Index: .
===================================================================
--- .	(revision 307979)
+++ .	(working copy)

Property changes on: .
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /head:r307861*,307907*,307977-307978*
Index: security
===================================================================
--- security	(revision 307979)
+++ security	(working copy)

Property changes on: security
___________________________________________________________________
Added: svn:mergeinfo
   Merged /head/security:r307153,307155-307157,307159,307161,307163,307167,307169-307170,307177-307178,307190,307194,307197-307198,307203-307204,307206,307208,307210,307217-307221,307247-307248,307256,307259-307261,307263,307275-307276,307279,307282,307286,307299,307334-307335,307348-307351,307374-307375,307387,307413-307414,307425,307428-307430,307465,307471,307474,307524,307534-307537,307606,307616-307617,307621,307665-307666,307733,307747,307811,307828,307855,307861*,307907*,307978*
Index: security/vuxml
===================================================================
--- security/vuxml	(revision 307979)
+++ security/vuxml	(working copy)

Property changes on: security/vuxml
___________________________________________________________________
Added: svn:mergeinfo
   Merged /head/security/vuxml:r307153,307155-307157,307159,307161,307163,307167,307169-307170,307177-307178,307190,307194,307197-307198,307203-307204,307206,307208,307210,307217-307221,307247-307248,307256,307259-307261,307263,307275-307276,307279,307282,307286,307299,307334-307335,307348-307351,307374-307375,307387,307413-307414,307425,307428-307430,307465,307471,307474,307524,307534-307537,307606,307616-307617,307621,307665-307666,307733,307747,307811,307828,307855,307861,307907,307978
Index: security/vuxml/vuln.xml
===================================================================
--- security/vuxml/vuln.xml	(revision 307979)
+++ security/vuxml/vuln.xml	(working copy)
@@ -51,6 +51,41 @@
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="aa4f86af-3172-11e2-ad21-20cf30e32f6d">
+    <topic>YUI JavaScript library -- JavaScript injection exploits in Flash components</topic>
+    <affects>
+      <package>
+	<name>yahoo-ui</name>
+	<range><le>2.8.2</le></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The YUI team reports:</p>
+	<blockquote cite="http://yuilibrary.com/support/20121030-vulnerability/">
+	  <h1>Vulnerability in YUI 2.4.0 through YUI 2.9.0</h1>
+	  <p>A XSS vulnerability has been discovered in some YUI 2 .swf files
+	    from versions 2.4.0 through 2.9.0. This defect allows JavaScript
+	    injection exploits to be created against domains that host affected
+	    YUI .swf files.</p>
+	  <p>If your site loads YUI 2 from a CDN (yui.yahooapis.com,
+	     ajax.googleapis.com, etc.) and not from your own domain, you
+	     are not affected. YUI 3 is not affected by this issue.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2012-5881</cvename>
+      <cvename>CVE-2012-5882</cvename>
+      <url>http://yuilibrary.com/support/20121030-vulnerability/</url>
+    </references>
+    <dates>
+      <discovery>2012-10-30</discovery>
+      <entry>2012-11-27</entry>
+      <modified>2012-11-29</modified>
+    </dates>
+  </vuln>
+
   <vuln vid="4d64fc61-3878-11e2-a4eb-00262d5ed8ee">
     <topic>chromium -- multiple vulnerabilities</topic>
     <affects>
@@ -484,13 +519,16 @@
       <url>https://bugzilla.mozilla.org/show_bug.cgi?id=802204</url>
       <cvename>CVE-2012-4189</cvename>
       <url>https://bugzilla.mozilla.org/show_bug.cgi?id=790296</url>
-      <cvename>CVE-2012-5475</cvename>
+      <cvename>CVE-2012-5881</cvename>
+      <cvename>CVE-2012-5882</cvename>
+      <cvename>CVE-2012-5883</cvename>
       <url>https://bugzilla.mozilla.org/show_bug.cgi?id=808845</url>
       <url>http://yuilibrary.com/support/20121030-vulnerability/</url>
     </references>
     <dates>
       <discovery>2012-11-13</discovery>
       <entry>2012-11-14</entry>
+      <modified>2012-11-27</modified>
     </dates>
   </vuln>
 
Index: www
===================================================================
--- www	(revision 307979)
+++ www	(working copy)

Property changes on: www
___________________________________________________________________
Added: svn:mergeinfo
   Merged /head/www:r307153,307155-307157,307159,307161,307163,307167,307169-307170,307177-307178,307190,307194,307197-307198,307203-307204,307206,307208,307210,307217-307221,307247-307248,307256,307259-307261,307263,307275-307276,307279,307282,307286,307299,307334-307335,307348-307351,307374-307375,307387,307413-307414,307425,307428-307430,307465,307471,307474,307524,307534-307537,307606,307616-307617,307621,307665-307666,307733,307747,307811,307828,307855,307861*,307978*
Index: www/yahoo-ui
===================================================================
--- www/yahoo-ui	(revision 307979)
+++ www/yahoo-ui	(working copy)

Property changes on: www/yahoo-ui
___________________________________________________________________
Added: svn:mergeinfo
   Merged /head/www/yahoo-ui:r307153,307155-307157,307159,307161,307163,307167,307169-307170,307177-307178,307190,307194,307197-307198,307203-307204,307206,307208,307210,307217-307221,307247-307248,307256,307259-307261,307263,307275-307276,307279,307282,307286,307299,307334-307335,307348-307351,307374-307375,307387,307413-307414,307425,307428-307430,307465,307471,307474,307524,307534-307537,307606,307616-307617,307621,307665-307666,307733,307747,307811,307828,307855,307861,307978
Index: www/yahoo-ui/Makefile
===================================================================
--- www/yahoo-ui/Makefile	(revision 307979)
+++ www/yahoo-ui/Makefile	(working copy)
@@ -1,22 +1,27 @@
 # $FreeBSD$
 
 PORTNAME=	yahoo
-PORTVERSION=	2.8.2
+DISTVERSION=	2.8.2
+PORTREVISION=	1
 CATEGORIES=	www
-MASTER_SITES=	http://yuilibrary.com/downloads/yui2/
+MASTER_SITES=	http://yuilibrary.com/downloads/yui2/:main \
+		http://yuilibrary.com/support/20121030-vulnerability/dropin_patches/:patch
 PKGNAMESUFFIX=	-ui
-DISTNAME=	yui_${PORTVERSION}r1
+DISTFILES=	yui_${DISTVERSION}r1.zip:main \
+		charts-${DISTVERSION:S/.//g}.zip:patch \
+		swfstore-${DISTVERSION:S/.//g}.zip:patch \
+		uploader-${DISTVERSION:S/.//g}.zip:patch
 
 MAINTAINER=	glarkin@FreeBSD.org
 COMMENT=	The Yahoo! User Interface (YUI) Library
 
+LICENSE=	BSD
+
 USE_ZIP=	yes
 
 WRKSRC=		${WRKDIR}/yui
 NO_BUILD=	yes
 
-LICENSE=	BSD
-
 OPTIONS=	APACHE	"Configure for Apache-2.x" off \
 		MINIMAL "Do not install documentation and examples" off
 
@@ -51,6 +56,17 @@
 PLIST_SUB+=	NOAPACHE="@comment "
 .endif
 
+pre-patch:
+	@${FIND} ${WRKSRC} -type f \( -name charts.swf -o -name swfstore.swf -o -name uploader.swf \) -delete
+
+post-patch: .SILENT
+	${INSTALL_DATA} ${WRKDIR}/charts-${DISTVERSION:S/.//g}/charts.swf ${WRKSRC}/build/charts/assets/charts.swf
+	${INSTALL_DATA} ${WRKDIR}/swfstore-${DISTVERSION:S/.//g}/swfstore.swf ${WRKSRC}/build/swfstore/swfstore.swf
+	${INSTALL_DATA} ${WRKDIR}/swfstore-${DISTVERSION:S/.//g}/swfstore.swf ${WRKSRC}/examples/storage/swfstore.swf
+	${INSTALL_DATA} ${WRKDIR}/swfstore-${DISTVERSION:S/.//g}/swfstore.swf ${WRKSRC}/examples/swfstore/swfstore.swf
+	${INSTALL_DATA} ${WRKDIR}/uploader-${DISTVERSION:S/.//g}/uploader.swf ${WRKSRC}/build/uploader/assets/uploader.swf
+	${INSTALL_DATA} ${WRKDIR}/uploader-${DISTVERSION:S/.//g}/uploader.swf ${WRKSRC}/examples/uploader/assets/uploader.swf
+
 do-install:
 	@cd ${WRKSRC} && ${COPYTREE_SHARE} "assets build index.html \
 		tests" ${WWWDIR}

Property changes on: www/yahoo-ui/Makefile
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Index: www/yahoo-ui/distinfo
===================================================================
--- www/yahoo-ui/distinfo	(revision 307979)
+++ www/yahoo-ui/distinfo	(working copy)
@@ -1,2 +1,8 @@
 SHA256 (yui_2.8.2r1.zip) = 45ef73ca1956af72006ed07daa670bd552c2bccb6c25d8bd7fcf82054277c67c
 SIZE (yui_2.8.2r1.zip) = 13627195
+SHA256 (charts-282.zip) = 43b9085a4e3406c7fd49c32cf4f27487edd23596a31c65ce24e0dbdd466e719d
+SIZE (charts-282.zip) = 81636
+SHA256 (swfstore-282.zip) = 8a2b91dc76e49165be71b79f5567325719e80562c78d2812a4f879350920b162
+SIZE (swfstore-282.zip) = 5042
+SHA256 (uploader-282.zip) = 6c7dd6c6379e571f6d3efb3f978c429b3763adddc9fdd3c94b06830b988bc251
+SIZE (uploader-282.zip) = 7440

Property changes on: www/yahoo-ui/distinfo
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property