Re: update www/apache-httpd 2.4.29

[Giovanni Bechis]

On Wed, Nov 22, 2017 at 07:24:08PM +, David CARLIER wrote:
> On 22 November 2017 at 16:28, Giovanni Bechis  wrote:
> 
> > On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote:
> > > Hi,
> > >
> > > here a proposal to update to 2.4.29, removing some patches LIBRESSL's
> > > related pushed upstream in the process.
> > >
> > not all of them has been pushed, ad least mod_ssl.c is missing one,
> > I haven't looked at all patches yet.
> >
> >
> You sure ? For example in this version
> 
yep:
--
$ cd $(make show=WRKSRC)
$ grep -nHA4 OPENSSL_VERSION_NUMBER modules/ssl/mod_ssl.c  
modules/ssl/mod_ssl.c:340:#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
modules/ssl/mod_ssl.c-341-#ifndef OPENSSL_NO_COMP
modules/ssl/mod_ssl.c-342-SSL_COMP_free_compression_methods();
modules/ssl/mod_ssl.c-343-#endif
modules/ssl/mod_ssl.c-344-#endif
modules/ssl/mod_ssl.c:348:#if OPENSSL_VERSION_NUMBER >= 0x100fL
modules/ssl/mod_ssl.c-349-ERR_remove_thread_state(NULL);
modules/ssl/mod_ssl.c-350-#else
modules/ssl/mod_ssl.c-351-ERR_remove_state(0);
modules/ssl/mod_ssl.c-352-#endif
modules/ssl/mod_ssl.c:358:#if (OPENSSL_VERSION_NUMBER >= 0x00090805f)
modules/ssl/mod_ssl.c-359-ERR_free_strings();
modules/ssl/mod_ssl.c-360-#endif
modules/ssl/mod_ssl.c-361-
modules/ssl/mod_ssl.c-362-/* Also don't call CRYPTO_cleanup_all_ex_data 
when linked statically here;
--
At least the first part of mod_ssl patch is needed.

 Cheers
  Giovanni
 
> mod_ssl.c
> 
> #if MODSSL_USE_OPENSSL_PRE_1_1_API
> 
> (void)CRYPTO_malloc_init();
> 
> #else
> 
> OPENSSL_malloc_init();
> 
> #endif
> 
> 
> 
> e.g. in ssl_private.h is
> 
> ...
> 
> #if defined(LIBRESSL_VERSION_NUMBER)
> 
> /* Missing from LibreSSL */
> 
> #if LIBRESSL_VERSION_NUMBER < 0x206f
> 
> #define SSL_CTRL_SET_MIN_PROTO_VERSION  123
> 
> #define SSL_CTRL_SET_MAX_PROTO_VERSION  124
> 
> #define SSL_CTX_set_min_proto_version(ctx, version) \
> 
> SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
> 
> #define SSL_CTX_set_max_proto_version(ctx, version) \
> 
> SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
> 
> #endif
> 
> /* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most
> 
>  * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...),
> so
> 
>  * we have to work around this...
> 
>  */
> 
> #define MODSSL_USE_OPENSSL_PRE_1_1_API (1)
> 
> #else
> 
> #define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x1010L
> )
> 
> #endif
> 
> ...
> 
> 
> 
> > > Hope it is good.
> > >
> > > Kind regards.
> >
> > > Index: Makefile
> > > ===
> > > RCS file: /cvs/ports/www/apache-httpd/Makefile,v
> > > retrieving revision 1.85
> > > diff -u -p -r1.85 Makefile
> > > --- Makefile  18 Sep 2017 19:25:38 -  1.85
> > > +++ Makefile  4 Nov 2017 09:10:58 -
> > > @@ -3,8 +3,7 @@
> > >  COMMENT-main=apache HTTP server
> > [...]
> > >  share/doc/apache2/mod/prefork.html.en
> > > @@ -1453,4 +1455,3 @@ share/examples/apache2/htdocs/
> > >  share/examples/apache2/htdocs/index.html
> > >  @sample /var/www/htdocs/index.html
> > >  %%ldap%%
> > > -@rcscript ${RCDIR}/apache2
> > you should not remove the rcscript
> >
> >
> Good point . Corrected.
> 
> 
> 
> >  Cheers
> >   Giovanni
> >

> Index: Makefile
> ===
> RCS file: /cvs/ports/www/apache-httpd/Makefile,v
> retrieving revision 1.85
> diff -u -p -r1.85 Makefile
> --- Makefile  18 Sep 2017 19:25:38 -  1.85
> +++ Makefile  22 Nov 2017 19:15:11 -
> @@ -3,8 +3,7 @@
>  COMMENT-main=apache HTTP server
>  COMMENT-common=  /var/www files for Apache HTTPd
>  
> -V=   2.4.27
> -REVISION-main=   0
> +V=   2.4.29
>  DISTNAME=httpd-${V}
>  PKGNAME= apache-httpd-${V}
>  
> Index: distinfo
> ===
> RCS file: /cvs/ports/www/apache-httpd/distinfo,v
> retrieving revision 1.26
> diff -u -p -r1.26 distinfo
> --- distinfo  14 Jul 2017 17:14:33 -  1.26
> +++ distinfo  22 Nov 2017 19:15:11 -
> @@ -1,2 +1,2 @@
> -SHA256 (httpd-2.4.27.tar.gz) = NG3T0BauXXEBAW5ogFFQvc6QQKjSRsKJqnDminzYa2Y=
> -SIZE (httpd-2.4.27.tar.gz) = 8603417
> +SHA256 (httpd-2.4.29.tar.gz) = lI5KESeKWVRpi4gLMPQBsemrdDcT7ixygKVN1N3YcIU=
> +SIZE (httpd-2.4.29.tar.gz) = 8638793
> Index: patches/patch-modules_ssl_mod_ssl_c
> ===
> RCS file: patches/patch-modules_ssl_mod_ssl_c
> diff -N patches/patch-modules_ssl_mod_ssl_c
> --- patches/patch-modules_ssl_mod_ssl_c   14 Jul 2017 17:04:12 -  
> 1.3
> +++ /dev/null 1 Jan 1970 

CVS: cvs.openbsd.org: ports

[Kirill Bychkov]

CVSROOT:/cvs
Module name:ports
Changes by: ki...@cvs.openbsd.org   2017/11/22 22:04:43

Modified files:
games/cataclysm-dda: Makefile 
games/cataclysm-dda/patches: patch-Makefile 
Added files:
games/cataclysm-dda/patches: patch-src_translations_cpp 

Log message:
- enable build on !CLANG_ARCHS
- fix localization support
- pass the LUA binary
from MAINTAINER Tim Meunier, thanks!

Re: NEW: inputmethods/{fcitx,fcitx-anthy,fcitx-chewing,fcitx-tables}

[Kevin Lo]

On Mon, Nov 20, 2017 at 09:24:49AM +0800, Kevin Lo wrote:
> Hi,
> 
> Fcitx is one of the most popular Chinese input method engines.
> The tarball includes the following ports:
> 
> - fcitx: input method framework which provides built-in input methods
>  for Chinese Pinyin and table-based input
> - fcitx-anthy:   anthy IM for fcitx
> - fcitx-chewing: chewing IM for fcitx
> - fcitx-tables:  provides Boshiamy, Zhengma, Cangjie, and Quick tables for
>  fcitx
> 
> Comments? OK?

Here's an updated tarball which removes gettext module.


fcitx.tar.gz
Description: application/gzip

Re: armv7 packages

[Stuart Henderson]

On 2017/11/22 11:51, Stephen Graf wrote:
> Is there a new build for the arm packages in progress?  The current build no
> longer works on snaphots.
> 
>  
> 
> I was able to build nano from ports but when I tried to build bacula the
> system was going to build mysql, sqlite, postgress and two versions of
> python. Is there a way to just build bacula client which I think does not
> need all the additional stuff.
> 

In the new update I've just committed to Bacula, you can lighten the
deps with 

FLAVOR="no_bat no_pgsql no_mysql" make package

You can't build just the client. Upstream's configure script does have an
--enable-client-only mode, but some of the parts needed for the client
are tangled up with the server build.

CVS: cvs.openbsd.org: ports

[Stuart Henderson]

CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2017/11/22 15:35:25

Modified files:
sysutils/bacula: Makefile distinfo 
sysutils/bacula/patches: patch-configure 
Added files:
sysutils/bacula/patches: patch-src_lib_crypto_c 
 patch-src_lib_openssl-compat_h 
 patch-src_lib_openssl_c 

Log message:
update to Bacula 9.0.6.

- upstream now supports OpenSSL 1.1+ so as usual when this happens,
some patches were required to work with LibreSSL.

- new no_{my,pg}sql pseudo flavours added, lightening the build deps
for a client build: FLAVOR="no_mysql no_pgsql no_bat" make package

Re: ports-clang & powerpc

[Jeremie Courreges-Anglas]

On Wed, Nov 22 2017, Landry Breuil  wrote:
> On Wed, Nov 22, 2017 at 08:54:21PM +0100, Jeremie Courreges-Anglas wrote:
>> 
>> devel/llvm doesn't build on powerpc and has now been marked broken.
>> IIUC, skipping ports-clang would unlock a bunch of ports:
>> 
>> sqlite> select count(1) from ports where compiler like 
>> '%ports-gcc%ports-clang%';
>> 10
>> sqlite> select count(1) from ports where compiler like 
>> '%ports-clang%ports-gcc%';
>> 235
>> 
>> While here, tweak the comment, as the list should now be accurate.
>> 
>> ok?
>
> I'd second this, and i'd even remove all the archs but the ones where we
> know llvm is *working* (ie, not only builds itself, but is actually
> capable of building other code...) i have doubts about sparc64 and
> mips64*.

I'd rather unplug ports-clang on powerpc as a first step.

Regarding other archs, it would be good to know how ports clang fails at
runtime before disabling it.  Do you have specific failures in mind?

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

CVS: cvs.openbsd.org: ports

[Stuart Henderson]

CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2017/11/22 14:58:01

Modified files:
www/varnish: Tag: OPENBSD_6_2 Makefile distinfo 

Log message:
MFC security update to varnish-5.2.1
https://varnish-cache.org/security/VSV2.html#vsv2

CVS: cvs.openbsd.org: ports

[Stuart Henderson]

CVSROOT:/cvs
Module name:ports
Changes by: st...@cvs.openbsd.org   2017/11/22 14:56:30

Modified files:
www/varnish: Makefile distinfo 

Log message:
security update to varnish-5.2.1, simplified from a diff from Klemens Nanni
ok gonzalo@

https://varnish-cache.org/security/VSV2.html#vsv2

Re: armv7 packages

[Peter Hessler]

arm packages are currently building, and provided my signature is not
accurate it will take about another 6-7 days to finish.


On 2017 Nov 22 (Wed) at 11:51:24 -0800 (-0800), Stephen Graf wrote:
:Is there a new build for the arm packages in progress?  The current build no
:longer works on snaphots.


-- 
If anything can go wrong, it will.

CVS: cvs.openbsd.org: ports

[Stuart Cassoff]

CVSROOT:/cvs
Module name:ports
Changes by: s...@cvs.openbsd.org2017/11/22 13:54:18

Modified files:
databases/sqlite3-tcl: Makefile distinfo 
databases/sqlite3-tcl/patches: patch-tea_configure 
databases/sqlite3-tcl/pkg: PLIST 

Log message:
Update to 3.21.0. Improve comment, plist.

Re: ports-clang & powerpc

[Landry Breuil]

On Wed, Nov 22, 2017 at 08:54:21PM +0100, Jeremie Courreges-Anglas wrote:
> 
> devel/llvm doesn't build on powerpc and has now been marked broken.
> IIUC, skipping ports-clang would unlock a bunch of ports:
> 
> sqlite> select count(1) from ports where compiler like 
> '%ports-gcc%ports-clang%';
> 10
> sqlite> select count(1) from ports where compiler like 
> '%ports-clang%ports-gcc%';
> 235
> 
> While here, tweak the comment, as the list should now be accurate.
> 
> ok?

I'd second this, and i'd even remove all the archs but the ones where we
know llvm is *working* (ie, not only builds itself, but is actually
capable of building other code...) i have doubts about sparc64 and
mips64*.

Landry

armv7 packages

[Stephen Graf]

Is there a new build for the arm packages in progress?  The current build no
longer works on snaphots.

 

I was able to build nano from ports but when I tried to build bacula the
system was going to build mysql, sqlite, postgress and two versions of
python. Is there a way to just build bacula client which I think does not
need all the additional stuff.

Re: games/tome4 - remove powerpc arch

[Kirill Bychkov]

On Wed, November 22, 2017 18:06, Jeremie Courreges-Anglas wrote:
> On Wed, Nov 22 2017, "Kirill Bychkov"  wrote:
>> On Tue, November 21, 2017 19:19, Jeremie Courreges-Anglas wrote:
>>> On Tue, Nov 21 2017, Sol?ne Rapenne  wrote:
 Building games/tome4 on powerpc (macppc kernel) fail

 [-]
  Building luajit2 (release) 
 Creating ../obj/Release/luajit2
 mkdir -p ../obj/Release/luajit2
 Running pre-build commands
 [---cut]
 In file included from ../src/luajit2/src/lj_obj.h:14:0,
  from ../src/luajit2/src/lj_dispatch.c:9:
 ../src/luajit2/src/lj_arch.h:321:2: error: #error "No support for
 little-endian PowerPC"
  #error "No support for little-endian PowerPC"
   ^

 I propose to remove powerpc as a supported arch
>>>
>>> Fair proposal.  lang/luajit has a patch to explicitely disable this
>>> error message, plus another one for the generated asm.
>>>
>>> What I don't understand, though, is why luajit thinks that powerpc is
>>> little-endian: our powerpc architecture is definitely big-endian.
>>>
>>> Could you please try to run ''make test'' in lang/luajit on powerpc?
>>
>> Hi!
>> I'm currently trying to build tome4 on macppc. It will take some more time
>> on my single core G5 :)
>> But... audio/openal uses COMPILER=base-clang ports-clang ports-gcc and have
>> no chance to be built on powerpc because llvm is marked broken on that arch.
>> It builds with ports-gcc.
>
> Yep, this is not nice.
>
> The problem that kills luajit and tome4 is silly: our sys/_endian.h
> header always defines _LITTLE_ENDIAN and _BIG_ENDIAN.  To check
> endianness, one should check the value of _BYTE_ORDER.
>
> (BYTE_ORDER if including )
>
> I don't know how upstream ended up with this additional check, but it
> probably doesn't receive much attention, given that Linux defines
> __LITTLE_ENDIAN, not _LITTLE_ENDIAN.  So who's actually building
> little-endian powerpc programs?  I think it makes sense to just patch
> out the offending test.

I like the idea.

> Then we can take a look at COMPILER ordering.
> tome4 is probably not the only affected port...

I'm sure there are plenty of them.

tome4 builds and starts (currently with a black screen) on my G5 with
both patches taken from lang/luajit.
>

ports-clang & powerpc

[Jeremie Courreges-Anglas]

devel/llvm doesn't build on powerpc and has now been marked broken.
IIUC, skipping ports-clang would unlock a bunch of ports:

sqlite> select count(1) from ports where compiler like 
'%ports-gcc%ports-clang%';
10
sqlite> select count(1) from ports where compiler like 
'%ports-clang%ports-gcc%';
235

While here, tweak the comment, as the list should now be accurate.

ok?


Index: arch-defines.mk
===
RCS file: /d/cvs/ports/infrastructure/mk/arch-defines.mk,v
retrieving revision 1.45
diff -u -p -p -u -r1.45 arch-defines.mk
--- arch-defines.mk 26 Oct 2017 19:40:32 -  1.45
+++ arch-defines.mk 22 Nov 2017 19:20:45 -
@@ -32,8 +32,8 @@ CLANG_ARCHS = aarch64 amd64 i386
 LLD_ARCHS = aarch64
 
 # arches where ports devel/llvm builds - populates llvm ONLY_FOR_ARCHS
-# as well as available for PROPERTIES checks.  XXX list currently inaccurate
-LLVM_ARCHS = aarch64 amd64 arm i386 powerpc mips64 mips64el sparc64
+# as well as available for PROPERTIES checks.
+LLVM_ARCHS = aarch64 amd64 arm i386 mips64 mips64el sparc64
 # arches where gcc4.9 exists.  To be used again for modules
 GCC49_ARCHS =amd64 arm hppa i386 mips64 mips64el powerpc sparc64
 

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: update www/apache-httpd 2.4.29

[David CARLIER]

On 22 November 2017 at 16:28, Giovanni Bechis  wrote:

> On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote:
> > Hi,
> >
> > here a proposal to update to 2.4.29, removing some patches LIBRESSL's
> > related pushed upstream in the process.
> >
> not all of them has been pushed, ad least mod_ssl.c is missing one,
> I haven't looked at all patches yet.
>
>
You sure ? For example in this version

mod_ssl.c

#if MODSSL_USE_OPENSSL_PRE_1_1_API

(void)CRYPTO_malloc_init();

#else

OPENSSL_malloc_init();

#endif



e.g. in ssl_private.h is

...

#if defined(LIBRESSL_VERSION_NUMBER)

/* Missing from LibreSSL */

#if LIBRESSL_VERSION_NUMBER < 0x206f

#define SSL_CTRL_SET_MIN_PROTO_VERSION  123

#define SSL_CTRL_SET_MAX_PROTO_VERSION  124

#define SSL_CTX_set_min_proto_version(ctx, version) \

SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)

#define SSL_CTX_set_max_proto_version(ctx, version) \

SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)

#endif

/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most

 * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...),
so

 * we have to work around this...

 */

#define MODSSL_USE_OPENSSL_PRE_1_1_API (1)

#else

#define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x1010L
)

#endif

...



> > Hope it is good.
> >
> > Kind regards.
>
> > Index: Makefile
> > ===
> > RCS file: /cvs/ports/www/apache-httpd/Makefile,v
> > retrieving revision 1.85
> > diff -u -p -r1.85 Makefile
> > --- Makefile  18 Sep 2017 19:25:38 -  1.85
> > +++ Makefile  4 Nov 2017 09:10:58 -
> > @@ -3,8 +3,7 @@
> >  COMMENT-main=apache HTTP server
> [...]
> >  share/doc/apache2/mod/prefork.html.en
> > @@ -1453,4 +1455,3 @@ share/examples/apache2/htdocs/
> >  share/examples/apache2/htdocs/index.html
> >  @sample /var/www/htdocs/index.html
> >  %%ldap%%
> > -@rcscript ${RCDIR}/apache2
> you should not remove the rcscript
>
>
Good point . Corrected.



>  Cheers
>   Giovanni
>
Index: Makefile
===
RCS file: /cvs/ports/www/apache-httpd/Makefile,v
retrieving revision 1.85
diff -u -p -r1.85 Makefile
--- Makefile18 Sep 2017 19:25:38 -  1.85
+++ Makefile22 Nov 2017 19:15:11 -
@@ -3,8 +3,7 @@
 COMMENT-main=  apache HTTP server
 COMMENT-common=/var/www files for Apache HTTPd
 
-V= 2.4.27
-REVISION-main= 0
+V= 2.4.29
 DISTNAME=  httpd-${V}
 PKGNAME=   apache-httpd-${V}
 
Index: distinfo
===
RCS file: /cvs/ports/www/apache-httpd/distinfo,v
retrieving revision 1.26
diff -u -p -r1.26 distinfo
--- distinfo14 Jul 2017 17:14:33 -  1.26
+++ distinfo22 Nov 2017 19:15:11 -
@@ -1,2 +1,2 @@
-SHA256 (httpd-2.4.27.tar.gz) = NG3T0BauXXEBAW5ogFFQvc6QQKjSRsKJqnDminzYa2Y=
-SIZE (httpd-2.4.27.tar.gz) = 8603417
+SHA256 (httpd-2.4.29.tar.gz) = lI5KESeKWVRpi4gLMPQBsemrdDcT7ixygKVN1N3YcIU=
+SIZE (httpd-2.4.29.tar.gz) = 8638793
Index: patches/patch-modules_ssl_mod_ssl_c
===
RCS file: patches/patch-modules_ssl_mod_ssl_c
diff -N patches/patch-modules_ssl_mod_ssl_c
--- patches/patch-modules_ssl_mod_ssl_c 14 Jul 2017 17:04:12 -  1.3
+++ /dev/null   1 Jan 1970 00:00:00 -
@@ -1,23 +0,0 @@
-$OpenBSD: patch-modules_ssl_mod_ssl_c,v 1.3 2017/07/14 17:04:12 sthen Exp $
-
-Index: modules/ssl/mod_ssl.c
 modules/ssl/mod_ssl.c.orig
-+++ modules/ssl/mod_ssl.c
-@@ -337,7 +337,7 @@ static apr_status_t ssl_cleanup_pre_config(void *data)
- #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
- ENGINE_cleanup();
- #endif
--#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
-+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
- SSL_COMP_free_compression_methods();
- #endif
- 
-@@ -390,7 +390,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
- /* We must register the library in full, to ensure our configuration
-  * code can successfully test the SSL environment.
-  */
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)
- CRYPTO_malloc_init();
- #else
- OPENSSL_malloc_init();
Index: patches/patch-modules_ssl_ssl_engine_init_c
===
RCS file: patches/patch-modules_ssl_ssl_engine_init_c
diff -N patches/patch-modules_ssl_ssl_engine_init_c
--- patches/patch-modules_ssl_ssl_engine_init_c 14 Jul 2017 17:04:12 -  
1.9
+++ /dev/null   1 Jan 1970 00:00:00 -
@@ -1,50 +0,0 @@
-$OpenBSD: patch-modules_ssl_ssl_engine_init_c,v 1.9 2017/07/14 17:04:12 sthen 
Exp $
-
-Index: modules/ssl/ssl_engine_init.c
 

CVS: cvs.openbsd.org: ports

[Theo Buehler]

CVSROOT:/cvs
Module name:ports
Changes by: t...@cvs.openbsd.org2017/11/22 12:06:20

Modified files:
x11/xclip/patches: patch-xcprint_c 

Log message:
mention in patch comment that it was merged upstream:
https://github.com/astrand/xclip/commit/26c84990d9b2b2447a4d0b55be53b715f7ddda30

UPDATE: misc/memcached

[Giovanni Bechis]

Hi,
update to latest release, some bug fixes and pledge(2) support committed 
upstream.
Pledge(2) support is enabled only if the daemon is not run with "-o 
no_drop_privileges" parameter;
do we want to go the way upstream goes or should we disable the possibility to 
disable pledge(2) ?
 Cheers
  Giovanni
Index: Makefile
===
RCS file: /cvs/ports/misc/memcached/Makefile,v
retrieving revision 1.39
diff -u -p -r1.39 Makefile
--- Makefile	31 Oct 2017 07:39:25 -	1.39
+++ Makefile	22 Nov 2017 16:58:51 -
@@ -2,7 +2,7 @@
 
 COMMENT=	distributed memory object caching system
 
-DISTNAME=	memcached-1.5.2
+DISTNAME=	memcached-1.5.3
 CATEGORIES=	misc
 
 HOMEPAGE=	https://www.memcached.org/
Index: distinfo
===
RCS file: /cvs/ports/misc/memcached/distinfo,v
retrieving revision 1.25
diff -u -p -r1.25 distinfo
--- distinfo	31 Oct 2017 07:39:25 -	1.25
+++ distinfo	22 Nov 2017 16:58:51 -
@@ -1,2 +1,2 @@
-SHA256 (memcached-1.5.2.tar.gz) = mskxE7210DfnnGEnc4ZWSsLl4x1J5ZTxHlVOTBSbckU=
-SIZE (memcached-1.5.2.tar.gz) = 407715
+SHA256 (memcached-1.5.3.tar.gz) = JYzD3bdhNoVGWs/QIV+CciCju90Wf9LAgGMhBbLS884=
+SIZE (memcached-1.5.3.tar.gz) = 409131
Index: patches/patch-memcached_c
===
RCS file: patches/patch-memcached_c
diff -N patches/patch-memcached_c
--- patches/patch-memcached_c	31 Oct 2017 07:39:25 -	1.14
+++ /dev/null	1 Jan 1970 00:00:00 -
@@ -1,31 +0,0 @@
-$OpenBSD: patch-memcached_c,v 1.14 2017/10/31 07:39:25 giovanni Exp $
-Index: memcached.c
 memcached.c.orig
-+++ memcached.c
-@@ -23,6 +23,7 @@
- #include 
- #include 
- #include 
-+#include 
- 
- /* some POSIX systems need the following definition
-  * to get mlockall flags out of sys/mman.h.  */
-@@ -6861,6 +6862,18 @@ int main (int argc, char **argv) {
- 
- if (pid_file != NULL) {
- save_pid(pid_file);
-+}
-+
-+if (settings.socketpath != NULL) {
-+   if (pledge("stdio unix", NULL) == -1) {
-+  fprintf(stderr, "%s: pledge: %s\n", argv[0], strerror(errno));
-+  exit(1);
-+   }
-+} else {
-+   if (pledge("stdio inet", NULL) == -1) {
-+  fprintf(stderr, "%s: pledge: %s\n", argv[0], strerror(errno));
-+  exit(1);
-+   }
- }
- 
- /* Drop privileges no longer needed */

Re: update www/apache-httpd 2.4.29

[Giovanni Bechis]

On Sat, Nov 04, 2017 at 09:13:43AM +, David CARLIER wrote:
> Hi,
> 
> here a proposal to update to 2.4.29, removing some patches LIBRESSL's
> related pushed upstream in the process.
> 
not all of them has been pushed, ad least mod_ssl.c is missing one,
I haven't looked at all patches yet.

> Hope it is good.
> 
> Kind regards.

> Index: Makefile
> ===
> RCS file: /cvs/ports/www/apache-httpd/Makefile,v
> retrieving revision 1.85
> diff -u -p -r1.85 Makefile
> --- Makefile  18 Sep 2017 19:25:38 -  1.85
> +++ Makefile  4 Nov 2017 09:10:58 -
> @@ -3,8 +3,7 @@
>  COMMENT-main=apache HTTP server
[...]
>  share/doc/apache2/mod/prefork.html.en
> @@ -1453,4 +1455,3 @@ share/examples/apache2/htdocs/
>  share/examples/apache2/htdocs/index.html
>  @sample /var/www/htdocs/index.html
>  %%ldap%%
> -@rcscript ${RCDIR}/apache2
you should not remove the rcscript

 Cheers
  Giovanni


signature.asc
Description: PGP signature

CVS: cvs.openbsd.org: ports

[Jeremie Courreges-Anglas]

CVSROOT:/cvs
Module name:ports
Changes by: j...@cvs.openbsd.org2017/11/22 09:15:44

Modified files:
net/samba  : Makefile distinfo 
net/samba/patches: patch-buildtools_wafsamba_samba_autoconf_py 
net/samba/pkg  : PLIST-docs PLIST-main 
Added files:
net/samba/patches: patch-lib_replace_wscript 
   patch-lib_tevent_tevent_internal_h 

Log message:
Update to samba-4.6.11

See https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed
for a ChangeLog.  samba-4.6.10 bulk build & ok ajacoutot@, tests by Ian;
samba-4.6.11 just adds a bunch of security fixes over 4.6.10.

Re: [UPDATE] www/varnish 5.2.0 -> 5.2.1

[Gonzalo L. Rodriguez]

On [22/11/17] [02:33P], Stuart Henderson wrote:
; This is the *only* code change in the upstream code. (The only others are
; an additional test, and regen for new version number / commit ids in docs).
; 
; diff -uNp -r varnish-5.2.0/bin/varnishd/cache/cache_fetch.c 
varnish-5.2.1/bin/varnishd/cache/cache_fetch.c
; --- varnish-5.2.0/bin/varnishd/cache/cache_fetch.cFri Sep 15 12:12:41 2017
; +++ varnish-5.2.1/bin/varnishd/cache/cache_fetch.cTue Nov 14 13:39:35 2017
; @@ -899,6 +899,8 @@ vbf_stp_error(struct worker *wrk, struct busyobj *bo)
;   l = ll;
;   if (VFP_GetStorage(bo->vfc, , ) != VFP_OK)
;   break;
; + if (l > ll)
; + l = ll;
;   memcpy(ptr, VSB_data(synth_body) + o, l);
;   VFP_Extend(bo->vfc, l);
;   ll -= l;
; diff -uNp -r varnish-5.2.0/bin/varnishd/cache/cache_session.c 
varnish-5.2.1/bin/varnishd/cache/cache_session.c
; --- varnish-5.2.0/bin/varnishd/cache/cache_session.c  Tue Sep  5 15:21:34 2017
; +++ varnish-5.2.1/bin/varnishd/cache/cache_session.c  Tue Nov 14 13:39:35 2017
; @@ -289,7 +289,7 @@ HTC_RxStuff(struct http_conn *htc, htc_complete_f *fun
;   WRONG("htc_status_e");
;  
;   tmo = tn - now;
; - if (!isnan(ti) && ti < tn)
; + if (!isnan(ti) && ti < tn && hs == HTC_S_EMPTY)
;   tmo = ti - now;
;   z = maxbytes - (htc->rxbuf_e - htc->rxbuf_b);
;   assert(z >= 0);
; 
; OK for this simple port update?
; 
; Index: Makefile
; ===
; RCS file: /cvs/ports/www/varnish/Makefile,v
; retrieving revision 1.33
; diff -u -p -r1.33 Makefile
; --- Makefile  18 Sep 2017 14:09:53 -  1.33
; +++ Makefile  22 Nov 2017 14:31:14 -
; @@ -2,7 +2,7 @@
;  
;  COMMENT =high-performance HTTP accelerator
;  
; -DISTNAME =   varnish-5.2.0
; +DISTNAME =   varnish-5.2.1
;  
;  CATEGORIES = www
;  
; Index: distinfo
; ===
; RCS file: /cvs/ports/www/varnish/distinfo,v
; retrieving revision 1.17
; diff -u -p -r1.17 distinfo
; --- distinfo  18 Sep 2017 14:09:53 -  1.17
; +++ distinfo  22 Nov 2017 14:31:14 -
; @@ -1,2 +1,2 @@
; -SHA256 (varnish-5.2.0.tgz) = zEgmoEgPSSaNOZYwnkt+RlFR6aUjzPjq1JnsV1FJ9H4=
; -SIZE (varnish-5.2.0.tgz) = 2828867
; +SHA256 (varnish-5.2.1.tgz) = uEUsnXjBb3jIz9HBoeaWUjv2S3chwzAVDcwIUkWQFLM=
; +SIZE (varnish-5.2.1.tgz) = 2827676
; > 

OK gonzalo@

-- 
Sending from my toaster.

Re: [update] samba-4.6.10

[Jeremie Courreges-Anglas]

On Tue, Nov 21 2017, Jeremie Courreges-Anglas  wrote:
> On Mon, Nov 20 2017, Jeremie Courreges-Anglas  wrote:
>> On Mon, Nov 20 2017, Jeremie Courreges-Anglas  wrote:
>>> samba-4.7 doesn't build right now, because of the usual waf madness.
>>> Here's an update to the latest release of the 4.6 branch.   An
>>> additional patch is needed because  isn't properly detected if
>>>  isn't included first.
>>>
>>> Runtime not tested, feedback, test reports and oks welcome as usual.
>>
>> The previous diff was wrongly downgrading the version the ldb shared
>> lib, thanks Antoine for spotting this.  Please either bump libldb to 0.4
>> (instead of 0.1), or wait for me posting a proper patch (maybe
>> tomorrow).

Here's an updated diff, now that:
- I have committed an update to 4.5.15 (published yesterday) to -current
  and -stable
- 4.6.11 has been released to fix the same security issues as 4.5.15

Given the successful bulk, ok, and test report I have received, I will
probably commit this soon.


Index: Makefile
===
RCS file: /cvs/ports/net/samba/Makefile,v
retrieving revision 1.245
diff -u -p -r1.245 Makefile
--- Makefile22 Nov 2017 15:09:24 -  1.245
+++ Makefile22 Nov 2017 15:25:21 -
@@ -1,6 +1,6 @@
 # $OpenBSD: Makefile,v 1.245 2017/11/22 15:09:24 jca Exp $
 
-VERSION =  4.5.15
+VERSION =  4.6.11
 DISTNAME = samba-${VERSION}
 
 COMMENT-main = SMB and CIFS client and server for UNIX
@@ -15,20 +15,17 @@ PKGNAME-tevent =tevent-${TEVENT_V}
 PKGNAME-util = samba-util-${VERSION}
 PKGNAME-docs = samba-docs-${VERSION}
 
-REVISION-tevent =  2
-REVISION-ldb = 1
-
 PKG_ARCH-docs =*
 
-LDB_V =1.1.27
-TEVENT_V = 0.9.29
+LDB_V =1.1.29
+TEVENT_V = 0.9.34
 
 SHARED_LIBS =  asn1-samba4 0.0 \
com_err-samba4  0.0 \
dcerpc  0.0 \
-   dcerpc-binding  1.0 \
+   dcerpc-binding  1.1 \
dcerpc-samr 0.0 \
-   dcerpc-server   2.0 \
+   dcerpc-server   3.0 \
gssapi-samba4   0.0 \
hcrypto-samba4  0.0 \
hdb-samba4  0.0 \
@@ -36,31 +33,31 @@ SHARED_LIBS =   asn1-samba4 0.0 \
heimntlm-samba4 0.0 \
hx509-samba40.0 \
kdc-samba4  0.0 \
-   krb5-samba4 0.0 \
-   ldb 0.3 \
+   krb5-samba4 0.1 \
+   ldb 0.4 \
ndr 0.2 \
ndr-krb5pac 0.1 \
ndr-nbt 0.1 \
-   ndr-standard1.0 \
+   ndr-standard2.0 \
netapi  2.0 \
-   pyldb-util  0.0 \
+   pyldb-util  0.1 \
roken-samba40.0 \
-   samba-credentials   0.0 \
+   samba-credentials   0.1 \
samba-errors0.0 \
-   samba-hostconfig2.0 \
-   samba-passdb0.1 \
+   samba-hostconfig2.1 \
+   samba-passdb1.0 \
samba-policy0.0 \
-   samba-util  1.1 \
+   samba-util  2.0 \
samdb   0.0 \
smbclient   4.1 \
-   smbconf 1.0 \
+   smbconf 2.0 \
smbldap 0.0 \
-   tevent  0.2 \
+   tevent  0.3 \
tevent-util 0.1 \
wbclient3.1 \
wind-samba4 0.0 \
-   replace 1.0 \
-   util-setid  1.0
+   replace 2.0 \
+   util-setid  2.0
 
 CATEGORIES =   net sysutils security
 
@@ -103,7 +100,8 @@ MULTI_PACKAGES =-main -ldb -tevent -uti
 
 MODULES =  lang/python perl
 
-BUILD_DEPENDS =

Re: [UPDATE] games/ioquake

[Aaron Bieber]

On Tue, Nov 21, 2017 at 10:06:02PM +, David CARLIER wrote:
> Hi,
>
> brynet@ reported a segfault when it uses openal/sndio backend due to the
> fact there is no capture device handling. ioquake3 enables VOIP support by
> default, the solution would be to disable it.
>
> Hope it is good.

Nice, looks good to me!

OK if anyone wants to commit - if not I will commit it later tonight!

>
> Kind regards.

> Index: Makefile
> ===
> RCS file: /cvs/ports/games/ioquake3/Makefile,v
> retrieving revision 1.18
> diff -u -p -r1.18 Makefile
> --- Makefile  10 Nov 2017 14:59:52 -  1.18
> +++ Makefile  21 Nov 2017 22:03:19 -
> @@ -6,6 +6,7 @@ ONLY_FOR_ARCHS= amd64 i386
>  COMMENT= clone of the original Quake III Arena
>
>  DISTNAME=ioquake3-2017.11.09
> +REVISION=   0
>
>  GH_ACCOUNT=  ioquake
>  GH_PROJECT=  ioq3
> @@ -28,7 +29,7 @@ LIB_DEPENDS=audio/libogg \
>   devel/sdl2 \
>   net/curl
>
> -MAKE_ENV=V=1 USE_INTERNAL_OGG=0 CC="${CC}" TOOLS_CC="${CC}"
> +MAKE_ENV=V=1 USE_VOIP=0 USE_INTERNAL_OGG=0 CC="${CC}" TOOLS_CC="${CC}"
>  ALL_TARGET=  "release"
>  USE_GMAKE=   Yes
>  NO_TEST= Yes


--
PGP: 0x1F81112D62A9ADCE / 3586 3350 BFEA C101 DB1A  4AF0 1F81 112D 62A9 ADCE

CVS: cvs.openbsd.org: ports

[Remi Pointel]

CVSROOT:/cvs
Module name:ports
Changes by: rpoin...@cvs.openbsd.org2017/11/22 08:11:52

Modified files:
textproc/py-markdown: Makefile distinfo 

Log message:
update markdown to 2.6.9.
ok danj@ benoit@.

Re: games/tome4 - remove powerpc arch

[Jeremie Courreges-Anglas]

On Wed, Nov 22 2017, "Kirill Bychkov"  wrote:
> On Tue, November 21, 2017 19:19, Jeremie Courreges-Anglas wrote:
>> On Tue, Nov 21 2017, Sol?ne Rapenne  wrote:
>>> Building games/tome4 on powerpc (macppc kernel) fail
>>>
>>> [-]
>>>  Building luajit2 (release) 
>>> Creating ../obj/Release/luajit2
>>> mkdir -p ../obj/Release/luajit2
>>> Running pre-build commands
>>> [---cut]
>>> In file included from ../src/luajit2/src/lj_obj.h:14:0,
>>>  from ../src/luajit2/src/lj_dispatch.c:9:
>>> ../src/luajit2/src/lj_arch.h:321:2: error: #error "No support for
>>> little-endian PowerPC"
>>>  #error "No support for little-endian PowerPC"
>>>   ^
>>>
>>> I propose to remove powerpc as a supported arch
>>
>> Fair proposal.  lang/luajit has a patch to explicitely disable this
>> error message, plus another one for the generated asm.
>>
>> What I don't understand, though, is why luajit thinks that powerpc is
>> little-endian: our powerpc architecture is definitely big-endian.
>>
>> Could you please try to run ''make test'' in lang/luajit on powerpc?
>
> Hi!
> I'm currently trying to build tome4 on macppc. It will take some more time
> on my single core G5 :)
> But... audio/openal uses COMPILER=base-clang ports-clang ports-gcc and have
> no chance to be built on powerpc because llvm is marked broken on that arch.
> It builds with ports-gcc.

Yep, this is not nice.

The problem that kills luajit and tome4 is silly: our sys/_endian.h
header always defines _LITTLE_ENDIAN and _BIG_ENDIAN.  To check
endianness, one should check the value of _BYTE_ORDER.

(BYTE_ORDER if including )

I don't know how upstream ended up with this additional check, but it
probably doesn't receive much attention, given that Linux defines
__LITTLE_ENDIAN, not _LITTLE_ENDIAN.  So who's actually building
little-endian powerpc programs?  I think it makes sense to just patch
out the offending test.  Then we can take a look at COMPILER ordering.
tome4 is probably not the only affected port...

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

CVS: cvs.openbsd.org: ports

[Jeremie Courreges-Anglas]

CVSROOT:/cvs
Module name:ports
Changes by: j...@cvs.openbsd.org2017/11/22 08:09:24

Modified files:
net/samba  : Makefile distinfo 

Log message:
SECURITY update to samba-4.5.15

Fixes for:
o  CVE-2017-14746 (Use-after-free vulnerability.)
o  CVE-2017-15275 (Server heap memory information leak.)

More details at:
o https://www.samba.org/samba/security/CVE-2017-14746.html
o https://www.samba.org/samba/security/CVE-2017-15275.html

CVS: cvs.openbsd.org: ports

[Jeremie Courreges-Anglas]

CVSROOT:/cvs
Module name:ports
Changes by: j...@cvs.openbsd.org2017/11/22 08:08:47

Modified files:
net/samba  : Tag: OPENBSD_6_2 Makefile distinfo 

Log message:
SECURITY update to samba-4.5.15

Fixes for:
o  CVE-2017-14746 (Use-after-free vulnerability.)
o  CVE-2017-15275 (Server heap memory information leak.)

More details at:
o https://www.samba.org/samba/security/CVE-2017-14746.html
o https://www.samba.org/samba/security/CVE-2017-15275.html

Re: [UPDATE] www/varnish 5.2.0 -> 5.2.1

[Stuart Henderson]

This is the *only* code change in the upstream code. (The only others are
an additional test, and regen for new version number / commit ids in docs).

diff -uNp -r varnish-5.2.0/bin/varnishd/cache/cache_fetch.c 
varnish-5.2.1/bin/varnishd/cache/cache_fetch.c
--- varnish-5.2.0/bin/varnishd/cache/cache_fetch.c  Fri Sep 15 12:12:41 2017
+++ varnish-5.2.1/bin/varnishd/cache/cache_fetch.c  Tue Nov 14 13:39:35 2017
@@ -899,6 +899,8 @@ vbf_stp_error(struct worker *wrk, struct busyobj *bo)
l = ll;
if (VFP_GetStorage(bo->vfc, , ) != VFP_OK)
break;
+   if (l > ll)
+   l = ll;
memcpy(ptr, VSB_data(synth_body) + o, l);
VFP_Extend(bo->vfc, l);
ll -= l;
diff -uNp -r varnish-5.2.0/bin/varnishd/cache/cache_session.c 
varnish-5.2.1/bin/varnishd/cache/cache_session.c
--- varnish-5.2.0/bin/varnishd/cache/cache_session.cTue Sep  5 15:21:34 2017
+++ varnish-5.2.1/bin/varnishd/cache/cache_session.cTue Nov 14 13:39:35 2017
@@ -289,7 +289,7 @@ HTC_RxStuff(struct http_conn *htc, htc_complete_f *fun
WRONG("htc_status_e");
 
tmo = tn - now;
-   if (!isnan(ti) && ti < tn)
+   if (!isnan(ti) && ti < tn && hs == HTC_S_EMPTY)
tmo = ti - now;
z = maxbytes - (htc->rxbuf_e - htc->rxbuf_b);
assert(z >= 0);

OK for this simple port update?

Index: Makefile
===
RCS file: /cvs/ports/www/varnish/Makefile,v
retrieving revision 1.33
diff -u -p -r1.33 Makefile
--- Makefile18 Sep 2017 14:09:53 -  1.33
+++ Makefile22 Nov 2017 14:31:14 -
@@ -2,7 +2,7 @@
 
 COMMENT =  high-performance HTTP accelerator
 
-DISTNAME = varnish-5.2.0
+DISTNAME = varnish-5.2.1
 
 CATEGORIES =   www
 
Index: distinfo
===
RCS file: /cvs/ports/www/varnish/distinfo,v
retrieving revision 1.17
diff -u -p -r1.17 distinfo
--- distinfo18 Sep 2017 14:09:53 -  1.17
+++ distinfo22 Nov 2017 14:31:14 -
@@ -1,2 +1,2 @@
-SHA256 (varnish-5.2.0.tgz) = zEgmoEgPSSaNOZYwnkt+RlFR6aUjzPjq1JnsV1FJ9H4=
-SIZE (varnish-5.2.0.tgz) = 2828867
+SHA256 (varnish-5.2.1.tgz) = uEUsnXjBb3jIz9HBoeaWUjv2S3chwzAVDcwIUkWQFLM=
+SIZE (varnish-5.2.1.tgz) = 2827676
> 

CVS: cvs.openbsd.org: ports

[Adam Wolk]

CVSROOT:/cvs
Module name:ports
Changes by: aw...@cvs.openbsd.org   2017/11/22 07:27:29

Modified files:
devel/zeal : Makefile distinfo 

Log message:
devel/zeal 0.3.1 => 0.4.0

OK abieber@

port changes:
- regen WANTLIB
- drop Qt5Sql as devel/sqlite3 is now used directly
- switch from qmake to cmake

upstream changelog:
https://github.com/zealdocs/zeal/releases/tag/v0.4.0

[NEW] www/py-uritemplate

[Remi Pointel]

Hi,

attached is the tarball of uritemplate.


---
pkg_info py-uritemplate
Information for inst:py-uritemplate-3.0.0

Comment:
URI templates

Description:
Simple python library to deal with URI Templates.

Maintainer: The OpenBSD ports mailing-list 

WWW: https://uritemplate.readthedocs.io/en/latest/
---

Ok?

Cheers,

Remi.

py-uritemplate.tar.gz
Description: GNU Zip compressed data

Re: [UPDATE] www/varnish 5.2.0 -> 5.2.1

[Gonzalo L. Rodriguez]

On [22/11/17] [11:47P], Klemens Nanni wrote:
; On Wed, Nov 15, 2017 at 05:14:11PM +0100, Klemens Nanni wrote:
; > This is a security update[0] fixing a data leak:
; > 
; > A wrong if statement in the varnishd source code means that
; > synthetic objects in stevedores which over-allocate, may leak up
; > to page size of data from a malloc(3) memory allocation.
; > 
; > In a unpredictable percentage of the cases where this condition
; > arises, a segmentation fault will happen instead.
; > 
; > Tests continue to pass:
; > 
; > # TOTAL: 636
; > # PASS:  630
; > # SKIP:  5
; > # XFAIL: 0
; > # FAIL:  1
; > # XPASS: 0
; > # ERROR: 0
; > 
; > FAIL tests/u0.vtc (exit status: 2)
; > 
; > Removed TEST_TARGET=check as it's default. I also replaced cp with
; > ${INSTALL_DATA} post-install and pointed users to 5.2 docs.
; > 
; > Since Varnish compiles .vsc files to C using python with 2.7 specific
; > code (import StringIO), I added lang/python and explicity set
; > MODPY_VERSION=2.7.
; > 
; > Feedback? Does anyone want to commit this?
; > 
; > 0: https://varnish-cache.org/releases/rel5.2.1.html#rel5-2-1
; > 
; > diff --git a/www/varnish/Makefile b/www/varnish/Makefile
; > index b0fa5029ab4..5cf58670364 100644
; > --- a/www/varnish/Makefile
; > +++ b/www/varnish/Makefile
; > @@ -2,7 +2,7 @@
; >  
; >  COMMENT =  high-performance HTTP accelerator
; >  
; > -DISTNAME = varnish-5.2.0
; > +DISTNAME = varnish-5.2.1
; >  
; >  CATEGORIES =   www
; >  
; > @@ -16,12 +16,16 @@ MAINTAINER =Jim Razmus II 
 \
; >  # BSD
; >  PERMIT_PACKAGE_CDROM = Yes
; >  
; > -MASTER_SITES =  https://varnish-cache.org/_downloads/
; > +MASTER_SITES =  ${HOMEPAGE}_downloads/
; >  
; >  EXTRACT_SUFX = .tgz
; >  
; >  WANTLIB += c execinfo m ncursesw pcre pthread readline termcap
; >  
; > +MODULES =  lang/python
; > +
; > +MODPY_VERSION =2.7
; > +
; >  BUILD_DEPENDS =${MODGNU_AUTOCONF_DEPENDS} \
; > ${MODGNU_AUTOMAKE_DEPENDS} \
; > devel/libtool \
; > @@ -30,6 +34,8 @@ LIB_DEPENDS = devel/pcre
; >  # The internal backtrace implementation fails to build with -Werror on 
arm/hppa
; >  LIB_DEPENDS += devel/libexecinfo
; >  
; > +MODPY_RUNDEP = No
; > +
; >  WRKDIST =  ${WRKDIR}/${DISTNAME}
; >  USE_GMAKE =Yes
; >  CONFIGURE_STYLE =  gnu
; > @@ -38,7 +44,7 @@ AUTOMAKE_VERSION =1.15
; >  CONFIGURE_ENV =CPPFLAGS="-I${LOCALBASE}/include" \
; > LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}"
; >  
; > -TEST_TARGET =  check
; > +MODPY_ADJ_FILES =  lib/lib*/*.py
; >  
; >  post-patch:
; > cd ${WRKSRC} && env AUTOCONF_VERSION=${AUTOCONF_VERSION} \
; > @@ -47,7 +53,7 @@ post-patch:
; >  post-install:
; > ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/varnish
; > ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/varnish
; > -   cp ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \
; > +   ${INSTALL_DATA} ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \
; > ${PREFIX}/share/examples/varnish
; > rm -f ${PREFIX}/lib/varnish/{vmods,}/*.{a,la}
; >  
; > diff --git a/www/varnish/distinfo b/www/varnish/distinfo
; > index f7dc351f783..cdba07a9889 100644
; > --- a/www/varnish/distinfo
; > +++ b/www/varnish/distinfo
; > @@ -1,2 +1,2 @@
; > -SHA256 (varnish-5.2.0.tgz) = zEgmoEgPSSaNOZYwnkt+RlFR6aUjzPjq1JnsV1FJ9H4=
; > -SIZE (varnish-5.2.0.tgz) = 2828867
; > +SHA256 (varnish-5.2.1.tgz) = uEUsnXjBb3jIz9HBoeaWUjv2S3chwzAVDcwIUkWQFLM=
; > +SIZE (varnish-5.2.1.tgz) = 2827676
; > diff --git a/www/varnish/pkg/MESSAGE b/www/varnish/pkg/MESSAGE
; > index 5f50b1bbf2a..ce02efaef87 100644
; > --- a/www/varnish/pkg/MESSAGE
; > +++ b/www/varnish/pkg/MESSAGE
; > @@ -5,4 +5,4 @@ or the following link for more information:
; >  
; >  and for further information:
; >  
; > -   https://www.varnish-cache.org/docs/5.0/
; > +   https://www.varnish-cache.org/docs/5.2/
; > 
; One week bump, neither of the two maintainers have replied so far.
; 
; I can take of the python 2.7 bits in another diff so the next
; revision/release won't depend on 2.7 anymore.
; 

A little bit busy right now, but I can test the diff in a couple days.

Thanks.

-- 
Sending from my toaster.

Re: [UPDATE] textproc/py-markdown

[Daniel Jakots]

On Wed, 22 Nov 2017 14:13:13 +0100, Remi Pointel 
wrote:

> Hi,
> 
> this is the diff to update markdown to latest release.
> 
> Ok?

oui

[UPDATE] textproc/py-markdown

[Remi Pointel]

Hi,

this is the diff to update markdown to latest release.

Ok?

Cheers,

Remi.Index: Makefile
===
RCS file: /cvs/ports/textproc/py-markdown/Makefile,v
retrieving revision 1.4
diff -u -p -u -p -r1.4 Makefile
--- Makefile	11 Feb 2017 18:58:01 -	1.4
+++ Makefile	22 Nov 2017 13:11:54 -
@@ -2,7 +2,7 @@
 
 COMMENT=		text-to-HTML conversion tool
 
-MODPY_EGG_VERSION=	2.6.8
+MODPY_EGG_VERSION=	2.6.9
 DISTNAME=		Markdown-${MODPY_EGG_VERSION}
 PKGNAME=		py-markdown-${MODPY_EGG_VERSION}
 CATEGORIES=		textproc
Index: distinfo
===
RCS file: /cvs/ports/textproc/py-markdown/distinfo,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 distinfo
--- distinfo	10 Feb 2017 22:25:20 -	1.3
+++ distinfo	22 Nov 2017 13:11:54 -
@@ -1,2 +1,2 @@
-SHA256 (Markdown-2.6.8.tar.gz) = CsioHmWBZ9qV0GOpJ5ycGyaZ83x8QVMlakWLOkOGDjM=
-SIZE (Markdown-2.6.8.tar.gz) = 307330
+SHA256 (Markdown-2.6.9.tar.gz) = c695cji5V2izqbb+YnDiUOXAnZiLjlsiP9XvpOBvr4E=
+SIZE (Markdown-2.6.9.tar.gz) = 271564

CVS: cvs.openbsd.org: ports

[Stuart Cassoff]

CVSROOT:/cvs
Module name:ports
Changes by: s...@cvs.openbsd.org2017/11/22 05:46:04

Modified files:
x11/tk/8.6 : Makefile 
Added files:
x11/tk/8.6/patches: patch-unix_tk_pc_in 

Log message:
Make tk86.pc work with the installed tcl86.pc.
Mimic the port and require the exact Tcl version.

CVS: cvs.openbsd.org: ports

[Stuart Cassoff]

CVSROOT:/cvs
Module name:ports
Changes by: s...@cvs.openbsd.org2017/11/22 05:45:44

Modified files:
x11/tk/8.5 : Makefile 
Added files:
x11/tk/8.5/patches: patch-unix_tk_pc_in 

Log message:
Make tk85.pc work with the installed tcl85.pc.
Mimic the port and require the exact Tcl version.

Re: [UPDATE] www/varnish 5.2.0 -> 5.2.1

[Klemens Nanni]

On Wed, Nov 22, 2017 at 11:03:51AM +, Stuart Henderson wrote:
> On 2017/11/22 11:47, Klemens Nanni wrote:
> > On Wed, Nov 15, 2017 at 05:14:11PM +0100, Klemens Nanni wrote:
> > > This is a security update[0] fixing a data leak:
> > > 
> > >   A wrong if statement in the varnishd source code means that
> > >   synthetic objects in stevedores which over-allocate, may leak up
> > >   to page size of data from a malloc(3) memory allocation.
> > > 
> > >   In a unpredictable percentage of the cases where this condition
> > >   arises, a segmentation fault will happen instead.
> > > 
> > > Tests continue to pass:
> > > 
> > >   # TOTAL: 636
> > >   # PASS:  630
> > >   # SKIP:  5
> > >   # XFAIL: 0
> > >   # FAIL:  1
> > >   # XPASS: 0
> > >   # ERROR: 0
> > > 
> > >   FAIL tests/u0.vtc (exit status: 2)
> > > 
> > > Removed TEST_TARGET=check as it's default. I also replaced cp with
> > > ${INSTALL_DATA} post-install and pointed users to 5.2 docs.
> > > 
> > > Since Varnish compiles .vsc files to C using python with 2.7 specific
> > > code (import StringIO), I added lang/python and explicity set
> > > MODPY_VERSION=2.7.
> > > 
> > > Feedback? Does anyone want to commit this?
> > > 
> > > 0: https://varnish-cache.org/releases/rel5.2.1.html#rel5-2-1
> > > 
> > > diff --git a/www/varnish/Makefile b/www/varnish/Makefile
> > > index b0fa5029ab4..5cf58670364 100644
> > > --- a/www/varnish/Makefile
> > > +++ b/www/varnish/Makefile
> > > @@ -2,7 +2,7 @@
> > >  
> > >  COMMENT =high-performance HTTP accelerator
> > >  
> > > -DISTNAME =   varnish-5.2.0
> > > +DISTNAME =   varnish-5.2.1
> > >  
> > >  CATEGORIES = www
> > >  
> > > @@ -16,12 +16,16 @@ MAINTAINER =  Jim Razmus II 
> > >  \
> > >  # BSD
> > >  PERMIT_PACKAGE_CDROM =   Yes
> > >  
> > > -MASTER_SITES =  https://varnish-cache.org/_downloads/
> > > +MASTER_SITES =  ${HOMEPAGE}_downloads/
> 
> We stopped doing that, it's annoying if you want to copy the URL from
> Makefile and open it in a browser.
> 
> > >  EXTRACT_SUFX =   .tgz
> > >  
> > >  WANTLIB += c execinfo m ncursesw pcre pthread readline termcap
> > >  
> > > +MODULES =lang/python
> > > +
> > > +MODPY_VERSION =  2.7
> > > +
> > >  BUILD_DEPENDS =  ${MODGNU_AUTOCONF_DEPENDS} \
> > >   ${MODGNU_AUTOMAKE_DEPENDS} \
> > >   devel/libtool \
> > > @@ -30,6 +34,8 @@ LIB_DEPENDS =   devel/pcre
> > >  # The internal backtrace implementation fails to build with -Werror on 
> > > arm/hppa
> > >  LIB_DEPENDS +=   devel/libexecinfo
> > >  
> > > +MODPY_RUNDEP =   No
> > > +
> > >  WRKDIST =${WRKDIR}/${DISTNAME}
> > >  USE_GMAKE =  Yes
> > >  CONFIGURE_STYLE =gnu
> > > @@ -38,7 +44,7 @@ AUTOMAKE_VERSION =  1.15
> > >  CONFIGURE_ENV =  CPPFLAGS="-I${LOCALBASE}/include" \
> > >   LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}"
> > >  
> > > -TEST_TARGET =check
> > > +MODPY_ADJ_FILES =lib/lib*/*.py
> > >  
> > >  post-patch:
> > >   cd ${WRKSRC} && env AUTOCONF_VERSION=${AUTOCONF_VERSION} \
> > > @@ -47,7 +53,7 @@ post-patch:
> > >  post-install:
> > >   ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/varnish
> > >   ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/varnish
> > > - cp ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \
> > > + ${INSTALL_DATA} ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \
> > >   ${PREFIX}/share/examples/varnish
> > >   rm -f ${PREFIX}/lib/varnish/{vmods,}/*.{a,la}
> > >  
> > > diff --git a/www/varnish/distinfo b/www/varnish/distinfo
> > > index f7dc351f783..cdba07a9889 100644
> > > --- a/www/varnish/distinfo
> > > +++ b/www/varnish/distinfo
> > > @@ -1,2 +1,2 @@
> > > -SHA256 (varnish-5.2.0.tgz) = zEgmoEgPSSaNOZYwnkt+RlFR6aUjzPjq1JnsV1FJ9H4=
> > > -SIZE (varnish-5.2.0.tgz) = 2828867
> > > +SHA256 (varnish-5.2.1.tgz) = uEUsnXjBb3jIz9HBoeaWUjv2S3chwzAVDcwIUkWQFLM=
> > > +SIZE (varnish-5.2.1.tgz) = 2827676
> > > diff --git a/www/varnish/pkg/MESSAGE b/www/varnish/pkg/MESSAGE
> > > index 5f50b1bbf2a..ce02efaef87 100644
> > > --- a/www/varnish/pkg/MESSAGE
> > > +++ b/www/varnish/pkg/MESSAGE
> > > @@ -5,4 +5,4 @@ or the following link for more information:
> > >  
> > >  and for further information:
> > >  
> > > - https://www.varnish-cache.org/docs/5.0/
> > > + https://www.varnish-cache.org/docs/5.2/
> > > 
> 
> MESSAGE doesn't really add anything. Better to just remove it IMHO.
> 
> > One week bump, neither of the two maintainers have replied so far.
> > 
> > I can take of the python 2.7 bits in another diff so the next
> > revision/release won't depend on 2.7 anymore.
> 
> A word of advice: if you're trying to get what looks like it might be
> a relatively simple security update in quickly, don't make any
> unnecessary Makefile changes on top.
Noted, cheers. Updated diff below.

diff --git a/www/varnish/Makefile 

CVS: cvs.openbsd.org: ports

[Christian Weisgerber]

CVSROOT:/cvs
Module name:ports
Changes by: na...@cvs.openbsd.org   2017/11/22 04:42:15

Modified files:
security/libbde: Makefile 

Log message:
Picks up xgettext(1) if present, so add BDEP on devel/gettext-tools.

Re: [UPDATE] www/rt 4.4.2

[Paul Irofti]

On Wed, Nov 22, 2017 at 12:11:37PM +0100, Robert Nagy wrote:
> On (2017-11-22 13:00), Paul Irofti wrote:
> > Here is a small update to rt containing security fixes and various
> > enhancements.
> > 
> >   https://docs.bestpractical.com/release-notes/rt/4.4.2
> > 
> > OK?
> > 
> > 
> >  @sample ${SYSCONFDIR}/rt3/upgrade/4.4.1/
> >  share/examples/rt3/upgrade/4.4.1/content
> >  @sample ${SYSCONFDIR}/rt3/upgrade/4.4.1/content
> > +share/examples/rt3/upgrade/4.4.2/
> > +share/examples/rt3/upgrade/4.4.2/content
> > +share/examples/rt3/upgrade/4.4.2/indexes
> > +share/examples/rt3/upgrade/4.4.2/schema.Oracle
> > +share/examples/rt3/upgrade/4.4.2/schema.Pg
> > +share/examples/rt3/upgrade/4.4.2/schema.SQLite
> > +share/examples/rt3/upgrade/4.4.2/schema.mysql
> >  share/examples/rt3/upgrade/generate-rtaddressregexp
> >  @sample ${SYSCONFDIR}/rt3/upgrade/generate-rtaddressregexp
> 
> You need to @sample these to ${SYSCONFDIR}/rt3/upgrade so that the
> upgrade script can pick them up.

Right, like this?

Index: Makefile
===
RCS file: /cvs/ports/www/rt/Makefile,v
retrieving revision 1.38
diff -u -p -u -p -r1.38 Makefile
--- Makefile30 Jun 2017 22:22:45 -  1.38
+++ Makefile22 Nov 2017 11:24:01 -
@@ -2,8 +2,7 @@
 
 COMMENT=   industrial-grade ticketing system
 
-DISTNAME=  rt-4.4.1
-REVISION=  0
+DISTNAME=  rt-4.4.2
 CATEGORIES=www
 
 MAINTAINER=Robert Nagy 
Index: distinfo
===
RCS file: /cvs/ports/www/rt/distinfo,v
retrieving revision 1.18
diff -u -p -u -p -r1.18 distinfo
--- distinfo30 Jun 2017 16:43:53 -  1.18
+++ distinfo22 Nov 2017 11:24:01 -
@@ -1,2 +1,2 @@
-SHA256 (rt-4.4.1.tar.gz) = +HMpkRAg4Bs5lIBwrsK9er8MgWQfDPLyXgHGkKGfJPU=
-SIZE (rt-4.4.1.tar.gz) = 9057212
+SHA256 (rt-4.4.2.tar.gz) = suNm4YyMsd/VvGxGwRb9KM+mkKNosT+/MTGyGgubvmg=
+SIZE (rt-4.4.2.tar.gz) = 9572361
Index: patches/patch-sbin_rt-test-dependencies_in
===
RCS file: /cvs/ports/www/rt/patches/patch-sbin_rt-test-dependencies_in,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 patch-sbin_rt-test-dependencies_in
--- patches/patch-sbin_rt-test-dependencies_in  30 Jun 2017 16:43:53 -  
1.2
+++ patches/patch-sbin_rt-test-dependencies_in  22 Nov 2017 11:24:01 -
@@ -1,9 +1,10 @@
 $OpenBSD: patch-sbin_rt-test-dependencies_in,v 1.2 2017/06/30 16:43:53 pirofti 
Exp $
 sbin/rt-test-dependencies.in.orig  Mon Jul 18 23:20:17 2016
-+++ sbin/rt-test-dependencies.in   Mon Mar 20 10:07:11 2017
+Index: sbin/rt-test-dependencies.in
+--- sbin/rt-test-dependencies.in.orig
 sbin/rt-test-dependencies.in
 @@ -138,7 +138,7 @@ Digest::MD5 2.27
  Digest::SHA
- Email::Address 1.897
+ Email::Address 1.908
  Email::Address::List 0.02
 -Encode 2.64
 +Encode 2.60
Index: pkg/PLIST
===
RCS file: /cvs/ports/www/rt/pkg/PLIST,v
retrieving revision 1.20
diff -u -p -u -p -r1.20 PLIST
--- pkg/PLIST   30 Jun 2017 16:43:53 -  1.20
+++ pkg/PLIST   22 Nov 2017 11:24:02 -
@@ -29,10 +29,10 @@ libdata/perl5/site_perl/RT/Action/SLA_Se
 libdata/perl5/site_perl/RT/Action/SLA_SetStarts.pm
 libdata/perl5/site_perl/RT/Action/SendEmail.pm
 libdata/perl5/site_perl/RT/Action/SendForward.pm
+libdata/perl5/site_perl/RT/Action/SetCustomFieldToNow.pm
 libdata/perl5/site_perl/RT/Action/SetPriority.pm
 libdata/perl5/site_perl/RT/Action/SetStatus.pm
 libdata/perl5/site_perl/RT/Action/UpdateParentTimeWorked.pm
-libdata/perl5/site_perl/RT/Action/UpdateUserTimeWorked.pm
 libdata/perl5/site_perl/RT/Action/UserDefined.pm
 libdata/perl5/site_perl/RT/Approval/
 libdata/perl5/site_perl/RT/Approval.pm
@@ -94,6 +94,10 @@ libdata/perl5/site_perl/RT/CustomField.p
 libdata/perl5/site_perl/RT/CustomFieldValue.pm
 libdata/perl5/site_perl/RT/CustomFieldValues/
 libdata/perl5/site_perl/RT/CustomFieldValues.pm
+libdata/perl5/site_perl/RT/CustomFieldValues/Canonicalizer/
+libdata/perl5/site_perl/RT/CustomFieldValues/Canonicalizer.pm
+libdata/perl5/site_perl/RT/CustomFieldValues/Canonicalizer/Lowercase.pm
+libdata/perl5/site_perl/RT/CustomFieldValues/Canonicalizer/Uppercase.pm
 libdata/perl5/site_perl/RT/CustomFieldValues/External.pm
 libdata/perl5/site_perl/RT/CustomFieldValues/Groups.pm
 libdata/perl5/site_perl/RT/CustomFields.pm
@@ -339,6 +343,7 @@ share/doc/rt3/customizing/assets/
 share/doc/rt3/customizing/assets/tutorial.pod
 share/doc/rt3/customizing/assets/tutorialdata
 share/doc/rt3/customizing/lifecycles.pod
+share/doc/rt3/customizing/scrip_conditions_and_action.pod
 share/doc/rt3/customizing/search_result_columns.pod
 share/doc/rt3/customizing/sla.pod
 share/doc/rt3/customizing/styling_rt.pod
@@ -361,6 +366,7 @@ share/doc/rt3/images/action-decline.png
 share/doc/rt3/images/added-terms.png
 

Re: [UPDATE] www/rt 4.4.2

[Robert Nagy]

On (2017-11-22 13:00), Paul Irofti wrote:
> Here is a small update to rt containing security fixes and various
> enhancements.
> 
>   https://docs.bestpractical.com/release-notes/rt/4.4.2
> 
> OK?
> 
> 
>  @sample ${SYSCONFDIR}/rt3/upgrade/4.4.1/
>  share/examples/rt3/upgrade/4.4.1/content
>  @sample ${SYSCONFDIR}/rt3/upgrade/4.4.1/content
> +share/examples/rt3/upgrade/4.4.2/
> +share/examples/rt3/upgrade/4.4.2/content
> +share/examples/rt3/upgrade/4.4.2/indexes
> +share/examples/rt3/upgrade/4.4.2/schema.Oracle
> +share/examples/rt3/upgrade/4.4.2/schema.Pg
> +share/examples/rt3/upgrade/4.4.2/schema.SQLite
> +share/examples/rt3/upgrade/4.4.2/schema.mysql
>  share/examples/rt3/upgrade/generate-rtaddressregexp
>  @sample ${SYSCONFDIR}/rt3/upgrade/generate-rtaddressregexp

You need to @sample these to ${SYSCONFDIR}/rt3/upgrade so that the
upgrade script can pick them up.

Otherwise OK.

Re: [UPDATE] www/varnish 5.2.0 -> 5.2.1

[Stuart Henderson]

On 2017/11/22 11:47, Klemens Nanni wrote:
> On Wed, Nov 15, 2017 at 05:14:11PM +0100, Klemens Nanni wrote:
> > This is a security update[0] fixing a data leak:
> > 
> > A wrong if statement in the varnishd source code means that
> > synthetic objects in stevedores which over-allocate, may leak up
> > to page size of data from a malloc(3) memory allocation.
> > 
> > In a unpredictable percentage of the cases where this condition
> > arises, a segmentation fault will happen instead.
> > 
> > Tests continue to pass:
> > 
> > # TOTAL: 636
> > # PASS:  630
> > # SKIP:  5
> > # XFAIL: 0
> > # FAIL:  1
> > # XPASS: 0
> > # ERROR: 0
> > 
> > FAIL tests/u0.vtc (exit status: 2)
> > 
> > Removed TEST_TARGET=check as it's default. I also replaced cp with
> > ${INSTALL_DATA} post-install and pointed users to 5.2 docs.
> > 
> > Since Varnish compiles .vsc files to C using python with 2.7 specific
> > code (import StringIO), I added lang/python and explicity set
> > MODPY_VERSION=2.7.
> > 
> > Feedback? Does anyone want to commit this?
> > 
> > 0: https://varnish-cache.org/releases/rel5.2.1.html#rel5-2-1
> > 
> > diff --git a/www/varnish/Makefile b/www/varnish/Makefile
> > index b0fa5029ab4..5cf58670364 100644
> > --- a/www/varnish/Makefile
> > +++ b/www/varnish/Makefile
> > @@ -2,7 +2,7 @@
> >  
> >  COMMENT =  high-performance HTTP accelerator
> >  
> > -DISTNAME = varnish-5.2.0
> > +DISTNAME = varnish-5.2.1
> >  
> >  CATEGORIES =   www
> >  
> > @@ -16,12 +16,16 @@ MAINTAINER =Jim Razmus II 
> >  \
> >  # BSD
> >  PERMIT_PACKAGE_CDROM = Yes
> >  
> > -MASTER_SITES =  https://varnish-cache.org/_downloads/
> > +MASTER_SITES =  ${HOMEPAGE}_downloads/

We stopped doing that, it's annoying if you want to copy the URL from
Makefile and open it in a browser.

> >  EXTRACT_SUFX = .tgz
> >  
> >  WANTLIB += c execinfo m ncursesw pcre pthread readline termcap
> >  
> > +MODULES =  lang/python
> > +
> > +MODPY_VERSION =2.7
> > +
> >  BUILD_DEPENDS =${MODGNU_AUTOCONF_DEPENDS} \
> > ${MODGNU_AUTOMAKE_DEPENDS} \
> > devel/libtool \
> > @@ -30,6 +34,8 @@ LIB_DEPENDS = devel/pcre
> >  # The internal backtrace implementation fails to build with -Werror on 
> > arm/hppa
> >  LIB_DEPENDS += devel/libexecinfo
> >  
> > +MODPY_RUNDEP = No
> > +
> >  WRKDIST =  ${WRKDIR}/${DISTNAME}
> >  USE_GMAKE =Yes
> >  CONFIGURE_STYLE =  gnu
> > @@ -38,7 +44,7 @@ AUTOMAKE_VERSION =1.15
> >  CONFIGURE_ENV =CPPFLAGS="-I${LOCALBASE}/include" \
> > LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}"
> >  
> > -TEST_TARGET =  check
> > +MODPY_ADJ_FILES =  lib/lib*/*.py
> >  
> >  post-patch:
> > cd ${WRKSRC} && env AUTOCONF_VERSION=${AUTOCONF_VERSION} \
> > @@ -47,7 +53,7 @@ post-patch:
> >  post-install:
> > ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/varnish
> > ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/varnish
> > -   cp ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \
> > +   ${INSTALL_DATA} ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \
> > ${PREFIX}/share/examples/varnish
> > rm -f ${PREFIX}/lib/varnish/{vmods,}/*.{a,la}
> >  
> > diff --git a/www/varnish/distinfo b/www/varnish/distinfo
> > index f7dc351f783..cdba07a9889 100644
> > --- a/www/varnish/distinfo
> > +++ b/www/varnish/distinfo
> > @@ -1,2 +1,2 @@
> > -SHA256 (varnish-5.2.0.tgz) = zEgmoEgPSSaNOZYwnkt+RlFR6aUjzPjq1JnsV1FJ9H4=
> > -SIZE (varnish-5.2.0.tgz) = 2828867
> > +SHA256 (varnish-5.2.1.tgz) = uEUsnXjBb3jIz9HBoeaWUjv2S3chwzAVDcwIUkWQFLM=
> > +SIZE (varnish-5.2.1.tgz) = 2827676
> > diff --git a/www/varnish/pkg/MESSAGE b/www/varnish/pkg/MESSAGE
> > index 5f50b1bbf2a..ce02efaef87 100644
> > --- a/www/varnish/pkg/MESSAGE
> > +++ b/www/varnish/pkg/MESSAGE
> > @@ -5,4 +5,4 @@ or the following link for more information:
> >  
> >  and for further information:
> >  
> > -   https://www.varnish-cache.org/docs/5.0/
> > +   https://www.varnish-cache.org/docs/5.2/
> > 

MESSAGE doesn't really add anything. Better to just remove it IMHO.

> One week bump, neither of the two maintainers have replied so far.
> 
> I can take of the python 2.7 bits in another diff so the next
> revision/release won't depend on 2.7 anymore.

A word of advice: if you're trying to get what looks like it might be
a relatively simple security update in quickly, don't make any
unnecessary Makefile changes on top.

[UPDATE] www/rt 4.4.2

[Paul Irofti]

Here is a small update to rt containing security fixes and various
enhancements.

  https://docs.bestpractical.com/release-notes/rt/4.4.2

OK?


Index: Makefile
===
RCS file: /cvs/ports/www/rt/Makefile,v
retrieving revision 1.38
diff -u -p -u -p -r1.38 Makefile
--- Makefile30 Jun 2017 22:22:45 -  1.38
+++ Makefile22 Nov 2017 10:56:06 -
@@ -2,8 +2,7 @@
 
 COMMENT=   industrial-grade ticketing system
 
-DISTNAME=  rt-4.4.1
-REVISION=  0
+DISTNAME=  rt-4.4.2
 CATEGORIES=www
 
 MAINTAINER=Robert Nagy 
Index: distinfo
===
RCS file: /cvs/ports/www/rt/distinfo,v
retrieving revision 1.18
diff -u -p -u -p -r1.18 distinfo
--- distinfo30 Jun 2017 16:43:53 -  1.18
+++ distinfo22 Nov 2017 10:56:06 -
@@ -1,2 +1,2 @@
-SHA256 (rt-4.4.1.tar.gz) = +HMpkRAg4Bs5lIBwrsK9er8MgWQfDPLyXgHGkKGfJPU=
-SIZE (rt-4.4.1.tar.gz) = 9057212
+SHA256 (rt-4.4.2.tar.gz) = suNm4YyMsd/VvGxGwRb9KM+mkKNosT+/MTGyGgubvmg=
+SIZE (rt-4.4.2.tar.gz) = 9572361
Index: patches/patch-sbin_rt-test-dependencies_in
===
RCS file: /cvs/ports/www/rt/patches/patch-sbin_rt-test-dependencies_in,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 patch-sbin_rt-test-dependencies_in
--- patches/patch-sbin_rt-test-dependencies_in  30 Jun 2017 16:43:53 -  
1.2
+++ patches/patch-sbin_rt-test-dependencies_in  22 Nov 2017 10:56:06 -
@@ -1,9 +1,10 @@
 $OpenBSD: patch-sbin_rt-test-dependencies_in,v 1.2 2017/06/30 16:43:53 pirofti 
Exp $
 sbin/rt-test-dependencies.in.orig  Mon Jul 18 23:20:17 2016
-+++ sbin/rt-test-dependencies.in   Mon Mar 20 10:07:11 2017
+Index: sbin/rt-test-dependencies.in
+--- sbin/rt-test-dependencies.in.orig
 sbin/rt-test-dependencies.in
 @@ -138,7 +138,7 @@ Digest::MD5 2.27
  Digest::SHA
- Email::Address 1.897
+ Email::Address 1.908
  Email::Address::List 0.02
 -Encode 2.64
 +Encode 2.60
Index: pkg/PLIST
===
RCS file: /cvs/ports/www/rt/pkg/PLIST,v
retrieving revision 1.20
diff -u -p -u -p -r1.20 PLIST
--- pkg/PLIST   30 Jun 2017 16:43:53 -  1.20
+++ pkg/PLIST   22 Nov 2017 10:56:07 -
@@ -29,10 +29,10 @@ libdata/perl5/site_perl/RT/Action/SLA_Se
 libdata/perl5/site_perl/RT/Action/SLA_SetStarts.pm
 libdata/perl5/site_perl/RT/Action/SendEmail.pm
 libdata/perl5/site_perl/RT/Action/SendForward.pm
+libdata/perl5/site_perl/RT/Action/SetCustomFieldToNow.pm
 libdata/perl5/site_perl/RT/Action/SetPriority.pm
 libdata/perl5/site_perl/RT/Action/SetStatus.pm
 libdata/perl5/site_perl/RT/Action/UpdateParentTimeWorked.pm
-libdata/perl5/site_perl/RT/Action/UpdateUserTimeWorked.pm
 libdata/perl5/site_perl/RT/Action/UserDefined.pm
 libdata/perl5/site_perl/RT/Approval/
 libdata/perl5/site_perl/RT/Approval.pm
@@ -94,6 +94,10 @@ libdata/perl5/site_perl/RT/CustomField.p
 libdata/perl5/site_perl/RT/CustomFieldValue.pm
 libdata/perl5/site_perl/RT/CustomFieldValues/
 libdata/perl5/site_perl/RT/CustomFieldValues.pm
+libdata/perl5/site_perl/RT/CustomFieldValues/Canonicalizer/
+libdata/perl5/site_perl/RT/CustomFieldValues/Canonicalizer.pm
+libdata/perl5/site_perl/RT/CustomFieldValues/Canonicalizer/Lowercase.pm
+libdata/perl5/site_perl/RT/CustomFieldValues/Canonicalizer/Uppercase.pm
 libdata/perl5/site_perl/RT/CustomFieldValues/External.pm
 libdata/perl5/site_perl/RT/CustomFieldValues/Groups.pm
 libdata/perl5/site_perl/RT/CustomFields.pm
@@ -339,6 +343,7 @@ share/doc/rt3/customizing/assets/
 share/doc/rt3/customizing/assets/tutorial.pod
 share/doc/rt3/customizing/assets/tutorialdata
 share/doc/rt3/customizing/lifecycles.pod
+share/doc/rt3/customizing/scrip_conditions_and_action.pod
 share/doc/rt3/customizing/search_result_columns.pod
 share/doc/rt3/customizing/sla.pod
 share/doc/rt3/customizing/styling_rt.pod
@@ -361,6 +366,7 @@ share/doc/rt3/images/action-decline.png
 share/doc/rt3/images/added-terms.png
 share/doc/rt3/images/advanced-search.png
 share/doc/rt3/images/complicated-search-arrows.png
+share/doc/rt3/images/create-setowner-action.png
 share/doc/rt3/images/current-search.png
 share/doc/rt3/images/customize-dashboards-menu.png
 share/doc/rt3/images/dashboard-chart.png
@@ -383,6 +389,7 @@ share/doc/rt3/images/search-arrows.png
 share/doc/rt3/images/search-criteria.png
 share/doc/rt3/images/search-results.png
 share/doc/rt3/images/sorting-display-columns.png
+share/doc/rt3/images/status-change-condition.png
 share/doc/rt3/images/subscriptions.png
 share/doc/rt3/images/theme_editor_defaults.png
 share/doc/rt3/images/with-created-before.png
@@ -1039,6 +1046,13 @@ share/examples/rt3/upgrade/4.4.1/
 @sample ${SYSCONFDIR}/rt3/upgrade/4.4.1/
 share/examples/rt3/upgrade/4.4.1/content
 @sample ${SYSCONFDIR}/rt3/upgrade/4.4.1/content
+share/examples/rt3/upgrade/4.4.2/

Re: PHP remove unused CONFIGURE_ARGS

[Stuart Henderson]

On 2017/11/21 19:12, Martijn van Duren wrote:
> ping
> 
> On 11/17/17 08:03, Martijn van Duren wrote:
> > OK?
> > 
> > martijn@
> > 
> > Index: Makefile.inc
> > ===
> > RCS file: /cvs/ports/lang/php/Makefile.inc,v
> > retrieving revision 1.99
> > diff -u -p -r1.99 Makefile.inc
> > --- Makefile.inc16 Nov 2017 18:37:01 -  1.99
> > +++ Makefile.inc17 Nov 2017 07:03:02 -
> > @@ -69,7 +69,6 @@ CONFIGURE_ARGS+=  --enable-shared \
> > --with-pear=${LOCALBASE}/share/php-${PV} \
> > --with-config-file-scan-dir=${SYSCONFDIR}/php-${PV} \
> > --with-pdo-sqlite \
> > -   --enable-sqlite-utf8 \
> > --with-sqlite3 \
> > --program-suffix=-${PV} \
> > --with-readline
> > @@ -98,8 +97,6 @@ CONFIGURE_ARGS+=  --with-openssl \
> > --enable-sysvshm \
> > --enable-mbstring \
> > --enable-exif \
> > -   --enable-zend-multibyte \
> > -   --enable-fastcgi \
> > --enable-fpm \
> > --with-fpm-user=www \
> > --with-fpm-group=www
> > @@ -256,7 +253,7 @@ WANTLIB-soap=   iconv m pthread z xml2>=8
> >  # snmp
> >  MULTI_PACKAGES+=   -snmp
> >  COMMENT-snmp=  snmp protocol extensions for php
> > -CONFIGURE_ARGS+=   --with-snmp=shared,${LOCALBASE} --enable-ucd-snmp-hack
> > +CONFIGURE_ARGS+=   --with-snmp=shared,${LOCALBASE}
> >  LIB_DEPENDS-snmp=  net/net-snmp
> >  WANTLIB-snmp=  crypto m netsnmp>=6.2 pthread
> >  
> > 
> 

OK.

Re: fix PHP version in doku wiki

[Stuart Henderson]

On 2017/11/21 10:22, Rafael Sadowski wrote:
> PHP message: PHP Fatal error:  Uncaught exception 'Exception' with message 
> 'There is no suitable CSPRNG installed on your system' in 
> /dokuwiki/vendor/paragonie/random_compat/lib/random.php:203

This came up before. The deps should be changed to install pecl-libsodium
or php-mcrypt.

Re: [UPDATE] www/varnish 5.2.0 -> 5.2.1

[Klemens Nanni]

On Wed, Nov 15, 2017 at 05:14:11PM +0100, Klemens Nanni wrote:
> This is a security update[0] fixing a data leak:
> 
>   A wrong if statement in the varnishd source code means that
>   synthetic objects in stevedores which over-allocate, may leak up
>   to page size of data from a malloc(3) memory allocation.
> 
>   In a unpredictable percentage of the cases where this condition
>   arises, a segmentation fault will happen instead.
> 
> Tests continue to pass:
> 
>   # TOTAL: 636
>   # PASS:  630
>   # SKIP:  5
>   # XFAIL: 0
>   # FAIL:  1
>   # XPASS: 0
>   # ERROR: 0
> 
>   FAIL tests/u0.vtc (exit status: 2)
> 
> Removed TEST_TARGET=check as it's default. I also replaced cp with
> ${INSTALL_DATA} post-install and pointed users to 5.2 docs.
> 
> Since Varnish compiles .vsc files to C using python with 2.7 specific
> code (import StringIO), I added lang/python and explicity set
> MODPY_VERSION=2.7.
> 
> Feedback? Does anyone want to commit this?
> 
> 0: https://varnish-cache.org/releases/rel5.2.1.html#rel5-2-1
> 
> diff --git a/www/varnish/Makefile b/www/varnish/Makefile
> index b0fa5029ab4..5cf58670364 100644
> --- a/www/varnish/Makefile
> +++ b/www/varnish/Makefile
> @@ -2,7 +2,7 @@
>  
>  COMMENT =high-performance HTTP accelerator
>  
> -DISTNAME =   varnish-5.2.0
> +DISTNAME =   varnish-5.2.1
>  
>  CATEGORIES = www
>  
> @@ -16,12 +16,16 @@ MAINTAINER =  Jim Razmus II 
>  \
>  # BSD
>  PERMIT_PACKAGE_CDROM =   Yes
>  
> -MASTER_SITES =  https://varnish-cache.org/_downloads/
> +MASTER_SITES =  ${HOMEPAGE}_downloads/
>  
>  EXTRACT_SUFX =   .tgz
>  
>  WANTLIB += c execinfo m ncursesw pcre pthread readline termcap
>  
> +MODULES =lang/python
> +
> +MODPY_VERSION =  2.7
> +
>  BUILD_DEPENDS =  ${MODGNU_AUTOCONF_DEPENDS} \
>   ${MODGNU_AUTOMAKE_DEPENDS} \
>   devel/libtool \
> @@ -30,6 +34,8 @@ LIB_DEPENDS =   devel/pcre
>  # The internal backtrace implementation fails to build with -Werror on 
> arm/hppa
>  LIB_DEPENDS +=   devel/libexecinfo
>  
> +MODPY_RUNDEP =   No
> +
>  WRKDIST =${WRKDIR}/${DISTNAME}
>  USE_GMAKE =  Yes
>  CONFIGURE_STYLE =gnu
> @@ -38,7 +44,7 @@ AUTOMAKE_VERSION =  1.15
>  CONFIGURE_ENV =  CPPFLAGS="-I${LOCALBASE}/include" \
>   LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}"
>  
> -TEST_TARGET =check
> +MODPY_ADJ_FILES =lib/lib*/*.py
>  
>  post-patch:
>   cd ${WRKSRC} && env AUTOCONF_VERSION=${AUTOCONF_VERSION} \
> @@ -47,7 +53,7 @@ post-patch:
>  post-install:
>   ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/varnish
>   ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/varnish
> - cp ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \
> + ${INSTALL_DATA} ${WRKDIST}${SYSCONFDIR}/{example,builtin}.vcl \
>   ${PREFIX}/share/examples/varnish
>   rm -f ${PREFIX}/lib/varnish/{vmods,}/*.{a,la}
>  
> diff --git a/www/varnish/distinfo b/www/varnish/distinfo
> index f7dc351f783..cdba07a9889 100644
> --- a/www/varnish/distinfo
> +++ b/www/varnish/distinfo
> @@ -1,2 +1,2 @@
> -SHA256 (varnish-5.2.0.tgz) = zEgmoEgPSSaNOZYwnkt+RlFR6aUjzPjq1JnsV1FJ9H4=
> -SIZE (varnish-5.2.0.tgz) = 2828867
> +SHA256 (varnish-5.2.1.tgz) = uEUsnXjBb3jIz9HBoeaWUjv2S3chwzAVDcwIUkWQFLM=
> +SIZE (varnish-5.2.1.tgz) = 2827676
> diff --git a/www/varnish/pkg/MESSAGE b/www/varnish/pkg/MESSAGE
> index 5f50b1bbf2a..ce02efaef87 100644
> --- a/www/varnish/pkg/MESSAGE
> +++ b/www/varnish/pkg/MESSAGE
> @@ -5,4 +5,4 @@ or the following link for more information:
>  
>  and for further information:
>  
> - https://www.varnish-cache.org/docs/5.0/
> + https://www.varnish-cache.org/docs/5.2/
> 
One week bump, neither of the two maintainers have replied so far.

I can take of the python 2.7 bits in another diff so the next
revision/release won't depend on 2.7 anymore.

CVS: cvs.openbsd.org: ports

[Remi Pointel]

CVSROOT:/cvs
Module name:ports
Changes by: rpoin...@cvs.openbsd.org2017/11/22 03:16:01

Modified files:
www/py-django/lts: Makefile distinfo 
www/py-django/lts/pkg: PLIST 

Log message:
update to 1.11.7.

CVS: cvs.openbsd.org: ports

[Landry Breuil]

CVSROOT:/cvs
Module name:ports
Changes by: lan...@cvs.openbsd.org  2017/11/22 01:16:30

Modified files:
geo/mapserver  : Makefile 
geo/mapserver/pkg: README-main 

Log message:
Add an example sysutils/supervisor configuration snippet as it's wys
better than using spawn-fcgi...

Re: NEW: emulators/libretro-parallel-n64

[Anthony J. Bentley]

Ryan Freeman writes:
> Attached is a new port for a nice Nintendo 64 emulator core, for 
> retroarch.

Thanks for this.

> Unfortunately, the license of this left me with more unanswered
> questions than answers.  I have tried to be as verbose on that
> matter as possible, but am unsure if we can even distribute via
> PERMIT_PACKAGE_FTP.

Unfortunately PERMIT_PACKAGE_FTP will have to be set to no, as the
default state is "all rights reserved," including redistribution.
(https://github.com/gonetz/GLideN64/blob/master/LICENSE claims that
GLideN64 is GPLv2, but that's not valid since it's based on glN64
which is all rights reserved.)

The port is ok with me with all PERMIT_* set to no.

-- 
Anthony J. Bentley