Fix MASTER_SITES
- https://www.hdfgroup.org/ should be removed in r426844.
- ftp://support.hdfgroup.org/ is no longer available.
Approved by: ports-secteam (blanket)
Add MANIFEST files for 11.2-BETA1.
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
Add MANIFEST files for 11.2-BETA2.
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
Add MANIFEST files for 11.2-BETA3.
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
Prune MANIFEST files from 11.2-BETA1.
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
Add MANIFEST files for 11.2-RC1.
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
Prune 11.2-BETA2 MANIFEST files.
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
Add MANIFEST files for 11.2-RC2.
Prune MANIFEST files for 11.2-BETA3.
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
Add 11.2-RC3 MANIFEST files.
Prune 11.2-RC1 MANIFEST files.
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
Prune 11.2-RC2 MANIFEST files.
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
Add 11.2-RELEASE MANIFEST files.
Remove 11.2-RC3 MANIFEST files.
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
Approved by: portmgr (mat)
databases/sqlite3: Update 3.22.0 -> 3.23.0
Changelog:
https://www.sqlite.org/releaselog/3_23_0.html
Port changes:
* Add SER1 option for the new optional sqlite3_serialize()/sqlite3_deserialize() functions
* Remove security patches that are now in the release
PR: 227365
Submitted by: Pavel Volkov <pavelivolkov@gmail.com> (maintainer)
Approved by: ports-secteam blanket (required by Firefox 61)
* Review port dependencies based on composer.json files included in
the source
- Add hash as a required dependency [1]
- Move xml from optional to required
- Add curl, gmp, opcache and sodium as optional dependencies: all of
these default to off. sodium only works with php >= 7.2, but
there is no mechanism for modifying options dependent on flavour
settings at the moment.
- Move mbstring from required to optional dependency: defaults to on
* Sort lists of options
* Remove references to the redundant 'OPTIONS_MULTI_DB_connect': this
was a remnant from an earlier version of the port which allowed
switching between the old 'mysql' and the current 'mysqli' modules.
* Add an empty %%WWWDIR%%/tmp directory to the plist: this is
referenced in the configuration defaults [2]. Make this writable by
the www group.
PR: 227803
Submitted by: marko.cupac@mimar.rs [1]
Reported by: marko.cupac@mimar.rs [2]
Update to 4.8.1
ChangeLog: https://www.phpmyadmin.net/files/4.8.1/
Security update to 4.8.2
ChangeLog: https://www.phpmyadmin.net/files/4.8.2/
Security: 17cb6ff3-7670-11e8-8854-6805ca0b3d42
Approved by: ports-secteam (miwi)
Add lost metadata on why this patch exists
Fix nologin check when PAM option is disabled in the port.
PR: 229147
Submitted by: Robert Schulze <rs@bytecamp.net>
Forgot PORTREVISION bump for r472797.
PR: 229147
Approved by: portmgr (implicit)
sysutils/password-store: update to version 1.7.2.
Switch to xz format to enable comparing the checksum of the downloaded
file with the checksum given in the GPG-signed release email.
Security: https://vuxml.freebsd.org/freebsd/53eb9e1e-7014-11e8-8b1f-3065ec8fd3ec.html
Approved by: ports-secteam (riggs)
Update to upstream version 24.0.0
Details:
- Fixes and minor enhancements
- Details see upstream changelog
https://mkvtoolnix.download/doc/NEWS.md
Approved by: ports-secteam (riggs)
As 2018Q2 is on 2.6.x branch of LibreSSL, update to 2.6.5
security/libressl: Security update to 2.7.4
Security: c82ecac5-6e3f-11e8-8777-b499baebfeaf
Approved by: ports-secteam (miwi)
security/libgcrypt: Update to 1.8.3 (bugfix)
- Improve comment in Makefile
- Provide more elaborate port description and update WWW in pkg-descr
Noteworthy changes in version 1.8.3
===================================
- Use blinding for ECDSA signing to mitigate a novel side-channel
attack. [#4011,CVE-2018-0495]
- Fix incorrect counter overflow handling for GCM when using an IV
size other than 96 bit. [#3764]
- Fix incorrect output of AES-keywrap mode for in-place encryption
on some platforms.
- Fix the gcry_mpi_ec_curve_point point validation function.
- Fix rare assertion failure in gcry_prime_check.
Release info at <https://dev.gnupg.org/T4016>.
For further details, see https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html
Security: http://vuxml.freebsd.org/freebsd/9b5162de-6f39-11e8-818e-e8e0b747a45a.html
Approved by: ports-secteam (feld)
multimedia/libvpx: unbreak on powerpc*
- newer libstdc++ ABI is required by many consumers
- -mspe and -maltivec are mutually exclusive
- implement VSX detection for powerpc and powerpc64
PR: 228586
Submitted by: jhibbits (based on)
Approved by: ports-secteam blanket
sysutils/google-compute-engine-oslogin: update to version 1.1.5
PR: 226936
Submitted by: Helen Koike <helen.koike@collabora.com> (maintainer)
Mark as broken on various tier-2 archs.
Approved by: portmgr (tier-2 blanket)
sysutils/google-compute-engine-oslogin: fix oslogin and update to 1.3.0
PR: 228949
Submitted by: Helen Koike <helen.koike@collabora.com> (maintainer)
Approved by: ports-secteam (implicit)
www/waterfox: flatten line endings after r461193 (direct commit)
Subversion doesn't allow mixed line endings when svn:eol-style
property is set. files/patch-bug1402766 tries to create a new test
file, so simply strip carriage-return from lines which is what
actually happens on checkout. Originally, the file landed via
git-svn which doesn't appear to run sanity checks on dcommit.
$ svn cat files/patch-bug1402766
svn: E135000: Inconsistent line ending style
Reported by: gjb
Approved by: ports-secteam blanket
Update to 2.5.4 which fixes multiple memory allocation issues:
- Multiple fixes and improvements to BinPAC generated code
related to array parsing, with potential impact to all Bro's
BinPAC-generated analyzers in the form of buffer over-reads
or other invalid memory accesses depending on whether a
particular analyzer incorrectly assumed that the
evaulated-array-length expression is actually the number of
elements that were parsed out from the input.
- The NCP analyzer (not enabled by default and also updated
to actually work with newer Bro APIs in the release) performed
a memory allocation based directly on a field in the input
packet and using signed integer storage. This could result
in a signed integer overflow and memory allocations of
negative or very large size, leading to a crash or memory
exhaustion. The new NCP::max_frame_size tuning option now
limits the maximum amount of memory that can be allocated.
Other fixes:
- A memory leak in the SMBv1 analyzer.
- The MySQL analyzer was generally not working as intended,
for example, it now is able to parse responses that contain
multiple results/rows.
Add gettext-runtime to USES to address a poudriere testport
warning.
Reviewed by: matthew (mentor)
Approved by: matthew (mentor)
Security: 2f4fd3aa-32f8-4116-92f2-68f05398348e
Differential Revision: https://reviews.freebsd.org/D15678
Approved by: ports-secteam (feld), matthew (mentor)
Update gnupg to 2.2.6
* gpg,gpgsm: New option --request-origin to pretend requests coming
from a browser or a remote site.
* gpg: Fix race condition on trustdb.gpg updates due to too early
released lock. [#3839]
* gpg: Emit FAILURE status lines in almost all cases. [#3872]
* gpg: Implement --dry-run for --passwd to make checking a key's
passphrase straightforward.
* gpg: Make sure to only accept a certification capable key for key
signatures. [#3844]
* gpg: Better user interaction in --card-edit for the factory-reset
sub-command.
* gpg: Improve changing key attributes in --card-edit by adding an
explicit "key-attr" sub-command. [#3781]
* gpg: Print the keygrips in the --card-status.
* scd: Support KDF DO setup. [#3823]
* scd: Fix some issues with PC/SC on Windows. [#3825]
* scd: Fix suspend/resume handling in the CCID driver.
* agent: Evict cached passphrases also via a timer. [#3829]
* agent: Use separate passphrase caches depending on the request
origin. [#3858]
* ssh: Support signature flags. [#3880]
* dirmngr: Handle failures related to missing IPv6 support
gracefully. [#3331]
* Fix corner cases related to specified home directory with
drive letter on Windows. [#3720]
* Allow the use of UNC directory names as homedir. [#3818]
Update gnupg to 2.2.7
Also, remove unnecessary USE_LDCONFIG.
* gpg: New option --no-symkey-cache to disable the passphrase cache
for symmetrical en- and decryption.
* gpg: The ERRSIG status now prints the fingerprint if that is part
of the signature.
* gpg: Relax emitting of FAILURE status lines
* gpg: Add a status flag to "sig" lines printed with --list-sigs.
* gpg: Fix "Too many open files" when using --multifile. [#3951]
* ssh: Return an error for unknown ssh-agent flags. [#3880]
* dirmngr: Fix a regression since 2.1.16 which caused corrupted CRL
caches under Windows. [#2448,#3923]
* dirmngr: Fix a CNAME problem with pools and TLS. Also use a fixed
mapping of keys.gnupg.net to sks-keyservers.net. [#3755]
* dirmngr: Try resurrecting dead hosts earlier (from 3 to 1.5 hours).
* dirmngr: Fallback to CRL if no default OCSP responder is configured.
* dirmngr: Implement CRL fetching via https. Here a redirection to
http is explictly allowed.
* dirmngr: Make LDAP searching and CRL fetching work under Windows.
This stopped working with 2.1. [#3937]
* agent,dirmngr: New sub-command "getenv" for "getinfo" to ease
debugging.
Update gnupg to 2.2.8 (security release)
CVE-2018-12020:
The OpenPGP protocol allows to include the file name of the original
input file into a signed or encrypted message. During decryption and
verification the GPG tool can display a notice with that file name. The
displayed file name is not sanitized and as such may include line feeds
or other control characters. This can be used inject terminal control
sequences into the out and, worse, to fake the so-called status
messages. These status messages are parsed by programs to get
information from gpg about the validity of a signature and an other
parameters. Status messages are created with the option "--status-fd N"
where N is a file descriptor. Now if N is 2 the status messages and the
regular diagnostic messages share the stderr output channel. By using a
made up file name in the message it is possible to fake status messages.
Using this technique it is for example possible to fake the verification
status of a signed mail.
Also:
* gpg: Decryption of messages not using the MDC mode will now lead
to a hard failure even if a legacy cipher algorithm was used. The
option --ignore-mdc-error can be used to turn this failure into a
warning. Take care: Never use that option unconditionally or
without a prior warning.
* gpg: The MDC encryption mode is now always used regardless of the
cipher algorithm or any preferences. For testing --rfc2440 can be
used to create a message without an MDC.
* gpg: Sanitize the diagnostic output of the original file name in
verbose mode. [#4012,CVE-2018-12020]
* gpg: Detect suspicious multiple plaintext packets in a more
reliable way. [#4000]
* gpg: Fix the duplicate key signature detection code. [#3994]
* gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc,
--disable-mdc and --no-disable-mdc have no more effect.
* agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the
list of startup environment variables. [#3947]
Security: CVE-2018-12020
Approved by: ports-secteam (miwi)
Update gitlab to 10.7.3.
For list of changes look here: https://about.gitlab.com/2018/04/22/gitlab-10-7-released/
Please note that gitlab-pages is temporarily removed and will be added later if upstream bug is fixed.
To not update to this version if you require gitlab-pages.
The Gemfile.lock is now generated on gitlab startup, so this should help with Gemfile issues.
Reviewed by: swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D15314
Applied security upgrade to gitlab 10.7.5.
Fixed bug with wrong path for gitlab-workhouse that should fix artifacts (reported by Felix <mail@felix.flornet.de>). This was fix upstream but is not included in this version yet: https://gitlab.com/gitlab-org/gitlab-ce/issues/46763
Update net/rubygem-grpc to 1.11.1 which is required for gitlab 10.7.5.
Sync dep net/rubygem-grpc with gitlab which uses now 1.11.1.
Added gitlab-pages again to dependencies as the new version builds again.
Reported by: Felix <mail@felix.flornet.de>
Reviewed by: swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D15631
Approved by: ports-secteam (eadler)
Remove duplicate entry of BUILD_DEPENDS
- Fix indent
rubygem-bundler is already listed in MY_DEPENDS.
Differential Revision: https://reviews.freebsd.org/D15281
Submitted by: sunpoet (myself)
Approved by: mfechner (maintainer)
Upgrade devel/gitaly to 0.96.1 required for gitlab 10.7.x.
Reviewed by: tz (mentor)
Approved by: tz (mentor)
Differential Revision: https://reviews.freebsd.org/D15323
Fixed a wrong standard path in a configuration. New projects can be created again if the standard gitaly configuration is used.
Reviewed by: tz (mentor)
Approved by: tz (mentor)
Differential Revision: https://reviews.freebsd.org/D15447
Approved by: ports-secteam (eadler)
Mark devel/libgit2-glib as broken, upstream does not support libgit 0.27.0
Reviewed by: wg (maintainer)
Approved by: wg (maintainer)
Differential Revision: https://reviews.freebsd.org/D15321
devel/libgit2-glib: Unbreak with libgit2 0.27.
The fix is two-fold:
* Adjust the path for the sed call in devel/libgit2 so that we leave out
openssl from libgit2.pc's Requires.private line, otherwise libgit2-glib will
look for openssl.pc, which does not exist when OpenSSL from base is used.
* Reset libgit2-glib back to 0.26, and import a patch both Arch Linux and
openSUSE have been carrying to fix the build with libgit2 0.27. PORTEPOCH was
not set because there is no libgit2-glib 0.27 and no package could have
possibly been built after r469930.
Approved by: mfechner, gnome (kwm)
Differential Revision: https://reviews.freebsd.org/D15437
Approved by: ports-secteam (eadler)
Update devel/libgit2 to 0.27.0 required for gitlab 10.7.x
Updated patches to match new file locations.
Reviewed by: swills (mentor), wg (maintainer)
Approved by: swills (mentor), wg (maintainer)
Differential Revision: https://reviews.freebsd.org/D15320
Approved by: ports-secteam (eadler)
mail/mailsync: Fix build with Clang 6.0.0
exit function declared in autoconf 2.59 configure scripts conflicts
with Clang 6 because stdlib.h declares it with an attribute for C++11
or later. This is fixed in later versions of autoconf 2.60.
- Add USES=autoreconf to regenerate configure, new version of
autoconf no longer declares the exit function. [1]
- Merge the changes from files/patch-configure and post-patch taget
into acinclude/ac_with_{cclient,openssl}.m4
[1] http://git.savannah.gnu.org/cgit/autoconf.git/commit/?id=a71c24a704ec0570ba99be909fffbc044d50908b
Reviewed by: koobs, mat
Approved by: koobs (mentor)
Differential Revision: https://reviews.freebsd.org/D15532
Approved by: ports-secteam (riggs)
Update to 5.6.3
Fixes:
- Denial-of-Service Vulnerability in the IKEv2 key derivation
(CVE-2018-10811)
- Denial-of-Service Vulnerability in the stroke plugin
(CVE-2018-5388)
- Crash on FreeBSD that was present in 5.6.2
- The kernel-pfkey plugin optionally installs routes via internal
interface (one with an IP in the local traffic selector). On
FreeBSD, enabling this selects the correct source IP when sending
packets from the gateway itself.
PR: 228631
Submitted by: maintainer
Approved by: ports-secteam
graphics/drm-stable-kmod: update to the latest snapshot
This snapshot gives us better support for old intel graphics hardware,
including chips such as the GM965 found on core2duo CPUs.
Approved by: jmd (maintainer)
graphics/drm-stable-kmod, graphics/drm-next-kmod: Update to latest snapshot
This fixes a regression on CURRENT after some changes to lkpi in base r334482
Approved by: jmd (maintainer, implicit, regression fix)
X-MFH-note: include r471110, better support for old GPUs in stable-kmod
Tested by: Johannes Lundberg
Approved by: ports-secteam (miwi)
- Add DIALOG4PORTS option (default on) to install it for 'options' command [1].
- Add CERTS option (default on) to allow disabling cert dependencies.
- Reword QEMU_DESC to match poudriere-devel.
- Only install ZSH files if the option is enabled.
PR: 225457 [1]
Submitted by: Yasuhiro KIMURA <yasu@utahime.org> [1] (based on)
- Update to 3.2.7
Very minor maintenance release.
Changes: https://github.com/freebsd/poudriere/wiki/release_notes_327
Approved by: portmgr (implicit)
Update to r51585 from the FreeBSD docset.
Approved by: doceng (implicit)
Update to r51730 from the FreeBSD docset (a.k.a. 11.2-R version)
Approved by: doceng (implicit)
Approved by: portmgr (blanket)
Increase the default blacklist threshold from 30 to 120, which is the upstream
default. 30 makes it far too easy to get locked out of your own server. 120 is
simply a safer starting point.
PR: 227016
Submitted by: Dan McGregor (maintainer)
Approved by: ports-secteam (feld)
Mark BROKEN: conflicting dependencies
pkg-static: ufraw-0.22_5 conflicts with dcraw-9.27 (installs files into the same place). Problematic file: /usr/local/bin/dcraw
Reported by: pkg-fallout
Move ufraw from sourceforge to github
On the same time recover updates done in development branch and never released
- Add WB for multiple new cameras :
FUJIFILM X-T2, PENTAX K-1, Panasonic DMC-FZ300/DMC-FZ330,
Canon PowerShot G7 X Mark II, Canon EOS M10, Canon EOS 700D,
Canon EOS 80D, NIKON D200, FUJIFILM X-T10, PENTAX K-S2,
NIKON D5500, NIKON D810, FUJIFILM X100T, Canon PowerShot G5 X,
Panasonic DMC-LF1, SONY RX10M2, Canon EOS M2, Canon PowerShot S120,
FUJIFILM X-M1, OLYMPUS E-M10 Mark II, etc
- multiple bug fixes : memory leak, etc
Remove existing patches since they coming from upstream and are now provided
by default in the distfile.
Incorporate the patched made by the debian project, including a fix for the
CVE-2015-8366.
Security: CVE-2015-8366
www/firefox: switch Skia to upstream big-endian fix
No PORTREVISION bump because powerpc*/sparc64 don't have a working
lang/rust, anyway.
Approved by: ports-secteam blanket (to simplify future MFHs)
gecko: mask as Linux on AMO for compatibility (r470716 followup)
Many extensions on addons.mozilla.org aren't listed or updated due to
platform whitelist abuse. On DragonFly the search is broken because
such a platform isn't recognized.
PR: 226919
Reported by: Graham Perrin, Corpo (Lightning)
Approved by: ports-secteam blanket
gecko: mask as Linux on AMO for compatibility
Many extensions on addons.mozilla.org aren't listed or updated due to
platform whitelist abuse. On DragonFly the search is broken because
such a platform isn't recognized.
PR: 226919
Reported by: Graham Perrin, Corpo (Lightning)
Approved by: ports-secteam blanket
x11-wm/xcompmgr: Add patch to fix shadow rendering
The patch has been laying in upstream bugzilla for quite some time, but is
used on some linux distribution packages, such as debian packages.
While here, add missing dependency on xext.
PR: 182002
Submitted by: Brandon Gooch
Obtained from: https://bugs.freedesktop.org/show_bug.cgi?id=46285 (patch)
Approved by: ports-secteam (riggs)
x11-servers/xorg-server: Backport security fixes
Backport security fixes for CVE-2017-10971 and CVE-2017-10972 (yes, 2017).
For some reason this was not done when the vulnerabilities were documented
in VuXML, and a typo in the version range in VuXML meant that the entries
never matched.
This fixes a memory disclosure and a couple of buffer overruns.
PR: 220584
Reported by: Vladimir Krstulja
Security: ab881a74-c016-4e6d-9f7d-68c8e7cedafb
Approved by: ports-secteam (riggs)
Security update to 6.2.32
Description:
A vulnerability has been discovered in Sympa web interface that
allows write access to files on the server filesystem.
This flaw allows to create or modify any file writable by the Sympa
user, located on the server filesystem, using the function of Sympa
web interface template file saving.
PR: 227642
Submitted by: maintainer
Approved by: ports-secteam
sysutils/py-google-compute-engine: Fix gsutil not being found
PR: 228415
Submitted by: Helen Koike <helen.koike@collabora.com> (maintainer
Approved by: ports-secteam (implicit)
Update to new upstream release 1.44.2.
Most important changes over 1.44.1_1:
e2fsck: adjust quota counters when clearing orphaned inodes
e2fsprogs: fix Free Software Foundation address
mke2fs: print error string if ext2fs_close_free() fails
po: update pl.po (from translationproject.org)
Use @AR@ instead of hardcoded 'ar'
Changelog over 1.44.1:
<http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.44.2>
Approved by: ports-secteam (riggs@)
Perforce has removed the server components for FreeBSD.
Since the binaries are gone, nothing much to do other than remove it.
Approved by: portmgr (antoine)
This port was marked BROKEN/DEPRECATED due to a corrupt patch file. Update the
patch source to fix the issue. Update MAINTAINER at submitters request.
While here, level up ports / python port compliance:
- Strip shared libraries
- Use option helpers
- Use python autoplist
- Match upstream setup.py metadata (COMMENT)
- Use explicit/canonical python package dependencies
- Unmute INSTALL_* commands
PR: 228119
Submitted by: Chris Hutchinson <portmaster bsdforge com>
Approved by: koobs (python, maintainer)
Approved by: ports-secteam (riggs)
Cherry-pick upstream bug fixes from Git.
This is pending an 1.44.2 release, and contains these fixes from maint:
filefrag: avoid temporary buffer overflow
libext2fs: add sanity checks for ea_in_inode
e2image: fix metadata image handling on big endian systems
e2fsck: warn if checkinterval and broken_system_clock both set
tests: don't leave temp files behind after running i_bitmaps
tests: add new test f_ea_inode_self_ref
chattr.1: 'a' and 'i' attribute do not affect existing file
Approved by: ports-secteam (riggs@)
Update to 4.1.2
Improvements:
* API: increase serial after DNSSEC related updates
* Dnsreplay: bail out on a too small outgoing buffer
* Lower ‘packet too short’ loglevel
* Make check-zone error on rows that have content but shouldn’t
* Avoid an isane amount of new backend connections during an AXFR
* Report unparseable data in stoul invalid_argument exception
* Recheck serial when AXFR is done
* Add TCP support for alias
PR: 228114
Submitted by: maintainer
Approved by: ports-secteam
- Update to 3.2.6-369-g91f1ddf5f
- jail -u freebsd-update: Auto confirm prompts
- bulk tests: Don't let system perl interfere with the partial tree used.
- compute_deps: Determine all errors before bailing out
Approved by: portmgr (implicit)
Fix libtclstub.a being stripped of symbols and thus being useless.
- We forced -s to INSTALL because we were not using install-strip.
- qa.sh was bugged and improperly reported that the shared library
was not stripped. That was fixed in r469589.
Approved by: portmgr (implicit)
stage-qa: Change stripped check to only look for .debug_info.
'strip -x', and splitting out debug symbols with objcopy, will leave
a .symtab section but will still remove the .debug_info section. file(1)
shows this distinction as well after the use of 'strip -x':
work/tcl8.7a1/unix/libtcl8.7.so: ELF 64-bit LSB shared object, x86-64, version 1 (FreeBSD), dynamically linked, with debug_info, not stripped
work/stage/usr/local/lib/libtcl8.7.so: ELF 64-bit LSB shared object, x86-64, version 1 (FreeBSD), dynamically linked, not stripped
This fixes false-positives when using install-strip and symbol splitting.
With hat: portmgr
Approved by: portmgr (implicit)
games/gzdoom: Update to 3.3.2
Highlights since 3.3.0:
- Better handling of defaults with some ZScript/DECORATE functions
- Many bug fixes
- Fixed detection of .ipk7 custom IWADs
- Restored vanilla behavior of lightning for original Hexen
- Added loading of ZSDF lumps by full paths
- Exported P_ActivateLine() to ZScript along with constants for activation
type
- Increased size of the savegame comment area.
- Disabled the survey* code
* This was an opt-in hardware survey that ran for effectively the month of
April. Discussion of the results are available at:
https://forum.zdoom.org/viewtopic.php?f=49&t=60156
While here, disable stripping of binaries on 10.4/i386. strip(1) there
claims it can't strip due to an unknown file format. 11.x and later use
elftoolchain strip(1) and have no issues. Due to the replacement as of 11.x
and that there will be no more 10.x releases, no effort will be expended in
tracking down why strip(1) fails here for now.
Approved by: bapt (ports), me (maintainer)
Approved by: ports-secteam (riggs)
emulators/rpcs3: update to 0.0.5.259
- Switch to bundled LLVM 6.0 due to downstream changes
Changes: 753d8170d...76a1d0d8f
Changes: f1b37feef3...6154c0dcaf
Approved by: ports-secteam (junovitch, implicit for snapshots)
Add clang60 support
Update howto
- 11.0+ base can just use WITH_CCACHE_BUILD=yes [1]
- Remove older advise for libtool which is no longer needed
- No need for clang unused argument hack anymore
PR: 222765 [1]
Submitted by: pete@nomadlogic.org [1] (based on)
Approved by: portmgr (implicit)
Update drm-next-kmod, drm-stable-kmod and gpu-firmware-kmod to latest
versions from upstream git.
This brings:
* shorter module names for the GPU firmwares
* addition to the kld category for all three ports
* fixes from FreeBSDDesktop since last update
* fixes to build on latest current, after r333263 [0]
Submitted by: jmd, zeising [0]
Approved by: maintainer (jmd)
Differential Revision: https://reviews.freebsd.org/D14765 (based on)
Fix dependency on gpu-firmware-kmod
Fix the dependency on gpu-firmware-kmod, the version used was about a year
off.
Bump portrevision since dependency changed.
Approved by: jmd (maintainer)
X-MFH-notes: merge with r469162
Approved by: ports-secteam (riggs)
Reinstate a patch from r384479 that was accidentally removed in r432474. It
restores support to bridge a serial port across tcp.
Notified by: leres, Alexandre.Fenyo@secu-independants.fr (via mail)
Approved by: ports-secteam (blanket)
- Prevent OpenSMTPD session hangs and retain a descriptor forever on empty body
(i.e. when the dot appears on the line directly after the headers).
This could be used by an attacker to exhaust resources.
PR: 227899
Submitted by: grembo
Obtained from: OpenSMTPD git repo (backported)
Approved by: ports-secteam (riggs)
mysql57-{client, server}: Update port to 5.7.22
This update includes fixes for multiple CVEs including:
CVE-2018-2755 in replication component, MySQL protocol
CVE-2018-2805 in GIS extention
CVE-2018-2782 in InnoDB
and more info on http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
PR: 227621
Reported by: Markus Kohlmeyer <rootservice@gmail.com>
Sponsored by: Netzkommune GmbH
databases/mysql57-client: Fix build with 10.x default compiler/linker
The upstream seems merged our local-patches but
added a -R flag to its `c++` [actually ld] command.
The -R $DIR is like -rpath on 11.x and CURRENT bases but not on 10.x
We then use -rpath to make sure it works on all supported bases.
Reported by: John W. O'Brien <john@saltant.com>
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (feld)
mysql56-{client, server}: Update port to 5.6.40
This update includes fixes for multiple CVEs including:
CVE-2018-2755 in replication component, MySQL protocol
CVE-2018-2805 in GIS extention
CVE-2018-2782 in InnoDB
and more info on http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
databases/mysql56-server: Add missed distinfo for r467817
Approved by: ports-secteam (feld)
Correctly link to MIT KRB5 libraries when selected.
This was discovered while working through issues relating to an
exp-run using base with private Heimdal, part of the project to
make a) Heimdal in base private and b) import MIT into base (PR 222745).
PR: 227680
Submitted by: cy@
Approved by: Corey Halpin <chalpin@cs.wisc.edu> (maintainer)
Approved by: portmgr (riggs)
sysutils/zrepl: Fix rc.d init script on FreeBSD < 11.1
This change removes the daemon syslog feature on FreeBSD < 11.1.
This has little effect to the usefulness of zrepl logging, as the daemon
itself has inbuilt syslog support which is enabled by default in the
sample config file /usr/local/etc/zrepl/zrepl.yml. The only output to
stdout/stderr from zrepl will be if its inbuilt syslog feature is not
working.
PR: 224844
Reported by: Bernhard <bernhard.kneip@postadigitale.de>
Approved by: ports-secteam (riggs)
lang/solidity: unbreak with Clang 6
In file included from libsolidity/analysis/ConstantEvaluator.cpp:23:
In file included from ./libsolidity/analysis/ConstantEvaluator.h:25:
In file included from ./libsolidity/ast/ASTVisitor.h:25:
In file included from /usr/include/c++/v1/string:477:
In file included from /usr/include/c++/v1/string_view:176:
In file included from /usr/include/c++/v1/__string:56:
In file included from /usr/include/c++/v1/algorithm:643:
/usr/include/c++/v1/memory:3656:5: error: destructor called on non-final 'dev::solidity::FixedBytesType' that has virtual functions but non-virtual destructor [-Werror,-Wdelete-non-virtual-dtor]
__data_.second().~_Tp();
^
/usr/include/c++/v1/memory:3617:9: note: in instantiation of member function 'std::__1::__shared_ptr_emplace<dev::solidity::FixedBytesType, std::__1::allocator<dev::solidity::FixedBytesType> >::__on_zero_shared' requested here
__shared_ptr_emplace(_Alloc __a, _Args&& ...__args)
^
/usr/include/c++/v1/memory:4277:26: note: in instantiation of function template specialization 'std::__1::__shared_ptr_emplace<dev::solidity::FixedBytesType, std::__1::allocator<dev::solidity::FixedBytesType> >::__shared_ptr_emplace<int>' requested here
::new(__hold2.get()) _CntrlBlk(__a2, _VSTD::forward<_Args>(__args)...);
^
/usr/include/c++/v1/memory:4656:29: note: in instantiation of function template specialization 'std::__1::shared_ptr<dev::solidity::FixedBytesType>::make_shared<int>' requested here
return shared_ptr<_Tp>::make_shared(_VSTD::forward<_Args>(__args)...);
^
./libsolidity/ast/Types.h:623:19: note: in instantiation of function template specialization 'std::__1::make_shared<dev::solidity::FixedBytesType, int>' requested here
m_baseType(std::make_shared<FixedBytesType>(1))
^
/usr/include/c++/v1/memory:3656:23: note: qualify call to silence this warning
__data_.second().~_Tp();
^
/usr/include/c++/v1/memory:3656:5: error: destructor called on non-final 'dev::solidity::IntegerType' that has virtual functions but non-virtual destructor [-Werror,-Wdelete-non-virtual-dtor]
__data_.second().~_Tp();
^
/usr/include/c++/v1/memory:3617:9: note: in instantiation of member function 'std::__1::__shared_ptr_emplace<dev::solidity::IntegerType, std::__1::allocator<dev::solidity::IntegerType> >::__on_zero_shared' requested here
__shared_ptr_emplace(_Alloc __a, _Args&& ...__args)
^
/usr/include/c++/v1/memory:4277:26: note: in instantiation of function template specialization 'std::__1::__shared_ptr_emplace<dev::solidity::IntegerType, std::__1::allocator<dev::solidity::IntegerType> >::__shared_ptr_emplace<int, dev::solidity::IntegerType::Modifier>' requested here
::new(__hold2.get()) _CntrlBlk(__a2, _VSTD::forward<_Args>(__args)...);
^
/usr/include/c++/v1/memory:4656:29: note: in instantiation of function template specialization 'std::__1::shared_ptr<dev::solidity::IntegerType>::make_shared<int, dev::solidity::IntegerType::Modifier>' requested here
return shared_ptr<_Tp>::make_shared(_VSTD::forward<_Args>(__args)...);
^
./libsolidity/ast/Types.h:718:15: note: in instantiation of function template specialization 'std::__1::make_shared<dev::solidity::IntegerType, int, dev::solidity::IntegerType::Modifier>' requested here
return std::make_shared<IntegerType>(160, IntegerType::Modifier::Address);
^
/usr/include/c++/v1/memory:3656:23: note: qualify call to silence this warning
__data_.second().~_Tp();
^
/usr/include/c++/v1/memory:3656:5: error: destructor called on non-final 'dev::solidity::BoolType' that has virtual functions but non-virtual destructor [-Werror,-Wdelete-non-virtual-dtor]
__data_.second().~_Tp();
^
/usr/include/c++/v1/memory:3612:5: note: in instantiation of member function 'std::__1::__shared_ptr_emplace<dev::solidity::BoolType, std::__1::allocator<dev::solidity::BoolType> >::__on_zero_shared' requested here
__shared_ptr_emplace(_Alloc __a)
^
/usr/include/c++/v1/memory:4277:26: note: in instantiation of member function 'std::__1::__shared_ptr_emplace<dev::solidity::BoolType, std::__1::allocator<dev::solidity::BoolType> >::__shared_ptr_emplace' requested here
::new(__hold2.get()) _CntrlBlk(__a2, _VSTD::forward<_Args>(__args)...);
^
/usr/include/c++/v1/memory:4656:29: note: in instantiation of function template specialization 'std::__1::shared_ptr<dev::solidity::BoolType>::make_shared<>' requested here
return shared_ptr<_Tp>::make_shared(_VSTD::forward<_Args>(__args)...);
^
libsolidity/analysis/ConstantEvaluator.cpp:58:4: note: in instantiation of function template specialization 'std::__1::make_shared<dev::solidity::BoolType>' requested here
make_shared<BoolType>() :
^
/usr/include/c++/v1/memory:3656:23: note: qualify call to silence this warning
__data_.second().~_Tp();
^
Reported by: pkg-fallout
Approved by: ports-secteam blanket
- Pet MDA part, add brackets around Return-Path as per RFC5322 §3.6.6.
Missing brackets lead to a panic when a malformed address line
is fed to dovecot-lda
Submitted by: gahr
Reported by: brnrd via dovecot ML
Obtained from: 725ba4fa2d
Approved by: portmgr (adamw)
devel/cxxtools: unbreak with libc++ 6.0
In file included from settingswriter.cpp:28:
In file included from ./settingswriter.h:31:
In file included from ../include/cxxtools/char.h:32:
In file included from /usr/include/c++/v1/string:477:
/usr/include/c++/v1/string_view:211:5: error: static_assert failed due to requirement 'is_pod<value_type>::value' "Character type of basic_string_view must be a POD"
static_assert(is_pod<value_type>::value, "Character type of basic_string_view must be a POD");
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
settingswriter.cpp:42:21: note: in instantiation of template class 'std::__1::basic_string_view<cxxtools::Char, std::__1::char_traits<cxxtools::Char> >' requested here
*_os << std::endl;
^
Reported by: pkg-fallout
Approved by: ports-secteam blanket
Paypal backend was re-added in this release and was missed due to the
arguments passed by EBIC_CONFIGURE_OFF. Consequently, the pkg-plist was
broken when the EBICS option was enabled.
Adjust the check for security/xmlsec1 so that aqbanking can be built
in poudriere with the EBICS option enabled.
Approved by: ports-secteam (blanket)
Fix arm-none-eabi-gcc/aarch64-none-elf-gcc plist after r466699
jhb fixed these ports in r466699, but include-fixed headers has changed
since the last update, perhaps due to --sysroot and these ports being built
differently since then.
Add the extra headers to the plist and bump PORTREVISION due to package
differences. This fixes some sanity checking in the plist, since these files
are installed to the stage dir.
Reported by: Phillip R. Jaenke <prj@rootwyrm.com>
Approved by: ler (ports)
Approved by: ports-secteam (riggs)
Update to upstream version 1.4.9
Details:
- Update to upstream version 1.4.9
- Switch build system to cmake (mandatory upstream)
- Build shared libs, not static libs (upstream build
system requires either-or; the number of consumers
in the ports tree is small, this is unlikely to
cause problems)
Approved by: ports-secteam (riggs)
Update to upstream version 1.3.6
Details:
- Update to upstream version 1.3.6
- Switch build system to cmake (mandatory upstream)
- Build shared libs, not static libs (upstream build
system requires either-or; the number of consumers
in the ports tree is small, this is unlikely to
cause problems)
Approved by: ports-secteam (riggs)
Update to upstream version 2.3.7
Details:
Bug Fixes and Enhancements:
- #3055, [raster] ST_Clip() on a raster without band crashes the server
(Regina Obe)
- #3978, Fix KNN when upgrading from 2.1 or older (Sandro Santilli)
- #4003, lwpoly_construct_circle: Avoid division by zero (Raúl MarÃn RodrÃguez)
- #4017, lwgeom lexer memory corruption (Peter E)
- #4020, Casting from box3d to geometry now returns correctly connected
PolyhedralSurface (Matthias Bay)
- #4025, #4032 Incorrect answers for temporally "almost overlapping" ranges
in ST_ClosestPointOfApproach and ST_CPAWithin
(Paul Ramsey, Darafei Praliaskouski)
- #4052, schema qualify several functions in geography (Regina Obe)
PR: 227360
Submitted by: lbartoletti@tuxfamily.org (maintainer)
Approved by: ports-secteam (riggs)
net/ceph: drop bogus flavor specifier
Unsuffixed binaries are only installed for default python version.
$ DEFAULT_VERSIONS=python=3.6 make
[...]
===> ceph-12.2.4_1 depends on executable: sphinx-build - not found
===> ceph-12.2.4_1 depends on executable: virtualenv - not found
PR: 227260
Approved by: ports-secteam blanket
Update to version 0.9.1 which is required for gitlab 10.5.x.
Reviewed by: swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D14943
Approved by: ports-secteam (eadler)
Fix two more issues with r465416.
- Force build of a cross-compiler by defining CROSS_DIRECTORY_STRUCTURE
in CFLAGS even if the build host matches the build target. This
fixes such a cross compiler to not include /usr/local/lib in its default
library path (e.g. amd64-gcc when built on amd64).
- Don't remove the include-fixed headers for the aarch64-none-elf-gcc
and arm-none-eabi-gcc packages.
- Bump PORTREVISION.
Reported by: kevans (2)
Reviewed by: bdrewery, kevans
Differential Revision: https://reviews.freebsd.org/D14925
Approved by: ports-secteam (feld)
Update to 1.25.0.
- The ABI patch is no longer needed on head due to fixes being upstreamed
to use the pre-ino64 symbols. The ABI patch is still needed for the
bootstrap but should be removable for 1.26.0 if it uses beta 2018-03-18.
PR: 227130 [based on]
Tested by: dumbbell, Charlie Li
Submitted by: riggs [based on]
Differential Revision: https://reviews.freebsd.org/D14921 [based on]
Approved by: portmgr (implicit)
math/ceres-solver: unbreak OPENMP=off after r465555
$ make config
│ │──────────────────────────── Threading support ───────────────────────────│ │
│ │+( ) OPENMP Parallel processing support via OpenMP │ │
│ │+(*) TBB Intel threading building blocks │ │
====> You cannot select multiple options from the THREADS radio
=====> Only one of these must be defined: OPENMP TBB
Config is invalid. Re-edit? [Y/n] y
Approved by: ports-secteam blanket
security/ipsec-tools: fix CVE-2016-10396
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable
computational-complexity attack when parsing and storing ISAKMP fragments.
The implementation permits a remote attacker to exhaust computational
resources on the remote endpoint by repeatedly sending ISAKMP fragment
packets in a particular order such that the worst-case computational
complexity is realized in the algorithm utilized to determine
if reassembly of the fragments can take place.
The fix obtained from NetBSD CVS head with a command:
cvs diff -D 2017-01-24 -D 2017-09-01 \
src/racoon/handler.h \
src/racoon/isakmp.c \
src/racoon/isakmp_frag.c \
src/racoon/isakmp_inf.c
While here, add LICENSE.
PR: 225066
Approved by: ports-secteam (riggs)
Obtained from: NetBSD
Security: CVE-2016-10396
Security: https://www.vuxml.org/freebsd/974a6d32-3fda-11e8-aea4-001b216d295b.html
- Remove duplicate dependency libxml2
- Remove comment about use_system_icu because icu is already unbundled
- Update pkg-message for the hanging tabs problem
Approved by: ports-secteam (blanket)
net-mgmt/py-pdagent: Add dedicated user/group
- Also add pkg-message informing how to permit users and services access
net/py-pdagent: Further increase security
Limit access to alert data files which could hold sensitive information
PR: 227273
shells/oksh: Update to 20180401
This release matches the version of bin/ksh shipped with OpenBSD 6.3
PR: 227311
Submitted by: bcallah@openbsd.org (maintainer)
Approved by: ports-secteam (riggs)
www/node4: Mark as deprecated and set expiration date
The Node.js project has set v4.x end-of-life date to 2018-04-30.
www/node4: fix portlint errors and relevant warnings
- move DEPRECATED/EXPIRATION_DATE out of MAINTAINER section
- move ONLY_FOR_ARCHS
- remove USES_LDCONFIG (Node.js doesn't install a .so)
Approved by: ports-secteam (riggs)
- Remove duplicate dependency libxml2
While I'm here remove comment about use_system_icu because it is already unbundled.
Approved by: ports-secteam blanket
Update to upstream release 1.5.4 (bugfix release)
Details:
- Update to upstream release 1.5.4, changelog see
https://github.com/containous/traefik/releases/tag/v1.5.4
- Install sample configuration file that allows to
start traefik out of the box without configuration tweaks
- Add pkg-message; includes a note on how to accomplish
binding to privileged ports
Approved by: ports-secteam (riggs)
Fix 301 redirects in the UrlBuilder class
- http scheme redirects to https
- Mobile website (m.last.fm) redirects to www.last.fm
- Localized hosts redirect e.g. www.lastfm.de to www.last.fm/de
- New localePath() function has been added to handle the localized
base path since the library was localizing using the host before.
This is not an official fix, but upstream is pretty dead.
Move USES upward
Convert CMAKE_ARGS to CMAKE_ON
Approved by: ports-secteam (blanket)
- Fix and update the comment when building dnsdist on 10.x
- Mark BROKEN on FreeBSD 10.3, fails to link due to lack of thread_local
Approved by: ports-secteam blanket
www/firefox: use SkiaGL by default for OpenGL/WebRender compositing
Copy OS X behavior. If OpenGL compositing[1] doesn't crash OS or browser
SkiaGL canvas rendering is unlikely to make it worse. Mainly improves
FishIE Tank benchmark.
[1] layers.acceleration.force-enabled -> true in about:config or
$ env MOZ_ACCELERATED=1 firefox -new-instance -profile `mktemp -d` ...
Approved by: ports-secteam blanket
www/node: Update 9.10.0 -> 9.10.1
No changes from the previous verison. This release ensures that the
hosted binaries from the Node.js project adhere to the platform support
contract, which does not apply to the FreeBSD port and packages.
Approved by: ports-secteam (riggs)
www/node8: Update 8.11.0 -> 8.11.1
No changes from the previous verison. This release ensures that the
hosted binaries from the Node.js project adhere to the platform support
contract, which does not apply to the FreeBSD port and packages.
Approved by: ports-secteam (riggs)
www/node6: Update 6.14.0 -> 6.14.1
No changes from the previous verison. This release ensures that the
hosted binaries from the Node.js project adhere to the platform support
contract, which does not apply to the FreeBSD port and packages.
Approved by: ports-secteam (riggs)
www/node4: Update 4.9.0 -> 4.9.1
No changes from the previous verison. This release ensures that the
hosted binaries from the Node.js project adhere to the platform support
contract, which does not apply to the FreeBSD port and packages.
Approved by: ports-secteam (riggs)
dns/dnsdist: Fix building against openssl from base
checking for LIBSSL... no
configure: error: OpenSSL libssl requested but libraries were not found
===> Script "configure" failed unexpectedly.
Please report the problem to cpm@FreeBSD.org [maintainer] and attach the
"/wrkdirs/usr/ports/dns/dnsdist/work/dnsdist-1.3.0/config.log" including the
output of the failure of your make command. Also, it might be a good idea to
provide an overview of all packages installed on your system (e.g. a
/usr/local/sbin/pkg-static info -g -Ea).
*** Error code 1
Stop.
make: stopped in /usr/ports/dns/dnsdist
PR: 227180
Submitted by: Ralf van der Enden <tremere@cainites.net>
Approved by: ports-secteam (riggs)
dns/dnsdist: fix rc.d script, add support for LuaJIT and enable some new features
- Really fix the rc.d script to start using daemon(8) and add the --supervised commandline argument (which suppresses opening up the console)
- Enable DNS-over-TLS (upstream suggests enabling both GnuTLS and OpenSSL backends so you can switch in case of a serious security issue in .ie OpenSSL)
- Add OpenSSL support (enabled by default)
- Add GnuTLS support (enabled by default)
- Add dnstap support (disabled by default)
- Add SNMP support (disabled by default)
- Add support for LuaJIT or whatever you set as your default version in make.conf (disabled by default)
- Bump PORTREVISION
PR: 227175
Submitted by: Ralf van der Enden <tremere@cainites.net>
Approved by: ports-secteam (riggs)
Mark BROKEN: fails to package
pkg-static: Unable to access file /wrkdirs/usr/ports/editors/editorconfig-core-c/work/stage/usr/local/man/man1/editorconfig.1.gz:No such file or directory
pkg-static: Unable to access file /wrkdirs/usr/ports/editors/editorconfig-core-c/work/stage/usr/local/man/man3/editorconfig.h.3.gz:No such file or directory
pkg-static: Unable to access file /wrkdirs/usr/ports/editors/editorconfig-core-c/work/stage/usr/local/man/man3/editorconfig_handle.h.3.gz:No such file or directory
pkg-static: Unable to access file /wrkdirs/usr/ports/editors/editorconfig-core-c/work/stage/usr/local/man/man5/editorconfig-format.5.gz:No such file or directory
Reported by: pkg-fallout
2018-04-01 08:55:38 +00:00
938 changed files with 48404 additions and 9741 deletions
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
