CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: k...@cvs.openbsd.org2019/06/28 18:55:29 Modified files: net/irssi : Makefile Log message: Switch to SEPARATE_BUILD=Yes Nitpick pre-configure into post-patch as it SUBST_CMDs patched files only.
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: k...@cvs.openbsd.org2019/06/28 18:46:39 Modified files: net/irssi-icb : Makefile Log message: Switch to CONFIGURE_STYLE=autoreconf
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: k...@cvs.openbsd.org2019/06/28 18:32:00 Modified files: net/irssi-icb : Makefile net/irssi-xmpp : Makefile Log message: Switch to PERMIT_PACKAGE While here, irssi-xmpp is GPLv2+ not just GPL.
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: k...@cvs.openbsd.org2019/06/28 18:01:43 Modified files: net/irssi : Makefile distinfo devel/quirks : Makefile devel/quirks/files: Quirks.pm Log message: Security update to irssi 1.2.1 https://irssi.org/security/html/irssi_sa_2019_06/ Use after free when sending SASL login to the server found by ilbelkyr. (CWE-416, CWE-825) OK tj
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: t...@cvs.openbsd.org2019/06/28 17:48:51 Modified files: archivers/bzip2: Makefile distinfo Removed files: archivers/bzip2/patches: patch-bzip2recover_c patch-decompress_c Log message: update to bzip 1.0.7 ok kn, probably ok sthen
Re: botan i386 segfault [was Re: devel/monotone i386 breakage, maybe following libc++ update?]
Alexander Bluhm wrote: > On Thu, Jun 27, 2019 at 10:08:37PM +0100, Stuart Henderson wrote: > > #0 0x082eefff in botan_sha160_x86_32_compress () from > > /usr/local/lib/libbotan-1.10.so.1.1 > > This code is at a page boundary, so it traps into the kernel. There > it is detected that the esp register is currently not on the stack. > > The hand written assembler code in src/hash/sha1_x86_32/sha1_x86_32_imp.S > uses esp as a regular register. Its content is safed at the beginning > of the function and restored at the end. If there is a trap due > to a page boundary, the kernel stack guard kicks in and aborts the > process. > > Botan-1 is end of life. Perhaps we should just replace the i386 > assembler implementation with the regular C code. Someone over-optimized without considering the consequences. Having such instruction code on a unaligned-instruction architecture is just too ripe for ROP gadget exploitation. I hope that .S code dies. Not going to delete the opportunistic ROP-pivot prevention mechanism
Re: botan i386 segfault [was Re: devel/monotone i386 breakage, maybe following libc++ update?]
On Thu, Jun 27, 2019 at 10:08:37PM +0100, Stuart Henderson wrote: > #0 0x082eefff in botan_sha160_x86_32_compress () from > /usr/local/lib/libbotan-1.10.so.1.1 This code is at a page boundary, so it traps into the kernel. There it is detected that the esp register is currently not on the stack. The hand written assembler code in src/hash/sha1_x86_32/sha1_x86_32_imp.S uses esp as a regular register. Its content is safed at the beginning of the function and restored at the end. If there is a trap due to a page boundary, the kernel stack guard kicks in and aborts the process. Botan-1 is end of life. Perhaps we should just replace the i386 assembler implementation with the regular C code. bluhm
Re: [Update] [Stable] archivers/bzip2
On Thu, Jun 27, 2019 at 10:10:31PM +0100, Stuart Henderson wrote: > I had a quick look at a source code diff, despite 9 years gap > there's not a lot of change. It looks pretty safe to me but given > the risk of breakage I'd prefer to have more eyes on it. I diffed 1.0.6 from 2010 and the current HEAD, actual C code changes are minimal and look quite sane. OK kn
Re: irssi: security update to 1.2.1
I'll also adapt the license marker, plus here's the quirks bit. Index: Makefile === RCS file: /cvs/ports/devel/quirks/Makefile,v retrieving revision 1.768 diff -u -p -r1.768 Makefile --- Makefile22 Jun 2019 18:23:34 - 1.768 +++ Makefile28 Jun 2019 23:04:38 - @@ -5,7 +5,7 @@ CATEGORIES =devel databases DISTFILES = # API.rev -PKGNAME = quirks-3.160 +PKGNAME = quirks-3.161 PKG_ARCH = * MAINTAINER = Marc Espie Index: files/Quirks.pm === RCS file: /cvs/ports/devel/quirks/files/Quirks.pm,v retrieving revision 1.786 diff -u -p -r1.786 Quirks.pm --- files/Quirks.pm 22 Jun 2019 18:23:34 - 1.786 +++ files/Quirks.pm 28 Jun 2019 23:06:47 - @@ -1394,6 +1394,7 @@ my $cve = { 'net/dhcpcd' => 'dhcpcd-<7.2.2', 'net/haproxy' => 'haproxy-<1.8.17', 'net/icecast' => 'icecast-<2.4.4', + 'net/irssi' => 'irssi-<1.2.1', 'net/isc-bind' => 'isc-bind-<9.11.5pl4v0', 'net/libssh2' => 'libssh2-<1.8.2', 'net/lldpd' => 'lldpd-<0.7.18p0',
UPDATE: audio/libsoxr to disable OpenMP
This disables OpenMP code generation. --John Index: Makefile === RCS file: /cvs/ports/audio/libsoxr/Makefile,v retrieving revision 1.6 diff -u -p -r1.6 Makefile --- Makefile2 Apr 2018 08:43:05 - 1.6 +++ Makefile28 Jun 2019 20:44:48 - @@ -6,6 +6,8 @@ DISTNAME= soxr-0.1.3-Source PKGNAME= lib${DISTNAME:S/-Source//} EXTRACT_SUFX= .tar.xz +REVISION= 0 + SHARED_LIBS= soxr 1.2 \ soxr-lsr 3.4 @@ -21,5 +23,7 @@ WANTLIB += m MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=soxr/} MODULES= devel/cmake + +CONFIGURE_ARGS=-DWITH_OPENMP:Bool=OFF .include
UPDATE: math/fftw3 to disable OpenMP
Disable OpenMP code generation in fftw3. --John Index: Makefile === RCS file: /cvs/ports/math/fftw3/Makefile,v retrieving revision 1.35 diff -u -p -r1.35 Makefile --- Makefile20 Apr 2019 07:20:07 - 1.35 +++ Makefile25 Jun 2019 00:25:34 - @@ -16,7 +16,7 @@ SHARED_LIBS= fftw3 7.1 \ fftw3f_threads 1.1 CATEGORIES=math -REVISION-main= 0 +REVISION-main= 1 REVISION-common= 0 HOMEPAGE= http://www.fftw.org/ @@ -38,6 +38,7 @@ FLAVOR?= double USE_GMAKE= Yes CONFIGURE_STYLE=gnu CONFIGURE_ARGS=--enable-threads +CONFIGURE_ARGS+= --disable-openmp .if ${FLAVOR} == "float" CONFIGURE_ARGS+=--enable-float
UPDATE: math/fftw to disable OpenMP
This disables OpenMP code generation. Note that fftw uses either pthreads or OpenMP (or both) to control multi processors and this is always under programmer control. --John Index: Makefile === RCS file: /cvs/ports/math/fftw/Makefile,v retrieving revision 1.22 diff -u -p -r1.22 Makefile --- Makefile11 Mar 2016 19:59:15 - 1.22 +++ Makefile24 Jun 2019 23:58:50 - @@ -5,7 +5,7 @@ PORTROACH= limit:^2\. COMMENT= C routines for computing the Discrete Fourier Transform DISTNAME= fftw-2.1.5 -REVISION= 3 +REVISION= 4 SHARED_LIBS= fftw2.7 \ rfftw 2.7 CATEGORIES=math @@ -23,6 +23,7 @@ MASTER_SITES= http://fftw.org/ \ CONFIGURE_STYLE= gnu +CONFIGURE_ARGS+= --disable-openmp .if ${MACHINE_ARCH} == "i386" CONFIGURE_ARGS+= --enable-i386-hacks PATCH_LIST=gcc-* patch-*
UPDATE: math/ecm to disable OpenMP
This disables OpenMP in ecm Index: Makefile === RCS file: /cvs/ports/math/ecm/Makefile,v retrieving revision 1.18 diff -u -p -r1.18 Makefile --- Makefile2 Nov 2018 18:48:39 - 1.18 +++ Makefile24 Jun 2019 18:33:30 - @@ -5,7 +5,7 @@ COMMENT = elliptic curve method (ECM) fa DISTNAME = ecm-6.4.4 SHARED_LIBS = ecm 0.1 CATEGORIES = math -REVISION = 1 +REVISION = 2 HOMEPAGE = http://gforge.inria.fr/projects/ecm/ @@ -21,6 +21,7 @@ MASTER_SITES =http://gforge.inria.fr/f LIB_DEPENDS = devel/gmp CONFIGURE_STYLE = gnu +CONFIGURE_ARGS = --disable-openmp CONFIGURE_ENV =CPPFLAGS="-I${LOCALBASE}/include" \ LDFLAGS="-L${LOCALBASE}/lib"
irssi: security update to 1.2.1
https://irssi.org/2019/06/29/irssi-1.2.1-1.1.3-1.0.8-released/ I've never experienced issues with almost daily SASL authentications. Update works, nothing new besides fixing a use after free. OK? Index: Makefile === RCS file: /cvs/ports/net/irssi/Makefile,v retrieving revision 1.79 diff -u -p -r1.79 Makefile --- Makefile18 Feb 2019 18:35:57 - 1.79 +++ Makefile28 Jun 2019 22:34:24 - @@ -2,7 +2,7 @@ COMMENT = modular IRC client with many features (ipv6,socks,proxy) -V =1.2.0 +V =1.2.1 DISTNAME = irssi-$V PKGSPEC = irssi-=$V Index: distinfo === RCS file: /cvs/ports/net/irssi/distinfo,v retrieving revision 1.32 diff -u -p -r1.32 distinfo --- distinfo17 Feb 2019 19:25:43 - 1.32 +++ distinfo28 Jun 2019 22:23:58 - @@ -1,2 +1,2 @@ -SHA256 (irssi-1.2.0.tar.gz) = NQ38X9jbiB5vGYLaBGaQC1sXVSfpqU1praC36Qpz4+o= -SIZE (irssi-1.2.0.tar.gz) = 1840945 +SHA256 (irssi-1.2.1.tar.gz) = /YsO8lRP22kSESk93tPc9u2H8heB2xnn32Lq15fxigY= +SIZE (irssi-1.2.1.tar.gz) = 1843164
UPDATE: math/R to disable OpenMP
This disables OpenMP code generation in R. Index: Makefile === RCS file: /cvs/ports/math/R/Makefile,v retrieving revision 1.111 diff -u -p -r1.111 Makefile --- Makefile17 May 2019 16:45:27 - 1.111 +++ Makefile28 Jun 2019 20:18:07 - @@ -2,7 +2,7 @@ COMMENT= powerful math/statistics/graphics language DISTNAME= R-3.6.0 -REVISION= 0 +REVISION= 1 SO_VERSION=35.0 .for _lib in R Rblas Rlapack @@ -79,6 +79,7 @@ CONFIGURE_STYLE=gnu MODGNU_CONFIG_GUESS_DIRS=${WRKSRC}/tools CONFIGURE_ARGS= --disable-java \ + --disable-openmp \ --enable-BLAS-shlib \ --enable-R-shlib \ --with-tcl-config=${MODTCL_CONFIG} \
veracrypt port
Hello all, I did searching to see if I could find history on a veracrypt port and it looks like jcs has done it already[1], but it isn't in the ports repository (and his port is a version behind). Curious what would be involved with getting his/a port added to the ports repo and if there was a history already that I couldn't find about it, other than the ports thread about jcs doing a port[2]. I was looking for Veracrypt as a portable way to have an encrypted container (to sync to cloud storage) and usb key (on my keychain). I think the tools to do this are limited to Veracrypt. Thank you. 1: https://github.com/jcs/openbsd-ports/tree/master/security/veracrypt 2: http://openbsd-archive.7691.n7.nabble.com/security-veracrypt-td331986.html -- Chris Humphries 5223 9548 E1DE DE87 F509 1888 8141 8451 6338 DD29
Re: CVS: cvs.openbsd.org: ports
On Fri, Jun 28, 2019 at 06:04:39PM +0200, Frederic Cambus wrote: > On Thu, Jun 27, 2019 at 08:59:31PM +0200, Giovanni Bechis wrote: > > > >CVSROOT: /cvs > > >Module name: ports > > >Changes by:fcam...@cvs.openbsd.org 2019/06/27 12:54:45 > > > > > >Modified files: > > > net/p5-MaxMind-DB-Reader: Makefile distinfo > > > > > >Log message: > > >Update p5-MaxMind-DB-Reader to 1.14. > > > > > >This module is deprecated and will only receive fixes for major bugs > > >and > > >security vulnerabilities. New features and functionality will not be > > >added. > > > > any alternatives you are aware to query MaxMind from Perl ? > > Unfortunately no, I'm not aware of any alternatives. > > This deprecation is as strange as unexpected, considering there has not > been any formal announcement from MaxMind. They simply pushed those new > versions with the deprecation notice as the sole change. They probably just decided to stop supporting perl apart from major issues ?
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: es...@cvs.openbsd.org 2019/06/28 10:48:42 Modified files: graphics/openbsd-backgrounds: Makefile distinfo graphics/openbsd-backgrounds/pkg: DESCR PLIST Log message: finally make use of new xwallpaper
Re: CVS: cvs.openbsd.org: ports
On Thu, Jun 27, 2019 at 08:59:31PM +0200, Giovanni Bechis wrote: > >CVSROOT: /cvs > >Module name: ports > >Changes by: fcam...@cvs.openbsd.org 2019/06/27 12:54:45 > > > >Modified files: > > net/p5-MaxMind-DB-Reader: Makefile distinfo > > > >Log message: > >Update p5-MaxMind-DB-Reader to 1.14. > > > >This module is deprecated and will only receive fixes for major bugs > >and > >security vulnerabilities. New features and functionality will not be > >added. > > any alternatives you are aware to query MaxMind from Perl ? Unfortunately no, I'm not aware of any alternatives. This deprecation is as strange as unexpected, considering there has not been any formal announcement from MaxMind. They simply pushed those new versions with the deprecation notice as the sole change.
Re: [NEW] slant-0.0.20 (now slant-0.0.21)
On Fri, Jun 28, 2019 at 03:03:31PM +0200, Kristaps Dzonsons wrote: > > One last nitpick: users and rc scripts are usually named after > > programs, not packages. So please use slant-collectd/slant_collectd. > > With that it's ok with me. > > Enclosed is slant-0.0.21, which renames slant.rc to slant_collectd.rc. > It also fixes a bug found by schwarze@, hence the version bump. > > Thank you! > > Kristaps I plan on importing this, this evening unless someone else beats me to it. -- James Turner
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: es...@cvs.openbsd.org 2019/06/28 07:53:28 Modified files: x11/xwallpaper : Makefile distinfo Log message: minor update, bug-fixed version, as discussed with tobias@
Re: [NEW] slant-0.0.20 (now slant-0.0.21)
> One last nitpick: users and rc scripts are usually named after > programs, not packages. So please use slant-collectd/slant_collectd. > With that it's ok with me. Enclosed is slant-0.0.21, which renames slant.rc to slant_collectd.rc. It also fixes a bug found by schwarze@, hence the version bump. Thank you! Kristaps slant-0.0.21.tgz Description: Binary data
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: ben...@cvs.openbsd.org 2019/06/28 06:33:45 Modified files: security/libssh2: Makefile distinfo security/libssh2/patches: patch-tests_Makefile_in security/libssh2/pkg: PLIST Log message: Update to libssh2-1.9.0.
Re: [UPDATE] devel/openmpi 4.0.1
On Fri, Jun 28 2019, Martin Reindl wrote: > Am 27.06.2019 um 16:09 schrieb Jeremie Courreges-Anglas: >> Note that what has been committed shouldn't have a problem with NFS: the >> code in ad_fstype.c already properly checks for f_fstypename and uses >> it. Our patch is still bogus though, please find an additional diff >> below. ok? > > Yes. Thanks, committed. >>> And there is a pthread_mutexattr_setpshared() (which we don't have) >>> problem deep down in pmix which needs to be investigated at some point. >> >> Is that a problem at runtime? > > No. But the environment should be set up to use the GDS/hash component > by the plugin managaer (MCA): > > export PMIX_MCA_gds=hash > > GDS/ds21 is the component that wants to set PTHREAD_PROCESS_SHARED. > I did not test GDS/ds12. Looks like ds12 also wants PTHREAD_PROCESS_SHARED. > I will work on this as time permits. Making "hash" the default should be doable, tweaking the priority of the modules in ./opal/mca/pmix/pmix3x/pmix/src/mca/gds/*/gds*component.c . -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: j...@cvs.openbsd.org2019/06/28 05:05:11 Modified files: devel/openmpi : Makefile devel/openmpi/patches: patch-ompi_mca_io_romio321_romio_adio_common_ad_fstype_c Log message: Cleaner filesystem detection. Our diff to convert statfs.f_type tests to statfs.f_fstypename was broken, since it used pointer equality tests for strings. Fortunately the default FS type is UFS and upstream tests for NFS using statfs.f_fstypename, so we only need to neuter tests based on statfs.f_type. ok martin@ (maintainer)
Re: UPDATE: syncthing-1.1.4
On Sun, 16 Jun 2019, Edd Barrett wrote: > Hi, > > Here's an update to Syncthing. I'll be testing this over the next few > days. I've been using it since you sent the first patch. Works ok for me on amd64 syncing to android and osx. Cheers, -- Paco Esteban. https://onna.be/gpgkey.asc 9A6B 6083 AD9E FDC2 0EAF 5CB3 5818 130B 8A6D BC03
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2019/06/28 01:25:37 Modified files: net/iperf3 : Makefile distinfo net/iperf3/patches: patch-src_iperf_api_c Added files: net/iperf3/patches: patch-src_timer_c Removed files: net/iperf3/patches: patch-src_Makefile_in patch-src_iperf_udp_c Log message: update to iperf-3.7 - disable the auth code; it's likely to have issues on 32-bit arches (wrong format strings for variable sizes) and has an sscanf that doesn't seem like a great idea. can be reviewed if anyone is actually using that... - switch from github on-the-fly generated tarballs to proper uploaded ones ok lteo (maintainer)
Re: [UPDATE] security/libssh2
On 27/06/2019 13:13, Stuart Henderson wrote: On 2019/06/27 11:52, Benoit Lecocq wrote: Hi, This is the diff to update libssh2 to latest release. Please test this diff in a bulk build. Why a bulk? There are only a handful of ports using it .. devel/libgit2/libgit2 emulators/qemu lang/rust misc/mc misc/subsurface net/nmap net/p5-Net-SSH2 net/zabbix sysutils/libvirt www/aria2 www/pecl-ssh2 I'll do that !
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: bent...@cvs.openbsd.org 2019/06/28 00:47:02 Modified files: devel : Makefile Log message: +armips
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: bent...@cvs.openbsd.org 2019/06/28 00:45:23 Log message: Import armips-0.10.0. armips is an assembler and linker that includes full support for the MIPS R3000, MIPS R4000, and Allegrex instruction sets, partial support for the EmotionEngine instruction set, as well as complete support for the ARM7 and ARM9 instruction sets, both THUMB and ARM mode. Some of the other features include a full-fledged C-like expression parser, the ability to overlay assembled output over an existing file, and table support for user-defined text encodings. ok benoit@ Status: Vendor Tag: bentley Release Tags: bentley_20190628 N ports/devel/armips/Makefile N ports/devel/armips/distinfo N ports/devel/armips/pkg/DESCR N ports/devel/armips/pkg/PLIST No conflicts created by this import
Re: dedicated user for sysutils/monit
On Wed, Jun 26, 2019 at 05:29:14PM +0200, Joel Carnat wrote: > Hello, > > I've just installed sysutils/monit on some new server and noticed there > were no dedicated user created to run the daemon. > > I already run it as non-root on serveral servers. So I know it works. > Note that there are cases (service restart for example) that require > configuring doas rules. But once done, everything runs ok. > > If you think that's ok, here's a patch to create a dedicated user. > Inspired from net/openvpn port. > > Regards, > Jo > --- infrastructure/db/user.list.orig Wed Jun 26 17:04:43 2019 > +++ infrastructure/db/user.list Wed Jun 26 17:06:41 2019 > @@ -348,2 +348,3 @@ > 837 _thingsd _thingsdnet/thingsd > 838 _i2pd_i2pd net/i2pd > +839 _monit _monit sysutils/monit > > --- sysutils/monit/pkg/PLIST.orig Wed May 1 21:21:57 2019 > +++ sysutils/monit/pkg/PLIST Wed Jun 26 17:14:10 2019 > @@ -1,3 +1,5 @@ > @comment $OpenBSD: PLIST,v 1.11 2019/05/01 19:21:57 landry Exp $ > +@newgroup _monit:839 > +@newuser _monit:839:_monit:daemon:Monit Daemon:/var/monit:/sbin/nologin Can't we use /nonexistent for HOME like most other daemons do? > @rcscript ${RCDIR}/monit > @bin bin/monit -- Antoine