| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
From Petar Bogdanovic on pkgsrc-users.
|
|
|
|
ChangeLog (only stable versions):
2015/11/03 : 1.6.2
- BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < 1.0.0
- DOC: fix a typo for a "deviceatlas" keyword
- FIX: small typo in an example using the "Referer" header
- BUG/MEDIUM: config: count memory limits on 64 bits, not 32
- BUG/MAJOR: dns: first DNS response packet not matching queried hostname may lead to a loop
- BUG/MINOR: dns: unable to parse CNAMEs response
- BUG/MINOR: examples/haproxy.init: missing brace in quiet_check()
- DOC: deviceatlas: more example use cases.
- BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin.
- BUG/MAJOR: http: don't requeue an idle connection that is already queued
- DOC: typo on capture.res.hdr and capture.req.hdr
- BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section was missing
- CLEANUP: use direction names in place of numeric values
- BUG/MEDIUM: lua: sample fetches based on response doesn't work
2015/10/20 : 1.6.1
- DOC: specify that stats socket doc (section 9.2) is in management
- BUILD: install only relevant and existing documentation
- CLEANUP: don't ignore debian/ directory if present
- BUG/MINOR: dns: parsing error of some DNS response
- BUG/MEDIUM: namespaces: don't fail if no namespace is used
- BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is disabled
- MEDIUM: dns: Don't use the ANY query type
2015/10/13 : 1.6.0
- BUG/MINOR: Handle interactive mode in cli handler
- DOC: global section missing parameters
- DOC: backend section missing parameters
- DOC: stats paramaters available in frontend
- MINOR: lru: do not allocate useless memory in lru64_lookup
- BUG/MINOR: http: Add OPTIONS in supported http methods (found by find_http_meth)
- BUG/MINOR: ssl: fix management of the cache where forged certificates are stored
- MINOR: ssl: Release Servers SSL context when HAProxy is shut down
- MINOR: ssl: Read the file used to generate certificates in any order
- MINOR: ssl: Add support for EC for the CA used to sign generated certificates
- MINOR: ssl: Add callbacks to set DH/ECDH params for generated certificates
- BUG/MEDIUM: logs: fix time zone offset format in RFC5424
- BUILD: Fix the build on OSX (htonll/ntohll)
- BUILD: enable build on Linux/s390x
- BUG/MEDIUM: lua: direction test failed
- MINOR: lua: fix a spelling error in some error messages
- CLEANUP: cli: ensure we can never double-free error messages
- BUG/MEDIUM: lua: force server-close mode on Lua services
- MEDIUM: init: support more command line arguments after pid list
- MEDIUM: init: support a list of files on the command line
- MINOR: debug: enable memory poisonning to use byte 0
- BUILD: ssl: fix build error introduced by recent commit
- BUG/MINOR: config: make the stats socket pass the correct proxy to the parsers
- MEDIUM: server: implement TCP_USER_TIMEOUT on the server
- DOC: mention the "namespace" options for bind and server lines
- DOC: add the "management" documentation
- DOC: move the stats socket documentation from config to management
- MINOR: examples: update haproxy.spec to mention new docs
- DOC: mention management.txt in README
- DOC: remove haproxy-{en,fr}.txt
- BUILD: properly report when USE_ZLIB and USE_SLZ are used together
- MINOR: init: report use of libslz instead of "no compression"
- CLEANUP: examples: remove some obsolete and confusing files
- CLEANUP: examples: remove obsolete configuration file samples
- CLEANUP: examples: fix the example file content-sw-sample.cfg
- CLEANUP: examples: update sample file option-http_proxy.cfg
- CLEANUP: examples: update sample file ssl.cfg
- CLEANUP: tests: move a test file from examples/ to tests/
- CLEANUP: examples: shut up warnings in transparent proxy example
- CLEANUP: tests: removed completely obsolete test files
- DOC: update ROADMAP to remove what was done in 1.6
- BUG/MEDIUM: pattern: fixup use_after_free in the pat_ref_delete_by_id
|
|
**** 1.03 November 6, 2015
Fix rt.cpan.org #107897
t/10-recurse.t freezes, never completes
Fix rt.cpan.org #101978
Update Net::DNS to use IO::Socket::IP
Fix rt.cpan.org #84375
Timeout doesn't work with bgsend/bgread
Fix rt.cpan.org #47050
persistent sockets for Resolver::bg(send|read|isready)
Fix rt.cpan.org #15515
bgsend on TCP
|
|
Changes:
o Fix and improvements to various extractors (most user visible change is the
support for new base.js html5 youtube player).
|
|
|
|
Changelog only has "Bug fixes"
Several pkgsrc patches merged
pkgsrc changes: Switch to new Github handling
|
|
|
|
|
|
|
|
|
|
|
|
|
|
why the openbsd build failed.
|
|
Tests don't run through because of
===> Testing for py27-gevent-1.0.2
Traceback (most recent call last):
File "testrunner.py", line 2, in <module>
import six
File "/scratch/net/py-gevent/work/gevent-1.0.2/greentest/six.py", line 2, in <module>
from gevent.hub import PY3
ImportError: No module named gevent.hub
*** Error code 1
Release 1.0.2
-------------
- Fix LifoQueue.peek() to return correct element. PR #456. Patch by Christine Spang.
- Upgrade to libev 4.19
- Remove SSL3 entirely as default TLS protocol
- Import socket on Windows (closes #459)
- Fix C90 syntax error (PR #449)
- Add compatibility with Python 2.7.9's SSL changes. Issue #477.
|
|
It's safe to assume the test for MACHINE_ARCH == "amd64" doesn't actually apply
to NetBSD, hence being redundant.
ok joerg@
|
|
|
|
Avoid SDK build on OS X.
|
|
|
|
|
|
in the ejabberd 15.10 update that follows.
|
|
Problems found with existing digests:
Package haproxy distfile haproxy-1.5.14.tar.gz
159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Problems found locating distfiles:
Package bsddip: missing distfile bsddip-1.02.tar.Z
Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
Package djbdns: missing distfile djbdns-cachestats.patch
Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
Package gated: missing distfile gated-3-5-11.tar.gz
Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
Package poink: missing distfile poink-1.6.tar.gz
Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
Package waste: missing distfile waste-source.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
* Fix extraction and update test checksum
* fix info extraction
* unified_strdate: Return None if the date format can't be recognized
|
|
The changelog only goes as far back as 3.1. Major changes are:
- Mac OS X port
- Provide minimal interface information on BSD
- Fixes for all defects identified by coverity
- Fix accuracy issue on total rate calculation
- Better example config file
- Only initialize curses module if actually used
- Bugfixes
Also saner build system and new source code location (github).
|
|
|
|
Changelog:
Release 2.0.2 October 22nd 2015
csync_file_stat_s: Save a bit of memory
Shibboleth: Add our base user agent to WebKit
SelectiveSync: Increase folder list timeout to 60
Propagation: Try another sync on 423 Locked (#3387)
Propagation: Make 423 Locked a soft error (#3387)
Propagation: Reset upload blacklist if a chunk succeeds
Application: Fix crash on early shutdown (#3898)
Linux: Don't show settings dialog always when launched twice (#3273, #3771, #3485)
win32 vio: Add the OPEN_REPARSE_POINTS flag to the CreateFileW call. (#3813)
AccountSettings: only expand root elements on single click.
AccountSettings: Do not allow to expand the folder list when disconnected.
Use application SHORT name for the name of the MacOSX pkg file (ownBrander).
FolderMan: Fix for removing a syncing folder (#3843)
ConnectionMethodDialog: Don't be insecure on close (#3863)
Updater: Ensure folders are not removed (#3747)
Folder settings: Ensure path is cleaned (#3811)
Propagator: Simplify sub job finished counting (#3844)
Share dialog: Hide settings dialog before showing (#3783)
UI: Only expand 1 level in folder list (#3585)
UI: Allow folder expanding from button click (#3585)
UI: Expand folder treeview on single click (#3585)
GUI: Change tray menu order (#3657)
GUI: Replace term "sign in" with "Log in" and friends.
SetupPage: Fix crash caused by uninitialized Account object.
Use a themable WebDAV path all over.
Units: Back to the "usual" mix units (JEDEC standard).
csync io: Full UNC path support on Win (#3748)
Tray: Don't use the tray workaround with the KDE theme (#3706, #3765)
ShareDialog: Fix folder display (#3659)
AccountSettings: Restore from legacy only once (#3565)
SSL Certificate Error Dialog: show account name (#3729)
Tray notification: Don't show a message about modified folder (#3613)
PropagateLocalRemove: remove entries from the DB even if there was an error.
Settings UI improvements (eg. #3713, #3721, #3619 and others)
Folder: Do not create the sync folder if it does not exist (#3692)
Shell integration: don't show share menu item for top level folders
Tray: Hide while modifying menus (#3656, #3672)
AddFolder: Improve remote path selection error handling (#3573)
csync_update: Use excluded_traversal() to improve performance (#3638)
csync_excluded: Add fast _traversal() function (#3638)
csync_exclude: Speed up significantly (#3638)
AccountSettings: Adjust quota info design (#3644, #3651)
Adjust buttons on remove folder/account questions (#3654)
Release 2.0.1 September 1st 2015
AccountWizard: fix when the theme specifies an override URL (#3699)
Release 2.0.0 August 25th 2015
Add support for multiple accounts (#3084)
Do not sync down new big folders from server without users consent (#3148)
Integrate Selective Sync into the default UI
OS X: Support native finder integration for 10.10 Yosemite (#2340)
Fix situation where client would not reconnect after timeout (#2321)
Use SI units for the file sizes
Improve progress reporting during sync (better estimations, show all files, show all bandwidth)
Windows: Support paths >255 characters (#57) by using Windows API instead of POSIX API
Windows, OS X: Allow to not sync hidden files (#2086)
OS X: Show file name in UI if file has invalid UTF-8 in file name
Sharing: Make use of Capability API (#3439)
Sharing: Do not allow sharing the root folder (#3495)
Sharing: Show thumbnail
Client Updater: Check for updates periodically, not only once per run (#3044)
Windows: Remove misleading option to remove sync data (#3461)
Windows: Do not provoke AD account locking if password changes (#2186)
Windows: Fix installer when installing unprivileged (#2616, #2568)
Quota: Only refresh from server when UI is shown
SSL Button: Show more information
owncloudcmd: Fix --httpproxy (#3465)
System proxy: Ask user for credentials if needed
Several fixes and performance improvements in the sync engine
Network: Try to use SSL session tickets/identifiers. Check the SSL button to see if they are used.
Bandwidth Throttling: Provide automatic limit setting for downloads (#3084)
Systray: Workaround for issue with Qt 5.5.0 (#3656)
|
|
|
|
* TMPDIR is no longer defined
Applications which use TMPDIR and expect it to be a valid directory
no longer complain.
|
|
|
|
- apply the "warmup" patch only on linux. should fix the build on netbsd-6
|
|
|
|
|
|
(NetBSD's implementation of recvmmsg() is not 100% with the Linux version)
|
|
===========================
Bugfixes:
---------
- Do not reload expired zones on 'knotc reload' and server startup
- Fix rare race-condition in event scheduling causing delayed event execution
- Fix skipping of non-authoritative nodes in NSEC proofs
- Fix TC flag setting in RRL slipped answers
- Disable domain name compression for root label
- Log via journald only when running under systemd
- Fix CNAME following when quering for NSEC RR type
- Fix refreshing of DNSSEC signatures for zone keys
- Fix binding an unavailable IPv6 address on Linux (IP_FREEBIND)
- Fix infinite loop in knotc zonestatus and memstats
- Fix memory leak in configuration on server shutdown
- Fix broken dnsproxy module
- Fix DNSSEC KASP timestamps parsing in strict POSIX environment
- fix multi value parsing on big-endian
- Adapt to Nettle 3 API break causing base64 decoding failures on big-endian
Features:
---------
- Add 'keymgr zone key ds' to show key's DS record
- Add 'keymgr tsig generate' to generate TSIG keys
- Add query module scoping to process either all queries or zone queries only
- Add support for file name globbing in config file includes
- Add 'request-edns-option' config option to add custom EDNS0 option into
server initiated queries
Improvements:
-------------
- Send minimal responses (remove NS from Authority section for NOERROR)
- Update persistent timers only on shutdown for better performance
- Allow change of RR TTL over DDNS
- Documentation fixes, updates, and improvements in formatting
- Install yparser and zscanner header files
- Improve lookup of libsystemd build dependencies
- Fix compilation warnings in endian conversion functions on OpenBSD
Knot DNS 2.0.0 (2015-06-26)
===========================
Bugfixes:
---------
- Fix lost NOTIFY message if received during zone transfer
- Disable fast zone parser when compiled in Clang (workaround for Clang bug)
- kdig: Record correct dnstap SocketProtocol when retrying over TCP
- kdig: Hide TSIG section with +noall
- Do not set AA flag for AXFR/IXFR queries
Features:
---------
- DNSSEC: separate library, switch to GnuTLS, new utilities
- DNSSEC: basic KASP support (generate initial keys, ZSK rollover)
- Configuration: New text format in YAML, binary store in LMDB
- Zone parser: Split long TXT/SPF strings into multiple strings
- kdig: Add generic dump style option (+generic)
- Try all master servers in multi-master environment
- Improved remotes and ACLs (multiple addresses, multiple keys)
- Basic support for zone file patterns (%s to substitute zone name)
- Disable zone file synchronization by setting 'zonefile_sync' to '-1'
- knsupdate: Add input prompt in interactive mode and 'quit' command
- knsupdate: Allow TSIG algorithm specification in interactive prompt
Improvements:
-------------
- Zone dump: Do not write class for SOA record (unified with other RR types)
- Zone dump: Do not write master server address into the zone file
- Documentation: Manual pages are included in HTML and PDF
|
|
All dylibs get their -install_name set to ${PREFIX}/lib/libname.lib,
but plugins go in different directories which causes the check to misfire.
|
|
This is similar to tcptraceroute, but for IPv6.
This is the version from 1.0.3 of the NDisc6 package.
|
|
|
|
pkgsrc change:
* Remove duplicated HTML documents.
* Install some addtional documents.
Changes are too many to write here, please refer NEWS files and this
release fixes security problems.
October 2015 NTP Security Vulnerability Announcement (Medium)
NTF's NTP Project has been notified of the following 13 low- and
medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on
Wednesday, 21 October 2015:
* Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association
authentication bypass via crypto-NAK (Cisco ASIG)
* Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning
FAIL on some bogus values (IDA)
* Bug 2921 CVE-2015-7854 Password Length Memory Corruption
Vulnerability. (Cisco TALOS)
* Bug 2920 CVE-2015-7853 Invalid length data provided by a custom refclock
driver could cause a buffer overflow. (Cisco TALOS)
* Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption
Vulnerability. (Cisco TALOS)
* Bug 2918 CVE-2015-7851 saveconfig Directory Traversal
Vulnerability. (OpenVMS) (Cisco TALOS)
* Bug 2917 CVE-2015-7850 remote config logfile-keyfile. (Cisco TALOS)
* Bug 2916 CVE-2015-7849 trusted key use-after-free. (Cisco TALOS)
* Bug 2913 CVE-2015-7848 mode 7 loop counter underrun. (Cisco TALOS)
* Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC. (Tenable)
* Bug 2902 : CVE-2015-7703 configuration directives "pidfile" and "driftfile"
should only be allowed locally. (RedHat)
* Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should
validate the origin timestamp field. (Boston University)
* Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey
data packet length checks. (Tenable)
The only generally-exploitable bug in the above list is the crypto-NAK bug,
which has a CVSS2 score of 6.4.
Additionally, three bugs that have already been fixed in ntp-4.2.8 but were
not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all
below 1.8 CVSS score, so we're reporting them here:
* Bug 2382 : Peer precision < -31 gives division by zero
* Bug 1774 : Segfaults if cryptostats enabled when built without OpenSSL
* Bug 1593 : ntpd abort in free() with logconfig syntax error
|
|
This is a security release fixing CVE-2015-5230.
Bug fixes:
- Avoid superfluous backend recycling
- Removal of dnsdist from the authoritative server distribution
- Add EDNS unknown version handling and tests EDNS unknown version handling
Improvements:
- Update YaHTTP to v0.1.7
- Make trailing/leading spaces stand out in pdnssec check_zone
- GCC 5.2 support and sync boost.m4 macro with upstream
- Log answer packets only if log-dns-details is enabled
|
|
=============
Features:
* Default for ssl-port is port 853, the temporary port assignment for
secure domain name system traffic. If you used to rely on the older default
of port 443, you have to put a clause in unbound.conf for that. The new
value is likely going to be the standardised port number for this traffic.
* ANY responses include DNAME records if present,
as per Evan Hunt's remark in dnsop.
Bug Fixes:
* Fix segfault in the dns64 module in the formaterror error path.
* Fix manpage to suggest using SIGTERM to terminate the server.
* iana portlist update.
Unbound 1.5.5
=============
Features:
* Change default of harden-algo-downgrade to off.
This is lenient for algorithm rollover.
* Added permit-small-holddown config to debug fast 5011 rollover.
* Allow certificate chain files to allow for intermediate certificates.
* Enable ECDHE for servers. Where available, use SSL_CTX_set_ecdh_auto()
for TLS-wrapped server configurations to enable ECDHE. Otherwise,
manually offer curve p256. Client connections should automatically
use ECDHE when available.
* [bugzilla: 699 ] Feature --enable-pie option to that builds PIE binary.
* [bugzilla: 700 ] Feature --enable-relro-now option that enables full
read-only relocation.
* [bugzilla: 702 ] New IPs for for h.root-servers.net.
Bug Fixes:
* [bugzilla: 681 ] Fix setting forwarders with unbound-control forward
implicitly turns on forward-first.
* [bugzilla: 690 ] Fix that reload fails when so-reuseport is yes
after changing num-threads.
* please afl-gcc (llvm) for uninitialised variable warning.
* Fix mktime in unbound-anchor not using UTC.
* Fix 5011 anchor update timer after reload.
* 5011 implementation does not insist on all algorithms,
when harden-algo-downgrade is turned off.
* Document in the manual more text about configuring locally served zones.
* Document that local-zone nodefault matches exactly and transparent can
be used to release a subzone.
* [bugzilla: 694 ] Fix that configure script does not detect LibreSSL 2.2.2
* Fix deadlock for local data add and zone add when unbound-control
list_local_data printout is interrupted.
* [bugzilla: 697 ] Fix get PY_MAJOR_VERSION failure at configure for
python 2.4 to 2.6.
* changed windows setup compression to be more transparent.
* Fix config globbed include chroot treatment, this fixes reload of globs.
* [bugzilla: 705 ] Fix ub_ctx_set_fwd() return value mishandled on windows.
* Fix minor error in unbound.conf.5.in.
* Fix unbound.conf(5) access-control description for precedence and default.
* Fix unbound-control flush that does not succeed in removing data.
* MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution failures.
* iana portlist update.
|
|
=========
BUG FIXES:
- Fix #701: Fix that AD=1 set in a BADVERS response.
- Fix typo in zonec.c inside error message.
- Fix #711: Document that debug-mode yes is used for staying
attached to the supervisor console.
- Document verbosity 3 prints more information.
- nsd-checkconf warns for master zones with no zonefile statement.
- Fix start failure when many file descriptors are in use.
- The servfail rcode is not printed with a space in the middle.
- print failed token for config syntax error or parse error.
|
|
|
|
What's New
Bug Fixes
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-30
Pcapng file parser crash. Discovered by Dario Lombardo and Shannon
Sabens. ([2]Bug 11455) [3]CVE-2015-7830
The following bugs have been fixed:
* Last Address field for IPv6 RPL routing header is interpreted
incorrectly. ([4]Bug 10560)
* Comparing two capture files crashes Wireshark when navigating the
results. ([5]Bug 11098)
* 802.11 frame is not correctly dissected if it contains HT Control.
([6]Bug 11351)
* GVCP bit-fields not updated. ([7]Bug 11442)
* Tshark crash when specifying ssl.keys_list on CLI. ([8]Bug 11443)
* pcapng: SPB capture length is incorrectly truncated if IDB snaplen
= 0. ([9]Bug 11483)
* pcapng: NRB IPv4 address is endian swapped but shouldn't be.
([10]Bug 11484)
* pcapng: NRB with options causes file read failure. ([11]Bug 11485)
* pcapng: ISB without if_drop option is shown as max value. ([12]Bug
11489)
* UNISTIM dissector - Message length not included in offset for
"Select Adjustable Rx Volume". ([13]Bug 11497)
Updated Protocol Support
DIAMETER, GVCP, IEEE 802.11, IPv6, and UNISTIM
|
|
approved by wiz@
|
|
* get format_id from video file ext
* check for the offline error page
* treat the offline error as an expected ExtractorError
* Look for sm4:video:embed
* Add _extract_url
* Use _extract_url for mtvservices
|
|
- Erlang 18.1 compatibility.
- Prevent EACCESS errors on Windows when queue journal is cleared.
- When multiple authorization backends are used, user tags from all
of them should be preserved.
- Force a (per-queue, not global) GC when a queue pages messages
to disk.
- MQTT Plugin: Queues used by QoS 1 subscriptions are no longer
deleted when the only subscriber disconnects.
- STOMP Plugin: Trailing new line character now can be optional.
|
|
- Win32: Use WSAEWOULDBLOCK instead of EWOULDBLOCK on Win32 (win32
clients would fail to connect)
- Lib: if channel_max is 0 use server's channel_max
- Lib: fix build on OpenBSD
|
|
RPKI to Router Protocol: Fix Segmentation Faults and other problems
RPKI to Router Protocol: print strings with fn_printn()
wb: fix some bounds checks
|
|
Include fix for GitHub issue 424 -- out of tree builds.
|
|
Release Note
------------
This release fixes the bug that progress summary is not shown timely.
Changes
-------
* Fix bug that progress summary is not shown timely
|
