- add OPTIONS support
- add stage support
Changes:
- support snort 2.9.5
- Removed the need for jpgraph to display the pie chart
- Other code improvements
install absolute symlinks pointing to the stagedir! Poudriere has
been improved to check for this issue now.
With hat: portmgr
Reported by: madpilot, jpaetzel
- Use USES=gmake instead of USE_GMAKE
- Recreate distinfo (package modified without changing version)
- Recreate patches with makepatch
- Fix build on CURRENT
- Enable staging support
Approved by: wg (mentor)
- old USE_ZOPE knob support was removed from bsd.python.mk
- update CHANGES and bsd.sanity.mk accordingly
- add ZOPE options knob and use it in lang/py-mx-base
The work is done by Marcus von Appen, but any problems are mine.
Submitted by: mva (python ML)
- remove indefinite article from COMMENT
- align USE_PYDISTUTILS value in Makefile
- tab -> space change in pkg-descr:WWW
- update WWW to use https scheme in url to avoid redirect
- add trailing slash to WWW
All changes are non-functional.
- Bump PORTREVISION for dependency change
Note:
Due to the limitation that tcl and tk cannot be set together in USES,
I choose tk:wrapper. Though BUILD_DEPENDS and RUN_DEPENDS changes,
PACKAGE-DEPENDS-LIST (package dependencies) remains identical.
PR: ports/182251
Submitted by: Paul Schmehl <pauls@utdallas.edu> (maintainer)
- Drop LICENSE_FILE for a standard license (GPLv2)
- Respect CC and CFLAGS without patching of makefile (use MAKE_ARGS)
- Convert NOPORTDOCS -> PORT_OPTIONS:MDOCS, add OPTIONS_DEFINE
- Move "make test" under the wing of our standard regression-test target
- Generally cleanup Makefile and port description while I am here
- Convert to new OPTIONS framework
- Respect CC
- Cleanup compile warnings
- Pet portlint
- While I'm here, remove LICENSE_FILE for well-known licenses
- Use single space after WWW:
PR: ports/182158
Submitted by: Pavel Volkov <pavelivolkov@gmail.com> (maintainer)
on FreeBSD 10, and amd64 on earlier versions.
SSP_UNSAFE is added to disable in a port if it fails to build, but
this should only be used in rare circumstances such as kernel modules.
Otherwise, the port may just be failing due to lack of respecting
LDFLAGS.
On FreeBSD 10, this uses an ldscript in /usr/lib/libc.so to pull in
libssp_nonshared.a to address issues linking on i386 [1].
On earlier FreeBSD versions the WITH_SSP knob will add -lssp_nonshared
to LDFLAGS on i386. This is not needed on amd64. However, several hundred
ports do not currently respect LDFLAGS, so this support is disabled currently
as it causes build failures if a dependency is looking for the stack_chk
symbols.
Many thanks to jlh@ for this as he had many years of patience in getting
all of the necessary pieces [1][2] in.
[1] http://svnweb.freebsd.org/base/head/lib/libc/libc.ldscript?revision=251668&view=markup
PR: ports/138228 [2]
Submitted by: jlh (bsd.ssp.mk based on)
Reviewed by: bapt
With hat: portmgr
exp-runs done: 37 over a month on 91i386,91amd64,10i386,10amd64
- update seamonkey to 2.21
- update firefox-esr to 17.0.9
- enable GSTREAMER by default for html5 with h264/aac/mp3
- WEBRTC is now always built
- add PROFILE and TESTS options
Security: 7dfed67b-20aa-11e3-b8d8-0025905a4771
In collaboration with: Jan Beich <jbeich@tormail.org>
- While I'm here:
- Pet portlint: move USES downward
- Convert to new LIB_DEPENDS format
PR: ports/182096
Submitted by: LEVAI Daniel <leva@ecentrum.hu> (maintainer)
- Remove DEPRECATED and EXPIRATION_DATE
- Convert to new LIB_DEPENDS format
- Convert to new options framework
- Simplify DOC_EN and DOC_JA installation
Obtained from: NetBSD [1]
to check in udates to its .fwb files (they are saved but not checked into its
RCS database). This patch prefers rcs in base (/usr/bin/rcs) over GNU rcs
(/usr/local/bin/rcs).
gpgdir is a perl script that uses the CPAN GnuPG::Interface module
to encrypt and decrypt directories using a gpg key specified in ~/.gpgdirrc.
WWW: http://www.cipherdyne.org/gpgdir/
PR: ports/179187
Submitted by: Hakisho Nukama <nukama@gmail.com>
- While I'm here:
- Convert to new LIB_DEPENDS format
- Convert to new perl5 framework
PR: ports/177681
Submitted by: Tatsuki Makino <tatsuki_makino@hotmail.com> (maintainer)
- reflect license change: GPLv3 -> AGPLv3
- use new library dependencies syntax and remove
no more needed hacks for libssh dependency
- unmute installation commands
It's value is "--with-libiconv-prefix=/usr/local" for systems
before 100043 with ports libiconv and to use at systems post
100043 with base iconv it's value is "" (NULL).
Co-authors: bapt, madpilot and bsam (me)
after r254273
- Fix a bunch of ports to properly work after this
- Mark converters/libiconv as IGNORE for systems with iconv in libc
Reviewed by: bapt
Approved by: portmgr (bapt)
Discussed with: bapt, bsam (who both contributed ideas and code)
- update devel/subversion17 to 1.7.13 [1]
- add vuxml entry
Version 1.7.13
(29 Aug 2013, from /branches/1.7.x)
http://svn.apache.org/repos/asf/subversion/tags/1.7.13/CHANGES
User-visible changes:
- General
* merge: fix bogus mergeinfo with conflicting file merges (issue #4306)
* diff: fix duplicated path component in '--summarize' output (issue #4408)
* ra_serf: ignore case when checking certificate common names (r1514763)
- Server-side bugfixes:
* svnserve: fix creation of pid files (r1516556)
* mod_dav_svn: better status codes for commit failures (r1490684)
* mod_dav_svn: do not map requests to filesystem (r1512432 et al)
Developer-visible changes:
- General:
* support linking against gssapi on Solaris 10 (r1515068)
* don't use uninitialized variable to produce an error code (r1482282)
- Bindings:
* swig-pl: fix SVN::Client not honoring config file settings (r150744)
* swig-pl & swig-py: disable unusable svn_fs_set_warning_func (r1515119)
Version 1.8.3
(29 August 2013, from /branches/1.8.x)
http://svn.apache.org/repos/asf/subversion/tags/1.8.3/CHANGES
User-visible changes:
- Client- and server-side bugfixes:
* translation updates for Swedish
* enforce strict version equality between tools and libraries (r1502267)
* consistently output revisions as "r%ld" in error messags (r1499044 et al)
- Client-side bugfixes:
* status: always use absolute paths in XML output (issue #4398)
* ra_serf: 'svn log -v' fails with a 1.2.x server (issue #4044)
* ra_serf: fix crash when committing cp with deep deletion (issue #4400)
* diff: issue an error for files that can't fit in memory (r1513119 et al)
* svnmucc: generate proper error for mismatched URLs (r1511353)
* update: fix a crash when a temp file doesn't exist (r1513156)
* commit & update: improve sleep for timestamps performance (r1508438)
* diff: continue on missing or obstructing files (issue #4396)
* ra_serf: use runtime serf version for User-Agent (r1514315, r1514628)
* ra_serf: ignore case when checking certificate common names (r1514763)
* ra_serf: format distinguished names properly (r1514804)
* ra_serf: do not retry HTTP requests if we started to parse them (r1503318)
* ra_serf: output ssl cert verification failure reason (r1514785 et al)
* ra_serf: allow session reuse after SVN_ERR_CEASE_INVOCATION (r1502901)
* ra_serf: include library version in '--version' output (r1514295 et al)
* info: fix spurious error on wc root with child in conflict (r1515366)
- Server-side bugfixes:
* svnserve: fix creation of pid files (r1516556)
* svnadmin: fix output encoding in non-UTF8 environments (r1506966)
* svnsync: fix high memory usage when running over ra_serf (r1515249 et al)
* mod_dav_svn: do not map requests to filesystem (r1512432 et al)
* svnauthz: improve help strings (r1511272)
* fsfs: fixed manifest file growth with revprop changes (r1513874)
* fsfs: fix packed revprops causing loss of revprops (r1513879 et al)
- Other tool improvements and bugfixes:
* svnwcsub/irkerbridge: fix symlink attack via pid file (r175 from upstream)
Developer-visible changes:
- General:
* describe APR unimplemented errors as coming from APR (r1503010 et al)
* mod_dav_svn: update INSTALL to reflect configure defaults (r1515141)
* davautocheck: use the correct apxs binary by default (r1507889, r1507891)
- API changes:
* svn_config_walk_auth_data() config_dir arg: permit NULL (r1507382 et al)
- Bindings:
* swig-pl: fix SVN::Client not honoring config file settings (r150744)
* swig-pl & swig-py: disable unusable svn_fs_set_warning_func (r1515119)
Approved by: lev@ (explicit per PM)
Security: f8a913cc-1322-11e3-8ffa-20cf30e32f6d
CVE-2013-4277 [1]
1) Move -a from XMKMF command variable to a new XMKMF_ARGS variable.
For ports that don't need -a introduce USES=imake:notall.
This way ports no longer have to redefine XMKMF.
2) xmkmf -a runs imake with the flags in IMAKECPPFLAGS as extra arguments
to set CPP, CC and CXX. This creates the top Makefile, and then xmkmf
runs make Makefiles. This Makefiles target runs imake for each
subdirectory but these imake invocations did not have the flags from
IMAKECPPFLAGS so the resulting makefiles used the wrong C preprocessor
when clang is used (/usr/bin/cpp instead of /usr/local/bin/tradcpp).
Instead of letting xmkmf pass IMAKECPPFLAGS from the environment to
imake let imake handle IMAKECPPFLAGS itself just like it handles
IMAKEINCLUDE.
This exposed configure errors in x11-clocks/mouseclock and x11-wm/fvwm.
Approved by: portmgr (bapt)
2013-08-28 lang/gdc: Broken for more than 6 month
2013-08-31 net-im/cli-msn: MSN Messenger service terminated 30 APR 2013
2013-09-01 x11-toolkits/wxd: Depends on deprecated lang/gdc
2013-09-01 security/openvpn22: Please migrate to a newer OpenVPN version
2013-09-01 devel/dsss: Depends on expired lang/gdc
2013-09-01 graphics/qcamview: Broken on FreeBSD 8 and newer
2013-09-01 www/cacheboy15-devel: Broken on FreeBSD 8 and newer
2013-09-01 graphics/spcaview: Broken on FreeBSD 8 and newer
2013-09-01 comms/uticom: Broken on FreeBSD 8 and newer
2013-09-01 net/ipex: Broken on FreeBSD 8 and newer
2013-09-01 graphics/phpsview: Broken on FreeBSD 8 and newer
2013-09-01 misc/usbrh: Broken on FreeBSD 8 and newer
2013-09-01 net/atmsupport: Broken on FreeBSD 8 and newer
2013-09-01 comms/ib-kmod: Broken on FreeBSD 8 and newer
2013-09-01 net/libproxy-mozjs: Does not work with newer libxul
2013-09-01 www/helixplugin: Does not work with newer libxul
2013-09-01 deskutils/chmsee: Does not work with newer libxul
2013-09-01 www/moonshine: Does not work with newer libxul
2013-09-01 x11/ggiterm: Unmaintained and broken
2013-09-01 graphics/libggigcp: Unmaintained
2013-09-01 graphics/libggimisc: Unmaintained
2013-09-01 graphics/libggiwmh: Unmaintained
2013-09-01 devel/libgiigic: Unmaintained
2013-09-01 games/koth: Unmaintained
be IGNOREd regardless of PACKAGE_BUILDING. Soem have no MASTER_SITES
and require manual fetching, others are already marked RESTRICTED.
- Trim headers
- Convert some pre-fetch errors into IGNORE
- Remove needless quoting in java/jdk7-doc IGNORE
With hat: portmgr
- Only look at CKA_TRUST_SERVER_AUTH, _EMAIL_PROTECTION, and
_CODE_SIGNING attributes.
- Omit certificates that do not have any explicit trust value in these
three attributes; at least one of the purposes must mark the
certificate a trusted delegator.
- Validate that the trust is one of three known trust values, to become
aware of syntax changes in certdata.txt. If it is an unknown token,
abort with an error stating that the script must be updated.
- Check that we have at least 25 certificates in the output or abort.
This removes these two certificates that have "unknown"
(CKT_NSS_MUST_VERIFY_TRUST) in all three tokens, making them unfit as
trust anchors:
1 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA,
CN=TC TrustCenter Universal CA III
2 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network,
OU=http://www.usertrust.com,
CN=UTN-USERFirst-Network Applications
164 trusted certificates remain.
- Do not use easyinstall
- Do not installed zipped egg [1]
- Bump PORTREVISION for package change
- Cleanup Makefile header
Requested by: olgeni [1]
Tested by: olgeni
Right now this is a noop in the former case and a noop in the latter
case unless lang/gcc44 has been installed explicitly.
This puts a bit more emphasis on standardizing on a canonical version
"current" GCC and makes it easier to update that canonical version
by changing the default in Mk/bsd.gcc.mk and updating the lang/gcc port.
That is, USE_GCC=yes means "use a decent/modern version of GCC" without
having to worry about details.
Approved by: portmgr (bdrewery)
incorrect, and the topic description does not need too many details
since that is explained in the description itself.
Also correct the url's since c comes before u ;-)
Prodded by: stas
"make fetch" failure on non-POSIX-compliant SHELL:
1. Replace ${SHELL} by ${SH} so the fetchwrapper.sh gets executed with a
POSIX-compliant shell (such as /bin/sh)
2. Just because it's meant that way, add an svn:executable=* property
on files/fetchwrapper.sh.
PR: ports/181252
Reported by: Mike Harding (private email)
unfortunately, doing it correctly requires GNU make (for order-only
prerequisites)
- Standardize Makefile header, define LICENSE (MIT)
- Install somewhat more complete set of portdocs
- Install manpages relative to MANPREFIX
- While here, convert to OptionsNG, utilize PORTDOCS, remove pkg-plist,
and generally cleanup port's Makefile
- update firefox-esr, thunderbird and libxul to 17.0.8
- update seamonkey to 2.20
- fix plist for *-i18n
Security: 0998e79d-0055-11e3-905b-0025905a4771
In collaboration with: Jan Beich <jbeich@tormail.org>
Quoting the upstream's change log:
- Security fix: prevent a nefarious SSH server or network attacker from
crashing PuTTY at startup in three different ways by presenting a maliciously
constructed public key and signature.
- Security fix: PuTTY no longer retains the private half of users' keys in
memory by mistake after authenticating with them.
- Revamped the internal configuration storage system to remove all fixed
arbitrary limits on string lengths. In particular, there should now no longer
be an unreasonably small limit on the number of port forwardings PuTTY can
store.
- Port-forwarded TCP connections which close one direction before the other
should now be reliably supported, with EOF propagated independently in the
two directions. This also fixes some instances of port-forwarding data
corruption (if the corruption consisted of losing data from the very end of
the connection) and some instances of PuTTY failing to close when the session
is over (because it wrongly thought a forwarding channel was still active
when it was not).
- The terminal emulation now supports xterm's bracketed paste mode (allowing
aware applications to tell the difference between typed and pasted text, so
that e.g. editors need not apply inappropriate auto-indent).
- You can now choose to display bold text by both brightening the foreground
colour and changing the font, not just one or the other. - PuTTYgen will now
never generate a 2047-bit key when asked for 2048 (or more generally n−1 bits
when asked for n).
- Some updates to default settings: PuTTYgen now generates 2048-bit keys by
default (rather than 1024), and PuTTY defaults to UTF-8 encoding and 2000
lines of scrollback (rather than ISO 8859-1 and 200).
- Unix: PSCP and PSFTP now preserve the Unix file permissions, on copies in
both directions.
- Unix: dead keys and compose-character sequences are now supported.
- Unix: PuTTY and pterm now permit font fallback (where glyphs not present in
your selected font are automatically filled in from other fonts on the
system) even if you are using a server-side X11 font rather than a Pango
client-side one.
- Bug fixes too numerous to list, mostly resulting from running the code
through Coverity Scan which spotted an assortment of memory and resource
leaks, logic errors, and crashes in various circumstances.
Security: 4b448a96-ff73-11e2-b28d-080027ef73ec
Security: CVE-2013-4206
Security: CVE-2013-4207
Security: CVE-2013-4208
Security: CVE-2013-4852
per port extra changes:
devel/p5-Perl-Version remove outage PERL_LEVEL check
devel/p5-Devel-LeakTrace-Fast remove perl version requiment 5.12.0- (no need in current version)
Approved by: lth@ (maintainer)
was done for security/tor-devel in r322977; remove some problematic mirrors;
update Makefile idioms (gmake, LIB_DEPENDS, etc.); attempt to remove leftovers
in /var during deinstallation [1]
Reported by: miwi [1]
- some small Makefile cleanups
- add vuxml entry
Vulnerability Types: Cross-Site Scripting, Remote Code Execution
Overall Severity: Critical
Vulnerable subcomponent: Third Party Libraries used for audio and video playback
Affected Versions: All versions from 4.5.0 up to the development branch of 6.2
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Vulnerable subcomponent: Backend File Upload / File Abstraction Layer
Vulnerability Type: Remote Code Execution by arbitrary file creation
Affected Versions: All versions from 6.0.0 up to the development branch of 6.2
Severity: Critical
PR: ports/180951
ports/180952
ports/180953
Submitted by: Helmut Ritter <freebsd-ports@charlieroot.de> (maintainer)
Security: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/
CVE-2011-3642
CVE-2013-1464
ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.5/phpMyAdmin-4.0.5-notes.html/download
SecurityAdvisory: http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php
- Deprecate databases/phpmyadmin35
This version is vulnerable to the 'clickjacking protection bypass'
problem fixed in 4.0.5, but the development team will not be
publishing a fix. "We have no solution for 3.5.x, due to the proposed
solution requiring JavaScript. We don't want to introduce a dependency
to JavaScript in the 3.5.x family."
Therefore deprecate this port and set expiry for one month. Please
upgrade to 4.0.5 instead.
Security: 17326fd5-fcfb-11e2-9bb9-6805ca0b3d42
below 3.2.2 was a match, including all 2.7.x versions. It also appears that
there is no puppet27 version, just puppet-2.7.x and puppet-3.2.x instead.
Bump modification date.
PR: 180958
Submitted by: Kan Sasaki <sasaki@fcc.ad.jp>
- Remove PORTEXAMPLES. pkg-plist was broken due to it[*].
- Add extra patches for EMULATOR option.
- Create /var/run/{tpm,ima} in rc.d/tcsd script.
Spotted by: antoine [*]
- bring in upstream fixes, including the fix for crash on 1st launch
- mark that it is not ready for python 3 yet
- no need to patch the shellbang, distutils do this already
