CVS: cvs.openbsd.org: ports

[Klemens Nanni]

CVSROOT:/cvs
Module name:ports
Changes by: k...@cvs.openbsd.org2019/06/28 18:55:29

Modified files:
net/irssi  : Makefile 

Log message:
Switch to SEPARATE_BUILD=Yes

Nitpick pre-configure into post-patch as it SUBST_CMDs patched files only.

CVS: cvs.openbsd.org: ports

[Klemens Nanni]

CVSROOT:/cvs
Module name:ports
Changes by: k...@cvs.openbsd.org2019/06/28 18:46:39

Modified files:
net/irssi-icb  : Makefile 

Log message:
Switch to CONFIGURE_STYLE=autoreconf

CVS: cvs.openbsd.org: ports

[Klemens Nanni]

CVSROOT:/cvs
Module name:ports
Changes by: k...@cvs.openbsd.org2019/06/28 18:32:00

Modified files:
net/irssi-icb  : Makefile 
net/irssi-xmpp : Makefile 

Log message:
Switch to PERMIT_PACKAGE

While here, irssi-xmpp is GPLv2+ not just GPL.

CVS: cvs.openbsd.org: ports

[Klemens Nanni]

CVSROOT:/cvs
Module name:ports
Changes by: k...@cvs.openbsd.org2019/06/28 18:01:43

Modified files:
net/irssi  : Makefile distinfo 
devel/quirks   : Makefile 
devel/quirks/files: Quirks.pm 

Log message:
Security update to irssi 1.2.1

https://irssi.org/security/html/irssi_sa_2019_06/

Use after free when sending SASL login to the server found by ilbelkyr.
(CWE-416, CWE-825)

OK tj

CVS: cvs.openbsd.org: ports

[T . J . Townsend]

CVSROOT:/cvs
Module name:ports
Changes by: t...@cvs.openbsd.org2019/06/28 17:48:51

Modified files:
archivers/bzip2: Makefile distinfo 
Removed files:
archivers/bzip2/patches: patch-bzip2recover_c patch-decompress_c 

Log message:
update to bzip 1.0.7

ok kn, probably ok sthen

Re: botan i386 segfault [was Re: devel/monotone i386 breakage, maybe following libc++ update?]

[Theo de Raadt]

Alexander Bluhm  wrote:

> On Thu, Jun 27, 2019 at 10:08:37PM +0100, Stuart Henderson wrote:
> > #0  0x082eefff in botan_sha160_x86_32_compress () from 
> > /usr/local/lib/libbotan-1.10.so.1.1
> 
> This code is at a page boundary, so it traps into the kernel.  There
> it is detected that the esp register is currently not on the stack.
> 
> The hand written assembler code in src/hash/sha1_x86_32/sha1_x86_32_imp.S
> uses esp as a regular register.  Its content is safed at the beginning
> of the function and restored at the end.  If there is a trap due
> to a page boundary, the kernel stack guard kicks in and aborts the
> process.
> 
> Botan-1 is end of life.  Perhaps we should just replace the i386
> assembler implementation with the regular C code.

Someone over-optimized without considering the consequences.  Having
such instruction code on a unaligned-instruction architecture is just
too ripe for ROP gadget exploitation.  I hope that .S code dies.

Not going to delete the opportunistic ROP-pivot prevention mechanism

Re: botan i386 segfault [was Re: devel/monotone i386 breakage, maybe following libc++ update?]

[Alexander Bluhm]

On Thu, Jun 27, 2019 at 10:08:37PM +0100, Stuart Henderson wrote:
> #0  0x082eefff in botan_sha160_x86_32_compress () from 
> /usr/local/lib/libbotan-1.10.so.1.1

This code is at a page boundary, so it traps into the kernel.  There
it is detected that the esp register is currently not on the stack.

The hand written assembler code in src/hash/sha1_x86_32/sha1_x86_32_imp.S
uses esp as a regular register.  Its content is safed at the beginning
of the function and restored at the end.  If there is a trap due
to a page boundary, the kernel stack guard kicks in and aborts the
process.

Botan-1 is end of life.  Perhaps we should just replace the i386
assembler implementation with the regular C code.

bluhm

Re: [Update] [Stable] archivers/bzip2

[Klemens Nanni]

On Thu, Jun 27, 2019 at 10:10:31PM +0100, Stuart Henderson wrote:
> I had a quick look at a source code diff, despite 9 years gap
> there's not a lot of change. It looks pretty safe to me but given
> the risk of breakage I'd prefer to have more eyes on it.
I diffed 1.0.6 from 2010 and the current HEAD, actual C code changes
are minimal and look quite sane.

OK kn

Re: irssi: security update to 1.2.1

[Klemens Nanni]

I'll also adapt the license marker, plus here's the quirks bit.

Index: Makefile
===
RCS file: /cvs/ports/devel/quirks/Makefile,v
retrieving revision 1.768
diff -u -p -r1.768 Makefile
--- Makefile22 Jun 2019 18:23:34 -  1.768
+++ Makefile28 Jun 2019 23:04:38 -
@@ -5,7 +5,7 @@ CATEGORIES =devel databases
 DISTFILES =
 
 # API.rev
-PKGNAME =  quirks-3.160
+PKGNAME =  quirks-3.161
 PKG_ARCH = *
 MAINTAINER =   Marc Espie 
 
Index: files/Quirks.pm
===
RCS file: /cvs/ports/devel/quirks/files/Quirks.pm,v
retrieving revision 1.786
diff -u -p -r1.786 Quirks.pm
--- files/Quirks.pm 22 Jun 2019 18:23:34 -  1.786
+++ files/Quirks.pm 28 Jun 2019 23:06:47 -
@@ -1394,6 +1394,7 @@ my $cve = {
'net/dhcpcd' => 'dhcpcd-<7.2.2',
'net/haproxy' => 'haproxy-<1.8.17',
'net/icecast' => 'icecast-<2.4.4',
+   'net/irssi' => 'irssi-<1.2.1',
'net/isc-bind' => 'isc-bind-<9.11.5pl4v0',
'net/libssh2' => 'libssh2-<1.8.2',
'net/lldpd' => 'lldpd-<0.7.18p0',

UPDATE: audio/libsoxr to disable OpenMP

[j]

This disables OpenMP code generation.

--John

Index: Makefile
===
RCS file: /cvs/ports/audio/libsoxr/Makefile,v
retrieving revision 1.6
diff -u -p -r1.6 Makefile
--- Makefile2 Apr 2018 08:43:05 -   1.6
+++ Makefile28 Jun 2019 20:44:48 -
@@ -6,6 +6,8 @@ DISTNAME=   soxr-0.1.3-Source
 PKGNAME=   lib${DISTNAME:S/-Source//}
 EXTRACT_SUFX=  .tar.xz
 
+REVISION=  0
+
 SHARED_LIBS=   soxr 1.2 \
soxr-lsr 3.4
 
@@ -21,5 +23,7 @@ WANTLIB += m
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=soxr/}
 
 MODULES=   devel/cmake
+
+CONFIGURE_ARGS=-DWITH_OPENMP:Bool=OFF
 
 .include 

UPDATE: math/fftw3 to disable OpenMP

[j]

Disable OpenMP code generation in fftw3.

--John

Index: Makefile
===
RCS file: /cvs/ports/math/fftw3/Makefile,v
retrieving revision 1.35
diff -u -p -r1.35 Makefile
--- Makefile20 Apr 2019 07:20:07 -  1.35
+++ Makefile25 Jun 2019 00:25:34 -
@@ -16,7 +16,7 @@ SHARED_LIBS=  fftw3   7.1 \
fftw3f_threads  1.1
 CATEGORIES=math
 
-REVISION-main= 0
+REVISION-main= 1
 REVISION-common=   0
 
 HOMEPAGE=  http://www.fftw.org/
@@ -38,6 +38,7 @@ FLAVOR?=  double
 USE_GMAKE= Yes
 CONFIGURE_STYLE=gnu
 CONFIGURE_ARGS=--enable-threads
+CONFIGURE_ARGS+=   --disable-openmp
 
 .if ${FLAVOR} == "float"
 CONFIGURE_ARGS+=--enable-float

UPDATE: math/fftw to disable OpenMP

[j]

This disables OpenMP code generation.  Note that fftw uses either
pthreads or OpenMP (or both) to control multi processors and
this is always under programmer control.


--John

Index: Makefile
===
RCS file: /cvs/ports/math/fftw/Makefile,v
retrieving revision 1.22
diff -u -p -r1.22 Makefile
--- Makefile11 Mar 2016 19:59:15 -  1.22
+++ Makefile24 Jun 2019 23:58:50 -
@@ -5,7 +5,7 @@ PORTROACH=  limit:^2\.
 COMMENT=   C routines for computing the Discrete Fourier Transform
 
 DISTNAME=  fftw-2.1.5
-REVISION=  3
+REVISION=  4
 SHARED_LIBS=   fftw2.7 \
rfftw   2.7
 CATEGORIES=math
@@ -23,6 +23,7 @@ MASTER_SITES= http://fftw.org/ \
 
 CONFIGURE_STYLE=   gnu
 
+CONFIGURE_ARGS+=   --disable-openmp
 .if ${MACHINE_ARCH} == "i386"
 CONFIGURE_ARGS+=   --enable-i386-hacks
 PATCH_LIST=gcc-* patch-*

UPDATE: math/ecm to disable OpenMP

[j]

This disables OpenMP in ecm

Index: Makefile
===
RCS file: /cvs/ports/math/ecm/Makefile,v
retrieving revision 1.18
diff -u -p -r1.18 Makefile
--- Makefile2 Nov 2018 18:48:39 -   1.18
+++ Makefile24 Jun 2019 18:33:30 -
@@ -5,7 +5,7 @@ COMMENT =   elliptic curve method (ECM) fa
 DISTNAME = ecm-6.4.4
 SHARED_LIBS =  ecm 0.1
 CATEGORIES =   math
-REVISION = 1
+REVISION = 2
 
 HOMEPAGE = http://gforge.inria.fr/projects/ecm/
 
@@ -21,6 +21,7 @@ MASTER_SITES =http://gforge.inria.fr/f
 LIB_DEPENDS =  devel/gmp
 
 CONFIGURE_STYLE =  gnu
+CONFIGURE_ARGS =   --disable-openmp
 CONFIGURE_ENV =CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib"
 

irssi: security update to 1.2.1

[Klemens Nanni]

https://irssi.org/2019/06/29/irssi-1.2.1-1.1.3-1.0.8-released/

I've never experienced issues with almost daily SASL authentications.
Update works, nothing new besides fixing a use after free.

OK?

Index: Makefile
===
RCS file: /cvs/ports/net/irssi/Makefile,v
retrieving revision 1.79
diff -u -p -r1.79 Makefile
--- Makefile18 Feb 2019 18:35:57 -  1.79
+++ Makefile28 Jun 2019 22:34:24 -
@@ -2,7 +2,7 @@
 
 COMMENT =  modular IRC client with many features (ipv6,socks,proxy)
 
-V =1.2.0
+V =1.2.1
 DISTNAME = irssi-$V
 PKGSPEC =  irssi-=$V
 
Index: distinfo
===
RCS file: /cvs/ports/net/irssi/distinfo,v
retrieving revision 1.32
diff -u -p -r1.32 distinfo
--- distinfo17 Feb 2019 19:25:43 -  1.32
+++ distinfo28 Jun 2019 22:23:58 -
@@ -1,2 +1,2 @@
-SHA256 (irssi-1.2.0.tar.gz) = NQ38X9jbiB5vGYLaBGaQC1sXVSfpqU1praC36Qpz4+o=
-SIZE (irssi-1.2.0.tar.gz) = 1840945
+SHA256 (irssi-1.2.1.tar.gz) = /YsO8lRP22kSESk93tPc9u2H8heB2xnn32Lq15fxigY=
+SIZE (irssi-1.2.1.tar.gz) = 1843164

UPDATE: math/R to disable OpenMP

[j]

This disables OpenMP code generation in R.


Index: Makefile
===
RCS file: /cvs/ports/math/R/Makefile,v
retrieving revision 1.111
diff -u -p -r1.111 Makefile
--- Makefile17 May 2019 16:45:27 -  1.111
+++ Makefile28 Jun 2019 20:18:07 -
@@ -2,7 +2,7 @@
 
 COMMENT=   powerful math/statistics/graphics language
 DISTNAME=  R-3.6.0
-REVISION=  0
+REVISION=  1
 
 SO_VERSION=35.0
 .for _lib in R Rblas Rlapack
@@ -79,6 +79,7 @@ CONFIGURE_STYLE=gnu
 MODGNU_CONFIG_GUESS_DIRS=${WRKSRC}/tools
 
 CONFIGURE_ARGS= --disable-java \
+   --disable-openmp \
--enable-BLAS-shlib \
--enable-R-shlib \
--with-tcl-config=${MODTCL_CONFIG} \

veracrypt port

[Chris Humphries]

Hello all,

I did searching to see if I could find history on a veracrypt port and
it looks like jcs has done it already[1], but it isn't in the ports
repository (and his port is a version behind).

Curious what would be involved with getting his/a port added to the
ports repo and if there was a history already that I couldn't find
about it, other than the ports thread about jcs doing a port[2].


I was looking for Veracrypt as a portable way to have an encrypted
container (to sync to cloud storage) and usb key (on my keychain). I
think the tools to do this are limited to Veracrypt.


Thank you.


1: https://github.com/jcs/openbsd-ports/tree/master/security/veracrypt
2: http://openbsd-archive.7691.n7.nabble.com/security-veracrypt-td331986.html


-- 
Chris Humphries 
5223 9548 E1DE DE87 F509  1888 8141 8451 6338 DD29

Re: CVS: cvs.openbsd.org: ports

[Marc Espie]

On Fri, Jun 28, 2019 at 06:04:39PM +0200, Frederic Cambus wrote:
> On Thu, Jun 27, 2019 at 08:59:31PM +0200, Giovanni Bechis wrote:
> 
> > >CVSROOT:   /cvs
> > >Module name:   ports
> > >Changes by:fcam...@cvs.openbsd.org 2019/06/27 12:54:45
> > >
> > >Modified files:
> > >   net/p5-MaxMind-DB-Reader: Makefile distinfo 
> > >
> > >Log message:
> > >Update p5-MaxMind-DB-Reader to 1.14.
> > >
> > >This module is deprecated and will only receive fixes for major bugs
> > >and
> > >security vulnerabilities. New features and functionality will not be
> > >added.
> > 
> > any alternatives you are aware to query MaxMind from Perl ?
> 
> Unfortunately no, I'm not aware of any alternatives.
> 
> This deprecation is as strange as unexpected, considering there has not
> been any formal announcement from MaxMind. They simply pushed those new
> versions with the deprecation notice as the sole change.

They probably just decided to stop supporting perl apart from major issues ?

CVS: cvs.openbsd.org: ports

[Marc Espie]

CVSROOT:/cvs
Module name:ports
Changes by: es...@cvs.openbsd.org   2019/06/28 10:48:42

Modified files:
graphics/openbsd-backgrounds: Makefile distinfo 
graphics/openbsd-backgrounds/pkg: DESCR PLIST 

Log message:
finally make use of new xwallpaper

Re: CVS: cvs.openbsd.org: ports

[Frederic Cambus]

On Thu, Jun 27, 2019 at 08:59:31PM +0200, Giovanni Bechis wrote:

> >CVSROOT: /cvs
> >Module name: ports
> >Changes by:  fcam...@cvs.openbsd.org 2019/06/27 12:54:45
> >
> >Modified files:
> > net/p5-MaxMind-DB-Reader: Makefile distinfo 
> >
> >Log message:
> >Update p5-MaxMind-DB-Reader to 1.14.
> >
> >This module is deprecated and will only receive fixes for major bugs
> >and
> >security vulnerabilities. New features and functionality will not be
> >added.
> 
> any alternatives you are aware to query MaxMind from Perl ?

Unfortunately no, I'm not aware of any alternatives.

This deprecation is as strange as unexpected, considering there has not
been any formal announcement from MaxMind. They simply pushed those new
versions with the deprecation notice as the sole change.

Re: [NEW] slant-0.0.20 (now slant-0.0.21)

[James Turner]

On Fri, Jun 28, 2019 at 03:03:31PM +0200, Kristaps Dzonsons wrote:
> > One last nitpick: users and rc scripts are usually named after
> > programs, not packages. So please use slant-collectd/slant_collectd.
> > With that it's ok with me.
> 
> Enclosed is slant-0.0.21, which renames slant.rc to slant_collectd.rc.
> It also fixes a bug found by schwarze@, hence the version bump.
> 
> Thank you!
> 
> Kristaps

I plan on importing this, this evening unless someone else beats me to
it.


-- 
James Turner

CVS: cvs.openbsd.org: ports

[Marc Espie]

CVSROOT:/cvs
Module name:ports
Changes by: es...@cvs.openbsd.org   2019/06/28 07:53:28

Modified files:
x11/xwallpaper : Makefile distinfo 

Log message:
minor update, bug-fixed version, as discussed with tobias@

Re: [NEW] slant-0.0.20 (now slant-0.0.21)

[Kristaps Dzonsons]

> One last nitpick: users and rc scripts are usually named after
> programs, not packages. So please use slant-collectd/slant_collectd.
> With that it's ok with me.

Enclosed is slant-0.0.21, which renames slant.rc to slant_collectd.rc.
It also fixes a bug found by schwarze@, hence the version bump.

Thank you!

Kristaps


slant-0.0.21.tgz
Description: Binary data

CVS: cvs.openbsd.org: ports

[Benoit Lecocq]

CVSROOT:/cvs
Module name:ports
Changes by: ben...@cvs.openbsd.org  2019/06/28 06:33:45

Modified files:
security/libssh2: Makefile distinfo 
security/libssh2/patches: patch-tests_Makefile_in 
security/libssh2/pkg: PLIST 

Log message:
Update to libssh2-1.9.0.

Re: [UPDATE] devel/openmpi 4.0.1

[Jeremie Courreges-Anglas]

On Fri, Jun 28 2019, Martin Reindl  wrote:
> Am 27.06.2019 um 16:09 schrieb Jeremie Courreges-Anglas:
>> Note that what has been committed shouldn't have a problem with NFS: the
>> code in ad_fstype.c already properly checks for f_fstypename and uses
>> it.  Our patch is still bogus though, please find an additional diff
>> below.  ok?
>
> Yes.

Thanks, committed.

>>> And there is a pthread_mutexattr_setpshared() (which we don't have)
>>> problem deep down in pmix which needs to be investigated at some point.
>>
>> Is that a problem at runtime?
>
> No. But the environment should be set up to use the GDS/hash component
> by the plugin managaer (MCA):
>
> export PMIX_MCA_gds=hash
>
> GDS/ds21 is the component that wants to set PTHREAD_PROCESS_SHARED.
> I did not test GDS/ds12.

Looks like ds12 also wants PTHREAD_PROCESS_SHARED.

> I will work on this as time permits.

Making "hash" the default should be doable, tweaking the priority of the
modules in ./opal/mca/pmix/pmix3x/pmix/src/mca/gds/*/gds*component.c .

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

CVS: cvs.openbsd.org: ports

[Jeremie Courreges-Anglas]

CVSROOT:/cvs
Module name:ports
Changes by: j...@cvs.openbsd.org2019/06/28 05:05:11

Modified files:
devel/openmpi  : Makefile 
devel/openmpi/patches: 
   
patch-ompi_mca_io_romio321_romio_adio_common_ad_fstype_c 

Log message:
Cleaner filesystem detection.

Our diff to convert statfs.f_type tests to statfs.f_fstypename was
broken, since it used pointer equality tests for strings.

Fortunately the default FS type is UFS and upstream tests for NFS using
statfs.f_fstypename, so we only need to neuter tests based on
statfs.f_type.

ok martin@ (maintainer)

Re: UPDATE: syncthing-1.1.4

[Paco Esteban]

On Sun, 16 Jun 2019, Edd Barrett wrote:

> Hi,
> 
> Here's an update to Syncthing. I'll be testing this over the next few
> days.

I've been using it since you sent the first patch.
Works ok for me on amd64 syncing to android and osx.

Cheers,

-- 
Paco Esteban.
https://onna.be/gpgkey.asc
9A6B 6083 AD9E FDC2 0EAF  5CB3 5818 130B 8A6D BC03

CVS: cvs.openbsd.org: ports

[Stuart Henderson]

CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/06/28 01:25:37

Modified files:
net/iperf3 : Makefile distinfo 
net/iperf3/patches: patch-src_iperf_api_c 
Added files:
net/iperf3/patches: patch-src_timer_c 
Removed files:
net/iperf3/patches: patch-src_Makefile_in patch-src_iperf_udp_c 

Log message:
update to iperf-3.7

- disable the auth code; it's likely to have issues on 32-bit arches
(wrong format strings for variable sizes) and has an sscanf that doesn't
seem like a great idea. can be reviewed if anyone is actually using that...

- switch from github on-the-fly generated tarballs to proper uploaded ones

ok lteo (maintainer)

Re: [UPDATE] security/libssh2

[Benoit Lecocq]

On 27/06/2019 13:13, Stuart Henderson wrote:

On 2019/06/27 11:52, Benoit Lecocq wrote:

Hi,

This is the diff to update libssh2 to latest release.

Please test this diff in a bulk build.


Why a bulk? There are only a handful of ports using it ..

devel/libgit2/libgit2
emulators/qemu
lang/rust
misc/mc
misc/subsurface
net/nmap
net/p5-Net-SSH2
net/zabbix
sysutils/libvirt
www/aria2
www/pecl-ssh2



I'll do that !

CVS: cvs.openbsd.org: ports

[Anthony J . Bentley]

CVSROOT:/cvs
Module name:ports
Changes by: bent...@cvs.openbsd.org 2019/06/28 00:47:02

Modified files:
devel  : Makefile 

Log message:
+armips

CVS: cvs.openbsd.org: ports

[Anthony J . Bentley]

CVSROOT:/cvs
Module name:ports
Changes by: bent...@cvs.openbsd.org 2019/06/28 00:45:23

Log message:
Import armips-0.10.0.

armips is an assembler and linker that includes full support for the MIPS
R3000, MIPS R4000, and Allegrex instruction sets, partial support for the
EmotionEngine instruction set, as well as complete support for the ARM7 and
ARM9 instruction sets, both THUMB and ARM mode.

Some of the other features include a full-fledged C-like expression parser,
the ability to overlay assembled output over an existing file, and table
support for user-defined text encodings.

ok benoit@

Status:

Vendor Tag: bentley
Release Tags:   bentley_20190628

N ports/devel/armips/Makefile
N ports/devel/armips/distinfo
N ports/devel/armips/pkg/DESCR
N ports/devel/armips/pkg/PLIST

No conflicts created by this import

Re: dedicated user for sysutils/monit

[Antoine Jacoutot]

On Wed, Jun 26, 2019 at 05:29:14PM +0200, Joel Carnat wrote:
> Hello,
> 
> I've just installed sysutils/monit on some new server and noticed there
> were no dedicated user created to run the daemon.
> 
> I already run it as non-root on serveral servers. So I know it works.
> Note that there are cases (service restart for example) that require
> configuring doas rules. But once done, everything runs ok.
> 
> If you think that's ok, here's a patch to create a dedicated user.
> Inspired from net/openvpn port.
> 
> Regards,
> Jo

> --- infrastructure/db/user.list.orig  Wed Jun 26 17:04:43 2019
> +++ infrastructure/db/user.list   Wed Jun 26 17:06:41 2019
> @@ -348,2 +348,3 @@
>  837 _thingsd _thingsdnet/thingsd
>  838 _i2pd_i2pd   net/i2pd
> +839 _monit   _monit  sysutils/monit
> 
> --- sysutils/monit/pkg/PLIST.orig Wed May  1 21:21:57 2019
> +++ sysutils/monit/pkg/PLIST  Wed Jun 26 17:14:10 2019
> @@ -1,3 +1,5 @@
>  @comment $OpenBSD: PLIST,v 1.11 2019/05/01 19:21:57 landry Exp $
> +@newgroup _monit:839
> +@newuser _monit:839:_monit:daemon:Monit Daemon:/var/monit:/sbin/nologin

Can't we use /nonexistent for HOME like most other daemons do?

>  @rcscript ${RCDIR}/monit
>  @bin bin/monit


-- 
Antoine