New Ports of the Week #27 (July 6)

Contributed by jason on 2008-07-07 from the record-yourself-smashing-salted-dates dept.

There are 6 new ports for the week of June 30 to July 6:

misc: dates
productivity: tasks
multimedia: recordmydesktop
security: p5-Crypt-SaltedHash
devel: acpica
games: csmash

Some ports had updates that users should be aware of.

Ports are listed in the order they were committed to the tree:

misc/dates
- Dates is a small, lightweight calendar, featuring an innovative, unified, zooming view and is designed primarily for use on hand-held devices.
productivity/tasks
- Tasks is a simple To Do list application that eschews complicated features for a lean interface and functionality that just does the right thing. It has a simple interface with little cruft around the list of tasks.
multimedia/recordmydesktop
- Recordmydesktop is a desktop session recorder that attempts to be easy to use, yet also effective at its primary task. It produces a file (default out.ogg) that contains a video and audio recording of a desktop session. The default behavior of recording is to mark areas that have changed and update the frame. This port includes the Gtk version of Recordmydesktop.
security/p5-Crypt-SaltedHash
- Crypt::SaltedHash is an object-oriented interface to create salted (or seeded) hashes of clear text data. The original formalization of this concept comes from RFC-3112 and is extended by the use of different digital agorithms.
devel/acpica
- The ACPI Component Architecture (ACPICA) project provides an operating system (OS)-independent reference implementation of the Advanced Configuration and Power Interface Specification (ACPI).
games/csmash
- Cannon Smash is a 3D table tennis game. The goal of the project is to provide a computer game rendition of table tennis that allows the use of various strategies available in the real game.

Port update notes:

net/nagios:
Update to nagios 3.0.3, includes segfault bugfixes against 3.0.2.
mail/smtp-vilter:
Fix a possible crash in the attachment filter.
x11/gnome/metacity:
Import a patch from GNOME bugzilla that fixes the vertical maximisation problem.
net/net-snmp:
Disable the kmem-related code, which is not 64-bit clean and causes problems on i386. This disables some useful MIBs, but until net-snmp can be fixed to use a better source for its information, it's needed. Some details are under "64bit nlist" on the net-snmp wiki page and in the various INSTALL.* files in the distribution.
audio/libsamplerate:
Updated to libsamplerate-0.1.4 to fix a "segfault when downsampling by an extremely small ratio".
security/hatchet:
Update to 0.9.1, fixes the epoch value stored in the database and column sorting in the CGI.
x11/xfe:
Small update to version 1.19.1. This release fixes some minor bugs and annoyances.
www/opera:
Update to 9.51, which includes various stability and security fixes. Most notably it fixed an issue where <canvas> functions could reveal data from random places in memory.
net/pidgin:
Update to pidgin-2.4.3. This fixes ICQ logins, crashes due to invalid Jabber id's, and various memory leaks.
www/mozilla-firefox:
Security update to mozilla-firefox-2.0.0.15, fixes MFSA 2008-33, MFSA 2008-32, MFSA 2008-31, MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25, MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, and MFSA 2008-21.
www/seamonkey:
Security update to seamonkey-1.1.10 Similar to mozilla-firefox update mentioned above.
devel/pcre:
Roll in a change from Gentoo Linux that fixes a heap-based buffer overflow (CVE-2008-2371).

(Comments are closed)

Comments

By Matthew Dempsky (2001:470:805a:1:21b:63ff:feca:36df) on 2008-07-07 19:20

Isn't that six new ports, not five? :-)
Comments
1. By jason (jason) on 2008-07-07 19:48 http://www.dixongroup.net/
  
  > Isn't that six new ports, not five? :-)
  
  Only if you count from one. Any seasoned OpenBSD user knows you always count from zero. For the sake of unity, I'll adapt to your enumeration style. ;)
  
  P.S. Thanks for catching that, fixed!
By Anonymous Coward (170.35.208.20) on 2008-07-07 21:00

Anybody know if they plan on including firefox 3 with the 4.4 release?
Comments
1. By Anonymous Coward (68.110.243.69) on 2008-07-07 23:17
  
  > Anybody know if they plan on including firefox 3 with the 4.4 release?
  
  So at some point, the tree locks (except for 'high priority' changes, which usually include significant crashing / security issues). That fact is usually posted on undeadly. If firefox 3 goes in before the ports tree locks, we have it, otherwise, no.
  
  Honestly, I'd guess no. The code tree has already locked, and since they just included an updated for firefox 2, it is likely that the effort has been to get that updated and not to get firefox 3 done. I want the update, too, but I'd rather wait until 4.5 so that it is done right than have it shoehorned in.
  Comments
  1. By Brad (206.51.28.2) brad at comstyle dot com on 2008-07-07 23:27
    
    > The code tree has already locked
    
    The src tree is not even close to being locked.
    
    Comments
    
    By Anonymous Coward (68.110.243.69) on 2008-07-08 01:29
    
    -- > The src tree is not even close to being locked.
    I don't mean to be contradictory, but is not beta-tagging the big first step in tree-locking?
    Perhaps beta in this instance is in the google sense? (I did think it was an early tagging of the beta, but there were mentions that it was because of the supposedly large amount of activity in this development cycle.)
    November is a long ways off, lots can still happen.
    
    Comments
    
    By Brad (206.51.28.2) brad at comstyle dot com on 2008-07-08 02:41
    
    > -- The src tree is not even close to being locked.
    >
    > I don't mean to be contradictory, but is not
    >
    > November is a long ways off, lots can still happen.
    
    Usually it is, but in this case the tree was moved to this stage much earlier than usual. A soft lock is still a ways away.
    
    Comments
    
    By Loki (218.214.194.113) on 2008-07-08 04:25
    
    > > -- The src tree is not even close to being locked.
    > >
    > > I don't mean to be contradictory, but is not
    > >
    > > November is a long ways off, lots can still happen.
    >
    > Usually it is, but in this case the tree was moved to this stage much earlier than usual. A soft lock is still a ways away.
    
    So (me says hopefully) we can ALL do lots more testing as time goes by.
    
    For we lesser mortals it is probably the best way to contribute to a high quality 4.4 release.
    
    Test early and test often. Ports and packages too.
By Anonymous Coward (81.169.155.246) on 2008-07-07 23:35

Because somebody mentioned Mozilla Firefox 3 (well support for 2 ends some day anyway) I like to point out that some maybe less offen used ports would need also updates like the xvid port (buffer overflow).

So if there are people with time it would be cool if the community could assist somehow. I lack the time myself during biz-foo but I would help testing if I could. :'-/

Some ports (quick view only) wich may do need such a review:

xvid, hydra, thc amap, john (1.7.2 has sse2 I read).
screen did not proivded a update after the disclosure of the ctrl-a-c bug reported on milw0rm yet. anybody knows anything if they consider to fix it?
Comments
1. By Anonymous Coward (76.250.126.209) on 2008-07-08 02:53
  
  Is that you sebastian rother?
  Comments
  1. By Anonymous Coward (213.221.123.174) on 2008-07-08 08:47
    
    > Is that you sebastian rother?
    
    Who care who he is? At least he is correct about what he said.
    Also nessus seams to be outdated and could get replaced by OpenVAS.
    
    As long as people care who somebody is noting gets done.
    stfu and hack
    
    Comments
    
    By Brad (206.51.28.2) brad at comstyle dot com on 2008-07-08 10:45
    
    > > Is that you sebastian rother?
    >
    > Who care who he is? At least he is correct about what he said.
    > Also nessus seams to be outdated and could get replaced by OpenVAS.
    
    There is a big difference between it would be nice if these ports were updated and these ports *need* updating. Most of the ports mentioned do not *need* updating at all with the exception being xvidcore and screen.
    
    > As long as people care who somebody is noting gets done.
    > stfu and hack
    
    Things get done when people send in diffs or file proper PRs instead of whining on mailing lists or on undeady.
    
    Comments
    
    By Anonymous Coward (213.221.123.174) on 2008-07-08 11:36
    
    > There is a big difference between it would be nice if these ports were updated and these ports *need* updating. Most of the ports mentioned do not *need* updating at all with the exception being xvidcore and screen.
    
    Well my personal oppinion is, that you should not judge others for their english skills. How good is your german or frensh or any other language?
    
    So don't be so hard if it deals with a "should" or "could" or "would".
    At least I would not be that hard because you might would do the same misstake in other languages very easily (except C of course. :p)
    
    But let me check your comments that some ports do not need a update.
    OpenVAS looks better then nessus, from this point of view nessus is obsulate. I did not checked if the new nessus versions do fix anything serious.
    
    Hydra fixed a mem leak, amap a SSL-deadlock,
    JtR 1.7.2 was also developed on OpenBSD/AMD64 (SSE2 code) and does not realy fix anything but speeds up password testing about 50% (MD5 here).
    
    Well except of playing this "this software release has usefull updates"-game I think his intention was more to point out that more and more new ports get added and others are not realy maintained anymore.
    
    I wont join any party here but that's how it also could get understand.
    
    > Things get done when people send in diffs or file proper PRs instead of whining on mailing lists or on undeady.
    
    Well if I google for the name you mentioned + john the ripper I do find him. I would not say he did nothing. Not much maybe but not nothing either.
    
    And about reports: quick search with search.com:
    http://www.mail-archive.com/ports@openbsd.org/msg01876.html
    
    I don't know about his average but this does look ok.
    
    Anyway either you both stfu or talk to each other in private.
    I personaly hope to find some time to may check for some outdated ports.
    Maybe some of you joins in case you're not too busy with bashing each others. Isn't it what Theo says? "Stfu and code.." :)
    
    So we all can spend time to bashing or simply doing things.
    
    Comments
    
    By Anonymous Coward (143.166.226.42) on 2008-07-08 13:38
    
    Here is an idea, you don't get to tell us what to do with our spare time. If you want it updated, send in a patch, if you don't want to or don't have the skills you get to shut up. Beggars can't be choosers.

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (9)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (2)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]