| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This is the command-line tool, which uses the recently added libduktape package.
Duktape is an embeddable Ecmascript E5/E5.1 engine with a focus on
portability and compact footprint. By integrating Duktape into your
C/C++ program you can easily extend its functionality through
scripting. You can also build the main control flow of your program
in Ecmascript and use fast C code functions to do heavy lifting.
The terms Ecmascript and Javascript are often considered more or less
equivalent, although Javascript and its variants are technically just
one environment where the Ecmascript language is used. The line
between the two is not very clear in practice: even non-browser
Ecmascript environments often provide some browser-specific built-ins.
Duktape is no exception, and provides the commonly used print() and
alert() built-ins. Even so, we use the term Ecmascript throughout to
refer to the language implemented by Duktape.
|
|
which can be embedded in other C programs.
Duktape is an embeddable Ecmascript E5/E5.1 engine with a focus on
portability and compact footprint. By integrating Duktape into your
C/C++ program you can easily extend its functionality through
scripting. You can also build the main control flow of your program
in Ecmascript and use fast C code functions to do heavy lifting.
The terms Ecmascript and Javascript are often considered more or less
equivalent, although Javascript and its variants are technically just
one environment where the Ecmascript language is used. The line
between the two is not very clear in practice: even non-browser
Ecmascript environments often provide some browser-specific built-ins.
Duktape is no exception, and provides the commonly used print() and
alert() built-ins. Even so, we use the term Ecmascript throughout to
refer to the language implemented by Duktape.
|
|
|
|
|
|
Update DEPENDS
Upstream changes:
2.1801 2016-05-02
[OTHER]
- bundled an updated ExtUtils::HasCompiler, to support building with a
noexec $TMPDIR.
|
|
----- 11.22.0
The Asterisk Development Team has announced the release of Asterisk 11.22.0.
The release of Asterisk 11.22.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25857 - func_aes: incorrect use of strlen() leads to
data corruption (Reported by Gianluca Merlo)
* ASTERISK-25321 - [patch]DeadLock ChanSpy with call over Local
channel (Reported by Filip Frank)
* ASTERISK-25800 - [patch] Calculate talktime when is first call
answered (Reported by Rodrigo Ramirez Norambuena)
* ASTERISK-25272 - [patch]The ICONV dialplan function sometimes
returns garbage (Reported by Etienne Lessard)
* ASTERISK-20987 - non-admin users, who join muted conference are
not being muted (Reported by hristo)
* ASTERISK-24972 - Transport Layer Security (TLS) Protocol BEAST
Vulnerability - Investigate vulnerability of HTTP server
(Reported by Alex A. Welzl)
* ASTERISK-25603 - [patch]udptl: Uninitialized lengths and bufs in
udptl_rx_packet cause ast_frdup crash (Reported by Walter
Doekes)
* ASTERISK-25742 - Secondary IFP Packets can result in accessing
uninitialized pointers and a crash (Reported by Torrey Searle)
* ASTERISK-25397 - [patch]chan_sip: File descriptor leak with
non-default timert1 (Reported by Alexander Traud)
* ASTERISK-25730 - build: make uninstall after make distclean
tries to remove root (Reported by George Joseph)
* ASTERISK-25722 - ASAN & testsute: stack-buffer-overflow in
sip_sipredirect (Reported by Badalian Vyacheslav)
* ASTERISK-25714 - ASAN:heap-buffer-overflow in logger.c (Reported
by Badalian Vyacheslav)
* ASTERISK-24801 - ASAN: ast_el_read_char stack-buffer-overflow
(Reported by Badalian Vyacheslav)
* ASTERISK-25701 - core: Endless loop in "core show
taskprocessors" (Reported by ibercom)
* ASTERISK-25700 - main/config: Clean config maps on shutdown.
(Reported by Corey Farrell)
* ASTERISK-25690 - Hanging up when executing connected line sub
does not cause hangup (Reported by Joshua Colp)
* ASTERISK-25687 - res_musiconhold: Concurrent invocations of 'moh
reload' cause a crash (Reported by Sean Bright)
* ASTERISK-25394 - pbx: Incorrect device and presence state when
changing hint details (Reported by Joshua Colp)
* ASTERISK-25640 - pbx: Deadlock on features reload and state
change hint. (Reported by Krzysztof Trempala)
* ASTERISK-25681 - devicestate: Engine thread is not shut down
(Reported by Corey Farrell)
* ASTERISK-25680 - manager: manager_channelvars is not cleaned at
shutdown (Reported by Corey Farrell)
* ASTERISK-25679 - res_calendar leaks scheduler. (Reported by
Corey Farrell)
* ASTERISK-25677 - pbx_dundi: leaks during failed load. (Reported
by Corey Farrell)
* ASTERISK-25673 - res_crypto leaks CLI entries (Reported by Corey
Farrell)
* ASTERISK-25647 - bug of cel_radius.c: wrong point of
ADD_VENDOR_CODE (Reported by Aaron An)
* ASTERISK-25614 - DTLS negotiation delays (Reported by Dade
Brandon)
* ASTERISK-25442 - using realtime (mysql) queue members are never
updated in wait_our_turn function (app_queue.c) (Reported by
Carlos Oliva)
* ASTERISK-25624 - AMI Event OriginateResponse bug (Reported by
sungtae kim)
Improvements made in this release:
-----------------------------------
* ASTERISK-24813 - asterisk.c: #if statement in listener()
confuses code folding editors (Reported by Corey Farrell)
* ASTERISK-25767 - [patch] Add check to configure for sanitizes
(Reported by Badalian Vyacheslav)
* ASTERISK-25068 - Move commonly used FreePBX extra sounds to the
core set (Reported by Rusty Newton)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.22.0
Thank you for your continued support of Asterisk!
----- 11.21.2
The Asterisk Development Team has announced the release of Asterisk 11.21.2.
The release of Asterisk 11.21.2 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25770 - Check for OpenSSL defines before trying to use
them. (Reported by Kevin Harwell)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.21.2
Thank you for your continued support of Asterisk!
|
|
3.3 as off boost 1.60.
|
|
|
|
For 4.5.1
This maintenance release fixes a total of 12 bugs in Version 4.5 including:
Build/Test Tools
#36498 Shrinkwrap npm dependencies for 4.5
Bundled Theme
#36510 Twenty eleven page templates with widgets incorrectly styled
Customize
#36457 Customizer Device Preview: Use px units for tablet preview size
Database
#36629 Database connect functions can cause un-catchable warnings
Editor
#36458 Fix support for Safari + VoiceOver when editing inline links
Emoji
#36604 Emoji skin tone support test incorrectly passing in Chrome
Feeds
#36620 Feeds using an rss-http content type are now served as application/octet-stream
Media
#36501 Fatal error: Undefined class constant 'ALPHACHANNEL_UNDEFINED'
#36578 wp_ajax_send_attachment_to_editor() bug
#36621 Don’t cache the results of wp_mkdir_p() in a persistent cache
Rewrite Rules
#36506 Duplicate directives in web.config after WordPress 4.5 installation on Windows
TinyMCE
#36545 WordPress TinyMCE toolbar/tabs unresponsive in Chrome Version 50.0.2661.75 beta-m (64-bit)
For 4.5.
What's New
Security
- SSRF Bypass using Octal & Hexedecimal IP addresses, reported by Yu Wang & Tong Shi from BAIDU XTeam
- Reflected XSS on the network settings page, reported by Emanuel Bronshtein (@e3amn2l)
- Script compression option CSRF, reported by Ronni Skansing
Posts
- Inline Link Editing
- Additional Editor Shortcuts
Comments
- Moderate Comment Screen Refresh
- Max Lengths for Comment Form Fields
- Comment Error Page Navigation
Appearance
- Responsive Preview of your site
- Theme Logo Support
- Selective Refresh
- Easy of use
Install Process
Version 4.5 default to generating secret keys and salts locally instead of relying on the WordPress.org API
Detail can be found here:
http://codex.wordpress.org/Version_4.5
http://codex.wordpress.org/Version_4.5.1
|
|
|
|
|
|
|
|
Bump PKGREVISION.
|
|
|
|
While here, fix typo and add test dependency.
Changelog only covers 0.5:
0.5
```
* Fix binding with self as a kwarg. (Robert Collins #14)
|
|
py-requests-2.10.0.
|
|
|
|
|
|
Changelog:
* high dpi display support
|
|
|
|
|
|
|
|
XULRunner is a runtime environment for applications using the
XML User Interface Language, XUL. It is the successor of the "Gecko"
runtime environment.
This package tracks 45 extended support release.
|
|
|
|
* Sync with firefox38-38.8.0
|
|
|
|
|
|
|
|
|
|
Bump rev.
|
|
|
|
|
|
|
|
--------------------------------------
0.69 2016-04-22 11:27:12Z
- attributes' "init_arg" settings are now respected when retrieving command
line options (thanks, Olaf Alders! -- PR#6)
|
|
|
|
|
|
--------------------------------------------------
1.0.2 - 2015-02-17
- Avoid an unhelpful warning
|
|
------------------------------------------
0.004004 2016-01-19 22:09:43-05:00 America/New_York
- Fixed issue 3
0.004003 2015-10-29 10:45:03-07:00 America/Los_Angeles
- Fixed issue 6
------------------------------------------
From https://github.com/cazador481/MooX-Log-Any/issues?q=is%3Aissue+is%3Aclosed
- #3 distribution version doesn't match module version
- #6 Add meta yml provides
|
|
|
|
----------------------------------------
1.21 2016-04-05
- %Preload: add rules for List::MoreUtils and Log::Dispatch
- %Preload: make the following modules require the unicore stuff:
charnames.pm
Unicode/Normalize.pm
Unicode/UCD.pm
- add helper _glob_in_inc_1()
- remove all references to http://par.perl.org/, doesn't exist anymore
|
|
|
|
- Add Following lines for make test
+BUILD_DEPENDS+=p5-IO-All-[0-9]*:../../devel/p5-IO-All
+BUILD_DEPENDS+=p5-Test-InDistDir-[0-9]*:../../devel/p5-Test-InDistDir
+BUILD_DEPENDS+=p5-Pod-Markdown-[0-9]*:../../textproc/p5-Pod-Markdown
(upstream)
- Updated devel/p5-Module-Install-ReadmeFromPod to 0.26
==============================
2016-04-26 13:54:51 +0100 0.26
==============================
Date: Tue Apr 26 13:54:51 2016 +0100
Missed prereq IO::All
==============================
2016-04-24 18:53:01 +0100 0.24
==============================
Date: Sun Apr 24 18:31:17 2016 +0100
Release engineering for 0.24
Date: Sun Apr 24 18:28:52 2016 +0100
Update README
Date: Sun Apr 24 18:13:19 2016 +0100
- Merge pull request #4 from djerius/markdown
- add support for markdown output
Date: Sun Apr 24 18:12:34 2016 +0100
- Merge pull request #5 from djerius/namespace
- only load IO::All and Capture::Tiny in admin mode
Date: Fri Oct 24 13:19:16 2014 +0100
Fixes for Makefile.PL
Date: Mon Sep 22 10:22:03 2014 -0400
only load IO::All and Capture::Tiny in admin mode
Date: Sat Sep 20 17:07:05 2014 -0400
add support for markdown output
Date: Sat Aug 9 23:28:18 2014 +0200
ensure outputs are always written in binary mode
|
|
|
|
|
|
reviewed by gsutre@.
|
|
pyhash is a python non-cryptographic hash library. It provide
several common hash algorithms with C/C++ implementation for
performance.
|
|
|
|
Changes between 1.0.2g and 1.0.2h [3 May 2016]
*) Prevent padding oracle in AES-NI CBC MAC check
A MITM attacker can use a padding oracle attack to decrypt traffic
when the connection uses an AES CBC cipher and the server support
AES-NI.
This issue was introduced as part of the fix for Lucky 13 padding
attack (CVE-2013-0169). The padding check was rewritten to be in
constant time by making sure that always the same bytes are read and
compared against either the MAC or padding bytes. But it no longer
checked that there was enough data to have both the MAC and padding
bytes.
This issue was reported by Juraj Somorovsky using TLS-Attacker.
(CVE-2016-2107)
[Kurt Roeckx]
*) Fix EVP_EncodeUpdate overflow
An overflow can occur in the EVP_EncodeUpdate() function which is used for
Base64 encoding of binary data. If an attacker is able to supply very large
amounts of input data then a length check can overflow resulting in a heap
corruption.
Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
the PEM_write_bio* family of functions. These are mainly used within the
OpenSSL command line applications, so any application which processes data
from an untrusted source and outputs it as a PEM file should be considered
vulnerable to this issue. User applications that call these APIs directly
with large amounts of untrusted data may also be vulnerable.
This issue was reported by Guido Vranken.
(CVE-2016-2105)
[Matt Caswell]
*) Fix EVP_EncryptUpdate overflow
An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
is able to supply very large amounts of input data after a previous call to
EVP_EncryptUpdate() with a partial block then a length check can overflow
resulting in a heap corruption. Following an analysis of all OpenSSL
internal usage of the EVP_EncryptUpdate() function all usage is one of two
forms. The first form is where the EVP_EncryptUpdate() call is known to be
the first called function after an EVP_EncryptInit(), and therefore that
specific call must be safe. The second form is where the length passed to
EVP_EncryptUpdate() can be seen from the code to be some small value and
therefore there is no possibility of an overflow. Since all instances are
one of these two forms, it is believed that there can be no overflows in
internal code due to this problem. It should be noted that
EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
of these calls have also been analysed too and it is believed there are no
instances in internal usage where an overflow could occur.
This issue was reported by Guido Vranken.
(CVE-2016-2106)
[Matt Caswell]
*) Prevent ASN.1 BIO excessive memory allocation
When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
a short invalid encoding can casuse allocation of large amounts of memory
potentially consuming excessive resources or exhausting memory.
Any application parsing untrusted data through d2i BIO functions is
affected. The memory based functions such as d2i_X509() are *not* affected.
Since the memory based functions are used by the TLS library, TLS
applications are not affected.
This issue was reported by Brian Carpenter.
(CVE-2016-2109)
[Stephen Henson]
*) EBCDIC overread
ASN1 Strings that are over 1024 bytes can cause an overread in applications
using the X509_NAME_oneline() function on EBCDIC systems. This could result
in arbitrary stack data being returned in the buffer.
This issue was reported by Guido Vranken.
(CVE-2016-2176)
[Matt Caswell]
*) Modify behavior of ALPN to invoke callback after SNI/servername
callback, such that updates to the SSL_CTX affect ALPN.
[Todd Short]
*) Remove LOW from the DEFAULT cipher list. This removes singles DES from the
default.
[Kurt Roeckx]
*) Only remove the SSLv2 methods with the no-ssl2-method option. When the
methods are enabled and ssl2 is disabled the methods return NULL.
[Kurt Roeckx]
|
|
|
|
|
