Re: Vulnerable packages in ports tree 03/11

2015-11-03 Thread Giovanni Bechis 
On Tue, Nov 03, 2015 at 01:06:00AM +, Sevan / Venture37 wrote:
> net/miniupnpc - http://talosintel.com/reports/TALOS-2015-0035/
> databases/postgresql - http://www.postgresql.org/about/news/1615/
> 
databases/mariadb: 10.0.22 fixes some CVE
 Giovanni

Re: security update: postgresql 9.4.4 -> 9.4.5

2015-11-03 Thread Pierre-Emmanuel André 
On Tue, Nov 03, 2015 at 01:39:37AM -0600, Abel Abraham Camarillo Ojeda wrote:
> Hi ports
> 
> this updates postgres, deletes one patch
> because now its applied upstream.
> 
> http://www.postgresql.org/about/news/1615/
> 
> tested in amd64@ with:
> 
> $ make test NO_TEST=No
> 
> also tested dependents:
> 
> databases/p5-DBD-Pg
> databases/p5-Mojo-Pg
> 
> with $ make test;
> 
> any comments about removing NO_TEST=Yes
> in databases/postgresql? tests didn't asked for any
> user intervention nor any SYSV changes - in amd64@
> at least...
> 
> 
> comments?
> 
> thanks
> 
> patch attached as I use gmail...

Hi,

I've already sent this update to ports ;)
http://marc.info/?l=openbsd-ports&m=144431886218091&w=2

I will commit it later today (to -current and -stable).
Regards,



> Index: Makefile
> ===
> RCS file: /cvs/ports/databases/postgresql/Makefile,v
> retrieving revision 1.207
> diff -u -p -r1.207 Makefile
> --- Makefile  3 Aug 2015 07:42:30 -   1.207
> +++ Makefile  3 Nov 2015 07:32:39 -
> @@ -11,7 +11,7 @@ BROKEN-sparc=   Requires v9|v9a|v9b; reque
>  # DO NOT FORGET to also change the @ask-update entry in pkg/PLIST-server
>  # in case a dump before / restore after pkg_add -u is required!
>  
> -VERSION= 9.4.4
> +VERSION= 9.4.5
>  DISTNAME=postgresql-${VERSION}
>  PKGNAME-main=postgresql-client-${VERSION}
>  PKGNAME-server=  postgresql-server-${VERSION}
> Index: distinfo
> ===
> RCS file: /cvs/ports/databases/postgresql/distinfo,v
> retrieving revision 1.57
> diff -u -p -r1.57 distinfo
> --- distinfo  22 Jun 2015 07:29:42 -  1.57
> +++ distinfo  3 Nov 2015 07:32:39 -
> @@ -1,2 +1,2 @@
> -SHA256 (postgresql-9.4.4.tar.gz) = 
> mm885nfV8UmQH8dsEZgokahGvLkogGnZGBHatqGBF2Y=
> -SIZE (postgresql-9.4.4.tar.gz) = 23113477
> +SHA256 (postgresql-9.4.5.tar.gz) = 
> qh15GK54Kg/F4Yhv1GP8iQPl/8PrbTtRUABlrsmIohA=
> +SIZE (postgresql-9.4.5.tar.gz) = 23211720
> Index: patches/patch-src_include_storage_barrier_h
> ===
> RCS file: patches/patch-src_include_storage_barrier_h
> diff -N patches/patch-src_include_storage_barrier_h
> --- patches/patch-src_include_storage_barrier_h   16 Jan 2015 23:24:15 
> -  1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -
> @@ -1,15 +0,0 @@
> -$OpenBSD: patch-src_include_storage_barrier_h,v 1.1 2015/01/16 23:24:15 
> landry Exp $
> -
> -fix build on alpha
> -
>  src/include/storage/barrier.h.orig   Fri Jan 16 13:08:20 2015
> -+++ src/include/storage/barrier.hFri Jan 16 13:24:05 2015
> -@@ -117,7 +117,7 @@ extern slock_t dummy_spinlock;
> -  * read barrier to cover that case.  We might need to add that later.
> -  */
> - #define pg_memory_barrier() __asm__ __volatile__ ("mb" : : : 
> "memory")
> --#define pg_read_barrier()   __asm__ __volatile__ ("rmb" : : : 
> "memory")
> -+#define pg_read_barrier()   __asm__ __volatile__ ("mb" : : : 
> "memory")
> - #define pg_write_barrier()  __asm__ __volatile__ ("wmb" : : : 
> "memory")
> - #elif defined(__hppa) || defined(__hppa__)  /* HP PA-RISC */
> - 
> Index: pkg/PLIST-docs
> ===
> RCS file: /cvs/ports/databases/postgresql/pkg/PLIST-docs,v
> retrieving revision 1.69
> diff -u -p -r1.69 PLIST-docs
> --- pkg/PLIST-docs22 Jun 2015 07:29:42 -  1.69
> +++ pkg/PLIST-docs3 Nov 2015 07:32:39 -
> @@ -485,6 +485,7 @@ share/doc/postgresql/html/monitoring-ps.
>  share/doc/postgresql/html/monitoring-stats.html
>  share/doc/postgresql/html/monitoring.html
>  share/doc/postgresql/html/multibyte.html
> +share/doc/postgresql/html/mvcc-caveats.html
>  share/doc/postgresql/html/mvcc-intro.html
>  share/doc/postgresql/html/mvcc.html
>  share/doc/postgresql/html/nls-programmer.html
> @@ -826,6 +827,7 @@ share/doc/postgresql/html/release-9-0-2.
>  share/doc/postgresql/html/release-9-0-20.html
>  share/doc/postgresql/html/release-9-0-21.html
>  share/doc/postgresql/html/release-9-0-22.html
> +share/doc/postgresql/html/release-9-0-23.html
>  share/doc/postgresql/html/release-9-0-3.html
>  share/doc/postgresql/html/release-9-0-4.html
>  share/doc/postgresql/html/release-9-0-5.html
> @@ -844,6 +846,7 @@ share/doc/postgresql/html/release-9-1-15
>  share/doc/postgresql/html/release-9-1-16.html
>  share/doc/postgresql/html/release-9-1-17.html
>  share/doc/postgresql/html/release-9-1-18.html
> +share/doc/postgresql/html/release-9-1-19.html
>  share/doc/postgresql/html/release-9-1-2.html
>  share/doc/postgresql/html/release-9-1-3.html
>  share/doc/postgresql/html/release-9-1-4.html
> @@ -858,6 +861,7 @@ share/doc/postgresql/html/release-9-2-10
>  share/doc/postgresql/html/release-9-2-11.html
>  share/doc/postgresql/html/release-9-2-12.html
>  share/doc/postgresql/html/release-9-2-13.html
> +share/doc/

Re: Vulnerable packages in ports tree 03/11

2015-11-03 Thread Pierre-Emmanuel André 
On Tue, Nov 03, 2015 at 01:06:00AM +, Sevan / Venture37 wrote:
> net/miniupnpc - http://talosintel.com/reports/TALOS-2015-0035/
> databases/postgresql - http://www.postgresql.org/about/news/1615/
> 

I will commit the PostgreSQL update today.
Thanks,

Re: Vulnerable packages in ports tree 03/11

2015-11-03 Thread David Coppa 
On Tue, 03 Nov 2015, Sevan / Venture37 wrote:

> net/miniupnpc - http://talosintel.com/reports/TALOS-2015-0035/

Here's a diff for miniupnpc:

Index: Makefile
===
RCS file: /cvs/ports/net/miniupnp/miniupnpc/Makefile,v
retrieving revision 1.6
diff -u -p -u -p -r1.6 Makefile
--- Makefile3 Feb 2014 13:30:52 -   1.6
+++ Makefile3 Nov 2015 11:14:12 -
@@ -10,6 +10,8 @@ DISTNAME= miniupnpc-${MODPY_EGG_VERSION}
 PKGNAME-main=  ${DISTNAME}
 PKGNAME-python= py-${DISTNAME}
 
+REVISION-main= 0
+
 SHARED_LIBS += miniupnpc 2.0
 
 WANTLIB-main += c
Index: patches/patch-igd_desc_parse_c
===
RCS file: patches/patch-igd_desc_parse_c
diff -N patches/patch-igd_desc_parse_c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-igd_desc_parse_c  3 Nov 2015 11:14:12 -
@@ -0,0 +1,23 @@
+$OpenBSD$
+
+commit 79cca974a4c2ab1199786732a67ff6d898051b78
+Author: Thomas Bernard 
+Date:   Tue Sep 15 15:32:33 2015 +0200
+
+igd_desc_parse.c: fix buffer overflow
+
+http://talosintel.com/reports/TALOS-2015-0035/
+
+--- igd_desc_parse.c.orig  Mon Apr 11 11:19:37 2011
 igd_desc_parse.c   Tue Nov  3 12:08:09 2015
+@@ -15,7 +15,9 @@
+ void IGDstartelt(void * d, const char * name, int l)
+ {
+   struct IGDdatas * datas = (struct IGDdatas *)d;
+-  memcpy( datas->cureltname, name, l);
++  if(l >= MINIUPNPC_URL_MAXSIZE)
++  l = MINIUPNPC_URL_MAXSIZE-1;
++  memcpy(datas->cureltname, name, l);
+   datas->cureltname[l] = '\0';
+   datas->level++;
+   if( (l==7) && !memcmp(name, "service", l) ) {

Re: [UPDATE] sysutils/tarsnap-gui

2015-11-03 Thread James Turner 
On Mon, Nov 02, 2015 at 11:07:11PM -0500, Josh Grosse wrote:
> Updated to version 0.7.  Tested on amd64, with both a simple tiling
> window manager and also with Gnome, to test a new notification feature.
> 
> A pkg-readme was added with one paragraph of upgrade notes, excerpted
> from the upstream CHANGELOG.  
> 
> OK?

Looks good. I can commit tonight.

-- 
James Turner

Re: NEW: textproc/wkhtmltopdf

2015-11-03 Thread Frank Groeneveld 

On 10/31/15 16:47, Frank Groeneveld wrote:

Ping?

It's quite a simple port which only takes a few minutes to build on my
machine. You can then test it by running something like:
wkhtmltopdf http://www.openbsd.org/ openbsd.pdf

Frank


As noted by somebody off-list, it might be useful to have the port 
attached again to my ping mail, so people don't have to search for it. 
I've attached it to this mail. Please let me know what you think about it.


Frank


wkhtmltopdf-port-0.12.2.4p0.tar.gz
Description: application/gzip

Re: NEW: net/tinc

2015-11-03 Thread Rafael Sadowski 
On Mon Nov 02, 2015 at 10:35:42PM +, Stuart Henderson wrote:
> On 2015/11/02 22:08, Stuart Henderson wrote:
> > I've got a bit more on top of this, will send it in a bit..
> > 
> 
> - remove pointless lines from Makefile
> - install sample config
> - patch out mentions of '/dev/tun* link0' for OpenBSD, this is now /dev/tap*
> - add a uid, use it and chroot in tincd.rc
> - no need to override the standard functions in tincd.rc
> 

Great modifications! Thank you Stuart.
Review and build by me and runtime test by Uwe with a complex TOR setup.

>
> It could maybe also do with a little README showing people which files to edit
> and how to set tincd_flags in rc.conf.local to override the default config.

I don't think so, tincd(8) and tinc.conf(5) are looking complete for me and
rc(8) manuals are perfect. All manuals with examples, so okay from me.

Cheers, Rafael

Re: NEW: textproc/wkhtmltopdf

2015-11-03 Thread Landry Breuil 
On Tue, Nov 03, 2015 at 07:53:21PM +0100, Frank Groeneveld wrote:
> On 10/31/15 16:47, Frank Groeneveld wrote:
> >Ping?
> >
> >It's quite a simple port which only takes a few minutes to build on my
> >machine. You can then test it by running something like:
> >wkhtmltopdf http://www.openbsd.org/ openbsd.pdf
> >
> >Frank
> 
> As noted by somebody off-list, it might be useful to have the port attached
> again to my ping mail, so people don't have to search for it. I've attached
> it to this mail. Please let me know what you think about it.

That reads good to me - minor nit, if you run make update-plist it
should remove the man/ man/man1/ dirs from the PLIST which i think are
not needed.

As for the background dep on QT4, i highly prefer depending on the
existing one instead of building another bundled copy, so the way you
did it makes perfect sense.

(note: havent built/tested it yet)

Landry

Re: www/youtube-dl fetch fails due to ssl handshake failure

2015-11-03 Thread Markus Lude 
On Mon, Nov 02, 2015 at 08:53:41PM +, Stuart Henderson wrote:
> On 2015/11/02 19:45, Markus Lude wrote:
> > On Sat, Oct 24, 2015 at 09:05:27PM +0200, Markus Lude wrote:
> > > Hello Paul,
> > 
> > Hello again,
> > 
> > > make fetch fails for recent youtube-dl:
> > > 
> > > ===>  Checking files for youtube-dl-2015.10.24
> > > >> Fetch 
> > > >> https://yt-dl.org/downloads/2015.10.24/youtube-dl-2015.10.24.tar.gz
> > > ftp: SSL read error: read failed: error:140940E5:SSL 
> > > routines:SSL3_READ_BYTES:ssl handshake failure
> > 
> > recent update to youtube-dl-2015.11.01 fails too at the dowenload stage:
> > 
> > ===>  Checking files for youtube-dl-2015.11.01
> > >> Fetch https://yt-dl.org/downloads/2015.11.01/youtube-dl-2015.11.01.tar.gz
> > ftp: SSL read error: read failed: error:140940E5:SSL 
> > routines:SSL3_READ_BYTES:ssl handshake failure
> > 
> > 
> > quick workaround: use http instead?
> >  
> > Regards,
> > Markus
> > 
> 
> The https server for yt-dl.org requires SNI, is there anything unusual
> about the way you're connecting to it (weird proxy or something)?
 
I'm not aware of any proxy (yet).

> It would be interesting to see what 'nc -vvc yt-dl.org 443' says.

$ nc -vvc yt-dl.org 443
Connection to yt-dl.org 443 port [tcp/https] succeeded!
TLS handshake negotiated TLSv1.2/DHE-RSA-AES256-GCM-SHA384 with host yt-dl.org
Peer name yt-dl.org
Subject: /OU=Domain Control Validated/OU=PositiveSSL/CN=yt-dl.org
Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA 
Domain Validation Secure Server CA
Cert Hash: 
SHA256:a396c2fb2644a50328b208e335e897a7639a7a2f2a22ae7f04d6908322a9429c

Re: www/youtube-dl fetch fails due to ssl handshake failure

2015-11-03 Thread Stuart Henderson 
On 2015/11/03 22:13, Markus Lude wrote:
> On Mon, Nov 02, 2015 at 08:53:41PM +, Stuart Henderson wrote:
> > On 2015/11/02 19:45, Markus Lude wrote:
> > > On Sat, Oct 24, 2015 at 09:05:27PM +0200, Markus Lude wrote:
> > > > Hello Paul,
> > > 
> > > Hello again,
> > > 
> > > > make fetch fails for recent youtube-dl:
> > > > 
> > > > ===>  Checking files for youtube-dl-2015.10.24
> > > > >> Fetch 
> > > > >> https://yt-dl.org/downloads/2015.10.24/youtube-dl-2015.10.24.tar.gz
> > > > ftp: SSL read error: read failed: error:140940E5:SSL 
> > > > routines:SSL3_READ_BYTES:ssl handshake failure
> > > 
> > > recent update to youtube-dl-2015.11.01 fails too at the dowenload stage:
> > > 
> > > ===>  Checking files for youtube-dl-2015.11.01
> > > >> Fetch 
> > > >> https://yt-dl.org/downloads/2015.11.01/youtube-dl-2015.11.01.tar.gz
> > > ftp: SSL read error: read failed: error:140940E5:SSL 
> > > routines:SSL3_READ_BYTES:ssl handshake failure
> > > 
> > > 
> > > quick workaround: use http instead?
> > >  
> > > Regards,
> > > Markus
> > > 
> > 
> > The https server for yt-dl.org requires SNI, is there anything unusual
> > about the way you're connecting to it (weird proxy or something)?
>  
> I'm not aware of any proxy (yet).
> 
> > It would be interesting to see what 'nc -vvc yt-dl.org 443' says.
> 
> $ nc -vvc yt-dl.org 443
> Connection to yt-dl.org 443 port [tcp/https] succeeded!
> TLS handshake negotiated TLSv1.2/DHE-RSA-AES256-GCM-SHA384 with host yt-dl.org
> Peer name yt-dl.org
> Subject: /OU=Domain Control Validated/OU=PositiveSSL/CN=yt-dl.org
> Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO 
> RSA Domain Validation Secure Server CA
> Cert Hash: 
> SHA256:a396c2fb2644a50328b208e335e897a7639a7a2f2a22ae7f04d6908322a9429c
> 

That's exactly what I'd expect from nc - that's odd though... if nc can
connect, I don't think there's any reason why ftp shouldn't be able to
(since jca added SNI support in 2014).

Not really sure what to suggest...

py-acme, plus deps

2015-11-03 Thread Stuart Henderson 
Attached tgz contains:

textproc/py-pyRFC3339 - python library for the RFC-3339 date format.

www/py-ndg-httpsclient - https client using py-openssl rather than the
built-in python SSL support.

The above two are dependencies of:

security/py-acme - python library for the ACME protocol used by
letsencrypt. This is a devel release and isn't expected to be perfect
yet but it's required for the client software for the letsencrypt CA
and would be useful to have around.

any OKs to import?


py-acme-and-friends.tgz
Description: application/tar-gz

Re: py-acme, plus deps

2015-11-03 Thread Stuart Henderson 
On 2015/11/03 22:42, Stuart Henderson wrote:
> Attached tgz contains:
> 
> textproc/py-pyRFC3339 - python library for the RFC-3339 date format.
> 
> www/py-ndg-httpsclient - https client using py-openssl rather than the
> built-in python SSL support.
> 
> The above two are dependencies of:
> 
> security/py-acme - python library for the ACME protocol used by
> letsencrypt. This is a devel release and isn't expected to be perfect
> yet but it's required for the client software for the letsencrypt CA
> and would be useful to have around.
> 
> any OKs to import?

(pretend the WANTLIB lines aren't there ;)

[NEW] database/liquibase

2015-11-03 Thread Bryan C. Everly 
Here is a port of liquibase.

>From pkg/DESCR:

Liquibase is a Java-based command-line tool that allows you to build and
maintain a SQL database schema using a series of "changeset" files that can
be checked into a version control system.  This allows the database schema
to be just another piece of your application that can be versioned and
maintained, just like any other piece of source code.

See http://liquibase.org for full documentation.


Comments or recommendations gratefully accepted.  I had originally wanted
to pull the source and build it; however, as this uses Maven, the build is
dynamic and will pull down other files which will break the build process
for the binary packages.  Given that, I felt the best approach would be to
pull the official "compiled" jarfile instead, as security/burpsuite does.

As I am not a committer, I will need someone to commit the changes on my
behalf if approved.

Thanks,
Bryan


liquibase.tgz
Description: GNU Zip compressed data

Re: Vulnerable packages in ports tree 03/11

2015-11-03 Thread Sevan / Venture37 
devel/jdk/1.7 & 1.8
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA

Re: Clarification about out-of-date script

2015-11-03 Thread Juan Francisco Cantero Hurtado 
On Tue, Nov 03, 2015 at 10:38:17AM +0500, Артур Истомин wrote:
> On Tue, Nov 03, 2015 at 02:19:51AM +0100, Juan Francisco Cantero Hurtado 
> wrote:
> > On Sun, Nov 01, 2015 at 11:41:21PM +0500, Артур Истомин wrote:
> > > Here is output on my system, OpenBSD 5.8, from out-of-date script:
> > > 
> > > databases/postgresql,-server   # @libxml-2.9.2p1 -> @libxml-2.9.2p2
> > > devel/quirks   # always-update -> quirks-2.114
> > > editors/libreoffice,-main  # @libxslt-1.1.28p2 -> @libxslt-1.1.28p3
> > > misc/shared-mime-info  # @libxml-2.9.2p1 -> @libxml-2.9.2p2
> > > multimedia/libbluray   # @libxml-2.9.2p1 -> @libxml-2.9.2p2
> > > print/cups,-libs   # @gnutls-3.3.16 -> @gnutls-3.3.16p0
> > > textproc/raptor# @libxslt-1.1.28p2 -> @libxslt-1.1.28p3
> > > x11/gnome/librsvg  # @gdk-pixbuf-2.30.8p1,@libxml-2.9.2p1 -> 
> > > @gdk-pixbuf-2.30.8p3,@libxml-2.9.2p2
> > > x11/gtk+2,-main# @gdk-pixbuf-2.30.8p1 -> 
> > > @gdk-pixbuf-2.30.8p3
> > > x11/gtk+3,-guic# @gdk-pixbuf-2.30.8p1 -> 
> > > @gdk-pixbuf-2.30.8p3
> > > x11/kde/libs3,-main# @libxslt-1.1.28p2 -> @libxslt-1.1.28p3
> > > 
> > > Am I right, that left column is ports/packages that can be updated; right
> > > column is reason why they need to be updated?
> > 
> > Yes.
> > 
> > > Also is it true that in my case I can ignore all this updates because
> > > all ports from left column are dynamicaly linked with already updated
> > > library from right column?
> > 
> > No. Those ports use the outdated version of the library.
> 
> Can You elaborate, please, I don't understand. E.g. shared-mime-info.
> 
> $ ldd /usr/local/bin/update-mime-database | grep libxml
> 1d0114c0 1d011515f000 rlib 01   0  
> /usr/local/lib/libxml2.so.15.1
> 
> $ pkg_info | grep libxml  
>   
>
> libxml-2.9.2p2  XML parsing library
> 
> So libxml already updated. If I understand correctly: if libxml updated and 
> update-mime-database
> _dynamicaly_ linked to it there is no need further intervention, is not is so?

If a new version of a port doesn't change the version number of the
lib, then the ports which depend of the lib will use the updated
version.

If there is an increase in the version number of the lib (SHARED_LIBS
in the Makefile, unrelated to the version of the port), then the ports
will use the outdated library.

"pkg_info -A | grep ^\\." shows the outdated libs.

-- 
Juan Francisco Cantero Hurtado http://juanfra.info

[UPDATE] security/libssh

2015-11-03 Thread Remi Pointel 

Hi,

this is the diff to update libssh to latest release.

Ok?

Cheers,

Remi.
Index: Makefile
===
RCS file: /cvs/ports/security/libssh/Makefile,v
retrieving revision 1.12
diff -u -p -u -p -r1.12 Makefile
--- Makefile9 Feb 2015 08:16:54 -   1.12
+++ Makefile3 Nov 2015 15:19:01 -
@@ -2,15 +2,16 @@
 
 COMMENT =  C library implementing server and client side
 # XXX if updating, check the number in the MASTER_SITES path
-DISTNAME = libssh-0.6.4
+DISTNAME = libssh-0.7.2
 
-SHARED_LIBS += ssh 1.1 # 4.5
-SHARED_LIBS += ssh_threads 1.1 # 4.5
+SHARED_LIBS += ssh 2.0 # 4.5
+SHARED_LIBS += ssh_threads 2.0 # 4.5
 
 CATEGORIES =   security devel
 
 HOMEPAGE = http://www.libssh.org/
-MASTER_SITES = https://red.libssh.org/attachments/download/107/
+MASTER_SITES = https://red.libssh.org/attachments/download/177/
+EXTRACT_SUFX = .tar.xz
 
 MAINTAINER =   Remi Pointel 
 
Index: distinfo
===
RCS file: /cvs/ports/security/libssh/distinfo,v
retrieving revision 1.9
diff -u -p -u -p -r1.9 distinfo
--- distinfo9 Feb 2015 08:16:54 -   1.9
+++ distinfo3 Nov 2015 15:19:01 -
@@ -1,2 +1,2 @@
-SHA256 (libssh-0.6.4.tar.gz) = fjIF4ulb81sjuDpkhafVmr58dUbQG3KPaRzww3Qha1I=
-SIZE (libssh-0.6.4.tar.gz) = 381835
+SHA256 (libssh-0.7.2.tar.xz) = oyxFuWdBQcq0vehN7X1T6TEHbGsPELj9Yn81hPrrrmI=
+SIZE (libssh-0.7.2.tar.xz) = 350540
Index: pkg/PLIST
===
RCS file: /cvs/ports/security/libssh/pkg/PLIST,v
retrieving revision 1.5
diff -u -p -u -p -r1.5 PLIST
--- pkg/PLIST   9 Feb 2015 08:16:54 -   1.5
+++ pkg/PLIST   3 Nov 2015 15:19:01 -
@@ -3,6 +3,7 @@ include/libssh/
 include/libssh/callbacks.h
 include/libssh/legacy.h
 include/libssh/libssh.h
+include/libssh/libsshpp.hpp
 include/libssh/server.h
 include/libssh/sftp.h
 include/libssh/ssh2.h