On Sun, Dec 17, 2017 at 01:24:30PM +0100, Jeremie Courreges-Anglas wrote: > On Sun, Dec 17 2017, Giovanni Bechis <giova...@paclan.it> wrote: > > Il 17 dicembre 2017 11:54:22 CET, Jeremie Courreges-Anglas > > <j...@wxcvbn.org> ha scritto: > >>On Sat, Dec 16 2017, Giovanni Bechis <giova...@paclan.it> wrote: > >>> On 12/15/17 17:51, Jeremie Courreges-Anglas wrote: > >>>> On Wed, Nov 22 2017, Giovanni Bechis <giova...@paclan.it> wrote: > >>>>> Hi, > >>>>> update to latest release, some bug fixes and pledge(2) support > >>>>> committed upstream. > >>>> > >>>> I don't use this but the update looks fine ports-wise. ok jca@ fwiw > >>>> > >>>>> Pledge(2) support is enabled only if the daemon is not run with "-o > >>no_drop_privileges" parameter; > >>>>> do we want to go the way upstream goes or should we disable the > >>possibility to disable pledge(2) ? > >>>> > >>>> I would not bother disabling this, but if you do make it obvious > >>that > >>>> -o no_drop_privileges won't work. If people use the option as > >>>> a workaround and slack off instead of reporting bugs, they're the > >>ones > >>>> not benefiting from pledge(2), which is not a smart thing to do. > >>>> > >>> what about this one ? > >> > >>I have a knee-jerk reaction whenever I see #ifdef SOME_OS, I would have > >>implemented this as a configure-time option which would be usable on > >>other systems that provide sandboxing. Words are cheap and I don't > >>care > >>enough to write a diff, so please go ahead with whatever suits you. ;) > > > > As done in other diffs, I would like to go with a diff as simple as > > possible for our tree, then push a proper autoconf diff to upstream for > > next release. > > Cool! But then you could make your patch even shorter: no need to add > the #ifdef __OpenBSD__ goo. :) > correct, what about that then ? Cheers Giovanni
Index: Makefile =================================================================== RCS file: /var/cvs/ports/misc/memcached/Makefile,v retrieving revision 1.39 diff -u -p -r1.39 Makefile --- Makefile 31 Oct 2017 07:39:25 -0000 1.39 +++ Makefile 15 Dec 2017 23:28:28 -0000 @@ -2,7 +2,7 @@ COMMENT= distributed memory object caching system -DISTNAME= memcached-1.5.2 +DISTNAME= memcached-1.5.3 CATEGORIES= misc HOMEPAGE= https://www.memcached.org/ Index: distinfo =================================================================== RCS file: /var/cvs/ports/misc/memcached/distinfo,v retrieving revision 1.25 diff -u -p -r1.25 distinfo --- distinfo 31 Oct 2017 07:39:25 -0000 1.25 +++ distinfo 15 Dec 2017 23:28:30 -0000 @@ -1,2 +1,2 @@ -SHA256 (memcached-1.5.2.tar.gz) = mskxE7210DfnnGEnc4ZWSsLl4x1J5ZTxHlVOTBSbckU= -SIZE (memcached-1.5.2.tar.gz) = 407715 +SHA256 (memcached-1.5.3.tar.gz) = JYzD3bdhNoVGWs/QIV+CciCju90Wf9LAgGMhBbLS884= +SIZE (memcached-1.5.3.tar.gz) = 409131 Index: patches/patch-configure =================================================================== RCS file: /var/cvs/ports/misc/memcached/patches/patch-configure,v retrieving revision 1.10 diff -u -p -r1.10 patch-configure --- patches/patch-configure 31 Oct 2017 07:39:25 -0000 1.10 +++ patches/patch-configure 15 Dec 2017 23:30:49 -0000 @@ -2,7 +2,7 @@ $OpenBSD: patch-configure,v 1.10 2017/10 Index: configure --- configure.orig +++ configure -@@ -6517,7 +6517,7 @@ $as_echo "#define _GNU_SOURCE 1" >>confdefs.h +@@ -6551,7 +6551,7 @@ $as_echo "#define _GNU_SOURCE 1" >>confdefs.h elif test "$GCC" = "yes" then GCC_VERSION=`$CC -dumpversion` Index: patches/patch-memcached_c =================================================================== RCS file: /var/cvs/ports/misc/memcached/patches/patch-memcached_c,v retrieving revision 1.14 diff -u -p -r1.14 patch-memcached_c --- patches/patch-memcached_c 31 Oct 2017 07:39:25 -0000 1.14 +++ patches/patch-memcached_c 17 Dec 2017 19:31:41 -0000 @@ -1,31 +1,15 @@ -$OpenBSD: patch-memcached_c,v 1.14 2017/10/31 07:39:25 giovanni Exp $ +$OpenBSD$ + Index: memcached.c --- memcached.c.orig +++ memcached.c -@@ -23,6 +23,7 @@ - #include <sys/uio.h> - #include <ctype.h> - #include <stdarg.h> -+#include <unistd.h> - - /* some POSIX systems need the following definition - * to get mlockall flags out of sys/mman.h. */ -@@ -6861,6 +6862,18 @@ int main (int argc, char **argv) { - - if (pid_file != NULL) { - save_pid(pid_file); -+ } -+ -+ if (settings.socketpath != NULL) { -+ if (pledge("stdio unix", NULL) == -1) { -+ fprintf(stderr, "%s: pledge: %s\n", argv[0], strerror(errno)); -+ exit(1); -+ } +@@ -6927,6 +6927,9 @@ int main (int argc, char **argv) { + /* Drop privileges no longer needed */ + if (settings.drop_privileges) { + drop_privileges(); + } else { -+ if (pledge("stdio inet", NULL) == -1) { -+ fprintf(stderr, "%s: pledge: %s\n", argv[0], strerror(errno)); -+ exit(1); -+ } ++ fprintf(stderr, "no_drop_privileges option unsupported on this operating system.\n"); ++ exit(EXIT_FAILURE); } - /* Drop privileges no longer needed */ + /* Initialize the uriencode lookup table. */
signature.asc
Description: PGP signature
