[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
The pkgsrc team is proud to announce the availability of the pkgsrc-2015Q4
branch. Notable new packages this quarter include kodi (home media center
software previously known as xbmc), php-baikal (a CardDAV/CalDAV server),
freecol (a Colonization clone), unicorn (a CPU emulator framework), and
Sevan Janiyan continued his great work to test and improve pkgsrc across
various platforms, and we can now build over 10,000 packages on Bitrig,
and over 12,000 on OpenBSD.
Other infrastructure changes include adding SHA512 digests for all package
distfiles, the removal of the obsolete find-prefix code, and pkglint is
now much faster having been rewritten in go (the previous perl version is
still available as pkglint4 for platforms which cannot run go programs).
Number of Packages
In pkgsrc, there are 16846 possible packages in pkgsrc-2015Q4, up from
16764 last quarter. The number of successful binary package builds on
various platforms are:
* 16,000+ on NetBSD-current amd64 using clang
* 14,000+ on FreeBSD amd64 using clang
* 14,000+ on SmartOS i386/x86_64 using gcc
* 13,000+ on Linux i386/x86_64 using gcc
* 12,000+ on OpenBSD amd64 using gcc
* 12,000+ on OS X El Capitan x86_64 using clang
* 11,000+ on DragonFly 4.5 amd64 using gcc
* 10,000+ on Bitrig amd64 using clang
In addition, this quarter:
172 packages have been added (225 last quarter)
1 package has been renamed (1 last quarter)
58 packages removed, 7 with a successor (27 and 8 last quarter)
1185 packages updated (1392 last quarter)
The pkgsrc developers make a new release every three months. We believe
that this is a sweet spot between too many updates, and keeping abreast of
issues like security vulnerabilities. pkgsrc is not tied to any one
operating system or architecture, which gives us the ability to decouple
the releases from any operating system releases, and to concentrate on the
This is the 49th quarterly release of pkgsrc. Suggestions on how we
should celebrate our 50th release next quarter are welcome!
Changes to pkgsrc
Many pkgsrc developers and contributors have all helped with submissions,
fixes, and bug reports. This quarter there were 3,418 commits to pkgsrc
by 73 committers, making 2015 our most productive year so far!
As well as the notable packages listed above, we also introduced support
for php70 and python35, with many existing modules automatically building
with the new releases. The proftpd package was split into separate module
packages, making it much simpler to choose authentication backends at
runtime instead of having to compile in support at build time. We also
saw the introduction of Asterisk 13.
We actively manage the packages in pkgsrc, and delete ones that are no
longer useful relative to maintenance costs. We said goodbye to php54 and
ruby193, both of which are no longer maintained upstream.
One neat feature of pkgsrc is its ability to sort package versions based
on the version numbers. It's used in audit-packages, to report on any
installed packages which may have security vulnerabilities in them.
pkgsrc-security%pkgsrc.org@localhost maintains lists of vulnerable packages, along
with reference URLs relating to the exposure. We thank the whole
pkgsrc-security team for their hard work. Sample output from
audit-packages is shown below:
Package qemu-2.4.0nb2 has a information-disclosure vulnerability, see http://xenbits.xen.org/xsa/advisory-140.html
Package qemu-2.4.0nb2 has a buffer-overflow vulnerability, see https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html
Package qemu-2.4.0nb2 has a memory-corruption vulnerability, see http://git.qemu.org/?p=qemu.git;a=commit;h=efec4dcd2552e85ed57f276b58f09fc385727450
Package qemu-2.4.0nb2 has a denial-of-service vulnerability, see http://git.qemu.org/?p=qemu.git;a=commit;h=3a56af1fbc17ff453f6e90fb08ce0c0e6fd0b61b
Package qemu-2.4.0nb2 has a buffer-overflow vulnerability, see http://git.qemu.org/?p=qemu.git;a=commit;h=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755
Package qemu-2.4.0nb2 has a denial-of-service vulnerability, see http://git.qemu.org/?p=qemu.git;a=commit;h=5a1ccdfe44946e726b4c6fda8a4493b3931a68c1
More information can be found in
tar files for pkgsrc, along with checksums, can be found at
and anonymous cvs can be used:
cvs -z3 -q -d anoncvs%anoncvs.netbsd.org@localhost:/cvsroot checkout -r pkgsrc-2015Q4 -P pkgsrc
or by pulling from the git mirror at:
or the mercurial mirror at:
Joyent provide quarterly binary package sets for SmartOS/illumos,
OS X, and Linux, as well as some quickstart documentation at:
Sevan Janiyan provides an OS X PowerPC package repository at:
pkgsrc is a cross-platform packaging system. It allows people to download
sources and to build and install binary packages on one or more platforms.
Building packages from source is useful for a number of reasons:
* not only is the provenance of source code checked (by using multiple
digests), with pkgsrc, the version of source code you are working with
is the same that other developers and users have.
* package builders can choose to customize their own installations by
means of the option framework. pre-built packages from other builders
may not have specified the same options.
* patches are maintained in a central repository, and, again, are checked
at patch application time by using digests. The patches which are
applied to the sources being built are the same ones which are known to
be used and proved by other pkgsrc users (not necessarily on the same
* by building from source, all doubts about compilers, build
practices, source code cleanliness, and packaging differences are
removed. Digital signatures of binary packages, while useful in
themselves, only prove certain aspects of binary package provenance.
(pkgsrc has had signed packages since 2001.)
* it may be difficult or impossible to find a pre-built package for the
operating system or architecture.
* a pre-built package may have further or conflicting pre-requisites,
which are themselves difficult to find or build. By building
everything, including pre-requisites, a from-source packaging system
can ensure that pre-requisites are present and integrated.
At the present time, pkgsrc supports 23 platforms:
Darwin/Mac OS X
Complete dependency and pre-requisite package information is held and used
by the package management software - if packages rely on other packages to
function properly, that pre-requisite will be built, installed and managed
as part of the package installation process. Binary packages can be
managed using pkgin and nih.
On behalf of the pkgsrc developers
Fri Jan 1 18:00:00 GMT 2016
Jonathan Perkin - Joyent, Inc. - www.joyent.com
Main Index |
Thread Index |