Re: offlineimap python 3, new port needed
On Wed, Oct 27, 2021 at 09:44:18PM +0100, Stuart Henderson wrote: Hi Stuart, > There's an offlineimap3 repo upstream which recently had an 8.0.0 tag, > seems to work ok in my limited testing. Anyone using this more regularly > want to test? I've replaced the offlineimap on my machine with this update and it works like before. Have tried the basic as well as the Curses.Blinkenlights ui's. Am working with four different imapservers through it (so I've only tested imaps connections), which are synchronized at the same time, so all the threading etc. works fine ("as before") as well. Seems all good to me. felix
Re: [update] devel/intellij to 2021.2.2
On Sat, Oct 09, 2021 at 04:23:39PM +0200, Lucas Raab wrote: Hi Lucas, > Here's an update to devel/intellij up to the latest. [...] > Other feedback, tests? builds and works nicely here. felix -- GPG: 824CE0F0 / 2082 651E 5104 F989 4D18 BB2E 0B26 6738 824C E0F0 https://hazardous.org/ - f...@hazardous.org - fkr@irc - @felixkronlage
Re: terraform providers
On Sat, Sep 07, 2019 at 01:11:41PM +0200, Antoine Jacoutot wrote: > I am wondering if the effort to maintain terraform providers is worth it. > i.e. ports/sysutils/terraform/provider-* > It's almost impossible to keep them up-to-date because portroach does not work > well with github and terraform can download the binaries automatically; which > it does anyway if you tf file contains provider code which isn't installed. ack. imho that (let download the provider) is the way to go - since this behaviour is embedded into terraform it feels natural (and will supply the latest available version). felix
Re: openvpn 2.3.1 [Re: update openvpn 2.2.2 - 2.3.0]
On Wed, Apr 17, 2013 at 02:24:02PM +0100, Stuart Henderson wrote: Hi Stuart, I think the rtable support is broken though. [..] rtable support might be useful if it was a bit more clever (e.g. use the default table to connect to the other VPN endpoint, but put the tun interface and new routes into an alternative rtable) but as-is I don't really see the point. I concur. Likely another good thing would be to drop me as a maintainer, since I hardly get around to it these days. felix
UPDATE: exim 4.80
Hi, attached is a diff that updates exim to version 4.80. Any comments/hints? :) felix Index: Makefile === RCS file: /cvs/ports/mail/exim/Makefile,v retrieving revision 1.89 diff -u -r1.89 Makefile --- Makefile 30 Apr 2012 13:08:18 - 1.89 +++ Makefile 6 Jun 2012 07:33:06 - @@ -3,8 +3,7 @@ CATEGORIES = mail COMMENT-main = flexible mail transfer agent COMMENT-eximon = X11 monitor tool for Exim MTA -VERSION = 4.77 -REVISION = 1 +VERSION = 4.80 DISTNAME = exim-${VERSION} PKGNAME-main = exim-${VERSION} FULLPKGNAME-eximon = exim-eximon-${VERSION} Index: distinfo === RCS file: /cvs/ports/mail/exim/distinfo,v retrieving revision 1.21 diff -u -r1.21 distinfo --- distinfo 19 Oct 2011 23:06:57 - 1.21 +++ distinfo 6 Jun 2012 07:33:06 - @@ -1,5 +1,5 @@ -MD5 (exim-4.77.tar.gz) = 3B8p9odVbw8OmPveGfmO9A== -RMD160 (exim-4.77.tar.gz) = 6/kbDf+blCKW24umVAhj5qFROtY= -SHA1 (exim-4.77.tar.gz) = LBumuPYntxs7WPwMxW45RZDc0dw= -SHA256 (exim-4.77.tar.gz) = FkmActgsdNKf6eCctG+QYN4b0MtXIczAcZkK9hLumjw= -SIZE (exim-4.77.tar.gz) = 2035914 +MD5 (exim-4.80.tar.gz) = IB3xUBWRvrEKgcDJPljLXQ== +RMD160 (exim-4.80.tar.gz) = VDzfuci5bRzAA/6nQUcR/d/FVPw= +SHA1 (exim-4.80.tar.gz) = SuSoxm+tdaksiLfqHkpG7zCiKZU= +SHA256 (exim-4.80.tar.gz) = 26id4eWebXthqgP8ts6JRrzgC8lmNitkw3WKbFV7kh0= +SIZE (exim-4.80.tar.gz) = 2107736 Index: files/Makefile === RCS file: /cvs/ports/mail/exim/files/Makefile,v retrieving revision 1.15 diff -u -r1.15 Makefile --- files/Makefile 19 Oct 2011 23:06:57 - 1.15 +++ files/Makefile 6 Jun 2012 07:33:08 - @@ -248,11 +248,19 @@ #-- # See below for dynamic lookup modules. -# LOOKUP_MODULE_DIR=/usr/lib/exim/lookups/ +# # If not using package management but using this anyway, then think about how # you perform upgrades and revert them. You should consider the benefit of # embedding the Exim version number into LOOKUP_MODULE_DIR, so that you can # maintain two concurrent sets of modules. +# +# *BEWARE*: ability to modify the files in LOOKUP_MODULE_DIR is equivalent to +# the ability to modify the Exim binary, which is often setuid root! The Exim +# developers only intend this functionality be used by OS software packagers +# and we suggest that such packagings' integrity checks should be paranoid +# about the permissions of the directory and the files within. + +# LOOKUP_MODULE_DIR=/usr/lib/exim/lookups/ # To build a module dynamically, you'll need to define CFLAGS_DYNAMIC for # your platform. Eg: @@ -279,6 +287,10 @@ # the dynamic library and not the exim binary will be linked against the # library. # NOTE: LDAP cannot be built as a module! +# +# If your system has pkg-config then the _INCLUDE/_LIBS setting can be +# handled for you automatically by also defining the _PC variable to reference +# the name of the pkg-config package, if such is available. LOOKUP_DBM=yes LOOKUP_LSEARCH=yes @@ -295,6 +307,7 @@ LOOKUP_PASSWD=yes # LOOKUP_PGSQL=yes # LOOKUP_SQLITE=yes +# LOOKUP_SQLITE_PC=sqlite3 # LOOKUP_WHOSON=yes # These two settings are obsolete; all three lookups are compiled when @@ -329,9 +342,12 @@ # In either case you must specify the library link info here. If the # PCRE header files are not in the standard search path you must also # modify the INCLUDE path (above) -# The default setting of PCRE_LIBS should work on the vast majority of -# systems +# +# Use PCRE_CONFIG to query the pcre-config command (first found in $PATH) +# to find the include files and libraries, else use PCRE_LIBS and set INCLUDE +# too if needed. +PCRE_CONFIG=yes PCRE_LIBS=-lpcre @@ -342,6 +358,8 @@ # don't need to set LOOKUP_INCLUDE if the relevant directories are already # specified in INCLUDE. The settings below are just examples; -lpq is for # PostgreSQL, -lgds is for Interbase, -lsqlite3 is for SQLite. +# +# You do not need to use this for any lookup information added via pkg-config. # LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include # LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3 @@ -398,6 +416,11 @@ # experimental-spec.txt. Experimental means that the way these features are # implemented may still change. Backward compatibility is not guaranteed. +# Uncomment the following line to add support for talking to dccifd. This +# defaults the socket path to /usr/local/dcc/var/dccifd. + +# EXPERIMENTAL_DCC=yes + # Uncomment the following lines to add SPF support. You need to have libspf2 # installed on your system (www.libspf2.org). Depending on where it is installed # you may have to edit the CFLAGS and LDFLAGS lines. @@ -424,6 +447,11 @@ # CFLAGS += -I/opt/brightmail/bsdk-6.0/include # LDFLAGS += -lxml2_single
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: f...@cvs.openbsd.org2011/10/19 17:06:57 Modified files: mail/exim : Makefile distinfo mail/exim/files: Makefile Log message: update to exim version 4.77. This release changes the behaviour of certain expansion methods. Details can be found here: http://www.gossamer-threads.com/lists/exim/announce/92353 ok sthen@, jasper@ and ajacoutot@
UPDATE: exim 4.77
Hi, this is an update to exim 4.77. This updates changes the default behaviour of certain expansions, more to be read here: url: http://www.gossamer-threads.com/lists/exim/announce/92353 The announcement mail for 4.77 is here: url: http://www.gossamer-threads.com/lists/exim/announce/92437 Any tests, especially of the flavoured versions more than welcome. felix Index: Makefile === RCS file: /cvs/ports/mail/exim/Makefile,v retrieving revision 1.83 diff -u -r1.83 Makefile --- Makefile17 Jul 2011 20:15:59 - 1.83 +++ Makefile17 Oct 2011 12:01:47 - @@ -3,12 +3,12 @@ CATEGORIES = mail COMMENT-main = flexible mail transfer agent COMMENT-eximon = X11 monitor tool for Exim MTA -VERSION = 4.76 +VERSION = 4.77 DISTNAME = exim-${VERSION} PKGNAME-main = exim-${VERSION} FULLPKGNAME-eximon = exim-eximon-${VERSION} FULLPKGPATH-eximon = ${PKGPATH},-eximon -REVISION-main =1 +REVISION-main =0 MASTER_SITES = http://ftp.exim.org/pub/exim/exim4/ \ http://ftp.exim.org/pub/exim/exim4/old/ \ ftp://ftp.exim.org/pub/exim/exim4/ \ Index: distinfo === RCS file: /cvs/ports/mail/exim/distinfo,v retrieving revision 1.20 diff -u -r1.20 distinfo --- distinfo9 May 2011 14:56:56 - 1.20 +++ distinfo17 Oct 2011 12:01:47 - @@ -1,5 +1,5 @@ -MD5 (exim-4.76.tar.gz) = T8OXDU+7HUlRtbYz3r0NSA== -RMD160 (exim-4.76.tar.gz) = a8MWCKG8H0OjYtvLkUB/ZvqIwsM= -SHA1 (exim-4.76.tar.gz) = ExIWRKnf1sBm9l20rWcDo9xDLIo= -SHA256 (exim-4.76.tar.gz) = mXbJ7+bDBLG/iRoWlZMapdGNw3T3134voIKqx1OyJy0= -SIZE (exim-4.76.tar.gz) = 2068071 +MD5 (exim-4.77.tar.gz) = 3B8p9odVbw8OmPveGfmO9A== +RMD160 (exim-4.77.tar.gz) = 6/kbDf+blCKW24umVAhj5qFROtY= +SHA1 (exim-4.77.tar.gz) = LBumuPYntxs7WPwMxW45RZDc0dw= +SHA256 (exim-4.77.tar.gz) = FkmActgsdNKf6eCctG+QYN4b0MtXIczAcZkK9hLumjw= +SIZE (exim-4.77.tar.gz) = 2035914 Index: files/Makefile === RCS file: /cvs/ports/mail/exim/files/Makefile,v retrieving revision 1.14 diff -u -r1.14 Makefile --- files/Makefile 9 May 2011 14:56:56 - 1.14 +++ files/Makefile 17 Oct 2011 12:01:48 - @@ -1,5 +1,3 @@ -# $Cambridge: exim/src/src/EDITME,v 1.27 2010/06/12 15:21:25 jetmore Exp $ - ## # The Exim mail transport agent # ## @@ -1205,6 +1203,26 @@ # SUPPORT_MOVE_FROZEN_MESSAGES=yes + +#-- +# Expanding match_* second paramters: BE CAREFUL IF ENABLING THIS! +# It has proven too easy in practice for administrators to configure security +# problems into their Exim install, by treating match_domain{}{} and friends +# as a form of string comparison, where the second string comes from untrusted +# data. Because these options take lists, which can include lookup;LOOKUPDATA +# style elements, a foe can then cause Exim to, eg, execute an arbitrary MySQL +# query, dropping tables. +# From Exim 4.77 onwards, the second parameter is not expanded; it can still +# be a list literal, or a macro, or a named list reference. There is also +# the new expansion condition inlisti which does expand the second parameter, +# but treats it as a list of strings; also, there's eqi which is probably +# what is normally wanted. +# +# If you really need to have the old behaviour, know what you are doing and +# will not complain if your system is compromised as a result of doing so, then +# uncomment this option to get the old behaviour back. + +# EXPAND_LISTMATCH_RHS=yes #-- # Disabling the use of fsync(): DO NOT UNCOMMENT THE FOLLOWING LINE unless you -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - fkr@silc|irc - @felixkronlage - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas
Re: UPDATE: exim 4.77
hi, of course with the REVISION line needs to be removed. felix Index: Makefile === RCS file: /cvs/ports/mail/exim/Makefile,v retrieving revision 1.83 diff -u -r1.83 Makefile --- Makefile17 Jul 2011 20:15:59 - 1.83 +++ Makefile17 Oct 2011 12:05:09 - @@ -3,12 +3,11 @@ CATEGORIES = mail COMMENT-main = flexible mail transfer agent COMMENT-eximon = X11 monitor tool for Exim MTA -VERSION = 4.76 +VERSION = 4.77 DISTNAME = exim-${VERSION} PKGNAME-main = exim-${VERSION} FULLPKGNAME-eximon = exim-eximon-${VERSION} FULLPKGPATH-eximon = ${PKGPATH},-eximon -REVISION-main =1 MASTER_SITES = http://ftp.exim.org/pub/exim/exim4/ \ http://ftp.exim.org/pub/exim/exim4/old/ \ ftp://ftp.exim.org/pub/exim/exim4/ \ Index: distinfo === RCS file: /cvs/ports/mail/exim/distinfo,v retrieving revision 1.20 diff -u -r1.20 distinfo --- distinfo9 May 2011 14:56:56 - 1.20 +++ distinfo17 Oct 2011 12:05:09 - @@ -1,5 +1,5 @@ -MD5 (exim-4.76.tar.gz) = T8OXDU+7HUlRtbYz3r0NSA== -RMD160 (exim-4.76.tar.gz) = a8MWCKG8H0OjYtvLkUB/ZvqIwsM= -SHA1 (exim-4.76.tar.gz) = ExIWRKnf1sBm9l20rWcDo9xDLIo= -SHA256 (exim-4.76.tar.gz) = mXbJ7+bDBLG/iRoWlZMapdGNw3T3134voIKqx1OyJy0= -SIZE (exim-4.76.tar.gz) = 2068071 +MD5 (exim-4.77.tar.gz) = 3B8p9odVbw8OmPveGfmO9A== +RMD160 (exim-4.77.tar.gz) = 6/kbDf+blCKW24umVAhj5qFROtY= +SHA1 (exim-4.77.tar.gz) = LBumuPYntxs7WPwMxW45RZDc0dw= +SHA256 (exim-4.77.tar.gz) = FkmActgsdNKf6eCctG+QYN4b0MtXIczAcZkK9hLumjw= +SIZE (exim-4.77.tar.gz) = 2035914 Index: files/Makefile === RCS file: /cvs/ports/mail/exim/files/Makefile,v retrieving revision 1.14 diff -u -r1.14 Makefile --- files/Makefile 9 May 2011 14:56:56 - 1.14 +++ files/Makefile 17 Oct 2011 12:05:10 - @@ -1,5 +1,3 @@ -# $Cambridge: exim/src/src/EDITME,v 1.27 2010/06/12 15:21:25 jetmore Exp $ - ## # The Exim mail transport agent # ## @@ -1205,6 +1203,26 @@ # SUPPORT_MOVE_FROZEN_MESSAGES=yes + +#-- +# Expanding match_* second paramters: BE CAREFUL IF ENABLING THIS! +# It has proven too easy in practice for administrators to configure security +# problems into their Exim install, by treating match_domain{}{} and friends +# as a form of string comparison, where the second string comes from untrusted +# data. Because these options take lists, which can include lookup;LOOKUPDATA +# style elements, a foe can then cause Exim to, eg, execute an arbitrary MySQL +# query, dropping tables. +# From Exim 4.77 onwards, the second parameter is not expanded; it can still +# be a list literal, or a macro, or a named list reference. There is also +# the new expansion condition inlisti which does expand the second parameter, +# but treats it as a list of strings; also, there's eqi which is probably +# what is normally wanted. +# +# If you really need to have the old behaviour, know what you are doing and +# will not complain if your system is compromised as a result of doing so, then +# uncomment this option to get the old behaviour back. + +# EXPAND_LISTMATCH_RHS=yes #-- # Disabling the use of fsync(): DO NOT UNCOMMENT THE FOLLOWING LINE unless you
Update www/apache-httpd to 2.2.20
Hi, the following diff updates www/apache-httpd to version 2.2.20 released couple days ago. Foremost this version includes a security fix for CVE-2011-3192. url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 comments and tests more than welcome. felix Index: Makefile === RCS file: /data/cvsmirror/src/openbsd/ports/www/apache-httpd/Makefile,v retrieving revision 1.27 diff -u -r1.27 Makefile --- Makefile12 Feb 2011 21:05:38 - 1.27 +++ Makefile1 Sep 2011 07:35:08 - @@ -2,10 +2,9 @@ COMMENT= apache HTTP server -V= 2.2.15 +V= 2.2.20 PKGNAME= apache-httpd-${V} DISTNAME= httpd-${V} -REVISION= 0 CATEGORIES=www net Index: distinfo === RCS file: /data/cvsmirror/src/openbsd/ports/www/apache-httpd/distinfo,v retrieving revision 1.10 diff -u -r1.10 distinfo --- distinfo27 Jun 2010 17:27:03 - 1.10 +++ distinfo1 Sep 2011 07:35:08 - @@ -1,5 +1,5 @@ -MD5 (httpd-2.2.15.tar.gz) = MfoCLcPAkIxuqv5zyBxl3w== -RMD160 (httpd-2.2.15.tar.gz) = OUj1YdwjI2iVZ6k3Z7lY2ecX+ZM= -SHA1 (httpd-2.2.15.tar.gz) = GnUaq0Q8527eIzttM1EiPpyVFvI= -SHA256 (httpd-2.2.15.tar.gz) = T4eSUek46B+v7avJRoMaUBtx3cM8uKmtSplPziM/KBs= -SIZE (httpd-2.2.15.tar.gz) = 6593633 +MD5 (httpd-2.2.20.tar.gz) = RQSTRGTF7lEBjbr6bZmBDQ== +RMD160 (httpd-2.2.20.tar.gz) = +65r9C4KENDX8YpOlxtH1Ie8li8= +SHA1 (httpd-2.2.20.tar.gz) = XmcGNuFyhreuWt5bf14h5oZVnlo= +SHA256 (httpd-2.2.20.tar.gz) = CrtZaJZkrk210e4atBQHFbh/iJ6B3itNlYHCNVlOKGg= +SIZE (httpd-2.2.20.tar.gz) = 6834233 Index: patches/patch-configure === RCS file: /data/cvsmirror/src/openbsd/ports/www/apache-httpd/patches/patch-configure,v retrieving revision 1.7 diff -u -r1.7 patch-configure --- patches/patch-configure 1 Dec 2009 13:38:23 - 1.7 +++ patches/patch-configure 1 Sep 2011 07:35:08 - @@ -1,7 +1,7 @@ $OpenBSD: patch-configure,v 1.7 2009/12/01 13:38:23 bernd Exp $ configure.orig Thu Sep 24 01:29:56 2009 -+++ configure Fri Oct 9 11:52:03 2009 -@@ -3097,7 +3097,7 @@ do +--- configure.orig Tue Aug 30 02:13:20 2011 configure Thu Sep 1 08:44:44 2011 +@@ -3121,7 +3121,7 @@ do ap_last=${ap_cur} ap_cur=`eval echo ${ap_cur}` done @@ -10,7 +10,7 @@ APACHE_VAR_SUBST=$APACHE_VAR_SUBST exp_sysconfdir -@@ -4077,7 +4077,7 @@ SHLIBPATH_VAR=`$apr_config --shlib-path-var` +@@ -4112,7 +4112,7 @@ SHLIBPATH_VAR=`$apr_config --shlib-path-var` APR_BINDIR=`$apr_config --bindir` APR_INCLUDEDIR=`$apr_config --includedir` APR_VERSION=`$apr_config --version` @@ -19,7 +19,7 @@ echo $ac_n ${nl}Configuring Apache Portable Runtime Utility library...${nl} -@@ -4384,7 +4384,7 @@ fi +@@ -4430,7 +4430,7 @@ fi APU_BINDIR=`$apu_config --bindir` APU_INCLUDEDIR=`$apu_config --includedir` APU_VERSION=`$apu_config --version` Index: patches/patch-docs_man_htpasswd_1 === RCS file: /data/cvsmirror/src/openbsd/ports/www/apache-httpd/patches/patch-docs_man_htpasswd_1,v retrieving revision 1.3 diff -u -r1.3 patch-docs_man_htpasswd_1 --- patches/patch-docs_man_htpasswd_1 19 Sep 2007 05:47:36 - 1.3 +++ patches/patch-docs_man_htpasswd_1 1 Sep 2011 07:35:08 - @@ -1,12 +1,12 @@ $OpenBSD: patch-docs_man_htpasswd_1,v 1.3 2007/09/19 05:47:36 steven Exp $ docs/man/htpasswd.1.orig Tue Apr 24 18:18:39 2007 -+++ docs/man/htpasswd.1Tue Sep 18 17:07:46 2007 -@@ -19,39 +19,39 @@ +--- docs/man/htpasswd.1.orig Sun Jun 19 13:45:57 2011 docs/man/htpasswd.1Thu Sep 1 08:48:14 2011 +@@ -19,36 +19,36 @@ .el .ne 3 .IP \\$1 \\$2 .. --.TH HTPASSWD 1 2007-04-24 Apache HTTP Server htpasswd -+.TH HTPASSWD2 1 2007-04-24 Apache HTTP Server htpasswd2 +-.TH HTPASSWD 1 2011-06-19 Apache HTTP Server htpasswd ++.TH HTPASSWD2 1 2011-06-19 Apache HTTP Server htpasswd2 .SH NAME -htpasswd \- Manage user files for basic authentication @@ -39,31 +39,20 @@ .PP -Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd\. This program can only manage usernames and passwords stored in a flat-file\. It can encrypt and display password information for use in other types of data stores, though\. To use a DBM database see dbmmanage\. -+Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd2\. This program can only manage usernames and passwords stored in a flat-file\. It can encrypt and display password information for use in other types of data stores, though\. To use a DBM database see dbmmanage2\. ++Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd2\. This program can only
Re: Update www/apache-httpd to 2.2.20
On Thu, Sep 01, 2011 at 09:50:03AM +0200, Antoine Jacoutot wrote: comments and tests more than welcome. Didn't giovanni@ send a similar update yesterday? that what I get for not reading my mail backlog ;) sorry for the noise. felix signature.asc Description: Digital signature
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: f...@cvs.openbsd.org2011/05/09 08:56:56 Modified files: mail/exim : Makefile distinfo mail/exim/files: Makefile Removed files: mail/exim/patches: patch-src_log_c Log message: update exim to version 4.76. This contains a security fix for CVE-2011-1764. ok sthen@ and jasper@
Update for exim to 4.76 (including a fix for a security issue)
Hi, attached diff updates exim to the version 4.76, which was released ealiert today. 4.76 fixes a rather ugly security issue within the dkim code-path, as such I would like to get this in really fast. The update to 4.75 that I've sent out a while ago was tested just fine, 4.76 only has the security fix and one other smaller item. The attached diff removes the obsolete diff for log.c and updates the Makefile. Any feedback is welcome. felix Index: Makefile === RCS file: /data/cvsmirror/src/openbsd/ports/mail/exim/Makefile,v retrieving revision 1.80 diff -u -r1.80 Makefile --- Makefile 7 Feb 2011 16:01:26 - 1.80 +++ Makefile 9 May 2011 11:21:26 - @@ -3,10 +3,9 @@ CATEGORIES = mail COMMENT-main = flexible mail transfer agent COMMENT-eximon = X11 monitor tool for Exim MTA -VERSION = 4.73 +VERSION = 4.76 DISTNAME = exim-${VERSION} PKGNAME-main = exim-${VERSION} -REVISION-main = 0 FULLPKGNAME-eximon = exim-eximon-${VERSION} FULLPKGPATH-eximon = ${PKGPATH},-eximon MASTER_SITES = ftp://ftp.exim.org/pub/exim/exim4/ \ Index: distinfo === RCS file: /data/cvsmirror/src/openbsd/ports/mail/exim/distinfo,v retrieving revision 1.19 diff -u -r1.19 distinfo --- distinfo 12 Jan 2011 05:45:29 - 1.19 +++ distinfo 9 May 2011 11:21:26 - @@ -1,5 +1,5 @@ -MD5 (exim-4.73.tar.gz) = 9j+ymqDEobjJjWlfHIJBdA== -RMD160 (exim-4.73.tar.gz) = 81TEbqA2h/yXFcXSKMMybxNqtiw= -SHA1 (exim-4.73.tar.gz) = QaICWyUOISvz1okNxmNu60+gh7k= -SHA256 (exim-4.73.tar.gz) = C6a4ZdUuQwzapZAyLHwbH4tkrflK1+N04ISQR+982aY= -SIZE (exim-4.73.tar.gz) = 2051165 +MD5 (exim-4.76.tar.gz) = T8OXDU+7HUlRtbYz3r0NSA== +RMD160 (exim-4.76.tar.gz) = a8MWCKG8H0OjYtvLkUB/ZvqIwsM= +SHA1 (exim-4.76.tar.gz) = ExIWRKnf1sBm9l20rWcDo9xDLIo= +SHA256 (exim-4.76.tar.gz) = mXbJ7+bDBLG/iRoWlZMapdGNw3T3134voIKqx1OyJy0= +SIZE (exim-4.76.tar.gz) = 2068071 Index: files/Makefile === RCS file: /data/cvsmirror/src/openbsd/ports/mail/exim/files/Makefile,v retrieving revision 1.13 diff -u -r1.13 Makefile --- files/Makefile 12 Jan 2011 05:45:29 - 1.13 +++ files/Makefile 9 May 2011 11:21:27 - @@ -249,6 +249,19 @@ #-- +# See below for dynamic lookup modules. +# LOOKUP_MODULE_DIR=/usr/lib/exim/lookups/ +# If not using package management but using this anyway, then think about how +# you perform upgrades and revert them. You should consider the benefit of +# embedding the Exim version number into LOOKUP_MODULE_DIR, so that you can +# maintain two concurrent sets of modules. + +# To build a module dynamically, you'll need to define CFLAGS_DYNAMIC for +# your platform. Eg: +# CFLAGS_DYNAMIC=-shared -rdynamic +# CFLAGS_DYNAMIC=-shared -rdynamic -fPIC + +#-- # These settings determine which file and database lookup methods are included # in the binary. See the manual chapter entitled File and database lookups # for discussion. DBM and lsearch (linear search) are included by default. If @@ -256,6 +269,18 @@ # LOOKUP_DNSDB does *not* refer to general mail routing using the DNS. It is # for the specialist case of using the DNS as a general database facility (not # common). +# If set to 2 instead of yes then the corresponding lookup will be +# built as a module and must be installed into LOOKUP_MODULE_DIR. You need to +# add -export-dynamic -rdynamic to EXTRALIBS. You may also need to add -ldl to +# EXTRALIBS so that dlopen() is available to Exim. You need to define +# LOOKUP_MODULE_DIR above so the exim binary actually loads dynamic lookup +# modules. +# Also, instead of adding all the libraries/includes to LOOKUP_INCLUDE and +# LOOKUP_LIBS, add them to the respective LOOKUP_*_INCLUDE and LOOKUP_*_LIBS +# (where * is the name as given here in this list). That ensures that only +# the dynamic library and not the exim binary will be linked against the +# library. +# NOTE: LDAP cannot be built as a module! LOOKUP_DBM=yes LOOKUP_LSEARCH=yes @@ -503,7 +528,7 @@ # # As a strictly transient measure to ease migration to 4.73, the # WHITELIST_D_MACROS value definies a colon-separated list of macro-names -# which are permitted to be overriden from the command-line which will be +# which are permitted to be overridden from the command-line which will be # honoured by the Exim user. So these are macros that can persist to delivery # time. # Examples might be -DTLS or -DSPOOL=/some/dir. The values on the Index: patches/patch-src_log_c === RCS file: patches/patch-src_log_c diff -N patches/patch-src_log_c --- patches/patch-src_log_c 7 Feb 2011 16:01:26 - 1.1 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,41 +0,0 @@ -$OpenBSD: patch-src_log_c,v 1.1
Update to exim 4.75
Hi, attached diff updates exim to 4.75. One patch is removed, since this is now part of exim. any other additions/changes wanted? felix Index: Makefile === RCS file: /data/cvsmirror/src/openbsd/ports/mail/exim/Makefile,v retrieving revision 1.80 diff -u -r1.80 Makefile --- Makefile 7 Feb 2011 16:01:26 - 1.80 +++ Makefile 26 Mar 2011 11:11:19 - @@ -3,10 +3,9 @@ CATEGORIES = mail COMMENT-main = flexible mail transfer agent COMMENT-eximon = X11 monitor tool for Exim MTA -VERSION = 4.73 +VERSION = 4.75 DISTNAME = exim-${VERSION} PKGNAME-main = exim-${VERSION} -REVISION-main = 0 FULLPKGNAME-eximon = exim-eximon-${VERSION} FULLPKGPATH-eximon = ${PKGPATH},-eximon MASTER_SITES = ftp://ftp.exim.org/pub/exim/exim4/ \ Index: distinfo === RCS file: /data/cvsmirror/src/openbsd/ports/mail/exim/distinfo,v retrieving revision 1.19 diff -u -r1.19 distinfo --- distinfo 12 Jan 2011 05:45:29 - 1.19 +++ distinfo 26 Mar 2011 11:11:19 - @@ -1,5 +1,5 @@ -MD5 (exim-4.73.tar.gz) = 9j+ymqDEobjJjWlfHIJBdA== -RMD160 (exim-4.73.tar.gz) = 81TEbqA2h/yXFcXSKMMybxNqtiw= -SHA1 (exim-4.73.tar.gz) = QaICWyUOISvz1okNxmNu60+gh7k= -SHA256 (exim-4.73.tar.gz) = C6a4ZdUuQwzapZAyLHwbH4tkrflK1+N04ISQR+982aY= -SIZE (exim-4.73.tar.gz) = 2051165 +MD5 (exim-4.75.tar.gz) = 3Z7b10zfOjwwa5QwfgZoLA== +RMD160 (exim-4.75.tar.gz) = ShfUyzzG/ttQwFYVm4mrOEHa/EI= +SHA1 (exim-4.75.tar.gz) = Snz69w3c/eWLjmjJiutrYYVrCr0= +SHA256 (exim-4.75.tar.gz) = w8xrxUIvfox770/FBzkTFbPXDVDUwnmznPzji3RLHbM= +SIZE (exim-4.75.tar.gz) = 2064581 Index: patches/patch-src_log_c === RCS file: patches/patch-src_log_c diff -N patches/patch-src_log_c --- patches/patch-src_log_c 7 Feb 2011 16:01:26 - 1.1 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,41 +0,0 @@ -$OpenBSD: patch-src_log_c,v 1.1 2011/02/07 16:01:26 jasper Exp $ - -Security fix for CVE-2011-0017 -Privilege escalation from exim run-time user to root. - -Patch extracted from exim 3.74. - src/log.c.orig Sun Dec 26 19:17:23 2010 -+++ src/log.c Mon Feb 7 14:11:37 2011 -@@ -361,17 +361,26 @@ are neither exim nor root, creation is not attempted. - - else if (euid == root_uid) - { -- int status; -+ int status, rv; - pid_t pid = fork(); - - /* In the subprocess, change uid/gid and do the creation. Return 0 from the -- subprocess on success. There doesn't seem much point in testing for setgid -- and setuid errors. */ -+ subprocess on success. If we don't check for setuid failures, then the file -+ can be created as root, so vulnerabilities which cause setuid to fail mean -+ that the Exim user can use symlinks to cause a file to be opened/created as -+ root. We always open for append, so can't nuke existing content but it would -+ still be Rather Bad. */ - - if (pid == 0) - { --(void)setgid(exim_gid); --(void)setuid(exim_uid); -+rv = setgid(exim_gid); -+if (rv) -+ die(USexim: setgid for log-file creation failed, aborting, -+ USUnexpected log failure, please try later); -+rv = setuid(exim_uid); -+if (rv) -+ die(USexim: setuid for log-file creation failed, aborting, -+ USUnexpected log failure, please try later); - _exit((create_log(buffer) 0)? 1 : 0); - } -
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: f...@cvs.openbsd.org2011/01/11 22:45:29 Modified files: mail/exim : Makefile distinfo mail/exim/files: Makefile Log message: update to exim 4.73. While this resolves CVE-2010-4344 and CVE-2010-4345, the first was actually fixed in exim 4.70 and the latter is a no-issue on OpenBSD due to it always being built with ALT_CONFIG_ROOT_ONLY. with input from Andreas Voegele ok sthen@, jasper@
Re: exim Update to 4.73 (security)
On Fri, Jan 07, 2011 at 08:39:13AM +0100, Andreas Vögele wrote: attached is a diff to update to exim 4.73. I saw no regression here, however exim has a few variations, so I'm happy about any feedback. Works fine here on i386 without flavours. I've attached a patch for files/Makefile that brings the file in line with src/EDITME. thanks! If noone objects, I would go ahead and commit this tomorrow. felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - f...@silc|irc - @felixkronlage - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas signature.asc Description: Digital signature
exim Update to 4.73 (security)
Hi, attached is a diff to update to exim 4.73. I saw no regression here, however exim has a few variations, so I'm happy about any feedback. felix These are the changes: - This is primarily a security and bug fix release. The changes involved are:- 1. TWO MAJOR SECURITY FIXES:- + CVE-2010-4344 exim remote code execution flaw + CVE-2010-4345 exim privilege escalation 2. Improvements to OpenSSL support. 3. Convert to a more recent Clam/AV API. 4. Additional improvements to DKIM support 5. Remove reliance on C99 va_copy() CVE-2010-4344 was actually resolved by a fix in release 4.70, but not identified at the time as a security issue. Changes have been made in release 4.73 to resolve CVE-2010-4345. We recommend that users should migrate to 4.73 as soon as possible, however some distributions are instead using older releases with specific patches for these issues. - -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - f...@silc|irc - @felixkronlage - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas Index: Makefile === RCS file: /data/cvsmirror/src/openbsd/ports/mail/exim/Makefile,v retrieving revision 1.78 diff -u -r1.78 Makefile --- Makefile 19 Nov 2010 07:23:06 - 1.78 +++ Makefile 6 Jan 2011 12:05:47 - @@ -3,7 +3,7 @@ CATEGORIES = mail COMMENT-main = flexible mail transfer agent COMMENT-eximon = X11 monitor tool for Exim MTA -VERSION = 4.72 +VERSION = 4.73 DISTNAME = exim-${VERSION} PKGNAME-main = exim-${VERSION} FULLPKGNAME-eximon = exim-eximon-${VERSION} Index: distinfo === RCS file: /data/cvsmirror/src/openbsd/ports/mail/exim/distinfo,v retrieving revision 1.18 diff -u -r1.18 distinfo --- distinfo 15 Jun 2010 08:43:30 - 1.18 +++ distinfo 6 Jan 2011 12:05:47 - @@ -1,5 +1,5 @@ -MD5 (exim-4.72.tar.gz) = 7194OZ63W4TqRT6PhyLi0g== -RMD160 (exim-4.72.tar.gz) = YALNEuEg7cEeTq3CDMwczNYW6To= -SHA1 (exim-4.72.tar.gz) = JhwCyVtNOq2nOECwH4NuaHSEHEQ= -SHA256 (exim-4.72.tar.gz) = Apx+eEF8a5kcilBeMphUztTBU7A8UcFXSOWwI+aRv8s= -SIZE (exim-4.72.tar.gz) = 2009776 +MD5 (exim-4.73.tar.gz) = 9j+ymqDEobjJjWlfHIJBdA== +RMD160 (exim-4.73.tar.gz) = 81TEbqA2h/yXFcXSKMMybxNqtiw= +SHA1 (exim-4.73.tar.gz) = QaICWyUOISvz1okNxmNu60+gh7k= +SHA256 (exim-4.73.tar.gz) = C6a4ZdUuQwzapZAyLHwbH4tkrflK1+N04ISQR+982aY= +SIZE (exim-4.73.tar.gz) = 2051165
Re: www/ezpublish update to 4.4.0
On Mon, Dec 06, 2010 at 12:13:17PM +, Stuart Henderson wrote: Hi, So the new tpl files (dashboard, page_head_script, page_head_style, etc in design/admin, and a whole load of new files in design/admin2) aren't writable by the webserver whereas other files are. I haven't looked to see whether it makes sense for these to be writable, but it doesn't look like they should be any different to the other files in the directory. ack. Jasper also mailed me a hint regarding this. I'd suggest maybe doing a chown/chmod -R in the do-install stage, that way you can just use @owner/@group/@mode in the PLIST for exceptions, which generally makes it easier to update things in the future (then you generally won't need to tweak the output from make plist). yeah, that makes sense. I will resend the diff this afternoon. thanks for the feedback, felix
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: f...@cvs.openbsd.org2010/11/10 06:50:04 Modified files: net/openvpn: Makefile distinfo net/openvpn/patches: patch-configure patch-route_c Log message: update to openvpn 2.1.4, which is a bug fix release only. ok dcoppa@, benoit@
Update OpenVPN to 2.1.4
Hi, this diff updates openvpn to version 2.1.4, which is a bug-fix release. Furthermore with this release, upstream changed the location of the distfile. OK? felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - f...@silc|irc - @felixkronlage - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas Index: Makefile === RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.31 diff -u -r1.31 Makefile --- Makefile30 Aug 2010 18:32:20 - 1.31 +++ Makefile9 Nov 2010 20:10:00 - @@ -2,7 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -VERSION= 2.1.2 +VERSION= 2.1.4 DISTNAME= openvpn-${VERSION} REVISION= 0 CATEGORIES=net security @@ -19,7 +19,7 @@ WANTLIB= c crypto ssl pthread -MASTER_SITES= ${HOMEPAGE}/release/ +MASTER_SITES= http://swupdate.openvpn.net/community/releases/ LIB_DEPENDS= lzo2::archivers/lzo2 Index: distinfo === RCS file: /cvs/ports/net/openvpn/distinfo,v retrieving revision 1.20 diff -u -r1.20 distinfo --- distinfo30 Aug 2010 18:32:20 - 1.20 +++ distinfo9 Nov 2010 20:10:00 - @@ -1,5 +1,5 @@ -MD5 (openvpn-2.1.2.tar.gz) = VDow2vze/h1nwOR7gHQXVQ== -RMD160 (openvpn-2.1.2.tar.gz) = XZYGv4sLpxbWjvE8gaPoTYtambM= -SHA1 (openvpn-2.1.2.tar.gz) = Ah+Ai7p5viOL0KOM/Li5LdBLhaM= -SHA256 (openvpn-2.1.2.tar.gz) = Nuw3uhe1Nraao0WaiRwVvmIY8coOwynfi36mO7aV4VM= -SIZE (openvpn-2.1.2.tar.gz) = 861104 +MD5 (openvpn-2.1.4.tar.gz) = lqEYaAgmhYAkiSVPA/873g== +RMD160 (openvpn-2.1.4.tar.gz) = PUvi/mJYg1mDcNdOj32SdOtApjY= +SHA1 (openvpn-2.1.4.tar.gz) = B8WcW4m3YnYb/hppl+yEcnn1oto= +SHA256 (openvpn-2.1.4.tar.gz) = Z/545d74LUTSrU72/G2HkBGVhJ0QtrPKuB+gMlf1KvU= +SIZE (openvpn-2.1.4.tar.gz) = 863726 Index: patches/patch-configure === RCS file: /cvs/ports/net/openvpn/patches/patch-configure,v retrieving revision 1.2 diff -u -r1.2 patch-configure --- patches/patch-configure 10 Oct 2009 13:35:34 - 1.2 +++ patches/patch-configure 9 Nov 2010 20:10:00 - @@ -1,12 +1,12 @@ $OpenBSD: patch-configure,v 1.2 2009/10/10 13:35:34 sthen Exp $ configure.orig Wed Oct 7 13:11:23 2009 -+++ configure Sat Oct 10 15:33:07 2009 -@@ -10373,8 +10373,6 @@ if test x$acx_pthread_ok = xyes; then +--- configure.orig Thu Nov 4 20:37:13 2010 configure Fri Nov 5 21:20:33 2010 +@@ -11658,8 +11658,6 @@ if test x$acx_pthread_ok = xyes; then case $target in *openbsd*) -- { echo $as_me:$LINENO: result: WARNING: pthread support on OpenBSD is unstable! 5 --echo ${ECHO_T}WARNING: pthread support on OpenBSD is unstable! 6; } +- { $as_echo $as_me:$LINENO: result: WARNING: pthread support on OpenBSD is unstable! 5 +-$as_echo WARNING: pthread support on OpenBSD is unstable! 6; } CFLAGS=$CFLAGS -pthread ;; esac Index: patches/patch-route_c === RCS file: /cvs/ports/net/openvpn/patches/patch-route_c,v retrieving revision 1.4 diff -u -r1.4 patch-route_c --- patches/patch-route_c 30 Aug 2010 18:32:20 - 1.4 +++ patches/patch-route_c 9 Nov 2010 20:10:00 - @@ -1,7 +1,7 @@ $OpenBSD: patch-route_c,v 1.4 2010/08/30 18:32:20 fkr Exp $ route.c.orig Mon Jul 12 03:54:09 2010 -+++ route.cSun Aug 22 16:10:24 2010 -@@ -1946,7 +1946,7 @@ get_default_gateway (in_addr_t *ret, in_addr_t *netmas +--- route.c.orig Thu Nov 4 20:29:40 2010 route.cFri Nov 5 21:12:15 2010 +@@ -1948,7 +1948,7 @@ get_default_gateway (in_addr_t *ret, in_addr_t *netmas } } @@ -10,7 +10,7 @@ #include sys/types.h #include sys/socket.h -@@ -1995,6 +1995,169 @@ struct rt_msghdr { +@@ -1997,6 +1997,169 @@ struct rt_msghdr { int rtm_errno; /* why failed */ int rtm_use;/* from rtentry */ u_long rtm_inits; /* which metrics we are initializing */
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: f...@cvs.openbsd.org2010/08/30 12:32:20 Modified files: net/openvpn: Makefile distinfo net/openvpn/patches: patch-init_c patch-openvpn_8 patch-options_c patch-options_h patch-route_c patch-sample-config-files_client_conf patch-sample-config-files_server_conf patch-sample-config-files_static-home_conf patch-sample-config-files_static-office_conf patch-sample-config-files_tls-home_conf patch-sample-config-files_tls-office_conf patch-socket_c net/openvpn/pkg: PLIST Log message: update to OpenVPN 2.1.2 while here, enable dropping to _openvpn user in the sample configs. ok and feedback ajacoutot@
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: f...@cvs.openbsd.org2010/08/30 12:33:45 Modified files: net/openvpn_bsdauth: Makefile distinfo net/openvpn_bsdauth/pkg: PLIST Removed files: net/openvpn_bsdauth/patches: patch-openvpn_bsdauth_8 Log message: update to newest version of the openvpn bsdauth plugin ok ajacoutot@
update to openvpn-bsdauth
Hi, this is an updated to the newest version of the bsdauth plugin for OpenVPN. It fixes some regressions because of changes in OpenVPN (even prior to the 2.1.2 release). The patch goes away as the change has been incorporated upstream. felix Index: Makefile === RCS file: /cvs/ports/net/openvpn_bsdauth/Makefile,v retrieving revision 1.6 diff -u -r1.6 Makefile --- Makefile12 Jul 2010 22:07:39 - 1.6 +++ Makefile28 Aug 2010 07:45:14 - @@ -2,7 +2,7 @@ COMMENT = BSD Auth helper program for OpenVPN -DISTNAME = openvpn_bsdauth-5 +DISTNAME = openvpn_bsdauth-7 REVISION= 0 CATEGORIES = net HOMEPAGE = http://www.wormhole.hu/~ice/openvpn_bsdauth/ Index: distinfo === RCS file: /cvs/ports/net/openvpn_bsdauth/distinfo,v retrieving revision 1.2 diff -u -r1.2 distinfo --- distinfo30 Dec 2009 01:11:05 - 1.2 +++ distinfo28 Aug 2010 07:45:14 - @@ -1,5 +1,5 @@ -MD5 (openvpn_bsdauth-5.tar.gz) = RsH/qXLr5cSzkcvhEJxpUA== -RMD160 (openvpn_bsdauth-5.tar.gz) = AnCDf7TJwIrrhZA6nVOslI2Hwz8= -SHA1 (openvpn_bsdauth-5.tar.gz) = 8uD20HeqxvJavAmnjIubUB4WOF4= -SHA256 (openvpn_bsdauth-5.tar.gz) = J6Qnc2hmyRDNQbcQY57oqm8N9/objfBGhHSwl+uCBb4= -SIZE (openvpn_bsdauth-5.tar.gz) = 3089 +MD5 (openvpn_bsdauth-7.tar.gz) = sn0cSNmSzYkFSj03dg0xIA== +RMD160 (openvpn_bsdauth-7.tar.gz) = 0L5ZiP1xpgk6PlXdaCSWC4FWC90= +SHA1 (openvpn_bsdauth-7.tar.gz) = Mgju4gdxeUwnLXdfJKGh0JVRUgo= +SHA256 (openvpn_bsdauth-7.tar.gz) = IisNxJ0cHXdW+ACtksjXgK3ynrcUXxNPjOVvTflDKII= +SIZE (openvpn_bsdauth-7.tar.gz) = 3037 Index: patches/patch-openvpn_bsdauth_8 === RCS file: patches/patch-openvpn_bsdauth_8 diff -N patches/patch-openvpn_bsdauth_8 --- patches/patch-openvpn_bsdauth_8 3 Apr 2010 21:13:05 - 1.1 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,12 +0,0 @@ -$OpenBSD: patch-openvpn_bsdauth_8,v 1.1 2010/04/03 21:13:05 schwarze Exp $ openvpn_bsdauth.8.orig Sat Apr 3 20:58:49 2010 -+++ openvpn_bsdauth.8 Sat Apr 3 21:01:27 2010 -@@ -19,7 +19,7 @@ - .Nd Authenticate users for OpenVPN - .Sh SYNOPSYS - .Nm --.Oo Xo Ar file Oc Xc -+.Op Ar file - .Sh DESCRIPTION - .Nm - is invoked by OpenVPN to authenticate a user by checking a username and a Index: pkg/PLIST === RCS file: /cvs/ports/net/openvpn_bsdauth/pkg/PLIST,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 PLIST --- pkg/PLIST 20 Nov 2007 21:34:19 - 1.1.1.1 +++ pkg/PLIST 28 Aug 2010 07:45:14 - @@ -3,7 +3,7 @@ @mode 2550 @owner _openvpn @group auth -libexec/openvpn_bsdauth +...@bin libexec/openvpn_bsdauth @mode @owner @group -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - f...@silc|irc - @felixkronlage - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas
Re: Update to OpenVPN 2.1.2
On Fri, Aug 27, 2010 at 08:50:20AM +0200, Antoine Jacoutot wrote: Hey! In the following files, the default user/group is changed from nobody to _openvpn. That is nice but since the option is commented, this is not getting picked up by default. Is there any drawback in uncommenting it so that _openvpn:_openvpn is used by default? indeed a very good point. Updated diff. thanks a lot for the hint! felix Index: Makefile === RCS file: /data/cvsmirror/src/openbsd/ports/net/openvpn/Makefile,v retrieving revision 1.30 diff -u -r1.30 Makefile --- Makefile12 Jul 2010 22:07:39 - 1.30 +++ Makefile27 Aug 2010 07:11:14 - @@ -2,7 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -VERSION= 2.1.0 +VERSION= 2.1.2 DISTNAME= openvpn-${VERSION} REVISION= 0 CATEGORIES=net security Index: distinfo === RCS file: /data/cvsmirror/src/openbsd/ports/net/openvpn/distinfo,v retrieving revision 1.19 diff -u -r1.19 distinfo --- distinfo11 Dec 2009 23:05:37 - 1.19 +++ distinfo27 Aug 2010 07:11:14 - @@ -1,5 +1,5 @@ -MD5 (openvpn-2.1.0.tar.gz) = RSqDMmrhmM+WHprgJTnI+w== -RMD160 (openvpn-2.1.0.tar.gz) = Ope52zG8SChnbEnuGKy9BttTx1o= -SHA1 (openvpn-2.1.0.tar.gz) = 3G/1saFOTtuF7JKTCxDk7l6NA7M= -SHA256 (openvpn-2.1.0.tar.gz) = ZjT4lXUECxmHoeeTtdb+2xEIgAfrFQ29q0qM/fPAaG4= -SIZE (openvpn-2.1.0.tar.gz) = 879876 +MD5 (openvpn-2.1.2.tar.gz) = VDow2vze/h1nwOR7gHQXVQ== +RMD160 (openvpn-2.1.2.tar.gz) = XZYGv4sLpxbWjvE8gaPoTYtambM= +SHA1 (openvpn-2.1.2.tar.gz) = Ah+Ai7p5viOL0KOM/Li5LdBLhaM= +SHA256 (openvpn-2.1.2.tar.gz) = Nuw3uhe1Nraao0WaiRwVvmIY8coOwynfi36mO7aV4VM= +SIZE (openvpn-2.1.2.tar.gz) = 861104 Index: patches/patch-init_c === RCS file: /data/cvsmirror/src/openbsd/ports/net/openvpn/patches/patch-init_c,v retrieving revision 1.2 diff -u -r1.2 patch-init_c --- patches/patch-init_c8 Jul 2010 09:18:25 - 1.2 +++ patches/patch-init_c27 Aug 2010 07:11:14 - @@ -1,7 +1,7 @@ $OpenBSD: patch-init_c,v 1.2 2010/07/08 09:18:25 fkr Exp $ init.c.origThu Oct 1 20:02:18 2009 -+++ init.c Thu Jul 8 07:15:30 2010 -@@ -2216,6 +2216,7 @@ do_init_socket_1 (struct context *c, const int mode) +--- init.c.origWed Jul 21 21:08:41 2010 init.c Sun Aug 22 16:10:23 2010 +@@ -2451,6 +2451,7 @@ do_init_socket_1 (struct context *c, const int mode) c-options.mtu_discover_type, c-options.rcvbuf, c-options.sndbuf, Index: patches/patch-openvpn_8 === RCS file: /data/cvsmirror/src/openbsd/ports/net/openvpn/patches/patch-openvpn_8,v retrieving revision 1.2 diff -u -r1.2 patch-openvpn_8 --- patches/patch-openvpn_8 8 Jul 2010 09:18:25 - 1.2 +++ patches/patch-openvpn_8 27 Aug 2010 07:11:14 - @@ -1,7 +1,7 @@ $OpenBSD: patch-openvpn_8,v 1.2 2010/07/08 09:18:25 fkr Exp $ openvpn.8.orig Fri Dec 11 09:04:24 2009 -+++ openvpn.8 Thu Jul 8 07:32:55 2010 -@@ -1313,6 +1313,11 @@ on both client and server for maximum effect. +--- openvpn.8.orig Tue Aug 10 19:27:02 2010 openvpn.8 Sun Aug 22 16:10:23 2010 +@@ -1326,6 +1326,11 @@ on both client and server for maximum effect. Currently defaults to 100. .\* .TP Index: patches/patch-options_c === RCS file: /data/cvsmirror/src/openbsd/ports/net/openvpn/patches/patch-options_c,v retrieving revision 1.2 diff -u -r1.2 patch-options_c --- patches/patch-options_c 8 Jul 2010 09:18:25 - 1.2 +++ patches/patch-options_c 27 Aug 2010 07:11:14 - @@ -1,7 +1,7 @@ $OpenBSD: patch-options_c,v 1.2 2010/07/08 09:18:25 fkr Exp $ options.c.orig Fri Dec 11 09:09:39 2009 -+++ options.c Thu Jul 8 07:15:14 2010 -@@ -250,6 +250,7 @@ static const char usage_message[] = +--- options.c.orig Tue Jul 27 23:44:34 2010 options.c Sun Aug 22 16:10:23 2010 +@@ -254,6 +254,7 @@ static const char usage_message[] = --sndbuf size : Set the TCP/UDP send buffer size.\n --rcvbuf size : Set the TCP/UDP receive buffer size.\n --txqueuelen n : Set the tun/tap TX queue length to n (Linux only).\n @@ -9,7 +9,7 @@ --mlock : Disable Paging -- ensures key material and tunnel\n data will never be written to disk.\n --up cmd: Shell cmd to execute after successful tun device open.\n -@@ -1253,6 +1254,7 @@ show_settings (const struct options *o) +@@ -1261,6 +1262,7 @@ show_settings (const struct options *o) #endif SHOW_INT (rcvbuf); SHOW_INT (sndbuf); @@ -17,7 +17,7 @@ SHOW_INT (sockflags); SHOW_BOOL (fast_io);
Update to OpenVPN 2.1.2
Hi, here is an updated to openvpn 2.1.2. Changes are listed here: url: http://openvpn.net/index.php/open-source/documentation/change-log/71-21-change-log.html felix Index: Makefile === RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.30 diff -u -r1.30 Makefile --- Makefile12 Jul 2010 22:07:39 - 1.30 +++ Makefile26 Aug 2010 06:37:12 - @@ -2,7 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -VERSION= 2.1.0 +VERSION= 2.1.2 DISTNAME= openvpn-${VERSION} REVISION= 0 CATEGORIES=net security Index: distinfo === RCS file: /cvs/ports/net/openvpn/distinfo,v retrieving revision 1.19 diff -u -r1.19 distinfo --- distinfo11 Dec 2009 23:05:37 - 1.19 +++ distinfo26 Aug 2010 06:37:12 - @@ -1,5 +1,5 @@ -MD5 (openvpn-2.1.0.tar.gz) = RSqDMmrhmM+WHprgJTnI+w== -RMD160 (openvpn-2.1.0.tar.gz) = Ope52zG8SChnbEnuGKy9BttTx1o= -SHA1 (openvpn-2.1.0.tar.gz) = 3G/1saFOTtuF7JKTCxDk7l6NA7M= -SHA256 (openvpn-2.1.0.tar.gz) = ZjT4lXUECxmHoeeTtdb+2xEIgAfrFQ29q0qM/fPAaG4= -SIZE (openvpn-2.1.0.tar.gz) = 879876 +MD5 (openvpn-2.1.2.tar.gz) = VDow2vze/h1nwOR7gHQXVQ== +RMD160 (openvpn-2.1.2.tar.gz) = XZYGv4sLpxbWjvE8gaPoTYtambM= +SHA1 (openvpn-2.1.2.tar.gz) = Ah+Ai7p5viOL0KOM/Li5LdBLhaM= +SHA256 (openvpn-2.1.2.tar.gz) = Nuw3uhe1Nraao0WaiRwVvmIY8coOwynfi36mO7aV4VM= +SIZE (openvpn-2.1.2.tar.gz) = 861104 Index: patches/patch-init_c === RCS file: /cvs/ports/net/openvpn/patches/patch-init_c,v retrieving revision 1.2 diff -u -r1.2 patch-init_c --- patches/patch-init_c8 Jul 2010 09:18:25 - 1.2 +++ patches/patch-init_c26 Aug 2010 06:37:12 - @@ -1,7 +1,7 @@ $OpenBSD: patch-init_c,v 1.2 2010/07/08 09:18:25 fkr Exp $ init.c.origThu Oct 1 20:02:18 2009 -+++ init.c Thu Jul 8 07:15:30 2010 -@@ -2216,6 +2216,7 @@ do_init_socket_1 (struct context *c, const int mode) +--- init.c.origWed Jul 21 21:08:41 2010 init.c Sun Aug 22 16:10:23 2010 +@@ -2451,6 +2451,7 @@ do_init_socket_1 (struct context *c, const int mode) c-options.mtu_discover_type, c-options.rcvbuf, c-options.sndbuf, Index: patches/patch-openvpn_8 === RCS file: /cvs/ports/net/openvpn/patches/patch-openvpn_8,v retrieving revision 1.2 diff -u -r1.2 patch-openvpn_8 --- patches/patch-openvpn_8 8 Jul 2010 09:18:25 - 1.2 +++ patches/patch-openvpn_8 26 Aug 2010 06:37:12 - @@ -1,7 +1,7 @@ $OpenBSD: patch-openvpn_8,v 1.2 2010/07/08 09:18:25 fkr Exp $ openvpn.8.orig Fri Dec 11 09:04:24 2009 -+++ openvpn.8 Thu Jul 8 07:32:55 2010 -@@ -1313,6 +1313,11 @@ on both client and server for maximum effect. +--- openvpn.8.orig Tue Aug 10 19:27:02 2010 openvpn.8 Sun Aug 22 16:10:23 2010 +@@ -1326,6 +1326,11 @@ on both client and server for maximum effect. Currently defaults to 100. .\* .TP Index: patches/patch-options_c === RCS file: /cvs/ports/net/openvpn/patches/patch-options_c,v retrieving revision 1.2 diff -u -r1.2 patch-options_c --- patches/patch-options_c 8 Jul 2010 09:18:25 - 1.2 +++ patches/patch-options_c 26 Aug 2010 06:37:12 - @@ -1,7 +1,7 @@ $OpenBSD: patch-options_c,v 1.2 2010/07/08 09:18:25 fkr Exp $ options.c.orig Fri Dec 11 09:09:39 2009 -+++ options.c Thu Jul 8 07:15:14 2010 -@@ -250,6 +250,7 @@ static const char usage_message[] = +--- options.c.orig Tue Jul 27 23:44:34 2010 options.c Sun Aug 22 16:10:23 2010 +@@ -254,6 +254,7 @@ static const char usage_message[] = --sndbuf size : Set the TCP/UDP send buffer size.\n --rcvbuf size : Set the TCP/UDP receive buffer size.\n --txqueuelen n : Set the tun/tap TX queue length to n (Linux only).\n @@ -9,7 +9,7 @@ --mlock : Disable Paging -- ensures key material and tunnel\n data will never be written to disk.\n --up cmd: Shell cmd to execute after successful tun device open.\n -@@ -1253,6 +1254,7 @@ show_settings (const struct options *o) +@@ -1261,6 +1262,7 @@ show_settings (const struct options *o) #endif SHOW_INT (rcvbuf); SHOW_INT (sndbuf); @@ -17,7 +17,7 @@ SHOW_INT (sockflags); SHOW_BOOL (fast_io); -@@ -3989,6 +3991,11 @@ add_option (struct options *options, +@@ -4169,6 +4171,11 @@ add_option (struct options *options, { VERIFY_PERMISSION (OPT_P_SOCKBUF); options-sndbuf = positive_atoi (p[1]); Index: patches/patch-options_h === RCS file:
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs/ Module name:ports Changes by: f...@cvs.openbsd.org2010/07/08 03:18:25 Modified files: net/openvpn: Makefile net/openvpn/patches: patch-init_c patch-openvpn_8 patch-options_c patch-options_h patch-socket_c patch-socket_h Log message: unbreak and adopt to the changes to rdomains/rtables in -current. feedback and ok sthen@
Re: BROKEN: net/openvpn
Hi, here is the fixed update to follow the changes in -current irt routing tables/domains. felix Index: patches/patch-init_c === RCS file: /cvs//ports/net/openvpn/patches/patch-init_c,v retrieving revision 1.1 diff -u -r1.1 patch-init_c --- patches/patch-init_c26 Nov 2009 22:55:27 - 1.1 +++ patches/patch-init_c8 Jul 2010 05:42:54 - @@ -1,11 +1,11 @@ $OpenBSD: patch-init_c,v 1.1 2009/11/26 22:55:27 fkr Exp $ init.c.origThu Oct 1 18:02:18 2009 -+++ init.c Thu Oct 29 18:44:33 2009 +--- init.c.origThu Oct 1 20:02:18 2009 init.c Thu Jul 8 07:15:30 2010 @@ -2216,6 +2216,7 @@ do_init_socket_1 (struct context *c, const int mode) c-options.mtu_discover_type, c-options.rcvbuf, c-options.sndbuf, -+ c-options.rdomain, ++ c-options.rtable, sockflags); } Index: patches/patch-openvpn_8 === RCS file: /cvs//ports/net/openvpn/patches/patch-openvpn_8,v retrieving revision 1.1 diff -u -r1.1 patch-openvpn_8 --- patches/patch-openvpn_8 26 Nov 2009 22:55:27 - 1.1 +++ patches/patch-openvpn_8 8 Jul 2010 05:42:54 - @@ -1,12 +1,12 @@ $OpenBSD: patch-openvpn_8,v 1.1 2009/11/26 22:55:27 fkr Exp $ openvpn.8.orig Sat Nov 21 00:02:43 2009 -+++ openvpn.8 Fri Nov 20 23:45:31 2009 +--- openvpn.8.orig Fri Dec 11 09:04:24 2009 openvpn.8 Thu Jul 8 07:32:55 2010 @@ -1313,6 +1313,11 @@ on both client and server for maximum effect. Currently defaults to 100. .\* .TP -+.B --rdomain n -+(OpenBSD only) Set the routing domain. ++.B --rtable n ++(OpenBSD only) Set the routing table. +Defaults to 0. +.\* +.TP Index: patches/patch-options_c === RCS file: /cvs//ports/net/openvpn/patches/patch-options_c,v retrieving revision 1.1 diff -u -r1.1 patch-options_c --- patches/patch-options_c 26 Nov 2009 22:55:27 - 1.1 +++ patches/patch-options_c 8 Jul 2010 05:42:54 - @@ -1,11 +1,11 @@ $OpenBSD: patch-options_c,v 1.1 2009/11/26 22:55:27 fkr Exp $ options.c.orig Fri Nov 20 13:09:14 2009 -+++ options.c Fri Nov 20 23:38:08 2009 +--- options.c.orig Fri Dec 11 09:09:39 2009 options.c Thu Jul 8 07:15:14 2010 @@ -250,6 +250,7 @@ static const char usage_message[] = --sndbuf size : Set the TCP/UDP send buffer size.\n --rcvbuf size : Set the TCP/UDP receive buffer size.\n --txqueuelen n : Set the tun/tap TX queue length to n (Linux only).\n -+ --rdomain n : Set the routing domain (default=0, OpenBSD only)\n ++ --rtable n : Set the routing table (default=0, OpenBSD only)\n --mlock : Disable Paging -- ensures key material and tunnel\n data will never be written to disk.\n --up cmd: Shell cmd to execute after successful tun device open.\n @@ -13,7 +13,7 @@ #endif SHOW_INT (rcvbuf); SHOW_INT (sndbuf); -+ SHOW_INT (rdomain); ++ SHOW_INT (rtable); SHOW_INT (sockflags); SHOW_BOOL (fast_io); @@ -22,10 +22,10 @@ VERIFY_PERMISSION (OPT_P_SOCKBUF); options-sndbuf = positive_atoi (p[1]); +} -+ else if (streq (p[0], rdomain) p[1]) ++ else if (streq (p[0], rtable) p[1]) +{ + VERIFY_PERMISSION (OPT_P_SOCKFLAGS); -+ options-rdomain = positive_atoi (p[1]); ++ options-rtable = positive_atoi (p[1]); } else if (streq (p[0], socket-flags)) { Index: patches/patch-options_h === RCS file: /cvs//ports/net/openvpn/patches/patch-options_h,v retrieving revision 1.1 diff -u -r1.1 patch-options_h --- patches/patch-options_h 26 Nov 2009 22:55:27 - 1.1 +++ patches/patch-options_h 8 Jul 2010 05:42:54 - @@ -1,12 +1,12 @@ $OpenBSD: patch-options_h,v 1.1 2009/11/26 22:55:27 fkr Exp $ options.h.orig Thu Oct 1 18:02:18 2009 -+++ options.h Thu Oct 29 18:44:33 2009 +--- options.h.orig Thu Oct 1 20:02:18 2009 options.h Thu Jul 8 07:32:35 2010 @@ -285,6 +285,9 @@ struct options int rcvbuf; int sndbuf; + /* routing domain */ -+ int rdomain; ++ int rtable; + /* socket flags */ unsigned int sockflags; Index: patches/patch-socket_c === RCS file: /cvs//ports/net/openvpn/patches/patch-socket_c,v retrieving revision 1.1 diff -u -r1.1 patch-socket_c --- patches/patch-socket_c 26 Nov 2009 22:55:27 - 1.1 +++ patches/patch-socket_c 8 Jul 2010 05:42:54 - @@ -1,20 +1,20 @@ $OpenBSD: patch-socket_c,v 1.1 2009/11/26 22:55:27 fkr
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: f...@cvs.openbsd.org2010/06/15 02:43:30 Modified files: mail/exim : Makefile distinfo mail/exim/pkg : PLIST-eximon Log message: Update exim to version 4.72. This includes security fixes for CVE-2010-2023 and CVE-2010-2024. ok bernd@, sthen@
exim update to version 4.72 (security fix)
Hi, here is an update to exim version 4.72, that includes (among fixes to the DKIM support) the security fix against the race condition on mbx locking (CVE-2010-2024). I'd be happy if people here could give this a spin in their various exim installations. thanks! felix Index: Makefile === RCS file: /cvs/ports/mail/exim/Makefile,v retrieving revision 1.72 diff -u -r1.72 Makefile --- Makefile2 Feb 2010 20:23:30 - 1.72 +++ Makefile14 Jun 2010 12:50:13 - @@ -3,10 +3,10 @@ CATEGORIES = mail COMMENT-main = flexible mail transfer agent COMMENT-eximon = X11 monitor tool for Exim MTA -VERSION = 4.71 +VERSION = 4.72 DISTNAME = exim-${VERSION} -PKGNAME-main = exim-${VERSION}p0 -FULLPKGNAME-eximon = exim-eximon-${VERSION}p1 +PKGNAME-main = exim-${VERSION} +FULLPKGNAME-eximon = exim-eximon-${VERSION} FULLPKGPATH-eximon = ${PKGPATH},-eximon MASTER_SITES = ftp://ftp.exim.org/pub/exim/exim4/ \ http://mirror.switch.ch/ftp/mirror/exim/exim/exim4/ \ Index: distinfo === RCS file: /cvs/ports/mail/exim/distinfo,v retrieving revision 1.17 diff -u -r1.17 distinfo --- distinfo15 Dec 2009 11:32:18 - 1.17 +++ distinfo14 Jun 2010 12:50:13 - @@ -1,5 +1,5 @@ -MD5 (exim-4.71.tar.gz) = JVU4GNyjPfBvBoyvseDo6A== -RMD160 (exim-4.71.tar.gz) = jBXMJ1syAD07Vi/L63B5BU8oKK0= -SHA1 (exim-4.71.tar.gz) = gZjHCJK6jOGhxVCw0ZvHWQgUxTU= -SHA256 (exim-4.71.tar.gz) = NvdpRKn4mPrSxk4mjVS9dl5hm+BgzbAyBVP8Kh9L8v4= -SIZE (exim-4.71.tar.gz) = 2002790 +MD5 (exim-4.72.tar.gz) = 7194OZ63W4TqRT6PhyLi0g== +RMD160 (exim-4.72.tar.gz) = YALNEuEg7cEeTq3CDMwczNYW6To= +SHA1 (exim-4.72.tar.gz) = JhwCyVtNOq2nOECwH4NuaHSEHEQ= +SHA256 (exim-4.72.tar.gz) = Apx+eEF8a5kcilBeMphUztTBU7A8UcFXSOWwI+aRv8s= +SIZE (exim-4.72.tar.gz) = 2009776 Index: pkg/PLIST-eximon === RCS file: /cvs/ports/mail/exim/pkg/PLIST-eximon,v retrieving revision 1.1 diff -u -r1.1 PLIST-eximon --- pkg/PLIST-eximon15 Dec 2009 11:32:18 - 1.1 +++ pkg/PLIST-eximon14 Jun 2010 12:50:13 - @@ -1,4 +1,4 @@ @comment $OpenBSD: PLIST-eximon,v 1.1 2009/12/15 11:32:18 sthen Exp $ @conflict exim-4.71 bin/eximon -bin/eximon.bin +...@bin bin/eximon.bin -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - f...@silc|irc - @felixkronlage - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas
Re: net/openvpn_bsdauth, was: mandoc errors in ports
On Sat, Apr 03, 2010 at 09:16:23PM +0200, Ingo Schwarze wrote: Hi, net/openvpn_bsdauth openvpn_bsdauth.8:22:16: error: multi-line scope breaks multi-line scope of Xo At least on a short time scale, mandoc(1) will not be able to cope with block nesting errors like the Oo Xo Oc Xc here. In the case at hand, there is no need for explicit blocks at all, so i suggest to commit this and also push it upstream: OK? well, since Tamas (the author of the plugin) only serves OpenBSD with this software, I think it would be better to have the change done upstream. felix (diff from schwarze@) diff -Nup /var/empty/patch-openvpn_bsdauth_8 patches/patch-openvpn_bsdauth_8 --- /var/empty/patch-openvpn_bsdauth_8 Thu Jan 1 01:00:00 1970 +++ patches/patch-openvpn_bsdauth_8 Sat Apr 3 21:03:15 2010 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- openvpn_bsdauth.8.orig Sat Apr 3 20:58:49 2010 openvpn_bsdauth.8 Sat Apr 3 21:01:27 2010 +@@ -19,7 +19,7 @@ + .Nd Authenticate users for OpenVPN + .Sh SYNOPSYS + .Nm +-.Oo Xo Ar file Oc Xc ++.Op Ar file + .Sh DESCRIPTION + .Nm + is invoked by OpenVPN to authenticate a user by checking a username and a Index: Makefile === RCS file: /cvs/ports/net/openvpn_bsdauth/Makefile,v retrieving revision 1.3 diff -u -p -r1.3 Makefile --- Makefile30 Dec 2009 01:11:05 - 1.3 +++ Makefile3 Apr 2010 19:07:42 - @@ -3,6 +3,7 @@ COMMENT = BSD Auth helper program for OpenVPN DISTNAME = openvpn_bsdauth-5 +PKGNAME = ${DISTNAME}p0 CATEGORIES = net HOMEPAGE = http://www.wormhole.hu/~ice/openvpn_bsdauth/ -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - f...@silc|irc - @felixkronlage - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas
Re: UPDATE: exim-4.71
On Sun, Dec 13, 2009 at 11:14:58AM +, Stuart Henderson wrote: This diff breaks pkg_add updates though, which are very important to have working - here's a new diff: [] looks good. Thanks Stuart! felix
Re: UPDATE: exim-4.71
On Fri, Dec 11, 2009 at 11:03:44PM +, Stuart Henderson wrote: * added support for the dovecot-authenticator _as a flavor_; this port is already built 11 times in bulk builds, it doesn't really want any more flavours. I agree. Does anything speak against reducing the number of flavour by: - dropping no_x11 and making a x11 subpackage (as Stuart suggested long time ago) - removing sqlite3 flavor (I don't see the sense in this flavour, the port had it when I took it over from the previous maintainer, but I fail to the see the reason for it.) - removing the no_exiscan flavor - removing iconf flavour, using iconv per se (as also suggested by Bjoern) * added a bit more information to MESSAGE concerning the use of mailwrapper; makes sense. the information about converting from exim 3 can probably be dropped by now to shorten this a bit. I concur. felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - f...@silc|irc - @felixkronlage - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas
Re: UPDATE: exim-4.71
On Sat, Dec 12, 2009 at 01:10:08PM +0100, Björn Ketelaars wrote: * Use of syslog instead of seperate logfiles under /var/spool/exim/logs/. /var/spool/exim/logs is the standard location for the exim logs, I'm not sure I see the reason to change this. What is the reasoning behind this change? felix
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: f...@cvs.openbsd.org2009/10/07 15:44:49 Modified files: net/openvpn: Makefile distinfo Removed files: net/openvpn/patches: patch-ssl_c Log message: update to openvpn 2.1rc20. ok sturm@, bernd@, ajacoutot@
openvpn 2.1rc20
Hi, they still continue with their RC game and since it is not sure, when they will finally release (since this has been going for more thant 1.5 yrs iirc), I might as well bump our port. Test and reports welcome. felix Index: Makefile === RCS file: /data/cvsmirror/src/openbsd/ports/net/openvpn/Makefile,v retrieving revision 1.24 diff -u -r1.24 Makefile --- Makefile24 Jul 2009 14:37:23 - 1.24 +++ Makefile5 Oct 2009 12:43:29 - @@ -2,9 +2,9 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -VERSION= 2.1_rc15 +VERSION= 2.1_rc20 DISTNAME= openvpn-${VERSION} -PKGNAME= ${DISTNAME:S/_//g}p3 +PKGNAME= ${DISTNAME:S/_//g} CATEGORIES=net security HOMEPAGE= http://openvpn.net/ Index: distinfo === RCS file: /data/cvsmirror/src/openbsd/ports/net/openvpn/distinfo,v retrieving revision 1.15 diff -u -r1.15 distinfo --- distinfo27 Nov 2008 11:38:32 - 1.15 +++ distinfo5 Oct 2009 12:43:29 - @@ -1,5 +1,5 @@ -MD5 (openvpn-2.1_rc15.tar.gz) = FKNbBcWhYpLRSVktHa0DAg== -RMD160 (openvpn-2.1_rc15.tar.gz) = kDMxOYFaFoGremrrqbxaAFxalxM= -SHA1 (openvpn-2.1_rc15.tar.gz) = oH+bJJR0KOkF0MQTObntUiNYxnI= -SHA256 (openvpn-2.1_rc15.tar.gz) = Zs/jR9pqsprjnIBSdxQHnNtWmf30U/fgMd0uwBctE6U= -SIZE (openvpn-2.1_rc15.tar.gz) = 833429 +MD5 (openvpn-2.1_rc20.tar.gz) = VSA402mARwRIvx1wHJ7/ww== +RMD160 (openvpn-2.1_rc20.tar.gz) = qIkXA+Xwa7wyipFwi/Pl0nHBoVQ= +SHA1 (openvpn-2.1_rc20.tar.gz) = zUo5DPoIVtXg9ZYYc8RVkOZhfac= +SHA256 (openvpn-2.1_rc20.tar.gz) = nvBRfhzEtyuBzFQ3sPgO25c8V2zl9fecar/849MxQ4s= +SIZE (openvpn-2.1_rc20.tar.gz) = 845185 Index: patches/patch-ssl_c === RCS file: patches/patch-ssl_c diff -N patches/patch-ssl_c --- patches/patch-ssl_c 8 Mar 2009 15:56:52 - 1.1 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,26 +0,0 @@ -$OpenBSD: patch-ssl_c,v 1.1 2009/03/08 15:56:52 martin Exp $ ssl.c.orig Fri Mar 6 13:38:02 2009 -+++ ssl.c Fri Mar 6 13:46:09 2009 -@@ -3398,14 +3398,17 @@ key_method_2_read (struct buffer *buf, struct tls_mult - - if ((session-opt-ssl_flags SSLF_USERNAME_AS_COMMON_NAME)) - set_common_name (session, up-username); --msg (D_HANDSHAKE, TLS: Username/Password authentication %s for username '%s' %s, - #ifdef ENABLE_DEF_AUTH -- ks-auth_deferred ? deferred : succeeded, -+msg (D_HANDSHAKE, -+ TLS: Username/Password authentication %s for username '%s' %s, -+ ks-auth_deferred ? deferred : succeeded, up-username, -+ (session-opt-ssl_flags SSLF_USERNAME_AS_COMMON_NAME) ? [CN SET] : ); - #else -- succeeded, -+msg (D_HANDSHAKE, -+ TLS: Username/Password authentication %s for username '%s' %s, -+ succeeded, up-username, -+ (session-opt-ssl_flags SSLF_USERNAME_AS_COMMON_NAME) ? [CN SET] : ); - #endif -- up-username, -- (session-opt-ssl_flags SSLF_USERNAME_AS_COMMON_NAME) ? [CN SET] : ); - } - else - {
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: f...@cvs.openbsd.org2009/08/30 12:06:07 Modified files: www/apache-httpd: Makefile distinfo www/apache-httpd/patches: patch-docs_man_htdbm_1 www/apache-httpd/pkg: PLIST Log message: Update to 2.2.13 SECURITY: CVE-2009-2412, CVE-2009-1891, CVE-2009-1195, CVE-2009-1890, CVE-2009-1191, CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 Update the Makefile to properly depend on the mt version of apr-util in ldap flavour. (from bernd@) ok jasper@, ajacoutot@
update apache-httpd to 2.2.13
Hi, this updated www/apache-httpd to 2.2.13. Any remarks, comments, regressions? felix Index: Makefile === RCS file: /cvs/ports/www/apache-httpd/Makefile,v retrieving revision 1.20 diff -u -r1.20 Makefile --- Makefile15 May 2009 15:46:58 - 1.20 +++ Makefile24 Aug 2009 20:34:48 - @@ -2,8 +2,8 @@ COMMENT= apache HTTP server -V= 2.2.11 -PKGNAME= apache-httpd-${V}p0 +V= 2.2.13 +PKGNAME= apache-httpd-${V} DISTNAME= httpd-${V} CATEGORIES=www net Index: distinfo === RCS file: /cvs/ports/www/apache-httpd/distinfo,v retrieving revision 1.7 diff -u -r1.7 distinfo --- distinfo9 Apr 2009 18:36:00 - 1.7 +++ distinfo24 Aug 2009 20:34:48 - @@ -1,5 +1,5 @@ -MD5 (httpd-2.2.11.tar.gz) = A+Cpml3g8/VooAh/uZk6+Q== -RMD160 (httpd-2.2.11.tar.gz) = eUX4bVsBIaedaLnX0jKQfDJVXDk= -SHA1 (httpd-2.2.11.tar.gz) = SGLqYtKGdo+vFDwy5JT60jqlmfE= -SHA256 (httpd-2.2.11.tar.gz) = G6dPnYZNj7qkFgTrpn5RKH5+GWs6ToROfz6ntwfdTCc= -SIZE (httpd-2.2.11.tar.gz) = 6806786 +MD5 (httpd-2.2.13.tar.gz) = KAPjW+ZlD1tznm6R+qgk3Q== +RMD160 (httpd-2.2.13.tar.gz) = bwK4HOD4za+wp6nU5MXDIff4xIs= +SHA1 (httpd-2.2.13.tar.gz) = 1r7DVzEgC8x5Z52DuMPxQeywMEo= +SHA256 (httpd-2.2.13.tar.gz) = 4n3OoMF1lq5nPDS+DDh6xxccLrCD5/RCuxOgxmzOBxI= +SIZE (httpd-2.2.13.tar.gz) = 6897450 Index: patches/patch-docs_man_htdbm_1 === RCS file: /cvs/ports/www/apache-httpd/patches/patch-docs_man_htdbm_1,v retrieving revision 1.2 diff -u -r1.2 patch-docs_man_htdbm_1 --- patches/patch-docs_man_htdbm_1 25 Mar 2007 17:40:55 - 1.2 +++ patches/patch-docs_man_htdbm_1 24 Aug 2009 20:34:48 - @@ -1,12 +1,12 @@ $OpenBSD: patch-docs_man_htdbm_1,v 1.2 2007/03/25 17:40:55 deanna Exp $ docs/man/htdbm.1.orig Sat Mar 26 10:22:17 2005 -+++ docs/man/htdbm.1 Sun Mar 25 13:21:03 2007 +--- docs/man/htdbm.1.orig Thu Feb 12 15:09:23 2009 docs/man/htdbm.1 Mon Aug 24 21:12:10 2009 @@ -54,7 +54,7 @@ htdbm \- Manipulate DBM password databases .SH SUMMARY .PP --htdbm is used to manipulate the DBM format files used to store usernames and password for basic authentication of HTTP users via mod_auth_dbm\. See the dbmmanage documentation for more information about these DBM files\. -+htdbm is used to manipulate the DBM format files used to store usernames and password for basic authentication of HTTP users via mod_auth_dbm\. See the dbmmanage2 documentation for more information about these DBM files\. +-htdbm is used to manipulate the DBM format files used to store usernames and password for basic authentication of HTTP users via mod_authn_dbm\. See the dbmmanage documentation for more information about these DBM files\. ++htdbm is used to manipulate the DBM format files used to store usernames and password for basic authentication of HTTP users via mod_authn_dbm\. See the dbmmanage2 documentation for more information about these DBM files\. .SH OPTIONS Index: pkg/PLIST === RCS file: /cvs/ports/www/apache-httpd/pkg/PLIST,v retrieving revision 1.15 diff -u -r1.15 PLIST --- pkg/PLIST 15 May 2009 15:46:58 - 1.15 +++ pkg/PLIST 24 Aug 2009 20:34:49 - @@ -268,6 +268,7 @@ share/doc/apache2/howto/public_html.html.en share/doc/apache2/howto/public_html.html.ja.utf8 share/doc/apache2/howto/public_html.html.ko.euc-kr +share/doc/apache2/howto/public_html.html.tr.utf8 share/doc/apache2/howto/ssi.html share/doc/apache2/howto/ssi.html.en share/doc/apache2/howto/ssi.html.ja.utf8 @@ -348,6 +349,7 @@ share/doc/apache2/misc/perf-tuning.html share/doc/apache2/misc/perf-tuning.html.en share/doc/apache2/misc/perf-tuning.html.ko.euc-kr +share/doc/apache2/misc/perf-tuning.html.tr.utf8 share/doc/apache2/misc/relevant_standards.html share/doc/apache2/misc/relevant_standards.html.en share/doc/apache2/misc/relevant_standards.html.ko.euc-kr @@ -739,6 +741,7 @@ share/doc/apache2/programs/apxs.html share/doc/apache2/programs/apxs.html.en share/doc/apache2/programs/apxs.html.ko.euc-kr +share/doc/apache2/programs/apxs.html.tr.utf8 share/doc/apache2/programs/configure.html share/doc/apache2/programs/configure.html.en share/doc/apache2/programs/configure.html.ko.euc-kr @@ -746,23 +749,29 @@ share/doc/apache2/programs/dbmmanage.html share/doc/apache2/programs/dbmmanage.html.en share/doc/apache2/programs/dbmmanage.html.ko.euc-kr +share/doc/apache2/programs/dbmmanage.html.tr.utf8 share/doc/apache2/programs/htcacheclean.html share/doc/apache2/programs/htcacheclean.html.en share/doc/apache2/programs/htcacheclean.html.ko.euc-kr +share/doc/apache2/programs/htcacheclean.html.tr.utf8 share/doc/apache2/programs/htdbm.html share/doc/apache2/programs/htdbm.html.en
Re: update apache-httpd to 2.2.13
On Tue, Aug 25, 2009 at 08:36:18AM +0200, Felix Kronlage wrote: this updated www/apache-httpd to 2.2.13. Bernd also spotted a problem in the current version of the port, that the following diff corrects as well. felix Index: Makefile === RCS file: /cvs/ports/www/apache-httpd/Makefile,v retrieving revision 1.20 diff -u -r1.20 Makefile --- Makefile15 May 2009 15:46:58 - 1.20 +++ Makefile25 Aug 2009 12:33:35 - @@ -2,8 +2,8 @@ COMMENT= apache HTTP server -V= 2.2.11 -PKGNAME= apache-httpd-${V}p0 +V= 2.2.13 +PKGNAME= apache-httpd-${V} DISTNAME= httpd-${V} CATEGORIES=www net @@ -30,7 +30,7 @@ CONFIGURE_ARGS+= --with-ldap --enable-ldap --enable-authnz-ldap WANTLIB+= asn1 com_err gssapi krb5 sasl2 LIB_DEPENDS+= ldap,lber::databases/openldap -LIB_DEPENDS+= aprutil-1.=2:apr-util-mt-*-ldap:devel/apr-util,ldap,mt +LIB_DEPENDS+= aprutil-1-mt.=2:apr-util-mt-*-ldap:devel/apr-util,ldap,mt .else LIB_DEPENDS+= aprutil-1-mt.=2:apr-util-mt-*-!ldap:devel/apr-util,mt .endif Index: distinfo === RCS file: /cvs/ports/www/apache-httpd/distinfo,v retrieving revision 1.7 diff -u -r1.7 distinfo --- distinfo9 Apr 2009 18:36:00 - 1.7 +++ distinfo25 Aug 2009 12:33:35 - @@ -1,5 +1,5 @@ -MD5 (httpd-2.2.11.tar.gz) = A+Cpml3g8/VooAh/uZk6+Q== -RMD160 (httpd-2.2.11.tar.gz) = eUX4bVsBIaedaLnX0jKQfDJVXDk= -SHA1 (httpd-2.2.11.tar.gz) = SGLqYtKGdo+vFDwy5JT60jqlmfE= -SHA256 (httpd-2.2.11.tar.gz) = G6dPnYZNj7qkFgTrpn5RKH5+GWs6ToROfz6ntwfdTCc= -SIZE (httpd-2.2.11.tar.gz) = 6806786 +MD5 (httpd-2.2.13.tar.gz) = KAPjW+ZlD1tznm6R+qgk3Q== +RMD160 (httpd-2.2.13.tar.gz) = bwK4HOD4za+wp6nU5MXDIff4xIs= +SHA1 (httpd-2.2.13.tar.gz) = 1r7DVzEgC8x5Z52DuMPxQeywMEo= +SHA256 (httpd-2.2.13.tar.gz) = 4n3OoMF1lq5nPDS+DDh6xxccLrCD5/RCuxOgxmzOBxI= +SIZE (httpd-2.2.13.tar.gz) = 6897450 Index: patches/patch-docs_man_htdbm_1 === RCS file: /cvs/ports/www/apache-httpd/patches/patch-docs_man_htdbm_1,v retrieving revision 1.2 diff -u -r1.2 patch-docs_man_htdbm_1 --- patches/patch-docs_man_htdbm_1 25 Mar 2007 17:40:55 - 1.2 +++ patches/patch-docs_man_htdbm_1 25 Aug 2009 12:33:35 - @@ -1,12 +1,12 @@ $OpenBSD: patch-docs_man_htdbm_1,v 1.2 2007/03/25 17:40:55 deanna Exp $ docs/man/htdbm.1.orig Sat Mar 26 10:22:17 2005 -+++ docs/man/htdbm.1 Sun Mar 25 13:21:03 2007 +--- docs/man/htdbm.1.orig Thu Feb 12 15:09:23 2009 docs/man/htdbm.1 Mon Aug 24 21:12:10 2009 @@ -54,7 +54,7 @@ htdbm \- Manipulate DBM password databases .SH SUMMARY .PP --htdbm is used to manipulate the DBM format files used to store usernames and password for basic authentication of HTTP users via mod_auth_dbm\. See the dbmmanage documentation for more information about these DBM files\. -+htdbm is used to manipulate the DBM format files used to store usernames and password for basic authentication of HTTP users via mod_auth_dbm\. See the dbmmanage2 documentation for more information about these DBM files\. +-htdbm is used to manipulate the DBM format files used to store usernames and password for basic authentication of HTTP users via mod_authn_dbm\. See the dbmmanage documentation for more information about these DBM files\. ++htdbm is used to manipulate the DBM format files used to store usernames and password for basic authentication of HTTP users via mod_authn_dbm\. See the dbmmanage2 documentation for more information about these DBM files\. .SH OPTIONS Index: pkg/PLIST === RCS file: /cvs/ports/www/apache-httpd/pkg/PLIST,v retrieving revision 1.15 diff -u -r1.15 PLIST --- pkg/PLIST 15 May 2009 15:46:58 - 1.15 +++ pkg/PLIST 25 Aug 2009 12:33:36 - @@ -268,6 +268,7 @@ share/doc/apache2/howto/public_html.html.en share/doc/apache2/howto/public_html.html.ja.utf8 share/doc/apache2/howto/public_html.html.ko.euc-kr +share/doc/apache2/howto/public_html.html.tr.utf8 share/doc/apache2/howto/ssi.html share/doc/apache2/howto/ssi.html.en share/doc/apache2/howto/ssi.html.ja.utf8 @@ -348,6 +349,7 @@ share/doc/apache2/misc/perf-tuning.html share/doc/apache2/misc/perf-tuning.html.en share/doc/apache2/misc/perf-tuning.html.ko.euc-kr +share/doc/apache2/misc/perf-tuning.html.tr.utf8 share/doc/apache2/misc/relevant_standards.html share/doc/apache2/misc/relevant_standards.html.en share/doc/apache2/misc/relevant_standards.html.ko.euc-kr @@ -739,6 +741,7 @@ share/doc/apache2/programs/apxs.html share/doc/apache2/programs/apxs.html.en share/doc/apache2/programs/apxs.html.ko.euc-kr +share/doc/apache2/programs/apxs.html.tr.utf8 share/doc/apache2/programs/configure.html share/doc/apache2/programs/configure.html.en
Re: About apache vulnerability updates applied to ports on stable branch
On Tue, Aug 25, 2009 at 06:18:44PM +0100, Stuart Henderson wrote: OPENBSD_4_5http://www.openbsd.org/cgi-bin/cvsweb/ports/www/apache-httpd/Makefile?only_with_tag=OPENBSD_4_5. [...] It needs to be updated in -current first. People need to test and report back on http://marc.info/?l=openbsd-portsm=125120705212520w=2 before this can happen. thanks Stuart for pointing this out, I missed adding the security revelance to my mail. felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - f...@hazardous.org - f...@silc|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas
Re: About apache vulnerability updates applied to ports on stable branch
On Tue, Aug 25, 2009 at 12:33:10PM -0500, David Taveras wrote: Hi, I understand that 2.2.13 is already being worked out in MAIN, which is awesome... but iam speaking historical remainings of these known vulnerabilities since they where introduced throughout the life of 2.2.9 and the present with 2.2.11 Does the community work on releasing the patches to the listed vulnerabilities with the new apache 2.2.13 ? Does this mean that Iam vulnerable to all of these within the 2.2.9/2.2.11 currently... if so I would understand this is due to insufficient human resources but I just need to know where iam standing at to take the necessary precautions and not assume everything as a OPENBSD_4_5 user. the update to 2.2.13 carries all the fixes as the upstream does, as it updates the port to use the source (distfile) of 2.2.13. felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - f...@hazardous.org - f...@silc|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas
update to p5-Device-GSM
Hi, the maintainer has not replied to my mails so far, so I am posting the update here. Basic update to the newest version of p5-Device-GSM, the updates helps to talk to a whole bunch of devices not well supported by the old version we have in tree. does anyone object to the update? felix Index: Makefile === RCS file: /cvs/ports/comms/p5-Device-Gsm/Makefile,v retrieving revision 1.3 diff -u -r1.3 Makefile --- Makefile16 Sep 2007 01:37:10 - 1.3 +++ Makefile21 Mar 2009 19:04:43 - @@ -2,8 +2,8 @@ COMMENT= Perl extension to interface GSM cellulars / modems -DISTNAME= Device-Gsm-1.36 -PKGNAME= p5-${DISTNAME}p0 +DISTNAME= Device-Gsm-1.52 +PKGNAME= p5-${DISTNAME} CATEGORIES=comms MODULES= cpan Index: distinfo === RCS file: /cvs/ports/comms/p5-Device-Gsm/distinfo,v retrieving revision 1.3 diff -u -r1.3 distinfo --- distinfo5 Apr 2007 15:37:47 - 1.3 +++ distinfo21 Mar 2009 19:04:43 - @@ -1,5 +1,5 @@ -MD5 (Device-Gsm-1.36.tar.gz) = YbcsqHdaGGFcfJh33McztQ== -RMD160 (Device-Gsm-1.36.tar.gz) = mHUYwoUJdNA6HMizxaIB5pdNDD4= -SHA1 (Device-Gsm-1.36.tar.gz) = kbLOvrsM1h4TPXPnOxiJ0XH3cG0= -SHA256 (Device-Gsm-1.36.tar.gz) = vkW2qy15kNpyAryM1mlClGqOPFsAwuNJNZzK+xhRE04= -SIZE (Device-Gsm-1.36.tar.gz) = 49511 +MD5 (Device-Gsm-1.52.tar.gz) = ut6OrTeHXg03JMAo004KGg== +RMD160 (Device-Gsm-1.52.tar.gz) = D+CFfkPzAsRp0IZp4Iks8XDiiVw= +SHA1 (Device-Gsm-1.52.tar.gz) = fs28u3A75VG1e0yyQS50e30eUHE= +SHA256 (Device-Gsm-1.52.tar.gz) = 7X4GlNoZy9+5EbH25e2D5hrxEVaq0E9LKgjvg0lXlw8= +SIZE (Device-Gsm-1.52.tar.gz) = 58817 -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - f...@hazardous.org - f...@silc|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: f...@cvs.openbsd.org2009/05/10 07:59:35 Modified files: net/openvpn: Makefile Added files: net/openvpn/patches: patch-configure Log message: switch OpenVPN to compile with pthreads, since this is needed for plugins like ldap auth. ok bernd@, sthen@
Re: openvpn and pthreads
On Tue, Mar 24, 2009 at 12:26:29AM +0100, Felix Kronlage wrote: Hi, From the reports I got so far, openvpn seems to run stable with --enable-pthreads. Does anyone here have concerns regarding this change? I've heard no concerns and only success stories regarding this change. Since it runs stable with pthreads, I suggest the attached diff, that also gets rid of the warning. felix Index: Makefile === RCS file: /data/cvsmirror/src/openbsd/ports/net/openvpn/Makefile,v retrieving revision 1.21 diff -u -r1.21 Makefile --- Makefile 8 Mar 2009 15:56:52 - 1.21 +++ Makefile 3 May 2009 13:06:05 - @@ -4,7 +4,7 @@ VERSION= 2.1_rc15 DISTNAME= openvpn-${VERSION} -PKGNAME= ${DISTNAME:S/_//g}p0 +PKGNAME= ${DISTNAME:S/_//g}p1 CATEGORIES= net security HOMEPAGE= http://openvpn.net/ @@ -16,7 +16,7 @@ PERMIT_PACKAGE_FTP= Yes PERMIT_DISTFILES_CDROM= Yes PERMIT_DISTFILES_FTP= Yes -WANTLIB= c crypto ssl +WANTLIB= c crypto ssl pthread MASTER_SITES= ${HOMEPAGE}/release/ @@ -27,8 +27,7 @@ FAKE= lib CONFIGURE_STYLE=gnu -# pthread support is supposed to be unstable on OpenBSD -CONFIGURE_ARGS+=--disable-pthread \ +CONFIGURE_ARGS+=--enable-pthread \ --with-lzo-headers=${DEPBASE}/include \ --with-lzo-lib=${DEPBASE}/lib \ --enable-password-save Index: patches/patch-configure === RCS file: patches/patch-configure diff -N patches/patch-configure --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-configure 3 May 2009 13:06:05 - @@ -0,0 +1,12 @@ +$OpenBSD$ +--- configure.orig Sun May 3 03:42:03 2009 configure Sun May 3 03:43:03 2009 +@@ -10326,8 +10326,6 @@ if test x$acx_pthread_ok = xyes; then + + case $target in + *openbsd*) +- { echo $as_me:$LINENO: result: WARNING: pthread support on OpenBSD is unstable! 5 +-echo ${ECHO_T}WARNING: pthread support on OpenBSD is unstable! 6; } + CFLAGS=$CFLAGS -pthread + ;; + esac
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: f...@cvs.openbsd.org2009/03/23 17:09:31 Modified files: comms/p5-Device-Modem: Makefile distinfo Log message: update to version 1.50 ok todd@ (maintainer)
openvpn and pthreads
hi, i've been looking at compiling the openvpn package with pthreads enabled, since that is needed for plugins like the ldap authentication plugin (one plugin I've been asked about many times in the past), which is very useful. From the reports I got so far, openvpn seems to run stable with --enable-pthreads. Does anyone here have concerns regarding this change? Also I would really like to get reports on more people running with this. (see attached diff to the net/openvpn port) felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - f...@hazardous.org - f...@silc|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas Index: Makefile === RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.21 diff -u -r1.21 Makefile --- Makefile8 Mar 2009 15:56:52 - 1.21 +++ Makefile23 Mar 2009 23:20:22 - @@ -4,7 +4,7 @@ VERSION= 2.1_rc15 DISTNAME= openvpn-${VERSION} -PKGNAME= ${DISTNAME:S/_//g}p0 +PKGNAME= ${DISTNAME:S/_//g}p1 CATEGORIES=net security HOMEPAGE= http://openvpn.net/ @@ -16,7 +16,7 @@ PERMIT_PACKAGE_FTP=Yes PERMIT_DISTFILES_CDROM= Yes PERMIT_DISTFILES_FTP= Yes -WANTLIB= c crypto ssl +WANTLIB= c crypto ssl pthread MASTER_SITES= ${HOMEPAGE}/release/ @@ -28,7 +28,7 @@ CONFIGURE_STYLE=gnu # pthread support is supposed to be unstable on OpenBSD -CONFIGURE_ARGS+=--disable-pthread \ +CONFIGURE_ARGS+=--enable-pthread \ --with-lzo-headers=${DEPBASE}/include \ --with-lzo-lib=${DEPBASE}/lib \ --enable-password-save
update: OpenVPN 2.1 RC15
hi, and before rc14 was really there, they made rc15. (Since they keey adding features, I think their versioning naming scheme is broken, but they feel different..) Any testers? Index: Makefile === RCS file: /src/ports/net/openvpn/Makefile,v retrieving revision 1.19 diff -u -r1.19 Makefile --- Makefile22 Oct 2008 05:27:07 - 1.19 +++ Makefile21 Nov 2008 12:20:59 - @@ -2,7 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -VERSION= 2.1_rc13 +VERSION= 2.1_rc15 DISTNAME= openvpn-${VERSION} PKGNAME= ${DISTNAME:S/_//g} CATEGORIES=net security Index: distinfo === RCS file: /src/ports/net/openvpn/distinfo,v retrieving revision 1.14 diff -u -r1.14 distinfo --- distinfo22 Oct 2008 05:27:07 - 1.14 +++ distinfo21 Nov 2008 12:26:30 - @@ -1,5 +1,5 @@ -MD5 (openvpn-2.1_rc13.tar.gz) = f5Y3yrhiV56ZZm1MuY2FOw== -RMD160 (openvpn-2.1_rc13.tar.gz) = 1SJhqhmS9G+JB5OUSFjwV/ojn90= -SHA1 (openvpn-2.1_rc13.tar.gz) = kE1UJJ5i8CtvLH/Eo19Wur4BS34= -SHA256 (openvpn-2.1_rc13.tar.gz) = 2MHnybBMold9kASNcj9mE3RPgYx16utm1HuhFY8guZM= -SIZE (openvpn-2.1_rc13.tar.gz) = 825890 +MD5 (openvpn-2.1_rc15.tar.gz) = FKNbBcWhYpLRSVktHa0DAg== +RMD160 (openvpn-2.1_rc15.tar.gz) = kDMxOYFaFoGremrrqbxaAFxalxM= +SHA1 (openvpn-2.1_rc15.tar.gz) = oH+bJJR0KOkF0MQTObntUiNYxnI= +SHA256 (openvpn-2.1_rc15.tar.gz) = Zs/jR9pqsprjnIBSdxQHnNtWmf30U/fgMd0uwBctE6U= +SIZE (openvpn-2.1_rc15.tar.gz) = 833429
openvpn 2.1_rc14
Hi, attached an update to OpenVPN 2.1_rc14. Attached is also the changelog. comments? remarks? felix ? w-openvpn-2.1rc14 Index: Makefile === RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.19 diff -u -r1.19 Makefile --- Makefile22 Oct 2008 05:27:07 - 1.19 +++ Makefile17 Nov 2008 22:26:59 - @@ -2,7 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -VERSION= 2.1_rc13 +VERSION= 2.1_rc14 DISTNAME= openvpn-${VERSION} PKGNAME= ${DISTNAME:S/_//g} CATEGORIES=net security Index: distinfo === RCS file: /cvs/ports/net/openvpn/distinfo,v retrieving revision 1.14 diff -u -r1.14 distinfo --- distinfo22 Oct 2008 05:27:07 - 1.14 +++ distinfo17 Nov 2008 22:26:59 - @@ -1,5 +1,5 @@ -MD5 (openvpn-2.1_rc13.tar.gz) = f5Y3yrhiV56ZZm1MuY2FOw== -RMD160 (openvpn-2.1_rc13.tar.gz) = 1SJhqhmS9G+JB5OUSFjwV/ojn90= -SHA1 (openvpn-2.1_rc13.tar.gz) = kE1UJJ5i8CtvLH/Eo19Wur4BS34= -SHA256 (openvpn-2.1_rc13.tar.gz) = 2MHnybBMold9kASNcj9mE3RPgYx16utm1HuhFY8guZM= -SIZE (openvpn-2.1_rc13.tar.gz) = 825890 +MD5 (openvpn-2.1_rc14.tar.gz) = Nhmk1z3p7vxbcUUlQ5ggjQ== +RMD160 (openvpn-2.1_rc14.tar.gz) = GBLP2psXZUv4k1Q5CVrSuEbyJ8g= +SHA1 (openvpn-2.1_rc14.tar.gz) = UzuyVwFSSLLCCLdyunKEiZtNhpw= +SHA256 (openvpn-2.1_rc14.tar.gz) = B330oIqFGiF8Sdw5zN/Ss6buXIbRHjmu+9NFYQUZDng= +SIZE (openvpn-2.1_rc14.tar.gz) = 832977 2008.11.16 -- Version 2.1_rc14 * Added AC_GNU_SOURCE to configure.ac to enable struct ucred, with the goal of fixing a build issue on Fedora 9 that was introduced in 2.1_rc13. * Added additional method parameter to --script-security to preserve backward compatibility with system() call semantics used in OpenVPN 2.1_rc8 and earlier. To preserve backward compatibility use: script-security 3 system * Added additional warning messages about --script-security 2 or higher being required to execute user-defined scripts or executables. * Windows build system changes: Modified Windows domake-win build system to write all openvpn.nsi input files to gen, so that gen can be disconnected from the rest of the source tree and makensis openvpn.nsi will still function correctly. Added additional SAMPCONF_(CA|CRT|KEY) macros to settings.in (commented out by default). Added optional files SAMPCONF_CONF2 (second sample configuration file) and SAMPCONF_DH (Diffie-Helman parameters) to Windows build system, and may be defined in settings.in. * Extended Management Interface bytecount command to work when OpenVPN is running as a server. Documented Management Interface bytecount command in management/management-notes.txt. * Fixed informational message in ssl.c to properly indicate deferred authentication. * Added server-side --auth-user-pass-optional directive, to allow connections by clients that do not specify a username/password, when a user-defined authentication script/module is in place (via --auth-user-pass-verify, --management-client-auth, or a plugin module). * Changes to easy-rsa/2.0/pkitool and related openssl.cnf: Calling scripts can set the KEY_NAME environmental variable to set the name X509 subject field in generated certificates. Modified pkitool to allow flexibility in separating the Common Name convention from the cert/key filename convention. For example: KEY_CN=James's Laptop KEY_NAME=james ./pkitool james will create a client certificate/key pair of james.crt/james.key having a Common Name of James's Laptop and a Name of james. * Added --no-name-remapping option to allow Common Name, X509 Subject, and username strings to include any printable character including space, but excluding control characters such as tab, newline, and carriage-return (this is important for compatibility with external authentication systems). As a related change, added --status-version 3 format (and status 3 in the management interface) which uses the version 2 format except that tabs are used as delimiters instead of commas so that there is no ambiguity when parsing a Common Name that contains a comma. Also, save X509 Subject fields to environment, using the naming convention: X509_{cert_depth}_{name}={value} This is to avoid ambiguities when parsing out the X509 subject string since / characters could potentially be used in the common name. * Fixed some ifconfig-pool issues that precluded it from being combined with --server directive. Now, for example, we can configure thusly: server 10.8.0.0 255.255.255.0 nopool ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0 to have ifconfig-pool manage only a subset of the VPN subnet. * Added config file option setenv FORWARD_COMPATIBLE 1 to relax config file syntax checking to allow directives for future
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: [EMAIL PROTECTED] 2008/10/21 23:27:07 Modified files: net/openvpn: Makefile distinfo net/openvpn/patches: patch-route_c patch-sample-config-files_server_conf net/openvpn/pkg: PLIST Log message: update to openvpn 2.1rc13 ok bernd@
OpenVPN 2.1_rc13 (was: Re: OpenVPN 2.1_rc12)
On Wed, Oct 01, 2008 at 11:54:31AM +0200, Felix Kronlage wrote: another rc that fixes stuff in rc9. No clue, how long the OpenVPN people want to keep playing the rc game. and here comes 2.1 RC13. This time they even added functionality again (managment interface can listen on unix domain socket, which is a very nice enhancement!) felix Index: Makefile === RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.18 diff -u -r1.18 Makefile --- Makefile6 Sep 2008 09:07:10 - 1.18 +++ Makefile18 Oct 2008 13:01:29 - @@ -2,7 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -VERSION= 2.1_rc9 +VERSION= 2.1_rc13 DISTNAME= openvpn-${VERSION} PKGNAME= ${DISTNAME:S/_//g} CATEGORIES=net security Index: distinfo === RCS file: /cvs/ports/net/openvpn/distinfo,v retrieving revision 1.13 diff -u -r1.13 distinfo --- distinfo6 Sep 2008 09:07:10 - 1.13 +++ distinfo18 Oct 2008 13:01:29 - @@ -1,5 +1,5 @@ -MD5 (openvpn-2.1_rc9.tar.gz) = 9DXkrUPPQyPpQtpXC65JUQ== -RMD160 (openvpn-2.1_rc9.tar.gz) = vcJ8el4qHaqM51l6n6CZFnhhu/0= -SHA1 (openvpn-2.1_rc9.tar.gz) = VrAf2bLN2L1MIlfZG5uHmm+dsdg= -SHA256 (openvpn-2.1_rc9.tar.gz) = 9z7CJ6X7f0xzGQ565SpZpNsUno1ijyLooKdipY+7Qk0= -SIZE (openvpn-2.1_rc9.tar.gz) = 818716 +MD5 (openvpn-2.1_rc13.tar.gz) = f5Y3yrhiV56ZZm1MuY2FOw== +RMD160 (openvpn-2.1_rc13.tar.gz) = 1SJhqhmS9G+JB5OUSFjwV/ojn90= +SHA1 (openvpn-2.1_rc13.tar.gz) = kE1UJJ5i8CtvLH/Eo19Wur4BS34= +SHA256 (openvpn-2.1_rc13.tar.gz) = 2MHnybBMold9kASNcj9mE3RPgYx16utm1HuhFY8guZM= +SIZE (openvpn-2.1_rc13.tar.gz) = 825890 Index: patches/patch-route_c === RCS file: /cvs/ports/net/openvpn/patches/patch-route_c,v retrieving revision 1.1 diff -u -r1.1 patch-route_c --- patches/patch-route_c 11 Sep 2007 15:09:14 - 1.1 +++ patches/patch-route_c 18 Oct 2008 13:01:29 - @@ -1,7 +1,7 @@ $OpenBSD: patch-route_c,v 1.1 2007/09/11 15:09:14 claudio Exp $ route.c.orig Wed Apr 5 08:13:55 2006 -+++ route.cThu Sep 6 09:35:31 2007 -@@ -1622,7 +1622,7 @@ get_default_gateway (in_addr_t *ret) +--- route.c.orig Sun Aug 10 20:35:25 2008 route.cSun Sep 21 20:25:00 2008 +@@ -1869,7 +1869,7 @@ get_default_gateway (in_addr_t *ret, in_addr_t *netmas } } @@ -10,7 +10,7 @@ #include sys/types.h #include sys/socket.h -@@ -1671,6 +1671,169 @@ struct rt_msghdr { +@@ -1918,6 +1918,169 @@ struct rt_msghdr { int rtm_errno; /* why failed */ int rtm_use;/* from rtentry */ u_long rtm_inits; /* which metrics we are initializing */ Index: patches/patch-sample-config-files_server_conf === RCS file: /cvs/ports/net/openvpn/patches/patch-sample-config-files_server_conf,v retrieving revision 1.1 diff -u -r1.1 patch-sample-config-files_server_conf --- patches/patch-sample-config-files_server_conf 15 Dec 2006 09:56:14 - 1.1 +++ patches/patch-sample-config-files_server_conf 18 Oct 2008 13:01:29 - @@ -1,7 +1,7 @@ $OpenBSD: patch-sample-config-files_server_conf,v 1.1 2006/12/15 09:56:14 robert Exp $ sample-config-files/server.conf.orig Fri Jan 6 22:49:27 2006 -+++ sample-config-files/server.confFri Dec 15 09:22:42 2006 -@@ -251,8 +251,8 @@ comp-lzo +--- sample-config-files/server.conf.orig Sun Aug 10 20:35:25 2008 sample-config-files/server.confSun Sep 21 20:25:00 2008 +@@ -259,8 +259,8 @@ comp-lzo # # You can uncomment this out on # non-Windows systems. Index: pkg/PLIST === RCS file: /cvs/ports/net/openvpn/pkg/PLIST,v retrieving revision 1.9 diff -u -r1.9 PLIST --- pkg/PLIST 1 Apr 2008 21:50:14 - 1.9 +++ pkg/PLIST 18 Oct 2008 13:01:29 - @@ -2,7 +2,7 @@ @newgroup _openvpn:577 @newuser _openvpn:577:_openvpn:daemon:OpenVPN Daemon:/nonexistent:/sbin/nologin @man man/man8/openvpn.8 -sbin/openvpn [EMAIL PROTECTED] sbin/openvpn share/examples/openvpn/ share/examples/openvpn/easy-rsa/ share/examples/openvpn/easy-rsa/1.0/
OpenVPN 2.1_rc12
hi, another rc that fixes stuff in rc9. No clue, how long the OpenVPN people want to keep playing the rc game. Index: Makefile === RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.18 diff -u -r1.18 Makefile --- Makefile6 Sep 2008 09:07:10 - 1.18 +++ Makefile1 Oct 2008 09:36:30 - @@ -2,7 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -VERSION= 2.1_rc9 +VERSION= 2.1_rc12 DISTNAME= openvpn-${VERSION} PKGNAME= ${DISTNAME:S/_//g} CATEGORIES=net security Index: distinfo === RCS file: /cvs/ports/net/openvpn/distinfo,v retrieving revision 1.13 diff -u -r1.13 distinfo --- distinfo6 Sep 2008 09:07:10 - 1.13 +++ distinfo1 Oct 2008 09:36:30 - @@ -1,5 +1,5 @@ -MD5 (openvpn-2.1_rc9.tar.gz) = 9DXkrUPPQyPpQtpXC65JUQ== -RMD160 (openvpn-2.1_rc9.tar.gz) = vcJ8el4qHaqM51l6n6CZFnhhu/0= -SHA1 (openvpn-2.1_rc9.tar.gz) = VrAf2bLN2L1MIlfZG5uHmm+dsdg= -SHA256 (openvpn-2.1_rc9.tar.gz) = 9z7CJ6X7f0xzGQ565SpZpNsUno1ijyLooKdipY+7Qk0= -SIZE (openvpn-2.1_rc9.tar.gz) = 818716 +MD5 (openvpn-2.1_rc12.tar.gz) = X2ZuUA6NJOX1e+4vL4sL6g== +RMD160 (openvpn-2.1_rc12.tar.gz) = wr0VMvxBkmaONUFVOIwUYZ770XA= +SHA1 (openvpn-2.1_rc12.tar.gz) = a+mB/S1fU3BEO1Ghdq8yFW0yRuU= +SHA256 (openvpn-2.1_rc12.tar.gz) = tzxCRD5rM2IJkcr8BhWtjOH+WYWfRtsG1radb6BrZq0= +SIZE (openvpn-2.1_rc12.tar.gz) = 824791 Index: patches/patch-route_c === RCS file: /cvs/ports/net/openvpn/patches/patch-route_c,v retrieving revision 1.1 diff -u -r1.1 patch-route_c --- patches/patch-route_c 11 Sep 2007 15:09:14 - 1.1 +++ patches/patch-route_c 1 Oct 2008 09:36:30 - @@ -1,7 +1,7 @@ $OpenBSD: patch-route_c,v 1.1 2007/09/11 15:09:14 claudio Exp $ route.c.orig Wed Apr 5 08:13:55 2006 -+++ route.cThu Sep 6 09:35:31 2007 -@@ -1622,7 +1622,7 @@ get_default_gateway (in_addr_t *ret) +--- route.c.orig Sun Aug 10 20:35:25 2008 route.cSun Sep 21 20:25:00 2008 +@@ -1869,7 +1869,7 @@ get_default_gateway (in_addr_t *ret, in_addr_t *netmas } } @@ -10,7 +10,7 @@ #include sys/types.h #include sys/socket.h -@@ -1671,6 +1671,169 @@ struct rt_msghdr { +@@ -1918,6 +1918,169 @@ struct rt_msghdr { int rtm_errno; /* why failed */ int rtm_use;/* from rtentry */ u_long rtm_inits; /* which metrics we are initializing */ Index: patches/patch-sample-config-files_server_conf === RCS file: /cvs/ports/net/openvpn/patches/patch-sample-config-files_server_conf,v retrieving revision 1.1 diff -u -r1.1 patch-sample-config-files_server_conf --- patches/patch-sample-config-files_server_conf 15 Dec 2006 09:56:14 - 1.1 +++ patches/patch-sample-config-files_server_conf 1 Oct 2008 09:36:30 - @@ -1,7 +1,7 @@ $OpenBSD: patch-sample-config-files_server_conf,v 1.1 2006/12/15 09:56:14 robert Exp $ sample-config-files/server.conf.orig Fri Jan 6 22:49:27 2006 -+++ sample-config-files/server.confFri Dec 15 09:22:42 2006 -@@ -251,8 +251,8 @@ comp-lzo +--- sample-config-files/server.conf.orig Sun Aug 10 20:35:25 2008 sample-config-files/server.confSun Sep 21 20:25:00 2008 +@@ -259,8 +259,8 @@ comp-lzo # # You can uncomment this out on # non-Windows systems. Index: pkg/PLIST === RCS file: /cvs/ports/net/openvpn/pkg/PLIST,v retrieving revision 1.9 diff -u -r1.9 PLIST --- pkg/PLIST 1 Apr 2008 21:50:14 - 1.9 +++ pkg/PLIST 1 Oct 2008 09:36:30 - @@ -2,7 +2,7 @@ @newgroup _openvpn:577 @newuser _openvpn:577:_openvpn:daemon:OpenVPN Daemon:/nonexistent:/sbin/nologin @man man/man8/openvpn.8 -sbin/openvpn [EMAIL PROTECTED] sbin/openvpn share/examples/openvpn/ share/examples/openvpn/easy-rsa/ share/examples/openvpn/easy-rsa/1.0/ -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas
Re: update: net/openvpn
On Wed, Aug 27, 2008 at 09:50:20PM +0400, Vadim Zhukov wrote: BTW: What about using --enable-password-save? I have to use it - it is, IMHO, more secure to save password on secured box than telling this password to everyone that uses this tunnel, or giving them access to remote PC (and more easy and using-friendly for those people too:) ). This option may be enabled as FLAVOR, and even non-linked to builds; I use modified in a such way openvpn port, and it works OK for months. as this just adds functionality without crippling anything, I'd suggest to just add the configure option to the main port without making an extra flavour Index: Makefile === RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.17 diff -u -r1.17 Makefile --- Makefile1 Apr 2008 21:50:14 - 1.17 +++ Makefile4 Sep 2008 15:43:00 - @@ -2,7 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -VERSION= 2.1_rc7 +VERSION= 2.1_rc9 DISTNAME= openvpn-${VERSION} PKGNAME= ${DISTNAME:S/_//g} CATEGORIES=net security @@ -30,7 +30,8 @@ # pthread support is supposed to be unstable on OpenBSD CONFIGURE_ARGS+=--disable-pthread \ --with-lzo-headers=${DEPBASE}/include \ - --with-lzo-lib=${DEPBASE}/lib + --with-lzo-lib=${DEPBASE}/lib \ + --enable-password-save SAMPLES_DIR= ${PREFIX}/share/examples/openvpn Index: distinfo === RCS file: /cvs/ports/net/openvpn/distinfo,v retrieving revision 1.12 diff -u -r1.12 distinfo --- distinfo1 Apr 2008 21:50:14 - 1.12 +++ distinfo4 Sep 2008 15:43:00 - @@ -1,5 +1,5 @@ -MD5 (openvpn-2.1_rc7.tar.gz) = OMj9+qNGXXQASUaLx7Zvzw== -RMD160 (openvpn-2.1_rc7.tar.gz) = Z+gNe/tVQEbHHJXsFdR4UEBX+QM= -SHA1 (openvpn-2.1_rc7.tar.gz) = +fV6jvOvirUZJHhK0qq11fV5hYE= -SHA256 (openvpn-2.1_rc7.tar.gz) = wH/LxBRlv1CMr/cNzEI4uMlemy81vse/iR9xZAJ+y/g= -SIZE (openvpn-2.1_rc7.tar.gz) = 787379 +MD5 (openvpn-2.1_rc9.tar.gz) = 9DXkrUPPQyPpQtpXC65JUQ== +RMD160 (openvpn-2.1_rc9.tar.gz) = vcJ8el4qHaqM51l6n6CZFnhhu/0= +SHA1 (openvpn-2.1_rc9.tar.gz) = VrAf2bLN2L1MIlfZG5uHmm+dsdg= +SHA256 (openvpn-2.1_rc9.tar.gz) = 9z7CJ6X7f0xzGQ565SpZpNsUno1ijyLooKdipY+7Qk0= +SIZE (openvpn-2.1_rc9.tar.gz) = 818716
Re: update: net/openvpn
hi, attached is an update to OpenVPN 2.1rc9. (this does fix a security issue with previous releases from the 2.1 RC series[1]) Please test and comment. felix [1] url: http://www.openvpn.net/index.php/documentation/change-log/changelog-21.html Index: Makefile === RCS file: /src/ports/net/openvpn/Makefile,v retrieving revision 1.17 diff -u -r1.17 Makefile --- Makefile1 Apr 2008 21:50:14 - 1.17 +++ Makefile27 Aug 2008 12:02:42 - @@ -2,7 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -VERSION= 2.1_rc7 +VERSION= 2.1_rc9 DISTNAME= openvpn-${VERSION} PKGNAME= ${DISTNAME:S/_//g} CATEGORIES=net security Index: distinfo === RCS file: /src/ports/net/openvpn/distinfo,v retrieving revision 1.12 diff -u -r1.12 distinfo --- distinfo1 Apr 2008 21:50:14 - 1.12 +++ distinfo27 Aug 2008 12:02:43 - @@ -1,5 +1,5 @@ -MD5 (openvpn-2.1_rc7.tar.gz) = OMj9+qNGXXQASUaLx7Zvzw== -RMD160 (openvpn-2.1_rc7.tar.gz) = Z+gNe/tVQEbHHJXsFdR4UEBX+QM= -SHA1 (openvpn-2.1_rc7.tar.gz) = +fV6jvOvirUZJHhK0qq11fV5hYE= -SHA256 (openvpn-2.1_rc7.tar.gz) = wH/LxBRlv1CMr/cNzEI4uMlemy81vse/iR9xZAJ+y/g= -SIZE (openvpn-2.1_rc7.tar.gz) = 787379 +MD5 (openvpn-2.1_rc9.tar.gz) = 9DXkrUPPQyPpQtpXC65JUQ== +RMD160 (openvpn-2.1_rc9.tar.gz) = vcJ8el4qHaqM51l6n6CZFnhhu/0= +SHA1 (openvpn-2.1_rc9.tar.gz) = VrAf2bLN2L1MIlfZG5uHmm+dsdg= +SHA256 (openvpn-2.1_rc9.tar.gz) = 9z7CJ6X7f0xzGQ565SpZpNsUno1ijyLooKdipY+7Qk0= +SIZE (openvpn-2.1_rc9.tar.gz) = 818716
update: net/openvpn
hi, attached is an update of OpenVPN to 2.1rc8. tests more than welcome. felix Index: Makefile === RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.17 diff -u -r1.17 Makefile --- Makefile1 Apr 2008 21:50:14 - 1.17 +++ Makefile12 Jul 2008 18:20:46 - @@ -2,7 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -VERSION= 2.1_rc7 +VERSION= 2.1_rc8 DISTNAME= openvpn-${VERSION} PKGNAME= ${DISTNAME:S/_//g} CATEGORIES=net security @@ -18,7 +18,7 @@ PERMIT_DISTFILES_FTP= Yes WANTLIB= c crypto ssl -MASTER_SITES= ${HOMEPAGE}/release/ +MASTER_SITES= https://secure.openvpn.net/beta/ LIB_DEPENDS= lzo::archivers/lzo Index: distinfo === RCS file: /cvs/ports/net/openvpn/distinfo,v retrieving revision 1.12 diff -u -r1.12 distinfo --- distinfo1 Apr 2008 21:50:14 - 1.12 +++ distinfo12 Jul 2008 18:20:46 - @@ -1,5 +1,5 @@ -MD5 (openvpn-2.1_rc7.tar.gz) = OMj9+qNGXXQASUaLx7Zvzw== -RMD160 (openvpn-2.1_rc7.tar.gz) = Z+gNe/tVQEbHHJXsFdR4UEBX+QM= -SHA1 (openvpn-2.1_rc7.tar.gz) = +fV6jvOvirUZJHhK0qq11fV5hYE= -SHA256 (openvpn-2.1_rc7.tar.gz) = wH/LxBRlv1CMr/cNzEI4uMlemy81vse/iR9xZAJ+y/g= -SIZE (openvpn-2.1_rc7.tar.gz) = 787379 +MD5 (openvpn-2.1_rc8.tar.gz) = BZ37biG1A2h8a0qKGwA0rA== +RMD160 (openvpn-2.1_rc8.tar.gz) = 0eER6FxvjZMpkSFo4jfbGXayzcs= +SHA1 (openvpn-2.1_rc8.tar.gz) = yHNQ9L16m+owzf+hEbLwgoHEB8w= +SHA256 (openvpn-2.1_rc8.tar.gz) = DIDbAv94OyP5HyMLx2mq7Ja6tAUQaCkoOjucRwKCLtA= +SIZE (openvpn-2.1_rc8.tar.gz) = 809545
Re: Updating trac's database to sqlite3 (was: Re: CVS: cvs.openbsd.org: ports)
On Thu, Jun 05, 2008 at 04:41:51PM +0100, Stuart Henderson wrote: I'd prefer if it mentioned the version, e.g. [...] yup, sounds good. ok? Index: Makefile === RCS file: /cvs/ports/www/trac/Makefile,v retrieving revision 1.14 diff -u -r1.14 Makefile --- Makefile5 Jun 2008 06:09:37 - 1.14 +++ Makefile6 Jun 2008 21:03:23 - @@ -3,7 +3,7 @@ COMMENT= wiki and bug tracking system for software projects DISTNAME= trac-0.10.4 -PKGNAME= ${DISTNAME}p2 +PKGNAME= ${DISTNAME}p3 CATEGORIES=www devel MAINTAINER=Ben Lovett [EMAIL PROTECTED] Index: pkg/MESSAGE === RCS file: /cvs/ports/www/trac/pkg/MESSAGE,v retrieving revision 1.2 diff -u -r1.2 MESSAGE --- pkg/MESSAGE 2 Aug 2007 22:36:47 - 1.2 +++ pkg/MESSAGE 6 Jun 2008 21:03:23 - @@ -18,3 +18,11 @@ You can find the Trac Installation Guide here: http://projects.edgewall.com/trac/wiki/TracInstall + +If updating from trac-0.10.4p1 or older, you must update trac's +database from sqlite2 to sqlite3. You do this by going to the +db-directory of trac and running the following commands: + +mv trac.db trac.db.old +${LOCALBASE}/bin/sqlite trac.db.old .dump | ${LOCALBASE}/bin/sqlite3 trac.db +
Updating trac's database to sqlite3 (was: Re: CVS: cvs.openbsd.org: ports)
On Thu, Jun 05, 2008 at 02:12:48PM +0200, Marc Espie wrote: switch dependency to newer sqlite, as a lot of third party plugins require this, it is also the recommendation from the trac developers. discussed on ports@ How does updating the existing port work ? is the old database still working ? I remember that sqlite2 and sqlite3 are NOT binary compatible indeed, my bad, should have mentioned that: Go to the trac db directory and do the following: mv trac.db trac.db.old sqlite trac.db.old .dump | sqlite3 trac.db (and be sure to fix permissions, so the trac user has the proper rights on trac.db) felix
Re: Updating trac's database to sqlite3 (was: Re: CVS: cvs.openbsd.org: ports)
On Thu, Jun 05, 2008 at 03:22:26PM +0200, Marc Espie wrote: indeed, my bad, should have mentioned that: [...] This must be mentioned somewhere in the new package indeed. Any objections to the wording? felix Index: Makefile === RCS file: /cvs/ports/www/trac/Makefile,v retrieving revision 1.14 diff -u -r1.14 Makefile --- Makefile5 Jun 2008 06:09:37 - 1.14 +++ Makefile5 Jun 2008 15:02:59 - @@ -3,7 +3,7 @@ COMMENT= wiki and bug tracking system for software projects DISTNAME= trac-0.10.4 -PKGNAME= ${DISTNAME}p2 +PKGNAME= ${DISTNAME}p3 CATEGORIES=www devel MAINTAINER=Ben Lovett [EMAIL PROTECTED] Index: pkg/MESSAGE === RCS file: /cvs/ports/www/trac/pkg/MESSAGE,v retrieving revision 1.2 diff -u -r1.2 MESSAGE --- pkg/MESSAGE 2 Aug 2007 22:36:47 - 1.2 +++ pkg/MESSAGE 5 Jun 2008 15:02:59 - @@ -18,3 +18,11 @@ You can find the Trac Installation Guide here: http://projects.edgewall.com/trac/wiki/TracInstall + +If updating from a previous version of the port, you might have to +update trac's database from sqlite2 to sqlite3. You do this by +going to the db-directory of trac and running the following commands: + +mv trac.db trac.db.old +${LOCALBASE}/bin/sqlite trac.db.old .dump | ${LOCALBASE}/bin/sqlite3 trac.db +
Re: update to amavisd-new 2.6.0
On Fri, May 23, 2008 at 11:21:32AM +0200, Felix Kronlage wrote: attached is an update to bring amavisd-new to version 2.6.0. Furthermore /var/amavisd/var is added to the plist, as it is referenced in the example config and needed for it to run. ugh, ignore me. I missed the better update Giovanni mailed out a few days ago. felix
update to amavisd-new 2.6.0
Hi, attached is an update to bring amavisd-new to version 2.6.0. Furthermore /var/amavisd/var is added to the plist, as it is referenced in the example config and needed for it to run. felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas Index: Makefile === RCS file: /cvs/ports/mail/amavisd-new/Makefile,v retrieving revision 1.6 diff -u -r1.6 Makefile --- Makefile4 Jan 2008 02:53:52 - 1.6 +++ Makefile23 May 2008 08:56:01 - @@ -2,7 +2,7 @@ COMMENT= interface between mailer MTA and content checkers -DISTNAME= amavisd-new-2.5.3 +DISTNAME= amavisd-new-2.6.0 CATEGORIES=mail security HOMEPAGE= http://www.ijs.si/software/amavisd/ Index: distinfo === RCS file: /cvs/ports/mail/amavisd-new/distinfo,v retrieving revision 1.6 diff -u -r1.6 distinfo --- distinfo4 Jan 2008 02:53:52 - 1.6 +++ distinfo23 May 2008 08:56:01 - @@ -1,5 +1,5 @@ -MD5 (amavisd-new-2.5.3.tar.gz) = XPGnpIGFXGcSN4wEdQWCVQ== -RMD160 (amavisd-new-2.5.3.tar.gz) = Sbl/83grQviqunvrc0QDmNg2ONk= -SHA1 (amavisd-new-2.5.3.tar.gz) = LhRgrVBa1CUah27FBtAho5LHwMA= -SHA256 (amavisd-new-2.5.3.tar.gz) = 9yRlThXqs/q84ihzpfKg/PLbk3TKhJec8Gaik2DuUz0= -SIZE (amavisd-new-2.5.3.tar.gz) = 789275 +MD5 (amavisd-new-2.6.0.tar.gz) = cXYcVQVAlSeb2lWRd2ghZA== +RMD160 (amavisd-new-2.6.0.tar.gz) = v5OiKGTR34l4WD/RoG70FOaCKR0= +SHA1 (amavisd-new-2.6.0.tar.gz) = 7//VXBLSOvgDqD6YGw/S8XkZCoU= +SHA256 (amavisd-new-2.6.0.tar.gz) = 6Xm+LbnSjCxEKTJFOUxQAc2alLvdDKPztF6sXnqRUho= +SIZE (amavisd-new-2.6.0.tar.gz) = 906076 Index: patches/patch-amavisd === RCS file: /cvs/ports/mail/amavisd-new/patches/patch-amavisd,v retrieving revision 1.4 diff -u -r1.4 patch-amavisd --- patches/patch-amavisd 27 Nov 2007 13:53:19 - 1.4 +++ patches/patch-amavisd 23 May 2008 08:56:01 - @@ -1,19 +1,9 @@ -$OpenBSD: patch-amavisd,v 1.4 2007/11/27 13:53:19 okan Exp $ amavisd.orig Wed Jun 27 12:43:00 2007 -+++ amavisdSat Nov 24 10:18:12 2007 -@@ -153,7 +153,7 @@ sub fetch_modules($$@) { - - BEGIN { - fetch_modules('REQUIRED BASIC MODULES', 1, qw( --Exporter POSIX Fcntl Socket Errno Carp Time::HiRes -+Exporter POSIX Fcntl Socket Errno Carp Carp::Heavy Time::HiRes - IO::Handle IO::File IO::Socket IO::Socket::UNIX IO::Socket::INET - IO::Wrap IO::Stringy Digest::MD5 Unix::Syslog File::Basename - Compress::Zlib MIME::Base64 MIME::QuotedPrint MIME::Words -@@ -17909,7 +17909,7 @@ sub initializeSpamAssassin { - local_tests_only = $sa_local_tests_only, +--- amavisd.orig Fri May 23 10:47:01 2008 amavisdFri May 23 10:47:49 2008 +@@ -20165,7 +20165,7 @@ home_dir_for_helpers = $helpers_home, stop_at_threshold = 0, + need_tags = 'TIMING,LANGUAGES,RELAYCOUNTRY,ASN,ASNCIDR', -# LOCAL_STATE_DIR = '/var/lib', +LOCAL_STATE_DIR = '/var/db/spamassassin', # PREFIX= '/usr/local', Index: patches/patch-amavisd_conf === RCS file: /cvs/ports/mail/amavisd-new/patches/patch-amavisd_conf,v retrieving revision 1.3 diff -u -r1.3 patch-amavisd_conf --- patches/patch-amavisd_conf 27 Nov 2007 13:53:19 - 1.3 +++ patches/patch-amavisd_conf 23 May 2008 08:56:01 - @@ -1,10 +1,9 @@ -$OpenBSD: patch-amavisd_conf,v 1.3 2007/11/27 13:53:19 okan Exp $ amavisd.conf.orig Wed Jun 27 12:42:55 2007 -+++ amavisd.conf Sat Nov 24 11:18:48 2007 -@@ -15,12 +15,12 @@ use strict; +--- amavisd.conf.orig Fri May 23 10:50:15 2008 amavisd.conf Fri May 23 10:51:24 2008 +@@ -15,12 +15,12 @@ # $bypass_decode_parts = 1; # controls running of decodersdearchivers - $max_servers = 2;# num of pre-forked children (2..15 is common), -m + $max_servers = 2;# num of pre-forked children (2..30 is common), -m -$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u -$daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g +$daemon_user = '_vscan'; # (no default; customary: vscan or amavis), -u @@ -13,11 +12,11 @@ $mydomain = 'example.com'; # a convenient default for other settings -# $MYHOME = '/var/amavis'; # a convenient default for other settings, -H -+$MYHOME = '/var/amavisd';# a convenient default for other settings, -H ++$MYHOME = '/var/amavisd'; # a convenient default for other settings, -H $TEMPBASE = $MYHOME/tmp; # working directory, needs to exist, -T $ENV{TMPDIR} = $TEMPBASE;# environment variable TMPDIR, used by SA, etc. $QUARANTINEDIR =
Re: move trac's dependency to py-sqlite2
On Fri, Apr 18, 2008 at 11:20:51PM +0200, Xavier Venient wrote: There are plugins available for trac, that require that trac runs with an sqlite3. Besides that, running trac with sqlite3 seems to be the de-facto standard out there. don't know about trac, but python2.5 includes sqlite3 which is built separately on openbsd (as a pseudo flavor?), so 'standard' dependency should be python-sqlite. From my understanding, trac explicitly requires py-sqlite. See also: url: http://trac.edgewall.org/wiki/PySqlite felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas
move trac's dependency to py-sqlite2
hi, does anyone here see problemes with moving trac's dependency from py-sqlite to py-sqlite2 ? There are plugins available for trac, that require that trac runs with an sqlite3. Besides that, running trac with sqlite3 seems to be the de-facto standard out there. felix Index: Makefile === RCS file: /cvs/ports/www/trac/Makefile,v retrieving revision 1.13 diff -u -r1.13 Makefile --- Makefile8 Oct 2007 08:22:43 - 1.13 +++ Makefile17 Apr 2008 19:45:09 - @@ -3,7 +3,7 @@ COMMENT= wiki and bug tracking system for software projects DISTNAME= trac-0.10.4 -PKGNAME= ${DISTNAME}p1 +PKGNAME= ${DISTNAME}p2 CATEGORIES=www devel MAINTAINER=Ben Lovett [EMAIL PROTECTED] @@ -21,7 +21,7 @@ MODULES= lang/python -MY_DEPENDS=::databases/py-sqlite \ +MY_DEPENDS=::databases/py-sqlite2 \ ::devel/subversion,-python \ ::textproc/py-docutils \ ::www/clearsilver,python -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas
Re: OpenVPN update
On Sun, Feb 17, 2008 at 09:51:53PM +0100, Felix Kronlage wrote: here comes an update to OpenVPN to 2.1RC7. Please test this in the scenarios where you use OpenVPN and report any breakage. Since nobody complained so far, I assume noone has run into problems. We've been running 2.1rc7 in various scenarions (with 2.0 servers with 2.1 clients and vice versa) and had no problems at all. If noone speaks up, I will go ahead and update our version in ports to 2.1rc7. felix
OpenVPN update
-scripts/bridge-start share/examples/openvpn/sample-scripts/bridge-stop share/examples/openvpn/sample-scripts/openvpn.init +share/examples/openvpn/sample-scripts/ucn.pl share/examples/openvpn/sample-scripts/verify-cn -- bytemine - Entwicklungsmanufaktur fuer innovative Loesungen Geschaeftsfuehrer: Felix Kronlage - [EMAIL PROTECTED] Tel: (+49)(0)441 - 36116410 Fax: (+49)(0)441 - 36116419 http://www.bytemine.net/ - [EMAIL PROTECTED] Kommunikation gerne mit GPG/PGP: 0xD9AC74D0 http://www.byteshare.de/ - sicherer Austausch von Dokumenten!
Re: openvpn_bsdauth-4
On Wed, Nov 21, 2007 at 12:21:27PM +0100, Antoine Jacoutot wrote: /usr/ports/net/openvpn_bsdauth/w-openvpn_bsdauth-4/fake-i386/usr/local/libexec/openvpn_bsdauth install: unknown user _openvpn *** Error code 67 This should fix your pbm. indeed. @@ -18,6 +19,7 @@ MASTER_SITES=${HOMEPAGE} RUN_REPENDS= ::net/openvpn +BUILD_DEPENDS= ${RUN_REPENDS} well, I also managed to mispell 'RUN_DEPENDS' ;) its fixed now. thanks for pointing out. felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas pgpdJvC1xASBp.pgp Description: PGP signature
Re: openvpn_bsdauth-4
On Wed, Nov 21, 2007 at 05:29:05PM +0200, Alexey Suslikov wrote: Hi Alexey, Guys, take a look at http://dpw.threerings.net/projects/openvpn-auth-ldap/ It is LDAP authentication plugin for OpenVPN and it integrates nicely with tables in OpenBSD PF. openvpn-auth-ldap needs re2c to build but it is in ports tree since mid of October (credits to sthen@). cool. I will take a look at it. felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas pgphxTdZx1GDn.pgp Description: PGP signature
Re: port for openbsd-bsdauth
On Thu, Oct 11, 2007 at 12:51:54AM +0200, Felix Kronlage wrote: As Marc Balmer pointed out: Index: Makefile === [...] +RUN_DEPENDS= ::net/openvpn this should of course point to openvpn-bsdauth. Index: Makefile === RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.15 diff -u -r1.15 Makefile --- Makefile11 Sep 2007 15:09:14 - 1.15 +++ Makefile11 Oct 2007 06:35:34 - @@ -5,12 +5,12 @@ VERSION= 2.0.9 DISTNAME= openvpn-${VERSION} -PKGNAME= ${DISTNAME}p0 +PKGNAME= ${DISTNAME}p1 CATEGORIES=net security HOMEPAGE= http://openvpn.net/ -MAINTAINER=Thomas Delaet [EMAIL PROTECTED] +MAINTAINER=Felix Kronlage [EMAIL PROTECTED] # GPL PERMIT_PACKAGE_CDROM= Yes @@ -22,6 +22,7 @@ MASTER_SITES= ${HOMEPAGE}/release/ LIB_DEPENDS= lzo::archivers/lzo +RUN_DEPENDS= ::net/openvpn-bsdauth SEPARATE_BUILD=concurrent -- bytemine - Entwicklungsmanufaktur fuer innovative Loesungen Geschaeftsfuehrer: Felix Kronlage - [EMAIL PROTECTED] Tel: (+49)(0)441 - 36116410 Fax: (+49)(0)441 - 36116419 http://www.bytemine.net/ - [EMAIL PROTECTED] Kommunikation gerne mit GPG/PGP: 0xD9AC74D0 http://www.byteshare.de/ - sicherer Austausch von Dokumenten!
port for openbsd-bsdauth
Attached is a Port for a helper-programm for OpenVPN to authenticate users via bsdauth. Attached is also an update for OpenVPN to have a run depends on the helper programm (along with a change of maintainer, as discussed with the maintainer). The rationale behind that, is that the programm is very small and the conveniance factor of having it just there when one installs OpenVPN is much more worth than the few kb. Bundling it with OpenVPN directly is not really an option, as these come from different people, so bernd and I opted for the chose solution. comments? felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas openvpn-bsdauth.tar.gz Description: application/tar-gz Index: Makefile === RCS file: /src/ports/net/openvpn/Makefile,v retrieving revision 1.15 diff -u -r1.15 Makefile --- Makefile11 Sep 2007 15:09:14 - 1.15 +++ Makefile9 Oct 2007 22:08:57 - @@ -5,12 +5,12 @@ VERSION= 2.0.9 DISTNAME= openvpn-${VERSION} -PKGNAME= ${DISTNAME}p0 +PKGNAME= ${DISTNAME}p1 CATEGORIES=net security HOMEPAGE= http://openvpn.net/ -MAINTAINER=Thomas Delaet [EMAIL PROTECTED] +MAINTAINER=Felix Kronlage [EMAIL PROTECTED] # GPL PERMIT_PACKAGE_CDROM= Yes @@ -22,6 +22,7 @@ MASTER_SITES= ${HOMEPAGE}/release/ LIB_DEPENDS= lzo::archivers/lzo +RUN_DEPENDS= ::net/openvpn SEPARATE_BUILD=concurrent
Re: Fix for OpenVPN after route.h changes
hi, i think, we really should get this change in. I've forwarded the original mail to the maintainer, no reply yet. Don't know how long we want to wait for a maintainer-timeout here... Claudio, this change is ok [EMAIL PROTECTED] felix pgpvIaS30vlxR.pgp Description: PGP signature
Re: UPDATE: exim-4.68
On Fri, Sep 07, 2007 at 04:59:18PM +0200, Andreas Vögele wrote: ugh, I already wondered, why I did not have to fix the plist by hand this time ;) ./pkg/PLIST:bin/exim-4.66 ./patches/patch-scripts_exim_install:+version=exim-4.66 I don't know why patch-scripts_exim_install was added by one of the former maintainers. Without the patch the version number is set to 4.68-1 instead of 4.68. The number that follows the dash is the local compilation number. yeah, this should have been removed by me. Here's a patch that disables the special handling of the exim binary. With this patch $LOCALBASE/bin/exim will be the binary itself instead of a a symbolic link to the versioned binary. A nice side effect is that you can run make update-plist without the need to fix the file mode of the exim binary in PLIST. [...] this is actually the right approach, I think. People call the symlink anyways, so it does not even change expected behaviour. thanks. felix -- bytemine - Entwicklungsmanufaktur fuer innovative Loesungen Geschaeftsfuehrer: Felix Kronlage - [EMAIL PROTECTED] Tel: (+49)(0)441 - 36116410 Fax: (+49)(0)441 - 36116419 http://www.bytemine.net/ - [EMAIL PROTECTED] Kommunikation gerne mit GPG/PGP: 0xD9AC74D0 http://www.byteshare.de/ - sicherer Austausch von Dokumenten! pgpoUwPAFojy7.pgp Description: PGP signature
Re: UPDATE: exim-4.68
hi, updated diff, removing the versioned binary (as sent by from Andreas). felix Index: Makefile === RCS file: /cvs/ports/mail/exim/Makefile,v retrieving revision 1.61 diff -u -r1.61 Makefile --- Makefile20 Apr 2007 18:14:22 - 1.61 +++ Makefile8 Sep 2007 18:26:12 - @@ -1,7 +1,7 @@ # $OpenBSD: Makefile,v 1.61 2007/04/20 18:14:22 fkr Exp $ COMMENT= Flexible mail transfer agent -DISTNAME= exim-4.67 +DISTNAME= exim-4.68 CATEGORIES=mail MASTER_SITES= ftp://ftp.exim.org/pub/exim/exim4/ \ http://mirror.switch.ch/ftp/mirror/exim/exim/exim4/ \ Index: distinfo === RCS file: /cvs/ports/mail/exim/distinfo,v retrieving revision 1.14 diff -u -r1.14 distinfo --- distinfo20 Apr 2007 18:14:22 - 1.14 +++ distinfo8 Sep 2007 18:26:12 - @@ -1,5 +1,5 @@ -MD5 (exim-4.67.tar.gz) = rWJPVjBeOjW93RXO+AJ1dg== -RMD160 (exim-4.67.tar.gz) = A99960Z+PLYq8nZsyvSlPF6pX10= -SHA1 (exim-4.67.tar.gz) = rXuRQPynD6sEk6xEKCFpgtg9xhM= -SHA256 (exim-4.67.tar.gz) = TSLOqOE4YeufmJLDRkLuJor53UhwyufAX7s/Ig8Ct0k= -SIZE (exim-4.67.tar.gz) = 2077066 +MD5 (exim-4.68.tar.gz) = uTvrW1zFfkKNmL0zBZHp/Q== +RMD160 (exim-4.68.tar.gz) = JoOzWu45SQAt+G4rLJZtxLg0C3k= +SHA1 (exim-4.68.tar.gz) = Vfcg29TwbLAhKzeZEND6lIfRHDk= +SHA256 (exim-4.68.tar.gz) = +a0UnmsmtSwSER48+oAZfLPgWTmK5oN/IrzUZ4sbCUQ= +SIZE (exim-4.68.tar.gz) = 2104505 Index: patches/patch-scripts_exim_install === RCS file: /cvs/ports/mail/exim/patches/patch-scripts_exim_install,v retrieving revision 1.9 diff -u -r1.9 patch-scripts_exim_install --- patches/patch-scripts_exim_install 12 Jan 2007 21:51:55 - 1.9 +++ patches/patch-scripts_exim_install 8 Sep 2007 18:26:12 - @@ -1,12 +1,12 @@ scripts/exim_install.orig Mon Nov 28 11:57:32 2005 -+++ scripts/exim_install Tue Nov 29 11:55:35 2005 -@@ -218,8 +218,7 @@ +$OpenBSD$ +--- scripts/exim_install.orig Thu Aug 30 16:31:06 2007 scripts/exim_install Fri Sep 7 16:07:28 2007 +@@ -217,7 +217,7 @@ while [ $# -gt 0 ]; do + # The exim binary is handled specially - if [ $name = exim${EXE} ]; then --version=exim-`./exim -bV -C /dev/null | \ -- awk '/Exim version/ { OFS=; print $3,-,substr($4,2,length($4)-1) }'`${EXE} -+version=exim-4.66 +- if [ $name = exim${EXE} ]; then ++ if false; then + version=exim-`./exim -bV -C /dev/null | \ + awk '/Exim version/ { OFS=; print $3,-,substr($4,2,length($4)-1) }'`${EXE} - if [ ${version} = exim-${EXE} ]; then - echo $com Index: pkg/PLIST === RCS file: /cvs/ports/mail/exim/pkg/PLIST,v retrieving revision 1.21 diff -u -r1.21 PLIST --- pkg/PLIST 12 Jan 2007 21:51:55 - 1.21 +++ pkg/PLIST 8 Sep 2007 18:26:12 - @@ -3,9 +3,8 @@ @newuser _exim:521:_exim:daemon:Exim Account:/var/spool/exim:/sbin/nologin bin/exicyclog bin/exigrep -bin/exim @mode 4755 -bin/exim-4.66 +bin/exim @mode bin/exim_checkaccess bin/exim_dbmbuild pgpJyTuZIoguX.pgp Description: PGP signature
Re: Fix for OpenVPN after route.h changes
On Thu, Sep 06, 2007 at 02:56:15PM +0200, Claudio Jeker wrote: fkr@ informed me about the issue but I'm not sure if I should thank him for that :) sorrry :) Please test. works as it did before our routing changes in base, definitly has my ok. I will see to get this issue fixed in OpenVPN 2.1 upstream, however, this will likely take a while =) felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas
UPDATE: exim-4.68
hi. trivial update from 4.67 to exim 4.68 attached. Changelog for the exim changes is here: url: http://www.exim.org/ftp/ChangeLogs/ChangeLog-4.68 please test and comment. felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas ? w-exim-4.68 ? w-exim-4.68-no_x11 Index: Makefile === RCS file: /cvs/ports/mail/exim/Makefile,v retrieving revision 1.61 diff -u -r1.61 Makefile --- Makefile20 Apr 2007 18:14:22 - 1.61 +++ Makefile6 Sep 2007 20:49:26 - @@ -1,7 +1,7 @@ # $OpenBSD: Makefile,v 1.61 2007/04/20 18:14:22 fkr Exp $ COMMENT= Flexible mail transfer agent -DISTNAME= exim-4.67 +DISTNAME= exim-4.68 CATEGORIES=mail MASTER_SITES= ftp://ftp.exim.org/pub/exim/exim4/ \ http://mirror.switch.ch/ftp/mirror/exim/exim/exim4/ \ Index: distinfo === RCS file: /cvs/ports/mail/exim/distinfo,v retrieving revision 1.14 diff -u -r1.14 distinfo --- distinfo20 Apr 2007 18:14:22 - 1.14 +++ distinfo6 Sep 2007 20:49:26 - @@ -1,5 +1,5 @@ -MD5 (exim-4.67.tar.gz) = rWJPVjBeOjW93RXO+AJ1dg== -RMD160 (exim-4.67.tar.gz) = A99960Z+PLYq8nZsyvSlPF6pX10= -SHA1 (exim-4.67.tar.gz) = rXuRQPynD6sEk6xEKCFpgtg9xhM= -SHA256 (exim-4.67.tar.gz) = TSLOqOE4YeufmJLDRkLuJor53UhwyufAX7s/Ig8Ct0k= -SIZE (exim-4.67.tar.gz) = 2077066 +MD5 (exim-4.68.tar.gz) = uTvrW1zFfkKNmL0zBZHp/Q== +RMD160 (exim-4.68.tar.gz) = JoOzWu45SQAt+G4rLJZtxLg0C3k= +SHA1 (exim-4.68.tar.gz) = Vfcg29TwbLAhKzeZEND6lIfRHDk= +SHA256 (exim-4.68.tar.gz) = +a0UnmsmtSwSER48+oAZfLPgWTmK5oN/IrzUZ4sbCUQ= +SIZE (exim-4.68.tar.gz) = 2104505
Re: Update mail/offlineimap to 4.0.16
On Wed, Feb 07, 2007 at 10:28:10AM +, Laurence Tratt wrote: hi, An update from Offlineimap 4.0.11 to 4.0.16 (if nothing else, the distribution site for new OfflineIMAPs finally has a reasonable amount of bandwidth). Tested on i386 and amd64, both -current. indeed, works flawlessly here as well (i386, sparc64). -HOMEPAGE=http://www.quux.org/devel/offlineimap/ +HOMEPAGE=http://software.complete.org/offlineimap/ [...] -MASTER_SITES=${HOMEPAGE} +MASTER_SITES= http://software.complete.org/offlineimap/static/download_area/${V}/ I'm not really sure, but shoulnd't this be better? MASTER_SITES= ${HOMEPAGE}static/download_area/${V}/ felix
UPDATE: exim-4.64
Hi, this updated the exim port to the new version 4.64. Could people using the exim port with various flavors test this and report any regression? The patch for src/pcre/pcre.c is being removed as the sourcefile does not exist anymore. thanks! felix Index: Makefile === RCS file: /src//ports/mail/exim/Makefile,v retrieving revision 1.57 diff -u -r1.57 Makefile --- Makefile9 Nov 2006 07:13:01 - 1.57 +++ Makefile24 Dec 2006 08:31:10 - @@ -1,8 +1,7 @@ # $OpenBSD: Makefile,v 1.57 2006/11/09 07:13:01 fkr Exp $ COMMENT= Flexible mail transfer agent -DISTNAME= exim-4.63 -PKGNAME= ${DISTNAME}p1 +DISTNAME= exim-4.64 CATEGORIES=mail MASTER_SITES= ftp://ftp.exim.org/pub/exim/exim4/ \ http://mirror.switch.ch/ftp/mirror/exim/exim/exim4/ \ Index: distinfo === RCS file: /src//ports/mail/exim/distinfo,v retrieving revision 1.9 diff -u -r1.9 distinfo --- distinfo13 Oct 2006 15:18:54 - 1.9 +++ distinfo22 Dec 2006 07:09:17 - @@ -1,4 +1,4 @@ -MD5 (exim-4.63.tar.gz) = 187b6f4242f869288fb4562df44d9c29 -RMD160 (exim-4.63.tar.gz) = 8c51efb20dab3787e5b0b8b2a196d5d879ed4843 -SHA1 (exim-4.63.tar.gz) = eb729a491ac315de805be4d59adc7a8854456fa9 -SIZE (exim-4.63.tar.gz) = 2066186 +MD5 (exim-4.64.tar.gz) = 65a0189ade98bed1989df2d006769332 +RMD160 (exim-4.64.tar.gz) = 026b376f9fcf99b219b72791d601eea043b5bfa2 +SHA1 (exim-4.64.tar.gz) = b8e3d995979cb3684ef37b7953c03fd7c5ec0d35 +SIZE (exim-4.64.tar.gz) = 2077268 Index: patches/patch-scripts_exim_install === RCS file: /src//ports/mail/exim/patches/patch-scripts_exim_install,v retrieving revision 1.6 diff -u -r1.6 patch-scripts_exim_install --- patches/patch-scripts_exim_install 13 Oct 2006 15:18:54 - 1.6 +++ patches/patch-scripts_exim_install 22 Dec 2006 07:13:00 - @@ -6,7 +6,7 @@ if [ $name = exim${EXE} ]; then -version=exim-`./exim -bV -C /dev/null | \ - awk '/Exim version/ { OFS=; print $3,-,substr($4,2,length($4)-1) }'`${EXE} -+version=exim-4.63 ++version=exim-4.64 if [ ${version} = exim-${EXE} ]; then echo $com Index: patches/patch-src_pcre_pcre_c === RCS file: patches/patch-src_pcre_pcre_c diff -N patches/patch-src_pcre_pcre_c --- patches/patch-src_pcre_pcre_c 15 Jan 2006 13:06:43 - 1.2 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,54 +0,0 @@ src/pcre/pcre.c.orig Mon Nov 28 11:57:32 2005 -+++ src/pcre/pcre.cTue Nov 29 11:57:24 2005 -@@ -1247,14 +1247,30 @@ - int min = 0; - int max = -1; - -+/* Read the minimum value and do a paranoid check: a negative value indicates -+an integer overflow. */ -+ - while ((digitab[*p] ctype_digit) != 0) min = min * 10 + *p++ - '0'; -+if (min 0 || min 65535) -+ { -+ *errorptr = ERR5; -+ return p; -+ } - -+/* Read the maximum value if there is one, and again do a paranoid on its size. -+Also, max must not be less than min. */ -+ - if (*p == '}') max = min; else - { - if (*(++p) != '}') - { - max = 0; - while((digitab[*p] ctype_digit) != 0) max = max * 10 + *p++ - '0'; -+if (max 0 || max 65535) -+ { -+ *errorptr = ERR5; -+ return p; -+ } - if (max min) - { - *errorptr = ERR4; -@@ -1263,16 +1279,11 @@ - } - } - --/* Do paranoid checks, then fill in the required variables, and pass back the --pointer to the terminating '}'. */ -+/* Fill in the required variables, and pass back the pointer to the terminating -+'}'. */ - --if (min 65535 || max 65535) -- *errorptr = ERR5; --else -- { -- *minp = min; -- *maxp = max; -- } -+*minp = min; -+*maxp = max; - return p; - } - Index: pkg/PLIST === RCS file: /src//ports/mail/exim/pkg/PLIST,v retrieving revision 1.18 diff -u -r1.18 PLIST --- pkg/PLIST 9 Nov 2006 07:13:01 - 1.18 +++ pkg/PLIST 24 Dec 2006 08:29:26 - @@ -5,7 +5,7 @@ bin/exigrep bin/exim @mode 4755 -bin/exim-4.63 +bin/exim-4.64 @mode bin/exim_checkaccess bin/exim_dbmbuild -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based Hosting/Solutions/Ideas
Re: UPDATE: mozilla-firefox-2
On Mon, Oct 30, 2006 at 04:28:16PM -0500, Ian Darwin wrote: This should be a good time to shorten the name of this port from mozilla-firefox to just firefox. yes, please. felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based hosting/solutions/ideas
Re: WANTED: new maintainer for Exim port
On Sat, Oct 28, 2006 at 07:59:58AM +0200, Andreas Vögele wrote: I don't have the time to maintain the Exim port and am looking for a new maintainer who would like to maintain the port. I'm tempted to step up for this and take it. I use exim a lot and maintain lots of installations of it on openbsd. So if noone else feels a bit urge to maintain this, I'd like to. felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based hosting/solutions/ideas
Re: UPDATE: www/mhonarc-2.6.16
On Sat, Jun 10, 2006 at 11:21:07AM +0200, Christian Rueger wrote: here ist an update to mhonarc-2.6.16, a Bugfix release. Tested on i386 works fine on macppc and sparc64 as well. Please test and commit that just happened. thanks for updating the port. felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based hosting/solutions/ideas
Re: security update: gnupg
On Mon, Feb 20, 2006 at 09:26:55AM +0100, steven mestdagh wrote: please test this today! reports from archs other than i386/amd64/sparc64 appreciated. [...] COMMENT= GNU privacy guard - a free PGP replacement -DISTNAME=gnupg-1.4.1 -PKGNAME= ${DISTNAME}p2 seems to work just fine on powerpc (macppc). felix -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE https://www.bytemine.net/ - bytemine - BSD based hosting/solutions/ideas pgpANryRM4Hk7.pgp Description: PGP signature
Re: NEW: sysutils/yawmppp
On Mon, Dec 26, 2005 at 02:52:34AM +0100, Marcus Glocker wrote: Felix Kronlage did already some successfull testing, setting up fresh ppp conections and monitored them. I don't have the ability to test ppp connections from here, so some more testing on the functionality of the application would be welcome. Couple of things I had to do in order to have yawwppp start connections for me. Of course the user needs to have the permissions to run pppd. Furthermore yawmppp offers the configuration option 'usepeerdns', which the OpenBSD pppd does not have, so the pppd complains about it. The attached modification of patch-src-gtksetup_applet.c patches the 'usepeerdns' option field away (I don't know jack about gtk, so don't know wether there is any nicer way besides janking it out). -fkr -- GPG/PGP: D9AC74D0 / 076E 1E87 3E05 1C7F B1A0 8A48 0D31 9BD3 D9AC 74D0 http://hazardous.org/~fkr - [EMAIL PROTECTED] - [EMAIL PROTECTED]|irc - FKR-RIPE --- src/gtksetup/applet.c.orig Sat Apr 21 20:29:33 2001 +++ src/gtksetup/applet.c Mon Dec 26 09:41:33 2005 @@ -465,23 +465,31 @@ if (selected_entry0) return; - strcpy(pref_entries[selected_entry].LongName, -gtk_entry_get_text(GTK_ENTRY(right_pane[0]))); - strcpy(pref_entries[selected_entry].ShortName, -gtk_entry_get_text(GTK_ENTRY(right_pane[1]))); - strcpy(pref_entries[selected_entry].Phone, -gtk_entry_get_text(GTK_ENTRY(right_pane[2]))); - strcpy(pref_entries[selected_entry].Device, -gtk_entry_get_text(GTK_ENTRY(right_pane[3]))); - strcpy(pref_entries[selected_entry].Username, -gtk_entry_get_text(GTK_ENTRY(right_pane[4]))); - strcpy(pref_entries[selected_entry].Password, -gtk_entry_get_text(GTK_ENTRY(right_pane[5]))); + strlcpy(pref_entries[selected_entry].LongName, +gtk_entry_get_text(GTK_ENTRY(right_pane[0])), +sizeof(pref_entries[selected_entry].LongName)); + strlcpy(pref_entries[selected_entry].ShortName, +gtk_entry_get_text(GTK_ENTRY(right_pane[1])), +sizeof(pref_entries[selected_entry].ShortName)); + strlcpy(pref_entries[selected_entry].Phone, +gtk_entry_get_text(GTK_ENTRY(right_pane[2])), +sizeof(pref_entries[selected_entry].Phone)); + strlcpy(pref_entries[selected_entry].Device, +gtk_entry_get_text(GTK_ENTRY(right_pane[3])), +sizeof(pref_entries[selected_entry].Device)); + strlcpy(pref_entries[selected_entry].Username, +gtk_entry_get_text(GTK_ENTRY(right_pane[4])), +sizeof(pref_entries[selected_entry].Username)); + strlcpy(pref_entries[selected_entry].Password, +gtk_entry_get_text(GTK_ENTRY(right_pane[5])), +sizeof(pref_entries[selected_entry].Password)); if (gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(right_pane[6]))) -strcpy(pref_entries[selected_entry].PulseDial,1); +strlcpy(pref_entries[selected_entry].PulseDial, 1, + sizeof(pref_entries[selected_entry].PulseDial)); else -strcpy(pref_entries[selected_entry].PulseDial,0); +strlcpy(pref_entries[selected_entry].PulseDial, 0, + sizeof(pref_entries[selected_entry].PulseDial)); } void @@ -491,7 +499,7 @@ int i; q=getenv(HOME); - sprintf(p,%s/.yawmppp2/yawmppprc,q); + snprintf(p, sizeof(p), %s/.yawmppp2/yawmppprc, q); isp_count=GetISPInfo(p,rc_entries[0],MAX_ISPS); read_ppp_options_from_rc(p); @@ -513,22 +521,22 @@ /* defaults if we need to jump out of the train */ memset(pii,0,sizeof(struct PREF_ISP_INFO)); - strcpy(pii-Device,/dev/modem); + strlcpy(pii-Device, /dev/modem, sizeof(pii-Device)); if ((p=getenv(USER))!=NULL) -strcpy(pii-Username,p); - strcpy(pii-ModemInit1,ATZ); - strcpy(pii-ModemInit2,ATM1L2); - strcpy(pii-PulseDial,0); - strcpy(pii-UserString,ogin:); - strcpy(pii-PassString,word:); - strcpy(pii-ModemSpeed,115200); +strlcpy(pii-Username, p, sizeof(pii-Username)); + strlcpy(pii-ModemInit1, ATZ, sizeof(pii-ModemInit1)); + strlcpy(pii-ModemInit2, ATM1L2, sizeof(pii-ModemInit2)); + strlcpy(pii-PulseDial, 0, sizeof(pii-PulseDial)); + strlcpy(pii-UserString, ogin:, sizeof(pii-UserString)); + strlcpy(pii-PassString, word:, sizeof(pii-PassString)); + strlcpy(pii-ModemSpeed, 115200, sizeof(pii-ModemSpeed)); pii-nExpectPairs=0; memcpy((pii-ppp),(wii-ppp),sizeof(struct ISP_PPP)); /* entry name */ - strcpy(pii-LongName,wii-LongName); - strcpy(pii-ShortName,wii-ShortName); + strlcpy(pii-LongName, wii-LongName, sizeof(pii-LongName)); + strlcpy(pii-ShortName, wii-ShortName, sizeof(pii-ShortName)); pii-nologin=wii-nologin; /* get device and chat script filename from Start file */ @@ -658,8 +666,9 @@ sizeof(struct PREF_ISP_INFO)); selected_entry=-1; clear_and_disable_right_pane(); - sprintf(tmp,copy of %s,pref_entries[isp_count].LongName); - strcpy(pref_entries[isp_count].LongName,tmp); + snprintf(tmp, sizeof(tmp), copy of %s, pref_entries[isp_count].LongName); + strlcpy(pref_entries[isp_count].LongName