multimedia/ffmpeg0: Use OPTIONS helpers, Honour CFLAGS
- Use OPTIONS helpers for as many as conditional blocks as possible.
Blocks with FFMPEG_* and other variables not supported by the helper
framework are not modified.
- Honour CFLAGS for armv6 (= -> ?=)
While I'm here:
- Sort and group common or related Makefile sections where it made sense
to do so and improved readability. Put global things up the top and
conditional blocks below.
- Improve whitespace alignment for readability.
Approved by: wg (maintainer)
Differential Revision: https://reviews.freebsd.org/D2981
MFH: r391234
multimedia/ffmpeg0: Fix X11GRAB dependency typo
Fix a typo (s/xent/xext) in the X11GRAB USE_XORG dependency assignment that was
introduced in r391234.
PR: 201321
Submitted by: Andrey Fesenko <andrey bsdnir info>
Approved by: pointyhat (koobs)
MFH: r395164
multimedia/ffmpeg0: security update 0.7.16 -> 0.7.17
PR: 200852
Security: 65b14d39-d01f-419c-b0b8-5df60b929973
Submitted by: John Hein <z7dr6ut7gs@snkmail.com>
Approved by: wg (maintainer), delphij (mentor)
Approved by: ports-secteam (delphij)
- upgrade to 1.7.21
- fix py-subversion (convert BDB_CONFIGURE_OFF back to !${PORT_OPTIONS:MBDB})
- fix sample apache module config ('s/dav_module/dav_svn_module/')
- add tuning example for dav_svn_module
MFH: r395129
- update to 1.7.22
Developer-visible changes:
- General:
* fix the regression test suite which was broken in 1.7.21 (r1694012)
Approved by: ports-secteam (delphij@)
- update to 2.2.31
- remove backports
- minor cleanups
- always rebuild configure script
- add patch for acinclude.m4 [1]
Changes with Apache 2.2.31 [2]
*) Correct win32 build issues for mod_proxy exports, OpenSSL 1.0.x headers.
[Yann Ylavic, Gregg Smith]
Changes with Apache 2.2.30 (not released)
*) SECURITY: CVE-2015-3183 (cve.mitre.org)
core: Fix chunk header parsing defect.
Remove apr_brigade_flatten(), buffering and duplicated code from
the HTTP_IN filter, parse chunks in a single pass with zero copy.
Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext
authorized characters. [Graham Leggett, Yann Ylavic]
*) http: Fix LimitRequestBody checks when there is no more bytes to read.
[Michael Kaufmann <mail michael-kaufmann.ch>]
*) core: Allow spaces after chunk-size for compatibility with implementations
using a pre-filled buffer. [Yann Ylavic, Jeff Trawick]
*) mod_ssl: bring SNI behavior into better conformance with RFC 6066:
no longer send warning-level unrecognized_name(112) alerts. PR 56241.
[Kaspar Brand]
*) http: Make ap_die() robust against any HTTP error code and not modify
response status (finally logged) when nothing is to be done. PR 56035.
[Yann Ylavic]
*) core, modules: Avoid error response/document handling by the core if some
handler or input filter already did it while reading the request (causing
a double response body). [Yann Ylavic]
*) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick,
Olli Hauer <ohauer gmx de>]
*) mod_proxy: use the original (non absolute) form of the request-line's URI
for requests embedded in CONNECT payloads used to connect SSL backends via
a ProxyRemote forward-proxy. PR 55892. [Hendrik Harms <hendrik.harms
gmail com>, William Rowe, Yann Ylavic]
*) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for
internationalization. [William Rowe]
*) mod_log_config: Implement logging for sub second timestamps and
request end time. [Rainer Jung]
*) mod_log_config: Ensure that time data is consistent if multiple
duration patterns are used in combination, e.g. %D and %{ms}T.
[Rainer Jung]
*) mod_log_config: Add "%{UNIT}T" format to output request duration in
seconds, milliseconds or microseconds depending on UNIT ("s", "ms", "us").
[Ben Reser, Rainer Jung]
*) In alignment with RFC 7525, the default recommended SSLCipherSuite
and SSLProxyCipherSuite now exclude RC4 as well as MD5. Also, the
default recommended SSLProtocol and SSLProxyProtocol directives now
exclude SSLv3. Existing configurations must be adjusted by the
administrator. [William Rowe]
*) core: Avoid potential use of uninitialized (NULL) request data in
request line error path. [Yann Ylavic]
*) mod_proxy_http: Use the "Connection: close" header for requests to
backends not recycling connections (disablereuse), including the default
reverse and forward proxies. [Yann Ylavic]
*) mod_proxy: Add ap_connection_reusable() for checking if a connection
is reusable as of this point in processing. [Jeff Trawick]
*) mod_proxy: Reuse proxy/balancer workers' parameters and scores across
graceful restarts, even if new workers are added, old ones removed, or
the order changes. [Jan Kaluza, Yann Ylavic]
*) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context.
PR 57100. [Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>,
Yann Ylavic]
*) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
allowing custom parameters to be configured via SSLCertificateFile,
and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
Unless custom parameters are configured, the standardized parameters
are applied based on the certificate's RSA/DSA key size. [Kaspar Brand]
*) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
keys, and unconditionally disable aNULL, eNULL and EXP ciphers
(not overridable via SSLCipherSuite). [Kaspar Brand]
*) mod_ssl: Add support for configuring persistent TLS session ticket
encryption/decryption keys (useful for clustered environments).
[Paul Querna, Kaspar Brand]
*) SSLProtocol and SSLCipherSuite recommendations in the example/default
conf/extra/httpd-ssl.conf file are now global in scope, affecting all
VirtualHosts (matching 2.4 default configuration). [William Rowe]
*) mod_authn_dbd: Fix lifetime of DB lookup entries independently of the
selected DB engine. PR 46421. [Jan Kaluza].
*) Turn static function get_server_name_for_url() into public
ap_get_server_name_for_url() and use it where appropriate. This
fixes mod_rewrite generating invalid URLs for redirects to IPv6
literal addresses. PR 52831 [Stefan Fritsch]
*) dav_validate_request: avoid validating locks and ETags when there are
no If headers providing them on a resource we aren't modifying.
[Ben Reser]
*) mod_ssl: New directive SSLSessionTickets (On|Off).
The directive controls the use of TLS session tickets (RFC 5077),
default value is "On" (unchanged behavior).
Session ticket creation uses a random key created during web
server startup and recreated during restarts. No other key
recreation mechanism is available currently. Therefore using session
tickets without restarting the web server with an appropriate frequency
(e.g. daily) compromises perfect forward secrecy. [Rainer Jung]
*) mod_deflate: Define APR_INT32_MAX when it is missing so to be able to
compile against APR-1.2.x (minimum required version). [Yann Ylavic]
*) mod_reqtimeout: Don't let pipelining checks interfere with the timeouts
computed for subsequent requests. PR 56729. [Eric Covener]
[1] https://issues.apache.org/bugzilla/show_bug.cgi?id=58126
[2] http://www.apache.org/dist/httpd/CHANGES_2.2.31
With Head apache@
Approved by: ports-secteam (delphij@)
Move definitions of MAKE_ARGS up to ensure that chromedriver is built when
requested [1]
While here sort USES
PR: 202560 [1]
Submitted by: Carlos J Puga Medina [1]
Approved by: ports-secteam (delphij)
Update tarsnap to 1.0.36.
This removes the SSE2 option since tarsnap now detects that cpu feature
at run-time.
Security: Fixes a denial of service and a maybe-exploitable overflow.
Approved by: ports-secteam (feld)
sysutils/froxlor: security update 0.9.32_3 -> 0.9.33.2
- Update to 0.9.33.2
- Minor option and format fixes (support Dovecot 2, use default Apache version)
- Add security hint to pkg-message
- Add NO_ARCH
- Drop @dirrmtry as all pkg-plist files are under PREFIX
PR: 202262
Security: CVE-2015-5959
Security: 9ee72858-4159-11e5-93ad-002590263bf5
Submitted by: Marco Steinbach <coco@executive-computing.de> (maintainer)
Approved by: ports-secteam (feld), feld (mentor)
where other changes between the 2.31.2 and 2.31.6 which where missed.
So to fix this, remove two patches that are now included in 2.31.6,
and update the plist for this version.
Submitted by: pkg-fallout
Approved by: portmgr@ (antoine@)
Update irc/unreal to 3.2.10.5
This release fixes a SASL Denial of Service issue
Security: 0ecc1f55-45d0-11e5-adde-14dae9d210b8
Approved by: ports-secteam (with hat)
- Fix build when CXX is set to a path instead of just an executable name (fixes cross-builds)
Approved by: portmgr blanket
Approved by: ports-secteam build fix blanket
sysutils/xen-tools: Update to 4.5.1 and apply XSA-139/XSA-140 patches
- Update to 4.5.1
- Remove XSA-117 to XSA-136 and elf_parse_bsdsyms patches now part of 4.5.1
- Leave XSA-135 QEMU traditional patches due an oversight in 4.5.1
- Apply patches for XSA-139/XSA-140
- Set USE_LDCONFIG, sort USES, use ${PATCH}, and reorder Makefile (portlint)
PR: 201931
Security: CVE-2015-5166
Security: ee99899d-4347-11e5-93ad-002590263bf5
Security: CVE-2015-5165
Security: f06f20dc-4347-11e5-93ad-002590263bf5
Approved by: bapt (maintainer), feld (mentor)
Approved by: ports-secteam (feld)
