CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: ajacou...@cvs.openbsd.org 2014/06/02 00:10:18 Modified files: www/owncloud : Makefile Log message: Fix typo in COMMENT. spotted by Carson Chittom.
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: jas...@cvs.openbsd.org 2014/06/02 02:08:31 Modified files: net/gupnp/core : Makefile distinfo net/gupnp/core/pkg: PLIST Log message: update to gupnp-0.20.12
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: jas...@cvs.openbsd.org 2014/06/02 02:10:05 Modified files: graphics/clutter/clutter-gst: Makefile distinfo Removed files: graphics/clutter/clutter-gst/patches: patch-clutter-gst_Makefile_in Log message: update to clutter-gst-2.0.12
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: jas...@cvs.openbsd.org 2014/06/02 02:15:05 Modified files: devel/json-glib: Makefile distinfo Log message: update to json-glib-1.0.2
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: jas...@cvs.openbsd.org 2014/06/02 02:20:22 Modified files: x11/gnome/rygel: Makefile distinfo x11/gnome/rygel/patches: patch-configure Log message: update to rygel-0.22.2
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: s...@cvs.openbsd.org2014/06/02 03:25:33 Modified files: devel/xdg-utils: Makefile devel/xdg-utils/patches: patch-scripts_xdg-open Log message: Fix xdg-open for KDE4 such that devices mounted by sysutils/toad open up in the dolphin file manager rather than in the default web browser. ok ajacoutot, tested by Fabian Raetz
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: jas...@cvs.openbsd.org 2014/06/02 04:01:02 Modified files: x11/gnome/calculator: Makefile distinfo Log message: update to gnome-calculator-3.12.2
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: s...@cvs.openbsd.org2014/06/02 04:39:11 Modified files: graphics/dvdrip: Makefile graphics/dvdrip/pkg: PLIST Log message: install dvdrip menu icon; gtk+2,-guic rundep hint + ok by ajacoutot
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2014/06/02 05:26:21 Modified files: security/wpa_supplicant: Makefile Added files: security/wpa_supplicant/patches: patch-src_utils_common_c Log message: off-by-one in length checking in printf_encode, crash reported by jirib at devio dot us
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2014/06/02 06:31:24 Modified files: net/nfdump : Makefile distinfo net/nfdump/patches: patch-bin_nfprofile_c Log message: update to nfdump 1.6.12, from sebastia@, tweak by me to use REORDER_DEPENDENCIES rather than add a dep on autoconf.
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: ajacou...@cvs.openbsd.org 2014/06/02 06:31:44 Modified files: games/gcompris : Makefile distinfo games/gcompris/patches: patch-Makefile_in patch-configure patch-src_gcompris_Makefile_in patch-src_goocanvas_src_Makefile_in games/gcompris/pkg: PLIST Log message: Update to gcompris-14.05.
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2014/06/02 08:37:16 Modified files: www/elinks : Makefile www/elinks/patches: patch-src_network_ssl_ssl_c Added files: www/elinks/patches: patch-configure_in Removed files: www/elinks/patches: patch-configure Log message: Fix patch to cope with RAND_egd being removed from libressl; uninitialized variable use with the previous patch was causing writes to a file with an incorrect name, as discovered by mlarkin@. Thrashed out with / ok jca@.
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2014/06/02 10:50:43 Modified files: net/irssi : Makefile distinfo net/irssi/patches: patch-src_fe-common_core_Makefile_in patch-src_irc_proxy_listen_c patch-src_perl_Makefile_in Removed files: net/irssi/patches: patch-src_core_commands_c patch-src_core_misc_c patch-src_core_misc_h patch-src_core_net-nonblock_c patch-src_core_network-openssl_c patch-src_core_network_c patch-src_core_network_h patch-src_core_servers_c patch-src_core_session_c patch-src_fe-common_core_chat-completion_c patch-src_fe-common_core_completion_c patch-src_fe-common_core_fe-exec_c patch-src_fe-common_core_fe-log_c patch-src_fe-common_core_windows-layout_c patch-src_fe-common_irc_dcc_fe-dcc-chat_c patch-src_fe-common_irc_fe-irc-commands_c patch-src_fe-text_statusbar-config_c patch-src_irc_core_ctcp_c patch-src_irc_core_irc-commands_c patch-src_irc_core_irc-expandos_c patch-src_irc_core_irc_c patch-src_irc_dcc_dcc-chat_c patch-src_irc_dcc_dcc_c Log message: update to irssi 0.8.16, from viq (maintainer), and remove no-longer-used function pointed out by viq but not in his original diff
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: juan...@cvs.openbsd.org 2014/06/02 13:43:50 Modified files: lang/luajit: Makefile Log message: Enable LUA52COMPAT for the lua52 flavor. ok abieber@.
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: juan...@cvs.openbsd.org 2014/06/02 13:47:04 Modified files: lang : Makefile Log message: +luajit,lua52
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2014/06/02 14:12:53 Modified files: security/wpa_supplicant: Makefile Log message: Update license marker; as of Feb 2012 this is no longer dual GPL/BSD, it is just plain 3-clause BSD. No pkg change.
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: b...@cvs.openbsd.org2014/06/02 16:01:02 Modified files: multimedia/x264: Makefile distinfo multimedia/x264/patches: patch-Makefile patch-configure Removed files: multimedia/x264/patches: patch-version_sh Log message: Update to x264-20140525. ok juan@
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: b...@cvs.openbsd.org2014/06/02 16:26:10 Modified files: multimedia/xine-lib: Makefile Added files: multimedia/xine-lib/patches: patch-src_audio_out_audio_sndio_out_c Log message: Re-enable the multichannel support for sndio. ok sthen@
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: bcal...@cvs.openbsd.org 2014/06/02 18:45:40 Modified files: net/gophernicus: Makefile distinfo Log message: Bugfix update to 1.5
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: l...@cvs.openbsd.org2014/06/02 20:55:50 Modified files: security/p0f : Makefile Log message: Update MASTER_SITES. ok nigel@ (maintainer)
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: l...@cvs.openbsd.org2014/06/02 20:56:13 Removed files: security/p0f/pkg: PFRAG.mysql Log message: Remove PFRAG.mysql, which is no longer needed since the update to p0f 2.0.5 has removed MySQL support. ok nigel@ (maintainer)
Re: opendnssec and softhsm revisited
On Tue, May 27, 2014 at 10:27:52PM +0200, Patrik Lundin wrote: The ports are now at a state where i feel they are suitable for import. Is no one interested in this? I think it is a nice complement to nsd in base for automated DNSSEC. Regards, Patrik Lundin
[UPDATE] Python 2.7.7
Hi,
this is the diff to update Python 2.7 to latest release.
Release notes: http://hg.python.org/cpython/raw-file/f89216059edf/Misc/NEWS
Any ok?
Cheers,
Remi.
Index: Makefile
===
RCS file: /cvs/ports/lang/python/2.7/Makefile,v
retrieving revision 1.33
diff -u -p -r1.33 Makefile
--- Makefile19 Apr 2014 14:10:10 - 1.33
+++ Makefile2 Jun 2014 09:04:29 -
@@ -1,8 +1,7 @@
# $OpenBSD: Makefile,v 1.33 2014/04/19 14:10:10 espie Exp $
VERSION = 2.7
-PATCHLEVEL = .6
-REVISION = 4
+PATCHLEVEL = .7
SHARED_LIBS = python2.7 0.0
VERSION_SPEC = =2.7,2.8
Index: distinfo
===
RCS file: /cvs/ports/lang/python/2.7/distinfo,v
retrieving revision 1.6
diff -u -p -r1.6 distinfo
--- distinfo9 Jan 2014 18:03:35 - 1.6
+++ distinfo2 Jun 2014 09:04:29 -
@@ -1,2 +1,2 @@
-SHA256 (Python-2.7.6.tgz) = mcaGC3CXe++hWQAp+uCS3bGNsdaa5n6Lk4W2btEEulg=
-SIZE (Python-2.7.6.tgz) = 14725931
+SHA256 (Python-2.7.7.tgz) = f0nApnBa2J2SUYHifQqqAl7kcxzg3mR3bHIiFsPmbEI=
+SIZE (Python-2.7.7.tgz) = 14809415
Index: patches/patch-Modules_socketmodule_c
===
RCS file: patches/patch-Modules_socketmodule_c
diff -N patches/patch-Modules_socketmodule_c
--- patches/patch-Modules_socketmodule_c9 Feb 2014 09:49:26 -
1.3
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,16 +0,0 @@
-$OpenBSD: patch-Modules_socketmodule_c,v 1.3 2014/02/09 09:49:26 rpointel Exp $
-security fix: http://bugs.python.org/issue20246
-
Modules/socketmodule.c.orig
-+++ Modules/socketmodule.c
-@@ -2742,6 +2742,10 @@ sock_recvfrom_into(PySocketSockObject *s
- if (recvlen == 0) {
- /* If nbytes was not specified, use the buffer's length */
- recvlen = buflen;
-+} else if (recvlen buflen) {
-+PyErr_SetString(PyExc_ValueError,
-+nbytes is greater than the length of the buffer);
-+goto error;
- }
-
- readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, addr);
Index: pkg/PLIST-idle
===
RCS file: /cvs/ports/lang/python/2.7/pkg/PLIST-idle,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 PLIST-idle
--- pkg/PLIST-idle 24 Apr 2011 09:31:45 - 1.1.1.1
+++ pkg/PLIST-idle 2 Jun 2014 09:04:29 -
@@ -61,6 +61,13 @@ lib/python2.7/idlelib/IOBinding.pyo
lib/python2.7/idlelib/Icons/
lib/python2.7/idlelib/Icons/folder.gif
lib/python2.7/idlelib/Icons/idle.icns
+lib/python2.7/idlelib/Icons/idle.ico
+lib/python2.7/idlelib/Icons/idle_16.gif
+lib/python2.7/idlelib/Icons/idle_16.png
+lib/python2.7/idlelib/Icons/idle_32.gif
+lib/python2.7/idlelib/Icons/idle_32.png
+lib/python2.7/idlelib/Icons/idle_48.gif
+lib/python2.7/idlelib/Icons/idle_48.png
lib/python2.7/idlelib/Icons/minusnode.gif
lib/python2.7/idlelib/Icons/openfolder.gif
lib/python2.7/idlelib/Icons/plusnode.gif
@@ -179,6 +186,53 @@ lib/python2.7/idlelib/idle.py
lib/python2.7/idlelib/idle.pyc
lib/python2.7/idlelib/idle.pyo
lib/python2.7/idlelib/idle.pyw
+lib/python2.7/idlelib/idle_test/
+lib/python2.7/idlelib/idle_test/README.txt
+lib/python2.7/idlelib/idle_test/__init__.py
+lib/python2.7/idlelib/idle_test/__init__.pyc
+lib/python2.7/idlelib/idle_test/__init__.pyo
+lib/python2.7/idlelib/idle_test/htest.py
+lib/python2.7/idlelib/idle_test/htest.pyc
+lib/python2.7/idlelib/idle_test/htest.pyo
+lib/python2.7/idlelib/idle_test/mock_idle.py
+lib/python2.7/idlelib/idle_test/mock_idle.pyc
+lib/python2.7/idlelib/idle_test/mock_idle.pyo
+lib/python2.7/idlelib/idle_test/mock_tk.py
+lib/python2.7/idlelib/idle_test/mock_tk.pyc
+lib/python2.7/idlelib/idle_test/mock_tk.pyo
+lib/python2.7/idlelib/idle_test/test_calltips.py
+lib/python2.7/idlelib/idle_test/test_calltips.pyc
+lib/python2.7/idlelib/idle_test/test_calltips.pyo
+lib/python2.7/idlelib/idle_test/test_config_name.py
+lib/python2.7/idlelib/idle_test/test_config_name.pyc
+lib/python2.7/idlelib/idle_test/test_config_name.pyo
+lib/python2.7/idlelib/idle_test/test_delegator.py
+lib/python2.7/idlelib/idle_test/test_delegator.pyc
+lib/python2.7/idlelib/idle_test/test_delegator.pyo
+lib/python2.7/idlelib/idle_test/test_formatparagraph.py
+lib/python2.7/idlelib/idle_test/test_formatparagraph.pyc
+lib/python2.7/idlelib/idle_test/test_formatparagraph.pyo
+lib/python2.7/idlelib/idle_test/test_grep.py
+lib/python2.7/idlelib/idle_test/test_grep.pyc
+lib/python2.7/idlelib/idle_test/test_grep.pyo
+lib/python2.7/idlelib/idle_test/test_idlehistory.py
+lib/python2.7/idlelib/idle_test/test_idlehistory.pyc
+lib/python2.7/idlelib/idle_test/test_idlehistory.pyo
+lib/python2.7/idlelib/idle_test/test_pathbrowser.py
+lib/python2.7/idlelib/idle_test/test_pathbrowser.pyc
+lib/python2.7/idlelib/idle_test/test_pathbrowser.pyo
fix dvdrip menu icon
ok?
Index: Makefile
===
RCS file: /cvs/ports/graphics/dvdrip/Makefile,v
retrieving revision 1.15
diff -u -p -r1.15 Makefile
--- Makefile6 Apr 2013 18:36:21 - 1.15
+++ Makefile2 Jun 2014 08:45:15 -
@@ -3,6 +3,7 @@
COMMENT= full featured DVD copy program
VERSION= 0.98.11
+REVISION= 0
DISTNAME= dvdrip-${VERSION}
CATEGORIES=graphics audio multimedia perl5
@@ -47,5 +48,7 @@ post-install:
${INSTALL_DATA} ${WRKSRC}/dvdrip.desktop ${PREFIX}/share/applications
rm -f ${PREFIX}/${P5SITE}/Video/DVDRip/Config.pm.orig
rm -f ${PREFIX}/${P5SITE}/Video/DVDRip/GUI/Project/Title.pm.orig
+ ${INSTALL_DATA_DIR} ${PREFIX}/share/icons/hicolor/scalable/apps/
+ ${INSTALL_DATA} ${WRKSRC}/dvdrip-icon-hq.svg
${PREFIX}/share/icons/hicolor/scalable/apps/dvdrip.svg
.include bsd.port.mk
Index: pkg/PLIST
===
RCS file: /cvs/ports/graphics/dvdrip/pkg/PLIST,v
retrieving revision 1.6
diff -u -p -r1.6 PLIST
--- pkg/PLIST 6 Apr 2013 18:36:21 - 1.6
+++ pkg/PLIST 2 Jun 2014 08:46:13 -
@@ -102,6 +102,7 @@ ${P5SITE}/Video/DVDRip/translators.txt
@man man/man3p/Video::DVDRip.3p
@man man/man3p/Video::DVDRip::CPAN::Scanf.3p
share/applications/dvdrip.desktop
+share/icons/hicolor/scalable/apps/dvdrip.svg
share/locale/cs/LC_MESSAGES/video.dvdrip.mo
share/locale/da/LC_MESSAGES/video.dvdrip.mo
share/locale/de/LC_MESSAGES/video.dvdrip.mo
@@ -114,3 +115,5 @@ share/locale/sr@Latn/LC_MESSAGES/
share/locale/sr@Latn/LC_MESSAGES/video.dvdrip.mo
@exec %D/bin/update-desktop-database
@unexec-delete %D/bin/update-desktop-database
+@exec %D/bin/gtk-update-icon-cache -q -t %D/share/icons/hicolor
+@unexec-delete %D/bin/gtk-update-icon-cache -q -t %D/share/icons/hicolor
Re: NEW: net/ucspi-tcp
* Jan Klemkow j.klem...@wemelug.de [2014-06-01 23:38]: On Fri, May 30, 2014 at 09:51:24PM +0100, Stuart Henderson wrote: On 2014/05/30 22:43, Jan Klemkow wrote: On Fri, May 30, 2014 at 10:26:43PM +0200, Jan Klemkow wrote: On Fri, May 30, 2014 at 01:49:55PM +0200, Henning Brauer wrote: * Stuart Henderson st...@openbsd.org [2014-05-28 12:31]: the old port also had this...is this or something like it still needed? # datasize limit in 'run' files is too low for ld.so # to be able to pull in libc LDFLAGS+= -static that is everything but smart, it makes MUCH more sense to increase the datasize limits (the softlimit calls) in the run scripts. Henning is right. It is stupid to compile this port static cause of the datasize limit. So I removed it from the port. If something is still needed for this, then it probably needs some kind of instructions somewhere... I talked with Henning about the reason of that static compiling hack. As I understand him, there are some scripts from djb which sets the datasize limit to a low value and that causes some crashes. So I add an install notice to the port: Please notice, there may be some scripts that manipulate the datasize limit of tcpclient/tcpserver which may cause a process termination. For more information look at login.conf(5). not really. a typical daemontools-style run script looks like this: #!/bin/sh exec 21 exec envuidgid tinydns envdir ./env softlimit -d3 /usr/local/bin/tinydns since it's djb and just HAS to be different to be different... the softlimit invocation is the culprit, that number there needs adjustment, the defaults from more than a decade ago (when no randomization, eating a little virtual mem, took place) just don't cut it any more.
SOGo on 5.5 not working
Hi, I'm trying to use SOGo on OpenBSD 5.5 AMD64 but it is not working. When I try to connect I get a timeout and the log file contains many lines with the following errors: Loading two versions of SOGoEMailAlarmsManager. The class that will be used is undefined Loading two versions of SOGoAppointmentOccurence. The class that will be used is undefined Loading two versions of SOGoComponentOccurence. The class that will be used is undefined Loading two versions of SOGoAppointmentObject. The class that will be used is undefined Loading two versions of SOGoCalendarComponent. The class that will be used is undefined Loading two versions of SOGoCalendarMailBodyPart. The class that will be used is undefined Loading two versions of SOGoHTMLMailBodyPart. The class that will be used is undefined Loading two versions of SOGoMailBodyPart. The class that will be used is undefined Loading two versions of SOGoTrashFolder. The class that will be used is undefined Loading two versions of SOGoDraftsFolder. The class that will be used is undefined Loading two versions of SOGoSentFolder. The class that will be used is undefined Loading two versions of SOGoMailObject. The class that will be used is undefined Loading two versions of SOGoMailNamespace. The class that will be used is undefined Loading two versions of SOGoMailFolder. The class that will be used is undefined Loading two versions of SOGoSpecialMailFolder. The class that will be used is undefined Loading two versions of SOGoMailAccount. The class that will be used is undefined Loading two versions of SOGoMailAccounts. The class that will be used is undefined Loading two versions of SOGoMailBaseObject. The class that will be used is undefined Loading two versions of SOGoDraftObject. The class that will be used is undefined Calling [libxmlSAXLocator -lineNumber] with incorrect signature. Method has i16@0:8, selector has q16@0:8 Calling [NGDOMElement -setLine:] with incorrect signature. Method has v24@0:8q16, selector has v20@0:8i16 Calling [GSMutableArray -length] with incorrect signature. Method has I16@0:8, selector has Q16@0:8 The system has the following software: - OS: OpenBSD 5.5 AMD64 GENERIC.MP - SOGO: sogo-2.1.1.1p0 - SOPE: sope-2.1.1.1 sope-mysql-2.1.1.1 - GNUSTEP: gnustep-base-1.24.6 gnustep-libobjc2-1.7p0 gnustep-make-2.6.6 Any suggestions on how to fix this? Kind regards, Martijn Rijkeboer
Re: UPDATE: net/irssi 0.8.16
On 2014/06/01 18:06, viq wrote: By popular request ;) Here's an update to 0.8.16. Seems to work for me, though there's a bunch of warnings when compiling. Possibly the patching of src/core/network-openssl.c is not necessary to add static int getpass_cb on line 423 - there is a similiar function below in line 445 called static int get_pem_password_callback. It would be great if someone who actually knows C would have a look at it. getpass_cb() isn't referenced anywhere else so it's just dead code, the functionality was included in upstream's recent commit where they added certificate password support themselves. I've pulled this patch out in the copy in my tree, things work fine here, I intend to commit it fairly soon unless there are objections.
wpa_supplicant core dump
Hi, I got wpa_supplicant core dump. Strange is it is not always reproducible, it core dumps mostly but sometimes it does not. j. # wpa_supplicant -c /etc/wpa_supplicant.conf -D openbsd -i iwn0 -d ... EAP-PEAP: received 53 bytes encrypted data for Phase 2 EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=14): 01 af 00 0e 06 50 61 73 73 77 6f 72 64 3a EAP-PEAP: received Phase 2: code=1 identifier=175 length=14 EAP-PEAP: Phase 2 Request: type=6 EAP-PEAP: Selected Phase 2 EAP vendor 0 method 6 EAP-GTC: Password not configured EAPOL: EAP parameter needed iwn0: CTRL-REQ-OTP-0:[Password:] needed for SSID WifiAP EAP: method process - ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x0 EAP: EAP entering state SEND_RESPONSE EAP: No eapRespData available EAP: EAP entering state IDLE CTRL_IFACE monitor attached /tmp/wpa_ctrl_9659-2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0 0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0 Abort trap (core dumped) (gdb) where #0 0x1545475b9fea in kill () at stdin:2 #1 0x1545475f34bc in __stack_smash_handler (func=0x1543451838c0 wpa_supplicant_ctrl_iface_attach, damaged=Variable damaged is not available. ) at /usr/src/lib/libc/sys/stack_protector.c:61 #2 0x154345056971 in wpa_supplicant_ctrl_iface_attach () from /usr/local/sbin/wpa_supplicant #3 0x15434505789d in wpa_supplicant_ctrl_iface_receive () from /usr/local/sbin/wpa_supplicant #4 0x15434501297a in eloop_sock_table_dispatch () from /usr/local/sbin/wpa_supplicant #5 0x154345013428 in eloop_run () from /usr/local/sbin/wpa_supplicant #6 0x154345059e11 in wpa_supplicant_run () from /usr/local/sbin/wpa_supplicant #7 0x154345066fda in main () from /usr/local/sbin/wpa_supplicant (gdb) thread apply all bt Thread 1 (process 21621): #0 0x1545475b9fea in kill () at stdin:2 #1 0x1545475f34bc in __stack_smash_handler (func=0x1543451838c0 wpa_supplicant_ctrl_iface_attach, damaged=Variable damaged is not available. ) at /usr/src/lib/libc/sys/stack_protector.c:61 #2 0x154345056971 in wpa_supplicant_ctrl_iface_attach () from /usr/local/sbin/wpa_supplicant #3 0x15434505789d in wpa_supplicant_ctrl_iface_receive () from /usr/local/sbin/wpa_supplicant #4 0x15434501297a in eloop_sock_table_dispatch () from /usr/local/sbin/wpa_supplicant #5 0x154345013428 in eloop_run () from /usr/local/sbin/wpa_supplicant #6 0x154345059e11 in wpa_supplicant_run () from /usr/local/sbin/wpa_supplicant #7 0x154345066fda in main () from /usr/local/sbin/wpa_supplicant Information for inst:wpa_supplicant-2.1 Comment: IEEE 802.1X supplicant Description: wpa_supplicant is the implementation of an IEEE 802.1X supplicant for wired (Ethernet PAE) and wireless (WPA/WPA2) authentication. Maintainer: Stuart Henderson st...@openbsd.org WWW: http://hostap.epitest.fi/wpa_supplicant/ kern.version=OpenBSD 5.5-current (GENERIC.MP) #126: Mon May 12 22:40:04 MDT 2014 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Re: elinks creates file whose name is the contents of elinks.conf
On 2014/06/01 14:02, Stuart Henderson wrote:
On 2014/05/31 13:47, Jérémie Courrèges-Anglas wrote:
Stuart Henderson st...@openbsd.org writes:
Awesome! We probably need to delete more lines. Not sure a good way
to feed this sort of change back to upstreams though, as they *do* need
this with OpenSSL.
[...]
I agree that more lines should be deleted. Is this clear enough?
Unless a proper autoconf check is added I think it would be better to
just delete the lines.. As-is, reading just the patch suggests that
upstream might have some check to define OPENSSL_RAND_HACKS that we're
just making use of here.
(outright deleting is also more likely to draw attention to any upstream
changes in the relevant code if the port is updated, as the patch will
then fail or warn about being applied with fuzz).
so...it seems the comment is outdated, RAND_load_file(3) advises against
using this function.
I think this makes sense. OK?
Index: Makefile
===
RCS file: /cvs/ports/www/elinks/Makefile,v
retrieving revision 1.32
diff -u -p -r1.32 Makefile
--- Makefile10 Oct 2013 20:10:51 - 1.32
+++ Makefile2 Jun 2014 11:05:24 -
@@ -2,7 +2,7 @@
COMMENT= full-featured text WWW browser
DISTNAME= elinks-0.11.7
-REVISION= 7
+REVISION= 8
CATEGORIES=www
MASTER_SITES= http://elinks.cz/download/
Index: patches/patch-src_network_ssl_ssl_c
===
RCS file: /cvs/ports/www/elinks/patches/patch-src_network_ssl_ssl_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-src_network_ssl_ssl_c
--- patches/patch-src_network_ssl_ssl_c 19 Apr 2014 17:59:38 - 1.1
+++ patches/patch-src_network_ssl_ssl_c 2 Jun 2014 11:05:24 -
@@ -1,17 +1,30 @@
$OpenBSD: patch-src_network_ssl_ssl_c,v 1.1 2014/04/19 17:59:38 sthen Exp $
src/network/ssl/ssl.c.orig Sat Apr 19 18:44:13 2014
-+++ src/network/ssl/ssl.c Sat Apr 19 18:45:12 2014
-@@ -49,11 +49,8 @@ init_openssl(struct module *module)
-* cannot initialize the PRNG and so every attempt to use SSL fails.
-* It's actually an OpenSSL FAQ, and according to them, it's up to the
-* application coders to seed the RNG. -- William Yodlowsky */
+
+Remove RAND_egd, dangerous API has been removed in libressl.
+
+Remove RAND_load_file use; RAND_load_file() used to allow for the state
+of the random number generator to be controlled by external sources. It
+is kept for ABI compatibility but is no longer functional, and should
+not used in new programs.
+
+--- src/network/ssl/ssl.c.orig Sat Aug 22 12:15:08 2009
src/network/ssl/ssl.c Mon Jun 2 12:04:23 2014
+@@ -43,18 +43,6 @@ SSL_CTX *context = NULL;
+ static void
+ init_openssl(struct module *module)
+ {
+- unsigned char f_randfile[PATH_MAX];
+-
+- /* In a nutshell, on OS's without a /dev/urandom, the OpenSSL library
+- * cannot initialize the PRNG and so every attempt to use SSL fails.
+- * It's actually an OpenSSL FAQ, and according to them, it's up to the
+- * application coders to seed the RNG. -- William Yodlowsky */
- if (RAND_egd(RAND_file_name(f_randfile, sizeof(f_randfile))) 0) {
- /* Not an EGD, so read and write to it */
- if (RAND_load_file(f_randfile, -1))
- RAND_write_file(f_randfile);
- }
-+ if (RAND_load_file(f_randfile, -1))
-+ RAND_write_file(f_randfile);
-
+-
SSLeay_add_ssl_algorithms();
context = SSL_CTX_new(SSLv23_client_method());
+ SSL_CTX_set_options(context, SSL_OP_ALL);
Re: elinks creates file whose name is the contents of elinks.conf
Stuart Henderson st...@openbsd.org writes:
On 2014/06/01 14:02, Stuart Henderson wrote:
On 2014/05/31 13:47, Jérémie Courrèges-Anglas wrote:
Stuart Henderson st...@openbsd.org writes:
Awesome! We probably need to delete more lines. Not sure a good way
to feed this sort of change back to upstreams though, as they *do* need
this with OpenSSL.
[...]
I agree that more lines should be deleted. Is this clear enough?
Unless a proper autoconf check is added I think it would be better to
just delete the lines.. As-is, reading just the patch suggests that
upstream might have some check to define OPENSSL_RAND_HACKS that we're
just making use of here.
(outright deleting is also more likely to draw attention to any upstream
changes in the relevant code if the port is updated, as the patch will
then fail or warn about being applied with fuzz).
so...it seems the comment is outdated, RAND_load_file(3) advises against
using this function.
The *LibreSSL* documentation does, the original RAND_load_file.pod
doesn't advise against using it.
Also our rand.pod (RAND(3)) still advertizes RAND_add and RAND_load_file
(fourth paragraph of DESCRIPTION), this should probably be corrected.
I think this makes sense. OK?
I think a little tweak to the comment for RAND_load_file is thus needed.
Maybe something like:
Remove RAND_load_file use; this function has been deprecated in
libressl. quote from manpage
Otherwise ok.
Index: Makefile
===
RCS file: /cvs/ports/www/elinks/Makefile,v
retrieving revision 1.32
diff -u -p -r1.32 Makefile
--- Makefile 10 Oct 2013 20:10:51 - 1.32
+++ Makefile 2 Jun 2014 11:05:24 -
@@ -2,7 +2,7 @@
COMMENT= full-featured text WWW browser
DISTNAME=elinks-0.11.7
-REVISION=7
+REVISION=8
CATEGORIES= www
MASTER_SITES=http://elinks.cz/download/
Index: patches/patch-src_network_ssl_ssl_c
===
RCS file: /cvs/ports/www/elinks/patches/patch-src_network_ssl_ssl_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-src_network_ssl_ssl_c
--- patches/patch-src_network_ssl_ssl_c 19 Apr 2014 17:59:38 -
1.1
+++ patches/patch-src_network_ssl_ssl_c 2 Jun 2014 11:05:24 -
@@ -1,17 +1,30 @@
$OpenBSD: patch-src_network_ssl_ssl_c,v 1.1 2014/04/19 17:59:38 sthen Exp $
src/network/ssl/ssl.c.orig Sat Apr 19 18:44:13 2014
-+++ src/network/ssl/ssl.cSat Apr 19 18:45:12 2014
-@@ -49,11 +49,8 @@ init_openssl(struct module *module)
- * cannot initialize the PRNG and so every attempt to use SSL fails.
- * It's actually an OpenSSL FAQ, and according to them, it's up to the
- * application coders to seed the RNG. -- William Yodlowsky */
+
+Remove RAND_egd, dangerous API has been removed in libressl.
+
+Remove RAND_load_file use; RAND_load_file() used to allow for the state
+of the random number generator to be controlled by external sources. It
+is kept for ABI compatibility but is no longer functional, and should
+not used in new programs.
+
+--- src/network/ssl/ssl.c.orig Sat Aug 22 12:15:08 2009
src/network/ssl/ssl.cMon Jun 2 12:04:23 2014
+@@ -43,18 +43,6 @@ SSL_CTX *context = NULL;
+ static void
+ init_openssl(struct module *module)
+ {
+-unsigned char f_randfile[PATH_MAX];
+-
+-/* In a nutshell, on OS's without a /dev/urandom, the OpenSSL library
+- * cannot initialize the PRNG and so every attempt to use SSL fails.
+- * It's actually an OpenSSL FAQ, and according to them, it's up to the
+- * application coders to seed the RNG. -- William Yodlowsky */
-if (RAND_egd(RAND_file_name(f_randfile, sizeof(f_randfile))) 0) {
-/* Not an EGD, so read and write to it */
-if (RAND_load_file(f_randfile, -1))
-RAND_write_file(f_randfile);
-}
-+if (RAND_load_file(f_randfile, -1))
-+RAND_write_file(f_randfile);
-
+-
SSLeay_add_ssl_algorithms();
context = SSL_CTX_new(SSLv23_client_method());
+ SSL_CTX_set_options(context, SSL_OP_ALL);
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: elinks creates file whose name is the contents of elinks.conf
On 2014/06/02 13:24, Jérémie Courrèges-Anglas wrote:
The *LibreSSL* documentation does, the original RAND_load_file.pod
doesn't advise against using it.
argh. In that case, this fix won't be sufficient for upstream (assuming
they care about Windows).
Also our rand.pod (RAND(3)) still advertizes RAND_add and RAND_load_file
(fourth paragraph of DESCRIPTION), this should probably be corrected.
I think this makes sense. OK?
I think a little tweak to the comment for RAND_load_file is thus needed.
Maybe something like:
Remove RAND_load_file use; this function has been deprecated in
libressl. quote from manpage
Agreed.
So, another attempt...
Index: Makefile
===
RCS file: /cvs/ports/www/elinks/Makefile,v
retrieving revision 1.32
diff -u -p -r1.32 Makefile
--- Makefile10 Oct 2013 20:10:51 - 1.32
+++ Makefile2 Jun 2014 11:58:09 -
@@ -2,7 +2,7 @@
COMMENT= full-featured text WWW browser
DISTNAME= elinks-0.11.7
-REVISION= 7
+REVISION= 8
CATEGORIES=www
MASTER_SITES= http://elinks.cz/download/
@@ -13,7 +13,8 @@ MAINTAINER= Edd Barrett e...@openbsd.or
# GPL, v2 only
PERMIT_PACKAGE_CDROM= Yes
-CONFIGURE_STYLE= gnu
+CONFIGURE_STYLE= autoconf
+AUTOCONF_VERSION= 2.61
CONFIGURE_ENV+=CFLAGS=${CFLAGS} -I${LOCALBASE}/include \
-L${LOCALBASE}/lib
Index: patches/patch-configure
===
RCS file: patches/patch-configure
diff -N patches/patch-configure
--- patches/patch-configure 16 Jun 2009 23:17:33 - 1.5
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,23 +0,0 @@
-$OpenBSD: patch-configure,v 1.5 2009/06/16 23:17:33 sthen Exp $
configure.orig Sat Mar 21 12:50:25 2009
-+++ configure Wed Jun 17 00:08:56 2009
-@@ -17596,7 +17596,7 @@ if test -z $disable_lua; then
- for luadir in $withval /usr /usr/local; do
- for suffix in 50; do
- if test $cf_result = no; then
-- LUA_LIBS=-llua$suffix -llualib$suffix -lm
-+ LUA_LIBS=-llua$suffix -lm
-
- if test ! -z $luadir; then
- LUA_LIBS=-L$luadir/lib $LUA_LIBS
-@@ -23294,10 +23294,6 @@ ALL_CFLAGS=$CFLAGS $CPPFLAGS
-
-
-
--if test $(`which tput` colors) -ge 4; then
-- MAKE_COLOR=1
--
--fi
-
-
- ac_config_files=$ac_config_files Makefile.config contrib/elinks.spec
contrib/lua/hooks.lua contrib/conv/w3m2links.awk doc/man/man1/elinks.1
src/intl/gettext/ref-add.sed src/intl/gettext/ref-del.sed
Index: patches/patch-configure_in
===
RCS file: patches/patch-configure_in
diff -N patches/patch-configure_in
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-configure_in 2 Jun 2014 11:58:09 -
@@ -0,0 +1,20 @@
+$OpenBSD$
+--- configure.in.orig Sat Aug 22 12:15:08 2009
configure.in Mon Jun 2 12:54:21 2014
+@@ -744,7 +744,7 @@ if test -z $disable_lua; then
+ for luadir in $withval /usr /usr/local; do
+ for suffix in 50; do
+ if test $cf_result = no; then
+- LUA_LIBS=-llua$suffix -llualib$suffix -lm
++ LUA_LIBS=-llua$suffix -lm
+
+ if test ! -z $luadir; then
+ LUA_LIBS=-L$luadir/lib $LUA_LIBS
+@@ -900,6 +900,7 @@ else
+
+ CFLAGS=$CFLAGS_X
+ AC_SUBST(OPENSSL_CFLAGS)
++ AC_CHECK_FUNC(RAND_egd, HAVE_RAND_EGD=yes, HAVE_RAND_EGD=no)
+ fi
+ fi
+
Index: patches/patch-src_network_ssl_ssl_c
===
RCS file: /cvs/ports/www/elinks/patches/patch-src_network_ssl_ssl_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-src_network_ssl_ssl_c
--- patches/patch-src_network_ssl_ssl_c 19 Apr 2014 17:59:38 - 1.1
+++ patches/patch-src_network_ssl_ssl_c 2 Jun 2014 11:58:09 -
@@ -1,17 +1,21 @@
-$OpenBSD: patch-src_network_ssl_ssl_c,v 1.1 2014/04/19 17:59:38 sthen Exp $
src/network/ssl/ssl.c.orig Sat Apr 19 18:44:13 2014
-+++ src/network/ssl/ssl.c Sat Apr 19 18:45:12 2014
-@@ -49,11 +49,8 @@ init_openssl(struct module *module)
+$OpenBSD$
+--- src/network/ssl/ssl.c.orig Mon Jun 2 12:54:40 2014
src/network/ssl/ssl.c Mon Jun 2 12:55:46 2014
+@@ -49,11 +49,16 @@ init_openssl(struct module *module)
* cannot initialize the PRNG and so every attempt to use SSL fails.
* It's actually an OpenSSL FAQ, and according to them, it's up to the
* application coders to seed the RNG. -- William Yodlowsky */
- if (RAND_egd(RAND_file_name(f_randfile, sizeof(f_randfile))) 0) {
-- /* Not an
Re: wpa_supplicant core dump
On Mon, Jun 02, 2014 at 07:07:50AM -0400, Jiri B wrote:
Hi,
I got wpa_supplicant core dump. Strange is it is not always
reproducible, it core dumps mostly but sometimes it does not.
CTRL_IFACE monitor attached
/tmp/wpa_ctrl_9659-2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0
0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0
Abort trap (core dumped)
(gdb) where
#0 0x1545475b9fea in kill () at stdin:2
#1 0x1545475f34bc in __stack_smash_handler (func=0x1543451838c0
wpa_supplicant_ctrl_iface_attach, damaged=Variable damaged is not
available.
) at /usr/src/lib/libc/sys/stack_protector.c:61
#2 0x154345056971 in wpa_supplicant_ctrl_iface_attach () from
/usr/local/sbin/wpa_supplicant
#3 0x15434505789d in wpa_supplicant_ctrl_iface_receive () from
/usr/local/sbin/wpa_supplicant
#4 0x15434501297a in eloop_sock_table_dispatch () from
/usr/local/sbin/wpa_supplicant
#5 0x154345013428 in eloop_run () from /usr/local/sbin/wpa_supplicant
#6 0x154345059e11 in wpa_supplicant_run () from
/usr/local/sbin/wpa_supplicant
#7 0x154345066fda in main () from /usr/local/sbin/wpa_supplicant
The stack smash protector found an off-by-one.
It happens when the printf_encode() function writes a NUL to the
byte past the output buffer.
Attached is a test case which crashes whenever txt - end == 4
during the last loop iteration:
[...]
data[i]=0x8, end - txt = 13
data[i]=0x4c, end - txt = 9
data[i]=0xff, end - txt = 8
data[i]=0xff, end - txt = 4
Abort trap (core dumped)
Fix:
Index: Makefile
===
RCS file: /cvs/ports/security/wpa_supplicant/Makefile,v
retrieving revision 1.14
diff -u -p -r1.14 Makefile
--- Makefile18 Mar 2014 05:57:22 - 1.14
+++ Makefile2 Jun 2014 12:11:45 -
@@ -3,6 +3,7 @@
COMMENT= IEEE 802.1X supplicant
DISTNAME= wpa_supplicant-2.1
+REVISION= 0
CATEGORIES=security net
HOMEPAGE= http://hostap.epitest.fi/wpa_supplicant/
Index: patches/patch-src_utils_common_c
===
RCS file: patches/patch-src_utils_common_c
diff -N patches/patch-src_utils_common_c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-src_utils_common_c2 Jun 2014 12:14:04 -
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/utils/common.c.origMon Jun 2 14:12:42 2014
src/utils/common.c Mon Jun 2 14:12:52 2014
+@@ -350,7 +350,7 @@ void printf_encode(char *txt, size_t maxlen, const u8
+ size_t i;
+
+ for (i = 0; i len; i++) {
+- if (txt + 4 end)
++ if (txt + 4 = end)
+ break;
+
+ switch (data[i]) {
/* Off-by-one reproduction based on code from wpa_supplicant.
*
* wpa_supplicant/hostapd / common helper functions, etc.
* Copyright (c) 2002-2007, Jouni Malinen j...@w1.fi
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#include stddef.h
#include stdio.h
#include string.h
#include sys/socket.h
#include sys/un.h
void printf_encode(char *txt, size_t maxlen, const unsigned char *data, size_t
len)
{
char *end = txt + maxlen;
size_t i;
for (i = 0; i len; i++) {
#ifdef DO_NOT_OVERFLOW
if (txt + 4 = end)
#else
if (txt + 4 end)
#endif
break;
printf(data[i]=0x%x, end - txt = %d\n, data[i], end - txt);
switch (data[i]) {
case '\':
*txt++ = '\\';
*txt++ = '\';
break;
case '\\':
*txt++ = '\\';
*txt++ = '\\';
break;
case '\e':
*txt++ = '\\';
*txt++ = 'e';
break;
case '\n':
*txt++ = '\\';
*txt++ = 'n';
break;
case '\r':
*txt++ = '\\';
*txt++ = 'r';
break;
case '\t':
*txt++ = '\\';
*txt++ = 't';
break;
default:
if (data[i] = 32 data[i] = 127) {
*txt++ = data[i];
} else {
txt += snprintf(txt, end - txt, \\x%02x,
data[i]);
}
break;
}
}
*txt = '\0';
}
void foo(struct sockaddr_un *from, socklen_t fromlen)
{
char encoded[200];
memset(encoded, 0, sizeof(encoded));
Re: elinks creates file whose name is the contents of elinks.conf
Stuart Henderson st...@openbsd.org writes:
On 2014/06/02 13:24, Jérémie Courrèges-Anglas wrote:
The *LibreSSL* documentation does, the original RAND_load_file.pod
doesn't advise against using it.
argh. In that case, this fix won't be sufficient for upstream (assuming
they care about Windows).
Also our rand.pod (RAND(3)) still advertizes RAND_add and RAND_load_file
(fourth paragraph of DESCRIPTION), this should probably be corrected.
I think this makes sense. OK?
I think a little tweak to the comment for RAND_load_file is thus needed.
Maybe something like:
Remove RAND_load_file use; this function has been deprecated in
libressl. quote from manpage
Agreed.
So, another attempt...
Better use AC_CHECK_FUNC*S* with the default actions, else you don't get
the config.h.in entry generated by autoheader. Also there is no need to
hide it inside the OpenSSL check.
Otherwise, ok.
configure:18330: checking for RAND_egd
configure:18386: cc -o conftest -O2 -pipe -I/usr/local/include
-L/usr/local/lib -Wall -rdynamic conftest.c -lssl -lcrypto -lz -lbz2 -lidn
5
/usr/local/lib/libidn.so.17.0: warning: strcpy() is almost always misused,
please use strlcpy()
/usr/local/lib/libbz2.so.10.4: warning: strcat() is almost always misused,
please use strlcat()
/tmp//ccEPkCS0.o(.text+0x7): In function `main':
: undefined reference to `RAND_egd'
collect2: ld returned 1 exit status
/* Define to 1 if you have the `RAND_egd' function. */
#undef HAVE_RAND_EGD
Index: Makefile
===
RCS file: /cvs/ports/www/elinks/Makefile,v
retrieving revision 1.32
diff -u -p -r1.32 Makefile
--- Makefile10 Oct 2013 20:10:51 - 1.32
+++ Makefile2 Jun 2014 12:05:42 -
@@ -2,7 +2,7 @@
COMMENT= full-featured text WWW browser
DISTNAME= elinks-0.11.7
-REVISION= 7
+REVISION= 8
CATEGORIES=www
MASTER_SITES= http://elinks.cz/download/
@@ -13,7 +13,8 @@ MAINTAINER= Edd Barrett e...@openbsd.or
# GPL, v2 only
PERMIT_PACKAGE_CDROM= Yes
-CONFIGURE_STYLE= gnu
+CONFIGURE_STYLE= autoconf
+AUTOCONF_VERSION= 2.61
CONFIGURE_ENV+=CFLAGS=${CFLAGS} -I${LOCALBASE}/include \
-L${LOCALBASE}/lib
Index: patches/patch-configure
===
RCS file: patches/patch-configure
diff -N patches/patch-configure
--- patches/patch-configure 16 Jun 2009 23:17:33 - 1.5
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,23 +0,0 @@
-$OpenBSD: patch-configure,v 1.5 2009/06/16 23:17:33 sthen Exp $
configure.orig Sat Mar 21 12:50:25 2009
-+++ configure Wed Jun 17 00:08:56 2009
-@@ -17596,7 +17596,7 @@ if test -z $disable_lua; then
- for luadir in $withval /usr /usr/local; do
- for suffix in 50; do
- if test $cf_result = no; then
-- LUA_LIBS=-llua$suffix -llualib$suffix -lm
-+ LUA_LIBS=-llua$suffix -lm
-
- if test ! -z $luadir; then
- LUA_LIBS=-L$luadir/lib $LUA_LIBS
-@@ -23294,10 +23294,6 @@ ALL_CFLAGS=$CFLAGS $CPPFLAGS
-
-
-
--if test $(`which tput` colors) -ge 4; then
-- MAKE_COLOR=1
--
--fi
-
-
- ac_config_files=$ac_config_files Makefile.config contrib/elinks.spec
contrib/lua/hooks.lua contrib/conv/w3m2links.awk doc/man/man1/elinks.1
src/intl/gettext/ref-add.sed src/intl/gettext/ref-del.sed
Index: patches/patch-configure_in
===
RCS file: patches/patch-configure_in
diff -N patches/patch-configure_in
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-configure_in 2 Jun 2014 12:38:49 -
@@ -0,0 +1,21 @@
+$OpenBSD$
+--- configure.in.orig Sat Aug 22 13:15:08 2009
configure.in Mon Jun 2 14:38:29 2014
+@@ -744,7 +744,7 @@ if test -z $disable_lua; then
+ for luadir in $withval /usr /usr/local; do
+ for suffix in 50; do
+ if test $cf_result = no; then
+- LUA_LIBS=-llua$suffix -llualib$suffix -lm
++ LUA_LIBS=-llua$suffix -lm
+
+ if test ! -z $luadir; then
+ LUA_LIBS=-L$luadir/lib $LUA_LIBS
+@@ -904,6 +904,8 @@ else
+ fi
+
+ AC_MSG_RESULT($cf_result)
++
++AC_CHECK_FUNCS(RAND_egd)
+
+ CONFIG_GNUTLS_OPENSSL_COMPAT=no
+ dnl GNU TLS
Index: patches/patch-src_network_ssl_ssl_c
===
RCS file: /cvs/ports/www/elinks/patches/patch-src_network_ssl_ssl_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-src_network_ssl_ssl_c
--- patches/patch-src_network_ssl_ssl_c 19 Apr 2014 17:59:38 - 1.1
+++ patches/patch-src_network_ssl_ssl_c 2 Jun 2014 12:05:42 -
@@
Re: NEW: net/ucspi-tcp
On Mon, Jun 02, 2014 at 11:50:19AM +0200, Henning Brauer wrote: * Jan Klemkow j.klem...@wemelug.de [2014-06-01 23:38]: On Fri, May 30, 2014 at 09:51:24PM +0100, Stuart Henderson wrote: On 2014/05/30 22:43, Jan Klemkow wrote: On Fri, May 30, 2014 at 10:26:43PM +0200, Jan Klemkow wrote: On Fri, May 30, 2014 at 01:49:55PM +0200, Henning Brauer wrote: * Stuart Henderson st...@openbsd.org [2014-05-28 12:31]: the old port also had this...is this or something like it still needed? # datasize limit in 'run' files is too low for ld.so # to be able to pull in libc LDFLAGS+= -static that is everything but smart, it makes MUCH more sense to increase the datasize limits (the softlimit calls) in the run scripts. Henning is right. It is stupid to compile this port static cause of the datasize limit. So I removed it from the port. If something is still needed for this, then it probably needs some kind of instructions somewhere... I talked with Henning about the reason of that static compiling hack. As I understand him, there are some scripts from djb which sets the datasize limit to a low value and that causes some crashes. So I add an install notice to the port: Please notice, there may be some scripts that manipulate the datasize limit of tcpclient/tcpserver which may cause a process termination. For more information look at login.conf(5). not really. a typical daemontools-style run script looks like this: #!/bin/sh exec 21 exec envuidgid tinydns envdir ./env softlimit -d3 /usr/local/bin/tinydns since it's djb and just HAS to be different to be different... the softlimit invocation is the culprit, that number there needs adjustment, the defaults from more than a decade ago (when no randomization, eating a little virtual mem, took place) just don't cut it any more. What should I do with this port now? Adding this message, no message, or an other message? thanks, Jan
Re: SOGo on 5.5 not working
On Monday, June 2, 2014 11:55 CEST, Martijn Rijkeboer mart...@bunix.org wrote: Hi, I'm trying to use SOGo on OpenBSD 5.5 AMD64 but it is not working. When I try to connect I get a timeout and the log file contains many lines with the following errors: Loading two versions of SOGoEMailAlarmsManager. The class that will be used is undefined Loading two versions of SOGoAppointmentOccurence. The class that will be used is undefined Loading two versions of SOGoComponentOccurence. The class that will be used is undefined Loading two versions of SOGoAppointmentObject. The class that will be used is undefined Loading two versions of SOGoCalendarComponent. The class that will be used is undefined Loading two versions of SOGoCalendarMailBodyPart. The class that will be used is undefined Loading two versions of SOGoHTMLMailBodyPart. The class that will be used is undefined Loading two versions of SOGoMailBodyPart. The class that will be used is undefined Loading two versions of SOGoTrashFolder. The class that will be used is undefined Loading two versions of SOGoDraftsFolder. The class that will be used is undefined Loading two versions of SOGoSentFolder. The class that will be used is undefined Loading two versions of SOGoMailObject. The class that will be used is undefined Loading two versions of SOGoMailNamespace. The class that will be used is undefined Loading two versions of SOGoMailFolder. The class that will be used is undefined Loading two versions of SOGoSpecialMailFolder. The class that will be used is undefined Loading two versions of SOGoMailAccount. The class that will be used is undefined Loading two versions of SOGoMailAccounts. The class that will be used is undefined Loading two versions of SOGoMailBaseObject. The class that will be used is undefined Loading two versions of SOGoDraftObject. The class that will be used is undefined above classes are linked twice, that's normal. Calling [libxmlSAXLocator -lineNumber] with incorrect signature. Method has i16@0:8, selector has q16@0:8 Calling [NGDOMElement -setLine:] with incorrect signature. Method has v24@0:8q16, selector has v20@0:8i16 Calling [GSMutableArray -length] with incorrect signature. Method has I16@0:8, selector has Q16@0:8 those should also not really matter. Is there more warnings/errors you get in sogo logs? Maybe you can start it manually: su - _sogo /usr/local/sbin/sogod -WOUseWatchDog NO -WOLogFile - -WONoDetach YES that should start sogod in foreground, when its loaded, it should write something as: listening on port: X Whatever port you configured sogo to listen on. Then, when you point your browser on it, what do you get then in the console. The system has the following software: - OS: OpenBSD 5.5 AMD64 GENERIC.MP - SOGO: sogo-2.1.1.1p0 - SOPE: sope-2.1.1.1 sope-mysql-2.1.1.1 - GNUSTEP: gnustep-base-1.24.6 gnustep-libobjc2-1.7p0 gnustep-make-2.6.6 I hope it's not because of sope-mysql, I've never tried it, since I run a postgresql in the background. Sebastian Any suggestions on how to fix this? Kind regards, Martijn Rijkeboer
Re: NEW: net/ucspi-tcp
* Jan Klemkow j.klem...@wemelug.de [2014-06-02 19:56]: On Mon, Jun 02, 2014 at 11:50:19AM +0200, Henning Brauer wrote: * Jan Klemkow j.klem...@wemelug.de [2014-06-01 23:38]: On Fri, May 30, 2014 at 09:51:24PM +0100, Stuart Henderson wrote: On 2014/05/30 22:43, Jan Klemkow wrote: On Fri, May 30, 2014 at 10:26:43PM +0200, Jan Klemkow wrote: On Fri, May 30, 2014 at 01:49:55PM +0200, Henning Brauer wrote: * Stuart Henderson st...@openbsd.org [2014-05-28 12:31]: the old port also had this...is this or something like it still needed? # datasize limit in 'run' files is too low for ld.so # to be able to pull in libc LDFLAGS+= -static that is everything but smart, it makes MUCH more sense to increase the datasize limits (the softlimit calls) in the run scripts. Henning is right. It is stupid to compile this port static cause of the datasize limit. So I removed it from the port. If something is still needed for this, then it probably needs some kind of instructions somewhere... I talked with Henning about the reason of that static compiling hack. As I understand him, there are some scripts from djb which sets the datasize limit to a low value and that causes some crashes. So I add an install notice to the port: Please notice, there may be some scripts that manipulate the datasize limit of tcpclient/tcpserver which may cause a process termination. For more information look at login.conf(5). not really. a typical daemontools-style run script looks like this: #!/bin/sh exec 21 exec envuidgid tinydns envdir ./env softlimit -d3 /usr/local/bin/tinydns since it's djb and just HAS to be different to be different... the softlimit invocation is the culprit, that number there needs adjustment, the defaults from more than a decade ago (when no randomization, eating a little virtual mem, took place) just don't cut it any more. What should I do with this port now? Adding this message, no message, or an other message? IMO: tweak the message - explicit mention of softlimit, and I think the pointer to login.conf is misleading.
Re: Dovecot on 5.5 stable out-of-mem errors
On 28/05/14 4:03 AM, Otto Moerbeek wrote:
On Wed, May 28, 2014 at 07:32:48AM +0200, Otto Moerbeek wrote:
On Tue, May 27, 2014 at 05:11:16PM -0400, Brad Smith wrote:
On 27/05/14 3:42 PM, Otto Moerbeek wrote:
Hi,
on amd64 I'm seeing out-of-mem errors if I use a nonexistent username
with bsdauth (ottotest1 does not exist in /etc/passwd).
May 27 21:33:28 mx1 dovecot: auth-worker(11223): Fatal:
pool_system_realloc(268435456): Out of memory
May 27 21:33:28 mx1 dovecot: auth: Error: auth worker: Aborted request: Worker
process died unexpectedly
May 27 21:33:28 mx1 dovecot: auth-worker(11223): Fatal: master:
service(auth-worker): child 11223 returned error 83 (Out of memory (service
auth-worker { vsz_limit=256 MB }, you may need to increase it) - set
CORE_OUTOFMEM=1 environment to get core dump)
May 27 21:33:30 mx1 dovecot: imap-login: Disconnected (auth failed, 2 attempts in 10 secs):
user=ottotest1, method=PLAIN, rip=XXX, lip=YYY, TLS,
session=V8+3xGb6UwAgAQmBqvMAAQIkHf/+3uk5
Existing user with correct password goes ok, existing user with wrong
password is denied access as it should.
[otto@mx1:136]$ pkg_info | grep dove
dovecot-2.2.10p0compact IMAP/POP3 server
Any clue?
This issue was what spurred fixing getpwnam and getpwuid..
http://marc.info/?l=openbsd-cvsm=139406310728289w=2
http://marc.info/?l=openbsd-cvsm=139429727909338w=2
not being familiar with the API I'm not sure if the
workaround as was in place for older OpenBSD releases
can be improved at all..
http://www.openbsd.org/cgi-bin/cvsweb/ports/mail/dovecot/patches/patch-src_lib_ipwd_c
Thanks for the pointer.
The current situation is not really nice with it's resource
consumption and log spamming. I'll see if I get a chance to look into
this.
-Otto
Ok, here;'s what happening on 5.5:
getpwnam returns both for no such user and not enough space (ERANGE).
The code assumes always ERANGE and loops expanding the buffer until
out of mem.
On current this is fixed due to changes to getpwnam_r().
It is funny to see calls to getpwnam_r() in code using static buffers
A fix for 5.5. is indeed tricky, we cannot use the result argument nor
the return value to distinguish ERANGE and no such user.
Have to think about this.
Able to come up with anything?
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: Dovecot on 5.5 stable out-of-mem errors
On Mon, Jun 02, 2014 at 04:48:54PM -0400, Brad Smith wrote: On current this is fixed due to changes to getpwnam_r(). It is funny to see calls to getpwnam_r() in code using static buffers A fix for 5.5. is indeed tricky, we cannot use the result argument nor the return value to distinguish ERANGE and no such user. Have to think about this. Able to come up with anything? Nope, -Otto
Re: opencv 2.4.6.1 - 2.4.9
hi @ports,
Here is an update to opencv 2.4.9. Tested on amd64. Comments/OK?
CHANGELOG: http://code.opencv.org/projects/opencv/wiki/ChangeLog
Slightly tweaked version. No problems on i386 so far. Unless anyone
objects, I'll commit it in a day or two, after more runtime testing.
--
WBR,
Vadim Zhukov
Index: Makefile
===
RCS file: /cvs/ports/graphics/opencv/Makefile,v
retrieving revision 1.25
diff -u -p -r1.25 Makefile
--- Makefile8 May 2014 21:23:21 - 1.25
+++ Makefile2 Jun 2014 20:57:58 -
@@ -1,8 +1,7 @@
# $OpenBSD: Makefile,v 1.25 2014/05/08 21:23:21 kurt Exp $
ONLY_FOR_ARCHS = ${GCC4_ARCHS}
-# do not include i386 here until JDK 1.6 issues there are solved
-ONLY_FOR_ARCHS-java = amd64
+ONLY_FOR_ARCHS-java = amd64 i386
SHARED_ONLY = Yes
CATEGORIES = graphics devel
@@ -10,37 +9,36 @@ COMMENT-docs = OpenCV documentation and
COMMENT-main = library of programming functions for real time cv
COMMENT-java = Java bindings for OpenCV
-V =2.4.6.1
+V =2.4.9
DISTNAME = opencv-$V
PKGNAME-main = ${PKGNAME}
PKGNAME-docs = opencv-docs-$V
PKGNAME-java = opencv-java-$V
-REVISION-main= 0
-REVISION-java= 0
-
HOMEPAGE = http://www.opencv.org/
MAINTAINER = Rafael Sadowski raf...@sizeofvoid.org
-SHARED_LIBS = opencv_calib3d 1.0 #1.0
-SHARED_LIBS += opencv_contrib 1.0 #1.0
-SHARED_LIBS += opencv_core 1.0 #1.0
-SHARED_LIBS += opencv_features2d 1.0 #1.0
-SHARED_LIBS += opencv_flann1.0 #1.0
-SHARED_LIBS += opencv_gpu 1.0 #1.0
-SHARED_LIBS += opencv_highgui 1.0 #1.0
-SHARED_LIBS += opencv_imgproc 1.0 #1.0
-SHARED_LIBS += opencv_legacy 1.0 #1.0
-SHARED_LIBS += opencv_ml 1.0 #1.0
-SHARED_LIBS += opencv_nonfree 0.0 #0.0
-SHARED_LIBS += opencv_objdetect1.0 #1.0
-SHARED_LIBS += opencv_photo0.0 #0.0
-SHARED_LIBS += opencv_stitching0.0 #0.0
-SHARED_LIBS += opencv_superres 0.0 #0.0
-SHARED_LIBS += opencv_ts 0.0 #0.0
-SHARED_LIBS += opencv_video1.0 #1.0
-SHARED_LIBS += opencv_videostab0.0 #0.0
+SHARED_LIBS = opencv_calib3d 1.0 #1.1
+SHARED_LIBS += opencv_contrib 1.0 #1.1
+SHARED_LIBS += opencv_core 1.0 #1.1
+SHARED_LIBS += opencv_features2d 1.0 #1.1
+SHARED_LIBS += opencv_flann1.0 #1.1
+SHARED_LIBS += opencv_gpu 1.0 #1.1
+SHARED_LIBS += opencv_highgui 1.0 #1.1
+SHARED_LIBS += opencv_imgproc 1.0 #1.1
+SHARED_LIBS += opencv_legacy 1.0 #1.1
+SHARED_LIBS += opencv_ml 1.0 #1.1
+SHARED_LIBS += opencv_nonfree 0.0 #0.1
+SHARED_LIBS += opencv_objdetect1.0 #1.1
+SHARED_LIBS += opencv_photo0.0 #0.1
+SHARED_LIBS += opencv_stitching0.0 #0.1
+SHARED_LIBS += opencv_superres 0.0 #0.1
+SHARED_LIBS += opencv_ts 0.0 #0.1
+SHARED_LIBS += opencv_video1.0 #1.1
+SHARED_LIBS += opencv_videostab0.0 #0.1
+SHARED_LIBS += opencv_ocl 0.0 #2.4
+EXTRACT_SUFX = .zip
MASTER_SITES = ${MASTER_SITE_SOURCEFORGE:=opencvlibrary/}
WANTLIB-main = Half Iex IlmImf IlmThread Imath X11 Xcomposite Xcursor
@@ -115,7 +113,7 @@ CONFIGURE_ARGS =-DBUILD_opencv_nonfree:
.if ${BUILD_PACKAGES:M-java}
MODULES += java
-MODJAVA_VER = 1.6+
+MODJAVA_VER = 1.7+
BUILD_DEPENDS += devel/apache-ant
.else
# Safe: Java will be detected, if present, but won't be used
Index: distinfo
===
RCS file: /cvs/ports/graphics/opencv/distinfo,v
retrieving revision 1.2
diff -u -p -r1.2 distinfo
--- distinfo21 Oct 2013 22:46:27 - 1.2
+++ distinfo2 Jun 2014 20:57:58 -
@@ -1,2 +1,2 @@
-SHA256 (opencv-2.4.6.1.tar.gz) = rnz9hZR2tswFJGlJ3csWX7KE6vmm2BSyl23CEIh3iqA=
-SIZE (opencv-2.4.6.1.tar.gz) = 80762052
+SHA256 (opencv-2.4.9.zip) = gDAQhIFUmI6cvaiz+oV/y7JzgsKUbtcp4afkBgC7THE=
+SIZE (opencv-2.4.9.zip) = 91684751
Index: patches/patch-CMakeLists_txt
===
RCS file:
Re: UPDATE: net/irssi 0.8.16
On Mon, Jun 2, 2014 at 1:00 PM, Stuart Henderson st...@openbsd.org wrote: On 2014/06/01 18:06, viq wrote: By popular request ;) Here's an update to 0.8.16. Seems to work for me, though there's a bunch of warnings when compiling. Possibly the patching of src/core/network-openssl.c is not necessary to add static int getpass_cb on line 423 - there is a similiar function below in line 445 called static int get_pem_password_callback. It would be great if someone who actually knows C would have a look at it. getpass_cb() isn't referenced anywhere else so it's just dead code, the functionality was included in upstream's recent commit where they added certificate password support themselves. I've pulled this patch out in the copy in my tree, things work fine here, I intend to commit it fairly soon unless there are objections. For what it's worth (little ;) I don't have any objections. -- viq
nmap broken?
Here's a very simple scan that shows a fundamental problem: # nmap -Pn -sS -p22,80 scanme.nmap.org Starting Nmap 6.46 ( http://nmap.org ) at 2014-06-02 15:41 PDT Nmap scan report for scanme.nmap.org (74.207.244.221) Host is up (0.035s latency). PORT STATESERVICE 22/tcp open ssh 80/tcp filtered http Nmap done: 1 IP address (1 host up) scanned in 2.39 seconds That answer is wrong, both ports are open and responded to the syn packets. The above was run on a May 28th AMD snapshot, but I get the same results on i386 from an older April 3rd snapshot. PF was disabled. Anyone else seeing this? Thanks, Kent.
Re: UPDATE: net/synergy 1.4.17 = 1.5.0
On 05/27/14 22:38, Brian Callahan wrote: Hi ports -- Here's an update for synergy to 1.5.0. Tested on amd64 and macppc, would appreciate tests on other platforms. I also added in synergyd because we spend the time building it anyway. If this isn't desired it's easy enough to remove. OK? ~Brian Ping.
Re: nmap broken?
I checked a few other releases, and this last worked correctly on 4.9 (Nmap 5.21), and was broken on 5.0 (Nmap 5.51). On Mon, Jun 2, 2014 at 4:06 PM, Kent Fritz fritz.k...@gmail.com wrote: Here's a very simple scan that shows a fundamental problem: # nmap -Pn -sS -p22,80 scanme.nmap.org Starting Nmap 6.46 ( http://nmap.org ) at 2014-06-02 15:41 PDT Nmap scan report for scanme.nmap.org (74.207.244.221) Host is up (0.035s latency). PORT STATESERVICE 22/tcp open ssh 80/tcp filtered http Nmap done: 1 IP address (1 host up) scanned in 2.39 seconds That answer is wrong, both ports are open and responded to the syn packets. The above was run on a May 28th AMD snapshot, but I get the same results on i386 from an older April 3rd snapshot. PF was disabled. Anyone else seeing this? Thanks, Kent.
