pthread.buildlink3.mk into a separate file, pthread.builtin.mk,
that is handled using the usual builtin.mk logic.
(2) If pthread.buildlink3.mk is included by a package Makefile, then
automatically add the necessary compiler and linker flags to
compile and link pthread-enabled/reentrant code. For native
pthreads, this means passing -pthread to the compiler and linker.
For the userland pthread replacement, we pass -D_REENTRANT and
-lpthread instead.
(3) Add PTHREAD_{CFLAGS,LDFLAGS,LIBS} in both CONFIGURE_ENV and MAKE_ENV
when pthread.buildlink3.mk is included so that the configure and
build processes can use these values. Remove these definitions
from bsd.pkg.mk since PTHREAD_* variables are all declared within
pthread.buildlink3.mk.
XXX For now, PTHREAD_LDFLAGS is a superset of PTHREAD_LIBS until
XXX packages that use use PTHREAD_LDFLAGS can be fixed.
options (library options) to be appended automatically to LIBS when
building against <pkg>. LIBS is used by GNU configure scripts to note
the library options that are automatically added to the link command
line.
devel/p5-Module-CoreList in the NetBSD Packages Collection.
The Perl 5 module Module::CoreList provides a manifest of the
modules and their versions included in core Perl for various
releases.
Packages Collection.
The Perl 5 module Module::CoreList provides a manifest of the
modules and their versions included in core Perl for various
releases.
Rather than replacing the LIBTOOL_REQD value, add two BUILD_DEPENDS lines.
That way, the higher numbered BUILD_DEPENDS wins -- allowing the version
in bsd.pkg.mk to be bumped beyond the value in the platform .mk and still
be enforced properly.
2.6.16: Nov 10 2004:
- general hardening and bug fixing crossing all the API based on new
automated regression testing
- build fix: IPv6 build and test on AIX (Dodji Seketeli)
- bug fixes: problem with XML::Libxml reported by Petr Pajas, encoding
conversion functions return values, UTF-8 bug affecting XPath reported by
Markus Bertheau, catalog problem with NULL entries (William Brack)
- documentation: fix to xmllint man page, some API function descritpion
were updated.
- improvements: DTD validation APIs provided at the Python level (Brent
Hendricks)
Changes in version 0.0.8.1 - 2004-10-14
o Bugfixes:
- Fix a seg fault that can be triggered remotely for Tor
clients/servers with an open dirport.
- Fix a rare assert trigger, where routerinfos for entries in
our cpath would expire while we're building the path.
- Fix a bug in OutboundBindAddress so it (hopefully) works.
- Fix a rare seg fault for people running hidden services on
intermittent connections.
- Fix a bug in parsing opt keywords with objects.
- Fix a stale pointer assert bug when a stream detaches and
reattaches.
- Fix a string format vulnerability (probably not exploitable)
in reporting stats locally.
- Fix an assert trigger: sometimes launching circuits can fail
immediately, e.g. because too many circuits have failed recently.
- Fix a compile warning on 64 bit platforms.
Changes in version 0.0.8 - 2004-08-25
o Bugfixes:
- Made our unit tests compile again on OpenBSD 3.5, and tor
itself compile again on OpenBSD on a sparc64.
- We were neglecting milliseconds when logging on win32, so
everything appeared to happen at the beginning of each second.
- Check directory signature _before_ you decide whether you're
you're running an obsolete version and should exit.
- Check directory signature _before_ you parse the running-routers
list to decide who's running.
- Check return value of fclose while writing to disk, so we don't
end up with broken files when servers run out of disk space.
- Port it to SunOS 5.9 / Athena
- Fix two bugs in saving onion keys to disk when rotating, so
hopefully we'll get fewer people using old onion keys.
- Remove our mostly unused -- and broken -- hex_encode()
function. Use base16_encode() instead. (Thanks to Timo Lindfors
for pointing out this bug.)
- Only pick and establish intro points after we've gotten a
directory.
- Fix assert triggers: if the other side returns an address 0.0.0.0,
don't put it into the client dns cache.
- If a begin failed due to exit policy, but we believe the IP
address should have been allowed, switch that router to exitpolicy
reject *:* until we get our next directory.
o Protocol changes:
- 'Extend' relay cell payloads now include the digest of the
intended next hop's identity key. Now we can verify that we're
extending to the right router, and also extend to routers we
hadn't heard of before.
o Features:
- Tor nodes can now act as relays (with an advertised ORPort)
without being manually verified by the dirserver operators.
- Uploaded descriptors of unverified routers are now accepted
by the dirservers, and included in the directory.
- Verified routers are listed by nickname in the running-routers
list; unverified routers are listed as "$<fingerprint>".
- We now use hash-of-identity-key in most places rather than
nickname or addr:port, for improved security/flexibility.
- AllowUnverifiedNodes config option to let circuits choose no-name
routers in entry,middle,exit,introduction,rendezvous positions.
Allow middle and rendezvous positions by default.
- When picking unverified routers, skip those with low uptime and/or
low bandwidth, depending on what properties you care about.
- ClientOnly option for nodes that never want to become servers.
- Directory caching.
- "AuthoritativeDir 1" option for the official dirservers.
- Now other nodes (clients and servers) will cache the latest
directory they've pulled down.
- They can enable their DirPort to serve it to others.
- Clients will pull down a directory from any node with an open
DirPort, and check the signature/timestamp correctly.
- Authoritative dirservers now fetch directories from other
authdirservers, to stay better synced.
- Running-routers list tells who's down also, along with noting
if they're verified (listed by nickname) or unverified (listed
by hash-of-key).
- Allow dirservers to serve running-router list separately.
This isn't used yet.
- You can now fetch $DIRURL/running-routers to get just the
running-routers line, not the whole descriptor list. (But
clients don't use this yet.)
- Clients choose nodes proportional to advertised bandwidth.
- Clients avoid using nodes with low uptime as introduction points.
- Handle servers with dynamic IP addresses: don't just replace
options->Address with the resolved one at startup, and
detect our address right before we make a routerinfo each time.
- 'FascistFirewall' option to pick dirservers and ORs on specific
ports; plus 'FirewallPorts' config option to tell FascistFirewall
which ports are open. (Defaults to 80,443)
- Try other dirservers immediately if the one you try is down. This
should tolerate down dirservers better now.
- ORs connect-on-demand to other ORs
- If you get an extend cell to an OR you're not connected to,
connect, handshake, and forward the create cell.
- The authoritative dirservers stay connected to everybody,
and everybody stays connected to 0.0.7 servers, but otherwise
clients/servers expire unused connections after 5 minutes.
- When servers get a sigint, they delay 30 seconds (refusing new
connections) then exit. A second sigint causes immediate exit.
- File and name management:
- Look for .torrc if no CONFDIR "torrc" is found.
- If no datadir is defined, then choose, make, and secure ~/.tor
as datadir.
- If torrc not found, exitpolicy reject *:*.
- Expands ~/ in filenames to $HOME/ (but doesn't yet expand ~arma).
- If no nickname is defined, derive default from hostname.
- Rename secret key files, e.g. identity.key -> secret_id_key,
to discourage people from mailing their identity key to tor-ops.
- Refuse to build a circuit before the directory has arrived --
it won't work anyway, since you won't know the right onion keys
to use.
- Parse tor version numbers so we can do an is-newer-than check
rather than an is-in-the-list check.
- New socks command 'resolve', to let us shim gethostbyname()
locally.
- A 'tor_resolve' script to access the socks resolve functionality.
- A new socks-extensions.txt doc file to describe our
interpretation and extensions to the socks protocols.
- Add a ContactInfo option, which gets published in descriptor.
- Write tor version at the top of each log file
- New docs in the tarball:
- tor-doc.html.
- Document that you should proxy your SSL traffic too.
- Log a warning if the user uses an unsafe socks variant, so people
are more likely to learn about privoxy or socat.
- Log a warning if you're running an unverified server, to let you
know you might want to get it verified.
- Change the default exit policy to reject the default edonkey,
kazaa, gnutella ports.
- Add replace_file() to util.[ch] to handle win32's rename().
- Publish OR uptime in descriptor (and thus in directory) too.
- Remember used bandwidth (both in and out), and publish 15-minute
snapshots for the past day into our descriptor.
- Be more aggressive about trying to make circuits when the network
has changed (e.g. when you unsuspend your laptop).
- Check for time skew on http headers; report date in response to
"GET /".
- If the entrynode config line has only one node, don't pick it as
an exitnode.
- Add strict{entry|exit}nodes config options. If set to 1, then
we refuse to build circuits that don't include the specified entry
or exit nodes.
- OutboundBindAddress config option, to bind to a specific
IP address for outgoing connect()s.
- End truncated log entries (e.g. directories) with "[truncated]".
security/p5-Module-Signaturein the NetBSD Packages Collection.
The Perl 5 module Module::Signature adds cryptographic authentications
to CPAN distributions, via the special SIGNATURE file.
If you are a module user, all you have to do is to remember running
cpansign -v (or just cpansign) before issuing perl Makefile.PL or
perl Build.PL; that will ensure the distribution has not been
tampered with. For module authors, you'd want to add the SIGNATURE
file to your MANIFEST, then type cpansign -s before making a
distribution. You may also want to consider adding a signature
check as part of your test suite.
Collection.
The Perl 5 module Module::Signature adds cryptographic authentications
to CPAN distributions, via the special SIGNATURE file.
If you are a module user, all you have to do is to remember running
cpansign -v (or just cpansign) before issuing perl Makefile.PL or
perl Build.PL; that will ensure the distribution has not been
tampered with. For module authors, you'd want to add the SIGNATURE
file to your MANIFEST, then type cpansign -s before making a
distribution. You may also want to consider adding a signature
check as part of your test suite.
upstream changes:
[Changes for 0.26 - 9 Nov, 2004]
* svk push -P. [Autrijus]
* Allow checkout, mirrored, and copy anchors to be different
from each other, for the purpose of "push" and "pull"..[Autrijus]
* In incremental smerge, increase the fromrev after each
individual merge. [Autrijus]
* Ignore empty lines for svk:merge parsing.
* Use local time for log output. [Wen-chien Jesse Sung]
* Properties are now being merged.
* Exsting directories are now being merged.
* Allow custom resolver for properties.
* Support svk:merge property auto-merging, when doing smerge.
* Create svn config directory if it doesn't exist.
* Commit to mirrored path was always sending full text
due to an incorrect $cb{mirror} check. This is a regression since
0.23.
* Fix a bug that when committing from a checkout with descendents
being mirrored path, the commit can ruin the mirror state.
* Fix svk merge -l rN:M loading too many logs.
* Fix svk admin to work with non-default depots.
* New: svk ci -N, svk update/checkout --quiet.
* Fix svk cp a directory to checkout and then commit.
* Workaround fsfs/win32 txn_commit bug in close_edit of mirror editor.
[Autrijus]
* Use iter pool for node_history tracing.
* Add trailing /... for vcp source if not exist.
* Use the same auth baton for all ra sessions.
* Hold another reference to merge back editor in addition to
cached_ra, because the callback in merge_back_editor might create
another ra session.
* Ignore signals before calling close_edit, instead of in commit callback.
