I added a patch to www/nginx from an upstream commit to address CVE-2019-20372. Version 1.16.1nb2 includes the patch. (0)
In order to reduce the number of vulnerabilities on my systems, I added some patches to devel/ncurses (and devel/ncursesw) to address CVE-2018-19211, CVE-2019-17594, and CVE-2019-17595. Version 6.1nb7 includes the patches. (0)
I have restored fetching of correct upstream files for print/psify. Looks like we pointed to the wrong files for 13 years. (0)
I updated sysutils/rsnapshot to 1.4.3 in another long-overdue commit (notable changes). (0)
I updated net/tcptraceroute6 to 1.0.4 to incorporate portability fixes from upstream. (0)
New releases of Remind have been coming out again, so I’ve updated time/remind to version 3.2.0. (more…) (0)
I committed a long overdue update for net/cisco-mibs to version 20170101, which appears to be the latest currently available. A good number of additional MIB files are now included. (0)

Addressing failed setrlimit calls in sudo

Written in the mid-afternoon in English • Tags: ,

After installing sudo 1.8.29 from pkgsrc (security/sudo) I started frequently seeing this warning message:

sudo: setrlimit(3): Invalid argument

It took a few rounds, but eventually I applied an acceptable patch for the pkgsrc-2019Q4 release. Later an upstream workaround was committed and included in the sudo 1.8.30 release. (more…)

Fixed configure script in tcsh

Written at lunch time in English • Tags: ,

I noticed that tcsh 6.22.02 has a broken configure script:

./configure: gl_HOST_CPU_C_ABI_32BIT: not found

This looked like an unexpanded m4 macro to me. I was unable to reproduce the error if I ran autoreconf under Debian buster, so I switched to a NetBSD host and tried there. Indeed, running autoreconf resulted in the same broken configure script.

Upon closer inspection, it turns out that devel/gettext-m4 had been updated to a new version in pkgsrc without noticing that generated configure scripts now throw an error. The cause was a missing file (host-cpu-c-abi.m4).

For some reason the package Makefile has a hardcoded list of files to install from gettext-tools/gnulib-m4 (as opposed to calling the install target via make). The reason is probably to avoid unnecessary or irrelevant files. However, this means that any relevant changes to gettext-tools/gnulib-m4/Makefile can easily go unnoticed.

I’ve added the missing file to the list, but I worry that this approach is prone to errors. Perhaps some easy check could be added and noted in the package Makefile to detect problems, e.g. generating a sample configure script before committing a version update.

I’ve released roller 1.21 for ease of packaging in pkgsrc. The only change is to match the new option names in pflogsumm 1.1.5.