- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2012-26
The HSRP dissector could go into an infinite loop. (Bug 7581)
Versions affected: 1.8.0 to 1.8.2.
CVE-2012-5237
o wnpa-sec-2012-27
The PPP dissector could abort. (Bug 7316, bug 7668)
Versions affected: 1.8.0 to 1.8.2.
CVE-2012-5238
o wnpa-sec-2012-28
Martin Wilck discovered an infinite loop in the DRDA
dissector. (Bug 7666)
Versions affected: 1.6.0 to 1.6.10, 1.8.0 to 1.8.2.
CVE-2012-5239
o wnpa-sec-2012-29
Laurent Butti discovered a buffer overflow in the LDP
dissector. (Bug 7567)
Versions affected: 1.8.0 to 1.8.2.
CVE-2012-5240
The following bugs have been fixed:
o The HTTP dissector does not reassemble headers when the first
TCP segment does not contain a full header line.
o HDCP2 uses the wrong protocol id.
o Several I/O graph problems have been fixed.
o No markers show up when maps are displayed. (Bug 5016)
o Assertion when using tshark/wireshark on large captures. (Bug
5699)
o Volume label field of "SMB/TRANS2-QUERY_FS_INFO/InfoVolume
level" reply packet is not displayed correctly due alignment
issue. (Bug 5778)
o 64-bit Wireshark appears to hit 2-Gbyte memory limit on 64-bit
Windows. (Bug 5979)
o Truncated/partial JPEG files are not dissected. (Bug 6230)
o Support for MPLS Packet Loss and Delay Measurement, RFC 6374.
(Bug 6881)
o Memory leak in voip_calls.c. (Bug 7320)
o When listing protocols available for "Decode As", plugins are
sorted after built-ins. (Bug 7348)
o Hidden columns should not be printed when printing packet
summary line. (Bug 7356)
o Size wrong in "File Set List" for just-finished captures. (Bug
7370)
o Error: no dependency information found for
debian/wireshark-common/usr/lib/wireshark/libwsutil.so.2 (used
by debian/wireshark/usr/bin/wireshark). (Bug 7408)
o Parse and properly display LTE RADIUS AVP
3GPP-User-Location-Info. (Bug 7474)
o [PATCH] HomeplugAV dissector: decode device id. (Bug 7548)
o BACnet GetEnrollmentSummary-ACK does not decode correctly.
(Bug 7556)
o epan/dissectors/packet-per.c
dissect_per_constrained_integer_64b fails for 64 bits. (Bug
7624)
o New SCTP PPID 48. (Bug 7635)
o dissector of Qos attribute "Reliability Class" in GMM/SM
message. (Bug 7670)
o Performance regression in tshark -z io,stat. (Bug 7674)
o Incorrect io-stat table format when unsupported "-t" operand
is specified and when using AVG of relative_time fields. (Bug
7685)
o IEEE 802.11 TKIP dissection : wrong IS_TKIP macro. (Bug 7691)
o Homeplug AV dissectors does not properly dissect short frames.
(Bug 7707)
o mm_context_nas_dl_cnt and mm_context_nas_ul_cnt are not
dissected properly in ContextResponse message in Gtpv2. (Bug
7718)
o This trace causes Wireshark to crash when VoIP Calls selected.
(Bug 7724)
o Some diameter Gx enumerations are missing values or value is
incorrect. (Bug 7727)
o Wireshark 1.8.2 is only displaying 2 filters from the
drop-down menu even when preferences are set to higher
integer. (Bug 7731)
o BGP bad decoding for Graceful Restart Capability with only
helper support & for Enhanced Route Refresh Capability. (Bug
7734)
o Dissection error of D-RELEASE and D-CONNECT in TETRA
dissector. (Bug 7736)
o DND can cause Wireshark to crash. (Bug 7744)
o SCSI: WRITE BUFFER fields always display as zero. (Bug 7753)
- Updated Protocol Support
ASN.1 PER, BACnet, BGP, DIAMETER, DRDA, DVB CI, DVB, GSM
Management, GTP, GTPv2, HDCP2, HomePlug AV, ICMP, ICMPv6, IEEE
802.11, IEEE 802a, Interlink, JPEG, LDP, LPP, MPEG, MPLS, PCAP,
PPP, RANAP, RRC, RRLP, SCCP, SCSI, SCTP, SDP, SMB, TETRA
Changelog:
aria2 1.15.2
============
Release Note
------------
This release fixes several critical bugs. It also adds new features
such as TLS SNI and CORS support. The --file--allocation option now
take another value trunc. The new option --enalbe-mmap was added.
aria2 now uses system-wide SSL/TLS certificates by default, which
eliminates the requirement to specify --ca-certificate option.
Changes
-------
* Catch exception from Socket::getPeerInfo() when pooling connection.
Socket::getPeerInfo() may fail if its TCP connection has already
disconnected. In this case, we log this error. The success or
failure of pooling connection should not affect the later execution
of the program. This bug may cause segmentation fault if
Socket::getPeerInfo() throws exception during pooling connection
after successful tracker request.
* Fixed assertion error if --retry-wait is used. In
CreateRequestCommand, if Request object returned from getRequest()
is still sleeping, CreateRequestCommand pools it back but still
holds its reference. This makes assertion error in
UnknownLengthPieceStroage::hasMissingUnusedPiece() from
AbstractCommand::execute().
* Added new file allocation method called 'trunc'. --file-allocation
option can now take new value 'trunc'. 'trunc' uses ftruncate()
system call or platform-specific counterpart to truncate a file to a
specified length.
* Use int64_t instead of off_t. Using off_t, at least, in DiskAdaptor
layer is problematic because torrent can contain under 2GiB files
but total sum of those files may exceed 2GiB limit, which makes
off_t overflow in 32 bit system without large file support. So we
use int64_t in API. We'll check the file length before download so
that it does not exceed max off_t.
* Added TLS SNI support.
* Rewritten timegm replacement function. The algorithm is based on
Python 2.7 calendar.timegm.
* Use system-wide certificates for SSL. Use system-wide certificates
for SSL. For GnuTLS it requires the latest version, 3.0.20. OpenSSL
had it for longer. This means that if SSL library is properly
configured to locate system-wide certificates store, the user don't
have to use --ca-certificate option. Also packagers don't have to
use --with-ca-bundle configure option. Patch from Cristian Morales
Vega
* Fixed base64::decode() return "" if input ends with garbage and no
padding.
* Changed default Peer ID prefix. The new Peer ID prefix is
"A2-$MAJOR-$MINOR-$MICRO-", where $MAJOR, $MINOR and $MICRO are the
major version, the minor version and the micro version
respectively. For instance, 1.15.2 release of aria2 will use
"A2-1-15-2-".
* Don't percent-decode filename value in Content-Disposition. We only
percent-decode filename* value in Content-Disposition because the
encoding is fully specified. But since filename value is not, so we
just accept it as is.
* Don't sum in-flight piece which does not intersect filtered ranges.
When calculating completed length, don't sum the completed length of
piece which does not intersect filtered ranges.
* Fixed segmentation fault when logger failed to open log file.
* Added ARIA2_STATIC precious variable to configure option. To build
statically linked aria2 binary, give ARIA2_STATIC=yes to configure,
like this:
$ ./configure ARIA2_STATIC=yes
* Use PRId64 for int64_t format specifier
* Handle the case when MINGW32 vsnprintf returns -1. MINGW32 vsnprintf
returns -1 if output is truncated. Increased buffer for vsnprintf
in WinConsoleFile and fmt.
* Added --enable-mmap option. If this option is used, map files into
memory using mmap(2). This option is experimental.
* Added CORS preflight request support in RPC interface. This change
is based on the patch from binux.
Does not fix the build, but advances it; now it's having some kind
of bizarre problem with <sys/queue.h>.
While here, add three small patches to silence a large pile of const
warnings that made it impossible to see anything else that was going
on.
* use intmax_t instead of long long
* Don't limit the size of the environment
* Don't leak a directory file descriptor
* ansify
* dynamically allocate EARGS
* use getaddrinfo
2.9.1 - 01/27/2012
------------------
- Applied patch to allow packets arriving with a future time stamp
(Daniel Wittenberg)
- Updated server (nsca) to allow packets with older, smaller packet size
(Eric Stanley)
2.9 - 11/04/2011
----------------
- Add config directive to submit directly to checkresults directory
(Mike Lindsey)
- Support multi-line check output with 4000 character limit (Mike Lindsey)
2.8 - ??/??/????
----------------
- Added --with-log-facility option to control syslog logging (Ryan Ordway
and Brian Seklecki)
- Fixed bug where daemon would segfault if mcrypt library was not
initialized be fore timeout (Holger Weiss)
- Fixed bug with switching from dump file to command file when running
under sin gle mode (Ton Voon)
- Fix for small memory leak with running as a single process daemon (Daniel)
Bugfixes:
* Bugfix #461 (VU#517036 CVE-2012-2979): NSD denial of service vulnerability
from DNS packet when using --enable-zone-stats.
* Bugfix #460: man page correction - identity.
* Fix for nsd-patch segfault if zone has been removed from nsd.conf
"The Nmap Project is pleased to announce the immediate, free availability
of the Nmap Security Scanner version 6.00 from http://nmap.org/.
It is the product of almost three years of work, 3,924 code commits,
and more than a dozen point releases since the big Nmap 5 release in July
2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts,
better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade."
Here is a condensed Changelog:
Nmap 6.01 [2012-06-13]
o [Zenmap] Fixed a hang that would occur on Mac OS X 10.7.
o [Zenmap] Fixed a crash that happened when activating the host filter.
o Fixed a bug that caused Nmap to fail to find any network interface when
at least one of them is in the monitor mode.
http://seclists.org/nmap-dev/2012/q2/449http://seclists.org/nmap-dev/2012/q2/478
o Fixed the greppable output of hosts that time-out.
Nmap 6.00 [2012-05-21]
o Most important release since Nmap 5.00 in July 2009! For a list of
the most significant improvements and new features, see the
announcement at: http://nmap.org/6
o Some XML output improvements...
o Lots of NSE scripts added and updated...
o Fixed the routing table loop on OS X so that on-link routes appear.
o Upgraded included libpcap to version 1.2.1.
o Fixed a compilation problem on Solaris 9 caused by a missing
definition of IPV6_V6ONLY.
o Setting --min-parallelism by itself no longer forces the maximum
parallelism to the same value.
o [Zenmap] Fixed a crash that would happen in the profile editor when
the script.db file doesn't exist.
o [Zenmap] It is now possible to compare scans having the same name or
command line parameters.
o Fixed an error that could occur with ICMPv6 probes and -d4 debugging:
"Unexpected probespec2ascii type encountered"
o Applied a workaround to make pcap captures work better on Solaris 10.
o Fixed a bug that could cause Nsock timers to fire too early.
o Changed the way timeout calculations are made in the IPv6 OS engine.
Nmap 5.61TEST5 [2012-03-09]
o Integrated all of your IPv4 OS fingerprint submissions since June
2011 (about 1,900 of them). Added about 256 new fingerprints (and
deleted some bogus ones), bringing the new total to 3,572.
Additions include Apple iOS 5.01, OpenBSD 4.9 and 5.0, FreeBSD 7.0
through 9.0-PRERELEASE, and a ton of new WAPs, routers, and other
devices. Many existing fingerprints were improved. For more details,
see http://seclists.org/nmap-dev/2012/q1/431
o Integrated all of your service/version detection fingerprints
submitted since November 2010--more than 2,500 of them! Our
signature count increased more than 10% to 7,423 covering 862
protocols. Some amusing and bizarre new services are described at
http://seclists.org/nmap-dev/2012/q1/359
o Integrated your latest IPv6 OS submissions and corrections. We're
still low on IPv6 fingerprints, so please scan any IPv6 systems you
own or administer and submit them to http://nmap.org/submit/. Both
new fingerprints (if Nmap doesn't find a good match) and corrections
(if Nmap guesses wrong) are useful.
o IPv6 OS detection now includes a novelty detection system which
avoids printing a match when an observed fingerprint is too
different from fingerprints seen before. As the OS database is still
small, this helps to avoid making (essentially) wild guesses when
seeing a new operating system.
o Refactored the nsock library to add the nsock-engines system.
o [NSE] Added 43(!) NSE scripts, bringing the total up to 340.
o CPE (Common Platform Enumeration) OS classification is now supported
for IPv6 OS detection.
[...]
Nmap 5.61TEST4 [2012-01-02] -> Nmap 5.61TEST1
[...]
Lots of Bugfixes!
Thanks to jschauma@ for analysing a NetBSD related problem,
and to David Fifield for providing the (upstream) patch.
Choqok is a Free/Open Source micro-blogging client for the K Desktop
Environment. It currently supports Twitter.com, Identi.ca and opendesktop.org
services.
4.058 to 4.062.
pkgsrc changes:
- currect license conditions
upstream changes:
4.062 Wed Jun 6 12:34:48 PDT 2012
documentation updates courtesy of
Ben Bullock <benkasminbullock@gmail.com>
Thank you Ben.
4.061 Tue May 8 16:24:03 PDT 2012
fixed bug in Lite v1.44 that returned
$ip->num() = 2^128 for 0.0.0.0/0
Thanks to Sebastian <debug@test1.org> for spotting it.
4.060 Fri Apr 6 16:00:02 PDT 2012
In Lite.pm v1.43,
fix bug #75976, change in behavior introduced in v4.050
where an empty string supplied to "new" previously returned
'undef' and now returns 'default' for ipV4 or ipV6
4.059 Wed Mar 7 12:50:04 PST 2012
add is_rfc1918 to Lite.pm v1.42
documentation updates
0.715
! #75938 Change to warning / add configuration variable to allow XML tags starting with /xml/i
! #76902 Missing info in "SSL CERTIFICATE AUTHENTICATION" documentation
! #74577 work around/fixes for success with MS WS https/compressed
! #74308 SOAP-Lite fails for operations with period in name
! #73802 client did not set the encoding of the soap-envelope to 'iso-8859-1' in HTTP-request
! #75019 HTTP server doesn't process PIPE signal
! #72836 Processing a SOAP 1.2 request breaks the next SOAP 1.1 response
! #70381 SOAP-Lite performance
! #53375 comments after <?xml .. >
! #63693 Uninitalized value (again)
! #37360 Use of uninitialized variables in SOAP tests
! fixed encoding in xmlrpc keys
! #15176 problems with SOAP::Header ->value
Changes since 4.2.4-P1
! An issue with the use of lease times was found and fixed. Making
certain changes to the end time of an IPv6 lease could cause the
server to abort. Thanks to Glen Eustace of Massey University,
New Zealand for finding this issue.
[ISC-Bugs #30281]
CVE: CVE-2012-3955
