1. 18 Jun, 2019 1 commit
  2. 15 Jun, 2019 2 commits
  3. 14 Jun, 2019 4 commits
  4. 13 Jun, 2019 7 commits
    • Kai Knoblich's avatar
      MFH: r504076 · b9c8dd64
      Kai Knoblich authored
      devel/py-apptools: Enable Python 3.x builds
      
      * Support for Python 3 was introduced with 4.4.0
      * Pet portlint (reduce the overall usage of lines in the pkg-descr and
        separate the USES block).
      * No bump of PORTREVISION due style changes only.
      
      PR:		238435
      Submitted by:	vladimir.chukharev@gmail.com (maintainer)
      Approved by:	ports-secteam (miwi)
      b9c8dd64
    • Adam Weinberger's avatar
      Update vim to patchlevel 1365 · 87ebbe5d
      Adam Weinberger authored
      This is a direct commit to 2019Q2. The version in head contains many
      other changes that are intentionally being tested there before
      showing up in quarterly.
      
      Security:     CVE-2019-12735
      Approved by:  portmgr (with hat)
      87ebbe5d
    • Adam Weinberger's avatar
      MFH: r502923 r502963 · 547c713f
      Adam Weinberger authored
      Update neovim to 0.3.6
      Update neovim to 0.3.7
      
      Security:    CVE-2019-12735
      Approved by: portmgr (with hat)
      547c713f
    • Marc Fonvieille's avatar
      MFH: r498480 r503830 · 09294425
      Marc Fonvieille authored
      Update to r52910 from the FreeBSD docset.
      
      Approved by:	doceng (implicit)
      
      Update to r53120 from the FreeBSD docset (a.k.a. 11.3-R version)
      
      Approved by:	doceng (implicit)
      
      Approved by:	portmgr (blanket)
      09294425
    • Christoph Moench-Tegeder's avatar
      MFH: r504100 · 0ac63d5e
      Christoph Moench-Tegeder authored
      mail/thunderbird: update to 60.7.1 (rc1)
      
      Release Notes (soon):
        https://www.thunderbird.net/en-US/thunderbird/60.7.1/releasenotes/
      
      Approved by:	jbeich (gecko@, implicit)
      
      Approved by:	portmgr (blanket: web browser lookalike)
      0ac63d5e
    • Antoine Brodin's avatar
      MFH: r504058 · 8324c7fb
      Antoine Brodin authored
      Mark BROKEN on FreeBSD 12 and 13
      
      Traceback (most recent call last):
        File "scripts/python/make-dist.py", line 294, in <module>
          Setup(InstallRoot_CompilerWithPrevious, InstallRoot_CompilerWithSelf)
        File "scripts/python/make-dist.py", line 268, in Setup
          reload(pylib) or FatalError()
        File "/wrkdirs/usr/ports/lang/modula3/work/cm3-b2ce705/scripts/python/pylib.py", line 655, in <module>
          if Host.endswith("_NT") or Host == "NT386":
      AttributeError: 'NoneType' object has no attribute 'endswith'
      
      Reported by:	pkg-fallout
      8324c7fb
    • Jan Beich's avatar
      MFH: r503790 r503811 · 390e0800
      Jan Beich authored
      devel/libevent2: update to 2.1.10
      
      Changes:	https://github.com/libevent/libevent/releases/tag/release-2.1.10-stable
      ABI:		https://abi-laboratory.pro/tracker/timeline/libevent/
      PR:		238127
      Reported by:	GitHub (watch releases)
      Tested by:	pkubaj (powerpc64)
      Approved by:	maintainer timeout (2 weeks)
      Approved by:	ports-secteam (miwi)
      390e0800
  5. 12 Jun, 2019 1 commit
  6. 11 Jun, 2019 4 commits
    • Jung-uk Kim's avatar
      MFH: r503990 · d2bea8fc
      Jung-uk Kim authored
      Update to 32.0.0.207.
      
      https://helpx.adobe.com/security/products/flash-player/apsb19-30.html
      
      Approved by:	ports-secteam (blanket)
      d2bea8fc
    • Mathieu Arnold's avatar
      MFH: r503955 · ebf3b107
      Mathieu Arnold authored
      Fix named when using plugins and chroot.
      
      BIND9 introduced plugins and migrated the filter-aaaa feature to a
      plugin.
      As it loads its plugins late in the startup process (read after chroot),
      the plugins need to be available in the chroot.
      
      Also, refactor the code now that a second directory need to be handled.
      
      PR:		238011
      Reported by:	ryan@timewasted.me
      ebf3b107
    • Torsten Zuehlsdorff's avatar
      MFH: r503194 · 6be6ec9d
      Torsten Zuehlsdorff authored
      lang/php72: Upgrade from 7.2.18 7.2.19
      
      Changelog:
      
          EXIF:
              Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
          FPM:
              Fixed bug #77934 (php-fpm kill -USR2 not working).
              Fixed bug #77921 (static.php.net doesn't work anymore).
          GD:
              Fixed bug #77943 (imageantialias($image, false); does not work).
              Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
          Iconv:
              Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
          JSON:
              Fixed bug #77843 (Use after free with json serializer).
          Opcache:
              Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.
          PDO_MySQL:
              Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64).
          Reflection:
              Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()).
          Session:
              Fixed bug #77911 (Wrong warning for session.sid_bits_per_character).
          SPL:
              Fixed bug #77024 (SplFileObject::__toString() may return array).
          SQLite:
              Fixed bug #77967 (Bypassing open_basedir restrictions via file uris).
      
      Changelog taken from: https://www.php.net/ChangeLog-7.php#7.2.19
      
      MFC after:	2019Q2
      
      Approved by:	ports-secteam (joneum)
      6be6ec9d
    • Jan Beich's avatar
      MFH: r503931 · cdd50a1f
      Jan Beich authored
      emulators/citra: update to s20190610
      
      Changes:	https://github.com/citra-emu/citra/compare/75ebf1fdf...73bf92fb3
      Approved by:	ports-secteam (swills, implicit for snapshots)
      cdd50a1f
  7. 10 Jun, 2019 5 commits
  8. 09 Jun, 2019 2 commits
  9. 08 Jun, 2019 1 commit
  10. 07 Jun, 2019 4 commits
    • Glen Barber's avatar
      MFH: r503651 · 7aa5c980
      Glen Barber authored
      Add the 11.3-BETA3 MANIFEST files.
      Remove the 11.3-BETA2 MANIFEST files.
      
      Approved by:	portmgr (implicit, re blanket)
      Approved by:	bdrewery (maintainer, implicit, re blanket)
      Sponsored by:	The FreeBSD Foundation
      7aa5c980
    • Thomas Zander's avatar
      MFH: r503644 · f761ac1b
      Thomas Zander authored
      Update to upstream release 0.21.10
      
      Details:
      - Bugfix / regression fix release, see
        https://raw.githubusercontent.com/MusicPlayerDaemon/MPD/v0.21.10/NEWS
      
      Approved by:	ports-secteam (riggs)
      f761ac1b
    • Torsten Zuehlsdorff's avatar
      MFH: r503195 · 0f96eb9d
      Torsten Zuehlsdorff authored
      lang/php73: Update from 7.3.5 to 7.3.6
      
      Changelog:
      
          cURL:
              Implemented FR #72189 (Add missing CURL_VERSION_* constants).
          EXIF:
              Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
          FPM:
              Fixed bug #77934 (php-fpm kill -USR2 not working).
              Fixed bug #77921 (static.php.net doesn't work anymore).
          GD:
              Fixed bug #77943 (imageantialias($image, false); does not work).
              Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
          Iconv:
              Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
          JSON:
              Fixed bug #77843 (Use after free with json serializer).
          Opcache:
              Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.
          PDO_MySQL:
              Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64).
          Reflection:
              Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()).
          Session:
              Fixed bug #77911 (Wrong warning for session.sid_bits_per_character).
          SOAP:
              Fixed bug #77945 (Segmentation fault when constructing SoapClient with WSDL_CACHE_BOTH).
          SPL:
              Fixed bug #77024 (SplFileObject::__toString() may return array).
          SQLite:
              Fixed bug #77967 (Bypassing open_basedir restrictions via file uris).
          Standard:
              Fixed bug #77931 (Warning for array_map mentions wrong type).
              Fixed bug #78003 (strip_tags output change since PHP 7.3).
      
      Changelog taken from: https://www.php.net/ChangeLog-7.php#7.3.6
      
      Approved by:	ports-secteam (miwi)
      0f96eb9d
    • Torsten Zuehlsdorff's avatar
      MFH: r503193 · 0e300e59
      Torsten Zuehlsdorff authored
      lang/php71: Update from 7.1.29 to 7.1.30
      
      Changelog:
      
          EXIF:
              Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
          GD:
              Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
          Iconv:
              Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
          SQLite:
              Fixed bug #77967 (Bypassing open_basedir restrictions via file uris).
      
      Changelog taken from: https://www.php.net/ChangeLog-7.php#7.1.30
      
      Approved by:	ports-secteam (miwi)
      0e300e59
  11. 06 Jun, 2019 2 commits
  12. 05 Jun, 2019 1 commit
  13. 03 Jun, 2019 2 commits
  14. 02 Jun, 2019 3 commits
    • Kai Knoblich's avatar
      MFH: r503081 · eb241d8f
      Kai Knoblich authored
      www/gitea: Update to 1.8.2
      
      Changelog:
      
      * Fix possbile mysql invalid connnection error
      * Handle invalid administrator username on install page
      * Disable arm7 builds
      * Fix default for allowing new organization creation for new users
      * SearchRepositoryByName improvements and unification
      * Fix u2f registrationlist ToRegistrations() method
      * Allow collaborators to view repo owned by private org
      * Use AppURL for Oauth user link
      * Escape the commit message on issues update
      * Fix regression for API users search
      * Handle early git version's lack of get-url
      * Fix wrong init dependency on markup extensions
      
      https://github.com/go-gitea/gitea/releases/tag/v1.8.2
      
      PR:		238239
      Submitted by:	stb@lassitu.de (maintainer)
      Approved by:	ports-secteam (miwi)
      eb241d8f
    • Craig Leres's avatar
      MFH: r503191 · e28db1fe
      Craig Leres authored
      security/bro: Update to 2.6.2 and address several denial of service
      vulnerabilities:
      
         https://raw.githubusercontent.com/zeek/zeek/bb979702cf9a2fa67b8d1a1c7f88d0b56c6af104/NEWS
      
       - Integer type mismatches in BinPAC-generated parser code and Bro
         analyzer code may allow for crafted packet data to cause
         unintentional code paths in the analysis logic to be taken due
         to unsafe integer conversions causing the parser and analysis
         logic to each expect different fields to have been parsed.  One
         such example, reported by Maksim Shudrak, causes the Kerberos
         analyzer to dereference a null pointer.  CVE-2019-12175 was
         assigned for this issue.
      
       - The Kerberos parser allows for several fields to be left
         uninitialized, but they were not marked with an &optional attribute
         and several usages lacked existence checks.  Crafted packet data
         could potentially cause an attempt to access such uninitialized
         fields, generate a runtime error/exception, and leak memory.
         Existence checks and &optional attributes have been added to the
         relevent Kerberos fields.
      
       - BinPAC-generated protocol parsers commonly contain fields whose
         length is derived from other packet input, and for those that
         allow for incremental parsing, BinPAC did not impose a limit on
         how large such a field could grow, allowing for remotely-controlled
         packet data to cause growth of BinPAC's flowbuffer bounded only
         by the numeric limit of an unsigned 64-bit integer, leading to
         memory exhaustion.  There is now a generalized limit for how
         large flowbuffers are allowed to grow, tunable by setting
         "BinPAC::flowbuffer_capacity_max".
      
      Approved by:	ler (mentor, implicit)
      Security:	177fa455-48fc-4ded-ba1b-9975caa7f62a
      
      Approved by:	ports-secteam (miwi)
      e28db1fe
    • Matthias Andree's avatar
      MFH: r503235 · 9115f51e
      Matthias Andree authored
      Update e2fsprogs to new upstream release 1.45.2
      
      Various bugfixes, and added Portuguese locale.
      Update the Czech, Malay, Polish, Spanish, Swedish, and Ukarainian translations.
      
      Release notes:
      <http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.2>
      
      Approved by:	ports-secteam (miwi)
      9115f51e
  15. 01 Jun, 2019 1 commit