Upstreams MASTER_SITES changed, and was no longer serving libee's distfile,
but a redirect instead:
=> Fetched file size mismatch (expected 357116, actual 19835)
Rainer (rsyslog maintainer) graciously made it available again on my
request via Twitter.
While I'm here:
* pet portlint: WARN: Makefile: "USES" has to appear earlier.
* Fix LICENSE (license text body reads LGPL21+)
* --prefix is already set by framework, remove from CONFIGURE_ARGS
Approved by: portmgr (framework compliance)
Approved by: ports-secteam (blanket(s): bugfix, ports compliance)
Fix WWW link: it redirects to HTTPS now.
devel/libestr: Level up port compliance
* Use https MASTER_SITES where available
* --prefix is already set by framework, remove from CONFIGURE_ARGS
Approved by: portmgr (blanket: framework compliance)
Approved by: ports-secteam (blanket: framework compliance)
irc/irrsi: Update to 1.2.1
* Fixes security vulnerability when using SASL for login that might suddenly
fail in some cases (CVE-2019-13045). [1]
* It also fixes issues with input line echoing of UTF-8 chars with non UTF-8
terminals. [2]
Changelog:
https://irssi.org/NEWS/#v1-2-1
PR: 238892 [1], 238591 [2]
Submitted by: Santhosh Raju [1], Victor Sudakov [2]
Approved by: David O'Rourke (maintainer)
Security: 475f952c-9b29-11e9-a8a5-6805ca0b38e8
Approved by: ports-secteam (miwi)
dns/powerdns: Actually update to 4.1.10
Previous update was old patch to 4.1.9
PR: 238705
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Security: 1c21f6a3-9415-11e9-95ec-6805ca2fa271
Approved by: ports-secteam (implicit)
security/dehydrated: Restore ZSH and BASH options because they make scripts to use these shells
The options were deleted mistakenly in the previous commit.
Additionally, moved plist into pkg-plist file, and added @sample instructions for relevant samples.
PR: 227848
Reported by: Sascha Holzleiter <sascha@root-login.org> (maintainer)
security/dehydrated: update to 0.6.4
PR: 238820
Submitted by: Sascha Holzleiter <sascha@root-login.org> (maintainer)
security/dehydrated: Update to 0.6.5
While I'm here, pet portlint:
WARN: Makefile: extra item placed in the USES/USE_x section, for example, "NO_BUILD".
Changelog:
https://github.com/lukas2511/dehydrated/blob/v0.6.5/CHANGELOG
PR: 238918
Submitted by: Sascha Holzleiter <sascha root-login org> (maintainer)
Approved by: ports-secteam (blanket: bugfix release(s))
Python 3.5 is currently failing to build the pickle module on GCC-based
architectures, with the following (several) errors:
error: 'for' loop initial declaration used outside C99 mode
This causes packaging to fail, as the pickle module filename changes on
failure to build, so the plist ends up incorrect
Python 3.6+ switched to using -std=c99 [1][2], but the changes were not
backported to 3.5
[1] https://bugs.python.org/issue28017
[2] https://hg.python.org/cpython/rev/b5b2bb56d303
[3] https://hg.python.org/cpython/rev/91017e2202ae
PR: 238821
Reviewed by: koobs (python)
Approved by: koobs (python), mat (mentor)
Differential Revision: https://reviews.freebsd.org/D20778
Approved by: ports-secteam (blanket: build fix)
osprofiler requires pbr>=1.8 at build time, and fails with the following
error at configure time when it is not available:
distutils.errors.DistutilsError: Could not find suitable distribution for Requirement.parse('pbr>=1.8')
Reported by: poudriere: pbr reverse dependents bulk (exp) run
Approved by: portmgr (blanket(s): missing dependencies, build fix)
Approved by: ports-secteam (blanket: build fix, dependencies)
Since devel/py-setproctitle installs HISTORY.rst and README.rst in a
fixed location, pkg won't allow multiple flavors installed at the same time
and concurrent ports conflict on install with each other.
This change adds USE_PYTHON=concurrent which compensates for files in
DOCSDIR automatically, by using a different directory for each Python
version.
PR: 238601
Submitted by: Ralf van der Enden <tremere cainites net>
Approved by: portmgr (blanket(s): just fix it, ports (python) compliance)
Approved by: ports-secteam (blanket: bugfix)
The rc.d script evaluates fail2ban_pidfile before rc.conf is read.
This change moves those evaluations to the corect place allowing
users to override the values via /etc/rc.conf as expected.
PR: 236017
Reported by: <epopen gmail com>, Dmitry Wagin <dmitry.wagin ya ru>
Submitted by: <theis gmx at> (maintainer)
Approved by: ports-secteam (blanket: bugfix)
Bug 237426 updates Pillow to 6.0.0, which removed the Image.VERSION
variable, after a period of deprecation.
Cinnamon currently uses this variable, so backport upstream commit
c843f3664064742e2672e0fea528571a882d84ad [1] to compensate, so we don't
need to wait for the Gnome teams Cinnamon 4 update, which has already
pulled it in. Thanks to Charli Li for pointing this commit out.
While I'm here, fix all stage-qa errors and ports/framework compliance
issues:
- Add missing LIB_DEPENDS
- Add missing USE_{GNOME,X11} components
- Add USES=gnome, gl
- Fix gstreamer dependencies (GSTREAMER1, not GSTREAMER)
- Add LICENCE{_FILE}
- Fix more/all shebangs, remove custom REINPLACE_CMD section
- Remove GH_ACCOUNT (no longer necessary)
[1] https://github.com/linuxmint/cinnamon/pull/8496
[2] https://github.com/linuxmint/cinnamon/issues/8495
PR: 238070, 237426
Reported by: kai
Tested by: Michal Kilijanek (via Twitter)
Approved by: kwm (gnome, maintainer)
Approved by: ports-secteam (blanket(s): bugfixes, dependencies)
dns/powerdns: update to 4.1.8
PR: 236717
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Similar to r502813 for dns/powerdns-recursor, fix build on GCC-based
systems:
Don't add -L/usr/lib unconditionally, it makes gcc8 (used on GCC-based
systems) link to base libstdc++.
Given that this is a build fix that does not affect clang-based systems,
there should be no need to bump portrevision.
PR: 238742
Reported by: pkubaj
Approved by: maintainer
dns/powerdns: update to 4.1.10
PR: 238705
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Security: 1c21f6a3-9415-11e9-95ec-6805ca2fa271
Approved by: ports-secteam (implicit)
deskutils/conkyemail: Fix invocation of Python script at runtime
Since the default version of Python has been switched to 3.6 in r498529 the
script "conkyEmail.py" that is invoked by the shell script "conkyEmail"
fails at runtime due incompatible code.
This occurs only if the Python meta port is also installed otherwise it
won't start at all due a hardcoded reference (= /usr/bin/env python) in the
shell script, thus:
* Update and simplify the patch for "conkyEmail" by using placeholders for
the Python interpreter and ${DATADIR} that will be replaced by the
post-patch target. [1]
Also while I'm here:
* Silence all commands of the post-patch target to reduce cluttering of
logfiles
* Add license information
* Pet portlint
PR: 238487
Submitted by: Katsuyuki Miyoshi <katsubsd@gmail.com> (initial patch)
Approved by: ports-secteam (blanket: runtime fix, framework compliance)
Add MANIFESTS for 11.3-RC2.
Remove MANIFESTS for 11.3-RC1.
Approved by: portmgr (implicit, re blanket)
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
Fix a bug when ${PREFIX} != /usr/local.[0]
As of LLVM 8.0.1, pre-releases have moved to github. Chase this change.
PR: 238603 [0]
Submitted by: mi [0]
Revert accidental update to distinfo.
Reported by: Christoph Moench-Tegeder <cmt@burggraben.net>
Approved by: portmgr (blanket fixes)
devel/py-apptools: Enable Python 3.x builds
* Support for Python 3 was introduced with 4.4.0
* Pet portlint (reduce the overall usage of lines in the pkg-descr and
separate the USES block).
* No bump of PORTREVISION due style changes only.
PR: 238435
Submitted by: vladimir.chukharev@gmail.com (maintainer)
Approved by: ports-secteam (miwi)
This is a direct commit to 2019Q2. The version in head contains many
other changes that are intentionally being tested there before
showing up in quarterly.
Security: CVE-2019-12735
Approved by: portmgr (with hat)
Update to r52910 from the FreeBSD docset.
Approved by: doceng (implicit)
Update to r53120 from the FreeBSD docset (a.k.a. 11.3-R version)
Approved by: doceng (implicit)
Approved by: portmgr (blanket)
Mark BROKEN on FreeBSD 12 and 13
Traceback (most recent call last):
File "scripts/python/make-dist.py", line 294, in <module>
Setup(InstallRoot_CompilerWithPrevious, InstallRoot_CompilerWithSelf)
File "scripts/python/make-dist.py", line 268, in Setup
reload(pylib) or FatalError()
File "/wrkdirs/usr/ports/lang/modula3/work/cm3-b2ce705/scripts/python/pylib.py", line 655, in <module>
if Host.endswith("_NT") or Host == "NT386":
AttributeError: 'NoneType' object has no attribute 'endswith'
Reported by: pkg-fallout
Fix named when using plugins and chroot.
BIND9 introduced plugins and migrated the filter-aaaa feature to a
plugin.
As it loads its plugins late in the startup process (read after chroot),
the plugins need to be available in the chroot.
Also, refactor the code now that a second directory need to be handled.
PR: 238011
Reported by: ryan@timewasted.me
Bumped seahub version for init script to fix gunicorn binary name
Fix checksum due to retagged version
Change currently unused init var seahub_host so
there is no breakage for current users of seahub.
Change hard coded 0.0.0.0 for gunicorn start to
seahub_host.
PR: 237366 237367
Approved by: ports-secteam (joneum)
Add the 11.3-BETA3 MANIFEST files.
Remove the 11.3-BETA2 MANIFEST files.
Approved by: portmgr (implicit, re blanket)
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
www/gitea: Update to 1.8.2
Changelog:
* Fix possbile mysql invalid connnection error
* Handle invalid administrator username on install page
* Disable arm7 builds
* Fix default for allowing new organization creation for new users
* SearchRepositoryByName improvements and unification
* Fix u2f registrationlist ToRegistrations() method
* Allow collaborators to view repo owned by private org
* Use AppURL for Oauth user link
* Escape the commit message on issues update
* Fix regression for API users search
* Handle early git version's lack of get-url
* Fix wrong init dependency on markup extensions
https://github.com/go-gitea/gitea/releases/tag/v1.8.2
PR: 238239
Submitted by: stb@lassitu.de (maintainer)
Approved by: ports-secteam (miwi)
security/bro: Update to 2.6.2 and address several denial of service
vulnerabilities:
https://raw.githubusercontent.com/zeek/zeek/bb979702cf9a2fa67b8d1a1c7f88d0b56c6af104/NEWS
- Integer type mismatches in BinPAC-generated parser code and Bro
analyzer code may allow for crafted packet data to cause
unintentional code paths in the analysis logic to be taken due
to unsafe integer conversions causing the parser and analysis
logic to each expect different fields to have been parsed. One
such example, reported by Maksim Shudrak, causes the Kerberos
analyzer to dereference a null pointer. CVE-2019-12175 was
assigned for this issue.
- The Kerberos parser allows for several fields to be left
uninitialized, but they were not marked with an &optional attribute
and several usages lacked existence checks. Crafted packet data
could potentially cause an attempt to access such uninitialized
fields, generate a runtime error/exception, and leak memory.
Existence checks and &optional attributes have been added to the
relevent Kerberos fields.
- BinPAC-generated protocol parsers commonly contain fields whose
length is derived from other packet input, and for those that
allow for incremental parsing, BinPAC did not impose a limit on
how large such a field could grow, allowing for remotely-controlled
packet data to cause growth of BinPAC's flowbuffer bounded only
by the numeric limit of an unsigned 64-bit integer, leading to
memory exhaustion. There is now a generalized limit for how
large flowbuffers are allowed to grow, tunable by setting
"BinPAC::flowbuffer_capacity_max".
Approved by: ler (mentor, implicit)
Security: 177fa455-48fc-4ded-ba1b-9975caa7f62a
Approved by: ports-secteam (miwi)
Update e2fsprogs to new upstream release 1.45.2
Various bugfixes, and added Portuguese locale.
Update the Czech, Malay, Polish, Spanish, Swedish, and Ukarainian translations.
Release notes:
<http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.2>
Approved by: ports-secteam (miwi)
tsocks(8) suggests the the following line (twice):
LD_PRELOAD=/usr/local/lib/tsocks/libtsocks.so
This is wrong, because the library is installed under regular path,
without the `tsocks' subdirectory.
Fix the manpage accordingly.
Notified by: danfe
Approved by: ports-secteam (blanket)
Belatedly add MANIFEST files for 11.3-BETA1.
Approved by: portmgr (implicit, re blanket)
Approved by: bdrewery (maintainer, implicit, re blanket)
Sponsored by: The FreeBSD Foundation
Approved by: portmgr (with hat)
Update neovim to 0.3.5
Maintenance release to fix issues found in v0.3.4.
options: properly reset directories on 'autochdir'
Remove MSVC optimization workaround for SHM_ALL
Make SHM_ALL to a variable instead of a compound literal #define
doc: mention "pynvim" module rename
screen: don't crash when drawing popupmenu with 'rightleft' option
look-behind match may use the wrong line number
:terminal : set topline based on window height
:recover : Fix crash on non-existent *.swp
Disable LuaJIT on non-x86 architectures
The version of LuaJIT in port doesn't work well (or at all) for neovim
on non-x86 architectures. Plus, some users (at least the submitter, who
made a good argument for it) may not want LuaJIT at all.
So, make LuaJIT an OPTION. Enable it by default, and exclude it from
all the archs that LuaJIT+neovim doesn't work on. Fall back instead on
normal Lua.
PR: 238079
Submitted by: Greg V
Fix build when using GCC. Needed by GCC architectures.
Tested for no breakage on amd64 with Clang.
PR: 235921
Reviewed by: tcberner
Approved by: tcberner (mentor)
devel/qt5: Follow-up to r499101
- Move the GCC related path fix into freebsd-g++/qmake.conf
Otherwise the inclusion of the GCC path would break clang
based systems when gcc-${GCC_DEFAULT} was installed.
- This might break GCC architectures again, and if so, that
will be fixed in a follow up commit.
PR: 235921
qt5: fix build on gcc architectures
- the sed call was only replacing one of the %%LOCALBASE%% by ${LOCALBASE},
due to the missing 'g' flag to the sed call.
- with this change the gcc architectures should be able to build Qt5 again.
PR: 237745
Submitted by: Mark Millard <marklmi26-fbsd@yahoo.com>, jwb
Reported by: pkubaj
Approved by: ports-secteam (joneum via irc)
After upgrading to version 20100318_4, users reported ValueError for
some disks [1]
Also fix Python 3.x compatibility [2]
While I'm here:
- Pet portlint, NO_* in USE{S} section
- Make concurrent-safe, installs executables in libexec
PR: 236873
Reported by: Thomas Eckhardt <freebsd eckieck de> [1]
Submitted by: Thomas Eckhardt <freebsd eckieck de> [1]
Submitted by: Krzysztof <ports bsdserwis com> (maintainer) [2]
Approved by: Krzysztof <ports bsdserwis com> (maintainer)
Approved by: ports-secteam (miwi, blanket: runtime bugfix)
This package supports Python 3.x support, so allow it accordingly. It is
required for an upcoming www/py-autobahn update (Python 2/3 compatible).
During QA, a UnicodeDecodeError was observed running tests under Python 3:
File "/usr/local/lib/python3.6/site-packages/py/_vendored_packages/iniconfig.py", line 82, in _parse
for lineno, line in enumerate(line_iter):
File "/usr/local/lib/python3.6/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 165: ordinal not in range(128)
pytest uses the py package, which vendors the iniconfig package, which
isn't unicode aware [1][2][3]. Patch out unicode characters from setup.cfg
accordingly until it's resolved.
While investigating the cause of the above issue, a fix for setup.cfg's
encoding was identified, which removes the need to set the locale via
USE_LOCALE so remove it accordingly.
While I'm here:
- Pet portlint, spurious space at end of line in pkg-descr
- Add LICENSE_FILE/TEST_DEPENDS/test target/NO_ARCH
[1] https://github.com/pytest-dev/pytest/issues/3799
[2] https://github.com/RonnyPfannschmidt/iniconfig/issues/5
[3] https://github.com/RonnyPfannschmidt/iniconfig/issues/4
portlint: OK (looks fine.)
porttest: OK (poudriere: 12amd64{py36,py27})
maketest: 215 passed, 1 skipped in 3.29 seconds (Python 2.7)
maketest: 209 passed, 7 skipped in 3.07 seconds (Python 3.6)
Approved by: portmgr (blanket: ports/framework compliance)
Approved by: ports-secteam (joneum, blanket: ports/framework compliance)
This package installs scripts into LOCALBASE/bin, so must be concurrent
safe so packages for multiple Python versions don't conflict [1] on
installation.
[1] https://lists.freebsd.org/pipermail/freebsd-ports/2019-May/116293.html
Reported by: Luis Espinoza Jr. <ljejr hotmail com> (via freebsd-ports) [1]
Approved by: koobs (python, maintainer)
Approved by: ports-secteam (blanket: port bug(s))
audio/lv2: Fix Python (3.x) build, Add missing dependencies
While lv2 itself works fine with any Python version we support, the build
fails using a Python > 3.6, since the build bundles an old version of waf.
waf upstream fixed the bug in a later version. [1]
Restrict Python to up to 3.6 for now. [2]
While here:
- Add missing dependencies identified in QA. [3]
- Pet portlint (USES order)
[1] facdc0b173
PR: 235103
Reported by: cs [3]
Submitted by: Charlie Li <ml+freebsd vishwin info> [2][3]
Approved by: Michael Beer <beerml sigma6audio de>
audio/lv2: Remove CONFLICTS_INSTALL
lv2core expired and was deleted on 2016-11-30 in ports r427460
I only noted this after committing ports r499627, so remove it accordingly.
PR: 235103
Approved by: Michael Beer <beerml sigma6audio de> (maintainer)
Approved by: ports-secteam (blanket: build fix, missing dependencies)
mail/exim: Rename LMDB_LIBS to _LMDB_LIBS
It otherwise looks like an options helper that appears after
bsd.port.options.mk which will be flagged as a DEV_ERROR after
D19553. Rename LMDB_INCLUDES too for consistency.
mail/exim: Fix build (linker) flags
"-export-dynamic" in EXIM_DYNAMIC_LDFLAGS is a linker option, currently
producing a warning during build:
/usr/bin/ld: warning: cannot find entry symbol xport-dynamic; defaulting to 00000000004019c0
The only reason that plugin modules work is that the option is redundant
with -rdynamic.
This change makes the minimum necessary change not relying on linker
argument compatibility (- vs --).
PR: 236426
Submitted by: <andrew tao11 riddles org uk>
Approved by: portmgr (maintainer timeout: ~6 weeks, "just fix it")
Approved by: ports-secteam (blanket: port bug(s))
Update to upstream release 1.1.1
While on it:
- Pet portlint
- Fix missing USES=gnome
multimedia/libbluray: Fix environment variable conflict with portmaster
libbluray (> 1.0.2,1) uses the PACKAGES variable in its configure scripts
that contains the names of packages it depends on. Portmaster also uses the
PACKAGES environment variable.
Using portmaster to install libbluray results in a corrupted libbluray
pkgconfig file containing portmasters PACKAGES path:
Requires.private: /usr/home/koobs/repos/freebsd/ports/packages libxml-2.0 freetype2 fontconfig
This breaks libbluray consumers such as ffmpeg.
This change nulls out the PACKAGES variable during the configure stage of
the build to prevent the issue. [1]
While I'm here,
- Sort JAVA_* and USE_* entries.
PR: 226009
Reported by: Martin Birgmeier <d8zNeCFG aon at> [1]
Submitted by: VVD <vvd unislabs com> [1]
Approved by: portmgr (unmaintained port)
Approved by: ports-secteam (blanket: bugfix release(s), runtime bugfix, missing dependencies)
- Rejig test invocation to exclude a test that hangs
- Update pkg-descr WWW to https://, where it redirects to
Changelog:
https://www.fabfile.org/changelog-v1.html
PR: 235194
Submitted by: Dani <i.dani outlook com>
Approved by: ports-secteam (blanket: bugfix release(s))
Upstream supports and tests against up to Python 3.6 [1] and declares up to
3.6 in its Trove Classifiers [2].
Fix incorrect Python version support declaration in USES=python accordingly,
allowing Python 3.x builds. [3]
While I'm here, add TEST_DEPENDS and a test target to help with QA.
[1] https://github.com/diyan/pywinrm/blob/master/.travis.yml
[2] setup.py: 'Programming Language :: Python :: 3.6'
PR: 237178 [3]
Reported by: <timp87 gmail com> [3]
Approved by: portmgr (blanket: bug fix, framework compliance)
Approved by: ports-secteam (blanket: bugfix)
databases/pgpool: Upgrade from 3.4.23 to 3.4.24
Changelog:
Enhancements
- Speed up failover when all of backends are down. (Tatsuo Ishii)
- pgpool-recovery extension and pgpool_setup is now ready for the next major release PostgreSQL 12. (Tatsuo Ishii)
Bug fixes
- Fix the wrong error message "ERROR: connection cache is full", when all backend nodes are down. (bug 487) (Bo Peng)
- Avoid exit/fork storm of pool_worker_child process. (Tatsuo Ishii)
- Fix black_function_list's broken default value. (Tatsuo Ishii)
- Fix "not enough space in buffer" error. (bug 499) (Tatsuo Ishii)
- The error occurred while processing error message returned from backend and the cause is that the query string in question is too big. Problem is, the buffer is in fixed size (8192 bytes). Eliminate the fixed size buffer and use palloced buffer instead. This also saves some memory copy work.
- Fix DROP DATABASE failure. (Tatsuo Ishii)
- Fix wrong variable in read_status_file() function. (bug 493) (Takuma Hoshiai)
- Fix compiler warnings. (Tatsuo Ishii)
Changelog taken from: http://www.pgpool.net/docs/latest/en/html/release-3-4-24.html
Approved by: ports-secteam (mivy)
graphics/drm-devel-kmod: fix package
Fix packaging of graphics/drm-devel-kmod, the amdkfd module has been
disabled, and I missed this last night. Remove it from the pkg-plist by
commenting it out for all architectures for now.
This is a stop gap measure to get the port to package, until I can touch
base with johalun and jmd about how to handle this permanently.
Sponsored by: B3 Init
Approved by: ports-secteam (implicit, drm-drivers blanket)
add graphics/drm-devel-kmod
Add graphics/drm-devel-kmod, development version of the lkpi based DRM
graphics drivers. This version is experimental, and for recent CURRENT
only.
This version currently corresponds to Linux 5.0 DRM drivers, and should give
better support for more recent Intel and AMD GPUs.
Please note that this port is copied from drm-current-kmod, rather than
resurrected from the old drm-devel-kmod port, that's because
drm-current-kmod was created by copying the old drm-devel-kmod when that
went to a more stable version.
Big thank you to everyone who has worked on this, and johalun in particuar,
who has done most of the heavy lifting.
Approved by: jmd (maintainer, implicit)
Sponsored by: B3 Init
drm-kmod ports: Update conflicts
Update conflicts for all drm-kmod ports to take into account the new
drm-devel-kmod port.
Sponsored by: B3 Init
Remove old drm-devel-kmod entry
Sponsored by: B3 Init
graphics/drm-current-kmod: Adjust FreeBSD compat
Update the FreeBSD OSVERSION compat of drm-current-kmod after the latest
update in r502043.
Suggested by: jbeich
Discussed with: johalun
Aproved by: jmd (maintainer, implicit)
Sponsored by: B3 Init
Approved by: ports-secteam (implicit, drm-drivers blanket)
graphics/drm-current-kmod: Update snapshot
Update graphics/drm-current-kmod to the latest snapshot.
This update takes into account changes in lkpi in base, and makes use of
debugfs in base, instead of the bundled one.
note: If you are on an older version of current, prior to r347973, you might
need to update current first, before updating this driver.
Approved by: jmd (maintainer, implicit)
Sponsored by: B3 Init
Approved by: ports-secteam (implicit, drm-drivers blanket)
www/firefox: restore SafeBrowsing v4 after r495403
Required for phishing protection. Not covered by uBlock Origin lists.
Looks like #Mozilla didn't announce the POLA-violating change anywhere
public despite backporting to ESR60.
https://bugzilla.mozilla.org/show_bug.cgi?id=1531176
Approved by: ports-secteam blanket
Add explicit build depend on python, since it's actually used during
the install phase.
PR: 237862
Submitted by: Christopher <inbox@alleghenycomputer.com>
Approved by: ports-secteam (miwi)
databases/mysql80-{client, server}: Update to latest release 8.0.16
This update includes:
Bugfixes:
- InnoDB: Undo tablespaces remained unencrypted after enabling
undo tablespace encryption at startup. (Bug #29477795)
- InnoDB: Problematic macros introduced with undo tablespace DDL support
(Bug #29324132, Bug #94243).
- InnoDB: Static thread local variables defined at the wrong scope
were not released at thread exit. (Bug #29305186)
- Memory leaks discovered in the innochecksum (Bug #28917614, Bug #93164).
New features:
- MySQL C API now supports asynchronous functions for
nonblocking communication with the MySQL server.
- MySQL now supports a new Chinese collation, utf8mb4_zh_0900_as_cs
- CMake now causes the build process to link with the llvm lld linker
for Clang if it is available.
Security Fix:
CVE-2019-2632, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695 and other fixes.
More info: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
PR: 237399
Reported by: Brent Busby <brent@jfi.uchicago.edu>
Sponsored by: The FreeBSD Foundation
Approved by: ports-secteam (feld, CVE-patch blanket)
databases/mysql57-{client, server}: Update to latest release 5.7.26
This update includes:
Bugfix:
- InnoDB: Optimized internal temporary tables did not support
in-place UPDATE operations
- InnoDB: A function called by a CREATE TABLE thread attempted access after free()
- InnoDB: The INDEX_LENGTH value in INFORMATION_SCHEMA.TABLES
was not updated when adding an index
- The authentication_ldap_simple plugin could enforce authentication incorrectly
More info: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html
Security Fix:
CVE-2019-2632, CVE-2019-1559, CVE-2018-3123, and other fixes.
More info: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
PR: 237399
Reported by: Brent Busby <brent@jfi.uchicago.edu>
Sponsored by: The FreeBSD Foundation
Approved by: ports-secteam (feld, CVE-patch blanket)
databases/mysql56-{client, server}: Update to latest release 5.6.44
This update includes
Bugfix:
- InnoDB: The INDEX_LENGTH value in INFORMATION_SCHEMA.TABLES
was not updated when adding an index
- MySQL 5.6 did not build with maintainer mode enabled with GCC 7
- A damaged mysql.user table could cause a server exit
- mysqladmin shutdown did not wait for mysqld to shut down
More info: https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-44.html
Security Fix:
CVE-2019-1559, CVE-2018-3123 and other fixes.
More info: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL<Paste>
PR: 237399
Reported by: Brent Busby <brent@jfi.uchicago.edu>
Sponsored by: The FreeBSD Foundation
Approved by: ports-secteam (feld, CVE-patch blanket)
sysutils/py-google-compute-engine: disable boto
This avoids breakage when running with python3
PR: 237877
Submitted by: Lucas Kanashiro <lucas.kanashiro@collabora.com> (maintainer)
Approved by: ports-secteam (implicit, bug fix)
Patch to add missing config and take the maintainership
Two new variables was added to instance_config.cfg file
in version 2.8.13 to allow the addition and removal of
users from groups.
I am also taking over the maintainership of this packages
as previously discussed with Helen.
Bump PORTREVISION.
PR: 236500
Submitted by: Lucas Kanashiro <lucas.kanashiro@collabora.com>
Approved by: Helen Koike <helen.koike@collabora.com> (maintainer)
sysutils/py-google-compute-engine: update to 20190416 [1]
This fixes a python3 runtime issue [1]
While here, pull in missing dependency in python3 case [2]
PR: 237505 [1]
PR: 237203 [2]
Submitted by: Lucas Kanashiro <lucas.kanashiro@collabora.com> (maintainer) [1]
Submitted by: Miroslav Lachman <000.fbsd@quip.cz> [2]
Approved by: Lucas Kanashiro <lucas.kanashiro@collabora.com> (maintainer) [2]
sysutils/py-google-compute-engine: fix daemons in python 2.7 case
PR: 237845
Reviewed by: koobs
Approved by: implicit (portmgr, python, jfi blanket)
Approved by: ports-secteam (implicit)
The PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 11.3, 10.8, 9.6.13,
9.5.17, and 9.4.22. This release fixes two security issues in the
PostgreSQL server, a security issue found in two of the PostgreSQL
Windows installers, and over 60 bugs reported over the last three months.
Security: CVE-2019-10129: Memory disclosure in partition routing
Prior to this release, a user running PostgreSQL 11 can read arbitrary
bytes of server memory by executing a purpose-crafted INSERT statement
to a partitioned table.
Security: CVE-2019-10130: Selectivity estimators bypass row security policies
PostgreSQL maintains statistics for tables by sampling data available in
columns; this data is consulted during the query planning process. Prior
to this release, a user able to execute SQL queries with permissions to
read a given column could craft a leaky operator that could read
whatever data had been sampled from that column. If this happened to
include values from rows that the user is forbidden to see by a row
security policy, the user could effectively bypass the policy. This is
fixed by only allowing a non-leakproof operator to use this data if
there are no relevant row security policies for the table.
This issue is present in PostgreSQL 9.5, 9.6, 10, and 11. The PostgreSQL
project thanks Dean Rasheed for reporting this problem.
Also fix a FreeBSD port problem with LLVM [1] and add promote command
to `service postgresql` [2]
PR: 236100, 234879
Submitted by: tomonori.usaka@ubin.jp [1], Trix Farrar [2]
Approved by: ports-secteam (joneum)
- Add USES=shebangfix where required in geany and geany-plugin-*
ports. This fixes build issues reported by users [1]
- Only bump PORTREVISION for geany-plugin-geanypy since the file
modified in it by shebangfix is actually installed with the pkg
PR: 237862 [1]
Submitted by: Christopher <inbox@alleghenycomputer.com>
Approved by: ports-secteam (joneum)
sysutils/pesign: mark BROKEN after r501212
In file included from /usr/local/include/nss/nss/cert.h:22,
from efikeygen.c:39:
efikeygen.c: In function 'add_cert_type':
/usr/local/include/nss/nss/certt.h:445:5: error: unsigned conversion from 'int' to 'unsigned char' changes value from '496' to '240' [-Werror=overflow]
(NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_EMAIL | \
^
efikeygen.c:208:23: note: in expansion of macro 'NS_CERT_TYPE_APP'
unsigned char type = NS_CERT_TYPE_APP;
^~~~~~~~~~~~~~~~
Reported by: pkg-fallout
Approved by: ports-secteam blanket
security/nss: unbreak on powerpc64 after r501212
crypto_primitives.c: In function 'swap8b':
crypto_primitives.c:31: error: 'SHA_MASK8' undeclared (first use in this
function)
crypto_primitives.c:31: error: (Each undeclared identifier is reported only
once
crypto_primitives.c:31: error: for each function it appears in.)
crypto_primitives.c:32: error: 'SHA_MASK16' undeclared (first use in this
function)
PR: 237841
Reported by: jhibbits
Approved by: ports-secteam blanket
Apply fix for installation with ruby 2.5
PR: 237478
Submitted by: Koichiro Iwao
Approved by: portmgr (blanket: Build, runtime or packaging fixes, if the quarterly branch version is currently broken)
- Fix reported sporadic crashes
- Enumerate all displays for backlight support
- Fix some compile warnings
- When building debug binaries enable extra debugging code too
PR: 237714
Submitted by: rozhuk.im@gmail.com
Approved by: ports-secteam (miwi)
emulators/rpcs3: unbreak EVDEV after r487789
In file included from rpcs3/rpcs3qt/pad_settings_dialog.cpp:24:
In file included from rpcs3/evdev_joystick_handler.h:7:
/usr/local/include/libevdev-1.0/libevdev/libevdev.h:30:10: fatal error: 'linux/input.h' file not found
#include <linux/input.h>
^~~~~~~~~~~~~~~
Approved by: ports-secteam blanket
emulators/rpcs3: document broken GDB after r482459
Utilities/GDBDebugServer.cpp:357:36: error: no member named 'cr_pack' in 'ppu_thread'
return u32_to_padded_hex(thread->cr_pack());
~~~~~~ ^
Utilities/GDBDebugServer.cpp:386:11: error: no member named 'cr_unpack' in 'ppu_thread'
thread->cr_unpack(hex_to_u32(value));
~~~~~~ ^
Utilities/GDBDebugServer.cpp:736:22: error: out-of-line definition of 'on_task' does not match any declaration in 'GDBDebugServer'
void GDBDebugServer::on_task()
^~~~~~~
Utilities/GDBDebugServer.cpp:811:22: error: out-of-line definition of 'on_exit' does not match any declaration in 'GDBDebugServer'
void GDBDebugServer::on_exit()
^~~~~~~
Utilities/GDBDebugServer.cpp:822:29: error: out-of-line definition of 'get_name' does not match any declaration in 'GDBDebugServer'
std::string GDBDebugServer::get_name() const
^~~~~~~~
Utilities/GDBDebugServer.cpp:827:22: error: out-of-line definition of 'on_stop' does not match any declaration in 'GDBDebugServer'
void GDBDebugServer::on_stop()
^~~~~~~
Utilities/GDBDebugServer.cpp:831:8: error: no member named 'notify' in 'GDBDebugServer'
this->notify();
~~~~ ^
Utilities/GDBDebugServer.cpp:832:2: error: use of undeclared identifier 'old_thread'; did you mean 'pad_thread'?
old_thread::on_stop();
^~~~~~~~~~
pad_thread
rpcs3/Emu/System.h:197:38: note: 'pad_thread' declared here
std::function<std::shared_ptr<class pad_thread>()> get_pad_handler;
^
Utilities/GDBDebugServer.cpp:832:2: error: incomplete type 'pad_thread' named in nested name specifier
old_thread::on_stop();
^~~~~~~~~~~~
rpcs3/Emu/System.h:197:38: note: forward declaration of 'pad_thread'
std::function<std::shared_ptr<class pad_thread>()> get_pad_handler;
^
Utilities/GDBDebugServer.cpp:841:2: error: use of undeclared identifier 'notify'
notify();
^
rpcs3/Emu/System.cpp:1543:30: error: no member named 'on_stop' in 'GDBDebugServer'
fxm::get<GDBDebugServer>()->on_stop();
~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
Approved by: ports-secteam blanket
Prepare for the pending removal of ispec from GENERIC, making sure
that the ipsec kld is loaded.
Suggested by: gallatin@
Approved by: portmgr (joneum@)
multimedia/ffmpeg: backport AOM warning fix
[libaom-av1 encoder @ 0x807b0d1c0] Value -1.000000 for parameter 'enable-intrabc' out of range [0 - 1]
Approved by: ports-secteam blanket
lang/php71: Update from 7.1.28 to 7.1.29
Changelog:
EXIF:
Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
Mail:
Fixed bug #77821 (Potential heap corruption in TSendMail()).
Changelog taken from: https://www.php.net/ChangeLog-7.php#7.1.29
lang/php71: put mailheader patch back
Reported by: mat
Approved by: ports-secteam (mivy)
devel/aphpunit: Upgrade from 1.7 to 1.8
Changelog:
- Bugfix: now exit with code 1, if no test-cases were found
- Bugfix: now exit with code 1, if not a single assertion was performed
- Bugfix: detected PHP errors are no longer unhandled. They are no reported as error
Changelog taken from: https://gitlab.toco-domains.de/tocOS/APHPUnit/blob/master/CHANGELOG
Approved by: ports-secteam (miwi)
Add AES-CCM and plain SHA digest test vectors.
These will be used to expand testing of OCF crypto algorithms in
future changes to the base system OCF tests.
Approved by: ports-secteam (miwi)
- Add to pjsip a customized config_site.h file with values suggested
by the asterisk project. This allows WebRTC to work correctly in
asterisk out of the box [1]
- Also import some patches to pjsip from the asterisk project. These
patches have already been integrated in upstream pjsip development
sources [2]
Reported by: zhenya1993lzn@yandex.ru [1]
Obtained from: https://github.com/asterisk/asterisk/tree/16.3/third-party/pjproject/patches [2]
Bump PORTREVISION on asterisk ports after r500705 changes to pjsip.
Crashes have been reported, which are fixed by reinstallation.
Reported by: Christoph Moench-Tegeder <cmt@burggraben.net>
Approved by: ports-secteam (joneum, miwi)
mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.6, 0.5.6 respectively.
Dovecot changelog:
* CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer access when authentication was aborted by disconnecting.
* CVE-2019-11499: Submission-login crashed when authentication was started over TLS secured channel and invalid authentication message was sent.
* auth: Support password grant with passdb oauth2.
+ Use system default CAs for outbound TLS connections.
+ Simplify array handling with new helper macros.
+ fts_solr: Enable configuring batch_size and soft_commit features.
- lmtp/submission: Fixed various bugs in XCLIENT handling, including a hang when XCLIENT commands were sent infinitely to the remote server.
- lmtp/submission: Forwarded multi-line replies were erroneously sent as two replies to the client.
- lib-smtp: client: Message was not guaranteed to contain CRLF consistently when CHUNKING was used.
- fts_solr: Plugin was no longer compatible with Solr 7.
- Make it possible to disable certificate checking without setting ssl_client_ca_* settings.
- pop3c: SSL support was broken.
- mysql: Closing connection twice lead to crash on some systems.
- auth: Multiple oauth2 passdbs crashed auth process on deinit.
- HTTP client connection errors infrequently triggered a segmentation fault when the connection was idle and not used for a particular client instance.
Pigeonhole changelog:
+ sieve: Redirect loop prevention is sometimes ineffective. Improve existing loop detection by also recognizing the
X-Sieve-Redirected-From header in incoming messages and dropping redirect actions when it points to
the sending account. This header is already added by the redirect action, so this improvement only adds an additional use of this header.
- sieve: Prevent execution of implicit keep upon temporary failure occurring at runtime.
Security: CVE-2019-11494
Security: CVE-2019-11499
Approved by: ports-secteam (miwi)
graphics/drm-current-kmod: Update to latest snapshot.
Fixes compilation on recent HEAD.
Update drm driver snapshots
Update the drm drivers for current (drm-current-kmod) and for 12
(drm-fbsd12.0-kmod) to their respective latest snapshots.
This includes fixes to debugging output using debugfs.
Approved by: jmd (maintainer, implicit)
Sponsored by: B3 Init (zeising)
Approved by: ports-secteam (implicit, drm-drivers blanket)
Approved by: portmgr (miwi)
GCC has two runtime libraries: The static library libgcc.a (-lgcc) and
the shared library libgcc_s.so (-lgcc_s). Both implement many of the
same functions but they also each have their unique functions. When
GCC links programs and libraries there are three possibilities:
1. gcc -static-libgcc or gcc -static: -lgcc
=> Just use libgcc.a.
2. gcc -shared-libgcc: -lgcc_s -lgcc
=> Link with libgcc_s first, so libgcc.a is only used for its unique
functions.
3. gcc: -lgcc -Wl,--as-needed -lgcc_s -Wl,--no-as-needed
=> Link with libgcc.a first so libgcc_s is only used for its unique
functions (_Unwind_* functions).
Approach 3 is the default for gcc and it's also what clang and clang++ use;
approach 2 is the default for gfortran, g++ and probably other front ends.
This patch makes 3 the default for gfortran. It significantly reduces
the use of libgcc_s. The _Unwind_* functions are also available in the
old base system libgcc_s which means this reduces the need for
-rpath /usr/local/lib/gccN in ports that depend on libraries built with
gfortran. Consider a dependency tree like this:
prog -> libA -> libgcc_s (old base system libgcc_s is fine)
-> libB -> libgcc_s (libB built with gfortran, needs new libgcc_s)
Here prog needs to be linked with -rpath /usr/local/lib/gccN even if it's
a normal C program compiled with clang. Without -rpath it will fail to
start because it loads old libgcc_s first as a dependency of libA and then
it fails to load libB. With this patch libB works with old base system
libgcc_s or may not need libgcc_s at all, so prog does not need to be
linked with -rpath.
PR: 208120
Submitted by: tijl
Add BUILD_DEPENDS
security/nettle requires gmp 6.0.0+, otherwise support for public key algorithms will be unavailable.
PR: 237582
Submitted by: eugen
Approved by: ports-secteam (blanket)
Update drm kmod ports
Update drm-fbsd11.2-kmod and drm-fbsd12.0-kmod to their latest snapshots.
This fixes loading order issues with ttm.
Approved by: ports-secteam (implicit, drm-driver blanket)
x11/cde: Fix building on FreeBSD 12
Add some missing dependencies and a couple more shebang fixes
PR: ports/237518
Submitted by: Thomas Merkel
Approved by: portmgr (build fix blanket)
net-mgmt/dhcdrop: Fix build on FreeBSD >= 12.0 and unbreak STATIC option
Add missing libibverbs dependency when linking statically. On
FreeBSD >= 12.0 libpcap needs libibverbs:
/usr/bin/ld: error: undefined symbol: ibv_get_device_list
>>> referenced by pcap-rdmasniff.c:370 (/usr/src/contrib/libpcap/pcap-rdmasniff.c:370)
>>> pcap-rdmasniff.o:(rdmasniff_create) in archive /usr/lib/libpcap.a
http://beefy6.nyi.freebsd.org/data/120amd64-default/499421/logs/errors/dhcdrop-0.5_2.log
While here fix the STATIC option. Currently the port always links
statically since --disable-static-build is broken and also enables
static linking.
Reported by: antoine, pkg-fallout
Approved by: ports-secteam blanket
- Prevent detection of autogen. It causes some files to be regenerated
and then they require a newer header than is provided with gnutls.
- Remove ZLIB option. It's no longer available.
PR: 237419
Reported by: Kevin Oberman <rkoberman@gmail.com>
Approved by: ports-secteam (blanket)
sysutils/memtest86+: Remove gcc run dependency
The port provides bootable images only and does not install any
userspace binaries or libraries.
Approved by: ports-secteam blanket
mail/dovecot: upgrade to 2.3.5.2
* CVE-2019-10691: Trying to login with 8bit username containing
invalid UTF8 input causes auth process to crash if auth policy is
enabled. This could be used rather easily to cause a DoS. Similar
crash also happens during mail delivery when using invalid UTF8 in
From or Subject header when OX push notification driver is used.
Security: CVE-2019-10691
Approved by: ports-secteam (miwi)
games/renpy: unbreak on armv6 and armv7
In file included from ffmedia.c:13:
/usr/include/malloc.h:3:2: error: "<malloc.h> has been replaced by <stdlib.h>"
#error "<malloc.h> has been replaced by <stdlib.h>"
^
Reported by: pkg-fallout
Approved by: ports-secteam blanket
Fix build with clang 8.
Workaround clang 8 compile issues on head. Note that this requires
changes to the kernel source tree in r345196.
While here, switch to using a date for the version number since there
are no real version numbers in the git repository. This doesn't use
the 'g' prefix since the older versions that already exist would sort
after it.
PR: 236207
Reviewed by: swills, jrm
Differential Revision: https://reviews.freebsd.org/D19602
Approved by: ports-secteam (implicit)
Fix build when hamlib is installed.
Put /usr/local/include at end of AM_CPPFLAGS instead of at beginning,
ensures the included header files are used.
Link included hamlib using ${libdir}/libhamlib.a rather than -lhamlib to
ensure the included static hamlib is used instead of a dynamic one in the
library path.
Approved by: ports-secteam (miwi)
Add missing run dependency to security/ca_root_nss
Caddy has a feature for automatic Certification installation
from let's encrypt for HTTPS.
Without security/ca_root_nss certificates are impossible to
install, because root certificate is missing.
Bump PORTREVISION.
PR: 237293
Submitted by: Pwny Tail <pwnytail@bsd.services>
Approved by: Fabian Freyer <fabian.freyer@physik.tu-berlin.de> (maintainer)
Approved by: ports-secteam
net-mgmt/mk-livestatus: Restore fix from r485075
mk-livestatus always builds with Nagios 4 support again and
--without-nagios4 is still broken.
PR: 232716
Reported by: Leonid Vasiliev <leo9641@yandex.ru>
Approved by: egypcio (maintainer)
Approved by: ports-secteam blanket
Mark BROKEN: fails to configure
checking for NETTLE... no
configure: error: Package requirements (nettle >= 2.4) were not met:
Package 'nettle', required by 'virtual:world', not found
Reported by: pkg-fallout
Fix build of www/squid and www/squid-devel with clang 8
This fixes an error with a defaulted copy constructor:
../../src/security/ServerOptions.h:38:5: error: explicitly defaulted copy constructor is implicitly deleted [-Werror,-Wdefaulted-function-deleted]
ServerOptions(const ServerOptions &) = default;
^
../../src/security/ServerOptions.h:110:29: note: copy constructor of 'ServerOptions' is implicitly deleted because field 'clientCaStack' has a deleted copy constructor
X509_NAME_STACK_Pointer clientCaStack;
^
/usr/include/c++/v1/memory:2494:3: note: copy constructor is implicitly deleted because 'unique_ptr<stack_st_X509_NAME, Security::ServerOptions::sk_X509_NAME_free_wrapper>' has a user-declared move constructor
unique_ptr(unique_ptr&& __u) noexcept
^
The copy constructor can instead be deleted.
Approved by: portmgr (joneum)
PR: 236210
net/remotebox: Update dependency after net/tigervnc separation
- vncviewer is now installed as net/tigervnc-viewer
- Bump PORTREISION due to dependency change
- Pet portlint (extra item in USES section)
PR: 236928
Submitted by: myself
Approved by: kai (maintainer)
Approved by: portmgr (antonie)
databases/pgpool-II-40: Upgrade from 4.0.3 to 4.0.4
Changelog:
Enhancements
* Add new configuration option ssl_prefer_server_ciphers. (Muhammad Usama)
Add the new setting ssl_prefer_server_ciphers to let users configure if they want client's or server's cipher order to take preference.
The default for this parameter is off, which prioritize the client's cipher order as usual. However this is just for keeping backward compatibility, and it is possible that a malicious client uses weak ciphers. For this reason we recommend to set this parameter to on at all times.
* Allow to set a client cipher list. (Tatsuo Ishii, Yugo Nagata)
For this purpose new parameter ssl_ciphers, which specifies the cipher list to be accepted by Pgpool-II, is added. This is already implemented in PostgreSQL and useful to enhance security when SSL is enabled.
Bug fixes
* Fix unnecessary fsync() to pgpool_status file. (Tatsuo Ishii)
Whenever new connections are created to PostgreSQL backend, fsync() was issued to pgpool_status file, which could generate excessive I/O in certain conditions. So reduce the chance of issuing fsync() so that it is issued only when backend status is changed.
* Doc: add more explanation to follow_master_command. (Tatsuo Ishii)
Add description how follow_master_command is executed etc.
* Doc: add note to detach_false_primary configuration parameter. (bug 469) (Tatsuo Ishii)
To use this feature, sr_check_user must be super user or in pg_monitor group.
Changelog taken from: http://www.pgpool.net/docs/latest/en/html/release-4-0-4.html
Approved by: ports-secteam (joneum)
databases/pgpool-II-37: Upgrade from 3.7.8 to 3.7.9
Changelog:
Enhancements
* Add new configuration option ssl_prefer_server_ciphers. (Muhammad Usama)
Add the new setting ssl_prefer_server_ciphers to let users configure if they want client's or server's cipher order to take preference.
The default for this parameter is off, which prioritize the client's cipher order as usual. However this is just for keeping backward compatibility, and it is possible that a malicious client uses weak ciphers. For this reason we recommend to set this parameter to on at all times.
* Allow to set a client cipher list. (Tatsuo Ishii, Yugo Nagata)
For this purpose new parameter ssl_ciphers, which specifies the cipher list to be accepted by Pgpool-II, is added. This is already implemented in PostgreSQL and useful to enhance security when SSL is enabled.
Bug fixes
* Fix unnecessary fsync() to pgpool_status file. (Tatsuo Ishii)
Whenever new connections are created to PostgreSQL backend, fsync() was issued to pgpool_status file, which could generate excessive I/O in certain conditions. So reduce the chance of issuing fsync() so that it is issued only when backend status is changed.
Changelog taken from: http://www.pgpool.net/docs/latest/en/html/release-3-7-9.html
Approved by: ports-secteam (joneum)
databases/pgpool-II-36: Upgrade from 3.6.15 to 3.6.16
Changelog:
Enhancements
* Add new configuration option ssl_prefer_server_ciphers. (Muhammad Usama)
Add the new setting ssl_prefer_server_ciphers to let users configure if they want client's or server's cipher order to take preference.
The default for this parameter is off, which prioritize the client's cipher order as usual. However this is just for keeping backward compatibility, and it is possible that a malicious client uses weak ciphers. For this reason we recommend to set this parameter to on at all times.
* Allow to set a client cipher list. (Tatsuo Ishii, Yugo Nagata)
For this purpose new parameter ssl_ciphers, which specifies the cipher list to be accepted by Pgpool-II, is added. This is already implemented in PostgreSQL and useful to enhance security when SSL is enabled.
Bug fixes
* Fix unnecessary fsync() to pgpool_status file. (Tatsuo Ishii)
Whenever new connections are created to PostgreSQL backend, fsync() was issued to pgpool_status file, which could generate excessive I/O in certain conditions. So reduce the chance of issuing fsync() so that it is issued only when backend status is changed.
Changelog taken from: http://www.pgpool.net/docs/latest/en/html/release-3-6-16.html
Approved by: ports-secteam (joneum)
databases/pgpool: Upgrade from 3.5.19 to 3.5.20
Changelog:
Enhancements
* Add new configuration option ssl_prefer_server_ciphers. (Muhammad Usama)
Add the new setting ssl_prefer_server_ciphers to let users configure if they want client's or server's cipher order to take preference.
The default for this parameter is off, which prioritize the client's cipher order as usual. However this is just for keeping backward compatibility, and it is possible that a malicious client uses weak ciphers. For this reason we recommend to set this parameter to on at all times.
* Allow to set a client cipher list. (Tatsuo Ishii)
For this purpose new parameter ssl_ciphers, which specifies the cipher list to be accepted by Pgpool-II, is added. This is already implemented in PostgreSQL and useful to enhance security when SSL is enabled.
Bug fixes
* Fix unnecessary fsync() to pgpool_status file. (Tatsuo Ishii)
Whenever new connections are created to PostgreSQL backend, fsync() was issued to pgpool_status file, which could generate excessive I/O in certain conditions. So reduce the chance of issuing fsync() so that it is issued only when backend status is changed.
Changelog taken from: http://www.pgpool.net/docs/latest/en/html/release-3-5-20.html
Approved by: ports-secteam (joneum)
databases/pgpool: Update from 3.4.22 to 3.4.23
Changelog:
Enhancements
* Add new configuration option ssl_prefer_server_ciphers. (Muhammad Usama)
Add the new setting ssl_prefer_server_ciphers to let users configure if they want client's or server's cipher order to take preference.
The default for this parameter is off, which prioritize the client's cipher order as usual. However this is just for keeping backward compatibility, and it is possible that a malicious client uses weak ciphers. For this reason we recommend to set this parameter to on at all times.
* Allow to set a client cipher list. (Tatsuo Ishii)
For this purpose new parameter ssl_ciphers, which specifies the cipher list to be accepted by Pgpool-II, is added. This is already implemented in PostgreSQL and useful to enhance security when SSL is enabled.
Bug fixes
* Fix unnecessary fsync() to pgpool_status file. (Tatsuo Ishii)
Whenever new connections are created to PostgreSQL backend, fsync() was issued to pgpool_status file, which could generate excessive I/O in certain conditions. So reduce the chance of issuing fsync() so that it is issued only when backend status is changed.
Changelog taken from: http://www.pgpool.net/docs/latest/en/html/release-3-4-23.html
Approved by: ports-secteam (joneum)
This port requires a C++11-compatible compiler, so add USES=compiler:c++11-lang
to fix build on GCC-based architectures.
While here, add USES=sdl.
PR: 237100
Submitted by: Piotr Kubaj
Approved by: portmgr (tier-2 blanket)
Mark BROKEN on i386
main.cpp:104:24: error: non-constant-expression cannot be narrowed from type 'unsigned int' to 'time_t' (aka 'int') in initializer list [-Wc++11-narrowing]
timeval timeout = {refreshdelay, 0};
^~~~~~~~~~~~
Reported by: pkg-fallout
Mark BROKEN on amd64: fails to configure
checking build system type... Invalid configuration `amd64-portbld-freebsd11.2': machine `amd64-portbld' not recognized
Reported by: pkg-fallout
Add compiler:c++11-lang to USES to fix build on GCC-based architectures:
/usr/local/lib/libgraphite2.so.3: undefined reference to `__cxa_throw_bad_array_new_length@CXXABI_1.3.8'
While here, pet portlint and alpha sort some USE* variables.
Approved by: portmgr (tier-2 blanket)
devel/ccls: Fix build with multiple llvm* packages installed
Apparently it is possible for the build to pick multiple LLVM
versions if LLVM_DIR is not explicitly set similar to Clang_DIR.
$ grep llvm $(make -V CONFIGURE_WRKSRC)/CMakeCache.txt
Clang_DIR:PATH=/usr/local/llvm80/lib/cmake/clang
LLVM_DIR:PATH=/usr/local/llvm50/lib/cmake/llvm
PR: 237089
Submitted by: fullermd@over-yonder.net
Approved by: ports-secteam blanket
Fix build on GCC-based architectures by setting -Wno-reserved-user-defined-literal
only for clang.
While here, pet portlint (add 'gl' to USES).
Approved by: portmgr (tier-2 blanket)
Don't use GCC 4.2 on GCC-based architectures; this port requires at
least GCC 4.7, so change USE_GCC=any to USE_GCC=yes.
PR: 236903
Submitted by: Piotr Kubaj
Approved by: portmgr (tier-2 blanket)
Mark BROKEN on i386
In file included from crafty.c:28:
./tbprobe.c:111:9: error: invalid operand for instruction
__asm__("bsfq %1, %0": "=r"(idx):"rm"(b));
Reported by: pkg-fallout
Include stdarg.h in src/cppstring.cpp to fix build with GCC-based
architectures:
/usr/local/include/gtkmm-2.0/glibmm/thread.h: In function 'void Glib::thread_init(GThreadFunctions*)':
Also add USES=dos2unix (to fix patching cppstring.cpp) gnome.
PR: 237040
Submitted by: Piotr Kubaj
Approved by: portmgr (tier-2 blanket)
Add USES=compiler:c11 to fix build on GCC-based architectures:
/usr/local/include/gnutls/gnutls.h:482: error: expected identifier or '(' before '/' token
While here, also add USES=gnome localbase:ldflags.
PR: 237037
Submitted by: Piotr Kubaj
Approved by: portmgr (tier-2 blanket)
This port needs C++11-compatible compiler. Add USES=compiler:c++11-lang
to fix build on GCC-based architectures:
/usr/local/include/sigc++-2.0/sigc++/visit_each.h:22:23: error: type_traits: No such file or directory
While here, pet portlint.
PR: 236986
Submitted by: Piotr Kubaj
Approved by: portmgr (tier-2 blanket)
Turn off the -Wno-unused-result flag on GCC-based architectures to
fix the following:
cc1: error: unrecognized command line option "-Wno-unused-result"
Approved by: portmgr (tier-2 blanket)
Mark BROKEN: fails to build
util/gen-luatags.pl
cp rltiles/floor.png dat/tiles/floor.png
cp: rltiles/floor.png: No such file or directory
gmake[1]: *** [Makefile:1665: dat/tiles/floor.png] Error 1
Reported by: pkg-fallout
Add compiler:c11 to USES to fix the following on powerpc64:
varchunk/varchunk.h:84: expected specifier-qualifier-list before _Atomic
Approved by: portmgr (tier-2 blanket)
Remove sse flags to fix builds on non-x86 architectures:
g++8: error: unrecognized command line option '-msse'; did you mean '-fdse'?
g++8: error: unrecognized command line option '-mfpmath=sse'
Approved by: portmgr (tier-2 blanket)
Fix the following error on GCC-based architectures:
fails to compile: cc1plus: unrecognized command line option "-std=gnu++11"
Approved by: portmgr (tier-2 blanket)
Add back libdata/pkgconfig/libbcg729.pc file after it was removed
by the 1.0.4 update in r482343.
PR: 236975
Submitted by: sobomax
Approved by: ports-secteam (joneum)
Update PHP 7.3 from 7.3.3 to 7.3.4
Changelog:
Core:
Fixed bug #77738 (Nullptr deref in zend_compile_expr).
Fixed bug #77660 (Segmentation fault on break 2147483648).
Fixed bug #77652 (Anonymous classes can lose their interface information).
Fixed bug #77345 (Stack Overflow caused by circular reference in garbage collection).
Fixed bug #76956 (Wrong value for 'syslog.filter' documented in php.ini).
Apache2Handler:
Fixed bug #77648 (BOM in sapi/apache2handler/php_functions.c).
Bcmath:
Fixed bug #77742 (bcpow() implementation related to gcc compiler optimization).
CLI Server:
Fixed bug #77722 (Incorrect IP set to $_SERVER['REMOTE_ADDR'] on the localhost).
COM:
Fixed bug #77578 (Crash when php unload).
EXIF:
Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).
Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
FPM:
Fixed bug #77677 (FPM fails to build on AIX due to missing WCOREDUMP).
GD:
Fixed bug #77700 (Writing truecolor images as GIF ignores interlace flag).
MySQLi:
Fixed bug #77597 (mysqli_fetch_field hangs scripts).
Opcache:
Fixed bug #77743 (Incorrect pi node insertion for jmpznz with identical successors).
PCRE:
Fixed bug #76127 (preg_split does not raise an error on invalid UTF-8).
Phar:
Fixed bug #77697 (Crash on Big_Endian platform).
phpdbg:
Fixed bug #77767 (phpdbg break cmd aliases listed in help do not match actual aliases).
sodium:
Fixed bug #77646 (sign_detached() strings not terminated).
SQLite3:
Added sqlite3.defensive INI directive.
Standard:
Fixed bug #77664 (Segmentation fault when using undefined constant in custom wrapper).
Fixed bug #77669 (Crash in extract() when overwriting extracted array).
Fixed bug #76717 (var_export() does not create a parsable value for PHP_INT_MIN).
Fixed bug #77765 (FTP stream wrapper should set the directory as executable).
Changelog taken from: https://www.php.net/ChangeLog-7.php#7.3.4
Approved by: ports-secteam (joneum)
Update PHP 7.2 from 7.2.16 to 7.2.17
Changelog:
Core:
Fixed bug #77738 (Nullptr deref in zend_compile_expr).
Fixed bug #77660 (Segmentation fault on break 2147483648).
Fixed bug #77652 (Anonymous classes can lose their interface information).
Fixed bug #77676 (Unable to run tests when building shared extension on AIX).
Bcmath:
Fixed bug #77742 (bcpow() implementation related to gcc compiler optimization).
COM:
Fixed bug #77578 (Crash when php unload).
Date:
Fixed bug #50020 (DateInterval:createDateFromString() silently fails).
Fixed bug #75113 (Added DatePeriod::getRecurrences() method).
EXIF:
Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).
Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
FPM:
Fixed bug #77677 (FPM fails to build on AIX due to missing WCOREDUMP).
GD:
Fixed bug #77700 (Writing truecolor images as GIF ignores interlace flag).
MySQLi:
Fixed bug #77597 (mysqli_fetch_field hangs scripts).
Opcache:
Fixed bug #77691 (Opcache passes wrong value for inline array push assignments).
Fixed bug #77743 (Incorrect pi node insertion for jmpznz with identical successors).
phpdbg:
Fixed bug #77767 (phpdbg break cmd aliases listed in help do not match actual aliases).
sodium:
Fixed bug #77646 (sign_detached() strings not terminated).
SQLite3:
Added sqlite3.defensive INI directive.
Standard:
Fixed bug #77664 (Segmentation fault when using undefined constant in custom wrapper).
Fixed bug #77669 (Crash in extract() when overwriting extracted array).
Fixed bug #76717 (var_export() does not create a parsable value for PHP_INT_MIN).
Fixed bug #77765 (FTP stream wrapper should set the directory as executable).
Changelog taken from: https://www.php.net/ChangeLog-7.php#7.2.17
Approved by: ports-secteam (joneum)
multimedia/dav1d: drop unnecessary dependency on binutils
Probably, remnants from before UNAME_m workaround for aarch64.
Even 0.1.0 builds fine without those.
Approved by: ports-secteam blanket
Conditionalize compiler flags that are specific to clang to fix errors
of the following forms on GCC-based architectures:
cc1plus: error: unrecognized command line option "-Wno-c++11-narrowing"
cc1plus: error: unrecognized command line option "-Wno-reserved-user-defined-literal"
cc1plus: warning: unrecognized command line option '-Wno-error-narrowing'
Approved by: portmgr (tier-2 blanket)
Fix the issue tigervnc-server and -viewer cannot be installed together
when DOCS=on because both ports install LICENSE_FILE into the same place.
Also, following changes are made.
net/tigervnc-{server,viewer}:
- bump PORTREVISION due to plist & dependency change
- do not build tests, it introduces unnecessary dependencies on fltk
net/tigervnc-server:
- add missing dependency on devel/m4
- remove unnecessary dependency on x11-toolkits/fltk
Approved by: portmgr (miwi)
net/xrdp: backport some upstream patches
Upcoming next v0.9.10 includes all of following changes. To apply some
important patches to quarterly packages, pick some patches up and apply.
- Fix typo in man page [1]
- Fix the issue session doesn't start properly after sesman got SIGUP [2]
- Shutdown xrdp daemon more responsively [3]
[1] 46b4a9b7c8
[2] 81703c426f
[3] 0ed82f71e8
Approved by: portmgr (miwi)
emulators/citra: update to s20190402
- Expose AAC via FFmpeg support after r493023
Changes: c1de8acfe...14730ed56
Approved by: ports-secteam (swills, implicit for snapshots)
Mark broken on powerpc*:
contrib/profiler/Profiler.h:158:51: error: inconsistent operand constraints in an 'asm'
It may be an easy fix, but it represents as an architectural problem.
Approved by: portmgr (tier-2 blanket)
multimedia/libva: update upstream patches (nop)
Prefer drmGetNodeTypeFromFd over drmGetDeviceNameFromFd2 but on
FreeBSD there's little difference as both compare strings.
Approved by: ports-secteam blanket
Add compiler:c++11-lang to USES to fix the following on GCC-based
architectures:
/usr/local/lib/libgraphite2.so.3: undefined reference to '__cxa_throw_bad_array_new_length@CXXABI_1.3.8'
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix the following on GCC-based
architectures:
/usr/local/lib/libboost_filesystem.so: undefined reference to 'std::runtime_error::runtime_error(char const*)@GLIBCXX_3.4.21'
While here, pet portlint.
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix the following on GCC-based
architectures:
/usr/local/lib/libgraphite2.so.3: undefined reference to '__cxa_throw_bad_array_new_length@CXXABI_1.3.8'
While here, pet portlint.
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix the following on GCC-based
architectures:
The compiler feature "cxx_decltype" is not known to CXX compiler
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix the following on GCC-based
architectures:
The compiler feature "cxx_decltype" is not known to CXX compiler
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix the following on GCC-based
architectures:
Check for working CXX compiler: /usr/bin/c++ -- broken
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix the following on GCC-based
architectures:
/usr/local/lib/libgraphite2.so.3: undefined reference to '__cxa_throw_bad_array_new_length@CXXABI_1.3.8'
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix the following on GCC-based
architectures:
/usr/local/lib/libgraphite2.so.3: undefined reference to '__cxa_throw_bad_array_new_length@CXXABI_1.3.8'
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix the following on GCC-based
architectures:
/usr/local/lib/libgraphite2.so.3: undefined reference to '__cxa_throw_bad_array_new_length@CXXABI_1.3.8'
While here, pet portlint.
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix the following on GCC-based
architectures:
/usr/local/lib/libgraphite2.so.3: undefined reference to '__cxa_throw_bad_array_new_length@CXXABI_1.3.8'
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix the following on GCC-based
architectures:
cc1plus: error: unrecognized command line option "-std=gnu++11"
Approved by: portmgr (tier-2 blanket)
Add compiler:c++0x to USES to fix the following on GCC-based
architectures:
cc1plus: error: unrecognized command line option "-std=c++0x"
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix the following on GCC-based
architectures:
/usr/local/lib/libgraphite2.so.3: undefined reference to '__cxa_throw_bad_array_new_length@CXXABI_1.3.8'
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix the following on GCC-based
architectures:
/usr/local/lib/libgraphite2.so.3: undefined reference to '__cxa_throw_bad_array_new_length@CXXABI_1.3.8'
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix the following on GCC-based
architectures:
cc1plus: error: unrecognized command line option "-std=gnu++11"
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix the following build failure on
GCC-based architectures:
configure: error: C++ compiler cannot create executables
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to avoid the following problem on
GCC-based architectures:
cc1plus: error: unrecognized command line option "-std=gnu++11"
Approved by: portmgr (tier-2 blanket)
Fix gexiv dependencies in the port.
The port was erroneously depending on graphics/py-exiv2 while in fact it only
needs exiv2 itself (which was always present anyway because py-exiv2 depends on
it). This port builds a Python module that links against exiv2, so clarify the
situation and stop depending on py-exiv2, which is BROKEN and DEPRECATED.
PR: 236806
Approved by: J.R. Oldroyd <fbsd@opal.com> (maintainer)
Approved by: ports-secteam (blanket approval)
multimedia/libva: unbreak DRM backend in some cases
$ vainfo
error: XDG_RUNTIME_DIR not set in the environment.
error: can't connect to X server!
vaInitialize failed with error code 1 (operation failed),exit
$ ls -lL /dev/dri
total 0
crw-rw---- 1 root video 0x188 Mar 30 17:28 card0
crw-rw---- 1 root video 0x208 Mar 30 17:28 renderD128
$ echo $((0x208 & 0x80))
0
Reported by: 김종성 (via private mail)
Approved by: ports-secteam blanket
BROKEN_powerpc64= fails to compile: metadata_lite.h: class 'google::protobuf::internal::InternalMetadataWithArenaLite' does not have any field named 'InternalMetadataWithArenaBase'
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
