diff --git a/UPDATING b/UPDATING index af8d5c6223df..44b8585aca63 100644 --- a/UPDATING +++ b/UPDATING @@ -1,5055 +1,5067 @@ This file documents some of the problems you may encounter when upgrading your ports. We try our best to minimize these disruptions, but sometimes they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20230526: + AFFECTS: users of mail/exim + AUTHOR: pi@FreeBSD.org + + The port changes from USE_DB to USE_NDBM. Any existing configuration like + ${lookup{$needle}dbm{haystack.db}} + will need to change to + ${lookup{$needle}dbm{haystack}}. + + Please also rename your old DBM files while the exim daemon is stopped: + find /var/spool/exim/db/* -not -name \*.lockfile -exec mv -i {} {}.db \; + 20230513: AFFECTS: users of www/tt-rss AUTHOR: dereks@lifeofadishwasher.com www/tt-rss now expects the user to install the database drivers by hand allowing the port to be database independent however it would be best if you mark the php driver packages as a non-automatic package such that pkg-autoremove doesn't uninstall them. Change 80 to your corresponding php version (80, 81, 82) mysql: pkg set -yA 0 php80-mysqli php80-pdo_mysql; pgsql: pkg set -yA 0 php80-pgsql php80-pdo_pgsql; 20230511: AFFECTS: users of net-mgmt/py-netbox-secretstore AUTHOR: kai@FreeBSD.org Upstream no longer maintains py-netbox-secretstore which it is not compatible with NetBox 3.5 or newer. To ensure compatibility with newer releases of NetBox, the py-netbox-secrets plugin should be used instead. To migrate from security/py-netbox-secretstore to security/py-netbox-secrets please do following steps: 1. Make a backup. 2. Install security/py-netbox-secrets 3. Enable both plugins by updating the following line in the netbox configuration (e.g. /usr/local/share/netbox/netbox/configuration.py): PLUGINS = ['netbox_secretstore', 'netbox_secrets'] 4. Run NetBox migrations: # cd /usr/local/share/netbox # python3.9 manage.py migrate 5. Re-adjust the indices for the netbox-secrets plugin: # python3.9 manage.py sqlsequencereset netbox_secrets > output.sql 6. Run the output of the previous command in the database, e.g.: # psql -d NETBOXDB < output.sql 7. You can now remove netbox-secretstore from the application by removing it from the PLUGINS line in the netbox configuration: PLUGINS = ['netbox_secrets'] 8. Collect static files of the netbox-secrets plugin: # python3.9 manage.py collectstatic --no-input 9. Restart WSGI/httpd environment (supervisord/apache/nginx/etc.). 10. You may have clean up your database of the old tables manually, e.g.: DROP TABLE netbox_secretstore_secret; DROP TABLE netbox_secretstore_secretrole; DROP TABLE netbox_secretstore_sessionkey; DROP TABLE netbox_secretstore_userkey; 11. Uninstall security/py-netbox-secretstore. 20230505: AFFECTS: users of mail/mutt AUTHOR: dereks@lifeofadishwasher.com The patches included in the mail/mutt port will be removed in approximately a month making the port more inline with upstream. If you require any of these features most are available in mail/neomutt or it's possible to use EXTRA_PATCH_TREE to patch a port when building locally. 20230504: AFFECTS: users of sysutils/py-mqttwarn AUTHOR: dvl@FreeBSD.org The redis optoin REISPUB has been renamed to REDISPUB You should update any make.conf setting etc which refer to this. e.g. change sysutils_py-mqttwarn_REISPUB to sysutils_py-mqttwarn_REDISPUB 20230416: AFFECTS: users of databases/mongodb50 and databases/mongodb44 AUTHOR: ronald@FreeBSD.org MongoDB removed the settings 'fork' and 'pidFilePath' from the default etc/mongodb.conf file. This does not affect mongod started by etc/rc.d/mongod as the settings are passed as arguments. Please verify custom uses of mongod. 20230414: AFFECTS: users of www/gitea AUTHOR: fernape@FreeBSD.org Gitea 1.19.1 contains a breaking change. actions unit has ben renamed to to repo.actions. 20230407: AFFECTS: users of devel/sonarqube-community AUTHOR: netchild@FreeBSD.org You need to make sure to update missing and changed values in PREFIX/libexec/sonarqube/conf/sonar.properties from PREFIX/libexec/sonarqube/conf/sonar.properties.sample 20230318: AFFECTS: users of security/libressl AUTHOR: brnrd@FreeBSD.org The port has been updated to the latest stable version 3.6 of LibreSSL. The shared library versions of the libraries have been bumped. After upgrading, manually update all packages that depend on any of the libraries provided by LibreSSL (libssl, libcrypto and libtls) since the versions of these libraries have changed. Normally, you can obtain the list of dependent software by running the following command: # pkg info -r libressl Then you should rebuild all ports depending on libressl to avoid dangling shared library dependencies. 20230315: AFFECTS: users of lang/ruby30 AUTHOR: yasu@FreeBSD.org The default ruby version has been updated from 3.0 to 3.1. If you compile your own ports you may keep 3.0 as the default version by adding the following lines to your /etc/make.conf file: # # Keep ruby 3.0 as default version # DEFAULT_VERSIONS+=ruby=3.0 If you wish to update to the new default version, you need to first stop any software that uses ruby. Then, you will need to follow these steps, depending upon how you manage your system. If you use pkg, simply upgrade: # pkg upgrade If you do not use pkg, please check entry 20190420. The description there should also work for this version. 20230314: AFFECTS: users of security/openssl-devel AUTHOR: brnrd@FreeBSD.org Users using DEFAULT_VERSIONS=ssl=openssl-devel must update their configuration to DEFAULT_VERSIONS=ssl=openssl30 or openssl31. 20230313: AFFECTS: users of databases/sqlite3 AUTHOR: fuz@FreeBSD.org Due to various ports not being prepared for this change (see 20230227 entry), the DQS option of databases/sqlite3 has been reenabled as a stop gap measure. It is scheduled to be disabled again for good no earlier than 20240101, giving downstream software authors more time to fix their queries. See also: https://sqlite.org/quirks.html#dblquote 20230311: AFFECTS: users of net/dshell AUTHOR: nobutaka@FreeBSD.org net/dshell now depends on net/py-pcapy-ng instead of net/py-pcapy. Because net/py-pcapy-ng conflicts with net/py-pcapy, please uninstall py39-pcapy with the following command before upgrading: # pkg delete -f py39-pcapy 20230310: AFFECTS: users of net-mgmt/unifi7 AUTHOR: otis@FreeBSD.org The mongodb dependency has been changed from 36 to 44, as MongoDB 3.6 is long out out support and end of life. The upgrade path should be as following: 1. Take a backup from within the unifi7 application PRIOR to updating! 2. Stop the unifi7 service (if running) 3. Copy the "backup" directory from LOCALBASE/share/java/unifi/data to a safe location. Also copy keystore and system.properties if you have made any modifications to those files 4. Remove files and directories under LOCALBASE/share/java/unifi/data 5. Upgrade the package 6. Copy the "backup" directory from a safe location back to LOCALBASE/share/java/unifi/data 7. Start the service 8. Restore the configuration from backup As an optional step, review system.properties and keystore to merge any manual modifications you have made (this has to be done with the application stopped) 20230310: AFFECTS: user of benchmarks/ddosify AUTHOR: fernape@FreeBSD.org keep-alive is removed from config file. In default mode, the engine will use keep-alive for all requests. If you want to disable keep-alive for a step, you can add Connection: close header to the step. 20230306: AFFECTS: users of www/qt5-webengine AUTHOR: kai@FreeBSD.org Users that upgrade www/qt5-webengine without using pkg/poudriere might experience failures due to conflicts with the installed version of 5.15.2. In that case, pkg delete -f the qt5-webengine package before building the updated version. 20230304: AFFECTS: users of accessibility/atk and accessibilty/at-spi2-atk AUTHOR: tcberner@FreeBSD.org The packages accessibility/atk and accessibility/at-spi2-atk have been integegrated upstream into at-spi2-core. Users of these packages can manually remove them prior to updating accessibility/at-spi2-core using pkg delete -f atk at-spi2-atk if the pkg update process fails due to conflicting files. 20230227: AFFECTS: users of databases/sqlite3 AUTHOR: fuz@FreeBSD.org Option DQS is now disabled by default. This option controls the "double quoted string literals are accepted" quirk, permitting the use of double quotes around string literals if enabled. Users who rely on this quirk need to manually build databases/sqlite3 with the DQS option enabled. See also: https://sqlite.org/quirks.html#dblquote 20230227: AFFECTS: users of mail/py-spf-engine AUTHOR: yasu@FreeBSD.org Default configuration file path of pyspf-milter has changed. Since it looks for ${PREFIX}/etc/etc/pyspf-milter/pyspf-milter.conf now, you should edit the file if you run pyspf-milter. Alternatively you can specify other configuration file path by setting pyspf_milter_conffile variable in /etc/rc.conf. 20230222: AFFECTS: users of net-mgmt/netbox AUTHOR: kai@FreeBSD.org 1. Please make sure that the PostgreSQL server for the NetBox instance is running version 11 or higher. This is because PostgreSQL 10 is End-of-Life since November 2022 and Django 4.1 requires PostgreSQL 11 as a minimum. 2. Please also check the pkg-message and the changelogs for further info. 20230218: AFFECTS: users of databases/mysql57-(server|client) AUTHOR: joneum@FreeBSD.org The default MySQL version has been updated from 5.7 to 8.0. If you compile your own ports you may keep 5.7 as the default version by adding the following lines to your /etc/make.conf file: # # Keep MySQL 5.7 as default version # DEFAULT_VERSIONS+=mysql=5.7 If you wish to update to the new default version, you need to first stop any running server instance. Then, you will need to follow these steps, depending on installed packages. # pkg set -o databases/mysql57-client:databases/mysql80-client # pkg set -o databases/mysql57-server:databases/mysql80-server # pkg upgrade 20230213: Affects: users of sysutils/nut* AUTHOR: cy@FreeBSD.org The nut file ownership fixups due to the UID/GID change from uucp/uucp to nut/nut may not be desireable for all users. Some users with custom file ownership may wish ownership to remain untouched. This revision to the nut family of ports/packages allows users to optionally disable automatic fixup of nut file ownership. 20230213: AFFECTS: users of security/logcheck AUTHOR: yasu@FreeBSD.org Since 1.4.1 ${PREFIX}/etc/logcheck/logcheck.logfiles is empty and files to be checked by logcheck are specified in ${PREFIX}/etc/logcheck/logcheck.logfiles.d/syslog.logfiles. So if you previously edited the former, then you should edit the latter now. 20230210: AFFECTS: users of mail/fetchmail AUTHOR: fernape@FreeBSD.org Fetchmail now warns about OpenSSL before 1.1.1s or 3.0.7, and rejects wolfSSL older than 5.5.1. 20230209: AFFECTS: users of audio/jack AUTHOR: fernape@FreeBSD.org audio/jack 1.9.22 fixes an issue with latency correction on FreeBSD. Latency correction parameters have to be measured again after update. 20230130: AFFECTS: users of USES=nodejs, www/node*, www/npm* and www/yarn* AUTHOR: sunpoet@FreeBSD.org The current USES=nodejs has the following issues: - www/node is not the default version while www/node16 is. - It also means inconsistent naming of node ports. - www/npm duplicates with www/npm-node16. - www/yarn duplicates with www/yarn-node16. The notable changes are introduced to fix the above issues: - Rewrite Mk/Uses/nodejs.mk. - Add new LTS version of nodejs (www/node18). - Add new current version of nodejs (www/node19). - Change default nodejs version from 16 to 18 (latest LTS), - Use consistent naming for all supported node versions. - Convert www/node, www/npm and www/yarn to meta ports. After these changes: - All supported node versions are named as node{14,16,18,19}. - www/node is a meta port which depends on the default version (e.g. www/node18) - www/npm is a meta port which depends on the default version (e.g. www/npm-node18) - www/yarn is a meta port which depends on the default version (e.g. www/yarn-node18) 20230129: AFFECTS: users of benchmarks/ddosify AUTHOR: fernape@freebsd.org In 0.13.0 some configuration keys have been renamed for consistency. Have a look at https://github.com/ddosify/ddosify/releases/tag/v0.13.0 for details. 20230127: AFFECTS: users of security/openvpn AUTHOR: mandree@freebsd.org OpenVPN has been updated to the new upstream release v2.6.0, which is quite compatible with v2.5 versions. A copy of the latest v2.5.8 port is being kept as security/openvpn25 (or openvpn25 package) until end of March 2023. 20230116: AFFECTS: users of sysutils/nut and sysutils/nut-devel AUTHOR: cy@freebsd.org As of PR/268960 Network UPS Tools will now run under its own UID and GID instead of uucp. Users who wish to continue using the uucp user and group may add NUT_USER=uucp and NUT_GROUP=uucp to their make.conf. After upgrading sysutils/nut or sysutils/nut-devel with this patch, restart devd. Then restart nut. This will fix up the permissions of UPS USB devices and allow nut to start normally. 20230111: AFFECTS: users of sysutils/graylog AUTHOR: dch@freebsd.org Graylog 5.x and higher effectively constrains ElasticSearch dependencies, and in most cases will force a migration to OpenSearch 2.x, now available in ports. Plan accordingly. 20230104: AFFECTS: users of mail/spamassassin AUTHOR: cy@freebsd.org As of spamassassin 4.0.0 (3fdfceb36029) the deprecated HashCash plug-in was finally removed. Users using the HashCash plug-in will need to remove references to it. 20221226: AFFECTS: users of sysutils/zrepl AUTHOR: driesm@FreeBSD.org The Prometheus metric zrepl_version_daemon has been converted to the zrepl_start_time metric. The metric still reports the zrepl verison in a label. But the metric value is now the Unix timestamp at the time the daemon was started. The Grafana dashboard in dist/grafana has been updated. The RPC protocol version has also been bumped; all zrepl daemons in a setup must be updated and restarted before replication can resume. 20221220: AFFECTS: users of net-mgmt/unbound_exporter AUTHOR: thomas@beingboiled.info The config defaults for the log file and certificates have been changed. See /usr/local/etc/rc.d/unbound_exporter for possible options and adjust your rc.conf accordingly. 20221215: AFFECTS: users of security/clamav AUTHOR: yasu@FreeBSD.org Many users report that after updating ClamAV to 1.0.0 clamd and freshclam fails to start with integrity check error of databases. According to the result of investigation it happens with following conditions. 1. ClamAV is built on non-cleanroom environment (that is, neither FreeBSD official ClamAV package is used nor the package is built by user with poudriere). 2. math/tomsfastmath is installed in the system that ClamAV is built. So if the errror happens on you system, uninstall TomsFastMath first and then rebuild and reinstall ClamAV. The problem should disappear. 20221128: AFFECTS: devel/py-proxmoxer AUTHOR: einar@isnic.is AuthenticationError Moved proxmoxer.backends.https.AuthenticationError was moved to proxmoxer.AuthenticationError (the class itself is the same). Any imports or references to proxmoxer.backends.https.AuthenticationError should be changed to proxmoxer.AuthenticationError. ProxmoxResourceBase Removed While this should be a fully internal change, the ProxmoxResourceBase class was removed. Use ProxmoxResource instead. Removed ProxmoxHTTPTicketAuth The auth_token and csrf_token arguments are no longer supported. If an existing (still valid) token needs to be used, you can pass the token as password and proxmoxer will attempt to renew the ticket and retrieve a new token and CSRF token. 20221126: AFFECTS: textproc/kibana8 AUTHOR: otis@FreeBSD.org kibana8 now installs kibana-specific utilities into LOCALBASE/bin as symbolic links. Please check whether it will overwrite your local files with names same as these utilities and if so, please rename them or move out of the way in a different manner. 20221126: AFFECTS: textproc/elasticsearch8 AUTHOR: otis@FreeBSD.org elasticsearch8 now installs elasticsearch-specific utilities into LOCALBASE/bin as symbolic links (i.e. elasticsearch-cli and similar). Please check whether it will overwrite your local files with names same as these utilities and if so, please rename them or move out of the way in a different manner. 20221126: AFFECTS: users of lang/php80 AUTHOR: bofh@FreeBSD.org The default version of PHP has been switched from 8.0 to 8.1. If you use binary packages you should make a list of php packages before running 'pkg upgrade': # pkg info \*php80\* > ~/installed-php-ports-list After the upgrade, check with such list if all your php extensions are still installed, and reinstall them if needed. If you use mod_php80 you need to deinstall it and install mod_php81. 20221123: AFFECTS: x11-wm/jwm AUTHOR: fernape@FreeBSD.org jwm 2.4 introduces changes in the configuration. To convert an existing v2.3 configuration file using xsltproc, run: cp ~/.jwmrc ~/.jwmrc.old xsltproc jwm-2.4.xslt ~/.jwmrc.old > ~/.jwmrc If you have multiple configuration files, it may be necessary to apply the XSLT to some or all of them depending on what configuration options are stored in the file. 20221017: AFFECTS: archivers/star AUTHOR: fernape@FreeBSD.org With the update of devel/schilybase to 2022-10-16 a new port archivers/tartest has been splitted off from archivers/star. 20221016: AFFECTS: textproc/apache-solr AUTHOR: mfechner@FreeBSD.org Apache solr version 9 is released and made available as extra port textproc/apache-solr9. Version 9 cannot start directly with data from version 8. Additional steps for data migration is required. If you like to use the new version, deinstall the old version and install the new version: # pkg delete apache-solr # pkg install apache-solr9 After this you need to migrate data and migration, for this check the solr documentation. 20221015: AFFECTS: users of gstreamer1-* when upgrading via port builds on the host AUTHOR: riggs@FreeBSD.org The update of the gstreamer1-* ports to 1.20.3 requires a clean install of gstreamer1-* ports. In particular, when trying to update ports in-place using portupgrade or portmaster, the builds are likely to fail due to dependency mismatches. If this is your preferred update path, you need to deinstall (pkg delete -f) gstreamer1 and the plugins before reinstalling them from the ports tree. Note that pkg upgrade will do the right thing: If you use official FreeBSD packages or build your own set of packages using poudriere, nothing special is needed. 20221012: AFFECTS: devel/websvn AUTHOR: michael.osipov@siemens.com WebSVN 2.8.0 includes full PHP 8.x support which requires a change from PEAR to Composer 2. You must manually install dependencies through it, the ports system will not handle it anymore for you since */horde* (PR 266552) has been marked as incompatible with PHP 8.x for the time being. See pkg-message for detailed instructions. 20221011: AFFECTS: users of security/acme.sh AUTHOR: dvl@FreeBSD.org This update may break your install if you were using a symlink to %%EXAMPLESDIR%%/acme.sh.conf - that file is no longer installed. Instead, a log rotation configuration is now installed to etc/cron.d/acme.sh.sample you should modify etc/cron.d/acme.sh to needs. The port now installs a log rotation file to etc/newsyslog.d/acme.sh.sample and you you should update etc/newsyslog.d/acme.sh to suit your needs. This file has long been part of the port, but was never installed. Neither the log rotation nor the crontab are active until you remove the comments. 20221002: AFFECTS: users of shells/bash AUTHOR: ehaupt@FreeBSD.org Bash has been updated to version 5.2. In previous versions, the default port option-set used to link against libreadline from ports. However, the current version of devel/readline is too old for bash 5.2. For now, the default option has been switched to use the bundled version of libreadline and the other option is marked broken. Once devel/readline is updated this can be reverted. If you're updating bash from source and you've previously explicitly set to use use PORTS_READLINE, you'll have to disable the PORTS_READLINE option before updating: # cd /usr/ports/shells/bash # make config or flush it entirely: # cd /usr/ports/shells/bash # make rmconfig 20220929: AFFECTS: users of graphics/bmeps AUTHOR: takefu@airport.fm The executable name has been changed from this edition from bmpp to bitmap2pp 20220925: AFFECTS: users of security/libressl AUTHOR: brnrd@FreeBSD.org The port has been updated to the latest stable version 3.5 of LibreSSL. The shared library versions of the libraries have been bumped. After upgrading, manually update all packages that depend on any of the libraries provided by LibreSSL (libssl, libcrypto and libtls) since the versions of these libraries have changed. Normally, you can obtain the list of dependent software by running the following command: # pkg info -r libressl Then you should rebuild all ports depending on libressl to avoid dangling shared library dependencies. 20220919: AFFECTS: users of audio/strawberry AUTHOR: mandree@FreeBSD.org strawberry now uses FLAVORs based on the qt version, offering -qt5 and -qt6, with -qt5 the default. You may need to explicitly install either of the new flavors. 20220919: AFFECTS: users of sysutils/schilyutils AUTHOR: fuz@fuz.su Schilyutils has been split up into two ports. If you want the bosh shell, the new port is shells/bosh, which can be installed with: # pkg install bosh or # portmaster -o shells/bosh 20220918: AFFECTS: users of mail/roundcube AUTHOR: brnrd@FreeBSD.org Roundcube has been upgraded to 1.6.0 and introduces breaking changes to configuration options of remote services (imap, smtp, ldap, sieve). Check https://roundcube.net/news/2022/07/28/roundcube-1.6.0-released for details. Version 1.6 no longer includes the Classic and Larry skins, which are now available as separate mail/roundcube-classic and mail/roundcube-larry ports. 20220910: AFFECTS: users of devel/cmake AUTHOR: diizzy@FreeBSD.org CMake has been converted to a meta-port and new CMake packages created causes conflicts with old binary packages prior to this change. If CMake was installed using binary packages via pkg it needs to be uninstalled using pkg delete before installing CMake and related packages after this change. pkg delete cmake pkg install cmake-core If you're using portmaster you also need to delete the old CMake package before upgrading. 20220909: AFFECTS: users of emulators/qemu AUTHOR: bofh@FreeBSD.org emulators/qemu has been updated to 7.1.0. Previous 7.0.X branch has been repocopied to emulators/qemu70. If someone wants to stick with 7.0.X branch please use one of the following command: # pkg install qemu70/qemu70-nox11(based on flavor used) or # portmaster -o emulators/qemu70 emulators/qemu or # portupgrade -o emulators/qemu70 emulators/qemu 20220903: AFFECTS: users of editors/vim AUTHOR: adamw@FreeBSD.org The Vim port no longer installs a system-wide vimrc. It drastically affected config loading order, and led to various settings being clobbered, duplicated, or ignored. Vim's provided defaults.vim (/usr/local/share/vim/vim90/defaults.vim) continues to be read just as before, but its settings are no longer clobbered. Take a look in there for any settings you may want to change, and do ':h initialization' to see where Vim looks for config files. 20220903: AFFECTS: users of archivers/py-borgbackup AUTHOR: mandree@FreeBSD.org Borgbackup has been upgraded to version 1.2. For users who you wish to continue using version 1.1, use either of these commands for upgrading: With binary packages through pkg: pkg set -o archivers/py-borgbackup:archivers/py-borgbackup11 pkg upgrade With portmaster or portupgrade (replace the command accordingly): portmaster -o archivers/py-borgbackup11 archivers/py-borgbackup 20220901: AFFECTS: users of mail/rainloop-community AUTHOR: yasu@FreeBSD.org Since 1.17.0 upstream distributes only one "legacy" edition under MIT license and mail/rainloop-community is removed as a result. So please uninstall mail/rainloop-community (rainloop-community-phpXY) and install mail/rainloop (rainloop-phpXY) instead. 20220831: AFFECTS: users of x11/xscreensaver on 13.1-RELEASE AUTHOR: zirias@FreeBSD.org With the update to 6.04, xscreensaver now uses security/unix-selfauth-helper for PAM authentication. This relies on pam_exec.so, which had a bug causing a segfault on authentication attempts prior to 13.1-RELEASE-p1. For details, please see https://www.freebsd.org/security/advisories/FreeBSD-EN-22:19.pam_exec.asc Make sure your system is fully upgraded, otherwise you might be unable to unlock your screen. 20220825: AFFECTS: users of net/xrdp or net/xrdp-devel AUTHOR: meta@FreeBSD.org After xorg upgrade to 21.1.4, xorgxrdp session doesn't start as before This is because bin/Xorg has been replaced with X server binary wrapper. You must manually edit the Xorg section in etc/xrdp/sesman.ini to get it working again. The following is a short example of where, how to modify sesman.ini. Make sure to replace LOCALBASE with your actual path. [Xorg] ; Specify the path of non-suid Xorg executable. It might differ depending ; on your distribution and version. Find out the appropreate path for your ; environment. The typical path is known as follows: ; ; Fedora 26 or later : param=/usr/libexec/Xorg ; Debian 9 or later : param=/usr/lib/xorg/Xorg ; Ubuntu 16.04 or later : param=/usr/lib/xorg/Xorg ; Arch Linux : param=/usr/lib/Xorg ; CentOS 7 : param=/usr/bin/Xorg or param=Xorg ; CentOS 8 : param=/usr/libexec/Xorg ; -param=Xorg +param=LOCALBASE/libexec/Xorg 20220815: AFFECTS: users of net/keycloak AUTHOR: fernape@FreeBSD.org The flavors -mysql and -postgres were removed, the necessary configuration for those database backends was rolled into the base release by upstream. The configuration files changed completely, so they need to be rebuilt from scratch. 20220807: AFFECTS: users of news/inn AUTHOR: kbowling@FreeBSD.org The inn port has been updated to 2.7 release. Users upgrading from prior versions should read through the announcement for any manual upgrading steps that apply to your environment. https://lists.isc.org/pipermail/inn-announce/2022-July/000015.html 20220711: AFFECTS: users of security/stunnel AUTHOR: zi@FreeBSD.org The stunnel port has been updated to drop privileges to the stunnel user by default. As a result of this change, the pid file location has changed. If you have a running copy of stunnel, you should stop the process before performing the upgrade. Alternatively, you will need to # pkill stunnel;service stunnel start after the upgrade has been completed. 202207XYZ: AFFECTS: users of devel/maven-wrapper and devel/maven AUTHOR: michaelo@apache.org The environment variable M2_HOME has been replaced with more common MAVEN_HOME which can be used to pass a custom Maven home directory. 20220629: AFFECTS: updating x11-servers/xorg-server from a port AUTHOR: se@FreeBSD.org The xorg-server port now has a library dependency on x11/libxcvt, which cannot be installed when the previous version of xorg-server is present. To be able to update xorg-server from a port, the previous version needs to be manually deinstalled to allow libxcvt to be installed. 20220628: AFFECTS: users of Erlang and Elixir AUTHOR: dch@FreeBSD.org For more than a decade, the Elixir Mix tool and the Erlang rebar or erlang.mk build tools have been the de facto way of installing and managing packages for specific applications. All main-stream applications, from Riak, CouchDB, RabbitMQ, Phoenix, and Elixir, expect that packages are fetched and compiled into an OTP Release, with in-built version locking, external package management. There is no point in maintaining a large number of libraries, that are used neither for development, nor operations. Users are directed to https://rebar3.org/ https://erlang.mk/ or https://elixir-lang.org/getting-started/mix-otp/introduction-to-mix.html to fetch custom packages. https://www.freebsd.org/status/report-2021-07-2021-09/#_freebsd_erlang_ecosystem_ports_update 20220626: AFFECTS: users of python AUTHOR: thierry@FreeBSD.org The default version of python3 and python was switched to 3.9. For ports users wanting to keep version 3.8 as default, add DEFAULT_VERSIONS+= python=3.8 python3=3.8 to make.conf Following procedures may ease the upgrade: For users of pre-build packages: # sh # for i in $(pkg query -g %n 'py38-*'); do pkg set -yn ${i}:py39-${i#py38-}; done # pkg upgrade For portmaster users: # sh # portmaster -o lang/python39 python38 # REINSTALL="$(pkg info -o "*py38*" | awk '{printf "%s ", $2}')" # pkg delete -f "*py38*" # portmaster $REINSTALL # REBUILD=$(pkg query -g "%n:%dn" '*' | grep py3 | grep -v py39 | cut -d : -f 1 | sort -u) # portmaster $REBUILD # REBUILD2=$(pkg list | grep python-38 | xargs pkg which | awk '{print $6}' | sort -u) # portmaster $REBUILD2 Final steps (for pre-built packages & portmaster): If no longer required, Python 3.8 can be removed via "pkg remove python38" and the directory /usr/local/lib/python3.8 can then be deleted afterwards, if not empty. 20220625: AFFECTS: users of sysutils/fusefs-bindfs AUTHOR: doralitze@chaotikum.org Bindfs defaults to use direct I/O since version 1.16. While this results in major performance improvements as well as several bug fixes, this also breaks direct legacy calls to mmap. If your application still uses them consider these two options: 1. Mount using `--no-direct-io` 2. Upgrade your application in order to query mapping guards 20220623: AFFECTS: users of science/gramps AUTHOR: fernape@FreeBSD.org databases/py-bsddb3 is deprecated and will be removed in the future. With that gramps will lose the ability to load family trees using Berkeley DB. It is suggested to migrate all family trees using Berkeley DB by exporting them to gramps xml and import that gramps xml into a family tree using sqlite as database. 20220620: AFFECTS: users of www/selenium AUTHOR: fernape@FreeBSD.org The port has changed startup args so if you are using selenium_args= in rc.conf you need to add the parameter "standalone" manually. 20220616: AFFECTS: users of net-mgmt/netbox AUTHOR: kai@FreeBSD.org /!\ WARNING /!\ The NetBox 3.2 release contains major changes, so at least items 1.), 2.) and 3.) must be checked before proceeding with the upgrade! /!\ WARNING /!\ 1. This release includes a database migration that will remove the "asn", "contact_name", "contact_phone", and "contact_email" fields from the site model. (These fields have been superseded by the ASN and contact models introduced in NetBox v3.1.) To protect against the accidental destruction of data, the upgrade process will fail if any sites still have data in any of these fields. To bypass this safeguard, set the NETBOX_DELETE_LEGACY_DATA environment variable when running the upgrade script, which will permit the destruction of legacy data. A set of migration scripts is available to assist with the migration of legacy site data: https://github.com/netbox-community/migration-scripts 2. NetBox v3.2 requires Python 3.8 or later. 3. If the NetBox Plugin "net-mgmt/py-netbox-plugin-extension" is used, please disable it before the migrations are applied. This can be done by removing the entry "netbox_plugin_extensions" from the "PLUGINS" section in the NetBox configuration. Once the upgrade is done, this port/package can be safely removed as it's no longer required. 4. Please also check the pkg-message and the changelogs for further info. 20220608: AFFECTS: devel/autoconf-wrapper, devel/autoconf213 AUTHOR: tijl@FreeBSD.org These ports have been renamed to devel/autoconf-switch and devel/autoconf2.13 respectively. If your favourite port updating tool cannot handle that then just remove the packages with "pkg delete" and then install the new port. 20220607: AFFECTS: security/openssh-portable AUTHOR: bdrewery@FreeBSD.org OpenSSH has been updated to 9.0p1 with incompatible changes. See https://www.openssh.com/txt/release-9.0 for details. 20220602: AFFECTS: sysutils/graylog AUTHOR: dch@FreeBSD.org Graylog 4.3.0+ fails to start if graylog's internal collector for system statistics is enabled. This will eventually be addressed upstream. Add disable_native_system_stats_collector=true to your graylog.conf. 20220513: AFFECTS: devel/nexus2-oss AUTHOR: michael.osipov@siemens.com Nexus 2.15.x introduces incompatible configuration changes. You must review changes in ETCDIR/wrapper.conf and ETCDIR/jetty*.xml with updated samples as well as NEXUS_WORKDIR/conf/logback-nexus.xml with its origin from DATADIR/nexus/WEB-INF/lib/nexus-core-VERSION.jar!/META-INF/log/logback-nexus.xml, grant write access to files in ETCDIR since Nexus itself might update files in place otherwise your instance will not properly work after the update. 20220510 AFFECTS: sysutils/zrepl AUTHOR: monwarez@gmail.com The zrepl update to 0.5.0.8 includes the following breaking changes: - The Prometheus metric zrepl_version_daemon was converted to zrepl_start_time The metric still reports the zrepl version in a label. But the metric *value* is now the Unix timestamp at the time the daemon was started. The Grafana dashboard in zrepl examples directory has been updated. 20220502: AFFECTS: mail/mutt AUTHOR: dereks@lifeofadishwasher.com Default header cache option has been changed to the new option LMDB using databases/lmdb. The BDB option still exists but now uses databases/db18 due to the EOL of databases/db5. 20220501: AFFECTS: users of drm-current-kmod and drm-devel-kmod AUTHOR: manu@FreeBSD.org Both ports where removed. If you were using either one of them directly (i.e. without using graphics/drm-kmod metaport) use graphics/drm-510-kmod. If you have some problems with this one try drm-54-kmod and report a bug on https://github.com/freebsd/drm-kmod. 20220428: AFFECTS: users of databases/redis AUTHOR: yasu@FreeBSD.org The databases/redis port has been updated to 7.0. Users wanting to stay on 6.2 can replace databases/redis with databases/redis62 with one of the following commands. If you use pkg with binary packages: # pkg set -o databases/redis:databases/redis62 # pkg upgrade If you use portmaster: # portmaster -o databases/redis62 databases/redis If you use portupgrade: # portupgrade -o databases/redis62 databases/redis 20220426: AFFECTS: users of deskutils/grantleetheme AUTHOR: kde@FreeBSD.org The pkg update of deskutils/grantleetheme to 22.04 can fail due to a filesystem location having changed from being a file to being a directory. This leads to pkg's temporary file creation throwing an error. To update to KDE Gear 22.04 please run # pkg delete -f grantleetheme prior to the update. 20220424: AFFECTS: users of emulators/qemu AUTHOR: bofh@FreeBSD.org emulators/qemu has been updated to 7.0.0. Previous 6.2.X branch has been repocopied to emulators/qemu6. If someone wants to stick with 6.2.X branch please use one of the following command: # pkg install qemu6/qemu6-nox11(based on flavor used) or # portmaster -o emulators/qemu6 emulators/qemu or # portupgrade -o emulators/qemu6 emulators/qemu 20220421: AFFECTS: users of lang/ruby27 AUTHOR: yasu@FreeBSD.org The default ruby version has been updated from 2.7 to 3.0. If you compile your own ports you may keep 2.7 as the default version by adding the following lines to your /etc/make.conf file: # # Keep ruby 2.7 as default version # DEFAULT_VERSIONS+=ruby=2.7 If you wish to update to the new default version, you need to first stop any software that uses ruby. Then, you will need to follow these steps, depending upon how you manage your system. If you use pkg, simply upgrade: # pkg upgrade If you do not use pkg, please check entry 20190420. The description there should also work for this version. 20220413: AFFECTS: users of net-im/py-matrix-synapse AUTHOR: ports@skyforge.at Synapse will now refuse to start up if open registration is enabled, in order to help mitigate abuse across the federation. If you would like to provide registration to anyone, consider adding email, recaptcha or token-based verification in order to prevent automated registration from bad actors. This check can be disabled by setting the enable_registration_without_verification option in your homeserver configuration file to true. More details are available in the upgrade notes[0]. Synapse will additionally now refuse to start when using PostgreSQL with a non-C values for COLLATE and CTYPE, unless the config flag allow_unsafe_locale, found in the database section of the configuration file, is set to true. See the upgrade notes[1] for details. [0] https://matrix-org.github.io/synapse/v1.56/upgrade.html#open-registration-without-verification-is-now-disabled-by-default [1] https://matrix-org.github.io/synapse/v1.56/upgrade#change-in-behaviour-for-postgresql-databases-with-unsafe-locale 20220410: AFFECTS: users of sysutils/screen AUTHOR: cy@FreeBSD.org As of sysutils/screen-4.9.0_5, the MULTUSER option is default, reverting to the traditional setuid-root behavior. People who wish to secure their screen install must terminate all screen sessions, then install screen without the MULTIUSER option. The option was reversed because it caused too much astonishment among users of screen. 20220401: AFFECTS: security/sshguard AUTHOR: kevinz5000@gmail.com Blacklisting is now disabled by default to avoid overriding the setting in sshguard.conf. To enable blacklisting, uncomment the BLACKLIST_FILE line in sshguard.conf. 20220329: AFFECTS: users of sysutils/screen AUTHOR: cy@FreeBSD.org As of sysutils/screen-4.9.0_3, the multiuser feature is not supported by default. The multiuser feature requires setuid root to function. This creates a security risk. Some Linux distributions have had non-setuuid root screen for a dozen or more years. FreeBSD is following suit. A new MULTIUSER option has been added to enable users to install setuid root screen. The MULTIUSER option default is OFF. Users who wish to use the multiuser feature may, - Build screen using the MULTIUSER option, or - Poudriere users can use poudriere-options to enable the MULTIUSER option, or - Users can chmod the setuid bit for ${LOCALBASE}/bin/screen-4.9.0, making screen setuid root to enable the multiuser feature. 20220326: AFFECTS: users of misc/freebsd-doc-* AUTHOR: blackend@FreeBSD.org A change to the doc toolchain prevents the build of individual localized HTML versions of the documentation without building the en_US version. HTML option is currently disabled until a good solution is found. PDF version, the default option, is now the only available option. Please re-run "make config" to pick up this new default. 20220313: AFFECTS: users of net/unison AUTHOR: madpilot@FreeBSD.org unison has been updated to version 2.52. The new version introduces a new wire protocol and on disk archive format. This new version is compatible with 2.51 clients for communication, so it's now possible to upgrade one side and then the other. The archive files are automatically converted to the new version, but once they are converted the y are incompatible with the previous version. In case you need version 2.51, the previous version of the port is preserved in net/unison251. 20220311: AFFECTS: users of multimedia/get_iplayer AUTHOR: jamie@catflap.org get_iplayer has a number of changes to quality settings that may break existing configurations. Please see the release notes for further information: https://github.com/get-iplayer/get_iplayer/wiki/release320to329#release329 20220311: AFFECTS: users of emulators/virtualbox-ose AUTHOR: grembo@FreeBSD.org In order to comply to hier(7), VirtualBox's configuration of non-default IP ranges to be used in host-only mode moved from /etc/vbox/networks.conf to ${LOCALBASE}/etc/vbox/networks.conf. 20220311: AFFECTS: users of net/nats-server AUTHOR: olgeni@FreeBSD.org A dedicated 'nats' user was added, replacing 'nobody' in the startup script. You should check your configuration and assign updated ownership to your data files. 20220227: AFFECTS: users of graphics/bmeps AUTHOR: takefu@airport.fm The binary and man page have been renamed from bmpp{.1.gz} to bitmap2pp{.1.gz} 20220225: AFFECTS: users of x11-toolkits/py-wxPython40 AUTHOR: lbartoletti@FreeBSD.org x11-toolkits/py-wxPython40 has been removed to be replaced by the 4.1 version. However the new wxPython ports is now named x11-toolkits/py-wxPython4. Depending on the tools you use, you may have to remove the port before ports upgrade. 20220224: AFFECTS: users of net-im/openfire AUTHOR: nikita@druba.su The port version have been updated from 4.6.x to 4.7.x. It is recommended to do database and configs backup before updating. 20220219: AFFECTS: users of sysutils/intel-pcm-devel AUTHOR: egypcio@FreeBSD.org sysutils/intel-pcm-devel became quite obsolete once sysutils/intel-pcm is now pretty much following a constant and stable update cycle, so users of the -devel version are encouraged to switch to it. If you still have sysutils/intel-pcm-devel installed, please delete it from your system and install sysutils/intel-pcm instead: # pkg delete sysutils/intel-pcm-devel # pkg install sysutils/intel-pcm 20220219: AFFECTS: users of math/qhull* AUTHOR: stephen@FreeBSD.org Because of entries in MOVED, portupgrade can get confused updating qhull. It is recommended that you delete qhull and ports depending upon it, and then reinstalling all the dependent ports. 20220218: AFFECTS: users of TeX* AUTHOR: bofh@FreeBSD.org TeX system has been updated to 2021 from 2015. Normal pkg upgrade or portmaster -a should handle all the upgrade properly. In case not please create a ticket or send a mail to tex@FreeBSD.org print/tex-aleph has been removed as per upstream. This package should be removed manually. Additionally users have reported to delete texlive-texmf prior to starting update, or pkg-static will indicate there is a conflict during the upgrade of texlive-base : # pkg remove tex-aleph texlive-texmf 20220218: AFFECTS: users of net-mgmt/librenms AUTHOR: dvl@FreeBSD.org The storage directory has moved from WWWDIR to /var/db/librenms/storage to comply with man 7 hier. When upgrading, you may need to manually create this symlink. 20220212: AFFECTS: users of lang/php8[01][-extensions]? AUTHOR: bofh@FreeBSD.org Non-Default OPTION MYSQL80 has been removed in lieu of making php8[01]-openssl as part of DEFAULT php8[01] installation. Although for php74 it is not the case. Ports that depends on security/php8[01]-openssl will no longer be installed as these have been removed. There is no side effect of this for ports which have USE_PHP=openssl. In case for php74 as the default php74-openssl will be installed otherwise it will be used from php installation. If you are using pkg, you have to remove php8[01]-openssl manually after the upgrade : # pkg info \*php8\* > ~/installed-php-ports-list # pkg upgrade -y # pkg delete -f php8[01]-openssl # service -R While rebuilding from ports users old php.conf is not overwritten. So have to manually remove the ports. For portmaster users: # sh # REINSTALL="$(pkg info -o "*php80*" | grep -v openssl | awk '{printf "%s ", $2}')" # pkg delete -f "*php80*" # portmaster $REINSTALL # portmaster -a 20220207: AFFECTS: users of security/amavisd-new AUTHOR: flo@FreeBSD.org Amavis does now depend on archivers/7-zip (7zz) you might need to update your amavisd.conf and replace all ocurances of p7zip (7zr) accordingly. 20220129: AFFECTS: users of editors/neovim AUTHOR: adamw@FreeBSD.org Neovim now uses luajit-openresty as the Lua provider. Many neovim plugins compile some of their code (Packer does this, as do many LSP plugins). Neovim will produce errors and fail to load the plugins. Deleting and reinstalling any plugins that produce errors should fix the startup. If you use Packer, you also want to delete the startup cache: # rm -rf ~/.config/nvim/plugin/packer_compiled.lua 20220128: AFFECTS: users of x11-fonts/source-sans-ttf AUTHOR: fernape@FreeBSD.org The font name has changed its prefix from SourceSansPro* to SourceSans*. Users of this font might need to change their configurations to pick up the new names. 20220128: AFFECTS: users of net-im/dendrite AUTHOR: ashish@FreeBSD.org The configuration needs to be updated to version 2 following upgrade to Dendrite v0.6. Please refer to /usr/local/etc/dendrite/dendrite.yaml.sample for a sample configuration. 20220127: AFFECTS: users of PyQt AUTHOR: kde@FreeBSD.org Most of the PyQt ports have been merged into single port devel/py-qt5-pyqt. `pkg upgrade` will handle update automatically . 20220126: AFFECTS: users of mail/bogofilter, mail/bogofilter-lmdb AUTHOR: mandree@FreeBSD.org The default version of mail/bogofilter now uses LMDB instead of Berkeley DB. It is not compatible and cannot read databases. Your options are: 1. use bogoutil on each wordlist for each of your users first, ONLY THEN reinstall bogofilter, THEN reload the databases with bogoutil, OR 2. install the matching bogofilter version and If you had been using bogofilter-lmdb so far, install bogofilter. If you had been using bogofilter so far, install bogofilter-bdb. 20220125: AFFECTS: users of lang/php74 AUTHOR: tz@FreeBSD.org The default version of PHP has been switched from 7.4 to 8.0. If you use binary packages you should make a list of php packages before running 'pkg upgrade': # pkg info \*php7\* > ~/installed-php-ports-list After the upgrade, check with such list if all your php extensions are still installed, and reinstall them if needed. If you use mod_php74 you need to deinstall it and install mod_php80. 20220120: AFFECTS: users of x11-wm/dwm AUTHOR: 0mp@FreeBSD.org dwm has been updated to 6.3. The option RUGAPS is no longer available because it depends on a patch only available for version 6.2. RUGAPS can be reintroduced if desired once it is ported to 6.3 by the interested party. 20220118: AFFECTS: users of net-mgmt/netbox AUTHOR: kai@FreeBSD.org 1. Please make sure that the PostgreSQL server for the NetBox instance is running version 10 or higher. This is because PostgreSQL 9.6 is End-of-Life since November 2021 and NetBox 3.1 makes use of the "macaddr8" field which was introduced with PostgreSQL 10. 2. Please also check the pkg-message and the changelogs for further info. 20220110: AFFECTS: users of security/bastillion AUTHOR: netchild@FreeBSD.org If you already performed the actions of the next entry, the following action in this entry needs to be performed regardless. If you did not already perform the actions of the next entry, only the action of this entry needs to be performed. The datastore of bastillion needs to be upgraded (if you do not see users / can not login, you forgot to upgrade it): java -jar %%PREFIX%%/jetty_bastillion/upgrade/bastillion-upgrade-4.00.01.jar %%PREFIX%%/jetty_bastillion/bastillion/WEB-INF/classes/BastillionConfig.properties 20220104: AFFECTS: users of security/bastillion AUTHOR: netchild@FreeBSD.org The datastore of bastillion needs to be upgraded (if you do not see users / can not login, you forgot to upgrade it): java -jar %%PREFIX%%/jetty_bastillion/upgrade/bastillion-upgrade-4.00.00.jar %%PREFIX%%/jetty_bastillion/bastillion/WEB-INF/classes/BastillionConfig.properties 20220102: AFFECTS: users of sysutils/py-azure-cli AUTHOR: dbaio@FreeBSD.org When upgrading to Azure CLI v2.31.0, you will need to re-authenticate on Azure services. $ az login --use-device-code Starting in version 2.30.0, Azure CLI uses MSAL as the underlying authentication library. MSAL uses AAD v2.0 authentication flow to provide more functionality and increases security for token cache. More info: https://docs.microsoft.com/en-us/cli/azure/msal-based-azure-cli 20211220: AFFECTS: users of devel/notcurses AUTHOR: nickblack@linux.com Notcurses 3 introduces a new SONAME and significant API/ABI changes. Dependent applications must be recompiled at a minimum. A complete guide to updating for the new API is available under "Porting API2 Applications to API3" at https://github.com/dankamongmen/notcurses/releases/tag/v3.0.0 20211220: AFFECTS: users of net-im/openfire AUTHOR: nikita@druba.su The port options have been renamed to be more readable. When not using the default options, they have to be regenerated. # cd /usr/ports/net-im/openfire # make config 20211213: AFFECTS: users of emulators/qemu-utils AUTHOR: bofh@FreeBSD.org New port emulators/qemu@tools has been introduced which is similar to emulators/qemu-utils. qemu-utils has also been DEPRECATED in favor for this as it's MASTER port has also been marked DEPRECATED and set to expire on 2022-01-09. For updating to qemu-tools please use one of the following command: # pkg install qemu-tools or # portmaster -o emulators/qemu-utils emulators/qemu@tools 20211116: AFFECTS: users of emulators/qemu50 AUTHOR: bofh@FreeBSD.org emulators/qemu50 has been moved to emulators/qemu5 and updated to 5.2.0 which is the last version from 5.X.X branch. This is done in preparation of updating emulators/qemu into latest 6.X branch. If someone wants to stick with 5.X.X branch please use one of the following command: # pkg install qemu5 or # portmaster -o emulators/qemu50 emulators/qemu5 This version also introduces a stripped nox11 version which can be installed with: # pkg install qemu5-nox11 or # portmaster emulators/qemu5@nox11 20211115: AFFECTS: AFFECTS: users of *-emacs2x-* packages AUTHOR: jrm@FreeBSD.org To avoid problems when editors/emacs or editors/emacs-devel are updated, the emacs major version has been removed from these package names. For example, the old and new package names of devel/magit are ----------------------------------------------------------- | Old Package Name | New Package Name | |-------------------------- |-----------------------------| | magit-emacs27 | magit | | magit-emacs27_nox | magit-emacs_nox | | magit-emacs27_canna | magit-emacs_canna | | | | | magit-emacs29_nox | magit-emacs_devel_nox | | magit-emacs29 | magit-emacs_devel | ----------------------------------------------------------- To handle these final package name changes, follow a similar procedure as the one described in the 20200811 entry. That is, simply running `pkg upgrade` will not upgrade, e.g., foo-emacs27_nox to foo-emacs_nox. Binary package users: To update these packages, run these commands under /bin/sh with superuser privileges before upgrading. # default flavor of editors/emacs installed for i in $(pkg query -g %n '*-emacs27'); do if [ "$i" != "notmuch-emacs27" ]; then nn=$(echo "$i" | sed -e 's/-emacs27//') else nn=$(echo "$i" | sed -e 's/-emacs27/-emacs/') fi pkg set -yn "$i":"$nn" done # canna or nox flavor of editors/emacs installed for i in $(pkg query -g %n '*-emacs27*'); do nn=$(echo "$i" | sed -e 's/emacs27/emacs/') pkg set -yn "$i":"$nn" done # editors/emacs-devel installed for i in $(pkg query -g %n '*-emacs29*'); do nn=$(echo "$i" | sed -e 's/emacs29/emacs_devel/') pkg set -yn "$i":"$nn" done portmaster users: portmaster -r emacs 20211110: AFFECTS: users of www/node*, www/npm*, www/yarn* AUTHOR: mfechner@FreeBSD.org The port framework was updated to use a default version for nodejs. The default version is pointing to the latest LTS version which is currently version 16. You can overwrite this by defining in /etc/make.conf, e.g. version 17: DEFAULT_VERSIONS=nodejs=17 Or if you would like to stick always to the current version use: DEFAULT_VERSIONS=nodejs=current If you would like to use yarn or npm together with nodejs version 17, just install the package that is pulling the wanted dependency to nodejs: # pkg install yarn-node17 # pkg install npm-node17 20211109: AFFECTS: users of security/libressl AUTHOR: brnrd@FreeBSD.org The port has been updated to the latest stable version 3.4 of LibreSSL. The shared library versions of the libraries have been bumped. After upgrading, manually update all packages that depend on any of the libraries provided by LibreSSL (libssl, libcrypto and libtls) since the versions of these libraries have changed. Normally, you can obtain the list of dependent software by running the following command: # pkg info -r libressl Then you should rebuild all ports depending on libressl to avoid dangling shared library dependencies. 20211107: AFFECTS: users of sysutils/devcpu-data AUTHOR: jrm@FreeBSD.org The RC variable name microcode_cpus is now deprecated. Users should instead use the variable microcode_update_cpus. Two new ports were branched from sysutils/devcpu-data, sysustils/devcpu-data-amd and sysustils/devcpu-data-intel. The two new ports contain only the CPU microcode updates for each vendor and sysutils/devcpu-data now only contains an RC script. Both new ports are on-by-default, optional dependencies of sysutils/devcpu-data. 20211101: AFFECTS: users of textproc/redisearch AUTHOR: osa@FreeBSD.org The textproc/redisearch port has been updated to the recent stable release - v2.2. Users wanting to stay on v2.0 can replace textproc/redisearch with textproc/redisearch20 with one of the following commands: # pkg install textproc/redisearch20 or # portmaster -o textproc/redisearch20 textproc/redisearch or # portupgrade -o textproc/redisearch20 textproc/redisearch NOTE: The textproc/redisearch20 brings a new name for the module, i.e. redisearch20.so, so be careful. 20211024: AFFECTS: sysutils/beats7 AUTHOR: otis@FreeBSD.org The following breaking changes apply to beats 7.15.0 and newer: - All beats: Loading Kibana assets (dashboards, index templates) rely on Saved Object API. So to provide a reliable service, Beats can only import and export dashboards using at least Kibana 7.15. - Filebeat: - Remove all alias fields pointing to ECS fields from modules. This affects the Suricata and Traefik modules. - Fix Crowdstrike ingest pipeline that was creating flattened process fields. - Rename log.path to log.file.path in filestream to be consistent with log input and ECS. - Heartbeat: - Remove long deprecated watch_poll functionality. - Fix inconsistency in event.dataset values between heartbeat and fleet by always setting this value to the monitor type / fleet dataset. - Metricbeat: - Fix Elasticsearch jvm.gc.collectors.old being exposed as young Full changelog: https://www.elastic.co/guide/en/beats/libbeat/current/release-notes-7.15.0.html https://www.elastic.co/guide/en/beats/libbeat/current/release-notes-7.15.1.html 20211024: AFFECTS: users of databases/postgresql* and other software using PostgreSQL to run AUTHOR: kbowling@FreeBSD.org The default version of PostgreSQL has been switched from 12 to 13. The upgrade procedure can use up twice the space the databases currently needs. If you have a big amount of stored data take a closer look at the manpage of pg_upgrade for avoidance and/or speedup of the upgrade. The upgrade instructions consider a basic usage and do not match complex scenarios like replication, sharding, or similar. Upgrade instructions: First stop your PostgreSQL, create PostgreSQL-binaries and backup your data. If you have another Version of PostgreSQL installed, for example 12.8, your files are named according to this. # service postgresql stop # pkg create postgresql12-server postgresql12-contrib # mkdir /tmp/pg-upgrade # tar xf postgresql12-server-12.8.pkg -C /tmp/pg-upgrade # tar xf postgresql12-contrib-12.8.pkg -C /tmp/pg-upgrade # pkg delete -f databases/postgresql12-server databases/postgresql12-contrib databases/postgresql12-client Now update PostgreSQL: pkg user: # pkg install databases/postgresql13-server databases/postgresql13-contrib # pkg upgrade Portmaster users: # portmaster databases/postgresql13-server databases/postgresql13-contrib # portmaster -a Portupgrade users: # portinstall databases/postgresql13-server databases/postgresql13-contrib # portupgrade -a After installing the new PostgreSQL version you need to convert all your databases to new version: # su -l postgres -c "/usr/local/bin/initdb --encoding=utf-8 --lc-collate=C -D /var/db/postgres/data13 -U postgres" # su -l postgres -c "pg_upgrade -b /tmp/pg-upgrade/usr/local/bin/ -d /var/db/postgres/data12/ -B /usr/local/bin/ -D /var/db/postgres/data13/ -U postgres " Now the migration is finished. You can start PostgreSQL again with: # service postgresql start ATTENTION: 1) The default user changed from "pgsql" to "postgres" in 11. The migration steps above now assume the "postgres" database user and FreeBSD user. 2) See the updating entry 20190829 if you are updating from a release prior to 11. 3) If you use non-default initdb options, you have to adjust the initdb-command accordingly 20211023: AFFECTS: users of www/node AUTHOR: bhughes@FreeBSD.org The www/node port has been updated to Node.js v17.0.0, the latest upstream release. A new port, www/node16, has been created for the upcoming v16.x LTS branch. Users wanting to stay on v16.x can replace www/node with www/node16 with one of the following commands: # pkg install www/node16 or # portmaster -o www/node16 www/node or # portupgrade -o www/node16 www/node 20211012: AFFECTS: users of devel/git AUTHOR: garga@FreeBSD.org devel/git port was split into multiple sub-ports that depend on devel/git and install additional files: - devel/git-cvs - CVS related scripts and man pages - devel/git-gui - GUI related scripts and man pages - devel/git-p4 - Perforce related scripts and man pages - devel/git-svn - Subversion related scripts and man pages Due to these changes, CVS, GUI, PERFORCE, and SUBVERSION options as well as gui and svn flavors were removed from the port. 20211010: AFFECTS: users of gtk2 flavored devel/geany* AUTHOR: madpilot@FreeBSD.org Upstream dropped support for gtk2. Due to this the ports are now unflavored, installing only with gtk3 support. If you are already using the default gtk3 flavor will get the new version with a simple "pkg upgrade". To upgrade when using the gtk2 flavors you need to use "pkg install" to install the new unflavored gtk3 packages, pkg will automatically uninstall the old gtk2 flavors. If using ports, you will need to uninstall all geany packages and its plugins and reinstall from an updated ports tree. The "geany-plugin-multiterm" plugin was only available as a gtk2 flavor when installing the gtk2 flavor of geany and has not been ported to gtk3, so has been removed from the tree, so the geany-plugin-multiterm-gtk2 package should be removed from the system. 20211007: AFFECTS: user of security/clamav AUTHOR: yasu@FreeBSD.org Upstream changed end-of-life policy and introduced long time support (LTS) feature release. * LTS feature release will be identified approximately every two years and supported for at least three years from the initial publication date of that LTS feature version. * Regular (non-LTS) feature releases will be supported for at least four months from the initial publication date of the next feature release or until the feature release after that is published. According to it new port security/clamav-lts is added for users who want to use LTS version of ClamAV. Users wanting to switch to LTS version can replace security/clamav with security/clamav-lts with one of following commands. If you use pkg with binary packages: # pkg set -o security/clamav:security/clamav-lts # pkg upgrade If you use portmaster: # portmaster -o security/clamav-lts security/clamav If you use portupgrade: # portupgrade -o security/clamav-lts security/clamav 20211006: AFFECTS: users of misc/freebsd-doc-* AUTHOR: blackend@FreeBSD.org The misc/freebsd-doc-* ports have been updated to the new doc toolchain, and use a somewhat different arrangement of directories and symlinks, which pkg 1.17 does not handle well. Users are encouraged to delete the misc/freebsd-doc-* ports, then reinstall the new ones without using the pkg upgrade facility. 20211006: AFFECTS: users of net/kafkacat AUTHOR: sergey@akhmatov.ru kafkacat has been renamed to kcat upstream. So switch to net/kcat instead. 20211004: AFFECTS: users of net-mgmt/netbox AUTHOR: kai@FreeBSD.org /!\ WARNING /!\ The NetBox 3.0 release contains major changes, so at least items 1.), 2.) and 3.) must be checked before proceeding with the upgrade! /!\ WARNING /!\ 1. Please ensure that your local installation of net-mgmt/netbox is at the 2.11 release before attempting to upgrade to NetBox 3.0 or later. 2. Please also note that the previously deprecated secrets functionality has been removed with NetBox 3.0. This means, all of the secrets still remain in the database once upgraded, only the secrets functionality on the part of NetBox is no longer given. In order to continue to be able to access the stored secrets as usual (and then possibly migrate them to another solution, e.g. security/vault), please install the security/py-netbox-secretstore port once NetBox has been upgraded to 3.x and follow its installation instructions how to enable the plugin. 3. If plugins are used, they should be temporarily deactivated to avoid disruptions during the upgrade process. 4. Please also check the pkg-message and the changelogs for further info. 20211004: AFFECTS: users of www/py-pyjwt AUTHOR: rhurlin@FreeBSD.org To make it possible to easily import py-pyjwt v2.x the current port was moved to a versioned directory. If you use portmaster: portmaster -o www/py-pyjwt1 www/py-pyjwt If you use portupgrade: portupgrade -fo www/py-pyjwt1 www/py-pyjwt If you use pkg with binary packages: pkg set -o www/py-pyjwt:www/py-pyjwt1 20210912: AFFECTS: x11-wm/cage, x11-wm/hikari, x11-wm/labwc, x11-wm/sway, x11-wm/wayfire AUTHOR: jbeich@FreeBSD.org SUID option has been removed in favor of seatd-launch(1) which doesn't require special handling in every consumer and doesn't bypass group permissions. If you've already enabled seatd service or use consolekit2 then nothing changes. Otherwise, $ sway 00:00:00.001 [ERROR] [wlr] [libseat] [libseat/libseat.c:83] No backend was able to open a seat 00:00:00.001 [ERROR] [wlr] [backend/session/session.c:84] Unable to create seat: Function not implemented 00:00:00.001 [ERROR] [wlr] [backend/session/session.c:218] Failed to load session backend 00:00:00.001 [ERROR] [wlr] [backend/backend.c:353] Failed to start a DRM session 00:00:00.001 [ERROR] [sway/server.c:53] Unable to create backend can be fixed by $ ck-launch-session sway or $ seatd-launch sway or # sysrc seatd_enable=YES # service seatd start $ sway Replace "sway" with your compositor e.g., "cage", "hikari", "labwc", "wayfire". 20210907: AFFECTS: consumers of math/eigen[23] AUTHOR: adridg@FreeBSD.org math/eigen2 has been marked deprecated. There do not seem to be any consumers in FreeBSD ports. math/eigen3 has had its options re-vamped. The default options previously pulled in multiple useless library dependencies. The options also forced a specific BLAS implementation. The new options depend only on the default BLAS (whatever USES=blaslapack picks), but this can be turned off. The previous multiple useless libraries -- which are not useless when running the tests in Eigen -- are now hidden behind the default-off TEST option. Users of a carefully-tuned Eigen build should re-evaluate the options available. 20210902: AFFECTS: users of editors/vim AUTHOR: adamw@FreeBSD.org The vim ports have been completely reworked to take advantage of flavors. The biggest change is that the `vim' package is now console-only. If you want the GTk3 GUI, you'll need to install the `vim-gtk3' package instead. All the GUI toolkits have their own package now: vim-gtk3, vim-gtk2, -athena, -motif, and -x11. The vim-tiny package still exists. Also: only python3 bindings are included now. There are very few plugins written in Perl or Ruby, so there really wasn't a need to bundle those languages with Vim. They still exist as OPTIONS, so you can still enable them if you'd like. Also, support for py27 has been dropped. 20210901: AFFECTS: users of audio/ampache AUTHOR: crees@FreeBSD.org With the upgrade to Ampache 5.0.0, the root Ampache folder has changed to %%WWWDIR%%/ampache/public. Please update your web server aliases, for example if you use Apache, then in httpd.conf make sure the lines look like this: Alias /ampache /usr/local/www/ampache/public If you have customised your .htaccess files to allow for a different alias, you'll need to move them to the new location after upgrading: # sh -c 'cd /usr/local/www/ampache && for f in */.htaccess; do mv $f public/$f; done' More upgrade notes can be found on Github: https://github.com/ampache/ampache/releases/tag/5.0.0 20210823: AFFECTS: users of mail/mu AUTHOR: hrs@FreeBSD.org mail/mu now uses XDG Base Directory Specification for the default locations for various files. The mu database now lives under ~/.cache/mu rather than ~/.mu by default. After upgrading, move the contents under ~/.mu to ~/.cache/mu. 20210823: AFFECTS: users of mail/postfixadmin AUTHOR: ports.maintainer@evilphi.com The 3.2->3.3 upgrade requires generating a new setup password hash. The normal post-upgrade visit to setup.php will walk you through the steps. For more information, see the "Version 3.3" section of the change log: https://github.com/postfixadmin/postfixadmin/blob/postfixadmin-3.3.9/CHANGELOG.TXT 20210818: AFFECTS: users of databases/redis AUTHOR: osa@FreeBSD.org The databases/redis port has been updated to the recent stable release. Users wanting to stay on v6.0 can replace databases/redis with databases/redis6 with one of the following commands: # pkg install databases/redis6 or # portmaster -o databases/redis6 databases/redis or # portupgrade -o databases/redis6 databases/redis 20210805: AFFECTS: users of sysutils/beats7 AUTHOR: otis@FreeBSD.org Beats may not be sending data to some distributions of Elasticsearch In this release, Elastic is enabling a licensing change that was broadly communicated earlier in 2021. This change would imply that 7.13 instances of Beats would fail to connect to 7.10 or earlier open source distributions of Elasticsearch and Kibana. The most visible effect is that sysutils/beats7 users can expect difficulties to send data to Elastic instances hosted in AWS. For more information, see: https://www.elastic.co/guide/en/beats/libbeat/current/breaking-changes-7.13.html 20210801: AFFECTS: users of OpenLDAP AUTHOR: delphij@FreeBSD.org SASL is now always enabled for OpenLDAP. If you use portmaster: portmaster -o net/openldap24-client openldap-sasl-client If you use portupgrade: portupgrade -fo net/openldap24-client openldap-sasl-client If you use pkg with binary packages: pkg set -o net/openldap24-sasl-client:net/openldap24-client 20210730: AFFECTS: users of multimedia/mlt, multimedia/mlt-qt and multimedia/py-mlt AUTHOR: kde@FreeBSD.org multimedia/{py-,}mlt{-qt5,} has been moved to multimedia/{py-,}mlt6{-qt5,} to make room for importin the next major version of the mlt framework. 20210721: AFFECTS: users of x11/rxvt-unicode AUTHOR: thierry@FreeBSD.org Since 9.26, there is a regression in resource parsing, which no longer accepts a prefix of the form "URxvt*keysym" ("*." is equivalent to "*"). Changing "*." to "." should make your bindings work again. 20210704: AFFECTS: users of misc/qtchooser AUTHOR: kde@FreeBSD.org QtChooser allows you to select your version of Qt among those installed. However, this tool is no longer supported upstream and will not be available for Qt6. By default, our Qt installations are done in: ${LOCALBASE}/lib/qt${QT_VERSION} as recommended. We have added symbolic linking for the main binaries to ${LOCALBASE}/bin with the suffix -qt5. 20210628: AFFECTS: users of misc/openhab AUTHOR: netchild@FreeBSD.org You need to run sed -i -e 's:^karaf.framework.equinox=.*:karaf.framework.equinox=mvn\:org.eclipse.platform/org.eclipse.osgi/3.16.200: ; s:^karaf.framework.felix=.*:karaf.framework.felix=mvn\:org.apache.felix/org.apache.felix.framework/6.0.4:' /var/db/openhab/userdata/etc/config.properties to update the version numbers of some components in a config file. 20210621: AFFECTS: users of www/gitlab-ce AUTHOR: mfechner@FreeBSD.org The upgrade of Gitlab 14.0.0 is in preparation. You must upgrade first to 13.12. For more information see here: https://about.gitlab.com/blog/2021/06/04/gitlab-moving-to-14-breaking-changes/ To do the upgrade, make sure you follow the upgrade manuals: https://gitlab.fechner.net/mfechner/Gitlab-docu/-/tree/master/update I will merge the 14.0.0 upgrade later to quarterly branch to give you some time for the upgrade to 13.12. 20210620: AFFECTS: users of misc/openhab2 AUTHOR: netchild@FreeBSD.org The openhab v3 port has been committed. Upstream has removed the version from the name, as such the FreeBSD port follows in all places (start script name, directory names, ...). Users are encouraged to migrate from misc/openhab2 to misc/openhab. No automatic config migration is available Both versions can be installed in parallel, but an users has to take care to not run both at the same time on the same port. 20210617: AFFECTS: users of graphics/mesa-libs and x11/nvidia-driver AUTHOR: kbowling@FreeBSD.org Some libraries from mesa-libs are now provided by libglvnd while others were renamed. nvidia-driver already used libglvnd but bundled a copy which is now provided as a separate package. When building outside poudriere make sure to remove mesa-libs and nvidia-driver first in order to avoid conflict with libglvnd. For portmaster users: # pkg delete -f mesa-libs nvidia-driver # portmaster -a For portupgrade users: # pkg delete -f mesa-libs nvidia-driver # portupgrade -a 20210523: AFFECTS: users of www/tt-rss AUTHOR: dereks@lifeofadishwasher.com tt-rss config.php syntax has changed. You can find detailed changes here https://tt-rss.org/wiki/GlobalConfig or look at config.php.sample. Expect your config.php to not work with newer www/tt-rss releases. Due to changes in ttrssd before updating you should stop ttrssd or otherwise kill the php process running update_daemon2.php. 20210516: AFFECTS: users of security/bitwarden_rs AUTHOR: mr@FreeBSD.org bitwarden_rs has been renamed to vaultwarden upstream. So switch to security/vaultwarden instead. 20210515: AFFECTS: users of databases/postgresql??-server AUTHOR: girgen@FreeBSD.org The rc.conf parameter for the login class of the postgresql daemon has changed name from postgresql_class to postgresql_login_class. rc.subr(8) states that the parameter should be named ${name}_login_class. 20210512: AFFECTS: users of sysutils/ansible* AUTHOR: 0mp@FreeBSD.org Ansible has been updated to 3.3.0. Please follow the porting guide to update the rulesets: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_3.html 20210508: AFFECTS: users of devel/pycharm-ce AUTHOR: bsam@FreeBSD.org Pycharm-ce has switched to the supported java version 11. 20210506: AFFECTS: users of mail/postfix AUTHOR: ohauer@FreeBSD.org Postfix 3.6 and higher requires minimum OpenSSL 1.1.1 FreeBSD 11 users using base OpenSSL can switch to mail/postfix35 If you wish to use postfix35 until FreeBSD 11 EoL you might run the following command: # pkg set -o mail/postfix:mail/postfix35 # pkg upgrade 20210505: AFFECTS: users of sysutils/terraform AUTHOR: 0mp@FreeBSD.org Terraform has been updated from 0.13 to 0.15, which introduces several incompatible changes. Please follow upgrading guide when updating the package. https://www.terraform.io/upgrade-guides/0-14.html https://www.terraform.io/upgrade-guides/0-15.html 20210426: AFFECTS: users of x11-fonts/iosevka AUTHOR: 0mp@FreeBSD.org The selection of options for Iosevka has become less granular as the port has switched from TTF-based distfiles to super-TTC-based distfiles. Now all the spacing variants are contained within one file for each Iosevka style. 20210425: AFFECTS: users of python AUTHOR: kai@FreeBSD.org The default version of python3 and python was switched to 3.8. For ports users wanting to keep version 3.7 as default, add DEFAULT_VERSIONS+= python=3.7 python3=3.7 to make.conf Following procedures may ease the upgrade: For users of pre-build packages: # sh # for i in $(pkg query -g %n 'py37-*'); do pkg set -yn ${i}:py38-${i#py37-}; done # pkg upgrade For portmaster users: # sh # portmaster -o lang/python38 python37 # REINSTALL="$(pkg info -o "*py37*" | awk '{printf "%s ", $2}')" # pkg delete -f "*py37*" # portmaster $REINSTALL # REBUILD=$(pkg query -g "%n:%dn" '*' | grep py3 | grep -v py38 | cut -d : -f 1 | sort -u) # portmaster $REBUILD # REBUILD2=$(pkg list | grep python-37 | xargs pkg which | awk '{print $6}' | sort -u) # portmaster $REBUILD2 20210420: AFFECTS: users of www/node AUTHOR: bhughes@FreeBSD.org The www/node port has been updated to Node.js v16.0.0, the latest upstream release. This is a major release, including many significant changes. Users are encouraged to read the release announcements before upgrading: https://nodejs.org/en/blog/release/v16.0.0/ 20210416: AFFECTS: Users of shells/bash, shells/bash-static with PORTS_READLINE=off AUTHOR: olce.freebsd@certner.fr Bundled readline now will use LOCALBASE/etc/inputrc as its ultimate default inputrc file (instead of /etc/inputrc). This puts these ports in line with what devel/readline has been doing recently (since 20210103). 20210414: AFFECTS: users of graphics/OpenEXR or graphics/ilmbase AUTHOR: mandree@FreeBSD.org graphics/ilmbase was removed in favor of math/Imath 3.0.1, and graphics/OpenEXR was updated to 3.0.1. Ports that depend on OpenEXR and/or ilmbase according to INDEX were patched, for ports where OpenEXR is an option that defaults to off, these typical items needs to be changed - file bug reports in that case, preferably with tested patches: - The IlmBase parts Imath and half are now repackaged as Imath - The IlmThread and Iex libraries are now part of OpenEXR - Some header files were rearranged accordingly, into ${LOCALBASE}/include/OpenEXR vs. ${LOCALBASE}/include/Imath - Some code needs a few #include statements added, often #include or #include - Some classes were removed, and the C++11 standard library features need to be used, f. i. std::numeric_limits. - Some code used Int64 or SInt64 should use uint64_t or int64_t. Detailed porting hints are available here: https://github.com/AcademySoftwareFoundation/Imath/blob/v3.0.1/docs/PortingGuide2-3.md 20210411: AFFECTS: users or devel/py-RPyC AUTHOR: skozlov@FreeBSD.org devel/py-RPyC has been updated to version 5.0.1, which have some incompatibilities with 4.x branch. Be sure to check them out before upgrading: https://rpyc.readthedocs.io/en/latest/changelog.html#backwards-incompatible 20210414: AFFECTS: users of x11-fonts/oldschool-pc-fonts AUTHOR: evgeniy@khramtsov.org x11-fonts/oldschool-pc-fonts has been upgraded to 2.2. This version changed names of many fonts. If you have configuration files with specific font names set, you need to update your configurations after upgrade. 20210406: AFFECTS: users of www/phpvirtualbox AUTHOR: dereks@lifeofadishwasher.com www/phpvirtualbox has been updated to version 6.1. This new version only supports version 6.1 of VirtualBox. Version 5.x of phpvirtualbox has been preserved as www/phpvirtualbox-legacy. If you require support for VirtualBox 5.x please install this version. Remember to copy your configuration file in the new legacy installation. 20210328: AFFECTS: users of www/caddy AUTHOR: adamw@FreeBSD.org The default locations for caddy runtime files have changed. - Caddy's runtime log is now /var/log/caddy/caddy.log (was /var/log/caddy.log) - Automatic SSL certs are now stored in /var/db/caddy/data/caddy (was /root/.local/share/caddy) - Configuration autosaves are now stored in /var/db/caddy/config/caddy (was /root/.config/caddy) You can change these defaults. See /usr/local/etc/rc.d/caddy for the list of settings. 20210322: AFFECTS: users of net/wireguard AUTHOR: decke@FreeBSD.org A wireguard kernel implementation supporting FreeBSD 12.1 and newer was added as net/wireguard-kmod recently. The new default for users of net/wireguard is the kernel module. If you experience problems with it you can switch back to wireguard-go by removing net/wireguard-kmod and making sure net/wireguard-go is installed. The userland tools wg-quick(8) and wg(8) try to use kernel support if the kernel module is available and otherwise fall back to wireguard-go automatically. Config files are fully compatible. 20210317: AFFECTS: users of security/strongswan AUTHOR: driesm@FreeBSD.org The stroke starter interface has been deprecated by upstream for some time now. The default interface for controlling the charon daemon has switched from stroke to vici. Users still using the legacy config files such as ipsec.conf and ipsec.secret (stroke, starter) can easily revert to the old behavior by: # sysrc strongswan_interface="stroke" It is recommended to use the vici interface which is configured by swanctl.conf. Check : https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf to ease the transition from ipsec.* to swanctl.conf 20210313: AFFECTS: users of net-mgmt/phpipam AUTHOR: marko.cupac@mimar.rs ipaddresses table in phpipam database is likely to contain incorrect datetime values which prevent successful upgrade. Make sure to create backup of phpipam database. Before starting upgrade wizard in web interface run the following SQL query on phpipam database: UPDATE ipaddresses SET lastSeen='1970-01-01 00:00:01' WHERE lastSeen < '0000-01-01 00:00:00'; 20210310: AFFECTS: users of textproc/redisearch AUTHOR: osa@FreeBSD.org The textproc/redisearch port has been updated to the recent stable release - v2.0. Users wanting to stay on v1.6 can replace textproc/redisearch with textproc/redisearch16 with one of the following commands: # pkg install textproc/redisearch16 or # portmaster -o textproc/redisearch16 textproc/redisearch or # portupgrade -o textproc/redisearch16 textproc/redisearch NOTE: The textproc/redisearch16 brings a new name for the module, i.e. redisearch16.so, so be careful. 20210309: AFFECTS: users of emulators/virtualbox-ose AUTHOR: madpilot@FreeBSD.org emulators/virtualbox-ose has been updated to 6.1.18. This new version only works on amd64 hardware. Previous version 5.x of the virtualbox ports have been preserved as emulators/virtualbox-ose-legacy and similarly named ports for the other parts. If you can't run the latest version or wish to stay with the old version, please install the legacy ports. Also the additions at present build successfully only for amd64. If you need i386 additions you can fallback to the old legacy ones. NOTE: There is no support for moving saved running machine states across major updates of virtualbox. It is recommended to properly shutdown all virtual machines before upgrading. Otherwise the saved state can simply be discarded after the upgrade, if it's not important to preserve it. It should also be possible to downgrade to the legacy ports and shutdown the machine properly from the saved state and then upgrade back again. 20210302: AFFECTS: users of editors/emacs-devel AUTHOR: jrm@FreeBSD.org If you get the error "Symbol's value as variable is void: minor-modes", rebuild the offending Emacs packages. See https://lists.gnu.org/archive/html/emacs-devel/2021-02/msg01164.html for details. 20210220: AFFECTS: users of math/py-mathics AUTHOR: thierry@FreeBSD.org math/py-mathics has been split into several ports, and Mathics Core only provides a rudimentary command-line shell called mathics. To get the same functionality as in 1.x, you need to install either mathicsscript or Mathics-Django. 20210219: AFFECTS: users of games/mangband AUTHOR: adridg@FreeBSD.org The client has updated from 1.1.3 (which has a single public server left) to the current 1.5.3 (which has more public servers). If you update, you can NOT connect to the old server any more. Remember to finish your game before updating. 20210210: AFFECTS: users of audio/spotifyd AUTHOR: rodrigo@FreeBSD.org The configuration format for audio/spotifyd is now TOML, make sure to update your configuration file after upgrading the port. Look at the sample configuration file for a working example. https://github.com/Spotifyd/spotifyd/blob/master/docs/src/config/File.md 20210208: AFFECTS: users of mail/mailscanner AUTHOR: crees@FreeBSD.org The clamavmodule has finally been removed after a long deprecation period. Please remove all references to it in your mailscanner.conf as it will now count as a syntax error and may stop MailScanner starting! 20210204: AFFECTS: users of www/unit AUTHOR: osa@FreeBSD.org The default location for NGINX Unit's state directory has changed. It was moved from /usr/local/libexec/unit to /var/db/unit in order to avoid write operations on /usr/local filesystem. 20210130: AFFECTS: users of graphics/opencv-core AUTHOR: tcberner@FreeBSD.org graphics/opencv-core has been reintegrated into graphics/opencv. So there is no longer a circular dependency opencv-core -> ffmpeg -> opencv If you experience problems updating the packages, try pkg delete -f opencv-core 20210124: AFFECTS: users of net-mgmt/netbox AUTHOR: kai@FreeBSD.org The Django templating language (DTL) is no longer supported for export templates. Please ensure that all export templates use Jinja2 before upgrading. Also the support for embedded graphs was completely removed and several changes to the REST API were made. Please check the changelogs for further details. 20210114: AFFECTS: users of net-im/matterircd AUTHOR: norrland@nullbyte.se Commandline switches Switched to viper for cmdline parsing, which does not support "short" flags. You'll need to use --flag instead of -flag. Eg ./matterircd --debug Bridge specific configuration is now only in configuration file. This means the following flags have been removed: -restrict,-mmteam,-mmserver, -mminsecure,-mmskiptlsverify. You can set those in matterircd.toml, see the example file. Config changes BlacklistUser feature for slack has been renamed to DenyUsers. JoinMpImOnTalk feature has been renamed to JoinDM and is available for slack/mattermost JoinInclude, JoinExclude now support regexp (see matterircd.toml.example) 20210113: AFFECTS: users of databases/redis[-devel] AUTHOR: osa@FreeBSD.org The databases/redis port has been updated to the recent stable release. Users wanting to stay on v5.x can replace databases/redis with databases/redis5 with one of the following commands: # pkg install databases/redis5 or # portmaster -o databases/redis5 databases/redis or # portupgrade -o databases/redis5 databases/redis 20210106: AFFECTS: mail/dovecot AUTHOR: pi@FreeBSD.org The VPOPMAIL option was removed, because it was dropped upstream, so please check your config before upgrading. 20210106: AFFECTS: sysutils/graylog AUTHOR: dch@FreeBSD.org graylog 4.0 and higher now use a new license, the SSPL. For more details, see https://www.graylog.org/post/graylog-v4-0-licensing-sspl 20210102: AFFECTS: x11/libexo, XFCE4 desktop users AUTHOR: madpilot@FreeBSD.org XFCE4 has been updated to version 4.16. Unluckily due to how the update works out it interacts badly with a defect in pkg which can cause files from the libexo package to be absent after upgrade. To avoid the issue, before upgrading all packages, please update libexo by itself: # pkg upgrade libexo # pkg upgrade If you have already upgraded and you notice XFCE issues due to missing libraries you can recover easily by forcing reinstallation of libexo: # pkg upgrade -f libexo Users upgrading via ports should not be affected. 20201228: AFFECTS: www/py-flexget AUTHOR: jbeich@FreeBSD.org py-flexget (or py37-flexget) has been renamed to flexget. "pkg upgrade" doesn't track MOVED file unlike portmaster, so provide a hint e.g., $ pkg upgrade -x flexget or install again, letting pkg remove the old version $ pkg install flexget 20201218: AFFECTS: users of www/qt5-webengine AUTHOR: kai@FreeBSD.org Users that upgrade www/qt5-webengine without using pkg/poudriere might experience failures due to conflicts with the installed version of 5.15.2. In that case, pkg delete -f the qt5-webengine package before building the updated version. 20201130: AFFECTS: users of graphics/jpeg AUTHOR: rene@FreeBSD.org The graphics/jpeg port has been removed in favor of graphics/jpeg-turbo. The former port was vulnerable and used an outdated ABI and API. Please check your make configuration for JPEG_PORT and remove it or set it to "jpeg-turbo" if it is currently set to "jpeg". 20201128: AFFECTS: users of databases/cego AUTHOR: pi@FreeBSD.org Database updates from 2.45.x to 2.46.x require a xml tableset export and import, since table structure information has been changed. 20201128: AFFECTS: users of lang/ruby26 AUTHOR: mfechner@FreeBSD.org The default ruby version has been updated from 2.6 to 2.7. If you compile your own ports you may keep 2.6 as the default version by adding the following lines to your /etc/make.conf file: # # Keep ruby 2.6 as default version # DEFAULT_VERSIONS+=ruby=2.6 If you wish to update to the new default version, you need to first stop any software that uses ruby. Then, you will need to follow these steps, depending upon how you manage your system. If you use pkg, simply upgrade: # pkg upgrade If you do not use pkg, please check entry 20190420. The description there should also work for this version. 20201112: AFFECTS: users of net-mgmt/pushgateway AUTHOR: rhurlin@FreeBSD.org The v0.10.0 release changes the storage format. v0.10 can read the storage format of v0.5--v0.9. It will then persist the new format so that a downgrade won't be possible anymore [1]. For later releases >= v1.0.0 only persistence files created by v0.10+ are usable. So please, upgrade to v0.10 first to convert existing persistence files. It is intended to replace v0.10.0 in about four weeks from now (not before 2020-12-12) by >= v1.3.0. [1] https://github.com/prometheus/pushgateway/releases/tag/v0.10.0 20201110: AFFECTS: users of net-mgmt/netbox AUTHOR: kai@FreeBSD.org Changes related to the NetBox configuration: 1. If in use, LDAP authentication must be enabled by setting REMOTE_AUTH_BACKEND to 'netbox.authentication.LDAPBackend'. (The LDAP configuration parameters in ldap_config.py remain unchanged.) 2. REMOTE_AUTH_DEFAULT_PERMISSIONS now takes a dictionary rather than a list. This is a mapping of permission names to a dictionary of constraining attributes, or None. For example, ['dcim.add_site', 'dcim.change_site'] would become {'dcim.add_site': None, 'dcim.change_site': None}. 3. Support for the DEFAULT_TIMEOUT parameter under REDIS database configuration was removed. Set RQ_DEFAULT_TIMEOUT as a global configuration parameter instead. Please also check the pkg-message and the changelogs for further info. 20201106: AFFECTS: users of www/samdruckerserver AUTHOR: dvl@FreeBSD.org If upgrading from < 0.2.4, the database schema has changed. Run these scripts to update your database: * PostgreSQL/updates-2020.08.28.sql * PostgreSQL/procedures.sql These scripts are in /usr/local/share/samdrucker/PostgreSQL 20201030: AFFECTS: users of security/openvpn AUTHOR: mandree@FreeBSD.org The security/openvpn port has been updated to v2.5.0, which brings a change to the default ciphersuite, which no longer contains BF-CBC. Some options have been removed. Also, if you need to support very old (v2.3) and unsupported clients or servers, you will need to adjust the configuration. For details, see: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-25 20201029: AFFECTS: users of www/node AUTHOR: bhughes@FreeBSD.org The www/node port has been updated to Node.js v15.0.0, the latest upstream release. A new port, www/node14, has been created for the v14.x LTS branch. Users wanting to stay on v14.x can replace www/node with www/node14 with one of the following commands: # pkg install www/node14 or # portmaster -o www/node14 www/node or # portupgrade -o www/node14 www/node 20201026: AFFECTS: users of emulators/qemu AUTHOR: bofh@FreeBSD.org emulators/qemu has been updated to 5.0.1. Previous 4.2.X branch has been repocopied to emulators/qemu42. If someone wants to stick with 4.2.X branch please use one of the following command: # pkg install emulators/qemu42 or # portmaster -o emulators/qemu42 emulators/qemu or # portupgrade -o emulators/qemu42 emulators/qemu 20201021: AFFECTS: users of www/py-unit AUTHOR: osa@FreeBSD.org The www/py-unit port has been renamed to www/unit-python. 20201012: AFFECTS: Users of mesa-dri with VAAPI or VDPAU options AUTHOR: manu@FreeBSD.org The nondefault options VAAPI and VDPAU were removed from the mesa-dri port and two new ports, mesa-gallium-va and mesa-gallium-vdpau now contain the necessary libraries for using VAAPI or VDPAU on AMD hardware. 20201012: AFFECTS: users of devel/libsoup-gnome AUTHOR: bapt@FreeBSD.org libsoup-gnome has been merged back into libsoup for people building locally: first delete libsoup-gnome before installing the new libsoup $ pkg delete -f libsoup-gnome 20201011: AFFECTS: users of sysutils/rundeck3 who use MySQL as database AUTHOR: daniel.tihanyi@tetragir.com Please note that the MySQL JDBC driver is no longer bundled with Rundeck. Please make sure that you migrate to the MariaDB Connector or copy the driver yourself. More instructions: https://docs.rundeck.com/docs/upgrading/upgrading-to-rundeck-3.3.4.html 20201006: AFFECTS: users of sysutils/tenshi AUTHOR: 0mp@FreeBSD.org The default location for tenshi's configuration file has changed. It was moved to /usr/local/etc/tenshi/tenshi.conf from /usr/local/etc/tenshi.conf in order to follow upstream defaults. 20201002: AFFECTS: users of mail/fetchmail beginning with 6.4.12_1 AUTHOR: mandree@FreeBSD.org Note that if you are using fetchmail in a multi-user setup, i. e. with the fetchmail_users (mind the -s!) variable set, the $fetchmail_home_prefix + user second-guess work has been replaced by a real lookup of the user's home directory. In the majority of configurations, this should not make a difference, in some setups, it may open up some flexibility. The fetchmail_home_prefix variable is ignored from 6.4.12_1 onwards. Also, the rc script redirects its input from /dev/null so that passwords will not be interactively queried from an rcfile. Put passwords into the [.]fetchmailrc or into a .netrc file. 20201002: AFFECTS: users of sysutils/modules AUTHOR: 0mp@FreeBSD.org The upstream developers of the Modules port encourage users to consult the MIGRATING document, which describes the major changes occurring between versions of Modules. It provides an overview of the new features and changed behaviors that will be encountered when upgrading: https://modules.readthedocs.io/en/v4.6.0/MIGRATING.html 20200930: AFFECTS: users of sysutils/syslog-ng32[789] AUTHOR: cy@FreeBSD.org rc.conf variables syslog_ng_config and syslog_ng_pid have been replaced by syslog_ng_flags and syslog_ng_pidfile respectively, making them consistent with the rest of the ports tree. syslog_ng_config and syslog_ng_pid will continue to work until syslog-ng331 has been released and imported into ports. 20200924: AFFECTS: users of net/freeradius3, who need python support AUTHOR: zi@FreeBSD.org FreeRADIUS 3.x currently uses python 2.7 for rlm_python support, which has been deprecated and will be removed from the tree at the end of this year. Starting in 3.0.21_2, the PYTHON option has been converted to use python 3.x. Users should verify their python scripts are 3.x compatible and upgrade to 3.0.21_2 (or higher) to bring in python 3.x support. 20200921: AFFECTS: users of databases/postgresql* and other software using PostgreSQL to run AUTHOR: kbowling@FreeBSD.org The default version of PostgreSQL has been switched from 11 to 12. The upgrade procedure can use up twice the space the databases currently needs. If you have a big amount of stored data take a closer look at the manpage of pg_upgrade for avoidance and/or speedup of the upgrade. The upgrade instructions consider a basic usage and do not match complex scenarios like replication, sharding, or similar. Upgrade instructions: First stop your PostgreSQL, create PostgreSQL-binaries and backup your data. If you have another Version of PostgreSQL installed, for example 11.9, your files are named according to this. # service postgresql stop # pkg create postgresql11-server postgresql11-contrib # mkdir /tmp/pg-upgrade # tar xf postgresql11-server-11.9.txz -C /tmp/pg-upgrade # tar xf postgresql11-contrib-11.9.txz -C /tmp/pg-upgrade # pkg delete -f databases/postgresql11-server databases/postgresql11-contrib databases/postgresql11-client Now update PostgreSQL: pkg user: # pkg install databases/postgresql12-server databases/postgresql12-contrib # pkg upgrade Portmaster users: # portmaster databases/postgresql12-server databases/postgresql12-contrib # portmaster -a Portupgrade users: # portinstall databases/postgresql12-server databases/postgresql12-contrib # portupgrade -a After installing the new PostgreSQL version you need to convert all your databases to new version: # su -l postgres -c "/usr/local/bin/initdb --encoding=utf-8 --lc-collate=C -D /var/db/postgres/data12 -U postgres" # su -l postgres -c "pg_upgrade -b /tmp/pg-upgrade/usr/local/bin/ -d /var/db/postgres/data11/ -B /usr/local/bin/ -D /var/db/postgres/data12/ -U postgres " Now the migration is finished. You can start PostgreSQL again with: # service postgresql start ATTENTION: 1) The default user changed from "pgsql" to "postgres" in 11. The migration steps above now assume the "postgres" database user and FreeBSD user. 2) See the updating entry 20190829 if you are updating from a release prior to 11. 3) If you use non-default initdb options, you have to adjust the initdb-command accordingly 20200918: AFFECTS: users of mail/thunderbird AUTHOR: cmt@FreeBSD.org Thunderbird has been updated to the 78esr series. Thunderbird will try to convert old profiles on first start, but conversion may fail especially on old profiles. Also, older versions of Thunderbird will not be able to use a profile once it has been converted. It is strongly recommended to move any ~/.thunderbird folder away before starting Thunderbird 78 for the first time, thus creating a new and empty profile. Also note that OpenPGP functionality has been integrated into Thunderbird, obsoleting the Enigmail extension. Check https://wiki.mozilla.org/Thunderbird:OpenPGP for details, and especially https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards if your private key lives on a smartcard. 20200914: AFFECTS: users of lang/php72 AUTHOR: tz@FreeBSD.org The default version of PHP has been switched from 7.2 to 7.4. If you use binary packages you should make a list of php packages before running 'pkg upgrade': # pkg info php7\* > ~/installed-php-ports-list After the upgrade, check with such list if all your php extensions are still installed, and reinstall them if needed. If you use mod_php72 you need to deinstall it and install mod_php74. 20200811: AFFECTS: users of *-emacs26-* packages AUTHOR: jrm@FreeBSD.org With the release of Emacs version 27.1, the major version of editors/emacs has changed from 26 to 27. This means the names of some dependent packages have also changed, so simply running `pkg upgrade` will not upgrade foo-emacs26-x to foo-emacs27-x. To update these packages, run these commands with superuser privileges. Binary package users: # sh # for i in $(pkg query -g %n '*-emacs26*'); do \ nn=$(echo "$i" | sed -e 's/emacs26/emacs27/'); \ pkg set -yn "$i":"$nn"; \ done; # pkg upgrade portmaster users: # portmaster -r emacs 20200803: AFFECTS: users of lang/perl5* AUTHOR: mat@FreeBSD.org The default Perl version has been switched to Perl 5.32. If you are using binary packages to upgrade your system, you do not have anything to do, pkg upgrade will do the right thing. For the other people, follow the instructions in entry 20181213, it should still be the same. 20200726: AFFECTS: users of net-mgmt/librenms AUTHOR: dvl@FreeBSD.org The %%WWWDIR%%%/logs directory has been relocated to /var/log/librenms/ via the APP_LOG directive in %%WWWDIR%%%/.env.example - this won't affect existing installs, but you are strongly encouraged to update your .env file settings and relocate your logs. Logs which were going to /var/log/messages and /var/log/librenms/ now only go to /var/log/librenms/ 20200720: AFFECTS: users of net-mgmt/librenms AUTHOR: dvl@FreeBSD.org As mentioned previously in 20200503 polling via cronjob has been removed as of release 1.63 - see https://community.librenms.org/t/dropping-support-for-php-7-1-and-python-2/11851 A database upgrade is required: cd /usr/local/www/librenms sudo ./lnms migrate You must migrate to the Dispatch Service: https://docs.librenms.org/Extensions/Dispatcher-Service/ You may need to add LIBRENMS_USER to .env (see .env.example). These steps should get you running: * comment out the crontab entries listed above under PYPOLLER * populate %%WWWDIR%%/.env with: * APP_KEY - see farther below for how to create * NODE_ID - see just below for how to create * DB_HOST * DB_DATABASE * DB_USERNAME * DB_PASSWORD * you can create a NODE_ID with: php -r 'echo uniqid() . "\n";' * sysrc librenms_enable="YES" * service librenms start 20200719: AFFECTS: users of emulators/qemu AUTHOR: bofh@FreeBSD.org emulators/qemu has been updated to 4.2.1. Previous 4.1.X branch has been repocopied to emulators/qemu41. If someone wants to stick with 4.1.X branch please use one of the following command: # pkg install emulators/qemu41 or # portmaster -o emulators/qemu41 emulators/qemu or # portupgrade -o emulators/qemu41 emulators/qemu 20200716: AFFECTS: users of shells/bash, shells/bash-static AUTHOR: ehaupt@FreeBSD.org In order to cleanly decouple bash from base, bash now reads `profile` from LOCALBASE/etc insead of from /etc. If you are using system wide bash configuration in /etc/profile please migrate to LOCALBASE/etc/profile # cp /etc/profile /usr/local/etc/profile or create a symlink # ln -s /etc/profile /usr/local/etc/ If you encounter the following error, you may have the obsolete /lib/libreadline.so.8 lying around after an incomplete base update: ld-elf.so.1: Undefined symbol "rl_signal_event_hook" referenced from COPY relocation in /usr/local/bin/bash Please refer to to (23.5.6.2) in the FreeBSD Handbook on how to safely check for outdated files and libraries: https://www.freebsd.org/doc/en/books/handbook/makeworld.html 20200713: AFFECTS: users of mail/php7[2-4]-imap AUTHOR: tz@FreeBSD.org The imap module of PHP was compiled against cclient till now. But this lib is unmaintained for over 7 years. When combined with modern OpenSSL there are various crashes reported. Switching to the fork panda-cclient fixes these issues. Therefore we make the usage of Panda cclient the new default. If you want to use the old cclient, you need to enable it now! 20200616: AFFECTS: users of www/baikal AUTHOR: gahr@FreeBSD.org The www/baikal has been updated to 0.7.1. With the 0.7.0 release, our configuration format was updated to use YAML files. You need to go through the installer again but we pre-fill most values with the ones from your old installation. We recommend that you make a full backup of your data, as a safety measure. Starting with 0.7.0, Baikal stores data in both the Specific and the config folders. Keep this in mind when upgrading! Known issue:: Upgrading from versions older than 0.6.1 does not work. 20200613: AFFECTS: users of editors/libreoffice AUTHOR: fluffy@FreeBSD.org LibreOffice was updated to 6.4 branch with some critical changes: - GTK2 option is obsolete by upstream - GTK3 option is not more set by default because of unstable yet and have visual glitches - QT5 option is set by default to provide comfy visual style for every user - KDE option was renamed to KF5 follows upstream Please re-run "make config" to pick up the new defaults 20200610: AFFECTS: users of www/node AUTHOR: bhughes@FreeBSD.org The www/node port has been updated to Node.js v14.0.0, the latest upstream release. This is a major release, including many significant changes. Users are encouraged to read the release announcements before upgrading: https://nodejs.org/en/blog/release/v14.0.0/ 20200602: AFFECTS: users of www/radicale AUTHOR: decke@FreeBSD.org Migration from radicale 1.x to 2.x requires that you export the storage with radicale 1.1.6 before updating. Migration instructions are available at: https://web.archive.org/web/20190314225402/https://radicale.org/1to2/ 20200602: AFFECTS: users of sysutils/py-salt AUTHOR: krion@FreeBSD.org This port is moved to sysutils/py-salt-2019 and sysutils/py-salt was updated to version 3000. If you wish to use pysalt-2019 in the future, you might run the following command: # pkg set -o sysutils/py-salt:sysutils/py-salt-2019 # pkg upgrade 20200531: AFFECTS: users of mail/postfix-policyd-spf-python AUTHOR: yasu@utahime.org This port is now deprecated because upstream project is superseded by its successor. So uninstall this port and install mail/py-spf-engine instead. Keep in mind that the path of configuration file is changed from ${PREFIX}/etc/postfix-policyd-spf-python/policyd-spf.conf to ${PREFIX}/etc/python-policyd-spf/policyd-spf.conf. So you need to move it to new location unless you use the default one without changing. 20200526: AFFECTS: users of databases/mariadb104-client, databases/mariadb104-server AUTHOR: brnrd@FreeBSD.org The ports now add sample configuration files to /usr/local/etc/mysql. You must merge your client configuration with the conf.d/client.cnf and your server configuration with conf.d/server.cnf. 20200518: AFFECTS: users of converters/libiconv AUTHOR: zeising@FreeBSD.org Support for the Japanese specific patches have been discontinued. These were previously added in a nondefault ports options, for people who needed them. If you still need them, it might be possible to create a port of libiconv 1.14 which includes those patches. 20200517: AFFECTS: users of x11/sddm AUTHOR: arrowd@FreeBSD.org The home directory of sddm user has been moved to /var/lib/sddm. It is advised to run following commands as root after updating the package: # pw usermod -n sddm -d /var/lib/sddm # pwd_mkdb /etc/master.passwd # mv /usr/local/etc/sddm/home/state.conf /var/lib/sddm/state.conf # rm -rf /usr/local/etc/sddm/home Otherwise, SDDM will keep using /usr/local/etc/sddm/home/ as its HOME. 20200515: AFFECTS: users of devel/libphutil, devel/arcanist-lib, devel/phabricator AUTHOR: grembo@FreeBSD.org Upstream fully deprecated devel/libphutil and merged its functionality into devel/arcanist-lib and devel/phabricator. As a result, the devel/libphutil port will be removed from the ports tree. After upgrading devel/(arcanist-lib|phabricator) to version 20200514, it is recommended to remove the orphaned libphutil package by running: # pkg delete php\*-libphutil Alternatively, 'pkg autoremove' will also work as expected, but might remove orphaned packages unrelated to this update. 20200505: AFFECTS: users of net-im/pidgin-rocketchat AUTHOR: tobias.rehbein@web.de This port has been turned into a libpurple plugin (net-im/purple-rocketchat) to support other libpurple clients than pidgin. This also changes some dependencies and you should run the following command to prevent pidgin from being autoremoved. # mark pidgin as being not automatically installed pkg set -A 0 pidgin 20200504: AFFECTS: users of x11-wm/hs-xmonad AUTHOR: arrowd@FreeBSD.org From now, it is recommended to use "build script" method to compile XMonad config. See https://github.com/xmonad/xmonad-testing/ for general info and port's pkg-message for concrete steps. 20200503: AFFECTS: users of net-mgmt/librenms AUTHOR: dvl@FreeBSD.org Polling via cronjob is deprecated as of release 1.63 Please see https://community.librenms.org/t/dropping-support-for-php-7-1-and-python-2/11851 Please migrate to the Dispatch Service: https://docs.librenms.org/Extensions/Dispatcher-Service/ These steps should get you running: * comment out the crontab entries listed above under PYPOLLER * populate %%WWWDIR%%/.env with: * APP_KEY - see farther below for how to create * NODE_ID - see just below for how to create * DB_HOST * DB_DATABASE * DB_USERNAME * DB_PASSWORD * you can create a NODE_ID with: php -r 'echo uniqid() . "\n";' * sysrc librenms_enable="YES" * service librenms start 20200501: AFFECTS: users of www/phpmyfaq AUTHOR: flo@FreeBSD.org phpMyFAQ has been updated to 3.0.2, old templates are not compatible with this new version. Please see: https://www.phpmyfaq.de/docs/3.0#3.4 20200428: AFFECTS: users of sysutils/ansible AUTHOR: bofh@FreeBSD.org Ansible has been updated to 2.9.7. Please follow the porting guide to update the rulesets: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.9.html If you wish to stay with 2.8 version, you can switch to new sysutils/ansible28 port, which tracks stable 2.8 branch: # pkg set -n ansible:ansible28 20200428: AFFECTS: x11-servers/xwayland-devel AUTHOR: jbeich@FreeBSD.org DRI3 is enabled by default since mesa-libs-18.3.2_4, so you no longer need to define LIBGL_DRI3_ENABLE in ~/.profile or ~/.login. See 20200308 entry for more details. 20200422: AFFECTS: users of devel/kyua AUTHOR: brooks@FreeBSD.org A tests group has been added and the tests user should be a member of it by default rather than nobody. You should update your password database to match (change the group from 65534 to 977 after updating). Please use the following command to do so: pw usermod -n tests -g tests 20200408: AFFECTS: users of security/openssh-portable AUTHOR: bdrewery@FreeBSD.org OpenSSH was upgraded to 8.2p1 on 2020-03-23. A restart of sshd is required after upgrade due to an incompatibility introduced in 8.2. Please see https://www.openssh.com/txt/release-8.2 for upcoming deprecation notices. 20200408 AFFECTS: users of net/irrd AUTHOR: bofh@FreeBSD.org Legacy version of net/irrd has been moved to net/irrd-legacy. net/irrd has been upgraded to 4.X branch. If someone wants to stick with legacy version then pkg users have to do something like # pkg set -o net/irrd:net/irrd-legacy For portmaster users # portmaster -o net/irrd-legacy net/irrd Both of the version can be installed and used concurrently in case there is a need for migration 20200403: AFFECTS: users of x11-fonts/fontconfig AUTHOR: desktop@FreeBSD.org Fontconfig 2.13.1 generated .uuid files in the fonts directory which where not properly registered to the packages. To clean them up, please execute the following command: find /usr/local/share/fonts -type f -name .uuid -delete 20200326: AFFECTS: users of devel/sonarqube and devel/sonar-ant-task AUTHOR: netchild@FreeBSD.org The outdated port devel/sonarqube has moved to devel/sonarqube-community to make it clear that it is the community edition. The log and DB files are still stored in the same location. The devel/sonar-ant-task port has moved to devel/sonarqube-ant-task to match the upstream-name. The install location is renamed accordingly. At the same time the user/group of the sonarqube port changed from www:www to sonarqube:sonarqube. It is expected that nobody was using the 6.2 version from 2016 anymore and no change needs to be done. No analysis was done to check if the old 6.2 version can be updated in-place to the 8.2 version. As such if there is still someone using the old 6.2 version, you may have to delete /var/log/sonarqube and /var/db/sonarqube before installing the new version. 20200320 AFFECTS: users of devel/qca AUTHOR: kde@FreeBSD.org New versions of devel/qca stopped supporting OpenSSL < 1.1. For this reason devel/qca-legacy has been added, which is held back at an older version until FreeBSD 11 goes EOL. Ports depending on devel/qca should stop adding direct LIB_DEPENDS and switch to depending on it via USES=qca. FreeBSD 11 users might want to run something like pkg set -o devel/qca:devel/qca-legacy 20200320: AFFECTS: users of x11/libxkbcommon AUTHOR: zeising@FreeBSD.org The libxkbcommon library (x11/libxkbcommon), used to handle keyboards in some applications, most notably kde and wayland, have been switched to use evdev rules by default on FreeBSD 12 and later. Some keys, most notably arrow keys, may not work in applications using libxkbcommon if you are using xf86-input-keyboard rather than xf86-input-libinput. If you have trouble with the keyboard keys, and if /var/log/Xorg.*.log shows that the "kbd" or "keyboard" driver is being used, you need to switch to legacy rules by setting the environment variable XKB_DEFAULT_RULES to xorg. This switch is made to match the default configuration on FreeBSD 12.1 and later, the default configuration on FreeBSD 11.3 still uses the legacy rules. 20200316: AFFECTS: users of net-im/slack-term AUTHOR: dmgk@FreeBSD.org The config file location was changed from ~/.slack-term to ~/.config/slack-term/config, please move your existing config file accordingly. 20200308 AFFECTS: users of graphics/mesa-libs and legacy graphics drivers AUTHOR: zeising@FreeBSD.org The mesa OpenGL library (graphics/mesa-libs) has been switched to use DRI3 by default, instead of the older DRI2 interface. This might cause regressions when using the legacy graphics drivers, either through graphics/drm-legacy-kmod or the graphics drivers in base. If you experience issues when running OpenGL applications it is possible to force the use of DRI2 by setting the LIBGL_DRI3_DISABLE environment variable to 1 before starting any OpenGL application. The easiest way to do this is by adding it to either your shell startup files or .xinitrc. 20200306 AFFECTS: users of databases/mysql80-server AUTHOR: joneum@FreeBSD.org As of MySQL 8.0.16, the MySQL server performs the upgrade tasks previously handled by mysql_upgrade. Consequently, mysql_upgrade is unneeded and is deprecated as of that version, and will be removed in a future MySQL version. Because mysql_upgrade no longer performs upgrade tasks, it exits with status 0 unconditionally. 20200303: AFFECTS: users of net-mgmt/librenms AUTHOR: dvl@FreeBSD.org 1. Apache / mod_php options removed The APACHEMOD option has been removed. LibreNMS can be used with other webservers, not just Apache. In order to simplify the port, the option was removed. Now you manually install the webserver of your preference. If upgrading from LibreNMS < 1.61, you can do this to prevent 'pkg autoremove' from uninstalling Apache / mod_php: $ sudo pkg set -A 0 apache24 mod_php74 Mark apache24-2.4.41 as not automatically installed? [y/N]: y Mark mod_php74-7.4.3 as not automatically installed? [y/N]: y Adjust mod_php74 to suit the version of mod_php you have. 2. include/defaults.inc.php is gone The file include/defaults.inc.php is no longer distributed by the upstream project. The FreeBSD port patched this file to correct the paths to common tools such as ping, snmpwalk, etc. These values previously adjusted by the port must now be specified in config.php. New installs will have this automatically, but existing installs must be updated manually. These are the entries you should add if upgrading from LibreNMS < 1.61: $config['snmpwalk'] = '/usr/local/bin/snmpwalk'; $config['snmpget'] = '/usr/local/bin/snmpget'; $config['snmpbulkwalk'] = '/usr/local/bin/snmpbulkwalk'; $config['snmptranslate'] = '/usr/local/bin/snmptranslate'; $config['ping'] = '/sbin/ping'; $config['mtr'] = '/usr/local/bin/mtr'; $config['nmap'] = '/usr/local/bin/nmap'; $config['nagios_plugins'] = '/usr/local/libexec/nagios'; $config['ipmitool'] = '/usr/local/bin/ipmitool'; $config['virsh'] = '/usr/local/bin/virsh'; $config['dot'] = '/usr/local/bin/dot'; $config['sfdp'] = '/usr/local/bin/sfdp'; $config['nfdump'] = '/usr/local/bin/nfdump'; 20200229: AFFECTS: users of textproc/apache-solr AUTHOR: mfechner@FreeBSD.org Apache-solr switched to the supported java LTS version 11. Make sure you update the following files accordingly: /usr/local/etc/solr.in.sh (see /usr/local/etc/solr.in.sh.sample) /usr/local/etc/javavm_opts.conf (JAVA_HOME=/usr/local/openjdk11/) 20200225: AFFECTS: users of net-mgmt/netbox AUTHOR: kai@FreeBSD.org 1. Removal of the Topology Maps feature The deprecated topology maps feature has been removed. Please replicate any required data to another source before upgrading NetBox to v2.7.7, as any existing topology maps will be deleted. 2. Changed REDIS database configuration settings The REDIS database configuration parameters were splitted up in two discrete subsections named "webhooks" and "caching" with the 2.7 release. This requires modification of the REDIS parameter in configuration.py as follows: Old Redis sample configuration: REDIS = { 'HOST': 'localhost', 'PORT': 6379, 'PASSWORD': '', 'DATABASE': 0, 'CACHE_DATABASE': 1, 'DEFAULT_TIMEOUT': 300, 'SSL': False, } New Redis sample configuration: REDIS = { 'webhooks': { 'HOST': 'redis.example.com', 'PORT': 1234, 'PASSWORD': 'foobar', 'DATABASE': 0, 'DEFAULT_TIMEOUT': 300, 'SSL': False, }, 'caching': { 'HOST': 'localhost', 'PORT': 6379, 'PASSWORD': '', 'DATABASE': 1, 'DEFAULT_TIMEOUT': 300, 'SSL': False, } } Note that the CACHE_DATABASE parameter has been removed and the connection settings have been duplicated for both webhooks and caching. This allows one to make use of separate Redis instances if desired. It is fine to use the same Redis service for both functions, although the database identifiers should be different. Please also check the pkg-message and the changelogs for further info. 20200223: AFFECTS: users of security/gsasl AUTHOR: hrs@FreeBSD.org The library part of security/gsasl has been split into security/libgsasl. The security/gsasl now depends on security/libgsasl. Due to this change, old security/gsasl conflicts with the new security/libgsasl and it can prevent the installed security/gsasl from upgrading. Please remove the installed security/gsasl before upgrading if a conflict error occurs. 20200220: AFFECTS: users of x11-servers/xorg-server AUTHOR: zeising@FreeBSD.org x11-servers/xorg-server has been updated to 1.20.7. With this update, xorg-server has switched from using the devd backend to the udev backend for device configuration on FreeBSD 12 and 13. If you have issues with input devices, please see the install message for details. The HAL backend option has been completely removed, as it was deprecated. If you have problems with input devices, ensure that both x11/libinput and x11-drivers/xf86-input-libinput are installed. They are installed in the default configuration, but if you have a custom configuration, they might not be. 20200210: AFFECTS: users of net-im/prosody AUTHOR: thomas@beingboiled.info Prosody's pid file and data directory have moved to a new location. If you are upgrading from a version with the pid file and data directory in /usr/local/var/lib/prosody please perform these steps: # stop Prosody pkill -F /usr/local/var/lib/prosody/prosody.pid # copy the data directory cp -a /usr/local/var/lib/prosody /var/db/ rm -f /var/db/prosody/prosody.pid Make sure your prosody config has the following option set: pidfile = "/var/run/prosody/prosody.pid" Then start Prosody again. Everything should be working as before and the /usr/local/var/lib/prosody directory can now be removed. 20200207: AFFECTS: users of security/nss AUTHOR: lwhsu@FreeBSD.org NSS header files and libraries have been moved from ${PREFIX}/include/nss/nss and ${PREFIX}/lib/nss to ${PREFIX}/include/nss and ${PREFIX}/lib 20200204: AFFECTS: users of editors/vim AUTHOR: adamw@FreeBSD.org The PYTHON2 and PYTHON3 options have been turned into a single PYTHON option that uses whichever python you've set as default. However, this means that you cannot have both python2 and python3 support at the same time. 20200126: AFFECTS: users of multimedia/gstreamer1-plugins[-bad] AUTHOR: kwm@freebsd.org In GStreamer 1.16 some files moved from the gstreamer1-plugins-bad package to the gstreamer1-plugins package. If your using a tool like portmaster or portupgrade delete the old -bad port and then follow the normal upgrade method. # pkg delete -f gstreamer1-plugins-bad 20200126: AFFECTS: users of sysutils/helm AUTHOR: danilo@FreeBSD.org The Helm project have deprecated the Tiller utility in Helm 3. If you are using Helm 2 you will need to migrate the configuration to be compatible with Helm 3. Please, refer to the following documentation for more information about the migration process: https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ Note that the 2to3 plugin binary is not available for FreeBSD and you will need to compile it yourself. 20200113: AFFECTS: users of python and net/samba410, devel/talloc, devel/tevent, databases/tdb, databases/ldb* AUTHOR: timur@FreeBSD.org In the entry 20191216 for the Python update the filtering constrains are too limiting and omit the Samba supplimentary libraries, which do have Python bindings to the default Python 3.x version. With the update of the default Python3 version you also need to rebuild all the supplementary Samba libraries and samba410 itself. For portmaster users it would be enough to run: # portmaster devel/talloc devel/tevent databases/tdb databases/ldb15 net/samba410 20200109: AFFECTS: www/firefox AUTHOR: gecko@FreeBSD.org Firefox requires Capsicum since r522464 for IPC and in future will require Capsicum for process sandboxing. If you use a custom kernel make sure to copy the following lines from GENERIC kernel: options CAPABILITY_MODE # Capsicum capability mode options CAPABILITIES # Capsicum capabilities 20200107: AFFECTS: Users of *-emacs27-* packages AUTHOR: ashish@FreeBSD.org There is a major version bump in 28.0.50, therefore to upgrade all the packages dependent on editors/emacs-devel, please use the following commands: # sh # for i in $(pkg query -g %n '*-emacs27*'); do \ nn=$(echo "$i" | sed -e 's/emacs27/emacs28/'); \ pkg set -yn "$i":"$nn"; done; # pkg upgrade 20200106: AFFECTS: users of net/gnatsd AUTHOR: olgeni@FreeBSD.org net/gnatsd has been replaced by net/nats-server to reflect the new naming upstream. All options in rc.conf should be renamed by replacing 'gnats' with 'nats' (nats_enable, nats_user, nats_options). 20200101: AFFECTS: users of security/openssl and security/openssl111 AUTHOR: brnrd@FreeBSD.org The openssl port was removed on 2019-12-31, subsequently the openssl111 port was renamed to openssl on 2020-01-01. The shared library version of OpenSSL has been bumped. Users of DEFAULT_VERSIONS= ssl=openssl111 must update this to ssl=openssl. You must rebuild all ports that depend on OpenSSL if you use OpenSSL from ports. 20191226: AFFECTS: users of sysutils/dsbmd AUTHOR: mk@freeshell.de With version 1.10 dsbmd now uses sysutils/fusefs-jmtpfs for mounting MTP devices. Please adjust your dsbmd.conf or recreate it from the new dsbmd.conf.sample. 20191225: AFFECTS: multimedia/libva-intel-media-driver AUTHOR: jbeich@FreeBSD.org As of libva 2.6.0 iHD driver is automatically enabled, so you no longer need to adjust LIBVA_DRIVER_NAME in ~/.profile or ~/.login. 20191221: AFFECTS: users of misc/openhab2 AUTHOR: netchild@FreeBSD.org If you upgrade from a pevious version, make a backup of /var/db/openhab2 read about the breaking changes in the release notes at https://github.com/openhab/openhab-distro/releases/tag/2.5.0 and run %%PREFIX%%/libexec/openhab2/runtime/bin/update.freebsd which takes care about changes for: - Textual Configuration - Next Generation Rule Engine 20191216: AFFECTS: users of python AUTHOR: antoine@FreeBSD.org Default version of python3 and python was switched to 3.7. For ports users wanting to keep version 3.6 as default, add DEFAULT_VERSIONS+= python=3.6 python3=3.6 to make.conf This may ease the upgrade for users of pre-build packages: # sh # for i in $(pkg query -g %n 'py36-*'); do pkg set -yn ${i}:py37-${i#py36-}; done # pkg upgrade For portmaster users: # sh # portmaster -o lang/python37 python36 # REINSTALL="$(pkg info -o py36-\* | awk '{printf "%s ", $2}')" # pkg delete -f py36-\* # portmaster $REINSTALL # REBUILD=$(pkg query -g "%n:%dn" '*' | grep py3 | grep -v py37 | cut -d : -f 1 | sort -u) # portmaster $REBUILD # REBUILD2=$(pkg list | grep python-36 | xargs pkg which | awk '{print $6}' | sort -u) # portmaster $REBUILD2 20191204 AFFECTS: users of mail/nextcloud-mail AUTHOR: brnrd@FreeBSD.org Version 0.20.0 removed the default mail configuration via config.php. All users will be prompted to enter account and SMTP- and IMAP-server details for sending and reading email. 20191126: AFFECTS: consumers of net/py-urllib3 AUTHOR: kai@FreeBSD.org Since version 1.25 HTTPS connections are now verified by default which is done via "cert_reqs = 'CERT_REQUIRED'". While certificate verification can be disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on. Various consumers of net/py-urllib3 already have implemented routines that either explicitly enable or disable HTTPS certificate verification (e.g. via configuration settings, CLI arguments, etc.). Yet it may happen that there are still some consumers which don't explicitly enable/disable certificate verification for HTTPS connections which could then lead to errors (as is often the case with self-signed certificates). In case of an error one should try first to temporarily disable certificate verification of the problematic urllib3 consumer to see if this approach will remedy the issue. 20191125: AFFECTS: users of emulators/qemu AUTHOR: bofh@FreeBSD.org emulators/qemu31 has been updated to 4.1.1. Previous 3.1.X branch has been repocopied to emulators/qemu31. If someone wants to stick with 3.1.X branch please use one of the following command: # pkg install emulators/qemu31 or # portmaster -o emulators/qemu31 emulators/qemu or # portupgrade -o emulators/qemu31 emulators/qemu 20191124: AFFECTS: users of irc/eggdrop AUTHOR: dbaio@FreeBSD.org The irc/eggdrop port has been updated to 1.8.4 and its config is not backward compatible with 1.6.21. A new port was created to keep 1.6.21 version available at irc/eggdrop16 and it will be available for 3 months until users have time to upgrade their configuration. More information at: https://raw.githubusercontent.com/eggheads/eggdrop/v1.8.4/NEWS If you would like to keep using 1.6.21, please run the following command to update pkg database: pkg set -n eggdrop:eggdrop16 pkg set -o irc/eggdrop:irc/eggdrop16 20191108: AFFECTS: users of databases/redis[-devel] AUTHOR: osa@FreeBSD.org The databases/redis port has been updated to the recent stable release. Users wanting to stay on v4.x can replace databases/redis with databases/redis4 with one of the following commands: # pkg install databases/redis4 or # portmaster -o databases/redis4 databases/redis or # portupgrade -o databases/redis4 databases/redis 20191103: AFFECTS: users of www/node AUTHOR: bhughes@FreeBSD.org The www/node port has been updated to Node.js v13.0.0, the latest upstream release. A new port, www/node12, has been created for the v12.x LTS branch. Users wanting to stay on v12.x can replace www/node with www/node12 with one of the following commands: # pkg install www/node12 or # portmaster -o www/node12 www/node or # portupgrade -o www/node12 www/node 20191029: AFFECTS: users of emulators/open-vm-tools[-nox11] AUTHOR: jpaetzel@FreeBSD.org open-vm-tools 11.0.1 has removed the vmxnet driver. This driver has been in tree for quite some time and hopefully everyone is using the in tree version, however if you had removed device vmx from your kernel, or are running an unsupported version of FreeBSD which didn't have the driver included in the base system, updating your open-vm-tools version will leave you without networking. 20191026: AFFECTS: users of www/qt5-webengine AUTHOR: kai@FreeBSD.org Users that upgrade www/qt5-webengine without using pkg/poudriere might experience failures due to conflicts with the installed version of 5.12.2. In that case, pkg delete -f the qt5-webengine package before building the updated version. 20191025: AFFECTS: users of x11/nvidia-driver (and slave ports) AUTHOR: danfe@FreeBSD.org x11/nvidia-driver* ports no longer install Linux programs and libraries, which had been moved to their own ports (x11/linux-nvidia-libs*). When updating the driver package next time, remember to install them manually if you need to run Linux OpenGL programs. 20191016: AFFECTS: users of KDE Plasma Desktop (x11/plasma5*) AUTHOR: kde@FreeBSD.org With Plasma 5.17 the startup script has been renamed. People who use the .xinitrc method to start Plasma have to call the new binary. Previously: exec ck-launch-session startkde Change to: exec ck-launch-session startplasma-x11 20191014: AFFECTS: users of mail/rspamd, mail/rspamd-devel AUTHOR: vsevolod@FreeBSD.org Sample configuration files has been removed as default configuration files are NOT intended for modification by users and SHOULD be overwritten on port upgrade. Make sure the default configuration files are unmodified and migrate all configuration changes to the proper places, before you continue. 20191002: AFFECTS: users of textproc/groff AUTHOR: bapt@FreeBSD.org with groff 1.2.4_3, groff does not depend anymore on ghostscript and netpbm. In order to be able to properly use the html backend the user can install ghostscript and netpbm from ports without the need of reinstalling the package. Also note that the X11 option has been removed. 20190930: AFFECTS: users of net-mgmt/netbox AUTHOR: kai@FreeBSD.org Since the 2.6 release a running Redis server instance is required for caching objects to run. Also the following settings like below need to be added (or modified) in the existing configuration.py: REDIS = { 'HOST': 'localhost', 'PORT': 6397, 'PASSWORD': '' 'DATABASE': 0, 'CACHE_DATABASE': 1, 'DEFAULT_TIMEOUT': 300, 'SSL': False, } Note that if you were using these settings in a prior release with webhooks, the DATABASE setting remains the same but an additional CACHE_DATABASE settings has been added with a default value of 1 to support the caching backend. The DATABASE setting will be renamed in a future release of NetBox to better relay the meaning of the setting. It is highly recommended to keep the webhook and cache databases separate. Using the same database number for both may result in webhook processing data being lost during cache flushing events. Please also check the pkg-message and the changelogs for further info. 20190927: AFFECTS: users of emulators/qemu-devel AUTHOR: bofh@FreeBSD.org qemu-devel has been updated to 4.1.0 and 4.0.0 has been merged into a new port emulators/qemu40. If you want to stick with 4.0.X branch, simply use: # portmaster -o emulators/qemu-devel emulators/qemu40 20190927: AFFECTS: users of XFCE desktop (x11-wm/xfce4) AUTHOR: madpilot@FreeBSD.org Due to changes in the XFCE 4.14 metaport, systems could end up with both xscreensaver and xfce4-screensaver installed and enabled simultaneously. This can cause conflicts and problems unlocking the screen. To avoid problems, please make sure to have only one enabled by going to the Application Autostart tab of the Session and Startup settings applet and enable only one Screensaver there. Some further information can be found in the xfce4-session pkg-message displayed on installation and upgrade. 20190920: AFFECTS: users of net-mgmt/pushgateway AUTHOR: 0mp@FreeBSD.org The persistent storage format used by pushgateway in the latest version is not backwards compatible. See the pushgateway changelogs for details. 20190911: AFFECTS: users of security/bastillion AUTHOR: netchild@FreeBSD.org The datastore of bastillion needs to be updated: java -jar $PREFIX/jetty_bastillion/upgrade/bastillion-upgrade-3.08.00.jar \ $PREFIX/jetty_bastillion/bastillion/WEB-INF/classes/BastillionConfig.properties 20190909: AFFECTS: users of lang/ruby25 AUTHOR: mfechner@FreeBSD.org The default ruby version has been updated from 2.5 to 2.6. If you compile your own ports you may keep 2.5 as the default version by adding the following lines to your /etc/make.conf file: # # Keep ruby 2.5 as default version # DEFAULT_VERSIONS+=ruby=2.5 If you wish to update to the new default version, you need to first stop any software that uses ruby. Then, you will need to follow these steps, depending upon how you manage your system. If you use pkgng, simply upgrade: # pkg upgrade If you do not use pkg, please check entry 20190420. The description there should also work for this version. 20190906: AFFECTS: users of devel/py-fabric AUTHOR: dbaio@FreeBSD.org Fabric (devel/py-fabric) was upgraded to 2.5.0, Fabric (2+) represents a near-total reimplementation and reorganization of the software. Fabric 2 is not at 100% feature parity with 1.x! Some features have been explicitly dropped, but others simply have not been ported over yet, either due to time constraints or because said features need to be re-examined in a modern context. More information at: https://www.fabfile.org/upgrading.html#upgrading https://www.fabfile.org/upgrading.html#upgrade-specifics If you would like to keep using 1.x, please run the following command to update pkg database: pkg set -n py27-fabric:py27-fabric1 pkg set -o devel/py-fabric:devel/py-fabric1 20190830: AFFECTS: users of www/gitlab-ce AUTHOR: mfechner@FreeBSD.org Make sure you upgrade your PostgreSQL to version 11 as described in 20190829, before you upgrade your gitlab-ce version. Gitlab-ce 12.1 needs at least PostgreSQL version 9.6. After this you can follow the usual upgrade guide: https://gitlab.fechner.net/mfechner/Gitlab-docu/blob/master/update/12.0-12.1-freebsd.md 20190829: AFFECTS: users of databases/postgresql* and other software using PostgreSQL to run AUTHOR: tz@FreeBSD.org The default version of PostgreSQL has been switched from 9.5 to 11. The upgrade procedure can use up twice the space the databases currently needs. If you have a big amount of stored data take a closer look at the manpage of pg_upgrade for avoidance and/or speedup of the upgrade. The upgrade instructions consider a basic usage and do not match complex scenarios like replication, sharding, or similar. Upgrade instructions: First stop your PostgreSQL, create PostgreSQL-binaries and backup your data. If you have another Version of PostgreSQL installed, for example 9.5.19, your files are named according to this. # service postgresql stop # pkg create postgresql95-server postgresql95-contrib # mkdir /tmp/pg-upgrade # tar xf postgresql95-server-9.5.19.txz -C /tmp/pg-upgrade # tar xf postgresql95-contrib-9.5.19.txz -C /tmp/pg-upgrade # pkg delete -f databases/postgresql95-server databases/postgresql95-contrib databases/postgresql95-client Now update PostgreSQL: pkg user: # pkg install databases/postgresql11-server databases/postgresql11-contrib # pkg upgrade Portmaster users: # portmaster databases/postgresql11-server databases/postgresql11-contrib # portmaster -a Portupgrade users: # portinstall databases/postgresql11-server databases/postgresql11-contrib # portupgrade -a After installing the new PostgreSQL version you need to convert all your databases to new version: # su -l postgres -c "/usr/local/bin/initdb --encoding=utf-8 --lc-collate=C -D /var/db/postgres/data11 -U pgsql" # chown -R postgres /usr/local/pgsql/data/ # su -l postgres -c "pg_upgrade -b /tmp/pg-upgrade/usr/local/bin/ -d /usr/local/pgsql/data/ -B /usr/local/bin/ -D /var/db/postgres/data11/ -U pgsql " Now the migration is finished. You can start PostgreSQL again with: # service postgresql start ATTENTION: 1) The default user changed from "pgsql" to "postgres". The migration steps above preserve the "pgsql" database user while the database daemon is now executed as the "postgres" FreeBSD user. 2) The default data dir changed from "/usr/local/pgsql/data/" to "/var/db/postgres/data11/" 3) If you use non-default initdb options, you have to adjust the initdb-command accordingly 20190816: AFFECTS: users of net-im/ejabberd AUTHOR: ashish@FreeBSD.org Riak support has been removed by upstream. For update instructions from 19.05, please refer to: https://docs.ejabberd.im/admin/upgrade/from_19.05_to_19.08/ 20190812: AFFECTS: users of lang/perl5* AUTHOR: mat@FreeBSD.org The default Perl version has been switched to Perl 5.30. If you are using binary packages to upgrade your system, you do not have anything to do, pkg upgrade will do the right thing. For the other people, follow the instructions in entry 20181213, it should still be the same. 20190801: AFFECTS: users of www/ot-recorder AUTHOR: dvl@FreeBSD.org The data directory has moved from /var/spool/owntracks to /var/db/owntracks Be sure to stop otrecorder, move the directory, and start otrecorder. service ot-recorder stop cd /var/spool mv owntracks /var/db service ot-recorder start 20190728: AFFECTS: users of net-im/py-matrix-synapse AUTHOR: kai@FreeBSD.org The support for Python 2.7 has been dropped with the 1.1.0 release of net/py-matrix-synapse. Users that still use the Python 2.7 version of net-im/py-matrix-synapse should switch to a newer Python version, e.g. 3.6, which is the default Python version since April 2019. 20190717: AFFECTS: users of net-p2p/zetacoin and net-p2p/zetacoin-nox11 AUTHOR: daniel@morante.net Zetacoin will default to using modern versions of BDB (5.x or 6.x) when the WALLET option is selected. See pkg-help for explanation. The zetacoin-nox11 slave port was renamed to zetacoin-daemon to align with the net-p2p/bitcoin format. The zetacoin-cli and zetacoin-tx utilities have been re-packaged into a separate port. If you require these programs, or use the zetacoin-cli program to access the daemon or the GUI, install net-p2p/zetacoin-utils to reinstall them. 20190717: AFFECTS: users of sysutils/py-borgmatic AUTHOR: egypcio@FreeBSD.org The default location for borgmatic's configurations changed. We moved it from '/etc/borgmatic' to '/usr/local/etc/borgmatic' in order to follow recommended standards used on FreeBSD. 20190710: AFFECTS: users with DEFAULT_VERSIONS+=linux=c6 or c6_64 in /etc/make.conf AUTHOR: tijl@FreeBSD.org On amd64 adding DEFAULT_VERSIONS+=linux=c6 to /etc/make.conf made Linux infrastructure ports (linux_base-c6 and linux-c6*) install i386 CentOS 6 packages. Using c6_64 instead of c6 made them install mixed amd64/i386 CentOS 6 packages and allowed Linux application ports to install amd64 binaries when available. The i386-only configuration was only useful for users of x11/nvidia-driver* which didn't provide Linux amd64 emulation until recently. With x11/nvidia-driver* now supporting Linux amd64 there's no longer a need for i386-only Linux on amd64 so DEFAULT_VERSIONS+=linux=c6 has been changed to make Linux infrastructure ports install mixed amd64/i386 CentOS 6 packages, like c6_64 before, and support for c6_64 has been removed. Users with DEFAULT_VERSIONS+=linux=c6 should reinstall linux_base-c6 and all packages that depend on it. A list of dependent packages can be obtained with the following command: pkg info -r linux_base-c6 Users with DEFAULT_VERSIONS+=linux=c6_64 only need to replace c6_64 with c6 in /etc/make.conf. Users of x11/nvidia-driver* should upgrade to FreeBSD 11.3 or 12.0 if they want to run Linux amd64 OpenGL programs. If you are running an older version you may want to postpone installing or updating Linux application ports until you find the time to upgrade because application ports may install amd64 binaries now. Infrastructure ports are safe to reinstall, and so is x11/nvidia-driver*. On i386 nothing has changed. 20190707: AFFECTS: users of www/gitlab-ce AUTHOR: mfechner@FreeBSD.org You must at first upgrade to version 11.11.5 before you can upgrade to version 12. Support for MySQL will be dropped with next version. Make sure you use at least PostgreSQL version 9.6. Follow the normal upgrade manual that can be found here: https://gitlab.fechner.net/mfechner/Gitlab-docu/blob/master/update/11.11-12.0-freebsd.md 20190705: AFFECTS: users of net/serviio which bought a license for the non-free features AUTHOR: netchild@FreeBSD.org Version 2 of serviio needs a new license file. Updating without a new license file will disable the non-free features. 20190701: AFFECTS: users of databases/mysql56-(server|client) AUTHOR: ale@FreeBSD.org The default MySQL version has been updated from 5.6 to 5.7. If you compile your own ports you may keep 5.6 as the default version by adding the following lines to your /etc/make.conf file: # # Keep MySQL 5.6 as default version # DEFAULT_VERSIONS+=mysql=5.6 If you wish to update to the new default version, you need to first stop any running server instance. Then, you will need to follow these steps, depending on installed packages. # pkg set -o databases/mysql56-client:databases/mysql57-client # pkg set -o databases/mysql56-server:databases/mysql57-server # pkg upgrade 20190630: AFFECTS: users of net/samba410 AUTHOR: timur@FreeBSD.org If you used Samba in AD/DC mode with the previous versions of the port on UFS2 backed storage you have to add usage of vfs_freebsd VFS module for at least SYSVOL share and configure it to use 'legacy' mode(see manpage). The reason behind this is that previous versions Samba port used a hack to workaround broken mapping of Linux security and trusted extended attributes into FreeBSD namespace. In particular, essential security.NTACL attribute was replaced with the user.NTACL and placed in a insecure USER namespace. This port dropped this hack in favor of vfs_freebsd module, which should provide more controlled way of such a mapping. To maintain the compatibility with the previous installations on UFS2 storage (as ZFS uses it's own way of mapping SYSVOL, thanks to the iXsystems patches) the vfs_freebsd module provides 'legacy' mode that implements old functionality. For the fresh installations it is recommended to use 'secure' mode of operations for this module and use it as a global vfs objects. Caution: The given module is still considered EXPERIMENTAL. 20190630: AFFECTS: users of net/samba410, net/samba4[6-8] and devel/talloc?, devel/tevent?, databases/tdb?, databases/ldb* AUTHOR: timur@FreeBSD.org The port of the new version of Samba 4.10 is introduced. Due necessarily to keep backwards compatibility for the legacy samba4[6-8] ports the upgrade procedure is a bit convoluted. You are safe to perform fresh new install of samba410 port. In case you are upgrading from the previous versions of Samba, please use the following procedure: 0. Take backups of all the relevant files, in particular PREFIX/etc/smb4.conf and /var/db/samba4/ subdirectory. Keep in mind that files there (may) have extended attributes, so use appropriate tools to preserve them. 1a. If you haven't updated Samba between 20190619 and 20190630 then next step should be as simple as: portmaster -o net/samba410 net/samba48 1b. If you have been affected by the archiving legacy versions of Samba-related libraries for legacy versions of Samba, which happened in the given time frame, then you need to reverse operation from the 20190619 entry: for users of portmaster: portmaster -o devel/talloc devel/talloc1 portmaster -o devel/tevent devel/tevent1 portmaster -o databases/tdb databases/tdb1 portmaster -o net/samba410 net/samba48 for users of portupgrade: portupgrade -o devel/talloc devel/talloc1 portupgrade -o devel/tevent devel/tevent1 portupgrade -o databases/tdb databases/tdb1 portupgrade -o net/samba410 net/samba48 20190619: AFFECTS: users of samba4[6-8] and devel/talloc, devel/tevent, databases/tdb, databases/ldb* AUTHOR: timur@FreeBSD.org To introduce samba410(we deliberately skip samba49 due the complexity of handling) and to drop dependency on deprecated Python 2.7, Samba supplementary libraries talloc, tevent and tdb were split into current Python 3 compatible versions and legacy ones, with the suffix "1". Old versions of Samba were changed to depend on the legacy supplementary libraries, so if you need to install samba46, samba47 or samba48 over previous Samba installations you need to downgrade supplementary libs with the following commands: for users of portmaster: portmaster -o devel/talloc1 devel/talloc portmaster -o devel/tevent1 devel/tevent portmaster -o databases/tdb1 databases/tdb portmaster -r talloc1 for users of portupgrade: portupgrade -o devel/talloc1 devel/talloc portupgrade -o devel/tevent1 devel/tevent portupgrade -o databases/tdb1 databases/tdb portupgrade -fr devel/talloc1 20190613: AFFECTS: users of www/qt5-webengine AUTHOR: kai@FreeBSD.org Users that upgrade www/qt5-webengine without using pkg/poudriere might experience failures due to conflicts with the installed version of 5.12.2. In that case, pkg delete -f the qt5-webengine package before building the updated version. 20190611: AFFECTS: users of net/routinator AUTHOR: rodrigo@FreeBSD.org Release 0.4.0 fundamentally changes the command line options for running the server and introduces a new way to initialize the local RPKI repository used by Routinator. If you have been using previous releases, you will likely have to adjust your tooling. We apologize for this, but we also feel that the new commands are more intuitive and logical. 20190604: AFFECTS: users of net/samba47 AUTHOR: antoine@FreeBSD.org The default version of samba has been switched from 4.7 to 4.8. Upgrade instructions: For package users having samba47 installed indirectly (as a dependency): # pkg upgrade For package users having samba47 installed directly (leaf port): # pkg upgrade # pkg install samba48 For ports users: If you want to keep samba47, add DEFAULT_VERSIONS+= samba=4.7 to make.conf If you want to upgrade to samba48, remove samba47: # pkg delete -f samba47 Portmaster users: # portmaster net/samba48 # portmaster -a Portupgrade users: # portinstall net/samba48 # portupgrade -a 20180601: AFFECTS: www/tt-rss AUTHOR: dereks@lifeofadishwasher.com tt-rss now uses php intl for extension; a web server reload will be required if intl extension isn't already loaded. 20190522: AFFECTS: users of sysutils/graylog AUTHOR: dch@FreeBSD.org The port has been updated to the latest stable version 3.0.2, which includes more plugins by default, but also requires manual changes to graylog's configuration files, possibly port and URL changes, such as X-Graylog-Server-URL settings, and elasticsearch must be >= 5. The location of configuration files has been amended to align with the official distribution files and locations. After upgrading, manually review and merge changes from your /usr/local/etc/graylog/server/server.conf into /usr/local/etc/graylog/graylog.conf Consult https://www.graylog.org/post/announcing-graylog-v3-0-ga for further details. 20190506: AFFECTS: users of www/gitea AUTHOR: stb@lassitu.de Gitea requires the addition of another secret to the config file in order to start up. Either manually add JWT_SECRET to the ${PREFIX}/etc/gitea/conf/app.ini config file (see app.ini.sample), or allow Gitea to make the change for you by making the config file writable to the git user. 20190424: AFFECTS: users of www/node AUTHOR: bhughes@FreeBSD.org The www/node port has been updated to Node.js v12.0.0, the latest upstream release. This is a major release, including many significant changes. Users are encouraged to read the release announcements before upgrading: https://nodejs.org/en/blog/release/v12.0.0/ 20190423: AFFECTS: users of www/gitlab-ce AUTHOR: mfechner@FreeBSD.org The directory where all repositories and ssh permissions are stored was changed from /usr/home/git back to /usr/local/git, to match again the recommended standards on FreeBSD. This will cause now some other git management packages to collide with gitlab. Make sure you migrate all you git repositories to gitlab first, before you continue. Make sure /usr/local/git/repositories and /usr/local/git/.ssh are not existing! Otherwise the next commands can break your installation for managing git repositories within gitlab and with your other gitlab management software! You must move the old files to the new location with: # service gitlab stop # mv /usr/home/git /usr/local/ # pkg upg Make sure you update your config files, diff shows you what you maybe must change: # cd /usr/local/www/gitlab-ce # git diff config/gitlab.yml.sample config/gitlab.yml # cd /usr/local/share/gitlab-shell/ # git diff config.yml.sample config.yml # cd /usr/local/share/gitaly # git diff config.toml.sample config.toml # Change home directory of user git back to /usr/local/git # vipw The line should now looks like: git:*:211:211::0:0:gitosis user:/usr/local/git:/bin/sh If you do an upgrade of gitlab follow the upgrade guide. If not, just start gitlab again with: # service gitlab start 20190422: AFFECTS: users of security/libressl AUTHOR: brnrd@FreeBSD.org The port has been updated to the latest stable version 2.9 of LibreSSL. The shared library versions of the libraries have been bumped. After upgrading, manually update all packages that depend on any of the libraries provided by LibreSSL (libssl, libcrypto and libtls) since the versions of these libraries have changed. Normally, you can obtain the list of dependent software by running the following command: # pkg info -r libressl Then you should rebuild all ports depending on libressl to avoid dangling shared library dependencies. Poudriere and pkg handle this correctly, portmaster and portupgrade users can use the following to rebuild all dependent ports. Portmaster users: portmaster -r libressl Portupgrade users: portupgrade -fr security/libressl 20190421: AFFECTS: users of databases/cego AUTHOR: pi@FreeBSD.org To upgrade from cego 2.39.16 to 2.44.1, you need to export to xml before the upgrade and import from xml after the upgrade, because the internal storage has changed for some types. Use these steps: - export your database while it runs, see http://www.lemke-it.com/litexec?request=pubcegodoc&user=&lang=en§ion=cgdoc_database_running.html#tsimpexp_mode for details. - stop the database service cego stop - upgrade the port/package - re-create the database cego --mode=create --tableset= --dbxml=.xml - import the database cego --mode=xmlimport --tableset= \ --dbxml=.xml --impfile=export.xml --doLogging - modify /etc/rc.conf by adding cego__cpdump="YES" cego__cleanup="YES" - start the database service cego start 20190420: AFFECTS: users of lang/ruby24 AUTHOR: mfechner@FreeBSD.org The default ruby version has been updated from 2.4 to 2.5. If you compile your own ports you may keep 2.4 as the default version by adding the following lines to your /etc/make.conf file: # # Keep ruby 2.4 as default version # DEFAULT_VERSIONS+=ruby=2.4 If you wish to update to the new default version, you need to first stop any software that uses ruby. Then, you will need to follow these steps, depending upon how you manage your system. If you use pkgng, simply upgrade: # pkg upgrade If you use portmaster, install new ruby, then rebuild all ports that depend on ruby: # portmaster -o lang/ruby25 lang/ruby24 # portmaster -R -r ruby-2.5 If you use portupgrade, install new ruby, then rebuild all ports that depend on ruby: # pkg delete -f ruby portupgrade # make -C /usr/ports/ports-mgmt/portupgrade install clean # pkg set -o lang/ruby24:lang/ruby25 # portupgrade -x ruby-2.5.\* -fr lang/ruby25 20190419: AFFECTS: users of emulators/qemu AUTHOR: bofh@FreeBSD.org qemu 2.X version has been moved to qemu2. If you would like to use 2.X you should use qemu2. Otherwise you can use the new stable upstream branch of 3.0.X. Portmaster users will need to run this command: portmaster -o emulators/qemu2 emulators/qemu 20190410: AFFECTS: users of python AUTHOR: antoine@FreeBSD.org Default version of python was switched to 3.6. For ports users wanting to keep version 2.7 as default, add DEFAULT_VERSIONS+= python=2.7 to make.conf 20190328: AFFECTS: www/firefox-i18n, www/firefox-esr-i18n, mail/thunderbird-i18n, www/seamonkey-i18n AUTHOR: gecko@FreeBSD.org Separate packages for localization packs are no longer supported. Firefox 65+ has in-browser menu while Firefox ESR60, Thunderbird 60 or SeaMonkey 2.49 should download preferred .xpi manually. Refer to the following article (including previous revisions) how to do this. https://support.mozilla.org/kb/use-firefox-another-language 20190328: AFFECTS: users of www/qt5-webengine AUTHOR: kde@FreeBSD.org Users that upgrade www/qt5-webengine without using pkg/poudriere might experience failures due to conflicts with the installed version of 5.9.5. In that case, pkg delete -f the qt5-webengine package before building the updated version. 20190314: AFFECTS: users of mail/rspamd, mail/rspamd-devel AUTHOR: vsevolod@FreeBSD.org User and group that rspamd run as are changed from nobody:nobody to rspamd:rspamd. Unless it is clean install you need to execute following command. # chown -R rspamd:rspamd /var/db/rspamd /var/log/rspamd /var/run/rspamd 20190311: AFFECTS: users of x11/xorg, x11-fonts/mkfontscale, x11-fonts/mkfontdir AUTHOR: zeising@FreeBSD.org The x11-fonts/mkfontdir port has been removed and the functionality has been merged into x11-fonts/mkfontscale. This might cause issues with upgrading. If you get conflicts between mkfontscale and mkfontdir please remove mkfontdir before upgrading. To do this, simply run the following: pkg delete -f mkfontdir 20190311: AFFECTS: users of www/igal2 AUTHOR: rodrigo@freebsd.org www/igal2 2.2-1 is now built with graphics/ImageMagick6-nox11 and don't install the ImageMagick X11 dependencies anymore. A build option allows you to restore the previous behaviour. 20190303: AFFECTS: users of x11-fonts/noto* AUTHOR: sunpoet@FreeBSD.org Google Noto Fonts family has been converted to several ports. x11-fonts/noto is a meta port which includes 1 old port and 5 new ports as follows: - x11-fonts/noto-basic (was noto-lite): basic fonts set with emoji - x11-fonts/noto-extra: extra fonts set - x11-fonts/noto-jp: Japanese fonts set - x11-fonts/noto-kr: Korean fonts set - x11-fonts/noto-sc: Simplified Chinese fonts set - x11-fonts/noto-tc: Traditional Chinese fonts set 20190302: AFFECTS: users of sysutils/paladin AUTHOR: Ryan Westlund The way paladin parses its config file has changed, please check the provided sample config. 20190227: AFFECTS: users of security/softether, security/softether-devel AUTHOR: meta@FreeBSD.org These ports' bridge, client, server daemon unintendedly had spit out chain_certs (certificate chain) directory on libexec directory until r494024. If your ${PREFIX}/libexec/softether/chain_certs directory is empty, you can remove the directory safely. If the directory is not empty, move it to ${SE_DBDIR} when upgrading softether. Following commands should help: service softether_(bridge|client|server) stop (portmaster, portupgrade or pkg upgrade) mv ${PREFIX}/libexec/softether/chain_certs ${SE_DBDIR}/ service softether_(bridge|client|server) start With the default Makefile settings, ${SE_DBDIR} is set to /var/db/softether. 20190224: AFFECTS: users of security/gnutls AUTHOR: tijl@FreeBSD.org GnuTLS now looks for its configuration files in PREFIX/etc (/usr/local/etc) instead of /etc. If the following files exist they have to be moved. On a default installation these files do not exist. /etc/gnutls/default-priorities /etc/gnutls/pkcs11.conf /etc/tpasswd /etc/tpasswd.conf 20190215: AFFECTS: users of net-im/ejabberd AUTHOR: ashish@FreeBSD.org If you've mod_mam enabled with compress_xml set to true, then you're affected by bug where the XML namespace, and tag elements get interchanged in the MAM cache which results in invalid XML, and causing XMPP clients to disconnect. For more details, please refer to: https://github.com/processone/ejabberd/issues/2744 This upgrade contains the patch that fixes the problem going forward. For fixing already affected users, you'll need to wipe off the MAM cache for the affected users: sudo -u ejabberd -H ejabberdctl remove_mam_for_user 20190207: AFFECTS: users of net-mgmt/mk-livestatus AUTHOR: egypcio@FreeBSD.org The default Nagios version supported by net-mgmt/mk-livestatus changed from Nagios 3 to Nagios 4 - the respective Nagios package was added to net-mgmt/mk-livestatus' runtime dependencies. If you still need support for Nagios 3 you just need to change the options for net-mgmt/mk-livestatus and compile the port yourself. 20190202: AFFECTS: users of archivers/urbackup-server AUTHOR: freebsd@coombscloud.com Some of the port's sources previously included absolute references to /etc/urbackup. The upgrade now changes these references to ${PREFIX}/etc/urbackup. If you have placed any configuration files within /etc/urbackup, these should be relocated to ${PREFIX}/etc/urbackup. 20190130: AFFECTS: users of sysutils/password-store AUTHOR: rene@FreeBSD.org password-store now stores plugins in ${PREFIX}/libexec instead of ${PREFIX}/lib. Ensure to move your own extensions there too and update your scripts to avoid breakage. 20190124: AFFECTS: users of sysutils/rubygem-fluentd, sysutils/fluent-bit AUTHOR: girgen@FreeBSD.org The fluentd port has been upgraded from the 0.12 line to 1.3.3. The upgrade is mostly non-disruptive since there is a backward compatibility with 0.12 plugins and configuration files, but care should be taken about the order of server upgrades since fluentd 1.x is unable to send it's data to version 0.12 instances. You should carefully read https://docs.fluentd.org/v1.0/articles/update-from-v0.12 before performing any upgrade activities. 20190120: AFFECTS: users of mail/fetchmail AUTHOR: mandree@FreeBSD.org The fetchmail port no longer offers the X11 option and no longer depends on Python. The corresponding fetchmailconf Python program has now been split out into a separate port or package, so that fetchmail itself will no longer require Python. Users who wish to use fetchmailconf should install the new fetchmailconf port or package. 20190119: AFFECTS: users of german/webalizer2, japanese/webalizer, polish/webalizer2, portuguese/webalizer-pt_BR, portuguese/webalizer-pt_PT, ukrainian/webalizer, www/geolizer, www/webalizer AUTHOR: dinoex@FreeBSD.org The option GEOIP has been changed to used the new database. Either copy GeoLite2-Country.mmdb in the working directory, or set the GeoIPDatabase option to the location of the file. 20190114: AFFECTS: users of graphics/qgis AUTHOR: rhurlin@gwdg.de GIS 3.4 LTR, the first long-term release (LTR) of QGIS 3, has landed in the FreeBSD ports tree. It will also replace the previous 2.18 LTR in the QGIS package repositories in February 2019 [1]. Beside, the latest Qt4 version 4.8.7 has been EOL since December 2015 and its expiration date on FreeBSD is set to March, 15th 2019. Because QGIS 2 is based on Qt4 and Python2, it was decided to not create a legacy port for QGIS 2, after graphics/qgis changed to QGIS 3. For users moving over from the 2.18 LTR there is a huge list of new features and impactful changes in this new 3.4 LTR version. Most notably 3.x plugins are incompatible with 2.x plugins, so please review your plugin usage carefully. Before moving over, if you have not already done so, take a look at the changelogs from versions 3.0, 3.2, and 3.4 [2][3][4] to understand the full scope of changes in the 3.x release. [1] https://qgis.org/en/site/getinvolved/development/roadmap.html#release-schedule [2] http://changelog.qgis.org/en/qgis/version/3.0.0/ [3] http://changelog.qgis.org/en/qgis/version/3.2.0/ [4] http://changelog.qgis.org/en/qgis/version/3.4-LTR/ 20190114: AFFECTS: x11-wm/sway AUTHOR: jbeich@FreeBSD.org swayidle and swaylock split out into x11/swayidle and x11/swaylock. Check your sway config and install those if required. 20190113: AFFECTS: users of net/GeoIP AUTHOR: adamw@FreeBSD.org Maxmind no longer provides geolocation data in the legacy format used by net/GeoIP. All GEOIP-related OPTIONS have been removed, and all GeoIP-dependent ports will be removed soon. Where possible, you must switch to net/libmaxminddb, which uses the newer (and fully supported) GeoIP 2 format. Unfortunately, this is not a drop-in replacement. To fetch the GeoIP 2 geolocation databases, whether the free or paid versions, you must use net/geoipupdate (pkg install geoipupdate). The legacy database is no longer available, and we cannot distribute it by the Maxmind license, so the legacy GeoIP format is essentially dead. 20190108: AFFECTS: users of databases/mysql-connector-java AUTHOR: matthew@FreeBSD.org The databases/mysql-connector-java port has been updated to 8.0.13, which requires a minimum of Java 1.8, so dropping support for Java 1.6 and 1.7. Users of those versions of Java should substitute the databases/mysql-connector-java51 port which remains at version 5.1.47 20190103: AFFECTS: users of multimedia/vlc* AUTHOR: riggs@FreeBSD.org The multimedia/vlc port has been upgraded to 3.0.5, the latest upstream release. Subsequently, multimedia/vlc-qt4 and multimedia/vlc3 have been retired and removed from the ports tree. Users who previously used multimedia/vlc3 might want to switch to multimedia/vlc with the following commands: # pkg install multimedia/vlc or # portmaster -o multimedia/vlc multimedia/vlc3 or # portupgrade -o multimedia/vlc multimedia/vlc3 20190102: AFFECTS: users of net/serviio AUTHOR: netchild@FreeBSD.org If you have customized your etc/serviio/profile.xml you need to review and merge changes from the profile.xml.sample file, else you may not be able to watch mkv files. 20181228: AFFECTS: users of devel/trio AUTHOR: rodrigo@freebsd.org Since trio 1.16-1, the shared lib previously misnamed libtrio.so.2.0.0 is now named libtrio.so.2 and the symlink libtrio.so is created. 20181222: AFFECTS: users of net/ntopng AUTHOR: madpilot@FreeBSD.org Since ntopng 3.7, for security reasons, the default setting for the data directory has been changed to "/var/db/ntopng", and the default user has been changed to "ntopng". This new directory is created automatically by the port/package with correct permissions. In order to maintain backward compatibility, if you are already using "/var/tmp/ntopng" as data directory, ntopng keeps using that folder, owned by "nobody". This said, using the old defaults is not recommended and a manual action is required in order to migrate to the new settings, unless you are already using a custom directory: # service ntopng stop # mv /var/tmp/ntopng/* /var/db/ntopng/ # chown -R ntopng:ntopng /var/db/ntopng # service ntopng start Please check the upstream FAQ for reference: https://www.ntop.org/support/faq/migrate-the-data-directory-in-ntopng/ 20181218: AFFECTS: users of misc/openhab2 AUTHOR: netchild@FreeBSD.org If you upgrade from a previous version, make a backup of /var/db/openhab2 and run %%PREFIX%%/libexec/openhab2/runtime/bin/update.freebsd Config specific info (changes from 2.3.0 to 2.4.0): Astro Binding: The 'kilometer' and 'miles' channels have been replaced by a new 'distance' channel Jeelink Binding: The 'currentWatt' and 'maxWatt' channels have been replaced with 'currentPower' and 'maxPower' channels WeatherUnderground Binding: A bridge has been added on top of the current things, you need to add a bridge containing your api-key. ZWave Binding: Major changes have been merged to support features such as security. All things must be deleted and re-added. Refer to https://community.openhab.org/t/zwave-binding-updates/51080 for further information. Synop Binding is now using UoM. 'wind-speed-ms' and 'wind-speed-knots' channels have been replaced by a single 'wind-speed' channel. Amazonechocontrol Binding: The account thing does not have settings anymore. You have to login at amazon once again through the proxy server http(s):///amazonechocontrol Milight Binding: The various available bulb types do not appear in the Paper UI Inbox anymore. The correct bulb need to be added manually. The bulb "zone" is now a configuration. Bulb Things need to be recreated to apply this change. Hue emulation: The item to hue ID mapping is no longer stored in files, but in the openHAB storage service. You need to rediscover "devices" in all services that use the hue emulation (Amazon Echo, Google Home, etc). 20181215: AFFECTS: users of sysutils/graylog AUTHOR: dch@FreeBSD.org The dependent ports for ElasticSearch and MongoDB have both changed, and upstream changes to the configuration file may require minor changes to work correctly. Refer to the new sample files installed alongside the port for reference: server.conf log4j.xml graylog_logging.xml 20181213: AFFECTS: users of lang/perl5* AUTHOR: mat@FreeBSD.org The default Perl version has been switched to Perl 5.28. If you are using binary packages to upgrade your system, you do not have anything to do, pkg upgrade will do the right thing. For the other people, assuming you are migrating from 5.26 to 5.28, do: First, add to /etc/make.conf: DEFAULT_VERSIONS+= perl5=5.28 Portupgrade users: portupgrade -o lang/perl5.28 -f lang/perl5.26 You can now remove the DEFAULT_VERSIONS line added earlier from /etc/make.conf Then you will need to rebuild everything that uses libperl.so, you can do so with: portupgrade -f `pkg shlib -qR libperl.so.5.26` If, for some reason, this command fails at one point, it is safe to run it again, it will not rebuild what it already rebuilt, as the ports that have been rebuilt no longer depend on libperl.so.5.26 but on libperl.so.5.28. Portmaster users: portmaster -o lang/perl5.28 lang/perl5.26 You can now remove the DEFAULT_VERSIONS line added earlier from /etc/make.conf Then you will need to rebuild everything that uses libperl.so, you can do so with: portmaster -f `pkg shlib -qR libperl.so.5.26` If, for some reason, this command fails at one point, it is safe to run it again, it will not rebuild what it already rebuilt, as the ports that have been rebuilt no longer depend on libperl.so.5.26 but on libperl.so.5.28. 20181212: AFFECTS: users of net-im/ejabberd AUTHOR: ashish@FreeBSD.org There are some new features added in ejabberd 18.12, esp. related to bookmarks, and XML compression in message archive storage. Please refer to: https://blog.process-one.net/ejabberd-18-12/ 20181211: AFFECTS: users of news/inn when upgrading to FreeBSD 12 AUTHOR: naddy@FreeBSD.org When upgrading from FreeBSD 11 to 12, a change in the size of the ino_t type causes a binary incompatibility in the overview database if the default tradindexed format is used. After upgrading the inn package, remove the overview/group.index file and regenerate the history and overview database with makehistory(8) before starting innd. # echo '. /usr/local/news/lib/innshellvars && \ rm -f $OVERVIEWDIR/group.index && \ $NEWSBIN/makehistory -O -s `wc -l <$HISTORY`' | \ su -fm news -c '/bin/sh -s' 20181209: AFFECTS: users of DRM ports other than graphics/drm-kmod AUTHOR: jmd@FreeBSD.org In order to facilitate future porting efforts and help in supporting multiple FreeBSD versions, the DRM ports other than drm-kmod (graphics/drm-stable-kmod, graphics/drm-next-kmod, graphics/drm-devel-kmod) have been renamed to include the FreeBSD version they are designed for. drm-stable-kmod is drm-fbsd11.2-kmod drm-next-kmod is drm-fbsd12.0-kmod drm-devel-kmod is drm-current-kmod 20181209 AFFECTS: users of devel/geany and devel/geany-plugins AUTHOR: madpilot@FreeBSD.org Geany and its plugins port have been moved to gtk3 and a new gtk2 flavor has been added. The gtk2 flavor has a -gtk2 suffix added to the package name. If you want to stay with the gtk2 version you need to use "pkg install" to install the new gtk2 flavor, pkg will automatically deinstall the gtk3 flavors. If using port, to maintain the gtk2 version, you will need to deinstall geany and its plugins and reinstall specifying the gtk2 flavor. Note that the following plugins are not available if using the new gtk3 flavor: * geany-plugin-debugger * geany-plugin-devhelp * geany-plugin-geanypy * geany-plugin-multiterm * geany-plugin-scope 20181208: AFFECTS: users of misc/openhab2 AUTHOR: netchild@FreeBSD.org If you upgrade from a previous version, make a backup of /var/db/openhab2 and run %%PREFIX%%/libexec/openhab2/runtime/bin/update.freebsd Config specific info (changes from 2.2.0 to 2.3.0): Nest Binding: The 'camera' Thing Type now has channel groups. Add 'camera#' before the channel ID in the channel UID of existing camera channels. The 'time_to_target_mins' channel of the 'thermostat' Thing Type is renamed to 'time_to_target' Oceanic Binding: The 'softener' Thing Type no longer exists and is replaced by the 'serial' and 'ethernet' Thing Types Yamaha Receiver Binding: The configuration parameter names now use lower camel case convention. Change 'HOST' to 'host', 'PORT' to 'port' etc 20181124: AFFECTS: users of sysutils/munin-master, sysutils/munin-node, www/owncloud, mail/mailman, net/ntpa AUTHOR: woodsb02@FreeBSD.org The newsyslog.conf(5) filename installed by the port has been changed: OLD: ${PREFIX}/etc/newsyslog.conf.d/${PORTNAME} NEW: ${PREFIX}/etc/newsyslog.conf.d/${PORTNAME}.conf Any file found at the old location will be automatically moved to the new location. This will ensure log rotation will continue to work after change r340318 to FreeBSD base, where the default newsyslog configuration now only includes filenames that end with '.conf' and do not begin with '.'. If you use provisioning/configuration management tools to create or edit this file, you will need to change their configuration to use the new filename. 20181111 AFFECTS: users of graphics/mesa-libs AUTHOR: jbeich@FreeBSD.org Wayland support has been enabled in ports where it doesn't exclude X11 support in order to make the binary packages usable with Wayland compositors. If you get strange build failures re-run "make config" to pick up the new defaults. If the extra dependencies are not desired add the following to make.conf: OPTIONS_UNSET += WAYLAND 20181109 AFFECTS: users of security/ossec-hids-server AUTHOR: dominik.lisiak@bemsoft.pl The "ossechids_enable" rc variable has been renamed to "ossec_hids_enable". If using database output, you need to recreate database using new schema provided in /usr/local/share/doc/ossec-hids. 20181109 AFFECTS: users of security/ossec-hids-local AUTHOR: dominik.lisiak@bemsoft.pl The "ossechids_enable" rc variable has been renamed to "ossec_hids_enable". If using database output, you need to recreate database using new schema provided in /usr/local/share/doc/ossec-hids. 20181109 AFFECTS: users of security/ossec-hids-client AUTHOR: dominik.lisiak@bemsoft.pl The ossec-hids-client port has been renamed to ossec-hids-agent. Portmaster users will need to run this command: portmaster -o security/ossec-hids-agent security/ossec-hids-client If the switch doesn't happen automatically for you, just delete the ossec-hids-client package and install ossec-hids-agent. The "ossechids_enable" rc variable has been renamed to "ossec_hids_enable". 20181104: AFFECTS: users of sysutils/ansible* AUTHOR: lifanov@FreeBSD.org Default Ansible configuration location changed to LOCALBASE/etc/ansible instead of a per-flavor directory. If you use system-wide Ansible configuration, please migrate from a flavored directory to a common one: # mv /usr/local/etc/py27-ansible /usr/local/etc/ansible 20181031: AFFECTS: users of www/node AUTHOR: bhughes@FreeBSD.org The www/node port has been updated to Node.js v11.0.0, the latest upstream release. A new port, www/node10, has been created for the v10.x LTS branch. Users wanting to stay on v10.x can replace www/node with www/node8 with one of the following commands: # pkg install www/node10 or # portmaster -o www/node10 www/node or # portupgrade -o www/node10 www/node 20181022: AFFECTS: users of lang/php71 AUTHOR: joneum@FreeBSD.org The default version of PHP has been switched from 7.1 to 7.2. If you use binary packages you should make a list of php packages before running 'pkg upgrade': # pkg info php7\* > ~/installed-php-ports-list After the upgrade, check with such list if all your php extensions are still installed, and reinstall them if needed. If you use mod_php71 you need to deinstall it and install mod_php72. 20181020: AFFECTS: users of security/libressl AUTHOR: brnrd@FreeBSD.org The port has been updated to the latest stable version 2.8 of LibreSSL. The shared library versions of the libraries have been bumped. After upgrading, manually update all packages that depend on any of the libraries provided by LibreSSL (libssl, libcrypto and libtls) since the versions of these libraries have changed. Normally, you can obtain the list of dependent software by running the following command: # pkg info -r libressl Then you should rebuild all ports depending on libressl to avoid dangling shared library dependencies. Poudriere and pkg handle this correctly, portmaster and portupgrade users can use the following to rebuild all dependent ports. Portmaster users: portmaster -r libressl Portupgrade users: portupgrade -fr security/libressl 20181018: AFFECTS: users of security/hitch AUTHOR: zi@FreeBSD.org Hitch has been updated to run as the hitch user/group, instead of the previous default of nobody/nobody. You should review your hitch configuration to ensure that everything has been updated to reflect this change. 20181014: AFFECTS: users of sysutils/ansible AUTHOR: lifanov@FreeBSD.org Ansible has been updated to 2.7.0. Please follow the porting guide to update the rulesets: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.7.html If you wish to stay with 2.6 version, you can switch to new sysutils/ansible2.6 port, which tracks stable 2.6 branch: # pkg set -n ansible:ansible26 20181010: AFFECTS: users of mail/courier-imap and other courier ports AUTHOR: madpilot@FreeBSD.org Courier-IMAP 5.0.0 added IMAP UTF8 support, and converted maildir folders' names to Unicode. Updating an existing system to Courier-IMAP 5.0, and later, requires a manual one-time conversion of all existing maildirs using the maildirmake command. See the maildirmake(1) manual page for more information. All other courier ports accessing maildirs also need to be updated at the same time. 20181009: AFFECTS: users of devel/pecl-xdebug* AUTHOR: pizzamig@FreeBSD.org xdebug 2.6.1 (devel/pecl-xdebug) is the new default version and it supports PHP from 7.0 to 7.2 included. If you're using PHP 5.6, the previous compatible xdebug version is still available in devel/pecl-xdebug25 If you're using PHP 7.3, the only compatible xdebug version is available in devel/pecl-xdebug-devel diff --git a/mail/exim/Makefile b/mail/exim/Makefile index ad06672afa63..45d5209d7a2a 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -1,658 +1,666 @@ PORTNAME= exim PORTVERSION?= ${EXIM_VERSION} -PORTREVISION?= 7 +PORTREVISION?= 0 CATEGORIES= mail MASTER_SITES= EXIM:exim MASTER_SITE_SUBDIR= /exim4/:exim \ /exim4/fixes/:exim \ /exim4/old/:exim DISTNAME= ${PORTNAME}-${EXIM_VERSION} DISTFILES= ${DISTNAME}${EXTRACT_SUFX}:exim DIST_SUBDIR= exim EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= fluffy@FreeBSD.org COMMENT?= High performance MTA for Unix systems on the Internet WWW= https://www.exim.org/ LICENSE= GPLv2 USES= compiler cpe tar:bzip2 perl5 USE_CSTD= c99 USE_PERL5= run # Exim build system is job unsafe atm MAKE_JOBS_UNSAFE= yes # One can tune the following "hidden" knobs: # - EXIM_USER: user exim is running as; # - EXIM_GROUP: ditto for the group; # - LOGDIR: where Exim logs will be put; # - LOG_FILE_PATH: path where '%s' will be substituted with # the target name (main, reject, etc); # - CONFIG_FILE_PATH: path to the default configuration file; # - ALT_CONFIG_PREFIX: path to the default prefix for all # configuration files, excluding the main one; # will be effective only when WITH_ALT_CONFIG_PREFIX # will be set via OPTIONS. .if make(makesum) && !defined(FETCH_ALL) .error "You forgot to define FETCH_ALL to create the sane distinfo" .endif .include "options" OPTIONS_SUB= yes AUTH_SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2 BDB_USES= bdb DMARC_LIB_DEPENDS= libopendmarc.so:mail/opendmarc EMBEDDED_PERL_USE= perl5=run,build EXIMON_USES= xorg EXIMON_USE= xorg=x11,xaw,xext,xmu,xt GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls ICONV_USES= iconv:lib,build INTERNATIONAL_LIB_DEPENDS= libidn.so:dns/libidn LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb MYSQL_USES= mysql OPENLDAP_USES= ldap PGSQL_LIB_DEPENDS= libicudata.so:devel/icu PGSQL_USES= pgsql pkgconfig REDIS_LIB_DEPENDS= libhiredis.so:databases/hiredis SASLAUTHD_RUN_DEPENDS= ${LOCALBASE}/sbin/saslauthd:security/cyrus-sasl2-saslauthd SA_EXIM_RUN_DEPENDS= ${LOCALBASE}/bin/spamc:mail/spamassassin SPF_LIB_DEPENDS= libspf2.so:mail/libspf2 SQLITE_LIB_DEPENDS= libicudata.so:devel/icu SQLITE_USES= pkgconfig sqlite DEBIAN_PATCHES_PREFIX= ${FILESDIR}/debian/75 EXTRA_PATCHES= \ - ${DEBIAN_PATCHES_PREFIX}_30-Avoid-calling-gettimeofday-select-per-char-for-cmdli.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_32-Fix-PAM-auth.-Bug-2813.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_38-Convert-all-uses-of-select-to-poll.-Bug-2831.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_43-BSD-fix-resource-leak.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_45-Fix-bogus-error-message-copy.-Bug-2857.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_55-Specific-check-for-null-pointer.patch:-p1 - -TLS_PATCHES_PREFIX= ${FILESDIR}/tls/ -EXTRA_PATCHES+= \ - ${TLS_PATCHES_PREFIX}patch-tls1:-p1 \ - ${TLS_PATCHES_PREFIX}patch-tls2:-p1 + ${DEBIAN_PATCHES_PREFIX}_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_05-SPF-fix-memory-accounting-for-error-case.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_08-Fix-regex-n-use-after-free.-Bug-2915.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_09-Fix-non-WITH_CONTENT_SCAN-build.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_22-Fix-daemon-startup.-Bug-2930.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_23-Fix-reccipients-after-run.-.-Bug-2929.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_31-Fix-regext-substring-capture-variables-for-null-matc.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_32-Fix-regex-substring-capture-variables-for-null-match.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_34-Fix-regex-substring-capture-commentary.-Bug-2933.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_37-OpenSSL-when-preloading-creds-do-the-server-certs-be.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_38-OpenSSL-fix-double-expansion-of-tls_verify_certifica.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_50-Fix-logging-of-max-size-log-line.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_55-Fix-recursion-on-dns_again_means_nonexist.-Bug-2911.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_58-Close-server-smtp-socket-explicitly-on-connect-ACL-d.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_60-OpenSSL-fix-tls_eccurve-setting-explicit-curve-group.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_62-OpenSSL-Fix-tls_eccurve-on-earlier-versions-than-3.0.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_63-OpenSSL-log-conns-rejected-for-bad-ALPN-with-the-off.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_64-DANE-do-not-check-dns_again_means_nonexist-for-TLSA-.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_66-Fix-crash-in-expansions.patch:-p1 .include # OCSP is supported for openssl only .if ${PORT_OPTIONS:MOCSP} .if ! ${PORT_OPTIONS:MTLS} IGNORE= you cannot enable OCSP stapling without TLS support .elif ${PORT_OPTIONS:MGNUTLS} IGNORE= you cannot enable OCSP stapling with gnutls .endif .endif # DMARC implies SPF and DKIM .if ${PORT_OPTIONS:MDMARC} .if ! ${PORT_OPTIONS:MSPF} || ! ${PORT_OPTIONS:MDKIM} IGNORE= you cannot enable DMARC without SPF and DKIM support .endif .endif # ARC implies SPF and DKIM .if ${PORT_OPTIONS:MARC} .if ! ${PORT_OPTIONS:MSPF} || ! ${PORT_OPTIONS:MDKIM} IGNORE= you cannot enable ARC without SPF and DKIM support .endif .endif # DANE implies DNSSEC .if ${PORT_OPTIONS:MDANE} .if ! ${PORT_OPTIONS:MDNSSEC} || ! ${PORT_OPTIONS:MTLS} IGNORE= you cannot enable DANE without DNSSEC support or without TLS support .endif .endif .if ${PORT_OPTIONS:MSA_EXIM} || defined(FETCH_ALL) MASTER_SITES+= http://marc.merlins.org/linux/exim/files/:sa_exim \ SF/sa-exim/sa-exim/${SA_EXIM_VERSION}:sa_exim DISTFILES+= sa-exim-${SA_EXIM_VERSION}.tar.gz:sa_exim EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.c EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.conf .endif -EXIM_VERSION= 4.95 +EXIM_VERSION= 4.96 SA_EXIM_VERSION=4.2.1 EXIM_INSTALL_ARG+= "-no_chown" "-no_symlink" EXTRA_PATCHES+= `${FIND} ${PATCHDIR} -name '74_*.patch'|${SORT} -h` .if !defined(EXIMON_ONLY) PLIST_SUB+= EXIM="" .if defined(PKGNAMESUFFIX) CONFLICTS+= ${PKGNAMEPREFIX}${PORTNAME}-4.* .endif .for suffix in -ldap2 -mysql -postgresql -sa-exim -sqlite .if !defined(PKGNAMESUFFIX) || ${PKGNAMESUFFIX} != ${suffix} CONFLICTS+= ${PKGNAMEPREFIX}${PORTNAME}${suffix}-4.* .endif .endfor .if ${PORT_OPTIONS:MEXIMON} CONFLICTS+= ${PKGNAMEPREFIX}${PORTNAME}-monitor-4.* .endif PKGMESSAGE= ${WRKDIR}/POST-INSTALL-NOTES .else # !EXIMON_ONLY PLIST_SUB+= EXIM="@comment " PORT_OPTIONS+= EXIMON PKGMESSAGE= ${WRKDIR}/pkg-message EXIM_INSTALL_ARG+= "eximon" "eximon.bin" .endif # !EXIMON_ONLY PORTDOC_BASE= ACKNOWLEDGMENTS NOTICE README.UPDATING PORTDOC_FILES= ChangeLog Exim3.upgrade Exim4.upgrade NewStuff \ OptionLists.txt README README.SIEVE dbm.discuss.txt \ experimental-spec.txt filter.txt spec.txt PORT_EXAMPLES= convert4r3 convert4r4 transport-filter.pl DAILY_SCRIPTS= 150.exim-tidydb 460.exim-mail-rejects MAKE_ENV+= OSTYPE="${OPSYS}" ARCHTYPE="${ARCH}" DUMMY_LDFLAGS="${DUMMY_LDFLAGS}" STRIP_COMMAND="${STRIP_CMD}" EXIM_USER?= mailnull EXIM_GROUP?= mail # Default user/group are system ones, so we don't want to check them .if ${EXIM_USER} != "mailnull" USERS= ${EXIM_USER} .endif .if ${EXIM_GROUP} != "mail" GROUPS= ${EXIM_GROUP} .endif LOGDIR?= /var/log/exim LOG_FILE_PATH?= ${LOGDIR}/%slog CONFIG_FILE_PATH?= ${PREFIX}/etc/exim/configure ALT_CONFIG_PREFIX?= ${PREFIX}/etc/exim/ EXIM_DYNAMIC_LDFLAGS= -fPIC -rdynamic -Wl,--export-dynamic SED_SCRIPT= -e 's,%%PREFIX%%,${PREFIX},g' \ -e 's,%%DOCSDIR%%,${DOCSDIR},g' \ -e 's,%%EXAMPLESDIR%%,${EXAMPLESDIR},g' \ -e 's,%%EXIM_USER%%,${EXIM_USER},g' \ -e 's,%%EXIM_GROUP%%,${EXIM_GROUP},g' \ -e 's,%%LOGDIR%%,${LOGDIR},g' SEDLIST+= -e 's,XX_CFLAGS_XX,${CFLAGS:S/,/\\,/g},' \ -e 's,XX_PREFIX_XX,${PREFIX:S/,/\\,/g},' \ -e 's,XX_LOCALBASE_XX,${LOCALBASE:S/,/\\,/g},' \ -e 's,XX_LOG_FILE_PATH_XX,${LOG_FILE_PATH:S/,/\\,/g},' \ -e 's,XX_CONFIG_FILE_PATH_XX,${CONFIG_FILE_PATH:S/,/\\,/g},' \ -e 's,XX_ALT_CONFIG_PREFIX_XX,${ALT_CONFIG_PREFIX:S/,/\\,/g},' \ -e 's,XX_EXIM_USER_XX,${EXIM_USER:S/,/\\,/g},' \ -e 's,XX_EXIM_GROUP_XX,${EXIM_GROUP:S/,/\\,/g},' \ -e 's,XX_DEFAULT_CHARSET_XX,${WITH_DEFAULT_CHARSET:S/,/\\,/g},' \ -e 's,XX_DYNAMIC_LDFLAGS_XX,${EXIM_DYNAMIC_LDFLAGS:S/,/\\,/g},' PLIST_SUB+= EXIM_VERSION="${EXIM_VERSION}-${PORTREVISION}" \ EXIM_USER=${EXIM_USER} \ EXIM_GROUP=${EXIM_GROUP} \ LOGDIR="${LOGDIR:S/^\///}" # Exim refuses to run local deliveries as root by default. You can # add other users to this colon-separated list that cannot be # overridden at runtime below, but are advised not to remove "root". #WITH_FIXED_NEVER_USERS= root:daemon:bin # When Exim is decoding MIME "words" in header lines it converts any foreign # character sets to the one that is set in the headers_charset option. # The default setting is defined by this setting: WITH_DEFAULT_CHARSET?= ISO-8859-1 # You should not need to fiddle with anything below this point. -LIB_DEPENDS+= libpcre.so:devel/pcre +LIB_DEPENDS+= libpcre2-posix.so:devel/pcre2 .if ! ${PORT_OPTIONS:MDKIM} SEDLIST+= -e 's,^\# (DISABLE_DKIM=),\1,' .endif .if ${PORT_OPTIONS:MLISTMATCH_RHS} SEDLIST+= -e 's,^\# (EXPAND_LISTMATCH_RHS=),\1,' .endif .if ${PORT_OPTIONS:MDCC} SEDLIST+= -e 's,^\# (EXPERIMENTAL_DCC=),\1,' .endif .if ${PORT_OPTIONS:MPROXY} SEDLIST+= -e 's,^\# (SUPPORT_PROXY=),\1,' .endif .if ${PORT_OPTIONS:MCERTNAMES} SEDLIST+= -e 's,^\# (EXPERIMENTAL_CERTNAMES=),\1,' .endif .if ${PORT_OPTIONS:MDSN} SEDLIST+= -e 's,^\# (EXPERIMENTAL_DSN=),\1,' .endif .if !${PORT_OPTIONS:MDANE} SEDLIST+= -e 's,^(SUPPORT_DANE=),\#\1,' .endif .if ${PORT_OPTIONS:MARC} SEDLIST+= -e 's,^\# (EXPERIMENTAL_ARC=),\1,' .endif .if !${PORT_OPTIONS:MEVENT} SEDLIST+= -e 's,^\# (DISABLE_EVENT=),\1,' .endif .if ${PORT_OPTIONS:MINTERNATIONAL} SEDLIST+= -e 's,^\# (SUPPORT_I18N=),\1,' \ -e 's,XX_IDN_LIBS_XX,-L${LOCALBASE}/lib -lidn,' .else SEDLIST+= -e 's,XX_IDN_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MSOCKS} SEDLIST+= -e 's,^\# (SUPPORT_SOCKS=),\1,' .endif .if !${PORT_OPTIONS:MPRDR} SEDLIST+= -e 's,^\# (DISABLE_PRDR=),\1,' .endif .if !${PORT_OPTIONS:MOCSP} SEDLIST+= -e 's,^\# (DISABLE_OCSP=),\1,' .endif .if !${PORT_OPTIONS:MDNSSEC} SEDLIST+= -e 's,^\# (DISABLE_DNSSEC=),\1,' .endif .if ${PORT_OPTIONS:MDMARC} SEDLIST+= -e 's,XX_DMARC_LIBS_XX,-L${LOCALBASE}/lib -lopendmarc,' \ -e 's,^\# (SUPPORT_DMARC=),\1,' .else SEDLIST+= -e 's,XX_DMARC_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MWISHLIST} EXTRA_PATCHES+= `${FIND} ${PATCHDIR} -name 'wishlist-*.patch'` .endif .if ${PORT_OPTIONS:MFIXED_NEVER_USERS} SEDLIST+= -e 's,^(FIXED_NEVER_USERS=).*,\1${WITH_FIXED_NEVER_USERS:S/,/\\,/g},' .endif .if ${PORT_OPTIONS:MEXIMON} SEDLIST+= -e 's,^\# (EXIM_MONITOR=),\1,' .endif .if ${PORT_OPTIONS:MTLS} .if ! ${PORT_OPTIONS:MGNUTLS} USES+= ssl SEDLIST+= -e 's,^\# (USE_OPENSSL=),\1,' SEDLIST+= -e 's,^\# (TLS_LIBS=.*-lssl[[:space:]]),\1,' BROKEN_SSL= openssl30 openssl31 BROKEN_SSL_REASON= error: token is not a valid binary operator in a preprocessor subexpression .else SEDLIST+= -e 's,^\# (USE_GNUTLS=),\1,' SEDLIST+= -e 's,^\# (TLS_LIBS=.*-lgnutls[[:space:]]),\1,' .endif .else # TLS support SEDLIST+= -e 's,^\# (DISABLE_TLS=),\1,' .endif .if ${PORT_OPTIONS:MEMBEDDED_PERL} SEDLIST+= -e 's,^\# (EXIM_PERL=),\1,' .endif .if ${PORT_OPTIONS:MTCP_WRAPPERS} SEDLIST+= -e 's,XX_TCP_WRAPPERS_LIBS_XX,-lwrap,' \ -e 's,^\# (USE_TCP_WRAPPERS=),\1,' .else SEDLIST+= -e 's,XX_TCP_WRAPPERS_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MICONV} SEDLIST+= -e 's,XX_ICONV_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib ${ICONV_LIB},' \ -e 's,^\# (HAVE_ICONV=),\1,' .else SEDLIST+= -e 's,XX_ICONV_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MOPENLDAP} LDAP_LIB_TYPE= OPENLDAP2 SEDLIST+= -e 's,XX_LDAP_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib -llber -lldap,' \ -e 's,XX_LDAP_INCLUDE_XX,-I${LOCALBASE:S/,/\\,/g}/include,' \ -e 's,XX_LDAP_TYPE_XX,${LDAP_LIB_TYPE:S/,/\\,/g},' \ -e 's,^\# (LOOKUP_LDAP=),\1,' .else SEDLIST+= -e 's,XX_LDAP_[^ ]*_XX,,' \ -e 's,^(LDAP_LIB_TYPE=),\# \1,' .endif .if ${PORT_OPTIONS:MBDB} INVALID_BDB_VER= 2 3 6 18 DB_LIBS= -L${BDB_LIB_DIR} -l${BDB_LIB_NAME} DB_INCLUDES= -I${BDB_INCLUDE_DIR} .else DB_LIBS= DB_INCLUDES= SEDLIST+= -e 's,^(DBMLIB=),\# \1,' .endif SEDLIST+= -e 's,XX_DB_LIBS_XX,${DB_LIBS:S/,/\\,/g},' \ -e 's,XX_DB_INCLUDES_XX,${DB_INCLUDES:S/,/\\,/g},' .if ${PORT_OPTIONS:MLMDB} _LMDB_LIBS= -L${LOCALBASE}/lib -llmdb _LMDB_INCLUDES= -I${LOCALBASE}/include SEDLIST+= -e 's,^\# (EXPERIMENTAL_LMDB=),\1,' .else _LMDB_LIBS= _LMDB_INCLUDES= .endif SEDLIST+= -e 's,XX_LMDB_LIBS_XX,${_LMDB_LIBS:S/,/\\,/g},' \ -e 's,XX_LMDB_INCLUDES_XX,${_LMDB_INCLUDES:S/,/\\,/g},' .if ${PORT_OPTIONS:MMYSQL} SEDLIST+= -e 's,XX_MYSQL_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib/mysql -l${_MYSQL_SHLIB:S/lib//},' \ -e 's,XX_MYSQL_INCLUDE_XX,-I${LOCALBASE:S/,/\\,/g}/include/mysql,' \ -e 's,^\# (LOOKUP_MYSQL=),\1,' .else SEDLIST+= -e 's,XX_MYSQL_[^ ]*_XX,,' .endif .if ${PORT_OPTIONS:MSASLAUTHD} SASLAUTHD_SOCKET?= /var/run/saslauthd/mux SEDLIST+= -e 's,^\# (CYRUS_SASLAUTHD_SOCKET=).*,\1${SASLAUTHD_SOCKET:S/,/\\,/g},' .endif .if ${PORT_OPTIONS:MPAM} SEDLIST+= -e 's,XX_PAM_LIBS_XX,-lpam,' \ -e 's,^\# (SUPPORT_PAM=),\1,' .else SEDLIST+= -e 's,XX_PAM_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MAUTH_CRAM_MD5} SEDLIST+= -e 's,^\# (AUTH_CRAM_MD5=),\1,' .endif .if ${PORT_OPTIONS:MAUTH_PLAINTEXT} SEDLIST+= -e 's,^\# (AUTH_PLAINTEXT=),\1,' .endif .if ${PORT_OPTIONS:MAUTH_DOVECOT} SEDLIST+= -e 's,^\# (AUTH_DOVECOT=),\1,' .endif .if ${PORT_OPTIONS:MAUTH_SPA} SEDLIST+= -e 's,^\# (AUTH_SPA=),\1,' .endif .if ${PORT_OPTIONS:MAUTH_SASL} SEDLIST+= -e 's,^\# (AUTH_CYRUS_SASL=),\1,' \ -e 's,^\# (AUTH_LIBS=.*-lsasl2),\1,' .endif .if ${PORT_OPTIONS:MAUTH_RADIUS} WITH_RADIUS_TYPE?= RADLIB .if ${WITH_RADIUS_TYPE:tl} == radlib SEDLIST+= -e 's,XX_RADIUS_LIBS_XX,-lradius,' \ -e 's,^\# (RADIUS_CONFIG_FILE=).*,\1/etc/radius.conf,' \ -e 's,^\# (RADIUS_LIB_TYPE=).*,\1RADLIB,' .elif ${WITH_RADIUS_TYPE:tl} == radiusclient LIB_DEPENDS+= libfreeradius-client.so:net/freeradius-client SEDLIST+= -e 's,XX_RADIUS_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib -lfreeradius-client,' \ -e 's,^\# (RADIUS_CONFIG_FILE=).*,\1${LOCALBASE:S/,/\\,/g}/etc/radiusclient/radiusclient.conf,' \ -e 's,^\# (RADIUS_LIB_TYPE=).*,\1RADIUSCLIENTNEW,' .else IGNORE= the variable WITH_RADIUS_TYPE must be either RADLIB or RADIUSCLIENT .endif .else SEDLIST+= -e 's,XX_RADIUS_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MPGSQL} SEDLIST+= -e 's,XX_PGSQL_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib -lpq,' \ -e 's,XX_PGSQL_INCLUDE_XX,-I${LOCALBASE:S/,/\\,/g}/include/pgsql,' \ -e 's,^\# (LOOKUP_PGSQL=),\1,' .else SEDLIST+= -e 's,XX_PGSQL_[^ ]*_XX,,' .endif .if ! ${PORT_OPTIONS:MPGSQL} && ! ${PORT_OPTIONS:MMYSQL} && !defined(LDAP_LIB_TYPE) && \ ! ${PORT_OPTIONS:MBDB} && ! ${PORT_OPTIONS:MLMDB} SEDLIST+= -e 's,^(LOOKUP_LIBS=),\# \1,' \ -e 's,^(LOOKUP_INCLUDE=),\# \1,' .endif .if ! ${PORT_OPTIONS:MDNSDB} SEDLIST+= -e 's,^(LOOKUP_DNSDB=),\# \1,' .endif .if ${PORT_OPTIONS:MMAILDIR} SEDLIST+= -e 's,^\# (SUPPORT_MAILDIR=),\1,' .endif .if ${PORT_OPTIONS:MMAILSTORE} SEDLIST+= -e 's,^\# (SUPPORT_MAILSTORE=),\1,' .endif .if ${PORT_OPTIONS:MMBX} SEDLIST+= -e 's,^\# (SUPPORT_MBX=),\1,' .endif .if ${PORT_OPTIONS:MCDB} SEDLIST+= -e 's,^\# (LOOKUP_CDB=),\1,' .endif .if ${PORT_OPTIONS:MDSEARCH} SEDLIST+= -e 's,^\# (LOOKUP_DSEARCH=),\1,' .endif .if ! ${PORT_OPTIONS:MLSEARCH} SEDLIST+= -e 's,^(LOOKUP_LSEARCH=),\# \1,' .endif .if ${PORT_OPTIONS:MNIS} SEDLIST+= -e 's,^\# (LOOKUP_NIS=),\1,' .endif .if ${PORT_OPTIONS:MPASSWD} SEDLIST+= -e 's,^\# (LOOKUP_PASSWD=),\1,' .endif .if ${PORT_OPTIONS:MSQLITE} SEDLIST+= -e 's,XX_SQLITE_LIBS_XX,`pkg-config --static --libs sqlite3`,' \ -e 's,XX_SQLITE_FLAGS_XX,`pkg-config --cflags sqlite3`,' \ -e 's,^\# (LOOKUP_SQLITE=),\1,' .else SEDLIST+= -e 's,XX_SQLITE_LIBS_XX,,' \ -e 's,XX_SQLITE_FLAGS_XX,,' .endif .if ${PORT_OPTIONS:MREDIS} SEDLIST+= -e 's,XX_REDIS_LIBS_XX,-L${LOCALBASE}/lib -lhiredis,' \ -e 's,^\# (LOOKUP_REDIS=),\1,' \ -e 's,^\# (REDIS=),\1,' .else SEDLIST+= -e 's,XX_REDIS_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MLMTP} SEDLIST+= -e 's,^\# (TRANSPORT_LMTP=),\1,' .endif .if ! ${PORT_OPTIONS:MALT_CONFIG_PREFIX} SEDLIST+= -e 's,^(ALT_CONFIG_PREFIX=),\# \1,' .endif .if ${PORT_OPTIONS:MSPF} SEDLIST+= -e 's,XX_SPF_FLAGS_XX,-DSPF,' \ -e 's,XX_SPF_LIBS_XX,-L${LOCALBASE}/lib -lspf2 -lpthread,' \ -e 's,^\# (SUPPORT_SPF=),\1,' .else SEDLIST+= -e 's,XX_SPF_FLAGS_XX,,' \ -e 's,XX_SPF_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MSRS} SEDLIST+= -e 's,XX_SRS_FLAGS_XX,-DSUPPORT_SRS,' \ -e 's,XX_SRS_LIBS_XX,,' .else SEDLIST+= -e 's,XX_SRS_FLAGS_XX,,' \ -e 's,XX_SRS_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MREADLINE} SEDLIST+= -e 's,^\# (USE_READLINE=),\1,' .endif .if ${PORT_OPTIONS:MCONTENT_SCAN} SEDLIST+= -e 's,^\# (WITH_CONTENT_SCAN=),\1,' .endif .if !defined(EXIMON_ONLY) && ${PORT_OPTIONS:MDAEMON} USE_RC_SUBR= exim PLIST_SUB+= EXIMDAEMON="" SUB_LIST+= LOGDIR="${LOGDIR}" .else PLIST_SUB+= EXIMDAEMON="@comment " .endif .if ${PORT_OPTIONS:MIPV6} SEDLIST+= -e 's,^\# (HAVE_IPV6=),\1,' .endif .if ${PORT_OPTIONS:MDISABLE_D_OPT} SEDLIST+= -e 's,^\# (DISABLE_D_OPTION=),\1,' .else .if defined(WHITELIST_D_MACROS) SEDLIST+= -e 's,^\# (WHITELIST_D_MACROS=).*$$,\1${WHITELIST_D_MACROS:S/,/\\,/g},' .endif .endif .if defined(TRUSTED_CONFIG_LIST) SEDLIST+= -e 's,^\# (TRUSTED_CONFIG_LIST=).*$$,\1${TRUSTED_CONFIG_LIST:S/,/\\,/g},' .endif .if ${PORT_OPTIONS:MQUEUEFILE} SEDLIST+= -e 's,^\# (EXPERIMENTAL_QUEUEFILE=),\1,' .endif MAKE_ENV+= INSTALL_ARG="${EXIM_INSTALL_ARG}" DUMMY_LDFLAGS!= ${ECHO_CMD} ${LDFLAGS} | ${SED} -e 's|-Wl,-rpath|-Wl,-DUMMYrpath|g; s|-rpath|-Wl,-rpath|g; s|-DUMMYrpath|-rpath|g' pre-everything:: @${ECHO} 'Exim now drops privileges when alternate configuration' @${ECHO} 'files are used. You can set make variable TRUSTED_CONFIG_LIST' @${ECHO} 'to specify the list of configuration files for which' @${ECHO} 'root privileges will be retained.' @${ECHO} '' @${ECHO} 'You can whitelist some macros using the make variable' @${ECHO} 'WHITELIST_D_MACROS. This is useful if you are running' @${ECHO} 'with DISABLE_D_OPT set, but macros whitelisting will be' @${ECHO} 'removed in some future Exim release, so it is better' @${ECHO} 'to use TRUSTED_CONFIG_LIST to set the list of trusted' @${ECHO} 'configuration files.' .if empty(.MAKEFLAGS:M-s) && ${PORT_OPTIONS:MWISHLIST} @${ECHO} '' @${ECHO} 'Included extra patches:' @${FIND} ${PATCHDIR} -name 'wishlist-*.patch' \ -exec ${SED} -ne 's,^# , ,p' {} \; @${ECHO} '' .endif post-extract: .if ${PORT_OPTIONS:MSA_EXIM} @cd ${WRKDIR} && ${TAR} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/sa-exim-${SA_EXIM_VERSION}.tar.gz ${EXTRACT_AFTER_ARGS} @@${CP} ${WRKDIR}/sa-exim-${SA_EXIM_VERSION}/sa-exim.c ${WRKSRC}/Local @@${CP} ${WRKDIR}/sa-exim-${SA_EXIM_VERSION}/sa-exim.conf ${WRKSRC}/Local .endif do-configure: @${MKDIR} ${WRKSRC}/Local @${SED} -E ${SEDLIST} ${WRKSRC}/src/EDITME > ${WRKSRC}/Local/Makefile .if ${PORT_OPTIONS:MEXIMON} @${CP} ${WRKSRC}/exim_monitor/EDITME ${WRKSRC}/Local/eximon.conf .endif @${REINPLACE_CMD} -E ${SEDLIST} ${WRKSRC}/src/configure.default @${REINPLACE_CMD} -e 's!$$(LDFLAGS)!$$(DUMMY_LDFLAGS) -L$${LOCALBASE}/lib!' ${WRKSRC}/OS/Makefile-Base @${REINPLACE_CMD} -e 's/"(Exim $$version_number)\\n\\t"/"(Exim $$version_number (${OPSYS}))\\n\\t"/' \ ${WRKSRC}/src/globals.c @${REINPLACE_CMD} -e 's/Exim version %s \(#%s \)\{0,1\}/&(${OPSYS} ${OSREL}) /' ${WRKSRC}/src/exim.c @${REINPLACE_CMD} -e 's/^#include "cnumber\.h"$$/${PORTREVISION}/' ${WRKSRC}/src/version.c @${REINPLACE_CMD} -E -e 's/^(PERL_COMMAND=).*/\1${PERL:S,/,\/,g}/' \ -e 's/^(CC=).*/\1${CC:S,/,\/,g}/' ${WRKSRC}/OS/Makefile-Default .if ${PORT_OPTIONS:MSA_EXIM} @${REINPLACE_CMD} -E -e 's/^\# (HAVE_LOCAL_SCAN=).*/\1yes/' \ ${WRKSRC}/OS/Makefile-Default @${REINPLACE_CMD} -E -e 's/^(LOCAL_SCAN_SOURCE=).*/\1Local\/sa-exim.c/' \ ${WRKSRC}/OS/Makefile-Default @{ \ ${ECHO_CMD} "char *version=\"${SA_EXIM_VERSION}\";"; \ ${ECHO_CMD} "#define SPAMC_LOCATION \"${LOCALBASE}/bin/spamc\""; \ ${ECHO_CMD} "#define SPAMASSASSIN_CONF \"${PREFIX}/etc/exim/sa-exim.conf\""; \ } > ${WRKSRC}/Local/sa-exim.h @${REINPLACE_CMD} -e 's,/usr/bin/spamc,${LOCALBASE}/bin/spamc,' \ ${WRKSRC}/Local/sa-exim.conf .endif - @${REINPLACE_CMD} -E -e 's/XX_STRIPCMD_XX/${STRIP_CMD:S,/,\/,g}/' \ - ${WRKSRC}/OS/Makefile-FreeBSD @(cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} configure) post-build: .for script in ${DAILY_SCRIPTS} @${SED} ${SED_SCRIPT} ${FILESDIR}/${script}.sh > ${WRKDIR}/${script}.sh .endfor @${SED} ${SED_SCRIPT} ${FILESDIR}/POST-INSTALL-NOTES > \ ${WRKDIR}/POST-INSTALL-NOTES @${SED} ${SED_SCRIPT} ${FILESDIR}/POST-INSTALL-NOTES.clamd > ${WRKDIR}/POST-INSTALL-NOTES.clamd @${SED} ${SED_SCRIPT} ${FILESDIR}/POST-INSTALL-NOTES > ${WRKDIR}/POST-INSTALL-NOTES @[ ! -f ${PKGDIR}/pkg-message ] || ${SED} ${SED_SCRIPT} ${PKGDIR}/pkg-message > ${WRKDIR}/pkg-message .if !defined(EXIMON_ONLY) post-install: .if ${PORT_OPTIONS:MDAEMON} ${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/daily .for script in ${DAILY_SCRIPTS} ${INSTALL_SCRIPT} ${WRKDIR}/${script}.sh ${STAGEDIR}${PREFIX}/etc/periodic/daily/${script} .endfor .endif @${MKDIR} -m 750 ${STAGEDIR}${LOGDIR} ${INSTALL_MAN} ${WRKSRC}/doc/exim.8 ${STAGEDIR}${MAN8PREFIX}/man/man8 .if ${PORT_OPTIONS:MDOCS} @${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKDIR}/POST-INSTALL-NOTES ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKDIR}/POST-INSTALL-NOTES.clamd ${STAGEDIR}${DOCSDIR} .for docfile in ${PORTDOC_BASE} ${INSTALL_DATA} ${WRKSRC}/${docfile} ${STAGEDIR}${DOCSDIR} .endfor .for docfile in ${PORTDOC_FILES} ${INSTALL_DATA} ${WRKSRC}/doc/${docfile} ${STAGEDIR}${DOCSDIR} .endfor @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} .for example in ${PORT_EXAMPLES} ${INSTALL_SCRIPT} ${WRKSRC}/build-${OPSYS}-${ARCH}/${example} ${STAGEDIR}${EXAMPLESDIR} .endfor .endif .if ${PORT_OPTIONS:MSA_EXIM} ${INSTALL_DATA} ${WRKSRC}/Local/sa-exim.conf \ ${STAGEDIR}${PREFIX}/etc/exim/sa-exim.conf.sample .endif .endif # ! defined(EXIMON_ONLY) .include # If using clang, avoid too many warnings due to Exim code style .if ${CHOSEN_COMPILER_TYPE} == "clang" EXIM_WARN_FLAGS?= -Wno-logical-op-parentheses -Wno-macro-redefined -Wno-parentheses -Wno-dangling-else .endif CFLAGS+= ${EXIM_WARN_FLAGS} .include diff --git a/mail/exim/distinfo b/mail/exim/distinfo index c007834ea4bb..eb6b96ef513f 100644 --- a/mail/exim/distinfo +++ b/mail/exim/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1632918983 -SHA256 (exim/exim-4.95.tar.bz2) = 7f4716cc1b3fee66930d83b249f1c7b119fa1957f6f46e3f4372805cbc97ea63 -SIZE (exim/exim-4.95.tar.bz2) = 2035738 +TIMESTAMP = 1681024359 +SHA256 (exim/exim-4.96.tar.bz2) = c7a413fec601cc44a8f5fe9e5b64cb24a7d133f3a4a976f33741d98ff0ec6b91 +SIZE (exim/exim-4.96.tar.bz2) = 2047632 SHA256 (exim/sa-exim-4.2.1.tar.gz) = 24d4bf7b0fdddaea11f132981cebb6a86a4ab20ef54111a8ebd481b421c6e2c1 SIZE (exim/sa-exim-4.2.1.tar.gz) = 68933 diff --git a/mail/exim/files/debian/75_30-Avoid-calling-gettimeofday-select-per-char-for-cmdli.patch b/mail/exim/files/debian/75_30-Avoid-calling-gettimeofday-select-per-char-for-cmdli.patch deleted file mode 100644 index ac72e532ebea..000000000000 --- a/mail/exim/files/debian/75_30-Avoid-calling-gettimeofday-select-per-char-for-cmdli.patch +++ /dev/null @@ -1,616 +0,0 @@ -From 1843f70b733127fcba3321d9d69359e05905f8cc Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Sat, 16 Oct 2021 00:12:16 +0100 -Subject: [PATCH] Avoid calling gettimeofday(), select() per char for cmdline - message submission. Bug 2819 - -Broken-by: 3c55eef240 ---- - doc/ChangeLog | 4 ++ - src/exim.c | 7 ++- - src/filtertest.c | 16 +++---- - src/functions.h | 4 ++ - src/globals.c | 21 +++++---- - src/globals.h | 3 ++ - src/receive.c | 78 ++++++++++++++++++++++------------ - src/smtp_in.c | 24 ++++++++++- - src/tls-gnu.c | 9 ++++ - src/tls-openssl.c | 8 ++++ - src/transports/autoreply.c | 13 +++--- - 11 files changed, 133 insertions(+), 54 deletions(-) - ---- a/doc/ChangeLog -+++ b/doc/ChangeLog -@@ -1,9 +1,13 @@ - This document describes *changes* to previous versions, that might - affect Exim's operation, with an unchanged configuration file. For new - options, and new features, see the NewStuff file next to this ChangeLog. - -+JH/05 Bug 2819: speed up command-line messages being read in. Previously a -+ time check was being done for every character; replace that with one -+ per buffer. -+ - - Exim version 4.95 - ----------------- - - JH/01 Bug 1329: Fix format of Maildir-format filenames to match other mail- ---- a/src/exim.c -+++ b/src/exim.c -@@ -5382,11 +5382,11 @@ - - if (smtp_input) - { - if (!f.is_inetd) set_process_info("accepting a local %sSMTP message from <%s>", - smtp_batched_input? "batched " : "", -- (sender_address!= NULL)? sender_address : originator_login); -+ sender_address ? sender_address : originator_login); - } - else - { - int old_pool = store_pool; - store_pool = POOL_PERM; -@@ -5432,11 +5432,12 @@ - mac_smtp_fflush(); - exim_exit(EXIT_SUCCESS); - } - } - --/* Otherwise, set up the input size limit here. */ -+/* Otherwise, set up the input size limit here and set no stdin stdio buffer -+(we handle buferring so as to have visibility of fill level). */ - - else - { - thismessage_size_limit = expand_string_integer(message_size_limit, TRUE); - if (expand_string_message) -@@ -5444,10 +5445,12 @@ - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to expand " - "message_size_limit: %s", expand_string_message); - else - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "invalid value for " - "message_size_limit: %s", expand_string_message); -+ -+ setvbuf(stdin, NULL, _IONBF, 0); - } - - /* Loop for several messages when reading SMTP input. If we fork any child - processes, we don't want to wait for them unless synchronous delivery is - requested, so set SIGCHLD to SIG_IGN in that case. This is not necessarily the ---- a/src/filtertest.c -+++ b/src/filtertest.c -@@ -43,15 +43,15 @@ - s = message_body_end; - body_len = 0; - body_linecount = 0; - header_size = message_size; - --if (!dot_ended && !feof(stdin)) -+if (!dot_ended && !stdin_feof()) - { - if (!f.dot_ends) - { -- while ((ch = getc(stdin)) != EOF) -+ while ((ch = stdin_getc(GETC_BUFFER_UNLIMITED)) != EOF) - { - if (ch == 0) body_zerocount++; - if (ch == '\n') body_linecount++; - if (body_len < message_body_visible) message_body[body_len++] = ch; - *s++ = ch; -@@ -60,11 +60,11 @@ - } - } - else - { - int ch_state = 1; -- while ((ch = getc(stdin)) != EOF) -+ while ((ch = stdin_getc(GETC_BUFFER_UNLIMITED)) != EOF) - { - if (ch == 0) body_zerocount++; - switch (ch_state) - { - case 0: /* Normal state */ -@@ -97,10 +97,11 @@ - } - READ_END: ; - } - if (s == message_body_end || s[-1] != '\n') body_linecount++; - } -+debug_printf("%s %d\n", __FUNCTION__, __LINE__); - - message_body[body_len] = 0; - message_body_size = message_size - header_size; - - /* body_len stops at message_body_visible; it if got there, we may have -@@ -248,11 +249,11 @@ - } - - /* For a filter, set up the message_body variables and the message size if this - is the first time this function has been called. */ - --if (message_body == NULL) read_message_body(dot_ended); -+if (!message_body) read_message_body(dot_ended); - - /* Now pass the filter file to the function that interprets it. Because - filter_test is not FILTER_NONE, the interpreter will output comments about what - it is doing. No need to clean up store. Indeed, we must not, because we may be - testing a system filter that is going to be followed by a user filter test. */ -@@ -267,14 +268,13 @@ - f.enable_dollar_recipients = FALSE; - f.system_filtering = FALSE; - } - else - { -- yield = (filter_type == FILTER_SIEVE)? -- sieve_interpret(filebuf, RDO_REWRITE, NULL, NULL, NULL, NULL, &generated, &error) -- : -- filter_interpret(filebuf, RDO_REWRITE, &generated, &error); -+ yield = filter_type == FILTER_SIEVE -+ ? sieve_interpret(filebuf, RDO_REWRITE, NULL, NULL, NULL, NULL, &generated, &error) -+ : filter_interpret(filebuf, RDO_REWRITE, &generated, &error); - } - - return yield != FF_ERROR; - } - ---- a/src/functions.h -+++ b/src/functions.h -@@ -66,10 +66,11 @@ - extern uschar *tls_field_from_dn(uschar *, const uschar *); - extern void tls_free_cert(void **); - extern int tls_getc(unsigned); - extern uschar *tls_getbuf(unsigned *); - extern void tls_get_cache(unsigned); -+extern BOOL tls_hasc(void); - extern BOOL tls_import_cert(const uschar *, void **); - extern BOOL tls_is_name_for_cert(const uschar *, void *); - # ifdef USE_OPENSSL - extern BOOL tls_openssl_options_parse(uschar *, long *); - # endif -@@ -148,10 +149,11 @@ - extern uschar *b64encode(const uschar *, int); - extern uschar *b64encode_taint(const uschar *, int, BOOL); - extern int b64decode(const uschar *, uschar **); - extern int bdat_getc(unsigned); - extern uschar *bdat_getbuf(unsigned *); -+extern BOOL bdat_hasc(void); - extern int bdat_ungetc(int); - extern void bdat_flush_data(void); - - extern void bits_clear(unsigned int *, size_t, int *); - extern void bits_set(unsigned int *, size_t, int *); -@@ -492,10 +494,11 @@ - uschar **, uschar *); - extern BOOL smtp_get_port(uschar *, address_item *, int *, uschar *); - extern int smtp_getc(unsigned); - extern uschar *smtp_getbuf(unsigned *); - extern void smtp_get_cache(unsigned); -+extern BOOL smtp_hasc(void); - extern int smtp_handle_acl_fail(int, int, uschar *, uschar *); - extern void smtp_log_no_mail(void); - extern void smtp_message_code(uschar **, int *, uschar **, uschar **, BOOL); - extern void smtp_proxy_tls(void *, uschar *, size_t, int *, int) NORETURN; - extern BOOL smtp_read_response(void *, uschar *, int, int, int); -@@ -521,10 +524,11 @@ - extern uschar *spool_sender_from_msgid(const uschar *); - extern int spool_write_header(uschar *, int, uschar **); - extern int stdin_getc(unsigned); - extern int stdin_feof(void); - extern int stdin_ferror(void); -+extern BOOL stdin_hasc(void); - extern int stdin_ungetc(int); - - extern void store_exit(void); - extern void store_init(void); - extern void store_writeprotect(int); ---- a/src/globals.c -+++ b/src/globals.c -@@ -169,20 +169,23 @@ - /* Input-reading functions for messages, so we can use special ones for - incoming TCP/IP. The defaults use stdin. We never need these for any - stand-alone tests. */ - - #if !defined(STAND_ALONE) && !defined(MACRO_PREDEF) --int (*lwr_receive_getc)(unsigned) = stdin_getc; -+int (*lwr_receive_getc)(unsigned) = stdin_getc; - uschar * (*lwr_receive_getbuf)(unsigned *) = NULL; --int (*lwr_receive_ungetc)(int) = stdin_ungetc; --int (*receive_getc)(unsigned) = stdin_getc; --uschar * (*receive_getbuf)(unsigned *) = NULL; --void (*receive_get_cache)(unsigned) = NULL; --int (*receive_ungetc)(int) = stdin_ungetc; --int (*receive_feof)(void) = stdin_feof; --int (*receive_ferror)(void) = stdin_ferror; --BOOL (*receive_smtp_buffered)(void) = NULL; /* Only used for SMTP */ -+int (*lwr_receive_ungetc)(int) = stdin_ungetc; -+BOOL (*lwr_receive_hasc)(void) = stdin_hasc; -+ -+int (*receive_getc)(unsigned) = stdin_getc; -+uschar * (*receive_getbuf)(unsigned *) = NULL; -+void (*receive_get_cache)(unsigned) = NULL; -+BOOL (*receive_hasc)(void) = stdin_hasc; -+int (*receive_ungetc)(int) = stdin_ungetc; -+int (*receive_feof)(void) = stdin_feof; -+int (*receive_ferror)(void) = stdin_ferror; -+BOOL (*receive_smtp_buffered)(void) = NULL; /* Only used for SMTP */ - #endif - - - /* List of per-address expansion variables for clearing and saving/restoring - when verifying one address while routing/verifying another. We have to have ---- a/src/globals.h -+++ b/src/globals.h -@@ -159,13 +159,16 @@ - /* Input-reading functions for messages, so we can use special ones for - incoming TCP/IP. */ - - extern int (*lwr_receive_getc)(unsigned); - extern uschar * (*lwr_receive_getbuf)(unsigned *); -+extern BOOL (*lwr_receive_hasc)(void); - extern int (*lwr_receive_ungetc)(int); -+ - extern int (*receive_getc)(unsigned); - extern uschar * (*receive_getbuf)(unsigned *); -+extern BOOL (*receive_hasc)(void); - extern void (*receive_get_cache)(unsigned); - extern int (*receive_ungetc)(int); - extern int (*receive_feof)(void); - extern int (*receive_ferror)(void); - extern BOOL (*receive_smtp_buffered)(void); ---- a/src/receive.c -+++ b/src/receive.c -@@ -42,46 +42,75 @@ - /* These are the default functions that are set up in the variables such as - receive_getc initially. They just call the standard functions, passing stdin as - the file. (When SMTP input is occurring, different functions are used by - changing the pointer variables.) */ - -+uschar stdin_buf[4096]; -+uschar * stdin_inptr = stdin_buf; -+uschar * stdin_inend = stdin_buf; -+ -+static BOOL -+stdin_refill(void) -+{ -+size_t rc = fread(stdin_buf, 1, sizeof(stdin_buf), stdin); -+if (rc <= 0) -+ { -+ if (had_data_timeout) -+ { -+ fprintf(stderr, "exim: timed out while reading - message abandoned\n"); -+ log_write(L_lost_incoming_connection, -+ LOG_MAIN, "timed out while reading local message"); -+ receive_bomb_out(US"data-timeout", NULL); /* Does not return */ -+ } -+ if (had_data_sigint) -+ { -+ if (filter_test == FTEST_NONE) -+ { -+ fprintf(stderr, "\nexim: %s received - message abandoned\n", -+ had_data_sigint == SIGTERM ? "SIGTERM" : "SIGINT"); -+ log_write(0, LOG_MAIN, "%s received while reading local message", -+ had_data_sigint == SIGTERM ? "SIGTERM" : "SIGINT"); -+ } -+ receive_bomb_out(US"signal-exit", NULL); /* Does not return */ -+ } -+ return FALSE; -+ } -+stdin_inend = stdin_buf + rc; -+stdin_inptr = stdin_buf; -+return TRUE; -+} -+ - int - stdin_getc(unsigned lim) - { --int c = getc(stdin); -+if (stdin_inptr >= stdin_inend) -+ if (!stdin_refill()) -+ return EOF; -+return *stdin_inptr++; -+} - --if (had_data_timeout) -- { -- fprintf(stderr, "exim: timed out while reading - message abandoned\n"); -- log_write(L_lost_incoming_connection, -- LOG_MAIN, "timed out while reading local message"); -- receive_bomb_out(US"data-timeout", NULL); /* Does not return */ -- } --if (had_data_sigint) -- { -- if (filter_test == FTEST_NONE) -- { -- fprintf(stderr, "\nexim: %s received - message abandoned\n", -- had_data_sigint == SIGTERM ? "SIGTERM" : "SIGINT"); -- log_write(0, LOG_MAIN, "%s received while reading local message", -- had_data_sigint == SIGTERM ? "SIGTERM" : "SIGINT"); -- } -- receive_bomb_out(US"signal-exit", NULL); /* Does not return */ -- } --return c; -+ -+BOOL -+stdin_hasc(void) -+{ -+return stdin_inptr < stdin_inend; - } - - int - stdin_ungetc(int c) - { --return ungetc(c, stdin); -+if (stdin_inptr <= stdin_buf) -+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in stdin_ungetc"); -+ -+*--stdin_inptr = c; -+return c; - } - - int - stdin_feof(void) - { --return feof(stdin); -+return stdin_hasc() ? FALSE : feof(stdin); - } - - int - stdin_ferror(void) - { -@@ -586,11 +615,11 @@ - the file copy. */ - - static void - log_close_chk(void) - { --if (!receive_timeout) -+if (!receive_timeout && !receive_hasc()) - { - struct timeval t; - timesince(&t, &received_time); - if (t.tv_sec > 30*60) - mainlog_close(); -@@ -652,15 +681,10 @@ - - if (!f.dot_ends) - { - int last_ch = '\n'; - --/*XXX we do a gettimeofday before checking for every received char, --which is hardly clever. The function-indirection doesn't help, but --an additional function to check for nonempty read buffer would help. --See stdin_getc() / smtp_getc() / tls_getc() / bdat_getc(). */ -- - for ( ; - log_close_chk(), (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF; - last_ch = ch) - { - if (ch == 0) body_zerocount++; ---- a/src/smtp_in.c -+++ b/src/smtp_in.c -@@ -561,10 +561,16 @@ - if (!smtp_refill(lim)) - return EOF; - return *smtp_inptr++; - } - -+BOOL -+smtp_hasc(void) -+{ -+return smtp_inptr < smtp_inend; -+} -+ - uschar * - smtp_getbuf(unsigned * len) - { - unsigned size; - uschar * buf; -@@ -743,10 +749,18 @@ - } - } - } - } - -+BOOL -+bdat_hasc(void) -+{ -+if (chunking_data_left > 0) -+ return lwr_receive_hasc(); -+return TRUE; -+} -+ - uschar * - bdat_getbuf(unsigned * len) - { - uschar * buf; - -@@ -782,40 +796,44 @@ - bdat_push_receive_functions(void) - { - /* push the current receive_* function on the "stack", and - replace them by bdat_getc(), which in turn will use the lwr_receive_* - functions to do the dirty work. */ --if (lwr_receive_getc == NULL) -+if (!lwr_receive_getc) - { - lwr_receive_getc = receive_getc; - lwr_receive_getbuf = receive_getbuf; -+ lwr_receive_hasc = receive_hasc; - lwr_receive_ungetc = receive_ungetc; - } - else - { - DEBUG(D_receive) debug_printf("chunking double-push receive functions\n"); - } - - receive_getc = bdat_getc; - receive_getbuf = bdat_getbuf; -+receive_hasc = bdat_hasc; - receive_ungetc = bdat_ungetc; - } - - static inline void - bdat_pop_receive_functions(void) - { --if (lwr_receive_getc == NULL) -+if (!lwr_receive_getc) - { - DEBUG(D_receive) debug_printf("chunking double-pop receive functions\n"); - return; - } - receive_getc = lwr_receive_getc; - receive_getbuf = lwr_receive_getbuf; -+receive_hasc = lwr_receive_hasc; - receive_ungetc = lwr_receive_ungetc; - - lwr_receive_getc = NULL; - lwr_receive_getbuf = NULL; -+lwr_receive_hasc = NULL; - lwr_receive_ungetc = NULL; - } - - /************************************************* - * SMTP version of ungetc() * -@@ -2574,16 +2592,18 @@ - smtp_inbuffer[IN_BUFFER_SIZE-1] = '\0'; - - receive_getc = smtp_getc; - receive_getbuf = smtp_getbuf; - receive_get_cache = smtp_get_cache; -+receive_hasc = smtp_hasc; - receive_ungetc = smtp_ungetc; - receive_feof = smtp_feof; - receive_ferror = smtp_ferror; - receive_smtp_buffered = smtp_buffered; - lwr_receive_getc = NULL; - lwr_receive_getbuf = NULL; -+lwr_receive_hasc = NULL; - lwr_receive_ungetc = NULL; - smtp_inptr = smtp_inend = smtp_inbuffer; - smtp_had_eof = smtp_had_error = 0; - - /* Set up the message size limit; this may be host-specific */ ---- a/src/tls-gnu.c -+++ b/src/tls-gnu.c -@@ -3136,10 +3136,11 @@ - state->xfer_buffer = store_malloc(ssl_xfer_buffer_size); - - receive_getc = tls_getc; - receive_getbuf = tls_getbuf; - receive_get_cache = tls_get_cache; -+receive_hasc = tls_hasc; - receive_ungetc = tls_ungetc; - receive_feof = tls_feof; - receive_ferror = tls_ferror; - receive_smtp_buffered = tls_smtp_buffered; - -@@ -3738,10 +3739,11 @@ - if (!ct_ctx) /* server */ - { - receive_getc = smtp_getc; - receive_getbuf = smtp_getbuf; - receive_get_cache = smtp_get_cache; -+ receive_hasc = smtp_hasc; - receive_ungetc = smtp_ungetc; - receive_feof = smtp_feof; - receive_ferror = smtp_ferror; - receive_smtp_buffered = smtp_buffered; - } -@@ -3852,10 +3854,17 @@ - /* Something in the buffer; return next uschar */ - - return state->xfer_buffer[state->xfer_buffer_lwm++]; - } - -+BOOL -+tls_hasc(void) -+{ -+exim_gnutls_state_st * state = &state_server; -+return state->xfer_buffer_lwm < state->xfer_buffer_hwm; -+} -+ - uschar * - tls_getbuf(unsigned * len) - { - exim_gnutls_state_st * state = &state_server; - unsigned size; ---- a/src/tls-openssl.c -+++ b/src/tls-openssl.c -@@ -3348,10 +3348,11 @@ - ssl_xfer_eof = ssl_xfer_error = FALSE; - - receive_getc = tls_getc; - receive_getbuf = tls_getbuf; - receive_get_cache = tls_get_cache; -+receive_hasc = tls_hasc; - receive_ungetc = tls_ungetc; - receive_feof = tls_feof; - receive_ferror = tls_ferror; - receive_smtp_buffered = tls_smtp_buffered; - -@@ -4124,10 +4125,16 @@ - /* Something in the buffer; return next uschar */ - - return ssl_xfer_buffer[ssl_xfer_buffer_lwm++]; - } - -+BOOL -+tls_hasc(void) -+{ -+return ssl_xfer_buffer_lwm < ssl_xfer_buffer_hwm; -+} -+ - uschar * - tls_getbuf(unsigned * len) - { - unsigned size; - uschar * buf; -@@ -4413,10 +4420,11 @@ - #endif - - receive_getc = smtp_getc; - receive_getbuf = smtp_getbuf; - receive_get_cache = smtp_get_cache; -+ receive_hasc = smtp_hasc; - receive_ungetc = smtp_ungetc; - receive_feof = smtp_feof; - receive_ferror = smtp_ferror; - receive_smtp_buffered = smtp_buffered; - tls_in.active.tls_ctx = NULL; ---- a/src/transports/autoreply.c -+++ b/src/transports/autoreply.c -@@ -644,10 +644,11 @@ - if (text[Ustrlen(text)-1] != '\n') fprintf(fp, "\n"); - } - - if (ff) - { -+debug_printf("%s %d: ff\n", __FUNCTION__, __LINE__); - while (Ufgets(big_buffer, big_buffer_size, ff) != NULL) - { - if (file_expand) - { - uschar *s = expand_string(big_buffer); -@@ -667,16 +668,16 @@ - /* Copy the original message if required, observing the return size - limit if we are returning the body. */ - - if (return_message) - { -- uschar *rubric = (tblock->headers_only)? -- US"------ This is a copy of the message's header lines.\n" -- : (tblock->body_only)? -- US"------ This is a copy of the body of the message, without the headers.\n" -- : -- US"------ This is a copy of the message, including all the headers.\n"; -+debug_printf("%s %d: ret msg\n", __FUNCTION__, __LINE__); -+ uschar *rubric = tblock->headers_only -+ ? US"------ This is a copy of the message's header lines.\n" -+ : tblock->body_only -+ ? US"------ This is a copy of the body of the message, without the headers.\n" -+ : US"------ This is a copy of the message, including all the headers.\n"; - transport_ctx tctx = { - .u = {.fd = fileno(fp)}, - .tblock = tblock, - .addr = addr, - .check_string = NULL, diff --git a/mail/exim/files/debian/75_32-Fix-PAM-auth.-Bug-2813.patch b/mail/exim/files/debian/75_32-Fix-PAM-auth.-Bug-2813.patch deleted file mode 100644 index 537bfed558d7..000000000000 --- a/mail/exim/files/debian/75_32-Fix-PAM-auth.-Bug-2813.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 51be321b27825c01829dffd90f11bfff256f7e42 Mon Sep 17 00:00:00 2001 -From: Adam Lackorzynski -Date: Sat, 16 Oct 2021 16:30:07 +0100 -Subject: [PATCH] Fix PAM auth. Bug 2813 - ---- - src/auths/call_pam.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/auths/call_pam.c b/src/auths/call_pam.c -index 80bb23ec3..03b9be1a8 100644 ---- a/src/auths/call_pam.c -+++ b/src/auths/call_pam.c -@@ -88,7 +88,7 @@ for (int i = 0; i < num_msg; i++) - arg = US""; - pam_arg_ended = TRUE; - } -- reply[i].resp = CS string_copy_malloc(arg); /* PAM frees resp */ -+ reply[i].resp = strdup(CCS arg); /* Use libc malloc, PAM frees resp directly*/ - reply[i].resp_retcode = PAM_SUCCESS; - break; - --- -2.34.1 - diff --git a/mail/exim/files/debian/75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch b/mail/exim/files/debian/75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch deleted file mode 100644 index c226354d5e8e..000000000000 --- a/mail/exim/files/debian/75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch +++ /dev/null @@ -1,42 +0,0 @@ -From df618101a5ea15dc90c4a2968798ef2be9dba16f Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Mon, 18 Oct 2021 11:01:47 +0100 -Subject: [PATCH] Exiqgrep: check arg parsing. Bug 2821 - ---- - src/exiqgrep.src | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/exiqgrep.src b/src/exiqgrep.src -index c8762df47..04602da68 100644 ---- a/src/exiqgrep.src -+++ b/src/exiqgrep.src -@@ -53,12 +53,14 @@ if ($ARGV[0] eq '--version') { - exit 0; - } - --getopts('hf:r:y:o:s:C:zxlibRcaG:',\%opt); --if ($ARGV[0]) { &help; exit;} --if ($opt{h}) { &help; exit;} -+if (!getopts('hf:r:y:o:s:C:zxlibRcaG:E:',\%opt)) { &help; exit; } -+if ($opt{h}) { &help; exit; } -+if ($ARGV[0] || !($opt{f} || $opt{r} || $opt{s} || $opt{y} || $opt{o} || $opt{z} || $opt{x} || $opt{c})) -+ { &help; exit(1); } - if ($opt{a}) { $eargs = '-bp'; } - if ($opt{C} && -e $opt{C} && -f $opt{C} && -R $opt{C}) { $eargs .= ' -C '.$opt{C}; } - if ($opt{G}) { $eargs .= ' -qG'.$opt{G}; } -+if ($opt{E}) { $exim = $opt{E}; } - - # Read message queue output into hash - &collect(); -@@ -75,6 +77,7 @@ Exim message queue display utility. - - -h This help message. - -C Specify which exim.conf to use. -+ -E Specify exim binary to use. - - Selection criteria: - -f Match sender address sender (field is "< >" wrapped) --- -2.34.1 - diff --git a/mail/exim/files/debian/75_38-Convert-all-uses-of-select-to-poll.-Bug-2831.patch b/mail/exim/files/debian/75_38-Convert-all-uses-of-select-to-poll.-Bug-2831.patch deleted file mode 100644 index 93c99a4ef8f2..000000000000 --- a/mail/exim/files/debian/75_38-Convert-all-uses-of-select-to-poll.-Bug-2831.patch +++ /dev/null @@ -1,931 +0,0 @@ -From dd19ce4f24eec64177cdcfcf294b8efbb631a24b Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Wed, 17 Nov 2021 17:19:54 +0000 -Subject: [PATCH] select() -> poll(). Bug 2831 - ---- - doc/ChangeLog | 8 +++ - src/daemon.c | 126 +++++++++++++++++++------------------- - src/deliver.c | 54 ++++++++-------- - src/exim.c | 9 +-- - src/expand.c | 6 +- - src/functions.h | 7 +++ - src/ip.c | 12 +--- - src/malware.c | 6 +- - src/receive.c | 15 +---- - src/smtp_in.c | 18 +----- - src/spam.c | 42 ++++--------- - src/transport.c | 4 +- - src/transports/smtp.c | 37 ++++------- - 13 files changed, 142 insertions(+), 202 deletions(-) - -diff --git a/doc/ChangeLog b/doc/ChangeLog -index 7f6814d5e..58996c3f8 100644 ---- a/doc/ChangeLog -+++ b/doc/ChangeLog -@@ -40,6 +40,14 @@ JH/09 Fix macro-definition during "-be" expansion testing. The move to - write-protected store for macros had not accounted for these runtime - additions; fix by removing this protection for "-be" mode. - -+JH/10 Convert all uses of select() to poll(). FreeBSD 12.2 was found to be -+ handing out large-numbered file descriptors, violating the usual Unix -+ assumption (and required by Posix) that the lowest possible number will be -+ allocated by the kernel when a new one is needed. In the daemon, and any -+ child procesees, values higher than 1024 (being bigger than FD_SETSIZE) -+ are not useable for FD_SET() [and hence select()] and overwrite the stack. -+ Assorted crashes happen. -+ - - Exim version 4.95 - ----------------- -diff --git a/src/daemon.c b/src/daemon.c -index 0b8d5d595..a248a4f40 100644 ---- a/src/daemon.c -+++ b/src/daemon.c -@@ -87,7 +87,7 @@ sigchld_seen = TRUE; - } - - --/* SIGTERM handler. Try to get the damon pif file removed -+/* SIGTERM handler. Try to get the damon pid file removed - before exiting. */ - - static void -@@ -141,7 +141,7 @@ Uunlink(s); - - static void - close_daemon_sockets(int daemon_notifier_fd, -- int * listen_sockets, int listen_socket_count) -+ struct pollfd * fd_polls, int listen_socket_count) - { - if (daemon_notifier_fd >= 0) - { -@@ -152,7 +152,7 @@ if (daemon_notifier_fd >= 0) - #endif - } - --for (int i = 0; i < listen_socket_count; i++) (void) close(listen_sockets[i]); -+for (int i = 0; i < listen_socket_count; i++) (void) close(fd_polls[i].fd); - } - - -@@ -167,7 +167,7 @@ is required so that they can be closed in the sub-process. Take care not to - leak store in this process - reset the stacking pool at the end. - - Arguments: -- listen_sockets sockets which are listening for incoming calls -+ fd_polls sockets which are listening for incoming calls - listen_socket_count count of listening sockets - accept_socket socket of the current accepted call - accepted socket information about the current call -@@ -176,7 +176,7 @@ Returns: nothing - */ - - static void --handle_smtp_call(int *listen_sockets, int listen_socket_count, -+handle_smtp_call(struct pollfd *fd_polls, int listen_socket_count, - int accept_socket, struct sockaddr *accepted) - { - pid_t pid; -@@ -459,7 +459,7 @@ if (pid == 0) - extensive comment before the reception loop in exim.c for a fuller - explanation of this logic. */ - -- close_daemon_sockets(daemon_notifier_fd, listen_sockets, listen_socket_count); -+ close_daemon_sockets(daemon_notifier_fd, fd_polls, listen_socket_count); - - /* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes - to be able to communicate with them, under any circumstances. */ -@@ -1305,13 +1305,6 @@ return FALSE; - - - --static void --add_listener_socket(int fd, fd_set * fds, int * fd_max) --{ --FD_SET(fd, fds); --if (fd > *fd_max) *fd_max = fd; --} -- - /************************************************* - * Exim Daemon Mainline * - *************************************************/ -@@ -1339,9 +1332,8 @@ void - daemon_go(void) - { - struct passwd * pw; --int * listen_sockets = NULL; --int listen_socket_count = 0, listen_fd_max = 0; --fd_set select_listen; -+struct pollfd * fd_polls, * tls_watch_poll = NULL, * dnotify_poll = NULL; -+int listen_socket_count = 0, poll_fd_count; - ip_address_item * addresses = NULL; - time_t last_connection_time = (time_t)0; - int local_queue_run_max = atoi(CS expand_string(queue_run_max)); -@@ -1353,17 +1345,21 @@ debugging lines get the pid added. */ - - DEBUG(D_any|D_v) debug_selector |= D_pid; - --FD_ZERO(&select_listen); -+/* Allocate enough pollstructs for inetd mode plus the ancillary sockets; -+also used when there are no listen sockets. */ -+ -+fd_polls = store_get(sizeof(struct pollfd) * 3, FALSE); -+ - if (f.inetd_wait_mode) - { - listen_socket_count = 1; -- listen_sockets = store_get(sizeof(int), FALSE); - (void) close(3); - if (dup2(0, 3) == -1) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, - "failed to dup inetd socket safely away: %s", strerror(errno)); - -- listen_sockets[0] = 3; -+ fd_polls[0].fd = 3; -+ fd_polls[0].events = POLLIN; - (void) close(0); - (void) close(1); - (void) close(2); -@@ -1390,9 +1386,6 @@ if (f.inetd_wait_mode) - if (setsockopt(3, IPPROTO_TCP, TCP_NODELAY, US &on, sizeof(on))) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to set socket NODELAY: %s", - strerror(errno)); -- -- FD_SET(3, &select_listen); -- listen_fd_max = 3; - } - - -@@ -1686,11 +1679,16 @@ if (f.daemon_listen && !f.inetd_wait_mode) - } - } - -- /* Get a vector to remember all the sockets in */ -+ /* Get a vector to remember all the sockets in. -+ Two extra elements for the ancillary sockets */ - - for (ipa = addresses; ipa; ipa = ipa->next) - listen_socket_count++; -- listen_sockets = store_get(sizeof(int) * listen_socket_count, FALSE); -+ fd_polls = store_get(sizeof(struct pollfd) * (listen_socket_count + 2), -+ FALSE); -+ for (struct pollfd * p = fd_polls; p < fd_polls + listen_socket_count + 2; -+ p++) -+ { p->fd = -1; p->events = POLLIN; } - - } /* daemon_listen but not inetd_wait_mode */ - -@@ -1795,7 +1793,7 @@ if (f.daemon_listen && !f.inetd_wait_mode) - wildcard = ipa->address[0] == 0; - } - -- if ((listen_sockets[sk] = fd = ip_socket(SOCK_STREAM, af)) < 0) -+ if ((fd_polls[sk].fd = fd = ip_socket(SOCK_STREAM, af)) < 0) - { - if (check_special_case(0, addresses, ipa, FALSE)) - { -@@ -1804,7 +1802,7 @@ if (f.daemon_listen && !f.inetd_wait_mode) - goto SKIP_SOCKET; - } - log_write(0, LOG_PANIC_DIE, "IPv%c socket creation failed: %s", -- (af == AF_INET6)? '6' : '4', strerror(errno)); -+ af == AF_INET6 ? '6' : '4', strerror(errno)); - } - - /* If this is an IPv6 wildcard socket, set IPV6_V6ONLY if that option is -@@ -1903,8 +1901,7 @@ if (f.daemon_listen && !f.inetd_wait_mode) - f.tcp_fastopen_ok = FALSE; - } - #endif -- -- add_listener_socket(fd, &select_listen, &listen_fd_max); -+ fd_polls[sk].fd = fd; - continue; - } - -@@ -2187,14 +2184,21 @@ tls_daemon_init(); - - /* Add ancillary sockets to the set for select */ - -+poll_fd_count = listen_socket_count; - #ifndef DISABLE_TLS - if (tls_watch_fd >= 0) -- add_listener_socket(tls_watch_fd, &select_listen, &listen_fd_max); -+ { -+ tls_watch_poll = &fd_polls[poll_fd_count++]; -+ tls_watch_poll->fd = tls_watch_fd; -+ tls_watch_poll->events = POLLIN; -+ } - #endif - if (daemon_notifier_fd >= 0) -- add_listener_socket(daemon_notifier_fd, &select_listen, &listen_fd_max); -- --listen_fd_max++; -+ { -+ dnotify_poll = &fd_polls[poll_fd_count++]; -+ dnotify_poll->fd = daemon_notifier_fd; -+ dnotify_poll->events = POLLIN; -+ } - - /* Close the log so it can be renamed and moved. In the few cases below where - this long-running process writes to the log (always exceptional conditions), it -@@ -2293,7 +2297,7 @@ for (;;) - /* Close any open listening sockets in the child */ - - close_daemon_sockets(daemon_notifier_fd, -- listen_sockets, listen_socket_count); -+ fd_polls, listen_socket_count); - - /* Reset SIGHUP and SIGCHLD in the child in both cases. */ - -@@ -2421,9 +2425,8 @@ for (;;) - - if (f.daemon_listen) - { -- int check_lsk = 0, lcount; -+ int lcount; - BOOL select_failed = FALSE; -- fd_set fds = select_listen; - - DEBUG(D_any) debug_printf("Listening...\n"); - -@@ -2440,8 +2443,7 @@ for (;;) - errno = EINTR; - } - else -- lcount = select(listen_fd_max, (SELECT_ARG2_TYPE *)&fds, -- NULL, NULL, NULL); -+ lcount = poll(fd_polls, poll_fd_count, -1); - - if (lcount < 0) - { -@@ -2461,15 +2463,15 @@ for (;;) - handle_ending_processes(); - - #ifndef DISABLE_TLS -+ { -+ int old_tfd; - /* Create or rotate any required keys; handle (delayed) filewatch event */ -- for (int old_tfd = tls_daemon_tick(); old_tfd >= 0; ) -- { -- FD_CLR(old_tfd, &select_listen); -- if (old_tfd == listen_fd_max - 1) listen_fd_max = old_tfd; -- if (tls_watch_fd >= 0) -- add_listener_socket(tls_watch_fd, &select_listen, &listen_fd_max); -- break; -- } -+ -+ if ((old_tfd = tls_daemon_tick()) >= 0) -+ for (struct pollfd * p = &fd_polls[listen_socket_count]; -+ p < fd_polls + poll_fd_count; p++) -+ if (p->fd == old_tfd) { p->fd = tls_watch_fd ; break; } -+ } - #endif - errno = select_errno; - } -@@ -2490,22 +2492,23 @@ for (;;) - if (!select_failed) - { - #if !defined(DISABLE_TLS) && (defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)) -- if (tls_watch_fd >= 0 && FD_ISSET(tls_watch_fd, &fds)) -+ if (tls_watch_poll && tls_watch_poll->revents & POLLIN) - { -+ tls_watch_poll->revents = 0; - tls_watch_trigger_time = time(NULL); /* Set up delayed event */ - tls_watch_discard_event(tls_watch_fd); - break; /* to top of daemon loop */ - } - #endif -- if (daemon_notifier_fd >= 0 && FD_ISSET(daemon_notifier_fd, &fds)) -+ if (dnotify_poll && dnotify_poll->revents & POLLIN) - { -+ dnotify_poll->revents = 0; - sigalrm_seen = daemon_notification(); - break; /* to top of daemon loop */ - } -- while (check_lsk < listen_socket_count) -- { -- int lfd = listen_sockets[check_lsk++]; -- if (FD_ISSET(lfd, &fds)) -+ for (struct pollfd * p = fd_polls; p < fd_polls + listen_socket_count; -+ p++) -+ if (p->revents & POLLIN) - { - EXIM_SOCKLEN_T alen = sizeof(accepted); - #ifdef TCP_INFO -@@ -2516,23 +2519,23 @@ for (;;) - - smtp_listen_backlog = 0; - if ( smtp_backlog_monitor > 0 -- && getsockopt(lfd, IPPROTO_TCP, TCP_INFO, &ti, &tlen) == 0) -+ && getsockopt(p->fd, IPPROTO_TCP, TCP_INFO, &ti, &tlen) == 0) - { - # ifdef EXIM_HAVE_TCPI_UNACKED - DEBUG(D_interface) debug_printf("listen fd %d queue max %u curr %u\n", -- lfd, ti.tcpi_sacked, ti.tcpi_unacked); -+ p->fd, ti.tcpi_sacked, ti.tcpi_unacked); - smtp_listen_backlog = ti.tcpi_unacked; - # elif defined(__FreeBSD__) /* This does not work. Investigate kernel sourcecode. */ - DEBUG(D_interface) debug_printf("listen fd %d queue max %u curr %u\n", -- lfd, ti.__tcpi_sacked, ti.__tcpi_unacked); -+ p->fd, ti.__tcpi_sacked, ti.__tcpi_unacked); - smtp_listen_backlog = ti.__tcpi_unacked; - # endif - } - #endif -- accept_socket = accept(lfd, (struct sockaddr *)&accepted, &alen); -+ p->revents = 0; -+ accept_socket = accept(p->fd, (struct sockaddr *)&accepted, &alen); - break; - } -- } - } - - /* If select or accept has failed and this was not caused by an -@@ -2591,7 +2594,7 @@ for (;;) - #endif - if (inetd_wait_timeout) - last_connection_time = time(NULL); -- handle_smtp_call(listen_sockets, listen_socket_count, accept_socket, -+ handle_smtp_call(fd_polls, listen_socket_count, accept_socket, - (struct sockaddr *)&accepted); - } - } -@@ -2606,10 +2609,8 @@ for (;;) - - else - { -- struct timeval tv; -- tv.tv_sec = queue_interval; -- tv.tv_usec = 0; -- select(0, NULL, NULL, NULL, &tv); -+ struct pollfd p; -+ poll(&p, 0, queue_interval * 1000); - handle_ending_processes(); - } - -@@ -2634,8 +2635,7 @@ for (;;) - { - log_write(0, LOG_MAIN, "pid %d: SIGHUP received: re-exec daemon", - getpid()); -- close_daemon_sockets(daemon_notifier_fd, -- listen_sockets, listen_socket_count); -+ close_daemon_sockets(daemon_notifier_fd, fd_polls, listen_socket_count); - ALARM_CLR(0); - signal(SIGHUP, SIG_IGN); - sighup_argv[0] = exim_path; -diff --git a/src/deliver.c b/src/deliver.c -index 4594c4a1d..8aad811c6 100644 ---- a/src/deliver.c -+++ b/src/deliver.c -@@ -74,6 +74,7 @@ static BOOL update_spool; - static BOOL remove_journal; - static int parcount = 0; - static pardata *parlist = NULL; -+static struct pollfd *parpoll; - static int return_count; - static uschar *frozen_info = US""; - static uschar *used_return_path = NULL; -@@ -3306,7 +3307,7 @@ BOOL done = p->done; - - /* Loop through all items, reading from the pipe when necessary. The pipe - used to be non-blocking. But I do not see a reason for using non-blocking I/O --here, as the preceding select() tells us, if data is available for reading. -+here, as the preceding poll() tells us, if data is available for reading. - - A read() on a "selected" handle should never block, but(!) it may return - less data then we expected. (The buffer size we pass to read() shouldn't be -@@ -3840,7 +3841,7 @@ static address_item * - par_wait(void) - { - int poffset, status; --address_item *addr, *addrlist; -+address_item * addr, * addrlist; - pid_t pid; - - set_process_info("delivering %s: waiting for a remote delivery subprocess " -@@ -3850,18 +3851,18 @@ set_process_info("delivering %s: waiting for a remote delivery subprocess " - existence - in which case give an error return. We cannot proceed just by - waiting for a completion, because a subprocess may have filled up its pipe, and - be waiting for it to be emptied. Therefore, if no processes have finished, we --wait for one of the pipes to acquire some data by calling select(), with a -+wait for one of the pipes to acquire some data by calling poll(), with a - timeout just in case. - - The simple approach is just to iterate after reading data from a ready pipe. - This leads to non-ideal behaviour when the subprocess has written its final Z - item, closed the pipe, and is in the process of exiting (the common case). A --call to waitpid() yields nothing completed, but select() shows the pipe ready - -+call to waitpid() yields nothing completed, but poll() shows the pipe ready - - reading it yields EOF, so you end up with busy-waiting until the subprocess has - actually finished. - - To avoid this, if all the data that is needed has been read from a subprocess --after select(), an explicit wait() for it is done. We know that all it is doing -+after poll(), an explicit wait() for it is done. We know that all it is doing - is writing to the pipe and then exiting, so the wait should not be long. - - The non-blocking waitpid() is to some extent just insurance; if we could -@@ -3881,9 +3882,7 @@ for (;;) /* Normally we do not repeat this loop */ - { - while ((pid = waitpid(-1, &status, WNOHANG)) <= 0) - { -- struct timeval tv; -- fd_set select_pipes; -- int maxpipe, readycount; -+ int readycount; - - /* A return value of -1 can mean several things. If errno != ECHILD, it - either means invalid options (which we discount), or that this process was -@@ -3907,7 +3906,7 @@ for (;;) /* Normally we do not repeat this loop */ - subprocesses are still in existence. If kill() gives an OK return, we know - it must be for one of our processes - it can't be for a re-use of the pid, - because if our process had finished, waitpid() would have found it. If any -- of our subprocesses are in existence, we proceed to use select() as if -+ of our subprocesses are in existence, we proceed to use poll() as if - waitpid() had returned zero. I think this is safe. */ - - if (pid < 0) -@@ -3931,7 +3930,7 @@ for (;;) /* Normally we do not repeat this loop */ - if (poffset >= remote_max_parallel) - { - DEBUG(D_deliver) debug_printf("*** no delivery children found\n"); -- return NULL; /* This is the error return */ -+ return NULL; /* This is the error return */ - } - } - -@@ -3940,28 +3939,23 @@ for (;;) /* Normally we do not repeat this loop */ - subprocess, but there are no completed subprocesses. See if any pipes are - ready with any data for reading. */ - -- DEBUG(D_deliver) debug_printf("selecting on subprocess pipes\n"); -+ DEBUG(D_deliver) debug_printf("polling subprocess pipes\n"); - -- maxpipe = 0; -- FD_ZERO(&select_pipes); - for (poffset = 0; poffset < remote_max_parallel; poffset++) - if (parlist[poffset].pid != 0) -- { -- int fd = parlist[poffset].fd; -- FD_SET(fd, &select_pipes); -- if (fd > maxpipe) maxpipe = fd; -- } -+ { -+ parpoll[poffset].fd = parlist[poffset].fd; -+ parpoll[poffset].events = POLLIN; -+ } -+ else -+ parpoll[poffset].fd = -1; - - /* Stick in a 60-second timeout, just in case. */ - -- tv.tv_sec = 60; -- tv.tv_usec = 0; -- -- readycount = select(maxpipe + 1, (SELECT_ARG2_TYPE *)&select_pipes, -- NULL, NULL, &tv); -+ readycount = poll(parpoll, remote_max_parallel, 60 * 1000); - - /* Scan through the pipes and read any that are ready; use the count -- returned by select() to stop when there are no more. Select() can return -+ returned by poll() to stop when there are no more. Select() can return - with no processes (e.g. if interrupted). This shouldn't matter. - - If par_read_pipe() returns TRUE, it means that either the terminating Z was -@@ -3978,7 +3972,7 @@ for (;;) /* Normally we do not repeat this loop */ - poffset++) - { - if ( (pid = parlist[poffset].pid) != 0 -- && FD_ISSET(parlist[poffset].fd, &select_pipes) -+ && parpoll[poffset].revents - ) - { - readycount--; -@@ -4016,7 +4010,7 @@ for (;;) /* Normally we do not repeat this loop */ - "transport process list", pid); - } /* End of the "for" loop */ - --/* Come here when all the data was completely read after a select(), and -+/* Come here when all the data was completely read after a poll(), and - the process in pid has been wait()ed for. */ - - PROCESS_DONE: -@@ -4051,7 +4045,7 @@ if ((status & 0xffff) != 0) - "%s %d", - addrlist->transport->driver_name, - status, -- (msb == 0)? "terminated by signal" : "exit code", -+ msb == 0 ? "terminated by signal" : "exit code", - code); - - if (msb != 0 || (code != SIGTERM && code != SIGKILL && code != SIGQUIT)) -@@ -4069,7 +4063,8 @@ if ((status & 0xffff) != 0) - /* Else complete reading the pipe to get the result of the delivery, if all - the data has not yet been obtained. */ - --else if (!parlist[poffset].done) (void)par_read_pipe(poffset, TRUE); -+else if (!parlist[poffset].done) -+ (void) par_read_pipe(poffset, TRUE); - - /* Put the data count and return path into globals, mark the data slot unused, - decrement the count of subprocesses, and return the address chain. */ -@@ -4218,6 +4213,7 @@ if (!parlist) - parlist = store_get(remote_max_parallel * sizeof(pardata), FALSE); - for (poffset = 0; poffset < remote_max_parallel; poffset++) - parlist[poffset].pid = 0; -+ parpoll = store_get(remote_max_parallel * sizeof(struct pollfd), FALSE); - } - - /* Now loop for each remote delivery */ -@@ -4613,7 +4609,7 @@ nonmatch domains - that it can use either of them, though it prefers O_NONBLOCK, which - distinguishes between EOF and no-more-data. */ - --/* The data appears in a timely manner and we already did a select on -+/* The data appears in a timely manner and we already did a poll on - all pipes, so I do not see a reason to use non-blocking IO here - - #ifdef O_NONBLOCK -diff --git a/src/exim.c b/src/exim.c -index 133761de9..42db457c0 100644 ---- a/src/exim.c -+++ b/src/exim.c -@@ -5735,13 +5735,8 @@ for (BOOL more = TRUE; more; ) - the file copy. */ - - if (!receive_timeout) -- { -- struct timeval t = { .tv_sec = 30*60, .tv_usec = 0 }; /* 30 minutes */ -- fd_set r; -- -- FD_ZERO(&r); FD_SET(0, &r); -- if (select(1, &r, NULL, NULL, &t) == 0) mainlog_close(); -- } -+ if (poll_one_fd(0, POLLIN, 30*60*1000) == 0) /* 30 minutes */ -+ mainlog_close(); - - /* Read the data for the message. If filter_test is not FTEST_NONE, this - will just read the headers for the message, and not write anything onto the -diff --git a/src/expand.c b/src/expand.c -index 59554840e..bfae2a3c0 100644 ---- a/src/expand.c -+++ b/src/expand.c -@@ -1760,8 +1760,6 @@ const uschar * where; - #ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS - uschar * sname; - #endif --fd_set fds; --struct timeval tv; - - if ((fd = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0) - { -@@ -1805,9 +1803,7 @@ if (connect(fd, (const struct sockaddr *)&sa_un, len) < 0) - buf[0] = NOTIFY_QUEUE_SIZE_REQ; - if (send(fd, buf, 1, 0) < 0) { where = US"send"; goto bad; } - --FD_ZERO(&fds); FD_SET(fd, &fds); --tv.tv_sec = 2; tv.tv_usec = 0; --if (select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tv) != 1) -+if (poll_one_fd(fd, POLLIN, 2 * 1000) != 1) - { - DEBUG(D_expand) debug_printf("no daemon response; using local evaluation\n"); - len = snprintf(CS buf, sizeof(buf), "%u", queue_count_cached()); -diff --git a/src/functions.h b/src/functions.h -index 3dd890a00..0cf80dfbb 100644 ---- a/src/functions.h -+++ b/src/functions.h -@@ -1255,6 +1255,13 @@ child_open(uschar **argv, uschar **envp, int newumask, int *infdptr, - outfdptr, make_leader, purpose); - } - -+static inline int -+poll_one_fd(int fd, short pollbits, int tmo_millisec) -+{ -+struct pollfd p = {.fd = fd, .events = pollbits}; -+return poll(&p, 1, tmo_millisec); -+} -+ - # endif /* !COMPILE_UTILITY */ - - /******************************************************************************/ -diff --git a/src/ip.c b/src/ip.c -index d83d6f910..aa42343fb 100644 ---- a/src/ip.c -+++ b/src/ip.c -@@ -589,9 +589,7 @@ Returns: TRUE => ready for i/o - BOOL - fd_ready(int fd, time_t timelimit) - { --fd_set select_inset; --int time_left = timelimit - time(NULL); --int rc; -+int rc, time_left = timelimit - time(NULL); - - if (time_left <= 0) - { -@@ -602,12 +600,8 @@ if (time_left <= 0) - - do - { -- struct timeval tv = { .tv_sec = time_left, .tv_usec = 0 }; -- FD_ZERO (&select_inset); -- FD_SET (fd, &select_inset); -- - /*DEBUG(D_transport) debug_printf("waiting for data on fd\n");*/ -- rc = select(fd + 1, (SELECT_ARG2_TYPE *)&select_inset, NULL, NULL, &tv); -+ rc = poll_one_fd(fd, POLLIN, time_left * 1000); - - /* If some interrupt arrived, just retry. We presume this to be rare, - but it can happen (e.g. the SIGUSR1 signal sent by exiwhat causes -@@ -636,7 +630,7 @@ do - /* Checking the FD_ISSET is not enough, if we're interrupted, the - select_inset may still contain the 'input'. */ - } --while (rc < 0 || !FD_ISSET(fd, &select_inset)); -+while (rc < 0); - return TRUE; - } - -diff --git a/src/malware.c b/src/malware.c -index 10a390dfa..d9ab3b9dd 100644 ---- a/src/malware.c -+++ b/src/malware.c -@@ -277,11 +277,7 @@ int fd = ip_connectedsocket(SOCK_STREAM, hostname, port, port, 5, - /* Under some fault conditions, FreeBSD 12.2 seen to send a (non-TFO) SYN - and, getting no response, wait for a long time. Impose a 5s max. */ - if (fd >= 0) -- { -- struct timeval tv = {.tv_sec = 5}; -- fd_set fds; -- FD_ZERO(&fds); FD_SET(fd, &fds); (void) select(fd+1, NULL, &fds, NULL, &tv); -- } -+ (void) poll_one_fd(fd, POLLOUT, 5 * 1000); - #endif - return fd; - } -diff --git a/src/receive.c b/src/receive.c -index fab0f00c4..3adcbbd88 100644 ---- a/src/receive.c -+++ b/src/receive.c -@@ -624,12 +624,8 @@ if (!receive_timeout && !receive_hasc()) - if (t.tv_sec > 30*60) - mainlog_close(); - else -- { -- fd_set r; -- FD_ZERO(&r); FD_SET(0, &r); -- t.tv_sec = 30*60 - t.tv_sec; t.tv_usec = 0; -- if (select(1, &r, NULL, NULL, &t) == 0) mainlog_close(); -- } -+ if (poll_one_fd(0, POLLIN, (30*60 - t.tv_sec) * 1000) == 0) -+ mainlog_close(); - } - } - -@@ -4234,12 +4230,7 @@ response, but the chance of this happening should be small. */ - if (smtp_input && sender_host_address && !f.sender_host_notsocket && - !receive_smtp_buffered()) - { -- struct timeval tv = {.tv_sec = 0, .tv_usec = 0}; -- fd_set select_check; -- FD_ZERO(&select_check); -- FD_SET(fileno(smtp_in), &select_check); -- -- if (select(fileno(smtp_in) + 1, &select_check, NULL, NULL, &tv) != 0) -+ if (poll_one_fd(fileno(smtp_in), POLLIN, 0) != 0) - { - int c = (receive_getc)(GETC_BUFFER_UNLIMITED); - if (c != EOF) (receive_ungetc)(c); else -diff --git a/src/smtp_in.c b/src/smtp_in.c -index 824178e4d..7cb966f24 100644 ---- a/src/smtp_in.c -+++ b/src/smtp_in.c -@@ -346,8 +346,6 @@ static BOOL - wouldblock_reading(void) - { - int fd, rc; --fd_set fds; --struct timeval tzero = {.tv_sec = 0, .tv_usec = 0}; - - #ifndef DISABLE_TLS - if (tls_in.active.sock >= 0) -@@ -358,9 +356,7 @@ if (smtp_inptr < smtp_inend) - return FALSE; - - fd = fileno(smtp_in); --FD_ZERO(&fds); --FD_SET(fd, &fds); --rc = select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tzero); -+rc = poll_one_fd(fd, POLLIN, 0); - - if (rc <= 0) return TRUE; /* Not ready to read */ - rc = smtp_getc(GETC_BUFFER_UNLIMITED); -@@ -3942,16 +3938,8 @@ log_write(L_smtp_connection, LOG_MAIN, "%s closed by QUIT", - /* Pause, hoping client will FIN first so that they get the TIME_WAIT. - The socket should become readble (though with no data) */ - -- { -- int fd = fileno(smtp_in); -- fd_set fds; -- struct timeval t_limit = {.tv_sec = 0, .tv_usec = 200*1000}; -- -- FD_ZERO(&fds); -- FD_SET(fd, &fds); -- (void) select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &t_limit); -- } --#endif /*!DAEMON_CLOSE_NOWAIT*/ -+(void) poll_one_fd(fileno(smtp_in), POLLIN, 200); -+#endif /*!SERVERSIDE_CLOSE_NOWAIT*/ - } - - -diff --git a/src/spam.c b/src/spam.c -index 470e5fae7..e3316ed96 100644 ---- a/src/spam.c -+++ b/src/spam.c -@@ -194,12 +194,6 @@ uschar *p,*q; - int override = 0; - time_t start; - size_t read, wrote; --#ifndef NO_POLL_H --struct pollfd pollfd; --#else /* Patch posted by Erik ? for OS X */ --struct timeval select_tv; /* and applied by PH */ --fd_set select_fd; --#endif - uschar *spamd_address_work; - spamd_address_container * sd; - -@@ -395,19 +389,19 @@ if (wrote == -1) - } - - /* now send the file */ --/* spamd sometimes accepts connections but doesn't read data off -- * the connection. We make the file descriptor non-blocking so -- * that the write will only write sufficient data without blocking -- * and we poll the descriptor to make sure that we can write without -- * blocking. Short writes are gracefully handled and if the whole -- * transaction takes too long it is aborted. -- * Note: poll() is not supported in OSX 10.2 and is reported to be -- * broken in more recent versions (up to 10.4). -+/* spamd sometimes accepts connections but doesn't read data off the connection. -+We make the file descriptor non-blocking so that the write will only write -+sufficient data without blocking and we poll the descriptor to make sure that we -+can write without blocking. Short writes are gracefully handled and if the -+whole transaction takes too long it is aborted. -+ -+Note: poll() is not supported in OSX 10.2 and is reported to be broken in more -+ recent versions (up to 10.4). Workaround using select() removed 2021/11 (jgh). - */ --#ifndef NO_POLL_H --pollfd.fd = spamd_cctx.sock; --pollfd.events = POLLOUT; -+#ifdef NO_POLL_H -+# error Need poll(2) support - #endif -+ - (void)fcntl(spamd_cctx.sock, F_SETFL, O_NONBLOCK); - do - { -@@ -416,19 +410,7 @@ do - { - offset = 0; - again: --#ifndef NO_POLL_H -- result = poll(&pollfd, 1, 1000); -- --/* Patch posted by Erik ? for OS X and applied by PH */ --#else -- select_tv.tv_sec = 1; -- select_tv.tv_usec = 0; -- FD_ZERO(&select_fd); -- FD_SET(spamd_cctx.sock, &select_fd); -- result = select(spamd_cctx.sock+1, NULL, &select_fd, NULL, &select_tv); --#endif --/* End Erik's patch */ -- -+ result = poll_one_fd(spamd_cctx.sock, POLLOUT, 1000); - if (result == -1 && errno == EINTR) - goto again; - else if (result < 1) -diff --git a/src/transport.c b/src/transport.c -index 8c74030f0..ef523657e 100644 ---- a/src/transport.c -+++ b/src/transport.c -@@ -253,7 +253,6 @@ for (int i = 0; i < 100; i++) - - for(;;) - { -- fd_set fds; - /* This code makes use of alarm() in order to implement the timeout. This - isn't a very tidy way of doing things. Using non-blocking I/O with select() - provides a neater approach. However, I don't know how to do this when TLS is -@@ -281,8 +280,7 @@ for (int i = 0; i < 100; i++) - if (rc >= 0 || errno != ENOTCONN || connretry <= 0) - break; - -- FD_ZERO(&fds); FD_SET(fd, &fds); -- select(fd+1, NULL, &fds, NULL, NULL); /* could set timout? */ -+ poll_one_fd(fd, POLLOUT, -1); /* could set timeout? retval check? */ - connretry--; - } - -diff --git a/src/transports/smtp.c b/src/transports/smtp.c -index d321bd69e..c64bb7010 100644 ---- a/src/transports/smtp.c -+++ b/src/transports/smtp.c -@@ -3550,8 +3550,8 @@ void - smtp_proxy_tls(void * ct_ctx, uschar * buf, size_t bsize, int * pfd, - int timeout) - { --fd_set rfds, efds; --int max_fd = MAX(pfd[0], tls_out.active.sock) + 1; -+struct pollfd p[2] = {{.fd = tls_out.active.sock, .events = POLLIN}, -+ {.fd = pfd[0], .events = POLLIN}}; - int rc, i; - BOOL send_tls_shutdown = TRUE; - -@@ -3560,23 +3560,16 @@ if ((rc = exim_fork(US"tls-proxy"))) - _exit(rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS); - - set_process_info("proxying TLS connection for continued transport"); --FD_ZERO(&rfds); --FD_SET(tls_out.active.sock, &rfds); --FD_SET(pfd[0], &rfds); - --for (int fd_bits = 3; fd_bits; ) -+do - { - time_t time_left = timeout; - time_t time_start = time(NULL); - - /* wait for data */ -- efds = rfds; - do - { -- struct timeval tv = { time_left, 0 }; -- -- rc = select(max_fd, -- (SELECT_ARG2_TYPE *)&rfds, NULL, (SELECT_ARG2_TYPE *)&efds, &tv); -+ rc = poll(p, 2, time_left * 1000); - - if (rc < 0 && errno == EINTR) - if ((time_left -= time(NULL) - time_start) > 0) continue; -@@ -3589,23 +3582,22 @@ for (int fd_bits = 3; fd_bits; ) - - /* For errors where not readable, bomb out */ - -- if (FD_ISSET(tls_out.active.sock, &efds) || FD_ISSET(pfd[0], &efds)) -+ if (p[0].revents & POLLERR || p[1].revents & POLLERR) - { - DEBUG(D_transport) debug_printf("select: exceptional cond on %s fd\n", -- FD_ISSET(pfd[0], &efds) ? "proxy" : "tls"); -- if (!(FD_ISSET(tls_out.active.sock, &rfds) || FD_ISSET(pfd[0], &rfds))) -+ p[0].revents & POLLERR ? "tls" : "proxy"); -+ if (!(p[0].revents & POLLIN || p[1].events & POLLIN)) - goto done; - DEBUG(D_transport) debug_printf("- but also readable; no exit yet\n"); - } - } -- while (rc < 0 || !(FD_ISSET(tls_out.active.sock, &rfds) || FD_ISSET(pfd[0], &rfds))); -+ while (rc < 0 || !(p[0].revents & POLLIN || p[1].revents & POLLIN)); - - /* handle inbound data */ -- if (FD_ISSET(tls_out.active.sock, &rfds)) -+ if (p[0].revents & POLLIN) - if ((rc = tls_read(ct_ctx, buf, bsize)) <= 0) /* Expect -1 for EOF; */ - { /* that reaps the TLS Close Notify record */ -- fd_bits &= ~1; -- FD_CLR(tls_out.active.sock, &rfds); -+ p[0].fd = -1; - shutdown(pfd[0], SHUT_WR); - timeout = 5; - } -@@ -3616,11 +3608,10 @@ for (int fd_bits = 3; fd_bits; ) - /* Handle outbound data. We cannot combine payload and the TLS-close - due to the limitations of the (pipe) channel feeding us. Maybe use a unix-domain - socket? */ -- if (FD_ISSET(pfd[0], &rfds)) -+ if (p[1].revents & POLLIN) - if ((rc = read(pfd[0], buf, bsize)) <= 0) - { -- fd_bits &= ~2; -- FD_CLR(pfd[0], &rfds); -+ p[1].fd = -1; - - # ifdef EXIM_TCP_CORK /* Use _CORK to get TLS Close Notify in FIN segment */ - (void) setsockopt(tls_out.active.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on)); -@@ -3633,10 +3624,8 @@ for (int fd_bits = 3; fd_bits; ) - for (int nbytes = 0; rc - nbytes > 0; nbytes += i) - if ((i = tls_write(ct_ctx, buf + nbytes, rc - nbytes, FALSE)) < 0) - goto done; -- -- if (fd_bits & 1) FD_SET(tls_out.active.sock, &rfds); -- if (fd_bits & 2) FD_SET(pfd[0], &rfds); - } -+while (p[0].fd >= 0 || p[1].fd >= 0); - - done: - if (send_tls_shutdown) tls_close(ct_ctx, TLS_SHUTDOWN_NOWAIT); diff --git a/mail/exim/files/debian/75_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch b/mail/exim/files/debian/75_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch deleted file mode 100644 index b156611bd0e6..000000000000 --- a/mail/exim/files/debian/75_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch +++ /dev/null @@ -1,140 +0,0 @@ -From d73b9f478a2a5b299634acee4e05ff8ea25375a2 Mon Sep 17 00:00:00 2001 -From: John Paul Adrian Glaubitz -Date: Sun, 28 Nov 2021 17:26:40 +0000 -Subject: [PATCH] Fix basic memory use for SPARC. Bug 2838 - ---- - doc/ChangeLog | 5 +++++ - src/store.c | 34 +++++++++++++++++++--------------- - src/store.h | 2 +- - 3 files changed, 25 insertions(+), 16 deletions(-) - ---- a/doc/ChangeLog -+++ b/doc/ChangeLog -@@ -14,6 +14,11 @@ - are not useable for FD_SET() [and hence select()] and overwrite the stack. - Assorted crashes happen. - -+JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux, -+ though only once PCRE2 was introduced: the memory accounting used under -+ debug offset allocations by an int, giving a hard trap in early startup. -+ Change to using a size_t. Debug and fix by John Paul Adrian Glaubitz. -+ - - Exim version 4.95 - ----------------- ---- a/src/store.c -+++ b/src/store.c -@@ -190,11 +190,11 @@ - [POOL_TAINT_MESSAGE] = US"tainted", - }; - #endif - - --static void * internal_store_malloc(int, const char *, int); -+static void * internal_store_malloc(size_t, const char *, int); - static void internal_store_free(void *, const char *, int linenumber); - - /******************************************************************************/ - /* Initialisation, for things fragile with parameter channges when using - static initialisers. */ -@@ -859,30 +859,33 @@ - - Returns: pointer to gotten store (panic on failure) - */ - - static void * --internal_store_malloc(int size, const char *func, int line) -+internal_store_malloc(size_t size, const char *func, int line) - { - void * yield; - --if (size < 0 || size >= INT_MAX/2) -+/* Check specifically for a possibly result of conversion from -+a negative int, to the (unsigned, wider) size_t */ -+ -+if (size >= INT_MAX/2) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, -- "bad memory allocation requested (%d bytes) at %s %d", -- size, func, line); -+ "bad memory allocation requested (%lld bytes) at %s %d", -+ (unsigned long long)size, func, line); - --size += sizeof(int); /* space to store the size, used under debug */ -+size += sizeof(size_t); /* space to store the size, used under debug */ - if (size < 16) size = 16; - --if (!(yield = malloc((size_t)size))) -+if (!(yield = malloc(size))) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc %d bytes of memory: " - "called from line %d in %s", size, line, func); - - #ifndef COMPILE_UTILITY --DEBUG(D_any) *(int *)yield = size; -+DEBUG(D_any) *(size_t *)yield = size; - #endif --yield = US yield + sizeof(int); -+yield = US yield + sizeof(size_t); - - if ((nonpool_malloc += size) > max_nonpool_malloc) - max_nonpool_malloc = nonpool_malloc; - - /* Cut out the debugging stuff for utilities, but stop picky compilers from -@@ -891,20 +894,20 @@ - #ifndef COMPILE_UTILITY - /* If running in test harness, spend time making sure all the new store - is not filled with zeros so as to catch problems. */ - - if (f.running_in_test_harness) -- memset(yield, 0xF0, (size_t)size - sizeof(int)); --DEBUG(D_memory) debug_printf("--Malloc %6p %5d bytes\t%-20s %4d\tpool %5d nonpool %5d\n", -+ memset(yield, 0xF0, size - sizeof(size_t)); -+DEBUG(D_memory) debug_printf("--Malloc %6p %5lld bytes\t%-20s %4d\tpool %5d nonpool %5d\n", - yield, size, func, line, pool_malloc, nonpool_malloc); - #endif /* COMPILE_UTILITY */ - - return yield; - } - - void * --store_malloc_3(int size, const char *func, int linenumber) -+store_malloc_3(size_t size, const char *func, int linenumber) - { - if (n_nonpool_blocks++ > max_nonpool_blocks) - max_nonpool_blocks = n_nonpool_blocks; - return internal_store_malloc(size, func, linenumber); - } -@@ -925,14 +928,15 @@ - */ - - static void - internal_store_free(void * block, const char * func, int linenumber) - { --uschar * p = US block - sizeof(int); -+uschar * p = US block - sizeof(size_t); - #ifndef COMPILE_UTILITY --DEBUG(D_any) nonpool_malloc -= *(int *)p; --DEBUG(D_memory) debug_printf("----Free %6p %5d bytes\t%-20s %4d\n", block, *(int *)p, func, linenumber); -+DEBUG(D_any) nonpool_malloc -= *(size_t *)p; -+DEBUG(D_memory) debug_printf("----Free %6p %5lld bytes\t%-20s %4d\n", -+ block, (unsigned long long) *(size_t *)p, func, linenumber); - #endif - free(p); - } - - void ---- a/src/store.h -+++ b/src/store.h -@@ -63,11 +63,11 @@ - typedef void ** rmark; - - extern BOOL store_extend_3(void *, BOOL, int, int, const char *, int); - extern void store_free_3(void *, const char *, int); - /* store_get_3 & store_get_perm_3 are in local_scan.h */ --extern void *store_malloc_3(int, const char *, int) ALLOC ALLOC_SIZE(1) WARN_UNUSED_RESULT; -+extern void *store_malloc_3(size_t, const char *, int) ALLOC ALLOC_SIZE(1) WARN_UNUSED_RESULT; - extern rmark store_mark_3(const char *, int); - extern void *store_newblock_3(void *, BOOL, int, int, const char *, int); - extern void store_release_above_3(void *, const char *, int); - extern rmark store_reset_3(rmark, const char *, int); - diff --git a/mail/exim/files/debian/75_43-BSD-fix-resource-leak.patch b/mail/exim/files/debian/75_43-BSD-fix-resource-leak.patch deleted file mode 100644 index 0a624c30875c..000000000000 --- a/mail/exim/files/debian/75_43-BSD-fix-resource-leak.patch +++ /dev/null @@ -1,61 +0,0 @@ -From c57309a50444d858c0a2dc1581846a850d78a9ad Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Tue, 11 Jan 2022 11:21:45 +0000 -Subject: [PATCH 077/151] BSD: fix resource leak - ---- - doc/ChangeLog | 4 ++++ - src/tls.c | 9 +++++---- - -diff --git a/doc/ChangeLog b/doc/ChangeLog -index e7c7085f8..567399483 100644 ---- a/doc/ChangeLog -+++ b/doc/ChangeLog -@@ -65,6 +65,10 @@ JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value - - JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. - -+JH/15 Fix a resource leak in *BSD. An off-by-one error resulted in the daemon -+ failing to close the certificates directory, every hour or any time it -+ was touched. -+ - - Exim version 4.95 - ----------------- -diff --git a/src/tls.c b/src/tls.c -index d5d11bcea..e6b1bf7a7 100644 ---- a/src/tls.c -+++ b/src/tls.c -@@ -185,8 +185,8 @@ for (;;) - { - if ((fd1 = open(CCS filename, O_RDONLY | O_NOFOLLOW)) < 0) - { s = US"open file"; goto bad; } -- DEBUG(D_tls) debug_printf("watch file '%s'\n", filename); -- EV_SET(&kev[++kev_used], -+ DEBUG(D_tls) debug_printf("watch file '%s':\t%d\n", filename, fd1); -+ EV_SET(&kev[kev_used++], - (uintptr_t)fd1, - EVFILT_VNODE, - EV_ADD | EV_ENABLE | EV_ONESHOT, -@@ -196,8 +196,8 @@ for (;;) - NULL); - cnt++; - } -- DEBUG(D_tls) debug_printf("watch dir '%s'\n", s); -- EV_SET(&kev[++kev_used], -+ DEBUG(D_tls) debug_printf("watch dir '%s':\t%d\n", s, fd2); -+ EV_SET(&kev[kev_used++], - (uintptr_t)fd2, - EVFILT_VNODE, - EV_ADD | EV_ENABLE | EV_ONESHOT, -@@ -320,6 +320,7 @@ if (tls_watch_fd < 0) return; - /* Close the files we had open for kevent */ - for (int i = 0; i < kev_used; i++) - { -+ DEBUG(D_tls) debug_printf("closing watch fd: %d\n", (int) kev[i].ident); - (void) close((int) kev[i].ident); - kev[i].ident = (uintptr_t)-1; - } --- -2.35.1 - diff --git a/mail/exim/files/debian/75_45-Fix-bogus-error-message-copy.-Bug-2857.patch b/mail/exim/files/debian/75_45-Fix-bogus-error-message-copy.-Bug-2857.patch deleted file mode 100644 index 7a582781136d..000000000000 --- a/mail/exim/files/debian/75_45-Fix-bogus-error-message-copy.-Bug-2857.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 7ad863f3819407559cd654639c25dcae427c190f Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Sun, 6 Feb 2022 19:00:26 +0000 -Subject: [PATCH] Fix bogus error message copy. Bug 2857 - -Broken-by: bb43acbd98 ---- - src/parse.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/src/parse.c b/src/parse.c -index 5bf97eab9..edbee2646 100644 ---- a/src/parse.c -+++ b/src/parse.c -@@ -1354,15 +1354,16 @@ for (;;) - - if (special) - { -- uschar *ss = Ustrchr(s+1, ':') + 1; -+ uschar * ss = Ustrchr(s+1, ':') + 1; /* line after the special... */ - if ((options & specopt) == specbit) - { - *error = string_sprintf("\"%.*s\" is not permitted", len, s); - return FF_ERROR; - } -- while (*ss && isspace(*ss)) ss++; -- while (s[len] && s[len] != '\n') len++; -- *error = string_copyn(ss, s + len - ss); -+ while (*ss && isspace(*ss)) ss++; /* skip leading whitespace */ -+ if ((len = Ustrlen(ss)) > 0) /* ignore trailing newlines */ -+ for (const uschar * t = ss + len - 1; t >= ss && *t == '\n'; t--) len--; -+ *error = string_copyn(ss, len); /* becomes the error */ - return special; - } - --- -2.34.1 - diff --git a/mail/exim/files/debian/75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch b/mail/exim/files/debian/75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch deleted file mode 100644 index 0344630e70b3..000000000000 --- a/mail/exim/files/debian/75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 7f8394e7c983b1c199866fc6b1c14feb857b651d Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Sun, 13 Feb 2022 12:00:55 +0000 -Subject: [PATCH] Fix include_directory in redirect routers. Bug 2715 - -Broken-by: 10c50704c1 ---- - doc/ChangeLog | 5 +++++ - src/parse.c | 9 ++++++--- - test/confs/0313 | 4 +++- - test/log/0313 | 2 ++ - test/scripts/0000-Basic/0313 | 2 ++ - 5 files changed, 18 insertions(+), 4 deletions(-) - ---- a/doc/ChangeLog -+++ b/doc/ChangeLog -@@ -23,6 +23,11 @@ JH/15 Fix a resource leak in *BSD. An off-by-one erro - failing to close the certificates directory, every hour or any time it - was touched. - -+JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a -+ bad comparison between the option value and the name of the file to -+ be included was done, and a mismatch was wrongly identified. -+ 4.88 to 4.95 are affected. -+ - - Exim version 4.95 - ----------------- ---- a/src/parse.c -+++ b/src/parse.c -@@ -1422,11 +1422,13 @@ - /* Check file name if required */ - - if (directory) - { - int len = Ustrlen(directory); -- uschar *p = filename + len; -+ uschar * p; -+ while (len > 0 && directory[len-1] == '/') len--; /* ignore trailing '/' */ -+ p = filename + len; - - if (Ustrncmp(filename, directory, len) != 0 || *p != '/') - { - *error = string_sprintf("included file %s is not in directory %s", - filename, directory); -@@ -1448,13 +1450,14 @@ - } - while (*p) - { - uschar temp; - int fd2; -- uschar * q = p; -+ uschar * q = p + 1; /* skip dividing '/' */ - -- while (*++p && *p != '/') ; -+ while (*q == '/') q++; /* skip extra '/' */ -+ while (*++p && *p != '/') ; /* end of component */ - temp = *p; - *p = '\0'; - - fd2 = exim_openat(fd, CS q, O_RDONLY|O_NOFOLLOW); - close(fd); diff --git a/mail/exim/files/debian/75_55-Specific-check-for-null-pointer.patch b/mail/exim/files/debian/75_55-Specific-check-for-null-pointer.patch deleted file mode 100644 index 0d52bf5091a0..000000000000 --- a/mail/exim/files/debian/75_55-Specific-check-for-null-pointer.patch +++ /dev/null @@ -1,67 +0,0 @@ -From b249717db8ced250a586385f06e61cf7107d5222 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Fri, 18 Feb 2022 15:45:37 +0000 -Subject: [PATCH] Specific check for null pointer - ---- - src/smtp_out.c | 18 +++++++++++++----- - 1 file changed, 13 insertions(+), 5 deletions(-) - -diff --git a/src/smtp_out.c b/src/smtp_out.c -index 608a781eb..fc1e6cecd 100644 ---- a/src/smtp_out.c -+++ b/src/smtp_out.c -@@ -524,13 +524,21 @@ flush_buffer(smtp_outblock * outblock, int mode) - int rc; - int n = outblock->ptr - outblock->buffer; - BOOL more = mode == SCMD_MORE; -+client_conn_ctx * cctx; - - HDEBUG(D_transport|D_acl) debug_printf_indent("cmd buf flush %d bytes%s\n", n, - more ? " (more expected)" : ""); - -+if (!(cctx = outblock->cctx)) -+ { -+ log_write(0, LOG_MAIN|LOG_PANIC, "null conn-context pointer"); -+ errno = 0; -+ return FALSE; -+ } -+ - #ifndef DISABLE_TLS --if (outblock->cctx->tls_ctx) -- rc = tls_write(outblock->cctx->tls_ctx, outblock->buffer, n, more); -+if (cctx->tls_ctx) /*XXX have seen a null cctx here, rvfy sending QUIT, hence check above */ -+ rc = tls_write(cctx->tls_ctx, outblock->buffer, n, more); - else - #endif - -@@ -544,7 +552,7 @@ else - requirement: TFO with data can, in rare cases, replay the data to the - receiver. */ - -- if ( (outblock->cctx->sock = smtp_connect(outblock->conn_args, &early_data)) -+ if ( (cctx->sock = smtp_connect(outblock->conn_args, &early_data)) - < 0) - return FALSE; - outblock->conn_args = NULL; -@@ -552,7 +560,7 @@ else - } - else - { -- rc = send(outblock->cctx->sock, outblock->buffer, n, -+ rc = send(cctx->sock, outblock->buffer, n, - #ifdef MSG_MORE - more ? MSG_MORE : 0 - #else -@@ -567,7 +575,7 @@ else - https://bugzilla.redhat.com/show_bug.cgi?id=1803806 */ - - if (!more) -- setsockopt(outblock->cctx->sock, IPPROTO_TCP, TCP_CORK, &off, sizeof(off)); -+ setsockopt(cctx->sock, IPPROTO_TCP, TCP_CORK, &off, sizeof(off)); - #endif - } - } --- -2.34.1 - diff --git a/mail/exim/files/patch-OS__Makefile-Default b/mail/exim/files/patch-OS__Makefile-Default deleted file mode 100644 index 1e639c95419a..000000000000 --- a/mail/exim/files/patch-OS__Makefile-Default +++ /dev/null @@ -1,10 +0,0 @@ ---- OS/Makefile-Default.orig 2019-01-30 14:59:52.000000000 +0100 -+++ OS/Makefile-Default 2019-02-13 00:34:40.753182000 +0100 -@@ -242,6 +242,7 @@ - # The default setting points to a template function that doesn't actually do - # any scanning, but just accepts the message. - -+# HAVE_LOCAL_SCAN=no - LOCAL_SCAN_SOURCE=src/local_scan.c - - # If you want to specify options for your local_scan() that can be set from diff --git a/mail/exim/files/patch-OS__Makefile-FreeBSD b/mail/exim/files/patch-OS__Makefile-FreeBSD index 239f5bca9637..a2608a0dcf32 100644 --- a/mail/exim/files/patch-OS__Makefile-FreeBSD +++ b/mail/exim/files/patch-OS__Makefile-FreeBSD @@ -1,11 +1,13 @@ ---- OS/Makefile-FreeBSD.orig 2009-11-14 21:13:45.000000000 +0300 -+++ OS/Makefile-FreeBSD 2009-11-14 21:15:39.000000000 +0300 -@@ -7,7 +7,7 @@ - PORTOBJFORMAT!= test -x /usr/bin/objformat && /usr/bin/objformat || echo aout +--- OS/Makefile-FreeBSD.orig 2023-04-09 09:45:04.226201000 +0200 ++++ OS/Makefile-FreeBSD 2023-04-09 09:48:01.819463000 +0200 +@@ -18,8 +18,8 @@ + # Dynamically loaded modules need to be built with -fPIC + CFLAGS_DYNAMIC=-shared -rdynamic -fPIC - CHOWN_COMMAND=/usr/sbin/chown --STRIP_COMMAND=/usr/bin/strip -+STRIP_COMMAND=XX_STRIPCMD_XX - CHMOD_COMMAND=/bin/chmod +-# FreeBSD always ships with Berkeley DB +-USE_DB=yes ++# FreeBSD ships with Berkeley DB until 13.1, but ndbm is always included ++USE_NDBM=yes - HAVE_SA_LEN=YES + # This code for building outside ports suggested by Richard Clayton + .ifdef X11BASE diff --git a/mail/exim/files/patch-OS_os.c-FreeBSD b/mail/exim/files/patch-OS_os.c-FreeBSD deleted file mode 100644 index 99e89850ed0c..000000000000 --- a/mail/exim/files/patch-OS_os.c-FreeBSD +++ /dev/null @@ -1,15 +0,0 @@ ---- OS/os.c-FreeBSD.orig 2021-10-11 17:03:56.119681000 +0200 -+++ OS/os.c-FreeBSD 2021-10-11 17:04:27.802597000 +0200 -@@ -16,10 +16,11 @@ - ssize_t - os_sendfile(int out, int in, off_t * offp, size_t cnt) - { --off_t loff = *offp, written; -+off_t loff = offp ? *offp : 0; -+off_t written; - - if (sendfile(in, out, loff, cnt, NULL, &written, 0) < 0) return (ssize_t)-1; --*offp = loff + written; -+if (offp) *offp = loff + written; - return (ssize_t)written; - } diff --git a/mail/exim/files/patch-src-dmarc.c b/mail/exim/files/patch-src-dmarc.c deleted file mode 100644 index c0054446458c..000000000000 --- a/mail/exim/files/patch-src-dmarc.c +++ /dev/null @@ -1,19 +0,0 @@ ---- src/dmarc.c.orig 2021-04-30 12:08:21 UTC -+++ src/dmarc.c -@@ -37,6 +37,7 @@ uschar *spf_human_readable = NULL; - u_char *header_from_sender = NULL; - int history_file_status = DMARC_HIST_OK; - uschar *dkim_history_buffer= NULL; -+uschar *dkim_selector = NULL; - - typedef struct dmarc_exim_p { - uschar *name; -@@ -446,7 +447,7 @@ if (!dmarc_abort && !sender_host_authenticated) - vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL : - DMARC_POLICY_DKIM_OUTCOME_NONE; - libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain, -- dkim_result, US""); -+ dkim_selector, dkim_result, US""); - DEBUG(D_receive) - debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain); - if (libdm_status != DMARC_PARSE_OKAY) diff --git a/mail/exim/files/tls/patch-tls1 b/mail/exim/files/tls/patch-tls1 deleted file mode 100644 index d76d5589b2bb..000000000000 --- a/mail/exim/files/tls/patch-tls1 +++ /dev/null @@ -1,43 +0,0 @@ -From fc624b8cb4c3312d7450dfa86adfa3fe8dd9cbeb Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Tue, 11 Jan 2022 14:50:09 +0000 -Subject: [PATCH] Ensure server tls close alert not delayed - ---- - src/src/tls-gnu.c | 5 +++++ - src/src/tls-openssl.c | 3 +++ - 2 files changed, 8 insertions(+) - -diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c -index 53635ac..3adadb8 100644 ---- a/src/tls-gnu.c -+++ b/src/tls-gnu.c -@@ -3731,6 +3731,11 @@ if (do_shutdown) - - tls_write(ct_ctx, NULL, 0, FALSE); /* flush write buffer */ - -+#ifdef EXIM_TCP_CORK -+ if (do_shutdown > 1) -+ (void) setsockopt(tlsp->active.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &off, sizeof(off)); -+#endif -+ - ALARM(2); - gnutls_bye(state->session, do_shutdown > 1 ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR); - ALARM_CLR(0); -diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c -index 5130455..576f62b 100644 ---- a/src/tls-openssl.c -+++ b/src/tls-openssl.c -@@ -4516,6 +4516,9 @@ if (do_shutdown) - if ( (rc = SSL_shutdown(*sslp)) == 0 /* send "close notify" alert */ - && do_shutdown > 1) - { -+#ifdef EXIM_TCP_CORK -+ (void) setsockopt(*fdp, IPPROTO_TCP, EXIM_TCP_CORK, US &off, sizeof(off)); -+#endif - ALARM(2); - rc = SSL_shutdown(*sslp); /* wait for response */ - ALARM_CLR(0); --- -1.9.1 - diff --git a/mail/exim/files/tls/patch-tls2 b/mail/exim/files/tls/patch-tls2 deleted file mode 100644 index e88c127fd374..000000000000 --- a/mail/exim/files/tls/patch-tls2 +++ /dev/null @@ -1,174 +0,0 @@ -From 2ead369f8435918f3f15408b9394e580bcaf0910 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Thu, 10 Mar 2022 15:23:26 +0000 -Subject: [PATCH] OpenSSL: track shutdown calls. Bug 2864 - ---- - doc/doc-txt/ChangeLog | 5 +++++ - src/src/macros.h | 7 ++++--- - src/src/tls-gnu.c | 10 +++++++--- - src/src/tls-openssl.c | 13 ++++++++----- - src/src/transports/smtp.c | 19 +++++++++++++------ - 5 files changed, 37 insertions(+), 17 deletions(-) - -diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog -index 5ba587b..1c799b6 100644 ---- a/doc/ChangeLog -+++ b/doc/ChangeLog -@@ -95,6 +95,11 @@ JH/21 Remove the "allow_insecure_tainted_data" main config option and the - JH/22 Fix static address-list lookups to properly return the matched item. - Previously only the domain part was returned. - -+JH/23 Bug 2864: FreeBSD: fix transport hang after 4xx/5xx response. Previously -+ the call into OpenSSL to send a TLS Close was being repeated; this -+ resulted in the library waiting for the peer's Close. If that was never -+ sent we waited forever. Fix by tracking send calls. -+ - - Exim version 4.95 - ----------------- -diff --git a/src/src/macros.h b/src/src/macros.h -index 92f2cc0..659a70f 100644 ---- a/src/macros.h -+++ b/src/macros.h -@@ -1051,9 +1051,10 @@ enum { FILTER_UNSET, FILTER_FORWARD, FILTER_EXIM, FILTER_SIEVE }; - - - /* Options on tls_close */ --#define TLS_NO_SHUTDOWN 0 --#define TLS_SHUTDOWN_NOWAIT 1 --#define TLS_SHUTDOWN_WAIT 2 -+#define TLS_NO_SHUTDOWN 0 /* Just forget the context */ -+#define TLS_SHUTDOWN_NOWAIT 1 /* Send alert; do not wait */ -+#define TLS_SHUTDOWN_WAIT 2 /* Send alert & wait for peer's alert */ -+#define TLS_SHUTDOWN_WONLY 3 /* only wait for peer's alert */ - - - #ifdef COMPILE_UTILITY -diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c -index 1215f85..6227823 100644 ---- a/src/tls-gnu.c -+++ b/src/tls-gnu.c -@@ -3744,17 +3744,21 @@ if (!tlsp || tlsp->active.sock < 0) return; /* TLS was not active */ - if (do_shutdown) - { - DEBUG(D_tls) debug_printf("tls_close(): shutting down TLS%s\n", -- do_shutdown > 1 ? " (with response-wait)" : ""); -+ do_shutdown > TLS_SHUTDOWN_NOWAIT ? " (with response-wait)" : ""); - - tls_write(ct_ctx, NULL, 0, FALSE); /* flush write buffer */ - - #ifdef EXIM_TCP_CORK -- if (do_shutdown > 1) -+ if (do_shutdown == TLS_SHUTDOWN_WAIT) - (void) setsockopt(tlsp->active.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &off, sizeof(off)); - #endif - -+ /* The library seems to have no way to only wait for a peer's -+ shutdown, so handle the same as TLS_SHUTDOWN_WAIT */ -+ - ALARM(2); -- gnutls_bye(state->session, do_shutdown > 1 ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR); -+ gnutls_bye(state->session, -+ do_shutdown > TLS_SHUTDOWN_NOWAIT ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR); - ALARM_CLR(0); - } - -diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c -index d5c5778..7bf62f5 100644 ---- a/src/tls-openssl.c -+++ b/src/tls-openssl.c -@@ -4519,22 +4519,25 @@ int * fdp = o_ctx ? &tls_out.active.sock : &tls_in.active.sock; - - if (*fdp < 0) return; /* TLS was not active */ - --if (do_shutdown) -+if (do_shutdown > TLS_NO_SHUTDOWN) - { - int rc; - DEBUG(D_tls) debug_printf("tls_close(): shutting down TLS%s\n", -- do_shutdown > 1 ? " (with response-wait)" : ""); -+ do_shutdown > TLS_SHUTDOWN_NOWAIT ? " (with response-wait)" : ""); - - tls_write(ct_ctx, NULL, 0, FALSE); /* flush write buffer */ - -- if ( (rc = SSL_shutdown(*sslp)) == 0 /* send "close notify" alert */ -- && do_shutdown > 1) -+ if ( ( do_shutdown >= TLS_SHUTDOWN_WONLY -+ || (rc = SSL_shutdown(*sslp)) == 0 /* send "close notify" alert */ -+ ) -+ && do_shutdown > TLS_SHUTDOWN_NOWAIT -+ ) - { - #ifdef EXIM_TCP_CORK - (void) setsockopt(*fdp, IPPROTO_TCP, EXIM_TCP_CORK, US &off, sizeof(off)); - #endif - ALARM(2); -- rc = SSL_shutdown(*sslp); /* wait for response */ -+ rc = SSL_shutdown(*sslp); /* wait for response */ - ALARM_CLR(0); - } - -diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c -index e2c2680..524f186 100644 ---- a/src/transports/smtp.c -+++ b/src/transports/smtp.c -@@ -4085,7 +4085,7 @@ else - sx->send_quit = FALSE; /* avoid sending it later */ - - #ifndef DISABLE_TLS -- if (sx->cctx.tls_ctx) /* need to send TLS Close Notify */ -+ if (sx->cctx.tls_ctx && sx->send_tlsclose) /* need to send TLS Close Notify */ - { - # ifdef EXIM_TCP_CORK /* Use _CORK to get Close Notify in FIN segment */ - (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on)); -@@ -4429,7 +4429,8 @@ if (!sx->ok) - # ifndef DISABLE_TLS - if (sx->cctx.tls_ctx) - { -- tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WAIT); -+ tls_close(sx->cctx.tls_ctx, -+ sx->send_tlsclose ? TLS_SHUTDOWN_WAIT : TLS_SHUTDOWN_WONLY); - sx->cctx.tls_ctx = NULL; - } - # endif -@@ -4640,7 +4641,8 @@ if (sx->completed_addr && sx->ok && sx->send_quit) - a new EHLO. If we don't get a good response, we don't attempt to pass - the socket on. */ - -- tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WAIT); -+ tls_close(sx->cctx.tls_ctx, -+ sx->send_tlsclose ? TLS_SHUTDOWN_WAIT : TLS_SHUTDOWN_WONLY); - sx->send_tlsclose = FALSE; - sx->cctx.tls_ctx = NULL; - tls_out.active.sock = -1; -@@ -4742,7 +4744,7 @@ if (sx->send_quit) - { /* Use _MORE to get QUIT in FIN segment */ - (void)smtp_write_command(sx, SCMD_MORE, "QUIT\r\n"); - #ifndef DISABLE_TLS -- if (sx->cctx.tls_ctx) -+ if (sx->cctx.tls_ctx && sx->send_tlsclose) - { - # ifdef EXIM_TCP_CORK /* Use _CORK to get TLS Close Notify in FIN segment */ - (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on)); -@@ -4797,10 +4799,15 @@ if (sx->send_quit || tcw_done && !tcw) - while (!sigalrm_seen && n > 0); - ALARM_CLR(0); - -+ if (sx->send_tlsclose) -+ { - # ifdef EXIM_TCP_CORK -- (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on)); -+ (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on)); - # endif -- tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WAIT); -+ tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WAIT); -+ } -+ else -+ tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WONLY); - sx->cctx.tls_ctx = NULL; - } - #endif --- -1.9.1 -