graphics/tiff: Patch vulnerabilities
These two patches were obtained from OpenBSD. An additional CVE is not
yet addressed, but upstream indicates they are removing the gif2tiff
utility as the mitigation in the upcoming 4.0.7.
PR: 211113
Security: CVE-2016-5875
Security: CVE-2016-3186
Approved by: ports-secteam (with hat)
Add patches for CVE-2016-2334 and CVE-2016-2335.
While here, use PORTREVISION?= instead of PORTREVISION= to avoid needlessly
bumping PORTREVISION in archivers/p7zip-codec-rar.
PR: 211114
Submitted by: Piotr Kubaj <pkubaj@anongoth.pl>
Security: a9bcaf57-4a7b-11e6-97f7-5453ed2e2b49
Security: d706a3a3-4a7c-11e6-97f7-5453ed2e2b49
Approved by: ports-secteam (with hat)
postsrsd does not install shared libraries but the port uses
USE_LDCONFIG causing the following warning:
ldconfig: warning: /usr/local/lib/postsrsd: No such file or directory
Remove USE_LDCONFIG to compensate
PR: 211097
Reported by: Miroslav Lachman <000.fbsd quip cz>
Approved by: Krzysztof <ports bsdserwis com> (maintainer)
Approved by: portmgr (blanket)
Approved by: portmgr (blanket)
Update Samba 4.2, 4.3 and 4.4 to the lates version to address CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded).
Security: CVE-2016-2119
Approved by: ports-secteam (with hat)
sysutils/py-salt: add patches to handle runtime regressions in 2016.3.x
Fixes cron.file from upstream issue #34094/#34095 [1]. This will be in
2016.3.2.
- https://github.com/saltstack/salt/issues/34094
- https://github.com/saltstack/salt/pull/34095
Restore patch for upstream issue #33608. This was patched in 2016.3.0 but
removed in the maintainer update to 2016.3.1 in r417508. However the patch
has yet to be merged upstream. [2]
- https://github.com/saltstack/salt/issues/33608
PR: 210627 [1], 210395 [2]
Reported by: Andres Montalban <amontalban@gmail.com>
Approved by: Christer Edwards <christer.edwards@gmail.com> (maintainer)
Approved by: ports-secteam (with hat)
Add missing dependencies reported by stage-qa:
USE_XORG+= sm xinerama
devel/dbus (when GNOME option is enabled)
multimedia/gstreamer (when MMEDIA option is enabled)
graphics/poppler (-devel only, when PDFIMPORT option is enabled)
Add USES=ssl since this OpenOffice does use OpenSSL. The base and ports
versions of OpenSSL are both known to work. It is unknown if LibreSSL
works because the dependency ftp/curl does not currently build with
LibreSSL.
Replace one remaining path to a .jar file with ${JAVALIBDIR} in
CONFIGURE_ARGS.
Replace an absolute symlink with a relative one.
Re-align \ line continuation characters in *_DEPENDS after removal of
${PORTSDIR} from dependencies, and make a few other whitespace cleanups.
Approved by: ports-secteam (feld)
Add missing dependencies to pass `make stage-qa'.
Error: /usr/local/bin/cmake-gui is linked to /usr/local/lib/libexecinfo.so.1 from devel/libexecinfo but it is not declared as a dependency
Warning: you need USES+=execinfo
Error: /usr/local/bin/cmake-gui is linked to /usr/local/lib/libjsoncpp.so.1 from devel/jsoncpp but it is not declared as a dependency
Warning: you need LIB_DEPENDS+=libjsoncpp.so:devel/jsoncpp
Approved by: ports-secteam (junovitch, implicit)
Add missing dependencies to pass `make stage-qa'.
Error: /usr/local/bin/qtcreator is linked to /usr/local/lib/.mesa/libGL.so from graphics/libGL but it is not declared as a dependency
Warning: you need USE_GL+=gl
Error: /usr/local/lib/qtcreator/plugins/libCore.so is linked to /usr/local/lib/libQt5Help.so.5 from devel/qt5-help but it is not declared as a dependency
Warning: you need USE_QT5+=help
Error: /usr/local/lib/qtcreator/plugins/libCore.so is linked to /usr/local/lib/libQt5PrintSupport.so.5 from print/qt5-printsupport but it is not declared as a dependency
Warning: you need USE_QT5+=printsupport
Approved by: ports-secteam (junovitch)
Declare missing dependencies to pass `make stage-qa'.
Error: /usr/local/bin/qbs is linked to /usr/local/lib/libQt5Core.so.5 from devel/qt5-core but it is not declared as a dependency
Warning: you need USE_QT5+=core
Error: /usr/local/bin/qbs-config-ui is linked to /usr/local/lib/.mesa/libGL.so from graphics/libGL but it is not declared as a dependency
Warning: you need USE_GL+=gl
Error: /usr/local/lib/libqbscore.so.1.5.2 is linked to /usr/local/lib/libQt5Network.so.5 from net/qt5-network but it is not declared as a dependency
Warning: you need USE_QT5+=network
Approved by: ports-secteam (junovitch)
bsd.emacs.mk: Fix EMACS_VER for emacs-devel after r416838.
The value did not match the one in editors/emacs-devel, so ports such as
textproc/markdown-mode.el would fail `make build/run-depends` since the wrong
binary name would be looked for.
Approved by: ports-secteam (junovitch)
Gradle uses native-platform which has compiled its native component
with g++, and requires that libstdc++.so.6 is available. See
https://github.com/adammurdoch/native-platform/issues/8.
PR: 208471
MFH: r418287
Submitted by: Tobias Kortkamp <t@tobik.me>
Approved by: portmgr
do not strip binaries when building with DTRACE
stripping would destroy some probes and might result in instable
behaviour when trying to access those probes.
PR: 204314
Approved by: rene (mentor), maintainer-timeout
Approved by: ports-secteam (junovitch)
Take maintainership
Details:
mkvtoolnix shows spurious build issues due to a gcc-internal segfault
on the build cluster on 9.x. However, this is not perfectly
reproducible and on other hardware setups it builds reliably, so we
don't want to mark it broken on 9.x.
Taking maintainership so pkg-fallout won't continue spam the
multimedia@ mailing list.
Approved by: ports-secteam (junovitch)
security/rubygem-omniauth-saml: update from 1.5.0 to 1.6.0
- Ensure that subclasses of OmniAuth::Stategies::SAML are registered with OmniAuth as strategies
- Update ruby-saml to 1.3 to address CVE-2016-5697 (Signature wrapping attacks)
Approved by: junovitch (mentor)
Security: CVE-2016-5697
Approved by: ports-secteam (junovitch)
net-mgmt/nfsen: Improve default directory permissions
Also make it easier to install/run as another user.
PR: 210368
Approved by: ports-secteam (with hat)
www/rubygem-redmine_acts_as_taggable_on: Update to 1.1.0
This update changes to a different upstream fork where there is now
support for Redmine 3.x. This is maintained by the same author who
created the Redmine Knowledgebase plugin which requires this gem.
PR: 210644
Approved by: maintainer (zi)
Approved by: ports-secteam (with hat)
o update to 2.4.23
o disable build time stamp in favor of reproducible build
o remove obsolate scoreboard/status patch
o s/USE_OPENSSL=yes/USES=ssl/
o add OPTION for two new modules:
mod_proxy_hcheck (default=on)
mod_http2_proxy (experimental => default=off)
Changelog:
http://www.apache.org/dist/httpd/CHANGES_2.4.23
Approved by: ports-secteam (feld@)
Update to 1.8.7
- update internal expat to 2.2.0
- fix external solver
- fix build on freebsd pre 9.2
- fix warnings on armv6
- fix solver issue resulting in missing conflicts or reinstalling unneeded
packages
- add a mini summary at the end of the output
- Update to version 2.7.12
- Remove patch that is included upstream
- Switch USE_OPENSSL to USES= ssl [1]
- Update documentation for python27
- Don't set CPE_VERSION, default is PORTVERSION [1]
PR: 210685
Submitted by: wen@(myself), brnrd@ [1]
Exp-run by: antoine
Differential Revision: https://reviews.freebsd.org/D6994
Approved by: ports-secteam(feld@)
Bump PORTREVISION in security/pinentry and pinentry-qt4 after r415872.
r415872 changed the binary name that security/pinentry-qt4 installs without
bumping PORTREVISION in the affected ports, so if security/pinentry gets
rebuilt after this change but security/pinentry-qt4 is not the pinentry symlink
will be broken. Similarly, if one builds security/pinentry-qt{4,5} without
updating security/pinentry, the pinentry symlink will also be broken.
PR: 209556
Approved by: ports-secteam (feld)
