tun support patches from csszep at gmail
-----
strongSwan is reasonably portable open source VPN software supporting
both IKEv1 and IKEv2. It has wide support for authentication types
including IKEv1 XAUTH (username and password) and multiple IKEv2 EAP
mechanisms on both server and client side.
The OpenBSD port currently provides only the "kernel-libipsec" plugin.
This operates in userland via tun(4) devices and strongSwan's own
IPsec implementation rather than using kernel IPsec - it is suggested
that this is only used for testing or in client situations where the
native IPsec software (isakmpd and iked) does not support the required
functionality.
-----
without flags, the main fping binary is v4/v6 dual stack, use -4 / -6 to
force one particular af.
a v6-only fping6 is installed to provide support for dependent ports, using
the method from https://github.com/schweikert/fping/pull/139
lang/python/python.port.mk revision 1.102 and 1.103 added
MODPY_TEST_LOCALE and MODPY_PYTEST respectively, nicely wrapping up the
usual pytest dance.
This removes hand-rolled do-tests from all 70 ports by setting
MODPY_PYTEST=Yes and MODPY_TEST_LOCALE as well as HOME=${WRKDIR} to TESTENV
as needed.
From Kurt Mosiejczuk <kurt at cranky dot work>, thanks!
OK sthen
unifi requires javax.activation from activation.jar, which is present
and active in jdk 8, present but deprecated in 9/10 (hidden behind a
command-line flag), and removed in jdk 11.
add a FETCH_MANUALLY distfile to take this from Java Activation Framework;
this is under Oracle's binary license with an indemnity clause so you get
to download it yourself, but it's fairly straightforward. adapt the startup
script to cope.
environment, which will reduce complexity in java.port.mk when jdk 11 is
added. direction agreed with kurt@.
- switch all MODJAVA_VER to at least 1.8 (we don't currently have any
version earlier than this anyway).
- drop MODJAVA_JRERUN, the separate jre package will be going away with
jdk 11.
- bump changed ports
to new (if you see messages with keywords like "Severity: %severity" you
need to do this) - at present there's a built-in converter but this won't
stay around forever.
run cert bootstrap there, this is complicated enough to configure it's
best if things match upstream's documentation as closely as possible.
prompted by a mail from Julien Dhaille
snprintf().
jasper@ found a POC (https://github.com/b1ack0wl/miniupnpd_poc) for a
read out-of-bounds vulnerability in miniupnpd. Fix has been provided by
upstream.
POC seems to work, so does the fix.
Simplified port by removing python related multipackage. No objections
received.
Bumped major of SHARED_LIBS as symbols have been removed.
Hints and tips from sthen@, thanks!
OK sthen@
Comment:
P2P payment system
Description:
Litecoin is a peer-to-peer Internet currency that enables instant payments to
anyone in the world. It is based on the Bitcoin protocol but differs from
Bitcoin in that it can be efficiently mined with consumer-grade hardware.
Litecoin provides faster transaction confirmations (2.5 minutes on average) and
uses memory-hard, scrypt-based mining proof-of-work algorithm to target the
regular computers and GPUs most people already have. The Litecoin network is
scheduled to produce 84 million currency units.
One of the aims of Litecoin was to provide a mining algorithm that could run at
the same time, on the same hardware used to mine bitcoins. With the rise of
specialized ASICs for Bitcoin, Litecoin continues to satisfy these goals. It is
unlikely for ASIC mining to be developed for Litecoin until the currency is
widely used.
Maintainer: Rafael Sadowski <rsadowski@openbsd.org>
WWW: https://litecoin.org
GNU Dico is a flexible modular implementation of DICT server (RFC 2229).
In contrast to other implementations, it does not depend on a particular
database format. GNU Dico handles database accesses using loadable modules.
The package is shipped with quite a few modules that provide support for the
most often used database formats and strategies. New modules can easily be
written in C, Guile or Python. The module API is mature and well documented.
The package also includes a console client program that can be used to query
remote dictionary servers.
ok juanfra@ sthen@
i386 and amd64 with a couple of different wifi adapters by myself
and kili@ test on amd64.
lots of things changed, gpsmap GUI is gone. security model changed,
see MESSAGE. Take over MAINTAINER from kili@
OK kili@
Comment:
fork of libstrophe for use with profanity XMPP client
Description:
libmesode is a minimal XMPP library written in C. libmesode is a fork of
libstrophe for use in Profanity (ports/net/profanity).
Reasons for forking:
Remove Windows support
Support only one XML Parser implementation (expat)
Support only one SSL implementation (OpenSSL)
This simplifies maintenance of the library when used in Profanity.
Whilst Profanity will run against libstrophe, libmesode provides extra TLS
functionality such as manual SSL certificate verification.
Maintainer: Rafael Sadowski <rsadowski@openbsd.org>
WWW: https://github.com/boothj5/libmesode
Tweaks, advices and patches by jca@
OK sthen@ "If things are still working with it"
OK jca@ "If you know that consumer ports can cope with this update"
CVE-2018-5744: A specially crafted packet can cause named to leak memory
...
A failure to free memory can occur when processing messages
having a specific combination of EDNS options.
By exploiting this condition, an attacker can potentially cause
named's memory use to grow without bounds until all memory
available to the process is exhausted. Typically a server process
is limited as to the amount of memory it can use but if the named
process is not limited by the operating system all free memory
on the server could be exhausted.
...
CVE-2018-5745: An assertion failure can occur if a trust anchor
rolls over to an unsupported key algorithm when using managed-keys
(there is also CVE-2019-6465 but we don't build dlz)
This module provides an API for the GeoIP2 web services and databases.
The API also works with the free GeoLite2 databases.
See GeoIP2::WebService::Client for details on the web service client API
and GeoIP2::Database::Reader for the database API.
OK giovanni@
are included in packages)
- as this is port-only (no redistribution) and the dependencies have
slow builds, print a message suggesting use of FETCH_PACKAGES if it
wasn't already used.
Unicode 9.0 changed certain character widths, libutf8proc is used by
upstream to cope with this[0].
Our www/netsurf/libutf8proc is not same and builds fail if it's picked up.
Noticed the hard way by ajacoutot, thanks!
0: https://github.com/irssi/irssi/issues/720
This module provides an alternative API to NetAddr::IP that aims to address
the biggest problems with that module's API, as well as adding some additional
features.
OK giovanni@
knot's configure script tries to detect liblmdb.so and lmdb.h, if it
can't find them it automatically adds /usr/local/{include,lib}
to the search paths then rechecks. This works well on clang archs. On
gcc archs ports-gcc automatically adds /usr/local/lib to the ld(1)
search path so detection of liblmdb.so works out of the box, but lmdb.h
can't be found since /usr/local/include hasn't been added to CPPFLAGS,
triggering a fatal error. sigh
proxychains ng (new generation) - a preloader which hooks calls to
sockets in dynamically linked programs and redirects it through one or
more socks/http proxies. Continuation of the unmaintained proxychains
project.
feedback and OK jasper@
The curl configure script wants to take control of the compiler
flags for optimization and debugging. The actual interactions are
more complex, but the gist is that the flags are stripped from
CFLAGS, and if --enable-optimize or --enable-debug are specified,
an approved optimization or debugging flag is added.
report/ok bentley@