update arm-trusted-firmware to 1.5
Update ARM Trusted Firmware to 1.5 which includes changes for: https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-5 Not initializing or saving/restoring PMCR_EL0 can leak secure world timing information https://github.com/ARM-software/arm-trusted-firmware/wiki/Arm-Trusted-Firmware-Security-Advisory-TFV-6 Arm Trusted Firmware exposure to speculative processor vulnerabilities using cache timing side-channels Compiles, have no RK3399 to test on. Index: Makefile === RCS file: /cvs/ports/sysutils/arm-trusted-firmware/Makefile,v retrieving revision 1.4 diff -u -p -r1.4 Makefile --- Makefile22 Aug 2017 15:42:19 - 1.4 +++ Makefile21 Mar 2018 03:51:02 - @@ -6,8 +6,7 @@ COMMENT=ARM Trusted Firmware GH_ACCOUNT=ARM-software GH_PROJECT=arm-trusted-firmware -GH_TAGNAME=v1.4 -REVISION= 0 +GH_TAGNAME=v1.5 CATEGORIES=sysutils Index: distinfo === RCS file: /cvs/ports/sysutils/arm-trusted-firmware/distinfo,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 distinfo --- distinfo20 Aug 2017 21:32:07 - 1.1.1.1 +++ distinfo21 Mar 2018 03:52:22 - @@ -1,2 +1,2 @@ -SHA256 (arm-trusted-firmware-1.4.tar.gz) = ba4CrNhSeDlL+tbiaD4YblMypxHkSRrEYyrWSA9uVJQ= -SIZE (arm-trusted-firmware-1.4.tar.gz) = 2261166 +SHA256 (arm-trusted-firmware-1.5.tar.gz) = dNxsnrWfK6zIp2vWAtMH0QVpn5DSyQKIL7riib9EQ2E= +SIZE (arm-trusted-firmware-1.5.tar.gz) = 2684635
Re: UPDATE ports/plan9/plan9port MAP_STACK patch
rather than allocating memory for _Thread struct and stack together, this diff[1] changes the allocation by pulling apart the stack of the thread_t struct, so now only the stack segment has the MAP_STACK flag for passing stack-register checking. tested on amd64(MAP_STACK bits in). acme(1)/sam(1) works fine! [1] http://shutpandhack.org/~gsoares/plan9port_map_stack.diff Index: Makefile === RCS file: /cvs/ports/plan9/plan9port/Makefile,v retrieving revision 1.24 diff -u -p -r1.24 Makefile --- Makefile20 Jan 2018 03:29:56 - 1.24 +++ Makefile21 Mar 2018 02:02:26 - @@ -4,6 +4,7 @@ ONLY_FOR_ARCHS =amd64 i386 powerpc BROKEN-powerpc = threading issues COMMENT = Plan 9 from user space +REVISION = 0 DISTNAME = plan9port-20180117 Index: patches/patch-src_libthread_thread_c === RCS file: patches/patch-src_libthread_thread_c diff -N patches/patch-src_libthread_thread_c --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-src_libthread_thread_c21 Mar 2018 02:02:26 - @@ -0,0 +1,46 @@ +$OpenBSD$ + +Index: src/libthread/thread.c +--- src/libthread/thread.c.orig src/libthread/thread.c +@@ -107,12 +107,18 @@ threadalloc(void (*fn)(void*), void *arg, uint stack) + uint x, y; + ulong z; + +- /* allocate the task and stack together */ +- t = malloc(sizeof *t+stack); ++ /* allocate the task */ ++ t = malloc(sizeof *t); + if(t == nil) + sysfatal("threadalloc malloc: %r"); + memset(t, 0, sizeof *t); +- t->stk = (uchar*)(t+1); ++ /* allocate the real stack */ ++ t->stk = mmap(NULL, stack, PROT_READ | PROT_WRITE, ++ MAP_PRIVATE | MAP_ANON | MAP_STACK, -1, 0); ++ if (t->stk == MAP_FAILED) { ++ free(t); ++ sysfatal("threadalloc malloc: %r"); ++ } + t->stksize = stack; + t->id = incref(); + //print("fn=%p arg=%p\n", fn, arg); +@@ -133,8 +139,8 @@ threadalloc(void (*fn)(void*), void *arg, uint stack) + + /* call makecontext to do the real work. */ + /* leave a few words open on both ends */ +- t->context.uc.uc_stack.ss_sp = (void*)(t->stk+8); +- t->context.uc.uc_stack.ss_size = t->stksize-64; ++ t->context.uc.uc_stack.ss_sp = t->stk; ++ t->context.uc.uc_stack.ss_size = t->stksize; + #if defined(__sun__) && !defined(__MAKECONTEXT_V2_SOURCE) /* sigh */ + /* can avoid this with __MAKECONTEXT_V2_SOURCE but only on SunOS 5.9 */ + t->context.uc.uc_stack.ss_sp = +@@ -364,6 +370,7 @@ procscheduler(Proc *p) + delthreadinproc(p, t); + p->nthread--; + /*print("nthread %d\n", p->nthread); */ ++ munmap(t->stk, t->stksize); + free(t); + } + } Index: patches/patch-src_libthread_threadimpl_h === RCS file: patches/patch-src_libthread_threadimpl_h diff -N patches/patch-src_libthread_threadimpl_h --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-src_libthread_threadimpl_h21 Mar 2018 02:02:26 - @@ -0,0 +1,14 @@ +$OpenBSD$ + +Index: src/libthread/threadimpl.h +--- src/libthread/threadimpl.h.orig src/libthread/threadimpl.h +@@ -10,6 +10,8 @@ + # define _XOPEN_SOURCE/* for Snow Leopard */ + # endif + # include ++#elif defined(__OpenBSD__) ++# include + #endif + #include + #include "libc.h"
Re: NEW: devel/p5-Getopt-Tabular
On 3/20/2018 8:01 PM, Alexander Bluhm wrote: > On Wed, Feb 21, 2018 at 05:29:01PM -0500, Brian Callahan wrote: >> Attached is a new port, devel/p5-Getopt-Tabular. > The license comment should be # Perl > > OK bluhm@ > Right, of course. Thanks.
Re: NEW: devel/p5-Getopt-Tabular
On Wed, Feb 21, 2018 at 05:29:01PM -0500, Brian Callahan wrote: > Attached is a new port, devel/p5-Getopt-Tabular. The license comment should be # Perl OK bluhm@
Re: UPDATE: x11/st 0.8 -> 0.8.1
On Tue, Mar 20 2018, Klemens Nanniwrote: > Small regression fix release: > > f4020b2 fix regression by selecting clipboard text > a5a928b don't modify argv, use a counter > 6ac8c8a selextend: clarify: !sel.mode == SEL_IDLE > 5345db3 clipcopy: no need to check for free(NULL), set to NULL after > free > 7648697 minor code-style: whitespace fixes > 0b507bb Fix title initialization > e7ef3c4 Fix regression from 69e32a6 when setting title. > > Works fine for me on amd64, OK? Pasting the X selection (shift+insert) in st worked with st-0.7 and doesn't work any more in 0.8 and 0.8.1. I don't normally use st, just testing. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: [NEW] converters/p5-Sereal-Encoder
On Mon, Mar 19, 2018 at 10:47:20PM +0100, Frederic Cambus wrote: > Again, thanks for this. I applied the same changes to p5-Sereal-Decoder, > attaching updated tarballs. The Makefile in p5-Sereal-Encoder.tar.gz has permissions 600, please change to 644 before commiting. The LGPL file is only in Encoder, remove LGPLv2.1 from Decoder Makefile. otherwise OK bluhm@
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2018/03/20 16:03:35 Modified files: telephony/kamailio: Makefile distinfo telephony/kamailio/patches: patch-src_Makefile_defs patch-src_core_pt_c patch-src_core_tcp_read_c patch-src_modules_db_mysql_my_cmd_c patch-src_modules_nat_traversal_nat_traversal_c patch-src_modules_tls_tls_bio_c patch-utils_kamctl_kamctlrc Added files: telephony/kamailio/patches: patch-utils_kamctl_kamctl_rpcfifo patch-utils_kamctl_kamdbctl_db_berkeley Removed files: telephony/kamailio/patches: patch-src_core_core_cmd_c patch-src_core_socket_info_c patch-src_modules_auth_identity_auth_crypt_c Log message: security update kamailio to 5.0.6: pre-authentication heap overflow in handling From: - fix berkeley db utilities and kamctl "shift: nothing to shift", reported by feinerer@, from maintainer Roman Kravchuk - fix runtime TLS failure, undefined symbol OPENSSL_zalloc, from maintainer - remove some dead patches follow switch to clang, from me (there was an earlier update to 5.1.x from maintainer earlier this month which I missed pushing earlier and it's too close to release now; this is planned for post-6.3)
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2018/03/20 15:57:55 Modified files: net/haproxy/patches: patch-include_proto_openssl-compat_h Log message: unbreak; we now have all functions that haproxy uses in openssl-compat.h (there are more !LIBRESSL pieces src/ssl_sock.c)
UPDATE: x11/st 0.8 -> 0.8.1
Small regression fix release: f4020b2 fix regression by selecting clipboard text a5a928b don't modify argv, use a counter 6ac8c8a selextend: clarify: !sel.mode == SEL_IDLE 5345db3 clipcopy: no need to check for free(NULL), set to NULL after free 7648697 minor code-style: whitespace fixes 0b507bb Fix title initialization e7ef3c4 Fix regression from 69e32a6 when setting title. Works fine for me on amd64, OK? Index: Makefile === RCS file: /cvs/ports/x11/st/Makefile,v retrieving revision 1.16 diff -u -p -r1.16 Makefile --- Makefile17 Mar 2018 13:28:39 - 1.16 +++ Makefile20 Mar 2018 21:05:19 - @@ -2,7 +2,7 @@ COMMENT= simple X terminal -V= 0.8 +V= 0.8.1 DISTNAME= st-${V} CATEGORIES=x11 @@ -15,7 +15,7 @@ MAINTAINER= Joerg Jung
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: lan...@cvs.openbsd.org 2018/03/20 13:42:33 Modified files: www/mozilla-firefox: Tag: OPENBSD_6_2 Makefile distinfo www/mozilla-firefox/patches: Tag: OPENBSD_6_2 patch-build_moz_configure_rust_configure patch-intl_icu_source_Makefile_in patch-security_manager_pki_resources_content_exceptionDialog_js patch-storage_mozStorageConnection_cpp patch-widget_nsPrintSettingsImpl_cpp www/mozilla-firefox/pkg: Tag: OPENBSD_6_2 PLIST Added files: www/mozilla-firefox/patches: Tag: OPENBSD_6_2 patch-_cargo_config_in patch-dom_webauthn_u2f-hid-rs_Cargo_toml patch-old-configure_in patch-security_manager_ssl_nsNSSIOLayer_cpp patch-third_party_rust_serde_derive__cargo-checksum_json patch-third_party_rust_serde_derive_internals__cargo-checksum_json patch-toolkit_library_rust_Cargo_lock patch-toolkit_library_rust_Cargo_toml Removed files: www/mozilla-firefox/patches: Tag: OPENBSD_6_2 patch-old-configure Log message: MFC: Update to firefox 59.0.1. https://www.mozilla.org/en-US/firefox/59.0.1/releasenotes/ Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/ Diversions from -current: - Now builds against bundled cairo/sqlite - Use selfhosted tarball - Partly revert commits from #1423236 & #1424280 to build with rust 1.20 (yeah, gross) Tested by thuban on amd64, & myself on amd64/i386. I called for testing one week ago, and got *one* reply. Wonder why i'm doing this.. Packages for 6.2 on their way.
Re: [www/rt] A flavor for LDAP?
On 3/10/2018 8:23 AM, Stuart Henderson wrote: > This shouldn't be CONFIGURE_STYLE=simple - CONFIGURE_STYLE=gnu is > correct already. It is? It seems to work correctly with CONFIGURE_STYLE=simple. I'm still sort of new to this, do you mind explaining why? > Is it actually required to run rt-test-dependencies? I haven't used rt > for some years but from what I remember it's just a checker and doesn't > make any actual changes? Based on Paul's comments, I see now that it is not. The patch without that part is below. ─ William Leuschner wel2...@rit.edu Index: Makefile === RCS file: /cvs/ports/www/rt/Makefile,v retrieving revision 1.40 diff -u -p -r1.40 Makefile --- Makefile11 Jan 2018 19:27:12 - 1.40 +++ Makefile20 Mar 2018 15:38:36 - @@ -4,7 +4,7 @@ COMMENT=industrial-grade ticketing sys DISTNAME= rt-4.4.2 CATEGORIES=www -REVISION= 0 +REVISION= 1 MAINTAINER=Robert NagyIndex: pkg/README === RCS file: /cvs/ports/www/rt/pkg/README,v retrieving revision 1.1 diff -u -p -r1.1 README --- pkg/README 14 Jun 2011 13:19:33 - 1.1 +++ pkg/README 20 Mar 2018 15:38:36 - @@ -20,3 +20,6 @@ ${PREFIX}/share/doc/rt3/README If you are upgrading your installation, don't forget to run: # rt-setup-database --dba --prompt-for-dba-password \ --action upgrade + +If you plan to connect your rt installation to an LDAP domain, +install p5-ldap.
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2018/03/20 08:51:19 Modified files: mail/rspamd: Makefile distinfo mail/rspamd/pkg: PLIST Log message: update to rspamd-1.7.1, a couple of important fixes since 1.7.0
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2018/03/20 08:47:54 Modified files: security/letsencrypt: Makefile.inc security/letsencrypt/client: Makefile distinfo security/letsencrypt/py-acme: distinfo Log message: update to certbot/py-acme 0.22.2
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: rsadow...@cvs.openbsd.org 2018/03/20 06:52:26 Modified files: productivity/kmymoney: Makefile Added files: productivity/kmymoney/patches: patch-kmymoney_dialogs_settings_CMakeLists_txt patch-kmymoney_plugins_ofximport_CMakeLists_txt Removed files: productivity/kmymoney/patches: patch-kmymoney_CMakeLists_txt Log message: Unbreak - add missing CMAKE_CURRENT_{SOURCE,BINARY}_DIR to find kmymoneysettings.h - rm -DCMAKE_POLICY_DEFAULT_CMP0071=NEW (Revert previous commit) and also revert reorder patch spotted by naddy@ (Hopefully for the last time)
kamailio: pre-auth heap overflow in From header
I just saw this on oss-security, https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow The release containing the fix has been out for a couple of weeks but the advisory is new. It's getting late for OpenBSD release but I think this one is worth fixing if it can be tested soon. The patch itself is a one-liner but this is the 'old stable' branch and only getting bugfixes so I think updating to the newest on that branch makes sense. I've dropped the CFLAGS patches for gcc on amd64/i386 because they're no longer needed and were conflicting. Also dropped some libressl patches that no longer make sense. (The arc4random patches could be dropped too because rand/random use arc4random anyway in normal use on recent OpenBSD, but that's a bigger change than I'd like to make now). Roman, could you test please? OK? Index: Makefile === RCS file: /cvs/ports/telephony/kamailio/Makefile,v retrieving revision 1.43 diff -u -p -r1.43 Makefile --- Makefile11 Jan 2018 19:27:11 - 1.43 +++ Makefile20 Mar 2018 12:06:18 - @@ -2,7 +2,7 @@ COMMENT-main = mature and flexible open source SIP server -VERSION = 5.0.3 +VERSION = 5.0.6 DISTNAME = kamailio-${VERSION}_src @@ -17,7 +17,6 @@ PKGNAME-snmpstats = kamailio-snmpstats-$ PKGNAME-perl = kamailio-perl-${VERSION} PKGNAME-presence = kamailio-presence-${VERSION} PKGNAME-radius = kamailio-radius-${VERSION} -REVISION-main =0 CATEGORIES = telephony MAINTAINER = Roman Kravchuk@@ -40,7 +39,7 @@ MASTER_SITES =http://www.kamailio.org/ WRKDIST = ${WRKDIR}/kamailio-${VERSION} WANTLIB-main = c crypto curl expat event_core event_extra iconv m \ - pcre pthread ssl lzma xml2 ncurses readline unistring z + pcre pthread ssl lzma xml2 curses readline unistring z LIB_DEPENDS-main = converters/libiconv \ converters/libunistring \ Index: distinfo === RCS file: /cvs/ports/telephony/kamailio/distinfo,v retrieving revision 1.9 diff -u -p -r1.9 distinfo --- distinfo21 Sep 2017 09:34:32 - 1.9 +++ distinfo20 Mar 2018 12:06:18 - @@ -1,2 +1,2 @@ -SHA256 (kamailio-5.0.3_src.tar.gz) = +nX3Oh1AxLorMy3mqk/pqqUxZ5NMb6rfoEJH0tMLVwo= -SIZE (kamailio-5.0.3_src.tar.gz) = 11678360 +SHA256 (kamailio-5.0.6_src.tar.gz) = yhYma1WYZtWMa3fyNfvPXwcfYnSSwo8z7PWY5B2V1Co= +SIZE (kamailio-5.0.6_src.tar.gz) = 11724268 Index: patches/patch-src_Makefile_defs === RCS file: /cvs/ports/telephony/kamailio/patches/patch-src_Makefile_defs,v retrieving revision 1.2 diff -u -p -r1.2 patch-src_Makefile_defs --- patches/patch-src_Makefile_defs 21 Sep 2017 09:34:32 - 1.2 +++ patches/patch-src_Makefile_defs 20 Mar 2018 12:06:18 - @@ -2,7 +2,7 @@ $OpenBSD: patch-src_Makefile_defs,v 1.2 Index: src/Makefile.defs --- src/Makefile.defs.orig +++ src/Makefile.defs -@@ -316,9 +316,9 @@ ppc_macros= __powerpc __powerpc__ __POWERPC__ __ppc__ +@@ -318,9 +318,9 @@ ppc_macros= __powerpc __powerpc__ __POWERPC__ __ppc__ ppc64_macros= __ppc64__ _ARCH_PPC64 mips_macros= __mips__ __mips _MIPS_ARCH_MIPS1 @@ -14,27 +14,7 @@ Index: src/Makefile.defs alpha_macros= __alpha__ __alpha _M_ALPHA_ -@@ -879,16 +879,12 @@ ifeq ($(ARCH), i386) - ifeq ($(CC_NAME), gcc) - C_DEFS+=-DCC_GCC_LIKE_ASM - #common stuff -- CFLAGS=-g $(CC_OPT) -funroll-loops -Wcast-align $(PROFILE) -+ CFLAGS= - #if gcc 6.0+, 5.0+, 4.5+ or 4.2+ - ifeq (,$(strip $(filter-out 4.2+ 4.5+ 5.0+ 6.0+,$(CC_SHORTVER - $(callset_if_empty,CPUTYPE,athlon64) -- CFLAGS+=-m32 -minline-all-stringops \ -- -falign-loops \ -- -ftree-vectorize \ -- -fno-strict-overflow \ -- -mtune=$(CPUTYPE) -- LDFLAGS+=-m32 -+ CFLAGS+= -+ LDFLAGS+= - else - #if gcc 4.0+ - ifeq ($(CC_SHORTVER), 4.x) -@@ -936,8 +932,8 @@ else # CC_NAME, gcc +@@ -938,8 +938,8 @@ else # CC_NAME, gcc ifeq ($(CC_NAME), clang) $(call set_if_empty,CPUTYPE,athlon64) C_DEFS+=-DCC_GCC_LIKE_ASM @@ -45,31 +25,7 @@
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: k...@cvs.openbsd.org2018/03/20 04:40:23 Modified files: textproc/ripgrep: Makefile distinfo textproc/ripgrep/pkg: PLIST Added files: textproc/ripgrep/patches: patch-tests_tests_rs Removed files: textproc/ripgrep/patches: patch-Cargo_toml Log message: Update ripgrep to 0.8.1 Also add missing BDEP on asciidoc and do some clean up. OK landry
Re: [PATCH] textproc/ripgrep bump to 0.8.1
On Sat, Mar 17, 2018 at 02:17:57AM -0700, William Orr wrote: > Hey, > > This bumps ripgrep to 0.8.1. It also adds a build-time dependency on > asciidoc for building the manpage. Tested on amd64. Your diff is mangled by your MUA, doesnt apply - and there's already a diff on ports@ with this update, cf https://marc.info/?t=15195014062=1=2
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: lan...@cvs.openbsd.org 2018/03/20 02:30:32 Modified files: x11/kde4/dev-scripts: Makefile x11/kde4/dev-scripts/pkg: PLIST Log message: Remove conflict with tkcvs which doesnt install cvscheck anymore - from sthen@
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: lan...@cvs.openbsd.org 2018/03/20 02:29:45 Modified files: devel/tkdiff : Makefile devel/tkdiff/pkg: PLIST Log message: Remove conflict on tkcvs, from sthen@
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: lan...@cvs.openbsd.org 2018/03/20 02:29:13 Modified files: devel/tkcvs: Makefile distinfo devel/tkcvs/pkg: DESCR PLIST Removed files: devel/tkcvs/patches: patch-tkcvs_cvs_tcl patch-tkcvs_doinstall Log message: Update to tkcvs 8.2.3, from Currell Berry who takes maintainership. Remove conflict with tkdiff and depend on it instead. with tweaks from sthen@ and me, ok todd@ (previous maintainer)
[wip] QGIS 3.0.0
Hi, here's something i've been working on for a while before it was released - works somewhat fine except some issues with file dialog integration between qt5 & gtk (https://issues.qgis.org/issues/17825) and some exit crashes (https://issues.qgis.org/issues/18070). On the ports side this switches from py2/qt4 to py3/qt5. The full user-level changelog is at http://changelog.qgis.org/en/qgis/version/3.0.0/ Diff is 300kb so not attaching it, grab it from http://rhaalovely.net/~landry/stuff/qgis-3.0.0.diff I'm planning to commit this soon after unlock. Landry
Re: [PATCH] erlang tools
On Mon, Mar 19, 2018 at 09:42:45PM +, Stuart Henderson wrote: > On 2018/03/19 21:39, Stuart Henderson wrote: > > OK sthen@ > > too late with my ok I see ;-) Thanks for reviewing nontheless ;-) -- jasper
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: lan...@cvs.openbsd.org 2018/03/20 01:18:16 Modified files: x11/xfce4/xfce4-pulseaudio: Makefile distinfo x11/xfce4/xfce4-pulseaudio/pkg: PLIST Log message: xfce4-pulseaudio 0.4.0
Re: NEW: security/qgpgme; Update security/gpgme, mail/trojita; remove: x11/kde-applications/gpgmepp
On Sun, Mar 18, 2018 at 12:43:41PM +, Stuart Henderson wrote: > I think this one is post-release. So, definitely post-release. You'll also need to bump all gpgme consumers, since they all fail to package because the dependency changes: -@depend security/gpgme:gpgme-*:gpgme-1.9.0p0 +@depend security/gpgme,-main:gpgme-*:gpgme-1.10.0