emacs24 still uses gnutls 2.x rather than gnutls 3.x. This is problematic because the 2.x series seems to be no longer maintained by upstream (at least, it isn't listed here: http://gnutls.org/download.html ). Since 3.x is already in the ports repository, emacs should be switched over to use the newer release series of gnutls. Two rather critical vulnerabilities were recently fixed in gnutls: http://gnutls.org/news.html Seeing that security/gnutls was last updated in Feb 2013 and 2.x was last updated in 2012 according to http://www.freshports.org/security/gnutls and the mtime on the distfiles on the gnutls master site, maybe it would be best to remove version 2.x from the ports tree entirely. Therefore I'm putting all the editors/emacs, security/gnutls and security/gnutls3 maintainers into Cc. (Sorry for excessive overzealousness) How-To-Repeat: Compile emacs with gnutls enabled in "make config", watch it pull in security/gnutls rather than security/gnutls3
Hi Moritz, You make a totally valid point about moving over to gnutls3 as it's the version supported by upstream. However, last update on security/gnutls was actually few days ago, on 4th of Match, to include fixes for the recently found security vulns as gnutls provides the fixes still, but do not release new tarballs on 2.x branch. Roman Bogorodskiy
Responsible Changed From-To: freebsd-ports-bugs->ashish Over to maintainer (via the GNATS Auto Assign Tool)
Hi Moritz, Thanks for bringing to my notice. Emacs ports (editors/emacs{,-nox11,-devel}) seems to build with GnuTLS 3.x fine. I'll update it editors/emacs-devel when I push new snapshot in few days, and will update editors/emacs{,-nox11} ports when 24.4 will be out. off-topic: does your domain name has something to do with Barfuss[1] ? References: [1] http://en.wikipedia.org/wiki/Barfuss Thanks! -- Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 Sent from my Emacs
Author: ashish Date: Sat Mar 15 08:37:48 2014 New Revision: 348298 URL: http://svnweb.freebsd.org/changeset/ports/348298 QAT: https://qat.redports.org/buildarchive/r348298/ Log: - Update to bzr snapshot revision 116732 - Add OPTIONs for building with GnuTLS 3.x[1] (default), and GnuTLS 2.x support - Remove OPTION for SYNC_INPUT (not supported) - Add a fix when building with ncurses port being installed - Fix CONFLICTS to pass portlint checks PR: ports/187346[1] Added: head/editors/emacs-devel/files/patch-src_Makefile.in (contents, props changed) Modified: head/editors/emacs-devel/Makefile head/editors/emacs-devel/distinfo Modified: head/editors/emacs-devel/Makefile ============================================================================== --- head/editors/emacs-devel/Makefile Sat Mar 15 08:29:43 2014 (r348297) +++ head/editors/emacs-devel/Makefile Sat Mar 15 08:37:48 2014 (r348298) @@ -16,13 +16,13 @@ COMMENT= GNU editing macros LICENSE= GPLv3 LICENSE_FILE= ${WRKSRC}/COPYING -CONFLICTS= emacs-19.* emacs21-* emacs22-* emacs23-* \ - emacs24-* xemacs-[0-9]* xemacs-devel-[0-9]* \ +CONFLICTS= emacs-19.* emacs21-[0-9]* emacs22-[0-9]* emacs23-[0-9]* \ + emacs24-[0-9]* xemacs-[0-9]* xemacs-devel-[0-9]* \ xemacs-mule-[0-9]* xemacs-devel-mule-[0-9]* \ emacs-nox11-[0-9]* EMACS_VER= 24.3.50 -EMACS_REV= 116446 +EMACS_REV= 116732 GNU_CONFIGURE= yes USES= ncurses pkgconfig USE_GMAKE= yes @@ -51,17 +51,16 @@ INFO= ada-mode auth autotype bovine cal org pcl-cvs pgg rcirc reftex remember sasl sc semantic ses sieve \ smtpmail speedbar srecode todo-mode tramp url vip viper widget wisent woman -OPTIONS_DEFINE= X11 ACL DBUS GCONF GIF JPEG M17N OTF PNG SOUND SOURCES SVG TIFF SYNC_INPUT SCROLLBARS \ +OPTIONS_DEFINE= X11 ACL DBUS GCONF GIF JPEG M17N OTF PNG SOUND SOURCES SVG TIFF SCROLLBARS \ XFT XIM XML XPM MAGICK GNUTLS GSETTINGS LTO FILENOTIFY -OPTIONS_SINGLE= X11 SOUND +OPTIONS_SINGLE= X11 SOUND GNUTLS ACL_DESC= ACL support GSETTINGS_DESC= GSettings support SCROLLBARS_DESC= Toolkit scroll-bars SOUND_DESC= Sound support SOURCES_DESC= Install sources -SYNC_INPUT_DESC= Synchronously process asynchronous input XAW_DESC= Athena widgets XAW3D_DESC= Athena3D widgets XIM_DESC= X Input Method Support @@ -69,12 +68,15 @@ M17N_DESC= M17N support for text-shapin OTF_DESC= Opentype fonts suport FILENOTIFY_DESC= File notification support LTO_DESC= Enable link-time optimization (requires GCC 4.6+) +GNUTLS2_DESC= GnuTLS 2.x +GNUTLS3_DESC= GnuTLS 3.x OPTIONS_SINGLE_X11= GTK2 GTK3 XAW XAW3D MOTIF OPTIONS_SINGLE_SOUND= ALSA OSS +OPTIONS_SINGLE_GNUTLS= GNUTLS2 GNUTLS3 -OPTIONS_DEFAULT=ACL DBUS GCONF GIF GTK2 JPEG M17N OTF PNG SOUND SOURCES SVG TIFF SYNC_INPUT \ - SCROLLBARS XFT XIM XML XPM MAGICK GNUTLS GSETTINGS FILENOTIFY OSS X11 +OPTIONS_DEFAULT=ACL DBUS GCONF GIF GTK2 JPEG M17N OTF PNG SOUND SOURCES SVG TIFF \ + SCROLLBARS XFT XIM XML XPM MAGICK GNUTLS GSETTINGS FILENOTIFY OSS X11 GNUTLS3 OPTIONS_SUB= SOURCES @@ -85,9 +87,11 @@ OSS_CONFIGURE_ON= --with-sound=oss DBUS_LIB_DEPENDS= dbus-1:${PORTSDIR}/devel/dbus DBUS_CONFIGURE_WITH= dbus -GNUTLS_LIB_DEPENDS= gnutls:${PORTSDIR}/security/gnutls GNUTLS_CONFIGURE_WITH= gnutls +GNUTLS3_LIB_DEPENDS= gnutls:${PORTSDIR}/security/gnutls3 +GNUTLS2_LIB_DEPENDS= gnutls:${PORTSDIR}/security/gnutls + XML_USE= GNOME=libxml2 XML_CONFIGURE_WITH= xml2 @@ -155,7 +159,7 @@ XIM_CONFIGURE_WITH= xim LTO_CONFIGURE_ON= --enable-link-time-optimization LTO_USE= GCC=4.6+ -ACL_CONFIGURE_WITH= acl +ACL_CONFIGURE_OFF= --disable-acl FILENOTIFY_CONFIGURE_ON= --with-file-notification=gfile FILENOTIFY_CONFIGURE_OFF= --without-file-notification @@ -202,19 +206,35 @@ IGNORE= GSettings support requires DBUS. .include <bsd.port.pre.mk> +# Building with GCC 4.6+ requires it +.if ${ncurses_ARGS} == "port" +LDFLAGS+= -ltinfo +.endif + .if ${ARCH} == "ia64" BROKEN= Emacs 24.X does not currently build on ia64 .endif +.if ${PORT_OPTIONS:MGNUTLS3} +GNUTLS3_RPATH= -Wl,-rpath,${LOCALBASE}/lib/gnutls3 +.else +GNUTLS3_RPATH= +.endif + post-patch: @${RM} -f ${WRKSRC}/info/* @${REINPLACE_CMD} -e "s/%%EMACS_VER%%/${EMACS_VER}/g" -e "s/%%DATADIR%%/${DATADIR:C/\//\\\//g}/g" ${WRKSRC}/sources.el .if defined(WITHOUT_X11) @${REINPLACE_CMD} -e 's/^Terminal=.*$$/Terminal=true/' ${WRKSRC}/etc/emacs.desktop .endif +.if ${PORT_OPTIONS:MGNUTLS3} + @${REINPLACE_CMD} -e '/HAVE_GNUTLS3=yes/s/gnutls >=/gnutls3 >=/' ${WRKSRC}/configure.ac +.endif post-configure: - @${REINPLACE_CMD} -e "s/^\(DBUS_LIBS.*\)-pthread\(.*\)$$/\1$$(${DBUS_PTHREAD_LIBS})\2/" ${WRKSRC}/src/Makefile + @${REINPLACE_CMD} -e "s/^\(DBUS_LIBS.*\)-pthread\(.*\)$$/\1$$(${DBUS_PTHREAD_LIBS})\2/" \ + -e 's|%%GNUTLS3_RPATH%%|${GNUTLS3_RPATH}|g' \ + ${WRKSRC}/src/Makefile add-plist-data: .for i in ${EMACS_DIRS} Modified: head/editors/emacs-devel/distinfo ============================================================================== --- head/editors/emacs-devel/distinfo Sat Mar 15 08:29:43 2014 (r348297) +++ head/editors/emacs-devel/distinfo Sat Mar 15 08:37:48 2014 (r348298) @@ -1,2 +1,2 @@ -SHA256 (emacs-24.3.50.116446.tar.xz) = 3b68c3bea5208002ff94126ad2e6162914eabebe2fe61e7f3edb03f7c88d4104 -SIZE (emacs-24.3.50.116446.tar.xz) = 30678320 +SHA256 (emacs-24.3.50.116732.tar.xz) = b04fa64cd7a2cee8dd28f73c4e886c7963e095142a4b712bb8fbf619b307d000 +SIZE (emacs-24.3.50.116732.tar.xz) = 30661920 Added: head/editors/emacs-devel/files/patch-src_Makefile.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/editors/emacs-devel/files/patch-src_Makefile.in Sat Mar 15 08:37:48 2014 (r348298) @@ -0,0 +1,32 @@ + +$FreeBSD$ + +--- src/Makefile.in.orig ++++ src/Makefile.in +@@ -283,7 +283,7 @@ + + LIBSELINUX_LIBS = @LIBSELINUX_LIBS@ + +-LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ ++LIBGNUTLS_LIBS = %%GNUTLS3_RPATH%% @LIBGNUTLS_LIBS@ + LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ + + LIB_PTHREAD_SIGMASK = @LIB_PTHREAD_SIGMASK@ +@@ -409,7 +409,7 @@ + $(LIBXML2_LIBS) $(LIBGPM) $(LIBRESOLV) $(LIBS_SYSTEM) \ + $(LIBS_TERMCAP) $(GETLOADAVG_LIBS) $(SETTINGS_LIBS) $(LIBSELINUX_LIBS) \ + $(FREETYPE_LIBS) $(FONTCONFIG_LIBS) $(LIBOTF_LIBS) $(M17N_FLT_LIBS) \ +- $(LIBGNUTLS_LIBS) $(LIB_PTHREAD) $(LIB_PTHREAD_SIGMASK) \ ++ $(LIB_PTHREAD) $(LIB_PTHREAD_SIGMASK) \ + $(GFILENOTIFY_LIBS) $(LIB_MATH) $(LIBZ) + + all: emacs$(EXEEXT) $(OTHER_FILES) +@@ -489,7 +489,7 @@ + ## to start if Vinstallation_directory has the wrong value. + temacs$(EXEEXT): $(LIBXMENU) $(ALLOBJS) \ + $(lib)/libgnu.a $(EMACSRES) +- $(CC) $(ALL_CFLAGS) $(TEMACS_LDFLAGS) $(LDFLAGS) \ ++ $(CC) $(ALL_CFLAGS) $(TEMACS_LDFLAGS) $(LIBGNUTLS_LIBS) $(LDFLAGS) \ + -o temacs $(ALLOBJS) $(lib)/libgnu.a $(W32_RES_LINK) $(LIBES) + $(MKDIR_P) $(etc) + $(TEMACS_POST_LINK) _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Hi Ashish, On Tue, Mar 11, 2014 at 20:45:52 +0530, Ashish SHUKLA wrote: > Looks like I spoke too early about ports building fine. :) > > On a pristine FreeBSD host with GnuTLS 3 installed from ports tree, it doesn't > build and actually excludes gnutls from the build. > > Could you please try the attached diff for port editors/emacs-devel which has > an OPTION for building with GnuTLS 3, and has very ugly hacks to make it work > with current setup ? Could it be related to gnutls 3 installing into a different sub-directory and having the pkg-config file named "gnutls3.pc" rather than "gnutls.pc" for 2.x releases (despite 3 being 100% compatible with 2.x releases afaik)? (I assume this is so that 2.x and 3.x can be installed in parallel on the same system). This is why it was mis/undetected by another software. My local "fix" was to symlink gnutls3.pc to gnutls.pc which fixed compilation for inspircd (didn't try with emacs) but chances are emacs uses pkg-config for testing the existence of gnutls as well. Best regards, Moritz PS: Also, you're right and barfooze is a play on barfuà (which is really just "bare feet"), bar, foo and barf-ooze, but unrelated to the movie.
On Mon, 17 Mar 2014 13:12:33 +0100, Moritz Wilhelmy <moritz@barfooze.de> said: > Hi Ashish, > On Tue, Mar 11, 2014 at 20:45:52 +0530, Ashish SHUKLA wrote: >> Looks like I spoke too early about ports building fine. :) >> >> On a pristine FreeBSD host with GnuTLS 3 installed from ports tree, it doesn't >> build and actually excludes gnutls from the build. >> >> Could you please try the attached diff for port editors/emacs-devel which has >> an OPTION for building with GnuTLS 3, and has very ugly hacks to make it work >> with current setup ? > Could it be related to gnutls 3 installing into a different > sub-directory and having the pkg-config file named "gnutls3.pc" rather > than "gnutls.pc" for 2.x releases (despite 3 being 100% compatible with > 2.x releases afaik)? (I assume this is so that 2.x and 3.x can be > installed in parallel on the same system). Right, gnutls3 port appends a suffix '3' to installed stuff so it can be installed side-by-side. Anyways, I've committed the GNUTLS related changes in editors/emacs-devel, and seems to work fine. I'll add it to editors/emacs{,-nox11} when next version of Emacs comes out, as current version doesn't have any checks for GNUTLS 3.x, and is still dependent on GNUTLS 2.x. > This is why it was mis/undetected by another software. My local "fix" > was to symlink gnutls3.pc to gnutls.pc which fixed compilation for > inspircd (didn't try with emacs) but chances are emacs uses pkg-config > for testing the existence of gnutls as well. This explains. > Best regards, > Moritz > PS: > Also, you're right and barfooze is a play on barfuà (which is really > just "bare feet"), bar, foo and barf-ooze, but unrelated to the movie. Thanks! -- Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 Sent from my Emacs
On Mon, Mar 17, 2014 at 22:08:45 +0530, Ashish SHUKLA wrote: > > Could it be related to gnutls 3 installing into a different > > sub-directory and having the pkg-config file named "gnutls3.pc" rather > > than "gnutls.pc" for 2.x releases (despite 3 being 100% compatible with > > 2.x releases afaik)? (I assume this is so that 2.x and 3.x can be > > installed in parallel on the same system). > > Right, gnutls3 port appends a suffix '3' to installed stuff so it can be > installed side-by-side. Anyways, I've committed the GNUTLS related changes in > editors/emacs-devel, and seems to work fine. I'll add it to > editors/emacs{,-nox11} when next version of Emacs comes out, as current > version doesn't have any checks for GNUTLS 3.x, and is still dependent on > GNUTLS 2.x. Right, but: The "3" suffix for gnutls3.pc is a FreeBSD specific thing. (as seen in security/gnutls3/Makefile). The official filename even for version 3.x is gnutls.pc, and that's why emacs doesn't check for gnutls3.pc. I'm assuming all other major operating systems just ship one version of gnutls at a time as part of their releases and are therefore not affected. After all, even emacs-devel has to be patched to find the FreeBSD gnutls3 port. I think it would be best to drop the suffix from gnutls3, at least for the pkg-config file, but ymmv. Most importantly, I'm not a FreeBSD developer and I'm in no position to tell you how to do your job :-) Best, Moritz
On Mon, 17 Mar 2014 19:09:53 +0100, Moritz Wilhelmy <moritz@barfooze.de> said: > On Mon, Mar 17, 2014 at 22:08:45 +0530, Ashish SHUKLA wrote: >> > Could it be related to gnutls 3 installing into a different >> > sub-directory and having the pkg-config file named "gnutls3.pc" rather >> > than "gnutls.pc" for 2.x releases (despite 3 being 100% compatible with >> > 2.x releases afaik)? (I assume this is so that 2.x and 3.x can be >> > installed in parallel on the same system). >> >> Right, gnutls3 port appends a suffix '3' to installed stuff so it can be >> installed side-by-side. Anyways, I've committed the GNUTLS related changes in >> editors/emacs-devel, and seems to work fine. I'll add it to >> editors/emacs{,-nox11} when next version of Emacs comes out, as current >> version doesn't have any checks for GNUTLS 3.x, and is still dependent on >> GNUTLS 2.x. > Right, but: The "3" suffix for gnutls3.pc is a FreeBSD specific thing. > (as seen in security/gnutls3/Makefile). The official filename even for > version 3.x is gnutls.pc, and that's why emacs doesn't check for > gnutls3.pc. I'm assuming all other major operating systems just ship one > version of gnutls at a time as part of their releases and are therefore > not affected. After all, even emacs-devel has to be patched to find the > FreeBSD gnutls3 port. > I think it would be best to drop the suffix from gnutls3, at least for > the pkg-config file, but ymmv. Most importantly, I'm not a FreeBSD > developer and I'm in no position to tell you how to do your job :-) Yes, it'll happen once security/gnutls3 becomes security/gnutls, until then I added a diff in emacs-devel port to account for this. HTH -- Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 Sent from my Emacs
Resolved a while ago.