devel/awscli: use USE_PTYHON=noflavors, remove PKGNAMEPREFIX
The introduction of flavors caused the awscli package to be renamed to
py27-awscli. Since this package is preinstalled on all AWS EC2 instances
running a FreeBSD image, apply POLA and rename the package back to
awscli. The assumption is that the rename was unintentional.
Approved by: mat (co-mentor)
Differential Revision: https://reviews.freebsd.org/D13555
Approved by: portmgr
net-p2p/transmission-daemon: Mitigate DNS rebinding attack
Incorporate upstream pull request 468, proposed by Tavis Ormandy from
Google Project Zero, which mitigates this attack by requiring a host
whitelist for requests that cannot be proven to be secure, but it can
be disabled if a user does not want security.
PR: 225150
Submitted by: Tavis Ormandy
Approved by: crees (maintainer)
Obtained from: https://github.com/transmission/transmission/pull/468#issuecomment-357098126
Security: https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html
Add note to UPDATING for net-p2p/transmission-daemon explaining how to
allow client access with the new DNS rebinding mitigations.
PR: 225150
Security: https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html
net-p2p/transmission-daemon: Improve UPDATING entry and add pkg-message
This will ensure users who do not read UPDATING are still presented with
the message about how to allow clients to connect to the daemon using
DNS when they upgrade the package.
PR: 225150
Reported by: swills
Security: https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html
Approved by: ports-secteam (swills)
This update replaces the default resolver used by
dnscrypt-proxy (cisco/OpenDNS) by a random one that
does not log entries and supports dnssec.
- Improve pkg-message's.
- Fix MASTER_SITES.
- Reorder Makefile variable's.
- Update WWW.
PR: 223222
Submitted by: Vinícius Zavam <egypcio@googlemail.com>
Reviewed by: dbaio, garga, mat
Approved by: Leo Vandewoestijne <freebsd@dns-lab.com>
(maintainer, previous patch, then timeout)
Differential Revision: https://reviews.freebsd.org/D12775
- Make the guile2 flavor the new default. Users requiring guile1
can use that flavor
- Add note in UPDATING, since the default is changing
Reviewed by: mat
Approved by: portmgr (mat)
Differential Revision: https://reviews.freebsd.org/D13478
Ports using USE_PYTHON=distutils are now flavored. They will
automatically get flavors (py27, py34, py35, py36) depending on what
versions they support.
There is also a USE_PYTHON=flavors for ports that do not use distutils
but need FLAVORS to be set. A USE_PYTHON=noflavors can be set if
using distutils but flavors are not wanted.
A new USE_PYTHON=optsuffix that will add PYTHON_PKGNAMESUFFIX has been
added to cope with Python ports that did not have the Python
PKGNAMEPREFIX but are flavored.
USES=python now also exports a PY_FLAVOR variable that contains the
current python flavor. It can be used in dependency lines when the
port itself is not python flavored. For example, deskutils/calibre.
By default, all the flavors are generated. To only generate flavors
for the versions in PYTHON2_DEFAULT and PYTHON3_DEFAULT, define
BUILD_DEFAULT_PYTHON_FLAVORS in your make.conf.
In all the ports with Python dependencies, the *_DEPENDS entries MUST
end with the flavor so that the framework knows which to build/use.
This is done by appending '@${PY_FLAVOR}' after the origin (or
@${FLAVOR} if in a Python module with Python flavors, as the content
will be the same). For example:
RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}six>0:devel/py-six@${PY_FLAVOR}
PR: 223071
Reviewed by: portmgr, python
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D12464
Please note:
- Web's static dirs have moved to a single dedicated directory.
- Users should review webserver's /static configuration (examples in
share/examples/sympa).
PR: 223793
Submitted by: geoffroy desvernay <dgeo@centrale-marseille.fr> (maintainer)
Relnotes: https://github.com/sympa-community/sympa/blob/6.2.22/NEWS.md
The build currently fails when older netpbm version are still
installed in the build environment e.g. when upgrading from 10.35.98
to 10.80.00 the build fails with
ppmtompeg.o: In function `main':
ppmtompeg.c:(.text+0x9a5): undefined reference to `pm_strfree'
ppmtompeg.o: In function `getUserFrameFile':
ppmtompeg.c:(.text+0xcb1): undefined reference to `pm_asprintf'
ppmtompeg.c:(.text+0xcfb): undefined reference to `pm_strfree'
ppmtompeg.c:(.text+0xd04): undefined reference to `pm_strfree'
- Use explicit paths when linking with libnetpbm
- Remove UPDATING entry that previously recommended deinstalling
netpbm first when using portmaster/portupgrade
PR: 223724
Separate python2 and python3 bindings[1], to allow each to be enabled
independently or concurrently. py27 is still the default.
As long as I'm messing with language bindings, turn the Tcl and Lua
options off by default. This does NOT in any way affect support for
editing those types of files (including indenting, completion,
highlighting, linting, etc.)---it only affects plugins written in
Tcl or Lua or interactive debugging.
Suggested by: mat [1]
The flag has partial support across the tree, and the same effect
can be obtained by using ".undef WITH_DEBUG".
Reviewed by: mat, rene
Approved by: portmgr (rene)
Differential Revision: https://reviews.freebsd.org/D12548
- Update x509 patch to 11.0
- HPN/NONECIPHER do not apply currently and are disabled by default,
same as the base sshd. A compatibility patch is applied if
these options are disabled to prevent startup failures; the options
are kept as deprecated.
- SCTP patch does not apply.
Changes: https://www.openssh.com/txt/release-7.6
Notable changes:
- SSH version 1 support dropped.
- Dropped support for hmac-ripemd160 MAC.
- Dropped support for the ciphers arcfour, blowfish and CAST.
- RSA keys less than 1024 bits are refused.
net/bsdrcmds by default allowing end-users to install both ports.
Users may deselect the options to use the original command names
however they must also uninstall net/bsdrcmds to avoid the conflict.
A lot of things have changed for the better since version 5.6 in cwm,
but upstream has stopped tagging new releases. This updates the port
to use a more recent commit to match cwm in OpenBSD more closely.
This is important because configuration options have changed which
makes it harder to share config files between systems.
While here
- Fix license which appears to not be BSD 2-clause but the ISC license
- Update WWW. The old site is gone.
- Remove MASTER_SITES which wasn't really used
Changes: https://github.com/chneukirchen/cwm/compare/v5.6...linux
PR: 222423
Approved by: braakvaak@aol.com (maintainer timeout, 2 weeks)
suggested by upstream, like courier-imap port does.
The sample files are renamed to ".dist" because that is the name
the tool expects.
Also added a note to UPDATING to warn users about the sysconftool
expecting the comments not to be removed.
While here convert to localbase.
Suggested by: Doug McIntyre <merlyn at iphouse.net>
Clarify the wording around the devel/cmake-modules deletion (merge into
devel/cmake), and provide explicit instructions for users on how to
proceed.
PR: 222000
This port now provides Cargo. This is the recommended now because Cargo
won't be provided separately in the future.
To build Cargo, we set `extended = true` in `config.toml`. As a side
effect, this flag also installs Rust source code. The port has a new
`SOURCES` option (disabled by default) to keep those sources.
As a consequence of this, `devel/cargo` is removed. Several ports
and Makefiles in Mk were updated to depend on `lang/rust` instead of
`devel/cargo`.
The other big change in this patch is the use of the bundled crates,
instead of relying on Cargo's registry (which was part of the distfiles,
in order to allow offline builds). So now, we don't need to prepare the
registry when updating this port.
This has several other benefits:
* It fixes the build with sudo(8).
* It fixes the use of the ino-64 patch (it was not applied to the
registry, thus not used).
Compilation errors were fixed in the ino-64 patch.
Various `.cargo-checksum.json` files are updated after the sources are
patched (FBSD10_FIX, ino-64, and so on). This fixes builds which were
failing with errors such as:
error: the listed checksum of `.../rustc-1.19.0-src/src/vendor/lzma-sys/xz-5.2.3/build-aux/config.rpath` has changed:
expected: c8b4c017079da9dfb3086a0583e60ffe736184d89005dc5973f0bb0fd17c04bb
actual: 561b00eb30ecaef2c9da17bc195e7d2a7ea63facea38ea9849fbb0ed340bebba
PR: 221088
Reported by: joneum@, nwhitehorn@, romain@,
Ekaterina Vaartis <vaartis@cock.li>,
david@catwhisker.org,
fullermd@over-yonder.net,
rum1cro@yandex.ru,
w.schwarzenfeld@utanet.at
Differential Revision: https://reviews.freebsd.org/D11783
Upstream has set collation type for MySQL to be implicit and
will cause issues when updating if tables are not set to
utf8_unicode_ci.
Approved by: lifanov (mentor, implicit)
now marked for deprecation at the end of the year (when upstream support
for it will end). Users of gnupg20 should migrate to gnupg22.
The gnupg port is remaining at 2.1.x for now, as it's essentially the
same thing as 2.2.0. It will become 2.3 soon-ish.