Changes since last packaged version (1.5.5):
2008-02-22
- Add icmp type/code decoding
- Add proper icmp v9 decoding
- Fix memory leaks in -e auto expire mode in nfcapd.
- Fix somee potential dead locks with file locking, when expiring
- Fix multicast bug in nfreplay
- Add hostname lookup for IP addresses in filter.
2007-10-15 stable-1.5.6
- Fix odd CISCO behaviour for ICMP type/code in src port.
- Add fast LZO1X-1 compression option (-z) for output file.
- Add lists for port in syntax -> port in [ 135 137 445]
- Add lists for AS syntax -> as in [ 1024 1025 ]
- Bug fix in filter for syntax 'src as and dst as'
PDCurses is a public domain curses library that implements most of
the functions available in X/Open and System V R4 curses. This X11
port allows for recompiling programs using text-mode curses to produce
native X11 applications.
This package was originally created by <bjs> in pkgsrc-wip and with
several modifications by me to update to the latest version of PDCurses
and to be more buildlink-correct.
Based on maintainer update request by PR 37630.
While here, marked as DESTDIR ready.
Bugs that were found and corrected:
* When ipa received a control command from "ipactl -n", then
it did not close opened file descriptor.
* All sections inside rule { startup{}} in ipa.conf were ignored.
* Time events for +D and +W in ipa.conf could be incorrectly
scheduled at 24:00:00.
* Time events for +W in ipa.conf could be incorrectly scheduled
at 00:00:00 of Sunday.
* If SYM_PREFIX is defined and if symbols in modules with
SYM_PREFIX were successfully lookuped, then ipa and ipastat
incorrectly refused to use such modules.
Significant changes associated with GraphicsMagick 1.1.11 (released September 23, 2007)
Bugs Fixed:
o BMP: Support large files.
o DIB: Support large files.
o PNG: Fix depth handling with 16-bit PNG files in the Q8 build.
o SUN: Properly report image depth.
o TIFF: Endian option (-endian) now controls TIFF byte endian order
rather than bit fill order.
o DCM, DIB, XBM, XCF, XWD: Eliminate integer overflow vulnerability
(IDefense 09.19.07).
o HSL colorspace transform: Avoid optimization bug noticed on Opteron
with GCC.
o HWB colorspace transform: Avoid optimization bug noticed on Opteron
with GCC.
o RGBTransformImage()/TransformRGBImage(): Was using HWB colorspace
when HSL was requested.
o Successfully reads files with names like 'file[123]'.
o 'gm display': No longer rely on isatty() to determine if input is
from a pipe (use 'gm display -' to display an image read from a pipe).
Feature Improvements:
o 'identify +ping' forces the pixels to be read (similar to GM 1.2).
o 'gm -version' now indicates if build supports "Large Memory" (i.e. 64-bit).
o TIFF: Use '-define tiff:fill-order={msb2lsb|lsb2msb}' to control
TIFF bit fill order.
Performance Improvements:
o No longer bogs down if a directory contains hundreds of thousands of
files and the filename looks like a wildcard specification.
libXpm will be linked against it, which is not necessary. Instead, just
pass down INTLLIBS in the build environment for use by the [cs]xpm
Makefiles, which are the only programs that use gettext().
Bump the PKGREVISION to 1.
Otherwise, f2c is not added correctly as build dependency, because
the f2c/buildlink3.mk file is included at BUILDLINK_DEPTH "+".
Problem described on tech-pkg, no comments, so I commit this workaround.
Changes with Apache 1.3.41
*) SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason. [Mark Cox]
Changes with Apache 1.3.40 (not released)
*) SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imap: Fix cross-site scripting issue. Reported by JPCERT.
[Joe Orton]
*) SECURITY: CVE-2007-3847 (cve.mitre.org)
mod_proxy: Prevent reading past the end of a buffer when parsing
date-related headers. PR 41144.
With Apache 1.3, the denial of service vulnerability applies only
to the Windows and NetWare platforms.
[Jeff Trawick]
*) More efficient implementation of the CVE-2007-3304 PID table
patch. This fixes issues with excessive memory usage by the
parent process if long-running and with a high number of child
process forks during that timeframe. Also fixes bogus "Bad pid"
errors. [Jim Jagielski, Jeff Trawick]
Changes with Apache 1.3.39
*) SECURITY: CVE-2006-5752 (cve.mitre.org)
mod_status: Fix a possible XSS attack against a site with a public
server-status page and ExtendedStatus enabled, for browsers which
perform charset "detection". Reported by Stefan Esser. [Joe Orton]
*) SECURITY: CVE-2007-3304 (cve.mitre.org)
Ensure that the parent process cannot be forced to kill non-child
processes by checking scoreboard PID data with parent process
privately stored PID data. [Jim Jagielski]
*) mime.types: Many updates to sync with IANA registry and common
unregistered types that the owners refuse to register. Admins
are encouraged to update their installed mime.types file.
pr: 35550, 37798, 39317, 31483 [Roy T. Fielding]
There was no Apache 1.3.38
Redo the check for incomplete packages by annotating which meta data
field are required and count which were found during reading the binary
package. The original approach didn't work as loads from pkgdb are
reduced to the minimal set.
DansGuardian is a web content filtering proxy for Linux, FreeBSD, OpenBSD,
and Solaris. It relies on a proxy server, for all fetching. The preferred
proxy is Squid, however, DansGuardian should work with any proxy server.
"ncurses" option. "wide-curses" now just toggles whether we use
wide or narrow curses, which is a much simpler knob for users.
Bump the PKGREVISION to 2.
"ncurses" option. "wide-curses" now just toggles whether we use
wide or narrow curses, which is a much simpler knob for users.
Bump the PKGREVISION to 1.
Free libarchive's side of the package before closing the file descriptor.
This stops leaking up to 1MB / package when using bzip2 and addresses
PR 38082. Check that at least +COMMENTS, +CONTENTS and +DESC can be
extracted, otherwise skip the entry. This stops pkg_info -X from dumping
core on non-package files.
