Lists all of the journal entries for the day.

Fri, 27 Mar 2009

5:24 PM - It's friday, what's happening?

First, I just committed a security update for sudo for 0.2.1 users.  It's strongly recommended that you get that update.  CURRENT has been updated for a bit and nothing bad has happened.  That's always good.

In the last few days, I've updated mksh, bind, pnpinfo, libarchive, bsdtar, bsdcpio (new and replacing pax for cpio), and tcpdump in CURRENT.  

There was a recent security advisory with openssl but i don't think it affects us.  I'll investigate the possibility of bringing in a newer version for 0.3-RELEASE. 

ctriv has been working on connecting perl 5.10 to the build. That means perl will be included with 0.3-RELEASE (not a port, but part of the os).  We discussed this for some time and it made sense for our project.  It might not be 100% correct with mports.  Please report any problems with mports on current or 0.2 after the changes we've been making.

mports now uses rmd160 in addition to sha256 and md5 hashes for distinfo files.  We decided a little extra verification was a good thing especially since all three hashes have some known defects.  Exploiting three makes it a bit harder. This was also already in the md5 utility driver so we didn't need to do anything but edit a few lines in and then start updating ports.  I did archivers and accesibility last night.  Others will come over time.  You may see some messages when installing ports about missing checksums.  That is ok.

While I was at it, I removed some checks for ancient port structures still used by NetBSD.  I didn't see a point to slowing down mports any more.  We want it to be quick and to make up for the extra hash algorithm a bit.

I've investigated the possibility of using mksh as /bin/sh again.  One problem we have is that FreeBSD's version of ash contains some extensions like setvar and ! that mksh does not understand.

The bsdcpio transition might go well or it might not.  Please report bugs and remember that GNU cpio is available in mports as gcpio.  We hope to get some ports off gcpio soon.  Our pax is ancient and didn't understand a lot of the gnu extensions.  The installer uses it too so further testing will be needed. Unlike freebsd, we don't have a use gnu cpio option in the build.  Their ancient version has some security holes and we removed it long ago. (before 0.2)