On 2/5/23 17:20, Michael wrote: > On Sun, Feb 05, 2023 at 04:58:58PM -0500, A Tammy wrote: >> On 2/5/23 06:05, Michael wrote: >>> Ping. >>> >>> On Fri, Jan 20, 2023 at 11:26:12AM +0100, Michael wrote: >>>> Ping. >>>> >>>> On Fri, Jan 13, 2023 at 11:42:33AM +0100, Michael wrote: >>>>> Ping. >>>>> >>>>> On Fri, Jan 06, 2023 at 02:40:35PM +0100, Michael wrote: >>>>>> On Fri, Jan 06, 2023 at 01:22:23PM +0000, Stuart Henderson wrote: >>>>>>> On 2023/01/06 14:02, Michael wrote: >>>>>>>> Hi ports@, >>>>>>>> >>>>>>>> a few people have asked me off list to enable IDENT support for >>>>>>>> ngircd. >>>>>>>> As this is not something everybody will need I added a FLAVOR "ident" >>>>>>>> for this. >>>>>>> Seems that ident support is disabled by default and you need to enable >>>>>>> it >>>>>>> in config; if that's the case then I would recommend just building with >>>>>>> it enabled anyway, it's not a big dependency, and adding flavours means >>>>>>> extra work when testing updates. >>>>>>> >>>>>>> (If that's not the case, then please add a note to pkg/DESCR describing >>>>>>> the flavour). >>>>>>> [...] >>>>>> Hi Sturart, >>>>>> >>>>>> Thanks for the feedback. >>>>>> >>>>>> From ngircd.conf(5): >>>>>> >>>>>> Ident (boolean) >>>>>> If ngIRCd is compiled with IDENT support this can be used to >>>>>> disable IDENT lookups at run time. Users identified using IDENT >>>>>> are registered without the "~" character prepended to their user >>>>>> name. Default: yes. >>>>>> >>>>>> So ident is enabled by default if compiled in. Updated patch below. >> To re-iterate what Stuart said about enabling ident by default, in >> general we would want to add flavors if (a) the dependencies are really >> heavy (like mysql vs postgresql) or (b) adding this flavor increases the >> attack surface (like adding a new authentication module). >> I am not a huge/current user of ngircd so I am unable to comment on the >> usefulness of this feature but it does not seem like a security risk. Am >> I correct in this assumption? If so just enable it by default. >> >> Aisha > Hi Aisha, > > libident is ancient and has not been updated for years (decades?). It > still does its job but I personally would not want to have it enabled by > default (which would be the case if compiled in) in my ngircd > installation. It also should not be relevant for most ngircd users but > IDENT support is still in use with IRC in general and as I said, people > have asked me off list about it more than once. > > So given those two choices I would still go with the security reason to > have it as an extra flavor.
Thank you for explaining, I agree with your reasoning now. Committed thank you :) > >>>>>> Index: Makefile >>>>>> =================================================================== >>>>>> RCS file: /cvs/ports/net/ngircd/Makefile,v >>>>>> retrieving revision 1.23 >>>>>> diff -u -p -r1.23 Makefile >>>>>> --- Makefile 8 Nov 2022 11:16:58 -0000 1.23 >>>>>> +++ Makefile 6 Jan 2023 13:37:33 -0000 >>>>>> @@ -1,7 +1,7 @@ >>>>>> COMMENT = lightweight irc server >>>>>> >>>>>> DISTNAME = ngircd-26.1 >>>>>> -REVISION = 0 >>>>>> +REVISION = 1 >>>>>> >>>>>> CATEGORIES = net >>>>>> >>>>>> @@ -15,8 +15,11 @@ PERMIT_PACKAGE = Yes >>>>>> # use pledge() >>>>>> WANTLIB = c crypto iconv ssl z >>>>>> >>>>>> +FLAVORS = ident >>>>>> +FLAVOR ?= >>>>>> + >>>>>> MASTER_SITES = https://ngircd.barton.de/pub/ngircd/ \ >>>>>> - https://ngircd.mirror.3rz.org/pub/ngircd/ \ >>>>>> + https://ngircd.mirror.3rz.de/pub/ngircd/ \ >>>>>> https://ngircd.sourceforge.io/pub/ngircd/ >>>>>> >>>>>> LIB_DEPENDS = converters/libiconv >>>>>> @@ -29,5 +32,11 @@ CONFIGURE_STYLE = gnu >>>>>> CONFIGURE_ARGS += --with-iconv=${LOCALBASE} \ >>>>>> --with-openssl \ >>>>>> --enable-ipv6 >>>>>> + >>>>>> +.if ${FLAVOR:Mident} >>>>>> +LIB_DEPENDS += security/libident >>>>>> +WANTLIB += ident >>>>>> +CONFIGURE_ARGS += --with-ident=${LOCALBASE} >>>>>> +.endif >>>>>> >>>>>> .include <bsd.port.mk> >>>>>> Index: patches/patch-doc_Makefile_in >>>>>> =================================================================== >>>>>> RCS file: /cvs/ports/net/ngircd/patches/patch-doc_Makefile_in,v >>>>>> retrieving revision 1.7 >>>>>> diff -u -p -r1.7 patch-doc_Makefile_in >>>>>> --- patches/patch-doc_Makefile_in 11 Mar 2022 19:46:30 -0000 >>>>>> 1.7 >>>>>> +++ patches/patch-doc_Makefile_in 6 Jan 2023 13:37:33 -0000 >>>>>> @@ -1,7 +1,7 @@ >>>>>> Index: doc/Makefile.in >>>>>> --- doc/Makefile.in.orig >>>>>> +++ doc/Makefile.in >>>>>> -@@ -648,16 +648,13 @@ maintainer-clean-local: >>>>>> +@@ -617,16 +617,13 @@ maintainer-clean-local: >>>>>> all: $(generated_docs) >>>>>> >>>>>> install-data-hook: $(static_docs) $(toplevel_docs) $(generated_docs) >>>>>> Index: patches/patch-src_ngircd_ngircd_c >>>>>> =================================================================== >>>>>> RCS file: /cvs/ports/net/ngircd/patches/patch-src_ngircd_ngircd_c,v >>>>>> retrieving revision 1.7 >>>>>> diff -u -p -r1.7 patch-src_ngircd_ngircd_c >>>>>> --- patches/patch-src_ngircd_ngircd_c 11 Mar 2022 19:46:30 -0000 >>>>>> 1.7 >>>>>> +++ patches/patch-src_ngircd_ngircd_c 6 Jan 2023 13:37:33 -0000 >>>>>> @@ -1,7 +1,15 @@ >>>>>> Index: src/ngircd/ngircd.c >>>>>> --- src/ngircd/ngircd.c.orig >>>>>> +++ src/ngircd/ngircd.c >>>>>> -@@ -261,6 +261,16 @@ main(int argc, const char *argv[]) >>>>>> +@@ -30,6 +30,7 @@ >>>>>> + #include <fcntl.h> >>>>>> + #include <pwd.h> >>>>>> + #include <grp.h> >>>>>> ++#include <err.h> >>>>>> + >>>>>> + #if defined(DEBUG) && defined(HAVE_MTRACE) >>>>>> + #include <mcheck.h> >>>>>> +@@ -261,6 +262,16 @@ main(int argc, const char *argv[]) >>>>>> exit(1); >>>>>> } >>>>>> >>>>>> @@ -18,7 +26,7 @@ Index: src/ngircd/ngircd.c >>>>>> if (!io_library_init(CONNECTION_POOL)) { >>>>>> Log(LOG_ALERT, >>>>>> "Fatal: Could not initialize IO routines: >>>>>> %s", >>>>>> -@@ -563,7 +573,7 @@ Setup_FDStreams(int fd) >>>>>> +@@ -563,7 +574,7 @@ Setup_FDStreams(int fd) >>>>>> #if !defined(SINGLE_USER_OS) >>>>>> >>>>>> /** >>>>>> @@ -27,7 +35,7 @@ Index: src/ngircd/ngircd.c >>>>>> * >>>>>> * @param uid User ID >>>>>> * @param gid Group ID >>>>>> -@@ -587,7 +597,7 @@ NGIRCd_getNobodyID(uid_t *uid, gid_t *gid ) >>>>>> +@@ -587,7 +598,7 @@ NGIRCd_getNobodyID(uid_t *uid, gid_t *gid ) >>>>>> } >>>>>> #endif >>>>>> >>>>>> @@ -36,7 +44,7 @@ Index: src/ngircd/ngircd.c >>>>>> if (!pwd) >>>>>> return false; >>>>>> >>>>>> -@@ -703,11 +713,11 @@ NGIRCd_Init(bool NGIRCd_NoDaemon) >>>>>> +@@ -703,11 +714,11 @@ NGIRCd_Init(bool NGIRCd_NoDaemon) >>>>>> if (Conf_UID == 0) { >>>>>> pwd = getpwuid(0); >>>>>> Log(LOG_INFO, >>>>>> Index: patches/patch-src_ngircd_proc_c >>>>>> =================================================================== >>>>>> RCS file: /cvs/ports/net/ngircd/patches/patch-src_ngircd_proc_c,v >>>>>> retrieving revision 1.2 >>>>>> diff -u -p -r1.2 patch-src_ngircd_proc_c >>>>>> --- patches/patch-src_ngircd_proc_c 11 Mar 2022 19:46:30 -0000 >>>>>> 1.2 >>>>>> +++ patches/patch-src_ngircd_proc_c 6 Jan 2023 13:37:33 -0000 >>>>>> @@ -1,7 +1,15 @@ >>>>>> Index: src/ngircd/proc.c >>>>>> --- src/ngircd/proc.c.orig >>>>>> +++ src/ngircd/proc.c >>>>>> -@@ -76,6 +76,9 @@ Proc_Fork(PROC_STAT *proc, int *pipefds, void (*cbfunc >>>>>> +@@ -24,6 +24,7 @@ >>>>>> + #include <sys/types.h> >>>>>> + #include <unistd.h> >>>>>> + #include <time.h> >>>>>> ++#include <err.h> >>>>>> + >>>>>> + #include "log.h" >>>>>> + #include "io.h" >>>>>> +@@ -76,6 +77,9 @@ Proc_Fork(PROC_STAT *proc, int *pipefds, void (*cbfunc >>>>>> return -1; >>>>>> case 0: >>>>>> /* New child process: */ >>>>>> Index: pkg/DESCR >>>>>> =================================================================== >>>>>> RCS file: /cvs/ports/net/ngircd/pkg/DESCR,v >>>>>> retrieving revision 1.1.1.1 >>>>>> diff -u -p -r1.1.1.1 DESCR >>>>>> --- pkg/DESCR 29 Sep 2012 12:32:01 -0000 1.1.1.1 >>>>>> +++ pkg/DESCR 6 Jan 2023 13:37:33 -0000 >>>>>> @@ -3,3 +3,6 @@ server for small or private networks, de >>>>>> Public License (GPL). It is simple to configure, can cope with >>>>>> dynamic IP addresses, and supports IPv6 as well as SSL. It is written >>>>>> from scratch and not based on the original IRCd. >>>>>> + >>>>>> +Flavors: >>>>>> +ident - Enable IDENT support. >>>>>>
