Update glib to 2.50.3.
Also redo the kqueue patches. Now we patch files only once, and add some
bits that got lost somewhere (which is probably my fault). Which where
causing crashes when for example nautilus or thundar where monitoring
directories and files where added/removed.
PR: 199872
Fix another crash bug in the kqueue backend.
PR: 199872 217946
Approved by: ports-secteam (swills@)
KGDB fixes for amd64 and aarch64.
- Update the amd64 kernel support to recognize mchk_calltrap as a
trapframe generator.
- Remove some unneeded headers from fbsd-kld.c.
- Various fixes to get stack traces working for aarch64 kernels:
- Map the LR register from the PCB to PC instead of LR.
- Skip the PC register from the PCB as it isn't initialized to anything.
- Correct the register cache map for the PCB. The old one had the
offsets of pcb_sp and pcb_pc reversed.
- Don't map all of the saved general purpose registers in a
trapframe to X1 rather than X0 .. X29.
- Use correct name for el0 trapframe entry points.
Reviewed by: pizzamig (maintainer)
Differential Revision: https://reviews.freebsd.org/D13977
Approved by: ports-secteam (swills)
devel/awscli: use USE_PTYHON=noflavors, remove PKGNAMEPREFIX
The introduction of flavors caused the awscli package to be renamed to
py27-awscli. Since this package is preinstalled on all AWS EC2 instances
running a FreeBSD image, apply POLA and rename the package back to
awscli. The assumption is that the rename was unintentional.
Approved by: mat (co-mentor)
Differential Revision: https://reviews.freebsd.org/D13555
Approved by: portmgr
Add patch and fix CVE-2017-15132
Add upstream patch to fix CVE-2017-15132, memory leak in the log in process
that can cause memory exhaustion.
PR: 225446
Submitted by: Vladimir Krstulja
Approved by: adamw (maintainer), swills (ports-secteam)
Security: 92b8b284-a3a2-41b1-956c-f9cf8b74f500
Approved by: ports-secteam (implicit)
security/clamav: remove LHA from default options.
r459039 made distribution of the lha binary not allowed.
PR: 225180
Submitted by: antoine
security/clamav: upgrade to 0.99.3.
* Update to 0.99.3.
* Fix following portlint warnings.
** Move position of USES in Makefile.
** Remove reference of undefined LLVM option.
** Regenerate files/patch-libclamav_regex_pcre.c by 'make makepatch
** add USES=ssl
PR: 225461
Submitted by: yasu@utahime.org
Approved by: ports-secteam (swills)
Security: b464f61b-84c7-4e1c-8ad4-6cf9efffd025
Make AQMP support optional. AQMP support, which was prior to this
revision not optional, caused syslog-ng to fail to build with
LibreSSL. Users of LibreSSL should disable AQMP support.
PR: 225380
Submitted by: Peter Czanik (CzP) <peter.czanik@balabit.com>
Balabit / syslog-ng upstream
Approved by: portmgr (swills)
sysutils/gdisk: Unbreak UTF16 option
/usr/bin/ld: undefined reference to symbol `_ZN3icu13UnicodeStringC1EPKc' (try adding -licuuc)
//usr/local/lib/libicuuc.so.60: could not read symbols: Bad value
PR: 198518
Submitted by: Ting-Wei Lan <lantw44@gmail.com>
Approved by: wg (maintainer timeout, ~3 years)
Approved by: ports-secteam blanket
Show errors for duplicate source entries.
Remove duplicate entries found by updated MOVEDlint.awk in r459958
Fix some other lint findings
Approved by: portmgr (implicit)
Fix databases/mariadb* hostname verification when building against LibreSSL
LibreSSL imported X509_check_host from BoringSSL. Unlike OpenSSL,
it doesn't calculate the length of the hostname passed in case
chklen/namelen == 0. This means that the check in MariaDB always
fails if built against LibreSSL. This forces adminstrators to disable
hostname verification, which weakens security (hence the MFH request below).
Note that the fix has no negative implications if built against OpenSSL,
as its implementation calls strlen(hostname) in case namelen == 0.
See also https://github.com/MariaDB/server/pull/562
Approved by: portmgr
xen-kernel: fix build with clang 6 and apply pending XSA patches
This includes a band-aid for running 64bit PV guests without
compromising the whole system.
Approved by: ports-secteam (swills)
Restore DTraceToolkit from r454702.
It's not in base since 2016 r300226 exactly because it is updated more often
than FreeBSD and belongs in ports.
Approved by: portmgr (implicit)
Update to version 4.1.1
- Fixes "PowerDNS Security Advisory 2018-01: Insufficient validation
of DNSSEC signatures". An issue has been found in the DNSSEC
validation component of PowerDNS Recursor, allowing an ancestor
delegation NSEC or NSEC3 record to be used to wrongfully prove the
non-existence of a RR below the owner name of that record. This
would allow an attacker in position of man-in-the-middle to send a
NXDOMAIN answer for a name that does exist.
The 4.0.x branch is not vulnerable.
- Add support for algo16 and simplify Lua/LuaJIT engine choice.
PR: 225397
Submitted by: maintainer
Security: CVE-2018-1000003
Approved by: ports-secteam
Remove BROKEN, DEPRECATED and EXPIRATION_DATE
This port builds fine in poudriere.
This port depends on py-twisted and py-twistedCore has been removed from ports tree.
Approved by: ports-secteam (swills)
net-p2p/transmission-daemon: Mitigate DNS rebinding attack
Incorporate upstream pull request 468, proposed by Tavis Ormandy from
Google Project Zero, which mitigates this attack by requiring a host
whitelist for requests that cannot be proven to be secure, but it can
be disabled if a user does not want security.
PR: 225150
Submitted by: Tavis Ormandy
Approved by: crees (maintainer)
Obtained from: https://github.com/transmission/transmission/pull/468#issuecomment-357098126
Security: https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html
Add note to UPDATING for net-p2p/transmission-daemon explaining how to
allow client access with the new DNS rebinding mitigations.
PR: 225150
Security: https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html
net-p2p/transmission-daemon: Improve UPDATING entry and add pkg-message
This will ensure users who do not read UPDATING are still presented with
the message about how to allow clients to connect to the daemon using
DNS when they upgrade the package.
PR: 225150
Reported by: swills
Security: https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html
Approved by: ports-secteam (swills)