Tests don't run through because of
===> Testing for py27-gevent-1.0.2
Traceback (most recent call last):
File "testrunner.py", line 2, in <module>
import six
File "/scratch/net/py-gevent/work/gevent-1.0.2/greentest/six.py", line 2, in <module>
from gevent.hub import PY3
ImportError: No module named gevent.hub
*** Error code 1
Release 1.0.2
-------------
- Fix LifoQueue.peek() to return correct element. PR #456. Patch by Christine Spang.
- Upgrade to libev 4.19
- Remove SSL3 entirely as default TLS protocol
- Import socket on Windows (closes#459)
- Fix C90 syntax error (PR #449)
- Add compatibility with Python 2.7.9's SSL changes. Issue #477.
The changelog only goes as far back as 3.1. Major changes are:
- Mac OS X port
- Provide minimal interface information on BSD
- Fixes for all defects identified by coverity
- Fix accuracy issue on total rate calculation
- Better example config file
- Only initialize curses module if actually used
- Bugfixes
Also saner build system and new source code location (github).
Changelog:
Release 2.0.2 October 22nd 2015
csync_file_stat_s: Save a bit of memory
Shibboleth: Add our base user agent to WebKit
SelectiveSync: Increase folder list timeout to 60
Propagation: Try another sync on 423 Locked (#3387)
Propagation: Make 423 Locked a soft error (#3387)
Propagation: Reset upload blacklist if a chunk succeeds
Application: Fix crash on early shutdown (#3898)
Linux: Don't show settings dialog always when launched twice (#3273, #3771, #3485)
win32 vio: Add the OPEN_REPARSE_POINTS flag to the CreateFileW call. (#3813)
AccountSettings: only expand root elements on single click.
AccountSettings: Do not allow to expand the folder list when disconnected.
Use application SHORT name for the name of the MacOSX pkg file (ownBrander).
FolderMan: Fix for removing a syncing folder (#3843)
ConnectionMethodDialog: Don't be insecure on close (#3863)
Updater: Ensure folders are not removed (#3747)
Folder settings: Ensure path is cleaned (#3811)
Propagator: Simplify sub job finished counting (#3844)
Share dialog: Hide settings dialog before showing (#3783)
UI: Only expand 1 level in folder list (#3585)
UI: Allow folder expanding from button click (#3585)
UI: Expand folder treeview on single click (#3585)
GUI: Change tray menu order (#3657)
GUI: Replace term "sign in" with "Log in" and friends.
SetupPage: Fix crash caused by uninitialized Account object.
Use a themable WebDAV path all over.
Units: Back to the "usual" mix units (JEDEC standard).
csync io: Full UNC path support on Win (#3748)
Tray: Don't use the tray workaround with the KDE theme (#3706, #3765)
ShareDialog: Fix folder display (#3659)
AccountSettings: Restore from legacy only once (#3565)
SSL Certificate Error Dialog: show account name (#3729)
Tray notification: Don't show a message about modified folder (#3613)
PropagateLocalRemove: remove entries from the DB even if there was an error.
Settings UI improvements (eg. #3713, #3721, #3619 and others)
Folder: Do not create the sync folder if it does not exist (#3692)
Shell integration: don't show share menu item for top level folders
Tray: Hide while modifying menus (#3656, #3672)
AddFolder: Improve remote path selection error handling (#3573)
csync_update: Use excluded_traversal() to improve performance (#3638)
csync_excluded: Add fast _traversal() function (#3638)
csync_exclude: Speed up significantly (#3638)
AccountSettings: Adjust quota info design (#3644, #3651)
Adjust buttons on remove folder/account questions (#3654)
Release 2.0.1 September 1st 2015
AccountWizard: fix when the theme specifies an override URL (#3699)
Release 2.0.0 August 25th 2015
Add support for multiple accounts (#3084)
Do not sync down new big folders from server without users consent (#3148)
Integrate Selective Sync into the default UI
OS X: Support native finder integration for 10.10 Yosemite (#2340)
Fix situation where client would not reconnect after timeout (#2321)
Use SI units for the file sizes
Improve progress reporting during sync (better estimations, show all files, show all bandwidth)
Windows: Support paths >255 characters (#57) by using Windows API instead of POSIX API
Windows, OS X: Allow to not sync hidden files (#2086)
OS X: Show file name in UI if file has invalid UTF-8 in file name
Sharing: Make use of Capability API (#3439)
Sharing: Do not allow sharing the root folder (#3495)
Sharing: Show thumbnail
Client Updater: Check for updates periodically, not only once per run (#3044)
Windows: Remove misleading option to remove sync data (#3461)
Windows: Do not provoke AD account locking if password changes (#2186)
Windows: Fix installer when installing unprivileged (#2616, #2568)
Quota: Only refresh from server when UI is shown
SSL Button: Show more information
owncloudcmd: Fix --httpproxy (#3465)
System proxy: Ask user for credentials if needed
Several fixes and performance improvements in the sync engine
Network: Try to use SSL session tickets/identifiers. Check the SSL button to see if they are used.
Bandwidth Throttling: Provide automatic limit setting for downloads (#3084)
Systray: Workaround for issue with Qt 5.5.0 (#3656)
===========================
Bugfixes:
---------
- Do not reload expired zones on 'knotc reload' and server startup
- Fix rare race-condition in event scheduling causing delayed event execution
- Fix skipping of non-authoritative nodes in NSEC proofs
- Fix TC flag setting in RRL slipped answers
- Disable domain name compression for root label
- Log via journald only when running under systemd
- Fix CNAME following when quering for NSEC RR type
- Fix refreshing of DNSSEC signatures for zone keys
- Fix binding an unavailable IPv6 address on Linux (IP_FREEBIND)
- Fix infinite loop in knotc zonestatus and memstats
- Fix memory leak in configuration on server shutdown
- Fix broken dnsproxy module
- Fix DNSSEC KASP timestamps parsing in strict POSIX environment
- fix multi value parsing on big-endian
- Adapt to Nettle 3 API break causing base64 decoding failures on big-endian
Features:
---------
- Add 'keymgr zone key ds' to show key's DS record
- Add 'keymgr tsig generate' to generate TSIG keys
- Add query module scoping to process either all queries or zone queries only
- Add support for file name globbing in config file includes
- Add 'request-edns-option' config option to add custom EDNS0 option into
server initiated queries
Improvements:
-------------
- Send minimal responses (remove NS from Authority section for NOERROR)
- Update persistent timers only on shutdown for better performance
- Allow change of RR TTL over DDNS
- Documentation fixes, updates, and improvements in formatting
- Install yparser and zscanner header files
- Improve lookup of libsystemd build dependencies
- Fix compilation warnings in endian conversion functions on OpenBSD
Knot DNS 2.0.0 (2015-06-26)
===========================
Bugfixes:
---------
- Fix lost NOTIFY message if received during zone transfer
- Disable fast zone parser when compiled in Clang (workaround for Clang bug)
- kdig: Record correct dnstap SocketProtocol when retrying over TCP
- kdig: Hide TSIG section with +noall
- Do not set AA flag for AXFR/IXFR queries
Features:
---------
- DNSSEC: separate library, switch to GnuTLS, new utilities
- DNSSEC: basic KASP support (generate initial keys, ZSK rollover)
- Configuration: New text format in YAML, binary store in LMDB
- Zone parser: Split long TXT/SPF strings into multiple strings
- kdig: Add generic dump style option (+generic)
- Try all master servers in multi-master environment
- Improved remotes and ACLs (multiple addresses, multiple keys)
- Basic support for zone file patterns (%s to substitute zone name)
- Disable zone file synchronization by setting 'zonefile_sync' to '-1'
- knsupdate: Add input prompt in interactive mode and 'quit' command
- knsupdate: Allow TSIG algorithm specification in interactive prompt
Improvements:
-------------
- Zone dump: Do not write class for SOA record (unified with other RR types)
- Zone dump: Do not write master server address into the zone file
- Documentation: Manual pages are included in HTML and PDF
pkgsrc change:
* Remove duplicated HTML documents.
* Install some addtional documents.
Changes are too many to write here, please refer NEWS files and this
release fixes security problems.
October 2015 NTP Security Vulnerability Announcement (Medium)
NTF's NTP Project has been notified of the following 13 low- and
medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on
Wednesday, 21 October 2015:
* Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association
authentication bypass via crypto-NAK (Cisco ASIG)
* Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning
FAIL on some bogus values (IDA)
* Bug 2921 CVE-2015-7854 Password Length Memory Corruption
Vulnerability. (Cisco TALOS)
* Bug 2920 CVE-2015-7853 Invalid length data provided by a custom refclock
driver could cause a buffer overflow. (Cisco TALOS)
* Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption
Vulnerability. (Cisco TALOS)
* Bug 2918 CVE-2015-7851 saveconfig Directory Traversal
Vulnerability. (OpenVMS) (Cisco TALOS)
* Bug 2917 CVE-2015-7850 remote config logfile-keyfile. (Cisco TALOS)
* Bug 2916 CVE-2015-7849 trusted key use-after-free. (Cisco TALOS)
* Bug 2913 CVE-2015-7848 mode 7 loop counter underrun. (Cisco TALOS)
* Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC. (Tenable)
* Bug 2902 : CVE-2015-7703 configuration directives "pidfile" and "driftfile"
should only be allowed locally. (RedHat)
* Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should
validate the origin timestamp field. (Boston University)
* Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey
data packet length checks. (Tenable)
The only generally-exploitable bug in the above list is the crypto-NAK bug,
which has a CVSS2 score of 6.4.
Additionally, three bugs that have already been fixed in ntp-4.2.8 but were
not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all
below 1.8 CVSS score, so we're reporting them here:
* Bug 2382 : Peer precision < -31 gives division by zero
* Bug 1774 : Segfaults if cryptostats enabled when built without OpenSSL
* Bug 1593 : ntpd abort in free() with logconfig syntax error
This is a security release fixing CVE-2015-5230.
Bug fixes:
- Avoid superfluous backend recycling
- Removal of dnsdist from the authoritative server distribution
- Add EDNS unknown version handling and tests EDNS unknown version handling
Improvements:
- Update YaHTTP to v0.1.7
- Make trailing/leading spaces stand out in pdnssec check_zone
- GCC 5.2 support and sync boost.m4 macro with upstream
- Log answer packets only if log-dns-details is enabled
=============
Features:
* Default for ssl-port is port 853, the temporary port assignment for
secure domain name system traffic. If you used to rely on the older default
of port 443, you have to put a clause in unbound.conf for that. The new
value is likely going to be the standardised port number for this traffic.
* ANY responses include DNAME records if present,
as per Evan Hunt's remark in dnsop.
Bug Fixes:
* Fix segfault in the dns64 module in the formaterror error path.
* Fix manpage to suggest using SIGTERM to terminate the server.
* iana portlist update.
Unbound 1.5.5
=============
Features:
* Change default of harden-algo-downgrade to off.
This is lenient for algorithm rollover.
* Added permit-small-holddown config to debug fast 5011 rollover.
* Allow certificate chain files to allow for intermediate certificates.
* Enable ECDHE for servers. Where available, use SSL_CTX_set_ecdh_auto()
for TLS-wrapped server configurations to enable ECDHE. Otherwise,
manually offer curve p256. Client connections should automatically
use ECDHE when available.
* [bugzilla: 699 ] Feature --enable-pie option to that builds PIE binary.
* [bugzilla: 700 ] Feature --enable-relro-now option that enables full
read-only relocation.
* [bugzilla: 702 ] New IPs for for h.root-servers.net.
Bug Fixes:
* [bugzilla: 681 ] Fix setting forwarders with unbound-control forward
implicitly turns on forward-first.
* [bugzilla: 690 ] Fix that reload fails when so-reuseport is yes
after changing num-threads.
* please afl-gcc (llvm) for uninitialised variable warning.
* Fix mktime in unbound-anchor not using UTC.
* Fix 5011 anchor update timer after reload.
* 5011 implementation does not insist on all algorithms,
when harden-algo-downgrade is turned off.
* Document in the manual more text about configuring locally served zones.
* Document that local-zone nodefault matches exactly and transparent can
be used to release a subzone.
* [bugzilla: 694 ] Fix that configure script does not detect LibreSSL 2.2.2
* Fix deadlock for local data add and zone add when unbound-control
list_local_data printout is interrupted.
* [bugzilla: 697 ] Fix get PY_MAJOR_VERSION failure at configure for
python 2.4 to 2.6.
* changed windows setup compression to be more transparent.
* Fix config globbed include chroot treatment, this fixes reload of globs.
* [bugzilla: 705 ] Fix ub_ctx_set_fwd() return value mishandled on windows.
* Fix minor error in unbound.conf.5.in.
* Fix unbound.conf(5) access-control description for precedence and default.
* Fix unbound-control flush that does not succeed in removing data.
* MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution failures.
* iana portlist update.
=========
BUG FIXES:
- Fix#701: Fix that AD=1 set in a BADVERS response.
- Fix typo in zonec.c inside error message.
- Fix#711: Document that debug-mode yes is used for staying
attached to the supervisor console.
- Document verbosity 3 prints more information.
- nsd-checkconf warns for master zones with no zonefile statement.
- Fix start failure when many file descriptors are in use.
- The servfail rcode is not printed with a space in the middle.
- print failed token for config syntax error or parse error.
What's New
Bug Fixes
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-30
Pcapng file parser crash. Discovered by Dario Lombardo and Shannon
Sabens. ([2]Bug 11455) [3]CVE-2015-7830
The following bugs have been fixed:
* Last Address field for IPv6 RPL routing header is interpreted
incorrectly. ([4]Bug 10560)
* Comparing two capture files crashes Wireshark when navigating the
results. ([5]Bug 11098)
* 802.11 frame is not correctly dissected if it contains HT Control.
([6]Bug 11351)
* GVCP bit-fields not updated. ([7]Bug 11442)
* Tshark crash when specifying ssl.keys_list on CLI. ([8]Bug 11443)
* pcapng: SPB capture length is incorrectly truncated if IDB snaplen
= 0. ([9]Bug 11483)
* pcapng: NRB IPv4 address is endian swapped but shouldn't be.
([10]Bug 11484)
* pcapng: NRB with options causes file read failure. ([11]Bug 11485)
* pcapng: ISB without if_drop option is shown as max value. ([12]Bug
11489)
* UNISTIM dissector - Message length not included in offset for
"Select Adjustable Rx Volume". ([13]Bug 11497)
Updated Protocol Support
DIAMETER, GVCP, IEEE 802.11, IPv6, and UNISTIM
* get format_id from video file ext
* check for the offline error page
* treat the offline error as an expected ExtractorError
* Look for sm4:video:embed
* Add _extract_url
* Use _extract_url for mtvservices
- Erlang 18.1 compatibility.
- Prevent EACCESS errors on Windows when queue journal is cleared.
- When multiple authorization backends are used, user tags from all
of them should be preserved.
- Force a (per-queue, not global) GC when a queue pages messages
to disk.
- MQTT Plugin: Queues used by QoS 1 subscriptions are no longer
deleted when the only subscriber disconnects.
- STOMP Plugin: Trailing new line character now can be optional.
- Win32: Use WSAEWOULDBLOCK instead of EWOULDBLOCK on Win32 (win32
clients would fail to connect)
- Lib: if channel_max is 0 use server's channel_max
- Lib: fix build on OpenBSD
Release Note
------------
This release fixes the bug that progress summary is not shown timely.
Changes
-------
* Fix bug that progress summary is not shown timely
OpenConnect v7.06 (PGP signature) — 2015-03-17
Fix openconnect.pc breakage after liboath removal.
Refactor Juniper Network Connect receive loop.
Fix some memory leaks.
Add Bosnian translation.
OpenConnect v7.05 (PGP signature) — 2015-03-10
Fix alignment issue which broke LZS compression on ARM etc.
Support HTTP authentication to servers, not just proxies.
Work around Yubikey issue with non-ASCII passphrase set on pre-KitKat Android.
Add SHA256/SHA512 support for OATH.
Remove liboath dependency.
Support DTLS v1.2 and AES-GCM with OpenSSL 1.0.2.
Add OpenSSL 1.0.2 to known-broken releases (RT#3703, RT#3711).
Fix build with OpenSSL HEAD (OpenSSL 1.1.x).
Preliminary support for Juniper SSL VPN.
