Re: CVS: cvs.openbsd.org: ports

2019-12-23 Thread Bryan Linton 
On 2019-12-22 09:05:42, Frederic Cambus  wrote:
> CVSROOT:  /cvs
> Module name:  ports
> Changes by:   fcam...@cvs.openbsd.org 2019/12/22 09:05:42
> 
> Modified files:
>   productivity/ledger: Makefile distinfo 
>   productivity/ledger/patches: patch-src_CMakeLists_txt 
>   productivity/ledger/pkg: PLIST 
> Removed files:
>   productivity/ledger/patches: patch-src_item_h 
> 
> Log message:
> Update ledger to 3.1.3.
> 
> This fixes CVE-2017-2807, CVE-2017-2808, CVE-2017-12481, CVE-2017-12482.
> 
> OK jca@, Sergey Bronnikov (MAINTAINER)
> 

This update causes ledger to segfault when processing commodities.

I can reproduce this with a file consisting of the following
snippet from ledger's manual.

-8<--

9/29  Get some stuff at the Inn
Places:Black's Tavern   -3 Apples
Places:Black's Tavern   -5 Steaks
EverQuest:Inventory

-8<--

To reproduce, simply copy the above 4 lines to a file and run
ledger.  E.g. "ledger --file test.txt balance"

If I remove the commodities from my (much longer) journal, ledger
works fine when dealing with cash transactions so the bug must be
specific to commodities.

Can anyone else reproduce this?

Unfortunately, I don't see any commits in ledger's GitHub that
stand out as fixing this issue.  I do see several commits to
commodity handling in between the previous 3.1.1 release and the
current 3.1.3 release.  However, I don't currently have time to
attempt to bisect this.

Backtrace follows.

% sysctl kern.version
kern.version=OpenBSD 6.6-current (GENERIC.MP) #559: Sun Dec 22 23:03:43 MST 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

% ledger bal
zsh: segmentation fault (core dumped)  ledger bal

% egdb `which ledger` ledger.core
GNU gdb (GDB) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-openbsd6.6".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/bin/ledger...done.
[New process 605898]
Core was generated by `ledger'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00dbd4413389 in 
std::__1::__hash_table, std::__1::__unordered_map_hasher, 
std::__1::hash, true>, 
std::__1::__unordered_map_equal, 
std::__1::equal_to, true>, 
std::__1::allocator > >::__deallocate_node (this=0xddd5619520, __np=0x2)
at /usr/include/c++/v1/__hash_table:1584
1584__next_pointer __next = __np->__next_;
(gdb) bt
#0  0x00dbd4413389 in 
std::__1::__hash_table, std::__1::__unordered_map_hasher, 
std::__1::hash, true>, 
std::__1::__unordered_map_equal, 
std::__1::equal_to, true>, 
std::__1::allocator > >::__deallocate_node (this=0xddd5619520, __np=0x2)
at /usr/include/c++/v1/__hash_table:1584
#1  0x00dbd441332c in 
std::__1::__hash_table, std::__1::__unordered_map_hasher, 
std::__1::hash, true>, 
std::__1::__unordered_map_equal, 
std::__1::equal_to, true>, 
std::__1::allocator > >::~__hash_table (this=0xddd5619520)
at /usr/include/c++/v1/__hash_table:1540
#2  0x00dbd44132cf in std::__1::unordered_map, 
std::__1::equal_to, 
std::__1::allocator > >::~unordered_map (this=0xddd5619520)
at /usr/include/c++/v1/unordered_map:842
#3  0x00dbd441328f in ledger::balance_t::~balance_t (this=0xddd5619520)
at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/balance.h:140
#4  0x00dbd4413144 in boost::checked_delete 
(x=0xddd5619520)
at /usr/local/include/boost/core/checked_delete.hpp:34
#5  0x00dbd44130b2 in ledger::value_t::storage_t::destroy 
(this=0xde5ab16300)
at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/value.h:219
#6  0x00dbd4412ff6 in ledger::value_t::storage_t::~storage_t 
(this=0xde5ab16300)
at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/value.h:172
#7  0x00dbd4412fa4 in boost::checked_delete (x=0xde5ab16300)
at /usr/local/include/boost/core/checked_delete.hpp:34
#8  0x00dbd4412f4c in ledger::value_t::storage_t::release 
(this=0xde5ab16300)
at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/value.h:203
#9  0x00dbd4412eef in ledger::intrusive_ptr_release 
(storage_ptr=0xde5ab16300)
at /usr/obj/ports/ledger-3.1.3/ledger-3.1.3/src/value.h:210
#10 0x00dbd4404977 in 
boost::intrusive_ptr::~intrusive_ptr (
this=0x7f7dc510) at 
/usr/local/include/boost/smart_ptr/intrusive_ptr.hpp:98
#11 0x00de062bcf76 in ledger::xact_base_t::finalize() ()

CVS: cvs.openbsd.org: ports

2019-12-23 Thread Jeremy Evans 
CVSROOT:/cvs
Module name:ports
Changes by: jer...@cvs.openbsd.org  2019/12/23 17:22:26

Modified files:
www/ruby-rack  : Makefile distinfo 

Log message:
Update to rack 2.0.8

Fixes CVE-2019-16782.

CVS: cvs.openbsd.org: ports

2019-12-23 Thread James Turner 
CVSROOT:/cvs
Module name:ports
Changes by: jtur...@cvs.openbsd.org 2019/12/23 16:42:35

Modified files:
lang/janet : Makefile distinfo 
lang/janet/patches: patch-Makefile 

Log message:
Update janet to 1.6.0. Release notes: 
https://github.com/janet-lang/janet/releases/tag/v1.6.0

CVS: cvs.openbsd.org: ports

2019-12-23 Thread ASOU Masato 
CVSROOT:/cvs
Module name:ports
Changes by: a...@cvs.openbsd.org2019/12/23 16:26:32

Modified files:
devel/valgrind : Makefile 
devel/valgrind/patches: 

patch-coregrind_m_syswrap_priv_syswrap_openbsd_h 
patch-coregrind_m_syswrap_syswrap_openbsd_c 
patch-include_vki_vki-openbsd_h 
patch-include_vki_vki_scnums_openbsd_h 
Added files:
devel/valgrind/patches: patch-coregrind_m_libcsignal_c 

patch-coregrind_m_syswrap_syswrap_amd64_openbsd_c 
patch-coregrind_m_syswrap_syswrap_generic_c 
patch-coregrind_m_syswrap_syswrap_x86_openbsd_c 

Log message:
Support target program usgin Pthread.

ok mpi@

CVS: cvs.openbsd.org: ports

2019-12-23 Thread Kurt Miller 
CVSROOT:/cvs
Module name:ports
Changes by: k...@cvs.openbsd.org2019/12/23 13:19:20

Modified files:
mail/mozilla-thunderbird: Makefile 
Added files:
mail/mozilla-thunderbird/patches: 
  patch-config_system-headers_mozbuild 

Log message:
Backport auxv.h header inclusion fix. okay landry@

CVS: cvs.openbsd.org: ports

2019-12-23 Thread Kurt Miller 
CVSROOT:/cvs
Module name:ports
Changes by: k...@cvs.openbsd.org2019/12/23 13:18:53

Modified files:
www/firefox-esr: Makefile 
Added files:
www/firefox-esr/patches: patch-config_system-headers_mozbuild 

Log message:
Backport auxv.h header inclusion fix. okay landry@

CVS: cvs.openbsd.org: ports

2019-12-23 Thread Jasper Lievisse Adriaanse 
CVSROOT:/cvs
Module name:ports
Changes by: jas...@cvs.openbsd.org  2019/12/23 12:57:27

Modified files:
sysutils/gitolite: Makefile distinfo 
sysutils/gitolite/pkg: PLIST 

Log message:
- update to gitolite-3.6.11
- drop maintainership

CVS: cvs.openbsd.org: ports

2019-12-23 Thread Jasper Lievisse Adriaanse 
CVSROOT:/cvs
Module name:ports
Changes by: jas...@cvs.openbsd.org  2019/12/23 12:46:13

Modified files:
graphics/gthumb: Makefile distinfo 
graphics/gthumb/pkg: PLIST 

Log message:
update to gthumb-3.8.3

CVS: cvs.openbsd.org: ports

2019-12-23 Thread Jasper Lievisse Adriaanse 
CVSROOT:/cvs
Module name:ports
Changes by: jas...@cvs.openbsd.org  2019/12/23 10:18:47

Modified files:
devel/py-elftools: Makefile distinfo 
devel/py-elftools/pkg: PLIST 

Log message:
update to py-elftools-0.26

CVS: cvs.openbsd.org: ports

2019-12-23 Thread Jasper Lievisse Adriaanse 
CVSROOT:/cvs
Module name:ports
Changes by: jas...@cvs.openbsd.org  2019/12/23 09:46:36

Modified files:
sysutils/py-ghmi: Makefile distinfo 
sysutils/py-ghmi/pkg: PLIST 

Log message:
update to py-ghmi-1.5.3

CVS: cvs.openbsd.org: ports

2019-12-23 Thread Frederic Cambus 
CVSROOT:/cvs
Module name:ports
Changes by: fcam...@cvs.openbsd.org 2019/12/23 06:27:52

Modified files:
audio/libopenmpt: Makefile distinfo 

Log message:
Update libopenmpt to 0.4.11.

CVS: cvs.openbsd.org: ports

2019-12-23 Thread Frederic Cambus 
CVSROOT:/cvs
Module name:ports
Changes by: fcam...@cvs.openbsd.org 2019/12/23 06:26:34

Modified files:
www/newsboat   : Makefile distinfo 

Log message:
Update newsboat to 2.18.

CVS: cvs.openbsd.org: ports

2019-12-23 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/12/23 06:25:48

Modified files:
mail/rspamd: Makefile distinfo 
mail/rspamd/patches: patch-src_CMakeLists_txt 
 patch-src_libutil_util_c 
mail/rspamd/pkg: PLIST 
Added files:
mail/rspamd/patches: patch-contrib_fastutf8_CMakeLists_txt 

Log message:
update to rspamd-2.2

CVS: cvs.openbsd.org: ports

2019-12-23 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/12/23 05:43:15

Modified files:
net/isc-bind   : Tag: OPENBSD_6_6 Makefile 

Log message:
remove SEPARATE_BUILD=Yes from -stable too, unbreak build on clean system

CVS: cvs.openbsd.org: ports

2019-12-23 Thread Jeremie Courreges-Anglas 
CVSROOT:/cvs
Module name:ports
Changes by: j...@cvs.openbsd.org2019/12/23 05:26:23

Modified files:
net/samba  : Makefile 
net/samba/pkg  : PLIST-ldb PLIST-main 

Log message:
Fix conflict introduced in previous

Reported by semarie@

CVS: cvs.openbsd.org: ports

2019-12-23 Thread Solene Rapenne 
CVSROOT:/cvs
Module name:ports
Changes by: sol...@cvs.openbsd.org  2019/12/23 04:39:59

Modified files:
net/swirc  : Makefile distinfo 

Log message:
Update to swirc-3.1.1

patch from maintainer, thank you
Per changelog, the update fixes a possible read input deadlock

CVS: cvs.openbsd.org: ports

2019-12-23 Thread Landry Breuil 
CVSROOT:/cvs
Module name:ports
Changes by: lan...@cvs.openbsd.org  2019/12/23 02:04:11

Modified files:
www/mozilla-firefox: Makefile 
www/firefox-esr: Makefile 

Log message:
Add 'uses pledge()' comments, from Caspar Schutijser.