Wednesday, July 03, 2019

Re: [update] security/botan2 2.10.0

On Wed, Jul 03, 2019 at 04:08:26PM -0600, Theo de Raadt wrote:
> I suggest deleting incorrect pledges when they are spotted with #if 0.
> Eventually they'll notice it is useless, and delete them or fix them.

Yes, it does not make sense to hold back the update because of a
wrong pledge. A minimal backout would look like this.

bluhm

Index: security/botan2/Makefile
===================================================================
RCS file: /data/mirror/openbsd/cvs/ports/security/botan2/Makefile,v
retrieving revision 1.21
diff -u -p -r1.21 Makefile
--- security/botan2/Makefile 16 Jan 2019 12:53:23 -0000 1.21
+++ security/botan2/Makefile 3 Jul 2019 22:20:58 -0000
@@ -2,11 +2,11 @@

COMMENT = crypto and TLS for C++11

-VERSION = 2.9.0
+VERSION = 2.10.0
DISTNAME = Botan-${VERSION}
PKGNAME = botan2-${VERSION}

-SHARED_LIBS = botan-2 9.0
+SHARED_LIBS = botan-2 10.0

CATEGORIES = security

Index: security/botan2/distinfo
===================================================================
RCS file: /data/mirror/openbsd/cvs/ports/security/botan2/distinfo,v
retrieving revision 1.10
diff -u -p -r1.10 distinfo
--- security/botan2/distinfo 16 Jan 2019 12:53:23 -0000 1.10
+++ security/botan2/distinfo 3 Apr 2019 22:03:05 -0000
@@ -1,4 +1,4 @@
-SHA256 (Botan-2.9.0.tgz) = MFVkNSM03WOuY9sDkHfZauUt+lejJIhxCBcZtqny0Rk=
-SHA256 (Botan-2.9.0.tgz.asc) = 3rNT0/l78SYxShLJ7i0jv975dRS0yF6AbeEBtuyo1Ks=
-SIZE (Botan-2.9.0.tgz) = 7216373
-SIZE (Botan-2.9.0.tgz.asc) = 488
+SHA256 (Botan-2.10.0.tgz) = iEgZl1eMJ5JHJP6nZhDUPZ9ZyZ7f5WHUGAO7yYhxrTE=
+SHA256 (Botan-2.10.0.tgz.asc) = Qtc+N2kc+uhO4WPmUDcB4ra5z6yIbVG6J5ijZhxsLUg=
+SIZE (Botan-2.10.0.tgz) = 7240021
+SIZE (Botan-2.10.0.tgz.asc) = 488
Index: security/botan2/patches/patch-src_cli_sandbox_cpp
===================================================================
RCS file: security/botan2/patches/patch-src_cli_sandbox_cpp
diff -N security/botan2/patches/patch-src_cli_sandbox_cpp
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ security/botan2/patches/patch-src_cli_sandbox_cpp 3 Jul 2019 22:28:00 -0000
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+Index: src/cli/sandbox.cpp
+--- src/cli/sandbox.cpp.orig
++++ src/cli/sandbox.cpp
+@@ -29,8 +29,8 @@ Sandbox::Sandbox()
+ bool Sandbox::init()
+ {
+ #if defined(BOTAN_TARGET_OS_HAS_PLEDGE)
+- const static char *opts = "stdio rpath inet error";
+- return (::pledge(opts, nullptr) == 0);
++ // Cannot use pledge(2) as Botan library calls mlock(2) and munlock(2).
++ return true;
+ #elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER)
+ return (::cap_enter() == 0);
+ #else
Index: security/botan2/patches/patch-src_tests_main_cpp
===================================================================
RCS file: /data/mirror/openbsd/cvs/ports/security/botan2/patches/patch-src_tests_main_cpp,v
retrieving revision 1.6
diff -u -p -r1.6 patch-src_tests_main_cpp
--- security/botan2/patches/patch-src_tests_main_cpp 16 Jan 2019 12:53:23 -0000 1.6
+++ security/botan2/patches/patch-src_tests_main_cpp 3 Apr 2019 22:31:58 -0000
@@ -3,7 +3,7 @@ $OpenBSD: patch-src_tests_main_cpp,v 1.6
Index: src/tests/main.cpp
--- src/tests/main.cpp.orig
+++ src/tests/main.cpp
-@@ -77,7 +77,7 @@ int main(int argc, char* argv[])
+@@ -86,7 +86,7 @@ int main(int argc, char* argv[])
const Botan_Tests::Test_Options opts(
parser.get_arg_list("suites"),
parser.get_arg_list("skip-tests"),
Index: security/botan2/pkg/PLIST
===================================================================
RCS file: /data/mirror/openbsd/cvs/ports/security/botan2/pkg/PLIST,v
retrieving revision 1.12
diff -u -p -r1.12 PLIST
--- security/botan2/pkg/PLIST 16 Jan 2019 12:53:23 -0000 1.12
+++ security/botan2/pkg/PLIST 4 Apr 2019 11:23:24 -0000
@@ -1951,5 +1951,6 @@ share/doc/botan-2/manual/tss.rst
share/doc/botan-2/manual/versions.rst
share/doc/botan-2/manual/x509.rst
share/doc/botan-2/news.txt
+share/doc/botan-2/oids.txt
share/doc/botan-2/pgpkey.txt
share/doc/botan-2/reading_list.txt

No comments:

Post a Comment