What's new:
* A reminder that Botan2 reaches end of life at the end of 2024
* CVE-2024-34702: Fix a DoS caused by excessive name constraints. (GH #4187)
* CVE-2024-39312: Fix a name constraint processing error, where if permitted and excluded rules both applied to a certificate, only the permitted rules would be checked. (GH #4187)
* Fix a crash in OCB (GH #3812#3924)
* During certificate verification, first verify the entire chain of certificates, then perform other validation. (GH #4052#4045)
* Fix a test failure in compression with certain versions of zlib (GH #4135#3896)
* Fix some iterator debugging errors in TLS CBC decryption. (GH #4125#4130)
* Avoid a miscompilation in ARIA when using XCode 14 (GH #3465#3492#4053)
Full chamgelog: https://botan.randombit.net/news.html#version-2-19-5-2024-07-08
The logic in USES=python will automatically convert this to 3.8+ by
itself.
Adjust two ports that only had Python 3.7 mentioned but build fine
on Python 3.8 too.
finance/quickfix: mark BROKEN with PYTHON
libtool: compile: c++ -DHAVE_CONFIG_H -I. -I../.. -I -I. -I.. -I../.. -I../C++ -DLIBICONV_PLUG -DPYTHON_MAJOR_VERSION=3 -Wno-unused-variable -Wno-maybe-uninitialized -O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -fno-strict-aliasing -DLIBICONV_PLUG -Wall -ansi -Wno-unused-command-line-argument -Wpointer-arith -Wwrite-strings -Wno-overloaded-virtual -Wno-deprecated-declarations -Wno-deprecated -std=c++0x -MT _quickfix_la-QuickfixPython.lo -MD -MP -MF .deps/_quickfix_la-QuickfixPython.Tpo -c QuickfixPython.cpp -fPIC -DPIC -o .libs/_quickfix_la-QuickfixPython.o
warning: unknown warning option '-Wno-maybe-uninitialized'; did you mean '-Wno-uninitialized'? [-Wunknown-warning-option]
QuickfixPython.cpp:175:11: fatal error: 'Python.h' file not found
^~~~~~~~~~
1 warning and 1 error generated.
Reviewed by: portmgr, vishwin, yuri
Differential Revision: <https://reviews.freebsd.org/D40568>
A malicious OCSP responder could forge OCSP responses due to a failure
to validate that an embedded certificate was issued by the end-entity
issuing certificate authority.
Security: CVE-2022-43705
MFH: 2022Q4
Commit b7f05445c0 has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.
This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.
Approved by: portmgr (tcberner)
It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.
Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.
There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
This commit implements such a proposal and moves one of the WWW: entries
of each pkg-descr file into the respective port's Makefile. A heuristic
attempts to identify the most relevant URL in case there is more than
one WWW: entry in some pkg-descr file. URLs that are not moved into the
Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr
files in order to preserve them.
There are 1256 ports that had no WWW: entries in pkg-descr files. These
ports will not be touched in this commit.
The portlint port has been adjusted to expect a WWW entry in each port
Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as
deprecated.
Approved by: portmgr (tcberner)
aes_power8.cpp needs VSX too apart from crypto:
src/lib/block/aes/aes_power8/aes_power8.cpp:43:49: error: use of undeclared identifier 'vec_vsx_ld'
return (Altivec64x2)reverse_vec((Altivec8x16)vec_vsx_ld(0, key));;
^
src/lib/block/aes/aes_power8/aes_power8.cpp:48:36: error: use of undeclared identifier 'vec_vsx_ld'
return (Altivec64x2)reverse_vec(vec_vsx_ld(0, src));
Since 2.14.0 release, ABI version number != shlib minor version number
PR: 245477
Submitted by: fluffy
Approved by: maintainer
Relnotes: https://botan.randombit.net/news.html
* Fix a bug introduced in 2.12.0 where TLS::Channel::is_active and TLS::Channel::is_closed
could simultaneously return true. (GH #2174#2171)
* Use std::shared_ptr instead of boost::shared_ptr in some examples. (GH #2155)
* Add Roughtime client (GH #2143#1842)
* Add support for XMSS X.509 certificates (GH #2172)
* Add support for X.509 CRLs in FFI layer and Python wrapper (GH #2213)
https://botan.randombit.net/news.html
PR: 243239
Submitted by: maintainer
Approved by: maintainer
MFH: 2020Q1
This port detects architecture based on uname -m and on powerpc64 it prints powerpc, which makes configure script thinks it builds on 32-bit powerpc and causes error because the compiler is configured for 64-bits.
Explicitly configure as ppc64 on powerpc64.
PR: 241375
Approved by: tremere@cainites.net (maintainer), linimon (mentor)
as defined in Mk/bsd.default-versions.mk which has moved from GCC 8.3
to GCC 9.1 under most circumstances now after revision 507371.
This includes ports
- with USE_GCC=yes or USE_GCC=any,
- with USES=fortran,
- using Mk/bsd.octave.mk which in turn features USES=fortran, and
- with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, everything INDEX-11 shows with a dependency on lang/gcc9 now.
PR: 238330
