| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Vala 0.38.1
===========
* Various bug fixes:
- valadoc: Don't use 'stderr' as variable name [#787305]
- codegen: Try to use a more unique internal define for properties [#787436]
- vala: Update list of used attributes
- method: Use prototype-string for error-reports of return-type mismatches
* Bindings:
- glib-2.0: Fix MainContext.check(),
OptionEntry[] params are null-terminated,
Bind g_convert_with_fallback() and g_convert_with_iconv()
Vala 0.38.0
===========
* Various bug fixes:
- Improve error output for incompatible method signatures
(Add CallableType as base for DelegateType, MethodType, SignalType)
- codegen:
+ Initialize temp-variable for fixed-size arrays to zero first [#787152]
+ Add support for "type-func" in ui-files [#787033]
* Bindings:
- gtk+-3.0,gtk+-4.0: Update
- libxml-2.0: Bind xmlLastElementChild and xmlPreviousElementSibling
- pangocairo: CairoFontMap.set_default() is not an instance method
- gio-2.0: Application.set_default() is not an instance method
Vala 0.37.91
============
* Various bug fixes:
- codegen:
+ Actually write declaration for GNodeTraverseFunc wrapper [#786845]
+ Don't transfer ownership of variable if target-type is unknown [#736774]
+ Adjust format-index for printf/scanf-methods which throw errors [#781061]
+ Use given dup_function for structs
- libvaladoc: Fix some -Wincompatible-pointer-types warnings
- tests: Fix some syntax issues [#786652]
- Add .editorconfig file [#786620]
* GIR parser:
- Better support of "cprefix" argument in metadata
- Support "cname" argument in metadata
* Bindings:
- Add javascriptcoregtk-4.0 and avoid skips in webkit2gtk*-4.0
- Update GIR-based bindings
- gtk+-3.0: Update to 3.22.19
Vala 0.37.90
============
* Various bug fixes:
- Fix some build-system problem
+ valadoc/tests: Add the source vapi directory to driver-test [#786505],
Add ./vala/.libs rather than ./gee/.libs to LD_LIBRARY_PATH
+ Explicitly link doclets against libvala-*.la [#786534]
+ Add missing include of Makefile.common
- vapigen: Mark given source-files as such and force girparser to handle them
- codegen: Include glib-object.h for Enums/Structs with type_id
* Bindings:
- gtk+-4.0: Make Gsk.Texturer.for_*() static factory methods
Vala 0.37.2
===========
* Various bug fixes:
- libvaladoc: Keep bootstrap-support with valac >= 0.16.1
- valadoc: Fix tests while bootstapping with valac < 0.31/32
* Bindings:
- glib-2.0: Update Unicode symbols
- gobject-2.0: Add required type_id attributes to all ParamSpec subclasses
- libgdata: Make Authorizer.reauth_* methods virtual [#779229]
- libxml-2.0: Update Xml.ParserOption [#785585]
- gtk+-4.0: Update to 3.91.2
- webkit2gtk-4.0: Update to 2.17.90
Vala 0.37.1
===========
* Highlights
- Don't warn about deprecated symbols if installed_version is older
- Add --gresourcesdir option [#783133]
- Install libvala-0.xx.vapi to "global" vapi directory
- Require and target GLib >= 2.40
- build: Make ccode and codegen private API
- build: Use --use-header for vala's libraries
- compiler: Add --color=WHEN option
- codegen: Use g_object_notify_by_pspec() to notify property-changes
- codegen: Use *_free_full to free GLib.List, GLib.SList and GLib.Queue
- codegen: Support renamed signals [#731547]
- Optimize (de)serialization of arrays with type-signature "ay" [#772426]
- Merge valadoc - Consider valadoc a part of vala's toolchain and
therefore let it live in the main repository (adds graphviz to the
build-requirements)
* Various bug fixes:
- Fix finally blocks with async yields [#741929]
- Handle non-null in coalescing expression [#611223]
- Make the task_complete flag for < 2.44 more similar to >= 2.44 [#783543]
- Nullable ValueType requires POINTER as marshaller signature [#783897]
- NoAccessorMethod attribute is allowed for gobject-properties only
- girparser: Fix parsing of delegate-alias without target
- compiler: Use API_VERSION instead of stripping PACKAGE_SUFFIX
- girwriter: Write length-parameters of arrays with rank > 1 [#758019]
- gdbus: Don't leak nested HashTable on deserialization [#782719]
- codewriter: Update timestamps of generated c-files if needed [#683286]
- tests: Use dbus-run-session instead of dbus-launch [#771455]
- codegenerator: Add source_reference parameter to CodeGenerator.store_*()
- Don't allow assigning delegate if no target/closure is available [#598869]
- gee: Add some useful symbols from gee-0.8
* Bindings:
- gio-2.0: Add DBusConnection 'closed' signal as 'on_closed' [#684358]
- gio-2.0: Use default 'length = null' for DataInputStream.read_line_utf8*
[#783351]
- glib-2.0,gobject-2.0: Updates from 2.53.x
- poppler-glib: Update to 0.54.0
- webkit2gtk-4.0: Update to 2.17.4
- gstreamer-1.0: Update to 1.13.0+
- libgvc: Add WITH_CGRAPH conditionals
|
|
|
|
version 2.8.13:
- avformat/mxfdec: Fix Sign error in mxf_read_primer_pack()
- avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array()
- avformat/nsvdec: Fix DoS due to lack of eof check in nsvs_file_offset loop.
- avcodec/snowdec: Fix integer overflow in decode_subband_slice_buffered()
- avcodec/hevc_ps: Fix undefined shift in pcm code
- avcodec/sbrdsp_fixed: Fix undefined overflows in autocorrelate()
- avformat/mvdec: Fix DoS due to lack of eof check
- avformat/rl2: Fix DoS due to lack of eof check
- avformat/cinedec: Fix DoS due to lack of eof check
- avformat/asfdec: Fix DoS due to lack of eof check
- avformat/hls: Fix DoS due to infinite loop
- ffprobe: Fix NULL pointer handling in color parameter printing
- ffprobe: Fix null pointer dereference with color primaries
- avcodec/hevc_ps: Check delta_pocs in ff_hevc_decode_short_term_rps()
- avformat/aviobuf: Fix signed integer overflow in avio_seek()
- avformat/mov: Fix signed integer overflows with total_size
- avcodec/aacdec_template: Fix running cleanup in decode_ics_info()
- avcodec/me_cmp: Fix crashes on ARM due to misalignment
- avcodec/fic: Fixes signed integer overflow
- avcodec/snowdec: Fix off by 1 error
- avcodec/diracdec: Check perspective_exp and zrs_exp.
- avcodec/mpeg4videodec: Clear mcsel before decoding an image
- avcodec/dirac_dwt: Fixes integer overflows in COMPOSE_DAUB97*
- avcodec/aacdec_fixed: fix invalid shift in predict()
- avcodec/h264_slice: Fix overflow in slice offset
- avformat/utils: fix memory leak in avformat_free_context
- avcodec/dirac_dwt: Fix multiple integer overflows in COMPOSE_DD97iH0()
- avcodec/diracdec: Fix integer overflow in divide3()
- avcodec/takdec: Fix integer overflow in decode_subframe()
- avformat/rtmppkt: Convert ff_amf_get_field_value() to bytestream2
- avformat/rtmppkt: Convert ff_amf_tag_size() to bytestream2
- avcodec/hevc_ps: fix integer overflow in log2_parallel_merge_level_minus2
- avformat/oggparsecelt: Do not re-allocate os->private
- avcodec/aacps: Fix multiple integer overflow in map_val_34_to_20()
- avcodec/aacdec_fixed: fix: left shift of negative value -1
- doc/filters: typo in frei0r
- avcodec/aacdec_template (fixed point): Check gain in decode_cce() to avoid undefined shifts later
- avcodec/mjpegdec: Clip DC also on the negative side.
- avcodec/aacps (fixed point): Fix multiple signed integer overflows
- avcodec/sbrdsp_fixed: Fix integer overflow in sbr_hf_apply_noise()
- avcodec/wavpack: Fix invalid shift
- avcodec/hevc_ps: Fix integer overflow with beta/tc offsets
- avcodec/vb: Check vertical GMC component before multiply
- avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()
- avcodec/apedec: Fix integer overflow
- avcodec/wavpack: Fix integer overflow in wv_unpack_stereo()
- avcodec/mpeg4videodec: Fix GMC with videos of dimension 1
- avcodec/wavpack: Fix integer overflow
- avcodec/takdec: Fix integer overflow
- avcodec/tiff: Update pointer only when the result is used
- avcodec/hevc_filter: Fix invalid shift
- avcodec/mpeg4videodec: Fix overflow in virtual_ref computation
- avcodec/wavpack: Fix undefined integer negation
- avcodec/aacdec_fixed: Check s for being too small
- avcodec/h264: Fix mix of lossless and lossy MBs decoding
- avcodec/h264_mb: Fix 8x8dct in lossless for new versions of x264
- avcodec/h264_cabac: Fix CABAC+8x8dct in 4:4:4
- avcodec/takdec: Fixes: integer overflow in AV_SAMPLE_FMT_U8P output
- avcodec/jpeg2000dsp: Reorder operations in ict_int() to avoid 2 integer overflows
- avcodec/hevcpred_template: Fix left shift of negative value
- avcodec/hevcdec: Fix signed integer overflow in decode_lt_rps()
- avcodec/jpeg2000dec: Check nonzerobits more completely
- avcodec/shorten: Sanity check maxnlpc
- avcodec/jpeg2000: Fixes integer overflow in ff_jpeg2000_ceildivpow2()
- avcodec/hevcdec: Check nb_sps
- avcodec/hevc_refs: Check nb_refs in add_candidate_ref()
- avcodec/mpeg4videodec: Check sprite delta upshift against overflowing.
- avcodec/mpeg4videodec: Fix integer overflow in num_sprite_warping_points=2 case
- avcodec/aacsbr_fixed: Check shift in sbr_hf_assemble()
- avcodec/sbrdsp_fixed: Return an error from sbr_hf_apply_noise() if operations are impossible
- avcodec/jpeg2000dwt: Fix runtime error: left shift of negative value -123
- avcodec/wavpack: Fix runtime error: signed integer overflow: 1886191616 + 277872640 cannot be represented in type 'int'
- avcodec/snowdec: Fix runtime error: left shift of negative value -1
- avcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1297616
- avcodec/tiff: Fix leak of geotags[].val
- avcodec/ra144: Fix runtime error: signed integer overflow: -2200 * 1033073 cannot be represented in type 'int'
- avcodec/flicvideo: Fix runtime error: signed integer overflow: 4864 * 459296 cannot be represented in type 'int'
- avcodec/indeo4: Check remaining data in Pic hdr extension parsing code
- avcodec/ac3dec_fixed: Fix multiple runtime error: signed integer overflow: -39271008 * 59 cannot be represented in type 'int'
- avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: 53098 * 40448 cannot be represented in type 'int'
- avcodec/pafvideo: Fix assertion failure
- avcodec/takdec: Fix multiple runtime error: signed integer overflow: 637072 * 4096 cannot be represented in type 'int'
|
|
|
|
- Added encodeLatLonToSelectedMapcode as a convenience for languages
that use the C library, but have difficulties dealing with
multi-dimensional arrays (like Swift).
|
|
|
|
|
|
RELEASE 3.0.0 - Mon, 18 Sep 2017 08:32:04 -0700
NOTE: This is a major release. You should expect that some targets
may rebuild when upgrading. Significant changes in some python
action signatures. Also switching between PY 2.7 and PY 3.5, 3.6
will cause rebuilds.
From William Blevins:
- Updated D language scanner support to latest: 2.071.1. (PR #1924)
https://dlang.org/spec/module.html accessed 11 August 2016
- Enhancements:
- Added support for selective imports: "import A : B, C;" -> A
- Added support for renamed imports. "import B = A;" -> A
- Supports valid combinations: "import A, B, CCC = C, DDD = D : EEE = FFF;" -> A, B, C, D
- Notes:
- May find new (previously missed) Dlang dependencies.
- May cause rebuild after upgrade due to dependency changes.
- Updated Fortran-related tests to pass under GCC 5/6.
- Fixed SCons.Tool.Packaging.rpm.package source nondeterminism across builds.
From William Deegan:
- Removed deprecated tools CVS, Perforce, BitKeeper, RCS, SCCS, Subversion.
- Removed deprecated module SCons.Sig
- Added prioritized list of xsltproc tools to docbook. The order will now be as
follows: xsltproc, saxon, saxon-xslt, xalan (with first being highest priority, first
tool found is used)
- Fixed MSVSProject example code (http://scons.tigris.org/issues/show_bug.cgi?id=2979)
- Defined MS SDK 10.0 and Changed VS 2015 to use SDK 10.0
- Changes to Action Function and Action Class signiture creation. NOTE: This will cause rebuilds
for many builds when upgrading to SCons 3.0
- Fixed Bug #3027 - "Cross Compiling issue: cannot override ranlib"
- Fixed Bug #3020 - "Download link in user guide wrong. python setup.py install --version-lib broken"
- Fixed Bug #2486 - Added SetOption('silent',True) - Previously this value was not allowed to be set.
- Fixed Bug #3040 - Non-unicode character in CHANGES.txt
- Fixed Bug #2622 - AlwaysBuild + MSVC regression.
- Fixed Bug #3025 - (Credit to Florian : User flow86 on tigris) - Fix typo JAVACLASSSUFIX should have been
JAVACLASSSUFFIX
From Ibrahim Esmat:
- Added the capability to build Windows Store Compatible libraries that can be used
with Universal Windows Platform (UWP) Apps and published to the store
From Daniel Holth:
- Add basic support for PyPy (by deleting __slots__ from Node with a
metaclass on PyPy); wrap most-used open() calls in 'with' statements to
avoid too many open files.
- Add __main__.py for `python -m SCons` in case it is on PYTHONPATH.
- Always use highest available pickle protocol for efficiency.
- Remove unused command line fallback for the zip tool.
From Gaurav Juvekar:
- Fix issue #2832: Expand construction variables in 'chdir' argument of builders. (PR #463)
- Fix issue #2910: Make --tree=all handle Unicode. (PR #427)
- Fix issue #2788: Fix typo in documentation example for sconf. (PR #388)
From Alexey Klimkin:
- Use memoization to optimize PATH evaluation across all dependencies per
node. (PR #345)
- Use set() where it is applicable (PR #344)
From M. Limber:
- Fixed msvs.py for Visual Studio Express editions that would report
"Error : ValueError: invalid literal for float(): 10.0Exp".
From Rick Lupton:
- Update LaTeX scanner to understand \import and related commands
From Steve Robinson:
- Add support for Visual Studio 2017. This support requires vswhere.exe a helper
tool installed with newer installs of 2017. SCons expects it to be located at
"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe"
It can be downloaded separately at
https://github.com/Microsoft/vswhere
From Tom Tanner:
- Allow nested $( ... $) sections
From Paweł Tomulik:
- Fixed the issue with LDMODULEVERSIONFLAGS reported by Tim Jenness
(https://pairlist4.pair.net/pipermail/scons-users/2016-May/004893.html).
An error was causing "-Wl,Bsymbolic" being added to linker's command-line
even when there was no specified value in LDMODULEVERSION and thus no
need for the flags to be specified.
- Added LoadableModule to the list of global functions (DefaultEnvironment
builders).
From Manish Vachharajani:
- Update debian rules, compat, and control to not use features
deprecated or obsolete in later versions of debhelpers
- Update python version to 2.7 in debian/control
From Richard Viney:
- Fixed PCHPDBFLAGS causing a deprecation warning on MSVC v8 and later when
using PCHs and PDBs together.
From Richard West:
- Added nested / namespace tool support
- Added a small fix to the python3 tool loader when loading a tool as a package
- Added additional documentation to the user manual on using toolpaths with the environment
This includes the use of sys.path to search for tools installed via pip or package managers
- Added support for a PyPackageDir function for use with the toolpath
From Russel Winder:
- Reordered the default D tools from "dmd, gdc, ldc" to "dmd, ldc, gdc".
- Add a ProgramAllAtOnce builder to the dmd, ldc, and gdc tools. (PR #448)
- Remove a file name exception for very old Fedora LDC installation.
- gdc can now handle building shared objects (tested for version 6.3.0).
- Remove establishing the SharedLibrary builder in the dmd, ldc, and gdc
tools, must now include the ar tool to get this builder as is required for
other compiler tools.
- Add clang and clang++ tools based on Paweł Tomulik's work.
|
|
|
|
Changes in libsoup from 2.59.90.1 to 2.60.0:
* New/updated translations: Catalan, Danish, Dutch, Nepali
Changes in libsoup from 2.59.90 to 2.59.90.1:
* CVE-2017-2885: Fixed a chunked decoding buffer overrun that
could be exploited against either clients or servers.
[#785774]
Changes in libsoup from 2.58.0 to 2.59.90:
* Several SoupAuthNegotiate compatibility fixes [#783780,
#783781, Tomas Popela]
* Include a payload in SoupWebsocketConnection's "ping"
messages (to avoid problems with certain buggy server
implementations), and emit a signal when receiving a "pong"
(to allow apps to notice when the remote peer has
disconnected them). [#785660, David Woodhouse]
* Fix the interpretation of wss:// URIs, which previously
mostly didn't work. [#784766, Nirbheek Chauhan].
* Fixed SoupContentSniffer behavior on XML files with no
Content-Type
[https://bugs.webkit.org/show_bug.cgi?id=173923]
* Fixed a bug with cancelling async requests [#773257, Carlos
Garcia Campos]
* Reverted the (undocumented) change in 2.58.0 to call
soup_session_abort() after changing
SoupSession:proxy-resolver; while this made its behavior
more consistent with :proxy-uri, it ended up breaking
things. [#781590]
* Allow HTTP responses that have no trailing CRLF after the
response headers (and no body) [#780352, Carlos Garcia
Campos]
* Fixed an out-of-bounds read in SoupURI parsing [#785042]
* Fixed a spurious (debug-level) error message in
SoupWebsocketConnection [#784935, Ignacio Casal Quinteiro]
* Fixed introspection annotations on
soup_message_headers_get_content_range() [Philip Withnall]
* Fixed a flake in tests/header-parsing [#777258]
* Update tests/test-cert.pem to use stronger algorithms to
avoid problems with newer gnutls. [#784949, Jan Alexander
Steffens]
* Fixed examples/get to not accidentally break https
certificate validation [#784259, Sebatian Dröge]
* Misc updates to apache/php stuff in unit tests:
* Dropped support for Apache 2.2
* Deal with mod_unixd being compiled-in [#776478]
* Switched PHP support from PHP 5 to PHP 7
* Updated translations:
Esperanto, Turkish
|
|
These binary files were built without RELRO support, so disable
the check.
|
|
|
|
Version 0.16.3
==============
*released on 03 October 2017*
- First version with custom Debian and Ubuntu packages. See :gh:`663`.
- Remove invalid ASCII control characters from server responses. See :gh:`626`.
- **packagers:** Python 3.3 is no longer supported. See :ghpr:`674`.
|
|
|
|
We can't rely on _GCC_VERSION as an accurate indicator of the GCC version,
as when using a pkgsrc GCC it will be set to 0 until the pkgsrc GCC is
available and we can detect its version. Instead, move the logic later to
after CC_VERSION is set and use that instead.
|
|
|
|
graphics/jpeg does not provide any `.pc' file this will lead in failures when
invoking pkg-config agaisnt `libqpdf'. Adjust `Requires.private:' in
libqpdf.pc.in to omit libjpeg.
Bump PKGREVISION since the new installed libqpdf.pc file will fix packages that
depends on print/qpdf.
OK by <pgoyette> and <ryoon>, thanks!
|
|
Fix typo in BUILD_DEPENDS line and add missing build dependency.
|
|
|
|
|
|
|
|
|
|
bcolz provides columnar and compressed data containers. Column storage
allows for efficiently querying tables with a large number of
columns. It also allows for cheap addition and removal of column. In
addition, bcolz objects are compressed by default for reducing
memory/disk I/O needs. The compression process is carried out
internally by Blosc, a high-performance compressor that is optimized
for binary data.
Packaged by Kamel Derouiche and updated by me.
|
|
|
|
fdtools is a set of utilities for working with file descriptors. With
these tools, you can examine and manipulate file descriptor properties
from shell scripts, where without them you might have resorted to a
different language. These tools can rewind file descriptors, switch them
between blocking and nonblocking mode, and examine their inode
information. On some systems (currently only Linux, as far as I know)
they can also allocate, lock, and switch virtual consoles.
|
|
|
|
|
|
|
|
skalibs is a package centralizing the free software / open source C
development files used for building all software at skarnet.org: it contains
essentially general-purpose libraries. You will need to install skalibs if
you plan to build skarnet.org software. The point is that you won't have to
download and compile big libraries, and care about portability issues,
everytime you need to build a package: do it only once.
skalibs can also be used as a sound basic start for C development. There are
a lot of general-purpose libraries out there; but if your main goal is to
produce small and secure C code with a focus on system programming, skalibs
might be for you.
|
|
|
|
SIQQUIT (-q), SIGUSR1 (-1), and SIGUSR2 (-2). Bump PKGREVISION.
|
|
|
|
I did not notice the package already existed in fonts/py-fonttools. This
package is now updated to the latest version available (3.15.1).
Thanks joerg@ for the heads-up.
|
|
Changelog for this release:
- [otConverters] Implemented ``__add__`` and ``__radd__`` methods on
``otConverters._LazyList`` that decompile a lazy list before adding
it to another list or ``_LazyList`` instance. Fixes an ``AttributeError``
in the ``subset`` module when attempting to sum ``_LazyList`` objects
(6ef48bd2, 1aef1683).
- [AAT] Support the `opbd` table with optical bounds (a47f6588).
- [AAT] Support `prop` table with glyph properties (d05617b4).
|
|
|
|
|
|
fontTools is a library for manipulating fonts, written in Python. The project
includes the TTX tool, that can convert TrueType and OpenType fonts to and from
an XML text format, which is also called TTX. It supports TrueType, OpenType,
AFM and to an extent Type 1 and some Mac-specific formats. The project has a
BSD-style open-source licence.
|
|
|
|
Noticed by Riccardo Mottola via netbsd-users@:
<http://mail-index.netbsd.org/netbsd-users/2017/09/29/msg020182.html>
Thanks!
|
|
|
|
Changelog:
* Fix a crash in filter modules related to flat volumes and volume
sharing
* Fix a crash when the bluetooth adapter reports weird MTU size
* Disable bluetooth MTU autodetection by default
* Add mixer handling back for hardware that doesn't have any alsa-lib
configuration
* Prioritize USB devices over built-in sound cards (11.0 was supposed
to have this feature, but the implementation turned out to be
incomplete)
|
|
|
|
Some highlights for 20.1:
- crypto, public_key: Extend crypto and public_key functions sign and
verify with:
- support for RSASSA-PS padding for signatures and for saltlength
setting
- X9.31 RSA padding.
- sha, sha224, sha256, sha384, and sha512 for dss signatures as
mentioned in NIST SP 800-57 Part 1.
- ripemd160 to be used for rsa signatures.
- A new tuple in crypto:supports/0 reports supported MAC algorithms.
- diameter:
- Add service option decode_format to allow incoming messages to be
decoded into maps instead of records.
- Decode performance has been improved.
- Add service/transport option avp_dictionaries to give better
support for dictionaries only defining AVPs.
- erts: Upgraded the ERTS internal PCRE library from version 8.40 to
version 8.41.
- erts, kernel, tools: Profiling with lock counting can now be fully
toggled at runtime in the lock counting emulator (-emu_type lcnt).
- erts: The zlib module has been refactored and all its operations
will now yield appropriately, allowing them to be used freely in
concurrent applications.
- erts, tools: Add erlang:iolist_to_iovec/1, which converts an
iolist() to an erlang:iovec(), which is suitable for use with
enif_inspect_iovec().
- erts: Add new nif API functions for managing an I/O Queue.
- observer/crashdump_viewer:
- Reading of crash dumps with many binaries is optimized.
- A progress bar is shown when the detail view for a process is
opened.
- The cdv script now sets ERL_CRASH_DUMP_SECONDS=0 to avoid
generating a new crash dump from the node running the Crashdump
Viewer.
- observer: Add system statistics and limits to frontpage in observer.
- public_key, ssl**: Improved error propagation and reports
- ssh: A new option modify_algorithms is implemented. It enables
specifying changes on the default algorithms list.
- tools/xref: The predefined Xref analysis locals_not_used now
understands the -on_load() attribute and does not report unused
functions.
- tools/fprof: When sampling multiple processes and analyzing with
totals set to true, the output now sums together all caller and
callee entries which concerns the same function.
|
|
|
|
Version 2.4.4
=============
This is primarily a maintenance release, with further improved OpenSSL 1.1
integration, several minor bug fixes and other minor improvements.
Bug fixes
---------
- Fix issues when a pushed cipher via the Negotiable Crypto Parameters (NCP) is
rejected by the remote side
- Ignore ``--keysize`` when NCP have resulted in a changed cipher.
- Configurations using ``--auth-nocache`` and the management interface to provide
user credentials (like NetworkManager on Linux) on client side with servers
implementing authentication tokens (for example, using ``--auth-gen-token``)
will now behave correctly and not query the user for an, to them, unknown
authentication token on renegotiations of the tunnel.
- Fix bug causing invalid or corrupt SOCKS port number when changing the
proxy via the management interface.
- The man page should now have proper escaping of hyphens/minus characters
and have seen some minor corrections.
User-visible Changes
--------------------
- Linux servers with systemd which uses the ``openvpn-server@.service`` unit
file for server configurations will now utilize the automatic restart feature
in systemd. If the OpenVPN server process dies unexpectedly, systemd will
ensure the OpenVPN configuration will be restarted without any user interaction.
Deprecated features
-------------------
- ``--no-replay`` is deprecated and will be removed in OpenVPN 2.5.
- ``--keysize`` is deprecated in OpenVPN 2.4 and will be removed in v2.6
Security
--------
- CVE-2017-12166: Fix bounds check for configurations using ``--key-method 1``.
Before this fix, it could allow an attacker to send a malformed packet to
trigger a stack overflow. This is considered to be a low risk issue, as
``--key-method 2`` has been the default since OpenVPN 2.0 (released on
2005-04-17). This option is already deprecated in v2.4 and will be
completely removed in v2.5.
|
|
|
|
version 2.78
Fix logic of appending ".<layer>" to PXE basename. Thanks to Chris
Novakovic for the patch.
Revert ping-check of address in DHCPDISCOVER if there
already exists a lease for the address. Under some
circumstances, and netbooted windows installation can reply
to pings before if has a DHCP lease and block allocation
of the address it already used during netboot. Thanks to
Jan Psota for spotting this.
Fix DHCP relaying, broken in 2.76 and 2.77 by commit
ff325644c7afae2588583f935f4ea9b9694eb52e. Thanks to
John Fitzgibbon for the diagnosis and patch.
Try other servers if first returns REFUSED when
--strict-order active. Thanks to Hans Dedecker
for the patch
Fix regression in 2.77, ironically added as a security
improvement, which resulted in a crash when a DNS
query exceeded 512 bytes (or the EDNS0 packet size,
if different.) Thanks to Christian Kujau, Arne Woerner
Juan Manuel Fernandez and Kevin Darbyshire-Bryant for
chasing this one down. CVE-2017-13704 applies.
Fix heap overflow in DNS code. This is a potentially serious
security hole. It allows an attacker who can make DNS
requests to dnsmasq, and who controls the contents of
a domain, which is thereby queried, to overflow
(by 2 bytes) a heap buffer and either crash, or
even take control of, dnsmasq.
CVE-2017-14491 applies.
Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
Kevin Hamacher and Ron Bowes of the Google Security Team for
finding this.
Fix heap overflow in IPv6 router advertisement code.
This is a potentially serious security hole, as a
crafted RA request can overflow a buffer and crash or
control dnsmasq. Attacker must be on the local network.
CVE-2017-14492 applies.
Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
and Kevin Hamacher of the Google Security Team for
finding this.
Fix stack overflow in DHCPv6 code. An attacker who can send
a DHCPv6 request to dnsmasq can overflow the stack frame and
crash or control dnsmasq.
CVE-2017-14493 applies.
Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
Kevin Hamacher and Ron Bowes of the Google Security Team for
finding this.
Fix information leak in DHCPv6. A crafted DHCPv6 packet can
cause dnsmasq to forward memory from outside the packet
buffer to a DHCPv6 server when acting as a relay.
CVE-2017-14494 applies.
Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
Kevin Hamacher and Ron Bowes of the Google Security Team for
finding this.
Fix DoS in DNS. Invalid boundary checks in the
add_pseudoheader function allows a memcpy call with negative
size An attacker which can send malicious DNS queries
to dnsmasq can trigger a DoS remotely.
dnsmasq is vulnerable only if one of the following option is
specified: --add-mac, --add-cpe-id or --add-subnet.
CVE-2017-14496 applies.
Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
Kevin Hamacher and Ron Bowes of the Google Security Team for
finding this.
Fix out-of-memory Dos vulnerability. An attacker which can
send malicious DNS queries to dnsmasq can trigger memory
allocations in the add_pseudoheader function
The allocated memory is never freed which leads to a DoS
through memory exhaustion. dnsmasq is vulnerable only
if one of the following option is specified:
--add-mac, --add-cpe-id or --add-subnet.
CVE-2017-14495 applies.
Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
Kevin Hamacher and Ron Bowes of the Google Security Team for
finding this.
|
|
|
|
*******************
* GUPnP IGD 0.2.4 *
*******************
- Add API to delete mapping by internal IP/port instead of the external one
|
|
|
