devel/rlvm: fix font handling
Even CLANNAD (Steam HD edition) didn't work[1], so...
- Force at least one supported font to be installed
- Chase paths for MONA after rename in r397892
- Don't look under PREFIX, other packages are under LOCALBASE
[1] rlvm doesn't use fontconfig, so it happily crashed without leaving
any error on terminal to assist troubleshooting if one of the listed
fonts couldn't be found.
Approved by: ports-secteam "runtime" blanket
- update to 4.8.0
- Fix: Autostart - Pads did not hide on startup when set in the
preferences due to the tray icon not being recognized properly
(#1560019)
- adjust dependencies
- fix spelling on header
With hat: ports-secteam
Approved by: ports-secteam
x11/kde4-workspace: fix OpenGL test for nvidia-driver.
Restore patch introduced in r408463 and accidentially removed in r417328.
Approved by: ports-secteam (feld)
security/openssl-devel: Update to 1.1.0b
- Update to 1.1.0b
- Fixes CRITICAL Use After Free for large message sizes (CVE-2016-6309)
- Make zlib and ssl3 options work
- Remove jpake header (jpake removed completely)
Security: 91a337d8-83ed-11e6-bf52-b499baebfeaf
Approved by: ports-secteam (Xin Li)
lang/phantomjs: Fix build on 9.3 and 11.0
- Take maintainership (maintainer timeouts previously)
- Remove no-op patch
- Remove work related to GCC build profiles as we enforce clang
- Add patch to fix building with clang in 11.0
- Add hack to enforce CC and CXX for 9.3
Partway through the build the compiler was switching from clang++ to c++
which is GCC in base system. This was causing build failures.
Approved by: ports-secteam (with hat)
Since e2fsprogs 1.42.x and in fact anything before 1.43.3_3 in terms of
FreeBSD's ports head/ trunk, and its full patch-lib_ext2fs_unix__io.c in
particular, is deemed unsafe and can cause data corruption on FreeBSD 11
and newer (10.3 and older are deemed safe):
Update to new upstream release 1.43.3, with a few additional fixes to
the bounce-buffer I/O needed on FreeBSD 11 and newer where malloc() does
not normally return page-aligned memory.
Make set of self-tests configurable. Add Perl and GNU dd to build
dependency list when needed so tests can pass in a poudriere build.
Assorted other tweaks.
Upstream's change log (please read all the way to and including 1.43):
http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.43.3
While here, refresh patches, and time-limit programs in self-test suite
to 60 s CPU time each, to avoid runaway processes from stalling the
self-tests for too long.
Ignore SIGINFO during self-tests: In the FreeBSD-specific patch, when
the environment variable e2fsprogs_inhibit_SIGINFO exists (whatever its
content, even if empty), do NOT install the SIGINFO handler. Leverage
this when running the self-tests. This is to avoid false negatives
during the self-tests due to interspersed SIGINFO output redirected from
stderr to the log files.
Insist (by setting BROKEN conditionally) on anything that is FreeBSD 11
or newer, or non-i386/non-amd64, that the user runs at least the small
self-tests.
Revise option descriptions a bit.
Approved by: ports-secteam (feld)
databases/mariadb55-server: Update to 5.5.51
- Update to latest version 5.5.51
- Move from USE_OPENSSL to USES= ssl
Approved by: ports-secteam (feld)
Security: 856b88bf-7984-11e6-81e7-d050996490d0
Fix build of lang/gcc49 with libc++ 3.9.0
While testing the clang390-import branch, I ran into the following
errors building lang/gcc49:
In file included from /wrkdirs/usr/ports/lang/gcc49/work/gcc-4.9.4/gcc/c/c-objc-common.c:33:
In file included from /usr/include/c++/v1/new:70:
/usr/include/c++/v1/exception:267:5: error: no member named 'fancy_abort' in namespace 'std::__1'; did you mean simply 'fancy_abort'?
_VSTD::abort();
^~~~~~~
/usr/include/c++/v1/__config:451:15: note: expanded from macro '_VSTD'
#define _VSTD std::_LIBCPP_NAMESPACE
^
/wrkdirs/usr/ports/lang/gcc49/work/gcc-4.9.4/gcc/system.h:685:13: note: 'fancy_abort' declared here
extern void fancy_abort (const char *, int, const char *) ATTRIBUTE_NORETURN;
^
1 error generated.
What is happening here, is that the source file includes gcc/system.h,
which defines abort to fancy_abort, and then the source file includes
<new>, which attempts to call _VSTD::abort() (the _VSTD is a libc++
alias for std::). The macro definition then causes the above breakage.
Newer gcc ports, such as gcc5 and gcc6 don't show this issue, because
upstream gcc first added an include of <algorithm> (which indirectly
includes <new>) in r217348 [1], and later even add a direct include of
<new> in r232736 [2].
Fix it for this version, by adding the direct include of <new> to
gcc/system.h. This makes the 'second' includes of <new> in some .c
files superfluous, but at least they won't result in errors.
[1] https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=217348
[2] https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=232736
Approved by: portmgr (feld)
PR: 212465
Fix build of audio/clementine-player with clang 3.9.0
Clang 3.9.0 has a new warning about undefined template variables, which
is triggered by including cryptopp headers in the spotify blob
downloader:
In file included from /wrkdirs/usr/ports/audio/clementine-player/work/Clementine-1.3.1/src/internet/spotify/spotifyblobdownloader.cpp:43:
/usr/local/include/cryptopp/pkcspad.h:74:53: error: instantiation of variable 'CryptoPP::PKCS_DigestDecoration<CryptoPP::SHA512>::decoration' required here, but no definition is available [-Werror,-Wundefined-var-template]
return HashIdentifier(PKCS_DigestDecoration<H>::decoration, PKCS_DigestDecoration<H>::length);
^
This warning could be silenced by hacking on cryptopp, but just suppress
it for now.
Approved by: portmgr (feld)
PR: 212343
www/firefox: re-enable OMTC for BUNDLED_CAIRO=off (backing out r393805)
OMTC is also required to support Electrolysis (called Multiprocess Windows in
about:support) introduced in Firefox 48 via e10srollout@mozilla.org system addon.
PR: 202174, 211792
Tested by: scf
Approved by: ports-secteam (feld)
www/firefox: update to 49.0 (rc2)
Bump PORTREVISION to account for slightly different behavior in other
gecko@ ports and to get a discrete regression window.
Changes: https://www.mozilla.org/firefox/49.0/releasenotes/
PR: 211792
Submitted by: Jochen Neumeister <joneum@bsdproject.de> (based on)
Security: 2c57c47e-8bb3-4694-83c8-9fc3abad3964
Approved by: ports-secteam (feld)
- Update net/asterisk11 to 11.23.0
- Update net/asterisk13 to 13.10.0
Add patch to fix build with libressl.
PR: 211707
Submitted by: olivierw1+bugzilla-freebsd@hotmail.com
Patch by: brnrd@
Obtained From: http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/telephony/asterisk/patches/patch-res_res_rtp_asterisk_c?rev=1.1&content-type=text/plain
Fix build on head after r303920.
- Update to 13.11.0
- Make using base compiler the dafault on amd64 and i386
- Prevent asterisk build system from unconditionally using
-march=native
- Add an OPTIMIZED_CFLAGS option, disabled by default, to allow
enabling the native flag
- While here, convert to option target helpers.
Update net/asterisk11 to 11.23.1
Security: 5cb18881-7604-11e6-b362-001999f8d30b
Update net/asterisk13 to 13.11.1
Security: 5cb18881-7604-11e6-b362-001999f8d30b
7fda7920-7603-11e6-b362-001999f8d30b
net/asterisk13: Fix broken patch file
- Patch was the svn diff to the tree
- Convert to a regular patch file
PR: 211707
Push ncurses USES after ssl USES, it has been reported to solve
problems when compiling with non base SSL library.
PR: 211707
Submitted by: OlivierW <olivierw1+bugzilla-freebsd@hotmail.com>
Update to 13.11.2
Approved by: ports-secteam (feld)
Introduce READELF?= /usr/bin/readelf
In many cases where objdump is currently used, readelf is a better
choice. Introduce a variable for ports that wish to use it.
Reviewed by: bapt
Approved by: portmgr
Differential Revision: https://reviews.freebsd.org/D7761
as well.
Approved by: ports-secteam (feld)
r418252:
Fix build under 12.0-CURRENT.
r418405:
upgrade to 4.90C
- support for DTYPE_PTS
- FreeBSD 12.0-CURRENT
r418838:
Update to 4.90E.
r421506:
Update to 4.90F.
Bug fix:
- It fixes a race condition when lsof is looking up information on a
socket's TCP state. The worst case of the race is that lsof gets a
segmentation fault.
PR: 212457
Submitted by: maintainer (Larry Rosenman)
Fix bin/renpy's shebang after r410677 and appease stage-qa
Warning: Bad symlink '/usr/local/bin/renpy' pointing to an absolute pathname '/usr/local/share/renpy/renpy.py'
Approved by: ports-secteam blanket
textproc/libxml2: remove LICENSE block to unbreak libxml2-reference
The addition of the MIT licence block broke at least the
textproc/libxml2-reference port due to how the helper script
bsd.gnome-reference.mk works. Removed at the request of person that
suggested the license be added [2].
PR: 209806
PR: 212265 [2]
Reported by: cpm
Approved by: ports-secteam (feld)
- Switch to USES=zip:infozip to fix extraction problem on recent current
PR: 212311
Submitted by: rhurlin@gwdg.de (maintainer)
Approved by: ports-secteam blanket
Update net/xmlrpc to 1.39.10
This version if a buffer overflow in STRSCAT
PR: 211257
Submitted by: w.schwarzenfeld@utanet.at
Approved by: ports-secteam (feld)
Fix some edge cases in xinetd file descriptor handling
This change fixes the case where the listening file descriptor is in 0~2
range (easily reprodutible with a single UDP service)
PR: 211038
Obtained from: pfSense
Sponsored by: Rubicon Communications (Netgate)
Approved by: ports-secteam (feld)
irc/inspircd: Update to 2.0.23
This update also resolves an authentication bypass vulnerability.
Reported by: <dijit sh drk sc>
Approved by: ports-secteam (with hat)
Update graphcis/digikam-kde4's & friends distfile location.
It has been moved upstream (probably due to the digikam-kf5 release).
Approved by: rakuco (mentor)
Approved by: ports-secteam (feld), rakuco (mentor)
Fix some bad IPv6 validation issues
Following bad addresses are being validated as good by checkIPv6()
1:2:3:4:5:6:7:8:1.2.3.4
::1:2:3:4:5:6:7:8
1:2:3:4:5:6:7:8::
1:2:3:4:5:6:::8
::::a
::::
1::2::3
Obtained from: pfSense
Sponsored by: Rubicon Communications (Netgate)
Approved by: ports-secteam (feld)
Add upstream patch for a security issue in karchive:
Directory traversal vulnerability in KArchive before 5.24, as
used in KDE Frameworks, allows remote attackers to write to
arbitrary files via a ../ (dot dot slash) in a filename in an
archive file, related to KNewsstuff downloads.
Review the patch is from: https://git.reviewboard.kde.org/r/128749/
Original KF5 review: https://git.reviewboard.kde.org/r/128185/
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6232
Approved by: rakuco (mentor)
Security: 4472ab39-6c66-11e6-9ca5-50e549ebab6c, CVE-2016-6232
Approved by: ports-secteam (junovitch), rakuco (mentor)
MFH: r419885 r420202 r420318
- fixed several vulnerabilities.
- fixed a crash introduced in 3.0.13.1
- fixed a deadlock in the server causing some instances to
hang / be unresponsive
- fixed a crash reported by a customer.
PR: 211638, 211848, 211911
Changes: http://forum.teamspeak.com/threads/126318-TeamSpeak-3-Server-3-0-13-2-released
Submitted by: Ultima1252@gmail.com (maintainer)
Approved by: ports-secteam (feld)
MFH: r420921 r420926 r420929
- It is more useful that way
- pet portlint for the patches
PR: 211624
Submitted by: Tobias Kortkamp <t@tobik.me>
Reported by: ak
Approved by: ports-secteam (junovitch)
lang/php70: switch distfiles from bzip2 to xz
While here also:
- regenerate patches with make makepatch
- replace "sed" with proper ${SED}
- no longer mute ${INSTALL_DATA}
PR: 209881
Reported by: Piotr Kubaj <pkubaj@anongoth.pl>
Approved by: pi (mentor)
Approved by: ports-secteam (with hat)
- Switch to infozip to fix extraction problems (on some FreeBSD version stock unzip extracts empty dirs, on other empty files)
Approved by: ports-secteam blanket
Import upstream patch to fix the detection of clang's version number.
Our clang reports itself as "FreeBSD clang version x.y.z" instead of just
"clang version x.y.z", which was preventing the sed pattern used in the
configure script from matching and thus QT_CLANG_MAJOR_VERSION and
QT_CLANG_MINOR_VERSION were never defined. One of the consequences is that
tests for those values in mkspecs later always failed, which led to some
features such as C++14 support being disabled.
PR: 210327
Approved by: ports-secteam (junovitch)
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and
9.1.23. This release fixes two security issues. It also patches a number of
other bugs reported over the last three months. Users who rely on security
isolation between database users should update as soon as possible. Other users
should plan to update at the next convenient downtime.
If you are using the ICU patch, please consult UPDATING.
Improve periodic cleanup, suggested by claudius (at) ambtec.de. [1]
PR: 210941 [1]
Security: CVE-2016-5423, CVE-2016-5424
Approved by: ports-secteam (with hat)
Update eog to 3.18.3.
Add indirect dependacies.
Switch to lcms2 since that is actualy used.
Security: f5035ead-688b-11e6-8b1d-c86000169601, CVE-2016-6855
Approved by: ports-secteam@ (junovitch@)
Fix the build with LibreSSL.
LibreSSL does not define SSL_CTRL_SET_CURVES, so check for the macro's
existence before using it.
I'm committing this mostly to get it into the 2016Q3 branch so it lives a bit
longer: starting with Qt 5.6, upstream explicitly does not support LibreSSL and
fails at configuration time if it is detected (the rationale being that they do
not want to make the OpenSSL backend code even more confusing with additional
checks and code paths for LibreSSL; patches adding a separate LibreSSL backend
are more than welcome, but someone needs to write the code and maintain it).
PORTREVISION is not being bumped because the LibreSSL build was simply broken
before, and the patch does not change anything for OpenSSL users.
PR: 211832
Submitted by: matthew@reztek.cz
Approved by: ports-secteam (feld)
Update gnome-maps to 3.18.3.1.
Add license block.
While here record indirect dependancies.
This release uses another map provider since the one in
previous releases discontinued it's services.
PR: 211509 (based on)
Submitted by: cpm@
Approved by: ports-secteam@ fixit blanket
devel/qca: Fix building without SSLv3 and SHA-0
- Add 2 patches from upstream project
- Fix building when libssl does not have SSLv3
- Fix building when libcrypto does not have SHA-0
- Replace USE_OPENSSL with USES= ssl
- Rework files/patch-libressl with `make makepatch`
Tested with devel/qca and devel/qca-qt5
PR: 210053
Approved by: Maintainer time-out
Obtained from: KDE
Differential Revision: D6885
devel/qca: Fix build failure on 9.3 / OpenSSL 0.9.7
- Re-add patch for compression to satisfy 0.9.7
PR: 210053
Adjust the SHA0 removal patch.
The upstream fix was still returning "sha0" in all_hash_types() even when SHA0
support is not present. The fix has also been submitted upstream.
PR: 211833
Submitted by: matthew@reztek.cz
Approved by: ports-secteam (junovitch)
Incorporate a patch from upstream
Affecting DragonFly 4.6 and earlier, Matt Dillon fixed this in base after
finding out from BSDNow Episode 152. Comments following were from his commit
which explains better than I. Just taking his change and putting it here as well.
* dma makes an age-old mistake of not properly checking whether a file
owned by a user is a symlink or not, a bug which the original mail.local
also had.
* Add O_NOFOLLOW to disallow symlinks.
Thanks-to: BSDNow Episode 152, made me dive dma to check when they talked
about the mail.local bug.
Security update to 4.6.4
This includes 26 security advisories of various severities up to
'critical', as well as bug-fix updates.
ChangeLog: https://www.phpmyadmin.net/files/4.6.4/
Security: ef70b201-645d-11e6-9cdc-6805ca0b3d42
Approved by: portmgr (mat)
net-mgmt/rancid3: Fix SSH on FreeBSD 11.0
RANCID by default attempts to ssh to devices with 3des as the cipher.
This no longer works with OpenSSH in FreeBSD 11 as you need to be more
specific. Changing this to 3des-cbc works for now, but future versions
of OpenSSH will break this as well. Unfortunately this will break RANCID
as many network devices do not support modern ciphers, but we will have
to deal with that when the time comes.
Approved by: ports-secteam (with hat)
Update lang/perl5.* to fix CVE-2016-1238.
We're exceptionnaly using the latest release candidates for this, Perl
5.22.3 and 5.24.1 were about to be released when CVE-2016-1238 hit the
fan, so we feel confident that EVERYTHING WILL BE FINE.
- lang/perl5.24 goes to 5.24.1-RC2.
- lang/perl5.22 goes to 5.22.3-RC2.
- lang/perl5.20 goes to 5.20.3_14.
- lang/perl5.18 goes to 5.18.3_23
PR: 211561
Reported by: Sevan Janiyan
Security: CVE-2016-1238
Sponsored by: Absolight
www/piwik: Update from 2.16.1 to 2.16.2
Changes: https://piwik.org/changelog/piwik-2-16-2/
The is also a security release and fixes several XSS issues.
PR: 211590
Submitted by: Hans Fredrik Nordhaug (maintainer)
Approved by: ports-secteam (junovitch), junovitch (mentor)
- Stage II. FreeBSD 9.x branch need a bit more love to deal with c++11-aware code
for Jit/LLVM bytecode engine [1]
- Disable Jit engine by default for package building [2]
Reported by: pi [1]
Discussed with: garga [2]
Approved by: garga (maintainer)
Approved by: ports-secteam (blanket)
- security/clamav: Unbroke Jit engine
Buldled LLVM is very limited/outdated and produce the broken code on recent FreeBSD releases,
so unconditionally rely on latest supported (3.6) LLVM framework from ports to build ClamAV Jit parser
PR: 211683
Reported by: many
Submitted by: myself
Approved by: garga (maintainer)
Approved by: ports-secteam (blanket)
dns/nsd: update 4.1.10 -> 4.1.11
- Restore configurable IPV6 option. Upstream integrated fix for issue.
- FEATURES:
* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix#790: size-limit-xfr can stop NSD from downloading infinite zone transfer
data size, from Toshifumi Sakaguchi.
Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.
- BUGFIXES:
* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix#783: Trying to run a root server without having configured it silently
gives wrong answers.
* Fix#782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.
PR: 211693
Submitted by: jaap@NLnetLabs.nl (maintainer)
Approved by: ports-secteam (with hat)
Security: CVE-2016-6173
Security: https://vuxml.FreeBSD.org/freebsd/7d08e608-5e95-11e6-b334-002590263bf5.html
devel/buildbot: Update sqlalchemy RUN_DEPENDS
r419532 [1] caused ports that depend on sqlalchemy07 and
sqlalchemy-migrate (at least buildbot) to fail because
py-sqlalchemy-migrate pulls in py-sqlalchemy10 which conflicts with
py-sqlalchemy07.
Update the sqlalchemy dependency from 0.7.x to 1.0.x after QA
testing for regressions @ runtime using the buildbot test suite.
[1] http://svnweb.freebsd.org/changeset/ports/419532
PR: 210589
Reported by: pkg-fallout
Tested by: pi
Approved by: ports-secteam (blanket)
irc/py-limnoria: Convert to OPTION'al RUN_DEPENDS
- Add Global and Plugin OPTIONS for optional dependencies
- Set OPTIONS_DEFAULT to maintain functional compatibility with 2016Q3
- Enable concurrent Python installation
- Update test target to use PYTHON_CMD (version specific execution)
- Add TEST_DEPENDS on feedparser as it fails (not skips) if not
available when running tests.
- Remove nested leading indefinite article in COMMENT
irc/py-limnoria: Bump PORTREVISION
Bump PORTREVISION due to the additional of USE_PYTHON=concurrent
symlinks in the package.
Approved by: ports-secteam (blanket)
- add patch to modify apr1 poll() emulation to match behavior expected by serf
serf depends on the poll emulation in apr returning a POLLERR event if a
non-blocking connect() attempt fails in order to trigger an IPv6 -> IPv4
fallback, or a fallback to another address for a multi-homed host. On
FreeBSD, the poll emulation is done using kqueue, and the result returned by
the poll() emulation is POLLIN + POLLHUP.
- upstream apache PR:
https://bz.apache.org/bugzilla/show_bug.cgi?id=59914
PR: 211430
Submitted by: Don Lewis (truckman@)
Approved by: ports-secteam (junovitch)
- Fix build on FreeBSD 11.0/i386 and HEAD.
- Mark BROKEN on 9.3
- We have no MASTER_SITES and no DISTFILES. Therefore these are empty.
PR: 211321
Submitted by: Tobias Kortkamp (maintainer)
Reviewed by: junovitch (mentor)
Approved by: junovitch (mentor)
Approved by: ports-secteam (build fix blanket)
- Update to version 2016.74
- Add license information
Changelog:
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
PR: 211298
Submitted by: Piotr Kubaj (maintainer)
Approved by: ports-secteam (feld)
Remove the deinstall script that appears to be deleting all the temporary files
created by pkg(8) during upgrades
It happens because the deinstall script tries to clean up the potential manual
VM registration by cleaning out all symlinks to bin/javavm
Given all VM are registring/unregistering themselves this part is not needed
The other thing the script was doing handling the configuration which has been
replaced by @sample.
pkg-install has been modified to drop the handling of the configuration file but
keep the auto registration if all VM found. While this part is not necessary as
well, we keep it because otherwise anyone doing delete/install on javavmwapper
version 2.5 being the installed version would end up with all VM unregistered.
The pkg-install should be removed after EOL of FreeBSD 10.3
PR: 210313
1.3.1 changes the ansible requirement to < 2.dev0 due to too many
incompatible changes. Switch the dependency to ansible1 to compensate.
While I'm here:
* Add TEST_DEPENDS and test target
PR: 210215
Reported by: Claus Andersen <Claus.Andersen+FreeBSDbugzilla enkel-it dk>
Approved by: ports-secteam (blanket)
Add a hack in pkg to skip running predeinstall for javavmwrapper-2.5
During upgrades/reinstall javavmwrapper 2.5 pre deinstall script deletes the pkg
temporary files preventing to finish the upgrade.
A fixed version of javavmwrapper will be made soon, this hack will remain in the
ports tree and not in pkg(8) itself. This hack is made to not bother users is
only affecting upgrade/reinstall phase not proper deinstall
PR: 210313
Man pages are installed to the wrong directory. Consequently, they are not
compressed and also don't work. Fix is simple and attached.
PR: 211294
MFH: r419314
Submitted by: Nikolai Lifanov <lifanov@mail.lifanov.com>
Approved by: ports-secteam (junovitch)
gcalcli requires a dependency on oauth2client <= 1.4.12 to work
correctly, as higher versions replaced the run() method with run_flow().
The version of oauth2client in ports is 2.2.0 at the time of writing.
Fixes for the issue [1][2][3] have been submitted upstream in multiple
cases, although upstream has closed them as duplicates of a refactor
issue [4] that is yet to be committed/resolved.
This commit commits the proposed change in issue #229 [2].
While I'm here:
* Explicitly specify (and limit) supported Python versions to -2.x
* Add python to CATEGORIES
* Group, re-order and sort USE{s}, NO_* and files/plist sections
* Capitalize OPTIONS descriptions
[1] https://github.com/insanum/gcalcli/pull/211
[2] https://github.com/insanum/gcalcli/issues/229
[3] https://github.com/insanum/gcalcli/issues/244
[4] https://github.com/insanum/gcalcli/issues/165
PR: 206045
Submitted by: Lawrence Chen <beastie tardisi com>
Approved by: portmgr (maintainer timeout, 6+ months)
Approved by: ports-secteam (blanket)
Mk/Uses/tcl.mk: fix stage-qa linking error.
- If a port links to libtk then it will always also link to libtcl. Include
libtcl in the LIB_DEPENDS when linking to libtk.
- Fix indentation of '.if' statements
PR: 211261
Approved by: ports-secteam (feld), gahr
Remove the IPv6 option that is causing builds to fail when it is
disabled. The issue does not affect package users, as it was a default
option.
The issue has been fixed upstream [1] and will be included/renabled
in the next version update.
While I'm here:
* Switch to USES=ssl
* Add --enable-ipv6 in CONFIGURE_ARGS to ensure it's explicitly enabled
[1] https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=800
PR: 211303
Reported by: <vfx9as gmail com>
Approved by: maintainer <jaap NLnetLabs nl>
Approved by: ports-secteam (blanket)
Update to 1.13.6.
This is a bug fix release.
* Improve some error messages
* Improve documentation
* Allow a principal with nonexistent policy to bypass the minimum
password lifetime check, consistent with other aspects of
nonexistent policies
* Fix a rare KDC denial of service vulnerability when anonymous client
principals are restricted to obtaining TGTs only [CVE-2016-3120]
Security: 62d45229-4fa0-11e6-9d13-206a8a720317
Security: CVE-2016-3120
Approved by: ports-secteam (feld)
Import several patches recently merged upstream.
- Fix fork following to honor 'detach-on-fork'
- Fix vfork following to post a fake vfork_done event to fix breakpoints
in vfork parents (a real vfork_done event is pending but requires kernel
changes currently in review).
- Fix x86 debug registers to work with multiple threads (PR 157755)
- Add support for 'info auxv' on both live processes and cores.
- Add support for 'catch syscall'. Note that catching system calls by
names requires parsing an XML file mapping system call names to
numbers. The port now installs the XML syscall files to the data
directory. In addition, the EXPAT option is now enabled by default as
expat is used to parse the XML files.
- Handle version 1a of NT_PRPSINFO notes which include the pr_pid field.
- Replace patch-sigev with upstream version. Note that upstream GDB
doesn't define SIGLIBRT on older OS versions, so do that in the port
Makefile instead.
- Use PT_GET_EVENT_MASK/PT_SET_EVENT_MASK (new in 12).
- Fix a bug where fork and LWP events weren't enabled in new child
processes when following child processes after a fork.
- Handle "real" vfork done events via PTRACE_VFORK (new in 12).
- Bump PORTREVISION.
PR: 157755, 210874, 211254
Approved by: ports-secteam (feld)
devel/onscripter: update to 20160726 while fixing
====> Running Q/A tests (stage-qa)
Error: /usr/local/bin/nsaconv is linked to /usr/local/lib/libjpeg.so.8 from graphics/jpeg-turbo but it is not declared as a dependency
Warning: you need USES+=jpeg
Approved by: ports-secteam (feld)
Update to 1.14.3.
This is a bug fix release.
* Improve some error messages
* Improve documentation
* Allow a principal with nonexistent policy to bypass the minimum
password lifetime check, consistent with other aspects of
nonexistent policies
* Fix a rare KDC denial of service vulnerability when anonymous client
principals are restricted to obtaining TGTs only [CVE-2016-3120]
Security: 62d45229-4fa0-11e6-9d13-206a8a720317
Security: CVE-2016-3120
Approved by: ports-secteam@ (feld@)
net-p2p/deluge: update to 1.3.13
- update to 1.3.13
- switch to option helpers
- add creatiion of .python-eggs for deluge_web - this resolves
installation of plugins for deluge_web [1]
This release also fixing Scheduler plugin as reported by dbn@ [2], so
this is the reason for MFH request.
Changes: http://dev.deluge-torrent.org/wiki/ChangeLog#Deluge1.3.1320July2016
PR: 207558 [2]
Submitted by: Marlon Leerkotte <mrleerkotte@protonmail.com> [1] (private mail)
Reported by: dbn [2]
Approved by: ports-secteam (feld)
Apply r402343 to other gnome@ ports restoring r297047 behavior
- Invoke pkg-config(1) instead of checking manually
- Convert to ECHO_MSG which can be silenced
PR: 166279
Approved by: portmgr blanket
Approved by: ports-secteam (feld)
Upgrade to upstream svn revision r1753426, which includes the fix for
CVE-2016-1513.
Regenerate distinfo to add TIMESTAMP.
Security: 72f71e26-4f69-11e6-ac37-ac9e174be3af
Approved by: ports-secteam (feld)
graphics/gegl3: apply r386216 + previous commit
- Bundled poly2tri-c is under BSD3CLAUSE
- Only V4L still uses LGPL20+ code
- More (but not all) operations/common/*.c are under GPLv3
While here define CPE information.
Approved by: portmgr blanket
Approved by: ports-secteam blanket
graphics/gegl: clarify LICENSE
A quick grep(1) of *.c files reveals:
LGPL20 files are
gegl/buffer/gegl-id-pool.c
operations/external/v4lutils/v4lutils.c
GPLv3 files are
bin/gegl.c
bin/gegl-path-spiro.c
bin/gegl-path-smooth.c
bin/gegl-options.c
gegl/buffer/gegl-cache.c
All GPL license headers have
..., or (at your option) any later version.
Approved by: portmgr blanket
Approved by: ports-secteam blanket
audio/libaudiofile: track flac dependency
====> Running Q/A tests (stage-qa)
Error: /usr/local/lib/libaudiofile.so.1.0.0 is linked to /usr/local/lib/libFLAC.so.8 from audio/flac but it is not declared as a dependency
Warning: you need LIB_DEPENDS+=libFLAC.so:audio/flac
PR: 206888
Submitted by: jkim
Approved by: portmgr blanket, maintainer timeout (6 months)
Approved by: ports-secteam blanket
Update to 2016f. [1]
While there, clean things up a bit and really do staging.
PR: 211260 [1]
Submitted by: devel stasyan com
With hat: portmgr
Sponsored by: Absolight
- allow reproducible build
- set EXPIRATION_DATE to 2017-07-01 [1]
[1] Upstream propose EoL of apache 2.2.x during the next 12 months
See discussion on dev@apache list.
Approved by: ports-secteam (feld@)
FreeBSD's regexec() libc function is more restrictive than the linux
one and will not accept an empty expression.
Add patch (from PR) to fix this problem.
PR: 211187
Submitted by: Dmitry Vagin <daemon.hammer at ya.ru>
Approved by: ports-secteam (feld)
Adjust dependencies to fix `make stage-qa'.
Error: /usr/local/lib/libtelepathy-qt4-farstream.so.2.0.9.6.1 is linked to /usr/local/lib/libgobject-2.0.so.0 from devel/glib20 but it is not declared as a dependency
Warning: you need USE_GNOME+=glib20
Error: /usr/local/lib/libtelepathy-qt4-farstream.so.2.0.9.6.1 is linked to /usr/local/lib/libglib-2.0.so.0 from devel/glib20 but it is not declared as a dependency
Warning: you need USE_GNOME+=glib20
Error: /usr/local/lib/libtelepathy-qt4-farstream.so.2.0.9.6.1 is linked to /usr/local/lib/libintl.so.8 from devel/gettext-runtime but it is not declared as a dependency
Warning: you need USES+=gettext
Approved by: ports-secteam (junovitch, implicit)
graphics/tiff: Patch vulnerabilities
These two patches were obtained from OpenBSD. An additional CVE is not
yet addressed, but upstream indicates they are removing the gif2tiff
utility as the mitigation in the upcoming 4.0.7.
PR: 211113
Security: CVE-2016-5875
Security: CVE-2016-3186
Approved by: ports-secteam (with hat)
Add patches for CVE-2016-2334 and CVE-2016-2335.
While here, use PORTREVISION?= instead of PORTREVISION= to avoid needlessly
bumping PORTREVISION in archivers/p7zip-codec-rar.
PR: 211114
Submitted by: Piotr Kubaj <pkubaj@anongoth.pl>
Security: a9bcaf57-4a7b-11e6-97f7-5453ed2e2b49
Security: d706a3a3-4a7c-11e6-97f7-5453ed2e2b49
Approved by: ports-secteam (with hat)
postsrsd does not install shared libraries but the port uses
USE_LDCONFIG causing the following warning:
ldconfig: warning: /usr/local/lib/postsrsd: No such file or directory
Remove USE_LDCONFIG to compensate
PR: 211097
Reported by: Miroslav Lachman <000.fbsd quip cz>
Approved by: Krzysztof <ports bsdserwis com> (maintainer)
Approved by: portmgr (blanket)
Approved by: portmgr (blanket)
Update Samba 4.2, 4.3 and 4.4 to the lates version to address CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded).
Security: CVE-2016-2119
Approved by: ports-secteam (with hat)
sysutils/py-salt: add patches to handle runtime regressions in 2016.3.x
Fixes cron.file from upstream issue #34094/#34095 [1]. This will be in
2016.3.2.
- https://github.com/saltstack/salt/issues/34094
- https://github.com/saltstack/salt/pull/34095
Restore patch for upstream issue #33608. This was patched in 2016.3.0 but
removed in the maintainer update to 2016.3.1 in r417508. However the patch
has yet to be merged upstream. [2]
- https://github.com/saltstack/salt/issues/33608
PR: 210627 [1], 210395 [2]
Reported by: Andres Montalban <amontalban@gmail.com>
Approved by: Christer Edwards <christer.edwards@gmail.com> (maintainer)
Approved by: ports-secteam (with hat)
Add missing dependencies reported by stage-qa:
USE_XORG+= sm xinerama
devel/dbus (when GNOME option is enabled)
multimedia/gstreamer (when MMEDIA option is enabled)
graphics/poppler (-devel only, when PDFIMPORT option is enabled)
Add USES=ssl since this OpenOffice does use OpenSSL. The base and ports
versions of OpenSSL are both known to work. It is unknown if LibreSSL
works because the dependency ftp/curl does not currently build with
LibreSSL.
Replace one remaining path to a .jar file with ${JAVALIBDIR} in
CONFIGURE_ARGS.
Replace an absolute symlink with a relative one.
Re-align \ line continuation characters in *_DEPENDS after removal of
${PORTSDIR} from dependencies, and make a few other whitespace cleanups.
Approved by: ports-secteam (feld)
Add missing dependencies to pass `make stage-qa'.
Error: /usr/local/bin/cmake-gui is linked to /usr/local/lib/libexecinfo.so.1 from devel/libexecinfo but it is not declared as a dependency
Warning: you need USES+=execinfo
Error: /usr/local/bin/cmake-gui is linked to /usr/local/lib/libjsoncpp.so.1 from devel/jsoncpp but it is not declared as a dependency
Warning: you need LIB_DEPENDS+=libjsoncpp.so:devel/jsoncpp
Approved by: ports-secteam (junovitch, implicit)
Add missing dependencies to pass `make stage-qa'.
Error: /usr/local/bin/qtcreator is linked to /usr/local/lib/.mesa/libGL.so from graphics/libGL but it is not declared as a dependency
Warning: you need USE_GL+=gl
Error: /usr/local/lib/qtcreator/plugins/libCore.so is linked to /usr/local/lib/libQt5Help.so.5 from devel/qt5-help but it is not declared as a dependency
Warning: you need USE_QT5+=help
Error: /usr/local/lib/qtcreator/plugins/libCore.so is linked to /usr/local/lib/libQt5PrintSupport.so.5 from print/qt5-printsupport but it is not declared as a dependency
Warning: you need USE_QT5+=printsupport
Approved by: ports-secteam (junovitch)
Declare missing dependencies to pass `make stage-qa'.
Error: /usr/local/bin/qbs is linked to /usr/local/lib/libQt5Core.so.5 from devel/qt5-core but it is not declared as a dependency
Warning: you need USE_QT5+=core
Error: /usr/local/bin/qbs-config-ui is linked to /usr/local/lib/.mesa/libGL.so from graphics/libGL but it is not declared as a dependency
Warning: you need USE_GL+=gl
Error: /usr/local/lib/libqbscore.so.1.5.2 is linked to /usr/local/lib/libQt5Network.so.5 from net/qt5-network but it is not declared as a dependency
Warning: you need USE_QT5+=network
Approved by: ports-secteam (junovitch)
bsd.emacs.mk: Fix EMACS_VER for emacs-devel after r416838.
The value did not match the one in editors/emacs-devel, so ports such as
textproc/markdown-mode.el would fail `make build/run-depends` since the wrong
binary name would be looked for.
Approved by: ports-secteam (junovitch)
Gradle uses native-platform which has compiled its native component
with g++, and requires that libstdc++.so.6 is available. See
https://github.com/adammurdoch/native-platform/issues/8.
PR: 208471
MFH: r418287
Submitted by: Tobias Kortkamp <t@tobik.me>
Approved by: portmgr
do not strip binaries when building with DTRACE
stripping would destroy some probes and might result in instable
behaviour when trying to access those probes.
PR: 204314
Approved by: rene (mentor), maintainer-timeout
Approved by: ports-secteam (junovitch)
Take maintainership
Details:
mkvtoolnix shows spurious build issues due to a gcc-internal segfault
on the build cluster on 9.x. However, this is not perfectly
reproducible and on other hardware setups it builds reliably, so we
don't want to mark it broken on 9.x.
Taking maintainership so pkg-fallout won't continue spam the
multimedia@ mailing list.
Approved by: ports-secteam (junovitch)
security/rubygem-omniauth-saml: update from 1.5.0 to 1.6.0
- Ensure that subclasses of OmniAuth::Stategies::SAML are registered with OmniAuth as strategies
- Update ruby-saml to 1.3 to address CVE-2016-5697 (Signature wrapping attacks)
Approved by: junovitch (mentor)
Security: CVE-2016-5697
Approved by: ports-secteam (junovitch)
net-mgmt/nfsen: Improve default directory permissions
Also make it easier to install/run as another user.
PR: 210368
Approved by: ports-secteam (with hat)
www/rubygem-redmine_acts_as_taggable_on: Update to 1.1.0
This update changes to a different upstream fork where there is now
support for Redmine 3.x. This is maintained by the same author who
created the Redmine Knowledgebase plugin which requires this gem.
PR: 210644
Approved by: maintainer (zi)
Approved by: ports-secteam (with hat)
o update to 2.4.23
o disable build time stamp in favor of reproducible build
o remove obsolate scoreboard/status patch
o s/USE_OPENSSL=yes/USES=ssl/
o add OPTION for two new modules:
mod_proxy_hcheck (default=on)
mod_http2_proxy (experimental => default=off)
Changelog:
http://www.apache.org/dist/httpd/CHANGES_2.4.23
Approved by: ports-secteam (feld@)
Update to 1.8.7
- update internal expat to 2.2.0
- fix external solver
- fix build on freebsd pre 9.2
- fix warnings on armv6
- fix solver issue resulting in missing conflicts or reinstalling unneeded
packages
- add a mini summary at the end of the output
- Update to version 2.7.12
- Remove patch that is included upstream
- Switch USE_OPENSSL to USES= ssl [1]
- Update documentation for python27
- Don't set CPE_VERSION, default is PORTVERSION [1]
PR: 210685
Submitted by: wen@(myself), brnrd@ [1]
Exp-run by: antoine
Differential Revision: https://reviews.freebsd.org/D6994
Approved by: ports-secteam(feld@)
Bump PORTREVISION in security/pinentry and pinentry-qt4 after r415872.
r415872 changed the binary name that security/pinentry-qt4 installs without
bumping PORTREVISION in the affected ports, so if security/pinentry gets
rebuilt after this change but security/pinentry-qt4 is not the pinentry symlink
will be broken. Similarly, if one builds security/pinentry-qt{4,5} without
updating security/pinentry, the pinentry symlink will also be broken.
PR: 209556
Approved by: ports-secteam (feld)
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
