None of the packages upstream specified dependencies were declared in the
port. This change adds those missing dependencies.
The issue was identified while QA'ing www/py-freenit via bug 242817
File "/usr/local/lib/python3.7/site-packages/faker/providers/internet/__init__.py", line 4, in <module>
from text_unidecode import unidecode
ModuleNotFoundError: No module named 'text_unidecode'
While I'm here, level up ports (and Python ports) compliance and add test
target.
Approved by: portmgr (blanket(s): missing dependencies, ports (Python) compliance)
Approved by: ports-secteam (blanket(s): missing dependencies, ports (Python) compliance)
- Don't echo automatic actions unlike other manual actions
- Don't perform ${RM} -R because the OPTIONS system takes @comment parts
in pkg-plist into account, poudriere build does not complain.
- Don't provide samples for XML schema files, these are NOT intended to
be modified by the user
PR: 243648
Submitted by: Michael Osipov <michael.osipov siemens com>
Approved by: VVD <vvd unislabs com>
Approved by: ports-secteam (blanket: ports compliance, bugfixes)
graphics/libexif: Fix security vulnerabilities
- Fix CVE-2019-9278
In libexif, there is a possible out of bounds write due to an integer
overflow. This could lead to remote escalation of privilege in the media
content provider with no additional execution privileges needed. User
interaction is needed for exploitation.
- Fix a buffer read overflow in exif_entry_get_value
- Fix a buffer overread in exif_mnote_data_olympus_load
PR: 244060
Reported by: tj@mrsk.me (email)
Approved by: former maintainer
Security: 00f30cba-4d23-11ea-86ba-641c67a117d8
Approved by: ports-secteam (blanket, backport of security fixes)
Unbreak. The port had been broken while fetchmail 6.3.26 had
been removed by upstream and before mail/fetchmail had been
updated to 6.4.x - it fetches properly.
Regarding Python 3.x compatibility,
see: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244130
While here, fix TARGET -> ALL_TARGET to avoid building the C stuff,
and drop the unused obsolete distinfo file.
Approved by: ports-secteam (blanket, unbreaking broken port)
mail/dovecot: upgrade to 2.3.9.3
Changelog:
* CVE-2020-7046: Truncated UTF-8 can be used to DoS
submission-login and lmtp processes.
* CVE-2020-7957: Specially crafted mail can crash snippet generation.
Security: CVE-2020-7046
Security: CVE-2020-7957
Security: 74db0d02-b140-4c32-aac6-1f1e81e1ad30
Approved by: ports-secteam (zi)
sysutils/grub2-bhyve: Neutralize privileged guest commands
GRUB was designed to run in a trusted environment, where anyone with access
to grub2.cfg could also modify grub itself. In grub2-bhyve, we have
modified it to run in host context, but interpret the commands of guest
grub2.cfg. This means we have to worry about malicious guests.
This patch addresses two escalation vectors: font-loading, and the direct
'read', 'write', 'in', and 'out' commands (which read/write arbitrary
addresses). Both reported by Reno Robert.
Disable font-loading by neutering the command. It is believed to be non-
essential and there is at least one buffer overflow in the font loading
code.
Disable reading and writing host memory and IO ports. It is believed to be
non-essential.
admbugs: 948
Reported by: Reno Robert <renorobert AT gmail.com>
Approved by: bapt
Security: yes
Approved by: portmgr (bapt)
security/nss: unbreak on armv6 after r524147
In file included from ../../lib/freebl/gcm-arm32-neon.c:16:
/usr/lib/clang/8.0.1/include/arm_neon.h:28:2: error: "NEON support not enabled"
#error "NEON support not enabled"
^
PR: 243734
Reported by: garga
Submitted by: mikael
Approved by: ports-secteam blanket
emulators/rpcs3: unbreak DEFAULT_VERSIONS=python=2.7 after r521573
CMake Error at /usr/local/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:137 (message):
Could NOT find PythonInterp: Found unsuitable version "2.7.17", but
required is at least "3" (found /usr/local/bin/python)
Call Stack (most recent call first):
/usr/local/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:376 (_FPHSA_FAILURE_MESSAGE)
/usr/local/share/cmake/Modules/FindPythonInterp.cmake:160 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
Vulkan/glslang/CMakeLists.txt:165 (find_package)
Approved by: ports-secteam blanket
mail/opensmtpd: update to 6.6.3p1 release
- switch default configuration to maildir
- allow mbox to deliver to users without requiring privileges in the daemon
- allow lmtp to receive sender/recipient in environment
Approved by: ports-secteam (joneum)
misc/brs currently builds with many warnings and segfaults at runtime,
likely a missing prototypes issue as that's what most of the warnings
are.
A much more recent version (4.30 as opposed to 4.03) of this is
widely available on linux under the name "bible-kjv", which also exists
as an OpenBSD port.
This change updates brs to 4.30, switching upstream to DEBIAN [1], and the
first step commit to renaming the port.
While here:
- Include the "randverse" program
- Wordsmith pkg-descr: It's all very well saying that the port
includes libraries, but it doesn't install them.
- Remove patches: no longer relevent
[1] Use a temporary MASTER_SITES workaround, instead of 'DEBIAN' directly
because it does not currently use or support DISTNAME.
PR: 243886
Submitted by: Andrew <andrew tao11.riddles.org.uk>
Approved by: <user unknown nu> (implicit, approves maintainer change)
Approved by: portmgr (blanket: run (crash) fixes)
Approved by: ports-secteam (blanket: run (crash) fixes)
security/nss: disable AltiVec on 32-bit powerpc
Crypto acceleration is only implemented for powerpc64 but build flags
leak to other powerpc targets. Disable via a variable introduced in 3.50.
PR: 242523
Reported by: many
Approved by: ports-secteam blanket
www/firefox: apply upstream powerpc64 fixes
Many of these are stalled on review for various reasons but the intent
of each seems clear enough to keep rebasing or ask upstream for help.
pkg-fallout@ would identify rebase mistakes while atomic changes would
identify when a particular patch is no longer useful.
Submitted by: mikael (via D21765)
Approved by: ports-secteam blanket
Update webkit-gtk3 to 2.26.3.
* Fix issues while trying to play a video on NextCloud.
* Make sure the GL video sink uses a valid WebKit shared GL context.
* Fix vertical alignment of text containing arabic diacritics.
* Fix build with icu 65.1.
* Fix page loading errors with websites using HSTS.
* Fix web process crash when displaying a KaTeX formula.
* Fix several crashes and rendering issues.
This release also fixes 3 CVE's.
Security: dc8cff4c-4063-11ea-8a94-3497f6939fdd
Approved by: ports-secteam@ (miwi@)
Add patch for CVE-2019-20372
NGINX before 1.17.7, with certain error_page configurations,
allows HTTP request smuggling, as demonstrated by the ability
of an attacker to read unauthorized web pages in environments
where NGINX is being fronted by a load balancer.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372
PR: 243952
Reported by: koobs and many more
Security: c1202de8-4b29-11ea-9673-4c72b94353b5
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (with hat)
emulators/higan: unbreak on powerpc64, make ports tree compliant
Builds fine on powerpc64 without -march=native, which shouldn't be enabled anyway.
Approved by: portmgr (fix build blanket)
devel/lazygit: Update to 0.14
This release include a fix for the issue no keyboard input recognized [1].
[1] https://github.com/jesseduffield/lazygit/issues/563
PR: 242432
Approved by: portmgr (blanket: critical runtime bugfix)
