net-mgmt/netbox: Update to 2.7.12
Changelog:
Enhancements:
* Reference VRF by name rather than RD during IP/prefix import
* Use absolute URLs in rack elevation SVG renderings
* Allow connecting cables between two circuit terminations
* Add the webhook_receiver management command to assist in troubleshooting
outgoing webhooks
Bug Fixes:
* Fix typing of count_ipaddresses on interface serializer
* Fail cleanly when trying to import multiple device types simultaneously
* Fix exception when disconnecting a cable from a power feed
* Tweak display of unset custom integer fields
* Fix reservation edit/delete button URLs on rack view
https://github.com/netbox-community/netbox/releases/tag/v2.7.12
Approved by: ports-secteam (joneum)
x11-drivers/xf86-video-ati: Fix missing hw cursor
Add an upstream patch (submitted by myself and danfe) to fix the issue where
the hw cursor sometimes does not work when using x11-drivers/xf86-video-ati.
Big thanks to danfe@ for debugging and testing and figuring out what's going
on.
For details on the change, see upstream issue:
https://gitlab.freedesktop.org/xorg/driver/xf86-video-ati/-/issues/190
PR: 237642
Reported by: jwb
Approved by: ports-secteam (joenum)
security/openvpn: Fix illegal client float (CVE-2020-11810)
There is a time frame between allocating peer-id and initializing data
channel key (which is performed on receiving push request or on async
push-reply) in which the existing peer-id float checks do not work right.
If a "rogue" data channel packet arrives during that time frame from another
address and with same peer-id, this would cause client to float to that new
address.
The net effect of this behaviour is that the VPN session for the "victim
client" is broken. Since the "attacker client" does not have suitable keys,
it can not inject or steal VPN traffic from the other session. The time
window is small and it can not be used to attack a specific client's session,
unless some other way is found to make it disconnect and reconnect first.
This fix is inherited by the openvpn-mbedtls slave port.
Blanket "Backport of security and reliability fixes which only result in
PORTREVISION bumps and no changes to enabled features. for example, adding
a patch fixing a buffer overflow."
Obtained from: Lev Stipakov (OpenVPN)
Security: CVE-2020-11810
Security: 8604121c-7fc2-11ea-bcac-7781e90b0c8f
Approved by: ports-secteam@ (blanket security/reliability fix)
security/bsmtrace: switch MAINTAINER over to csjp@
alm@ and csjp@ are both upstream maintainers of bsmtrace; they've decided to
transfer maintainership of bsmtrace over to csjp@. PORTREVISION bump to
reflect the new maintainer in the package.
Approved by: alm (maintainer, via e-mail)
Approved by: koobs (mentor, ports)
Approved by: ports-secteam (blanket: metadata update, MAINTAINER consistency)
security/zeek: Update to 3.0.4 and address a remote crash vulnerability:
e059d4ec2e/NEWS
- Fix stack overflow in POP3 analyzer. An attacker can crash Zeek
remotely via crafted packet sequence.
Other fixes:
- Fix use-after-free in Zeek lambda functions with uninitialized
locals
- Fix buffer overflow due to tables/records created at parse-time
not rebuilt on record redef
- Fix SMB NegotiateContextList parsing
- Fix binpac flowbuffer frame length parsing doing too much bounds
checking
- Fix parsing ERSPAN III optional sub-header
- Fix bug in intel indicator normalization
- Fix connection duration thresholding
- Fix X509Common.h header include for external plugins
- Fix incorrect targeting of node-specific Broker/Cluster messages
Approved by: ports-secteam (joneum)
security/zeek: Fix typo in the rc.d script
(From the PR) "bro_stop" should say "zeek_stop" instead.
PR: 245612
Reported by: bugs@codejammer.se
Approved by: ports-secteam (joneum)
emulators/virtualbox-ose: Switch build to USES= compiler:c++14-lang
The runtime breakage that started occurring after the LLVM 7 -> 8 transition
has been diagnosed with help from cem@, and the attached patch fixes it. The
problem ended up being that tail-call optimization was being applied to this
function (which should probably be written in assembly instead) and moving
the tail-call to later on after some stack manipulations. The problem with
this is that this particular function uses alloca() to carefully craft a
stack that it's expecting to be used for the function it's calling at the
end.
The new patch fixes this using a technique that was committed later on in
upstream changeset 75061 to address a similar failure with GCC sanitizers
enabled. The FreeBSD-specific component of this patch is using the different
stack setup if __clang__ is defined as well.
The extra hunk in the Config patch has been added because the VirtualBox
build system cannot cope with LLVM version numbers in the way it's
expecting. Hardcode it to GCC 4.2 for FreeBSD, which is what the clang
__GNU* macros describe, to fix build breakage that happens with newer LLVM
as the build system decides our LLVM is an even older and more broken
version of GCC with a broken regparm.
PR: 236616, 244847
Approved by: koobs (mentor)
Approved by: ports-secteam (blanket: major runtime fix caused by bad build)
Fix bitrotted code.
Drop maintainership. I don't use this port much as evidenced by the
fact that one of these bugs was fixed in Arch Linux in 2016
(https://bugs.archlinux.org/task/46571).
Submitted by: Jacob D Hunt
Approved by: ports-secteam (joneum)
multimedia/obs-qtwebkit: fix build on powerpc64
cc1plus: error: unrecognized command line option "-std=c++11"
Additionally, this port tries to use SSE, so it needs -DNO_WARN_X86_INTRINSICS -maltivec -mvsx on powerpc64 to use GCC's translation layer to AltiVec.
Also respect CXXFLAGS to make it work.
PR: 243658
Approved by: swills (maintainer)
Approved by: portmgr (fix build blanket)
x11/libxfce4menu: Fix leaked keygrabs when layout changes
As diagnosed by Jethro Nederhof, xfce-shortcuts-grabber.c attempts to update
grabbed key shortcuts when xkeyboard layout changes. Unfortunately, it had no
memory of which keycodes it has actually grabbed. Instead, it attempted to
ungrab the *new* keycode, which obviously doesn't actually ungrab those codes.
This went unnoticed for some time, probably because nothing collided with
important keys. Recently, a default PrintScreen shortcut was added to Xfce,
which for whatever reason seems to collide with Up in initial layout. When the
kbd layout changes, the shortcut ungrabs the *new* Printscreen keycode and then
re-grabs the same keycode, leaving the Up keycode grabbed.
Fix this by giving xfce-shortcuts-grabber some memory of which keycodes it has
grabbed. When it grabs a key, it remembers the keycode it grabbed in the
XfceKey object. When it ungrabs a key, it ungrabs the keycodes in the XfceKey
object, rather than those for the new keyboard layout.
PR: 244290
Reported by: Aryeh Friedman <aryeh.friedman AT gmail.com>, many others
Approved by: madpilot
Differential Revision: https://reviews.freebsd.org/D24338
Approved by: portmgr (blanket, runtime fix)
Approved by: portmgr (with hat)
vim: Fix environment contamination from libcanberra
Vim will link against libcanberra if it's present, leading to an
undeclared link and breakage risk if canberra is removed. It only really
makes sense for it to do this during a gnome build, so explicitly
enable it there and disable it elsewhere.
PR: 245460
Reported by: Andy Mender
dns/dnsmasq: repair damage from UNAUTHORIZED UCL conversion of pkg-message
The pkg-message contains a security note that is necessary on
new installs and on updates alike.
Since per the porter's handbook, the UCL does not support enumeration
of types, and this is not relevant on removal, the UCL change must be
reverted. While here, remove formatting.
Failure inducing commit:
|------------------------------------------------------------------------
|r508835 | mat | 2019-08-13 18:01:59 +0200 (Tue, 13 Aug 2019) | 2 lines
|
|Convert to UCL & cleanup pkg-message (categories d)
|
|------------------------------------------------------------------------
NOTE: The UCL conversion of files/pkg-message.in was not authorized
and damaging and no heads-up was sent to the maintainer.
portmgr@ MUST act more carefully with sweeping changes and hand them out
for review first.
dns/dnsmasq-devel: synch non-UCL pkg-message.in
e2fsprogs, rawtherapee: Repair more UCL pkg-message conversion errors.
Both pkg-message texts are relevant for updates.
Reverting this part of UNAUTHORIZED commits, and bump PORTREVISION.
Clean up pkg-message.
Failure-inducing commits:
------------------------------------------------------------------------
r508837 | mat | 2019-08-13 18:03:11 +0200 (Tue, 13 Aug 2019) | 2 lines
Convert to UCL & cleanup pkg-message (categories e-g)
------------------------------------------------------------------------
r508909 | mat | 2019-08-14 14:16:12 +0200 (Wed, 14 Aug 2019) | 2 lines
Convert to UCL & cleanup pkg-message (categories s)
------------------------------------------------------------------------
mail/mailman: repair incomplete UCL conversion of pkg-message.in
There are parts of the install message that are also relevant on
updates, but were missed. Add them, and bump PORTREVISION.
Failure-inducing commit:
------------------------------------------------------------------------
r508882 | mat | 2019-08-14 00:29:42 +0200 (Wed, 14 Aug 2019) | 2 lines
onvert to UCL & cleanup pkg-message (categories l-m)
------------------------------------------------------------------------
Approved by: ports-secteam@ (blanket, only changing pkg-message[.in])
emulators/rpcs3: unbreak audio after r529285
INFO: OpenAudioDevice failed: Fragment size must be a power of two
Segfault reading location 00000000000000d4 at 0000000001de1abd.
Emu Thread Name: 'cellAudio Thread'.
Thread id = 0x89cf05700.
Approved by: ports-secteam blanket (crash fix)
Mark as BROKEN on 13 for the time being while the regression is being
investigated.
PR: 245520
Submitted by: maintainer
Approved by: portmgr ("just fix it")
deskutils/ausweisapp2: Fix build on FreeBSD 11.3
CMake Error at /usr/local/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:146 (message):
Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the
system variable OPENSSL_ROOT_DIR: Found unsuitable version "1.0.2s", but
required is at least "1.1" (found /usr/lib/libcrypto.so)
Call Stack (most recent call first):
/usr/local/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:391 (_FPHSA_FAILURE_MESSAGE)
/usr/local/share/cmake/Modules/FindOpenSSL.cmake:447 (find_package_handle_standard_args)
cmake/Libraries.cmake:71 (FIND_PACKAGE)
CMakeLists.txt:145 (INCLUDE)
While here remove unnecessary qt5-buildtools and qt5-linguisttools
run dependencies.
PR: 245088
Approved by: freebsd@sysctl.cz (maintainer)
Approved by: ports-secteam blanket
graphics/libavif: fix build on GCC architectures
Use newer GCC to avoid error caused by -Werror:
/wrkdirs/usr/ports/graphics/libavif/work/libavif-0.6.3/src/reformat.c:316: warning: comparison is always false due to limited range of data type
Approved by: portmgr (fix build blanket)
- Fix brokenness with net/libsignal 2.3.3. Upstream depends on
particular version (2.3.2), so reference its distfile, build
it in tree.
- Bump PORTREVISION as dependencies are changed
PR: 245281
Approved by: portmgr (blanket)
