Changes to the Cyrus IMAP Server since 2.4.15
* Bug #3651 - 64 bit dirhash breaks existing systems. NOTE this
includes a fix to the re-written rehash tool released with 2.4.15
Changes to the Cyrus IMAP Server since 2.4.14
* Bug #3664, #3665 - Sieve filters don't work if mailbox contains
dots
* Bug #3651 - 64 bit dirhash breaks existing systems. NOTE - this
includes a complete rewrite of tools/rehash, making it much simpler
and more reliable. Check the usage statement
* Bug #1228 - mailbox dumps need to dump quotaroots
* Bug #3613 - CATENATE command returns BADURL
* Bug #3627 - enabling improved_mboxlist_sort documentation mention
subscription files
* Bug #3661 - Memory leaks in sync_server, nntpd, popd
* Bug #3621 - quota bug involving nested quota roots
* Bug #3667 - FLAGS.SILENT needs to return new MODSEQ if QRESYNC
enabled
This collection of tools includes: support for short commands
starting with @, macros to sanitise the OT1 encoding of the
cmtt fonts; a 'do after' command; improved footnote
support; mathenv for various alignment in maths; list
handling; mdwmath which adds some minor changes to LaTeX
maths; a rewrite of LaTeX's tabular and array environments;
verbatim handling; and syntax diagrams.
New in Version 0.8.2
Branches netbsd-6, netbsd-6-0 and netbsd-5-1 are supported.
New in Version 0.8.1
INSTALL-NetBSD now installs the tests set, in NetBSD 5, and the
modules set, to be in NetBSD 6.
* Disable mod_proxy_html explicitly.
Changes with Apache 2.4.2
*) SECURITY: CVE-2012-0883 (cve.mitre.org)
envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
current working directory to be searched for DSOs. [Stefan Fritsch]
*) mod_slotmem_shm: Honor DefaultRuntimeDir [Jim Jagielski]
*) mod_ssl: Fix crash with threaded MPMs due to race condition when
initializing EC temporary keys. [Stefan Fritsch]
*) mod_proxy: Add the forcerecovery balancer parameter that determines if
recovery for balancer workers is enforced. [Ruediger Pluem]
*) Fix MPM DSO load failure on AIX. [Jeff Trawick]
*) mod_proxy: Correctly set up reverse proxy worker. PR 52935.
[Petter Berntsen <petterb gmail.com>]
*) mod_sed: Don't define PATH_MAX to a potentially undefined value, causing
compile problems on GNU hurd. [Stefan Fritsch]
*) core: Add ap_runtime_dir_relative() and DefaultRuntimeDir.
[Jeff Trawick]
*) core: Fix breakage of Listen directives with MPMs that use a
per-directory config. PR 52904. [Stefan Fritsch]
*) core: Disallow directives in AllowOverrideList which are only allowed
in VirtualHost or server context. These are usually not prepared to be
called in .htaccess files. [Stefan Fritsch]
*) core: In AllowOverrideList, do not allow 'None' together with other
directives. PR 52823. [Stefan Fritsch]
*) mod_slotmem_shm: Support DEFAULT_REL_RUNTIMEDIR for file-based shm.
[Jim Jagielski]
*) core: Fix merging of AllowOverrideList and ContentDigest.
[Stefan Fritsch]
*) mod_request: Fix validation of the KeptBodySize argument so it
doesn't always throw a configuration error. PR 52981 [Eric Covener]
*) core: Add filesystem paths to access denied / access failed messages
AH00035 and AH00036. [Eric Covener]
*) mod_dumpio: Properly handle errors from subsequent input filters.
PR 52914. [Stefan Fritsch]
*) Unix MPMs: Fix small memory leak in parent process if connect()
failed when waking up children. [Joe Orton]
*) "DirectoryIndex disabled" now undoes DirectoryIndex settings in
the current configuration section, not just previous config sections.
PR 52845. [Eric Covener]
*) mod_xml2enc: Fix broken handling of EOS buckets which could lead to
response headers not being sent. PR 52766. [Stefan Fritsch]
*) mod_ssl: Properly free the GENERAL_NAMEs. PR 32652. [Kaspar Brand]
*) core: Check during config test that directories for the access
logs actually exist. PR 29941. [Stefan Fritsch]
*) mod_xml2enc, mod_proxy_html: Enable per-module loglevels.
[Stefan Fritsch]
*) mod_filter: Fix segfault with AddOutputFilterByType. PR 52755.
[Stefan Fritsch]
*) mod_session: Sessions are encoded as application/x-www-form-urlencoded
strings, however we do not handle the encoding of spaces properly.
Fixed. [Graham Leggett]
*) Configuration: Example in comment should use a path consistent
with the default configuration. PR 52715.
[Rich Bowen, Jens Schleusener, Rainer Jung]
*) Configuration: Switch documentation links from trunk to 2.4.
[Rainer Jung]
*) configure: Fix out of tree build using apr and apr-util in srclib.
[Rainer Jung]
Bugfixes:
* Bugfix #421: Truncate pidfile on shutdown, before unlink.
* Bugfix #423: Fix slow zone transfer processing due to
'Fix is_existing flag for ENT' bugfix.
* Bugfix #430: Fix segfault when MAX_INTERFACES set to more than 65K.
* Fix configure.ac strptime check for gcc 4.6.2, acx_nlnetlabs.m4 update
NSD 3.2.9
Features:
* Minimize responses to reduce truncation: NSD will only add optional
records to the authority and additional sections when the response size
does not exceed the minimal response size.
* The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4),
1220 (EDNS/IPv6), or the advertized EDNS buffer size if that is smaller
than the EDNS default.
* The feature is enabled by default. You can disable it by configuring NSD
with --disable-minimal-responses.
* Less NSEC3 prehashing. This will make NSD handle zone transfers faster,
but will decrease the performance of NXDOMAIN and wildcard NODATA responses.
Full prehashing is enabled by default. If you want less NSEC3 prehashing,
configure NSD with --disable-full-prehash. Thanks Secure64 for the patch.
Bugfixes:
* Bugfix #302: nsd accepts XFR but refuses to re-read the slave zone.
* Bugfix #365: set patch style and zonec verbose for nsdc.
* First step of bug #369: RRSIG DNSKEY sets zone to be treated DNSSEC.
* Bugfix #375: typos in nsd.conf.5.
* Bugfix #381: Binary escaped and transfers.
* Bugfix #397: Don't allow relative domain names as origin in $INCLUDE
directives.
* Fix printout of IPSECKEY by nsd-patch.
* Fix is_existing flag for ENT when domain that has a shared ENT is deleted
by IXFR. (ENT == Empty Non-Terminal)
* Fix bug if the zonefile is changed for a secondary but stored transfers
are applied, and stop it from applying ixfr to empty zone. The zone is
flagged with error and AXFR-ed.
* Fix to have no authority NS set processing for CNAMEs.
* Fix nsd-checkconf to check tsig algorithms properly.
* Set the AA bit on responses that have an authoritative CNAME.
* Fix denial of existence response for empty non-terminal that looks like
a NSEC3-only domain (but has data below it).
Operational notes:
nsd.db version number increased because NSD 3.2.7 and earlier zonec is not
compatible due to the TXT strings change. Please run nsdc rebuild before
running NSD 3.2.9 and later versions.
Fix a few pkglint warnings
Upstream changes
----------------
1.11 / 1-Jun-11
- Fix: Memory allocation was miscalculated when creating interface list from
/sys/class/net when /proc/net/dev wasn't available which in turn could
crash the daemon
- Fix: Daemon database cache could remain empty after a -HUP signal
- Fix: Don't make temp directory in vnstat.cgi writable for everyone
- Import GNU/kFreeBSD support from Debian
(#608963, patch by Mats Erik Andersson)
- Remove usage of GNU only '-D' option for install for BSD in Makefile
- The daemon now automatically creates databases for available interfaces
if no databases are found during startup
1.10 / 2-Jan-10
- Fix: Buffer overflow was possible in hourly image output when RateUnit=1
and HourlyRate=1
- Fix: Minor memory leak was possible in the handling of HUP signal in daemon
- Fix: Graphical elements weren't correctly aligned in summary image
when header wasn't visible (-nh)
- Fix: --delete didn't work
- Possibility to merge statistics from several databases and save
the end result to a new database (--mergesaved)
- Added validation of database cache in daemon in order to be more robust
in case of system memory corruption
- Support for --style to -l (live mode)
- Alternative print mode to -l (live mode) with optional parameter
- Present options and elements in man pages in alphabetical order
- Code cleanup
*) Security: specially crafted mp4 file might allow to overwrite memory
locations in a worker process if the ngx_http_mp4_module was used,
potentially resulting in arbitrary code execution (CVE-2012-2089).
pkgsrc changes:
---------------
- Add a patch to fix CVE-2012-2093, taken from upstream repository.
- s/py-amkCrypto/py-crypto (py-amkCrypto is not maintained anymore upstream)
upstream changes:
-----------------
Gajim 0.15 (18 March 2012)
* Plugin system
* Whiteboard (via a plugin)
* Message archiving
* Stream managment
* IBB
* Nested roster group
* Roster filtrering
* UPower support
* GPG support for windows
* Spell checking support for windows
Gajim 0.14.4 (22 July 2011)
* Fix translation issue
* other minor fixes
Gajim 0.14.3 (19 June 2011)
* Fix history viewer
* Fix closing roster window
* Prevent some erros with metacontacts
Gajim 0.14.2 (07 June 2011)
* Fix CPU usage when testing file transfer proxies
* Fix invalid XML char regex
* Fix subscription request window handling
* Fix URL display in chat message banner
* Other minor bugfixes
