net/cloud-init-devel: Deprecate and set expiration date to 2026-03-31
Currently unmaintained and years behind net/cloud-init
Reference: https://reviews.freebsd.org/D48959
graphics/openexr*: Security update to v3.4.5 and i386 fix
"Patch release that fixes an incorrect size check in
istream_nonparallel_read that could lead to a buffer overflow on invalid
input data."
Also fix i386 self-tests by adding -msse2: i386 builds require SSE2, but
the upstream cmake stuff does not enable this, so use CFLAGS_i386.
To prevent people seeing SIGILL crashes down late at run-time,
check if the CPU is sse2-capable by querying the clang compiler from
the pre-install script (pkg-plist's @preexec). Suggested by diizzy@.
Other than that we could use the cpuid or the lscpu port instead, but
let's for now assume everything that wants to run OpenEXR also has a
working cc that is clang and has -march=native and gives us CPU details).
(GCC also gives us this but will use a different output format.)
While here, make failed tests verbose through ctest's environment so we
can see what's up from the build log already. (We need to go through
[6 lines not shown]
databases/sqlcipher: Fix consumers
Rename installed files from *sqlite3* back to *sqlcipher*.
Unbreak consumers:
- finance/kmymoney
- finance/skrooge
- net-im/gurk-rs
- net-im/qTox
- net-p2p/retroshare
- databases/py-sqlcipher3
While here improve port:
- Use USES=localbase instead of CFLAGS+=-I${LOCALBASE}/include and
LDFLAGS+=-L${LOCALBASE}/lib.
- Split long lines.
- Fix warnings from portclippy.
- Sort CONFIGURE_ARGS and CPPFLAGS.
PR: 292688
[2 lines not shown]
emulators/virtualbox-ose{,-70,-71,-72,-legacy}: Improve port (non-functional)
- Replace ${PREFIX}/share/applications with ${DESKTOPDIR}.
- Replace "*" with . in COPYTREE_SHARE.
emulators/virtualbox-ose*: Add support of "Unattended Installation of Guest OS" feature
Install files required by Unattended Installation of Guest OS feature.
These files were already prepared during the ports' build, so just add
them to the installation.
Details about this feature are here:
https://www.virtualbox.org/manual/topics/create-vm.html#tk_create-vm-unattended-install
Reported by: xin3qu via IRC (#freebsd-vbox @ Libera.Chat)
net/asterisk22: Update 20.18.1 => 20.18.2
Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
ast_debug_tools.conf from /etc/asterisk; potentially leading to
privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
page echos user supplied values(cookie and query string) without
sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
file to world writeable folder; leading to potential privilege
escalation.
Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-20.18.2.html
PR: 293361
[6 lines not shown]
net/asterisk22: Update 22.8.1 => 22.8.2
Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
ast_debug_tools.conf from /etc/asterisk; potentially leading to
privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
page echos user supplied values(cookie and query string) without
sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
file to world writeable folder; leading to potential privilege
escalation.
Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-22.8.2.html
PR: 293361
[6 lines not shown]
kern_syscall_deregister: document syscall 0 no-op logic
Document syscall #0 being handled specially in
`kern_syscall_deregister(..)`: it's a reserved syscall and not
dynamically registered, and hence does not need to be deregistered in
the function.
Co-authored-by: ngie@
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54326
(cherry picked from commit f384784289dba13b90138a89d3df3a8ea063aff9)
ttys: Correct comment about required statuses
The status field also accepts onifconsole and onifexists,
so it looks crusty saying that it only accepts on and off.
Reviewed by: imp
Closes: https://github.com/freebsd/freebsd-src/pull/2042
ttys: Align comment whitespace and wrapping
This doesn't lengthen or shorten any configuration,
only comments, so merging the configuration will be safe.
Reviewed by: imp
Closes: https://github.com/freebsd/freebsd-src/pull/2042
sysutils/podman: Allow setting ownership on auto-created socket
The podman daemon auto-creates a socket on startup, along with parent
directory, and is always run as root. It is often useful to have another
proxy like haproxy or nginx provide more sophisticed security, and these
daemons do not need root privileges.
Differential Revision: https://reviews.freebsd.org/D55339
Reviewed by: arrowd
Approved by: dfr
