Addressing failed setrlimit calls in sudo

Written in the mid-afternoon in English • Tags: ,

After installing sudo 1.8.29 from pkgsrc (security/sudo) I started frequently seeing this warning message:

sudo: setrlimit(3): Invalid argument

It took a few rounds, but eventually I applied an acceptable patch for the pkgsrc-2019Q4 release. Later an upstream workaround was committed and included in the sudo 1.8.30 release. (more…)

Fixed configure script in tcsh

Written at lunch time in English • Tags: ,

I noticed that tcsh 6.22.02 has a broken configure script:

./configure: gl_HOST_CPU_C_ABI_32BIT: not found

This looked like an unexpanded m4 macro to me. I was unable to reproduce the error if I ran autoreconf under Debian buster, so I switched to a NetBSD host and tried there. Indeed, running autoreconf resulted in the same broken configure script.

Upon closer inspection, it turns out that devel/gettext-m4 had been updated to a new version in pkgsrc without noticing that generated configure scripts now throw an error. The cause was a missing file (host-cpu-c-abi.m4).

For some reason the package Makefile has a hardcoded list of files to install from gettext-tools/gnulib-m4 (as opposed to calling the install target via make). The reason is probably to avoid unnecessary or irrelevant files. However, this means that any relevant changes to gettext-tools/gnulib-m4/Makefile can easily go unnoticed.

I’ve added the missing file to the list, but I worry that this approach is prone to errors. Perhaps some easy check could be added and noted in the package Makefile to detect problems, e.g. generating a sample configure script before committing a version update.

I’ve released roller 1.21 for ease of packaging in pkgsrc. The only change is to match the new option names in pflogsumm 1.1.5.
I’ve fixed matching of IPv6 addresses in sysutils/pflogsumm and also updated it to version 1.1.5 in pkgsrc. Note that the naming of options has changed from using underscores to using hyphens.
I fished out a couple of upstream commits (patch #1 and patch #2) for net/mtr to silence the Error decoding localhost address messages.
I applied a small patch to mail/postgrey to silence an error about the PID file when stopping the service.
I fished out an upstream commit to graphics/gd to address CVE-2018-1000222. While there, I also restored the option to make linking with libtiff optional.
Nginx version 1.6.2 is now available in pkgsrc as www/nginx. Addresses an SSL session reuse vulnerability (CVE-2014-3616). Enjoy!
Net::INET6Glue version 0.6.2 is now available in pkgsrc as net/p5-Net-INET6Glue. Patched to avoid warnings with the default Perl version 5.20. Enjoy!
GNU Screen version 4.2.1 is now available in pkgsrc as misc/screen. Enjoy! (2)