| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
that again is unsupported. Request a memory operand instead and drop the
dereference.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Updated archivers/unalz to 0.65
|
|
(doc/readme.txt), this includes the versions of:
-------------------------------
midi2abc version 2.94 January 05 2014
abc2midi version 3.37 October 16 2014
abc2abc version 1.75 September 08 2013
yaps version 1.56 November 04 2013
abcmatch version 1.62 January 01 2014
midicopy version 1.18 October 01 2013
(doc/CHANGES)
-------------------------------
too many lines to list here:
|
|
|
|
- ChangeLog doesn't seem to be available, but three patches
are now included in upstream and removing them.
|
|
1.40 Sun 04 Jan 2015
- https://rt.cpan.org/Public/Bug/Display.html?id=92205 [cpan/PMQS]
- https://rt.cpan.org/Public/Bug/Display.html?id=101092 [cpan/PMQS]
|
|
|
|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=104260
---------------------------
The MASTER_SITES for shells/mudsh is invalid. The email
address of the submitter of the port is no longer valid.
The app itself is a single perl script with no author in it.
---------------------------
Thanks wiz@ for review.
|
|
|
|
|
|
|
|
PR pkg/49494.
|
|
on SunOS.
|
|
one".
|
|
|
|
|
|
|
|
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2014-20
SigComp UDVM buffer overflow. (Bug 10662)
CVE-2014-8710
* wnpa-sec-2014-21
AMQP crash. (Bug 10582) CVE-2014-8711
* wnpa-sec-2014-22
NCP crashes. (Bug 10552, Bug 10628) CVE-2014-8712
CVE-2014-8713
* wnpa-sec-2014-23
TN5250 infinite loops. (Bug 10596) CVE-2014-8714
The following bugs have been fixed:
* 6LoWPAN Mesh headers not treated as encapsulating address.
(Bug 10462)
* UCP dissector bug of operation 31 - PID 0639 not
recognized. (Bug 10463)
* iSCSI dissector rejects PDUs with "expected data transfer
length" > 16M. (Bug 10469)
* GTPv2: trigging_tree under Trace information has wrong
length. (Bug 10470)
* Attempt to render an SMS-DELIVER-REPORT instead of an
SMS-DELIVER. (Bug 10547)
* IPv6 Mobility Option IPv6 Address/Prefix marks too many
bytes for the address/prefix field. (Bug 10576)
* IPv6 Mobility Option Binding Authorization Data for FMIPv6
Authenticator field is read beyond the option data.
(Bug 10577)
* IPv6 Mobility Option Mobile Node Link Layer Identifier
Link-layer Identifier field is read beyond the option data.
(Bug 10578)
* Malformed PTPoE announce packet. (Bug 10611)
* IPv6 Permanent Home Keygen Token mobility option includes
too many bytes for the token field. (Bug 10619)
* IPv6 Redirect Mobility Option K and N bits are parsed
incorrectly. (Bug 10622)
* IPv6 Care Of Test mobility option includes too many bytes
for the Keygen Token field. (Bug 10624)
* IPv6 MESG-ID mobility option is parsed incorrectly.
(Bug 10625)
* IPv6 AUTH mobility option parses Mobility SPI and
Authentication Data incorrectly. (Bug 10626)
* IPv6 DNS-UPDATE-TYPE mobility option includes too many
bytes for the MD identity field. (Bug 10629)
* IPv6 Local Mobility Anchor Address mobility option's code
and reserved fields are parsed as 2 bytes instead of 1.
(Bug 10630)
* TShark crashes when running with PDML on a specific packet.
(Bug 10651)
* IPv6 Mobility Option Context Request reads an extra
request. (Bug 10676)
- Updated Protocol Support
6LoWPAN, AMQP, GSM MAP, GTPv2, H.223, IEEE 802.11, iSCSI, MIH,
Mobile IPv6, PTPoE, TN5250, and UCP
- New and Updated Capture File Support
Catapult DCT2000, HP-UX nettl, pcap-ng, and Sniffer (DOS)
|
|
|
|
compile any longer, see
https://sourceforge.net/p/curl/bugs/1469/
Changes:
Curl and libcurl 7.40.0
Public curl releases: 143
Command line options: 162
curl_easy_setopt() options: 208
Public functions in libcurl: 58
Contributors: 1219
This release includes the following changes:
o http_digest: Added support for Windows SSPI based authentication
o version info: Added Kerberos V5 to the supported features
o Makefile: Added VC targets for WinIDN
o config-win32: Introduce build targets for VS2012+
o SSL: Add PEM format support for public key pinning
o smtp: Added support for the conversion of Unix newlines during mail send [8]
o smb: Added initial support for the SMB/CIFS protocol
o Added support for HTTP over unix domain sockets, via
CURLOPT_UNIX_SOCKET_PATH and --unix-socket
o sasl: Added support for GSS-API based Kerberos V5 authentication
This release includes the following bugfixes:
o darwinssl: fix session ID keys to only reuse identical sessions [18]
o url-parsing: reject CRLFs within URLs [19]
o OS400: Adjust specific support to last release
o THANKS: Remove duplicate names
o url.c: Fixed compilation warning
o ssh: Fixed build on platforms where R_OK is not defined [1]
o tool_strdup.c: include the tool strdup.h
o build: Fixed Visual Studio project file generation of strdup.[c|h]
o curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY [2]
o curl.1: show zone index use in a URL
o mk-ca-bundle.vbs: switch to new certdata.txt url
o Makefile.dist: Added some missing SSPI configurations
o build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
o SSH: use the port number as well for known_known checks [3]
o libssh2: detect features based on version, not configure checks
o http2: Deal with HTTP/2 data inside Upgrade response header buffer [4]
o multi: removed Curl_multi_set_easy_connection
o symbol-scan.pl: do not require autotools
o cmake: add ENABLE_THREADED_RESOLVER, rename ARES
o cmake: build libhostname for test suite
o cmake: fix HAVE_GETHOSTNAME definition
o tests: fix libhostname visibility
o tests: fix memleak in server/resolve.c
o vtls.h: Fixed compiler warning when compiled without SSL
o CMake: Restore order-dependent header checks
o CMake: Restore order-dependent library checks
o tool: Removed krb4 from the supported features
o http2: Don't send Upgrade headers when we already do HTTP/2
o examples: Don't call select() to sleep on windows [6]
o win32: Updated some legacy APIs to use the newer extended versions [5]
o easy.c: Fixed compilation warning when no verbose string support
o connect.c: Fixed compilation warning when no verbose string support
o build: in Makefile.m32 pass -F flag to windres
o build: in Makefile.m32 add -m32 flag for 32bit
o multi: when leaving for timeout, close accordingly
o CMake: Simplify if() conditions on check result variables
o build: in Makefile.m32 try to detect 64bit target
o multi: inform about closed sockets before they are closed
o multi-uv.c: close the file handle after download
o examples: Wait recommended 100ms when no file descriptors are ready
o ntlm: Split the SSPI based messaging code from the native messaging code
o cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
o cmake: add Kerberos to the supported feature
o CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option
o http: Disable pipelining for HTTP/2 and upgraded connections
o ntlm: Fixed static'ness of local decode function
o sasl: Reduced the need for two sets of NTLM messaging functions
o multi.c: Fixed compilation warnings when no verbose string support
o select.c: fix compilation for VxWorks [7]
o multi-single.c: switch to use curl_multi_wait
o curl_multi_wait.3: clarify numfds being used if not NULL
o http.c: Fixed compilation warnings from features being disabled
o NSS: enable the CAPATH option [9]
o docs: Fix FAILONERROR typos
o HTTP: don't abort connections with pending Negotiate authentication
o HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
o http_perhapsrewind: don't abort CONNECT requests
o build: updated dependencies in makefiles
o multi.c: Fixed compilation warning
o ftp.c: Fixed compilation warnings when proxy support disabled
o get_url_file_name: Fixed crash on OOM on debug build
o cookie.c: Refactored cleanup code to simplify
o OS400: enable NTLM authentication
o ntlm: Use Windows Crypt API
o http2: avoid logging neg "failure" if h2 was not requested
o schannel_recv: return the correct code [10]
o VC build: added sspi define for winssl-zlib builds
o Curl_client_write(): chop long data, convert data only once
o openldap: do not ignore Curl_client_write() return code
o ldap: check Curl_client_write() return codes
o parsedate.c: Fixed compilation warning
o url.c: Fixed compilation warning when USE_NTLM is not defined
o ntlm_wb_response: fix "statement not reached" [11]
o telnet: fix "cast increases required alignment of target type"
o smtp: Fixed dot stuffing when EOL characters at end of input buffers [12]
o ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
o ntlm: Disable NTLM v2 when 64-bit integers are not supported
o ntlm: Use short integer when decoding 16-bit values
o ftp.c: Fixed compilation warning when no verbose string support
o synctime.c: fixed timeserver URLs
o mk-ca-bundle.pl: restored forced run again
o ntlm: Fixed return code for bad type-2 Target Info
o curl_schannel.c: Data may be available before connection shutdown
o curl_schannel: Improvements to memory re-allocation strategy [13]
o darwinssl: aprintf() to allocate the session key
o tool_util.c: Use GetTickCount64 if it is available
o lib: Fixed multiple code analysis warnings if SAL are available
o tool_binmode.c: Explicitly ignore the return code of setmode
o tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
o opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
o SFTP: work-around servers that return zero size on STAT [14]
o connect: singleipconnect(): properly try other address families after failure
o IPV6: address scope != scope id [15]
o parseurlandfillconn(): fix improper non-numeric scope_id stripping [16]
o secureserver.pl: make OpenSSL CApath and cert absolute path values
o secureserver.pl: update Windows detection and fix path conversion
o secureserver.pl: clean up formatting of config and fix verbose output
o tests: Added Windows support using Cygwin-based OpenSSH
o sockfilt.c: use non-Ex functions that are available before WinXP
o VMS: Updates for 0740-0D1220
o openssl: warn for SRP set if SSLv3 is used, not for TLS version
o openssl: make it compile against openssl 1.1.0-DEV master branch
o openssl: fix SSL/TLS versions in verbose output
o curl: show size of inhibited data when using -v
o build: Removed WIN32 definition from the Visual Studio projects
o build: Removed WIN64 definition from the libcurl Visual Studio projects
o vtls: Use bool for Curl_ssl_getsessionid() return type
o sockfilt.c: Replace 100ms sleep with thread throttle
o sockfilt.c: Reduce the number of individual memory allocations
o vtls: Don't set cert info count until memory allocation is successful
o nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
o nss: Don't ignore Curl_extract_certinfo() OOM failure
o vtls: Fixed compilation warning and an ignored return code
o sockfilt.c: Fixed compilation warnings
o darwinssl: Fixed compilation warning
o vtls: Use '(void) arg' for unused parameters
o sepheaders.c: Fixed resource leak on failure
o lib1900.c: Fixed cppcheck error [17]
o ldap: Fixed Unicode connection details in Win32 initialsation / bind calls
o ldap: Fixed Unicode DN, attributes and filter in Win32 search calls
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Changes between 1.0.1j and 1.0.1k [8 Jan 2015]
*) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
message can cause a segmentation fault in OpenSSL due to a NULL pointer
dereference. This could lead to a Denial Of Service attack. Thanks to
Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
(CVE-2014-3571)
[Steve Henson]
*) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
dtls1_buffer_record function under certain conditions. In particular this
could occur if an attacker sent repeated DTLS records with the same
sequence number but for the next epoch. The memory leak could be exploited
by an attacker in a Denial of Service attack through memory exhaustion.
Thanks to Chris Mueller for reporting this issue.
(CVE-2015-0206)
[Matt Caswell]
*) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
method would be set to NULL which could later result in a NULL pointer
dereference. Thanks to Frank Schmirler for reporting this issue.
(CVE-2014-3569)
[Kurt Roeckx]
*) Abort handshake if server key exchange message is omitted for ephemeral
ECDH ciphersuites.
Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
reporting this issue.
(CVE-2014-3572)
[Steve Henson]
*) Remove non-export ephemeral RSA code on client and server. This code
violated the TLS standard by allowing the use of temporary RSA keys in
non-export ciphersuites and could be used by a server to effectively
downgrade the RSA key length used to a value smaller than the server
certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
INRIA or reporting this issue.
(CVE-2015-0204)
[Steve Henson]
*) Fixed issue where DH client certificates are accepted without verification.
An OpenSSL server will accept a DH certificate for client authentication
without the certificate verify message. This effectively allows a client to
authenticate without the use of a private key. This only affects servers
which trust a client certificate authority which issues certificates
containing DH keys: these are extremely rare and hardly ever encountered.
Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
this issue.
(CVE-2015-0205)
[Steve Henson]
*) Ensure that the session ID context of an SSL is updated when its
SSL_CTX is updated via SSL_set_SSL_CTX.
The session ID context is typically set from the parent SSL_CTX,
and can vary with the CTX.
[Adam Langley]
*) Fix various certificate fingerprint issues.
By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.
1. Reject signatures with non zero unused bits.
If the BIT STRING containing the signature has non zero unused bits reject
the signature. All current signature algorithms require zero unused bits.
2. Check certificate algorithm consistency.
Check the AlgorithmIdentifier inside TBS matches the one in the
certificate signature. NB: this will result in signature failure
errors for some broken certificates.
Thanks to Konrad Kraszewski from Google for reporting this issue.
3. Check DSA/ECDSA signatures use DER.
Reencode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.
This will reject various cases including garbage after signature
(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
(negative or with leading zeroes).
Further analysis was conducted and fixes were developed by Stephen Henson
of the OpenSSL core team.
(CVE-2014-8275)
[Steve Henson]
*) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
results on some platforms, including x86_64. This bug occurs at random
with a very low probability, and is not known to be exploitable in any
way, though its exact impact is difficult to determine. Thanks to Pieter
Wuille (Blockstream) who reported this issue and also suggested an initial
fix. Further analysis was conducted by the OpenSSL development team and
Adam Langley of Google. The final fix was developed by Andy Polyakov of
the OpenSSL core team.
(CVE-2014-3570)
[Andy Polyakov]
*) Do not resume sessions on the server if the negotiated protocol
version does not match the session's version. Resuming with a different
version, while not strictly forbidden by the RFC, is of questionable
sanity and breaks all known clients.
[David Benjamin, Emilia Käsper]
*) Tighten handling of the ChangeCipherSpec (CCS) message: reject
early CCS messages during renegotiation. (Note that because
renegotiation is encrypted, this early CCS was not exploitable.)
[Emilia Käsper]
*) Tighten client-side session ticket handling during renegotiation:
ensure that the client only accepts a session ticket if the server sends
the extension anew in the ServerHello. Previously, a TLS client would
reuse the old extension state and thus accept a session ticket if one was
announced in the initial ServerHello.
Similarly, ensure that the client requires a session ticket if one
was advertised in the ServerHello. Previously, a TLS client would
ignore a missing NewSessionTicket message.
[Emilia Käsper]
|
|
|
|
|
|
New in 1.15:
* Improvements and refactorings in the install-sh script:
- It has been modernized, and now makes the following assumptions
*unconditionally*:
(1) a working 'dirname' program is available;
(2) the ${var:-value} shell parameters substitution works;
(3) the "set -f" and "set +f" shell commands work, and, respectively,
disable and enable shell globbing.
- The script implements stricter error checking, and now it complains
and bails out if any of the following expectations is not met:
(1) the options -d and -t are never used together;
(2) the argument passed to option -t is a directory;
(3) if there are two or more SOURCEFILE arguments, the
DESTINATION argument must be a directory.
* Automake-generated testsuites:
- The default test-driver used by the Automake-generates testsuites
now appends the result and exit status of each "plain" test to the
associated log file (automake bug#11814).
- The perl implementation of the TAP testsuite driver is no longer
installed in the Automake's scripts directory, and is instead just
distributed as a "contrib" addition. There should be no reason to
use this implementation anyway in real packages, since the awk+shell
implementation of the TAP driver (which is documented in the manual)
is more portable and has feature parity with the perl implementation.
- The rule generating 'test-suite.log' no longer risk incurring in an
extra useless "make all" recursive invocation in some corner cases
(automake bug#16302).
* Distribution:
- Automake bug#18286: "make distcheck" could sometimes fail to detect
files missing from the distribution tarball, especially in those cases
where both the generated files and their dependencies are explicitly
in $(srcdir). An important example of this are *generated* makefile
fragments included at Automake time in Makefile.am; e.g.:
...
$(srcdir)/fragment.am: $(srcdir)/data.txt $(srcdir)/preproc.sh
cd $(srcdir) && $(SHELL) preproc.sh <data.txt >fragment.am
include $(srcdir)/fragment.am
...
If the use forgot to add data.txt and/or preproc.sh in the distribution
tarball, "make distcheck" would have erroneously succeeded! This issue
is now fixed.
- As a consequence of the previous change, "make distcheck" will run
using '$(distdir)/_build/sub' as the build directory, rather than
simply '$(distdir)/_build' (as it was the case for Automake 1.14 and
earlier). Consequently, the './configure' and 'make' invocations
issued by the distcheck recipe now have $(srcdir) equal to '../..',
rather than to just '..'. Dependent and similar variables (e.g.,
'$(top_srcdir)') are also changed accordingly.
Thus, Makefiles that made assumptions about the exact values of the
build and source directories used by "make distcheck" will have to
be adjusted. Notice that making such assumptions was a bad and
unsupported practice anyway, since the exact locations of those
directories should be considered implementation details, and we
reserve the right to change them at any time.
* Miscellaneous bugs fixed:
- The expansion of AM_INIT_AUTOMAKE ends once again with a trailing
newline (bug#16841). Regression introduced in Automake 1.14.
- We no longer risk to use '$ac_aux_dir' before it's defined (see
automake bug#15981). Bug introduced in Automake 1.14.
- The code used to detect whether the currently used make is GNU make
or not (relying on the private macro 'am__is_gnu_make') no longer
risks causing "Arg list too long" for projects using automatic
dependency tracking and having a ton of source files (bug#18744).
- Automake tries to offer a more deterministic output for generated
Makefiles, in the face of the newly-introduced randomization for
hash keys order in Perl 5.18.
- In older Automake versions, if a user defined one single Makefile
fragment (say 'foo.am') to be included via Automake includes in
his main Makefile.am, and defined a custom make rule to generate that
file from other data, Automake used to spuriously complain with some
message like "... overrides Automake target '$(srcdir)/foo.am".
This bug is now fixed.
- The user can now extend the special .PRECIOUS target, the same way
he could already do with the .MAKE .and .PHONY targets.
- Some confusing typos have been fixed in the manual and in few warning
messages (automake bug#16827 and bug#16997).
|
|
|
|
------
11.3.1
------
* Issue #327: Formalize and restore support for any printable character in an
entry point name.
----
11.3
----
* Expose ``EntryPoint.resolve`` in place of EntryPoint._load, implementing the
simple, non-requiring load. Deprecated all uses of ``EntryPoint._load``
except for calling with no parameters, which is just a shortcut for
``ep.require(); ep.resolve();``.
Apps currently invoking ``ep.load(require=False)`` should instead do the
following if wanting to avoid the deprecating warning::
getattr(ep, "resolve", lambda: ep.load(require=False))()
----
11.2
----
* Pip #2326: Report deprecation warning at stacklevel 2 for easier diagnosis.
----
11.1
----
* Issue #281: Since Setuptools 6.1 (Issue #268), a ValueError would be raised
in certain cases where VersionConflict was raised with two arguments, which
occurred in ``pkg_resources.WorkingSet.find``. This release adds support
for indicating the dependent packages while maintaining support for
a VersionConflict when no dependent package context is known. New unit tests
now capture the expected interface.
|
|
https://bugs.launchpad.net/inkscape/+bug/1399811
|
|
|
|
|
|
Upstream changes:
2.21 Mar 16 2014
- sync with Debian patches - RT#91658
- fix copyright and license entries - RT#43463
2.20 Feb 03 2014
- drop t/v1*.t unit tests due to license issue
https://github.com/renormalist/class-methodmaker/issues/2
2.19 Dec 15 2013
- Fix 5.19 incompatibility - RT#88934 (Zefram)
- small distro polishing
|
|
|
|
Upstream changes:
0.09 2014-11-13
- optimized some perl API calls (thanks, Alexandr Evstigneev!)
|
