Re: Split boringssl port to head and fips branches.
On Fri, Apr 28, 2023 at 05:46:03PM +0100, Stuart Henderson wrote:
> Haven't checked (I'm away for the weekend) but I don't think "+@conflict
> boringssl-2*" will work, it should follow packages-specs(7) syntax. Probably
> just "@conflict boringssl-*" or alternatively just call the package for head
> "boringssl" as before and don't bother with the @conflict or quirks just the
> @pkgpath.
>
> Would it be worth installing fips under a different dir/filenames so the two
> don't conflict?
>
Yes, the agreement is this is fine, which makes things much simpler
this keeps the head named boringssl-foo and makes fips named
boringssl-fips-foo
ok?
Index: Makefile
===
RCS file: /cvs/ports/security/boringssl/Makefile,v
retrieving revision 1.5
diff -u -p -u -p -r1.5 Makefile
--- Makefile26 Apr 2023 15:10:07 - 1.5
+++ Makefile28 Apr 2023 16:00:04 -
@@ -1,52 +1,5 @@
-NOT_FOR_ARCHS =${BE_ARCHS}
+SUBDIR =
+SUBDIR += fips
+SUBDIR += head
-COMMENT = fork of OpenSSL that is designed to meet Google's needs
-
-GH_ACCOUNT = google
-GH_PROJECT = boringssl
-GH_COMMIT =de2d610a341f5a4b8c222425890537cb84c91400
-DISTNAME = boringssl-20230425
-
-MASTER_SITES0 =https://proxy.golang.org/
-
-DISTFILES += ${GH_DISTFILE}
-# can't use GH_DISTFILE because EXTRACT_ONLY does not understand DISTFILES {}
-EXTRACT_ONLY = ${DISTNAME}-${GH_COMMIT:C/().*/\1/}${EXTRACT_SUFX}
-
-BORING_GOMOD +=golang.org/x/crypto v0.6.0
-BORING_GOMOD +=golang.org/x/netv0.7.0
-BORING_GOMOD +=golang.org/x/sysv0.5.0
-BORING_GOMOD +=golang.org/x/term v0.5.0
-
-.for _modpath _modver in ${BORING_GOMOD}
-DISTFILES += go_modules/{}${_modpath}/@v/${_modver}.zip:0
-DISTFILES += go_modules/{}${_modpath}/@v/${_modver}.mod:0
-.endfor
-
-CATEGORIES = security
-
-MAINTAINER = Bob Beck , \
- Theo Buehler
-
-# ISC
-PERMIT_PACKAGE = Yes
-
-WANTLIB += ${COMPILER_LIBCXX} c m
-
-# C++14
-COMPILER = base-clang ports-gcc
-
-MODULES = devel/cmake
-CONFIGURE_ARGS += -DCMAKE_INSTALL_PREFIX=${PREFIX}/eboringssl
-
-BUILD_DEPENDS =lang/go
-
-PORTHOME = ${WRKDIR}
-TEST_ENV = GOPROXY=file://${FULLDISTDIR}/go_modules
-
-FIX_CLEANUP_PERMISSIONS = Yes
-
-do-test:
- ${SETENV} ${ALL_TEST_ENV} ninja -C ${WRKBUILD} -j ${MAKE_JOBS} run_tests
-
-.include
+.include
Index: distinfo
===
RCS file: distinfo
diff -N distinfo
--- distinfo26 Apr 2023 14:55:23 - 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,18 +0,0 @@
-SHA256 (boringssl-20230425-de2d610a.tar.gz) =
2Bu5eOgBxqNUcTDevIpOjPGgJ/GBatu1ZtbVDTCDppQ=
-SHA256 (go_modules/golang.org/x/crypto/@v/v0.6.0.mod) =
G2poNFWjuIK2rFPyJ1KWDoe9kQQKlNbyxcthJh4jidg=
-SHA256 (go_modules/golang.org/x/crypto/@v/v0.6.0.zip) =
gcqIrzcc/1qERCuijiPY9CzME4fI/hUuVeh7pK+eGsc=
-SHA256 (go_modules/golang.org/x/net/@v/v0.7.0.mod) =
Qex26iFy8+4wMeOPmlNZOaWE1rs170gIVP3LjCAmcBs=
-SHA256 (go_modules/golang.org/x/net/@v/v0.7.0.zip) =
BgVSBkUmqQrJsL3OK6CrNFkt7MlCjRRBw8lyL4U80pA=
-SHA256 (go_modules/golang.org/x/sys/@v/v0.5.0.mod) =
8DMzMJb+GY8xUd7tk/LeunTlC7/nc5E0BFvDt85KUCQ=
-SHA256 (go_modules/golang.org/x/sys/@v/v0.5.0.zip) =
z0czasG/Z1+m1t1axTmbAUPFE0BMRJ+j8zgKWBI8eQg=
-SHA256 (go_modules/golang.org/x/term/@v/v0.5.0.mod) =
DW9YIoqtwaZSjmdV2gGFFlZuOuXFIB963hdz9W+o2TQ=
-SHA256 (go_modules/golang.org/x/term/@v/v0.5.0.zip) =
fYnEmrQTBpUBKKD0t8Z/uOLS9jfs6OAk5s840XozGTs=
-SIZE (boringssl-20230425-de2d610a.tar.gz) = 32281549
-SIZE (go_modules/golang.org/x/crypto/@v/v0.6.0.mod) = 171
-SIZE (go_modules/golang.org/x/crypto/@v/v0.6.0.zip) = 1761232
-SIZE (go_modules/golang.org/x/net/@v/v0.7.0.mod) = 123
-SIZE (go_modules/golang.org/x/net/@v/v0.7.0.zip) = 1559354
-SIZE (go_modules/golang.org/x/sys/@v/v0.5.0.mod) = 33
-SIZE (go_modules/golang.org/x/sys/@v/v0.5.0.zip) = 1886681
-SIZE (go_modules/golang.org/x/term/@v/v0.5.0.mod) = 67
-SIZE (go_modules/golang.org/x/term/@v/v0.5.0.zip) = 19924
Index: fips/Makefile
===
RCS file: fips/Makefile
diff -N fips/Makefile
--- /dev/null 1 Jan 1970 00:00:00 -
+++ fips/Makefile 28 Apr 2023 16:59:05 -
@@ -0,0 +1,31 @@
+NOT_FOR_ARCHS =${BE_ARCHS}
+
+COMMENT = fork of OpenSSL that is designed to meet Google's needs
+
+GH_ACCOUNT = google
+GH_PROJECT = boringssl
+GH_COMMIT =0c6f40132b828e92ba365c6b7680e32820c63fa7
+DISTNAME = boringssl-fips-20220613
+
+CATEGORIES = security
+
+MAINTAINER = Bob Beck , \
+ Theo Buehler
+
+# ISC
+PERMIT_PACKAGE = Yes
+
+WANTLIB += ${COMPILER_LIBCXX} c m
+
+# C++14
+COMPILER = base-clang ports-
Split boringssl port to head and fips branches.
This splits the existing boringssl port into two branches, one
for the head (the existing port) and a new port for the FIPS
certified branch of boringssl.
ok?
Index: devel/quirks/Makefile
===
RCS file: /cvs/ports/devel/quirks/Makefile,v
retrieving revision 1.1508
diff -u -p -u -p -r1.1508 Makefile
--- devel/quirks/Makefile 22 Apr 2023 16:33:54 - 1.1508
+++ devel/quirks/Makefile 28 Apr 2023 15:29:28 -
@@ -3,7 +3,7 @@ CATEGORIES =devel databases
DISTFILES =
# API.rev
-PKGNAME = quirks-6.124
+PKGNAME = quirks-6.125
PKG_ARCH = *
MAINTAINER = Marc Espie
Index: devel/quirks/files/Quirks.pm
===
RCS file: /cvs/ports/devel/quirks/files/Quirks.pm,v
retrieving revision 1.1519
diff -u -p -u -p -r1.1519 Quirks.pm
--- devel/quirks/files/Quirks.pm22 Apr 2023 16:33:54 - 1.1519
+++ devel/quirks/files/Quirks.pm28 Apr 2023 15:30:35 -
@@ -778,6 +778,7 @@ my $stem_extensions = {
# 7.4
'aarch64-none-elf-gcc-linaro' => 'aarch64-none-elf-gcc',
'arm-none-eabi-gcc-linaro' => 'arm-none-eabi-gcc',
+ 'boringssl' => 'boringssl-head',
};
my $obsolete_reason = {};
Index: security/boringssl/Makefile
===
RCS file: /cvs/ports/security/boringssl/Makefile,v
retrieving revision 1.5
diff -u -p -u -p -r1.5 Makefile
--- security/boringssl/Makefile 26 Apr 2023 15:10:07 - 1.5
+++ security/boringssl/Makefile 28 Apr 2023 16:00:04 -
@@ -1,52 +1,5 @@
-NOT_FOR_ARCHS =${BE_ARCHS}
+SUBDIR =
+SUBDIR += fips
+SUBDIR += head
-COMMENT = fork of OpenSSL that is designed to meet Google's needs
-
-GH_ACCOUNT = google
-GH_PROJECT = boringssl
-GH_COMMIT =de2d610a341f5a4b8c222425890537cb84c91400
-DISTNAME = boringssl-20230425
-
-MASTER_SITES0 =https://proxy.golang.org/
-
-DISTFILES += ${GH_DISTFILE}
-# can't use GH_DISTFILE because EXTRACT_ONLY does not understand DISTFILES {}
-EXTRACT_ONLY = ${DISTNAME}-${GH_COMMIT:C/().*/\1/}${EXTRACT_SUFX}
-
-BORING_GOMOD +=golang.org/x/crypto v0.6.0
-BORING_GOMOD +=golang.org/x/netv0.7.0
-BORING_GOMOD +=golang.org/x/sysv0.5.0
-BORING_GOMOD +=golang.org/x/term v0.5.0
-
-.for _modpath _modver in ${BORING_GOMOD}
-DISTFILES += go_modules/{}${_modpath}/@v/${_modver}.zip:0
-DISTFILES += go_modules/{}${_modpath}/@v/${_modver}.mod:0
-.endfor
-
-CATEGORIES = security
-
-MAINTAINER = Bob Beck , \
- Theo Buehler
-
-# ISC
-PERMIT_PACKAGE = Yes
-
-WANTLIB += ${COMPILER_LIBCXX} c m
-
-# C++14
-COMPILER = base-clang ports-gcc
-
-MODULES = devel/cmake
-CONFIGURE_ARGS += -DCMAKE_INSTALL_PREFIX=${PREFIX}/eboringssl
-
-BUILD_DEPENDS =lang/go
-
-PORTHOME = ${WRKDIR}
-TEST_ENV = GOPROXY=file://${FULLDISTDIR}/go_modules
-
-FIX_CLEANUP_PERMISSIONS = Yes
-
-do-test:
- ${SETENV} ${ALL_TEST_ENV} ninja -C ${WRKBUILD} -j ${MAKE_JOBS} run_tests
-
-.include
+.include
Index: security/boringssl/distinfo
===
RCS file: security/boringssl/distinfo
diff -N security/boringssl/distinfo
--- security/boringssl/distinfo 26 Apr 2023 14:55:23 - 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,18 +0,0 @@
-SHA256 (boringssl-20230425-de2d610a.tar.gz) =
2Bu5eOgBxqNUcTDevIpOjPGgJ/GBatu1ZtbVDTCDppQ=
-SHA256 (go_modules/golang.org/x/crypto/@v/v0.6.0.mod) =
G2poNFWjuIK2rFPyJ1KWDoe9kQQKlNbyxcthJh4jidg=
-SHA256 (go_modules/golang.org/x/crypto/@v/v0.6.0.zip) =
gcqIrzcc/1qERCuijiPY9CzME4fI/hUuVeh7pK+eGsc=
-SHA256 (go_modules/golang.org/x/net/@v/v0.7.0.mod) =
Qex26iFy8+4wMeOPmlNZOaWE1rs170gIVP3LjCAmcBs=
-SHA256 (go_modules/golang.org/x/net/@v/v0.7.0.zip) =
BgVSBkUmqQrJsL3OK6CrNFkt7MlCjRRBw8lyL4U80pA=
-SHA256 (go_modules/golang.org/x/sys/@v/v0.5.0.mod) =
8DMzMJb+GY8xUd7tk/LeunTlC7/nc5E0BFvDt85KUCQ=
-SHA256 (go_modules/golang.org/x/sys/@v/v0.5.0.zip) =
z0czasG/Z1+m1t1axTmbAUPFE0BMRJ+j8zgKWBI8eQg=
-SHA256 (go_modules/golang.org/x/term/@v/v0.5.0.mod) =
DW9YIoqtwaZSjmdV2gGFFlZuOuXFIB963hdz9W+o2TQ=
-SHA256 (go_modules/golang.org/x/term/@v/v0.5.0.zip) =
fYnEmrQTBpUBKKD0t8Z/uOLS9jfs6OAk5s840XozGTs=
-SIZE (boringssl-20230425-de2d610a.tar.gz) = 32281549
-SIZE (go_modules/golang.org/x/crypto/@v/v0.6.0.mod) = 171
-SIZE (go_modules/golang.org/x/crypto/@v/v0.6.0.zip) = 1761232
-SIZE (go_modules/golang.org/x/net/@v/v0.7.0.mod) = 123
-SIZE (go_modules/golang.org/x/net/@v/v0.7.0.zip) = 1559354
-SIZE (go_modules/golang.org/x/sys/@v/v0.5.0.mod) = 33
-SIZE (go_modules/golang.org/x/sys/@v/v0.5.0.zip) = 1886681
-SIZE (go_modules/golang.org/x/term/@v/v0.5.0.mod) = 67
-SIZE (go_modules/g
New port security/boringssl
New port for boringssl - kn@ and tb@ and I have built I got a working test target in non-privsep mode but it fetches go bits from the internet - kn@ indicated he would prefer to send this withoug tests, and we can fix in tree. OK? -Bob boringssl.tgz Description: application/tar-gz
Re: mutt fetch-mail ssl error
Bah. you're right - I accidentally left partial-chains=yes in my .muttrc-test On Sun, Jun 26, 2022 at 06:15:35AM +0200, Theo Buehler wrote: > On Sat, Jun 25, 2022 at 04:08:06PM -0600, Bob Beck wrote: > > > > this fixes mutt. > > Doesn't look like it. I still run into the same problem.
Re: mutt fetch-mail ssl error
this fixes mutt. The problem is we need num_untrusted set correctly, it is normally set in the set_xsc_chain call (which is called from a number of places) but in this case we need to have it set before we can call that. So just hoist the correct logic before the call to x509_vfy_check_trust It will also get duplicated in set_xsc_chain which is harmless. ok? Index: x509/x509_verify.c === RCS file: /cvs/src/lib/libcrypto/x509/x509_verify.c,v retrieving revision 1.56 diff -u -p -u -p -r1.56 x509_verify.c --- x509/x509_verify.c 25 Jun 2022 20:01:43 - 1.56 +++ x509/x509_verify.c 25 Jun 2022 21:59:09 - @@ -392,6 +392,9 @@ x509_verify_ctx_validate_legacy_chain(st /* These may be set in one of the following calls. */ ctx->xsc->error = X509_V_OK; ctx->xsc->error_depth = 0; + ctx->xsc->num_untrusted = sk_X509_num(chain->certs); + if (ctx->xsc->num_untrusted > 0) + ctx->xsc->num_untrusted--; trust = x509_vfy_check_trust(ctx->xsc); if (trust == X509_TRUST_REJECTED) On Wed, Jun 01, 2022 at 02:56:48PM +0200, Theo Buehler wrote: > On Tue, May 31, 2022 at 03:00:48PM +0100, Stuart Henderson wrote: > > I've been able to replicate this now, but I'm not seeing any recent > > change in behaviour, I've tried with mutt versions going back to 2.0.7 > > with the libressl version in 7.1, and on 7.0 with the current version > > of mutt in packages for release, and they all behave the same. > > > > It's not specific to any particular mail server but requires > > ssl_usesystemcerts=no. > > > > Avon: to workaround your problem, remove "set ssl_usesystemcerts=no", > > it will then validate against /etc/ssl/cert.pem and avoid asking you > > each time. But I don't see what could have changed recently that is > > triggering it. > > > > Test case: > > > > $ cat .muttrc-test > > set certificate_file="~/.mutt_test_certificates" > > set pop_host="pops://test_libressl_is...@mail.spacehopper.org:995" > > set ssl_usesystemcerts=no > > > > $ rm .mutt_test_certificates > > $ mutt -F .muttrc-test > > > > > > > > ^C, exit > > repeat trying to fetch mail > > > > With the "ssl_usesystermcerts=no" config, I would expect that mutt would > > need to save all of (server, intermediate, CA) certificates to its cert > > file, in order that it can verify in future. > > > > What actually happens is the server certificate is saved, not the CA > > or intermediate certificate, and *somehow* the validation succeeds if you > > append _any_ self-signed certificate (e.g. tail -25 /etc/ssl/cert.pem >> > > .mutt_test_certificates). > > > > Not sure if this is a Mutt problem or a LibreSSL one. I haven't compared > > with a build done against OpenSSL rather than LibreSSL yet (the only > > other install I have handy right now is Debian and their Mutt packages > > use gnutls instead which don't support setting ssl_usesystemcerts at all). > > It seems to be another issue with the new verifier. I cannot reproduce > with mutt linked against eopenssl11 and I cannot reproduce with the > legacy verifier. > > x509_verify_ctx_validate_legacy_chain() fails because PARTIAL_CHAIN > isn't set and trust is X509_TRUST_UNTRUSTED. > > The connection works with the new verifier if the above muttrc is > extended with 'set ssl_verify_partial_chains=yes'.
Re: new x509 chain verifier breaks behaviour of security/lastpass-cli
Let me have a look :) On Mon, Sep 21, 2020 at 04:34:16PM +0200, Bjorn Ketelaars wrote: > Behaviour of security/lastpass-cli changed on current (OpenBSD 6.8-beta > (GENERIC.MP) #69: Tue Sep 15 12:34:41 MDT 2020). Attempting to login to > a lastpass account results in a SSL connect error. Expected behaviour is > that lpass asks for a password. > > $ lpass login user > Error: SSL connect error. > > A bit more info: > > $ LPASS_LOG_LEVEL=8 lpass login user; cat ~/.lpass/lpass.log > Error: SSL connect error. > <7> [1600697212.073792] Making request to > https://lastpass.com/iterations.php > Trying 104.98.132.96:443... > * Connected to lastpass.com (104.98.132.96) port 443 (#0) > * ALPN, offering h2 > * ALPN, offering http/1.1 > * successfully set certificate verify locations: > * CAfile: /etc/ssl/cert.pem > CApath: none > * error:1404B418:SSL routines:ST_CONNECT:tlsv1 alert unknown ca > * Closing connection 0 > > > After a bit of bisecting I found that the change in behaviour is caused > by a recent change in lib/libcrypto/x509/x509_vpm.c (r1.22). Log > message: "re-enable new x509 chain verifier as the default". Reverting > this commit fixes the above, thus enabling me to login to lastpass again. > > Is the change in behaviour of the new x509 chain verifier intended? > > Instead of reverting lib/libcrypto/x509/x509_vpm.c to r1.21 there is a > workaround: Addition of the certificate pin of lastpass.com to > lastpass-cli's pins list > (https://github.com/lastpass/lastpass-cli/blob/master/pins.h). I have a > diff but I'm not sure if this is a sane solution. Does it make sense to > patch lastpass-cli?
Upcoming General Hackathon, May 7 to 14 in Ottawa - ADD YOURSELF TO ~deraadt/hackathons/g2k19 please! :
The upcoming General hackaton is happining in May in Ottawa, If you hack ports, or base, doesn't matter, all are welcome and more than encouraged to attend. and having lots of diverse developers there at the general hackathon is a wonderful thing. The hackathon is at the university of ottawa with accomodation provided (basically you get a room in a two bedroom "apartement" with shared kitchen and bathroom, with one other developer. If you haven't been before, I encourage you to consider coming. Ottawa is a nice place and the location is easily walkable to many neat things including Canada's centre of government, tons of museums and the ottawa river trails and rideau canal. IMPORTANT!!! -> Even if you are not certain you can come, if you are considering it, please log on to cvs.openbsd.org *this week* before MARCH 7 and ADD YOUR NAME to the bottom of the file ~deraadt/hackathons/g2k19 An important date to reduce our costs on room reservations is coming up, and while I will ensure rooms are available for "last minute" attendees, knowing that you may be considering it EVEN IF YOU MIGHT NOT MAKE IT is very important at this stage. Please go add your name to the file, and I hope to see you all in ottawa -Bob
UPDATE: Jenkins Security Advisory 2018-02-14
Tested stable on 6.2 + patches, tested devel on recent current snapshot.
Index: devel/Makefile
===
RCS file: /cvs/ports/devel/jenkins/devel/Makefile,v
retrieving revision 1.25
diff -u -p -p -r1.25 Makefile
--- devel/Makefile 24 Dec 2017 10:35:22 - 1.25
+++ devel/Makefile 15 Feb 2018 19:44:51 -
@@ -1,6 +1,6 @@
# $OpenBSD: Makefile,v 1.25 2017/12/24 10:35:22 jasper Exp $
-VERSION = 2.97
+VERSION = 2.107
MASTER_SITES = http://mirrors.jenkins-ci.org/war/${VERSION}/
DIST_SUBDIR = jenkins-devel
Index: devel/distinfo
===
RCS file: /cvs/ports/devel/jenkins/devel/distinfo,v
retrieving revision 1.14
diff -u -p -p -r1.14 distinfo
--- devel/distinfo 24 Dec 2017 10:35:22 - 1.14
+++ devel/distinfo 15 Feb 2018 19:44:51 -
@@ -1,2 +1,2 @@
-SHA256 (jenkins/2.97/jenkins.war) =
FzyucSssY9u7wfXTBi/54E31oPhmC16C+HyxR7Nozuk=
-SIZE (jenkins/2.97/jenkins.war) = 74297213
+SHA256 (jenkins/2.107/jenkins.war) =
StBzXmBc7GdbAIQUyHVC3do2tAK6Gar0eFw9slK3CbY=
+SIZE (jenkins/2.107/jenkins.war) = 74518540
Index: stable/Makefile
===
RCS file: /cvs/ports/devel/jenkins/stable/Makefile,v
retrieving revision 1.24
diff -u -p -p -r1.24 Makefile
--- stable/Makefile 24 Dec 2017 10:35:22 - 1.24
+++ stable/Makefile 15 Feb 2018 19:44:51 -
@@ -1,6 +1,6 @@
# $OpenBSD: Makefile,v 1.24 2017/12/24 10:35:22 jasper Exp $
-VERSION = 2.89.2
+VERSION = 2.89.4
MASTER_SITES = http://mirrors.jenkins-ci.org/war-stable/${VERSION}/
DIST_SUBDIR = jenkins-stable
Index: stable/distinfo
===
RCS file: /cvs/ports/devel/jenkins/stable/distinfo,v
retrieving revision 1.13
diff -u -p -p -r1.13 distinfo
--- stable/distinfo 24 Dec 2017 10:35:22 - 1.13
+++ stable/distinfo 15 Feb 2018 19:44:51 -
@@ -1,2 +1,2 @@
-SHA256 (jenkins/2.89.2/jenkins.war) =
AU9mnzK8bpJekm4mBQNnCzJmLwBnmbEzoDGnCnlMihQ=
-SIZE (jenkins/2.89.2/jenkins.war) = 74294776
+SHA256 (jenkins/2.89.4/jenkins.war) =
HYk6ow5JoxMOT5AmgETa+zT3wytXOXDyrMqMLIIfm1M=
+SIZE (jenkins/2.89.4/jenkins.war) = 74297875
UPDATE: Jenkins retry
Using mutt this time to send the diff. Sorry about the last one.
Index: devel/Makefile
===
RCS file: /cvs/ports/devel/jenkins/devel/Makefile,v
retrieving revision 1.24
diff -u -p -p -r1.24 Makefile
--- devel/Makefile 14 Aug 2017 15:59:55 - 1.24
+++ devel/Makefile 14 Dec 2017 21:25:05 -
@@ -1,6 +1,6 @@
# $OpenBSD: Makefile,v 1.24 2017/08/14 15:59:55 ian Exp $
-VERSION = 2.73
+VERSION = 2.95
MASTER_SITES = http://mirrors.jenkins-ci.org/war/${VERSION}/
DIST_SUBDIR = jenkins-devel
Index: devel/distinfo
===
RCS file: /cvs/ports/devel/jenkins/devel/distinfo,v
retrieving revision 1.13
diff -u -p -p -r1.13 distinfo
--- devel/distinfo 14 Aug 2017 15:59:55 - 1.13
+++ devel/distinfo 14 Dec 2017 21:25:05 -
@@ -1,2 +1,2 @@
-SHA256 (jenkins/2.73/jenkins.war) =
aNthPzA7I3R1i1YkSOHVcfs8fJiqL23gqlQP9eUWOOE=
-SIZE (jenkins/2.73/jenkins.war) = 72966572
+SHA256 (jenkins/2.95/jenkins.war) =
Gwq5wGEzEXqSD+CSiqZCxZY04+pH+VAHPHrhMnXX9SI=
+SIZE (jenkins/2.95/jenkins.war) = 74275142
Index: stable/Makefile
===
RCS file: /cvs/ports/devel/jenkins/stable/Makefile,v
retrieving revision 1.23
diff -u -p -p -r1.23 Makefile
--- stable/Makefile 14 Aug 2017 15:59:55 - 1.23
+++ stable/Makefile 14 Dec 2017 21:25:05 -
@@ -1,6 +1,6 @@
# $OpenBSD: Makefile,v 1.23 2017/08/14 15:59:55 ian Exp $
-VERSION = 2.60.2
+VERSION = 2.89.2
MASTER_SITES = http://mirrors.jenkins-ci.org/war-stable/${VERSION}/
DIST_SUBDIR = jenkins-stable
Index: stable/distinfo
===
RCS file: /cvs/ports/devel/jenkins/stable/distinfo,v
retrieving revision 1.12
diff -u -p -p -r1.12 distinfo
--- stable/distinfo 14 Aug 2017 15:59:55 - 1.12
+++ stable/distinfo 14 Dec 2017 21:25:05 -
@@ -1,2 +1,2 @@
-SHA256 (jenkins/2.60.2/jenkins.war) =
FNB4jYm+gpWKRpZd4DmlWBP5cnvU0Fktx3kFl2SDupU=
-SIZE (jenkins/2.60.2/jenkins.war) = 70613578
+SHA256 (jenkins/2.89.2/jenkins.war) =
AU9mnzK8bpJekm4mBQNnCzJmLwBnmbEzoDGnCnlMihQ=
+SIZE (jenkins/2.89.2/jenkins.war) = 74294776
nevermind, I'm dumb
derp
This is pretty evil behaviour.
pkg_add -ui
You should also check /etc/cvsyncd.conf (which was modified)
# more /etc/cvsync.conf
# $OpenBSD: cvsync.conf,v 1.1 2013/08/29 14:28:13 naddy Exp $
#
# Fetch the OpenBSD CVS repository.
#
config {
# for a list of available servers, see
# http://www.openbsd.org/cvsync.html#CVSROOT
hostname cvsync.example.org
base-prefix /cvs
compress
# the whole repository
collection {
name openbsd release rcs
scanfile /var/cache/cvsync/openbsd
}
# # alternatively, fetch only selected parts
# collection {
# name openbsd-cvsroot release rcs
# }
# collection {
# name openbsd-ports release rcs
# }
# collection {
# name openbsd-src release rcs
# }
# collection {
# name openbsd-www release rcs
# }
# collection {
# name openbsd-xenocara release rcs
# }
#
# # the X11 and XF4 trees are of historical interest only
# collection {
# name openbsd-x11 release rcs
# }
# collection {
# name openbsd-xf4 release rcs
# }
}
I contend modifying something to turn it into an idiot example
is wrong behaviour
Re: OpenBSD install busticated 'cuz ftp.openbsd.org
Oh I'm sure it was a conscious decision, just would have been nice to make a symlink or keep the old one so shit doesn't stop working randomly ;) On Sat, Oct 8, 2016 at 1:44 PM, Landry Breuil wrote: > On Sat, Oct 08, 2016 at 01:28:49PM -0600, Bob Beck wrote: > > > > Looks like ports moved a file "GeoIPLiteCity" to be named "GeoIPCity" > and broke > > everything when I updated packages on the box. Once I found it and > renamed > > what it was asking for, it works again. > > http://marc.info/?l=openbsd-ports-cvs&m=147228916122499&w=2 > http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/GeoIP/ > pkg/PLIST-city.diff?r1=1.1&r2=1.2&f=h > > Landry > >
Re: OpenBSD install busticated 'cuz ftp.openbsd.org
Looks like ports moved a file "GeoIPLiteCity" to be named "GeoIPCity" and broke everything when I updated packages on the box. Once I found it and renamed what it was asking for, it works again. On Sat, Oct 08, 2016 at 01:15:42PM -0600, Bob Beck wrote: > > "confirmed with kettenis and deraadt" and yet you're not giving me any more > details > than "something is busticated" - what the hell did you do to "confirm" it? :) > > What's it doing when you hit it? > > > On Sat, Oct 08, 2016 at 05:12:22PM +, Kenneth Westerback wrote: > > Something is amiss with ftp.openbsd.org supplying the expected list of > > servers for http installs. Confirmed with kettenis@ and deraadt@. > > > > Ken
Re: libressl compatibility testing under gentoo
Hi, thanks for the note. I know a number of those issues have fixes pending upstream, many of them are due to checking of version number stuff that we really can't continue to support. - if we "pretend" to be OpenSSL we will cause more problems than we solve by getting software to test for LibreSSL, or not try to use the "version number" as any kind of indicator of features. OpenSSH is I believe easiest solved as hanno noted by using arc4random from libressl's libcrypto - at least until OpenSSH releases a portable that will likely do the same (I expect they will simply check for arc4random existing in both libc and libcrypto, and if it is there, don't provide it, but I don't speak for the OpenSSH portable guys. You might want to check with the OpenBSD ports folks (ports@openbsd.org) who may have patches that have headed upstream for a lot of your build issues (as we have seen the same. ) On Sun, Jul 13, 2014 at 5:42 PM, hasufell wrote: > Just wanted to let you know that we are currently running some tests, > the results are here and are incomplete ofc: > > https://github.com/gentoo/libressl/wiki > > openssh and wget are probably the most important failures which could be > fixed by some dirty? hacks. > > Then there are a lot of 'undefined reference to RAND_egd' related failures. > > Further references (which you might already know about): > https://blog.hboeck.de/archives/851-LibreSSL-on-Gentoo.html > https://devsonacid.wordpress.com/2014/07/12/how-compatible-is-libressl/ > > will keep testing
Re: cvsync issues
Please assist in that if you can Masao. Thanks -Bob On Mon, Jun 23, 2014 at 9:01 AM, Masao Uebayashi wrote: > The cvsync author (MAEKAWA Masahide) is curious about the problems. Please > don't hesitate to ask (complain) him. > > Masao
cvsync issues
Anyone care to have a peek at the cvsync port and and try to fix the client for commitid? ---8<--- beck: I got getentropy_linux.c but ld.so/malloc.c is still at 1.1 (cv\ sync against anoncvs1.ca) same here with cvsync-0.24.19p3 smae pattern. new files no problem, but commits after that don't get thr\ ough (my cvsync runs on a slow machine and is not done yet) balls ok so someone needs to fix the cvsync client. I will test any diff someone wants to whack on it the file does appear to be in the scanfile, so I think this is client end --- essentially it looks like if a file is committed with a commitid, and then gets a later commit with a commitid, it is not getting picked up by the client. I regen'ed the scanfiles on the master and the file seems to appear in there as near as I can tell. We kinda need a fix for this badly. I'm really not the person to do it but I will help anyone test. -Bob
CVS down for a bit. Air Conditioning and Dust issues.
CVS is down for a bit until the AC issues are sorted out. If you have other machines (ports) you should make sure they're off too. The AC guy is coming and then people on site may selectively turn on machines at some point after it is good again. -Bob
sysutils/fsstress
I'd like to commit this. I promise I'll take care of it and feed it. Peter had a peek on icb. fsstress.tgz Description: GNU Zip compressed data
Re: theos house reboot
Note: Nayden has somewhere to be tonight.
He will be at the house tomorrow morning, so please email
him what you need using. Particularly you ports folks - so you can
start churning again. I'll be pestering you in the morning again but
please check your stuff and give Nayden as descriptive an email as you
can about what you need brought up.
Thanks
-Bob
* nayden [2009-08-01 22:17]:
> hi all,
>
> there was a storm in calgary that wiped the power in parts of the city
> for a quite a while. we were also affected -- theo's house was
> without electricity for 40 min. to keep the temperature down I
> powered off Everything. Power is back and so are pf and cvs. If you
> need to use any other machine, please email me personally and I will
> power it up for you.
>
--
#!/usr/bin/perl
if ((not 0 && not 1) != (! 0 && ! 1)) {
print "Larry and Tom must smoke some really primo stuff...\n";
}
[jse...@hydro.mb.ca: change list for OpenBSD 4.2+ packages]
This does kind of show that nobody has been doing anything with
pkg-stable.
I have been mirroring those relevant directories since the 4.1 days
when it
was decided with pval and naddy I believe to use that mechanism, nothing since
then
has shown up in those.
Do you guys have the intention of updating packages ever? or not?
-Bob
- Forwarded message from "Sethi, Jay" -
Return-Path:
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on bofh.cns.ualberta.ca
X-Spam-Level:
X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00,RCVD_IN_DNSWL_MED
autolearn=ham version=3.2.5
Received: from mail1.srv.ualberta.ca (smtp.srv.ualberta.ca [129.128.5.19])
by bofh.cns.ualberta.ca (8.14.3/8.14.0) with ESMTP id n6MNA8Pu020679
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)
for ; Wed, 22 Jul 2009 17:10:08 -0600 (MDT)
Received: (from procm...@localhost)
by mail1.srv.ualberta.ca (8.13.8/8.13.8) id n6MNA3hX024256;
Wed, 22 Jul 2009 17:10:03 -0600 (MDT)
Received: from cvs.openbsd.org (cvs.openbsd.org [199.185.137.3])
by mail1.srv.ualberta.ca (8.13.8/8.13.8) with ESMTP id n6MN9usZ017770
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
for ; Wed, 22 Jul 2009 17:09:57 -0600 (MDT)
Received: from shear.ucar.edu (lists.openbsd.org [192.43.244.163])
by cvs.openbsd.org (8.14.3/8.12.1) with ESMTP id n6MN9r6T001216;
Wed, 22 Jul 2009 17:09:54 -0600 (MDT)
Received: from openbsd.org (localhost.ucar.edu [127.0.0.1])
by shear.ucar.edu (8.14.3/8.14.3) with ESMTP id n6MN9itP024168;
Wed, 22 Jul 2009 17:09:44 -0600 (MDT)
Received: from msg-vfilter-02.hydro.mb.ca (mailserver.hydro.mb.ca
[142.16.22.18])
by shear.ucar.edu (8.14.3/8.14.3) with ESMTP id n6MN9B2E005923
for ; Wed, 22 Jul 2009 17:09:12 -0600 (MDT)
Received: from MHMAIL03.hydro.mb.ca ([142.16.7.241])
by MSG-BRIDGE-01.hydro.mb.ca with Microsoft SMTPSVC(6.0.3790.1830);
Wed, 22 Jul 2009 11:39:22 -0500
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: change list for OpenBSD 4.2+ packages
Date: Wed, 22 Jul 2009 11:39:20 -0500
Message-ID: <18906312982ca344bad7c2c21b4997df05b20...@mhmail03.hydro.mb.ca>
X-MS-Has-Attach:
Thread-Topic: change list for OpenBSD 4.2+ packages
Thread-Index: AcoK6vZ6Hx2h/hzXQ4yqWZ3gBM/gdQ==
From: "Sethi, Jay"
To: w...@openbsd.org
X-OriginalArrivalTime: 22 Jul 2009 16:39:22.0087 (UTC)
FILETIME=[F7491F70:01CA0AEA]
X-Converted-To-Plain-Text: from multipart/alternative by demime 1.01d
X-Converted-To-Plain-Text: Alternative section used was text/plain
X-Loop: w...@openbsd.org
Precedence: list
Sender: owner-...@openbsd.org
Hi OpenBSD Team!
I got myself a little turned around on your web site, and could not find
the latest change list for OpenBSD packages. Checking for package
errata, I first went to the errata and patch page for a newer version of
OpenBSD:
http://www.openbsd.org/errata42.html
I then followed the link "For important packages updates, please refer
here. <http://www.openbsd.org/pkg-stable.html> "
This brought me to the following site:
http://www.openbsd.org/pkg-stable.html
The site is titled "This is an abbreviated change list for OpenBSD
4.1-stable packages", and there doesn't seem to be a site for OpenBSD
4.2, 4.3, 4.4 or 4.5.
Am I helping by pointing out a missing link? Or Is the package errata
actually summarized somewhere else?
Thank-you for your time!
Jay Sethi
Manitoba Hydro
(204) 487-5443
- End forwarded message -
--
#!/usr/bin/perl
if ((not 0 && not 1) != (! 0 && ! 1)) {
print "Larry and Tom must smoke some really primo stuff...\n";
}
Pdf printing in mozilla is utterly fucked.
It seems that someone has changed something so mozilla (4.5 - 3.0.6) comes up by default with the printing option "Ignore Scaling and Shrink to fit page width" on by default - always. This means that any pdf you save with small type on it ends up with nothing there. (for example, airline tickets!) it's completely fucked up. Please fix it so this option is *not* on by default so you can actually save things as pdfs -Bob
Re: ports/audio/mpd - shuffle sucks moose balls - this fixes it.
* Stuart Henderson [2009-04-09 14:08]: > On 2009/04/08 19:10, Bob Beck wrote: > > > > well,I would have happily submitted it if their make a login > > thing worked, but it doesn't seem to. > > > > Anyway, I only care about committing it here. :) anyone done > > that yet? > > not yet - now oga is hacking uvm and nfs, we thought you could be a > ports hacker and commit it yourself :) > Actually I do have commits to ports.. (look at gogo) but I hide that fact very carefully... If nobody else commits it and that's an ok I'll commit it when I get home. -Bob
Re: ports/audio/mpd - shuffle sucks moose balls - this fixes it.
well,I would have happily submitted it if their make a login
thing worked, but it doesn't seem to.
Anyway, I only care about committing it here. :) anyone done
that yet?
* dt...@drizzle.com [2009-04-08 18:47]:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Bob Beck wrote:
>
>> oh, and if I ever get the login confirmation for their stupid bugsite I'll
>> subit it upstream, since you ports guys subscribe to that school of futility
>> :)
>
> As opposed to the permanent overhead of maintaining a downstream fork?
> :-|
>
> I have a login there and would gladly submit this for you if you aren't
> inclined.
>
> Cheers -d
>
> - --
> David Talkington
> dt...@drizzle.com
> - --
> PGP key: http://www.flyingjoke.org/keys/801E3976.asc
> (What's this? http://en.wikipedia.org/wiki/Digital_signature)
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (OpenBSD)
>
> iQEcBAEBAgAGBQJJ3TNgAAoJEO7jL1CAHjl25e4H/153KWJCjz34OXHjte/OVUX7
> c8P3QuTpG3UBNIywT28Uv54O5RES5mjyCvxdEavYyl+LSok0DA6DKUTW72jDc5qL
> r+3SyJpQrcoi/5fxpesaK5AUgUy2V9p+S/RXn//Q0Et/KM2B+tHjpMpJg3AhjqUI
> DNMdqav2X3xuBGMNWh46RAuCEcLmXb1PHpVK+2LlYjkqZnSIE8budqLLdA2OB5hM
> KdcSokq0vtoKm4K0MIrdE9njMjk3R+5wXhJ5M5Tyqsi8/RZ4MCodn23vI05o+iD6
> HrpTHQIgaKxGByR0yAE88oytQdhXY8ojDKMhDCxbnbCi1gV2iaXSJsv/0OtTOHY=
> =MCej
> -END PGP SIGNATURE-
>
--
#!/usr/bin/perl
if ((not 0 && not 1) != (! 0 && ! 1)) {
print "Larry and Tom must smoke some really primo stuff...\n";
}
Re: ports/audio/mpd - shuffle sucks moose balls - this fixes it.
oh, and if I ever get the login confirmation for their stupid bugsite I'll
subit it upstream, since you ports guys subscribe to that school of futility :)
-Bob
* Bob Beck [2009-04-06 09:16]:
> * Matthias Kilian [2009-04-05 13:20]:
> > On Sun, Apr 05, 2009 at 12:43:07PM -0600, Bob Beck wrote:
> > > Someone please have a look, and either commit it or tell me to.
> >
> > If you add the following patch to the port's makefile, it's ok:
> >
> >
> Ok, how's this.. changed a bit anyway, so we use arc4random_uniform
>
> Index: Makefile
> ===
> RCS file: /cvs/ports/audio/mpd/Makefile,v
> retrieving revision 1.16
> diff -u -r1.16 Makefile
> --- Makefile 28 Oct 2008 15:21:48 - 1.16
> +++ Makefile 6 Apr 2009 15:09:54 -
> @@ -2,7 +2,7 @@
>
> COMMENT= Music Player Daemon
> DISTNAME=mpd-0.13.2
> -PKGNAME= ${DISTNAME}p2
> +PKGNAME= ${DISTNAME}p3
> CATEGORIES= audio
> HOMEPAGE=http://www.musicpd.org/
> MAINTAINER= Tobias Ulmer
> Index: patches/patch-src_playlist_c
> ===
> RCS file: patches/patch-src_playlist_c
> diff -N patches/patch-src_playlist_c
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-src_playlist_c 6 Apr 2009 15:09:54 -
> @@ -0,0 +1,80 @@
> +--- src/playlist.c.orig Fri Jun 13 22:16:16 2008
> src/playlist.c Mon Apr 6 08:57:25 2009
> +@@ -77,6 +77,13 @@
> + static int playPlaylistOrderNumber(int fd, int orderNum);
> + static void randomizeOrder(int start, int end);
> +
> ++#ifdef __OpenBSD__
> ++#define RANDOM_UB(n) (arc4random_uniform(n))
> ++#else
> ++#define RANDOM_UB(n) (random() % (n))
> ++#endif
> ++
> ++
> + static void incrPlaylistVersion(void)
> + {
> + static unsigned long max = ((mpd_uint32) 1 << 31) - 1;
> +@@ -647,7 +654,7 @@
> + else
> + start = playlist.current + 1;
> + if (start < playlist.length) {
> +-swap = random() % (playlist.length - start);
> ++swap = RANDOM_UB(playlist.length - start);
> + swap += start;
> + swapOrder(playlist.length - 1, swap);
> + }
> +@@ -1189,15 +1196,23 @@
> + }
> + }
> +
> +-for (i = start; i <= end; i++) {
> +-ri = random() % (end - start + 1) + start;
> +-if (ri == playlist.current)
> +-playlist.current = i;
> +-else if (i == playlist.current)
> +-playlist.current = ri;
> +-swapOrder(i, ri);
> ++/*
> ++ * Shuffle the Order.
> ++ * Use an unbiased Fisher-Yates shuffle.
> ++ */
> ++i = end + 1;
> ++while (i > start + 1) {
> ++ri = RANDOM_UB(i - start); /* 0 <= ri <= len */
> ++ri += start;
> ++i--; /* i is now the last pertinent index */
> ++if (i != ri) { /* do nothing if i == ri */
> ++if (ri == playlist.current)
> ++playlist.current = i;
> ++else if (i == playlist.current)
> ++playlist.current = ri;
> ++swapOrder(i, ri);
> ++}
> + }
> +-
> + }
> +
> + int setPlaylistRandomStatus(int fd, int status)
> +@@ -1281,12 +1296,17 @@
> + i = 0;
> + playlist.current = -1;
> + }
> +-/* shuffle the rest of the list */
> +-for (; i < playlist.length; i++) {
> +-ri = random() % (playlist.length - 1) + 1;
> +-swapSongs(i, ri);
> ++/*
> ++ * shuffle the rest of the list
> ++ * Use an unbiased Fisher-Yates shuffle.
> ++ */
> ++i = playlist.length;
> ++while (i > 1) {
> ++ri = RANDOM_UB(i); /* 0 <= ri <= len */
> ++i--; /* i is now the last pertinent index */
> ++if (i != ri) /* do nothing if i == ri */
> ++swapSongs(i, ri);
> + }
> +-
> + incrPlaylistVersion();
> + }
> +
>
--
#!/usr/bin/perl
if ((not 0 && not 1) != (! 0 && ! 1)) {
print "Larry and Tom must smoke some really primo stuff...\n";
}
Re: ports/audio/mpd - shuffle sucks moose balls - this fixes it.
* Matthias Kilian [2009-04-05 13:20]:
> On Sun, Apr 05, 2009 at 12:43:07PM -0600, Bob Beck wrote:
> > Someone please have a look, and either commit it or tell me to.
>
> If you add the following patch to the port's makefile, it's ok:
>
>
Ok, how's this.. changed a bit anyway, so we use arc4random_uniform
Index: Makefile
===
RCS file: /cvs/ports/audio/mpd/Makefile,v
retrieving revision 1.16
diff -u -r1.16 Makefile
--- Makefile28 Oct 2008 15:21:48 - 1.16
+++ Makefile6 Apr 2009 15:09:54 -
@@ -2,7 +2,7 @@
COMMENT= Music Player Daemon
DISTNAME= mpd-0.13.2
-PKGNAME= ${DISTNAME}p2
+PKGNAME= ${DISTNAME}p3
CATEGORIES=audio
HOMEPAGE= http://www.musicpd.org/
MAINTAINER=Tobias Ulmer
Index: patches/patch-src_playlist_c
===
RCS file: patches/patch-src_playlist_c
diff -N patches/patch-src_playlist_c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-src_playlist_c6 Apr 2009 15:09:54 -
@@ -0,0 +1,80 @@
+--- src/playlist.c.origFri Jun 13 22:16:16 2008
src/playlist.c Mon Apr 6 08:57:25 2009
+@@ -77,6 +77,13 @@
+ static int playPlaylistOrderNumber(int fd, int orderNum);
+ static void randomizeOrder(int start, int end);
+
++#ifdef __OpenBSD__
++#define RANDOM_UB(n) (arc4random_uniform(n))
++#else
++#define RANDOM_UB(n) (random() % (n))
++#endif
++
++
+ static void incrPlaylistVersion(void)
+ {
+ static unsigned long max = ((mpd_uint32) 1 << 31) - 1;
+@@ -647,7 +654,7 @@
+ else
+ start = playlist.current + 1;
+ if (start < playlist.length) {
+- swap = random() % (playlist.length - start);
++ swap = RANDOM_UB(playlist.length - start);
+ swap += start;
+ swapOrder(playlist.length - 1, swap);
+ }
+@@ -1189,15 +1196,23 @@
+ }
+ }
+
+- for (i = start; i <= end; i++) {
+- ri = random() % (end - start + 1) + start;
+- if (ri == playlist.current)
+- playlist.current = i;
+- else if (i == playlist.current)
+- playlist.current = ri;
+- swapOrder(i, ri);
++ /*
++ * Shuffle the Order.
++ * Use an unbiased Fisher-Yates shuffle.
++ */
++ i = end + 1;
++ while (i > start + 1) {
++ ri = RANDOM_UB(i - start); /* 0 <= ri <= len */
++ ri += start;
++ i--; /* i is now the last pertinent index */
++ if (i != ri) { /* do nothing if i == ri */
++ if (ri == playlist.current)
++ playlist.current = i;
++ else if (i == playlist.current)
++ playlist.current = ri;
++ swapOrder(i, ri);
++ }
+ }
+-
+ }
+
+ int setPlaylistRandomStatus(int fd, int status)
+@@ -1281,12 +1296,17 @@
+ i = 0;
+ playlist.current = -1;
+ }
+- /* shuffle the rest of the list */
+- for (; i < playlist.length; i++) {
+- ri = random() % (playlist.length - 1) + 1;
+- swapSongs(i, ri);
++ /*
++ * shuffle the rest of the list
++ * Use an unbiased Fisher-Yates shuffle.
++ */
++ i = playlist.length;
++ while (i > 1) {
++ ri = RANDOM_UB(i); /* 0 <= ri <= len */
++ i--; /* i is now the last pertinent index */
++ if (i != ri) /* do nothing if i == ri */
++ swapSongs(i, ri);
+ }
+-
+ incrPlaylistVersion();
+ }
+
ports/audio/mpd - shuffle sucks moose balls - this fixes it.
Ok, those of you who have never taken any proper CS theory, go
read the following:
http://dev.netcetera.org/blog/2007/08/24/good-knuth-bad-knuth/
Basically, since switching to mpd in the house, I noticed mpd's
random shuffle was irritatingly bad and biased towards certain songs,
so I read the code - Sure enough, mpd's song randomization is a flawed
Knuth Shuffle, meaning that the shuffled array is not shuffled
uniformly. It's a very common implementation mistake, good thing
people writing mp3 playing daemons aren't writing crypto.
The patch below to ports/audio/mpd puts a patch in that makes it use
a correct Knuth, also known as a Fisher Yates shuffle (wikipedia will
explain it to you)
Someone please have a look, and either commit it or tell me to.
-Bob
8<
Index: patch-src_playlist_c
===
RCS file: patch-src_playlist_c
diff -N patch-src_playlist_c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patch-src_playlist_c5 Apr 2009 18:27:42 -
@@ -0,0 +1,57 @@
+--- src/playlist.c.origSun Apr 5 12:11:54 2009
src/playlist.c Sun Apr 5 12:06:13 2009
+@@ -1189,15 +1189,23 @@
+ }
+ }
+
+- for (i = start; i <= end; i++) {
+- ri = random() % (end - start + 1) + start;
+- if (ri == playlist.current)
+- playlist.current = i;
+- else if (i == playlist.current)
+- playlist.current = ri;
+- swapOrder(i, ri);
++ /*
++ * Shuffle the Order.
++ * Use an unbiased Fisher-Yates shuffle.
++ */
++ i = end + 1;
++ while (i > start + 1) {
++ ri = random() % (i - start); /* 0 <= ri <= len */
++ ri += start;
++ i--; /* i is now the last pertinent index */
++ if (i != ri) { /* do nothing if i == ri */
++ if (ri == playlist.current)
++ playlist.current = i;
++ else if (i == playlist.current)
++ playlist.current = ri;
++ swapOrder(i, ri);
++ }
+ }
+-
+ }
+
+ int setPlaylistRandomStatus(int fd, int status)
+@@ -1281,12 +1289,17 @@
+ i = 0;
+ playlist.current = -1;
+ }
+- /* shuffle the rest of the list */
+- for (; i < playlist.length; i++) {
+- ri = random() % (playlist.length - 1) + 1;
+- swapSongs(i, ri);
++ /*
++ * shuffle the rest of the list
++ * Use an unbiased Fisher-Yates shuffle.
++ */
++ i = playlist.length;
++ while (i > 1) {
++ ri = random() % i; /* 0 <= ri <= len */
++ i--; /* i is now the last pertinent index */
++ if (i != ri) /* do nothing if i == ri */
++ swapSongs(i, ri);
+ }
+-
+ incrPlaylistVersion();
+ }
+
Re: New firefox doesn't understand lpr?
Ahh, probably old stupid amd64 libs. I wait for new build.
-Bob
* Antoine Jacoutot [2008-12-16 11:44]:
> On Tue, 16 Dec 2008, Bob Beck wrote:
>
> >
> > It appears not to want to print anymore.
>
> Naddy fixed this in gtk+2-2.14.5p0, make sure it is what you have
> installed on your system.
>
> Cheers!
>
> --
> Antoine
>
--
#!/usr/bin/perl
if ((not 0 && not 1) != (! 0 && ! 1)) {
print "Larry and Tom must smoke some really primo stuff...\n";
}
New firefox doesn't understand lpr?
It appears not to want to print anymore. -Bob
You gonna generate the 4.3_packages dir and upload it?
-Bob
mirror, once more..
as a diff to the mirror port, instead of just the file.
trying valiantly not to become the mirror maintainer, hoping
someone else will commit this..
-Bob
Index: patches/patch-ftp-pl-epsv
===
RCS file: patches/patch-ftp-pl-epsv
diff -N patches/patch-ftp-pl-epsv
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-ftp-pl-epsv 17 Mar 2007 23:27:06 -
@@ -0,0 +1,144 @@
+--- ftp.pl.origFri Mar 16 12:40:28 2007
ftp.pl Sat Mar 17 17:19:24 2007
+@@ -162,6 +162,11 @@
+ # Where I am connected to.
+ $connect_site = '';
+
++# Do we opportunisticly try epsv first when doing passive ftp
++# gets set back to 0 if an epsv command does not work, and we
++# fall back to old school pasv
++$try_epsv = 1;
++
+ # &ftp'debug( debugging_level )
+ # Turn on debugging ranging from 1 = some to 10 = everything
+ sub ftp'debug
+@@ -473,47 +478,94 @@
+ return undef;
+ }
+
+- &send( "PASV" );
+- $ret = &expect( $timeout,
+- 150, 0, # reading directory
+- 227, 1, # entering passive mode
+- 125, 1, # data connection already open? transfer starting
+-
+- 4, 0, # file unavailable
+-
+- 5, 0, # error
+-
+- 421, 99 ); # service unavailable, closing connection
+- if( $ret == 99 ){
+- &service_closed();
+- $ret = 0;
+- }
+-
+- if( ! $ret ){
+- &close_data_socket;
+- return 0;
+- }
+- if( $ret == 1 ) {
+- if($response =~ m/^227
.*\((\d+),(\d+),(\d+),(\d+),(\d+),(\d+)\)/){
+- $newhost = sprintf( "%d.%d.%d.%d", $1, $2, $3, $4 );
+- $newport = $5 * 256 + $6;
++ if ($try_epsv) {
++ &send( "EPSV" );
++ $ret = &expect( $timeout,
++ 150, 98, # reading directory
++ 229, 1, # entering epsv mode
++ 125, 98, # data connection already open? transfer
starting
++ 4, 98, # file unavailable
++ 5, 98, # error
++ 421, 99 ); # service unavailable, closing connection
++ if( $ret == 98 ){
++ # epsv didn't work for some reason, don't try
++ # again - just use pasv.
++ $try_epsv = 0;
+ }
+- else {
+- print $showfd "Cannot parse passive response\n" if
$ftp_show;
++ if( $ret == 99 ){
++ &service_closed();
++ $ret = 0;
++ }
++ if( ! $ret ){
++ &close_data_socket;
+ return 0;
+ }
+- }
++ if( $ret == 1 ) {
++ if($response =~ m/^229 .*\(\|\|\|(\d+)\|\)/){
++ $newport = $1;
++ }
++ else {
++ print $showfd "Cannot parse epsv response\n" if
$ftp_show;
++ return 0;
++ }
++ }
+
+- # now need to connect() the new socket
+- if( ! &chat'open_newport( $newhost, $newport, *S2 ) ){
+- if( $retry_call ){
+- print $showfd "Failed to connect newport\n" if
$ftp_show;
+- next;
++ # now need to connect() the new socket
++ if( ! &chat'open_newport( $connect_site, $newport, *S2 ) ){
++ if( $retry_call ){
++ print $showfd "Failed to connect to epsv
newport $newport\n" if $ftp_show;
++ next;
++ }
++ else {
++ print $showfd "proxy connection failed " if
$proxy;
++ print $showfd "Cannot open epsv ftp to
$connect_site\n" if $ftp_show;
++ return 0;
++ }
+ }
+- else {
+- print $showfd "proxy connection failed " if $proxy;
+- print $showfd "Cannot open pasv ftp to $connect_site\n"
if $ftp_show;
++ }
++ if (!$try_epsv) {
++ &send( "PASV" );
++ $ret = &expect( $timeout,
++ 150, 0, # reading directory
++ 227, 1, # entering passive mode
++ 125, 1, # data connection already open? transfer
starting
++
++ 4, 0, # file unavailable
++
++
Who looks after "mirror"
No, I don't want to :)
But I'd like it to do epsv :)
--- ftp.pl.orig Fri Mar 16 12:40:28 2007
+++ ftp.pl Fri Mar 16 12:40:32 2007
@@ -162,6 +162,8 @@
# Where I am connected to.
$connect_site = '';
+$try_epsv = 1;
+
# &ftp'debug( debugging_level )
# Turn on debugging ranging from 1 = some to 10 = everything
sub ftp'debug
@@ -473,47 +475,95 @@
return undef;
}
- &send( "PASV" );
- $ret = &expect( $timeout,
- 150, 0, # reading directory
- 227, 1, # entering passive mode
- 125, 1, # data connection already open? transfer starting
-
- 4, 0, # file unavailable
-
- 5, 0, # error
+ if ($try_epsv) {
+ &send( "EPSV" );
+ $ret = &expect( $timeout,
+ 150, 98, # reading directory
+ 229, 1, # entering passive mode
+ 125, 98, # data connection already open? transfer
starting
+
+ 4, 98, # file unavailable
- 421, 99 ); # service unavailable, closing connection
- if( $ret == 99 ){
- &service_closed();
- $ret = 0;
- }
-
- if( ! $ret ){
- &close_data_socket;
- return 0;
- }
- if( $ret == 1 ) {
- if($response =~ m/^227
.*\((\d+),(\d+),(\d+),(\d+),(\d+),(\d+)\)/){
- $newhost = sprintf( "%d.%d.%d.%d", $1, $2, $3, $4 );
- $newport = $5 * 256 + $6;
+ 5, 98, # error
+
+ 421, 99 ); # service unavailable, closing connection
+ if( $ret == 98 ){
+ $try_epsv = 0;
}
- else {
- print $showfd "Cannot parse passive response\n" if
$ftp_show;
+ if( $ret == 99 ){
+ &service_closed();
+ $ret = 0;
+ }
+ if( ! $ret ){
+ &close_data_socket;
return 0;
}
- }
+ if( $ret == 1 ) {
+ if($response =~ m/^229 .*\(\|\|\|(\d+)\|\)/){
+ $newport = $1;
+ }
+ else {
+ print $showfd "Cannot parse epsv response\n" if
$ftp_show;
+ return 0;
+ }
+ }
- # now need to connect() the new socket
- if( ! &chat'open_newport( $newhost, $newport, *S2 ) ){
- if( $retry_call ){
- print $showfd "Failed to connect newport\n" if
$ftp_show;
- next;
+ # now need to connect() the new socket
+ if( ! &chat'open_newport( $connect_site, $newport, *S2 ) ){
+ if( $retry_call ){
+ print $showfd "Failed to connect to epsv
newport $newport\n" if $ftp_show;
+ next;
+ }
+ else {
+ print $showfd "proxy connection failed " if
$proxy;
+ print $showfd "Cannot open epsv ftp to
$connect_site\n" if $ftp_show;
+ return 0;
+ }
}
- else {
- print $showfd "proxy connection failed " if $proxy;
- print $showfd "Cannot open pasv ftp to $connect_site\n"
if $ftp_show;
+ }
+ if (!$try_epsv) {
+ &send( "PASV" );
+ $ret = &expect( $timeout,
+ 150, 0, # reading directory
+ 227, 1, # entering passive mode
+ 125, 1, # data connection already open? transfer
starting
+
+ 4, 0, # file unavailable
+
+ 5, 0, # error
+
+ 421, 99 ); # service unavailable, closing connection
+ if( $ret == 99 ){
+ &service_closed();
+ $ret = 0;
+ }
+
+ if( ! $ret ){
+ &close_data_socket;
return 0;
+ }
+ if( $ret == 1 ) {
+ if($response =~ m/^227
.*\((\d+),(\d+),(\d+),(\d+),(\d+),(\d+)\)/){
+ $newhost = sprintf( "%d.%d.%d.%d", $1, $2, $3,
$4 );
+ $newport = $5 * 256 + $6;
+ }
+ else {
+ print $showfd "Cannot parse passive response\n"
if $ftp_show;
+ return 0;
+ }
+
