From jhein@timing.com  Sat Nov 12 07:20:42 2011
Return-Path: <jhein@timing.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8BEB51065674
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 12 Nov 2011 07:20:42 +0000 (UTC)
	(envelope-from jhein@timing.com)
Received: from duck.timing.com (duck.symmetricom.us [206.168.13.214])
	by mx1.freebsd.org (Postfix) with ESMTP id 4A16D8FC08
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 12 Nov 2011 07:20:39 +0000 (UTC)
Received: from marvin.timing.com (marvin.symmetricom.us [206.168.13.207])
	by duck.timing.com (8.14.4/8.14.4) with ESMTP id pAC7KcuD091579;
	Sat, 12 Nov 2011 00:20:38 -0700 (MST)
	(envelope-from jhein@timing.com)
Received: from marvin.timing.com (localhost [127.0.0.1])
	by marvin.timing.com (8.14.4/8.14.4) with ESMTP id pAC7Kcns008456;
	Sat, 12 Nov 2011 00:20:38 -0700 (MST)
	(envelope-from jhein@marvin.timing.com)
Received: (from jhein@localhost)
	by marvin.timing.com (8.14.4/8.14.4/Submit) id pAC7Kclv008455;
	Sat, 12 Nov 2011 00:20:38 -0700 (MST)
	(envelope-from jhein)
Message-Id: <201111120720.pAC7Kclv008455@marvin.timing.com>
Date: Sat, 12 Nov 2011 00:20:38 -0700 (MST)
From: John Hein <jhein@symmetricom.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc: emulation@freebsd.org
Subject: www/linux-f10-flashplugin10 is vulnerable
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         162498
>Category:       ports
>Synopsis:       www/linux-f10-flashplugin10 is vulnerable
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    eadler
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 12 07:30:09 UTC 2011
>Closed-Date:    Sat Nov 12 08:05:16 UTC 2011
>Last-Modified:  Sun Nov 13 16:00:20 UTC 2011
>Originator:     John Hein
>Release:        
>Organization:
>Environment:
System:

>Description:
See http://www.adobe.com/support/security/bulletins/apsb11-28.html
Also the download url has changed slightly, so the 10.3.r183.10
port also doesn't fetch now.
While the 10.x flashplugin is still supported, this port should
be updated along with 11.x (ports/162476).

>How-To-Repeat:
>Fix:

Index: Makefile
===================================================================
RCS file: /base/FreeBSD-CVS/ports/www/linux-f10-flashplugin10/Makefile,v
retrieving revision 1.27
diff -u -p -r1.27 Makefile
--- Makefile	31 Oct 2011 21:16:53 -0000	1.27
+++ Makefile	12 Nov 2011 06:21:12 -0000
@@ -7,9 +7,9 @@
 #
 
 PORTNAME=	flashplugin
-PORTVERSION=	10.3r183.10
+PORTVERSION=	10.3r183.11
 CATEGORIES=	www multimedia linux
-MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/current/:plugin \
+MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/pdc/${PORTVERSION:C/r/./}/:plugin \
 		ftp://ftp.ipt.ru/pub/download/:suplib \
 		LOCAL/nox:suplib
 PKGNAMEPREFIX=	linux-f10-
Index: distinfo
===================================================================
RCS file: /base/FreeBSD-CVS/ports/www/linux-f10-flashplugin10/distinfo,v
retrieving revision 1.21
diff -u -p -r1.21 distinfo
--- distinfo	22 Sep 2011 20:47:10 -0000	1.21
+++ distinfo	11 Nov 2011 17:25:09 -0000
@@ -1,4 +1,4 @@
-SHA256 (flashplugin/10.3r183.10/install_flash_player_10_linux.tar.gz) = dfd5bbf4689465cc56b0a883b8368a1c13be6bdd0d594fc81a0129055e0b453a
-SIZE (flashplugin/10.3r183.10/install_flash_player_10_linux.tar.gz) = 5459935
-SHA256 (flashplugin/10.3r183.10/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
-SIZE (flashplugin/10.3r183.10/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
+SHA256 (flashplugin/10.3r183.11/install_flash_player_10_linux.tar.gz) = 57739e4333c2712409e0f47e0c681c2ae3eb495d1e9dc1d30fd8344c8e896d85
+SIZE (flashplugin/10.3r183.11/install_flash_player_10_linux.tar.gz) = 5460006
+SHA256 (flashplugin/10.3r183.11/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
+SIZE (flashplugin/10.3r183.11/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->emulation 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Sat Nov 12 07:30:23 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=162498 
State-Changed-From-To: open->closed 
State-Changed-By: miwi 
State-Changed-When: Sat Nov 12 08:05:15 UTC 2011 
State-Changed-Why:  
please update your portstree, its already committed since few ours. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=162498 
Responsible-Changed-From-To: emulation->eadler 
Responsible-Changed-By: eadler 
Responsible-Changed-When: Sun Nov 13 15:48:15 UTC 2011 
Responsible-Changed-Why:  
per nox@ I prefer this distfile over the one I committed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=162498 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/162498: commit references a PR
Date: Sun, 13 Nov 2011 15:52:47 +0000 (UTC)

 eadler      2011-11-13 15:52:39 UTC
 
   FreeBSD ports repository
 
   Modified files:
     www/linux-f10-flashplugin10 Makefile distinfo 
   Log:
   - user smaller distfile for plugin
   
   PR:             ports/162498
   Submitted by:   John Hein <jhein@symmetricom.com>
   Reviewed by:    nox
   Feature safe:   yes
   
   Revision  Changes    Path
   1.29      +2 -3      ports/www/linux-f10-flashplugin10/Makefile
   1.23      +3 -3      ports/www/linux-f10-flashplugin10/distinfo
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
