Re: postgresql: libc collation issue, linking with ICU

2019-12-11 Thread Landry Breuil 
On Thu, Dec 12, 2019 at 01:47:25AM +0100, Jeremie Courreges-Anglas wrote:
> 
> +cc maintainer
> 
> This has bugged me for some time, I think enabling ICU makes sense.
> Here's a wip diff.  I fear it might cause issues with existing
> databases.  Real world tests would probably help.

I doubt it can have side effects on existing databases as they all have
a locale (and potential collations) configured during initdb, and adding
the possibility to use more locales/collations shouldnt affect existing
ones. Of course, to be tested in the real world :)

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Sebastian Reitenbach 
CVSROOT:/cvs
Module name:ports
Changes by: sebas...@cvs.openbsd.org2019/12/12 00:46:51

Modified files:
devel/ruby-zeitwerk: Makefile distinfo 

Log message:
update 2.2.1 -> 2.2.2

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Sebastian Reitenbach 
CVSROOT:/cvs
Module name:ports
Changes by: sebas...@cvs.openbsd.org2019/12/12 00:40:35

Modified files:
net/ruby-stomp : Makefile distinfo 
net/ruby-stomp/pkg: PLIST 

Log message:
update 1.4.8 -> 1.4.9

Re: [PATCH] graphics/libsixel security patches

2019-12-11 Thread Rafael Sadowski 
On Wed Dec 11, 2019 at 07:36:47PM -0500, trondd wrote:
> Stuart Henderson  wrote:
> 
> > On 2019/12/10 21:58, trondd wrote:
> > > A handful of CVEs were assigned for bugs in libsixel.  Heap buffer
> > > overflows and integer overflows.
> > > 
> > > CVE-2019-19638
> > > CVE-2019-19635
> > > CVE-2019-19636
> > > CVE-2019-19637
> > > 
> > > A pull request pointing out the issues and patching them was submitted
> > > about 10 days ago.  The CVEs were assigned 3 days ago.
> > > 
> > > https://github.com/saitoha/libsixel/pull/106
> > > 
> > > There hasn't been a response yet so instead of waiting for a new release
> > > I'm being proactive to get the patches applied to the port of the current
> > > version.
> > 
> > Please would you add a quick comment to the patches? A reference to
> > the PR and short description would be fine.
> > 
> > > Tim.
> > > 
> 
> Added the info to the patches.

Reads fine, thanks! ++cc maintainer.

> 
> Tim.
> 
> 
> Index: Makefile
> ===
> RCS file: /cvs/ports/graphics/libsixel/Makefile,v
> retrieving revision 1.5
> diff -u -p -r1.5 Makefile
> --- Makefile  12 Jul 2019 20:47:02 -  1.5
> +++ Makefile  12 Dec 2019 00:27:49 -
> @@ -9,6 +9,8 @@ SHARED_LIBS +=sixel   1.0 # 1.6
>  
>  CATEGORIES = graphics
>  
> +REVISION =   0
> +
>  HOMEPAGE =   https://github.com/saitoha/libsixel
>  
>  MAINTAINER = Frederic Cambus 
> Index: patches/patch-include_sixel_h_in
> ===
> RCS file: patches/patch-include_sixel_h_in
> diff -N patches/patch-include_sixel_h_in
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-include_sixel_h_in  12 Dec 2019 00:27:49 -
> @@ -0,0 +1,21 @@
> +$OpenBSD$
> +
> +Addresses buffer overlow and integer overflow CVEs 
> +Patches from https://github.com/saitoha/libsixel/pull/106
> +
> +CVE-2019-19638
> +CVE-2019-19635
> +CVE-2019-19636 
> +CVE-2019-19637
> +
> +Index: include/sixel.h.in
> +--- include/sixel.h.in.orig
>  include/sixel.h.in
> +@@ -60,6 +60,7 @@ typedef int SIXELSTATUS;
> + #define SIXEL_BAD_ALLOCATION(SIXEL_RUNTIME_ERROR | 0x0001)  /* malloc() 
> failed */
> + #define SIXEL_BAD_ARGUMENT  (SIXEL_RUNTIME_ERROR | 0x0002)  /* bad 
> argument detected */
> + #define SIXEL_BAD_INPUT (SIXEL_RUNTIME_ERROR | 0x0003)  /* bad 
> input detected */
> ++#define SIXEL_BAD_INTEGER_OVERFLOW (SIXEL_RUNTIME_ERROR | 0x0004)  /* 
> integer overflow */
> + 
> + #define SIXEL_NOT_IMPLEMENTED   (SIXEL_FEATURE_ERROR | 0x0001)  /* feature 
> not implemented */
> + 
> Index: patches/patch-src_frompnm_c
> ===
> RCS file: patches/patch-src_frompnm_c
> diff -N patches/patch-src_frompnm_c
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-src_frompnm_c   12 Dec 2019 00:27:49 -
> @@ -0,0 +1,31 @@
> +$OpenBSD$
> +
> +Addresses buffer overlow and integer overflow CVEs
> +Patches from https://github.com/saitoha/libsixel/pull/106  
> +
> +CVE-2019-19638
> +CVE-2019-19635
> +CVE-2019-19636
> +CVE-2019-19637
> +
> +Index: src/frompnm.c
> +--- src/frompnm.c.orig
>  src/frompnm.c
> +@@ -166,7 +166,7 @@ load_pnm(unsigned char  /* in */  *p,
> + height = 0;
> + for (; *s >= '0' && *s <= '9'; ++s) {
> + height = height * 10 + (*s - '0');
> +-if (width > PNM_MAX_WIDTH) {
> ++if (height > PNM_MAX_HEIGHT) {
> + status = SIXEL_RUNTIME_ERROR;
> + sprintf(
> +   message,
> +@@ -193,7 +193,7 @@ load_pnm(unsigned char  /* in */  *p,
> + for (; *s >= '0' && *s <= '9'; ++s) {
> + deps = deps * 10 + (*s - '0');
> + }
> +-if (width > PNM_MAX_WIDTH) {
> ++if (deps > PNM_MAX_DEPTH) {
> + status = SIXEL_RUNTIME_ERROR;
> + sprintf(
> +   message,
> Index: patches/patch-src_fromsixel_c
> ===
> RCS file: patches/patch-src_fromsixel_c
> diff -N patches/patch-src_fromsixel_c
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-src_fromsixel_c 12 Dec 2019 00:27:49 -
> @@ -0,0 +1,87 @@
> +$OpenBSD$
> +
> +Addresses buffer overlow and integer overflow CVEs 
> +Patches from https://github.com/saitoha/libsixel/pull/106
> +
> +CVE-2019-19638
> +CVE-2019-19635
> +CVE-2019-19636 
> +CVE-2019-19637
> +
> +Index: src/fromsixel.c
> +--- src/fromsixel.c.orig
>  src/fromsixel.c
> +@@ -52,6 +52,7 @@
> + #include 
> + #include/* isdigit */
> + #include   /* memcpy */
> ++#include 
> + 
> + #if defined(HAVE_INTTYPES_H)
> + # include 
> +@@ -367,7 +368,17 @@ parser_context_init(parser_context_t *context)
> + return status;
> + }
> + 
> ++SIXELSTATUS safe_addition_for_params(parser_context_t *context, unsigned 
> char *p){
> ++int x;
> + 
> ++x = *p - '0'; /* 0 <= x <= 9 */
> ++if ((context->param > INT_MAX / 10)

Re: update: lang/rust

2019-12-11 Thread Niklas Hallqvist 
As a matter of fact I did the same update just a week ago, and ended up in 
exactly the same patch set as you, except for one thing:

The version reported by 'rust -V' normally include the git hash and date, and 
some rust code out there depends on it (maybe dumb, but nevertheless it is).

I did it by adding to the diff-file for src/bootstrap/lib.rs, but it can 
conceivably instead be a post-patch target patching lib.rs with the contents of 
'git-commit-hash', a file found in the build directory.

/Niklas

diff --git a/lang/rust/patches/patch-src_bootstrap_lib_rs b/lang/rust/patches/p\
atch-src_bootstrap_lib_rs 
index 4ae91048f80..5c8543e5e18 100644 
--- a/lang/rust/patches/patch-src_bootstrap_lib_rs 
+++ b/lang/rust/patches/patch-src_bootstrap_lib_rs 
@@ -12,3 +12,12 @@ Index: src/bootstrap/lib.rs 
 .collect::>(); 
   
  // If we're compiling on macOS then we add a few unconditional flags 
+@@ -1048,7 +1047,7 @@ impl Build { 
+ /// Note that this is a descriptive string which includes the commit date\
, 
+ /// sha, version, etc. 
+ fn rust_version() -> String { 
+-self.rust_info.version(self, channel::CFG_RELEASE_NUM) 
++String::from("1.39.0 (4560ea788 2019-11-04)") 
+ } 
+  
+ /// Returns the full commit hash. 

> On 8 Dec 2019, at 12:30, Sebastien Marie  wrote:
> 
> Hi,
> 
> Here the diff for updating lang/rust to 1.39.0
> 
> The patch took more time than expected to be done: I had problem with sparc64
> and I only achieved to have a workaround in order to avoid a SEGFAULT during 
> the
> build. I am suspecting some LLVM bug in sparc64, as the workaround is to build
> some part of rust with -O3 (else the generated code will SEGFAULT). I didn't
> really investigated at asm level.
> 
> The port was tested some times ago on amd64 (and build tested and all archs).
> 
> I intent to commit it in few days. But comments or OK are welcome :)
> 
> Thanks.
> -- 
> Sebastien Marie
> 
> 
> Index: Makefile
> ===
> RCS file: /cvs/ports/lang/rust/Makefile,v
> retrieving revision 1.102
> diff -u -p -r1.102 Makefile
> --- Makefile  29 Sep 2019 08:23:17 -  1.102
> +++ Makefile  8 Dec 2019 10:55:23 -
> @@ -13,17 +13,17 @@ COMMENT-gdb = Rust debugger through gdb
> COMMENT-clippy =  Rust linter
> COMMENT-rustfmt = Rust code formatter
> 
> -V =  1.38.0
> -CARGO_V =0.39.0
> +V =  1.39.0
> +CARGO_V =0.40.0
> CLIPPY_V =0.0.212
> -RUSTFMT_V =  1.4.4
> +RUSTFMT_V =  1.4.8
> DISTNAME =rustc-${V}-src
> 
> # rustc bootstrap version
> -BV-aarch64 = 1.38.0-20190926
> -BV-amd64 =   1.38.0-20190924
> -BV-i386 =1.38.0-20190924
> -BV-sparc64 = 1.37.0-20190813
> +BV-aarch64 = 1.39.0-20191124
> +BV-amd64 =   1.39.0-20191122
> +BV-i386 =1.39.0-20191123
> +BV-sparc64 = 1.39.0-20191207
> BV =  ${BV-${MACHINE_ARCH}}
> 
> PKGNAME = rust-${V}
> @@ -138,7 +138,7 @@ SUBST_VARS += WRKBUILD
> post-patch:
>   sed -i 's/"files":{[^}]*}/"files":{}/' \
>   ${WRKSRC}/vendor/*/.cargo-checksum.json
> - ${SUBST_CMD} ${WRKSRC}/src/tools/cargo/tests/testsuite/support/paths.rs
> + ${SUBST_CMD} 
> ${WRKSRC}/src/tools/cargo/crates/cargo-test-support/src/paths.rs
> 
> # - check datasize limit before configuring (and building)
> pre-configure:
> Index: distinfo
> ===
> RCS file: /cvs/ports/lang/rust/distinfo,v
> retrieving revision 1.58
> diff -u -p -r1.58 distinfo
> --- distinfo  29 Sep 2019 08:23:17 -  1.58
> +++ distinfo  8 Dec 2019 10:55:23 -
> @@ -1,10 +1,10 @@
> -SHA256 (rust/rustc-1.38.0-src.tar.xz) = 
> OnmRqky0TvlB1xY25FqVRotSDcb8fPclNkklvT49OjQ=
> -SHA256 (rust/rustc-bootstrap-aarch64-1.38.0-20190926.tar.xz) = 
> K6z7+X02Zw6kzFdt93JoOhVFJmVI1tp2kcV3Ep07i1k=
> -SHA256 (rust/rustc-bootstrap-amd64-1.38.0-20190924.tar.xz) = 
> s7m04Xk4Rukj3of8sLaK2NRiRZoAEEaxeQ14zE7/42U=
> -SHA256 (rust/rustc-bootstrap-i386-1.38.0-20190924.tar.xz) = 
> p7GH8ebq4uh5OUGIK3qbmRoWnotASu9Z6K/nMOLX2Ck=
> -SHA256 (rust/rustc-bootstrap-sparc64-1.37.0-20190813.tar.xz) = 
> Mja3fEVQ6pD9cxq0ZfEX+O6QW+cVLpA9n5k67M6u0gU=
> -SIZE (rust/rustc-1.38.0-src.tar.xz) = 96163304
> -SIZE (rust/rustc-bootstrap-aarch64-1.38.0-20190926.tar.xz) = 179869984
> -SIZE (rust/rustc-bootstrap-amd64-1.38.0-20190924.tar.xz) = 195854424
> -SIZE (rust/rustc-bootstrap-i386-1.38.0-20190924.tar.xz) = 193885292
> -SIZE (rust/rustc-bootstrap-sparc64-1.37.0-20190813.tar.xz) = 77696860
> +SHA256 (rust/rustc-1.39.0-src.tar.xz) = 
> Sw27NWBwaHpgYDT3HcAyt4O7+LXT+f/znywfvE8XHCk=
> +SHA256 (rust/rustc-bootstrap-aarch64-1.39.0-20191124.tar.xz) = 
> d+u86EWh5RRFuzf3NbOkHPV+jT5ySxEkqnOgQgU+w1g=
> +SHA256 (rust/rustc-bootstrap-amd64-1.39.0-20191122.tar.xz) = 
>

SOLVED: Re: how to install firefox addon (noscript) on 6.6/amd64?

2019-12-11 Thread Jonathan Thornburg 
In message 
I wrote about being unable to install a firefox addon (noscript) using
the packaged firefox-69.0.2p0 under 6.6/amd64.  (Firefox would download
the addon and ask for the appropriate permissions, but after my accepting
the permission request the addon would never actually install; firefox
would just keep displaying the blue-dot-oscillating-left-and-right spinner.)

I'm pleased to report a workaround: My original problem occured while
running my usual window manager, twm.  I temporarily switched to fvwm,
and then the addon installed properly (and continued to work after I
returned to twm).

twm is one of the oldest window managers around, and in the past decade
or so I've noticed that some software has minor issues with it ("monster
icons").  Given that it's part of base in OpenBSD, and it's (still)
standard with the X.org server, I'll file a bug report with firefox,
and maybe also with twm.

Thanks to George Koehler  for his followup to my
original message which helped nudge my brain in the direction of "try a
more popular environment".

-- 
-- "Jonathan Thornburg [remove color- to reply]" 
   "There was of course no way of knowing whether you were being watched
at any given moment.  How often, or on what system, the Thought Police
plugged in on any individual wire was guesswork.  It was even conceivable
that they watched everybody all the time."  -- George Orwell, "1984"

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Aaron Bieber 
CVSROOT:/cvs
Module name:ports
Changes by: abie...@cvs.openbsd.org 2019/12/11 20:28:26

Modified files:
plan9/drawterm : Makefile distinfo 
plan9/drawterm/pkg: PLIST 

Log message:
Update to ccc01167ee60, include the man page.

"looks fine to me" - from MAINTAINER! Thanks sl!

Re: postgresql: libc collation issue, linking with ICU

2019-12-11 Thread Jeremy Evans 
On Wed, Dec 11, 2019 at 4:50 PM Jeremie Courreges-Anglas 
wrote:

>
> +cc maintainer
>
> This has bugged me for some time, I think enabling ICU makes sense.
> Here's a wip diff.  I fear it might cause issues with existing
> databases.  Real world tests would probably help.
>

I would prefer that we do not make any non-security related changes to
PostgreSQL until after the PostgreSQL 12 update is committed.  After that,
we can do some testing with ICU and see what the effect is.

Thanks,
Jeremy

Re: Fixing guile2 on powerpc

2019-12-11 Thread George Koehler 
I believe that the files in WRKSRC/prebuilt/32-bit-big-endian are
broken: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26854

The diff below adds a post-extract target that moves away the prebuilt
files, so the build ignores them.  This fixes the build for me, but
the build is slow, takes about 24 hours on my G4 at 666 MHz.

On Sun, 8 Dec 2019 13:42:38 -0500
George Koehler  wrote:

> ...  Some code
> might put bad pointers in program objects.  I modified guile to look for
> such code.  I added a global "scm_t_uint32 aaa;" and added some checks
> like "aaa = *pointer".  One such check crashed at vm-engine.c:1654
> "make-closure":
> 
>   UNPACK_24 (op, dst);
>   offset = ip[1];
>   UNPACK_24 (ip[2], nfree);
> 
>   // FIXME: Assert range of nfree?
>   SYNC_IP ();
>   closure = scm_inline_words (thread, scm_tc7_program | (nfree << 16),
>   nfree + 2);
>   aaa = *(ip + offset);
>   SCM_SET_CELL_WORD_1 (closure, ip + offset);
>   // FIXME: Elide these initializations?
>   for (n = 0; n < nfree; n++)
> SCM_PROGRAM_FREE_VARIABLE_SET (closure, n, SCM_BOOL_F);
>   SP_SET (dst, closure);
>   NEXT (3);
> 
> (gdb) print ip   
> $12 = (scm_t_uint32 *) 0xcf1ea3b8
> (gdb) print offset
> $13 = -1005191168
> (gdb) print *(ip + offset)
> Cannot access memory at address 0xdf76a3b8
> (gdb) print ip[1]
> Cannot access memory at address 0xcf1ea3bc
> 
> I can't read ip[1] in the core dump, but the program did read ip[1] in
> "offset = ip[1];" before the crash.  The call to scm_inline_words(), to
> allocate the scm_tc7_program object, seems to have also freed the memory
> where ip points.  This might be a problem with the garbage collector.

The failure to read ip[1] was a red herring.  Before the crash, `ip`
pointed to an mmap(2) file.  In ktrace(1), the file was somewhere
under prebuilt/32-bit-big-endian.  This mapping disappeared in the
core dump, so GDB can't access it.

`offset` -1005191168 is 0xc416.  This looks like the wrong byte
order.  The correct value might be 0x16c4 = 5828.  This would make
more sense, if ip + offset should be inside the file!

modules/system/vm/assembler.scm can byte-swap values when it emits
bytecode for a different-endian machine.  If a little-endian machine
wrote the prebuilt/32-bit-big-endian files, and assembler.scm forgot
to swap `offset`, then it would cause this bug.

powerpc might be the only 32-bit-big-endian arch where OpenBSD builds
packages.  mips64 and sparc64 might be 64-bit-big-endian (but there is
no prebuilt/64-bit-big-endian, so those arches would bootstrap without
prebuilt files), and the other arches might be *-little-endian.

With no prebuilt files, the build ran some slow "bootstrap" commands on
my 666 MHz cpu.  (The MPC7447A in my PowerBook G4 can run at 1333 MHz
using apmd(8) and apm -A, but I left it at 666 MHz.)  The first
bootstrap command took more than 100 minutes.  The second command took
just over 4 hours.  The next commands continued overnight, and the whole
build might have taken almost 24 hours.  The build passes most tests:

SKIP: test-pthread-create-secondary
FAIL: test-stack-overflow
FAIL: test-out-of-memory
==
2 of 38 tests failed
(1 test was not run)

Here's the diff.  I didn't set REVISION because powerpc had no package,
and I guess that other arches would ignore prebuilt/32-bit-big-endian.
  --George

Index: Makefile
===
RCS file: /cvs/ports/lang/guile2/Makefile,v
retrieving revision 1.23
diff -u -p -r1.23 Makefile
--- Makefile16 Jul 2019 21:29:41 -  1.23
+++ Makefile12 Dec 2019 01:02:07 -
@@ -3,8 +3,6 @@
 # When updating, check that x11/gnome/aisleriot MODGNOME_CPPFLAGS references 
the
 # proper guile2 includes directory
 
-BROKEN-powerpc=Segmentation fault (core dumped)
-
 COMMENT=   GNU's Ubiquitous Intelligent Language for Extension
 # '
 
@@ -51,6 +49,10 @@ CONFIGURE_ARGS=  --program-suffix=${V}
 # Needed because otherwise regress tests won't build:
 # warning: format '%ji' expects type 'intmax_t', but argument 4 has type 
'scm_t_intmax'
 CONFIGURE_ARGS +=  --disable-error-on-warning
+
+# powerpc: Prevent "Segmentation fault (core dumped)" during build.
+post-patch:
+   mv ${WRKSRC}/prebuilt/32-bit-big-endian{,-broken}
 
 post-install:
install -d ${PREFIX}/share/guile/site/${V}/

Re: postgresql: libc collation issue, linking with ICU

2019-12-11 Thread Jeremie Courreges-Anglas 


+cc maintainer

This has bugged me for some time, I think enabling ICU makes sense.
Here's a wip diff.  I fear it might cause issues with existing
databases.  Real world tests would probably help.

FWIW I would also like to enable DEBUG_PACKAGES and investigate
whether --disable-thread-safety really is appropriate.


Index: Makefile
===
RCS file: /cvs/ports/databases/postgresql/Makefile,v
retrieving revision 1.257
diff -u -p -r1.257 Makefile
--- Makefile15 Nov 2019 13:19:10 -  1.257
+++ Makefile12 Dec 2019 00:40:41 -
@@ -8,6 +8,7 @@ COMMENT-plpython=Python procedural langu
 COMMENT-pg_upgrade=Support for upgrading PostgreSQL data from previous version
 
 VERSION=   11.6
+REVISION=  0
 PREV_MAJOR=10
 DISTNAME=  postgresql-${VERSION}
 PKGNAME-main=  postgresql-client-${VERSION}
@@ -24,7 +25,7 @@ SHARED_LIBS=  ecpg7.9 \
pgtypes 4.8 \
pq  6.10
 
-HOMEPAGE=  http://www.postgresql.org/
+HOMEPAGE=  https://www.postgresql.org/
 
 MAINTAINER=Pierre-Emmanuel Andre 
 
@@ -68,6 +69,7 @@ CONFIGURE_ARGS=   --disable-rpath --with-o
--with-system-tzdata="/usr/share/zoneinfo" \
--with-openssl \
--with-libxml \
+   --with-icu \
--disable-thread-safety
 
 # There is no spinlock support for alpha or hppa yet. Until we have access to
@@ -100,8 +102,9 @@ WANTLIB-main =  ${WANTLIB} xml2
 
 
 LIB_DEPENDS-server= databases/postgresql=${VERSION} \
-   ${LIB_DEPENDS-main}
-WANTLIB-server=${WANTLIB-main} perl pq
+   ${LIB_DEPENDS-main} \
+   textproc/icu4c
+WANTLIB-server=${WANTLIB-main} icudata icui18n icuuc perl pq
 
 RUN_DEPENDS-contrib= databases/postgresql,-server=${VERSION}
 LIB_DEPENDS-contrib= databases/postgresql=${VERSION} \
@@ -117,7 +120,7 @@ WANTLIB-pg_upgrade =${WANTLIB-main} pq
 
 LIB_DEPENDS-plpython=  ${MODPY_LIB_DEPENDS}
 WANTLIB-plpython = c m pthread util \
-   ${MODPY_WANTLIB}
+   intl ${MODPY_WANTLIB}
 RUN_DEPENDS-plpython=  databases/postgresql,-server=${VERSION}
 
 WANTLIB-docs=
Index: pkg/PLIST-contrib
===
RCS file: /cvs/ports/databases/postgresql/pkg/PLIST-contrib,v
retrieving revision 1.20
diff -u -p -r1.20 PLIST-contrib
--- pkg/PLIST-contrib   19 Feb 2019 05:09:18 -  1.20
+++ pkg/PLIST-contrib   12 Dec 2019 00:40:41 -
@@ -9,51 +9,51 @@
 @bin bin/pg_test_timing
 @bin bin/pgbench
 @bin bin/vacuumlo
-lib/postgresql/_int.so
-lib/postgresql/adminpack.so
-lib/postgresql/amcheck.so
-lib/postgresql/auth_delay.so
-lib/postgresql/auto_explain.so
-lib/postgresql/autoinc.so
-lib/postgresql/bloom.so
-lib/postgresql/btree_gin.so
-lib/postgresql/btree_gist.so
-lib/postgresql/citext.so
-lib/postgresql/cube.so
-lib/postgresql/dblink.so
-lib/postgresql/earthdistance.so
-lib/postgresql/file_fdw.so
-lib/postgresql/fuzzystrmatch.so
-lib/postgresql/hstore.so
-lib/postgresql/hstore_plperl.so
-lib/postgresql/insert_username.so
-lib/postgresql/isn.so
-lib/postgresql/lo.so
-lib/postgresql/ltree.so
-lib/postgresql/moddatetime.so
-lib/postgresql/pageinspect.so
-lib/postgresql/passwordcheck.so
-lib/postgresql/pg_buffercache.so
-lib/postgresql/pg_freespacemap.so
-lib/postgresql/pg_prewarm.so
-lib/postgresql/pg_stat_statements.so
-lib/postgresql/pg_trgm.so
-lib/postgresql/pg_visibility.so
-lib/postgresql/pgcrypto.so
-lib/postgresql/pgrowlocks.so
-lib/postgresql/pgstattuple.so
-lib/postgresql/pgxml.so
-lib/postgresql/postgres_fdw.so
-lib/postgresql/refint.so
-lib/postgresql/seg.so
-lib/postgresql/sslinfo.so
-lib/postgresql/tablefunc.so
-lib/postgresql/tcn.so
-lib/postgresql/timetravel.so
-lib/postgresql/tsm_system_rows.so
-lib/postgresql/tsm_system_time.so
-lib/postgresql/unaccent.so
-lib/postgresql/uuid-ossp.so
+@so lib/postgresql/_int.so
+@so lib/postgresql/adminpack.so
+@so lib/postgresql/amcheck.so
+@so lib/postgresql/auth_delay.so
+@so lib/postgresql/auto_explain.so
+@so lib/postgresql/autoinc.so
+@so lib/postgresql/bloom.so
+@so lib/postgresql/btree_gin.so
+@so lib/postgresql/btree_gist.so
+@so lib/postgresql/citext.so
+@so lib/postgresql/cube.so
+@so lib/postgresql/dblink.so
+@so lib/postgresql/earthdistance.so
+@so lib/postgresql/file_fdw.so
+@so lib/postgresql/fuzzystrmatch.so
+@so lib/postgresql/hstore.so
+@so lib/postgresql/hstore_plperl.so
+@so lib/postgresql/insert_username.so
+@so lib/postgresql/isn.so
+@so lib/postgresql/lo.so
+@so lib/postgresql/ltree.so
+@so lib/postgresql/moddatetime.so
+@so lib/postgresql/pageinspect.so
+@so lib/postgresql/passwordcheck.so
+@so lib/postgresql/pg_buffercache.so
+@so lib/postgresql/pg_freespacemap.so
+@so lib/postgresql/pg_prewarm.so
+@so lib/postgresql/pg_stat_statements.so
+@so lib/postgresql/pg_trgm.so
+@so lib/postgresql/pg_visibility.so
+@so

Re: [PATCH] graphics/libsixel security patches

2019-12-11 Thread trondd 
Stuart Henderson  wrote:

> On 2019/12/10 21:58, trondd wrote:
> > A handful of CVEs were assigned for bugs in libsixel.  Heap buffer
> > overflows and integer overflows.
> > 
> > CVE-2019-19638
> > CVE-2019-19635
> > CVE-2019-19636
> > CVE-2019-19637
> > 
> > A pull request pointing out the issues and patching them was submitted
> > about 10 days ago.  The CVEs were assigned 3 days ago.
> > 
> > https://github.com/saitoha/libsixel/pull/106
> > 
> > There hasn't been a response yet so instead of waiting for a new release
> > I'm being proactive to get the patches applied to the port of the current
> > version.
> 
> Please would you add a quick comment to the patches? A reference to
> the PR and short description would be fine.
> 
> > Tim.
> > 

Added the info to the patches.

Tim.


Index: Makefile
===
RCS file: /cvs/ports/graphics/libsixel/Makefile,v
retrieving revision 1.5
diff -u -p -r1.5 Makefile
--- Makefile12 Jul 2019 20:47:02 -  1.5
+++ Makefile12 Dec 2019 00:27:49 -
@@ -9,6 +9,8 @@ SHARED_LIBS +=  sixel   1.0 # 1.6
 
 CATEGORIES =   graphics
 
+REVISION = 0
+
 HOMEPAGE = https://github.com/saitoha/libsixel
 
 MAINTAINER =   Frederic Cambus 
Index: patches/patch-include_sixel_h_in
===
RCS file: patches/patch-include_sixel_h_in
diff -N patches/patch-include_sixel_h_in
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-include_sixel_h_in12 Dec 2019 00:27:49 -
@@ -0,0 +1,21 @@
+$OpenBSD$
+
+Addresses buffer overlow and integer overflow CVEs 
+Patches from https://github.com/saitoha/libsixel/pull/106
+
+CVE-2019-19638
+CVE-2019-19635
+CVE-2019-19636 
+CVE-2019-19637
+
+Index: include/sixel.h.in
+--- include/sixel.h.in.orig
 include/sixel.h.in
+@@ -60,6 +60,7 @@ typedef int SIXELSTATUS;
+ #define SIXEL_BAD_ALLOCATION(SIXEL_RUNTIME_ERROR | 0x0001)  /* malloc() 
failed */
+ #define SIXEL_BAD_ARGUMENT  (SIXEL_RUNTIME_ERROR | 0x0002)  /* bad 
argument detected */
+ #define SIXEL_BAD_INPUT (SIXEL_RUNTIME_ERROR | 0x0003)  /* bad input 
detected */
++#define SIXEL_BAD_INTEGER_OVERFLOW (SIXEL_RUNTIME_ERROR | 0x0004)  /* integer 
overflow */
+ 
+ #define SIXEL_NOT_IMPLEMENTED   (SIXEL_FEATURE_ERROR | 0x0001)  /* feature 
not implemented */
+ 
Index: patches/patch-src_frompnm_c
===
RCS file: patches/patch-src_frompnm_c
diff -N patches/patch-src_frompnm_c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-src_frompnm_c 12 Dec 2019 00:27:49 -
@@ -0,0 +1,31 @@
+$OpenBSD$
+
+Addresses buffer overlow and integer overflow CVEs
+Patches from https://github.com/saitoha/libsixel/pull/106  
+
+CVE-2019-19638
+CVE-2019-19635
+CVE-2019-19636
+CVE-2019-19637
+
+Index: src/frompnm.c
+--- src/frompnm.c.orig
 src/frompnm.c
+@@ -166,7 +166,7 @@ load_pnm(unsigned char  /* in */  *p,
+ height = 0;
+ for (; *s >= '0' && *s <= '9'; ++s) {
+ height = height * 10 + (*s - '0');
+-if (width > PNM_MAX_WIDTH) {
++if (height > PNM_MAX_HEIGHT) {
+ status = SIXEL_RUNTIME_ERROR;
+ sprintf(
+   message,
+@@ -193,7 +193,7 @@ load_pnm(unsigned char  /* in */  *p,
+ for (; *s >= '0' && *s <= '9'; ++s) {
+ deps = deps * 10 + (*s - '0');
+ }
+-if (width > PNM_MAX_WIDTH) {
++if (deps > PNM_MAX_DEPTH) {
+ status = SIXEL_RUNTIME_ERROR;
+ sprintf(
+   message,
Index: patches/patch-src_fromsixel_c
===
RCS file: patches/patch-src_fromsixel_c
diff -N patches/patch-src_fromsixel_c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-src_fromsixel_c   12 Dec 2019 00:27:49 -
@@ -0,0 +1,87 @@
+$OpenBSD$
+
+Addresses buffer overlow and integer overflow CVEs 
+Patches from https://github.com/saitoha/libsixel/pull/106
+
+CVE-2019-19638
+CVE-2019-19635
+CVE-2019-19636 
+CVE-2019-19637
+
+Index: src/fromsixel.c
+--- src/fromsixel.c.orig
 src/fromsixel.c
+@@ -52,6 +52,7 @@
+ #include 
+ #include/* isdigit */
+ #include   /* memcpy */
++#include 
+ 
+ #if defined(HAVE_INTTYPES_H)
+ # include 
+@@ -367,7 +368,17 @@ parser_context_init(parser_context_t *context)
+ return status;
+ }
+ 
++SIXELSTATUS safe_addition_for_params(parser_context_t *context, unsigned char 
*p){
++int x;
+ 
++x = *p - '0'; /* 0 <= x <= 9 */
++if ((context->param > INT_MAX / 10) || (x > INT_MAX - context->param * 
10)) {
++return SIXEL_BAD_INTEGER_OVERFLOW;
++}
++context->param = context->param * 10 + x;
++return SIXEL_OK;
++}
++
+ /* convert sixel data into indexed pixel bytes and palette data */
+ SIXELAPI SIXELSTATUS
+ sixel_decode_raw_impl(
+@@ -446,7 +457,10 @@ sixel_decode_raw_impl(
+ if (context->param < 0) {
+

Re: postgresql: libc collation issue, linking with ICU

2019-12-11 Thread f.holop 
Ingo Schwarze - Wed, 11 December 2019 at 20:46:05
> Hi,
> 
> Stuart Henderson wrote on Wed, Dec 11, 2019 at 07:19:16PM +:
> > On 2019/12/11 19:57, f.holop wrote:
> >> Ingo Schwarze - Wed, 11 December 2019 at 18:42:35
> 
>  i have noticed that libc collation on OpenBSD is broken (also on macos) 
>  :(
> 
> >>> It is intentional that OpenBSD does not support collation for locales
> >>> other than "C" in libc, and i'm not aware of any developer who might
> >>> have plans to add it in the future, not even in the long term.  Even
> 
> >> sounds like all the more reason to build postgresql with ICU.
> 
> > Nothing in Ingo's mail contradicts that.
> 
> Right.

it seems that we all agree..  as long as there is a strong case not to
put locale aware collation into libc, using ICU with postgresql becomes
more or less mandatory as there's not much use of a database server that
cannot sort it's content...

-f
-- 
all computers wait at the same speed.

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Jasper Lievisse Adriaanse 
CVSROOT:/cvs
Module name:ports
Changes by: jas...@cvs.openbsd.org  2019/12/11 14:05:44

Modified files:
devel/libffi   : Makefile 
devel/libffi/pkg: PLIST 

Log message:
provide DEBUG_PACKAGES

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/12/11 13:45:29

Modified files:
devel/git  : Tag: OPENBSD_6_6 Makefile distinfo 
devel/git/patches: Tag: OPENBSD_6_6 patch-config_mak_uname 
   patch-t_test-lib_sh 
devel/git/pkg  : Tag: OPENBSD_6_6 DESCR-main DESCR-x11 
 PLIST-main 

Log message:
update -stable to git 2.24.1 to pick up security fixes.

discussed (2.23.x vs 2.24.x) with kn@, we don't see a reason to stick
with 2.23 so just moving to the same version as in -current.

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/12/11 13:06:57

Modified files:
devel/git  : Makefile distinfo 
devel/git/patches: patch-builtin_gc_c 

Log message:
update to git-2.24.1, ok kn@

"These releases fix various security flaws, which allowed an attacker
to overwrite arbitrary paths, remotely execute code, and/or overwrite
files in the .git/ directory etc.  See the release notes attached for
the list for their descriptions and CVE identifiers."

https://lwn.net/ml/git/xmqqr21cqcn9@gitster-ct.c.googlers.com/

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/12/11 12:55:40

Modified files:
lang/python/3.7: Makefile 
lang/python/3.7/pkg: PLIST-gdbm PLIST-idle PLIST-main 
 PLIST-tests PLIST-tkinter 

Log message:
add @pkgpath markers to handle updating old 3.6 packages to 3.7,
missed when removing 3.6

Re: postgresql: libc collation issue, linking with ICU

2019-12-11 Thread Ingo Schwarze 
Hi,

Stuart Henderson wrote on Wed, Dec 11, 2019 at 07:19:16PM +:
> On 2019/12/11 19:57, f.holop wrote:
>> Ingo Schwarze - Wed, 11 December 2019 at 18:42:35

 i have noticed that libc collation on OpenBSD is broken (also on macos) :(

>>> It is intentional that OpenBSD does not support collation for locales
>>> other than "C" in libc, and i'm not aware of any developer who might
>>> have plans to add it in the future, not even in the long term.  Even

>> sounds like all the more reason to build postgresql with ICU.

> Nothing in Ingo's mail contradicts that.

Right.

The reason i didn't comment on the suggestion to make postgresql
depend on ICU is that i'm using postgres quite rarely and cannot
contribute meaningful input to the tradeoff between another
dependency of medium weight vs. the added functionality.

*If* locale-dependent collation is considered important for
the postgres database, then depending on ICU would agree well
with my above reasoning, unless it causes other woes - the port
is not a very easy and straightforward one and i have no idea
which technical consequences adding that dependency might entail.

Yours,
  Ingo

Re: postgresql: libc collation issue, linking with ICU

2019-12-11 Thread Stuart Henderson 
On 2019/12/11 19:57, f.holop wrote:
> Ingo Schwarze - Wed, 11 December 2019 at 18:42:35
> > > i have noticed that libc collation on OpenBSD is broken (also on macos) :(
> > 
> > It is intentional that OpenBSD does not support collation for locales
> > other than "C" in libc, and i'm not aware of any developer who might
> > have plans to add it in the future, not even in the long term.  Even
> 
> sounds like all the more reason to build postgresql with ICU.

Nothing in Ingo's mail contradicts that.

Re: postgresql: libc collation issue, linking with ICU

2019-12-11 Thread f.holop 
Ingo Schwarze - Wed, 11 December 2019 at 18:42:35
> > i have noticed that libc collation on OpenBSD is broken (also on macos) :(
> 
> It is intentional that OpenBSD does not support collation for locales
> other than "C" in libc, and i'm not aware of any developer who might
> have plans to add it in the future, not even in the long term.  Even

sounds like all the more reason to build postgresql with ICU.

-f
-- 
my desk is a final proof of the chaos theory

Re: Go and portgen(1)

2019-12-11 Thread Aaron Bieber 
On Wed, 11 Dec 2019 at 15:30:43 +, Stuart Henderson wrote:
> The go.port.mk part of this breaks some existing ports e.g. net/dnscontrol,
> net/wireguard-go.
> 

Here is a version of go.port.mk that fixes the GH_* ALL_TARGET stuff.

# $OpenBSD: go.port.mk,v 1.27 2019/11/19 09:17:06 sthen Exp $

ONLY_FOR_ARCHS ?=   ${GO_ARCHS}

MODGO_BUILDDEP ?=   Yes

MODGO_DIST_SUBDIR ?=go_modules

MASTER_SITE_ATHENS =https://proxy.golang.org/

MODGO_MASTER_SITESN =   9
MASTER_SITES${MODGO_MASTER_SITESN} ?= ${MASTER_SITE_ATHENS}

MODGO_RUN_DEPENDS = lang/go
MODGO_BUILD_DEPENDS =   lang/go

.if ${NO_BUILD:L} == "no" && ${MODGO_BUILDDEP:L} == "yes"
BUILD_DEPENDS +=${MODGO_BUILD_DEPENDS}
.endif

.if ${MACHINE_ARCH} == "amd64"
_GOARCH =   amd64
.elif ${MACHINE_ARCH} == "arm"
_GOARCH =   arm
.elif ${MACHINE_ARCH} == "aarch64"
_GOARCH =   arm64
.elif ${MACHINE_ARCH} == "i386"
_GOARCH =   386
.endif

MODGO_PACKAGE_PATH =${PREFIX}/go-pkg
MODGO_PACKAGES =go-pkg/pkg/openbsd_${_GOARCH}
MODGO_SOURCES = go-pkg/src
MODGO_TOOLS =   go-pkg/tool/openbsd_${_GOARCH}

SUBST_VARS +=   MODGO_TOOLS MODGO_PACKAGES MODGO_SOURCES

MODGO_SUBDIR ?= ${WRKDIST}
MODGO_TYPE ?=   bin
MODGO_WORKSPACE ?=  ${WRKDIR}/go
MODGO_GOCACHE ?=${WRKDIR}/go-cache
MODGO_GOPATH ?= ${MODGO_WORKSPACE}:${MODGO_PACKAGE_PATH}
# We cannot assume that the maching running the built code will have SSE,
# even though the machine building the package has SSE. As such, we need
# to explicitly disable SSE on i386 builds.
MAKE_ENV += GO386=387
MAKE_ENV += GOCACHE="${MODGO_GOCACHE}"

MODGO_CMD ?=${SETENV} ${MAKE_ENV} go
MODGO_BUILD_CMD =   ${MODGO_CMD} install ${MODGO_FLAGS}
MODGO_TEST_CMD =${MODGO_CMD} test ${MODGO_FLAGS} ${MODGO_TEST_FLAGS}
MODGO_BINDIR ?= bin

.if ! empty(MODGO_LDFLAGS)
MODGO_BUILD_CMD +=  -ldflags="${MODGO_LDFLAGS}"
MODGO_TEST_CMD +=   -ldflags="${MODGO_LDFLAGS}"
.endif

.if defined(MODGO_MODNAME)
EXTRACT_SUFX ?= .zip
PKGNAME ?=  ${DISTNAME:S/-v/-/}
ALL_TARGET ?=   ${MODGO_MODNAME}
DISTFILES = 
${DISTNAME}${EXTRACT_SUFX}{${MODGO_VERSION}${EXTRACT_SUFX}}
MASTER_SITES ?= ${MASTER_SITE_ATHENS}${MODGO_MODNAME}/@v/
.  for _modname _modver in ${MODGO_MODULES}
SUPDISTFILES += 
${MODGO_DIST_SUBDIR}/${_modname}/@v/${_modver}.zip{${_modname}/@v/${_modver}.zip}:${MODGO_MASTER_SITESN}
.  endfor
.  for _modname _modver in ${MODGO_MODFILES}
SUPDISTFILES += 
${MODGO_DIST_SUBDIR}/${_modname}/@v/${_modver}.mod{${_modname}/@v/${_modver}.mod}:${MODGO_MASTER_SITESN}
.  endfor
MAKE_ENV += GOPROXY=file://${DISTDIR}/${MODGO_DIST_SUBDIR}
MAKE_ENV += GO111MODULE=on GOPATH="${MODGO_GOPATH}"
.else
# ports are not allowed to fetch from the network at build time; point
# GOPROXY at an unreachable host so that failures are also visible to
# developers who don't have PORTS_PRIVSEP and a "deny .. _pbuild" PF rule.
MAKE_ENV += GOPROXY=invalid://ports.should.not.fetch.at.buildtime/
MAKE_ENV += GO111MODULE=off GOPATH="${MODGO_GOPATH}"
.  if defined(GH_ACCOUNT) && defined(GH_PROJECT)
ALL_TARGET ?=  github.com/${GH_ACCOUNT}/${GH_PROJECT}
.  endif
.endif

MODGO_TEST_TARGET ?=cd ${WRKSRC} && ${MODGO_CMD} test ${ALL_TARGET}

SEPARATE_BUILD ?=   Yes

CATEGORIES +=   lang/go

MODGO_BUILD_TARGET =${MODGO_BUILD_CMD}
MODGO_FLAGS +=  -v -p ${MAKE_JOBS}

.if empty(DEBUG)
# by default omit symbol table, debug information and DWARF symbol table
MODGO_LDFLAGS +=-s -w
.else
MODGO_FLAGS +=  -x
.endif

.if empty(MODGO_MODNAME)
WRKSRC ?=   ${MODGO_WORKSPACE}/src/${ALL_TARGET}
MODGO_SETUP_WORKSPACE = mkdir -p ${WRKSRC:H}; mv ${MODGO_SUBDIR} ${WRKSRC};
.else
WRKSRC ?=   ${WRKDIR}/${MODGO_MODNAME}@${MODGO_VERSION}
MODGO_SETUP_WORKSPACE = ln -sf ${WRKSRC} ${WRKDIR}/${MODGO_MODNAME}
.endif

INSTALL_STRIP =
.if ${MODGO_TYPE:L:Mbin}
MODGO_INSTALL_TARGET =  ${INSTALL_PROGRAM_DIR} ${PREFIX}/${MODGO_BINDIR} && \
${INSTALL_PROGRAM} ${MODGO_WORKSPACE}/bin/* \
${PREFIX}/${MODGO_BINDIR};
.endif

# Go source files serve the purpose of libraries, so sources should be included
# with library ports.
.if ${MODGO_TYPE:L:Mlib}
MODGO_INSTALL_TARGET += ${INSTALL_DATA_DIR} ${MODGO_PACKAGE_PATH} && \
cd ${MODGO_WORKSPACE} && \
find src pkg -type d -exec ${INSTALL_DATA_DIR} \
${MODGO_PACKAGE_PATH}/{} \; \
-o -type f -exec ${INSTALL_DATA} -p \
${MODGO_WORKSPACE}/{} \
${MODGO_PACKAGE_PATH}/{} \;

# This is required to force rebuilding of go libraries upon changes in
# toolchain.
RUN_DEPENDS +=  ${MODGO_RUN_DEPENDS}
.endif

.if empty(CONFIGURE_STYLE)

Re: postgresql: libc collation issue, linking with ICU

2019-12-11 Thread Ingo Schwarze 
Hi,

f.holop wrote on Tue, Dec 10, 2019 at 05:07:07PM +0100:

> i have noticed that libc collation on OpenBSD is broken (also on macos) :(

It is intentional that OpenBSD does not support collation for locales
other than "C" in libc, and i'm not aware of any developer who might
have plans to add it in the future, not even in the long term.  Even
the people who added collation support to the FreeBSD libc some
years ago have been cursing loudly about it, even though FreeBSD
is often quite ready to add bloat to their system.

My personal opinion is that libc is a general-purpose programming
and operating system support library, whereas locale-specific
collation is a highly specialiced niche task that requires
extremely complicated code, much too large and ugly for a library
like libc.  There is a lot of merit in keeping libc lean and simple,
not least to help correctness, robustness, and security.

For the intended behaviour of OpenBSD, please read:

 * locale(1)
 * setlocale(3), including the CAVEATS in that page
 * strcoll(3)
 * wcscoll(3)

Yours,
  Ingo

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/12/11 09:08:30

Modified files:
lang/php   : Makefile.inc php.port.mk 
lang/php/pecl  : pecl.port.mk 
archivers/pecl-lzf: Makefile 
archivers/pecl-lzf/pkg: PLIST 
archivers/pecl-rar: Makefile 
archivers/pecl-rar/pkg: PLIST 
databases/pecl-redis: Makefile 
databases/pecl-redis/pkg: PLIST 
graphics/pecl-imagick: Makefile 
graphics/pecl-imagick/pkg: PLIST 
mail/pecl-mailparse: Makefile 
mail/pecl-mailparse/pkg: PLIST 
www/pecl-chroot: Makefile 
www/pecl-chroot/pkg: PLIST 
www/pecl-memcached: Makefile 
www/pecl-memcached/pkg: PLIST 
www/pecl-pecl_http: Makefile 
www/pecl-pecl_http/pkg: PLIST 
www/pecl-proctitle: Makefile 
www/pecl-proctitle/pkg: PLIST 
www/pecl-propro: Makefile 
www/pecl-propro/pkg: PLIST 
www/pecl-raphf : Makefile 
www/pecl-raphf/pkg: PLIST 
www/pecl-ssh2  : Makefile 
www/pecl-ssh2/pkg: PLIST 

Log message:
more php71 cleanup

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/12/11 08:59:27

Modified files:
archivers  : Makefile 
databases  : Makefile 
graphics   : Makefile 
mail   : Makefile 
security   : Makefile 
textproc   : Makefile 
www: Makefile 
lang/php/7.3   : Makefile 
lang/php/7.3/pkg: PLIST-main 
Removed files:
security/pecl-libsodium: Makefile distinfo 
security/pecl-libsodium/pkg: DESCR PLIST 

Log message:
remove php71 builds of pecl modules, and pecl-libsodium which is rolled
into php core as of 7.2

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/12/11 08:51:00

Modified files:
sysutils/snmp_exporter: Makefile distinfo 
sysutils/snmp_exporter/patches: patch-Makefile_common 
patch-generator_Makefile 
sysutils/snmp_exporter/pkg: PLIST 

Log message:
update to snmp_exporter-0.16.1

Re: Go and portgen(1)

2019-12-11 Thread Stuart Henderson 
The go.port.mk part of this breaks some existing ports e.g. net/dnscontrol,
net/wireguard-go.

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/12/11 08:02:48

Modified files:
security/passwdqc: Makefile distinfo 
security/passwdqc/patches: patch-passwdqc_conf_5 
   patch-pwqcheck_1 patch-pwqgen_1 

Log message:
update to passwdqc-1.3.2

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/12/11 08:02:53

Modified files:
devel/cvs-fast-export: Makefile distinfo 
devel/cvs-fast-export/patches: patch-Makefile 

Log message:
update to cvs-fast-export-1.49

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/12/11 07:47:55

Modified files:
lang/php   : Makefile 
lang/php/7.3   : Makefile 
lang/php/7.3/pkg: PLIST-apache PLIST-bz2 PLIST-cgi PLIST-curl 
  PLIST-dba PLIST-dbg PLIST-gd PLIST-gmp 
  PLIST-imap PLIST-intl PLIST-ldap PLIST-main 
  PLIST-mysqli PLIST-odbc PLIST-pcntl 
  PLIST-pdo_dblib PLIST-pdo_mysql PLIST-pdo_odbc 
  PLIST-pdo_pgsql PLIST-pdo_sqlite PLIST-pgsql 
  PLIST-pspell PLIST-shmop PLIST-snmp PLIST-soap 
  PLIST-sqlite3 PLIST-tidy PLIST-xmlrpc 
  PLIST-xsl PLIST-zip 
Removed files:
lang/php/7.1   : Makefile distinfo 
lang/php/7.1/patches: patch-acinclude_m4 patch-aclocal_m4 
  patch-configure_in patch-ext_gd_config_m4 
  patch-ext_mysqlnd_config9_m4 
  patch-ext_odbc_config_m4 patch-main_php_h 
  patch-main_php_ini_c 
  patch-main_streams_php_stream_transport_h 
  patch-php_ini-development 
  patch-php_ini-production 
  patch-sapi_cgi_cgi_main_c 
  patch-sapi_cli_php_cli_c 
  patch-sapi_fpm_fpm_fpm_atomic_h 
  patch-sapi_fpm_fpm_fpm_children_c 
  patch-sapi_fpm_www_conf_in 
  patch-scripts_Makefile_frag 
  patch-scripts_php-config_in 
  patch-scripts_phpize_in 
lang/php/7.1/pkg: PLIST-apache PLIST-bz2 PLIST-cgi PLIST-curl 
  PLIST-dba PLIST-dbg PLIST-gd PLIST-gmp 
  PLIST-imap PLIST-intl PLIST-ldap PLIST-main 
  PLIST-mcrypt PLIST-mysqli PLIST-odbc 
  PLIST-pcntl PLIST-pdo_dblib PLIST-pdo_mysql 
  PLIST-pdo_odbc PLIST-pdo_pgsql 
  PLIST-pdo_sqlite PLIST-pgsql PLIST-pspell 
  PLIST-shmop PLIST-snmp PLIST-soap 
  PLIST-sqlite3 PLIST-tidy PLIST-xmlrpc 
  PLIST-xsl PLIST-zip php71_fpm.rc 

Log message:
remove PHP 7.1 and set @pkgpath to merge package updates to 7.3,
7.1 is now end of life upstream and won't receive more security fixes.

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Vadim Zhukov 
CVSROOT:/cvs
Module name:ports
Changes by: z...@cvs.openbsd.org2019/12/11 07:28:36

Modified files:
net/rabbitmq   : Makefile 
net/rabbitmq/files: rabbitmq.conf 
net/rabbitmq/pkg: PLIST 

Log message:
Tweaks for RabbitMQ installation, okayed by sebastia@ (MAINTAINER):

- build & install manual pages;
- provide default HOME= line in rabbitmq-env.conf, allowing rabbitmqctl
to work out-of-the-box, including rcctl check/stop cases.

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Rafael Sadowski 
CVSROOT:/cvs
Module name:ports
Changes by: rsadow...@cvs.openbsd.org   2019/12/11 06:09:24

Modified files:
x11/kde-applications/kdf: Makefile 

Log message:
Fix missing build dependency kcmutils

Spotted by naddy@ thanks!

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/12/11 05:43:28

Modified files:
fonts  : Makefile 

Log message:
+crimson

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/12/11 05:42:02

Log message:
import fonts/crimson, fix/ok tb@

Crimson is a free and open-source text type family.

The font is designed in the tradition of beautiful oldstyle type,
and inspired particularly by the fantastic work of people like Jan
Tschichold (Sabon), Robert Slimbach (Arno, Minion) and Jonathan Hoefler
(Hoefler Text). It features

- six cuts (regular, semibold and bold; with a Roman and Italic each)

- characters for a wide range of European languages - though some are
still better supported than others between different cuts

- spacing/kerning done by Igino Marini's spectacular iKern

- an unbeatable price of zero!

Status:

Vendor Tag: sthen
Release Tags:   sthen_20191211

N ports/fonts/crimson/Makefile
N ports/fonts/crimson/distinfo
N ports/fonts/crimson/pkg/DESCR
N ports/fonts/crimson/pkg/PLIST

No conflicts created by this import

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Sebastien Marie 
CVSROOT:/cvs
Module name:ports
Changes by: sema...@cvs.openbsd.org 2019/12/11 05:35:06

Modified files:
devel/cargo: cargo.port.mk 

Log message:
devel/cargo module

- uses cargo --offline when building to enforce "no network" at build time.
- properly implement MODCARGO_FEATURES by passing it to all stages (build, 
test, install)
- add MODCARGO_NO_DEFAULT_FEATURES to permit overriding completely cargo 
features defined in Cargo.toml

ok sthen@

NEW: fonts/crimson

2019-12-11 Thread Stuart Henderson 
ok to import?


Crimson is a free and open-source text type family.

The font is designed in the tradition of beautiful oldstyle type,
and inspired particularly by the fantastic work of people like Jan
Tschichold (Sabon), Robert Slimbach (Arno, Minion) and Jonathan Hoefler
(Hoefler Text). It features

- six cuts (regular, semibold and bold; with a Roman and Italic each)

- characters for a wide range of European languages – though some are
still better supported than others between different cuts

- spacing/kerning done by Igino Marini's spectacular iKern

- an unbeatable price of zero!



crimson.tgz
Description: application/tar-gz

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2019/12/11 04:34:39

Modified files:
sysutils/terraform/provider-alicloud: Makefile 

Log message:
despite DPB_PROPERTIES=lonesome and datasize-cur=infinity this still
consistently fails on i386 - set NOT_FOR_ARCHS.

runtime: out of memory: cannot allocate 67821568-byte block (2004189184 in use)

Re: devel/cargo module: offline + features

2019-12-11 Thread Stuart Henderson 
On 2019/12/11 09:51, Sebastien Marie wrote:
> Hi,
> 
> The following diff to devel/cargo module introduces two things:
> 
> - build rust crates using cargo --offline to enforce "no network" build. It
>   means that if network would be necessary, cargo will abort with error 
> instead of
>   using (or trying to use) network.
> 
> - provide proper MODCARGO_FEATURES functionality. currently the flags are 
> passed
>   only to build stage, resulting the install stage to rebuild things without 
> the
>   flags before installing.
> 
> - add a MODCARGO_NO_DEFAULT_FEATURES knob to permit overriding completely
>   features defined in Cargo.toml. Without it, features are added to default 
> ones.
> 
> Comments or OK ?

OK sthen@. I've done several full bulk builds with cargo --offline with
no fallout.

> Sebastien Marie
> 
> diff 6deeda83e36cd06f0fc98a19fbf83dc54a799766 
> /home/semarie/repos/openbsd/ports
> blob - 7e465f5957edcde8dfb487eb610b363a505ca700
> file + devel/cargo/cargo.port.mk
> --- devel/cargo/cargo.port.mk
> +++ devel/cargo/cargo.port.mk
> @@ -9,6 +9,9 @@ MODCARGO_CRATES ?=
>  # List of features to build (space separated list).
>  MODCARGO_FEATURES ?=
>  
> +# Force using only MODCARGO_FEATURES if Yes
> +MODCARGO_NO_DEFAULT_FEATURES ?=  No
> +
>  # List of crates to update (no version).
>  # Used to override a dependency with newer version.
>  MODCARGO_CRATES_UPDATE ?=
> @@ -143,10 +146,17 @@ MODCARGO_TEST_ARGS ?=
>  
>  # Manage crate features.
>  .if !empty(MODCARGO_FEATURES)
> -MODCARGO_BUILD_ARGS +=   --features='${MODCARGO_FEATURES}'
> -MODCARGO_TEST_ARGS +=--features='${MODCARGO_FEATURES}'
> +MODCARGO_BUILD_ARGS +=   --features='${MODCARGO_FEATURES}'
> +MODCARGO_INSTALL_ARGS += --features='${MODCARGO_FEATURES}'
> +MODCARGO_TEST_ARGS +=--features='${MODCARGO_FEATURES}'
>  .endif
>  
> +.if ${MODCARGO_NO_DEFAULT_FEATURES:L} == "yes"
> +MODCARGO_BUILD_ARGS +=   --no-default-features
> +MODCARGO_INSTALL_ARGS += --no-default-features
> +MODCARGO_TEST_ARGS +=--no-default-features
> +.endif
> +
>  # Helper for updating a crate.
>  MODCARGO_CARGO_UPDATE = \
>   ${MODCARGO_CARGO_RUN} update \
> @@ -162,6 +172,7 @@ MODCARGO_TEST ?=  Yes
>  MODCARGO_BUILD_TARGET = \
>   ${MODCARGO_CARGO_RUN} build \
>   --manifest-path ${MODCARGO_CARGOTOML} \
> + --offline \
>   --release \
>   --verbose \
>   ${MODCARGO_BUILD_ARGS} ;
> @@ -175,6 +186,7 @@ do-build:
>  MODCARGO_INSTALL_TARGET = \
>   ${MODCARGO_CARGO_RUN} install \
>   --root="${PREFIX}" \
> + --offline \
>   --verbose \
>   ${MODCARGO_INSTALL_ARGS} ; \
>   rm -- "${PREFIX}/.crates.toml" ;
> @@ -188,6 +200,7 @@ do-install:
>  MODCARGO_TEST_TARGET = \
>   ${MODCARGO_CARGO_RUN} test \
>   --manifest-path ${MODCARGO_CARGOTOML} \
> + --offline \
>   --release \
>   --verbose \
>   ${MODCARGO_TEST_ARGS} ;
>

Re: [PATCH] graphics/libsixel security patches

2019-12-11 Thread Stuart Henderson 
On 2019/12/10 21:58, trondd wrote:
> A handful of CVEs were assigned for bugs in libsixel.  Heap buffer
> overflows and integer overflows.
> 
> CVE-2019-19638
> CVE-2019-19635
> CVE-2019-19636
> CVE-2019-19637
> 
> A pull request pointing out the issues and patching them was submitted
> about 10 days ago.  The CVEs were assigned 3 days ago.
> 
> https://github.com/saitoha/libsixel/pull/106
> 
> There hasn't been a response yet so instead of waiting for a new release
> I'm being proactive to get the patches applied to the port of the current
> version.

Please would you add a quick comment to the patches? A reference to
the PR and short description would be fine.

> Tim.
> 
> Index: Makefile
> ===
> RCS file: /cvs/ports/graphics/libsixel/Makefile,v
> retrieving revision 1.5
> diff -u -p -r1.5 Makefile
> --- Makefile  12 Jul 2019 20:47:02 -  1.5
> +++ Makefile  11 Dec 2019 02:51:09 -
> @@ -9,6 +9,8 @@ SHARED_LIBS +=sixel   1.0 # 1.6
>  
>  CATEGORIES = graphics
>  
> +REVISION =   0
> +
>  HOMEPAGE =   https://github.com/saitoha/libsixel
>  
>  MAINTAINER = Frederic Cambus 
> Index: patches/patch-include_sixel_h_in
> ===
> RCS file: patches/patch-include_sixel_h_in
> diff -N patches/patch-include_sixel_h_in
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-include_sixel_h_in  11 Dec 2019 02:51:09 -
> @@ -0,0 +1,13 @@
> +$OpenBSD$
> +
> +Index: include/sixel.h.in
> +--- include/sixel.h.in.orig
>  include/sixel.h.in
> +@@ -60,6 +60,7 @@ typedef int SIXELSTATUS;
> + #define SIXEL_BAD_ALLOCATION(SIXEL_RUNTIME_ERROR | 0x0001)  /* malloc() 
> failed */
> + #define SIXEL_BAD_ARGUMENT  (SIXEL_RUNTIME_ERROR | 0x0002)  /* bad 
> argument detected */
> + #define SIXEL_BAD_INPUT (SIXEL_RUNTIME_ERROR | 0x0003)  /* bad 
> input detected */
> ++#define SIXEL_BAD_INTEGER_OVERFLOW (SIXEL_RUNTIME_ERROR | 0x0004)  /* 
> integer overflow */
> + 
> + #define SIXEL_NOT_IMPLEMENTED   (SIXEL_FEATURE_ERROR | 0x0001)  /* feature 
> not implemented */
> + 
> Index: patches/patch-src_frompnm_c
> ===
> RCS file: patches/patch-src_frompnm_c
> diff -N patches/patch-src_frompnm_c
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-src_frompnm_c   11 Dec 2019 02:51:09 -
> @@ -0,0 +1,23 @@
> +$OpenBSD$
> +
> +Index: src/frompnm.c
> +--- src/frompnm.c.orig
>  src/frompnm.c
> +@@ -166,7 +166,7 @@ load_pnm(unsigned char  /* in */  *p,
> + height = 0;
> + for (; *s >= '0' && *s <= '9'; ++s) {
> + height = height * 10 + (*s - '0');
> +-if (width > PNM_MAX_WIDTH) {
> ++if (height > PNM_MAX_HEIGHT) {
> + status = SIXEL_RUNTIME_ERROR;
> + sprintf(
> +   message,
> +@@ -193,7 +193,7 @@ load_pnm(unsigned char  /* in */  *p,
> + for (; *s >= '0' && *s <= '9'; ++s) {
> + deps = deps * 10 + (*s - '0');
> + }
> +-if (width > PNM_MAX_WIDTH) {
> ++if (deps > PNM_MAX_DEPTH) {
> + status = SIXEL_RUNTIME_ERROR;
> + sprintf(
> +   message,
> Index: patches/patch-src_fromsixel_c
> ===
> RCS file: patches/patch-src_fromsixel_c
> diff -N patches/patch-src_fromsixel_c
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-src_fromsixel_c 11 Dec 2019 02:51:09 -
> @@ -0,0 +1,79 @@
> +$OpenBSD$
> +
> +Index: src/fromsixel.c
> +--- src/fromsixel.c.orig
>  src/fromsixel.c
> +@@ -52,6 +52,7 @@
> + #include 
> + #include/* isdigit */
> + #include   /* memcpy */
> ++#include 
> + 
> + #if defined(HAVE_INTTYPES_H)
> + # include 
> +@@ -367,7 +368,17 @@ parser_context_init(parser_context_t *context)
> + return status;
> + }
> + 
> ++SIXELSTATUS safe_addition_for_params(parser_context_t *context, unsigned 
> char *p){
> ++int x;
> + 
> ++x = *p - '0'; /* 0 <= x <= 9 */
> ++if ((context->param > INT_MAX / 10) || (x > INT_MAX - context->param * 
> 10)) {
> ++return SIXEL_BAD_INTEGER_OVERFLOW;
> ++}
> ++context->param = context->param * 10 + x;
> ++return SIXEL_OK;
> ++}
> ++
> + /* convert sixel data into indexed pixel bytes and palette data */
> + SIXELAPI SIXELSTATUS
> + sixel_decode_raw_impl(
> +@@ -446,7 +457,10 @@ sixel_decode_raw_impl(
> + if (context->param < 0) {
> + context->param = 0;
> + }
> +-context->param = context->param * 10 + *p - '0';
> ++status = safe_addition_for_params(context, p);
> ++if (SIXEL_FAILED(status)) {
> ++goto end;
> ++}
> + p++;
> + break;
> + case ';':
> +@@ -647,7 +661,10 @@ sixel_decode_raw_impl(
> + case '7':

CVS: cvs.openbsd.org: ports

2019-12-11 Thread Frederic Cambus 
CVSROOT:/cvs
Module name:ports
Changes by: fcam...@cvs.openbsd.org 2019/12/11 03:46:37

Modified files:
textproc/ruby-rouge: Makefile distinfo 
textproc/ruby-rouge/pkg: PLIST 

Log message:
Update ruby-rouge to 3.14.0.

devel/cargo module: offline + features

2019-12-11 Thread Sebastien Marie 
Hi,

The following diff to devel/cargo module introduces two things:

- build rust crates using cargo --offline to enforce "no network" build. It
  means that if network would be necessary, cargo will abort with error instead 
of
  using (or trying to use) network.

- provide proper MODCARGO_FEATURES functionality. currently the flags are passed
  only to build stage, resulting the install stage to rebuild things without the
  flags before installing.

- add a MODCARGO_NO_DEFAULT_FEATURES knob to permit overriding completely
  features defined in Cargo.toml. Without it, features are added to default 
ones.

Comments or OK ?
-- 
Sebastien Marie

diff 6deeda83e36cd06f0fc98a19fbf83dc54a799766 /home/semarie/repos/openbsd/ports
blob - 7e465f5957edcde8dfb487eb610b363a505ca700
file + devel/cargo/cargo.port.mk
--- devel/cargo/cargo.port.mk
+++ devel/cargo/cargo.port.mk
@@ -9,6 +9,9 @@ MODCARGO_CRATES ?=
 # List of features to build (space separated list).
 MODCARGO_FEATURES ?=
 
+# Force using only MODCARGO_FEATURES if Yes
+MODCARGO_NO_DEFAULT_FEATURES ?=No
+
 # List of crates to update (no version).
 # Used to override a dependency with newer version.
 MODCARGO_CRATES_UPDATE ?=
@@ -143,10 +146,17 @@ MODCARGO_TEST_ARGS ?=
 
 # Manage crate features.
 .if !empty(MODCARGO_FEATURES)
-MODCARGO_BUILD_ARGS += --features='${MODCARGO_FEATURES}'
-MODCARGO_TEST_ARGS +=  --features='${MODCARGO_FEATURES}'
+MODCARGO_BUILD_ARGS += --features='${MODCARGO_FEATURES}'
+MODCARGO_INSTALL_ARGS +=   --features='${MODCARGO_FEATURES}'
+MODCARGO_TEST_ARGS +=  --features='${MODCARGO_FEATURES}'
 .endif
 
+.if ${MODCARGO_NO_DEFAULT_FEATURES:L} == "yes"
+MODCARGO_BUILD_ARGS += --no-default-features
+MODCARGO_INSTALL_ARGS +=   --no-default-features
+MODCARGO_TEST_ARGS +=  --no-default-features
+.endif
+
 # Helper for updating a crate.
 MODCARGO_CARGO_UPDATE = \
${MODCARGO_CARGO_RUN} update \
@@ -162,6 +172,7 @@ MODCARGO_TEST ?=Yes
 MODCARGO_BUILD_TARGET = \
${MODCARGO_CARGO_RUN} build \
--manifest-path ${MODCARGO_CARGOTOML} \
+   --offline \
--release \
--verbose \
${MODCARGO_BUILD_ARGS} ;
@@ -175,6 +186,7 @@ do-build:
 MODCARGO_INSTALL_TARGET = \
${MODCARGO_CARGO_RUN} install \
--root="${PREFIX}" \
+   --offline \
--verbose \
${MODCARGO_INSTALL_ARGS} ; \
rm -- "${PREFIX}/.crates.toml" ;
@@ -188,6 +200,7 @@ do-install:
 MODCARGO_TEST_TARGET = \
${MODCARGO_CARGO_RUN} test \
--manifest-path ${MODCARGO_CARGOTOML} \
+   --offline \
--release \
--verbose \
${MODCARGO_TEST_ARGS} ;