net/quagga: update 1.2.2 -> 1.2.3
- doc/security: Security announcements for 4 issues
- doc/security: Add a doc/security folder and template for announcements
- doc: Add commit message template, suitable for commit.template
- bgpd: remove stream_pnt use for notify data
- lib/privs: Remove of CAP_NET_BROADCAST forgot to decrement array count
- bgpd/security: debug print of received NOTIFY data can over-read msg array
- bgpd/security: fix infinite loop on certain invalid OPEN messages
- bgpd/security: Fix double free of unknown attribute
- bgpd/security: invalid attr length sends NOTIFY with data overrun
- zebra/redistribute: Implicit withdraw needs to be explicit if
update isn't sent
- doc: 'match aspath' should be 'match as-path'
- bgpd: fix SIGBUS
- bgpd: Fix mistake in NHT of connected IPv6 next-hops preventing
route advertisements
- Updated the protocol supported list
- lib/command: make config file robust more robust and kinder to system
- doc: Bring documentation on Zserv header up to date.
- bgpd: distance comment
- doc: Fix small but important logical mistake in community-list example
- doc: document that changing bgp distance needs a hard clear of routes
- bgpd: malformed attribute handling: don't pass on, and add missing notify
- lib/filter: change add/delete callback hooks to robustly delete
- Revert "lib: Fix Free Pointer dereference in lib/filter.c"
- infra/buildbot: allow bots to be picked out by installed compiler.
- infra/buildbot: Add bots, add JSON "env" config variable, poll
all git branches
- lib: ptr macro arg may need brackets in some cases
- distro/systemd: add man page ref and set config file permissions
- doc: Fix manpage number for ospfclient.
- vtysh: Fix spelling errors in strings flagged by lintian.
- doc: Tweak grammar in zebra manpage to keep lintian happy.
- vtysh: print error if PAM auth does not succeed
- lib/thread: get rid of the shallow-copy thread_fetch add a sane thread_main
- buildbot/master: use a helper generator for make cmd string list
- buildbot/master: fix the common steps
- buildbot/master: Add OBSD bot, and support for environment variable config
- build: AC_EGREPP_CPP actions wrong way around, worked by accident mostly.
- build: Work around illumos still shipping
Security: CVE-2018-5378, https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt
CVE-2018-5379, https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt
CVE-2018-5380, https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt
CVE-2018-5381, https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt
Approved by: portmgr (swills)
- Update net/asterisk13 to 13.19.0
- Move MASTER_SITES and WWW to https
- Add missing dependencies reported by stage-qa
Update asterisk13 to 13.19.1
Fixes a memory leak in the CDR functionality.
Approved by: ports-secteam (riggs)
www/waterfox: remove incompatible FF57 fix after r461852
error[E0609]: no field `for_non_inherited_property` on type `&mut values::computed::Context<'_>`
--> objdir/toolkit/library/i686-unknown-freebsd/release/build/style-ca3e0643edd5022b/out/properties.rs:79382:25
|
79382 | context.for_non_inherited_property =
| ^^^^^^^^^^^^^^^^^^^^^^^^^^
Reported by: pkg-fallout
Pointy hat to: jbeich (forgot to svn rm)
Approved by: ports-secteam blanket
net/rsync: Update to 3.1.3
Changelog:
SECURITY FIXES:
- Fixed a buffer overrun in the protocol's handling of xattr names and
ensure that the received name is null terminated.
- Fix an issue with --protect-args where the user could specify the arg in
the protected-arg list and short-circuit some of the arg-sanitizing code.
BUG FIXES:
- Don't output about a new backup dir without appropriate info verbosity.
- Fixed some issues with the sort functions in support/rsyncstats script.
- Added a way to specify daemon config lists (e.g. users, groups, etc) that
contain spaces (see "auth users" in the latest rsyncd.conf manpage).
- If a backup fails (e.g. full disk) rsync exits with an error.
- Fixed a problem with a doubled --fuzzy option combined with --link-dest.
- Avoid invalid output in the summary if either the start or end time had
an error.
- We don't allow a popt alias to affect the --daemon or --server options.
- Fix daemon exclude code to disallow attribute changes in addition to
disallowing transfers.
- Don't force nanoseconds to match if a non-transferred, non-checksummed
file only passed the quick-check w/o comparing nanosecods.
ENHANCEMENTS:
- Added the ability for rsync to compare nanosecond times in its file-check
comparisons, and added support nanosecond times on Mac OS X.
- Added a short-option (-@) for --modify-window.
- Added the --checksum-choice=NAME[,NAME] option to choose the checksum
algorithms.
- Added hashing of xattr names (with using -X) to improve the handling of
files with large numbers of xattrs.
- Added a way to filter xattr names using include/exclude/filter rules (see
the --xattrs option in the manpage for details).
- Added "daemon chroot|uid|gid" to the daemon config (in addition to the
old chroot|uid|gid settings that affect the daemon's transfer process).
- Added "syslog tag" to the daemon configuration.
- Some manpage improvements.
DEVELOPER RELATED:
- Tweak the "make" output when yodl isn't around to create the man pages.
- Changed an obsolete autoconf compile macro.
- Support newer yodl versions when converting man pages.
remove needless patch
*While here switch to DISTVERSION
PR: 225761
Reported by: os@ist.ac.at
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D14324
Approved by: ports-secteam (riggs)
multimedia/gtk-recordmydesktop: fix runtime
- fix runtime by correcting shebang line
- set LICENSE_FILE
- set NO_ARCH since this package does not contain platform dependent files
- seitch to USES=localbase and correct requred python version
- bump PORTREVISION to reflect package changes
PR: 220800
Reported by: timp87@gmail.com
Approved by: portmgr (riggs)
Update to 3.5.5
- Update Makefile and PLIST to be similar with python36
- Sort USES
- Remove CPE_*: all of them are default values
- Update PLIST_FILES: do not use %%
- Remove over-patched shebang fix of Lib/cgi.py
- Update http:// links in Makefile comments and patch files
Changes: https://docs.python.org/3.5/whatsnew/changelog.html
Security: 0fe70bcd-2ce3-46c9-a64b-4a7da097db07
Approved by: ports-secteam (riggs)
Update to 3.4.8
- Set PORTNAME to python and add PKGNAMESUFFIX
- Update Makefile and PLIST to be similar with python36
- Sort USES
- Remove CPE_*: all of them are default values
- Update PLIST_FILES: do not use %%
- Fix shebang:
- Update SHEBANG_FILES
- Remove over-patched shebang fix of Lib/cgi.py
- Update http:// links in Makefile comments and patch files
Changes: https://docs.python.org/3.4/whatsnew/changelog.html
Security: 0fe70bcd-2ce3-46c9-a64b-4a7da097db07
Approved by: ports-secteam (riggs)
net-p2p/libtorrent: Fix remote DoS
Calls into build_benocde that use %zu could crash on 64 bit machines
due to the size change of size_t.
Someone can force READ_ENC_IA to fail allowing an internal_error to
be thrown and bring down the client, throw handshake_error instead.
PR: 224664
Submitted by: Henry David Bartholomew <PopularMoment@protonmail.com>
Approved by: maintainer timeout (pipfstarrd@openmailbox.org, > 2 weeks)
Security: e4dd787e-0ea9-11e8-95f2-005056925db4
Approved by: ports-secteam (eadler)
devel/libftdi: Fix build without PYTHON after r451798
BINARY_ALIAS is set unconditionally but swig3.0 is only available with
PYTHON=on and create-binary-alias will fail when it is missing.
PR: 225524
Reported by: johan@stromnet.se
Approved by: ports-secteam blanket
devel/flang: Update to a later development snapshot.
Contains various improvements and fixes over the last two months.
Reported by: Rainer Hurling <rhurlin@gwdg.de>
Reviewed by: swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D13727
devel/flang-clang: Update to a new snapshot and fix pkg-plist to match the recent upgrade of LLVM 5.0.0 to 5.0.1. Update requires patch to remove -ldl.
devel/flang: Bump PORTREVISION to force recompilation after the above companion compiler update.
PR: 225174 (for the LLVM 5.0.1)
Approved by: swills (mentor, implicit)
Approved by: ports-secteam
www/palemoon: Update LICENSE_PERMS
Upstream forbids distribution of this package with their branding unless
we are able to fully comply with the requirements of building against
all of the libraries in their tree. This is untenable so we will block
distribution for now and work on disabling branding.
PR: 225717
emulators/rpcs3: switch to llvm50
LLVM PPU is still unstable on FreeBSD, so allow users to play with
different versions of it. By default use the same version as Mesa.
Approved by: ports-secteam (feld)
