Update devel/gpatch to 2.7.3, uh, make that 2.7.4: * Patch no longer follows symbolic links to input and output files. This ensures that symbolic links created by git-style patches cannot cause patch to write outside the working directory (CVE-2015-1196).
While there, I've looked at the dependencies. * USE_GROFF: There are quite a few indentation differences, but they don't affect the organization of the page. I can't even decide if groff's or mandoc's output is better. => Drop * USE_GMAKE: No idea why this is here. => Drop * TEST_DEPENDS+=textproc/gdiff: This is a very soft dependency. The regression tests check if GNU diff is available and skip 4 out of 38 tests if not. Drop? * TEST_DEPENDS+=shells/bash: There is a stupid bashism in read-only-files (it even fails with bash --posix), for which I sent a fix upstream. => Drop... Oops, 2.7.4 is out and adds a blatant bashism in the new deep-directories test. Another fix for upstream. I'd still like to drop the dependency. Regression tests: * Gotta face the facts: The fifo test hangs. I'm not sure if this is a bug or a simple reflection of OpenBSD's named pipe semantics. I doubt that it is a bug in patch itself. * If you manually remove the fifo test, then the rest of the regression suite passes... Oops, 2.7.4 adds a new test, no-mode-change-git-diff, that fails because it relies on a completely unportable invocation of stat(1). Reported upstream. At this point, I'm not sure it's still worth fixing the two bashisms, or if we should just write off the regression tests... Opinions, comments, okays? diff -uNrxCVS /usr/ports/devel/gpatch/Makefile gpatch/Makefile --- /usr/ports/devel/gpatch/Makefile Thu Sep 18 12:43:29 2014 +++ gpatch/Makefile Mon Feb 2 00:02:02 2015 @@ -2,7 +2,7 @@ COMMENT= GNU patch -VERSION= 2.7.1 +VERSION= 2.7.4 DISTNAME= patch-${VERSION} PKGNAME= gpatch-${VERSION} CATEGORIES= devel @@ -15,19 +15,11 @@ WANTLIB= c MASTER_SITES= ${MASTER_SITE_GNU:=patch/} +EXTRACT_SUFX= .tar.xz -USE_GMAKE= Yes -USE_GROFF= Yes - CONFIGURE_STYLE= gnu -CONFIGURE_ARGS+= --program-prefix=g - -TEST_DEPENDS= shells/bash \ - textproc/gdiff -TEST_FLAGS= SHELL=${LOCALBASE}/bin/bash - -pre-test: - @ln -fs ${LOCALBASE}/bin/gdiff ${WRKDIR}/bin/diff +CONFIGURE_ARGS= --program-prefix=g +MODGNU_CONFIG_GUESS_DIRS=${WRKSRC}/build-aux post-install: @rm ${PREFIX}/lib/charset.alias diff -uNrxCVS /usr/ports/devel/gpatch/distinfo gpatch/distinfo --- /usr/ports/devel/gpatch/distinfo Thu Sep 18 12:43:29 2014 +++ gpatch/distinfo Sun Feb 1 23:21:44 2015 @@ -1,2 +1,2 @@ -SHA256 (patch-2.7.1.tar.gz) = wF8oZow0dLxjrc1Iq66SHRXnHCVPvr267aQEVtZAOdU= -SIZE (patch-2.7.1.tar.gz) = 1014347 +SHA256 (patch-2.7.4.tar.xz) = Dqy7B84Qb+Tcv75sBS5VtQvz344bsWIoydp3tmWf8Qk= +SIZE (patch-2.7.4.tar.xz) = 714392 diff -uNrxCVS /usr/ports/devel/gpatch/patches/patch-tests_deep-directories gpatch/patches/patch-tests_deep-directories --- /usr/ports/devel/gpatch/patches/patch-tests_deep-directories Thu Jan 1 01:00:00 1970 +++ gpatch/patches/patch-tests_deep-directories Mon Feb 2 00:02:57 2015 @@ -0,0 +1,15 @@ +$OpenBSD$ + +Bash-ism. + +--- tests/deep-directories.orig Sat Jan 31 22:14:01 2015 ++++ tests/deep-directories Sun Feb 1 23:52:39 2015 +@@ -14,7 +14,7 @@ use_tmpdir + # Exercise the directory file descriptor cache + + # Artificially limit to 8 cache entries +-ulimit -n 32 >& /dev/null || exit 77 ++ulimit -n 32 > /dev/null 2>&1 || exit 77 + + cat > ab.diff <<EOF + --- /dev/null diff -uNrxCVS /usr/ports/devel/gpatch/patches/patch-tests_read-only-files gpatch/patches/patch-tests_read-only-files --- /usr/ports/devel/gpatch/patches/patch-tests_read-only-files Thu Jan 1 01:00:00 1970 +++ gpatch/patches/patch-tests_read-only-files Sun Feb 1 21:46:52 2015 @@ -0,0 +1,15 @@ +$OpenBSD$ + +A redirection error for a special built-in causes the shell to exit. (POSIX) + +--- tests/read-only-files.orig Wed Nov 26 14:17:55 2014 ++++ tests/read-only-files Sun Feb 1 21:44:58 2015 +@@ -16,7 +16,7 @@ use_tmpdir + + : > read-only + chmod a-w read-only +-if : 2> /dev/null > read-only; then ++if ( : 2> /dev/null > read-only ); then + echo "Files with read-only permissions are writable" \ + "(probably running as superuser)" >&2 + exit 77 -- Christian "naddy" Weisgerber na...@mips.inka.de