This release fixes CVE-2017-13098 ("ROBOT"), a Bleichenbacher oracle in TLS
when RSA key exchange is negotiated. This potentially affected BCJSSE servers
and any other TLS servers configured to use JCE for the underlying crypto -
note the two TLS implementations using the BC lightweight APIs
are not affected by this.
Some of additional fixes, features and functionality:
* GOST3410-94 private keys encoded using ASN.1 INTEGER are now accepted
in private key info objects; GOST3412-2015 has been added
to the JCE provider and the lightweight API.
* SCRYPT is now supported as a SecretKeyFactory in the provider and
in the PKCS8 APIs.
* The BCJSSE provider now supports Server Name Indication,
session resumption in clients, the jdk.tls.namedGroups and
org.bouncycastle.jsse.ec.disableChar2 system properties.
* ECGOST-2012 public keys were being encoded with the wrong OID
for the digest parameter in the algorithm parameter set. This has been fixed.
* The BCJSSE SSLEngine implementation now correctly wraps/unwraps
application data only in whole records.
Further details on other additions and bug fixes can be found in the
release notes at:
https://www.bouncycastle.org/releasenotes.html
Security: CVE-2017-13098
2017-11-30 www/p5-Yahoo-Lifestyle: This service has been shut down
2017-11-30 games/linux-rtcw: Use the native and open source games/iortcw instead
2017-11-30 java/bootstrap-openjdk: superseded by java/bootstrap-openjdk[68]
2017-11-30 lang/gcc46: Unsupported by upstream. Use GCC 6 or newer instead.
Excerpted from the original submission:
"FreeBSD on several architectures automatically utilizes superpages. So,
for the JVM's JIT-compiled code cache and data heap, much of those regions
are already using superpages. However, the -XX:+UseLargePages option still
serves a useful, if secondary, purpose on FreeBSD. Essentially, it informs
the JVM's platform-independent layer what the supported page sizes are. So,
when memory is mmap(2)ed and munmap(2)ed within the code cache and data
heap, the addresses and sizes will be superpage-aligned and a multiple of
the superpage size, respectively. Currently, without this patch, the code
cache, for example, typically starts at an unaligned address, so the initial
portion of the code cache can never be a superpage. Similarly, unaligned
munmap(2)s on the data heap force the kernel to demote superpages to 4KB
pages, and this patch eliminates those demotions.
This patch both introduces the code needed on FreeBSD to implement
-XX:+UseLargePages and deletes code that was copied from Linux that is, to
the best of my knowledge, useless on any version of BSD, i.e., UseHugeTLBFS
and UseSHM. The additions are in part based on the Solaris version of
os_solaris.cpp, e.g., the sorting of the page sizes array."
Note I did minor style cleanup and regenerated the patches.
Submitted by: alc
armv7, mark them so.
This is part two of a multipart commit to bring armv7 ports to parity
with armv6.
Approved by: portmgr (tier-2 blanket)
Obtained from: lonesome.com -exp run
The utility to send commands to remote JVM via Dynamic Attach mechanism.
All-in-one jmap + jstack + jcmd + jinfo functionality in a single tiny program.
No installed JDK required, works with just JRE.
This is the lightweight native version of HotSpot Attach API
https://docs.oracle.com/javase/8/docs/jdk/api/attach/spec/
WWW: https://github.com/apangin/jattach
PR: 222660
Submitted by: Michael Zhilin <mizhka@gmail.com>
While I'm here, fix whitespace, and add APP_SHORTNAME to the console
output to make it clear who is doing what.
PR: 220513
Submitted by: soumar@linux.fjfi.cvut.cz
Approved by: maintainer timeout
. Fix ONLY_FOR_ARCHS to not include i386 [1]
. Rework versioning now the update format has been revealed
PR: 222540 [1]
Submitted by: Michael Osipov [1]
. Fix ONLY_FOR_ARCHS to not include i386 [1]
. Rework versioning now the update format has been revealed
. Add missing symlink to the packing list
PR: 222540 [1]
Submitted by: Michael Osipov [1]
JavaFX Scene Builder provides a visual layout environment that lets
you quickly design user interfaces for JavaFX applications without
needing to write any code.
It allows simple drag-and-drop positioning of GUI components onto a
JavaFX scene. As you build the layout of your UI, the FXML code for
the layout is automatically generated. It provides a simple yet
intuitive interface that can help even non-programmers to quickly
prototype interactive applications that connect GUI components to the
application logic.
WWW: http://openjdk.java.net/projects/openjfx/
- Move to the regular OpenJFX 8 repository [1], add all *BSD specific
patches to the port, and stop using the repository at [2]. This
should make port contributions and updates a lot easier going forward.
- Bump PORTEPOCH and start using version numbers based on the tags from [1]
- Prepare the port for supporting multiple audio backend options
- Fix PREFIX/LOCALBASE confusion and get all Java dependencies from LOCALBASE
and not from PREFIX
- Respect CC and CXX during the WebKit build. Clang in FreeBSD 10.3
segfaults while building it now, so make sure we use Clang from
devel/llvm40 via compiler:c++14-lang instead.
[1] http://hg.openjdk.java.net/openjfx/8u/rt/
[2] https://bitbucket.org/tobik/openjfx-rt
This is a repo-copy of jakarta-commons-lang, updated to revision 3.4.
It can co-exist with jakarta-commons-lang. The newest version upstream
is actually 3.6, but support for using apache-ant to build was dropped
between 3.4 and 3.5. Apache OpenOffice 4.2.0 will require 3.3+.
Add NO_ARCH.
Modernize by using option helpers.
Get rid of the JDK_API!= stuff, which looks like it no longer did
anything useful.
modules/web/src/main/native/Source/JavaScriptCore/API/JSStringRef.cpp:40:13: error: no matching function for call to 'create'
return &OpaqueJSString::create(chars, numChars).leakRef();
^~~~~~~~~~~~~~~~~~~~~~
modules/web/src/main/native/Source/JavaScriptCore/API/OpaqueJSString.h:48:32: note: candidate function not viable: no known conversion from 'const JSChar *' (aka 'const unsigned short *') to 'const LChar *' (aka 'const unsigned char *') for 1st argument
static Ref<OpaqueJSString> create(const LChar* characters, unsigned length)
^
modules/web/src/main/native/Source/JavaScriptCore/API/OpaqueJSString.h:53:32: note: candidate function not viable: no known conversion from 'const JSChar *' (aka 'const unsigned short *') to 'const UChar *' (aka 'const char16_t *') for 1st argument
static Ref<OpaqueJSString> create(const UChar* characters, unsigned length)
^
modules/web/src/main/native/Source/JavaScriptCore/API/OpaqueJSString.h:43:32: note: candidate function not viable: requires 0 arguments, but 2 were provided
static Ref<OpaqueJSString> create()
^
modules/web/src/main/native/Source/JavaScriptCore/API/OpaqueJSString.h:58:53: note: candidate function not viable: requires 1 argument, but 2 were provided
JS_EXPORT_PRIVATE static RefPtr<OpaqueJSString> create(const String&);
^
modules/web/src/main/native/Source/JavaScriptCore/API/JSStringRef.cpp:65:35: error: no matching function for call to 'createWithoutCopying'
return OpaqueJSString::create(StringImpl::createWithoutCopying(chars, numChars)).leakRef();
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
modules/web/src/main/native/Source/WTF/wtf/text/StringImpl.h:385:50: note: candidate function not viable: no known conversion from 'const JSChar *' (aka 'const unsigned short *') to 'const UChar *' (aka 'const char16_t *') for 1st argument
WTF_EXPORT_STRING_API static Ref<StringImpl> createWithoutCopying(const UChar* characters, unsigned length);
^
modules/web/src/main/native/Source/WTF/wtf/text/StringImpl.h:386:50: note: candidate function not viable: no known conversion from 'const JSChar *' (aka 'const unsigned short *') to 'const LChar *' (aka 'const unsigned char *') for 1st argument
WTF_EXPORT_STRING_API static Ref<StringImpl> createWithoutCopying(const LChar* characters, unsigned length);
^
modules/web/src/main/native/Source/JavaScriptCore/API/JSStringRef.cpp:90:12: error: cannot initialize return object of type 'const JSChar *' (aka 'const unsigned short *') with an rvalue of type 'const UChar *' (aka 'const char16_t *')
return string->characters();
^~~~~~~~~~~~~~~~~~~~
modules/web/src/main/native/Source/WTF/wtf/unicode/java/UnicodeJava.h:21:18: error: typedef redefinition with different types ('uint16_t' (aka 'unsigned short') vs 'char16_t')
typedef uint16_t UChar;
^
/usr/local/include/unicode/umachine.h:347:22: note: previous definition is here
typedef char16_t UChar;
PR: 218788, 222270
Submitted by: jbeich
Reviewed by: jbeich
Obtained from: WebKit (rebased)
(via Mk/bsd.default-versions.mk and lang/gcc) which has moved from
GCC 5.4 to GCC 6.4 under most circumstances.
This includes ports
- with USE_GCC=yes or USE_GCC=any,
- with USES=fortran,
- using Mk/bsd.octave.mk which in turn features USES=fortran, and
- with USES=compiler specifying openmp, nestedfct, c++11-lib, c++11-lang,
c++14-lang, c++0x, c11, or gcc-c++11-lib.
PR: 219275
This will prevent build problems when there is an older Gradle version
installed in the build environment. Using older Gradle versions is
not supported and leads to hard to decode build failures.
- Enable OpenGL Prism backend by default on FreeBSD too
- Add missing platform check. FreeBSD is "a form of Linux or Solaris" too.
Submitted by: Gareth Wyn Roberts <g.w.roberts@glyndwr.ac.uk> (via mail)
The main focus in this release is on features. Considerable work has
been done on improving the TLS/DTLS API and the BCJSSE. Support for
ECGOST3410-2012 has been added for both signing and key
agreement/exchange. The DSTU-7564 digest and DSTU-7624 (Kalyna) cipher
have also been added. Support for XMSS and XMSS^MT has been added to the
BCPQC provider and certificate support for the BCPQC algorithms is much
improved.
Further details on other additions and bug fixes can be found in the
release notes at:
https://www.bouncycastle.org/releasenotes.html
- Add new default options MEDIA and WEBKIT to enable building of the
media and web modules
- Take back maintainership
Running e.g. AsciidocFX on FreeBSD should be possible now.
PR: 218014
Reported by: Dr. Jochen Raßler <jochen.rassler@gmail.com>, mr (via mail)
Currently Pango functions are hidden behind __linux__ and not compiled
in as part of the build. Not all JavaFX applications are affected by
this, but applications that do advanced text layout that require Pango
internally cause an UnsatisfiedLinkError at runtime.
Caused by: java.lang.UnsatisfiedLinkError: com.sun.javafx.font.freetype.OSPango.pango_ft2_font_map_new()J
at com.sun.javafx.font.freetype.OSPango.pango_ft2_font_map_new(Native Method)
at com.sun.javafx.font.freetype.PangoGlyphLayout.layout(PangoGlyphLayout.java:88)
at com.sun.javafx.text.PrismTextLayout.shape(PrismTextLayout.java:834)
at com.sun.javafx.text.PrismTextLayout.layout(PrismTextLayout.java:1064)
at com.sun.javafx.text.PrismTextLayout.ensureLayout(PrismTextLayout.java:223)
...
PR: 220566
Submitted by: Stefan Ehmann <shoesoft@gmx.net>
Approved by: mat (mentor)
Differential Revision: https://reviews.freebsd.org/D11545
MFH: 2017Q3
remove fork="true" in javac and fork="yes" in junit tasks (ant/bc+-build.xml)
Original report:
If java/bouncycastle15 is build on armv6 with openjdk18, the build stops with
This command is not for general use and should only be run as the result of a call to ProcessBuilder.start() or Runtime.exec() in a java application
PR: 220612
Submitted by: Gerrit Beine <mail+freebsd@gerritbeine.de> (based on)
Approved by: az (mentor)
support and build the JDK without an ALSA dependency
PR: 219125
Reviewed by: jbeich
Approved by: mat (mentor), java (maintainer timeout, 6+ weeks)
Differential Revision: https://reviews.freebsd.org/D11331
If NO_ARCH is set then check that no FreeBSD elf(5) files are in $STAGEDIR.
If an elf(5) file is bundles as part of the package, but is not meant to be
run directly (i.e. the elf(5) file is a payload, and not compiled) then
those files can be added to NO_ARCH_IGNORE to avoid the check from failing,
Changes to ports:
- Ports that have NO_ARCH set, but actually compile files have had NO_ARCH
removed.
- Ports that have elf(5) payloads have had those files added to
NO_ARCH_IGNORE.
- R-cran ports that do not set USES=cran:compiles have NO_ARCH set,
PR: 218976
Reviewed by: antoine, mat
Approved by: portmgr
There are two cases:
- The upstream versionning is compatible with our versionning, or using
DISTVERSION's magic leads to a compatible PORTVERSION, use
DISTVERSION. If it is possible to use DISTVERSIONPREFIX and
DISTVERSIONSUFFIX to make it compatible, use them.
- The upstream versionning is not compatible with our versionning, and
DISTVERSION's magic does not lead to a correct PORTVERSION, then set
PORTVERSION to the equivalent of our versionning, and set DISTNAME.
It is possible to use a third variable where you store upstream's
version and use it to compute PORTVERSION and/or DISTNAME, like the
dns/bind9* ports do.
Sponsored by: Absolight
A port of the lightweight-java-profiler (ljp). ljp acts as a bare-bones agentlib to produce profiling stacks that can be digested, e.g., by Brendan Gregg's flamegraph scripts.
Reviewed by: mat, swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D10194
lang/gcc which have moved from GCC 4.9.4 to GCC 5.4 (at least under some
circumstances such as versions of FreeBSD or platforms).
This includes ports
- with USE_GCC=yes or USE_GCC=any,
- with USES=fortran,
- using using Mk/bsd.octave.mk which in turn has USES=fortran, and
- with USES=compiler specifying openmp, nestedfct, c++11-lib, c++14-lang,
c++11-lang, c++0x, c11, or gcc-c++11-lib.
PR: 216707
2017-02-28 textproc/rubygem-nokogiri14: Use textproc/rubygem-nokogiri instead
2017-02-28 textproc/rubygem-liquid2: Use textproc/rubygem-liquid instead
2017-02-28 www/rubygem-rack14: Use www/rubygem-rack or www/rubygem-rack16 instead
2017-02-28 www/rubygem-mechanize26: Use www/rubygem-mechanize instead
2017-02-28 www/rubygem-net-http-persistent25: Use www/rubygem-net-http-persistent2 instead
2017-02-28 devel/rubygem-builder32: Use devel/rubygem-builder instead
2017-02-28 www/rubygem-net-http-digest_auth11: Use www/rubygem-net-http-digest_auth instead
2017-02-28 devel/rubygem-bson1: Use devel/rubygem-bson instead
2017-02-28 devel/rubygem-minitest4: Use devel/rubygem-minitest instead
2017-02-28 java/jdk16-doc: Should have been removed with linux-sun-jdk16 (2014-05-11)
2017-02-28 java/jdk7-doc: Should have been removed with linux-sun-jdk17 (2016-04-24)
2017-02-28 textproc/rubygem-sass-rails4: Use textproc/rubygem-sass-rails5 instead
locale set by the user. Add LANG=C and LC_ALL=C at the beginning of
bsd.port.mk and export them so all commands are executed with the C locale.
LC_ALL=C overrides all other LC_* variables. LANG is used by setlocale(3)
as default value for LC_* variables, so normally it isn't used when LC_ALL
is set, but there's code out there that looks at LANG directly so it's safer
to set it as well. The only commands not captured by this are !=
assignments before any inclusion of bsd.port.*mk.
Introduce USE_LOCALE=<locale> that adds LANG=<locale> and LC_ALL=<locale> to
CONFIGURE_ENV and MAKE_ENV so upstream build systems can be executed with a
different locale (e.g. USE_LOCALE=en_US.UTF-8).
PR: 215882
Exp-run by: antoine
Approved by: portmgr (antoine)
RubyMine is a cross-platform IDE that supports Ruby, Ruby on Rails and web
development.
WWW: https://www.jetbrains.com/ruby/
PR: 214967
Submitted by: Stefan Wendler <stefan.wendler@tngtech.com>
Add a missing build dependency on junit to the Makefile, and fix the
path to Hamcrest in build.gradle. Also, reset MAINTAINER by request of
the current maintainer.
PR: 215677
Reviewed by: brd, Tobias Kortkamp
Approved by: brd (ports)
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D9005
. This also pulls in some OpenBSD tweaks, I believe. These should be a
no-op for FreeBSD though.
PR: 212709 (partial)
Submitted by: Curtis Hamilton <hamiltcl@verizon.net>
port changes:
- upstream updated list of its MASTER_SITES (bouncycastle.gva.es
is gone, downloads.bouncycastle.org changed to www.bouncycastle.org);
- pkg-descr updated to reflect current features;
- installation of zipped bundled sources made optional, enabled by
default to match previous behavior.
Some of new version changes:
- a new API for DTLS/TLS and a JSSE provider suitable for Java 5 and later;
- support for RFC 7539 ChaCha20 and Poly1305 has also been added
and general support for SHA-3 in the PKIX APIs has been improved;
Full details of the release:
PR: 215507
Changes: https://www.bouncycastle.org/releasenotes.html
Security: CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340,
CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343,
CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346,
CVE-2016-1000352
Submitted by: Eugene Grosbein <ports@grosbein.net> (maintainer)
