tar: Pathname can't be converted from UTF-8 to current locale.
tar: Error exit delayed from previous errors.
*** Error code 1
See more details for the same issue in bug 246618.
Reported by: pkg-fallout
Approved by: portmgr blanket
Document two vulnerabilities, one in xorg-server and one in libX11.
The one in libX11 is a heap corruption vulnerability. [1]
The one in xorg-server (and slave ports) is a uninitialized memory
disclosure. [2]
Security: CVE-2020-14344[1], CVE-2020-14347 [2]
configuring additional dynamic modules
adding module in /wrkdirs/usr/ports/security/modsecurity3-nginx/work/ModSecurity-nginx-1.0.1
checking for ModSecurity library ... not found
checking for ModSecurity library in /usr/local/modsecurity ... not found
./configure: error: ngx_http_modsecurity_module requires the ModSecurity library.
===> Script "configure" failed unexpectedly.
Sponsored by: Netzkommune GmbH
r541879 adds a patch that disables an openssl cmake module from
being invoked. But on 11.3 at least if some other package dependency
pulls in openssl (or DEFAULT_VERSIONS has ssl=openssl), yubico-piv-tool
is built with openssl 1.0 includes from base and openssl 1.1 libraries
from the port; this fails due to openssl API changes between 1.0
and 1.1 (e.g. EVP_MD_CTX_create() became EVP_MD_CTX_new()).
This is not a compile time problem on 12.1 because the base version
of openssl is 1.1 (but there is no guarantee there are not other
issues caused by the mixing of includes and libraries).
Replace the CMakeLists.txt patch with one for patch-cmake_openssl.cmake
that the cmake checks for openssl/libcrypto optional. This ensures
that openssl includes and libraries are not mixed between the base
and ports versions.
PR: 248049
Approved by: ume (maintainer timeout, 2 weeks)
Latest version of games/py-mnemosyne requires new dependencies. This commit adds the missing dependencies:
- audio/py-gtts
- security/py-gtts-token (required by audio/py-gtts)
- textproc/py-googletrans
The games/py-mnemosyne port needs to be limited to Python 3.7+ to keep the dependency chains intact. This is because textproc/py-googletrans depends on www/py-httpx which is only for Python 3.7+.
PR: 247595
Submitted by: kai
Reported by: gspurki@gmail.com
Approved by: tcberner (mentor)
MFH: 2020Q3
Differential Revision: https://reviews.freebsd.org/D25895
I wanted to incorporate a method to get an SSL certificate from a server, show
the user the same kind of information as you'd see in a browser, prompt them for
validity, then write it to disk for use in all requests to a server.
I was unable to find any great / easy ways that incorporated all of these
concepts into one neat thing. So I made a thing.
Originally this was based off of yet another lovely over-engineered solution in
get-ca-py by Josh Peak.
WWW: https://github.com/lifehackjim/cert_human
Tuesday, 28 July 2020. Today KDE releases a bugfix update to KDE Plasma 5,
versioned 5.19.4. Plasma 5.19 was released in June 2020 with many feature
refinements and new modules to complete the desktop experience.
This release adds three week's worth of new translations and fixes from KDE's
contributors. The bugfixes are typically small but important and include:
* Plasma Networkmanager: Make hotspot configuration dialog bigger.
* Only open KCM in systemsettings if it can be displayed. Fixes bug #423612
* Plasma Vault: Reset password field when the user clicks Ok. Fixes bug #424063
Full changelog:
https://kde.org/announcements/plasma-5.19.3-5.19.4-changelog
https://github.com/zeek/zeek/releases/tag/v3.0.8
- Fix potential DNS analyzer stack overflow
- Fix potential NetbiosSSN analyzer stack overflow
Other fixes:
- Fix DHCP Client ID Option misformat for Hardware Type 0
- Fix/allow copying/cloning of opaque of Broker::Store
- Fix ConnPolling memory over-use
- Fix compress_path not normalizing some paths correctly
- Fix integer conversion error for Tag subtypes/enums
- Fix bro_prng() results not staying within modulus
- Prevent providing a 0 seed to bro_prng() since the LCG parameters
don't allow that
Reported by: Jon Siwek
MFH: 2020Q3
Security: e333084c-9588-4eee-8bdc-323e02cb4fe0
/nxb-bin/usr/bin/sed -i.bak -e 's/cc//nxb-bin/usr/bin/cc/g' /wrkdirs/usr/ports/security/arirang/work/arirang-2.03/extconf.rb sed: 1:
"s/cc//nxb-bin/usr/bin/c ...": bad flag in substitute command: 'n'
The option is a linker option but is passed to cc verbatim, and this
causes fallout complaints on head i386 (13):
--- lemon ---
cc -o lemon lemon.o -export-dynamic
ld: warning: cannot find entry symbol xport-dynamic; defaulting to 0x4049B0
===> making all in src
--- all ---
--- auth-ldap.o ---
cc -fPIC -O2 -pipe -fPIC -fstack-protector-strong -DLDAP_DEPRECATED -fno-strict-aliasing -Wno-import -L/usr/local/lib -I/usr/local/include -fPIC -I/usr/local/include -D_THREAD_SAFE -fobjc-exceptions -fno-strict-aliasing -O2 -pipe -fPIC -fstack-protector-strong -DLDAP_DEPRECATED -fno-strict-aliasing -DHAVE_CONFIG_H -Wall -I/usr/local/include -I/usr/local/include -I/usr/local/include -I/usr/local/include -c auth-ldap.m -o auth-ldap.o -I. -I../src -I.. -I../src -I. -I../tests -I../tests
--- TRConfigParser.m ---
./tools/lemon -T../tools/lempar.c -m -q TRConfigParser.lemon -OTRConfigParser.m
Segmentation fault (core dumped)
*** [TRConfigParser.m] Error code 139
NOTE! With devel/check exactly at 0.15.1, this fails to build due to a regression
in check 0.15.1. 0.15.0 is fine, and the bug is reported here:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248274 (FreeBSD)
https://github.com/libcheck/check/issues/293 (upstream)
http://beefy17.nyi.freebsd.org/data/head-i386-default/p543393_s363499/logs/openvpn-auth-ldap-2.0.4.log
This is more fallout to permit narrowing down failures:
=>> Building security/openvpn-auth-ldap
build started at Sun Jul 26 01:01:36 UTC 2020
port directory: /usr/ports/security/openvpn-auth-ldap
package name: openvpn-auth-ldap-2.0.4
building for: FreeBSD head-i386-default-job-12 13.0-CURRENT FreeBSD 13.0-CURRENT 1300101 i386
maintained by: mandree@FreeBSD.org
Makefile ident: $FreeBSD: head/security/openvpn-auth-ldap/Makefile 527679 2020-03-03 15:11:46Z mat $
Poudriere version: 3.2.8-5-gc81843e5
Host OSVERSION: 1300100
Jail OSVERSION: 1300101
Job Id: 12
!!! Jail is newer than host. (Jail: 1300101, Host: 1300100) !!!
!!! This is not supported. !!!
!!! Host kernel must be same or newer than jail. !!!
!!! Expect build failures. !!!
---Begin Environment---
SHELL=/bin/csh
UNAME_p=i386
UNAME_m=i386
OSVERSION=1300101
UNAME_v=FreeBSD 13.0-CURRENT 1300101
UNAME_r=13.0-CURRENT
BLOCKSIZE=K
MAIL=/var/mail/root
STATUS=1
HOME=/root
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
LOCALBASE=/usr/local
USER=root
LIBEXECPREFIX=/usr/local/libexec/poudriere
POUDRIERE_VERSION=3.2.8-5-gc81843e5
MASTERMNT=/usr/local/poudriere/data/.m/head-i386-default/ref
POUDRIERE_BUILD_TYPE=bulk
PACKAGE_BUILDING=yes
SAVED_TERM=
PWD=/usr/local/poudriere/data/.m/head-i386-default/ref/.p/pool
P_PORTS_FEATURES=FLAVORS SELECTED_OPTIONS
MASTERNAME=head-i386-default
SCRIPTPREFIX=/usr/local/share/poudriere
OLDPWD=/usr/local/poudriere/data/.m/head-i386-default/ref/.p
SCRIPTPATH=/usr/local/share/poudriere/bulk.sh
POUDRIEREPATH=/usr/local/bin/poudriere
---End Environment---
This is again a part of the project to stop extraneous escaping of
ordinary characters and redefine some ordinary escapes as special
behavior.
Most of these ports are pushed over to use textproc/gsed because they
want to use GNU extensions. Others are fixed to either escape appropriately
(e.g. $$ rather than \$ in Makefiles!) or just remove redundant escapes
(e.g. backtick in single quotes doesn't need escaped).
PR: 229925
MFH: no (invasive risk)
This doesn't enable ISA-L for KTLS RX, just fixes the module to compile
after the change to the "try" function's API.
Reviewed by: gallatin (maintainer)
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D25698
