This is a direct commit to 2019Q2. The version in head contains many
other changes that are intentionally being tested there before
showing up in quarterly.
Security: CVE-2019-12735
Approved by: portmgr (with hat)
Update to r52910 from the FreeBSD docset.
Approved by: doceng (implicit)
Update to r53120 from the FreeBSD docset (a.k.a. 11.3-R version)
Approved by: doceng (implicit)
Approved by: portmgr (blanket)
Mark BROKEN on FreeBSD 12 and 13
Traceback (most recent call last):
File "scripts/python/make-dist.py", line 294, in <module>
Setup(InstallRoot_CompilerWithPrevious, InstallRoot_CompilerWithSelf)
File "scripts/python/make-dist.py", line 268, in Setup
reload(pylib) or FatalError()
File "/wrkdirs/usr/ports/lang/modula3/work/cm3-b2ce705/scripts/python/pylib.py", line 655, in <module>
if Host.endswith("_NT") or Host == "NT386":
AttributeError: 'NoneType' object has no attribute 'endswith'
Reported by: pkg-fallout
Fix named when using plugins and chroot.
BIND9 introduced plugins and migrated the filter-aaaa feature to a
plugin.
As it loads its plugins late in the startup process (read after chroot),
the plugins need to be available in the chroot.
Also, refactor the code now that a second directory need to be handled.
PR: 238011
Reported by: ryan@timewasted.me
Bumped seahub version for init script to fix gunicorn binary name
Fix checksum due to retagged version
Change currently unused init var seahub_host so
there is no breakage for current users of seahub.
Change hard coded 0.0.0.0 for gunicorn start to
seahub_host.
PR: 237366 237367
Approved by: ports-secteam (joneum)
Add the 11.3-BETA3 MANIFEST files.
Remove the 11.3-BETA2 MANIFEST files.
Approved by: portmgr (implicit, re blanket)
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
www/gitea: Update to 1.8.2
Changelog:
* Fix possbile mysql invalid connnection error
* Handle invalid administrator username on install page
* Disable arm7 builds
* Fix default for allowing new organization creation for new users
* SearchRepositoryByName improvements and unification
* Fix u2f registrationlist ToRegistrations() method
* Allow collaborators to view repo owned by private org
* Use AppURL for Oauth user link
* Escape the commit message on issues update
* Fix regression for API users search
* Handle early git version's lack of get-url
* Fix wrong init dependency on markup extensions
https://github.com/go-gitea/gitea/releases/tag/v1.8.2
PR: 238239
Submitted by: stb@lassitu.de (maintainer)
Approved by: ports-secteam (miwi)
security/bro: Update to 2.6.2 and address several denial of service
vulnerabilities:
https://raw.githubusercontent.com/zeek/zeek/bb979702cf9a2fa67b8d1a1c7f88d0b56c6af104/NEWS
- Integer type mismatches in BinPAC-generated parser code and Bro
analyzer code may allow for crafted packet data to cause
unintentional code paths in the analysis logic to be taken due
to unsafe integer conversions causing the parser and analysis
logic to each expect different fields to have been parsed. One
such example, reported by Maksim Shudrak, causes the Kerberos
analyzer to dereference a null pointer. CVE-2019-12175 was
assigned for this issue.
- The Kerberos parser allows for several fields to be left
uninitialized, but they were not marked with an &optional attribute
and several usages lacked existence checks. Crafted packet data
could potentially cause an attempt to access such uninitialized
fields, generate a runtime error/exception, and leak memory.
Existence checks and &optional attributes have been added to the
relevent Kerberos fields.
- BinPAC-generated protocol parsers commonly contain fields whose
length is derived from other packet input, and for those that
allow for incremental parsing, BinPAC did not impose a limit on
how large such a field could grow, allowing for remotely-controlled
packet data to cause growth of BinPAC's flowbuffer bounded only
by the numeric limit of an unsigned 64-bit integer, leading to
memory exhaustion. There is now a generalized limit for how
large flowbuffers are allowed to grow, tunable by setting
"BinPAC::flowbuffer_capacity_max".
Approved by: ler (mentor, implicit)
Security: 177fa455-48fc-4ded-ba1b-9975caa7f62a
Approved by: ports-secteam (miwi)
Update e2fsprogs to new upstream release 1.45.2
Various bugfixes, and added Portuguese locale.
Update the Czech, Malay, Polish, Spanish, Swedish, and Ukarainian translations.
Release notes:
<http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.2>
Approved by: ports-secteam (miwi)
tsocks(8) suggests the the following line (twice):
LD_PRELOAD=/usr/local/lib/tsocks/libtsocks.so
This is wrong, because the library is installed under regular path,
without the `tsocks' subdirectory.
Fix the manpage accordingly.
Notified by: danfe
Approved by: ports-secteam (blanket)
Belatedly add MANIFEST files for 11.3-BETA1.
Approved by: portmgr (implicit, re blanket)
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
Approved by: portmgr (with hat)
Update neovim to 0.3.5
Maintenance release to fix issues found in v0.3.4.
options: properly reset directories on 'autochdir'
Remove MSVC optimization workaround for SHM_ALL
Make SHM_ALL to a variable instead of a compound literal #define
doc: mention "pynvim" module rename
screen: don't crash when drawing popupmenu with 'rightleft' option
look-behind match may use the wrong line number
:terminal : set topline based on window height
:recover : Fix crash on non-existent *.swp
Disable LuaJIT on non-x86 architectures
The version of LuaJIT in port doesn't work well (or at all) for neovim
on non-x86 architectures. Plus, some users (at least the submitter, who
made a good argument for it) may not want LuaJIT at all.
So, make LuaJIT an OPTION. Enable it by default, and exclude it from
all the archs that LuaJIT+neovim doesn't work on. Fall back instead on
normal Lua.
PR: 238079
Submitted by: Greg V
Fix build when using GCC. Needed by GCC architectures.
Tested for no breakage on amd64 with Clang.
PR: 235921
Reviewed by: tcberner
Approved by: tcberner (mentor)
devel/qt5: Follow-up to r499101
- Move the GCC related path fix into freebsd-g++/qmake.conf
Otherwise the inclusion of the GCC path would break clang
based systems when gcc-${GCC_DEFAULT} was installed.
- This might break GCC architectures again, and if so, that
will be fixed in a follow up commit.
PR: 235921
qt5: fix build on gcc architectures
- the sed call was only replacing one of the %%LOCALBASE%% by ${LOCALBASE},
due to the missing 'g' flag to the sed call.
- with this change the gcc architectures should be able to build Qt5 again.
PR: 237745
Submitted by: Mark Millard <marklmi26-fbsd@yahoo.com>, jwb
Reported by: pkubaj
Approved by: ports-secteam (joneum via irc)
