Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
the previous version. However, there are now tests (which pass), and
I've been running this version since June.
New in Version 0.9.1, released 2014-06-09
* When installing a new config file, create the config file's parent
directories if they don't exist. If a directory is created, the
permissions and ownership are copied from the corresponding
directory in the upstream config file hierarchy.
* Add a new --version (-V) option.
* Add a new --help (-h) option.
* etcmanage now exits with an error if an unsupported argument is
specified.
* 'etcmanage --remove' no longer warns if the given file was not
already in the database.
New in Version 0.9, released 2014-05-21
* Use Perl's Digest::MD5 module instead of the md5 utility for
compatibility with other operating systems.
* Add a new --destdir option. If specified, the filenames for all
operations will be prefixed with the provided directory name.
This makes it possible to use etcmanage on a chroot or DESTDIR
environment.
* Don't automatically update the hash stored in the database if a
live config file is modified and upstream is changed to match.
This matches the behavior when both the live file and upstream
file have been deleted (the record isn't removed from the
database) and it provides an important invariant: If the state of
the live config file does not match the state of the database
record, nothing is modified.
* Fix handling of removed files during 'etcmanage --update': If a
managed file is deleted, treat it as a manual modification---don't
restore the upstream file.
* Improve logging:
- Log problems updating config files to standard error (STDERR)
instead of standard output (STDOUT).
- During 'etcmanage --update', log "UNMANAGED_EQ_UPSTREAM" when
encoutering a new upstream file that is already installed with
identical contents.
- During 'etcmanage --update', log "UNMANAGED_NEQ_UPSTREAM" to
STDERR when encoutering a new upstream file that is already
installed but has different contents.
- Log three distinct types of "MISSING" messages instead of one:
* "MISSING" is logged when the hash of the upstream file matches
the database entry
* "MISSING;UPSTREAM_WITHDRAWN" is logged when the upstream file
doesn't exist
* "MISSING;UPSTREAM_DIFFERENT" is logged when the hash of the
upstream file differs from the hash stored in the database
- Use the term "MODIFIED" instead of "CONFLICT" and split it into
three distinct types of "MODIFIED" messages instead of one:
* "MODIFIED" is logged when the hash of the upstream file
matches the database entry
* "MODIFIED;UPSTREAM_WITHDRAWN" is logged when the upstream file
doesn't exist
* "MODIFIED;UPSTREAM_DIFFERENT" is logged when the hash of the
upstream file differs from the hash stored in the database
* During 'etcmanage --update <dir>', visit all files in '<dir>', not
just '<dir>/etc'. This makes it possible to use etcmanage to
manage files outside of '/etc', but is unfortunately not
backwards-compatible: 'etcmanage --update' can no longer be
pointed to a DESTDIR containing a complete NetBSD build (or else
all operating system files---not just config files---will be
managed by etcmanage).
* During 'etcmanage --generate-manifest <dir>', visit all files in
'<dir>', not just '<dir>/etc'. This makes it easier to use
etcmanage to manage files outside of '/etc', but is unfortunately
not backwards-compatible: 'etcmanage --generate-manifest' can no
longer be pointed to a DESTDIR containing a complete NetBSD build
(or else all operating system files---not just config files---will
be included in the manifest).
* Add support for systems that don't have an /etc/services file or
don't consider the /etc/services file to be a configuration file.
* Fix command line parsing. It is now possible to specify multiple
commands at once (including repeating a command) and they will be
executed in the specified order.
* Add a '--db' option to specify the database filename.
* Add a new '--manual' command to mark a file as manually managed.
This differs from '--remove' in that a future '--update' will
never automatically cause the file to become managed. It also
results in different log messages being printed when a config file
has been modified, and these log messages are printed to STDOUT
instead of STDERR (because they are expected conditions).
* Refuse to add abnormal pathnames to the database. A pathname is
considered abnormal if it has any of the following properties:
- contains whitespace
- begins with '#'
- is the empty string
- is relative
- contains '/../', '/./', or superfluous slashes
Pathnames with the first three properties in the above list cannot
be represented in a manifest. Relative pathnames do not make
sense (what are they relative to?). Pathnames with '/../', '/./',
or superfluous slashes can result in unintentional duplicate
database entries that conflict with each other.
* Various code cleanups.
* Various build system improvements.
|
|
|
|
|
|
|
|
2.1.3 2014-09-26
================
**Bug fixes**
- #536: [Linux]: fix "undefined symbol: CPU_ALLOC" compilation error.
|
|
Improper MSR range used for x2APIC emulation
Bump PKGREVISION
|
|
(CVE-2014-7188)
bump PKGREV
|
|
2.1.2 - 2014-09-21
==================
**Enhancements**
- #407: project moved from Google Code to Github; code moved from Mercurial
to Git.
- #492: use tox to run tests on multiple python versions. (patch by msabramo)
- #505: [Windows] distribution as wheel packages.
- #511: new examples/ps.py sample code.
**Bug fixes**
- #340: [Windows] Process.get_open_files() no longer hangs. (patch by
Jeff Tang)
- #501: [Windows] disk_io_counters() may return negative values.
- #503: [Linux] in rare conditions Process exe(), open_files() and
connections() methods can raise OSError(ESRCH) instead of NoSuchProcess.
- #504: [Linux] can't build RPM packages via setup.py
- #506: [Linux] python 2.4 support was broken.
- #522: [Linux] Process.cpu_affinity() might return EINVAL. (patch by David
Daeschler)
- #529: [Windows] Process.exe() may raise unhandled WindowsError exception
for PIDs 0 and 4. (patch by Jeff Tang)
- #530: [Linux] psutil.disk_io_counters() may crash on old Linux distros
(< 2.6.5) (patch by Yaolong Huang)
- #533: [Linux] Process.memory_maps() may raise TypeError on old Linux distros.
|
|
|
|
|
|
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
of software interrupts
bump PKGREVISION
|
|
CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
created
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
pkgsrc also includes patches from the Xen Security Advisory:
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
of software interrupts
|
|
|
|
|
|
zlib is not built-in.
|
|
|
|
|
|
|
|
http://mail-index.netbsd.org/pkgsrc-changes/2014/08/28/msg110551.html:
Don't redefine MAP_ANONYMOUS is already defined. Fixes build on netbsd-7
pointed out by Mustafa Dogan in private mail
|
|
D-Bus 1.8.8 (2014-09-16)
==
The "smashy smashy egg man" release.
Security fixes:
* Do not accept an extra fd in the padding of a cmsg message, which
could lead to a 4-byte heap buffer overrun.
(CVE-2014-3635, fd.o #83622; Simon McVittie)
* Reduce default for maximum Unix file descriptors passed per message
from 1024 to 16, preventing a uid with the default maximum number of
connections from exhausting the system bus' file descriptors under
Linux's default rlimit. Distributors or system administrators with a
more restrictive fd limit may wish to reduce these limits further.
Additionally, on Linux this prevents a second denial of service
in which the dbus-daemon can be made to exceed the maximum number
of fds per sendmsg() and disconnect the process that would have
received them.
(CVE-2014-3636, fd.o #82820; Alban Crequy)
* Disconnect connections that still have a fd pending unmarshalling after
a new configurable limit, pending_fd_timeout (defaulting to 150 seconds),
removing the possibility of creating an abusive connection that cannot be
disconnected by setting up a circular reference to a connection's
file descriptor.
(CVE-2014-3637, fd.o #80559; Alban Crequy)
* Reduce default for maximum pending replies per connection from 8192 to 128,
mitigating an algorithmic complexity denial-of-service attack
(CVE-2014-3638, fd.o #81053; Alban Crequy)
* Reduce default for authentication timeout on the system bus from
30 seconds to 5 seconds, avoiding denial of service by using up
all unauthenticated connection slots; and when all unauthenticated
connection slots are used up, make new connection attempts block
instead of disconnecting them.
(CVE-2014-3639, fd.o #80919; Alban Crequy)
Other fixes:
* Check for libsystemd from systemd >= 209, falling back to
the older separate libraries if not found (Umut Tezduyar Lindskog,
Simon McVittie)
* On Linux, use prctl() to disable core dumps from a test executable
that deliberately raises SIGSEGV to test dbus-daemon's handling
of that condition (fd.o #83772, Simon McVittie)
* Fix compilation with --enable-stats (fd.o #81043, Gentoo #507232;
Alban Crequy)
* Improve documentation for running tests on Windows (fd.o #41252,
Ralf Habacker)
|
|
bump PKGREVISION
|
|
|
|
packaged for wip.
The functions for creating temporary files and directories in the base
library are quite limited. The unixutils package contains some good ones,
but they aren't portable to Windows. This library just repackages the Cabal
implementations of its own temporary file and folder functions so that you
can use them without linking against Cabal or depending on it being
installed.
|
|
|
|
|
|
rather than trying to consolidate into a single fnmatch. There aren't that
many of them, and it will aid the integration of cwrappers which doesn't
support globs.
|
|
|
|
Direvent is a directory content watcher daemon, i.e. a program that
monitors a set of directories on the file system and reacts when
their content changes. When a change is detected, the daemon reacts by
invoking an external command configured for that kind of change.
The program aims to provide a uniform and system-independent
command-level interface for file system events.
|
|
This release doesn't include anything as significant as the metadata
support added in 0.25, but it has quite a few bug fixes and internal
improvements, in addition to these notable changes:
- When --meta is specified to the fuse command, instead of generic
data, the originally saved mode, uid, git, atime, mtime, and ctime
will be reported for the archive paths.
- When --browser is specified to the web command, a browser window
will be opened for the repository.
- The -x/--xdev/--one-filesystem options now include the mountpoint
itself in the traversal (matching rsyc, tar, etc.).
- Empty lines in --exclude-rx-from files will be ignored.
Previously they would cause all paths to be excluded.
- The index and restore commands now support --exclude-rx-from.
- Relative filesystem --excludes like "--exclude bar" should now
work. Previously --excludes had to be absolute.
- The drecurse command now supports --exclude-rx and
--exclude-rx-from.
- The --compress option should now work for remote repositories.
- Streams saved via "bup split" will now show up as a single file
named "data" at the top level of the VFS, instead of as a subtree
(i.e. when examined via ftp, ls, and fuse).
- The ls command now supports -n, -A, -F, --file-type,
--numeric-ids, and detailed -l options.
- The save dates are now taken from the corresponding git commit's
author date, not the committer date.
- The tornado server, required by the web command, is no longer
included. See the README for installation instructions.
Note that the metadata support is still somewhat immature. For
example, we still need to add better support for cross-filesystem-type
save/restore (which is too noisy), etc.
Please give this release a try and let us know what's broken. If
you're new to bup, start with the README (and then HACKING if you'd
like to help further):
https://github.com/bup/bup/blob/master/README.md
https://github.com/bup/bup/blob/master/HACKING
http://anonscm.debian.org/gitweb/?p=users/rlb/bup.git;a=blob;f=README.md;hb=refs/heads/master
http://anonscm.debian.org/gitweb/?p=users/rlb/bup.git;a=blob;f=HACKING;hb=refs/heads/master
And although I probably sound like a broken record -- while we expect
bup to work fairly well, I still don't recommend it as your sole
backup strategy. I'd still suggest a periodic
tar/rsync/etc. backstop.
|
|
|
|
|
|
to account for the font path change.
|
|
|
|
Rsyslog is an enhanced syslogd supporting, among others, MySQL,
PostgreSQL, failover log destinations, syslog/tcp, fine grain
output format control, high precision timestamps, queued operations
and the ability to filter on any message part. It is quite
compatible to stock sysklogd and can be used as a drop-in
replacement.
|
|
liblognorm shall help to make sense out of syslog data, or, actually,
any event data that is present in text form.
In short words, one will be able to throw arbitrary log message to
liblognorm, one at a time, and for each message it will output
well-defined name-value pairs and a set of tags describing the message.
|
|
Liblogging is an easy to use library for logging. It offers
an enhanced replacement for the syslog() call, but retains
its ease of use.
|
|
|
|
ZnapZend is a ZFS centric backup tool. It relies on snapshot, send
and receive todo its work. It has the built-in ability to to manage
both local snapshots as well as remote copies by thining them out
as time progresses.
The ZnapZend configuration is stored as properties in the
ZFS filesystem itself.
|
|
|
|
arguments, these are now handled globally by mk/platform/SunOS.mk
|
|
From Niclas Rosenvik.
Bump PKGREVISION.
|
|
The bug prevents mkisofs from creating old-style distrib/cdrom ISO
image for macppc. Trying to create bootable macppc CD in distrib/cdrom
using cdrtools mkisofs fails with:
mkisofs: No such file or directory. Invalid node - '--macbin'.
The bug is in option spec that causes mkisofs to misparse
-hide-hfs-list option. The patch is actually a single whitespace
character.
Bump PKGREVISION.
|
|
|
|
|
|
|
|
|
|
|
|
discussion in, and fixing, PR pkg/49034.
While we are here, make sure the group lsof setgids to is the one
owning /dev/kmem on SunOS ('sys').
|
|
|