This includes a security fix for CVE-2016-9941 and CVE-2016-9942
* Drop files/patch-libvncclient_h264.c -- upstream has dropped h264 support
* Switch from USE_OPENSSL to USES+=ssl
* PORTREVISION bump in ports that link against libvncserver.so (with
their default OPTIONS settings) due to change in ABI version of
libvncserver.so
PR: 215802
Submitted by: vlad-fbsd@acheronmedia.com
MFH: 2017Q1
Security: 64be967a-d379-11e6-a071-001e67f15f5a
- Bump PORTREVISION post r417620 since new option was added
Reviewed by: mat (mentor)
Approved by: adamw (mentor)
Differential Revision: https://reviews.freebsd.org/D6975
- Add new option to select whether to compile with VAAPI support,
so that if multimedia/libva is already installed on the system
during the build process, it is not linked to unless desired.
- Add patch to allow h.264 support to build using libva deprecated API
PR: 210533
Submitted by: cpm
Reported by: Walter Schwarzenfeld <w.schwarzenfeld@utanet.at>
Approved by: adamw (mentor)
Differential Revision: https://reviews.freebsd.org/D6974
- Change from SF to GITHUB, as old WWW redirects there
- Add USES=autoreconf pkgconfig as distfile no longer contains configure
- Remove CONFIGURE_ARGS=--without-x as it is ignored (no longer supported)
- Convert OPENSSL and GNUTLS to OPTIONS_SINGLE, as build fails with neither
- Add GNUTLS_IMPLIES=GCRYPT as build fails with GNUTLS but not GCRYPT
- Add LIB_DEPENDS=libgpg-error.so as reported by new stage-qa script
- Tidy up patches for new release, ensure pathfix applies to Makefile.am
Reported by: dutchman01@quicknet.nl
Reviewed by: adamw (mentor)
Approved by: mat (mentor)
Relnotes: https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.10
Differential Revision: https://reviews.freebsd.org/D6946
- Rename the LIBDANE option DANE because that's the name of the protocol
supported by libgnutls-dane and gnutls-cli. Also clarify the option
description.
- Add an IDN option.
- libgnutls-openssl has been removed in 3.4. Some ports used this library
in their LIB_DEPENDS but no port actually required it.
- Some old API functions have been removed. Ports that used these have been
updated or patched to use the new API.
- Add a patch to print/cups to prevent overlinking of libgnutls.so.
- Bump PORTREVISION on dependent ports.
net-im/jabber: This port used the old API to give users fine grained
control over which crypto algorithms were used via a configuration file.
It's not immediately obvious how to port this to the new API so the port
always uses the defaults now.
www/hydra: Mark BROKEN. This uses more removed calls than the other ports,
is said to be alpha quality and not fully functional and has been abandoned
10 years ago.
PR: 207768
Exp-run by: antoine
Approved by: portmgr (antoine)
Changes:
- src/sexp.c (do_vsexp_sscan): Return error for invalid args.
- cipher/md.c (_gcry_md_info): Fix a segv in case of calling
with wrong parameters.
- cipher/primegen.c (_gcry_generate_elg_prime): Change to return an
error code, possible NULL deref in call to prime generator.
- cipher/dsa.c (generate): Take care of new return code.
- cipher/elgamal.c (generate): Change to return an error code. Take
care of _gcry_generate_elg_prime return code.
- ecc: Support the non-standard 0x40 compression flag for EdDSA.
- mpi: Extend the internal mpi_get_buffer.
- mpi: Fix regression for powerpc-apple-darwin detection.
- Fix bug inhibiting the use of the sentinel attribute in src/gcrypt.h.in
- Fix building for the x32 target without asm modules in
mpi/generic/mpi-asm-defs.h: Use a fixed value for the x32 ABI.
- Fix ARM assembly when building __PIC__
- mpi: Fix a subtle bug setting spurious bits with in mpi_set_bit.
* mpi/mpi-bit.c (_gcry_mpi_set_bit, _gcry_mpi_set_highbit): Clear
allocated but not used bits before resizing.
* tests/t-mpi-bits.c (set_bit_with_resize): New.
- Use internal malloc function in fips.c.
* src/fips.c (check_binary_integrity): s/gcry_malloc/xtrymalloc/.
- pubkey: Re-map all deprecated RSA algo numbers.
- cipher: Fix possible NULL dereference in cipher/md.c for being NULL.
- Fix ARMv6 detection when CFLAGS modify target CPU architecture.
PR: 193264
Approved by: cpm@fbsd.es (maintainer)
in r363436 and remove the UPDATING entry because it did not guarantee
that all ports were updated nor that they were updated in the right order.
Also remove libgcrypt.la again.
PR: 192342
Approved by: portmgr (implicit, bump unstaged ports)
- Bump PORTREVISION on all ports that depend on security/gnutls and
adjust all ports that depend on security/gnutls3
- Update mail/anubis to version 4.2 which supports gnutls 3.x
- Update mail/libvmime to a development snapshot (recommended by upstream
developers)
PR: 191274
Exp-run by: antoine
Approved by: portmgr (antoine)
If a port used other USE_GNOME items it was untouched.
The ports that used other USES were fixed by hand.
PR: ports/177081
Reviewed by: bapt
Approved by: portmgr (miwi)
