»
I added patches to textproc/libxml2 from an upstream commit and an upstream pull request to address CVE-2020-7595 and CVE-2019-20388 respectively. Version 2.9.10nb1 includes the patches.
»
I added a patch to www/nginx from an upstream commit to address CVE-2019-20372. Version 1.16.1nb2 includes the patch.
»
In order to reduce the number of vulnerabilities on my systems, I added some patches to devel/ncurses (and devel/ncursesw) to address CVE-2018-19211, CVE-2019-17594, and CVE-2019-17595. Version 6.1nb7 includes the patches.
»
I have restored fetching of correct upstream files for print/psify. Looks like we pointed to the wrong files for 13 years.
»
I updated sysutils/rsnapshot to 1.4.3 in another long-overdue commit (notable changes).
»
I updated net/tcptraceroute6 to 1.0.4 to incorporate portability fixes from upstream.
»
New releases of Remind have been coming out again, so I’ve updated time/remind to version 3.2.0. (more…)
»
I committed a long overdue update for net/cisco-mibs to version 20170101, which appears to be the latest currently available. A good number of additional MIB files are now included.

1.1.20

Addressing failed setrlimit calls in sudo

Written in the mid-afternoon in English • Tags: ,

After installing sudo 1.8.29 from pkgsrc (security/sudo) I started frequently seeing this warning message:

sudo: setrlimit(3): Invalid argument

It took a few rounds, but eventually I applied an acceptable patch for the pkgsrc-2019Q4 release. Later an upstream workaround was committed and included in the sudo 1.8.30 release. (more…)

»
The Proxmox wiki has instructions for importing the CA certificate. Instead of following the OS X instructions to the letter and importing the host certificate of each cluster node, just import the pve-root-ca.pem file in Keychain Access (File > Import Items), then open the item and mark it trusted (e.g. Always trust).

Copyright © 2019–2023 Kimmo Suominen. All rights reserved.