HardenedBSD/hardenedbsd a906febsys/vm vm_unix.c

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
+0-51 files

HardenedBSD/hardenedbsd 887d9e4lib/libcasper/services/cap_sysctl cap_sysctl.c cap_sysctl.3, lib/libcasper/services/cap_sysctl/tests sysctl_test.c

Merge remote-tracking branch 'origin/freebsd/current/master' into hardened/current/master

        sys/vm/vm_unix.c (unresolved)

DragonFlyBSD/dports 8aff649www/wordpress distinfo Makefile

Update www/wordpress to version 5.2,1

DragonFlyBSD/dports 77f86b7www/varnish-libvmod-maxminddb Makefile

Tweak www/varnish-libvmod-maxminddb version 1.0.0

LLVM/llvm 361288llvm/trunk/lib/Target/X86 X86ISelLowering.cpp

[X86] Remove an unneeded ZERO_EXTEND creation from LowerINTRINSIC_W_CHAIN. NFC

We were trying to ZERO_EXTEND from an i8 X86ISD::SETCC to i8 again.

HardenedBSD/hardenedbsd 3c33efcsys/kern subr_param.c vfs_lookup.c, sys/sys systm.h

Merge remote-tracking branch 'origin/hardened/current/master' into 

* origin/hardened/current/master:
  NDFREE(): Fix unlocking for LOCKPARENT|LOCKLEAF and ndp->ni_dvp == ndp->ni_vp.
  The older detection methods (smbios.bios.vendor and smbios.system.product) are able to 
determine some virtual machines, but the vm_guest variable was still only being set to 

DragonFlyBSD/dports dc5c3aawww/tinymce pkg-plist distinfo

Update www/tinymce to version 5.0.5

DragonFlyBSD/dports 978b5b2www/surf Makefile

Tweak www/surf version 2.0_1
+1-11 files

DragonFlyBSD/dports bf844e9www/tdiary Makefile distinfo, www/tdiary/files patch-Gemfile

Update www/tdiary to version 5.0.13

pfSense/pfsense b9ed452src/usr/local/www head.inc

Remove wildcards incorrectly used in isAllowedPage(). Fixes #9541

(cherry picked from commit cf529cbe33ae53f3f95b37a227da141b97465f20)

LLVM/llvm 361287llvm/trunk/lib/CodeGen/SelectionDAG SelectionDAG.cpp

[SelectionDAG] fold insert subvector of undef into undef

DAGCombiner simplifies this more liberally as:
  // If inserting an UNDEF, just return the original vector.
  if (N1.isUndef())
    return N0;

So there's no way to make this visible in output AFAIK, but
doing this at node creation time should be slightly more efficient.

NetBSD/pkgsrc-wip c0c9563gdl Makefile distinfo, gdl/patches patch-gdl_gdl-dock-bar.c

gdl: update HOMEPAGE

Remove unnecessary undocumented patch.

NetBSD/pkgsrc-wip 177b31b. Makefile, gdl PLIST Makefile

gdl: remove, used for updating devel/gdl

pfSense/pfsense cf529cbsrc/usr/local/www head.inc

Remove wildcards incorrectly used in isAllowedPage(). Fixes #9541

NetBSD/pkgsrc aRX1NhJdoc TODO CHANGES-2019

   doc: Updated devel/gdl to 3.28.0
+3-32 files

NetBSD/pkgsrc 14IrTuJdevel/gdl distinfo Makefile

   gdl: update to 3.28.0.

   Based on mef's wip/gdl.

   Changes in 3.28.0

   * bgo#791913 - Convert Latin-1-encoded characters to UTF-8 (Ting-Wei Lan)

   * Translation: da (Ask Hjorth Larsen)

   Changes in 3.26.0


   Changes in 3.25.91

   * Remove ome run time warnings (Sébastien Granjoux)
   * Convert various source files to UTF-8 (Emmanuele Bassi)
   * dock-object: fix gtk-doc comment for dock signal (Ting-Wei Lan)

   * Translation: eo Kristjan Schmidt
   * Translation: fur Fabio Tomat
   * Translation: da Alan Mortensen

    [59 lines not shown]
+15-133 files

LLVM/llvm 361286llvm/trunk/cmake config-ix.cmake

[cmake] Try to make cmake happy and fix bots.

DragonFlyBSD/dports 793a693www/smarty3 Makefile pkg-descr

Tweak www/smarty3 version 3.1.32

LLVM/llvm 361285cfe/trunk/unittests/Tooling CMakeLists.txt

[LibTooling] Address post-commit feedback for r361152

Fixes a redundant dependency and moves another to its proper place.

Reviewers: thakis

Subscribers: mgorny, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D62201

DragonFlyBSD/dports 72e492awww/rubygem-roda distinfo Makefile

Update www/rubygem-roda to version 3.20.0

DragonFlyBSD/dports 73390bcwww/qutebrowser distinfo Makefile

Update www/qutebrowser to version 1.6.2

DragonFlyBSD/src 2c68437sys/net netmap_user.h

<net/netmap_user.h>: s/<malloc.h>/<stdlib.h>/.

It is not used in base and in fact the netmap we have in the tree is
not hooked in, but it seems at least one port stumbles over this.

Reported-by: zrj

DragonFlyBSD/dports 8123d0bwww/py-wagtail Makefile, www/py-wagtail/files patch-setup.py

Tweak www/py-wagtail version 2.5

HardenedBSD/hardenedbsd 9bf7ce0sys/kern subr_param.c vfs_lookup.c, sys/sys systm.h

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  NDFREE(): Fix unlocking for LOCKPARENT|LOCKLEAF and ndp->ni_dvp == ndp->ni_vp.
  The older detection methods (smbios.bios.vendor and smbios.system.product) are able to 
determine some virtual machines, but the vm_guest variable was still only being set to 

FreeBSD/src 348059head/sys/dev/vt/hw/efifb efifb.c

vt efifb: add suspend/resume calls

Using the latest NVIDIA driver, upon resuming from suspend with X
running the display remained blank.  Additionally OpenGL applications
that were running triggered a number of error messages from the NVIDIA

This occurred because the vt efifb back-end did not signal the X server
to release the display before suspending (or to re-acquire it after
resuming).  The NVIDIA driver includes code for smoothly shutting down
and re-initializing the GPU, which was not getting called.

Since the NVIDIA driver doesn't currently support framebuffer devices
and vt is forced to fall back to the efifb back-end, add vd_suspend and
vd_resume members to connect the suspend/resume path.  This ensures the
X server is properly able to re-initialize the display.

PR:            237050
Submitted by:   Erik Kurzinger <ekurzinger at nvidia.com>
Reviewed by:    markj
MFC after:      2 weeks
Event:         Waterloo Hackathon 2019

DragonFlyBSD/dports cb9fac8www/py-praw Makefile distinfo, www/py-praw/files patch-setup.py

Tweak www/py-praw version 6.2.0

DragonFlyBSD/dports 8c0729bwww/py-instabot distinfo Makefile

Tweak www/py-instabot version 0.38.0

DragonFlyBSD/dports 5848302www/py-google-cloud-storage distinfo Makefile

Tweak www/py-google-cloud-storage version 1.15.1

DragonFlyBSD/dports 7aa98dbwww/py-gandi.cli Makefile distinfo, www/py-gandi.cli/files patch-setup.py patch-setup.cfg

Tweak www/py-gandi.cli version 1.5

DragonFlyBSD/dports 0bc9eb0www/py-flask-marshmallow distinfo Makefile

Tweak www/py-flask-marshmallow version 0.10.1

DragonFlyBSD/dports d81f326www/py-django-mezzanine Makefile distinfo

Tweak www/py-django-mezzanine version 4.3.1

DragonFlyBSD/dports e9dd47awww/py-django-markwhat Makefile distinfo

Tweak www/py-django-markwhat version 1.6.1

OPNSense/core fb4a9besrc/www status_dhcp_leases.php

dhcp/leases, forgot to replace from-to with address range min, max. for 

DragonFlyBSD/dports ccad21cwww/py-bjoern distinfo Makefile

Tweak www/py-bjoern version 3.0.0

FreeNAS/freenas 2bcb7b5src/middlewared/middlewared/plugins alert.py

Fix support alert wording

LLVM/llvm 361284llvm/trunk/lib/CodeGen/SelectionDAG SelectionDAGBuilder.cpp

[SelectionDAG] remove redundant code; NFCI

getNode() squashes concatenation of undefs via FoldCONCAT_VECTORS():
  // Concat of UNDEFs is UNDEF.
  if (llvm::all_of(Ops, [](SDValue Op) { return Op.isUndef(); }))
    return DAG.getUNDEF(VT);

FreeNAS/freenas 9f23b21src/middlewared/middlewared/etc_files rc.conf.py, src/middlewared/middlewared/plugins service.py

Setup OpenVPN Client as a service

This commit introduces changes where we add the capability of starting openvpn client from 
middlewared as a service and also generating relevant rc.conf bits.

FreeNAS/freenas 2bb8b55src/freenas/etc/ix.rc.d ix-etc, src/middlewared/middlewared/etc_files/local/nginx nginx.conf

Get dhparams path and cover usages

This commit introduces changes so crypto plugin returns the path for dhparam.pem file and 
covers it's usages to make sure we don't hardcode the value and use the new method.

FreeNAS/freenas 0693216src/middlewared/middlewared/plugins crypto.py

Generate CRL

This commit adds a method to cryptokey service which enables us to generate a CRL for a 
list of certs using provided ca. There's a tricky situation here as to what happens if the 
root CA is compromised ? In normal world scenarios, that CA is removed from app's trust 
store and any subsequent certs it had issues wouldn't be validated by the app then. Making 
a CRL for a revoked root CA in normal cases doesn't make sense as the thief can sign a 
counter CRL saying that everything is fine. As our environment is controlled, i think we 
are safe to create a crl for root CA as well which we can publish for services which make 
use of it i.e openvpn and they'll know that the certs/ca's have been compromised.

FreeNAS/freenas 895c45agui/system models.py, gui/system/migrations 0044_revoked_field.py

Migrations for revoked field

This commit adds migrations for fields which will help us revoke certificates and generate 
Certificate Revocation Lists.

FreeNAS/freenas 1a38bd0src/middlewared/middlewared/etc_files/local/openvpn/client openvpn_client.conf, src/middlewared/middlewared/plugins etc.py

Generate OpenVPN Client config file

This commit adds changes which give us the ability to generate openvpn client 
configuration file.

FreeNAS/freenas 06bde0csrc/middlewared/middlewared/plugins crypto.py

Retrieve CA chain

This commit adds a generic method which will be used internally to gather ca chain.

FreeNAS/freenas eec0c28src/middlewared/middlewared/plugins crypto.py

Periodically keep ssl up to date

This commit makes sure that we keep ssl related changes up to date by making sure that we 
generate all the ssl related files after a 24 hour window.

FreeNAS/freenas aceb8f1src/middlewared/middlewared/etc_files/local/openvpn/server openvpn_server.conf, src/middlewared/middlewared/plugins service.py

Generate openvpn-server config file on ca revocation

This commit introduces a change where we generate openvpn-server file again each time 
changes are introduced to crypto services. This is necessary because it ensures that crl 
file for ca which openvpn server is using always remains up to date. It is however not 
necessary to reload/restart openvpn server when we generate the config file again because 
it automatically picks up that change for crl.

FreeNAS/freenas 17955e6src/middlewared/middlewared/plugins vpn.py

Normalize OpenVPN config

This commit normalizes openvpn.(client/server).config method making sure that we only show 
ids for foreign keys.

FreeNAS/freenas 1fb26b2src/middlewared/middlewared/plugins crypto.py

Revoke Certificate

This commit makes sure we are able to mark a certificate as revoked.

FreeNAS/freenas bface70src/middlewared/middlewared/plugins etc.py

Create etc plugin's group directory

In case the parent directories where the group's conf file is to be written, do not exist, 
we create them automatically.

FreeNAS/freenas 68e9d03src/middlewared/middlewared/plugins crypto.py

Revoke CA chain

When a CA is marked as revoked, we revoke the complete chain which starts off from that 

FreeNAS/freenas 38e43c7src/middlewared/middlewared/etc_files rc.conf.py, src/middlewared/middlewared/plugins service.py

Setup OpenVPN Server as a service

This commit introduces changes where we add the capability of starting openvpn server from 
middlewared as a service and also generating relevant rc.conf bits.

FreeNAS/freenas ef9b444src/middlewared/middlewared/plugins vpn.py

Generate OpenVPN Static Key

This commit adds ability for the end user to authenticate/encrypt all control channel 
packets with a static key which OpenVPN generates.