*: Re-add back TODO accidentally overwritten by adding CVE-2020-35711 reference

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: *: Re-add back TODO accidentally overwritten by adding CVE-2020-35711 reference
From: Leonardo Taccari <leot%NetBSD.org@localhost>
Date: Sat, 26 Dec 2020 12:45:36 +0000

Module Name:	pkgsrc-wip
Committed By:	Leonardo Taccari <leot%NetBSD.org@localhost>
Pushed By:	leot
Date:		Sat Dec 26 13:45:36 2020 +0100
Changeset:	c985f502ca1d96d28d11768af38ce39ba2efe107

Modified Files:
	spotifyd/TODO
	texlab/TODO

Log Message:
*: Re-add back TODO accidentally overwritten by adding CVE-2020-35711 reference

Thanks <wiz>!

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=c985f502ca1d96d28d11768af38ce39ba2efe107

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 spotifyd/TODO | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 texlab/TODO   |  5 ++++
 2 files changed, 92 insertions(+)

diffs:
diff --git a/spotifyd/TODO b/spotifyd/TODO
index 313976168d..279ae9a191 100644
--- a/spotifyd/TODO
+++ b/spotifyd/TODO
@@ -1,2 +1,89 @@
 This package has known vulnerabilities, please investigate and fix if possible:
   CVE-2020-35711
+
+## Todo
+
+1. In the Makefile there is this todo item:
+
+		# TODO investigate why this is needed
+		CHECK_WRKREF_SKIP+=	bin/spotifyd
+
+## Done
+
+1. Need to somewhat manually create patches. mkpatches doesn't pick up changes
+from vendor directory. E.g, do `pkgdiff` in the directory and then edit patch
+to reference correct location like:
+
+		../vendor/daemonize-0.2.3/src/ffi.rs
+
+2. Figure out why it can't find OpenSSL. Building _normally_ works fine, so
+something to do with pkgsrc. Maybe need to set a variable somewhere.
+
+		error: failed to run custom build command for `openssl-sys v0.9.39`
+		process didn't exit successfully: `/usr/pkgsrc/wip/spotifyd/work/spotifyd-0.2.3/target/release/build/openssl-sys-db8d42dae8a7dcaf/build-script-main` (exit code: 101)
+		--- stdout
+		cargo:rerun-if-env-changed=X86_64_UNKNOWN_NETBSD_OPENSSL_LIB_DIR
+		cargo:rerun-if-env-changed=OPENSSL_LIB_DIR
+		cargo:rerun-if-env-changed=X86_64_UNKNOWN_NETBSD_OPENSSL_INCLUDE_DIR
+		cargo:rerun-if-env-changed=OPENSSL_INCLUDE_DIR
+		cargo:rerun-if-env-changed=X86_64_UNKNOWN_NETBSD_OPENSSL_DIR
+		cargo:rerun-if-env-changed=OPENSSL_DIR
+		run pkg_config fail: "Failed to run `\"\" \"--libs\" \"--cflags\" \"openssl\"`: No such file or directory (os error 2)"
+
+		--- stderr
+		thread 'main' panicked at '
+
+		Could not find directory of OpenSSL installation, and this `-sys` crate cannot
+		proceed without this knowledge. If OpenSSL is installed and this crate had
+		trouble finding it,  you can set the `OPENSSL_DIR` environment variable for the
+		compilation process.
+
+		Make sure you also have the development packages of openssl installed.
+		For example, `libssl-dev` on Ubuntu or `openssl-devel` on Fedora.
+
+		If you're in a situation where you think the directory *should* be found
+		automatically, please open a bug at https://github.com/sfackler/rust-openssl
+		and include information about your system as well as this message.
+
+		    $HOST = x86_64-unknown-netbsd
+		    $TARGET = x86_64-unknown-netbsd
+		    openssl-sys = 0.9.39
+
+	Needed to set these:
+
+		MAKE_ENV+= OPENSSL_INCLUDE_DIR=/usr/include/openssl
+		MAKE_ENV+= OPENSSL_LIB_DIR=/usr/lib
+
+	Actually though I probably need to copy what tealdeer does with openssl
+
+3. In updating to spotifyd 0.2.5 ran into some issues with nix and libc
+
+		 error[E0425]: cannot find function `fexecve` in module `libc`
+		   --> /usr/pkgsrc/wip/spotifyd/work/vendor/nix-0.11.0/src/unistd.rs:655:15
+		    |
+		655 |         libc::fexecve(fd, args_p.as_ptr(), env_p.as_ptr())
+		    |               ^^^^^^^ did you mean `execve`?
+		help: possible candidate is found in another module, you can import it into scope
+		    |
+		3   | use unistd::fexecve;
+		    |
+
+		error: aborting due to previous error
+
+		For more information about this error, try `rustc --explain E0425`.
+		error: Could not compile `nix`.
+		warning: build failed, waiting for other jobs to finish...
+		error: build failed
+		*** Error code 101
+
+	The relevant PRs for this are:
+
+		- https://github.com/nix-rust/nix/pull/1000
+		- https://github.com/rust-lang/libc/pull/1201
+
+	In a nutshell the problem is that libc was updated to remove `fexecve`
+	for netbsd-like platforms as it's irrelevant, but spotifyd has dependencies on
+	older versions of nix that still look for this function so we need to patch one
+	of these older versions to remove this function. Rust dependency management is
+	obviously not solving _all_ the problems although it is nice (I think?) how you
+	can be dependent on multiple versions of the same thing.
diff --git a/texlab/TODO b/texlab/TODO
index 313976168d..6a1d70d052 100644
--- a/texlab/TODO
+++ b/texlab/TODO
@@ -1,2 +1,7 @@
+Needs support in lang/rust/cargo.mk for crates that are not on
+crates.io, or some workaround.
+
+https://mail-index.netbsd.org/tech-pkg/2020/05/20/msg023190.html
+
 This package has known vulnerabilities, please investigate and fix if possible:
   CVE-2020-35711

Prev by Date: *: Add reference to CVE-2020-35711
Next by Date: refkeen: update to refkeen-20201225
Previous by Thread: *: Add reference to CVE-2020-35711
Next by Thread: refkeen: update to refkeen-20201225
Indexes:

Home | Main Index | Thread Index | Old Index