- The following vulnerabilities have been fixed.
* wnpa-sec-2013-41
The DCP ETSI dissector could crash. (Bug 8717)
Versions affected: 1.10.0, 1.8.0 to 1.8.7
CVE-2013-4083
* wnpa-sec-2013-42
The P1 dissector could crash. Discovered by Laurent Butti.
(Bug 8826)
Versions affected: 1.10.0
CVE-2013-4920
* wnpa-sec-2013-43
The Radiotap dissector could crash. Discovered by Laurent
Butti. (Bug 8830)
Versions affected: 1.10.0
CVE-2013-4921
* wnpa-sec-2013-44
The DCOM ISystemActivator dissector could crash. Discovered
by Laurent Butti. (Bug 8828)
Versions affected: 1.10.0
CVE-2013-4924
CVE-2013-4926
* wnpa-sec-2013-45
The Bluetooth SDP dissector could go into a large loop.
Discovered by Laurent Butti. (Bug 8831)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4927
* wnpa-sec-2013-46
The Bluetooth OBEX dissector could go into an infinite
loop. (Bug 8875)
Versions affected: 1.10.0
CVE-2013-4928
* wnpa-sec-2013-47
The DIS dissector could go into a large loop. (Bug
8911)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4929
* wnpa-sec-2013-48
The DVB-CI dissector could crash. Discovered by Laurent
Butti. (Bug 8916)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4930
* wnpa-sec-2013-49
The GSM RR dissector (and possibly others) could go into a
large loop. (Bug 8923)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4931
* wnpa-sec-2013-50
The GSM A Common dissector could crash. (Bug 8940)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4932
* wnpa-sec-2013-51
The Netmon file parser could crash. Discovered by G.
Geshev. (Bug 8742)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4934
* wnpa-sec-2013-52
The ASN.1 PER dissector could crash. Discovered by
Oliver-Tobias Ripka. (Bug 8722)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4935
* wnpa-sec-2013-53
The PROFINET Real-Time dissector could crash. (Bug
8904)
Versions affected: 1.10.0
CVE-2013-4936
- The following bugs have been fixed:
* Mark retransmitted SYN and FIN packets as retransmissions.
* Wireshark hides under Taskbar. (Bug 3034)
* IEEE 802.15.4 frame check sequence in "Chipcon mode" not
displayed correctly. (Bug 4507)
* Mask in Lua ProtoField.uint32() does not work as expected.
(Bug 5734)
* Crash when applying filter with Voip calls. (Bug 6090)
* Delta time regressions to tshark introduced with SVN 45071.
(Bug 8160)
* Add MAC-DATA support to TETRA dissector and other minor
improvements. (Bug 8708)
* Crash analyzing VoIP Calls (T38). (Bug 8736)
* Wireshark writes empty NRB FQDN which makes trace
unloadable. (Bug 8763)
* Quick launch icon is absent, so it shows up as a generic
icon. (Bug 8773)
* Wrong encoding for 2 pod files, UTF-8 characters in
another. (Bug 8774)
* SCSI (SPC) sense key specific information field must not
include SKSV. (Bug 8782)
* Wireshark crashes when closing Flow Graph with Graph
Analysis opened. (Bug 8793)
* Wrong size of LLRP ProtocolID Parameter in Accessspec
Parameter. (Bug 8809)
* Detection of IPv6 works only on Solaris 8. (Bug 8813)
* ip.opt.type triggers for TCP NOP option. (Bug 8823)
* DCOM-SYSACT dissector crash. (Bug 8828)
* Incorrect decoding of MPLS Echo Request with BGP FEC.
(Bug 8835)
* Buggy IEC104 dissector caused by commit r48958. (Bug
8849)
* ansi_637_tele dissector displays MSB as MBS for Call-Back
Number. (Bug 8851)
* LISP Map-Notify flags I and R shown incorrectly. (Bug
8852)
* ONTAP_V4 fhandle decoding leads to dissector bug. (Bug
8853)
* Dropped bytes in imap dissector. (Bug 8857)
* Kismet drone/server dissector improvements. (Bug 8864)
* TShark iostat_draw sizeof mismatch. (Bug 8888)
* SCTP bytes graph crash. (Bug 8889)
* Patch to Wireshark/tshark usage info and man pages to
document all timestamp (-t) options. (Bug 8906)
* Strange behavior of tree expand/collapse in packet details.
(Bug 8908)
* Graph Filter field limited to 256 characters. (Bug
8909)
* Filter doesn't support cflow ASN larger than 65535.
(Bug 8959)
* Wireshark crashes when switching from a v1.11.0 profile to
a v1.4.6 prof and then to a v1.5.1 prof. (Bug 8884)
* SIP stats shows incorrect values for Max/Ave setup times.
(Bug 8897)
* NFSv4 delegation not reported correctly. (Bug 8920)
* Issue with Capture Options Adapter List. (Bug 8932)
* RFC 5844 - IPv4 Support for Proxy Mobile IPv6 - Mobility
option IPv4 DHCP Support Mode Option malformed packet.
(Bug 8957)
* RFC 3775 - Mobility Support in IPv6 - Mobility option PadN
incorrectly highlights + 2 bytes. (Bug 8958)
* All mongodb query show as .
(Bug 8960)
- Updated Protocol Support
ANSI IS-637-A, ASN.1, ASN.1 PER, Bluetooth OBEX, Bluetooth SDB,
DCERPC NDR, DCOM ISystemActivator, DCP ETSI, Diameter 3GPP,
DIS, DVB-CI, Ethernet, GSM Common, GSM SMS, H.235, IEC104, IEEE
802.15.4, IEEE 802a, IMAP, IP, KDSP, LISP, LLRP, MAC-LTE,,
Mobile IPv6, MONGO, MPLS Echo, Netflow, NFS, NFSv4, P1,
PDCP-LTE, PN-IO, PN-RT, PPP, Radiotap, RLC,, RLC-LTE,, SCSI,
SIP, SMTP, SoulSeek, TCP, TETRA, and VNC
- New and Updated Capture File Support
Microsoft Network Monitor, pcap-ng.
* hostname is not stamped on anymore if already set
* hostname will be set to a FQDN when possible as per RFC4702 section 3.1
* a domain is derived from the FQDN if no domain option is set
* add new hostname_short command to send a short hostname for DDNS
* hostname_fqdn is now documented, along with a new server setting and the
potential problems associated with it
* the FQDN option is no longer sent by default for DHCPv4 messages
* highlight hash-bang line as comment
* make lua-mode-hook editable via customize
* fix several indentation bugs & quirks
* fix lua-send-proc not to send previous function when point is at the beginning of a function
* derive lua-mode from prog-mode for Emacs24
* add font-locking for builtins and numeric constants
* fix a bug causing exponential complexity in a keyword matching regexp
* add more unindentation cases for block-closing tokens
* improve multiline highlighting via font-lock-syntactic-keywords
This should make font-locking of multiline literals more fluent & stable. And
it becomes customizable via standard font-lock configuration
* properly fontify variable definitions in 'local ...' & 'for ...'
Also, perform some basic syntax verification in those lines. Multi-line
constructs not supported yet.
* fix indentation for blocks starting on continued lines
local foo =
{
bar,
baz
} ^
1. these lines should be indented properly now
^
2. the following lines should be unindented properly now
* extend imenu-generic-expression
Now it matches 'foo = function(...)' function definitions
- [security] Fix self-XSS in "Showing rows", see PMASA-2013-8
- [security] Fix self-XSS in Display chart, see PMASA-2013-9
- [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
- [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
- [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
+ [security] JSON content type header for version_check.php, see PMASA-2013-9
+ [security] Backport fix for jQuery issue #9521 from jQuery 1.6.3, see PMASA-2013-9
+ [security] Fix full path disclosure, see PMASA-2013-12
+ [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
+ [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
- [security] Fix self-XSS in schema export, see PMASA-2013-14
- [security] Fix unencoded json object, see PMASA-2013-11
distribution.
php-opcache is the Zend OPcache module which provides faster PHP execution
through opcode caching and optimization. It improves PHP performance by
storing precompiled script bytecode in the shared memory. This eliminates the
stages of reading code from the disk and compiling it on future access. In
addition, it applies a few bytecode optimization patterns that make code
execution faster.
This is new stable release of PHP. Please refer UPGRADING file for
changes and updating.
PHP is an HTML-embedded scripting language. It is modular, with
some object-oriented features. Much of its syntax is borrowed from
C, Java and Perl with a couple of unique PHP-specific features
thrown in. The language is designed to allow web developers to
write dynamically generated pages quickly.
This package provices PHP version 5.5.x.
tarballs with the same name, as found by obache@ in:
http://bugs.mysql.com/bug.php?id=69598
adam@ already fixed version 5.5, so this should complete the fix
for PR pkg/48056. (Also replaced the 5.6 tarball on ftp.netbsd.org)
on pkgsrc-users.
Changes:
This release adds the ability to move/resize floating windows beyond
region boundaries. It adds 'soft boundary' behavior to region
boundaries. When moving a window past the region boundary, the
window will 'snap' to the region boundary if it is less than
boundary_width distance beyond the edge. A new boundary_width
configuration option has been added. The 'soft boundary' behavior
can be disabled by setting this option to 0. The ability to set
tile_gap to negative values has been added, which makes it possible
for tiled windows to overlap. Set this to the opposite of border_width
to collapse borders.
The major difference in all these new releases is that the code for these
projects has been yanked out of pkgsrc and moved into GitHub in order to
make the code more easily available on other systems. These three packages
are now very simple pkgsrc packages.
Released on 2013-07-28.
* Sources migrated to a GitHub project from the previous copy in
the pkgsrc repository. sysupgrade is now a first-class package and
includes a traditional build system based on automake and autoconf.
* Moved the sysupgrade script from bin to sbin.
Released on 2013-07-28.
* Sources migrated to a GitHub project from the previous copy in
the pkgsrc repository. sysbuild is now a first-class package and
includes a traditional build system based on automake and autoconf.
Released on 2013-07-28.
* Sources migrated to a GitHub project from the previous copy in
the pkgsrc repository. shtk is now a first-class package and includes
a traditional build system based on automake and autoconf and also
provides a pkg-config file and autoconf macros to ease the integration
with other packages.
- 2.37 | 2013-07-28
- dropped
- example program wwwcat
This trivial program is not so interesting.
- module ‘(www main)’
- proc ‘(www server-utils parse-request) read-first-line’
- proc ‘(www server-utils parse-request) read-headers’
- proc ‘(www server-utils parse-request) skip-headers’
- proc ‘(www server-utils parse-request) read-body’
- proc ‘(www http) http:head’
- proc ‘(www http) http:get’
These were announced in Guile-WWW 2.34 (2012-03-29) NEWS.
- support for values in ‘receive-response’ spec
This was announced in Guile-WWW 2.36 (2012-11-22) NEWS.
- ‘(www url) url:address’ more strict
- ‘(www url) url:unknown’ more strict
Contrary to the Guile-WWW 2.34 (2012-03-29) NEWS blurb, these
two procs are not being deleted. Instead, they persist and now
check their arg for the proper scheme (‘mailto’ and ‘unknown’,
respectively) to better support the (thin) abstraction they
provide over the underlying data structure.
- bootstrap tools upgraded
- GNU Automake 1.13.4
- Guile-BAUX 20130705.0751.4969fb4
1.10 (2013-07-23)
~~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE** Dropped support for Python 2.5. The minimum
supported Python version is now Python 2.6.
* **BACKWARDS INCOMPATIBLE** Using ``virtualenv.py`` as an isolated script
(i.e. without an associated ``virtualenv_support`` directory) is no longer
supported for security reasons and will fail with an error.
Along with this, ``--never-download`` is now always pinned to ``True``, and
is only being maintained in the short term for backward compatibility
(Pull #412).
* **IMPORTANT** Switched to the new setuptools (v0.9.7) which has been merged
with Distribute_ again and works for Python 2 and 3 with one codebase.
The ``--distribute`` and ``--setuptools`` options are now no-op.
* Updated to pip 1.4.
* Added support for PyPy3k
* Added the option to use a version number with the ``-p`` option to get the
system copy of that Python version (Windows only)
* Removed embedded ``ez_setup.py``, ``distribute_setup.py`` and
``distribute_from_egg.py`` files as part of switching to merged setuptools.
* Fixed ``--relocatable`` to work better on Windows.
* Fixed issue with readline on Windows.
.. _Distribute: https://pypi.python.org/pypi/distribute
