[odc] Daily ports changes for 2006-03-25
ODC
auto at squish.net
Sun Mar 26 08:01:17 BST 2006
OpenBSD ports changes summary for 2006-03-25
============================================
mail mail/dspam
mail/hashcash net/curl
security/p5-Crypt-CBC sysutils
sysutils/iogen sysutils/pciutils
sysutils/sec
== mail ============================================================== 01/04 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/mail
mail
~ Makefile
> build the commonly used FLAVORs of dspam. (brad@)
dspam
~ pkg/PFRAG.mysql ~ pkg/PLIST
> sync plist with reality (todd@)
~ Makefile
> bump pkgname, gently reminded by strum@ (todd@)
hashcash
~ Makefile ~ distinfo
> SECURITY update to hashcash 1.21
> fix potential heap overflow bug reported by Andreas Seltenreich
> from Armin Wolfermann (maintainer) (steven@)
== net =============================================================== 02/04 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/net
curl
~ Makefile ~ distinfo
TAGGED OPENBSD_3_7
> MFC:
> SECURITY: Update to 7.15.3.
> Fixes TFTP packet buffer overflow vulnerability. (CVE-2006-1061) (sturm@)
~ Makefile ~ distinfo
TAGGED OPENBSD_3_8
> MFC:
> SECURITY: Update to 7.15.3.
> Fixes TFTP packet buffer overflow vulnerability. (CVE-2006-1061) (sturm@)
== security ========================================================== 03/04 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/security
p5-Crypt-CBC
~ Makefile ~ distinfo
TAGGED OPENBSD_3_7
> MFC:
> SECURITY update to Crypt::CBC 2.17
> Versions of this module prior to 2.17 were incorrectly
> using 8 byte IVs when generating the old-style RandomIV style header
> (as opposed to the new-style random salt header). This affects data
> encrypted using the Rijndael algorithm, which has a 16 byte blocksize,
> and is a significant security issue.
> The bug has been corrected in versions 2.17 and higher by making it
> impossible to use 16-byte block ciphers with RandomIV headers. You may
> still read legacy encrypted data by explicitly passing the
> -insecure_legacy_decrypt option to Crypt::CBC->new(). (sturm@)
~ Makefile ~ distinfo
TAGGED OPENBSD_3_8
> MFC:
> SECURITY update to Crypt::CBC 2.17
> Versions of this module prior to 2.17 were incorrectly
> using 8 byte IVs when generating the old-style RandomIV style header
> (as opposed to the new-style random salt header). This affects data
> encrypted using the Rijndael algorithm, which has a 16 byte blocksize,
> and is a significant security issue.
> The bug has been corrected in versions 2.17 and higher by making it
> impossible to use 16-byte block ciphers with RandomIV headers. You may
> still read legacy encrypted data by explicitly passing the
> -insecure_legacy_decrypt option to Crypt::CBC->new(). (sturm@)
== sysutils ========================================================== 04/04 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/sysutils
sysutils
~ Makefile
> +pciutils (matthieu@)
iogen
~ Makefile ~ src/iogen.8
> man page nit from Michael Knudsen <e at molioner dot dk>
> ok jmc (marco@)
pciutils
+ Makefile + distinfo
+ patches/patch-lib_pci_h + patches/patch-lib_Makefile
+ patches/patch-lib_configure + patches/patch-lib_obsd-device_c
+ patches/patch-lib_access_c + patches/patch-lib_internal_h
+ patches/patch-Makefile + pkg/PLIST
+ pkg/DESCR
> New import:
> Add pciutils, a library for portable access to PCI bus configuration
sec
~ Makefile ~ distinfo
> update to sec-2.3.3; from maintainer okan at demirmen.comvalchev@)
===============================================================================
More information about the odc
mailing list