This seems to fix the security problem with '\0' in domain names which
was also present in openssl and nss. (CVE-2010-1192)
(The bundled changelog does only beat around the bush.)
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
The idea is to prevent needing to patch source files for packages that
use OpenSSL for DES support by ensuring that including <openssl/des.h>
will always present the old DES API.
(1) If des_old.h exists, then we're using OpenSSL>=0.9.7, and
<openssl/des.h> already does the right thing.
(2) If des_old.h doesn't exist, then one of two things is happening:
(a) If <openssl/des.h> is old and (only) supports the old DES API,
then <openssl/des.h> does the right thing.
(b) If it's NetBSD's Special(TM) one that stripped out the old DES
support into a separate library and header (-ldes, <des.h>),
then we create a new header <openssl/des.h> that includes the
system one and <des.h>.
Also modify existing packages that set USE_OLD_DES_API to simply include
<openssl/des.h> instead of either <des.h> or <openssl/des_old.h> (This
step is mostly just removing unnecessary patches).
This should fix building packages that use OpenSSL's old DES API support
on non-NetBSD systems where the built-in OpenSSL is at least 0.9.7.
can be simply turned on by setting USE_OLD_DES_API=yes. Modify
references to <openssl/des.h> to refer to <openssl/des_old.h> where
the old DES interface is expected. This is forward compatible with
future versions of OpenSSL.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
Changes:
2004-04-20 Stable Version 1.0.3 released
----------------------------------------
2004-04-20 Brian Stafford <brian@stafford.uklinux.net>
* memrchr.c configure.in
Added memrchr() implementation for systems that don't have one.
* smtp-tls.c
Applied patches from Pawel Salek to check subjectAltName for
wildcarded domain name when validating server certificate.
by moving the inclusion of buildlink3.mk files outside of the protected
region. This bug would be seen by users that have set PREFER_PKGSRC
or PREFER_NATIVE to non-default values.
BUILDLINK_PACKAGES should be ordered so that for any package in the
list, that package doesn't depend on any packages to the left of it
in the list. This ordering property is used to check for builtin
packages in the correct order. The problem was that including a
buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed
from BUILDLINK_PACKAGES and appended to the end. However, since the
inclusion of any other buildlink3.mk files within that buildlink3.mk
was in a region that was protected against multiple inclusion, those
dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
Changes:
2002-09-12 Stable Version 1.0.1 released
--------------------------------------
* protocol.c smtp-auth.c smtp-bdat.c smtp-etrn.c smtp-tls.c
More thoroughly check return value from read_smtp_response().
* libesmtp.h errors.c
Added new "Client error" error code. This is just a cop-out,
used when an API called by libesmtp fails.
* base64.c
Make conversions immune to NULL source data,
* examples/mail-file.c
Cleaned up some compiler warnings
* siobuf.[hc]
Added a few extra sio_ calls. Not actually used in libESMTP though.
* concatenate.c errors.c getaddrinfo.c headers.c htable.c
* protocol.c siobuf.c
Don't perform zero length operations using the memxxx() functions.
This may avoid segfaults on some platforms or libraries.
* siobuf.c
Improved handling of flushes in sio_write() particularly in the
case where data would exactly fill remaining space in the buffer.
* rfc2822date.c
Correct leap year compensation for January and February in
libesmtp_mktime().
* examples/Makefile
Changed compiler flags from -ansi to -std=c99 and added -W
* headers.c
Eliminated bug where find_header() could pass -1 to the length
argument of memchr() causing a core dump on some architectures.
* libesmtp-private.h protocol.c smtp-bdat.c
M$ Exchange does not accept a chunk size of 0 in BDAT 0 LAST as
explicitly permitted by RFC 3030, *sigh*. Hackish workaround
implemented.
* configure.in Makefile.am
Added DIST_SUBDIRS macro to make sure tarball gets built properly.
This one slipped past 'make distcheck' last time for some reason
but then autoconf & friends are totally inscruitable.
* ntlm/ntlmdes.c
OpenSSL 0.9.7 changes some typedefs. Changed to suit, should
still be compatible with previous OpenSSL versions.
systems: if no /usr/include/des.h is present, symlink
${BUILDLINK_DIR}/include/openssl/des.h to ${BUILDLINK_DIR}/include/des.h,
so the code can always see the old interface as <des.h>.
changes:
-bugfixes
-build framework modifications
-USE_LIBTOOL instead of .include libtool/buildlink
-add a patch to include <des.h> instead of <openssl/des.h> to make it
build with openssl-0.97 -- don't know whether this works with non-NetBSD
systems; if needed, a link into .buildlink/include should help
as mail/libesmtp.
Originally in PR#16146 from Alex Newman.
libESMTP is a library to manage posting (or submission of) electronic
mail using SMTP to a preconfigured Mail Transport Agent (MTA).
It may be used as part of a Mail User Agent (MUA) or another program that
needs to post electronic mail but where mail functionality is not
the program's primary purpose.