- Update USES comment (Python 3.3 support dropped)
- Rebase setup.py patch (idna change released)
- Remove comment about failing tests due to httpbin issue which seems
to now be fixed.
This update includes a pinned urllib3 version bump to < 1.25, which paves
the way for a net/urllib3 update to 1.24 [1].
Note: 2.20.0 includes a security vulnerability fix for CVE-2018-18074
Changelog:
https://github.com/requests/requests/blob/v2.21.0/HISTORY.md
PR: 229322 [1]
Security: 50ad9a9a-1e28-11e9-98d7-0050562a4d7b
Approved by: ports-secteam (miwi)
For python ports, particularly those that use USE_PYTHON=concurrent, only
the *default* python version/flavor (of the port) gets symlinks created for
any script/binary filenames installed in LOCALBASE/bin.
For non-default Python versions/flavors of the port or package, *only* a
version-suffixed script filename is installed.
The devel/buildbot-worker rc script was fixed in ports r483022 [1] to use a
version-suffixed script name.
This change fixes the same for devel/py-buildbot, whos rc script currently
fails to run due to trying to invoke a non-existent 'buildbot' script name
for the non-default (!2.7) case.
Since a port/package cannot know at run time, at any point what the default
Python version currently is, or whether it has changed, Python ports *must*
always and only refer to version-specific variants for everything,
including the Python interpreter, script shebangs, commands, paths, etc,
for the Python version they are currently being built with.
PR: 234565, 227675 [1]
Reported by: Andreas Sommer <andreas.sommer87 googlemail com>
Approved by: ports-secteam (miwi)
Add TEST_DEPENDS and (do-)test target to help QA of an upcoming devel/py-fs
update [1].
The tests currently pass: 128 passed, 61 skipped in 21.56 seconds
While I'm here:
- Pet portlint (extra item placed in the USES/USE_x section)
PR: 234491
Approved by: portmgr (framework/infrastructure support/compliance)
Approved by: ports-secteam (miwi)
math/blitz++ is not compatible with python3
PR: 234633
Remove BROKEN for FreeBSD 12 and 13.
PR: 236705
Submitted by: lantw44@gmail.com
Approved by: ports-secteam (riggs)
graphics/drm-current-kmod: update snapshot
Update graphics/drm-current-kmod to the latest snapshot. This fixes issues
where the readeon driver didn't depend on the ttm module.
Reported by: johalun
Approved by: jmd (implicit)
Approved by: ports-secteam (implicit, drm-driver blanket)
grpahics/drm-current-kmod: Update snapshot
Update graphics/drm-current-kmod to the latest snapshot. This breaks out
the ttm layer to its own module to have things initialized in the correct
order.
Fixes FreeBSDDesktop drm-kms issue #137
Submitted by: johalun
Approved by: jmd (maintainer, implicit)
Approved by: ports-secteam (implicit, drm driver blanket)
Update to upstream version 0.21.6
Details:
- Mostly bugfix release, including seek fixes for opus and
a use-after-free bug in playlist and flac files.
- Upstream changelog see:
https://raw.githubusercontent.com/MusicPlayerDaemon/MPD/v0.21.6/NEWS
Approved by: ports-secteam (riggs)
That commit was only supposed to backport changes to the port's
dependencies and the post-patch target, yet it changed MINOR_VERSION,
WRKSRC and DISTVERSIONSUFFIX, causing make fetch, make checksum and
other targets to fail.
Approved by: ports-secteam (implicit)
x11/libXdmcp: Update to 1.1.3
Update x11/libXdmcp to 1.1.3. This is a security update, fixing an issue
where ther might be insufficient entropy generating session keys. It is
unknown if this issue affects FreeBSD.
PR: 236578
Submitted by: pete@nomadlogic.org
Security: 1b6a10e9-4b7b-11e9-9e89-54e1ad3d6335
CVE-2017-2625
Approved by: ports-secteam (implicit, security fix)
games/ponscripter-sekai: unbreak on powerpc64
gmake[2]: *** No rule to make target 'graphics_maltivec.o', needed by 'ponscr'. Stop.
g++8 -O2 -pipe -Wl,-rpath=/usr/local/lib/gcc8 -Wl,-rpath=/usr/local/lib/gcc8 -c -Wall -DUSE_PPC_GFX -I/usr/local/include/SDL2 -I/usr/local/include -D_REENTRANT -D_THREAD_SAFE -I/usr/local/include -I/usr/local/include/smpeg2 -I/usr/local/include/SDL2 -I/usr/local/include -D_REENTRANT -D_THREAD_SAFE -I/usr/local/include/freetype2 -DLINUX -DUSE_OGG_VORBIS -DCONST_ICONV graphics_altivec.cpp
In file included from graphics_altivec.cpp:29:
/usr/local/lib/gcc8/gcc/powerpc64-portbld-freebsd13.0/8.3.0/include/altivec.h:34:2: error: #error Use the "-maltivec" flag to enable PowerPC AltiVec support
#error Use the "-maltivec" flag to enable PowerPC AltiVec support
^~~~~
PR: 236351
Reported by: Piotr Kubaj, pkg-fallout
Approved by: ports-secteam-blanket
print/lyx: Correct the python executable location in .py, .cpp, .lyx files; Add missing USExx clauses
lyx was broken without being able to call the python executable.
PR: 236619
Approved by: rakuco
Approved by: ports-secteam
Depend on qt5-linguisttools at runtime too.
This fixes bug 236613, which happens when the KWALLET option is disabled. In
this case, we do not pull in devel/qt5-linguisttools even though Falkon's build
system uses e-c-m's ECMPoQmTools.cmake, which requires linguisttools to be
present. As it turns out, we need to run-depend on linguisttools to prevent
this kind of issue anywhere.
PR: 236613
Reviewed by: tcberner
Differential Revision: https://reviews.freebsd.org/D19629
Approved by: ports-secteam (blanket)
Remove outdated comment
The corresponding patches of the 2 ports which contain rubygems version have
been replaced by REINPLACE_CMD command in r486416 and r486417.
Update devel/ruby-gems to 3.0.2
- Update Mk/Uses/gem.mk
Changes: https://github.com/rubygems/rubygems/blob/master/History.txt
PR: 235795
Submitted by: Yasuhiro KIMURA <yasu@utahime.org>, sunpoet (myself)
Exp-run by: antoine
Update to 3.0.3
Changes: https://github.com/rubygems/rubygems/blob/master/History.txt
Security: 27b12d04-4722-11e9-8b7c-b5e01141761f
Approved by: ports-secteam (joneum)
Update security/putty to 0.71 security fix release
Unfortunately, this new release breaks GSSAPI_NONE, which is removed
for now. Bug has been reported upstream.
Changelog: https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Security: 46e1ece5-48bd-11e9-9c40-080027ac955c
Approved by: ports-secteam (joneum)
emulators/ppsspp: don't try to build on big-endian
In file included from Core/Dialog/PSPMsgDialog.cpp:18:
Core/Dialog/PSPMsgDialog.cpp: In member function 'virtual int PSPMsgDialog::Init(unsigned int)':
Core/Dialog/PSPMsgDialog.h:37:57: warning: ISO C++ says that these are ambiguous, even though the worst conversion for the first is better than the worst conversion for the second:
#define SCE_UTILITY_MSGDIALOG_OPTION_SUPPORTED 0x000001B3 // OR of all options coded to display warning
^~~~~~~~~~
Core/Dialog/PSPMsgDialog.cpp:62:49: note: in expansion of macro 'SCE_UTILITY_MSGDIALOG_OPTION_SUPPORTED'
int optionsNotCoded = messageDialog.options & ~SCE_UTILITY_MSGDIALOG_OPTION_SUPPORTED;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.h:22,
from Core/Dialog/PSPMsgDialog.cpp:18:
Common/Swap.h:473:3: note: candidate 1: 'S operator&(const swap_struct_t<T, F>&, const S&) [with S = int; T = unsigned int; F = swap_32_t<unsigned int>]'
S operator&(const swap_struct_t<T, F>& v, const S &i) {
^~~~~~~~
Common/Swap.h:308:12: note: candidate 2: 'swap_struct_t<T, F>::swapped_t swap_struct_t<T, F>::operator&(const S&) const [with S = int; T = unsigned int; F = swap_32_t<unsigned int>; swap_struct_t<T, F>::swapped_t = swap_struct_t<unsigned int, swap_32_t<unsigned int> >]'
swapped_t operator &(const S &b) const {
^~~~~~~~
Core/Dialog/PSPMsgDialog.cpp:71:59: warning: ISO C++ says that these are ambiguous, even though the worst conversion for the first is better than the worst conversion for the second:
if(messageDialog.type == 0 && !(messageDialog.errorNum & 0x80000000))
^~~~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.h:22,
from Core/Dialog/PSPMsgDialog.cpp:18:
Common/Swap.h:473:3: note: candidate 1: 'S operator&(const swap_struct_t<T, F>&, const S&) [with S = unsigned int; T = unsigned int; F = swap_32_t<unsigned int>]'
S operator&(const swap_struct_t<T, F>& v, const S &i) {
^~~~~~~~
Common/Swap.h:308:12: note: candidate 2: 'swap_struct_t<T, F>::swapped_t swap_struct_t<T, F>::operator&(const S&) const [with S = unsigned int; T = unsigned int; F = swap_32_t<unsigned int>; swap_struct_t<T, F>::swapped_t = swap_struct_t<unsigned int, swap_32_t<unsigned int> >]'
swapped_t operator &(const S &b) const {
^~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.cpp:18:
Core/Dialog/PSPMsgDialog.h:31:57: warning: ISO C++ says that these are ambiguous, even though the worst conversion for the first is better than the worst conversion for the second:
#define SCE_UTILITY_MSGDIALOG_OPTION_DEFAULT_NO 0x00000100
^~~~~~~~~~
Core/Dialog/PSPMsgDialog.cpp:89:31: note: in expansion of macro 'SCE_UTILITY_MSGDIALOG_OPTION_DEFAULT_NO'
if((messageDialog.options & SCE_UTILITY_MSGDIALOG_OPTION_DEFAULT_NO) &&
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.h:22,
from Core/Dialog/PSPMsgDialog.cpp:18:
Common/Swap.h:473:3: note: candidate 1: 'S operator&(const swap_struct_t<T, F>&, const S&) [with S = int; T = unsigned int; F = swap_32_t<unsigned int>]'
S operator&(const swap_struct_t<T, F>& v, const S &i) {
^~~~~~~~
Common/Swap.h:308:12: note: candidate 2: 'swap_struct_t<T, F>::swapped_t swap_struct_t<T, F>::operator&(const S&) const [with S = int; T = unsigned int; F = swap_32_t<unsigned int>; swap_struct_t<T, F>::swapped_t = swap_struct_t<unsigned int, swap_32_t<unsigned int> >]'
swapped_t operator &(const S &b) const {
^~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.cpp:18:
Core/Dialog/PSPMsgDialog.h:28:57: warning: ISO C++ says that these are ambiguous, even though the worst conversion for the first is better than the worst conversion for the second:
#define SCE_UTILITY_MSGDIALOG_OPTION_YESNO 0x00000010
^~~~~~~~~~
Core/Dialog/PSPMsgDialog.cpp:90:31: note: in expansion of macro 'SCE_UTILITY_MSGDIALOG_OPTION_YESNO'
!(messageDialog.options & SCE_UTILITY_MSGDIALOG_OPTION_YESNO))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.h:22,
from Core/Dialog/PSPMsgDialog.cpp:18:
Common/Swap.h:473:3: note: candidate 1: 'S operator&(const swap_struct_t<T, F>&, const S&) [with S = int; T = unsigned int; F = swap_32_t<unsigned int>]'
S operator&(const swap_struct_t<T, F>& v, const S &i) {
^~~~~~~~
Common/Swap.h:308:12: note: candidate 2: 'swap_struct_t<T, F>::swapped_t swap_struct_t<T, F>::operator&(const S&) const [with S = int; T = unsigned int; F = swap_32_t<unsigned int>; swap_struct_t<T, F>::swapped_t = swap_struct_t<unsigned int, swap_32_t<unsigned int> >]'
swapped_t operator &(const S &b) const {
^~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.cpp:18:
Core/Dialog/PSPMsgDialog.h:37:57: warning: ISO C++ says that these are ambiguous, even though the worst conversion for the first is better than the worst conversion for the second:
#define SCE_UTILITY_MSGDIALOG_OPTION_SUPPORTED 0x000001B3 // OR of all options coded to display warning
^~~~~~~~~~
Core/Dialog/PSPMsgDialog.cpp:95:32: note: in expansion of macro 'SCE_UTILITY_MSGDIALOG_OPTION_SUPPORTED'
if (messageDialog.options & ~SCE_UTILITY_MSGDIALOG_OPTION_SUPPORTED)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.h:22,
from Core/Dialog/PSPMsgDialog.cpp:18:
Common/Swap.h:473:3: note: candidate 1: 'S operator&(const swap_struct_t<T, F>&, const S&) [with S = int; T = unsigned int; F = swap_32_t<unsigned int>]'
S operator&(const swap_struct_t<T, F>& v, const S &i) {
^~~~~~~~
Common/Swap.h:308:12: note: candidate 2: 'swap_struct_t<T, F>::swapped_t swap_struct_t<T, F>::operator&(const S&) const [with S = int; T = unsigned int; F = swap_32_t<unsigned int>; swap_struct_t<T, F>::swapped_t = swap_struct_t<unsigned int, swap_32_t<unsigned int> >]'
swapped_t operator &(const S &b) const {
^~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.cpp:18:
Core/Dialog/PSPMsgDialog.h:28:57: warning: ISO C++ says that these are ambiguous, even though the worst conversion for the first is better than the worst conversion for the second:
#define SCE_UTILITY_MSGDIALOG_OPTION_YESNO 0x00000010
^~~~~~~~~~
Core/Dialog/PSPMsgDialog.cpp:109:31: note: in expansion of macro 'SCE_UTILITY_MSGDIALOG_OPTION_YESNO'
if((messageDialog.options & SCE_UTILITY_MSGDIALOG_OPTION_YESNO) &&
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.h:22,
from Core/Dialog/PSPMsgDialog.cpp:18:
Common/Swap.h:473:3: note: candidate 1: 'S operator&(const swap_struct_t<T, F>&, const S&) [with S = int; T = unsigned int; F = swap_32_t<unsigned int>]'
S operator&(const swap_struct_t<T, F>& v, const S &i) {
^~~~~~~~
Common/Swap.h:308:12: note: candidate 2: 'swap_struct_t<T, F>::swapped_t swap_struct_t<T, F>::operator&(const S&) const [with S = int; T = unsigned int; F = swap_32_t<unsigned int>; swap_struct_t<T, F>::swapped_t = swap_struct_t<unsigned int, swap_32_t<unsigned int> >]'
swapped_t operator &(const S &b) const {
^~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.cpp:18:
Core/Dialog/PSPMsgDialog.h:31:57: warning: ISO C++ says that these are ambiguous, even though the worst conversion for the first is better than the worst conversion for the second:
#define SCE_UTILITY_MSGDIALOG_OPTION_DEFAULT_NO 0x00000100
^~~~~~~~~~
Core/Dialog/PSPMsgDialog.cpp:113:30: note: in expansion of macro 'SCE_UTILITY_MSGDIALOG_OPTION_DEFAULT_NO'
if(messageDialog.options & SCE_UTILITY_MSGDIALOG_OPTION_DEFAULT_NO)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.h:22,
from Core/Dialog/PSPMsgDialog.cpp:18:
Common/Swap.h:473:3: note: candidate 1: 'S operator&(const swap_struct_t<T, F>&, const S&) [with S = int; T = unsigned int; F = swap_32_t<unsigned int>]'
S operator&(const swap_struct_t<T, F>& v, const S &i) {
^~~~~~~~
Common/Swap.h:308:12: note: candidate 2: 'swap_struct_t<T, F>::swapped_t swap_struct_t<T, F>::operator&(const S&) const [with S = int; T = unsigned int; F = swap_32_t<unsigned int>; swap_struct_t<T, F>::swapped_t = swap_struct_t<unsigned int, swap_32_t<unsigned int> >]'
swapped_t operator &(const S &b) const {
^~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.cpp:18:
Core/Dialog/PSPMsgDialog.h:29:57: warning: ISO C++ says that these are ambiguous, even though the worst conversion for the first is better than the worst conversion for the second:
#define SCE_UTILITY_MSGDIALOG_OPTION_OK 0x00000020
^~~~~~~~~~
Core/Dialog/PSPMsgDialog.cpp:118:31: note: in expansion of macro 'SCE_UTILITY_MSGDIALOG_OPTION_OK'
if((messageDialog.options & SCE_UTILITY_MSGDIALOG_OPTION_OK) && (size == SCE_UTILITY_MSGDIALOG_SIZE_V3))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.h:22,
from Core/Dialog/PSPMsgDialog.cpp:18:
Common/Swap.h:473:3: note: candidate 1: 'S operator&(const swap_struct_t<T, F>&, const S&) [with S = int; T = unsigned int; F = swap_32_t<unsigned int>]'
S operator&(const swap_struct_t<T, F>& v, const S &i) {
^~~~~~~~
Common/Swap.h:308:12: note: candidate 2: 'swap_struct_t<T, F>::swapped_t swap_struct_t<T, F>::operator&(const S&) const [with S = int; T = unsigned int; F = swap_32_t<unsigned int>; swap_struct_t<T, F>::swapped_t = swap_struct_t<unsigned int, swap_32_t<unsigned int> >]'
swapped_t operator &(const S &b) const {
^~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.cpp:18:
Core/Dialog/PSPMsgDialog.h:30:57: warning: ISO C++ says that these are ambiguous, even though the worst conversion for the first is better than the worst conversion for the second:
#define SCE_UTILITY_MSGDIALOG_OPTION_NOCANCEL 0x00000080
^~~~~~~~~~
Core/Dialog/PSPMsgDialog.cpp:125:33: note: in expansion of macro 'SCE_UTILITY_MSGDIALOG_OPTION_NOCANCEL'
if(!((messageDialog.options & SCE_UTILITY_MSGDIALOG_OPTION_NOCANCEL) && (size == SCE_UTILITY_MSGDIALOG_SIZE_V3)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.h:22,
from Core/Dialog/PSPMsgDialog.cpp:18:
Common/Swap.h:473:3: note: candidate 1: 'S operator&(const swap_struct_t<T, F>&, const S&) [with S = int; T = unsigned int; F = swap_32_t<unsigned int>]'
S operator&(const swap_struct_t<T, F>& v, const S &i) {
^~~~~~~~
Common/Swap.h:308:12: note: candidate 2: 'swap_struct_t<T, F>::swapped_t swap_struct_t<T, F>::operator&(const S&) const [with S = int; T = unsigned int; F = swap_32_t<unsigned int>; swap_struct_t<T, F>::swapped_t = swap_struct_t<unsigned int, swap_32_t<unsigned int> >]'
swapped_t operator &(const S &b) const {
^~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.cpp:18:
Core/Dialog/PSPMsgDialog.h:27:57: warning: ISO C++ says that these are ambiguous, even though the worst conversion for the first is better than the worst conversion for the second:
#define SCE_UTILITY_MSGDIALOG_OPTION_NOSOUND 0x00000002
^~~~~~~~~~
Core/Dialog/PSPMsgDialog.cpp:127:30: note: in expansion of macro 'SCE_UTILITY_MSGDIALOG_OPTION_NOSOUND'
if(messageDialog.options & SCE_UTILITY_MSGDIALOG_OPTION_NOSOUND)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.h:22,
from Core/Dialog/PSPMsgDialog.cpp:18:
Common/Swap.h:473:3: note: candidate 1: 'S operator&(const swap_struct_t<T, F>&, const S&) [with S = int; T = unsigned int; F = swap_32_t<unsigned int>]'
S operator&(const swap_struct_t<T, F>& v, const S &i) {
^~~~~~~~
Common/Swap.h:308:12: note: candidate 2: 'swap_struct_t<T, F>::swapped_t swap_struct_t<T, F>::operator&(const S&) const [with S = int; T = unsigned int; F = swap_32_t<unsigned int>; swap_struct_t<T, F>::swapped_t = swap_struct_t<unsigned int, swap_32_t<unsigned int> >]'
swapped_t operator &(const S &b) const {
^~~~~~~~
In file included from Core/Dialog/PSPMsgDialog.cpp:23:
Common/ChunkFile.h: In instantiation of 'void PointerWrap::DoClass(T&) [with T = pspMessageDialog]':
Common/ChunkFile.h:96:4: required from 'static void PointerWrap::DoHelper<T, isPOD, isPointer>::Do(PointerWrap*, T&) [with T = pspMessageDialog; bool isPOD = false; bool isPointer = false]'
Common/ChunkFile.h:496:18: required from 'void PointerWrap::Do(T&) [with T = pspMessageDialog]'
Core/Dialog/PSPMsgDialog.cpp:321:20: required from here
Common/ChunkFile.h:475:5: error: 'struct pspMessageDialog' has no member named 'DoState'
x.DoState(*this);
~~^~~~~~~
Reported by: pkg-fallout
Approved by: ports-secteam blanket
www/node: Update 11.10.1 -> 11.11.0
https://nodejs.org/en/blog/release/v11.11.0/
Sponsored by: Miles AS
www/node: set environment variables for host build
The Node.js build system supports cross-compilation via node-gyp, which
picks up CC, CXX, LINK, C*FLAGS, and LDFLAGS from the environment for the
target build, but not for the host. We need to set the environment variables
for the "host" build.
This unbreaks the build on powerpc64.
PR: 233650
Reported by: Piotr Kubaj <pkubaj@anongoth.pl>
Sponsored by: Miles AS
Differential Revision: https://reviews.freebsd.org/D19250
net/ocserv: Update to 0.12.3
- Remove LOCAL MASTER_SITES
Noteworthy changes in 0.12.3
- Fixed crash when no DTLS ciphersuite is negotiated.
- Fixed crash happening arbitrarily depending on handled string sizes (#197).
- Fixed compatibility issue with GnuTLS 3.3.x (#201).
- occtl: print the TLS session information, even if the DTLS channel is not established.
Approved by: ports-secteam (miwi)
Backport patches from upstream against all currently known CVEs
PR: 227669
Submitted by: p5B2E9A8F@t-online.de
Security: CVE-2018-19661
CVE-2018-19662
CVE-2017-17456
CVE-2017-17457
CVE-2018-19758
Approved by: ports-secteam (riggs)
databases/pgpool-II-40: Update from 4.0.2 to 4.0.3
Changelog:
- Skip over "host=" when getting info from conninfo string. (Bo Peng)
- Test: Fix old JDBC functions and typos in regression test 068.memqcache_bug. (Takuma Hoshiai)
- Doc: Fix configuration change timing regarding memory_cache_enabled. (Tatsuo Ishii)
- Fix online recovery failed due to client_idle_limit_in_recovery in certain cases. (bug 431) (Tatsuo Ishii)
- Reduce memory usage when large data set is returned from backend. (bug 462) (Tatsuo Ishii)
- Test: Fix syntax error in extended query test script. (Tatsuo Ishii)
- Fix corner case bug when strip_quote() handle a empty query string. (bug 458) (Tatsuo Ishii)
- Doc: Mention that schema qualifications cannot be used in white/black_function_list. (Tatsuo Ishii)
- Fix typo about wd_priority in watchdog_setup. (Takuma Hoshiai)
- Fixed segfault when wd_lifecheck_method = 'query'. (bug 455) (Muhammad Usama)
- The fix was proposed by Muhammad Usama and some adjustments to the patch and testing is done by Yugo Nagata.
- Fix Pgpool child segfault if failover occurs when trying to establish a connection. (Tatsuo Ishii)
- Doc: fix typo in logdir description. (bug 453) (Tatsuo Ishii)
- Fix PAM authentication failed. (Takuma Hoshiai)
- Fix Pgpool-II hang if a client sends a extended query message such as close after sync message but before next simple query. (Tatsuo Ishii)
- Fix Pgpool-II hang when idle_in_transaction_session_timeout = on. (bug 448) (Tatsuo Ishii)
Changelog taken from: http://www.pgpool.net/docs/latest/en/html/release-4-0-3.html
Approved by: ports-secteam (joneum)
databases/pgpool-II-37: Update from 3.7.7 to 3.7.8
Changelog:
- Test: Fix old JDBC functions and typos in regression test 068.memqcache_bug. (Takuma Hoshiai)
- Doc: Fix configuration change timing regarding memory_cache_enabled. (Tatsuo Ishii)
- Fix online recovery failed due to client_idle_limit_in_recovery in certain cases. (bug 431) (Tatsuo Ishii)
- Reduce memory usage when large data set is returned from backend. (bug 462) (Tatsuo Ishii)
- Test: Fix syntax error in extended query test script. (Tatsuo Ishii)
- Fix corner case bug when strip_quote() handle a empty query string. (bug 458) (Tatsuo Ishii)
- Doc: Mention that schema qualifications cannot be used in white/black_function_list. (Tatsuo Ishii)
- Fix typo about wd_priority in watchdog_setup. (Takuma Hoshiai)
- Fix Pgpool child segfault if failover occurs when trying to establish a connection. (Tatsuo Ishii)
- Doc: fix typo in logdir description. (bug 453) (Tatsuo Ishii)
- Fix Pgpool-II hang if a client sends a extended query message such as close after sync message but before next simple query. (Tatsuo Ishii)
- Fix Pgpool-II hang when idle_in_transaction_session_timeout = on. (bug 448) (Tatsuo Ishii)
- Doc: Fix Japanese document typo in pcp_common_options. (Bo Peng)
Changelog taken from: http://www.pgpool.net/docs/latest/en/html/release-3-7-8.html
Approved by: ports-secteam (joneum)
databases/pgpool-II-36: Update from 3.6.14 to 3.6.15
Changelog:
- Test: Fix old JDBC functions and typos in regression test 068.memqcache_bug.
- Doc: Fix configuration change timing regarding memory_cache_enabled.
- Fix online recovery failed due to client_idle_limit_in_recovery in certain cases. (bug 431)
- Fix corner case bug when strip_quote() handle a empty query string. (bug 458)
- Doc: Mention that schema qualifications cannot be used in white/black_function_list.
- Fix typo about wd_priority in watchdog_setup.
- Fix Pgpool child segfault if failover occurs when trying to establish a connection.
- Doc: fix typo in logdir description. (bug 453)
- Fix Pgpool-II hang if a client sends a extended query message such as close after sync message but before next simple query.
- Fix Pgpool-II hang when idle_in_transaction_session_timeout = on. (bug 448)
- Doc: Fix Japanese document typo in pcp_common_options.
Changelog taken from: http://www.pgpool.net/docs/latest/en/html/release-3-6-15.html
Approved by: ports-secteam (joneum)
databases/pgpool-II-35: Update from 3.5.18 to 3.5.19
Changelog:
- Test: Fix old JDBC functions and typos in regression test 068.memqcache_bug.
- Doc: Fix configuration change timing regarding memory_cache_enabled.
- Fix online recovery failed due to client_idle_limit_in_recovery in certain cases. (bug 431)
- Fix corner case bug when strip_quote() handle a empty query string. (bug 458)
- Fix Pgpool child segfault if failover occurs when trying to establish a connection.
- Fix Pgpool-II hang if a client sends a extended query message such as close after sync message but before next simple query.
- Fix Pgpool-II hang when idle_in_transaction_session_timeout = on. (bug 448)
Changelog taken from: http://www.pgpool.net/docs/latest/en/html/release-3-5-19.html
Approved by: ports-secteam (joneum)
databases/pgpool: Upgrade from 3.4.21 to 3.4.22
Changelog:
- Doc: Fix configuration change timing regarding memory_cache_enabled.
- Fix online recovery failed due to client_idle_limit_in_recovery in certain cases. (bug 431)
- Fix corner case bug when strip_quote() handle a empty query string. (bug 458)
- Fix Pgpool child segfault if failover occurs when trying to establish a connection.
- Fix Pgpool-II hang when idle_in_transaction_session_timeout = on.
Approved by: ports-secteam (joneum)
lang/php73: Upgrade from 7.3.2 to 7.3.3
Changelog:
Core:
Fixed bug #77589 (Core dump using parse_ini_string with numeric sections).
Fixed bug #77329 (Buffer Overflow via overly long Error Messages).
Fixed bug #77494 (Disabling class causes segfault on member access).
Fixed bug #77498 (Custom extension Segmentation fault when declare static property).
Fixed bug #77530 (PHP crashes when parsing `(2)::class`).
Fixed bug #77546 (iptcembed broken function).
Fixed bug #77630 (rename() across the device may allow unwanted access during processing).
COM:
Fixed bug #77621 (Already defined constants are not properly reported).
Fixed bug #77626 (Persistence confusion in php_com_import_typelib()).
EXIF:
Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF).
Fixed bug #77540 (Invalid Read on exif_process_SOFn).
Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
Mbstring:
Fixed bug #77514 (mb_ereg_replace() with trailing backslash adds null byte).
MySQL:
Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.
OpenSSL:
Fixed bug #77390 (feof might hang on TLS streams in case of fragmented TLS records).
PDO_OCI:
Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
PHAR:
Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow).
phpdbg:
Fixed bug #76596 (phpdbg support for display_errors=stderr).
SPL:
Fixed bug #51068 (DirectoryIterator glob:// don't support current path relative queries).
Fixed bug #77431 (openFile() silently truncates after a null byte).
Standard:
Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
Fixed bug #77612 (setcookie() sets incorrect SameSite header if all of its options filled).
Changelog taken from: http://www.php.net/ChangeLog-7.php#7.3.3
Approved by: ports-secteam (joneum)
lang/php72: Upgrade from 7.2.15 to 7.2.16
Changelog:
Core:
Fixed bug #77589 (Core dump using parse_ini_string with numeric sections).
Fixed bug #77630 (rename() across the device may allow unwanted access during processing).
COM:
Fixed bug #77621 (Already defined constants are not properly reported).
EXIF:
Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF).
Fixed bug #77540 (Invalid Read on exif_process_SOFn).
Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
PDO_OCI:
Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
PHAR:
Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
SPL:
Fixed bug #51068 (DirectoryIterator glob:// don't support current path relative queries).
Fixed bug #77431 (openFile() silently truncates after a null byte).
Standard:
Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
MySQL:
Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.
Changelog taken from: http://www.php.net/ChangeLog-7.php#7.2.16
Approved by: ports-secteam (joneum)
Catch up with smartctl changes while retaining old behaviour.
PR: 236227
Approved by: Krzysztof <ports@bsdserwis.com> (maintainer)
Approved by: ports-secteam (miwi)
net-mgmt/unifi-lts: Fix support for Mongo 3.6+
Ubiquiti still hasn't fixed UniFi-LTS after this was reported ages ago, so
I guess every OS will have to fix this manually.
Reported by: many
Add USES=shared-mime-info
Starting with version 18.12.0, Ark has included a custom kerfuffle.xml mime
type to support zstd-compressed files (the mimetype was only added to
shared-mime-info starting with version 1.11, which we don't ship yet). We need
to make sure update-mime-database is run, otherwise Ark will still fail to
recognize those archives.
Approved by: ports-secteam (blanket approval)
shells/rssh: Apply fixes for basename(3) handling and some security issues
basename(3) has been changed to be POSIX compliant in r308264. This implies
that it can possibly write to the passed string. shells/rssh passes a const
string, so it always crashes on invocation with FreeBSD 12 and later. The
new patches remedy this issue. [1] [2]
During further tests and research came to light that there were also
recently discovered security issues with the parsing of rsync/scp command
line arguments and insufficient sanitization of environment variables when
using rysnc.
The corresponding fixes have been incorporated to the new patches and the
already existing patch for the RSYNC option has been tightened for the
argument parsing. Please note that with this patch the scp option "-3" can
no longer be used. [3]
Furthermore, another patch was applied to make this port a bit more secure.
That patch handles a buffer allocation issue for an error message. [4]
PR: 235121
Submitted by: topical@gmx.net (first version) [1], Jason Harris (maintainer) [2]
Approved by: tcberner (mentor)
Obtained from: Debian [3] [4]
Security: d193aa9f-3f8c-11e9-9a24-6805ca0b38e8
Differential Revision: https://reviews.freebsd.org/D19474
Approved by: ports-secteam (riggs), mentors implicit
Import patch from upstream bug report for xfce4-weather-plugin to
adapt to new upstream weather service API interface.
Previous API version is deprecated and expired by upstream.
While here, remove unneeded USES=intlhack.
PR: 236166
Submitted by: Olivier Duchateau <duchateau.olivier@gmail.com>
Obtained from: https://bugzilla.xfce.org/show_bug.cgi?id=14972
Approved by: ports-secteam (joneum)
sysutils/cluster-glue: unbreak and modernize port
- add USES=gnome
- sort Makefile
- disable HPI option because that port is currently broken
PR: 231097
Submitted by: w.schwarzenfeld@utanet.at
Approved by: port-secteam (joneum)
drm-legacy-kmod: Update to latest snapshot
Update graphics/drm-legacy-kmod to the latest snapshot. This includes the
fix for an off by one error, that was committed as FreeBSD base r343060
Approved by: jmd (maintainer, implicit)
Sponsored by: B3 Init
graphics/drm-legacy-kmod: Update snapshot
Update the graphics/drm-legacy-kmod drivers to the latest snapshot. This
includes fixes to make the driver build on CURRENT after base r343567.
Reported by: Steve Kargl
Approved by: jmd (maintainer, implicit)
Approved by: ports-secteam (implicit, drm kmods)
This merges all changes done to drm-current-kmod, drm-fbsd12.0-kmod and
drm-fbsd11.2-kmod, in order to avoid merge conflicts.
Update pkg-descr to match reality
Update pkg-descr in drm-kmod ports to match reality in terms of which Linux
kernel version they correspond to and which FreeBSD version they are
supporting.
Noticed by: Graham Perrin
graphics/drm-current-kmod: Update messges
Update pkg-message and makefile COMMENT to remove references to
drm-devel-kmod and the mention that this is the development version. It is
the version for FreeBSD CURRENT, so the ride might be a little bumpy, but
it's not the devlopment version.
No changes to package.
FreeBSDDesktop issue: #129
Reported by: grahamperrin
Sponsored by: B3 Init (zeising)
update drm-current and drm-fbsd12.0 snapshots
Update drm-current-kmod and drm-fbsd12.0-kmod to the latest snapshots.
This mutes console chatter about unimplemented stuff, which sometimes is
confusing.
Approved by: jmd (maintainer, implicit)
graphics/drm-fbsd{11.2,12.0}-kmod: Update pkg-message with new names
PR: 235726
Approved by: graphics (jmd)
Differential Revision: https://reviews.freebsd.org/D19189
Update drm kmods for current and FreeBSD 12.0
Update graphics/drm-current-kmod and graphics/drm-fbsd12.0-kmod to their
respective latest snapshots.
This fixes a bug where a non-recursive mutex was used recursively in certain
conditions.
See https://github.com/FreeBSDDesktop/kms-drm/issues/134 for further details
FreeBSDDesktop issue: #134
Approved by: jmd (maintainer, implicit)
Sponsored by: B3 Init
Approved by: ports-secteam (implicit, drm-kmod ports)
net-im/py-slixmpp: Add missing RUN_DEPENDS and fix some other issues
- Switch MASTER_SITES to CHEESESHOP as it ought to be the default for
Python software.
- Adjust COMMENT to match the short description from setup.py.
- Add missing RUN_DEPENDS.
- Standardize test invocation.
- Update WWW to point to project's homepage instead of the Git repository.
Reported by: koobs
Reviewed by: koobs, krion
Approved by: koobs, krion (mentor)
Differential Revision: https://reviews.freebsd.org/D18684
net-im/py-slixmpp: Update to 1.4.2
This release contains a fix for CVE-2019-1000021.
Changelog:
https://lab.louiz.org/poezio/slixmpp/tags/slix-1.4.2
Reviewed by: krion
Approved by: krion (mentor)
Security: 526d9642-3ae7-11e9-a669-8c164582fbac
Security: CVE-2019-1000021
Differential Revision: https://reviews.freebsd.org/D19397
Approved by: ports-secteam (joneum), krion (mentor, implicit)
www/node10: Update 10.15.1 -> 10.15.2
This is a security release. All Node.js users should consult the security
release summary at
https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
for details on patched vulnerabilities.
Security: b71d7193-3c54-11e9-a3f9-00155d006b02
Sponsored by: Miles AS
Approved by: ports-secteam (miwi)
www/node8: Update 8.15.0 -> 8.15.1
This is a security release. All Node.js users should consult the security
release summary at
https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
for details on patched vulnerabilities.
Security: b71d7193-3c54-11e9-a3f9-00155d006b02
Sponsored by: Miles AS
Approved by: ports-secteam (miwi)
www/node6: Update 6.16.0 -> 6.17.0
This is a security release. All Node.js users should consult the security
release summary at
https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
for details on patched vulnerabilities.
Security: b71d7193-3c54-11e9-a3f9-00155d006b02
Sponsored by: Miles AS
Approved by: ports-secteam (miwi)
multimedia/libmpeg2: unbreak on armv7
ld: error: can't create dynamic relocation R_ARM_ABS32 against local symbol in readonly segment; recompile object files with -fPIC or pass '-Wl,-z,notext' to allow text relocations in the output
>>> defined in ./.libs/libmpeg2arch.a(motion_comp_arm_s.o)
>>> referenced by motion_comp_arm_s.o:(.text+0x104) in archive ./.libs/libmpeg2arch.a
Reported by: pkg-fallout
Approved by: ports-secteam blankte
- update to 3.3.3
Changelog:
20181202
Bugfix (introduced: postfix-2.11): with posttls-finger,
connections to unix-domain servers always resulted in "Failed
to establish session" even after a connection was established.
Jaroslav Skarva. File: posttls-finger/posttls-finger.c.
20181227 (a forgotten bugfix from 20180707)
Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
table lookups could casefold the search string when searching
a lookup table that does not use fixed-string keys (regexp,
pcre, tcp, etc.). Historically, Postfix would not case-fold
the search string with such tables. File: util/dict_utf8.c.
20190217
Cleanup: when the master daemon runs with PID=1 (init mode),
reap orhpan processes from non-Postfix code running in the
same container, instead of terminating with a panic. File:
master/master_spawn.c.
Approved by: portmgr (miwi)
Replace OpenSSL 1.1.0 with upstream ones
The patches from bug 228902 and added in r481850 are not entirely compatible
with older OpenSSL versions, to the point that the qca-ossl plugin refuses to
load at all on FreeBSD 11.2, for example (see bug 232784 and its duplicates).
Fix it by replacing our patches with backports from upstream the same way
OpenSUSE does it (the OpenSSL 1.1.0 upstream patch was authored by SUSE):
* Revert an upstream commit made only to the 2.1 branch disabling a few ciphers
in the unit tests.
* Backport a change to the master branch that never made it to the 2.1 branch
disabling the ciphers mentioned above as well as a few other ones, so that we
can backport the actual change adding support for OpenSSL 1.1.0 more clealy.
* Backport the actual OpenSSL 1.1.0 support commit, with a few conflicts
resolved due to the lack of a commit adding suport for AES GCM and AES CCM in
the 2.1 branch. The patch was actually obtained from OpenSUSE's repositories,
since they had to resolve the same conflict as well.
The port built fine on 11.2-i386, an old 12-CURRENT snapshot on amd64 as well
as 13-CURRENT on amd64, and all unit tests are passing except for some PGP ones
that are unrelated. With the patches we have in the tree, a lot of unit tests
failed on 11.2 due to the qca-ossl plugin failing to load.
PR: 228902
PR: 232784
Reviewed by: tcberner
Differential Revision: https://reviews.freebsd.org/D19347
Approved by: ports-secteam (joneum)
With libc++ 8.0, which is in the projects/clang800-import branch, and
which will soon be merged to head, compilation of devel/jsoncpp fails
due to a conflict between the new C++ <version> header, and a local file
"version" which is produced by jsoncpp during its configure phase.
This is due to the initial test runner being compiled with "-I.", even
though it does not need any file from the port's working directory root.
Therefore, it seems to be easiest to comment out the line from the
SConstruct script that adds the "-I." option.
Approved by: portmgr (joneum)
PR: 236061
Fix linking error with lld 7
Details:
- The linker script in mplayer's WRKSRC causes linking problems when
used with lld 7. Remove it during post-patch
PR: 235957, 220103
Reported by: jakub_lach@mailplus.pl, dim
Reviewed by: dim
Approved by: ports-secteam (riggs)
Patch check_smartmon to cater for changed smartctl output
We previously patched the code to look for:
SMART STATUS RETURN: incomplete response, ATA output registers missing
That line is now:
SMART Status not supported: Incomplete response, ATA output registers missing
It also seems like the temperature has moved from part 190 to 194.
PR: 235475
Approved by: Krzysztof (maintainer)
Approved by: ports-secteam (miwi)
www/firefox: update Wayland fix to upstream version
Matches what landed in Firefox 67. More fixes maybe backported in
future, so this helps to avoid patch conflicts.
Approved by: ports-secteam blanket
devel/kf5-kauth: add fix for CVE-2019-7443
From https://www.kde.org/info/security/advisory-20190209-1.txt :
KDE Project Security Advisory
=============================
Title: kauth: Insecure handling of arguments in helpers
Risk Rating: Medium
CVE: CVE-2019-7443
Versions: KDE Frameworks < 5.55.0
Date: 9 February 2019
Overview
========
KAuth allows to pass parameters with arbitrary types to helpers running as root
over DBus. Certain types can cause crashes and trigger decoding arbitrary
images with dynamically loaded plugins.
Solution
========
Update to kauth >= 5.55.0
Or apply the following patch to kauth:
https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
Credits
=======
Thanks to Fabian Vogt for the report and Albert Astals Cid for the fix.
Security: CVE-2019-7443
Approved by: ports-secteam (joneum)
Enable support for external playlists (wma, RSS feed)
Details:
- Introduce default OPTION PLAYLISTS
- New option PLAYLISTS depends on expat, which is in the default
package pulled in as a dependency via ffmpeg anyway
PR: 235520
Submitted by: freebsd@mosedal.net
Approved by: ports-secteam (riggs)
Update to upstream version 31.0.0
Details:
- Enhancements and bug fixes, including a potential crash in mkvmerge
when muxing DV type 1 AVIs
- Upstream changelog, see:
https://mkvtoolnix.download/doc/NEWS.md
Approved by: ports-secteam (riggs)
Security update www/unit from 1.7.0 to 1.7.1.
<ChangeLog>
Everybody is strongly advised to update to a new version.
*) Security: a heap memory buffer overflow might have been caused in the
router process by a specially crafted request, potentially resulting
in a segmentation fault or other unspecified behavior
(CVE-2019-7401).
*) Bugfix: install of Go module failed without prior building of Unit
daemon; the bug had appeared in 1.7.
</ChangeLog>
Approved by: ports-secteam (joneum)
Security: 95836a0-2b3b-11e9-9838-8c164567ca3c
lang/php72: Upgrade from 7.2.14 to 7.2.15
Changelog:
Core:
Fixed bug #77339 (__callStatic may get incorrect arguments).
Fixed bug #77494 (Disabling class causes segfault on member access).
Fixed bug #77530 (PHP crashes when parsing `(2)::class`).
Curl:
Fixed bug #76675 (Segfault with H2 server push).
GD:
Fixed bug #73281 (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).
Fixed bug #73614 (gdImageFilledArc() doesn't properly draw pies).
Fixed bug #77272 (imagescale() may return image resource on failure).
Fixed bug #77391 (1bpp BMPs may fail to be loaded).
Fixed bug #77479 (imagewbmp() segfaults with very large images).
ldap:
Fixed bug #77440 (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).
Mbstring:
Fixed bug #77454 (mb_scrub() silently truncates after a null byte).
MySQLnd:
Fixed bug #75684 (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).
Opcache:
Fixed bug #77361 (configure fails on 64-bit AIX when opcache enabled).
OpenSSL:
Fixed bug #77390 (feof might hang on TLS streams in case of fragmented TLS records).
PDO:
Fixed bug #77273 (array_walk_recursive corrupts value types leading to PDO failure).
Sockets:
Fixed bug #76839 (socket_recvfrom may return an invalid 'from' address on MacOS).
Standard:
Fixed bug #77395 (segfault about array_multisort).
Fixed bug #77439 (parse_str segfaults when inserting item into existing array).
Changelog taken from: http://www.php.net/ChangeLog-7.php#7.2.15
PR: 235575 235577
Approved by: ports-secteam (joneum)
lang/php73: Upgrade from 7.3.1 to 7.3.2
Changelog:
Core:
Fixed bug #77369 (memcpy with negative length via crafted DNS response).
Fixed bug #77387 (Recursion detection broken when printing GLOBALS).
Fixed bug #77376 ("undefined function" message no longer includes namespace).
Fixed bug #77357 (base64_encode / base64_decode doest not work on nested VM).
Fixed bug #77339 (__callStatic may get incorrect arguments).
Fixed bug #77317 (__DIR__, __FILE__, realpath() reveal physical path for subst virtual drive).
Fixed bug #77263 (Segfault when using 2 RecursiveFilterIterator).
Fixed bug #77447 (PHP 7.3 built with ASAN crashes in zend_cpu_supports_avx2).
Fixed bug #77484 (Zend engine crashes when calling realpath in invalid working dir).
Curl:
Fixed bug #76675 (Segfault with H2 server push).
Fileinfo:
Fixed bug #77346 (webm files incorrectly detected as application/octet-stream).
FPM:
Fixed bug #77430 (php-fpm crashes with Main process exited, code=dumped, status=11/SEGV).
GD:
Fixed bug #73281 (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).
Fixed bug #73614 (gdImageFilledArc() doesn't properly draw pies).
Fixed bug #77272 (imagescale() may return image resource on failure).
Fixed bug #77391 (1bpp BMPs may fail to be loaded).
Fixed bug #77479 (imagewbmp() segfaults with very large images).
ldap:
Fixed bug #77440 (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).
Mbstring:
Fixed bug #77428 (mb_ereg_replace() doesn't replace a substitution variable).
Fixed bug #77454 (mb_scrub() silently truncates after a null byte).
MySQLnd:
Fixed bug #77308 (Unbuffered queries memory leak).
Fixed bug #75684 (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).
Opcache:
Fixed bug #77266 (Assertion failed in dce_live_ranges).
Fixed bug #77257 (value of variable assigned in a switch() construct gets lost).
Fixed bug #77434 (php-fpm workers are segfaulting in zend_gc_addre).
Fixed bug #77361 (configure fails on 64-bit AIX when opcache enabled).
Fixed bug #77287 (Opcache literal compaction is incompatible with EXT opcodes).
PCRE:
Fixed bug #77338 (get_browser with empty string).
PDO:
Fixed bug #77273 (array_walk_recursive corrupts value types leading to PDO failure).
PDO MySQL:
Fixed bug #77289 (PDO MySQL segfaults with persistent connection).
SOAP:
Fixed bug #77410 (Segmentation Fault when executing method with an empty parameter).
Sockets:
Fixed bug #76839 (socket_recvfrom may return an invalid 'from' address on MacOS).
SPL:
Fixed bug #77298 (segfault occurs when add property to unserialized empty ArrayObject).
Standard:
Fixed bug #77395 (segfault about array_multisort).
Fixed bug #77439 (parse_str segfaults when inserting item into existing array).
Changelog taken from: http://www.php.net/ChangeLog-7.php#7.3.2
PR: 235576 235578
Approved by: ports-secteam (joneum)
mail/p5-Email-Address: update 1.909 -> 1.912, undeprecate by upstream
Reported by: Benjamin Connelly <ben@electricembers.coop>
Relnotes: https://metacpan.org/changes/distribution/Email-Address
p5-Email-Sender: change run-dep Email-Address-XS back to Email-Address
- the run-dep Email-Address-XS is not used by the module without
Email-Address-UseXS
- So it's either add Email-Address-UseXS or back to Email-Address
PR: 233803
Reported by: dvl, Dan Mahoney <dmahoney@isc.org>
Approved by: portmgr (unbreak blanket and CVE for RT)
mail/dovecot: Fix previous commit.
I missed a character typing the patch.
Pointy Hat: ler
Approved by: ports-secteam (blanket, fix errors, joneum, original MFH)
net/turnserver: Update 4.5.0.8_1 -> 4.5.1.0
This is a security release that fixes several SQL injection
vulnerabilities. This release also includes several breaking
configuration changes, so users are encouraged to verify their
configuration before and after upgrading.
Security: 181beef6-2482-11e9-b4a3-00155d006b02
Sponsored by: Miles AS
Approved by: ports-secteam (miwi)
multimedia/libvpx: handle snapshots in version string
- head(1) which is not part of native-xtools
- CHANGELOG is only updated on releases
- similar change was done in multimedia/aom
Approved by: ports-secteam blanket (for Tier2 via qemu-user-static)
mail/dovecot: Pick up a mailinglist patch for solr/tika separation.
solr and tika currently use the same http client connection. Upstream
made the attached patches in response to my (ler@) bug report.
Obtained from: upstream mailing list.
mail/dovecot: Pick up mailing list patch for imap-preauth vs. stats-writer.
see the dovecot mailing list thread on imap-preauth and stats-writer between
Stephan Bosch and a FreeBSD user
Obtained from: upstream mailing list.
mail/dovecot: upgrade to 2.3.4.1
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
trusted certificate with missing username field
(ssl_cert_username_field), under some configurations Dovecot
mistakenly trusts the username provided via authentication instead
of failing.
* ssl_cert_username_field setting was ignored with external SMTP AUTH,
because none of the MTAs (Postfix, Exim) currently send the
cert_username field. This may have allowed users with trusted
certificate to specify any username in the authentication. This bug
didn't affect Dovecot's Submission service.
PR: 235523
Submitted by: pascal.christen@hostpoint.ch
Security: 1340fcc1-2953-11e9-bc44-a4badb296695
Security: CVE-2019-3814
Approved by: ports-secteam (joneum)
nroff/groff was removed from base by r319664. Since then textproc/groff
is required to avoid the following error:
> $ man screen
> This manpage needs groff(1) to be rendered
> First install groff(1):
> pkg install groff
Reported by: mayhem30@gmail.com
Approved by: portmgr (miwi@)
japanese/mh: Fix man pages, runtime error
- man pages breakage on FreeBSD 11.x and later
- runtime error due to lld 6.0 issue, fixed by using lld 7.0
PR: 233463, 235456
Submitted by: WATANABE Kazuhiro <CQG00620@nifty.ne.jp> (maintainer), nyan
Approved by: portmgr (unbreak blanket)
www/firefox-esr: disable DTRACE on i386 by default after r490962
TEST-UNEXPECTED-FAIL | check_textrel | libxul.so | We do not want text relocations in libraries and programs
PR: 235153
Approved by: ports-secteam blanket
Upgrade to 8.0.0 which is required for gitlab-ce 11.7 upgrade.
Upgrade to 8.0.1 which is required for security update of gitlab-ce 11.7.3.
Approved by: ports-secteam (miwi)
Upgrade to 1.12.1 which is required for gitlab-ce 11.7 upgrade.
Upgrade to 1.12.2 which is required for security update of gitlab-ce 11.7.3.
Approved by: ports-secteam (miwi)
In preparation for gitlab 11.7 upgrade switch rails4 to rails50.
If required upgraded version to work correctly with rails50.
Fixed some cosmetic issue to make portlint happy.
Reviewed by: sunpoet
Differential Revision: https://reviews.freebsd.org/D18957
Approved by: ports-secteam (miwi)
misc/mc: Do not override variables after bsd.port.pre.mk
At least the Python run dependency is not added on FreeBSD >= 12.0
because of it.
PR: 234587
Approved by: woodsb02 (maintainer timeout, 4 weeks)
Approved by: ports-secteam blanket
Install has a bug with relative links and is creating an incorrect symlink.
Changing this to a full link.
PR: 235327
Approved by: ports-secteam (joneum)
mail/pop3proxy: Fix build with OpenSSL 1.1.1
- Add license
- Fix config file location
- Reorder some things to pet portlint
- Mark it deprecated too as it appears to have no upstream anymore
and only works properly with unencrypted traffic
PR: 232134
Submitted by: freebsd_ports@k-worx.org
Approved by: ports-secteam (miwi)
sysutils/flexbackup: Fix some issues
- flexbackup shows a perl deprecated warning with perl 5.16
- lzma support compression level 0
- compress flags do not work, if you use afio+lzma
PR: 221003
Submitted by: Lars Herschke <lhersch@dssgmbh.de>
Approved by: ports-secteam bug fix blanket
Update to 0.11.79
Changelog:
LDAP group verification doesn't work when using 'dn' as user attribute #4684
LDAP group verification fails #4792
Emoji's do not work in wiki #4869
Log level not applied from configuration #5007
Not able to go get a repository with non-80 port #5305
Fix critical CSRF vulnerabilities on API routes #5355
Wrong redirect after updated protect branch setting whose name contains # #5442
Clear labels not working #5445
[Security] Remote command execution #5469
Push event webhook is not triggered when new branch fetched to mirror repository #5473
Large issue comment exceeds dashboard section #5502
List collaborator API does not contain permission information #5538
[Security] Log out only deletes browser cookies #5540
[Security] Some routes need to be POST #5541
[Security] Stored XSS in external issue tracker URL format #5545
PR: 235030
Submitted by: Dmitri Goutnik <dg@syrec.org> (maintainer)
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (miwi)
Fix libstatgrab on FreeBSD 12
On FreeBSD 12 (since r309017) v_cache_count no longer exists. A
compatibility shim is in place if COMPAT_FREEBSD11 is defined in
the kernel, but if not libstatgrab fails to return any memory
statistics. This patch modifies libstatgrab to mimic this compatibility
behaviour (ie. return 0), regardless of whether COMPAT_FREEBSD11
is defined, which ensures the remaining statistics are returned
correctly.
A more complete solution will be considered upstream and hopefully
be included in the next release.
Reported by: Alexey Milevsky <a.milevsky@gmail.com>
Approved by: ports-secteam (miwi)
devel/libhoard: Unbreak build with Clang 6 (C++14 by default)
include/hoard/geometricsizeclass.h:137:5: error: non-type template argument evaluates to -2147483648, which cannot be narrowed to type 'size_t' (aka 'unsigned long') [-Wc++11-narrowing]
MaxObjectSize>::VALUE };
^
http://beefy3.nyi.freebsd.org/data/112amd64-quarterly/491309/logs/errors/libhoard-3.10.log
- Respect CXX, CXXFLAGS, LDFLAGS
- Add a soname to the library
- Use INSTALL_LIB to install it
Approved by: ports-secteam build fix blanket
databases/mysql80-{client, server}: Update to latest release 8.0.14
This update (released on Jan 21st) includes:
Bugs Fixed:
Important Change: Fix importing a dump from a MySQL 5.7 server 8.0 failure.
(ER_WRONG_VALUE_FOR_VAR, when an unsupported [by 8.0] SQL mode was used).
The behavior of the server in such circumstances now depends on the setting of the
`pseudo_slave_mode` system variable.
If this is false, the server rejects the mode setting with ER_UNSUPPORTED_SQL_MODE.
Otherwise, server just gives a warning. (Bug #90337, Bug #27828236).
InnoDB: Properly initialize the static thread-local 'tables' variable in
the TempTable storage engine (on Solaris X86) was not properly initialized.
(Bug #28987365)
InnoDB: Fix incorrect lock order caused a deadlock when one thread attempted to
drop a table while another created an encrypted tablespace. (Bug #28774259)
More info from upstream:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-14.html
While here, Adapt some local patches with new upstream changes.
PR: 234984
Sponsored by: The FreeBSD Foundation
Approved by: ports-secteam (feld, CVE-patch blanket)
japanese/man: unbreak in several archs.
The port was broken in 12 and in different archs.
mips is still to be tested.
PR: 235058
Submitted by: phd_kimberlite@yahoo.co.jp
Reviewed by: Ronald Klop (aarch64) mikael.urankar@gmail.com (armv6, armv7)
Approved by: ports-secteam (miwi)
Update to 2.4.38
Changelog:
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused. [Hank Ibell]
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data. [Stefan Eissing]
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later. PR 63052. [Joe Orton]
*) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
PR 63052 [Joe Orton]
*) mod_negotiation: Treat LanguagePriority as case-insensitive to match
AddLanguage behavior and HTTP specification. PR 39730 [Christophe Jaillet]
*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
have been fixed. [Michael Kaufmann, Stefan Eissing]
*) mod_setenvif: We can have expressions that become true if a regex pattern
in the expression does NOT match. In this case val is NULL
and we should just set the value for the environment variable
like in the pattern case. [Ruediger Pluem]
*) mod_session: Always decode session attributes early. [Hank Ibell]
*) core: Incorrect values for environment variables are substituted when
multiple environment variables are specified in a directive. [Hank Ibell]
*) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
this type of map is present in the configuration. PR62311.
[Hank Ibell <hwibell gmail.com>]
*) mod_dav: Fix invalid Location header when a resource is created by
passing an absolute URI on the request line [Jim Jagielski]
*) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
[Emmanuel Dreyfus <manu@netbsd.org>, Luca Toscano]
*) mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play. Fixes PR 62880. [Michael Kaufmann]
*) mod_ssl: Fix the error code returned in an error path of
'ssl_io_filter_handshake()'. This messes-up error handling performed
in 'ssl_io_filter_error()' [Yann Ylavic]
*) mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
authz provider so "Require ssl" works correctly in HTTP/2.
PR 61519, 62654. [Joe Orton, Stefan Eissing]
*) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
redirects, subsequent ProxyPassReverse statements, whether they are
relative or absolute, may fail. PR 60408. [Peter Haworth <pmh1wheel gmail.com>]
*) mod_lua: Now marked as a stable module [https://s.apache.org/Xnh1]
Security: eb888ce5-1f19-11e9-be05-4c72b94353b5
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (miwi)
databases/mysql57-{client, server}: Update to latest release 5.7.25
This update (released on Jan 21st) includes:
Deprecation:
-Tools resolveip and resolve_stack_dump utilities are now deprecated.
(Will be removed on MySQL8.0).
Bugfix:
-Fix a memory leak caused by a dangling pointer. (Bug #28693568)
-Fix mishandling of SIGHUP by server could result in a server exit.
(Bug #27966483, Bug #90742).
-Correct potential incorrect out-of-memory checks performed by parser.
(Bug #25633994).
More info from upstream:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html
PR: 234983
Reported by: Markus Kohlmeyer < rootservice@gmail.com >
Sponsored by: The FreeBSD Foundation
Approved by: ports-secteam (feld, CVE-patch blanket)
databases/mysql56-{client, server}: Update to latest release 5.6.43
This update (released on Jan 21st) includes:
Bugfix:
-Correct the handling of quotes for identifiers in
ROLLBACK TO SAVEPOINT statements.
-Don't permit creation of dbs with same name as redo log file
(Bug #28867993).
-Use strncmp() instead of memcmp() for comparing logfile names
(prevent the uninitialized memory as result).
More info from upstream:
https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-43.html
Sponsored by: The FreeBSD Foundation
Approved by: ports-secteam (feld, CVE-patch blanket)
databases/mysql80-client: Fix output of mysql_config for ldflags
Make `mysql_config` not show non-existing libraries as output of `--lib`.
(`imported_crypto` and `imported_openssl` which seem to be for internal use)
This issue made build-failures on downstream codes that rely on
correct output to use for their LDFLAGS (like mail/dovecot).
Reported by: ler
Sponsored by: The FreeBSD Foundation
Approved by: portmgr (bugfix blanket)
Recreate symlinks instead of renaming them, so they point to the right
file.
PR: 226403
Submitted by: Tatu Kilappa <tatu.kilappa@iki.fi>
Approved by: ports-secteam (blanket)
- Update to 2.4.1 (fix maxmind DB warning that is no longer valid)
- Fix EADDRNOTAVAIL issue under FreeBSD when using IPs bound to loopback interfaces
- Bump PORTREVISION
Obtained from: upstream PR #175
Approved by: ports-secteam (with hat)
databases/pgpool-II-40: Actually unbreak PAM option after r490475
Do not pass --without-pam to configure as it does not appear to
work correctly. It also defines USE_PAM in config.h even when it
should not be defined and the build breaks.
auth/pool_hba.c:157:24: error: variable has incomplete type 'struct pam_conv'
static struct pam_conv pam_passw_conv = {
^
http://beefy3.nyi.freebsd.org/data/112amd64-quarterly/490502/logs/errors/pgpool-II40-4.0.2_2.log
Pointy hat: tobik
Approved by: tz (maintainer)
Approved by: ports-secteam build fix blanket
databases/pgpool-II-40: Unbreak PAM option
The PAM option is tangled up with the SSL option in a weird way.
SSL_CONFIGURE_WITH is set once before bsd.port.options.mk for
enabling SSL support and overwritten again after including
bsd.port.options.mk but only when PAM=on.
Setting options helper after this point is not really supported,
but --with-pam actually makes it to CONFIGURE_ARGS. When options
helpers are processed the results are only realized later by make(1).
SSL_CONFIGURE_WITH has been defined before including bsd.port.options.mk,
so this sort of "works".
This, however, is presumably an implementation detail and enabling
the PAM option breaks SSL support since SSL_CONFIGURE_WITH is
overwritten with a new value: CONFIGURE_ARGS only has --with-pam
left and is missing --with-openssl.
PAM support does not depend on SSL support. Just switch everything
to options helpers to fix this.
PR: 234817
Submitted by: tobik
Approved by: tz (maintainer)
Approved by: ports-secteam build fix blanket
audio/oss: unbreak in FreeBSD > 12
Unbreak port in FreeBSD 12 and 13-CURRENT. Broken most likely due to r335879.
While here:
* Add missing LIB_DEPENDS and USES for ossxmix
* Reorder some variables
PR: 233018
Reported by: sergey@akhmatov.ru
Approved by: ports-secteam (miwi)
Update 1.8.26 --> 1.8.27
Notable changes:
* Fixes and clarifications to the sudo plugin documentation.
* The sudo manuals no longer require extensive post-processing to
hide system-specific features. Conditionals in the roff source
are now used instead. This fixes corruption of the sudo manual
on systems without BSD login classes. Bug #861.
* If an I/O logging plugin is configured but the plugin does not
actually log any I/O, sudo will no longer force the command to
be run in a pseudo-tty.
* The fix for bug #843 in sudo 1.8.24 was incomplete. If the
user's password was expired or needed to be updated, but no sudo
password was required, the PAM handle was freed too early,
resulting in a failure when processing PAM session modules.
* In visudo, it is now possible to specify the path to sudoers
without using the -f option. Bug #864.
* Fixed a bug introduced in sudo 1.8.22 where the utmp (or utmpx)
file would not be updated when a command was run in a pseudo-tty.
Bug #865.
* Sudo now sets the silent flag when opening the PAM session except
when running a shell via "sudo -s" or "sudo -i". This prevents
the pam_lastlog module from printing the last login information
for each sudo command. Bug #867.
PR: 234904
Submitted by: cy@
Approved by: garga@ (maintainer)
Approved by: portmgr (miwi@)
lang/php73: Upgrade from 7.3.0 to 7.3.1
Changelog:
Core:
Fixed bug #76654 (Build failure on Mac OS X on 32-bit Intel).
Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line).
Fixed bug #77291 (magic methods inherited from a trait may be ignored).
CURL:
Fixed bug #77264 (curl_getinfo returning microseconds, not seconds).
COM:
Fixed bug #77177 (Serializing or unserializing COM objects crashes).
Exif:
Fixed bug #77184 (Unsigned rational numbers are written out as signed rationals).
GD:
Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()).
Fixed bug #77198 (auto cropping has insufficient precision).
Fixed bug #77200 (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free).
Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap).
MBString:
Fixed bug #77367 (Negative size parameter in mb_split).
Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node).
Fixed bug #77381 (heap buffer overflow in multibyte match_at).
Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string).
Fixed bug #77385 (buffer overflow in fetch_token).
Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code).
OCI8:
Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working).
Added oci_set_call_timeout() for call timeouts.
Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
Opcache:
Fixed bug #77215 (CFG assertion failure on multiple finalizing switch frees in one block).
Fixed bug #77275 (OPcache optimization problem for ArrayAccess->offsetGet).
PCRE:
Fixed bug #77193 (Infinite loop in preg_replace_callback).
PDO:
Handle invalid index passed to PDOStatement::fetchColumn() as error.
Phar:
Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext).
Soap:
Fixed bug #77088 (Segfault when using SoapClient with null options).
Sockets:
Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
Sodium:
Fixed bug #77297 (SodiumException segfaults on PHP 7.3).
SPL:
Fixed bug #77359 (spl_autoload causes segfault).
Fixed bug #77360 (class_uses causes segfault).
SQLite3:
Fixed bug #77051 (Issue with re-binding on SQLite3).
Xmlrpc:
Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()).
Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code).
Changelog taken from: http://www.php.net/ChangeLog-7.php#7.3.1
Also removing the patch committed in r489721. The patch disables the use of
ifuncs and is part of the new relase 7.3.1.
Approved by: ports-secteam (miwi)
lang/php72: Upgrade from 7.2.13 to 7.2.14
Changelog:
Core:
Fixed bug #77369 (memcpy with negative length via crafted DNS response).
Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line).
COM:
Fixed bug #77177 (Serializing or unserializing COM objects crashes).
Date:
Fixed bug #77097 (DateTime::diff gives wrong diff when the actual diff is less than 1 second).
Exif:
Fixed bug #77184 (Unsigned rational numbers are written out as signed rationals).
GD:
Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free).
Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap).
Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()).
Fixed bug #77198 (auto cropping has insufficient precision).
Fixed bug #77200 (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
IMAP:
Fixed bug #77020 (null pointer dereference in imap_mail).
Mbstring:
Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node).
Fixed bug #77381 (heap buffer overflow in multibyte match_at).
Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string).
Fixed bug #77385 (buffer overflow in fetch_token).
Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code).
OCI8:
Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working).
Added oci_set_call_timeout() for call timeouts.
Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
Opcache:
Fixed bug #77215 (CFG assertion failure on multiple finalizing switch frees in one block).
PDO:
Handle invalid index passed to PDOStatement::fetchColumn() as error.
Phar:
Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext).
Sockets:
Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
SQLite3:
Fixed bug #77051 (Issue with re-binding on SQLite3).
Xmlrpc:
Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()).
Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code).
Changelog taken from: http://www.php.net/ChangeLog-7.php#7.2.14
Approved by: ports-secteam (miwi)
Deprecate net/GeoIP, and expire it at the end of the month
Note that only the legacy format is deprecated. The GeoIP2 databases
are alive and well.
I completely missed that GeoIP has been deprecated for the last year,
and it expired upstream last week. Maxmind no longer provides the
legacy database, rendering this port useless.
Users must switch to GeoIP2 immediately. OPTIONS changes and
instructions will be coming in the next few days.
See https://support.maxmind.com/geolite-legacy-discontinuation-notice/
Although it won't be purged from the quarterly branch, it probably
makes sense to MFH this deprecation notice.
PR: 234715
Reported by: rigoletto
Replace the geoipupdate.sh script (which just produced 404 errors) with
a message explaining why, and what to do about it.
Report failure to the caller in geoipupdate.sh
The script was returning an error due to the service not being offered anymore.
The update attempt was replaced with an information message, but it's better to
still return 1 as it did before to allow users detecting they have a problem.
Reported by: aramw (maintainer)
Extend the GeoIP expiration to a month from now to give
users a bit more time to find a new solution.
Approved by: portmgr (with hat)
databases/mysql80-{client, server}: Update ports to latest version 8.0.13
This update fixes several issues including CVEs.
Bug-fixes:
- Return better error messages for OpenSSL errors
- Incorrect copying of an integer value by X Plugin caused an
error relating to misaligned memory access
Improvement:
- Important Change: X Protocol now provides a connection pooling option
Upstream notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-13
While here, fix the build with GCC-based architectures too (ported from fix on MySQL57)
Sponsored by: The FreeBSD Foundation
Approved by: portmgr (bugfix blanket), ports-secteam (feld, CVE-patch blanket)
Update ibiblio.org MASTER_SITE which includes a reference to the version
number and was thus broken since we upgraded to Wine 4.0 RC1 in revision
r487184.
PR: 234459
Submitted by: Samy Mahmoudi <samy.mahmoudi@gmail.com>
Approved by: portmgr (miwi)
devel/synfig: Switch to textproc/gsed for build
The configure process for synfig uses GNU extensions (\s) in sed,
which currently get interpreted as an escape of an ordinary character.
Escapes of an ordinary character will be disallowed in future
versions of regex(3), so switch to gsed in advance to also do the
right thing.
As an aside, the \s usage may be potentially patched out, but submitter
opted to switch to gsed for now to ease maintenance burden. A later
run will be done to switch ports depending on gsed for build back
to sed when our sed becomes capable.
PR: 233438
Submitted by: kevans
Approved by: woodsb02 (maintainer)
Approved by: portmgr (miwi)
Details:
- Patch-level upstream update, contains mostly fixes for potential
runtime issues (e.g. null ptr dereferences)
- Committed directly to 2019Q1 due to branch differences to head
(multimedia/vlc3 collapsed into multimedia/vlc on head)
Approved by: ports-secteam (riggs)
net/ocserv: update to 0.12.2
Noteworthy changes in 0.12.2
- Added support for AES256-SHA legacy cipher. This allows the anyconnect clients to use AES256.
- Added support for the DTLS1.2 protocol hack used by new anyconnect client.
While I'm here pet portlint.
Approved by: ports-secteam (miwi)
devel/bsdowl: Do not set BUILD_DEPENDS twice
Make GraphicsMagick a run dependency too as submitted in the original
PR [1].
PR: 194625 [1], 234696
Approved by: ports-secteam runtime fix blanket
graphics/pfstools: Do not set VIEW_USE twice
Merge the two VIEW_USE together and unbreak the non-default VIEW
option. Without it some build dependencies are missing.
- Add USES=gl while here
Approved by: ports-secteam build fix blanket
sysutils/htop: Fix memory display in the header
On amd64 it works correctly, but it breaks on powerpc, due to using
types with the wrong size when requesting various sysctls.
PR: 234357
Submitted by: tobik
Approved by: Hung-Yi Chen <gaod@hychen.org> (maintainer timeout, 2 weeks)
Approved by: ports-secteam runtime fix blanket
multimedia/libquicktime: Do not set LIB_DEPENDS twice
The ALSA option overwrites a previously set LIB_DEPENDS, so the
libvorbis dependency is never registered when it is turned on.
Approved by: ports-secteam blanket
devel/gdcm: Combine the two USES together again
This was fixed in r486072 before but was broken again in r488341
during the cmake:outsource -> cmake change.
Approved by: ports-secteam (tier-2) build fix blanket
textproc/emacs-wiki: Properly register xml-parse.el as a run dependency too
(Do not set RUN_DEPENDS twice.)
Approved by: ports-secteam runtime fix blanket
print/pnm2ppa: Do not override RUN_DEPENDS after including bsd.port.pre.mk
Make sure Ghostscript is actually added as a run dependency as specified.
Approved by: ports-secteam runtime fix blanket
- Enable Hangout extension
- Fix jumbo build with the SNDIO option enabled [1]
- Fix crash in V8
- Fix nav preload with third-party cookie blocking
- Backport more patches from OpenBSD chromium port
- Bump PORTREVISION
Reported by: Joseph Mingrone <jrm@FreeBSD.org> via email [1]
Approved by: ports-secteam (miwi)
graphics/drm-legacy-kmod: Update snapshot
Update graphics/drm-legacy-kmod to the latest snapshot, which includes
FreeBSD base r342888 by markj:
> Complete the removal of obsolete ioctl handlers.
This is a followup to the previous update, and base r342182.
Approved by: jmd (maintainer, implicit)
Approved by: ports-secteam (blanked, drm drivers)
Fix illegal instruction when running in kvm/qemu
Fix illegal instruction when running xserver in kvm or qemu (and possibly
others) virtualisation. This is solved by disabling sse instructions while
compiling the xf86SlowBcopy (don't ask) function.
This fix was originally committed by dim as r396167 in 2015, and then most
likely accidentally removed in r433863 in 2017.
Bump portrevision
Original commit message:
> Disable use of SSE instructions in Xorg's xf86SlowBcopy() function.
>
> When such instructions are used to copy data from/to mapped video
> memory, some hypervisors (e.g. KVM, Microsoft Hyper-V) can generate
> SIGILL or SIGBUS exceptions, causing Xorg to crash.
PR: 202643
Reported by: nogcjx@fastmail.fm
Requested by: dim
Diagnose and fix by: dim
Approved by: ports-secteam (miwi)
lang/php73: Fix "Bus error (core dumped)" by disabling ifuncs
PHP 7.3 uses ifuncs optimisations which generates a list of problems on FreeBSD:
https://bugs.php.net/bug.php?id=77284https://bugs.php.net/bug.php?id=77279https://bugs.php.net/bug.php?id=77261
Therefore ifuncs will be disabled in PHP 7.3.1. To make it usable until the release,
we import the patch until then:
291589114a
PR: 233024
Submitted by: Pascal Christen <pascal.christen@hostpoint.ch>
Approved by: ports-secteam (miwi)
Make USES=gl conditional on the GUI option to unbreak build when GUI is
disabled. Error was:
scilab-5.5.2_15 need to specify gl component with USE_GL.
because USE_GL is conditional on GUI.
While here, tweak Makefile statement ordering to reduce portlint warnings.
PR: 234651
Approved by: makc (maintainer)
Approved by: portmgr (blanket: build fix)
Update 1.16.2 --> 1.16.3
Major changes in 1.16.3 (2019-01-07)
====================================
This is a bug fix release.
* Fix a regression in the MEMORY credential cache type which could
cause client programs to crash.
* MEMORY credential caches will not be listed in the global
collection, with the exception of the default credential cache if it
is of type MEMORY.
* Remove an incorrect assertion in the KDC which could be used to
cause a crash [CVE-2018-20217].
Approved by: portmgr (miwi)
Update 1.15.4 --> 1.15.5
Major changes in 1.15.5 (2019-01-07)
====================================
This is a bug fix release.
* Fix a regression in the MEMORY credential cache type which could
cause client programs to crash.
* MEMORY credential caches will not be listed in the global
collection, with the exception of the default credential cache if it
is of type MEMORY.
* Remove an incorrect assertion in the KDC which could be used to
cause a crash [CVE-2018-20217].
Approved by: portmgr (miwi)
Update to upstream version 30.1.0
Details:
- New features and bug fixes, a.o. fixes for
crashes with certain input streams, see changelog.
- Build fixes for boost-1.69 are now upstream.
- Upstream changelog:
https://mkvtoolnix.download/doc/NEWS.md
Approved by: ports-secteam (riggs)
x11/libinput: Fix crash when listing devices
Fix a crash in x11/libinput when listing devices with libinput list-devices.
This is done by removing an old patch previously used to work arond
permission issues with /dev/input/*
PR: 234638
Reported by: Jan Beich
Fix from: Greg V
Reviewed by: Greg V
Approved by: ports-secteam (miwi)
Mark BROKEN: fails to stage
(cd /wrkdirs/usr/ports/mail/claws-mail-python/work/claws-mail-3.17.3/src/plugins/python && install -s -m 0644 .libs/python.so /wrkdirs/usr/ports/mail/claws-mail-python/work/stage/usr/local/lib/claws-mail/plugins)
install: .libs/python.so: No such file or directory
Reported by: pkg-fallout
Mark BROKEN: fails to stage
cd: /wrkdirs/usr/ports/graphics/gauche-gl/work/stage/usr/local/lib/gauche-0.9/site/amd64-portbld-freebsd11.2: No such file or directory
Reported by: pkg-fallout
Backport two Objective-C bug fixes (D18672)
Add patches for head rS342592 and rS342593 (D18691)
Add patch files for head rS342592 and rS342593, which correspond to the
following upstream revisions:
https://reviews.llvm.org/rL342397https://reviews.llvm.org/rL342397
These fix an 'Assertion failed: ((VT.getVectorNumElements() +
N2C->getZExtValue() <= N1.getValueType().getVectorNumElements()) &&
"Extract subvector overflow!"), function getNode' when building the
multimedia/aom port (with AVX2 enabled).
PR: 234480
Submitted by: theraven, dim
Differential Revision: https://reviews.freebsd.org/D18672
Differential Revision: https://reviews.freebsd.org/D18691
Approved by: ports-secteam (reliability fix blanket)
mail/p5-Email-Sender: change RUN_DEPENDS
- port depends on p5-Email-Address, which is deprecated
- p5-Email-Address-XS can be used as a replacement
PR: 233803
Submitted by: wfdudley@gmail.com
Approved by: bill.brinzer@gmail.com (maintainer timeout)
Approved by: portmgr (miwi)
games/lincity-ng: Fix STAGEDIR misuse also cleanup and improvements
Add LICENSE block
Add better build-time flags for `configure` and CPPFLAGS
Add missing USES=gl, gnome
Switch to USES=localbase
Fix incorrect STAGEDIR usage, which makes it saved in the produced binary
PR: 234489
Submitted by: amdmi3
Sponsored by: The FreeBSD Foundation
Approved by: portmgr (bugfix blanket)
net-mgmt/netdata: Fix build on i386
Add more exact test-cases to configure.ac to prevent it assuming support of
__atomic_add/fetch/... symbols on i386 (Clang > 4).
Sponsored by: The FreeBSD Foundation
Approved by: portmgr (bugfix blanket)
security/qtkeychain: Upgrade the port to latest release 0.9.1
This update contains:
Bugfix on libcecret: Don't match the schema name (Issue#114)
This makes libsecret not attempt to match on the schema name
and allows the libsecret backend to work with what was stored
by the gnome-keyring backend.
Approved by: arrowd (maintainer)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D18722
Approved by: portmgr (bugfix blanket)
This port now requires USES=compiler:c11 to build on GCC-based architectures.
PR: 233887
Submitted by: Piotr Kubaj
Approved by: portmgr (tier-2 blanket)
This port sometimes doesn't build. Adding MAKE_JOBS_UNSAFE fixes it.
While here, pet portlint.
PR: 234485
Submitted by: Piotr Kubaj
Approved by: maintainer
Approved by: portmgr (tier-2 blanket)
-Wno-c++11-narrowing is not supported by GCC. Set USE_CXXSTD=c++98 to
build with both GCC and Clang.
PR: 234392
Submitted by: Piotr Kubaj
Approved by: portmgr (tier-2 blanket)
Update devel/kvirc to latest release
Previous 5.0.0 port was a beta; this is the first real KF5- and Qt5-
compatible release. The release notes say "too many changes to be listed",
since the previous stable was six years ago. Since 5.0.0-beta1, several
(unnamed) bugfixes.
While here, fix up USES=python. KVIrc is only compatible with Python 2.7.
Approved by: portmgr (miwi)
In r488805 KDE4 support was removed, but the Qt4 variant checks
for, and then *requires*, KDE4 unless you tell it not to. Restore
the missing configure argument (but now, set it always to off).
Reported by: antoine
Approved by: portmgr (miwi)
Correct mistakes made in r484256 by not including newer version of
patch. This correctly fixes the build on powerpc64.
PR: 231946
Submitted by: Piotr Kubaj
Approved by: portmgr (tier-2 blanket)
Approved by: portmgr (tier-2 blanket)
This port needs USES=compiler:c++11-lang to build on GCC-based architectures.
PR: 234511
Submitted by: Piotr Kubaj
Approved by: maintainer
Approved by: portmgr (tier-2 blanket)
Fix CXX assignment and add new includes to fix build on GCC-based
architectures.
PR: 232734
Submitted by: Piotr Kubaj
Approved by: portmgr (tier-2 blanket)
Approved by: portmgr (tier-2 blanket)
multimedia/libvpx: restore NEON on armv6 after r466922
- Only armv6 needs -meabi=5
- Build NEON files on armv6
- Respect CPUTYPE on armv7 and aarch64
Approved by: ports-secteam blanket
This port requires USES=compiler:c++11-lang to build on GCC-based
architectures.
PR: 234297
Submitted by: Piotr Kubaj
Approved by: maintainer
Approved by: portmgr (tier-2 blanket)
devel/piklab: follow up to r488869 -- clean plist
- the KDE4 option was removed but the plist not updated.
Reported by: antoine
Approved by: ports-secteam (miwi)