- Do not use easyinstall
- Do not installed zipped egg [1]
- Bump PORTREVISION for package change
- Cleanup Makefile header
Requested by: olgeni [1]
Tested by: olgeni
Right now this is a noop in the former case and a noop in the latter
case unless lang/gcc44 has been installed explicitly.
This puts a bit more emphasis on standardizing on a canonical version
"current" GCC and makes it easier to update that canonical version
by changing the default in Mk/bsd.gcc.mk and updating the lang/gcc port.
That is, USE_GCC=yes means "use a decent/modern version of GCC" without
having to worry about details.
Approved by: portmgr (bdrewery)
incorrect, and the topic description does not need too many details
since that is explained in the description itself.
Also correct the url's since c comes before u ;-)
Prodded by: stas
"make fetch" failure on non-POSIX-compliant SHELL:
1. Replace ${SHELL} by ${SH} so the fetchwrapper.sh gets executed with a
POSIX-compliant shell (such as /bin/sh)
2. Just because it's meant that way, add an svn:executable=* property
on files/fetchwrapper.sh.
PR: ports/181252
Reported by: Mike Harding (private email)
unfortunately, doing it correctly requires GNU make (for order-only
prerequisites)
- Standardize Makefile header, define LICENSE (MIT)
- Install somewhat more complete set of portdocs
- Install manpages relative to MANPREFIX
- While here, convert to OptionsNG, utilize PORTDOCS, remove pkg-plist,
and generally cleanup port's Makefile
- update firefox-esr, thunderbird and libxul to 17.0.8
- update seamonkey to 2.20
- fix plist for *-i18n
Security: 0998e79d-0055-11e3-905b-0025905a4771
In collaboration with: Jan Beich <jbeich@tormail.org>
Quoting the upstream's change log:
- Security fix: prevent a nefarious SSH server or network attacker from
crashing PuTTY at startup in three different ways by presenting a maliciously
constructed public key and signature.
- Security fix: PuTTY no longer retains the private half of users' keys in
memory by mistake after authenticating with them.
- Revamped the internal configuration storage system to remove all fixed
arbitrary limits on string lengths. In particular, there should now no longer
be an unreasonably small limit on the number of port forwardings PuTTY can
store.
- Port-forwarded TCP connections which close one direction before the other
should now be reliably supported, with EOF propagated independently in the
two directions. This also fixes some instances of port-forwarding data
corruption (if the corruption consisted of losing data from the very end of
the connection) and some instances of PuTTY failing to close when the session
is over (because it wrongly thought a forwarding channel was still active
when it was not).
- The terminal emulation now supports xterm's bracketed paste mode (allowing
aware applications to tell the difference between typed and pasted text, so
that e.g. editors need not apply inappropriate auto-indent).
- You can now choose to display bold text by both brightening the foreground
colour and changing the font, not just one or the other. - PuTTYgen will now
never generate a 2047-bit key when asked for 2048 (or more generally n−1 bits
when asked for n).
- Some updates to default settings: PuTTYgen now generates 2048-bit keys by
default (rather than 1024), and PuTTY defaults to UTF-8 encoding and 2000
lines of scrollback (rather than ISO 8859-1 and 200).
- Unix: PSCP and PSFTP now preserve the Unix file permissions, on copies in
both directions.
- Unix: dead keys and compose-character sequences are now supported.
- Unix: PuTTY and pterm now permit font fallback (where glyphs not present in
your selected font are automatically filled in from other fonts on the
system) even if you are using a server-side X11 font rather than a Pango
client-side one.
- Bug fixes too numerous to list, mostly resulting from running the code
through Coverity Scan which spotted an assortment of memory and resource
leaks, logic errors, and crashes in various circumstances.
Security: 4b448a96-ff73-11e2-b28d-080027ef73ec
Security: CVE-2013-4206
Security: CVE-2013-4207
Security: CVE-2013-4208
Security: CVE-2013-4852
per port extra changes:
devel/p5-Perl-Version remove outage PERL_LEVEL check
devel/p5-Devel-LeakTrace-Fast remove perl version requiment 5.12.0- (no need in current version)
Approved by: lth@ (maintainer)
was done for security/tor-devel in r322977; remove some problematic mirrors;
update Makefile idioms (gmake, LIB_DEPENDS, etc.); attempt to remove leftovers
in /var during deinstallation [1]
Reported by: miwi [1]
- some small Makefile cleanups
- add vuxml entry
Vulnerability Types: Cross-Site Scripting, Remote Code Execution
Overall Severity: Critical
Vulnerable subcomponent: Third Party Libraries used for audio and video playback
Affected Versions: All versions from 4.5.0 up to the development branch of 6.2
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Vulnerable subcomponent: Backend File Upload / File Abstraction Layer
Vulnerability Type: Remote Code Execution by arbitrary file creation
Affected Versions: All versions from 6.0.0 up to the development branch of 6.2
Severity: Critical
PR: ports/180951
ports/180952
ports/180953
Submitted by: Helmut Ritter <freebsd-ports@charlieroot.de> (maintainer)
Security: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/
CVE-2011-3642
CVE-2013-1464
ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.5/phpMyAdmin-4.0.5-notes.html/download
SecurityAdvisory: http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php
- Deprecate databases/phpmyadmin35
This version is vulnerable to the 'clickjacking protection bypass'
problem fixed in 4.0.5, but the development team will not be
publishing a fix. "We have no solution for 3.5.x, due to the proposed
solution requiring JavaScript. We don't want to introduce a dependency
to JavaScript in the 3.5.x family."
Therefore deprecate this port and set expiry for one month. Please
upgrade to 4.0.5 instead.
Security: 17326fd5-fcfb-11e2-9bb9-6805ca0b3d42
below 3.2.2 was a match, including all 2.7.x versions. It also appears that
there is no puppet27 version, just puppet-2.7.x and puppet-3.2.x instead.
Bump modification date.
PR: 180958
Submitted by: Kan Sasaki <sasaki@fcc.ad.jp>
- Remove PORTEXAMPLES. pkg-plist was broken due to it[*].
- Add extra patches for EMULATOR option.
- Create /var/run/{tpm,ima} in rc.d/tcsd script.
Spotted by: antoine [*]
- bring in upstream fixes, including the fix for crash on 1st launch
- mark that it is not ready for python 3 yet
- no need to patch the shellbang, distutils do this already
and cannot be read by the www user. According to hier(7):
db/ misc. automatically generated system-specific database files
so /var/db seems like the best choice
The maintainer provided a new download location for his three ports after
a site reorganization broke fetching for two of them. In addition to
updating the MASTER_SITES, other cleanups where performed:
* Trim Headers
* Convert USE_GMAKE to USES+=gmake
* Convert NOPORTDOCS to options DOCS
* Removed unterminated string in courierpassd makefile
* Removed empty strings in courierpassd makefile
PR: ports/179670
Approved by: bapt / culot (mentors, implicit)
for the time being. Update the COMMENT to match the official description.
NB: v0.4.2 is pretty ancient (ca. 2004 according to sf.net), and there is
0.4.7-2 available (as of 2013-01-05).
dependencies; respect CFLAGS in a better way
- Define LICENSE (GPLv2) and remove it from portdocs
- Unbreak the build against Clang (remove one inline statement)
- Cleanup the port, pkg-message, and pkg-descr while here
- Do not mention ancient versions of FreeBSD in pkg-message
Reported by: pointyhat-west
Unfortunately, this also affects some ports using QT3 as a GUI toolkit.
Changes to infrastructure files:
- bsd.kde.mk : obsolete, remove
- bsd.qt.mk : note that a CONFLICTS_BUILD line can probably go after a while
- CHANGES : document the removals from bsd.port.mk
- KNOBS : remove KDE and QT (KDE4 and QT4 should be used instead)
- MOVED : add the removed ports
PR: ports/180745
Submitted by: rene
Approved by: portmgr (bapt)
Exp-run by: bapt
system. It uses Extension() to compile a shared library that is not a
Python extension module, and then uses ctypes to talk to the library. With
luck it will only be necessary to compile ed25519ll once for each
platform, reusing its shared library across Python versions.
This wrapper also contains a reasonably performat pure-Python
fallback. Unlike the reference implementation, the Python implementation
does not contain protection against timing attacks.
WWW: http://bitbucket.org/dholth/ed25519ll/
Build logs: http://goo.gl/zv5y7K
This is a security release by upstream, and requires configuration changes
in addition to the software update. See UPDATING.
Reviewed by: ports-security (zi, remko)
Approved by: hrs (mentor, ports committer)
It was not possible to generate libsparkcrypto documentation before the
textproc/adabrowse port was created. Now that AdaBrowse is available,
add a "DOCS" options to generate the documentation.
While here, convert USE_GMAKE to USES+=gmake and fix DESTDIR to work
properly instead of installing during the build phase. The Makefile
also had to altered to install the documentation as well.
Approved by: bapt (mentor)
- new modules: mod_cache_socache, mod_macro and mod_proxy_wstunnel
- add enty to vuxml
SECURITY: CVE-2013-1896 (cve.mitre.org)
mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault.
SECURITY: CVE-2013-2249 (cve.mitre.org)
mod_session_dbd: Make sure that dirty flag is respected when saving
sessions, and ensure the session ID is changed each time the session
changes. This changes the format of the updatesession SQL statement.
Existing configurations must be changed.
Changelog:
http://www.apache.org/dist/httpd/CHANGES_2.4.6
with hat apache@
Security: ca4d63fb-f15c-11e2-b183-20cf30e32f6d
option defaults to yes during interactive installation, and the crontab
file is not installed during non-interactive installation.
Requested by: espen@tagestad.no (via email)
main.c: In function 'main':
main.c:360: warning: passing argument 1 of 'smfi_setconn' discards qualifiers from pointer target type
main.c:398: error: 'false' undeclared (first use in this function)
main.c:398: error: (Each undeclared identifier is reported only once
main.c:398: error: for each function it appears in.)
*** [amavisd_milter-main.o] Error code 1
Reported by: pkg-fallout
there are too many differences in behavior when using re2.
I'm bumping PORTREVISION here because the port is bumped so infrequently
that I don't want to wait for a more significant change to get this port
back in line with the rest of the yara using world.
- Update devel/gettext to 0.18.3
- Fix known-broken (from exp-runs) ports
- Clean up a lot of cruft in the devel/gettext port itself,
based on work from tijl@
PR: 178883
Submitted by: ade
Sponsored by: Wadsworth 6X
- Drop ABI versions from LIB_DEPENDS
- OptionsNG
- Pet portlint
- Switch to dynamic plist where useful
- Canonicalize patch names
- Fix DOS line endings in patch files
While I'm here, also trim the headers on a couple of ports and remove
a reference to the Dragonlace mirror which is down indefinitely.
Approved by: bapt (mentor)
2013-07-11 databases/embedded_innodb: The Embedded InnoDB project was terminated a few years ago
2013-07-11 print/lyx16: Unmaintained upstream, upgrading to the 2.x series is advised
2013-07-11 security/py-crack: Superseded by security/py-cracklib
- update vuxml with additional CVE-2013-1896 entry
Changes with Apache 2.2.25
http://www.apache.org/dist/httpd/CHANGES_2.2.25
*) SECURITY: CVE-2013-1896 (cve.mitre.org)
mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault. [Ben Reser
<ben reser.org>]
*) SECURITY: CVE-2013-1862 (cve.mitre.org)
mod_rewrite: Ensure that client data written to the RewriteLog is
escaped to prevent terminal escape sequences from entering the
log file. [Eric Covener, Jeff Trawick, Joe Orton]
*) core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer
strings. The default limit for ap_pregsub() can be adjusted at compile
time by defining AP_PREGSUB_MAXLEN. [Stefan Fritsch, Jeff Trawick]
*) core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization
on Linux kernel versions 3.x and above. PR 55121. [Bradley Heilbrun
<apache heilbrun.org>]
*) mod_setenvif: Log error on substitution overflow.
[Stefan Fritsch]
*) mod_ssl/proxy: enable the SNI extension for backend TLS connections
[Kaspar Brand]
*) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
forwarding to SSL backends. PR 53134.
[Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
*) mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
in the error log to debug level. [William Rowe]
*) mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
with SSLProxyMachineCertificateFile/Path directives. PR 52212, PR 54698.
[Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]
*) mod_proxy_balancer: Added balancer parameter failontimeout to allow server
admin to configure an IO timeout as an error in the balancer.
[Daniel Ruggeri]
*) mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind
password. [Daniel Ruggeri]
*) htdigest: Fix buffer overflow when reading digest password file
with very long lines. PR 54893. [Rainer Jung]
*) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
[Timothy Wood <tjw omnigroup.com>]
*) mod_dav: Make sure that when we prepare an If URL for Etag comparison,
we compare unencoded paths. PR 53910 [Timothy Wood <tjw omnigroup.com>]
*) mod_dav: Sending an If or If-Match header with an invalid ETag doesn't
result in a 412 Precondition Failed for a COPY operation. PR54610
[Timothy Wood <tjw omnigroup.com>]
*) mod_dav: When a PROPPATCH attempts to remove a non-existent dead
property on a resource for which there is no dead property in the same
namespace httpd segfaults. PR 52559 [Diego Santa Cruz
<diego.santaCruz spinetix.com>]
*) mod_dav: Do not fail PROPPATCH when prop namespace is not known.
PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
*) mod_dav: Do not segfault on PROPFIND with a zero length DBM.
PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
PR: ports/180248
Submitted by: Jason Helfman jgh@
- Change pkgconfig:build to pkgconfig since it's the same and it's bad practice.
It accidentally slipped in during the original introduction
- Trim header
Update to apache22-2.2.25 is ready to commit.
Until now there is no official announcement from apache.org
so we hold the update back until we have official checksums.
This was causing the "Undefined symbol '_'" message when hitting ^C or
entering an incorect command.
PR: ports/180262
Submitted by: Christophe Juniet <c.juniet@gmail.com>
