CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
created
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
pkgsrc also includes patches from the Xen Security Advisory:
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
of software interrupts
D-Bus 1.8.8 (2014-09-16)
==
The "smashy smashy egg man" release.
Security fixes:
* Do not accept an extra fd in the padding of a cmsg message, which
could lead to a 4-byte heap buffer overrun.
(CVE-2014-3635, fd.o #83622; Simon McVittie)
* Reduce default for maximum Unix file descriptors passed per message
from 1024 to 16, preventing a uid with the default maximum number of
connections from exhausting the system bus' file descriptors under
Linux's default rlimit. Distributors or system administrators with a
more restrictive fd limit may wish to reduce these limits further.
Additionally, on Linux this prevents a second denial of service
in which the dbus-daemon can be made to exceed the maximum number
of fds per sendmsg() and disconnect the process that would have
received them.
(CVE-2014-3636, fd.o #82820; Alban Crequy)
* Disconnect connections that still have a fd pending unmarshalling after
a new configurable limit, pending_fd_timeout (defaulting to 150 seconds),
removing the possibility of creating an abusive connection that cannot be
disconnected by setting up a circular reference to a connection's
file descriptor.
(CVE-2014-3637, fd.o #80559; Alban Crequy)
* Reduce default for maximum pending replies per connection from 8192 to 128,
mitigating an algorithmic complexity denial-of-service attack
(CVE-2014-3638, fd.o #81053; Alban Crequy)
* Reduce default for authentication timeout on the system bus from
30 seconds to 5 seconds, avoiding denial of service by using up
all unauthenticated connection slots; and when all unauthenticated
connection slots are used up, make new connection attempts block
instead of disconnecting them.
(CVE-2014-3639, fd.o #80919; Alban Crequy)
Other fixes:
* Check for libsystemd from systemd >= 209, falling back to
the older separate libraries if not found (Umut Tezduyar Lindskog,
Simon McVittie)
* On Linux, use prctl() to disable core dumps from a test executable
that deliberately raises SIGSEGV to test dbus-daemon's handling
of that condition (fd.o #83772, Simon McVittie)
* Fix compilation with --enable-stats (fd.o #81043, Gentoo #507232;
Alban Crequy)
* Improve documentation for running tests on Windows (fd.o #41252,
Ralf Habacker)
packaged for wip.
The functions for creating temporary files and directories in the base
library are quite limited. The unixutils package contains some good ones,
but they aren't portable to Windows. This library just repackages the Cabal
implementations of its own temporary file and folder functions so that you
can use them without linking against Cabal or depending on it being
installed.
rather than trying to consolidate into a single fnmatch. There aren't that
many of them, and it will aid the integration of cwrappers which doesn't
support globs.
Direvent is a directory content watcher daemon, i.e. a program that
monitors a set of directories on the file system and reacts when
their content changes. When a change is detected, the daemon reacts by
invoking an external command configured for that kind of change.
The program aims to provide a uniform and system-independent
command-level interface for file system events.
This release doesn't include anything as significant as the metadata
support added in 0.25, but it has quite a few bug fixes and internal
improvements, in addition to these notable changes:
- When --meta is specified to the fuse command, instead of generic
data, the originally saved mode, uid, git, atime, mtime, and ctime
will be reported for the archive paths.
- When --browser is specified to the web command, a browser window
will be opened for the repository.
- The -x/--xdev/--one-filesystem options now include the mountpoint
itself in the traversal (matching rsyc, tar, etc.).
- Empty lines in --exclude-rx-from files will be ignored.
Previously they would cause all paths to be excluded.
- The index and restore commands now support --exclude-rx-from.
- Relative filesystem --excludes like "--exclude bar" should now
work. Previously --excludes had to be absolute.
- The drecurse command now supports --exclude-rx and
--exclude-rx-from.
- The --compress option should now work for remote repositories.
- Streams saved via "bup split" will now show up as a single file
named "data" at the top level of the VFS, instead of as a subtree
(i.e. when examined via ftp, ls, and fuse).
- The ls command now supports -n, -A, -F, --file-type,
--numeric-ids, and detailed -l options.
- The save dates are now taken from the corresponding git commit's
author date, not the committer date.
- The tornado server, required by the web command, is no longer
included. See the README for installation instructions.
Note that the metadata support is still somewhat immature. For
example, we still need to add better support for cross-filesystem-type
save/restore (which is too noisy), etc.
Please give this release a try and let us know what's broken. If
you're new to bup, start with the README (and then HACKING if you'd
like to help further):
https://github.com/bup/bup/blob/master/README.mdhttps://github.com/bup/bup/blob/master/HACKINGhttp://anonscm.debian.org/gitweb/?p=users/rlb/bup.git;a=blob;f=README.md;hb=refs/heads/masterhttp://anonscm.debian.org/gitweb/?p=users/rlb/bup.git;a=blob;f=HACKING;hb=refs/heads/master
And although I probably sound like a broken record -- while we expect
bup to work fairly well, I still don't recommend it as your sole
backup strategy. I'd still suggest a periodic
tar/rsync/etc. backstop.
Rsyslog is an enhanced syslogd supporting, among others, MySQL,
PostgreSQL, failover log destinations, syslog/tcp, fine grain
output format control, high precision timestamps, queued operations
and the ability to filter on any message part. It is quite
compatible to stock sysklogd and can be used as a drop-in
replacement.
liblognorm shall help to make sense out of syslog data, or, actually,
any event data that is present in text form.
In short words, one will be able to throw arbitrary log message to
liblognorm, one at a time, and for each message it will output
well-defined name-value pairs and a set of tags describing the message.
ZnapZend is a ZFS centric backup tool. It relies on snapshot, send
and receive todo its work. It has the built-in ability to to manage
both local snapshots as well as remote copies by thining them out
as time progresses.
The ZnapZend configuration is stored as properties in the
ZFS filesystem itself.
The bug prevents mkisofs from creating old-style distrib/cdrom ISO
image for macppc. Trying to create bootable macppc CD in distrib/cdrom
using cdrtools mkisofs fails with:
mkisofs: No such file or directory. Invalid node - '--macbin'.
The bug is in option spec that causes mkisofs to misparse
-hide-hfs-list option. The patch is actually a single whitespace
character.
Bump PKGREVISION.
==============
Version 0.4.4
==============
* systemd fixes (Lennart Poettering)
==============
Version 0.4.3
==============
* Revert VT_WAITEVENT usage, since it is racy (Lennart Poettering)
* systemd fixes (Lennart Poettering)
==============
Version 0.4.2
==============
* Ensure we only care for seat files ending in .seat (William Jon McCann)
* Various Solaris improvements (Halton Huo)
* Make build silent (Ray Strode)
* Don't take bus name until ready (Ray Strode)
* systemd hookup (Lennart Poettering)
* add --since option to ck-history (William Jon McCann)
* Reduce number of threads on Linux (Kan-Ru Chen)
* Other fixes (Anders Kaseor, Frederic Crozat, Matthias Clasen, Michael Biebl, William Jon McCann)
==============
Version 0.4.1
==============
* Fix a crasher (William Jon McCann)
* fix a small memory leak (Matthias Clasen)
* update email address (William Jon McCann)
==============
Version 0.4.0
==============
* Starting with this release we will not do session.d/ 'session_active_changed' callouts anymore. (Lennart Poettering)
* get rid of session.d's session_active_changed callout (Lennart Poettering)
* close file descriptors before exit func (Halton Huo)
* log the kernel release and boot arguments at start time (William Jon McCann)
* show display in host field if the host isn't set (William Jon McCann)
* print the uptime for the reboot items in the report (William Jon McCann)
* fix logic for finding session remove events (William Jon McCann)
* fix a few small leaks (William Jon McCann)
* Add seat.d/ callout directory and guarantee we dump the database before call
* database: write the console database to disk before signalling via dbus (Len
* Enforce that the env array has the right size (Lennart Poettering)
* when printing size_t use %z format string (Lennart Poettering)
* make CK database world readable (Lennart Poettering)
* get rid of ck_seat_set_active_session() prototype since no such function exi
* Move ck_session_run_programs() from ck-run-programs.h to ck-session.h (Lenna
* post release version bump (Ray Strode)
==============
Version 0.3.1
==============
* port to PolicyKit 1.0 (Matthias Clasen)
* D-Bus policy updates (Colin Walters, Martin Pitt, Vincent Untz, William Jon McCann)
* better diagnostic information for unimplemented backends (Daniel Macks)
* file monitoring fixes (James Westby)
* get VT from X display if no controlling tty is available (Ray Strode)
* add "nox11" option to PAM module (Martin Pitt)
* parse log entries with no body correctly (William Jon McCann)
* fix zero-sized struct/unions (William Jon McCann)
* solaris build fixes (Halton Huo)
* parse gecos field for real name (William Jon McCann)
* leak fixes (James Westby, Steve Langasek)
* compile warning fixes (Matthias Clasen)
* fix doc xml validation errors (William Jon McCann)
* fix doc generation when srcdir != builddir (Ray Strode)
* add example upstart events for logging (William Jon McCann, Ray Strode)
* fix ChangeLog generation script to work with git-log moved to libexecdir (Ray Strode)
and myself.
In responce to a post on perlmonks.org, a module for counting the number of
CPU's on a system. Support has now also been added for type of CPU and clock
speed. While much of the code is from UNIX::Processors, win32 support has been
added (but not tested).
Upstream changes:
-----------------
[Bug] #1167: Add Jinja to test_requires in setup.py for the couple of newish tests that now require it. Thanks to Kubilay Kocak for the catch.
[Bug] #600: Clear out connection caches in full when prepping parallel-execution subprocesses. This avoids corner cases causing hangs/freezes due to client/socket reuse. Thanks to Ruslan Lutsenko for the initial report and Romain Chossart for the suggested fix.
[Bug] #1026: Fix a typo preventing quiet operation of is_link. Caught by @dongweiming.
[Bug] #1059: Update IPv6 support to work with link-local address formats. Fix courtesy of @obormot.
[Bug] #1096: Encode Unicode text appropriately for its target stream object to avoid issues on non-ASCII systems. Thanks to Toru Uetani for the original patch.
[Bug] #852: Fix to respect template_dir for non Jinja2 templates in upload_template. Thanks to Adam Kowalski for the patch and Alex Plugaru for the initial test case.
[Bug] #1134: Skip bad hosts when the tasks are executed in parallel. Thanks to Igor Maravić @i-maravic.
[Bug] #1146: Fix a bug where upload_template failed to honor lcd when mirror_local_mode is True. Thanks to Laszlo Marai for catch & patch.
[Bug] #1147: Use stat instead of lstat when testing directory-ness in the SFTP module. This allows recursive downloads to avoid recursing into symlinks unexpectedly. Thanks to Igor Kalnitsky for the patch.
[Bug] #1165: Prevent infinite loop condition when a gateway host is enabled & the same host is in the regular target host list. Thanks to @CzBiX for catch & patch.
Watchman exists to watch files and record when they actually change.
It can also trigger actions (such as rebuilding assets) when matching
files change.
System Stability Tester tries to test the system's stability by
calculating up to 128 millions of Pi digits. It supports multiple
calculation algorithms. For the moment only two have been implemented.
The Quadratic Convergence of Borwein and Gauss-Legendre, the
algorithm SuperPi uses. The testing process includes the creation
of two or more threads. After each step of the calculation, the
results of all the threads are compared. Any differences between
them are reported. There is also the option for single threaded
calculation, but in this case there is no stability check. This is
useful for benchmarking purposes only. The calculation of Pi itself
is multi threaded since version 0.7.2, for the Borwein algorithm
only.
Add options:
xen (optional) enable management of XEN virtual domains
(requires xentools42.)
libssh2 enable remote management over ssh2 (default)
lvm (optional) allow management of LVM based storage
(only works on Linux, as it looks for pvcreate/etc)
hal (optional) support for hal
dbus (optional) support for dbus
avahi (optional) support for avahi
Changelog:
1.2.6: Jul 2 2014
Features:
libxl: add migration support and fixes (Jim Fehlig),
various improvements and fixes for NUMA (Michal Privoznik)
Documentation:
security: manager: Document behavior of disk label manipulation
funcs (Peter Krempa),
fix some typos in formatdomain.html (Jincheng Miao),
virsh: man: Correctly spell QEMU (Peter Krempa),
virsh: man: Fix examples and docs for virsh version (Peter Krempa),
Added example script on how to convert LXC container config
(Cédric Bosdonnat),
blockjob: document recent job addition (Eric Blake),
virsh: Add details about specified migration host (Chen Fan),
blockcommit: document semantics of committing active layer (Eric
Blake),
fix a typo in hacking.html.in (Wangrui (K)),
formatcaps: Rework and add stubs to document (Michal Privoznik)
Portability:
build: link libvirt_conf with libxml (Martin Kletzander),
vbox: fix linker error (Jim Fehlig),
libxl: don't break the build on Xen>=4.5 because of
libxl_vcpu_setaffinity() (Dario Faggioli),
Add PKG_CONFIG_PATH to run.in script. (Daniel P. Berrange),
Change 'interface' to 'iface' in virNetworkDHCPLease (Daniel P. Berrange),
Fix shadowed variable with older gcc (Ján Tomko),
Add pkg-config files to allow deps to build against source tree
(Daniel P. Berrange),
Add pkg-config files for libvirt-qemu & libvirt-lxc (Daniel P. Berrange),
blockjob: avoid compiler uncertainty in info sizing (Eric Blake),
build: prefer -fstack-protector-strong to -all (Ján Tomko),
build: remove ssp-buffer-size (Ján Tomko),
build: remove duplicit warning suppression (Ján Tomko),
virnetdev: Use ifname in virNetDevGetLinkInfo (Michal Privoznik),
Fix virbitmaptest on 32-bit (Ján Tomko),
translations: Don't leave default template fields in .po files
(Martin Kletzander),
tests: Build virstoragetest only when storage driver is compiled too
(Peter Krempa),
Fix build on freebsd (Pavel Hrdina)
Bug Fixes:
qemu: copy: Accept 'format' parameter when copying to a non-existing img
(Peter Krempa),
storage: gluster: Fix header reader function (Peter Krempa),
conf: storage: Add volume feature formatter for gluster pools (Peter
Krempa),
vboxsnapshotxmltest: Don't write to a file in abs_srcdir (Michal
Privoznik),
securityselinuxlabeltest: Don't create dummy file in the srcdir (Michal
Privoznik),
Report one error less when getting net dev speed (Ján Tomko),
Only detect PCI Express devices as root in udev nodedev driver (Ján
Tomko),
libxl: add PV console if not explicitly specified (Jim Fehlig),
qemu: snapshot: Save persistent domain config when taking external
snapshot (Peter Krempa),
bhyve: fix build by fixing typo in variable name (Roman Bogorodskiy),
docs: publish correct enum values (Eric Blake),
qemu: fix guestfwd chardev option back how it was (Martin Kletzander),
Fix typo s/SASL_CONF_DIR/SASL_CONF_PATH/ in QEMU VNC code (Daniel P.
Berrange),
qemu: blockcopy: Don't remove existing disk mirror info (Peter Krempa),
bridge: leases: Fix potential crash caused by use after free (Peter
Krempa),
Free DHCP leases file in networkGetDHCPLeasesHelper (Ján Tomko),
Rework remoteSerializeDHCPLease (Ján Tomko),
Free file header in virStorageFileGetMetadataRecurse (Ján Tomko),
graphics: remember graphics not auto allocated ports (Giuseppe
Scrivano),
LXC: trivially support flag VIR_DRV_FEATURE_TYPED_PARAM_STRING (Chen
Hanxiao),
cmdFreepages: initialize @tmp (Michal Privoznik),
Fix closedir usage in virNumaGetPages (Roman Bogorodskiy),
Don't include @LIBS@ in libvirt.pc.in file (Daniel P. Berrange),
virnuma: Actually build huge page code (Michal Privoznik),
Do not call closedir with NULL argument (Ján Tomko),
Fix invalid write in virNumaGetDistances (Ján Tomko),
Properly check the return value of CCWAddressAsString (Ján Tomko),
virsh: fix broken code in freepages (Eric Blake),
Fix xmconfigtest (Jim Fehlig),
vbox_snapshot_conf: fix wrong use of 'xmlSaveFormatFileEnc' (Pavel
Hrdina),
tests: fix vbox snapshot xmls (Pavel Hrdina),
vbox: fix a segfault when taking a snapshot (Yohan BELLEGUIC),
vbox: snapshot: Avoid memleaks in functions dealing with disk arrays
(Peter Krempa),
vbox: snapshot: Avoid memleak in virVBoxSnapshotConfAllChildren (Peter
Krempa),
uuid: Fix coverity warning of unchecked return value (Peter Krempa),
network: bridge: Avoid freeing uninitialized pointer on cleanup path
(Peter Krempa),
net: leaseshelper: Refactor copying of old entries to avoid double free
(Peter Krempa),
net: leaseshelper: Ignore corrupted lease file and rewrite it (Peter
Krempa),
net: leaseshelper: Don't crash if DNSMASQ doesn't provide lease expiry
(Peter Krempa),
blockjob: don't remove older-style mirror XML (Eric Blake),
blockcommit: require base below top (Eric Blake),
leaseshelper: fix another crash (Pavel Hrdina),
bhyve: do not cleanup unallocated networks on fail (Roman Bogorodskiy),
bhyve: fix crash in bhyveBuildNetArgStr (Roman Bogorodskiy),
storage: report VIR_ERR_NO_STORAGE_VOL when the file doesn't exist
(Giuseppe Scrivano),
blockcommit: fix regression with explicit top argument (Eric Blake),
virsh: forbid negative vcpu argument to vcpupin (Jincheng Miao),
Fix crash when saving a domain with type none dac label (Ján Tomko),
vbox_snapshot_conf: Resolve Coverity warnings (John Ferlan),
vbox_temp: Resolve Coverity warnings (John Ferlan),
libxl: Resolve Coverity warnings (John Ferlan),
leaseshelper: fix crash (Pavel Hrdina),
qemu: Properly label FDs when restoring domain with static label
(Shivaprasad G Bhat),
nodeinfo: avoid uninitialized variable on error (Eric Blake),
storage: fix memory leak with encrypted images (Eric Blake),
vbox: fix compilation error (Roman Bogorodskiy),
SELinux: don't fail silently when no label is present (Ján Tomko),
parallels: Avoid possible leak of "cpu" from parallelsBuildCapabilities
(Peter Krempa),
Fix storage format probing (Ján Tomko),
network: bridge: Avoid memory leak from
networkBuildDhcpDaemonCommandLine (Peter Krempa),
qemu: monitor: Fix type of holdtime argument in qemuMonitorJSONSendKey
(Peter Krempa),
libxl: Avoid possible use of uninitialized mem in libxlDomainStart
(Daniel P. Berrange),
qemu: Remove character device backend only after frontend is gone (Jiri
Denemark),
qemu: Remove disk backend only after frontend is gone (Jiri Denemark),
qemu: Remove interface backend only after frontend is gone (Jiri
Denemark),
Don't use AI_ADDRCONFIG when binding to wildcard addresses (Ján
Tomko),
qemu: Unref cfg when detaching hostdev interface (Jiri Denemark),
virsh: Check whether found volume is member of the specified storage
pool (Peter Krempa)
Improvements:
Introduce virFileReadAllQuiet (Ján Tomko),
Track privileged state in udev nodedev driver (Ján Tomko),
build: fix 'make syntax-check' after commit c6cf5df3 (Jim Fehlig),
LXC: throw an error if we failed to get Idmap elements (Chen Hanxiao),
cpu: Add new Broadwell CPU model (Jiri Denemark),
net: merge virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC
(Peter Krempa),
Add test for type none model dac seclabel (Ján Tomko),
test: add user_xattr check for securityselinuxlabeltest (Jincheng Miao),
libxl: detect support for save and restore (Jim Fehlig),
security: nop: Avoid very long lines (Peter Krempa),
security: Fix header formatting of a few functions (Peter Krempa),
security: manager: Unify function header format (Peter Krempa),
security: manager: Avoid forward decl of virSecurityManagerDispose
(Peter Krempa),
security: Rename virSecurityManagerRestoreImageLabel to *Disk* (Peter
Krempa),
util:
s/virStorageSourceClearBackingStore/virStorageSourceBackingStoreClear
(Peter Krempa),
Fix a typo in a localized string (Daniel Veillard),
virConnectCompareCPU: Introduce FAIL_INCOMPATIBLE flag (Jiri Denemark),
cpuCompare*: Add support for reporting failure on incompatible CPUs
(Jiri Denemark),
cpu: Cleanup coding style in generic CPU driver (Jiri Denemark),
virsh: Remove bogus stat on log file (Jiri Denemark),
enhance hostdev mode 'capabilities' process (Jincheng Miao),
storage: Don't store parent directory of an image explicitly (Peter
Krempa),
storage: Don't canonicalize paths unnecessarily (Peter Krempa),
tests: virstoragetest: Remove unneeded relative test plumbing (Peter
Krempa),
tests: virstoragetest: Don't test relative start of backing chains
(Peter Krempa),
util: storage: Remove now redundant backingRelative from
virStorageSource (Peter Krempa),
tests: virstoragetest: Remove now unused pathAbs (Peter Krempa),
storage: Store relative path only for relatively backed storage (Peter
Krempa),
tests: virstoragetest: Remove "expBackingStore" field (Peter Krempa),
util: storage: Add helper to resolve relative path difference (Peter
Krempa),
LXC: check whether we get MemSwap[Total|Usage] (Chen Hanxiao),
qemu: enum cleanups in "src/qemu/*" (Julio Faracco),
libxl: fix version annotation of migration functions (Jim Fehlig),
virtportallocator: new function "virPortAllocatorSetUsed" (Giuseppe
Scrivano),
net-dhcp-leases: Add virsh support (Nehal J Wani),
net-dhcp-leases: Private implementation inside network (Nehal J Wani),
net-dhcp-leases: Implement the remote protocol (Nehal J Wani),
net-dhcp-leases: Implement the public APIs (Nehal J Wani),
virNumaGetPages: Don't fail on huge page-less systems (Michal
Privoznik),
virNumaGetPageInfo: Take huge pages into account (Michal Privoznik),
storage: gluster: Avoid name shadow on older compilers (Peter Krempa),
storage: gluster: Add backend to return unique storage file path (Peter
Krempa),
Increase the size of REMOTE_MIGRATE_COOKIE_MAX to REMOTE_STRING_MAX
(Shivaprasad G Bhat),
nodedev: Introduce <pci-express/> to PCI devices (Michal Privoznik),
virpci: Introduce virPCIDeviceIsPCIExpress and friends (Michal
Privoznik),
storage: better tests of lookup (Eric Blake),
storage: renumber lookup tests (Eric Blake),
storage: add alias for less typing (Eric Blake),
qemu: snapshot: Don't mark all block disks for metadata reuse (Peter
Krempa),
bhyve: silent destroy command errors on cleanup (Roman Bogorodskiy),
bhyve: implement PCI address allocation (Roman Bogorodskiy),
virNetDevGetLinkInfo: Don't report link speed if NIC's not up
(Michal Privoznik),
tests: virstoragetest: Fix output when hitting errors (Peter
Krempa),
blockcommit: update error messages related to block jobs (Eric
Blake),
virsh: improve blockcopy UI (Eric Blake),
virNodeDevCapPCIDevParseXML: Initialize numa_node variable (Michal
Privoznik),
virsh: Reject negative numbers in vshCommandOptULongLong (Peter
Krempa),
virsh: Reject negative numbers in vshCommandOptUL (Peter Krempa),
virsh: Reject negative numbers in vshCommandOptUInt (Peter Krempa),
security: Don't skip labelling for network disks (Peter Krempa),
storage: volume: Rework lookup of volume objects (Peter Krempa),
storage: Clean up unlocking of storage pool objects (Peter Krempa),
storage: pool: Fix handling of errors on pool lookup failure (Peter
Krempa),
virsh: include bhyve in virsh -V output (Roman Bogorodskiy),
maint: exempt graphic binaries from syntax check (Eric Blake),
vmware: make version parsing more robust (Jean-Baptiste Rouault),
node_device: Expose link state & speed (Michal Privoznik),
interface_backend_udev: Implement link speed & state (Michal
Privoznik),
virnetdev: Introduce virNetDevGetLinkInfo (Michal Privoznik),
virInterface: Expose link state & speed (Michal Privoznik),
vbox_tmpl.c: Add function for undefining snapshot (Yohan BELLEGUIC),
vbox_tmpl.c: Patch for redefining snapshots (Yohan BELLEGUIC),
Add vbox_snapshot_conf struct (Yohan BELLEGUIC),
vbox_tmpl.c: Better XML description for snapshots (Manuel VIVES),
qemu: ignore -nodefconfig and -nodefaults when parsing commandline
(Laine Stump),
test: display qemuParseCommandline warnings when VIR_TEST_DEBUG > 0
(Laine Stump),
m4: bhyve: Fix check for the required bhyve programs (Peter Krempa),
vmx: Relax virtualHW.version check (Matthias Bolte),
conf: alter disk mirror xml output (Eric Blake),
conf: store mirroring information in virStorageSource (Eric Blake),
conf: store disk source as pointer, for easier manipulation (Eric
Blake),
conf: consolidate disk def allocation (Eric Blake),
conf: store snapshot source as pointer, for easier manipulation
(Eric Blake),
nodedev: Export NUMA node locality for PCI devices (Michal
Privoznik),
Implement pretty flag for vcpuinfo and nodecpumap (Ján Tomko),
Introduce virBitmapDataToString (Ján Tomko),
Always report an error if virBitmapFormat fails (Ján Tomko),
Format NULL bitmap as an empty string (Ján Tomko),
virsh: Separate API calls and result printing in cmdVcpuinfo (Ján
Tomko),
virsh: Invert logic in cmdVcpuinfo (Ján Tomko),
Parallels: Include CPU info in the capabilities XML (Alexander
Burluka),
Parallels: add connectBaselineCPU() (Alexander Burluka),
Parallels: add domainGetVcpus() (Alexander Burluka),
maint: prohibit empty first lines (Martin Kletzander),
Remove unnecessary empty first lines (Martin Kletzander),
Simplify conditions in virStorageBackendProbeTarget (Ján Tomko),
Don't reuse 'ret' variable in virStorageBackendProbeTarget (Ján
Tomko),
vircaps2xmltest: Introduce basic testing (Michal Privoznik),
libxl: introduce libxlDomainDefCheckABIStability (Jim Fehlig),
maint: detect VPATH builds when checking for gnulib update (Eric
Blake),
maint: optimize locale.h syntax check (Eric Blake),
virnuma: Check for numa_bitmask_isbitset presence (Michal
Privoznik),
cfg.mk: Introduce rule for setlocale() (Michal Privoznik),
virnuma: Implement virNumaGetDistances stub for non-NUMA (Michal
Privoznik),
virCaps: Expose distance between host NUMA nodes (Michal Privoznik),
virnuma: Introduce virNumaGetDistances (Michal Privoznik),
tests: monitor: json: Fix error message when returning json in json
(Peter Krempa),
libxl: Move virDomainXMLOptionNew into libxlCreateXMLConf (Daniel P.
Berrange),
libxl: Don't pass libxlDriverPrivatePtr into libxlBuildDomainConfig
(Daniel P. Berrange),
libxl: Don't pass virDomainObjPtr to libxlBuildDomainConfig (Daniel
P. Berrange),
qemu: Return in from qemuDomainRemove*Device (Jiri Denemark),
tests: storagetest: Unify and reformat storage chain format string
(Peter Krempa),
qemu: json: Add format strings for optional command arguments (Peter
Krempa),
util: string: Return element count from virStringSplit (Peter
Krempa),
storage: Traverse backing chains of network disks (Peter Krempa),
storage: Change to new backing store parser (Peter Krempa),
storage: Add infrastructure to parse remote network backing names
(Peter Krempa),
storage: Switch metadata crawler to use storage driver file access
check (Peter Krempa),
storage: Switch metadata crawler to use storage driver to read
headers (Peter Krempa),
storage: Switch metadata crawler to use storage driver to get unique
path (Peter Krempa),
storage: backend: Add possibility to suppress errors from backend
lookup (Peter Krempa),
test: storage: Initialize storage source to correct type (Peter
Krempa),
storage: Determine the local storage type right away (Peter Krempa),
storage: Move virStorageFileGetMetadata to the storage driver (Peter
Krempa),
storage: Add API to check accessibility of storage volumes (Peter
Krempa),
storage: backend: Add unique id retrieval API (Peter Krempa),
xenapi_utils: Adapt to enum cleanups (Michal Privoznik),
virnuma.c: Fix some comments (Michal Privoznik),
conf: more enum cleanups in "src/conf/domain_conf.h" (Julio
Faracco),
conf: enum cleanups in "src/conf/domain_conf.h" (Julio Faracco),
cpu: use typedefs for enums in "src/cpu/cpu_map.h" (Julio Faracco),
virsh-nodedev: Avoid spurious errors (Michal Privoznik),
qemu: Process DEVICE_DELETED event in a separate thread (Jiri
Denemark),
qemu: Finish device removal in the original thread (Jiri Denemark),
Add helper program to create custom leases (Nehal J Wani)
Cleanups:
Remove redundant docs from libvirt.h (Jiri Denemark),
conf: whitespace tweak (Chen Fan)
* Bug fix: -boot_image grub grub2_mbr= did not work
(but -as mkisofs --grub2-mbr did work)
* Bug fix: -boot_image grub2_mbr= prevented -boot_image partition_table=on
* Bug fix: libburn: A final fsync(2) was performed with stdio drives,
even if -stdio_sync was set to "off".
* Bug fix: libburn: Wrong stack usage caused SIGBUS on sparc when compiled
by gcc -O2
* Bug fix: -blank force:all on DVD+RW had no effect
* Enabled use of libedit as alternative to libreadline
* Enabled recording and restoring of extattr on NetBSD
* New API calls isoburn_igopt_set_stdio_endsync() and
isoburn_igopt_get_stdio_endsync
* New bootspecs hppa_*, new -as mkisofs options -hppa-* for HP-PA via PALO
* New -find pseudo tests -use_pattern , -or_use_pattern
* New -find action report_sections
* New command -concat
* New commands -report_system_area and -report_el_torito
libisofs-1.3.8.tar.gz Sat Jun 28 2014
===============================================================================
* Bug fix: Prevent allocation of empty hash tables. Thanks Richard Nolde.
* Bug fix: Prevent allocation of empty directory children lists.
Thanks Richard Nolde.
* Bug fix: The GUIDs of main GPT and backup GPT differed if more than one
System Area was written into the ISO image.
* New API calls iso_image_report_el_torito() and iso_image_report_system_area()
* New API call iso_crc32_gpt()
libburn-1.3.8.tar.gz Sat Jun 28 2014
===============================================================================
* Bug fix: Wrong stack usage caused SIGBUS on sparc when compiled by gcc -O2
* Bug fix: Minimum drive buffer fill was measured by cdrskin before the buffer
could get full
* Bug fix: A failed MMC BLANK command did not cause error indication by libburn
* Bug fix: A final fsync(2) was performed with stdio drives, even if not
desired
* Fix CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487
Changelog:
2014-06-12 12:28 Christos Zoulas <christos@zoulas.com>
* release 5.19
2014-06-09 9:04 Christos Zoulas <christos@zoulas.com>
* Misc buffer overruns and missing buffer size tests in cdf parsing
(Francisco Alonso, Jan Kaluza)
2014-06-02 14:50 Christos Zoulas <christos@zoulas.com>
* Enforce limit of 8K on regex searches that have no limits
* Allow the l modifier for regex to mean line count. Default
to byte count. If line count is specified, assume a max
of 80 characters per line to limit the byte count.
* Don't allow conversions to be used for dates, allowing
the mask field to be used as an offset.
2014-05-30 12:51 Christos Zoulas <christos@zoulas.com>
* Make the range operator limit the length of the
regex search.
2014-05-14 19:23 Christos Zoulas <christos@zoulas.com>
* 347: Windows fixes
* 352: Hangul word processor recognition
* 354: Encoding irregularities in text files
2014-05-06 6:12 Christos Zoulas <christos@zoulas.com>
* Fix uninitialized title in CDF files (Jan Kaluza)
2014-05-04 14:55 Christos Zoulas <christos@zoulas.com>
* 351: Fix compilation of empty files
2014-04-30 17:39 Christos Zoulas <christos@zoulas.com>
* Fix integer formats: We don't specify 'l' or
'h' and 'hh' specifiers anymore, only 'll' for
quads and nothing for the rest. This is so that
magic writing is simpler.
2014-04-01 15:25 Christos Zoulas <christos@zoulas.com>
* 341: Jan Kaluza, fix memory leak
* 342: Jan Kaluza, fix out of bounds read
2014-03-28 15:25 Christos Zoulas <christos@zoulas.com>
* Fix issue with long formats not matching fmtcheck
D-Bus 1.8.6 (2014-06-02)
==
Security fixes:
• On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop
the message. This prevents an attack in which a malicious client can
make dbus-daemon disconnect a system service, which is a local
denial of service.
(fd.o #80163, CVE-2014-3532; Alban Crequy)
• Track remaining Unix file descriptors correctly when more than one
message in quick succession contains fds. This prevents another attack
in which a malicious client can make dbus-daemon disconnect a system
service.
(fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez,
Simon McVittie, Alban Crequy)
Other fixes:
• When dbus-launch --exit-with-session starts a dbus-daemon but then cannot
attach to a session, kill the dbus-daemon as intended
(fd.o #74698, Роман Донченко)
accordingly.
(Is there any reason there isn't there a RUBY_VERSIONS_INCOMPATIBLE
variable like we have for python and lua and in other similar
situations?)
MASTER_SITES and add pypi to them. Use PREFIX instead of LOCALBASE in one
SUBST_CLASS instead of two. ${PKGMANDIR}/man3 is no longer used. Comment
patches and delint. From CHANGELOG:
1.6.3
Corrects a regression where handlers were run across all hosts, not just those that triggered the handler.
Fixed a bug in which modules did not support properly moving a file atomically when su was in use.
Fixed two bugs related to symlinks with directories when using the file module.
Fixed a bug related to MySQL master replication syntax.
Corrects a regression in the order of variable merging done by the internal runner code.
Various other minor bug fixes.
1.6.2
If an improper locale is specified, core modules will now automatically revert to using the 'C' locale.
Modules using the fetch_url utility will now obey proxy environment variables.
The SSL validation step in fetch_url will likewise obey proxy settings, however only proxies using the http protocol are supported.
Fixed multiple bugs in docker module related to version changes upstream.
Fixed a bug in the ec2_group module where egress rules were lost when a VPC was specified.
Fixed two bugs in the synchronize module:
a trailing slash might be lost when calculating relative paths, resulting in an incorrect destination.
the sync might use the inventory directory incorrectly instead of the playbook or role directory.
Files will now only be chown'd on an atomic move if the src/dest uid/gid do not match.
1.6.1
Fixed a bug in group_by, where systems were being grouped incorrectly.
Fixed a bug where file descriptors may leak to a child process when using accelerate.
Fixed a bug in apt_repository triggered when python-apt not being installed/available.
Fixed a bug in the apache2_module module, where modules were not being disabled correctly.
1.6
Major features/changes:
The deprecated legacy variable templating system has been finally removed. Use {{ foo }} always not $foo or ${foo}.
Any data file can also be JSON. Use sparingly -- with great power comes great responsibility. Starting file with "{" or "[" denotes JSON.
Added 'gathering' param for ansible.cfg to change the default gather_facts policy.
Accelerate improvements:
multiple users can connect with different keys, when accelerate_multi_key = yes is specified in the ansible.cfg.
daemon lifetime is now based on the time from the last activity, not the time from the daemon's launch.
ansible-playbook now accepts --force-handlers to run handlers even if tasks result in failures.
Added VMWare support with the vsphere_guest module.
New Modules:
files: replace
packaging: cpanm (Perl)
packaging: portage
packaging: composer (PHP)
packaging: homebrew_tap (OS X)
packaging: homebrew_cask (OS X)
packaging: apt_rpm
packaging: layman
monitoring: logentries
monitoring: rollbar_deployment
monitoring: librato_annotation
notification: nexmo (SMS)
notification: twilio (SMS)
notification: slack (Slack.com)
notification: typetalk (Typetalk.in)
notification: sns (Amazon)
system: debconf
system: ufw
system: locale_gen
system: alternatives
system: capabilities
net_infrastructure: bigip_facts
net_infrastructure: dnssimple
net_infrastructure: lldp
web_infrastructure: apache2_module
cloud: digital_ocean_domain
cloud: digital_ocean_sshkey
cloud: rax_identity
cloud: rax_cbs (cloud block storage)
cloud: rax_cbs_attachments
cloud: ec2_asg (configure autoscaling groups)
cloud: ec2_scaling_policy
cloud: ec2_metric_alarm
cloud: vsphere_guest
Other notable changes:
example callback plugin added for hipchat
added example inventory plugin for vcenter/vsphere
added example inventory plugin for doing really trivial inventory from SSH config files
libvirt module now supports destroyed and paused as states
s3 module can specify metadata
security token additions to ec2 modules
setup module code moved into module_utils/, facts now accessible by other modules
synchronize module sets relative dirs based on inventory or role path
misc bugfixes and other parameters
the ec2_key module now has wait/wait_timeout parameters
added version_compare filter (see docs)
added ability for module documentation YAML to utilize shared module snippets for common args
apt module now accepts "deb" parameter to install local dpkg files
regex_replace filter plugin added
added an inventory script for Docker
added an inventory script for Abiquo
the get_url module now accepts url_username and url_password as parameters, so sites which require authentication no longer need to have them embedded in the url
... to be filled in from changelogs ...
1.5.5
Security fix for vault, to ensure the umask is set to a restrictive mode before creating/editing vault files.
Backported apt_repository security fixes relating to filename/mode upon sources list file creation.
1.5.4
Security fix for safe_eval, which further hardens the checking of the evaluation function.
Changing order of variable precendence for system facts, to ensure that inventory variables take precedence over any facts that may be set on a host.
1.5.3
Fix validate_certs and run_command errors from previous release
Fixes to the git module related to host key checking
1.5.2
Fix module errors in airbrake and apt from previous release
1.5.1
Force command action to not be executed by the shell unless specifically enabled.
Validate SSL certs accessed through urllib*.
Implement new default cipher class AES256 in ansible-vault.
Misc bug fixes.
1.5
Major features/changes:
when_foo which was previously deprecated is now removed, use "when:" instead. Code generates appropriate error suggestion.
include + with_items which was previously deprecated is now removed, ditto. Use with_nested / with_together, etc.
only_if, which is much older than when_foo and was deprecated, is similarly removed.
ssh connection plugin is now more efficient if you add 'pipelining=True' in ansible.cfg under [ssh_connection], see example.cfg
localhost/127.0.0.1 is not required to be in inventory if referenced, if not in inventory, it does not implicitly appear in the 'all' group.
git module has new parameters (accept_hostkey, key_file, ssh_opts) to ease the usage of git and ssh protocols.
when using accelerate mode, the daemon will now be restarted when specifying a different remote_user between plays.
added no_log: option for tasks. When used, no logging information will be sent to syslog during the module execution.
acl module now handles 'default' and allows for either shorthand entry or specific fields per entry section
play_hosts is a new magic variable to provide a list of hosts in scope for the current play.
ec2 module now accepts 'exact_count' and 'count_tag' as a way to enforce a running number of nodes by tags.
all ec2 modules that work with Eucalyptus also now support a 'validate_certs' option, which can be set to 'off' for installations using self-signed certs.
Start of new integration test infrastructure (WIP, more details TBD)
if repoquery is unavailble, the yum module will automatically attempt to install yum-utils
ansible-vault: a framework for encrypting your playbooks and variable files
added support for privilege escalation via 'su' into bin/ansible and bin/ansible-playbook and associated keywords 'su', 'su_user', 'su_pass' for tasks/plays
New modules:
cloud: ec2_elb_lb
cloud: ec2_key
cloud: ec2_snapshot
cloud: rax_dns
cloud: rax_dns_record
cloud: rax_files
cloud: rax_files_objects
cloud: rax_keypair
cloud: rax_queue
cloud: docker_image
messaging: rabbitmq_policy
system: at
utilities: assert
Other notable changes (many new module params & bugfixes may not not listed):
no_reboot is now defaulted to "no" in the ec2_ami module to ensure filesystem consistency in the resulting AMI.
sysctl module overhauled
authorized_key module overhauled
synchronized module now handles local transport better
apt_key module now ignores case on keys
zypper_repository now skips on check mode
file module now responds to force behavior when dealing with hardlinks
new lookup plugin 'csvfile'
fixes to allow hash_merge behavior to work with dynamic inventory
mysql module will use port argument on dump/import
subversion module now ignores locale to better intercept status messages
rax api_key argument is no longer logged
backwards/forwards compatibility for OpenStack modules, 'quantum' modules grok neutron renaming
hosts properly uniqueified if appearing in redundant groups
hostname module support added for ScientificLinux
ansible-pull can now show live stdout and pass verbosity levels to ansible-playbook
ec2 instances can now be stopped or started
additional volumes can be created when creating new ec2 instances
user module can move a home directory
significant enhancement and cleanup of rackspace modules
ansible_ssh_private_key_file can be templated
docker module updated to support docker-py 0.3.0
various other bug fixes
md5 logic improved during sudo operation
support for ed25519 keys in authorized_key module
ability to set directory permissions during a recursive copy (directory_mode parameter)
1.4.5
fixed issue with permissions being incorrect on fireball/accelerate keys when the umask setting was too loose.
1.4.4
fixed a minor issue with newer versions of pip dropping the "use-mirrors" parameter.
Upstream changes:
-----------------
1.9.0 2014-06-08
[Bug] #965: Tweak IO flushing behavior when in linewise
(& thus parallel) mode so interwoven output is less frequent.
Thanks to @akidata for catch & patch.
[Feature] #741: Add env.prompts dictionary, allowing users to set
up custom prompt responses (similar to the built-in sudo prompt
auto-responder.) Thanks to Nigel Owens and David Halter for the patch.
[Feature] #1082: Add pty passthrough kwarg to upload_template.
[Support]: Modified packaging data to reflect that Fabric requires
Paramiko < 1.13 (which dropped Python 2.5 support.)
[Support] #1105: Enhance setup.py to allow Paramiko 1.13+ under
Python 2.6+. Thanks to to @Arfrever for catch & patch.
[Support] #1106: Fix a misleading/ambiguous example snippet in the fab
usage docs to be clearer. Thanks to @zed.
[Feature] #1101: Reboot operation now supports custom command.
Thanks to Jonas Lejon.
[Feature] #938: Add an env var env.effective_roles specifying roles used
in the currently executing command. Thanks to Piotr Betkier for the patch.
[Feature] #1078: Add .command and .real_command attributes to local
return value.
Thanks to Alexander Teves (@alexanderteves) and Konrad Hałas (@konradhalas).
1.8.4 2014-06-08
[Support] #1105: Enhance setup.py to allow Paramiko 1.13+ under Python
2.6+. Thanks to to @Arfrever for catch & patch.
[Bug] #898: Treat paths that begin with tilde “~”
as absolute paths instead of relative.
Thanks to Alex Plugaru for the patch and Dan Craig for the suggestion.
1.8.3 2014-03-21
[Support]: Modified packaging data to reflect that Fabric requires
Paramiko < 1.13 (which dropped Python 2.5 support.)
D-Bus 1.8.4 (2014-06-10)
==
Security fix:
• Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service
flaw in dbus-daemon, part of the reference implementation of D-Bus.
Additionally, in highly unusual environments the same flaw could lead to
a side channel between processes that should not be able to communicate.
(CVE-2014-3477, fd.o #78979)
The change log runs to 850 lines, but a short summary includes a fix for
LSN-2014-0003: Don't expand entities when parsing XML (Daniel P. Berrange)
(which I think is also CVE-2014-0179), new features, bug fixes, and
portability improvements.
This makes the package more useful for users of binary packages, who
can then burn a bootable memtest CD, and only costs 1.8 MB without
adding any run-time dependencies. Source users get a dependency on
cdrtools, but that's likely already installed, and the option can
easily be turned off in that case (unlike binary package users, who
can't change options).
Chef is a configuration management tool. It uses a pure-Ruby,
domain-specific language (DSL) for writing system configuration
"recipes". Chef is used to streamline the task of configuring and
maintaining a company's servers, and can integrate with cloud-based
platforms such as Rackspace, Amazon EC2, and Microsoft Azure to
automatically provision and configure new machines.
Chef Zero is a simple, easy-install, in-memory Chef server that can be
useful for Chef Client testing and chef-solo-like tasks that require a
full Chef Server. It IS intended to be simple, Chef 11 compliant, easy
to run and fast to start. It is NOT intended to be secure, scalable,
performant or persistent. It does NO input validation, authentication
or authorization (it will not throw a 400, 401 or 403). It does not
save data, and will start up empty each time you start it.
Because Chef Zero runs in memory, it's super fast and lightweight.
This makes it perfect for testing against a "real" Chef Server without
mocking the entire Internet.
This module uses ctypes to access the libmagic file type identification
library. It makes use of the local magic database and supports both textual and
MIME-type output.
The function of disk-filltest is simple:
* Write files random-######## to the current directory until the disk is full
* Read the files again and verify the pseudo-random sequence written
* Any write or read error will be reported, either by the operating
system or by checking the pseudo-random sequence
* Optionally, delete the random files after a successful run
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
Changes from previous:
2013-11-10 Martin Mares <mj@ucw.cz>
* Released as 3.2.1.
* CardBus bridge capabilities are displayed.
* PCIe L1 PM substates are decoded.
* Various bugs were fixed in decoding of PCIe capabilities.
* The sysfs back-end does not spit out unnecessary warnings when
empty slots report only a partial device address. This actually
happens on IBM pSeries.
* Updated pci.ids to the today's snapshot of the database.
2013-04-19 Martin Mares <mj@ucw.cz>
* Released as 3.2.0.
* On newer Linux systems, we use libkmod to look up kernel modules
(modules.pcimap no longer exists.) To facilitate this, libpci
is able to look up module aliases in sysfs.
* Various minor bug fixes.
* Updated pci.ids to the today's snapshot of the database.
libntfs: added use of hd library to get the legacy BIOS geometry
libntfs: switched to /proc/mounts for checking existing mounts
libntfs: fixed usa checking by ntfsck on 4K sector disks
libntfs: fixed processing compressed data beyond file size (Windows 8 compliance)
libntfs: fixed expanding a resident attribute without inserting holes
libntfs: allow DACLs to not have any ACE
libntfs: ignore unmapped regions when checking whether sparse
libntfs: upgraded the Win32 interface for use with ntfsprogs
ntfsresize: enabled relocating the MFT when shrinking a volume
ntfsresize: fixed trying to update the MFT and Bitmap on a test run
ntfsresize: fixed updating all the MFT runs in a relocated MFT
ntfsresize: set the backup boot sector when the size is reliable
ntfsresize: reserved a single sector for the backup boot sector
ntfsundelete: output the modification time when scanning files
ntfsundelete: ported to Windows
ntfsclone: fixed wiping fragmented metadata when creating a metadata image
ntfsclone: allowed cloning a file system despite allocation errors
ntfsclone: fixed bad copying of the backup boot sector
ntfsclone: ported to Windows
ntfsdecrypt: made compatible with libgrypt-1.6
Reading and writing configuration files is one of the most frequent tasks of
any software design. Config::Simple is the library that helps you with it.
Config::Simple is a class representing configuration file object. It supports
several configuration file syntax and tries to identify the file syntax
automatically. Library supports parsing, updating and creating configuration
files.
v0.7.4:
- Fixing a bug about dangling processes, in case of using "ts -r".
v0.7.3:
- Add option '-N' to set the number of slots required for a job to run.
Proposed by Sergey Litvinov.
v0.7.2:
- Add option '-E', to keep stderr apart. It goes to "`ts -o`.e".
v0.7.1:
- Implement check of ownership of the socket. Security bugfix.
pefile is a multi-platform Python module to read and work with Portable
Executable (aka PE) files. Most of the information in the PE Header is
accessible, as well as all the sections, section's information and data.
pefile requires some basic understanding of the layout of a PE file. Armed with
it it's possible to explore nearly every single feature of the file.
Some of the tasks that pefile makes possible are:
* Modifying and writing back to the PE image
* Header Inspection
* Sections analysis
* Retrieving data
* Warnings for suspicious and malformed values
* Packer detection with PEiD's signatures
* PEiD signature generation
All:
- Fixed the autoconf test for #pragma weak, so it will not
believe that "clang" supports #pragma weak in a compatible way.
This is needed in order to compile libmdigest/sha2.c using clang.
- New autoconf tests added for:
libexpat
libpcsclite / winscard.lib
libcrypto / libeay32.lib
libssl / ssleay32.lib
- New autoconf test for expat.h
- The makefile system added the INVERSE_SUBARCHDIR= to allow local
autoconfiguration for shared libraries.
- RULES/rules.top now also calls MKLINKS in the directory TEMPLATES
- New compiler configuration files:
RULES/cc-clang.rul
RULES/cc-clang32.rul
RULES/cc-clang64.rul
- The Mac OS X related rules now support a new macro:
LDFRAMEWORKS=
that allows to add Apple specific libraries.
- Added a new WIN32_LIBS= macro for Win-DOS specific libraries.
These libraries have to be specified in the portable -lfoo
format for "libfoo" and also work when compiling for MinGW32.
When cl.exe is used, -lfoo is converted to foo.lib.
- New configuration files:
RULES/i386-darwin-clang.rul
RULES/i386-darwin-clang32.rul
RULES/i386-darwin-clang64.rul
- New configuration files:
RULES/i386-freebsd-clang.rul
RULES/i586-linux-clang.rul
RULES/x86_64-linux-clang.rul
RULES/i86pc-sunos5-clang.rul
RULES/sun4-sunos5-clang.rul
Note that these files have not been tested yet.
- RULES/cc-sunpro.rul now also includes rules for
RULES/cc-sunpro32.rul and
RULES/cc-sunpro64.rul
- RULES/cc-gcc.rul now also includes rules for
RULES/cc-gcc32.rul and
RULES/cc-gcc64.rul
- RULES/cc-sunpro32.rul added for orthogonality
- RULES/cc-sunpro32.rul and
RULES/cc-sunpro64.rul are symlinks to RULES/cc-sunpro.rul
and RULES/cc-sunpro.rul uses a macro to include
cc-sunpro.rul
cc-sunpro32.rul
cc-sunpro64.rul
as needed
- RULES/i86pc-sunos5-cc.rul now also includes rules for
RULES/i86pc-sunos5-cc32.rul and
RULES/i86pc-sunos5-cc64.rul
- RULES/i86pc-sunos5-gcc.rul now also includes rules for
RULES/i86pc-sunos5-gcc32.rul and
RULES/i86pc-sunos5-gcc64.rul
- RULES/sun4-sunos5-cc.rul now also includes rules for
RULES/sun4-sunos5-cc32.rul and
RULES/sun4-sunos5-cc64.rul
- RULES/sun4-sunos5-gcc.rul now also includes rules for
RULES/sun4-sunos5-gcc32.rul and
RULES/sun4-sunos5-gcc64.rul
- RULES/i586-linux-suncc.rul now also includes rules for
RULES/i586-linux-suncc32.rul and
RULES/i586-linux-suncc64.rul
- RULES/9000-725-hp-ux-cc.rul now also includes rules for
RULES/9000-725-hp-ux-cc32.rul and
RULES/9000-725-hp-ux-cc64.rul
- RULES/i486-cygwin32_nt-cc.rul now also includes rules for
RULES/i486-cygwin32_nt-cc32.rul and
RULES/i486-cygwin32_nt-cc64.rul
- RULES/i486-cygwin32_nt-gcc.rul now also includes rules for
RULES/i486-cygwin32_nt-gcc32.rul and
RULES/i486-cygwin32_nt-gcc64.rul
- RULES/ip22-irix-cc.rul now also includes rules for
RULES/ip22-irix-cc64.rul
- RULES/ip22-irix-gcc.rul now also includes rules for
RULES/ip22-irix-gcc64.rul
- RULES/power-macintosh-darwin-cc.rul now also includes rules for
RULES/power-macintosh-darwin-cc32.rul and
RULES/power-macintosh-darwin-cc64.rul
- RULES/power-macintosh-darwin-gcc.rul now also includes rules for
RULES/power-macintosh-darwin-gcc32.rul and
RULES/power-macintosh-darwin-gcc64.rul
- conf/makeinc now knows that a compiler name may not follow
the "cc*" text rule. This helps to support "clang".
- conf/cc-config.sh has been enhanced to detect whether
"cc" or "gcc" are emulated via "clang".
- New files in TEMPLATES/ related to "clang"
- TEMPLATES/ now includes config files for gcc32 and gcc64
- TEMPLATES/ now includes config files for clang, clang32 and clang64
- Add comment to DEFAULTS_CSW/sparc-cc.defs
- config.guess now understands Mac OS X on 64 bit Intel
Libschily:
- libschily/format.c fixed to compile again with K&R C that does
not support "long double".
- No longer use fgets() for fgetaline(), fgetline() and fgetstr()
as fgets() cannot deal with embedded '\0' chars before the '\n'.
- libschily/fstream.c now supports local flags (for the caller)
and pushable streams to keep blocks of pushed text atomically.
- libschily/fchmodat.c was added, it has been forgotten when
the emulations for the *at() functions have been introduced.
It is needed for the new enhanced isoinfo command.
- libschily/mknodat.c now correctly provides a mknodat() function even
when there is no mknod() command.
- libschily/futimens.c now is more Sun specific when trying to implement
futimens() via utimensat(), as only Solaris supports a f*() interface
in case that the path name is a NULL pointer.
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
WARNING: the new version of the isoinfo program makes use of the
*at() series of functions that have been introduced by Sun
in August 2001 and added to POSIX.1-2008. For older platforms,
libschily now includes emulations for these functions but
these emulations have not yet been tested thouroughly.
Please report problems!
- The man page isoinfo.8 was enhanced by mentioning the option -s (print
file sizes in multiple if 2048 byte sectors) and by documenting the
list format that us used with -l.
- isoinfo now evaluates the Rock Ridge "PN" signature and thus supports
to display and use the major/minor device numbers.
- isoinfo now extracts time stamps with sub second granularity in
order to be able to set fine grained file timestamps, see -X option
below.
- isoinfo now knows how to find out whether a ISO-9660 filesystem was
created by a newer mkisofs and thus includes useful inode numbers
in ISO-9660. These ISO-9660 based inode numbers are used in case that
there is no Rock Ridge-1.12 that includes inode numbers in the "PX"
signature.
- isoinfo now has a new option -X that extracts alls files (in case that
-find is not used) or files secected by a -find expression. Note that
-find expressions may include -chown, -chgrp and -chmod to modify the
meta data of files.
- improved support for Amazon Glacier
- removed support for Ubuntu One, which is closing shop
- new locking mechanism to avoid concurrent execution with same cache
- many other bugfixes and minor improvements. See CHANGELOG.
Version 5.8
New: Monit no longer purge the environment for sub-processes
New: Add command line option to view Monit ID (-i/--id)
New: Add command line option to reset Monit ID (-r/--resetid)
New: Add client support for using TLS version 1.1 and 1.2. A recent
1.x version of OpenSSL is required and of course that the server
speaks this TLS version. At this time, not many does. Example:
if failed port 443 with type TCPSSL tlsv11 protocol http then alert
New: Process UID, EUID and GID tests. Allows to test if the
process is running as a given user. Example:
check process syslog with pidfile /var/run/rsyslogd.pid
if failed uid "syslog" then alert
if failed euid "syslog" then alert
if failed gid "syslog" then alert
New: Add WebSocket protocol test support for port check. Example:
check host websocket.org with address "echo.websocket.org"
if failed
port 80 protocol websocket
host "echo.websocket.org"
request "/"
origin "http://www.websocket.com"
version 13
then alert
New: Simplified HTTP protocol test to allow testing content without
creating an URL object. It is now possible to say in a more natural way,
check host mmonit.com with address mmonit.com
if failed
port 80 protocol http
and request /monit/ with content = "Monit 5.7"
then alert
meaning that if the page mmonit.com/monit does not contain the text
"Monit 5.7" then the test will fail. To reverse the test, i.e. to test
that the page should not contain a specific string simply use '!='
instead, like,
if failed
port 80 protocol http
with content != "Nagios"
then alert
Remember also that the string to test can be a regular expression
New: The HTTP protocol test now support testing the HTTP status code
returned by the server by using "status <operator> <number>".
Backward compatible defaults (return error if status >= 400):
if failed
port 80 protocol http
and status < 400
then alert
Return error if a page DOES exist (for success 404 is expected):
if failed
port 80 protocol http
request "/non/existent.php"
status = 404
then alert
Fixed: Unix Socket test now use the communication type (TCP or UDP)
specified in port statement. Previously TCP was always used.
Fixed: Improved test to check if a socket was connected. Since we use
non-blocking connect, we now poll a few ms to avoid "connection failed,
XXX is not ready for i|o" errors which could occur, especially on high
latency networks or long distance connect.
Fixed: Simplified if-statements reported in UI
Fixed: Ignore lines starting with '#' in an 'allow htpasswd' file
statement. Thanks to Michael Bakker for reporting the issue
Fixed: Show service restart program on Monit startup in debug mode.
Thanks to Michael Bakker for reporting the issue
Version 5.7
New: Merged https://bitbucket.org/tildeslash/monit/pull-request/1/
from Philippe Kueck:
1) Handle sockets (unix domain) as regular files when checking timestamp.
2) Use mysql 4.1 protocol in MySQL check, required for checking mysql-proxy
3) Skip connection checks during startup timeout.
New: Arguments added to 'check program'. Arguments are whitespace
separated strings. For instance:
check program list-files with path "/bin/ls -l -r -t /tmp"
if status != 0 then alert
New: Implemented restart as an optional service action. When Monit
is called to restart a service, it previously called the stop
program registered with the service and then the start program.
Now, if a restart program is registred with the service, this
will be called instead, otherwise Monit fall back to its old
behaviour. Example:
check process apache with pidfile /var/run/httpd.pid
start = "/usr/sbin/apachectl start"
stop = "/usr/sbin/apachectl stop"
restart = "/usr/sbin/apachectl restart" <- New
New: Improved communication with M/Monit. Thanks to Hippo Lin. For
scalability purpose, this Monit version should only be used with
M/Monit version 3.1 or later.
BUGFIXES:
* Monit stopped if an error occurred during MTA connection close.
* Make the Memcache protocol test faster.
* Solaris zone: fix system memory usage report.
* Use chiper list with SSL server instead of relying on default
The vulnerability is only exposed to service domains for HVM guests
which have privilege over the guest. In a usual configuration that
means only device model emulators (qemu-dm).
bump PKGREV
D-Bus 1.8.2 (2014-04-30)
==
The “nobody wants red” release.
Enhancements:
• in the CMake build system, add some hints for Linux users cross-compiling
Windows D-Bus binaries to be able to run tests under Wine
(fd.o #41252, Ralf Habacker)
• add Documentation key to dbus.service (fd.o #77447, Cameron Norman)
Fixes:
• in "dbus-uuidgen --ensure", try to copy systemd's /etc/machine-id
to /var/lib/dbus/machine-id instead of generating an entirely new ID
(fd.o #77941, Simon McVittie)
• if dbus-launch receives an X error very quickly, do not kill
unrelated processes (fd.o #74698, Роман Донченко)
• on Windows, allow up to 8K connections to the dbus-daemon, instead of the
previous 64 (fd.o #71297; Cristian Onet, Ralf Habacker)
• cope with \r\n newlines in regression tests, since on Windows,
dbus-daemon.exe uses text mode (fd.o #75863, Руслан Ижбулатов)
wip by ryoon and myself, tested by Thomas Schmitt and Freddy Fisker.
libisoburn is a frontend for libraries libburn and libisofs which
enables creation and expansion of ISO-9660 filesystems on all
CD/DVD/BD media supported by libburn. This includes media like
DVD+RW, which do not support multi-session management on media
level and even plain disk files or block devices.
This package also contains comand line and dialog application
xorriso.
Upstream changes:
0.17
- add option: --backlog to change the backlog size (default: SOMAXCONN) (thanks to Yuryu)
0.16
- [bugfix] unset the environment variable when a file is removed from the directory specified by --envdir
0.15
- added option: --envdir for reloading configuration (thanks to limitusus)
- added options: --enable-auto-restart and interval for periodical automatic restarting (thanks to limitusus)
- added option: --kill-old-delay for delaying SIGTERM (thanks to limitusus)
0.14
- fix regression in 0.13; start_server wo. "--dir" was causing errors
0.13
- add option: --dir (thanks to kazeburo)
0.12
- bugfix: support for programs with whitespaces (thanks to clkao)
- add option: --signal-on-term (thanks to miyagawa)
myself for wip, tested by Thomas Schmitt and Freddy Fisker.
libisofs is a library to create an ISO-9660 filesystem with extensions
like RockRidge or Joliet. It is also a full featured ISO-9660
editor, allowing you to modify an ISO image or multisession disc,
including file addition/removal, change of file names and attributes,
etc.
and myself for wip, tested by Thomas Schmitt and Freddy Fisker.
libburn is a library for writing preformatted data to optical media
such as CD, DVD, BD (Blu-Ray).
Version 1.7.0
- Allow user/group names up to 32 characters before clipping.
- Made -i compress XML and JSON output as much as possible by eliminating
extraneous whitespace.
- Added --caseinsensitive (renamed --ignore-case ala grep) flag so patterns
match without regard to case, courtesy of Jason A Donenfeld.
- Added --matchdirs option courtesy of Brian Mattern & Jason A. Donenfeld
<Jason@zx2c4.com>.
- Fixed possible buffer overflow on large uid/gids w/o user names/group
names (Alexandre Wendling <alexandrerw@celepar.pr.gov.br>)
- Added JSON support courtesy of Florian Sesser <fs@it-agenten.com>.
- Fixed formatting error with HTML output when -L 1 specified. (Sascha Zorn
<sascha.zorn@gmail.com>)
- Added file size sorting (Philipp M?ller <philippausmuensing@googlemail.com>)
- Added '--sort[=]<name>' option, ala ls.
- Fixed OS X makefile problems (Ryan Hollis <theryanhollis@gmail.com>)
- Fixed possible memory overflow in read_dir (path/lbuf not equal in size
to pathsize/lbufsize.) (Han Hui <hanhui03@163.com>)
- Fix S_ISDOOR/S_IFDOOR spelling mistake for Solaris. (Tim Mooney
<Tim.Mooney@ndsu.edu>)
- Make tree more reliably detect UTF-8 locales. (Mantas Mikulnas
<grawity@gmail.com> and others.)
- Return non-zero exit status on option errors, print usage to stdout when
not an error, add the posix '--' option terminator, Change -S description
to mean CP437 (console) output codes, not ASCII. (Ivan Shmakov
<oneingray@gmail.com>)
2.1.0 - 2014-04-08
------------------
ENHANCEMENTS
* 387: system-wide open connections a-la netstat.
BUG FIXES
* 421: [Solaris] psutil does not compile on SunOS 5.10 (patch by Naveed
Roudsari)
* 489: [Linux] psutil.disk_partitions() return an empty list.
2.0.0 - 2014-03-10
------------------
ENHANCEMENTS
* #424: [Windows] installer for Python 3.X 64 bit.
* #427: number of logical and physical CPUs (psutil.cpu_count()).
* #447: psutil.wait_procs() timeout parameter is now optional.
* #452: make Process instances hashable and usable with set()s.
* #453: tests on Python < 2.7 require unittest2 module.
* #459: add a make file for running tests and other repetitive tasks (also
on Windows).
* #463: make timeout parameter of cpu_percent* functions default to 0.0 'cause
it's a common trap to introduce slowdowns.
* #468: move documentation to readthedocs.com.
* #477: process cpu_percent() is about 30% faster. (suggested by crusaderky)
* #478: [Linux] almost all APIs are about 30% faster on Python 3.X.
* #479: long deprecated psutil.error module is gone; exception classes now
live in "psutil" namespace only.
BUG FIXES
* #193: psutil.Popen constructor can throw an exception if the spawned process
terminates quickly.
* #340: [Windows] process get_open_files() no longer hangs. (patch by
jtang@vahna.net)
* #443: [Linux] fix a potential overflow issue for Process.set_cpu_affinity()
on systems with more than 64 CPUs.
* #448: [Windows] get_children() and ppid() memory leak (patch by Ulrich
Klank).
* #457: [POSIX] pid_exists() always returns True for PID 0.
* #461: namedtuples are not pickle-able.
* #466: [Linux] process exe improper null bytes handling. (patch by
Gautam Singh)
* #470: wait_procs() might not wait. (patch by crusaderky)
* #471: [Windows] process exe improper unicode handling. (patch by
alex@mroja.net)
* #473: psutil.Popen.wait() does not set returncode attribute.
* #474: [Windows] Process.cpu_percent() is no longer capped at 100%.
* #476: [Linux] encoding error for process name and cmdline.
API CHANGES
For the sake of consistency a lot of psutil APIs have been renamed.
In most cases accessing the old names will work but it will cause a DeprecationWarning.
* psutil.* module level constants have being replaced by functions:
---------------------------------------------------------
| Old name | Replacement |
---------------------------------------------------------
| - psutil.NUM_CPUS | psutil.cpu_cpunt() |
| - psutil.BOOT_TIME | psutil.boot_time() |
| - psutil.TOTAL_PHYMEM | psutil.virtual_memory().total |
---------------------------------------------------------
* Renamed psutil.* functions:
-----------------------------------------------
| Old name | Replacement |
-----------------------------------------------
| - psutil.get_pid_list() | psutil.pids() |
| - psutil.get_users() | psutil.users() |
| - psutil.get_boot_time() | psutil.boot_time() |
-----------------------------------------------
* All psutil.Process get_* methods lost the "get_" prefix.
get_ext_memory_info() renamed to memory_info_ex().
Assuming "p = psutil.Process()":
-------------------------------------------------
| Old name | Replacement |
-------------------------------------------------
| p.get_children() | p.children() |
| p.get_connections() | p.connections() |
| p.get_cpu_affinity() | p.cpu_affinity() |
| p.get_cpu_percent() | p.cpu_percent() |
| p.get_cpu_times() | p.cpu_times() |
| p.get_ext_memory_info() | p.memory_info_ex() |
| p.get_io_counters() | p.io_counters() |
| p.get_ionice() | p.ionice() |
| p.get_memory_info() | p.memory_info() |
| p.get_memory_maps() | p.memory_maps() |
| p.get_memory_percent() | p.memory_percent() |
| p.get_nice() | p.nice() |
| p.get_num_ctx_switches() | p.num_ctx_switches() |
| p.get_num_fds() | p.num_fds() |
| p.get_num_threads() | p.num_threads() |
| p.get_open_files() | p.open_files() |
| p.get_rlimit() | p.rlimit() |
| p.get_threads() | p.threads() |
| p.getcwd() | p.cwd() |
-------------------------------------------------
* All psutil.Process set_* methods lost the "set_" prefix.
Assuming "p = psutil.Process()":
--------------------------------------------------------
| Old name | Replacement |
--------------------------------------------------------
| p.set_nice() | p.nice(value) |
| p.set_ionice() | p.ionice(ioclass, value=None) |
| p.set_cpu_affinity() | p.cpu_affinity(cpus) |
| p.set_rlimit() | p.rlimit(resource, limits=None) |
--------------------------------------------------------
* Except for 'pid' all psutil.Process class properties have been turned into
methods. This is the only case which there are no aliases.
Assuming "p = psutil.Process()":
---------------------------------
| Old name | Replacement |
---------------------------------
| p.name | p.name() |
| p.parent | p.parent() |
| p.ppid | p.ppid() |
| p.exe | p.exe() |
| p.cmdline | p.cmdline() |
| p.status | p.status() |
| p.uids | p.uids() |
| p.gids | p.gids() |
| p.username | p.username() |
| p.create_time | p.create_time() |
---------------------------------
* Others:
* timeout parameter of cpu_percent* functions defaults to 0.0 instead of 0.1.
* long deprecated psutil.error module is gone; exception classes now live in
"psutil" namespace only.
* Process instances' "retcode" attribute returned by psutil.wait_procs() has
been renamed to "returncode" for consistency with subprocess.Popen.
Changelog:
2014-03-26 11:25 Christos Zoulas <christos@zoulas.com>
* release 5.18
2014-03-15 17:45 Christos Zoulas <christos@zoulas.com>
* add fmtcheck(3) for those who don't have it
2014-03-14 15:12 Christos Zoulas <christos@zoulas.com>
* prevent mime entries from being attached to magic
entries with no descriptions
* adjust magic strength for regex type
* remove superfluous ascmagic with encoding test
2014-03-06 12:01 Christos Zoulas <christos@zoulas.com>
* fix regression fix echo -ne "\012\013\014" | file -i -
which printed "binary" instead of "application/octet-stream"
* add size_t overflow check for magic file size
2014-02-27 16:01 Christos Zoulas <christos@zoulas.com>
* experimental support for matching with CFD CLSID
2014-02-18 13:04 Kimmo Suominen (kimmo@suominen.com)
* Cache old LC_CTYPE locale before setting it to "C", so
we can use it to restore LC_CTYPE instead of asking
setlocale() to scan the environment variables.
D-Bus 1.8.0 (2014-01-20)
==
The “Wolverine distrusts my printer” release.
This starts a new stable branch. The 1.6.x branch is now considered to be
outdated, and will only receive fixes for serious bugs such as security
flaws. The 1.4.x and 1.2.x branches no longer have upstream support and
are unlikely to get any more releases, but if distributors still need to
support them, please share security patches via upstream.
Summary of changes since 1.6.x:
• libdbus always behaves as if dbus_threads_init_default() had been called
(thread-safety by default)
• new dbus-run-session tool, replacing certain misuses of dbus-launch
• dbus-monitor can talk to outdated versions of dbus-daemon again
• new org.freedesktop.DBus.GetConnectionCredentials method
• GetConnectionUnixProcessID also works correctly on Windows, returning
the Windows process ID
• GetConnectionWindowsSID returns the correct SID on Windows
• expat is required, libxml2 can no longer be used as a substitute
• the userDB cache is required, and cannot be disabled
• a 64-bit integer type (either int, long, long long or _int64) is required
• better systemd-journald integration on Linux
• fixed long-standing fd and array leaks when failing to parse a message
• fixed referenced-but-never-freed parent nodes (effectively memory leaks)
when using certain object-path allocation patterns, notably in Avahi
• better defaults for Windows support
• better CMake support
• better portability to mingw32, FreeBSD, NetBSD, QNX and Hurd
• the source language for the man pages is now Docbook XML
Enhancements since 1.7.10:
• Enhance the CMake build system to check for GLib and compile/run
a subset of the regression tests (fd.o #41252, #73495; Ralf Habacker)
Fixes since 1.7.10:
• don't rely on va_copy(), use DBUS_VA_COPY() wrapper (fd.o #72840,
Ralf Habacker)
• fix compilation of systemd journal support on older systemd versions where
sd-journal.h doesn't include syslog.h (fd.o #73455, Ralf Habacker)
• fix compilation on older MSVC versions by including stdlib.h
(fd.o #73455, Ralf Habacker)
• Allow <allow_anonymous/> to appear in an included configuration file
(fd.o #73475, Matt Hoosier)
Test behaviour changes since 1.7.10:
• If the tests crash with an assertion failure, they no longer default to
blocking for a debugger to be attached. Set DBUS_BLOCK_ON_ABORT in the
environment if you want the old behaviour.
• To improve debuggability, the dbus-daemon and dbus-daemon-eavesdrop tests
can be run with an external dbus-daemon by setting
DBUS_TEST_DAEMON_ADDRESS in the environment. Test-cases that require
an unusually-configured dbus-daemon are skipped.
D-Bus 1.7.10 (2014-01-06)
==
The “weighted companion cube” release.
This is a release candidate for D-Bus 1.8.
D-Bus Specification 0.23:
• don't require messages with no INTERFACE to be dispatched
(fd.o #68597, Simon McVittie)
• document "tcp:bind=..." and "nonce-tcp:bind=..." (fd.o #72301,
Chengwei Yang)
• define "listenable" and "connectable" addresses, and discuss
the difference (fd.o #61303, Simon McVittie)
Enhancements:
• support printing Unix file descriptors in dbus-send, dbus-monitor
(fd.o #70592, Robert Ancell)
• don't install systemd units if --disable-systemd is given
(fd.o #71818, Chengwei Yang)
Fixes:
• don't leak memory on out-of-memory while listing activatable or
active services (fd.o #71526, Radoslaw Pajak)
• fix undefined behaviour in a regression test (fd.o #69924, DreamNik)
• escape Unix socket addresses correctly (fd.o #46013, Chengwei Yang)
• on SELinux systems, don't assume that SECCLASS_DBUS, DBUS__ACQUIRE_SVC
and DBUS__SEND_MSG are numerically equal to their values in the
reference policy (fd.o #88719, osmond sun)
• define PROCESS_QUERY_LIMITED_INFORMATION if missing from MinGW < 4 headers
(fd.o #71366, Matt Fischer)
• define WIN32_LEAN_AND_MEAN to avoid conflicts between winsock.h and
winsock2.h (fd.o #71405, Matt Fischer)
• do not return failure from _dbus_read_nonce() with no error set,
preventing a potential crash (fd.o #72298, Chengwei Yang)
• on BSD systems, avoid some O(1)-per-process memory and fd leaks in kqueue,
preventing test failures (fd.o #69332, fd.o #72213; Chengwei Yang)
• fix warning spam on Hurd by not trying to set SO_REUSEADDR on Unix sockets,
which doesn't do anything anyway on at least Linux and FreeBSD
(fd.o #69492, Simon McVittie)
• fix use of TCP sockets on FreeBSD and Hurd by tolerating EINVAL from
sendmsg() with SCM_CREDS (retrying with plain send()), and looking
for credentials more correctly (fd.o #69492, Simon McVittie)
• ensure that tests run with a temporary XDG_RUNTIME_DIR to avoid
getting mixed up in XDG/systemd "user sessions" (fd.o #61301,
Simon McVittie)
• refresh cached policy rules for existing connections when bus
configuration changes (fd.o #39463, Chengwei Yang)
D-Bus 1.7.8 (2013-11-01)
==
The “extreme hills” release.
Dependencies:
• If systemd support is enabled, libsystemd-journal is now required.
Enhancements:
• When activating a non-systemd service under systemd, annotate its
stdout/stderr with its bus name in the Journal. Known limitation:
because the socket is opened before forking, the process will still be
logged as if it had dbus-daemon's process ID and user ID.
(fd.o #68559, Chengwei Yang)
• Document more configuration elements in dbus-daemon(1)
(fd.o #69125, Chengwei Yang)
Fixes:
• Don't leak string arrays or fds if dbus_message_iter_get_args_valist()
unpacks them and then encounters an error (fd.o #21259, Chengwei Yang)
• If compiled with libaudit, retain CAP_AUDIT_WRITE so we can write
disallowed method calls to the audit log, fixing a regression in 1.7.6
(fd.o #49062, Colin Walters)
• path_namespace='/' in match rules incorrectly matched nothing; it
now matches everything. (fd.o #70799, Simon McVittie)
D-Bus 1.7.6 (2013-10-09)
==
The “CSI Shrewsbury” release.
Build-time configuration changes:
• Directory change notification via dnotify on Linux is no longer
supported; it hadn't compiled successfully since 2010 in any case.
If you don't have inotify (Linux) or kqueue (*BSD), you will need
to send SIGHUP to the dbus-daemon when its configuration changes.
(fd.o #33001, Chengwei Yang)
• Compiling with --disable-userdb-cache is no longer supported;
it didn't work since at least 2008, and would lead to an extremely
slow dbus-daemon even it worked. (fd.o #15589, #17133, #66947;
Chengwei Yang)
• The DBUS_DISABLE_ASSERTS CMake option didn't actually disable most
assertions. It has been renamed to DBUS_DISABLE_ASSERT to be consistent
with the Autotools build system. (fd.o #66142, Chengwei Yang)
• --with-valgrind=auto enables Valgrind instrumentation if and only if
valgrind headers are available. The default is still --with-valgrind=no.
(fd.o #56925, Simon McVittie)
Dependencies:
• Platforms with no 64-bit integer type are no longer supported.
(fd.o #65429, Simon McVittie)
• GNU make is now (documented to be) required. (fd.o #48277, Simon McVittie)
• Full test coverage no longer requires dbus-glib, although the tests do not
exercise the shared library (only a static copy) if dbus-glib is missing.
(fd.o #68852, Simon McVittie)
Enhancements:
• D-Bus Specification 0.22
· Document GetAdtAuditSessionData() and
GetConnectionSELinuxSecurityContext() (fd.o #54445, Simon)
· Fix example .service file (fd.o #66481, Chengwei Yang)
· Don't claim D-Bus is "low-latency" (lower than what?), just
give factual statements about it supporting async use
(fd.o #65141, Justin Lee)
· Document the contents of .service files, and the fact that
system services' filenames are constrained
(fd.o #66608; Simon McVittie, Chengwei Yang)
• Be thread-safe by default on all platforms, even if
dbus_threads_init_default() has not been called. For compatibility with
older libdbus, library users should continue to call
dbus_threads_init_default(): it is harmless to do so.
(fd.o #54972, Simon McVittie)
• Add GetConnectionCredentials() method (fd.o #54445, Simon)
• New API: dbus_setenv(), a simple wrapper around setenv().
Note that this is not thread-safe. (fd.o #39196, Simon)
• Add dbus-send --peer=ADDRESS (connect to a given peer-to-peer connection,
like --address=ADDRESS in previous versions) and dbus-send --bus=ADDRESS
(connect to a given bus, like dbus-monitor --address=ADDRESS).
dbus-send --address still exists for backwards compatibility,
but is no longer documented. (fd.o #48816, Andrey Mazo)
• Windows-specific:
· "dbus-daemon --nofork" is allowed on Windows again. (fd.o #68852,
Simon McVittie)
Fixes:
• Avoid an infinite busy-loop if a signal interrupts waitpid()
(fd.o #68945, Simon McVittie)
• Clean up memory for parent nodes when objects are unexported
(fd.o #60176, Thomas Fitzsimmons)
• Make dbus_connection_set_route_peer_messages(x, FALSE) behave as
documented. Previously, it assumed its second parameter was TRUE.
(fd.o #69165, Chengwei Yang)
• Escape addresses containing non-ASCII characters correctly
(fd.o #53499, Chengwei Yang)
• Document <servicedir> search order correctly (fd.o #66994, Chengwei Yang)
• Don't crash on "dbus-send --session / x.y.z" which regressed in 1.7.4.
(fd.o #65923, Chengwei Yang)
• If malloc() returns NULL in _dbus_string_init() or similar, don't free
an invalid pointer if the string is later freed (fd.o #65959, Chengwei Yang)
• If malloc() returns NULL in dbus_set_error(), don't va_end() a va_list
that was never va_start()ed (fd.o #66300, Chengwei Yang)
• fix build failure with --enable-stats (fd.o #66004, Chengwei Yang)
• fix a regression test on platforms with strict alignment (fd.o #67279,
Colin Walters)
• Avoid calling function parameters "interface" since certain Windows headers
have a namespace-polluting macro of that name (fd.o #66493, Ivan Romanov)
• Assorted Doxygen fixes (fd.o #65755, Chengwei Yang)
• Various thread-safety improvements to static variables (fd.o #68610,
Simon McVittie)
• Make "make -j check" work (fd.o #68852, Simon McVittie)
• Fix a NULL pointer dereference on an unlikely error path
(fd.o #69327, Sviatoslav Chagaev)
• Improve valgrind memory pool tracking (fd.o #69326,
Sviatoslav Chagaev)
• Don't over-allocate memory in dbus-monitor (fd.o #69329,
Sviatoslav Chagaev)
• dbus-monitor can monitor dbus-daemon < 1.5.6 again
(fd.o #66107, Chengwei Yang)
• Unix-specific:
· If accept4() fails with EINVAL, as it can on older Linux kernels
with newer glibc, try accept() instead of going into a busy-loop.
(fd.o #69026, Chengwei Yang)
· If socket() or socketpair() fails with EINVAL or EPROTOTYPE,
for instance on Hurd or older Linux with a new glibc, try without
SOCK_CLOEXEC. (fd.o #69073; Pino Toscano, Chengwei Yang)
· Fix a file descriptor leak on an error code path.
(fd.o #69182, Sviatoslav Chagaev)
· dbus-run-session: clear some unwanted environment variables
(fd.o #39196, Simon)
· dbus-run-session: compile on FreeBSD (fd.o #66197, Chengwei Yang)
· Don't fail the autolaunch test if there is no DISPLAY (fd.o #40352, Simon)
· Use dbus-launch from the builddir for testing, not the installed copy
(fd.o #37849, Chengwei Yang)
· Fix compilation if writev() is unavailable (fd.o #69409,
Vasiliy Balyasnyy)
· Remove broken support for LOCAL_CREDS credentials passing, and
document where each credential-passing scheme is used (fd.o #60340,
Simon McVittie)
· Make autogen.sh work on *BSD by not assuming GNU coreutils functionality
(fd.o #35881, #69787; Chengwei Yang)
· dbus-monitor: be portable to NetBSD (fd.o #69842, Chengwei Yang)
· dbus-launch: stop using non-portable asprintf (fd.o #37849, Simon)
· Improve error reporting from the setuid activation helper (fd.o #66728,
Chengwei Yang)
• Windows-specific:
· Remove unavailable command-line options from 'dbus-daemon --help'
(fd.o #42441, Ralf Habacker)
· Add support for looking up local TCPv4 clients' credentials on
Windows XP via the undocumented AllocateAndGetTcpExTableFromStack
function (fd.o #66060, Ralf Habacker)
· Fix insufficient dependency-tracking (fd.o #68505, Simon McVittie)
· Don't include wspiapi.h, fixing a compiler warning (fd.o #68852,
Simon McVittie)
• Internal changes:
· add DBUS_ENABLE_ASSERT, DBUS_ENABLE_CHECKS for less confusing
conditionals (fd.o #66142, Chengwei Yang)
· improve verbose-mode output (fd.o #63047, Colin Walters)
· consolidate Autotools and CMake build (fd.o #64875, Ralf Habacker)
· fix various unused variables, unusual build configurations
etc. (fd.o #65712, #65990, #66005, #66257, #69165, #69410, #70218;
Chengwei Yang, Vasiliy Balyasnyy)
D-Bus 1.7.4 (2013-06-13)
==
The “but is your thread-safety thread-safe?” release.
Security fixes:
• CVE-2013-2168: Fix misuse of va_list that could be used as a denial
of service for system services. Vulnerability reported by Alexandru Cornea.
(Simon)
Dependencies:
• The Windows version of libdbus now contains a C++ source file, used
to provide global initialization when the library is loaded.
gcc (mingw*) users should ensure that g++ is also installed.
• The libxml2-based configuration reader (which hasn't worked for 2.5 years,
and was never the recommended option) has been removed. Expat is now a
hard dependency.
Enhancements:
• It should now be safe to call dbus_threads_init_default() from any thread,
at any time. Authors of loadable modules and plugins that use libdbus
should consider doing so during initialization.
(fd.o #54972, Simon McVittie)
• Improve dbus-send documentation and command-line parsing (fd.o #65424,
Chengwei Yang)
Unix-specific:
· dbus-run-session: experimental new tool to start a temporary D-Bus
session, e.g. for regression tests or a text console, replacing
certain uses of dbus-launch which weren't really correct
(fd.o #39196, Simon)
Other fixes:
• In dbus-daemon, don't crash if a .service file starts with key=value
(fd.o #60853, Chengwei Yang)
• Unix-specific:
· Fix a crash similar to CVE-2013-2168 the first time we try to use syslog
on a platform not defining LOG_PERROR, such as Solaris or QNX.
This regressed in 1.7.0. (Simon)
· Fix an assertion failure if we try to activate systemd services before
systemd connects to the bus (fd.o #50199, Chengwei Yang)
· Avoid compiler warnings for ignoring the return from write()
(Chengwei Yang)
• Windows-specific:
· Under cmake, install runtime libraries (DLLs) into bin/ instead of lib/
so that Windows finds them (fd.o #59733, Ralf Habacker)
D-Bus 1.7.2 (2013-04-25)
==
The “only partially opaque” release.
Configuration changes:
• On non-QNX Unix platforms, the default limit on fds per message in the
session bus configuration has reduced from 4096 to 1024. The default
limit used on the system bus was already 1024. On QNX, both limits are
reduced further, to 128.
Enhancements:
• D-Bus Specification 0.21
· Following Unicode Corrigendum #9, the noncharacters U+nFFFE, U+nFFFF,
U+FDD0..U+FDEF are allowed in UTF-8 strings again. (fd.o #63072,
Simon McVittie)
Fixes:
• Diagnose incorrect use of dbus_connection_get_data() with negative slot
(i.e. before allocating the slot) rather than returning junk
(fd.o #63127, Dan Williams)
• Fix a cmake build regression since 1.7.0 (fd.o #63682; Ralf Habacker,
Simon McVittie)
• Unix-specific:
· On Linux, link successfully with glibc 2.17 (fd.o #63166, Simon McVittie)
· Under systemd, log to syslog only, not stderr, avoiding duplication
(fd.o #61399, #39987; Colin Walters, Dagobert Michelsen)
· Under systemd, remove unnecessary dependency on syslog.socket
(fd.o #63531, Cristian Rodríguez)
· Include alloca.h for alloca() if available, fixing compilation on
Solaris 10 (fd.o #63071, Dagobert Michelsen)
· Allow use of systemd-logind without the rest of systemd
(fd.o #62585, Martin Pitt)
· When built with CMake, link to librt and use the right path for
meinproc's XSLT stylesheets (fd.o #61637, Ralf Habacker)
· Reduce the default limit on number of fds per message to 128 under
QNX, working around an arbitrary OS limit (fd.o #61176, Matt Fischer)
• Windows-specific:
· Do not claim that all bus clients have the dbus-daemon's credentials;
pick up local TCPv4 clients' credentials (process ID and security
identifier, i.e. user) using GetExtendedTcpTable() (fd.o #61787,
Ralf Habacker)
D-Bus 1.7.0 (2013-02-22)
==
The "Disingenuous Assertions" release.
This is a new development release, starting the 1.7.x branch. D-Bus 1.6
remains the recommended version for long-term-supported distributions
or the upcoming GNOME 3.8 release.
Build-time configuration changes:
• The --with-dbus-session-bus-default-address configure option is no longer
supported. Use the new --with-dbus-session-bus-connect-address and
--with-dbus-session-bus-listen-address options instead. On Windows, you
usually want them to have the same argument; on Unix, the defaults are
usually correct.
• Similarly, the DBUS_SESSION_BUS_DEFAULT_ADDRESS CMake variable is no longer
supported; use the new DBUS_SESSION_BUS_LISTEN_ADDRESS and
DBUS_SESSION_BUS_CONNECT_ADDRESS variables instead.
• cmake/cross-compile.sh has been removed. Instead, please use a
cross-toolchain file (-DCMAKE_TOOLCHAIN_FILE) as documented at
<http://www.vtk.org/Wiki/CMake_Cross_Compiling>; or use Autotools
as documented in "info automake Cross-Compilation", and set
PKG_CONFIG_PATH appropriately.
Requirements:
• Man pages now require xmlto (or either xmlto or meinproc, if using CMake).
• man2html is no longer used.
Enhancements:
• D-Bus Specification 0.20
· actually say that /org/freedesktop/DBus is the object that
implements o.fd.DBus (fd.o #51865, Colin Walters)
· various reorganisation for better clarity (fd.o #38252, Simon McVittie)
· stop claiming that all basic types work just like INT32 (strings don't!)
• The "source code" for the man pages is now Docbook XML, eliminating
the outdated duplicate copies used when building with CMake.
(fd.o #59805; Ralf Habacker, Simon McVittie)
Fixes:
• In the activation helper, when compiled for tests, do not reset the system
bus address, fixing the regression tests. (fd.o #52202, Simon)
• Fix building with Valgrind 3.8, at the cost of causing harmless warnings
with Valgrind 3.6 on some compilers (fd.o #55932, Arun Raghavan)
• Merge <servicehelper> from system-local.conf if necessary (fd.o #51560,
Krzysztof Konopko)
• Under CMake, prefer xmlto over meinproc (fd.o #59733, Ralf Habacker)
• Stop duplicating CMake's own logic to find libexpat
(fd.o #59733, Ralf Habacker)
• Don't assume CMake host and build system are the same (fd.o #59733,
Ralf Habacker)
• Avoid deprecation warnings for GLib 2.35 (fd.o #59971, Simon McVittie)
• Unix-specific:
· Check for functions in libpthread correctly, fixing compilation on
(at least) OpenBSD (fd.o #47239, Simon)
· Don't leak temporary fds pointing to /dev/null (fd.o #56927,
Michel HERMIER)
· Update sd-daemon.[ch] from systemd (fd.o #60681)
· Add partial support for QNX (fd.o #60339, fd.o #61176; Matt Fischer)
• Windows-specific:
· The default session bus listening and connecting address is now
"autolaunch:", which makes D-Bus on Windows interoperate with itself
and GDBus "out of the box". Use the configure options and cmake variables
described above if you require a different autolaunch scope.
(fd.o #38201, Simon McVittie)
· Avoid a CMake warning under Cygwin (fd.o #59401, Ralf Habacker)
• Create session.d, system.d directories under CMake (fd.o #41319,
Ralf Habacker)
Changes since version 1.0.34:
A bug in tarsnap 1.0.34 which could cause tarsnap to crash
(segmentation fault or bus error) when encountering network
glitches or outages is fixed.
When tarsnap encounters "insane" filesystems (procfs and other
similar synthetic filesystems which are not reasonable to
archive), it now archives the filesystem mount point but by
default does not recurse into the filesystem. Previous releases
(since 1.0.26) did not archive the synthetic filesystem mount
point.
Changes since version 1.0.33:
Tarsnap now supports both IPv4 and IPv6.
Tarsnap is now more resilient against short network glitches
when it first connects to the Tarsnap server.
Tarsnap now supports platforms with mandatory structure alignment
(e.g., ARM OABI).
Tarsnap now restores terminal settings if killed with ^C while
reading a password or passphrase.
Multiple minor bug fixes and cleanups.
The library allows a process to change its title (as displayed by
system tools such as ps and top).
Changing the title is mostly useful in multi-process systems, for
example when a master process is forked: changing the children's
title allows to identify the task each process is busy with. The
technique is used by PostgreSQL and the OpenSSH Server for example.
Processing of the HVMOP_set_mem_access HVM control operations does not
check the size of its input and can tie up a physical CPU for extended
periods of time.
bump PKGREV
Changelog:
4.85 September 27, 2011
John Dzubera <Zube@CS.ColoState.EDU> kindly provided a patched
Solaris 9 test system with the lgrp_root conflict and I was
able to devise an automatic work-around for the conflict. The
special note in .../dialects/sun/machine.h was removed and
the 17.28.1 FAQ entry was modified to reflect the update.
Added a Solaris 11 work-around for a typedef problem with
<sys/mutex.h>. Carson Gaspar <carson@taltos.org> reported
the problem and supplied the work-around.
Added support for FreeBSD 7.4 and 8.2; tested on systems
provided by Larry Rosenman <ler@lerctr.org>.
Added support for 32 bit Solaris 11 lsof with mods supplied
by Jan Wortelboer <J.H.P.Wortelboer@uva.nl>.
Added Solaris 11 support for using an alternate genunix
location. Bill Goodridge <bill@its.brooklyn.cuny.edu>
reported the alternate location.
Added further Linux cross configuration support to lsof's
Configure script. The additional support was supplied by
Grant Erickson <erick205@umn.edu>. See the descriptions of
the LINUX_* environmen variables in 00XCONFIG for more
information. Tested lsof on Linux kernel 2.6.32 and picked
some lint that surfaced during the test.
Added fixes and changes for Apple Mac OS X 10.6, provided by
Allan Nathanson <ajn@apple.com>. Allan also provided a test
system.
Tested on FreeBSD 6.4 i386, using a test system provided by
Terry Kennedy <TERRY@tmk.com>. Updated for recent FreeBSD ZFS
changes on an 8.2 amd64 test system also provided by Terry.
Changed documentation to indicate FreeBSD 7.x is no longer
supported, since I no longer have a test system.
Made some changes to the lsof man page, suggested by Navid
<evi1m4chine@googlemail.com>.
Added compensation for Solaris 10 systems that have patch
144488-10. The patch requires that the new header file
<sys/socket_proto.h> be included while _KERNEL is defined.
Brett Bartick <Brett.bartick@nomura.com> reported the problem
first, followed by Stuart Anderson <anderson@ligo.caltech.edu>.
Michael Hocke <michael.hocke@nyu.edu> suggested a work-around
which I refined to limit it to the specific Solaris 10 instance
and then tested on a system provided by Charles Stephens
<cfs@cowlabs.com>
Added the +|-e option for Linux. It exempts file systems
named by path from function calls that might block in the
kernel -- i.e., stat(2) and lstat(2), and when the +e form
is used, readlink (2). The new packager of lsof for the
Linux Fedora and RHEL distributions, Peter Schiffer
<pschiffe@redhat.com>, asked for the feature so it could
be used with Clearcase file systems, whose implementation
can block stat(2) calls. I consider this feature very risky
and easy to misuse -- e.g., specifying the file system as
'/' would exempt all file systems. I don't intend to
propagate this option to any other UNIX dialect that lsof
currently supports.
Made FreeBSD 9 adjustment.
Fixed a Linux bug that prevented the display of paths for
abstact UNIX sockets. Masatake Yamato <yamato@redhat.com>
reported the bug and supplied a patch.
Added compensation for the removal of RPC header files from
GlibC 2.14 for Linux. Marek Behun <kabel@blackhole.sk>
reported the problem and supplied a patch.
Added support for Linux Netlink protocol. Masatake Yamato
requested the support and supplied a patch. Peter Schiffer
<pschiffe@redhat.com> provided a test system.
Corrected Linux UDP6-lite path. The error was reported by
Masatake Yamato and he also supplied a patch.
4.86 April 10, 2012
Lsof for AIX is no longer supported on any versions of that
operating system.
Added information about the clang compiler for FreeBSD to the
FAQ.
Corrected an arg.c bug in the accumulation of +|-e option
values, reported by Peter Schiffer <pschiffe@redhat.com>.
This correction was supplied as a patch to revision 4.85.
Enabled FreeBSD 10 support and tested it there on a system
provided by Larry Rosenman <ler@lerctr.org>.
Updated for latest Solaris 11 with patches supplied by
Carson Gaspar <carson@taltos.org>. Carson supplied a test
system.
Adjusted Linux file system search method to compensate for
NFS mounts that have duplicate device numbers. The problem
was reported by Peter Schiffer <pschiffe@redhat.com>, who
provided a test system.
At the request of Peter Schiffer <pschiffe@redhat.com>, added
support for Linux SCTP socket files. Peter provided a test
system. Applied a warning patch supplied by Peter.
Added support for Mac OS X 10.7 (Lion), provided by Allan
Nathanson <ajn@apple.com>. Allan also supplied a test
system.
Enabled FreeBSD 8.3 support and tested it there on a system
provided by Larry Rosenman <ler@lerctr.org>.
Corrected the FAQ information on ZFS with Solaris 10 after
Steven Blackmon <stblackm@cisco.com> and Prasad Jampala
<jampalp@cisco.com> pointed out that it was incorrect --
i.e., outdated by the libctf changes at revision 4.83.
Added code to handle a Linux NFS-mounted root. Jia He
<hejianet@linux.vnet.ibm.com> reported the need for this.
4.87 January 2, 2013
Added an entry to 00FAQ about lsof behavior when the
HASSECURITY and HASNOSOCKSECURITY options are defined.
Carson Gaspar <carson@taltos.org> pointed out the need
for this clarification.
Added a work-around for a missing definition of mach_port_t
in Darwin 9 (Mac OS/X 10.5.8). The work-around was supplied
by Jim Reid <jim@rfc1035.com>.
Added support for Linux anon_inodefs, provided by Masatake
YAMATO <yamato@redhat.com>.
Documented a Solaris 9 and 10 portmap reporting problem
(+M) in 00FAQ. The problem was reported by Clint
Roberts <Clint.Roberts@ttius.com>. I have no solution
to the problem, but discuss a possible work-around in
the answer to this 00FAQ question: "Why doesn't lsof
report portmap registrations for some Solaris versions?"
Added FreeBSD support for the oldnfs and newnfs file system
types. Daniel Braniss <danny@cs.huji.ac.il> reported the
need for the addition.
Added ICMP socket support for Linux with code provided by
Masatake YAMATO <yamato@redhat.com>.
Corrected the reporting of process group ID for libproc
versions of Mac OS X with a patch from Jeff Trawick
<trawick@gmail.com>. The patch has not been applied to
Darwin kmem versions, because of little call for them
and inadequate test system access. The patch has been
tested on Mac OS X 10.8 (Mountain Lion), courtesy of a
test system provided by Allan Nathanson <ajn@apple.com>.
Added thread support to those FreeBSD versions that have
ki_numthreads in their kinfo_proc structure. This also
activates the -K option for those FreeBSD versions. Jeff
Trawick reported problems with FreeBSD lsof when threads
are present and this addition solves those problems.
Made changes to 00FAQ and the distribution, suggested by
Warren Young <warren@etr-usa.com>. The 00FAQ changes
center on sections that discuss the -s option. The changes
to the distribution include a ChangeLog file that is either
a pointer to or a copy of 00DIST, the distribution notes.
Added support to FreeBSD for using the clang compiler.
Added Linux support for using the getxattr() call to obtain
socket protocol identification when it is can't be obtained
from the /proc/net files that lsof examines. Masatake YAMATO
<yamato@redhat.com> developed the kernel patch to getxattr()
and supplied the lsof patch.
