subject:"Security update textproc\/wkhtmltopdf\-0.12.3.2"

Re: Security update textproc/wkhtmltopdf-0.12.3.2

2016-08-11 Thread Frank Groeneveld

On Thu, Aug 11, 2016 at 03:48:59PM +0800, Tinker wrote:
> On 2016-08-11 15:38, Tinker wrote:
> >On 2016-07-28 22:54, Frank Groeneveld wrote:
> >>On Thu, Jul 28, 2016 at 12:54:52PM +0100, Stuart Henderson wrote:
> >>>On 2016/07/28 01:02, Tinker wrote:
>  On 2016-07-27 16:36, Frank Groeneveld wrote:
>  > Attached patch updates wkhtmltopdf to the latest release. Some 
>  > important
>  > security fixes (OpenSSL updates) were added ..
> 
>  Can't it use the system's LibreSSL version??
> 
> >>>
> >>>I'm pretty sure it is, otherwise we wouldn't have needed the
> >>>OPENSSL_NO_SSL3
> >>>patches.
> >>
> >>Yes, it doesn't use the bundled OpenSSl version, sorry for the
> >>confusion. It seems [..]
> 
> (Wait, by "does not use the bundled OpenSSL version", you mean that the
> Wkhtmltopdf OpenBSD port not uses the *OS-*bundled *LibreSSL* library
> right?)
> 

With bundled I mean the library that comes in the wkhtmltopdf "bundle".
As you can see we need patches to let the build know that the base
LibreSSL doesn't support SSLv3, which leads me and Stuart to think that
it uses the LibreSSL from base.

I see Stuart has committed this update already. Thanks Stuart!

Frank

Re: Security update textproc/wkhtmltopdf-0.12.3.2

2016-08-11 Thread Tinker


On 2016-08-11 15:38, Tinker wrote:

On 2016-07-28 22:54, Frank Groeneveld wrote:

On Thu, Jul 28, 2016 at 12:54:52PM +0100, Stuart Henderson wrote:

On 2016/07/28 01:02, Tinker wrote:
> On 2016-07-27 16:36, Frank Groeneveld wrote:
> > Attached patch updates wkhtmltopdf to the latest release. Some important
> > security fixes (OpenSSL updates) were added ..
>
> Can't it use the system's LibreSSL version??
>

I'm pretty sure it is, otherwise we wouldn't have needed the 
OPENSSL_NO_SSL3

patches.


Yes, it doesn't use the bundled OpenSSl version, sorry for the
confusion. It seems [..]


(Wait, by "does not use the bundled OpenSSL version", you mean that the 
Wkhtmltopdf OpenBSD port not uses the *OS-*bundled *LibreSSL* library 
right?)

Re: Security update textproc/wkhtmltopdf-0.12.3.2

2016-08-11 Thread Tinker

On 2016-07-28 22:54, Frank Groeneveld wrote:

On Thu, Jul 28, 2016 at 12:54:52PM +0100, Stuart Henderson wrote:

On 2016/07/28 01:02, Tinker wrote:
> On 2016-07-27 16:36, Frank Groeneveld wrote:
> > Attached patch updates wkhtmltopdf to the latest release. Some important
> > security fixes (OpenSSL updates) were added ..
>
> Can't it use the system's LibreSSL version??
>

I'm pretty sure it is, otherwise we wouldn't have needed the 
OPENSSL_NO_SSL3

patches.

Yes, it doesn't use the bundled OpenSSl version, sorry for the
confusion. It seems [..]

I understand why Wkhtmltopdf builds its own QT: it needs cutom 
formatting patches and the like, that the ordinary QT not has.

Wkhtmltopdf bundling its own OpenSSL sounds not only useless (bc 
Wkhtmltopdf does not rely on any custom functionality via patches, 
right?), but also dangerous?

Afterall OpenSSL is one of the nastiest open-source libraries in 
widespread use.

Could Wkhtmltopdf be made to use the OS-bundled LibreSSL instead, do you 
see any conceptual problems about doing that?

Re: Security update textproc/wkhtmltopdf-0.12.3.2

2016-08-10 Thread Frank Groeneveld

On Thu, Jul 28, 2016 at 04:54:18PM +0200, Frank Groeneveld wrote:
> 
> I'll bring this patch up again after the lock is removed, because
> without security issues there is no rush this port update.
> 

Bringing this up again now that the lock is gone. Could somebody commit
this if there are no objections?

Thanks!

Frank
Index: Makefile
===
RCS file: /cvs/ports/textproc/wkhtmltopdf/Makefile,v
retrieving revision 1.8
diff -u -p -r1.8 Makefile
--- Makefile3 Apr 2016 14:20:03 -   1.8
+++ Makefile27 Jul 2016 08:26:08 -
@@ -7,9 +7,8 @@ COMMENT =   convert HTML to PDF using Web
 
 GH_ACCOUNT =   wkhtmltopdf
 GH_PROJECT =   wkhtmltopdf
-GH_TAGNAME =   0.12.2.4
-REVISION = 3
-QT_COMMIT =7e48a1fac7e0f9aefccd01e9871f987da3a62fda
+GH_TAGNAME =   0.12.3.2
+QT_COMMIT =8dae19a82231e87366d81c683bafcb025aea9c1d
 MASTER_SITES0 =https://github.com/wkhtmltopdf/qt/archive/
 DISTFILES =${DISTNAME}.tar.gz \
wkhtmltopdf-qt-${QT_COMMIT}{${QT_COMMIT}}.tar.gz:0
Index: distinfo
===
RCS file: /cvs/ports/textproc/wkhtmltopdf/distinfo,v
retrieving revision 1.2
diff -u -p -r1.2 distinfo
--- distinfo6 Jan 2016 16:50:35 -   1.2
+++ distinfo27 Jul 2016 08:26:08 -
@@ -1,4 +1,4 @@
-SHA256 (wkhtmltopdf-0.12.2.4.tar.gz) = 
27AWbpzhkeeH6QlgHkzbrnEGnylpM2Lt9c19TUREcog=
-SHA256 (wkhtmltopdf-qt-7e48a1fac7e0f9aefccd01e9871f987da3a62fda.tar.gz) = 
0uxGcEwKVGE7Wlhv/0bSRZLFCiYYJJTxqkmKy0aLwlQ=
-SIZE (wkhtmltopdf-0.12.2.4.tar.gz) = 127595
-SIZE (wkhtmltopdf-qt-7e48a1fac7e0f9aefccd01e9871f987da3a62fda.tar.gz) = 
173043701
+SHA256 (wkhtmltopdf-0.12.3.2.tar.gz) = 
chUj74fMuTe/NxSt4ZsRL0y4os2EDjSzDybuJixB/hY=
+SHA256 (wkhtmltopdf-qt-8dae19a82231e87366d81c683bafcb025aea9c1d.tar.gz) = 
w7Fa4y044TfRu3BSWGNK+CFzbANS6VIVCk01NrjISl4=
+SIZE (wkhtmltopdf-0.12.3.2.tar.gz) = 128050
+SIZE (wkhtmltopdf-qt-8dae19a82231e87366d81c683bafcb025aea9c1d.tar.gz) = 
173040690

Re: Security update textproc/wkhtmltopdf-0.12.3.2

2016-07-28 Thread Frank Groeneveld

On Thu, Jul 28, 2016 at 12:54:52PM +0100, Stuart Henderson wrote:
> On 2016/07/28 01:02, Tinker wrote:
> > On 2016-07-27 16:36, Frank Groeneveld wrote:
> > > Attached patch updates wkhtmltopdf to the latest release. Some important
> > > security fixes (OpenSSL updates) were added ..
> > 
> > Can't it use the system's LibreSSL version??
> > 
> 
> I'm pretty sure it is, otherwise we wouldn't have needed the OPENSSL_NO_SSL3
> patches.

Yes, it doesn't use the bundled OpenSSl version, sorry for the
confusion. It seems the 0.12.3.1 and 0.12.3.2 releases are mostly done
for Windows users which do use the bundled OpenSSL:

https://github.com/wkhtmltopdf/wkhtmltopdf/releases/tag/0.12.3.2
https://github.com/wkhtmltopdf/wkhtmltopdf/releases/tag/0.12.3.1

Other platforms only need the fixes that were done in 0.12.3, which
according to the changelog, don't include security fixes:

https://github.com/wkhtmltopdf/wkhtmltopdf/releases/tag/0.12.3

I'll bring this patch up again after the lock is removed, because
without security issues there is no rush this port update.

Frank

Re: Security update textproc/wkhtmltopdf-0.12.3.2

2016-07-28 Thread Stuart Henderson

On 2016/07/28 01:02, Tinker wrote:
> On 2016-07-27 16:36, Frank Groeneveld wrote:
> > Attached patch updates wkhtmltopdf to the latest release. Some important
> > security fixes (OpenSSL updates) were added ..
> 
> Can't it use the system's LibreSSL version??
> 

I'm pretty sure it is, otherwise we wouldn't have needed the OPENSSL_NO_SSL3
patches.

Re: Security update textproc/wkhtmltopdf-0.12.3.2

2016-07-27 Thread Tinker


On 2016-07-27 16:36, Frank Groeneveld wrote:
Attached patch updates wkhtmltopdf to the latest release. Some 
important

security fixes (OpenSSL updates) were added ..


Can't it use the system's LibreSSL version??

Re: Security update textproc/wkhtmltopdf-0.12.3.2

2016-07-27 Thread Frank Groeneveld

On Wed, Jul 27, 2016 at 10:59:45AM +0200, Rafael Sadowski wrote:
> > ? wkhtmltopdf-0.12.3.2.patch
> 
> Remove it and create new diff.

Attached.

> > -GH_TAGNAME =   0.12.2.4
> > -REVISION = 3
> > -QT_COMMIT =7e48a1fac7e0f9aefccd01e9871f987da3a62fda
> > +GH_TAGNAME =   0.12.3.2
> > +QT_COMMIT =8dae19a82231e87366d81c683bafcb025aea9c1d
> 
> QT_COMMIT is wrong but it works because GH_TAGNAME is set. You can
> remove QT_COMMIT.

Have a look at the full file, we're actually gathering two seperate
projects on Github and merging those in one build. The patched QT
doesn't have git tags, so that's why we have a ref there.

Frank
Index: Makefile
===
RCS file: /cvs/ports/textproc/wkhtmltopdf/Makefile,v
retrieving revision 1.8
diff -u -p -r1.8 Makefile
--- Makefile3 Apr 2016 14:20:03 -   1.8
+++ Makefile27 Jul 2016 08:26:08 -
@@ -7,9 +7,8 @@ COMMENT =   convert HTML to PDF using Web
 
 GH_ACCOUNT =   wkhtmltopdf
 GH_PROJECT =   wkhtmltopdf
-GH_TAGNAME =   0.12.2.4
-REVISION = 3
-QT_COMMIT =7e48a1fac7e0f9aefccd01e9871f987da3a62fda
+GH_TAGNAME =   0.12.3.2
+QT_COMMIT =8dae19a82231e87366d81c683bafcb025aea9c1d
 MASTER_SITES0 =https://github.com/wkhtmltopdf/qt/archive/
 DISTFILES =${DISTNAME}.tar.gz \
wkhtmltopdf-qt-${QT_COMMIT}{${QT_COMMIT}}.tar.gz:0
Index: distinfo
===
RCS file: /cvs/ports/textproc/wkhtmltopdf/distinfo,v
retrieving revision 1.2
diff -u -p -r1.2 distinfo
--- distinfo6 Jan 2016 16:50:35 -   1.2
+++ distinfo27 Jul 2016 08:26:08 -
@@ -1,4 +1,4 @@
-SHA256 (wkhtmltopdf-0.12.2.4.tar.gz) = 
27AWbpzhkeeH6QlgHkzbrnEGnylpM2Lt9c19TUREcog=
-SHA256 (wkhtmltopdf-qt-7e48a1fac7e0f9aefccd01e9871f987da3a62fda.tar.gz) = 
0uxGcEwKVGE7Wlhv/0bSRZLFCiYYJJTxqkmKy0aLwlQ=
-SIZE (wkhtmltopdf-0.12.2.4.tar.gz) = 127595
-SIZE (wkhtmltopdf-qt-7e48a1fac7e0f9aefccd01e9871f987da3a62fda.tar.gz) = 
173043701
+SHA256 (wkhtmltopdf-0.12.3.2.tar.gz) = 
chUj74fMuTe/NxSt4ZsRL0y4os2EDjSzDybuJixB/hY=
+SHA256 (wkhtmltopdf-qt-8dae19a82231e87366d81c683bafcb025aea9c1d.tar.gz) = 
w7Fa4y044TfRu3BSWGNK+CFzbANS6VIVCk01NrjISl4=
+SIZE (wkhtmltopdf-0.12.3.2.tar.gz) = 128050
+SIZE (wkhtmltopdf-qt-8dae19a82231e87366d81c683bafcb025aea9c1d.tar.gz) = 
173040690

Security update textproc/wkhtmltopdf-0.12.3.2

2016-07-27 Thread Frank Groeneveld

Attached patch updates wkhtmltopdf to the latest release. Some important
security fixes (OpenSSL updates) were added and some minor bugfixes are
included as well. I've tested this in production on our servers and the
produced PDF files seem to be visually identical.

Can this be included in 6.0 or should it wait?

Frank
? wkhtmltopdf-0.12.3.2.patch
Index: Makefile
===
RCS file: /cvs/ports/textproc/wkhtmltopdf/Makefile,v
retrieving revision 1.8
diff -u -p -r1.8 Makefile
--- Makefile3 Apr 2016 14:20:03 -   1.8
+++ Makefile27 Jul 2016 08:26:08 -
@@ -7,9 +7,8 @@ COMMENT =   convert HTML to PDF using Web
 
 GH_ACCOUNT =   wkhtmltopdf
 GH_PROJECT =   wkhtmltopdf
-GH_TAGNAME =   0.12.2.4
-REVISION = 3
-QT_COMMIT =7e48a1fac7e0f9aefccd01e9871f987da3a62fda
+GH_TAGNAME =   0.12.3.2
+QT_COMMIT =8dae19a82231e87366d81c683bafcb025aea9c1d
 MASTER_SITES0 =https://github.com/wkhtmltopdf/qt/archive/
 DISTFILES =${DISTNAME}.tar.gz \
wkhtmltopdf-qt-${QT_COMMIT}{${QT_COMMIT}}.tar.gz:0
Index: distinfo
===
RCS file: /cvs/ports/textproc/wkhtmltopdf/distinfo,v
retrieving revision 1.2
diff -u -p -r1.2 distinfo
--- distinfo6 Jan 2016 16:50:35 -   1.2
+++ distinfo27 Jul 2016 08:26:08 -
@@ -1,4 +1,4 @@
-SHA256 (wkhtmltopdf-0.12.2.4.tar.gz) = 
27AWbpzhkeeH6QlgHkzbrnEGnylpM2Lt9c19TUREcog=
-SHA256 (wkhtmltopdf-qt-7e48a1fac7e0f9aefccd01e9871f987da3a62fda.tar.gz) = 
0uxGcEwKVGE7Wlhv/0bSRZLFCiYYJJTxqkmKy0aLwlQ=
-SIZE (wkhtmltopdf-0.12.2.4.tar.gz) = 127595
-SIZE (wkhtmltopdf-qt-7e48a1fac7e0f9aefccd01e9871f987da3a62fda.tar.gz) = 
173043701
+SHA256 (wkhtmltopdf-0.12.3.2.tar.gz) = 
chUj74fMuTe/NxSt4ZsRL0y4os2EDjSzDybuJixB/hY=
+SHA256 (wkhtmltopdf-qt-8dae19a82231e87366d81c683bafcb025aea9c1d.tar.gz) = 
w7Fa4y044TfRu3BSWGNK+CFzbANS6VIVCk01NrjISl4=
+SIZE (wkhtmltopdf-0.12.3.2.tar.gz) = 128050
+SIZE (wkhtmltopdf-qt-8dae19a82231e87366d81c683bafcb025aea9c1d.tar.gz) = 
173040690

Re: Security update textproc/wkhtmltopdf-0.12.3.2

Re: Security update textproc/wkhtmltopdf-0.12.3.2

Re: Security update textproc/wkhtmltopdf-0.12.3.2

Re: Security update textproc/wkhtmltopdf-0.12.3.2

Re: Security update textproc/wkhtmltopdf-0.12.3.2

Re: Security update textproc/wkhtmltopdf-0.12.3.2

Re: Security update textproc/wkhtmltopdf-0.12.3.2

Re: Security update textproc/wkhtmltopdf-0.12.3.2

Security update textproc/wkhtmltopdf-0.12.3.2

9 matches

Site Navigation

Mail list logo

Footer information