| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
== ipaddress 0.8.2
CHANGED:: merged bundler branch to cleanup gemspec and Rakefiles
FIXED:: IPAddress::IPv4.split handling (Issue #40)
NEW:: Added #[]= method to IPv4/6 classes to add octet writing support. (Issue #24)
NEW:: IPV4#multicast?
NEW:: IPV4#loopback?
NEW:: IPV4#to()
== ipaddress 0.8.1
CHANGED:: ipaddress now uses minitest for testing, all tests passing
|
|
|
|
* Fix extraction
* Update _VALID_URL
* Fix upload date extraction
* Fix description extraction and update test
* Extract duration
|
|
|
|
Standard GNOME packages uses odd major version numbers in for unstable
packages.
Thanks to wiz@.
|
|
Changes:
Changes in libsoup from 2.53.1 to 2.53.2:
* Fixed up symbol visibility handling for mingw by copying
GLib's system [Ignacio Casal Quinteiro, #757146]
* Finally marked the old SoupSessionAsync and SoupSessionSync
methods as deprecated [Ignacio Casal Quinteiro, Dan Winship,
#757146]
* Added libsoup-2.4.deps for valac [Rico Tzschichholz]
* Make it possible to build from git without gtk-doc being
installed [Ignacio Casal Quinteiro]
* Updated translations:
Norwegian bokmål, Occitan
Changes in libsoup from 2.52.1 to 2.53.1:
* Really fixed build under MinGW for sure this time [Ignacio
Casal Quinteiro]
* Fixed SoupServer Web Sockets code so that the
SoupClientContext passed to a SoupServerWebsocketCallback is
fully usable (rather than crashing when you try to do most
things).
Changes in libsoup from 2.52.0 to 2.52.1:
* Fixed build under MinGW [Chun-wei Fan]
* Fixed build with --disable-introspection [#755389, Quentin
Glidic]
* Fixed HTTP authentication protection space handling for
files directly under the root directory. [#755617, Carlos
Garcia Campos]
* Fixed a warning when loading data from SoupCache while using
an authenticated proxy. [#756076, Carlos Garcia Campos]
* Updated translations:
German, Vietnamese
Changes in libsoup from 2.51.92 to 2.52.0:
* Removed duplicate test paths from tests/date so it will pass
with glib 2.46.0
Changes in libsoup from 2.51.90 to 2.51.92:
* Added g_autoptr() support for all libsoup types. [#754721,
Kalev Lember]
* Added a missing (allow-none) annotation to
soup_uri_normalize() [#754776, Jens Georg]
* Updated translations:
Polish
Changes in libsoup from 2.51.3 to 2.51.90:
* Added a new GVariant-based XMLRPC API, and deprecated the
old GValue-based API (along with the associated
GValue-manipulating utilities). [#746495, Xavier Claessens]
* Multiple build fixes for Visual Studio [#752952, Chun-wei Fan]
* Added VAPI generation [#750679, Daniel Espinosa]
* Fixed the mode bits on soup-cookie.c, which was previously
marked executable for some reason. [rh #1247285]
* Updated translations:
Norwegian bokmål, Portuguese, Thai, Turkish
Changes in libsoup from 2.50.0 to 2.51.3:
* Fixed "make check" in non-English locales [rh #1224989,
#749397]
* Fixed some compiler warnings [#748514, Philip Withnall]
* New/Updated translations:
Aragonese, Catalan, Occitan, Russian
|
|
this is done since gnomekeyring is not used by libsoup anymore.
|
|
changes is:
- http2 package replaces spdy. New interactive HTTP2 debugger, h2i.
- New context/ctxhttp for context-aware HTTP request handlers.
- New xsrftoken package for generating and checking XSRF tokens.
- Improved HTML5-capable HTML parser.
|
|
- BUG/MINOR: http rule: http capture 'id' rule points to a non existing id
- BUG/MINOR: server: check return value of fgets() in apply_server_state()
- BUG/MINOR: acl: don't use record layer in req_ssl_ver
- BUILD: freebsd: double declaration
- BUG/MEDIUM: lua: clean output buffer
- BUILD: check for libressl to be able to build against it
- DOC: lua-api/index.rst small example fixes, spelling correction.
- DOC: lua: architecture and first steps
- DOC: relation between timeout http-request and option http-buffer-request
- BUILD: Make deviceatlas require PCRE
- BUG: http: do not abort keep-alive connections on server timeout
- BUG/MEDIUM: http: switch the request channel to no-delay once done.
- BUG/MINOR: lua: don't force-sslv3 LUA's SSL socket
- BUILD/MINOR: http: proto_http.h needs sample.h
- BUG/MEDIUM: http: don't enable auto-close on the response side
- BUG/MEDIUM: stream: fix half-closed timeout handling
- CLEANUP: compression: don't allocate DEFAULT_MAXZLIBMEM without USE_ZLIB
- BUG/MEDIUM: cli: changing compression rate-limiting must require admin level
- BUG/MEDIUM: sample: urlp can't match an empty value
- BUILD: dumpstats: silencing warning for printf format specifier / time_t
- CLEANUP: proxy: calloc call inverted arguments
- MINOR: da: silent logging by default and displaying DeviceAtlas support if built.
- BUG/MEDIUM: da: stop DeviceAtlas processing in the convertor if there is no input.
- DOC: Edited 51Degrees section of README/ (cherry picked from commit a7bbdd955984f0d69812ff055cc145a338e76daa)
- BUG/MEDIUM: checks: email-alert not working when declared in defaults
- BUG/MINOR: checks: email-alert causes a segfault when an unknown mailers section is configured
- BUG/MINOR: checks: typo in an email-alert error message
- BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and last rule is a CONNECT with no port
- BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and first rule(s) is (are) COMMENT
- BUG/MEDIUM: http: fix http-reuse when frontend and backend differ
- DOC: prefer using http-request/response over reqXXX/rspXXX directives
- BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced
- BUG/MEDIUM: peers: table entries learned from a remote are pushed to others after a random delay.
- BUG/MEDIUM: peers: old stick table updates could be repushed.
- CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro.
- MINOR: lua: service/applet can have access to the HTTP headers when a POST is received
- REORG/MINOR: lua: convert boolean "int" to bitfield
- BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn
- BUG/MINOR: lua: Lua applets must not use http_txn
- BUG/MEDIUM: lua: Forbid HTTP applets from being called from tcp rulesets
- BUG/MAJOR: lua: Do not force the HTTP analysers in use-services
- CLEANUP: lua: bad error messages
- DOC: lua: fix lua API
- DOC: mailers: typo in 'hostname' description
- DOC: compression: missing mention of libslz for compression algorithm
- BUILD/MINOR: regex: missing header
- BUG/MINOR: stream: bad return code
- DOC: lua: fix somme errors and add implicit types
While there, add better support for deviceatlas option, from David CARLIER.
|
|
Changes not found.
|
|
2.0.1
* Support encoding of byte arrays, fixes #58.
* Fix encoding for headers and properties if using nested headers.
* Fix #30 (headers encoding other than ASCII-8BIT).
|
|
|
|
Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. It uses GTK+, a graphical user interface
library, and libpcap, a packet capture and filtering library.
The Wireshark distribution also comes with TShark, which is a
line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the
same dissection, capture-file reading and writing, and packet filtering
code as Wireshark, and with editcap, which is a program to read capture
files and write the packets from that capture file, possibly in a
different capture file format, and with some packets possibly removed
from the capture.
This package tracks version 2 stable branch.
|
|
Changelog:
Wireshark 1.12.9 Release Notes
__________________________________________________________________
What is Wireshark?
Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
__________________________________________________________________
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2015-31
NBAP dissector crashes. ([2]Bug 11602, [3]Bug 11835, [4]Bug 11841)
* [5]wnpa-sec-2015-32
UMTS FP dissector crashes. ([6]Bug 11602, [7]Bug 11606)
* [8]wnpa-sec-2015-33
DCOM dissector crash. ([9]Bug 11610)
* [10]wnpa-sec-2015-34
AllJoyn dissector infinite loop. ([11]Bug 11607)
* [12]wnpa-sec-2015-35
T.38 dissector crash. ([13]Bug 9887)
* [14]wnpa-sec-2015-36
SDP dissector crash. ([15]Bug 9887)
* [16]wnpa-sec-2015-37
NLM dissector crash.
* [17]wnpa-sec-2015-38
DNS dissector crash. ([18]Bug 10988)
* [19]wnpa-sec-2015-39
BER dissector crash.
* [20]wnpa-sec-2015-40
Zlib decompression crash. ([21]Bug 11548)
* [22]wnpa-sec-2015-41
SCTP dissector crash. ([23]Bug 11767)
* [24]wnpa-sec-2015-42
802.11 decryption crash. ([25]Bug 11790, [26]Bug 11826)
* [27]wnpa-sec-2015-43
DIAMETER dissector crash. ([28]Bug 11792)
* [29]wnpa-sec-2015-44
VeriWave file parser crashes. ([30]Bug 11789, [31]Bug 11791)
* [32]wnpa-sec-2015-45
RSVP dissector crash. ([33]Bug 11793)
* [34]wnpa-sec-2015-46
ANSI A & GSM A dissector crashes. ([35]Bug 11797)
* [36]wnpa-sec-2015-47
Ascend file parser crash. ([37]Bug 11794)
* [38]wnpa-sec-2015-48
NBAP dissector crash. ([39]Bug 11815)
* [40]wnpa-sec-2015-49
RSL dissector crash. ([41]Bug 11829)
* [42]wnpa-sec-2015-50
ZigBee ZCL dissector crash. ([43]Bug 11830)
* [44]wnpa-sec-2015-51
Sniffer file parser crash. ([45]Bug 11827)
The Windows installers are now built using NSIS 2.50 in order to avoid
[46]DLL hijacking flaws.
The following bugs have been fixed:
* Zooming out (Ctrl+-) too far crashes Wireshark. ([47]Bug 8854)
* IPv6 Next Header is Unknown yet Wireshark tries parsing an IPv6
Extension Header. ([48]Bug 9996)
* IPv6 Mobility Header Link-Layer Address Mobility Option is parsed
incorrectly. ([49]Bug 10627)
* Windows Wireshark Installer does not detect WinPcap which is
already installed. ([50]Bug 10867)
* SSL Decrypted Packet Not Decoded As HTTP. ([51]Bug 10984)
* Wireshark crashes when using the VoIP player. ([52]Bug 11596)
* [GSMTAP] Incorrect decoding of MS Radio Access Capability using
alternative coding. ([53]Bug 11599)
* TCP sequence analysis (expert info) does not work in 802.1ah
frames. ([54]Bug 11629)
* No correct GVCP info message for READREG_ACK command. ([55]Bug
11639)
* Bug in EtherCAT dissector with mailbox response. ([56]Bug 11652)
* NLM v4 statistics crash. ([57]Bug 11654)
* Malformed packet with IPv6 mobility header. ([58]Bug 11728)
* LDAP decode shows invalid number of results for searchResEntry
packets. ([59]Bug 11761)
* IPv6 RPL Routing Header with length of 8 bytes still reads an
address. ([60]Bug 11803)
* g_utf8_validate assertion when reassembling GSM SMS messages
encoded in UCS2. ([61]Bug 11809)
* MPEG2TS NULL pkt: AFC: "Should be 0 for NULL packets" wrong.
([62]Bug 11921)
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
6LoWPAN, 802.1ah, AllJoyn, ANSI A, ASN.1 BER, CLNP, CMS, DCOM,
DIAMETER, DNS, ERF, GSM A, GSM SMS, GTP, GVCP, HiSLIP, IEEE 802.11,
IPv4, IPv6, L2TP, LDAP, MIP6, MP2T, NBAP, NLM, ONC RPC, PCP, RSL, RSVP,
SCTP, SDP, SIGCOMP, SNMP, SPDY, T.38, UMTS FP, and ZigBee ZCL
New and Updated Capture File Support
Ascend, ERF, Sniffer, and VeriWave
__________________________________________________________________
Getting Wireshark
Wireshark source code and installation packages are available from
[63]https://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You
can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages can be
found on the [64]download page on the Wireshark web site.
__________________________________________________________________
File Locations
Wireshark and TShark look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
vary from platform to platform. You can use About->Folders to find the
default locations on your system.
__________________________________________________________________
Known Problems
Dumpcap might not quit if Wireshark or TShark crashes. ([65]Bug 1419)
The BER dissector might infinitely loop. ([66]Bug 1516)
Capture filters aren't applied when capturing from named pipes.
([67]Bug 1814)
Filtering tshark captures with read filters (-R) no longer works.
([68]Bug 2234)
The 64-bit Windows installer does not support Kerberos decryption.
([69]Win64 development page)
Resolving ([70]Bug 9044) reopens ([71]Bug 3528) so that Wireshark no
longer automatically decodes gzip data when following a TCP stream.
Application crash when changing real-time option. ([72]Bug 4035)
Hex pane display issue after startup. ([73]Bug 4056)
Packet list rows are oversized. ([74]Bug 4357)
Wireshark and TShark will display incorrect delta times in some cases.
([75]Bug 4985)
__________________________________________________________________
Getting Help
Community support is available on [76]Wireshark's Q&A site and on the
wireshark-users mailing list. Subscription information and archives for
all of Wireshark's mailing lists can be found on [77]the web site.
Official Wireshark training and certification are available from
[78]Wireshark University.
__________________________________________________________________
Frequently Asked Questions
A complete FAQ is available on the [79]Wireshark web site.
__________________________________________________________________
Last updated 2015-12-29 08:48:09 PST
References
1. https://www.wireshark.org/security/wnpa-sec-2015-31.html
2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602
3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11835
4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11841
5. https://www.wireshark.org/security/wnpa-sec-2015-32.html
6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11606
8. https://www.wireshark.org/security/wnpa-sec-2015-33.html
9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11610
10. https://www.wireshark.org/security/wnpa-sec-2015-34.html
11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11607
12. https://www.wireshark.org/security/wnpa-sec-2015-35.html
13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887
14. https://www.wireshark.org/security/wnpa-sec-2015-36.html
15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887
16. https://www.wireshark.org/security/wnpa-sec-2015-37.html
17. https://www.wireshark.org/security/wnpa-sec-2015-38.html
18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10988
19. https://www.wireshark.org/security/wnpa-sec-2015-39.html
20. https://www.wireshark.org/security/wnpa-sec-2015-40.html
21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548
22. https://www.wireshark.org/security/wnpa-sec-2015-41.html
23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11767
24. https://www.wireshark.org/security/wnpa-sec-2015-42.html
25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11790
26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11826
27. https://www.wireshark.org/security/wnpa-sec-2015-43.html
28. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11792
29. https://www.wireshark.org/security/wnpa-sec-2015-44.html
30. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11789
31. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11791
32. https://www.wireshark.org/security/wnpa-sec-2015-45.html
33. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11793
34. https://www.wireshark.org/security/wnpa-sec-2015-46.html
35. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11797
36. https://www.wireshark.org/security/wnpa-sec-2015-47.html
37. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11794
38. https://www.wireshark.org/security/wnpa-sec-2015-48.html
39. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11815
40. https://www.wireshark.org/security/wnpa-sec-2015-49.html
41. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829
42. https://www.wireshark.org/security/wnpa-sec-2015-50.html
43. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11830
44. https://www.wireshark.org/security/wnpa-sec-2015-51.html
45. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11827
46. http://nsis.sourceforge.net/Docs/AppendixF.html
47. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8854
48. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9996
49. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10627
50. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10867
51. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10984
52. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11596
53. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11599
54. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11629
55. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11639
56. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11652
57. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11654
58. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11728
59. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11761
60. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11803
61. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11809
62. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11921
63. https://www.wireshark.org/download.html
64. https://www.wireshark.org/download.html#thirdparty
65. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
66. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
67. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
68. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
69. https://wiki.wireshark.org/Development/Win64
70. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
71. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
72. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
73. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
74. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
75. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
76. https://ask.wireshark.org/
77. https://www.wireshark.org/lists/
78. http://www.wiresharktraining.com/
79. https://www.wireshark.org/faq.html
|
|
|
|
This package contains an updated and actively maintained version
of SocksiPy, with bug fixes and extra features.
It acts as a drop-in replacement to the socket module.
Features
* SOCKS proxy client for Python 2.6 - 3.x
* TCP and UDP both supported
* HTTP proxy client included but not supported or recommended (you
should use urllib2's or requests' own HTTP proxy interface)
|
|
Clean up and simplify Makefile.
Breaking changes in 3.6.0:
- Minimum required Erlang version is R16B03 for plain ("just TCP")
connections for all protocols and 17.5 for TLS ones (18.x is
recommended for both).
- .NET client now requires .NET 4.5.
- "Immediate" flag is removed from the .NET client (it hasn't been
supported by the server since RabbitMQ 3.0).
- Default subscription TTL in MQTT is now 24 hours.
- Server artifacts are now distributed as xz archives and not gz.
- Build system has been completely reworked and now uses erlang.mk.
3rd party plugins must be adapted to the new build system.
Key improvements in this release are:
- Lazy queues
- Much better queue synchronisation throughput
- Lower RAM use, tunable flow control
- Stronger password encryption with pluggable algorithms
- Development moved to GitHub; build system now uses erlang.mk
- Significant improvements to Web STOMP
- Experimental WinRT-compatible .NET client, SQL CLR compatibility
in the "regular" one
- Pagination in management UI
- More popular plugins now ship with the broker: rabbitmq_sharding
and rabbitmq_event_exchange, for example.
Full release notes:
https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_0
|
|
o Switch to using gtk-mac-bundler and jhbuild for building the OS X installer.
This promises to reduce a lot of the problems we've had with local paths and
dependencies using the py2app and macports build system. [Daniel Miller]
o The Windows installer is now built with NSIS 2.47 which features LoadLibrary
security hardening to prevent DLL hijacking and other unsafe use of temporary
directories. Thanks to Stefan Kanthak for reporting the issue to NSIS and to
us and the many other projects that use it.
o Updated the OpenSSL shipped with our binary builds (Windows, OS X, and RPM)
to 1.0.2e.
o [Zenmap] [GH-235] Fix several failures to launch Zenmap on OS X. The new
build process eliminates these errors:
IOError: [Errno 2] No such file or directory: '/Applications/Zenmap.app/Contents/Resources/etc/pango/pangorc.in'
LSOpenURLsWithRole() failed for the application /Applications/Zenmap.app with error -10810.
o [NSE] [GH-254] Update the TLSSessionRequest probe in ssl-enum-ciphers to
match the one in nmap-service-probes, which was fixed previously to correct a
length calculation error. [Daniel Miller]
o [NSE] [GH-251] Correct false positives and unexpected behavior in http-*
scripts which used http.identify_404 to determine when a file was not found
on the target. The function was following redirects, which could be an
indication of a soft-404 response. [Tom Sellers]
o [NSE] [GH-241] Fix a false-positive in hnap-info when the target responds
with 200 OK to any request. [Tom Sellers]
o [NSE] [GH-244] Fix an error response in xmlrpc-methods when run against a
non-HTTP service. The expected behavior is no output. [Niklaus Schiess]
o [NSE] Fix SSN validation function in http-grep, reported by Bruce Barnett.
|
|
Changes:
4 December 2015: mitmproxy 0.15
* Support for loading and converting older dumpfile formats (0.13 and up)
* Content views for inline script (@chrisczub)
* Better handling of empty header values (Benjamin Lee/@bltb)
* Fix a gnarly memory leak in mitmdump
* A number of bugfixes and small improvements
|
|
Changes:
0.15.1
------
o Update backports.ssl_match_hostname dependency
0.15.0
------
o Allow empty HTTP header value
o Initial Python 3.4 porting efforts
|
|
Changes:
2.0.1 (2015-11-09)
------------------
Fixed a bug where the Python HPACK implementation would only emit header table
size changes for the total change between one header block and another, rather
than for the entire sequence of changes.
2.0.0 (2015-10-12)
------------------
Remove unused HPACKEncodingError.
Add the shortcut ability to import the public API (Encoder, Decoder, HPACKError,
HPACKDecodingError) directly, rather than from hpack.hpack.
|
|
package rabbit already depends on it.
Bump PKGREVISION.
|
|
|
|
=============================
Release Notes for Samba 4.3.3
December 16, 2015
=============================
This is a security release in order to address the following CVEs:
o CVE-2015-3223 (Denial of service in Samba Active Directory
server)
o CVE-2015-5252 (Insufficient symlink verification in smbd)
o CVE-2015-5299 (Missing access control check in shadow copy
code)
o CVE-2015-5296 (Samba client requesting encryption vulnerable
to downgrade attack)
o CVE-2015-8467 (Denial of service attack against Windows
Active Directory server)
o CVE-2015-5330 (Remote memory read in Samba LDAP server)
Please note that if building against a system libldb, the required
version has been bumped to ldb-1.1.24. This is needed to ensure
we build against a system ldb library that contains the fixes
for CVE-2015-5330 and CVE-2015-3223.
=======
Details
=======
o CVE-2015-3223:
All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
ldb versions up to 1.1.23 inclusive) are vulnerable to
a denial of service attack in the samba daemon LDAP server.
A malicious client can send packets that cause the LDAP server in the
samba daemon process to become unresponsive, preventing the server
from servicing any other requests.
This flaw is not exploitable beyond causing the code to loop expending
CPU resources.
o CVE-2015-5252:
All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to
a bug in symlink verification, which under certain circumstances could
allow client access to files outside the exported share path.
If a Samba share is configured with a path that shares a common path
prefix with another directory on the file system, the smbd daemon may
allow the client to follow a symlink pointing to a file or directory
in that other directory, even if the share parameter "wide links" is
set to "no" (the default).
o CVE-2015-5299:
All versions of Samba from 3.2.0 to 4.3.2 inclusive are vulnerable to
a missing access control check in the vfs_shadow_copy2 module. When
looking for the shadow copy directory under the share path the current
accessing user should have DIRECTORY_LIST access rights in order to
view the current snapshots.
This was not being checked in the affected versions of Samba.
o CVE-2015-5296:
Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that
signing is negotiated when creating an encrypted client connection to
a server.
Without this a man-in-the-middle attack could downgrade the connection
and connect using the supplied credentials as an unsigned, unencrypted
connection.
o CVE-2015-8467:
Samba, operating as an AD DC, is sometimes operated in a domain with a
mix of Samba and Windows Active Directory Domain Controllers.
All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as
an AD DC in the same domain with Windows DCs, could be used to
override the protection against the MS15-096 / CVE-2015-2535 security
issue in Windows.
Prior to MS16-096 it was possible to bypass the quota of machine
accounts a non-administrative user could create. Pure Samba domains
are not impacted, as Samba does not implement the
SeMachineAccountPrivilege functionality to allow non-administrator
users to create new computer objects.
o CVE-2015-5330:
All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
ldb versions up to 1.1.23 inclusive) are vulnerable to
a remote memory read attack in the samba daemon LDAP server.
A malicious client can send packets that cause the LDAP server in the
samba daemon process to return heap memory beyond the length of the
requested value.
This memory may contain data that the client should not be allowed to
see, allowing compromise of the server.
The memory may either be returned to the client in an error string, or
stored in the database by a suitabily privileged user. If untrusted
users can create objects in your database, please confirm that all DN
and name attributes are reasonable.
Changes since 4.3.2:
--------------------
o Andrew Bartlett <abartlet@samba.org>
* BUG 11552: CVE-2015-8467: samdb: Match MS15-096 behaviour for
userAccountControl.
o Jeremy Allison <jra@samba.org>
* BUG 11325: CVE-2015-3223: Fix LDAP \00 search expression attack DoS.
* BUG 11395: CVE-2015-5252: Fix insufficient symlink verification (file
access outside the share).
* BUG 11529: CVE-2015-5299: s3-shadow-copy2: Fix missing access check on
snapdir.
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 11599: CVE-2015-5330: Fix remote read memory exploit in LDB.
o Stefan Metzmacher <metze@samba.org>
* BUG 11536: CVE-2015-5296: Add man in the middle protection when forcing
smb encryption on the client side.
|
|
Go packages now define a set of files to buildlink in their buildlink3.mk.
go-packages.mk no longer looks in ${PREFIX}/gopkg during the build. This
should also fix the spurious issues with rebuilds of .a files during bulk
builds of Go packages.
|
|
|
|
|
|
|
|
PR pkg/50595.
|
|
From https://rommie.caida.org/pipermail/scamper-announce/2015-August/000003.html
* provide the ability for scamper's control socket to bind to a
specific address. this allows external systems to contact and drive
scamper processes. a more secure solution will follow in a month or
two.
* when converting the source port of a control socket client to a
string, print it in host byte order rather than network byte order
* add a TBT (too-big-trick) option to ping, use it in sc_speedtrap. a
simple optimisation to send up to M packets to get N fragmented
responses.
* if an input list to sc_speedtrap contains the same IP address twice,
ignore the duplicate address, rather than crash later.
* use a quicksort with a 3-way partition. will make scamper more
efficient in many places.
* add sc_warts2csv for samknows
* fix sc_tracediff so that it doesn't crash if the two warts files
being compared traceroute to different sets of addresses. reported
by Job Snijders.
|
|
v3.0.719 (24 May 2015)
- Implement tracking of remote ports: shows which ports the host
is making outgoing connections to. Long time feature request.
- Bugfix: when the capture interface goes down, exit instead of
busy-looping forever.
- Fix "clock error" due to machine reboot.
- SIGUSR1 now resets the time and bytes reported on the graphs
page.
- Account for all IP protocols.
- Change the default ports_max to only twice the default
ports_keep.
|
|
What was I thinking?
ok wiz@
|
|
Changelog:
elease 2.1.0 December 3rd 2015
GUI: Added a separate view for not synced items, ignores, errors
GUI: Improved upload/download progress UI (#3403, #3569)
Allowed sharing with ownCloud internal users and groups from Desktop
Changed files starting in .* to be considered hidden on all platforms (#4023)
Reflect read-only permissions in filesystem (#3244)
Blacklist: Clear on successful chunk upload (#3934)
Improved reconnecting after network change/disconnect (#4167 #3969 ...)
Improved performance in Windows file system discovery
Removed libneon-based propagator. As a consequence, The client can no longer provide bandwith limiting on Linux-distributions where it is using Qt < 5.4
Performance improvements in the logging functions
Ensured that local disk space problems are handled gracefully (#2939)
Improved handling of checksums: transport validation, db (#3735)
For *eml-files don't reupload if size and checksum are unchanged (#3235)
Ensured 403 reply code is handled properly (File Firewall) (#3490)
Reduced number of PROPFIND requests to server(#3964)
GUI: Added Account toolbox widget to keep account actions (#4139)
Tray Menu: Added fixes for Recent Activity menu (#4093, #3969)
FolderMan: Fixed infinite wait on pause (#4093)
Renamed env variables to include unit (#2939)
FolderStatusModel: Attempt to detect removed undecided files (#3612)
SyncEngine: Don't whipe the white list if the sync was aborted (#4018)
Quota: Handle special negative value for the quota (#3940)
State app name in update notification (#4020)
PropagateUpload: Fixed double-emission of finished (#3844)
GUI: Ensured folder names which are excluded from sync can be clicked
Shell Integration: Dolphin support, requires KF 5.16 and KDE Application 15.12
FolderStatusModel: Ensured reset also if a folder was renamed (#4011)
GUI: Fixed accessiblity of remaing items in full settings toolbar (#3795)
Introduced the term "folder sync connection" in more places (#3757)
AccountSettings: Don't disable pause when offline (#4010)
Fixed handling of hidden files (#3980)
Handle download errors while resuming as soft errors (#4000)
SocketAPI: Ensured that the command isn't trimmed (#3297)
Shutdown socket API before removing the db (#3824)
GUI: Made "Keep" default in the delete-all dialog (#3824)
owncloudcmd: Introduced return code 0 for --version and --help
owncloudcmd: Added --max-sync-retries (#4037)
owncloudcmd: Don't do a check that file are older than 2s (#4160)
Fixed getting size for selective sync (#3986)
Re-added close button in the settings window (#3713)
Added abililty to handle storage limitations gracefully (#3736)
Updated 3rdparty dependencies: sqlite version 3.9.1
Organized patches to our base Qt version into admin/qt/patches
Plus: A lot of unmentioned improvements and fixes
|
|
LongLong for the intermediate and let the compiler figure out how to
cast to it from long.
|
|
32bit vs 64bit differences between the BSDs.
|
|
distfile patch) owing to volume.
PKGREVISION -> 1 as it might have built before on old OSes running on
32-bit (only) platforms. Maybe.
|
|
isn't 64 bits. Required to build omniNotify, which has C++ overloading
code that reasonably assumes that "long" and "LONGLONG" aren't the
same type.
|
|
to try to support passing a format and va_list pair as the data for a
custom printf format in its own private printf clone.
The offending code was unused and removed upstream in 2004, but the
initial import of our package in 2005 included, without explanation, a
patch reverting this. So the code has still been there, and (being
illegal) it has now stopped compiling with clang.
Delete the offending patch section. (And while here, add comments for
the rest of this patch.)
|
|
|
|
Changelog:
NEWS for rsync 3.1.2 (21 Dec 2015)
Protocol: 31 (unchanged)
Changes since 3.1.1:
SECURITY FIXES:
- Make sure that all transferred files use only path names from inside the
transfer. This makes it impossible for a malicious sender to try to make
the receiver use an unsafe destination path for a transferred file, such
as a just-sent symlink.
BUG FIXES:
- Change the checksum seed order in the per-block checksums. This prevents
someone from trying to create checksum blocks that match in sum but not
content.
- Fixed a with the per-dir filter files (using -FF) that could trigger an
assert failure.
- Only skip set_modtime() on a transferred file if the time is exactly
right.
- Don't create an empty backup dir for a transferred file that doesn't
exist yet.
- Fixed a bug where --link-dest and --xattrs could cause rsync to exit if
a filename had a matching dir of the same name in the alt-dest area.
- Allow more than 32 group IDs per user in the daemon's gid=LIST config.
- Fix the logging of %b & %c via --log-file (daemon logging was already
correct, as was --out-format='%b/%c').
- Fix erroneous acceptance of --info=5 & --debug=5 (an empty flag name is
not valid).
ENHANCEMENTS:
- Added "(DRY RUN)" info to the --debug=exit output line.
- Use usleep() for our msleep() function if it is available.
- Added a few extra long-option names to rrsync script, which will make
BackupPC happier.
- Made configure choose to use linux xattrs on netbsd (rather than not
supporting xattrs).
- Added -wo (write-only) option to rrsync support script.
- Misc. manpage tweaks.
DEVELOPER RELATED:
- Fixed a bug with the Makefile's use of INSTALL_STRIP.
- Improve a test in the suite that could get an erroneous timestamp error.
- Tweaks for newer versions of git in the packaging tools.
- Improved the m4 generation rules and some autoconf idioms.
|
|
* mikutter's faked appearance crashed
|
|
Bump PKGREVISION
|
|
Update during the freeze approved by jperkin@
(while strictly speaking net/youtube-dl is a leaf package there are various
possible consumers, e.g. multimedia/mpv)
Changes:
2015.12.18:
o Misc bugfixes and improvements (most user visible change is the fixes
for #7900 and #7901 that fixes extraction of various youtube videos)
2015.12.13
o New [funimation] extractor
o Misc bugfixes and improvements
2015.12.10:
o Misc bugfixes and improvements
|
|
|
|
* no response on clicking mouse over icons on some environments
* fix a spello method
|
|
Ok joerg@
|
|
|
|
this value to 1024 to accommodate larger deployments until we get a proper
tunable.
|
|
--- 9.9.8-P2 released ---
4270. [security] Update allowed OpenSSL versions as named is
potentially vulnerable to CVE-2015-3193.
4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53.
[RT #40556]
4260. [security] Insufficient testing when parsing a message allowed
records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records
were subsequently cached. (CVE-2015-8000) [RT #40987]
4253. [security] Address fetch context reference count handling error
on socket error. (CVE-2015-8461) [RT#40945]
--- 9.9.8-P1 (withdrawn) ---
|
|
--- 9.10.3-P2 released ---
4270. [security] Update allowed OpenSSL versions as named is
potentially vulnerable to CVE-2015-3193.
4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53.
[RT #40556]
4260. [security] Insufficient testing when parsing a message allowed
records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records
were subsequently cached. (CVE-2015-8000) [RT #40987]
4253. [security] Address fetch context reference count handling error
on socket error. (CVE-2015-8461) [RT#40945]
--- 9.10.3-P1 (withdrawn) ---
|
