CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2024/04/12 03:17:42

Modified files:
www/apache-httpd: Tag: OPENBSD_7_5 Makefile distinfo 
www/apache-httpd/patches: Tag: OPENBSD_7_5 
  patch-docs_man_htpasswd_1 
  patch-modules_ssl_ssl_engine_init_c 
Removed files:
www/apache-httpd/patches: Tag: OPENBSD_7_5 
  patch-modules_filters_mod_xml2enc_c 
  patch-modules_ssl_ssl_private_h 

Log message:
Update to 2.4.59
fixes CVE-2024-27316, CVE-2024-24795 and CVE-2023-38709
Also fix a regression that causes the default DH parameters for a key
no longer set and thus effectively disabling DH ciphers when no explicit
DH parameters are set.

Re: Overhaul package handling in puppet 8

[Giovanni Bechis]

On 4/10/24 07:10, Sebastian Reitenbach wrote:

Hi,
On Tuesday, April 09, 2024 22:43 CEST, Giovanni Bechis  
wrote:


On Tue, Apr 09, 2024 at 10:17:30PM +0200, Sebastian Reitenbach wrote:

Since we now have a recent Puppet in ports, I started looking at how packages 
are handled with Puppet.
My current trouble is that it wasn't really possible to install banches 
properly: i.e. can't properly install gimp,
or auto* based on branch. Or esp, when want to install multiple of them, it was 
just not possible.
For ports where branches conflict, i.e. postfix, this was working, but had to 
specify exact version, and on every
upgrade bump the version  _very_ annoying.

Currently Puppet allows to install packages of a given version (ensure => "X.Y.Z"), or to 
follow updates (ensure => "latest").


[...]

This is just for Puppet 8. Anyone still on Puppet 7? It should be easily ported 
to Puppet 7 as well.


I am on Puppet 7 and I do not have time to upgrade to Puppet 8 soon; I


My upgrade from Puppet 7 to 8 took quite a long time. They removed a lot of 
backward compat
shim, and if you have many old and partially hand made or patched modules like 
I do, it took
quite a while to update all of them


upgrading is on my queue and I have lot of hand made modules, other then that, 
can a Puppet 7 client connect to a Puppet 8 server ?


Attached an untested version of the same changes for the Puppet 7 port.


am also using "ensure => latest" syntax but I can change my code to get
rid of it OpenBSD will no more support it.


What's your use-case to using "ensure => latest"? If there's really a "good 
one",
I can look into re-adding the feature.
My use-case up to now for sparingly using "latest" was to force using "snapshot"
branch of some packages.


my OpenBSD Puppet server manages Linux and Windows servers as well, on those OS 
I want to update automatically only some trusted packages, not all the packages 
the distro wants to update.
Anyway I can change that part of my code without big issues.
 Cheers
   Giovanni



  Cheers
   Giovanni



cheers,
Sebastian


Index: Makefile
===
RCS file: /cvs/ports/sysutils/ruby-puppet/8/Makefile,v
diff -u -r1.2 Makefile
--- Makefile20 Mar 2024 21:21:14 -  1.2
+++ Makefile9 Apr 2024 19:51:40 -
@@ -1,6 +1,7 @@
  PORTROACH=limit:^7
  
  VERSION=		8.5.1

+REVISION=  0
  
  RUN_DEPENDS+=		converters/ruby-multi_json,${MODRUBY_FLAVOR}>=1.13,<2 \

devel/ruby-concurrent-ruby,${MODRUBY_FLAVOR}>=1,<2 \
Index: patches/patch-lib_puppet_provider_package_openbsd_rb
===
RCS file: 
/cvs/ports/sysutils/ruby-puppet/8/patches/patch-lib_puppet_provider_package_openbsd_rb,v
diff -u -r1.2 patch-lib_puppet_provider_package_openbsd_rb
--- patches/patch-lib_puppet_provider_package_openbsd_rb20 Mar 2024 
21:21:14 -  1.2
+++ patches/patch-lib_puppet_provider_package_openbsd_rb9 Apr 2024 
19:51:40 -
@@ -1,42 +1,89 @@
-- Handle errors from pkg_add
-- Handle uninstall_options being 'nil' by default
-- If no flavor speficied, force the empty flavor with '--'
-  but skipping the % un-ambiguity pkg names
-- Bail out on shortform PKG_PATH (i.e. 'ftp.openbsd.org')
-- pkg.conf is gone
-- properly handle packages with multiple versions and flavors,
-  i.e. postfix-XXX-flavor
-
+- get rid of versionable (no ensure => "version X.X.X")
+- get rid of upgradeable (ensure => latest)
+- properly support branches
  
  Index: lib/puppet/provider/package/openbsd.rb

  --- lib/puppet/provider/package/openbsd.rb.orig
  +++ lib/puppet/provider/package/openbsd.rb
-@@ -24,6 +24,8 @@ Puppet::Type.type(:package).provide :openbsd, :parent
-   has_feature :upgradeable
+@@ -6,10 +6,14 @@ require_relative '../../../puppet/provider/package'
+ Puppet::Type.type(:package).provide :openbsd, :parent => 
Puppet::Provider::Package do
+   desc "OpenBSD's form of `pkg_add` support.
+
++OpenBSD has the concept of package branches, providing multiple versions 
of the
++same package, i.e. `stable` vs. `snapshot`. To select a specific branch,
++suffix the package name with % sign follwed by the branch name, i.e. 
`gimp%stable`.
++
+ This provider supports the `install_options` and `uninstall_options`
+ attributes, which allow command-line flags to be passed to pkg_add and 
pkg_delete.
+ These options should be specified as an array where each element is 
either a
+- string or a hash."
++string or a hash."
+
+   commands :pkginfo => "pkg_info",
+:pkgadd => "pkg_add",
+@@ -18,220 +22,94 @@ Puppet::Type.type(:package).provide :openbsd, :parent
+   defaultfor 'os.name' => :openbsd
+   confine 'os.name' => :openbsd
+

Re: Overhaul package handling in puppet 8

[Giovanni Bechis]

On Tue, Apr 09, 2024 at 10:17:30PM +0200, Sebastian Reitenbach wrote:
> Since we now have a recent Puppet in ports, I started looking at how packages 
> are handled with Puppet.
> My current trouble is that it wasn't really possible to install banches 
> properly: i.e. can't properly install gimp, 
> or auto* based on branch. Or esp, when want to install multiple of them, it 
> was just not possible.
> For ports where branches conflict, i.e. postfix, this was working, but had to 
> specify exact version, and on every
> upgrade bump the version  _very_ annoying.
> 
> Currently Puppet allows to install packages of a given version (ensure => 
> "X.Y.Z"), or to follow updates (ensure => "latest").
> 
[...]
> This is just for Puppet 8. Anyone still on Puppet 7? It should be easily 
> ported to Puppet 7 as well. 
> 
I am on Puppet 7 and I do not have time to upgrade to Puppet 8 soon; I
am also using "ensure => latest" syntax but I can change my code to get
rid of it OpenBSD will no more support it.

 Cheers
  Giovanni


> cheers,
> Sebastian
> 
> 
> Index: Makefile
> ===
> RCS file: /cvs/ports/sysutils/ruby-puppet/8/Makefile,v
> diff -u -r1.2 Makefile
> --- Makefile  20 Mar 2024 21:21:14 -  1.2
> +++ Makefile  9 Apr 2024 19:51:40 -
> @@ -1,6 +1,7 @@
>  PORTROACH=   limit:^7
>  
>  VERSION= 8.5.1
> +REVISION=0
>  
>  RUN_DEPENDS+=
> converters/ruby-multi_json,${MODRUBY_FLAVOR}>=1.13,<2 \
>   devel/ruby-concurrent-ruby,${MODRUBY_FLAVOR}>=1,<2 \
> Index: patches/patch-lib_puppet_provider_package_openbsd_rb
> ===
> RCS file: 
> /cvs/ports/sysutils/ruby-puppet/8/patches/patch-lib_puppet_provider_package_openbsd_rb,v
> diff -u -r1.2 patch-lib_puppet_provider_package_openbsd_rb
> --- patches/patch-lib_puppet_provider_package_openbsd_rb  20 Mar 2024 
> 21:21:14 -  1.2
> +++ patches/patch-lib_puppet_provider_package_openbsd_rb  9 Apr 2024 
> 19:51:40 -
> @@ -1,42 +1,89 @@
> -- Handle errors from pkg_add
> -- Handle uninstall_options being 'nil' by default
> -- If no flavor speficied, force the empty flavor with '--'
> -  but skipping the % un-ambiguity pkg names
> -- Bail out on shortform PKG_PATH (i.e. 'ftp.openbsd.org')
> -- pkg.conf is gone
> -- properly handle packages with multiple versions and flavors,
> -  i.e. postfix-XXX-flavor
> -
> +- get rid of versionable (no ensure => "version X.X.X")
> +- get rid of upgradeable (ensure => latest)
> +- properly support branches
>  
>  Index: lib/puppet/provider/package/openbsd.rb
>  --- lib/puppet/provider/package/openbsd.rb.orig
>  +++ lib/puppet/provider/package/openbsd.rb
> -@@ -24,6 +24,8 @@ Puppet::Type.type(:package).provide :openbsd, :parent 
> -   has_feature :upgradeable
> +@@ -6,10 +6,14 @@ require_relative '../../../puppet/provider/package'
> + Puppet::Type.type(:package).provide :openbsd, :parent => 
> Puppet::Provider::Package do
> +   desc "OpenBSD's form of `pkg_add` support.
> + 
> ++OpenBSD has the concept of package branches, providing multiple 
> versions of the
> ++same package, i.e. `stable` vs. `snapshot`. To select a specific branch,
> ++suffix the package name with % sign follwed by the branch name, i.e. 
> `gimp%stable`.
> ++
> + This provider supports the `install_options` and `uninstall_options`
> + attributes, which allow command-line flags to be passed to pkg_add and 
> pkg_delete.
> + These options should be specified as an array where each element is 
> either a
> +- string or a hash."
> ++string or a hash."
> + 
> +   commands :pkginfo => "pkg_info",
> +:pkgadd => "pkg_add",
> +@@ -18,220 +22,94 @@ Puppet::Type.type(:package).provide :openbsd, :parent 
> +   defaultfor 'os.name' => :openbsd
> +   confine 'os.name' => :openbsd
> + 
> +-  has_feature :versionable
> +   has_feature :install_options
> +   has_feature :uninstall_options
> +-  has_feature :upgradeable
> has_feature :supports_flavors
>   
> -+  mk_resource_methods
> -+
> def self.instances
> - packages = []
> - 
> -@@ -46,12 +48,6 @@ Puppet::Type.type(:package).provide :openbsd, :parent 
> - 
> - packages << new(hash)
> - hash = {}
> +-packages = []
> +-
> ++final = []
> + begin
> +-  execpipe(listcmd) do |process|
> +-# our regex for matching pkg_info output
> +-regex = /^(.*)-(\d[^-]*)[-]?([\w-]*)(.*)$/
> +-fields = [:name, :ensure, :flavor]
> +-hash = {}
> ++  packages = listcmd
> ++  packages.each { |package, value|
> ++if !package.empty?()
> ++  value[:provider] = self.name
> ++  final << new(value)
> ++end
> ++  }
> ++  return final
> + 
> +-# now turn each returned line into a package object
> +-process.each_line { |line|
> +-  match = 

UPDATE 7.5-stable: www/apache-httpd

[Giovanni Bechis]

Hi,
update to apache-httpd 2.4.59 which fixes CVE-2024-27316, CVE-2024-24795 and 
CVE-2023-38709
Comments ? ok ?
 Cheers
  Giovanni

Index: Makefile
===
RCS file: /cvs/ports/www/apache-httpd/Makefile,v
retrieving revision 1.129
diff -u -p -r1.129 Makefile
--- Makefile30 Jan 2024 10:01:48 -  1.129
+++ Makefile9 Apr 2024 20:32:44 -
@@ -1,9 +1,8 @@
 COMMENT=   apache HTTP server
 
-V= 2.4.58
+V= 2.4.59
 DISTNAME=  httpd-${V}
 PKGNAME=   apache-httpd-${V}
-REVISION=  1
 
 CATEGORIES=www net
 
Index: distinfo
===
RCS file: /cvs/ports/www/apache-httpd/distinfo,v
retrieving revision 1.46
diff -u -p -r1.46 distinfo
--- distinfo19 Oct 2023 10:35:27 -  1.46
+++ distinfo9 Apr 2024 20:32:44 -
@@ -1,2 +1,2 @@
-SHA256 (httpd-2.4.58.tar.gz) = UDp9pKSif9SWA3mYsXB43J/gBNsyxlfJbM6DVriqLrY=
-SIZE (httpd-2.4.58.tar.gz) = 9825177
+SHA256 (httpd-2.4.59.tar.gz) = 5OxM4Sxsj1p5TcImPRJssdbvZn8DTEZ47JRdYShuiw8=
+SIZE (httpd-2.4.59.tar.gz) = 9843252
Index: patches/patch-docs_man_htpasswd_1
===
RCS file: /cvs/ports/www/apache-httpd/patches/patch-docs_man_htpasswd_1,v
retrieving revision 1.9
diff -u -p -r1.9 patch-docs_man_htpasswd_1
--- patches/patch-docs_man_htpasswd_1   11 Mar 2022 20:09:38 -  1.9
+++ patches/patch-docs_man_htpasswd_1   9 Apr 2024 20:32:44 -
@@ -5,8 +5,8 @@ Index: docs/man/htpasswd.1
  .el .ne 3
  .IP "\\$1" \\$2
  ..
--.TH "HTPASSWD" 1 "2019-08-09" "Apache HTTP Server" "htpasswd"
-+.TH "HTPASSWD2" 1 "2019-08-09" "Apache HTTP Server" "htpasswd2"
+-.TH "HTPASSWD" 1 "2024-04-02" "Apache HTTP Server" "htpasswd"
++.TH "HTPASSWD2" 1 "2024-04-02" "Apache HTTP Server" "htpasswd2"
  
  .SH NAME
 -htpasswd \- Manage user files for basic authentication
@@ -15,20 +15,20 @@ Index: docs/man/htpasswd.1
  .SH "SYNOPSIS"
   
  .PP
--\fB\fBhtpasswd\fR [ -\fBc\fR ] [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR 
| -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] 
\fIpasswdfile\fR \fIusername\fR\fR
-+\fB\fBhtpasswd2\fR [ -\fBc\fR ] [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR 
| -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] 
\fIpasswdfile\fR \fIusername\fR\fR
+-\fB\fBhtpasswd\fR [ -\fBc\fR ] [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fB2\fR 
| -\fB5\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ 
-\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR 
\fIusername\fR\fR
++\fB\fBhtpasswd2\fR [ -\fBc\fR ] [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fB2\fR 
| -\fB5\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ 
-\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR 
\fIusername\fR\fR
   
  .PP
--\fB\fBhtpasswd\fR -\fBb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | 
-\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] 
\fIpasswdfile\fR \fIusername\fR \fIpassword\fR\fR
-+\fB\fBhtpasswd2\fR -\fBb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | 
-\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] 
\fIpasswdfile\fR \fIusername\fR \fIpassword\fR\fR
+-\fB\fBhtpasswd\fR -\fBb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fB2\fR | 
-\fB5\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ 
-\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR \fIusername\fR 
\fIpassword\fR\fR
++\fB\fBhtpasswd2\fR -\fBb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fB2\fR | 
-\fB5\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ 
-\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR \fIusername\fR 
\fIpassword\fR\fR
   
  .PP
--\fB\fBhtpasswd\fR -\fBn\fR [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | 
-\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR\fR
-+\fB\fBhtpasswd2\fR -\fBn\fR [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | 
-\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR\fR
+-\fB\fBhtpasswd\fR -\fBn\fR [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fB2\fR | 
-\fB5\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ 
-\fBC\fR \fIcost\fR ] \fIusername\fR\fR
++\fB\fBhtpasswd2\fR -\fBn\fR [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fB2\fR | 
-\fB5\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ 
-\fBC\fR \fIcost\fR ] \fIusername\fR\fR
   
  .PP
--\fB\fBhtpasswd\fR -\fBnb\fR [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | 
-\fBp\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR \fIpassword\fR\fR
-+\fB\fBhtpasswd2\fR -\fBnb\fR [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | 
-\fBp\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR \fIpassword\fR\fR
+-\fB\fBhtpasswd\fR -\fBnb\fR [ -\fBm\fR | -\fBB\fR | -\fB2\fR | -\fB5\fR | 
-\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ -\fBC\fR 
\fIcost\fR ] 

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2024/04/09 14:20:34

Modified files:
www/apache-httpd: Makefile 
Added files:
www/apache-httpd/patches: patch-modules_ssl_ssl_engine_init_c 

Log message:
Fix a regression that causes the default DH parameters for a key
no longer set and thus effectively disabling DH ciphers when no explicit
DH parameters are set.

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2024/04/04 10:26:31

Modified files:
www/apache-httpd: Makefile distinfo 
www/apache-httpd/patches: patch-docs_man_htpasswd_1 
  patch-server_mpm_unix_c 
Removed files:
www/apache-httpd/patches: patch-modules_filters_mod_xml2enc_c 
  patch-modules_ssl_ssl_engine_init_c 
  patch-modules_ssl_ssl_private_h 

Log message:
Update to 2.4.59
fixes CVE-2024-27316, CVE-2024-24795 and CVE-2023-38709
full Changelog at https://downloads.apache.org/httpd/CHANGES_2.4.59

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2024/04/02 02:41:02

Modified files:
mail/p5-Mail-SpamAssassin: Makefile distinfo 
mail/p5-Mail-SpamAssassin/pkg: PLIST 
Removed files:
mail/p5-Mail-SpamAssassin/patches: patch-sa-update_raw 

Log message:
update to 4.0.1
details about changes and new features at
https://svn.apache.org/repos/asf/spamassassin/trunk/build/announcements/4.0.1.txt

Re: mail/opensmtpd-extras: use imsg_get_fd()

[Giovanni Bechis]

On 1/30/24 17:02, Omar Polo wrote:

This should make opensmtpd-extras work with a future imsg.fd removal.

m_forward() is not used at all in -extras, so I could have also used -1
there, it doesn't matter.

The queues are doing imsg passing, so the second hunk is actually
needed, even if I doubt anyone is using them?  anyway, the diff is
simple enough that I'm confident I'm not breaking anything.

There is still one hit of 'imsg->fd' in api/filter_api.c, but that file
is not used anymore, and so I haven't touched it.


The diff makes sense, the diff should also be committed upstream.
ok giovanni@
 Thanks
  Giovanni



Index: Makefile
===
RCS file: /home/cvs/ports/mail/opensmtpd-extras/Makefile,v
diff -u -p -r1.37 Makefile
--- Makefile26 Sep 2023 12:28:13 -  1.37
+++ Makefile30 Jan 2024 15:55:03 -
@@ -11,8 +11,11 @@ PKGNAME-mysql=   opensmtpd-extras-mysql-$
  PKGNAME-pgsql=opensmtpd-extras-pgsql-${V}
  PKGNAME-python=   opensmtpd-extras-python-${V}
  PKGNAME-redis=opensmtpd-extras-redis-${V}
-REVISION-mysql=0
-REVISION-pgsql=0
+REVISION-main= 0
+REVISION-mysql=1
+REVISION-pgsql=1
+REVISION-python=   0
+REVISION-redis=0
  EPOCH=0
  
  CATEGORIES=		mail

Index: patches/patch-api_mproc_c
===
RCS file: patches/patch-api_mproc_c
diff -N patches/patch-api_mproc_c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-api_mproc_c   30 Jan 2024 15:57:35 -
@@ -0,0 +1,14 @@
+use imsg_get_fd()
+
+Index: api/mproc.c
+--- api/mproc.c.orig
 api/mproc.c
+@@ -306,7 +306,7 @@ void
+ m_forward(struct mproc *p, struct imsg *imsg)
+ {
+   imsg_compose(>imsgbuf, imsg->hdr.type, imsg->hdr.peerid,
+-  imsg->hdr.pid, imsg->fd, imsg->data,
++  imsg->hdr.pid, imsg_get_fd(imsg), imsg->data,
+   imsg->hdr.len - sizeof(imsg->hdr));
+
+   log_trace(TRACE_MPROC, "mproc: %s -> %s : %zu %s (forward)",
Index: patches/patch-api_queue_api_c
===
RCS file: patches/patch-api_queue_api_c
diff -N patches/patch-api_queue_api_c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-api_queue_api_c   30 Jan 2024 15:57:35 -
@@ -0,0 +1,14 @@
+use imsg_get_fd
+
+Index: api/queue_api.c
+--- api/queue_api.c.orig
 api/queue_api.c
+@@ -171,7 +171,7 @@ queue_msg_dispatch(void)
+   log_warn("warn: queue-api: mkstemp");
+   }
+   else {
+-  ifile = fdopen(imsg.fd, "r");
++  ifile = fdopen(imsg_get_fd(), "r");
+   ofile = fdopen(fd, "w");
+   m = n = 0;
+   if (ifile && ofile) {

Re: Trying to install Apache 2.4 with OpenSSL 1.1 instead of LibreSSL

[Giovanni Bechis]

On Mon, Jan 29, 2024 at 07:45:27PM +, Stuart Henderson wrote:
> On 2024/01/29 09:51, giova...@paclan.it wrote:
> > On 1/26/24 23:11, Tim wrote:
> > > I'm trying to troubleshoot an issue where Chrome/Chromium browsers
> > > randomly fail to correctly use SSL against my web server.
> > > 
> > This is a known issue, see 
> > https://marc.info/?l=openbsd-ports=167449054903277=2
> > 
> > > So I am trying to compile and install an apache-http port with OpenSSL 1.1
> > > library instead of LibreSSL.
> > > 
> > > I have managed to compile and install this customer port, however, I
> > > don't know if I ultimately succeeded because when it starts it still
> > > says this in the log file:
> > > 
> > > [Fri Jan 26 14:02:57.131803 2024] [mpm_prefork:notice] [pid 67010] 
> > > AH00163: Apache/2.4.58 (Unix) LibreSSL/3.8.2 configured -- resuming 
> > > normal operations
> > > 
> > > Is this message wrong?  Or am I still ending up with an Apache2
> > > compiled against LibreSSL instead of OpenSSL?
> 
> > you can find it by running "ldd /usr/local/lib/apache2/mod_ssl.so".
> 
> That will show the libraries used but not the headers. (It is possible
> to compile with openssl libraries but libressl headers - that will cause
> problems too).
> 
> I didn't check where httpd gets this version number in the log entry
> from, but it can either be a function in one of the libraries
> (libssl/libcrypto), or from the opensslv.h header.
> 
> Even if you get apache-httpd built against the correct libraries, some
> of the other libraries which it pulls in are built using libressl
> libraries. Those will need to be rebuilt using openssl too. This
> includes apr-util and curl - but curl is used widely in the ports tree
> and you're likely to cause problems for other installed packages if you
> change that.
> 
> Basically: building against a non-default version of a widely used
> library is a hard problem and really best avoided.
> 
> If your setup is reasonably simple, you may be able to use the
> workaround of a single cert with a bunch of additional hostnames in
> subjectAltName. In that case, SNI is not needed for the site to work,
> and that will almost certainly be the easiest way...
> 
> Another possible approach (untested)...
> 
what about this one so I can commit it upstream as well ?
 Giovanni

Index: modules/ssl/ssl_private.h
===
--- modules/ssl/ssl_private.h   (revision 1915475)
+++ modules/ssl/ssl_private.h   (working copy)
@@ -249,7 +249,7 @@
 #endif
 
 /* ALPN Protocol Negotiation */
-#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
+#if !defined(LIBRESSL_VERSION_NUMBER) && 
defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
 #define HAVE_TLS_ALPN
 #endif
 

UPDATE: net/rbldnsd

[Giovanni Bechis]

Hi,
the attached diff updates net/rbldnsd to latest version of rspamd fork.
The fork is currently maintained and it has got rid of net/py-dns dependency.
Ok ? Comments ?
 Cheers
  Giovanni

Index: Makefile
===
RCS file: /cvs/ports/net/rbldnsd/Makefile,v
retrieving revision 1.19
diff -u -p -r1.19 Makefile
--- Makefile8 Nov 2022 11:17:00 -   1.19
+++ Makefile11 Jan 2024 08:28:49 -
@@ -1,36 +1,27 @@
 COMMENT=   small daemon for DNSBLs
 
-DISTNAME=  rbldnsd-0.998.20180516
-GH_ACCOUNT=spamhaus
+DISTNAME=  rbldnsd-1.0.0.2024.01.11
+GH_ACCOUNT=rspamd
 GH_PROJECT=rbldnsd
-GH_COMMIT= cfb7e80ffa690861b1b79772328aa274d1d5446a
-REVISION=  0
+GH_COMMIT= ec13fa915138330ed9c734ac73250bfcb0b3c268
 
 CATEGORIES=net
 
-HOMEPAGE=  https://rbldnsd.io
 MAINTAINER=Giovanni Bechis 
 
-# GPLv2
+# Mostly GPL, with some code licensed under 3-clause BSD license
 PERMIT_PACKAGE=Yes
 
 WANTLIB=   c z
-MODULES=   lang/python
-MODPY_VERSION =${MODPY_DEFAULT_VERSION_2}
-MODPY_RUNDEP=  no
+MODULES=   devel/cmake
 
-CONFIGURE_STYLE=simple
 RBLDNSD_BASE=  ${VARBASE}/rbldnsd
 SUBST_VARS=VARBASE RBLDNSD_BASE
 
 TEST_TARGET=   check
-TEST_DEPENDS=  net/py-dns
 
-pre-configure:
-   ${SUBST_CMD} ${WRKSRC}/Makefile.in
-
-do-install:
-   ${INSTALL_PROGRAM} ${WRKSRC}/rbldnsd ${PREFIX}/sbin
+post-install:
+   mv ${PREFIX}/sbin/rbldnsd-1.0.0 ${PREFIX}/sbin/rbldnsd
${INSTALL_MAN} ${WRKSRC}/rbldnsd.8 ${PREFIX}/man/man8
 
 .include 
Index: distinfo
===
RCS file: /cvs/ports/net/rbldnsd/distinfo,v
retrieving revision 1.7
diff -u -p -r1.7 distinfo
--- distinfo18 Mar 2019 16:29:49 -  1.7
+++ distinfo11 Jan 2024 08:28:49 -
@@ -1,2 +1,2 @@
-SHA256 (rbldnsd-0.998.20180516-cfb7e80f.tar.gz) = 
qi+PKkQkcYU8SHIThe1jRD6woITrap7KP5tzno8FpME=
-SIZE (rbldnsd-0.998.20180516-cfb7e80f.tar.gz) = 156145
+SHA256 (rbldnsd-1.0.0.2024.01.11-ec13fa91.tar.gz) = 
V+NFScIlChierW7t/H31lMa87321w80h/8FMZ+9tmIE=
+SIZE (rbldnsd-1.0.0.2024.01.11-ec13fa91.tar.gz) = 217954
Index: patches/patch-Makefile_in
===
RCS file: patches/patch-Makefile_in
diff -N patches/patch-Makefile_in
--- patches/patch-Makefile_in   11 Mar 2022 19:47:19 -  1.2
+++ /dev/null   1 Jan 1970 00:00:00 -
@@ -1,12 +0,0 @@
-Index: Makefile.in
 Makefile.in.orig
-+++ Makefile.in
-@@ -11,7 +11,7 @@ AR = @AR@
- ARFLAGS = @ARFLAGS@
- RANLIB = @RANLIB@
- AWK = @AWK@
--PYTHON = python
-+PYTHON = ${MODPY_BIN}
- GNUTAR = tar
- 
- # Disable statistic counters

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/12/27 08:48:31

Modified files:
misc/memcached : Makefile distinfo 
misc/memcached/patches: patch-configure patch-doc_Makefile 
patch-memcached_c 

Log message:
bugfix update to 1.6.22
regen patches

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/12/27 05:30:03

Modified files:
databases/p5-DBD-MariaDB: Makefile distinfo 

Log message:
bugfix update to 1.23

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/10/19 04:49:18

Modified files:
www/apache-httpd: Tag: OPENBSD_7_4 Makefile distinfo 

Log message:
update to 2.4.58
fixes CVE-2023-45802, CVE-2023-43622 and CVE-2023-31122

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/10/19 04:35:27

Modified files:
www/apache-httpd: Makefile distinfo 

Log message:
update to 2.4.58
fixes CVE-2023-45802, CVE-2023-43622 and CVE-2023-31122

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/09/21 10:42:14

Modified files:
mail/p5-Mail-SPF: Makefile 
mail/p5-Mail-SPF/patches: patch-lib_Mail_SPF_Server_pm 

Log message:
fix patch

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/09/19 03:29:51

Modified files:
mail/p5-Mail-SPF: Makefile 
Added files:
mail/p5-Mail-SPF/patches: patch-lib_Mail_SPF_Server_pm 
  patch-lib_Mail_SPF_Mod_Exp_pm 

Log message:
fix compatibility with new Net::DNS module

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/08/30 05:02:39

Modified files:
www/phpmyadmin : Makefile distinfo 
www/phpmyadmin/pkg: PLIST 

Log message:
Update to 5.2.1
fixes PMASA-2023-1

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/07/30 08:22:46

Modified files:
mail/p5-Mail-SpamAssassin: Makefile 
Added files:
mail/p5-Mail-SpamAssassin/patches: patch-sa-update_raw 

Log message:
do not use a deprecated method

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/07/19 07:47:10

Modified files:
mail/courier-authlib: Makefile 

Log message:
fix dependency
spotted by ajacoutot@

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/07/14 03:22:26

Modified files:
mail/maildrop  : Makefile 
mail/maildrop/patches: patch-libs_maildrop_maildir_C 

Log message:
fix hidden dependencies, use patch from upstream
spotted by sthen@

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/07/12 02:25:34

Modified files:
mail/maildrop  : Makefile distinfo 
mail/maildrop/patches: patch-libs_maildir_Makefile_in 
   patch-libs_maildrop_configure 
   patch-libs_maildrop_deliver_C 
   patch-libs_maildrop_maildropfilter_7_in 
Added files:
mail/maildrop/patches: patch-libs_maildrop_maildir_C 

Log message:
Update to 3.1.5

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/07/12 02:14:51

Modified files:
mail/courier-imap: Makefile distinfo 
mail/courier-imap/patches: patch-Makefile_in 
   patch-libs_maildir_Makefile_in 

Log message:
update to 5.2.4 and switch to devel/libidn2

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/07/12 02:08:53

Modified files:
mail/courier-authlib: Makefile distinfo 

Log message:
update to 0.72 version

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/07/12 02:05:04

Modified files:
mail/courier-unicode: Makefile distinfo 

Log message:
update to 2.2.6

Nextcloud upgrade path

[Giovanni Bechis]

Hi,
I have a Nextcloud 23.x instance running on OpenBSD 7.3.
pkg_add(1) suggests to upgrade to 24.x and then to 25.x before next release.

$ doas pkg_add -ui
[...]
--- +nextcloud-23.0.12p1 ---
Nextcloud 23 is EOL upstream, it is advised to update your installation
to 24 then to 25 to make sure you're on a supported branch by the time
OpenBSD 7.4 is released.
$ doas pkg_add -i nextcloud
quirks-6.121 signed on 2023-06-08T09:49:46Z
Ambiguous: choose package for nextcloud
a   0: 
1: nextcloud-23.0.12p1
2: nextcloud-24.0.12
3: nextcloud-25.0.6
Your choice: 2
Can't install nextcloud-24.0.12 because of conflicts (nextcloud-23.0.12p1)
--- nextcloud-24.0.12 ---
Can't install nextcloud-24.0.12: conflicts
Couldn't install nextcloud-24.0.12

How should a user upgrade (some info on current.html are needed imho) ?
Can't we add pkgpath entries in order to correctly upgrade between nextcloud 
versions ?

 Cheers
  Giovanni

-

OpenBSD 7.3 (GENERIC) #655: Fri Mar 17 19:16:28 MDT 2023
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
real mem  = 536363008 (511MB)
avail mem = 509448192 (485MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 20/80/26, BIOS32 rev. 0 @ 0xfac40
pcibios0 at bios0: rev 2.0 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc8000/0xa800
cpu0 at mainbus0: (uniprocessor)
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class) 500 
MHz, 05-0a-02
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW
mtrr: K6-family MTRR support (2 registers)
amdmsr0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
0:20:0: io address conflict 0x6100/0x100
0:20:0: io address conflict 0x6200/0x200
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x31
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 6 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11, address 
00:00:24:c8:de:80
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
vr1 at pci0 dev 7 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 5, address 
00:00:24:c8:de:81
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
vr2 at pci0 dev 8 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 9, address 
00:00:24:c8:de:82
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
vr3 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12, address 
00:00:24:c8:de:83
ukphy3 at vr3 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
glxpcib0 at pci0 dev 20 function 0 "AMD CS5536 ISA" rev 0x03: rev 3, 32-bit 
3579545Hz timer, watchdog, gpio, i2c
gpio0 at glxpcib0: 32 pins
iic0 at glxpcib0
pciide0 at pci0 dev 20 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 476940MB, 976773168 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 21 function 0 "AMD CS5536 USB" rev 0x02: irq 15, version 1.0, 
legacy support
ehci0 at pci0 dev 21 function 1 "AMD CS5536 USB" rev 0x02: irq 15
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 
addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbc0: unable to establish interrupt for irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS
gpio1 at nsclpcsio0: 29 pins
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00 
addr 1
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on wd0a (5527fdd6d670763b.a) swap on wd0b dump on wd0b

Re: certbot missing module pkg_resources

[Giovanni Bechis]

On Wed, May 31, 2023 at 05:13:40PM -0400, A Tammy wrote:
> 
> On 5/31/23 16:06, Adriano Barbosa wrote:
> > Hi.
> > I'm getting the error below while trying to run certbot from ports on
> > 7.3. It runs after installing py3-setuptools. Should it be added in
> > RUN_DEPENDS?
> 
> From https://setuptools.pypa.io/en/latest/pkg_resources.html
> 
> > Use of |pkg_resources| is deprecated in favor of |importlib.resources|
> ,
> |importlib.metadata|
> 
> and their backports (importlib_resources
> , importlib_metadata
> ). Users should refrain
> from new usage of |pkg_resources| and should work to port to
> importlib-based solutions.
> 
> Someone with enough enthusiasm should tell upstream.
> 
> OK aisha@ to add RUN_DEPENDS.
> 
ok for this diff for 7.3 ?
 Cheers
  Giovanni

Index: Makefile.inc
===
RCS file: /cvs/ports/security/letsencrypt/Makefile.inc,v
retrieving revision 1.77
diff -u -p -r1.77 Makefile.inc
--- Makefile.inc9 Mar 2023 06:40:47 -   1.77
+++ Makefile.inc5 Jun 2023 07:09:11 -
@@ -4,6 +4,7 @@ MODPY_PI?=  Yes
 MODPY_PYBUILD?=setuptools
 
 MODPY_EGG_VERSION?=2.4.0
+REVISION?= 0
 
 MODULES?=  lang/python
 
Index: client/Makefile
===
RCS file: /cvs/ports/security/letsencrypt/client/Makefile,v
retrieving revision 1.37
diff -u -p -r1.37 Makefile
--- client/Makefile 25 Nov 2022 22:11:48 -  1.37
+++ client/Makefile 5 Jun 2023 07:09:11 -
@@ -13,7 +13,8 @@ RUN_DEPENDS=  security/letsencrypt/py-acm
devel/py-parsedatetime${MODPY_FLAVOR} \
textproc/py-pyRFC3339${MODPY_FLAVOR} \
devel/py-zopecomponent${MODPY_FLAVOR} \
-   devel/py-zopeinterface${MODPY_FLAVOR}
+   devel/py-zopeinterface${MODPY_FLAVOR} \
+   devel/py-setuptools${MODPY_FLAVOR}
 MODPY_PYTEST=  Yes
 
 do-configure:

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/05/03 04:22:29

Modified files:
news/tin   : Makefile distinfo 
news/tin/patches: patch-configure_in patch-src_Makefile_in 
  patch-src_misc_c patch-src_parsdate_y 
  patch-src_rfc2047_c patch-src_sigfile_c 

Log message:
update to 2.6.2
drop maintainership

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/05/03 03:57:16

Modified files:
net/p5-Net-Whois-Raw: Makefile distinfo 

Log message:
update to 2.99037

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/05/03 03:54:13

Modified files:
mail/p5-Mail-DMARC: Makefile distinfo 

Log message:
update to 1.20230215

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/05/03 03:49:45

Modified files:
mail/p5-MIME-tools: Makefile distinfo 

Log message:
update to 5.510

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/05/03 03:46:14

Modified files:
databases/p5-DBD-MariaDB: Makefile distinfo 
databases/p5-DBD-MariaDB/pkg: PLIST 
Removed files:
databases/p5-DBD-MariaDB/patches: patch-dbdimp_c patch-socket_c 

Log message:
update to 1.22

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/05/03 03:39:57

Modified files:
devel/p5-Log-Any: Makefile distinfo 
devel/p5-Log-Any/pkg: PLIST 

Log message:
update to 1.714
drop maintainership

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/04/25 17:05:49

Modified files:
mail/opensmtpd-filters/mimedefang: Makefile distinfo 

Log message:
update to version 0.2

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/04/25 17:04:19

Modified files:
mail/mimedefang: Makefile distinfo 
mail/mimedefang/pkg: PLIST 
Added files:
mail/mimedefang/patches: patch-Makefile_in 

Log message:
update to MIMEDefang 3.4

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/04/11 03:20:42

Modified files:
www/apache-httpd: Makefile 

Log message:
switch to CONFIGURE_STYLE=gnu, avoid some hidden dependencies
ok rsadowski@
No bump since it has just been committed

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/04/11 03:17:45

Modified files:
www/apache-httpd: Makefile distinfo 

Log message:
update to 2.4.57
ok rsadowski@

Re: CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

On 4/7/23 12:55, Stuart Henderson wrote:

On 2023/04/07 11:33, Giovanni Bechis wrote:

On Thu, Apr 06, 2023 at 03:59:29PM +0100, Stuart Henderson wrote:

On 2023/03/07 07:55, Giovanni Bechis wrote:

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/03/07 07:55:37

Modified files:
www/apache-httpd: Makefile distinfo
Removed files:
www/apache-httpd/patches: patch-modules_http2_h2_c2_filter_c
  patch-modules_md_md_crypt_c

Log message:
update to 2.4.56
fixes CVE-2023-27522 and CVE-2023-25690



build failed, config.log is attached


the only difference with my build I can think of is that your build
has found ggrep installed while mine uses grep.


That could well be it. It is a bulk build so packages are
installed/removed all the time.

For CONFIGURE_STYLE=gnu we pass in the relevant autoconf cache variables
to disable picking up GNU tools (ggrep and some others) unless a port
specifically lists them as a dependency.

However for some reason www/apache-httpd uses CONFIGURE_STYLE=simple
so this doesn't happen. You can replicate some failures by installing
ggrep, running 'make configure' in one terminal, and (at some point
after ggrep is detected) 'pkg_delete ggrep' in another terminal.
You might not get exactly the same failure, but there's a good chance
something will break.

The best fix would be changing to CONFIGURE_STYLE=gnu as long as that
doesn't mess up something else.


CONFIGURE_STYLE=gnu works, I will change it on 2.4.57 update.
 Giovanni



Is this on 7.3 or on current ?


current.


I have an update to 2.4.57 that fixes some possible dependencies issues.
  Cheers
Giovanni




Building on i386-2 under www/apache-httpd

 BDEPENDS = 
[archivers/brotli;devel/jansson;www/nghttp2;textproc/libxml;devel/apr-util;devel/pcre2;net/curl;archivers/xz]
 DIST = [www/apache-httpd:httpd-2.4.56.tar.gz]
 FULLPKGNAME = apache-httpd-2.4.56
 RDEPENDS = 
[www/nghttp2;devel/jansson;archivers/brotli;net/curl;archivers/xz;devel/pcre2;devel/apr-util;textproc/libxml]
(Junk lock obtained for i386-2 at 1680753416.64)

Running depends in www/apache-httpd at 1680753416.66

last junk was in wayland/wayland-utils
/usr/sbin/pkg_add -aI -Drepair apr-util-1.6.3 brotli-1.0.9p0 curl-8.0.1 
jansson-2.14 nghttp2-1.52.0
was: /usr/sbin/pkg_add -aI -Drepair apr-util-1.6.3 brotli-1.0.9p0 curl-8.0.1 
jansson-2.14 libxml-2.10.3p1 nghttp2-1.52.0 pcre2-10.37p1 xz-5.4.2
/usr/sbin/pkg_add -aI -Drepair apr-util-1.6.3 brotli-1.0.9p0 curl-8.0.1 
jansson-2.14 nghttp2-1.52.0

Running show-prepare-results in www/apache-httpd at 1680753419.78

===> www/apache-httpd
===> apache-httpd-2.4.56 depends on: brotli-* -> brotli-1.0.9p0
===> apache-httpd-2.4.56 depends on: xz-* -> xz-5.4.2
===> apache-httpd-2.4.56 depends on: jansson-* -> jansson-2.14
===> apache-httpd-2.4.56 depends on: pcre2-* -> pcre2-10.37p1
===> apache-httpd-2.4.56 depends on: curl-* -> curl-8.0.1
===> apache-httpd-2.4.56 depends on: libxml-* -> libxml-2.10.3p1
===> apache-httpd-2.4.56 depends on: nghttp2-* -> nghttp2-1.52.0
===> apache-httpd-2.4.56 depends on: apr-util->=1.6.1p0-!ldap -> apr-util-1.6.3
===>  Verifying specs:  apr-1 aprutil-1 brotlicommon brotlienc c crypto curl db 
expat iconv jansson lzma m nghttp2 pcre2-8 pthread ssl xml2 z
===>  found apr-1.7.1 aprutil-1.6.2 brotlicommon.1.2 brotlienc.1.0 c.97.0 
crypto.50.2 curl.26.19 db.5.0 expat.14.0 iconv.7.1 jansson.4.2 lzma.2.2 m.10.1 
nghttp2.0.21 pcre2-8.0.6 pthread.27.0 ssl.53.2 xml2.18.0 z.7.0
apr-util-1.6.3
brotli-1.0.9p0
curl-8.0.1
jansson-2.14
libxml-2.10.3p1
nghttp2-1.52.0
pcre2-10.37p1
xz-5.4.2
(Junk lock released for i386-2 at 1680753421.88)
distfiles size=9769650

Running patch in www/apache-httpd at 1680753421.90

===> www/apache-httpd
===>  Checking files for apache-httpd-2.4.56
`/mnt/distfiles/httpd-2.4.56.tar.gz' is up to date.

(SHA256) httpd-2.4.56.tar.gz: OK

===>  Extracting for apache-httpd-2.4.56
===>  Patching for apache-httpd-2.4.56
===>  Compiler link: clang -> /usr/bin/clang
===>  Compiler link: clang++ -> /usr/bin/clang++
===>  Compiler link: cc -> /usr/bin/cc
===>  Compiler link: c++ -> /usr/bin/c++

Running configure in www/apache-httpd at 1680753423.42

===> www/apache-httpd
===>  Generating configure for apache-httpd-2.4.56
===>  Configuring for apache-httpd-2.4.56
sed -i 's,%%PREFIX%%,/usr/local,' 
/pobj/apache-httpd-2.4.56/httpd-2.4.56/config.layout
sed -i 's,%%CONFDIR%%,/etc/apache2,' 
/pobj/apache-httpd-2.4.56/httpd-2.4.56/config.layout  
/pobj/apache-httpd-2.4.56/httpd-2.4.56/configure
sed -i 's,%%PREFIX%%,/usr/local,g' 
/pobj/apache-httpd-2.4.56/httpd-2.4.56/support/apxs.in
checking for chosen layout... OpenBSD
checking for working mkdir -p... yes
checking for grep that handles long lines and -e... /usr/local/bin/ggrep
checking for egrep... /usr/local/bin

UPDATE: www/apache-httpd

[Giovanni Bechis]

Bugfix update to 2.4.57 follows, this is a bugfix release.
 Comments ?

  Cheers
   Giovanni

Index: Makefile
===
RCS file: /cvs/ports/www/apache-httpd/Makefile,v
retrieving revision 1.121
diff -u -p -r1.121 Makefile
--- Makefile7 Mar 2023 14:55:37 -   1.121
+++ Makefile7 Apr 2023 09:19:51 -
@@ -1,6 +1,6 @@
 COMMENT=   apache HTTP server
 
-V= 2.4.56
+V= 2.4.57
 DISTNAME=  httpd-${V}
 PKGNAME=   apache-httpd-${V}
 
@@ -44,8 +44,10 @@ CONFIGURE_ARGS=  --enable-authnz-fcgi \
--enable-cache \
--enable-cgi \
--enable-disk-cache \
+   --enable-socache-dc=no \
--enable-http2 \
--enable-layout=OpenBSD \
+   --enable-lua=no \
--enable-mods-shared=all \
--enable-modules=all \
--enable-mpms-shared=all \
@@ -67,7 +69,10 @@ CONFIGURE_ARGS=  --enable-authnz-fcgi \
 
 CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib" \
-   AWK=awk
+   AWK=awk \
+   GREP=grep \
+   ac_cv_path_RSYNC=no \
+   ac_cv_path_SVN=no
 
 FAKE_FLAGS=rel_user=www rel_group=www \
rel_datadir=${HTTPD_DIR} \
Index: distinfo
===
RCS file: /cvs/ports/www/apache-httpd/distinfo,v
retrieving revision 1.44
diff -u -p -r1.44 distinfo
--- distinfo7 Mar 2023 14:55:37 -   1.44
+++ distinfo7 Apr 2023 09:19:51 -
@@ -1,2 +1,2 @@
-SHA256 (httpd-2.4.56.tar.gz) = 2w1MdgB7Ix/Tq0G1gFSNx5iuOES7fD1c4eQXTKI2Rpg=
-SIZE (httpd-2.4.56.tar.gz) = 9769650
+SHA256 (httpd-2.4.57.tar.gz) = vD5+VAuD7CT5uEfGtNcUjFW3myfRAuISJ+tl9xg9a0U=
+SIZE (httpd-2.4.57.tar.gz) = 9773385

Re: CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

On Thu, Apr 06, 2023 at 03:59:29PM +0100, Stuart Henderson wrote:
> On 2023/03/07 07:55, Giovanni Bechis wrote:
> > CVSROOT:/cvs
> > Module name:ports
> > Changes by: giova...@cvs.openbsd.org2023/03/07 07:55:37
> > 
> > Modified files:
> > www/apache-httpd: Makefile distinfo 
> > Removed files:
> > www/apache-httpd/patches: patch-modules_http2_h2_c2_filter_c 
> >   patch-modules_md_md_crypt_c 
> > 
> > Log message:
> > update to 2.4.56
> > fixes CVE-2023-27522 and CVE-2023-25690
> > 
> 
> build failed, config.log is attached
> 
the only difference with my build I can think of is that your build
has found ggrep installed while mine uses grep.

Is this on 7.3 or on current ?
I have an update to 2.4.57 that fixes some possible dependencies issues.
 Cheers
   Giovanni

> 
> >>> Building on i386-2 under www/apache-httpd
>BDEPENDS = 
> [archivers/brotli;devel/jansson;www/nghttp2;textproc/libxml;devel/apr-util;devel/pcre2;net/curl;archivers/xz]
>DIST = [www/apache-httpd:httpd-2.4.56.tar.gz]
>FULLPKGNAME = apache-httpd-2.4.56
>RDEPENDS = 
> [www/nghttp2;devel/jansson;archivers/brotli;net/curl;archivers/xz;devel/pcre2;devel/apr-util;textproc/libxml]
> (Junk lock obtained for i386-2 at 1680753416.64)
> >>> Running depends in www/apache-httpd at 1680753416.66
>last junk was in wayland/wayland-utils
> /usr/sbin/pkg_add -aI -Drepair apr-util-1.6.3 brotli-1.0.9p0 curl-8.0.1 
> jansson-2.14 nghttp2-1.52.0
> was: /usr/sbin/pkg_add -aI -Drepair apr-util-1.6.3 brotli-1.0.9p0 curl-8.0.1 
> jansson-2.14 libxml-2.10.3p1 nghttp2-1.52.0 pcre2-10.37p1 xz-5.4.2
> /usr/sbin/pkg_add -aI -Drepair apr-util-1.6.3 brotli-1.0.9p0 curl-8.0.1 
> jansson-2.14 nghttp2-1.52.0
> >>> Running show-prepare-results in www/apache-httpd at 1680753419.78
> ===> www/apache-httpd
> ===> apache-httpd-2.4.56 depends on: brotli-* -> brotli-1.0.9p0
> ===> apache-httpd-2.4.56 depends on: xz-* -> xz-5.4.2
> ===> apache-httpd-2.4.56 depends on: jansson-* -> jansson-2.14
> ===> apache-httpd-2.4.56 depends on: pcre2-* -> pcre2-10.37p1
> ===> apache-httpd-2.4.56 depends on: curl-* -> curl-8.0.1
> ===> apache-httpd-2.4.56 depends on: libxml-* -> libxml-2.10.3p1
> ===> apache-httpd-2.4.56 depends on: nghttp2-* -> nghttp2-1.52.0
> ===> apache-httpd-2.4.56 depends on: apr-util->=1.6.1p0-!ldap -> 
> apr-util-1.6.3
> ===>  Verifying specs:  apr-1 aprutil-1 brotlicommon brotlienc c crypto curl 
> db expat iconv jansson lzma m nghttp2 pcre2-8 pthread ssl xml2 z
> ===>  found apr-1.7.1 aprutil-1.6.2 brotlicommon.1.2 brotlienc.1.0 c.97.0 
> crypto.50.2 curl.26.19 db.5.0 expat.14.0 iconv.7.1 jansson.4.2 lzma.2.2 
> m.10.1 nghttp2.0.21 pcre2-8.0.6 pthread.27.0 ssl.53.2 xml2.18.0 z.7.0
> apr-util-1.6.3
> brotli-1.0.9p0
> curl-8.0.1
> jansson-2.14
> libxml-2.10.3p1
> nghttp2-1.52.0
> pcre2-10.37p1
> xz-5.4.2
> (Junk lock released for i386-2 at 1680753421.88)
> distfiles size=9769650
> >>> Running patch in www/apache-httpd at 1680753421.90
> ===> www/apache-httpd
> ===>  Checking files for apache-httpd-2.4.56
> `/mnt/distfiles/httpd-2.4.56.tar.gz' is up to date.
> >> (SHA256) httpd-2.4.56.tar.gz: OK
> ===>  Extracting for apache-httpd-2.4.56
> ===>  Patching for apache-httpd-2.4.56
> ===>  Compiler link: clang -> /usr/bin/clang
> ===>  Compiler link: clang++ -> /usr/bin/clang++
> ===>  Compiler link: cc -> /usr/bin/cc
> ===>  Compiler link: c++ -> /usr/bin/c++
> >>> Running configure in www/apache-httpd at 1680753423.42
> ===> www/apache-httpd
> ===>  Generating configure for apache-httpd-2.4.56
> ===>  Configuring for apache-httpd-2.4.56
> sed -i 's,%%PREFIX%%,/usr/local,' 
> /pobj/apache-httpd-2.4.56/httpd-2.4.56/config.layout
> sed -i 's,%%CONFDIR%%,/etc/apache2,' 
> /pobj/apache-httpd-2.4.56/httpd-2.4.56/config.layout  
> /pobj/apache-httpd-2.4.56/httpd-2.4.56/configure
> sed -i 's,%%PREFIX%%,/usr/local,g' 
> /pobj/apache-httpd-2.4.56/httpd-2.4.56/support/apxs.in
> checking for chosen layout... OpenBSD
> checking for working mkdir -p... yes
> checking for grep that handles long lines and -e... /usr/local/bin/ggrep
> checking for egrep... /usr/local/bin/ggrep -E
> checking build system type... i386-unknown-openbsd7.3
> checking host system type... i386-unknown-openbsd7.3
> checking target system type... i386-unknown-openbsd7.3
> configure: 
> configure: Configuring Apache Portable Runtime library...
> configure: 
> checking for APR... yes
>   setting CPP to "cc -E"
>   adding "-pthrea

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/03/14 04:07:45

Modified files:
www/apache-httpd: Tag: OPENBSD_7_2 Makefile distinfo 
Removed files:
www/apache-httpd/patches: Tag: OPENBSD_7_2 
  patch-modules_http2_h2_c2_filter_c 

Log message:
update to 2.4.56
fixes CVE-2023-27522 and CVE-2023-25690

7.2 update: www/apache-httpd

[Giovanni Bechis]

Hi,
update to Apache httpd 2.4.56 for OpenBSD 7.2 follows.
Fixes CVE-2023-27522 and CVE-2023-25690.

 ok ?
  Cheers
   Giovanni

Index: Makefile
===
RCS file: /cvs/ports/www/apache-httpd/Makefile,v
retrieving revision 1.118.2.1
diff -u -p -r1.118.2.1 Makefile
--- Makefile23 Jan 2023 14:37:17 -  1.118.2.1
+++ Makefile7 Mar 2023 15:07:14 -
@@ -1,6 +1,6 @@
 COMMENT=   apache HTTP server
 
-V= 2.4.55
+V= 2.4.56
 DISTNAME=  httpd-${V}
 PKGNAME=   apache-httpd-${V}
 
Index: distinfo
===
RCS file: /cvs/ports/www/apache-httpd/distinfo,v
retrieving revision 1.42.2.1
diff -u -p -r1.42.2.1 distinfo
--- distinfo23 Jan 2023 14:37:17 -  1.42.2.1
+++ distinfo7 Mar 2023 15:07:14 -
@@ -1,2 +1,2 @@
-SHA256 (httpd-2.4.55.tar.gz) = Unbqi8b/8x7tXIITKuUaCy7gX55rYaAPqHf2ytqztjg=
-SIZE (httpd-2.4.55.tar.gz) = 975
+SHA256 (httpd-2.4.56.tar.gz) = 2w1MdgB7Ix/Tq0G1gFSNx5iuOES7fD1c4eQXTKI2Rpg=
+SIZE (httpd-2.4.56.tar.gz) = 9769650
Index: patches/patch-modules_http2_h2_c2_filter_c
===
RCS file: patches/patch-modules_http2_h2_c2_filter_c
diff -N patches/patch-modules_http2_h2_c2_filter_c
--- patches/patch-modules_http2_h2_c2_filter_c  23 Jan 2023 14:37:17 -  
1.1.2.1
+++ /dev/null   1 Jan 1970 00:00:00 -
@@ -1,15 +0,0 @@
-mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
-reported in access logs and error documents. The processing of the
-reset was correct, only unneccesary reporting was caused.
-Index: modules/http2/h2_c2_filter.c
 modules/http2/h2_c2_filter.c.orig
-+++ modules/http2/h2_c2_filter.c
-@@ -615,7 +615,7 @@ apr_status_t h2_c2_filter_catch_h1_out(ap_filter_t* f,
- ap_assert(conn_ctx);
- H2_FILTER_LOG("c2_catch_h1_out", f->c, APLOG_TRACE2, 0, "check", bb);
- 
--if (!conn_ctx->has_final_response) {
-+if (!f->c->aborted && !conn_ctx->has_final_response) {
- if (!parser) {
- parser = apr_pcalloc(f->c->pool, sizeof(*parser));
- parser->id = apr_psprintf(f->c->pool, "%s-%d", conn_ctx->id, 
conn_ctx->stream_id);

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/03/07 07:55:37

Modified files:
www/apache-httpd: Makefile distinfo 
Removed files:
www/apache-httpd/patches: patch-modules_http2_h2_c2_filter_c 
  patch-modules_md_md_crypt_c 

Log message:
update to 2.4.56
fixes CVE-2023-27522 and CVE-2023-25690

Re: NEW: databases/puppetdb and sysutils/puppetserver 7.X

[Giovanni Bechis]

On 2/14/23 21:07, Sebastian Reitenbach wrote:

On Sunday, February 12, 2023 10:36 CET, Giovanni Bechis  
wrote:


On Sat, Feb 11, 2023 at 10:12:25PM +0100, Sebastian Reitenbach wrote:

On Saturday, February 11, 2023 22:00 CET, "Sebastian Reitenbach" 
 wrote:


On Saturday, February 11, 2023 21:55 CET, "Sebastian Reitenbach" 
 wrote:


On Saturday, February 11, 2023 11:35 CET, Giovanni Bechis  
wrote:


On Sat, Feb 11, 2023 at 11:03:57AM +0100, Giovanni Bechis wrote:

On Sat, Feb 11, 2023 at 12:01:27AM +0100, Sebastian Reitenbach wrote:

On Thursday, February 09, 2023 14:51 CET, Giovanni Bechis 
 wrote:


On 1/30/23 21:42, Sebastian Reitenbach wrote:

Hi,

with Puppet 5 now replaced by Puppet 7, the ability to run a Puppet master on 
OpenBSD was gone.
These two new packages replace the old PuppetDB 5, with PuppetDB 7 and 
introduces the new Puppetserver.

Similarly to systuls/ruby-puppet, they go into branches based on the major 
version, to have future room for Puppet 8.
Their paths where software gets installed is aligned to Puppet, under 
/var/puppetlabs/... /usr/local/share/puppetlabs/... etc.

Puppetserver usually comes bundled with a Ruby interpreter and Puppet agent. 
That doesn't work out
on OpenBSD. Therefore some bootstrapping has to be done manually that is 
OpenBSD specific, and noted
in the Puppetserver pkg/README.

   A couple of tweaks I had to do to my hiera files, as well as to some of the 
modules, mostly updating
them. Overall, the changes weren't that big. As everyone might have different 
(custom) modules or
hiera plugins in use, ymmv. Therefore I can't really provide a step by step 
upgrade path. Install on a test
environment before attempting to upgrade/replace your former Puppet 5 Master.
That said, Puppet 7 works for me standalone with puppet apply ... but also 
against this Puppetserver with PuppetDB backend, autosigning setup...

comments to the ports, test reports, or maybe even OKs welcome ;)

cheers,
Sebastian




thanks for testing.

Few issues:
- puppetdb is missing pkg/README file in the tarball

This is missing on purpose, forgot to remove that, as I did last-minute 
clean-ups before sending out the tarball.
Puppetdb is quite standard, so the upstream doc should more or less just work. 
Also the old puppetdb 5 README
contained quite some outdated/misleading info
If there turns to be out some OpenBSD specific issues, I'm happy to re-add.


- puppetserver doesn't create /var/log/puppetlabs/puppetserver directory

oops


- puppetserver doesn't start on my server log file attached, it seems there is 
a dependency missing (no such file to load...).

puppetserver is quite non-standard, compared to puppetdb, just to make sure, 
did you do the initial bootstrap as described in the README?


actually I did not bootstrapped it.
After bootstrap it fails with a slightly different error (no such file
to load -- facter).


this diff fixes the issue.


I don't think puppetserver picks up facter from "outside"

but it seems I forgot to add facter as a gem to install in the README:

# puppetserver gem install --no-document puppet hiera-eyaml \
 hiera-file ipaddress msgpack facter

This is not in the packages I just sent, but have it updated in my mystuff/


or wait, it actually should have pulled pulled facter in via the bootstrap step.

Do you can check
sudo  puppetserver gem list
Facter should actually be there?


forgot that facter is BAD, due to the extra copy step, until the OpenBSD patch
is merged upstream and released.
So yes, for the time being, the facter version installed via puppetserver gem 
install
and in the system should be the same version.

does this mean we have to keep facter port updated to latest version on
-stable as well until code will be committed upstream ?
Otherwise I think bootstrap might break.


I tried to address the issue with an updated README.
Hope that should be OK? now?


yes,
ok giovanni@
 Cheers
  Giovanni






Sebastian




  Giovanni


maybe commenting and bugging on the PR might help:
https://github.com/puppetlabs/facter/pull/2531


Therefore, as it seems to work for you, OK for the ruby-facter update.

Sebastian


Sebastian



Sebastian


  Thanks
   Giovanni

Index: Makefile
===
RCS file: /cvs/ports/sysutils/ruby-facter/Makefile,v
retrieving revision 1.92
diff -u -p -r1.92 Makefile
--- Makefile22 Jan 2023 19:21:56 -  1.92
+++ Makefile11 Feb 2023 10:34:05 -
@@ -1,7 +1,6 @@
  COMMENT = Puppet module management
  
-DISTNAME =	facter-4.2.14

-REVISION = 0
+DISTNAME = facter-4.3.0
  CATEGORIES =  sysutils
  HOMEPAGE =https://github.com/puppetlabs/facter
  MAINTAINER =  Sebastian Reitenbach 
Index: distinfo
===
RCS file: /cvs/ports/sysutils/ruby-facter/distinfo,v
retrieving revision 1.30
diff -u -p -r1.30 distinfo
--- distinfo22 Jan 2023 15:42:4

Re: NEW: databases/puppetdb and sysutils/puppetserver 7.X

[Giovanni Bechis]

On Sat, Feb 11, 2023 at 10:12:25PM +0100, Sebastian Reitenbach wrote:
> On Saturday, February 11, 2023 22:00 CET, "Sebastian Reitenbach" 
>  wrote:
> 
> > On Saturday, February 11, 2023 21:55 CET, "Sebastian Reitenbach" 
> >  wrote:
> > 
> > > On Saturday, February 11, 2023 11:35 CET, Giovanni Bechis 
> > >  wrote:
> > > 
> > > > On Sat, Feb 11, 2023 at 11:03:57AM +0100, Giovanni Bechis wrote:
> > > > > On Sat, Feb 11, 2023 at 12:01:27AM +0100, Sebastian Reitenbach wrote:
> > > > > > On Thursday, February 09, 2023 14:51 CET, Giovanni Bechis 
> > > > > >  wrote:
> > > > > > 
> > > > > > > On 1/30/23 21:42, Sebastian Reitenbach wrote:
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > with Puppet 5 now replaced by Puppet 7, the ability to run a 
> > > > > > > > Puppet master on OpenBSD was gone.
> > > > > > > > These two new packages replace the old PuppetDB 5, with 
> > > > > > > > PuppetDB 7 and introduces the new Puppetserver.
> > > > > > > >
> > > > > > > > Similarly to systuls/ruby-puppet, they go into branches based 
> > > > > > > > on the major version, to have future room for Puppet 8.
> > > > > > > > Their paths where software gets installed is aligned to Puppet, 
> > > > > > > > under /var/puppetlabs/... /usr/local/share/puppetlabs/... etc.
> > > > > > > >
> > > > > > > > Puppetserver usually comes bundled with a Ruby interpreter and 
> > > > > > > > Puppet agent. That doesn't work out
> > > > > > > > on OpenBSD. Therefore some bootstrapping has to be done 
> > > > > > > > manually that is OpenBSD specific, and noted
> > > > > > > > in the Puppetserver pkg/README.
> > > > > > > >
> > > > > > > >   A couple of tweaks I had to do to my hiera files, as well as 
> > > > > > > > to some of the modules, mostly updating
> > > > > > > > them. Overall, the changes weren't that big. As everyone might 
> > > > > > > > have different (custom) modules or
> > > > > > > > hiera plugins in use, ymmv. Therefore I can't really provide a 
> > > > > > > > step by step upgrade path. Install on a test
> > > > > > > > environment before attempting to upgrade/replace your former 
> > > > > > > > Puppet 5 Master.
> > > > > > > > That said, Puppet 7 works for me standalone with puppet apply 
> > > > > > > > ... but also against this Puppetserver with PuppetDB backend, 
> > > > > > > > autosigning setup...
> > > > > > > >
> > > > > > > > comments to the ports, test reports, or maybe even OKs welcome 
> > > > > > > > ;)
> > > > > > > >
> > > > > > > > cheers,
> > > > > > > > Sebastian
> > > > > > > 
> > > > > > 
> > > > > > thanks for testing.
> > > > > > > Few issues:
> > > > > > > - puppetdb is missing pkg/README file in the tarball
> > > > > > This is missing on purpose, forgot to remove that, as I did 
> > > > > > last-minute clean-ups before sending out the tarball.
> > > > > > Puppetdb is quite standard, so the upstream doc should more or less 
> > > > > > just work. Also the old puppetdb 5 README
> > > > > > contained quite some outdated/misleading info
> > > > > > If there turns to be out some OpenBSD specific issues, I'm happy to 
> > > > > > re-add.
> > > > > > 
> > > > > > > - puppetserver doesn't create /var/log/puppetlabs/puppetserver 
> > > > > > > directory
> > > > > > oops
> > > > > > 
> > > > > > > - puppetserver doesn't start on my server log file attached, it 
> > > > > > > seems there is a dependency missing (no such file to load...).
> > > > > > puppetserver is quite non-standard, compared to puppetdb, just to 
> > > > > > make sure, did you do the initial bootstrap as described in the 
> > > > &g

Re: NEW: databases/puppetdb and sysutils/puppetserver 7.X

[Giovanni Bechis]

On Sat, Feb 11, 2023 at 11:03:57AM +0100, Giovanni Bechis wrote:
> On Sat, Feb 11, 2023 at 12:01:27AM +0100, Sebastian Reitenbach wrote:
> > On Thursday, February 09, 2023 14:51 CET, Giovanni Bechis 
> >  wrote:
> > 
> > > On 1/30/23 21:42, Sebastian Reitenbach wrote:
> > > > Hi,
> > > >
> > > > with Puppet 5 now replaced by Puppet 7, the ability to run a Puppet 
> > > > master on OpenBSD was gone.
> > > > These two new packages replace the old PuppetDB 5, with PuppetDB 7 and 
> > > > introduces the new Puppetserver.
> > > >
> > > > Similarly to systuls/ruby-puppet, they go into branches based on the 
> > > > major version, to have future room for Puppet 8.
> > > > Their paths where software gets installed is aligned to Puppet, under 
> > > > /var/puppetlabs/... /usr/local/share/puppetlabs/... etc.
> > > >
> > > > Puppetserver usually comes bundled with a Ruby interpreter and Puppet 
> > > > agent. That doesn't work out
> > > > on OpenBSD. Therefore some bootstrapping has to be done manually that 
> > > > is OpenBSD specific, and noted
> > > > in the Puppetserver pkg/README.
> > > >
> > > >   A couple of tweaks I had to do to my hiera files, as well as to some 
> > > > of the modules, mostly updating
> > > > them. Overall, the changes weren't that big. As everyone might have 
> > > > different (custom) modules or
> > > > hiera plugins in use, ymmv. Therefore I can't really provide a step by 
> > > > step upgrade path. Install on a test
> > > > environment before attempting to upgrade/replace your former Puppet 5 
> > > > Master.
> > > > That said, Puppet 7 works for me standalone with puppet apply ... but 
> > > > also against this Puppetserver with PuppetDB backend, autosigning 
> > > > setup...
> > > >
> > > > comments to the ports, test reports, or maybe even OKs welcome ;)
> > > >
> > > > cheers,
> > > > Sebastian
> > > 
> > 
> > thanks for testing.
> > > Few issues:
> > > - puppetdb is missing pkg/README file in the tarball
> > This is missing on purpose, forgot to remove that, as I did last-minute 
> > clean-ups before sending out the tarball.
> > Puppetdb is quite standard, so the upstream doc should more or less just 
> > work. Also the old puppetdb 5 README
> > contained quite some outdated/misleading info
> > If there turns to be out some OpenBSD specific issues, I'm happy to re-add.
> > 
> > > - puppetserver doesn't create /var/log/puppetlabs/puppetserver directory
> > oops
> > 
> > > - puppetserver doesn't start on my server log file attached, it seems 
> > > there is a dependency missing (no such file to load...).
> > puppetserver is quite non-standard, compared to puppetdb, just to make 
> > sure, did you do the initial bootstrap as described in the README?
> > 
> actually I did not bootstrapped it.
> After bootstrap it fails with a slightly different error (no such file
> to load -- facter).
> 
this diff fixes the issue.
 Thanks
  Giovanni

Index: Makefile
===
RCS file: /cvs/ports/sysutils/ruby-facter/Makefile,v
retrieving revision 1.92
diff -u -p -r1.92 Makefile
--- Makefile22 Jan 2023 19:21:56 -  1.92
+++ Makefile11 Feb 2023 10:34:05 -
@@ -1,7 +1,6 @@
 COMMENT =  Puppet module management
 
-DISTNAME = facter-4.2.14
-REVISION = 0
+DISTNAME = facter-4.3.0
 CATEGORIES =   sysutils
 HOMEPAGE = https://github.com/puppetlabs/facter
 MAINTAINER =   Sebastian Reitenbach 
Index: distinfo
===
RCS file: /cvs/ports/sysutils/ruby-facter/distinfo,v
retrieving revision 1.30
diff -u -p -r1.30 distinfo
--- distinfo22 Jan 2023 15:42:43 -  1.30
+++ distinfo11 Feb 2023 10:34:05 -
@@ -1,2 +1,2 @@
-SHA256 (facter-4.2.14.gem) = nee+3CaHwnSVo0YRrzc0CB6VkXYVYPQNr7s17Zvefbs=
-SIZE (facter-4.2.14.gem) = 159232
+SHA256 (facter-4.3.0.gem) = 0kWX0P3GqSGcsW9X9xUSzZchlhF3XiSGi9MJdbBsrSw=
+SIZE (facter-4.3.0.gem) = 159232

Re: NEW: databases/puppetdb and sysutils/puppetserver 7.X

[Giovanni Bechis]

On Sat, Feb 11, 2023 at 12:01:27AM +0100, Sebastian Reitenbach wrote:
> On Thursday, February 09, 2023 14:51 CET, Giovanni Bechis 
>  wrote:
> 
> > On 1/30/23 21:42, Sebastian Reitenbach wrote:
> > > Hi,
> > >
> > > with Puppet 5 now replaced by Puppet 7, the ability to run a Puppet 
> > > master on OpenBSD was gone.
> > > These two new packages replace the old PuppetDB 5, with PuppetDB 7 and 
> > > introduces the new Puppetserver.
> > >
> > > Similarly to systuls/ruby-puppet, they go into branches based on the 
> > > major version, to have future room for Puppet 8.
> > > Their paths where software gets installed is aligned to Puppet, under 
> > > /var/puppetlabs/... /usr/local/share/puppetlabs/... etc.
> > >
> > > Puppetserver usually comes bundled with a Ruby interpreter and Puppet 
> > > agent. That doesn't work out
> > > on OpenBSD. Therefore some bootstrapping has to be done manually that is 
> > > OpenBSD specific, and noted
> > > in the Puppetserver pkg/README.
> > >
> > >   A couple of tweaks I had to do to my hiera files, as well as to some of 
> > > the modules, mostly updating
> > > them. Overall, the changes weren't that big. As everyone might have 
> > > different (custom) modules or
> > > hiera plugins in use, ymmv. Therefore I can't really provide a step by 
> > > step upgrade path. Install on a test
> > > environment before attempting to upgrade/replace your former Puppet 5 
> > > Master.
> > > That said, Puppet 7 works for me standalone with puppet apply ... but 
> > > also against this Puppetserver with PuppetDB backend, autosigning setup...
> > >
> > > comments to the ports, test reports, or maybe even OKs welcome ;)
> > >
> > > cheers,
> > > Sebastian
> > 
> 
> thanks for testing.
> > Few issues:
> > - puppetdb is missing pkg/README file in the tarball
> This is missing on purpose, forgot to remove that, as I did last-minute 
> clean-ups before sending out the tarball.
> Puppetdb is quite standard, so the upstream doc should more or less just 
> work. Also the old puppetdb 5 README
> contained quite some outdated/misleading info
> If there turns to be out some OpenBSD specific issues, I'm happy to re-add.
> 
> > - puppetserver doesn't create /var/log/puppetlabs/puppetserver directory
> oops
> 
> > - puppetserver doesn't start on my server log file attached, it seems there 
> > is a dependency missing (no such file to load...).
> puppetserver is quite non-standard, compared to puppetdb, just to make sure, 
> did you do the initial bootstrap as described in the README?
> 
actually I did not bootstrapped it.
After bootstrap it fails with a slightly different error (no such file
to load -- facter).


> 
> > New package doesn't upgrade from puppet5, a pkg_path is missing I think.
> not sure if that should. as puppetserver is now "extra", and before, it was 
> just a single package conaining client and master.
> 
makes sense, we should add some info to upgrade.html then.

 Thanks
  Giovanni

> Sebastian
> 
> > 
> >   Cheers
> > 
> >   Giovanni
> 
2023-02-11T11:00:43.864+01:00 INFO  [main] [o.e.j.u.log] Logging initialized 
@7581ms to org.eclipse.jetty.util.log.Slf4jLog
2023-02-11T11:00:46.148+01:00 INFO  [async-dispatch-2] 
[p.t.s.s.scheduler-service] Initializing Scheduler Service
2023-02-11T11:00:46.191+01:00 INFO  [async-dispatch-2] 
[o.q.i.StdSchedulerFactory] Using default implementation for ThreadExecutor
2023-02-11T11:00:46.208+01:00 INFO  [async-dispatch-2] 
[o.q.c.SchedulerSignalerImpl] Initialized Scheduler Signaller of type: class 
org.quartz.core.SchedulerSignalerImpl
2023-02-11T11:00:46.208+01:00 INFO  [async-dispatch-2] [o.q.c.QuartzScheduler] 
Quartz Scheduler v.2.3.2 created.
2023-02-11T11:00:46.210+01:00 INFO  [async-dispatch-2] [o.q.s.RAMJobStore] 
RAMJobStore initialized.
2023-02-11T11:00:46.210+01:00 INFO  [async-dispatch-2] [o.q.c.QuartzScheduler] 
Scheduler meta-data: Quartz Scheduler (v2.3.2) 
'a5bac081-c72e-4658-90a6-b4afbc9df9a7' with instanceId 'NON_CLUSTERED'
  Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally.
  NOT STARTED.
  Currently in standby mode.
  Number of jobs executed: 0
  Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads.
  Using job-store 'org.quartz.simpl.RAMJobStore' - which does not support 
persistence. and is not clustered.

2023-02-11T11:00:46.211+01:00 INFO  [async-dispatch-2] 
[o.q.i.StdSchedulerFactory] Quartz scheduler 
'a5bac081-c72e-4658-90a6-b4afbc9df9a7' initialized from an externally provided 
properties instance.
2023-02-11T11:00:46.211+01:00 INFO

Re: NEW: databases/puppetdb and sysutils/puppetserver 7.X

[Giovanni Bechis]

On 1/30/23 21:42, Sebastian Reitenbach wrote:

Hi,

with Puppet 5 now replaced by Puppet 7, the ability to run a Puppet master on 
OpenBSD was gone.
These two new packages replace the old PuppetDB 5, with PuppetDB 7 and 
introduces the new Puppetserver.

Similarly to systuls/ruby-puppet, they go into branches based on the major 
version, to have future room for Puppet 8.
Their paths where software gets installed is aligned to Puppet, under 
/var/puppetlabs/... /usr/local/share/puppetlabs/... etc.

Puppetserver usually comes bundled with a Ruby interpreter and Puppet agent. 
That doesn't work out
on OpenBSD. Therefore some bootstrapping has to be done manually that is 
OpenBSD specific, and noted
in the Puppetserver pkg/README.

  A couple of tweaks I had to do to my hiera files, as well as to some of the 
modules, mostly updating
them. Overall, the changes weren't that big. As everyone might have different 
(custom) modules or
hiera plugins in use, ymmv. Therefore I can't really provide a step by step 
upgrade path. Install on a test
environment before attempting to upgrade/replace your former Puppet 5 Master.
That said, Puppet 7 works for me standalone with puppet apply ... but also 
against this Puppetserver with PuppetDB backend, autosigning setup...

comments to the ports, test reports, or maybe even OKs welcome ;)

cheers,
Sebastian


Few issues:
- puppetdb is missing pkg/README file in the tarball
- puppetserver doesn't create /var/log/puppetlabs/puppetserver directory
- puppetserver doesn't start on my server log file attached, it seems there is 
a dependency missing (no such file to load...).
New package doesn't upgrade from puppet5, a pkg_path is missing I think.

 Cheers

 Giovanni
OpenBSD 7.2-current (GENERIC.MP) #1026: Wed Feb  8 22:50:35 MST 2023
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2129526784 (2030MB)
avail mem = 2045648896 (1950MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (242 entries)
bios0: vendor Phoenix Technologies LTD version "6.00" date 11/12/2020
bios0: VMware, Inc. VMware Virtual Platform
acpi0 at bios0: ACPI 4.0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET
acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S8F0(S3) S16F(S3) S17F(S3) S18F(S3) S22F(S3) S23F(S3) S24F(S3) S25F(S3) PE40(S3) S1F0(S3) PE50(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz, 2394.72 MHz, 06-3a-00
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,ARAT,MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 35MB 64b/line 20-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 66MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz, 2394.61 MHz, 06-3a-00
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,ARAT,MELTDOWN
cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 35MB 64b/line 20-way L3 cache
cpu1: smt 0, core 0, package 2
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf000, bus 0-127
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
"PNP0A05" at acpi0 not configured
acpiac0 at acpi0: AC unit online
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
cpu0: using VERW MDS workaround
pvbus0 at mainbus0: VMware
vmt0 at pvbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01
pci1 at ppb0 bus 1
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus disabled
"VMware VMCI" rev 0x10 at pci0 dev 7 

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/02/01 07:11:02

Modified files:
devel/apr-util : Makefile distinfo 

Log message:
update to 1.6.2
fixes CVE-2022-25147
ok stsp@ (maintainer)

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/02/01 07:09:56

Modified files:
devel/apr  : Makefile distinfo 
devel/apr/patches: patch-apr-config_in patch-configure_in 
   patch-memory_unix_apr_pools_c 

Log message:
update to 1.7.1
fixes CVE-2022-24963, CVE-2022-28331 and CVE-2021-35940
ok stsp@ (maintainer)

Puppet master status [was: Re: CVS: cvs.openbsd.org: ports]

[Giovanni Bechis]

On Fri, Jan 20, 2023 at 08:59:35PM +, Sebastian Reitenbach wrote:
> CVSROOT:  /cvs
> Module name:  ports
> Changes by:   sebas...@cvs.openbsd.org2023/01/20 13:59:35
> 
> Removed files:
>   sysutils/ruby-puppet/5: Makefile distinfo 
>   sysutils/ruby-puppet/5/patches: patch-ext_rack_config_ru 
>   patch-install_rb 
>   patch-lib_puppet_defaults_rb 
>   
> patch-lib_puppet_file_system_file_impl_rb 
>   patch-lib_puppet_gettext_config_rb 
>   
> patch-lib_puppet_provider_package_gem_rb 
>   
> patch-lib_puppet_provider_package_openbsd_rb 
>   
> patch-lib_puppet_provider_package_pip3_rb 
>   
> patch-lib_puppet_provider_package_pip_rb 
>   
> patch-lib_puppet_provider_service_openbsd_rb 
>   
> patch-lib_puppet_reference_configuration_rb 
>   patch-lib_puppet_util_run_mode_rb 
>   sysutils/ruby-puppet/5/pkg: PLIST 
> 
> Log message:
> bye bye puppet 5
> 
> OK jeremy@
is puppetmaster definitely gone ?
this will need an upgrade.html entry at least.
 Cheers
  Giovanni


signature.asc
Description: PGP signature

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/01/23 07:46:52

Modified files:
mail/opensmtpd-filters: Makefile 
Added files:
mail/opensmtpd-filters/mimedefang: Makefile distinfo 
mail/opensmtpd-filters/mimedefang/pkg: DESCR PLIST 

Log message:
import filter-mimedefang

filter-mimedefang is an opensmtpd filter that integrates MIMEDefang with 
OpenSMTPD.
ok afresh1@

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/01/23 07:44:34

ports/mail/opensmtpd-filters/mimedefang/pkg

Update of /cvs/ports/mail/opensmtpd-filters/mimedefang/pkg
In directory cvs.openbsd.org:/tmp/cvs-serv29982/mimedefang/pkg

Log Message:
Directory /cvs/ports/mail/opensmtpd-filters/mimedefang/pkg added to the 
repository

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/01/23 07:43:00

ports/mail/opensmtpd-filters/mimedefang

Update of /cvs/ports/mail/opensmtpd-filters/mimedefang
In directory cvs.openbsd.org:/tmp/cvs-serv95479/mimedefang

Log Message:
Directory /cvs/ports/mail/opensmtpd-filters/mimedefang added to the repository

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/01/23 07:37:17

Modified files:
www/apache-httpd: Tag: OPENBSD_7_2 Makefile distinfo 
www/apache-httpd/pkg: Tag: OPENBSD_7_2 PLIST 
Added files:
www/apache-httpd/patches: Tag: OPENBSD_7_2 
  patch-modules_http2_h2_c2_filter_c 

Log message:
update to 2.4.55, fixes CVE-2022-37436, CVE-2022-36760 and
CVE-2006-20001.
ok sthen@

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/01/23 07:13:41

Modified files:
www/apache-httpd: Makefile distinfo 
www/apache-httpd/patches: patch-configure 
www/apache-httpd/pkg: PLIST 
Added files:
www/apache-httpd/patches: patch-modules_http2_h2_c2_filter_c 

Log message:
update to 2.4.55, fixes CVE-2022-37436, CVE-2022-36760 and
CVE-2006-20001.
ok sthen@

Re: UPDATE: www/apache-httpd

[Giovanni Bechis]

On Wed, Jan 18, 2023 at 09:12:41AM +0100, Giovanni Bechis wrote:
> Hi,
> update to 2.4.55, fixes CVE-2022-37436, CVE-2022-36760 and
> CVE-2006-20001.
>  ok for current and 7.2 ?
>   Cheers
>Giovanni
> 
second diff with a mod_http2 fix added.
 Cheers
  Giovanni

Index: Makefile
===
RCS file: /cvs/ports/www/apache-httpd/Makefile,v
retrieving revision 1.119
diff -u -p -r1.119 Makefile
--- Makefile15 Nov 2022 23:14:12 -  1.119
+++ Makefile19 Jan 2023 11:12:53 -
@@ -1,9 +1,8 @@
 COMMENT=   apache HTTP server
 
-V= 2.4.54
+V= 2.4.55
 DISTNAME=  httpd-${V}
 PKGNAME=   apache-httpd-${V}
-REVISION=  0
 
 CATEGORIES=www net
 
Index: distinfo
===
RCS file: /cvs/ports/www/apache-httpd/distinfo,v
retrieving revision 1.42
diff -u -p -r1.42 distinfo
--- distinfo9 Jun 2022 07:05:50 -   1.42
+++ distinfo19 Jan 2023 11:12:53 -
@@ -1,2 +1,2 @@
-SHA256 (httpd-2.4.54.tar.gz) = xoe5nERsDvNF59hsIajhX8B0t9UVLE/iKwRj4r40b/s=
-SIZE (httpd-2.4.54.tar.gz) = 9743277
+SHA256 (httpd-2.4.55.tar.gz) = Unbqi8b/8x7tXIITKuUaCy7gX55rYaAPqHf2ytqztjg=
+SIZE (httpd-2.4.55.tar.gz) = 975
Index: patches/patch-configure
===
RCS file: /cvs/ports/www/apache-httpd/patches/patch-configure,v
retrieving revision 1.24
diff -u -p -r1.24 patch-configure
--- patches/patch-configure 15 Nov 2022 23:14:12 -  1.24
+++ patches/patch-configure 19 Jan 2023 11:12:53 -
@@ -1,7 +1,7 @@
 Index: configure
 --- configure.orig
 +++ configure
-@@ -3472,7 +3472,7 @@ do
+@@ -3832,7 +3832,7 @@ do
ap_last="${ap_cur}"
ap_cur=`eval "echo ${ap_cur}"`
  done
@@ -10,12 +10,12 @@ Index: configure
  
  
APACHE_VAR_SUBST="$APACHE_VAR_SUBST exp_sysconfdir"
-@@ -4678,7 +4678,7 @@ APR_INCLUDEDIR=`$apr_config --includedir`
+@@ -5059,7 +5059,7 @@ APR_INCLUDEDIR=`$apr_config --includedir`
  APR_INCLUDES=`$apr_config --includes`
  APR_VERSION=`$apr_config --version`
  apr_major_version=`echo ${APR_VERSION} | sed 's,\..*,,'`
 -APR_CONFIG="$APR_BINDIR/apr-${apr_major_version}-config"
 +APR_CONFIG="$apr_config"
  
- { $as_echo "$as_me:${as_lineno-$LINENO}: " >&5
- $as_echo "$as_me: " >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: " >&5
+ printf "%s\n" "$as_me: " >&6;}
Index: patches/patch-modules_http2_h2_c2_filter_c
===
RCS file: patches/patch-modules_http2_h2_c2_filter_c
diff -N patches/patch-modules_http2_h2_c2_filter_c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-modules_http2_h2_c2_filter_c  19 Jan 2023 11:12:53 -
@@ -0,0 +1,12 @@
+Index: modules/http2/h2_c2_filter.c
+--- modules/http2/h2_c2_filter.c.orig
 modules/http2/h2_c2_filter.c
+@@ -615,7 +615,7 @@ apr_status_t h2_c2_filter_catch_h1_out(ap_filter_t* f,
+ ap_assert(conn_ctx);
+ H2_FILTER_LOG("c2_catch_h1_out", f->c, APLOG_TRACE2, 0, "check", bb);
+ 
+-if (!conn_ctx->has_final_response) {
++if (!f->c->aborted && !conn_ctx->has_final_response) {
+ if (!parser) {
+ parser = apr_pcalloc(f->c->pool, sizeof(*parser));
+ parser->id = apr_psprintf(f->c->pool, "%s-%d", conn_ctx->id, 
conn_ctx->stream_id);
Index: pkg/PLIST
===
RCS file: /cvs/ports/www/apache-httpd/pkg/PLIST,v
retrieving revision 1.36
diff -u -p -r1.36 PLIST
--- pkg/PLIST   11 Mar 2022 20:09:38 -  1.36
+++ pkg/PLIST   19 Jan 2023 11:12:53 -
@@ -47,6 +47,7 @@ include/apache2/mod_cgi.h
 include/apache2/mod_core.h
 include/apache2/mod_dav.h
 include/apache2/mod_dbd.h
+include/apache2/mod_http2.h
 include/apache2/mod_include.h
 include/apache2/mod_log_config.h
 include/apache2/mod_proxy.h


signature.asc
Description: PGP signature

Re: NEW: mail/opensmtpd-filters/mimedefang

[Giovanni Bechis]

On Wed, Jan 18, 2023 at 09:18:18AM +0100, Giovanni Bechis wrote:
> Hi,
> attached an opensmtpd filter to be able to use MIMEDefang with smtpd(8).
>  Ok ?
>   Cheers
>Giovanni
> 
Correct diff follows:

Index: Makefile
===
RCS file: /cvs/ports/mail/opensmtpd-filters/Makefile,v
retrieving revision 1.6
diff -u -p -r1.6 Makefile
--- Makefile11 Mar 2022 19:34:44 -  1.6
+++ Makefile18 Jan 2023 14:18:46 -
@@ -4,6 +4,7 @@ SUBDIR += dkimsign
 SUBDIR += dkimsign,ed25519
 SUBDIR += dnsbl
 SUBDIR += libopensmtpd
+SUBDIR += mimedefang
 SUBDIR += rspamd
 SUBDIR += senderscore
 SUBDIR += spamassassin
Index: mimedefang/Makefile
===
RCS file: mimedefang/Makefile
diff -N mimedefang/Makefile
--- /dev/null   1 Jan 1970 00:00:00 -
+++ mimedefang/Makefile 18 Jan 2023 14:18:46 -
@@ -0,0 +1,26 @@
+COMMENT=   MIMEDefang integration to the OpenSMTPD daemon
+
+V= 0.1
+FILTER_NAME =  mimedefang
+DISTNAME = ${FILTER_NAME}-smtpd-filter-${V}
+PKGNAME =  filter-${FILTER_NAME}-${V}
+
+CATEGORIES=mail
+HOMEPAGE=  https://mimedefang.org
+
+MAINTAINER=    Giovanni Bechis 
+
+MASTER_SITES=   ${HOMEPAGE}/releases/opensmtpd/
+INSTALL_TARGET=build install
+
+WRKDIST=   ${WRKDIR}/${PKGNAME}
+
+RUN_DEPENDS=   mail/mimedefang \
+   mail/p5-OpenSMTPd-Filter
+
+# MIT
+PERMIT_PACKAGE=Yes
+
+NO_TEST=   Yes
+
+.include 
Index: mimedefang/distinfo
===
RCS file: mimedefang/distinfo
diff -N mimedefang/distinfo
--- /dev/null   1 Jan 1970 00:00:00 -
+++ mimedefang/distinfo 18 Jan 2023 14:18:46 -
@@ -0,0 +1,2 @@
+SHA256 (mimedefang-smtpd-filter-0.1.tar.gz) = 
UXZlyxDojrEJzZGbA9qQLnHAQTcOFENGB8Rc9GZaBxU=
+SIZE (mimedefang-smtpd-filter-0.1.tar.gz) = 6825
Index: mimedefang/pkg/DESCR
===
RCS file: mimedefang/pkg/DESCR
diff -N mimedefang/pkg/DESCR
--- /dev/null   1 Jan 1970 00:00:00 -
+++ mimedefang/pkg/DESCR18 Jan 2023 14:18:46 -
@@ -0,0 +1 @@
+filter-mimedefang is an opensmtpd filter that integrates MIMEDefang with 
OpenSMTPD.
Index: mimedefang/pkg/PLIST
===
RCS file: mimedefang/pkg/PLIST
diff -N mimedefang/pkg/PLIST
--- /dev/null   1 Jan 1970 00:00:00 -
+++ mimedefang/pkg/PLIST18 Jan 2023 14:18:46 -
@@ -0,0 +1,3 @@
+libexec/smtpd/
+libexec/smtpd/filter-mimedefang.pl
+@man man/man8/filter-mimedefang.8


signature.asc
Description: PGP signature

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/01/18 02:01:05

Modified files:
mail/mimedefang: Makefile distinfo 

Log message:
update to 3.3
ok ajacoutot@

UPDATE: mail/mimedefang

[Giovanni Bechis]

Hi,
bugfix update to 3.3 version.
 Ok ?
  Cheers
   Giovanni

Index: Makefile
===
RCS file: /cvs/ports/mail/mimedefang/Makefile,v
retrieving revision 1.61
diff -u -p -r1.61 Makefile
--- Makefile24 Oct 2022 16:29:22 -  1.61
+++ Makefile18 Jan 2023 07:52:28 -
@@ -1,6 +1,6 @@
 COMMENT=   mailfilter to identify and mark spam
 
-DISTNAME=  mimedefang-3.2
+DISTNAME=  mimedefang-3.3
 
 CATEGORIES=mail
 
Index: distinfo
===
RCS file: /cvs/ports/mail/mimedefang/distinfo,v
retrieving revision 1.24
diff -u -p -r1.24 distinfo
--- distinfo24 Oct 2022 16:29:22 -  1.24
+++ distinfo18 Jan 2023 07:52:28 -
@@ -1,2 +1,2 @@
-SHA256 (mimedefang-3.2.tar.gz) = 7Rgn2ZCVe0EyUtUo7Q0JxjeBRt9WlTkKyD3B59vZpKY=
-SIZE (mimedefang-3.2.tar.gz) = 494702
+SHA256 (mimedefang-3.3.tar.gz) = r5CeLDt3eDG+mJ+erw05WoWvnVS0pp6Qa7x+Kqu9E00=
+SIZE (mimedefang-3.3.tar.gz) = 495544


signature.asc
Description: PGP signature

NEW: mail/opensmtpd-filters/mimedefang

[Giovanni Bechis]

Hi,
attached an opensmtpd filter to be able to use MIMEDefang with smtpd(8).
 Ok ?
  Cheers
   Giovanni

Index: mimedefang/Makefile
===
RCS file: mimedefang/Makefile
diff -N mimedefang/Makefile
--- /dev/null   1 Jan 1970 00:00:00 -
+++ mimedefang/Makefile 28 Oct 2022 17:21:48 -
@@ -0,0 +1,23 @@
+COMMENT=   MIMEDefang integration to the OpenSMTPD daemon
+
+V= 0.1
+FILTER_NAME =  mimedefang
+DISTNAME = filter-${FILTER_NAME}-${V}
+
+CATEGORIES=mail
+HOMEPAGE=  https://mimedefang.org
+
+MAINTAINER=Giovanni Bechis 
+
+MASTER_SITES=   ${HOMEPAGE}/releases/
+INSTALL_TARGET=build install
+
+RUN_DEPENDS=   mail/mimedefang \
+   mail/p5-OpenSMTPd-Filter
+
+# MIT
+PERMIT_PACKAGE=Yes
+
+NO_TEST=   Yes
+
+.include 
Index: mimedefang/distinfo
===
RCS file: mimedefang/distinfo
diff -N mimedefang/distinfo
--- /dev/null   1 Jan 1970 00:00:00 -
+++ mimedefang/distinfo 28 Oct 2022 17:21:48 -
@@ -0,0 +1,2 @@
+SHA256 (filter-mimedefang-0.1.tar.gz) = 
Om+yQOK6pxkm8Cu/IafUiiIcoDDksvKGJCzSmFXVh4M=
+SIZE (filter-mimedefang-0.1.tar.gz) = 3348
Index: mimedefang/pkg/DESCR
===
RCS file: mimedefang/pkg/DESCR
diff -N mimedefang/pkg/DESCR
--- /dev/null   1 Jan 1970 00:00:00 -
+++ mimedefang/pkg/DESCR28 Oct 2022 17:21:48 -
@@ -0,0 +1 @@
+filter-mimedefang is an opensmtpd filter that integrates MIMEDefang with 
OpenSMTPD.
Index: mimedefang/pkg/PLIST
===
RCS file: mimedefang/pkg/PLIST
diff -N mimedefang/pkg/PLIST
--- /dev/null   1 Jan 1970 00:00:00 -
+++ mimedefang/pkg/PLIST28 Oct 2022 17:21:48 -
@@ -0,0 +1,3 @@
+libexec/smtpd/
+libexec/smtpd/filter-mimedefang.pl
+@man man/man8/filter-mimedefang.8


signature.asc
Description: PGP signature

UPDATE: www/apache-httpd

[Giovanni Bechis]

Hi,
update to 2.4.55, fixes CVE-2022-37436, CVE-2022-36760 and
CVE-2006-20001.
 ok for current and 7.2 ?
  Cheers
   Giovanni

Index: Makefile
===
RCS file: /cvs/ports/www/apache-httpd/Makefile,v
retrieving revision 1.119
diff -u -p -r1.119 Makefile
--- Makefile15 Nov 2022 23:14:12 -  1.119
+++ Makefile18 Jan 2023 07:50:34 -
@@ -1,9 +1,8 @@
 COMMENT=   apache HTTP server
 
-V= 2.4.54
+V= 2.4.55
 DISTNAME=  httpd-${V}
 PKGNAME=   apache-httpd-${V}
-REVISION=  0
 
 CATEGORIES=www net
 
Index: distinfo
===
RCS file: /cvs/ports/www/apache-httpd/distinfo,v
retrieving revision 1.42
diff -u -p -r1.42 distinfo
--- distinfo9 Jun 2022 07:05:50 -   1.42
+++ distinfo18 Jan 2023 07:50:34 -
@@ -1,2 +1,2 @@
-SHA256 (httpd-2.4.54.tar.gz) = xoe5nERsDvNF59hsIajhX8B0t9UVLE/iKwRj4r40b/s=
-SIZE (httpd-2.4.54.tar.gz) = 9743277
+SHA256 (httpd-2.4.55.tar.gz) = Unbqi8b/8x7tXIITKuUaCy7gX55rYaAPqHf2ytqztjg=
+SIZE (httpd-2.4.55.tar.gz) = 975
Index: patches/patch-configure
===
RCS file: /cvs/ports/www/apache-httpd/patches/patch-configure,v
retrieving revision 1.24
diff -u -p -r1.24 patch-configure
--- patches/patch-configure 15 Nov 2022 23:14:12 -  1.24
+++ patches/patch-configure 18 Jan 2023 07:50:34 -
@@ -1,7 +1,7 @@
 Index: configure
 --- configure.orig
 +++ configure
-@@ -3472,7 +3472,7 @@ do
+@@ -3832,7 +3832,7 @@ do
ap_last="${ap_cur}"
ap_cur=`eval "echo ${ap_cur}"`
  done
@@ -10,12 +10,12 @@ Index: configure
  
  
APACHE_VAR_SUBST="$APACHE_VAR_SUBST exp_sysconfdir"
-@@ -4678,7 +4678,7 @@ APR_INCLUDEDIR=`$apr_config --includedir`
+@@ -5059,7 +5059,7 @@ APR_INCLUDEDIR=`$apr_config --includedir`
  APR_INCLUDES=`$apr_config --includes`
  APR_VERSION=`$apr_config --version`
  apr_major_version=`echo ${APR_VERSION} | sed 's,\..*,,'`
 -APR_CONFIG="$APR_BINDIR/apr-${apr_major_version}-config"
 +APR_CONFIG="$apr_config"
  
- { $as_echo "$as_me:${as_lineno-$LINENO}: " >&5
- $as_echo "$as_me: " >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: " >&5
+ printf "%s\n" "$as_me: " >&6;}
Index: pkg/PLIST
===
RCS file: /cvs/ports/www/apache-httpd/pkg/PLIST,v
retrieving revision 1.36
diff -u -p -r1.36 PLIST
--- pkg/PLIST   11 Mar 2022 20:09:38 -  1.36
+++ pkg/PLIST   18 Jan 2023 07:50:34 -
@@ -47,6 +47,7 @@ include/apache2/mod_cgi.h
 include/apache2/mod_core.h
 include/apache2/mod_dav.h
 include/apache2/mod_dbd.h
+include/apache2/mod_http2.h
 include/apache2/mod_include.h
 include/apache2/mod_log_config.h
 include/apache2/mod_proxy.h


signature.asc
Description: PGP signature

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2023/01/04 07:25:05

Modified files:
mail/p5-Mail-SpamAssassin: Makefile distinfo 
mail/p5-Mail-SpamAssassin/patches: patch-Makefile_PL 
   patch-t_sa_compile_t 
mail/p5-Mail-SpamAssassin/pkg: PLIST spamassassin.rc 

Log message:
update to 4.0.0
upgrade notes available at 
http://svn.apache.org/repos/asf/spamassassin/trunk/UPGRADE
ok sthen@

UPDATE: mail/p5-Mail-SpamAssassin

[Giovanni Bechis]

Hi,
major update to 4.0.0.
Lot of improvements and new features, more info at
https://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_release_4_0_0/UPGRADE.

Comments ? Ok ?

 Cheers
  Giovanni

Index: Makefile
===
RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/Makefile,v
retrieving revision 1.119
diff -u -p -r1.119 Makefile
--- Makefile8 Nov 2022 11:14:50 -   1.119
+++ Makefile20 Dec 2022 07:23:44 -
@@ -1,11 +1,10 @@
 COMMENT=   mailfilter to identify and mark spam
 
-VER=   3.4.6
+VER=   4.0.0
 DISTNAME=  Mail-SpamAssassin-${VER}
 PKGNAME=   p5-${DISTNAME}
-RULESNAME= Mail-SpamAssassin-rules-${VER}.r1888502.tgz
+RULESNAME= Mail-SpamAssassin-rules-${VER}.r1905950.tgz
 CATEGORIES=mail perl5
-REVISION=  0
 
 DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${RULESNAME}
 EXTRACT_SUFX=  .tar.bz2
@@ -24,6 +23,8 @@ MASTER_SITES= ${MASTER_SITE_APACHE:=spa
 
 COMMON_DEPENDS=www/p5-HTML-Parser>=3.31 \
mail/p5-Mail-DKIM>=0.31 \
+   mail/p5-Email-Address-XS \
+   mail/p5-Mail-DMARC \
net/p5-Net-DNS>=0.34 \
net/p5-NetAddr-IP \
security/p5-IO-Socket-SSL
@@ -36,7 +37,7 @@ RUN_DEPENDS=  ${COMMON_DEPENDS} \
devel/p5-IO-String \
p5-Mail-SPF-*|p5-Mail-SPF-Query-*:mail/p5-Mail-SPF \

p5-GeoIP2-*|p5-IP-Country-DB_File-*|p5-IP-Country-*:net/p5-GeoIP2 \
-   net/p5-Net-LibIDN \
+   net/p5-Net-LibIDN2 \
net/p5-Net-Patricia \
security/gnupg \
textproc/p5-Encode-Detect \
Index: distinfo
===
RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/distinfo,v
retrieving revision 1.43
diff -u -p -r1.43 distinfo
--- distinfo30 Apr 2021 14:43:48 -  1.43
+++ distinfo20 Dec 2022 07:23:44 -
@@ -1,4 +1,4 @@
-SHA256 (Mail-SpamAssassin-3.4.6.tar.bz2) = 
vEh18+S7WXnwwQKDITpRLEyWRiIK4BMqeMjjr5R4lhA=
-SHA256 (Mail-SpamAssassin-rules-3.4.6.r1888502.tgz) = 
se/NxX5rEAc1hV4k7oORsIVzJ9cOHh0sJ1fV9m6KHOY=
-SIZE (Mail-SpamAssassin-3.4.6.tar.bz2) = 6166807
-SIZE (Mail-SpamAssassin-rules-3.4.6.r1888502.tgz) = 369768
+SHA256 (Mail-SpamAssassin-4.0.0.tar.bz2) = 
5aoXBQowvHK6qGr9xgSMrepNHsLsxh14dxegWbgxnog=
+SHA256 (Mail-SpamAssassin-rules-4.0.0.r1905950.tgz) = 
rk/7uRfrx/76ckD8W7UVHdpmP45AWRYa18m0Lu0brG0=
+SIZE (Mail-SpamAssassin-4.0.0.tar.bz2) = 6371055
+SIZE (Mail-SpamAssassin-rules-4.0.0.r1905950.tgz) = 355737
Index: patches/patch-Makefile_PL
===
RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/patches/patch-Makefile_PL,v
retrieving revision 1.16
diff -u -p -r1.16 patch-Makefile_PL
--- patches/patch-Makefile_PL   11 Mar 2022 19:34:50 -  1.16
+++ patches/patch-Makefile_PL   20 Dec 2022 07:23:44 -
@@ -1,7 +1,7 @@
 Index: Makefile.PL
 --- Makefile.PL.orig
 +++ Makefile.PL
-@@ -857,7 +857,7 @@ sub MY::install {
+@@ -886,7 +886,7 @@ sub MY::install {
  
foreach (@code) {
  # Add our install targets as a dependency to all top-level install targets
Index: patches/patch-t_sa_compile_t
===
RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/patches/patch-t_sa_compile_t,v
retrieving revision 1.5
diff -u -p -r1.5 patch-t_sa_compile_t
--- patches/patch-t_sa_compile_t11 Mar 2022 19:34:50 -  1.5
+++ patches/patch-t_sa_compile_t20 Dec 2022 07:23:44 -
@@ -1,9 +1,9 @@
 Index: t/sa_compile.t
 --- t/sa_compile.t.orig
 +++ t/sa_compile.t
-@@ -12,8 +12,7 @@ use Config;
- use File::Basename;
- use File::Path qw/mkpath/;
+@@ -10,8 +10,7 @@ use SATest; sa_t_init("sa_compile");
+ 
+ use Config;
  
 -my $temp_binpath = $Config{sitebinexp};
 -$temp_binpath =~ s|^\Q$Config{siteprefixexp}\E/||;
Index: pkg/PLIST
===
RCS file: /cvs/ports/mail/p5-Mail-SpamAssassin/pkg/PLIST,v
retrieving revision 1.41
diff -u -p -r1.41 PLIST
--- pkg/PLIST   8 Nov 2022 11:14:51 -   1.41
+++ pkg/PLIST   20 Dec 2022 07:23:44 -
@@ -21,7 +21,7 @@ ${P5SITE}/Mail/SpamAssassin.pm
 ${P5SITE}/Mail/SpamAssassin/AICache.pm
 ${P5SITE}/Mail/SpamAssassin/ArchiveIterator.pm
 ${P5SITE}/Mail/SpamAssassin/AsyncLoop.pm
-${P5SITE}/Mail/SpamAssassin/AutoWhitelist.pm
+${P5SITE}/Mail/SpamAssassin/AutoWelcomelist.pm
 ${P5SITE}/Mail/SpamAssassin/Bayes/
 ${P5SITE}/Mail/SpamAssassin/Bayes.pm
 ${P5SITE}/Mail/SpamAssassin/Bayes/CombineChi.pm
@@ -45,6 +45,7 @@ ${P5SITE}/Mail/SpamAssassin/Constants.pm
 ${P5SITE}/Mail/SpamAssassin/DBBasedAddrList.pm
 

Re: sysutils/rdiff-backup: update or remove ?

[Giovanni Bechis]

On Mon, Dec 05, 2022 at 11:25:15AM +, Stuart Henderson wrote:
> On 2022/12/05 12:01, Giovanni Bechis wrote:
> > On Sat, Dec 03, 2022 at 07:30:55PM +, Klemens Nanni wrote:
> > > Last port update is from 2010, i consider this port unmaintained despite
> > > the variable being set.
> > > 
> > > python 2, but upstream is super active (last beta is a few hours old)
> > > with python 3 support and a stable version of 2.0.5.
> > > 
> > > Does anyone use this port and cares to update it?
> > > It shouldn't rot away on py2 life support^W^W...
> > I am using it, update to 2.0.5 follows.
> 
> Joshua Megerman sent a diff back in May for this, which I tweaked and
> sent back, no response from maintainer (and I forgot it was in-flight
> and didn't get round to committing it).
> 
> It would be really helpful if people would drop maintainer on ports
> which they aren't realistically going to maintain.
> 
> > +lib/python${MODPY_VERSION}/site-packages/rdiff_backup-0.0.0.dist-info/
> 
> This should use the pypi "sdist" tarball, the version number doesn't end up
> set correctly when it's built from the GH autogenerated tar.
> 
> Here's an updated version of the earlier diffs. OK?
> 
sure, ok giovanni@, thanks.
 Giovanni


> Index: Makefile
> ===
> RCS file: /cvs/ports/sysutils/rdiff-backup/Makefile,v
> retrieving revision 1.24
> diff -u -p -r1.24 Makefile
> --- Makefile  11 Mar 2022 19:57:55 -  1.24
> +++ Makefile  5 Dec 2022 11:20:28 -
> @@ -1,26 +1,27 @@
> -COMMENT =incremental backup
> +COMMENT =incremental backup
>  
> -MODPY_EGG_VERSION =  1.2.8
> +MODPY_EGG_VERSION =  2.0.5
>  DISTNAME =   rdiff-backup-${MODPY_EGG_VERSION}
> -REVISION =   8
> +
>  CATEGORIES = sysutils
>  
> -HOMEPAGE =   http://www.nongnu.org/rdiff-backup/
> +HOMEPAGE =   https://rdiff-backup.net/
>  
> -MAINTAINER = Pierre-Emmanuel Andre 
> +MAINTAINER = Pierre-Emmanuel Andre 
>  
>  # GPLv2+
>  PERMIT_PACKAGE = Yes
>  
>  WANTLIB +=   rsync pthread ${MODPY_WANTLIB}
>  
> -LIB_DEPENDS +=   net/librsync
> -
> -MASTER_SITES =   ${MASTER_SITE_SAVANNAH:=rdiff-backup/}
> +LIB_DEPENDS +=   net/librsync
>  
> -MODULES  =   lang/python
> -MODPY_VERSION =  ${MODPY_DEFAULT_VERSION_2}
> +MODULES  =   lang/python
> +MODPY_PI =   Yes
> +MODPY_PYBUILD =  setuptools_scm
> +CFLAGS +=-I${LOCALBASE}/include
>  
> -NO_TEST =Yes
> +# tests are present but are intended to run via Tox in a Docker container
> +NO_TEST =Yes
>  
>  .include 
> Index: distinfo
> ===
> RCS file: /cvs/ports/sysutils/rdiff-backup/distinfo,v
> retrieving revision 1.3
> diff -u -p -r1.3 distinfo
> --- distinfo  18 Jan 2015 03:15:14 -  1.3
> +++ distinfo  5 Dec 2022 11:20:28 -
> @@ -1,2 +1,2 @@
> -SHA256 (rdiff-backup-1.2.8.tar.gz) = 
> DZGoW0CUkRb6iq8V2hZcNKLRVEmzy+AcgCY5ExCslds=
> -SIZE (rdiff-backup-1.2.8.tar.gz) = 196526
> +SHA256 (rdiff-backup-2.0.5.tar.gz) = 
> VNFgOOYgFO2RbHHIMDsH0vphpqaAOMoYn8LTFTSw84s=
> +SIZE (rdiff-backup-2.0.5.tar.gz) = 456089
> Index: patches/patch-_librsyncmodule_c
> ===
> RCS file: patches/patch-_librsyncmodule_c
> diff -N patches/patch-_librsyncmodule_c
> --- patches/patch-_librsyncmodule_c   11 Mar 2022 19:57:55 -  1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -
> @@ -1,22 +0,0 @@
> -Fix with librsync v1.0.0; similar to
> -https://bugs.launchpad.net/duplicity/+bug/1416344
> -
> -This uses the backwards-compatible format that uses the insecure
> -truncated MD4 hash.
> -
>  _librsyncmodule.c.orig   Wed Aug 19 20:33:42 2015
> -+++ _librsyncmodule.cWed Aug 19 20:34:42 2015
> -@@ -59,8 +59,13 @@ _librsync_new_sigmaker(PyObject* self, PyObject* args)
> -   if (sm == NULL) return NULL;
> -   sm->x_attr = NULL;
> - 
> -+#ifdef RS_DEFAULT_STRONG_LEN
> -   sm->sig_job = rs_sig_begin((size_t)blocklen,
> -  
> (size_t)RS_DEFAULT_STRONG_LEN);
> -+#else
> -+  sm->sig_job = rs_sig_begin((size_t)blocklen,
> -+ (size_t)8, 
> RS_MD4_SIG_MAGIC);
> -+#endif
> -   return (PyObject*)sm;
> - }
> - 
> Index: patches/patch-rdiff_backup_SetConnections_py
> ===
> RCS file: patches/patch-rdiff_backup_Set

Re: sysutils/rdiff-backup: update or remove ?

[Giovanni Bechis]

On Sat, Dec 03, 2022 at 07:30:55PM +, Klemens Nanni wrote:
> Last port update is from 2010, i consider this port unmaintained despite
> the variable being set.
> 
> python 2, but upstream is super active (last beta is a few hours old)
> with python 3 support and a stable version of 2.0.5.
> 
> Does anyone use this port and cares to update it?
> It shouldn't rot away on py2 life support^W^W...
I am using it, update to 2.0.5 follows.
 Cheers
  Giovanni

Index: Makefile
===
RCS file: /cvs/ports/sysutils/rdiff-backup/Makefile,v
retrieving revision 1.24
diff -u -p -r1.24 Makefile
--- Makefile11 Mar 2022 19:57:55 -  1.24
+++ Makefile5 Dec 2022 10:54:34 -
@@ -1,12 +1,13 @@
 COMMENT =  incremental backup
 
-MODPY_EGG_VERSION =1.2.8
+MODPY_EGG_VERSION =2.0.5
+GH_ACCOUNT =   rdiff-backup
+GH_PROJECT =   rdiff-backup
+GH_TAGNAME =   v2.0.5
+
 DISTNAME = rdiff-backup-${MODPY_EGG_VERSION}
-REVISION = 8
 CATEGORIES =   sysutils
 
-HOMEPAGE = http://www.nongnu.org/rdiff-backup/
-
 MAINTAINER =   Pierre-Emmanuel Andre 
 
 # GPLv2+
@@ -16,10 +17,8 @@ WANTLIB +=   rsync pthread ${MODPY_WANTLI
 
 LIB_DEPENDS += net/librsync
 
-MASTER_SITES = ${MASTER_SITE_SAVANNAH:=rdiff-backup/}
-
 MODULES=   lang/python
-MODPY_VERSION =${MODPY_DEFAULT_VERSION_2}
+MODPY_PYBUILD =setuptools_scm
 
 NO_TEST =  Yes
 
Index: distinfo
===
RCS file: /cvs/ports/sysutils/rdiff-backup/distinfo,v
retrieving revision 1.3
diff -u -p -r1.3 distinfo
--- distinfo18 Jan 2015 03:15:14 -  1.3
+++ distinfo5 Dec 2022 10:54:34 -
@@ -1,2 +1,2 @@
-SHA256 (rdiff-backup-1.2.8.tar.gz) = 
DZGoW0CUkRb6iq8V2hZcNKLRVEmzy+AcgCY5ExCslds=
-SIZE (rdiff-backup-1.2.8.tar.gz) = 196526
+SHA256 (rdiff-backup-2.0.5.tar.gz) = 
/Trz05/pHvKygeapBkRREsW3GGQOSQyLb4OolgMYNSs=
+SIZE (rdiff-backup-2.0.5.tar.gz) = 441475
Index: patches/patch-_librsyncmodule_c
===
RCS file: patches/patch-_librsyncmodule_c
diff -N patches/patch-_librsyncmodule_c
--- patches/patch-_librsyncmodule_c 11 Mar 2022 19:57:55 -  1.2
+++ /dev/null   1 Jan 1970 00:00:00 -
@@ -1,22 +0,0 @@
-Fix with librsync v1.0.0; similar to
-https://bugs.launchpad.net/duplicity/+bug/1416344
-
-This uses the backwards-compatible format that uses the insecure
-truncated MD4 hash.
-
 _librsyncmodule.c.orig Wed Aug 19 20:33:42 2015
-+++ _librsyncmodule.c  Wed Aug 19 20:34:42 2015
-@@ -59,8 +59,13 @@ _librsync_new_sigmaker(PyObject* self, PyObject* args)
-   if (sm == NULL) return NULL;
-   sm->x_attr = NULL;
- 
-+#ifdef RS_DEFAULT_STRONG_LEN
-   sm->sig_job = rs_sig_begin((size_t)blocklen,
-
(size_t)RS_DEFAULT_STRONG_LEN);
-+#else
-+  sm->sig_job = rs_sig_begin((size_t)blocklen,
-+   (size_t)8, 
RS_MD4_SIG_MAGIC);
-+#endif
-   return (PyObject*)sm;
- }
- 
Index: patches/patch-rdiff_backup_SetConnections_py
===
RCS file: patches/patch-rdiff_backup_SetConnections_py
diff -N patches/patch-rdiff_backup_SetConnections_py
--- patches/patch-rdiff_backup_SetConnections_py11 Mar 2022 19:57:55 
-  1.3
+++ /dev/null   1 Jan 1970 00:00:00 -
@@ -1,18 +0,0 @@
-Bugfix: DeprecationWarning: os.popen2 is deprecated
-cf http://bugs.gentoo.org/attachment.cgi?id=216585=view
-
 rdiff_backup/SetConnections.py.origMon Mar 16 14:36:21 2009
-+++ rdiff_backup/SetConnections.py Wed Aug 19 20:31:28 2015
-@@ -135,10 +135,10 @@ def init_connection(remote_cmd):
-   if not remote_cmd: return Globals.local_connection
- 
-   Log("Executing " + remote_cmd, 4)
--  if os.name == "nt":
-+  if map(int, sys.version.split()[0].split('.')[:2]) >= [2, 6]:
-   import subprocess
-   try:
--  process = subprocess.Popen(remote_cmd, shell=False, 
bufsize=0,
-+  process = subprocess.Popen(remote_cmd, shell=True, 
bufsize=0,
-   
stdin=subprocess.PIPE, 
-   
stdout=subprocess.PIPE)
-   (stdin, stdout) = (process.stdin, process.stdout)
Index: patches/patch-setup_py
===
RCS file: /cvs/ports/sysutils/rdiff-backup/patches/patch-setup_py,v
retrieving revision 1.4
diff -u -p -r1.4 patch-setup_py
--- patches/patch-setup_py  11 Mar 2022 19:57:55 -  1.4
+++ patches/patch-setup_py  5 Dec 2022 10:54:34 -
@@ -1,34 +1,56 @@
 setup.py.orig  Mon Mar 16 15:36:21 2009
-+++ setup.py   Thu Feb 11 14:29:01 2010
-@@ -58,6 

Re: mail/opensmtpd-extras: update or remove -python package?

[Giovanni Bechis]

On 12/3/22 20:11, Klemens Nanni wrote:

There is 6.8.0 available but the -extras distfile is stuck at 6.7.1.

The python code over at https://github.com/OpenSMTPD/OpenSMTPD-extras
is at least six years old according to git...


according to git latest release is 6.7.1


Is anyone still using old python 2 bindings and/or do they still work
with current smtpd?

Anyone interested in porting them to python 3 or can we remove them?


I am not using python bindings at all.
 Cheers
  Giovanni



---
Information for 
https://cdn.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/opensmtpd-extras-python-6.7.1v0.tgz

Comment:
extras with python bindings for smtpd

Description:
Extras with Python bindings for OpenSMTPD.

Maintainer: Giovanni Bechis ,  Joerg Jung 


WWW: https://www.opensmtpd.org/

Re: some issues with sogo 5.7.1 in 7.2

[Giovanni Bechis]

On Mon, Nov 28, 2022 at 02:57:07PM +0100, Landry Breuil wrote:
> Hi,
> 
> finally upgraded my work sogo instance, hit two distinct issues
> unrelated to the WOPort one, both seen when trying to login:
> 
> [GCSSessionsFolder
> writeRecordForEntryWithID:value:creationDate:lastSeenDate:]: cannot
> write record: 
> NAME:PostgreSQL72FatalError REASON:fatal pgsql error
> (channel=<0x0x31374da1608[PostgreSQL72Channel]:
> connection=<0x0x3135d728468[PGConnection]:
> connection=0x0x313651c3800>>): ERROR:  value too long for type character
> varying(255)
> 
> found https://bugs.sogo.nu/view.php?id=5491 - from what i can see,
> https://github.com/Alinto/sogo/blob/master/Scripts/sql-update-5.5.1_to_5.6.0.sh
> isnt packaged in /usr/local/share/doc/sogo/. Maybe the PLIST should be
> updated ? anyway, solved it locally with psql:
> 
> sogo=> ALTER TABLE sogo_sessions_folder  ALTER COLUMN c_value TYPE
> VARCHAR(4096);
> 
> but also 'upstream sent too big header while reading response header
> from upstream' in nginx error logs, cf 
> https://www.sogo.nu/support/faq/errors-in-nginx-regarding-header-too-big.html#/faq
> 
> i already had some proxy buffers config in nginx (coming from the
> pkg-readme), had to bump them and could login just fine.
> 
> so .. maybe also update the pkg-readme with the values recommended
> upstream ?
> 
this diff works for me with Mariadb (nginx part untested).
ok ? What about 7.2 ?
 Cheers
  Giovanni

Index: Makefile
===
RCS file: /cvs/ports/www/sogo/Makefile,v
retrieving revision 1.102
diff -u -p -r1.102 Makefile
--- Makefile8 Nov 2022 11:17:20 -   1.102
+++ Makefile29 Nov 2022 23:35:11 -
@@ -1,7 +1,7 @@
 COMMENT =  web based groupware server
 
 VERSION =  5.7.1
-REVISION = 1
+REVISION = 2
 DISTNAME = SOGo-${VERSION}
 PKGNAME =  sogo-${VERSION}
 
@@ -52,7 +52,7 @@ SUBST_VARS += SOGOLIBDIR VARBASE
 SCRIPTS =  cas-proxy-validate.py sql-update-2.2.17_to_2.3.0.sh \
sql-update-3.2.10_to_4.0.0.sh 
sql-update-2.2.17_to_2.3.0-mysql.sh \
sql-update-3.2.10_to_4.0.0-mysql.sh 
sql-update-3.0.0-to-combined.sh \
-   sql-update-3.0.0-to-combined-mysql.sh updates.php
+   sql-update-3.0.0-to-combined-mysql.sh 
sql-update-5.5.1_to_5.6.0.sh updates.php
 
 post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sogo
Index: pkg/PLIST
===
RCS file: /cvs/ports/www/sogo/pkg/PLIST,v
retrieving revision 1.54
diff -u -p -r1.54 PLIST
--- pkg/PLIST   8 Nov 2022 11:17:20 -   1.54
+++ pkg/PLIST   29 Nov 2022 23:35:11 -
@@ -2875,6 +2875,7 @@ share/doc/sogo/sql-update-3.0.0-to-combi
 share/doc/sogo/sql-update-3.0.0-to-combined.sh
 share/doc/sogo/sql-update-3.2.10_to_4.0.0-mysql.sh
 share/doc/sogo/sql-update-3.2.10_to_4.0.0.sh
+share/doc/sogo/sql-update-5.5.1_to_5.6.0.sh
 share/doc/sogo/updates.php
 share/examples/login.conf.d/sogod
 @sample ${SYSCONFDIR}/login.conf.d/sogod
Index: pkg/README
===
RCS file: /cvs/ports/www/sogo/pkg/README,v
retrieving revision 1.25
diff -u -p -r1.25 README
--- pkg/README  19 Sep 2022 07:01:08 -  1.25
+++ pkg/README  29 Nov 2022 23:35:11 -
@@ -109,8 +109,8 @@ server {
 proxy_connect_timeout 90;
 proxy_send_timeout 90;
 proxy_read_timeout 90;
-proxy_buffer_size 4k;
-proxy_buffers 4 32k;
+proxy_buffer_size 64k;
+proxy_buffers 8 64k;
 proxy_busy_buffers_size 64k;
 proxy_temp_file_write_size 64k;
 client_max_body_size 50m;


signature.asc
Description: PGP signature

Re: Enable Ed25519 in apache-httpd

[Giovanni Bechis]

On Sun, Nov 13, 2022 at 03:31:03PM +0100, Theo Buehler wrote:
> Now that libcrypto ships with Ed25519 support and X25519 support in EVP,
> we can enable it in httpd. Ed448 is still not supported.
> 
> Also, do not use a dubious quality ASN1_TIME_diff() implementation from
> stackoverflow, use the one from libcrypto instead (which has been
> available since LibreSSL 3.6).
> 
> Regen patches while there.
> 
> I have only compile tested this.
> 
sure, ok giovanni@
 Thanks
  Giovanni


> PS: The unconditional setting of OPENSSL_NO_CT for LibreSSL in
> md_crypt.c is also iffy (CT is available since LibreSSL 3.5). Let's
> leave that for another day.
> 
> Index: Makefile
> ===
> RCS file: /cvs/ports/www/apache-httpd/Makefile,v
> retrieving revision 1.118
> diff -u -p -r1.118 Makefile
> --- Makefile  9 Jun 2022 07:05:50 -   1.118
> +++ Makefile  13 Nov 2022 14:20:02 -
> @@ -3,6 +3,7 @@ COMMENT=  apache HTTP server
>  V=   2.4.54
>  DISTNAME=httpd-${V}
>  PKGNAME= apache-httpd-${V}
> +REVISION=0
>  
>  CATEGORIES=  www net
>  
> Index: patches/patch-configure
> ===
> RCS file: /cvs/ports/www/apache-httpd/patches/patch-configure,v
> retrieving revision 1.23
> diff -u -p -r1.23 patch-configure
> --- patches/patch-configure   11 Mar 2022 20:09:37 -  1.23
> +++ patches/patch-configure   13 Nov 2022 14:20:02 -
> @@ -1,7 +1,7 @@
>  Index: configure
>  --- configure.orig
>  +++ configure
> -@@ -3462,7 +3462,7 @@ do
> +@@ -3472,7 +3472,7 @@ do
> ap_last="${ap_cur}"
> ap_cur=`eval "echo ${ap_cur}"`
>   done
> @@ -10,7 +10,7 @@ Index: configure
>   
>   
> APACHE_VAR_SUBST="$APACHE_VAR_SUBST exp_sysconfdir"
> -@@ -4668,7 +4668,7 @@ APR_INCLUDEDIR=`$apr_config --includedir`
> +@@ -4678,7 +4678,7 @@ APR_INCLUDEDIR=`$apr_config --includedir`
>   APR_INCLUDES=`$apr_config --includes`
>   APR_VERSION=`$apr_config --version`
>   apr_major_version=`echo ${APR_VERSION} | sed 's,\..*,,'`
> Index: patches/patch-modules_md_md_crypt_c
> ===
> RCS file: patches/patch-modules_md_md_crypt_c
> diff -N patches/patch-modules_md_md_crypt_c
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-modules_md_md_crypt_c   13 Nov 2022 14:24:25 -
> @@ -0,0 +1,35 @@
> +Hunk 1: LibreSSL 3.6.0 and later have ASN1_TIME_diff()
> +Hunks 2 and 3: LibreSSL 3.7.0 and later have X25519 support in EVP
> +Index: modules/md/md_crypt.c
> +--- modules/md/md_crypt.c.orig
>  modules/md/md_crypt.c
> +@@ -210,7 +210,8 @@ static int pem_passwd(char *buf, int size, int rwflag,
> +  */
> + static apr_time_t md_asn1_time_get(const ASN1_TIME* time)
> + {
> +-#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
> ++#if OPENSSL_VERSION_NUMBER < 0x10002000L || 
> (defined(LIBRESSL_VERSION_NUMBER) && \
> ++ LIBRESSL_VERSION_NUMBER < 
> 0x306fL)
> + /* courtesy: 
> https://stackoverflow.com/questions/10975542/asn1-time-to-time-t-conversion#11263731
> +  * all bugs are mine */
> + apr_time_exp_t t;
> +@@ -854,7 +855,8 @@ static apr_status_t gen_ec(md_pkey_t **ppkey, apr_pool
> + curve = EC_curve_nid2nist(curve_nid);
> + }
> + #endif
> +-#if defined(NID_X25519) && !defined(LIBRESSL_VERSION_NUMBER)
> ++#if defined(NID_X25519) && (!defined(LIBRESSL_VERSION_NUMBER) || \
> ++LIBRESSL_VERSION_NUMBER >= 0x307fL)
> + if (NID_undef == curve_nid && !apr_strnatcasecmp("X25519", curve)) {
> + curve_nid = NID_X25519;
> + curve = EC_curve_nid2nist(curve_nid);
> +@@ -872,7 +874,8 @@ static apr_status_t gen_ec(md_pkey_t **ppkey, apr_pool
> + *ppkey = make_pkey(p);
> + switch (curve_nid) {
> + 
> +-#if defined(NID_X25519) && !defined(LIBRESSL_VERSION_NUMBER)
> ++#if defined(NID_X25519) && (!defined(LIBRESSL_VERSION_NUMBER) || \
> ++LIBRESSL_VERSION_NUMBER >= 0x307fL)
> + case NID_X25519:
> + /* no parameters */
> + if (NULL == (ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL))
> Index: patches/patch-modules_ssl_ssl_engine_init_c
> ===
> RCS file: 
> /cvs/ports/www/apache-httpd/patches/patch-modules_ssl_ssl_engine_init_c,v
> retrieving revision 1.20
> diff -u -p -r1.20 patch-modules_ssl_ssl_engine_init_c
> --- patches/patch-modules_ssl_ssl_engine_init_c   11 Mar 2022 20:09:38 
> -  1.20
> +++ patches/patch-modules_ssl_ssl_engine_init_c   13 Nov 2022 14:20:02 
> -
> @@ -1,7 +1,7 @@
>  Index: modules/ssl/ssl_engine_init.c
>  --- modules/ssl/ssl_engine_init.c.orig
>  +++ modules/ssl/ssl_engine_init.c
> -@@ -1601,7 +1601,7 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s
> +@@ -1681,7 +1681,7 

Re: remove security/p0f ?

[Giovanni Bechis]

On 11/13/22 20:17, Stuart Henderson wrote:

On 2022/11/13 19:13, Klemens Nanni wrote:

We also have this the newer version as of

revision 1.1.1.1
date: 2015/01/08 22:03:20;  author: sthen;  state: Exp;  lines: +0 -0;
import security/p0f3 (separate non-conflicting port to p0f as the rewrite uses
different database files than the earlier one / pf / tcpdump), ok giovanni@

Any reason to still keep the old one around?

yes, this is the one which uses the same format as /etc/pf.os


unless you have a patch for pf(4) to make it work with the new format ;-)

 Giovanni

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/10/24 10:29:22

Modified files:
mail/mimedefang: Makefile distinfo 

Log message:
bugfix update to 3.2

Re: Tweak license detection in portgen(1)

[Giovanni Bechis]

On Sat, Oct 08, 2022 at 08:15:03PM -0400, Kurt Mosiejczuk wrote:
> I tweaked portgen's License.pm module a bit. There were common licenses
> that it would spit out as "Unknown". So I modified the munging a little
> and added more entries to its list of good licenses.
> 
> Now something that states its license is "The MIT License" will no
> longer stump it.
> 
> ok?
> 
sure, ok giovanni@
 Cheers
  Giovanni


> --Kurt
> 
> Index: License.pm
> ===
> RCS file: /cvs/ports/infrastructure/lib/OpenBSD/PortGen/License.pm,v
> retrieving revision 1.5
> diff -u -p -r1.5 License.pm
> --- License.pm13 May 2019 00:21:29 -  1.5
> +++ License.pm9 Oct 2022 00:07:08 -
> @@ -28,28 +28,38 @@ our @EXPORT_OK = qw(
>  
>  # Add licenses not recognized here.
>  my %good_licenses = (
> - agpl_3  => 'AGPL 3',
> - apache_1_1  => 'Apache 1.1',
> - apache_2_0  => 'Apache 2.0',
> - artistic_1  => 'Artistic 1.0',
> - artistic_2  => 'Artistic 2.0',
> - bsd => 'BSD',
> - freebsd => 'FreeBSD',
> - gpl_2   => 'GPLv2',
> - gpl_2_0 => 'GPLv2',
> - gpl_3   => 'GPLv3',
> - gpl_3_0 => 'GPLv3',
> - isc => 'ISC',
> - lgpl=> 'LGPL',
> - lgpl_2_1=> 'LGPL v2.1',
> - 'lgpl_2_1+' => 'LGPL v2.1',
> - mit => 'MIT',
> - mpl_v2  => 'MPL 2.0',
> - new_bsd => 'BSD-3',
> - perl_5  => 'Perl',
> - ruby=> 'Ruby',
> - qpl_1_0 => 'QPLv1',
> - zlib=> 'zlib',
> + agpl_3  => 'AGPL 3',
> + apache_1_1  => 'Apache 1.1',
> + apache_2_0  => 'Apache 2.0',
> + artistic_1  => 'Artistic 1.0',
> + artistic_1_0=> 'Artistic 1.0',
> + artistic_2  => 'Artistic 2.0',
> + artistic_2_0=> 'Artistic 2.0',
> + bsd => 'BSD',
> + cc0 => 'CC0',
> + cc_by_nc_sa_3_0 => 'CC BY-NC-SA 3.0',
> + cmu => 'CMU',
> + freebsd => 'FreeBSD',
> + gpl_2   => 'GPLv2',
> + gpl_2_0 => 'GPLv2',
> + 'gpl_2+'=> 'GPLv2+',
> + gpl_3   => 'GPLv3',
> + gpl_3_0 => 'GPLv3',
> + 'gpl_3+'=> 'GPLv3+',
> + isc => 'ISC',
> + lgpl=> 'LGPL',
> + lgpl_2_1=> 'LGPL v2.1',
> + 'lgpl_2_1+' => 'LGPL v2.1+',
> + lgpl_3  => 'LGPL v3',
> + 'lgpl_3+'   => 'LGPL v3+',
> + mit => 'MIT',
> + mpl_v2  => 'MPL 2.0',
> + new_bsd => 'BSD-3',
> + perl_5  => 'Perl',
> + public_domain   => 'Public Domain',
> + ruby=> 'Ruby',
> + qpl_1_0 => 'QPLv1',
> + zlib=> 'zlib',
>  );
>  
>  sub is_good
> @@ -75,6 +85,8 @@ sub _munge
>  
>   $license = lc $license;
>   $license =~ s/[,-\.\s]/_/g;
> + $license =~ s/the_//;
> + $license =~ s/gnu_public_license/gpl/;
>   $license =~ s/_license//;
>   $license =~ s/_version//;
>   $license =~ s/_{2,}/_/g;
> 


signature.asc
Description: PGP signature

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/10/11 01:53:34

Modified files:
mail/maildrop  : Makefile distinfo 
mail/maildrop/patches: patch-libs_maildir_Makefile_am 
   patch-libs_maildir_Makefile_in 
   patch-libs_maildrop_configure 

Log message:
bugfix upddate to 3.0.8

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/10/11 01:51:08

Modified files:
mail/courier-imap: Makefile distinfo 
mail/courier-imap/pkg: PLIST-main 

Log message:
bugfix update to 5.1.8

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/10/11 01:49:27

Modified files:
mail/courier-authlib: Makefile distinfo 
mail/courier-authlib/patches: patch-Makefile_in 
mail/courier-authlib/pkg: PLIST-userdb 

Log message:
bugfix update to 0.71.5

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/10/11 01:47:27

Modified files:
mail/courier-unicode: Makefile distinfo 

Log message:
update to 2.2.4

Re: Cannot start www/sogo 5.7.1

[Giovanni Bechis]

On Sat, Sep 17, 2022 at 07:56:37PM +0200, Sebastian Reitenbach wrote:
> On Friday, September 16, 2022 15:19 CEST, Landry Breuil  
> wrote:
> 
> > Le Fri, Sep 16, 2022 at 02:18:54PM +0200, Sebastian Reitenbach a écrit :
> > > On Wednesday, September 14, 2022 15:16 CEST, Giovanni Bechis 
> > >  wrote:
> > > 
> > > > On 9/14/22 13:08, Stuart Henderson wrote:
> > > > > On 2022/09/14 12:44, Landry Breuil wrote:
> > > > >> Le Wed, Sep 14, 2022 at 12:03:49PM +0200, Giovanni Bechis a écrit :
> > > > >>> On 9/14/22 11:19, Landry Breuil wrote:
> > > > >>>> Le Tue, Sep 13, 2022 at 11:29:01PM +0200, Giovanni Bechis a écrit :
> > > > >>>>> Hi,
> > > > >>>>> after updating to latest snapshot, sogod doesn't start anymore.
> > > > >>>>
> > > > >>>> just to make it clear, you were previously running 5.5.1 ?
> > > > >>>>
> > > > >>> Previously I was running 7.2-beta, looking at cvs history it was 
> > > > >>> SOGo 5.5.1.
> > > > >>>   Giovanni
> > > > >>>
> > > > >> i'd start by checking the changelogs:
> > > > >> https://www.sogo.nu/news/2022/sogo-v570-released.html
> > > > >> https://www.sogo.nu/news/2022/sogo-v560-released.html
> > > > >> https://www.sogo.nu/news/2022/sogo-v571-released.html
> > > > >>
> > > > >> my wild guess would be
> > > > >> https://github.com/Alinto/sogo/commit/edd64a396ef7a7227d5c45cc1deb61ef3e2b6112
> > > > >> which "adds support for IPv6" ... many dragons in there if you 
> > > > >> listen on
> > > > >> :2 only ;)
> > > > > 
> > > > > Or the big SOPE commit in https://github.com/Alinto/sope/pull/61 /
> > > > > https://github.com/Alinto/sope/commit/a7d04a02724c91797c3bf1b45d754ad909ba97bc
> > > > > 
> > > > > I would try "0.0.0.0:2" first (unless you can restrict it to a 
> > > > > localhost
> > > > > binding) - there's still quite a lot of software that doesn't cope 
> > > > > very
> > > > > well with OS that don't do v4-mapping on v6 sockets
> > > > > 
> > > > listening on 0.0.0.0:2000 or 127.0.0.1:2 works, I think SOGo tryes 
> > > > to bind on ipv4 and ipv6 using some code that is not portable 
> > > > (v4-mapping on v6 sockets).
> > > > I think we should add some info on the upgrade notes.
> > > 
> > > sorry, took a while.
> > > 
> > > As the README talks about the defaults command to configure SOGo,
> > > I only added a blurp to that file. We've something similar for a couple 
> > > of versions above.
> > > 
> > > questioning, if I probably should add that to the minimal default config 
> > > given even more above,
> > > for someone who is not upgrading, but just installing?
> > 
> > i'd put a section in current.html for those upgrading from 7.1 to 7.2,
> 
> yeah, will do.
> 
> > and patch out the default sogo.conf in the readme.
> 
> The sample nginx config goes along with the sample sogod config in the README.
> So I just added the WOPort statement there as well, people starting from 
> scratch
> will pick it up.
> 
> > 
> > maybe garbage collect the old old bits that conflict with it ?
> > 
> yeah, it's quite old, removed.
> 
> OK?
> 
ok giovanni@
 Thanks
  Giovanni


signature.asc
Description: PGP signature

Re: Cannot start www/sogo 5.7.1

[Giovanni Bechis]

On 9/14/22 13:08, Stuart Henderson wrote:

On 2022/09/14 12:44, Landry Breuil wrote:

Le Wed, Sep 14, 2022 at 12:03:49PM +0200, Giovanni Bechis a écrit :

On 9/14/22 11:19, Landry Breuil wrote:

Le Tue, Sep 13, 2022 at 11:29:01PM +0200, Giovanni Bechis a écrit :

Hi,
after updating to latest snapshot, sogod doesn't start anymore.


just to make it clear, you were previously running 5.5.1 ?


Previously I was running 7.2-beta, looking at cvs history it was SOGo 5.5.1.
  Giovanni


i'd start by checking the changelogs:
https://www.sogo.nu/news/2022/sogo-v570-released.html
https://www.sogo.nu/news/2022/sogo-v560-released.html
https://www.sogo.nu/news/2022/sogo-v571-released.html

my wild guess would be
https://github.com/Alinto/sogo/commit/edd64a396ef7a7227d5c45cc1deb61ef3e2b6112
which "adds support for IPv6" ... many dragons in there if you listen on
:2 only ;)


Or the big SOPE commit in https://github.com/Alinto/sope/pull/61 /
https://github.com/Alinto/sope/commit/a7d04a02724c91797c3bf1b45d754ad909ba97bc

I would try "0.0.0.0:2" first (unless you can restrict it to a localhost
binding) - there's still quite a lot of software that doesn't cope very
well with OS that don't do v4-mapping on v6 sockets


listening on 0.0.0.0:2000 or 127.0.0.1:2 works, I think SOGo tryes to bind 
on ipv4 and ipv6 using some code that is not portable (v4-mapping on v6 
sockets).
I think we should add some info on the upgrade notes.
 Giovanni


OpenPGP_signature
Description: OpenPGP digital signature

Re: Cannot start www/sogo 5.7.1

[Giovanni Bechis]

On 9/14/22 11:19, Landry Breuil wrote:

Le Tue, Sep 13, 2022 at 11:29:01PM +0200, Giovanni Bechis a écrit :

Hi,
after updating to latest snapshot, sogod doesn't start anymore.


just to make it clear, you were previously running 5.5.1 ?


Previously I was running 7.2-beta, looking at cvs history it was SOGo 5.5.1.
 Giovanni



OpenPGP_signature
Description: OpenPGP digital signature

Cannot start www/sogo 5.7.1

[Giovanni Bechis]

Hi,
after updating to latest snapshot, sogod doesn't start anymore.
The error I have on my log files is:

Sep 13 23:20:23 sogod [36455]: version 5.7.1 (build @amd64.ports.openbsd.org 
202209110944) -- starting
Sep 13 23:20:23 sogod [36455]: vmem size check enabled: shutting down app when 
vmem > 384 MB. Currently at 0 MB
Sep 13 23:20:23 sogod [36455]: <0x0xad538afbe88[SOGoProductLoader]> SOGo 
products loaded from '/usr/local/lib/GNUstep/SOGo':
Sep 13 23:20:23 sogod [36455]: <0x0xad538afbe88[SOGoProductLoader]>   
AdministrationUI.SOGo, Appointments.SOGo, CommonUI.SOGo, Contacts.SOGo, 
ContactsUI.SOGo, MailPartViewers.SOGo, Mailer.SOGo, MailerUI.SOGo, MainUI.SOGo, 
PreferencesUI.SOGo, SchedulerUI.SOGo
Sep 13 23:20:23 sogod [36455]: All products loaded - current memory usage at 0 
MB
Sep 13 23:20:23 sogod [36455]: [WARN] <0x0xad4ebfad808[WOWatchDog]> listening 
socket: attempt 1 failed
Sep 13 23:20:24 sogod [36455]: [WARN] <0x0xad4ebfad808[WOWatchDog]> listening 
socket: attempt 2 failed
Sep 13 23:20:25 sogod [36455]: [WARN] <0x0xad4ebfad808[WOWatchDog]> listening 
socket: attempt 3 failed
Sep 13 23:20:26 sogod [36455]: [WARN] <0x0xad4ebfad808[WOWatchDog]> listening 
socket: attempt 4 failed
Sep 13 23:20:27 sogod [36455]: [WARN] <0x0xad4ebfad808[WOWatchDog]> listening 
socket: attempt 5 failed
Sep 13 23:20:28 sogod [36455]: [ERROR] <0x0xad4ebfad808[WOWatchDog]> unable to 
listen on specified port, check that no other process is already using it
Loading two versions of SOGoMailBodyPart.  The class that will be used is 
undefined
...

In sogo.conf I have 'WOPort = "2";' and there is no other process listening 
on that port.

 Cheers
  Giovanni

$ doas pkg_info | grep -E '^so[go,pe]'
sogo-5.7.1  web based groupware server
sope-5.7.1  Skyrix Object Publishing Environment
sope-mysql-5.7.1SOPE MySQL adaptor
sope-postgres-5.7.1 SOPE PostgreSQL adaptor

$ doas dmesg

OpenBSD 7.2 (GENERIC.MP) #720: Sun Sep 11 15:41:58 MDT 2022
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4277010432 (4078MB)
avail mem = 4129984512 (3938MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (260 entries)
bios0: vendor Phoenix Technologies LTD version "6.00" date 12/12/2018
bios0: VMware, Inc. VMware Virtual Platform
acpi0 at bios0: ACPI 4.0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET
acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S8F0(S3) 
S16F(S3) S18F(S3) S22F(S3) S23F(S3) S24F(S3) S25F(S3) PE40(S3) S1F0(S3) 
PE50(S3) S1F0(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz, 2394.52 MHz, 06-3a-00
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,ARAT,MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 
8-way L2 cache, 35MB 64b/line 20-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 66MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz, 2394.59 MHz, 06-3a-00
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,ARAT,MELTDOWN
cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 
8-way L2 cache, 35MB 64b/line 20-way L3 cache
cpu1: smt 0, core 0, package 2
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz, 2394.56 MHz, 06-3a-00
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,ARAT,MELTDOWN
cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 
8-way L2 cache, 35MB 64b/line 20-way L3 cache
cpu2: smt 0, core 0, package 4
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz, 2394.57 MHz, 06-3a-00
cpu3: 

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/08/25 07:21:08

Modified files:
mail/mimedefang: Makefile distinfo 

Log message:
bugfix update to MIMEDefang 3.1

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/08/08 01:13:44

Modified files:
www/phpmyadmin : Makefile distinfo 
www/phpmyadmin/pkg: PLIST 

Log message:
update to 5.2.0

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/06/26 08:33:43

Modified files:
mail/mimedefang: Makefile distinfo 
mail/mimedefang/patches: 
 patch-examples_mimedefang-filter-openbsd-ports 
mail/mimedefang/pkg: PLIST 

Log message:
update to MIMEDefang 3.0 and take maintainership
ok ajacoutot@ (previous maintainer)

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/06/15 02:16:30

Modified files:
mail/amavisd-new: Makefile distinfo 

Log message:
update to 2.12.2
from Tim Howe with tweaks by me

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/06/09 01:17:34

Modified files:
www/apache-httpd: Tag: OPENBSD_7_1 Makefile distinfo 

Log message:
security update to 2.4.54
fixes CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404,
CVE-2022-28615, CVE-2022-28614CVE-2022-28330 and CVE-2022-26377

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/06/09 01:05:50

Modified files:
www/apache-httpd: Makefile distinfo 

Log message:
security update to 2.4.54
fixes CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404,
CVE-2022-28615, CVE-2022-28614CVE-2022-28330 and CVE-2022-26377

Re: www/sogod: add login.conf.d/sogod

[Giovanni Bechis]

On Thu, Apr 28, 2022 at 03:18:00PM +0200, Landry Breuil wrote:
> Le Thu, Apr 28, 2022 at 03:12:23PM +0200, Landry Breuil a écrit :
> > hi,
> > 
> > i've been using sogo with ~10 users since a while and i've had a line in
> > login.conf since 2017, because in some situations 128fd is not enough
> > for sogod.. i think that was for a high number of db/ldap cnx but i dont
> > remember the details honestly.
> > 
> > dunno if i should remove that login.conf knob and check how it fares
> > with 128, but here's a diff.
> 
> well.. now with a diff.
similar setup here, ok giovanni@
 Cheers
  Giovanni



> ? sogo-3.2.9.diff
> ? patches/patch-Scripts_sql-update-3_2_10_to_4_0_0-mysql_sh
> ? patches/patch-Scripts_sql-update-3_2_10_to_4_0_0_sh
> Index: Makefile
> ===
> RCS file: /cvs/ports/www/sogo/Makefile,v
> retrieving revision 1.98
> diff -u -r1.98 Makefile
> --- Makefile  11 Mar 2022 20:11:00 -  1.98
> +++ Makefile  28 Apr 2022 13:02:36 -
> @@ -3,6 +3,7 @@
>  VERSION =5.5.1
>  DISTNAME =   SOGo-${VERSION}
>  PKGNAME =sogo-${VERSION}
> +REVISION =   0
>  
>  SHARED_LIBS +=   GDLContentStore 3.0
>  SHARED_LIBS +=   NGCards 3.1
> Index: pkg/PLIST
> ===
> RCS file: /cvs/ports/www/sogo/pkg/PLIST,v
> retrieving revision 1.51
> diff -u -r1.51 PLIST
> --- pkg/PLIST 11 Mar 2022 20:11:01 -  1.51
> +++ pkg/PLIST 28 Apr 2022 13:02:37 -
> @@ -2833,6 +2833,8 @@
>  share/doc/sogo/sql-update-3.2.10_to_4.0.0-mysql.sh
>  share/doc/sogo/sql-update-3.2.10_to_4.0.0.sh
>  share/doc/sogo/updates.php
> +share/examples/login.conf.d/sogod
> +@sample ${SYSCONFDIR}/login.conf.d/sogod
>  @mode 750
>  @owner _sogo
>  @group _sogo
> Index: pkg/sogod.login
> ===
> RCS file: pkg/sogod.login
> diff -N pkg/sogod.login
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ pkg/sogod.login   28 Apr 2022 13:02:37 -
> @@ -0,0 +1,4 @@
> +sogod:\
> + :openfiles-cur=1024:\
> + :openfiles-max=2048:\
> + :tc=daemon:



signature.asc
Description: PGP signature

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/04/27 03:21:40

Modified files:
net: Makefile 

Log message:
+p5-Net-LibIDN2

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/04/27 03:11:04

Log message:
Net::LibIDN2 - Perl bindings for GNU Libidn2
The port provides bindings for GNU Libidn2,
a C library for handling internationalized domain names
based on IDNA 2008, Punycode and TR46.

hints and ok sthen@

Status:

Vendor Tag: giovanni
Release Tags:   giovanni_20220427

N ports/net/p5-Net-LibIDN2/Makefile
N ports/net/p5-Net-LibIDN2/distinfo
N ports/net/p5-Net-LibIDN2/pkg/DESCR
N ports/net/p5-Net-LibIDN2/pkg/PLIST

No conflicts created by this import

Re: NEW: misc/p5-Net-LibIDN2

[Giovanni Bechis]

On Wed, Apr 27, 2022 at 10:43:45AM +0200, Giovanni Bechis wrote:
> Net::LibIDN2 - Perl bindings for GNU Libidn2
> The port provides bindings for GNU Libidn2,
> a C library for handling internationalized domain names
> based on IDNA 2008, Punycode and TR46.
> 
> The port will be a dependency for Apache SpamAssassin 4.0.
> 
> Comments ? Ok ?
>  Cheers
>   Giovanni
Now with 100% more attachments.
 Giovanni


p5-Net-LibIDN2-1.01.tgz
Description: application/gzip


signature.asc
Description: PGP signature

NEW: misc/p5-Net-LibIDN2

[Giovanni Bechis]

Net::LibIDN2 - Perl bindings for GNU Libidn2
The port provides bindings for GNU Libidn2,
a C library for handling internationalized domain names
based on IDNA 2008, Punycode and TR46.

The port will be a dependency for Apache SpamAssassin 4.0.

Comments ? Ok ?
 Cheers
  Giovanni


signature.asc
Description: PGP signature

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/04/26 14:40:26

Modified files:
misc/memcached : Makefile distinfo 
misc/memcached/pkg: PLIST 

Log message:
update to 1.6.15
from Leo Unglaub, thanks

Re: mail/p5-Mail-DMARC: Update to 1.20211209

[Giovanni Bechis]

On 4/13/22 23:14, Alexander Bluhm wrote:
> On Sun, Apr 03, 2022 at 10:31:54AM +, wen heping wrote:
>> Hi,
>>
>> Here is a patch to update mail/p5-Mail-DMARC:
>> i) Update to 1.20211209
>> ii) Add p5-Email-Sender as RUN_DEPENDS
>> It build well,  1 of all 20 tests failed on my amd64-7.1 system.
>> 
>>
>> One port depends on p5-Mail-DMARC: mail/p5-Mail-Milter-Authentication.
>> It build well and pass all the tests with this patch.
>>
>> Cheers !
>> wen
> You have to make update-plist, new files are missing.
>
> +${P5SITE}/Mail/DMARC/Report/Sender.pm
> +${P5SITE}/Mail/DMARC/Test/
> +${P5SITE}/Mail/DMARC/Test/Transport.pm
>
> otherwise OK bluhm@
>
Committed, thanks.

 Giovanni

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/04/14 02:52:55

Modified files:
mail/p5-Mail-DMARC: Makefile distinfo 
mail/p5-Mail-DMARC/pkg: PLIST 

Log message:
update to 1.20211209 from Wen Heping
tweaks and ok bluhm@

Re: mail/p5-Mail-DMARC: Update to 1.20211209

[Giovanni Bechis]

Please resubmit after unlock and feel free to take maintainership.
 Thanks
  Giovanni

On Sun, Apr 03, 2022 at 10:31:54AM +, wen heping wrote:
> Hi,
> 
> Here is a patch to update mail/p5-Mail-DMARC:
> i) Update to 1.20211209
> ii) Add p5-Email-Sender as RUN_DEPENDS
> It build well,  1 of all 20 tests failed on my amd64-7.1 system.
> 
> 
> One port depends on p5-Mail-DMARC: mail/p5-Mail-Milter-Authentication.
> It build well and pass all the tests with this patch.
> 
> Cheers !
> wen

> Index: Makefile
> ===
> RCS file: /cvs/ports/mail/p5-Mail-DMARC/Makefile,v
> retrieving revision 1.16
> diff -u -p -r1.16 Makefile
> --- Makefile  11 Mar 2022 19:34:48 -  1.16
> +++ Makefile  3 Apr 2022 10:28:02 -
> @@ -1,8 +1,7 @@
>  COMMENT= Perl implementation of DMARC
>  
> -DISTNAME=Mail-DMARC-1.20200214
> +DISTNAME=Mail-DMARC-1.20211209
>  MAINTAINER=  Giovanni Bechis 
> -REVISION=1
>  
>  CATEGORIES=  mail
>  
> @@ -23,6 +22,7 @@ RUN_DEPENDS=converters/p5-JSON \
>   devel/p5-Net-Server \
>   devel/p5-Test-File-ShareDir \
>   mail/p5-Email-MIME \
> + mail/p5-Email-Sender \
>   mail/p5-Email-Simple \
>   mail/p5-Mail-DKIM \
>   net/p5-Net-DNS \
> Index: distinfo
> ===
> RCS file: /cvs/ports/mail/p5-Mail-DMARC/distinfo,v
> retrieving revision 1.9
> diff -u -p -r1.9 distinfo
> --- distinfo  15 Apr 2020 09:32:57 -  1.9
> +++ distinfo  3 Apr 2022 10:28:02 -
> @@ -1,2 +1,2 @@
> -SHA256 (Mail-DMARC-1.20200214.tar.gz) = 
> dpxXxpPp1hLblpJkJkX4x0bL1fWmhaPJ7GNWQC/inHs=
> -SIZE (Mail-DMARC-1.20200214.tar.gz) = 786782
> +SHA256 (Mail-DMARC-1.20211209.tar.gz) = 
> 9RnTO7zeg60nqOtFaACfYp6Dde+0tshCYct6Ll2/fyQ=
> +SIZE (Mail-DMARC-1.20211209.tar.gz) = 794986



signature.asc
Description: PGP signature

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/03/18 02:40:16

Modified files:
www/apache-httpd: Makefile 

Log message:
switch to pcre2
hidden dependency on devel/pcre2 spotted by naddy@, thanks

Re: CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

On Tue, Mar 15, 2022 at 05:03:17PM -0400, Kurt Mosiejczuk wrote:
> On Tue, Mar 15, 2022 at 08:22:43PM +, Stuart Henderson wrote:
> 
> > > It fails identically on -current.
> 
> > base-gcc won't be good enough:
> 
> > > util.c:3183: error: thread-local storage not supported for this target
> 
> Here's a diff to switch to ports-gcc for base-gcc arches.
> 
> ok?
> 
> (Should also be backported to fix -stable (minus the REVISION bump) to
> fix it there.
> 
ok giovanni@ portwise.

  Giovanni


> --Kurt
> 
> Index: Makefile
> ===
> RCS file: /cvs/ports/www/apache-httpd/Makefile,v
> retrieving revision 1.114
> diff -u -p -r1.114 Makefile
> --- Makefile  14 Mar 2022 14:41:34 -  1.114
> +++ Makefile  15 Mar 2022 21:03:05 -
> @@ -3,6 +3,7 @@ COMMENT=  apache HTTP server
>  V=   2.4.53
>  DISTNAME=httpd-${V}
>  PKGNAME= apache-httpd-${V}
> +REVISION=0
>  
>  CATEGORIES=  www net
>  
> @@ -12,6 +13,9 @@ HOMEPAGE=   https://httpd.apache.org/
>  
>  # Apache 2.0
>  PERMIT_PACKAGE=  Yes
> +
> +COMPILER=base-clang ports-gcc
> +COMPILER_LANGS=  c
>  
>  WANTLIB += apr-1 aprutil-1 brotlicommon brotlienc c crypto curl
>  WANTLIB += db expat iconv jansson lzma m nghttp2 pcre pthread ssl
> 


signature.asc
Description: PGP signature

Re: CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

On Tue, Mar 15, 2022 at 08:22:43PM +, Stuart Henderson wrote:
> On 2022/03/15 16:16, Kurt Mosiejczuk wrote:
> > On Tue, Mar 15, 2022 at 11:39:36AM +0100, Solene Rapenne wrote:
> > > On Mon, 14 Mar 2022 08:44:37 -0600 (MDT)
> > > Giovanni Bechis :
> > 
> > > > CVSROOT:/cvs
> > > > Module name:ports
> > > > Changes by: giova...@cvs.openbsd.org2022/03/14 08:44:37
> > 
> > > > Modified files:
> > > > www/apache-httpd: Tag: OPENBSD_7_0 Makefile distinfo 
> > 
> > > > Log message:
> > > > update to 2.4.53
> > > > fixes CVE-2022-22719, CVE-2022-22720, CVE-2022-22721 and CVE-2022-23943
> > 
> > > this doesn't compile on sparc64 7.0-stable
> > 
> > It fails identically on -current.
> 
> base-gcc won't be good enough:
> 
> > util.c:3183: error: thread-local storage not supported for this target
> 
untested (no access to sparc64) but it may work.
 Giovanni

Index: Makefile
===
RCS file: /cvs/ports/www/apache-httpd/Makefile,v
retrieving revision 1.114
diff -u -p -r1.114 Makefile
--- Makefile14 Mar 2022 14:41:34 -  1.114
+++ Makefile15 Mar 2022 21:32:47 -
@@ -62,9 +62,16 @@ CONFIGURE_ARGS=  --enable-authnz-fcgi \
--with-suexec-caller=www \
--with-suexec-logfile=${LOCALSTATEDIR}/log/suexec2_log
 
+
+.if ${MACHINE_ARCH} == "sparc64"
+CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include -DAP_NO_THREAD_LOCAL" \
+   LDFLAGS="-L${LOCALBASE}/lib" \
+   AWK=awk
+.else
 CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib" \
AWK=awk
+.endif
 
 FAKE_FLAGS=rel_user=www rel_group=www \
rel_datadir=${HTTPD_DIR} \


signature.asc
Description: PGP signature

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/03/14 08:45:55

Modified files:
mail/mimedefang: Makefile 
mail/mimedefang/patches: 
 patch-examples_mimedefang-filter-openbsd-ports 

Log message:
fix example file
ok ajacoutot@ (Maintainer)

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/03/14 08:44:37

Modified files:
www/apache-httpd: Tag: OPENBSD_7_0 Makefile distinfo 

Log message:
update to 2.4.53
fixes CVE-2022-22719, CVE-2022-22720, CVE-2022-22721 and CVE-2022-23943

CVS: cvs.openbsd.org: ports

[Giovanni Bechis]

CVSROOT:/cvs
Module name:ports
Changes by: giova...@cvs.openbsd.org2022/03/14 08:41:34

Modified files:
www/apache-httpd: Makefile distinfo 

Log message:
update to 2.4.53
fixes CVE-2022-22719, CVE-2022-22720, CVE-2022-22721 and CVE-2022-23943