[OpenBSD]本周ports更新[6月29日]

young_king

                               
大家比较感兴趣的可能是下面几个软件：
PHP升级到5.2.10版本；nginx升级到0.7.60版本；phpMyAdmin升级到3.2.0版本；

MySQL升级到5.0.83版本。

下面是更新/升级明细：
There were 5 new ports for the week of June 22 to June 28:

• databases:
        
  • 
    pear-MDB2-mysqli
    
  • 
    pear-MDB2-sqlite
    
  
     
• devel:
        
  • 
    p5-Devel-ebug
    
  
     
• editors:
        
  • 
    texworks
    
  
     
• lang:
        
  • 
    llvm-gcc4
    
  
     

Some ports had
updates
that users should be aware of; no port was removed. Some patches were
backported
to the
4.5-stable
branch.
                       
                       
New ports, listed in the order they were committed to the tree:

• 
  databases/pear-MDB2-mysqli
        
  • This is the MySQLi MDB2 driver for pear-MDB2.
  
     
• 
  databases/pear-MDB2-sqlite
        
  • This is the SQLite MDB2 driver for pear-MDB2.
  
     
• 
  devel/p5-Devel-ebug
        
  • Devel::ebug
    is a simple, extensible Perl debugger with a clean API. Using this
    module, you may easily write a Perl debugger to debug your programs.
    Alternatively, it comes with an interactive debugger, ebug.
  
     
• 
  editors/texworks
        
  • The
    TeXworks
    project is an effort to build a simple TeX front-end program (working
    environment) that will be available for all today's major desktop
    operating systems-in particular, MS Windows (XP and Vista), typical
    GNU/Linux distros and other X11-based systems, and Mac OS X. It is
    deliberately modeled on Dick Koch's award-winning TeXShop for Mac OS X,
    which is credited with a resurgence of TeX usage on the Mac platform.
  
     
• 
  lang/llvm-gcc4
        
  • 
    lvm-gcc
    is the LLVM C front end. It is a modified version of gcc that compiles
    C/C++/ObjC programs into native objects, LLVM bitcode or LLVM assembly
    language, depending upon the options. By default, llvm-gcc compiles to
    native objects just like GCC does. If the -emit-llvm option is given
    then it will generate LLVM bitcode files instead. If -S (assembly) is
    also given, then it will generate LLVM assembly. Being derived from the
    GNU Compiler Collection, llvm-gcc has many of gcc's features and
    accepts most of gcc's options. It handles a number of gcc's extensions
    to the C programming language.
    Note: it is not yet linked to the build. This is a work in
    progress, largely based on the gcc port in ports/lang/gcc/4.2. It's
    somewhat usable on i386 (shared lib versions not yet properly under
    control). Build on amd64 currently fails with -fPIC problems.
  
     

Updated ports that users should be aware of:

• devel:
        
  • 
    devel/git
    , from git-1.6.3.2 to git-1.6.3.3.
  
     
• emulators:
        
  • 
    emulators/bochs
    , from bochs-2.3.7 to bochs-2.4.1.
  
     
• graphics:
        
  • 
    graphics/tiff
    got a security fix for for for
    SA35515
    (LibTIFF LZWDecodeCompat() Buffer Underflow Vulnerability).
  
     
• mail:
        
  • 
    mail/mozilla-thunderbird
    , from mozilla-thunderbird-2.0.0.21 to mozilla-thunderbird-2.0.0.22.
    Security update. See
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html#thunderbird2.0.0.22
    .)
  • 
    mail/thunderbird-i18n
    , from thunderbird-i18n-2.0.0.21 to thunderbird-i18n-2.0.0.22.
  
     
• net:
        
  • 
    net/irssi
    got a security patch to fix
    CVE-2009-1959
    (out of bounds access in irc event_wallops()).
  • 
    net/pidgin
    , from pidgin-2.5.6 to pidgin-2.5.7.
  • 
    net/powerdns
    , from powerdns-2.9.21.2 to powerdns-2.9.22.
    The port has been improved (included modules, which are no more
    breaked), LDAP support has been enabled, and the MySQL backend has been
    tested (but this is not yet the case for the other backends).
  
     
• www:
        
  • 
    www/php5
    , from php5-core-5.2.9 to php5-core-5.2.10.
    Security fix for
    bug #48378
    (exif_read_data() segfaults on certain corrupted .jpeg files).
  • 
    www/firefox35
    has been linked to the build.
  • 
    www/seamonkey
    , from seamonkey-1.1.16 to seamonkey-1.1.17.
    Security fix to MFSA 2009-33, MFSA 2009-32, MFSA 2009-29, MFSA 2009-27, MFSA 2009-26, MFSA 2009-24, MFSA 2009-21 and MFSA 2009-17 (see
    http://www.mozilla.org/security/announce/
    ).
  • 
    www/nginx
    , from nginx-0.7.59 to nginx-0.7.60.
    This update adds also the IPv6 support.
  
     

Patches backported to the 4.5-stable branch:

• 
  www/phpmyadmin
  "Setup script used to generate configuration can be fooled using a
  crafted POST request to include arbitrary PHP code in generated
  configuration file. Combined with ability to save files on server, this
  can allow unauthenticated users to execute arbitrary PHP code." See
  http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
  .
• 
  net/ntp
  Fix remote exploit if autokey is enabled (
  CVE-2009-1252
  ). Prevent a buffer overflow in ntpq (
  CVE-2009-0159
  ).
  
• 
  www/apache-httpd
  Lots of bugfixes and a security fix for
  CVE-2008-2939
  .
• 
  security/cyrus-sasl2
  Resolve
  CVE-2009-0688
  (unsafe use of sasl_encode64()).
• 
  databases/mysql
  Bugfix update.
• 
  print/cups
  Resolve these, from debian:
  CVE-2007-4351
  ,
  CVE-2007-5849
  ,
  CVE-2007-6358
  ,
  CVE-2008-0047
  ,
  CVE-2008-0053
  ,
  CVE-2008-0882
  ,
  CVE-2008-1373
  ,
  CVE-2008-1722
  (plus integer overflow patch from L2974: _cupsImageReadPNG()),
  CVE-2008-3639
  ,
  CVE-2008-3640
  ,
  CVE-2008-3641
  (without SP_select_pen() in
  STR #2911
  , and fix an additional off-by-one (
  STR #2966
  )),
  CVE-2009-0163
  ,
  CVE-2009-0949
  .

               
               
               
               
               
               
               

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u2/81136/showart_1986728.html