[downloader/common] report_retry: Don't crash when retries is infinite
[cbsnews] Extract subtitles
[cbsnews] Simplify subtitles extraction and fix test
[arte:future] Fix extraction
[arte:future] Make duplicated test matching only
[arte:cinema] Add extractor
[nuevo] Generalize nuevo extractor and add support for trollvids
[nuevo] Simplify nuevo extractors
[ruleporn] Add new extractor
[nuevo] Improve thumbnail extraction
[ruleporn] Rework in terms of nuevo
[lovehomeporn] Add extractor
[SVTPlay] Add subtitle support
[svt] Improve subtitles extraction and add test
[options] Clarify language tags
[kanalplay] Use IETF language tag
[drtv] Use IETF language tag
Previously there were at least 5 different ways MACHINE_ARCH could be set,
some statically and some at run time, and in many cases these settings
differed, leading to issues at pkg_add time where there was conflict
between the setting encoded into the package and that used by pkg_install.
Instead, move to a single source of truth where the correct value based on
the host and the chosen (or default) ABI is determined in the bootstrap
script. The value can still be overridden in mk.conf if necessary, e.g.
for cross-compiling.
ABI is now set by default and if unset a default is calculated based on
MACHINE_ARCH. This fixes some OS, e.g. Linux, where the wrong default was
previously chosen.
As a result of the refactoring there is no need for LOWER_ARCH, with
references to it replaced by MACHINE_ARCH. SPARC_TARGET_ARCH is also
removed.
@PKG_SYSCONFDIR@ with hardcoded paths to /usr/pkg, possibly due to SUBST_STAGE
being set to post-patch. Revert that change, move SUBST_STAGE to
pre-configure, and perform some minor cleanup while here.
Bump PKGREVISION of all packages, ignoring pkglint's error that this shouldn't
be done in Makefile.common.
* Add -P, --printpidfile to print the pidfile dhcpcd will use to
stdout
* Fix a crash when a non active interface departs
* Add the -1, --oneshot option which causes dhcpcd to exit once an
interface has been configured
* Fix delegation activating interfaces
Security Fixes
* Specific APL data could trigger an INSIST. This flaw was discovered
by Brian Mitchell and is disclosed in CVE-2015-8704. [RT #41396]
* Named is potentially vulnerable to the OpenSSL vulnerabilty
described in CVE-2015-3193.
* Insufficient testing when parsing a message allowed records with an
incorrect class to be be accepted, triggering a REQUIRE failure
when those records were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #40987]
* Incorrect reference counting could result in an INSIST failure if a
socket error occurred while performing a lookup. This flaw is
disclosed in CVE-2015-8461. [RT#40945]
New Features
* None
Feature Changes
* Updated the compiled in addresses for H.ROOT-SERVERS.NET.
Bug Fixes
* Authoritative servers that were marked as bogus (e.g. blackholed in
configuration or with invalid addresses) were being queried anyway.
[RT #41321]
Security Fixes
* Specific APL data could trigger an INSIST. This flaw was discovered
by Brian Mitchell and is disclosed in CVE-2015-8704. [RT #41396]
* Certain errors that could be encountered when printing out or
logging an OPT record containing a CLIENT-SUBNET option could be
mishandled, resulting in an assertion failure. This flaw was
discovered by Brian Mitchell and is disclosed in CVE-2015-8705. [RT
#41397]
* Named is potentially vulnerable to the OpenSSL vulnerabilty
described in CVE-2015-3193.
* Insufficient testing when parsing a message allowed records with an
incorrect class to be be accepted, triggering a REQUIRE failure
when those records were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #40987]
* Incorrect reference counting could result in an INSIST failure if a
socket error occurred while performing a lookup. This flaw is
disclosed in CVE-2015-8461. [RT#40945]
New Features
* None.
Feature Changes
* Updated the compiled in addresses for H.ROOT-SERVERS.NET.
Bug Fixes
* Authoritative servers that were marked as bogus (e.g. blackholed in
configuration or with invalid addresses) were being queried anyway.
[RT #41321]
* Release 0.10.0 (15-Jan-2015)
** Compatibility Fixes
This release is compatible with Twisted-15.3.0 through 15.5.0. A change in
15.3.0 triggered a bug in Foolscap which produced a somewhat-infinite series
of log messages when run under `twistd`. This release fixes that bug, and
slightly changes the semantics of calling `log.msg()` with additional
parameters. (#244)
Foolscap no longer claims compatibility with python-2.6.x . Twisted-15.5.0
was the last release to offer 2.6 support, and subsequent releases actively
throw errors when run against 2.6, so we've turned off Foolscap's automated
testing for 2.6. It may remain compatible by accident for a while. (#245)
v0.8.1
Added localization support with translations for Czech, German and Slovak languages.
Fixes:
- Syncthing version of remote node not shown
- Missing definition causing UI problems and Appreport madness on Ubuntu (thanks @Newman101)
Other:
- Added --portable parameter to syncthing-gtk.exe on Windows.
- Updated syncthing-inotify version to 0.6.7
- Added support for download placeholders in Nautilus plugin
v0.8.0.0.1
Prelease for localization testing. May work. Probably.
Added localization support with translations for Czech, German and Slovak languages.
Fixes:
- Syncthing version of remote node not shown
- Missing definition causing UI problems and Appreport madness on Ubuntu (thanks @Newman101)
v0.8.0.1
Linux-only release. If you are on Windows, please, use v0.8
Fixes:
- Syncthing version of remote node not shown
- Missing definition causing UI problems, inotify bugs and Appreport madness on Ubuntu (thanks @Newman101)
v0.8
For Syncthing 0.12 and above
Additional fixes:
- No 'ignore' button on Unknown device message.
- Better support for non-ascii characters in user's home path on Windows
v0.7.6.2
Prerelease to test with Syncthing v0.12. Most likely working.
v0.7.6.1
Fixes:
- Typo in Windows installer description (thanks @DennisPS)
- Missing image definition causes crash with some GLib versions
v0.7.6
Fixes:
- window border disappearing (again) on Windows
- crash on too recent glib (#198)
- crash on too old glib (#201)
- inotify (filesystem watcher) not being aware of created directories
- Nautilus plugin ignoring some files until view is refreshed
v0.12.15
- Handle race within the job queue (#1263, @AudriusButkevicius)
- Improve API/GUI shutdown handling (#2694, @calmh)
- Don't crash on folder remove while pulling (#2705, @calmh)
This release uses code signing on Mac OS X.
v0.12.14
This is a security update. The Windows builds are now done using Go 1.6beta2, otherwise this is identical to v0.12.13.
v0.12.13
This build is a security update.
- Add support for themes (#1925, @AudriusButkevicius)
- Don't leak sendIndexes on disconnect (#2589, @calmh)
- Always run relaying when enabled (#2665, @calmh)
- Update 'Edit' menu to 'Action' menu (#2662, @kluppy)
v0.12.12
- Update kardianos/osext (#2650, @calmh)
- Change default max conflicts to 10 (#2604, @calmh)
- Don't conflict copy conflict copies (#2605, @calmh)
- Don't allow in use CSRF tokens to expire (#1008, @calmh)
- Add relaying to main settings dialog (#2433, @calmh)
- Don't resolve destination address until we need to (#2671, @calmh)
- More fine grained locking in discovery cache (#2667, @calmh)
- Added STNODEFAULTFOLDER envvar to skip default folder creation on new install (#1515, @nrm21)
v0.12.11
- Remove windows specialisation from osutil.GetLans (#2192, @AudriusButkevicius)
- Ensure loaded config is free of duplicate devices (#2627, @calmh)
- Show device ID QR code from edit dialog (#1494, @ironmig)
- Don't warn about failed ignores if folder unhealthy (#2630, @AudriusButkevicius)
- Detect nonstandard hash algo and stop folder (#2314, @calmh)
- Also build linux-arm64, linux-ppc64, linux-ppc64le (@calmh)
- Disallow adding duplicate device ID in GUI (@ironmig)
v0.12.10
- Don't crash on stat error in ensureDir (#2608, @calmh)
- Correctly set default logfile location on Windows (#2608, @calmh)
- Consider tempfile when checking for free space (#2598, @andersonvom)
- Update kardianos/osext (#1272, @calmh)
- Remove fixed footer at first media break (#2454, @andersonvom)
- Update mtime of config file before upgrading (#2509, @andersonvom)
- Correct GUI asset dir handling (#2621, @calmh)
v0.12.9
- Example GUI override address (#2530, @calmh)
- Additional output on insufficient error (#2580, @Zillode)
- Add command line option to open GUI (#2210, @andersonvom)
- Always exit via error select, making sure reader routine is exits (#2547, @AudriusButkevicius)
- Don't verify free space for files when folder MinDiskFreePct==0 (#2600, @calmh)
- Edit device after accepting new connection (#1929, @andersonvom)
v0.12.8
- Correct type assertion in verbose logger, restart (#2561, @calmh)
- Remove Android hacks (#2505, @calmh)
- upnp: Use a separate error for the error unmarshalling (@wkennington)
Patches provided by Matthew Luckie in PR pkg/50654.
ChangeLogs:
https://mailman.caida.org/pipermail/scamper-announce/2015-October/000004.htmlhttps://mailman.caida.org/pipermail/scamper-announce/2015-December/000005.htmlhttps://mailman.caida.org/pipermail/scamper-announce/2016-January/000006.html
tbit
* add support for initial congestion window (ICW) inferences
* add new tests to check response to packets that could have been
sent by a blind attacker
* add a TCP fast-open implementation, with both experimental
and official option values
* add support for testing HTTPS and BGP. drop FTP, DNS, and SMTP
* add sc_tbitblind driver that was used for IMC 2015 paper
trace
* add tx timestamp to hop records
* add dl option, to replace dlts option removed from scamper.
* process UDP responses, if a UDP probe method is used.
ping:
* add tcp-syn ping method.
* fix memory leak when payloads are specified in ping.
sc_ipiddump
* report IPID values from traceroute measurements, where available
* report the source IP address used to probe the destination
sc_filterpolicy:
* add a new scamper driver to test systems for congruent filtering policy
http://www.caida.org/tools/measurement/scamper/man/sc_filterpolicy.1.pdf
scamper:
* update scamper maximum PPS to 10,000 (from 1000). Its not 2002 anymore.
* bind to requested source port with UDP sockets.
* set SO_SNDBUF once, when a probe socket is created.
* remove dlts option which was only used by traceroute.
* drop divert socket from privsep, which was not used in scamper anywhere.
* shift socket creation glue from scamper_privsep.c to
scamper_udp4.c, scamper_icmp6.c, etc.
* fix memory leak when receiving TCP responses in tracelb.
* do not use the global address cache in tracelb: use a local one.
* in qsort with 3-way partition, do not compare items against
themselves.
* improve performance of warts_addr_t code
* use calloc instead of malloc() -> memset(0) on systems where calloc
is available.
* do not use the global address cache in ping: most responses are
either from the destination, or from the same IP address, so
optimize for that.
Changes since 4.3.3
! Update the bounds checking when receiving a packet.
Thanks to Sebastian Poehn from Sophos for the bug report and a suggested
patch.
[ISC-Bugs #41267]
1.1.1 - Second Law of Nature
============================
* Fix the owner_write rights rule
1.1 - Law of Nature
===================
One feature in this release is **not backward compatible**:
* Use the first matching section for rights (inspired from daald)
Now, the first section matching the path and current user in your custom rights
file is used. In the previous versions, the most permissive rights of all the
matching sections were applied. This new behaviour gives a simple way to make
specific rules at the top of the file independant from the generic ones.
Many **improvements in this release are related to security**, you should
upgrade Radicale as soon as possible:
* Improve the regex used for well-known URIs (by Unrud)
* Prevent regex injection in rights management (by Unrud)
* Prevent crafted HTTP request from calling arbitrary functions (by Unrud)
* Improve URI sanitation and conversion to filesystem path (by Unrud)
* Decouple the daemon from its parent environment (by Unrud)
Some bugs have been fixed and little enhancements have been added:
* Assign new items to corret key (by Unrud)
* Avoid race condition in PID file creation (by Unrud)
* Improve the docker version (by cdpb)
* Encode message and commiter for git commits
* Test with Python 3.5
add commandline option to genconfig.sh to set UPnP (UDA) version
advertise correct service and device versions when IGDv2 is enabled
fix action arguments for DeviceProtection service
fix event subscription renewal (include SID in response)
Google Cloud SDK contains tools and libraries that enable you to
easily create and manage resources on Google Cloud Platform,
including App Engine, Compute Engine, Cloud Storage, BigQuery,
Cloud SQL, and Cloud DNS.
This package contains bq, gcloud and gsutil commands.
#mikutter 3.3.3
* update language po files
* fix of "crash on click of setting button" was missed
#mikutter 3.3.2
* Happy new year
* several crash issue
* crash on click of setting button on certain condition
* avoid use of lacacy methods deprecated by Ruby 2.3
#mikutter 3.3.1
* crash on UserStream process in some case
* crash on adding list
#mikutter 3.3.0
* use external libraries
* Delayer-Deferred
* Pluggaloid
* retweeted retweet
* liked retweet
* retweet with comments
* show icons for protected accounts
* add settings to show icons for verified accounts
* change method of counting a number of chars, to reflect URL conversion
* improvements of daemon mode
* notice function
* imrovements of support of some image services
Twitter-text gem provides text processing routines for Twitter Tweets.
The major reason for this is to unify the various auto-linking and
extraction of usernames, lists, hashtags and URLs.
NTP 4.2.8p5
Focus: Security, Bug fixes, enhancements.
Severity: MEDIUM
In addition to bug fixes and enhancements, this release fixes the
following medium-severity vulnerability:
* Small-step/big-step. Close the panic gate earlier.
References: Sec 2956, CVE-2015-5300
Affects: All ntp-4 releases up to, but not including 4.2.8p5, and
4.3.0 up to, but not including 4.3.78
CVSS3: (AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:L) Base Score: 4.0, MEDIUM
Summary: If ntpd is always started with the -g option, which is
common and against long-standing recommendation, and if at the
moment ntpd is restarted an attacker can immediately respond to
enough requests from enough sources trusted by the target, which
is difficult and not common, there is a window of opportunity
where the attacker can cause ntpd to set the time to an
arbitrary value. Similarly, if an attacker is able to respond
to enough requests from enough sources trusted by the target,
the attacker can cause ntpd to abort and restart, at which
point it can tell the target to set the time to an arbitrary
value if and only if ntpd was re-started against long-standing
recommendation with the -g flag, or if ntpd was not given the
-g flag, the attacker can move the target system's time by at
most 900 seconds' time per attack.
Mitigation:
Configure ntpd to get time from multiple sources.
Upgrade to 4.2.8p5, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page
As we've long documented, only use the -g option to ntpd in
cold-start situations.
Monitor your ntpd instances.
Credit: This weakness was discovered by Aanchal Malhotra,
Isaac E. Cohen, and Sharon Goldberg at Boston University.
NOTE WELL: The -g flag disables the limit check on the panic_gate
in ntpd, which is 900 seconds by default. The bug identified by
the researchers at Boston University is that the panic_gate
check was only re-enabled after the first change to the system
clock that was greater than 128 milliseconds, by default. The
correct behavior is that the panic_gate check should be
re-enabled after any initial time correction.
If an attacker is able to inject consistent but erroneous time
responses to your systems via the network or "over the air",
perhaps by spoofing radio, cellphone, or navigation satellite
transmissions, they are in a great position to affect your
system's clock. There comes a point where your very best
defenses include:
Configure ntpd to get time from multiple sources.
Monitor your ntpd instances.
Other fixes:
* Coverity submission process updated from Coverity 5 to Coverity 7.
The NTP codebase has been undergoing regular Coverity scans on an
ongoing basis since 2006. As part of our recent upgrade from
Coverity 5 to Coverity 7, Coverity identified 16 nits in some of
the newly-written Unity test programs. These were fixed.
* [Bug 2829] Clean up pipe_fds in ntpd.c perlinger@ntp.org
* [Bug 2887] stratum -1 config results as showing value 99
- fudge stratum should only accept values [0..16]. perlinger@ntp.org
* [Bug 2932] Update leapsecond file info in miscopt.html. CWoodbury, HStenn.
* [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray
* [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
- applied patch by Christos Zoulas. perlinger@ntp.org
* [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704.
* [Bug 2954] Version 4.2.8p4 crashes on startup on some OSes.
- fixed data race conditions in threaded DNS worker. perlinger@ntp.org
- limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
* [Bug 2957] 'unsigned int' vs 'size_t' format clash. perlinger@ntp.org
- accept key file only if there are no parsing errors
- fixed size_t/u_int format clash
- fixed wrong use of 'strlcpy'
* [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
* [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets. perlinger@ntp.org
- fixed several other warnings (cast-alignment, missing const, missing prototypes)
- promote use of 'size_t' for values that express a size
- use ptr-to-const for read-only arguments
- make sure SOCKET values are not truncated (win32-specific)
- format string fixes
* [Bug 2965] Local clock didn't work since 4.2.8p4. Martin Burnicki.
* [Bug 2967] ntpdate command suffers an assertion failure
- fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
* [Bug 2969] Seg fault from ntpq/mrulist when looking at server with
lots of clients. perlinger@ntp.org
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
* Unity cleanup for FreeBSD-6.4. Harlan Stenn.
* Unity test cleanup. Harlan Stenn.
* Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn.
* Header cleanup in tests/sandbox/uglydate.c. Harlan Stenn.
* Header cleanup in tests/libntp/sfptostr.c. Harlan Stenn.
* Quiet a warning from clang. Harlan Stenn.
