the man page) and README.openvpn-down-root
2 - match rc.d filename as printed post install in pkg-message to actual file
name on newer systems (which use openvpn rather than openvpn.sh)
Reported by: Jean-Baptiste Quenot (Bcc'd)
The maintainer wishes to thank Jean-Baptiste for his report and patience.
3 - add a pkg-req script to prevent installation of 6.1 packages on older
machines, which is a frequent source of "rc.d script doesn't work"
complaints.
Added file(s):
- files/pkg-req.in
PR: ports/100917
Submitted by: Matthias Andree (maintainer)
the format string exploit fixes that were also in the patch in 4.2.0_1 (hence
removed).
- Also updating master site to the new official one.
PR: ports/100952
Submitted by: David Thiel (maintainer)
- Mark IGNORE on !i386, due to a run-time issue.
- Use DATADIR macro in pkg-plist while here.
PR: ports/99949
Submitted by: shaun (me)
Approved by: Maintainer timeout (19 days)
In the code, the author uses two level hash, and IPC::Shareable
will create a share memory for those anonymouse object (the second
level hash). Those share memory will not be removed when sshit exists
or when the rule is removed. Running sshit for a period of time,
the number of share memory and semaphore will reach the limit for
one process, then sshit.pl can not get more share memory, thus it
quits. The only solution is to manually remove all share memory and
semaphore.
This is somehow the limitation of using IPC::Shareable. To workaround
this problem. The patch will removes associated firewall rules when
syslogd closes the fd [1], and use IPC::Shareable->clean_up
to remove all shm/sem created by this process. I also set 'destroy'
to 1 so the shm tied to %list can be removed.
The second hunk is to fix a typo for ipfw2. Due to this typo,
ip in ipfw2's table cat not be removed. That means once blocked,
the client is blocked until reboot or admin cleanup the table.
[1] if any log files are rotated, newsyslog sends a HUP to syslogd,
syslogd will close *all* current open fd and reopen them. At
that time, the sshit.pl's stdin will be closed, thus the main
program will exit.
PR: ports/100726
Submitted by: Alex Samorukov <samm at os2.kiev.ua>
Approved by: Jui-Nan Eric Lin <jnlin at csie.NCTU.edu.tw> (maintainer)
Obtained from: rafan
- Port now installs some extra documentation into ${DOCSDIR}.
- Added pkg-message and pkg-plist to port.
PR: ports/100897
Submitted by: maintainer (andrew_AT_arda dot homeunix)
"Ulf Harnhammar and Max Vozeler from the Debian Security Audit Project
have found several format string security bugs in osiris, a network-wide
system integrity monitor control interface. A remote attacker could
exploit them and cause a denial of service or execute arbitrary code."
PR: ports/100793
Submitted by: David Thiel (maintainer)
Security: CVE-2006-3120
CHANGES:
- Added parsing for multiple route-to's
- Added parsing of "set skip" statements
- Added Optionsclass unit test script
- Fixed the natedit page so that is reloads automatically when it should.
- Fixed a small XHTML compliance problem which sometimes would generate &
instead of &
- Moved the stylesheet fromt the body to the header on a lot of web scripts
for xhtml compliance reasons
- Changed from statically defining font size on the screen to a relative
measurement. This allows changing of font size on IE
connections into Tor.
trans-proxy-tor is a transparent proxy
that uses PF to redirect TCP connections
through Tor (http://tor.eff.org/).
Programs that aren't aware of Tor
will use it without their knowledge,
and their traffic no longer leaves the
system unencrypted.
PR: ports/99034
Submitted by: Fabian Keil <fk at fabiankeil.de>
dns-proxy-tor is a DNS server that stops
DNS leaks with applications that don't support
or aren't configured to use socks4a or Tor's DNS
resolution.
WWW: http://http://p56soo2ibjkx23xo.onion/
PR: ports/99033
Submitted by: Fabian Keil <fk at fabiankeil.de>
to use Crypt::Rijndael where available. This implementation is really
slow, but I am working on it.
WWW: http://search.cpan.org/dist/Crypt-Rijndael_PP/
PR: ports/100262
Submitted by: Gea-Suan Lin <gslin at gslin.org>
- Unbreak vuln.xml format by adding content to the references section.
- Remove vulnerabilities already documented in
40a0185f-ec32-11da-be02-000c6ec775d9.
