databases/mysql57-{client, server}: Update to latest release 5.7.25
This update (released on Jan 21st) includes:
Deprecation:
-Tools resolveip and resolve_stack_dump utilities are now deprecated.
(Will be removed on MySQL8.0).
Bugfix:
-Fix a memory leak caused by a dangling pointer. (Bug #28693568)
-Fix mishandling of SIGHUP by server could result in a server exit.
(Bug #27966483, Bug #90742).
-Correct potential incorrect out-of-memory checks performed by parser.
(Bug #25633994).
More info from upstream:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html
PR: 234983
Reported by: Markus Kohlmeyer < rootservice@gmail.com >
Sponsored by: The FreeBSD Foundation
Approved by: ports-secteam (feld, CVE-patch blanket)
databases/mysql56-{client, server}: Update to latest release 5.6.43
This update (released on Jan 21st) includes:
Bugfix:
-Correct the handling of quotes for identifiers in
ROLLBACK TO SAVEPOINT statements.
-Don't permit creation of dbs with same name as redo log file
(Bug #28867993).
-Use strncmp() instead of memcmp() for comparing logfile names
(prevent the uninitialized memory as result).
More info from upstream:
https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-43.html
Sponsored by: The FreeBSD Foundation
Approved by: ports-secteam (feld, CVE-patch blanket)
databases/mysql80-client: Fix output of mysql_config for ldflags
Make `mysql_config` not show non-existing libraries as output of `--lib`.
(`imported_crypto` and `imported_openssl` which seem to be for internal use)
This issue made build-failures on downstream codes that rely on
correct output to use for their LDFLAGS (like mail/dovecot).
Reported by: ler
Sponsored by: The FreeBSD Foundation
Approved by: portmgr (bugfix blanket)
Recreate symlinks instead of renaming them, so they point to the right
file.
PR: 226403
Submitted by: Tatu Kilappa <tatu.kilappa@iki.fi>
Approved by: ports-secteam (blanket)
- Update to 2.4.1 (fix maxmind DB warning that is no longer valid)
- Fix EADDRNOTAVAIL issue under FreeBSD when using IPs bound to loopback interfaces
- Bump PORTREVISION
Obtained from: upstream PR #175
Approved by: ports-secteam (with hat)
databases/pgpool-II-40: Actually unbreak PAM option after r490475
Do not pass --without-pam to configure as it does not appear to
work correctly. It also defines USE_PAM in config.h even when it
should not be defined and the build breaks.
auth/pool_hba.c:157:24: error: variable has incomplete type 'struct pam_conv'
static struct pam_conv pam_passw_conv = {
^
http://beefy3.nyi.freebsd.org/data/112amd64-quarterly/490502/logs/errors/pgpool-II40-4.0.2_2.log
Pointy hat: tobik
Approved by: tz (maintainer)
Approved by: ports-secteam build fix blanket
databases/pgpool-II-40: Unbreak PAM option
The PAM option is tangled up with the SSL option in a weird way.
SSL_CONFIGURE_WITH is set once before bsd.port.options.mk for
enabling SSL support and overwritten again after including
bsd.port.options.mk but only when PAM=on.
Setting options helper after this point is not really supported,
but --with-pam actually makes it to CONFIGURE_ARGS. When options
helpers are processed the results are only realized later by make(1).
SSL_CONFIGURE_WITH has been defined before including bsd.port.options.mk,
so this sort of "works".
This, however, is presumably an implementation detail and enabling
the PAM option breaks SSL support since SSL_CONFIGURE_WITH is
overwritten with a new value: CONFIGURE_ARGS only has --with-pam
left and is missing --with-openssl.
PAM support does not depend on SSL support. Just switch everything
to options helpers to fix this.
PR: 234817
Submitted by: tobik
Approved by: tz (maintainer)
Approved by: ports-secteam build fix blanket
audio/oss: unbreak in FreeBSD > 12
Unbreak port in FreeBSD 12 and 13-CURRENT. Broken most likely due to r335879.
While here:
* Add missing LIB_DEPENDS and USES for ossxmix
* Reorder some variables
PR: 233018
Reported by: sergey@akhmatov.ru
Approved by: ports-secteam (miwi)
Update 1.8.26 --> 1.8.27
Notable changes:
* Fixes and clarifications to the sudo plugin documentation.
* The sudo manuals no longer require extensive post-processing to
hide system-specific features. Conditionals in the roff source
are now used instead. This fixes corruption of the sudo manual
on systems without BSD login classes. Bug #861.
* If an I/O logging plugin is configured but the plugin does not
actually log any I/O, sudo will no longer force the command to
be run in a pseudo-tty.
* The fix for bug #843 in sudo 1.8.24 was incomplete. If the
user's password was expired or needed to be updated, but no sudo
password was required, the PAM handle was freed too early,
resulting in a failure when processing PAM session modules.
* In visudo, it is now possible to specify the path to sudoers
without using the -f option. Bug #864.
* Fixed a bug introduced in sudo 1.8.22 where the utmp (or utmpx)
file would not be updated when a command was run in a pseudo-tty.
Bug #865.
* Sudo now sets the silent flag when opening the PAM session except
when running a shell via "sudo -s" or "sudo -i". This prevents
the pam_lastlog module from printing the last login information
for each sudo command. Bug #867.
PR: 234904
Submitted by: cy@
Approved by: garga@ (maintainer)
Approved by: portmgr (miwi@)
lang/php73: Upgrade from 7.3.0 to 7.3.1
Changelog:
Core:
Fixed bug #76654 (Build failure on Mac OS X on 32-bit Intel).
Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line).
Fixed bug #77291 (magic methods inherited from a trait may be ignored).
CURL:
Fixed bug #77264 (curl_getinfo returning microseconds, not seconds).
COM:
Fixed bug #77177 (Serializing or unserializing COM objects crashes).
Exif:
Fixed bug #77184 (Unsigned rational numbers are written out as signed rationals).
GD:
Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()).
Fixed bug #77198 (auto cropping has insufficient precision).
Fixed bug #77200 (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free).
Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap).
MBString:
Fixed bug #77367 (Negative size parameter in mb_split).
Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node).
Fixed bug #77381 (heap buffer overflow in multibyte match_at).
Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string).
Fixed bug #77385 (buffer overflow in fetch_token).
Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code).
OCI8:
Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working).
Added oci_set_call_timeout() for call timeouts.
Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
Opcache:
Fixed bug #77215 (CFG assertion failure on multiple finalizing switch frees in one block).
Fixed bug #77275 (OPcache optimization problem for ArrayAccess->offsetGet).
PCRE:
Fixed bug #77193 (Infinite loop in preg_replace_callback).
PDO:
Handle invalid index passed to PDOStatement::fetchColumn() as error.
Phar:
Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext).
Soap:
Fixed bug #77088 (Segfault when using SoapClient with null options).
Sockets:
Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
Sodium:
Fixed bug #77297 (SodiumException segfaults on PHP 7.3).
SPL:
Fixed bug #77359 (spl_autoload causes segfault).
Fixed bug #77360 (class_uses causes segfault).
SQLite3:
Fixed bug #77051 (Issue with re-binding on SQLite3).
Xmlrpc:
Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()).
Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code).
Changelog taken from: http://www.php.net/ChangeLog-7.php#7.3.1
Also removing the patch committed in r489721. The patch disables the use of
ifuncs and is part of the new relase 7.3.1.
Approved by: ports-secteam (miwi)
lang/php72: Upgrade from 7.2.13 to 7.2.14
Changelog:
Core:
Fixed bug #77369 (memcpy with negative length via crafted DNS response).
Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line).
COM:
Fixed bug #77177 (Serializing or unserializing COM objects crashes).
Date:
Fixed bug #77097 (DateTime::diff gives wrong diff when the actual diff is less than 1 second).
Exif:
Fixed bug #77184 (Unsigned rational numbers are written out as signed rationals).
GD:
Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free).
Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap).
Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()).
Fixed bug #77198 (auto cropping has insufficient precision).
Fixed bug #77200 (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
IMAP:
Fixed bug #77020 (null pointer dereference in imap_mail).
Mbstring:
Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node).
Fixed bug #77381 (heap buffer overflow in multibyte match_at).
Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string).
Fixed bug #77385 (buffer overflow in fetch_token).
Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code).
OCI8:
Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working).
Added oci_set_call_timeout() for call timeouts.
Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
Opcache:
Fixed bug #77215 (CFG assertion failure on multiple finalizing switch frees in one block).
PDO:
Handle invalid index passed to PDOStatement::fetchColumn() as error.
Phar:
Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext).
Sockets:
Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
SQLite3:
Fixed bug #77051 (Issue with re-binding on SQLite3).
Xmlrpc:
Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()).
Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code).
Changelog taken from: http://www.php.net/ChangeLog-7.php#7.2.14
Approved by: ports-secteam (miwi)
Deprecate net/GeoIP, and expire it at the end of the month
Note that only the legacy format is deprecated. The GeoIP2 databases
are alive and well.
I completely missed that GeoIP has been deprecated for the last year,
and it expired upstream last week. Maxmind no longer provides the
legacy database, rendering this port useless.
Users must switch to GeoIP2 immediately. OPTIONS changes and
instructions will be coming in the next few days.
See https://support.maxmind.com/geolite-legacy-discontinuation-notice/
Although it won't be purged from the quarterly branch, it probably
makes sense to MFH this deprecation notice.
PR: 234715
Reported by: rigoletto
Replace the geoipupdate.sh script (which just produced 404 errors) with
a message explaining why, and what to do about it.
Report failure to the caller in geoipupdate.sh
The script was returning an error due to the service not being offered anymore.
The update attempt was replaced with an information message, but it's better to
still return 1 as it did before to allow users detecting they have a problem.
Reported by: aramw (maintainer)
Extend the GeoIP expiration to a month from now to give
users a bit more time to find a new solution.
Approved by: portmgr (with hat)
databases/mysql80-{client, server}: Update ports to latest version 8.0.13
This update fixes several issues including CVEs.
Bug-fixes:
- Return better error messages for OpenSSL errors
- Incorrect copying of an integer value by X Plugin caused an
error relating to misaligned memory access
Improvement:
- Important Change: X Protocol now provides a connection pooling option
Upstream notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-13
While here, fix the build with GCC-based architectures too (ported from fix on MySQL57)
Sponsored by: The FreeBSD Foundation
Approved by: portmgr (bugfix blanket), ports-secteam (feld, CVE-patch blanket)
Update ibiblio.org MASTER_SITE which includes a reference to the version
number and was thus broken since we upgraded to Wine 4.0 RC1 in revision
r487184.
PR: 234459
Submitted by: Samy Mahmoudi <samy.mahmoudi@gmail.com>
Approved by: portmgr (miwi)
devel/synfig: Switch to textproc/gsed for build
The configure process for synfig uses GNU extensions (\s) in sed,
which currently get interpreted as an escape of an ordinary character.
Escapes of an ordinary character will be disallowed in future
versions of regex(3), so switch to gsed in advance to also do the
right thing.
As an aside, the \s usage may be potentially patched out, but submitter
opted to switch to gsed for now to ease maintenance burden. A later
run will be done to switch ports depending on gsed for build back
to sed when our sed becomes capable.
PR: 233438
Submitted by: kevans
Approved by: woodsb02 (maintainer)
Approved by: portmgr (miwi)
Details:
- Patch-level upstream update, contains mostly fixes for potential
runtime issues (e.g. null ptr dereferences)
- Committed directly to 2019Q1 due to branch differences to head
(multimedia/vlc3 collapsed into multimedia/vlc on head)
Approved by: ports-secteam (riggs)
