| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Changes: https://gitlab.freedesktop.org/mesa/mesa/-/compare/bc178c044ec...ecf29228d0b
(cherry picked from commit b73012d372f55b645de03c53ba29d41b13a91bc9)
|
|
|
|
|
| |
Changes: https://github.com/yuzu-emu/yuzu/compare/92c89312f...8870fae67
(cherry picked from commit 1c37b7dd3e6329ae4074742da39b74a146ff1f94)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes with Apache 2.4.56
*) SECURITY: CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi
HTTP response splitting (cve.mitre.org)
HTTP Response Smuggling vulnerability in Apache HTTP Server via
mod_proxy_uwsgi. This issue affects Apache HTTP Server: from
2.4.30 through 2.4.55.
Special characters in the origin response header can
truncate/split the response forwarded to the client.
Credits: Dimas Fariski Setyawan Putra (nyxsorcerer)
*) SECURITY: CVE-2023-25690: HTTP request splitting with
mod_rewrite and mod_proxy (cve.mitre.org)
Some mod_proxy configurations on Apache HTTP Server versions
2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along with
some form of RewriteRule
or ProxyPassMatch in which a non-specific pattern matches
some portion of the user-supplied request-target (URL) data and
is then
re-inserted into the proxied request-target using variable
substitution. For example, something like:
RewriteEngine on
RewriteRule "^/here/(.*)" "
http://example.com:8080/elsewhere?$1"
http://example.com:8080/elsewhere ; [P]
ProxyPassReverse /here/ http://example.com:8080/
http://example.com:8080/
Request splitting/smuggling could result in bypass of access
controls in the proxy server, proxying unintended URLs to
existing origin servers, and cache poisoning.
Credits: Lars Krapf of Adobe
*) rotatelogs: Add -T flag to allow subsequent rotated logfiles to be
truncated without the initial logfile being truncated. [Eric Covener]
*) mod_ldap: LDAPConnectionPoolTTL should accept negative values in order to
allow connections of any age to be reused. Up to now, a negative value
was handled as an error when parsing the configuration file. PR 66421.
[nailyk <bzapache nailyk.fr>, Christophe Jaillet]
*) mod_proxy_ajp: Report an error if the AJP backend sends an invalid number
of headers. [Ruediger Pluem]
*) mod_md:
- Enabling ED25519 support and certificate transparency information when
building with libressl v3.5.0 and newer. Thanks to Giovanni Bechis.
- MDChallengeDns01 can now be configured for individual domains.
Thanks to Jérôme Billiras (@bilhackmac) for the initial PR.
- Fixed a bug found by Jérôme Billiras (@bilhackmac) that caused the challenge
teardown not being invoked as it should.
[Stefan Eissing]
*) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
reported in access logs and error documents. The processing of the
reset was correct, only unneccesary reporting was caused.
[Stefan Eissing]
*) mod_proxy_uwsgi: Stricter backend HTTP response parsing/validation.
[Yann Ylavic]
PR: 270037
Reported by: Fabian Wenk <fabian@wenks.ch>
Sponsored by: Netzkommune GmbH
(cherry picked from commit 8ec7b3510f11d22eedea008ad340daf96057207f)
|
|
|
|
|
| |
PR: 269891
(cherry picked from commit 283da459379c602a10e65bdc9c7de8d10a717520)
|
|
|
|
|
|
|
| |
Fix build on 12.4 using gcc because port only builds with clang <=10.
MFH: 2023Q1 (build fixes)
(cherry picked from commit 526802d9024cb7efee0c95372a4f283a8a578b2a)
|
|
|
|
|
|
| |
ChangeLog: https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.6/CHANGES.md#version-316-march-9-2023
(cherry picked from commit 5f57f503aaaa958542e3f58bf98ee7c656f8c2c9)
|
|
|
|
| |
(cherry picked from commit 370611fb77630180615c7970a7d2e8eb034e7714)
|
|
|
|
| |
(cherry picked from commit 03813961556d89f7121d66e516fb36f9420402ac)
|
|
|
|
| |
(cherry picked from commit 3f4c0dcc7343758e65594235a06f4690dbd39c0c)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream switched to a commercial license years ago, and so we cannot
include more recent versions in the ports. Despite indications on the
website that they would switch back to GPL, this hasn't happened in
more than 5 years, so I guess it is never going to happen. From an
opensource point of view, this software is essentially abandonware.
However, given there is an actively developed upstream project, and
that project does provide FreeBSD binaries, it doesn't feel right to
deprecate the software entirely.
(cherry picked from commit 9ed24575353e3e60326d55782fffac2ed90d0e85)
|
|
|
|
|
|
|
| |
Details: https://github.com/zellij-org/zellij/releases/tag/v0.35.2
MFH: 2023Q1
(cherry picked from commit 4eb70236a216028f741cae1763788e4e1cfc3780)
|
|
|
|
|
|
|
| |
This updates unbreaks criterion: the previous version was broken with
the previous revision of nanopb.
(cherry picked from commit 8cb13effe152bc58e0ba52e162482d742b3ed603)
|
|
|
|
|
|
| |
devel/criterion was bereaking with the previous revision.
(cherry picked from commit 0ad835493002df20fcaffd7675e1a280845fd31b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade openoffice-devel to a more recent snapshot and unbreak. Recent
versions of clang do not like building system boost in -std=gnu++98 mode.
Add USE_GNOME=gdkpixbuf2xlib which now seems to be necessary.
Simplify the port by always using the bundled vigra and boost rather
than making this compiler version dependent. The bundled versions
work (better) with modern clang in -std=gnu++98 mode. Also, an
upcoming version of boost will require c++14 mode. The bundled
boost needs a minor patch to work with modern clang in this mode.
Add upgrade advice to pkg-message.
Security: 6678211c-bd47-11ed-beb0-1c1b0d9ea7e6
(cherry picked from commit 0a5ce79fad78c4d61921a310d21d6f8db8ffeb10)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The openoffice build system puts the the ports include directories
(including /usr/local/include) earlier in the list than it's internal
and bundled module include directories. When building on a live
system without poudriere, this can cause the build to pick up unwanted
include files from ports rather than the include files internal to
the build. This can cause strange build failures.
Fix this problem by putting the directories for installed ports at
the end of the list.
Reported by: Jan Henrik Sylvester <me@janh.de>
(cherry picked from commit bbb04a69f3b05c15e624700bea18de97ae153dba)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade openoffice-4 to version from 4.1.12 to 4.1.14 and unbreak.
The "invalid use of @return" build failure has come and gone probably
due to some other changes to ports.
Release notes for 4.1.14:
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.14+Release+Notes
Release notes for 4.1.13:
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.13+Release+Notes
Add USE_GNOME=gdkpixbuf2xlib which now seems to be necessary.
Simplify the port by always using the bundled vigra and boost rather
than making this compiler version dependent. The bundled versions
work (better) with modern clang in -std=gnu++98 mode. Also, an
upcoming version of boost will require c++14 mode. The bundled
boost needs a minor patch to work with modern clang in this mode.
Add upgrade advice to pkg-message.
Security: 6678211c-bd47-11ed-beb0-1c1b0d9ea7e6
(cherry picked from commit c36f76c2297b7294e24a9adce8b1b3a4105dd2c1)
|
|
|
|
|
| |
Changes: https://github.com/cbsd/cbsd/releases/tag/v13.1.25
(cherry picked from commit c3d23e39c21f0fe16b9c10e5eef7e378e10bc2c6)
|
|
|
|
|
|
|
| |
Changes: https://gitlab.freedesktop.org/mstoeckl/waypipe/-/releases/v0.8.5
Reported by: GitLab (notify releases)
(cherry picked from commit 9cd167c360c4bb0216c5188078c251a8eb144888)
|
|
|
|
|
|
|
| |
Release Notes (soon):
https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes/
(cherry picked from commit fffe39528a507cc5b3490fe4e5d788acaeab3cf5)
|
|
|
|
|
| |
Changes: https://github.com/hyprwm/hyprpicker/compare/fe4535a...234c2da
(cherry picked from commit e1a7811e115de66186b3fd0a3fd117de47eb890e)
|
|
|
|
|
|
|
| |
Can be used as xmag replacement e.g., check subpixel rendering in fonts.
In terms of features hyprpicker is similar to sxcs (not in ports yet).
(cherry picked from commit 76e11f4e9e2ad2e4333fbee8f827aa3a77fa51c9)
|
|
|
|
|
|
|
| |
Approved by: rene (mentor)
Security: https://vuxml.freebsd.org/freebsd/d357f6bb-0af4-4ac9-b096-eeec183ad829.html
(cherry picked from commit aec9cb380ef07743425005ffcb6994c399ca10e1)
|
|
|
|
|
| |
Changes: https://gitlab.freedesktop.org/mesa/mesa/-/compare/b8017243523...98a3ab640c41
(cherry picked from commit 6a11326d040c4e6610e15e901fc12976ad7b4808)
|
|
|
|
|
| |
Changes: https://github.com/yuzu-emu/yuzu/compare/4562f7af9...92c89312f
(cherry picked from commit a62c9744d670d0d54baae09c74f0085e58d04c43)
|
|
|
|
|
|
|
| |
Release Notes (soon):
https://www.mozilla.org/en-US/firefox/102.9.0/releasenotes/
(cherry picked from commit fb4d37fe46aa16d608b6dd623eb97b7e3a88d105)
|
|
|
|
|
|
|
| |
Release Notes (soon):
https://www.mozilla.org/en-US/firefox/111.0/releasenotes/
(cherry picked from commit 5ed784e9d72d45d3fa4fea4ee1f49f5bbdfa217d)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting with 13.2, elf processes will have ASLR turned on by default.
However, the vlc binary core dumps with ASLR on, so turn it off until a
proper fix can be found.
This fix is based on a discussion between emaste and Peter
<pmc@citylink.dinoex.sub.org>.
See also: https://lists.freebsd.org/archives/freebsd-stable/2023-March/001181.html
PR: 270038
Reviewed by: emaste, mjg, riggs
Approved by: multimedia (tcberner, maintainer)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38994
(cherry picked from commit 345272090c1216afd333c23a5b06494cb1961333)
|
|
|
|
|
|
|
|
| |
Release notes: https://lists.freedesktop.org/archives/mesa-announce/2023-February/000707.html
Sponsored by: Beckhoff Automation GmbH & Co. KG
(cherry picked from commit e433b6a62875a0a853c4a677c3ace22f4a46b6ec)
|
|
|
|
|
|
|
| |
Approved by: rene (mentor)
Security: https://vuxml.freebsd.org/freebsd/d357f6bb-0af4-4ac9-b096-eeec183ad829.html
(cherry picked from commit fa4b5f3e9b2a48568925d27f436a97e1acd48031)
|
|
|
|
|
|
| |
Direct commit to quarterly to bump Go ports revisions after 61a665d2d8d2
Approved by: ports-secteam (blanket)
|
|
|
|
|
|
|
| |
Changes: https://go.dev/doc/devel/release#go1.19.7
Security: 742279d6-bdbe-11ed-a179-2b68e9d12706
(cherry picked from commit 94f206a9db726e9d00a48598984c1fe5501e9572)
|
|
|
|
|
|
|
|
| |
MFH: 2023Q1
Security: f68bb358-be8e-11ed-9215-00e081b7aa2d
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 19097b7836aad43b88943053b83776f7283bcd67)
|
|
|
|
|
|
|
|
| |
MFH: 2023Q1
Security: f68bb358-be8e-11ed-9215-00e081b7aa2d
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 1dbab434b90c51d0328119b3a348c4fadbdd5291)
|
|
|
|
|
|
|
|
|
| |
PR 270002
Approved by: garga (maintainer - private email to myself, implicit)
message-id: 816dd4b5-0a0d-3dd2-4bcc-c9b3b1a4ddfd@FreeBSD.org
ChangeLog: https://www.sudo.ws/releases/stable/#1.9.13p3
(cherry picked from commit 6ab8398875fba68be034a9a0ab12047c9ea929c6)
|
|
|
|
|
| |
Changes: https://github.com/rbenv/ruby-build/releases/tag/v20230309
(cherry picked from commit d087e14e3d599cab9ae250ce0e404212eb5a50ff)
|
|
|
|
|
| |
Changes: https://gitlab.freedesktop.org/mesa/mesa/-/compare/ae6eb3229ee...b8017243523
(cherry picked from commit 98a3ab640c41ac930d6e3393c71ee166e0e85ffa)
|
|
|
|
|
| |
Changes: https://github.com/yuzu-emu/yuzu/compare/6d6143031...4562f7af9
(cherry picked from commit a3a65b9f955f8b743dcdb49859a6e74ec2ed1d32)
|
|
|
|
|
|
|
|
| |
Changelog: https://git.launchpad.net/lazr.restfulclient/tree/NEWS.rst
PR: 267674
MFH: 2023Q1
(cherry picked from commit 375652fb6fdbb9ca66f84aa86eabe395c14c28a5)
|
|
|
|
|
|
|
|
|
| |
Changes: https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/hSYAJS__-rw
Changes: https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/zleRGChurmo
Changes: https://hg.mozilla.org/projects/nss/shortlog/NSS_3_88_1_RTM
Reported by: Repology
(cherry picked from commit 909032bc67293b5debcd0f6bac7b41084ce14f20)
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog:
- File and permission changes are not being properly processed
https://github.com/johnmehr/gitup/issues/89
- gitup chokes on unrelated .git directory
https://github.com/johnmehr/gitup/issues/88
MFH: 2023Q1 (bugfixes)
(cherry picked from commit a9247f5c853c62a702d42b2584853794c32946e9)
|
|
|
|
|
|
|
| |
The version in main had the size in hexadecimal while in quarterly it was in
decimal.
Fixes: a9cb9c75a020
|
|
|
|
|
| |
Changes: https://github.com/rbenv/ruby-build/releases/tag/v20230306
(cherry picked from commit ee22f704e403a2061d26fb7d7d6416d6af9cc12b)
|
|
|
|
|
| |
Changes: https://gitlab.freedesktop.org/mesa/mesa/-/compare/f094e69469c...ae6eb3229ee
(cherry picked from commit eacac0805609f8838d181c84251773aa4eaa858d)
|
|
|
|
|
| |
Changes: https://github.com/yuzu-emu/yuzu/compare/ce8f4da63...6d6143031
(cherry picked from commit c950eac3b7565290ec8861778725b453b280fba2)
|
|
|
|
|
|
|
| |
Release Notes (soon):
https://www.mozilla.org/en-US/firefox/102.9.0/releasenotes/
(cherry picked from commit f6ef75f0d3f17d6ae4aa0c32b1de47154c232690)
|
|
|
|
|
|
|
| |
Release Notes (soon):
https://www.mozilla.org/en-US/firefox/111.0/releasenotes/
(cherry picked from commit 3216951d4fd2541225d87fccefe5309e2fa746c5)
|
|
|
|
|
|
|
| |
Error: /usr/local/bin/yuzu is linked to /usr/local/lib/libbrotlidec.so.1 from archivers/brotli but it is not declared as a dependency
Warning: you need LIB_DEPENDS+=libbrotlidec.so:archivers/brotli
Error: /usr/local/bin/yuzu is linked to /usr/local/llvm15/lib/libLLVM-15.so from devel/llvm15 but it is not declared as a dependency
(cherry picked from commit 78163f4fb12f940564c786eb1bcedeba617e0277)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In file included from src/core/debugger/debugger.cpp:8:
In file included from /usr/local/include/boost/asio.hpp:20:
In file included from /usr/local/include/boost/asio/append.hpp:74:
In file included from /usr/local/include/boost/asio/impl/append.hpp:22:
In file included from /usr/local/include/boost/asio/detail/handler_alloc_helpers.hpp:21:
In file included from /usr/local/include/boost/asio/detail/recycling_allocator.hpp:20:
In file included from /usr/local/include/boost/asio/detail/thread_context.hpp:20:
In file included from /usr/local/include/boost/asio/detail/call_stack.hpp:20:
In file included from /usr/local/include/boost/asio/detail/tss_ptr.hpp:27:
In file included from /usr/local/include/boost/asio/detail/posix_tss_ptr.hpp:76:
In file included from /usr/local/include/boost/asio/detail/impl/posix_tss_ptr.ipp:23:
In file included from /usr/local/include/boost/asio/detail/throw_error.hpp:20:
In file included from /usr/local/include/boost/system/error_code.hpp:13:
In file included from /usr/local/include/boost/system/detail/error_code.hpp:15:
In file included from /usr/local/include/boost/system/detail/error_condition.hpp:18:
In file included from /usr/local/include/boost/system/detail/append_int.hpp:8:
/usr/local/include/boost/system/detail/snprintf.hpp:62:13: error: non-const lvalue reference to type '__builtin_va_list' cannot bind to a value of unrelated type 'va_list' (aka 'std::__va_list')
va_end( args );
^~~~
/usr/include/sys/_stdarg.h:51:40: note: expanded from macro 'va_end'
#define va_end(ap) __builtin_va_end(ap)
^~
Reported by: pkg-fallout
(cherry picked from commit f98c438a01911643667fecb0780638d60d3843dd)
|
|
|
|
|
|
|
|
|
|
|
| |
During last package update (from 0.7.2 to 0.7.3) the
version number was increased but not the github hash.
PR: 269567
Reported by: <void@f-m.fm>
MFH: 2023Q1
(cherry picked from commit 610b7c461f2b8a9132a6dc29a8fb33ada6a43d79)
|
|
|
|
|
|
|
|
|
|
| |
Reduce size of the buffer to avoid stack smashing.
PR: 265056
Reported by: ohartmann@walstatt.org
MFH: 2023Q1 (bug fix)
(cherry picked from commit 4967d9eb09c1369d5c3dd41edaedba25fd127f3d)
|