Poudriere Build of pkg_* repos?

Rick Miller vmiller at hostileadmin.com
Thu Sep 25 21:09:18 UTC 2014 

On Thu, Sep 25, 2014 at 4:51 PM, Rick Miller <vmiller at hostileadmin.com>
wrote:

>
>
> On Thu, Sep 25, 2014 at 3:05 PM, Guido Falsi <mad at madpilot.net> wrote:
>
>> On 09/25/14 20:57, Rick Miller wrote:
>> > On Thu, Sep 25, 2014 at 10:43 AM, Guido Falsi <mad at madpilot.net> wrote:
>> > [snip]
>>
> >
>> > =======================<phase: patch
>> >============================
>> > ===>  Patching for bash-4.3.24
>> > ===>  Applying distribution patches for bash-4.3.24
>> > ===>  Applying extra patch /distfiles/local-patches/8_4-amd64/bash.patch
>> > ===>  Applying extra patch
>> > /usr/ports/shells/bash/files/extrapatch-colonbreakswords
>> > ===>  Applying extra patch
>> > /usr/ports/shells/bash/files/extrapatch-implicitcd
>> > ===>  Applying FreeBSD patches for bash-4.3.24
>> >
>> ===========================================================================
>> >
>> > The first sign that something didn't appear to have gone as expected was
>> > that the package was built as bash-4.3.24.tbz as opposed to
>> > bash-4.3.25.tbz.  The above test was executed observing the behavior of
>> a
>> > still vulnerable binary.
>>
>> The way you are applying the patch simply modifies the code being
>> compiled by the port, you're not patching the port itself, so the port
>> maintains the same version number.
>>
>
> Makes sense
>
>
>
>> > The test was performed on an 8.4 host with a [unpatched] bash-4.3.24
>> after
>> > forcefully removing the package and adding the new, patched package.  It
>> > complained of dependencies on packages that were already installed, but
>> not
>> > up to the version of the dependency.  After manually fixing these
>> > dependencies (forcefully deleting the existing dependencies and
>> installing
>> > the new ones), the test was executed once again to the same results.
>> >
>> > Could this be an issue of the order the patches were applied in or ??
>>
>> You should check the build log and see if in the patching phase there
>> was any error.
>>
>
> The above log snippet is from the patch phase of the build indicating
> success (well, at least no error).  A build with the wrong patch was
> attempted that did indicate errors, as expected.
>
> The full log can be viewed at http://pastebin.com/hwHwJAKK
>
> Is there some way in the log to identify if the source was patched and
> built correctly?  Does Poudriere [ I say Poudriere realizing that it likely
> does not, but perhaps the system does? ] provide the ability to review the
> source code after patching to actually verify the patch was applied?  A
> cursory search of the filesystem where Poudriere stores the jail turned up
> no leads.
>

The patch does apply to evalstring.c which shows the following warnings in
the build log though I am unfamiliar enough to know whether or not this
would apply to this particular scenario.

cc -c  -DHAVE_CONFIG_H -DSHELL   -I. -I..  -I.. -I../include -I../lib -I.
-I/usr/local/include -O2 -pipe -fno-strict-aliasing evalstring.c
evalstring.c: In function 'parse_and_execute':
evalstring.c:208: warning: passing argument 1 of 'sigemptyset' discards
qualifiers from pointer target type
evalstring.c:209: warning: passing argument 3 of 'sigprocmask' discards
qualifiers from pointer target type
evalstring.c:288: warning: passing argument 2 of 'sigprocmask' discards
qualifiers from pointer target type
evalstring.c: In function 'parse_string':
evalstring.c:444: warning: passing argument 1 of 'sigemptyset' discards
qualifiers from pointer target type
evalstring.c:445: warning: passing argument 3 of 'sigprocmask' discards
qualifiers from pointer target type
evalstring.c:497: warning: passing argument 2 of 'sigprocmask' discards
qualifiers from pointer target type

-- 
Take care
Rick Miller

More information about the freebsd-ports mailing list