r532707 is not in 2020Q2 but 2020Q3 ETA in ~1 day, so use bundled ICU.
https://hg.mozilla.org/releases/mozilla-release/rev/61970f5454db
===> firefox-78.0_2,1 depends on package: icu>=67.1,1 - not found
===> Installing existing package /packages/All/icu-66.1,1.txz
[121amd64-quarterly-job-12] Installing icu-66.1,1...
[121amd64-quarterly-job-12] Extracting icu-66.1,1: .......... done
===> firefox-78.0_2,1 depends on package: icu>=67.1,1 - not found
*** Error code 1
Reported by: pkg-fallout
Approved by: ports-secteam blanket
This updates mail/mutt to 1.14.5
This merges all changes to mail/mutt that have been done to FreeBSD ports
head branch during the 2020Q2 period. This is needed in order to update
mail/mutt to 1.14.5 in order to fix security issues.
mail/mutt: upgrade 1.13.4 -> 1.13.5
- Bring back vvv quote/initials patches
- Remove NNTP option (XML as well)
- Update default option patches context
PR: 245175
Submitted by: Derek Schrock <dereks@lifeofadishwasher.com> (maintainer)
Relnotes: https://marc.info/?l=mutt-users&m=158542977114051&w=2
mail/mutt: update 1.13.5 -> 1.14.0
- Default DEBUG option
(very small performance impact and ~4% binary size increase)
PR: 246270
Submitted by: Derek Schrock <dereks@lifeofadishwasher.com> (maintainer)
Relnotes: http://www.mutt.org/relnotes/1.14/
mail/mutt: update 1.14.0 -> 1.14.1
- Rename DEBUG option to DEBUG_LOGS
- Add lang/perl5 deps that triggers a Muttrc rebuild
- Make smime patch optional due to perl build deps.
- Remove unnecessary doc patches and REINPLACE_CMD
- Move build changing patches to make targets
- ASPELL updates the (pre)built Muttrc to not require a rebuild
PR: 246559
Submitted by: Derek Schrock <dereks@lifeofadishwasher.com> (maintainer)
Relnotes: https://marc.info/?l=mutt-users&m=158965668315387&w=2
mail/mutt: Update to 1.14.2
ChangeLog: http://www.mutt.org/
PR: 246731
Submitted by: dereks@lifeofadishwasher.com (maintainer)
mail/mutt: Update to 1.14.3
- Update to 1.14.3
- Muttrc removed from dist. making perl a BUILD_DEPENDS
- manual.txt removed from dist. making lynx a DOCS_BUILD_DEPENDS
- Remove MASTER_SITES not updated or can't connect
PR: 247266
Submitted by: Derek Schrock <dereks@lifeofadishwasher.com> (maintainer)
Relnotes: https://marc.info/?l=mutt-users&m=159217236324614&w=2
mail/mutt: Update to 1.14.5
Update mail/mutt to 1.14.5, this is a security fix release, with fixes for
CVE-2020-14093 and CVE-2020-14954
PR: 247400
Submitted by: Derek Schrock
Security: 5b397852-b1d0-11ea-a11c-4437e6ad11c4
29b13a34-b1d2-11ea-a11c-4437e6ad11c4
Approved by: ports-secteam (joenum)
security/putty*: upgrade to 0.74 security fix release
Changelog:
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
among them are these two---and more bugfixes beyond not listed here:
* Security fix: if an SSH server accepted an offer of a public key
and then rejected the signature, PuTTY could access freed memory,
if the key had come from an SSH agent.
* Security feature: new config option to disable PuTTY's dynamic
host key preference policy, if you prefer to avoid giving away
to eavesdroppers which hosts you have stored keys for.
Security: 6190c0cd-b945-11ea-9401-2dcf562daa69
Security: CVE-2020-14002
Security: FZI-2020-5
security/putty*: rename and update LICENCE from tarball.
Approved by: ports-secteam (joneum@) [540716]
Approved by: ports-secteam (blanket, metadata update) [540718, 540719]
emulators/ppsspp: unbreak OLDJOY after r512863
SDL/SDLJoystick.cpp:24:13: error: no member named 'bPS3Controller' in 'Config'
g_Config.bPS3Controller = true;
~~~~~~~~ ^
SDL/SDLJoystick.cpp:27:22: error: no member named 'bPS3Controller' in 'Config'
if (g_Config.bPS3Controller)
~~~~~~~~ ^
Approved by: ports-secteam blanket
Update 4.2.8p14 --> 4.2.8p15
Summary: Systems that use a CMAC algorithm in ntp.keys will not release
a bit of memory on each packet that uses a CMAC keyid, eventually causing
ntpd to run out of memory and fail. The CMAC cleanup from
https://bugs.ntp.org/3447, part of ntp-4.2.8p11, introduced a bug whereby
the CMAC data structure was no longer completely removed.
Security: NTP Bug 3661
Approved by: portmgr (joneum)
databases/py-mysqlclient: revert gc threaded patch
It caused python sigabort with a "GC object already tracked" message in singlethreaded app.
This happens only with a fetchmany() on a streaming cursor, MySQLdb.cursors.SSCursor.
PR: 246313
Reported by: Jeroen Pulles <jeroen.pulles@gmail.com>
Approved by: ports-secteam (joneum)
multimedia/dav1d: unbreak on 12.1 i386 after r539947
ld: error: can't create dynamic relocation R_386_32 against local symbol in readonly segment; recompile object files with -fPIC or pass '-Wl,-z,notext' to allow text relocations in the output
>>> defined in src/25a6634@@dav1d@sha/mc_sse.obj
>>> referenced by ../src/x86/mc_sse.asm
>>> src/25a6634@@dav1d@sha/mc_sse.obj:(.text+0x6969)
Reported by: pkg-fallout
Approved by: ports-secteam blanket
python 3.5 will reach End-of-life on 2020-09-13
lang/python35: Fix security issues
The patches for CVE-2019-18348 and CVE-2020-8492 are in the 3.5 branch
and will be present in a next release.
PR: 246984
Approved by: python (with hat)
Security: ca595a25-91d8-11ea-b470-080027846a02 (CVE-2019-18348)
Security: a27b0bb6-84fc-11ea-b5b4-641c67a117d8 (CVE-2020-8492)
Approved by: ports-secteam (blanket, backport of security fix)
databases/mariadb104-server: Fix configuration location / overhaul
* Fix configuration location [1]
* Share patches between client and server
* Provide minimal configuration for client and server
* Make the wsrep config a sample only
* Fixup plists
PR: 246694 [1]
Reported by: <theis gmx at>
Approved by: ports-secteam (joneum)
ports-mgmt/pkg: Respect liblzma.pc if available.
ports-mgmt/pkg-devel: Respect liblzma.pc if available.
Note that this is meant to be a temporary hack and will be reverted once the
freebsd/pkg have solved this in the build infrastructure.
PR: 200142
Approved by: portmgr (bapt over IRC)
security/lynis: Update to 3.0.0
This is a major release but also fixes two security problems.
Security: CVE-2019-13033 CVE-2020-13882
Approved by: ports-secteam (joneum)
Fix runtime error by adding security/py-pycryptodome
and sysutils/py-distro dependencies.
Remove py-ioflo and py-ioflo from tcp transport as they are
not required anymore.
PR: 247391
Submitted by: ohauer@
Approved by: maintainer
Approved by: portmgr (blanket)
multimedia/handbrake: update to 1.3.3
HandBrake 1.3.3 has been released. This patch updates multimedia/handbrake port.
Here is list of changes from 1.3.2.
1. update to ffmpeg 4.2.3 in contrib files
2. code style fix of MASTER_SITES
3. update version.txt from upstream's source tarball.
4. mediainfo filename change
5. add powerpc to architectures list.
Submitted by: naito.yuichiro_gmail.com (maintainer)
Differential Revision: https://reviews.freebsd.org/D25292
Approved by: portmgr (bugfix blanket)
audio/supercollider: Update to 3.11.0
* Introduce additional default option AVAHI to make the use of the Avahi
libraries optional.
* Remove one patch and the whole patching via "post-patch" - both is no
longer needed.
* While I'm here: Prepare the port for Qt 5.15.0
Changelog:
https://github.com/supercollider/supercollider/releases/tag/Version-3.11.0
PR: 246320
Submitted by: shamaz.mazum@gmail.com
Approved by: Neal Nelson <ports@nicandneal.net> (maintainer)
Approved by: ports-secteam build fix blanket
textproc/py-pdfminer.six: Update to 20191110
* Use this release for a while as it's the last one that supports Python 2.7
which is still needed by textproc/scancode-toolkit.
* Backport two patches to fix the runtime of CLI scripts.
* Remove "dos2unix" and "shebangfix" macros as they're no longer required.
Changelog since 20181108:
https://github.com/pdfminer/pdfminer.six/blob/20191110/CHANGELOG.md
Approved by: ports-secteam (joneum)
net/freerdp: update to 2.1.0
This update incorporates many features and improvements since 2.0.0-rc4,
as well as a large mass of security fixes.
Full changelog available:
https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog
PR: 245517
Approved by: koobs (mentor)
Security: 669f3fe8-a07a-11ea-b83e-f0def1f5c5a2
net/freerdp: fix build on FreeBSD 11.x
Apparently this hadn't been caught in my test matrix -- it seems that later
versions of FreeBSD have a getmntent() definition that masked this error.
mntent_compat.c has been adopted from devel/fam, though a better solution
should be sought out going into the future.
Approved by: koobs (mentor, implicit, just-fix-it)
Approved by: ports-secteam (joneum)
databases/lmdb: in db_env_close0(), destroy robust mutexes if we are
the only remaining user.
When closing an lmdb database, all memory and file descriptor resources
are released, including the shared memory pages that contained the
robust mutex.
However, before this commit, prior to unmapping the pages that contained
the robust mutexex, lmdb did not destroy the mutexes first. This would
create a problem when an application opens and closes a database, then
open it again.
According to libthr(3), by default, a shared lock backed by a mapped
file in memory is automatically destroyed on the last unmap of the
corresponding file' page, which is allowed by POSIX.
After unmapping the shared pages, the kernel writes off all active
robust mutexes associated with these pages. However, the userland
threading library still keeps the record (pshared_lookup in
thr_pshared.c of libthr) for these objects as they are not really
destroyed before, so that it don't have to ask the kernel every
time when looking them up.
Now, a later re-open of the database might have mapped the lock file
to the same memory location. Because the threading library have
remembered the robust mutex object, it would just reuse it even though
it was already invalid from kernel's point of view. Unfortunately,
regular lock operations would still work for this process.
Should another lmdb process opens the same database, it would attempt
to obtain the robust mutex (no longer recognized by kernel) because it
would see another process holding a file lock, but that would fail
because the robust mutex is invalid for the kernel.
Explicitly destroy the mutex if we are the last remaining user to ensure
the mutex is always in a known defined state.
OpenLDAP ITS #9278
With debugging help from: kib
PR: 244493
Approved by: ports-secteam
- update to 3.5.3
Changelog:
20200530
Bugfix (introduced: Postfix 3.1): "postfix tls deploy-server-cert" did not
handle a missing optional argument.
20200610
Bugfix (introduced: Postfix 3.4): in the Postfix SMTP server, the SNI
callback reported an error when it was called a second time. This happened
after the server-side TLS engine sent a TLSv1.3 HelloRetryRequest (HRR) to
a remote SMTP client.
Approved by: portmgr (joneum)
Reset maintainer on compiz and related ports
Reset the maintainer on x11-wm/compiz and a few related ports.
Update MASTERDIR to make them fetchable again.
PR: 246461 246442
Submitted by: Chris Hutchinson (new maintainer)
Approved by: Daniel Austin (previous maintainer)
Approved by: ports-secteam (joenum)
databases/rrdtool: Fix resize on ZFS
Add an upstream patch that fixes resize on ZFS. Since ZFS does not support
posix_fallocate(), returning EINVAL, the patch simply ignores this error
from posix_fallocate().
PR: 245898
Reported by: Tomohiro Hosaka
Approved by: ports-secteam (joenum)
audio/traverso: fix download URL
download verified against distinfo; port version is still current
fetchable again: remove BROKEN
Approved by: portmgr (tier-2 blanket)
Recompile _sysconfigdata.py after reinplacing it
PR: 246618
With hat: portmgr
Fix build with various python ABI
With hat: portmgr
lang/python37: Fix security issues
The patches for CVE-2019-18348 and CVE-2020-8492 are in the 3.7 branch
and will be present on the next release.
Patch for applying CVE-2020-8492 fix here in the ports tree was reported
and submitted by Dani <i.dani@outlook.com>.
PR: 246808
X-MFH-with: 536770, 536776
Security: ca595a25-91d8-11ea-b470-080027846a02 (CVE-2019-18348)
Security: a27b0bb6-84fc-11ea-b5b4-641c67a117d8 (CVE-2020-8492)
Approved by: ports-secteam (joneum)
Update python38 doc to 3.8.3 after r535463
lang/python36: Update to 3.6.10, Fix security issues
The patches for CVE-2019-18348 and CVE-2020-8492 are in the 3.6 branch
and will be present on the next release.
Patch for applying CVE-2020-8492 fix here in the ports tree was reported
and submitted by Mike Fisher <mfisher911@gmail.com> and
Dani <i.dani@outlook.com>.
PR: 246984
Security: ca595a25-91d8-11ea-b470-080027846a02 (CVE-2019-18348)
Security: a27b0bb6-84fc-11ea-b5b4-641c67a117d8 (CVE-2020-8492)
Approved by: ports-secteam (joneum)
mail/fetchmail: update to 6.4.8, adds Serbian translation, ...
and updates a few other translations:
Czech, French, Japanese, Polish, Albanian, Swedish, Chinese/simplified,
Esperanto.
PR: 247261
Approved by: chalpin@cs.wisc.edu (Corey Halpin, maintainer)
Approved by: ports-secteam@ (JoNeum@)
lang/php74: Update from 7.4.6 to 7.4.7
Core:
Fixed bug #78434 (Generator yields no items after valid() call).
Fixed bug #79477 (casting object into array creates references).
Fixed bug #79514 (Memory leaks while including unexistent file).
Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
Fixed bug #78784 (Unable to interact with files inside a VFS for Git repository).
Fixed bug #78875 (Long variables cause OOM and temp files are not cleaned). (CVE-2019-11048).
Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048).
DOM:
Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
EXIF:
Fixed bug #79336 (ext/exif/tests/bug79046.phpt fails on Big endian arch).
FCGI:
Fixed bug #79491 (Search for .user.ini extends up to root dir).
MBString:
Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
OpenSSL:
Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout).
PCRE:
Upgraded to PCRE2 10.34.
Phar:
Fixed bug #79503 (Memory leak on duplicate metadata).
SimpleXML:
Fixed bug #79528 (Different object of the same xml between 7.4.5 and 7.4.4).
SPL:
Fixed bug #69264 (__debugInfo() ignored while extending SPL classes).
Fixed bug #67369 (ArrayObject serialization drops the iterator class).
Standard:
Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
Fixed bug #79447 (Serializing uninitialized typed properties with __sleep should not throw).
Sponsored by: Bounce Experts
Approved by: ports-secteam (joneum, implicit for PHP Updates)
security/zeek: Update to 3.0.7 and address various vulnerabilities:
https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS
- Fix potential stack overflow in NVT analyzer
- Fix NVT analyzer memory leak from multiple telnet authn name options
- Fix multiple content-transfer-encoding headers causing a memory leak
- Fix potential leak of Analyzers added to tree during Analyzer::Done
- Prevent IP fragment reassembly on packets without minimal IP header
Other fixes:
- Limit rate of logging MaxMind DB diagnostic messages
- Fix wrong return value type for `topk_get_top()` BIF
- Fix opaque Broker types lacking a Type after (de)serialization
- Fix lack of descriptive printing for intervals converted from
`double_to_interval()`
- Fix some cases of known-services not being logged
Security: 9f7ae7ea-da93-4f86-b257-ba76707f6d5d
Approved by: ports-secteam (joneum)
math/libnormaliz: Fix the broken run-time dependency on libflint.so
FLINT_BUILD_DEPENDS should obviously be FLINT_LIB_DEPENDS.
Approved by: ports-secteam (joenum)
Chase audio/libadplug update. This also requires an update to 1.8.1.
Approved by: ports-secteam (joneum)
Security: 329ecd60-aaf7-11ea-8659-10bf48e1088e
sysutils/firstboot-pkgs: Bootstrap and update pkg unconditionally
The background of this patch is available at:
https://lists.freebsd.org/pipermail/freebsd-cloud/2020-April/000234.html
Even a `pkg -N` success, the following `pkg install` may still fail because of
the repository version doesn't match between client and server.
Therefore, unconditionally bootstrap and update pkg at firstboot to ensure pkg
and local metadata are update-to-date.
Approved by: cperciva (maintainer)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D24517
Approved by: ports-secteam (joneum)
devel/xeus-cling: Unbreak on systems incompatible with the system where the package was built
-march=native caused SEGVs on incompatible systems
Also add USE_LDFLAGS.
Approved by: ports-secteam (joenum)
devel/xeus: Update 0.23.10 -> 0.23.12
Reported by: portscout
devel/xeus: Update 0.23.12 -> 0.23.13
Reported by: portscout
devel/xeus: Update 0.23.13 -> 0.23.14
Reported by: portscout
devel/xeus: Unbreak on systems incompatible with the system where the package was built
-march=native caused SEGVs on incompatible systems
The cmake option that turned it off was renamed. I also added the NATIVE option that now drives the -march flag.
Approved by: ports-secteam (joenum)
Update to 11.4.3 and add an option for gf2x.
PR: 245109
Submitted by: /me
Approved by: ports-secteam (joenum)
math/ntl: Unbreak on systems incompatible with the system where the package was built
-march=native caused SEGVs on incompatible systems
Approved by: portmgr (unbreak)
xserver: default to libinput if no driver is found
Make xorg-server default to try the xf86-input-libinput driver if a
configured driver can't be found. This only applies if a specific driver
for an input device has been configured manually in xorg, but that driver
can't be found when starting xorg.
Discussed with: manu, jbeich
Approved by: ports-secteam (joenum)
editors/hexcurse: unexpire by moving to new MASTER_SITES
While here grammar check pkg-descr
PR: 244423
Submitted by: Chris Hutchinson
Approved by: maintainer timeout (jadawin, 13 weeks)
Approved by: ports-secteam (joneum)
mail/vrfy: unexpire by moving to submitters GitHub
Add manual page, bump PORTREVISION
While here add TIMESTAMP to distinfo and reorder Makefile variables a bit
PR: 245488
Submitted by: Aleksandr Ignatyev <alex@i.org.ua>
Approved by: maintainer timeout (jadawin, 2 months)
Approved by: ports-secteam (joneum)
security/openconnect-gui: fix fetch and bump PORTREVISION
I recalculated distinfo myself using `make makesum`, so it differs from
the distinfo given in the patch.
Note that version 1.5.3 is released for those who want to pick up this port.
PR: 245244
Submitted by: papowell@astart.com
Approved by: maintainer (pkbubaj)
Approved by: ports-secteam (joneum)
www/py-tvdb_api: Update version 2.0=>3.0.2
- multimedia/py-tvnamer seems to fail specifically with python3.X as
www/py-tvdb_api was not compatible with python 3.X
PR: 243386
Reported by: huber.georg@gmail.com
Relnotes: https://github.com/dbr/tvdb_api/releases
Approved by: portmgr (blanket: runtime fix)
emulators/qemu40: Apply upstream fix for cacheline detection on big endian
Backport qemu 5ca156cfde0f3821f15988619e51cf3cda99aaa6, which fixes
cacheline detection on big-endian to use the correct sized variable to
store the sysctl result.
Fixes "Assertion failed: ((isize & (isize - 1)) == 0)" on BE platforms.
Reviewed by: bofh, pkubaj
Approved by: pkubaj
Obtained from: qemu
Differential Revision: https://reviews.freebsd.org/D23246
Approved by: ports-secteam (joneum)
mail/dovecot: restore the REINPLACE_CMD for the example config.
Overzealous removal.
PR: 246947
Submitted by: gwbr0601@yahoo.de
Pointy Hat To: ler
mail/dovecot: fix example config *.conf.ext REINPLACE missed in r537587.
PR: 246963
Submitted by: kfv@irbug.org
Approved by: ports-secteam (joneum)
x11-servers/xwayland-devel: document DRI3 quirk
Wayland clients (unlike server/compositor) are not supposed to require
special privileges. Something in drm-kmod fails to authorize access to
/dev/dri/* even if user is under "video" group.
Not a port option because Xwayland doesn't know how to drop priveleges.
Approved by: ports-secteam blanket (runtime fix, no content changes)
Update to upstream version 47.0.0
Details:
- Upstream news see https://mkvtoolnix.download/doc/NEWS.md
- Many enhancements in the UI
- Fix for a logging crash
- New non-default OPTION DVDREAD to support reading chapters from DVD
Approved by: ports-secteam (riggs)
gitea: Update to 1.11.5
This release fixes 22 bugs, and includes two enhancements.
Release notes: https://github.com/go-gitea/gitea/releases/tag/v1.11.5
PR: 246353
Submitted by: maintainer
gitea: Update to 1.11.6
Update Gitea to 1.11.6
This release fixes two security issues and 14 bugs.
Release notes: https://github.com/go-gitea/gitea/releases/tag/v1.11.6
And despite /some/ work being done on the invalid Go template syntax for the
Wiki pages, the main bug has not been fixed and merged, so the patch still is
required.
PR: 246892
Submitted by: maintainer
Relnotes: https://github.com/go-gitea/gitea/releases/tag/v1.11.6
Security: yes, see Relnotes
Approved by: portmgr (with hat)
Mark as BROKEN on powerpc64-12. This is true even though the usual
workaround of USES is in place. It seems to build everywhere else.
Approved by: portmgr (tier-2 blanket)
Mark as BROKEN on powerpc64: can't find symbol eekboard_context_service_get_overlay.
The port builds everywhere else.
Note: the error is trivially different on gcc and clang.
Approved by: portmgr (tier-2 blanket)
Add compiler:c++11-lang to USES to fix build on GCC-based systems:
cc1plus: error: unrecognized command line option "-std=gnu++11"
This port was previously blocked on such systems by compat6x, but
that dependency has been removed.
Approved by: portmgr (tier-2 blanket)
databases/percona57-{client, server}: update to 5.7.30-33 release
Bugs Fixed:
PS-6979: Modify the processing to call clean up functions to remove CREATE USER statement from the processlist after the statement has completed (Upstream #99200)
PS-6860: Merge innodb_buffer_pool_pages_LRU_flushed into buf_get_total_stat()
PS-6811: Correct service failure of asserting ACL_PROXY_USER when skip-name-resolve=1 and there is a Proxy user (Upstream #98908)
PS-6112: Correct Binlog_snapshot_gtid inconsistency when mysqldump was used with –single-transaction.
PS-6945: Correct tokubackup plugin process exported API to allow large file backups.
PS-6856: Correct binlogs corruptions in PS 5.7.28 and 5.7.29 (Upstream #97531)
PS-6946: Correct tokubackup processing to free memory use from the address and thread sanitizers
PS-5893: Add support for running multiple instances with systemD on Debian.
PS-5620: Modify Docker image to support supplying custom TLS certificates
PS-4573: Implement use of a single config file - mysqld.cnf file.
PS-7041: Correct Compilation error when -DWITH_EDITLINE=bundled is used
PS-7020: Modify MTR tests for Ubuntu 20.04 to include python2 (python 2.6 or higher) and python3
PS-6974: Correct instability in the rocksdb.drop_cf_* tests
PS-6969: Correct instability in the rocksdb.index_stats_large_table
PS-6954: Correct tokudb-backup-plugin to avoid collision between -std=c++11 and -std=gnu++03.
PS-6925: Correct mismatched default socket values for mysqld and mysqld_safe
PS-6899: Correct main.events_bugs and main.events_1 to interpret date 01-01-2020 properly (Upstream #98860)
PS-6796: Correct instability in percona_changed_page_bmp_shutdown_thread
PS-6773: Initialize values in sha256_password_authenticate (Upstream #98223)
PS-5844: Fix a memory leak after ‘innodb.alter_crash’ in ‘prepare_inplace_alter_table_dict()’ (Upstream #96472)
PS-5735: Correct 5.7 package to install the charsets on CentOS 7
PS-4757: Remove CHECK_IF_CURL_DEPENDS_ON_RTMP to build keyring_vault for unconditional test
PS-4649: Document PerconaFT in TokuDB which is fractal tree indexing to enhance the B-tree data structure
Relnotes: https://www.percona.com/doc/percona-server/5.7/release-notes/Percona-Server-5.7.30-33.html
Security: 21d59ea3-8559-11ea-a5e2-d4c9ef517024 (MySQL - Server)
Security: 622b5c47-855b-11ea-a5e2-d4c9ef517024 (MySQL - Client)
Approved by: ports-secteam (joneum)
Adjust WALinuxAgent to be more sutiable for FreeBSD:
- Pull in the patch from https://github.com/Azure/WALinuxAgent/pull/1892
- Drop patch to create large swap space, leave some more space for temporarily
storage
Approved by: maintainer (implicitly)
Sponsored by: The FreeBSD Foundation
Approved by: portmgr (bapt)
Mark as BROKEN on powerpc64:
include/config_distro_bootcmd.h:279:3: sandbox EFI support is only supported on ARM and x86
This is even after adding the fix for 12-STABLE of compiler:c11 to USES,
which at least allows the build to get that far.
I took a look at this one time, thinking it would be easy, but I was not
able to come up with a quick answer.
Approved by: portmgr (tier-2 blanket)
Mark as BROKEN on powerpc64:
lib/libeccodes.so: undefined reference to `grib_decode_size_t'
lib/libeccodes.so: undefined reference to `grib_encode_size_tb'
ninja: build stopped: subcommand failed.
Approved by: portmgr (tier-2 blanket)
Mark as BROKEN on powerpc64:
lbfgs.f90:18:19:
18 | use, intrinsic :: ieee_arithmetic
Fatal Error: Cannot find an intrinsic module named 'ieee_arithmetic' at (1)
Approved by: portmgr (tier-2 blanket)
Mark as BROKEN on powerpc64:
./src/configs/include_configs.hpp:2:37: fatal error: configs/power7/config.hpp: No such file or directory
Adding compiler:c++11-lang to USES merely uncovers this error on 12-STABLE;
it does not fix the underlying problem.
Approved by: portmgr (tier-2 blanket)
Mark as BROKEN on powerpc64:
/tmp/camlasm2822e8.s: Assembler messages:
/tmp/camlasm2822e8.s:10348: Error: operand out of range (0x000000000000804c is not between 0xffffffffffff8000 and 0x0000000000007ffc)
/tmp/camlasm2822e8.s:32988: Error: operand out of range (0x000000000000805c is not between 0xffffffffffff8000 and 0x0000000000007ffc)
Approved by: portmgr (tier-2 blanket)
Mark as BROKEN on powerpc64:
"/wrkdirs/usr/ports/lang/scm/work/slib/lineio.scm": read-char: Wrong type in arg1 #f
Approved by: portmgr (tier-2 blanket)
Mark as BROKEN on powerpc64.
The complete error message:
# In file included from ./../../src/conc/AtomicPtr.h:30,
# from ./../../src/conc/CellPool.h:30,
# from ./../../src/conc/ObjPool.h:44,
# from ../../src/fmtc/Bitdepth.h:30,
# from ../../src/main.cpp:18:
# ./../../src/conc/def.h:45:3: error: #error
Approved by: portmgr (tier-2 blanket)
Mark as BROKEN on powerpc64:
gmake[2]: *** No rule to make target 'vm_ppc64.dasc', needed by 'host/buildvm_arch.h'.
While here, remove sparc stanza, as we no longer support the arch.
Approved by: portmgr (tier-2 blanket)
Mark as broken on powerpc64:
IWYU: configuring for LLVM 8.0.1...
Could NOT find Git (missing: GIT_EXECUTABLE)
I have investigated but don't know why it breaks here but builds elsewhere.
Approved by: portmgr (tier-2 blanket)
Mark this port BROKEN on powerpc64 the same as on the other archs.
While here, pet portlint by combining BROKEN_arch statements.
The exact error message varies by version, e.g.:
checking build system type... Invalid configuration 'powerpc64-portbld-freebsd12.1': machine `powerpc64-portbld' not recognized
checking build system type... Invalid configuration 'powerpc64-portbld-freebsd13.0': machine `powerpc64-portbld' not recognized
Approved by: portmgr (tier-2 blanket)
Mark as BROKEN on powerpc64:
utgcns/libboost/boost/smart_ptr/detail/sp_counted_impl.hpp:81:5: error: 'get_deleter' declared as a 'virtual' field
This may have something to do with compiler:openmp in USES. However,
it has broken for more than 6 months at this point.
Approved by: portmgr (tier-2 blanket)
Mark as BROKEN on powerpc64:
File "/wrkdirs/usr/ports/audio/beatslash-lv2/work/beatslash-lv2-1.0.6/waflib/Build.py", line 1179, in do_install
self.copy_fun(src, tgt)
File "/wrkdirs/usr/ports/audio/beatslash-lv2/work/beatslash-lv2-1.0.6/waflib/Build.py", line 1083, in copy_fun
shutil.copy2(src, tgt)
File "/usr/local/lib/python3.7/shutil.py", line 267, in copy2
copystat(src, dst, follow_symlinks=follow_symlinks)
File "/usr/local/lib/python3.7/shutil.py", line 206, in copystat
follow_symlinks=follow)
FileNotFoundError: [Errno 2] No such file or directory
Approved by: portmgr (tier-2 blanket)
devel/cscout: unexpire and update to 3.01
- Leave out the DOCS option for now because the required conversion
of XML to HTML has not been figured out yet.
- No more dependency on compat6x
- Fetch sources from GitHub
- update license to GPLv3
PR: 242402
Submitted by: Joachim Werner
Approved by: maintainer (dds@)
Approved by: ports-secteam (joneum)
java/jflex: undeprecate and update to 1.8.1
Further changes:
- use a prebuilt jar file to avoid depending on Maven or Bazel
- swith MASTER_SITES to GitHub
- add BSD3CLAUSE license
- rewrap pkg-descr
PR: 245447
Submitted by: Jashank Jeremy
Approved by: maintainer
Approved by: ports-secteam (joneum)
security/py-netmiko: Update to 3.1.1
Changelog:
New Drivers/Platforms
* UnifiSwitchSSH
* Huawei OLT
* Huawei SmartAX
Bugfixes and Improvements:
* Nokia SR-OS SCP Support
* Improve terminal width behavior
* Fix some issues related to cmd_verify
* Expanded autodetect support
https://github.com/ktbyers/netmiko/releases/tag/v3.1.1
Approved by: ports-secteam (joneum)
net-mgmt/py-napalm: Update to 3.0.0
net-mgmt/py-napalm: Update to 3.0.1
* Remove the patch that fixed some issues with net-mgmt/py-junos-eznc as it
has been merged by upstream.
Get rid of the post-patch target as well because it's no longer required.
* Add some instructions to cope with the command changes that were
introduced to newer versions of Arista EOS.
Changelog with some notable changes/fixes:
General:
* Integrated nxapi_plumbing and pyIOSXR into NAPALM.
* Updated support for TwoGigabit & TwentyFiveGig interfaces to
canonical_map.py
NXOS:
* Fix exception when trying to get environmental data from certain Nexus
devices
* Fix "cmd_verify" and null character
IOS:
* Fix traceroute output parsing in ios
* Fix vrf detection when no vrf is defined
* Fix show interfaces summary for 10/40/100 Gig Interfaces
* Fix get_bgp_neighbors_detail
* "get_interfaces_counters" broken with Managment Interface
* "get_optics" does not work on VSS setup
* "get_optics" broken if input value is N/A
IOS-XE:
* Update to handle Cisco ISR mac address table with multiple EHWIC modules
installed
IOS-XR:
* Add support for XML namespace prefixes in find_txt
Junos:
* Added auto_probe optional argument
* Add support for configure private in Junos
* SRX cluster devices stack RPC replies under multi-routing-engine-results
* Close configuration in case "configure_private" is set to avoid configure
session to stay forever
https://github.com/napalm-automation/napalm/releases/tag/3.0.0https://github.com/napalm-automation/napalm/releases/tag/3.0.1
Approved by: ports-secteam (joneum)
www/firefox: require new NSS after r534912/r534914
In file included from Unified_c_netwerk_srtp_src0.c:2:
netwerk/srtp/src/crypto/cipher/aes_gcm_nss.c:274:15: error: no member named 'ulIvBits' in 'struct CK_GCM_PARAMS'
c->params.ulIvBits = GCM_IV_LEN * 8;
~~~~~~~~~ ^
PR: 246690
Reported by: mikael
Approved by: ports-secteam blanket
java/java-cup: update to 11.b.20160615 and unexpire
Further changes:
- use a prebuilt binary instead of building from source
- change license to SMLNJ in agreement with maintainer
PR: 245466
Submitted by: Jashank Jeremy
Approved by: maintainer
Approved by: ports-secteam (joneum)
www/py-flask-restplus: unbreak after r527409
>>> import flask_restplus
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.7/site-packages/flask_restplus/__init__.py", line 4, in <module>
from . import fields, reqparse, apidoc, inputs, cors
File "/usr/local/lib/python3.7/site-packages/flask_restplus/fields.py", line 17, in <module>
from werkzeug import cached_property
ImportError: cannot import name 'cached_property' from 'werkzeug' (/usr/local/lib/python3.7/site-packages/werkzeug/__init__.py)
Approved by: ports-secteam blanket
sysutils: unbreak and unexpire.
The maintainer who is also the author rerolled the distfile.
PR: 244909
Submitted by: kiwi@oav.net
Approved by: ports-secteam (joneum)
sysutils/upsdaemon: unbreak, over to new website and maintainer
PR: 246154
Submitted by: Chris Hutchinson
Approved by: previous maintainer timeout (2 weeks)
Approved by: ports-secteam (joneum)
sysutils/memfetch: unbreak and unexpire
Upstream changed a source file without a version bump (back in 2007)
PR: 246156
Submitted by: Chris Hutchinson
Approved by: maintainer timeout (onatan@gmail.com, 2 weeks)
Approved by: ports-secteam (joneum)
Chase src r361272:
Silence the once per second CTRL-EVENT-SCAN-FAILED errors when the WiFi
radio is disabled through the communication device toggle key (also known
as the RF raidio kill button). Only the CTRL-EVENT-DISCONNECTED will be
issued.
Submitted by: avg
Reported by: avg
Approved by: portmgr (joneum)
multimedia/aom: update to 2.0.0
This release was carefully tested upstream and should better match
users/consumers expectation than a random snapshot 1 month before.
Changes: https://aomedia.googlesource.com/aom/+log/0bb420dd0..v2.0.0
Approved by: ports-secteam (riggs)
Backport r534205 | gerald | 2020-05-06 from emulators/wine-devel:
Push USES=pkgconfig to the global level instead just contingent on the
VKD3D option.
This makes a real difference for the GNUTLS option (on by default) and
others. Accordingly bump PORTREVISION.
Reported by: Benny Goemans <benny.goemans@belgacom.net>
Approved by: ports-secteam (joneum), portmgr (blanket: dependency issue)
Explicitly configure --without-inotify so that the presence of the
devel/libinotify port does not pull in an implicit dependency that
is not tracked properly.
Reported by: Andy Mender <andymenderunix@gmail.com>
PR: 245172
Approved by: ports-secteam (joneum), portmgr (blanket: dependency issue)
mail/dovecot: use libexttextcat for lucene.
PR: 244932
Submitted by: igorz@yandex.ru
mail/dovecot: Upgrade to 2.3.10.1, fixing multiple vulnerabilities.
- CVE-2020-10957: lmtp/submission: A client can crash the server by
sending a NOOP command with an invalid string parameter. This occurs
particularly for a parameter that doesn't start with a double quote.
This applies to all SMTP services, including submission-login, which
makes it possible to crash the submission service without
authentication.
- CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
commands can cause the server to access freed memory, which can lead
to a server crash. This happens when the server closes the connection
with a "421 Too many invalid commands" error. The bad command limit
depends on the service (lmtp or submission) and varies between 10 to
20 bad commands.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the
lmtp service to crash.
Clean up some REINPLACE warnings whilst we're here.
Security: 37d106a8-15a4-483e-8247-fcb68b16eaf8
Security: CVE-2020-10957
Security: CVE-2020-10958
Security: CVE-2020-10967
Approved by: ports-secteam (joneum)
devel/blame: fix fetch, the port was adopted to a new website.
PR: 243589
Submitted by: Thomas E. Dickey
Approved by: maintainer timeout (3.5 months)
Approved by: ports-secteam (joneum)
devel/mage: downgrade(?) to version 1.9.0 which is the latest release on GitHub.
PR: 245924
Submitted by: gspu
devel/mage: over to new volunteer
Approved by: ports-secteam (joneum)
cad/fritzing: fix fetch and unexpire
The distfile has been rerolled, and (mildly) checked by the submitter
for changes.
PR: 245224
Submitted by: bob@eager.cx
Approved by: maintainer (timeout, 6 weeks)
Approved by: ports-secteam (joneum)
security/nss: back out my own changes for troubleshooting, disable VSX when VSX option is off
I had pre-build commented out. This is needed to actually fix build.
NSS_DISABLE_ALTIVEC doesn't actually disable AltiVec.
It only disables VSX, because NSS doesn't support AltiVec.
Approved by: portmgr (fix build blanket)
lang/php74: Update from 7.4.5 to 7.4.6
Changelog:
Core:
Fixed bug #78434 (Generator yields no items after valid() call).
Fixed bug #79477 (casting object into array creates references).
Fixed bug #79514 (Memory leaks while including unexistent file).
Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
Fixed bug #78784 (Unable to interact with files inside a VFS for Git repository).
Fixed bug #78875 (Long variables cause OOM and temp files are not cleaned). (CVE-2019-11048).
Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048).
DOM:
Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
EXIF:
Fixed bug #79336 (ext/exif/tests/bug79046.phpt fails on Big endian arch).
FCGI:
Fixed bug #79491 (Search for .user.ini extends up to root dir).
MBString:
Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
OpenSSL:
Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout).
PCRE:
Upgraded to PCRE2 10.34.
Phar:
Fixed bug #79503 (Memory leak on duplicate metadata).
SimpleXML:
Fixed bug #79528 (Different object of the same xml between 7.4.5 and 7.4.4).
SPL:
Fixed bug #69264 (__debugInfo() ignored while extending SPL classes).
Fixed bug #67369 (ArrayObject serialization drops the iterator class).
Standard:
Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
Fixed bug #79447 (Serializing uninitialized typed properties with __sleep should not throw).
Sponsored by: Bounce Experts
Approved by: ports-secteam (joneum, implicit for PHP Updates)
lang/php73: Update from 7.3.17 to 7.3.18
Changelog:
Core:
Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)
Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)
Fixed bug #79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant).
Fixed bug #79477 (casting object into array creates references).
Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
Fixed bug #78784 (Unable to interact with files inside a VFS for Git repository).
DOM:
Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
FCGI:
Fixed bug #79491 (Search for .user.ini extends up to root dir).
MBString:
Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
OpenSSL:
Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout).
Phar:
Fixed bug #79503 (Memory leak on duplicate metadata).
SimpleXML:
Fixed bug #79528 (Different object of the same xml between 7.4.5 and 7.4.4).
Standard:
Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
Sponsored by: Bounce Experts
Approved by: ports-secteam (joneum, implicit for PHP Updates)
lang/php72: Upgrade from 7.2.30 to 7.2.31
Core:
Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)
Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)
Sponsored by: Bounce Experts
Approved by: ports-secteam (joneum, implicit for PHP Updates)
dns/dnsperf: depends on expired dns/bind914, not compatible with dns/bind916
2020-04-30 dns/bind914: End of life, please migrate to a newer version of BIND9
Convert GitLab patches to simple diffs
GitLab unlike GitHub keeps the footer from git-format-patch(1) which
frequently changes on Git version upgrades. So, switch to git-diff(1)
which lacks header/footer.
Approved by: x11 (zeising via Gitter)
Approved by: ports-secteam (joneum)
Differential Revision: https://reviews.freebsd.org/D24810
net/py-ldappool: Update to 2.4.1
* Separate USES block from non-relevant variables.
* While I'm here: Add "do-test" target to make future QA easier.
Notable changes since 2.2.0:
* Allow pool status to be printed as a table
* Handle retry logic for timeouts with multiple LDAP servers
* Improve connection retry logging
* Fix ldappool bad password retry logic
PR: 246402
Submitted by: sunpoet
Approved by: ports-secteam bugfix blanket
Backport r530401 | gerald | 2020-04-02 from our wine-devel companion:
Explicitly configure --without-unwind so that the presence of the
devel/libunwind port does not pull in an implicit dependency that
is not tracked properly.
Reported by: Andy Mender <andymenderunix@gmail.com>
PR: 245172
Approved by: portmgr (blanket: dependency issue)
www/gitea: Fix viewing of branches with a slash in the name
An issue[0] was filed upstream in January that branches with a slash in
their name (e.g. stable/11) result in a 500 error when attempting to view
them.
I tracked down the issue to the fact that read(2) on a directory fd in
FreeBSD will actually succeed, while it will not on Linux/other OS. I have
filed a PR[1] with go-git to remedy the problem there, and then we
(hopefully) convince gitea maintainers to accept the patch as well once it's
upstreamed.
The attached patch brings it into the ports tree as well, so that FreeBSD
users can more immediately get the fix. It should still apply to the version
in 2020Q2, more or less, with version numbers changed to protect the
innocent.
[0] https://github.com/go-gitea/gitea/issues/9938
[1] https://github.com/go-git/go-git/pull/39
PR: 245863
Approved by: <stb lassitu de> (maintainer)
Aoorived by: koobs (mentor, ports)
Approved by: ports-secteam (blanket: minor bugfix patch)
Explicitly configure --without-inotify so that the presence of the
devel/libinotify port does not pull in an implicit dependency that
is not tracked properly.
Reported by: Andy Mender <andymenderunix@gmail.com>
PR: 245172
Approved by: portmgr (blanket: dependency issue)
Explicitly configure --without-unwind so that the presence of the
devel/libunwind port does not pull in an implicit dependency that
is not tracked properly.
Reported by: Andy Mender <andymenderunix@gmail.com>
PR: 245172
Approved by: portmgr (blanket: dependency issue)
graphics/darktable: fix broken build, data/kernels/ related
This patch is to fix this problem:
| CMake Error at data/kernels/CMakeLists.txt:34 (foreach):
| Unknown argument:
| /usr/ports/graphics/darktable/work/darktable-3.0.0/data/kernels/atrous.cl
Approved by: portmgr@ (blanket approval to fix broken builds)
Note that his revealed a Tools/scripts/mfh bug where it does not currently
check out the port directory, but only files/.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246336
Push USES=pkgconfig to the global level instead just contingent on the
VKD3D option.
This makes a real difference for the GNUTLS option (on by default) and
others. Accordingly bump PORTREVISION.
Reported by: Benny Goemans <benny.goemans@belgacom.net>
Approved by: portmgr (blanket: missing dependency)
security/zeek: Update to 3.0.6 and address multiple vulnerabilites:
https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS
- Fix buffer over-read in Ident analyzer
- Fix SSL scripting error leading to uninitialized field access
and memory leak
- Fix POP3 analyzer global buffer over-read
- Fix potential stack overflows due to use of Variable-Length-Arrays
Other changes since 3.0.5 include:
- Fix unusable `subscriber.poll()` method in Broker Python bindings
- Fix uninitialized field access in `ssl/log-hostcerts-only.zeek`
- Fix missing default function for Kerberos constant-lookup-tables
- Fix cloning of `TypeType` values
- Remove misleading error message on empty bloomfilter lookup
- Fix `misc/stats.zeek` skipping log entry on termination
Approved by: ports-secteam (joneum)
databases/mysql80-{client, server}: Update to latest release 8.0.20
- Performance: Certain queries against tables with spatial indexes were not performed as efficiently following an upgrade from MySQL 5.7 to MySQL 8.0.
- NDB Cluster: NDB defines one SPJ worker per node owning a primary partition of the root table. If this table used read from any replica, DBTC put all SPJ workers in the same DBSPJ instance, which effe
- NDB Cluster: Executing the SHOW command using an ndb_mgm client binary from NDB 8.0.16 or earlier to access a management node running NDB 8.0.17 or later produced the error message Unknown field: is_s
- On EL7 and EL8, CMake configuration was adjusted to look for GCC 9 before GCC 8. Because libmysqlclient ships with MySQL distributions, client applications built against libmysqlclient on those platfo
- The max_length_for_sort_data system variable is now deprecated due to optimizer changes that make it obsolete and of no effect.
More Infos: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html
Special thanks to: fluffy
Security: 21d59ea3-8559-11ea-a5e2-d4c9ef517024 (MySQL - Server)
Security: 622b5c47-855b-11ea-a5e2-d4c9ef517024 (MySQL - Client)
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (with hat)
Backporting 2.1.31 needs more consideration and more than just MFH r534101,
so forgo that and for the nonce, plug this information leak quickly with the
one-line fix by upstream, and hack additional translations to match into the
.po files with REINPLACE_CMD.
Approved by: ports-secteam@ (blanket, trivial security fix)
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83
Change default MDNS backend to the more commonly used avahi one.
This avoids conflicting with KDE and other commonly used ports.
Reported by: Chris Watson <bsdunix44@gmail.com>
Approved by: ports-secteam (joneum)
net-mgmt/cacti: Update to 1.2.11
Also change maintainer to submitter. Thanks for maintaining this port
for the last 5 years Dan, and for stepping up to the plate Michael!
Changes this release:
https://github.com/Cacti/cacti/blob/release/1.2.11/CHANGELOG
PR: 245468
Submitted by: Michael Muenz <m.muenz@gmail.com>
Approved by: Daniel Austin <freebsd-ports@dan.me.uk> (maintainer)
net-mgmt/cacti: Update to 1.2.12
Changelog: https://github.com/Cacti/cacti/blob/release/1.2.12/CHANGELOG
PR: 246161
Submitted by: Michael Muenz <m.muenz@gmail.com> (maintainer)
X-MFH-with: 531284
Security: cd864f1a-8e5a-11ea-b5b4-641c67a117d8
Approved by: ports-secteam (joneum)
gitea: Update to 1.1.4
Update Gitea to 1.11.4
This release fixes ten bugs.
Release notes: https://blog.gitea.io/2020/04/gitea-1.11.4-is-released/
PR: 245602
Submitted by: maintainer
gitea: Add GIT_LFS option
Add a GIT_LFS option (on by default) for environments that don't want to
make LFS available.
While here, change the pkg-message UCL to only show when upgrading from
< 1.8.0.
Approved by: maintainer
gitea: Fix wiki page display
From the PR:
Right now, the version of gitea shipped in ports fails to display wiki
pages. Any wiki page opened results in the following error:
template: repo/wiki/view:48:14: executing "repo/wiki/view" at <(not
$.DisableHTTP) (and (not $.DisableSSH) (or $.IsSigned
$.ExposeAnonSSH))>: can't give argument to non-function not
$.DisableHTTP
This is due to extra parentheses in templates/repo/wiki/view.tmpl and
has already been fixed upstream in [1], [2].
I've pulled the single line template fix from upstream and added the
patch to our port. As a workaround, users can also fix the problem by
placing the corrected template in
/usr/local/etc/gitea/templates/repo/wiki/view.tmpl.
Cheers,
Sascha
[1] https://github.com/go-gitea/gitea/issues/10552
[2] 1830d0ed5f
PR: 246020
Submitted by: Sascha Biberhofer
Approved by: maintainer
Approved by: portmgr (with hat)
sysutils/burp-devel: Update to 2.3.24
- Protocol 2: warn and skip on verify/restore of unsupported file types.
- Resurrect, improve and use sysutils/burp/files/burp.in instead of the rc
script from distfile, both for sysutils/burp (master port) and for
sysutils/burp-devel (slave port): this is necessary because, while
sysutils/burp's distfile still distributes the script, sysutils/burp-devel's
distfile does not anymore starting with version 2.3.24. I also made a few
modifications to the file so that it behaves well with non standard PREFIX
values.
- Fix bug #246062.
Reviewed by: 0mp, gerald, dbaio, adamw
Approved by: tcberner (co-mentor)
Differential Revision: https://reviews.freebsd.org/D24104
PR: 246062
Reported by: tictactux@gmail.com
Approved by: ports-secteam (joneum), gerald (mentor)
xorg-server: Do not send spurious focus events
Apply an upstream patch to avoid sending focus evens when grab actually does
not change. This fixes certain full screen applications. [1]
Ensure that we actually don't try to find and link against HAL even if it's
around on the system we're compiling on [2]
Add CPE information [3]
PR: 245854 [1] (with changes), 245604 [2], 197712 [3]
Submitted by: naddy@ [1], mi@ [2], arrowd [3]
Reported by: shun [3]
Approved by: ports-secteam (joenum)
In file included from /usr/obj/usr/ports/databases/mysql57-client/work/mysql-5.7.30/vio/viosslfactories.c:29:
/usr/obj/usr/ports/databases/mysql57-client/work/mysql-5.7.30/include/my_openssl.h:55:30: error: use of undeclared identifier 'OPENSSL_INIT_NO_ATEXIT'
return OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL);
This fix a problem with libressl
PR: 246070
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (joneum)
emulators/rpcs3: disable LLVM for SPU on FreeBSD 11 by default
Many games crash which gives bad first impression.
PR: 240495
Approved by: ports-secteam blanket
Merge minor security-related update of haproxy ports.
PR: 246094
Update to version 2.0.14.
Update to version 2.1.4.
Update to version 1.8.25.
Update to version 1.9.15.
Approved by: portmgr (blanket)
Update to upstream version 46.0.0
Details:
- Mostly bugfixes, but also some enhancements, see
https://mkvtoolnix.download/doc/NEWS.md
Approved by: ports-secteam (riggs)
x11-servers/xwayland-devel: don't disable default font path
*.pcf fonts are rendered by X11 server but if font path is disabled
only built-in fonts are available by default. While users could still
amend font path via "xset fp" the discrepancy with xorg-server gave
a bad first impression.
Reported by: jsm
Approved by: ports-secteam blanket (regression fix)
databases/mysq56-{client, server}: Update to latest release 5.7.30
Bugs Fixed:
- InnoDB: The row_upd_clust_rec_by_insert function, which marks a clustered index record as deleted and inserts an updated version of the record into the clustered index, passed an incorrect n_ext value (the total number of external fields) to lower level functions, causing an assertion failure.
- InnoDB: An operation performed with the innodb_buffer_pool_evict debug variable set to uncompressed caused an assertion failure.
- InnoDB: An add column operation caused an assertion failure. The failure was due to a dangling pointer.
- nnoDB: Updating certain InnoDB system variables that take string values raised invalid read errors during Valgrind testing.
- InnoDB: An insert statement on a table with a spatial index raised a record type mismatch assertion due to a tuple corruption.
- InnoDB: A function that calculates undo log record size could calculate an incorrect length value in the case of a corrupted undo log record, resulting in a malloc failure. Assertion code was added to detect incorrect calculations.
- Replication: While an SQL statement was in the process of being rewritten for the binary log so that sensitive information did not appear in plain text, if a SHOW PROCESSLIST statement was used to inspect the query, the query could become corrupted when it was written to the binary log, causing replication to stop. The process of rewriting the query is now kept private, and the query thread is updated only when rewriting is complete.
- Replication: When a GRANT or REVOKE statement is only partially executed, an incident event is logged in the binary log, which makes the replication slave's applier thread stop so that the slave can be reconciled manually with the master. Previously, if a failed GRANT or REVOKE statement was the first statement executed in the session, no GTID was applied to the incident event (because the cache manager did not yet exist for the session), causing an error on the replication slave. Also, no incident event was logged in the situation where a GRANT statement created a user but then failed because the privileges had been specified incorrectly, again causing an error on the replication slave. Both these issues have now been fixed.
- Replication: When a replication slave has a generated column that the master does not have in that table, with a secondary index on the generated column, the generated expression should be evaluated and the value stored by the storage engine in the secondary index. When row-based binary logging is in use, the replication slave assigns default values to any fields that are not in the master's definition of the table. In the case of a generated column, which does not have a default value, the slave was previously assigning a null or a zero value to the column. This value was then stored by the storage engine in the secondary index, causing both the table and the index to become corrupted. To fix this issue, generated columns in a table on a replication slave are now re-evaluated before the values are sent to the storage engine.
- Replication: In the event of an unplanned disconnection of a replication slave from the master, the reference to the master's dump thread might not be removed from the list of registered slaves, in which case statements that accessed the list of slaves would fail. The issue has now been fixed.
- Replication: With the settings binlog_format=MIXED, tx_isolation=READ-COMMITTED, and binlog_row_image=FULL, an INSERT ... SELECT query involving a transactional storage engine omitted any columns with a null value from the row image written to the binary log. This happened because when processing INSERT ... SELECT statements, the columns were marked for inserts before the binary logging format was selected. The issue has now been fixed.
Full Changelog: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-30.html
Security: 21d59ea3-8559-11ea-a5e2-d4c9ef517024 (MySQL - Server)
Security: 622b5c47-855b-11ea-a5e2-d4c9ef517024 (MySQL - Client)
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (joneum)
emulators/qemu-sbruno: bump PORTREVISION for recent DEPRECATION
DEPRECATED was added in r533075 and gets encoded in the pkg; make sure that
users of the pkg get the notice far in advance that this port is going away,
as it will not receive any further updates that would trigger the rebuild.
This is more or less a direct commit, as it merges in the trivial
deprecation notice change.
Approved by: koobs (mentor)
Approved by: ports-secteam (blanket: metadata correction/consistency)
net-mgmt/netdata (2020Q2): fix LIB_DEPENDS, reset maintainer
Fixes backported for non-default configurations:
- libuv is mandatory even if DBENGINE (default enabled) is disabled.
Move from DBENGINE_LIB_DEPENDS to LIB_DEPENDS to be
- libjson-c: enabled by default, but the disable option does not work
due to a configure.ac bug (so when libjson-c is available at build time,
it will be picked up in spite of --disable-jsonc, BTDT), and upstream
will make libjson-c make mandatory as only JSON parser.
https://github.com/netdata/netdata/issues/8841
So make it a hard LIB_DEPENDS requisite for consistency,
and remove the JSON option.
Bump PORTREVISION for the borderline situation where a non-cleanroom
build picked up libjson-c without recording it properly, or for the
benefit of non-default configurations, to trigger a rebuild.
Reset maintainer from mmokhi@ to ports@ to follow head/ while here
(repeated timeouts).
Approved by: ports-secteam@ (_DEPENDS blanket)
x11-drivers/xf86-input-synaptics: enable EVDEV by default on FreeBSD 12+
After switching default value of kern.evdev.rcpt_mask sysctl to 12 (r360126)
some users get their touchpads broken as they have xf86-input-synaptics port
installed. See e.g. PR/245948. This happens as xf86-input-synaptics has
greater priority than libinput and effectively disables latter after
installation. Workaround this issue with enabling EVDEV support in the port.
PR: 245966
Approved by: ports-secteam (joneum)
lang/intel-compute-runtime: track libva dependency
-- Checking for module 'libva>=1.0.0'
-- Found libva, version 1.7.0
-- Looking for vaGetLibFunc in va
-- Looking for vaGetLibFunc in va - found
-- Using libva
-- LibVA include dirs: /usr/local/include
$ strings /usr/local/lib/intel-opencl/libigdrcl.so | grep '^va[A-Z]'
vaDestroyImage
vaSyncSurface
vaDeriveImage
vaMaxNumImageFormats
vaGetLibFunc
vaQueryImageFormats
vaDisplayIsValid
Approved by: ports-secteam blanket
net-mgmt/bgpq4: fix build on GCC architectures
C11 compiler is necessary:
cc1: error: unrecognized command line option "-std=gnu11"
Adjust MAKE_ARGS because make insists on using cc.
Approved by: portmgr (fix build blanket)
databases/mysql56-{client, server}: Update to latest release 5.6.48
Bugfix:
- InnoDB: A tablespace import operation that failed due to the source and destination tables being defined with different DATA DIRECTORY clauses reported an insufficiently descriptive schema mismatch error. Moreover, if a .cfg file was not present, the same operation would raise an assertion failure. A more informative error message is now reported in both cases before the import operation is terminated due to the data directory mismatch.
- InnoDB: Updating certain InnoDB system variables that take string values raised invalid read errors during Valgrind testing.
- Replication: In the event of an unplanned disconnection of a replication slave from the master, the reference to the master's dump thread might not be removed from the list of registered slaves, in which case statements that accessed the list of slaves would fail. The issue has now been fixed
- Replication: With the settings binlog_format=MIXED, tx_isolation=READ-COMMITTED, and binlog_row_image=FULL, an INSERT ... SELECT query involving a transactional storage engine omitted any columns with a null value from the row image written to the binary log. This happened because when processing INSERT ... SELECT statements, the columns were marked for inserts before the binary logging format was selected. The issue has now been fixed.
More Infos: https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-48.html
Security: 21d59ea3-8559-11ea-a5e2-d4c9ef517024 (MySQL - Server)
Security: 622b5c47-855b-11ea-a5e2-d4c9ef517024 (MySQL - Client)
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (joneum)
www/firefox: add microphone note to pkg-message
Only PulseAudio appears to return a list of available /dev/dsp* for
cubeb consumers to allows users choose output/input at runtime.
Mozilla doesn't maintain other backends, so it's up to the community
to implement missing features.
https://searchfox.org/mozilla-central/search?q=.enumerate_devices&path=media/libcubeb
Approved by: ports-secteam blanket
WWW/DL link maintenance in pkg-descr and Makefile
...to avoid permanent redirects, or broken sites.
Approved by: ports-secteam@ (blanket, fix WWW: and download URLs)
www/zola: Unbreak on aarch64
The ring crate is missing aarch64 support on FreeBSD. Apply [1]
that adds support for it.
[1] https://github.com/briansmith/ring/pull/892
Approved by: ports-secteam blanket
security/cloak: Unbreak on aarch64
The ring crate is missing aarch64 support on FreeBSD. Apply [1]
that adds support for it.
[1] https://github.com/briansmith/ring/pull/892
Approved by: ports-secteam blanket
multimedia/aom: unbreak SIMD on powerpc*
CMake Warning at build/cmake/aom_configure.cmake:80 (message):
The architecture powerpc64 is not supported, falling back to the generic
target
Call Stack (most recent call first):
CMakeLists.txt:35 (include)
PR: 245896
Reported by: pkubaj
Approved by: ports-secteam blanket
benchmarks/libcelero: fix build on GCC architectures and powerpc64 elfv2
clang 8 doesn't have full support for powerpc, powerpc64 or powerpcspe, so use
GCC there.
On powerpc64 elfv2, the default is to build for elfv1, so pass a flag to fix it.
Approved by: portmgr (fix build blanket)
misc/opennn: fix build on GCC architectures and powerpc64 elfv2
clang 8 doesn't have full support for powerpc, powerpc64 or powerpcspe, so use GCC there.
On powerpc64 elfv2, the default is to build for elfv1, so pass a flag to fix it.
Approved by: portmgr (fix build blanket)
sysutils/clone: Update to 1.0.8
ChangeLog: https://github.com/cyclaero/clone/releases/tag/v1.0.8
* fixed a bug which spoiled the permissions when cloning from read only file
systems
* added facility for oversize protection for variable length arrays and
alloca()
* more adequate choice of compiler options
* corrected man file
PR: 245777
Submitted by: cyclaero@gmail.com (maintainer)
Approved by: ports-secteam (blanket: bugfix release)
python-hglib is a library with a fast, convenient interface to
Mercurial. It uses Mercurial's command server for communication
with hg.
PR: 245756
Depend on devel/py-hglib.
PR: 245756
Approved by: ports-secteam (unbreak port)
graphics/drm-fbsd11.2-kmod: Update snapshot
Update the snapshot of graphics/drm-fbsd11.2-kmod.
This update only pulls in a change to fix isses with EDID data.
PR: 245730
Reported by: crahman@gmail.com
Approved by: ports-secteam (implicit, drm-drivers blanket)
lang/php72: Upgrade from 7.2.29 to 7.2.30
Changelog:
Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
Fixed bug #79330 (shell_exec() silently truncates after a null byte).
Fixed bug #79465 (OOB Read in urldecode()).
Changelog taken from: https://www.php.net/ChangeLog-7.php#7.2.30
Approved by: ports-secteam (joneum, implicit for PHP Updates)
cad/fidocadj: unbreak and unexpire by switching to GitHub.
- update the accompanying PDF to version 0.24.6 too
- use DIST_SUBDIR
- clean up Makefile
PR: 245368
Submitted by: rene
Approved by: maintainer timeout (nivit, 14 days)
Approved by: ports-secteam (joneum)
emulators/emu64: extend patch to fix an issue with OSS
This update is require to unbreak the port under FreeBSD.
The issue was reported to upstream and the fix will be available in future
releases.
Background: In the upstream issue, it was revealed that the whole C64 emulation
depends on the audio stream (for best sync) and initializing the audio stream
failed when the SDL backend was OSS, because it needs a fragment size that is a
power of two. The attached patch is the minimal change to 5.0.18 from the
upstream commit that solved the problem.
PR: 245395
Submitted by: Ingo <hylaios@online.de>
Approved by: Felix Palmen <felix@palmen-it.de> (maintainer)
Approved by: ports-secteam@
UPDATING: caution users to backup templates/ before update when updating mail/mailman from 2.1.29* or older.
Approved by: ports-secteam@ (blanket, updates UPDATING to accompany approved r531981 (MFH r531727))
mail/mailman: update to 2.1.30 - bug fix (incl. data loss)
* upstream changelog:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS#L6
Note that upstream means 2.1.30 to be the final 2.x release,
because it relies on Python 2.x which is EOL upstream.
! MAJOR DATA LOSS FIX, rename all templates/* files to .sample,
! and list them as a @sample in pkg-plist, because they can be edited
! through the web server, and an upgrade should not stomp over edited files.
* rearrange makefile a bit (portlint, portfmt)
* update and upload new htdig patch
* expose NLS port option to pkg-install script to avoid failure
* patch upstream bin/check_perms script to not complain about tightened-
up messages/ and mailmanprefix (${PREFIX}/mailman) permissions that we
set to 0755 instead of 02775. Mailman should not need to write outside
designated directories or create new top-level directories in its install.
* fix a typo in the German (mailman.po) translation
* tweak pkg-install to:
- leave ${PREFIX}/mailman permissions alone and not set them to 02775
- fix up non-moved .sample files if pkg-install is run with -I
- create a copy of mm_cfg.py from mm_cfg.py.dist if missing (-I)
- create a newsyslog.conf.d/mailman.conf if missing, from
examples/mailman.newsyslog.sample if installed (-I)
- not attempt to fix messages/ (translations) permissions if the NLS
port option is disabled
* tweak pkg-plist so that the proper permissions and groups are set
by default already
* clean up pkg-message, thanks to bapt@ for pointing out that a missing
type: means "install or upgrade".
Approved by: ports-secteam@ (joneum@)
security/openvpn: update to 2.4.9 (also for -mbedtls slave port)
At the same time, remove ASYNC_PUSH_LIBS workaround from [1].
Changelog (high-level):
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-249
Git changelog, marking the three fixes that were already in 2.4.8_3
as cherry-picks with a 1, 2, or 3 instead of "*" to correspond
with the PORTREVISION, and those with "-" that are specific to other systems,
say, Windows.
* 9b0dafca 2020-04-16 | Preparing release v2.4.9 (ChangeLog, version.m4, Changes.rst) (tag: v2.4.9) [Gert Doering]
3 f7b318f8 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov]
* 9bb285e3 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov]
- 5f8a9df1 2020-02-12 | Allow unicode search string in --cryptoapicert option [Selva Nair]
- 4658b3b6 2020-02-12 | Skip expired certificates in Windows certificate store [Selva Nair]
* df5ea7f1 2020-02-19 | Fix possible access of uninitialized pipe handles [Selva Nair]
* 1d9e0be2 2020-02-19 | Fix possibly uninitialized return value in GetOpenvpnSettings() [Selva Nair]
* 5ee76a8f 2020-03-28 | Fix OpenSSL 1.1.1 not using auto elliptic curve selection [Arne Schwabe]
* ed925c0a 2020-04-07 | OpenSSL: Fix --crl-verify not loading multiple CRLs in one file [Maxim Plotnikov]
* 2fe84732 2020-03-30 | When auth-user-pass file has no password query the management interface (if available). [Selva Nair]
* 908eae5c 2020-04-03 | Move querying username/password from management interface to a function [Selva Nair]
* 15bc476f 2020-04-02 | Fix OpenSSL error stack handling of tls_ctx_add_extra_certs [Arne Schwabe]
* 22df79bb 2020-04-01 | Fetch OpenSSL versions via source/old links [Arne Schwabe]
* 0efbd8e9 2020-03-31 | mbedTLS: Make sure TLS session survives move [Tom van Leeuwen]
* 33395693 2020-03-25 | docs: Add reference to X509_LOOKUP_hash_dir(3) [WGH]
* 7d19b2bb 2019-10-21 | Fix OpenSSL private key passphrase notices [Santtu Lakkala]
2 8484f37a 2020-03-14 | Fix building with --enable-async-push in FreeBSD [Lev Stipakov]
* 69bbfbdf 2020-02-18 | Swap the order of checks for validating interactive service user [Selva Nair]
* 0ba4f916 2019-11-09 | socks: use the right function when printing struct openvpn_sockaddr [Antonio Quartulli]
1 3bd91cd0 2019-10-30 | Fix broken fragmentation logic when using NCP [Lev Stipakov]
PR: 244286 [1]
Approved by: ports-secteam (joneum@)
net/aluminum: fix build on GCC architectures
Using MPI requires newer GCC:
-- Could NOT find MPI_CXX (missing: MPI_CXX_WORKS) (Required is at least version "3.0")
Approved by: portmgr (fix build blanket)
Remove the -pedantic flag to fix build on GCC-based systems:
cc1: error: unrecognized command line option "-Wpedantic"
Approved by: portmgr (tier-2 blanket)
devel/samurai: Remove new cruft
- USES=compiler:c11 should no longer be necessary after r531755.
- build.ninja patch is pointless since the build does not use it.
Besides that while GCC 4.2 does not understand -Wpedantic it should
recognize -pedantic fine.
Approved by: ports-secteam blanket
comms/openzwave-devel: fix build on GCC architectures
Use C++11 compiler:
cc1plus: error: unrecognized command line option "-std=c++11"
Adding MAKE_ARGS+= CXX="${CXX}" is necessary because CXX is set up in Makefile.
Approved by: portmgr (fix build blanket)
net-mgmt/netbox: Update to 2.7.12
Changelog:
Enhancements:
* Reference VRF by name rather than RD during IP/prefix import
* Use absolute URLs in rack elevation SVG renderings
* Allow connecting cables between two circuit terminations
* Add the webhook_receiver management command to assist in troubleshooting
outgoing webhooks
Bug Fixes:
* Fix typing of count_ipaddresses on interface serializer
* Fail cleanly when trying to import multiple device types simultaneously
* Fix exception when disconnecting a cable from a power feed
* Tweak display of unset custom integer fields
* Fix reservation edit/delete button URLs on rack view
https://github.com/netbox-community/netbox/releases/tag/v2.7.12
Approved by: ports-secteam (joneum)
x11-drivers/xf86-video-ati: Fix missing hw cursor
Add an upstream patch (submitted by myself and danfe) to fix the issue where
the hw cursor sometimes does not work when using x11-drivers/xf86-video-ati.
Big thanks to danfe@ for debugging and testing and figuring out what's going
on.
For details on the change, see upstream issue:
https://gitlab.freedesktop.org/xorg/driver/xf86-video-ati/-/issues/190
PR: 237642
Reported by: jwb
Approved by: ports-secteam (joenum)
security/openvpn: Fix illegal client float (CVE-2020-11810)
There is a time frame between allocating peer-id and initializing data
channel key (which is performed on receiving push request or on async
push-reply) in which the existing peer-id float checks do not work right.
If a "rogue" data channel packet arrives during that time frame from another
address and with same peer-id, this would cause client to float to that new
address.
The net effect of this behaviour is that the VPN session for the "victim
client" is broken. Since the "attacker client" does not have suitable keys,
it can not inject or steal VPN traffic from the other session. The time
window is small and it can not be used to attack a specific client's session,
unless some other way is found to make it disconnect and reconnect first.
This fix is inherited by the openvpn-mbedtls slave port.
Blanket "Backport of security and reliability fixes which only result in
PORTREVISION bumps and no changes to enabled features. for example, adding
a patch fixing a buffer overflow."
Obtained from: Lev Stipakov (OpenVPN)
Security: CVE-2020-11810
Security: 8604121c-7fc2-11ea-bcac-7781e90b0c8f
Approved by: ports-secteam@ (blanket security/reliability fix)
security/bsmtrace: switch MAINTAINER over to csjp@
alm@ and csjp@ are both upstream maintainers of bsmtrace; they've decided to
transfer maintainership of bsmtrace over to csjp@. PORTREVISION bump to
reflect the new maintainer in the package.
Approved by: alm (maintainer, via e-mail)
Approved by: koobs (mentor, ports)
Approved by: ports-secteam (blanket: metadata update, MAINTAINER consistency)
security/zeek: Update to 3.0.4 and address a remote crash vulnerability:
e059d4ec2e/NEWS
- Fix stack overflow in POP3 analyzer. An attacker can crash Zeek
remotely via crafted packet sequence.
Other fixes:
- Fix use-after-free in Zeek lambda functions with uninitialized
locals
- Fix buffer overflow due to tables/records created at parse-time
not rebuilt on record redef
- Fix SMB NegotiateContextList parsing
- Fix binpac flowbuffer frame length parsing doing too much bounds
checking
- Fix parsing ERSPAN III optional sub-header
- Fix bug in intel indicator normalization
- Fix connection duration thresholding
- Fix X509Common.h header include for external plugins
- Fix incorrect targeting of node-specific Broker/Cluster messages
Approved by: ports-secteam (joneum)
security/zeek: Fix typo in the rc.d script
(From the PR) "bro_stop" should say "zeek_stop" instead.
PR: 245612
Reported by: bugs@codejammer.se
Approved by: ports-secteam (joneum)
emulators/virtualbox-ose: Switch build to USES= compiler:c++14-lang
The runtime breakage that started occurring after the LLVM 7 -> 8 transition
has been diagnosed with help from cem@, and the attached patch fixes it. The
problem ended up being that tail-call optimization was being applied to this
function (which should probably be written in assembly instead) and moving
the tail-call to later on after some stack manipulations. The problem with
this is that this particular function uses alloca() to carefully craft a
stack that it's expecting to be used for the function it's calling at the
end.
The new patch fixes this using a technique that was committed later on in
upstream changeset 75061 to address a similar failure with GCC sanitizers
enabled. The FreeBSD-specific component of this patch is using the different
stack setup if __clang__ is defined as well.
The extra hunk in the Config patch has been added because the VirtualBox
build system cannot cope with LLVM version numbers in the way it's
expecting. Hardcode it to GCC 4.2 for FreeBSD, which is what the clang
__GNU* macros describe, to fix build breakage that happens with newer LLVM
as the build system decides our LLVM is an even older and more broken
version of GCC with a broken regparm.
PR: 236616, 244847
Approved by: koobs (mentor)
Approved by: ports-secteam (blanket: major runtime fix caused by bad build)
Fix bitrotted code.
Drop maintainership. I don't use this port much as evidenced by the
fact that one of these bugs was fixed in Arch Linux in 2016
(https://bugs.archlinux.org/task/46571).
Submitted by: Jacob D Hunt
Approved by: ports-secteam (joneum)
multimedia/obs-qtwebkit: fix build on powerpc64
cc1plus: error: unrecognized command line option "-std=c++11"
Additionally, this port tries to use SSE, so it needs -DNO_WARN_X86_INTRINSICS -maltivec -mvsx on powerpc64 to use GCC's translation layer to AltiVec.
Also respect CXXFLAGS to make it work.
PR: 243658
Approved by: swills (maintainer)
Approved by: portmgr (fix build blanket)
x11/libxfce4menu: Fix leaked keygrabs when layout changes
As diagnosed by Jethro Nederhof, xfce-shortcuts-grabber.c attempts to update
grabbed key shortcuts when xkeyboard layout changes. Unfortunately, it had no
memory of which keycodes it has actually grabbed. Instead, it attempted to
ungrab the *new* keycode, which obviously doesn't actually ungrab those codes.
This went unnoticed for some time, probably because nothing collided with
important keys. Recently, a default PrintScreen shortcut was added to Xfce,
which for whatever reason seems to collide with Up in initial layout. When the
kbd layout changes, the shortcut ungrabs the *new* Printscreen keycode and then
re-grabs the same keycode, leaving the Up keycode grabbed.
Fix this by giving xfce-shortcuts-grabber some memory of which keycodes it has
grabbed. When it grabs a key, it remembers the keycode it grabbed in the
XfceKey object. When it ungrabs a key, it ungrabs the keycodes in the XfceKey
object, rather than those for the new keyboard layout.
PR: 244290
Reported by: Aryeh Friedman <aryeh.friedman AT gmail.com>, many others
Approved by: madpilot
Differential Revision: https://reviews.freebsd.org/D24338
Approved by: portmgr (blanket, runtime fix)
Approved by: portmgr (with hat)
vim: Fix environment contamination from libcanberra
Vim will link against libcanberra if it's present, leading to an
undeclared link and breakage risk if canberra is removed. It only really
makes sense for it to do this during a gnome build, so explicitly
enable it there and disable it elsewhere.
PR: 245460
Reported by: Andy Mender
dns/dnsmasq: repair damage from UNAUTHORIZED UCL conversion of pkg-message
The pkg-message contains a security note that is necessary on
new installs and on updates alike.
Since per the porter's handbook, the UCL does not support enumeration
of types, and this is not relevant on removal, the UCL change must be
reverted. While here, remove formatting.
Failure inducing commit:
|------------------------------------------------------------------------
|r508835 | mat | 2019-08-13 18:01:59 +0200 (Tue, 13 Aug 2019) | 2 lines
|
|Convert to UCL & cleanup pkg-message (categories d)
|
|------------------------------------------------------------------------
NOTE: The UCL conversion of files/pkg-message.in was not authorized
and damaging and no heads-up was sent to the maintainer.
portmgr@ MUST act more carefully with sweeping changes and hand them out
for review first.
dns/dnsmasq-devel: synch non-UCL pkg-message.in
e2fsprogs, rawtherapee: Repair more UCL pkg-message conversion errors.
Both pkg-message texts are relevant for updates.
Reverting this part of UNAUTHORIZED commits, and bump PORTREVISION.
Clean up pkg-message.
Failure-inducing commits:
------------------------------------------------------------------------
r508837 | mat | 2019-08-13 18:03:11 +0200 (Tue, 13 Aug 2019) | 2 lines
Convert to UCL & cleanup pkg-message (categories e-g)
------------------------------------------------------------------------
r508909 | mat | 2019-08-14 14:16:12 +0200 (Wed, 14 Aug 2019) | 2 lines
Convert to UCL & cleanup pkg-message (categories s)
------------------------------------------------------------------------
mail/mailman: repair incomplete UCL conversion of pkg-message.in
There are parts of the install message that are also relevant on
updates, but were missed. Add them, and bump PORTREVISION.
Failure-inducing commit:
------------------------------------------------------------------------
r508882 | mat | 2019-08-14 00:29:42 +0200 (Wed, 14 Aug 2019) | 2 lines
onvert to UCL & cleanup pkg-message (categories l-m)
------------------------------------------------------------------------
Approved by: ports-secteam@ (blanket, only changing pkg-message[.in])
emulators/rpcs3: unbreak audio after r529285
INFO: OpenAudioDevice failed: Fragment size must be a power of two
Segfault reading location 00000000000000d4 at 0000000001de1abd.
Emu Thread Name: 'cellAudio Thread'.
Thread id = 0x89cf05700.
Approved by: ports-secteam blanket (crash fix)
Mark as BROKEN on 13 for the time being while the regression is being
investigated.
PR: 245520
Submitted by: maintainer
Approved by: portmgr ("just fix it")
deskutils/ausweisapp2: Fix build on FreeBSD 11.3
CMake Error at /usr/local/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:146 (message):
Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the
system variable OPENSSL_ROOT_DIR: Found unsuitable version "1.0.2s", but
required is at least "1.1" (found /usr/lib/libcrypto.so)
Call Stack (most recent call first):
/usr/local/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:391 (_FPHSA_FAILURE_MESSAGE)
/usr/local/share/cmake/Modules/FindOpenSSL.cmake:447 (find_package_handle_standard_args)
cmake/Libraries.cmake:71 (FIND_PACKAGE)
CMakeLists.txt:145 (INCLUDE)
While here remove unnecessary qt5-buildtools and qt5-linguisttools
run dependencies.
PR: 245088
Approved by: freebsd@sysctl.cz (maintainer)
Approved by: ports-secteam blanket
graphics/libavif: fix build on GCC architectures
Use newer GCC to avoid error caused by -Werror:
/wrkdirs/usr/ports/graphics/libavif/work/libavif-0.6.3/src/reformat.c:316: warning: comparison is always false due to limited range of data type
Approved by: portmgr (fix build blanket)
- Fix brokenness with net/libsignal 2.3.3. Upstream depends on
particular version (2.3.2), so reference its distfile, build
it in tree.
- Bump PORTREVISION as dependencies are changed
PR: 245281
Approved by: portmgr (blanket)
multimedia/obs-studio: Install one more .cmake file to support some use cases
multimedia/obs-studio: Install ObsPluginHelpers.cmake to facilitate plugins
multimedia/obs-studio: Update 25.0.3 -> 25.0.4
Chengelog: https://github.com/obsproject/obs-studio/releases/tag/25.0.4
This is mostly a bugfix release, therefore requesting MFH.
Approved by: ports-secteam (joneum)
emulators/fs-uae: fix build on non-x86
JIT is enabled by default everywhere, which causes fail on e.g. powerpc64:
configure: error: in `/wrkdirs/usr/ports/emulators/fs-uae/work/fs-uae-3.0.2':
configure: error: JIT is not supported on powerpc64-portbld-freebsd12.1
Make JIT option available on all architectures so that --disable-jit is properly passed when the option is disabled.
Approved by: portmgr (fix build blanket)
net-mgmt/netbox: Update to 2.7.11
* Improve the sample rc script to allow passing of extra arguments, e.g. to
listen on multiple interfaces/addresses [1] or use a configuration file
instead using rc variables.
Kudos to Thomas Kurschel for some extra testing of the updated rc script.
Changelog:
Enhancements:
* Add ability to automatically check for new releases (must be enabled by
setting RELEASE_CHECK_URL)
* Custom script object variables now utilize dynamic form widgets
* Add descriptive tooltip to custom fields on object views
* Add a dedicated view for rack reservations
* Enable webhooks for rack reservations
* Enable export templates for rack reservations
* Enable custom links for rack reservations
* Update admin links for Django RQ to reflect multiple queues
* Add a bulk edit view for device bays
* Add cable trace button for circuit terminations
Bug Fixes:
* Improve prefix_length validation on available-prefixes API
* Fix cable tracing across multiple rear ports
* Enforce unique constraints for device and virtual machine names in the API
* Fix Markdown support for tables
* Fix exception raised on IP address bulk add view
* Fix duplicate name validation on device model
https://github.com/netbox-community/netbox/releases/tag/v2.7.11
PR: 244629 [1]
Reported by: O. Hartmann <ohartmann@walstatt.org> [1]
Approved by: ports-secteam (riggs)
Update to upstream version 45.0.0
Details:
- Many bugfixes, but also some enhancements, see
https://mkvtoolnix.download/doc/NEWS.md
Approved by: ports-secteam (riggs)
devel/caf: fix build on GCC architectures
Some files require including sys/types.h before other headers:
/usr/include/netinet/ip.h:227:2: error: 'u_short' does not name a type; did you mean 'short'?
227 | u_short ippseudo_len; /* protocol length */
| ^~~~~~~
| short
PR: 245364
Approved by: leres (maintainer)
Approved by: portmgr (fix build blanket)
security/snort3: UNBREAK
- Update version 3.0.0-258=>3.0.0-270
- Remove BUILD_DEPENDS and RUN_DEPENDS into LIB_DEPENDS
- Change compiler to use c++14-lang
- Make HYPERSCAN default for amd64
- Remove DEBUG_DESC and DOCS_DESC for the defaults DESC
net/libdaq: Update version 3.0.0-alpha3=>3.0.0-alpha4
Submitted by: dvl
Differential Revision: https://reviews.freebsd.org/D24263
Approved by: portmgr (blanket: build fix)
emulators/virtualbox-ose-{additions,kmod}: Remove missing patch
extrapatch-Config.kmk was merged in ports r528258 into the standard
Config.kmk patch out of necessity, but inadvertently missed that it was also
referenced in two other spots.
No PORTREVISION bump, as these are build-only fixes to fix the entirety of
virtualbox-ose-additions and the DEBUG option of virtualbox-ose-kmod.
PR: 245239
Approved by: koobs (mentor)
Approved by: portmgr (blanket: build fix, just-fix-it)
Differential Revision: https://reviews.freebsd.org/D24260
Approved by: ports-secteam (blanket: build fix)
x11-fonts/fontconfig: update to 2.13.92
Fontconfig 2.13.1 generated .uuid files in the fonts directory which where
not properly registered to the packages. To clean them up, please execute the
following command:
find %%LOCALBASE%%/share/fonts -type f -name .uuid -delete
By switching to this RC, the dependency on libuuid can be droped again, and the
issue of registering uuid is moot.
PR: 239167
Exp-run by: antoine
Submitted by: lightside <lightside@gmx.com>
Approved by: ports-secteam (joneum)
multimedia/obs-studio: Add the vlc plugin that wasn't enabled on FreeBSD for some reason
multimedia/obs-studio: Add missing header for depending projects to access the OBS Studio API
multimedia/obs-studio: Update 25.0.1 -> 25.0.3 (25.0.3 contains bugfixes)
Bug fixed: https://github.com/obsproject/obs-studio/issues/2627#issuecomment-608509154
25.0.1 crashed on microphone change.
Approved by: ports-secteam (joneum)
Mk/Uses/go.mk: Set GO_NO_VENDOR_CHECKS=1
Set GO_NO_VENDOR_CHECKS=1 to signal lang/go to relax vendor checks during ports
build.
PR: 244783
Reported by: Christopher Hall <hsw@bitmark.com>
Reviewed by: mikael swills yuri
Differential Revision: https://reviews.freebsd.org/D24122
Approved by: ports-secteam (joneum)
lang/go: relax module consistency checks if vendor/modules.txt is missing
Starting from go1.14, go verifies that vendor/modules.txt matches the
requirements and replacements listed in the main module go.mod file, and it is
a hard failure if vendor/modules.txt is missing.
Relax module consistency checks and switch back to pre go1.14 behaviour if
vendor/modules.txt is missing and GO_NO_VENDOR_CHECKS=1 is set in the
environment regardless of go version requirement in go.mod.
Upstream PR: https://github.com/golang/go/issues/37948
PR: 244783
Reported by: Christopher Hall <hsw@bitmark.com>
Reviewed by: mikael swills yuri
Approved by: jlaffaye (maintainer timeout, 2 weeks)
Differential Revision: https://reviews.freebsd.org/D24122
Approved by: ports-secteam (joneum)
multimedia/obs-studio: Fix the procfs(5) link for the executable path: /proc/self/exe -> /proc/curproc/file
PR: 245299
Reported by: Keith Hellman <khellman@mcprogramming.com> (the reported issue seems to be the same)
Approved by: ports-secteam@FreeBSD.org
net/libarcus: fix build on GCC architectures
C++11 compiler is necessary:
/usr/local/include/google/protobuf/arena_impl.h:323: error: ISO C++ forbids declaration of 'atomic' with no type
Approved by: portmgr (fix build blanket)
ONLY_FOR_ARCHS_REASON= gccfeatures.h:54:4: This code has only been tested on x86 and powerpc platforms
BROKEN_FreeBSD_12_powerpc64= fails to compile: oskar_convert_cirs_relative_directions_to_enu_directions.c:67:29: 'csinl' undeclared (first use in this function)