Re: [UPDATE] www/links+ to 1.15
On 04/25/18 20:18, trondd wrote:
Ping for hackathon!
I've committed this, without the SEPARATE_BUILD=Yes (I agree with
sthen@'s analysis) and with --without-brotli added to CONFIGURE_ARGS
since links+ will pick it up automagically if you have archivers/brotli
installed.
~Brian
On Sun, April 15, 2018 11:30 am, trondd wrote:
Easy update for links+ to 1.15. Built against clang 6.
Full changelog at http://links.twibright.com/download/ChangeLog
Some notable udates:
Rewrite google docs URLs to the download link, so that the file can be
viewed in external viewer
Support international domain names
Fix reading one byte beyond allocated space in case of corrupted
UTF-8 data - CVE-2017-4
Use built-in SSL certificates (ed. Optional)
This improves tor hardening (the tor exit node could not differentiate
links users from each other based on installed certificates)
It also makes it possible to use certificate verification on systems
with no default certificate store
Report IP addresses in the "Document info" box.
Implement a small connection timeout when connecting to a host with
multiple addresses, so that there is faster fallback from IPv6 to IPv4.
Avoid memcpy with NULL source argument and zero length (it doesn't
crash, but it's formally incorrect and the sanitizer warns about it)
Make the "dns-prefetch" link prefetch just dns, not the whole document
Fix compilation failure on OpenBSD because OpenBSD removed
the timeout_* macros from libevent
Use OpenSSL functions X509_check_host and X509_check_ip if available
Use session cache on https
Tim.
Index: Makefile
===
RCS file: /cvs/ports/www/links+/Makefile,v
retrieving revision 1.60
diff -u -p -r1.60 Makefile
--- Makefile30 Nov 2016 19:42:15 - 1.60
+++ Makefile14 Apr 2018 20:54:22 -
@@ -1,7 +1,7 @@
# $OpenBSD: Makefile,v 1.60 2016/11/30 19:42:15 fcambus Exp $
COMMENT= graphics and text browser
-VER= 2.14
+VER= 2.15
DISTNAME= links-${VER}
PKGNAME= links+-${VER}
CATEGORIES= www
Index: distinfo
===
RCS file: /cvs/ports/www/links+/distinfo,v
retrieving revision 1.31
diff -u -p -r1.31 distinfo
--- distinfo30 Nov 2016 19:42:15 - 1.31
+++ distinfo14 Apr 2018 20:54:22 -
@@ -1,2 +1,2 @@
-SHA256 (links-2.14.tar.gz) = IvqNy1pguP/WEd4x69THntzkcmN6NVS6tAF5XakdQ4c=
-SIZE (links-2.14.tar.gz) = 7142389
+SHA256 (links-2.15.tar.gz) = Z39ZS1jcUy5jkTzWG4XMGqbwOF4zO4h2brNBW0Gzo3U=
+SIZE (links-2.15.tar.gz) = 7358450
Index: patches/patch-html_c
===
RCS file: /cvs/ports/www/links+/patches/patch-html_c,v
retrieving revision 1.16
diff -u -p -r1.16 patch-html_c
--- patches/patch-html_c3 Sep 2016 09:33:19 - 1.16
+++ patches/patch-html_c14 Apr 2018 20:54:22 -
@@ -1,7 +1,8 @@
$OpenBSD: patch-html_c,v 1.16 2016/09/03 09:33:19 sthen Exp $
html.c.origFri Jun 17 16:33:57 2016
-+++ html.c Thu Sep 1 20:13:58 2016
-@@ -987,6 +987,7 @@ static void html_a(unsigned char *a)
+Index: html.c
+--- html.c.orig
html.c
+@@ -1004,6 +1004,7 @@ static void html_a(unsigned char *a)
format_.target = stracpy(format_.target_base);
}
/*format_.attr ^= AT_BOLD;*/
Index: patches/patch-https_c
===
RCS file: /cvs/ports/www/links+/patches/patch-https_c,v
retrieving revision 1.5
diff -u -p -r1.5 patch-https_c
--- patches/patch-https_c 30 Nov 2016 19:42:15 - 1.5
+++ patches/patch-https_c 14 Apr 2018 20:54:22 -
@@ -1,7 +1,8 @@
$OpenBSD: patch-https_c,v 1.5 2016/11/30 19:42:15 fcambus Exp $
https.c.orig Sat Nov 19 13:52:07 2016
-+++ https.cMon Nov 28 22:16:21 2016
-@@ -88,6 +88,11 @@ links_ssl *getSSL(void)
+Index: https.c
+--- https.c.orig
https.c
+@@ -261,6 +261,11 @@ links_ssl *getSSL(void)
RAND_write_file(cast_const_char
f_randfile);
}
}
Re: [UPDATE] www/links+ to 1.15
Ping for hackathon!
On Sun, April 15, 2018 11:30 am, trondd wrote:
> Easy update for links+ to 1.15. Built against clang 6.
>
> Full changelog at http://links.twibright.com/download/ChangeLog
> Some notable udates:
>
> Rewrite google docs URLs to the download link, so that the file can be
> viewed in external viewer
>
> Support international domain names
>
> Fix reading one byte beyond allocated space in case of corrupted
> UTF-8 data - CVE-2017-4
>
> Use built-in SSL certificates (ed. Optional)
> This improves tor hardening (the tor exit node could not differentiate
> links users from each other based on installed certificates)
> It also makes it possible to use certificate verification on systems
> with no default certificate store
>
> Report IP addresses in the "Document info" box.
>
> Implement a small connection timeout when connecting to a host with
> multiple addresses, so that there is faster fallback from IPv6 to IPv4.
>
> Avoid memcpy with NULL source argument and zero length (it doesn't
> crash, but it's formally incorrect and the sanitizer warns about it)
>
> Make the "dns-prefetch" link prefetch just dns, not the whole document
>
> Fix compilation failure on OpenBSD because OpenBSD removed
> the timeout_* macros from libevent
>
> Use OpenSSL functions X509_check_host and X509_check_ip if available
>
> Use session cache on https
>
>
> Tim.
>
>
> Index: Makefile
> ===
> RCS file: /cvs/ports/www/links+/Makefile,v
> retrieving revision 1.60
> diff -u -p -r1.60 Makefile
> --- Makefile 30 Nov 2016 19:42:15 - 1.60
> +++ Makefile 14 Apr 2018 20:54:22 -
> @@ -1,7 +1,7 @@
> # $OpenBSD: Makefile,v 1.60 2016/11/30 19:42:15 fcambus Exp $
>
> COMMENT= graphics and text browser
> -VER= 2.14
> +VER= 2.15
> DISTNAME=links-${VER}
> PKGNAME= links+-${VER}
> CATEGORIES= www
> Index: distinfo
> ===
> RCS file: /cvs/ports/www/links+/distinfo,v
> retrieving revision 1.31
> diff -u -p -r1.31 distinfo
> --- distinfo 30 Nov 2016 19:42:15 - 1.31
> +++ distinfo 14 Apr 2018 20:54:22 -
> @@ -1,2 +1,2 @@
> -SHA256 (links-2.14.tar.gz) = IvqNy1pguP/WEd4x69THntzkcmN6NVS6tAF5XakdQ4c=
> -SIZE (links-2.14.tar.gz) = 7142389
> +SHA256 (links-2.15.tar.gz) = Z39ZS1jcUy5jkTzWG4XMGqbwOF4zO4h2brNBW0Gzo3U=
> +SIZE (links-2.15.tar.gz) = 7358450
> Index: patches/patch-html_c
> ===
> RCS file: /cvs/ports/www/links+/patches/patch-html_c,v
> retrieving revision 1.16
> diff -u -p -r1.16 patch-html_c
> --- patches/patch-html_c 3 Sep 2016 09:33:19 - 1.16
> +++ patches/patch-html_c 14 Apr 2018 20:54:22 -
> @@ -1,7 +1,8 @@
> $OpenBSD: patch-html_c,v 1.16 2016/09/03 09:33:19 sthen Exp $
> html.c.orig Fri Jun 17 16:33:57 2016
> -+++ html.c Thu Sep 1 20:13:58 2016
> -@@ -987,6 +987,7 @@ static void html_a(unsigned char *a)
> +Index: html.c
> +--- html.c.orig
> html.c
> +@@ -1004,6 +1004,7 @@ static void html_a(unsigned char *a)
> format_.target = stracpy(format_.target_base);
> }
> /*format_.attr ^= AT_BOLD;*/
> Index: patches/patch-https_c
> ===
> RCS file: /cvs/ports/www/links+/patches/patch-https_c,v
> retrieving revision 1.5
> diff -u -p -r1.5 patch-https_c
> --- patches/patch-https_c 30 Nov 2016 19:42:15 - 1.5
> +++ patches/patch-https_c 14 Apr 2018 20:54:22 -
> @@ -1,7 +1,8 @@
> $OpenBSD: patch-https_c,v 1.5 2016/11/30 19:42:15 fcambus Exp $
> https.c.orig Sat Nov 19 13:52:07 2016
> -+++ https.c Mon Nov 28 22:16:21 2016
> -@@ -88,6 +88,11 @@ links_ssl *getSSL(void)
> +Index: https.c
> +--- https.c.orig
> https.c
> +@@ -261,6 +261,11 @@ links_ssl *getSSL(void)
> RAND_write_file(cast_const_char
> f_randfile);
> }
> }
>
Re: [UPDATE] www/links+ to 1.15
On 2018/04/16 16:34, trondd wrote: > On Mon, April 16, 2018 7:01 am, Stuart Henderson wrote: > > On 2018/04/15 16:48, trondd wrote: > >> What is the policy around setting SEPARATE_BUILD? Any GNU build? Not > >> just builds that require it? > > > > It's useful for large ports where you might want to "make clean=build" > > and they take a long time to extract/patch. > > > > Otherwise it's pointless and can make extra work for updates because > > upstreams often don't test out-of-tree builds (and especially "make > > test" in that case) regularly. > > > > I don't consider links+ to be a large port. It builds either way, so I > don't have a strong opinion about it. > > Whatever it takes to get it commited. > At the moment what it'll take is getting the clang 6 fallout under control before we start committing other things again, other things are pretty much all on hold at present.
Re: [UPDATE] www/links+ to 1.15
On Mon, April 16, 2018 7:01 am, Stuart Henderson wrote: > On 2018/04/15 16:48, trondd wrote: >> What is the policy around setting SEPARATE_BUILD? Any GNU build? Not >> just builds that require it? > > It's useful for large ports where you might want to "make clean=build" > and they take a long time to extract/patch. > > Otherwise it's pointless and can make extra work for updates because > upstreams often don't test out-of-tree builds (and especially "make > test" in that case) regularly. > I don't consider links+ to be a large port. It builds either way, so I don't have a strong opinion about it. Whatever it takes to get it commited.
Re: [UPDATE] www/links+ to 1.15
On 2018/04/15 16:48, trondd wrote: > What is the policy around setting SEPARATE_BUILD? Any GNU build? Not > just builds that require it? It's useful for large ports where you might want to "make clean=build" and they take a long time to extract/patch. Otherwise it's pointless and can make extra work for updates because upstreams often don't test out-of-tree builds (and especially "make test" in that case) regularly.
Re: [UPDATE] www/links+ to 1.15
trondd writes: > What is the policy around setting SEPARATE_BUILD? Any GNU build? Not > just builds that require it? I don't know that there is any "policy", other than "set SEPARATE_BUILD if needed, and don't set it if it breaks". Certainly if it works, it's nice to have even when it's not strictly needed. But I doubt anybody will be sweeping the whole tree for it anytime soon, probably... -- Anthony J. Bentley
Re: [UPDATE] www/links+ to 1.15
On Sun, April 15, 2018 12:36 pm, Klemens Nanni wrote: > On Sun, Apr 15, 2018 at 11:30:22AM -0400, trondd wrote: >> Easy update for links+ to 1.15. Built against clang 6. >> >> Full changelog at http://links.twibright.com/download/ChangeLog >> Some notable udates: >> >> Rewrite google docs URLs to the download link, so that the file can be >> viewed in external viewer >> >> Support international domain names >> >> Fix reading one byte beyond allocated space in case of corrupted >> UTF-8 data - CVE-2017-4 >> >> Use built-in SSL certificates (ed. Optional) >> This improves tor hardening (the tor exit node could not differentiate >> links users from each other based on installed certificates) >> It also makes it possible to use certificate verification on systems >> with no default certificate store >> >> Report IP addresses in the "Document info" box. >> >> Implement a small connection timeout when connecting to a host with >> multiple addresses, so that there is faster fallback from IPv6 to IPv4. >> >> Avoid memcpy with NULL source argument and zero length (it doesn't >> crash, but it's formally incorrect and the sanitizer warns about it) >> >> Make the "dns-prefetch" link prefetch just dns, not the whole document >> >> Fix compilation failure on OpenBSD because OpenBSD removed >> the timeout_* macros from libevent >> >> Use OpenSSL functions X509_check_host and X509_check_ip if available >> >> Use session cache on https > Builds fine on amd64, lightly run tested. > > OK kn with SEPARATE_BUILD=Yes set. > Sorry for the multi-post. Network issue on my end. What is the policy around setting SEPARATE_BUILD? Any GNU build? Not just builds that require it? Tim.
Re: [UPDATE] www/links+ to 1.15
On Sun, Apr 15, 2018 at 11:30:22AM -0400, trondd wrote: > Easy update for links+ to 1.15. Built against clang 6. > > Full changelog at http://links.twibright.com/download/ChangeLog > Some notable udates: > > Rewrite google docs URLs to the download link, so that the file can be > viewed in external viewer > > Support international domain names > > Fix reading one byte beyond allocated space in case of corrupted > UTF-8 data - CVE-2017-4 > > Use built-in SSL certificates (ed. Optional) > This improves tor hardening (the tor exit node could not differentiate > links users from each other based on installed certificates) > It also makes it possible to use certificate verification on systems > with no default certificate store > > Report IP addresses in the "Document info" box. > > Implement a small connection timeout when connecting to a host with > multiple addresses, so that there is faster fallback from IPv6 to IPv4. > > Avoid memcpy with NULL source argument and zero length (it doesn't > crash, but it's formally incorrect and the sanitizer warns about it) > > Make the "dns-prefetch" link prefetch just dns, not the whole document > > Fix compilation failure on OpenBSD because OpenBSD removed > the timeout_* macros from libevent > > Use OpenSSL functions X509_check_host and X509_check_ip if available > > Use session cache on https Builds fine on amd64, lightly run tested. OK kn with SEPARATE_BUILD=Yes set.
[UPDATE] www/links+ to 1.15
Easy update for links+ to 1.15. Built against clang 6.
Full changelog at http://links.twibright.com/download/ChangeLog
Some notable udates:
Rewrite google docs URLs to the download link, so that the file can be
viewed in external viewer
Support international domain names
Fix reading one byte beyond allocated space in case of corrupted
UTF-8 data - CVE-2017-4
Use built-in SSL certificates (ed. Optional)
This improves tor hardening (the tor exit node could not differentiate
links users from each other based on installed certificates)
It also makes it possible to use certificate verification on systems
with no default certificate store
Report IP addresses in the "Document info" box.
Implement a small connection timeout when connecting to a host with
multiple addresses, so that there is faster fallback from IPv6 to IPv4.
Avoid memcpy with NULL source argument and zero length (it doesn't
crash, but it's formally incorrect and the sanitizer warns about it)
Make the "dns-prefetch" link prefetch just dns, not the whole document
Fix compilation failure on OpenBSD because OpenBSD removed
the timeout_* macros from libevent
Use OpenSSL functions X509_check_host and X509_check_ip if available
Use session cache on https
Tim.
Index: Makefile
===
RCS file: /cvs/ports/www/links+/Makefile,v
retrieving revision 1.60
diff -u -p -r1.60 Makefile
--- Makefile30 Nov 2016 19:42:15 - 1.60
+++ Makefile14 Apr 2018 20:54:22 -
@@ -1,7 +1,7 @@
# $OpenBSD: Makefile,v 1.60 2016/11/30 19:42:15 fcambus Exp $
COMMENT= graphics and text browser
-VER= 2.14
+VER= 2.15
DISTNAME= links-${VER}
PKGNAME= links+-${VER}
CATEGORIES=www
Index: distinfo
===
RCS file: /cvs/ports/www/links+/distinfo,v
retrieving revision 1.31
diff -u -p -r1.31 distinfo
--- distinfo30 Nov 2016 19:42:15 - 1.31
+++ distinfo14 Apr 2018 20:54:22 -
@@ -1,2 +1,2 @@
-SHA256 (links-2.14.tar.gz) = IvqNy1pguP/WEd4x69THntzkcmN6NVS6tAF5XakdQ4c=
-SIZE (links-2.14.tar.gz) = 7142389
+SHA256 (links-2.15.tar.gz) = Z39ZS1jcUy5jkTzWG4XMGqbwOF4zO4h2brNBW0Gzo3U=
+SIZE (links-2.15.tar.gz) = 7358450
Index: patches/patch-html_c
===
RCS file: /cvs/ports/www/links+/patches/patch-html_c,v
retrieving revision 1.16
diff -u -p -r1.16 patch-html_c
--- patches/patch-html_c3 Sep 2016 09:33:19 - 1.16
+++ patches/patch-html_c14 Apr 2018 20:54:22 -
@@ -1,7 +1,8 @@
$OpenBSD: patch-html_c,v 1.16 2016/09/03 09:33:19 sthen Exp $
html.c.origFri Jun 17 16:33:57 2016
-+++ html.c Thu Sep 1 20:13:58 2016
-@@ -987,6 +987,7 @@ static void html_a(unsigned char *a)
+Index: html.c
+--- html.c.orig
html.c
+@@ -1004,6 +1004,7 @@ static void html_a(unsigned char *a)
format_.target = stracpy(format_.target_base);
}
/*format_.attr ^= AT_BOLD;*/
Index: patches/patch-https_c
===
RCS file: /cvs/ports/www/links+/patches/patch-https_c,v
retrieving revision 1.5
diff -u -p -r1.5 patch-https_c
--- patches/patch-https_c 30 Nov 2016 19:42:15 - 1.5
+++ patches/patch-https_c 14 Apr 2018 20:54:22 -
@@ -1,7 +1,8 @@
$OpenBSD: patch-https_c,v 1.5 2016/11/30 19:42:15 fcambus Exp $
https.c.orig Sat Nov 19 13:52:07 2016
-+++ https.cMon Nov 28 22:16:21 2016
-@@ -88,6 +88,11 @@ links_ssl *getSSL(void)
+Index: https.c
+--- https.c.orig
https.c
+@@ -261,6 +261,11 @@ links_ssl *getSSL(void)
RAND_write_file(cast_const_char
f_randfile);
}
}
