Allow any number of retries, instead of only up to 3.
Add ruser option, to authenticate as PAM_RUSER instead of PAM_USER,
to allow applications such as 'su' to authenticate as the real user.
Patch from David Mitchell.
Add 'localifdown' option.
The issues were reported in Go's net/http package. They affect programs using
that package to proxy HTTP requests. We recommend that all users upgrade to Go
1.5, which fixes these issues. For users unable to upgrade to Go 1.5, we have
released version 1.4.3, which is based on Go 1.4.2 plus fixes for these issues.
Affected Go programs—those that use the net/http package as a proxy server—must
be recompiled with Go 1.5 or Go 1.4.3 to receive the fixes.
The CVE issue descriptions and fixes are linked below.
CVE-2015-5739
"Content Length" treated as valid header:
https://go-review.googlesource.com/#/c/11772/
CVE-2015-5740
Double content-length headers does not return 400 error:
https://go-review.googlesource.com/#/c/11810/
CVE-2015-5741
Additional hardening, not sending Content-Length w/Transfer-Encoding,
Closing connections:
https://go-review.googlesource.com/#/c/11810/https://go-review.googlesource.com/#/c/12865/https://go-review.googlesource.com/#/c/13148/
The Go team would like to thank Jed Denlea and Régis Leroy for their
contributions to this release. They have been awarded 1337 USD under the Google
Security Bounty program.
http://www.sympa.org/distribution/latest-stable/NEWS
for complete list.
Main changes are:
Tracking feature
The tracking feature is a way to request DSN or DSN + MDN when sending
a message to each subscribers. In that case, Sympa (bounced.pl) collect both
DSN and MDN and store them in a new table "notification_table".
Then, for each message, the list owner can display which subscribers has
displayed, received or not received the message. This can be used for some
important lists where list owner need to collect the proof of reception or
display of each message. This page is accessible via archive
Spools back to filesystem
Because of stability and scalability issues, spool for bulk sending no
longer depend on database tables: It is based on filesystem.
Stats
Now Sympa stores data whenever one of the following event occurs:
a message is sent to a list;
a user subscribed to a list;
a user unsubscribed from a list;
a user is added to a list by another user;
a user is removed from a list by another user;
a user is removed from a list by the automatic bounce management;
a file is uploaded to the shared directory;
a file is deleted from the shared;
a message to a list is rejected in moderation;
a user logs in to the web interface;
a user logs out;
a list is created;
a list is deleted;
a list is restored;
a human user (not a harvester) hits a page.
These data are regularly aggregated by the task_manager.
The aggregated data are available to users, owners and listmaster in
their respective interfaces.
Web interface
The most visible is probably the new web interface skin.
It is nicer, simpler, responsive and retains all the customization
capabilities that make Sympa adaptable to your needs.
Exclusion table was just a display of the users excluded. This page is now
a form, similar to the review page, which allows to restore users subscriptions.
Added "Add subscriber" button to modindex page if the sender is not subscribed.
It may be useful because users need not know about SUB command and sympa
command address. The buttons appear only when Web user is the list owner.
The "Customizing" link was moved from main list admin to list config sub
section as list related text files are in a way list configuration parameters
as well.
Better password validation. When the user requests change of password via
WWSympa or SympaSOAP, new password may be checked its strength.
New parameter password_validation may be used to customize policy of password
validation. See help text of the parameter for more details.
Web services
Full VOOT 2.0 protocol support. VOOT is an opensocial subset to manage group
membership. full details on this IETF draft here: http://openvoot.org.
This feature enables Sympa to be both group provider and consumer in the VOOT
protocol.
The soap server now exposes full review with owners, editors and gecos to list masters and list owners.
Plug, plug, plug...
We added or improved several ways to plug new functionnalities in Sympa.
Template plugins
This feature allows to package code to be used in templates. It enables
foreign data integration in Sympa's UI and emails, user specific
UI enhancement and much more! Integrating user targeted data retreived through
a call to a webservice becomes possible in a simple way, automatically adding
info from a database to outgoing emails as well !
Further details here : https://www.sympa.org/manual/templates_plugins
Enhanced custom actions functionality
Custom actions are used to run specific code and/or display user defined
templates. They can be executed in list or global context (it is up to you
to decide what to do in both cases). Previously, a custom action was a
simple TT2 template added to the web interface. It could only display data,
not process them. They were improved to allow greater expressiveness.
You can now develop a perl module to process the data passed to your
custom action.
Warning: AFTER UPGRADING TO 6.2, ANY PRE-EXISTING CUSTOM ACTION MUST BE
MOVED TO THE RELEVANT CUSTOM_ACTION DIRECTORY TO KEEP WORKING.
Mail hooks
Sympa::Message::Plugin provides hook mechanism to intervene in processing by
Sympa. Each hook may modify messages or may break ordinary processing.
This functionnality is quite new and still experimental. Please read the
perldoc of Sympa::Message::Plugin for more details about how to create and enable hooks in message handling.
Custom attributes provisionning
Custom attributes can now be provisionned using external data sources,
the same way as email addresses. For now, only SQL or LDAP datasources are
supported. To use this feature, you need first to define the custom attributes
as previously. This attribute must have the same name as the fields used in
your queries.
Synchronization disabling
In several organizations, nightly maintenances make the datasources
unavailable during some period of times. a new sub-parameter in data sources
definition allow to prevent Sympa from trying to synchronize list members
with these sources during a defined time range.
A recurrent question regarding list inclusion was to be able to extract not the whole list, but only a subset. It is now possible.
include_list parameter value can now look like this:
<listname> filter <filter_condition>
ODBC is now supported for email data sources.
sql, ldap and ldap2 user inclusions now handles gecos. It uses 2nd returned
column for sql and 2nd given attribute for ldap (comma separated).
Now "host" parameter of the LDAP datasource in list config may include URLs
(ldap, ldaps and ldapi) along with hostnames. So "port" and "use_ssl"
parameters
Scenarios
Now CustomCondition can set the action to take (do_it, reject ...) by
setting $_, this allows for complex, single-module CustomConditions.
"[msg_header#field][index]" returns the value of particular field.
Index may be negative. - "[msg_header#field]" still returns list of field
values, additionally, ordering will be preserved. Fixes:
Conditions is_listmaster, is_owner, is_editor and is_subscriber can
handle multiple values.
They also parse arguments as header field values to get address parts.
New parameters
New list parameter: 'member_include'. This parameters allows to defined
.incl files to include list members, the same way it is done for list admins.
This grants extended flexibility in datasources, allowing list owners to tweak
their own data sources without accessing to the actual details of the query
made to gather email addresses.
New sympa.conf config parameter "sender_headers" to specify header fields by
which message sender is detected. This is a enhancement to
S. Shipway's improvement.
RFC: What is the reasonable default for this parameter?
Behavior of one time ticket lock-out is configurable.
Two new robot parameters were introduced:
one_time_ticket_lockout:
"one_time" won't allow access again. This is previous behavior.
"remote_addr" will lock the ticket on remote address accessed at first time.
"open" will never lock-out tickets.
one_time_ticket_lifetime: Duration before ticket expires. Default is "2d", previous hardcoded value.
Changes of list config parameters on archiving. New parameter
"process_archive" controls archiving. The default is "off":
To enable archiving, it must be set to "on" explicitly. OTOH even if
archiving is disabled by setting it "off", past archives will be kept
and accessible according to access settings.
Config files
wwsympa.conf will no longer be used: it would be migrated to sympa.conf.
Alias management uniformization
Now alias maintenance utilities other than newaliases may be used without
special configure options nor patch to alias_manager.pl. Changes:
aliaswrapper and virtualwrapper were deprecated and replaced with sympa_newaliases-wrapper.
New alias management program sympa_newaliases.pl which will typically be
called by alias_manager.pl via sympa_newaliases-wrapper.
New site configuration parameters aliases_db_type and aliases_program will
control behaviour of alias database maintenance.
openssl dependency dropped
openssl(1) utility is no longer required. Instead, a few CPAN modules are required to use S/MIME or SSL features:
Crypt::SMIME
Crypt::OpenSSL::X509
The parameter "openssl" in sympa.conf was obsoleted. Note that p12topem.pl still needs openssl: To make it work, PATH environment variable should be set appropriately.
Internationalization
i18n titles in configuration.
List families scenari
Now you can define a "scenari" directory in the lists family directory.
These scenarii will be available for lists instantiated from this family.
List families addistional files
Until now, only the config.tt2 file was parsed when the family was
instantiated, thus producing the lists' config file. As a lot of other files
can be used to configure a list (footer, header, etc.), we added the
possibility to instantiate these files as well. The list of files parsed
(in addition to config.tt2) when instantiating a family are defined in
a new (sympa.conf and robot.conf) parameter called 'parsed_family_files'.
This parameter must contain a comma-separated list of file names.
If these files exist, with the '.tt2' extension added to their name,
in a family, they will be parsed and added to the list directory.
The default value of the parameter is: 'message.footer,message.header,message.footer.mime,message.header.mime,info'.
These files are updated in existing lists when a family is instantiated.
note that it will overwrite any other customization.
On the web automatic lists
Administration
Widely extended logs when the log_module parameter is activated with the
value 'scenario': all scenario results are evaluated. Remember that extended
logs can be limited by the IP or the email of the user, using the
'log_condition' parameter. log_module and log_condition are now declared in
sympa.conf instead of wwsympa.conf. Remember these parameters syntax:
log_module: can take the value "scenario" - only.
log condition: takes a character string as value. The form is
"ip=<an.ip>,email=<an_email>". You can put ip alone, email alone or both,
with the comma-separated form.
Listmaster notifications can now be grouped. If, for a specific robot,
several notifications are issued within a short period of time with the
same operation code only the first ones are sent, the next ones are stacked.
The stacking ends when no notifications are issued anymore, or when the first
one is too old. All the stacked notifications are then sent as attachments of
a single message. Internal settings : Stack if more than 3 notifications with
the same operation code are issued for the same robot - Send stacked
notifications if no new one satisfying the condition above was received for
more than 30 seconds - Send stacked notifications if the oldest one was issued
more than 60 seconds ago
sympa.pl -health_check checks config files, database connection and structure,
and data structure version.
Daemons such as sympa.pl no longer check database structure nor data version.
File extension of lock files are changed from ".lock" to ".LOCK", because lowercase name can conflict with domain part in the future.
At least on OS X with clang, pkgin fails to build because of extra
parens around ==. See https://github.com/NetBSDfr/pkgin/issues/64
for details.
This seems to be a new issue with something in the pkgsrc build
environment (bsd makefiles or compat libs), not in pkgin proper, but
pkgin's use of bsd makefiles leads to Werror.
pkgsrc changes:
o Unify Makefile.common in Makefile: newer webkit-gtk releases could not be
split in a -gtk3 version, no more need for a Makefile.common (no functional
changes intended).
o Get rid of obsolete options (no functional changes intended)
o Bump GCC_REQD to 4.9 (gcc>=4.9 is required for IndexedDB support, #145211)
o For the moment disable two new options: Geolocation support (needs
geography/geoclue) and Hyphenation support (needs libhyphen, not available at
the moment in pkgsrc).
Changes:
=================
WebKitGTK+ 2.10.0
=================
What's new in WebKitGTK+ 2.10.0?
- Disable ACCELERATED_2D_CANVAS by default.
- Fix a crash in debug build due to an invalid assert.
- Do not try to use the primary clipboard in Wayland.
=================
WebKitGTK+ 2.9.92
=================
What's new in WebKitGTK+ 2.9.92?
- Data URLs are now decoded in the Web Process instead of the Network Process.
- Fix Web Process crash recovery.
- Fix a crash when sqlite3_initialize() is called from multiple threads.
- Fix the volume bar in media controls.
- Fix JavaScriptCore build with GCC 5.
- Fix the build when accelerated 2D canvas is enabled but cairo was built without GLX.
- Fix everal memory leaks.
- Translation updates: Bulgarian, Gujarati, Polish, Slovenian, Spanish, Tamil, Turkish.
=================
WebKitGTK+ 2.9.91
=================
What's new in WebKitGTK+ 2.9.91?
- Fix performance regression introduced in previous release when scaling images.
- Fix runtime critical warning when there are missing media plugins.
- Fix the build on systems with GTK+ compiled with an old version of wayland.
=================
WebKitGTK+ 2.9.90
=================
What's new in WebKitGTK+ 2.9.90?
- Add API to request permission before showing PackageKit codec installation notifications.
- Fix a crash closing a page when a context menu is open.
- Fix DNS prefetch when using the network process.
- Improve image quality when using newer versions of cairo/pixman.
- Fix a crash when the web view is destroyed while the screensaver DBus proxy is being created.
=================
WebKitGTK+ 2.9.5
=================
What's new in WebKitGTK+ 2.9.5?
- Add API to set the maximum number of web processes per WebKitWebContext.
- Add API to allow executing editing commands that require an argument.
- Prevent clipboard contents from being lost when web process finishes.
- Always allow font matching for strong aliases
- Move GStreamer missing plugins installer to the UI process.
- Fix empty space in popup menus when first item is selected.
- Fix a crash when SoupSession is destroyed in exit handler.
- Disable NPAPI plugins when running on Wayland.
- Translation updates: Swedish.
=================
WebKitGTK+ 2.9.4
=================
What's new in WebKitGTK+ 2.9.4?
- Fix the window size reported when the web view isn't realized yet. This fixes
the layout of some websites when opening new tabs in the browser and anchor links
when opened in new tabs too.
- Add API to be notified about editor state changes.
- Add selection-changed signal to the Web Extensions API.
- Add initial WebKitWebsiteDataManager API for process configuration options.
- Make WebSQL work by using a default quota instead of always failing in openDatabase
with DOM Exception 18.
- Correctly restore accelerated compositing after a WebProcess crash.
- Only enable the input methods filter when there's an editable element focused.
- Fix a crash on memory allocation using bmalloc on 32bit systems.
- Allow to build with X11 and Wayland targets at the same time.
- Fix a crash when spell checker returns no guesses.
- Update and optimize some of the web inspector icons.
- Translation updates: Swedish.
=================
WebKitGTK+ 2.9.3
=================
What's new in WebKitGTK+ 2.9.3?
- Inhibit screen saver when playing full screen video.
- Fix DOCUMENT_VIEWER cache model to actually disable the memory cache.
- Fix a regression that prevented the WebKitWebView::context-menu signal
from being emitted.
- Update web inspector icon so Rendering Frames timeline distinguish between
layout and painting.
- Ensure fragment identifier part of URI is not removed for custom URI scheme
requests.
- Improve performance of keyboard events handling.
- Expose element tag name as an object attribute to accessibility.
- Fix the build with Wayland target enabled.
=================
WebKitGTK+ 2.9.2
=================
What's new in WebKitGTK+ 2.9.2?
- Add IndexedDB support using a dedicated database process.
- Add construct property to WebKitWebContext to set the IndexedDB database directory.
- Add allow-file-access-from-file-urls to WebKitSettings.
- Improve network process disk cache performance by mapping cached resources in the
web process instead of sending the resources data via IPC.
- Prevent WorkQueue objects from being leaked and ensure its worker thread always exits.
- webkit_dom_html_element_get_children() has been deprecated in favor of
webkit_dom_element_get_children() to match the DOM spec.
- ARIA menu items no longer have anonymous block children.
- Map pre element to ATK_ROLE_SECTION instead of ATK_ROLE_PANEL.
- Always include rows in the tree of accessible tables.
- Fix the build with Netscape plugins disabled.
- Fix XPixmaps leaked by GLContext when using EGL on X11.
- Translation updates: Catalan.
=================
WebKitGTK+ 2.9.1
=================
What's new in WebKitGTK+ 2.9.1?
- New disk cache implementation when using the network process.
- Web inspector UI has been redesigned.
- Add support for automatic hyphenation using libhyphen when it's available.
- Fix network redirection to a non HTTP destination.
- always include dri3 support with dri option (can still use dri2)
- always include GLAMOR support with dri option
- enable xtrans file descriptor passing
- require mesa 11
- Bump PKGREVISION
GLAMOR is experimental OpenGL accelerated 2D graphics. It works with
xf86-video-ati and xf86-video-intel but must be explicitly enabled.
Sample configuration:
---8<---
# /usr/pkg/share/X11/xorg.conf.d/20-glamor.conf
Section "Module"
Load "dri2"
Load "glamoregl"
EndSection
Section "Device"
Identifier "radeon" # or intel
Driver "radeon" # or intel
Option "AccelMethod" "glamor"
EndSection
---8<---
Tested on:
- NetBSD 7.0/i386 EeePC 1001PXD with i915 (Pineview)
- NetBSD 7.99.21/amd64 with Radeon HD 5450 (Evergreen/Cedar)
pkgsrc changes:
- make i386 & x86_64 glx-tls dispatch assembly stubs aware of that the
dispatch table pointer may be NULL due to TLS implementation limitations
- work around run time loader issue on NetBSD (#50277)
- TLS dispatch support is now enabled again on NetBSD
- llvm option now requires libLLVM 3.7.0 with AMDGPU target
- build xatracker library on x86, useful for xf86-video-vmware acceleration
- always use shared glapi
- always include dri3 support (it will still use dri2 if dri3 not supported)
New in Mesa 11:
- New hardware support for AMD GCN 1.2 GPUs: Tonga, Iceland, Carrizo, Fiji
- OpenGL 4.1 on radeonsi, nvc0
- OpenGL ES 3.0 on freedreno (a3xx, a4xx)
- GL_AMD_vertex_shader_viewport_index on radeonsi
- GL_ARB_conditional_render_inverted on r600, radeonsi
- GL_ARB_depth_buffer_float on a4xx
- GL_ARB_derivative_control on radeonsi
- GL_ARB_draw_buffers, GL_ARB_draw_buffers_blend on a4xx
- GL_ARB_fragment_layer_viewport on radeonsi
- GL_ARB_framebuffer_no_attachments on i965
- GL_ARB_get_texture_sub_image for all drivers
- GL_ARB_gpu_shader5 on radeonsi
- GL_ARB_gpu_shader_fp64 on llvmpipe, radeonsi
- GL_ARB_shader_image_load_store on i965
- GL_ARB_shader_precision on radeonsi, nvc0
- GL_ARB_shader_image_size on i965
- GL_ARB_shader_stencil_export on llvmpipe
- GL_ARB_shader_subroutine on core profile all drivers
- GL_ARB_tessellation_shader on nvc0, radeonsi
- GL_ARB_transform_feedback2, GL_ARB_transform_feedback_instanced,
GL_EXT_transform_feedback on a3xx, a4xx
- GL_ARB_vertex_attrib_64bit on llvmpipe, radeonsi
- GL_ARB_viewport_array on radeonsi
- GL_EXT_depth_bounds_test on radeonsi, nv30, nv50, nvc0
- GL_EXT_texture_compression_s3tc on freedreno (a3xx)
- GL_NV_read_depth (GLES) on all drivers
- GL_NV_read_depth_stencil (GLES) on all drivers
- GL_NV_read_stencil (GLES) on all drivers
- GL_OES_texture_float on all r300, r600, radeonsi, nv30, nv50, nvc0, softpipe,
llvmpipe
- GL_OES_texture_half_float on all r300, r600, radeonsi, nv30, nv50, nvc0,
softpipe, llvmpipe
- GL_OES_texture_float_linear on all r300, r600, radeonsi, nv30, nv50, nvc0,
softpipe, llvmpipe
- GL_OES_texture_half_float_linear on all r300, r600, radeonsi, nv30, nv50,
nvc0, softpipe, llvmpipe
- GL_EXT_draw_buffers2 on a4xx
- GLX_ARB_create_context_robustness on r600, radeonsi
- EGL_EXT_create_context_robustness on r600, radeonsi
- EGL_KHR_gl_colorspace on r600, radeonsi, nv50, nvc0
- EGL_KHR_gl_texture_3D_image on r600, radeonsi, nv50, nvc0
- EGL 1.5 on r600, radeonsi, nv50, nvc0
Compacted version of upstream's release notes:
The LLVM C API LLVMGetTargetMachineData is deprecated
DataLayout is no longer optional
Comdats are now ortogonal to the linkage
On ELF now supports multiple sections with the same name and comdat
LLVM now lazily loads metadata in some cases
Creating archives with IR files with debug info is now 25X faster
llvm-ar(1) can create archives in the BSD format used by OS X
LLVM received a backend for the extended Berkely Packet Filter instruction set
The BPF target is now available by default
Switch-case lowering was rewritten to avoid generating unbalanced search trees
The debug info IR class hierarchy now inherits from Metadata
Argument-less TargetMachine::getSubtarget has been removed from the tree
Add LICENSE
Upstream changes:
maradns-2.0.13:
This is the stable release of MaraDNS.
Two non-critical buffer overflows from ParseMaraRc fixed. One can never be exploited; the other one can only be exploted by the (usually) root user by writing to the system mararc file.
Deadwood updated to 3.2.09
(2015-09-25)
maradns-2.0.12:
This is the stable release of MaraDNS.
Security fix for improper free() in zoneserver
Deadwood updated to 3.2.08
Zone transfers now work with newer versions of dig
Documentation updates
(2015.08.19)
maradns-2.0.11:
This is the stable release of MaraDNS.
Deadwood updated to 3.2.07
(2015.01.30)
maradns-2.0.10:
This is the stable release of MaraDNS.
Deadwood updated to 3.2.06
Zoneserver now compiles and runs in Cygwin (so Windows users can have DNS-over-TCP support).
(2015.01.24)
maradns-2.0.09:
This is the stable release of MaraDNS.
Deadwood updated to 3.2.05
Startup scripts are now chkconfig-compatible
(2014.02.12)
maradns-2.0.08:
This is the stable release of MaraDNS.
Deadwood updated to 3.2.04
Make DNS packet compression case-insensitive
Attach IPv6 glue to NS and MX records when MaraDNS is compiled for IPv6
Remove warning when MaraDNS is compiled for IPv6
Remove warning when compiling getzone.c
(2014.01.14)
maradns-2.0.07d:
This is the stable release of MaraDNS.
Deadwood updated to 3.2.03d to patch security hole discussed at samiam.org/blog/20131202.html
(2013.12.02)
maradns-2.0.07c:
This is the stable release of MaraDNS.
Seven-line fix to Deadwood to fix resolution problem; more details in blog
(2013.07.20; declared stable 2013.09.20)
maradns-2.0.07b:
This is the stable release of MaraDNS.
One-line fix to Deadwood to fix resolution problem
(2013.04.23; declared stable 2013.06.22)
maradns-2.0.07:
This is the stable release of MaraDNS.
MaraDNS updated for CentOS 6
Deadwood updated to 3.2.03
GPG key updated
Installs and tests pass in new CentOS install
(2013.01.20)
maradns-2.0.06:
This is a stable release of MaraDNS.
Deadwood updated to 3.2.02
(2012.03.11)
Compton is a compositor for X, and a fork of xcompmgr-dana.
Changes from xcompmgr:
OpenGL backend (--backend glx), in addition to the old X Render backend.
Inactive window transparency (-i) / dimming (--inactive-dim).
Titlebar/frame transparency (-e).
Menu transparency (-m, thanks to Dana).
shadows are now enabled for argb windows, e.g. terminals with transparency
removed serverside shadows (and simple compositing) to clean the code,
the only option that remains is clientside shadows
configuration files (see the man page for more details)
colored shadows (--shadow-[red/green/blue])
a new fade system
VSync support (not always working)
Blur of background of transparent windows, window color inversion (bad in
performance)
Some more options...
