Various pkgsrc fixes:
- Fix mangled PLIST from the previous commit.
- Depend on coreutils for readlink, which is used in rabbitmq-env.
- Depend on bash, which is assumed throughout the scripts.
- Make sure the shell is passed properly to make/install targets.
- Fix Python usage (add Python 2.7) and clean up other bits.
RabbitMQ changelog:
2.6.1 bug fixes
- The broker failed to (re)start on reboot on systems that keep
/var/run on a temporary file systems, e.g. Ubuntu.
- The Windows service failed to increase the Erlang process limit,
limiting the broker to a few thousand queues, connections and
channels.
2.6.0 bug fixes
- Upgrading from RabbitMQ 2.1.1 to any later release could break if
there were durable queues with persistent messages present.
- On very slow machines, starting rabbit via the supplied init scripts
could fail with a timeout.
- Rabbit could fail to stop (when asked to do so) in the presence of
some plug-ins (e.g. shovel).
- 'ram' nodes in a cluster could consume ever increasing amounts of
disk space.
- The presence of fast consumers on a queue could significantly delay
the addition of new consumers.
- When a client was issuing a tx.commit in one channel, and
simultaneously, in another channel, deleted a durable queue with
persistent messages involved in that tx, rabbit could terminate with
an error.
- When a client was using both basic.qos and channel.flow, the latter
would fail to re-enable message flow.
- When using 'confirm' mode, the deletion of queues could cause nacks
to be issued (incorrectly).
- In extremely rare circumstances (never observed in the wild), a
queue with a per-queue message ttl could break during sudden changes
in rabbit memory usage.
2.6.0 enhancements
- Introduce active-active HA, with queues getting mirrored on nodes in
a cluster. See http://www.rabbitmq.com/ha.html.
- Revamp the handling of AMQP's tx (transaction) class and clarify its
behaviour See http://www.rabbitmq.com/specification.html#tx.
- Replace the 'administrator' flag, as used by the management plugin,
with a more general 'user tags' mechanism. See
http://www.rabbitmq.com/man/rabbitmqctl.1.man.html#set_user_tags.
- Do not require 'configure' permissions for passive queue/exchange
declaration.
- Optimise of message delivery on channels with a basic.qos
prefetch limit that are consuming from many queues.
- In 'rabbitmqctl list_channels', do not show the tx mode by default.
- When a cluster 'degrades' to only containing ram nodes - through
'rabbitmqctl' actions or node failure - display/log a warning.
- Eliminate some spurious errors from the sasl log.
* Fixes redundant retry setting times, if mis-POST At reached to API limitation.
* At unstable Twitter RESET API, large number of new tweet notifications are
sometimes happened.
Features:
* Note that Unbound implements RFC6303 (since version 1.4.7).
tcp-upstream yes/no option (works with set_option) for tunnels.
* The format of answers to the qtype ANY with a CNAME have changed, so that there can be proper validated DNSSEC answers for them. This is for queries with qtype ANY where the domain name has a CNAME. Now an answer is returned, where before it resulted in SERVFAIL due to validation failure. When DNSSEC validation is disabled, the contents of the response have changed: the CNAME is not followed, and the correct contents of the RRsets at the initial name are included (where previously only partial contents of the initial names could have been included but the CNAME was followed). The qtype ANY is a query for debug where the resolver is to fill in relevant data that happens to be at hand from the cache.
Bug Fixes:
* Fix validation of qtype ANY responses with CNAMEs. Unbound responds with the RR types that are available at the name for qtype ANY and validates those RR types. It does not test for completeness (i.e. with NSEC or NSEC3 query), and it does not follow the CNAME or DNAME to another name (with even more data for the already large response)
* Documented the options that work with control set_option command.
* Fix that internally, CNAMEs with NXDOMAIN have that as rcode.
* Fix validation of . DS query.
* Fix wildcard expansion no-data reply under an optout NSEC3 zone is validated as insecure.
* Fix python site-packages path to /usr/lib64.
* fix memory and fd leak after out-of-memory condition.
* contrib. patch fixes load of python modules.
* contrib. patch that fixes a memory leak in the unbound python module, in string conversions.
* Fix num-threads 0 does not segfault.
* Fix autoconf 2.68 warnings
* iana portlist updated
and isc-dhcrelay4. Here is quote from DHCP 4.2.2 Release Notes.
(http://ftp.isc.org/isc/dhcp/dhcp-4.2.2-RELNOTES)
Internet Systems Consortium DHCP Distribution
Version 4.2.2
27 July 2011
Release Notes
NEW FEATURES
ISC DHCP 4.2.x includes features that were not included in DHCP 4.1.x.
These include:
Processing the DHCP to DNS server transactions in an asynchronous fashion.
The DHCP server or client can now continue with it's processing while
awaiting replies from the DNS server.
There are a number of DHCPv6 limitations and features missing in this
release, which will be addressed in the future:
- Only Solaris, Linux, FreeBSD, NetBSD, and OpenBSD are supported.
- DHCPv6 includes human-readable text in status code messages, in
English. A method to reconfigure or support other languages would
be preferable.
- The "host-identifier" option is limited to a simple token.
- The client and server can only operate DHCPv4 or DHCPv6 at a time,
not both. To use both protocols simultaneously, two instances of the
relevant daemon are required, one with the '-6' command line option.
For information on how to install, configure and run this software, as
well as how to find documentation and report bugs, please consult the
README file.
ISC DHCP uses standard GNU configure for installation. Please review the
output of "./configure --help" to see what options are available.
The system has only been tested on Linux, FreeBSD, and Solaris, and may not
work on other platforms. Please report any problems and suggested fixes to
<dhcp-users@isc.org>.
Changes since 4.2.2rc1
! Two packets were found that cause a server to halt. The code
has been updated to properly process or reject the packets as
appropriate. Thanks to David Zych at University of Illinois
for reporting this issue. [ISC-Bugs #24960]
One CVE number for each class of packet.
CVE-2011-2748
CVE-2011-2749
Changes since 4.2.2b1
- Strict checks for content of domain-name DHCPv4 option can now be
configured during compilation time. Even though RFC2132 does not allow
to store more than one domain in domain-name option, such behavior is
now enabled by default, but this may change some time in the future.
See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
[ISC-Bugs #24167]
- DNS Update fix. A misconfigured server could crash during DNS update
processing if the configuration included overlapping pools or
multiple fixed-address entries for a single address. This issue
affected both IPv4 and IPv6. The fix allows a server to detect such
conditions, provides the user with extra information and recommended
steps to fix the problem. If the user enables the appropriate option
in site.h then server will be terminated
[ISC-Bugs #23595]
libnice 0.1.1 (2011-09-07)
==========================
Fixed BSD and Solaris compatibility
Fixed PPC64 symbol test
Removed a few possible leak/bugs
Fixed compatibility with google's recent protocol change
= Version 0.8.0
* [API] AMQP::Session#on_skipped_heartbeats callback that can be used to handle skipped heartbeats (for cases when TCP network failure detection is not timely enough)
* [API] AMQP::Exchange#publish calls now use a mutex on the channel exchange is declared on. Sharing channels between threads is discouraged but amqp gem covers your back in the most dangerous case.
* [API] AMQP::Channel#synchronize now can be used to guarantee mutual exclusion of multiple threads on channel instances.
* [BUG] Empty messages can finally be published fine. Yes, it took us just 3 years.
* [FEATURE] When connected to RabbitMQ, RabbitMQ-specific extensions are required automatically
* [FEATURE] AMQP::Session#broker and AMQP::Broker allow for broker capabilities inspection
* [FEATURE] New bitset-based channel id allocator
* [FEATURE] Multiple consumers per queue with AMQP::Consumer
* [FEATURE] Automatic recovery mode for channels
* [FEATURE] Network connection recovery callbacks for channels, exchanges, queues, consumers
* [API] Connection URI (string) format for vhosts no longer assumes that vhosts begin with a slash (/), learn more at http://bit.ly/mfzwcB
* [FEATURE] Returned messages, including header & content via AMQP::Exchange#on_publish. Callback accepts 3 args: basic_return, header, body
* [BUG] Ruby 1.8.7-p249 is not supported because of this (p249-specific) Ruby bug: http://bit.ly/iONBmH
* [FEATURE] AMQP::Utilities::EventLoopHelper detects app server (if any) being used and starts EventMachine reactor in an optimal way.
* [FEATURE] AMQP 0.9.1 support, including tx.* operations class.
* [API] Default authentication handler now raises AMQP::PossibleAuthenticationFailureError
* [API] AMQP::Channel#initialize now takes 3rd (optional) options hash.
* [API] Broker connection class is now AMQP::Session.
* [API] AMQP::Error instance now may carry cause, an exception that caused exception in question to be raised.
* [API] When initial TCP connection fails, default action is now to raise AMQP::TCPConnectionFailed.
* [API] AMQP::BasicClient#reconnect now takes 2nd optional argument, period of waiting in seconds.
* [FEATURE] Handlers for initial connection failure, connection loss; channel-level exceptions handlers on Channel instances.
* [API] AMQP::Exchange#initialize now accepts :arguments option that takes a hash.
* [API] AMQP::Queue#initialize now accepts :arguments option that takes a hash.
* [API] AMQP#Logger is deprecated. It will be removed before 1.0 release.
* [API] AMQP#fork is deprecated. It will be removed before 1.0 release.
* [API] AMQP::RPC is deprecated. It will be removed before 1.0 release.
* [FEATURE] Significant improvements to the documentation. From now on lack of/poor documentation is considered a severe bug.
* [FEATURE] Support for RabbitMQ extensions to AMQP 0.9.1
* [API] AMQP::Exchange#publish now accepts (an optional) callback.
* [API] AMQP::Channel.new now accepts (an optional) callback.
* [API] AMQP::Header#ack now can acknowledge multiple deliveries
* [API] AMQP::Exchange#delete now takes (an optional) block that is called when exchange.delete-ok response arrives.
* [API] AMQP::Header now implements #to_hash
* [API] AMQP::Queue#pop block now can take 1, 2 or 3 arguments.
* [API] AMQP::Queue#purge now takes an optional block which is called when queue.purge-ok response arrives.
* [API] AMQP::Queue#delete now takes an optional block which is called when queue.delete-ok response arrives.
* [API] AMQP::Queue#delete now accepts :nowait option.
* [API] AMQP::Queue#unbind now takes an optional block which is called when queue.unbind-ok response arrives.
* [API] AMQP::Queue#unbind now accepts :routing_key as alias to :key. we believe it is a good idea to use AMQP terms.
* [API] AMQP::Channel#prefetch now takes (an optional) 2nd parameter that specifies that QoS settings should be applied to underlying connection, as well as optional callback.
* [API] AMQP::Channel#recover now takes (an optional) callback that is called when basic.recover-ok is received.
* [API] AMQP::Frame is gone.
* [API] AMQP::Buffer is gone. Serialization & framing are now handled primarily by amq-protocol.
* [API] AMQP::Queue#publish is deprecated.
* [API] Name argument for AMQP::Queue.new and Channel#queue is optional.
= Version 0.7.2
* [BUG] Server-named queues declared en masse now get their unique names instead of all beign assigned the first generated name
* [API] Connection URI (string) format for vhosts no longer assumes that vhosts begin with a slash (/), learn more at http://bit.ly/mfzwcB
* [BUG] Queue#reset leaks consumer tags [#40].
<s.tesch@science-computing.de> on pkgsrc-users.
- Avoid consuming excessive CPU when matching filenames to patterns. Thanks to
Maksymilian Arciemowicz <cxib@securityreason.com>.
- Some bugfixes from Rapha
no apparent security impact.
At this point: v2.3.3 released!
===============================
- Fix compile. Extreme suckage.
At this point: v2.3.4 released!
===============================
* Bug Fixes
o wnpa-sec-2011-12
A large loop in the OpenSafety dissector could cause a crash.
o wnpa-sec-2011-13
A malformed IKE packet could consume excessive resources.
o wnpa-sec-2011-14
A malformed capture file could result in an invalid root tvbuff and cause a crash.
o wnpa-sec-2011-15
Wireshark could run arbitrary Lua scripts.
o wnpa-sec-2011-16
The CSN.1 dissector could crash.
Tor 0.2.2.32, the first stable release in the 0.2.2 branch, is finally
ready. More than two years in the making, this release features improved
client performance and hidden service reliability, better compatibility
for Android, correct behavior for bridges that listen on more than
one address, more extensible and flexible directory object handling,
better reporting of network statistics, improved code security, and
many many other features and bugfixes.
o Wedge in DESTDIR support. This is a little tricky since the
installation procedure wants to run scotty to parse and dump
the MIB files, and this needs to be done in DESTDIR. Therefore
we use the post-install target, to fix things up before packaging
and the real install.
o Fix the "dns" functionality not to use _res, since this program
is linked with libpthread that won't work on NetBSD (aborts the
program). Though the modified version still uses a global static
variable.
o Add comments to all the patch files.
o Eliminate use of ${WRKSRC}/.., since pkglint objects to it. Instead
use BUILD_DIRS and CONFIGURE_DIRS.
o Add a LICENSE setting, 2-clause-bsd appears most similar.
o Bump PKGREVISION for the above changes.
pkgsrc change: add a patch to fix build problem with some PKG_OPTIONS,
such as "ldap".
New Features
9.8.1
* Added a new include file with function typedefs for the DLZ
"dlopen" driver. [RT #23629]
* Added a tool able to generate malformed packets to allow testing of
how named handles them. [RT #24096]
* The root key is now provided in the file bind.keys allowing DNSSEC
validation to be switched on at start up by adding
"dnssec-validation auto;" to named.conf. If the root key provided
has expired, named will log the expiration and validation will not
work. More information and the most current copy of bind.keys can
be found at http://www.isc.org/bind-keys. *Please note this feature
was actually added in 9.8.0 but was not included in the 9.8.0
release notes. [RT #21727]
Security Fixes
9.8.1
* If named is configured with a response policy zone (RPZ) and a
query of type RRSIG is received for a name configured for RRset
replacement in that RPZ, it will trigger an INSIST and crash the
server. RRSIG. [RT #24280]
* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
* Using Response Policy Zone (RPZ) to query a wildcard CNAME label
with QUERY type SIG/RRSIG, it can cause named to crash. Fix is
query type independant. [RT #24715]
* Using Response Policy Zone (RPZ) with DNAME records and querying
the subdomain of that label can cause named to crash. Now logs that
DNAME is not supported. [RT #24766]
* Change #2912 populated the message section in replies to UPDATE
requests, which some Windows clients wanted. This exposed a latent
bug that allowed the response message to crash named. With this
fix, change 2912 has been reduced to copy only the zone section to
the reply. A more complete fix for the latent bug will be released
later. [RT #24777]
Feature Changes
9.8.1
* Merged in the NetBSD ATF test framework (currently version 0.12)
for development of future unit tests. Use configure --with-atf to
build ATF internally or configure --with-atf=prefix to use an
external copy. [RT #23209]
* Added more verbose error reporting from DLZ LDAP. [RT #23402]
* The DLZ "dlopen" driver is now built by default, no longer
requiring a configure option. To disable it, use "configure
--without-dlopen". (Note: driver not supported on win32.) [RT
#23467]
* Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
* Make --with-gssapi default for ./configure. [RT #23738]
* Improved the startup time for an authoritative server with a large
number of zones by making the zone task table of variable size
rather than fixed size. This means that authoritative servers with
lots of zones will be serving that zone data much sooner. [RT
#24406]
* Per RFC 6303, RFC 1918 reverse zones are now part of the built-in
list of empty zones. [RT #24990]
* Image Preview: fix open failer with multi-line HTML tag.
* Image Preview: enable to force extracting short URL.
* With Ruby 1.8.7: fix crash at right-click on tweets contains URL.
* With Ruby 1.8.7: fix rare crash at connection timeout.
* fix rare crash at extracting bit.ly URL.
* improve URL extracting speed.
Flickcurl is a C library for the Flickr API, handling creating the
requests, signing, token management, calling the API, marshalling
request parameters and decoding responses. It uses libcurl to call
the REST web service and libxml2 to manipulate the XML responses.
Flickcurl supports all of the API including the functions for
photo/video uploading, browsing, searching, adding and editing
comments, groups, notes, photosets, categories, activity, blogs,
favorites, places, tags, machine tags, institutions, pandas and
photo/video metadata. It also includes a program flickrdf to turn
photo metadata, tags, machine tags and places into an RDF triples
description.