Re: devel/fossil: uses pledge() [upstream support / and broken]

[Sebastien Marie]

On Sun, Mar 25, 2018 at 02:19:59PM -0400, James Turner wrote:
> As it seems this is only trigger when the default permissions on the
> .fossil file is changed I think we are fine for the 6.3 release. Also
> considering the tree was just locked :).

I agree. pledge() is enforced only on "fossil status" command, and the
violation occurs due to umask change between first fossil(1) run (which
created ~/.fossil) and next ones.

It seems sqlite3 library (fossil is based on it) will enforce some
permission on temporary journal file .fossil-journal to be same as
.fossil.

> I would suggested submitting a bug upstream letting them know they need
> the additional pledge when they try to chmod the file back if it gets
> changed.

I sent a mail yesterday on the fossil-users@ list, but it didn't poped.
I subscribed to the list and resent it this morning.

> I'll add the # pledge comment on the next update I commit, thanks for
> the heads up on that.

Thanks.
-- 
Sebastien Marie

Re: [NEW] rtptools

[Stuart Henderson]

On 2018/03/25 16:15, Jan Stary wrote:
> This is the latest release of RTP tools,
> a set of tools to parse, process and send RTP data.
> 
>   Jan
> 



# $OpenBSD$
COMMENT =   process RTP data
DISTNAME =  rtptools-1.22
CATEGORIES =net telephony
HOMEPAGE =  http://www.cs.columbia.edu/irt/software/rtptools/
MASTER_SITES =  ${HOMEPAGE}/download/
MAINTAINER =Jan Stary 

# BSD
PERMIT_PACKAGE_CDROM =  Yes
WANTLIB =   c
SEPARATE_BUILD =Yes
CONFIGURE_STYLE =   gnu


.include 



This needs to look a lot more like the other Makefiles in the tree.

Re: devel/fossil: uses pledge() [upstream support / and broken]

[James Turner]

As it seems this is only trigger when the default permissions on the
.fossil file is changed I think we are fine for the 6.3 release. Also
considering the tree was just locked :).

I would suggested submitting a bug upstream letting them know they need
the additional pledge when they try to chmod the file back if it gets
changed.

I'll add the # pledge comment on the next update I commit, thanks for
the heads up on that.

On Sun, Mar 25, 2018 at 09:23:14AM +0200, Sebastien Marie wrote:
> Hi,
> 
> I just found (hard way) that devel/fossil has upstream support for
> pledge(2).
> 
> It would be preferable to mark it on Makefile.
> 
> $ grep -R pledge .
> ./fossil-2.5/auto.def:cc-check-functions pledge
> ./fossil-2.5/src/checkin.c:  fossil_pledge("stdio rpath wpath cpath id flock 
> tty chown");
> ./fossil-2.5/src/config.h:** The pledge() interface is currently only 
> available on OpenBSD 5.9
> ./fossil-2.5/src/config.h:** and later.  Make calls to fossil_pledge() no-ops 
> on all platforms
> ./fossil-2.5/src/config.h:# define fossil_pledge(A)
> ./fossil-2.5/src/util.c:** Interface to pledge() on OpenBSD 5.9 and later.
> ./fossil-2.5/src/util.c:** On platforms that have pledge(), use this routine.
> ./fossil-2.5/src/util.c:void fossil_pledge(const char *promises){
> ./fossil-2.5/src/util.c:  if( pledge(promises, 0) ){
> ./fossil-2.5/src/util.c:fossil_fatal("pledge(\"%s\",NULL) fails with 
> errno=%d",
> ./fossil-2.5/www/changes.wiki:  *  Initial infrastructure is in place to make 
> use of the pledge()
> ./fossil-2.5/auto.def.orig:cc-check-functions pledge
> 
> 
> And I am tracing the problem, before reporting the bug upstream...
> 
> I dunno how to deal with it currently: the version we have in ports is
> broken... should we just disable the check for release (and ship an
> unpledged but working executable) ?
> 
> The provided diff just adds the pledge() marker.
> 
> 
> Regarding the pledge() problem:
> 
> The 'status' command trigger it.
> 
> $ fossil status
> ...
> Abort trap (core dumped)
> 
> $ dmesg | tail -1
> fossil[75892]: pledge "fattr", syscall 124
> 
> $ kdump
>   8372 fossil   CALL  
> open(0x10e760b8169f,0x10202,0644)
>   8372 fossil   NAMI  "/home/semarie/.fossil-journal"
>   8372 fossil   RET   open 6
>   8372 fossil   CALL  fstat(6,0x7f7ea210)
>   8372 fossil   STRU  struct stat { dev=1047, ino=289569, mode=-rw-r- , 
> nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, 
> atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar 25 
> 09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 
> 2018">.594806497, size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 }
>   8372 fossil   RET   fstat 0
>   8372 fossil   CALL  fchmod(6,0644)
>   8372 fossil   PLDG  fchmod, "fattr", errno 1 Operation not permitted
>   8372 fossil   PSIG  SIGABRT SIG_DFL
>   8372 fossil   NAMI  "fossil.core"
> 
> 
> -- 
> Sebastien Marie
> 
> Index: Makefile
> ===
> RCS file: /cvs/ports/devel/fossil/Makefile,v
> retrieving revision 1.62
> diff -u -p -r1.62 Makefile
> --- Makefile9 Feb 2018 19:42:45 -   1.62
> +++ Makefile25 Mar 2018 07:12:29 -
> @@ -18,6 +18,7 @@ PERMIT_PACKAGE_CDROM =Yes
>  FLAVORS=   static
>  FLAVOR?=
> 
> +# uses pledge()
>  WANTLIB =  c crypto fuse m ssl z
> 
>  MODULES =  lang/tcl

-- 
James Turner

Re: devel/fossil: uses pledge() [upstream support / and broken]

[James Turner]

On Sun, Mar 25, 2018 at 02:32:05PM -0400, James Turner wrote:
> On Mon, Mar 26, 2018 at 06:30:16AM +1300, Carlin Bingham wrote:
> > On Sun, Mar 25, 2018 at 09:23:14AM +0200, Sebastien Marie wrote:
> > > Hi,
> > > 
> > > [ ... ]
> > > 
> > > Regarding the pledge() problem:
> > > 
> > > The 'status' command trigger it.
> > > 
> > > $ fossil status
> > > ...
> > > Abort trap (core dumped)
> > > 
> > > $ dmesg | tail -1
> > > fossil[75892]: pledge "fattr", syscall 124
> > > 
> > > $ kdump
> > >   8372 fossil   CALL  
> > > open(0x10e760b8169f,0x10202,0644)
> > >   8372 fossil   NAMI  "/home/semarie/.fossil-journal"
> > >   8372 fossil   RET   open 6
> > >   8372 fossil   CALL  fstat(6,0x7f7ea210)
> > >   8372 fossil   STRU  struct stat { dev=1047, ino=289569, mode=-rw-r- 
> > > , nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, 
> > > atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar 
> > > 25 09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 
> > > 2018">.594806497, size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 }
> > 
> > I can replicate this by setting umask 027. The permissions of that file
> > are usually mode=-rw-r--r-- and it seems if it's altered by umask it
> > tries to call fchmod to set them back and then dies.
> > 
> > 
> > --
> > Carlin
> 
> Up and it looks like this has already been fixed upstream. 
> http://fossil-scm.org/index.html/info/396513fa4a6f8da8
> 

Sorry, I linked to a chown commit not one related to chmod. This is
probably still a bug.

-- 
James Turner

Re: devel/fossil: uses pledge() [upstream support / and broken]

[James Turner]

On Mon, Mar 26, 2018 at 06:30:16AM +1300, Carlin Bingham wrote:
> On Sun, Mar 25, 2018 at 09:23:14AM +0200, Sebastien Marie wrote:
> > Hi,
> > 
> > [ ... ]
> > 
> > Regarding the pledge() problem:
> > 
> > The 'status' command trigger it.
> > 
> > $ fossil status
> > ...
> > Abort trap (core dumped)
> > 
> > $ dmesg | tail -1
> > fossil[75892]: pledge "fattr", syscall 124
> > 
> > $ kdump
> >   8372 fossil   CALL  
> > open(0x10e760b8169f,0x10202,0644)
> >   8372 fossil   NAMI  "/home/semarie/.fossil-journal"
> >   8372 fossil   RET   open 6
> >   8372 fossil   CALL  fstat(6,0x7f7ea210)
> >   8372 fossil   STRU  struct stat { dev=1047, ino=289569, mode=-rw-r- , 
> > nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, 
> > atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar 
> > 25 09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 
> > 2018">.594806497, size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 }
> 
> I can replicate this by setting umask 027. The permissions of that file
> are usually mode=-rw-r--r-- and it seems if it's altered by umask it
> tries to call fchmod to set them back and then dies.
> 
> 
> --
> Carlin

Up and it looks like this has already been fixed upstream. 
http://fossil-scm.org/index.html/info/396513fa4a6f8da8

-- 
James Turner

CVS: cvs.openbsd.org: ports

[Landry Breuil]

CVSROOT:/cvs
Module name:ports
Changes by: lan...@cvs.openbsd.org  2018/03/25 12:25:22

Modified files:
mail/mozilla-thunderbird: Makefile distinfo 
mail/thunderbird-i18n: Makefile.inc distinfo 

Log message:
Update to thunderbird 52.7.2.

Fixes https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/

Discussed with sthen@ & naddy@

Ports tree locked

[Christian Weisgerber]

The ports tree is now locked for the 6.3 release.

We still want to get in the latest Mozilla point releases.  If
anything else really important pops up, talk to sthen and me.

-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Re: devel/fossil: uses pledge() [upstream support / and broken]

[Carlin Bingham]

On Sun, Mar 25, 2018 at 09:23:14AM +0200, Sebastien Marie wrote:
> Hi,
> 
> [ ... ]
> 
> Regarding the pledge() problem:
> 
> The 'status' command trigger it.
> 
> $ fossil status
> ...
> Abort trap (core dumped)
> 
> $ dmesg | tail -1
> fossil[75892]: pledge "fattr", syscall 124
> 
> $ kdump
>   8372 fossil   CALL  
> open(0x10e760b8169f,0x10202,0644)
>   8372 fossil   NAMI  "/home/semarie/.fossil-journal"
>   8372 fossil   RET   open 6
>   8372 fossil   CALL  fstat(6,0x7f7ea210)
>   8372 fossil   STRU  struct stat { dev=1047, ino=289569, mode=-rw-r- , 
> nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, 
> atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar 25 
> 09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 
> 2018">.594806497, size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 }

I can replicate this by setting umask 027. The permissions of that file
are usually mode=-rw-r--r-- and it seems if it's altered by umask it
tries to call fchmod to set them back and then dies.


--
Carlin

[NEW] rtptools

[Jan Stary]

This is the latest release of RTP tools,
a set of tools to parse, process and send RTP data.

Jan



rtptools.tar
Description: Unix tar archive

aarch64 bulk build report

[phessler]

bulk build on arm64.ports.openbsd.org
started on  Wed Mar 21 07:19:17 MDT 2018
finished at Sun Mar 25 06:47:14 MDT 2018
lasted 04D16h27m
done with kern.version=OpenBSD 6.3 (GENERIC.MP) #32: Tue Mar 20 15:50:20 MDT 
2018

built packages:8131
Mar 21:2049
Mar 22:1521
Mar 23:1181
Mar 24:3063
Mar 25:316



build failures: 71
http://build-failures.rhaalovely.net//aarch64/2018-03-21/audio/audacity.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/comms/hylafax.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/comms/lcdproc.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/databases/gq.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/devel/arm-none-eabi/gcc-linaro,aarch64.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/devel/avr/gdb.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/devel/cln.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/devel/ode.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/devel/xdg-user-dirs.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/editors/emacs.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/editors/emacs21.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/editors/xwpe.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/editors/zile.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/emulators/dynamips.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/emulators/higan.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/emulators/retroarch.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/emulators/vbam.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/games/dxx-rebirth.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/games/eduke32.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/games/frozen-bubble.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/games/gargoyle.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/games/scid.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/games/uqm.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/games/vacuum.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/games/xteddy.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/games/zaz.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/graphics/freeimage.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/graphics/rawstudio.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/japanese/mecab.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/lang/ecl.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/lang/guile2.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/lang/pfe.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/mail/kopano/core,-mapi.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/mail/mailest.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/mail/mozilla-thunderbird,-lightning.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/math/calcoo.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/misc/rocrail.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/multimedia/mediainfo.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/multimedia/xine-lib.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/net/castget.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/net/ftpcopy.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/net/gnaughty.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/net/retroshare.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/net/ushare.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/news/pan.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/productivity/aqbanking.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/security/botan2.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/security/john-jumbo.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/security/softhsm.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/sysutils/sleuthkit.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/telephony/baresip/baresip.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/telephony/baresip/restund.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/textproc/html-xml-utils.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/textproc/link-grammar.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/www/chromium.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/www/iridium.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/www/mozplugger.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/www/newsboat.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/www/w3m,image.log
http://build-failures.rhaalovely.net//aarch64/2018-03-21/www/webkit.log

sshguard 1.5-->2.1.0, daemon issues

[Andreas Kusalananda Kähäri]

Hi,

I updated the security/sshguard port from 1.5 to 2.1.0 as that version
now understands the logs that our newer version of OpenSSH outputs.

The port works as it should do, but I have an issue with shutting the
daemon down. "rcctl stop sshguard" simply does nothing.  The "sshguard"
executable is now a shell script, and it does not respond do the TERM
signal properly and does not seem to propagate the signal to the helper
programs that it starts.

I have included the diff in an attachment.

Note that the /etc/sshguard.conf file now is required (I modified the
sample file so that it fits a vanilla OpenBSD system).

If anyone knows how to fix this, then please let me know. Also, I know
the ports tree is locked, but it would be nice to get some kind of
update of sshguard into the tree when it unlocks again, possibly based
on this patch.

Regards,

-- 
Andreas Kusalananda Kähäri,
National Bioinformatics Infrastructure Sweden (NBIS),
Uppsala University, Sweden.
Index: Makefile
===
RCS file: /cvs/ports/security/sshguard/Makefile,v
retrieving revision 1.11
diff -u -p -r1.11 Makefile
--- Makefile11 Jan 2018 19:27:09 -  1.11
+++ Makefile25 Mar 2018 11:12:30 -
@@ -2,8 +2,7 @@
 
 COMMENT=   protect against brute force attacks on sshd and others
 
-DISTNAME=  sshguard-1.5
-REVISION=  4
+DISTNAME=  sshguard-2.1.0
 CATEGORIES=security
 
 # BSD
@@ -13,11 +12,20 @@ WANTLIB+=   c pthread
 
 HOMEPAGE=  http://www.sshguard.net/
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=sshguard/}
-EXTRACT_SUFX=  .tar.bz2
+EXTRACT_SUFX=  .tar.gz
 
 CONFIGURE_STYLE=gnu
 NO_TEST=   Yes
 
-CONFIGURE_ARGS = --with-firewall=pf 
+pre-install:
+   ${SUBST_CMD} ${WRKSRC}/doc/sshguard.8
+   ${SUBST_CMD} ${WRKSRC}/examples/sshguard.conf.sample
+
+post-install:
+   ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sshguard
+   ${INSTALL_DATA} ${WRKSRC}/examples/sshguard.conf.sample \
+   ${PREFIX}/share/examples/sshguard
+   ${INSTALL_DATA} ${WRKSRC}/examples/whitelistfile.example \
+   ${PREFIX}/share/examples/sshguard
 
 .include 
Index: distinfo
===
RCS file: /cvs/ports/security/sshguard/distinfo,v
retrieving revision 1.3
diff -u -p -r1.3 distinfo
--- distinfo27 Jan 2014 15:49:15 -  1.3
+++ distinfo25 Mar 2018 11:12:30 -
@@ -1,2 +1,2 @@
-SHA256 (sshguard-1.5.tar.bz2) = tTf4dlRV/fhCT4fUvWleW2dbiOXRZIZUUhN5Rwk+fhk=
-SIZE (sshguard-1.5.tar.bz2) = 303767
+SHA256 (sshguard-2.1.0.tar.gz) = ISUqSDSthAjfOE7k3fRoYkqp3pzq1a/eHHc4CkjPAoo=
+SIZE (sshguard-2.1.0.tar.gz) = 1117466
Index: patches/patch-doc_sshguard_8
===
RCS file: patches/patch-doc_sshguard_8
diff -N patches/patch-doc_sshguard_8
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-doc_sshguard_825 Mar 2018 11:12:30 -
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: doc/sshguard.8
+--- doc/sshguard.8.orig
 doc/sshguard.8
+@@ -119,7 +119,7 @@ Set to enable verbose output from sshg\-blocker.
+ .SH FILES
+ .INDENT 0.0
+ .TP
+-.B %PREFIX%/etc/sshguard.conf
++.B ${SYSCONFDIR}/sshguard.conf
+ See sample configuration file.
+ .UNINDENT
+ .SH WHITELISTING
Index: patches/patch-examples_sshguard_conf_sample
===
RCS file: patches/patch-examples_sshguard_conf_sample
diff -N patches/patch-examples_sshguard_conf_sample
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-examples_sshguard_conf_sample 25 Mar 2018 11:12:30 -
@@ -0,0 +1,31 @@
+$OpenBSD$
+
+Index: examples/sshguard.conf.sample
+--- examples/sshguard.conf.sample.orig
 examples/sshguard.conf.sample
+@@ -7,9 +7,11 @@
+  REQUIRED CONFIGURATION 
+ # Full path to backend executable (required, no default)
+ #BACKEND="/usr/local/libexec/sshg-fw-iptables"
++BACKEND="${TRUEPREFIX}/libexec/sshg-fw-pf"
+ 
+ # Space-separated list of log files to monitor. (optional, no default)
+ #FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"
++FILES="/var/log/authlog"
+ 
+ # Shell command that provides logs on standard output. (optional, no default)
+ # Example 1: ssh and sendmail from systemd journal:
+@@ -40,11 +42,11 @@ DETECTION_TIME=1800
+ # !! Warning: These features may not work correctly with sandboxing. !!
+ 
+ # Full path to PID file (optional, no default)
+-#PID_FILE=/run/sshguard.pid
++#PID_FILE=/var/run/sshguard.pid
+ 
+ # Colon-separated blacklist threshold and full path to blacklist file.
+ # (optional, no default)
+-#BLACKLIST_FILE=90:/var/lib/sshguard/enemies
++#BLACKLIST_FILE=90:/var/db/sshguard/enemies
+ 
+ # IP addresses listed in the WHITELIST_FILE are considered to be
+ # friendlies and will never be blocked.
Index: patches/patch-src_fwalls_command_c
===
RCS file: 

devel/fossil: uses pledge() [upstream support / and broken]

[Sebastien Marie]

Hi,

I just found (hard way) that devel/fossil has upstream support for
pledge(2).

It would be preferable to mark it on Makefile.

$ grep -R pledge .
./fossil-2.5/auto.def:cc-check-functions pledge
./fossil-2.5/src/checkin.c:  fossil_pledge("stdio rpath wpath cpath id flock 
tty chown");
./fossil-2.5/src/config.h:** The pledge() interface is currently only available 
on OpenBSD 5.9
./fossil-2.5/src/config.h:** and later.  Make calls to fossil_pledge() no-ops 
on all platforms
./fossil-2.5/src/config.h:# define fossil_pledge(A)
./fossil-2.5/src/util.c:** Interface to pledge() on OpenBSD 5.9 and later.
./fossil-2.5/src/util.c:** On platforms that have pledge(), use this routine.
./fossil-2.5/src/util.c:void fossil_pledge(const char *promises){
./fossil-2.5/src/util.c:  if( pledge(promises, 0) ){
./fossil-2.5/src/util.c:fossil_fatal("pledge(\"%s\",NULL) fails with 
errno=%d",
./fossil-2.5/www/changes.wiki:  *  Initial infrastructure is in place to make 
use of the pledge()
./fossil-2.5/auto.def.orig:cc-check-functions pledge


And I am tracing the problem, before reporting the bug upstream...

I dunno how to deal with it currently: the version we have in ports is
broken... should we just disable the check for release (and ship an
unpledged but working executable) ?

The provided diff just adds the pledge() marker.


Regarding the pledge() problem:

The 'status' command trigger it.

$ fossil status
...
Abort trap (core dumped)

$ dmesg | tail -1
fossil[75892]: pledge "fattr", syscall 124

$ kdump
  8372 fossil   CALL  
open(0x10e760b8169f,0x10202,0644)
  8372 fossil   NAMI  "/home/semarie/.fossil-journal"
  8372 fossil   RET   open 6
  8372 fossil   CALL  fstat(6,0x7f7ea210)
  8372 fossil   STRU  struct stat { dev=1047, ino=289569, mode=-rw-r- , 
nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, 
atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar 25 
09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 2018">.594806497, 
size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 }
  8372 fossil   RET   fstat 0
  8372 fossil   CALL  fchmod(6,0644)
  8372 fossil   PLDG  fchmod, "fattr", errno 1 Operation not permitted
  8372 fossil   PSIG  SIGABRT SIG_DFL
  8372 fossil   NAMI  "fossil.core"


-- 
Sebastien Marie

Index: Makefile
===
RCS file: /cvs/ports/devel/fossil/Makefile,v
retrieving revision 1.62
diff -u -p -r1.62 Makefile
--- Makefile9 Feb 2018 19:42:45 -   1.62
+++ Makefile25 Mar 2018 07:12:29 -
@@ -18,6 +18,7 @@ PERMIT_PACKAGE_CDROM =Yes
 FLAVORS=   static
 FLAVOR?=

+# uses pledge()
 WANTLIB =  c crypto fuse m ssl z

 MODULES =  lang/tcl