Framework: sync with upstream

Taken from: HardenedBSD

MOVED

@@ -12845,3 +12845,7 @@ www/palemoon||2019-07-03|Not maintained and full of security holes
 www/seamonkey||2019-07-03|2.49.* is not maintained upstream and full of security holes
 www/tomcat8||2019-07-06|Has expired: EoL since 2018-06-30
 devel/libevent-hiphop||2019-07-10|Has expired: Obsoleted with removal of lang/hiphop-php
+textproc/apache-solr3|textproc/apache-solr|2019-07-12|Obsolete
+misc/tcb||2019-07-13|Has expired: Abandonware that uses sys/dir.h
+editors/xed||2019-07-13|Has expired: Abandonware using sys/dir.h
+databases/gtksql||2019-07-13|Has expired: Abandonware using sys/dir.h

Mk/Scripts/generate-symbols.sh

@@ -17,7 +17,7 @@ msg "Finding symbols"
 
 # Find all ELF files
 ELF_FILES=$(mktemp -t elf_files)
-find ${STAGEDIR} -type f \
+find ${STAGEDIR} -type f ! -name '*.a' \
     -exec /usr/bin/readelf -S /dev/null {} + 2>/dev/null | awk ' \
     /File:/ {sub(/File: /, "", $0); file=$0}
     /[[:space:]]\.debug_info[[:space:]]*PROGBITS/ {print file}' \

Mk/Uses/cargo.mk

@@ -35,8 +35,8 @@ CARGO_DIST_SUBDIR?=	rust/crates
 
 # Generate list of DISTFILES.
 .for _crate in ${CARGO_CRATES}
-MASTER_SITES+=	CRATESIO/${_crate:C/^(.*)-[0-9].*/\1/}/${_crate:C/^.*-([0-9].*)/\1/}:cargo_${_crate:S/-//g:S/.//g}
-DISTFILES+=	${CARGO_DIST_SUBDIR}/${_crate}.tar.gz:cargo_${_crate:S/-//g:S/.//g}
+MASTER_SITES+=	CRATESIO/${_crate:C/^(.*)-[0-9].*/\1/}/${_crate:C/^.*-([0-9].*)/\1/}:cargo_${_crate:C/[^a-zA-Z0-9_]//g}
+DISTFILES+=	${CARGO_DIST_SUBDIR}/${_crate}.tar.gz:cargo_${_crate:C/[^a-zA-Z0-9_]//g}
 .endfor
 
 # Build dependencies.

Mk/bsd.default-versions.mk

@@ -60,7 +60,7 @@ LLVM_DEFAULT?=		80
 # Possible values: 5.1, 5.2, 5.3
 LUA_DEFAULT?=		5.2
 # Possible values: 5.5, 5.6, 5.7, 8.0, 5.5m, 10.0m, 10.1m, 10.2m, 10.3m, 5.5p, 5.6p, 5.7p, 5.6w
-MYSQL_DEFAULT?=		5.6
+MYSQL_DEFAULT?=		5.7
 # Possible values: 5.26, 5.28, 5.30, devel
 .if !exists(${LOCALBASE}/bin/perl) || (!defined(_PORTS_ENV_CHECK) && \
     defined(PACKAGE_BUILDING))

Mk/bsd.ssp.mk

@@ -8,9 +8,5 @@ SSP_Include_MAINTAINER=	portmgr@FreeBSD.org
 # Overridable as a user may want to use -fstack-protector
 SSP_CFLAGS?=	-fstack-protector-all
 CFLAGS+=	${SSP_CFLAGS}
-.if ${SSP_CFLAGS:M-fstack-protector-all}
-LDFLAGS+=	-fstack-protector
-.else
 LDFLAGS+=	${SSP_CFLAGS}
 .endif
-.endif

Tools/scripts/bump_revision.pl

@@ -1,34 +1,59 @@
-#!/usr/bin/env perl
+#!/usr/bin/env perl -wT
 
 # $FreeBSD$
 
 #
-# MAINTAINER=	gerald@FreeBSD.org
+# This script helps with bumping the PORTREVISION of all ports that depend on a
+# set of ports, for instance, when in the latter set one of the ports bumped the
+# .so library version.
+#
+# It is best executed with the working directory set to the base of a
+# ports tree, such as /usr/ports.
+#
+# The shebang line above includes -T (taint) to be more distrustful 
+# about the envionment, for security reasons, and is considered
+# good Perl practice.
+#
+# You can use either the -l (shaLlow, avoid grandparent dependencies,
+# slower) or -g option (include grandparent dependencies) option.
+#
+# MAINTAINER=	mandree@FreeBSD.org
 #
 
-use Getopt::Std;
 use strict;
-use warnings;
+use Getopt::Std;
+use Carp 'verbose';
 use Cwd;
 use Data::Dumper;
 use File::Basename;
 
-use vars qw/$opt_c $opt_n $opt_i $opt_u/;
+use vars qw/$opt_c $opt_n $opt_i $opt_u $opt_l $opt_g $opt_p/;
+
+# launder environment
+delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
+$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';
 
 sub usage {
 	print <<EOF;
 Usage: $0 [options] [<category>/]<portname>
 
-    -c              - Just check
-    -n              - No tmpdir, just use dirname(INDEX)
-    -u <username>   - Your freebsd.org username. Defaults to \$ENV{USER}.
-    -i <filename>   - Use this for INDEX name. Defaults to /usr/ports/INDEX.
+Options:
+    -l              - shaLlow, only bump ports with direct dependencies.
+    -g              - Grandchildren, also bump for indirect dependencies (default).
+    -c              - Check only (dry-run), do not change Makefiles.
+    -n              - No tmpdir, just use the directory where INDEX resides.
+    -i <filename>   - Use this for INDEX name. Defaults to \${PORTSDIR}/INDEX-n,
+                      where n is the major version of the OS, or \${PORTSDIR}/INDEX if missing.
+    -p <dirname>    - Set portsdir, if different from /usr/ports.
 
-Improvements, suggestions,questions -> gerald\@FreeBSD.org
+Improvements, suggestions,questions -> mandree\@FreeBSD.org
 EOF
 	exit 1;
 }
 
+# flush STDOUT for each and every write even if writing to a pipe.
+$| = 1;
+
 sub bumpMakefile {
 
     my ($p) = @_; 
@@ -40,6 +65,7 @@ sub bumpMakefile {
 	    next;
 	}
 	my @lines = <$fin>;
+	if ($!) { die "Error while reading $makefile: $!. Aborting"; }
 	close($fin) or die "Can't close $makefile b/c $!";
 	chomp(@lines);
 
@@ -51,7 +77,7 @@ sub bumpMakefile {
 	}
 
 	my $printedrev = 0;
-	open(my $fout, '>', "$makefile");
+	open(my $fout, '>', "$makefile.bumped");
 	foreach my $line (@lines) {
 	    if (!$printedrev) {
 		if ($line =~ /^CATEGORIES??=/ || $line =~ /^PORTEPOCH??=/) {
@@ -73,23 +99,45 @@ sub bumpMakefile {
 	    print $fout "$line\n";
 	}
 	close($fout) or die "Can't close $makefile b/c $!";
+	rename "$makefile.bumped", $makefile or die "Can't rename $makefile.bumped to $makefile: $!";
 }
 
-my $INDEX = "/usr/ports/INDEX";
-my $USER = $ENV{USER};
+my $osversion = `uname -r`;
+chomp $osversion;
+$osversion =~ s/\..*//;
+
+my $shallow = 0;
+my ($portsdir, $INDEX);
 {
     $opt_i = "";
     $opt_u = "";
-    getopts("cni:u:");
+    getopts("cgi:lnu:p:");
+    $shallow = $opt_l if $opt_l;
+    if ($opt_l and $opt_g) {
+	die "Options -g and -l given, which are mutually exclusive. Pick either.";
+    }
+    if (not $opt_l and not $opt_g) {
+	warn "Neither -g nor -l given. Defaulting to -g";
+	$opt_g = 1;
+    }
+    $portsdir = $opt_p ? $opt_p : '/usr/ports';
+
+    $INDEX = "$portsdir/INDEX-$osversion";
     $INDEX = $opt_i if ($opt_i);
-    $USER = $opt_u if ($opt_u);
+    if (!-f $INDEX) { $INDEX = "$portsdir/INDEX"; }
 
-    die "$INDEX doesn't seem to exist. Please check the value supplied with -i or use -i." unless(-f $INDEX);
+    die "$INDEX doesn't seem to exist. Please check the value supplied with -i, or use -i /path/to/INDEX." unless(-f $INDEX);
 }
-my $PORT = $ARGV[0];
-usage() unless($PORT);
+usage() unless(@ARGV);
 
-my $CVSROOT = $ENV{CVSROOT} // ':ext:$USER\@pcvs.freebsd.org:/home/pcvs';
+my $TMPDIR = File::Basename::dirname($INDEX);
+
+#
+# Sanity checking
+#
+if (-d "$TMPDIR/.svn" and not $opt_n and not $opt_c) {
+    die "$TMPDIR/.svn exists, cowardly refusing to proceed.\n";
+}
 
 #
 # Read the index, save some interesting keys
@@ -99,89 +147,114 @@ my %index = ();
     print "Reading $INDEX\n";
     open(my $fin, '<', "$INDEX") or die "Cannot open $INDEX for reading.";
     my @lines = <$fin>;
+    if ($!) { die "Error while reading $INDEX: $! Aborting"; }
     chomp(@lines);
     close($fin);
 
-    foreach my $line (@lines) {
-	my @a = split(/\|/, $line);
-	my @b = split(/\//, $a[1]);
+    my @a;
+    my @b;
+    my $port;
+    map {
+	@a = split(/\|/, $_);
+	@b = split(/\//, $a[1]);
 
-	my $port = $b[-2]."/".$b[-1];
+	$port = $b[-2]."/".$b[-1];
 
-	$index{$port}{portname} = $b[-1];
-	$index{$port}{portnameversion} = $a[0];
-	$index{$port}{portdir} = $a[1];
-	$index{$port}{comment} = $a[3];
-	$index{$port}{deps} = ();
+	@{ $index{$port} }{'portname', 'portnameversion', 'portdir', 'comment', 'deps'}
+	    = ($b[-1], $a[0], $a[1], $a[3], ());
 
 	if ($a[8]) {
 	    @b = split(" ", $a[8]);
-	    foreach my $b (@b) {
-		$index{$port}{deps}{$b} = 1;
+	    @{ $index{$port}{deps} }{@b} = (1) x @b;
+	}
+
+    } @lines;
+    print "- Processed ", scalar keys(%index), " entries.\n";
+}
+
+my %DEPPORTS = ();
+
+foreach my $PORT (@ARGV) {
+    #
+    # See if the port really exists.
+    # If specified as category/portname, that should be enough.
+    # If specified as portname, check all categories for existence or duplicates.
+    #
+    unless (defined $index{$PORT}) {
+	my @found = grep /\/$PORT$/, keys(%index);
+	my $count = @found;
+
+	if ($count == 0) {
+	    die "Cannot find ${PORT} in ${INDEX}.";
+	} elsif ($count == 1) {
+	    $PORT = $found[0];
+	} else {
+	    my $n = join(" ", @found);
+	    die "Found ${PORT} more than once in ${INDEX}: $n. Try category/$PORT.\nAborting";
+	}
+    }
+
+    my $PORTNAMEVERSION = $index{$PORT}{portnameversion};
+    print "Found $PORT as $PORTNAMEVERSION\n";
+
+    #
+    # Figure out all the ports depending on this one.
+    #
+    {
+	print "Searching for ports depending on $PORT\n";
+
+	foreach my $p (keys(%index)) {
+	    if (defined $index{$p}{'deps'}{$PORTNAMEVERSION}) {
+		$DEPPORTS{$p} = 1;
 	    }
 	}
+	print "- Found ", scalar keys(%DEPPORTS), " ports depending on $PORT.\n";
     }
-    my @k = keys(%index);
-    print "- Processed ", $#k+1, " entries.\n";
 }
 
 #
-# See if the port does really exists.
-# If specified as category/portname, that should be enough.
-# If specified as portname, check all indexes for existence or duplicates.
+# In shallow mode, strip all those who don't have a direct dependency
 #
-unless (defined $index{$PORT}) {
-    my $count = 0;
-    my $n = "";
-    foreach my $p (keys(%index)) {
-	if ($p =~ /\/$PORT$/) {
-	    $n .= " " if ($n);
-	    $n .= $p;
-	    $count++;
+sub direct_dependency($@) {
+    my ($port, @requisites) = @_;
+    open F, '-|', '/usr/bin/make', '-C', $port, qw/-V _RUN_DEPENDS -V _LIB_DEPENDS/ or die "cannot launch make: $!";
+    my @lines = <F>;
+    chomp @lines;
+    my $deps = join(" ", @lines);
+    my %deps = map { $_ =~ s[/usr/ports/][]; ($_ => 1) } split " ", $deps;
+    if ($!) { die "cannot read depends from make: $!"; }
+    close F or die "cannot read depends from make: $!";
+    my $required = grep { $_ } map { defined $deps{$_} } @requisites;
+    return $required;
+}
+
+if ($shallow) {
+    my $n = keys %DEPPORTS;
+    my $idx = 1;
+    foreach my $p (keys %DEPPORTS) {
+	print "- Checking requisites of port $idx/$n...\r";
+	++$idx;
+	unless (direct_dependency($p, @ARGV)) {
+	    delete $DEPPORTS{$p};
 	}
     }
-    if ($count == 0) {
-	die "Cannot find ${PORT} in ${INDEX}.";
-    } elsif ($count == 1) {
-	$PORT = $n;
-    } else {
-	die "Found ${PORT} more than once in ${INDEX}: $n. Try category/portname.";
-    }
+    print "- Found ", scalar keys(%DEPPORTS), " ports depending directly on either of @ARGV.\n";
 }
 
-my $PORTNAMEVERSION = $index{$PORT}{portnameversion};
-print "Found $PORT as $PORTNAMEVERSION\n";
-
-#
-# Figure out all the ports depending on this one.
-#
-my %DEPPORTS = ();
-my $ports = "";
-{
-    print "Searching for ports depending on $PORT\n";
-    foreach my $p (keys(%index)) {
-	if (defined $index{$p}{deps}{$PORTNAMEVERSION}) {
-	    $DEPPORTS{$p} = 1;
-	    $ports .= " " if ($ports);
-	    $ports .= "ports/$p";
-	}
-    }
-    my @k = keys(%DEPPORTS);
-    print "- Found ", $#k+1, " ports depending on it.\n";
-}
+my $ports = join(" ", keys %DEPPORTS);
 
 #
 # Create a temp directory and cvs checkout the ports
 # (don't do error checking, too complicated right now)
 #
-
-my $TMPDIR = File::Basename::dirname($INDEX);
-unless ($opt_n) {
-  $TMPDIR = getcwd() . "/.tmpdir.$$";
+unless ($opt_n or $opt_c) {
+  $TMPDIR = ".bump_revsion_pl_tmpdir.$$";
+  print "svn checkout into $TMPDIR...\n";
   mkdir($TMPDIR, 0755);
   chdir($TMPDIR);
-  system "cvs -d $CVSROOT co -T $ports";
-  chdir($TMPDIR);
+  system "svn checkout --depth=immediates svn+ssh://svn.freebsd.org/ports/head/ ports" and die "SVN checkout failed (wait value $?), aborting";
+  chdir('ports');
+  system "svn update --set-depth=infinity $ports" and die "SVN checkout failed (wait value $?), aborting";
 }
 
 #
@@ -189,7 +262,7 @@ unless ($opt_n) {
 #
 {
     print "Updating Makefiles\n";
-    foreach my $p (keys(%DEPPORTS)) {
+    foreach my $p (sort keys(%DEPPORTS)) {
 	print "- Updating Makefile of $p\n";
     next if $opt_c;
 	bumpMakefile "$p";