security/zeek: Update to 3.0.4 and address a remote crash vulnerability:
e059d4ec2e/NEWS
- Fix stack overflow in POP3 analyzer. An attacker can crash Zeek
remotely via crafted packet sequence.
Other fixes:
- Fix use-after-free in Zeek lambda functions with uninitialized
locals
- Fix buffer overflow due to tables/records created at parse-time
not rebuilt on record redef
- Fix SMB NegotiateContextList parsing
- Fix binpac flowbuffer frame length parsing doing too much bounds
checking
- Fix parsing ERSPAN III optional sub-header
- Fix bug in intel indicator normalization
- Fix connection duration thresholding
- Fix X509Common.h header include for external plugins
- Fix incorrect targeting of node-specific Broker/Cluster messages
Approved by: ports-secteam (joneum)
security/zeek: Fix typo in the rc.d script
(From the PR) "bro_stop" should say "zeek_stop" instead.
PR: 245612
Reported by: bugs@codejammer.se
Approved by: ports-secteam (joneum)
emulators/virtualbox-ose: Switch build to USES= compiler:c++14-lang
The runtime breakage that started occurring after the LLVM 7 -> 8 transition
has been diagnosed with help from cem@, and the attached patch fixes it. The
problem ended up being that tail-call optimization was being applied to this
function (which should probably be written in assembly instead) and moving
the tail-call to later on after some stack manipulations. The problem with
this is that this particular function uses alloca() to carefully craft a
stack that it's expecting to be used for the function it's calling at the
end.
The new patch fixes this using a technique that was committed later on in
upstream changeset 75061 to address a similar failure with GCC sanitizers
enabled. The FreeBSD-specific component of this patch is using the different
stack setup if __clang__ is defined as well.
The extra hunk in the Config patch has been added because the VirtualBox
build system cannot cope with LLVM version numbers in the way it's
expecting. Hardcode it to GCC 4.2 for FreeBSD, which is what the clang
__GNU* macros describe, to fix build breakage that happens with newer LLVM
as the build system decides our LLVM is an even older and more broken
version of GCC with a broken regparm.
PR: 236616, 244847
Approved by: koobs (mentor)
Approved by: ports-secteam (blanket: major runtime fix caused by bad build)
Fix bitrotted code.
Drop maintainership. I don't use this port much as evidenced by the
fact that one of these bugs was fixed in Arch Linux in 2016
(https://bugs.archlinux.org/task/46571).
Submitted by: Jacob D Hunt
Approved by: ports-secteam (joneum)
multimedia/obs-qtwebkit: fix build on powerpc64
cc1plus: error: unrecognized command line option "-std=c++11"
Additionally, this port tries to use SSE, so it needs -DNO_WARN_X86_INTRINSICS -maltivec -mvsx on powerpc64 to use GCC's translation layer to AltiVec.
Also respect CXXFLAGS to make it work.
PR: 243658
Approved by: swills (maintainer)
Approved by: portmgr (fix build blanket)
x11/libxfce4menu: Fix leaked keygrabs when layout changes
As diagnosed by Jethro Nederhof, xfce-shortcuts-grabber.c attempts to update
grabbed key shortcuts when xkeyboard layout changes. Unfortunately, it had no
memory of which keycodes it has actually grabbed. Instead, it attempted to
ungrab the *new* keycode, which obviously doesn't actually ungrab those codes.
This went unnoticed for some time, probably because nothing collided with
important keys. Recently, a default PrintScreen shortcut was added to Xfce,
which for whatever reason seems to collide with Up in initial layout. When the
kbd layout changes, the shortcut ungrabs the *new* Printscreen keycode and then
re-grabs the same keycode, leaving the Up keycode grabbed.
Fix this by giving xfce-shortcuts-grabber some memory of which keycodes it has
grabbed. When it grabs a key, it remembers the keycode it grabbed in the
XfceKey object. When it ungrabs a key, it ungrabs the keycodes in the XfceKey
object, rather than those for the new keyboard layout.
PR: 244290
Reported by: Aryeh Friedman <aryeh.friedman AT gmail.com>, many others
Approved by: madpilot
Differential Revision: https://reviews.freebsd.org/D24338
Approved by: portmgr (blanket, runtime fix)
Approved by: portmgr (with hat)
vim: Fix environment contamination from libcanberra
Vim will link against libcanberra if it's present, leading to an
undeclared link and breakage risk if canberra is removed. It only really
makes sense for it to do this during a gnome build, so explicitly
enable it there and disable it elsewhere.
PR: 245460
Reported by: Andy Mender
dns/dnsmasq: repair damage from UNAUTHORIZED UCL conversion of pkg-message
The pkg-message contains a security note that is necessary on
new installs and on updates alike.
Since per the porter's handbook, the UCL does not support enumeration
of types, and this is not relevant on removal, the UCL change must be
reverted. While here, remove formatting.
Failure inducing commit:
|------------------------------------------------------------------------
|r508835 | mat | 2019-08-13 18:01:59 +0200 (Tue, 13 Aug 2019) | 2 lines
|
|Convert to UCL & cleanup pkg-message (categories d)
|
|------------------------------------------------------------------------
NOTE: The UCL conversion of files/pkg-message.in was not authorized
and damaging and no heads-up was sent to the maintainer.
portmgr@ MUST act more carefully with sweeping changes and hand them out
for review first.
dns/dnsmasq-devel: synch non-UCL pkg-message.in
e2fsprogs, rawtherapee: Repair more UCL pkg-message conversion errors.
Both pkg-message texts are relevant for updates.
Reverting this part of UNAUTHORIZED commits, and bump PORTREVISION.
Clean up pkg-message.
Failure-inducing commits:
------------------------------------------------------------------------
r508837 | mat | 2019-08-13 18:03:11 +0200 (Tue, 13 Aug 2019) | 2 lines
Convert to UCL & cleanup pkg-message (categories e-g)
------------------------------------------------------------------------
r508909 | mat | 2019-08-14 14:16:12 +0200 (Wed, 14 Aug 2019) | 2 lines
Convert to UCL & cleanup pkg-message (categories s)
------------------------------------------------------------------------
mail/mailman: repair incomplete UCL conversion of pkg-message.in
There are parts of the install message that are also relevant on
updates, but were missed. Add them, and bump PORTREVISION.
Failure-inducing commit:
------------------------------------------------------------------------
r508882 | mat | 2019-08-14 00:29:42 +0200 (Wed, 14 Aug 2019) | 2 lines
onvert to UCL & cleanup pkg-message (categories l-m)
------------------------------------------------------------------------
Approved by: ports-secteam@ (blanket, only changing pkg-message[.in])
emulators/rpcs3: unbreak audio after r529285
INFO: OpenAudioDevice failed: Fragment size must be a power of two
Segfault reading location 00000000000000d4 at 0000000001de1abd.
Emu Thread Name: 'cellAudio Thread'.
Thread id = 0x89cf05700.
Approved by: ports-secteam blanket (crash fix)
Mark as BROKEN on 13 for the time being while the regression is being
investigated.
PR: 245520
Submitted by: maintainer
Approved by: portmgr ("just fix it")
deskutils/ausweisapp2: Fix build on FreeBSD 11.3
CMake Error at /usr/local/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:146 (message):
Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the
system variable OPENSSL_ROOT_DIR: Found unsuitable version "1.0.2s", but
required is at least "1.1" (found /usr/lib/libcrypto.so)
Call Stack (most recent call first):
/usr/local/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:391 (_FPHSA_FAILURE_MESSAGE)
/usr/local/share/cmake/Modules/FindOpenSSL.cmake:447 (find_package_handle_standard_args)
cmake/Libraries.cmake:71 (FIND_PACKAGE)
CMakeLists.txt:145 (INCLUDE)
While here remove unnecessary qt5-buildtools and qt5-linguisttools
run dependencies.
PR: 245088
Approved by: freebsd@sysctl.cz (maintainer)
Approved by: ports-secteam blanket
graphics/libavif: fix build on GCC architectures
Use newer GCC to avoid error caused by -Werror:
/wrkdirs/usr/ports/graphics/libavif/work/libavif-0.6.3/src/reformat.c:316: warning: comparison is always false due to limited range of data type
Approved by: portmgr (fix build blanket)
- Fix brokenness with net/libsignal 2.3.3. Upstream depends on
particular version (2.3.2), so reference its distfile, build
it in tree.
- Bump PORTREVISION as dependencies are changed
PR: 245281
Approved by: portmgr (blanket)
multimedia/obs-studio: Install one more .cmake file to support some use cases
multimedia/obs-studio: Install ObsPluginHelpers.cmake to facilitate plugins
multimedia/obs-studio: Update 25.0.3 -> 25.0.4
Chengelog: https://github.com/obsproject/obs-studio/releases/tag/25.0.4
This is mostly a bugfix release, therefore requesting MFH.
Approved by: ports-secteam (joneum)
emulators/fs-uae: fix build on non-x86
JIT is enabled by default everywhere, which causes fail on e.g. powerpc64:
configure: error: in `/wrkdirs/usr/ports/emulators/fs-uae/work/fs-uae-3.0.2':
configure: error: JIT is not supported on powerpc64-portbld-freebsd12.1
Make JIT option available on all architectures so that --disable-jit is properly passed when the option is disabled.
Approved by: portmgr (fix build blanket)
net-mgmt/netbox: Update to 2.7.11
* Improve the sample rc script to allow passing of extra arguments, e.g. to
listen on multiple interfaces/addresses [1] or use a configuration file
instead using rc variables.
Kudos to Thomas Kurschel for some extra testing of the updated rc script.
Changelog:
Enhancements:
* Add ability to automatically check for new releases (must be enabled by
setting RELEASE_CHECK_URL)
* Custom script object variables now utilize dynamic form widgets
* Add descriptive tooltip to custom fields on object views
* Add a dedicated view for rack reservations
* Enable webhooks for rack reservations
* Enable export templates for rack reservations
* Enable custom links for rack reservations
* Update admin links for Django RQ to reflect multiple queues
* Add a bulk edit view for device bays
* Add cable trace button for circuit terminations
Bug Fixes:
* Improve prefix_length validation on available-prefixes API
* Fix cable tracing across multiple rear ports
* Enforce unique constraints for device and virtual machine names in the API
* Fix Markdown support for tables
* Fix exception raised on IP address bulk add view
* Fix duplicate name validation on device model
https://github.com/netbox-community/netbox/releases/tag/v2.7.11
PR: 244629 [1]
Reported by: O. Hartmann <ohartmann@walstatt.org> [1]
Approved by: ports-secteam (riggs)
