FreeBSD Ports

www/twms: drop maintainership

audio/wavplay: update 1.4 → 2.0

www/wget2: fix manpage generation PR: 26126 Reported by: [email protected]

x11/eaglemode: update 0.95.0 → 0.95.1 - Trim unused X depends. - Require c++11, remove ancient gcc handling. - No need to specify *-{inc,lib}-dir args, as pkgconfig handles it fine. - Further hack crippled upstream build system, make it use linker for correct (C/C++) language, which allows to remove LLD_UNSAFE.

x11/xterm: Update to 372

science/py-scipy: Update to 1.8.0 - Add test target PR: 262307 Reported by: wen@ Exp-run by: antoine@

www/phalcon: update to 5.0.0beta3 ChangeLog: https://blog.phalcon.io/post/phalcon-5-0-0beta3-released PR: 262245 Reported by: [email protected] Approved by: [email protected] (maintainer)

x11-toolkits/pango: update to 1.50.5 Changelog: * Fix compiler warnings * Enable cairo by default * pango-view: Show more baselines * layout: Handle baselines * Windows: build cleanups Noteable changes: - documentation is no longer installed into the subdirectory reference/ Exp-run by: antoine PR: 262382

textproc/expat2: update to 2.4.7 From [1]: Release 2.4.7 Fri March 4 2022 Bug fixes: #572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5) with regard to all valid URI characters (RFC 3986), ... [More] i.e. the following set (excluding whitespace): ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 % -._~ :/?#[]@ !$&'()*+,;= Other changes: #555 #570 #581 CMake|Windows: Store Expat version in the DLL #577 Document consequences of namespace separator choices not just in doc/reference.html but also in header #577 Document Expat's lack of validation of namespace URIs against RFC 3986, and that the XML 1.0r4 specification doesn't require Expat to validate namespace URIs, and that Expat may do more in that regard in future releases. If you find need for strict RFC 3986 URI validation on application level today, https://uriparser.github.io/ may be of interest. #579 Fix documentation of XML_EndDoctypeDeclHandler in #575 Document that a call to XML_FreeContentModel can be done at a later time from outside the element declaration handler #574 Make hardcoded namespace URIs easier to find in code #573 Update documentation on use of XML_POOR_ENTOPY on Solaris #569 #571 tests: Resolve use of macros NAN and INFINITY for GNU G++ 4.8.2 on Solaris. #578 #580 Version info bumped from 9:6:8 to 9:7:8; see https://verbump.de/ for what these numbers do Special thanks to: Jeffrey Walton Johnny Jazeix Thijs Schreijer Release 2.4.6 Sun February 20 2022 Bug fixes: #566 Fix a regression introduced by the fix for CVE-2022-25313 in release 2.4.5 that affects applications that (1) call function XML_SetElementDeclHandler and (2) are parsing XML that contains nested element declarations (e.g. ""). Other changes: #567 #568 Version info bumped from 9:5:8 to 9:6:8; see https://verbump.de/ for what these numbers do Special thanks to: Matt Sergeant Samanta Navarro Sergei Trofimovich and NixOS Perl XML::Parser Release 2.4.5 Fri February 18 2022 Security fixes: #562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8 sequences (e.g. from start tag names) to the XML processing application on top of Expat can cause arbitrary damage (e.g. code execution) depending on how invalid UTF-8 is handled inside the XML processor; validation was not their job but Expat's. Exploits with code execution are known to exist. #561 CVE-2022-25236 -- Passing (one or more) namespace separator characters in "xmlns[:prefix]" attribute values made Expat send malformed tag names to the XML processor on top of Expat which can cause arbitrary damage (e.g. code execution) depending on such unexpectable cases are handled inside the XML processor; validation was not their job but Expat's. Exploits with code execution are known to exist. #558 CVE-2022-25313 -- Fix stack exhaustion in doctype parsing that could be triggered by e.g. a 2 megabytes file with a large number of opening braces. Expected impact is denial of service or potentially arbitrary code execution. #560 CVE-2022-25314 -- Fix integer overflow in function copyString; only affects the encoding name parameter at parser creation time which is often hardcoded (rather than user input), takes a value in the gigabytes to trigger, and a 64-bit machine. Expected impact is denial of service. #559 CVE-2022-25315 -- Fix integer overflow in function storeRawNames; needs input in the gigabytes and a 64-bit machine. Expected impact is denial of service or potentially arbitrary code execution. Other changes: #557 #564 Version info bumped from 9:4:8 to 9:5:8; see https://verbump.de/ for what these numbers do Special thanks to: Ivan Fratric Samanta Navarro and Google Project Zero JetBrains [1] Changelog: https://github.com/libexpat/libexpat/blob/R_2_4_7/expat/Changes Exp-run by: antoine PR: 262381 Security: CVE-2022-25235 Security: CVE-2022-25236 Security: CVE-2022-25313 Security: CVE-2022-25314 Security: CVE-2022-25315 [Less]

deskutils/mindforger: update the port to version 1.54.0 Apply a minor fix so that correct version would be reported in the About dialog and window title (the tree had been tagged for the release before the fix had been committed to the master). Reported by: portscout