| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
The Ini file manager consists of a package, Config, which can read or write
informations from various configuration files known as "ini" files because
they have often the ".ini" extension. It is an Ada library.
|
|
The ncurses Ada95 binding was originally written by Juergen Pfeifer in
1996. It has been improved several times by Juergen, as wll as
Eugen V. Melaragno and Nicolas Boulenguez.
|
|
|
|
Bump PKGREVISION.
|
|
|
|
This includes security fixes.
Upstream changelog
==================
libdwarf-20161124
Fixes some newly discovered vulnerabilities (most due to corrupted DWARF). Thanks to Puzzor (Shi Ji) and Agostino Sarubbo for finding and reporting these and for providing short test cases.
libdwarf-20161021
Fixes one place where erroenous dwarf not caught, Updates version strings, adds a bit more DWARF5 support, and converts the few Python scripts from python2 to python3.
libdwarf-20161001
Fixes serious bugs in release 20160929 and all earlier releases relating to encoding/decoding leb numbers. It is unlikely anyone will see any difference in output, but values showing a difference can be constructed. libdwarf/dwarf_leb.c has new test code and a few of the tests there demonstrated problems. gcc -fsanitize=undefined found problems as well.
libdwarf-20160929
Fixes three serious bugs in release 20160923. Two of them old bugs, one new in 20160923. The bugs were exposed by occasional inconsistent behavior in one or two regression tests.
libdwarf-20160923
DO NOT USE: use libdwarf-20161001 instead. Think of this as withdrawn. Many improvements in the code catching corrupt dwarf. Quite a number of places with out-of-bound read/write of memory fixed. Trivial but annoying memory leaks in dwarfdump fixed. Thanks to Puzzor, STARLAB, Salvatore Bonaccorso, Agostino Sarubbo, Vul, James Grumbach, and others for reporting memory corruption and other issues.
libdwarf-20160613
Incorporates code detecting malformed DWARF and malformed Elf object files. Dwarfdump and libdwarf performance reading frame data improved significantly, though the improvements don't apply to all frame data interface functions. The configure/make system now builds libdwarf shared objects (when asked to) with a proper soname. Thanks to Sture Carlson, Hannes Domani, etienneberg, Steve Kaufman, Yue Liu, and Fabian Wolff for their help/comments on libdwarf. Major thanks to Carlos Alberto Enciso for his collaboration.
libdwarf-20160507
Incorporates many additional checks so that corrupt dwarf will not crash an executable calling libdwarf. Thanks to Yue Liu for providing a number of small and corrupted objects.
|
|
|
|
|
|
- remove three defunct mirrors
- remove xemacs.org - its hoster tux.org went down,
and the master site as well as all the *.xemacs.org
DNS entries are gone
- add two mirrors that run under their own domain name
|
|
|
|
|
|
- It is now possible to use a custom array cast function by changing
the type caster for the 'anyarray' type. For instance, by calling
set_typecast('anyarray', lambda v, c: v) you can have arrays returned
as strings instead of lists. Note that in the pg module, you can also
call set_array(False) in order to return arrays as strings.
- The namedtuple classes used for the rows of query results are now cached
and reused internally, since creating namedtuples classes in Python is a
somewhat expensive operation. By default the cache has a size of 1024
entries, but this can be changed with the set_row_factory_size() function.
In certain cases this change can notably improve the performance.
|
|
|
|
added: multiple input formats, including RF64, Wave64, and CAF
added: lossless DSD audio in Philips DSDIFF and Sony DSF files
fixed: seeking in > 2GB WavPack files (new stream reader)
fixed: accept > 4GB source audio files (all formats)
improved: increase maximum samples from 2^32 to 2^40
added: block checksums for robustness to corruption
added: support for non-standard channel identities
removed: support for legacy WavPack files (< 4.0)
added: block decoder for streaming applications
fixed: many small fixes and improvements
added: all new pdf documentation
|
|
|
|
Upstream changes:
1.39 2016-11-19 07:50:00 MANWAR
- Proposed fix for RT #118778 (thanks Andrew Beverley).
|
|
|
|
Upstream changes:
0.48 2016-12-07 01:15:14Z
- reverted is_Foo and to_Foo refactoring [from 0.47] for now, so they
can be reworked
0.47 2016-12-07 00:40:34Z
- allow type libraries built with MooseX::Types::Combine to be
combined with MooseX::Types::Combine. (GH #1, Mark Fowler).
- made the exported is_Foo and to_Foo subs much faster, especially for
type constraints which can be inlined [reverted in 0.48]
|
|
|
|
Upstream changes:
* Release 3.35
2016-11-29 Karl Williamson <khw@cpan.org>
Needed to 'make manifest' before uploading to CPAN. No changes beyond
version bump
* Release 3.35
2016-11-29 Karl Williamson <khw@cpan.org>
Stabilize t/search50.t. Thanks to rurban for the patch!
Turn off utf8 warnings when trying to see if a file is UTF-8 or not.
* Release 3.33
No changes since 3.32.
|
|
|
|
Upstream changes:
0.1.44 Fri Dec 2 15:26:19 PST 2016
- Apply PR/32 typo (@perlpunk++)
- Apply PR/34 IPC::Run dependency (@perlpunk++)
- Apply PR/35 Output IPC::Run stderr (@perlpunk++)
|
|
|
|
Upstream changes:
1.20 Fri Dec 2 13:20:33 PST 2016
- Apply and amend PR/146 (quoted map keys) @preaction++
- B::Deparse is loaded at runtime now
- New Feature $YAML::Preserve (Apply PR/9 @fmenabe++)
|
|
|
|
Upstream changes:
0.18 2016-10-03T04:36:04Z
- Use a better tempdir, fix some documentation, and make json test more readable #4 (Thank you karenetheridge)
|
|
|
|
Add missing DEPENDS
Upstream changes:
0.19 2016-11-08 08:08:16 Europe/Copenhagen
- The standard is not clear on this, and some servers don't allow them, but it seems that DELETE can take a request body.
- Added serializer_options so it's possible to instantiate the serializer w/ parameters
- Fixed "Use of uninitialized value in concatenation (.) or string" warning when $self->server is not initialized
- Changes for rt #118413. Thanks to abraxxa
http_headers return a combined hashref of http_headers and persistent_headers
new method, clear_all_headers
|
|
|
|
|
|
Upstream changes:
7.11 2016-11-30
- Added EXPERIMENTAL close_idle_connections method to Mojo::Server::Daemon.
- Improved one_tick method in Mojo::IOLoop to protect from recursion, similar
to the start method.
- Improved log attribute in Mojolicious to make it easier to override default
settings. (jberger)
- Fixed bug in Mojo::Server::Prefork where workers would accept keep-alive
requests after a graceful shutdown had already been initiated.
- Fixed bugs in Mojo::Util and Mojo::Asset::File where incomplete writes would
not be recognized as errors. (bobkare, sri)
|
|
|
|
No upstream changelog found.
|
|
|
|
Upstream changes:
1.31 2016-11-25 09:33:47 -0500
- Migrated from Module::Install to Dist::Zilla and ExtUtils::MakeMaker
- Fixed meta for repository which was pointing to the wrong URL
1.30 23 Nov 2016
- Moving to prod release
1.29_02 23 Nov 2016
- Update metadata to point to github repository.
Plus some other minor dist meta tweaks.
- Note: planning on doing a migration from Module::Install
to ExtUtils::MakeMaker shortly AFTER the next production
release.
1.29_01 22 Nov 2016
- Fix Makefile.PL to work with Perls without '.' in @INC
- Fix for the installed method when used with a PAR archive (rt#42846)
- Minor documentation fixes (grammar, spelling: rt#74481, rt#85356)
|
|
|
|
No upstream changelog found.
|
|
|
|
Upstream changes:
2016-09-08 Gisle Aas <gisle@ActiveState.com>
Release 2.10
Applied patch from Michael Joyce that is required to make the
test pass for perl-5.24
|
|
|
|
- use standard headers
- don't use perror, don't use sprintf
- fix time handling issues
- compile in paths so the data can be installed (from patch-ab)
- fix name conflict with libc
- avoid undefined behavior
- avoid implicit int for clang
- declare own functions, sprinkle const and static, and fix
signedness to get a clean build (except for one remaining issue
where it's not clear what to do)
- remove unused elements detected by gcc
- fix some problems detected by gcc
- fix a startup crash
- modernize the makefile
Also, don't install the raw image bitmap data and the scripts to digest
it; install only the digested form, as that's all that's used at runtime.
|
|
|
|
Asterisk Project Security Advisory - ASTERISK-2016-009
Product Asterisk
Summary
Nature of Advisory Authentication Bypass
Susceptibility Remote unauthenticated sessions
Severity Minor
Exploits Known No
Reported On October 3, 2016
Reported By Walter Doekes
Posted On
Last Updated On December 8, 2016
Advisory Contact Mmichelson AT digium DOT com
CVE Name
Description The chan_sip channel driver has a liberal definition for
whitespace when attempting to strip the content between a
SIP header name and a colon character. Rather than
following RFC 3261 and stripping only spaces and horizontal
tabs, Asterisk treats any non-printable ASCII character as
if it were whitespace. This means that headers such as
Contact\x01:
will be seen as a valid Contact header.
This mostly does not pose a problem until Asterisk is
placed in tandem with an authenticating SIP proxy. In such
a case, a crafty combination of valid and invalid To
headers can cause a proxy to allow an INVITE request into
Asterisk without authentication since it believes the
request is an in-dialog request. However, because of the
bug described above, the request will look like an
out-of-dialog request to Asterisk. Asterisk will then
process the request as a new call. The result is that
Asterisk can process calls from unvetted sources without
any authentication.
If you do not use a proxy for authentication, then this
issue does not affect you.
If your proxy is dialog-aware (meaning that the proxy keeps
track of what dialogs are currently valid), then this issue
does not affect you.
If you use chan_pjsip instead of chan_sip, then this issue
l
does not affect you.
Resolution chan_sip has been patched to only treat spaces and
horizontal tabs as whitespace following a header name. This
allows for Asterisk and authenticating proxies to view
requests the same way
Affected Versions
Product Release
Series
Asterisk Open Source 11.x All Releases
Asterisk Open Source 13.x All Releases
Asterisk Open Source 14.x All Releases
Certified Asterisk 13.8 All Releases
Corrected In
Product Release
Asterisk Open Source 11.25.1, 13.13.1, 14.2.1
Certified Asterisk 11.6-cert16, 13.8-cert4
Patches
SVN URL Revision
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/ASTERISK-2016-009.pdf and
http://downloads.digium.com/pub/security/ASTERISK-2016-009.html
Revision History
Date Editor Revisions Made
November 28, 2016 Mark Michelson Initial writeup
Asterisk Project Security Advisory - ASTERISK-2016-009
Copyright (c) 2016 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
|
|
|
|
Upstream changes:
1.19 Sat Dec 3 09:32:31 2016
- U::C::Locale newly supports locales: he, vo.
- locales updated to CLDR 24: az, haw.
- locale updated to CLDR 26: et.
|
|
|
|
Upstream changes:
2.003000 - 2016-12-09
- fix create_class_with_roles being used multiple times with the same packages
- fix edge case with @ISA assignment on perl 5.10.0
- minor test adjustments
- fix handles on oddly named attributes
- make has options linkable in documentation
- Sub::Quote and Sub::Defer have been split into a separate dist
|
|
|
|
|
