Introduction
BIND 9.8.0-P4 is security patch for BIND 9.8.0.
Please see the CHANGES file in the source code release for a complete
list of all changes.
--- 9.8.0-P4 released ---
3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]
--- 9.8.0-P3 released (withdrawn) ---
3126. [security] Using DNAME record to generate replacements caused
RPZ to exit with a assertion failure. [RT #23766]
3125. [security] Using wildcard CNAME records as a replacement with
RPZ caused named to exit with a assertion failure.
[RT #24715]
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
3115. [bug] Named could fail to return requested data when
following a CNAME that points into the same zone.
[RT #2445]
---
Release messages:
The RabbitMQ team is pleased to announce the release of RabbitMQ 2.1.1.
This release fixes a number of bugs and introduces some enhancements,
including exchange to exchange bindings and some performance improvements,
in the server and clients.
The RabbitMQ team is pleased to announce the release of RabbitMQ 2.2.0.
This release fixes a number of bugs and introduces some enhancements,
including automatic upgrades of non-clustered brokers, per-queue message
TTLs and significantly reduced memory usage for pending acknowledgements.
Perfectly timed one day before the start of the year of the Rabbit,
the RabbitMQ team is pleased to announce the release of RabbitMQ 2.3.0.
This release fixes a number of bugs and introduces some enhancements,
including streaming publish confirmations, new plugin mechanisms for
authentication and authorisation, and a great deal more.
The RabbitMQ team is pleased to announce the release of RabbitMQ 2.3.1.
This release fixes a small number of bugs, in particular one serious bug
in 2.3.0 which could lead to queue processes crashing.
The RabbitMQ team is delighted to announce the release of RabbitMQ 2.4.0.
This release fixes a number of bugs and introduces some enhancements,
including fast routing for topic exchanges, sender-selected distribution
and server-side consumer cancellation notifications.
The RabbitMQ team is delighted to announce the release of RabbitMQ 2.4.1.
This release fixes a number of bugs, in particular one bug in 2.4.0 that
would break upgrades if durable queues were present. A notable enhancement
included in this release are cluster upgrades.
The RabbitMQ team is delighted to announce the release of RabbitMQ 2.5.0.
This release fixes a number of bugs. In particular:
recovery has been simplified, improving startup times when many exchanges
or bindings exist
bindings are recovered between durable queues and non-durable exchanges
on restart of individual cluster nodes
better performance under high load and memory pressure
source compatibility with the new Erlang R14B03 release
New features include:
tracing facility for debugging incoming and outgoing messages, (see firehose)
improved inbound network performance
improved routing performance
new rabbitmqctl commands ('report', 'environment', and 'cluster_status')
The RabbitMQ team is pleased to announce the release of RabbitMQ 2.5.1.
This release correctly upgrades from RabbitMQ 2.1.1 and 2.2.0.
There are no other changes compared with 2.5.0.
Asterisk Project Security Advisory - AST-2011-011
+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Possible enumeration of SIP users due to |
| | differing authentication responses |
|--------------------+---------------------------------------------------|
| Nature of Advisory | Unauthorized data disclosure |
|--------------------+---------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|--------------------+---------------------------------------------------|
| Severity | Moderate |
|--------------------+---------------------------------------------------|
| Exploits Known | No |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2011-2536 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | Asterisk may respond differently to SIP requests from an |
| | invalid SIP user than it does to a user configured on |
| | the system, even when the alwaysauthreject option is set |
| | in the configuration. This can leak information about |
| | what SIP users are valid on the Asterisk system. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Respond to SIP requests from invalid and valid SIP users |
| | in the same way. Asterisk 1.4 and 1.6.2 do not respond |
| | identically by default due to backward-compatibility |
| | reasons, and must have alwaysauthreject=yes set in |
| | sip.conf. Asterisk 1.8 defaults to alwaysauthreject=yes. |
| | |
| | IT IS ABSOLUTELY IMPERATIVE that users of Asterisk 1.4 |
| | and 1.6.2 set alwaysauthreject=yes in the general section |
| | of sip.conf. |
+------------------------------------------------------------------------+
Please note that Asterisk 1.6.2.19 is the final maintenance release
from the 1.6.2 branch. Support for security related issues will
continue until April 21, 2012. For more information about support
of the various Asterisk branches, see
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
The release of Asterisk 1.6.2.19 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* Don't broadcast FullyBooted to every AMI connection
The FullyBooted event should not be sent to every AMI connection
every time someone connects via AMI. It should only be sent to
the user who just connected.
(Closes issue #18168. Reported, patched by FeyFre)
* Fix thread blocking issue in the sip TCP/TLS implementation.
(Closes issue #18497. Reported by vois. Tested by vois, rossbeer, kowalma,
Freddi_Fonet. Patched by dvossel)
* Don't delay DTMF in core bridge while listening for DTMF features.
(Closes issue #15642, #16625. Reported by jasonshugart, sharvanek. Tested by
globalnetinc, jde. Patched by oej, twilson)
* Fix chan_local crashs in local_fixup()
Thanks OEJ for tracking down the issue and submitting the patch.
(Closes issue #19053. Reported, patched by oej)
* Don't offer video to directmedia callee unless caller offered it as well
(Closes issue #19195. Reported, patched by one47)
Additionally security announcements AST-2011-008, AST-2011-010, and
AST-2011-011 have been resolved in this release.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.19
It does not support python27 and python31, but basically pkgsrc pass python
path as PYTHON configure environment variable, so no need to add python
variants here.
* Pass mozilla-rootcerts path as default CA certifcates file path to configure
script like other packeges, or failed to configure if default expected
files does not exist.
* On more care for in-tree *.pc file, or fail to configure.
configure script add in-tree path to PKG_CONFIG, but pkgsrc pkg-config wrapper
will overwrite and hide it.
* Set LICENSE as "gnu-lgpl-v2.1 AND mit" from COPYING file.
