[odc] Daily ports changes for 2002-10-01
ODC
auto at squish.net
Wed Oct 2 08:00:34 BST 2002
OpenBSD ports changes summary for 2002-10-01
============================================
archivers/gtar audio/wmtune
comms/xcept infrastructure/build
japanese/Wnn lang/egcs
net/lftp net/ntp
net/wmnet
== archivers ========================================================= 01/07 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/archivers
gtar
+ patches/patch-src_misc_c + patches/patch-src_extract_c
~ Makefile
> Fix a directory traversal vulnerability in GNU tar 1.13.25 which allows
> attackers to overwrite arbitrary files durring extraction via a ".."
> in an extracted filename.
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0399 (brad@)
== audio ============================================================= 02/07 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/audio
wmtune
~ patches/patch-src_wmtune_c ~ Makefile
> For the zoltrix flavor where this is installed setuid (for a sysarch()
> call...
> to get access for direct I/O port access) only run as root for that small
> amount of code; from maintainer Vladimir Popov
> XXX this should probably be changed later (pvalchev@)
== comms ============================================================= 03/07 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/comms
xcept
~ pkg/MESSAGE ~ patches/patch-ceptd_Makefile
~ Makefile
> This ridiculous port installs the daemon 'ceptd' as setuid root and advises
> to be run as root via inetd, while it really only needs access to the modem
> It also needs INSTALL/DEINSTALL scripts to handle the configuration files,
> etc. Try to bring it to a usable state, and advise the user to run it
> as follows:
> xcept stream tcp nowait xcept ${PREFIX}/libexec/ceptd ceptd
> After creating a 'xcept' user belonging in group 'dialer'. And, no
> longer install this setuid root, which is really not needed.
> XXX The user creation and the configuration files installation should
> be automatic, but this will have to do for now and help the users.
> (pvalchev@)
== infrastructure ==================================================== 04/07 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/infrastructure
build
~ resolve-lib
> Protect against meta-characters in library names (e.g. "libestdc++").
> Mostly from pvalchev@ (naddy@)
== japanese ========================================================== 05/07 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/japanese
Wnn
+ pkg/MESSAGE
> Advise users against using this since it installs a setuid root
> executable and no one has the time to currently check this; ok naddy
> (pvalchev@)
== lang ============================================================== 06/07 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/lang
egcs
~ stable/pkg/DESCR
> Sync version number.
> From: David Krause <openbsd at davidkrause.comnaddy@)
== net =============================================================== 07/07 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/net
lftp
+ patches/patch-src_Resolver_cc ~ distinfo
~ Makefile
> - Fix CNAME resolving problem; IPv6 testing by henning@
> - Add mirrors, switch to .bz2 because older distfiles are only preserved
> in this format.
> From: Nick Nauwelaerts <nick at wanadoo.benaddy@)
ntp
~ Makefile
> Fix install by not triggering a secondary configure run.
> Problem reported by J.A. Neitzel <jneitzel at sdf.lonestar.org > analyzed by danh@, this fix from me. (naddy@)
wmnet
+ patches/patch-wmnet_h + patches/patch-wmnet_c
+ patches/patch-drivers_c ~ Makefile
> Make this work again on -current; from maintainer Vladimir Popov
> bump PKGNAME (pvalchev@)
===============================================================================
More information about the odc
mailing list