On 2026/04/18 14:00, Volker Schlecht wrote: > On 4/18/26 11:43 AM, Stuart Henderson wrote: > > On 2026/04/17 21:33, Volker Schlecht wrote: > > > FWIW: It's CVE-2025-53367 > > > > > > Unbuntu has the best writeup I could find in 2 minutes: > > > https://ubuntu.com/security/CVE-2025-53367 > > > > "This issue has been patched in version 3.5.29." > > > > I'm not seeing anything that looks particularly worrying in the > > 3.5.28->3.5.29 diff, and there are some other improvements we don't > > have in patches, want to give this a spin? > > Had that (sans AUTOCONF_VERSION) in my list of diffs for after release :-) > > Yesterday I shied back from confirming that some of the patches fixing > security issues and which still apply, are all covered in 3.5.29 > Everything built ok, btw. The CVE numbers listed in the comments in old patches are listed as being fixed in 3.5.29, though I see the DjVuPort.{cpp,h} changes are not present upstream (and still carried in patches in Debian). However if I try the PoC from https://bugzilla.redhat.com/show_bug.cgi?id=1943411 with any of (3.5.28 with current patches, 3.5.29 as sent, 3.5.29 with DjVuPort patches reinstated) I get the same: ddjvu: [1-12517] Malformed INCL chunk. Slashes, backslashes, or colons are not allowed. ddjvu: Unexpected End Of File. ddjvu: Cannot decode document.
Saturday, April 18, 2026
Re: UPDATE: sysutils/exfetch -> 1.6
On Thu, 16 Apr 2026 07:53:40 -0500 izzy Meyer <izder456@disroot.org> wrote: > On Tue, 31 Mar 2026 22:04:41 -0500 > izzy Meyer <izder456@disroot.org> wrote: > > > On Fri, 27 Mar 2026 12:21:53 -0500 > > izzy Meyer <izder456@disroot.org> wrote: > > > > > Hello ports@ > > > > > > Here's a small update that drops the patch enabling debug packages > > > for exfetch, and two smaller changes that don't really affect us > > > on OpenBSD. I plan this will be the last update of this package > > > before OpenBSD 7.9 reaches -release status. > > > > > > I added an optional MAKE_FLAG "DEBUG", that when set to "on" will > > > enable crystal's --debug flag at build time. This simplifies the > > > port quite a bit and avoids the need for patching the Makefile. > > > > > > Changelog: > > > * Since(1.5.4) > > > > > > Misc Changes: > > > - Added new DEBUG flag to optionally build > > > with debug symbols > > > > > > Optimizations: > > > > > > Bugfixes: > > > - Fix gpu detection normalization > > > > > > New features: > > > - Added eopkg support in package count > > > > > > (copied bentley@ as he was the one who messaged me for an OK about > > > the last commit on this port patching debug builds into the port > > > to see his thoughts on the matter) > > > > > > OK? > > > > > > Thanks. > > > > > > > Here,s a new diff which additionally removes WRKDIST as this commit > > [1] fixes that hack I used. > > > > [1] > > https://cvsweb.openbsd.org/annotate/ports/infrastructure/mk/bsd.port.mk,v?rev=1.1648&sort=File > > > > Also, copied thfr@ as he was the one who authored the change to > > bsd.port.mk to make sure I did this correctly. > > > > OK for commit? > > > > Ping! (attached again) > Whoops. Attached the wrong diff. Here's the correct one. -- iz (she/her) > i like to say mundane things, > there are too many uninteresting things > that go unnoticed. izder456 (dot) neocities (dot) org
diff --git sysutils/exfetch/Makefile sysutils/exfetch/Makefile
index ea446ebbd5a..24bd0230655 100644
--- sysutils/exfetch/Makefile
+++ sysutils/exfetch/Makefile
@@ -1,10 +1,9 @@
COMMENT = shell-extensible fetching program
-DIST_TUPLE += codeberg izder456 exfetch 1.5.4 .
+DIST_TUPLE += codeberg izder456 exfetch 1.6 .
DIST_TUPLE += github schovi baked_file_system \
f4f658812c5b8b404437d8cf34b72a0eb5fe7701 \
lib/baked_file_system
-REVISION = 0
WRKDIST = ${WRKDIR}/exfetch
@@ -28,6 +27,8 @@ WANTLIB += pthread z
FAKE_FLAGS = PREFIX=${TRUEPREFIX} \
MANDIR=${TRUEPREFIX}/man/man1
+MAKE_FLAGS = DEBUG=on
+
DEBUG_PACKAGES = ${BUILD_PACKAGES}
.include <bsd.port.mk>
diff --git sysutils/exfetch/distinfo sysutils/exfetch/distinfo
index 10913892cd6..7c64dee11a6 100644
--- sysutils/exfetch/distinfo
+++ sysutils/exfetch/distinfo
@@ -1,4 +1,4 @@
-SHA256 (izder456-exfetch-1.5.4.tar.gz) = sBsrodgP/Ha2ijwKzXDe1OOBZO1+vO7+VtM0wFCImSo=
+SHA256 (izder456-exfetch-1.6.tar.gz) = Sgy9ta4gnPBwjM9/5dI9W5I6wa3Ywii3uSbiYDy32NE=
SHA256 (schovi-baked_file_system-f4f658812c5b8b404437d8cf34b72a0eb5fe7701.tar.gz) = tTPwhaL4SoA31VcKAO5Gj6WSUmMTbAaBgGoCQU6Cj8w=
-SIZE (izder456-exfetch-1.5.4.tar.gz) = 26260
+SIZE (izder456-exfetch-1.6.tar.gz) = 26888
SIZE (schovi-baked_file_system-f4f658812c5b8b404437d8cf34b72a0eb5fe7701.tar.gz) = 56332
diff --git sysutils/exfetch/patches/patch-Makefile sysutils/exfetch/patches/patch-Makefile
deleted file mode 100644
index 5f58b31ea7a..00000000000
--- sysutils/exfetch/patches/patch-Makefile
+++ /dev/null
@@ -1,12 +0,0 @@
-Index: Makefile
---- Makefile.orig
-+++ Makefile
-@@ -29,7 +29,7 @@ $(BIN):
- if [ "$(HARDENING)" = "on" ]; then flags="$$flags --link-flags -Wl,-zrelro,-znow"; fi; \
- ascii_files="$$(find src/exfetch/ascii -type f -name '*.ascii' | xargs -n1 basename)"; \
- printf "Found ASCII files:\n$$ascii_files\n"; \
-- ASCII_FILES="$$ascii_files" shards --no-color -v build -s -t -p --production --release $$flags
-+ ASCII_FILES="$$ascii_files" shards --no-color -v build --debug -s -t -p --production --release $$flags
-
- run:
- @flags=""; \