Commit graph

434533 commits

Author SHA1 Message Date
Jan Beich
8088ed9d41 MFH: r460357
www/firefox-esr: work around race on sqlite3 init

PR:		225364
Obtained from:	upstream (Firefox 56)
Approved by:	ports-secteam (swills)
2018-01-31 21:00:31 +00:00
Jan Beich
d8d574ae29 MFH: r460253
devel/include-what-you-use: switch to llvm50 (like r457360)

PR:		224617
Approved by:	maintainer timeout (1 month)
Approved by:	ports-secteam (swills)
2018-01-31 20:58:28 +00:00
Antoine Brodin
a7f97786e4 MFH: r460339
Apply patches for CVE-2017-9935 and CVE-2017-18013

PR:		225544
Submitted by:	Yasuhiro KIMURA
Obtained from:	Debian
2018-01-30 19:47:38 +00:00
Koop Mast
6be7000ad5 MFH: r460052 r460230
Update glib to 2.50.3.

Also redo the kqueue patches. Now we patch files only once, and add some
bits that got lost somewhere (which is probably my fault). Which where
causing crashes when for example nautilus or thundar where monitoring
directories and files where added/removed.

PR:		199872

Fix another crash bug in the kqueue backend.

PR:		199872 217946

Approved by:	ports-secteam (swills@)
2018-01-30 07:04:21 +00:00
John Baldwin
c2d9b63b55 MFH: r460050
KGDB fixes for amd64 and aarch64.

- Update the amd64 kernel support to recognize mchk_calltrap as a
  trapframe generator.
- Remove some unneeded headers from fbsd-kld.c.
- Various fixes to get stack traces working for aarch64 kernels:
  - Map the LR register from the PCB to PC instead of LR.
  - Skip the PC register from the PCB as it isn't initialized to anything.
  - Correct the register cache map for the PCB.  The old one had the
    offsets of pcb_sp and pcb_pc reversed.
  - Don't map all of the saved general purpose registers in a
    trapframe to X1 rather than X0 .. X29.
  - Use correct name for el0 trapframe entry points.

Reviewed by:	pizzamig (maintainer)
Differential Revision:	https://reviews.freebsd.org/D13977

Approved by:	ports-secteam (swills)
2018-01-30 01:18:07 +00:00
Jan Beich
4c1c401e32 MFH: r460354
www/waterfox: update to 56.0.3.50

- Apply more FF58 fixes except the following
  https://bugzilla.mozilla.org/buglist.cgi?bug_id=1281965,1379276,1382851,1390882,1396399,1412653,1413857,1415770,1415788,1416879,1418074,1418841,1418966,1420049,1421099,1421324,1426449

Changes:	https://github.com/MrAlex94/Waterfox/compare/56.0.3...52216f01e1f3
Security:	a891c5b4-3d7a-4de9-9c71-eef3fd698c77
Approved by:	ports-secteam blanket
2018-01-30 00:59:18 +00:00
Jan Beich
d0fb2a2363 MFH: r460361
emulators/citra: update to s20180128

Changes:	5a57578c...27ed8a3c
Approved by:	ports-secteam (swills, implicit for snapshots)
2018-01-30 00:57:54 +00:00
Jan Beich
cbf403c01b MFH: r460360
emulators/rpcs3: update to 0.0.4.285

Changes:	bb5bdb2e8...cd8e97a7c
Approved by:	ports-secteam (junovitch, implicit for snapshots)
2018-01-30 00:56:23 +00:00
Jung-uk Kim
a1672c172e MFH: r460351
Update to 9.0.4.

http://www.oracle.com/technetwork/java/javase/9-0-4-relnotes-4021191.html

Approved by:	ports-secteam (swills)
2018-01-29 22:51:44 +00:00
Jung-uk Kim
a826aa6d32 MFH: r460350
Update to 8u162.

http://www.oracle.com/technetwork/java/javase/8u162-relnotes-4021436.html

Approved by:	ports-secteam (swills)
2018-01-29 22:51:15 +00:00
Bradley T. Hughes
d6d4fcdd06 MFH: r457853
devel/awscli: use USE_PTYHON=noflavors, remove PKGNAMEPREFIX

The introduction of flavors caused the awscli package to be renamed to
py27-awscli. Since this package is preinstalled on all AWS EC2 instances
running a FreeBSD image, apply POLA and rename the package back to
awscli. The assumption is that the rename was unintentional.

Approved by:	mat (co-mentor)
Differential Revision:	https://reviews.freebsd.org/D13555

Approved by:	portmgr
2018-01-29 22:06:52 +00:00
Niclas Zeising
a085096f6a MFH: r460336
Add patch and fix CVE-2017-15132

Add upstream patch to fix CVE-2017-15132, memory leak in the log in process
that can cause memory exhaustion.

PR:		225446
Submitted by:	Vladimir Krstulja
Approved by:	adamw (maintainer), swills (ports-secteam)
Security:	92b8b284-a3a2-41b1-956c-f9cf8b74f500

Approved by:	ports-secteam (implicit)
2018-01-29 21:04:37 +00:00
Jan Beich
c08622c31f MFH: r460254
www/firefox: update to 58.0.1

Changes:	https://www.mozilla.org/firefox/58.0.1/releasenotes/
PR:		223425
Approved by:	ports-secteam (swills)
2018-01-29 19:16:12 +00:00
Dirk Meyer
c311fea81f MFH: r460104
- disable option SMTPUTF8 as default
it causes lost mail and backscatter with local delivery.
PR:		224452

Approved by:	portmgr (Steve Wills)
2018-01-27 16:53:26 +00:00
Koop Mast
87e8ce533d MFH: r460078
Update gcab to 0.8.

Security fix release with normal bug fixes.

Security:	2cceb80e-c482-4cfd-81b3-2088d2c0ad53
		CVE-2018-5345

Approved by:	ports-secteam (swills@)
2018-01-27 16:01:41 +00:00
Jan Beich
e6985d32fa MFH: r459899
mail/thunderbird: update to 52.6.0

Changes:	https://www.mozilla.org/thunderbird/52.6.0/releasenotes/
Security:	a891c5b4-3d7a-4de9-9c71-eef3fd698c77
Approved by:	ports-secteam (swills)
2018-01-27 01:25:41 +00:00
Jan Beich
b68f8cdc1e MFH: r460069
emulators/citra: update to s20180127

Changes:	33b0b516...5a57578c
Approved by:	ports-secteam (swills, implicit for snapshots)
2018-01-27 00:56:39 +00:00
Jan Beich
cc48fce5e1 MFH: r460068
emulators/rpcs3: update to 0.0.4.283

Changes:	c8965564e...bb5bdb2e8
Approved by:	ports-secteam (junovitch, implicit for snapshots)
2018-01-27 00:55:24 +00:00
Larry Rosenman
0e062fb6ee MFH: r459048 r459972
security/clamav: remove LHA from default options.

r459039 made distribution of the lha binary not allowed.

PR:		225180
Submitted by:	antoine

security/clamav: upgrade to 0.99.3.
* Update to 0.99.3.
* Fix following portlint warnings.
** Move position of USES in Makefile.
** Remove reference of undefined LLVM option.
** Regenerate files/patch-libclamav_regex_pcre.c by 'make makepatch
** add USES=ssl

PR:		225461
Submitted by:	yasu@utahime.org

Approved by:	ports-secteam (swills)
Security:	b464f61b-84c7-4e1c-8ad4-6cf9efffd025
2018-01-26 14:14:09 +00:00
Cy Schubert
cad478be0b MFH: r459810
Make AQMP support optional. AQMP support, which was prior to this
revision not optional, caused syslog-ng to fail to build with
LibreSSL. Users of LibreSSL should disable AQMP support.

PR:		225380
Submitted by:	Peter Czanik (CzP) <peter.czanik@balabit.com>
		Balabit / syslog-ng upstream
Approved by:	portmgr (swills)
2018-01-26 03:07:13 +00:00
Tobias Kortkamp
6a9772647c MFH: r459966
sysutils/gdisk: Unbreak UTF16 option

/usr/bin/ld: undefined reference to symbol `_ZN3icu13UnicodeStringC1EPKc' (try adding -licuuc)
//usr/local/lib/libicuuc.so.60: could not read symbols: Bad value

PR:		198518
Submitted by:	Ting-Wei Lan <lantw44@gmail.com>
Approved by:	wg (maintainer timeout, ~3 years)

Approved by:	ports-secteam blanket
2018-01-25 23:00:29 +00:00
Bryan Drewery
eaea088b2f MFH: r459958 r459959 r459960
Show errors for duplicate source entries.

Remove duplicate entries found by updated MOVEDlint.awk in r459958

Fix some other lint findings

Approved by:	portmgr (implicit)
2018-01-25 21:13:14 +00:00
Michael Gmelin
61b3a63101 MFH: r459808
Fix databases/mariadb* hostname verification when building against LibreSSL

LibreSSL imported X509_check_host from BoringSSL. Unlike OpenSSL,
it doesn't calculate the length of the hostname passed in case
chklen/namelen == 0. This means that the check in MariaDB always
fails if built against LibreSSL. This forces adminstrators to disable
hostname verification, which weakens security (hence the MFH request below).

Note that the fix has no negative implications if built against OpenSSL,
as its implementation calls strlen(hostname) in case namelen == 0.

See also https://github.com/MariaDB/server/pull/562

Approved by:	portmgr
2018-01-25 15:47:01 +00:00
Tobias Kortkamp
1316d941ee MFH: r459917
Fix typo DtraceToolkit -> DTraceToolkit

Approved by:	ports-secteam blanket
2018-01-25 10:00:58 +00:00
Roger Pau Monné
a6ca9fe685 MFH: r459786 r459787 r459822
xen-kernel: fix build with clang 6 and apply pending XSA patches

This includes a band-aid for running 64bit PV guests without
compromising the whole system.

Approved by:	ports-secteam (swills)
2018-01-25 09:25:18 +00:00
Antoine Brodin
07ba4eb676 MFH: r459908
Fix the context of this patch so that its applies with stricter patch(1)

PR:		223545
2018-01-25 06:44:58 +00:00
Bryan Drewery
02265c24f9 MFH: r459906
Restore DTraceToolkit from r454702.

It's not in base since 2016 r300226 exactly because it is updated more often
than FreeBSD and belongs in ports.

Approved by:	portmgr (implicit)
2018-01-25 06:11:02 +00:00
TAKATSU Tomonari
3b04868a2a MFH: r459826
- Update RUN_DEPENDS
- Add the patch to fix the mikutter issue 1130
- Make portlint happy

Submitted by:	Koichiro IWAO <meta+ports_AT_vmeta_DOT_jp>
PR:		224923

Approved by:	ports-secteam (swills)
2018-01-25 02:34:11 +00:00
Jan Beich
41edcc6749 MFH: r459898
emulators/rpcs3: update to 0.0.4.280

Changes:	4f0179471...c8965564e
Approved by:	ports-secteam (junovitch, implicit for snapshots)
2018-01-25 00:59:02 +00:00
Jan Beich
80df59bd55 MFH: r459897
emulators/citra: update to s20180124

Changes:	0e8c25fd...33b0b516
Approved by:	ports-secteam (swills, implicit for snapshots)
2018-01-25 00:55:06 +00:00
Lars Engels
d00eea93a2 MFH: r459728
net-mgmt/icingaweb2:

Update to 2.5.1 (Mostly bugfixes)

Changelog: https://github.com/Icinga/icingaweb2/milestone/47?closed=1

Approved by:	portmgr (swills)
2018-01-23 16:02:52 +00:00
Kirill Ponomarev
b6db1cc997 Fix previous commit with mfh.
Approved by:	ports-secteam
2018-01-23 15:52:45 +00:00
Kirill Ponomarev
8107eaebc2 MFH: r459742
Update to version 4.1.1

- Fixes "PowerDNS Security Advisory 2018-01: Insufficient validation
  of DNSSEC signatures". An issue has been found in the DNSSEC
  validation component of PowerDNS Recursor, allowing an ancestor
  delegation NSEC or NSEC3 record to be used to wrongfully prove the
  non-existence of a RR below the owner name of that record. This
  would allow an attacker in position of man-in-the-middle to send a
  NXDOMAIN answer for a name that does exist.
  The 4.0.x branch is not vulnerable.

- Add support for algo16 and simplify Lua/LuaJIT engine choice.

PR:		225397
Submitted by:	maintainer
Security:	CVE-2018-1000003

Approved by:	ports-secteam
2018-01-23 15:45:26 +00:00
Guido Falsi
68c97ff276 MFH: r459693
Import code from mousepad development repository which fixes a dbus
messages storm causing heavy CPU usage, memory allocation and disk
usage when working with multiple windows.

While here also import a GTK3 specific fix.

Ref.:
https://bugzilla.xfce.org/show_bug.cgi?id=14184
https://bugzilla.xfce.org/show_bug.cgi?id=12134

Reported by:	Erich Dollansky <freebsd.ed.lists@sumeritec.com>
Obtained from:	https://git.xfce.org/apps/mousepad/

Approved by:	ports-secteam (swills)
2018-01-23 13:10:32 +00:00
Jan Beich
3d9e079705 MFH: r458997
x11-drivers/xf86-video-intel: update to 2.99.917.20180111

Changes:	https://cgit.freedesktop.org/xorg/driver/xf86-video-intel/log/?id=26f5406841f3
PR:		224621
Approved by:	maintainer timeout (2 weeks)
Approved by:	ports-secteam (swills)
2018-01-23 01:00:30 +00:00
Jan Beich
8ecd7a1fe9 MFH: r459717
emulators/citra: update to s20180122

Changes:	bf4e35b9...0e8c25fd
Approved by:	ports-secteam (swills, implicit for snapshots)
2018-01-23 00:52:40 +00:00
Jan Beich
4767702132 MFH: r459713
emulators/rpcs3: update to 0.0.4.275

Changes:	f908daf32...4f0179471
Approved by:	ports-secteam (junovitch, implicit for snapshots)
2018-01-23 00:35:21 +00:00
Jan Beich
03f25078a2 MFH: r459118 r459392
www/firefox: update to 58.0

Changes:	https://www.mozilla.org/firefox/58.0/releasenotes/
PR:		223425
Tested by:	Greg V, tobik
Security:	a891c5b4-3d7a-4de9-9c71-eef3fd698c77
Approved by:	ports-secteam (swills)
2018-01-23 00:02:59 +00:00
Jan Beich
b557a22b05 MFH: r459304 r459393
www/firefox-esr: update to 52.6.0

Changes:	https://www.mozilla.org/firefox/52.6.0/releasenotes/
Security:	a891c5b4-3d7a-4de9-9c71-eef3fd698c77
Approved by:	ports-secteam (swills)
2018-01-23 00:01:36 +00:00
Josh Paetzel
de9f55b885 MFH: r457864
Fix build with clang 6.0.0

Also avoids an endless loop in practice

PR:	224816
Submitted by:	dim

Approved by:	ports-secteam (swills)
2018-01-22 20:27:01 +00:00
Lars Engels
18e2956d44 MFH: r459410
net-mgmt/icinga2:

Update to 2.8.1
Changelog: https://github.com/Icinga/icinga2/blob/master/CHANGELOG.md

Approved by:	portmgr (swills)
2018-01-21 19:00:37 +00:00
Sunpoet Po-Chuan Hsieh
2acefb5955 MFH: r459349
Remove BROKEN, DEPRECATED and EXPIRATION_DATE

This port builds fine in poudriere.
This port depends on py-twisted and py-twistedCore has been removed from ports tree.

Approved by:	ports-secteam (swills)
2018-01-20 08:34:32 +00:00
Ben Woods
a2389f045c MFH: r459011 r459013 r459492
net-p2p/transmission-daemon: Mitigate DNS rebinding attack

Incorporate upstream pull request 468, proposed by Tavis Ormandy from
Google Project Zero, which mitigates this attack by requiring a host
whitelist for requests that cannot be proven to be secure, but it can
be disabled if a user does not want security.

PR:		225150
Submitted by:	Tavis Ormandy
Approved by:	crees (maintainer)
Obtained from:	https://github.com/transmission/transmission/pull/468#issuecomment-357098126
Security:	https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html

Add note to UPDATING for net-p2p/transmission-daemon explaining how to
allow client access with the new DNS rebinding mitigations.

PR:		225150
Security:	https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html

net-p2p/transmission-daemon: Improve UPDATING entry and add pkg-message

This will ensure users who do not read UPDATING are still presented with
the message about how to allow clients to connect to the daemon using
DNS when they upgrade the package.

PR:		225150
Reported by:	swills
Security:	https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html

Approved by:	ports-secteam (swills)
2018-01-20 01:28:56 +00:00
Jan Beich
6739b20a60 MFH: r459487
emulators/citra: update to s20180119

Changes:	93cca23d...bf4e35b9
Approved by:	ports-secteam (swills, implicit for snapshots)
2018-01-20 00:25:19 +00:00
Jan Beich
66626cb559 MFH: r459488
emulators/rpcs3: update to 0.0.4.270

Changes:	71f69d1d4...f908daf32
Approved by:	ports-secteam (junovitch, implicit for snapshots)
2018-01-20 00:23:58 +00:00
Steve Wills
0258aea96c Merge missed commit needed by r459482
MFH: r458139

security/rubygem-rbnacl4: create port

4.x version required by gitlab

PR:		224931
Submitted by:	Matthias Fechner <idefix@fechner.net> (maintainer)

Approved by:	ports-secteam (implicit)
2018-01-19 23:32:30 +00:00
Steve Wills
2f446f5a98 Pull in GitLab security update and all commits needed for it to run properly
Approved by:	ports-secteam (implicit)

MFH: r457863 r457866 r457872 r457873 r457876 r457879 r457890 r457898 r457899 r458098 r458142 r458267 r458333 r458634 r458650 r458652 r459076 r459170 r459191 r459256 r459284 r459288 r459346

textproc/rubygem-twitter-text: add required dependency on rubygem-idn-ruby

PR:		224838
Submitted by:	Matthias Fechner <idefix@fechner.net>

www/gitlab: fix Gemfile for updated dependencies

PR:		224836
Submitted by:	Matthias Fechner <idefix@fechner.net> (maintainer)

Add rubygem-redis3 3.3.5 (copied from rubygem-redis)

- Add PORTSCOUT

Add rubygem-jwt1 1.5.6 (copied from rubygem-jwt)

- Add PORTSCOUT

Update to 4.0.1

Changes:	https://github.com/redis/redis-rb/blob/master/CHANGELOG.md

Update to 2.1.0

Changes:	https://github.com/jwt/ruby-jwt/releases

Change RUN_DEPENDS from rubygem-redis and rubygem-jwt to rubygem-redis3 and rubygem-jwt1

- Bump PORTREVISION for dependency change

devel/rubygem-licensee: update to 9.6.0

PR:		224758
Approved by:	Matthias Fechner <idefix@fechner.net> (maintainer

www/gitlab: remove spurious newline

Reported by:	sunpoet
Pointyhat to:	swills

security/rubygem-rbnacl: update to 5.0.0

www/gitlab: fix Gemfile for updated dependencies

PR:		224932
Submitted by:	Matthias Fechner <idefix@fechner.net> (maintainer)

Fix Gemfile for rubygem-fog-core 2.0.0 update

- Bump PORTREVISION for package change

Fix Gemfile for rubygem-jquery-atwho-rails 1.5.4 update

- Bump PORTREVISION for package change

Fix Gemfile for rubygem-fog-google 1.0.0 update

- Bump PORTREVISION for package change

Fix gitlab issue by creating rubygem-licensee8

PR:		225047
Submitted by:	Matthias Fechner <idefix@fechner.net> (maintainer)

devel/rubygem-licensee: update to 9.7.0

PR:		224999
Approved by:	Matthias Fechner <idefix@fechner.net> (maintainer)

textproc/rubygem-rouge: update to 3.1.0

PR:		224785
Approved by:	maintainer timeout (kuriyama, > 2 weeks)

textproc/rubygem-rouge2: create port for 2.x ver

Needed by GitLab

textproc/rubygem-rouge2: add missing PKGNAMESUFFIX

Pointyhat to:	swills
Reported by:	antoine

textproc/rubygem-rouge2: add conflict

www/rubygem-gollum-lib: depend on 2.x version of rouge

This version is required by gollum-lib

www/gitlab: update to 10.1.6

Approved by:	idefix@fechner.net (maintainer, via private email)
Obtained from:	http://gitlab.toco-domains.de/FreeBSD/GitLab/commits/10.1
Security:	65fab89f-2231-46db-8541-978f4e87f32a

Mark CONFLICTS_INSTALL with rubygems-rouge2
2018-01-19 23:03:40 +00:00
Thomas Zander
be8ec228aa MFH: r458963
Update to upstream version 0.20.15 (bug fix release)

Detailed changelog:
http://git.musicpd.org/cgit/master/mpd.git/plain/NEWS?h=v0.20.15

PR:		225115
Submitted by:	dg@syrec.org

Approved by:	ports-secteam (swills)
2018-01-19 22:32:34 +00:00
Thomas Zander
1827fa3ee1 MFH: r458965
Update to upstream release 0.5.70 (update scrapers for several countries)

PR:		225039
Submitted by:	tad@vif.com

Approved by:	ports-secteam (swills)
2018-01-19 22:29:53 +00:00
Bernard Spil
b43cc25706 MFH: r459413
databases/mariadb55-server: Security update to 5.5.59

Security:	e3445736-fd01-11e7-ac58-b499baebfeaf
Security:	CVE-2018-2562
Security:	CVE-2018-2622
Security:	CVE-2018-2640
Security:	CVE-2018-2665
Security:	CVE-2018-2668

Approved by:	ports-secteam (swills)
2018-01-19 20:17:58 +00:00