dns/powerdns: update 4.3.0 -> 4.3.1
Improvements:
- EL8 pkgs: Build mysql backend against mariadb-connector-c-devel
- gpgsql: Reintroduce prepared statements
- gsqlite3backend: add missing indexes
- use real remote for supermaster createSlaveDomain()
- Optimize IXFR-to-AXFR fallback path
- Install bind SQL schema files as part of bindbackend
- Do not send out of zone lookups to the backends
Bug Fixes:
- Raise an exception on invalid hex content in unknown records.
- Handle the extra single-row result set of MySQL stored procedures
PR: 249560
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Security: CVE-2020-17482
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
Relnotes: https://doc.powerdns.com/authoritative/changelog/4.3.html#change-4.3.1
Approved by: ports-secteam (blanket)
x11/toolcits-pango: Actually apply security patch
Rename the patch that fixes CVE-2010-1010238 so that it is actually applied
when building pango.
Regenerate it using make makepatch
bump portrevision
Reported by: tobik
Security: 456375e1-cd09-11ea-9172-4c72b94353b5
Approved by: ports-secteam (implicit, security fix)
emulators/virtualbox-ose-kmod: Fix a pair of VM bugs
- Use vm_pager_allocate() to allocate OBJT_PHYS objects. This ensures
that they're initialized properly.
- Don't assume that user wiring will succeed.
This had been a team effort, with multiple independent reports,
a wide variety of experiments, and patches written by kib@
and refined by markj@.
I'm bumping PORTREVISION and aligning the revision of both kmod and
application; it's possible the application bump isn't actually
needed but let's make sure they both get rebuilt with this
important (because of changed kernel assumptions) fix.
PR: 249326
Submitted by: kib, markj
Reported by: adridg, Rainer Hurling
Reviewed by: adridg
Approved by: koobs (vbox)
Approved by: ports-secteam (fluffy)
misc/vxl: Fix build on i386
On i386 architectures projects that need SSE2 have to explicitly enable it using -msse2.
Also fix WWW.
Approved by: ports-secteam (fluffy)
graphics/vv: Update 1.4.0-377 -> 1.4.0-383
graphics/vv: Fix build on some systems by adding the workaround for the bug in science/InsightToolkit
Reported by: fallout
Approved by: ports-secteam (fluffy)
misc/openmvg: Fix build by adding liblz4
For some reason lz4 symbols were missing during build.
Reported by: fallout
Approved by: ports-secteam (fluffy)
misc/glow: Fix build on 13
Add the workaround for a bug in Glow that it uses the default C++ compiler when the supplied LLVM version is different.
Reported by: fallout
Approved by: ports-secteam (fluffy)
audio/beatslash-lv2: Fix build on some systems
Waf warning about duplicately-installed files somehow caused failure to find some files later.
This commit adds the patch to prevent duplicate file installation. This fixes the warning and hopefully fixes poudriere build.
I couldn't reproduce this failure in my poudriere.
Also:
* Strip binarires
* Fix WWW
Approved by: ports-secteam (fluffy)
mail/fetchmail: update to 6.4.12 (from 6.4.8)
(Note this isn't the usual MFH changelog as that doesn't make sense in this
particular case; head/ had some churn around a regression in 6.4.10 that
this MFH-of-two-changeset nicely skips over.)
Add: Romanian-language translation by Florentina Musat
Add: manual page now mentions that --sslfingerprint hash is of MD5 type.
Fix: README contained NEWS fragments (broken since c. 1 year/c. 6.4.2,
fixed in 6.4.12) instead of the actual contents.
Update: the > 2^31 "long long" local patch so it patches the right place of the
NEWS file.
PR: 248954
Approved by: Corey Halpin (maintainer)
PR: 249009
Approved by: Corey Halpin (maintainer)
Approved by: ports-secteam@ (fluffy@)
Upgrade to v1.38.1.
Release notes at <https://github.com/libuv/libuv/releases/tag/v1.38.1>.
devel/libuv: Update 1.38.1 -> 1.39.0
Release notes at <https://github.com/libuv/libuv/releases/tag/v1.39.0>.
While here, take maintainership after an offer by thierry@, since this
is an important dependency for the Node.js ports.
Approved by: thierry (maintainer)
Sponsored by: Miles AS
Approved by: ports-secteam (fluffy)
misc/mnn: Fix build on 13 by unbundling Flatbuffers
The bundled Flatbuffers was failing to build on 13 for some reason.
Reported by: fallout
Approved by: ports-secteam (joneum)
graphics/xournalpp: Update 1.0.18 -> 1.0.18.20200819; Fix build failure on 13-CURRENT with clang-11
Failure on 13: error: cannot initialize return object of type 'bool' with an rvalue of type 'nullptr_t'
Reported by: fallout
Approved by: ports-secteam (fluffy)
audio/stegosaurus-lv2: Fix build on 13-CURRENT with clang-11
Symbol was defined in the header and included mutiple times.
Reported by: fallout
Approved by: ports-secteam (fluffy)
audio/playumidi: update to version 0.8.3
This fixes the build on CURRENT after importing LLVM 11.
PR: 248848
Submitted by: Koine Yuusuke (maintainer)
Event: September 2020 Bugathon
Approved by: ports-secteam (fluffy)
net/aslookup: unexpire by updating to 0.13d
- Various fixes are performed, by Chris, dinoex and myself.
- MASTER_SITES and WWW changed to a new home.
- AS queries are now ran against whois.epoch.net, the former server went
offline.
- Hand over maintainership to Chris
PR: 246187
Submitted by: Chris Hutchinson
Approved by: previous maintainer
Approved by: ports-secteam (fluffy)
Update from 1.0.7 to 1.0.9.
<Security note>
Please consider updating brotli to version 1.0.9 (latest).
Version 1.0.9 contains a fix to "integer overflow" problem. This
happens when "one-shot" decoding API is used (or input chunk for
streaming API is not limited), input size (chunk size) is larger
than 2GiB, and input contains uncompressed blocks. After the
overflow happens, `memcpy` is invoked with a gigantic `num`
value, that will likely cause the crash.
</Security note>
Approved by: ports-secteam (fluffy)
www/typo3-10: Update to 10.4.7
These versions are maintenance releases and contain bug fixes only.
For details about the releases, please see:
https://get.typo3.org/release-notes/10.4.7
PR: 249313
Submitted by: Helmut Ritter <freebsd-ports@charlieroot.de> (maintainer)
Approved by: ports-secteam (fluffy)
www/typo3-9: Update to 9.5.21
These versions are maintenance releases and contain bug fixes only.
For details about the releases, please see:
https://get.typo3.org/release-notes/9.5.21
PR: 249314
Submitted by: Helmut Ritter <freebsd-ports@charlieroot.de> (maintainer)
MFC after: 2 weeks
Approved by: ports-secteam (fluffy)
www/firefox: fix tab crashing when not using pulseaudio
Submitted by: Ka Ho Ng
Approved by: ports-secteam blanket
Differential Revision: https://reviews.freebsd.org/D26303
net/enet: update to 1.3.16
From ChangeLog: https://github.com/lsalzman/enet/blob/master/ChangeLog
* fix bug in unreliable fragment queuing
* use single output queue for reliable and unreliable packets for saner
ordering
* revert experimental throttle changes that were less stable than prior
algorithm
Reported by: portscout
Approved by: ports-secteam (blanket, runtime fix)
lang/php74: Upgrade from 7.4.9 to 7.4.10
Changelog:
Core:
Fixed bug #79884 (PHP_CONFIG_FILE_PATH is meaningless).
Fixed bug #77932 (File extensions are case-sensitive).
Fixed bug #79806 (realpath() erroneously resolves link to link).
Fixed bug #79895 (PHP_CHECK_GCC_ARG does not allow flags with equal sign).
Fixed bug #79919 (Stack use-after-scope in define()).
Fixed bug #79934 (CRLF-only line in heredoc causes parsing error).
Fixed bug #79947 (Memory leak on invalid offset type in compound assignment).
COM:
Fixed bug #48585 (com_load_typelib holds reference, fails on second call).
Exif:
Fixed bug #75785 (Many errors from exif_read_data).
Gettext:
Fixed bug #70574 (Tests fail due to relying on Linux fallback behavior for gettext()).
LDAP:
Fixed memory leaks.
OPcache:
Fixed bug #73060 (php failed with error after temp folder cleaned up).
Fixed bug #79917 (File cache segfault with a static variable in inherited method).
PDO:
Fixed bug #64705 (errorInfo property of PDOException is null when PDO::__construct() fails).
Session:
Fixed bug #79724 (Return type does not match in ext/session/mod_mm.c).
Standard:
Fixed bug #79930 (array_merge_recursive() crashes when called with array with single reference).
Fixed bug #79944 (getmxrr always returns true on Alpine linux).
Fixed bug #79951 (Memory leak in str_replace of empty string).
XML:
Fixed bug #79922 (Crash after multiple calls to xml_parser_free()).
Sponsored by: Bounce Experts
Approved by: ports-secteam (joneum, implicit for PHP Updates)
lang/php73: Upgrade from 7.3.21 to 7.3.22
Changelog:
Core:
Fixed bug #79884 (PHP_CONFIG_FILE_PATH is meaningless).
Fixed bug #77932 (File extensions are case-sensitive).
Fixed bug #79806 (realpath() erroneously resolves link to link).
Fixed bug #79895 (PHP_CHECK_GCC_ARG does not allow flags with equal sign).
Fixed bug #79919 (Stack use-after-scope in define()).
Fixed bug #79934 (CRLF-only line in heredoc causes parsing error).
COM:
Fixed bug #48585 (com_load_typelib holds reference, fails on second call).
Exif:
Fixed bug #75785 (Many errors from exif_read_data).
Gettext:
Fixed bug #70574 (Tests fail due to relying on Linux fallback behavior for gettext()).
LDAP:
Fixed memory leaks.
OPcache:
Fixed bug #73060 (php failed with error after temp folder cleaned up).
PDO:
Fixed bug #64705 (errorInfo property of PDOException is null when PDO::__construct() fails).
Standard:
Fixed bug #79930 (array_merge_recursive() crashes when called with array with single reference).
Fixed bug #79944 (getmxrr always returns true on Alpine linux).
Fixed bug #79951 (Memory leak in str_replace of empty string).
XML:
Fixed bug #79922 (Crash after multiple calls to xml_parser_free()).
Sponsored by: Bounce Experts
Approved by: ports-secteam (joneum, implicit for PHP Updates)
net/mpd5: import r2272 from upstream
net/mpd5: improve logging in rare case of libpdel failure.
net/mpd5: remove required_files from startup script
net/mpd5: update to version 5.9
Approved by: ports-secteam
Security: CVE-2020-7465, CVE-2020-7466
converters/recode: fix info file, add LICENCE, quiet portlint/portclippy
This has been broken for almost 10 months, and again 3 months of silence
from the maintainer, so let me step in to just fix it for the nonce.
- Add LICENSE=GPLv2+
- Add USES=makeinfo to fix .info file in clean-room builds (poudriere) [1]
- Reshuffle a few lines to please portclippy and portlint
- Bump PORTREVISION to flush out the broken packages and force rebuild
- Add DISABLED example to strip library in order to also please
stage-qa with DEVELOPER=yes (would require maintainer approval),
in post-install (just remove @: and the comment line to enable).
PR: 241879 [1]
Submitted by: Victor Sudakov <vas@sibptus.ru> [1]
Approved by: portmgr@ (blanket, see next line)
Approved by: ports-secteam@ (blanket: add dependency to fix broken .info, add LICENSE, fix portlint/portclippy issues)
Approved by: portmgr (with hat)
gnupg: Update to 2.2.21
* gpg: Improve symmetric decryption speed by about 25%.
See commit 144b95cc9d.
* gpg: Support decryption of AEAD encrypted data packets.
* gpg: Add option --no-include-key-block. [#4856]
* gpg: Allow for extra padding in ECDH. [#4908]
* gpg: Only a single pinentry is shown for symmetric encryption if
the pinentry supports this. [#4971]
* gpg: Print a note if no keys are given to --delete-key. [#4959]
* gpg,gpgsm: The ridiculous passphrase quality bar is not anymore
shown. [#2103]
* gpgsm: Certificates without a CRL distribution point are now
considered valid without looking up a CRL. The new option
--enable-issuer-based-crl-check can be used to revert to the
former behaviour.
* gpgsm: Support rsaPSS signature verification. [#4538]
* gpgsm: Unless CRL checking is disabled lookup a missing issuer
certificate using the certificate's authorityInfoAccess. [#4898]
* gpgsm: Print the certificate's serial number also in decimal
notation.
* gpgsm: Fix possible NULL-deref in messages of --gen-key. [#4895]
* scd: Support the CardOS 5 based D-Trust Card 3.1.
* dirmngr: Allow http URLs with "LOOKUP --url".
* wkd: Take name of sendmail from configure. Fixes an OpenBSD
specific bug. [#4886]
Release-info: https://dev.gnupg.org/T4897
security/gnupg: Update to 2.2.22
Also, sort plist. The new gpgsplit binary is getting installed as
gpgsplit2 to avoid a conflict with security/gnupg1.
Noteworthy changes in version 2.2.22
====================================
* gpg: Change the default key algorithm to rsa3072.
* gpg: Add regular expression support for Trust Signatures on all
platforms. [#4843]
* gpg: Fix regression in 2.2.21 with non-default --passphrase-repeat
option. [#4991]
* gpg: Ignore --personal-digest-prefs for ECDSA keys. [#5021]
* gpgsm: Make rsaPSS a de-vs compliant scheme.
* gpgsm: Show also the SHA256 fingerprint in key listings.
* gpgsm: Do not require a default keyring for --gpgconf-list. [#4867]
* gpg-agent: Default to extended key format and record the creation
time of keys. Add new option --disable-extended-key-format.
* gpg-agent: Support the WAYLAND_DISPLAY envvar. [#5016]
* gpg-agent: Allow using --gpgconf-list even if HOME does not
exist. [#4866]
* gpg-agent: Make the Pinentry work even if the envvar TERM is set
to the empty string. [#4137]
* scdaemon: Add a workaround for Gnuk tokens <= 2.15 which wrongly
incremented the error counter when using the "verify" command of
"gpg --edit-key" with only the signature key being present.
* dirmngr: Better handle systems with disabled IPv6. [#4977]
* gpgpslit: Install tool. It was not installed in the past to avoid
conflicts with the version installed by GnuPG 1.4. [#5023]
(We're installing it as gpgsplit2 to avoid conflict with security/gnupg1)
* gpgtar: Handle Unicode file names on Windows correctly (requires
libgpg-error 1.39). [#4083]
* gpgtar: Make --files-from and --null work as documented. [#5027]
* Build the Windows installer with the new Ntbtls 0.2.0 so that TLS
connections succeed for servers demanding GCM.
Release-info: https://dev.gnupg.org/T5030
security/gnupg: Update to 2.2.23
Importing an OpenPGP key having a preference list for AEAD algorithms
will lead to an array overflow and thus often to a crash or other
undefined behaviour.
Importing an arbitrary key can often easily be triggered by an attacker
and thus triggering this bug. Exploiting the bug aside from crashes is
not trivial but likely possible for a dedicated attacker. The major
hurdle for an attacker is that only every second byte is under their
control with every first byte having a fixed value of 0x04.
Software distribution verification should not be affected by this bug
because such a system uses a curated list of keys.
Security: CVE-2020-25125
audio/bjumblr-lv2: fix build on GCC architectures
Require C++11 compiler because of -std=c++11.
Include climits in FileChooser.hpp because of INT64_MAX (GCC doesn't do that by default).
PR: 248134
Approved by: portmgr (blanket: build fix)
databases/mysql57-server: fix build on current (temporary fix)
- add temporary work around to use llvm from ports on recent currents
Approved by: ports-secteam (with hat)
fix build on current
- add temporary work around to use llvm from ports on recent currents
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (with hat)
deskutils/xfce4-generic-slider: fix build on GCC architectures
Use C11 compiler:
/usr/local/include/xfce4/libxfce4util/xfce-kiosk.h:37: error: redefinition of typedef 'XfceKiosk'
/usr/local/include/xfce4/libxfce4util/xfce-kiosk.h:35: error: previous declaration of 'XfceKiosk' was here
Approved by: portmgr (fix build blanket)
databases/grass7: fix build on 11i386
When I added the option for compiling with openmp, like other ports, I don't use compiler:openmp but directly the default compiler because it works just as well. However, on FreeBSD 11, grass only builds well with LLVM90.
While I'm here I added with-proj-[includes|libs] to be more thorough
Approved by: tcberner
Differential Revision: https://reviews.freebsd.org/D25712
Approved by: ports-secteam (joneum)
x11-clocks/wmbinclock: fix build in current
Another case of -fno-common issue.
While here, add a couple of missing xorg modules and remove a noop REINPLACE_CMD
PR: 249048
Submitted by: logix@foobar.franken.de
Approved by: ports-secteam (blanket, build fix, -fno-common)
security/snuffleupagus: update to 0.5.1, build fix
From ChangeLog: https://github.com/jvoisin/snuffleupagus/releases/tag/v0.5.1
* Add support for syslog
* Improve OSX support
* Improve marginally of php8+ compatibility
* Improve php7.4 compatibility
* Improve the default ruleset
* Improve the documentation
* Improve the gitlab CI
Includes build fix for -fno-common issue.
Pet linters.
PR: 248974
Submitted by: franco@opnsense.org (maintainer)
Approved by: ports-secteam (blanket, build fix, -fno-common)
devel/xboard: fix build in 13-current
Another case of -fno-common
This fixes the slave port devel/xboard-devel too.
While here, add missing USE_XORG modules.
PR: 248984
Reported by: kalten@gmx.at
Approved by: ports-secteam (blanket, build fix, -fno-common)
lang/libobjc2: Fix build in 11.3
We need -lm in order to use the ceilf function.
PR: 249046
Reported by: brad@facefault.org
Approved by: ports-secteam (blanket, runtime fix)
databases/mysqlwsrep57-server: fix build on powerpc64
Use the same fix that mysql57-server needs for building with GCC.
Approved by: portmgr (fix build blanket)
math/reduce: fix the build with LLVM 11
reduce started to fail with the default switch to -fno-common in LLVM 11
(and GCC 10). This patch was written then confirmed to be the fix that
upstream also provided in late March.
Approved by: ports-secteam (implicit, -fno-common build fix)
emulators/simh-hp3000: fix the build with LLVM 11.
Similar to the patch for emulators/simh-hp2100, drop an -fcommon in to fix
the build in the face of GCC 10 / LLVM 11 switching the default to
-fno-common.
Minor cleanup while we're here, remove USES= compiler and just use ${CC} for
the compiler.
PR: 248872
Approved by: ports-secteam (implicit, -fno-common build fix)
games/megaglest: fix build with LLVM 11
The fallout here is due to the new -fno-common default in GCC 10 / LLVM 11.
PR: 248870
Obtained from: https://github.com/MegaGlest/megaglest-source/issues/197
Approved by: ports-secteam (-fno-common build fix)
emulators/simh-hp2100: fix the build with LLVM 11
This patch adds -fcommon to the build flags to fix the build with LLVM 11,
which now defaults to -fno-common.
PR: 248871
Approved by: ports-secteam (implicit, -fno-common build fix)
x11-wm/tvtwm: Fix build with LLVM 11
The fix for this is identical to that of x11-wm/piewm; remove the patch that
explicitly de-externs yylineno when it's explicitly defined in another
compilation unit (by flex).
PR: 248976
Approved by: ports-secteam (implicit, -fno-common build fix)
security/tpm2-tss: fix build on GCC architectures
Use newer GCC, base GCC can't build it:
src/tss2-sys/api/Tss2_Sys_AC_GetCapability.c:49: error: '_TSS2_SYS_CONTEXT_BLOB' has no member named 'decryptAllowed'
src/tss2-sys/api/Tss2_Sys_AC_GetCapability.c:50: error: '_TSS2_SYS_CONTEXT_BLOB' has no member named 'encryptAllowed'
src/tss2-sys/api/Tss2_Sys_AC_GetCapability.c:51: error: '_TSS2_SYS_CONTEXT_BLOB' has no member named 'authAllowed'
Approved by: portmgr (fix build blanket)
x11-wm/piewm: fix the build with LLVM 11
This patch de-extern'd yylineno to actually cause the build failure that
popped up with the new -fno-common default that debuted in LLVM 11 and GCC
10. Simply remove the patch to fix the build.
PR: 248859
Approved by: ports-secteam (implicit, -fno-common build fix)
net-mgmt/nfdump: fix build on GCC architectures and check-plist on others
Use C11 compiler:
In file included from nfcapd.c:69:
nfx.h:946: error: redefinition of typedef 'extension_map_t'
nfdump.h:64: error: previous declaration of 'extension_map_t' was here
In file included from nfcapd.c:70:
exporter.h:78: error: redefinition of typedef 'exporter_info_record_t'
nfdump.h:63: error: previous declaration of 'exporter_info_record_t' was here
Remove unconditional installation of nfpcapd, it breaks check-plist and there's an option for installing it.
Bump PORTREVISION for package change.
Approved by: portmgr (fix build blanket, packaging fix)
games/libretro-mame2003: fix build on GCC architectures
Define __BSD_VISIBLE if it's not defined to uncover u_int:
In file included from src/libretro-deps/libFLAC/cpu.c:83:
/usr/include/sys/sysctl.h:1101:25: error: unknown type name 'u_int'; did you mean 'int'?
1101 | int sysctl(const int *, u_int, void *, size_t *, const void *, size_t);
| ^~~~~
| int
Approved by: portmgr (fix build blanket)
sysutils/dsbmd: Update to 1.11
ChangeLog: https://freeshell.de/~mk/projects/dsbmd-relnotes.html
* A bug has been fixed where DSBMD exits with an error when the user tries to
mount a smartphone after a previously failed attempt.
* Command functions now run in a thread so that time-limit exceeding commands
executing an uninterruptible system call will not block the daemon.
PR: 248915
Submitted by: mk@nic-nac-project.org (maintainer)
Approved by: ports-secteam (blanket, runtime fix)
lang/php72: Update from 7.2.22 to 7.2.23
The last log entry is the same, because i accidently performed an update from
7.2.21 to 7.2.22. I ignored the update to 7.2.22 because for FreeBSD its a no-op.
But when 7.2.23 was released i only increased the version by one.
This time its the real update! :)
Changelog:
Core:
Fixed bug #79877 (getimagesize function silently truncates after a null byte) (cmb)
Phar:
Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)
Reported by: José García Juanino <jjuanino@gmail.com>
Sponsored by: Bounce Experts
Approved by: ports-secteam (joneum, implicit for PHP Updates)
games/libretro-mame2003_plus: fix build on GCC architectures
Define __BSD_VISIBLE if it's not defined to make u_int visible:
In file included from src/libretro-deps/libFLAC/cpu.c:83:
/usr/include/sys/sysctl.h:1101:25: error: unknown type name 'u_int'; did you mean 'int'?
1101 | int sysctl(const int *, u_int, void *, size_t *, const void *, size_t);
| ^~~~~
| int
Approved by: portmgr (fix build blanket)
x11-servers/xorg-server: Fix several security issues
Fix several security issues in x11-servers/xorg-server and slave ports which
ultimately can lead to local privilege escalations if xorg-server is running
privileged.
More info:
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
Security: ffa15b3b-e6f6-11ea-8cbf-54e1ad3d6335
Approved by: ports-secteam (implicit, security update)
x11/libX11: Update to 1.6.12
Update x11/libX11 to 1.6.12, which contains a fix for a double free
vulnerability.
The update also contains fixes already included in the FreeBSD libX11 port.
Announcement and changelog:
https://lists.x.org/archives/xorg-announce/2020-August/003057.html
Security: 8da79498-e6f6-11ea-8cbf-54e1ad3d6335
Approved by: ports-secteam (implicit, security update)
games/libretro-fbneo: fix build on powerpc*
Merge upstream patch to solve:
undefined reference to __mftb()
and use newer GCC to solve:
cc1: error: unrecognized command line option "-Wno-pedantic"cc1: error: unrecognized command line option "-Wno-pedantic"
Approved by: portmgr (fix build blanket)
security/bsmtrace: backport the -fno-common fix
This port is the older version of bsmtrace and should go away in due time,
but it's easy enough to backport the fix in the meantime. This version did
need an additional fix to log.{c,h} that was no longer needed in 3.x.
PR: 248756
Approved by: csjp (maintainer, also discussed with)
Approved by: ports-secteam (implicit, -fno-common build fix)
security/bsmtrace3: update to the 3.1 -fno-common build fix
The only changes between 3.0 and 3.1 are a change to the README to note work
sponsored by an organization, and the -fno-common build fix.
-fno-common is now the default in LLVM 11/GCC 10.
PR: 248756
Approved by: csjp (maintainer, also discussed with)
Approved by: ports-secteam (implicit, -fno-common build fix)
games/libretro-uae: fix build on powerpc*
ifdef powerpc needs to be added to prevent compiling code with bad assembly.
Approved by: portmgr (fix build blanket)
textproc/qr: fix build on GCC architectures
sqrt() is only defined since C99:
/tmp/ccn0UwwD.o:(.text+0x1cc): undefined reference to `sqrt'
Approved by: portmgr (fix build blanket)
grapics/drm-legacy-kmod: Deprecate
Deprecate graphics/drm-legacy-kmod. Update the drivers to include a
deprecation message when the drivers are loaded.
drm-legacy-kmod is holding back changes in the FreeBSD VM subsystem, and it
requires substantial changes to be updated to work with the VM changes.
See the e-mail to x11@FreeBSD.org for more information.
Approved by: ports-secteam (implicit, drm-drivers blanket)
sysutils/htop: Fix build with -fno-common
Fix the build of sysutils/htop with -fno-common, which is the default in
llvm 11 (and gcc 10)
PR: 248823
Submitted by: Yasuhiro KIMURA
Approved by: ports-secteam (joenum, implicit, -fno-common fixes)
security/gnupg1: Build with -fcommon
With llvm 11, builds are using -fno-common by default.
I've tried to fix gnupg1 to build with this, but it is qyite hard and
requires a lot of patches. In the meantime, upstream code has changed
significantly, and gnupg1 is old, so just switch it to use -fcommon instead,
to make it build.
Approved by: ports-secteam (joenum, implicit, -fno-common fixes)
net/bird2: Fix build with -fno-common
Fix the build of net/bird2 when compiled with -fno-common, which is the
default with llvm 11.
Approved by: ports-secteam (joenum, implicit, -fno-common fixes)
net/bird: Fix build with -fno-common
Fix the build of net/bird when compiled with -fno-common, which is the
default with llvm 11.
Approved by: ports-secteam (joenum, implicit, -fno-common fixes)
emulators/{citra,yuzu}: replace ALSA with OSS (a la r545611)
OSS is enabled if neither pulseaudio, jackit, sndio are installed.
Unlike www/firefox it's not yet possible to override cubeb backend.
Approved by: ports-secteam (joneum)
mail/mmh: fix build with -fno-common
mmh had just a minor build issue with -fno-common, fixed with a trivial
patch to extern the variable in question.
PR: 248812
Approved by: satanist+freebsd@bureaucracy.de (maintainer)
Approved by: ports-secteam (implicit: -fno-common build fix)
gecko: add native OSS support, replacing ALSA as fallback
OSS is always built but during runtime only selected by default if
neither pulseaudio, jackit or sndio are installed. In particular,
Gnome and KDE users would still be offered PulseAudio by default due
to integration with multi-app volume widgets, current song bars,
screensharing with audio, etc. that prefer to talk over DBus.
Those can opt out via media.cubeb.backend=oss in about:config.
Submitted by: Ka Ho Ng <khng300@gmail.com> (based on)
Approved by: ports-secteam blanket
multimedia/w_scan: schedule for removal on 2020-09-01, software is abandonded.
While here fix build by slapping -fcommon on it.
Approved by: ports-secteam (joneum)
www/node: build with python < 3.7
r535334 introduced a patch for tools/genv8constants.py that only worked
with Python >= 3.7. The "text" argument added to Python's
subprocess.Popen() is an alias for "universal_newlines", which works on
all versions of Python, including 2.7.
PR: 248167
Submitted by: James French <james@french.id.au>
Reported by: Miroslav Lachman <000.fbsd@quip.cz>
Sponsored by: Miles AS
Approved by: ports-secteam (joneum)
biology/paml: fix the build with LLVM 11
LLVM 11 switched from -fcommon to -fno-common by default. This revealed a
slight misposition of names in paml.h, which caused one symbol per enum
that's not used anywhere.
The fix just moves the names back so that the enums are named that, rather
than creating new unused symbols.
Reviewed by: zeising
Approved by: jrm (maintainer)
Approved by: ports-secteam (joneum)
dns/adns: Update to 1.6.0
Update dns/adns to 1.6.0.
This fixes several security issues in adns.
This fixes the build with -fno-common, which is the default with llvm 11.
PR: 248780
Approved by: pi@ (maintainer)
Security: 08de38d2-e2d0-11ea-9538-0c9d925bbbc0
Approved by: ports-secteam (joenum)
devel/ocl-icd: FIx build with -fno-common
Fix the build of devel/ocl-icd with -fno-common, which is the default with
llvm 11.
Approved by: ports-secteam (joenum)
security/ykpers: Fix build with -fno-common
Add a patch from upstream to fix the build with -fno-common, which is the
default with llvm 11.
Approved by: ports-secteam (joenum)
multimeida/libv4l: Fix build with -fno-common
Add a patch from upstream to fix the build of multimedia/libv4l with
-fno-common, which is the default with llvm 11.
PR: 248738
Reported by: dim
Approved by: ports-secteam (joenum)
print/texlive-base: Fix build with -fno-common
Fix the build of print/texlive-base when built with -fno-common, which is
the default with llvm 11.
Approved by: ports-secteam (joenum)
devel/binutils: fix build with -fno-common
Add a patch from upstream to fix the build of devel/binutils when compiled
with -fno-common, which is the default with llvm 11.
PR: 248701
Approved by: ports-secteam (joenum)
graphics/freeglut: fix for -fno-common
Fix the build of graphics/freeglut when built with -fno-common, which is the
default with llvm 11.
Approved by: ports-secteam (joenum)
graphics/argyllcms: Fix -fno-common build
Fix the build with -fno-common (default with llvm 11)
While here, remove a useless REINPLACE_CMD.
Approved by: ports-secteam (joenum)
net/rsync upgrade to 3.2.2
Major changes and bugfixes:
3.1.3 -> 3.2.0
* Avoid potential out-of-bounds read in daemon mode
* Fix defaul list list of skip-compress files for non-daemon transfers
* Fix xattr filter rules losing an 'x' attribute in a non-local transfer
* zlib fixes for CVE-2016-9843, CVE-2016-9842, CVE-2016-9841, and CVE-2016-9840
* Fixed a crash in the --iconv code
* Checksum enhancements, including the addition of xxhash
* The checksum preference order of the negotiation can be customized or forced
* Compression enhancements, including the addition of zstd and lz4 compression algorithms
* Added openssl & preliminary gnutls support to the rsync-ssl script
* Added the proxy protocol daemon parameter that allows your rsyncd to know the real remote
IP when it is setup behind a proxy
3.2.0 -> 3.2.1
* Fix potential issue with MD5 assembly-language code
* option --backup-dir=STR now implies --backup
3.2.1 -> 3.2.2
* Avoid a crash when a daemon module enables transfer logging without setting a log format value
Full release message: https://download.samba.org/pub/rsync/NEWS#3.2.2
Security: CVE-2016-9843 CVE-2016-9842 CVE-2016-9841 CVE-2016-9840
MFH after: 2 weeks
rsync: Unbreak fetch
rsync: Unbreak and fix depends
rsync now depends on stuff in LOCALBASE. Previously, clang only needed to know
about LOCALBASE if POPT or ICONV was enabled. When those options are off, xxhash
and zstd were not found by configure.
Also, a depend on libssl was missing, and there were some noop reinplaces.
With hat: portmgr
- Fix fetch
- Fix license and add LICENSE_FILE
- Add missing dependency on liblz4
- Whitespace fixes
- Switch to options helpers
Approved by: portmgr blanket
net/rsync upgrade to 3.2.3
major changes:
- Fix multiple bugs in xattr code.
- Restored the ability to use --bwlimit=0 to specify no bandwidth limit.
- Fix a bug when combining --delete-missing-args with --no-implied-dirs & -R where rsync might create the destination path of a missing arg.
- Fixed an issue where hard-linked devices could cause the rdev_major value to get out of sync between the sender and the receiver.
- Rsync now complains about a missing --temp-dir before starting any file transfers.
- A completely empty source arg is now a fatal error.
See full changelog: https://download.samba.org/pub/rsync/NEWS#3.2.3
Also, fix build issue with ACL option (patch is not required anymore)
PR: 248318 247795
Approved by: ports-secteam (joenum)
sysutils/openzfs-kmod: fix the build with a nonstandard SRC_BASE
ports that need FreeBSD's src code should check $SRC_BASE rather than assume
/usr/src. For example, it should be possible to build openzfs-kmod with a
command like this:
env SRC_BASE=$HOME/freebsd/base/head make
Approved by: ports-secteam (joneum)
lang/php74: Update from 7.4.8 to 7.4.9
Changelog:
Apache:
Fixed bug #79030 (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec).
COM:
Fixed bug #63208 (BSTR to PHP string conversion not binary safe).
Fixed bug #63527 (DCOM does not work with Username, Password parameter).
Core:
Fixed bug #79740 (serialize() and unserialize() methods can not be called statically).
Fixed bug #79783 (Segfault in php_str_replace_common).
Fixed bug #79778 (Assertion failure if dumping closure with unresolved static variable).
Fixed bug #79779 (Assertion failure when assigning property of string offset by reference).
Fixed bug #79792 (HT iterators not removed if empty array is destroyed).
Fixed bug #78598 (Changing array during undef index RW error segfaults).
Fixed bug #79784 (Use after free if changing array during undef var during array write fetch).
Fixed bug #79793 (Use after free if string used in undefined index warning is changed).
Fixed bug #79862 (Public non-static property in child should take priority over private static).
Fixed bug #79877 (getimagesize function silently truncates after a null byte) (cmb)
Fileinfo:
Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)).
FTP:
Fixed bug #55857 (ftp_size on large files).
Mbstring:
Fixed bug #79787 (mb_strimwidth does not trim string).
Phar:
Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)
Reflection:
Fixed bug #79487 (::getStaticProperties() ignores property modifications).
Fixed bug #69804 (::getStaticPropertyValue() throws on protected props).
Fixed bug #79820 (Use after free when type duplicated into ReflectionProperty gets resolved).
Standard:
Fixed bug #70362 (Can't copy() large 'data://' with open_basedir).
Fixed bug #78008 (dns_check_record() always return true on Alpine).
Fixed bug #79839 (array_walk() does not respect property types).
Sponsored by: Bounce Experts
Approved by: ports-secteam (joneum, implicit for PHP Updates)
www/chromium: Update to version 84.0.4147.135
Upstream changes:
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html
Approved by: cem
Differential Revision: https://reviews.freebsd.org/D26117
www/chromium: unbreak with libglvnd
[188/188] LINK gn
ERROR at //build/config/linux/pkg_config.gni:103:17: Script returned non-zero exit code.
pkgresult = exec_script(pkg_config_script, args, "value")
^----------
Package gbm was not found in the pkg-config search path.
Perhaps you should add the directory containing `gbm.pc'
to the PKG_CONFIG_PATH environment variable
Package 'gbm', required by 'virtual:world', not found
Could not run pkg-config.
See //third_party/minigbm/BUILD.gn:122:3: whence it was called.
pkg_config("libgbm") {
^---------------------
See //ui/gfx/linux/BUILD.gn:41:5: which caused the file to be included.
"//third_party/minigbm",
^----------------------
Approved by: ports-secteam (blanket: security and build fix)
lang/racket: fix build on non-x86
Even without JIT option available, FUTURES is enabled by default, breaking build. Make FUTURES also x86-only.
Approved by: portmgr (fix build blanket)
math/units: Add a default option READLINE to tuggle readline support
This makes sure the readline support is tuggled in the build time and not
affected by the libreadline installed or not during build/run time.
PR: 248631
Submitted by: ports-units@shalott.net
Approved by: jharris@widomaker.com (maintainer)
Approved by: portmgr (blanket: build, run, dependency fix)
science/simgrid: fix build on non-aarch64, non-x86
Add libunwind to LIB_DEPENDS only on aarch64, amd64 and i386. Port builds fine without it on powerpc64
Approved by: portmgr (fix build blanket)
devel/libunwind: Fix build with -fno-common
Fix the build of devel/libunwind with -fno-common (the default on FreeBSD
current after the llvm 11 update).
Add an upstream patch (pulling it from the official github mirror) to fix
the build woth -fno-common.
Approved by: ports-secteam (joenum)
security/trousers: fix security issues
Fix three security issues in security/trousers:
* CVE-2020-24332
If the tcsd daemon is started with root privileges,
the creation of the system.data file is prone to symlink attacks
* CVE-2020-24330
If the tcsd daemon is started with root privileges,
it fails to drop the root gid after it is no longer needed
* CVE-2020-24331
If the tcsd daemon is started with root privileges,
the tss user has read and write access to the /etc/tcsd.conf file
Add patches to fix potential use-after-free
Fix build with -fno-common
Security: e37a0a7b-e1a7-11ea-9538-0c9d925bbbc0
Approved by: ports-secteam (joenum)
x11-drivers/xf86-video-intel: Update snapshot
Update the snapshot of x11-driver/xf86-video-intel
- Fix build with -fno-common
- Fix MIT-SHM detection
- Drop SNA/UXA options in favor of xorg.conf(5)
- Add hyphen to output names for consistency with modesetting(4x)
- Add UDEV and XVMC options
- Add "make test" support
- Drop unused dependencies
- Switch to upstream versioning scheme
- Document all patches
- Simplify and deprecate _WITH_GETLINE
- Fix most style warnings
PR: 236003
Submitted by: jbiech
Approved by: ports-secteam (joenum)
x11-drivers/xf86-video-openchrome: fix -fno-common
Fix the build with -fno-common, which is the default with llvm 11.
Approved by: ports-secteam (joenum)
x11/drivers/xf86-video-amdgpu: Fix -fno-common
Pull in a patch from upstream to fix the build of xf86-video-amdgpu with
-fno-common, which is the default with llvm 11.
Approved by: ports-secteam (joenum)
graphics/mesa: Fix build with -fno-common
Pull in a bunch of upstream patches to graphics/mesa to fix build with
-fno-common, which is the default after the llvm 11 import.
Approved by: ports-secteam (joenum)
cad/iverilog: Fix build with -fno-common
Fix the build with -fno-common, which is the default in llvm 11 (and gcc10).
Approved by: ports-secteam (joenum)
shells/elvish: Update to 0.14.1
- pet portclippy while here
Changes: https://github.com/elves/elvish/releases/tag/v0.14.1
PR: 248700
Submitted by: Adam Jimerson <vendion@gmail.com> (maintainer)
Approved by: ports-secteam blanket (bugfix release)
audio/faustlive: fix build on GCC architectures
Don't explicitly add -L/usr/lib, it makes GCC from ports link against base libstdc++. Clang still links fine to base libraries.
Approved by: portmgr (fix build blanket)
math/cadical: fix build on GCC architectures
Use | instead of , in the sed command to workaround for -Wl,rpath in CXXFLAGS.
Approved by: portmgr (fix build blanket)
Update to 14.2.11
Release info:
We're happy to announce the availability of the eleventh release in the
Nautilus series. This release brings a number of bugfixes across all
major components of Ceph. We recommend that all Nautilus users upgrade
to this release.
Notable Changes
---------------
* RGW: The `radosgw-admin` sub-commands dealing with orphans --
`radosgw-admin orphans find`, `radosgw-admin orphans finish`,
`radosgw-admin orphans list-jobs` -- have been deprecated. They
have not been actively maintained and they store intermediate
results on the cluster, which could fill a nearly-full cluster.
They have been replaced by a tool, currently considered
experimental, `rgw-orphan-list`.
* Now when noscrub and/or nodeep-scrub flags are set globally or per pool,
scheduled scrubs of the type disabled will be aborted. All user initiated
scrubs are NOT interrupted.
* Fixed a ceph-osd crash in _committed_osd_maps when there is a failure to encode
the first incremental map. issue#46443: https://github.com/ceph/ceph/pull/46443
For the detailed changelog please refer to the blog entry at
https://ceph.io/releases/v14-2-11-nautilus-released/
PR: 248673
Submitted by: Willem Jan Withagen <wjw@digiware.nl>
Security: f20eb9a4-dfea-11ea-a9b8-9c5c8e84d621
Approved by: ports-secteam (joneum)
With these changes libX11 in 2020Q3 branch should be mostly up to date with
what's in the default ports tree branch.
This is needed because the amount of patches fixing various issues started to
pile up, and it was hard to merge the needed patches one by one.
x11/libX11: Update to 1.6.10
Update x11/libX11 to 1.6.10.
Changelog:
https://lists.x.org/archives/xorg-announce/2020-July/003052.html
PR: 248409
Submitted by: VVD
x11/libX11: Fix regression after security fixes
Add an upstream patch that fixes regressions after the last round of
security updates, and the update to 1.6.10.
This regression causes issues with emacs, at least.
Reported by: Kevin Oberman
x11/libX11: Update to 1.6.11
Update x11/libX11 to 1.6.11.
This is effectively a noop, since the only change between 1.6.10 and 1.6.11
has already been included in the port.
Bump the version anyway to keep things up to date.
x11/libX11: Fix regression with inputh methods
Add an upstream patch to fix regressions with input metods, where input
method clients can't connect to the input method server. [1]
While here, add a patch that removes register keywords and fixes compiles
against libX11 headers with C++17.
PR: 248549 [1]
Reported by: Atsuo Ohki
Approved by: ports-secteam (joenum)
science/code_saturne: fix build on GCC architectures
Use C++11 compiler:
cs_paramedmem_remapper.cxx:124: error: ISO C++ forbids initialization of member '_sphere_cen'
Define __XSI_VISIBLE to make gettimeofday() available.
Approved by: portmgr (fix build blanket)
security/libfido2: fix build on GCC architectures
Use newer compiler:
/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.4.0/src/fido.h:115: error: wrong number of arguments specified for '__deprecated__' attribute
Approved by: portmgr (fix build blanket)
graphics/ilmbase, graphics/openexr: security update to v2.5.3
ChangeLog:
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.3
"Patch release with various bug/security fixes and build/install fixes, plus a performance optimization:
* Various sanitizer/fuzz-identified issues related to handling of invalid input
* Fixes to misc compiler warnings [...]
* Read performance optimization (#782)
* Fix for building on non-glibc (#798)
* Fixes to tests"
The full name of shared libraries changed from *.25.0.1 to *.25.0.2
=> PORTREVISION bumps for all ports that use either ilmbase or openexr
coming up in separate commit to ease MFH.
All test builds of direct users succeeded on 12.1 amd64.
Bump PORTREVISION of all ports using ilmbase or openexr.
Security: b1d6b383-dd51-11ea-a688-7b12871ef3ad
Approved by: ports-secteam@ (joneum@)
games/homura: Switch back to wine-devel
This fixes internet problems in AdventureQuest3D, Origin and maybe in other
games too.
PR: 248539
Submitted by: Alexander Vereeken <Alexander88207@protonmail.com> (maintainer)
Approved by: ports-secteam (implicit)
misc/nn-insight: fix build with GCC and on head
Add missing includes. This fixes build on stable/12 for powerpc64 (with GCC) and on head with powerpc64. Looking at https://www.freshports.org/misc/nn-insight/, it seems currently doesn't build even on head/amd64, so those includes should fix it.
The original error that made me look into it was:
/wrkdirs/usr/ports/misc/nn-insight/work/nn-insight-1.0.5/tensor.h:18:75: error: 'std::shared_ptr' has not been declared
18 | bool readTensorDataAsJson(const char *fileName, const TensorShape &shape, std::shared_ptr<const float> &tensorData);
| ^~~
Approved by: portmgr (fix build blanket)
pkg delete tripwire results in an infinite loop due to it askking
whether to retain the tripwrie databse or not. The resolution is
to notify the user to manually remove the tripwrie database if it
is not longer needed. (Packaging bugfix.)
Approved by: portmgr (joneum)
x11-themes/qtcurve: Fix patch from r544732
===> Applying distribution patches for qtcurve-1.9.0
patch: **** can't cd to /wrkdirs/usr/ports/x11-themes/qtcurve/work/qtcurve-1.9: No such file or directory
===> FAILED Applying distribution patch ee2228ea2f18ac5da9b434ee6089381df815aa94.patch with -p1
*** Error code 1
Reported by: pkg-fallout
Approved by: ports-secteam (build fix blanket)
misc/xiphos: fix build on GCC architectures
Use C11 compiler:
/usr/local/include/unicode/localpointer.h:224: error: expected ';' before 'noexcept'
Also required is bumping GCC for misc/biblesync because of libstdc++ ABI error.
Approved by: portmgr (fix build blanket)
devel/libgudev: Update to 233
Update devel/libgudev to 233. [1]
Change to use MASTER_SITE_GNOME.
Disable umockdev since we don't have that in ports, and it's only used for
tests.
Fix COMMENT per portlint.
PR: 248565 [1]
Requested by: jbeich [1]
Approved by: ports-secteam (joenum)
x11-themes/qtcurve: fix build on GCC architectures
Merge upstream patch to fix build:
/wrkdirs/usr/ports/x11-themes/qtcurve-gtk2/work/qtcurve-1.9/.cmake_utils_base/cmake_c_macros/include_fix/qtcurve-utils/gtkprops.h: In member function 'constexpr GObject* QtCurve::GtkWidgetProps::Props::_SigConn_tabChildAdd_ObjGetter::operator()(QtCurve::GtkWidgetProps::Props::SigConn<QtCurve::GtkWidgetProps::Props::_SigConn_tabChildAdd_ObjGetter>*) const':
/wrkdirs/usr/ports/x11-themes/qtcurve-gtk2/work/qtcurve-1.9/.cmake_utils_base/cmake_c_macros/include_fix/qtcurve-utils/gtkprops.h:80:24: error: a reinterpret_cast is not a constant expression
80 | return (GObject*)qtcContainerOf(p, Props, name)->m_w; \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Approved by: portmgr (fix build blanket)
deskutils/ultralist: Update to 1.2
From ChangeLog: https://github.com/ultralist/ultralist/releases/1.2
* Tasks can now have a status. This adds a new dimension for how you
can organize your lists. Additionally, it allows for a kanban view when
using Ultralist Pro.
* Fix an input bug for next/last week.
PR: 248592
Submitted by: vulcan@wired.sh (maintainer)
Approved by: ports-secteam (blanket, bugfix release)
sysutils/auto-admin: Upgrade to 0.6.7 bugfix release
"date +%m" reports the month with a leading 0, which the shell interprets
as octal, causing auto-pkg-branch to fail in August and September.
This prevents auto-update-system from functioning properly with quarterly
snapshots.
Approved by: portmgr (blanket: bugfix)
net/xrdp: adjust configure arguments
Set --enable-pam-config=freebsd explicitly. If this is not given, PAM
configuration will be autodetected however it might be misdetected on some
environments. Quit relying on autodetection.
Force rebuild because built packages might include misconfigured pam files
as reported in the bugzilla issue..
PR: 248481
Reported by: Sascha Folie <sascha.folie@safo.at>
Sponsored by: HAW International
Approved by: portmgr blanket
devel/abseil: fix build on powerpc64
sys/sysctl.h needs to be included after sys/types.h.
For once_flag, threads.h needs to be included.
For call_once, absl/base/call_once.h needs to be included.
Approved by: portmgr (fix build blanket)
devel/py-grpcio: fix build on powerpc(64)
Some mingling with headers is required to build abseil properly.
BoringSSL doesn't support powerpc and powerpc64 at all, only powerpc64le (ppc64le) is supported, so use system OpenSSL. BoringSSL is used because ALPN support is required, but it was implemented back in OpenSSL 1.0.2, which even stable/11 branch has. There's no need to use external SSL library at all.
Bump PORTREVISION because of package change.
PR: 248550
Approved by: vanilla (maintainer)
Approved by: portmgr (fix build blanket)
Update to the latest Christos Zoulas commit on github (202000801).
Fixes 13-CURRENT build errors.
Additional change required to fixup pkg-plist was to move rc.d files
to their proper location.
Approved by: portmgr (joneum)
x11/dmenu: Get the latest bug fixes from upstream
Users are still reporting issues with the dmenu version 4.9. The patch we
have currently in the ports tree was meant to be a temporary fix as we
waited for a new dmenu release. A new release is not coming apparently,
so let's just get the latest patches from upstream.
Also, switch to a GitHub-hosted mirror of the dmenu repository
as it is painful to get artifacts from https://git.suckless.org/
without a Git client.
While here, replace REINPLACE_CMD with patches.
Reported by: Scott Robbins
Approved by: ports-secteam (joneum)
security/sssd: Fix pkg-plist to include PAC files
In PR 244778 this port was reported to fail during package. sssd_pac and others
were not generated by the build process. They were removed from the pkg-plist
and the issue closed (maintainer timed out).
Recently joerg@ reported sssd_pac should be included. It turns out,
files/patch-src_external_pac__responder.m4 needs to be updated whenever a
version bump of security/krb5 occurs[1]. This is kind of obscure since building
security/sssd with default options does not reproduce the problem (SMB=on is
needed).
[1] https://svnweb.freebsd.org/changeset/ports/526479
PR: 244778
Reported by: joerg@
Approved by: maintainer (timeout)
Approved by: ports-secteam@ (blanket, plist fix)
Include missing plugin scripts
Thanks to Frank Wall <fw@moov.de> for the patch.
PR: 248425
Submitted by: phedoreanu <phedoreanu@wearehackerone.com>
Approved by: ports-secteam (joneum)
Mark Broken on armv6
configuring additional dynamic modules
adding module in /wrkdirs/usr/ports/security/modsecurity3-nginx/work/ModSecurity-nginx-1.0.1
checking for ModSecurity library ... not found
checking for ModSecurity library in /usr/local/modsecurity ... not found
./configure: error: ngx_http_modsecurity_module requires the ModSecurity library.
===> Script "configure" failed unexpectedly.
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (with hat)
math/wxmaxima: fix build on GCC architectires
Use C++11 compiler:
CMake Error in src/CMakeLists.txt:
Target "wxmaxima" requires the language dialect "CXX11" (with compiler
extensions), but CMake does not know the compile flags to use to enable it.
Approved by: portmgr (fix build blanket)
games/py-mnemosyne: Take Maintainer'ship, fix runtime error and add missing dependencies
Latest version of games/py-mnemosyne requires new dependencies. This commit adds the missing dependencies:
- audio/py-gtts
- security/py-gtts-token (required by audio/py-gtts)
- textproc/py-googletrans
The games/py-mnemosyne port needs to be limited to Python 3.7+ to keep the dependency chains intact. This is because textproc/py-googletrans depends on www/py-httpx which is only for Python 3.7+.
PR: 247595
Submitted by: kai
Reported by: gspurki@gmail.com
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D25895
Approved by: ports-secteam (joneum)
multimedia/pHash: fix build on GCC architectures
Use newer GCC to link against libavcodec:
checking whether FFmpeg is present... checking for avcodec_decode_video2 in -lavcodec... no
Approved by: portmgr (fix build blanket)
Handle encoding properly
- Process README.rst using UTF-8
- Use ASCII character instead of UTF-8 in pkg-descr
- Bump PORTREVISION for package change
PR: 248295
Submitted by: John W. O'Brien <john@saltant.com>
Approved by: ports-secteam (blanket)
archivers/ark: security fix
KDE Project Security Advisory
=============================
Title: Ark: maliciously crafted archive can install files outside the extraction directory.
Risk Rating: Important
CVE: CVE-2020-16116
Versions: ark <= 20.04.3
Author: Elvis Angelaccio <elvis.angelaccio@kde.org>
Date: 30 July 2020
Overview
========
A maliciously crafted archive with "../" in the file paths
would install files anywhere in the user's home directory upon extraction.
Proof of concept
================
For testing, an example of malicious archive can be found at
https://github.com/jwilk/traversal-archives/releases/download/0/relative2.zip
Impact
======
Users can unwillingly install files like a modified .bashrc, or a malicious
script placed in ~/.config/autostart
Workaround
==========
Users should not use the 'Extract' context menu from the Dolphin file manager.
Before extracting a downloaded archive using the Ark GUI, users should inspect it
to make sure it doesn't contain entries with "../" in the file path.
Solution
========
Ark 20.08.0 prevents loading of malicious archives and shows a warning message
to the users.
Alternatively,
0df592524f
can be applied to previous releases.
Credits
=======
Thanks to Dominik Penner for finding and reporting this issue and thanks to
Elvis Angelaccio and Albert Astals Cid for fixing it.
Approved by: ports-secteam (blanket)
devel/libcjson: fix build on GCC architectures
Disable -Werror, along with other -W flags, that cause build to break with GCC (builds with Clang as well):
/wrkdirs/usr/ports/devel/libcjson/work/cJSON-1.7.13/cJSON.c:559:15: error: conversion from 'double' to 'float' may change value [-Werror=float-conversion]
Approved by: portmgr (fix build blanket)
net/freerdp: update to security/bugfix release 2.2.0
This update primarily fixes CVE-2020-15103. See the full changelog for
other bugfixes that were included:
https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0
PR: 248198
Submitted by: VVD <vvd unislabs com>
Security: a955cdb7-d089-11ea-8c6f-080027eedc6a
Approved by: ports-secteam (joneum)
net/rpki-client: Update to 6.7p1
Update net/rpki-client to 6.7p1
Changelog:
* Include OpenBSD 6.7 errata 015:
In rpki-client, incorrect use of EVP_PKEY_cmp allows an authentication bypass.
Approved by: ports-secteam (joenum)
security/zeek: Update to 3.0.8 and address various vulnerabilities:
https://github.com/zeek/zeek/releases/tag/v3.0.8
- Fix potential DNS analyzer stack overflow
- Fix potential NetbiosSSN analyzer stack overflow
Other fixes:
- Fix DHCP Client ID Option misformat for Hardware Type 0
- Fix/allow copying/cloning of opaque of Broker::Store
- Fix ConnPolling memory over-use
- Fix compress_path not normalizing some paths correctly
- Fix integer conversion error for Tag subtypes/enums
- Fix bro_prng() results not staying within modulus
- Prevent providing a 0 seed to bro_prng() since the LCG parameters
don't allow that
Reported by: Jon Siwek
Security: e333084c-9588-4eee-8bdc-323e02cb4fe0
Approved by: ports-secteam (joneum)
www/squid: Update to 4.12 among other changes
- Update to 4.12
- Remove upstreamed patches
- Enhance rc script (thanks to Walter von Entferndt for ideas!):
-- create piddir if missing (/var/run may be a tmpfs)
-- don't wait endlessly if squid can't create a pidfile
-- define squid_group
- address GREASEd (thanks to Joshua Kinard and Juraj Lutter!)
PR: 247397
Submitted by: Juraj Lutter <juraj@lutter.sk>
Reworked by: maintainer
Approved by: maintainer
Sponsored by: Rubicon Communications, LLC (Netgate)
Approved by: ports-secteam (joneum)
Update to 1.2.13
With this release, there are a number of CVE's that have been addressed. We would like to take this moment to thank those who have contributed to Cacti with special mention to: Mayfly277 ddb4github yingbaiibm DavidLiedke kim-fitness bmfmancini riversdev0 The Cacti Group are made up of volunteers where all help and contributions are appreciated. Thanks to GitHub's recent Sponsors program, you can now also contribute financially to the project by using the "Sponsors" button on the GitHub Cacti repository or when viisting https://github.com/sponsors/Cacti We hope that you enjoy this release and that in the current unsettling climate, you are all safe and well.
Changelog: https://www.cacti.net/release_notes.php?version=1.2.13
PR: 248139
Reported by: Michael Muenz <m.muenz@gmail.com> (maintainer)
Relnotes: cd2dc126-cfe4-11ea-9172-4c72b94353b5
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (with hat)
net/py-wsdd: Update to 0.6.1
0.6.1 fixes a critical bug pertaining to BSD, where the HTTP server in wsdd
would basically "do nothing" due to listen(2) being called _after_ kevent(2)
(and pending network socket I/O was therefore never processed). I was the
reporter and analyst of this bug: https://github.com/christgau/wsdd/issues/49
- Additionally: little change to rc.d script to properly stop the daemon.
PR: 247626
Submitted by: Hiroo Ono <hiroo.ono+freebsd@gmail.com> (maintainer)
Reported by: Jeremy Chadwick <jdc@koitsu.org>
Approved by: ports-secteam (blanket)
security/softether: increase SecureNAT sessions
to 20000 as well as security/softether5. The factory default is 4096.
Sponsored by: HAW International
Approved by: portmgr blanket (minor fix on leaf ports)
security/softether5: increase SecureNAT sessions
to 20000. The factory default is 4096.
Sponsored by: HAW International
Approved by: portmgr blanket (minor fix on leaf port)
www/iridium: update to 2020.04.81
PR: 245959
Submitted by: Matthias Wolf
Security: any Chromium vulnerability between 73 and 81
Approved by: ports-secteam (joneum)
multimedia/ffmpeg: revert r538687 after r541984/r542846
SVT patches no longer need to be applied in a specific order to enable
more than one SVT encoder.
PR: 248166
Submitted by: VVD <vvd@unislabs.com>
Approved by: ports-secteam (joneum)
SECURITY UPDATE: Buffer overflow
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
PR: 239563
Reported by: Miyashita Touka <imagin8r@protonmail.com>
Approved by: gnome (maintainer timeout)
Security: 456375e1-cd09-11ea-9172-4c72b94353b5
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (with hat)
Update to 1.2.0 and take Maintainership
- Fix a bug where uninitialized memory could be accessed when looking up
a path in a database.
- You may now set MMDB_ADDR to use that IP address rather than the
remote address when doing the lookup.
- Add new directive MaxMindDBNetworkEnv that allows setting an
environment variable containing the network associated with an IP
address.
- Add new directive MaxMindDBSetNotes. When set to On, Apache request
notes will be set in addition to environment variables.
Approved by: mmokhi (via private-eMail)
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (with hat)
sysutils/rovclock: fix build on aarch64, armv6, armv7, mips, mips64, powerpc64
Probably other architectures are also fixed but only those are marked broken.
machine/pio.h is necessary for outl().
PR: 248170
Approved by: portmgr (blanket: build fix (multiple archs))
Update 1.9.1 --> 1.9.2
Major changes between sudo 1.9.2 and 1.9.1
* The configure script now uses pkg-config to find the openssl
cflags and libs where possible.
* The contents of the log.json I/O log file is now documented in
the sudoers manual.
* The sudoers plugin now properly exports the sudoers_audit symbol
on systems where the compiler lacks symbol visibility controls.
This caused a regression in 1.9.1 where a successful sudo command
was not logged due to the missing audit plugin. Bug #931.
* Fixed a regression introduced in 1.9.1 that can result in crash
when there is a syntax error in the sudoers file. Bug #934.
PR: 248179
Submitted by: cy
Reported by: cy
Approved by: garga
Approved by: portmgr (joneum)
Obtained from: sudo-announce mailing list
devel/nasm: Update to 2.15.03
Update devel/nasm to 2.15.03
Add a patch to fix nasm's ELF_OSABI field when emitting object files [1]
Changelog:
https://nasm.us/doc/nasmdocc.html
PR: 245069 [1]
Submitted by: dim [1]
Reported by: unitrunker gmail com [1]
devel/nasm: Update to 2.15.03
Update devel/nasm to 2.15.03
Changelog:
https://nasm.us/doc/nasmdocc.html
Approved by: ports-secteam (joenum)
databases/rrdtool: Don't hardcode in start script
Upate the start script of the rrdtool component rrdcached to not hardcode
things like group, socket and pid.
These can now be overridden in /etc/rc.conf with rrdcached_group,
rrdcached_address and rrdcached_pid, respectively.
The defaults are still the same.
PR: 246122
Submitted by: Dries Michiels
Approved by: ports-secteam (joenum)
editors/emacs-devel: Update to 20200715 commit, 85eaa83
This is being merged to quarterly, because commit e98ddd6 from 20200701 is
sometimes dumping core when building on i386. While the underlying problem may
not yet be resolved, we (emacs@FreeBSD.org) have not observed any core dumps
with commit 85eaa83 from 20200715.
Approved by: portmgr (blanket)
x11-wm/spectrwm: fix build on GCC architectures
Switch to newer GCC to workaround -Werror:
/usr/local/include/xcb/xinput.h:3072: warning: this decimal constant is unsigned only in ISO C90
Adding -Wno-error doesn't fix it, it's still overwritten by -Werror.
Approved by: portmgr (fix build blanket)
cad/caneda: fix build on GCC architectures
Use C++11 compiler:
The compiler feature "cxx_decltype" is not known to CXX compiler
"GNU"
version 4.2.1.
Approved by: portmgr (fix build blanket)
Backport r540756 | gerald | 2020-06-29 from emulators/wine-devel:
Explicitly configure --without-usb. There does not appear to be a way
for the configure test to pass on FreeBSD right now (even with extra
ports available), so this simply makes this explicit and avoids a
warning from configure.
Approved by: portmgr (blanket: missing dependency)
audio/bharvestr-lv2: fix build on GCC architectures
Require C++11 compiler because of -std=c++11.
Include climits in FileChooser.hpp because of INT64_MAX (GCC doesn't do that by default).
PR: 248134
Approved by: portmgr (blanket: build fix)
math/cocoalib: fix build on GCC architectures
Use C++11 compiler:
/wrkdirs/usr/ports/math/cocoalib/work/CoCoALib-0.99710/include/CoCoA/TmpPBMill.H:263: error: 'nullptr' was not declared in this scope
Approved by: portmgr (fix build blanket)
graphics/dspdfviewer: fix build on GCC architectures
To build with Qt5, use C++11 compiler.
Hide Clang-only flags behind .if and add one for GCC.
Approved by: portmgr (fix build blanket)
desktop-installer: Upgrade to 0.6.17 bugfix release
MFH reason: Unbreak Gnome and Gnome-lite setup
A few other minor enhancements
Approved by: portmgr, blanket runtime fix
- Update VirtualBox ports to 5.2.44
- Adapt and regenerate patches
- Reduce differences in patch-src_VBox_Devices_PC_vbox-cpuhotplug.dsl [1]
Patch based on one provided by Mario Lobo <lobo@bsd.com.br>.
Many thanks to people who provided ideas and suggetions in the
PR and review.
PR: 244212
Submitted by: Nikita Stepanov <nikitastepan0v@bk.ru>
Reviewed by: kevans [1]
Tested by: lwshu
Approved by: ports-secteam (joneum)
Security: 1e7b316b-c6a8-11ea-a7d5-001999f8d30b
Differential Revision: https://reviews.freebsd.org/D25496
Approved by: ports-secteam (joneum, via bugzilla PR)
audio/audacity: fix build on non-x86
Disable MMX/SSE/SSE2 on non-x86.
Include cstring in allegro.h to make memcpy() available.
PR: 248076
Approved by: xxjack12xx@gmail.com (maintainer)
Approved by: portmgr (fix build blanket)
Import patch merged upstream to fix sporadic crashes caused by an
incorrect assertion in the cose.
PR: 247961
Submitted by: rozhuk.im@gmail.com
Approved by: ports-secteam (joneum)
Import patch merged upstream. Fixes an issue which causes processes
to not being removed from list sometimes.
PR: 247960
Submitted by: rozhuk.im@gmail.com
Approved by: ports-secteam (joneuom)
x11/swaylock: unbreak PAM locking
Since 1.5 it includes "login" service which doesn't ask for password
from user running Wayland session. Before pam_authenticate(3) failed
with PAM_AUTH_ERR due to missing permissions password database.
PR: 248053
Reported by: many
Submitted by: andrew|_|tao11.riddles.org.uk, jbeich
Tested by: ashish
Approved by: ports-secteam blanket
mail/rss2email3: Update to 3.11
* This update unbreaks the port at runtime by using the builtin
"html.unescape()" function (introduced in Python 3.4) instead of the
"html2text.unescape()" function from textproc/py-text2html which was
removed since the 2019.8.11 release.
* Submitter becomes maintainer because the previous maintainer seems to be
missing in action as there was no feedback over five months.
While I'm here:
* Switch manpages to the preferred share/man location.
* Remove no longer required CONFLICTS_INSTALL entry.
* Update the WWW field to point to the new upstream repository.
Changelog since 3.9:
https://github.com/rss2email/rss2email/blob/v3.11/CHANGELOG
PR: 243515
Submitted by: Corey Halpin <chalpin@cs.wisc.edu> (based on)
Reported by: Michael Bueker <m.bueker@berlin.de>
Approved by: maintainer timeout (5+ months)
Approved by: ports-secteam runtime fix blanket
sysutils/auto-admin: Upgrade to 0.6.6
MFH reason: Fix auto-check-ports-branch to prevent desktop-installer abort
Add auto-firewall-setup to enable basic IPFW config
Other minor bug fixes and enhancements
Approved by: ports-secteam
Mark BROKEN: fails to build
(cd /wrkdirs/usr/ports/games/burrtools/work/burrtools-0.6.3 && /bin/cat burricons.ico | winicontoppm -bestqual | pnmtopng -transparent=black > burricons.png)
winicontoppm: abnormal bit per pixel value 32
pnmtopng: Error reading first byte of what is expected to be a Netpbm magic number. Most often, this means your input file is empty
Reported by: pkg-fallout
- Import a patch from upstream to fix bug related to SSL
certificate verification in Profanity
PR: 247871
Approved by: arved (maintainer)
Approved by: portmgr (reliability fix blanket)
cad/ngspice_rework: fix build on GCC architectures
Use newer GCC:
dstring.o: In function `copy':
dstring.c:(.opd+0x240): multiple definition of `copy'
spice2poly/dlmain.o:dlmain.c:(.opd+0x6f0): first defined here
Approved by: portmgr (fix build blanket)
x11/xkeyboard-config: Add NLS option
Add NLS option to x11/xkeyboard-config. This was broken in the past, but is
fixed now.
PR: 243070 (based on)
Submitted by: Andrew Romanenko
Event: Julu 2020 bugathon
Approved by: ports-secteam (joenum)
security/py-certbot: Improve periodic script
This change will keep the default behavior in the periodic script
and will add options to customize each parameter for those who want to:
- weekly_certbot_pre_hook
- weekly_certbot_post_hook
- weekly_certbot_deploy_hook
- weekly_certbot_custom_args
PR: 245674, 245954
Reported by: amdmi3, fjoe
Reviewed by: koobs
Approved by: dbaio, koobs (python, maintainer)
Differential Revision: https://reviews.freebsd.org/D25391
Approved by: ports-secteam (joneum)
Update LibreOffice suite to 6.4.5 release
QT5 VCL fixes:
- Reduce startup flickering
- Always use cairo font renderer
Special thanks to: tijl
PR: 247444
Approved by: ports-secteam (joneum)
The garbd options are semicolon separated key value pairs.
The current rc.d script does not support multiple options(eg. "gmcast.listen_addr=tcp://0.0.0.0:5567;pc.weight=1")
The variable garb_galera_options need to be quoted in command line.
PR: 236795
Reported by: TAO ZHOU <zhoutao@laocius.org>
Approved by: devel@galeracluster.com (maintainer)
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (with hat)
The garbd options are semicolon separated key value pairs.
The current rc.d script does not support multiple options(eg. "gmcast.listen_addr=tcp://0.0.0.0:5567;pc.weight=1")
The variable garb_galera_options need to be quoted in command line.
PR: 236795
Reported by: TAO ZHOU <zhoutao@laocius.org>
Approved by: devel@galeracluster.com (maintainer)
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (with hat)
Add xmlwriter for USE_PHP: this fix a Problem with 2FA
PR: 247134
Reported by: epopen@gmail.com
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (with hat)
databases/mysql57-client: fix SIGSEGV due to static OpenSSL linking
As opposed to MySQL 8.0.x branch that switched to dynamic linking for OpenSSL libraries, MySQL 5.7.30 still statically links client applications with OpenSSL.
Meantime, OpenSSL supports dynamic loading of external engines like security/gost-engine. If such engine is configured to load in the openssl.cnf, mysql CLI application crashes at start with SIGSEGV early trying to initialize OpenSSL.
This loads dynamic engine library libgost.so that calls OpenSSL function using second (uninitialized) instance of OpenSSL leading to crash.
The problem is fixed with small backport from MySQL 8.0.x for cmake/ssl.cmake distribution file we already patching anyway.
https://github.com/openssl/openssl/issues/12368
PR: 247803
Reported by: eugen
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (with hat)
graphics/exiv2: fix build on ARM and PPC platforms
exiv2 added -fcf-protection, which is not supported on either ARM or PPC.
1ea63ccb34 fixes that but only for ARM.
Merge this commit and add modify it to also fix PPC. This is likely the wrong approach, since -fcf-protection seems to be available only on amd64, but this is the approach that upstream chose.
Approved by: portmgr (fix build blanket)
emulators/simh-hp2100: fix build on GCC architectures
GCC architectures don't have clang. Tested to build on both 12.1 with GCC and head with LLVM.
Approved by: portmgr (fix build blanket)
devel/dbus: update to 1.12.20
From upstreams changelog [1]:
dbus 1.12.20 (2020-07-02)
=========================
The “temporary nemesis” release.
Maybe security fixes:
• On Unix, avoid a use-after-free if two usernames have the same
numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used.
Like Unix filesystems, D-Bus' model of identity cannot distinguish
between users of different names with the same numeric uid, so this
configuration is not advisable on systems where D-Bus will be used.
Thanks to Daniel Onaca.
(dbus#305, dbus!166; Simon McVittie)
Other fixes:
• On Solaris and its derivatives, if a cmsg header is truncated, ensure
that we do not overrun the buffer used for fd-passing, even if the
kernel tells us to.
(dbus#304, dbus!165; Andy Fiddaman)
[1] https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS
PR: 247730
Exp-run by: antoine
Approved by: ports-secteam (joneum)
textproc/py-pikepdf: Update to 1.16.1
* Add JBIG2 option as support for extracting JBIG2 images was introduced
with the 1.16.0 release.
Changelog since 1.14.0:
https://github.com/pikepdf/pikepdf/blob/v1.16.1/docs/release_notes.rst
Approved by: ports-secteam bug/regression fix blanket
textproc/markdown: fix WWW
Give maintainership to Miguel Gocobachi <miguel@gocobachi.dev>
PR: 247499
Submitted by: Miguel Gocobachi <miguel@gocobachi.dev>
Approved by: ports-secteam (blanket)
math/clasp: fix build on GCC architectures
Use C++11 compiler:
CMake Error in app/CMakeLists.txt:
Target "clasp" requires the language dialect "CXX11" (with compiler
extensions), but CMake does not know the compile flags to use to enable it.
Approved by: portmgr (fix build blanket)
Update to 5.5.5
This Update fix CVE-2020-13160: AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
PR: 247406
Submitted by: Martin Filla <freebsd@sysctl.cz> (maintainer)
Security: 4344861a-be0b-11ea-9172-4c72b94353b5
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (with hat)
net-mgmt/nsca-ng: Update to 1.6
This is not broken anymore in 12 and 13
ChangeLog:
https://github.com/weiss/nsca-ng/blob/master/NEWS#changes-in-release-16-2019-03-19
Accumulated changes from 1.4:
* Work around TLSv1.3 PSK bug in (at least) OpenSSL 1.1.1b.
* Fix static linking against recent OpenSSL versions.
* Update our copy of libev from version 4.22 to version 4.25. The new release
provides a few platform compatibilty fixes and small enhancements.
* Apply a few minor improvements.
* Include an experimental NSCA-ng client module for Perl.
* Link against libsystemd instead of libsystemd-daemon when using systemd
version 210 or newer, where the latter library has been merged into the
former.
* Include the systemd.service(5) and systemd.socket(5) files with the release
tarball.
* Update our copy of libev from version 4.15 to version 4.22. The new release
provides a number of bug fixes and small enhancements.
While here, update WWW in pkg-descr
PR: 247145
Submitted by: knan-bfo@modirum.com
Reviewed by: pi, fernape
Approved by: alexander@sulfrian.net (maintainer, timeout > 1 month)
Differential Revision: https://reviews.freebsd.org/D25208
Approved by: ports-secteam (blanket, build fix)
net/rpki-client: Fix creaton of cache and db dir
Fix the creation of the cahce and db dir for rpki-client. When running the
build as root, the rpki-client build infra tries to change the owner of the
cache and db dir, which fails since the user isn't created until later.
Since we deal with special perimissions and owners/groups of files in
pkg-plist anyway, there is no need to try to change the owner/group from the
rpki-client build infra, so add a patch that just creates the directories
without changing ownership.
This fixes the build of rpki-client on the package cluster.
Approved by: ports-secteam (joenum)
Switch to the 2.0 API for locationforecast.
PR: 247644
Submitted by: Olivier Duchateau <duchateau.olivier@gmail.com>
Approved by: ports-secteam (joneum)
multimedia/libva-intel-driver: note which GPUs are not supported
Icelake (Gen11) is not supported. Cannonlake (Gen10) was discontinued,
so it's not clear.
Approved by: ports-secteam blanket
Mesa have two software rasterizer, the classic mesa dri one and
the gallium one.
The classic dri one is starting to be deprecated upstream (like all
dri drivers) so switch the arches that can build the gallium one to it.
Approved by: portmgr (bapt@)
devel/opencl: don't include altivec.h
altivec.h shouldn't be included directly by users. It's managed with -maltivec / -mno-altivec compiler switches.
Including it causes compiler errors when using clang.
Already upstreamed.
PR: 247396
Approved by: ohartman@zedat.fu-berlin.de (maintainer timeout)
Approved by: portmgr (fixes build of other ports)
graphics/xaos: update to 4.1
From ChangeLog: https://github.com/xaos-project/XaoS/releases/tag/release-4.1
New Features
* Added option to show Cartesian coordinate grid.
* Custom palette helps visualizing palette before applying changes through
slider selectable values now.
* PNGs exported using 'Save Image' option can be imported back and users can
continue zooming on it.
Bug Fixes
* Fixed crash on recording XaoS animations.
* Fixed crash on rendering using command line.
* Fix handling non-ASCII paths on Windows.
* Only error messages are shown on incorrect commands.
* Some other small bug fixes.
Reported by: portscout
Approved by: ports-secteam (blanket, runtime fix)
audio/audacity: Update to 2.4.2
- This should fix hangs on startup on FreeBSD 11.4
- Remove NYQUIST option since it is mandatory and disabling it does
not work
Changes: https://www.audacityteam.org/audacity-2-4-2-released/
PR: 247604
Submitted by: maintainer
Approved by: ports-secteam blanket
Update to 4.3.2
This update contains a security fix for CVE-2020-14196.
The issue is:
CVE-2020-14196: An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the restriction.
In the default configuration the API webserver is not enabled. Only installations using a non-default value for webserver and webserver-address are affected.
As usual, there were also other smaller enhancements and bugfixes. In particular, the 4.3.2 release contains fixes that allow long CNAME chains to resolve properly, where previously they could fail if qname minimization is enabled.
PR: 247707
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Security: 641cd669-bc37-11ea-babf-6805ca2fa271
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (with hat)
2020-07-02 10:22:06 +00:00
2329 changed files with 27430 additions and 14868 deletions
#INSTALLS_ICONS= yes # disabled because it causes: gtk-update-icon-cache: Failed to open file /usr/local/share/icons/hicolor/.icon-theme.cache : Permission denied