- the PDF changed a little bit, no code changes
PR: 208304
Submitted by: Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)
Approved by: portmgr blanket (quarterly fails to build)
Add a runtime dependency on databases/qt5-sqldrivers-sqlite3.
Tools such as qcollectiongenerator fail to run when it is not present.
Approved by: portmgr blanket approval
Drop MAKE_JOBS_UNSAFE.
The port built fine with -j56 on Poudriere, and it also ran fine. I'm tempted
to believe whatever problems there were when the port was initially added to
the tree have since been solved, and the port should be make jobs safe now.
PR: 207191
Approved by: maintainer timeout (vg, 39 days)
Approved by: portmgr blanket approval
net/tigervnc: Remove HPJPG option
The HPJPG option has been broken and irrelevant since the ports tree
changed to make jpeg-turbo the default jpeg provider in r397084
PR: 208088
Approved by: maintainer
Approved by: ports-secteam (with hat)
graphics/graphite2: rely on default EXTRACT_SUFX after r411337
2016Q1 lacks r410613 which leads to the following error:
=> silnrsi-graphite-1.3.7_GH0.tgz is not in graphics/graphite2/distinfo.
=> Either graphics/graphite2/distinfo is out of date, or
=> silnrsi-graphite-1.3.7_GH0.tgz is spelled incorrectly.
or
===> Extracting for graphite2-1.3.7
=> No SHA256 checksum recorded for silnrsi-graphite-1.3.7_GH0.tgz.
=> No suitable checksum found for silnrsi-graphite-1.3.7_GH0.tgz.
Reported by: mav
Pointy hat: jbeich
Approved by: ports-secteam bustage blanket
net/dbeacon: Unbreak port
- New MAINTAINER
- New MASTER_SITE
- Add patch to clean up some build errors
- Cleaned up pkg-descr
PR: 208048
Approved by: ports-secteam (with hat)
r405346:
Update devel/git to 2.7.0
r408063:
Lighten up the Perl dependencies.
git uses Perl for two things: Perl hooks into git, and the
git-send-email(1) script.
The Perl hooks only use p5-Error. The other modules dependencies,
p5-Authen-SASL and p5-Net-SMTP-SSL (which bring in a number of other
perl module dependencies) are only required for git-send-email(1).
This commit adds a SEND_EMAIL option, defaulted to on, that auto-enables
the PERL option and installs the git-send-email(1) script with the
extra perl modules.
With the PERL option on and SEND_EMAIL off, only the p5-Error module
is required.
No PORTREVISION bump as the default dependencies and plist haven't changed.
PR: 206901
Approved by: garga (maintainer)
Differential Revision: https://reviews.freebsd.org/D5179
r409422:
Update devel/git to 2.7.2
r409430:
Fix plist with NLS on after r409422.
PR: 208074
Reported by: Sevan Janiyan <venture37@geeklan.co.uk> (via PR)
Reported by: Tony Tung <tonytung@merly.org> (via email)
Security: CVE-2016-2315
Security: https://vuxml.FreeBSD.org/freebsd/93ee802e-ebde-11e5-92ce-002590263bf5.html
Approved by: ports-secteam (with hat)
sysutils/inotify-tools: Update to 3.14.01
This update prevents signal handling from being blocked on a worker
thread as well as an accumulation of other bug fixes.
PR: 204366
Approved by: ports-secteam (with hat)
- update to 4.1.8
- add ability to build agains openssl or libressl from ports
- add MUNIN_PLUGIN_IMPLIES= BIND8_STATS
- use @sample macro in pkg-plist for nsd.conf
- s/exec/postexec/ pkg-plist
FEATURES:
- #732: tcp-mss, outgoing-tcp-mss options for nsd.conf, patch
from Daisuke Higashi.
- #739: zonefile changes when mtime is small are detected on reload,
if filesystem supports precision mtime values.
- RR type CSYNC (RFC7477) syntax is supported.
BUG FIXES:
- take advantage of arc4random_uniform if available, patch from
Loganaden Velvindron.
- Fix flto check for OSX clang.
- Define _DEFAULT_SOURCE with _BSD_SOURCE for glibc 2.20 on Linux.
- Fix#736: segfault during zone transfer.
- Fix#744: Fix that NSD replies for configured but unloaded zone
with SERVFAIL, not REFUSED.
PR: 207951
Submitted by: jaap@NLnetLabs.nl (maintainer)
Approved by: ports-secteam (feld@)
www/squid: Fix crashes under heavy load
Squid 3.5.15 addresses security issues, but reports have been made that
it is unstable under load. These patches repair stability while not
requiring we downgrade to 3.5.14 which reintroduces security vulnerabilities.
PR: 207762
Approved by: maintainer
Approved by: ports-secteam (with hat)
Un-break port, update to upstream version 0.7.0
While on it:
- Pet portlint
PR: 206840
Submitted by: bbtruk@users.sourceforge.net (maintainer)
Approved by: ports-secteam (feld)
- update to 3.2.21
Changes:
Fix potential segfault in zone transfer corner case.
NSD 3 is end of life and support stops on May 20th, 2016.
BUG FIXES:
- Define _DEFAULT_SOURCE with _BSD_SOURCE for glibc 2.20 on Linux.
(Same as NSD 4.1.8).
- Fix#736: segfault during zone transfer. (Same as NSD 4.1.8).
PR: 207952
Submitted by: jaap@NLnetLabs.nl (maintainer)
Approved by: ports-secteam (feld@)
Fix cross site scripting vulnerability, bump PORTREVISION
Fix CVE-2009-4422: Multiple cross-site scripting (XSS) vulnerabilities in
the GetURLArguments function in jpgraph.php in Aditus Consulting JpGraph
3.0.6 allow remote attackers to inject arbitrary web script or HTML via a
key to csim_in_html_ex1.php, and other unspecified vectors.
Despite ports tree version is 3.0.7, this vulnerability has not been fixed.
The solution is taken from
http://www.securityfocus.com/archive/1/archive/1/508586/100/0/threaded
While on it:
- Fix typo in port creator's mail address
- Add LICENSE*
- Add NO_ARCH=yes (port only installs scripts)
PR: 207001
Submitted by: venture37@geeklan.co.uk
Security: CVE-2009-4422
Approved by: ports-secteam (feld)
www/firefox: work around Clang 3.4 crash with OPTIMIZED_CFLAGS=off
Pretend we want C++14 to pull more modern version of Clang on 10.x i386.
PR: 207837
Approved by: ports-secteam (junovitch)
security/pidgin-otr: Update to 4.0.2
Changes:
- Fix use-after-free issue during SMP
- Updated Spanish, German, Norwegian Bokmål translations
- New Danish translation
- The Windows binary has been linked with updated versions of libotr,
libgcrypt, libgpg-error, and other supporting libraries
Security: CVE-2015-8833
Security: http://www.vuxml.org/freebsd/77e0b631-e6cf-11e5-85be-14dae9d210b8.html
Approved by: ports-secteam (with hat)
security/libotr: Update to 4.1.1
Changes:
* Fix an integer overflow bug that can cause a heap buffer overflow (and
from there remote code execution) on 64-bit platforms
* Fix possible free() of an uninitialized pointer
* Be stricter about parsing v3 fragments
* Add a testsuite ("make check" to run it), but only on Linux for now,
since it uses Linux-specific features such as epoll
* Fix a memory leak when reading a malformed instance tag file
* Protocol documentation clarifications
Security: CVE-2016-2851
Approved by: ports-secteam (with hat)
graphics/giflib: Add patch to fix regression
There is a regression with the 5.1.2 update to giflib. This affects the
ability for applications to render gif images usually ocurring after the
first gif image is rendered. Upstream has been notified but has not yet
provided feedback.
giflib 5.1.2 was a security fix, so reverting is not reasonable.
"The removed check look redundant - I couldn't find a code path where
Private->RunningBits would exceed that limit after initialization.
(Currently Private->RunningBits is checked before it is initialized)."
PR: 207849
Submitted by: Stefan Ehmann <shoesoft@gmx.net>
Approved by: ports-secteam (with hat)
www/py-django18: update 1.8.7 -> 1.8.10
www/py-django: update 1.8.7 -> 1.8.10 (manual)
- MFH just the version bumps. Additional changes in ports/head marked
www/py-django as IGNORE in r406202 in preparation of making it a meta
port and set the RUN_DEPENDS of dependent ports to www/py-django18
(r406203 and r406208). Those changes will not be merged.
Security: CVE-2016-2512
Security: CVE-2016-2513
Security: https://vuxml.FreeBSD.org/freebsd/f9e6c0d1-e4cc-11e5-b2bd-002590263bf5.html
Approved by: ports-secteam (with hat)
www/firefox: simplify upstream graphite2 update-helper
www/firefox{,-esr}: update to 45.0 (rc2) / 38.7.0
Prepare www/firefox a bit for ESR45:
- [e10s] Make layers.progressive-paint;true work at least on 11.0-CURRENT
- Chase bundled versions for system dependencies [1]
- Drop unused/broken system opus and speex support
Changes: https://www.mozilla.org/firefox/45.0/releasenotes/
Changes: https://www.mozilla.org/firefox/38.7.0/releasenotes/
PR: 207686 [1]
Security: 2225c5b4-1e5a-44fc-9920-b3201c384a15
Approved by: ports-secteam (feld, merge conflict blanket)
Update net/rabbitmq to version 3.6.1.
From the release notes:
This release fixes a number of bugs in 3.6.0 and earlier versions,
as well as one security issue (CVE-2015-8786) in the management
plugin. It also contains usability improvements.
CVE 2015-8786 has not been publicly announced yet.
Security: CVE-2015-8786
Approved by: ports-secteam (miwi)
Security upgrade to new upstream release 0.67.
Unix-relevant changes:
* Security fix: a buffer overrun in the old-style SCP protocol when receiving
the header of each file downloaded from the server is fixed. (CVE-2016-2563)
* Assorted other robustness fixes for crashes and memory leaks.
Security: 7f0fbb30-e462-11e5-a3f3-080027ef73ec
Security: CVE-2016-2563
Approved by: ports-secteam (feld)
Update to upstream version 0.13.2; enable ASM by default on i386
As verified by submitter of [1], ASM optimised routines now work
on i386 out of the box, hence enable by default.
This release contains runtime bugfixes (from changelog):
- Fix an issue with the new duplicate checking, which could lead to
missing subtitles after seeking.
- Fix a crash with CoreText under specific circumstances
While on it:
- Use default description for ASM from bsd.options.desc.mk
PR: 207723 [1]
Submitted by: sasamotikomi@gmail.com
Reviewed by: riggs
Approved by: ports-secteam (feld)
Make print/tex-dvipsk a runtime dependency.
Two reasons for this:
1. Document builds can fail without it even when using pdftex.
From dblatex -d -D:
Build uwm-pc-user-guide.pdf
pdflatex failed
Unexpected error occured
Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/dbtexmf/core/dbtex.py", line 332, in compile
donefiles = self._compile()
File "/usr/local/lib/python2.7/site-packages/dbtexmf/core/dbtex.py", line 400, in _compile
self.make_bin()
File "/usr/local/lib/python2.7/site-packages/dbtexmf/core/dbtex.py", line 317, in make_bin
batch=self.texbatch)
File "/usr/local/lib/python2.7/site-packages/dbtexmf/dblatex/runtex.py", line 113, in compile
self.texer.compile(texfile)
File "/usr/local/lib/python2.7/site-packages/dbtexmf/dblatex/grubber/texbuilder.py", line 73, in compile
raise OSError("%s compilation failed" % self.tex.program)
OSError: pdflatex compilation failed
/tmp/tmpe0bJK0 not removed
From tail -n 11 /tmp/tmpe0bJK0/uwm-pc-user-guide.log:
Here is how much of TeX's memory you used:
22571 strings out of 493117
331796 string characters out of 6138550
659827 words of memory out of 5000000
19593 multiletter control sequences out of 15000+600000
89643 words of font info for 150 fonts, out of 8000000 for 9000
1141 hyphenation exceptions out of 8191
48i,21n,51p,484b,2429s stack positions out of 5000i,2500n,10000p,300000b,80000s
!pdfTeX error: pdflatex (file 8r.enc): cannot open encoding file for reading
==> Fatal error occurred, no output PDF file produced!
2. dvips is a valid backend to specify with dblatex -b.
PR: 201592
Submitted by: Jason Bacon <bacon4000@gmail.com>
Approved by: portmgr (miwi)
security/openssl: Revert disabling of SSLv2 and MD2
Disabling SSLv2 without a shared library bump has a visible impact to
some applications. It is unclear at this time if disabling MD2 could
cause the same issues, but both are being reverted at the moment to be
safe.
PR: 195796
Approved by: ports-secteam (with hat)
security/nss: unbreak build on 9.x after r409978
Drop -ansi as it often breaks build e.g., C++-style comments in C code.
secasn1d.c: In function 'sec_asn1d_parse_leaf':
secasn1d.c:1611: error: expected expression before '/' token
secasn1d.c:1622: error: expected expression before '/' token
secasn1d.c:1629: error: expected expression before '/' token
secasn1d.c:1621: warning: unused variable 'len_in_bits'
Reported by: pkg-fallout
Pointy hat: jbeich
Approved by: ports-secteam bustage fix blanket
audio/alsa-plugins: partially revert r380063
Restore BUFSZ_P2=on by default as a temporarily fix for excessive CPU usage
in Firefox. r378529 wasn't enough to make BUFSZ_P2=off transition smooth.
PR: 203732
Reported by: Henry Hu, Arto Pekkanen, many more indirectly
Approved by: ports-secteam (feld)
security/openssl: Disable SSLv2 and MD2
SSLv2 is being disabled due to DROWN.
MD2 is being disabled as it should not have been enabled by default.
This was disabled by upstream back in 2009.
PR: 195796
Approved by: delphij, eadler
Security: CVE-2009-2409
Security: CVE-2016-0800
Approved by: ports-secteam (with hat)
Fix the port's configure script to properly detect SQLite3.
This has been broken since r397227 ("Upgrade to 3.1"): the port's build system
passes -ldl when trying to detect SQLite3. Since this will always fail on
FreeBSD, SQLite3 support will always be disabled as well.
PR: 203424
Approved by: ports-secteam (junovitch)
Security Update to 4.5.5.1
Multiple XSS vulnerabilities and a man-in-the-middle attack against
API calls to GitHub.
Security: f682a506-df7c-11e5-81e4-6805ca0b3d42
Approved by: ports-secteam (junovitch)
Respect timezone settings, remove unnecessary pkg-install script
Detailed maintainer log:
- Remove the setting of the TZ, LC_ALL and LANG shell variables from rc
script. This resolves an issue where the emby-server timezone was set to
UTC, causing show air dates and TV guides to be off by a number of hours
for some users [1]. Setting these variables was originally added when
mono 3.12.1 was in the ports tree, to avoid mono throwing a number of
System.TimeZoneNotFound exceptions when run in debugging mode [2]. Whilst
these exceptions are still thrown, they are caught and the mono code now
only sets the time to UTC if the correct timezone cannot be found from
the TZ variable or /etc/localtime.
- Remove pkg-install script as it is no longer necessary to download
Mozilla's root certificates and import them into the Mono Trust store
(this was actually never effective, as the certificates were saved into
the root user's mono trust store instead of the emby user's store).
- Bump PORTREVISION
[1] http://emby.media/community/index.php?/topic/13083-freenas-plugin/?p=299783
[2] mono --debug --trace=N:nothing /usr/local/lib/emby-server/MediaBrowser.Server.Mono.exe -ffmpeg /usr/local/bin/ffmpeg -ffprobe /usr/local/bin/ffprobe -programdata /var/db/emby-server
PR: 207436
Submitted by: woodsb02@gmail.com (maintainer)
Approved by: ports-secteam (feld)
Fix line breaks conversion.
Current japanese/today converts each file's line breaks from CRLF to LF
with the following procedure in Makefile:
${SED} 's/.$$//'
It is a very problematic method, and breaks many Japanese strings in
the data files (*.tbl).
To solve the problem, use "${TR} -d '\015'" for the conversion.
PR: 206568
Submitted by: WATANABE Kazuhiro <CQG00620@nifty.ne.jp> (maintainer)
Approved by: portmgr blanket approval
Depend on multimedia/vlc-qt4 instead of multimedia/vlc.
multimedia/vlc conflicts with multimedia/vlc-qt4, and the latter is needed by
multimedia/phonon-qt4 and consequently by x11/kde4-workspace and other KDE4
ports.
Since Kaffeine depends on parts of KDE4 such as x11/kdelibs4, it makes more
sense to depend on vlc-qt4 instead.
PR: 204690
Approved by: ports-secteam (feld)
x11-drivers/xf86-input-wacom: prevent devd(8) loading ums(4) first
devd(8) tries to load drivers for some classes of devices while rc.d/wacom
disables ums(4) for wacom devices. Adding quirks after the driver is loaded
would be too late.
PR: 207506
Submitted by: rozhuk.im@gmail.com
Approved by: ports-secteam (feld)
Update xerces-c3 and shibboleth to latest versions
The update in xerces fixes a buffer overflow security problem that exposes the
possibility of a denial of service attack, and could conceivably result in
remote code execution.
Users of Shibboleth or any other service usingi the xerces-c3 xml library are
recommended to upgrade promptly.
URL: http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt
Security: CVE-2016-0729
Approved by: ports-secteam (feld)
r406862 (net/samba36 only):
Remove deprecated @dirrm's from pkg-plist of samba ports.
Note that net/samba4 got it's PORTVERSION bumped as stage-qa found
one file not included in pkg-plist.
PR: 205950
Submitted by: myself
Approved by: maintainer timeout
r409126:
net/samba36: Mark DEPRECATED
This Samba port was not yet marked deprecated. It has been EoL since 2015-03-04
r409127:
net/samba36: Extend expiration date
I intended this to align with the next quarterly release.
r409703:
net/samba36: add patches corresponding to 16 Dec 2015 security releases
PR: 206808
Reported by: Marcin Gryszkalis <mg@fork.pl>
Submitted by: takefu@airport.fm (original patch)
Approved by: ports-secteam (with hat)
Security: CVE-2015-5252
Security: CVE-2015-5296
Security: CVE-2015-5299
Security: https://vuxml.FreeBSD.org/freebsd/ef434839-a6a4-11e5-8275-000c292e4fd8.html
Remove custom stderr formatting from net/rabbitmq.
From upstream commit fecd0e5 in rabbitmq/rabbitmq-common:
Opening several ports for single fd is considered undefined behaviour
in erlang. It's safe to replace this whole function with 'io:format'.
Because writing to standard_error with io:format is synchronous - after
this call has returned data was definitely sent to the port. And
`erlang:halt` guarantees that this data will be flushed afterwards.
See also ba531a1 in erlang/otp:
Instead of outputting a formatted message showing errors found, a core
was (often) created.
This commit should fix all issues related to core dumps with RabbitMQ on
Erlang 18, which were most often observed when creating or joining
clusters.
MFH requested because a beam core dump would be most certainly interpreted
as the symptom of something worse within the Erlang VM.
PR: 204147
Submitted by: Alexey Lebedeff (follow up)
Approved by: ports-secteam (miwi)
net-mgmt/xymon-client: Update to 4.3.26
Changelog: http://comments.gmane.org/gmane.comp.monitoring.hobbit/38245
MFH attempt number two. Last commit only updated directory properties
and strangely did not merge as I instructed.
I was not going to MFH the xymon-client update as I believed the client
to have no changes. I have since discovered there is a bug related to
watching log files that has been resolved, so this is now a MFH
candidate.
Approved by: ports-secteam (with hat)
Add a patch to avoid overflows when reading hw.physmem and vfs.bufspace.
Use longs instead of ints, otherwise we risk reporting negative values.
Submitted by: Axel Gonzalez <loox@e-shell.net>
Approved by: portmgr blanket approval
net-mgmt/xymon-server: Update to 4.3.26
This is primarily a bug fix release, resolving certain issues with web
page display and browser compatibility introduced with the CSP and XSS
fixes in 4.3.25, and providing additional layers of protection for
incoming data.
Changelog: http://comments.gmane.org/gmane.comp.monitoring.hobbit/38245
Approved by: ports-secteam (with hat)
Patch files to replace ARCH with PICARCH. NOPRECIOUSMAKEVARS makes
bsd.port.mk stop using ARCH but the package builders set ARCH in their
make.conf anyway.
Some libraries were missing from the package because of this.
Reported by: Jason Bacon <bacon4000@gmail.com>
Approved by: ports-secteam (feld)
Set ALL_TARGET to poco.
The "all" target builds samples and tests regardless of whether they were
disabled in the configuration script (consequently not honoring the options set
in the port).
Approved by: ports-secteam (feld)
Fix the build on 9.3-i386 by working around base GCC's limitations.
Add the "LL" suffix to constants that base GCC thinks are too big.
PR: 207486
Approved by: ports-secteam (feld)
devel/libunicode: properly register iconv dependency
Avoid accidentally using converters/libiconv symbols when libc is
desired by passing -DLIBICONV_PLUG during build. This fixes the
following error in consumers:
/usr/local/lib/libunicode.so.0: undefined reference to `libiconv'
/usr/local/lib/libunicode.so.0: undefined reference to `libiconv_close'
/usr/local/lib/libunicode.so.0: undefined reference to `libiconv_open'
PR: 206966
Submitted by: vvd@unislabs.com
Approved by: portmgr blanket
Approved by: ports-secteam (feld)
Unmark BROKEN.
The distfile has been restored in MASTER_SITES.
PR: 207376
Submitted by: Jason Bacon <bacon4000@gmail.com> (maintainer)
Approved by: portmgr blanket approval
Update MASTER_SITES for the KActivities ports.
Upstream has decided to move existing files to a new location. Ugh.
Submitted by: Tobias Berner <tcberner@gmail.com>
Approved by: portmgr blanket approval
[Backporting this change is necessary after r409158 introduced a requirement
on this port in the 2016Q1 branch]
- Add p5-Schedule-Cron-Events 1.94
- While I'm here, add NO_ARCH
Given a line from a crontab, tells you the time at which cron will next run the
line, or when the last event occurred, relative to any date you choose. The
object keeps that reference date internally, and updates it when you call
nextEvent() or previousEvent() - such that successive calls will give you a
sequence of events going forward, or backwards, in time.
Use setCounterToNow() to reset this reference time to the current date on your
system, or use setCounterToDate() to set the reference to any arbitrary time, or
resetCounter() to take the object back to the date you constructed it with.
This module uses Set::Crontab to understand the date specification, so we should
be able to handle all forms of cron entries.
WWW: http://search.cpan.org/dist/Schedule-Cron-Events/
PR: 205247
Submitted by: Andrey Kuzmin <akuz84@gmail.com>
PR: 205867
Approved by: portmgr (antoine)
Update to 0.2.15.
0.2.15 was released in October 2015.
Release notes: http://www.openblas.net/Changelog.txt
This update introduces support for new CPU architectures, such as Intel's
Broadwell and Skylake. In practice, this means people using those architectures
can actually build the port now (OpenBLAS seems to do some CPU-detection that
cannot be easily turned off and refusing to build on unrecognized CPUs).
Port changes:
- Reorganize a few variables in Makefile.
- Refresh patches.
PR: 206886
Submitted by: Adriaan de Groot <groot@kde.org> (first version),
Eijiro Shibusawa <phd_kimberlite@yahoo.co.jp> (maintainer)
Approved by: ports-secteam (feld)
- Switch to new method of depending on Twisted, USES=twisted is
DEPRECATED.
- Update and add TEST_DEPENDS, update test target
- Remove TESTS option
- Correctly limit Python version to -2.7
- Enable architecture independence (NO_ARCH)
Approved by: ports-secteam (miwi)
Remove mail/pronto: unmaintained since 2013, last release was in 2002,
breaks dependency graph since databases/p5-Mysql was removed in 2015.
Approved by: ports-secteam (feld)
commits as needed to reduce merge conflicts, plus a few cleanup commits.
This commit merges revisions 405244, 405560, 405637, 405641, 405643,
406201, 406224, 406230, 406231, 406233, 407537 and 409060 from head.
PR: 207272
Security: CVE-2015-7547
Approved by: ports-secteam (feld)
r405873 introduced support to 'or later' concept on licenses, adding a
plus sign in the end of license name
This revision was never merged into quarterly but individual MFH commits
introduced some changes adding these licenses, what end up marking port
as IGNORED when BATCH is defined, as poudriere does, because license is
unknown
This commit reverts these individual changes
Approved by: ports-secteam (feld)
Sponsored by: Rubicon Communications (Netgate)
This patch fixes alignment of self-test context in salsa20 required
for amd64 implementation.
Other changes:
- Regenerate patches to make portlint(1) happy
- Update MAINTAINER to my @FreeBSD.org address
- Bump PORTREVISION
PR: 206919
Approved by: junovitch (mentor)
Approved by: ports-secteam (eadler)
Set `command' before using it in the startup script.
This fixes the status command which was returning "eval: -L: not found"
before.
PR: 206722
Submitted by: dburkland@dburkland.com (first version),
Toxic <toxic@doobie.com> (maintainer)
Approved by: ports-secteam (feld)
Fix path to the milter-greylist binary in the startup script.
PR: 207185
Submitted by: Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)
Approved by: ports-secteam (feld)
games/freesweep: update 0.92 -> 1.0.1
- Transfer MAINTAINER from ports@ to submitter
- Update LICENSE
- Switch from GOOGLE_CODE to USE_GITHUB; use the maintainer's repository
- While here, convert to conditional docs target
- Expand on pkg-descr
- MFH as the original upstream version seg faults upon winning a game and
the maintainer is now a co-maintainer with the upstream project
PR: 205052
Submitted by: Randy Westlund <rwestlun@gmail.com> (incoming maintainer)
Reviewed by: amdmi3 (earlier version)
Approved by: ports-secteam (feld)
Update PostgreSQL to latest versions.
Security Fixes for Regular Expressions, PL/Java
This release closes security hole CVE-2016-0773, an issue with regular
expression (regex) parsing. Prior code allowed users to pass in expressions
which included out-of-range Unicode characters, triggering a backend crash.
This issue is critical for PostgreSQL systems with untrusted users or which
generate regexes based on user input.
The update also fixes CVE-2016-0766, a privilege escalation issue for users of
PL/Java. Certain custom configuration settings (GUCS) for PL/Java will now be
modifiable only by the database superuser
URL: http://www.postgresql.org/about/news/1644/
Security: CVE-2016-0773, CVE-2016-0766
Approved by: ports-secteam
Fix dependencies: x265, opus, twolame, fribidi
x265 was not correctly detected due to link attempt to libdl.
Also avidemux now automatically detects the presence of opus,
twolame and fribidi during configure and builds additional
plugins for them.
This changeset introduces new OPTIONS FRIBIDI OPUS TWOLAME
(all non-default) and fixes plugins pkg-plist.
Bump PORTREVISION for avidemux-*
PR: 206945
Submitted by: mi
Reviewed by: riggs
Approved by: ports-secteam (feld)
multimedia/emby-server: Fix dependencies and improve pkg-msg
* Remove dependency on multimedia/libmediainfo (now uses FFMpeg instead)
* Add X11 OPTION (ON by default) for user to choose dependency of
graphics/ImageMagick or graphics/ImageMagick-nox11
* Improve pkg-message to prompt the user to some additional
options that can be set when building multimedia/ffmpeg and
graphics/ImageMagick in order to optimise their Emby Server experience.
PR: 207155
Submitted by: woodsb02@gmail.com (maintainer)
Approved by: ports-secteam (feld)
Mk/Uses/cran.mk: fix test target.
R no longer accepts the --no-rebuild-vignettes argument, instead requiring
the --no-build-vignettes (only used if pdflatex is not installed).
PR: 207154
Approved by: wen (maintainer)
Approved by: ports-secteam (feld)
Remove CONFIGURE_LOG
ffmpeg now uses config.log instead of previously config.err.
Setting CONFIGURE_LOG in port Makefile has become obsolete.
No change in resulting package, no PORTREVISION bump.
PR: 207136
Submitted by: mi@ALDAN.algebra.com
Reviewed by: riggs
Approved by: ports-secteam (feld)
Update to 13.7.2
I should have merged this one together with r408743, it cointains
needed parts to make it build on 9.x
Approved by: ports-secteam (broken build on quarterly blanket)
- Update net/asterisk11 to 11.21.2, which provides a fix for the
old OpenSSL included in 9.x
- Backport the fis to net/asterisk (asterisk 1.8)
- net/asterisk13 already includes this fix, so remove my workaround
While here, asterisk 1.8 reached EOL on 2015-10-21, so DEPRECATE
it and add an expiration time.
Approved by: ports-secteam (feld)
Backport two Pillow security fixes.
Pillow 3.1.1 was released a few days ago [1], and some of the security fixes
in that release also apply to PIL:
* bcaaf97f4f
* ae453aa18b
[1] https://pillow.readthedocs.org/en/3.1.x/releasenotes/3.1.1.html
PR: 207054
Approved by: mainland@apeiron.net (maintainer)
Security: a8de962a-cf15-11e5-805c-5453ed2e2b49
Security: 6ea60e00-cf13-11e5-805c-5453ed2e2b49
Security: CVE-2016-0775
Approved by: portmgr blanket approval
devel/cargo: Build on amd64 only
Cargo requires a prebuilt bootstrapped version of itself. The only one
available for FreeBSD is for amd64.
This prevents build failures on i386.
Reviewed by: jbeich
Approved by: ports-secteam (feld), jbeich
Differential Revision: https://reviews.freebsd.org/D5219
audio/jack: properly specify readline dep (detected by Synth)
No portrevision bump necessary as this change does not alter the
package contents. It just fixes the deps specification.
Approved by: ports-secteam (with hat)
Revert recent change on performance_schema; introduce OPTION for it
The recent port version 5.7.10_2 introduced a change in the default
behaviour of performance_schema. Due to an ongoing debate in the
community whether the default setting should lean towards performance
(previous default before 5.7.10_2) or memory consumption, maintainer
had changed the default to memory consumption in 5.7.10_2.
This introduces an OPTION knob PERFSCHM to control the default behaviour
of performance_schema. It defaults to ON, hence restoring the previous
default.
Bump PORTREVISION.
PR: 206912
Submitted by: smh
Reviewed by: mokhi64@gmail.com (maintainer), riggs
Approved by: ports-secteam (feld), mokhi64@gmail.com (maintainer)
x11/kde4-workspace: fix OpenGL tests with nVidia's libGL
nVidia's libGL causes a segfault in ld-elf if the application that is linking
to libGL also links to another library (ordered before linking to libGL) and
the second library links to libthr. For example:
kwin_opengl_test
-> libXft
-> libthr
-> libGL
Two workarounds are known:
1) Change the linking order to have libGL linked first, or
2) Also link to libthr in the (base) application.
This patch implements the latter fix.
PR: 205149, 206899
Approved by: ports-secteam (feld@)
Adjust MASTER_SITES for all digiKam ports.
digiKam 4.2.0 which is currently in ports is quite old, and was moved along
with all releases older than 4.10.0 to another location in download.kde.org.
This should fix `make fetch' for graphics/digikam* and graphics/kipi-plugin*.
Approved by: portmgr blanket approval
Update to 1.2.19.
Bugfix
* Fix bug in certificate validation that caused valid chains to
be rejected when the first intermediate certificate has
pathLenConstraint=0. Found by Nicholas Wilson.
Introduced in mbed TLS 1.3.15. #280
* Removed potential leak in rsa_rsassa_pkcs1_v15_sign(), found
by JayaraghavendranK. #372
Approved by: ports-secteam
www/chromium: update to 48.0.2564.103
The tarballs have been rerolled by upstream at least once after initial
creation, but no differences have been found.
Submitted by: Christoph Moench-Tegeder
Approved by: ports-secteam (feld)
sysutils/py-salt: update 2015.8.4 -> 2015.8.5
Note that 2015.8.4 resolved CVE-2016-1866 but introduced a bug that broke a
lot of Salt functionality. This update is functionally equivalent to the
current patched 2015.8.4_1 port but brings us back in line with upstream.
PR: 206906
Submitted by: Christer Edwards <christer.edwards@gmail.com>
Approved by: ports-secteam (feld)
- Update net/asterisk11 to 11.21.0
- Update net/asterisk13 to 13.7.0
- Add security fixes to net/asterisk port (PORTVERSION bumped)
- Update net/asterisk11 to 11.21.1
- Update net/asterisk13 to 13.7.1
The security update included in these commits introduces an unexpected
incompatibility with FreeBSD 9.3 bundled OpenSSL.
Unluckily simply forcing this port to use ports provided openssl
on 9.x isn't viable, since ftp/curl by default links with base
openssl. A default binary package would just crash on startup
when loading the asterisk curl module, due to conflicting openssl
implementations being used.
This commit adds a check in the Makefile, copied from the ftp/curl
port, which removes the offending (and unsupported on that openssl
version) code from the source file when linking against base OpenSSL
on 9.x.
Security: 559f3d1b-cb1d-11e5-80a4-001999f8d30b
Approved by: ports-secteam (feld)
- Fix plist
- binary_log_types.h is now installed only by client, not server
- lib/mysql/plugin/ha_example.so is only installed if
EXAMPLES OPTION is turned off
- Bump PORTREVISION
- Allow slave port to override PORTREVISION if necessary
- Deactivate performance_schema feature to conserve memory
- Add notes to pkg-message:
- root password
- performance_schema feature is deactivated by default to reduce
memory footprint
- Allow port to build while boost-libs-1.55 is installed
PR: 205956 206065 206612 206879
Submitted by: smh
Reviewed by: mokhi64@gmail.com (maintainer)
Approved by: ports-secteam (feld), mokhi64@gmail.com (maintainer)
sysutils/py-salt: Patch to fix major regression
There was a major regression in 2015.8.4 which breaks a lot of salt
functionality. This adds a patch to fix it ahead of the upcoming
2015.8.5. The reason for patching in the ports tree is that there is a
major CVE that is addressed in 2015.8.4 which should be resolved
immediately by merging a functional salt to quarterly.
Regression: https://github.com/saltstack/salt/issues/30820
Security: CVE-2016-1866
Security: https://vuxml.freebsd.org/freebsd/0652005e-ca96-11e5-96d6-14dae9d210b8.html
Approved by: ports-secteam (with hat)
devel/py-pip: Add pkg-message user WARNING
Add a pkg-message warning users not to use pip to install packages in
the system-wide Python environment location. This should have been done
a long time ago.
While I'm here:
- Add LICENSE_FILE
- Enable NO_ARCH
- Match *_DEPENDS versions to those in setup.py
- Fix incorrect pytest-xdist package name match
PR: 205881, 205819
Reported by: many
Suggested by: many
MFH: 2016Q1
Approved by: ports-secteam (blanket)
Fix build on 9.3-amd64 after r407349.
9.3-i386, which is what I was using for testing the build on FreeBSD 9, worked
fine, but 9.3-amd64 was broken with -Werror. Add a patch I sent upstream to
stop trying to cast NULL into an int, which was making GCC 4.2.1 complain:
platform/freebsd/arch/x86_common.h: In function 'arch_get_register':
platform/freebsd/arch/x86_common.h:48: warning: cast from pointer to integer of different size
platform/freebsd/arch/x86_common.h: In function 'arch_set_register':
platform/freebsd/arch/x86_common.h:57: warning: cast from pointer to integer of different size
platform/freebsd/arch/x86_common.h:59: warning: cast from pointer to integer of different size
platform/freebsd/freebsd_ptrace.c: In function 'ptrace_memcpy_to_child':
platform/freebsd/freebsd_ptrace.c:267: warning: cast from pointer to integer of different size
platform/freebsd/freebsd_ptrace.c: In function 'ptrace_memcpy_from_child':
platform/freebsd/freebsd_ptrace.c:282: warning: cast from pointer to integer of different size
PR: 206539
Approved by: portmgr blanket approval
mail/opensmtpd: update to 5.7.3p2
Details at https://github.com/OpenSMTPD/OpenSMTPD/issues/650
While at it, remove a stale patch that isn't applicable anymore. Upstream
implements this logic already, and the patch doesn't actually patch anything.
PR: 206816
Submitted by: sa.inbox@gmail.com
Approved by: portmgr@ (bapt)
py-py3dns is a Python 3.x only package, so limit USES=python
accordingly. ipaddr is needed on <= 3.2, so add it as a conditional
RUN_DEPENDS.
While I'm here:
- Add NO_ARCH
- Add test target, TEST_DEPENDS and patch outdated unit test assertions
that test against live domains, not mocked responses.
- Remove unnecessary setup.py patch
- Match COMMENT to setup.py:description
- Sort and group USE{S} entries
PR: 206645
Reported by: danger
Approved by: portmgr (blanket)
Differential Revision: D5083
Approved by: ports-secteam (feld)
Revision 404778 [1] modified py-pyspf to only use dns/py3dns instead
of conditionally using dns/py-dns and py-py3dns depending on whether
Python 2.x or 3.x was being used.
dns/py-py3dns is a Python 3.x *only* package, but the port does not
currently [2] limit itself to USES=python:3.0+.
This results in errors for all dependent ports of py-pyspf when
Python 2.x is used, which was reported for
mail/postfix-policyd-spf-python. [3]
pyspf's README notes the following requirements:
This package requires PyDNS (or Py3DNS for running with Python 3) and
either the ipaddr or python3.3 and later
This package requires authres from either pypi or
http://launchpad.net/authentication-results-python to process
and generate RFC 5451 Authentication Results headers.
The spf module in this version has been tested with python3.2 and does
not require using 2to3.
Accordingly, this change:
- Reverts to conditional RUN_DEPENDS on dns/py-dns or py-py3dns
depending on whether Python 2.x or Python 3.x is being used.
- Adds authres to RUN_DEPENDS
- Adds a conditional RUN_DEPENDS on devel/py-ipaddr, depending on
Python version.
While I'm here:
- Sort and group USE{S} entries
- Match COMMENT to setup.py:description
- Add test and post-extract targets, TEST_DEPENDS, and patch files
so that tests can be run properly
- Pet several portlint warnings
[1] https://svnweb.freebsd.org/changeset/ports/404778
[2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206645
[3] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206643
QA:
* portlint: OK (WARN: Makefile: [47]: possible use of "${CHMOD}")
* porttest: OK (poudriere: 11amd64, python27, python34)
* unittest: OK (Ran 425 tests in 0.155s)
PR: 206643
Reported by: danger
Approved by: portmgr (blanket)
Differential Revision: D5082
Approved by: ports-secteam (feld)
devel/gdcm: update 2.4.4 -> 2.6.3
- Switch off by default DOCS option for Doxygen docs to DOXYGEN
- Switch DOXYGEN bits to options helpers
- Standardize on the more prevelant ON/OFF CMAKE flags
- Set USE_LDCONFIG=yes as ${PREFIX}/lib is the default
- Add gdcmviewer to DESKTOP_ENTRIES
PR: 203479
Submitted by: tkato432@yahoo.com (with changes)
Approved by: ports-secteam (miwi)
Security: CVE-2015-8396
Security: CVE-2015-8397
Security: https://vuxml.FreeBSD.org/freebsd/e00d8b94-c88a-11e5-b5fe-002590263bf5.html
Remove unused and hence confusing OSSP_UUID parameters from Makefile [2]
The path to perl in hard coded into pgxs/src/Makefile.global which is
then installed. Hence, we must depend on perl when that file is installed.
PR: 192387 [2]
PR: 206046 [4]
Approved by: portmgr
MFH: r406872 (direct commit to openoffice-4 only)
MFH: r407439
r405096:
Correct the Icon entry in the .desktop files so that the icons are
visible in the menu.
r406872:
PORTREVISION bump to allow a clean merge of the next
r470439: [1]
Fix nss-related problems with password-protected documents.
Apply patches from upstream commits r1724971 and r1726068 to fix
upstream bug <https://bz.apache.org/ooo/show_bug.cgi?id=125431>,
"The Password is incorrect. The file cannot be opened."
PR: 205758
PR: 206234
Submitted by: Arrigo Marchiori <ardovm AT yahoo.it> [1]
Approved by: ports-secteam (miwi - r407439)
Approved by: ports-secteam (feld - r405096, r406872)
- Fix BROKEN, port assumed that WRKDIR = WRKSRC and this is not
true since CHANGES@20151105
- Unmute and simplify install commands, move file ownership
changes through chown to pkg-plist
- Sort pkg-plist and remove deprecated @dirrm
Approved by: portmgr blanket
Approved by: ports-secteam (feld)
Execute run_rc_command even if the config file doesn't exist. Previously,
until you followed the instructions in pkg-message, the config file didn't
exist and rc.d/dovecot would just silently exit.
While here, also spit out a message reminding you to create the config
files if necessary.
PR: 205761
Submitted by: me@cschwarz.com
Approved by: ports-secteam (feld)
In x11/leechcraft, change the syntax of C++11 braced initializers with
multiple elements to correspond to C++ WG paper N3922. E.g, instead of:
auto foo { 1, 2, 3, 4 };
one should write:
auto foo = { 1, 2, 3, 4 };
This makes the port compile with clang 3.8.0 and higher, or gcc 5.0 and
higher.
Approved by: ports-secteam (feld)
PR: 206650
During the exp-run in bug 206074, it was found that www/libxul gives
errors with a recent clang 3.8.0 snapshot:
../../dist/include/mozilla/dom/MessageEvent.h:61:32: error: reference to 'MessagePort' is ambiguous
void SetSource(mozilla::dom::MessagePort* aPort);
^
This is caused by unneeded forward declarations of class MessagePort,
MessagePortBase and MessagePortList. These can be removed.
Obtained from: pkgsrc
Approved by: ports-secteam (delphij)
PR: 206333
Fix build on FreeBSD 9 and clean up.
- Add a small patch to fix the build on FreeBSD 9 and unmark it BROKEN there.
- Drop patch-Makefile, everything that it was changed can be set via MAKE_ARGS
instead.
- Unconditionally install the bash-completion file and stop build-depending on
shells/bash-completion: it is not needed at all, reptyr just installs a file
into a bash-completion directory and does not actually need it for that.
The BASH option was not even working before r407168 (see bug 206541).
PR: 206539
Approved by: Andrey Cherkashin <andoriyu@gmail.com> (maintainer)
Approved by: portmgr (miwi)
audio/mp3stat: update maintainer and unbreak
- Update MAINTAINER; pass from ports@ to submitter
- Update MASTER_SITES link to maintainer's mirror and remove BROKEN
- Remove DISTNAME and update distinfo for new name; SHA256 remains identical
- Wrap pkg-descr text at 76 characters and update WWW: to new mirror
PR: 206172
Submitted by: Chris Hutchinson <portmaster@bsdforge.com>
Approved by: portmgr blanket
Update to 1.0.0, the first production version. This includes security
fixes for CVE-2015-8373 in addition to the following improvements:
- Lease expiration. A configurable mechanism which provides the
ability to properly clean up expired leases including hook points,
DNS clean up, and logging.
- Client classification. Initial support for client classification
using conditional logic expressions to test inbound packet content
is available for both DHCPv4 and DHCPv6.
- Decline support in both DHCPv4 and DHCPv6.
- New statistics. Several new statistics have been added. They can be
used to monitor lease expiration and decline processing.
- PXE boot. Several new DHCPv4 and DHCPv6 options useful for PXE and
iPXE boot are now supported.
- Host Reservations in MySQL. Kea is now able to store host
reservations in both its configuration file and a MySQL
database. While currently available only for DHCPv4, this
functionality will be available for DHCPv6 in an upcoming release.
- Kea 1.0.0 is released under new license Mozilla Public License
2.0. Earlier releases were licensed under the ISC license. The new
license is slightly more restrictive than the original ISC license.
Security: CVE-2015-8373
Security: https://kb.isc.org/article/AA-01318/0/CVE-2015-8373-ISC-Kea%3A-unexpected-termination-while-handling-a-malformed-packet.html
Security: https://vuxml.FreeBSD.org/freebsd/59e7eb28-b309-11e5-af83-80ee73b5dcf5.html
Approved by: ports-secteam (feld)
- Unbreak the build on 9.x (against GCC 4.2): it was failing due to -ansi
option passed by default, which does not allow C++-style comments in C
source code (Clang is more forgiving):
/usr/local/include/clamav.h:170: error: expected identifier or '('
before '/' token
/usr/local/include/clamav.h:170: error: stray '#' in program
- Really respect CFLAGS by fixing configure script
- Do not hardcode DISTVERSION in MASTER_SITES
- Do not install COPYING file as part of portdocs: it's installed via
LICENSE_FILE already
- Convert the port to use option helpers, fix a typo (VIRUSTAGSC ->
VIRUSTAG_DESC), wrap overly long lines
- Augment port description text while I'm at it
Approved by: ports-secteam (with hat)
During the exp-run in bug 206074, it was found that emulators/simh gives
errors with a recent clang 3.8.0 snapshot [1]:
/usr/bin/ld: unrecognized option '-plugin'
And more of such linking errors. This is because the simh main Makefile
attempts to use -flto -fwhole-program with clang, but this support
depends on the correctly link time optimization infrastructure being
installed (e.g. the LLVMgold.so plugin, and more).
Since LTO is not available yet in base, here is a patch to disable the
use of these options more thorougly.
Approved by: ports-secteam (delphij)
PR: 206411
Stop installing the reptyr completion.
Import an upstream commit that installs the reptyr completion as _reptyr to
avoid conflicts with the version that reptyr itself has started shipping.
It is required for bash-completion not to conflict with sysutils/reptyr.
PR: 206541
Approved by: adamw (maintainer)
Approved by: ports-secteam (delphij)
- math/plplot depends on the legacy math/qhull5, and since this port
conflicts with the new one, it was impossible to install together
math/plplot and math/qhull;
- fix PKG_CONFIG_DIR.
PR: ports/205937
Submitted by: /me
Approved by: maintainer
Approved by: ports-secteam (with hat)
In the copy of mednafen included in libretro-cores, replace a named
label in inline assembly in an inline function with a local label.
This prevents "invalid symbol redefinition" errors when the function is
inlined multiple times, for example within an unrolled loop.
Approved by: yuri@rawbw.com (maintainer)
PR: 206542
Approved by: ports-secteam (with hat)
vietname/urvwn: Remove unnecessary <pre>/<post> inclusions
By using ${.CURDIR} to include a makefile fragment, we can remove the
bsd.port.pre.mk and bsd.port.post.mk, and correct the OPTIONS definitions
at the same time.
Approved by: ports-secteam (with hat)
Switch to rm because unlink doesn't accept flags.
Pointyhat to: kwm@ for not reading the rm/unlink man page good enough.
Approved by: ports-secteam (with hat)
devel/gitinspector: support build with LANG=C (fix from upstream)
Gitinspect is now 4 releases behind. The problem where gitinspector will
not build when LANG is set to "C" in the environment has been fixed for
14 months already. Apply the patch from the git repository upstream to
fix (due to luck in name, it applies before patch-aa which affects the
same localization file). I recommend that this port be upgraded to a new
release though.
Approved by: just fix it
Approved by: ports-secteam (with hat)
Fix build on FreeBSD 9.
Add the same -D_GLIBCXX_USE_C99 trick that a few other ports use so that gcc48
and its libstdc++ make std::to_string() available.
Approved by: portmgr (miwi)
Mark BROKEN: fails to build
cd /wrkdirs/usr/ports/irc/minbif/work/minbif-1.0.5/src && /usr/bin/c++ -I/usr/local/include/libpurple -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include -I/wrkdirs/usr/ports/irc/minbif/work/minbif-1.0.5/src -O2 -pipe -DX_DISPLAY_MISSING -fstack-protector -fno-strict-aliasing -DHAVE_IMLIB -DHAVE_CACA -DHAVE_PAM -D_REENTRANT -D_FILE_OFFSET_BITS=64 -Wall -Wextra -Wno-unused-parameter -O2 -pipe -DX_DISPLAY_MISSING -fstack-protector -fno-strict-aliasing -o CMakeFiles/minbif.dir/im/account.cpp.o -c /wrkdirs/usr/ports/irc/minbif/work/minbif-1.0.5/src/im/account.cpp
/wrkdirs/usr/ports/irc/minbif/work/minbif-1.0.5/src/im/account.cpp: In member function 'void im::Account::setBuddyIcon(std::string)':
/wrkdirs/usr/ports/irc/minbif/work/minbif-1.0.5/src/im/account.cpp:276: error: 'ImlibLoadError' was not declared in this scope
/wrkdirs/usr/ports/irc/minbif/work/minbif-1.0.5/src/im/account.cpp:276: error: expected `;' before 'err'
/wrkdirs/usr/ports/irc/minbif/work/minbif-1.0.5/src/im/account.cpp:281: error: 'err' was not declared in this scope
/wrkdirs/usr/ports/irc/minbif/work/minbif-1.0.5/src/im/account.cpp:287: error: 'err' was not declared in this scope
Reported by: pkg-fallout
archivers/file_roller: Fix ambiguous RUN_DEPENDS
file_roller requires the ports version of unzip (I'm assuming based on
makefile's specifications). However, since the full path to unzip
was not specified, the base unzip satifies the requirement which results
in the archivers/unzip package not being registered as a run dependency.
Enforce the requirement by specifying "zipinfo" instead. It is a unique
name which ensures archivers/unzip is always registered as a dependency,
thus guaranteeing the ports unzip will be available for file roller.
This requires a bump because all existing packages have a bad registry.
Reported by: fernandel on forums
Approved by: ports-secteam (with hat)
devel/cargo: update to 0.7.0 (release) and cleanup
- Compress :registry with xz(1) to save a few megabytes
- Add BOOTSTRAP option to build with already installed Cargo
- Generate distfiles with BOOTSTRAP=off for extra deps
- Require recent lang/rust to build (older versions not tested)
- Drop cargo-nightly and rust-nightly hacks. The latter is still supported
via RUST_PORT=lang/rust-nightly in environment, make.conf, Makefile.local
- Drop MAKE_JOBS_UNSAFE, builds fine with MAKE_JOBS_NUMBER=32
- Drop _GH0 suffix from non-GitHub distfile
- Don't use OpenSSL port on 11.0-CURRENT (no RPATH in bootstrap)
- Don't install duplicate licenses under DOCSDIR
- Don't depend on lang/python2 when only lang/python27 is used
- Simplify manpage directory substitution
- Fix LICENSE_FILE when used with LICENSE_COMB != single
- Fix gen-registry target when WRKDIRPREFIX == MAKEOBJDIRPREFIX
- Cleanup gen-registry target
- Respect PREFIX != /usr/local
- Prepare CARGO_BOOT_SIG for i386 and DragonFly
- Apply minor style
PR: 205529
Approved by: maintainer timeout (1 month)
Approved by: ports-secteam (feld)
Differential Revision: https://reviews.freebsd.org/D4562
Update bind99 to 9.9.8-P3, bind910 to 9.10.3-P3 and bind9-devel to
latest snapshot.
Security: CVE-2015-8704
Security: CVE-2015-8705
Sponsored by: Absolight
Modernize net/libproxy-python and fix dependencies.
In preparation for updating the libproxy ports to 0.4.12, first land some
changes that also apply to 0.4.6 and can be MFH'ed.
- Make net/libproxy a run-time dependency: we only install .py files in this
port, and they only load libproxy.so when being run. Consequently, also set
NO_ARCH=yes.
- Set NO_BUILD=yes and modernize the installation. Instead of having an empty
do-build target and invoking Python's compileall.py in post-build, do it like
most other ports and call it in post-install (this requires guarding the
post-install target in net/libproxy's Makefile).
We also pass -d to compileall.py to avoid having ${STAGEDIR} in the .pyc and
.pyo files (and shown in exception tracebacks).
- Let the port handle installation instead of defining do-install. We just need
to set INSTALL_WRKSRC appropriately to avoid installing more files than we
want.
Approved by: gnome (kwm)
Approved by: portmgr blanket approval
www/h2o: update 1.6.0 -> 1.6.2 and add LibreSSL option
- OPTIONS: Add bundled LIBRESSL option and set as default
- HTTP/2 support requires TLS ALPN extension missing in base OpenSSL
- Upstream expectation is the bundled LibreSSL is used to support HTTP/2
- Enables ChaCha20-Poly1305 ciphers as a bonus
- Update sample configuration file
- Fix typos in USE_* knobs for www/h2o
Changes: https://github.com/h2o/h2o/releases/tag/v1.6.1
Changes: https://github.com/h2o/h2o/releases/tag/v1.6.2
PR: 205946
PR: 206193
Submitted by: Dave Cottlehuber <dch@skunkwerks.at> (maintainer)
Approved by: ports-secteam (miwi)
Security: 6c808811-bb9a-11e5-a65c-485d605f4717
net/isc-dhcp42-server: Mark DEPRECATED
This port is not receiving a patch for CVE-2015-8605
Also, set EXPIRES to coincide with 2016Q2 branch creation.
The 4.2 branch reached End of Life in March 2015. [1]
[1] https://kb.isc.org/article/AA-01259/0/DHCP-4.2.8-Release-Notes.html
Security: 05eeb7e9-b987-11e5-83ef-14dae9d210b8
Security: CVE-2015-8605
Approved by: ports-secteam (with hat)
net/isc-dhcp41-server: Update to 4.1-ESV-R12-P1
This fixes CVE-2015-8605.
Mark DEPRECATED and provide EXPIRES to coincide with 2016Q2 branch
creation.
The PORTVERSION scheme of this port is strange, but I am continuing the
current version scheme as this is probably the last release of the 4.1
branch. The ISC Software Support Policy states that 4.1 ESV is support
ends December 2015. [1]
[1] http://www.isc.org/downloads/software-support-policy/
Security: CVE-2015-8605
Approved by: ports-secteam (with hat)
- Move to smarts to allow us to add patchlevels without uncommenting lines
- Don't bump PORTREVISION
Approved by: ports-secteam (with hat)
Security: CVE-2015-8605
Build with ffmpeg-2.8.5; fix zero-day remote vulnerability
Both mentioned CVE IDs refer to vulnerabilities where a remote attacker
can read arbitrary files by using the subfile protocol in an HTTP Live
Streaming (HLS) M3U8 file. Building with 2.8.5 fixes those.
Security: CVE-2016-1897
CVE-2016-1898
Approved by: ports-secteam (miwi)
Upgrade to upstream release 2.8.5; fix zero-day remote vulnerability
Both mentioned CVE IDs refer to vulnerabilities where a remote attacker
can read arbitrary files by using the subfile protocol in an HTTP Live
Streaming (HLS) M3U8 file. The new release fixes those in the process.
PR: 206282
Reported by: sasamotikomi@gmail.com
Security: CVE-2016-1897
CVE-2016-1898
Approved by: ports-secteam (miwi)
- Limit -msse/-msse2 to files that actually use intrinsics
- Limit SSE/SSE2 optimizations to x86 CPUs (exposed as SIMD option)
PR: 205006
Approved by: ports-secteam (feld)
Turn print/cups-client into a LIB_DEPENDency.
The CUPS plugin in src/plugins/printsupport/cups actually links against
libcups.so, so cups-client needs to be more than a build-time dependency.
This is part of Yuri Victorovich's Qt 5.5.1 patch set (which he submitted
without knowing kde@ was already working on the update). This bug fix is
orthogonal to the 5.5.1 update and we had not spotted this before, so I am
landing this separately.
PR: 205805
Submitted by: Yuri Victorovich <yuri@rawbw.com>
Approved by: portmgr blanket approval
Update to 0.9.5 and unbreak.
- Switch MASTER_SITES to the project's SourceForge page. It only contains 0.9.5
though.
- Set LICENSE_FILE.
- Switch to new style OPTIONS helpers.
- Stop setting CFLAGS/CPPFLAGS, everything builds fine without those.
PR: 205780
Approved by: maintainer timeout (bsam, 15 days)
Approved by: ports-secteam (feld)
Update net/miniupnpd to 1.9.20160113
This version fixes a regression that make some clients (eg Xbox / Windows 10)
to fail when try to open ports
PR: 206241
Approved by: ports-secteam (miwi), Tor Halvard Furulund <squat@squat.no> (maintainer)
Obtained from: pfSense
Sponsored by: Rubicon Communications (Netgate)
Fix build on FreeBSD 9.x
gdaldither.cpp: In function 'int FindNearestColor(int, int*, int, int, int)':
gdaldither.cpp:534: note: use -flax-vector-conversions to permit conversions
between vectors with differing element types or numbers of subparts
gdaldither.cpp:534: error: cannot convert 'int __vector__' to 'long long int
__vector__' for argument '1' to 'long long int __vector__
__builtin_ia32_psrlqi128(long long int __vector__, int)'
gdaldither.cpp:539: error: cannot convert 'int __vector__' to 'long long int
__vector__' for argument '1' to 'long long int __vector__
__builtin_ia32_psrlqi128(long long int __vector__, int)'
../GDALmake.opt:582: recipe for target 'gdaldither.o' failed
gmake[1]: *** [gdaldither.o] Error 1
PR: 205701
Submitted by: myself
Approved by: maintainer timeout
Approved by: ports-secteam (miwi)
- Stub implementation of OperatingSystemImpl.
- Partially implement getThreadUserTime() using getrusage(2). Note we can
only get usage for the current thread. Return -1 if the requested function
is not supported, i.e., user time for other threads, rather than crash.
- Properly implement os::elapsedVTime() using getrusage(). Basically, it is
taken from Linux version.
- Temporarily revert r403748 to fix bootstrapping with earlier OpenJDK8.
PR: 205229, 205523, 205544, 205843
Approved by: ports-secteam (feld)
security/openssl: Fix No-SSLv3 option
- This change adds `no-ssl3-method` to config args
- Bump portrevision
Testing with security/openssl buillt with SSL3 option disabled [1]
revealed that the openssl binary and the libraries still support SSLv3
connections and methods. With the added no-ssl3-method argument passed
to the config script, the binary no longer supports the -ssl3 option
and ports requiring SSLv3 methods fail on undefined references to
methods.
PR: 203693 [1]
Reviewed by: koobs (mentor), feld (mentor, ports-secteam), dinoex (maintainer)
Approved by: koobs (mentor), feld (mentor, ports-secteam)
Approved by: ports-secteam
Differential Revision: D4924
Upgrade textproc/kibana43 to version 4.3.1, due to XSS vulnerability.
Differential Revision: https://reviews.freebsd.org/D4831
Approved by: ports-secteam (delphij)
Security: CVE-2015-8131
Upgrade textproc/kibana42 to version 4.2.2, due to XSS vulnerability.
Differential Revision: https://reviews.freebsd.org/D4830
Approved by: ports-secteam (delphij)
Security: CVE-2015-8131
Upgrade textproc/kibana41 to version 4.1.4, due to XSS vulnerability.
Differential Revision: https://reviews.freebsd.org/D4829
Approved by: ports-secteam (delphij)
Security: CVE-2015-8131
comms/dcf77pi: update to version 3.4.2
This update fixes a bug in the century calculation which could result in
wrongly calculated dates.
Approved by: ports-secteam (feld)
www/chromium: display the sysctl requirements for IPC in pkg-message, so that
it gets shown when intalling the port.
PR: 204470
Submitted by: junovitch@
Approved by: ports-secteam (feld)
In certain situations, file references (.py[co]) for Python files that
fail to compile with compileall() are still added to distutils --record
output.
This output is used for pkg-plist generation and must only contain
references to files that will be installed.
One example of a failure condition is when a Python 2/3 compatible
package containing a file containing Python 3.x only code is built with
Python 2.x, such as Gunicorn's _gaiohttp.py [1]
This change backports patches submitted against upstream issue 20397 [2]
that has not yet been committed.
- For Python 2.7 and 3.5, backport both install_lib and test
- For Python 3.2, 3.3 and 3.4, only backport install_lib
[1] https://svnweb.freebsd.org/changeset/ports/404558
[2] https://bugs.python.org/issue20397
Thank you to Brendan Molloy for producing and submitting the patches
against upstream sources.
Reviewed by: sbz (python)
Differential Revision: D4832
Approved by: ports-secteam (miwi)
net/dhcpcd: update 6.9.4 -> 6.10.0
Changes:
* --noption requires an argument
* optimise the ARP BPF filter, thanks to Nate Karstens
* send gratuitous ARP each time we apply our IP address
* fix truncation of hostnames based on the short hostname option
* improve routing and address management by always loading all interfaces,
routes and addresses even for interfaces we are not directly working on
* timezone, lookup-hostname, wpa_supplicant and YP hooks are no longer
installed by default but are installed to an example directory
* fix compile on kFreeBSD
thanks to Christoph Egger for providing a temporary build host
* improve error logging of packet parsing
* fix ignoring routing messages generated by dhcpcd just before forking
* fix handling of rapid commit messages (allow ACK after DISCOVER)
* add PROBE state so we can easily reject DHCP messages received during
the ARP probe phase
* fix CVE-2016-1503
* fix CVE-2016-1504
PR: 206015
Submitted by: Roy Marples <roy@marples.name> (maintainer)
Approved by: ports-secteam (miwi)
Security: CVE-2016-1504
Security: CVE-2016-1503
Security: https://vuxml.FreeBSD.org/freebsd/df587aa2-b5a5-11e5-9728-002590263bf5.html
net-p2p/sonarr: Fix $sonarr_data_dir creation
Now that $sonarr_data_dir is configurable, move creation from package to
rc script to prevent sonarr from failing to start successfully.
PR: 205986
Approved by: ports-secteam (with hat)
net/ntp-devel: Fix untracked gettext dependency & lots more
ntp links against gettext (libintl) if it is installed on the system:
- Add an NLS OPTION to explicitly enable, disable and track libintl dependency
- Add DEBUG and THREADS OPTIONS. Keep the latter enabled by OPTIONS_DEFAULT to
preserve compatibility with existing behaviour.
- Explicitly pass OpenSSL include / library dir paths to configure
- Unsilence install command
- Enable verbose building (--disable-silent-rules)
- Use TOUCH variable instead of hardcoded command
- Add TEST_TARGET to enable test suite
- Pet portlint (*_DEPENDS order, group USE{S} sections, sort OPTIONS)
- Remove empty line in pkg-plist
Approved by: cy (maintainer)
Differential Revision: D4812
Approved by: portmgr (feld)
net/ntp: Fix untracked gettext dependency & lots more
ntp links against gettext (libintl) if it is installed on the system:
- Add an NLS OPTION to explicitly enable, disable and track libintl dependency
- Add DEBUG and THREADS OPTIONS. Keep the latter enabled by OPTIONS_DEFAULT to
preserve compatibility with existing behaviour.
- Explicitly pass OpenSSL include / library dir paths to configure
- Unsilence install command
- Enable verbose building (--disable-silent-rules)
- Use TOUCH variable instead of hardcoded command
- Add TEST_TARGET to enable test suite
- Patch sntp tests to ensure they link correctly to threading library
- Pet portlint (*_DEPENDS order, group USE{S} sections, sort OPTIONS)
Approved by: cy (maintainer)
Differential Revision: D4812
Approved by: portmgr (feld)
Fix MASTER_SITES, regenerate distinfo and unmark BROKEN.
The old download URL was pointing to the zip version of the source code. Switch
to the url that serves a .tar.gz, regenerate distinfo (it contained information
about the .zip file with the wrong extension) and remove a non-working mirror.
Approved by: portmgr blanket
Set MASTER_SITE_SUBDIR again.
The port had been broken since October 2014 when r371113 stopped setting the
MASTER_SITE_SUBDIR. Like devel/py-cycler, the PyPI location is a bit unusual,
with the tarball name being "blogofile-XXX.tar.gz" (lowercase 'b') and the
directory being called "Blogofile", with capital 'B'.
Approved by: portmgr blanket
Revert r404408.
It actually broke `make fetch'. The tarball location in PyPI is a bit
tricky since the directory is called Cycler but the tarball is called
cycler, and this confuses the MASTER_SITE_SUBDIR substitutions.
Approved by: portmgr blanket
---------------
Fix WRKSRC after r404834.
The top-level directory in the tarball is now called "plan9port" instead of
"plan9". This fixes `make patch':
===> Missing license file for LUCENT in /wrkdirs/usr/ports/devel/plan9port/work/plan9/LICENSE
Thanks to antoine for poking me.
---------------
- Fix staging after r405099
While here:
- Remove @dirrm
- Use new method of dealing with permissions and empty dirs
- Remove .hgignore and .hgtags
- Bump PORTREVISION due to plist change
Approved by: portmgr (miwi)
Add fixes for CVE-2015-8665, CVE-2015-8683 and other vulnerabilities.
Besides fixing the two CVEs mentioned above, this change also pulls two
other commits from libtiff upstream fixing other out-of-bounds reads that do
not have corresponding CVEs and were reported directly in libtiff's bug
tracker.
PR: 205923
Approved by: portmgr (antoine)
Obtained from: libtiff CVS repository
Security: b65e4914-b3bc-11e5-8255-5453ed2e2b49
Security: bd349f7a-b3b9-11e5-8255-5453ed2e2b49
Approved by: portmgr blanket
net-p2p/sonarr: Add curl as a dependency
libcurl is needed for fallback when mono has issues with HTTPS
PR: 205784
Approved by: ports-secteam (with hat)
net-im/gajim: update to 0.16.5
Gajim 0.16.5 (28 December 2015)
* Improve MAM implementation
* Improve security on connexion and for roster managment
* Ability for emoticons to be sorted in menu
Approved by: portmgr (blanket)
- rework pkg-install and pkg-message [1]
- install postfix specific mailer.conf.postfix into DATADIR [2]
- use new notation instead PATCH_DIST_STRIP
- bump PORTREVISION
1) detect if the port is installed without TERM, in this case
do not ask the to make postfix the default mailer and respect
the env POSTFIX_DEFAULT_MTA. This helps tools like salt,
ansible, cfengine and puppet during the first package installation.
2) $DATADIR/mailer.conf.postfix can be used by the tools in 1)
Approved by: portmgr (feld@)
- rework pkg-install and pkg-message [1]
- install postfix specific mailer.conf.postfix into DATADIR [2]
- make EAI the default, postfix will reject messages if build
w.o. EAI and compatibility_level is set to a value >=1 [3]
- use new notation instead PATCH_DIST_STRIP
- bump PORTREVISION
1) detect if the port is installed without TERM, in this case
do not ask the to make postfix the default mailer and respect
the env POSTFIX_DEFAULT_MTA. This helps tools like salt,
ansible, cfengine and puppet during the first package installation.
2) $DATADIR/mailer.conf.postfix can be used by the tools in 1)
3) Issue noted by Melissa Pilgrim by PM
Short description of the issue:
If compatibility_level is set to a value >= 1, then postfix set
smtputf8_enable=yes. For more information see
$ postconf -d | grep compatibility_level
and
http://www.postfix.org/SMTPUTF8_README.html
Approved by: portmgr (feld@)
Remove non-working SourceForge mirror and regenerate distinfo.
The tarball from PyPI has a different name and slightly different contents:
Only in distcache-SimPy-2.3.1/docs: __pycache__
Files distcache-SimPy-2.3.1/docs/.DS_Store and simpy-2.3.1/docs/.DS_Store differ
Only in distcache-SimPy-2.3.1/docs: build
Only in distcache-SimPy-2.3.1/docs: conftest.pyc
Only in distcache-SimPy-2.3.1/docs/ext: __init__.pyc
Only in distcache-SimPy-2.3.1/docs/ext: __pycache__
Only in distcache-SimPy-2.3.1/docs/ext: annotate.pyc
Only in distcache-SimPy-2.3.1/docs/ext: style.pyc
Only in distcache-SimPy-2.3.1/docs: html
Only in distcache-SimPy-2.3.1/docs/source/_static: .DS_Store
Only in distcache-SimPy-2.3.1/docs/source: .DS_Store
Only in distcache-SimPy-2.3.1/docs/source/Manuals: .DS_Store
Only in distcache-SimPy-2.3.1/docs/source/Manuals/GUIManual: .DS_Store
Only in distcache-SimPy-2.3.1/docs/source/Manuals/Interfacing/ProductionQualityPlotting: .DS_Store
Only in distcache-SimPy-2.3.1/docs/source/Manuals/PlotManual: .DS_Store
diff -upr distcache-SimPy-2.3.1/PKG-INFO simpy-2.3.1/PKG-INFO
--- distcache-SimPy-2.3.1/PKG-INFO 2012-01-28 10:44:34.000000000 +0100
+++ simpy-2.3.1/PKG-INFO 2013-10-11 22:26:36.000000000 +0200
@@ -1,5 +1,5 @@
-Metadata-Version: 1.0
-Name: SimPy
+Metadata-Version: 1.1
+Name: simpy
Version: 2.3.1
Summary: Event discrete, process based simulation for Python.
Home-page: http://simpy.sourceforge.net/
diff -upr distcache-SimPy-2.3.1/setup.py simpy-2.3.1/setup.py
--- distcache-SimPy-2.3.1/setup.py 2011-12-24 13:38:40.000000000 +0100
+++ simpy-2.3.1/setup.py 2013-10-11 22:25:26.000000000 +0200
@@ -5,7 +5,7 @@ import SimPy
setup(
- name='SimPy',
+ name='simpy',
version=SimPy.__version__,
author='Klaus Muller, Tony Vignaux, Ontje Lünsdorf, Stefan Scherfke',
author_email=('vignaux at user.sourceforge.net; '
Fix plist after r405196.
The tarball from PyPI includes less documentation than the previous one.
Specifically, HTML documentation is not bundled and needs to be generated with
Sphinx. Documentation build files are also not present, as well as some .pyc
files created when the documentation was built.
Approved by: portmgr (antoine)
Switch to GitHub to fix fetching.
The tarball for the 0.0.5 release does not seem to exist in PyPI anymore;
switch to fetching the tag from GitHub instead. Short diff between the two
tarballs:
Only in python-anyconfig-RELEASE_0.0.5: .travis.yml
Only in dist-anyconfig-0.0.5: anyconfig.egg-info
Only in dist-anyconfig-0.0.5: PKG-INFO
Only in dist-anyconfig-0.0.5: python-anyconfig.spec
Only in dist-anyconfig-0.0.5: setup.cfg
Only in python-anyconfig-RELEASE_0.0.5: wercker.yml
Approved by: portmgr (antoine)
Add USES=compiler:c++11-lang to fix the build on 9.x.
The port requires a compiler with C++11 support, and builds with -std=c++11 by
default. After r405187, it is possible to build a Qt5-based port with
-std=c++11 and base libstdc++, which means we can finally make the port build
on 9.x.
Approved by: portmgr blanket
Qt5: Add a patch to allow using clang, -std=c++11 and base libstdc++.
This is similar to what we did for Qt4 in r362770. Some C++11 features actually
depend on the C++ standard library, such as <initializer_list> or std::move().
So far, ports with USES=compiler:c++0x and similar failed to build with Qt5 on
FreeBSD 9.x, as base libstdc++ is very old and does not support those C++11
features.
Piggyback on a check that is already present upstream for OS X, which has the
same ancient libstdc++ version. Apple's version has a custom patch with version
macros that we can't use, so we make a broader check and disable the features
that depend on a modern standard library if libc++ is not used.
Approved by: portmgr blanket
Ressurrect audio/kstreamripper and update to 0.7.100.
Update to the latest release to make the port fetchable again. Stop passing
-DWITHOUT_LIBPROXY=YES to CMake because upstream disabled libproxy support a
few releases ago.
PR: 204171
Submitted by: matthew@reztek.cz
Approved by: maintainer timeout (65 days)
Approved by: portmgr blanket
Fix linking after r404875.
There was a typo in the line setting LDFLAGS: we need -L/some/dir, not
/some/dir.
From the logs:
/usr/local/lib: file not recognized: Is a directory
c++: error: linker command failed with exit code 1 (use -v to see invocation)
Thanks to antoine for raising the issue, and sorry for the brain fart.
2016-01-03 08:45:38 +00:00
1491 changed files with 14446 additions and 15320 deletions
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
