r532707 is not in 2020Q2 but 2020Q3 ETA in ~1 day, so use bundled ICU.
https://hg.mozilla.org/releases/mozilla-release/rev/61970f5454db
===> firefox-78.0_2,1 depends on package: icu>=67.1,1 - not found
===> Installing existing package /packages/All/icu-66.1,1.txz
[121amd64-quarterly-job-12] Installing icu-66.1,1...
[121amd64-quarterly-job-12] Extracting icu-66.1,1: .......... done
===> firefox-78.0_2,1 depends on package: icu>=67.1,1 - not found
*** Error code 1
Reported by: pkg-fallout
Approved by: ports-secteam blanket
This updates mail/mutt to 1.14.5
This merges all changes to mail/mutt that have been done to FreeBSD ports
head branch during the 2020Q2 period. This is needed in order to update
mail/mutt to 1.14.5 in order to fix security issues.
mail/mutt: upgrade 1.13.4 -> 1.13.5
- Bring back vvv quote/initials patches
- Remove NNTP option (XML as well)
- Update default option patches context
PR: 245175
Submitted by: Derek Schrock <dereks@lifeofadishwasher.com> (maintainer)
Relnotes: https://marc.info/?l=mutt-users&m=158542977114051&w=2
mail/mutt: update 1.13.5 -> 1.14.0
- Default DEBUG option
(very small performance impact and ~4% binary size increase)
PR: 246270
Submitted by: Derek Schrock <dereks@lifeofadishwasher.com> (maintainer)
Relnotes: http://www.mutt.org/relnotes/1.14/
mail/mutt: update 1.14.0 -> 1.14.1
- Rename DEBUG option to DEBUG_LOGS
- Add lang/perl5 deps that triggers a Muttrc rebuild
- Make smime patch optional due to perl build deps.
- Remove unnecessary doc patches and REINPLACE_CMD
- Move build changing patches to make targets
- ASPELL updates the (pre)built Muttrc to not require a rebuild
PR: 246559
Submitted by: Derek Schrock <dereks@lifeofadishwasher.com> (maintainer)
Relnotes: https://marc.info/?l=mutt-users&m=158965668315387&w=2
mail/mutt: Update to 1.14.2
ChangeLog: http://www.mutt.org/
PR: 246731
Submitted by: dereks@lifeofadishwasher.com (maintainer)
mail/mutt: Update to 1.14.3
- Update to 1.14.3
- Muttrc removed from dist. making perl a BUILD_DEPENDS
- manual.txt removed from dist. making lynx a DOCS_BUILD_DEPENDS
- Remove MASTER_SITES not updated or can't connect
PR: 247266
Submitted by: Derek Schrock <dereks@lifeofadishwasher.com> (maintainer)
Relnotes: https://marc.info/?l=mutt-users&m=159217236324614&w=2
mail/mutt: Update to 1.14.5
Update mail/mutt to 1.14.5, this is a security fix release, with fixes for
CVE-2020-14093 and CVE-2020-14954
PR: 247400
Submitted by: Derek Schrock
Security: 5b397852-b1d0-11ea-a11c-4437e6ad11c4
29b13a34-b1d2-11ea-a11c-4437e6ad11c4
Approved by: ports-secteam (joenum)
security/putty*: upgrade to 0.74 security fix release
Changelog:
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
among them are these two---and more bugfixes beyond not listed here:
* Security fix: if an SSH server accepted an offer of a public key
and then rejected the signature, PuTTY could access freed memory,
if the key had come from an SSH agent.
* Security feature: new config option to disable PuTTY's dynamic
host key preference policy, if you prefer to avoid giving away
to eavesdroppers which hosts you have stored keys for.
Security: 6190c0cd-b945-11ea-9401-2dcf562daa69
Security: CVE-2020-14002
Security: FZI-2020-5
security/putty*: rename and update LICENCE from tarball.
Approved by: ports-secteam (joneum@) [540716]
Approved by: ports-secteam (blanket, metadata update) [540718, 540719]
emulators/ppsspp: unbreak OLDJOY after r512863
SDL/SDLJoystick.cpp:24:13: error: no member named 'bPS3Controller' in 'Config'
g_Config.bPS3Controller = true;
~~~~~~~~ ^
SDL/SDLJoystick.cpp:27:22: error: no member named 'bPS3Controller' in 'Config'
if (g_Config.bPS3Controller)
~~~~~~~~ ^
Approved by: ports-secteam blanket
Update 4.2.8p14 --> 4.2.8p15
Summary: Systems that use a CMAC algorithm in ntp.keys will not release
a bit of memory on each packet that uses a CMAC keyid, eventually causing
ntpd to run out of memory and fail. The CMAC cleanup from
https://bugs.ntp.org/3447, part of ntp-4.2.8p11, introduced a bug whereby
the CMAC data structure was no longer completely removed.
Security: NTP Bug 3661
Approved by: portmgr (joneum)
databases/py-mysqlclient: revert gc threaded patch
It caused python sigabort with a "GC object already tracked" message in singlethreaded app.
This happens only with a fetchmany() on a streaming cursor, MySQLdb.cursors.SSCursor.
PR: 246313
Reported by: Jeroen Pulles <jeroen.pulles@gmail.com>
Approved by: ports-secteam (joneum)
multimedia/dav1d: unbreak on 12.1 i386 after r539947
ld: error: can't create dynamic relocation R_386_32 against local symbol in readonly segment; recompile object files with -fPIC or pass '-Wl,-z,notext' to allow text relocations in the output
>>> defined in src/25a6634@@dav1d@sha/mc_sse.obj
>>> referenced by ../src/x86/mc_sse.asm
>>> src/25a6634@@dav1d@sha/mc_sse.obj:(.text+0x6969)
Reported by: pkg-fallout
Approved by: ports-secteam blanket
python 3.5 will reach End-of-life on 2020-09-13
lang/python35: Fix security issues
The patches for CVE-2019-18348 and CVE-2020-8492 are in the 3.5 branch
and will be present in a next release.
PR: 246984
Approved by: python (with hat)
Security: ca595a25-91d8-11ea-b470-080027846a02 (CVE-2019-18348)
Security: a27b0bb6-84fc-11ea-b5b4-641c67a117d8 (CVE-2020-8492)
Approved by: ports-secteam (blanket, backport of security fix)
databases/mariadb104-server: Fix configuration location / overhaul
* Fix configuration location [1]
* Share patches between client and server
* Provide minimal configuration for client and server
* Make the wsrep config a sample only
* Fixup plists
PR: 246694 [1]
Reported by: <theis gmx at>
Approved by: ports-secteam (joneum)
ports-mgmt/pkg: Respect liblzma.pc if available.
ports-mgmt/pkg-devel: Respect liblzma.pc if available.
Note that this is meant to be a temporary hack and will be reverted once the
freebsd/pkg have solved this in the build infrastructure.
PR: 200142
Approved by: portmgr (bapt over IRC)
security/lynis: Update to 3.0.0
This is a major release but also fixes two security problems.
Security: CVE-2019-13033 CVE-2020-13882
Approved by: ports-secteam (joneum)
Fix runtime error by adding security/py-pycryptodome
and sysutils/py-distro dependencies.
Remove py-ioflo and py-ioflo from tcp transport as they are
not required anymore.
PR: 247391
Submitted by: ohauer@
Approved by: maintainer
Approved by: portmgr (blanket)
multimedia/handbrake: update to 1.3.3
HandBrake 1.3.3 has been released. This patch updates multimedia/handbrake port.
Here is list of changes from 1.3.2.
1. update to ffmpeg 4.2.3 in contrib files
2. code style fix of MASTER_SITES
3. update version.txt from upstream's source tarball.
4. mediainfo filename change
5. add powerpc to architectures list.
Submitted by: naito.yuichiro_gmail.com (maintainer)
Differential Revision: https://reviews.freebsd.org/D25292
Approved by: portmgr (bugfix blanket)
audio/supercollider: Update to 3.11.0
* Introduce additional default option AVAHI to make the use of the Avahi
libraries optional.
* Remove one patch and the whole patching via "post-patch" - both is no
longer needed.
* While I'm here: Prepare the port for Qt 5.15.0
Changelog:
https://github.com/supercollider/supercollider/releases/tag/Version-3.11.0
PR: 246320
Submitted by: shamaz.mazum@gmail.com
Approved by: Neal Nelson <ports@nicandneal.net> (maintainer)
Approved by: ports-secteam build fix blanket
textproc/py-pdfminer.six: Update to 20191110
* Use this release for a while as it's the last one that supports Python 2.7
which is still needed by textproc/scancode-toolkit.
* Backport two patches to fix the runtime of CLI scripts.
* Remove "dos2unix" and "shebangfix" macros as they're no longer required.
Changelog since 20181108:
https://github.com/pdfminer/pdfminer.six/blob/20191110/CHANGELOG.md
Approved by: ports-secteam (joneum)
net/freerdp: update to 2.1.0
This update incorporates many features and improvements since 2.0.0-rc4,
as well as a large mass of security fixes.
Full changelog available:
https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog
PR: 245517
Approved by: koobs (mentor)
Security: 669f3fe8-a07a-11ea-b83e-f0def1f5c5a2
net/freerdp: fix build on FreeBSD 11.x
Apparently this hadn't been caught in my test matrix -- it seems that later
versions of FreeBSD have a getmntent() definition that masked this error.
mntent_compat.c has been adopted from devel/fam, though a better solution
should be sought out going into the future.
Approved by: koobs (mentor, implicit, just-fix-it)
Approved by: ports-secteam (joneum)
databases/lmdb: in db_env_close0(), destroy robust mutexes if we are
the only remaining user.
When closing an lmdb database, all memory and file descriptor resources
are released, including the shared memory pages that contained the
robust mutex.
However, before this commit, prior to unmapping the pages that contained
the robust mutexex, lmdb did not destroy the mutexes first. This would
create a problem when an application opens and closes a database, then
open it again.
According to libthr(3), by default, a shared lock backed by a mapped
file in memory is automatically destroyed on the last unmap of the
corresponding file' page, which is allowed by POSIX.
After unmapping the shared pages, the kernel writes off all active
robust mutexes associated with these pages. However, the userland
threading library still keeps the record (pshared_lookup in
thr_pshared.c of libthr) for these objects as they are not really
destroyed before, so that it don't have to ask the kernel every
time when looking them up.
Now, a later re-open of the database might have mapped the lock file
to the same memory location. Because the threading library have
remembered the robust mutex object, it would just reuse it even though
it was already invalid from kernel's point of view. Unfortunately,
regular lock operations would still work for this process.
Should another lmdb process opens the same database, it would attempt
to obtain the robust mutex (no longer recognized by kernel) because it
would see another process holding a file lock, but that would fail
because the robust mutex is invalid for the kernel.
Explicitly destroy the mutex if we are the last remaining user to ensure
the mutex is always in a known defined state.
OpenLDAP ITS #9278
With debugging help from: kib
PR: 244493
Approved by: ports-secteam
