net-mgmt/unifi-lts: Fix support for Mongo 3.6+
Ubiquiti still hasn't fixed UniFi-LTS after this was reported ages ago, so
I guess every OS will have to fix this manually.
Reported by: many
Add USES=shared-mime-info
Starting with version 18.12.0, Ark has included a custom kerfuffle.xml mime
type to support zstd-compressed files (the mimetype was only added to
shared-mime-info starting with version 1.11, which we don't ship yet). We need
to make sure update-mime-database is run, otherwise Ark will still fail to
recognize those archives.
Approved by: ports-secteam (blanket approval)
shells/rssh: Apply fixes for basename(3) handling and some security issues
basename(3) has been changed to be POSIX compliant in r308264. This implies
that it can possibly write to the passed string. shells/rssh passes a const
string, so it always crashes on invocation with FreeBSD 12 and later. The
new patches remedy this issue. [1] [2]
During further tests and research came to light that there were also
recently discovered security issues with the parsing of rsync/scp command
line arguments and insufficient sanitization of environment variables when
using rysnc.
The corresponding fixes have been incorporated to the new patches and the
already existing patch for the RSYNC option has been tightened for the
argument parsing. Please note that with this patch the scp option "-3" can
no longer be used. [3]
Furthermore, another patch was applied to make this port a bit more secure.
That patch handles a buffer allocation issue for an error message. [4]
PR: 235121
Submitted by: topical@gmx.net (first version) [1], Jason Harris (maintainer) [2]
Approved by: tcberner (mentor)
Obtained from: Debian [3] [4]
Security: d193aa9f-3f8c-11e9-9a24-6805ca0b38e8
Differential Revision: https://reviews.freebsd.org/D19474
Approved by: ports-secteam (riggs), mentors implicit
Import patch from upstream bug report for xfce4-weather-plugin to
adapt to new upstream weather service API interface.
Previous API version is deprecated and expired by upstream.
While here, remove unneeded USES=intlhack.
PR: 236166
Submitted by: Olivier Duchateau <duchateau.olivier@gmail.com>
Obtained from: https://bugzilla.xfce.org/show_bug.cgi?id=14972
Approved by: ports-secteam (joneum)
sysutils/cluster-glue: unbreak and modernize port
- add USES=gnome
- sort Makefile
- disable HPI option because that port is currently broken
PR: 231097
Submitted by: w.schwarzenfeld@utanet.at
Approved by: port-secteam (joneum)
drm-legacy-kmod: Update to latest snapshot
Update graphics/drm-legacy-kmod to the latest snapshot. This includes the
fix for an off by one error, that was committed as FreeBSD base r343060
Approved by: jmd (maintainer, implicit)
Sponsored by: B3 Init
graphics/drm-legacy-kmod: Update snapshot
Update the graphics/drm-legacy-kmod drivers to the latest snapshot. This
includes fixes to make the driver build on CURRENT after base r343567.
Reported by: Steve Kargl
Approved by: jmd (maintainer, implicit)
Approved by: ports-secteam (implicit, drm kmods)
This merges all changes done to drm-current-kmod, drm-fbsd12.0-kmod and
drm-fbsd11.2-kmod, in order to avoid merge conflicts.
Update pkg-descr to match reality
Update pkg-descr in drm-kmod ports to match reality in terms of which Linux
kernel version they correspond to and which FreeBSD version they are
supporting.
Noticed by: Graham Perrin
graphics/drm-current-kmod: Update messges
Update pkg-message and makefile COMMENT to remove references to
drm-devel-kmod and the mention that this is the development version. It is
the version for FreeBSD CURRENT, so the ride might be a little bumpy, but
it's not the devlopment version.
No changes to package.
FreeBSDDesktop issue: #129
Reported by: grahamperrin
Sponsored by: B3 Init (zeising)
update drm-current and drm-fbsd12.0 snapshots
Update drm-current-kmod and drm-fbsd12.0-kmod to the latest snapshots.
This mutes console chatter about unimplemented stuff, which sometimes is
confusing.
Approved by: jmd (maintainer, implicit)
graphics/drm-fbsd{11.2,12.0}-kmod: Update pkg-message with new names
PR: 235726
Approved by: graphics (jmd)
Differential Revision: https://reviews.freebsd.org/D19189
Update drm kmods for current and FreeBSD 12.0
Update graphics/drm-current-kmod and graphics/drm-fbsd12.0-kmod to their
respective latest snapshots.
This fixes a bug where a non-recursive mutex was used recursively in certain
conditions.
See https://github.com/FreeBSDDesktop/kms-drm/issues/134 for further details
FreeBSDDesktop issue: #134
Approved by: jmd (maintainer, implicit)
Sponsored by: B3 Init
Approved by: ports-secteam (implicit, drm-kmod ports)
net-im/py-slixmpp: Add missing RUN_DEPENDS and fix some other issues
- Switch MASTER_SITES to CHEESESHOP as it ought to be the default for
Python software.
- Adjust COMMENT to match the short description from setup.py.
- Add missing RUN_DEPENDS.
- Standardize test invocation.
- Update WWW to point to project's homepage instead of the Git repository.
Reported by: koobs
Reviewed by: koobs, krion
Approved by: koobs, krion (mentor)
Differential Revision: https://reviews.freebsd.org/D18684
net-im/py-slixmpp: Update to 1.4.2
This release contains a fix for CVE-2019-1000021.
Changelog:
https://lab.louiz.org/poezio/slixmpp/tags/slix-1.4.2
Reviewed by: krion
Approved by: krion (mentor)
Security: 526d9642-3ae7-11e9-a669-8c164582fbac
Security: CVE-2019-1000021
Differential Revision: https://reviews.freebsd.org/D19397
Approved by: ports-secteam (joneum), krion (mentor, implicit)
www/node10: Update 10.15.1 -> 10.15.2
This is a security release. All Node.js users should consult the security
release summary at
https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
for details on patched vulnerabilities.
Security: b71d7193-3c54-11e9-a3f9-00155d006b02
Sponsored by: Miles AS
Approved by: ports-secteam (miwi)
www/node8: Update 8.15.0 -> 8.15.1
This is a security release. All Node.js users should consult the security
release summary at
https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
for details on patched vulnerabilities.
Security: b71d7193-3c54-11e9-a3f9-00155d006b02
Sponsored by: Miles AS
Approved by: ports-secteam (miwi)
www/node6: Update 6.16.0 -> 6.17.0
This is a security release. All Node.js users should consult the security
release summary at
https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
for details on patched vulnerabilities.
Security: b71d7193-3c54-11e9-a3f9-00155d006b02
Sponsored by: Miles AS
Approved by: ports-secteam (miwi)
multimedia/libmpeg2: unbreak on armv7
ld: error: can't create dynamic relocation R_ARM_ABS32 against local symbol in readonly segment; recompile object files with -fPIC or pass '-Wl,-z,notext' to allow text relocations in the output
>>> defined in ./.libs/libmpeg2arch.a(motion_comp_arm_s.o)
>>> referenced by motion_comp_arm_s.o:(.text+0x104) in archive ./.libs/libmpeg2arch.a
Reported by: pkg-fallout
Approved by: ports-secteam blankte
- update to 3.3.3
Changelog:
20181202
Bugfix (introduced: postfix-2.11): with posttls-finger,
connections to unix-domain servers always resulted in "Failed
to establish session" even after a connection was established.
Jaroslav Skarva. File: posttls-finger/posttls-finger.c.
20181227 (a forgotten bugfix from 20180707)
Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
table lookups could casefold the search string when searching
a lookup table that does not use fixed-string keys (regexp,
pcre, tcp, etc.). Historically, Postfix would not case-fold
the search string with such tables. File: util/dict_utf8.c.
20190217
Cleanup: when the master daemon runs with PID=1 (init mode),
reap orhpan processes from non-Postfix code running in the
same container, instead of terminating with a panic. File:
master/master_spawn.c.
Approved by: portmgr (miwi)
Replace OpenSSL 1.1.0 with upstream ones
The patches from bug 228902 and added in r481850 are not entirely compatible
with older OpenSSL versions, to the point that the qca-ossl plugin refuses to
load at all on FreeBSD 11.2, for example (see bug 232784 and its duplicates).
Fix it by replacing our patches with backports from upstream the same way
OpenSUSE does it (the OpenSSL 1.1.0 upstream patch was authored by SUSE):
* Revert an upstream commit made only to the 2.1 branch disabling a few ciphers
in the unit tests.
* Backport a change to the master branch that never made it to the 2.1 branch
disabling the ciphers mentioned above as well as a few other ones, so that we
can backport the actual change adding support for OpenSSL 1.1.0 more clealy.
* Backport the actual OpenSSL 1.1.0 support commit, with a few conflicts
resolved due to the lack of a commit adding suport for AES GCM and AES CCM in
the 2.1 branch. The patch was actually obtained from OpenSUSE's repositories,
since they had to resolve the same conflict as well.
The port built fine on 11.2-i386, an old 12-CURRENT snapshot on amd64 as well
as 13-CURRENT on amd64, and all unit tests are passing except for some PGP ones
that are unrelated. With the patches we have in the tree, a lot of unit tests
failed on 11.2 due to the qca-ossl plugin failing to load.
PR: 228902
PR: 232784
Reviewed by: tcberner
Differential Revision: https://reviews.freebsd.org/D19347
Approved by: ports-secteam (joneum)
With libc++ 8.0, which is in the projects/clang800-import branch, and
which will soon be merged to head, compilation of devel/jsoncpp fails
due to a conflict between the new C++ <version> header, and a local file
"version" which is produced by jsoncpp during its configure phase.
This is due to the initial test runner being compiled with "-I.", even
though it does not need any file from the port's working directory root.
Therefore, it seems to be easiest to comment out the line from the
SConstruct script that adds the "-I." option.
Approved by: portmgr (joneum)
PR: 236061
