Skip to content
GitLab
  1. 18 Jun, 2019 1 commit
  3. 15 Jun, 2019 2 commits
  5. 14 Jun, 2019 4 commits
  7. 13 Jun, 2019 7 commits
    • Kai Knoblich's avatar
      MFH: r504076 · b9c8dd64
      Kai Knoblich authored 
      devel/py-apptools: Enable Python 3.x builds

* Support for Python 3 was introduced with 4.4.0
* Pet portlint (reduce the overall usage of lines in the pkg-descr and
  separate the USES block).
* No bump of PORTREVISION due style changes only.

PR:		238435
Submitted by:	vladimir.chukharev@gmail.com (maintainer)
Approved by:	ports-secteam (miwi)
      b9c8dd64
    • Adam Weinberger's avatar
      Update vim to patchlevel 1365 · 87ebbe5d
      Adam Weinberger authored 
      This is a direct commit to 2019Q2. The version in head contains many
other changes that are intentionally being tested there before
showing up in quarterly.

Security:     CVE-2019-12735
Approved by:  portmgr (with hat)
      87ebbe5d
    • Adam Weinberger's avatar
      MFH: r502923 r502963 · 547c713f
      Adam Weinberger authored 
      Update neovim to 0.3.6
Update neovim to 0.3.7

Security:    CVE-2019-12735
Approved by: portmgr (with hat)
      547c713f
    • Marc Fonvieille's avatar
      MFH: r498480 r503830 · 09294425
      Marc Fonvieille authored 
      Update to r52910 from the FreeBSD docset.

Approved by:	doceng (implicit)

Update to r53120 from the FreeBSD docset (a.k.a. 11.3-R version)

Approved by:	doceng (implicit)

Approved by:	portmgr (blanket)
      09294425
    • Christoph Moench-Tegeder's avatar
      MFH: r504100 · 0ac63d5e
      Christoph Moench-Tegeder authored 
      mail/thunderbird: update to 60.7.1 (rc1)

Release Notes (soon):
  https://www.thunderbird.net/en-US/thunderbird/60.7.1/releasenotes/

Approved by:	jbeich (gecko@, implicit)

Approved by:	portmgr (blanket: web browser lookalike)
      0ac63d5e
    • Antoine Brodin's avatar
      MFH: r504058 · 8324c7fb
      Antoine Brodin authored 
      Mark BROKEN on FreeBSD 12 and 13

Traceback (most recent call last):
  File "scripts/python/make-dist.py", line 294, in <module>
    Setup(InstallRoot_CompilerWithPrevious, InstallRoot_CompilerWithSelf)
  File "scripts/python/make-dist.py", line 268, in Setup
    reload(pylib) or FatalError()
  File "/wrkdirs/usr/ports/lang/modula3/work/cm3-b2ce705/scripts/python/pylib.py", line 655, in <module>
    if Host.endswith("_NT") or Host == "NT386":
AttributeError: 'NoneType' object has no attribute 'endswith'

Reported by:	pkg-fallout
      8324c7fb
    • Jan Beich's avatar
      MFH: r503790 r503811 · 390e0800
      Jan Beich authored 
      devel/libevent2: update to 2.1.10

Changes:	https://github.com/libevent/libevent/releases/tag/release-2.1.10-stable
ABI:		https://abi-laboratory.pro/tracker/timeline/libevent/
PR:		238127
Reported by:	GitHub (watch releases)
Tested by:	pkubaj (powerpc64)
Approved by:	maintainer timeout (2 weeks)
Approved by:	ports-secteam (miwi)
      390e0800
  9. 12 Jun, 2019 1 commit
  11. 11 Jun, 2019 4 commits
    • Jung-uk Kim's avatar
      MFH: r503990 · d2bea8fc
      Jung-uk Kim authored 
      Update to 32.0.0.207.

https://helpx.adobe.com/security/products/flash-player/apsb19-30.html

Approved by:	ports-secteam (blanket)
      d2bea8fc
    • Mathieu Arnold's avatar
      MFH: r503955 · ebf3b107
      Mathieu Arnold authored 
      Fix named when using plugins and chroot.

BIND9 introduced plugins and migrated the filter-aaaa feature to a
plugin.
As it loads its plugins late in the startup process (read after chroot),
the plugins need to be available in the chroot.

Also, refactor the code now that a second directory need to be handled.

PR:		238011
Reported by:	ryan@timewasted.me
      ebf3b107
    • Torsten Zuehlsdorff's avatar
      MFH: r503194 · 6be6ec9d
      Torsten Zuehlsdorff authored 
      lang/php72: Upgrade from 7.2.18 7.2.19

Changelog:

    EXIF:
        Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
    FPM:
        Fixed bug #77934 (php-fpm kill -USR2 not working).
        Fixed bug #77921 (static.php.net doesn't work anymore).
    GD:
        Fixed bug #77943 (imageantialias($image, false); does not work).
        Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
    Iconv:
        Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
    JSON:
        Fixed bug #77843 (Use after free with json serializer).
    Opcache:
        Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.
    PDO_MySQL:
        Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64).
    Reflection:
        Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()).
    Session:
        Fixed bug #77911 (Wrong warning for session.sid_bits_per_character).
    SPL:
        Fixed bug #77024 (SplFileObject::__toString() may return array).
    SQLite:
        Fixed bug #77967 (Bypassing open_basedir restrictions via file uris).

Changelog taken from: https://www.php.net/ChangeLog-7.php#7.2.19

MFC after:	2019Q2

Approved by:	ports-secteam (joneum)
      6be6ec9d
    • Jan Beich's avatar
      MFH: r503931 · cdd50a1f
      Jan Beich authored 
      emulators/citra: update to s20190610

Changes:	https://github.com/citra-emu/citra/compare/75ebf1fdf...73bf92fb3
Approved by:	ports-secteam (swills, implicit for snapshots)
      cdd50a1f
  13. 10 Jun, 2019 5 commits
  15. 09 Jun, 2019 2 commits
  17. 08 Jun, 2019 1 commit
  19. 07 Jun, 2019 4 commits
    • Glen Barber's avatar
      MFH: r503651 · 7aa5c980
      Glen Barber authored 
      Add the 11.3-BETA3 MANIFEST files.
Remove the 11.3-BETA2 MANIFEST files.

Approved by:	portmgr (implicit, re blanket)
Approved by:	bdrewery (maintainer, implicit, re blanket)
Sponsored by:	The FreeBSD Foundation
      7aa5c980
    • Thomas Zander's avatar
      MFH: r503644 · f761ac1b
      Thomas Zander authored 
      Update to upstream release 0.21.10

Details:
- Bugfix / regression fix release, see
  https://raw.githubusercontent.com/MusicPlayerDaemon/MPD/v0.21.10/NEWS

Approved by:	ports-secteam (riggs)
      f761ac1b
    • Torsten Zuehlsdorff's avatar
      MFH: r503195 · 0f96eb9d
      Torsten Zuehlsdorff authored 
      lang/php73: Update from 7.3.5 to 7.3.6

Changelog:

    cURL:
        Implemented FR #72189 (Add missing CURL_VERSION_* constants).
    EXIF:
        Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
    FPM:
        Fixed bug #77934 (php-fpm kill -USR2 not working).
        Fixed bug #77921 (static.php.net doesn't work anymore).
    GD:
        Fixed bug #77943 (imageantialias($image, false); does not work).
        Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
    Iconv:
        Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
    JSON:
        Fixed bug #77843 (Use after free with json serializer).
    Opcache:
        Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.
    PDO_MySQL:
        Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64).
    Reflection:
        Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()).
    Session:
        Fixed bug #77911 (Wrong warning for session.sid_bits_per_character).
    SOAP:
        Fixed bug #77945 (Segmentation fault when constructing SoapClient with WSDL_CACHE_BOTH).
    SPL:
        Fixed bug #77024 (SplFileObject::__toString() may return array).
    SQLite:
        Fixed bug #77967 (Bypassing open_basedir restrictions via file uris).
    Standard:
        Fixed bug #77931 (Warning for array_map mentions wrong type).
        Fixed bug #78003 (strip_tags output change since PHP 7.3).

Changelog taken from: https://www.php.net/ChangeLog-7.php#7.3.6

Approved by:	ports-secteam (miwi)
      0f96eb9d
    • Torsten Zuehlsdorff's avatar
      MFH: r503193 · 0e300e59
      Torsten Zuehlsdorff authored 
      lang/php71: Update from 7.1.29 to 7.1.30

Changelog:

    EXIF:
        Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
    GD:
        Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
    Iconv:
        Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
    SQLite:
        Fixed bug #77967 (Bypassing open_basedir restrictions via file uris).

Changelog taken from: https://www.php.net/ChangeLog-7.php#7.1.30

Approved by:	ports-secteam (miwi)
      0e300e59
  21. 06 Jun, 2019 2 commits
  23. 05 Jun, 2019 1 commit
  25. 03 Jun, 2019 2 commits
  27. 02 Jun, 2019 3 commits
    • Kai Knoblich's avatar
      MFH: r503081 · eb241d8f
      Kai Knoblich authored 
      www/gitea: Update to 1.8.2

Changelog:

* Fix possbile mysql invalid connnection error
* Handle invalid administrator username on install page
* Disable arm7 builds
* Fix default for allowing new organization creation for new users
* SearchRepositoryByName improvements and unification
* Fix u2f registrationlist ToRegistrations() method
* Allow collaborators to view repo owned by private org
* Use AppURL for Oauth user link
* Escape the commit message on issues update
* Fix regression for API users search
* Handle early git version's lack of get-url
* Fix wrong init dependency on markup extensions

https://github.com/go-gitea/gitea/releases/tag/v1.8.2

PR:		238239
Submitted by:	stb@lassitu.de (maintainer)
Approved by:	ports-secteam (miwi)
      eb241d8f
    • Craig Leres's avatar
      MFH: r503191 · e28db1fe
      Craig Leres authored 
      security/bro: Update to 2.6.2 and address several denial of service
vulnerabilities:

   https://raw.githubusercontent.com/zeek/zeek/bb979702cf9a2fa67b8d1a1c7f88d0b56c6af104/NEWS

 - Integer type mismatches in BinPAC-generated parser code and Bro
   analyzer code may allow for crafted packet data to cause
   unintentional code paths in the analysis logic to be taken due
   to unsafe integer conversions causing the parser and analysis
   logic to each expect different fields to have been parsed.  One
   such example, reported by Maksim Shudrak, causes the Kerberos
   analyzer to dereference a null pointer.  CVE-2019-12175 was
   assigned for this issue.

 - The Kerberos parser allows for several fields to be left
   uninitialized, but they were not marked with an &optional attribute
   and several usages lacked existence checks.  Crafted packet data
   could potentially cause an attempt to access such uninitialized
   fields, generate a runtime error/exception, and leak memory.
   Existence checks and &optional attributes have been added to the
   relevent Kerberos fields.

 - BinPAC-generated protocol parsers commonly contain fields whose
   length is derived from other packet input, and for those that
   allow for incremental parsing, BinPAC did not impose a limit on
   how large such a field could grow, allowing for remotely-controlled
   packet data to cause growth of BinPAC's flowbuffer bounded only
   by the numeric limit of an unsigned 64-bit integer, leading to
   memory exhaustion.  There is now a generalized limit for how
   large flowbuffers are allowed to grow, tunable by setting
   "BinPAC::flowbuffer_capacity_max".

Approved by:	ler (mentor, implicit)
Security:	177fa455-48fc-4ded-ba1b-9975caa7f62a

Approved by:	ports-secteam (miwi)
      e28db1fe
    • Matthias Andree's avatar
      MFH: r503235 · 9115f51e
      Matthias Andree authored 
      Update e2fsprogs to new upstream release 1.45.2

Various bugfixes, and added Portuguese locale.
Update the Czech, Malay, Polish, Spanish, Swedish, and Ukarainian translations.

Release notes:
<http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.2>

Approved by:	ports-secteam (miwi)
      9115f51e
  29. 01 Jun, 2019 1 commit