graphics/openexr*: Security update to v3.4.5 and i386 fix
"Patch release that fixes an incorrect size check in
istream_nonparallel_read that could lead to a buffer overflow on invalid
input data."
Also fix i386 self-tests by adding -msse2: i386 builds require SSE2, but
the upstream cmake stuff does not enable this, so use CFLAGS_i386.
To prevent people seeing SIGILL crashes down late at run-time,
check if the CPU is sse2-capable by querying the clang compiler from
the pre-install script (pkg-plist's @preexec). Suggested by diizzy@.
Other than that we could use the cpuid or the lscpu port instead, but
let's for now assume everything that wants to run OpenEXR also has a
working cc that is clang and has -march=native and gives us CPU details).
(GCC also gives us this but will use a different output format.)
While here, make failed tests verbose through ctest's environment so we
can see what's up from the build log already. (We need to go through
[6 lines not shown]
net/cloud-init-devel: Deprecate and set expiration date to 2026-03-31
Currently unmaintained and years behind net/cloud-init
Reference: https://reviews.freebsd.org/D48959
[libclc][CMake] Add COMPONENT ${ARG_PARENT_TARGET} to install (#182716)
Toolchain can specify the component to selectively install libclc to a
deploy folder. E.g. our downstream SYCL toolchain deploy:
https://github.com/intel/llvm/blob/e7b423fd517d/sycl/CMakeLists.txt#L531
Also check ARG_PARENT_TARGET is defined and non-empty.
Co-authored-by: Jinsong Ji <jinsong.ji at intel.com>
[Polly] Update isl to isl-0.27-82-g38cf72a4 (#182786)
Update isl to include
https://repo.or.cz/isl.git/commit/38cf72a41b708475fc22dc9fc62c7caae1ac29f6
which fixes #179993. This changes some string representations of ISL
objects in tests which are updated.
Fixes #179993
Thanks @skimo-openhub for the fix and @thapgua for the bugreport.
databases/sqlcipher: Fix consumers
Rename installed files from *sqlite3* back to *sqlcipher*.
Unbreak consumers:
- finance/kmymoney
- finance/skrooge
- net-im/gurk-rs
- net-im/qTox
- net-p2p/retroshare
- databases/py-sqlcipher3
While here improve port:
- Use USES=localbase instead of CFLAGS+=-I${LOCALBASE}/include and
LDFLAGS+=-L${LOCALBASE}/lib.
- Split long lines.
- Fix warnings from portclippy.
- Sort CONFIGURE_ARGS and CPPFLAGS.
PR: 292688
[2 lines not shown]
Reapply "[mlir][linalg] Make conv dim inference return pairing (outputImage, filterLoop)" (#182740)
The original method sorts all the dimensions which loses the information
about pairing. It makes other transformation that works on generic op
form harder. The revision ensures the pairing, so callers have more
useful information when they work on transformations.
The revision was reverted because of memory leak. The fix is using
OwningOpRef to wrap ModuleOp, so the nested operations are destroyed at
the end, which is similar to other MLIR unittests.
---------
Signed-off-by: hanhanW <hanhan0912 at gmail.com>
emulators/virtualbox-ose{,-70,-71,-72,-legacy}: Improve port (non-functional)
- Replace ${PREFIX}/share/applications with ${DESKTOPDIR}.
- Replace "*" with . in COPYTREE_SHARE.
emulators/virtualbox-ose*: Add support of "Unattended Installation of Guest OS" feature
Install files required by Unattended Installation of Guest OS feature.
These files were already prepared during the ports' build, so just add
them to the installation.
Details about this feature are here:
https://www.virtualbox.org/manual/topics/create-vm.html#tk_create-vm-unattended-install
Reported by: xin3qu via IRC (#freebsd-vbox @ Libera.Chat)
vmd(8): convert virtio scsi device to a subprocess.
Break the virtio scsi device (used as a cd-rom drive) into a
subprocess like the virtio block and network devices. This leaves
only the entropy device (viornd) and vmmci device running in-process
with the vcpus.
ok mlarkin@
Reset the PNVM segment count back to zero after we free the segments.
Prevents us from calling bus_dmamap_sync(9) on random DMA map pointers
when reloading the firmware.
ok stsp@
Revert "[InstCombine] Allow freezing multiple operands (#154336)" (#182769)
This reverts commit f8f6965ceece9e330ddb66db5f402ecfb5e3ad34.
This is causing infinte loops interacting with other transforms. See
discussion on #182647 .
net/asterisk22: Update 20.18.1 => 20.18.2
Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
ast_debug_tools.conf from /etc/asterisk; potentially leading to
privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
page echos user supplied values(cookie and query string) without
sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
file to world writeable folder; leading to potential privilege
escalation.
Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-20.18.2.html
PR: 293361
[8 lines not shown]
net/asterisk22: Update 22.8.1 => 22.8.2
Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
ast_debug_tools.conf from /etc/asterisk; potentially leading to
privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
page echos user supplied values(cookie and query string) without
sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
file to world writeable folder; leading to potential privilege
escalation.
Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-22.8.2.html
PR: 293361
[8 lines not shown]
If we have a non-zero hint and none of the address selectors managed to
return a valid address, set the hint to zero and retry. This fixes
mmap(2) with a hint (and without MAP_FIXED) when the hint falls outside
of the userland address space range.
ok deraadt@