The Service Provider software contains a code path with an uncaught
exception that can be triggered by an unauthenticated attacker by
supplying well-formed but schema-invalid XML in the form of SAML
metadata or SAML protocol messages. The result is a crash and so
causes a denial of service.
You must rebuild opensaml and shibboleth with xmltooling-1.5.5 or later.
The easiest way to do so is to update the whole chain including
shibboleth-2.5.5 an opensaml2.5.5.
URL: http://shibboleth.net/community/advisories/secadv_20150721.txt
Security: CVE-2015-2684
Approved by: ports-secteam
- Add missing dependency on libgmp
- Add LDFLAGS necessary to link with libgmp
- Fix shebang on an example file
PR: 201133
Submitted by: amdmi3
Approved by: ports-secteam (delphij)
graphics/opencv: fix configure when EIGEN is off
When EIGEN option is off, CMAKE_ARGS is reset, thus enabling build of
tests and docs (causing some leftovers), and, should it be installed,
linking against libdc1394 even when option DC1394 is off. PORTREVISION
bump is needed to address the latter case.
Meanwhile, re-enable make jobs.
Differential Revision: https://reviews.freebsd.org/D2893
Reviewed by: jhale (maintainer)
Approved by: jhale (maintainer)
Approved by: portmgr
Data Corruption Fix
For users of PostgreSQL versions 9.3 or 9.4, this release fixes a problem where
the database will fail to protect against "multixact wraparound", resulting in
data corruption or loss. Users with a high transaction rate (1 million or more
per hour) in a database with many foreign keys are especially vulnerable. We
strongly urge all users of 9.4 and 9.3 to update their installations in the
next few days.
Earlier update releases attempted to fix an issue in PostgreSQL 9.3 and 9.4
with "multixact wraparound", but failed to account for issues doing multixact
cleanup during crash recovery. This could cause servers to be unable to restart
after a crash. As such, all users of 9.3 and 9.4 should apply this update as
soon as possible. Users of versions 9.2 and earlier are not affected by this issue.
Security: fc38cd83-00b3-11e5-8ebd-0026551a22dc
Security: CVE-2015-0241
Security: CVE-2015-0242
Security: CVE-2015-0243
Security: CVE-2015-0244
Security: CVE-2014-8161
URL: http://www.postgresql.org/about/news/1590/
URL: http://www.postgresql.org/about/news/1592/
Approved by: ports-secteam (delphij)
Change version format (from 4.10.0r1 to 4.10.0.r1) and bump PORTEPOCH.
This is because our current versioning system sees 4.10.0r1 > 4.10.0.
vuxml change would follow.
PR: 200980
Submitted by: maintainer (Vitaly Magerya)
Approved by: ports-secteam
Mark BROKEN: Fails to configure or build
=======================<phase: configure >============================
===> Configuring for p5-Net-CUPS-0.61_3
Net::CUPS Configuration
Running cups-config ... 2.0.3
The version of the Common Unix Printing System installed
on your system is too old for this module to work properly.
Please upgrade the version of CUPS on your system to version
1.2.2 or higher and re-run Makefile.PL to install this module.
Can't open Makefile: No such file or directory.
===========================================================================
=======================<phase: build >============================
===> Building for p5-Net-CUPS-0.61_3
make[1]: cannot open Makefile.
Reported by: pkg-fallout
- Mark BROKEN on < 10.x:
/usr/local/include/wx-3.0/wx/strvararg.h:25:27: error: type_traits: No such file or directory
Approved by: ports-secteam (delphij)
- Fix build on pre-10.x by requiring newer OpenSSL version from ports
- Fix build with NLS disabled by adding gettext-tools dependency
Approved by: ports-secteam (erwin)
- Disable precompiled headers to fix build with old gcc on -current kernel
- Regenerate patch with make-patch
Approved by: ports-secteam (build fix blanket)
- Disable precompiled headers to fix build with old gcc on -current kernel
- Regenerate patch with make-patch
Approved by: ports-secteam (build fix blanket)
bsd.sites.mk: cleanup MOZILLA mirrors
- Switch to CDN by default as mirrors are no longer kept up to date
- Drop obsolete pointer to http://www.mozilla.org/mirrors.html
- Drop redundant BUGZILLA and MOZILLA_EXTEND
- Shorten MASTER_SITES in gecko@ ports
- Move MOZILLA_ADDONS to bsd.sites.mk
- Move one of MOZILLA mirrors with old addons under MOZILLA_ADDONS
- Addons CDN redirects to https://, so don't mislead with http://
https://blog.mozilla.org/it/2012/08/03/dear-mozilla-mirrors-thank-you/
Differential Revision: https://reviews.freebsd.org/D2550
Tested by: distilator
Reviewed by: mat (partial)
Approved by: bz-ports (ohauer), portmgr blanket (office@ et al.)
Approved by: portmgr (bapt, earlier version)
Approved by: ports-secteam (delphij)
- Make it possible to override _MAKE_JOBS when MAKE_JOBS_NUMBER=1
- Override it for USES=ninja
With this commit and r383571, ports using ninja and waf now respect
MAKE_JOBS_NUMBER when it's equal to 1
PR: 197910
With hat: portmgr
multimedia/vid.stab: fix build on ARM and MIPS
The project was hardcoding SSE support, thus making the build fail on
ARM and MIPS architectures.
PR: 197133
Approved by: portmgr
Apply upstream fixes of several buffer overflow issues:
r1555 Fix forward reference offset bug.
r1556 Fix forward referencing bugs.
r1557 Fix buffer overflow for repeated conditional when referencing a
duplicate name.
r1558 Fix buffer overflow for named recursive back reference when the
name is duplicated.
r1559 Fix named forward reference to duplicate group number overflow
bug.
r1560 Fix buffer overflow for lookbehind within mutually recursive
subroutines.
r1562 Fix another buffer overflow.
Note that regression tests were not included in this patchset, however
the actual test cases have been run against both old and new code to
make sure that the issues were fixed properly.
Obtained from: PCRE svn (revisions detalied above)
Security: CVE-2015-3210, CVE-2015-3217
Approved by: ports-secteam@
games/assaultcube: unbreak on DragonFly and the package cluster
- Disable PCH (precompiled header) to unbreak build with GCC in
jails for older branches and recent 11.0C kernel
- Add upstream patch for bundled libenet to unbreak build on DragonFly [1]
- Convert patch for ${BUILD_WRKSRC}/Makefile into sed(1) variant
- Pet portlint since r383894 by formatting patches with makepatch target
PR: 199912
Submitted by: lightside <lightside@gmx.com> (maintainer)
Obtained from: https://github.com/lsalzman/enet/commit/8df6e58 [1]
Approved by: ports-secteam (delhij)
This is a direct commit to branches/2015Q2, as rubygem-rest-client was
already updated to 1.8.0 in head.
PR: 200504
Differential Revision: https://reviews.freebsd.org/D2707
Approved by: ports-secteam (delphij)
Security: CVE-2015-1820
Security: CVE-2015-3448
Apply vendor patch for "Avoid overflow in ljpeg_start()"
(changeset 983bda1f) to prevent a denial of service (crash) via a
crafted image
PR: 200199
Obtained from: 983bda1f0f
Security: CVE-2015-3885
Security: 57325ecf-facc-11e4-968f-b888e347c638
Submitted by: Jason Unovitch <jason unovitch gmail com>
Reported by: Sevan Janiyan <venture37 geeklan co uk>
Approved by: ports-secteam@
devel/renpy: fix TKINTER regressing after r382557
Traceback (most recent call last):
File "choose_directory.rpy", line 61, in choose_directory
File "/usr/local/lib/python2.7/subprocess.py", line 710, in __init__
errread, errwrite)
File "/usr/local/lib/python2.7/subprocess.py", line 1335, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
Approved by: ports-secteam (shebang blanket)
Farewell qmail. You were good but the lack of an upstream maintainer or
ecosystem maintainers makes this not a viable mail system today. Personally
I am moving to postfix and have so far found it incredibly easy to setup and
already prefer it over qmail.
Add a patch to resolve symbol conflict between SHA2 module with OpenSSL's
SHA2 implementation.
Without this, e.g. SSHA512 scheme would result in a crash due to stack
corruption, which is a result of different SHA512 context size in the
contributed SHA2 implementation and the OpenSSL one, plus the allocation
is on stack.
PR: 197004
Approved by: ports-secteam
Fix plist when LIBDANE is defined (PORTREVISION not bumped
because package wouldn't be successful in the case).
Pointy hat to: delphij
Reported by: sunpoet
Approved by: ports-secteam
Make fetchable again, unbreak with Perl 5.21.0+.
The difference in the distfiles is a regenerated META.yml and an added META.json.
Sponsored by: Absolight
- Un-break build; distfile is now fetchable again (new MASTER_SITES)
- New port maintainer: Chris Hutchinson <portmaster@bsdforge.com>
- Add LICENSE
- Use PLIST_FILES instead of pkg-plist
- Bump PORTREVISION
- Update pkg-descr
- Pet portlint
PR: 199468
Submitted by: portmaster@bsdforge.com (maintainer)
Reviewed by: riggs
Approved by: ports-secteam (delphij)
mail/mutt: update patches
- Fix sidebar patch [1]. This version introduces a new config variable
"sidebar_shortpath" which is set to yes by default to ensure
backwards compatibility.
- Fix an issue with recent gpg (and gpgme) versions (GnuPG version 2.1
stops exporting the GPG_AGENT_INFO environment variable, so mutt can't
check for the presence of that to ensure the agent is running).
- Fix pgp key selection [2].
- Bump port revision because of major change to sidebar patch and gpg
handling.
PR: 199727
PR: 199115 [1]
PR: 199341 [2]
Submitted by: Udo.Schweigert@siemens.com (maintainer)
Approved by: ports-secteam (delphij)
- Fix runtime issue:
The web site from which North American data is obtained has changed
- Bump PORTREVISION
- Pet portlint
PR: 197667
Submitted by: fbsd@opal.com
Approved by: portmgr (erwin)
Consistently add buildN candidate URL to gecko@ ports
Thunderbird 31.7.0 wasn't actually released yet despite
THUNDERBIRD_31_7_0_RELEASE tag in comm-esr31 hg repo 1 week old.
Based on #releng IRC logs it seems there was an issue with automation.
Hopefully, upstream doesn't abandon 31.7.0 in favor of 38.0.
To avoid in future testing patience (BROKEN vs. PORTEPOCH) due to
discrepancy with release announcments let's fall back to candidates.
Reported by: pkg-fallout
Approved by: ports-secteam (delphij)
Approved by: portmgr
Update to 4.6.3
Use PORTVERSION in pkg-plist to limit unnecessary pkg-plist churn
MFH due to upstream removing distfile for version 4.6.0
chinese/librime: unbreak build on 8.x/9.x (libstdc++ 4.2+)
In file included from src/setup.cc:9:
In file included from include/rime/module.h:13:
include/rime/common.h:22:12: error: no member named 'unique_ptr' in namespace 'std'
include/rime/common.h:23:7: error: no member named 'shared_ptr' in namespace 'std'
include/rime/common.h:24:7: error: no member named 'weak_ptr' in namespace 'std'
include/rime/common.h:28:10: error: no template named 'dynamic_pointer_cast' in namespace 'std'
include/rime/common.h:38:15: error: no member named 'make_shared' in namespace 'std'
include/rime/common.h:38:30: error: no template named 'forward' in namespace 'std'
Reported by: pkg-fallout
Approved by: portmgr blanket
Approved by: portmgr (bapt)
Update to 0.6.5 to fix CVE-2015-3146 (null pointer dereference).
This release also fixed the bug in 0.6.4 that prevented the GCRYPT option
from working.
PR: 200106
Approved by: johans
Security: 0b040e24-f751-11e4-b24d-5453ed2e2b49
Approved by: portmgr (erwin)
Update dns/powerdns to 3.4.4 and dns/powerdns-recursor to 3.7.2 for CVE-2015-1868.
Approved by: portmgr (erwin), bdrewery (mentor)
Security: 64e6006e-f009-11e4-98c6-000c292ee6b8
Unbreak graphics/inkscape build on FreeBSD 9.3 i386.
The base version of clang 3.4.1 in FreeBSD 9.3 is missing some
patches that are present in clang 3.4.1 in FreeBSD 10.1. One of
these patches appears to fix a code generation bug on i386 that is
triggered when building graphics/inkscape.
Work around this issue by building inkscape with lang/clang34 from
ports on FreeBSD 9.3 i386.
Approved by: portmgr (delphij)
math/fityk: unbreak build on 8.x/9.x (libstdc++ 4.2+)
Use same compiler as www/webkit-gtk2 and x11-toolkits/wxgtk30 to avoid
/usr/local/lib/libwebkitgtk-1.0.so.0: undefined reference to `std::condition_variable::wait(std::unique_lock<std::mutex>&)@GLIBCXX_3.4.11'
/usr/local/lib/libwx_baseu-3.0.so: undefined reference to `std::ctype<char>::_M_widen_init() const@GLIBCXX_3.4.11'
/usr/local/lib/libjavascriptcoregtk-1.0.so.0: undefined reference to `std::chrono::_V2::system_clock::now()@GLIBCXX_3.4.19'
/usr/local/lib/libwx_baseu-3.0.so: undefined reference to `typeinfo for __cxxabiv1::__forced_unwind@CXXABI_1.3.2'
Reported by: pkg-fallout
Approved by: portmgr blanket
Approved by: ports-secteam (delphij)
Convert lang/gjs and lang/spidermonkey24 to USES=compiler:c++11-lib
to unbreak x11-fm/sushi on FreeBSD 8 and 9. This change causes
these libraries to link to the newer version of libstdc++ bundled
with lang/gcc. This causes rtld to load this version when it is
linking sushi at runtime, which is needed by webkit-gtk3, another
shared library linked into sushi.
PR: 196078, 199434, 199435
Approved by: portmgr (delphij)
Convert databases/evolution-data-server to USES=compiler:c++11-lib
so that on FreeBSD 8 and 9 it will be linked to the newer libstdc++
bundled with lang/gcc. This unbreaks the startup of mail/evolution
on FreeBSD 8 and 9 because evolution is also linked to webkit-gtk3,
which requires the newer libstdc++ and causes rtld to fail if the
base version of libstdc++ has already been loaded.
PR: 199746
Approved by: portmgr (delphij)
At some point, LDFLAGS got lost; reintroduce it, because it is required
when libgfortran is linked with Gcc.
Reminded by: jbeich
Approved by: portmgr (fix pkg-fallout errors)
- fix outdated dependencies, and address old api [1]
- while here address autoplist issue and sort python variables
Approved by: ports-secteam
With hat: ports-secteam
www/chromium: fix patching on FreeBSD < 10 (linking still fails because of a
double symbol).
Submitted by: pkg-fallout, various people on chromium@
Approved by: portmgr (erwin)
www/chromium: update to 42.0.2311.90
There were two updates submitted as Github pull requests:
- one for 41.0.2272.118
- one for 42.0.2311.90, based on the first update.
Submitted by: Timothy Vaccarelli <tmvfroid@gmail.com> (41.0.2272.118)
Submitted by: Christoph Moench-Tegeder <cmt@burggraben.net> (42.0.2311.90)
Security: http://vuxml.freebsd.org/freebsd/b57f690e-ecc9-11e4-876c-00262d5ed8ee.html
Approved by: portmgr (erwin)
Unbreak build on FreeBSD 8.x/9.x and DragonFly
./PYSignal.h:35:22: error: expected namespace name
using namespace std::placeholders;
~~~~~^
./PYSignal.h:49:18: error: no type named 'function' in namespace 'std'
typedef std::function<R()> func_type;
~~~~~^
./PYEditor.h:37:14: error: no type named 'shared_ptr' in namespace 'std'
typedef std::shared_ptr<Editor> EditorPtr;
~~~~~^
PYLibPinyin.cc:223:54: error: 'getline' was not declared in this scope
while ((read = getline (&linebuf, &size, dictfile)) != -1) {
^
PR: 199408
Reported by: pkg-fallout, DPorts
Submitted by: Henry Hu <henry.hu.sh@gmail.com> (maintainer)
Approved by: ports-secteam (delphij)
Look for icons in places other than /usr/share/icons.
Incorporate upstream commit 5750:
- When checking for icon themes, also check in $PREFIX
- Also ensure path is in QIcon's theme path
This makes the port correctly find/show icons in the UI.
PR: 199549
Submitted by: Tobias Berner <tcberner@gmail.com>
Approved by: portmgr (erwin)
- Add SYSINFO option to asterisk ports and force them to respect
it, otherwise they fail to build when devel/libsysinfo port is
already present on system.
While here:
- Silence some Makefile commands
- Remove mostly obsolete comment from option description
Reported by: Bob Eager <bob@eager.cx>
Approved by: portmgr (erwin)
Fix build with GCC with recent head kernel by disabling PCH for GCC.
The case for this is a recent head kernel building an older branch that uses
GCC in a jail.
This is discussed at https://lists.freebsd.org/pipermail/svn-src-all/2015-March/101722.html
It may be possible to fix GCC to do the right thing with mmap(2) but it would
not be simple to make ports use a fixed GCC on older releases and without
needlessly building a ports compiler when the system one would otherwise be
fine without PCH.
With hat: portmgr
Add patches for CVE-2015-1858, CVE-2015-1859 and CVE-2015-1860.
Multiple vulnerabilities in Qt image format handling.
Security: 5713bfda-e27d-11e4-b2ce-5453ed2e2b49
Approved by: ports-secteam (delphij)
- Update to new upstream snapshot as of 2015-04-03
(included ffmpeg snapshot as of 2015-04-03)
- Fix vulnerabilities CVE-2014-8544 and CVE-2014-9604
with bundled ffmpeg snapshot in the process
Approved by: ports-secteam (delphij)
The armv6 support added in r376350 requires USES=compiler. It works fine
on 10 and head since bsd.own.mk includes bsd.compiler.mk. This is not the case
on older releases though.
- Update to re-rolled 1.4.0
- Remove deprecated GH_COMMIT with a side effect of making it harder
to track from where tag moves in future
Changes: https://github.com/cisco/openh264/compare/3a75956...v1.4.0
PR: 199359
Reported by: marino
Approved by: ports-secteam (delphij)
- Update net/asterisk11 to 11.17.0
- Update net/asterisk13 to 13.3.0
- Fix mgcp module installation
- Add needed USE_LDCONFIG to asterisk13
- Adapt asterisk-g72x port and bump PORTREVISION
NOTE: While these versions of asterisk can be compiled with clang,
I have seen it crash at startup if so compiled. For this reason at
present I'm leaving the gcc requirement.
MFH: r383635
- Update net/asterisk to 1.8.32.3
- Update net/asterisk11 to 11.17.1
- Update net/asterisk13 to 13.3.2
Security: 5fee3f02-de37-11e4-b7c3-001999f8d30b
Approved by: portmgr, ports-secteam
- Update distinfo and unbreak
- Take maintainership
Distfiles differ mainly in the configure and build infrastructure,
apart from fixing a pair of minor bugs.
Mark BROKEN: fails to configure
CMake Error at cmake/ssl.cmake:247 (MESSAGE):
Cannot find appropriate system libraries for SSL. Make sure you've
specified a supported SSL version. Consult the documentation for WITH_SSL
alternatives
Call Stack (most recent call first):
CMakeLists.txt:442 (MYSQL_CHECK_SSL)
Reported by: pkg-fallout
Update distfile to re-rolled 6.99.1 (again)
Given the version is now properly announced and also exists under
/release/ directory I don't expect another re-roll.
Changes: http://renpy.org/latest.html
Pointy hat: jbeich
- Update to upstream version 11.3
- Fix security vulnerabilities in utvideodec and tiff decoders
(CVE-2014-9604 and CVE-2014-8544)
- Fix build with non-default CDIO option
Approved by: ports-secteam (delphij)
Mark BROKEN: fails to build
gmake[1]: Leaving directory '/wrkdirs/usr/ports/multimedia/handbrake/work/HandBrake-0.10.1/build/contrib/fdkaac/fdk-aac-v0.1.1-6-gbae4553'
touch contrib/fdkaac/.stamp.install
set -e; cd ./contrib/ffmpeg/libav-v10.1/; ./configure --prefix=/wrkdirs/usr/ports/multimedia/handbrake/work/HandBrake-0.10.1/build/contrib/ --disable-shared --enable-static --enable-gpl --disable-doc --disable-bsfs --enable-bsf=aac_adtstoasc --disable-avconv --disable-avplay --disable-avprobe --disable-avdevice --disable-avfilter --disable-avserver --disable-muxers --disable-network --disable-hwaccels --disable-encoders --enable-encoder=aac --enable-encoder=ac3 --enable-encoder=flac --enable-encoder=mpeg2video --enable-encoder=mpeg4 --enable-libvpx --enable-encoder=libvpx_vp8 --disable-decoder=libvpx_vp8 --enable-zlib --enable-bzlib --cc="/usr/bin/cc" --extra-ldflags="-O2 -pipe -fstack-protector -fno-strict-aliasing -I/usr/local/include -L/wrkdirs/usr/ports/multimedia/handbrake/work/HandBrake-0.10.1/build/contrib/lib" --enable-nonfree --enable-libfdk-aac --enable-encoder=libfdk_aac --enable-muxer=matroska --enable-muxer=webm --enable-muxer=mov --enable-muxer=mp4 --enable-muxer=psp --enable-muxer=ipod --enable-pthreads --disable-devices --disable-debug --extra-cflags="-O2 -pipe -fstack-protector -fno-strict-aliasing -I/usr/local/include -I/wrkdirs/usr/ports/multimedia/handbrake/work/HandBrake-0.10.1/build/contrib/include -DNDEBUG"
ERROR: libvpx encoder version must be >=0.9.6
If you think configure made a mistake, make sure you are using the latest
version from Git. If the latest version fails, report the problem to the
libav-tools@libav.org mailing list or IRC #libav on irc.freenode.net.
Include the log file "config.log" produced by configure as this will help
solving the problem.
../contrib/ffmpeg/module.rules:2: recipe for target 'contrib/ffmpeg/.stamp.configure' failed
Reported by: pkg-fallout
Fix support with GnuPG 2.1+ by not showing a warning when gpg-agent already running.
Obtained from: https://github.com/funtoo/keychain
Approved by: portmgr (implicit)
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
