Commit graph

288044 commits

Author SHA1 Message Date
jperkin
b4b3d85494 gcc8: Add same SunOS mkostemp workaround as others. 2018-10-18 15:11:59 +00:00
taca
50f62d8135 doc: Updated devel/ruby-rugged to 0.27.5 2018-10-18 14:44:49 +00:00
taca
45861d6624 devel/ruby-rugged: update to 0.27.5
Catch up to libgit2 0.27.5.
2018-10-18 14:44:26 +00:00
taca
6ce8bcc1af doc: Updated devel/libgit2 to 0.27.5 2018-10-18 14:43:24 +00:00
taca
1885ba2f02 devel/libgit2: update to 0.27.5
libgit2 0.27.5 (2018/10/5)

This is a security release fixing the following list of issues:

* Submodule URLs and paths with a leading "-" are now ignored.  This is due to
  the recently discovered CVE-2018-17456, which can lead to arbitrary code
  execution in upstream git.  While libgit2 itself is not vulnerable, it can
  be used to inject options in an implementation which performs a recursive
  clone by executing an external command.

* When running repack while doing repo writes, packfile_load__cb() could see
  some temporary files in the directory that were bigger than the usual, and
  makes memcmp overflow on the p->pack_name string.  This issue was reported
  and fixed by bisho.

* The configuration file parser used unbounded recursion to parse multiline
  variables, which could lead to a stack overflow.  The issue was reported by
  the oss-fuzz project, issue 10048 and fixed by Nelson Elhage.

* The fix to the unbounded recursion introduced a memory leak in the config
  parser.  While this leak was never in a public release, the oss-fuzz project
  reported this as issue 10127.  The fix was implemented by Nelson Elhage and
  Patrick Steinhardt.

* When parsing "ok" packets received via the smart protocol, our parsing code
  did not correctly verify the bounds of the packets, which could result in a
  heap-buffer overflow.  The issue was reported by the oss-fuzz project, issue
  9749 and fixed by Patrick Steinhardt.

* The parsing code for the smart protocol has been tightened in general,
  fixing heap-buffer overflows when parsing the packet type as well as for
  "ACK" and "unpack" packets.  The issue was discovered and fixed by Patrick
  Steinhardt.

* Fixed potential integer overflows on platforms with 16 bit integers when
  parsing packets for the smart protocol.  The issue was discovered and fixed
  by Patrick Steinhardt.

* Fixed potential NULL pointer dereference when parsing configuration files
  which have "include.path" or "includeIf..path" statements without a value.
2018-10-18 14:43:01 +00:00
taca
66c2d9b60a doc: Updated www/drupal8 to 8.6.2 2018-10-18 14:40:07 +00:00
taca
3688077f90 www/drupal8: update to 8.6.2
Release notes

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement:

* Drupal Core - Multiple vulnerabilities - SA-CORE-2018-006

No other fixes are included.

Sites on 8.5.x should update immediately to Drupal 8.5.8 instead, and plan to
update to the latest 8.6.x release before May 2019.

Important update information

Site update and module owners planning to update to this should take note of
the following important changes.

For site owners

* Previously, users who didn't have access to use any Content Moderation
  transitions were granted implicit access to update content provided the
  state of the content did not change. This access has been removed. Site
  owners should ensure that all content editor roles have access to
  appropriate transitions for moderated content types (including published to
  published where appropriate).

* There are no database updates in this release, but site owners will need to
  run update.php to ensure a cache clear.

* No changes have been made to the .htaccess, web.config, robots.txt or
  default settings.php files in this release, so upgrading custom versions of
  those files is not necessary.

For contributed and custom module developers

* \Drupal\Core\EventSubscriber\RedirectResponseSubscriber::sanitizeDestination()
  has been removed. If you have extended that class or are calling that
  method, you should review your implementation in line with the changes in
  the patch.

* An additional method has been added to
  StateTransitionValidationInterface. Implementations should review the new
  method and ensure compatibility with it.

* ModerationStateConstraintValidator now has two additional service
  dependencies. Subclasses will need to update their constructor to inject the
  new services.
2018-10-18 14:39:38 +00:00
jperkin
5d18c01c28 ruby-gherkin: ALTERNATIVES file needs newline at the end.
Without it the EOF handling in the INSTALL script broke.
2018-10-18 14:36:48 +00:00
taca
1661261530 doc: Updated www/drupal7 to 7.60 2018-10-18 14:33:15 +00:00
taca
6aada889ea www/drupal7: update to 7.60
Drupal 7.60, 2018-10-18
------------------------
- Fixed security issues. See SA-CORE-2018-006.
2018-10-18 14:32:48 +00:00
jperkin
ac0c602088 chicken: Set INSTALL_PROGRAM, fixes install on SunOS. 2018-10-18 14:32:43 +00:00
taca
c85d084e59 doc: Updated lang/ruby23-base to 2.3.8 2018-10-18 14:24:38 +00:00
taca
14de024045 lang/ruby23-base: update o 2.3.8
Ruby 2.3.8 Released

Ruby 2.3.8 has been released. This release includes several security
fixes. Please check the topics below for details.

* CVE-2018-16396: Tainted flags are not propagated in Array#pack and
  String#unpack with some directives

* CVE-2018-16395: OpenSSL::X509::Name equality check does not work
  correctly This release also includes a non-security fix to support
  Visual Studio 2014 with Windows 10 October 2018 Update for
  maintenance reasons.

Ruby 2.3 is now under the state of the security maintenance phase,
until the end of the March of 2019. After the date, maintenance of
Ruby 2.3 will be ended. We recommend you start planning migration to
newer versions of Ruby, such as 2.5 or 2.4.
2018-10-18 14:24:07 +00:00
taca
eb91ece0f1 doc: Updated lang/ruby25-base to 2.5.3 2018-10-18 14:22:10 +00:00
taca
77065d7d4a lang/ruby25-base: update to 2.5.3
Ruby 2.5.2 Released

Ruby 2.5.2 has been released.

This release includes some bug fixes and some security fixes.

* CVE-2018-16396: Tainted flags are not propagated in Array#pack and
  String#unpack with some directives

* CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
  There are also some bug fixes. See commit logs for more details.


Ruby 2.5.3 Released

Ruby 2.5.3 has been released.

There were some missing files in the release packages of 2.5.2 which are
necessary for building. See details in [Bug ].

This release is just for fixing the packaging issue. This release doesn’t
contain any additional bug fixes from 2.5.2.
2018-10-18 14:21:36 +00:00
taca
ab34d31e7e doc: Updated lang/ruby24-base to 2.4.5 2018-10-18 14:15:58 +00:00
taca
d2411f1f15 lang/ruby24-base: update to 2.4.5
Ruby 2.4.5 Released

Ruby 2.4.5 has been released.

This release includes about 40 bug fixes after the previous release, and also
includes several security fixes. Please check the topics below for details.

* CVE-2018-16396: Tainted flags are not propagated in Array#pack and
  String#unpack with some directives

* CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
  See the commit logs for details.
2018-10-18 14:15:12 +00:00
martin
6dda01fdc2 Fix ${WRKDIR} reference, hint from leot 2018-10-18 11:49:46 +00:00
leot
19440d34a3 doc: Updated print/cups-filters to 1.21.3 2018-10-18 10:50:15 +00:00
leot
6658d50191 cups-filters: Update print/cups-filters to 1.21.3
pkgsrc changes:
 - Add patches to avoid `%m' in printf(3) for code used as part of tests
 - Add support for tests. Please note that ATM, at least on NetBSD/amd64
   -current this is the result of the test suite:
      PASS: testdither
      FAIL: test_analyze
      FAIL: test_pdf
      FAIL: test_ps
      PASS: test_pdf1
      FAIL: test_pdf2
   The failure assert(3) needs further investigation (sorry!)

Changes:
1.21.3
------
 - foomatic-rip: Reset stdin after replacing the underlying file
   descriptor (Issue ).

1.21.2
------
 - cups-browsed: Fixed freeing of literal string caused by
   Coverity Scan issue fix (Debian bug ).
2018-10-18 10:49:44 +00:00
adam
6e07c76f50 Updated devel/py-autopep8, databases/py-alembic 2018-10-18 10:18:01 +00:00
adam
eb44f14e12 py-autopep8: updated to 1.4.1
version 1.4.1:
add W504 fixed method
add E402 fixed method
new feature: reading from .flake8 and $HOME/.pycodestyle file that using as autopep8's configuration, and add configuration section into README ()
add --exit-code command line option
case of if --exit-code option is False. this is default
return 1 when error occured
otherwise return 0 (command successful)
case of if --exit-code option is True
return 1 when error occured
return 2 when exists changes in files (command successful)
otherwise return 0 (command successful)
This option is valid for any operating mode such as --diff, --in-place, non option etc
fix bugs
2018-10-18 10:17:25 +00:00
adam
fa76550874 py-alembic: updated to 1.0.1
1.0.1:
Fixed an issue where revision descriptions were essentially being formatted twice. Any revision description that contained characters like %, writing output to stdout will fail because the call to config.print_stdout attempted to format any additional args passed to the function. This fix now only applies string formatting if any args are provided along with the output text.

Fixed issue where removed method union_update() was used when a customized MigrationScript instance included entries in the .imports data member, raising an AttributeError.
2018-10-18 10:15:18 +00:00
adam
c36877b4b4 Updated devel/py-hypothesis, devel/py-test 2018-10-18 10:11:47 +00:00
adam
2a1611c4fb py-test: updated to 3.9.1
pytest 3.9.1:
Features
- For test-suites containing test classes, the information about the subclassed module is now output only if a higher verbosity level is specified (at least “-vv”).

pytest 3.9.0:
Deprecations
- The following accesses have been documented as deprecated for years, but are now actually emitting deprecation warnings.
Access of Module, Function, Class, Instance, File and Item through Node instances. Now users will this warning:
usage of Function.Module is deprecated, please use pytest.Module instead
Users should just import pytest and access those objects using the pytest module.
request.cached_setup, this was the precursor of the setup/teardown mechanism available to fixtures. You can consult funcarg comparison section in the docs.
Using objects named "Class" as a way to customize the type of nodes that are collected in Collector subclasses has been deprecated. Users instead should use pytest_collect_make_item to customize node types during collection.
This issue should affect only advanced plugins who create new collection types, so if you see this warning message please contact the authors so they can change the code.
The warning that produces the message below has changed to RemovedInPytest4Warning:
getfuncargvalue is deprecated, use getfixturevalue
- Add a Deprecation warning for pytest.ensuretemp as it was deprecated since a while.

Features
- Improve usage errors messages by hiding internal details which can be distracting and noisy.
This has the side effect that some error conditions that previously raised generic errors (such as ValueError for unregistered marks) are now raising Failed exceptions.
- Improve the error displayed when a conftest.py file could not be imported.
In order to implement this, a new chain parameter was added to ExceptionInfo.getrepr to show or hide chained tracebacks in Python 3 (defaults to True).
- Add empty_parameter_set_mark=fail_at_collect ini option for raising an exception when parametrize collects an empty set.
- Log messages generated in the collection phase are shown when live-logging is enabled and/or when they are logged to a file.
- Introduce tmp_path as a fixture providing a Path object.
- Deprecation warnings are now shown even if you customize the warnings filters yourself. In the previous version any customization would override pytest’s filters and deprecation warnings would fall back to being hidden by default.
- Allow specification of timeout for Testdir.runpytest_subprocess() and Testdir.run().
- Add returncode argument to pytest.exit() to exit pytest with a specific return code.
- Reimplement pytest.deprecated_call using pytest.warns so it supports the match='...' keyword argument.
This has the side effect that pytest.deprecated_call now raises pytest.fail.Exception instead of AssertionError.
- Require setuptools>=30.3 and move most of the metadata to setup.cfg.

Bug Fixes
- Improve error message when test functions of unittest.TestCase subclasses use a parametrized fixture.
- request.fixturenames now correctly returns the name of fixtures created by request.getfixturevalue().
- Warning filters passed as command line options using -W now take precedence over filters defined in ini configuration files.
- Fix source reindenting by using textwrap.dedent directly.
- pytest.warn will capture previously-warned warnings in Python 2. Previously they were never raised.
- Resolve symbolic links for args.
This fixes running pytest tests/test_foo.py::test_bar, where tests is a symlink to project/app/tests: previously project/app/conftest.py would be ignored for fixtures then.
- Fix duplicate printing of internal errors when using --pdb.
- pathlib based tmpdir cleanup now correctly handles symlinks in the folder.
- Display the filename when encountering SyntaxWarning.

Improved Documentation
- Update usefixtures documentation to clarify that it can’t be used with fixture functions.
- Update fixture documentation to specify that a fixture can be invoked twice in the scope it’s defined for.
- According to unittest.rst, setUpModule and tearDownModule were not implemented, but it turns out they are. So updated the documentation for unittest.
- Add tempir testing example to CONTRIBUTING.rst guide
Trivial/Internal Changes
- The internal MarkerError exception has been removed.
- Port the implementation of tmpdir to pathlib.
- Exclude 0.00 second entries from --duration output unless -vv is passed on the command-line.
- Fixed formatting of string literals in internal tests.
2018-10-18 10:11:25 +00:00
adam
a3ef1c61a5 py-hypothesis: updated to 3.78.0
3.78.0:
This release has deprecated the generation of integers, floats and fractions when the conversion of the upper and/ or lower bound is not 100% exact, e.g. when an integer gets passed a bound that is not a whole number. (:issue:1625)

3.77.0:
This minor release adds functionality to :obj:~hypothesis.settings allowing it to be used as a decorator on :obj:~hypothesis.stateful.RuleBasedStateMachine and :obj:~hypothesis.stateful.GenericStateMachine.

3.76.1:
This patch fixes some warnings added by recent releases of :pypi:pydocstyle and :pypi:mypy.
2018-10-18 10:07:18 +00:00
maya
f45cdd7f63 doc: Updated net/vsftpd to 3.0.3nb1 2018-10-18 07:51:58 +00:00
maya
d0567a00ac vsftpd: adjust another path in man page.
While here, use SUBST_VARS instead of the equivalent thing with
SUBST_SED.

From hydrocat on netbsd-docs@
2018-10-18 07:51:40 +00:00
jperkin
49f90f26af glut: Requires zlib. 2018-10-17 18:03:48 +00:00
bsiegert
9908b1a388 gnucash-docs-3.3 2018-10-17 15:33:36 +00:00
bsiegert
0fa0f4aa06 Update gnucash-docs to 3.3.
Content updated for the 3.3 release of gnucash itself.
2018-10-17 15:32:53 +00:00
hauke
8d0f4771b8 This version is all 64 bit, remove the 32 bit leftovers. 2018-10-17 14:44:39 +00:00
hauke
18c37a3de5 Add conflict with earlier (wip) packages. 2018-10-17 14:32:09 +00:00
jperkin
a0e22f5554 girara: SunOS needs -D__EXTENSIONS__ 2018-10-17 14:10:29 +00:00
hauke
aa5d694aa2 doc: Added sysutils/tsm8 version 8.1.6.0 2018-10-17 14:01:03 +00:00
hauke
3bece92130 Add IBM Spectrum Protect (aka Tivoli Storage Manager) client. 2018-10-17 13:54:39 +00:00
leot
d1f113f1a0 doc: Updated lang/sbcl to 1.4.3nb1 2018-10-17 13:00:12 +00:00
leot
d40a688ae3 sbcl: Honor UNLIMIT_RESOURCES and address PaX problems
- Due custom do-{build,test,install} UNLIMIT_RESOURCES were not honored leading
  to:

      //slurp-ucd
       *** - No more room for LISP objects

  errors. Adjust these target to honor UNLIMIT_RESOURCES.
- sbcl does not work with PaX MPROTECT because mmap()s by OR'ing all
  PROT_{EXEC,READ,WRITE}. Unfortunately src/runtime/sbcl is also
  used as part of building needing also `${PAXCTL} +m' in the middle
  of the build.
  Introduce an SBCL_PAXCTL variable (by default `:') via
  patch-src_runtime_GNUmakefile that execute a program against src/runtime/sbcl
  and define it for platforms that have a paxctl tool.
  Mark bin/sbcl with NOT_PAX_MPROTECT_SAFE too.
- Refactor the environment variables injection logic in do-{build,test,install}
  to honor MAKE_ENV and INSTALL_ENV.
- Minor mostly cosmetic adjustments (use ${RM}, not rm)

Bump PKGREVISION
2018-10-17 12:59:49 +00:00
jperkin
dba7653756 bootstrap: Set PKGSRC_KEEP_BIN_PKGS=no during bootstrap.
This avoids errors when running from a read-only pkgsrc checkout as the
resulting packages cannot be written to the default PACKAGES directory.  The
binary packages aren't useful anyway, as they are often built with reduced
configuration options due to the limited bootstrap environment.

Fixes issue reported by Julien Savard and others.
2018-10-17 11:12:46 +00:00
jperkin
c408982161 glu: Requires zlib. 2018-10-17 10:04:31 +00:00
jperkin
7a6dd6788e zstd: Fix build on SunOS. Requires GNU grep. 2018-10-17 08:59:16 +00:00
jperkin
4a9a053f80 *: Replace custom tool setup with new ggrep. 2018-10-17 08:39:13 +00:00
jperkin
2aa8c6b07e mk: Add native GNU/BSD grep where they are known to exist. 2018-10-17 08:30:43 +00:00
jperkin
c61f061ba7 mk: Add support for a ggrep tool.
This is for when GNU features are required that aren't available in some
other greps, for example -o or --color.  If ggrep is requested then it
takes precedence over grep/egrep/fgrep and the GNU versions are used for
all three.

BSD grep aims for GNU compatibility so it is anticipated that it can be
used as a native tool to avoid a dependency on textproc/grep on platforms
that provide it.
2018-10-17 08:22:19 +00:00
maya
51fde78210 doc: Updated textproc/lowdown to 0.4.1 2018-10-17 07:02:06 +00:00
maya
c8fb20369e lowdown: update to 0.4.1. From Charlotte Koch.
Push diff implementation (from libdiff) directly into the code instead of using the external library. From a patch by Anton Lindqvist as suggested on the OpenBSD ports mailing lits. Thank you!

Significantly update the diffing algorithm. First, make some general fixes to the algorithm. Second, improve the "optimisations" phase by adding top-down analysis that matches un-matched, non-terminal adjacent children. This helps with text changes in text-only paragraphs. Third, add a SES (shortest edit script) computation for matched adjacent text nodes. Lastly, add the new diff function manpages.

Portability: don't use %F for date formatting. This doesn't work with some libc versions. Also some documentation readability improvements.

Strip leading white-space from metadata extracted using -X. Sync with newest oconfigure.

Document the metadata functionality in lowdown(5), thanks to Christina Sophonpanich (thanks!). Also sync with newest oconfigure.

Add a "diff" tool, lowdown-diff(1). This utility uses an algorithm adapted from Detecting Changes in XML Documents to compute the semantic difference between two parse trees. It is fully documented. While there, also add more inter-paragraph spacing to -Tms output, producing more elegant documents, and continue fleshing out lowdown(5). Also add some more metadata recognition in -s output for all modes (copyright, affiliation, etc.).

Re-wrote escape parser to -Tms and -Tman to respect roff special characters. Have e-mail autolinks respect the mailto: in pdfhref'd output, and have links with mailto: omit the schema in display just like in -Thtml. Make block-list-items render properly in -Tms and -Tman. Also introduce lowdown(5), a work-in-progress to document the Markdown formatting accepting by this system. The first were noted, and the last contributed in full, by Christina Sophonpanich — thanks!

Fixed compilation on Linux and Mac OS X by adding memrchr compatibility. Noted by Christina Sophonpanich — thanks!

Considerable clean-up of -Tms and -Tman, with the aim of much higher PDF output quality: proper nested list support, hyperlinks, PS/PDF TOC, and even some images (PS/EPS only—experimental!). Also, after some pointers on the groff mailing list, use the correct invocation for generating PDF output. Fix up footnote printing to use automatic -ms macros and registers, if applicable.

Also added support for the "affiliation" metadata keyword.

Added some CommonMark support, initially just escaped newlines, supported only when the commonmark input flag is specified. Removed the sphd input flag in favour of commonmark. Also fixed raw HTML block outputting and setext-style level-two headers.
2018-10-17 07:01:39 +00:00
maya
914f31fbec doc: Updated security/libssh to 0.76 2018-10-16 20:25:53 +00:00
maya
6bcb1cccb8 libssh: update to 0.7.6. security fix.
version 0.7.6 (released 2018-10-16)
  * Fixed CVE-2018-10933
  * Added support for OpenSSL 1.1
  * Added SHA256 support for ssh_get_publickey_hash()
  * Fixed config parsing
  * Fixed random memory corruption when importing pubkeys

version 0.7.5 (released 2017-04-13)
  * Fixed a memory allocation issue with buffers
  * Fixed PKI on Windows
  * Fixed some SSHv1 functions
  * Fixed config hostname expansion

version 0.7.4 (released 2017-02-03)
  * Added id_ed25519 to the default identity list
  * Fixed sftp EOF packet handling
  * Fixed ssh_send_banner() to confirm with RFC 4253
  * Fixed some memory leaks
2018-10-16 20:25:25 +00:00
leot
333d5948c4 doc: Updated devel/cmake to 3.12.3nb1 2018-10-16 16:37:54 +00:00
leot
1502f8f063 cmake: Use NetBSD curses(3) when possible
ccmake needs wsyncup(3) and since NetBSD 8.0 it is present on NetBSD.
Handle that via `USE_CURSES= wsyncup' and remove enforcements about
ncurses in CMakeLists.txt and Source/Checks/Curses/CMakeLists.txt.

Bump PKGREVISION
2018-10-16 16:37:21 +00:00