From c9f813ae1104f74ef538d6ac23186d9605fc6fb3 Mon Sep 17 00:00:00 2001
From: Leonardo Taccari <leot@NetBSD.org>
Date: Sat, 26 Dec 2020 13:01:37 +0100
Subject: [PATCH] *: Add reference to CVE-2020-35711

Affecting arc-swap crate before 0.4.8.
---
 amp-editor/TODO |  2 ++
 pack/TODO       |  2 ++
 spotifyd/TODO   | 89 ++-----------------------------------------------
 texlab/TODO     |  6 ++--
 4 files changed, 8 insertions(+), 91 deletions(-)
 create mode 100644 amp-editor/TODO
 create mode 100644 pack/TODO

diff --git a/amp-editor/TODO b/amp-editor/TODO
new file mode 100644
index 0000000000..313976168d
--- /dev/null
+++ b/amp-editor/TODO
@@ -0,0 +1,2 @@
+This package has known vulnerabilities, please investigate and fix if possible:
+  CVE-2020-35711
diff --git a/pack/TODO b/pack/TODO
new file mode 100644
index 0000000000..313976168d
--- /dev/null
+++ b/pack/TODO
@@ -0,0 +1,2 @@
+This package has known vulnerabilities, please investigate and fix if possible:
+  CVE-2020-35711
diff --git a/spotifyd/TODO b/spotifyd/TODO
index 871aff8ff3..313976168d 100644
--- a/spotifyd/TODO
+++ b/spotifyd/TODO
@@ -1,87 +1,2 @@
-## Todo
-
-1. In the Makefile there is this todo item:
-
-		# TODO investigate why this is needed
-		CHECK_WRKREF_SKIP+=	bin/spotifyd
-
-
-## Done
-
-1. Need to somewhat manually create patches. mkpatches doesn't pick up changes
-from vendor directory. E.g, do `pkgdiff` in the directory and then edit patch
-to reference correct location like:
-
-		../vendor/daemonize-0.2.3/src/ffi.rs
-
-2. Figure out why it can't find OpenSSL. Building _normally_ works fine, so
-something to do with pkgsrc. Maybe need to set a variable somewhere.
-
-		error: failed to run custom build command for `openssl-sys v0.9.39`
-		process didn't exit successfully: `/usr/pkgsrc/wip/spotifyd/work/spotifyd-0.2.3/target/release/build/openssl-sys-db8d42dae8a7dcaf/build-script-main` (exit code: 101)
-		--- stdout
-		cargo:rerun-if-env-changed=X86_64_UNKNOWN_NETBSD_OPENSSL_LIB_DIR
-		cargo:rerun-if-env-changed=OPENSSL_LIB_DIR
-		cargo:rerun-if-env-changed=X86_64_UNKNOWN_NETBSD_OPENSSL_INCLUDE_DIR
-		cargo:rerun-if-env-changed=OPENSSL_INCLUDE_DIR
-		cargo:rerun-if-env-changed=X86_64_UNKNOWN_NETBSD_OPENSSL_DIR
-		cargo:rerun-if-env-changed=OPENSSL_DIR
-		run pkg_config fail: "Failed to run `\"\" \"--libs\" \"--cflags\" \"openssl\"`: No such file or directory (os error 2)"
-
-		--- stderr
-		thread 'main' panicked at '
-
-		Could not find directory of OpenSSL installation, and this `-sys` crate cannot
-		proceed without this knowledge. If OpenSSL is installed and this crate had
-		trouble finding it,  you can set the `OPENSSL_DIR` environment variable for the
-		compilation process.
-
-		Make sure you also have the development packages of openssl installed.
-		For example, `libssl-dev` on Ubuntu or `openssl-devel` on Fedora.
-
-		If you're in a situation where you think the directory *should* be found
-		automatically, please open a bug at https://github.com/sfackler/rust-openssl
-		and include information about your system as well as this message.
-
-		    $HOST = x86_64-unknown-netbsd
-		    $TARGET = x86_64-unknown-netbsd
-		    openssl-sys = 0.9.39
-
-	Needed to set these:
-
-		MAKE_ENV+= OPENSSL_INCLUDE_DIR=/usr/include/openssl
-		MAKE_ENV+= OPENSSL_LIB_DIR=/usr/lib
-
-	Actually though I probably need to copy what tealdeer does with openssl
-
-3. In updating to spotifyd 0.2.5 ran into some issues with nix and libc
-
-		 error[E0425]: cannot find function `fexecve` in module `libc`
-		   --> /usr/pkgsrc/wip/spotifyd/work/vendor/nix-0.11.0/src/unistd.rs:655:15
-		    |
-		655 |         libc::fexecve(fd, args_p.as_ptr(), env_p.as_ptr())
-		    |               ^^^^^^^ did you mean `execve`?
-		help: possible candidate is found in another module, you can import it into scope
-		    |
-		3   | use unistd::fexecve;
-		    |
-
-		error: aborting due to previous error
-
-		For more information about this error, try `rustc --explain E0425`.
-		error: Could not compile `nix`.
-		warning: build failed, waiting for other jobs to finish...
-		error: build failed
-		*** Error code 101
-
-	The relevant PRs for this are:
-
-		- https://github.com/nix-rust/nix/pull/1000
-		- https://github.com/rust-lang/libc/pull/1201
-
-	In a nutshell the problem is that libc was updated to remove `fexecve`
-	for netbsd-like platforms as it's irrelevant, but spotifyd has dependencies on
-	older versions of nix that still look for this function so we need to patch one
-	of these older versions to remove this function. Rust dependency management is
-	obviously not solving _all_ the problems although it is nice (I think?) how you
-	can be dependent on multiple versions of the same thing.
+This package has known vulnerabilities, please investigate and fix if possible:
+  CVE-2020-35711
diff --git a/texlab/TODO b/texlab/TODO
index 2b9964a5c2..313976168d 100644
--- a/texlab/TODO
+++ b/texlab/TODO
@@ -1,4 +1,2 @@
-Needs support in lang/rust/cargo.mk for crates that are not on
-crates.io, or some workaround.
-
-https://mail-index.netbsd.org/tech-pkg/2020/05/20/msg023190.html
+This package has known vulnerabilities, please investigate and fix if possible:
+  CVE-2020-35711