Re: UPDATE: security/keepassx (keepassx 2.0)
On Fri, Dec 18, 2015 at 10:41:11AM +0100, Landry Breuil wrote: > On Thu, Dec 17, 2015 at 10:40:12PM +0100, Rafael Sadowski wrote: > > On Fri Dec 11, 2015 at 10:43:43AM +, Stuart Henderson wrote: > > > On 2015/12/11 11:24, Landry Breuil wrote: > > > > On Thu, Dec 10, 2015 at 11:57:43PM +0100, Rafael Sadowski wrote: > > > > > Hey everybody, > > > > > > > > > > for those who can not wait (like me) here is an update for keepassx. > > > > > I hope steven@ can use it for more tests or a better port. > > > > > > > > > > Tested @amd64 with my old *.kdb file without problems. > > > > > > > > Works fine for me on amd64 too, imported my .kdb without issues. > > > > You have some things to fix in the port though: > > > > - use gtk-update-icon-cache, add an RDEP for it > > > > - fix the PLIST, it seems some icons are duplicated/installed twice > > > > - i think you can use SHARED_ONLY=yes and merge PFRAG.list into PLIST > > > > > > > > Are you sure you need ports gcc ? > > > > > > It's not needed with "CONFIGURE_ARGS= -DWITH_CXX11=no". > > > > > > I get these with port-lib-depends-check: > > > > > > Missing: Xi.12 (/usr/local/lib/keepassx/libkeepassx-autotype-x11.so) > > > (system lib) > > > Extra: QtXml.8 > > > > Dear keepassx users and port veterans, > > > > after long workdays before the Xmas break, here is a new updated diff > > with your hints: > > > > - add DWITH_CXX11=no > > - fix WANTLIB > > - fix and add LIB_DEPENDS > > - SHARED_ONLY tagged > > - fix PLIST > > - add gtk-update-icon-cache (advice from portcheck) > > > > Okay? (Okay from steven@ to update keepassx -- not for the patch (at the > > moment)) > > Looks good to me too, the only thing that saddens me is seeing icons > duplicated, ie: > > > +share/icons/hicolor/128x128/apps/keepassx.png > > +share/icons/hicolor/128x128/mimetypes/application-x-keepassx.png > > +share/icons/hicolor/16x16/apps/keepassx.png > > +share/icons/hicolor/16x16/mimetypes/application-x-keepassx.png > > +share/icons/hicolor/22x22/mimetypes/application-x-keepassx.png > > +share/icons/hicolor/24x24/apps/keepassx.png > > +share/icons/hicolor/256x256/apps/keepassx.png > > +share/icons/hicolor/32x32/apps/keepassx.png > > +share/icons/hicolor/32x32/mimetypes/application-x-keepassx.png > > +share/icons/hicolor/48x48/apps/keepassx.png > > +share/icons/hicolor/64x64/apps/keepassx.png > > +share/icons/hicolor/64x64/mimetypes/application-x-keepassx.png > > +share/icons/hicolor/scalable/apps/keepassx.svgz > > > +share/keepassx/icons/application/128x128/apps/keepassx.png > > +share/keepassx/icons/application/128x128/mimetypes/application-x-keepassx.png > > +share/keepassx/icons/application/16x16/apps/keepassx.png > > +share/keepassx/icons/application/16x16/mimetypes/application-x-keepassx.png > > +share/keepassx/icons/application/22x22/mimetypes/application-x-keepassx.png > > +share/keepassx/icons/application/24x24/apps/keepassx.png > > +share/keepassx/icons/application/256x256/apps/keepassx.png > > +share/keepassx/icons/application/32x32/apps/keepassx.png > > +share/keepassx/icons/application/32x32/mimetypes/application-x-keepassx.png > > +share/keepassx/icons/application/48x48/apps/keepassx.png > > +share/keepassx/icons/application/64x64/apps/keepassx.png > > +share/keepassx/icons/application/64x64/mimetypes/application-x-keepassx.png > > +share/keepassx/icons/application/scalable/apps/keepassx.svgz > > But i havent checked if those were symlinks or ... > > > +@exec %D/bin/gtk-update-icon-cache -q -t %D/share/icons/hicolor > > +@unexec-delete %D/bin/gtk-update-icon-cache -q -t %D/share/icons/hicolor > > Since icons are also added under share/keepassx/icons/application, maybe > gtk-update-icon-cache should be ran against this dir too. No it shouldn't. Only icons installed under a subdirectory of PREFIX/share/icons/ should have a matching gtk-update-icon-cache. -- Antoine
Re: UPDATE: security/keepassx (keepassx 2.0)
On Thu, Dec 17, 2015 at 10:40:12PM +0100, Rafael Sadowski wrote: > On Fri Dec 11, 2015 at 10:43:43AM +, Stuart Henderson wrote: > > On 2015/12/11 11:24, Landry Breuil wrote: > > > On Thu, Dec 10, 2015 at 11:57:43PM +0100, Rafael Sadowski wrote: > > > > Hey everybody, > > > > > > > > for those who can not wait (like me) here is an update for keepassx. > > > > I hope steven@ can use it for more tests or a better port. > > > > > > > > Tested @amd64 with my old *.kdb file without problems. > > > > > > Works fine for me on amd64 too, imported my .kdb without issues. > > > You have some things to fix in the port though: > > > - use gtk-update-icon-cache, add an RDEP for it > > > - fix the PLIST, it seems some icons are duplicated/installed twice > > > - i think you can use SHARED_ONLY=yes and merge PFRAG.list into PLIST > > > > > > Are you sure you need ports gcc ? > > > > It's not needed with "CONFIGURE_ARGS= -DWITH_CXX11=no". > > > > I get these with port-lib-depends-check: > > > > Missing: Xi.12 (/usr/local/lib/keepassx/libkeepassx-autotype-x11.so) > > (system lib) > > Extra: QtXml.8 > > Dear keepassx users and port veterans, > > after long workdays before the Xmas break, here is a new updated diff > with your hints: > > - add DWITH_CXX11=no > - fix WANTLIB > - fix and add LIB_DEPENDS > - SHARED_ONLY tagged > - fix PLIST > - add gtk-update-icon-cache (advice from portcheck) > > Okay? (Okay from steven@ to update keepassx -- not for the patch (at the > moment)) Looks good to me too, the only thing that saddens me is seeing icons duplicated, ie: > +share/icons/hicolor/128x128/apps/keepassx.png > +share/icons/hicolor/128x128/mimetypes/application-x-keepassx.png > +share/icons/hicolor/16x16/apps/keepassx.png > +share/icons/hicolor/16x16/mimetypes/application-x-keepassx.png > +share/icons/hicolor/22x22/mimetypes/application-x-keepassx.png > +share/icons/hicolor/24x24/apps/keepassx.png > +share/icons/hicolor/256x256/apps/keepassx.png > +share/icons/hicolor/32x32/apps/keepassx.png > +share/icons/hicolor/32x32/mimetypes/application-x-keepassx.png > +share/icons/hicolor/48x48/apps/keepassx.png > +share/icons/hicolor/64x64/apps/keepassx.png > +share/icons/hicolor/64x64/mimetypes/application-x-keepassx.png > +share/icons/hicolor/scalable/apps/keepassx.svgz > +share/keepassx/icons/application/128x128/apps/keepassx.png > +share/keepassx/icons/application/128x128/mimetypes/application-x-keepassx.png > +share/keepassx/icons/application/16x16/apps/keepassx.png > +share/keepassx/icons/application/16x16/mimetypes/application-x-keepassx.png > +share/keepassx/icons/application/22x22/mimetypes/application-x-keepassx.png > +share/keepassx/icons/application/24x24/apps/keepassx.png > +share/keepassx/icons/application/256x256/apps/keepassx.png > +share/keepassx/icons/application/32x32/apps/keepassx.png > +share/keepassx/icons/application/32x32/mimetypes/application-x-keepassx.png > +share/keepassx/icons/application/48x48/apps/keepassx.png > +share/keepassx/icons/application/64x64/apps/keepassx.png > +share/keepassx/icons/application/64x64/mimetypes/application-x-keepassx.png > +share/keepassx/icons/application/scalable/apps/keepassx.svgz But i havent checked if those were symlinks or ... > +@exec %D/bin/gtk-update-icon-cache -q -t %D/share/icons/hicolor > +@unexec-delete %D/bin/gtk-update-icon-cache -q -t %D/share/icons/hicolor Since icons are also added under share/keepassx/icons/application, maybe gtk-update-icon-cache should be ran against this dir too. Landry
Re: UPDATE: security/keepassx (keepassx 2.0)
On Fri Dec 11, 2015 at 10:43:43AM +, Stuart Henderson wrote: > On 2015/12/11 11:24, Landry Breuil wrote: > > On Thu, Dec 10, 2015 at 11:57:43PM +0100, Rafael Sadowski wrote: > > > Hey everybody, > > > > > > for those who can not wait (like me) here is an update for keepassx. > > > I hope steven@ can use it for more tests or a better port. > > > > > > Tested @amd64 with my old *.kdb file without problems. > > > > Works fine for me on amd64 too, imported my .kdb without issues. > > You have some things to fix in the port though: > > - use gtk-update-icon-cache, add an RDEP for it > > - fix the PLIST, it seems some icons are duplicated/installed twice > > - i think you can use SHARED_ONLY=yes and merge PFRAG.list into PLIST > > > > Are you sure you need ports gcc ? > > It's not needed with "CONFIGURE_ARGS= -DWITH_CXX11=no". > > I get these with port-lib-depends-check: > > Missing: Xi.12 (/usr/local/lib/keepassx/libkeepassx-autotype-x11.so) (system > lib) > Extra: QtXml.8 Dear keepassx users and port veterans, after long workdays before the Xmas break, here is a new updated diff with your hints: - add DWITH_CXX11=no - fix WANTLIB - fix and add LIB_DEPENDS - SHARED_ONLY tagged - fix PLIST - add gtk-update-icon-cache (advice from portcheck) Okay? (Okay from steven@ to update keepassx -- not for the patch (at the moment)) Best regards, Rafael Index: Makefile === RCS file: /cvs/ports/security/keepassx/Makefile,v retrieving revision 1.8 diff -u -p -u -p -r1.8 Makefile --- Makefile7 Dec 2015 18:26:01 - 1.8 +++ Makefile17 Dec 2015 21:32:29 - @@ -1,13 +1,14 @@ # $OpenBSD: Makefile,v 1.8 2015/12/07 18:26:01 jasper Exp $ +SHARED_ONLY = Yes + COMMENT = management tool for sensitive data -V =0.4.3 +V =2.0 DISTNAME = keepassx-$V -REVISION = 3 CATEGORIES = security -HOMEPAGE = http://www.keepassx.org/ +HOMEPAGE = https://www.keepassx.org/ MAINTAINER = Steven Mestdagh@@ -16,11 +17,18 @@ PERMIT_PACKAGE_CDROM = Yes MASTER_SITES = https://www.keepassx.org/releases/$V/ -MODULES = x11/qt4 devel/cmake +MODULES = x11/qt4 \ + devel/cmake + +CONFIGURE_ARGS=-DWITH_CXX11=no + +WANTLIB += QtGui X11 Xi Xtst c m pthread stdc++ +WANTLIB += gcrypt z -WANTLIB += QtGui QtXml X11 Xtst c m pthread stdc++ +LIB_DEPENDS = security/libgcrypt RUN_DEPENDS = devel/desktop-file-utils \ - misc/shared-mime-info + misc/shared-mime-info \ + x11/gtk+3,-guic .include Index: distinfo === RCS file: /cvs/ports/security/keepassx/distinfo,v retrieving revision 1.2 diff -u -p -u -p -r1.2 distinfo --- distinfo18 Jan 2015 03:15:02 - 1.2 +++ distinfo17 Dec 2015 21:32:29 - @@ -1,2 +1,2 @@ -SHA256 (keepassx-0.4.3.tar.gz) = zZAaBhHOV+Ys9t9+7rG2kLUjIwK9rYYmmU61Stz6HoU= -SIZE (keepassx-0.4.3.tar.gz) = 1368766 +SHA256 (keepassx-2.0.tar.gz) = DrQPrDpE2Cg9/B7ijMbeXGYLIquXVHLegsKwRnXIIuY= +SIZE (keepassx-2.0.tar.gz) = 1524638 Index: patches/patch-src_lib_FileDialogs_cpp === RCS file: patches/patch-src_lib_FileDialogs_cpp diff -N patches/patch-src_lib_FileDialogs_cpp --- patches/patch-src_lib_FileDialogs_cpp 7 Dec 2015 18:26:01 - 1.1 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,19 +0,0 @@ -$OpenBSD: patch-src_lib_FileDialogs_cpp,v 1.1 2015/12/07 18:26:01 jasper Exp $ - -Security fix for CVE-2015-8378 -http://anonscm.debian.org/cgit/collab-maint/keepassx.git/commit/?id=b3c9028db8ec3b8752ff47717ffc792d755c1294 - src/lib/FileDialogs.cpp.orig Thu Oct 8 21:27:39 2009 -+++ src/lib/FileDialogs.cppMon Dec 7 14:50:29 2015 -@@ -118,6 +118,11 @@ QString QtStandardFileDialogs::saveFileDialog(QWidget* - SelectedFilter=Filters[SelectedFilterIndex]; - QString filepath = QFileDialog::getSaveFileName(parent,title,dir,toSingleStringFilter(Filters),, - ShowOverwriteWarning ? (QFileDialog::Option)0 : QFileDialog::DontConfirmOverwrite); -+ -+// Fixes CVE-2015-8378 -+if (filepath.isEmpty()) -+return filepath; -+ - LastFilter=Filters.indexOf(SelectedFilter); - - //Check whether the file has an extension which fits to the selected filter Index: pkg/PLIST === RCS file: /cvs/ports/security/keepassx/pkg/PLIST,v retrieving revision 1.2 diff -u -p -u -p -r1.2 PLIST --- pkg/PLIST 28 Apr 2012 14:08:54 - 1.2 +++ pkg/PLIST 17 Dec 2015 21:32:29 - @@ -1,104 +1,200 @@ @comment $OpenBSD: PLIST,v 1.2 2012/04/28 14:08:54 ajacoutot Exp $ @bin bin/keepassx +lib/keepassx/ +lib/keepassx/libkeepassx-autotype-x11.so
Re: UPDATE: security/keepassx (keepassx 2.0)
Rafael Sadowski wrote: > Dear keepassx users and port veterans, > > after long workdays before the Xmas break, here is a new updated diff > with your hints: > > - add DWITH_CXX11=no > - fix WANTLIB > - fix and add LIB_DEPENDS > - SHARED_ONLY tagged > - fix PLIST > - add gtk-update-icon-cache (advice from portcheck) > > Okay? (Okay from steven@ to update keepassx -- not for the patch (at the > moment)) Builds and runs fine for me. ok mmcc@ I get this to stderr whenever opening a db: > setNativeLocks failed: Resource temporarily unavailable > setNativeLocks failed: Resource temporarily unavailable I'd assume they're falling back to some platform-naive file-locking technique that doesn't work on OpenBSD. I don't have time to look at the moment. It doesn't interfere with anything for me, though.
Re: UPDATE: security/keepassx (keepassx 2.0)
On Thu, Dec 10, 2015 at 11:57:43PM +0100, Rafael Sadowski wrote: > Hey everybody, > > for those who can not wait (like me) here is an update for keepassx. > I hope steven@ can use it for more tests or a better port. > > Tested @amd64 with my old *.kdb file without problems. Works fine for me on amd64 too, imported my .kdb without issues. You have some things to fix in the port though: - use gtk-update-icon-cache, add an RDEP for it - fix the PLIST, it seems some icons are duplicated/installed twice - i think you can use SHARED_ONLY=yes and merge PFRAG.list into PLIST Are you sure you need ports gcc ? Landry
Re: UPDATE: security/keepassx (keepassx 2.0)
On Fri Dec 11, 2015 at 11:24:43AM +0100, Landry Breuil wrote: > On Thu, Dec 10, 2015 at 11:57:43PM +0100, Rafael Sadowski wrote: > > Hey everybody, > > > > for those who can not wait (like me) here is an update for keepassx. > > I hope steven@ can use it for more tests or a better port. > > > > Tested @amd64 with my old *.kdb file without problems. > > Works fine for me on amd64 too, imported my .kdb without issues. > You have some things to fix in the port though: > - use gtk-update-icon-cache, add an RDEP for it > - fix the PLIST, it seems some icons are duplicated/installed twice > - i think you can use SHARED_ONLY=yes and merge PFRAG.list into PLIST > Thanks! steven@ want you continue? > Are you sure you need ports gcc ? > Yes I'm sure. C++11. Okay, it's optional but default on.
Re: UPDATE: security/keepassx (keepassx 2.0)
On 2015/12/11 11:24, Landry Breuil wrote: > On Thu, Dec 10, 2015 at 11:57:43PM +0100, Rafael Sadowski wrote: > > Hey everybody, > > > > for those who can not wait (like me) here is an update for keepassx. > > I hope steven@ can use it for more tests or a better port. > > > > Tested @amd64 with my old *.kdb file without problems. > > Works fine for me on amd64 too, imported my .kdb without issues. > You have some things to fix in the port though: > - use gtk-update-icon-cache, add an RDEP for it > - fix the PLIST, it seems some icons are duplicated/installed twice > - i think you can use SHARED_ONLY=yes and merge PFRAG.list into PLIST > > Are you sure you need ports gcc ? It's not needed with "CONFIGURE_ARGS= -DWITH_CXX11=no". I get these with port-lib-depends-check: Missing: Xi.12 (/usr/local/lib/keepassx/libkeepassx-autotype-x11.so) (system lib) Extra: QtXml.8
Re: UPDATE: security/keepassx (keepassx 2.0)
Rafael Sadowski wrote: > > Are you sure you need ports gcc ? > > > Yes I'm sure. C++11. Okay, it's optional but default on. Yeah, my initial reaction that we should check the code carefully before disabling C++11. Seems like it might expose some poorly tested paths. And I don't know whether that's worth it.