- add man pages to the plist
- remove pkg-install and pkg-message from post-install
(the gpg symlink creation was violating stage)
- re-add INFO to Makefile
- use @mode instead of chmod to allow packaging setuid as user
While here, USE_GMAKE->USES=gmake, use OPTIONS_SUB instead of PLIST_SUB
and use %%PORTDOCS%% for help files as they do not exist with --disable-doc
Approved by: Jun Kuriyama (maintainer)
which is compatible with the soon to be removed rcs (5.7) in base/ and make
security/fwbuilder (which will not work with any rcs newer than 5.7)
depend on it.
- Pet portlint about pkg-plist.
- Use $STAGEDIR.
- Turn setuid knob to OptionsNG [1]
PR: ports/181495 [1]
Submitted by: Matthew Luckie <mjl@luckie.org.nz> [1]
This was due to a mistake in r319062 when porting the patch from 5.8 to 6.2
There is no active upstream for this patch. For reference here are the
changes made in the patch:
--- - 2013-10-03 11:07:21.262913573 -0500
+++ /tmp/zdiff.XXXXXXXXXX.STScEeSI 2013-10-03 11:07:21.000000000 -0500
@@ -183,7 +183,7 @@
if (ret < 0 || (size_t)ret >= sizeof(ccname))
return ENOMEM;
-+#ifdef USE_CCAPI
++#ifndef USE_CCAPI
old_umask = umask(0177);
tmpfd = mkstemp(ccname + strlen("FILE:"));
oerrno = errno;
PR: ports/180419
Reported by: Garrett Wollman <wollman@khavrinen.csail.mit.edu>
privilege separation as it causes crashes when using AES crypto devices.
This now uses 'yes' for UsePrivilegeSeparation instead of 'sandbox' by
default
Reminded by: Garrett Wollman
- add OPTIONS support
- add stage support
Changes:
- support snort 2.9.5
- Removed the need for jpgraph to display the pie chart
- Other code improvements
install absolute symlinks pointing to the stagedir! Poudriere has
been improved to check for this issue now.
With hat: portmgr
Reported by: madpilot, jpaetzel
- Use USES=gmake instead of USE_GMAKE
- Recreate distinfo (package modified without changing version)
- Recreate patches with makepatch
- Fix build on CURRENT
- Enable staging support
Approved by: wg (mentor)
- old USE_ZOPE knob support was removed from bsd.python.mk
- update CHANGES and bsd.sanity.mk accordingly
- add ZOPE options knob and use it in lang/py-mx-base
The work is done by Marcus von Appen, but any problems are mine.
Submitted by: mva (python ML)
- remove indefinite article from COMMENT
- align USE_PYDISTUTILS value in Makefile
- tab -> space change in pkg-descr:WWW
- update WWW to use https scheme in url to avoid redirect
- add trailing slash to WWW
All changes are non-functional.
- Bump PORTREVISION for dependency change
Note:
Due to the limitation that tcl and tk cannot be set together in USES,
I choose tk:wrapper. Though BUILD_DEPENDS and RUN_DEPENDS changes,
PACKAGE-DEPENDS-LIST (package dependencies) remains identical.
PR: ports/182251
Submitted by: Paul Schmehl <pauls@utdallas.edu> (maintainer)
- Drop LICENSE_FILE for a standard license (GPLv2)
- Respect CC and CFLAGS without patching of makefile (use MAKE_ARGS)
- Convert NOPORTDOCS -> PORT_OPTIONS:MDOCS, add OPTIONS_DEFINE
- Move "make test" under the wing of our standard regression-test target
- Generally cleanup Makefile and port description while I am here
- Convert to new OPTIONS framework
- Respect CC
- Cleanup compile warnings
- Pet portlint
- While I'm here, remove LICENSE_FILE for well-known licenses
- Use single space after WWW:
PR: ports/182158
Submitted by: Pavel Volkov <pavelivolkov@gmail.com> (maintainer)
on FreeBSD 10, and amd64 on earlier versions.
SSP_UNSAFE is added to disable in a port if it fails to build, but
this should only be used in rare circumstances such as kernel modules.
Otherwise, the port may just be failing due to lack of respecting
LDFLAGS.
On FreeBSD 10, this uses an ldscript in /usr/lib/libc.so to pull in
libssp_nonshared.a to address issues linking on i386 [1].
On earlier FreeBSD versions the WITH_SSP knob will add -lssp_nonshared
to LDFLAGS on i386. This is not needed on amd64. However, several hundred
ports do not currently respect LDFLAGS, so this support is disabled currently
as it causes build failures if a dependency is looking for the stack_chk
symbols.
Many thanks to jlh@ for this as he had many years of patience in getting
all of the necessary pieces [1][2] in.
[1] http://svnweb.freebsd.org/base/head/lib/libc/libc.ldscript?revision=251668&view=markup
PR: ports/138228 [2]
Submitted by: jlh (bsd.ssp.mk based on)
Reviewed by: bapt
With hat: portmgr
exp-runs done: 37 over a month on 91i386,91amd64,10i386,10amd64
- update seamonkey to 2.21
- update firefox-esr to 17.0.9
- enable GSTREAMER by default for html5 with h264/aac/mp3
- WEBRTC is now always built
- add PROFILE and TESTS options
Security: 7dfed67b-20aa-11e3-b8d8-0025905a4771
In collaboration with: Jan Beich <jbeich@tormail.org>
- While I'm here:
- Pet portlint: move USES downward
- Convert to new LIB_DEPENDS format
PR: ports/182096
Submitted by: LEVAI Daniel <leva@ecentrum.hu> (maintainer)
- Remove DEPRECATED and EXPIRATION_DATE
- Convert to new LIB_DEPENDS format
- Convert to new options framework
- Simplify DOC_EN and DOC_JA installation
Obtained from: NetBSD [1]
to check in udates to its .fwb files (they are saved but not checked into its
RCS database). This patch prefers rcs in base (/usr/bin/rcs) over GNU rcs
(/usr/local/bin/rcs).
gpgdir is a perl script that uses the CPAN GnuPG::Interface module
to encrypt and decrypt directories using a gpg key specified in ~/.gpgdirrc.
WWW: http://www.cipherdyne.org/gpgdir/
PR: ports/179187
Submitted by: Hakisho Nukama <nukama@gmail.com>
- While I'm here:
- Convert to new LIB_DEPENDS format
- Convert to new perl5 framework
PR: ports/177681
Submitted by: Tatsuki Makino <tatsuki_makino@hotmail.com> (maintainer)
- reflect license change: GPLv3 -> AGPLv3
- use new library dependencies syntax and remove
no more needed hacks for libssh dependency
- unmute installation commands
It's value is "--with-libiconv-prefix=/usr/local" for systems
before 100043 with ports libiconv and to use at systems post
100043 with base iconv it's value is "" (NULL).
Co-authors: bapt, madpilot and bsam (me)
after r254273
- Fix a bunch of ports to properly work after this
- Mark converters/libiconv as IGNORE for systems with iconv in libc
Reviewed by: bapt
Approved by: portmgr (bapt)
Discussed with: bapt, bsam (who both contributed ideas and code)
- update devel/subversion17 to 1.7.13 [1]
- add vuxml entry
Version 1.7.13
(29 Aug 2013, from /branches/1.7.x)
http://svn.apache.org/repos/asf/subversion/tags/1.7.13/CHANGES
User-visible changes:
- General
* merge: fix bogus mergeinfo with conflicting file merges (issue #4306)
* diff: fix duplicated path component in '--summarize' output (issue #4408)
* ra_serf: ignore case when checking certificate common names (r1514763)
- Server-side bugfixes:
* svnserve: fix creation of pid files (r1516556)
* mod_dav_svn: better status codes for commit failures (r1490684)
* mod_dav_svn: do not map requests to filesystem (r1512432 et al)
Developer-visible changes:
- General:
* support linking against gssapi on Solaris 10 (r1515068)
* don't use uninitialized variable to produce an error code (r1482282)
- Bindings:
* swig-pl: fix SVN::Client not honoring config file settings (r150744)
* swig-pl & swig-py: disable unusable svn_fs_set_warning_func (r1515119)
Version 1.8.3
(29 August 2013, from /branches/1.8.x)
http://svn.apache.org/repos/asf/subversion/tags/1.8.3/CHANGES
User-visible changes:
- Client- and server-side bugfixes:
* translation updates for Swedish
* enforce strict version equality between tools and libraries (r1502267)
* consistently output revisions as "r%ld" in error messags (r1499044 et al)
- Client-side bugfixes:
* status: always use absolute paths in XML output (issue #4398)
* ra_serf: 'svn log -v' fails with a 1.2.x server (issue #4044)
* ra_serf: fix crash when committing cp with deep deletion (issue #4400)
* diff: issue an error for files that can't fit in memory (r1513119 et al)
* svnmucc: generate proper error for mismatched URLs (r1511353)
* update: fix a crash when a temp file doesn't exist (r1513156)
* commit & update: improve sleep for timestamps performance (r1508438)
* diff: continue on missing or obstructing files (issue #4396)
* ra_serf: use runtime serf version for User-Agent (r1514315, r1514628)
* ra_serf: ignore case when checking certificate common names (r1514763)
* ra_serf: format distinguished names properly (r1514804)
* ra_serf: do not retry HTTP requests if we started to parse them (r1503318)
* ra_serf: output ssl cert verification failure reason (r1514785 et al)
* ra_serf: allow session reuse after SVN_ERR_CEASE_INVOCATION (r1502901)
* ra_serf: include library version in '--version' output (r1514295 et al)
* info: fix spurious error on wc root with child in conflict (r1515366)
- Server-side bugfixes:
* svnserve: fix creation of pid files (r1516556)
* svnadmin: fix output encoding in non-UTF8 environments (r1506966)
* svnsync: fix high memory usage when running over ra_serf (r1515249 et al)
* mod_dav_svn: do not map requests to filesystem (r1512432 et al)
* svnauthz: improve help strings (r1511272)
* fsfs: fixed manifest file growth with revprop changes (r1513874)
* fsfs: fix packed revprops causing loss of revprops (r1513879 et al)
- Other tool improvements and bugfixes:
* svnwcsub/irkerbridge: fix symlink attack via pid file (r175 from upstream)
Developer-visible changes:
- General:
* describe APR unimplemented errors as coming from APR (r1503010 et al)
* mod_dav_svn: update INSTALL to reflect configure defaults (r1515141)
* davautocheck: use the correct apxs binary by default (r1507889, r1507891)
- API changes:
* svn_config_walk_auth_data() config_dir arg: permit NULL (r1507382 et al)
- Bindings:
* swig-pl: fix SVN::Client not honoring config file settings (r150744)
* swig-pl & swig-py: disable unusable svn_fs_set_warning_func (r1515119)
Approved by: lev@ (explicit per PM)
Security: f8a913cc-1322-11e3-8ffa-20cf30e32f6d
CVE-2013-4277 [1]
1) Move -a from XMKMF command variable to a new XMKMF_ARGS variable.
For ports that don't need -a introduce USES=imake:notall.
This way ports no longer have to redefine XMKMF.
2) xmkmf -a runs imake with the flags in IMAKECPPFLAGS as extra arguments
to set CPP, CC and CXX. This creates the top Makefile, and then xmkmf
runs make Makefiles. This Makefiles target runs imake for each
subdirectory but these imake invocations did not have the flags from
IMAKECPPFLAGS so the resulting makefiles used the wrong C preprocessor
when clang is used (/usr/bin/cpp instead of /usr/local/bin/tradcpp).
Instead of letting xmkmf pass IMAKECPPFLAGS from the environment to
imake let imake handle IMAKECPPFLAGS itself just like it handles
IMAKEINCLUDE.
This exposed configure errors in x11-clocks/mouseclock and x11-wm/fvwm.
Approved by: portmgr (bapt)
2013-08-28 lang/gdc: Broken for more than 6 month
2013-08-31 net-im/cli-msn: MSN Messenger service terminated 30 APR 2013
2013-09-01 x11-toolkits/wxd: Depends on deprecated lang/gdc
2013-09-01 security/openvpn22: Please migrate to a newer OpenVPN version
2013-09-01 devel/dsss: Depends on expired lang/gdc
2013-09-01 graphics/qcamview: Broken on FreeBSD 8 and newer
2013-09-01 www/cacheboy15-devel: Broken on FreeBSD 8 and newer
2013-09-01 graphics/spcaview: Broken on FreeBSD 8 and newer
2013-09-01 comms/uticom: Broken on FreeBSD 8 and newer
2013-09-01 net/ipex: Broken on FreeBSD 8 and newer
2013-09-01 graphics/phpsview: Broken on FreeBSD 8 and newer
2013-09-01 misc/usbrh: Broken on FreeBSD 8 and newer
2013-09-01 net/atmsupport: Broken on FreeBSD 8 and newer
2013-09-01 comms/ib-kmod: Broken on FreeBSD 8 and newer
2013-09-01 net/libproxy-mozjs: Does not work with newer libxul
2013-09-01 www/helixplugin: Does not work with newer libxul
2013-09-01 deskutils/chmsee: Does not work with newer libxul
2013-09-01 www/moonshine: Does not work with newer libxul
2013-09-01 x11/ggiterm: Unmaintained and broken
2013-09-01 graphics/libggigcp: Unmaintained
2013-09-01 graphics/libggimisc: Unmaintained
2013-09-01 graphics/libggiwmh: Unmaintained
2013-09-01 devel/libgiigic: Unmaintained
2013-09-01 games/koth: Unmaintained
be IGNOREd regardless of PACKAGE_BUILDING. Soem have no MASTER_SITES
and require manual fetching, others are already marked RESTRICTED.
- Trim headers
- Convert some pre-fetch errors into IGNORE
- Remove needless quoting in java/jdk7-doc IGNORE
With hat: portmgr
- Only look at CKA_TRUST_SERVER_AUTH, _EMAIL_PROTECTION, and
_CODE_SIGNING attributes.
- Omit certificates that do not have any explicit trust value in these
three attributes; at least one of the purposes must mark the
certificate a trusted delegator.
- Validate that the trust is one of three known trust values, to become
aware of syntax changes in certdata.txt. If it is an unknown token,
abort with an error stating that the script must be updated.
- Check that we have at least 25 certificates in the output or abort.
This removes these two certificates that have "unknown"
(CKT_NSS_MUST_VERIFY_TRUST) in all three tokens, making them unfit as
trust anchors:
1 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA,
CN=TC TrustCenter Universal CA III
2 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network,
OU=http://www.usertrust.com,
CN=UTN-USERFirst-Network Applications
164 trusted certificates remain.
