some existing COMPILER lines with arch restrictions etc. In the usual
case this is now using "COMPILER = base-clang ports-gcc base-gcc" on
ports with c++ libraries in WANTLIB.
This is basically intended to be a noop on architectures using clang
as the system compiler, but help with other architectures where we
currently have many ports knocked out due to building with an unsuitable
compiler -
- some ports require c++11/newer so the GCC version in base that is used
on these archirtectures is too old.
- some ports have conflicts where an executable is built with one compiler
(e.g. gcc from base) but a library dependency is built with a different
one (e.g. gcc from ports), resulted in mixing incompatible libraries in the
same address space.
devel/gmp is intentionally skipped as it's on the path to building gcc -
the c++ library there is unused in ports (and not built by default upstream)
so intending to disable building gmpcxx in a future commit.
OSS Fuzz.
Disable ghostscript-based coders in the default config file (policy.xml)
following suggestion in http://www.openwall.com/lists/oss-security/2018/08/21/2
If you're using an edited config file or using ImageMagick in chroot, you may
want to consider following suit.
build and probably others.
noting here just for the sake of it, my test case reduced to:
convert -size 200x200 xc:none -draw "path 'M 110,190 M 70,40'" tmp0.png
* Fix pixel cache on disk regression
* Quote passwords when passed to a delegate program
* Can read geo-related EXIF metdata once-again
* Sanitize all delegate emedded formatting characters
* Don't sync pixel cache in AcquireAuthenticCacheView()
- Remove https delegate.
- Check for buffer overflow in magick/draw.c/DrawStrokePolygon().
- Replace show delegate title with image filename rather than label.
- Fix GetNextToken() off by one error.
- Remove support for internal ephemeral coder.
and do something slightly more useful (the naming scheme doesn't work
very well with portroach, but hopefully pointing at /download/ rather
than letting it use /download/releases/ will mean it only picks up
changes to the minor release of the current version).
