We are glad to announce the release of PHP 5.6 to unstable. This replaces the PHP 5.3 packages. It contains also php5_module for Apache2.4 (ap24_modphp5).
Dear users, our primary mirror http://mirror.opencsw.org will be down for today due to hardware migration of our provider. In the meantime you can use the direct catalog from the buildfarm, although it has a slower internet connection as the primary mirror.
Sorry for the inconvenience — Dago
Apache 2.4.12 is pushed to unstable. This is the first apache package which contains also 64bit binaries. To activate the 64bit version run:
# svccfg -s cswapache24 'setprop general/enable_64bit = true'
Finally wget 1.16.2 has been released yesterday and I just pushed 1.16.2,REV=2015.03.01 to unstable/. This fixes CVE-2014-4877 (Absolute path traversal vulnerability).
In 2012, we wrote about the IPS repository being in the works. Unfortunately, we have done no progress on it. We’ve talked about IPS many times, and while people agree it’s a great idea to have an IPS repository, they are unable to devote time to it.
What’s needed for the IPS repo to happen? It is unlikely that any of the existing package maintainers pick this up. Somebody new needs to step up.
The closest existing thing is sfe.opencsw.org which is hosted in our domain, but it’s an entirely separate effort which shares no code with OpenCSW.
On Solaris 10, the minimum libc version for OpenCSW packages is 1.22.5. You can check it with:
pvs -no /usr/lib/libc.so
If your libc version is older than that, you need to patch / upgrade your Solaris installation before upgrading OpenCSW packages.
libc version 1.22.5 has been introduced in Solaris 10 update 8.
We are glad to announce the release of GCC 4.9.2 to unstable. Happy compiling!
Six months have passed since we’ve promoted ‘kiel’ to stable. It’s time for a new release. We’ve promoted the testing catalog ‘bratislava’ to stable, and created a new ‘munich’ catalog which has become the new testing.
The new stable catalog contains the patched CSWbash package.
Versions 0.9.8zb and 1.0.1i have landed in the unstable catalog. Thanks, Yann!
After the horrible heartbleed blug, a new set of security vulnerabilities was recently found in OpenSSL and publicly disclosed on June, 5th. Although not as serious as heartbleed, one of these new vulnerabilities allows an attacker to perform a man-in-the-middle attack, so you are strongly advised to update to openssl 1.0.1h,REV=2014.06.06, which was released in unstable, kiel and bratislava repositories on June, 6th.