From RHabichtsberg at arz-emmendingen.de Wed Jul 6 11:21:01 2016 From: RHabichtsberg at arz-emmendingen.de (Habichtsberg, Reinhard) Date: Wed, 6 Jul 2016 09:21:01 +0000 Subject: wget Vulnerability Message-ID: <6D4C51DC6408EE4886DA5CDB55F569C762C79D@vm-exm-03.Rm1.dom.local> Hi all, Sorry, I'm new here. May I ask a question in this list: There is a vulnerability issue with wget (see below pls.). Newest wget in opencsw is GNU Wget 1.16.3. Is it intended to release a fixed version of wget here soon? Generally asked: Is there any process that ensures the fix of security issues in the opencsw project? ----------------------------------------------------------------------------------------- >From SB16-186: Vulnerability Summary for the Week of June 27, 2016 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information Vulnerability Summary for CVE-2016-4971 Original release date: 06/30/2016 Last revised: 07/01/2016 Source: US-CERT/NIST Overview GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. --------------------------------------------------------------------------------------------- TIA, Reinhard -------------- next part -------------- An HTML attachment was scrubbed... URL: From jh at opencsw.org Wed Jul 6 14:45:54 2016 From: jh at opencsw.org (Jan Holzhueter) Date: Wed, 6 Jul 2016 14:45:54 +0200 Subject: wget Vulnerability In-Reply-To: <6D4C51DC6408EE4886DA5CDB55F569C762C79D@vm-exm-03.Rm1.dom.local> References: <6D4C51DC6408EE4886DA5CDB55F569C762C79D@vm-exm-03.Rm1.dom.local> Message-ID: Hi Am 06.07.16 um 11:21 schrieb Habichtsberg, Reinhard: > Hi all, > > > > Sorry, I?m new here. May I ask a question in this list: There is a > vulnerability issue with wget (see below pls.). Newest wget in opencsw > is GNU Wget 1.16.3. Is it intended to release a fixed version of wget > here soon? > new version in unstable now > > > Generally asked: Is there any process that ensures the fix of security > issues in the opencsw project? we don't monitor security updates (unless it's openssl etc bugs which you find in mainstream news) do to lack of time. So best way is just to make us aware of a bug and we try to create a updated package. Greetings Jan From dam at opencsw.org Mon Jul 11 14:20:32 2016 From: dam at opencsw.org (Dagobert Michelsen) Date: Mon, 11 Jul 2016 14:20:32 +0200 Subject: pixman / tls link time issue In-Reply-To: <577CBEAC.1070802@opencsw.org> References: <57691B84.6090406@opencsw.org> <9057996E-E53B-460C-B86B-380DD4CC5E27@opencsw.org> <576A8A8C.6030507@opencsw.org> <577A18A4.9000103@opencsw.org> <63EBF0A7-50BA-428A-8B22-DB0867AB7880@opencsw.org> <577CBEAC.1070802@opencsw.org> Message-ID: <5774AB5C-F8F0-4BBA-89C9-34F5E076FD7C@opencsw.org> Hi Riccardo, Am 06.07.2016 um 10:17 schrieb Riccardo Mottola : > Dagobert Michelsen wrote: >> Hi Riccardo, >> >> Am 04.07.2016 um 10:04 schrieb Riccardo Mottola: >>> >the pixman package would be "yours".. I'd like to fix it, cane we collaborate? I don't want to hurt anyone feet. >> Sure, in general I don?t mind at all unless you break it;-) > > Let's fix it in case :) I try to be careful.. aftger all we are few people and the receipes seems to "age" and break with time. > In this case however, a reebuild shows the issue, but also the old package was already broken on soloaris9, so I just discovered an issue, didn't break anything yet. > > I did a minor commit to bring up-todate. I removed the and added architectures. > > How do I fix this, on the x86 version? > > gmake[1]: Leaving directory `/home/rmottola/opencsw/pixman/trunk' > gmake[1]: Entering directory `/home/rmottola/opencsw/pixman/trunk' > /home/rmottola/opencsw/.buildsys/v2/gar//gar.conf.mk:559: *** The ISA 'amd64' can not be build on this kernel with the arch 'i386'. Stop. > gmake[1]: Leaving directory `/home/rmottola/opencsw/pixman/trunk' > > I thought it was implied that solaris9x can't build AMD64! > > BUILD64_LIBS_ONLY = 1 > > Is correct, IIRC! Yes. The building is a bit complex: in the early days when we had packages for Solaris 8 and 9 there was a trick to allow using the packages on Solaris 10 by adding the amd64 binaries built on Solaris 10 on Solaris 8 and 9 packages. As they were not used on 8 and 9 this won?t do any harm but the package could be used anyway on Solaris 10 with full functionality. Now that we have enough disk space and Solaris 8 and 9 are old and we always have additional Solaris 10 packages this behaviour is considered ?legacy? and no amd64 should be included on Solaris 8 and 9 x86 any more. If solaris10-i386 is in PACkAGING_PLATFORMS then this is a bug in GAR. >> What happens? > > On solaris9 sparc, after the succesful build, to an ldd: > > ldd -r work/solaris9-sparc/build-isa-sparcv9/pixman-0.22.2/pixman/.libs/libpixman-1.so > /usr/lib/secure/64/s9_preload.so.1 > libm.so.1 => /usr/lib/64/libm.so.1 > libc.so.1 => /usr/lib/64/libc.so.1 > libdl.so.1 => /usr/lib/64/libdl.so.1 > /usr/platform/SUNW,SPARC-Enterprise-T5220/lib/sparcv9/libc_psr.so.1 > symbol not found: __tls_get_addr (work/solaris9-sparc/build-isa-sparcv9/pixman-0.22.2/pixman/.libs/libpixman-1.so) > > ldd -r work/solaris9-sparc/build-isa-sparcv8/pixman-0.22.2/pixman/.libs/libpixman-1.so > /usr/lib/secure/s9_preload.so.1 > libm.so.1 => /usr/lib/libm.so.1 > libc.so.1 => /usr/lib/libc.so.1 > libdl.so.1 => /usr/lib/libdl.so.1 > /usr/platform/SUNW,SPARC-Enterprise-T5220/lib/libc_psr.so.1 > symbol not found: __tls_get_addr (work/solaris9-sparc/build-isa-sparcv8/pixman-0.22.2/pixman/.libs/libpixman-1.so) > > > On the partial build on solaris9x, where i386 built, it is consistent: > ldd -r work/solaris9-i386/build-isa-i386/pixman-0.22.2/pixman/.libs/libpixman-1.so > libm.so.1 => /usr/lib/libm.so.1 > libc.so.1 => /usr/lib/libc.so.1 > libdl.so.1 => /usr/lib/libdl.so.1 > symbol not found: ___tls_get_addr (work/solaris9-i386/build-isa-i386/pixman-0.22.2/pixman/.libs/libpixman-1.so) > > As a test, I compiled everything with GCC - but I get the same error. > Perhaps we are missing some linker flag? I tried to look on the internet, other had this problem also on non-solaris, but found no solutions. > > I'm weary to update pixman: I don't want to enter a dependency hell updating stuff on solaris9. First rebuilding this package "fixed" would be preferrable! > > A "fresh" rebuild on solaris10s is perfectly fine... > > ldd -r work/solaris10-sparc/build-isa-sparcv9/pixman-0.22.2/pixman/.libs/libpixman-1.so > libm.so.2 => /lib/64/libm.so.2 > libc.so.1 => /lib/64/libc.so.1 > /platform/SUNW,SPARC-Enterprise-T5220/lib/sparcv9/libc_psr.so.1 You need to get deeper in multithreading on Solaris 9, I haven?t looked into it in more detail, feel free to do more investigation. Best regards ? Dago -- "You don't become great by trying to be great, you become great by wanting to do something, and then doing it so hard that you become great in the process." - xkcd #896 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From dam at opencsw.org Mon Jul 11 19:42:13 2016 From: dam at opencsw.org (Dagobert Michelsen) Date: Mon, 11 Jul 2016 19:42:13 +0200 Subject: pixman / tls link time issue In-Reply-To: <5774AB5C-F8F0-4BBA-89C9-34F5E076FD7C@opencsw.org> References: <57691B84.6090406@opencsw.org> <9057996E-E53B-460C-B86B-380DD4CC5E27@opencsw.org> <576A8A8C.6030507@opencsw.org> <577A18A4.9000103@opencsw.org> <63EBF0A7-50BA-428A-8B22-DB0867AB7880@opencsw.org> <577CBEAC.1070802@opencsw.org> <5774AB5C-F8F0-4BBA-89C9-34F5E076FD7C@opencsw.org> Message-ID: Hi Riccardo, Am 11.07.2016 um 14:20 schrieb Dagobert Michelsen : >>> What happens? >> >> On solaris9 sparc, after the succesful build, to an ldd: >> >> ldd -r work/solaris9-sparc/build-isa-sparcv9/pixman-0.22.2/pixman/.libs/libpixman-1.so >> /usr/lib/secure/64/s9_preload.so.1 >> libm.so.1 => /usr/lib/64/libm.so.1 >> libc.so.1 => /usr/lib/64/libc.so.1 >> libdl.so.1 => /usr/lib/64/libdl.so.1 >> /usr/platform/SUNW,SPARC-Enterprise-T5220/lib/sparcv9/libc_psr.so.1 >> symbol not found: __tls_get_addr (work/solaris9-sparc/build-isa-sparcv9/pixman-0.22.2/pixman/.libs/libpixman-1.so) >> >> ldd -r work/solaris9-sparc/build-isa-sparcv8/pixman-0.22.2/pixman/.libs/libpixman-1.so >> /usr/lib/secure/s9_preload.so.1 >> libm.so.1 => /usr/lib/libm.so.1 >> libc.so.1 => /usr/lib/libc.so.1 >> libdl.so.1 => /usr/lib/libdl.so.1 >> /usr/platform/SUNW,SPARC-Enterprise-T5220/lib/libc_psr.so.1 >> symbol not found: __tls_get_addr (work/solaris9-sparc/build-isa-sparcv8/pixman-0.22.2/pixman/.libs/libpixman-1.so) >> >> >> On the partial build on solaris9x, where i386 built, it is consistent: >> ldd -r work/solaris9-i386/build-isa-i386/pixman-0.22.2/pixman/.libs/libpixman-1.so >> libm.so.1 => /usr/lib/libm.so.1 >> libc.so.1 => /usr/lib/libc.so.1 >> libdl.so.1 => /usr/lib/libdl.so.1 >> symbol not found: ___tls_get_addr (work/solaris9-i386/build-isa-i386/pixman-0.22.2/pixman/.libs/libpixman-1.so) >> >> As a test, I compiled everything with GCC - but I get the same error. >> Perhaps we are missing some linker flag? I tried to look on the internet, other had this problem also on non-solaris, but found no solutions. >> >> I'm weary to update pixman: I don't want to enter a dependency hell updating stuff on solaris9. First rebuilding this package "fixed" would be preferrable! >> >> A "fresh" rebuild on solaris10s is perfectly fine... >> >> ldd -r work/solaris10-sparc/build-isa-sparcv9/pixman-0.22.2/pixman/.libs/libpixman-1.so >> libm.so.2 => /lib/64/libm.so.2 >> libc.so.1 => /lib/64/libc.so.1 >> /platform/SUNW,SPARC-Enterprise-T5220/lib/sparcv9/libc_psr.so.1 > > You need to get deeper in multithreading on Solaris 9, I haven?t looked into it > in more detail, feel free to do more investigation. The symbol is defined in /usr/lib/lwp/libthread.so.1 > dam at unstable9x :/home/dam/mgar/pkg/pixman/trunk > nm -D /usr/lib/lwp/libthread.so.1 | grep __tls_get_addr > [391] | 84304| 45|FUNC |GLOB |0 |10 |___tls_get_addr > [364] | 84288| 61|FUNC |GLOB |0 |10 |__tls_get_addr Please see also threads(3thr) and the documentation from the Multithreading Programming Guide at https://docs.oracle.com/cd/E19455-01/806-5257/6je9h033l/index.html We had a wrapper around pigz, please see the comments: > dam at unstable9x :/home/dam/mgar/pkg > more pigz/trunk/files/pigz-wrapper > #!/bin/sh > > # Needed on native Solaris 8 > # See http://www.opencsw.org/bugtrack/view.php?id=3879 > # and http://developers.sun.com/solaris/articles/alt_thread_lib.html > # Unfortunately the path can not be compiled an as libthread.so.1 > # gets pulled in from the pthread library which brings in his own > # ideas of link path ordering. > LD_LIBRARY_PATH=/usr/lib/lwp > export LD_LIBRARY_PATH > exec /opt/csw/libexec/pigz "$@? Adding this explicitly to the testsuite works: > dam at unstable9x :/home/dam/mgar/pkg/pixman/trunk/work/solaris9-i386/build-isa-i386/pixman-0.22.2/test > LD_PRELOAD_32=/usr/lib/lwp/libthread.so.1 ./a1-trap-test > dam at unstable9x :/home/dam/mgar/pkg/pixman/trunk/work/solaris9-i386/build-isa-i386/pixman-0.22.2/test > > ^??? No error! Howver, neither adding -R/usr/lib/lwp as suggested from the docs works nor using POSIX threads by adding an extra -lpthread. Feel free to continue from here. Best regards ? Dago -- "You don't become great by trying to be great, you become great by wanting to do something, and then doing it so hard that you become great in the process." - xkcd #896 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: From ymarsh at stagestores.com Mon Jul 18 20:16:18 2016 From: ymarsh at stagestores.com (Yolanda Craven Marsh) Date: Mon, 18 Jul 2016 18:16:18 +0000 Subject: sendmail 8.15.1 Message-ID: I have downloaded sendmail 8.15.1, but I am unable to authenticate. I'm wondering if anyone else has had the issue. It looked like this version was compiled with SASL support. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jgoerzen at opencsw.org Mon Jul 18 21:40:45 2016 From: jgoerzen at opencsw.org (jgoerzen) Date: Mon, 18 Jul 2016 12:40:45 -0700 Subject: sendmail 8.15.1 In-Reply-To: References: Message-ID: On 07/18/2016 11:16 AM, Yolanda Craven Marsh wrote: > > I have downloaded sendmail 8.15.1, but I am unable to authenticate. > I?m wondering if anyone else has had the issue. It looked like this > version was compiled with SASL support. > Hello, You might need to create the file /opt/csw/lib/sasl2/Sendmail.conf with the contents something like: pwcheck_method: saslauthd mech_list: PLAIN LOGIN saslauthd_path: /var/opt/csw/saslauthd/mux Best regards, Jake -------------- next part -------------- An HTML attachment was scrubbed... URL: From ymarsh at stagestores.com Mon Jul 18 21:47:09 2016 From: ymarsh at stagestores.com (Yolanda Craven Marsh) Date: Mon, 18 Jul 2016 19:47:09 +0000 Subject: sendmail 8.15.1 In-Reply-To: References:

Message-ID: Thank you for the response. I have tried the below, but the mail still won't relay because it can't authenticate. From: users [mailto:users-bounces+ymarsh=stagestores.com at lists.opencsw.org] On Behalf Of jgoerzen Sent: Monday, July 18, 2016 2:41 PM To: users at lists.opencsw.org Subject: Re: sendmail 8.15.1 On 07/18/2016 11:16 AM, Yolanda Craven Marsh wrote: I have downloaded sendmail 8.15.1, but I am unable to authenticate. I'm wondering if anyone else has had the issue. It looked like this version was compiled with SASL support. Hello, You might need to create the file /opt/csw/lib/sasl2/Sendmail.conf with the contents something like: pwcheck_method: saslauthd mech_list: PLAIN LOGIN saslauthd_path: /var/opt/csw/saslauthd/mux Best regards, Jake -------------- next part -------------- An HTML attachment was scrubbed... URL: From public-xdx77z at ouimail.org Mon Jul 25 16:45:07 2016 From: public-xdx77z at ouimail.org (J. Holland) Date: Mon, 25 Jul 2016 16:45:07 +0200 Subject: dovecot-sieve plugin ABI mismatch with dovecot 2.2.5 Message-ID: Hi, I am no expert in this area, but I have recently update cswdovecot and cswdovecot-sieve on Solaris 11.3. Previously, both were working fine. Now, 'doveconf -n' reports an ABI version mismatch: # 2.2.25 (f5ac02c): /etc/opt/csw/dovecot/dovecot.conf doveconf: Error: Couldn't load plugin /opt/csw/lib/64/dovecot/settings/libmanagesieve_login_settings.so: Module is for different ABI version 2.2.ABIv24(2.2.24) (we have 2.2.ABIv25(2.2.25)) doveconf: Error: Couldn't load plugin /opt/csw/lib/64/dovecot/settings/libmanagesieve_settings.so: Module is for different ABI version 2.2.ABIv24(2.2.24) (we have 2.2.ABIv25(2.2.25)) doveconf: Error: Couldn't load plugin /opt/csw/lib/64/dovecot/settings/libpigeonhole_settings.so: Module is for different ABI version 2.2.ABIv24(2.2.24) (we have 2.2.ABIv25(2.2.25)) Is anyone else seeing this? Can someone confirm if there is, in fact, a problem with the current dovecot-sieve package? I tried contacting the maintainer directly, but the CSW page gave some bogus error about a non-existent captcha field not being filled in. Thanks! Jon