security/sandsifter: update to 1.04

Restrict this port to Python 2.7 for now, work to get it running
with Python 3.6 is in progress upstream.

Pet portlint (remove an extraneous spacae from pkg-descr)

Reported by:	upstream / portscout

security/sandsifter/Makefile

@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	sandsifter
-PORTVERSION=	1.03
+PORTVERSION=	1.04
 DISTVERSIONPREFIX=v
 CATEGORIES=	security
 
@@ -17,7 +17,7 @@ ONLY_FOR_ARCHS_REASON=Designed for x86
 BUILD_DEPENDS=	${LOCALBASE}/include/capstone/capstone.h:devel/capstone3
 RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}capstone>0:devel/py-capstone@${PY_FLAVOR}
 
-USES=		gmake python localbase shebangfix
+USES=		gmake python:2.7 localbase shebangfix
 USE_GITHUB=	yes
 GH_ACCOUNT=	rigred
 
@@ -28,9 +28,7 @@ OPTIONS_DEFINE=	DOCS
 PORTDOCS=	references/*
 
 post-patch:
-	${REINPLACE_CMD} -e 's,/proc/cpuinfo,/compat/linux/proc/cpuinfo,' \
-			-e 's,/usr/sbin,${PREFIX}/sbin,' \
-			${WRKSRC}/sifter.py
+	${REINPLACE_CMD} -e 's,/usr/sbin,${PREFIX}/sbin,' ${WRKSRC}/sifter.py
 
 do-install:
 	(cd ${WRKSRC} && ${COPYTREE_SHARE} gui ${STAGEDIR}${DATADIR})

security/sandsifter/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1547931250
-SHA256 (rigred-sandsifter-v1.03_GH0.tar.gz) = aece752dbe1831b2c215d9345b124ad9fb0180996dc81bff34fdc3a609332e9c
-SIZE (rigred-sandsifter-v1.03_GH0.tar.gz) = 5288254
+TIMESTAMP = 1564689727
+SHA256 (rigred-sandsifter-v1.04_GH0.tar.gz) = c62087155077190f7abe3e2646595b336b8f7f626e7fae63af5dbcc7c66f33be
+SIZE (rigred-sandsifter-v1.04_GH0.tar.gz) = 5288475

security/sandsifter/files/patch-injector.c

@@ -1,107 +0,0 @@
---- injector.c.orig	2017-07-27 19:17:30 UTC
-+++ injector.c
-@@ -77,10 +77,24 @@ cs_insn *capstone_insn;
- 
- /* 32 vs 64 */
- 
--#if __x86_64__
--	#define IP REG_RIP 
-+#ifdef __linux__
-+#	define PAGE_SIZE 4096
-+#	define EFL gregs[REG_EFL]
-+#	if __x86_64__
-+#		define IP gregs[REG_RIP]
-+#	else
-+#		define IP gregs[REG_EIP]
-+#	endif
- #else
--	#define IP REG_EIP 
-+#	include <pthread_np.h>
-+	typedef cpuset_t cpu_set_t;
-+#	if __x86_64__
-+#		define IP mc_rip
-+#		define EFL mc_rflags
-+#	else
-+#		define IP mc_eip
-+#		define EFL mc_eflags
-+#	endif
- #endif
- 
- /* leave state as 0 */
-@@ -155,7 +169,6 @@ state_t inject_state={
- /* x86/64 */
- 
- #define UD2_SIZE  2
--#define PAGE_SIZE 4096
- #define TF        0x100
- 
- /* injection */
-@@ -293,6 +306,10 @@ ignore_op_t opcode_blacklist[MAX_BLACKLIST]={
- 	{ "\xcd\x80", "int 0x80" },
- 	/* as will syscall */
- 	{ "\x0f\x05", "syscall" },
-+	/* int 92 on FreeBSD triggers DTrace, which will trigger SIGSYS */
-+	{ "\xcd\x92", "int 0x92" },
-+	/* int 93 on FreeBSD is used by Xen */
-+	{ "\xcd\x93", "int 0x93" },
- 	/* ud2 is an undefined opcode, and messes up a length differential search
- 	 * b/c of the fault it throws */
- 	{ "\x0f\xb9", "ud2" },
-@@ -850,7 +867,7 @@ void inject(int insn_size)
- void state_handler(int signum, siginfo_t* si, void* p)
- {
- 	fault_context=((ucontext_t*)p)->uc_mcontext;
--	((ucontext_t*)p)->uc_mcontext.gregs[IP]+=UD2_SIZE;
-+	((ucontext_t*)p)->uc_mcontext.IP+=UD2_SIZE;
- }
- 
- void fault_handler(int signum, siginfo_t* si, void* p)
-@@ -863,7 +880,7 @@ void fault_handler(int signum, siginfo_t* si, void* p)
- 
- 	/* make an initial estimate on the instruction length from the fault address */
- 	insn_length=
--		(uintptr_t)uc->uc_mcontext.gregs[IP]-(uintptr_t)packet-preamble_length;
-+		(uintptr_t)uc->uc_mcontext.IP-(uintptr_t)packet-preamble_length;
- 
- 	if (insn_length<0) {
- 		insn_length=JMP_LENGTH;
-@@ -880,9 +897,13 @@ void fault_handler(int signum, siginfo_t* si, void* p)
- 		(signum==SIGSEGV||signum==SIGBUS)?(uint32_t)(uintptr_t)si->si_addr:(uint32_t)-1
- 	};
- 
-+#ifdef __linux__
- 	memcpy(uc->uc_mcontext.gregs, fault_context.gregs, sizeof(fault_context.gregs));
--	uc->uc_mcontext.gregs[IP]=(uintptr_t)&resume;
--	uc->uc_mcontext.gregs[REG_EFL]&=~TF;
-+#else
-+	memcpy(&uc->uc_mcontext, &fault_context, sizeof(fault_context));
-+#endif
-+	uc->uc_mcontext.IP=(uintptr_t)&resume;
-+	uc->uc_mcontext.EFL&=~TF;
- }
- 
- void configure_sig_handler(void (*handler)(int, siginfo_t*, void*))
-@@ -1341,7 +1362,13 @@ void pin_core(void)
- 		cpu_set_t mask;
- 		CPU_ZERO(&mask);
- 		CPU_SET(config.core,&mask);
--		if (sched_setaffinity(0, sizeof(mask), &mask)) {
-+#ifdef __linux__
-+		if (sched_setaffinity(0, sizeof(mask), &mask))
-+#else
-+		if (cpuset_setaffinity(CPU_LEVEL_WHICH, CPU_WHICH_PID,
-+		    -1, sizeof(mask), &mask))
-+#endif
-+		{
- 			printf("error: failed to set cpu\n");
- 			exit(1);
- 		}
-@@ -1439,7 +1466,7 @@ int main(int argc, char** argv)
- 		null_p=mmap(0, PAGE_SIZE, PROT_READ|PROT_WRITE,
- 			MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
- 		if (null_p==MAP_FAILED) {
--			printf("null access requires running as root\n");
-+			printf("null access requires running as root, %i\n", errno);
- 			exit(1);
- 		}
- 	}

security/sandsifter/files/patch-sifter.py

@@ -0,0 +1,50 @@
+--- sifter.py.orig	2019-07-31 14:21:48 UTC
++++ sifter.py
+@@ -59,7 +59,7 @@ class InjectorResults(Structure):
+                 ('signum', c_int),
+                 ('sicode', c_int),
+                 ('siaddr', c_int),
+-		]
++                ]
+ 
+ class Settings:
+     SYNTH_MODE_RANDOM = "r"
+@@ -643,8 +643,8 @@ class Gui:
+                         # red.  doesn't happen if using a new random string each
+                         # time; doesn't happen if using a constant string each
+                         # time.  only happens with the specific implementation below.
+-						#TODO: on systems with limited color settings, this
+-						# makes the background look like random characters
++                                                #TODO: on systems with limited color settings, this
++                                                # makes the background look like random characters
+                         random_string = ("%02x" % random.randint(0,100)) * (raw_width-2)
+                         self.stdscr.addstr(top + 1 + y, left, random_string, curses.color_pair(self.BLACK))
+ 
+@@ -709,7 +709,7 @@ class Gui:
+ 
+ def get_cpu_info():
+     cpu_path = "/proc/cpuinfo"
+-    if platform.system == "FreeBSD":
++    if platform.system() == "FreeBSD":
+         cpu_path = "/compat/linux%s" % cpu_path
+     with open(cpu_path, "r") as f:
+         cpu = [l.strip() for l in f.readlines()[:7]]
+@@ -790,7 +790,8 @@ def main():
+         # Pick the first valid injector entry, this is not ideal but it should work fine
+         INJECTOR = INJECTOR[0]
+         print("Using injector from: %s" % INJECTOR)
+-        print("Injector BuildID: %s" % subprocess.check_output(['eu-readelf', '-n', INJECTOR]).split()[-1])
++        if platform.system() != "FreeBSD":
++            print("Injector BuildID: %s" % subprocess.check_output(['eu-readelf', '-n', INJECTOR]).split()[-1])
+         
+ 
+     parser = argparse.ArgumentParser()
+@@ -851,7 +852,7 @@ def main():
+         TICK = os.path.join(OUTPUT, "tick")
+         LAST = os.path.join(OUTPUT, "last")
+     else:
+-	print("warning: no log output path (--out) specified, results will be recorded to %s \nManualy specify a (--out) output path if you want your results recorded elsewhere." % OUTPUT)
++        print("warning: no log output path (--out) specified, results will be recorded to %s \nManualy specify a (--out) output path if you want your results recorded elsewhere." % OUTPUT)
+         # Wait to show message to user.
+         time.sleep(3)
+         # Create /tmp directory if it does not exist already, here we use much less strict checks.

security/sandsifter/pkg-descr

@@ -1,4 +1,4 @@
-The sandsifter audits x86 processors for hidden instructions and 
+The sandsifter audits x86 processors for hidden instructions and
 hardware bugs, by systematically generating machine code to search
 through a processor's instruction set, and monitoring execution for
 anomalies. Sandsifter has uncovered secret processor instructions from