Apache 2.4.12 32/64bit available

June 24th, 2015

Apache 2.4.12 is pushed to unstable. This is the first apache package which contains also 64bit binaries. To activate the 64bit version run:

# svccfg -s cswapache24 'setprop general/enable_64bit = true'

wget 1.16.2

March 1st, 2015

Finally wget 1.16.2 has been released yesterday and I just pushed 1.16.2,REV=2015.03.01 to unstable/. This fixes CVE-2014-4877 (Absolute path traversal vulnerability).

No progress on the IPS repository

January 11th, 2015

In 2012, we wrote about the IPS repository being in the works. Unfortunately, we have done no progress on it. We’ve talked about IPS many times, and while people agree it’s a great idea to have an IPS repository, they are unable to devote time to it.

What’s needed for the IPS repo to happen? It is unlikely that any of the existing package maintainers pick this up. Somebody new needs to step up.

The closest existing thing is sfe.opencsw.org which is hosted in our domain, but it’s an entirely separate effort which shares no code with OpenCSW.

Minimum libc version is 1.22.5

December 14th, 2014

On Solaris 10, the minimum libc version for OpenCSW packages is 1.22.5. You can check it with:

pvs -no /usr/lib/libc.so

If your libc version is older than that, you need to patch / upgrade your Solaris installation before upgrading OpenCSW packages.

libc version 1.22.5 has been introduced in Solaris 10 update 8.

GCC 4.9.2 released

November 25th, 2014

We are glad to announce the release of GCC 4.9.2 to unstable. Happy compiling!

New stable release: bratislava

September 29th, 2014

Six months have passed since we’ve promoted ‘kiel’ to stable. It’s time for a new release. We’ve promoted the testing catalog ‘bratislava’ to stable, and created a new ‘munich’ catalog which has become the new testing.

The new stable catalog contains the patched CSWbash package.

original announcement

Yet another OpenSSL security update

August 10th, 2014

Versions 0.9.8zb and 1.0.1i have landed in the unstable catalog. Thanks, Yann!

New OpenSSL security update

June 10th, 2014

After the horrible heartbleed blug, a new set of security vulnerabilities was recently found in OpenSSL and publicly disclosed on June, 5th. Although not as serious as heartbleed, one of these new vulnerabilities allows an attacker to perform a man-in-the-middle attack, so you are strongly advised to update to openssl 1.0.1h,REV=2014.06.06, which was released in unstable, kiel and bratislava repositories on June, 6th.

GCC 4.9.0 has been released

May 1st, 2014

We gladly announce the release of packages for GCC 4.9.0 for Solaris 10 Sparc and i386. Thanks Maciej!

Fix for OpenSSL vulnerability (Heartbleed bug)

April 9th, 2014

Our OpenSSL package was vulnerable to the recently discovered Heartbleed bug as described in CVE-2014-0160.
An updated package 1.0.1g,REV=2014.04.08 for OpenSSL 1.0.1g has been pushed to unstable, bratislava and kiel.