On 12/15/17 17:51, Jeremie Courreges-Anglas wrote: > On Wed, Nov 22 2017, Giovanni Bechis <giova...@paclan.it> wrote: >> Hi, >> update to latest release, some bug fixes and pledge(2) support >> committed upstream. > > I don't use this but the update looks fine ports-wise. ok jca@ fwiw > >> Pledge(2) support is enabled only if the daemon is not run with "-o >> no_drop_privileges" parameter; >> do we want to go the way upstream goes or should we disable the possibility >> to disable pledge(2) ? > > I would not bother disabling this, but if you do make it obvious that > -o no_drop_privileges won't work. If people use the option as > a workaround and slack off instead of reporting bugs, they're the ones > not benefiting from pledge(2), which is not a smart thing to do. > what about this one ? Cheers & Thanks Giovanni
> My two cents, >
Index: Makefile =================================================================== RCS file: /var/cvs/ports/misc/memcached/Makefile,v retrieving revision 1.39 diff -u -p -r1.39 Makefile --- Makefile 31 Oct 2017 07:39:25 -0000 1.39 +++ Makefile 15 Dec 2017 23:28:28 -0000 @@ -2,7 +2,7 @@ COMMENT= distributed memory object caching system -DISTNAME= memcached-1.5.2 +DISTNAME= memcached-1.5.3 CATEGORIES= misc HOMEPAGE= https://www.memcached.org/ Index: distinfo =================================================================== RCS file: /var/cvs/ports/misc/memcached/distinfo,v retrieving revision 1.25 diff -u -p -r1.25 distinfo --- distinfo 31 Oct 2017 07:39:25 -0000 1.25 +++ distinfo 15 Dec 2017 23:28:30 -0000 @@ -1,2 +1,2 @@ -SHA256 (memcached-1.5.2.tar.gz) = mskxE7210DfnnGEnc4ZWSsLl4x1J5ZTxHlVOTBSbckU= -SIZE (memcached-1.5.2.tar.gz) = 407715 +SHA256 (memcached-1.5.3.tar.gz) = JYzD3bdhNoVGWs/QIV+CciCju90Wf9LAgGMhBbLS884= +SIZE (memcached-1.5.3.tar.gz) = 409131 Index: patches/patch-configure =================================================================== RCS file: /var/cvs/ports/misc/memcached/patches/patch-configure,v retrieving revision 1.10 diff -u -p -r1.10 patch-configure --- patches/patch-configure 31 Oct 2017 07:39:25 -0000 1.10 +++ patches/patch-configure 15 Dec 2017 23:30:49 -0000 @@ -2,7 +2,7 @@ $OpenBSD: patch-configure,v 1.10 2017/10 Index: configure --- configure.orig +++ configure -@@ -6517,7 +6517,7 @@ $as_echo "#define _GNU_SOURCE 1" >>confdefs.h +@@ -6551,7 +6551,7 @@ $as_echo "#define _GNU_SOURCE 1" >>confdefs.h elif test "$GCC" = "yes" then GCC_VERSION=`$CC -dumpversion` Index: patches/patch-memcached_c =================================================================== RCS file: /var/cvs/ports/misc/memcached/patches/patch-memcached_c,v retrieving revision 1.14 diff -u -p -r1.14 patch-memcached_c --- patches/patch-memcached_c 31 Oct 2017 07:39:25 -0000 1.14 +++ patches/patch-memcached_c 15 Dec 2017 23:30:43 -0000 @@ -1,31 +1,17 @@ -$OpenBSD: patch-memcached_c,v 1.14 2017/10/31 07:39:25 giovanni Exp $ +$OpenBSD$ + Index: memcached.c --- memcached.c.orig +++ memcached.c -@@ -23,6 +23,7 @@ - #include <sys/uio.h> - #include <ctype.h> - #include <stdarg.h> -+#include <unistd.h> - - /* some POSIX systems need the following definition - * to get mlockall flags out of sys/mman.h. */ -@@ -6861,6 +6862,18 @@ int main (int argc, char **argv) { - - if (pid_file != NULL) { - save_pid(pid_file); -+ } -+ -+ if (settings.socketpath != NULL) { -+ if (pledge("stdio unix", NULL) == -1) { -+ fprintf(stderr, "%s: pledge: %s\n", argv[0], strerror(errno)); -+ exit(1); -+ } +@@ -6927,6 +6927,11 @@ int main (int argc, char **argv) { + /* Drop privileges no longer needed */ + if (settings.drop_privileges) { + drop_privileges(); + } else { -+ if (pledge("stdio inet", NULL) == -1) { -+ fprintf(stderr, "%s: pledge: %s\n", argv[0], strerror(errno)); -+ exit(1); -+ } ++#ifdef __OpenBSD__ ++ fprintf(stderr, "no_drop_privileges option unsupported on this operating system.\n"); ++ exit(EXIT_FAILURE); ++#endif } - /* Drop privileges no longer needed */ + /* Initialize the uriencode lookup table. */
