OpenBSD ports changes summary for 2016-07-17 to 2016-07-24 inclusive ====================================================================
INDEX devel/libidn lang/go net/isc-bind net/libupnp sysutils/dtb www/py-django x11/kde x11/kde4 == INDEX ============================================================= 01/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/INDEX INDEX > sync, 9613 (naddy@) == devel ============================================================= 02/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/devel libidn ~ Makefile + patches/patch-lib_idna_c + patches/patch-lib_nfkc_c + patches/patch-src_idn_c > Backport code fixes to devel/libidn from r1.33; out-of-bounds reads, > memory leak and a crash with invalid UTF-8. Not doing the full update > this late before release as they also updated gnulib and m4 files. > Thanks naddy@ for autoconf help. > https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html > ok naddy (sthen@) == lang ============================================================== 03/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang go ~ Makefile ~ distinfo > Security update to 1.6.3 (CVE-2016-5386) > ok jsing@, naddy@ (pea@) == net =============================================================== 04/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net isc-bind ~ Makefile ~ distinfo > Update to BIND 9.10.4-P2, fixes CVE-2016-2775 ("getrrsetbyname with a non > absolute name could trigger an infinite recursion bug in lwres[..]"; > affects > users of lwresd and users with "lwres" enabled in their configuration). > Also has a couple of regression fixes. OK naddy@ (sthen@) - patches/patch-configure_in - patches/patch-lib_dns_dst_openssl_h - patches/patch-lib_dns_openssl_link_c - patches/patch-lib_dns_openssldh_link_c - patches/patch-lib_dns_openssldsa_link_c - patches/patch-lib_dns_opensslrsa_link_c ~ Makefile ~ distinfo TAGGED OPENBSD_5_9 > Update to BIND 9.10.4-P2, fixes CVE-2016-2775 ("getrrsetbyname with a non > absolute name could trigger an infinite recursion bug in lwres[..]"; > affects > users of lwresd and users with "lwres" enabled in their configuration). > ok sthen@ (jasper@) libupnp ~ Makefile + patches/patch-upnp_src_genlib_net_http_webserver_c > patch libupnp to not allowing unhandled POSTs to write to the filesystem. > http://www.openwall.com/lists/oss-security/2016/07/18/13 > ok naddy@ sthen@ (semarie@) ~ Makefile + patches/patch-upnp_src_genlib_net_http_webserver_c TAGGED OPENBSD_5_9 > patch libupnp to not allowing unhandled POSTs to write to the filesystem. > http://www.openwall.com/lists/oss-security/2016/07/18/13 > original commit by semarie@ > ok sthen@ (jasper@) == sysutils ========================================================== 05/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/sysutils dtb ~ Makefile + patch-arch_arm_boot_dts_imx6dl-riotboard_dts + patch-arch_arm_boot_dts_imx6q-cm-fx6_dts + patch-arch_arm_boot_dts_omap3-beagle-xm_dts + patch-arch_arm_boot_dts_omap3-beagle_dts + patch-arch_arm_boot_dts_omap4-panda-common_dtsi > The armv7 fdt console selection tries to find /chosen/stdout-path and > falls back to /aliases/serial0. > Add patches to set stdout-path for dts files that don't set stdout-path > and are known to use a serial device other than serial0 as a console. > Confirmed to restore console output on pandaboard es by abieber@ > ok sthen@ naddy@ (jsg@) == www =============================================================== 06/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www py-django ~ lts/Makefile ~ lts/distinfo ~ lts/pkg/PLIST ~ stable/Makefile ~ stable/distinfo ~ stable/pkg/PLIST > Django security releases issued: 1.9.8 and 1.8.14. > ok naddy@ (rpointel@) == x11 =============================================================== 07/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/x11 kde ~ patches-3.5.7/patch-acinclude_m4 ~ base3/Makefile ~ base3/patches/patch-configure_in + base3/files/checkpass_bsd.c + base3/patches/patch-kcheckpass_Makefile_in + base3/patches/patch-kcheckpass_kcheckpass_h + base3/patches/patch-kdm_backend_client_c + base3/patches/patch-kdm_config_def > Move KDE3's KDM and kcheckpass to BSD authentication. > This effectively unbreaks KDE3 after recent changes in getpw* land, > same way as it was done for KDE4. (zhuk@) kde4 ~ workspace/Makefile ~ workspace/patches/patch-kdm_backend_client_c > Remove recently (a few days ago) introduced debugging printout of usernames > and passwords entered inside KDE4's KDM to syslog. > okay sthen@ & naddy@ (zhuk@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
