OpenBSD ports changes summary for 2017-06-08 ============================================
databases/mongodb devel/kf5 devel/ocaml-ocamlbuild devel/quirks devel/ruby-bundler games/spaceinvaders graphics/img2pdf graphics/quirc lang/gprolog mail mail/teapop net/py-botocore net/py-geventhttpclient net/unifi security/gnutls security/pcsc-lite sysutils/amazon-ssm-agent sysutils/awscli sysutils/coreutils sysutils/google-cloud-sdk sysutils/syslog-ng sysutils/terraform telephony/baresip telephony/libzrtp www/kibana x11 x11/x2goclient == databases ========================================================= 01/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/databases mongodb ~ Makefile ~ distinfo + patch-src_mongo_util_processinfo_openbsd_cpp > update to MongoDB-3.2.13, from Andrew Aldridge (sthen@) == devel ============================================================= 02/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/devel kf5 - kactivities/patches/patch-autotests_common_test_h > Kill patch already present in 5.34.0, missed in previous > Spotted by espie@ (jca@) ocaml-ocamlbuild ~ Makefile > don't peek in /usr/local during fake (espie@) quirks ~ Makefile ~ files/Quirks.pm > remove old port mail/teapop; broken since getpwnam_shadow changes, 2003 > code, > no update in ports since 2006, homepage is 404. ok fcambus@ danj@ (sthen@) ruby-bundler ~ Makefile ~ distinfo ~ pkg/PLIST > Update bundler to 1.15.1. > ok jeremy@ (anton@) == games ============================================================= 03/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/games spaceinvaders ~ Makefile ~ distinfo > update to spaceinvaders-1.4. > remove do-build section since latest version can do 'make all'. > ok tb@ (mglocker@) == graphics ========================================================== 04/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/graphics img2pdf ~ Makefile ~ distinfo > Update to img2pdf-0.2.4 (czarkoff@) quirc ~ Makefile ~ distinfo > update to libquirc-1.0 (czarkoff@) == lang ============================================================== 05/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang gprolog - patches/patch-Fd2C_Makefile_in - patches/patch-Pl2Wam_Makefile_in - patches/patch-TopComp_Makefile_in ~ Makefile ~ distinfo ~ patches/patch-EnginePl_machine_h ~ patches/patch-EnginePl_obj_chain_h ~ patches/patch-Ma2Asm_Makefile_in ~ patches/patch-Makefile_in ~ patches/patch-Pl2Wam_check_boot ~ pkg/PLIST + patches/patch-configure_in > update to 1.4.4, fix configure so that various patches are no longer needed > maintainer timeout (espie@) == mail ============================================================== 06/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail mail ~ Makefile > remove old port mail/teapop; broken since getpwnam_shadow changes, 2003 > code, > no update in ports since 2006, homepage is 404. ok fcambus@ danj@ (sthen@) teapop - Makefile - distinfo - patches/patch-etc_Makefile_in - patches/patch-teapop_Makefile_in - pkg/DESCR - pkg/PLIST > remove old port mail/teapop; broken since getpwnam_shadow changes, 2003 > code, > no update in ports since 2006, homepage is 404. ok fcambus@ danj@ (sthen@) == net =============================================================== 07/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net py-botocore ~ Makefile ~ distinfo ~ pkg/PLIST > Update to py-botocore-1.5.63. (ajacoutot@) py-geventhttpclient ~ Makefile > fix tests > No changes in the package contents, thus no revision bump (czarkoff@) unifi ~ Makefile ~ distinfo > update to unifi-5.4.18 stable candidate (sthen@) == security ========================================================== 08/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/security gnutls ~ Makefile + patches/patch-lib_ext_status_request_c TAGGED OPENBSD_6_1 > Fix for GNUTLS-SA-2017-4 > - decoding a status response TLS extension with valid contents could lead > to a crash due to a null pointer dereference (ajacoutot@) ~ Makefile ~ distinfo TAGGED OPENBSD_6_1 > SECURITY update to gnutls-3.5.13. > GNUTLS-SA-2017-4: decoding a status response TLS extension with valid > contents could lead to a crash due to a null pointer dereference > (ajacoutot@) pcsc-lite - patches/patch-src_error_c ~ Makefile > Remove local hack and switch to gcc from ports. > I'm not sure and there could even be security implications... > https://github.com/LudovicRousseau/PCSC/commit/eab1d67295e4e1d5c12bbca77bc5 > 7c50fd384a4e (dcoppa@) == sysutils ========================================================== 09/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/sysutils amazon-ssm-agent ~ Makefile ~ distinfo > Update to amazon-ssm-agent-2.0.805.0. (ajacoutot@) awscli ~ Makefile ~ distinfo > Update to awscli-1.11.100. (ajacoutot@) coreutils ~ Makefile > bcallah takes maintainer (sthen@) google-cloud-sdk ~ Makefile ~ distinfo ~ pkg/PLIST > Update to google-cloud-sdk-158.0.0. (ajacoutot@) syslog-ng - patches/patch-lib_tlscontext_c - patches/patch-modules_afmongodb_libmongo-client_src_mongo-utils_c ~ Makefile ~ distinfo ~ files/syslog-ng.conf ~ patches/patch-Makefile_in ~ patches/patch-configure ~ patches/patch-libtest_mock-transport_c ~ patches/patch-modules_afsocket_transport-unix-socket_c ~ patches/patch-modules_dbparser_patternize_c ~ pkg/PLIST > update to 3.9.1 (steven@) terraform ~ Makefile ~ distinfo > Update to terraform-0.9.8. (ajacoutot@) == telephony ========================================================= 10/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/telephony baresip ~ baresip/Makefile ~ baresip/distinfo ~ baresip/patches/patch-src_config_c ~ baresip/pkg/PLIST-main ~ re/Makefile ~ re/distinfo ~ re/patches/patch-Makefile ~ rem/Makefile ~ rem/distinfo > Update to baresip-0.5.3, rem-0.5.1, re-0.5.3 > While at it, disable Daala support, as corresponding module is not being > updated upstream. (czarkoff@) libzrtp - patches/patch-Makefile_am - patches/patch-configure_in - patches/patch-include_zrtp_config_h - patches/patch-include_zrtp_config_user_h - patches/patch-src_zrtp_c ~ Makefile ~ distinfo ~ pkg/PLIST > update to libzrtp-0.20170606 > In the process: > * change upstream to https://github.com/juha-h/libzrtp > * remove patches that are already integrated by upstream > * avoid hidden dependency on doxygen (czarkoff@) == www =============================================================== 11/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www kibana ~ Makefile ~ distinfo ~ pkg/PLIST > security update to kibana-5.4.1, from Pavel Korovin, ok pea@ > (-stable has 5.2.2 which isn't affected) > ESA-2017-07 CVE-2017-8439 2017-06-01 Kibana version 5.4.0 was affected > by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. > This bug could allow an attacker to obtain sensitive information from > Kibana users. All Kibana 5.4.0 users should upgrade to version 5.4.1. > If upgrading is impossible, the time series visual builder can be > disabled by setting metrics.enabled: false in the kibana.yml. Note that > this will trigger a re-optimization when you restart Kibana. > ESA-2017-08 CVE-2017-8440 2017-06-01 Starting in version 5.3.0, Kibana > had a cross-site scripting (XSS) vulnerability in the Discover page > that could allow an attacker to obtain sensitive information from or > perform destructive actions on behalf of other Kibana users. Thanks to > Thomas G ytil for reporting this issue. All users of Kibana 5.3 or 5.4 > should upgrade to versions 5.3.3 and 5.4.1. (sthen@) == x11 =============================================================== 12/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/x11 x11 ~ Makefile > unhook x2goclient (rsadowski@) x2goclient + Makefile + distinfo + patches/patch-src_sshmasterconnection_cpp + patches/patch-src_sshprocess_cpp + patches/patch-x2goclient_pro + pkg/DESCR + pkg/PLIST > New import: > Import x11/x2goclient 4.1.0.0 =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
