11:10 Felix Palmen (zirias) 

Mk/Uses/magick.mk: Bump all consumers

Bump all consumers of ImageMagick ports after flavorizing them.

Approved by:	tcberner (mentor, implicit)

    a6bb2f8

17:54 Muhammad Moinur Rahman (bofh) 

Mk/Uses/apache.mk: Refactor after removal of older versions

apache22 and apache25 had been removed a long time ago however the
apache.mk file has never been refactored and is out of sync from the
file Mk/bsd.default-versions.mk. These changes refactors the removals of
the older versions. In addition:

- Move some keywords like USE_APACHE, USE_APACHE_BUILD, USE_APACHE_RUN
  from SANITY_DEPRECATED to SANITY_UNSUPPORTED
- Remove apache versions from ports Makefiles as currently there is only
  one available version in the tree. However the version checks are
  still valid and should work flawlessly whenever a new version is
  added. For example USES=apache:2.2+ are simply replaced with
  USES=apache. As currently there are no other versions available for
  test this could not be checked on it's own ground.
- Update FOO_USE=APACHE=yes to FOO_USES=apache
- Remove trailing whitespaces

Approved by:    portmgr
Differential Revision: https://reviews.freebsd.org/D38113

    40843b1

21:10 Stefan Eßer (se) 

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

This commit implements such a proposal and moves one of the WWW: entries
of each pkg-descr file into the respective port's Makefile. A heuristic
attempts to identify the most relevant URL in case there is more than
one WWW: entry in some pkg-descr file. URLs that are not moved into the
Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr
files in order to preserve them.

There are 1256 ports that had no WWW: entries in pkg-descr files. These
ports will not be touched in this commit.

The portlint port has been adjusted to expect a WWW entry in each port
Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as
deprecated.

Approved by:		portmgr (tcberner)

    b7f0544

13:50 Tobias C. Berner (tcberner) 

framework: Add new USES 'magick' for graphics/ImageMagick*

A new USES has been added to depend on ImageMagick.

	USES=magick

adds a LIB_DEPENDS on graphics/ImageMagick${IMAGEMAGICK_DEFAULT}.

If a specific version is required, use for example

	USES=magick:6        resp.     USES=magick:7

If only a build, run or test is required, use for example

	USES=magick:build    resp.     USES=magick:6,build,test

If a dependency on the nox11 flavor is required, use for example

	USES=magick:nox11    resp.     USES=magick:7,nox11,run,test

See magick.mk for more details on the available flags.

The tree has been completely converted to make use of this.

Approved by:	bapt
Differential Revision: https://reviews.freebsd.org/D32754

    45526ec

08:09 Mathieu Arnold (mat) 

One more small cleanup, forgotten yesterday.
Reported by:	lwhsu

    cf118cc

14:31 Mathieu Arnold (mat) 

Remove # $FreeBSD$ from Makefiles.

    305f148

11:55 sunpoet 

Move devel/p5-IO-stringy to devel/p5-IO-Stringy and update to 2.113

- Fix LICENSE_FILE
- Update pkg-descr
- Update WWW
- Bump PORTREVISION of dependent ports for dependency change

Changes:	https://metacpan.org/changes/distribution/IO-Stringy

 

10:12 tobik 

Move remaining USE_MYSQL, WANT_MYSQL_VER to USES=mysql

 

19:57 kwm 

Update ImageMagick to 6.9.10.14 [1]

* Add PKGNAMESUFFIX and rename the directory. This was done to show
  that IM6 is not the "main" version. But still fully supported by upstream.
* Convert a number of options to optionhelpers.
* Add option for ISO/IEC 23008-12:2017 HEIF suport
* Add comment to pkg-descr explaining IM6's "legacy" tag.
* Add comment to the patch-config_policy.xml file why it still needed.

Please note that IM7 is not a drop in replacement due to library API and
command arguments changes. And as a result ports need to decide for themself
which version to use.

Chase these changes in all the ports that using IM6.

PR:		225102 (based on, only the version update) [1]
Submitted by:	Pascal Christen <pascal.christen@hostpoint.ch>

 

14:46 rene 

devel/bugzilla[44,50]: remove optional and expired SSL dependency

 

09:47 ohauer 

- update to 4.4.13

MFH:		2018Q1
Security:	CVE-2018-5123
Security:	vid: 22283b8c-13c5-11e8-a861-20cf30e32f6d

 

00:22 dbaio 

devel/bugzilla[44|50]: Update license

Approved by:	portmgr (blanket)

 

18:35 ohauer 

- update to 4.4.12

Security:	CVE-2016-2803
Security:	036d6c38-1c5b-11e6-b9e0-20cf30e32f6d

 

16:13 mat 

Remove USE_SQLITE from bsd.databases.mk, replaced by USES=sqlite.

While there replace USE_SQLITE=x by USES=sqlite:x.

PR:		208971
Submitted by:	mat
Exp-run by:	antoine
With hat:	portmgr
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D5951

 

06:58 sunpoet 

- Remove unnecessary PERL_LEVEL check
- Add NO_ARCH
- Convert to new options helper
- Use bsd.port.mk instead of bsd.port.pre.mk + bsd.port.post.mk

With hat:	perl
Approved by:	portmgr (blanket)

 

14:00 mat 

Remove ${PORTSDIR}/ from dependencies, categories d, e, f, and g.

With hat:	portmgr
Sponsored by:	Absolight

 

11:25 ohauer 

- update to 4.4.11

This release fixes two security issues.
See the Security Advisory for details. [1]

This release also contains the following bug fix:

 o mod_perl now works correctly with mod_access_compat turned off
   on Apache 2.4. The (incorrect) fix implemented in Bugzilla 4.4.9
   has been backed out. To regenerate the .htaccess files, you must
   first delete all existing ones in subdirectories:

    find . -mindepth 2 -name .htaccess -exec rm -f {} \;

   You must then run checksetup.pl again to recreate them with the
   correct syntax. (Bug 1223790)

[1] https://www.bugzilla.org/security/4.2.15/

MFH:		2015Q4
Security:	CVE-2015-8508
		CVE-2015-8509
		vid="54075861-a95a-11e5-8b40-20cf30e32f6d"

 

04:10 ohauer 

- update bugzilla ports to 5.0.1 / 4.4.10

o Users whose login name is not an email address could not log in on
  installations which use LDAP to authenticate users.
o If a mandatory custom field was hidden, it was not possible to create a
  new bug or to edit existing ones.
o A user editing his login name to point to a non-existent email address
  could cause Bugzilla to stop working, causing a denial of service.
o Emails generated during a transaction made PostgreSQL stop working.
o Bugs containing a comment with a reference to a bug ID larger than 2^31
  could not be displayed anymore using PostgreSQL.
o Emails sent by Bugzilla are now correctly encoded as UTF-8.
o The date picker in the "Time Summary" page was broken.
o If Test::Taint or any other Perl module required to use the JSON-RPC API
  was not installed or was too old, the UI to tag comments was displayed
  anyway, you could tag comments, but tags were not persistent (they were
  lost on page reload). Now the UI to tag comments is not displayed at all
  until the missing Perl modules are installed and up-to-date.
o Custom fields of type INTEGER now accept negative integers.

MFH:		2015Q3
Security:	CVE-2015-4499
Security:	ea893f06-5a92-11e5-98c0-20cf30e32f6d

 

07:38 ohauer 

- sort USES (noted by portlint)
- remove redundant -f from $RM
- adjust comment about interface deprecation

 

14:24 jbeich 

bsd.sites.mk: cleanup MOZILLA mirrors

- Switch to CDN by default as mirrors are no longer kept up to date
- Drop obsolete pointer to http://www.mozilla.org/mirrors.html
- Drop redundant BUGZILLA and MOZILLA_EXTEND
- Shorten MASTER_SITES in gecko@ ports
- Move MOZILLA_ADDONS to bsd.sites.mk
- Move one of MOZILLA mirrors with old addons under MOZILLA_ADDONS
- Addons CDN redirects to https://, so don't mislead with http://

https://blog.mozilla.org/it/2012/08/03/dear-mozilla-mirrors-thank-you/

Differential Revision:	https://reviews.freebsd.org/D2550
Tested by:	distilator
Reviewed by:	mat (partial)
Approved by:	bz-ports (ohauer), portmgr blanket (office@ et al.)
Approved by:	portmgr (bapt, earlier version)
MFH:		2015Q2

 

17:40 ohauer 

- catch all sendmail paths
- be more specific in replacing /mysql/Pg/
- bump PORTREVISION

 

16:07 ohauer 

- update to 4.4.9

 

10:15 mat 

MASTER_SITES cleanup.

- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
  of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
  no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.

While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.

Also, replace some EXTRACT_SUFX occurences with USES=tar:*.

Checked by:	make fetch-urlall-list
With hat:	portmgr
Sponsored by:	Absolight

 

16:12 adamw 

Convert remaining p5-CGI.pm consumers to p5-CGI, and bump PORTREVISION.

All these changes are tested but the following are worth noting:

The following ports fail "make test", but did so before this change, and
fail in the same places:
- textproc/p5-xmltv
- www/p5-Business-Paypal
- www/p5-CGI-Enurl

www/p5-Apache-Gallery is missing all sorts of dependencies, fails all tests,
and should probably be marked BROKEN

For graphics/imc, move the OPTIONS_DEFINE block out of the LICENSE block area.

As long as we're here, sort plist on perl@-owned ports.

 

21:33 ohauer 

- update to 4.4.8

Release Notes:
https://www.bugzilla.org/releases/4.4.8/release-notes.html

This releases contains the following bug fix:
 - Fixing a regression caused by bug 10902750 [1], JSON-RPC API calls could
   crash in certain cases instead of displaying the proper error message.
   (Bug 1124716) [2]

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1090275
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124716

MFH:		2015Q1

 

20:28 ohauer 

- update to 4.4.7
- adjust dependency

MFH:		2015Q1
Security:	dc2d76df-a595-11e4-9363-20cf30e32f6d
		CVE-2014-8630

 

10:29 ohauer 

- Since SOAP::Lite 1.0, XMLRPC::Lite is no longer included
  and so it must be installed separately.
- Update min. dependency for some other modules [1]
- bump PORTREVISION

[1] Update min. dependency (ripped from upstream Requirements.pm)

- p5-DateTime-TimeZone>=1.64:
  fixes a taint issue preventing the local timezone from being determined on
some systems.

- p5-DateTime>=0.75
  fixes a warning thrown with Perl 5.17 and newer

- p5-List-MoreUtils>=0.32
  fixes several memory leaks in the XS version of some functions

- p5-URI>=1.55
  Follows RFC 3986 to escape characters in URI::Escape

- p5-Chart>=2.4.1:
  Versions below 2.4.1 cannot be compared accurately, see
  https://rt.cpan.org/Public/Bug/Display.html?id=28218

- p5-TheSchwartz>=1.10:
  1.10 supports declining of jobs

- p5-File-Slurp>=9999.13:
  Required for jobqueue (mandantory in next release)

- p5-Test-Taint>=1.06
  1.06 no longer throws warnings with Perl 5.10+

- p5-DBD-Pg>=3.4.2
  Bugfix release (single-quoted type)

PR:		196168
Submitted by:	gavin

 

18:35 ohauer 

- explicitly depend on textproc/p5-Text-Tabv (if ${PERL_LEVEL} >= 501800)
- bump PORTREVISION

This patch was also suggested by upstream:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1067285

PR:		196060
PR:		196100
Submitted by:	mva@

 

23:19 ohauer 

- list empty dirs (make qa-script happy)
- if PERL_LEVEL >= 501800, then also depend on devel/p5-Module-Pluggable
   Module::Pluggable from perl5.18 complains about deprection and this way
   cron job notice is no longer readable
- bump PORTREVISION

 

04:38 ohauer 

- add CPE information

[1] additional MFH revisions: r370209, 370211

MFH:		2014Q4 [1]

 

19:16 ohauer 

- update to bugzilla 4.4.6

Summary
=======
The following security issues have been discovered in Bugzilla:

* The 'realname' parameter is not correctly filtered on user account
  creation, which could lead to user data override.
* Several places were found in the Bugzilla code where cross-site
  scripting attacks could be used to access sensitive information.
* Private comments can be shown to flagmail recipients who aren't in
  the insider group
* Specially formatted values in a CSV search results export could be
  used in spreadsheet software to attack a user's computer.

Security:	CVE-2014-1572
		CVE-2014-1571
		CVE-2014-1571

 

10:29 ohauer 

- remove FreeBSD-specific bits
- bump PORTREVISION

PR:		194123
Submitted by:	mva
Reviewed by:	eadler

 

23:09 flo 

Change MAINTAINER to bz-ports@ as discussed with bugzilla@ (now bz-ports@)
and bugmeister@. bugzilla@ will be used by bugmeister@ from now on.

Submitted by:	bugzilla (ohauer)
Approved by:	bugzilla (ohauer)
Hat:		postmaster

 

14:15 ohauer 

- update to bugzilla44-4.4.5

Vulnerability Details
=====================

Class:       Cross Site Request Forgery
Versions:    3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, 4.5.1 to 4.5.4
Fixed In:    4.0.14, 4.2.10, 4.4.5, 4.5.5
Description: Adobe does not properly restrict the SWF file format,
             which allows remote attackers to conduct cross-site
             request forgery (CSRF) attacks against Bugzilla's JSONP
             endpoint, possibly obtaining sensitive bug information,
             via a crafted OBJECT element with SWF content satisfying
             the character-set requirements of a callback API.

http://www.bugzilla.org/security/4.0.13/

MFH:		2014Q3
Security:	9defb2d6-1404-11e4-8cae-20cf30e32f6d
		CVE-2014-1546

 

17:21 miwi 

- Chase database/sqlite3 slib bump

Approved by:	portmgr (myself)

 

06:24 eadler 

devel/bugzilla44: add FreeBSD specific patch.

Abuse our position as the owner of the ports tree to commit a project specific
option and patch to the bugzilla port.

Approved by:	ohauer (maintainer)

 

17:26 ohauer 

- update bugzilla to 4.4.4, 4.2.9, 4.0.13
- minor Makefile cleanup

This release fixes one regression introduced in Bugzilla by
security bug 968576: URLs in bug comments are displayed
correctly again. (Bug 998323)

Release Notes & Changes
=======================
Before installing or upgrading, you should read the Release Notes for
the new version of Bugzilla:

  4.4.4:  http://www.bugzilla.org/releases/4.4.4/release-notes.html
  4.2.9:  http://www.bugzilla.org/releases/4.2.9/release-notes.html
  4.0.13: http://www.bugzilla.org/releases/4.0.13/release-notes.html

MFH:		2014Q2

 

18:52 ohauer 

- distfiles where regenerated (wrong dependency list in the documentation)
- because there will no upstream fixes for CVE-2014-1517 mark bugzilla40 /
  bugzilla42 forbidden and set expiration date to 2014-06-21
- fix the GRAPHVIZ OPTION
- bump PORTREVISION

MFH:		2014Q2

 

15:03 ohauer 

- update to 4.0.12, 4.2.8, 4.4.3
- move BINMODE to Makefile.common so it is also used in the language packs

Security:	CVE-2014-1517
Security:	608ed765-c700-11e3-848c-20cf30e32f6d
Security:	60bfa396-c702-11e3-848c-20cf30e32f6d

 

05:31 ohauer 

- add new MASTER_SITE_BUGZILLA
- remove one dead MASTER_SITE_MOZILLA server

Approved by:	portmgr@ (tabthorpe)

 

19:35 ohauer 

- update to latest release [1]
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry

4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
  can lead to a bug being edited without the user consent.

* A CSRF vulnerability in attachment.cgi can lead to an attachment
  being edited without the user consent.

* Several unfiltered parameters when editing flagtypes can lead to XSS.

* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
  field values in tabular reports can lead to XSS.

All affected installations are encouraged to upgrade as soon as
possible.

[1]  even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is
recommend

Security:	vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
		CVE-2013-1733
		CVE-2013-1734
		CVE-2013-1742
		CVE-2013-1743

 

19:00 ohauer 

- add STAGE support to bugzilla ports
- remove bugzilla3 CONFLICTS

 

17:03 bapt 

Add NO_STAGE all over the place in preparation for the staging support (cat:
devel part 1)

 

06:54 az 

- Convert to new Uses/perl5.mk framework
- Resolve issues with implicit lang/perl in extract and patch dependencies
- Trim Makefile header

Reviewed by:	bapt@ (exp-run)
Approved by:	bapt@ (portmrg@)

 

22:21 ohauer 

New ports for bugzilla44
- devel/bugzilla44
- japanese/bugzilla44
- german/bugzilla44

Release Notes:
http://www.bugzilla.org/releases/4.4/release-notes.html