| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
From Bug Hunting.
|
|
|
|
|
|
|
|
own build docs), this actually makes remmina offer ssh and sftp, and makes
the NX plugin build. Thus bumping revision.
XXX TODO:
XXX - RDP still isn't offered in the menu.
XXX - upstream package is 1.0
Thanks to Noud Brouwer for the original libssh-0.5.4 package from
pkgsrc-wip, which was used as security/libssh with some corrections.
|
|
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2013-01
Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI
DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS,
SDP, and SIP dissectors. Reported by Laurent Butti. (Bugs
8036, 8037, 8038, 8040, 8041, 8042, 8043, 8198, 8199, 8222)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-02
The CLNP dissector could crash. Discovered independently by
Laurent Butti and the Wireshark development team. (Bug 7871)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-03
The DTN dissector could crash. (Bug 7945)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-04
The MS-MMC dissector (and possibly others) could crash. (Bug
8112)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-05
The DTLS dissector could crash. Discovered by Laurent Butti.
(Bug 8111)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-06
The ROHC dissector could crash. (Bug 7679)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-07
The DCP-ETSI dissector could corrupt memory. Discovered by
Laurent Butti. (Bug 8213)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-08
The Wireshark dissection engine could crash. Discovered by
Laurent Butti. (Bug 8197)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-09
The NTLMSSP dissector could overflow a buffer. Discovered by
Ulf Härnhammar. (Bug X)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
- The following bugs have been fixed:
o SNMPv3 Engine ID registration. (Bug 2426)
o Wrong decoding of gtp.target identification. (Bug 3974)
o Reassemble.c leaks memory for GLIB > 2.8. (Bug 4141)
o Wireshark crashes when starting due to out-of-date plugin left
behind from earlier installation. (Bug 7401)
o Failed to dissect TLS handshake packets. (Bug 7435)
o ISUP dissector problem with empty Generic Number. (Bug 7632)
o Illegal character is used in temporary capture file name. (Bug
7877)
o Lua code crashes wireshark after update to 1.8.3. (Bug 7976)
o Timestamp info is not saved correctly when writing DOS Sniffer
files. (Bug 7998)
o 1.8.3 Wireshark User's Guide version is 1.6. (Bug 8009)
o Core dumped when the file is closed. (Bug 8022)
o LPP is misspelled in APDU parameter in
e-CIDMeasurementInitiation request for LPPA message. (Bug
8023)
o Wrong packet bytes are selected for ISUP CUG binary code. (Bug
8035)
o Decodes FCoE Group Multicast MAC address as Broadcom MAC
address. (Bug 8046)
o The SSL dissector stops decrypting the SSL conversation with
Malformed Packet:SSL error messages. (Bug 8075)
o Unable to Save/Apply [Unistim Port] in Preferences. (Bug 8078)
o Some Information Elements in GTPv2 are not dissected
correctly. (Bug 8079)
o Wrong bytes highlighted with "Find Packet...". (Bug 8085)
o 3GPP ULI AVP. SAI is not correctly decoded. (Bug 8098)
o Wireshark does not show "Start and End Time" information for
Cisco Netflow/IPFIX with type 154 to 157. (Bug 8105)
o GPRS Tunnel Protocoll GTP Version 1 does not decode DAF flag
in Common Flags IE. (Bug 8193)
o Wrong parcing of ULI of gtpv2 messages - errors in SAC, RAC &
ECI. (Bug 8208)
o Version Number in EtherIP dissector. (Bug 8211)
o Warn Dissector bug, protocol JXTA. (Bug 8212)
o Electromagnetic Emission Parser parses field Event Id as
Entity Id. (Bug 8227)
- Updated Protocol Support
ANSI IS-637-A, ASN.1 PER, AX.25, Bluetooth HCI, CLNP, CSN.1,
DCP-ETSI, DIAMETER, DIS PDU, DOCSIS CM-STATUS, DTLS, DTN, EtherIP,
Fibre Channel, GPRS, GTP, GTPv2, HomePlug AV, IEEE 802.3 Slow,
IEEE 802.15.4, ISUP, JXTA, LAPD, LPPa, MPLS, MS-MMC, NAS-EPS,
NTLMSSP, ROHC, RSL, RTPS, SDP, SIP, SNMP, SSL
- New and Updated Capture File Support
DOS Sniffer
|
|
The Tor Project ceased to recommend privoxy years ago; the only way
they recommend browsing the web is through the Tor Browser Bundle,
which Someone^TM ought to find some way to package up.
|
|
==============================
Release Notes for Samba 3.6.12
January 30, 2013
==============================
This is a security release in order to address
CVE-2013-0213 (Clickjacking issue in SWAT) and
CVE-2013-0214 (Potential XSRF in SWAT).
o CVE-2013-0213:
All current released versions of Samba are vulnerable to clickjacking in the
Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into
a malicious web page via a frame or iframe and then overlaid by other content,
an attacker could trick an administrator to potentially change Samba settings.
In order to be vulnerable, SWAT must have been installed and enabled
either as a standalone server launched from inetd or xinetd, or as a
CGI plugin to Apache. If SWAT has not been installed or enabled (which
is the default install state for Samba) this advisory can be ignored.
o CVE-2013-0214:
All current released versions of Samba are vulnerable to a cross-site
request forgery in the Samba Web Administration Tool (SWAT). By guessing a
user's password and then tricking a user who is authenticated with SWAT into
clicking a manipulated URL on a different web page, it is possible to manipulate
SWAT.
In order to be vulnerable, the attacker needs to know the victim's password.
Additionally SWAT must have been installed and enabled either as a standalone
server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has
not been installed or enabled (which is the default install state for Samba)
this advisory can be ignored.
Changes since 3.6.11:
--------------------
o Kai Blin <kai@samba.org>
* BUG 9576: CVE-2013-0213: Fix clickjacking issue in SWAT.
* BUG 9577: CVE-2013-0214: Fix potential XSRF in SWAT.
|
|
==============================
Release Notes for Samba 3.5.21
January 30, 2013
==============================
This is a security release in order to address
CVE-2013-0213 (Clickjacking issue in SWAT) and
CVE-2013-0214 (Potential XSRF in SWAT).
o CVE-2013-0213:
All current released versions of Samba are vulnerable to clickjacking in the
Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into
a malicious web page via a frame or iframe and then overlaid by other content,
an attacker could trick an administrator to potentially change Samba settings.
In order to be vulnerable, SWAT must have been installed and enabled
either as a standalone server launched from inetd or xinetd, or as a
CGI plugin to Apache. If SWAT has not been installed or enabled (which
is the default install state for Samba) this advisory can be ignored.
o CVE-2013-0214:
All current released versions of Samba are vulnerable to a cross-site
request forgery in the Samba Web Administration Tool (SWAT). By guessing a
user's password and then tricking a user who is authenticated with SWAT into
clicking a manipulated URL on a different web page, it is possible to manipulate
SWAT.
In order to be vulnerable, the attacker needs to know the victim's password.
Additionally SWAT must have been installed and enabled either as a standalone
server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has
not been installed or enabled (which is the default install state for Samba)
this advisory can be ignored.
Changes since 3.5.20:
---------------------
o Kai Blin <kai@samba.org>
* BUG 9576: CVE-2013-0213: Fix clickjacking issue in SWAT.
* BUG 9577: CVE-2013-0214: Fix potential XSRF in SWAT.
|
|
changes:
-fix multiple buffer overflows (CVE-2012-5958..65)
-more bugfixes, Compilation optimisation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* fix rare crash with opening user profile
* fix rare crash at startup
* fix rare crash when timeline context menu is opened
|
|
Also bump PKGREVISION for a few packages using it.
The packages I did this for:
net/yaz
lang/parrot
misc/openoffice3 (where I noticed the run-time failure due to missing shared library)
www/webkit-gtk
sysutils/open-vm-tools
inputmethod/ibus-qt
I didn't do this recursively or for all packages using icu
since I didn't know if they used the shared library directly,
some use was optional. The list of packages I didn't touch:
devel/devhelp
databases/idzebra
databases/sqlite3
devel/gnustep-base/
finance/gnucash
games/openttd
graphics/shotwell
lang/mono
meta-pkgs/boost
misc/calibre
misc/libreoffice
news/tin
textproc/php-intl
www/deforaos-surfer
www/epiphany
www/liferea-current
www/midori
|
|
|
|
================
Changes in PyZMQ
================
2.2.0.1
=======
This is a tech-preview release, to try out some new features.
It is expected to be short-lived, as there are likely to be issues to iron out,
particularly with the new pip-install support.
Experimental New Stuff
----------------------
These features are marked 'experimental', which means that their APIs are not set in stone,
and may be removed or changed in incompatible ways in later releases.
Threadsafe ZMQStream
********************
With the IOLoop inherited from tornado, there is exactly one method that is threadsafe:
:meth:`.IOLoop.add_callback`. With this release, we are trying an experimental option
to pass all IOLoop calls via this method, so that ZMQStreams can be used from one thread
while the IOLoop runs in another. To try out a threadsafe stream:
.. sourcecode:: python
stream = ZMQStream(socket, threadsafe=True)
pip install pyzmq
*****************
PyZMQ should now be pip installable, even on systems without libzmq.
In these cases, when pyzmq fails to find an appropriate libzmq to link against,
it will try to build libzmq as a Python extension.
This work is derived from `pyzmq_static <https://github.com/brandon-rhodes/pyzmq-static>`_.
To this end, PyZMQ source distributions include the sources for libzmq (2.2.0) and libuuid (2.21),
both used under the LGPL.
zmq.green
*********
The excellent `gevent_zeromq <https://github.com/traviscline/gevent_zeromq>`_ socket
subclass which provides `gevent <http://www.gevent.org/>`_ compatibility has been merged as
:mod:`zmq.green`.
.. seealso::
:ref:`zmq_green`
Bugs fixed
----------
* TIMEO sockopts are properly included for libzmq-2.2.0
* avoid garbage collection of sockets after fork (would cause ``assert (mailbox.cpp:79)``).
2.2.0
=====
Some effort has gone into refining the pyzmq API in this release to make it a model for
other language bindings. This is principally made in a few renames of objects and methods,
all of which leave the old name for backwards compatibility.
.. note::
As of this release, all code outside ``zmq.core`` is BSD licensed (where
possible), to allow more permissive use of less-critical code and utilities.
Name Changes
------------
* The :class:`~.Message` class has been renamed to :class:`~.Frame`, to better match other
zmq bindings. The old Message name remains for backwards-compatibility. Wherever pyzmq
docs say "Message", they should refer to a complete zmq atom of communication (one or
more Frames, connected by ZMQ_SNDMORE). Please report any remaining instances of
Message==MessagePart with an Issue (or better yet a Pull Request).
* All ``foo_unicode`` methods are now called ``foo_string`` (``_unicode`` remains for
backwards compatibility). This is not only for cross-language consistency, but it makes
more sense in Python 3, where native strings are unicode, and the ``_unicode`` suffix
was wedded too much to Python 2.
Other Changes and Removals
--------------------------
* ``prefix`` removed as an unused keyword argument from :meth:`~.Socket.send_multipart`.
* ZMQStream :meth:`~.ZMQStream.send` default has been changed to `copy=True`, so it matches
Socket :meth:`~.Socket.send`.
* ZMQStream :meth:`~.ZMQStream.on_err` is deprecated, because it never did anything.
* Python 2.5 compatibility has been dropped, and some code has been cleaned up to reflect
no-longer-needed hacks.
* Some Cython files in :mod:`zmq.core` have been split, to reduce the amount of
Cython-compiled code. Much of the body of these files were pure Python, and thus did
not benefit from the increased compile time. This change also aims to ease maintaining
feature parity in other projects, such as
`pyzmq-ctypes <https://github.com/svpcom/pyzmq-ctypes>`_.
New Stuff
---------
* :class:`~.Context` objects can now set default options when they create a socket. These
are set and accessed as attributes to the context. Socket options that do not apply to a
socket (e.g. SUBSCRIBE on non-SUB sockets) will simply be ignored.
* :meth:`~.ZMQStream.on_recv_stream` has been added, which adds the stream itself as a
second argument to the callback, making it easier to use a single callback on multiple
streams.
* A :attr:`~Frame.more` boolean attribute has been added to the :class:`~.Frame` (née
Message) class, so that frames can be identified as terminal without extra queires of
:attr:`~.Socket.rcvmore`.
Experimental New Stuff
----------------------
These features are marked 'experimental', which means that their APIs are not
set in stone, and may be removed or changed in incompatible ways in later releases.
* :mod:`zmq.web` added for load-balancing requests in a tornado webapp with zeromq.
|
|
0MQ version 2.2.0 (Stable), released on 2012/04/04
==================================================
Changes
-------
* Fixed issue 349, add send/recv timeout socket options.
Bug fixes
---------
* Fixed issue 301, fix builds on HP-UX 11iv3 when using either gcc or aCC.
* Fixed issue 305, memory leakage when using dynamic subscriptions.
* Fixed issue 332, libzmq doesn't compile on Android NDK.
* Fixed issue 293, libzmq doesn't follow ZMTP/1.0 spec.
* Fixed issue 342, cannot build against zmq.hpp under C++11.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Patch submitted upstream, but without much success
|
|
|
|
|
|
|
|
|
|
This plugin for the agent provides two tasks that were previously distributed
separatly:
* the NetDiscovery task allows the agent to scan the network to find remote
devices, through nmap, NetBios or SNMP, and to identify them
* the NetInventory task allows the agent to extract various informations from
a remote device through SNMP protocol
|
|
The FusionInventory agent is a generic management agent. It can perform a
certain number of tasks, according to its own execution plan, or on behalf of a
GLPI server with fusioninventory plugin, acting as a control point.
Two of these tasks are included in agent source distribution, local inventory
and wake on lan. Other tasks are distributed separatly, excepted for binary
distributions where they are bundled together.
|
|
* Hold the date of the eTLD database and use it to detect modification.
* Update the eTLD list.
|
|
|
|
|
|
BWPing is a tool to measure bandwidth and response times between
two hosts using Internet Control Message Protocol (ICMP) echo
request/echo reply mechanism. It does not require any special
software on the remote host. The only requirement is the ability
to respond on ICMP echo request messages.
|
|
* Convert to use egg.mk.
Thank you, joerg@.
|
|
|
|
|
|
Changes are too many to write here, please refer RELNOTES.
|
|
|
|
|
|
|
|
|
|
|
|
syntax in system headers on NetBSD.
|
|
|
