- Fix runtime for gcc rpath. [1]
This is a regression of something that was working in the past. Please
keep the _GCC_RUNTIME handling even if removing USE_GCC as it may
come back again in the future and be forgotten.
- Fix build on 11.3 with ports ssl. [2]
PR: 245048 [1]
PR: 243315 [2]
Submitted by: John Hein <jcfyecrayz at liamekaens.com> [2]
Approved by: portmgr (implicit)
- Unbreak by using new upstream
The author restored the working version to github. The version in the
README is wrong (1.10) but is correct in CHANGELOG (1.10.1).
PR: 243852
Approved by: portmgr (implicit)
The PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 12.2, 11.7, 10.12,
9.6.17, 9.5.21, and 9.4.26. This release fixes one security issue found
in the PostgreSQL server and over 75 bugs reported over the last three
months.
Users should plan to update as soon as possible.
PostgreSQL 9.4 Now EOL
This is the last release for PostgreSQL 9.4, which will no longer
receive security updates and bug fixes. PostgreSQL 9.4 introduced new
features such as JSONB support, the `ALTER SYSTEM` command, the ability
to stream logical changes to an output plugin, and more:
https://www.postgresql.org/about/news/1557/https://www.postgresql.org/docs/9.4/release-9-4.html
While we are very proud of this release, these features are also found
in newer versions of PostgreSQL. Many of these features have also
received improvements, and, per our versioning policy, it is time to
retire PostgreSQL 9.4.
To receive continued support, we suggest that you make plans to upgrade
to a newer, supported version of PostgreSQL. Please see the PostgreSQL
versioning policy for more information.
Security Issues
* CVE-2020-1720: `ALTER ... DEPENDS ON EXTENSION` is missing
authorization checks.
Versions Affected: 9.6 - 12
The `ALTER ... DEPENDS ON EXTENSION` sub-commands do not perform
authorization checks, which can allow an unprivileged user to drop any
function, procedure, materialized view, index, or trigger under certain
conditions. This attack is possible if an administrator has installed an
extension and an unprivileged user can `CREATE`, or an extension owner
either executes `DROP EXTENSION` predictably or can be convinced to
execute `DROP EXTENSION`.
Release notes: https://www.postgresql.org/docs/current/release.html
databases/postgresql12-server: fix build on GCC architectures
Use LLVM only if Clang is used.
PR: 244225, 244985
Approved by: ports-secteam (joneum)
www/firefox: backport fix for a warning after r527804
JavaScript error: resource:///modules/BrowserGlue.jsm, line 2210: TypeError: Services.profiler is undefined
Approved by: ports-secteam blanket
Unbreak by making fetchable again. This necessitates updating from
3.3.0 to 3.3.3 in order to make fetchable again.
Assume maintainership.
PR: 244998
Submitted by: cy
Reported by: cy
Approved by: maintainer (Adam McDougall <mcdouga9 at egr.msu.edu>)
Approved by: portmgr (joneum)
www/nextcloud: Update to 18.0.0
www/nextcloud: Update to 18.0.1
www/nextcloud: Update to 18.0.2
www/nextcloud: Security update to 18.0.3
- Further vuln info not yet disclosed
PR: 245016
Reported by: Marko Cupac <marko cupac mimar rs>
Approved by: ports-secteam (joneum)
games/scummvm: Unbreak build with FLUIDSYNTH=on
games/scummvm: Update to 2.1.1
Clean-up some stage QA warnings/issues while I'm here:
* Fix pkg-plist issues if the MP3 option is set to off.
* Add "iconv" to USES as scummvm is linked against libiconv.so.
* Also add "--disable-ogg" to VORBIS_CONFIGURE_OFF if the VORBIS option is
set to off. Otherwise scummvm is linked against "libogg.so" which is a
dependency of the VORBIS option but "libogg.so" is already pulled in via
the non-conditional "libtheoradec.so".
Changelog:
https://www.scummvm.org/news/20200131/
PR: 244272
Approved by: maintainer timeout (4+ weeks)
Approved by: ports-secteam build/bugfix blanket
www/gitea: Use OPTIONS_SUB
gitea: Update to 1.11.3
This release fixes three bugs.
Release notes: https://blog.gitea.io/2020/03/gitea-1.11.3-and-1.10.6-released/
Also fix LDFLAGS so that the version number (among other things) is built into
the binary correctly, and make the regexp used in the Makefile work with
bsdgrep (both thanks to adamw).
Will MFH due to bsdgrep build failure and stopwatch panic fix.
PR: 244898
Submitted by: maintainer
Approved by: portmgr (with hat)
sysutils/u-boot-rpi{3,4}: Add patch to fix PSCI stub reservation
For the traditional spin table setup, only the lowest page needs
to be reserved. However, our PSCI stubs are slightly bigger and occupy
a little over one page. These patches, already sent upstream, allow a
variable number of initial pages to be reserved for the SMP stubs. We
then set the values for these in our fragment to '2' to reserve the first
and second page.
Approved by: koobs (mentor)
Approved by: manu (uboot, maintainer)
Differential Revision: https://reviews.freebsd.org/D24085
Approved by: ports-secteam (joneum)
Fix the virtualenvwrapper_lazy.sh wrapper to invoke the Python
versions-specific virtualenvwrapper.sh script that the port/package was
built with, preventing the following error:
ERROR: virtualenvwrapper_lazy.sh: Could not find virtualenvwrapper.sh
While I'm here:
- Update pkg-descr WWW: URL to match setup.py:homepage
- Update COMMENT to match setup.py:summary
Approved by: portmgr (blanket: ports (python) compliance, run-time bugfix)
Approved by: ports-secteam (blanket: ports (python) compliance, run-time bugfix)
security/bro: Update to 3.0.3 and address a number of potential
denial of service issues:
https://github.com/zeek/zeek/releases/tag/v3.0.2https://github.com/zeek/zeek/releases/tag/v3.0.3
- Potential Denial of Service due to memory leak in DNS TSIG message
parsing.
- Potential Denial of Service due to memory leak (or assertion
when compiling with assertions enabled) when receiving a second
SSH KEX message after a first.
- Potential Denial of Service due to buffer read overflow and/or
memory leaks in Kerberos analyzer. The buffer read overflow
could occur when the Kerberos message indicates it contains an
IPv6 address, but does not send enough data to parse out a full
IPv6 address. A memory leak could occur when processing KRB_KDC_REQ
KRB_KDC_REP messages for message types that do not match a
known/expected type.
- Potential Denial of Service when sending many zero-length SSL/TLS
certificate data. Such messages underwent the full Zeek file
analysis treatment which is expensive (and meaninguless here)
compared to how cheaply one can "create" or otherwise indicate
many zero-length contained in an SSL message.
- Potential Denial of Service due to buffer read overflow in SMB
transaction data string handling. The length of strings being
parsed from SMB messages was trusted to be whatever the message
claimed instead of the actual length of data found in the message.
- Potential Denial of Service due to null pointer dereference in
FTP ADAT Base64 decoding.
- Potential Denial of Service due buffer read overflow in FTP
analyzer word/whitespace handling. This typically won't be a
problem in most default deployments of Zeek since the FTP analyzer
receives data from a ContentLine (NVT) support analyzer which
first null-terminates the buffer used for further FTP parsing.
Approved by: ler (mentor, implicit)
Security: 4ae135f7-85cd-4c32-ad94-358271b31f7f
Approved by: ports-secteam (joneum)
security/softether5: fix build on aarch64
Tested on Amazon EC2 A1 instances with FreeBSD/ARM 12 image[1].
Build on mips also should be fixed (not actually tested).
[1] https://aws.amazon.com/marketplace/pp/B081NF7BY7
Sponsored by: HAW International
Approved by: portmgr branket (fix build)
Merge ports r526348 (update to 136, bugfix release) which should have
been merged with ports r528329
PR: 244750
Approved by: ports-secteam (blanket: bugfix release, fix quarterly regression)
/dev/stdin is a non-portable non-POSIX extension having different
semantics on different operating systems. zininfo(1) exits with 9 when
/dev/stdin is supplied on FreeBSD. In fact, unzip(1) explicitly documents
that it does not support reading from stdin.
[1] https://lists.reproducible-builds.org/pipermail/diffoscope/2020-March/002632.html
PR: 244750
Submitted by: Michael Osipov <michael.osipov siemens com>
Approved by: ports-secteam (blanket: runtime bugfix)
This fix a Problem, when MySQL build with libressl
/var/ports/usr/ports/databases/mysql56-client/work/mysql-5.6.47/vio/viosslfactories.c:230:25: error: use of undeclared identifier 'SSL_OP_NO_TLSv1_3'
SSL_OP_NO_TLSv1_3 |
^
/var/ports/usr/ports/databases/mysql56-client/work/mysql-5.6.47/vio/viosslfactories.c:275:12: warning: implicit declaration of function 'SSL_CTX_set_ciphersuites' is invalid in C99 [-Wimplicit-function-declaration]
if (0 == SSL_CTX_set_ciphersuites(ssl_fd->ssl_context, ""))
Special thanks for his help to: fluffy
PR: 244320
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (joneum)
emulators/virtualbox-ose: use contemporary GCC instead of old llvm
The bug in PR 236616 resulted in virtualbox getting pinned to llvm7. This is
less than ideal, and in-fact has been broken by improvements to
machine/atomic.h
on x86 that require a more modern compiler.
Switch the build to USE_GCC= any. The patches that were previously applied
if COMPILER_TYPE == clang are actually needed by newer GCCs as well, so make
those
standard patches instead, folding the Config.kmk patches together.
We should put some effort into testing llvm10 and working out why llvm
breaks
it, but fixing the build is more important at the moment.
Q/A:
* portlint (pre-existing issues; none in current patch)
* testport (-CURRENT, amd64)
* run testing by madpilot@
PR: 244603
Approved by: koobs (mentor), bapt (mentor)
Approved by: portmgr (blanket: build fix)
Differential Revision: https://reviews.freebsd.org/D23967
Approved by: ports-secteam (blanket: build fix)
Update to upstream version 44.0.0
Details:
- Mostly bugfixes, see
https://mkvtoolnix.download/doc/NEWS.md
but also a helpful new feature:
- MKVToolNix GUI: header editor: the attachments can now
be reordered via drag & drop.
Approved by: ports-secteam (riggs)
