Update isc-dhcp4, isc-dhclient4, isc-dhcpd4 and isc-dhcrelay4 to 4.4.2.
pkgsrc change: change LICENSE to mpl-2.0.
Here is quote of RELNOTES:
Internet Systems Consortium DHCP Distribution
Version 4.4.2
22 January 2020
Release Notes
NEW FEATURES
Please note that that ISC DHCP is now licensed under the Mozilla Public License,
MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
license terms.
While release 4.4.2 is primarily a maintenance release that addresses a number
of defects, it does introduce a few new features:
- Keama - Keama is a migration utility that assists in converting ISC DHCP
server configuration files to Kea configuration files. It is found in the
keama subdirectory and includes a README.md file with instructions on how
to build it as well as a manpage on its usage.
- Two new server parameters related to ping checking were added:
1. ping-cltt-secs which allows the user to specify the number of seconds
that must elapse since CLTT before a ping check is conducted.
2. ping-timeout-ms which allows the user to specify the amount of time the
server waits for a ping-check response in milliseconds rather than in
seconds.
In general, the areas of focus for ISC DHCP 4.4 were:
1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries
Dynamic DNS Improvements:
- We added three new server configuration parameters which influence DDNS
conflict resolution:
1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
to mitigate issues with non-compliant clients in dual stack environments.
2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
requirement of DNS conflict resolution.
3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
allow unguarded DNS entries to be overwritten in certain cases
- The server now honors update-static-leases parameter for static DHCPv6
hosts.
dhclient Improvements:
- We've added three command line parameters to dhclient:
1. --prefix-len-hint - directs dhclient to use the given length as
the prefix length hint when requesting prefixes
2. --decline-wait-time - instructs the client to wait the given number
of seconds after declining an IPv4 address before issuing a discover
3. --address-prefix-len - specifies the prefix length passed by dhclient
into the client script (via the environment variable ip6_prefixlen) with
each IPv6 address. We added this parameter because we have changed the
default value from 64 to 128 in order to be compliant with RFC3315bis
draft (-09, page 64) and RFC5942, Section 4, point 1.
**WARNING**: The new default value of 128 may not be backwardly compatible
with your environment. If you are operating without a router, such as
between VMs on a host, you may find they cannot see each other with prefix
length of 128. In such cases, you'll need to either provide routing or use
the command line parameter to set the value to 64. Alternatively you may
change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN
in includes/site.h.
- dhclient will now generate a DHCPv6 DECLINE message when the client script
indicates a DAD failure
Dynamic shared library support:
Configure script, configure.ac+lt, which supports libtool is now provided
with the source tar ball. This script can be used to configure ISC DHCP
to build with libtool and thus use dynamic shared libraries.
Other Highlights:
- The server now supports dhcp-cache-threshold for DHCPv6 operations
- The server now supports DHPv6 address allocation based on EUI-64 DUIDs
- Experimental support for alternate relay port in the both the server
and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)
Update bind914 to 9.14.10 (BIND 9.14.10).
pkgsrc change: update HOMEPAGE to use https URL.
--- 9.14.10 released ---
5339. [bug] With some libmaxminddb versions, named could erroneously
match an IP address not belonging to any subnet defined
in a given GeoIP2 database to one of the existing
entries in that database. [GL #1552]
5338. [bug] Fix line spacing in `rndc secroots`.
Thanks to Tony Finch. [GL !2478]
5337. [func] 'named -V' now reports maxminddb and protobuf-c
versions. [GL !2686]
Update bind911 to 9.11.15 (BIND 9.11.15).
--- 9.11.15 released ---
5339. [bug] With some libmaxminddb versions, named could erroneously
match an IP address not belonging to any subnet defined
in a given GeoIP2 database to one of the existing
entries in that database. [GL #1552]
5338. [bug] Fix line spacing in `rndc secroots`.
Thanks to Tony Finch. [GL !2478]
5337. [func] 'named -V' now reports maxminddb and protobuf-c
versions. [GL !2686]
Wireshark 3.2.1 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2020-01[1] WASSP dissector crash. Bug 16324[2].
CVE-2020-7044[3].
The following bugs have been fixed:
• Incorrect parsing of USB CDC packets. Bug 14587[4].
• Wireshark fails to create directory if parent directory does not
yet exist. Bug 16143[5].
• Buildbot crash output: randpkt-2019-11-30-22633.pcap. Bug
16240[6].
• Closing Flow Graph closes (crashes) main GUI window. Bug
16260[7].
• Wireshark interprets websocket frames after HTTP handshake in a
wrong way. Bug 16274[8].
• A-bis/OML: IPA Destination IP Address attribute contains inverted
value (endianness). Bug 16282[9].
• wiretap/log3gpp.c: 2 * leap before looking ?. Bug 16283[10].
• Opening shell terminal prints Wireshark: Permission denied. Bug
16284[11].
• h264: SPS frame_crop_right_offset shown in UI as
frame_crop_left_offset. Bug 16285[12].
• BGP: update of "Sub-TLV Length" by draft-ietf-idr-tunnel-encaps.
Bug 16294[13].
• SPNEGO+GSS-API+Kerberos+ap-options dissection produces "Unknown
Bit(s)" expert message. Bug 16301[14].
• USB Audio feature unit descriptor is incorrectly dissected. Bug
16305[15].
• Compiling the .y files fails with Berkeley YACC. Bug 16306[16].
• PDB files in Windows installer. Bug 16307[17].
• NAS-5GS 5GS network feature support lacks MCSI, EMCN3 two fields
(octet 4). Bug 16310[18].
• Option to change “Packet List” columns header right click pop-up
menu behavior. Bug 16317[19].
• DLT: Dissector does not parse multiple DLT messages in single UDP
packet. Bug 16321[20].
• ISAKMP Dissection: Enhance Source id and Destination ID field of
GDOI SA TEK payload for non IP ID type. Bug 16233[21].
• DOIP: Typo in "identifcation request messages". Bug 16325[22].
• Toolbar "?" help button - no text/help displayed. Bug 16327[23].
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
802.11 Radiotap, ASN.1 BER, BGP, DLT, DOIP, GSM A RR, GSM A-bis/OML,
H264, HTTP, IEC 60870-5-104, IEEE 802.11, IPv4, ISAKMP, NAS 5GS,
rtnetlink, SIP, TIPC, USB Audio, USB CDC, and WASSP
New and Updated Capture File Support
3gpp phone log
Changes:
2.14.0
------
Features:
* New command: `hub issue update` #2432
* New command: `hub issue transfer` #2363
* Support git flag `hub version --build-options` #2440
* Refuse to follow HTTP 301/302 redirects for non-GET requests #2442
Fixes:
* Fix `hub help <cmd>` on Windows #2384
* Ensure that `grep` command is being used in shell completions #2390
* Consult global `git config color.ui` setting when `--color=auto` #2378
Improvements:
* Print more user-friendly HTTP 40x errors #2446
* Enable debugging file uploads via `HUB_VERBOSE=1 hub release create -a <file>`
* Improve parsing malformed YAML config files #2380
Update samba4 to 4.11.5.
==============================
Release Notes for Samba 4.11.5
January 21, 2020
==============================
This is a security release in order to address the following defects:
o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
o CVE-2019-14907: Crash after failed character conversion at log level 3 or
above.
o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
=======
Details
=======
o CVE-2019-14902:
The implementation of ACL inheritance in the Samba AD DC was not complete,
and so absent a 'full-sync' replication, ACLs could get out of sync between
domain controllers.
o CVE-2019-14907:
When processing untrusted string input Samba can read past the end of the
allocated buffer when printing a "Conversion error" message to the logs.
o CVE-2019-19344:
During DNS zone scavenging (of expired dynamic entries) there is a read of
memory after it has been freed.
Overview of changes in EtherApe 0.9.18 (Sunday, June 3, 2018):
EtherApe now is a pure GTK 3 application, with canvas supplied by GooCanvas
(https://wiki.gnome.org/Projects/GooCanvas).
While GooCanvas itself is in maintenance mode, is still the simpler canvas
library available and with an API almost identical to gnome-canvas, too!
Longer term, EtherApe ui should be completely redesigned and modernized,
but this is for another day.
Changes summary:
* EtherApe ported to GTK3 using GooCanvas instead of the obsolete
GnomeCanvas.
Overview of changes in EtherApe 0.9.17 (Thursday, April 5, 2018):
This is a bugfix release, because a bug made 0.9.16 still runtime-dependent
on gnomeui and other gnome 2 libraries.
Changes summary:
* EtherApe now requires Gtk 2.24
* fixed a bug making libglade load gnome2 libraries
* Sometimes node/links windows were freezing.
Overview of changes in EtherApe 0.9.16 (Sunday, January 14, 2018):
Several distributions are phasing out Gnome 2 libraries and EtherApe needs
to update as well.
Unfortunately, this mean dropping support for older distributions, for
example CENTOS 5 and 6. At this time the EtherApe executable can still be
built for those distributions, but not the project as a whole.
This is an interim release, where the only Gnome 2 component is
gnome-canvas. Apart of that, EtherApe is now a GTK2 application.
Work is underway to replace gnome-canvas with another component.
Documentation is now based on yelp-tools instead of Scroolkeeper/Rarian.
Many thanks to Patrick Matthäi for packaging EtherApe for Debian and
helping to keep this tool current.
Changes summary:
* require only gnome-canvas, not gnome-ui. Based on the work of
Arch Linux packager bgyorgy (Balló György). Thanks!
* migrate from deprecated gnome-doc-utils to yelp-tools.
Unfortunately this change rules out older distributions
* updated German translation, thanks to Chris Leick
Overview of changes in EtherApe 0.9.15 (Friday, February 10, 2017):
The central node ring setting now accepts multiple node specifiers
(separated by any combination of spaces and/or commas), and also
now understands glob syntax, so you can put for example
10.0.0.0/24, *.mydomain.tld, somehost.otherdomain.tld
and it will do what you'd expect.
There is now a compile-time configure option ('--with-c-ares',
disabled by default) to enable DNS resolution via the c-ares
library, supplanting EtherApe's built-in multithreaded
gethostbyaddr(3)-based resolver. This is a fully non-blocking DNS
library and thus has potential for better performance while using
only a single background resolver thread, but also means that
name-lookup is strictly DNS-based, and will thus not take
/etc/hosts, NIS, or other name services into account.
There is a slightly backwards-incompatible change in the syntax of
the node-position file used with the '-P' flag added in release
0.9.14. It now uses the same CIDR notation plus hostname-globbing
syntax used by the central node ring setting (instead of POSIX
regular expressions). This provides simpler and more consistent
syntax with essentially the same real-world utility, but may
require some small changes to existing node-position files. Some
examples:
Old (regex) New (CIDR+glob)
=============== ===============
172.16.2.[0-9]* 172.16.2.0/24
.*.mydomain.com *.mydomain.com
fe80:.* fe80::/16
Additionally, each line of the node-position file may now include
multiple such node-matching patterns (separated by spaces and/or
commas as with the central node ring setting), so a single line
might look like:
*.mydomain.com, 10.0.0.0/24 3
(to put all nodes matching the given domain or CIDR range into
column 3).
As a security feature (privilege separation), packet-capture
operations are now isolated in a separate background process. The
new '-Z' flag can be used to specify a user to run the main
(foreground) process as.
Changes summary:
* New option to use c-ares for DNS resolution.
* Multiple node/subnets and glob syntax now supported for central
node ring.
* Node-matching syntax for '-P' flag's file now uses CIDR
notation and hostname-globbing instead of regexes.
* Multiple patterns can now be given on a single line of the
node-position ('-P') file.
* The columnar-layout ('-P') code has been changed to re-adjust
the spacing of nodes within a column when the number of nodes
decreases. The 10-column limit has also been removed.
* The background-image feature introduced in 0.9.14 can now be
turned off via a preference check-box.
* The background of the protocol legend is now black so that
lighter colors (e.g. yellow) are more readable.
* There is now an option to display packet-capture statistics
from libpcap in the main window (hover the mouse over them for
an explanation in the status bar).
* The show/hide state of the toolbar, protocol legend, and status
bar are now preserved along with other preferences in the
user's config file.
* New '-Z' flag (or '--relinquish-privileges') can be used to run
most processing as an unprivileged user.
Overview of changes in EtherApe 0.9.14 (Saturday February 06, 2016):
EtherApe now users the system /etc/services file instead of its own.
While this change make some customizations a bit harder, it guarantees an
up-to-date services file.
Note to packagers: /etc/etherape is not needed anymore.
Central node option now undestands CIDR notation, allowing for a central
ring of nodes, thanks to Zev Weiss.
Static background image, courtesy of Glenn Feunteun.
Nodes can be optionally arranged as columns, thanks to David Goldfarb.
Changes summary:
* autoconf updated to 2.69
* fixed incorrect WLAN control frames decoding
* fix UTF-8 encoding of several files, thanks to StrPt.
* read system services file instead of EtherApe one, thanks to Zev Weiss.
* fix race condition on exit, thanks to Zev Weiss
* central ring option, thanks to Zev Weiss
* tweaks to preference windows to better work with tiling managers,
thanks to Zev Weiss.
* static background image (Glenn Feunteun)
* arrange nodes in 'columns' (David Goldfarb)
Overview of changes in EtherApe 0.9.13 (Sun May 05, 2013):
Central node option, useful for displaying routers or proxies.
Translations and documentation updates, plus some fixes.
Changes summary:
* Optional central node, based on work of Javier Fernandez-Sanguino
Peña.
* re-enabled full-screen mode, thanks to nrvale0
* Updated spanish translation, thanks to Javier Fernandez-Sanguino
Peña.
* Added German translation, and fixed typos, thanks to Chris Leick.
* Updated documentation.
Add ruby-train-winrm version 0.2.6 package.
Train WinRM
Allows applictaions using Train to speak to Windows using Remote Management;
handles authentication, cacheing, and SDK dependency management.
Add ruby-winrm-fs version 1.3.4 package.
File system operations over Windows Remote Management (WinRM) for Ruby
Ruby library for file system operations via Windows Remote Management.
Add ruby-winrm version 2.3.4 package.
Windows Remote Management (WinRM) for Ruby
This is a SOAP library that uses the functionality in Windows Remote
Management(WinRM) to call native object in Windows. This includes, but is
not limited to, running batch scripts, powershell scripts and fetching WMI
variables. For more information on WinRM, please visit Microsoft's WinRM
site (http://msdn.microsoft.com/en-us/library/aa384426.aspx).
As of version 2.0, this gem retains the WinRM name but all powershell calls
use the more modern Powershell Remoting Protocol (PSRP)
(https://msdn.microsoft.com/en-us/library/dd357801.aspx) for initializing
runspace pools as well as creating and processing powershell pipelines.
The hackage security library provides both server and client utilities
for securing the Hackage package server
(http://hackage.haskell.org/). It is based on The Update Framework
(http://theupdateframework.com/), a set of recommendations developed
by security researchers at various universities in the US as well as
developers on the Tor project (https://www.torproject.org/).
The current implementation supports only index signing, thereby
enabling untrusted mirrors. It does not yet provide facilities for
author package signing.
pkglint --only "https instead of http" -r -F
With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.
This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
Simple network library for all your connection need.
Features: Really simple to use, SSL/TLS, SOCKS.
This library provides a very simple api to create sockets to a
destination with the choice of SSL/TLS, and SOCKS.
No OpenSSL 1.1 support and upstream development is effectively stalled.
Also various other dead dependencies: gstreamer0.10, sdl12, esound,
GNOME 2 libgnomeui...
1.3.2:
- ENH: The Dockerfile used for the official Docker images now uses Python 3.6
rather than Python 2.7
- ENH: The `welcome.html` page has been updated to provide more metadata
and be more HTML-standards compliant
- FIX: the `pypi-server -U` command no longer fails when run inside the
Docker container
- FIX: The `remove_pkg` API action now removes any extant instances of a
package name-version combination, not just the first one found. This means
that now, for example, if a `.whl` and `.tar.gz` file exist for the
requested package name and version, both will be removed
- FIX: include missing `simple/` path on a URL in the example pip commands
on the `welcome.html` page
- DOC: more consistent and accurate documentation for pip commands provided
on the `welcome.html` page
- DOC: fixes to the README to make it easier for people to use pypiserver
behind an apache webserver
Provided by Matthias Petermann in PR 54857.
Additionally, remove ssl option per 1.9.0 changelog.
rdesktop (1.9.0)
* Use GnuTLS and nettle instead of OpenSSL
* Improved certificate handling
* Add support for dynamic resize of sessions
* Add support for alpha cursors
* Add PulseAudio support
* Add Kerberos support on macOS
* Kerberos support no longer requires libgssglue
* Remove support for rdesktop's custom microphone extension
* Several fixes to improve compatibility with modern desktops
* macOS compatibility fixes
* Improved handling of redirections
* Many smart card bug fixes
* Many disk redirection bug fixes
* Improved logging
* Lots of other small bug fixes
-- Pierre Ossman <ossman@cendio.se> 2019-09-18
rdesktop (1.8.6)
* Fix protocol code handling new licenses
-- Pierre Ossman <ossman@cendio.se> 2019-05-16
rdesktop (1.8.5)
* Add bounds checking to protocol handling in order to fix many
security problems when communicating with a malicious server.
-- Pierre Ossman <ossman@cendio.se> 2019-05-08
1.2.2
=====
- Fix macOS dylib versioning
- Update the required glib version to 2.54
- Fix setting the multicast sending interface
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gssdp/issues/4
2.62.3 - January 3, 2019
========================
- Fix leak of base iostream (or base datagram socket), 2.62 regression
- Fix duplicate notifies of peer-certificate and peer-certificate-errors
- Fix obscure corner case where SNI might not work
