Pullup ticket #6326 - requested by he

lang/libLLVM: PowerPC build fix

Revisions pulled up:
- lang/libLLVM/hacks.mk                                         1.1

---
   Module Name:	pkgsrc
   Committed By:	he
   Date:		Tue Sep 15 16:16:29 UTC 2020

   Added Files:
   	pkgsrc/lang/libLLVM: hacks.mk

   Log Message:
   On powerpc, use -mlongcall so that we don't get 24-bit relocation overflow.

bootstrap/README.FreeBSD

@@ -1,4 +1,4 @@
-$NetBSD: README.FreeBSD,v 1.8 2017/02/09 00:20:59 sevan Exp $
+$NetBSD: README.FreeBSD,v 1.8.26.1 2020/07/03 10:31:27 bsiegert Exp $
 
 Please read the general README file as well.
 
@@ -25,3 +25,5 @@ a version of GCC installed from ports, clang from ports is untested.
 bootstrap-pkgsrc has been tested on FreeBSD 4.x and 5.x (i386).
 pkgsrc works well on FreeBSD 6.2-6.4, 7.1-7.3 (i386), 9.0-9.1, 10.1-10.3,
 11-12-CURRENT (amd64).
+
+bootstrap is currently broken on FreeBSD, see pkg/55398, pkg/55400.

converters/wkhtmltopdf/hacks.mk

@@ -0,0 +1,15 @@
+# $NetBSD: hacks.mk,v 1.1.2.2 2020/09/18 18:20:07 bsiegert Exp $
+
+.if !defined(WKHTMLTOPDF_HACKS_MK)
+WKHTMLTOPDF_HACKS_MK=    defined
+
+# [Mon Sep  7 21:12:45 CEST 2020 : he]
+# On NetBSD/powerpc, we get relocation truncated to fit: R_PPC_PLTREL24
+# with default build options.
+.if !empty(MACHINE_ARCH:Mpowerpc*) 
+CFLAGS+=	-mlongcall
+CXXFLAGS+=	-mlongcall
+PKG_HACKS+=	powerpc-longcall
+.endif 
+
+.endif  # WKHTMLTOPDF_HACKS_MK

databases/ldb/Makefile

@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.16 2020/05/19 16:51:43 adam Exp $
+# $NetBSD: Makefile,v 1.16.2.1 2020/07/29 19:40:51 bsiegert Exp $
 
 # Before updating, make sure net/samba4 supports the newer version.
-DISTNAME=	ldb-2.1.3
+DISTNAME=	ldb-2.1.4
 CATEGORIES=	databases
 MASTER_SITES=	http://www.samba.org/ftp/ldb/
 

databases/ldb/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.8 2020/05/19 16:51:43 adam Exp $
+$NetBSD: distinfo,v 1.8.2.1 2020/07/29 19:40:51 bsiegert Exp $
 
-SHA1 (ldb-2.1.3.tar.gz) = 06d1c8457e56b2df26cec16253a62acc789aa6fb
-RMD160 (ldb-2.1.3.tar.gz) = f12fb150ca2f07c255edcd3fc40d0937b51b69b5
-SHA512 (ldb-2.1.3.tar.gz) = 3f5adf5ed6c98cefce56ba47c986c5d59619731def8fa66440957aba1483de19bcfdc4ec5498d34db70753312b1ad47b864020269df924d3d431c8d4d223af10
-Size (ldb-2.1.3.tar.gz) = 1673208 bytes
+SHA1 (ldb-2.1.4.tar.gz) = 506bbbfb06227d963b1c65d63360b5eb9da80d9f
+RMD160 (ldb-2.1.4.tar.gz) = fbc6723e5949569fcd30ebbd4401104eb970b9fe
+SHA512 (ldb-2.1.4.tar.gz) = 7e0eecccc973881dde2390568dc71a2ffe7c7ed894daaa9cadf80c221e1b969fd9a8729f3c48a0f611a64b2941c295a2bc7bd8ba869881ba14f75b8bf331167e
+Size (ldb-2.1.4.tar.gz) = 1673335 bytes
 SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = 813c639e404e3b301444decae318c702c87f0cc1
 SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d
 SHA1 (patch-buildtools_wafsamba_samba__utils.py) = 0a587421870c1974175fadbb02dde215f35938f2

databases/redis/Makefile

@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.54 2020/06/11 11:22:14 adam Exp $
+# $NetBSD: Makefile,v 1.54.2.1 2020/08/14 17:05:33 bsiegert Exp $
 
 DISTNAME=	redis-6.0.5
+PKGREVISION=	1
 CATEGORIES=	databases
 MASTER_SITES=	http://download.redis.io/releases/
 
@@ -24,6 +25,7 @@ DOCFILES+=		00-RELEASENOTES BUGS COPYING README.md
 EGDIR=			${PREFIX}/share/examples/${PKGBASE}
 INSTALLATION_DIRS+=	bin ${DOCDIR} ${EGDIR} ${EGDIR}/utils ${EGDIR}/tests
 CONF_FILES=		${EGDIR}/redis.conf.example ${PKG_SYSCONFDIR}/redis.conf
+CONF_FILES_MODE=	0640
 
 BUILD_DEFS+=		VARBASE REDIS_USER REDIS_GROUP REDIS_DATADIR
 BUILD_DEFS+=		REDIS_LOGDIR REDIS_PIDDIR

devel/libFoundation/patches/patch-aa

@@ -1,13 +1,13 @@
-$NetBSD: patch-aa,v 1.1.1.1 2009/04/18 02:27:21 rh Exp $
+$NetBSD: patch-aa,v 1.1 2009/04/18 02:19:23 rh Exp $
 
---- GNUmakefile.orig	2009-04-18 11:56:31.000000000 +1000
+--- GNUmakefile.orig	2009-04-18 10:49:03.000000000 +1000
 +++ GNUmakefile
 @@ -38,7 +38,7 @@ GNUSTEP_INSTALLATION_DOMAIN = SYSTEM
  include $(GNUSTEP_MAKEFILES)/common.make
  include ./Version
  
 -SUBPROJECTS = Foundation Resources examples
-+SUBPROJECTS = examples
++SUBPROJECTS = Foundation Resources
  
  include $(GNUSTEP_MAKEFILES)/aggregate.make
  

devel/protobuf/hacks.mk

@@ -0,0 +1,14 @@
+# $NetBSD: hacks.mk,v 1.1.2.2 2020/09/18 18:20:57 bsiegert Exp $
+
+.if !defined(PROTOBUF_HACKS_MK)
+PROTOBUF_HACKS_MK=	defined
+
+# [ Tue Sep  8 08:38:08 CEST 2020 : he ]
+# Bring -latomic into scope; build insists on it being available
+# on this platform (probably due to no native 8-byte atomics).
+.if !empty(MACHINE_ARCH:Mpowerpc*)
+.include "../../devel/libatomic/buildlink3.mk"
+PKG_HACKS+=	powerpc-libatomic
+.endif
+
+.endif	# PROTOBUF_HACKS_MK

doc/CHANGES-pkgsrc-2020Q2

@@ -0,0 +1,156 @@
+$NetBSD: CHANGES-pkgsrc-2020Q2,v 1.1.2.13 2020/08/28 19:07:55 bsiegert Exp $
+
+Changes to packages and infrastructure on the pkgsrc-2020Q2 branch:
+
+Pullup ticket #6255 - requested by gdt
+x11/qt5-qscintilla, x11/py-qt5-qscintilla: build fix
+
+Pullup ticket #6258 - requested by sevan
+bootstrap: FreeBSD documentation update
+
+Pullup ticket #6260 - requested by wiz
+security/tor-browser: security fix
+
+Pullup ticket #6261 - requested by wiz
+security/tor-browser-noscript: security fix
+
+Pullup ticket #6262 - requested by he
+lang/llvm: powerpc build fix
+
+Pullup ticket #6263 - requested by maya
+mk: NetBSD 7 build fix
+
+Pullup ticket #6265 - requested by nia
+shells/fish: build fix
+
+Pullup ticket #6266 - requested by nia
+www/firefox68: security fix
+
+Pullup ticket #6267 - requested by nia
+www/firefox68-l10n: dependent update
+
+Pullup ticket #6270 - requested by leot
+graphics/cairo: fix crashes
+
+Pullup ticket #6271 - requested by leot
+www/webkit-gtk: security fix
+
+Pullup ticket #6278 - requested by bsiegert
+lang/go113: security update
+
+Pullup ticket #6279 - requested by bsiegert
+lang/go114: security update
+
+Pullup ticket #6274 - requested by taca
+mail/roundcube: security fix
+
+Pullup ticket #6275 - requested by taca
+databases/ldb: dependent update
+
+Pullup ticket #6276 - requested by taca
+net/samba4: security fix
+
+Pullup ticket #6284 - requested by wiz
+security/tor-browser-noscript: security fix
+
+Pullup ticket #6285 - requested by wiz
+security/tor-browser: security fix
+
+Pullup ticket #6286 - requested by leot
+www/webkit-gtk: security fix (WSA-2020-0007)
+
+Pullup ticket #6287 - requested by nia
+www/firefox68: security fix
+
+Pullup ticket #6288 - requested by nia
+www/firefox68-l10n: dependent update
+
+Pullup ticket #6282 - requested by oster
+mail/opendmarc: bugfix
+
+Pullup ticket #6283 - requested by leot
+net/youtube-dl: update
+
+Pullup ticket #6290 - requested by maya
+x11/libX11: security fix
+
+Pullup ticket #6291 - requested by maya
+x11/modular-xorg-server: security fix
+
+Pullup ticket #6272 - requested by wiz
+net/transmission-gtk: security update
+net/transmission-qt: security update
+net/transmission: security update
+
+Pullup ticket #6292 - requested by wiz
+multimedia/mediainfo: security fix
+
+Pullup ticket #6293 - requested by wiz
+databases/redis: security fix
+
+Pullup ticket #6294 - requested by wiz
+textproc/hunspell: security fix
+
+Pullup ticket #6295 - requested by maya
+x11/libX11: bugfix
+
+Pullup ticket #6296 - requested by maya
+lang/nodejs: aarch64 bugfix, PR port-arm/55533
+
+Pullup ticket #6297 - requested by taca
+security/clamav: security fix
+
+Pullup ticket #6298 - requested by taca
+lang/php73: security fix
+
+Pullup ticket #6299 - requested by taca
+lang/php74: security fix
+
+Pullup ticket #6300 - requested by taca
+lang/php72: security fix
+
+Pullup ticket #6301 - requested by taca
+www/apache24: security fix
+
+Pullup ticket #6302 - requested by taca
+mail/roundcube: security fix
+
+Pullup ticket #6303 - requested by taca
+mail/dovecot2: security fix
+
+Pullup ticket #6304 - requested by taca
+mail/dovecot2-pigeonhole: dependent update
+
+Pullup ticket #6305 - requested by bouyer
+graphics/xfig: build fix
+
+Pullup ticket #6306 - requested by bouyer
+misc/xygrib: build fix
+
+Pullup ticket #6307 - requested by bouyer
+sysutils/xenkernel413: security fix
+
+Pullup ticket #6308 - requested by bouyer
+sysutils/xenkernel411: security fix
+
+Pullup ticket #6309 - requested by ryoon
+www/php-nextcloud: security fix
+
+Pullup ticket #6310 - requested by he
+lang/mozjs60: PowerPC build fix
+
+Pullup ticket #6311 - requested by taca
+net/bind911: security fix
+
+Pullup ticket #6316 - requested by hannken
+net/chrony: security fix
+
+Pullup ticket #6313 - requested by wiz
+security/tor-browser: security fix
+
+Pullup ticket #6314 - requested by wiz
+security/tor-browser-https-everywhere: dependent update
+
+Pullup ticket #6315 - requested by wiz
+security/tor-browser-noscript: dependent update
+

geography/gpsd/Makefile

@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.48 2020/03/10 22:10:01 wiz Exp $
+# $NetBSD: Makefile,v 1.48.4.2 2020/08/18 17:48:01 gdt Exp $
 
 DISTNAME=	gpsd-3.20
 PKGREVISION=	2

graphics/cairo/Makefile

@@ -1,7 +1,9 @@
-# $NetBSD: Makefile,v 1.145 2019/08/28 22:08:12 wiz Exp $
+# $NetBSD: Makefile,v 1.145.8.1 2020/07/11 09:07:03 bsiegert Exp $
 
 .include "../../graphics/cairo/Makefile.common"
 
+PKGREVISION=	1
+
 TEST_TARGET=			check
 
 .include "options.mk"

graphics/cairo/distinfo

@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.88 2018/11/14 17:14:52 kleink Exp $
+$NetBSD: distinfo,v 1.88.14.1 2020/07/11 09:07:03 bsiegert Exp $
 
 SHA1 (cairo-1.16.0.tar.xz) = 00e81842ae5e81bb0343108884eb5205be0eac14
 RMD160 (cairo-1.16.0.tar.xz) = cfd2ef6ec55b267e04600f6b1e36bb07f2566b35
@@ -8,3 +8,4 @@ SHA1 (patch-aa) = b01bc60f77a7122b0c0d0d9b25ad512bac7c190c
 SHA1 (patch-ab) = 11f7e0e59bd5c51a8fdacb48dcf2f2fefdf3b768
 SHA1 (patch-ac) = 1785bbef6bcab4781bf89e1b986a7eb96e5f2b64
 SHA1 (patch-ad) = a1068a37113b162ccfe14d7f1bd0baa9df7e5530
+SHA1 (patch-src_cairo-ft-font.c) = 97288d79380473869f1049c1d8955a2f6fa3d178

graphics/cairo/patches/patch-src_cairo-ft-font.c

@@ -0,0 +1,34 @@
+$NetBSD: patch-src_cairo-ft-font.c,v 1.1.2.2 2020/07/11 09:07:03 bsiegert Exp $
+
+Use FT_Done_MM_Var instead of free when available.
+
+Fixes possible crashes and memory leaks.
+
+Backport from upstream commits 90e85c24, a68c1968.
+
+--- src/cairo-ft-font.c.orig	2020-07-09 14:26:11.503421448 +0000
++++ src/cairo-ft-font.c
+@@ -459,6 +459,11 @@ _cairo_ft_unscaled_font_init (cairo_ft_u
+ 		unscaled->variations = calloc (ft_mm_var->num_axis, sizeof (FT_Fixed));
+ 		if (unscaled->variations)
+ 		    FT_Get_Var_Design_Coordinates (face, ft_mm_var->num_axis, unscaled->variations);
++#if HAVE_FT_DONE_MM_VAR
++		FT_Done_MM_Var (face->glyph->library, ft_mm_var);
++#else
++		free (ft_mm_var);
++#endif
+ 	    }
+ 	}
+ #endif
+@@ -2393,7 +2398,11 @@ skip:
+ done:
+         free (coords);
+         free (current_coords);
++#if HAVE_FT_DONE_MM_VAR
++        FT_Done_MM_Var (face->glyph->library, ft_mm_var);
++#else
+         free (ft_mm_var);
++#endif
+     }
+ }
+ 

graphics/xfig/Makefile

@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.78 2020/05/30 18:11:22 he Exp $
+# $NetBSD: Makefile,v 1.78.2.1 2020/08/24 19:11:37 bsiegert Exp $
 
 DISTNAME=	xfig-3.2.7b
 CATEGORIES=	graphics
@@ -12,6 +12,7 @@ COMMENT=	CAD-like 2D drawing tool, good for colorful scale drawings & ISOs
 LICENSE=	mit
 
 DEPENDS+=	fig2dev-[0-9]*:../../print/fig2dev
+TOOL_DEPENDS+=	netpbm-[0-9]*:../../graphics/netpbm
 
 XAW_TYPE?=		3d
 

lang/go/version.mk

@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.92 2020/06/17 09:37:25 bsiegert Exp $
+# $NetBSD: version.mk,v 1.92.2.2 2020/07/20 14:59:01 spz Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,8 +6,8 @@
 #
 .include "go-vars.mk"
 
-GO114_VERSION=	1.14.4
-GO113_VERSION=	1.13.11
+GO114_VERSION=	1.14.6
+GO113_VERSION=	1.13.14
 GO110_VERSION=	1.10.8
 GO19_VERSION=	1.9.7
 GO14_VERSION=	1.4.3

lang/go113/PLIST

@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.3 2020/04/12 11:09:03 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.3.2.1 2020/07/20 14:52:20 spz Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go113/AUTHORS
@@ -1936,6 +1936,7 @@ go113/src/cmd/go/testdata/script/README
 go113/src/cmd/go/testdata/script/bug.txt
 go113/src/cmd/go/testdata/script/build_GOTMPDIR.txt
 go113/src/cmd/go/testdata/script/build_acl_windows.txt
+go113/src/cmd/go/testdata/script/build_cache_arch_mode.txt
 go113/src/cmd/go/testdata/script/build_cache_compile.txt
 go113/src/cmd/go/testdata/script/build_cache_gomips.txt
 go113/src/cmd/go/testdata/script/build_cache_link.txt
@@ -8436,6 +8437,8 @@ go113/test/fixedbugs/issue3552.go
 go113/test/fixedbugs/issue3705.go
 go113/test/fixedbugs/issue3783.go
 go113/test/fixedbugs/issue3925.go
+go113/test/fixedbugs/issue39459.go
+go113/test/fixedbugs/issue39541.go
 go113/test/fixedbugs/issue4066.go
 go113/test/fixedbugs/issue4085a.go
 go113/test/fixedbugs/issue4085b.go

lang/go113/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.7 2020/05/16 08:33:07 bsiegert Exp $
+$NetBSD: distinfo,v 1.7.2.1 2020/07/20 14:52:21 spz Exp $
 
-SHA1 (go1.13.11.src.tar.gz) = 248004d4e71137ca5959ed6a9b5fce40a94262bd
-RMD160 (go1.13.11.src.tar.gz) = 2368697883fad0de66c9521451df41ecb6179c56
-SHA512 (go1.13.11.src.tar.gz) = 2342e70779d2d5a77da00815078e8ed4f00ed5cc0509e332e4d46eb441f0a50e7697b7afe3ba0b12c3be697b9beb6650c196f0e603d602d255e4415a703ed7df
-Size (go1.13.11.src.tar.gz) = 21702851 bytes
+SHA1 (go1.13.14.src.tar.gz) = a7b1983a06181784a9e3b0c2912c0b45b4e486d3
+RMD160 (go1.13.14.src.tar.gz) = 20f2592e6c91e415373e2dbe607f69884e8e8733
+SHA512 (go1.13.14.src.tar.gz) = 49dd28394333eaa7676fdf530d2fc18a645546c814fbe9247c9613e36529eb23634816b5c84574fea1cd9191fa86e684130e75dc70545344851c6b47c846558d
+Size (go1.13.14.src.tar.gz) = 21704891 bytes
 SHA1 (patch-misc_io_clangwrap.sh) = cd91c47ba0fe7b6eb8009dd261c0c26c7d581c29
 SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e
 SHA1 (patch-src_cmd_link_internal_ld_elf.go) = 990a54e3baf239916e4c7f0c1d54240e2898601a

lang/go114/PLIST

@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.4 2020/06/17 09:37:25 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.4.2.1 2020/07/20 14:59:01 spz Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go114/AUTHORS
@@ -1899,6 +1899,7 @@ go114/src/cmd/go/testdata/script/README
 go114/src/cmd/go/testdata/script/bug.txt
 go114/src/cmd/go/testdata/script/build_GOTMPDIR.txt
 go114/src/cmd/go/testdata/script/build_acl_windows.txt
+go114/src/cmd/go/testdata/script/build_cache_arch_mode.txt
 go114/src/cmd/go/testdata/script/build_cache_compile.txt
 go114/src/cmd/go/testdata/script/build_cache_gomips.txt
 go114/src/cmd/go/testdata/script/build_cache_link.txt
@@ -2161,9 +2162,16 @@ go114/src/cmd/go/testdata/script/std_vendor.txt
 go114/src/cmd/go/testdata/script/sum_readonly.txt
 go114/src/cmd/go/testdata/script/test_bad_example.txt
 go114/src/cmd/go/testdata/script/test_badtest.txt
+go114/src/cmd/go/testdata/script/test_benchmark_chatty_fail.txt
+go114/src/cmd/go/testdata/script/test_benchmark_chatty_success.txt
 go114/src/cmd/go/testdata/script/test_benchmark_fatal.txt
 go114/src/cmd/go/testdata/script/test_benchmark_labels.txt
 go114/src/cmd/go/testdata/script/test_cache_inputs.txt
+go114/src/cmd/go/testdata/script/test_chatty_fail.txt
+go114/src/cmd/go/testdata/script/test_chatty_parallel_fail.txt
+go114/src/cmd/go/testdata/script/test_chatty_parallel_success.txt
+go114/src/cmd/go/testdata/script/test_chatty_parallel_success_sleepy.txt
+go114/src/cmd/go/testdata/script/test_chatty_success.txt
 go114/src/cmd/go/testdata/script/test_compile_binary.txt
 go114/src/cmd/go/testdata/script/test_compile_tempfile.txt
 go114/src/cmd/go/testdata/script/test_flag.txt
@@ -8604,6 +8612,8 @@ go114/test/fixedbugs/issue37716.go
 go114/test/fixedbugs/issue3783.go
 go114/test/fixedbugs/issue38117.go
 go114/test/fixedbugs/issue3925.go
+go114/test/fixedbugs/issue39459.go
+go114/test/fixedbugs/issue39541.go
 go114/test/fixedbugs/issue4066.go
 go114/test/fixedbugs/issue4085a.go
 go114/test/fixedbugs/issue4085b.go

lang/go114/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.7 2020/06/17 09:37:25 bsiegert Exp $
+$NetBSD: distinfo,v 1.7.2.1 2020/07/20 14:59:01 spz Exp $
 
-SHA1 (go1.14.4.src.tar.gz) = 0f49857387f181a0aa5fd0d16ae93afce11445d1
-RMD160 (go1.14.4.src.tar.gz) = 1fe71fc573c57031c446f1624fc5d309cb1508d8
-SHA512 (go1.14.4.src.tar.gz) = b0d657ea33331062db5a4da0aff14798f292ca967a53665af1a93e04eba7a03e49a3dbc4768c4f099ec5ff25a31885750f7658f819057057093e2d7bfb085575
-Size (go1.14.4.src.tar.gz) = 22535243 bytes
+SHA1 (go1.14.6.src.tar.gz) = 7cdd6edb158e41d7be2c93c2fc3bd89f73bc3bf2
+RMD160 (go1.14.6.src.tar.gz) = 0441aabf6b098a4b1a318e24c22e678f82b7966e
+SHA512 (go1.14.6.src.tar.gz) = 5c865c8272fb0dc8eab1514732b0200dbc867276512714dd30afc658a0d2afac6bd758e00c6f576d8d254e411418a52a564c895399b56cfe06c2b1785271a8fd
+Size (go1.14.6.src.tar.gz) = 22534714 bytes
 SHA1 (patch-misc_io_clangwrap.sh) = cd91c47ba0fe7b6eb8009dd261c0c26c7d581c29
 SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e
 SHA1 (patch-src_cmd_link_internal_ld_elf.go) = 990a54e3baf239916e4c7f0c1d54240e2898601a

lang/libLLVM/hacks.mk

@@ -0,0 +1,13 @@
+# $NetBSD: hacks.mk,v 1.1.2.2 2020/09/18 18:27:33 bsiegert Exp $
+
+.if !defined(LIBLLVM_HACKS_MK)
+LIBLLVM_HACKS_MK=	defined
+
+# [ Tue Sep 15 07:21:13 CEST 2020 : he ]
+# On NetBSD/powerpc, enable -mlongcall, to avoid relocation overflows
+.if ${MACHINE_ARCH} == "powerpc"
+CFLAGS+=	-mlongcall
+CXXFLAGS+=	-mlongcall
+.endif
+
+.endif	# LIBLLVM_HACKS_MK

lang/llvm/options.mk

@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.6 2019/11/11 19:22:28 nia Exp $
+# $NetBSD: options.mk,v 1.6.6.1 2020/07/09 06:39:00 bsiegert Exp $
 
 PKG_OPTIONS_VAR=	PKG_OPTIONS.llvm
 
@@ -26,6 +26,9 @@ PKG_SUGGESTED_OPTIONS+=		terminfo
 PKG_SUGGESTED_OPTIONS+=		llvm-target-sparc
 .elif !empty(MACHINE_ARCH:Mpowerpc*)
 PKG_SUGGESTED_OPTIONS+=		llvm-target-powerpc
+# Needed to avoid "relocation truncated to fit: R_PPC_REL24"
+CFLAGS+=	-mlongcall
+CXXFLAGS+=	-mlongcall
 .elif !empty(MACHINE_ARCH:Mearm*)
 PKG_SUGGESTED_OPTIONS+=		llvm-target-arm
 .elif !empty(MACHINE_ARCH:M*mips*)

lang/mozjs60/Makefile

@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.9 2020/06/02 08:22:45 adam Exp $
+# $NetBSD: Makefile,v 1.9.2.1 2020/08/28 15:44:32 bsiegert Exp $
 
 DISTNAME=	mozjs60_60.8.0.orig
 PKGNAME=	${DISTNAME:S/_/-/:S/.orig//}
@@ -56,6 +56,12 @@ post-install:
 	${CHMOD} -x ${DESTDIR}${PREFIX}/include/mozjs-60/js-config.h
 	${CHMOD} -x ${DESTDIR}${PREFIX}/lib/pkgconfig/mozjs-60.pc
 
+.include "../../mk/bsd.prefs.mk"
+
+.if !empty(MACHINE_PLATFORM:MNetBSD-*-powerpc)
+# 64 bit atomics
+.include "../../devel/libatomic/buildlink3.mk"
+.endif
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../lang/python/tool.mk"
 .include "../../textproc/icu/buildlink3.mk"

lang/mozjs60/distinfo

@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.6 2020/05/28 15:26:23 triaxx Exp $
+$NetBSD: distinfo,v 1.6.2.1 2020/08/28 15:44:32 bsiegert Exp $
 
 SHA1 (mozjs60_60.8.0.orig.tar.xz) = b66207ee477c110995029f173e6b026f2e013591
 RMD160 (mozjs60_60.8.0.orig.tar.xz) = fef033969a51dc56c84669d33401f60bd499de6d
@@ -9,6 +9,8 @@ SHA1 (patch-.._.._python_mozbuild_mozbuild_backend_recursivemake.py) = dda670432
 SHA1 (patch-.._.._python_mozbuild_mozbuild_virtualenv.py) = 231d96ae8f66da1db36a4371c28d97a4db4c0f5c
 SHA1 (patch-.._public_TypeDecls.h) = 846e0707755cbe7e97cc380f66bfe6da0daf996e
 SHA1 (patch-gc_Memory.cpp) = ba865bee4b99ce6298404b41b465b281fd23555f
+SHA1 (patch-js_src_jit_AtomicOperations.h) = fc9ff5be98f045500675a73c34eaa9855cea2bec
+SHA1 (patch-js_src_jit_none_AtomicOperations-feeling-lucky.h) = 06108aad94437a12b2b80491dab917fe4bb0de37
 SHA1 (patch-jsdate.cpp) = f9314460476ffbc00fe85a75bddc964807d0153f
 SHA1 (patch-threading_posix_Thread.cpp) = c48a642fa98d8112c149142a4af4ac633d3ae332
 SHA1 (patch-util_NativeStack.cpp) = 68d2d80291a856c74bac2e6870317f143bb61355

lang/mozjs60/patches/patch-js_src_jit_AtomicOperations.h

@@ -0,0 +1,15 @@
+$NetBSD: patch-js_src_jit_AtomicOperations.h,v 1.1.2.2 2020/08/28 15:44:32 bsiegert Exp $
+
+Oddly, C++ on NetBSD/powerpc doesn't predefine __ppc__, only __powerpc__.
+
+--- jit/AtomicOperations.h.orig	2019-07-01 09:07:41.000000000 +0000
++++ jit/AtomicOperations.h
+@@ -378,7 +378,7 @@ inline bool AtomicOperations::isLockfree
+ #else
+ #error "No AtomicOperations support for this platform+compiler combination"
+ #endif
+-#elif defined(__ppc__) || defined(__PPC__)
++#elif defined(__ppc__) || defined(__PPC__) || defined(__powerpc__)
+ #include "jit/none/AtomicOperations-feeling-lucky.h"
+ #elif defined(__sparc__)
+ #include "jit/none/AtomicOperations-feeling-lucky.h"

lang/mozjs60/patches/patch-js_src_jit_none_AtomicOperations-feeling-lucky.h

@@ -0,0 +1,15 @@
+$NetBSD: patch-js_src_jit_none_AtomicOperations-feeling-lucky.h,v 1.1.2.2 2020/08/28 15:44:32 bsiegert Exp $
+
+C++ on NetBSD/powerpc doesn't predefine __ppc__, only __powerpc__.  Compensate.
+
+--- jit/none/AtomicOperations-feeling-lucky.h.orig	2019-07-01 09:07:41.000000000 +0000
++++ jit/none/AtomicOperations-feeling-lucky.h
+@@ -39,7 +39,7 @@
+ // want WebAssembly support you can always just lie about the lock-freedom.
+ // After all, you're already feeling lucky.
+ 
+-#if defined(__ppc__) || defined(__PPC__)
++#if defined(__ppc__) || defined(__PPC__) || defined(__powerpc__)
+ #define GNUC_COMPATIBLE
+ #endif
+ 

lang/nodejs/Makefile

@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.185 2020/06/18 04:58:24 gutteridge Exp $
+# $NetBSD: Makefile,v 1.185.2.1 2020/08/14 17:18:38 bsiegert Exp $
 
 DISTNAME=	node-v14.4.0
+PKGREVISION=	1
 EXTRACT_SUFX=	.tar.xz
 
 USE_LANGUAGES=	c gnu++14

lang/nodejs/distinfo

@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.172 2020/06/03 08:41:24 adam Exp $
+$NetBSD: distinfo,v 1.172.2.1 2020/08/14 17:18:38 bsiegert Exp $
 
 SHA1 (node-v14.4.0.tar.xz) = 410b41fc6723af146914d1359ef2c19646d3bde2
 RMD160 (node-v14.4.0.tar.xz) = 830ab17bad8cbb9d04877216c157e86cb149c58f
@@ -10,7 +10,7 @@ SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3
 SHA1 (patch-deps_v8_src_base_atomicops.h) = d1ef20a3fee1d188687bd76836ada6f2c8e0787f
 SHA1 (patch-deps_v8_src_base_platform_platform-freebsd.cc) = b47025f33d2991275bbcd15dbabb28900afab0e1
 SHA1 (patch-deps_v8_src_base_platform_platform-openbsd.cc) = 5e593879dbab095f99e82593272a0de91043f9a8
-SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = 0d80cc6587af9220832de112834e9f50242f819f
+SHA1 (patch-deps_v8_src_base_platform_platform-posix.cc) = 0f2975d557e71b8dea336740e0cae7d7572e6be8
 SHA1 (patch-deps_v8_src_base_platform_semaphore.cc) = 802a95f1b1d131e0d85c1f99c659cc68b31ba2f6
 SHA1 (patch-deps_v8_src_common_globals.h) = 86637724864389f2b24251904de41669a2f00fbc
 SHA1 (patch-deps_v8_src_compiler_types.h) = 2a212282ab9d71e98ae56827fdb1d9778a6047a5

lang/nodejs/patches/patch-deps_v8_src_base_platform_platform-posix.cc

@@ -1,11 +1,26 @@
-$NetBSD: patch-deps_v8_src_base_platform_platform-posix.cc,v 1.5 2018/05/03 21:19:16 fhajny Exp $
+$NetBSD: patch-deps_v8_src_base_platform_platform-posix.cc,v 1.5.18.1 2020/08/14 17:18:38 bsiegert Exp $
 
 Use sysconf(_SC_THREAD_STACK_MIN) instead of PTHREAD_STACK_MIN.
 Cast explicitly.
 
---- deps/v8/src/base/platform/platform-posix.cc.orig	2018-04-24 14:41:24.000000000 +0000
+Avoid using a random hint, some low numbers cause spurious ENOMEM on netbsd
+(PR port-arm/55533)
+
+--- deps/v8/src/base/platform/platform-posix.cc.orig	2020-06-02 15:09:42.000000000 +0000
 +++ deps/v8/src/base/platform/platform-posix.cc
-@@ -480,6 +480,8 @@ int OS::GetCurrentThreadId() {
+@@ -317,6 +317,11 @@ void* OS::GetRandomMmapAddr() {
+ #endif
+ #endif
+ #endif
++
++#ifdef __NetBSD__ && V8_TARGET_ARCH_ARM64
++  raw_addr = 0;
++#endif
++
+   return reinterpret_cast<void*>(raw_addr);
+ }
+ 
+@@ -558,6 +563,8 @@ int OS::GetCurrentThreadId() {
    return static_cast<int>(syscall(__NR_gettid));
  #elif V8_OS_ANDROID
    return static_cast<int>(gettid());
@@ -14,7 +29,7 @@ Cast explicitly.
  #elif V8_OS_AIX
    return static_cast<int>(thread_self());
  #elif V8_OS_FUCHSIA
-@@ -670,8 +672,13 @@ Thread::Thread(const Options& options)
+@@ -750,8 +757,13 @@ Thread::Thread(const Options& options)
      : data_(new PlatformData),
        stack_size_(options.stack_size()),
        start_semaphore_(nullptr) {
@@ -28,7 +43,7 @@ Cast explicitly.
    }
    set_name(options.name());
  }
-@@ -687,7 +694,7 @@ static void SetThreadName(const char* na
+@@ -767,7 +779,7 @@ static void SetThreadName(const char* na
    pthread_set_name_np(pthread_self(), name);
  #elif V8_OS_NETBSD
    STATIC_ASSERT(Thread::kMaxThreadNameLength <= PTHREAD_MAX_NAMELEN_NP);

lang/php/phpversion.mk

@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.300 2020/06/14 05:59:17 taca Exp $
+# $NetBSD: phpversion.mk,v 1.300.2.3 2020/08/23 18:52:28 bsiegert Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -88,9 +88,9 @@ PHPVERSION_MK=	defined
 
 # Define each PHP's version.
 PHP56_VERSION=	5.6.40
-PHP72_VERSION=	7.2.31
-PHP73_VERSION=	7.3.19
-PHP74_VERSION=	7.4.7
+PHP72_VERSION=	7.2.33
+PHP73_VERSION=	7.3.21
+PHP74_VERSION=	7.4.9
 
 # Define initial release of major version.
 PHP56_RELDATE=	20140828

lang/php72/Makefile

@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.27 2020/06/02 08:22:46 adam Exp $
+# $NetBSD: Makefile,v 1.27.2.1 2020/08/23 18:52:28 bsiegert Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=		php-${PHP_VERSION:S/RC/rc/}
-PKGREVISION=		1
 
 COMMENT=		PHP Hypertext Preprocessor version 7.2
 LICENSE=		php

lang/php72/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.55 2020/05/14 14:26:59 taca Exp $
+$NetBSD: distinfo,v 1.55.2.1 2020/08/23 18:52:28 bsiegert Exp $
 
-SHA1 (php-7.2.31.tar.xz) = b575c1ca634b80218021a6addb49a004bc5260f8
-RMD160 (php-7.2.31.tar.xz) = 4785209f87e29a61a395c1fe0ddbaf3488f9ca04
-SHA512 (php-7.2.31.tar.xz) = b21c504d0af2c095e4ae5a62c810af96171b927a27ea4694f59555c0d47798d61c3491a92941099cd9c978b3b0f41852ca2cf745e42ee3d9a6d107a5a884c9ee
-Size (php-7.2.31.tar.xz) = 12309936 bytes
+SHA1 (php-7.2.33.tar.xz) = 5297d7594af3950f395b775bbf7470c8e6f89683
+RMD160 (php-7.2.33.tar.xz) = 83b1f02ef406228ef3a3d1b0371246843d84c26e
+SHA512 (php-7.2.33.tar.xz) = 1c28e741fc6de88a33e1307bc88ba8dddf1ba767ce6eb9c1f0da35482c7d3ee1154831b997fa746340c4b7ec8de9196b21a9b1cf319c8e69eca2c92602ceee4a
+Size (php-7.2.33.tar.xz) = 12310624 bytes
 SHA1 (patch-configure) = 6e66a79e691a84aa7ae461f8dec1752443ad6b61
 SHA1 (patch-disable-filter-url) = e9e92d686ddd1d1a1ece10fe4feee4e368fe510c
 SHA1 (patch-ext_gd_config.m4) = eaecfb31b18700dd642c067ed82748d4f6be2335

lang/php73/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.23 2020/06/14 05:56:51 taca Exp $
+$NetBSD: distinfo,v 1.23.2.1 2020/08/14 19:33:28 bsiegert Exp $
 
-SHA1 (php-7.3.19.tar.xz) = 69da646afaf60af9d035a4f94d25a2b26216f887
-RMD160 (php-7.3.19.tar.xz) = aa4a349f4595a78466800f8287e45a7c2284a41f
-SHA512 (php-7.3.19.tar.xz) = f37800d9e1bf808ad1099f6190965cc75781e7bf6d2c341a7143aca435abc9974a2987cbfeb8c2b35805c946218343612906fde3cc84b195c2c586945869b760
-Size (php-7.3.19.tar.xz) = 12117968 bytes
+SHA1 (php-7.3.21.tar.xz) = 00fe0041c180f4f3185a4e4ade7f07207eda94e7
+RMD160 (php-7.3.21.tar.xz) = 7f6fc55ccf3e35ab8dd238b217d1b7d5d12cdf8c
+SHA512 (php-7.3.21.tar.xz) = fc2b9a40c92a6e79522a49cd025e56c0a52c2c2bd3f7379aaf004ca6b67957cf4ad059c40a5daac45665710abd07962562870430338f700f573856d797df3ff4
+Size (php-7.3.21.tar.xz) = 12123192 bytes
 SHA1 (patch-configure) = 08b80528ba90c705398e8841c232382663479a3b
 SHA1 (patch-disable-filter-url) = 0a2c19c18f089448a8d842e99738b292ab9e5640
 SHA1 (patch-ext_gd_config.m4) = eaecfb31b18700dd642c067ed82748d4f6be2335

lang/php74/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.9 2020/06/14 05:59:17 taca Exp $
+$NetBSD: distinfo,v 1.9.2.1 2020/08/23 18:42:13 bsiegert Exp $
 
-SHA1 (php-7.4.7.tar.xz) = 81b2f89d3668b137514e94383b79957e19066caa
-RMD160 (php-7.4.7.tar.xz) = 7690589df7a30612698e5931a7b4b16965538a9d
-SHA512 (php-7.4.7.tar.xz) = 5b3ba690e610e0511675f06a10afe9edbcfa90b5b16956d22aab225cdf140b55e5a8a551e7b189d30404981c94c6921b8c4aed00102546cfa38784a719704b80
-Size (php-7.4.7.tar.xz) = 10286580 bytes
+SHA1 (php-7.4.9.tar.xz) = 6d8996e0e033745565eab8f4a8c67438c0f61ee0
+RMD160 (php-7.4.9.tar.xz) = 5d9e8153926dcadd5a08ef36e2232998f3a613d0
+SHA512 (php-7.4.9.tar.xz) = 6179c2d867d6775d7f41785003c36d06ce620e7746ea7e6a4d275264e814a66d465776b47b04e2926ed1228cf58f2c15cdda74faf10372435c74ede7aeb79e18
+Size (php-7.4.9.tar.xz) = 10289560 bytes
 SHA1 (patch-configure) = 5e9c9c06f6d819d5ba2832d648f41363f40f3108
 SHA1 (patch-disable-filter-url) = 0a2c19c18f089448a8d842e99738b292ab9e5640
 SHA1 (patch-ext_phar_Makefile.frag) = 53ea5c58b0bc27d236118d5750a74b1cba43e5dd

mail/dovecot2-pigeonhole/Makefile

@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.56 2020/03/15 22:52:45 adam Exp $
+# $NetBSD: Makefile,v 1.56.4.1 2020/08/24 19:03:27 bsiegert Exp $
 
-DISTNAME=	dovecot-2.3-pigeonhole-0.5.10
-PKGNAME=	${DISTNAME:S/-2.3-/-/}
+DISTNAME=	dovecot-2.3.11-pigeonhole-0.5.11
+PKGNAME=	${DISTNAME:S/-2.3.11-/-/}
 CATEGORIES=	mail
 MASTER_SITES=	https://pigeonhole.dovecot.org/releases/2.3/
 

mail/dovecot2-pigeonhole/distinfo

@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.42 2020/03/15 22:52:45 adam Exp $
+$NetBSD: distinfo,v 1.42.4.1 2020/08/24 19:03:27 bsiegert Exp $
 
-SHA1 (dovecot-2.3-pigeonhole-0.5.10.tar.gz) = 5be045df084dfffd6b0103bdb299c5b60c62bc7d
-RMD160 (dovecot-2.3-pigeonhole-0.5.10.tar.gz) = a331e487af2473623605587df3b775f45d777539
-SHA512 (dovecot-2.3-pigeonhole-0.5.10.tar.gz) = f3d380edba4d25d20ee52db21d2965e3a6b229924e9a04fbf45cfe32e1d25448977ee41b12ba41ad8cf8b795f19bb1dbef1d7d09e775598d782123268f61dc8b
-Size (dovecot-2.3-pigeonhole-0.5.10.tar.gz) = 1899237 bytes
+SHA1 (dovecot-2.3.11-pigeonhole-0.5.11.tar.gz) = 60b7457510657e53d2ef2527681a967a70191aae
+RMD160 (dovecot-2.3.11-pigeonhole-0.5.11.tar.gz) = 571d7b50b4083dd3d42b96fe0c211366467f60d6
+SHA512 (dovecot-2.3.11-pigeonhole-0.5.11.tar.gz) = ef65b49092fec736258cd793f4f338cd7838c0e6e23922f6df36b428089e88ff236b8e67a7f31ee9c7e4d587a60a1533fde45d689fa9563fbfd4224bee3d2536
+Size (dovecot-2.3.11-pigeonhole-0.5.11.tar.gz) = 1900342 bytes
 SHA1 (patch-aa) = 264399e166b5fece22bacd47b043c59f8f0f0a29

mail/dovecot2-sqlite/Makefile

@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.22 2020/06/02 08:24:14 adam Exp $
+# $NetBSD: Makefile,v 1.22.2.1 2020/08/24 19:03:13 bsiegert Exp $
 
-PKGREVISION= 1
 .include "../../mail/dovecot2/Makefile.common"
 
 PKGNAME=	${DISTNAME:S/dovecot/dovecot-sqlite/}

mail/dovecot2/Makefile.common

@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.40 2020/05/18 14:20:46 taca Exp $
+# $NetBSD: Makefile.common,v 1.40.2.1 2020/08/24 19:03:13 bsiegert Exp $
 #
 # when updating to a new release, update ABI depends in
 # the buildlink3.mk file as well, since the plugins' version
@@ -11,7 +11,7 @@
 # used by mail/dovecot2-pgsql/Makefile
 # used by mail/dovecot2-sqlite/Makefile
 
-DISTNAME=	dovecot-2.3.10.1
+DISTNAME=	dovecot-2.3.11.3
 CATEGORIES=	mail
 MASTER_SITES=	https://dovecot.org/releases/${PKGVERSION_NOREV:R:R}/
 

mail/dovecot2/PLIST

@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.69 2020/03/15 22:52:04 adam Exp $
+@comment $NetBSD: PLIST,v 1.69.4.1 2020/08/24 19:03:13 bsiegert Exp $
 bin/doveadm
 bin/doveconf
 bin/dovecot-sysreport
@@ -27,6 +27,7 @@ include/dovecot/auth-master-connection.h
 include/dovecot/auth-master.h
 include/dovecot/auth-penalty.h
 include/dovecot/auth-policy.h
+include/dovecot/auth-request-handler-private.h
 include/dovecot/auth-request-handler.h
 include/dovecot/auth-request-stats.h
 include/dovecot/auth-request-var-expand.h
@@ -403,6 +404,7 @@ include/dovecot/mdbox-settings.h
 include/dovecot/mdbox-storage-rebuild.h
 include/dovecot/mdbox-storage.h
 include/dovecot/mdbox-sync.h
+include/dovecot/mech-digest-md5-private.h
 include/dovecot/mech-otp-skey-common.h
 include/dovecot/mech-plain-common.h
 include/dovecot/mech-scram.h
@@ -449,6 +451,7 @@ include/dovecot/ostream-null.h
 include/dovecot/ostream-private.h
 include/dovecot/ostream-rawlog.h
 include/dovecot/ostream-unix.h
+include/dovecot/ostream-wrapper.h
 include/dovecot/ostream-zlib.h
 include/dovecot/ostream.h
 include/dovecot/passdb-blocking.h

mail/dovecot2/buildlink3.mk

@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.33 2020/01/18 21:48:14 jperkin Exp $
+# $NetBSD: buildlink3.mk,v 1.33.4.1 2020/08/24 19:03:13 bsiegert Exp $
 
 BUILDLINK_TREE+=	dovecot
 
@@ -7,7 +7,7 @@ DOVECOT_BUILDLINK3_MK:=
 
 BUILDLINK_API_DEPENDS.dovecot+=		dovecot>=2.2.0
 # must match current package version for plugins to load
-BUILDLINK_ABI_DEPENDS.dovecot+=		dovecot>=2.3.9.2nb1
+BUILDLINK_ABI_DEPENDS.dovecot+=		dovecot>=2.3.11.3
 BUILDLINK_PKGSRCDIR.dovecot?=		../../mail/dovecot2
 
 pkgbase:=	dovecot

mail/dovecot2/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.104 2020/05/18 14:20:46 taca Exp $
+$NetBSD: distinfo,v 1.104.2.1 2020/08/24 19:03:13 bsiegert Exp $
 
-SHA1 (dovecot-2.3.10.1.tar.gz) = d8afa71f3a7a2c2e406745ff43057ae94ed23871
-RMD160 (dovecot-2.3.10.1.tar.gz) = f68993644d14c4bae321e2525fb6c885724d8ebd
-SHA512 (dovecot-2.3.10.1.tar.gz) = 5c07436a3e861993f241caa2c60f035c533c5fceb5c8540c1717d31bedd54b82299f7ea11bfee12c72d4d33985d93a7130c4f56877864a7ad21cf7373a29cc06
-Size (dovecot-2.3.10.1.tar.gz) = 7226958 bytes
+SHA1 (dovecot-2.3.11.3.tar.gz) = 4a094ae503ded8ccea97cc06680fbb2e0f9c3171
+RMD160 (dovecot-2.3.11.3.tar.gz) = c44a9686a24127c95bd7c439e0548bd66481ab4e
+SHA512 (dovecot-2.3.11.3.tar.gz) = d83e52a7faab918a8e6f6257acc5936b81733c10489affd042c3a043cb842db060286cba9978be378e4958e9ac2e60b55ce289d7f3a88df08e7637e4785e23bb
+Size (dovecot-2.3.11.3.tar.gz) = 7353412 bytes
 SHA1 (patch-aa) = 3af01aa4a8cea1a3fb840b6243a744de77069611
 SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e
 SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b

mail/opendmarc/Makefile

@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.18 2020/01/25 10:45:11 jperkin Exp $
+# $NetBSD: Makefile,v 1.18.4.1 2020/07/30 18:48:38 bsiegert Exp $
 
 DISTNAME=	opendmarc-1.3.1
-PKGREVISION=	6
+PKGREVISION=	7
 CATEGORIES=	mail
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=opendmarc/}
 

mail/opendmarc/distinfo

@@ -1,8 +1,11 @@
-$NetBSD: distinfo,v 1.6 2015/11/03 23:27:11 agc Exp $
+$NetBSD: distinfo,v 1.6.36.1 2020/07/30 18:48:38 bsiegert Exp $
 
 SHA1 (opendmarc-1.3.1.tar.gz) = bdd12713888c16e77334281238f88990df225929
 RMD160 (opendmarc-1.3.1.tar.gz) = 623b51544f428ade14f0a5d6204f8bf41af8375a
 SHA512 (opendmarc-1.3.1.tar.gz) = 0be11540bc26bd3b3e6cc9817bc379a5d290b63ef16c5d3559bf96b241ad6628bea7a9daeb468afac855bc16be16676f722b3c1d468ea82c8d8364e8a8137226
 Size (opendmarc-1.3.1.tar.gz) = 640151 bytes
-SHA1 (patch-configure) = 15abea1f890249c46eb0b969133fc809507feb6a
-SHA1 (patch-configure.ac) = b7ee9ae49e04fceaf2872dac7e2f60a15d3c9aa0
+SHA1 (patch-build-config.h.in) = 14723ab0a578978117be7dcc1d60fe5af955b610
+SHA1 (patch-configure) = 1af3b346ac6db51d1701af8ba4e123e0e6a6b973
+SHA1 (patch-configure.ac) = bfd2c16d22e25b564d33220b5e7ceadedc5ee016
+SHA1 (patch-libopendmarc_opendmarc__dns.c) = 7c75d464bcdba6baf963cb002e7ba94a60593ecc
+SHA1 (patch-libopendmarc_opendmarc__spf__dns.c) = 82f22fd2e224ddef1cd3c6788518e629fdea125f

mail/opendmarc/patches/patch-build-config.h.in

@@ -0,0 +1,16 @@
+$NetBSD: patch-build-config.h.in,v 1.1.2.2 2020/07/30 18:48:39 bsiegert Exp $
+
+We need to use res_ndestroy() to cleanup after res_init().
+
+--- build-config.h.in.orig	2015-02-23 20:32:27.000000000 +0000
++++ build-config.h.in
+@@ -104,6 +104,9 @@
+ /* Define to 1 if you have the `res_ninit()' function. */
+ #undef HAVE_RES_NINIT
+ 
++/* Define to 1 if you have the 'res_ndestroy()' function. */
++#undef HAVE_RES_NDESTROY
++
+ /* Define to 1 if you have the <signal.h> header file. */
+ #undef HAVE_SIGNAL_H
+ 

mail/opendmarc/patches/patch-configure

@@ -1,12 +1,73 @@
-$NetBSD: patch-configure,v 1.1 2014/12/05 16:00:23 christos Exp $
-Search also for __res_ninit on NetBSD because of namespace protection
+$NetBSD: patch-configure,v 1.1.44.1 2020/07/30 18:48:39 bsiegert Exp $
 
---- configure.orig	2014-12-05 10:53:31.000000000 -0500
-+++ configure	2014-12-05 10:54:50.000000000 -0500
-@@ -12969,6 +12969,64 @@
+Check for res_ndestroy(), __res_init(), and __res_ndestroy().
+
+--- configure.orig	2015-02-23 20:32:13.000000000 +0000
++++ configure
+@@ -12971,6 +12971,184 @@ $as_echo "#define HAVE_RES_NINIT 1" >>co
  
  fi
  
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_ndestroy" >&5
++$as_echo_n "checking for library containing res_ndestroy... " >&6; }
++if ${ac_cv_search_res_ndestroy+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  ac_func_search_save_LIBS=$LIBS
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++/* Override any GCC internal prototype to avoid an error.
++   Use char because int might match the return type of a GCC
++   builtin and then its argument prototype would still apply.  */
++#ifdef __cplusplus
++extern "C"
++#endif
++char res_ndestroy ();
++int
++main ()
++{
++return res_ndestroy ();
++  ;
++  return 0;
++}
++_ACEOF
++for ac_lib in '' resolv; do
++  if test -z "$ac_lib"; then
++    ac_res="none required"
++  else
++    ac_res=-l$ac_lib
++    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
++  fi 
++  if ac_fn_c_try_link "$LINENO"; then :
++  ac_cv_search_res_ndestroy=$ac_res
++fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext
++  if ${ac_cv_search_res_ndestroy+:} false; then :
++  break
++fi
++done
++if ${ac_cv_search_res_ndestroy+:} false; then :
++
++else
++  ac_cv_search_res_ndestroy=no
++fi
++rm conftest.$ac_ext
++LIBS=$ac_func_search_save_LIBS
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_ndestroy" >&5
++$as_echo "$ac_cv_search_res_ndestroy" >&6; }
++ac_res=$ac_cv_search_res_ndestroy
++if test "$ac_res" != no; then :
++  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
++
++$as_echo "#define HAVE_RES_NDESTROY 1" >>confdefs.h    
++
++fi
++
++
++
 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __res_ninit" >&5
 +$as_echo_n "checking for library containing __res_ninit... " >&6; }
 +if ${ac_cv_search___res_ninit+:} false; then :
@@ -64,6 +125,66 @@ Search also for __res_ninit on NetBSD because of namespace protection
 +$as_echo "#define HAVE_RES_NINIT 1" >>confdefs.h
 +
 +fi
++
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __res_ndestroy" >&5
++$as_echo_n "checking for library containing __res_ndestroy... " >&6; }
++if ${ac_cv_search___res_ndestroy+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  ac_func_search_save_LIBS=$LIBS 
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++/* Override any GCC internal prototype to avoid an error.
++   Use char because int might match the return type of a GCC
++   builtin and then its argument prototype would still apply.  */
++#ifdef __cplusplus
++extern "C"
++#endif
++char __res_ndestroy (); 
++int
++main ()
++{
++return __res_ndestroy ();
++  ; 
++  return 0;
++} 
++_ACEOF
++for ac_lib in '' resolv; do
++  if test -z "$ac_lib"; then
++    ac_res="none required"
++  else
++    ac_res=-l$ac_lib 
++    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"  
++  fi  
++  if ac_fn_c_try_link "$LINENO"; then :
++  ac_cv_search___res_ndestroy=$ac_res
++fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext
++  if ${ac_cv_search___res_ndestroy+:} false; then :
++  break
++fi
++done
++if ${ac_cv_search___res_ndestroy+:} false; then :
++
++else
++  ac_cv_search___res_ndestroy=no
++fi
++rm conftest.$ac_ext
++LIBS=$ac_func_search_save_LIBS
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search___res_ndestroy" >&5
++$as_echo "$ac_cv_search___res_ndestroy" >&6; }
++ac_res=$ac_cv_search___res_ndestroy
++if test "$ac_res" != no; then :
++  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
++
++$as_echo "#define HAVE_RES_NDESTROY 1" >>confdefs.h
++
++fi
++
++
 +
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for idn_free in -lidn" >&5
  $as_echo_n "checking for idn_free in -lidn... " >&6; }

mail/opendmarc/patches/patch-configure.ac

@@ -1,15 +1,24 @@
-$NetBSD: patch-configure.ac,v 1.1 2014/12/05 16:00:23 christos Exp $
-Search also for __res_ninit on NetBSD because of namespace protection
+$NetBSD: patch-configure.ac,v 1.1.44.1 2020/07/30 18:48:39 bsiegert Exp $
 
---- configure.ac.orig	2014-12-05 10:53:36.000000000 -0500
-+++ configure.ac	2014-12-05 10:53:51.000000000 -0500
-@@ -126,6 +126,9 @@
+Add appropriate flags if res_ndestroy(), __res_ninit(),  or 
+__res_ndestroy() are found.
+
+--- configure.ac.orig	2015-02-23 20:31:50.000000000 +0000
++++ configure.ac
+@@ -126,6 +126,16 @@ AC_CHECK_LIB(resolv, inet_aton, , , [-ln
  AC_SEARCH_LIBS(res_ninit, resolv,
  	AC_DEFINE(HAVE_RES_NINIT, 1,
  	[Define to 1 if you have the `res_ninit()' function.]))
++AC_SEARCH_LIBS(res_ndestroy, resolv,
++       AC_DEFINE(HAVE_RES_NDESTROY, 1,
++       [Define to 1 if you have the `res_ndestroy()' function.]))
 +AC_SEARCH_LIBS(__res_ninit, resolv,
 +	AC_DEFINE(HAVE_RES_NINIT, 1,
-+	[Define to 1 if you have the `res_ninit()' function.]))
++	[Define to 1 if you have the `__res_ninit()' function.]))
++AC_SEARCH_LIBS(__res_ndestroy, resolv,
++       AC_DEFINE(HAVE_RES_NDESTROY, 1,
++       [Define to 1 if you have the `__res_ndestroy()' function.]))
++
  AC_CHECK_LIB(idn, idn_free)
  AC_CHECK_LIB(rt, nanosleep)
  AC_SEARCH_LIBS(inet_addr, nsl)

mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c

@@ -0,0 +1,18 @@
+$NetBSD: patch-libopendmarc_opendmarc__dns.c,v 1.1.2.2 2020/07/30 18:48:39 bsiegert Exp $
+
+Patch from Roy Marples: if we have res_ndestroy(), use that in place of just res_nclose().
+
+--- libopendmarc/opendmarc_dns.c.orig	2015-02-23 20:31:51.000000000 +0000
++++ libopendmarc/opendmarc_dns.c
+@@ -211,7 +211,11 @@ dmarc_dns_get_record(char *domain, int *
+ 	(void) opendmarc_policy_library_dns_hook(&resp.nscount,
+                                                  &resp.nsaddr_list);
+ 	answer_len = res_nquery(&resp, bp, C_IN, T_TXT, answer_buf, sizeof answer_buf);
++#ifdef HAVE_RES_NDESTROY
++	res_ndestroy(&resp);
++#else
+ 	res_nclose(&resp);
++#endif
+ #else /* HAVE_RES_NINIT */
+ #if defined RES_USE_DNSSEC
+ 	_res.options |= RES_USE_DNSSEC;

mail/opendmarc/patches/patch-libopendmarc_opendmarc__spf__dns.c

@@ -0,0 +1,76 @@
+$NetBSD: patch-libopendmarc_opendmarc__spf__dns.c,v 1.1.2.2 2020/07/30 18:48:39 bsiegert Exp $
+
+Patch from Roy Marples: if we have res_ndestroy(), use that in place of just res_nclose().
+
+--- libopendmarc/opendmarc_spf_dns.c.orig	2015-02-23 20:31:51.000000000 +0000
++++ libopendmarc/opendmarc_spf_dns.c
+@@ -108,7 +108,11 @@ opendmarc_spf_dns_lookup_a_actual(char *
+ 
+ #ifdef HAVE_RES_NINIT
+ 	k = res_nquery(&resp, bp, C_IN, sought, a_buf, sizeof a_buf);
++#ifdef HAVE_RES_NDESTROY
++	res_ndestroy(&resp);
++#else
+ 	res_nclose(&resp);
++#endif
+ #else /* HAVE_RES_NINIT */
+ 	k = res_query(bp, C_IN, sought, a_buf, sizeof a_buf);
+ #endif /* HAVE_RES_NINIT */
+@@ -253,7 +257,11 @@ opendmarc_spf_dns_lookup_mx(char *domain
+         memset(&resp, '\0', sizeof resp);
+ 	res_ninit(&resp);
+ 	k = res_nquery(&resp, domain, C_IN, T_MX, (u_char *) &q, sizeof(q));
++#ifdef HAVE_RES_NDESTROY
++	res_ndestroy(&resp);
++#else
+ 	res_nclose(&resp);
++#endif
+ #else /* HAVE_RES_NINIT */
+ 	k = res_query(domain, C_IN, T_MX, (u_char *) &q, sizeof(q));
+ #endif /* HAVE_RES_NINIT */
+@@ -366,7 +374,11 @@ opendmarc_spf_dns_lookup_ptr(char *ip, c
+         memset(&resp, '\0', sizeof resp);
+ 	res_ninit(&resp);
+ 	k = res_nquery(&resp, (char *)buf, C_IN, T_PTR, (u_char *) &q, sizeof(q));
++#ifdef HAVE_RES_NDESTROY
++	res_ndestroy(&resp);
++#else
+ 	res_nclose(&resp);
++#endif
+ #else /* HAVE_RES_NINIT */
+ 	k = res_query((char *)buf, C_IN, T_PTR, (u_char *) &q, sizeof(q));
+ #endif /* HAVE_RES_NINIT */
+@@ -461,7 +473,11 @@ opendmarc_spf_dns_does_domain_exist(char
+         (void) res_nquery(&resp, domain, C_IN, T_AAAA, aaaa_q, sizeof aaaa_q);  
+ #endif /* T_AAAA */
+         (void) res_nquery(&resp, domain, C_IN, T_MX, mx_q, sizeof mx_q);  
++#ifdef HAVE_RES_NDESTROY
++	res_ndestroy(&resp);
++#else
+ 	res_nclose(&resp);
++#endif
+ #else /* HAVE_RES_NINIT */
+         (void) res_query(domain, C_IN, T_A, a_q, sizeof a_q);  
+ #ifdef T_AAAA
+@@ -603,13 +619,21 @@ opendmarc_spf_dns_get_record(char *domai
+ 		}
+ 		*rp = h_errno;
+ #ifdef HAVE_RES_NINIT 
++#ifdef HAVE_RES_NDESTROY
++		res_ndestroy(&resp);
++#else
+ 		res_nclose(&resp);
++#endif
+ #endif /* HAVE_RES_NINIT */
+ 		return NULL;
+ 	}
+ got_spf_record:
+ #ifdef HAVE_RES_NINIT 
++#ifdef HAVE_RES_NDESTROY
++	res_ndestroy(&resp);
++#else
+ 	res_nclose(&resp);
++#endif
+ #endif /* HAVE_RES_NINIT */
+ 
+ 	if (k > (int)(sizeof txt_buf))

mail/roundcube-plugin-password/distinfo

@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.19 2020/06/09 00:25:19 taca Exp $
+$NetBSD: distinfo,v 1.19.2.2 2020/08/23 18:58:28 bsiegert Exp $
 
-SHA1 (roundcubemail-1.4.6-complete.tar.gz) = 44961ef62bb9c9875141ca34704bbc7d6f36373d
-RMD160 (roundcubemail-1.4.6-complete.tar.gz) = 51e323bf7def448b55f57b9279745b5779690ab3
-SHA512 (roundcubemail-1.4.6-complete.tar.gz) = e86763ced58cfa8174f71d33ae45cd62f26a58853b9361b800003fa5bf883a4106c957f66b6b17b03172a3ee595ca74d7c19ac38e449a23377defd77cf555742
-Size (roundcubemail-1.4.6-complete.tar.gz) = 7031573 bytes
+SHA1 (roundcubemail-1.4.8-complete.tar.gz) = 3a6824fd68fef2e0d24f186cfbee5c6f9d6edbe9
+RMD160 (roundcubemail-1.4.8-complete.tar.gz) = eacf740aab6fa69fd023bc5f2356b49a81e596d0
+SHA512 (roundcubemail-1.4.8-complete.tar.gz) = 8b7734cdec95954b7e18a0e44957da6ef74b5b0c3d28a1449e8634faa230844f5e0c28954245641758f8b2d9102aa32f279765ed3dfa20fa7b00dee4e5347362
+Size (roundcubemail-1.4.8-complete.tar.gz) = 7032822 bytes
 SHA1 (patch-plugins_password_helpers_passwd-expect) = 15e427a3c90bf7c0437a023b3f099abb5a139165

mail/roundcube/Makefile.common

@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.19 2020/06/09 00:25:19 taca Exp $
+# $NetBSD: Makefile.common,v 1.19.2.2 2020/08/23 18:58:28 bsiegert Exp $
 #
 # used by mail/roundcube/Makefile
 # used by mail/roundcube/plugins.mk
@@ -10,7 +10,7 @@ GITHUB_PROJECT=	roundcubemail
 GITHUB_RELEASE=	${RC_VERS}
 HOMEPAGE=	https://roundcube.net/
 
-RC_VERS=	1.4.6
+RC_VERS=	1.4.8
 
 USE_LANGUAGES=		# none
 USE_TOOLS+=		pax

mail/roundcube/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.70 2020/06/09 00:25:19 taca Exp $
+$NetBSD: distinfo,v 1.70.2.2 2020/08/23 18:58:28 bsiegert Exp $
 
-SHA1 (roundcubemail-1.4.6-complete.tar.gz) = 44961ef62bb9c9875141ca34704bbc7d6f36373d
-RMD160 (roundcubemail-1.4.6-complete.tar.gz) = 51e323bf7def448b55f57b9279745b5779690ab3
-SHA512 (roundcubemail-1.4.6-complete.tar.gz) = e86763ced58cfa8174f71d33ae45cd62f26a58853b9361b800003fa5bf883a4106c957f66b6b17b03172a3ee595ca74d7c19ac38e449a23377defd77cf555742
-Size (roundcubemail-1.4.6-complete.tar.gz) = 7031573 bytes
+SHA1 (roundcubemail-1.4.8-complete.tar.gz) = 3a6824fd68fef2e0d24f186cfbee5c6f9d6edbe9
+RMD160 (roundcubemail-1.4.8-complete.tar.gz) = eacf740aab6fa69fd023bc5f2356b49a81e596d0
+SHA512 (roundcubemail-1.4.8-complete.tar.gz) = 8b7734cdec95954b7e18a0e44957da6ef74b5b0c3d28a1449e8634faa230844f5e0c28954245641758f8b2d9102aa32f279765ed3dfa20fa7b00dee4e5347362
+Size (roundcubemail-1.4.8-complete.tar.gz) = 7032822 bytes
 SHA1 (patch-af) = 7f29b0310a2a6b2e71858787e08b025e30d8bd12
 SHA1 (patch-config_config.inc.php.sample) = 92a48a97b16fe3f5f4b9441fce762a559d8daca7
 SHA1 (patch-program_lib_Roundcube_rcube__mime.php) = b1e9479d575b7fd61c413e2b76ee36c06ece7a5c

misc/xygrib/distinfo

@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2019/12/10 13:55:44 nros Exp $
+$NetBSD: distinfo,v 1.4.6.1 2020/08/25 18:36:06 bsiegert Exp $
 
 SHA1 (XyGrib-1.1.1/XyGrib-1.2.6.1.tar.gz) = 8e3431ed6a5ef114d77ac57029129a26a381f696
 RMD160 (XyGrib-1.1.1/XyGrib-1.2.6.1.tar.gz) = 876e8a53b492b2e2ea0572e5b0cd31a2c04f505a
@@ -14,3 +14,4 @@ SHA512 (XyGrib-1.1.1/XyGrib___cities_files.tar.gz) = 6bb9362c87fec7633b0ad1fd3b8
 Size (XyGrib-1.1.1/XyGrib___cities_files.tar.gz) = 2487518 bytes
 SHA1 (patch-CMakeLists.txt) = f12e4cc04e94919a8ed5824df859b0573612ab02
 SHA1 (patch-src_CMakeLists.txt) = 3a06026a033e2dbe93ea9d08c48d87f51186918a
+SHA1 (patch-src_SkewT.h) = 71f5d89e04aa4faa8e4812cca82186a834e5786f

misc/xygrib/patches/patch-src_SkewT.h

@@ -0,0 +1,14 @@
+$NetBSD: patch-src_SkewT.h,v 1.1.2.2 2020/08/25 18:36:06 bsiegert Exp $
+
+Fix undeclared class QPainterPath 
+
+--- src/SkewT.h.orig	2020-08-21 13:09:55.133572321 +0200
++++ src/SkewT.h	2020-08-21 13:10:05.207772962 +0200
+@@ -16,6 +16,7 @@
+ #include <QMainWindow>
+ #include <QFrame>
+ #include <QPainter>
++#include <QPainterPath>
+ #include <QLayout>
+ #include <QKeyEvent>
+ #include <QPrintDialog>

mk/pkgformat/pkg/metadata.mk

@@ -1,4 +1,4 @@
-# $NetBSD: metadata.mk,v 1.28 2020/06/07 04:41:58 rillig Exp $
+# $NetBSD: metadata.mk,v 1.28.2.1 2020/07/09 06:40:07 bsiegert Exp $
 
 ######################################################################
 ### The targets below are all PRIVATE.
@@ -399,7 +399,7 @@ ${_DEPENDS_PLIST}: ${PLIST}
 	${AWK} '$$1 == "bootstrap" || $$1 == "build" { printf "@blddep %s\n", $$3; }' < ${_RDEPENDS_FILE}; \
 	${CAT} ${PLIST}; } > ${.TARGET}
 
-_PKG_CREATE_ARGS+=				-l
+_PKG_CREATE_ARGS+=				-l -U
 _PKG_CREATE_ARGS+=				-B ${_BUILD_INFO_FILE}
 _PKG_CREATE_ARGS+=				-b ${_BUILD_VERSION_FILE}
 _PKG_CREATE_ARGS+=				-c ${_COMMENT_FILE}

multimedia/ffmpeg4/hacks.mk

@@ -0,0 +1,12 @@
+# $NetBSD: hacks.mk,v 1.1.2.2 2020/09/18 18:25:15 bsiegert Exp $
+
+.if !defined(FFMPEG4_HACKS_MK)
+FFMPEG4_HACKS_MK=	defined
+
+# [Mon Sep 14 12:41:59 CEST 2020 : he]
+# On NetBSD/powerpc, enable -mvsx, to get vec_xl in scope.
+.if ${MACHINE_ARCH} == "powerpc"
+CFLAGS+=	-mvsx
+.endif
+
+.endif	# FFMPEG4_HACKS_MK

multimedia/mediainfo/Makefile.common

@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.8 2020/02/28 12:16:45 bsiegert Exp $
+# $NetBSD: Makefile.common,v 1.8.4.1 2020/08/14 17:05:28 bsiegert Exp $
 #
 # used by multimedia/mediainfo/Makefile
 # used by multimedia/libmediainfo/Makefile
 
-MIVER=			19.09
+MIVER=			20.03
 
 DISTNAME=		mediainfo_${MIVER}_AllInclusive
 CATEGORIES=		multimedia

multimedia/mediainfo/distinfo

@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.14 2020/02/28 12:16:45 bsiegert Exp $
+$NetBSD: distinfo,v 1.14.4.1 2020/08/14 17:05:28 bsiegert Exp $
 
-SHA1 (mediainfo_19.09_AllInclusive.7z) = 8d250b9101a34e19d76f48a1e1e36df820e5e051
-RMD160 (mediainfo_19.09_AllInclusive.7z) = 54b517222fbbf34dd0282bdd3e54c4c2d45e8f26
-SHA512 (mediainfo_19.09_AllInclusive.7z) = c03a116ec2abf28026ea62a7a5cad773d119549e78452882c8189044bf1f75f462d00adaed5e12c7d309f5e191cc10d6f1b9f0bf7793aaec4737c61855017e6a
-Size (mediainfo_19.09_AllInclusive.7z) = 3603490 bytes
+SHA1 (mediainfo_20.03_AllInclusive.7z) = e6cbdaa85b9c4b182cd1325506926637b0e158d8
+RMD160 (mediainfo_20.03_AllInclusive.7z) = 976c635af03faa44d9a4cca2bc5c143efa44601d
+SHA512 (mediainfo_20.03_AllInclusive.7z) = 850f4ee5f8ceb3a91a4466ff73c9f2fb70a1a63f8bdd7ffd8dd40e83b619b71c59e9b8659a8636758c90a62d7024b4e617b17025c72f23a7bcd25a3823d2ee39
+Size (mediainfo_20.03_AllInclusive.7z) = 3706487 bytes
 SHA1 (patch-MediaInfoLib_Source_MediaInfo_MediaInfo__Config.h) = 19d6cba816c9e282e31fac527cbc39b9303f9f08

net/bind911/Makefile

@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.28 2020/06/18 14:06:21 taca Exp $
+# $NetBSD: Makefile,v 1.28.2.1 2020/08/28 15:57:47 bsiegert Exp $
 
 DISTNAME=	bind-${BIND_VERSION}
 PKGNAME=	${DISTNAME:S/-P/pl/}
@@ -14,7 +14,7 @@ CONFLICTS+=	host-[0-9]*
 
 MAKE_JOBS_SAFE=	no
 
-BIND_VERSION=	9.11.20
+BIND_VERSION=	9.11.22
 
 .include "../../mk/bsd.prefs.mk"
 

net/bind911/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.20 2020/06/18 14:06:21 taca Exp $
+$NetBSD: distinfo,v 1.20.2.1 2020/08/28 15:57:47 bsiegert Exp $
 
-SHA1 (bind-9.11.20.tar.gz) = ff6ad0d3f9282a77786e93eb889154008ef1ccdf
-RMD160 (bind-9.11.20.tar.gz) = ce7f8bb446d63c1b4dbdccf7e6294b87fdba6101
-SHA512 (bind-9.11.20.tar.gz) = 249710a35dfd340abf8d07c526fb9dd05ab3ed186641f33b697f9a59a866965f43d77e6d0c77b3690698eb6d451a15506cedc5da18aff666c9d95a864268dd25
-Size (bind-9.11.20.tar.gz) = 8244703 bytes
+SHA1 (bind-9.11.22.tar.gz) = 10104100e265bc9e4b8975b3dc6266cd2d40b597
+RMD160 (bind-9.11.22.tar.gz) = 142024c9808b981544048676ce57cfbf47170f48
+SHA512 (bind-9.11.22.tar.gz) = 8ed2ed661b87705bbb7ddde3076a132b4e53971d669600997abfa104404e0c8b4bf04cc04c6be1c2c701123db5e0d4645ab797e5a985a18f5a1d68824a3df3ed
+Size (bind-9.11.22.tar.gz) = 8248081 bytes
 SHA1 (patch-bin_named_Makefile.in) = 3e5b98e3e0bdb701be679d3580d6d2d7609d655b
 SHA1 (patch-bin_named_server.c) = 0294d74eb3039049c4672a3de6eb371407bb382d
 SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = ca2671a5e3216a08a212cf893e070b01705ef9ee

net/chrony/Makefile

@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.42 2020/05/22 10:56:25 adam Exp $
+# $NetBSD: Makefile,v 1.42.2.1 2020/08/28 16:13:26 bsiegert Exp $
 
-DISTNAME=	chrony-3.5
-PKGREVISION=	2
+DISTNAME=	chrony-3.5.1
 CATEGORIES=	net
 MASTER_SITES=	http://download.tuxfamily.org/chrony/
 

net/chrony/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.13 2019/05/17 10:12:27 nia Exp $
+$NetBSD: distinfo,v 1.13.10.1 2020/08/28 16:13:26 bsiegert Exp $
 
-SHA1 (chrony-3.5.tar.gz) = 79e9aeace143550300387a99f17bff04b45673f7
-RMD160 (chrony-3.5.tar.gz) = 1989fac77dc98557e63a22e46e61cf85fced4a33
-SHA512 (chrony-3.5.tar.gz) = c4f6376a44d71b6ac2b6d86e3d6fb4348642faeef7f3f3a4d6431627b5645efcc868b005cc398c8292bc3b63a1161fbd1a042c6ac2a0595843f908fe32eed90c
-Size (chrony-3.5.tar.gz) = 458226 bytes
+SHA1 (chrony-3.5.1.tar.gz) = 3decde1c1d56e87d89b34cba662266a945453b3a
+RMD160 (chrony-3.5.1.tar.gz) = 30e2c1a329f3fe8ef897615def9d95fd6332e2fc
+SHA512 (chrony-3.5.1.tar.gz) = 489cf614bfb2c1e024343af1316c339b287ed5c7b6cec15b44ef3d90512036fb1da3fd627d291a193c59d9c5c095afa66c529eeb6fd0c1bbc8256ed8873b7984
+Size (chrony-3.5.1.tar.gz) = 459902 bytes
 SHA1 (patch-Makefile.in) = 42ebfcdbce472a173890571625efc4fef583d5b6
 SHA1 (patch-doc_Makefile.in) = 8e9902690ff431fd47429d53346faf2ac8f1b923
 SHA1 (patch-examples_chrony.conf.example3) = 9566820e1db21435580f134cefc0bcb94d619dda

net/freeradius/hacks.mk

@@ -0,0 +1,14 @@
+# $NetBSD: hacks.mk,v 1.1.2.2 2020/09/18 18:23:39 bsiegert Exp $
+
+.if !defined(FREERADIUS_HACKS_MK)
+FREERADIUS_HACKS_MK=	defined
+
+# [Mon Sep  7 20:40:36 CEST 2020 : he]
+# On NetBSD/powerpc, we don't have native 8-byte atomics,
+# but this package insists on using them, so here we need libatomic.
+.if ${MACHINE_ARCH} == "powerpc"
+PKG_HACKS+=     powerpc-libatomic
+.include "../../devel/libatomic/buildlink3.mk"
+.endif
+
+.endif	# FREERADIUS_HACKS_MK

net/samba4/Makefile

@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.101 2020/05/22 10:55:48 adam Exp $
+# $NetBSD: Makefile,v 1.101.2.1 2020/07/29 20:15:59 bsiegert Exp $
 
-DISTNAME=	samba-4.12.3
-PKGREVISION=	1
+DISTNAME=	samba-4.12.5
 CATEGORIES=	net
 MASTER_SITES=	https://download.samba.org/pub/samba/stable/
 

net/samba4/PLIST

@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.30 2020/05/19 12:13:51 hauke Exp $
+@comment $NetBSD: PLIST,v 1.30.2.1 2020/07/29 20:15:59 bsiegert Exp $
 bin/cifsdd
 bin/dbwrap_tool
 bin/dumpmscat
@@ -404,6 +404,7 @@ ${PYSITELIB}/samba/tests/dns_base.py
 ${PYSITELIB}/samba/tests/dns_forwarder.py
 ${PYSITELIB}/samba/tests/dns_forwarder_helpers/server.py
 ${PYSITELIB}/samba/tests/dns_invalid.py
+${PYSITELIB}/samba/tests/dns_packet.py
 ${PYSITELIB}/samba/tests/dns_tkey.py
 ${PYSITELIB}/samba/tests/dns_wildcard.py
 ${PYSITELIB}/samba/tests/docs.py

net/samba4/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.48 2020/05/26 13:11:01 jperkin Exp $
+$NetBSD: distinfo,v 1.48.2.1 2020/07/29 20:15:59 bsiegert Exp $
 
-SHA1 (samba-4.12.3.tar.gz) = 08109949a70c88010dd4b53d1ae088b7e1a282eb
-RMD160 (samba-4.12.3.tar.gz) = 9d4a4d7d1da5367a1f442ba0ff3ea8abde1ba69e
-SHA512 (samba-4.12.3.tar.gz) = 5de66c21db0710880b6e0347ae1eff17ff1881eb926e9a0cf5af9ddc27599cf8daa9ca6ea35b2a0a2158226a38cdf7074b28a51e460a139720c78a522b1a5908
-Size (samba-4.12.3.tar.gz) = 18203604 bytes
+SHA1 (samba-4.12.5.tar.gz) = 67322997b5588b95c8f9d3fb85f9709deea885cd
+RMD160 (samba-4.12.5.tar.gz) = 5dd2eff38edbb1c0872222559fc08b7e57c5d3c7
+SHA512 (samba-4.12.5.tar.gz) = 45ef618efaca88fb24e2069edff6bf1e3f27f4bedecbc7899a57d0e4760effeaf9b0f546be1aeeee4f811219cf29a49a122ecc5caf8dc923c42ff9a25c162c2b
+Size (samba-4.12.5.tar.gz) = 18220369 bytes
 SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926
 SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d
 SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = e4c0ed3dacfcf5613a5b397b3c6cf88509497da7
@@ -12,6 +12,7 @@ SHA1 (patch-buildtools_wafsamba_wscript) = 0ca4c3a9d2e07f9165784e495f6f6b2b21db2
 SHA1 (patch-dynconfig_wscript) = 1858e5fcca913f21aa3e7868d9760b9c40c9f5c4
 SHA1 (patch-lib_param_loadparm.h) = 0216b69d33d1e17260a446e11bee764116c52b18
 SHA1 (patch-lib_pthreadpool_pthreadpool.c) = c29490473063d6bdbe5c50780a21bf2869ae959f
+SHA1 (patch-lib_replace_system_passwd.h) = 652be067b2560310ce3a4bbf37c24cb2fa8eb82d
 SHA1 (patch-lib_replace_wscript) = 2a754e7310850b376d5881b82a8467041284fce9
 SHA1 (patch-lib_tdb_common_mutex.c) = 12dbcf870e6ba17ef7f92a8ce7f0b7462f820232
 SHA1 (patch-lib_tevent_tevent.c) = 4a20506e2bfbab85bad664299b884575326e73fd

net/samba4/patches/patch-lib_replace_system_passwd.h

@@ -0,0 +1,16 @@
+$NetBSD: patch-lib_replace_system_passwd.h,v 1.1.2.2 2020/07/29 20:15:59 bsiegert Exp $
+
+Fix building.
+https://bugzilla.samba.org/show_bug.cgi?id=14415
+
+--- lib/replace/system/passwd.h.orig	2020-07-06 10:27:14.000000000 +0000
++++ lib/replace/system/passwd.h
+@@ -89,4 +89,8 @@
+ #define ULTRIX_AUTH 1
+ #endif
+ 
++#ifndef NSS_BUFLEN_PASSWD
++#define NSS_BUFLEN_PASSWD 1024
++#endif
++
+ #endif

net/transmission-gtk/Makefile

@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.45 2020/05/22 10:56:32 adam Exp $
+# $NetBSD: Makefile,v 1.45.2.1 2020/08/03 09:29:18 spz Exp $
 
 PKGNAME=	transmission-gtk-${VERSION}
-PKGREVISION=	8
 COMMENT=	Free, lightweight BitTorrent client (GTK version)
 
 INSTALL_ENV+=		INSTALL_ROOT=${DESTDIR}${PREFIX}

net/transmission-gtk/PLIST

@@ -1,20 +1,16 @@
-@comment $NetBSD: PLIST,v 1.1 2013/03/02 19:34:36 wiz Exp $
+@comment $NetBSD: PLIST,v 1.1.58.1 2020/08/03 09:29:18 spz Exp $
 bin/transmission-gtk
 man/man1/transmission-gtk.1
+share/appdata/transmission-gtk.appdata.xml
 share/applications/transmission-gtk.desktop
-share/icons/hicolor/16x16/apps/transmission.png
-share/icons/hicolor/22x22/apps/transmission.png
-share/icons/hicolor/24x24/apps/transmission.png
-share/icons/hicolor/256x256/apps/transmission.png
-share/icons/hicolor/32x32/apps/transmission.png
-share/icons/hicolor/48x48/apps/transmission.png
+share/icons/hicolor/scalable/apps/transmission-devel.svg
 share/icons/hicolor/scalable/apps/transmission.svg
+share/icons/hicolor/symbolic/apps/transmission-symbolic.svg
 share/locale/an/LC_MESSAGES/transmission-gtk.mo
 share/locale/ar/LC_MESSAGES/transmission-gtk.mo
 share/locale/ast/LC_MESSAGES/transmission-gtk.mo
 share/locale/az/LC_MESSAGES/transmission-gtk.mo
 share/locale/be/LC_MESSAGES/transmission-gtk.mo
-share/locale/be@latin/LC_MESSAGES/transmission-gtk.mo
 share/locale/bg/LC_MESSAGES/transmission-gtk.mo
 share/locale/bn/LC_MESSAGES/transmission-gtk.mo
 share/locale/bo/LC_MESSAGES/transmission-gtk.mo
@@ -25,6 +21,7 @@ share/locale/ca@valencia/LC_MESSAGES/transmission-gtk.mo
 share/locale/ceb/LC_MESSAGES/transmission-gtk.mo
 share/locale/ckb/LC_MESSAGES/transmission-gtk.mo
 share/locale/cs/LC_MESSAGES/transmission-gtk.mo
+share/locale/cy/LC_MESSAGES/transmission-gtk.mo
 share/locale/da/LC_MESSAGES/transmission-gtk.mo
 share/locale/de/LC_MESSAGES/transmission-gtk.mo
 share/locale/el/LC_MESSAGES/transmission-gtk.mo
@@ -40,6 +37,7 @@ share/locale/fi/LC_MESSAGES/transmission-gtk.mo
 share/locale/fil/LC_MESSAGES/transmission-gtk.mo
 share/locale/fo/LC_MESSAGES/transmission-gtk.mo
 share/locale/fr/LC_MESSAGES/transmission-gtk.mo
+share/locale/fr_CA/LC_MESSAGES/transmission-gtk.mo
 share/locale/ga/LC_MESSAGES/transmission-gtk.mo
 share/locale/gl/LC_MESSAGES/transmission-gtk.mo
 share/locale/gv/LC_MESSAGES/transmission-gtk.mo
@@ -53,6 +51,7 @@ share/locale/id/LC_MESSAGES/transmission-gtk.mo
 share/locale/is/LC_MESSAGES/transmission-gtk.mo
 share/locale/it/LC_MESSAGES/transmission-gtk.mo
 share/locale/ja/LC_MESSAGES/transmission-gtk.mo
+share/locale/jbo/LC_MESSAGES/transmission-gtk.mo
 share/locale/ka/LC_MESSAGES/transmission-gtk.mo
 share/locale/kk/LC_MESSAGES/transmission-gtk.mo
 share/locale/ko/LC_MESSAGES/transmission-gtk.mo
@@ -85,7 +84,7 @@ share/locale/sq/LC_MESSAGES/transmission-gtk.mo
 share/locale/sr/LC_MESSAGES/transmission-gtk.mo
 share/locale/sv/LC_MESSAGES/transmission-gtk.mo
 share/locale/sw/LC_MESSAGES/transmission-gtk.mo
-share/locale/ta_LK/LC_MESSAGES/transmission-gtk.mo
+share/locale/ta/LC_MESSAGES/transmission-gtk.mo
 share/locale/te/LC_MESSAGES/transmission-gtk.mo
 share/locale/th/LC_MESSAGES/transmission-gtk.mo
 share/locale/tl/LC_MESSAGES/transmission-gtk.mo
@@ -96,5 +95,6 @@ share/locale/ur/LC_MESSAGES/transmission-gtk.mo
 share/locale/uz/LC_MESSAGES/transmission-gtk.mo
 share/locale/vi/LC_MESSAGES/transmission-gtk.mo
 share/locale/zh_CN/LC_MESSAGES/transmission-gtk.mo
+share/locale/zh_HK/LC_MESSAGES/transmission-gtk.mo
 share/locale/zh_TW/LC_MESSAGES/transmission-gtk.mo
 share/pixmaps/transmission.png

net/transmission-qt/Makefile

@@ -1,11 +1,12 @@
-# $NetBSD: Makefile,v 1.52 2020/06/02 08:24:35 adam Exp $
+# $NetBSD: Makefile,v 1.52.2.1 2020/08/03 09:29:18 spz Exp $
 
 PKGNAME=	transmission-qt-${VERSION}
-PKGREVISION=	9
 COMMENT=	Free, lightweight BitTorrent client (QT version)
 
 MAKE_ENV+=		QTDIR=${QTDIR}
 
+GCC_REQD+=		7
+
 .include "../../mk/bsd.fast.prefs.mk"
 
 .if !empty(MACHINE_PLATFORM:MNetBSD-[6-9].*-*)

net/transmission/Makefile

@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.26 2020/05/22 10:56:32 adam Exp $
+# $NetBSD: Makefile,v 1.26.2.1 2020/08/03 09:29:18 spz Exp $
 
 CONFLICTS+=	Transmission-[0-9]*
 
@@ -8,6 +8,5 @@ pre-configure:
 CONFIGURE_ARGS+=	--disable-mac
 CONFIGURE_ARGS+=	--without-gtk
 
-PKGREVISION= 6
 .include "../../net/transmission/Makefile.common"
 .include "../../mk/bsd.pkg.mk"

net/transmission/Makefile.common

@@ -1,10 +1,10 @@
-# $NetBSD: Makefile.common,v 1.9 2019/07/20 23:14:40 wiz Exp $
+# $NetBSD: Makefile.common,v 1.9.8.1 2020/08/03 09:29:18 spz Exp $
 #
 # used by net/transmission/Makefile
 # used by net/transmission-gtk/Makefile
 # used by net/transmission-qt/Makefile
 
-VERSION=	2.94
+VERSION=	3.00
 DISTNAME=	transmission-${VERSION}
 CATEGORIES=	net
 MASTER_SITES=	https://github.com/transmission/transmission-releases/raw/master/
@@ -40,8 +40,8 @@ ALL_ENV+=	LIBEVENT_CFLAGS=-I${BUILDLINK_PREFIX.libevent}/include
 ALL_ENV+=	LIBEVENT_LIBS="-L${BUILDLINK_PREFIX.libevent}/lib ${COMPILER_RPATH_FLAG}${BUILDLINK_PREFIX.libevent}/lib -levent"
 BUILDLINK_API_DEPENDS.libevent+=	libevent>=2.0.10
 .include "../../devel/libevent/buildlink3.mk"
-ALL_ENV+=	"OPENSSL_CFLAGS=-I${SSLBASE}/include"
-ALL_ENV+=	"OPENSSL_LIBS=-L${SSLBASE}/lib -lcrypto -lssl"
+ALL_ENV+=	OPENSSL_CFLAGS="-I${SSLBASE}/include"
+ALL_ENV+=	OPENSSL_LIBS="-L${SSLBASE}/lib -lcrypto -lssl"
 .include "../../devel/libgetopt/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
 .include "../../www/curl/buildlink3.mk"

net/transmission/PLIST

@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.3 2016/04/15 09:28:39 wiz Exp $
+@comment $NetBSD: PLIST,v 1.3.32.1 2020/08/03 09:29:18 spz Exp $
 bin/transmission-create
 bin/transmission-daemon
 bin/transmission-edit
@@ -25,7 +25,9 @@ share/transmission/web/javascript/jquery/jquery.min.js
 share/transmission/web/javascript/jquery/jquery.transmenu.min.js
 share/transmission/web/javascript/jquery/jquery.ui-contextmenu.min.js
 share/transmission/web/javascript/jquery/json2.min.js
+share/transmission/web/javascript/main.js
 share/transmission/web/javascript/notifications.js
+share/transmission/web/javascript/polyfill.js
 share/transmission/web/javascript/prefs-dialog.js
 share/transmission/web/javascript/remote.js
 share/transmission/web/javascript/torrent-row.js

net/transmission/distinfo

@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.15 2019/07/20 23:14:40 wiz Exp $
+$NetBSD: distinfo,v 1.15.8.1 2020/08/03 09:29:18 spz Exp $
 
-SHA1 (transmission-2.94.tar.xz) = 5f1b41090764bb2150eb0440fce671a3825ef265
-RMD160 (transmission-2.94.tar.xz) = 92fef8c64ff0ee71002b3f36149947e60e568d10
-SHA512 (transmission-2.94.tar.xz) = ee411743940f2897aa0bbc351ce79f11d860075d2e9e399d60301eae8cfc453e20426ef553fc62ee43019a07c052d512f5d7972cc4411fb57b1312c2c1558da7
-Size (transmission-2.94.tar.xz) = 3365952 bytes
-SHA1 (patch-qt_qtr.pro) = 8789931713d96bd1015c615660ab729008d5bbf4
+SHA1 (transmission-3.00.tar.xz) = fd6bd78cfe5a612b422a49e8193d82df2486a3c4
+RMD160 (transmission-3.00.tar.xz) = 5286c3e183474cba6ed1c6cfc022f4f5afab4fda
+SHA512 (transmission-3.00.tar.xz) = eeaf7fe46797326190008776a7fa641b6341c806b0f1684c2e7326c1284832a320440013e42a37acda9fd0ee5dca695f215d6263c8acb39188c5d9a836104a61
+Size (transmission-3.00.tar.xz) = 3329220 bytes
+SHA1 (patch-qt_qtr.pro) = e29629fada5bbb34e3b05b47092dba655b9d8265

net/transmission/patches/patch-qt_qtr.pro

@@ -1,9 +1,9 @@
-$NetBSD: patch-qt_qtr.pro,v 1.6 2019/07/20 23:14:40 wiz Exp $
+$NetBSD: patch-qt_qtr.pro,v 1.6.8.1 2020/08/03 09:29:18 spz Exp $
 
 1. Fix man page installation path.
 2. add openssl cflags/ldflags (still needed?)
 
---- qt/qtr.pro.orig	2015-12-29 00:47:32.464150631 +0000
+--- qt/qtr.pro.orig	2020-05-22 11:04:23.470805450 +0000
 +++ qt/qtr.pro
 @@ -8,7 +8,8 @@ target.path = /bin
  INSTALLS += target
@@ -14,8 +14,8 @@ $NetBSD: patch-qt_qtr.pro,v 1.6 2019/07/20 23:14:40 wiz Exp $
 +
  man.files = transmission-qt.1
  
- CONFIG += qt thread debug link_pkgconfig c++11 warn_on
-@@ -28,12 +29,14 @@ include(config.pri)
+ CONFIG += qt thread link_pkgconfig c++1z warn_on
+@@ -29,12 +30,14 @@ include(config.pri)
  
  INCLUDEPATH = $${EVENT_TOP}/include $${INCLUDEPATH}
  INCLUDEPATH += $${TRANSMISSION_TOP}

net/youtube-dl/Makefile

@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.210 2020/06/16 00:17:40 leot Exp $
+# $NetBSD: Makefile,v 1.210.2.1 2020/07/30 18:48:45 bsiegert Exp $
 
 # XXX: VERSION_DATE can contains also an optional part that indicates
 # XXX: possible same day revisions. PKGNAME preserves that dotted part as is.
-VERSION_DATE=	2020.06.16.1
+VERSION_DATE=	2020.07.28
 DISTNAME=	youtube-dl-${VERSION_DATE}
 PKGNAME=	${DISTNAME:S/.//:S/.//}
 CATEGORIES=	net

net/youtube-dl/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.192 2020/06/16 00:17:40 leot Exp $
+$NetBSD: distinfo,v 1.192.2.1 2020/07/30 18:48:45 bsiegert Exp $
 
-SHA1 (youtube-dl-2020.06.16.1.tar.gz) = 81303e39d3fd04531c93e91af8598bf79d144b27
-RMD160 (youtube-dl-2020.06.16.1.tar.gz) = 502361e0770bf79f8afa66ef141551083b767592
-SHA512 (youtube-dl-2020.06.16.1.tar.gz) = 2f0c01cd1a52293afd8c4fddc20b6f7baca94903fbe852769ad1d25740bd87e38d42ee4a275c2e3d611c639c432f6245d27f361471c6b566da03677384a04e54
-Size (youtube-dl-2020.06.16.1.tar.gz) = 3177873 bytes
+SHA1 (youtube-dl-2020.07.28.tar.gz) = 2193c2719fcb84300e3e175a61c7ec194ac1bc01
+RMD160 (youtube-dl-2020.07.28.tar.gz) = f045747796d3069e3244dd072857f4d412489b3a
+SHA512 (youtube-dl-2020.07.28.tar.gz) = be18cd53577a1e750a9610d481225b5683414ee4a095aa90b1a9ef150e9009bec4c2188f19f13505c88ac0179872751a07f5fb4b591beca3cefd11ccf071132d
+Size (youtube-dl-2020.07.28.tar.gz) = 3179686 bytes
 SHA1 (patch-setup.py) = a67074ae7cfe5e77847c2f610337ea553eddb69b
 SHA1 (patch-youtube__dl_extractor_la7.py) = e246750808305343227060acdc5a38583ef071e9
 SHA1 (patch-youtube__dl_extractor_rai.py) = ae67a6fb599c90491fd68b72bf71821659a2eca4

security/clamav/Makefile

@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.68 2020/06/02 08:22:54 adam Exp $
+# $NetBSD: Makefile,v 1.68.2.1 2020/08/14 18:23:48 bsiegert Exp $
 
-PKGREVISION= 3
 .include "Makefile.common"
 
 COMMENT=	Anti-virus toolkit

security/clamav/Makefile.common

@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.16 2020/05/13 14:58:58 taca Exp $
+# $NetBSD: Makefile.common,v 1.16.2.1 2020/08/14 18:23:48 bsiegert Exp $
 #
 # used by security/clamav/Makefile
 # used by security/clamav-doc/Makefile
 
-DISTNAME=	clamav-0.102.3
+DISTNAME=	clamav-0.102.4
 CATEGORIES=	security
 MASTER_SITES=	http://www.clamav.net/downloads/production/
 

security/clamav/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.33 2020/05/13 14:58:58 taca Exp $
+$NetBSD: distinfo,v 1.33.2.1 2020/08/14 18:23:48 bsiegert Exp $
 
-SHA1 (clamav-0.102.3.tar.gz) = c6397a35f4ae77a3aa3241551120da45662d1f39
-RMD160 (clamav-0.102.3.tar.gz) = 85d1f1f607edfc9b8deeb68aaba39f0875b31863
-SHA512 (clamav-0.102.3.tar.gz) = d239718814b303fb0f1655d9bdaf3675d888eea57e786d927eafabb7b6f58cd7f5fb7dc149511c2af6f800dcc919f2e1d6954110d45b9e16619c632e8d2b37f2
-Size (clamav-0.102.3.tar.gz) = 13226108 bytes
+SHA1 (clamav-0.102.4.tar.gz) = ea0f6faeedb0248c684cceb87f7ff3a8bd4b610d
+RMD160 (clamav-0.102.4.tar.gz) = 1339babd0bbad4b00dab9e05cf94e27080417c63
+SHA512 (clamav-0.102.4.tar.gz) = 29893deb8d2d913dff72331875d3dc3a10356bfb254ddfe1c1933b3ea4f8b76c96a1b840f95e72be36cbc0e00b9ec35e395225ef264761f53e709bb1026a4f09
+Size (clamav-0.102.4.tar.gz) = 13234444 bytes
 SHA1 (patch-Makefile.in) = a11766ea353d81fb281a07c8120e8a1f5c8dc60f
 SHA1 (patch-aa) = 8539a90ac5591c86f7e9f6b8c073f36523f221a5
 SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf

security/tor-browser-https-everywhere/Makefile

@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.2 2020/06/06 20:56:31 wiz Exp $
+# $NetBSD: Makefile,v 1.2.2.1 2020/08/28 19:07:14 bsiegert Exp $
 
-VERSION=	2020.5.20
+VERSION=	2020.8.13
 DISTNAME=	https-everywhere-${VERSION}-eff
 PKGNAME=	tor-browser-${DISTNAME:S/-eff//}
 CATEGORIES=	security www

security/tor-browser-https-everywhere/distinfo

@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.2 2020/06/06 20:56:31 wiz Exp $
+$NetBSD: distinfo,v 1.2.2.1 2020/08/28 19:07:14 bsiegert Exp $
 
-SHA1 (https-everywhere-2020.5.20-eff.xpi) = 13c6f2304a23b978732d044988bc02d818d36656
-RMD160 (https-everywhere-2020.5.20-eff.xpi) = 2b1d3d51ad60a4464dc11cc4b5dd6f64c9fbcb9c
-SHA512 (https-everywhere-2020.5.20-eff.xpi) = 1c7481b9e3c0c7e74725f6e88bce6e48bcef946c2371e74b90084cac081b1ee4c784be6bae3f8287b9bb50e16a486d02782ba0f3762d8a941ba72e6b4b1b75b7
-Size (https-everywhere-2020.5.20-eff.xpi) = 1761982 bytes
+SHA1 (https-everywhere-2020.8.13-eff.xpi) = d44d992b2dab30faa34285d7c0ced5ed0015de9a
+RMD160 (https-everywhere-2020.8.13-eff.xpi) = 58a4f36760fda2046feb274b1e13c9fb7a7c6ce9
+SHA512 (https-everywhere-2020.8.13-eff.xpi) = 7fe39727dee22801e5533b8a3e3c6d135ab8262313f8eba91a0bbd51131e97cd4bf9aa740afc579d4c6f03d1cea58b4f61cdd17bd391c353dd0a89f224f13f83
+Size (https-everywhere-2020.8.13-eff.xpi) = 1766618 bytes

security/tor-browser-noscript/Makefile

@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.2 2020/06/06 20:55:14 wiz Exp $
+# $NetBSD: Makefile,v 1.2.2.3 2020/08/28 19:07:20 bsiegert Exp $
 
-VERSION=	11.0.30
+VERSION=	11.0.41
 DISTNAME=	noscript-${VERSION}
 PKGNAME=	tor-browser-${DISTNAME}
 CATEGORIES=	security www

security/tor-browser-noscript/distinfo

@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.2 2020/06/06 20:55:14 wiz Exp $
+$NetBSD: distinfo,v 1.2.2.3 2020/08/28 19:07:20 bsiegert Exp $
 
-SHA1 (noscript-11.0.30.xpi) = 9c854ab4a1fc3835721c4b5c06d58871ccd37405
-RMD160 (noscript-11.0.30.xpi) = ec0a9af22ccba82cc130089d815100e8cc3f288e
-SHA512 (noscript-11.0.30.xpi) = 9d3a860a1ebd0153e153cc85d31419902f80139c1c8e6079cdfc5218c8663fae4fcbacc431c9a683f6d82a56df89483d84d9f6589956177ace59b6429e614b7a
-Size (noscript-11.0.30.xpi) = 585901 bytes
+SHA1 (noscript-11.0.41.xpi) = 8ef865cb7c67b0529be8812456410e5bbe8ba39f
+RMD160 (noscript-11.0.41.xpi) = b6052099a375ae3feca989977ecfb5af9b14f77c
+SHA512 (noscript-11.0.41.xpi) = d28dfe02881d6e2bfcc89dc6e1cfe76e2d8167c0dcfed0a2cf556810522b84d052ca02bd21f73f572d923582e583f243f87895cf724af74407a217b17aef62f2
+Size (noscript-11.0.41.xpi) = 594369 bytes

security/tor-browser/Makefile

@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.68 2020/06/18 12:56:40 wiz Exp $
+# $NetBSD: Makefile,v 1.68.2.3 2020/08/28 19:05:42 bsiegert Exp $
 
-DISTNAME=	src-firefox-tor-browser-68.9.0esr-9.5-1-build2
-PKGNAME=	tor-browser-9.5
-PKGREVISION=	2
+DISTNAME=	src-firefox-tor-browser-68.12.0esr-9.5-1-build1
+PKGNAME=	tor-browser-9.5.4
 CATEGORIES=	security www
 MASTER_SITES=	https://dist.torproject.org/torbrowser/${PKGVERSION_NOREV}/
 EXTRACT_SUFX=	.tar.xz
@@ -18,16 +17,19 @@ LICENSE=	mpl-1.1
 WRKSRC=		${WRKDIR}/${DISTNAME:S/src-//}
 
 DEPENDS+=	tor-[0-9]*:../../net/tor
-DEPENDS+=	tor-browser-https-everywhere-[0-9]*:../../security/tor-browser-https-everywhere
-DEPENDS+=	tor-browser-noscript-[0-9]*:../../security/tor-browser-noscript
+DEPENDS+=	tor-browser-https-everywhere>=2020.5.20:../../security/tor-browser-https-everywhere
+DEPENDS+=	tor-browser-noscript>=11.0.32:../../security/tor-browser-noscript
 
 # How to update this package:
 #
 # replace all patches with the one from the correspoding www/firefox${ESR_RELEASE}
-# BUT keep patch-xpcom_io_TorFileUtils.cpp
-# AND keep patch-browser_app_profile_000-tor-browser.js
-# AND the second chunk of patch-toolkit_moz.configure
-# (AND if necessary patch-.mozconfig)
+# compare e.g. the output of
+# diff -r -I NetBSD . ../../www/firefox68
+# BUT keep:
+# patch-.mozconfig (if still necessary)
+# patch-browser_app_profile_000-tor-browser.js
+# patch-toolkit_moz.configure (second chunk)
+# patch-xpcom_io_TorFileUtils.cpp
 # make the patches apply
 #
 # when packaged up, read MESSAGE and test by visiting https://check.torproject.org
@@ -126,5 +128,4 @@ post-install:
 		${DESTDIR}${PREFIX}/lib/tor-browser/browser/fonts
 
 .include "../../sysutils/desktop-file-utils/desktopdb.mk"
-.include "../../sysutils/dbus-glib/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"

security/tor-browser/distinfo

@@ -1,20 +1,29 @@
-$NetBSD: distinfo,v 1.23 2020/06/18 12:56:40 wiz Exp $
+$NetBSD: distinfo,v 1.23.2.3 2020/08/28 19:05:42 bsiegert Exp $
 
-SHA1 (src-firefox-tor-browser-68.9.0esr-9.5-1-build2.tar.xz) = 27b3e18e92341557b9c8b18afd114d458dd2e403
-RMD160 (src-firefox-tor-browser-68.9.0esr-9.5-1-build2.tar.xz) = db61ef7788f1b6c4111e7a4c6df56c7bd51e6777
-SHA512 (src-firefox-tor-browser-68.9.0esr-9.5-1-build2.tar.xz) = 5a8db89e2bd60980bd00d779c23433014b2d4e29bd55cc81ec83115fb62d79246e73b36cee765b285cadd9306b57f737264549936431898e78717be01200a435
-Size (src-firefox-tor-browser-68.9.0esr-9.5-1-build2.tar.xz) = 348699028 bytes
-SHA1 (tor-browser-linux64-9.5_en-US.tar.xz) = 3f84ce557b01fe22157f52d7387f979ee2824da6
-RMD160 (tor-browser-linux64-9.5_en-US.tar.xz) = df45b10a19916d79f65d99f87505d0ecce55a8fe
-SHA512 (tor-browser-linux64-9.5_en-US.tar.xz) = 7534711c12192e937c3a71ea5d3f1d3786d0cb5da6c3f9f8db5c5950c9c342a60fbcc9c4bded2fcea1e5342de3c09b41641154c4fa757734afa21c81f223b5b2
-Size (tor-browser-linux64-9.5_en-US.tar.xz) = 79022648 bytes
+SHA1 (src-firefox-tor-browser-68.12.0esr-9.5-1-build1.tar.xz) = 2d6081a8ad82e3095970f1d1a41f130024454e3d
+RMD160 (src-firefox-tor-browser-68.12.0esr-9.5-1-build1.tar.xz) = 7c262331bfc168604d03f8f59ef7f349055f4f5b
+SHA512 (src-firefox-tor-browser-68.12.0esr-9.5-1-build1.tar.xz) = 4674308ff40a65859c892a9a4e01e1506daded409e761c4ddb24d4f98ec73b63c86d2d051b05b1b8655dd5df894a59117752ee2e9a0c3e643577a3576c62aab3
+Size (src-firefox-tor-browser-68.12.0esr-9.5-1-build1.tar.xz) = 348639116 bytes
+SHA1 (tor-browser-linux64-9.5.4_en-US.tar.xz) = 8f4665912642c86e1161b788a7398478952107d8
+RMD160 (tor-browser-linux64-9.5.4_en-US.tar.xz) = 53025eff780989ece3f7089d272c1b6623519e6b
+SHA512 (tor-browser-linux64-9.5.4_en-US.tar.xz) = 2b69874c476e78c88eeae795cf530ed67b4319535dfbe092bb1e5cb83b9f1a021ea568ed1efeb61b0b5475d90495b3fd3005c51ec2d75d46c893b225e236dd66
+Size (tor-browser-linux64-9.5.4_en-US.tar.xz) = 79033640 bytes
 SHA1 (patch-.mozconfig) = 66fbb2f113091eee1f022cd656231f845b04b0f8
 SHA1 (patch-aa) = 9f7200c411cd2217a80ec10a276c8877bc6b845c
 SHA1 (patch-browser_app_profile_000-tor-browser.js) = 84a0a15605fff0e22f3150bce901a296fc920280
 SHA1 (patch-browser_app_profile_firefox.js) = cf93582b68b8d4e72c3c25682ab9138e185418c8
 SHA1 (patch-build_moz.configure_rust.configure) = b57a9b1451dc426d75774f73d7c05fc98fe6e317
+SHA1 (patch-config_gcc-stl-wrapper.template.h) = 11b45e0c7a9399c5b74b170648280a388dd67d89
+SHA1 (patch-config_makefiles_rust.mk) = 41f88d91b3ebcc55085b3e6c37f9ec2995fc9c7b
 SHA1 (patch-dom_base_nsAttrName.h) = ac7ba441a3b27df2855cf2673eea36b1cb44ad49
 SHA1 (patch-dom_media_CubebUtils.cpp) = 3cd2c65ab281d802c56216565970450767a3fb24
+SHA1 (patch-dom_webauthn_u2f-hid-rs_src_lib.rs) = c0dfe8b1e7ebbc7c1d6066c204030f13b063b8d7
+SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_device.rs) = 091ffab5bd6a15425acb2ab023cc26f6b23324c6
+SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_fd.rs) = 57f5c3c879b07375234e5cb0cbe0469b15105a6a
+SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_mod.rs) = 7160fc9fe6d197b42104856b997337f823d2a791
+SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_monitor.rs) = 527722bd4fbf0aca07d710e0a8b73f95b2adad40
+SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_transaction.rs) = aeafe7c1df614bb5e46cb7fb1cb351001f292caf
+SHA1 (patch-dom_webauthn_u2f-hid-rs_src_netbsd_uhid.rs) = c1d2157350803fb3eaef6f7a00e7c81dd9cf708b
 SHA1 (patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp) = e458c9c8dc66edc69c1874734af28a77fc5e3993
 SHA1 (patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h) = 2f73c76c48852613e0c55c1680fcc2a9eb3cf4ef
 SHA1 (patch-gfx_gl_GLContextProviderGLX.cpp) = 2c909a10a341e600392417240ad0c556f495d6ba

security/tor-browser/options.mk

@@ -1,9 +1,9 @@
-# $NetBSD: options.mk,v 1.6 2020/06/07 13:06:00 wiz Exp $
+# $NetBSD: options.mk,v 1.6.2.1 2020/08/28 19:05:42 bsiegert Exp $
 
 PKG_OPTIONS_VAR=	PKG_OPTIONS.tor-browser
-PKG_SUPPORTED_OPTIONS+=	alsa debug debug-info mozilla-jemalloc pulseaudio
+PKG_SUPPORTED_OPTIONS+=	alsa dbus debug debug-info mozilla-jemalloc pulseaudio
 
-PKG_SUGGESTED_OPTIONS.Linux+=	alsa mozilla-jemalloc
+PKG_SUGGESTED_OPTIONS.Linux+=	alsa dbus mozilla-jemalloc
 
 .include "../../mk/bsd.fast.prefs.mk"
 
@@ -20,6 +20,13 @@ CONFIGURE_ARGS+=	--enable-alsa
 CONFIGURE_ARGS+=	--disable-alsa
 .endif
 
+.if !empty(PKG_OPTIONS:Mdbus)
+CONFIGURE_ARGS+=	--enable-dbus
+.include "../../sysutils/dbus-glib/buildlink3.mk"
+.else
+CONFIGURE_ARGS+=	--disable-dbus
+.endif
+
 .if !empty(PKG_OPTIONS:Mmozilla-jemalloc)
 CONFIGURE_ARGS+=	--enable-jemalloc
 .else

security/tor-browser/patches/patch-config_gcc-stl-wrapper.template.h

@@ -0,0 +1,29 @@
+$NetBSD: patch-config_gcc-stl-wrapper.template.h,v 1.1.2.2 2020/07/09 06:27:47 bsiegert Exp $
+
+--- config/gcc-stl-wrapper.template.h.orig	2020-03-05 20:56:39.000000000 +0000
++++ config/gcc-stl-wrapper.template.h
+@@ -28,14 +28,14 @@
+ #endif
+ 
+ // Don't include mozalloc for cstdlib. See bug 1245076.
+-#ifndef moz_dont_include_mozalloc_for_cstdlib
+-#  define moz_dont_include_mozalloc_for_cstdlib
++#ifndef moz_dont_include_mozalloc_for_${HEADER}
++#  define moz_dont_include_mozalloc_for_${HEADER}
+ #endif
+ 
+ // Include mozalloc after the STL header and all other headers it includes
+ // have been preprocessed.
+ #if !defined(MOZ_INCLUDE_MOZALLOC_H) && \
+-    !defined(moz_dont_include_mozalloc_for_${HEADER})
++    !defined(moz_dont_include_mozalloc_for_cstdlib)
+ #  define MOZ_INCLUDE_MOZALLOC_H
+ #  define MOZ_INCLUDE_MOZALLOC_H_FROM_${HEADER}
+ #endif
+@@ -64,4 +64,6 @@
+ #  include "mozilla/throw_gcc.h"
+ #endif
+ 
++#undef moz_dont_include_mzalloc_for_${HEADER}
++
+ #endif  // if mozilla_${HEADER}_h

security/tor-browser/patches/patch-config_makefiles_rust.mk

@@ -0,0 +1,17 @@
+$NetBSD: patch-config_makefiles_rust.mk,v 1.2.2.2 2020/08/28 19:05:42 bsiegert Exp $
+
+NetBSD<10 doesn't get along with parallel rust builds (it causes issues
+with ld.so) which are the default. Force -j1.
+
+--- config/makefiles/rust.mk.orig	2020-08-18 09:41:09.000000000 +0000
++++ config/makefiles/rust.mk
+@@ -59,6 +59,9 @@ endif
+ ifdef CARGO_INCREMENTAL
+ export CARGO_INCREMENTAL
+ endif
++ifeq ($(OS_ARCH),NetBSD)
++cargo_build_flags += -j1
++endif
+ 
+ rustflags_neon =
+ ifeq (neon,$(MOZ_FPU))

security/tor-browser/patches/patch-dom_webauthn_u2f-hid-rs_src_lib.rs

@@ -0,0 +1,34 @@
+$NetBSD: patch-dom_webauthn_u2f-hid-rs_src_lib.rs,v 1.1.2.2 2020/08/28 19:05:42 bsiegert Exp $
+
+Add NetBSD support for U2F.
+
+--- dom/webauthn/u2f-hid-rs/src/lib.rs.orig	2020-06-22 22:55:03.000000000 +0000
++++ dom/webauthn/u2f-hid-rs/src/lib.rs
+@@ -5,7 +5,7 @@
+ #[macro_use]
+ mod util;
+ 
+-#[cfg(any(target_os = "linux", target_os = "freebsd"))]
++#[cfg(any(target_os = "linux", target_os = "freebsd", target_os = "netbsd"))]
+ pub mod hidproto;
+ 
+ #[cfg(any(target_os = "linux"))]
+@@ -22,6 +22,10 @@ extern crate devd_rs;
+ #[path = "freebsd/mod.rs"]
+ pub mod platform;
+ 
++#[cfg(any(target_os = "netbsd"))]
++#[path = "netbsd/mod.rs"]
++pub mod platform;
++
+ #[cfg(any(target_os = "macos"))]
+ extern crate core_foundation;
+ 
+@@ -36,6 +40,7 @@ pub mod platform;
+ #[cfg(not(any(
+     target_os = "linux",
+     target_os = "freebsd",
++    target_os = "netbsd",
+     target_os = "macos",
+     target_os = "windows"
+ )))]

security/tor-browser/patches/patch-dom_webauthn_u2f-hid-rs_src_netbsd_device.rs

@@ -0,0 +1,141 @@
+$NetBSD: patch-dom_webauthn_u2f-hid-rs_src_netbsd_device.rs,v 1.1.2.2 2020/08/28 19:05:42 bsiegert Exp $
+
+Add NetBSD support for U2F.
+
+--- dom/webauthn/u2f-hid-rs/src/netbsd/device.rs.orig	2020-07-15 16:19:08.142403669 +0000
++++ dom/webauthn/u2f-hid-rs/src/netbsd/device.rs
+@@ -0,0 +1,134 @@
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this
++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++extern crate libc;
++
++use std::mem;
++use std::io::Read;
++use std::io::Write;
++use std::io;
++
++use consts::CID_BROADCAST;
++use consts::HID_RPT_SIZE;
++use platform::fd::Fd;
++use platform::uhid;
++use u2ftypes::U2FDevice;
++use util::io_err;
++
++#[derive(Debug)]
++pub struct Device {
++    fd: Fd,
++    cid: [u8; 4],
++}
++
++impl Device {
++    pub fn new(fd: Fd) -> io::Result<Self> {
++        Ok(Self { fd, cid: CID_BROADCAST })
++    }
++
++    pub fn is_u2f(&mut self) -> bool {
++        if !uhid::is_u2f_device(&self.fd) {
++            return false;
++        }
++        // This step is not strictly necessary -- NetBSD puts fido
++        // devices into raw mode automatically by default, but in
++        // principle that might change, and this serves as a test to
++        // verify that we're running on a kernel with support for raw
++        // mode at all so we don't get confused issuing writes that try
++        // to set the report descriptor rather than transfer data on
++        // the output interrupt pipe as we need.
++        match uhid::hid_set_raw(&self.fd, true) {
++            Ok(_) => (),
++            Err(_) => return false,
++        }
++        if let Err(_) = self.ping() {
++            return false;
++        }
++        true
++    }
++
++    fn ping(&mut self) -> io::Result<()> {
++        for i in 0..10 {
++            let mut buf = vec![0u8; 1 + HID_RPT_SIZE];
++
++            buf[0] = 0;         // report number
++            buf[1] = 0xff;      // CID_BROADCAST
++            buf[2] = 0xff;
++            buf[3] = 0xff;
++            buf[4] = 0xff;
++            buf[5] = 0x81;      // ping
++            buf[6] = 0;
++            buf[7] = 1;         // one byte
++
++            self.write(&buf[..])?;
++
++            // Wait for response
++            let mut pfd: libc::pollfd = unsafe { mem::zeroed() };
++            pfd.fd = self.fd.fileno;
++            pfd.events = libc::POLLIN;
++            let nfds = unsafe { libc::poll(&mut pfd, 1, 100) };
++            if nfds == -1 {
++                return Err(io::Error::last_os_error());
++            }
++            if nfds == 0 {
++                debug!("device timeout {}", i);
++                continue;
++            }
++
++            // Read response
++            self.read(&mut buf[..])?;
++
++            return Ok(());
++        }
++
++        Err(io_err("no response from device"))
++    }
++}
++
++impl PartialEq for Device {
++    fn eq(&self, other: &Device) -> bool {
++        self.fd == other.fd
++    }
++}
++
++impl Read for Device {
++    fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
++        let bufp = buf.as_mut_ptr() as *mut libc::c_void;
++        let nread = unsafe { libc::read(self.fd.fileno, bufp, buf.len()) };
++        if nread == -1 {
++            return Err(io::Error::last_os_error());
++        }
++        Ok(nread as usize)
++    }
++}
++
++impl Write for Device {
++    fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
++        // Always skip the first byte (report number)
++        let data = &buf[1..];
++        let data_ptr = data.as_ptr() as *const libc::c_void;
++        let nwrit = unsafe {
++            libc::write(self.fd.fileno, data_ptr, data.len())
++        };
++        if nwrit == -1 {
++            return Err(io::Error::last_os_error());
++        }
++        // Pretend we wrote the report number byte
++        Ok(nwrit as usize + 1)
++    }
++
++    fn flush(&mut self) -> io::Result<()> {
++        Ok(())
++    }
++}
++
++impl U2FDevice for Device {
++    fn get_cid<'a>(&'a self) -> &'a [u8; 4] {
++        &self.cid
++    }
++
++    fn set_cid(&mut self, cid: [u8; 4]) {
++        self.cid = cid;
++    }
++}

security/tor-browser/patches/patch-dom_webauthn_u2f-hid-rs_src_netbsd_fd.rs

@@ -0,0 +1,54 @@
+$NetBSD: patch-dom_webauthn_u2f-hid-rs_src_netbsd_fd.rs,v 1.1.2.2 2020/08/28 19:05:42 bsiegert Exp $
+
+Add NetBSD support for U2F.
+
+--- dom/webauthn/u2f-hid-rs/src/netbsd/fd.rs.orig	2020-07-15 16:19:08.142740434 +0000
++++ dom/webauthn/u2f-hid-rs/src/netbsd/fd.rs
+@@ -0,0 +1,47 @@
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this
++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++extern crate libc;
++
++use std::ffi::CString;
++use std::io;
++use std::mem;
++use std::os::raw::c_int;
++use std::os::unix::io::RawFd;
++
++#[derive(Debug)]
++pub struct Fd {
++    pub fileno: RawFd,
++}
++
++impl Fd {
++    pub fn open(path: &str, flags: c_int) -> io::Result<Fd> {
++        let cpath = CString::new(path.as_bytes())?;
++        let rv = unsafe { libc::open(cpath.as_ptr(), flags) };
++        if rv == -1 {
++            return Err(io::Error::last_os_error());
++        }
++        Ok(Fd { fileno: rv })
++    }
++}
++
++impl Drop for Fd {
++    fn drop(&mut self) {
++        unsafe { libc::close(self.fileno) };
++    }
++}
++
++impl PartialEq for Fd {
++    fn eq(&self, other: &Fd) -> bool {
++        let mut st: libc::stat = unsafe { mem::zeroed() };
++        let mut sto: libc::stat = unsafe { mem::zeroed() };
++        if unsafe { libc::fstat(self.fileno, &mut st) } == -1 {
++            return false;
++        }
++        if unsafe { libc::fstat(other.fileno, &mut sto) } == -1 {
++            return false;
++        }
++        (st.st_dev == sto.st_dev) & (st.st_ino == sto.st_ino)
++    }
++}

security/tor-browser/patches/patch-dom_webauthn_u2f-hid-rs_src_netbsd_mod.rs

@@ -0,0 +1,17 @@
+$NetBSD: patch-dom_webauthn_u2f-hid-rs_src_netbsd_mod.rs,v 1.1.2.2 2020/08/28 19:05:42 bsiegert Exp $
+
+Add NetBSD support for U2F.
+
+--- dom/webauthn/u2f-hid-rs/src/netbsd/mod.rs.orig	2020-07-15 16:19:08.143016295 +0000
++++ dom/webauthn/u2f-hid-rs/src/netbsd/mod.rs
+@@ -0,0 +1,10 @@
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this
++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++pub mod device;
++pub mod transaction;
++
++mod fd;
++mod monitor;
++mod uhid;

security/tor-browser/patches/patch-dom_webauthn_u2f-hid-rs_src_netbsd_monitor.rs

@@ -0,0 +1,96 @@
+$NetBSD: patch-dom_webauthn_u2f-hid-rs_src_netbsd_monitor.rs,v 1.1.2.2 2020/08/28 19:05:42 bsiegert Exp $
+
+Add NetBSD support for U2F.
+
+--- dom/webauthn/u2f-hid-rs/src/netbsd/monitor.rs.orig	2020-07-15 16:19:08.143281894 +0000
++++ dom/webauthn/u2f-hid-rs/src/netbsd/monitor.rs
+@@ -0,0 +1,89 @@
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this
++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++use std::collections::HashMap;
++use std::ffi::OsString;
++use std::io;
++use std::sync::Arc;
++use std::thread;
++use std::time::Duration;
++
++use runloop::RunLoop;
++
++use platform::fd::Fd;
++
++// XXX Should use drvctl, but it doesn't do pubsub properly yet so
++// DRVGETEVENT requires write access to /dev/drvctl.  Instead, for now,
++// just poll every 500ms.
++const POLL_TIMEOUT: u64 = 500;
++
++pub struct Monitor<F>
++where
++    F: Fn(Fd, &dyn Fn() -> bool) + Send + Sync + 'static,
++{
++    runloops: HashMap<OsString, RunLoop>,
++    new_device_cb: Arc<F>,
++}
++
++impl<F> Monitor<F>
++where
++    F: Fn(Fd, &dyn Fn() -> bool) + Send + Sync + 'static,
++{
++    pub fn new(new_device_cb: F) -> Self {
++        Self {
++            runloops: HashMap::new(),
++            new_device_cb: Arc::new(new_device_cb),
++        }
++    }
++
++    pub fn run(&mut self, alive: &dyn Fn() -> bool) -> io::Result<()> {
++        while alive() {
++            for n in 0..100 {
++                let uhidpath = format!("/dev/uhid{}", n);
++                match Fd::open(&uhidpath, libc::O_RDWR | libc::O_CLOEXEC) {
++                    Ok(uhid) => {
++                        self.add_device(uhid, OsString::from(&uhidpath));
++                    },
++                    Err(ref err) => {
++                        match err.raw_os_error() {
++                            Some(libc::EBUSY) => continue,
++                            Some(libc::ENOENT) => break,
++                            _ => self.remove_device(OsString::from(&uhidpath)),
++                        }
++                    },
++                }
++            }
++            thread::sleep(Duration::from_millis(POLL_TIMEOUT));
++        }
++        self.remove_all_devices();
++        Ok(())
++    }
++
++    fn add_device(&mut self, fd: Fd, path: OsString) {
++        let f = self.new_device_cb.clone();
++
++        let runloop = RunLoop::new(move |alive| {
++            if alive() {
++                f(fd, alive);
++            }
++        });
++
++        if let Ok(runloop) = runloop {
++            self.runloops.insert(path.clone(), runloop);
++        }
++    }
++
++    fn remove_device(&mut self, path: OsString) {
++        if let Some(runloop) = self.runloops.remove(&path) {
++            runloop.cancel();
++        }
++    }
++
++    fn remove_all_devices(&mut self) {
++        while !self.runloops.is_empty() {
++            let path = self.runloops.keys().next().unwrap().clone();
++            self.remove_device(path);
++        }
++    }
++}

security/tor-browser/patches/patch-dom_webauthn_u2f-hid-rs_src_netbsd_transaction.rs

@@ -0,0 +1,57 @@
+$NetBSD: patch-dom_webauthn_u2f-hid-rs_src_netbsd_transaction.rs,v 1.1.2.2 2020/08/28 19:05:42 bsiegert Exp $
+
+Add NetBSD support for U2F.
+
+--- dom/webauthn/u2f-hid-rs/src/netbsd/transaction.rs.orig	2020-07-15 16:19:08.143583561 +0000
++++ dom/webauthn/u2f-hid-rs/src/netbsd/transaction.rs
+@@ -0,0 +1,50 @@
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this
++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++use runloop::RunLoop;
++use util::OnceCallback;
++
++use platform::fd::Fd;
++use platform::monitor::Monitor;
++
++pub struct Transaction {
++    // Handle to the thread loop.
++    thread: Option<RunLoop>,
++}
++
++impl Transaction {
++    pub fn new<F, T>(
++        timeout: u64,
++        callback: OnceCallback<T>,
++        new_device_cb: F,
++    ) -> Result<Self, ::Error>
++    where
++        F: Fn(Fd, &dyn Fn() -> bool) + Sync + Send + 'static,
++        T: 'static,
++    {
++        let thread = RunLoop::new_with_timeout(
++            move |alive| {
++                // Create a new device monitor.
++                let mut monitor = Monitor::new(new_device_cb);
++
++                // Start polling for new devices.
++                try_or!(monitor.run(alive), |_| callback.call(Err(::Error::Unknown)));
++
++                // Send an error, if the callback wasn't called already.
++                callback.call(Err(::Error::NotAllowed));
++            },
++            timeout,
++        )
++        .map_err(|_| ::Error::Unknown)?;
++
++        Ok(Self {
++            thread: Some(thread),
++        })
++    }
++
++    pub fn cancel(&mut self) {
++        // This must never be None.
++        self.thread.take().unwrap().cancel();
++    }
++}

security/tor-browser/patches/patch-dom_webauthn_u2f-hid-rs_src_netbsd_uhid.rs

@@ -0,0 +1,86 @@
+$NetBSD: patch-dom_webauthn_u2f-hid-rs_src_netbsd_uhid.rs,v 1.1.2.2 2020/08/28 19:05:42 bsiegert Exp $
+
+Add NetBSD support for U2F.
+
+--- dom/webauthn/u2f-hid-rs/src/netbsd/uhid.rs.orig	2020-07-15 16:19:08.143860020 +0000
++++ dom/webauthn/u2f-hid-rs/src/netbsd/uhid.rs
+@@ -0,0 +1,79 @@
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this
++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++extern crate libc;
++
++use std::io;
++use std::mem;
++use std::os::raw::c_int;
++use std::os::raw::c_uchar;
++
++use hidproto::ReportDescriptor;
++use hidproto::has_fido_usage;
++use platform::fd::Fd;
++use util::io_err;
++
++/* sys/ioccom.h */
++
++const IOCPARM_MASK: u32 = 0x1fff;
++const IOCPARM_SHIFT: u32 = 16;
++const IOCGROUP_SHIFT: u32 = 8;
++
++//const IOC_VOID: u32 = 0x20000000;
++const IOC_OUT: u32 = 0x40000000;
++const IOC_IN: u32 = 0x80000000;
++//const IOC_INOUT: u32 = IOC_IN|IOC_OUT;
++
++macro_rules! ioctl {
++    ($dir:expr, $name:ident, $group:expr, $nr:expr, $ty:ty) => {
++        unsafe fn $name(fd: libc::c_int, val: *mut $ty)
++                -> io::Result<libc::c_int> {
++            let ioc = ($dir as u32)
++                | ((mem::size_of::<$ty>() as u32 & IOCPARM_MASK)
++                   << IOCPARM_SHIFT)
++                | (($group as u32) << IOCGROUP_SHIFT)
++                | ($nr as u32);
++            let rv = libc::ioctl(fd, ioc as libc::c_ulong, val);
++            if rv == -1 {
++                return Err(io::Error::last_os_error());
++            }
++            Ok(rv)
++        }
++    };
++}
++
++#[allow(non_camel_case_types)]
++#[repr(C)]
++struct usb_ctl_report_desc {
++    ucrd_size: c_int,
++    ucrd_data: [c_uchar; 1024],
++}
++
++ioctl!(IOC_OUT, usb_get_report_desc, b'U', 21, usb_ctl_report_desc);
++
++fn read_report_descriptor(fd: &Fd) -> io::Result<ReportDescriptor> {
++    let mut desc = unsafe { mem::zeroed() };
++    unsafe { usb_get_report_desc(fd.fileno, &mut desc) }?;
++    if desc.ucrd_size < 0 {
++        return Err(io_err("negative report descriptor size"));
++    }
++    let size = desc.ucrd_size as usize;
++    let value = Vec::from(&desc.ucrd_data[..size]);
++    Ok(ReportDescriptor { value })
++}
++
++pub fn is_u2f_device(fd: &Fd) -> bool {
++    match read_report_descriptor(fd) {
++        Ok(desc) => has_fido_usage(desc),
++        Err(_) => false,
++    }
++}
++
++ioctl!(IOC_IN, usb_hid_set_raw_ioctl, b'h', 2, c_int);
++
++pub fn hid_set_raw(fd: &Fd, raw: bool) -> io::Result<()> {
++    let mut raw_int: c_int = if raw { 1 } else { 0 };
++    unsafe { usb_hid_set_raw_ioctl(fd.fileno, &mut raw_int) }?;
++    Ok(())
++}

shells/fish/Makefile

@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.25 2020/06/14 22:52:10 js Exp $
+# $NetBSD: Makefile,v 1.25.2.1 2020/07/09 06:47:08 bsiegert Exp $
 
 DISTNAME=		fish-3.1.2
 PKGREVISION=		1
@@ -47,6 +47,9 @@ post-extract:
 .include "../../devel/pcre2/buildlink3.mk"
 .include "../../devel/gettext-lib/buildlink3.mk"
 .include "../../devel/gettext-tools/buildlink3.mk"
+.if !empty(PKGSRC_COMPILER:M*gcc*)
+.  include "../../devel/libatomic/buildlink3.mk"
+.endif
 .include "../../lang/python/application.mk"
 .include "../../mk/curses.buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"

sysutils/xenkernel411/Makefile

@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.13 2020/04/15 15:37:19 bouyer Exp $
+# $NetBSD: Makefile,v 1.13.2.1 2020/08/28 15:37:49 bsiegert Exp $
 
 VERSION=	4.11.3
-PKGREVISION=	2
+PKGREVISION=	3
 DISTNAME=	xen-${VERSION}
 PKGNAME=	xenkernel411-${VERSION}
 CATEGORIES=	sysutils

sysutils/xenkernel411/distinfo

@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.11 2020/04/15 15:45:04 bouyer Exp $
+$NetBSD: distinfo,v 1.11.2.1 2020/08/28 15:37:49 bsiegert Exp $
 
 SHA1 (xen411/xen-4.11.3.tar.gz) = 2d77152168d6f9dcea50db9cb8e3e6a0720a4a1b
 RMD160 (xen411/xen-4.11.3.tar.gz) = cfb2e699842867b60d25a01963c564a6c5e580da
@@ -12,7 +12,12 @@ SHA1 (patch-XSA310) = 77b711f4b75de1d473a6988eb6f2b48e37cc353a
 SHA1 (patch-XSA311) = 4d3e6cc39c2b95cb3339961271df2bc885667927
 SHA1 (patch-XSA313) = b2f281d6aed1207727cd454dcb5e914c7f6fb44b
 SHA1 (patch-XSA316) = 9cce683315e4c1ca6d53b578e69ae71e1db2b3eb
+SHA1 (patch-XSA317) = 3a3e7bf8f115bebaf56001afcf68c2bd501c00a5
 SHA1 (patch-XSA318) = d0dcbb99ab584098aed7995a7a05d5bf4ac28d47
+SHA1 (patch-XSA319) = 4954bdc849666e1c735c3281256e4850c0594ee8
+SHA1 (patch-XSA320) = 38d84a2ded4ccacee455ba64eb3b369e5661fbfd
+SHA1 (patch-XSA321) = 5281304282a26ee252344ec26b07d25ac4ce8b54
+SHA1 (patch-XSA328) = a9b02c183a5dbfb6c0fe50824f18896fcab4a9e9
 SHA1 (patch-xen_Makefile) = 465388d80de414ca3bb84faefa0f52d817e423a6
 SHA1 (patch-xen_Rules.mk) = c743dc63f51fc280d529a7d9e08650292c171dac
 SHA1 (patch-xen_arch_x86_Rules.mk) = 0bedfc53a128a87b6a249ae04fbdf6a053bfb70b

sysutils/xenkernel411/patches/patch-XSA317

@@ -0,0 +1,52 @@
+$NetBSD: patch-XSA317,v 1.1.2.2 2020/08/28 15:37:49 bsiegert Exp $
+
+From aeb46e92f915f19a61d5a8a1f4b696793f64e6fb Mon Sep 17 00:00:00 2001
+From: Julien Grall <jgrall@amazon.com>
+Date: Thu, 19 Mar 2020 13:17:31 +0000
+Subject: [PATCH] xen/common: event_channel: Don't ignore error in
+ get_free_port()
+
+Currently, get_free_port() is assuming that the port has been allocated
+when evtchn_allocate_port() is not return -EBUSY.
+
+However, the function may return an error when:
+    - We exhausted all the event channels. This can happen if the limit
+    configured by the administrator for the guest ('max_event_channels'
+    in xl cfg) is higher than the ABI used by the guest. For instance,
+    if the guest is using 2L, the limit should not be higher than 4095.
+    - We cannot allocate memory (e.g Xen has not more memory).
+
+Users of get_free_port() (such as EVTCHNOP_alloc_unbound) will validly
+assuming the port was valid and will next call evtchn_from_port(). This
+will result to a crash as the memory backing the event channel structure
+is not present.
+
+Fixes: 368ae9a05fe ("xen/pvshim: forward evtchn ops between L0 Xen and L2 DomU")
+Signed-off-by: Julien Grall <jgrall@amazon.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+---
+ xen/common/event_channel.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c
+index e86e2bfab0..a8d182b584 100644
+--- xen/common/event_channel.c.orig
++++ xen/common/event_channel.c
+@@ -195,10 +195,10 @@ static int get_free_port(struct domain *d)
+     {
+         int rc = evtchn_allocate_port(d, port);
+ 
+-        if ( rc == -EBUSY )
+-            continue;
+-
+-        return port;
++        if ( rc == 0 )
++            return port;
++        else if ( rc != -EBUSY )
++            return rc;
+     }
+ 
+     return -ENOSPC;
+-- 
+2.17.1
+

sysutils/xenkernel411/patches/patch-XSA319

@@ -0,0 +1,29 @@
+$NetBSD: patch-XSA319,v 1.1.2.2 2020/08/28 15:37:49 bsiegert Exp $
+
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/shadow: correct an inverted conditional in dirty VRAM tracking
+
+This originally was "mfn_x(mfn) == INVALID_MFN". Make it like this
+again, taking the opportunity to also drop the unnecessary nearby
+braces.
+
+This is XSA-319.
+
+Fixes: 246a5a3377c2 ("xen: Use a typesafe to define INVALID_MFN")
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
+
+--- xen/arch/x86/mm/shadow/common.c.orig
++++ xen/arch/x86/mm/shadow/common.c
+@@ -3252,10 +3252,8 @@ int shadow_track_dirty_vram(struct domai
+             int dirty = 0;
+             paddr_t sl1ma = dirty_vram->sl1ma[i];
+ 
+-            if ( !mfn_eq(mfn, INVALID_MFN) )
+-            {
++            if ( mfn_eq(mfn, INVALID_MFN) )
+                 dirty = 1;
+-            }
+             else
+             {
+                 page = mfn_to_page(mfn);

sysutils/xenkernel411/patches/patch-XSA320

@@ -0,0 +1,371 @@
+$NetBSD: patch-XSA320,v 1.1.2.2 2020/08/28 15:37:49 bsiegert Exp $
+
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Subject: x86/spec-ctrl: CPUID/MSR definitions for Special Register Buffer Data Sampling
+
+This is part of XSA-320 / CVE-2020-0543
+
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+Acked-by: Wei Liu <wl@xen.org>
+
+diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
+index 194615bfc5..9be18ac99f 100644
+--- docs/misc/xen-command-line.markdown.orig
++++ docs/misc/xen-command-line.markdown
+@@ -489,10 +489,10 @@ accounting for hardware capabilities as enumerated via CPUID.
+ 
+ Currently accepted:
+ 
+-The Speculation Control hardware features `md-clear`, `ibrsb`, `stibp`, `ibpb`,
+-`l1d-flush` and `ssbd` are used by default if available and applicable.  They can
+-be ignored, e.g. `no-ibrsb`, at which point Xen won't use them itself, and
+-won't offer them to guests.
++The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`,
++`stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and
++applicable.  They can be ignored, e.g. `no-ibrsb`, at which point Xen won't
++use them itself, and won't offer them to guests.
+ 
+ ### cpuid\_mask\_cpu (AMD only)
+ > `= fam_0f_rev_c | fam_0f_rev_d | fam_0f_rev_e | fam_0f_rev_f | fam_0f_rev_g | fam_10_rev_b | fam_10_rev_c | fam_11_rev_b`
+diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c
+index 5a1702d703..1235c8b91e 100644
+--- tools/libxl/libxl_cpuid.c.orig
++++ tools/libxl/libxl_cpuid.c
+@@ -202,6 +202,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str)
+ 
+         {"avx512-4vnniw",0x00000007,  0, CPUID_REG_EDX,  2,  1},
+         {"avx512-4fmaps",0x00000007,  0, CPUID_REG_EDX,  3,  1},
++        {"srbds-ctrl",   0x00000007,  0, CPUID_REG_EDX,  9,  1},
+         {"md-clear",     0x00000007,  0, CPUID_REG_EDX, 10,  1},
+         {"ibrsb",        0x00000007,  0, CPUID_REG_EDX, 26,  1},
+         {"stibp",        0x00000007,  0, CPUID_REG_EDX, 27,  1},
+diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c
+index 4c9af6b7f0..8fb54c3001 100644
+--- tools/misc/xen-cpuid.c.orig
++++ tools/misc/xen-cpuid.c
+@@ -142,6 +142,7 @@ static const char *str_7d0[32] =
+ {
+     [ 2] = "avx512_4vnniw", [ 3] = "avx512_4fmaps",
+ 
++    /*  8 */                [ 9] = "srbds-ctrl",
+     [10] = "md-clear",
+     /* 12 */                [13] = "tsx-force-abort",
+ 
+diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c
+index 04aefa555d..b8e5b6fe67 100644
+--- xen/arch/x86/cpuid.c.orig
++++ xen/arch/x86/cpuid.c
+@@ -58,6 +58,11 @@ static int __init parse_xen_cpuid(const char *s)
+             if ( !val )
+                 setup_clear_cpu_cap(X86_FEATURE_SSBD);
+         }
++        else if ( (val = parse_boolean("srbds-ctrl", s, ss)) >= 0 )
++        {
++            if ( !val )
++                setup_clear_cpu_cap(X86_FEATURE_SRBDS_CTRL);
++        }
+         else
+             rc = -EINVAL;
+ 
+diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c
+index ccb316c547..256e58d82b 100644
+--- xen/arch/x86/msr.c.orig
++++ xen/arch/x86/msr.c
+@@ -154,6 +154,7 @@ int guest_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val)
+         /* Write-only */
+     case MSR_TSX_FORCE_ABORT:
+     case MSR_TSX_CTRL:
++    case MSR_MCU_OPT_CTRL:
+         /* Not offered to guests. */
+         goto gp_fault;
+ 
+@@ -243,6 +244,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val)
+         /* Read-only */
+     case MSR_TSX_FORCE_ABORT:
+     case MSR_TSX_CTRL:
++    case MSR_MCU_OPT_CTRL:
+         /* Not offered to guests. */
+         goto gp_fault;
+ 
+diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
+index ab196b156d..94ab8dd786 100644
+--- xen/arch/x86/spec_ctrl.c.orig
++++ xen/arch/x86/spec_ctrl.c
+@@ -365,12 +365,13 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps)
+     printk("Speculative mitigation facilities:\n");
+ 
+     /* Hardware features which pertain to speculative mitigations. */
+-    printk("  Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
++    printk("  Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
+            (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS/IBPB" : "",
+            (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP"     : "",
+            (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "",
+            (_7d0 & cpufeat_mask(X86_FEATURE_SSBD))  ? " SSBD"      : "",
+            (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "",
++           (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "",
+            (e8b  & cpufeat_mask(X86_FEATURE_IBPB))  ? " IBPB"      : "",
+            (caps & ARCH_CAPS_IBRS_ALL)              ? " IBRS_ALL"  : "",
+            (caps & ARCH_CAPS_RDCL_NO)               ? " RDCL_NO"   : "",
+diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h
+index 1761a01f1f..480d1d8102 100644
+--- xen/include/asm-x86/msr-index.h.orig
++++ xen/include/asm-x86/msr-index.h
+@@ -177,6 +177,9 @@
+ #define MSR_IA32_VMX_TRUE_ENTRY_CTLS            0x490
+ #define MSR_IA32_VMX_VMFUNC                     0x491
+ 
++#define MSR_MCU_OPT_CTRL                    0x00000123
++#define  MCU_OPT_CTRL_RNGDS_MITG_DIS        (_AC(1, ULL) <<  0)
++
+ /* K7/K8 MSRs. Not complete. See the architecture manual for a more
+    complete list. */
+ #define MSR_K7_EVNTSEL0			0xc0010000
+diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h
+index a14d8a7013..9d210e74a0 100644
+--- xen/include/public/arch-x86/cpufeatureset.h.orig
++++ xen/include/public/arch-x86/cpufeatureset.h
+@@ -242,6 +242,7 @@ XEN_CPUFEATURE(IBPB,          8*32+12) /*A  IBPB support only (no IBRS, used by
+ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */
+ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A  AVX512 Neural Network Instructions */
+ XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A  AVX512 Multiply Accumulation Single Precision */
++XEN_CPUFEATURE(SRBDS_CTRL,    9*32+ 9) /*   MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */
+ XEN_CPUFEATURE(MD_CLEAR,      9*32+10) /*A  VERW clears microarchitectural buffers */
+ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */
+ XEN_CPUFEATURE(IBRSB,         9*32+26) /*A  IBRS and IBPB support (used by Intel) */
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Subject: x86/spec-ctrl: Mitigate the Special Register Buffer Data Sampling sidechannel
+
+See patch documentation and comments.
+
+This is part of XSA-320 / CVE-2020-0543
+
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
+index 9be18ac99f..3356e59fee 100644
+--- docs/misc/xen-command-line.markdown.orig
++++ docs/misc/xen-command-line.markdown
+@@ -1858,7 +1858,7 @@ false disable the quirk workaround, which is also the default.
+ ### spec-ctrl (x86)
+ > `= List of [ <bool>, xen=<bool>, {pv,hvm,msr-sc,rsb,md-clear}=<bool>,
+ >              bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu,
+->              l1d-flush}=<bool> ]`
++>              l1d-flush,srb-lock}=<bool> ]`
+ 
+ Controls for speculative execution sidechannel mitigations.  By default, Xen
+ will pick the most appropriate mitigations based on compiled in support,
+@@ -1930,6 +1930,12 @@ Irrespective of Xen's setting, the feature is virtualised for HVM guests to
+ use.  By default, Xen will enable this mitigation on hardware believed to be
+ vulnerable to L1TF.
+ 
++On hardware supporting SRBDS_CTRL, the `srb-lock=` option can be used to force
++or prevent Xen from protect the Special Register Buffer from leaking stale
++data. By default, Xen will enable this mitigation, except on parts where MDS
++is fixed and TAA is fixed/mitigated (in which case, there is believed to be no
++way for an attacker to obtain the stale data).
++
+ ### sync\_console
+ > `= <boolean>`
+ 
+diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c
+index 4c12794809..30e1bd5cd3 100644
+--- xen/arch/x86/acpi/power.c.orig
++++ xen/arch/x86/acpi/power.c
+@@ -266,6 +266,9 @@ static int enter_state(u32 state)
+     ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr);
+     spec_ctrl_exit_idle(ci);
+ 
++    if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) )
++        wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl);
++
+  done:
+     spin_debug_enable();
+     local_irq_restore(flags);
+diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c
+index 0887806e85..d24d215946 100644
+--- xen/arch/x86/smpboot.c.orig
++++ xen/arch/x86/smpboot.c
+@@ -369,12 +369,14 @@ void start_secondary(void *unused)
+         microcode_resume_cpu(cpu);
+ 
+     /*
+-     * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard
+-     * any firmware settings.  Note: MSR_SPEC_CTRL may only become available
+-     * after loading microcode.
++     * If any speculative control MSRs are available, apply Xen's default
++     * settings.  Note: These MSRs may only become available after loading
++     * microcode.
+      */
+     if ( boot_cpu_has(X86_FEATURE_IBRSB) )
+         wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl);
++    if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) )
++        wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl);
+ 
+     tsx_init(); /* Needs microcode.  May change HLE/RTM feature bits. */
+ 
+diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
+index 94ab8dd786..a306d10c34 100644
+--- xen/arch/x86/spec_ctrl.c.orig
++++ xen/arch/x86/spec_ctrl.c
+@@ -63,6 +63,9 @@ static unsigned int __initdata l1d_maxphysaddr;
+ static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */
+ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */
+ 
++static int8_t __initdata opt_srb_lock = -1;
++uint64_t __read_mostly default_xen_mcu_opt_ctrl;
++
+ static int __init parse_bti(const char *s)
+ {
+     const char *ss;
+@@ -166,6 +169,7 @@ static int __init parse_spec_ctrl(const char *s)
+             opt_ibpb = false;
+             opt_ssbd = false;
+             opt_l1d_flush = 0;
++            opt_srb_lock = 0;
+         }
+         else if ( val > 0 )
+             rc = -EINVAL;
+@@ -231,6 +235,8 @@ static int __init parse_spec_ctrl(const char *s)
+             opt_eager_fpu = val;
+         else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 )
+             opt_l1d_flush = val;
++        else if ( (val = parse_boolean("srb-lock", s, ss)) >= 0 )
++            opt_srb_lock = val;
+         else
+             rc = -EINVAL;
+ 
+@@ -394,7 +400,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps)
+                "\n");
+ 
+     /* Settings for Xen's protection, irrespective of guests. */
+-    printk("  Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s\n",
++    printk("  Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s\n",
+            thunk == THUNK_NONE      ? "N/A" :
+            thunk == THUNK_RETPOLINE ? "RETPOLINE" :
+            thunk == THUNK_LFENCE    ? "LFENCE" :
+@@ -405,6 +411,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps)
+            (default_xen_spec_ctrl & SPEC_CTRL_SSBD)  ? " SSBD+" : " SSBD-",
+            !(caps & ARCH_CAPS_TSX_CTRL)              ? "" :
+            (opt_tsx & 1)                             ? " TSX+" : " TSX-",
++           !boot_cpu_has(X86_FEATURE_SRBDS_CTRL)     ? "" :
++           opt_srb_lock                              ? " SRB_LOCK+" : " SRB_LOCK-",
+            opt_ibpb                                  ? " IBPB"  : "",
+            opt_l1d_flush                             ? " L1D_FLUSH" : "",
+            opt_md_clear_pv || opt_md_clear_hvm       ? " VERW"  : "");
+@@ -1196,6 +1204,34 @@ void __init init_speculation_mitigations(void)
+         tsx_init();
+     }
+ 
++    /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */
++    if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) )
++    {
++        uint64_t val;
++
++        rdmsrl(MSR_MCU_OPT_CTRL, val);
++
++        /*
++         * On some SRBDS-affected hardware, it may be safe to relax srb-lock
++         * by default.
++         *
++         * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way
++         * to access the Fill Buffer.  If TSX isn't available (inc. SKU
++         * reasons on some models), or TSX is explicitly disabled, then there
++         * is no need for the extra overhead to protect RDRAND/RDSEED.
++         */
++        if ( opt_srb_lock == -1 &&
++             (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO &&
++             (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && opt_tsx == 0)) )
++            opt_srb_lock = 0;
++
++        val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS;
++        if ( !opt_srb_lock )
++            val |= MCU_OPT_CTRL_RNGDS_MITG_DIS;
++
++        default_xen_mcu_opt_ctrl = val;
++    }
++
+     print_details(thunk, caps);
+ 
+     /*
+@@ -1227,6 +1263,9 @@ void __init init_speculation_mitigations(void)
+ 
+         wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl);
+     }
++
++    if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) )
++        wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl);
+ }
+ 
+ static void __init __maybe_unused build_assertions(void)
+diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h
+index 333d180b7e..bf10d2ce5c 100644
+--- xen/include/asm-x86/spec_ctrl.h.orig
++++ xen/include/asm-x86/spec_ctrl.h
+@@ -46,6 +46,8 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu;
+  */
+ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr;
+ 
++extern uint64_t default_xen_mcu_opt_ctrl;
++
+ static inline void init_shadow_spec_ctrl_state(void)
+ {
+     struct cpu_info *info = get_cpu_info();
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Subject: x86/spec-ctrl: Allow the RDRAND/RDSEED features to be hidden
+
+RDRAND/RDSEED can be hidden using cpuid= to mitigate SRBDS if microcode
+isn't available.
+
+This is part of XSA-320 / CVE-2020-0543.
+
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Acked-by: Julien Grall <jgrall@amazon.com>
+
+diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
+index 3356e59fee..ac397e7de0 100644
+--- docs/misc/xen-command-line.markdown.orig
++++ docs/misc/xen-command-line.markdown
+@@ -487,12 +487,18 @@ choice of `dom0-kernel` is deprecated and not supported by all Dom0 kernels.
+ This option allows for fine tuning of the facilities Xen will use, after
+ accounting for hardware capabilities as enumerated via CPUID.
+ 
++Unless otherwise noted, options only have any effect in their negative form,
++to hide the named feature(s).  Ignoring a feature using this mechanism will
++cause Xen not to use the feature, nor offer them as usable to guests.
++
+ Currently accepted:
+ 
+ The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`,
+ `stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and
+-applicable.  They can be ignored, e.g. `no-ibrsb`, at which point Xen won't
+-use them itself, and won't offer them to guests.
++applicable.  They can all be ignored.
++
++`rdrand` and `rdseed` can be ignored, as a mitigation to XSA-320 /
++CVE-2020-0543.
+ 
+ ### cpuid\_mask\_cpu (AMD only)
+ > `= fam_0f_rev_c | fam_0f_rev_d | fam_0f_rev_e | fam_0f_rev_f | fam_0f_rev_g | fam_10_rev_b | fam_10_rev_c | fam_11_rev_b`
+diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c
+index b8e5b6fe67..78d08dbb32 100644
+--- xen/arch/x86/cpuid.c.orig
++++ xen/arch/x86/cpuid.c
+@@ -63,6 +63,16 @@ static int __init parse_xen_cpuid(const char *s)
+             if ( !val )
+                 setup_clear_cpu_cap(X86_FEATURE_SRBDS_CTRL);
+         }
++        else if ( (val = parse_boolean("rdrand", s, ss)) >= 0 )
++        {
++            if ( !val )
++                setup_clear_cpu_cap(X86_FEATURE_RDRAND);
++        }
++        else if ( (val = parse_boolean("rdseed", s, ss)) >= 0 )
++        {
++            if ( !val )
++                setup_clear_cpu_cap(X86_FEATURE_RDSEED);
++        }
+         else
+             rc = -EINVAL;
+ 

sysutils/xenkernel411/patches/patch-XSA321

@@ -0,0 +1,586 @@
+$NetBSD: patch-XSA321,v 1.2.2.2 2020/08/28 15:37:49 bsiegert Exp $
+
+From: Jan Beulich <jbeulich@suse.com>
+Subject: vtd: improve IOMMU TLB flush
+
+Do not limit PSI flushes to order 0 pages, in order to avoid doing a
+full TLB flush if the passed in page has an order greater than 0 and
+is aligned. Should increase the performance of IOMMU TLB flushes when
+dealing with page orders greater than 0.
+
+This is part of XSA-321.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+
+--- xen/drivers/passthrough/vtd/iommu.c.orig
++++ xen/drivers/passthrough/vtd/iommu.c
+@@ -612,13 +612,14 @@ static int __must_check iommu_flush_iotl
+         if ( iommu_domid == -1 )
+             continue;
+ 
+-        if ( page_count != 1 || gfn == gfn_x(INVALID_GFN) )
++        if ( !page_count || (page_count & (page_count - 1)) ||
++             gfn == gfn_x(INVALID_GFN) || !IS_ALIGNED(gfn, page_count) )
+             rc = iommu_flush_iotlb_dsi(iommu, iommu_domid,
+                                        0, flush_dev_iotlb);
+         else
+             rc = iommu_flush_iotlb_psi(iommu, iommu_domid,
+                                        (paddr_t)gfn << PAGE_SHIFT_4K,
+-                                       PAGE_ORDER_4K,
++                                       get_order_from_pages(page_count),
+                                        !dma_old_pte_present,
+                                        flush_dev_iotlb);
+ 
+From: <security@xenproject.org>
+Subject: vtd: prune (and rename) cache flush functions
+
+Rename __iommu_flush_cache to iommu_sync_cache and remove
+iommu_flush_cache_page. Also remove the iommu_flush_cache_entry
+wrapper and just use iommu_sync_cache instead. Note the _entry suffix
+was meaningless as the wrapper was already taking a size parameter in
+bytes. While there also constify the addr parameter.
+
+No functional change intended.
+
+This is part of XSA-321.
+
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+--- xen/drivers/passthrough/vtd/extern.h.orig
++++ xen/drivers/passthrough/vtd/extern.h
+@@ -37,8 +37,7 @@ void disable_qinval(struct iommu *iommu)
+ int enable_intremap(struct iommu *iommu, int eim);
+ void disable_intremap(struct iommu *iommu);
+ 
+-void iommu_flush_cache_entry(void *addr, unsigned int size);
+-void iommu_flush_cache_page(void *addr, unsigned long npages);
++void iommu_sync_cache(const void *addr, unsigned int size);
+ int iommu_alloc(struct acpi_drhd_unit *drhd);
+ void iommu_free(struct acpi_drhd_unit *drhd);
+ 
+--- xen/drivers/passthrough/vtd/intremap.c.orig
++++ xen/drivers/passthrough/vtd/intremap.c
+@@ -231,7 +231,7 @@ static void free_remap_entry(struct iomm
+                      iremap_entries, iremap_entry);
+ 
+     update_irte(iommu, iremap_entry, &new_ire, false);
+-    iommu_flush_cache_entry(iremap_entry, sizeof(*iremap_entry));
++    iommu_sync_cache(iremap_entry, sizeof(*iremap_entry));
+     iommu_flush_iec_index(iommu, 0, index);
+ 
+     unmap_vtd_domain_page(iremap_entries);
+@@ -403,7 +403,7 @@ static int ioapic_rte_to_remap_entry(str
+     }
+ 
+     update_irte(iommu, iremap_entry, &new_ire, !init);
+-    iommu_flush_cache_entry(iremap_entry, sizeof(*iremap_entry));
++    iommu_sync_cache(iremap_entry, sizeof(*iremap_entry));
+     iommu_flush_iec_index(iommu, 0, index);
+ 
+     unmap_vtd_domain_page(iremap_entries);
+@@ -694,7 +694,7 @@ static int msi_msg_to_remap_entry(
+     update_irte(iommu, iremap_entry, &new_ire, msi_desc->irte_initialized);
+     msi_desc->irte_initialized = true;
+ 
+-    iommu_flush_cache_entry(iremap_entry, sizeof(*iremap_entry));
++    iommu_sync_cache(iremap_entry, sizeof(*iremap_entry));
+     iommu_flush_iec_index(iommu, 0, index);
+ 
+     unmap_vtd_domain_page(iremap_entries);
+--- xen/drivers/passthrough/vtd/iommu.c.orig
++++ xen/drivers/passthrough/vtd/iommu.c
+@@ -158,7 +158,8 @@ static void __init free_intel_iommu(stru
+ }
+ 
+ static int iommus_incoherent;
+-static void __iommu_flush_cache(void *addr, unsigned int size)
++
++void iommu_sync_cache(const void *addr, unsigned int size)
+ {
+     int i;
+     static unsigned int clflush_size = 0;
+@@ -173,16 +174,6 @@ static void __iommu_flush_cache(void *ad
+         cacheline_flush((char *)addr + i);
+ }
+ 
+-void iommu_flush_cache_entry(void *addr, unsigned int size)
+-{
+-    __iommu_flush_cache(addr, size);
+-}
+-
+-void iommu_flush_cache_page(void *addr, unsigned long npages)
+-{
+-    __iommu_flush_cache(addr, PAGE_SIZE * npages);
+-}
+-
+ /* Allocate page table, return its machine address */
+ u64 alloc_pgtable_maddr(struct acpi_drhd_unit *drhd, unsigned long npages)
+ {
+@@ -207,7 +198,7 @@ u64 alloc_pgtable_maddr(struct acpi_drhd
+         vaddr = __map_domain_page(cur_pg);
+         memset(vaddr, 0, PAGE_SIZE);
+ 
+-        iommu_flush_cache_page(vaddr, 1);
++        iommu_sync_cache(vaddr, PAGE_SIZE);
+         unmap_domain_page(vaddr);
+         cur_pg++;
+     }
+@@ -242,7 +233,7 @@ static u64 bus_to_context_maddr(struct i
+         }
+         set_root_value(*root, maddr);
+         set_root_present(*root);
+-        iommu_flush_cache_entry(root, sizeof(struct root_entry));
++        iommu_sync_cache(root, sizeof(struct root_entry));
+     }
+     maddr = (u64) get_context_addr(*root);
+     unmap_vtd_domain_page(root_entries);
+@@ -300,7 +291,7 @@ static u64 addr_to_dma_page_maddr(struct
+              */
+             dma_set_pte_readable(*pte);
+             dma_set_pte_writable(*pte);
+-            iommu_flush_cache_entry(pte, sizeof(struct dma_pte));
++            iommu_sync_cache(pte, sizeof(struct dma_pte));
+         }
+ 
+         if ( level == 2 )
+@@ -674,7 +665,7 @@ static int __must_check dma_pte_clear_on
+ 
+     dma_clear_pte(*pte);
+     spin_unlock(&hd->arch.mapping_lock);
+-    iommu_flush_cache_entry(pte, sizeof(struct dma_pte));
++    iommu_sync_cache(pte, sizeof(struct dma_pte));
+ 
+     if ( !this_cpu(iommu_dont_flush_iotlb) )
+         rc = iommu_flush_iotlb_pages(domain, addr >> PAGE_SHIFT_4K, 1);
+@@ -716,7 +707,7 @@ static void iommu_free_page_table(struct
+             iommu_free_pagetable(dma_pte_addr(*pte), next_level);
+ 
+         dma_clear_pte(*pte);
+-        iommu_flush_cache_entry(pte, sizeof(struct dma_pte));
++        iommu_sync_cache(pte, sizeof(struct dma_pte));
+     }
+ 
+     unmap_vtd_domain_page(pt_vaddr);
+@@ -1449,7 +1440,7 @@ int domain_context_mapping_one(
+     context_set_address_width(*context, agaw);
+     context_set_fault_enable(*context);
+     context_set_present(*context);
+-    iommu_flush_cache_entry(context, sizeof(struct context_entry));
++    iommu_sync_cache(context, sizeof(struct context_entry));
+     spin_unlock(&iommu->lock);
+ 
+     /* Context entry was previously non-present (with domid 0). */
+@@ -1602,7 +1593,7 @@ int domain_context_unmap_one(
+ 
+     context_clear_present(*context);
+     context_clear_entry(*context);
+-    iommu_flush_cache_entry(context, sizeof(struct context_entry));
++    iommu_sync_cache(context, sizeof(struct context_entry));
+ 
+     iommu_domid= domain_iommu_domid(domain, iommu);
+     if ( iommu_domid == -1 )
+@@ -1828,7 +1819,7 @@ static int __must_check intel_iommu_map_
+ 
+     *pte = new;
+ 
+-    iommu_flush_cache_entry(pte, sizeof(struct dma_pte));
++    iommu_sync_cache(pte, sizeof(struct dma_pte));
+     spin_unlock(&hd->arch.mapping_lock);
+     unmap_vtd_domain_page(page);
+ 
+@@ -1862,7 +1853,7 @@ int iommu_pte_flush(struct domain *d, u6
+     int iommu_domid;
+     int rc = 0;
+ 
+-    iommu_flush_cache_entry(pte, sizeof(struct dma_pte));
++    iommu_sync_cache(pte, sizeof(struct dma_pte));
+ 
+     for_each_drhd_unit ( drhd )
+     {
+From: <security@xenproject.org>
+Subject: x86/iommu: introduce a cache sync hook
+
+The hook is only implemented for VT-d and it uses the already existing
+iommu_sync_cache function present in VT-d code. The new hook is
+added so that the cache can be flushed by code outside of VT-d when
+using shared page tables.
+
+Note that alloc_pgtable_maddr must use the now locally defined
+sync_cache function, because IOMMU ops are not yet setup the first
+time the function gets called during IOMMU initialization.
+
+No functional change intended.
+
+This is part of XSA-321.
+
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+--- xen/drivers/passthrough/vtd/extern.h.orig
++++ xen/drivers/passthrough/vtd/extern.h
+@@ -37,7 +37,6 @@ void disable_qinval(struct iommu *iommu)
+ int enable_intremap(struct iommu *iommu, int eim);
+ void disable_intremap(struct iommu *iommu);
+ 
+-void iommu_sync_cache(const void *addr, unsigned int size);
+ int iommu_alloc(struct acpi_drhd_unit *drhd);
+ void iommu_free(struct acpi_drhd_unit *drhd);
+ 
+--- xen/drivers/passthrough/vtd/iommu.c.orig
++++ xen/drivers/passthrough/vtd/iommu.c
+@@ -159,7 +159,7 @@ static void __init free_intel_iommu(stru
+ 
+ static int iommus_incoherent;
+ 
+-void iommu_sync_cache(const void *addr, unsigned int size)
++static void sync_cache(const void *addr, unsigned int size)
+ {
+     int i;
+     static unsigned int clflush_size = 0;
+@@ -198,7 +198,7 @@ u64 alloc_pgtable_maddr(struct acpi_drhd
+         vaddr = __map_domain_page(cur_pg);
+         memset(vaddr, 0, PAGE_SIZE);
+ 
+-        iommu_sync_cache(vaddr, PAGE_SIZE);
++        sync_cache(vaddr, PAGE_SIZE);
+         unmap_domain_page(vaddr);
+         cur_pg++;
+     }
+@@ -2760,6 +2760,7 @@ const struct iommu_ops intel_iommu_ops =
+     .iotlb_flush_all = iommu_flush_iotlb_all,
+     .get_reserved_device_memory = intel_iommu_get_reserved_device_memory,
+     .dump_p2m_table = vtd_dump_p2m_table,
++    .sync_cache = sync_cache,
+ };
+ 
+ /*
+--- xen/include/asm-x86/iommu.h.orig
++++ xen/include/asm-x86/iommu.h
+@@ -98,6 +98,13 @@ extern bool untrusted_msi;
+ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq,
+                    const uint8_t gvec);
+ 
++#define iommu_sync_cache(addr, size) ({                 \
++    const struct iommu_ops *ops = iommu_get_ops();      \
++                                                        \
++    if ( ops->sync_cache )                              \
++        ops->sync_cache(addr, size);                    \
++})
++
+ #endif /* !__ARCH_X86_IOMMU_H__ */
+ /*
+  * Local variables:
+--- xen/include/xen/iommu.h.orig
++++ xen/include/xen/iommu.h
+@@ -161,6 +161,7 @@ struct iommu_ops {
+     void (*update_ire_from_apic)(unsigned int apic, unsigned int reg, unsigned int value);
+     unsigned int (*read_apic_from_ire)(unsigned int apic, unsigned int reg);
+     int (*setup_hpet_msi)(struct msi_desc *);
++    void (*sync_cache)(const void *addr, unsigned int size);
+ #endif /* CONFIG_X86 */
+     int __must_check (*suspend)(void);
+     void (*resume)(void);
+From: <security@xenproject.org>
+Subject: vtd: don't assume addresses are aligned in sync_cache
+
+Current code in sync_cache assume that the address passed in is
+aligned to a cache line size. Fix the code to support passing in
+arbitrary addresses not necessarily aligned to a cache line size.
+
+This is part of XSA-321.
+
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+--- xen/drivers/passthrough/vtd/iommu.c.orig
++++ xen/drivers/passthrough/vtd/iommu.c
+@@ -161,8 +161,8 @@ static int iommus_incoherent;
+ 
+ static void sync_cache(const void *addr, unsigned int size)
+ {
+-    int i;
+-    static unsigned int clflush_size = 0;
++    static unsigned long clflush_size = 0;
++    const void *end = addr + size;
+ 
+     if ( !iommus_incoherent )
+         return;
+@@ -170,8 +170,9 @@ static void sync_cache(const void *addr,
+     if ( clflush_size == 0 )
+         clflush_size = get_cache_line_size();
+ 
+-    for ( i = 0; i < size; i += clflush_size )
+-        cacheline_flush((char *)addr + i);
++    addr -= (unsigned long)addr & (clflush_size - 1);
++    for ( ; addr < end; addr += clflush_size )
++        cacheline_flush((char *)addr);
+ }
+ 
+ /* Allocate page table, return its machine address */
+From: <security@xenproject.org>
+Subject: x86/alternative: introduce alternative_2
+
+It's based on alternative_io_2 without inputs or outputs but with an
+added memory clobber.
+
+This is part of XSA-321.
+
+Acked-by: Jan Beulich <jbeulich@suse.com>
+
+--- xen/include/asm-x86/alternative.h.orig
++++ xen/include/asm-x86/alternative.h
+@@ -113,6 +113,11 @@ extern void alternative_instructions(voi
+ #define alternative(oldinstr, newinstr, feature)                        \
+         asm volatile (ALTERNATIVE(oldinstr, newinstr, feature) : : : "memory")
+ 
++#define alternative_2(oldinstr, newinstr1, feature1, newinstr2, feature2) \
++	asm volatile (ALTERNATIVE_2(oldinstr, newinstr1, feature1,	\
++				    newinstr2, feature2)		\
++		      : : : "memory")
++
+ /*
+  * Alternative inline assembly with input.
+  *
+From: <security@xenproject.org>
+Subject: vtd: optimize CPU cache sync
+
+Some VT-d IOMMUs are non-coherent, which requires a cache write back
+in order for the changes made by the CPU to be visible to the IOMMU.
+This cache write back was unconditionally done using clflush, but there are
+other more efficient instructions to do so, hence implement support
+for them using the alternative framework.
+
+This is part of XSA-321.
+
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+--- xen/drivers/passthrough/vtd/extern.h.orig
++++ xen/drivers/passthrough/vtd/extern.h
+@@ -63,7 +63,6 @@ int __must_check qinval_device_iotlb_syn
+                                           u16 did, u16 size, u64 addr);
+ 
+ unsigned int get_cache_line_size(void);
+-void cacheline_flush(char *);
+ void flush_all_cache(void);
+ 
+ u64 alloc_pgtable_maddr(struct acpi_drhd_unit *drhd, unsigned long npages);
+--- xen/drivers/passthrough/vtd/iommu.c.orig
++++ xen/drivers/passthrough/vtd/iommu.c
+@@ -31,6 +31,7 @@
+ #include <xen/pci_regs.h>
+ #include <xen/keyhandler.h>
+ #include <asm/msi.h>
++#include <asm/nops.h>
+ #include <asm/irq.h>
+ #include <asm/hvm/vmx/vmx.h>
+ #include <asm/p2m.h>
+@@ -172,7 +173,42 @@ static void sync_cache(const void *addr,
+ 
+     addr -= (unsigned long)addr & (clflush_size - 1);
+     for ( ; addr < end; addr += clflush_size )
+-        cacheline_flush((char *)addr);
++/*
++ * The arguments to a macro must not include preprocessor directives. Doing so
++ * results in undefined behavior, so we have to create some defines here in
++ * order to avoid it.
++ */
++#if defined(HAVE_AS_CLWB)
++# define CLWB_ENCODING "clwb %[p]"
++#elif defined(HAVE_AS_XSAVEOPT)
++# define CLWB_ENCODING "data16 xsaveopt %[p]" /* clwb */
++#else
++# define CLWB_ENCODING ".byte 0x66, 0x0f, 0xae, 0x30" /* clwb (%%rax) */
++#endif
++
++#define BASE_INPUT(addr) [p] "m" (*(const char *)(addr))
++#if defined(HAVE_AS_CLWB) || defined(HAVE_AS_XSAVEOPT)
++# define INPUT BASE_INPUT
++#else
++# define INPUT(addr) "a" (addr), BASE_INPUT(addr)
++#endif
++        /*
++         * Note regarding the use of NOP_DS_PREFIX: it's faster to do a clflush
++         * + prefix than a clflush + nop, and hence the prefix is added instead
++         * of letting the alternative framework fill the gap by appending nops.
++         */
++        alternative_io_2(".byte " __stringify(NOP_DS_PREFIX) "; clflush %[p]",
++                         "data16 clflush %[p]", /* clflushopt */
++                         X86_FEATURE_CLFLUSHOPT,
++                         CLWB_ENCODING,
++                         X86_FEATURE_CLWB, /* no outputs */,
++                         INPUT(addr));
++#undef INPUT
++#undef BASE_INPUT
++#undef CLWB_ENCODING
++
++    alternative_2("", "sfence", X86_FEATURE_CLFLUSHOPT,
++                      "sfence", X86_FEATURE_CLWB);
+ }
+ 
+ /* Allocate page table, return its machine address */
+--- xen/drivers/passthrough/vtd/x86/vtd.c.orig
++++ xen/drivers/passthrough/vtd/x86/vtd.c
+@@ -53,11 +53,6 @@ unsigned int get_cache_line_size(void)
+     return ((cpuid_ebx(1) >> 8) & 0xff) * 8;
+ }
+ 
+-void cacheline_flush(char * addr)
+-{
+-    clflush(addr);
+-}
+-
+ void flush_all_cache()
+ {
+     wbinvd();
+From: <security@xenproject.org>
+Subject: x86/ept: flush cache when modifying PTEs and sharing page tables
+
+Modifications made to the page tables by EPT code need to be written
+to memory when the page tables are shared with the IOMMU, as Intel
+IOMMUs can be non-coherent and thus require changes to be written to
+memory in order to be visible to the IOMMU.
+
+In order to achieve this make sure data is written back to memory
+after writing an EPT entry when the recalc bit is not set in
+atomic_write_ept_entry. If such bit is set, the entry will be
+adjusted and atomic_write_ept_entry will be called a second time
+without the recalc bit set. Note that when splitting a super page the
+new tables resulting of the split should also be written back.
+
+Failure to do so can allow devices behind the IOMMU access to the
+stale super page, or cause coherency issues as changes made by the
+processor to the page tables are not visible to the IOMMU.
+
+This allows to remove the VT-d specific iommu_pte_flush helper, since
+the cache write back is now performed by atomic_write_ept_entry, and
+hence iommu_iotlb_flush can be used to flush the IOMMU TLB. The newly
+used method (iommu_iotlb_flush) can result in less flushes, since it
+might sometimes be called rightly with 0 flags, in which case it
+becomes a no-op.
+
+This is part of XSA-321.
+
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+--- xen/arch/x86/mm/p2m-ept.c.orig
++++ xen/arch/x86/mm/p2m-ept.c
+@@ -90,6 +90,19 @@ static int atomic_write_ept_entry(ept_en
+ 
+     write_atomic(&entryptr->epte, new.epte);
+ 
++    /*
++     * The recalc field on the EPT is used to signal either that a
++     * recalculation of the EMT field is required (which doesn't effect the
++     * IOMMU), or a type change. Type changes can only be between ram_rw,
++     * logdirty and ioreq_server: changes to/from logdirty won't work well with
++     * an IOMMU anyway, as IOMMU #PFs are not synchronous and will lead to
++     * aborts, and changes to/from ioreq_server are already fully flushed
++     * before returning to guest context (see
++     * XEN_DMOP_map_mem_type_to_ioreq_server).
++     */
++    if ( !new.recalc && iommu_hap_pt_share )
++        iommu_sync_cache(entryptr, sizeof(*entryptr));
++
+     if ( unlikely(oldmfn != mfn_x(INVALID_MFN)) )
+         put_page(mfn_to_page(_mfn(oldmfn)));
+ 
+@@ -319,6 +332,9 @@ static bool_t ept_split_super_page(struc
+             break;
+     }
+ 
++    if ( iommu_hap_pt_share )
++        iommu_sync_cache(table, EPT_PAGETABLE_ENTRIES * sizeof(ept_entry_t));
++
+     unmap_domain_page(table);
+ 
+     /* Even failed we should install the newly allocated ept page. */
+@@ -875,7 +894,7 @@ out:
+          need_modify_vtd_table )
+     {
+         if ( iommu_hap_pt_share )
+-            rc = iommu_pte_flush(d, gfn, &ept_entry->epte, order, vtd_pte_present);
++            rc = iommu_flush_iotlb(d, gfn, vtd_pte_present, 1u << order);
+         else
+         {
+             if ( iommu_flags )
+--- xen/drivers/passthrough/vtd/iommu.c.orig
++++ xen/drivers/passthrough/vtd/iommu.c
+@@ -612,10 +612,8 @@ static int __must_check iommu_flush_all(
+     return rc;
+ }
+ 
+-static int __must_check iommu_flush_iotlb(struct domain *d,
+-                                          unsigned long gfn,
+-                                          bool_t dma_old_pte_present,
+-                                          unsigned int page_count)
++int iommu_flush_iotlb(struct domain *d, unsigned long gfn,
++                      bool dma_old_pte_present, unsigned int page_count)
+ {
+     struct domain_iommu *hd = dom_iommu(d);
+     struct acpi_drhd_unit *drhd;
+@@ -1880,53 +1878,6 @@ static int __must_check intel_iommu_unma
+     return dma_pte_clear_one(d, (paddr_t)gfn << PAGE_SHIFT_4K);
+ }
+ 
+-int iommu_pte_flush(struct domain *d, u64 gfn, u64 *pte,
+-                    int order, int present)
+-{
+-    struct acpi_drhd_unit *drhd;
+-    struct iommu *iommu = NULL;
+-    struct domain_iommu *hd = dom_iommu(d);
+-    bool_t flush_dev_iotlb;
+-    int iommu_domid;
+-    int rc = 0;
+-
+-    iommu_sync_cache(pte, sizeof(struct dma_pte));
+-
+-    for_each_drhd_unit ( drhd )
+-    {
+-        iommu = drhd->iommu;
+-        if ( !test_bit(iommu->index, &hd->arch.iommu_bitmap) )
+-            continue;
+-
+-        flush_dev_iotlb = !!find_ats_dev_drhd(iommu);
+-        iommu_domid= domain_iommu_domid(d, iommu);
+-        if ( iommu_domid == -1 )
+-            continue;
+-
+-        rc = iommu_flush_iotlb_psi(iommu, iommu_domid,
+-                                   (paddr_t)gfn << PAGE_SHIFT_4K,
+-                                   order, !present, flush_dev_iotlb);
+-        if ( rc > 0 )
+-        {
+-            iommu_flush_write_buffer(iommu);
+-            rc = 0;
+-        }
+-    }
+-
+-    if ( unlikely(rc) )
+-    {
+-        if ( !d->is_shutting_down && printk_ratelimit() )
+-            printk(XENLOG_ERR VTDPREFIX
+-                   " d%d: IOMMU pages flush failed: %d\n",
+-                   d->domain_id, rc);
+-
+-        if ( !is_hardware_domain(d) )
+-            domain_crash(d);
+-    }
+-
+-    return rc;
+-}
+-
+ static int __init vtd_ept_page_compatible(struct iommu *iommu)
+ {
+     u64 ept_cap, vtd_cap = iommu->cap;
+--- xen/include/asm-x86/iommu.h.orig
++++ xen/include/asm-x86/iommu.h
+@@ -87,8 +87,9 @@ int iommu_setup_hpet_msi(struct msi_desc
+ 
+ /* While VT-d specific, this must get declared in a generic header. */
+ int adjust_vtd_irq_affinities(void);
+-int __must_check iommu_pte_flush(struct domain *d, u64 gfn, u64 *pte,
+-                                 int order, int present);
++int __must_check iommu_flush_iotlb(struct domain *d, unsigned long gfn,
++                                   bool dma_old_pte_present,
++                                   unsigned int page_count);
+ bool_t iommu_supports_eim(void);
+ int iommu_enable_x2apic_IR(void);
+ void iommu_disable_x2apic_IR(void);