[odc] Daily ports changes for 2002-10-01

ODC auto at squish.net
Wed Oct 2 08:00:34 BST 2002


OpenBSD ports changes summary for 2002-10-01
============================================

archivers/gtar                          audio/wmtune
comms/xcept                             infrastructure/build
japanese/Wnn                            lang/egcs
net/lftp                                net/ntp
net/wmnet                               

== archivers ========================================================= 01/07 ==

  http://www.openbsd.org/cgi-bin/cvsweb/ports/archivers

gtar

  + patches/patch-src_misc_c              + patches/patch-src_extract_c
  ~ Makefile                              

  > Fix a directory traversal vulnerability in GNU tar 1.13.25 which allows
  > attackers to overwrite arbitrary files durring extraction via a ".."
  > in an extracted filename.
  > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0399 (brad@)

== audio ============================================================= 02/07 ==

  http://www.openbsd.org/cgi-bin/cvsweb/ports/audio

wmtune

  ~ patches/patch-src_wmtune_c            ~ Makefile

  > For the zoltrix flavor where this is installed setuid (for a sysarch()
  > call...
  > to get access for direct I/O port access) only run as root for that small
  > amount of code; from maintainer Vladimir Popov
  > XXX this should probably be changed later (pvalchev@)

== comms ============================================================= 03/07 ==

  http://www.openbsd.org/cgi-bin/cvsweb/ports/comms

xcept

  ~ pkg/MESSAGE                           ~ patches/patch-ceptd_Makefile
  ~ Makefile                              

  > This ridiculous port installs the daemon 'ceptd' as setuid root and advises
  > to be run as root via inetd, while it really only needs access to the modem
  > It also needs INSTALL/DEINSTALL scripts to handle the configuration files,
  > etc.  Try to bring it to a usable state, and advise the user to run it
  > as follows:
  > xcept   stream  tcp     nowait  xcept   ${PREFIX}/libexec/ceptd ceptd
  > After creating a 'xcept' user belonging in group 'dialer'.	And, no
  > longer install this setuid root, which is really not needed.
  > XXX The user creation and the configuration files installation should
  > be automatic, but this will have to do for now and help the users.
  > (pvalchev@)

== infrastructure ==================================================== 04/07 ==

  http://www.openbsd.org/cgi-bin/cvsweb/ports/infrastructure

build

  ~ resolve-lib                           

  > Protect against meta-characters in library names (e.g. "libestdc++").
  > Mostly from pvalchev@ (naddy@)

== japanese ========================================================== 05/07 ==

  http://www.openbsd.org/cgi-bin/cvsweb/ports/japanese

Wnn

  + pkg/MESSAGE                           

  > Advise users against using this since it installs a setuid root
  > executable and no one has the time to currently check this; ok naddy
  > (pvalchev@)

== lang ============================================================== 06/07 ==

  http://www.openbsd.org/cgi-bin/cvsweb/ports/lang

egcs

  ~ stable/pkg/DESCR                      

  > Sync version number.
  > From: David Krause <openbsd at davidkrause.comnaddy@)

== net =============================================================== 07/07 ==

  http://www.openbsd.org/cgi-bin/cvsweb/ports/net

lftp

  + patches/patch-src_Resolver_cc         ~ distinfo
  ~ Makefile                              

  > - Fix CNAME resolving problem; IPv6 testing by henning@
  > - Add mirrors, switch to .bz2 because older distfiles are only preserved
  > in this format.
  > From: Nick Nauwelaerts <nick at wanadoo.benaddy@)

ntp

  ~ Makefile                              

  > Fix install by not triggering a secondary configure run.
  > Problem reported by J.A. Neitzel <jneitzel at sdf.lonestar.org  > analyzed by danh@, this fix from me. (naddy@)

wmnet

  + patches/patch-wmnet_h                 + patches/patch-wmnet_c
  + patches/patch-drivers_c               ~ Makefile

  > Make this work again on -current; from maintainer Vladimir Popov
  > bump PKGNAME (pvalchev@)

===============================================================================




More information about the odc mailing list