Re: [UPDATE] www/links+ to 1.15
On 04/25/18 20:18, trondd wrote: Ping for hackathon! I've committed this, without the SEPARATE_BUILD=Yes (I agree with sthen@'s analysis) and with --without-brotli added to CONFIGURE_ARGS since links+ will pick it up automagically if you have archivers/brotli installed. ~Brian On Sun, April 15, 2018 11:30 am, trondd wrote: Easy update for links+ to 1.15. Built against clang 6. Full changelog at http://links.twibright.com/download/ChangeLog Some notable udates: Rewrite google docs URLs to the download link, so that the file can be viewed in external viewer Support international domain names Fix reading one byte beyond allocated space in case of corrupted UTF-8 data - CVE-2017-4 Use built-in SSL certificates (ed. Optional) This improves tor hardening (the tor exit node could not differentiate links users from each other based on installed certificates) It also makes it possible to use certificate verification on systems with no default certificate store Report IP addresses in the "Document info" box. Implement a small connection timeout when connecting to a host with multiple addresses, so that there is faster fallback from IPv6 to IPv4. Avoid memcpy with NULL source argument and zero length (it doesn't crash, but it's formally incorrect and the sanitizer warns about it) Make the "dns-prefetch" link prefetch just dns, not the whole document Fix compilation failure on OpenBSD because OpenBSD removed the timeout_* macros from libevent Use OpenSSL functions X509_check_host and X509_check_ip if available Use session cache on https Tim. Index: Makefile === RCS file: /cvs/ports/www/links+/Makefile,v retrieving revision 1.60 diff -u -p -r1.60 Makefile --- Makefile30 Nov 2016 19:42:15 - 1.60 +++ Makefile14 Apr 2018 20:54:22 - @@ -1,7 +1,7 @@ # $OpenBSD: Makefile,v 1.60 2016/11/30 19:42:15 fcambus Exp $ COMMENT= graphics and text browser -VER= 2.14 +VER= 2.15 DISTNAME= links-${VER} PKGNAME= links+-${VER} CATEGORIES= www Index: distinfo === RCS file: /cvs/ports/www/links+/distinfo,v retrieving revision 1.31 diff -u -p -r1.31 distinfo --- distinfo30 Nov 2016 19:42:15 - 1.31 +++ distinfo14 Apr 2018 20:54:22 - @@ -1,2 +1,2 @@ -SHA256 (links-2.14.tar.gz) = IvqNy1pguP/WEd4x69THntzkcmN6NVS6tAF5XakdQ4c= -SIZE (links-2.14.tar.gz) = 7142389 +SHA256 (links-2.15.tar.gz) = Z39ZS1jcUy5jkTzWG4XMGqbwOF4zO4h2brNBW0Gzo3U= +SIZE (links-2.15.tar.gz) = 7358450 Index: patches/patch-html_c === RCS file: /cvs/ports/www/links+/patches/patch-html_c,v retrieving revision 1.16 diff -u -p -r1.16 patch-html_c --- patches/patch-html_c3 Sep 2016 09:33:19 - 1.16 +++ patches/patch-html_c14 Apr 2018 20:54:22 - @@ -1,7 +1,8 @@ $OpenBSD: patch-html_c,v 1.16 2016/09/03 09:33:19 sthen Exp $ html.c.origFri Jun 17 16:33:57 2016 -+++ html.c Thu Sep 1 20:13:58 2016 -@@ -987,6 +987,7 @@ static void html_a(unsigned char *a) +Index: html.c +--- html.c.orig html.c +@@ -1004,6 +1004,7 @@ static void html_a(unsigned char *a) format_.target = stracpy(format_.target_base); } /*format_.attr ^= AT_BOLD;*/ Index: patches/patch-https_c === RCS file: /cvs/ports/www/links+/patches/patch-https_c,v retrieving revision 1.5 diff -u -p -r1.5 patch-https_c --- patches/patch-https_c 30 Nov 2016 19:42:15 - 1.5 +++ patches/patch-https_c 14 Apr 2018 20:54:22 - @@ -1,7 +1,8 @@ $OpenBSD: patch-https_c,v 1.5 2016/11/30 19:42:15 fcambus Exp $ https.c.orig Sat Nov 19 13:52:07 2016 -+++ https.cMon Nov 28 22:16:21 2016 -@@ -88,6 +88,11 @@ links_ssl *getSSL(void) +Index: https.c +--- https.c.orig https.c +@@ -261,6 +261,11 @@ links_ssl *getSSL(void) RAND_write_file(cast_const_char f_randfile); } }
Re: [UPDATE] www/links+ to 1.15
Ping for hackathon! On Sun, April 15, 2018 11:30 am, trondd wrote: > Easy update for links+ to 1.15. Built against clang 6. > > Full changelog at http://links.twibright.com/download/ChangeLog > Some notable udates: > > Rewrite google docs URLs to the download link, so that the file can be > viewed in external viewer > > Support international domain names > > Fix reading one byte beyond allocated space in case of corrupted > UTF-8 data - CVE-2017-4 > > Use built-in SSL certificates (ed. Optional) > This improves tor hardening (the tor exit node could not differentiate > links users from each other based on installed certificates) > It also makes it possible to use certificate verification on systems > with no default certificate store > > Report IP addresses in the "Document info" box. > > Implement a small connection timeout when connecting to a host with > multiple addresses, so that there is faster fallback from IPv6 to IPv4. > > Avoid memcpy with NULL source argument and zero length (it doesn't > crash, but it's formally incorrect and the sanitizer warns about it) > > Make the "dns-prefetch" link prefetch just dns, not the whole document > > Fix compilation failure on OpenBSD because OpenBSD removed > the timeout_* macros from libevent > > Use OpenSSL functions X509_check_host and X509_check_ip if available > > Use session cache on https > > > Tim. > > > Index: Makefile > === > RCS file: /cvs/ports/www/links+/Makefile,v > retrieving revision 1.60 > diff -u -p -r1.60 Makefile > --- Makefile 30 Nov 2016 19:42:15 - 1.60 > +++ Makefile 14 Apr 2018 20:54:22 - > @@ -1,7 +1,7 @@ > # $OpenBSD: Makefile,v 1.60 2016/11/30 19:42:15 fcambus Exp $ > > COMMENT= graphics and text browser > -VER= 2.14 > +VER= 2.15 > DISTNAME=links-${VER} > PKGNAME= links+-${VER} > CATEGORIES= www > Index: distinfo > === > RCS file: /cvs/ports/www/links+/distinfo,v > retrieving revision 1.31 > diff -u -p -r1.31 distinfo > --- distinfo 30 Nov 2016 19:42:15 - 1.31 > +++ distinfo 14 Apr 2018 20:54:22 - > @@ -1,2 +1,2 @@ > -SHA256 (links-2.14.tar.gz) = IvqNy1pguP/WEd4x69THntzkcmN6NVS6tAF5XakdQ4c= > -SIZE (links-2.14.tar.gz) = 7142389 > +SHA256 (links-2.15.tar.gz) = Z39ZS1jcUy5jkTzWG4XMGqbwOF4zO4h2brNBW0Gzo3U= > +SIZE (links-2.15.tar.gz) = 7358450 > Index: patches/patch-html_c > === > RCS file: /cvs/ports/www/links+/patches/patch-html_c,v > retrieving revision 1.16 > diff -u -p -r1.16 patch-html_c > --- patches/patch-html_c 3 Sep 2016 09:33:19 - 1.16 > +++ patches/patch-html_c 14 Apr 2018 20:54:22 - > @@ -1,7 +1,8 @@ > $OpenBSD: patch-html_c,v 1.16 2016/09/03 09:33:19 sthen Exp $ > html.c.orig Fri Jun 17 16:33:57 2016 > -+++ html.c Thu Sep 1 20:13:58 2016 > -@@ -987,6 +987,7 @@ static void html_a(unsigned char *a) > +Index: html.c > +--- html.c.orig > html.c > +@@ -1004,6 +1004,7 @@ static void html_a(unsigned char *a) > format_.target = stracpy(format_.target_base); > } > /*format_.attr ^= AT_BOLD;*/ > Index: patches/patch-https_c > === > RCS file: /cvs/ports/www/links+/patches/patch-https_c,v > retrieving revision 1.5 > diff -u -p -r1.5 patch-https_c > --- patches/patch-https_c 30 Nov 2016 19:42:15 - 1.5 > +++ patches/patch-https_c 14 Apr 2018 20:54:22 - > @@ -1,7 +1,8 @@ > $OpenBSD: patch-https_c,v 1.5 2016/11/30 19:42:15 fcambus Exp $ > https.c.orig Sat Nov 19 13:52:07 2016 > -+++ https.c Mon Nov 28 22:16:21 2016 > -@@ -88,6 +88,11 @@ links_ssl *getSSL(void) > +Index: https.c > +--- https.c.orig > https.c > +@@ -261,6 +261,11 @@ links_ssl *getSSL(void) > RAND_write_file(cast_const_char > f_randfile); > } > } >
Re: [UPDATE] www/links+ to 1.15
On 2018/04/16 16:34, trondd wrote: > On Mon, April 16, 2018 7:01 am, Stuart Henderson wrote: > > On 2018/04/15 16:48, trondd wrote: > >> What is the policy around setting SEPARATE_BUILD? Any GNU build? Not > >> just builds that require it? > > > > It's useful for large ports where you might want to "make clean=build" > > and they take a long time to extract/patch. > > > > Otherwise it's pointless and can make extra work for updates because > > upstreams often don't test out-of-tree builds (and especially "make > > test" in that case) regularly. > > > > I don't consider links+ to be a large port. It builds either way, so I > don't have a strong opinion about it. > > Whatever it takes to get it commited. > At the moment what it'll take is getting the clang 6 fallout under control before we start committing other things again, other things are pretty much all on hold at present.
Re: [UPDATE] www/links+ to 1.15
On Mon, April 16, 2018 7:01 am, Stuart Henderson wrote: > On 2018/04/15 16:48, trondd wrote: >> What is the policy around setting SEPARATE_BUILD? Any GNU build? Not >> just builds that require it? > > It's useful for large ports where you might want to "make clean=build" > and they take a long time to extract/patch. > > Otherwise it's pointless and can make extra work for updates because > upstreams often don't test out-of-tree builds (and especially "make > test" in that case) regularly. > I don't consider links+ to be a large port. It builds either way, so I don't have a strong opinion about it. Whatever it takes to get it commited.
Re: [UPDATE] www/links+ to 1.15
On 2018/04/15 16:48, trondd wrote: > What is the policy around setting SEPARATE_BUILD? Any GNU build? Not > just builds that require it? It's useful for large ports where you might want to "make clean=build" and they take a long time to extract/patch. Otherwise it's pointless and can make extra work for updates because upstreams often don't test out-of-tree builds (and especially "make test" in that case) regularly.
Re: [UPDATE] www/links+ to 1.15
trondd writes: > What is the policy around setting SEPARATE_BUILD? Any GNU build? Not > just builds that require it? I don't know that there is any "policy", other than "set SEPARATE_BUILD if needed, and don't set it if it breaks". Certainly if it works, it's nice to have even when it's not strictly needed. But I doubt anybody will be sweeping the whole tree for it anytime soon, probably... -- Anthony J. Bentley
Re: [UPDATE] www/links+ to 1.15
On Sun, April 15, 2018 12:36 pm, Klemens Nanni wrote: > On Sun, Apr 15, 2018 at 11:30:22AM -0400, trondd wrote: >> Easy update for links+ to 1.15. Built against clang 6. >> >> Full changelog at http://links.twibright.com/download/ChangeLog >> Some notable udates: >> >> Rewrite google docs URLs to the download link, so that the file can be >> viewed in external viewer >> >> Support international domain names >> >> Fix reading one byte beyond allocated space in case of corrupted >> UTF-8 data - CVE-2017-4 >> >> Use built-in SSL certificates (ed. Optional) >> This improves tor hardening (the tor exit node could not differentiate >> links users from each other based on installed certificates) >> It also makes it possible to use certificate verification on systems >> with no default certificate store >> >> Report IP addresses in the "Document info" box. >> >> Implement a small connection timeout when connecting to a host with >> multiple addresses, so that there is faster fallback from IPv6 to IPv4. >> >> Avoid memcpy with NULL source argument and zero length (it doesn't >> crash, but it's formally incorrect and the sanitizer warns about it) >> >> Make the "dns-prefetch" link prefetch just dns, not the whole document >> >> Fix compilation failure on OpenBSD because OpenBSD removed >> the timeout_* macros from libevent >> >> Use OpenSSL functions X509_check_host and X509_check_ip if available >> >> Use session cache on https > Builds fine on amd64, lightly run tested. > > OK kn with SEPARATE_BUILD=Yes set. > Sorry for the multi-post. Network issue on my end. What is the policy around setting SEPARATE_BUILD? Any GNU build? Not just builds that require it? Tim.
Re: [UPDATE] www/links+ to 1.15
On Sun, Apr 15, 2018 at 11:30:22AM -0400, trondd wrote: > Easy update for links+ to 1.15. Built against clang 6. > > Full changelog at http://links.twibright.com/download/ChangeLog > Some notable udates: > > Rewrite google docs URLs to the download link, so that the file can be > viewed in external viewer > > Support international domain names > > Fix reading one byte beyond allocated space in case of corrupted > UTF-8 data - CVE-2017-4 > > Use built-in SSL certificates (ed. Optional) > This improves tor hardening (the tor exit node could not differentiate > links users from each other based on installed certificates) > It also makes it possible to use certificate verification on systems > with no default certificate store > > Report IP addresses in the "Document info" box. > > Implement a small connection timeout when connecting to a host with > multiple addresses, so that there is faster fallback from IPv6 to IPv4. > > Avoid memcpy with NULL source argument and zero length (it doesn't > crash, but it's formally incorrect and the sanitizer warns about it) > > Make the "dns-prefetch" link prefetch just dns, not the whole document > > Fix compilation failure on OpenBSD because OpenBSD removed > the timeout_* macros from libevent > > Use OpenSSL functions X509_check_host and X509_check_ip if available > > Use session cache on https Builds fine on amd64, lightly run tested. OK kn with SEPARATE_BUILD=Yes set.
[UPDATE] www/links+ to 1.15
Easy update for links+ to 1.15. Built against clang 6. Full changelog at http://links.twibright.com/download/ChangeLog Some notable udates: Rewrite google docs URLs to the download link, so that the file can be viewed in external viewer Support international domain names Fix reading one byte beyond allocated space in case of corrupted UTF-8 data - CVE-2017-4 Use built-in SSL certificates (ed. Optional) This improves tor hardening (the tor exit node could not differentiate links users from each other based on installed certificates) It also makes it possible to use certificate verification on systems with no default certificate store Report IP addresses in the "Document info" box. Implement a small connection timeout when connecting to a host with multiple addresses, so that there is faster fallback from IPv6 to IPv4. Avoid memcpy with NULL source argument and zero length (it doesn't crash, but it's formally incorrect and the sanitizer warns about it) Make the "dns-prefetch" link prefetch just dns, not the whole document Fix compilation failure on OpenBSD because OpenBSD removed the timeout_* macros from libevent Use OpenSSL functions X509_check_host and X509_check_ip if available Use session cache on https Tim. Index: Makefile === RCS file: /cvs/ports/www/links+/Makefile,v retrieving revision 1.60 diff -u -p -r1.60 Makefile --- Makefile30 Nov 2016 19:42:15 - 1.60 +++ Makefile14 Apr 2018 20:54:22 - @@ -1,7 +1,7 @@ # $OpenBSD: Makefile,v 1.60 2016/11/30 19:42:15 fcambus Exp $ COMMENT= graphics and text browser -VER= 2.14 +VER= 2.15 DISTNAME= links-${VER} PKGNAME= links+-${VER} CATEGORIES=www Index: distinfo === RCS file: /cvs/ports/www/links+/distinfo,v retrieving revision 1.31 diff -u -p -r1.31 distinfo --- distinfo30 Nov 2016 19:42:15 - 1.31 +++ distinfo14 Apr 2018 20:54:22 - @@ -1,2 +1,2 @@ -SHA256 (links-2.14.tar.gz) = IvqNy1pguP/WEd4x69THntzkcmN6NVS6tAF5XakdQ4c= -SIZE (links-2.14.tar.gz) = 7142389 +SHA256 (links-2.15.tar.gz) = Z39ZS1jcUy5jkTzWG4XMGqbwOF4zO4h2brNBW0Gzo3U= +SIZE (links-2.15.tar.gz) = 7358450 Index: patches/patch-html_c === RCS file: /cvs/ports/www/links+/patches/patch-html_c,v retrieving revision 1.16 diff -u -p -r1.16 patch-html_c --- patches/patch-html_c3 Sep 2016 09:33:19 - 1.16 +++ patches/patch-html_c14 Apr 2018 20:54:22 - @@ -1,7 +1,8 @@ $OpenBSD: patch-html_c,v 1.16 2016/09/03 09:33:19 sthen Exp $ html.c.origFri Jun 17 16:33:57 2016 -+++ html.c Thu Sep 1 20:13:58 2016 -@@ -987,6 +987,7 @@ static void html_a(unsigned char *a) +Index: html.c +--- html.c.orig html.c +@@ -1004,6 +1004,7 @@ static void html_a(unsigned char *a) format_.target = stracpy(format_.target_base); } /*format_.attr ^= AT_BOLD;*/ Index: patches/patch-https_c === RCS file: /cvs/ports/www/links+/patches/patch-https_c,v retrieving revision 1.5 diff -u -p -r1.5 patch-https_c --- patches/patch-https_c 30 Nov 2016 19:42:15 - 1.5 +++ patches/patch-https_c 14 Apr 2018 20:54:22 - @@ -1,7 +1,8 @@ $OpenBSD: patch-https_c,v 1.5 2016/11/30 19:42:15 fcambus Exp $ https.c.orig Sat Nov 19 13:52:07 2016 -+++ https.cMon Nov 28 22:16:21 2016 -@@ -88,6 +88,11 @@ links_ssl *getSSL(void) +Index: https.c +--- https.c.orig https.c +@@ -261,6 +261,11 @@ links_ssl *getSSL(void) RAND_write_file(cast_const_char f_randfile); } }