Re: [UPDATE] www/sblg to 0.4.3
Bryan Vyhmeister writes: > This is another simple update of sblg from 0.4.2 to 0.4.3. The change > listed by the author is: > > "Make Atom feeds aware of the data-sblg-striplink attribute. This > attribute strips the directory part from the altlink (if requested), > allowing input files to have arbitrary directory parts harmlessly." > > I did testing on amd64 with no issues. I expect it should work fine > everywhere. CC maintainer also. Committed, thanks.
[UPDATE] www/sblg to 0.4.3
This is another simple update of sblg from 0.4.2 to 0.4.3. The change listed by the author is: "Make Atom feeds aware of the data-sblg-striplink attribute. This attribute strips the directory part from the altlink (if requested), allowing input files to have arbitrary directory parts harmlessly." I did testing on amd64 with no issues. I expect it should work fine everywhere. CC maintainer also. Bryan Index: www/sblg/Makefile === RCS file: /cvs/ports/www/sblg/Makefile,v retrieving revision 1.6 diff -u -p -r1.6 Makefile --- www/sblg/Makefile 15 Jun 2017 09:38:17 - 1.6 +++ www/sblg/Makefile 22 Jun 2017 04:17:42 - @@ -2,7 +2,7 @@ COMMENT = simple off-line blog utility -DISTNAME = sblg-0.4.2 +DISTNAME = sblg-0.4.3 CATEGORIES = www Index: www/sblg/distinfo === RCS file: /cvs/ports/www/sblg/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- www/sblg/distinfo 15 Jun 2017 09:38:17 - 1.6 +++ www/sblg/distinfo 22 Jun 2017 04:17:42 - @@ -1,2 +1,2 @@ -SHA256 (sblg-0.4.2.tar.gz) = DTpjGMMIAGXPrss+ZiyPvUPG9BlvpldrV+luU29k3Nw= -SIZE (sblg-0.4.2.tar.gz) = 48380 +SHA256 (sblg-0.4.3.tar.gz) = opYn2oGDXgieQFNKkoh19ignjokXO7WGGTkHFiIzUJ8= +SIZE (sblg-0.4.3.tar.gz) = 49063
Re: [NEW] net/google-compute-engine
On 2017-06-21 11:50 AM, Stuart Henderson wrote: On 2017/06/21 16:38, Antoine Jacoutot wrote: rc.d was never designed to handle anything but daemons... Right, I'll redesign the scripts then. To add a script in rc.local and rc.shutdown I need to add instruction in the README right? The user needs to manually add those no? Or is there a way to automatically add them at install (sorry if this is in the docs, I didn't find it) ? You could use a @sample in the plist but if the user already has these files around, the @sample won't get installed obviously . So documenting in the readme seems like the way to go. Unless someone has another idea? I think that would be the simplest approach. There is a problem using rc.local because of the order it runs, I need to run some scripts before the daemons begin. I changed the approach and used the meta script /etc/rc.d/google_compute_image to run those startup/shutdown scripts, it feels much better then before at least. I also update the package to version 2.4.0 (the last upstream version released). The is no much difference from before, the patch were almost all cleanly rebased with 2.4.0. Please see the attached package. Thanks Helen google-compute-engine-2.4.0.tar.gz Description: application/tar-gz
Re: [NEW] net/google-compute-engine
On 2017-06-21 08:32 AM, Stuart Henderson wrote: On 2017/06/14 21:46, Helen Koike wrote: I updated to rdate and removed ntp from the dependencie list. Plese see attachment. Sorry for the delay getting back to this. Can you check it still works with these changes please? New tar.gz attached, commentary below. If this still works for you, then it's OK sthen@ for another dev to import it (or I can do that if I get an OK from someone else). -DISTNAME = google-compute-engine-2.3.7 +MODPY_EGG_VERSION = 2.3.7 +DISTNAME = google-compute-engine-${MODPY_EGG_VERSION} Substituted in PLIST automatically, saves changes to PLIST after an update if just the version changes. -CATEGORIES = net +CATEGORIES = sysutils sysutils/ feels like a more natural location considering the other ports that are located there, and net/ is already rather busy so I generally avoid it if there's another reasonable choice. I had put it under net/ because an old version of this package ported to FreeBSD was already in net/ of FreeBSD-ports, but I don't mind changing it to sysutils/, I just thought it would be a good idea to keep the similarity -MODPY_ADJ_FILES = scripts/optimize_local_ssd \ - scripts/set_multiqueue \ [..] MODPY_ADJ_FILES is just there to adjust the "shebang" line, so is normally only relevant for scripts which you run directly, not for python modules. But setuptools normally adjusts scripts automatically, so MODPY_ADJ_FILES is usually just for special cases. pre-configure: - ${SUBST_CMD} ${WRKSRC}/google_compute_engine/instance_setup/instance_config.py - ${SUBST_CMD} ${WRKSRC}/google_compute_engine/instance_setup/instance_setup.py + cd ${WRKSRC}/google_compute_engine && ${SUBST_CMD} \ + config_manager.py instance_setup/instance_{config,setup}.py config_manager.py has some /etc which should be ${SYSCONFDIR} and patched. the rule here is "/etc files from the base OS should hardcode /etc, files from packages should use ${SYSCONFDIR}" Helen
Re: File::LibMagic dumping core non-deterministically (2)
Hello Stuard, hello Andrew, I, um, forgot that my mail server is still running OpenBSD 5.9 with associated amavisd and Perl versions. Sorry about that. cheers, rob urban On 06/21/2017 10:16 PM, Stuart Henderson wrote: > On 2017/06/21 21:54, IMAP List Administration wrote: >> Hello Folks, >> >> if the subject seems familiar, it's because it is. LibMagic is again causing >> amavisd-new to dump core which fouls up my postfix mailserver. >> >> LibMagic is dumping core on the following one-liner file: >> >>> This is an OpenPGP/MIME signed message (RFC 4880 and 3156) >> There is no new-line at the end. >> >> As usual, I used this script to reproduce: >> >>> #!/usr/bin/perl >>> >>> use File::LibMagic; >>> >>> my $file = shift; >>> $file || die "usage: $0 \n"; >>> >>> my $magic = File::LibMagic->new(); >>> >>> for(my $i = 0; $i < 10; $i++) { >>> my $desc = $magic->describe_filename($file); >>> print "description: $desc\n"; >>> if ($i % 100 == 0) { print "."; } >>> } >> The test file can be created with: >> >>> echo -n "This is an OpenPGP/MIME signed message (RFC 4880 and 3156)" > >>> /tmp/killme.txt >> Is this caused by the same problem I reported in June of 2016? >> >> cheers, >> >> rob urban >> > I can't replicate it here on amd64 -current, either with or without > malloc.conf hardening options. Got any more info about your environment > or a backtrace? > > We disabled File::LibMagic support in the amavisd-new port btw. > Calling out to the pledged file(1) in base is safer especially with the > untrusted data that will be passing through an email spam/virus scanner. >
Re: File::LibMagic dumping core non-deterministically (2)
On Wed, Jun 21, 2017 at 09:54:18PM +0200, IMAP List Administration wrote: > if the subject seems familiar, it's because it is. LibMagic is again causing > amavisd-new to dump core which fouls up my postfix mailserver. > > LibMagic is dumping core on the following one-liner file: > The test file can be created with: > > > echo -n "This is an OpenPGP/MIME signed message (RFC 4880 and 3156)" > > > /tmp/killme.txt > > Is this caused by the same problem I reported in June of 2016? Possibly easy to find out. Can you reproduce without perl being involved as I did previously? http://marc.info/?l=openbsd-ports&m=146593730524420&w=2 I made it through 10,000 rounds of "file" with that shell script and didn't get any failures on an older -current with libmagic-5.31. But, I also don't get any failures with the script you provided on a similar setup to sthen. OpenBSD 6.1-current (GENERIC.MP) #87: Tue May 30 21:05:25 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP libmagic-5.31 library to determine file type p5-File-LibMagic-1.15 perl wrapper for libmagic l8rZ, -- andrew - http://afresh1.com Hey, I think I see a barn up ahead. -- The American Astronaut
Re: File::LibMagic dumping core non-deterministically (2)
On 2017/06/21 21:54, IMAP List Administration wrote: > Hello Folks, > > if the subject seems familiar, it's because it is. LibMagic is again causing > amavisd-new to dump core which fouls up my postfix mailserver. > > LibMagic is dumping core on the following one-liner file: > > > This is an OpenPGP/MIME signed message (RFC 4880 and 3156) > > There is no new-line at the end. > > As usual, I used this script to reproduce: > > > #!/usr/bin/perl > > > > use File::LibMagic; > > > > my $file = shift; > > $file || die "usage: $0 \n"; > > > > my $magic = File::LibMagic->new(); > > > > for(my $i = 0; $i < 10; $i++) { > > my $desc = $magic->describe_filename($file); > > print "description: $desc\n"; > > if ($i % 100 == 0) { print "."; } > > } > > The test file can be created with: > > > echo -n "This is an OpenPGP/MIME signed message (RFC 4880 and 3156)" > > > /tmp/killme.txt > > Is this caused by the same problem I reported in June of 2016? > > cheers, > > rob urban > I can't replicate it here on amd64 -current, either with or without malloc.conf hardening options. Got any more info about your environment or a backtrace? We disabled File::LibMagic support in the amavisd-new port btw. Calling out to the pledged file(1) in base is safer especially with the untrusted data that will be passing through an email spam/virus scanner.
File::LibMagic dumping core non-deterministically (2)
Hello Folks, if the subject seems familiar, it's because it is. LibMagic is again causing amavisd-new to dump core which fouls up my postfix mailserver. LibMagic is dumping core on the following one-liner file: > This is an OpenPGP/MIME signed message (RFC 4880 and 3156) There is no new-line at the end. As usual, I used this script to reproduce: > #!/usr/bin/perl > > use File::LibMagic; > > my $file = shift; > $file || die "usage: $0 \n"; > > my $magic = File::LibMagic->new(); > > for(my $i = 0; $i < 10; $i++) { > my $desc = $magic->describe_filename($file); > print "description: $desc\n"; > if ($i % 100 == 0) { print "."; } > } The test file can be created with: > echo -n "This is an OpenPGP/MIME signed message (RFC 4880 and 3156)" > > /tmp/killme.txt Is this caused by the same problem I reported in June of 2016? cheers, rob urban
Re: NEW: net/texnut && REMOVE: net/texapp
On Wed, Jun 21, 2017 at 03:08:19PM -0400, Brian Callahan wrote: > >>> > >>> Additionally, net/texapp should be removed. The service texapp targeted > >>> has shut down, rendering this port now useless. However, texnut should > >>> not be viewed as an upgrade to texapp, as there's no reason to assume > >>> users of one service migrated to the other. [...] > In any event, we don't want useless ports (i.e. texapp) in the tree. OK fcambus@ to remove net/texapp.
Re: NEW: net/texnut && REMOVE: net/texapp
On 6/15/2017 8:34 PM, Brian Callahan wrote: > > On 6/6/2017 2:28 PM, Brian Callahan wrote: >> Hi ports -- >> >> On 5/16/2017 2:51 PM, Brian Callahan wrote: >>> Hi ports -- >>> >>> Attached is a new port, net/texnut, a command-line client for the >>> pnut.io social networking service. It is mostly identical to net/texapp. >>> >>> Additionally, net/texapp should be removed. The service texapp targeted >>> has shut down, rendering this port now useless. However, texnut should >>> not be viewed as an upgrade to texapp, as there's no reason to assume >>> users of one service migrated to the other. >>> >>> ~Brian >> Pinging this. Reattaching the new port (net/texnut) and including a diff >> to register the removal of net/texapp. >> >> ~Brian >> > Ping again. Reattaching the new port, mindful of remember to register > ports removals. > > OK? > > ~Brian > Will give away free accounts to get people to test texnut :) In any event, we don't want useless ports (i.e. texapp) in the tree.
Re: UPDATE: x11/worker 3.9.0 => 3.10.0
On 6/11/2017 8:27 PM, Brian Callahan wrote: > Hi ports -- > > Attached is a trivial diff to update x11/worker to its latest version. > Changelog is here: http://www.boomerangsworld.de/cms/worker/changes.html > > Works well on amd64. > > ~Brian > Ping.
Re: update: sysutils/sysclean 2.3
On Wed, Jun 21, 2017 at 05:12:21PM +0200, Sebastien Marie wrote: > Hi, > > The following diff updates sysclean to 2.3. \o/ Committed :-) > It includes a correction for licence information. > > This release is the result of several dicussions with aja@. Thanks to > him. > > It includes several importants changes: > - program options simplification > - more simple use for users (less things to include in > /etc/sysclean.ignore) > > In particular, by default it takes care of: > - all files in /etc/changelist > - /etc/sysclean.ignore itself > - dynamic ignore based on `rcctl ls on` (running services and daemons) > > > I would recommand to discard existing /etc/sysclean.ignore file, and > recreating it. > > > Complete Changelog > -- > > Changes: > - *BREAKING CHANGE* simplification of options > - remove safe mode (-s and previous default) > - make files mode to be the default > - the current synopsis is sysclean [-a | -p] [-i] > - make /etc/changelist to be included by default in ignore list > - ignore /etc/sysclean.ignore too > - use rcctl(8) information to extended expected files - it adds more magic > and less required entries in /etc/sysclean.ignore > - add a small regression suite (mostly for man page) > > New managed paths: > - syspatch(8) files > - KARL files - kernel object files and booted kernel > > > > -- > Sebastien Marie > > > Index: Makefile > === > RCS file: /cvs/ports/sysutils/sysclean/Makefile,v > retrieving revision 1.12 > diff -u -p -r1.12 Makefile > --- Makefile 7 Apr 2017 14:25:10 - 1.12 > +++ Makefile 21 Jun 2017 14:51:16 - > @@ -4,22 +4,23 @@ COMMENT = list obsolete files between Op > > GH_ACCOUNT = semarie > GH_PROJECT = sysclean > -GH_TAGNAME = 2.2 > +GH_TAGNAME = 2.3 > > CATEGORIES = sysutils > HOMEPAGE = https://github.com/semarie/sysclean/ > > MAINTAINER = Sebastien Marie > > -# BSD > +# ISC > PERMIT_PACKAGE_CDROM = Yes > > MAKE_ENV = BINDIR=${LOCALBASE}/bin \ > MANDIR=${LOCALBASE}/man/man > > NO_BUILD = Yes > -NO_TEST =Yes > PKG_ARCH = * > + > +TEST_TARGET =regress > > post-install: > ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sysclean > Index: distinfo > === > RCS file: /cvs/ports/sysutils/sysclean/distinfo,v > retrieving revision 1.11 > diff -u -p -r1.11 distinfo > --- distinfo 7 Apr 2017 14:25:10 - 1.11 > +++ distinfo 21 Jun 2017 14:51:16 - > @@ -1,2 +1,2 @@ > -SHA256 (sysclean-2.2.tar.gz) = RpROCXtW9Hgwq9DeF0zNSks+S2hZSpbBRe5XOesqZ60= > -SIZE (sysclean-2.2.tar.gz) = 5513 > +SHA256 (sysclean-2.3.tar.gz) = X5Q07BmhkOjwt4HRHXrBvvNGRAM7Nl+ogjCFa9dqBVc= > +SIZE (sysclean-2.3.tar.gz) = 5798 > -- Antoine
update: sysutils/sysclean 2.3
Hi, The following diff updates sysclean to 2.3. It includes a correction for licence information. This release is the result of several dicussions with aja@. Thanks to him. It includes several importants changes: - program options simplification - more simple use for users (less things to include in /etc/sysclean.ignore) In particular, by default it takes care of: - all files in /etc/changelist - /etc/sysclean.ignore itself - dynamic ignore based on `rcctl ls on` (running services and daemons) I would recommand to discard existing /etc/sysclean.ignore file, and recreating it. Complete Changelog -- Changes: - *BREAKING CHANGE* simplification of options - remove safe mode (-s and previous default) - make files mode to be the default - the current synopsis is sysclean [-a | -p] [-i] - make /etc/changelist to be included by default in ignore list - ignore /etc/sysclean.ignore too - use rcctl(8) information to extended expected files - it adds more magic and less required entries in /etc/sysclean.ignore - add a small regression suite (mostly for man page) New managed paths: - syspatch(8) files - KARL files - kernel object files and booted kernel -- Sebastien Marie Index: Makefile === RCS file: /cvs/ports/sysutils/sysclean/Makefile,v retrieving revision 1.12 diff -u -p -r1.12 Makefile --- Makefile7 Apr 2017 14:25:10 - 1.12 +++ Makefile21 Jun 2017 14:51:16 - @@ -4,22 +4,23 @@ COMMENT = list obsolete files between Op GH_ACCOUNT = semarie GH_PROJECT = sysclean -GH_TAGNAME = 2.2 +GH_TAGNAME = 2.3 CATEGORIES = sysutils HOMEPAGE = https://github.com/semarie/sysclean/ MAINTAINER = Sebastien Marie -# BSD +# ISC PERMIT_PACKAGE_CDROM = Yes MAKE_ENV = BINDIR=${LOCALBASE}/bin \ MANDIR=${LOCALBASE}/man/man NO_BUILD = Yes -NO_TEST = Yes PKG_ARCH = * + +TEST_TARGET = regress post-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sysclean Index: distinfo === RCS file: /cvs/ports/sysutils/sysclean/distinfo,v retrieving revision 1.11 diff -u -p -r1.11 distinfo --- distinfo7 Apr 2017 14:25:10 - 1.11 +++ distinfo21 Jun 2017 14:51:16 - @@ -1,2 +1,2 @@ -SHA256 (sysclean-2.2.tar.gz) = RpROCXtW9Hgwq9DeF0zNSks+S2hZSpbBRe5XOesqZ60= -SIZE (sysclean-2.2.tar.gz) = 5513 +SHA256 (sysclean-2.3.tar.gz) = X5Q07BmhkOjwt4HRHXrBvvNGRAM7Nl+ogjCFa9dqBVc= +SIZE (sysclean-2.3.tar.gz) = 5798
Re: [NEW] net/google-compute-engine
On 2017/06/21 16:38, Antoine Jacoutot wrote: > > > rc.d was never designed to handle anything but daemons... > > > > > > > Right, I'll redesign the scripts then. > > To add a script in rc.local and rc.shutdown I need to add instruction in the > > README right? The user needs to manually add those no? Or is there a way to > > automatically add them at install (sorry if this is in the docs, I didn't > > find it) ? > > You could use a @sample in the plist but if the user already has these files > around, the @sample won't get installed obviously . So documenting in the > readme seems like the way to go. > Unless someone has another idea? I think that would be the simplest approach.
Re: [NEW] net/google-compute-engine
> > rc.d was never designed to handle anything but daemons... > > > > Right, I'll redesign the scripts then. > To add a script in rc.local and rc.shutdown I need to add instruction in the > README right? The user needs to manually add those no? Or is there a way to > automatically add them at install (sorry if this is in the docs, I didn't > find it) ? You could use a @sample in the plist but if the user already has these files around, the @sample won't get installed obviously . So documenting in the readme seems like the way to go. Unless someone has another idea? -- Antoine
Re: [NEW] net/google-compute-engine
On 2017-06-21 11:19 AM, Antoine Jacoutot wrote: It'd be nice to make these patches upstreamable instead of patching over at some point... I am working on that, the problem is the compatibility with linux that the upstream project wants to keep, so those patches can't not be simply merged in upstream. Yes, that is my point. That is why I said we should make them upstreamable instead of what they do now. It does not have to be done right away of course, but eventually we want that. sure Hmm yes I don't understand that either. Several scripts are not daemons, without the _CHECK variable, the "start" action will fail because it executes rc_start and then checks if the daemon is running by calling rc_check (that would fail). So I did this ugly _CHECK variable to pretend the daemon is running after a "start" action and that it is not running anymore after a "stop" action (otherwise those actions fails). Maybe it would be better to add those in the rc.local, but I was trying to keep the scripts used in the upstream format so the same scripts exists https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_init/sysvinit But maybe this is not a good idea, what do you think? rc.d was never designed to handle anything but daemons... Right, I'll redesign the scripts then. To add a script in rc.local and rc.shutdown I need to add instruction in the README right? The user needs to manually add those no? Or is there a way to automatically add them at install (sorry if this is in the docs, I didn't find it) ? Thanks Helen
Re: [NEW] net/google-compute-engine
> > > It'd be nice to make these patches upstreamable instead of patching over > > > at some > > > point... > > I am working on that, the problem is the compatibility with linux that the > upstream project wants to keep, so those patches can't not be simply merged > in upstream. Yes, that is my point. That is why I said we should make them upstreamable instead of what they do now. It does not have to be done right away of course, but eventually we want that. > > Hmm yes I don't understand that either. > > Several scripts are not daemons, without the _CHECK variable, the "start" > action will fail because it executes rc_start and then checks if the daemon > is running by calling rc_check (that would fail). > So I did this ugly _CHECK variable to pretend the daemon is running after a > "start" action and that it is not running anymore after a "stop" action > (otherwise those actions fails). > > Maybe it would be better to add those in the rc.local, but I was trying to > keep the scripts used in the upstream format so the same scripts exists > https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_init/sysvinit > > But maybe this is not a good idea, what do you think? rc.d was never designed to handle anything but daemons... -- Antoine
Re: [NEW] net/google-compute-engine
Hi Antoine and Stuart, Thanks for reviewing this package On 2017-06-21 09:49 AM, Stuart Henderson wrote: On 2017/06/21 14:33, Antoine Jacoutot wrote: On Wed, Jun 21, 2017 at 12:32:35PM +0100, Stuart Henderson wrote: On 2017/06/14 21:46, Helen Koike wrote: I updated to rdate and removed ntp from the dependencie list. Plese see attachment. Sorry for the delay getting back to this. Can you check it still works with these changes please? New tar.gz attached, commentary below. If this still works for you, then it's OK sthen@ for another dev to import it (or I can do that if I get an OK from someone else). It'd be nice to make these patches upstreamable instead of patching over at some point... I am working on that, the problem is the compatibility with linux that the upstream project wants to keep, so those patches can't not be simply merged in upstream. Anyway, some remarks: - Could you sort the rc_ vars in the rc.d scripts? (rc_bg, rc_reload). Ahhh why did I forget to check those scripts! - Also make sure you use tabs and not a mix or tabs and spaces in the rc.d scripts for consistency. - google_instance_setup.rc and google_network_setup.rc: ${_bg} is a no-op and rc_reload should come before the functions overrides. Updated version fixes those. Also what's the purpose of the _CHECK variable? Hmm yes I don't understand that either. Several scripts are not daemons, without the _CHECK variable, the "start" action will fail because it executes rc_start and then checks if the daemon is running by calling rc_check (that would fail). So I did this ugly _CHECK variable to pretend the daemon is running after a "start" action and that it is not running anymore after a "stop" action (otherwise those actions fails). Maybe it would be better to add those in the rc.local, but I was trying to keep the scripts used in the upstream format so the same scripts exists https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_init/sysvinit But maybe this is not a good idea, what do you think? - google_shutdown_scritps is weird. As far as I understand it, it's only meant to run on startup; can't we fiddle with rc_start=NO ? Looks like it's only to run at shutdown? Yes, shutdown. If I understand correct, it we add rc_start=NO, it won't run "start" then it has no reason to run "stop" at shutdown. And startups_scripts only at startup? So perhaps these should be combined in a single rc script .. Same as my previous comment, I added google_shutdown_scripts/google_startup_scripts to match those in upstream but we could combine them if you thing it is better. - the pkg-readme is pretty useless as is I think we do need something - without it, it's unclear which of the rc scripts to use. Thanks Helen
Re: [NEW] net/google-compute-engine
> > - the pkg-readme is pretty useless as is > > I think we do need something - without it, it's unclear which of the > rc scripts to use. Well, it looks like most of this stuff is a script that must be started at boot. Not a daemon per se. They belong in rc.local and rc.shutdown imho. At least if I understand it properly. So we should be only left with one or two scripts and the readme becomes useless. pkg_add already tells you about installed rc.d scripts. -- Antoine
Re: [NEW] net/google-compute-engine
On 2017/06/21 13:49, Stuart Henderson wrote: > Updated version fixes those. Helps if I attach the updated version.. (but not ready yet). google-compute-engine.tar.gz Description: application/tar-gz
Re: [NEW] net/google-compute-engine
On 2017/06/21 14:33, Antoine Jacoutot wrote: > On Wed, Jun 21, 2017 at 12:32:35PM +0100, Stuart Henderson wrote: > > On 2017/06/14 21:46, Helen Koike wrote: > > > I updated to rdate and removed ntp from the dependencie list. Plese see > > > attachment. > > > > Sorry for the delay getting back to this. Can you check it still works with > > these changes please? New tar.gz attached, commentary below. > > > > If this still works for you, then it's OK sthen@ for another dev to > > import it (or I can do that if I get an OK from someone else). > > It'd be nice to make these patches upstreamable instead of patching over at > some > point... > Anyway, some remarks: > > - Could you sort the rc_ vars in the rc.d scripts? (rc_bg, rc_reload). Ahhh why did I forget to check those scripts! > - Also make sure you use tabs and not a mix or tabs and spaces in the rc.d > scripts > for consistency. > > - google_instance_setup.rc and google_network_setup.rc: ${_bg} is a no-op and > rc_reload should come before the functions overrides. Updated version fixes those. > Also what's the purpose of the _CHECK variable? Hmm yes I don't understand that either. > - google_shutdown_scritps is weird. As far as I understand it, it's only meant > to run on startup; can't we fiddle with rc_start=NO ? Looks like it's only to run at shutdown? And startups_scripts only at startup? So perhaps these should be combined in a single rc script .. > - the pkg-readme is pretty useless as is I think we do need something - without it, it's unclear which of the rc scripts to use.
Re: [NEW] net/google-compute-engine
On Wed, Jun 21, 2017 at 12:32:35PM +0100, Stuart Henderson wrote: > On 2017/06/14 21:46, Helen Koike wrote: > > I updated to rdate and removed ntp from the dependencie list. Plese see > > attachment. > > Sorry for the delay getting back to this. Can you check it still works with > these changes please? New tar.gz attached, commentary below. > > If this still works for you, then it's OK sthen@ for another dev to > import it (or I can do that if I get an OK from someone else). It'd be nice to make these patches upstreamable instead of patching over at some point... Anyway, some remarks: - Could you sort the rc_ vars in the rc.d scripts? (rc_bg, rc_reload). - Also make sure you use tabs and not a mix or tabs and spaces in the rc.d scripts for consistency. - google_instance_setup.rc and google_network_setup.rc: ${_bg} is a no-op and rc_reload should come before the functions overrides. Also what's the purpose of the _CHECK variable? - google_shutdown_scritps is weird. As far as I understand it, it's only meant to run on startup; can't we fiddle with rc_start=NO ? - the pkg-readme is pretty useless as is
Re: SECURITY UPDATE: net/openvpn 2.4.3
On Wed, Jun 21, 2017 at 01:58:46PM +0200, Jeremie Courreges-Anglas wrote: > Paul Irofti writes: > > > On Wed, Jun 21, 2017 at 02:34:13PM +0300, Paul Irofti wrote: > >> The following fixes 4 remote holes. OK? :) > >> I have diffs for -stable too, coming up next. > >> > >> https://marc.info/?l=oss-security&m=149804249114979&w=2 > > > > Stable diff follows > > Thanks, but please use the following diff. Tested on -stable. OK. > > > Index: Makefile > === > RCS file: /d/cvs/ports/net/openvpn/Makefile,v > retrieving revision 1.73.2.1 > diff -u -p -r1.73.2.1 Makefile > --- Makefile 15 May 2017 23:44:41 - 1.73.2.1 > +++ Makefile 21 Jun 2017 11:57:18 - > @@ -2,7 +2,7 @@ > > COMMENT= easy-to-use, robust, and highly configurable VPN > > -DISTNAME=openvpn-2.4.2 > +DISTNAME=openvpn-2.4.3 > CATEGORIES= net security > > HOMEPAGE=https://openvpn.net/index.php/open-source/ > Index: distinfo > === > RCS file: /d/cvs/ports/net/openvpn/distinfo,v > retrieving revision 1.36.2.1 > diff -u -p -r1.36.2.1 distinfo > --- distinfo 15 May 2017 23:44:41 - 1.36.2.1 > +++ distinfo 21 Jun 2017 11:57:18 - > @@ -1,2 +1,2 @@ > -SHA256 (openvpn-2.4.2.tar.gz) = skdAydRKgeryvvxIRtUURaUgEEMh4yqvDBNe0uCYpiQ= > -SIZE (openvpn-2.4.2.tar.gz) = 1402516 > +SHA256 (openvpn-2.4.3.tar.gz) = hKAao98MEqNVLKO6qjnXABN7W85LbeaD/of7eb+l3ws= > +SIZE (openvpn-2.4.3.tar.gz) = 1397306 > Index: patches/patch-configure > === > RCS file: /d/cvs/ports/net/openvpn/patches/patch-configure,v > retrieving revision 1.15.2.1 > diff -u -p -r1.15.2.1 patch-configure > --- patches/patch-configure 15 May 2017 23:44:41 - 1.15.2.1 > +++ patches/patch-configure 21 Jun 2017 11:57:18 - > @@ -2,7 +2,7 @@ $OpenBSD: patch-configure,v 1.15.2.1 201 > Index: configure > --- configure.orig > +++ configure > -@@ -17187,7 +17187,7 @@ else > +@@ -17318,7 +17318,7 @@ else > fi > > > Index: patches/patch-include_openvpn-plugin_h_in > === > RCS file: patches/patch-include_openvpn-plugin_h_in > diff -N patches/patch-include_openvpn-plugin_h_in > --- patches/patch-include_openvpn-plugin_h_in 15 May 2017 23:44:41 - > 1.1.2.1 > +++ /dev/null 1 Jan 1970 00:00:00 - > @@ -1,15 +0,0 @@ > -$OpenBSD: patch-include_openvpn-plugin_h_in,v 1.1.2.1 2017/05/15 23:44:41 > jca Exp $ > - > -Include stddef.h for size_t. > - > -Index: include/openvpn-plugin.h.in > include/openvpn-plugin.h.in.orig > -+++ include/openvpn-plugin.h.in > -@@ -44,6 +44,7 @@ typedef X509 openvpn_x509_cert_t; > - #endif > - > - #include > -+#include > - > - #ifdef __cplusplus > - extern "C" { > Index: patches/patch-src_openvpn_route_c > === > RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_route_c,v > retrieving revision 1.8 > diff -u -p -r1.8 patch-src_openvpn_route_c > --- patches/patch-src_openvpn_route_c 28 Mar 2017 22:16:37 - 1.8 > +++ patches/patch-src_openvpn_route_c 21 Jun 2017 11:57:18 - > @@ -2,9 +2,10 @@ $OpenBSD: patch-src_openvpn_route_c,v 1. > > - add support for on-link routes > > src/openvpn/route.c.orig Wed Mar 22 16:34:21 2017 > -+++ src/openvpn/route.c Mon Mar 27 06:01:57 2017 > -@@ -1778,12 +1778,17 @@ add_route(struct route_ipv4 *r, > +Index: src/openvpn/route.c > +--- src/openvpn/route.c.orig > src/openvpn/route.c > +@@ -1777,12 +1777,17 @@ add_route(struct route_ipv4 *r, > } > #endif > > Index: patches/patch-src_openvpn_syshead_h > === > RCS file: patches/patch-src_openvpn_syshead_h > diff -N patches/patch-src_openvpn_syshead_h > --- patches/patch-src_openvpn_syshead_h 16 Feb 2017 21:16:55 - > 1.3 > +++ /dev/null 1 Jan 1970 00:00:00 - > @@ -1,14 +0,0 @@ > -$OpenBSD: patch-src_openvpn_syshead_h,v 1.3 2017/02/16 21:16:55 kurt Exp $ > src/openvpn/syshead.h.orig Wed Feb 15 11:34:39 2017 > -+++ src/openvpn/syshead.hWed Feb 15 11:35:49 2017 > -@@ -288,6 +288,10 @@ > - #include > - #endif > - > -+#ifdef HAVE_NETINET_TCP_H > -+#include > -+#endif > -+ > - #ifdef HAVE_NET_IF_TUN_H > - #include > - #endif > Index: patches/patch-src_openvpn_tun_c > === > RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_tun_c,v > retrieving revision 1.12.2.1 > diff -u -p -r1.12.2.1 patch-src_openvpn_tun_c > --- patches/patch-src_openvpn_tun_c 15 May 2017 23:44:41 - 1.12.2.1 > +++ patches/patch-src_openvpn_tun_c 21 Jun 2017 11:57:18 - > @@ -5,7 +5,7 @@ $OpenBSD: patch-src_openvpn_tun_c,v 1.12 > Index: src/openvpn/tun.c > --- src/openvpn/tun.c.orig > +++ src/openvpn/tun
Re: SECURITY UPDATE: net/openvpn 2.4.3
Paul Irofti writes: > On Wed, Jun 21, 2017 at 02:34:13PM +0300, Paul Irofti wrote: >> The following fixes 4 remote holes. OK? :) >> I have diffs for -stable too, coming up next. >> >> https://marc.info/?l=oss-security&m=149804249114979&w=2 > > Stable diff follows Thanks, but please use the following diff. Index: Makefile === RCS file: /d/cvs/ports/net/openvpn/Makefile,v retrieving revision 1.73.2.1 diff -u -p -r1.73.2.1 Makefile --- Makefile15 May 2017 23:44:41 - 1.73.2.1 +++ Makefile21 Jun 2017 11:57:18 - @@ -2,7 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -DISTNAME= openvpn-2.4.2 +DISTNAME= openvpn-2.4.3 CATEGORIES=net security HOMEPAGE= https://openvpn.net/index.php/open-source/ Index: distinfo === RCS file: /d/cvs/ports/net/openvpn/distinfo,v retrieving revision 1.36.2.1 diff -u -p -r1.36.2.1 distinfo --- distinfo15 May 2017 23:44:41 - 1.36.2.1 +++ distinfo21 Jun 2017 11:57:18 - @@ -1,2 +1,2 @@ -SHA256 (openvpn-2.4.2.tar.gz) = skdAydRKgeryvvxIRtUURaUgEEMh4yqvDBNe0uCYpiQ= -SIZE (openvpn-2.4.2.tar.gz) = 1402516 +SHA256 (openvpn-2.4.3.tar.gz) = hKAao98MEqNVLKO6qjnXABN7W85LbeaD/of7eb+l3ws= +SIZE (openvpn-2.4.3.tar.gz) = 1397306 Index: patches/patch-configure === RCS file: /d/cvs/ports/net/openvpn/patches/patch-configure,v retrieving revision 1.15.2.1 diff -u -p -r1.15.2.1 patch-configure --- patches/patch-configure 15 May 2017 23:44:41 - 1.15.2.1 +++ patches/patch-configure 21 Jun 2017 11:57:18 - @@ -2,7 +2,7 @@ $OpenBSD: patch-configure,v 1.15.2.1 201 Index: configure --- configure.orig +++ configure -@@ -17187,7 +17187,7 @@ else +@@ -17318,7 +17318,7 @@ else fi Index: patches/patch-include_openvpn-plugin_h_in === RCS file: patches/patch-include_openvpn-plugin_h_in diff -N patches/patch-include_openvpn-plugin_h_in --- patches/patch-include_openvpn-plugin_h_in 15 May 2017 23:44:41 - 1.1.2.1 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,15 +0,0 @@ -$OpenBSD: patch-include_openvpn-plugin_h_in,v 1.1.2.1 2017/05/15 23:44:41 jca Exp $ - -Include stddef.h for size_t. - -Index: include/openvpn-plugin.h.in include/openvpn-plugin.h.in.orig -+++ include/openvpn-plugin.h.in -@@ -44,6 +44,7 @@ typedef X509 openvpn_x509_cert_t; - #endif - - #include -+#include - - #ifdef __cplusplus - extern "C" { Index: patches/patch-src_openvpn_route_c === RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_route_c,v retrieving revision 1.8 diff -u -p -r1.8 patch-src_openvpn_route_c --- patches/patch-src_openvpn_route_c 28 Mar 2017 22:16:37 - 1.8 +++ patches/patch-src_openvpn_route_c 21 Jun 2017 11:57:18 - @@ -2,9 +2,10 @@ $OpenBSD: patch-src_openvpn_route_c,v 1. - add support for on-link routes src/openvpn/route.c.orig Wed Mar 22 16:34:21 2017 -+++ src/openvpn/route.cMon Mar 27 06:01:57 2017 -@@ -1778,12 +1778,17 @@ add_route(struct route_ipv4 *r, +Index: src/openvpn/route.c +--- src/openvpn/route.c.orig src/openvpn/route.c +@@ -1777,12 +1777,17 @@ add_route(struct route_ipv4 *r, } #endif Index: patches/patch-src_openvpn_syshead_h === RCS file: patches/patch-src_openvpn_syshead_h diff -N patches/patch-src_openvpn_syshead_h --- patches/patch-src_openvpn_syshead_h 16 Feb 2017 21:16:55 - 1.3 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,14 +0,0 @@ -$OpenBSD: patch-src_openvpn_syshead_h,v 1.3 2017/02/16 21:16:55 kurt Exp $ src/openvpn/syshead.h.orig Wed Feb 15 11:34:39 2017 -+++ src/openvpn/syshead.h Wed Feb 15 11:35:49 2017 -@@ -288,6 +288,10 @@ - #include - #endif - -+#ifdef HAVE_NETINET_TCP_H -+#include -+#endif -+ - #ifdef HAVE_NET_IF_TUN_H - #include - #endif Index: patches/patch-src_openvpn_tun_c === RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_tun_c,v retrieving revision 1.12.2.1 diff -u -p -r1.12.2.1 patch-src_openvpn_tun_c --- patches/patch-src_openvpn_tun_c 15 May 2017 23:44:41 - 1.12.2.1 +++ patches/patch-src_openvpn_tun_c 21 Jun 2017 11:57:18 - @@ -5,7 +5,7 @@ $OpenBSD: patch-src_openvpn_tun_c,v 1.12 Index: src/openvpn/tun.c --- src/openvpn/tun.c.orig +++ src/openvpn/tun.c -@@ -1201,7 +1201,7 @@ do_ifconfig(struct tuntap *tt, +@@ -1200,7 +1200,7 @@ do_ifconfig(struct tuntap *tt, if (tun) { argv_printf(&argv, @@ -14,7 +14,7 @@ Index: src/openvpn/tun.c IFCONFIG_PATH, actual, ifconfig_local, -@@ -
Re: SECURITY UPDATE: net/openvpn 2.4.3
On Wed, Jun 21, 2017 at 01:53:47PM +0200, Jeremie Courreges-Anglas wrote: > Paul Irofti writes: > > > The following fixes 4 remote holes. OK? :) > > Nope, please don't blindly delete patches that don't apply. ;) Oh, I missunderstood the log messages about patches pushed upstream. Sure, go ahead please. > > My take: > > > Index: Makefile > === > RCS file: /d/cvs/ports/net/openvpn/Makefile,v > retrieving revision 1.78 > diff -u -p -r1.78 Makefile > --- Makefile 11 Jun 2017 12:15:50 - 1.78 > +++ Makefile 21 Jun 2017 11:50:44 - > @@ -2,8 +2,7 @@ > > COMMENT= easy-to-use, robust, and highly configurable VPN > > -DISTNAME=openvpn-2.4.2 > -REVISION=2 > +DISTNAME=openvpn-2.4.3 > CATEGORIES= net security > > HOMEPAGE=https://openvpn.net/index.php/open-source/ > Index: distinfo > === > RCS file: /d/cvs/ports/net/openvpn/distinfo,v > retrieving revision 1.37 > diff -u -p -r1.37 distinfo > --- distinfo 14 May 2017 16:43:33 - 1.37 > +++ distinfo 21 Jun 2017 11:50:44 - > @@ -1,2 +1,2 @@ > -SHA256 (openvpn-2.4.2.tar.gz) = skdAydRKgeryvvxIRtUURaUgEEMh4yqvDBNe0uCYpiQ= > -SIZE (openvpn-2.4.2.tar.gz) = 1402516 > +SHA256 (openvpn-2.4.3.tar.gz) = hKAao98MEqNVLKO6qjnXABN7W85LbeaD/of7eb+l3ws= > +SIZE (openvpn-2.4.3.tar.gz) = 1397306 > Index: patches/patch-configure > === > RCS file: /d/cvs/ports/net/openvpn/patches/patch-configure,v > retrieving revision 1.16 > diff -u -p -r1.16 patch-configure > --- patches/patch-configure 14 May 2017 16:43:33 - 1.16 > +++ patches/patch-configure 21 Jun 2017 11:50:44 - > @@ -2,7 +2,7 @@ $OpenBSD: patch-configure,v 1.16 2017/05 > Index: configure > --- configure.orig > +++ configure > -@@ -17187,7 +17187,7 @@ else > +@@ -17318,7 +17318,7 @@ else > fi > > > Index: patches/patch-include_openvpn-plugin_h_in > === > RCS file: patches/patch-include_openvpn-plugin_h_in > diff -N patches/patch-include_openvpn-plugin_h_in > --- patches/patch-include_openvpn-plugin_h_in 15 May 2017 14:30:56 - > 1.1 > +++ /dev/null 1 Jan 1970 00:00:00 - > @@ -1,15 +0,0 @@ > -$OpenBSD: patch-include_openvpn-plugin_h_in,v 1.1 2017/05/15 14:30:56 jca > Exp $ > - > -Include stddef.h for size_t. > - > -Index: include/openvpn-plugin.h.in > include/openvpn-plugin.h.in.orig > -+++ include/openvpn-plugin.h.in > -@@ -44,6 +44,7 @@ typedef X509 openvpn_x509_cert_t; > - #endif > - > - #include > -+#include > - > - #ifdef __cplusplus > - extern "C" { > Index: patches/patch-src_openvpn_route_c > === > RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_route_c,v > retrieving revision 1.10 > diff -u -p -r1.10 patch-src_openvpn_route_c > --- patches/patch-src_openvpn_route_c 11 Jun 2017 12:15:50 - 1.10 > +++ patches/patch-src_openvpn_route_c 21 Jun 2017 11:50:44 - > @@ -2,12 +2,10 @@ $OpenBSD: patch-src_openvpn_route_c,v 1. > > - add support for on-link routes > > -- add support for non-0 routing tables > - > https://github.com/OpenVPN/openvpn/commit/3dd30bfe5fdf9f34afe7f847b4e30156982d9ff0 > - > src/openvpn/route.c.orig Thu Mar 23 02:34:21 2017 > -+++ src/openvpn/route.c Wed Apr 12 18:06:40 2017 > -@@ -1778,12 +1778,17 @@ add_route(struct route_ipv4 *r, > +Index: src/openvpn/route.c > +--- src/openvpn/route.c.orig > src/openvpn/route.c > +@@ -1777,12 +1777,17 @@ add_route(struct route_ipv4 *r, > } > #endif > > @@ -28,23 +26,3 @@ $OpenBSD: patch-src_openvpn_route_c,v 1. > > argv_msg(D_ROUTE, &argv); > status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD > route add command failed"); > -@@ -3597,6 +3602,9 @@ get_default_gateway(struct route_gateway_info *rgi) > - rtm.rtm_flags = RTF_UP | RTF_GATEWAY; > - rtm.rtm_version = RTM_VERSION; > - rtm.rtm_seq = ++seq; > -+#ifdef TARGET_OPENBSD > -+rtm.rtm_tableid = getrtable(); > -+#endif > - rtm.rtm_addrs = rtm_addrs; > - > - so_dst.sa_family = AF_INET; > -@@ -3812,6 +3820,9 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_inf > - rtm.rtm_flags = RTF_UP; > - rtm.rtm_version = RTM_VERSION; > - rtm.rtm_seq = ++seq; > -+#ifdef TARGET_OPENBSD > -+rtm.rtm_tableid = getrtable(); > -+#endif > - > - so_dst.sin6_family = AF_INET6; > - so_mask.sin6_family = AF_INET6; > Index: patches/patch-src_openvpn_syshead_h > === > RCS file: patches/patch-src_openvpn_syshead_h > diff -N patches/patch-src_openvpn_syshead_h > --- patches/patch-src_openvpn_syshead_h 11 Jun 2017 12:15:50 - > 1.4 > +++ /dev/null 1 Jan 1970 00:00:00 - > @@ -1,18 +0,0 @@ > -$OpenBSD: patch-s
Re: SECURITY UPDATE: net/openvpn 2.4.3
Paul Irofti writes: > The following fixes 4 remote holes. OK? :) Nope, please don't blindly delete patches that don't apply. ;) My take: Index: Makefile === RCS file: /d/cvs/ports/net/openvpn/Makefile,v retrieving revision 1.78 diff -u -p -r1.78 Makefile --- Makefile11 Jun 2017 12:15:50 - 1.78 +++ Makefile21 Jun 2017 11:50:44 - @@ -2,8 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -DISTNAME= openvpn-2.4.2 -REVISION= 2 +DISTNAME= openvpn-2.4.3 CATEGORIES=net security HOMEPAGE= https://openvpn.net/index.php/open-source/ Index: distinfo === RCS file: /d/cvs/ports/net/openvpn/distinfo,v retrieving revision 1.37 diff -u -p -r1.37 distinfo --- distinfo14 May 2017 16:43:33 - 1.37 +++ distinfo21 Jun 2017 11:50:44 - @@ -1,2 +1,2 @@ -SHA256 (openvpn-2.4.2.tar.gz) = skdAydRKgeryvvxIRtUURaUgEEMh4yqvDBNe0uCYpiQ= -SIZE (openvpn-2.4.2.tar.gz) = 1402516 +SHA256 (openvpn-2.4.3.tar.gz) = hKAao98MEqNVLKO6qjnXABN7W85LbeaD/of7eb+l3ws= +SIZE (openvpn-2.4.3.tar.gz) = 1397306 Index: patches/patch-configure === RCS file: /d/cvs/ports/net/openvpn/patches/patch-configure,v retrieving revision 1.16 diff -u -p -r1.16 patch-configure --- patches/patch-configure 14 May 2017 16:43:33 - 1.16 +++ patches/patch-configure 21 Jun 2017 11:50:44 - @@ -2,7 +2,7 @@ $OpenBSD: patch-configure,v 1.16 2017/05 Index: configure --- configure.orig +++ configure -@@ -17187,7 +17187,7 @@ else +@@ -17318,7 +17318,7 @@ else fi Index: patches/patch-include_openvpn-plugin_h_in === RCS file: patches/patch-include_openvpn-plugin_h_in diff -N patches/patch-include_openvpn-plugin_h_in --- patches/patch-include_openvpn-plugin_h_in 15 May 2017 14:30:56 - 1.1 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,15 +0,0 @@ -$OpenBSD: patch-include_openvpn-plugin_h_in,v 1.1 2017/05/15 14:30:56 jca Exp $ - -Include stddef.h for size_t. - -Index: include/openvpn-plugin.h.in include/openvpn-plugin.h.in.orig -+++ include/openvpn-plugin.h.in -@@ -44,6 +44,7 @@ typedef X509 openvpn_x509_cert_t; - #endif - - #include -+#include - - #ifdef __cplusplus - extern "C" { Index: patches/patch-src_openvpn_route_c === RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_route_c,v retrieving revision 1.10 diff -u -p -r1.10 patch-src_openvpn_route_c --- patches/patch-src_openvpn_route_c 11 Jun 2017 12:15:50 - 1.10 +++ patches/patch-src_openvpn_route_c 21 Jun 2017 11:50:44 - @@ -2,12 +2,10 @@ $OpenBSD: patch-src_openvpn_route_c,v 1. - add support for on-link routes -- add support for non-0 routing tables - https://github.com/OpenVPN/openvpn/commit/3dd30bfe5fdf9f34afe7f847b4e30156982d9ff0 - src/openvpn/route.c.orig Thu Mar 23 02:34:21 2017 -+++ src/openvpn/route.cWed Apr 12 18:06:40 2017 -@@ -1778,12 +1778,17 @@ add_route(struct route_ipv4 *r, +Index: src/openvpn/route.c +--- src/openvpn/route.c.orig src/openvpn/route.c +@@ -1777,12 +1777,17 @@ add_route(struct route_ipv4 *r, } #endif @@ -28,23 +26,3 @@ $OpenBSD: patch-src_openvpn_route_c,v 1. argv_msg(D_ROUTE, &argv); status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD route add command failed"); -@@ -3597,6 +3602,9 @@ get_default_gateway(struct route_gateway_info *rgi) - rtm.rtm_flags = RTF_UP | RTF_GATEWAY; - rtm.rtm_version = RTM_VERSION; - rtm.rtm_seq = ++seq; -+#ifdef TARGET_OPENBSD -+rtm.rtm_tableid = getrtable(); -+#endif - rtm.rtm_addrs = rtm_addrs; - - so_dst.sa_family = AF_INET; -@@ -3812,6 +3820,9 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_inf - rtm.rtm_flags = RTF_UP; - rtm.rtm_version = RTM_VERSION; - rtm.rtm_seq = ++seq; -+#ifdef TARGET_OPENBSD -+rtm.rtm_tableid = getrtable(); -+#endif - - so_dst.sin6_family = AF_INET6; - so_mask.sin6_family = AF_INET6; Index: patches/patch-src_openvpn_syshead_h === RCS file: patches/patch-src_openvpn_syshead_h diff -N patches/patch-src_openvpn_syshead_h --- patches/patch-src_openvpn_syshead_h 11 Jun 2017 12:15:50 - 1.4 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,18 +0,0 @@ -$OpenBSD: patch-src_openvpn_syshead_h,v 1.4 2017/06/11 12:15:50 jca Exp $ - -- missing include - https://github.com/OpenVPN/openvpn/commit/e5b236eaba4512f86da917a0a63dd0f84e1b02db - src/openvpn/syshead.h.orig Wed Feb 15 11:34:39 2017 -+++ src/openvpn/syshead.h Wed Feb 15 11:35:49 2017 -@@ -288,6 +288,10 @@ - #include - #endif - -+#ifdef HAVE_NETINET_TCP_H -+#include -+#endif -+ - #ifdef HAVE_NET_IF_TUN_H - #inc
Re: SECURITY UPDATE: net/openvpn 2.4.3
On Wed, Jun 21, 2017 at 02:34:13PM +0300, Paul Irofti wrote: > The following fixes 4 remote holes. OK? :) > I have diffs for -stable too, coming up next. > > https://marc.info/?l=oss-security&m=149804249114979&w=2 Stable diff follows Index: Makefile === RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.73.2.1 diff -u -p -u -p -r1.73.2.1 Makefile --- Makefile15 May 2017 23:44:41 - 1.73.2.1 +++ Makefile21 Jun 2017 11:46:04 - @@ -2,7 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -DISTNAME= openvpn-2.4.2 +DISTNAME= openvpn-2.4.3 CATEGORIES=net security HOMEPAGE= https://openvpn.net/index.php/open-source/ Index: distinfo === RCS file: /cvs/ports/net/openvpn/distinfo,v retrieving revision 1.36.2.1 diff -u -p -u -p -r1.36.2.1 distinfo --- distinfo15 May 2017 23:44:41 - 1.36.2.1 +++ distinfo21 Jun 2017 11:46:04 - @@ -1,2 +1,2 @@ -SHA256 (openvpn-2.4.2.tar.gz) = skdAydRKgeryvvxIRtUURaUgEEMh4yqvDBNe0uCYpiQ= -SIZE (openvpn-2.4.2.tar.gz) = 1402516 +SHA256 (openvpn-2.4.3.tar.gz) = hKAao98MEqNVLKO6qjnXABN7W85LbeaD/of7eb+l3ws= +SIZE (openvpn-2.4.3.tar.gz) = 1397306 Index: patches/patch-src_openvpn_route_c === RCS file: patches/patch-src_openvpn_route_c diff -N patches/patch-src_openvpn_route_c --- patches/patch-src_openvpn_route_c 28 Mar 2017 22:16:37 - 1.8 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,27 +0,0 @@ -$OpenBSD: patch-src_openvpn_route_c,v 1.8 2017/03/28 22:16:37 jca Exp $ - -- add support for on-link routes - src/openvpn/route.c.orig Wed Mar 22 16:34:21 2017 -+++ src/openvpn/route.cMon Mar 27 06:01:57 2017 -@@ -1778,12 +1778,17 @@ add_route(struct route_ipv4 *r, - } - #endif - --argv_printf_cat(&argv, "-net %s %s -netmask %s", -+argv_printf_cat (&argv, "-net %s -netmask %s", - network, --gateway, - netmask); - --/* FIXME -- add on-link support for OpenBSD/NetBSD */ -+/* FIXME -- add on-link support for NetBSD */ -+#ifdef TARGET_OPENBSD -+if (is_on_link (is_local_route, flags, rgi)) -+argv_printf_cat (&argv, "-link -iface %s", rgi->iface); -+else -+#endif -+argv_printf_cat (&argv, "%s", gateway); - - argv_msg(D_ROUTE, &argv); - status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD route add command failed"); Index: patches/patch-src_openvpn_syshead_h === RCS file: patches/patch-src_openvpn_syshead_h diff -N patches/patch-src_openvpn_syshead_h --- patches/patch-src_openvpn_syshead_h 16 Feb 2017 21:16:55 - 1.3 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,14 +0,0 @@ -$OpenBSD: patch-src_openvpn_syshead_h,v 1.3 2017/02/16 21:16:55 kurt Exp $ src/openvpn/syshead.h.orig Wed Feb 15 11:34:39 2017 -+++ src/openvpn/syshead.h Wed Feb 15 11:35:49 2017 -@@ -288,6 +288,10 @@ - #include - #endif - -+#ifdef HAVE_NETINET_TCP_H -+#include -+#endif -+ - #ifdef HAVE_NET_IF_TUN_H - #include - #endif Index: patches/patch-src_openvpn_tun_c === RCS file: patches/patch-src_openvpn_tun_c diff -N patches/patch-src_openvpn_tun_c --- patches/patch-src_openvpn_tun_c 15 May 2017 23:44:41 - 1.12.2.1 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,55 +0,0 @@ -$OpenBSD: patch-src_openvpn_tun_c,v 1.12.2.1 2017/05/15 23:44:41 jca Exp $ - -- no need for link0 any more, we have separate tap interfaces - -Index: src/openvpn/tun.c src/openvpn/tun.c.orig -+++ src/openvpn/tun.c -@@ -1201,7 +1201,7 @@ do_ifconfig(struct tuntap *tt, - if (tun) - { - argv_printf(&argv, --"%s %s %s %s mtu %d netmask 255.255.255.255 up -link0", -+"%s %s %s %s mtu %d netmask 255.255.255.255 up", - IFCONFIG_PATH, - actual, - ifconfig_local, -@@ -1213,7 +1213,7 @@ do_ifconfig(struct tuntap *tt, - { - remote_end = create_arbitrary_remote( tt ); - argv_printf(&argv, --"%s %s %s %s mtu %d netmask %s up -link0", -+"%s %s %s %s mtu %d netmask %s up", - IFCONFIG_PATH, - actual, - ifconfig_local, -@@ -1224,8 +1224,13 @@ do_ifconfig(struct tuntap *tt, - } - else - { -+ /* -+* OpenBSD has distinct tun and tap devices -+* so we don't need the "link0" extra parameter to specify we want to do -+* tunneling at the ethernet level -+*/ - argv_printf(&argv, --
SECURITY UPDATE: net/openvpn 2.4.3
The following fixes 4 remote holes. OK? :) I have diffs for -stable too, coming up next. https://marc.info/?l=oss-security&m=149804249114979&w=2 Index: Makefile === RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.78 diff -u -p -u -p -r1.78 Makefile --- Makefile11 Jun 2017 12:15:50 - 1.78 +++ Makefile21 Jun 2017 11:32:57 - @@ -2,8 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -DISTNAME= openvpn-2.4.2 -REVISION= 2 +DISTNAME= openvpn-2.4.3 CATEGORIES=net security HOMEPAGE= https://openvpn.net/index.php/open-source/ Index: distinfo === RCS file: /cvs/ports/net/openvpn/distinfo,v retrieving revision 1.37 diff -u -p -u -p -r1.37 distinfo --- distinfo14 May 2017 16:43:33 - 1.37 +++ distinfo21 Jun 2017 11:32:57 - @@ -1,2 +1,2 @@ -SHA256 (openvpn-2.4.2.tar.gz) = skdAydRKgeryvvxIRtUURaUgEEMh4yqvDBNe0uCYpiQ= -SIZE (openvpn-2.4.2.tar.gz) = 1402516 +SHA256 (openvpn-2.4.3.tar.gz) = hKAao98MEqNVLKO6qjnXABN7W85LbeaD/of7eb+l3ws= +SIZE (openvpn-2.4.3.tar.gz) = 1397306 Index: patches/patch-include_openvpn-plugin_h_in === RCS file: patches/patch-include_openvpn-plugin_h_in diff -N patches/patch-include_openvpn-plugin_h_in --- patches/patch-include_openvpn-plugin_h_in 15 May 2017 14:30:56 - 1.1 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,15 +0,0 @@ -$OpenBSD: patch-include_openvpn-plugin_h_in,v 1.1 2017/05/15 14:30:56 jca Exp $ - -Include stddef.h for size_t. - -Index: include/openvpn-plugin.h.in include/openvpn-plugin.h.in.orig -+++ include/openvpn-plugin.h.in -@@ -44,6 +44,7 @@ typedef X509 openvpn_x509_cert_t; - #endif - - #include -+#include - - #ifdef __cplusplus - extern "C" { Index: patches/patch-src_openvpn_route_c === RCS file: patches/patch-src_openvpn_route_c diff -N patches/patch-src_openvpn_route_c --- patches/patch-src_openvpn_route_c 11 Jun 2017 12:15:50 - 1.10 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,50 +0,0 @@ -$OpenBSD: patch-src_openvpn_route_c,v 1.10 2017/06/11 12:15:50 jca Exp $ - -- add support for on-link routes - -- add support for non-0 routing tables - https://github.com/OpenVPN/openvpn/commit/3dd30bfe5fdf9f34afe7f847b4e30156982d9ff0 - src/openvpn/route.c.orig Thu Mar 23 02:34:21 2017 -+++ src/openvpn/route.cWed Apr 12 18:06:40 2017 -@@ -1778,12 +1778,17 @@ add_route(struct route_ipv4 *r, - } - #endif - --argv_printf_cat(&argv, "-net %s %s -netmask %s", -+argv_printf_cat (&argv, "-net %s -netmask %s", - network, --gateway, - netmask); - --/* FIXME -- add on-link support for OpenBSD/NetBSD */ -+/* FIXME -- add on-link support for NetBSD */ -+#ifdef TARGET_OPENBSD -+if (is_on_link (is_local_route, flags, rgi)) -+argv_printf_cat (&argv, "-link -iface %s", rgi->iface); -+else -+#endif -+argv_printf_cat (&argv, "%s", gateway); - - argv_msg(D_ROUTE, &argv); - status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD route add command failed"); -@@ -3597,6 +3602,9 @@ get_default_gateway(struct route_gateway_info *rgi) - rtm.rtm_flags = RTF_UP | RTF_GATEWAY; - rtm.rtm_version = RTM_VERSION; - rtm.rtm_seq = ++seq; -+#ifdef TARGET_OPENBSD -+rtm.rtm_tableid = getrtable(); -+#endif - rtm.rtm_addrs = rtm_addrs; - - so_dst.sa_family = AF_INET; -@@ -3812,6 +3820,9 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_inf - rtm.rtm_flags = RTF_UP; - rtm.rtm_version = RTM_VERSION; - rtm.rtm_seq = ++seq; -+#ifdef TARGET_OPENBSD -+rtm.rtm_tableid = getrtable(); -+#endif - - so_dst.sin6_family = AF_INET6; - so_mask.sin6_family = AF_INET6; Index: patches/patch-src_openvpn_syshead_h === RCS file: patches/patch-src_openvpn_syshead_h diff -N patches/patch-src_openvpn_syshead_h --- patches/patch-src_openvpn_syshead_h 11 Jun 2017 12:15:50 - 1.4 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,18 +0,0 @@ -$OpenBSD: patch-src_openvpn_syshead_h,v 1.4 2017/06/11 12:15:50 jca Exp $ - -- missing include - https://github.com/OpenVPN/openvpn/commit/e5b236eaba4512f86da917a0a63dd0f84e1b02db - src/openvpn/syshead.h.orig Wed Feb 15 11:34:39 2017 -+++ src/openvpn/syshead.h Wed Feb 15 11:35:49 2017 -@@ -288,6 +288,10 @@ - #include - #endif - -+#ifdef HAVE_NETINET_TCP_H -+#include -+#endif -+ - #ifdef HAVE_NET_IF_TUN_H - #include - #endif Index: patches/patch-src_openvpn_tun_c === RCS file: patches/patch-src_openvpn_tun_c diff -N patches/patch-src_openvpn_tun_c --- patches/patch-src_openvpn_t
Re: [NEW] net/google-compute-engine
On 2017/06/14 21:46, Helen Koike wrote: > I updated to rdate and removed ntp from the dependencie list. Plese see > attachment. Sorry for the delay getting back to this. Can you check it still works with these changes please? New tar.gz attached, commentary below. If this still works for you, then it's OK sthen@ for another dev to import it (or I can do that if I get an OK from someone else). > -DISTNAME = google-compute-engine-2.3.7 > +MODPY_EGG_VERSION = 2.3.7 > +DISTNAME = google-compute-engine-${MODPY_EGG_VERSION} Substituted in PLIST automatically, saves changes to PLIST after an update if just the version changes. > -CATEGORIES = net > +CATEGORIES = sysutils sysutils/ feels like a more natural location considering the other ports that are located there, and net/ is already rather busy so I generally avoid it if there's another reasonable choice. > -MODPY_ADJ_FILES =scripts/optimize_local_ssd \ > - scripts/set_multiqueue \ [..] MODPY_ADJ_FILES is just there to adjust the "shebang" line, so is normally only relevant for scripts which you run directly, not for python modules. But setuptools normally adjusts scripts automatically, so MODPY_ADJ_FILES is usually just for special cases. > pre-configure: > - ${SUBST_CMD} > ${WRKSRC}/google_compute_engine/instance_setup/instance_config.py > - ${SUBST_CMD} > ${WRKSRC}/google_compute_engine/instance_setup/instance_setup.py > + cd ${WRKSRC}/google_compute_engine && ${SUBST_CMD} \ > + config_manager.py instance_setup/instance_{config,setup}.py config_manager.py has some /etc which should be ${SYSCONFDIR} and patched. the rule here is "/etc files from the base OS should hardcode /etc, files from packages should use ${SYSCONFDIR}" google-compute-engine.tar.gz Description: application/tar-gz
Re: FIX: Allow textproc/xxdiff to open non-ASCII paths
On Wed Jun 21, 2017 at 05:18:19AM +0300, Vadim Zhukov wrote: > Hi all. > > This unbreaks xxdiff on paths with non-ASCII characters in them. > > To be discussed with upstream (probably those should be toLocal8bit() > calls instead), but at least I can co-operate with my students again. > > Anyone willing to okay/reject? > -- > WBR, > Vadim Zhukov > > > Index: Makefile > === > RCS file: /cvs/ports/textproc/xxdiff/Makefile,v > retrieving revision 1.41 > diff -u -p -r1.41 Makefile > --- Makefile 10 Apr 2017 11:46:35 - 1.41 > +++ Makefile 20 Jun 2017 23:12:42 - > @@ -4,6 +4,7 @@ COMMENT= graphical file comparator and m > > DISTNAME=xxdiff-4.0.1 > CATEGORIES= textproc x11 > +REVISION=0 > > HOMEPAGE=http://furius.ca/xxdiff/ > > @@ -36,6 +37,7 @@ post-extract: > > post-configure: > cat ${WRKSRC}/Makefile.extra >>${WRKBUILD}/Makefile > + perl -pi -e 's/toLatin1/toUtf8/g' ${WRKSRC}/*.cpp ${WRKSRC}/*.y > In my opinion, it would also make sense to replace fromLatin1 with fromUft8. In for a penny, in for a pound. Best regards, Rafael Sadowski
Re: NEW: emulation/ppsspp-1.3
Jakub Skrzypnik writes: > USE_WXNEEDED = Yes JIT supports W^X, see https://github.com/hrydgard/ppsspp/issues/8943 Maybe try the following instead --- Common/MemoryUtil.cpp~ +++ Common/MemoryUtil.cpp @@ -281,7 +281,7 @@ void FreeAlignedMemory(void* ptr) { bool PlatformIsWXExclusive() { // Only iOS really needs this mode currently. Even without block linking, still should be much faster than IR JIT. // This might also come in useful for UWP (Universal Windows Platform) if I'm understanding things correctly. -#if defined(IOS) || PPSSPP_PLATFORM(UWP) +#if defined(IOS) || PPSSPP_PLATFORM(UWP) || defined(__OpenBSD__) return true; #else // Returning true here lets you test the W^X path on Windows and other non-W^X platforms.
Re: NEW: emulation/ppsspp-1.3
Jakub Skrzypnik writes: > Build system is pretty messy, I wasted few hours for non-defining > BSD_VISIBLE definition (added it to C{,XX}FLAGS finally), Have you tried to remove -D_XOPEN_SOURCE* lines in CMakeLists.txt? Each BSD seems to have slightly different way to hide namespace pollution to be POSIX-ly correct. > > From DESCR: >> PPSSPP is an Sony PlayStation Portable emulator using HLE (high-Level >> Emulation), so you don't need a operating system's ROM to use it. > > PS: I used my own storage for DISTFILES, becuase the Git source tree > contains about 10 submodules, PPSSPP v1.3 only needs 3 distfiles while v1.4 - only 6. It should build fine without downloading submodules for dx9sdk, ffmpeg, pspautotests or glslang (before v1.4). > LIB_DEPENDS = graphics/ffmpeg \ Beware of https://github.com/hrydgard/ppsspp/issues/9026 > graphics/png\ PPSSPP v1.3 has bundled libpng v1.7.0beta35 which is affected by CVE-2016-10087, CVE-2015-8472, CVE-2015-8126, CVE-2014-9495, CVE-2015-0973. Maybe unbundle e.g., https://svnweb.freebsd.org/ports/head/emulators/ppsspp/files/patch-system-libpng16?revision=422387&view=markup >archivers/snappy\ libzip can also be unbundled. > CONFIGURE_ARGS =-DUSE_SYSTEM_FFMPEG=True arm* may also want -DUSING_EGL=off as EGL doesn't seem to work with X11. aarch64 would have to wait for v1.4 or later.