Finally wget 1.16.2 has been released yesterday and I just pushed 1.16.2,REV=2015.03.01 to unstable/. This fixes CVE-2014-4877 (Absolute path traversal vulnerability).
In 2012, we wrote about the IPS repository being in the works. Unfortunately, we have done no progress on it. We’ve talked about IPS many times, and while people agree it’s a great idea to have an IPS repository, they are unable to devote time to it.
What’s needed for the IPS repo to happen? It is unlikely that any of the existing package maintainers pick this up. Somebody new needs to step up.
The closest existing thing is sfe.opencsw.org which is hosted in our domain, but it’s an entirely separate effort which shares no code with OpenCSW.
On Solaris 10, the minimum libc version for OpenCSW packages is 1.22.5. You can check it with:
pvs -no /usr/lib/libc.so
If your libc version is older than that, you need to patch / upgrade your Solaris installation before upgrading OpenCSW packages.
libc version 1.22.5 has been introduced in Solaris 10 update 8.
We are glad to announce the release of GCC 4.9.2 to unstable. Happy compiling!
Six months have passed since we’ve promoted ‘kiel’ to stable. It’s time for a new release. We’ve promoted the testing catalog ‘bratislava’ to stable, and created a new ‘munich’ catalog which has become the new testing.
The new stable catalog contains the patched CSWbash package.
Versions 0.9.8zb and 1.0.1i have landed in the unstable catalog. Thanks, Yann!
After the horrible heartbleed blug, a new set of security vulnerabilities was recently found in OpenSSL and publicly disclosed on June, 5th. Although not as serious as heartbleed, one of these new vulnerabilities allows an attacker to perform a man-in-the-middle attack, so you are strongly advised to update to openssl 1.0.1h,REV=2014.06.06, which was released in unstable, kiel and bratislava repositories on June, 6th.
We gladly announce the release of packages for GCC 4.9.0 for Solaris 10 Sparc and i386. Thanks Maciej!
Twice a year, OpenCSW maintainers and contributors get together to work on packages, share experiences and discuss the future direction of the project. In this year’s winter camp at the University of Zurich the following issues were addressed:
- Catalog cleanup
During the cleanup 441 packages were removed. This process will be repeated every six months.
- Introduce Buildbot for upstream projects
To give upstream better feedback on the Solaris compatibility for upstream projects we now provide continuous builds for interested projects. One of the first projects to benefit from it was PCRE which had issues on Solaris in version 8.34. The recently released packages for PCRE 8.35 were a result of giving upstream constant feedback on the development state.
- Presentation of new mirror infrastructure
In the future, people will be redirected to their closest mirror using only one URL. This will be based on MirrorBrain.
- Changes to the website
The Website has been updated to the latest WordPress release and the layout of announcements was adjusted. Additionally there were some thoughts about a new website.
The next camp will be in the summer/fall.