Apply same fix used for the main port in commit ef04eff33cf626:
Src HEAD commit 6d3e78ad6c11 vfs_quotactl function signature, adapt
virtualbox code to be able to compile there too.
Reported by: koobs, dim
MFH: 2021Q2
(cherry picked from commit 4792c8e65e)
* The deprecated function "time.clock()" has been removed in Python 3.8
and "time.perf_counter()" should be used instead.
Because updating to a newer version of PySolFC requires a bit more
work, use a backport for now to remedy the runtime issues.
* Bump PORTREVISION due changed package contents.
PR: 256504
Reported by: <sven.a.jonsson@bahnhof.se>
MFH: 2021Q2
(cherry picked from commit 91cf304355)
Add some PHP dependencies required by this port.
Tweak the pkg-message output to hint that telemetry requires configuration
settings at build time.
PR: 256891
Reported by: dvl
(cherry picked from commit 0bf5aa7c48)
At runtime, qt5-graphicaleffects are needed to display anything
in the timeline (e.g. a conversation in a room). Even the loading-
spinner isn't shown without it. Demonstrated by trying to run
nheko in a "bare" machine with just XOrg and twm.
PR: 256839
Reported by: Filipe da Silva Santos
[[ Cherry pick is not exact because quarterly has an older version,
but the runtime requirement is still there. ]]
(cherry picked from commit e0f0a32d50)
v2.5.7 fixes:
OSS-fuzz 28051 Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
OSS-fuzz 28155 Crash in Imf_2_5::PtrIStream::read
v2.5.6 fix:
Fixed regression in Imath::succf() and Imath::predf() when negative values are given
llvm-config found: NO found '9.0.1' but need '>= 11.0.0'
Run-time dependency LLVM found: NO (tried cmake and config-tool)
Looking for a fallback subproject for the dependency llvm (modules: bitwriter, engine, mcdisassembler, mcjit, core, executionengine, scalaropts, transformutils, instcombine, amdgpu, native, bitreader, ipo, asmparser)
meson.build:1604:2: ERROR: Neither a subproject directory nor a llvm.wrap file was found.
(cherry picked from commit b0b997e3fc)
% x2goclient-cli --user <user> --server <server>
Password:
sh: setsid: not found
sh: setsid: not found
sh: setsid: not found
sh: setsid: not found
sh: setsid: not found
PR: 253449
Reported by: parv.0zero9+freebsd@gmail.com
Approved by: maintainer timeout
(cherry picked from commit 5660dfa864)
Revert recent update to 3.6.1 back to 3.5.9 to fix the build. As there
is no mail/postfix35 that builds on FreeBSD 11, keep mail/postfix on the
last version known to build and run on FreeBSD 11.
And while here, also update the MAINTAINER. No functional change.
This is a direct commit to 2021Q2.
The commit hook is preventing updates here, remove the file so it can be
fixed and updated.
PR: 256043
MFH: 2021Q2
(cherry picked from commit 1f11aee3c6)
Reported at https://github.com/fail2ban/fail2ban/issues/2634
fail2ban should check and, if necessary create, the required directory.
It is still up to the user to ensure that configuration in fail2ban's
conf files and FreeBSD's /etc/rc.conf are in sync and that both, pidfile
and socket reside in the same directory.
PR: 244092
Approved by: maintainer
MFH: 2021Q2
(cherry picked from commit b48d2a658e)
Remove use of python2 for scons, builds fine with py3 scons
Disable use of internal png, freetype and zlib.
This matches ports for godot v3 and fixes build on powerpc64le.
PR: 254867
Approved by: maintainer
MFH: 2021Q2
(cherry picked from commit 56c603914f)
suricata-update is failing to find certain python modules when trying
to update rules.
PR: 255397
Reported by: Ian Dickens <ian@south-border.com>
Approved by: maintainer
MFH: 2021Q2
(cherry picked from commit b0e101ec78)
Major changes between sudo 1.9.7p1 and 1.9.7
* Fixed an SELinux sudoedit bug when the edited temporary file
could not be opened. The sesh helper would still be run even
when there are no temporary files available to install.
* Fixed a compilation problem on FreeBSD.
* The sudo_noexec.so file is now built as a module on all systems
other than macOS. This makes it possible to use other libtool
implementations such as slibtool. On macOS shared libraries and
modules are not interchangeable and the version of libtool shipped
with sudo must be used.
* Fixed a few bugs in the getgrouplist() emulation on Solaris when
reading from the local group file.
* Fixed a bug in sudo_logsrvd that prevented periodic relay server
connection retries from occurring in "store_first" mode.
* Disabled the nss_search()-based getgrouplist() emulation on HP-UX
due to a crash when the group source is set to "compat" in
/etc/nsswitch.conf. This is probably due to a mismatch between
include/compat/nss_dbdefs.h and what HP-UX uses internally. On
HP-UX we now just cycle through groups the slow way using
getgrent(). Bug #978.
PR: 256561
Submitted by: cy
Reported by: cy
Approved by: garga (maintainer)
MFH: 2020Q2
(cherry picked from commit f34318c566)
After src commit e266a0f7f001 a module is not allowed to call
kern_kldload while being loaded. The virtualbox module is doing
exactly this though. virutalbox used to do this because the ng_ether
netgraph node did not provide version information in the past and
there was no way to properly depend on it.
ng_ether has gained versioning information in base r238844 more
than ten years ago, so we can now unconditionally properly depend
on it, since this revision is now included in all supported FreeBSD
versions.
Thanks to Tomoaki AOKI for identifying the base commuit exposing
the issue.
Backport fix to legacy port.
WHile here also merge a double patch for the smae file.
PR: 256505
MFH: 2021Q2
(cherry picked from commit 354344ce8a)
After src commit e266a0f7f001 a module is not allowed to call
kern_kldload while being loaded. The virtualbox module is doing
exactly this though. virutalbox used to do this because the ng_ether
netgraph node did not provide version information in the past and
there was no way to properly depend on it.
ng_ether has gained versioning information in base r238844 more
than ten years ago, so we can now unconditionally properly depend
on it, since this revision is now included in all supported FreeBSD
versions.
Thanks to Tomoaki AOKI for identifying the base commuit exposing
the issue.
PR: 256505
Tested by: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
MFH: 2021Q2
Differential Revision: https://reviews.freebsd.org/D30722
(cherry picked from commit 082999790a)
See [1] for details:
Expat 2.4.0 and follow-up release 2.4.1 have both been released earlier
today (21-05-23). Release 2.4.0 fixes long known security issue CVE-2013-0340 by
adding protection against so-called Billion Laughs Attacks, a form of
denial of service against applications accepting XML input, in all known
variations, including recent flavor Parameter Laughs.
[1] https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0
PR: 256121
Exp-run by: antoine
(cherry picked from commit 1454ab4020)
Python now requires libffi from ports and does not build with LIBFFI
disabled, so remove the option.
PR: 256141
Reported by: majo-bugs.freebsd.org@cerny.sk
Reviewed by: koobs (python)
Approved by: koobs (python)
MFH: 2020Q2 (bugfix)
(cherry picked from commit 64be746e53)
Czkawka (tch-kav-ka, hiccup) is a simple, fast and free app to remove
unnecessary files from your computer.
Features:
- Written in memory safe Rust
- Amazingly fast - due to using more or less advanced algorithms and
multithreading
- Free, Open Source without ads
- Multiplatform - works on Linux, Windows and macOS
- Cache support - second and further scans should be a lot faster than
the first one
- CLI frontend - for easy automation
- GUI frontend - uses modern GTK 3 and looks similar to FSlint
- Rich search option - allows setting absolute included and excluded
directories, set of allowed file extensions or excluded items with
the * wildcard
- Multiple tools to use:
- Duplicates - Finds duplicates basing on file name, size, hash,
first 1 MB of hash
- Empty Folders - Finds empty folders with the help of an advanced
algorithm
- Big Files - Finds the provided number of the biggest files in
given location
- Empty Files - Looks for empty files across the drive
- Temporary Files - Finds temporary files
- Similar Images - Finds images which are not exactly the same
(different resolution, watermarks)
- Zeroed Files - Finds files which are filled with zeros (usually
corrupted)
- Same Music - Searches for music with same artist, album etc.
- Invalid Symbolic Links - Shows symbolic links which points to
non-existent files/directories
- Broken Files - Finds files with an invalid extension or that are
corrupted
https://github.com/qarmin/czkawka
(cherry picked from commit 876342f052)
When cherry-pick'ing 2.26.1, Makefile.modules was also incorrectly
merged. This is a direct commit to 2021Q2 to fix the build.
Fixes: 656940c421
Fixes: ece647d08c
Reported by: phyber (irc)
Approved by: lwhsu (mentor, implicit), portmgr (implicit, fix build)
This partially reverts commit 2a866a1, and instead installs
the pidfile to /var/run/zrepl.pid fixing the problem seen in
PR 255981.
As taken from the zrepl documentation[1]:
[....]
The zrepl daemon needs to open various UNIX sockets in a runtime directory:
a control socket that the CLI commands use to interact with the daemon
the ssh+stdinserver Transport listener opens one socket per configured
client, named after client_identity parameter
There is no authentication on these sockets except the UNIX permissions.
The zrepl daemon will refuse to bind any of the above sockets in a
directory that is world-accessible.
[....]
[1] https://zrepl.github.io/configuration/misc.html#runtime-directories-unix-sockets
PR: 256472
Reported by: Raúl <raul.munoz@custos.es>
(cherry picked from commit 621d9c9f59)
In file included from rpcs3/Emu/Cell/Modules/cellNetCtl.cpp:1:
In file included from rpcs3/stdafx.h:7:
In file included from Utilities/File.h:4:
rpcs3/util/shared_ptr.hpp:10:17: error: constexpr variable 'same_ptr_implicit_v<thread_future, thread_future_t<true, netstart_hack &, int>>' must be initialized by a constant expression
constexpr bool same_ptr_implicit_v = std::is_convertible_v<const volatile From*, const volatile To*> ? is_same_ptr<From, To>() : false;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rpcs3/util/shared_ptr.hpp:396:34: note: in instantiation of variable template specialization 'stx::same_ptr_implicit_v<thread_future, thread_future_t<true, netstart_hack &, int>>' requested here
template <typename U> requires same_ptr_implicit_v<T, U>
^
rpcs3/util/shared_ptr.hpp:396:34: note: while substituting template arguments into constraint expression here
template <typename U> requires same_ptr_implicit_v<T, U>
^~~~~~~~~~~~~~~~~~~~~~~~~
Utilities/Thread.h:567:18: note: while checking constraint satisfaction for template 'shared_ptr<thread_future_t<true, netstart_hack &, int>>' required here
thread::push(std::move(target));
^~~
Utilities/Thread.h:567:18: note: in instantiation of function template specialization 'stx::shared_ptr<thread_future>::shared_ptr<thread_future_t<true, netstart_hack &, int>>' requested here
rpcs3/Emu/Cell/Modules/cellNetCtl.cpp:264:43: note: in instantiation of function template specialization 'named_thread<netstart_hack>::operator()<true, int>' requested here
g_fxo->get<named_thread<netstart_hack>>()(0);
^
rpcs3/util/types.hpp:1049:16: note: non-constexpr function 'allocate' cannot be used in a constant expression
X* ptr = a.allocate(1);
^
rpcs3/util/shared_ptr.hpp:10:105: note: in call to 'is_same_ptr()'
constexpr bool same_ptr_implicit_v = std::is_convertible_v<const volatile From*, const volatile To*> ? is_same_ptr<From, To>() : false;
^
/usr/include/c++/v1/memory:1783:66: note: declared here
_LIBCPP_NODISCARD_AFTER_CXX17 _LIBCPP_INLINE_VISIBILITY _Tp* allocate(size_t __n)
^
In file included from rpcs3/Emu/Cell/Modules/cellNetCtl.cpp:1:
In file included from rpcs3/stdafx.h:7:
In file included from Utilities/File.h:4:
rpcs3/util/shared_ptr.hpp:396:34: error: substitution into constraint expression resulted in a non-constant expression
template <typename U> requires same_ptr_implicit_v<T, U>
^~~~~~~~~~~~~~~~~~~~~~~~~
Utilities/Thread.h:567:18: note: while checking constraint satisfaction for template 'shared_ptr<thread_future_t<true, netstart_hack &, int>>' required here
thread::push(std::move(target));
^~~
Utilities/Thread.h:567:18: note: in instantiation of function template specialization 'stx::shared_ptr<thread_future>::shared_ptr<thread_future_t<true, netstart_hack &, int>>' requested here
rpcs3/Emu/Cell/Modules/cellNetCtl.cpp:264:43: note: in instantiation of function template specialization 'named_thread<netstart_hack>::operator()<true, int>' requested here
g_fxo->get<named_thread<netstart_hack>>()(0);
^
rpcs3/util/shared_ptr.hpp:396:34: note: initializer of 'same_ptr_implicit_v<thread_future, thread_future_t<true, netstart_hack &, int>>' is not a constant expression
template <typename U> requires same_ptr_implicit_v<T, U>
^
rpcs3/util/shared_ptr.hpp:10:17: note: declared here
constexpr bool same_ptr_implicit_v = std::is_convertible_v<const volatile From*, const volatile To*> ? is_same_ptr<From, To>() : false;
^
In file included from rpcs3/Emu/Cell/Modules/cellNetCtl.cpp:3:
In file included from rpcs3/Emu/Cell/PPUModule.h:3:
In file included from rpcs3/Emu/Cell/PPUFunction.h:3:
In file included from rpcs3/Emu/Cell/PPUThread.h:3:
In file included from rpcs3/Emu/CPU/CPUThread.h:3:
Utilities/Thread.h:567:18: error: no viable conversion from 'typename remove_reference<single_ptr<thread_future_t<true, netstart_hack &, int>> &>::type' (aka 'stx::single_ptr<thread_future_t<true, netstart_hack &, int>>') to 'shared_ptr<thread_future>'
thread::push(std::move(target));
^~~~~~~~~~~~~~~~~
rpcs3/Emu/Cell/Modules/cellNetCtl.cpp:264:43: note: in instantiation of function template specialization 'named_thread<netstart_hack>::operator()<true, int>' requested here
g_fxo->get<named_thread<netstart_hack>>()(0);
^
rpcs3/util/shared_ptr.hpp:356:3: note: candidate constructor not viable: no known conversion from 'typename remove_reference<single_ptr<thread_future_t<true, netstart_hack &, int>> &>::type' (aka 'stx::single_ptr<thread_future_t<true, netstart_hack &, int>>') to 'const stx::shared_ptr<thread_future> &' for 1st argument
shared_ptr(const shared_ptr& r) noexcept
^
rpcs3/util/shared_ptr.hpp:364:34: note: candidate constructor not viable: no known conversion from 'typename remove_reference<single_ptr<thread_future_t<true, netstart_hack &, int>> &>::type' (aka 'stx::single_ptr<thread_future_t<true, netstart_hack &, int>>') to 'std::nullptr_t' (aka 'nullptr_t') for 1st argument
[[deprecated("Use null_ptr")]] shared_ptr(std::nullptr_t) = delete;
^
rpcs3/util/shared_ptr.hpp:383:3: note: candidate constructor not viable: no known conversion from 'typename remove_reference<single_ptr<thread_future_t<true, netstart_hack &, int>> &>::type' (aka 'stx::single_ptr<thread_future_t<true, netstart_hack &, int>>') to 'stx::shared_ptr<thread_future> &&' for 1st argument
shared_ptr(shared_ptr&& r) noexcept
^
rpcs3/util/shared_ptr.hpp:376:3: note: candidate template ignored: could not match 'shared_ptr' against 'single_ptr'
shared_ptr(const shared_ptr<U>& r) noexcept
^
rpcs3/util/shared_ptr.hpp:390:3: note: candidate template ignored: could not match 'shared_ptr' against 'single_ptr'
shared_ptr(shared_ptr<U>&& r) noexcept
^
rpcs3/util/shared_ptr.hpp:397:3: note: candidate template ignored: failed template argument deduction
shared_ptr(single_ptr<U>&& r) noexcept
^
rpcs3/util/shared_ptr.hpp:367:12: note: explicit constructor is not a candidate
explicit shared_ptr(T* _this) noexcept
^
rpcs3/util/shared_ptr.hpp:200:3: note: candidate function
operator element_type*() const noexcept
^
rpcs3/util/shared_ptr.hpp:212:12: note: explicit conversion function is not a candidate
explicit operator single_ptr<U>() && noexcept
^
Utilities/Thread.h:187:37: note: passing argument to parameter here
void push(shared_ptr<thread_future>);
^
Reported by: pkg-fallout
(cherry picked from commit e8aa9591b3)
- Update libwebsockets to 4.2.0
- Enable mqtt support by default
- "Hack" around hard git requirement
PR: 256019
(cherry picked from commit ca989f6339)
Changes since 3.0.12:
---------------------
Demux:
* Adaptive: fix artefacts in HLS streams with wrong profiles/levels
* Fix regression on some MP4 files for the audio track
* Fix MPGA and ADTS probing in TS files
* Fix Flac inside AVI files
* Fix VP9/Webm artefacts when seeking
Codec:
* Support SSA text scaling
* Fix rotation on Android rotation
* Fix WebVTT subtitles that start at 00:00
Access:
* Update libnfs to support NFSv4
* Improve SMB2 integration
* Fix Blu-ray files using Unicode names on Windows
* Disable mcast lookups on Android for RTSP playback
Video Output:
* Rework the D3D11 rendering wait, to fix choppiness on display
Interfaces:
* Fix VLC getting stuck on close on X11 (#21875)
* Improve RTL on preferences on macOS
* Add mousewheel horizontal axis control
* Fix crash on exit on macOS
* Fix sizing of the fullscreen controls on macOS
Windows:
* Fix subtitles/OSD under Windows XP
Misc:
* Update translations
* Improve MIDI fonts search on Linux
* Update Soundcloud, Youtube, liveleak
* Fix compilation with GCC11
* Fix input-slave option for subtitles
MFH: 2021Q2
(cherry picked from commit 984c3ef8a6)
It turned out that the version raylib 3.7.0 produces .so
version 3.5.0 (as submitted in original PR)
This will be discussed with upstream, but for now, fix the
build by using the version(s) produced by the build.
PR: 256428
(cherry picked from commit 57cf60e917)
Committing slightly modified version, providing for less
work in future updates, in line with what was introduced
in update to 3.5.0.
PR: 256428
(cherry picked from commit e6803e7083)
When cherry-pick'ing 2.61.1, distinfo was incorrectly merged. This is a
direct commit to 2021Q2 to fix the issue.
Fixes: ece647d08c
Reported by: phyber (irc), mandree
Approved by: lwhsu (mentor, implicit), portmgr (implicit, fix build)
- Update to 20.4.1.407.006
And while here, also Reformat Makefile a bit.
PR: 256397
Approved by: vvd@unislabs.com (maintainer)
(cherry picked from commit a52149b285)
Instead of writing everything in the new commit template all at once in
a large here document, do it cleanly one command at a time.
(cherry picked from commit d744a8de42)
- Capitalize the topic line: this way the example is consistent with the
desired style.
- Update the description of MFH.
- Point the Pull Request field to the ports repo on GitHub.
Reviewed by: mat, bapt
Differential Revision: https://reviews.freebsd.org/D29861
(cherry picked from commit 37dfa4eeea)
Src HEAD commit 6d3e78ad6c11 vfs_quotactl function signature, adapt
virtualbox code to be able to compile there too.
MFH: 2021Q2
(cherry picked from commit ef04eff33c)
Static linked binaries, due to the fact that they're statically linked,
can pose a security risk should a library be updated and depending
software not be recompiled and linked. This was a hot topic on BUGTRAQ
about 25 years ago.
The default is to build static libraries so as not to alter the package
avoiding a POLA violation.
PR: 255735
Submitted by: Daniel Engberg <daniel.engberg.lists@pyret.net> (mostly)
Reported by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Reviewed by: cy
Tested by: cy
MFH: 2021Q2
(cherry picked from commit 527821a60c)
Among other changes this release fixes -fcommon errors. A complete list
of changes can be found at https://www.sudo.ws/stable.html/
PR: 255812
Submitted by: Yasuhiro Kimura <yasu@utahime.org> (mostly)
Reported by: Yasuhiro Kimura <yasu@utahime.org>
Tested by: cy
Approved by: garga (maintainer)
MFH: 2021Q2
(cherry picked from commit 72d1eb161b)
tkcron is able to run under any version of tk. Use the default tk
prescribed by the ports tree.
PR: 255624
Reported by: Chris Hutchinson <portmaster_bsdforge.com
MFH: 2021Q2
(cherry picked from commit d87efbc457)
Bump PORTREVISION as we change the pkg-plist.
(Includes -mbedtls port variant.)
PR: 255946
Based on a patch by and
Reported by: Mikael Urankar (mikael@)
(cherry picked from commit 4210127137)
Specify path to binary dir explicitly, so the game could find its
own binary for correctly restarting and server binary for running
it
(cherry picked from commit 397395a4e5)
Changeset ab83f2b4bb changed the startup order for Postgresql. The cleartmp
rc.d now comes after the Postgresql startup. Unfortunately, Postgresql likes
to create a socket in /tmp/.s.PGSQL.5432. After cleartmp does its work, that
socket disappears from the filesystem.
Submitted by: Jeroen Pulles
PR: 256335
(cherry picked from commit 8d831eb43a)
On Intel Skylake this enables WebRender for Xorg and Wayland (wlroots).
Xwayland isn't qualified yet but Firefox can be tricked by unsetting
WAYLAND_DISPLAY or simply switching to native via MOZ_ENABLE_WAYLAND.
PR: 255344
Reported by: Evgeniy Khramtsov (via gecko@ list)
(cherry picked from commit f079b462f8)
The previous maintainer asked that the port be removed, but
we seem to have found a better solution. Gert Doering volunteered
to take over the port and reference Git directly.
Import security/openvpn fix for leftover .orig files.
PR: 256209
Maintainer change implicitly
Approved by: ecrist@secure-computing.net (removal request)
New contents reviewed and
Approved by: gert@greenie.muc.de (new maintainer, by IRC/mail)
MFH because original port no longer fetchable, Eric F. Crist
removed his download files.
(cherry picked from commit 9364842b3b)
Updated net/samba412 and net/samba413 to fix CVE-2021-20254.
Also fixed:
* Incorrect include line for the bind backend(255415)
* Broken pkg-plist with NO_PYTHON(254033)
* Broken URL parsing in LDAP client(252385)
PR: 255415
254033
252385
Security: CVE-2021-20254
(cherry picked from commit 3887986f67)
Security: 0882f019-bd60-11eb-9bdd-8c164567ca3c
Security: CVE-2021-23017
<Changelog>
*) Security: 1-byte memory overwrite might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause worker process crash or, potentially, arbitrary code execution
(CVE-2021-23017).
*) Feature: variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
*) Feature: the "max_errors" directive in the mail proxy module.
*) Feature: the mail proxy module supports POP3 and IMAP pipelining.
*) Feature: the "fastopen" parameter of the "listen" directive in the
stream module.
Thanks to Anbang Wen.
*) Bugfix: special characters were not escaped during automatic redirect
with appended trailing slash.
*) Bugfix: connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
</Changelog>
(cherry picked from commit 07d1217a85)
Crowdsec bouncer written in golang for firewalls.
cs-firewall-bouncer will fetch new and old decisions from a CrowdSec API
to add them in a blocklist used by supported firewalls.
WWW: https://github.com/crowdsecurity/cs-firewall-bouncer
(cherry picked from commit 9ecdfbcdb5)
According to:
build/moz.configure/nspr.configure (NSPR, sets minimum version)
build/moz.configure/nss.configure (NSS, sets minimum version)
gfx/harfbuzz/README.mozilla (harfbuzz embedded copy, we use our own)
gfx/graphite2/README.mozilla (graphite2 embedded copy, we use our own)
media/libpng/README (libpng embedded copy, we use our own)
media/libvpx/config/vpx_version.h (libvpx embedded copy, we use our own)
may this help me when I touch it next time
(cherry picked from commit 31c1a83b5c)
This is relapted to parameter entities expansion and following
the line of the billion laugh attack. Somehow in that path the
counting of parameters was missed and the normal algorithm based
on entities "density" was useless.
PR: 256094
Obtained from: 8598060bac
Security: CVE-2021-3541
(cherry picked from commit 83889bd687)
src/input_common/sdl/sdl_impl.cpp:95:20: error: 'SDL_ControllerSensorEvent' has not been declared
95 | void SetMotion(SDL_ControllerSensorEvent event) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~
src/input_common/sdl/sdl_impl.cpp: In member function 'void InputCommon::SDL::SDLJoystick::EnableMotion()':
src/input_common/sdl/sdl_impl.cpp:79:17: error: 'SDL_GameControllerHasSensor' was not declared in this scope; did you mean 'SDL_GameControllerGetVendor'?
79 | if (SDL_GameControllerHasSensor(controller, SDL_SENSOR_ACCEL) && !has_accel) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
| SDL_GameControllerGetVendor
src/input_common/sdl/sdl_impl.cpp:80:17: error: 'SDL_GameControllerSetSensorEnabled' was not declared in this scope; did you mean 'SDL_GameControllerGetVendor'?
80 | SDL_GameControllerSetSensorEnabled(controller, SDL_SENSOR_ACCEL, SDL_TRUE);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| SDL_GameControllerGetVendor
src/input_common/sdl/sdl_impl.cpp:83:17: error: 'SDL_GameControllerHasSensor' was not declared in this scope; did you mean 'SDL_GameControllerGetVendor'?
83 | if (SDL_GameControllerHasSensor(controller, SDL_SENSOR_GYRO) && !has_gyro) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
| SDL_GameControllerGetVendor
src/input_common/sdl/sdl_impl.cpp:84:17: error: 'SDL_GameControllerSetSensorEnabled' was not declared in this scope; did you mean 'SDL_GameControllerGetVendor'?
84 | SDL_GameControllerSetSensorEnabled(controller, SDL_SENSOR_GYRO, SDL_TRUE);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| SDL_GameControllerGetVendor
src/input_common/sdl/sdl_impl.cpp: In member function 'void InputCommon::SDL::SDLJoystick::SetMotion(int)':
src/input_common/sdl/sdl_impl.cpp:98:37: error: request for member 'timestamp' in 'event', which is of non-class type 'int'
98 | u64 time_difference = event.timestamp - last_motion_update;
| ^~~~~~~~~
src/input_common/sdl/sdl_impl.cpp:99:36: error: request for member 'timestamp' in 'event', which is of non-class type 'int'
99 | last_motion_update = event.timestamp;
| ^~~~~~~~~
src/input_common/sdl/sdl_impl.cpp💯23: error: request for member 'sensor' in 'event', which is of non-class type 'int'
100 | switch (event.sensor) {
| ^~~~~~
src/input_common/sdl/sdl_impl.cpp:102:56: error: request for member 'data' in 'event', which is of non-class type 'int'
102 | const Common::Vec3f acceleration = {-event.data[0], event.data[2], -event.data[1]};
| ^~~~
src/input_common/sdl/sdl_impl.cpp:102:71: error: request for member 'data' in 'event', which is of non-class type 'int'
102 | const Common::Vec3f acceleration = {-event.data[0], event.data[2], -event.data[1]};
| ^~~~
src/input_common/sdl/sdl_impl.cpp:102:87: error: request for member 'data' in 'event', which is of non-class type 'int'
102 | const Common::Vec3f acceleration = {-event.data[0], event.data[2], -event.data[1]};
| ^~~~
src/input_common/sdl/sdl_impl.cpp:102:94: error: could not convert '{<expression error>, <expression error>, <expression error>}' from '<brace-enclosed initializer list>' to 'const Vec3f' {aka 'const Common::Vec3<float>'}
102 | const Common::Vec3f acceleration = {-event.data[0], event.data[2], -event.data[1]};
| ^
| |
| <brace-enclosed initializer list>
src/input_common/sdl/sdl_impl.cpp:107:52: error: request for member 'data' in 'event', which is of non-class type 'int'
107 | const Common::Vec3f gyroscope = {event.data[0], -event.data[2], event.data[1]};
| ^~~~
src/input_common/sdl/sdl_impl.cpp:107:68: error: request for member 'data' in 'event', which is of non-class type 'int'
107 | const Common::Vec3f gyroscope = {event.data[0], -event.data[2], event.data[1]};
| ^~~~
src/input_common/sdl/sdl_impl.cpp:107:83: error: request for member 'data' in 'event', which is of non-class type 'int'
107 | const Common::Vec3f gyroscope = {event.data[0], -event.data[2], event.data[1]};
| ^~~~
src/input_common/sdl/sdl_impl.cpp:107:90: error: could not convert '{<expression error>, <expression error>, <expression error>}' from '<brace-enclosed initializer list>' to 'const Vec3f' {aka 'const Common::Vec3<float>'}
107 | const Common::Vec3f gyroscope = {event.data[0], -event.data[2], event.data[1]};
| ^
| |
| <brace-enclosed initializer list>
src/input_common/sdl/sdl_impl.cpp: In member function 'void InputCommon::SDL::SDLState::HandleGameControllerEvent(const SDL_Event&)':
src/input_common/sdl/sdl_impl.cpp:355:10: error: 'SDL_CONTROLLERSENSORUPDATE' was not declared in this scope; did you mean 'SDL_CONTROLLERBUTTONUP'?
355 | case SDL_CONTROLLERSENSORUPDATE: {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
| SDL_CONTROLLERBUTTONUP
src/input_common/sdl/sdl_impl.cpp:356:57: error: 'const SDL_Event' {aka 'const union SDL_Event'} has no member named 'csensor'; did you mean 'sensor'?
356 | if (auto joystick = GetSDLJoystickBySDLID(event.csensor.which)) {
| ^~~~~~~
| sensor
src/input_common/sdl/sdl_impl.cpp:357:39: error: 'const SDL_Event' {aka 'const union SDL_Event'} has no member named 'csensor'; did you mean 'sensor'?
357 | joystick->SetMotion(event.csensor);
| ^~~~~~~
| sensor
src/input_common/sdl/sdl_impl.cpp: In function 'Common::ParamPackage InputCommon::SDL::{anonymous}::SDLEventToMotionParamPackage(InputCommon::SDL::SDLState&, const SDL_Event&)':
src/input_common/sdl/sdl_impl.cpp:1008:10: error: 'SDL_CONTROLLERSENSORUPDATE' was not declared in this scope; did you mean 'SDL_CONTROLLERBUTTONUP'?
1008 | case SDL_CONTROLLERSENSORUPDATE: {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
| SDL_CONTROLLERBUTTONUP
src/input_common/sdl/sdl_impl.cpp:1012:19: error: 'const SDL_Event' {aka 'const union SDL_Event'} has no member named 'csensor'; did you mean 'sensor'?
1012 | if (event.csensor.sensor == SDL_SENSOR_ACCEL) {
| ^~~~~~~
| sensor
src/input_common/sdl/sdl_impl.cpp:1013:56: error: 'const SDL_Event' {aka 'const union SDL_Event'} has no member named 'csensor'; did you mean 'sensor'?
1013 | const Common::Vec3f acceleration = {-event.csensor.data[0], event.csensor.data[2],
| ^~~~~~~
| sensor
src/input_common/sdl/sdl_impl.cpp:1013:79: error: 'const SDL_Event' {aka 'const union SDL_Event'} has no member named 'csensor'; did you mean 'sensor'?
1013 | const Common::Vec3f acceleration = {-event.csensor.data[0], event.csensor.data[2],
| ^~~~~~~
| sensor
src/input_common/sdl/sdl_impl.cpp:1014:56: error: 'const SDL_Event' {aka 'const union SDL_Event'} has no member named 'csensor'; did you mean 'sensor'?
1014 | -event.csensor.data[1]};
| ^~~~~~~
| sensor
src/input_common/sdl/sdl_impl.cpp:1014:71: error: could not convert '{<expression error>, <expression error>, <expression error>}' from '<brace-enclosed initializer list>' to 'const Vec3f' {aka 'const Common::Vec3<float>'}
1014 | -event.csensor.data[1]};
| ^
| |
| <brace-enclosed initializer list>
src/input_common/sdl/sdl_impl.cpp:1020:19: error: 'const SDL_Event' {aka 'const union SDL_Event'} has no member named 'csensor'; did you mean 'sensor'?
1020 | if (event.csensor.sensor == SDL_SENSOR_GYRO) {
| ^~~~~~~
| sensor
src/input_common/sdl/sdl_impl.cpp:1021:52: error: 'const SDL_Event' {aka 'const union SDL_Event'} has no member named 'csensor'; did you mean 'sensor'?
1021 | const Common::Vec3f gyroscope = {event.csensor.data[0], -event.csensor.data[2],
| ^~~~~~~
| sensor
src/input_common/sdl/sdl_impl.cpp:1021:76: error: 'const SDL_Event' {aka 'const union SDL_Event'} has no member named 'csensor'; did you mean 'sensor'?
1021 | const Common::Vec3f gyroscope = {event.csensor.data[0], -event.csensor.data[2],
| ^~~~~~~
| sensor
src/input_common/sdl/sdl_impl.cpp:1022:52: error: 'const SDL_Event' {aka 'const union SDL_Event'} has no member named 'csensor'; did you mean 'sensor'?
1022 | event.csensor.data[1]};
| ^~~~~~~
| sensor
src/input_common/sdl/sdl_impl.cpp:1022:67: error: could not convert '{<expression error>, <expression error>, <expression error>}' from '<brace-enclosed initializer list>' to 'const Vec3f' {aka 'const Common::Vec3<float>'}
1022 | event.csensor.data[1]};
| ^
| |
| <brace-enclosed initializer list>
src/input_common/sdl/sdl_impl.cpp:1032:69: error: 'const SDL_Event' {aka 'const union SDL_Event'} has no member named 'csensor'; did you mean 'sensor'?
1032 | if (const auto joystick = state.GetSDLJoystickBySDLID(event.csensor.which)) {
| ^~~~~~~
| sensor
src/input_common/sdl/sdl_impl.cpp: In member function 'std::optional<Common::ParamPackage> InputCommon::SDL::Polling::SDLMotionPoller::FromEvent(const SDL_Event&) const':
src/input_common/sdl/sdl_impl.cpp:1300:14: error: 'SDL_CONTROLLERSENSORUPDATE' was not declared in this scope; did you mean 'SDL_CONTROLLERBUTTONUP'?
1300 | case SDL_CONTROLLERSENSORUPDATE:
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
| SDL_CONTROLLERBUTTONUP
Reported by: pkg-fallout
(cherry picked from commit bd9872793c)
devel/abi-compliance-checker no longer supplies
bin/abi-compliance-checker.pl but it does supply the binary
bin/abi-compliance-checker.
(cherry picked from commit 5c10906c41)
- Pet portlint
- Fix pkg-plist. Except the default pgpool.conf.sample other
pgpool.conf.sample* represents different configurations for different
scenario. Only the pgpool.conf.sample should create a corresponding
pgpool.conf file. Hence removing the @sample directive for the other
pgpool.conf.sample*
Approved by: tz
Relnotes: https://www.pgpool.net/docs/latest/en/html/release-4-1-6.html
Sponsored by: Bounce Experts
(cherry picked from commit 45438e7433)
LLVM's integrated assembler can't build ppc-gcm.s:
ppc-gcm.s:642:24: error: invalid memory operand
std 31,-8(SP);
Use as from binutils on powerpc64le.
While here correct the architecture check to also check for Linux's ppc64 - similar to the OS check in the same patch.
(cherry picked from commit 192a67a0d7)
Introduce option WITH_TESTS which covers all test/debug tools. Currently
disabled due to linking errors
PR: 255763 (based on)
Approved by: maintainer (implicit)
(cherry picked from commit 67ce935d46)
Introduce option WITH_TESTS which covers all test/debug tools. Currently disabled due to linking errors
PR: 255763 (based on)
Approved by: maintainer (implicit)
(cherry picked from commit 715e140759)
This release includes the following:
Feature:
Join Push down - If we have a join between two foreign tables from the same remote server, push that join down to the remote server instead of fetching all the rows for both the tables and performing a join locally.
Other Fixes:
Fixes crash with IMPORT FOREIGN SCHEMA when executed repeatedly.
Restricts fetching of the system attributes from the remote relation.
Fixes compiler warning due to clash with MySQL library macro.
Costs are not shown in the explain output when the COSTS explain option is OFF.
Uses environment variables in tests for connection parameters.
No longer supports PG/EPAS version 9.5.
Sponsored by: Bounce Experts
(cherry picked from commit 4394f1f2bc)
This looks like a hack needed for a patch from 2001 (which is long
gone) to work. Today it breaks the build because it lacks corresponding
dependency, so remove it.
Approved by: portmgr blanket
(cherry picked from commit 9347f261c2)
PostgreSQL 13.3, 12.7, 11.12, 10.17, and 9.6.22 Released!
The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.3, 12.7, 11.12, 10.17, and
9.6.22. This release closes three security vulnerabilities and fixes over 45
bugs reported over the last three months.
Security fixes in this release:
CVE-2021-32027: Buffer overrun from integer overflow in array subscripting
calculations
CVE-2021-32028: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
CVE-2021-32029: Memory disclosure in partitioned-table UPDATE ... RETURNING
Also plenty of bug fixes. See the release note for details.
Changes to the port:
Make sure we use the matching version of llvm. This fixes a problem with the
llvm version string not being monotonically increasing with the version
number. [1]
Better pkg message about checksums for postgresql 12+. [2] [4]
Adjust login class parameter to adhere to the documentation in rc.subr(8) [3]:
The rc.conf parameter for the login class of the postgresql daemon has
changed name from postgresql_class to postgresql_login_class, since
rc.subr(8) states that the parameter should be named ${name}_login_class.
Allow parallel builds. [5]
Correct the directory name for the user postgres in pkg message. [6]
PR: 250824 [1], 253558 [2], 236060 [3], 233106 [4], 230656 [5]
PR: 226674 [6]
Submitted by: Michael Zhilin [2], Michael Zhilin [3], Dmitry Chestnykh [4]
Submitted by: Steve Wills [5], knezour [6]
Security: 76e0bb86-b4cb-11eb-b9c9-6cc21735f730
Security: 62da9702-b4cc-11eb-b9c9-6cc21735f730
Release notes: https://www.postgresql.org/docs/release/
(cherry picked from commit ab83f2b4bb)
Add missing dependency on textproc/p5-Pod-Parser. Without it, the
following error is observed at runtime:
Can't locate Pod/Find.pm in @INC (you may need to install the Pod::Find module)
Reviewed by: koobs
Approved by: koobs (ports, mentor), portmgr (blanket: runtime fix)
Differential Revision: https://reviews.freebsd.org/D30274
MFH: 2021Q2 (missing dependency, runtime fix)
(cherry picked from commit d45fe6214c)
- add dependency virtual_oss so the microphone works [1]
- skip assertion in h264_decoder, we will force it to initialize
later [2]
PR: 246214 [1]
PR: 255484 [2]
MFH: 2021Q2
(cherry picked from commit 74647995de)
When using default config Wayfire will show black screen if wf-shell
isn't installed. However, wf-shell can be replaced by other packages.
Exposing such addons as default options causes circular dependency.
(cherry picked from commit 8a400121ea)
The call to XtVaGetValues returns a value that overwrites the `bc` variable and
smashes the stack. Use a long instead.
PR: 255765
Reported by: grahamperrin@gmail.com
Tested by: rhurling@
MFH: 2021Q2
(cherry picked from commit 339d443d7b)
Using sysconf(3) API lead to accidental introduction of variable length arrays
(VLA) in the port. Additionally one patch hardcoded 256 as the HOST_NAME_MAX
even though the code doesn't expect an additional byte for the terminating NULL
byte in the struct definition.
Fall back to using _POSIX_HOST_NAME_MAX as the remaining code is not ready for
introducing sysconf(3) as a patch.
Remove #ifdef FreeBSD from our patches.
Bump PORTREVISION to rebuild with the new patch.
Sponsored by: Fudo Security
Differential Revision: https://reviews.freebsd.org/D30048
(cherry picked from commit aa34b0f42f)
This updates both to 6ffee39fe2e4, which pulls in some patches to fix
the build after a recent commit to main that was MFC'd to stable/13.
While we're here, update qemu-user-static-devel to point to the current
upstream. qemu-user-static-devel will likely be updated in the near
future to point to imp's 6.0 rebase branch for Q/A.
(cherry picked from commit f2b487a6e9)
error: XDG_RUNTIME_DIR not set in the environment.
PR: 255355
Inspired by: hikari
Approved by: maintainer timeout
(cherry picked from commit 2d487a43aa)
o Major bugfixes (onion service, control port):
- Make the ADD_ONION command properly configure client authorization.
Before this fix, the created onion failed to add the client(s).
Fixes bug 40378; bugfix on 0.4.6.1-alpha.
o Minor features (compatibility, Linux seccomp sandbox):
- Add a workaround to enable the Linux sandbox to work correctly
with Glibc 2.33. This version of Glibc has started using the
fstatat() system call, which previously our sandbox did not allow.
Closes ticket 40382; see the ticket for a discussion of trade-offs.
etc.
Reported by: Upstream notification
(cherry picked from commit e0dfc470f5)
In 8f75e04cb8 the pgsql dependency
was dropped intentionally but WANT_PGSQL was left in place but it
has no effect now.
Fix the PGSQL_SERVER option by adding the required USES=pgsql for
WANT_PGSQL.
While here also fix opt_VARS usage. Unlike opt_USE it does not
support separating words with ,
Reported by: portscan (WANT_PGSQL without USES=pgsql)
(cherry picked from commit a868d766d8)
Cross-language LTO in www/firefox requires devel/llvm* and bundled
LLVM in lang/rust to be of the same major version. Adjust the comment
to delay future bumps but until LTO is enabled desync can still happen.
PR: 255359
Suggested by: dim
(cherry picked from commit b1c90afe23)
Complete XDG Base Directories support via PAM, including injection of
according environment variables into user sessions, as well as creation
support for per-user $XDG_RUNTIME_DIR.
https://www.sdaoden.eu/code.html#s-toolbox
(cherry picked from commit d255158645)
-- SDL2 2.0.14 or newer not found, falling back to externals.
CMake Error at externals/CMakeLists.txt:54 (add_subdirectory):
The source directory
/wrkdirs/usr/ports/emulators/yuzu/work/yuzu-2e268abe4/externals/SDL
does not contain a CMakeLists.txt file.
Reported by: pkg-fallout
(cherry picked from commit d02aa5e9ce)
PDO_pgsql:
Revert "Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR)"
Sponsored by: Bounce Experts
(cherry picked from commit 85d390d64b)
PDO_pgsql:
Revert "Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR)"
Sponsored by: Bounce Experts
(cherry picked from commit 1f37ed93a6)
This just adds the new dependencies for building the doc tree with
Hugo/Asciidoctor, as we still have the legacy docs available, will be
kept the former dependencies for a little while.
PR: 253518
Submitted by: Yasuhiro Kimura, Dries Michiels
Reviewed by: 0mp, adamw, dbaio, debdrup, lwhsu
Approved by: doceng (bcr, maintainer)
Differential Revision: https://reviews.freebsd.org/D28609
(cherry picked from commit 21a4260fb3)
Backport patches from the 18.x release branch that uses the Python's
library "contextlib" instead of the external library "contextlib2".
The "contextlib2" library is a backported version which is required for
compatibility with Python 2.7 as the 17.x release of CherryPy is the
last one that has compatibility for Python 2.7.
Since the support for Python 2.7 has been removed in aa7a6c429e,
"contextlib2 is no longer needed for backward compatibility.
This is a transitional solution to fix the regression with Python 3.8
because an update to the 18.x release needs a bit more work and also
requires one or more new Python packages.
While I'm here:
* Sort variables according to the PHB and pet portclippy.
* Remove superfluous EXAMPLESDIR.
* Convert to newer options framework.
* Set NO_ARCH as there are no architecture specific files.
* Add "do-test" target to make future QA easier.
PR: 250379
Reported by: jbeich
Approved by: maintainer timeout (6+ months)
MFH: 2021Q2
(cherry picked from commit 7915fe9b3f)
The last release introduces a bug, which causes BOOL values inserted into PostgreSQL
converted to INT. This causes exceptions when tried.
Since this is a serious issue, we apply the upstream patch
until it gets official released
Approved by: madpilot
Sponsored by: Bounce Experts
Differential Revision: https://reviews.freebsd.org/D30117
(cherry picked from commit 8aea544d5b)
The last release introduces a bug, which causes BOOL values inserted into PostgreSQL
converted to INT. This causes exceptions when tried.
Since this is a serious issue, we apply the upstream patch
until it gets official released
Reported by: madpilot
Sponsored by: Bounce Experts
Differential Revision: https://reviews.freebsd.org/D30117
(cherry picked from commit 31d2c89e27)
* New upstream security release.
+ Release based on +fixes branch.
+ Fixes multiple security vulnerabilities reported by Qualys and adds
related robustness improvements. (Special thanks to Heiko)
CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
CVE-2020-28007: Link attack in Exim's log directory
CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
CVE-2020-28012: Missing close-on-exec flag for privileged pipe
CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
CVE-2020-28009: Integer overflow in get_stdinput()
CVE-2020-28015, CVE-28021: New-line injection into spool header file
CVE-2020-28026: Line truncation and injection in spool_read_header()
CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
CVE-2020-28017: Integer overflow in receive_add_recipient()
CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
CVE-2020-28011: Heap buffer overflow in queue_run()
CVE-2020-28010: Heap out-of-bounds write in main()
CVE-2020-28018: Use-after-free in tls-openssl.c
CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
CVE-2020-28014, CVE-2021-27216: PID file handling
CVE-2020-28008: Assorted attacks in Exim's spool directory
CVE-2020-28019: Failure to reset function pointer after BDAT error
* Incorporate debian patches to turn taint failures into warnings.
(cherry picked from commit 0a629bd710)
get_states() is the reason it stopped building on FreeBSD 13 and newer.
Retire this function since it's not used anywhere and get the build
fixed.
PR: 253547
Reported by: mike@sentex.net
Reviewed by: kp
Approved by: maintainer timeout (2 weeks)
Obtained from: pfSense
MFH: 2021Q2
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 712ed31c3e)
It looks like modernish requires /dev/tty to be available during the
installation as it tries to run its install-time test suite. A solution
to that is wrapping ./install.sh with script(1) to make a TTY available.
Interestingly, if we replace script(1) with daemon(8), we can reproduce
the error present in the pkg fallout logs.
(cherry picked from commit 0e66f42601)
Changelog:
Core:
Fixed bug #80781 (Error handler that throws ErrorException infinite loop).
Fixed bug #75776 (Flushing streams with compression filter is broken). (cmb) 04 Mar 2021, php 7.4.16
Fixed#80706 (mail(): Headers after Bcc headers may be ignored).
Dba:
Fixed bug #80817 (dba_popen() may cause segfault during RSHUTDOWN).
DOM:
Fixed bug #66783 (UAF when appending DOMDocument to element).
FPM:
Fixed bug #80024 (Duplication of info about inherited socket after pool removing).
FTP:
Fixed bug #80880 (SSL_read on shutdown, ftp/proc_open).
Imap:
Fixed bug #80710 (imap_mail_compose() header injection).
Intl:
Fixed bug #80763 (msgfmt_format() does not accept DateTime references).
LibXML:
Fixed bug #51903 (simplexml_load_file() doesn't use HTTP headers).
Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8).
MySQLnd:
Fixed bug #80713 (SegFault when disabling ATTR_EMULATE_PREPARES and MySQL 8.0).
Fixed bug #80837 (Calling stmt_store_result after fetch doesn't throw an error).
Fixed bug #78680 (mysqlnd's mysql_clear_password does not transmit null-terminated password).
Opcache:
Fixed bug #80805 (create simple class and get error in opcache.so).
Fixed bug #80950 (Variables become null in if statements).
Pcntl:
Fixed bug #79812 (Potential integer overflow in pcntl_exec()).
PCRE:
Fixed bug #80866 (preg_split ignores limit flag when pattern with \K has 0-width fullstring match).
PDO_ODBC:
Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte).
PDO_pgsql:
Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).
phpdbg:
Fixed bug #80757 (Exit code is 0 when could not open file).
Session:
Fixed bug #80774 (session_name() problem with backslash).
Fixed bug #80889 (Cannot set save handler when save_handler is invalid).
SOAP:
Fixed bug #69668 (SOAP special XML characters in namespace URIs not encoded).
Standard:
Fixed bug #78719 (http wrapper silently ignores long Location headers).
Fixed bug #80771 (phpinfo(INFO_CREDITS) displays nothing in CLI).
Fixed bug #80838 (HTTP wrapper waits for HTTP 1 response after HTTP 101).
Fixed bug #80915 (Taking a reference to $_SERVER hides its values from phpinfo()).
Fixed bug #80654 (file_get_contents() maxlen fails above (2**31)-1 bytes).
MySQLi:
Fixed bug #74779 (x() and y() truncating floats to integers).
OPcache:
Fixed bug #80682 (opcache doesn't honour pcre.jit option).
OpenSSL:
Fixed bug #80747 (Providing RSA key size < 512 generates key that crash PHP).
Phar:
Fixed bug #75850 (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb)
Fixed bug #70091 (Phar does not mark UTF-8 filenames in ZIP archives).
Fixed bug #53467 (Phar cannot compress large archives).
SPL:
Fixed bug#80719 (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).
Zip:
Fixed bug #80648 (Fix for bug 79296 should be based on runtime version).
Sponsored by: Bounce Experts
(cherry picked from commit 5be5ddc153)
Changelog:
Core:
Fixed bug #75776 (Flushing streams with compression filter is broken).
Fixed bug #80811 (Function exec without $output but with $restult_code parameter crashes).
Fixed bug #80814 (threaded mod_php won't load on FreeBSD: No space available for static Thread Local Storage).
Changed PowerPC CPU registers used by Zend VM to work around GCC bug. Old registers (r28/r29) might be clobbered by _restgpr routine used for return from C function compiled with -Os.
Dba:
Fixed bug #80817 (dba_popen() may cause segfault during RSHUTDOWN).
DOM:
Fixed bug #66783 (UAF when appending DOMDocument to element).
FFI:
Fixed bug #80847 (CData structs with fields of type struct can't be passed as C function argument).
FPM:
Fixed bug #80024 (Duplication of info about inherited socket after pool removing).
FTP:
Fixed bug #80880 (SSL_read on shutdown, ftp/proc_open).
IMAP:
Fixed bug #80800 (imap_open() fails when the flags parameter includes CL_EXPUNGE).
Fixed bug #80710 (imap_mail_compose() header injection).
Intl:
Fixed bug #80763 (msgfmt_format() does not accept DateTime references).
LibXML:
Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8).
Fixed bug #51903 (simplexml_load_file() doesn't use HTTP headers).
MySQLnd:
Fixed bug #80837 (Calling stmt_store_result after fetch doesn't throw an error).
Opcache:
Fixed bug #80839 (PHP problem with JIT).
Fixed bug #80861 (erronous array key overflow in 2D array with JIT).
Fixed bug #80786 (PHP crash using JIT).
Fixed bug #80782 (DASM_S_RANGE_VREG on PHP_INT_MIN-1).
Pcntl:
Fixed bug #79812 (Potential integer overflow in pcntl_exec()).
PCRE:
Fixed bug #80866 (preg_split ignores limit flag when pattern with \K has 0-width fullstring match).
PDO_ODBC:
Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte).
PDO_pgsql:
Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).
Session:
Fixed bug #80889 (Cannot set save handler when save_handler is invalid).
Fixed bug #80774 (session_name() problem with backslash).
SOAP:
Fixed bug #69668 (SOAP special XML characters in namespace URIs not encoded).
Standard:
Fixed bug #80915 (Taking a reference to $_SERVER hides its values from phpinfo()).
Fixed bug #80914 ('getdir' accidentally defined as an alias of 'dir').
Fixed bug #80771 (phpinfo(INFO_CREDITS) displays nothing in CLI).
Fixed bug #78719 (http wrapper silently ignores long Location headers).
Fixed bug #80838 (HTTP wrapper waits for HTTP 1 response after HTTP 101).
Zip:
Fixed bug #80825 (ZipArchive::isCompressionMethodSupported does not exist).
Sponsored by: Bounce Experts
(cherry picked from commit 3de8c62ac4)
- Fix build by changing gcc-specific argument to clang compatible
(-flto=auto -> -flto). This change was upstreamed so it may be
dropped on the next port update. For FreeBSD 11, don't use -flto
at all to also fix the build.
- While here, minor style fixes
Approved by: portmgr blanket
(cherry picked from commit b842770973)
Upgrade to upstream commit 6aec515561
* Fixes CVE-2021-30245
* Misc other fixes
The building using the archive format on FreeBSD does not require epm.
(cherry picked from commit 3c571fd4ae)
freedesktop repo seems to be ~1 month out of date, so getting updates
required syncing upstream changes via temporary forks.
(cherry picked from commit 3130ade8f8)
- Put distfiles into CARGO_DIST_SUBDIR where they were not
- Use correct crate file extension
MFH: 2021Q2 (to ease future cherry picks)
(cherry picked from commit 89c1633d11)
Crates should have the file extension .crate not .tar.gz. Cargo
saves them with that extension and it is also what their original
name was according to file(1):
$ file rust/crates/*
rust/crates/better-panic-0.2.0.tar.gz:gzip compressed data, was "better-panic-0.2.0.crate"
rust/crates/binary-space-partition-0.1.2.tar.gz:gzip compressed data, was "binary-space-partition-0.1.2.crate"
...
The only reason we used .tar.gz is that it was that way in OpenBSD's
devel/cargo/cargo.port.mk module. At the moment they are all .tar.gz
but they might have a different format in the future.
Doing a delayed rollout of this over a change-everything-once
approach to
- not immeditately invalidate all uncommitted port changes or
external ports
- not make sweeping changes twice in main and 2021Q2
at the cost of having a transition period where mirrors might have
to carry both the .tar.gz and .crate tarballs (all crates combined
are ~600 MiB).
Reviewed by: jbeich
MFH: 2021Q2 (to ease future cherry picks)
Differential Revision: https://reviews.freebsd.org/D29760
(cherry picked from commit 3758b337a1)
While maintaing a rust application, I found a cargo.toml that specifies
the git URL with { git="https://..." }, cargo.mk expects a form like { git = "https://" }.
This patch improve the regex making the spaces around the '=' optional
Test: built all ports using the CARGO_USE_GIT feature
Approved by: tobik
Differential Revision: https://reviews.freebsd.org/D29805
(cherry picked from commit 58744a0909)
MASTER_SITES aliases processing in the framework is very inefficient
and the CRATESIO indirection is not worth it. Normally ports only
have a handful of sites at most, but USES=cargo currently adds one
site for each crate by necessity. The inefficiency suddenly matters
a lot.
By consuming MASTER_SITE_CRATESIO directly we can sidestep this
issue without losing anything.
Before:
$ time make -C www/zola -V MASTER_SITES >/dev/null
4.21 real 4.14 user 0.03 sys
After:
$ time make -C www/zola -V MASTER_SITES >/dev/null
0.60 real 0.58 user 0.02 sys
(cherry picked from commit ffd4db6b94)
This is a security fix for an issue that has not yet been disclosed. The
vuxml entry will be updated once the CVE is available.
The patch to mitigate the vulnerability was introduced already on
2021-04-23 in the FreeBSD port as 3.2.1_1.
Security: e4403051-a667-11eb-b9c9-6cc21735f730
(cherry-picked from commit 19889886e5)
Port was broken without this since they recently added the need for html
frontend being presend before build and such frontend was missing.
Reported by: Sandro Wirth <sandro.wirth@posteo.de>
(cherry picked from commit 990e47d4e4)
Major changes:
* Intagrate multipleple fixes from openSUSE
* Fix build against glib-2.68
* ufraw_preview: do now overwrite configuration with preview size
* ufraw-gimp: properly send EXIF data to Gimp 2.9 and later
* Suppress compiler warnings on implicit fallthrough
* ufraw_developer: use fabs() instead of abs() for double
* Fix GCC 9 OpenMP issues by drop default(none)
* From Gentoo ufraw-0.17-cfitsio-automagic.patch
* From Gentoo ufraw-0.22-jasper-automagic.patch
* From Gentoo ufraw-0.22-jpeg9.patch
* From Gentoo ufraw-0.22-exiv2-0.27.patch
* 05_CVE-2018-19655.patch from Debian
* Prevent crash when camera specified in .ufraw file is not in lensfun db
* Fix crash on destroy of lensfun object on PEF images
Security: CVE-2018-19655
MFH: 2021Q2
(cherry picked from commit 0e861af155)
Major changes:
Fix for CVE-2021-3421, CVE-2021-20271 and CVE-2021-20266
additional fixes for important bugs
Full changelog: https://rpm.org/wiki/Releases/4.16.1.3
Security: CVE-2021-3421
Security: CVE-2021-20271
Security: CVE-2021-20266
MFH: 2021Q2
(cherry picked from commit 1cabbfe3ca)
The 12.0.0 branch point hit point in the rework of FreeBSD debug targets
were non-x86 architectures are broken. For now, simply disable LLDB
builds on those platforms.
PR: 254082
(cherry picked from commit cc0bbd8608)
Define a list of options and for any that aren't defined for the current
architecture add a PLIST_SUB entry as through the option were defined and
disabled.
(cherry picked from commit c9a3a7442f)
It looks like it was only built for one CPU before and didn't fail.
Some change in the underlying libraries triggered the build to become
multi-CPU and it began failing because get_nprocs() wasn't available
for FreeBSD and also was't properly linked to the surrounding code.
Reported by: fallout
(cherry picked from commit c4254019d8)
There is no subdir hu for Hungarian under $PYTHON_SITELIBDIR/docutils/languages
and since the upgrade to textproc/py-docutils to 0.17 this causes a failure in
dochtml when building Sage.
Neither the upgrade to 0.17.1 proposed in PR 255197 solves the problem: as a
work-around this modification only removes the build of a_tour_of_sage for hu.
(cherry picked from commit 4a9bb724e8)
Older class AMD64 and i386 CPUs do not support
SSE4.1, so make it opt-in instead. This is a
problem since a build host may support the
feature-set whilst a package consumer does not,
causing an unexpected crash upon starting
the application.
(cherry picked from commit 6a9dfe8760)
Fix panic on mount when trying to use vbox VFS after
base r355790 (or git commit hash 6fa079fc3f5e).
PR: 255208
MFH: 2021Q2
(cherry picked from commit 8a311de0cb)
* Replace two occurrences in pkg-plist where PYTHON_VER shouldn't be
used as a substitution because "3.7" is really hardcoded in the paths.
PR: 253815
Approved by: portmgr (build fix)
MFH: 2021Q2
(cherry picked from commit 980acd0250)
This is not just a bugfix as it contains three features that cause a change of
default behavior (external HTTP insecure URLs are now blocked by default): your
builds may fail when using this new Maven release, if you use now blocked
repositories. Please check and eventually fix before upgrading.
Changes http://maven.apache.org/docs/3.8.1/release-notes.html
PR: 255161
Approved by: Jonathan Chen <jonc@chen.org.nz> (maintainer)
Security: CVE-2021-26291
CVE-2020-13956
(cherry picked from commit 887cfadcdf)
Also regen 'pkg-plist' for affected consumers, with PORTREVISION bump
Touch Mk/bsd.ruby.mk due to all ruby* is affected
MFH: 2021Q2
(cherry picked from commit b8ac15afd0)
Changelog:
Enhancements:
* Add DC terminal power port, outlet types
* Add Saf-D-Grid power port, outlet types
* Support Markdown rendering for report logs
* Add F connector port type
* Add SFP56 50GE interface type
Bug Fixes:
* Update parent device/VM when deleting a primary IP
* Fix VLAN assignment when editing VM interfaces in bulk
* Update object data when renaming a custom field
* Optimize change log cleanup
* Fix MAC address field display in VM interfaces search form
* Fix custom field filtering for cables, virtual chassis
* Fix choice field filters (multiple models)
https://github.com/netbox-community/netbox/releases/tag/v2.10.10
MFH: 2021Q2
(cherry picked from commit f2a9b3469d)
While here, add comment in security/krb5 to remember the obscure dependency in
security/sssd so it does not break again.
PR: 244778
Reported by: tommyhp2@gmail.com
Tested by: tommyhp2@gmail.com
MFH: 2021Q2 (build fix)
(cherry picked from commit 11964e74b9)
Changelog:
Enhancements:
* Add MAC address search field to VM interfaces list
* Omit child devices from non-racked devices list under rack view
* Add column to cable termination objects to display cable color
* Display NAPALM-enabled device tabs only when relevant
* Support disabling TLS certificate validation for Redis
Bug Fixes:
* Fix missing custom field filters for cables, rack reservations
* Add missing count_ipaddresses attribute to VMInterface serializer
* Permit users to manage their own REST API tokens without needing
explicit permission
* Fix interface connections REST API endpoint
* Support colons in webhook header values
* Do not infer tenant assignment from parent objects for prefixes,
IP addresses
* Handle exception when attempting to assign an MPTT-enabled model
as its own parent
* Correct handling of boolean fields when cloning objects
https://github.com/netbox-community/netbox/releases/tag/v2.10.9
MFH: 2021Q2
(cherry picked from commit 2d88de57d5)
- Introduce wireguard_confdir to rc.d script
- Fix variables and load_rc_config order in rc.d script
- Change rc.d scripts to run earlier after NETWORKING is available
Submitted by: niels@netbox.org
(cherry picked from commit 9986bb780c)
JAVA option did not work because the actual build knob was wrong.
Especially, on a system where devel/apache-ant was installed, ant and
java binaries were automatically detected and enabled even if the JAVA
option was disabled. While I am here, fix Apache Ant usage by setteing
JAVACMD variable. Without it, it may pick up java binary from JRE via
javavm(1) from java/javavmwrapper. If ant script is used with java from
JRE, build fails because it cannot find jar.
Approved by: tcberner (maintainer)
(cherry picked from commit 71117cddc9)
Not all GitLab installations are the same; KDE_INVENT is one
that still uses the "old" naming scheme, so set WRKSRC for
ports that use that (all of which as "this should be a
temporary solution until there is a real release again").
Fixes build failures (patch, actually, since the extracted
directories didn't match expectations) in e.g. audio/amarok.
Until newer boost is ported, this fixes compilation of client code with errors like
async_result.hpp: error: concept cannot have associated constraints
See https://github.com/boostorg/asio/issues/312 for details.
PR: 255016
Submitted by: amdmi3
MFH: 2021Q2
(cherry picked from commit 4902f812a6)
Details:
- Enhancements and fixes, see
https://mkvtoolnix.download/doc/NEWS.md
- In particular, fix a regression in the HEVC parser causing invalid
memory access.
MFH: 2021Q2
(cherry picked from commit 2a0f957e62)
- Remove upstreamed patch
- Also fix plist glitch I introduced by mistake in a previous
update
MFH: 2021Q2 (due to plist glitch fix)
(cherry picked from commit 7902e4999f)
Due to a compiler/linker command line ordering issue, VirtualBox 6
fails to compile on 11.x when a ports provided SSL library is
used.
Fix the order of -L options passed to the linker where the ssl
library is used.
Thanks to Chad Jacob Milios <milios@ccsys.com> for suggesting the
correct fix.
PR: 254295
Submitted by: russo@bogodyn.org
MFH: 2021Q2
(cherry picked from commit 423f3dfd75)
Details:
- Update to upstream version 2.10.0.
- Follow upstream development to the GitHub page.
- Remove references to the now-defunct former project page:
http://www.audiocoding.com/
PR: 254711
Reported by: pi
MFH: 2021Q2
(cherry picked from commit abd8356cb7)
This regeneration is required as the new gitlab version changed
the address and the directory the source files can be downloaded.
This commit also applies some small fixes to make sure all ports using
gitlab are buildable.
Reviewed by: mat
Approved by: portmgr
Differential Revision: https://reviews.freebsd.org/D29628
(cherry picked from commit 911f04257e)
Gitlab changed the address beginning of April you can download packages
from:
curl 7efd19e371/archive.tar.gz?dummy=/gitlab-org-gitlab-foss-7efd19e3716ab6f9146052da76d1bd59ec815f2d_GL0.tar.gz
to:
curl 7efd19e371.tar.gz?dummy=/gitlab-org-gitlab-foss-7efd19e3716ab6f9146052da76d1bd59ec815f2d_GL0.tar.gz
The new extracted archive will have a different folder name.
Before it was:
gitlab-foss-7efd19e3716ab6f9146052da76d1bd59ec815f2d-7efd19e3716ab6f9146052da76d1bd59ec815f2d
now it is:
gitlab-foss-7efd19e3716ab6f9146052da76d1bd59ec815f2d
So all ports using gitlab must regen their distinfo.
PR: 254866
MFH: 2021Q2
Differential Revision: https://reviews.freebsd.org/D29628
(cherry picked from commit 12ae9706d9)
As of Golang 1.16, the cgo tool will no longer try to translate C struct
bitfields into Go struct fields, even if their size can be represented
in Go. The order in which C bitfields appear in memory is implementation
dependent, so in some cases the cgo tool produced results that were
silently incorrect.
In this case "accel_flags" is the bitwise field in question. A new
declaration for GtkAccelKey structure that does not explicitly access
to 'accel_flags' has been addressed in the patch.
https://github.com/gotk3/gotk3/pull/730
Patch will be removed when vendor library will be updated.
(cherry picked from commit 3a9193de72)
Previously fixed by 21b8a28407f1 but regressed due to 7fb391c17c8b
taking a different path/file after 4f322003b416 which incompletely
rebased on https://github.com/intel/compute-runtime/commit/d223508cadcd
$ clinfo
[...]
Abort was called at 242 line in file: shared/source/os_interface/linux/drm_neo.cpp
ConsoleKit2 support uses a patch rejected upstream, and upstream plans
to simplify session handling via libseat by dropping other session backends.
(cherry picked from commit ddeb3e2d7f)
DEV_WARNING+="You are using USE_GITLAB and WRKSRC is set which is wrong. Set GL_PROJECT, GL_ACCOUNT correctly, and/or set WRKSRC_SUBDIR and remove WRKSRC entirely."