<ChangeLog>
* Many 32 bit overflows were addressed in order to allow to use Redis with
a very significant amount of data, memory size permitting. (zhaozhao.zz,
Oran Agra)
* MEMORY USAGE fixed for the list type. (gnuhpc)
* Allow read-only scripts in Redis Cluster. (Salvatore Sanfilippo)
* Fix AOF pipes setup in edge case. (heqin)
* AUTH option for MIGRATE. (AlexStocks, Salvatore Sanfilippo, Fabio Nicotra)
* HyperLogLogs are no longer converted from sparse to dense in order
to be merged. (Salvatore Sanfilippo)
* Fix AOF rewrite dead loop under edge cases. (heqin)
* Fix processing of large bulk strings (>= 2GB). (Oran Agra)
* Added RM_UnlinkKey in modules API. (Dvir Volk)
* Fix Redis Cluster crashes when certain commands with a variable number
of arguments are called in an improper way. (Salvatore Sanfilippo)
* Fix memory leak in lazyfree engine. (zhaozhao.zz)
* Fix many potentially successful partial synchronizations that end
doing a full SYNC, because of a bug destroying the replication
backlog on the slave. So after a failover the slave was often not able
to PSYNC with masters, and a full SYNC was triggered. The bug only
happened after 1 hour of uptime so escaped the unit tests. (Oran Agra)
* Improve anti-affinity in master/slave allocation for Redis Cluster
when the cluster is created. (Salvatore Sanfilippo)
* Improve output buffer handling for slaves, by not limiting the amount
of writes a slave could receive. (Guy Benoish)
</ChangeLog>
LibreSSL imported X509_check_host from BoringSSL. Unlike OpenSSL,
it doesn't calculate the length of the hostname passed in case
chklen/namelen == 0. This means that the check in MariaDB always
fails if built against LibreSSL. This forces adminstrators to disable
hostname verification, which weakens security (hence the MFH request below).
Note that the fix has no negative implications if built against OpenSSL,
as its implementation calls strlen(hostname) in case namelen == 0.
See also https://github.com/MariaDB/server/pull/562
Approved by: ssl blanket
MFH: 2018Q1
You can now set memcached_user and memcached_group in rc.conf and get
expected results of running process and socket ownership.
MFH: 2018Q1
Differential Revision: https://reviews.freebsd.org/D13967
The patch was casting variables to right size on previous versions
Issue seems fixed by upstream it's not needed anymore.
It also fixes a warning/error for from Clang6 on the port build.
This update fixes bugs like CVE-2018-2696, CVE-2018-2562, CVE-2018-2640,
CVE-2018-2668, CVE-2017-3737 (and more) in MySQL protocol by upstream.
Delete local patches (CMake plugin macros) that are merged by upstream.
PR: 225195
Sponsored by: Netzkommune GmbH
While here:
- Add LICENSE_FILE.
- Remove GH_TUPLE because it's been used for the default distribution file.
- Strip pg_partman_bgw.so (Q/A warning).
- Switch to options helper (DOCS).
Changes: https://github.com/keithf4/pg_partman/blob/v3.1.1/CHANGELOG.txt
PR: 225041
Submitted by: Lacey Powers <lacey.leanne@gmail.com> (maintainer)
- While I'm here, do not silence installation message
Changes: https://github.com/okbob/pspg/releases
PR: 225132
Submitted by: Dmitri Goutnik <dg@syrec.org> (maintainer)
If SASL is detected at build time it assumes you want SASL and also
errors due to assuming we're Linux. This was already patched in our tree
for MySQL.
Also enable SASL support by default for the databases/percona57-client.
This is expected to be the default by upstream now.
Special thanks to mmokhi for figuring this out for us.
PR: 220865
MFH: 2018Q1
variables deprecation revision
WITHOUT_NLS 2013-12-13 r336337
WITH_/WITHOUT_ 2014-02-24 r345870
NOPORT(DOC|EXAMPLE)S 2014-04-19 r351587
WITH_BDB_VER 2016-05-02 r414444
OVERRIDE_LINUX_BASE_PORT 2016-09-05 r421387
WITH_OPENSSL_(BASE|PORT) 2016-06-16 r416965
While there, add an ERROR variable that works like DEV_ERROR, but for
user facing errors, and move NOPORTDOCS,
NOPORTEXAMPLES and WITHOUT_NLS to it.
Cleanup bsd.sanity.mk a bit.
Fix fallout.
PR: 224613
Submitted by: mat
Exp-run by: antoine
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D13490
This took quite a lot of time because Qt's own build system underwent
several changes in 5.8.0 that took a while to adapt to.
And, of course, qt5-webengine is a behemoth that we need to patch like crazy
due to its bundling of Chromium. In fact, most of the Chromium patches in
qt5-webengine have been imported with no changes from www/chromium@433510
("www/chromium: update to 56.0.2924.87").
New port: accessibility/qt5-speech
Bigger changes to Qt5 ports we had to make:
- Qt now allows using a configure.json file to define configuration options
and specify configuration checks that can be done when qmake is invoked.
However, configure.json checks done in a subdirectory only propagates to
subdirectories, and checks elsewhere will fail if all .pro files are being
parsed at once (i.e. qmake -recursive), so several ports had to switch to
USES=qmake:norecursive along with manual additional qmake invocations in
subdirectories in order to work. It's been mentioned in a few places such
as Qt's bug tracker that qmake's recursive mode is pretty much deprecated,
so we might switch to non-recursive mode by default in the future.
- Uses/qmake.mk: Introduce QMAKE_CONFIGURE_ARGS. qmake now accepts
arbitrary options such as '-foo' and '-no-bar' at the end of the
command-line. They can be specified in QMAKE_CONFIGURE_ARGS.
- graphics/qt5-wayland: The port can only be built if graphics/mesa-libs is
built with the WAYLAND option, so a corresponding option (off by default)
was added to the port.
- misc/qt5-doc: Switch to a pre-built documentation tarball. The existing
port was not working with Qt 5.9. Instead of trying to fix it, switch to
what Gentoo does and fetch a tarball that already contains all
documentation so that we do not have to build anything at all. The
tarball's name and location in download.qt.io look a bit weird, but it
seems to work fine.
- www/qt5-webengine: Use binutils from ports, Chromium's GN build system
generates a build.ninja that uses ar(1) with the @file syntax that is not
supported by BSD ar, so we need to use GNU ar from binutils.
- x11-toolkits/qt5-declarative-render2d: This port was merged into the main
Qt Declarative repository upstream, and into x11-toolkits/qt5-quick in the
ports tree.
Changes to other ports we had to make:
- biology/ugene: Drop a '#define point "."' that is not present in more
recent versions of the port. Defining a macro with such a common name
causes build issues with Qt 5.9, which uses |point| as an argument name in
methods.
- cad/qelectrotech: Fix plist with Qt 5.9. Directories are no longer
installed with `cp -f -R', but rather `qmake install qinstall', which does
not install
%%DATADIR%%/elements/10_electric/20_manufacturers_articles/bosch_rexroth/.directory
That's a local file that should not even have been part of the tarball
anyway.
- chinese/gcin-qt5: Add additional private Qt directories (which should not
be used in the first place) to get the port to build with Qt 5.9.
- devel/qtcreator: Fix plist with Qt 5.9. Something changed in qdoc and some
test classes no longer generate documentation files.
- security/keepassx-devel: Import a patch sent upstream almost a year ago to
fix the build with Qt 5.9.
Thanks to antoine for the exp-run, and tcberner and Laurent Cimon
<laurent@nuxi.ca> for landing changes in our qt-5.9 branch.
PR: 224849
This is the followup for the r457997 commit that updated devel/py-cffi to 1.11.2.
As it turned out, the shared object names built by py-cffi has changed in python 36.
Dependent ports can choose between installing such shared object as part of their plist, or
generating them in the runtime and placing them into ~/.cache/{port-name}/ The former ones,
that include the shared objects in their plist, got affected.
4 of the ports were failing explicitly in their py36 flavor during the strip phase.
The other 6 were either missing strip entirely, or performed the strip operation without
using explicit shared object names. These 6 ports didn't trigger any build errors, and were
failing silently during the runtime, making the problem very hard to detect.
Precisely, .abi3 suffix is now added for the py36 flavor of relevant ports.
Here are the 10 ports that got affected and are now corrected:
databases/py-psycopg2cffi devel/py-pygit2 devel/py-xattr devel/py-pyopencl devel/py-atomiclong
multimedia/py-librtmp net/py-nnpy security/py-bcrypt security/py-cryptography security/py-pynacl
All of them got the * in the stripped shared object name, and a PORTREVISION bump.
sql-common/client_authentication.cc:87:56: error: comparison between pointer and integer ('char *' and 'int')
mysql->options.extension->server_public_key_path != '\0')
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~
sql/sql_trigger.cc:195:5: error:
non-constant-expression cannot be narrowed from type 'int' to 'size_t' (aka 'unsigned long') in
initializer list [-Wc++11-narrowing]
static_cast<int>(my_offsetof(class Table_triggers_list, definitions_list)),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reported by: antoine (via bug 224669)
This simplifies the Makefile somewhat -- it is only a cosmetic change.
While here, massage COMMENT to satisfy portlint.
PR: 224422
Reviewed by: jlaffaye (maintainer)
Approved by: rakuco (mentor)
Differential Revision: https://reviews.freebsd.org/D12957
- Consistently use DISTVERSION instead of PORTVERSION (the former is set, not the latter)
- Only depend on libunwind on x86 arch with FreeBSD >= 11 (fixes ignored build on arm/ppc)
- Fix python dependency with depreciation of python meta ports
- Remove PYPY_BITS from pkg-plist target, no longer used
- Remove setting of PORTVERSION, DISTVERSION is set in bsd.pypy.mk
- bsd.pypy.mk:
- Define DISTVERSION once, to ensure consistency
- PYPY_DIR: Handle versions with multiple digits
- PYPY_CFFI_VER now differs in value between pypy and pypy3
- bsd.pypy.cffi.mk:
- Add FLAVORS for pypy and pypy3 [1]
- Consistently use PYTHON_IMPL instead of the hard coded "pypy"
- PLIST_FILES: use direct substitution instead of PLIST_SUB
Approved by: portmgr (mat) [1]
Differential Revision: https://reviews.freebsd.org/D13675
After r457876 and r457886, net-im/mastodon failed to start because of an
issue with both versions 3 and 4 of the redis gems being pulled in.
/usr/local/lib/ruby/gems/2.4/gems/bundler-1.16.1/lib/bundler/runtime.rb:313:in
`check_for_activated_spec!': You have already activated redis 4.0.1, but
your Gemfile requires redis 3.3.5.
Upstream no longer ships the contents of misc/py-qt5-doc, so the port has been
removed.
This is also a requirement for updating the Qt5 ports, as the PyQt5 version
currently in the tree has license conflicts with later Qt versions.
Big thanks to tcberner for doing most of the work here, and antoine for the
exp-run.
PR: 224739
- Increased NETMNG_QUEUE_DELAY to 1000000 ( 1 ms ) to minimize CPU load
- Introduced QUEUEDELAY ( in usec ) config parameter to adjust queue
delay in database xml file. This allows to throttle down database
response time for incoming connection requests and minimize CPU
load
- Added dbcheck/check072.sql. This implements the calculation of
fibonacci numbers using stored procedures as a demonstration for
massive recursive procedure calls
- Optimization for procedure load in CegoFunction::evalFieldValue
( case USERDEFINED ), procedure is just loaded as a dedicated
instance ( via loadProcedure method ), if pMasterBlock is set. This
avoids ( expensive ) dedicated load, if the procedure is still not
in use by the corresponding thread. So just for recursive procedure
calls, the dedicated load happens.
Submitted by: Bjoern Lemke <lemke@lemke-it.com>
However, the builds still fail, but much farther along in the process.
So, this fix is necessary, but insufficient.
TODO: confirm the exact way rocksdb-lite fails on armv7 (I haven't run
that combination yet).
Approved by: portmgr (tier-2 blanket)
This includes a fix for a critical XSRF/CSRF security bug.
ChangeLog: https://www.phpmyadmin.net/files/4.7.7/
MFH: 2017Q4
Security: 63eb2b11-e802-11e7-a58c-6805ca0b3d42
databases/cego: update 2.38.12 -> 2.38.14
lfcbase:
- Stability patch for strptime implementation ( MinGW only )
cego:
- Fixed memory lead in CegoDistManager destructor ( _pPA was not deleted )
- Further optimization done in CegoBTreeCursor, introduced methods
traceLow and inRange to treat btree comparison in a more efficient way
- Fix in CegoAttrCond::getIndexCond, like and no like comparisons
must be filtered out for new btree cursor tracing logic
Submitted by: Bjoern Lemke <lemke@lemke-it.com>
As specified in the committers manual Section 19.4*, when
adding a port related to another, we should do a repo copy
instead of add new files.
PR: 222703
