| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
pkgsrc change: now what sqlite3 has been imported into NetBSD, enable it
Asterisk Project Security Advisory - AST-2011-012
Product Asterisk
Summary Remote crash vulnerability in SIP channel driver
Nature of Advisory Remote crash
Susceptibility Remote authenticated sessions
Severity Critical
Exploits Known No
Reported On October 4, 2011
Reported By Ehsan Foroughi
Posted On October 17, 2011
Last Updated On October 17, 2011
Advisory Contact Terry Wilson <twilson@digium.com>
CVE Name CVE-2011-4063
Description A remote authenticated user can cause a crash with a
malformed request due to an unitialized variable.
Resolution Ensure variables are initialized in all cases when parsing
the request.
Affected Versions
Product Release Series
Asterisk Open Source 1.8.x All versions
Asterisk Open Source 10.x All versions (currently in beta)
Corrected In
Product Release
Asterisk Open Source 1.8.7.1, 10.0.0-rc1
Patches
Download URL Revision
http://downloads.asterisk.org/pub/security/AST-2011-012-1.8.diff 1.8
http://downloads.asterisk.org/pub/security/AST-2011-012-10.diff 10
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-012.pdf and
http://downloads.digium.com/pub/security/AST-2011-012.html
Revision History
Date Editor Revisions Made
Asterisk Project Security Advisory - AST-2011-012
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
|
|
Bump revisions of all variant packages.
(wearing pointy hat)
|
|
|
|
broken
|
|
Bump revisions of all variant packages.
|
|
|
|
|
|
|
|
www/p5-Template-Toolkit-Simple.
|
|
Changes from previous:
---
version: 0.13
date: Sun May 15 17:08:56 EST 2011
changes:
- Use Stardoc
- use Package
---
version: 0.12
date: Sun May 15 12:46:44 EST 2011
changes:
- Forgot to 'use Encode'. doh!
---
version: 0.11
date: Sun May 15 12:11:50 EST 2011
changes:
- Finally works with utf8 templates and yaml. \o/
---
version: 0.10
date: Mon Nov 29 09:58:35 EST 2010
changes:
- Skip tests if YAML::XS not installed.
|
|
Changes from previous:
0.15 - 2011.04.17 - SAPER #PerlQA2011
- [DIST] CPAN-RT#54456: Set INSTALLDIRS to "site" when installed on
Perl 5.11+ (thanks to Todd Rinaldo).
- [DOC] Document a known bug under Perl 5.8.4 and 5.8.5.
- [TESTS] Fixed tests to pass under Perl 5.8.4 and 5.8.5.
0.14 - 2011.04.16 - SAPER #PerlQA2011
- [CODE] Updated from bleadperl:
- XSLoader::load() with no arguments can use caller to find
a default package (Nicholas Clark).
- Avoid defining a full XSLoader::bootstrap_inherit post 5.6,
as it's not needed (Nicholas Clark).
- Small optimisation: for the generated XSLoader.pm, avoid a
runtime lexical which is constant (Nicholas Clark).
- [TESTS] Updated from bleadperl, solving RT-CPAN #54132, #61332.
- [TESTS] Fixed tests for old Perls.
- [TESTS] Added t/00-load.t and t/01-api.t, to provide basic tests
when the main ones are skipped.
|
|
Changes from previous:
0.07 2011.01.28
- Use $ua->env_proxy to load local proxy settings. (RT 53817)
- Fixed documentation for find_in_html. (RT 19183)
- Removed sign() and auto_install() from Makefile.PL.
- Removed magic svn keywords.
- Converted test suite to Test::More.
- Added author tests (xt/) and modified SYNOPSIS for all modules to
make them pass the compilation test.
|
|
|
|
|
|
|
|
net/p5-Net-Amazon-S3.
|
|
Changes from previous:
0.54 Sat Mar 21 21:23:32 BST 2011
- Fix for a naked qw() warning (patch by David Wheeler)
- Fixed path issues (patch by Pavel Karoukin)
*WARNING* THIS MIGHT BREAK EXISTING APPS *WARNING*
- Author and development information changes
0.53 Tue Mar 30 15:24:19 BST 2010
- fix authenticated urls to work with EU buckets (patch by Edmund
von der Burg)
- tiny POD fix (patch by Frank Wiegand)
- add an exists method to Net::Amazon::S3::Client (suggested by
David Golden)
- fix max_keys when listing buckets (spotted by Andrew Bryan)
- add content_encoding to Net::Amazon::S3::Object (suggested
by Egor Korablev)
- update s3cl: You need to use the module before you use it,
added the mkbucket command, now you can run the help without
your AWS secret key, add docs about the env variables you need
to run s3cl (patches by Jesse Vincent)
0.52 Thu Jul 2 09:17:11 BST 2009
- increase version prerequisites for some modules so that they
are known to work
0.51 Tue May 19 08:31:59 BST 2009
- use MooseX::Types::DateTimeX so that we work with latest Moose
(noticed by Ted Zlatanov)
|
|
Changes from previous:
2011-08-15 Gisle Aas <gisle@ActiveState.com>
Release 1.59
Make sure accessor methods don't return utf8::upgraded() bytes
for URLs initialized from Unicode strings.
Version number increments.
Documentation tweaks.
|
|
Changes from previous:
0.07 2011-06-26T05:48:03
- Moved to [GitHub](http://github.com/theory/text-diff-html/).
- Switched to a static README.md, rather than a generated README.
|
|
|
|
ride on last update.
|
|
|
|
|
|
misc/p5-Locale-Maketext-Lexicon.
|
|
Changes from previous:
[Changes for 0.91 - 2011-08-19]
* Fixed test count for newly added tests
[Changes for 0.90 - 2011-08-19]
* Doc changes
[Changes for 0.89 - 2011-08-19]
* Added support to the TT2 parser for Mojolicious style tags
Thanks to COSIMO for the patch
[Changes for 0.88 - 2011-07-30]
* Fixed the t/5-extract.t test count
[Changes for 0.87 - 2011-07-20]
* Locale::Maketext::Extract::Plugin::Mason
- Added support for Mason 2
Thanks to ASIMON for the patch.
* Locale::Maketext::Extract
- Now warns on loading bad plugins if warnings enabled
* Locale::Maketext::Extract::Plugin::Base
- Corrected the synopsis
Thanks to TOKUHIROM for the bug reports
[Changes for 0.86 - 2011-02-16]
* Bumped version because the META file was showing an old version number.
[Changes for 0.85 - 2011-02-11]
* Changed Locale::Maketext::Extract::Run to ignore:
- .git/
- unix pipes
- binary files
Thanks to audreyt for the patch
https://github.com/audreyt/locale-maketext-lexicon/commit/1e4d112d435daa7b72eb8b49208f3b2e3185bc22
[Changes for 0.84 - 2010-12-24]
* Changed the minimum version of Locale::Maketext to 1.17, to avoid error
reports from recent Perl versions, which still have an old Locale::Maketext
* Locale::Maketext::Extract
- added a fix from Ivan Bessarov to avoid uninit warnings when msgids
contain trailing spaces
[Changes for 0.83 - 2010-12-09]
* Locale::Maketext::Lexicon
- remove the local $@ when loading PO files - made it difficult
to debug errors when loading PO's
Thanks to Ton Voon for the patch
https://rt.cpan.org/Ticket/Display.html?id=63722
- Added -P|plugins option to specify which parser plugins to use
- Added -w|warnings to turn parser warnings on and off
- Added -v|verbose to output the files that are being processed,
the plugins used to process them, and the extracted strings
- Fixed a bug in the File::Find routine to correctly prune
.svn directories and their contents
* Locale::Maketext::Extract::Plugin::Perl
- Added a defined check to avoid a warning.
|
|
Changes from previous:
0.15 Tue May 24 09:41:52 PDT 2011
- handle DOS line endings (rkitover)
0.14 Thu Jan 20 15:07:59 PST 2011
- Enable the warnings (rkitover)
0.13 Mon Jan 17 14:36:27 PST 2011
- Improved documents about nested closure
- check -w switch on CGIs (rkitover)
|
|
Changes from previous:
0.15 1 Jul 2011
Clean up POD. Close bug #69057. Other minor tweaks to POD.
0.13 23 Jun 2011
No functional changes. Fix for test timeout.t.
Fix strict undefined symbol error in timeout.t, when Time::HiRes is not present.
Not sure if constant pragma will exist in all supported perl versions,
so, we just commented out the use strict in this test.
Print warning when Time::HiRes not found in Makefile.PL
0.12 20 Jun 2011
Conditionally add 'LICENSE' => 'perl' to WriteMakefile()
call if $ExtUtils::MakeMaker::VERSION >= 6.3002.
Added support for timeout_call() in fractional seconds
expressed as a floating point number. If Time::HiRes
is not loadable, then the timeout value is raised to the
next high integer value with the POSIX:ceil() funtion.
Added sig_alarm(), which timeout_call uses. This is drop
in replacement for alarm(). If Time::HiRes
is not loadable, then the seconds argument is raised to the
next high integer value with the POSIX:ceil() funtion.
|
|
|
|
Bug fix release.
|
|
|
|
|
|
GNU `dbm' is a library of functions implementing a hashed database
on a disk file. The software was written by Philip A. Nelson.
This is the optional dbm and ndbm API compatibility library and headers.
|
|
|
|
|
|
|
|
|
|
|
|
correct the spelling of my username in the */poco* commit earlier.
|
|
|
|
|
|
|
|
xfs-1.1.1 [wip]
(2) s/pkgsrc-wip/wip/; for the lines I have added.
(Shall I do for the rest of lines ?)
|
|
Change log:
This is the changelog file for the POCO C++ Libraries.
Release 1.4.2p1 (2011-09-24)
============================
- On Linux, the RTLD_DEEPBIND option is no longer passed to dlopen().
This change was introduced in 1.4.2 to solve a specific problem one customer
was having. Unfortunately, it leads to problems with RTTI.
- It's now possible to pass flags (SHLIB_GLOBAL, SHLIB_LOCAL) to
Poco::SharedLibrary::load() (and the constructor implicitly calling load()),
controlling the mode flags (RTLD_GLOBAL, RTLD_LOCAL) passed to dlopen().
On platforms not using dlopen(), these flags are ignored.
- fixed SF# 3400267: Path_WIN32.cpp bug
Release 1.4.2 (2011-08-28)
==========================
- added Poco::DateTimeFormat::ISO8601_FRAC_FORMAT
- added new Poco::DateTimeFormatter and Poco::DateTimeParser format specifier:
%s for seconds with optional fractions of a second
- fixed a problem with ioctl() on BSD platforms (including OS X) where the
second argument to ioctl() is unsigned long instead of int, causing bad
things on a OS X 64-bit kernel.
- fixed a potential endless loop when enumerating IPv6 network addresses
(reported by Laurent Carcagno)
- new compile-time config option on Windows to set thread names in
debugger. Enable with -DPOCO_WIN32_DEBUGGER_THREAD_NAMES. Available
only in debug builds.
- Cipher can now create Base64 and HexBinary encoded output without linefeeds
(suitable for use in cookies, etc.)
- added Poco::Path::popFrontDirectory()
- improved VxWorks support
- IPv6 fixes: added proper scope id handling in IPAddress, SocketAddress
and related classes.
- Added Poco::Net::ServerSocket::bind6() which allows control over the
IPPROTO_IPV6/IPV6_V6ONLY socket option.
- Removed Poco::MD2Engine class due to licensing issues (the
license for the MD2 code from RSA only allows non-commercial
use). Note that the MD4 and MD5 code from RSA does not have
this issue.
- fixed a Net HTTP client testsuite issue where some tests might
have failed due to prematurely aborted connections by
the HTTPTestServer.
- Poco::Net::SocketAddress: when there is more than one address
returned by a DNS lookup for a name, IPv4 addresses will be
preferred to IPv6 ones.
- NetworkInterface::list() now also returns IPv4 interfaces on Windows when
built with -DPOCO_HAVE_IPv6
- XMLWriter: fixed a bug with attribute namespaces (no namespace prefix
written if attribute namespace is the same as element namespace)
- fixed SF# 3378588: Mismatched new[]/delete (in RSAEncryptImpl and
RSADecryptImpl)
- fixed SF# 3212954 (OpenSSLInitializer::uninitialize() crash) and
SF# 3196862 (Static OpenSSLInitializer instance causes Windows
deadlocks) by removing the static Poco::Crypto::OpenSSLInitializer
instance. Automatic OpenSSL initialization is now done through
Poco::Crypto::Cipher, Poco::Crypto::CipherKey,
Poco::Crypto::X509Certificate, Poco::Net::Context classes; however,
it is still recommended to call Poco::Crypto::initializeCrypto()
and Poco::Crypto::uninitializeCrypto() early at application
startup, and late at shutdown respectively (or
Poco::Net::initializeSSL()/Poco::Net::uninitializeSSL() if the
NetSSL library is used) to avoid multiple full OpenSSL init/uninit
cycles during application runtime.
- Poco::Logger now also support a symbolic log level "none"
(for use with setLevel()) that disables logging completely
for that Logger (equivalent to setLevel(0)).
- Added experimental Android support, using the existing gmake-based
build system.
- fixed SF# 3288584: DateTimeFormatter link error
- fixed SF# 3187117: Typo in InflatingInputStream doc
- fixed SF# 3309731: _WIN32_WCE comparison should be with 0x600 not 600
- fixed SF# 3393026: RegularExpression.h identical enum value
- fixed SF# 3274222: AtomicCounter's postfix operators aren't atomic on Windows
- fixed SF# 3317177: Handle leak on windows
- fixed SF# 3181882: Poco::URI::getPathEtc() double-encodes query
- fixed SF# 3379935: ThreadPool Start Bug
- fixed SF# 3354451: Poco::Format::parsePrec never sets the precision to zero
- fixed SF# 3387258: _MAX_PATH used but unknown in Path_WIN32
- fixed a problem in RSAKeyImpl where direct access to the RSA in a EVP_PKEY
would no longer work in recent OpenSSL versions. Using EVP_PKEY_get1_RSA()
fixes the issue.
- added Poco::Crypto::EncryptingInputStream,
Poco::Crypto::EncryptingOutputStream, Poco::Crypto::DecryptingInputStream
and Poco::Crypto::DecryptingOutputStream.
- fixed SF# 3148126: HTTPSClientSession destructor (!) throws an IOException
- fixed SF# 3178098: Add constructor to Poco::TemporaryFile to specify directory
- fixed SF# 3175310: Absolute path when device
- fixed SF# 3301207: Guided tour example contradicts apidoc (API doc was wrong)
- Poco::Net::HTTPMessage::setContentLength() and
Poco::Net::HTTPMessage::getContentLength() now use std::streamsize
instead of int. This enables 64-bit Content-Length support at
least on 64-bit platforms.
- fixed SF# 3177530: TemporaryFile::tempName() + glob bug on xp
- fixed SF# 3177372: FileChannel documentation inconsistency
- added %E format specifier to Poco::PattermFormatter (epoch time in seconds
since midnight, January 1 1970)
- On Windows, Poco::Util::ServerApplication now supports a /description
command line argument for specifying a service description
(together with /registerService) - added
Poco::Util::WinService::setDescription() and
Poco::Util::WinService::getDescription()
- fixed SF# 3155477: Incorrect URI path handling
- fixed SF# 3309736: Extended Exception macros to set default exception code
new macro is named POCO_DECLARE_EXCEPTION_CODE
- added getter functions for modulus and exponents to Poco::Crypto::RSAKey.
- added Poco::Net::SocketAddress::operator == () and
Poco::Net::SocketAddress::operator != ()
- fixed SF# 3182746: IPAddress.cpp IPv6 bug on big-endian
- fixed SF# 3196961: Unix daemon fails to loadConfiguration() if
started from cwd
- fixed SF# 3393700: NotificationCenter may call a removed observer and crash.
- Reworked implementation of the events framework (Poco::BasicEvent
and friends). The framework is now completely multithreading
save (even in the case that an event subscriber object unsubscribes
and is deleted while an event is being dispatched). Also, the
restriction that any object can only register one delegate for
each event has been removed. For most cases, dispatching events
should be faster, as dispatching an event now needs less dynamic
memory allocations.
- fixed SF# 3178109: getNodeByPath() changes:
getNodeByPath() and getNodeByPathNS() have been moved to
Poco::XML::Node. Furthermore, when invoked on a Poco::XML::Document,
the behavior has changed so that the document element is now
included when traversing the path (previously, traversal would
start at the document element, now it starts at the document).
The path expression can now start with a double-slash, which
results in a recursive search for the path's first element in
the DOM tree.
- fixed SF# 3382935: String data being truncated using ODBC, and
SF# 2921813: Wrong implementation of the ODBC string binding
Release 1.4.1p1 (2011-02-08)
============================
- Poco::Mutex is now a recursive mutex again on Linux
(this was caused by an unfortunate feature test for
PTHREAD_MUTEX_RECURSIVE which did not work on Linux
as PTHREAD_MUTEX_RECURSIVE is an enum value and not
a macro)
- Poco::Net::SecureSocketImpl::abort() now only shuts
down the underlying socket connection and does not free
the SSL object, due to multithreading issues.
Release 1.4.1 (2011-01-29)
==========================
- fixed SF# 3150223: Poco::BinaryReader cannot read std::vector correctly
- fixed SF# 3146326: SharedMemory issue
- made Poco::Net::HTTPSession::abort() virtual
- added Poco::Net::SecureStreamSocket::abort() to immediately close
a SSL/TLS connection without performing an orderly SSL/TLS shutdown.
- fixed SF# 3148126: HTTPSClientSession destructor (!) throws an IOException.
Added try/catch block to Poco::Net::SecureSocketImpl destructor.
- added additional constructor to Poco::Net::HTTPSClientSession, taking
both a socket and a session object.
- Poco::Net::HTTPSession::abort() now also can be used with a
Poco::Net::HTTPSClientSession.
- fixed SF# 3148045: make clean and distclean issues
- changed Data library names on Unix/Linux platforms to
match the names on Windows (PocoSQLite -> PocoDataSQLite,
PocoMySQL -> PocoDataMySQL, PocoODBC -> PocoDataODBC)
- added additional options to configure script
- added additional documentation to Poco::Net::HTTPClientSession
- Poco::Net::HTTPClientSession::receiveResponse() closes the connection
if an exception is thrown while reading the response header.
This ensures that a new connection will be set up for the next request
if persistent connections are used.
- improved Poco::Net::MultipartDecoder performance by reading directly from
streambuf
- improved performance of Poco::Base64Encoder, Poco::Base64Decoder,
Poco::HexBinaryEncoder and Poco::HexBinaryDecoder by working directly with the
given stream's streambuf.
- improved performance of MessageHeader::read() by reading directly from
streambuf instead of istream.
- it is now possible to specify additional MIME part header fields
for a MIME part through the Poco::Net::PartSource class.
- upgraded SQLite to release 3.7.4
- added experimental VxWorks support for VxWorks 5.5.1/Tornado 2.2 and
newer. Please see the VxWorks Platform Notes in the reference documentation
for more information. Currently, the VxWorks is untested; full support
will be available in release 1.4.2.
- fixed SF# 3165918: Poco::DynamicAny fails to convert from string to float
- fixed SF# 3165910: Poco::Net::MessageHeader does not accept HTTP conforming
header
- made Poco::Task::cancel() virtual so that tasks can implement custom
cancellation behavior.
- added optional argument to Poco::Util::WinRegistryKey constructor
to specify additional flags (in addition to KEY_READ and KEY_WRITE)
for the samDesired argument of RegOpenKeyEx() or RegCreateKeyEx().
- improved Poco::BasicEvent::notify() performance by avoiding an
unnecessary heap allocation.
- added additional well-known port numbers to Poco::URI: rtsp, sip, sips, xmpp.
- added Poco::Net::MediaType::matchesRange()
- improved invalid socket handling: a Poco::Net::InvalidSocketException is
now thrown instead of an assertion when an operation is attempted
on a closed or otherwise uninitialized socket.
|
|
|
|
While here, install document again.
== Changes
= Changes in 2.2.2 =
Oct 17, 2011 - version 2.2.2
* Bug fixes
* Do not sort query params on request: Wrongly sorted query params for
easier debugging but the order of request parameter should be
preserved. #65
* Changes
* Set responce String encoding if possible. Parse content-type response
header with some helps from OpenURI::Meta and set response String
encoding. #26
* Improve connection cache strategy. Reuse cached session in MRU order,
not in LRU. MRU is more server friendly than LRU because it reduces
number of cached sessions when a number of requests drops after an
usaage spike.
With reusing sessions in LRU order, all sessions are equally checked if
it's closed or not, as far as there's a request to the same site. With
reusing sessions in MRU order, old cold sessions are kept in cache long
time even if there's a request to the same site. To avoid this leakage,
this version adds keep_alive_timeout property and let SessionManager
scrub all sessions with checking the timeout for each session. When the
session expires against the last used time, it's closed and collected.
keep_alive_timeout is 15[sec] by default. The value is from the default
value for KeepAliveTimeout of Apache httpd 2. #68 #69
|
|
|
|
Bump PKGREVISION
|
|
|
|
|
|
doens't exist.
|
