bsdforen-firefox-searchplugin : No longer works after forum software update
bsdgroup-firefox-searchplugin : bsdgroup.de no longer seems to exist
Submitted by: Stefan 'Steve' Tell <stefan.tell@crashmail.de>
Submitted by: (port author, via irc)
GCC 4.6.4 to GCC 4.7.3. This entails updating the lang/gcc port as
well as changing the default in Mk/bsd.default-versions.mk.
Part II, Bump PORTREVISIONs.
PR: 182136
Supported by: Christoph Moench-Tegeder <cmt@burggraben.net> (fixing many ports)
Tested by: bdrewery (two -exp runs)
deskutils/kdepim4:
- Add depedency on coreutils, kleopatra needs md5sum and sha1sum programs [1]
misc/kdehier4:
- add tests directory (r343428 commit to Templates/BSD.local.dist)
security/kwallet:
- moved to security/kwalletmanager (renamed upstream)
x11/kdelibs:
- remove workaround, which is not needed after global fix in
Mk/bsd.kde4.mk (r315373)
PR: ports/187259 [1]
Submitted by: Tobias Berner <tcberner@gmail.com>
Among changes:
- Switch KDE4_PREFIX to ${LOCALBASE}
- Remove now needless misc/kde4-shared-mime-info port
- Add stage support
- Remove ancient CONFLICTS (KDE 4.9 and less) and LATEST_LINK
- Squeeze MASTER_SITES/MASTER_SITE_SUBDIR
- Convert LIB_DEPENDS to new style
- Use options helpers
- Drop support for FreeBSD 7.x
- Remove Qt/KDE 3 related workarounds
- Remove local patches and use upstream version scheme for libraries
- sysutils/kdeadmin4, net/kdenetwork4, devel/kdesdk4,
and x11-clocks/kdetoys4 ports have been split.
- devel/kcachegrind is now a part of KDE SC [1]
- more logs in area51 repo...
New ports:
devel/kde-dev-scripts: KDE development scripts
devel/kde-dev-utils: KDE development utilities
games/klickety: Tetris themed solitaire
games/picmi: Single player logic-based puzzle game
textproc/libkomparediff2: Library to compare files and strings
The area51 repository features commits by Schaich Alonso, avilla, rakuco
and myself.
PR: ports/186491
Exp-run: by bdrewery
Approved by: beat (former maintainer) [1]
OPTIONS_DEFINE. This policy has been implemented only recently that's why we
have many ports violating this policy.
This patch adds the default options specified in the Porter's Handbook to
OPTIONS_DEFINE where they are being used. Ports maintained by
gnome@FreeBSD.org, kde@FreeBSD.org and x11@FreeBSD.org have been excluded.
Approved by: portmgr (bapt)
translations have been added (ca, da, el, en_GB, sl, pt_BR)
- Add stage support
- Update maintainer address
PR: based on ports/179681
Submitted by: RyoTa SimaMoto (maintainer)
- Require a new compiler to build Calligra.
- Make GTL really an option in Calligra.
- STAGEify.
- Use OPTIONS helpers.
- Set NO_ARCH for translation ports.
- Add translation port for Intelingua.
Calligra 2.7 release notes:
http://www.calligra.org/news/calligra-2-7-released
- Switched to automake 1.11.6, see CVE-2012-3386.
- #14669: Fixed extraction of CC from gmp.h.
- Fixed case of intermediate zero real or imaginary part in mpc_fma,
found by hydra with GMP_CHECK_RANDOMIZE=1346362345.
This is on top of the following changes from version 1.0
- Licence change towards LGPLv3+ for the code and GFDLv1.3+ (with no
invariant sections) for the documentation.
- 100% of all lines are covered by tests
- Renamed functions
. mpc_mul_2exp to mpc_mul_2ui
. mpc_div_2exp to mpc_div_2ui
- 0^0, which returned (NaN,NaN) previously, now returns (1,+0).
- Removed compatibility with K&R compilers, which was untestable due
to lack of such compilers.
- New functions
. mpc_log10
. mpc_mul_2si, mpc_div_2si
- Speed-ups
. mpc_fma
- Bug fixes
. mpc_div and mpc_norm now return a value indicating the effective
rounding direction, as the other functions.
. mpc_mul, mpc_sqr and mpc_norm now return correct results even if
there are over- or underflows during the computation.
. mpc_asin, mpc_proj, mpc_sqr: Wrong result when input variable has
infinite part and equals output variable is corrected.
. mpc_fr_sub: Wrong return value for imaginary part is corrected.
Convert to the new LIB_DEPENDS standard and remove hard-coded
.so versions from a couple of dependent ports.
Bump PORTREVISIONS of all dependent ports.
PR: 183141
Approved by: portmgr (bdrewery)
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.
* A CSRF vulnerability in attachment.cgi can lead to an attachment
being edited without the user consent.
* Several unfiltered parameters when editing flagtypes can lead to XSS.
* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
field values in tabular reports can lead to XSS.
All affected installations are encouraged to upgrade as soon as
possible.
[1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend
Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
CVE-2013-1733
CVE-2013-1734
CVE-2013-1742
CVE-2013-1743
Unfortunately, this also affects some ports using QT3 as a GUI toolkit.
Changes to infrastructure files:
- bsd.kde.mk : obsolete, remove
- bsd.qt.mk : note that a CONFLICTS_BUILD line can probably go after a while
- CHANGES : document the removals from bsd.port.mk
- KNOBS : remove KDE and QT (KDE4 and QT4 should be used instead)
- MOVED : add the removed ports
PR: ports/180745
Submitted by: rene
Approved by: portmgr (bapt)
Exp-run by: bapt
- Remove an entry from all plists that slipped under radar and made
packaging fail.
- Properly save the OPTIONS defined by the user in the l10n ports. [1]
Quoting bapt, master of all things ports:
That is because misc/kde4-l10n/files/bsd.l10n.mk is totally wrong it does
...
.include <bsd.port.pre.mk>
...
.include <bsd.port.options.mk>
...
.include <bsd.port.post.mk>
First the right order in that case should be:
...
.include <bsd.port.options.mk>
...
.include <bsd.port.pre.mk>
...
.include <bsd.port.post.mk>
Second in that case (kde) the pre.mk/post.mk can be removed just keeping
the options.mk and given that we now have the helpers options.mk can also
be removed.
The check for variables in OPTIONS_DEFINE is also useless (already done
by the framework) defining OPTIONS_DEFINE and OPTIONS_DEFAULT to some
empty values is also useless.
No PORTREVISION bump because the generated packages do not change regardless
of the changes/fixes in behavior here.
Reported by: avg [1]
Submitted by: bapt [1]
- Change pkgconfig:build to pkgconfig since it's the same and it's bad practice.
It accidentally slipped in during the original introduction
- Trim header
Proudly brought to you by the KDE on FreeBSD team. We're sorry to ship two
KDE updates in just a few days, but the work on 4.10.5 was very light
compared to 4.10.4 so it was ready much faster.
The release announcement can be found in [1].
[1] http://www.kde.org/announcements/announce-4.10.5.php
The biggest news for us on FreeBSD is that the Ruby bindings should work
with Ruby 1.9 now.
I will probably add a note to UPDATING later about this, but as avilla@
pointed out, the clang support we mentioned that was improved in 4.10.4
requires a rebuild of the ports that depend on kdelibs4. Most of them are
covered by this update, but those which are not part of the Software
Compilation need to be rebuilt manually to make sure the previous issues
(proper symbol visibility being the most annoying of them) are solved.
With commits from avilla@, makc@, rakuco@ and Schaich Alonso.
The upstream announcement can be found in [1].
[1] http://www.kde.org/announcements/announce-4.10.4.php
clang support should be more stable now, with clang being recognized by
kdelibs4 and being passed the correct flags to build other ports.
Additionally, all ports being committed have been verified to build with
-CURRENT's clang 3.3 on an amd64 tinderbox (special thanks go to swills@ for
providing it).
Work on the newly-released 4.10.5 will begin shortly.
- remove RUN_DEPENDS for (already expired) perl 5.10
- update german/bugzilla42
- set expiration date for bugzilla3
The following important fixes/changes have been made in this release:
o MySQL 5.6 is now supported. (Bug 852560)
o A regression introduced in Bugzilla 4.2.4 made Oracle crash when
installing Bugzilla for the first time. (Bug 858911)
o If a custom field depends on a product, component or classification,
the "mandatory" bit was ignored on bug creation. (Bug 782210)
o Queries involving flags were broken in several ways.
These queries have been fixed. (Bug 828344)
o Tabular reports involving the empty resolution did not link bug
counts correctly. (Bug 212471)
o The Bug.search WebService method was returning all visible bugs
when called with no arguments, ignoring the max_search_results
and search_allow_no_criteria parameters. (Bug 859118)
Release Notes:
http://www.bugzilla.org/releases/4.2.6/release-notes.html
* Japanese translation is stuck at 2.5.5;
* Southern Catalan translation is now up to date;
* Bosnian, Slovenian and Turkish translations were added.
This update brings several new features and the new Calligra Author;
for a full list, please read 2.6 release notes:
http://www.calligra.org/news/calligra-2-6-released
- kdegames4 port has been split.
- kdeutils4-printer-applet and system-config-printer-kde have been
replaced by print/kde4-print-manager.
- Recover misc/kde4-l10n-mr from attic.
- New USE_KDE4 components: kactivities, libkdegames, nepomuk-core,
and nepomuk-widgets.
- Provide sharedmime component with magic: ports don't need to
run update-mime-database themselves now.
- Switch some ports to out-of-source build.
- Update port comments.
- Adjust dependence on Qt4 components.
- x11/kde4 installs modern kdepim4 now.
- Remove redundant aspell and hspell from kdelibs4, both
can be enabled in textproc/enchant if needed.
- Remove stale bits from bsd.kde4.mk
The area51 repository features commits by Schaich Alonso and myself.
Contributors:
- Tobias Berner
- kdebindings ports have been renamed to match upstream.
- kdemultimedia and kdenetwork have been split.
- New port games/pairs added.
- Trim Makefile header
- Convert to new option framework
- New USE_KDE4 components: libkcddb, libkcompactdisc
- Update:
databases/akonadi to 1.9.0
devel/grantlee to 0.3.0
textproc/rasqal to 0.9.30
textproc/redland-bindings to 1.0.16.1
textproc/soprano to 2.9.0
x11-toolkits/attica to 0.4.1
The area51 repository features commits by Schaich Alonso, avilla, dbn,
jhale, makc and rakuco.
Contributors:
- Oleg Sidorkin
- Tobias Berner
- Kurt Jaeger
was released in 2007 and KDE 3.5.10 in 2008 and both are no longer
maintained upstream nor in our tree.
- Set EXPIRATION_DATE to 2013-07-01
Discussed with: bapt, tabthorpe
2012-11-26 irc/tr-ircd: No more public distfiles
2012-11-26 lang/imp-interpreter: No more public distfiles
2012-11-26 games/xquarto: No more public distfiles
2012-11-26 games/six: No more public distfiles
2012-11-26 finance/gfp: No more public distfiles
2012-11-26 games/44bsd-hunt: No more public distfiles
2012-11-26 graphics/ale: No more public distfiles
2012-11-26 german/digibux: No more public distfiles
2012-11-26 java/eclipse-clay-core: No more public distfiles
2012-11-26 games/xbloody: No more public distfiles
2012-11-26 dns/sqldjbdns: No more public distfiles
Feature safe: yes
This release contains a number of important bug fixes to 2.5.1 and we
recommend everybody to update as soon as possible. An overview of the
most important fixes can be found in the release notes:
http://www.calligra.org/news/calligra-2-5-2-released
- Remove header from Makefiles.
This release contains a number of important bug fixes to 2.5.0 and we
recommend everybody to update. Release notes can be found in the
official announcement:
http://www.calligra.org/news/calligra-2-5-1-released
coming to the ports tree after a short testing period which showed it
to be quite stable.
For the productivity part of the suite (word processor, spreadsheet,
and presentation program) the target user of version 2.5 is still the
student or academic user. This version has a number of new features
that will make it more suitable for these users.
The artistic applications of the Calligra Suite are the most mature
ones and are already used by professional users everywhere.
As usual, detailed release notes can be found in the official
announcement:
http://www.calligra.org/news/calligra-2-5-released
Meanwhile, new translations were added:
- editors/calligra-l10n-gl (Gallegan)
- Use system mdds.
- Fix build with the recent Clang (CURRENT).
- Enable visibility for recent Clang (9.1 and CURRENT).
- Attempt to fix build on 7.x and 8.x (not tested).
- patch language templates so they match current bugzilla version.
Patches are seen as workaround until official Version is released.
Fix for bugzilla42 contains security updates.
- switch and force compiler to clang using the one from base on 9 and CURRENT, the one
from ports if not found in base
- now only build en_US version, all localisation are available through separated
ports.
- Graphite smart font is now used by default
- Rebundle boost to easier upgrading boost
- Rebundle mdds the one from the ports seems incompatible with clang
- Unbundle all the fonts
Thank you to jgh and Kuan-Chung Chiu <buganini@gmail.com> for testings and
feedback
Thank you to iXsystems for providing resources to build/test libreoffice
Vulnerability Details
=====================
Class: Cross-Site Request Forgery
Versions: 4.0.2 to 4.0.4, 4.1.1 to 4.2rc2
Fixed In: 4.0.5, 4.2
Description: Due to a lack of validation of the enctype form
attribute when making POST requests to xmlrpc.cgi,
a possible CSRF vulnerability was discovered. If a user
visits an HTML page with some malicious HTML code in it,
an attacker could make changes to a remote Bugzilla installation
on behalf of the victim's account by using the XML-RPC API
on a site running mod_perl. Sites running under mod_cgi
are not affected. Also the user would have had to be
already logged in to the target site for the vulnerability
to work.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=725663
CVE Number: CVE-2012-0453
Approved by: skv (implicit)
This is an incremental update and should be much easier to handle than
the transition from 4.6.5 to 4.7.2 in the ports tree.
The official release notes can be found at
http://www.kde.org/announcements/announce-4.7.3.php.
Approved by: avilla (mentor), makc (mentor), portmgr (miwi)
Feature safe: yes
had both lines:
Author: ...
WWW: ....
So standardize on that, and move them to the end of the file when necessary.
Also fix some more whitespace, and remove more "signature tags" of varying
forms, like -- name, etc.
s/AUTHOR/Author/
A few other various formatting issues
- Name
em@i.l
or variations thereof. While I'm here also fix some whitespace and other
formatting errors, including moving WWW: to the last line in the file.
4.7.2. The official release notes can be found at:
http://kde.org/announcements/announce-4.7.2.php
This release ships with many improvements. Read more about them here:
http://FreeBSD.kde.org/news.php#itemKDESC472availableinports
We'd like to say thanks to all testers and contributors, especially to
lwhsu@ for his effort on hosting our test packages.
PR: 156293 [1]
159219 [2]
160164 [3]
Submitted by: Oleg Sidorkin <osidorkin@gmail.com> [1]
Alvaro Castillo <gobledb@gmail.com> [2]
dkeav04@gmail.com [3]
Tested by: exp-run via pav
