In various places in the code, it's assumed that the __POWERPC__ define
is Mac OS 9 specific, but our clang defines it as well, breaking the build,
revert to the gcc situation.
Also add a license marker (thanks to jca@ for figuring out under which
license we should distribute it), and remove MASTER_SITES because it
can't be fetched from upstream; this port may be removed soon or
otherwise its distfile mirrored.
OK sthen@ and jca@
Changelog: https://github.com/hashicorp/vault/blob/master/CHANGELOG.md
Port changes:
* Vault config moved to /etc/vault/vault.hcl
* Added default config with internal Raft storage
* Add patch for signing SSH keys using rsa-sha2-256 algorithm
* Add locations for vault db/plugins/logs
* Use logger for Vault server logging to /var/log/vault/vault.log
* Add pkg README
ok ajacoutot@
It is unuseable as-is on powerpc, colors are off, and even "corrupts"
KDE widgets colors. Marking it BROKEN saves 28 machine hours during
the bulk.
OK sthen@ and rsadowski@ (maintainer)
Servers enforcing that clients send an SNI become more common.
Backport the mechanism for sending SNI from alpine 2.22.
Our new TLSv1.3 stack requires more retries than the old one
so retry SSL_write() if the API tells us to do so.
Issue reported, fix tested and "ok" procter.
ok jca sthen
commit f47e4856497231eb672da2ce0df3e641581d47e6
Author: Daniel A. Wozniak <dwozniak@saltstack.com>
Date: Mon Apr 13 06:41:04 2020 +0000
Fix CVE-2020-11651
Resolve issue which allows access to un-intended methods in the
ClearFuncs class of the salt-master process
commit 7bd0ab195fbec4f34523dad11149f741c154e2b7
Author: Daniel A. Wozniak <dwozniak@saltstack.com>
Date: Mon Apr 13 06:44:58 2020 +0000
Fix CVE-2020-11652
Sanitize paths in ClearFuncs methods provided by salt-master. This
ensures we do not allow access to un-intended files and directories.
ok sthen@, jasper@
This one stopped working and such keys are personalized anyway.
Tweak README to suggest using .xsession/xenodom(1) in favour of
.xinitrc/startx(1) to set things up.
Result of minitube appearing broken.
Feedback OK bcallah
devhelp ships a single Python script which is a gedit plugin, nothing
else in devhelp requires Python at runtime.
Remove lang/python module usage; Both Python 3 (through meson) and 2
(through a secondary BUILD_DEPENDS in the chain) are pulled in during
build anyway.
gedit itself has a direct Python 3 as RUN_DEPENDS.
devhelp not having a Python RDEP allows installing the "xfce" meta package
without requiring Python 2.
Ok aja
PyPI projects that already list multiple supported Python versions cause
portgen(1) to generate a flavoured port; of leaving FLAVOR emtpy, opt for
the highest available version.
This makes it use FLAVOR?=python3 insteaf of FLAVOR?= (empty) if any
sypport higher than Python 2 is listed.
Note that PyPI projects listing either only one sypported version or none
at all are not effected by this diff.
OK afresh1 kmos
Kicad's PCB editor, its main feature, leads to segfaults. oce, whose
only consumer is Kicad, takes 53 hours to build in the lastest macppc
bulk. Mark them BROKEN to save bulk time.
While here move Kicad's homepage to https.
ok jca@ tracey@ sthen@
Security fixes:
- Cross-Site Scripting (XSS) via malicious HTML content
- CSRF attack can cause an authenticated user to be logged out
- Remote code execution via crafted config options
- Path traversal vulnerability allowing local file inclusion via crafted
'plugins' option
The latter two vulnerabilities are classified minor because they only
affect Roundcube installations with public access to the Roundcube
installer. That’s generally a high-risk situation and is expected to be
rare or practically non-existent in productive Roundcube deployments.
However, the fixes are done in core in order to also prevent from future
and yet unknown attack vectors.
Changelog at https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
sthen@ reported that clisp sometimes fails to build, with an error at
MAP_ANON. Some tests, including MAP_ANON, might give a random 'no' when
their fixed addresses conflict with ASLR. Override to 'yes'.
ok sthen@
