- Fix runtime error:
Global symbol "@args" requires explicit package name at /usr/local/share/shutter/resources/modules/Shutter/App/HelperFunctions.pm line 56.
Global symbol "@args" requires explicit package name at /usr/local/share/shutter/resources/modules/Shutter/App/HelperFunctions.pm line 57.
Compilation failed in require at /usr/local/bin/shutter line 148.
See also: See also: https://bugs.launchpad.net/shutter/+bug/1495163/comments/2
- Bump PORTREVISION
Reviewed by: feld
Approved by: portmgr (erwin)
www/django16: Update DEPRECATED text and EXPIRATION date
Update DEPRECATED text displayed to users to match the verbage used at
upstream [1].
Set the EXPIRATION_DATE to "End of extended support" date + 6 months
While I'm here:
- Improve whitespace alignment
- Add whitespace for readability
[1] https://www.djangoproject.com/download/#supported-versions
Approved by: python (with hat)
Approved by: portmgr (feld)
Uses/python.mk: Fix PYTHON_REL for pre-release Python versions
Modify the PYTHON_REL variable assignment in python.mk so that it
can support PORTVERSION's that have non-integer suffixes such as
the current lang/python35 version (PORTVERSION currently 3.5.0.r3).
Currently, ports that use PYTHON_REL while DEFAULT_VERSIONS is set to
3.5, fail to build with the following make error:
make: "/usr/ports/Mk/Uses/python.mk" line 503:
warning: String comparison operator should be either == or !=
make: "/usr/ports/Mk/Uses/python.mk" line 503:
Malformed conditional (${PYTHON_REL} >= 3200 && defined(_PYTHON_FEATURE_PY3KPLIST))
This is caused by a non-integer value ("r3") in PYTHON_REL.
While I'm here, add a comment block to be clear on what we
(currently) want to achieve.
PR: 203093
Reported by: Andrew Berg (aberg010 my.hennepintech.edu)
Reviewed by: antoine
Differential Revision: https://reviews.freebsd.org/D3662
Approved by: portmgr (feld)
Suricata currently builds with GCC -march=native by default.
This can create problems if, for example, packages of this port are
built on ATOM servers but installed on AMD processors. In these and
other cases where the build host is not equal to the target host,
suricata can generate an Illegal instruction and refuse
to start.
It is ultimately preferable to explicitly cross-build and/or optimize
compilation for target architectures and processors. See: PEP20.
PR: 203296
Submitted by: Olivier Cochard <olivier cochard me>
Tested by: Olivier Cochard <olivier cochard me>
Approved by: portmgr (feld)
r397342 (partial)
multimedia/kodi: minor cleanup
- Convert to USE_GL
- Drop 8.x support
Approved by: portmgr blanket
r397605
multimedia/kodi: update 14.2 -> 15.1
- Update to Kodi 15.1 "Isengard"
- Remove CEC option from defaults
- Set CEC option as broken, needs libcec >= 3.0.0 which has yet to be ported
- Set USE_GCC for compilation on FreeBSD 9
- Sort USE_XORG, set USE_LDCONFIG, add under java category (portlint)
PR: 202812
Submitted by: mickael.maillot@gmail.com (maintainer)
Security: 80c66af0-d1c5-449e-bd31-63b12525ff88
Security: CVE-2015-3395
Security: 3d950687-b4c9-4a86-8478-c56743547af8
Security: CVE-2015-6818
Security: CVE-2015-6819
Security: CVE-2015-6820
Security: CVE-2015-6821
Security: CVE-2015-6822
Security: CVE-2015-6823
Security: CVE-2015-6824
Security: CVE-2015-6825
Security: CVE-2015-6826
r397613
multimedia/kodi: Set USES= compiler:c++11-lib
- USES= compiler:c++11-lib was left out of the original patch due to
an oversight. Add it and remove FreeBSD 9 specific USE_GCC= yes.
- No PORTREVISION bump as the compiler choice remained the same.
PR: 202812
Submitted by: mickael.maillot@gmail.com
r397820
multimedia/kodi: regen patch-configure.ac
- Add atomic lib to search libs, resolve 9.3 i386 build issue
- Bump PORTREVISION due to libatomic shlib dependency
PR: 202812
Submitted by: mickael.maillot@gmail.com (maintainer)
Approved by: ports-secteam (feld)
r391555
www/squid: Support DragonFly SHM segments
Out of the box, squid would not run on dragonfly due to its handling
of SHM segments. On DragonFly, SHM segments are always treated as files
but on FreeBSD it depends on whether or not application is inside a jail.
In any case, the case for DragonFly was no supported, so it has been
added via patch. This also requires the return of /var/run/squid
directory which is where the SHM files are stored (defined by
localstatedir and supported by RC script). The RC script would define
this directory if missing, but let's make sure it is always available.
PR: 201405
Submitted by: marino
Approved by: maintainer (timp87/gmail)
r392222
www/squid: pkg-list fix
- add missing pkg-plist entry (SSL_CRTD option)
PR: 201463
Submitted by: s3erios@gmail.com
Approved by: timp87@gmail.com (maintainer)
r393602
www/squid: update 3.5.6 -> 3.5.7
- Fix build with ecap by clang
- Get rid of useless and always empty /var/squid/logs
- Rework patches to make portlint a bit happier
PR: 202053
Submitted by: Pavel Timofeev <timp87@gmail.com> (maintainer)
r396106
www/squid: update 3.5.7 -> 3.5.8
PR: 202826
Submitted by: Pavel Timofeev <timp87@gmail.com> (maintainer)
Approved by: feld (mentor)
r396185
Fix TP_IPF build.
r397215
Rather than produce a warning message that IPv6 is not supported
under ipfilter 4 (FreeBSD 9) every tenth time, reduce the message
to one in a million. This has the effect of displaying the message
at or shortly after startup with a reminder every blue moon.
PR: 202950
r397476
www/squid: security update and build fix
- security update 3.5.8 -> 3.5.9 [1]
- Fix TP_IPF build on FreeBSD 9 [2]
PR: 203186 [1]
PR: 202950 [2]
Approved by: Pavel Timofeev <timp87@gmail.com> (maintainer) [1]
Security: d3a98c2d-5da1-11e5-9909-002590263bf5
Approved by: portmgr (erwin)
It turned out -fPIC is required on sparc64 as well: it dumps core without
it on extraction, which turn breaks e.g. `sysutils/namefix' port. Do not
bump port revision again as it was bumped just couple of hours ago, which
is just too small in Tier-2 land for which we do not produce any packages
anyways.
Tested on: flame
Approved by: ports-secteam (with hat)
Adds -fPIC to CFLAGS_aarch64 to a number of ports that already have it
in the amd64 CFLAGS and are failing to build.
Approved by: bapt
Differential Revision: https://reviews.freebsd.org/D3321
Approved by: ports-secteam (with hat)
Security update to 4.3.1. Further details are available at WordPress
website at https://wordpress.org/news/2015/09/wordpress-4-3-1/ .
Security: f4ce64c2-5bd4-11e5-9040-3c970e169bc2
Security: CVE-2015-5714
Security: CVE-2015-5715
Approved by: ports-secteam
Security update to 4.3.1. Further details are available at WordPress
website at https://wordpress.org/news/2015/09/wordpress-4-3-1/ .
Security: f4ce64c2-5bd4-11e5-9040-3c970e169bc2
Security: CVE-2015-5714
Security: CVE-2015-5715
Approved by: ports-secteam
This needs perl as both build and run dependency
- It installs perl scripts into DATADIR
- Unless perl is available at buildtime it'll use incorrect shebangs for these scripts
Approved by: portmgr blanket
Approved by: ports-secteam blanket
Replace "/etc" with $PREFIX/etc. Without this change ibus-dconf won't be
able to save input method engine preferences.
PR: ports/197191
Submitted by: Christopher Hall <christopherhall hsw gmail.com>
Approved by: ports-secteam
Update to 1.12.7. See
https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html for a
list of changes in this release.
Security: CVE-2015-6241
Security: CVE-2015-6242
Security: CVE-2015-6243
Security: CVE-2015-6244
Security: CVE-2015-6245
Security: CVE-2015-6246
Security: CVE-2015-6247
Security: CVE-2015-6248
Security: CVE-2015-6249
Approved by: ports-secteam (with hat)
graphics/libwmf: Fix bug introduced by patch for CVE-2015-4696
- The original CVE-2015-4696 patch from upstream was missing line numbers
in the first patch hunk. The security issue was resolved by the
restructured code but a new potential bug was introduced in the process.
- While here, update to my FreeBSD.org email
PR: 201513
Reported by: Sevan Janiyan <venture37@geeklan.co.uk>
Obtained from: Fedora libwmf RPM git (commit c8bc53c1)
Approved by: ports-secteam (feld), feld (mentor)
Disable use of SSE instructions in Xorg's xf86SlowBcopy() function.
When such instructions are used to copy data from/to mapped video
memory, some hypervisors (e.g. KVM, Microsoft Hyper-V) can generate
SIGILL or SIGBUS exceptions, causing Xorg to crash.
Reported by: nogcjx@fastmail.fm
Approved by: ports-secteam (feld)
PR: 202643
r395861
QEMU update to 2.4.0
- remove patch files accepted and merge upstream
- Add new vgabios-virtio
r396024
Build fixes for 2.4.0
- regenerate patch-pcap
- Escape --extra-ldflags as it looks like the qemu builder is eating spaces
or lines making it frustrating to use.
PR: 202402 202536 202864
r394418
Update qemu-sbruno to track bsd-user branch on github. I *am* the
upstream of this port and maintainer notified developers on 07/17/15 to
update his ports while he is AFK.
Sync's to pre-release 2.4.0
Differential Revision: https://reviews.freebsd.org/D3385
r395787
Build fix:
- Remove etc/qemu/target-x86_64.conf.sample dropped by upstream
- Add vgabios-virtio.bin
r396026
Fix Makefile so that those who want to use this port directly can still
build.
PR: 202536
PR: 202402
Security: CVE-2015-5154
Security: CVE-2015-5165
Security: CVE-2015-5166
Security: da451130-365d-11e5-a4a5-002590263bf5
Security: f06f20dc-4347-11e5-93ad-002590263bf5
Security: ee99899d-4347-11e5-93ad-002590263bf5
Approved by: ports-secteam (feld), feld (mentor)
Update BIND to 9.9.7-P3 and 9.10.2-P4.
Also:
- Add an option to enable the bind min override ttl patch.
- When not using OpenSSL from ports, do not try to unmount the chrooted
engines directory.
- Add an option for embedding PORTREVISION in the server's version string.
Security: CVE-2015-5722, CVE-2015-5986
Sponsored by: Absolight
- Apply fix for CVE-2015-3228, denial of service via crafted Postscript files.
The security relevant change was applied manually as r395047 split the
Ghostscript ports into separate X11-independent and -dependent parts.
PR: 202781
Security: CVE-2015-3228
Security: fc1f6658-4f53-11e5-934b-002590263bf5
Approved by: ports-secteam (feld), feld,delphij (mentors)
Require a C++11-compliant standard library and make it work with GCC < 4.9.
Despite ports r340913, the port still fails to build on FreeBSD 9.3 with
lang/gcc (GCC 4.8):
libreify/src/parser.cc: In member function 'void Reify::Parser::parseProgram()':
libreify/src/parser.cc:130:51: error: 'to_string' is not a member of 'std'
Apply a workaround for bug 193528 found in other ports to make that function
visible to GCC 4.8 (GCC 4.9 and later are fine).
Additionally, the port actually requires a C++11 standard library in
addition to a C++11-compliant compiler, so adjust the USES line and later
simplify the process of choosing which compiler to use.
Approved by: vsevolod (maintainer)
Differential Revision: https://reviews.freebsd.org/D3545
Approved by: portmgr (blanket approval)
- Change upstream GH account
- Change WWW
This is only the GH account change and WWW; the version was already
superceded, but became unfetchable due to this missing MFH.
Approved by: ports-secteam (with hat)
Reset maintainership per mail on freebsd-ports@ list
Requested by: Joe Horn <joehorn@gmail.com> (maintainer)
Approved by: ports-secteam trivial documentation blanket
www/lighttpd: modernize, support lua 5.2+
- Use USE OPTIONs helpers
- add support for lua 5.2+
PR: 202302
Submitted by: pkubaj@riseup.net (maintainer)
Needed to complete merge done in r395736.
Approved by: ports-secteam (delphij)
multimedia/mplayer2: make GIF=on actually work
GIF option was both auto-disabled during configure and broken when
forced to be enabled. So, bump PORTREVISION to restore GIF support
for users with GIF=on.
PR: 202404
Submitted by: Carlos J Puga Medina <cpm@fbsd.es> (maintainer)
Approved by: ports-secteam (delphij)
multimedia/mplayer2: slightly improve options
- Make CACA=on actually work
- Convert PULSE and LIBCDIO to standard spelling
- Drop option descriptions where standardized
PR: 202404
Submitted by: Carlos J Puga Medina <cpm@fbsd.es> (maintainer)
Approved by: ports-secteam (delphij)
multimedia/ffmpeg0: Use OPTIONS helpers, Honour CFLAGS
- Use OPTIONS helpers for as many as conditional blocks as possible.
Blocks with FFMPEG_* and other variables not supported by the helper
framework are not modified.
- Honour CFLAGS for armv6 (= -> ?=)
While I'm here:
- Sort and group common or related Makefile sections where it made sense
to do so and improved readability. Put global things up the top and
conditional blocks below.
- Improve whitespace alignment for readability.
Approved by: wg (maintainer)
Differential Revision: https://reviews.freebsd.org/D2981
MFH: r391234
multimedia/ffmpeg0: Fix X11GRAB dependency typo
Fix a typo (s/xent/xext) in the X11GRAB USE_XORG dependency assignment that was
introduced in r391234.
PR: 201321
Submitted by: Andrey Fesenko <andrey bsdnir info>
Approved by: pointyhat (koobs)
MFH: r395164
multimedia/ffmpeg0: security update 0.7.16 -> 0.7.17
PR: 200852
Security: 65b14d39-d01f-419c-b0b8-5df60b929973
Submitted by: John Hein <z7dr6ut7gs@snkmail.com>
Approved by: wg (maintainer), delphij (mentor)
Approved by: ports-secteam (delphij)
- upgrade to 1.7.21
- fix py-subversion (convert BDB_CONFIGURE_OFF back to !${PORT_OPTIONS:MBDB})
- fix sample apache module config ('s/dav_module/dav_svn_module/')
- add tuning example for dav_svn_module
MFH: r395129
- update to 1.7.22
Developer-visible changes:
- General:
* fix the regression test suite which was broken in 1.7.21 (r1694012)
Approved by: ports-secteam (delphij@)
- update to 2.2.31
- remove backports
- minor cleanups
- always rebuild configure script
- add patch for acinclude.m4 [1]
Changes with Apache 2.2.31 [2]
*) Correct win32 build issues for mod_proxy exports, OpenSSL 1.0.x headers.
[Yann Ylavic, Gregg Smith]
Changes with Apache 2.2.30 (not released)
*) SECURITY: CVE-2015-3183 (cve.mitre.org)
core: Fix chunk header parsing defect.
Remove apr_brigade_flatten(), buffering and duplicated code from
the HTTP_IN filter, parse chunks in a single pass with zero copy.
Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext
authorized characters. [Graham Leggett, Yann Ylavic]
*) http: Fix LimitRequestBody checks when there is no more bytes to read.
[Michael Kaufmann <mail michael-kaufmann.ch>]
*) core: Allow spaces after chunk-size for compatibility with implementations
using a pre-filled buffer. [Yann Ylavic, Jeff Trawick]
*) mod_ssl: bring SNI behavior into better conformance with RFC 6066:
no longer send warning-level unrecognized_name(112) alerts. PR 56241.
[Kaspar Brand]
*) http: Make ap_die() robust against any HTTP error code and not modify
response status (finally logged) when nothing is to be done. PR 56035.
[Yann Ylavic]
*) core, modules: Avoid error response/document handling by the core if some
handler or input filter already did it while reading the request (causing
a double response body). [Yann Ylavic]
*) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick,
Olli Hauer <ohauer gmx de>]
*) mod_proxy: use the original (non absolute) form of the request-line's URI
for requests embedded in CONNECT payloads used to connect SSL backends via
a ProxyRemote forward-proxy. PR 55892. [Hendrik Harms <hendrik.harms
gmail com>, William Rowe, Yann Ylavic]
*) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for
internationalization. [William Rowe]
*) mod_log_config: Implement logging for sub second timestamps and
request end time. [Rainer Jung]
*) mod_log_config: Ensure that time data is consistent if multiple
duration patterns are used in combination, e.g. %D and %{ms}T.
[Rainer Jung]
*) mod_log_config: Add "%{UNIT}T" format to output request duration in
seconds, milliseconds or microseconds depending on UNIT ("s", "ms", "us").
[Ben Reser, Rainer Jung]
*) In alignment with RFC 7525, the default recommended SSLCipherSuite
and SSLProxyCipherSuite now exclude RC4 as well as MD5. Also, the
default recommended SSLProtocol and SSLProxyProtocol directives now
exclude SSLv3. Existing configurations must be adjusted by the
administrator. [William Rowe]
*) core: Avoid potential use of uninitialized (NULL) request data in
request line error path. [Yann Ylavic]
*) mod_proxy_http: Use the "Connection: close" header for requests to
backends not recycling connections (disablereuse), including the default
reverse and forward proxies. [Yann Ylavic]
*) mod_proxy: Add ap_connection_reusable() for checking if a connection
is reusable as of this point in processing. [Jeff Trawick]
*) mod_proxy: Reuse proxy/balancer workers' parameters and scores across
graceful restarts, even if new workers are added, old ones removed, or
the order changes. [Jan Kaluza, Yann Ylavic]
*) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context.
PR 57100. [Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>,
Yann Ylavic]
*) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
allowing custom parameters to be configured via SSLCertificateFile,
and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
Unless custom parameters are configured, the standardized parameters
are applied based on the certificate's RSA/DSA key size. [Kaspar Brand]
*) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
keys, and unconditionally disable aNULL, eNULL and EXP ciphers
(not overridable via SSLCipherSuite). [Kaspar Brand]
*) mod_ssl: Add support for configuring persistent TLS session ticket
encryption/decryption keys (useful for clustered environments).
[Paul Querna, Kaspar Brand]
*) SSLProtocol and SSLCipherSuite recommendations in the example/default
conf/extra/httpd-ssl.conf file are now global in scope, affecting all
VirtualHosts (matching 2.4 default configuration). [William Rowe]
*) mod_authn_dbd: Fix lifetime of DB lookup entries independently of the
selected DB engine. PR 46421. [Jan Kaluza].
*) Turn static function get_server_name_for_url() into public
ap_get_server_name_for_url() and use it where appropriate. This
fixes mod_rewrite generating invalid URLs for redirects to IPv6
literal addresses. PR 52831 [Stefan Fritsch]
*) dav_validate_request: avoid validating locks and ETags when there are
no If headers providing them on a resource we aren't modifying.
[Ben Reser]
*) mod_ssl: New directive SSLSessionTickets (On|Off).
The directive controls the use of TLS session tickets (RFC 5077),
default value is "On" (unchanged behavior).
Session ticket creation uses a random key created during web
server startup and recreated during restarts. No other key
recreation mechanism is available currently. Therefore using session
tickets without restarting the web server with an appropriate frequency
(e.g. daily) compromises perfect forward secrecy. [Rainer Jung]
*) mod_deflate: Define APR_INT32_MAX when it is missing so to be able to
compile against APR-1.2.x (minimum required version). [Yann Ylavic]
*) mod_reqtimeout: Don't let pipelining checks interfere with the timeouts
computed for subsequent requests. PR 56729. [Eric Covener]
[1] https://issues.apache.org/bugzilla/show_bug.cgi?id=58126
[2] http://www.apache.org/dist/httpd/CHANGES_2.2.31
With Head apache@
Approved by: ports-secteam (delphij@)
Move definitions of MAKE_ARGS up to ensure that chromedriver is built when
requested [1]
While here sort USES
PR: 202560 [1]
Submitted by: Carlos J Puga Medina [1]
Approved by: ports-secteam (delphij)
Update tarsnap to 1.0.36.
This removes the SSE2 option since tarsnap now detects that cpu feature
at run-time.
Security: Fixes a denial of service and a maybe-exploitable overflow.
Approved by: ports-secteam (feld)
sysutils/froxlor: security update 0.9.32_3 -> 0.9.33.2
- Update to 0.9.33.2
- Minor option and format fixes (support Dovecot 2, use default Apache version)
- Add security hint to pkg-message
- Add NO_ARCH
- Drop @dirrmtry as all pkg-plist files are under PREFIX
PR: 202262
Security: CVE-2015-5959
Security: 9ee72858-4159-11e5-93ad-002590263bf5
Submitted by: Marco Steinbach <coco@executive-computing.de> (maintainer)
Approved by: ports-secteam (feld), feld (mentor)
where other changes between the 2.31.2 and 2.31.6 which where missed.
So to fix this, remove two patches that are now included in 2.31.6,
and update the plist for this version.
Submitted by: pkg-fallout
Approved by: portmgr@ (antoine@)
Update irc/unreal to 3.2.10.5
This release fixes a SASL Denial of Service issue
Security: 0ecc1f55-45d0-11e5-adde-14dae9d210b8
Approved by: ports-secteam (with hat)
- Fix build when CXX is set to a path instead of just an executable name (fixes cross-builds)
Approved by: portmgr blanket
Approved by: ports-secteam build fix blanket
sysutils/xen-tools: Update to 4.5.1 and apply XSA-139/XSA-140 patches
- Update to 4.5.1
- Remove XSA-117 to XSA-136 and elf_parse_bsdsyms patches now part of 4.5.1
- Leave XSA-135 QEMU traditional patches due an oversight in 4.5.1
- Apply patches for XSA-139/XSA-140
- Set USE_LDCONFIG, sort USES, use ${PATCH}, and reorder Makefile (portlint)
PR: 201931
Security: CVE-2015-5166
Security: ee99899d-4347-11e5-93ad-002590263bf5
Security: CVE-2015-5165
Security: f06f20dc-4347-11e5-93ad-002590263bf5
Approved by: bapt (maintainer), feld (mentor)
Approved by: ports-secteam (feld)
multimedia/openh264: unbreak build on armv6
Disable NEON support for armv6 (softfp). Alas, MACHINE_CPU is
underspecified on arm* to conditionalize NEON check within a port.
PR: 201273
Reported by: pkg-fallout
Submitted by: mikael.urankar@gmail.com
Approved by: ports-secteam (delphij)
This was done this way because HEAD ports diverged after the 64bit linux
emulation ports update.
Security: f3778328-d288-4b39-86a4-65877331eaf7
Approved by: ports-secteam@ (feld@)
ftp/vsftpd-ext: unbreak build on 9.x i386 and clean up port
- Force clang on FreeBSD < 10.0 to resolve 9.x i386 build issues
- Modernize USES with tar:tgz
- Rely on USERS/GROUPS; remove pkg-install/pkg deinstall scripts
- Remove direct chmod usage
- Regen patch to pet portlint
PR: 200791
Submitted by: Xu Jing <xjflyttp@gmail.com> (maintainer - original version)
Approved by: ports-secteam (feld), delphij (mentor)
Add OAuth keys for importing Google contacts into Loop
Loop aka Firefox Hello is available since 34.0.
https://bugzilla.mozilla.org/show_bug.cgi?id=1106854
Inspired by: ArchLinux
Approved by: ports-secteam (delphij)
Update to pkg 1.5.6
Changes:
- Incorporate in sources the patch for expat CVE-2015-1283
Note that pkg is not vulnerable because it does not use the patched function
- improvements in pkg check manpage
- fix format specifier in libpkg's pkg_vets
Approved by: portmgr (implicit)
Release pkg 1.5.5
Changes:
- Manpages updates
- Add a random delay to pkg-audit when invoked without a TTY
- Update zsh completion
- Add a new AUTOCLEAN option to automatically clean the cache directory
- Don't attempt to set file ownership when INSTALL_AS_USER is set
- Add a new configuration item to define custom HTTP User-Agent
- Fix an integer overflow when displaying package size for packages larger than 2GiB.
Approved by: portmgr (implicit)
Switch OpenH264 plugin to use environment variable
files/patch-system-openh264 causes patch churn on updates and hits
assertion with DEBUG=on[1]. Rework to use MOZ_GMP_PATH instead.
While here populate Last Updated field to avoid falling back to Epoch start
and disable Automatic Updates in an unlikely case of
- Cisco & Mozilla providing prebuilt version for FreeBSD
- Firefox running with root priveleges i.e., write permission under /usr/local
PR: 202218 [1]
Reported by: kib, pi [1]
Inspired by: Gentoo
Approved by: ports-secteam (feld)
www/firefox: make testing bundled cairo easier via option
BUNDLED_CAIRO does nothing with GTK3 until Firefox 41.0
https://bugzilla.mozilla.org/show_bug.cgi?id=1159273
PR: 202174
Approved by: ports-secteam (feld)
lang/python{27,32,33,34}: Mark MAKE_JOBS_UNSAFE
Parser/pgen code intermittently and non-deterministically fails
at build time causing errors including, among others:
* Parser/pgen.o: file not recognized: File truncated
* pgenmain.c:(.text+0x244): undefined reference to `_Py_pgen'
This is apparently due to incorrect uses of recursive make [1] which
was fixed in the upstream Python 'default' (3.5) branch [2].
This change marks all Python port versions as MAKE_JOBS_UNSANFE until
the the original changeset [1] and the resulting regression in
cross-builds [3], whos fix is still pending, can be backported.
[1] https://bugs.python.org/issue22359
[2] https://hg.python.org/cpython/rev/c2a53aa27cad
[3] https://bugs.python.org/issue22625
PR: 200622
Approved by: portmgr (feld)
Fix shuffle playback
(random number generator is not initialised properly)
While on it:
Pet portlint
PR: 201645
Submitted by: yamagi@yamagi.org (maintainer)
Approved by: ports-secteam (delphij)
Fix file permissions so WWWDIR is not writable by WWWOWN
Improve pkg-message notes on setting up Apache and Nginx
PR: 201908
Approved by: ports-secteam (with hat)
Update to upstream openafs security release 1.6.13
OPENAFS-SA-2015-001 - vos leaks stack data onto the wire in the clear
when creating vldb entries
OPENAFS-SA-2015-002 - bos commands can be spoofed, including some
which alter server state
OPENAFS-SA-2015-003 - pioctls leak kernel memory contents
OPENAFS-SA-2015-004 - kernel pioctl support for OSD command passing can
trigger a panic
OPENAFS-SA-2015-006 - Buffer overflow in OpenAFS vlserver
Approved by: ports-secteam (delphij)
Security: CVE-2015-3282, CVE-2015-3283, CVE-2015-3284, CVE-2015-3285
lang/v8, lang/v8-devel: Backport CVE fix
This fix has been backported instead of upgrading to a newer release as
the upstream release process is a complicated fast-moving target and the
current ports are using custom snapshots created by the port maintainer.
This will also limit the amount of potential fallout as we know the
existing v8 port works well enough to keep mongodb up to date.
PR: 201450
Security: CVE-2015-5380
Security: 864e6f75-2372-11e5-86ff-14dae9d210b8
Approved by: ports-secteam (with hat)
devel/v8, devel/v8-devel: Backport CVE fix
This fix has been backported instead of upgrading to a newer release as
the upstream release process is a complicated fast-moving target and the
current ports are using custom snapshots created by the port maintainer.
This will also limit the amount of potential fallout as we know the
existing v8 port works well enough to keep mongodb up to date.
PR: 201450
Security: CVE-2015-5380
Security: 864e6f75-2372-11e5-86ff-14dae9d210b8
Approved by: ports-secteam (with hat)
- Update to 2.3.6
- Install more config files as sample config
- Fix directory permissions under /var
- Change database backend options to GROUP, so one can de-select both [1]
PR: 201114 [1]
Submitted by: Niels Kristensen
Approved by: portmgr (delphij)
bsd.gecko.mk: PowerPC no longer needs the __STDC_CONSTANT_MACROS in CFLAGS
sys/cdefs.h after base r227475 always defines __STDC_CONSTANT_MACROS
for C++11 while Firefox enforces C++11 since 25.0 and also defines
__STDC_CONSTANT_MACROS via mozilla-config.h since 26.0.
As Firefox 38.0 enables -pedantic-errors this breaks build. So, remove
the dup to unbreak build on powerpc and powerpc64.
PR: 201294
Submitted by: jhibbits
Approved by: ports-secteam (feld)
Fix heap overflow vulnability.
Be more careful about integer overflow.
While here: fix possible divide-by-zero.
Notified by: feld@
Approved by: ports-secteam (with hat)
Update devel/p4p to 2015.1/1126382 to fix the broken distfile.
Move plist execs to the stage and init script.
PR: 198692
Differential Revision: https://reviews.freebsd.org/D3092
Approved by: mat (mentor)
Approved by: ports-secteam (feld)
Update devel/p4ftpd to 2015..1/1024208 fixing broken distfile.
Move unneeded execs from the plist into the init script.
PR: 198692
Differential Revision: https://reviews.freebsd.org/D3089
Approved by: mat (mentor)
Approved by: ports-secteam (feld)
Update devel/p4d to 2015.1/1045032 to fix broken fetch.
Remove unneeded exec statements by moving them into
the port stage or init script.
PR: 198692
Differential Revision: https://reviews.freebsd.org/D3087
Approved by: mat (mentor)
Approved by: ports-secteam (feld)
Update to devel/p4 2015.1/1126382 to fix broken port.
Migrate common variable for the devel/p4* ports into the Makefile.inc.
PR: 201216
Differential Revision: https://reviews.freebsd.org/D3088
Approved by: mat (mentor)
Approved by: ports-secteam (feld)
security/wpa_supplicant: Address security issue (2015-5)
There was a vulnerability to the WPS_NFC option which is off by default.
The port is being bumped anyway since people using that option will want
the latest version.
PR: 201432
Submitted by: Jason Unovitch
Approved by: ports-secteam (with hat)
Bump PORTREVISION of the client and add pkg-message to warn about
CVE-2015-3152 which will not get patched
Security: CVE-2015-3152
Security: 36bd352d-299b-11e5-86ff-14dae9d210b8
Approved by: ports-secteam (with hat)
Bump PORTREVISION of the client and add pkg-message to warn about
CVE-2015-3152 which will not get patched
Security: CVE-2015-3152
Security: 36bd352d-299b-11e5-86ff-14dae9d210b8
Approved by: ports-secteam (with hat)
Bump PORTREVISION of the client and add pkg-message to warn about
CVE-2015-3152 which will not get patched
Security: CVE-2015-3152
Security: 36bd352d-299b-11e5-86ff-14dae9d210b8
Approved by: ports-secteam (with hat)
Bump PORTREVISION of the client and add pkg-message to warn about
CVE-2015-3152 which will not get patched
Security: CVE-2015-3152
Security: 36bd352d-299b-11e5-86ff-14dae9d210b8
Approved by: ports-secteam (with hat)
Bump PORTREVISION of the client and add pkg-message to warn about
CVE-2015-3152 which will not get patched
Security: CVE-2015-3152
Security: 36bd352d-299b-11e5-86ff-14dae9d210b8
Approved by: ports-secteam (with hat)
Fix runtime error: Packet type identification on big-endian
machines which prevented it from working correctly on e.g.
MIPS-based routers.
PR: 201382
Submitted by: kp@freebsd.org
Approved by: ports-secteam (feld), edwin@mavetju.org (maintainer)
www/zope213: make this port usable when installed from packages
Both ports users and package users now follow uniform procedure of creating
application instance.
Summary:
- Clean up port and remove `make instance` functionality that duplicates native
Zope tool functionality
- Standardize and ensure pkg-message instructions correctly set up Zope
- Make Portlint and Poudriere testport clean
- Set NO_ARCH
PR: 200040
Submitted by: Jason Unovitch <jason.unovitch@gmail.com>
Approved by: ports-secteam (feld)
net/turses: Update to 0.3.0, Unbreak.
- Update to 0.3.0, unbreaking due to 2.3+ versions of net/py-tweepy
in the ports tree
- Patch setup.py to relax py-tweepy version requirement
- oauth2 is no longer required
- Set USES=python to 2.7, since this doesnt need the meta-port
- Patch in setuptools test command support (setup.py)
- Update TEST_DEPENDS and TESTS option description
- Sort USE_PYTHON values
- Add NO_ARCH
Second half of:
PR: 200621
Reported by: Patrick P. <freebsdbug patpro net>
Approved by: portmgr (feld)
sysutils/py-salt: Remove spurious backslash line ending
Remove a spurious slash from the line end of PYDISTUTILS_INSTALLARGS
introduced in r387241.
Reported by: xmj
Approved by: portmgr (delphij)
multimedia/emby-server: Update to 3.0.5641.5, fix distinfo
The upstream project on GitHub was renamed from MediaBrowser to Emby
causing the following error:
size mismatch: expected 54577043, actual 54582083
- Update to 3.0.5641.5
- Change the upstream repository name to compensate
PR: 201369
Submitted by: Ben Woods <woodsb02 gmail com> (maintainer)
Approved by: portmgr (delphij)
www/nginx{-deve}: Fix build with HEADERS_MORE option
Upstream apparently re-tagged the v0.26 release, thereby changing the contents
of the tarball oftained from github, causing distinfo checksums to become
mismatched.
This change updates distinfo entries in nginx and nginx-devel to compensate.
PR: 201129
Approved by: portmgr (feld)
4.6.6 is now a General Availability Release
It appears Unifi kills the download URL when they promote a version to a
General Availability Release. We will keep the Makefile aware of both
URLs now so this is a transparent change to users in the future.
Approved by: ports-secteam (with hat)
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
