netpgpverify is a standalone program to verify a PGP signature
on a file or document. Both RSA and DSA signatures are supported,
as are binary and document signatures.
netpgpverify is compliant with RFC 4880.
netpgpverify is a small frontend for libnetpgpverify, to allow PGP digital
signatures to be verified from the command line.
signatures.
This library has no pre-requisites other than -lz and -lbz2.
This is libnetpgpverify, a standalone library to verify PGP
signatures.
It uses its own internal MPI/BIGNUM functions, which are a vastly
cut-down version of libtommath. For this reason, utilities and other
libraries can embed PGP signature verification, using a BSD-licensed
library.
- improved user interface (progress bar, seeking, displaying errors)
- additional tool for remote controlling the playback;
- manual pages for both binaries.
Security-fix release. Here's a brief summary of each issue and its resolution:
Issue: Host header poisoning: an attacker could cause Django to generate and display URLs that link to arbitrary domains. This could be used as part of a phishing attack. These releases fix this problem by introducing a new setting, ALLOWED_HOSTS, which specifies a whitelist of domains your site is known to respond to.
Important: by default Django 1.3.6 and 1.4.4 set ALLOWED_HOSTS to allow all hosts. This means that to actually fix the security vulnerability you should define this setting yourself immediately after upgrading.
Issue: Formset denial-of-service: an attacker can abuse Django's tracking of the number of forms in a formset to cause a denial-of-service attack. This has been fixed by adding a default maximum number of forms of 1,000. You can still manually specify a bigger max_num, if you wish, but 1,000 should be enough for anyone.
Issue: XML attacks: Django's serialization framework was vulnerable to attacks via XML entity expansion and external references; this is now fixed. However, if you're parsing arbitrary XML in other parts of your application, we recommend you look into the defusedxml Python packages which remedy this anywhere you parse XML, not just via Django's serialization framework.
Issue: Data leakage via admin history log: Django's admin interface could expose supposedly-hidden information via its history log. This has been fixed.
Let to expand libtool archive (.la) automatically, so no need to mainain X11
file list manually anymore (every OS update may include shlib version change),
if the OS provide .la file (and no need to mind shlib type).
Experimental version released on February 22nd, 2013.
* Issue 36: Changed 'kyua help' to not fail when the configuration file
is bogus. Help should always work.
* Issue 37: Simplified the syntax() calls in configuration and Kyuafile
files to only specify the requested version instead of also the format
name. The format name is implied by the file being loaded, so there
is no use in the caller having to specify it. The version number of
these file formats has been bumped to 2.
* Issue 39: Added per-test-case metadata values to the HTML reports.
* Issue 40: Rewrote the documentation as manual pages and removed the
previous GNU Info document.
* Issue 47: Started using the independent testers in the kyua-testers
package to run the test cases. Kyua does not implement the logic to
invoke test cases any more, which provides for better modularity,
extensibility and robustness.
* Issue 57: Added support to specify arbitrary metadata properties for
test programs right from the Kyuafile. This is to make plain test
programs more versatile, by allowing them to specify any of the
requirements (allowed architectures, required files, etc.) supported
by Kyua.
* Reduced automatic screen line wrapping of messages to the 'help'
command and the output of tables by 'db-exec'. Wrapping any other
messages (specially anything going to stderr) was very annoying
because it prevented natural copy/pasting of text.
* Increased the granularity of the error codes returned by kyua(1) to
denote different error conditions. This avoids the overload of '1' to
indicate both "expected" errors from specific subcommands and
unexpected errors caused by the internals of the code. The manual now
correctly explain how the exit codes behave on a command basis.
* Optimized the database schema to make report generation almost
instantaneous.
* Bumped the database schema to 2. The database now records the
metadata of both test programs and test cases generically, without
knowledge of their interface.
* Added the 'db-migrate' command to provide a mechanism to upgrade a
database with an old schema to the current schema.
* Removed the GDB build-time configuration variable. This is now part
of the kyua-testers package.
* Rewrote the Kyuafile parsing code in C++, which results in a much
simpler implementation. As a side-effect, this gets rid of the
external Lua files required by 'kyua', which in turn make the tool
self-contained.
* Added caching of various configure test results (particularly in those
tests that need to execute a test program) so that cross-compilers can
predefine the results of the tests without having to run the
executables.
Version 0.7.62, 2012-02-22
--------------
+ ARIB STD B24/B37 caption detection (both Japanese and Brazilian versions)
+ LXF: support of AVC, VC-3, MPEG audio, AC-3, Dolby E, and AAC detection and analysis
+ AC-3: support of 22.05 kHz streams (out of specs but they exist)
+ MOV: AIC (Apple Intermediate Codec) scan type detection
+ MOV: support of AVID metadata (interlacement information)
+ Time code dedicated tracks (MOV, MXF, GXF)
+ Time code track (MPEG-4/MOV, GXF, MXF)
+ Time code in SDTI (MXF)
+ Time code in System scheme 1 (MXF)
+ Time code in SMPTE RP 188 (aka SMPTE ST 12-2 aka ATC aka VANC) (GXF, LXF, MXF)
+ Time code in SMPTE RP 196 (aka HANC)
+ MPEG Video Time code
+ MPEG-TS: format_identifier, pointer_field, section_length (hidden by default)
+ CEA-608/708: caption detection duration is increased to 15 seconds (or 64 MB) in order to miss less caption content
+ Image files as a video stream: file name of the last file
x #727, MOV: crash with some malformed files (Time scale set to 0)
x #728, AAC: crash with some malformed streams
x #681, AVI: was not analyzing VBR streams without bit rate info in header
x #736: Division by 0 with 0-byte files
x Id3v2: crash with some malformed tags
x Bit rate display was "0 bps" if the real bit rate is more than 4 Gbps
x Division by 0 in case of 0 byte long file
x MPEG-4: wrong muxing mode information in case of A/53 captions in MPEG Video in MOV
x P2 Clip: wrong uppercase/lowercase in the file name of source files.
x MOV: PCM endianness was sometimes wrong
x MPEG-4: JPEG interlacement was sometimes wrong
x MPEG Video: wrong DAR information in case of DAR change between begin and end of the file
Version 0.7.61, 2012-10-22
--------------
+ MPEG-TS: SCTE 35 and KLV streams are better displayed (in Menu part)
+ MPEG-TS: Menu part contains the list of PID with unknown format
+ MPEG-TS: Menu part lists PID in the PMT order instead of increasing order
+ Display of both container and stream scan type and scan order
+ DV100: scan order
+ MXF: scan order
+ MPEG-TS: Maximum and minimum overal bit rate (only if parse speed is set to 1)
+ MPEG-TS, MPEG-S, MXF, AVI, WM: StreamOrder field added
+ MXF: better support of malformed VANC streams
+ MPEG Video: improved detection of the GOP (more frames are used), "Variable" value
+ MPEG-PS: FirstPacketOrder info added
+ SkipBinaryData option
x #3564456, Matroska: some (other) streams were wrongly detected sa VFR
x #3570092, Id3v2: support of old COM and ULT fields
x CEA-708: crash with some malformed streams
x MPEG-TS: crash when PCR is corrupted (same value at different offsets)
x QuickTIme: wrong channel count report in case of buggy chan atom. Now the stream description has priority over chan atom
x E-AC-3: duration was wrong in some cases
x Matroska: random wrong analysis in case of SimpleBlock mode
x #3574436, MOV: hang on files having buggy "alis" atom
x MPEG-TS: bit rate mode detection was sometimes too much strict about CBR
x DV: wrong detection in case of buggy audio header (if present and set to 0xFF)
x MPEG-4: crash in case of buggy aperture size atom
x MediaInfo_Const.h was missing in the DLL package for Mac
x MPEG-PS: detection of phantom streams
x WAV: detection of malformed >4GB WAV files was no more working
x DTS: computing bit rate from frame size instead of targeted transmission rate
x DTS: setting the bit rate to "unknown" for Master Audio instead of instantaneous bit rate
x DTS: Display of endianess and word size was not coherent
Version 0.7.60, 2012-09-02
--------------
+ MPEG-TS/PS: improved detection of buggy time stamps
+ DPX: color primaries and transfer characteristics
+ MPEG-TS: Added support of scrambled streams without transport_scrambling_control bit set (e.g. PlayReady)
+ MPEG-TS: Name of some scrambling algorithms
+ MPEG-TS: detection of CBR/VBR at container level
+ MPEG Video: better detection of variable GOP
+ MPEG-TS: average, minimum, maximum PCR distance (hidden by default and you must parse the whole file with --ParseSpeed=1 option)
x Matroska: some streams were wrongly detected sa VFR
x #3538378, XML output: invalid characters, now if there is an invalid character, data is transported in base64
x LXF: wrong video bit rate with some files
x AC-3/E-AC-3: hang up with some Little Endian streams
x AAC: wrong min and max bit rate in case of partial (default) parsing, disabling it
x AVC: crash or hang up with some malformed/scrambled streams
x Opus: wrong duration in case of non-48kHz stream
x MOV: 25 fps + drop frame time codes were not handled correctly
Version 0.7.59, 2012-08-08
--------------
+ License: Switched back to LGPLv2+Exceptions
+ #3555183, PCX support, thanks to Lionel Duchateau
+ #3555182, PSD support, thanks to Lionel Duchateau
+ #3555181, Matroska: ALAC detection, thanks to Lionel Duchateau
+ #3540425, OGG/MKV: Opus speech format support, thanks to Lionel Duchateau
+ #3531808, AVI: detecting more inconsistencies in stream durations
+ GXF: crash with Time code tracks without frame rate info
+ MPEG-4: stream order (hidden by default), in order to provide the same numbers as mkvtoolnix 5.2+ Track ID
+ QuickTime: default channel map is "L R" for stereo streams (as it seems to be in QuickTime player)
+ MPEG-4: support of WMA (version 1, version 2, Pro, Lossless) in MPEG-4
+ FLV: handling of metadata with an underscore before the real metadata name
+ MXF: support of files with header missing TrackNumber in the descriptor (if it is present only in footer)
+ MXF: Language from DMS-1
+ ProRes: analysis of the ProRes raw stream (including scan order for interlaced content)
+ colour_primaries, transfer_characteristics, matrix_coefficients: canonicalization of results
+ MPEG-4 Visual: colour_primaries, transfer_characteristics, matrix_coefficients
+ ProRes: colour_primaries, transfer_characteristics, matrix_coefficients
+ GIF: Display Aspect Ratio
x #3533984, different behavior depending of compilation options (so Linux version was missing some info)
x MPEG-4: audio/video delay was wrong in case of negative delay
x CEA-608: Memory leaks removed
x AVC: crash in case of analyzing some invalid SEI
x MPEG Audio: crash with some files having Lyrics 2 tags
x MPEG Audio: crash with some files having APE tags
x AVI: secondary genre comes after primary genres in the "Genre" field
x FLV: better handling of files containing more than 1 meta chunk
x MPEG-TS/MPEG-PS: was aborting during full parsing in the case of very damaged streams
x Vorbis: infinite loop if codebook_entries>=256
x Id3v2: crash with some unsynchronized frames, especially with UTF-16 comments
x Id3v2: Wrong mime type of covers
x MPEG-PS: crash in case of language info in descriptors
x Java binding: crash with MediaInfo::Inform() (Windows 32-bit only)
x MPEG-TS: false-positive in case of some MPEG-4 files with wrong extension
x FLV: crash in some specific cases (malformed files)
x 3548314, MVC: Scan type was wrong with MVC-only (without the underlying AVC stream) stream
x 3553588, MPLS: stream duration was wrong with standalone (without the referenced M2TS) files
x 3553588, MPLS: incoherent behavior with MPLS having more than one PlayListItem
x 3554154, MPEG-TS: crash with some corrupted streams
x MOV: all EIA/CEA-608 captions were not well detected
x Matroska: Trying to better detect VFR streams, frame rate was wrong in case of interlaced content
Version 0.7.58, 2012-05-28
--------------
+ AC-3: Little Endian streams support
+ LXF: AVC streams support
+ ISM: better support
+ File referencing other files (HLS, ISM...): menu in case there is more than 1 stream per referenced file
+ MPEG-TS: option for keeping streams detected at the beginning then disabled in a an update of the PMT (activated by default)
+ MPEG-PS: program_map_section support for uncommon streams embedded in MPEG-PS
x Referenced files (MXF, HLS, MOV, P2, XDCAM...): issues with source name, track order, files size
x MPEG-TS/MPEG-PS: regression, some files with AC-3/DTS/DVD subtitles were not well analyzed anymore
x MPEG-4 channel mapping: Lt and Rt (matrix-encoded) channel mapping were missing
x GXF: handling of buggy files having non-PCM AES3 codec identifier but actually having PCM
x MPEG-4: better support of MPEG-4 files having corrupted metadata atom
x 3529510, EIA/CEA-708: was not detected if the stream was not present at the beginning, thanks to Pete Chapman
Version 0.7.57, 2012-05-02
--------------
+ #3513490, Vorbis comment (Flac, Ogg): more tags are supported
+ XML-based formats (P2, XDCAM, DCP, ISM, HLS...): support of UTF-16 encoding
+ MPEG-4: for buggy PCM, prioritizing the codec ID "in24" = 24-bit against the bit depth field
x #3516900, Vorbis comment (Flac, Ogg): trying to do better mapping of PERFORMER and ARTIST tags
x MXF: wrong video frame count in some cases
x #3517374, GCC 4.7: compilation issues removal, thanks to SpepS
x MPEG-PS: some files were not well demuxed so analysis was sometimes wrong (especially macroblock parsing)
Version 0.7.56, 2012-04-08
--------------
+ Better support of machines lacking of std::stringstream
+ Better support of machines requesting explicit stdc++ library link option (e.g. some ARM embedded devices)
x #3515515, MPEG-4: crash with MPEG-4 container + H264/AVC video stream
x #3515393, MPEG Audio: infinite loop (freeze) with some files
x #3514677, Video: Well known 1.85:1 display aspect ratio was incorrectly displayed as 16:9
x #3513908, File interface: No output if filename contain a colon
x #3515893, MPEG-4: some specific files were not detected
x AVI: infinite loop (freeze) with some files (having index containing 0-sized chunk)
x AVC: memory leaks
x libcurl support: libcurl config from MediaInfo is compatible with libcurl+gnutls
x #3515857, CLI only: --LogFile carriage return format was not the one of the OS
Version 0.7.55, 2012-04-05
--------------
+ AC-3: support of little endian streams
+ LXF: support of format version 0
+ HLS: support of .m3u8 index and sequence referencing a bunch of MPEG-TS files
+ MPEG-4: Added support of glbl atom and corresponding 4CC (ai12, ai15, ai1q, ai5q)
+ MPEG-4: Added detection of files with mx5p files wrongly filled with raw MPEG Video instead of MXF
+ MPEG-TS: Detection of 20-bit Dolby E even if the SMPTE 302 M header is set to 24-bit
x #3513490, Id3v2: mapping of "Encoded by" and "Encoding library" is conform to the specs now
x MXF: hang up with some clip-wrapped files
x MPEG-4: AVC-100 bit rate was not coherent depending of the container (MPEG-4 or MXF)
x reVTMD output is disabled due to its non-free (point of view of FSF and DFSG) licensing.
Version 0.7.54, 2012-03-13
--------------
+ #3480111, Matroska: parsing of WebM-style frame rate info
+ #3499859, ALAC: parsing of the alac atom, for real bit depth / sample rate
+ #3487601, DV: fields order (TFF/BFF)
+ MPEG-4: more video 4CCs binded to MPEG Video
+ H.263: raw stream parsing (width, height, aspect ratio), comparison with container data
+ Speed improvements
+ MPEG-PS: supporting parsing of some non-conform files
+ Full support of CEA-608 (separation of CC1-CC4, T1-T4)
+ #3494722, MPEG-4: trying to detect wrong duration in track header
+ MPEG-4 with embedded MXF track (XDCAM...): separation of video bitrate and padding bitrate
+ Compound streams (e.g. DV): separation of video bitrate and audio bitrate
+ Blu-ray: LPCM mono real bit rate is separated from the encoded (stereo) bit rate
+ Support of https, sftp scp protocols (custom builds only)
+ AVI: vprp (OpenDML) display aspect ratio support
x #3480111, Matroska: some frame rates are incorrect in the file, trying to detect this kind of malformed file
x #3479494, AVC: segmentation fault
x #3440638, AAC: wrong detection for some malformed AAC streams
x #3440638, MPEG-4: wrong analysis of some files having track header after media information
x #3480111, MXF: Height was wrong for MXF with FrameLayout = Mixed fields
x #3468235, Blu-ray: displaying PGS in all cases (even if PES is not detected, they are too much rare)
x #3498846, MPEG-4: delay between audio and video was no more detected
x #3495573, MPEG-4: crash with some files having fragments
x MPEG-4: channel position in case of channel atom is configured with ChannelBitmap
x MPEG-TS: crash with some buggy files (a PID indicated as PSI and PES at the same time)
x AES3: not detecting Dolby E stream if there is guard band before the Dolby E frame, in MPEG-TS
x DPX: some files with some invalid fields were not detected
x DTVCC Captions: crash with some buggy streams
Version 0.7.53, 2012-01-24
--------------
+ DV: option for ignoring transmitting flags (TF1/TF2/TF3) (DLL and CLI only)
+ Matroska: ProRes detection
+ MPEG-4: official DTS CodecIDs (dtsc/dtsh/dtsl/dtse) support, thanks to Lionel Duchateau
+ Matroska: stream order (hidden by default), in order to provide the same numbers as mkvtoolnix 5.2+ Track ID
+ #3471516, BLu-ray: wrong channel count for mono/3-channel/5-channel/7-channel PCM streams
+ AVI: ISMP (SMPTE Time code), Tdat tc_o/tc_a (Adobe Premier time code) support
+ reVTMD output
+ --Output is synonym of --Inform option
x QuickTime: crash and sometimes wrong info with some files having compressed header
x MPEG-4: commercial format typo error (EX422 instead of HD422)
x MXF: handling wrong MXF header having frame height instead of field height
x #3471053, Tags: Id3v1 tag was used instead of Id3v2 if the file is short
x #3463117, MPEG-TS: crash if Conditioal Access PID is same as the PES
x Custom output: better handling of cases with special character strings (\n...) in the file content
x #3440664: Audio only AVI file is missing duration
x #3453476: detection so incorrect duration information in tkhd atom
x Detailled XML output was producing duplicate xml-tags
Version 0.7.52, 2011-12-19
--------------
+ MXF with referenced files: if the referenced file is not available, trying to open local files
+ MPEG Video: GOP size for I-Frame only streams
+ MXF: support of CEA-608 in ancillary data for some other formats than MPEG Video, if there is no B-frame
+ LXF: support of SMPTE ST291/CDP/CEA-608/CEA-708 in ancillary data
+ WAV: better handling of files not having word alignment
x DV: crash (division by zero) in some cases
x DV: DVCPRO HD was sometimes not detected (low bitrate)
x MXF: Crash if AFD field has an invalid value
x MXF: Wrong endianess for some big endian PCM streams
x MXF: some MXF referencing files have wrong duration
x MXF: duration was wrong with some specific files
x DVD-Video: detection of 20-bit and 24-bit PCM
x XML output: it was sometimes containing some invalid characters
x MPEG-4: considering default char set as ISO-8859-1
x MXF: better handling of referencing files having the same ID for all tracks
x MXF: Handling of MXF files with wrong FooterPartition field
x MXF: Some captions (not starting at the beginning of the file) were not detected
x WAV: duration was missing is some cases
x RMP3 support was broken
Collection.
nginx (pronounced "engine X") is a lightweight web (HTTP) server/reverse proxy
and mail (IMAP/POP3) proxy written by Igor Sysoev.
nginx has been running for more than three years on many heavily loaded Russian
sites including Rambler (RamblerMedia.com). In March 2007 about 20% of all
Russian virtual hosts were served or proxied by nginx. According to Google
Online Security Blog nginx serves or proxies about 4% of all Internet virtual
hosts, although Netcraft shows much less percent.
The sources are licensed under a BSD-like license.
Security problem of CVE-2013-0269 was already handled but REXML security
problem is fixed by this package.
Now Ruby 1.9.3-p392 is released. I apologize for updating too frequently.
This release includes security fixes about bundled JSON and REXML.
* Denial of Service and Unsafe Object Creation Vulnerability in JSON
(CVE-2013-0269)
* Entity expansion DoS vulnerability in REXML (XML bomb)
And some small bugfixes are also included.
