svn-ports-head
mailing list