graphics/openexr*: Security update to v3.4.5 and i386 fix
"Patch release that fixes an incorrect size check in
istream_nonparallel_read that could lead to a buffer overflow on invalid
input data."
Also fix i386 self-tests by adding -msse2: i386 builds require SSE2, but
the upstream cmake stuff does not enable this, so use CFLAGS_i386.
To prevent people seeing SIGILL crashes down late at run-time,
check if the CPU is sse2-capable by querying the clang compiler from
the pre-install script (pkg-plist's @preexec). Suggested by diizzy@.
Other than that we could use the cpuid or the lscpu port instead, but
let's for now assume everything that wants to run OpenEXR also has a
working cc that is clang and has -march=native and gives us CPU details).
(GCC also gives us this but will use a different output format.)
While here, make failed tests verbose through ctest's environment so we
can see what's up from the build log already. (We need to go through
[6 lines not shown]
net/cloud-init-devel: Deprecate and set expiration date to 2026-03-31
Currently unmaintained and years behind net/cloud-init
Reference: https://reviews.freebsd.org/D48959
databases/sqlcipher: Fix consumers
Rename installed files from *sqlite3* back to *sqlcipher*.
Unbreak consumers:
- finance/kmymoney
- finance/skrooge
- net-im/gurk-rs
- net-im/qTox
- net-p2p/retroshare
- databases/py-sqlcipher3
While here improve port:
- Use USES=localbase instead of CFLAGS+=-I${LOCALBASE}/include and
LDFLAGS+=-L${LOCALBASE}/lib.
- Split long lines.
- Fix warnings from portclippy.
- Sort CONFIGURE_ARGS and CPPFLAGS.
PR: 292688
[2 lines not shown]
emulators/virtualbox-ose{,-70,-71,-72,-legacy}: Improve port (non-functional)
- Replace ${PREFIX}/share/applications with ${DESKTOPDIR}.
- Replace "*" with . in COPYTREE_SHARE.
emulators/virtualbox-ose*: Add support of "Unattended Installation of Guest OS" feature
Install files required by Unattended Installation of Guest OS feature.
These files were already prepared during the ports' build, so just add
them to the installation.
Details about this feature are here:
https://www.virtualbox.org/manual/topics/create-vm.html#tk_create-vm-unattended-install
Reported by: xin3qu via IRC (#freebsd-vbox @ Libera.Chat)
net/asterisk22: Update 20.18.1 => 20.18.2
Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
ast_debug_tools.conf from /etc/asterisk; potentially leading to
privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
page echos user supplied values(cookie and query string) without
sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
file to world writeable folder; leading to potential privilege
escalation.
Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-20.18.2.html
PR: 293361
[8 lines not shown]
net/asterisk22: Update 22.8.1 => 22.8.2
Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
ast_debug_tools.conf from /etc/asterisk; potentially leading to
privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
page echos user supplied values(cookie and query string) without
sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
file to world writeable folder; leading to potential privilege
escalation.
Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-22.8.2.html
PR: 293361
[8 lines not shown]
net/asterisk22: Update 20.18.1 => 20.18.2
Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
ast_debug_tools.conf from /etc/asterisk; potentially leading to
privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
page echos user supplied values(cookie and query string) without
sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
file to world writeable folder; leading to potential privilege
escalation.
Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-20.18.2.html
PR: 293361
[6 lines not shown]
net/asterisk22: Update 22.8.1 => 22.8.2
Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
ast_debug_tools.conf from /etc/asterisk; potentially leading to
privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
page echos user supplied values(cookie and query string) without
sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
file to world writeable folder; leading to potential privilege
escalation.
Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-22.8.2.html
PR: 293361
[6 lines not shown]
multimedia/tsduck: disable tsduck on 13
Mark tsduk broken on FreeBSD 13, OpenSSL 3.0 is required.
Also remove unnecessary dependencies and bump PORTREVSION
PR: 292353
PR: 292718
Reported-by: Thierry Lelegard <thierry at lelegard.fr> (maintainer)
(cherry picked from commit bf75792f904db2621d101aa4eab92184860d3325)
kern_syscall_deregister: document syscall 0 no-op logic
Document syscall #0 being handled specially in
`kern_syscall_deregister(..)`: it's a reserved syscall and not
dynamically registered, and hence does not need to be deregistered in
the function.
Co-authored-by: ngie@
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54326
(cherry picked from commit f384784289dba13b90138a89d3df3a8ea063aff9)
kern_syscall_deregister: document syscall 0 no-op logic
Document syscall #0 being handled specially in
`kern_syscall_deregister(..)`: it's a reserved syscall and not
dynamically registered, and hence does not need to be deregistered in
the function.
Co-authored-by: ngie@
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54326
(cherry picked from commit f384784289dba13b90138a89d3df3a8ea063aff9)
