devel/googletest: oops, builds fine with clang++ -stdlib=libstdc++ -std=gnu++03
FreeBSD 9.x defaulted to GCC 4.2 but could use Clang, so c++11-lang
used Clang while c++11-lib use lang/gcc* bun nowadays the difference
no longer exists. While testing previous change I forgot to account
that newer Clang versions have switched to C++14 by default while
libstdc++ 4.2 doesn't support C++11 or newer.
PR: 231835
Approved by: ports-secteam blanket
devel/googletest: unbreak on GCC architectures after r478607
In file included from ./include/gtest/gtest.h:59,
from src/gtest_main.cc:31:
./include/gtest/internal/gtest-internal.h:657: error: expected ',' or '...' before '>' token
./include/gtest/internal/gtest-internal.h:657: error: parse error in template argument list
./include/gtest/internal/gtest-internal.h:657: error: default argument missing for parameter 7 of 'static bool testing::internal::TypeParameterizedTest<Fixture, TestSel, Types>::Register(const char*, const testing::internal::CodeLocation&, const char*, const char*, int, const std::vector<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&, Types)'
In file included from src/gtest_main.cc:31:
In file included from ./include/gtest/gtest.h:59:
./include/gtest/internal/gtest-internal.h:947:44: error: no member named 'declval' in namespace 'std'
class Iterator = decltype(::std::declval<const C&>().begin()),
~~~~~~~^
./include/gtest/internal/gtest-internal.h:947:52: error: expected expression
class Iterator = decltype(::std::declval<const C&>().begin()),
^
./include/gtest/internal/gtest-internal.h:948:35: error: no member named 'declval' in namespace 'std'
class = decltype(::std::declval<const C&>().end()),
~~~~~~~^
./include/gtest/internal/gtest-internal.h:948:43: error: expected expression
class = decltype(::std::declval<const C&>().end()),
^
./include/gtest/internal/gtest-internal.h:949:37: error: no member named 'declval' in namespace 'std'
class = decltype(++::std::declval<Iterator&>()),
~~~~~~~^
./include/gtest/internal/gtest-internal.h:949:45: error: 'Iterator' does not refer to a value
class = decltype(++::std::declval<Iterator&>()),
^
./include/gtest/internal/gtest-internal.h:947:17: note: declared here
class Iterator = decltype(::std::declval<const C&>().begin()),
^
./include/gtest/internal/gtest-internal.h:949:54: error: expected expression
class = decltype(++::std::declval<Iterator&>()),
^
./include/gtest/internal/gtest-internal.h:949:56: error: expected expression
class = decltype(++::std::declval<Iterator&>()),
^
./include/gtest/internal/gtest-internal.h:950:36: error: no member named 'declval' in namespace 'std'
class = decltype(*::std::declval<Iterator>()),
~~~~~~~^
./include/gtest/internal/gtest-internal.h:950:44: error: 'Iterator' does not refer to a value
class = decltype(*::std::declval<Iterator>()),
^
./include/gtest/internal/gtest-internal.h:947:17: note: declared here
class Iterator = decltype(::std::declval<const C&>().begin()),
^
./include/gtest/internal/gtest-internal.h:950:54: error: expected expression
class = decltype(*::std::declval<Iterator>()),
^
PR: 231835
Submitted by: Piotr Kubaj (based on)
Approved by: ports-secteam blanket
gecko: whitelist where DTRACE is enabled by default
Userland probes are only supported on Tier1 architectures. Even though
powerpc* should support dtrace -G may crash on C++ files built by GCC.
DTRACE option is still exposed as long as dtrace(1) binary is present
for easier debugging of libdtrace.
PR: 221641 224271
Approved by: ports-secteam blanket
www/apache24: Update to 2.4.35
Changelog:
*) http: Enforce consistently no response body with both 204 and 304
statuses. [Yann Ylavic]
*) mod_status: Cumulate CPU time of exited child processes in the
"cu" and "cs" values. Add CPU time of the parent process to the
"c" and "s" values.
[Rainer Jung]
*) mod_proxy: Improve the balancer member data shown in mod_status when
"ProxyStatus" is "On": add "busy" count and show byte counts in
auto mode always in units of kilobytes. [Rainer Jung]
*) mod_status: Add cumulated response duration time in milliseconds.
[Rainer Jung]
*) mod_status: Complete the data shown for async MPMs in "auto" mode.
Added number of processes, number of stopping processes and number
of busy and idle workers. [Rainer Jung]
*) mod_ratelimit: Don't interfere with "chunked" encoding, fixing regression
introduced in 2.4.34. PR 62568. [Yann Ylavic]
*) mod_proxy: Remove load order and link dependency between mod_lbmethod_*
modules and mod_proxy. PR 62557. [Ruediger Pluem, William Rowe]
*) Allow the argument to <IfFile>, <IfDefine>, <IfSection>, <IfDirective>,
and <IfModule> to be quoted. This is primarily for the benefit of
<IfFile>. [Eric Covener]
*) mod_watchdog: Correct some log messages. [Rainer Jung]
*) mod_md: When the last domain name from an MD is moved to another one,
that now empty MD gets moved to the store archive. PR 62572.
[Stefan Eissing]
*) mod_ssl: Fix merging of SSLOCSPOverrideResponder. [Jeff Trawick,
[Frank Meier <frank meier ergon.ch>]
*) mod_proxy_balancer: Restore compatibility with APR 1.4. [Joe Orton]
With hat: apache
Approved by: ports-secteam (miwi)
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.5, 9.6.10, 9.5.14, 9.4.19,
9.3.24. This release fixes two security issues as well as bugs reported over
the last three months.
If you have untrusted users accessing your system and you are either running
PostgreSQL 9.5 or a newer version OR have installed the "dblink" or
"postgres_fdw" extensions, you must apply this update as soon as possible. All
other users can upgrade at the next convenient downtime.
Please note that PostgreSQL changed its versioning scheme with the release of
version 10.0, so updating to version 10.5 from any 10.x release is considered a
minor update.
The PostgreSQL Global Development Group also announces that the third beta
release of PostgreSQL 11 is now available for download. This release contains
previews of all features that will be available in the final release of
PostgreSQL 11 (though some details of the release could change before then) as
well as bug fixes that were reported during the second beta.
This release also changes the default option for the server packages to *not*
include XML support per default. If you need this, please check the XML option
knob and build the port.
Releasenotes: https://www.postgresql.org/about/news/1878/
PR: 229523, 198588
Security: 96eab874-9c79-11e8-b34b-6cc21735f730
Security: CVE-2018-10915, CVE-2018-10925
Approved by: ports-secteam
Mark the freebsd-doc-* ports broken on aarch64 and powerpc64 due to various
problems with the Java runtime.
Approved by: portmgr (tier-2 blanket)
Update to r52155 from the FreeBSD docset.
Approved by: doceng (implicit)
Update to r52287 from the FreeBSD docset (a.k.a. 12.0-R version)
Approved by: doceng (implicit)
Approved by: portmgr (blanket)
security/lockdown: mark FORBIDDEN as it renders the system unbootable
By inspection I see that the port sets the obsolete 'nodev' flag in
/etc/fstab, and it really needs careful review for use with contemporary
FreeBSD; upstream is gone.
Reported by: Jeffrey Bouquet on -current
Fix runtime error: remove -march=native as optimisation target
Details:
The upstream Makefile contains -march=native as optimisation which leads
to unconditional use of AVX instructions if built on a machine that has
AVX support. Subsequently this causes SIGILL on processors without AVX,
including latest-generation Atom descendants.
PR: 225922
Reported by: arthur@qeng-ho.org
Approved by: hsw@bitmark.com (maintainer, implicit)
Approved by: ports-secteam (riggs)
www/joomla3: upgrade to 3.8.10
Release Announcement: https://www.joomla.org/announcements/release-news/5737-joomla-3-8-10-release.html
Moved to using the official distribution tarball. This shrinks the package significantly.
www/joomla3: update to 3.8.11.
Joomla 3.8.11 addresses several bugs and improvements, including:
Fix for the Missing "Select Type" field in the Extensions Manager #20881
Replace the URL parameter "limitstart=0" by "start=0" when SEF is enabled #19452
Remove non callable array items from field categories #20093
Articles - Category Module: New showon attribute for form fields #20950
Fix OpenSearch implementation #20937
Fix for tag filtering in Featured Articles view in administrator #21138
Fix for filtering Featured Articles by access level in administrator #21168
Media manager: relative paths for video files #21156
Com_menus: removal of useglobal attribute #21095
Multilingual Associations Component: fix associations in sidebyside view for contact and newsfeeds #21180
www/joomla3: update to 3.8.12.
Joomla 3.8.12 includes three security vulnerability fixes, several bug fixes and improvements:
Security Issues Fixed
Low Priority - Core - Hardening the InputFilter for phar stubs (affecting Joomla 1.5.0 through 3.8.11) More information
Low Priority - Core - Stored XSS vulnerability in the frontend profile (affecting Joomla 1.5.0 through 3.8.11) More information
Low Priority - Core - ACL Violation in custom fields (affecting Joomla 3.7.0 through 3.8.11) More information
Bug fixes and Improvements
mod_articles_latest and mod_articles_news: fix to show featured articles #21336
Tags in com_content: fix to display tags when other item info are set to hidden #21275
com_tags: All Tags default layout #21031
Allows filtering by the archived state in the redirect component #21673
Visit GitHub for the full list of bug fixes.
Approved by: ports-secteam (eadler)
Security: CVE-2018-15860
Security: CVE-2018-15881
Security: CVE-2018-15882
Remove gcc.skazkaforyou.com from MASTER_SITE_GCC. It's gone rogue and
is up for sale, and does not provide mirror service any longer.
Approved by: portmgr (miwi)
r478951:
- Update print/ghostscript9-agpl-base and print/ghostscript9-agpl-x11 to
9.24.
- Set USE_CSTD=gnu99 and eliminate a patch.
- Add cpe string.
- Patch configure to respect CFLAGS.
r479032:
Add a patch to give Ghostscript read permission on
/usr/local/share/ghostscript/9.24/iccprofiles/* in -dSAFER mode.
r479243:
Add some upstream patches for regressions in 9.24.
patch-010-bc3df07
For ICC profile validation, have cups id iteself as DeviceN.
patch-020-c8c01f8, patch-030-1341854
Add the ICCProfilesDir to the PermitReading list.
patch-040-9528102
Fix ps2epsi /undefined in --setpagedevice--.
PR: 231148
Approved by: ports-secteam (eadler)
Security: https://www.kb.cert.org/vuls/id/332928
r478512:
Add a package message instructing the user how to use ports ntp
instead of base ntp.
Reported by: adamw
r478840:
Fix a typo.
Reported by: Herbert J. Skuhra <herbert@gojira.at>
r479083:
Also tell people how to enable ntpd and ntpdate from ports using
sysrc.
mat@ suggested this however as I'm not enamoured with sysrc, it has
been added as annother approach to add/edit rc.conf variables.
Reported by: mat@
Approved by: portmgr (miwi@)
- USE_GNOME also requires USES=gnome
- Switch to USES=localbase:ldflags
- Revert Makefile.tests and include more *_unittests
- Update patch file with missing WEBRTC_BSD macro
- Apply several patches from devel/googletest (thanks to jbeich@)
- Bump PORTREVISION
Approved by: ports-secteam (blanket)
Fix memleak, update MAINTAINER
Details:
- Fix a memory leak in ZXID caused by using system hexdump() function
instead of the one included in ZXID.
- Set MAINTAINER'ship to admins@perceptyx.com
PR: 230978
Submitted by: amontalban@gmail.com (new maintainer)
Approved by: ports-secteam (riggs)
Update gitlab to 11.1.4.
Fixed dependency problem for security/doorkeeper.
The currently used doorkeeper43 version has a security vulnerability, this problem was reported upstream to gitlab here:
https://gitlab.com/gitlab-org/gitlab-ce/issues/49940
PR: 230306
Approved by: mentors (implicit)
www/gitlab-ce add a check after the build process to verify all used gems matching the requirements.
This should make it easier to see gem updates that are breaking the gitlab-ce port.
Approved by: mentors (implicit)
www/gitlab-ce security update to version 11.1.6.
Details about vulnerabilities can be found here:
https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
Approved by: mentors (implicit)
MFC after: 1 d
Security: ffeb25d0-ac94-11e8-ab15-d8cb8abf62dd
Approved by: ports-secteam (miwi)
Copied port security/rubygem-doorkeeper and fix it to version 4.3.x which is required by gitlab.
PR: 230306
Approved by: mentors (implicit)
Approved by: ports-secteam (miwi)
Update to 2.5.5 which addresses security issues:
- Fix array bounds checking in BinPAC: for arrays that are
fields within a record, the bounds check was based on a pointer
to the start of the record rather than the start of the array
field, potentially resulting in a buffer over-read.
- Fix SMTP command string comparisons: the number of bytes
compared was based on the user-supplied string length and can
lead to incorrect matches. e.g. giving a command of "X"
incorrectly matched "X-ANONYMOUSTLS" (and an empty commands
match anything).
- Weird" events are now generally suppressed/sampled by default
according to some tunable parameters.
- Improved handling of empty lines in several text protocol
analyzers that can cause performance issues when seen in long
sequences.
- Add `smtp_excessive_pending_cmds' weird which serves as a
notification for when the "pending command" queue has reached
an upper limit and been cleared to prevent one from attempting
to slowly exhaust memory.
Approved by: ler (mentor, implicit)
Security: d0be41fe-2a20-4633-b057-4e8b25c41780
Approved by: ports-secteam (miwi), ler (mentor, implicit)
databases/mantis: Revert fake update from r475644
The checksums and sizes from 2.9.0 and 2.15.0 are identical because
GH_TAGNAME was not updated as well, so the update to 2.15.0 never
actually happened.
PR: 229880
Pointy hat: joneum
Security: 0822a4cf-9318-11e8-8d88-00e04c1ea73d
Take maintainership of databases/mantis
databases/mantis: Update to 2.16.0
- Use upstream release tarball instead of doing our own vendoring
- Add missing PHP extensions
- Flavorize
- Update plugins and install them by default
- Add LICENSE
- Improve pkg-descr
Changes: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.16.0
PR: 229880
Reviewed by: dvl, mat, ndowens@yahoo.com
Security: 0822a4cf-9318-11e8-8d88-00e04c1ea73d
Differential Revision: https://reviews.freebsd.org/D16890
Approved by: ports-secteam (miwi)
emulators/rpcs3: drop GCC < 6 after r478266/r475856
USES=compiler:c++17-lang defines USE_GCC=yes but anything older than
lang/gcc7 have incomplete C++17 support. As this port is amd64-only
supporting old GCC is of little value.
https://gcc.gnu.org/projects/cxx-status.html
Approved by: ports-secteam blanket
emulators/rpcs3: unbreak on FreeBSD 10.4/11.1
Utilities/types.h:94:13: error: no member named 'byte' in namespace 'std'
using std::byte;
~~~~~^
Utilities/types.h:773:18: error: no type named 'byte' in namespace 'std'
alignas(A) std::byte data[S];
~~~~~^
rpcs3/Emu/RSX/rsx_utils.h:9:10: fatal error: 'optional' file not found
#include <optional>
^~~~~~~~~~
rpcs3/Emu/RSX/Overlays/overlay_controls.h:1354:20: error: no member named 'clamp' in namespace 'std'
m_value = std::clamp(value, 0.f, m_limit);
~~~~~^
Reported by: pkg-fallout
Pointy hat to: jbeich
Approved by: ports-secteam blanket
dns/void-zones-tools: Respect CFLAGS and avoid using -march=native
It currently compiles with -march=native which breaks on some
machines
cc -march=native -mssse3 -ffast-math -std=c11 -g0 -Ofast -fstrict-aliasing -Wno-parentheses binutils.c -c -o binutils.o
error: unknown target CPU 'k6-3'
Given that the build is currently targeting the build host CPU,
existing binary packages on pkg.FreeBSD.org (or elsewhere) might
be broken on many machines too, so bump PORTREVISION to trigger a
rebuild.
PR: 230899
Submitted by: tobik
Reported by: Marco Beishuizen <mbeis@xs4all.nl>
Approved by: Vidar Karlsen <vidar@karlsen.tech> (maintainer)
Approved by: ports-secteam (miwi)
The send-email command uses (require's) IO:Socket:SSL directly, and the
devel/git port previously depended on mail/p5-Net-SMTP-SSL, which depended on
and brought in the security/p5-IO-Socket-SSL port to satisfy it.
ports r431794 [1] removed the dependency on p5-Net-SMTP-SSL due to deprecation
which prevented the (direct) dependency from being installed (via another
dependency), resulting in breaking function for encrypted/secured mail
destinations.
This change adds a direct dependency on IO::Socket::SSL as it ought to have
been originally.
[1] https://svnweb.freebsd.org/changeset/ports/431794
Reported by: ns5 (via IRC)
Approved by: portmgr (blanket: broken dependencies)
Approved by: ports-secteam (riggs)
Permit using allow-new-zones, LMDB, and a chrooted environment.
Fixes this obscure and not at all helpful message:
mdb_env_open of '_default.nzd' failed: No such file or directory
PR: 229125
Reported by: Tomáš Čiernik
x11/libX11: Update to 1.6.6
This is a security update
Changelog:
https://lists.x.org/archives/xorg-announce/2018-August/002916.html
Note: I had to hand-merge Makefile a little because of differences in
portrevision.
Security: fe99d3ca-a63a-11e8-a7c6-54e1ad3d6335
Approved by: ports-secteam (miwi)
- Add more useful comments to make Makefile more readable
- Fix TEST option allow running basic tests and skip tests that must be verified
if they are supported before being added back to TEST_TARGETS
- Add patches that fixes crash with non-MESA drivers fall back to scanning PCI
devices. Ideally, we'd like to use libpci but the current version calculates
device class wrong for non-root users (patch submitted to libpci author), so
a workaround would be messy. Instead, use direct access to /dev/pci. Once the
upstream fixes the bug generic libpci code can be used [1]
Tested by: Oleh Hushchenkov <gor@clogic.com.ua>, Jonathan Chen <jonc@chen.org.nz>
- Bump PORTREVISION
PR: 230450 [1]
Submitted by: gonzo [1]
Reported by: Oleh Hushchenkov, Jonathan Chen [1]
Approved by: ports-secteam (blanket)
While burning ISO Multisession BD-R 50G growisofs reports no space left while
24G+ are available.
Backport a fix from Debian [1] to address the issue.
While I'm here, document description and origins of both patches [1][2] that
apply to same source file, for our future selves, and to avoid confusion
as both chunks reference the same variable.
[1] https://bugs.debian.org/615978
[2] https://bugs.debian.org/713016
PR: 230493
Submitted by: Masachika ISHIZUKA <ish amail plala or jp>
Approved by: portmgr (implicit, unmaintained port)
Obtained from: Debian [1]
Approved by: miwi (ports-secteam)
Clang 6 (on 12-CURRENT) reports the following error during build:
EWMH.cc:250:7: error: non-constant-expression cannot be narrowed from type
'long' to 'unsigned long' in initializer list [-Wc++11-narrowing]
{ static_cast<long>(x), static_cast<long>(y) };
^~~~~~~~~~~~~~~~~~~~
There was also a bug introduced 4 years ago which removed the MAN1 variable a
later INSTALL_MAN macro relied on [1]. This caused a build/install failure
when the TOOLS_ONLY option was enabled.
This change fixes those two issues.
While I'm here level up port compliance:
- Add LICENSE_FILE
- Convert to OPTIONS helpers
- Regenerate patches
[1] http://svnweb.freebsd.org/changeset/ports/346174
[2] https://lists.freebsd.org/pipermail/freebsd-ports/2018-August/114039.html
PR: 226708
Submitted by: <Trond Endrestol ximalas info> (Clang 6 fix)
Approved by: Andrew J. Caines <A J Caines halplant com> (technically)
Approved by: portmgr (implicit, build fixes, framework compliance)
Reported by: Erich Dollansky <freebsd ed lists sumeritec com> [2]
Approved by: miwi (ports-secteam)
Removed fastcgi, this is no longer supported in seafile 6.3+
and previous installs 6.3+ prior to this revision are broken
when using the seahub_fastcgi option.
Approved by: portmgr (miwi@)
mail/dovecot: upgrade to 2.3.2.1.
v2.3.2 still had a few unexpected bugs:
- SSL/TLS servers may have crashed during client disconnection
- lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have
sometimes assert-crashed.
- v2.3.2: "make check" may have crashed with 32bit systems
mail/dovecot, mail/dovecot22: suppress harmless error message when the symlink in /var/run/dovecot
to the config file doesn't exist.
PR: 225078
Reported by: pkubaj@anongoth.pl
Reviewed by: adamw
Approved by: ports-secteam (miwi)
x11-toolkits/wxgtk30 and x11-toolkits/wxgtk31: Fix the problem that TLS is broken on armv6/7
ftp/filezilla was dumping core
PR: 229396
Submitted by: Ulrich Grey <usenet@ulrich-grey.de>
Approved by: ports-secteam (miwi@FreeBSD.org)
Fix OPENAL option when using lld as the default linker
While on it: Replace LIB_DEPENDS by USES for OPENAL
PR: 230593
Submitted by: tobik
Update to upstream version 0.20.21
Details:
- Upstream changelog see:
https://raw.githubusercontent.com/MusicPlayerDaemon/MPD/v0.20.21/NEWS
Approved by: ports-secteam (riggs)
- Cosmetic fix in Makefile
- Allow chromium to use the Linux GPU access setup implementation by default since it works correctly
- Add missing file for DEBUG option in pkg-plist
- Sort pkg-plist
- Bump PORTREVISION
Approved by: ports-secteam (blanket)
r477402:
In preparation for applying security patches, switch to grouping of
patches per site as suggested by mat@.
Suggested by: mat@
Differential Revision: https://reviews.freebsd.org/D16718
r477402 needs to be merged as well in order for r477403 to merge
properly.
r477403:
Chase net/wpa_supplicant r477202 and base contrib/wpa r337819.
WPA: Ignore unauthenticated encrypted EAPOL-Key data
Though hostapd is technically not vulnerable, the mitigation for
CVE-2018-14526 does apply cleanly, therefore it is applied to maintain
consistency with net/wpa_supplicant and wpa in base.
Approved by: leres@
Differential Revision: https://reviews.freebsd.org/D16718
Approved by: portmgr (miwi@)
www/chromium: Update to 68.0.3440.106
- Update amount of free disk space required to build chromium
- Implement GPU access set up for FreeBSD [1]
- Remove the incorrect sugestion in pkg-message and remove the fix-hanging-tabs.sh script because the bug of hanging tabs has been fixed in r337328 improving the chromium stability. Thanks to markj@ [2]
PR: 230450 [1], 212812 [2]
Reported by: Oleh Hushchenkov <gor@clogic.com.ua>
Approved by: ports-secteam (miwi)
databases/mysql80-client: Unbreak patching
Broken after patch(1) changes in r326084
PR: 228788
Submitted by: curtis@ipv6.occnc.com
Approved by: tcberner (mentor) mmokhi (maintainer)
Differential Revision: https://reviews.freebsd.org/D16532
databases/mysql80-{client, server}: Update ports to 8.0.12
This update includes Oracle Critical Patch Advisory published on July 2018
More info:
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL
Also:
Delete upstreamed hunks of patches.
Change local patches regarding upstream changes.
PR: 229861
Reported by: Markus Kohlmeyer <rootservice@gmail.com>
Sponsored by: The FreeBSD Foundation
databases/mysql80-server: Fix build on default Clang of 10.4-base
Add sse4.2 flag to CXXFLAGS on 10.4 case.
The build-script needs it when using intrin lib on crc32
Sponsored by: The FreeBSD Foundation
databases/mysql80-server: Use c++14-lang instead of `msse-4.2 in CXXFLAG`
As suggested via replies to r477036 using `-msse-4.2` may break build on other
platforms.
Reported by: linimon danfe jbeich
Sponsored by: The FreeBSD Foundation
databases/mysql80-server: Delete no-longer-needed patch for sse4.2
Reported by: jbeich
Sponsored by: The FreeBSD Foundation
Approved by: ports-secteam (feld)
mysql57-{client, server}: Update ports to 5.7.23
This update includes Oracle Critical Patch Advisory published on July 2018
More info:
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL
PR: 229860
Submitted by: Dani <i.dani@outlook.com<
Reported by: Markus Kohlmeyer <rootservice@gmail.com>
Reviewed by: brnrd , koobs
Sponsored by: The FreeBSD Foundation
mysql57-server: Fix build with LibreSSL 2.7
PR: 230527
Submitted by: Markus Kohlmeyer <rootservice@gmail.com>
Reported by: Markus Kohlmeyer <rootservice@gmail.com>
Sponsored by: The FreeBSD Foundation
Approved by: ports-secteam (feld)
databases/mysql56-server: Fix build with LibreSSL
PR: 227178
Approved by: mmokhi (maintainer)
mysql56-{client, server}: Update ports to 5.6.41
This update includes Oracle Critical Patch Advisory published on July 2018
More info:
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL
Sponsored by: The FreeBSD Foundation
Approved by: ports-secteam (feld)
Ensure that slapd starts before kdc, as the kdc may be configured to
require LDAP services. If it is configured to require LDAP and the
slapd server is not yet started, the kdc will fail to start.
PR: 229939
Approved by: delphij@ (maintainer)
Differential Revision: https://reviews.freebsd.org/D16602
Approved by: portmgr (miwi@)
databases/xtrabackup: Update to 2.4.12
- Disable version check functionality which is an information disclosure
vulnerability as it posts system information and hostnames to
https://v.percona.com
PR: 230417
Approved by: maintainer
Differential Revision: https://reviews.freebsd.org/D16609
devel/codeblocks-devel: unbreak with libc++ 5
In file included from sqvm.cpp:5:
In file included from /usr/include/c++/v1/math.h:310:
/usr/include/c++/v1/limits:148:85: error: expected expression
_LIBCPP_INLINE_VISIBILITY static _LIBCPP_CONSTEXPR type min() _NOEXCEPT {return type();}
^
../../../../src/include/scripting/squirrel/sqobject.h:99:24: note: expanded from macro 'type'
#define type(obj) ((obj)._type)
^
Submitted by: Michael Butler (based on)
Approved by: ports-secteam blanket
www/chromium: minor fix in pkg-message
%%DATADIR%% is not being expanded in pkg-message, and it shows up like this:
--II--
Chromium has a known problem of hanging tabs. The workaround
for this problem is to mount ~/.cache/chromium as memory-fs.
In order to do this, before you run Chromium, please run the
following script as root once for each user who uses Chromium
(replace {user}/{group} with your user/group names):
# %%DATADIR%%/fix-hanging-tabs.sh {user} {group}
- Add DATADIR to SUB_LIST to correctly be replaced with its value and move pkg-message to FILESDIR.
- Bump PORTREVISION
Reported by: olgeni via mail
Approved by: ports-secteam (blanket)
databases/xtrabackup: Revert depdendency removal
There is a perl script embedded in the binary which can be found at
storage/innobase/xtrabackup/src/version_check.pl. This script can be
ignored if you pass the argument --no-version-check. It could be
possible to replace this with a simple shell script to achieve the same
results and eliminate the dependency on a specific external
libmysqlclient library inherited from DBD::MySQL. This will be
investigated to eliminate this issue.
Pointyhat: me
www/chromium: Update to 68.0.3440.84
Changelog: https://chromium.googlesource.com/chromium/src/+log/67.0.3396.87..68.0.3440.84?pretty=fuller&n=10000
At the moment pkg-message says that in order to work around the hanging tabs problem the user may wish to run the following commands:
# [ -d ~{user}/.cache/chromium ] || mkdir ~{user}/.cache/chromium
# echo "md $(echo ~{user})/.cache/chromium mfs rw,late,-w{user}:{group},-s300m 2 0" >> /etc/fstab
# mount ~{user}/.cache/chromium
Add fix-hanging-tabs.sh script to the DATADIR [1], which simplifies the process to just running
/usr/local/share/chromium/fix-hanging-tabs.sh $user $group
PR: 230264 [1]
Submitted by: 0mp [1]
Security: http://vuxml.freebsd.org/freebsd/b9c525d9-9198-11e8-beba-080027ef1a23.html
Approved by: ports-secteam (miwi)
Fix build with Perl >= 5.26 - regular expression match was failing with
newer MakeMaker which caused the objects to be written to the wrong location
Add LICENSE - the README says it is licensed the same as Perl
Approved by: ports-secteam (blanket)
security/py-gssapi: Fix builds against non-base GSSAPI
Patch setup.py so location of krb5-config is configurable
PR: 229639
Submitted by: john@saltant.com (maintainer)
Sponsored by: Miles AS
Approved by: ports-secteam (miwi)
The webservice that audio/libmusicbrainz3 interfaces with will cease operation
on 2018-08-01. Add upstream patch to use audio/libmusicbrainz5 for track lookup
operations instead.
Reviewed by: rakuco
Obtained from: KDE git repo
Differential Revision: https://reviews.freebsd.org/D16536
Approved by: ports-secteam (blanket)
lang/erlang-runtime{20,21}: Add patch to fix build on i386
Those two ports fail to build on FreeBSD/i386 (all versions) for quite
some time. The Erlang/OTP team provided a patch after Dewayne Geraghty
reported the issue upstream.
Here is the entry in the Erlang/OTP bug tracker:
https://bugs.erlang.org/browse/ERL-677
The patch was successfully tested on FreeBSD 10.4 and 11.1, both i386
and amd64. Dewayne also confirmed success on FreeBSD 11.2.
PR: 229600
Reported by: Dewayne Geraghty <dewayne@heuristicsystems.com.au>
Obtained from: https://bugs.erlang.org/browse/ERL-677
Approved by: portmgr (riggs)
www/py-notebook: add missing dependencies
Fix runtime by adding missing dependencies: prometheus-client is required for
all versions and ipaddress is required for python 2.7. Bump PORTREVISION to
chase a dependency change.
With hat: python
www/py-notebook: correct typo
Approved by: portmgr (miwi)
net/owamp: Unconditionally define a private timespecadd
net/owamp assumes that if timespecadd is defined, it's identical
to the two-argument version found in the FreeBSD kernel. However,
the three argument version found in NetBSD and OpenBSD is actually
more common. An upcoming commit to head will replace FreeBSD's
version with the NetBSD version. So net/owamp shouldn't assume
that if FreeBSD defines timespecadd, it's defining the 2-argument
version.
PR: 230059
Submitted by: asomers
Approved by: portmgr (bapt)
Update to 1.6.4 which is required for gitlab 11.1.1.
Take maintainer.
Made portlint happy.
Approved by: mentors (implicit)
Approved by: ports-secteam (miwi)
lang/ruby2[4|5]: Use internal RUBY_DLDFLAGS right way, get rid of unescaped macro '$@' in the pkg-config template
lang/ruby23 is already fixed same way, port it to newer releases
By the way, this unbreak ninja builds with any port relied on libruby.so
PR: 229898
Submitted by: fluffy
Reviewed by: ruby (miwi)
Approved by: ruby (miwi)
Exp-run by: antoine
Differential Revision: D16341
Approved by: ports-secteam (miwi)
vboxheadless: Fix start of specific machine after base r291770.
The vboxheadless rc script has its own pid checking, so the rc.subr
version in run_rc_command is not needed.
PR: 212074
Approved by: portmgr (implicit)
Put the git dependency in the right place. Now chromedriver needs git dependency at build time.
Don't bump PORTREVISION because DRIVER option is enabled by default and does not affect to the generated package.
Reported by: Claude Buisson <clbuisson@orange.fr>
Approved by: ports-secteam (blanket)
devel/php71-intl and devel/php72-intl
Commit missed resets of PORTREVISION after updates of lang/php71 and lang/php72
Approved by: ports-secteam (miwi)
lang/php72: Update from 7.2.7 to 7.2.8
Changelog: http://www.php.net/ChangeLog-7.php#7.2.8
Also patch out MySQL 8 auth changes, which makes the hash
extension mandatory instead of optional and introduce further
bugs:
d6e81f0bfd
Approved by: ports-secteam (miwi)
Update PHP 7.1 from 7.1.19 to 7.1.20
Changelog: http://www.php.net/ChangeLog-7.php#7.1.20
Also patch out MySQL 8 auth changes, which makes the hash
extension mandatory instead of optional and introduce further
bugs:
d6e81f0bfd
Approved by: ports-secteam (miwi)
www/piwigo: update to 2.9.4www/piwigo: update to 2.9.4
Changelog:
- security fixes,
- bug fixes,
- compatibility with PHP 7.2 (also no longer compatible with PHP 5.2) and
- language updates
PR: 229843
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Approved by: ports-secteam (miwi)
devel/libmatheval: Fix missing library dependency
Flex lib used to be called 'fl_pic', but now it is called 'fl'.
PR: 229516
Reported by: Michael Danilov <mike.d.ft402@gmail.com>
Updated gitlab to 11.0.2.
For detailed list of changes please see here:
https://about.gitlab.com/2018/06/22/gitlab-11-0-released/
Please make sure before you upgrade you read the entry in UPDATING.
Reviewed by: swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D16127
Renamed gitlab to gitlab-ce in Makefile.
PR: 229519
Reported by: Trond.Endrestol@ximalas.info
Reviewed by: swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D16127
Upgrade gitlab to 11.0.3 and fix problem with sidekiq-cron reported by swills which requires rubygem-rufus-scheduler version 3.4.0, alle other newer versions are failing.
PR: 229557
Reported by: swills
Reviewed by: tz (mentor)
Approved by: tz (mentor)
Differential Revision: https://reviews.freebsd.org/D16160
Made it possible to use another PREFIX for gitlab-ce.
Reviewed by: swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D16266
Approved by: ports-secteam (miwi)
Update to 0.105.0 which is required for gitlab 11.0.2.
Reviewed by: swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D16127
Made it possible to use another PREFIX for gitlab-ce.
Reviewed by: swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D16266
Approved by: ports-secteam (miwi)
Update to 0.101.0 which is required for gitlab 11.0.2.
Reviewed by: swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D16127
Take maintainer as port is only used by gitlab-ce which I maintain, so I can sync the updates with the gitlab-ce updates.
Reviewed by: tz (mentor)
Approved by: sunpoet (maintainer by email), tz (mentor)
Differential Revision: https://reviews.freebsd.org/D16267
Approved by: ports-secteam (miwi)
Update to upstream version 25.0.0
Details:
- Fixes and minor enhancements
- Details see upstream changelog
https://mkvtoolnix.download/doc/NEWS.md
Approved by: ports-secteam (riggs)
bouncycastle15: update to version 1.60
This release deals with two CVEs: one affecting RSA key pair generation
where the certainty value is being tweaked in the light-weight API,
and the other on properly validating an XMSS/XMSS^MT private key on reload.
In terms of improvements, the BCJSSE now supports SNI,
CMS now supports SHA-3 signatures, the Unified Model is now fully supported
for Diffie-Hellman with ephemeral keys, and PGP EC operations can support
a wider range of curves. Issues have also been fixed in EST,
CRMF request generation, and low-level support has been added for EdDSA.
Further details on other additions and bug fixes can be found in the
release notes at:
https://www.bouncycastle.org/releasenotes.html
Security: CVE-2018-1000180
Security: CVE-2018-1000613
Approved by: ports-secteam (miwi)
print/fig2dev: fix to build, needs some help to really use ghostscript
- GSEXE was not set during build, causing
fig2dev -L pdf part.fig part.pdf
to fail like this:
sh: -q: not found
Error in ghostcript command
command was: -q -sAutoRotatePages=None -dAutoFilterColorImages=false -dColorImageFilter=/DCTEncode -sDEVICE=pdfwrite -dPDFSETTINGS=/prepress -o 'part.pdf' -
Reported by: Anton Shterenlikht <mexas@bristol.ac.uk>
Approved by: portmgr (runtime fix blanket approval)
www/firefox: switch to Clang 6.0.1 on FreeBSD 11.1
Clang 6 is already used on 10.4, 11.2 and -CURRENT. No need to expose
users to Clang 4.0.0 regressions fixed in 4.0.1 or later versions.
Approved by: ports-secteam blanket
Update gnupg to 2.2.9
* dirmngr: Fix recursive resolver mode and other bugs in the libdns
code. [#3374,#3803,#3610]
* dirmngr: When using libgpg-error 1.32 or later a GnuPG build with
NTBTLS support (e.g. the standard Windows installer) does not
anymore block for dozens of seconds before returning data. If you
still have problems on Windows, please consider to use one of the
options disable-ipv4 or disable-ipv6.
* gpg: Fix bug in --show-keys which actually imported revocation
certificates. [#4017]
* gpg: Ignore too long user-ID and comment packets. [#4022]
* gpg: Fix crash due to bad German translation. Improved printf
format compile time check.
* gpg: Handle missing ISSUER sub packet gracefully in the presence of
the new ISSUER_FPR. [#4046]
* gpg: Allow decryption using several passphrases in most cases.
[#3795,#4050]
* gpg: Command --show-keys now enables the list options
show-unusable-uids, show-unusable-subkeys, show-notations and
show-policy-urls by default.
* gpg: Command --show-keys now prints revocation certificates. [#4018]
* gpg: Add revocation reason to the "rev" and "rvs" records of the
option --with-colons. [#1173]
* gpg: Export option export-clean does now remove certain expired
subkeys; export-minimal removes all expired subkeys. [#3622]
* gpg: New "usage" property for the drop-subkey filters. [#4019]
Approved by: ports-secteam (miwi)
Mark BROKEN: fails to build
/wrkdirs/usr/ports/audio/csound6/work/Csound6.06/Opcodes/linear_algebra.cpp: In member function 'int la_i_print_vr_t::init(CSOUND*)':
/wrkdirs/usr/ports/audio/csound6/work/Csound6.06/Opcodes/linear_algebra.cpp:631:12: error: no match for 'operator<<' (operand types are 'std::__1::ostringstream {aka std::__1::basic_ostringstream<char>}' and 'std::__1::vector<double>')
stream << array->vr << std::endl;
~~~~~~~^~~~~~~~~~~~
Reported by: pkg-fallout
MFH due to bug fixes in 208.0.1
net/google-cloud-sdk: update to 207.0.0
net/google-cloud-sdk: update to 208.0.0
net/google-cloud-sdk: update to 208.0.1
Approved by: ports-secteam (implicit)
- Fix build with PCRE using --with-pcre1 configure option since git moved
default --with-pcre to use version 2
- Add a new OPTION PCRE2 to let it build with devel/pcre2
- Bump PORTREVISION
PR: 229366
Submitted by: mat
Sponsored by: Rubicon Communications, LLC (Netgate)
Approved by: ports-secteam (miwi)
Remove debug attempt that kept this port from building on package builder
How has this managed to not be noticed?
Point Hat: db
Reported by: [package - 104i386-quarterly][comms/wsjt] Failed for wsjt-10.r5745_7 in build
Approved by: portmgr
Add devel/llvm40 as runtime dependency
Not bumping PORTREVISION because it is implicitly included by pkg qa scripts.
PR: 229274
Submitted by: Iblis Lin <iblis@hs.ntnu.edu.tw> (maintainer)
Reported by: Trond.Endrestol@ximalas.info
Approved by: ports-secteam (riggs)
Update to new upstream release 1.44.3.
* several features for debugfs added
* there is a new e2mmpstatus command
* there are several bug fixes, among them endianness fixes and robustness
fixes against corrupted input.
* add hashmap.h header file, for libext2fs users
* a few type fixes for format strings,
found while building for MIPS, ARM, or i386
* add new option SLOWTESTS which prevents skipping of slow tests
* add new option BASHTESTS which enables tests that require bash
(currently affects only the test f_large_dir that is also marked
as slow)
Full release notes:
<http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.44.3>
Reset PORTREVISION in slave ports, e2fsprogs{-libss,-libuuid} now
that we have bumped PORTVERSION.
Approved by: ports-secteam@ (riggs@)
- Fix build when textproc/xmlto is installed in a local env.
- Bump PORTREVISION
PR: 226491 229572
Sponsored by: iXsystems Inc.
Approved by: ports-secteam
lang/monodevelop: reroll distinfo
- Update libgit2sharp: no changes to tarball
- Github appears to sometimes change the output of the source tarballs
Approved by: ports-secteam (miwi)
www/libwww: Update to 5.4.2, Fix security vulnerabilities
This a security release for libwww to take into account security advisories
CVE-2016-9063 and CVE-2017-9233.
In order to take into account current and future expat security advisories,
the expat source code was removed from the libwww tree. The makefiles were
modified so that libwww dynamically links against the system's expat library.
Patches removed were incorporated upstream.
Bump PORTREVISION of dependent ports due shlib change.
Changes: https://raw.githubusercontent.com/w3c/libwww/5.4.2/ChangeLog
Security: e375ff3f-7fec-11e8-8088-28d244aee256
Approved by: ports-secteam (miwi)
www/py-graphite-api: clean up rc.d script
- fix ordering in rc.d script so that daemon doesn't hang on startup
- teach rc.d to behave when installing with multiple python & gunicorn versions
- clean up substitutions in SUB_LIST, pkg-list and *.in script
- ensure working directories are re-created on startup if required
PR: 223264
Submitted by: Horst Kapfenberger <horst.kapfenberger@agoracon.at>
Approved by: jrm
Differential Revision: https://reviews.freebsd.org/D13581
Approved by: ports-secteam
security/1password-client: Handle re-rolled distfiles.
apparently AgileBits re-rolled the dist files on 2018-06-01.
pkg-fallout notified me that it couldn't download the i386 version, but I
was able to. Checking the distfiles checksums on directly downloaded files
showed the attached changes.
I did re-verify the included gpg signatures, and they are good.
I'm also adding a local mirror on general principles.
Reported by: pkg-fallout
security/1password-client: bump PORTREVISION for last change.
Approved by: ports-secteam (blanket, fix broken ports)