Number of commits found XX: 55

security: Add missing USES={gnome,php}

Chase ffmpeg 3.3 update (ABI changes)

PR:		218658
Submitted by:	riggs

- Remove always-true/false conditions after FreeBSD 9, 10.1, 10.2 EOL

Approved by:	portmgr blanket

Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight

security/pidgin-otr: Update to 4.0.2

Changes:

- Fix use-after-free issue during SMP
- Updated Spanish, German, Norwegian Bokmal translations
- New Danish translation
- The Windows binary has been linked with updated versions of libotr,
    libgcrypt, libgpg-error, and other supporting libraries

MFH:		2016Q1
Security:	CVE-2015-8833
Security:	http://www.vuxml.org/freebsd/77e0b631-e6cf-11e5-85be-14dae9d210b8.html

- Clarify LICENSE
- Add LICENSE_FILE
- Fix build with disabled NLS

- Update to 4.0.1
- Add NLS OPTION

Part 2 of adding USE_GNOME=intltool to ports that require it.

The reason for this is that in the GNOME 3.16 update, USE_GNOME gtk20 and
gtk30 don't pull intltool in anymore.

PR:		201980
Exp-run by:	antoine@

- Strip library

By request, reset maintainership of multiple ports

PR:		199903
Submitted by:	"Chris Petrik" <chris@bsdjunk.com>

- Add CPE info

Approved by:	portmgr blanket

security/libgcrypt: 1.6.1 -> 1.6.2, bump depends

Changes:
- src/sexp.c (do_vsexp_sscan): Return error for invalid args.
- cipher/md.c (_gcry_md_info): Fix a segv in case of calling
  with wrong parameters.
- cipher/primegen.c (_gcry_generate_elg_prime): Change to return an
  error code, possible NULL deref in call to prime generator.
- cipher/dsa.c (generate): Take care of new return code.
- cipher/elgamal.c (generate): Change to return an error code.  Take
	care of _gcry_generate_elg_prime return code.
- ecc: Support the non-standard 0x40 compression flag for EdDSA.
- mpi: Extend the internal mpi_get_buffer.
- mpi: Fix regression for powerpc-apple-darwin detection.
- Fix bug inhibiting the use of the sentinel attribute in src/gcrypt.h.in

(Only the first 15 lines of the commit message are shown above )

- over to chris@bsdjunk.com

- Update to 4.1.0
- Use striping
- Please portlint
- Bump PORTREVISION

security/libgcrypt: 1.5.3_3 -> 1.6.1

- Update to 1.6.1
- Remove some unneeded patches
- Fix pkg-plist
- report configure bug upstream
  https://bugs.g10code.com/gnupg/issue1668
- report API breakage downstream and find that MacPorts had the same issue
  https://rt.cpan.org/Ticket/Display.html?id=97201
- bump PORTREVISION for dependent ports (approx. 100 ports)
- Thanks to exp-run by antoine@ to find ports that break
- patch ports that would otherwise break
  security/shishi with PR 192164 is already committed
  [1] devel/ccrtp
  [2] editors/abiword
  [3] security/p5-Crypt-GCrypt

PR:		191256, 192162 [1], 192163 [2], 192166 [3]
Submitted by:	Carlos Jacobo Puga Medina <cjpugmed@gmail.com>
Approved by:	maintainer timeout, antoine (exp-run), portmgr (implicit)

Convert net-im/libpurple (and slave ports net-im/finch and net-im/pidgin)
to "USES=libtool tar:bzip2".  Bump PORTREVISION on all dependent ports
and modernise them as well (USES, LIB_DEPENDS, staging).

audio/pidgin-musictracker:
- Replace LIBS with LDFLAGS.
- Disable static plugin.

net/online-desktop: Remove obsolete patches.

net-im/mbpurple:
- Drop pkgconf dependency.
- Replace post-patch with MAKE_ARGS.
- Use standard do-build.

(Only the first 15 lines of the commit message are shown above )

- explicitly depend on libotr.so.5
- while here define license

PR:		186944
Submitted by:	amdmi3

- support staging

Add NO_STAGE all over the place in preparation for the staging support (cat:
security)

- adopt USES for pkgconfig
- adopt new lib_depends format

- Remove MAKE_JOBS_SAFE variable

Approved by:	portmgr (bdrewery)

- convert USE_GMAKE to USES=gmake

Chase security/libgcrypt update

- Convert USE_GETTEXT to USES (part 3)

Approved by:	portmgr (bapt)

- take maintainership and drop verify target

Throw my ports back in the pool, and make my intentions clear for the
various ports that I've created.

I bid fond fare well
A chapter closes for me
What opens for you?

Work around a problem on stable/[89] with libotr generating an
"undefined reference to `__stack_chk_fail_local'" error. None
of the usual remedies work (such as making sure that gcc is used
instead of ld for the linker) so on those releases we simply
disable that option.

pointyhat logs confirm that pidgin-otr (the only consumer of libotr
atm) is failing on 8 and 9 with the same configure error that I am
seeing on 8, so this patch should at least allow it to build on those
releases.

Bump PORTREVISION for libotr to err on the side of caution.

While I'm here, remove a now-spurious mod to the pidgin-otr configure.

Update libotr and pidgin-otr to 4.0.0

The main new features in 4.0.0:

* Support v3 of the OTR protocol

* The plugin now supports multiple OTR conversations with the same buddy
  who is logged in at multiple locations. In this case, a new OTR menu
  will appear, which allows you to select which session an outgoing
  message is indended for. Note that concurrent SMP authentications with
  the same buddy who is logged in multiple times is not yet supported
  (starting a second authentication will end the first).

* During a private conversation with a buddy, an incoming unencrypted
  message will now trigger the regular incoming message notifications.

(Only the first 15 lines of the commit message are shown above )

Remove my personal web site from MASTER_SITES

Revert the unauthorized conversion of pkg-config from a proper build dep
to the new macro (r301539). Convert pkg-config to pkgconf.

Add a build dep on pkgconf to pidgin-otr to handle libotr's .pc files

Versions 3.2.0 and earlier of the pidgin-otr plugin contain
a format string security flaw. This flaw could potentially be
exploited by a remote attacker to cause arbitrary code to be
executed on the user's machine.

The flaw is in pidgin-otr, not in libotr. Other applications
that use libotr are not affected.

Remove license info

- Add LDFLAGS to CONFIGURE_ENV and MAKE_ENV (as it was done with LDFLAGS)
- Fix all ports that add {CPP,LD}FLAGS to *_ENV to modify flags instead

PR:             157936
Submitted by:   myself
Exp-runs by:    pav
Approved by:    pav

Indicate my preference against bumping PORTREVISION in these ports
without a good reason

- Chase the libgcrypt shared lib version

Chase security/libgcrypt shlib bump.

PR:             ports/148755
Submitted by:   Hirohisa Yamaguchi <umq@ueo.co.jp>

Add LICENSE information to my ports where the right answer is obvious

Bounce PORTREVISION for gettext-related ports.  Have fun, ya'll.

- update to 1.4.1
Reviewed by:    exp8 run on pointyhat
Supported by:   miwi

- update to jpeg-8

- bump all port that indirectly depends on libjpeg and have not yet been bumped
or updated
Requested by:   edwin

Where it matters, update regarding MAKE_JOBS_{UN}SAFE for my ports

- Bump PORTREVISION due to share library version bump in security/libgcrypt

PR:              ports/127478

Update to version 3.2.0, released June 15th. The configuration and
"OTR button" functionality have been moved to a menu. Also, "Buddy
authentication has been revamped, based on the user study published
in SOUPS 2008." The old authentication methods are still allowed.

This version adds locale files for ar, de, hu, and ru.

Drop the specific library version number for libpurple to
(hopefully) avoid churn down the road.

Assume maintainership, and add my website to MASTER_SITES.

Approved by:    Maintainer timeout

Bump portrevision due to upgrade of devel/gettext.

The affected ports are the ones with gettext as a run-dependency
according to ports/INDEX-7 (5007 of them) and the ones with USE_GETTEXT
in Makefile (29 of them).

PR:             ports/124340
Submitted by:   edwin@
Approved by:    portmgr (pav)

- Remove unneeded dependency from gtk12/gtk20 [1]
- Remove USE_XLIB/USE_X_PREFIX/USE_XPM in favor of USE_XORG
- Remove X11BASE support in favor of LOCALBASE or PREFIX
- Use USE_LDCONFIG instead of INSTALLS_SHLIB
- Remove unneeded USE_GCC 3.4+

Thanks to all Helpers:
        Dmitry Marakasov, Chess Griffin, beech@, dinoex, rafan, gahr,
        ehaupt, nox, itetcu, flz, pav

PR:             116263
Tested on:      pointyhat
Approved by:    portmgr (pav)

Chase the libpurple shared lib version.

- Chase libpurple shlib bump

Pointy hat to:  marcus

Update pidgin to 2.3.1, and chase the shared lib version bump.  See
http://developer.pidgin.im/wiki/ChangeLog for the list of changes.

Chase the libpurple shared lib version.

Unbreak the build by adding an explicit dependency on intltool

1. Update to 3.1.0
2. Update the MASTER_SITES
3. Add a verify target for the PGP signature, and download the signature
4. Add USE_GMAKE
5. Add an unconditional USE_GETTEXT since there is no way to disable it
6. Update pkg-plist with the *.mo files

Approved by:    maintainer timeout

PR:             ports/115664 (pkg-plist fix)
Submitted by:   Matthias Andree <matthias.andree@gmx.de>

Chase the libpurple shared lib version.

- Update to 3.0.1
- Update pkg-descr
- Update MASTER_SITES
- Connect to build

PR:             112651
Submitted by:   Mike Smith<perlfu@gmail.com>

- Force commit for notes that's a repocopy.
- Project was renamed

Repocopied by:  marcus

Number of commits found XX: 55

14 vulnerabilities affecting 165 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2020-05-24 19:56:04