wget 1.16.2

March 1st, 2015

Finally wget 1.16.2 has been released yesterday and I just pushed 1.16.2,REV=2015.03.01 to unstable/. This fixes CVE-2014-4877 (Absolute path traversal vulnerability).

No progress on the IPS repository

January 11th, 2015

In 2012, we wrote about the IPS repository being in the works. Unfortunately, we have done no progress on it. We’ve talked about IPS many times, and while people agree it’s a great idea to have an IPS repository, they are unable to devote time to it.

What’s needed for the IPS repo to happen? It is unlikely that any of the existing package maintainers pick this up. Somebody new needs to step up.

The closest existing thing is sfe.opencsw.org which is hosted in our domain, but it’s an entirely separate effort which shares no code with OpenCSW.

Minimum libc version is 1.22.5

December 14th, 2014

On Solaris 10, the minimum libc version for OpenCSW packages is 1.22.5. You can check it with:

pvs -no /usr/lib/libc.so

If your libc version is older than that, you need to patch / upgrade your Solaris installation before upgrading OpenCSW packages.

libc version 1.22.5 has been introduced in Solaris 10 update 8.

GCC 4.9.2 released

November 25th, 2014

We are glad to announce the release of GCC 4.9.2 to unstable. Happy compiling!

New stable release: bratislava

September 29th, 2014

Six months have passed since we’ve promoted ‘kiel’ to stable. It’s time for a new release. We’ve promoted the testing catalog ‘bratislava’ to stable, and created a new ‘munich’ catalog which has become the new testing.

The new stable catalog contains the patched CSWbash package.

original announcement

Yet another OpenSSL security update

August 10th, 2014

Versions 0.9.8zb and 1.0.1i have landed in the unstable catalog. Thanks, Yann!

New OpenSSL security update

June 10th, 2014

After the horrible heartbleed blug, a new set of security vulnerabilities was recently found in OpenSSL and publicly disclosed on June, 5th. Although not as serious as heartbleed, one of these new vulnerabilities allows an attacker to perform a man-in-the-middle attack, so you are strongly advised to update to openssl 1.0.1h,REV=2014.06.06, which was released in unstable, kiel and bratislava repositories on June, 6th.

GCC 4.9.0 has been released

May 1st, 2014

We gladly announce the release of packages for GCC 4.9.0 for Solaris 10 Sparc and i386. Thanks Maciej!

Fix for OpenSSL vulnerability (Heartbleed bug)

April 9th, 2014

Our OpenSSL package was vulnerable to the recently discovered Heartbleed bug as described in CVE-2014-0160.
An updated package 1.0.1g,REV=2014.04.08 for OpenSSL 1.0.1g has been pushed to unstable, bratislava and kiel.

Wintercamp

April 9th, 2014

Twice a year, OpenCSW maintainers and contributors get together to work on packages, share experiences and discuss the future direction of the project. In this year’s winter camp at the University of Zurich the following issues were addressed:

  • Catalog cleanup
    During the cleanup 441 packages were removed. This process will be repeated every six months.
  • Introduce Buildbot for upstream projects
    To give upstream better feedback on the Solaris compatibility for upstream projects we now provide continuous builds for interested projects. One of the first projects to benefit from it was PCRE which had issues on Solaris in version 8.34. The recently released packages for PCRE 8.35 were a result of giving upstream constant feedback on the development state.
  • Presentation of new mirror infrastructure
    In the future, people will be redirected to their closest mirror using only one URL. This will be based on MirrorBrain.
  • Changes to the website
    The Website has been updated to the latest WordPress release and the layout of announcements was adjusted. Additionally there were some thoughts about a new website.

The next camp will be in the summer/fall.