Fix the virtualenvwrapper_lazy.sh wrapper to invoke the Python
versions-specific virtualenvwrapper.sh script that the port/package was
built with, preventing the following error:
ERROR: virtualenvwrapper_lazy.sh: Could not find virtualenvwrapper.sh
While I'm here:
- Update pkg-descr WWW: URL to match setup.py:homepage
- Update COMMENT to match setup.py:summary
Approved by: portmgr (blanket: ports (python) compliance, run-time bugfix)
Approved by: ports-secteam (blanket: ports (python) compliance, run-time bugfix)
security/bro: Update to 3.0.3 and address a number of potential
denial of service issues:
https://github.com/zeek/zeek/releases/tag/v3.0.2https://github.com/zeek/zeek/releases/tag/v3.0.3
- Potential Denial of Service due to memory leak in DNS TSIG message
parsing.
- Potential Denial of Service due to memory leak (or assertion
when compiling with assertions enabled) when receiving a second
SSH KEX message after a first.
- Potential Denial of Service due to buffer read overflow and/or
memory leaks in Kerberos analyzer. The buffer read overflow
could occur when the Kerberos message indicates it contains an
IPv6 address, but does not send enough data to parse out a full
IPv6 address. A memory leak could occur when processing KRB_KDC_REQ
KRB_KDC_REP messages for message types that do not match a
known/expected type.
- Potential Denial of Service when sending many zero-length SSL/TLS
certificate data. Such messages underwent the full Zeek file
analysis treatment which is expensive (and meaninguless here)
compared to how cheaply one can "create" or otherwise indicate
many zero-length contained in an SSL message.
- Potential Denial of Service due to buffer read overflow in SMB
transaction data string handling. The length of strings being
parsed from SMB messages was trusted to be whatever the message
claimed instead of the actual length of data found in the message.
- Potential Denial of Service due to null pointer dereference in
FTP ADAT Base64 decoding.
- Potential Denial of Service due buffer read overflow in FTP
analyzer word/whitespace handling. This typically won't be a
problem in most default deployments of Zeek since the FTP analyzer
receives data from a ContentLine (NVT) support analyzer which
first null-terminates the buffer used for further FTP parsing.
Approved by: ler (mentor, implicit)
Security: 4ae135f7-85cd-4c32-ad94-358271b31f7f
Approved by: ports-secteam (joneum)
security/softether5: fix build on aarch64
Tested on Amazon EC2 A1 instances with FreeBSD/ARM 12 image[1].
Build on mips also should be fixed (not actually tested).
[1] https://aws.amazon.com/marketplace/pp/B081NF7BY7
Sponsored by: HAW International
Approved by: portmgr branket (fix build)
Merge ports r526348 (update to 136, bugfix release) which should have
been merged with ports r528329
PR: 244750
Approved by: ports-secteam (blanket: bugfix release, fix quarterly regression)
/dev/stdin is a non-portable non-POSIX extension having different
semantics on different operating systems. zininfo(1) exits with 9 when
/dev/stdin is supplied on FreeBSD. In fact, unzip(1) explicitly documents
that it does not support reading from stdin.
[1] https://lists.reproducible-builds.org/pipermail/diffoscope/2020-March/002632.html
PR: 244750
Submitted by: Michael Osipov <michael.osipov siemens com>
Approved by: ports-secteam (blanket: runtime bugfix)
This fix a Problem, when MySQL build with libressl
/var/ports/usr/ports/databases/mysql56-client/work/mysql-5.6.47/vio/viosslfactories.c:230:25: error: use of undeclared identifier 'SSL_OP_NO_TLSv1_3'
SSL_OP_NO_TLSv1_3 |
^
/var/ports/usr/ports/databases/mysql56-client/work/mysql-5.6.47/vio/viosslfactories.c:275:12: warning: implicit declaration of function 'SSL_CTX_set_ciphersuites' is invalid in C99 [-Wimplicit-function-declaration]
if (0 == SSL_CTX_set_ciphersuites(ssl_fd->ssl_context, ""))
Special thanks for his help to: fluffy
PR: 244320
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (joneum)
emulators/virtualbox-ose: use contemporary GCC instead of old llvm
The bug in PR 236616 resulted in virtualbox getting pinned to llvm7. This is
less than ideal, and in-fact has been broken by improvements to
machine/atomic.h
on x86 that require a more modern compiler.
Switch the build to USE_GCC= any. The patches that were previously applied
if COMPILER_TYPE == clang are actually needed by newer GCCs as well, so make
those
standard patches instead, folding the Config.kmk patches together.
We should put some effort into testing llvm10 and working out why llvm
breaks
it, but fixing the build is more important at the moment.
Q/A:
* portlint (pre-existing issues; none in current patch)
* testport (-CURRENT, amd64)
* run testing by madpilot@
PR: 244603
Approved by: koobs (mentor), bapt (mentor)
Approved by: portmgr (blanket: build fix)
Differential Revision: https://reviews.freebsd.org/D23967
Approved by: ports-secteam (blanket: build fix)
Update to upstream version 44.0.0
Details:
- Mostly bugfixes, see
https://mkvtoolnix.download/doc/NEWS.md
but also a helpful new feature:
- MKVToolNix GUI: header editor: the attachments can now
be reordered via drag & drop.
Approved by: ports-secteam (riggs)
graphics/drm-legacy-kmod: Update snapshot
Update the graphics/drm-legacy-kmod port to the latest snapshot, fixing the
build with llvm 10
Approved by: ports-secteam (implicit, drm-drivers blanket)
textproc/py-textfsm: Update to 1.1.1
This update resolves a package installation conflict with
textproc/py-texttable as both ports installs "texttable.py" into the same
place. [1]
Also while I'm here:
* Switch to GitHub for a while as no sdist tarballs are available at PyPi.
* Make the port concurrent safe because it installs scripts outside of the
site-lib directory.
* Remove the "testdata" directory to prevent possible package conflicts as
it's only required for the test suite.
* Add a "do-test" target to make future QA easier.
Changelog:
https://github.com/google/textfsm/releases/tag/v1.1.0https://github.com/google/textfsm/releases/tag/v1.1.1
PR: 244257
Reported by: John Hein <jcfyecrayz@liamekaens.com> [1]
Approved by: ports-secteam (joneum)
lang/rust-nightly: Unbreak with lld on 12.1/13.0 i386
= note: ld: error: relocation R_386_PC32 cannot be used against symbol __rust_probestack; recompile with -fPIC
>>> defined in /wrkdirs/usr/ports/lang/rust-nightly/work/rustc-nightly-src/build/i686-unknown-freebsd/stage1/lib/rustlib/i686-unknown-freebsd/lib/libcompiler_builtins-6570a75fe85f0e1a.rlib(compiler_builtins-6570a75fe85f0e1a.compiler_builtins.2i519eqi-cgu.15.rcgu.o)
>>> referenced by std.4xivr03c-cgu.14
>>> std-9bd70afd58e204b7.std.4xivr03c-cgu.14.rcgu.o:(_$LT$alloc..boxed..Box$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$A$GT$$GT$::call_once::h1c78ed6e734a2bfc (.llvm.10122419023709863394)) in archive /wrkdirs/usr/ports/lang/rust-nightly/work/rustc-nightly-src/build/i686-unknown-freebsd/stage1/lib/rustlib/i686-unknown-freebsd/lib/libstd-9bd70afd58e204b7.rlib
ld: error: relocation R_386_PC32 cannot be used against symbol __rust_probestack; recompile with -fPIC
>>> defined in /wrkdirs/usr/ports/lang/rust-nightly/work/rustc-nightly-src/build/i686-unknown-freebsd/stage1/lib/rustlib/i686-unknown-freebsd/lib/libcompiler_builtins-6570a75fe85f0e1a.rlib(compiler_builtins-6570a75fe85f0e1a.compiler_builtins.2i519eqi-cgu.15.rcgu.o)
>>> referenced by std.4xivr03c-cgu.14
>>> std-9bd70afd58e204b7.std.4xivr03c-cgu.14.rcgu.o:(std::io::util::copy::h9115f048f2203467) in archive /wrkdirs/usr/ports/lang/rust-nightly/work/rustc-nightly-src/build/i686-unknown-freebsd/stage1/lib/rustlib/i686-unknown-freebsd/lib/libstd-9bd70afd58e204b7.rlib
clang-cpp: error: linker command failed with exit code 1 (use -v to see invocation)
error: aborting due to previous error
http://beefy17.nyi.freebsd.org/data/head-i386-default/p523508_s356869/logs/rust-nightly-1.42.0.20200118.loghttp://beefy4.nyi.freebsd.org/data/121i386-quarterly/527662/logs/rust-nightly-1.42.0.20191222.log
Approved by: ports-secteam blanket
Add libarc to LIB_DEPENDS for audio/timidity++
Up until now, libarc was only being included in LIB_DEPENDS when
the Makefile of audio/timidity++ was being used by one of its slave ports.
audio/timidity++, however, may be also used as a standalone port in which
case it needs libarc to be available.
Reported by: hselasky
Approved by: portmgr blanket (runtime fix)
switch kicad-doc from source to pre-built docs
The build process is rather unstable on our asciidoc toolchain, but
then the doc files are completely independent of OS and machine
architecture, so there's nothing which stops us from just taking the
ready-built files from upstream. At the same time this enables two
additional documentation languages (polnish and chinese) - their
build process was even more unstable than the rest in my environment.
PR: 241183
Approved by: ports-secteam (joneum@)
textproc/apache-solr: security related update to 8.4.1
Switch java version to current LTS version.
Security: e59cb761-5ad8-11ea-abb7-001b217b3468
Approved by: ports-secteam (joneum)
x11/xdm: Fix generation of etc/X11/xdm/Xresources
By some stupidity of autotools, spacing for a sed regexp used to generate
Xresources gets broken, and the sed command doen't match as it should. This
results in an Xresources file with an extra '#endif /* XPM */', which breaks
the file.
Patch Makefile.in to fix the regexp and have Xresources generated properly.
PR: 244404
Reported by: olgeni
Approved by: ports-secteam (joenum)
mail/opensmtpd: update to 6.6.4p1 security releaase
SECURITY RELEASE
An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.
Approved by: ports-secteam (joneum)
Security: CVE-2020-8793, CVE-2020-8794
net/freeradius-client: unbreak fetch, update to 1.1.7 release
Maintainer didn't unbreak the port over 3 months since it was marked unfetchable,
version 1.1.7 was released 26.05.2017
Approved by: maintainer (timeout)
Approved by: ports-secteam (joneum)
