mail/spamassassin: Update 3.4.4 --> 3.4.5, fixing CVE-2020-1946
According to https://s.apache.org/ng9u9, 3.4.5 fixes CVE-2020-1946.
The announce text:
Apache SpamAssassin 3.4.5 was recently released [1], and fixes an issue
of security note where malicious rule configuration (.cf) files can be
configured to run system commands.
In Apache SpamAssassin before 3.4.5, exploits can be injected in a number
of scenarios. In addition to upgrading to SA 3.4.5, users should only use
update channels or 3rd party .cf files from trusted places.
Apache SpamAssassin would like to thank Damian Lukowski at credativ for
ethically reporting this issue.
This issue has been assigned CVE id CVE-2020-1946 [2]
To contact the Apache SpamAssassin security team, please e-mail
security at spamassassin.apache.org. For more information about Apache
SpamAssassin, visit the https://spamassassin.apache.org/ web site.
Apache SpamAssassin Security Team
[1]: https://s.apache.org/ng9u9
[2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946
PR: 254526
Submitted by: cy
Reported by: cy
Approved by: maintainer (zeising)
Security: https://s.apache.org/ng9u9https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946
- Update to version 4.4 and unforbid
- Add LZ4 and ZSTD compression support
- Improve or drop option descriptions
- Convert to option helpers while here
PR: ports/254316
Security: 317487c6-85ca-11eb-80fa-14dae938ec40
security/wpa_supplicant: fix for P2P provision vulnerability
Latest version available from: https://w1.fi/security/2021-1/
Vulnerability
A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.
Vulnerable versions/configurations
wpa_supplicant v1.0-v2.9 with CONFIG_P2P build option enabled
An attacker (or a system controlled by the attacker) needs to be within
radio range of the vulnerable system to send a set of suitably
constructed management frames that trigger the corner case to be reached
in the management of the P2P peer table.
Note: The P2P option is not default.
Security: https://w1.fi/security/2021-1/\
wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
security/libressl: Bugfix update to 3.2.4
* See errata 013 from OpenBSD 6.8
* Various interoperability issues and memory leaks were discovered in
libcrypto and libssl
security/libressl: Security fix for potential use-after-free
Security: eeca52dc-866c-11eb-b8d6-d4c9ef517024
Approved by: ports-secteam (blanket)
databases/postgresql-mysql_fdw: Upgrade from 2.5.4 to 2.5.5
Fix various bugs, compilation warnings, and server crashes.
Souce: https://github.com/EnterpriseDB/mysql_fdw/releases/tag/REL-2_5_5
Also make minimum PostgreSQL version 9.6. The last version 2.5.4 already
dropped the PostgreSQL 9.5 support. Also imcrease max supported PostgreSQL
version from 11 to 13. This was also introduced in the last version 2.5.4.
Take maintainership
Sponsored by: Bounce Experts
M postgresql-mysql_fdw/Makefile
M postgresql-mysql_fdw/distinfo
mail/dovecot-fts-xapian: Update to 1.4.8
- Update to 1.4.8
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D29251
x11/wezterm: add new port
WezTerm is a GPU-accelerated cross-platform terminal emulator and
multiplexer written by @wez and implemented in Rust.
- Multiplex terminal panes, tabs and windows on local and remote
hosts, with native mouse and scrollback
- Ligatures, Color Emoji and font fallback, with true color and
dynamic color schemes
- Hyperlinks
- Searchable Scrollback (use mouse wheel and Shift-PageUp and Shift
PageDown to navigate, Ctrl-Shift-F to activate search mode)
- xterm style selection of text with mouse; paste selection via
Shift-Insert (bracketed paste is supported!)
- SGR style mouse reporting (works in vim and tmux)
- Render underline, double-underline, italic, bold, strikethrough
(most other terminal emulators do not support as many render
attributes)
- Configuration via a file with hot reloading
- Multiple Windows (Hotkey: Super-N)
- Splits/Panes
- Tabs (Hotkey: Super-T, next/prev: Super-[ and Super-], go-to: Super-[1-9])
- SSH client with native tabs
- Connect to serial ports for embedded/Arduino work
- Connect to a local multiplexer server over unix domain sockets
- Connect to a remote multiplexer using SSH or TLS over TCP/IP
- iTerm2 compatible image protocol support, and built-in imgcat command
- Sixel graphics support
https://wezfurlong.org/wezterm/
multimedia/arcan: unbreak on aarch64
(encode) disabled, lzma not found
[...]
Determining if the function lzma_auto_decoder exists in the /usr/lib/liblzma.so failed with the following output:
c++: error: the clang compiler does not support '-march=native'
[...]
===> Checking for items in pkg-plist which are not in STAGEDIR
Error: Missing: bin/afsrv_encode
PR: 254234
Reported by: mikael
mail/fetchmail and mail/fetchmailconf: Update to 6.4.16
PR: 253423
Submitted by: Corey Halpin <chalpin AT cs.wisc DOT edu> (maintainer)
mail/fetchmail: fetchmailconf: update to 6.4.17 (minor fixes, Japanese translation)
# BUG FIXES
* IMAP client: plus memory leaks for username and password when trying
the LOGIN (password-based) authentication and encountered a timeout situation.
* dist-tools/getstats.py: also counts lines in *.py files [for NEWS file]
# CHANGES
* fetchmail.man: now mentions that you may need to add --ssl when specifying
a TLS-wrapped port.
* fetchmailconf: --version (-V) now prints the Python version in use.
# TRANSLATION UPDATE
* ja: Takeshi Hamasaki [Japanese]
PR: 254208
Approved by: Corey Halpin (maintainer)
ChangeLog: 66ae17e72c/NEWS (L85)
java/intellij-rubymine: Fix packaging with non-default Python versions
* Replace a few occurrences in pkg-plist where PYTHON_VER shouldn't be used
as a substitution.
PR: 253815
Approved by: portmgr (build fix)
Approved by: ports-secteam (implicit)
dns/c-ares: Update 1.16.1 -> 1.17.1
Bump to the latest release. Upstream has reorganized the source in this
release, and the port has been adapted to path changes where necessary.
Approved by: zi (maintainer)
Sponsored by: Miles AS
sysutils/lcdproc: fix build on powerpc64 elfv2
Use GCC:
In file included from serialVFD_io.c:45:
./port.h:344:32: error: invalid output constraint '=a' in asm
__asm__ volatile ("inb %1,%0":"=a" (value)
firefox: import upstream bugfixes
1 https://bugzilla.mozilla.org/show_bug.cgi?id=1694670
"Linux startup crash in [@ qcms_data_create_rgb_with_gamma]"
crash on startup when loading certain ICC profiles
2 https://bugzilla.mozilla.org/show_bug.cgi?id=1694699
"Investigate tabs API regression in Firefox 86"
regression causing loss of tabs from tab groups
PR: 253886 ([2])
Reported by: Hans Petter Selasky [1], Graham Perrin [2]
emulators/rpcs3: unbreak Vulkan on Intel after r562625
ioctl(I915_GEM_USERPTR) failed. Try running as root but expect poor stability.
F {RSX [0x000255c]} SIG: Thread terminated due to fatal error: Assertion Failed! Vulkan API call failed with unrecoverable error: Invalid external handle (VK_ERROR_INVALID_EXTERNAL_HANDLE_KHR)
(in file rpcs3/Emu/RSX/VK/vkutils/memory.cpp:224[:79], in function memory_block_host) (errno=1)
(in file rpcs3/Emu/RSX/VK/vkutils/shared.cpp:103[:4], in function die_with_error) (errno=1)
Backport part of r566453 | gerald | 2021-02-24 from lang/gcc8-devel:
ALso back port part of r565301 | gerald | 2021-02-15 from
lang/gcc11-devel:
Explicitly build --without-zstd such that archivers/zstd isn't pulled
in inadvertedly when present in the build system even though it is not
an explicit dependency. [1]
PR: 253286 [1]
x11-wm/labwc: add new port
Labwc is a wlroots-based stacking compositor for Wayland.
It has the following aims:
- Be light-weight, small and fast
- Have the look and feel of openbox albeit with a smaller feature set
- Where practicable, use clients to show wall-paper, take screenshots,
and so on
- Stay in keeping with wlroots and sway in terms of approach and
coding style
https://github.com/johanmalm/labwc
- Fix .desktop entry, remove wrong path from Exec line
- Convert port to USES=localbase
- Silence portlint warnings about variables order
PR: 254031
Approved by: mjl@luckie.org.nz (maintainer)
x11-toolkits/swt:
- Remove excessive patching, which also broke loading of swt libraries.
- Add temporary patch to fix crash, when swt tries to load *.css files which
are not shipped with the tarball.
Reported by: Robin Dapp via email
games/zdoom: fix build on non-x86
gme needs the same patching as for other ports.
p_spec.cpp uses chars, which are unsigned on ARM and POWER by default.
Approved by: tier 2 blanket
Back port part of r566296 | gerald | 2021-02-22 from lang/gcc9-devel:
[B]ack port of part of r565301 | gerald | 2021-02-15 from
lang/gcc11-devel:
Explicitly build --without-zstd such that archivers/zstd isn't pulled
in inadvertedly when present in the build system even though it is not
an explicit dependency. [1]
Back port part of r566885 | gerald | 2021-03-01 from lang/gcc9-devel:
Remove the GRAPHITE option. Graphite still is a largely experimental
feature, so better left to newer versions of GCC such as GCC 10 which
is now our default.
PR: 253286 [1]
www/falkon: add flavor without KDE integration
This results in a package that doesn't drag in huge numbers of
KDE dependencies if you aren't on KDE.
This replaces the OPTION KDEINTEGRATION.
Approved by: kde (adridg)
Differential Revision: https://reviews.freebsd.org/D29010
multimedia/arcan: use luajit-openresty on all architectures
lang/luajit hasn't been updated in years. Alpine, Debian, Fedora,
Gentoo, Guix, Mageia, Nix, Void updated to 2.1.0 beta3 or snapshot.
Of those Guix and Void have Arcan package. So, switch to 2.1 as well
for better stability and non-x86 support.
https://github.com/letoram/arcan/commit/b1290c6485db
emulators/yuzu: prefer OpenSSL over GnuTLS after r560825
-- Found NETTLE: /usr/local/lib/libnettle.so
-- Found GnuTLS: /usr/local/lib/libgnutls.so
-- Found OpenSSL: /usr/lib/libcrypto.so (found version "1.1.1h")
[...]
Error: /usr/local/bin/yuzu is linked to /usr/local/lib/libgnutls.so.30 from security/gnutls but it is not declared as a dependency
Warning: you need LIB_DEPENDS+=libgnutls.so:security/gnutls
Error: /usr/local/bin/yuzu is linked to /usr/local/lib/libnettle.so.8 from security/nettle but it is not declared as a dependency
Warning: you need LIB_DEPENDS+=libnettle.so:security/nettle
games/openjk: fix packaging on armv6
pkg-static: Unable to access file /wrkdirs/usr/ports/games/openjk/work/stage/usr/local/share/JediAcademy/OpenJK/cgamearmv6.so:No such file or directory
pkg-static: Unable to access file /wrkdirs/usr/ports/games/openjk/work/stage/usr/local/share/JediAcademy/OpenJK/jagamearmv6.so:No such file or directory
pkg-static: Unable to access file /wrkdirs/usr/ports/games/openjk/work/stage/usr/local/share/JediAcademy/OpenJK/jampgamearmv6.so:No such file or directory
pkg-static: Unable to access file /wrkdirs/usr/ports/games/openjk/work/stage/usr/local/share/JediAcademy/OpenJK/uiarmv6.so:No such file or directory
pkg-static: Unable to access file /wrkdirs/usr/ports/games/openjk/work/stage/usr/local/share/JediAcademy/base/cgamearmv6.so:No such file or directory
pkg-static: Unable to access file /wrkdirs/usr/ports/games/openjk/work/stage/usr/local/share/JediAcademy/base/jampgamearmv6.so:No such file or directory
pkg-static: Unable to access file /wrkdirs/usr/ports/games/openjk/work/stage/usr/local/share/JediAcademy/base/uiarmv6.so:No such file or directory
pkg-static: Unable to access file /wrkdirs/usr/ports/games/openjk/work/stage/usr/local/share/JediAcademy/openjk.armv6:No such file or directory
pkg-static: Unable to access file /wrkdirs/usr/ports/games/openjk/work/stage/usr/local/share/JediAcademy/openjk_sp.armv6:No such file or directory
pkg-static: Unable to access file /wrkdirs/usr/ports/games/openjk/work/stage/usr/local/share/JediAcademy/openjkded.armv6:No such file or directory
pkg-static: Unable to access file /wrkdirs/usr/ports/games/openjk/work/stage/usr/local/share/JediAcademy/rd-vanilla_armv6.so:No such file or directory
pkg-static: Unable to access file /wrkdirs/usr/ports/games/openjk/work/stage/usr/local/share/JediAcademy/rdsp-vanilla_armv6.so:No such file or directory
ALso back port part of r565301 | gerald | 2021-02-15 from
lang/gcc11-devel:
Explicitly build --without-zstd such that archivers/zstd isn't pulled
in inadvertedly when present in the build system even though it is not
an explicit dependency. [1]
PR: 253286 [1]
Plus a back port of part of r565301 | gerald | 2021-02-15 from
lang/gcc11-devel:
Explicitly build --without-zstd such that archivers/zstd isn't pulled
in inadvertedly when present in the build system even though it is not
an explicit dependency. [1]
PR: 253286 [1]
Back port part of r565994 | gerald | 2021-02-18 from lang/gcc10-devel:
Back port part of r565301 | gerald | 2021-02-15 from lang/gcc11-devel:
Explicitly build --without-zstd such that archivers/zstd isn't pulled
in inadvertedly when present in the build system even though it is not
an explicit dependency. [1]
PR: 253286 [1]
Back port part of r565301 | gerald | 2021-02-15 from lang/gcc11-devel:
Explicitly build --without-zstd such that archivers/zstd isn't pulled
in inadvertedly when present in the build system even though it is not
an explicit dependency. [1]
PR: 253286 [1]
Explicitly build --without-zstd such that archivers/zstd isn't pulled
in inadvertedly when present in the build system even though it is not
an explicit dependency. [1]
PR: 253286 [1]
emulators/qemu-user-static: update to f7fd10d7677c
This features a number of fixes; highlights:
- Handle aarch64 YIELD instructions
- Bump ARG_MAX to match the FreeBSD default on LP64 platforms
- Implement __specialfd(2) and copy_file_range(2)
- Style fixes
- Fix an issue with binary execution[0]
- Fix page fault handling for self-modifying binaries[1]
- Suppress noise from CIOGSESSION usage and restore CRIOGET handling
- Patch _umtx_op(2) through to the kernel where possible[2]
[0] Attempting to execute a binary by name was broken when there was an
unrelated entry by the same name in PWD. The report below observed it in the
cluster while building games/dobutsu, which tried to execute `xz` in a directory
that had an `xz` directory inside of it.
[1] From the fixing commit, qemu mprotect()s pages contained translated code
to PROT_READ | PROT_EXEC and upgrades protections as needed upon page fault.
This was broken in a previous commit that misidentified by the trap # that
should have been observed. The observed issue a broken JIT compiler in
libpcre.
[2] _umtx_op can now be handled by the kernel in cases where the target long
size is not longer than the host, and the target and host are the same
endianness. This is much more reliable than our previous emulation of these
operations, and should reduce hangs sometimes observed in threaded applications.
Note that this requires a recent stable/12 or 13.x/-CURRENT.
PR: 253375 [0]
PR: 253335 [1]
finance/quickfix: fix build on non-x86
Code uses x86 assembly, but makes it possible to use Boost atomic.
multimedia/zoneminder: enable on powerpc64
net/mpich: fix build on powerpc64
Neither __BYTE_ORDER nor __BIG_ENDIAN are defined:
In file included from src/mpi/datatype/typerep/dataloop/looputil.c:10:
./src/mpi/datatype/typerep/dataloop/looputil.h:57:2: error: This code assumes that __BYTE_ORDER and __BIG_ENDIAN are defined
#error This code assumes that __BYTE_ORDER and __BIG_ENDIAN are defined
editors/libreoffice: fix build on powerpc64 elfv2
This set of patches is applied only on powerpc* architectures.
Submitted by: afsilva
Approved by: tier 2 blanket
security/openconnect-gui: fix checksum
emulators/riscv-isa-sim: enable on powerpc64
sysutils/linuxfdisk: enable on powerpc64
graphics/openfx-arena: enable on powerpc64
multimedia/arcan: enable LUAJIT on powerpc64
It builds fine with luajit-openresty.
games/libretro-desmume2015: fix build on non-x86 / ARM
JIT is only for x86 and ARM.
astro/opencpn: fix build on powerpc64*
Use GCC unconditionally on powerpc64*:
In file included from /usr/lib/clang/11.0.1/include/xmmintrin.h:13:
/usr/lib/clang/11.0.1/include/mmintrin.h:33:5: error: use of undeclared identifier '__builtin_ia32_emms'; did you mean '__builtin_isless'?
__builtin_ia32_emms();
editors/libreoffice6: backport powerpc* patches to libreoffice6
Approved by: tier 2 blanket
devel/newt: does not register shared libs
pkg info -b newt does not show any shared libraries despite the port installing
one.
The framework uses the output of readelf -d to know if the library has a SONAME
and this ports does not add a SONAME if it does not detect the GNU linker. Then,
the resulting package does not register any shared libraries.
* Patch configure.ac to learn and detect LLVM linker so it adds the SONAME to
the library.
* Add USE_LDCONFIG (portlint wrongly complains about not installing shared libs)
PR: 253712
Submitted by: masamory7@gmail.com
Update to r85c9d788f8 from the FreeBSD docset.
Approved by: doceng (implicit)
Update to 0cff342f42461c5081b98bce7581f43df319e4f4 version from the
FreeBSD docset (a.k.a. 13.0-R version)
Approved by: doceng (implicit)
Approved by: portmgr (blanket)
net/aquantia-atlantic-kmod: Fix build on CURRENT
This patch enables the port to build a working if_atlantic.ko on
13-CURRENT, broken since r353868 (Git commit 19e09f447fd9), where
the `if_multi_apply` and `if_multiaddr_count` KPIs were removed.
PR: 252642
Submitted by: Michael Chiu <nyan-at-myuji.xyz>
Approved by: koobs (maintainer)
Differential_Revision: https://reviews.freebsd.org/D28135
ports-mgmt/pkg: Update to 1.16.2
Changes from 1.16.1 to 1.16.2
- libpkg: add a snap(shot) version prefix
- libpkg: only upgrade installed packages with pattern matches
- Document pkg-lock(8) accepts a list of packages
Approved by: bapt (implicit)
ports-mgmt/pkg: Update to 1.16.3
- lua: filecmp: Fix for symlink
PR: 253292, 250439
Approved by: bapt (implicit)
textproc/libebml: update to 1.4.3
Changelog:
* Fixed several heap overflow bugs in the `ReadData` functions of
various data type classes. This fixes CVE-2021-3405.
Security: CVE-2021-3405
lang/retro12: Update to 2021.2
ChangeLog:
* fixes a bug causing address stack corruption in some circumstances
* improved handling of pipes
* added `abort`
* add support for user defined block delimiters
PR: 253610
Submitted by: crc@forthworks.com
Unbreak fetch from git.sr.ht
GZIP compression ratio and Git footer have changed e.g.,
method crc date time compressed uncompressed ratio uncompressed_name
-defla 944caee6 Dec 7 21:15 12482 71680 82.5% scdoc-1.11.1.tar
+defla 944caee6 Feb 17 23:20 12510 71680 82.5% scdoc-1.11.1.tar
---
-2.26.2
+2.30.0
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: potgo_value
>>> defined at main.c
>>> ./sources/src/main.o:(potgo_value)
>>> defined at newcpu.c
>>> ./sources/src/newcpu.o:(.bss+0x81E50)
Reported by: pkg-fallout
www/logswan: Update to 2.1.10
And while here, also switch to versioned download.
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D28685
Mark BROKEN on FreeBSD 13 % 14.
ld: error: duplicate symbol: SYNTAX_ERR_FLAG
>>> defined at array.c
>>> src/asciitex/array.o:(SYNTAX_ERR_FLAG)
>>> defined at asciiTeX.c
>>> src/asciitex/asciiTeX.o:(.bss+0x0)
editors/libreoffice: resurrect deleted by mistake patch for qt5-cairo engine to fix CJK fonts rendering in menus and dialogs
PR: 253371, 253579
Pointy hat to: fluffy
sysutils/memtest86+: remove dependency on gcc48
This is one of three ports still explicitly dependent on lang/gcc48. The
problems that were preventing the upgrade were as follows:
- The __OUT*/__IN* macros in io.h were declaring the produced functions as
extern, yielding multiple "definitions." They're inline asm, so just give
them static linkage.
- reboot was declared inline with non-static linkage, thus leaving it in a
weird state where it wasn't visible within the same CU or another CU.
Drop the inline for now; if it really needs to be inlined, it can be
moved into a header and declared `static inline`.
I made these changes, then discovered there's a 5.31b that's still in
testing. I checked the archive for that and was delighted to discover these
changes had already actually been made there, too, so let's consider this a
backport.
PR: 253303
Approved by: avg (maintainer)
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: g_mainthread_id
>>> defined at module.c
>>> livestatus_so-module.o:(g_mainthread_id)
>>> defined at logger.c
>>> livestatus_so-logger.o:(.bss+0x8)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: mem68k_fetch_byte
>>> defined at floppy.c
>>> floppy.o:(mem68k_fetch_byte)
>>> defined at profile.c
>>> profile.o:(.bss+0x100)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: CGACONST
>>> defined at 386.c
>>> pcem-386.o:(CGACONST)
>>> defined at 386_dynarec.c
>>> pcem-386_dynarec.o:(.bss+0x1900)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: data
>>> defined at event.c
>>> event.o:(data) in archive ../adns/libadns.a
>>> defined at types.c
>>> types.o:(.bss+0x0) in archive ../adns/libadns.a
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: DicDir
>>> defined at xjdcomm.c
>>> ./obj/Jishyo.obj/xjdcomm.c.o:(DicDir)
>>> defined at xjdsa.c
>>> ./obj/Jishyo.obj/xjdsa.c.o:(.bss+0x110)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: endscore_reached
>>> defined at main.c
>>> main.o:(endscore_reached)
>>> defined at menu.c
>>> menu.o:(.bss+0x600)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: admin_passwd
>>> defined at main.c
>>> main.o:(admin_passwd)
>>> defined at interface.c
>>> interface.o:(.bss+0x60)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
g_raid5.c:1567:2: error: too few arguments to function call, expected at least 3, have 1
G_RAID5_LOGREQ(bp, "[done err:%d dat:%02x adr:%p]",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./g_raid5.h:72:18: note: expanded from macro 'G_RAID5_LOGREQ'
g_print_bio(bp); \
~~~~~~~~~~~ ^
/usr/src/sys/geom/geom.h:347:6: note: 'g_print_bio' declared here
void g_print_bio(const char *prefix, const struct bio *bp, const char *fmtsuffix, ...) __printflike(3, 4);
^
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: CharSet
>>> defined at clear.c
>>> clear.o:(CharSet)
>>> defined at drawing.c
>>> drawing.o:(.bss+0x0)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: dbErrString
>>> defined at nomos.c
>>> nomos.o:(dbErrString)
>>> defined at licenses.c
>>> licenses.o:(.bss+0x1020)
Reported by: pkg-fallout
games/bsdgames: NO_WERROR fix for FreeBSD 13
* use WITHOUT_WERROR instead of NO_WERROR
* remove noop REINPLACE statements
* moves the wump.info out of the pkg-plist into the Makefile
PR: 252941
Submitted by: jockl@pianojockl.org (maintainer)
graphics/openexr: graphics/ilmbase: v2.5.4 update
"Patch release with various bug/sanitizer/security fixes, primarily related to
reading corrupted input files."
<https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.4>
Cherry-pick upstream commit for GCC 11 compatibility:
<a40a6151c4>
Since this changes the patchlevel of the solibs, bump PORTREVISION of dependent
ports just to be sure.
(graphics/py-openshadinglanguage is unaltered and .includes the revision bump
from .../openshadinglanguage.)
graphics/openexr: really commit v2.5.4 update.
Unfortunately, this was missed with the ilmbase update, and
causes yet another PORTREVISION bump on all dependent ports.
repeating ilmbase's commit log here:
"Patch release with various bug/sanitizer/security fixes, primarily related to
reading corrupted input files."
<https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.4>
Cherry-pick upstream commit for GCC 11 compatibility:
<a40a6151c4>
Since this changes the patchlevel of the solibs, bump PORTREVISION of dependent
ports just to be sure.
(graphics/py-openshadinglanguage is unaltered and .includes the revision bump
from .../openshadinglanguage.)
Reported by: VVD (IRC, #bsdports)
graphics/openexr, ilmbase: security update to v2.5.5
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.5
"Specific OSS-fuzz issues include:
OSS-fuzz #30291 Timeout in openexr_exrcheck_fuzzer
OSS-fuzz #29106 Heap-buffer-overflow in Imf_2_5::FastHufDecoder::decode
OSS-fuzz #28971 Undefined-shift in Imf_2_5::cachePadding
OSS-fuzz #29829 Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffers
OSS-fuzz #30121 Out-of-memory in openexr_exrcheck_fuzzer"
Bump PORTREVISION of ports that directly depend on openexr and/or ilmbase.
Security: 98044aba-6d72-11eb-aed7-1b1b8a70cc8b
textproc/elasticsearch6: Fix rc order
It has been found that elasticsearch is being started in wrong phase of rc
sequence.
This should bring it to more apropriate place where all services, including
cleartmp, are started.
PR: 236840
Reported by: Nemesis11 <felix@zwame.pt>
Reviewed by: osa (mentor), swills
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D27874
devel/rlwrap: Update to 0.44
And while here, also:
- Switch to versioned release download
- Reformat Makefile according to portclippy/portfmt
- Fix pkg-plist
Reviewed by: osa (mentor), swills (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D28429
x11/foot: unbreak if devel/ncurses is installed
In-base ncurses uses termcap, so ports/ don't support populating
terminfo yet. For example, devel/ncurses has --with-hashed-db
which confuses Meson.
[2/3] /usr/local/bin/meson install --no-rebuild
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/mesonbuild/mesonmain.py", line 140, in run
return options.run_func(options)
File "/usr/local/lib/python3.7/site-packages/mesonbuild/minstall.py", line 554, in run
installer.do_install(datafilename)
File "/usr/local/lib/python3.7/site-packages/mesonbuild/minstall.py", line 372, in do_install
self.install_targets(d)
File "/usr/local/lib/python3.7/site-packages/mesonbuild/minstall.py", line 468, in install_targets
raise RuntimeError('File {!r} could not be found'.format(t.fname))
RuntimeError: File 'f' could not be found
audio/liblastfm-qt5: Restore the patches that were originally part of
audio/liblastfm (R.I.P.) to make the library function again. It seems they
were forgotten when this was converted to a free-standing port in r495869.
sysutils/rpi-firmware: Update to 1.20210111
While here also:
Replace the deprecated arm_control by arm_64bit for 64bits configuration
Add hdmi_safe for rpi4, recent updates of rpi-firmware break something related
to hdmi. Version 1.20201201 will reset if hdmi monitor is connected while later
version will only work if an hdmi monitor is connected. [1]
PR: 252971 [1]
dns/powerdns-recursor: unbreak build with lua54
Switch to autoreconf to avoid heavy multilina patching of configure script
PR: 253078
Submitted by: fluffy
Approved by: maintainer
dns/powerdns: unbreak build with lua54
Switch to autoreconf to avoid heavy multiline patching of configure script
PR: 253077
Submitted by: fluffy
Approved by: maintainer
lang/php80: Update from 8.0.1 to 8.0.2
Core:
Fixed bug #80523 (bogus parse error on >4GB source code).
Fixed bug #80384 (filter buffers entire read until file closed).
Fixed bug #80596 (Invalid union type TypeError in anonymous classes).
Fixed bug #80617 (GCC throws warning about type narrowing in ZEND_TYPE_INIT_CODE).
BCMath:
Fixed bug #80545 (bcadd('a', 'a') doesn't throw an exception).
Curl:
Fixed bug #80595 (Resetting POSTFIELDS to empty array breaks request).
Date:
Fixed bug #80376 (last day of the month causes runway cpu usage).
DOM:
Fixed bug #80537 (Wrong parameter type in DOMElement::removeAttributeNode stub).
Filter:
Fixed bug #80584 (0x and 0X are considered valid hex numbers by filter_var()).
GMP:
Fixed bug #80560 (Strings containing only a base prefix return 0 object).
Intl:
Fixed bug #80644 (Missing resource causes subsequent get() calls to fail).
MySQLi:
Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns).
Fixed bug #64638 (Fetching resultsets from stored procedure with cursor fails).
Fixed bug #72862 (segfault using prepared statements on stored procedures that use a cursor).
Fixed bug #77935 (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor).
ODBC:
Fixed bug #80592 (all floats are the same in ODBC parameters).
Opcache:
Fixed bug #80422 (php_opcache.dll crashes when using Apache 2.4 with JIT).
PDO_Firebird:
Fixed bug #80521 (Parameters with underscores no longer recognized).
Phar:
Fixed bug #76929 (zip-based phar does not respect phar.require_hash).
Fixed bug #77565 (Incorrect locator detection in ZIP-based phars).
Fixed bug #69279 (Compressed ZIP Phar extractTo() creates garbage files).
Phpdbg:
Reverted fix for bug #76813 (Access violation near NULL on source operand).
SOAP:
Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702)
Sponsored by: PHP Update Service
lang/php74: Update from 7.4.14 to 7.4.15
Core:
Fixed bug #80523 (bogus parse error on >4GB source code).
Fixed bug #80384 (filter buffers entire read until file closed).
Curl:
Fixed bug #80595 (Resetting POSTFIELDS to empty array breaks request).
Date:
Fixed bug #80376 (last day of the month causes runway cpu usage.
MySQLi:
Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns).
Fixed bug #64638 (Fetching resultsets from stored procedure with cursor fails).
Fixed bug #72862 (segfault using prepared statements on stored procedures that use a cursor).
Fixed bug #77935 (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor).
Phar:
Fixed bug #77565 (Incorrect locator detection in ZIP-based phars).
Fixed bug #69279 (Compressed ZIP Phar extractTo() creates garbage files).
SOAP:
Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702)
Sponsored by: PHP Update Service
Please welcome LibreOffice suite 7.1.0 release!
Release Notes: https://blog.documentfoundation.org/blog/2021/02/03/libreoffice-7-1-community/
editors/libreoffice6: use some bundled libs in preparations of LO 7.1 update
Bundled: mdds, liborcus, libetonyek01
Simplify dependencies list by use USE_GNOME= cairo glib20 libxml2 libxslt
Bump PORTREVISION to force rebuild with bundled libs
e2fsprogs: make build more robust
Depending on external circumstances and options that I have not fully
investigated, several build-time failures occurred that were one of:
- missing symbols in liblzma (static build missed libmd)
on some versions with LIBUNWIND enabled
- sometimes /bin/csh being pulled up for scripting, breaking in
various places, reason unclear, possibly artifact of next one:
- questionable BASHTESTS handling cleaned up
As these are fixes for a potentially broken build,
no PORTREVISION bump necessary.
audio/gmtp: Update to 1.3.11
Add temporary workaround to fix linking with Clang >= 11 and GCC >= 10
Install license with the license framework instead of listing in PORTDOCS and
convert to UNIX style newline
PR: 244712
Submitted by: <lgfbsd@be-well.ilk.org> (maintainer)
cad/graywolf: Update 0.1.6-3 -> 0.1.6-4
cad/graywolf: Backport PR that makes graywolf run through tests
Submitted by: GH PR submitted by Kevin Zheng <kevinz5000@gmail.com>
multimedia/get_iplayer: Fix rc.d script and typo in pkg-message
The latest version of get_iplayer (ports r541176) introduced the following code:
export HOME="$get_iplayer_chdir"
cd "$HOME" || exit 1
This is always executed irrespective of rcvar get_iplayer_enable. The default
homedir for the get_iplayer user is /nonexistent. Therefore, upon each boot,
the script would emit the following error:
cd: /nonexistent: No such file or directory
with no indication of the source of the error.
PR: 251987
Submitted by: Jamie Landeg-Jones <jamie@catflap.org> (maintainer)
Reported by: Niels Bakker <niels=freebsd@bakker.net>
mail/dma: Fix build and improve pkg-message
- Replace deprecated NO_WERROR by MK_WERROR=no
- Tweak pkg-message to mention that dma is also in base [1]
PR: 252045 [1]
Submitted by: Dan Mahoney <freebsd@gushi.org>
Sponsored by: Rubicon Communications, LLC ("Netgate")
graphics/drm-fbsd13-kmod: Update to v5.4.92_2
- Update drm source code to match Linux v5.4.92
- Handle linuxkpi update in stable/13
- Switch off SOURCE option by default as drm-current-kmod [1]
Discussed with: zeising [1]
www/phpvirtualbox: Set default cookie expiry date to 7 days after creation
Fix the issue "unable to switch servers"
A few weeks ago phpVirtualBox started preventing users to switch from one
server to another, as you can read in this upstream bug report:
https://github.com/phpvirtualbox/phpvirtualbox/issues/267
PR: 253155
Submitted by: andrew.hotlab
With hat: ports-secteam
Obtained from: phpvirtualbox repo
Mark BROKEN on FreeBSD 13 and 14
./Plugins/Pdf/PDFWriter/PDFDocumentHandler.cpp:1332:24: error: assigning to 'bool' from incompatible type 'nullptr_t'
mParserOwned = NULL;
^~~~
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: TerminalWindowNoMoreActiveWindowsNotification
>>> defined at main.m
>>> ./obj/Terminal.obj/main.m.o:(TerminalWindowNoMoreActiveWindowsNotification)
>>> defined at Services.m
>>> ./obj/Terminal.obj/Services.m.o:(.bss+0x460)
Reported by: pkg-fallout
Add textproc/py-xmlschema: Implementation of XML Schema for Python
The xmlschema library is an implementation of XML Schema for Python (supports
Python 3.6+).
This library arises from the needs of a solid Python layer for processing XML
Schema based files for MaX (Materials design at the Exascale) European project.
A significant problem is the encoding and the decoding of the XML data files
produced by different simulation software. Another important requirement is the
XML data validation, in order to put the produced data under control. The lack
of a suitable alternative for Python in the schema-based decoding of XML data
has led to build this library. Obviously this library can be useful for other
cases related to XML Schema based processing, not only for the original scope.
WWW: https://pypi.org/project/xmlschema/
dns/nsd: Update 4.3.4 -> 4.3.5
This release fixes a number of bugs. It fixes a number of corner
case differences for the output more similar to Bind. The configure
sources are compatible with the new autoconf 2.70.
PR: 253026
Submitted by: jaap@NLnetLabs.nl (maintainer)
graphics/drm-{current,fbsd13}-kmod: Update pkg-message
Replace port name with the correct one.
Remove mention to drm-legacy-kmod as it was removed.
PR: 253092
net/ocserv: Update to 1.1.2
- Update to 1.1.2
- Reformat Makefile according to portclippy/portfmt
- Install sample config with PREFIX-ized values where
apropriate.
- Take MAINTAINERship
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D28346
x11/foot: add new port
A fast, lightweight and minimalistic Wayland terminal emulator.
Features:
- Fast
- Lightweight, in dependencies, on-disk and in-memory
- Wayland native
- DE agnostic
- User configurable font fallback
- On-the-fly font resize
- On-the-fly DPI font size adjustment
- Scrollback search
- Color emoji support
- Server/daemon mode
- IME (via text-input-v3)
- Multi-seat
- Synchronized Updates
- Sixel image support
https://codeberg.org/dnkl/foot
Add patch to libxfce4menu reverting part of upstream commit 85d8d390,
adding back code to ungrab all keys before grabbing them again.
The call has been removed upstream due to causing problems with tty
switching on linux, but testing in FreeBSD show no such problems
when switching to and from vty, and fix issues with keys not working
properly in FreeBSD.
PR: 244290
Submitted by: aryeh.friedman@gmail.com,
Jethro Nederhof <jethro@jethron.id.au> (suggested patch)
Reported by: many
graphics/drm-current-kmod: Update to latest source after linuxkpi update in base
While here remove vboxvideo and vmwgfx as they having been not working for a long time now.
graphics/drm-{current,devel}-kmod: Update to latest source
This fix a compilation problem with a pre 1300135 source tree.
Reported by: Filippo Moretti <filippomore@yahoo.com>
drm-{current,devel}-kmod: Update to latest sources
Include needed change for new irq_work code from base.
graphics/drm-{current,devel}-kmod: Update to latest source
Fix radeon for __FreeBSD_version >= 1300135
Reported by: tilj
drm-{current,devel}-kmod: Update to v5.4.92
While here only allow building on FreeBSD 14 and remove
some extra CONFLICTS_INSTALL that cannot happens.
graphics/drm-{current,devel}-kmod: Update plist
Those files have been removed from the tree.
While here bump the port version to the right one
Reported by: glebius
drm-current-kmod: Re-add OSVERSION check
Pointy hat to: manu
drm-{current,devel}-kmod: Update distinfo
Reported by: glebius
drm-fbsd*-kmod: Remove CONFLICTS_INSTALL
Only one port can be built on one branch so it's not needed
graphics/drm-fbsd13-kmod: Update pkg-descr
Update pkg-descr so it matches the version.
While here update WWW too.
Reported by: monochrome <monochrome@twcny.rr.com>
textproc/bsdgrep: stop building on FreeBSD 13+
bsdgrep will ship as the non-optional default in FreeBSD 13.0. Mark it as
IGNORE on 13 and 14, with the intention of deprecating it when stable/12 is
no longer supported. In the meantime, it is still useful on the earlier
branches for testing.
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: display
>>> defined at wmwork.c
>>> wmwork.o:(display)
>>> defined at wmgeneral.c
>>> wmgeneral.o:(.bss+0x8)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: board
>>> defined at xcheckers.c
>>> xcheckers.o:(board)
>>> defined at board.c
>>> board.o:(.bss+0x0)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: b_const
>>> defined at fractalb.c
>>> ./common/fractalb.o:(b_const)
>>> defined at fractals.c
>>> ./common/fractals.o:(.bss+0x2B0)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: basedestroyed
>>> defined at base.c
>>> base.o:(basedestroyed)
>>> defined at main.c
>>> main.o:(.bss+0x1A0)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: app_context
>>> defined at callback.c
>>> callback.o:(app_context)
>>> defined at xisola.c
>>> xisola.o:(.bss+0xB0)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: controls
>>> defined at koules.c
>>> koules.o:(controls)
>>> defined at server.c
>>> server.o:(.bss+0xC1BB0)
Reported by: pkg-fallout
security/sudo - update 1.9.5p1 to 1.9.5p2
(text/plain)
Sudo version 1.9.5p2 is now available which fixes CVE-2021-3156
(aka Baron Samedit), a severe security vulnerability in sudo versions
1.8.2 through 1.9.5p1. For more details, see:
https://www.sudo.ws/alerts/unescape_overflow.htmlhttps://www.openwall.com/lists/oss-security/2021/01/26/3
Source:
https://www.sudo.ws/dist/sudo-1.9.5p2.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.5p2.tar.gz
SHA256 539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978
MD5 e6bc4c18c06346e6b3431637a2b5f3d5
Patch:
https://www.sudo.ws/dist/sudo-1.9.5p2.patch.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.5p2.patch.gz
SHA256 0dd80809c4061670a0b393445b2807be452caf5d5988f279e736040cef1c14dc
MD5 2816f5fa537c61fb913046ef20b88e3b
Binary packages:
https://www.sudo.ws/download.html#binaryhttps://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_5p2
For a list of download mirror sites, see:
https://www.sudo.ws/download_mirrors.html
Sudo web site:
https://www.sudo.ws/
Sudo web site mirrors:
https://www.sudo.ws/mirrors.html
Major changes between sudo 1.9.5p2 and 1.9.5p1
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a partial
write to the server could result the sudo process consuming large
amounts of CPU time due to a cycle in the buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved when
performing PAM authentication. This fixes GSSAPI authentication
when the user has a non-default ccache.
* When invoked as sudoedit, the same set of command line options
are now accepted as for "sudo -e". The -H and -P options are
now rejected for sudoedit and "sudo -e" which matches the sudo
1.7 behavior. This is part of the fix for CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or sudo
-i). However, it was also possible to run sudoedit with the -s
or -i flags in which case no escaping had actually been done,
making a buffer overflow possible. This fixes CVE-2021-3156.
Major changes between sudo 1.9.5p1 and 1.9.5
* Fixed a regression introduced in sudo 1.9.5 where the editor run
by sudoedit was set-user-ID root unless SELinux RBAC was in use.
The editor is now run with the user's real and effective user-IDs.
Major changes between sudo 1.9.5 and 1.9.4p2
* Fixed a crash introduced in 1.9.4 when running "sudo -i" as an
unknown user. This is related to but distinct from Bug #948.
* If the "lecture_file" setting is enabled in sudoers, it must now
refer to a regular file or a symbolic link to a regular file.
* Fixed a potential use-after-free bug in sudo_logsrvd when the
server shuts down if there are existing connections from clients
that are only logging events and not session I/O data.
* Fixed a buffer size mismatch when serializing the list of IP
addresses for configured network interfaces. This bug is not
actually exploitable since the allocated buffer is large enough
to hold the list of addresses.
* If sudo is executed with a name other than "sudo" or "sudoedit",
it will now fall back to "sudo" as the program name. This affects
warning, help and usage messages as well as the matching of Debug
lines in the /etc/sudo.conf file. Previously, it was possible
for the invoking user to manipulate the program name by setting
argv[0] to an arbitrary value when executing sudo.
* Sudo now checks for failure when setting the close-on-exec flag
on open file descriptors. This should never fail but, if it
were to, there is the possibility of a file descriptor leak to
a child process (such as the command sudo runs).
* Fixed CVE-2021-23239, a potential information leak in sudoedit
that could be used to test for the existence of directories not
normally accessible to the user in certain circumstances. When
creating a new file, sudoedit checks to make sure the parent
directory of the new file exists before running the editor.
However, a race condition exists if the invoking user can replace
(or create) the parent directory. If a symbolic link is created
in place of the parent directory, sudoedit will run the editor
as long as the target of the link exists. If the target of the
link does not exist, an error message will be displayed. The
race condition can be used to test for the existence of an
arbitrary directory. However, it _cannot_ be used to write to
an arbitrary location.
* Fixed CVE-2021-23240, a flaw in the temporary file handling of
sudoedit's SELinux RBAC support. On systems where SELinux is
enabled, a user with sudoedit permissions may be able to set the
owner of an arbitrary file to the user-ID of the target user.
On Linux kernels that support "protected symlinks", setting
/proc/sys/fs/protected_symlinks to 1 will prevent the bug from
being exploited. For more information see
https://www.sudo.ws/alerts/sudoedit_selinux.html.
* Added writability checks for sudoedit when SELinux RBAC is in use.
This makes sudoedit behavior consistent regardless of whether
or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir"
setting had no effect for RBAC entries.
* A new sudoers option "selinux" can be used to disable sudo's
SELinux RBAC support.
* Quieted warnings from PVS Studio, clang analyzer, and cppcheck.
Added suppression annotations for PVS Studio false positives.
PR: 253034
Submitted by: cy
Reported by: cy
Reviewed by: emaste
Approved by: emaste
Approved by: ports-secteam (delphij)
Security: CVE-2021-3156, CVE-2021-3156
Differential Revision: https://reviews.freebsd.org/D28363
dns/dnsmasq: regression fixes from upstream Git
Apparently there are situations where dnsmasq 2.83 can confuse
its peers or sockets, and the upstream Git contains fixes for them.
These four fixes essentially take dnsmasq to 2.84test3.
Obtained from: Simon Kelley <simon@thekelleys.org.uk>'s Git repository
dns/dnsmasq: upgrade to v2.84 (regression fixes)
Upstream blessed v2.84 rc2 (which 2.83_1 effectively already was)
into v2.84 release, so take it (and patch the upstream bug of
leaving "rc2" in the version out).
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: Big_O
>>> defined at init.c
>>> init.o:(Big_O)
>>> defined at oids.c
>>> oids.o:(.bss+0x190)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: player
>>> defined at actions.c
>>> actions.o:(player)
>>> defined at explode.c
>>> explode.o:(.bss+0x0)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: current_server_filter
>>> defined at filter.c
>>> filter.o:(current_server_filter)
>>> defined at flt-player.c
>>> flt-player.o:(.bss+0x30)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: radar
>>> defined at map.c:31
>>> map.o:(radar)
>>> defined at game.c:31
>>> game.o:(.bss+0xD8)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: IMG_SPLASH
>>> defined at data.c
>>> data.o:(IMG_SPLASH)
>>> defined at scr_xrick.c
>>> scr_xrick.o:(.data+0x18)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: act
>>> defined at xrot.c
>>> xrot.o:(act)
>>> defined at title.c
>>> title.o:(.bss+0x118)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: board
>>> defined at addpiece.c
>>> addpiece.o:(board)
>>> defined at endgame.c
>>> endgame.o:(.bss+0x0)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
ld: error: duplicate symbol: b
>>> defined at xtron.c
>>> xtron.o:(b)
>>> defined at main.c
>>> main.o:(.bss+0x100)
Reported by: pkg-fallout
Mark BROKEN on FreeBSD 13 and 14
c++ -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -I../../include -Iposix -I../core/posix -c -o activity_statistics_monitor.o activity_statistics_monitor.cpp
In file included from activity_statistics_monitor.cpp:18:
In file included from ./incoming_message.h:20:
In file included from ./parameters.h:20:
In file included from ./parameter_entry.h:24:
In file included from /usr/include/c++/v1/string:506:
In file included from /usr/include/c++/v1/string_view:175:
In file included from /usr/include/c++/v1/__string:57:
In file included from /usr/include/c++/v1/algorithm:643:
In file included from /usr/include/c++/v1/memory:681:
In file included from /usr/include/c++/v1/atomic:571:
/usr/include/c++/v1/__threading_support:76:9: error: unknown type name 'sem_t'
typedef sem_t __libcpp_semaphore_t;
^
Reported by: pkg-fallout
- Add unconditional dependency on gcrypt and libgpg-error to ndpi
and ntopng to ensure full feature set [1]
- Patch ntopng to link correctly with libgcrypt
- While here, update ntopng to latest upstream snapshot
PR: 252935 [1]
Submitted by: Franco Fichtner <franco@opnsense.org>
www/py-django-classy-tags: Prevent installation of test suite at top-level
* Add a workaround to prevent the installation of the test suite into
Python's site-lib directory at top-level.
* Bump PORTREVISION due changed package contents.
PR: 252974
Approved by: cs (maintainer)
Approved by: ports-secteam (implicit, packaging fix blanket)
graphics/[lib]gphoto2: update to 2.5.26
LibCurl and LibXml2 now are mandatory to build driver for Lumix cameras
Changelog: http://www.gphoto.org/news/
No ABI change, no need to bump consumers
PR: 252959, 252960
Submitted by: fluffy
Approved by: maintainer (woodsb02)
Hook drm-fbsd13-kmod to the maser drm-kmod port and bump its PORTREVISION.
Add new drm-fbsd13-kmod to the conflict lists of the other ports.
Be pedantic about version boundaries.
Approved by: manu (on ports-committers)
graphics/drm-fbsd13-kmod: Add new port
This is the drm port for FreeBSD 13.
Now that stable/13 is branched we can create it.
main (14-CURRENT) users still need to use either drm-current-kmod or
drm-devel-kmod
Fix PKGBASE collision
graphics/drm-fbsd13-kmod: Update comment
This is only supported on FreeBSD 13.
Reported by: rene
devel/py-python-dtrace: Update to 0.0.11
I have committed changes upstream to allow building against Python3 as well
as patches to build on FreeBSD, so the current patches are no longer needed.
Reviewed by: swills
Differential Revision: https://reviews.freebsd.org/D28020
Make sure SRC_BASE is defined before testing it
emulators/qemu-utils: unbreak after r553312
Due to many breaking changes temporarily switch to qemu42.
===> Applying extra patch files/patch-configure
1 out of 2 hunks failed--saving rejects to configure.rej
===> Applying extra patch files/patch-Makefile
2 out of 3 hunks failed--saving rejects to Makefile.rej
ERROR: unknown option --disable-bluez
strip: open ../stage/usr/local/bin/qemu-* failed: No such file or directory
PR: 252498
dns/dnsmasq: security update to 2.83
CHANGELOG of version 2.83:
Use the values of --min-port and --max-port in outgoing
TCP connections to upstream DNS servers.
Fix a remote buffer overflow problem in the DNSSEC code. Any
dnsmasq with DNSSEC compiled in and enabled is vulnerable to this,
referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683
CVE-2020-25687.
Be sure to only accept UDP DNS query replies at the address
from which the query was originated. This keeps as much entropy
in the {query-ID, random-port} tuple as possible, to help defeat
cache poisoning attacks. Refer: CVE-2020-25684.
Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CVE-2020-25685.
Handle multiple identical near simultaneous DNS queries better.
Previously, such queries would all be forwarded
independently. This is, in theory, inefficent but in practise
not a problem, _except_ that is means that an answer for any
of the forwarded queries will be accepted and cached.
An attacker can send a query multiple times, and for each repeat,
another {port, ID} becomes capable of accepting the answer he is
sending in the blind, to random IDs and ports. The chance of a
succesful attack is therefore multiplied by the number of repeats
of the query. The new behaviour detects repeated queries and
merely stores the clients sending repeats so that when the
first query completes, the answer can be sent to all the
clients who asked. Refer: CVE-2020-25686.
Security: 5b5cf6e5-5b51-11eb-95ac-7f9491278677
Security: CVE-2020-25684
Security: CVE-2020-25685
Security: CVE-2020-25686
Security: CVE-2020-25681
Security: CVE-2020-25682
Security: CVE-2020-25683
Security: CVE-2020-25687
- Fix name of PAM policy file, so that it is actually used
- While here, install PAM policy file using @sample directive, so it
is managed as a condfiguration file
PR: 252837
Submitted by: genneko217@gmail.com
games/pinball: fix build on GCC architectures
Pinball.cpp:733: error: expected `(' before '{' token
Pinball.cpp: At global scope:
Pinball.cpp:733: error: mixing declarations and function-definitions is forbidden
Pinball.cpp:733: error: a function-definition is not allowed here before '{' token
Pinball.cpp:733: error: expected unqualified-id before ',' token
Pinball.cpp:733: error: a function-definition is not allowed here before '{' token
Pinball.cpp:733: error: expected unqualified-id before ',' token
Pinball.cpp:733: error: a function-definition is not allowed here before '{' token
Pinball.cpp:734: error: expected unqualified-id before '{' token
audio/kid3*: Switch to the smaller tar.xz distfile from the KDE mirrors.
There is no change in the content between this and the tar.gz distfile from
Sourceforge, so no need to rebuild.
Update WWW which was redirecting.
math/cppad: fix build on GCC architectures
The c++ complier flag __cplusplus is less than 201103. Starting with
cppad-20201202, c++11 or higher is required.
multimedia/kodi-addon-pvr-iptvsimple: fix build on GCC architectures
CMake Error in CMakeLists.txt:
Target "pvr.iptvsimple" requires the language dialect "CXX14" , but CMake
does not know the compile flags to use to enable it.
graphics/pdfpc: fix build on GCC architectures
In file included from /usr/local/include/webkitgtk-4.0/jsc/jsc.h:25,
from /usr/local/include/webkitgtk-4.0/webkit2/WebKitJavascriptResult.h:28,
from /usr/local/include/webkitgtk-4.0/webkit2/webkit2.h:57,
from src/classes/view/markdown.c:4:
/usr/local/include/webkitgtk-4.0/jsc/JSCClass.h:37: error: redefinition of typedef 'JSCClass'
/usr/local/include/webkitgtk-4.0/jsc/JSCValue.h:43: error: previous declaration of 'JSCClass' was here
/usr/local/include/webkitgtk-4.0/jsc/JSCClass.h:40: error: redefinition of typedef 'JSCContext'
/usr/local/include/webkitgtk-4.0/jsc/JSCValue.h:44: error: previous declaration of 'JSCContext' was here
science/rdkit: fix packaging on powerpc64
Also switch not-working with Clang -mpopcntb with -mpopcntd (as a side effect it also raises requirements from POWER5 to POWER7).
games/sauerbraten: fix build on GCC architectures
In file included from engine/rendermodel.cpp:28:
engine/md2.h: In constructor 'md2::md2(const char*)':
engine/md2.h:74: error: class 'md2' does not have any field named 'vertloader'
engine/md2.h:74: error: no matching function for call to 'vertloader<md2>::vertloader()'
engine/vertmodel.h:433: note: candidates are: vertloader<MDL>::vertloader(const char*) [with MDL = md2]
engine/vertmodel.h:432: note: vertloader<md2>::vertloader(const vertloader<md2>&)
archivers/pecl-rar: fix build on GCC architectures
In file included from /wrkdirs/usr/ports/archivers/pecl-rar/work-php73/rar-4.2.0/rararch.c:44:
/wrkdirs/usr/ports/archivers/pecl-rar/work-php73/rar-4.2.0/php_compat.h:15: error: redefinition of typedef 'handler_this_t'
/wrkdirs/usr/ports/archivers/pecl-rar/work-php73/rar-4.2.0/php_compat.h:15: error: previous declaration of 'handler_this_t' was here
/wrkdirs/usr/ports/archivers/pecl-rar/work-php73/rar-4.2.0/php_compat.h:19: error: redefinition of typedef 'rar_obj_ref'
/wrkdirs/usr/ports/archivers/pecl-rar/work-php73/rar-4.2.0/php_compat.h:19: error: previous declaration of 'rar_obj_ref' was here
/wrkdirs/usr/ports/archivers/pecl-rar/work-php73/rar-4.2.0/php_compat.h:46: error: redefinition of typedef 'zpp_s_size_t'
/wrkdirs/usr/ports/archivers/pecl-rar/work-php73/rar-4.2.0/php_compat.h:46: error: previous declaration of 'zpp_s_size_t' was here
x11/xdialog: fix build on GCC architectures
Add USES=pkgconfig:
checking for GTK+ - version >= 2.2.0... no
*** A new enough version of pkg-config was not found.
While here, add USES=gnome.
archivers/pecl-rar: fix build on GCC architectures
In file included from /wrkdirs/usr/ports/archivers/pecl-rar/work-php73/rar-4.2.0/rararch.c:44:
/wrkdirs/usr/ports/archivers/pecl-rar/work-php73/rar-4.2.0/php_compat.h:15: error: redefinition of typedef 'handler_this_t'
/wrkdirs/usr/ports/archivers/pecl-rar/work-php73/rar-4.2.0/php_compat.h:15: error: previous declaration of 'handler_this_t' was here
/wrkdirs/usr/ports/archivers/pecl-rar/work-php73/rar-4.2.0/php_compat.h:19: error: redefinition of typedef 'rar_obj_ref'
/wrkdirs/usr/ports/archivers/pecl-rar/work-php73/rar-4.2.0/php_compat.h:19: error: previous declaration of 'rar_obj_ref' was here
/wrkdirs/usr/ports/archivers/pecl-rar/work-php73/rar-4.2.0/php_compat.h:46: error: redefinition of typedef 'zpp_s_size_t'
/wrkdirs/usr/ports/archivers/pecl-rar/work-php73/rar-4.2.0/php_compat.h:46: error: previous declaration of 'zpp_s_size_t' was here
multimedia/kodi-addon-pvr-hts: fix build on GCC architectures
CMake Error in CMakeLists.txt:
Target "pvr.hts" requires the language dialect "CXX17" , but CMake does not
know the compile flags to use to enable it.
dns/yadifa: fix build on GCC architectures
In file included from /usr/include/openssl/bn.h:20,
from /usr/include/openssl/engine.h:18,
from /wrkdirs/usr/ports/dns/yadifa/work/yadifa-2.4.1-9916/lib/dnscore/include/dnscore/digest.h:53,
from /wrkdirs/usr/ports/dns/yadifa/work/yadifa-2.4.1-9916/lib/dnscore/include/dnscore/dnskey.h:50,
from /wrkdirs/usr/ports/dns/yadifa/work/yadifa-2.4.1-9916/lib/dnscore/include/dnscore/tsig.h:48,
from /wrkdirs/usr/ports/dns/yadifa/work/yadifa-2.4.1-9916/lib/dnscore/include/dnscore/message.h:64,
from src/acl.c:57:
/usr/include/openssl/crypto.h:322: error: expected ')' before '__attribute__'
/usr/include/openssl/crypto.h:322: error: expected identifier or '(' before ')' token
llvm11: Update to 11.0.1 release
Force linkage with the base system's ncurses in lldb and disable
terminfo to avoid untracked dependencies when ncurses is installed from
ports. Ideally we'd also use the base libtinfo, but I have been unable
to find a way to force it to be used.
PR: 252120
lang/php80: Fix "can't locate API module structure `php8_module' in file /usr/local/libexec/apache24/libphp.so"
Because of the SHORTMODNAME an entry for php8_module was added to httpd.conf when installing www/mod_php80.
This was an error, because the module is now simple named "php_module".
PR: 251411
Reported by: <freebsd-bugzilla@b-society.se>
Sponsored by: PHP Update Service
lang/php80: Update from 8.0.0 to 8.0.1
Core:
Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).
Fixed bug #72964 (White space not unfolded for CC/Bcc headers).
Fixed bug #80391 (Iterable not covariant to mixed).
Fixed bug #80393 (Build of PHP extension fails due to configuration gap with libtool).
Fixed bug #77069 (stream filter loses final block of data).
Fileinfo:
Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT).
FPM:
Fixed bug #69625 (FPM returns 200 status on request without SCRIPT_FILENAME env).
IMAP:
Fixed bug #80438 (imap_msgno() incorrectly warns and return false on valid UIDs in PHP 8).
Fix a regression with valid UIDs in imap_savebody().
Make warnings for invalid message numbers/UIDs between functions consistent.
Intl:
Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined).
Opcache:
Fixed bug #80404 (Incorrect range inference result when division results in float).
Fixed bug #80377 (Opcache misses executor_globals).
Fixed bug #80433 (Unable to disable the use of the AVX command when using JIT).
Fixed bug #80447 (Strange out of memory error when running with JIT).
Fixed bug #80480 (Segmentation fault with JIT enabled).
Fixed bug #80506 (Immediate SIGSEGV upon ini_set("opcache.jit_debug", 1)).
OpenSSL:
Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).
PDO MySQL:
Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries).
Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared statements).
Fixed bug #78152 (PDO::exec() - Bad error handling with multiple commands).
Fixed bug #66878 (Multiple rowsets not returned unless PDO statement object is unset()).
Fixed bug #70066 (Unexpected "Cannot execute queries while other unbuffered queries").
Fixed bug #71145 (Multiple statements in init command triggers unbuffered query error).
Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).
Fixed bug #79872 (Can't execute query with pending result sets).
Fixed bug #79131 (PDO does not throw an exception when parameter values are missing).
Fixed bug #72368 (PdoStatement->execute() fails but does not throw an exception).
Fixed bug #62889 (LOAD DATA INFILE broken).
Fixed bug #67004 (Executing PDOStatement::fetch() more than once prevents releasing resultset).
Fixed bug #79132 (PDO re-uses parameter values from earlier calls to execute()).
Phar:
Fixed bug #73809 (Phar Zip parse crash - mmap fail).
Fixed bug #75102 (`PharData` says invalid checksum for valid tar).
Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow).
Phpdbg:
Fixed bug #76813 (Access violation near NULL on source operand).
SPL:
Fixed bug #62004 (SplFileObject: fgets after seek returns wrong line).
Standard:
Fixed bug #80366 (Return Value of zend_fstat() not Checked).
Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)
Tidy:
Fixed bug #77594 (ob_tidyhandler is never reset).
Tokenizer:
Fixed bug #80462 (Nullsafe operator tokenize with TOKEN_PARSE flag fails).
XML:
XmlParser opaque object renamed to XMLParser for consistency with other XML objects.
Zlib:
Fixed bug #48725 (Support for flushing in zlib stream).
PR: 252508
Submitted by: <michael.glaus@hostpoint.ch>, samm
Differential Revision: D28065
comms/acfax: fix the build against -CURRENT
libgnuregex has been removed in FreeBSD 13.0. The version in base had a
number of known or likely bugs associated with it, so just use the newer
and more stable port on all supported FreeBSD versions.
PR: 252247
x11-toolkits/vdk: fix build on -CURRENT
libgnuregex has been removed in FreeBSD 13.0. The version in base had a
number of known or likely bugs associated with it, so just use the newer
and more stable port on all supported FreeBSD versions.
PR: 252259
textproc/chpp: fix the build against -CURRENT
libgnuregex has been removed in FreeBSD 13.0. The version in base had a
number of known or likely bugs associated with it, so just use the newer
and more stable port on all supported FreeBSD versions.
PR: 252256
editors/zile: fix the build on -CURRENT
libgnuregex has been removed in FreeBSD 13.0. The version in base had a
number of known or likely bugs associated with it, so just use the newer
and more stable port on all supported FreeBSD versions.
PR: 252251
Approved by: maintainer (culot)
editors/zile: pick up missing PORTREVISION bump
r561090 intended to bump the PORTREVISION so that builders on earlier
FreeBSD versions pick up the more stable libgnuregex. Do so now.
audio/tagtool: use libgnuregex from devel/libgnuregex
libgnuregex has been removed in FreeBSD 13.0. The version in base had a
number of known or likely bugs associated with it, so just use the newer
and more stable port on all supported FreeBSD versions.
PR: 252245
- Fix script used to extract themes to fallback to /tmp when both
TMPDIR and XDG_CACHE_HOME environment variables are not defined [1]
- Fix crash caused by null terminated list missing the terminating
null element due to no allocating enough elements [2]
Reported by: Andrea Venturoli <ml@netfence.it> [1] [2]
Patch submitted by: Andrea Venturoli <ml@netfence.it> [2]
Fix conky build on head after commit a21def4d568f which removed the
wi driver.
The code actually depending on this include is already disabled by
#if 0, so there is no functional change.
- Fix build with -fno-common (clang 11 and gcc 10)
- Use MANPREFIX/share/man for manpage path
- Remove over-optimization
- Bump port revision for package change
Reviewed by: ehaupt
security/suricata: Update to 5.0.5 [1]
* Remove the JSON option and convert the relevant parts into fixed
components because devel/jansson has become a mandatory dependency since
the 5.0.0 release. [2]
Changelog:
https://github.com/OISF/suricata/blob/suricata-5.0.5/ChangeLog
PR: 251887
Submitted by: Franco Fichtner <franco@opnsense.org> (maintainer) [1]
Reviewed by: fernape, daniel.engberg.lists@pyret.net
Approved by: maintainer [2]
Approved by: ports-secteam (implicit, bugfix blanket)
Fix build on i386
PR: 252280
Reported by: Victor Sudakov <vas@sibptus.ru>
Submitted by: dim
Fix build on armv6
PR: 251448
Submitted by: Martin Birgmeier <d8zNeCFG@aon.at>
graphics/vulkan-tools: minor cleanup
- Update description
- Convert to USES=xorg
- Prefer standard _DESC
- Declare CMAKE_ARGS type
- Simplify _DEPENDS
- Drop excessive newlines
news/rntrack: fix build on GCC architectures
h/typedefs.h:27: error: redefinition of typedef 'bit'
h/UNIX.h:173: error: previous declaration of 'bit' was here
devel/cvs: remove libgnuregex dependency.
The only usage of regular expression in cvs was in import.c, and for
that particular usage, no GNU extension was used; with the removal of
libgnuregex, we could just drop the dependency and use the base system
regex(3) instead.
This fixes build on -CURRENT.
PR: 252248
Approved by: portmgr (build fix blanket)
audio/libsidplay2: several fixes and improvements
- fix build on architectures using GCC 6
- drop unused gmake dependency
- use DIST* instead of PORT*
PR: 252368
Submitted by: Daniel Engberg