Number of commits found: 25

Move acroread5 to acroread, as requested by tg and vs.

PR:             75371
Approved by:    portmgr (marcus)

security update to 5.0.10

advisory:
<URL:http://www.idefense.com/application/poi/display?id=161&type=vulnerabilities>
<URL:techdocs/331153.html">http://www.adobe.com/support/techdocs/331153.html>
and CAN-2004-1152

Submitted by:   hrs

* Fix typo introduced in previous commit.
* Add local workaround for supporting only linux_base and linux_base-8.

PR:             ports/60752
Reviewed by:    Submitter

Add missing dependency.

PR:             ports/60752
Submitted by:   Rong-En Fan <rafan at infor dot org>
Noted by:       dougb

* Update to 5.09.
* Unmark FORBIDDEN. According to idefense, vulnerability got fixed by
  vendor silently in this version.

PR:             ports/68294
Submitted by:   Linh Pham <question+freebsdpr at closedsrc dot org>
Approved by:    MAINTAINER time out

Mark forbidden due to arbitrary command execution.
<URL: http://vuxml.freebsd.org/78348ea2-ec91-11d8-b913-000c41e2cdad.html >

Record conflict with ports/print/acroread.

Submitted by:   Oliver Eikemeier

Use ${LINUXBASE} instead of /compat/linux.

Founded by:     Oleg Karachevtsev <ok at etrust dot ru>
Approved by:    trevor

Update to 5.0.8.  As reported by Paul Szabo in
<200307092234.h69MYHM43920@milan.maths.usyd.edu.au> on the
full-disclosure and bugtraq lists,

        Despite recent security fixes, an exploitable buffer overflow
        with long URL strings remains [in version 5.0.7]. The
        overflow occurs when you click on the link, and allows
        execution of arbitrary code.

Version 5.0.8 is a second attempt at correcting the problem.

Submitted by:  Shiozaki Takehiko of be.to

Also remove some cruft, and add another master site.  I only tested
this with linux_base-8-8.0_1.

Use ${LN} -sf if one installs acroread4 (or had it installed).

PR:             ports/41042
Submitted by:   Miguel Mendez <flynn@energyhq.homeip.net>
Approved by:    maintainer timeout (about 1 year)

Update to 5.07.

Acrobat Reader before 5.0.7 has a vulnerability that may
allow remote attackers to execute arbitrary commands on a
target system.

  Adobe Systems Incorporated Information for VU#200132
    http://www.kb.cert.org/vuls/id/IAFY-5MCQ4L
  CERT/CC Vulnerability Note VU#200132
    http://www.kb.cert.org/vuls/id/200132

PR:             ports/53479
Submitted by:   rushani
Approved by:    maintainer timeout (1 week)

Retire comment file.

Make further corrections to the use of sed:  the -i option had been
omitted and the -E option was, in one instance, used twice.  Change
PORTREVISION because runtime errors were reported by Arjan van
Leeuwen.

Submitted by:   KOMATSU Shinichiro and Niall Brady
PR:             41121 and 41605

While I'm here, make a whitespace change suggested by portlint.

The patching with sed was done incorrectly.  Patch the INSTALL
script with patch(1) only, not with both patch(1) and sed.  Correct
the use of sed for patching other files.

PR:             41121
Submitted by:   KOMATSU Shinichiro

Change PORTVERSION from 5.0.6 to 5.06.  The previous PORTVERSION
was 5.05, which pkg_version treats as greater than 5.0.6.

noticed by:  lioux

Update to 5.0.6.

The README says:

        A security patch was applied that solves the problem reported
        in http://online.securityfocus.com/archive/1/278984 where
        opening the font cache when the application starts up can
        unintentionally cause the permissions of other files to
        change.

I failed to reproduce the bug in version 5.0.5 and I have not tried
to reproduce it with this version.  The discoverer, Paul Szabo,
said that linked files could have not just their permissions changed,
but could be overwritten.  caveat lector.

PR:             40987
Submitted by:   Oliver Braun

Add a DIST_SUBDIR because neither the name of the distfile nor the
list of its contents ("tar tzvf" output) mention the name of the
program.

Mark forbidden because of possible security bug.  I have not yet
been able to reproduce the bug.

Set Miguel Mendez' ports loose.  Look out, world!

I would like to try maintaining the acroread5 one, so I pre-snarfed
it.  :-P

PR:             38978
Submitted by:   Miguel Mendez (outgoing maintainer)

Installation will fail if Linux strip is not found, allow the install
to go on if that happens.

PR:             38767
Submitted by:   MAINTAINER:  Miguel Mendez <flynn@energyhq.homeip.net>

Pass maintainership to Miguel Mendez <flynn@energyhq.homeip.net>.

Submitted by:   Miguel Mendez <flynn@energyhq.homeip.net>

Reset maintainer to ports@.

PR:             38740
Submitted by:   Sergey A. Osokin <osa@FreeBSD.org.ru> (previous maintainer)

USE_LINUX rather than explicitly listing the dependency.

None of the other acroread ports have the version number in the port name.

create {PREFIX}/bin/acroread if it does not exist.

Update acroread5 to acroread5

PR:             38449
Submitted by:   maintainer

Number of commits found: 25

12 vulnerabilities affecting 17 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities