[UPDATE] www/links+ to 1.15

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

[UPDATE] www/links+ to 1.15

trondd-2
Easy update for links+ to 1.15.  Built against clang 6.

Full changelog at http://links.twibright.com/download/ChangeLog
Some notable udates:

Rewrite google docs URLs to the download link, so that the file can be
viewed in external viewer

Support international domain names

Fix reading one byte beyond allocated space in case of corrupted
UTF-8 data - CVE-2017-11114

Use built-in SSL certificates (ed. Optional)
This improves tor hardening (the tor exit node could not differentiate
links users from each other based on installed certificates)
It also makes it possible to use certificate verification on systems
with no default certificate store

Report IP addresses in the "Document info" box.

Implement a small connection timeout when connecting to a host with
multiple addresses, so that there is faster fallback from IPv6 to IPv4.

Avoid memcpy with NULL source argument and zero length (it doesn't
crash, but it's formally incorrect and the sanitizer warns about it)

Make the "dns-prefetch" link prefetch just dns, not the whole document

Fix compilation failure on OpenBSD because OpenBSD removed
the timeout_* macros from libevent

Use OpenSSL functions X509_check_host and X509_check_ip if available

Use session cache on https


Tim.


Index: Makefile
===================================================================
RCS file: /cvs/ports/www/links+/Makefile,v
retrieving revision 1.60
diff -u -p -r1.60 Makefile
--- Makefile 30 Nov 2016 19:42:15 -0000 1.60
+++ Makefile 14 Apr 2018 20:54:22 -0000
@@ -1,7 +1,7 @@
 # $OpenBSD: Makefile,v 1.60 2016/11/30 19:42:15 fcambus Exp $
 
 COMMENT= graphics and text browser
-VER= 2.14
+VER= 2.15
 DISTNAME= links-${VER}
 PKGNAME= links+-${VER}
 CATEGORIES= www
Index: distinfo
===================================================================
RCS file: /cvs/ports/www/links+/distinfo,v
retrieving revision 1.31
diff -u -p -r1.31 distinfo
--- distinfo 30 Nov 2016 19:42:15 -0000 1.31
+++ distinfo 14 Apr 2018 20:54:22 -0000
@@ -1,2 +1,2 @@
-SHA256 (links-2.14.tar.gz) = IvqNy1pguP/WEd4x69THntzkcmN6NVS6tAF5XakdQ4c=
-SIZE (links-2.14.tar.gz) = 7142389
+SHA256 (links-2.15.tar.gz) = Z39ZS1jcUy5jkTzWG4XMGqbwOF4zO4h2brNBW0Gzo3U=
+SIZE (links-2.15.tar.gz) = 7358450
Index: patches/patch-html_c
===================================================================
RCS file: /cvs/ports/www/links+/patches/patch-html_c,v
retrieving revision 1.16
diff -u -p -r1.16 patch-html_c
--- patches/patch-html_c 3 Sep 2016 09:33:19 -0000 1.16
+++ patches/patch-html_c 14 Apr 2018 20:54:22 -0000
@@ -1,7 +1,8 @@
 $OpenBSD: patch-html_c,v 1.16 2016/09/03 09:33:19 sthen Exp $
---- html.c.orig Fri Jun 17 16:33:57 2016
-+++ html.c Thu Sep  1 20:13:58 2016
-@@ -987,6 +987,7 @@ static void html_a(unsigned char *a)
+Index: html.c
+--- html.c.orig
++++ html.c
+@@ -1004,6 +1004,7 @@ static void html_a(unsigned char *a)
  format_.target = stracpy(format_.target_base);
  }
  /*format_.attr ^= AT_BOLD;*/
Index: patches/patch-https_c
===================================================================
RCS file: /cvs/ports/www/links+/patches/patch-https_c,v
retrieving revision 1.5
diff -u -p -r1.5 patch-https_c
--- patches/patch-https_c 30 Nov 2016 19:42:15 -0000 1.5
+++ patches/patch-https_c 14 Apr 2018 20:54:22 -0000
@@ -1,7 +1,8 @@
 $OpenBSD: patch-https_c,v 1.5 2016/11/30 19:42:15 fcambus Exp $
---- https.c.orig Sat Nov 19 13:52:07 2016
-+++ https.c Mon Nov 28 22:16:21 2016
-@@ -88,6 +88,11 @@ links_ssl *getSSL(void)
+Index: https.c
+--- https.c.orig
++++ https.c
+@@ -261,6 +261,11 @@ links_ssl *getSSL(void)
  RAND_write_file(cast_const_char f_randfile);
  }
  }

Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] www/links+ to 1.15

Klemens Nanni-2
On Sun, Apr 15, 2018 at 11:30:22AM -0400, trondd wrote:

> Easy update for links+ to 1.15.  Built against clang 6.
>
> Full changelog at http://links.twibright.com/download/ChangeLog
> Some notable udates:
>
> Rewrite google docs URLs to the download link, so that the file can be
> viewed in external viewer
>
> Support international domain names
>
> Fix reading one byte beyond allocated space in case of corrupted
> UTF-8 data - CVE-2017-11114
>
> Use built-in SSL certificates (ed. Optional)
> This improves tor hardening (the tor exit node could not differentiate
> links users from each other based on installed certificates)
> It also makes it possible to use certificate verification on systems
> with no default certificate store
>
> Report IP addresses in the "Document info" box.
>
> Implement a small connection timeout when connecting to a host with
> multiple addresses, so that there is faster fallback from IPv6 to IPv4.
>
> Avoid memcpy with NULL source argument and zero length (it doesn't
> crash, but it's formally incorrect and the sanitizer warns about it)
>
> Make the "dns-prefetch" link prefetch just dns, not the whole document
>
> Fix compilation failure on OpenBSD because OpenBSD removed
> the timeout_* macros from libevent
>
> Use OpenSSL functions X509_check_host and X509_check_ip if available
>
> Use session cache on https
Builds fine on amd64, lightly run tested.

OK kn with SEPARATE_BUILD=Yes set.

Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] www/links+ to 1.15

trondd-2
On Sun, April 15, 2018 12:36 pm, Klemens Nanni wrote:

> On Sun, Apr 15, 2018 at 11:30:22AM -0400, trondd wrote:
>> Easy update for links+ to 1.15.  Built against clang 6.
>>
>> Full changelog at http://links.twibright.com/download/ChangeLog
>> Some notable udates:
>>
>> Rewrite google docs URLs to the download link, so that the file can be
>> viewed in external viewer
>>
>> Support international domain names
>>
>> Fix reading one byte beyond allocated space in case of corrupted
>> UTF-8 data - CVE-2017-11114
>>
>> Use built-in SSL certificates (ed. Optional)
>> This improves tor hardening (the tor exit node could not differentiate
>> links users from each other based on installed certificates)
>> It also makes it possible to use certificate verification on systems
>> with no default certificate store
>>
>> Report IP addresses in the "Document info" box.
>>
>> Implement a small connection timeout when connecting to a host with
>> multiple addresses, so that there is faster fallback from IPv6 to IPv4.
>>
>> Avoid memcpy with NULL source argument and zero length (it doesn't
>> crash, but it's formally incorrect and the sanitizer warns about it)
>>
>> Make the "dns-prefetch" link prefetch just dns, not the whole document
>>
>> Fix compilation failure on OpenBSD because OpenBSD removed
>> the timeout_* macros from libevent
>>
>> Use OpenSSL functions X509_check_host and X509_check_ip if available
>>
>> Use session cache on https
> Builds fine on amd64, lightly run tested.
>
> OK kn with SEPARATE_BUILD=Yes set.
>

Sorry for the multi-post.  Network issue on my end.

What is the policy around setting SEPARATE_BUILD?  Any GNU build?  Not
just builds that require it?

Tim.


Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] www/links+ to 1.15

Anthony J. Bentley-4
trondd writes:
> What is the policy around setting SEPARATE_BUILD?  Any GNU build?  Not
> just builds that require it?

I don't know that there is any "policy", other than "set SEPARATE_BUILD
if needed, and don't set it if it breaks".

Certainly if it works, it's nice to have even when it's not strictly
needed. But I doubt anybody will be sweeping the whole tree for it
anytime soon, probably...

--
Anthony J. Bentley

Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] www/links+ to 1.15

Stuart Henderson
In reply to this post by trondd-2
On 2018/04/15 16:48, trondd wrote:
> What is the policy around setting SEPARATE_BUILD?  Any GNU build?  Not
> just builds that require it?

It's useful for large ports where you might want to "make clean=build"
and they take a long time to extract/patch.

Otherwise it's pointless and can make extra work for updates because
upstreams often don't test out-of-tree builds (and especially "make
test" in that case) regularly.

Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] www/links+ to 1.15

trondd-2
On Mon, April 16, 2018 7:01 am, Stuart Henderson wrote:

> On 2018/04/15 16:48, trondd wrote:
>> What is the policy around setting SEPARATE_BUILD?  Any GNU build?  Not
>> just builds that require it?
>
> It's useful for large ports where you might want to "make clean=build"
> and they take a long time to extract/patch.
>
> Otherwise it's pointless and can make extra work for updates because
> upstreams often don't test out-of-tree builds (and especially "make
> test" in that case) regularly.
>

I don't consider links+ to be a large port.  It builds either way, so I
don't have a strong opinion about it.

Whatever it takes to get it commited.

Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] www/links+ to 1.15

Stuart Henderson
On 2018/04/16 16:34, trondd wrote:

> On Mon, April 16, 2018 7:01 am, Stuart Henderson wrote:
> > On 2018/04/15 16:48, trondd wrote:
> >> What is the policy around setting SEPARATE_BUILD?  Any GNU build?  Not
> >> just builds that require it?
> >
> > It's useful for large ports where you might want to "make clean=build"
> > and they take a long time to extract/patch.
> >
> > Otherwise it's pointless and can make extra work for updates because
> > upstreams often don't test out-of-tree builds (and especially "make
> > test" in that case) regularly.
> >
>
> I don't consider links+ to be a large port.  It builds either way, so I
> don't have a strong opinion about it.
>
> Whatever it takes to get it commited.
>

At the moment what it'll take is getting the clang 6 fallout under
control before we start committing other things again, other things
are pretty much all on hold at present.

Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] www/links+ to 1.15

trondd-2
In reply to this post by trondd-2
Ping for hackathon!

On Sun, April 15, 2018 11:30 am, trondd wrote:

> Easy update for links+ to 1.15.  Built against clang 6.
>
> Full changelog at http://links.twibright.com/download/ChangeLog
> Some notable udates:
>
> Rewrite google docs URLs to the download link, so that the file can be
> viewed in external viewer
>
> Support international domain names
>
> Fix reading one byte beyond allocated space in case of corrupted
> UTF-8 data - CVE-2017-11114
>
> Use built-in SSL certificates (ed. Optional)
> This improves tor hardening (the tor exit node could not differentiate
> links users from each other based on installed certificates)
> It also makes it possible to use certificate verification on systems
> with no default certificate store
>
> Report IP addresses in the "Document info" box.
>
> Implement a small connection timeout when connecting to a host with
> multiple addresses, so that there is faster fallback from IPv6 to IPv4.
>
> Avoid memcpy with NULL source argument and zero length (it doesn't
> crash, but it's formally incorrect and the sanitizer warns about it)
>
> Make the "dns-prefetch" link prefetch just dns, not the whole document
>
> Fix compilation failure on OpenBSD because OpenBSD removed
> the timeout_* macros from libevent
>
> Use OpenSSL functions X509_check_host and X509_check_ip if available
>
> Use session cache on https
>
>
> Tim.
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/www/links+/Makefile,v
> retrieving revision 1.60
> diff -u -p -r1.60 Makefile
> --- Makefile 30 Nov 2016 19:42:15 -0000 1.60
> +++ Makefile 14 Apr 2018 20:54:22 -0000
> @@ -1,7 +1,7 @@
>  # $OpenBSD: Makefile,v 1.60 2016/11/30 19:42:15 fcambus Exp $
>
>  COMMENT= graphics and text browser
> -VER= 2.14
> +VER= 2.15
>  DISTNAME= links-${VER}
>  PKGNAME= links+-${VER}
>  CATEGORIES= www
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/www/links+/distinfo,v
> retrieving revision 1.31
> diff -u -p -r1.31 distinfo
> --- distinfo 30 Nov 2016 19:42:15 -0000 1.31
> +++ distinfo 14 Apr 2018 20:54:22 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (links-2.14.tar.gz) = IvqNy1pguP/WEd4x69THntzkcmN6NVS6tAF5XakdQ4c=
> -SIZE (links-2.14.tar.gz) = 7142389
> +SHA256 (links-2.15.tar.gz) = Z39ZS1jcUy5jkTzWG4XMGqbwOF4zO4h2brNBW0Gzo3U=
> +SIZE (links-2.15.tar.gz) = 7358450
> Index: patches/patch-html_c
> ===================================================================
> RCS file: /cvs/ports/www/links+/patches/patch-html_c,v
> retrieving revision 1.16
> diff -u -p -r1.16 patch-html_c
> --- patches/patch-html_c 3 Sep 2016 09:33:19 -0000 1.16
> +++ patches/patch-html_c 14 Apr 2018 20:54:22 -0000
> @@ -1,7 +1,8 @@
>  $OpenBSD: patch-html_c,v 1.16 2016/09/03 09:33:19 sthen Exp $
> ---- html.c.orig Fri Jun 17 16:33:57 2016
> -+++ html.c Thu Sep  1 20:13:58 2016
> -@@ -987,6 +987,7 @@ static void html_a(unsigned char *a)
> +Index: html.c
> +--- html.c.orig
> ++++ html.c
> +@@ -1004,6 +1004,7 @@ static void html_a(unsigned char *a)
>   format_.target = stracpy(format_.target_base);
>   }
>   /*format_.attr ^= AT_BOLD;*/
> Index: patches/patch-https_c
> ===================================================================
> RCS file: /cvs/ports/www/links+/patches/patch-https_c,v
> retrieving revision 1.5
> diff -u -p -r1.5 patch-https_c
> --- patches/patch-https_c 30 Nov 2016 19:42:15 -0000 1.5
> +++ patches/patch-https_c 14 Apr 2018 20:54:22 -0000
> @@ -1,7 +1,8 @@
>  $OpenBSD: patch-https_c,v 1.5 2016/11/30 19:42:15 fcambus Exp $
> ---- https.c.orig Sat Nov 19 13:52:07 2016
> -+++ https.c Mon Nov 28 22:16:21 2016
> -@@ -88,6 +88,11 @@ links_ssl *getSSL(void)
> +Index: https.c
> +--- https.c.orig
> ++++ https.c
> +@@ -261,6 +261,11 @@ links_ssl *getSSL(void)
>   RAND_write_file(cast_const_char f_randfile);
>   }
>   }
>


Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] www/links+ to 1.15

Brian Callahan-3

On 04/25/18 20:18, trondd wrote:
> Ping for hackathon!

I've committed this, without the SEPARATE_BUILD=Yes (I agree with
sthen@'s analysis) and with --without-brotli added to CONFIGURE_ARGS
since links+ will pick it up automagically if you have archivers/brotli
installed.

~Brian

> On Sun, April 15, 2018 11:30 am, trondd wrote:
>> Easy update for links+ to 1.15.  Built against clang 6.
>>
>> Full changelog at http://links.twibright.com/download/ChangeLog
>> Some notable udates:
>>
>> Rewrite google docs URLs to the download link, so that the file can be
>> viewed in external viewer
>>
>> Support international domain names
>>
>> Fix reading one byte beyond allocated space in case of corrupted
>> UTF-8 data - CVE-2017-11114
>>
>> Use built-in SSL certificates (ed. Optional)
>> This improves tor hardening (the tor exit node could not differentiate
>> links users from each other based on installed certificates)
>> It also makes it possible to use certificate verification on systems
>> with no default certificate store
>>
>> Report IP addresses in the "Document info" box.
>>
>> Implement a small connection timeout when connecting to a host with
>> multiple addresses, so that there is faster fallback from IPv6 to IPv4.
>>
>> Avoid memcpy with NULL source argument and zero length (it doesn't
>> crash, but it's formally incorrect and the sanitizer warns about it)
>>
>> Make the "dns-prefetch" link prefetch just dns, not the whole document
>>
>> Fix compilation failure on OpenBSD because OpenBSD removed
>> the timeout_* macros from libevent
>>
>> Use OpenSSL functions X509_check_host and X509_check_ip if available
>>
>> Use session cache on https
>>
>>
>> Tim.
>>
>>
>> Index: Makefile
>> ===================================================================
>> RCS file: /cvs/ports/www/links+/Makefile,v
>> retrieving revision 1.60
>> diff -u -p -r1.60 Makefile
>> --- Makefile 30 Nov 2016 19:42:15 -0000 1.60
>> +++ Makefile 14 Apr 2018 20:54:22 -0000
>> @@ -1,7 +1,7 @@
>>   # $OpenBSD: Makefile,v 1.60 2016/11/30 19:42:15 fcambus Exp $
>>
>>   COMMENT= graphics and text browser
>> -VER= 2.14
>> +VER= 2.15
>>   DISTNAME= links-${VER}
>>   PKGNAME= links+-${VER}
>>   CATEGORIES= www
>> Index: distinfo
>> ===================================================================
>> RCS file: /cvs/ports/www/links+/distinfo,v
>> retrieving revision 1.31
>> diff -u -p -r1.31 distinfo
>> --- distinfo 30 Nov 2016 19:42:15 -0000 1.31
>> +++ distinfo 14 Apr 2018 20:54:22 -0000
>> @@ -1,2 +1,2 @@
>> -SHA256 (links-2.14.tar.gz) = IvqNy1pguP/WEd4x69THntzkcmN6NVS6tAF5XakdQ4c=
>> -SIZE (links-2.14.tar.gz) = 7142389
>> +SHA256 (links-2.15.tar.gz) = Z39ZS1jcUy5jkTzWG4XMGqbwOF4zO4h2brNBW0Gzo3U=
>> +SIZE (links-2.15.tar.gz) = 7358450
>> Index: patches/patch-html_c
>> ===================================================================
>> RCS file: /cvs/ports/www/links+/patches/patch-html_c,v
>> retrieving revision 1.16
>> diff -u -p -r1.16 patch-html_c
>> --- patches/patch-html_c 3 Sep 2016 09:33:19 -0000 1.16
>> +++ patches/patch-html_c 14 Apr 2018 20:54:22 -0000
>> @@ -1,7 +1,8 @@
>>   $OpenBSD: patch-html_c,v 1.16 2016/09/03 09:33:19 sthen Exp $
>> ---- html.c.orig Fri Jun 17 16:33:57 2016
>> -+++ html.c Thu Sep  1 20:13:58 2016
>> -@@ -987,6 +987,7 @@ static void html_a(unsigned char *a)
>> +Index: html.c
>> +--- html.c.orig
>> ++++ html.c
>> +@@ -1004,6 +1004,7 @@ static void html_a(unsigned char *a)
>>     format_.target = stracpy(format_.target_base);
>>     }
>>     /*format_.attr ^= AT_BOLD;*/
>> Index: patches/patch-https_c
>> ===================================================================
>> RCS file: /cvs/ports/www/links+/patches/patch-https_c,v
>> retrieving revision 1.5
>> diff -u -p -r1.5 patch-https_c
>> --- patches/patch-https_c 30 Nov 2016 19:42:15 -0000 1.5
>> +++ patches/patch-https_c 14 Apr 2018 20:54:22 -0000
>> @@ -1,7 +1,8 @@
>>   $OpenBSD: patch-https_c,v 1.5 2016/11/30 19:42:15 fcambus Exp $
>> ---- https.c.orig Sat Nov 19 13:52:07 2016
>> -+++ https.c Mon Nov 28 22:16:21 2016
>> -@@ -88,6 +88,11 @@ links_ssl *getSSL(void)
>> +Index: https.c
>> +--- https.c.orig
>> ++++ https.c
>> +@@ -261,6 +261,11 @@ links_ssl *getSSL(void)
>>     RAND_write_file(cast_const_char f_randfile);
>>     }
>>     }
>>
>