setuptools (it's used as a package locator but importlib.metadata in
newer Python core or the external importlib_metadata are preferred).
So drop the RDEP in that case (it's still kept for py27) and bump
revisions.
If we need to make an exception we can do it and properly document the
reason but by default we should just use the default login class.
rc.d uses daemon or the login class provided in login.conf.d so this has
no impact there.
discussed with sthen@, tb@ and robert@
praying that my grep/sed skills did not break anything and still
believing in portbump :-)
if a port needs 2.x then set MODPY_VERSION=${MODPY_DEFAULT_VERSION_2}.
This commit doesn't change any versions currently used; it may be that
some ports have MODPY_DEFAULT_VERSION_2 but don't require it, those
should be cleaned up in the course of updating ports where possible.
Python module ports providing py3-* packages should still use
FLAVOR=python3 so that we don't have a mixture of dependencies some
using ${MODPY_FLAVOR} and others not.
gnupg-1.4 is not developed actively anymore, and new software expects
a modern "gpg" executable, which leads to pointless patches in the ports
tree. Move the various users of security/gnupg2 to security/gnupg and
zap patches that forced the use of "gpg2".
Crusade started by edd@ (security/gnupg maintainer), gnupg->gnupg2 test
reports from semarie@, giovanni@ and solene@, input and bulk build by
sthen@. ok sthen@ edd@ (maintainer)
All the heavy lifting for updating from 2018.3 to 3000.1 by robert.
Trivial rebasing & updating to 3000.1 -> 3000.3 by me.
"Please commit" robert
OK robert, jasper
commit f47e4856497231eb672da2ce0df3e641581d47e6
Author: Daniel A. Wozniak <dwozniak@saltstack.com>
Date: Mon Apr 13 06:41:04 2020 +0000
Fix CVE-2020-11651
Resolve issue which allows access to un-intended methods in the
ClearFuncs class of the salt-master process
commit 7bd0ab195fbec4f34523dad11149f741c154e2b7
Author: Daniel A. Wozniak <dwozniak@saltstack.com>
Date: Mon Apr 13 06:44:58 2020 +0000
Fix CVE-2020-11652
Sanitize paths in ClearFuncs methods provided by salt-master. This
ensures we do not allow access to un-intended files and directories.
ok sthen@, jasper@
florian@ noticed that sysutils/salt does not like py-msgpack-1.0.0.
Upstream of the latter dropped the encoding option from Packer and
Unpacker causing a TypeError
Comments and OK from jca@
