acquire-lock and release-lock macro targets. Take advantage of using
a make target by breaking up the _ACQUIRE_LOCK script into smaller
pieces, and make better use of the *_MSG definitions for printing
messages within the acquire-lock and release-lock targets.
than pkgsrc's current one. This is an important lead-up to any project
that redesigns the pkg_* tools in that it doesn't tie us to past design
(mis)choices. This commit mostly deals with rearranging code, although
there was a considerable amount of rewriting done in cases where I
thought the code was somewhat messy and was difficult to understand.
The design I chose for supporting multiple package system flavors is
that the various depends, install, package, etc. modules would define
default targets and variables that may be overridden in files from
pkgsrc/mk/flavor/${PKG_FLAVOR}. The default targets would do the
sensible thing of doing nothing, and pkgsrc infrastructure would rely
on the appropriate things to be defined in pkgsrc/mk/flavor to do the
real work. The pkgsrc/mk/flavor directory contains subdirectories
corresponding to each package system flavor that we support. Currently,
I only have "pkg" which represents the current pkgsrc-native package
flavor. I've separated out most of the code where we make assumptions
about the package system flavor, mostly either because we directly
use the pkg_* tools, or we make assumptions about the package meta-data
directory, or we directly manipulate the package meta-data files, and
placed it into pkgsrc/mk/flavor/pkg.
There are several new modules that have been refactored out of bsd.pkg.mk
as part of these changes: check, depends, install, package, and update.
Each of these modules has been slimmed down by rewriting them to avoid
some recursive make calls. I've also religiously documented which
targets are "public" and which are "private" so that users won't rely
on reaching into pkgsrc innards to call a private target.
The "depends" module is a complete overhaul of the way that we handle
dependencies. There is now a separate "depends" phase that occurs
before the "extract" phase where dependencies are installed. This
differs from the old way where dependencies were installed just before
extraction occurred. The reduce-depends.mk file is now replaced by
a script that is invoked only once during the depends phase and is
used to generate a cookie file that holds the full set of reduced
dependencies. It is now possible to type "make depends" in a package
directory and all missing dependencies will be installed.
Future work on this project include:
* Resolve the workflow design in anticipation of future work on
staged installations where "package" conceptually happens before
"install".
* Rewrite the buildlink3 framework to not assume the use of the
pkgsrc pkg_* tools.
* Rewrite the pkginstall framework to provide a standard pkg_*
tool to perform the actions, and allowing a purely declarative
file per package to describe what actions need to be taken at
install or deinstall time.
* Implement support for the SVR4 package flavor. This will be
proof that the appropriate abstractions are in place to allow
using a completely different set of package management tools.
This module provides a wrapper for the DB_File module, adding locking.
When you need locking, simply use this module in place of DB_File and
add an extra argument onto the tie command specifying if the file should
be locked for reading or writing.
and that is 3 make process to run...
make show-options; v=$(make show-var VARNAME=PKG_OPTIONS_VAR); echo $v=$(make sh
ow-var VARNAME=$v)
Hence add trailing part about PKG_OPTIONS_VAR and its value to
show-options target like the one found in supported-options-message target.
mail/thunderbird-gtk1 to 1.5.0.4, and www/seamonkey, www/seamonkey-gtk1
and www/seamonkey-bin to 1.0.2 (salo has already updated www/firefox-bin).
Note that thunderbird skipped one release number (again) to stay on par
with firefox.
These updates provide:
* improvements to product stability,
* several important security fixes (see below).
Fixed in Firefox 1.5.0.4:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in Thunderbird 1.5.0.4:
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in SeaMonkey 1.0.2:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
appear in an assignment of its own", since it had been misunderstood at
least once. Also, since the explanation is usually several lines long,
it does not hurt to add two extra empty lines to separate the
explanation from the actual warning.
Changes since 4.62:
- Improved checking of variable permissions.
- Improved detection of unused variables, for spell checking.
- Added warnings for variables that are used at load time but should not.
- Much code cleanup.
