Rubén Llorente <port...@use.startmail.com> wrote: > On Fri, May 20, 2022 at 07:35:14PM +0200, Omar Polo wrote: > > The good news is that with the above changes the ports looks good IMHO. > > The bad news is that now the builds fails (link error in the embedded > > lzma copy) so it needs more work (using lzma from ports if possible) > > > > I'm attaching a tarball with above suggestions included. > > > > Cheers, > > > > Omar Polo > > > > Hello, > > I am testing the new iteration of the port and so far the bundled lzma > is not crashing on me.
I can't reproduce the build failure either. Now it seems to correctly pick up lz4 from ports automatically \o/ > On the other hand I have already included the security fix in my local > version of the port. i'm attaching another version: - LIB_DEPENDS and WANTLIB fixed (was lacking lz4) - plist updated (now that uses lz4 doesn't install the library anymore) - uses the commit with the CVE-2018-5786 fix it still probably needs something to limit the amount of ram it tries to allocate, see the other mail by Stuart. I agree with him that this should use getrlimit(RLIMIT_DATA) instead of physmem.
lrzip.tar.gz
Description: GNU Zip compressed data
