based on pkgsrc-wip/dbus-sharp.
This is a fork of ndesk-dbus, which is a C# implementation of D-Bus. It's often
referred to as "managed D-Bus" to avoid confusion with existing bindings (which
wrap libdbus).
-------------------------
Version 1.33, released 2013-03-30.
It brings long options, a new double overwrite mode (-2) and
a man page.
Version 1.32
has a new option -x to append to the output file
and you can specify -Y (multiple times if you wish so) to
write the same data to secondary output files.
Version 1.31 (2013-02-03)
brought a few tiny improvements in the output (such as
displaying the total elapsed time in the summary as opposed to
ETA of 0, and the amount of data really written with option
-W). But importantly, it has the new mode of triple
overwriting of data (options -3 and -4), with random numbers,
inverse random numbers, new random numbers (only for -4) and
zeros, this way allowing paranoia-safe deletion of
information.
Version 1.30 (2013-01-25)
brought a fix for outputting data to stdout and a fix for a
possible double free operation (introduced in 1.29). The
message formatting has been streamlined a bit. The PRNG can
now be initialized from a file (e.g. -Z /dev/urandom). The
program now can also avoid writing to a target block if the
target block already has the same data (option -W). Think of
SSDs or other devices where you want to avoid writes.
In Version 1.29 (2013-01-22)
a bug was fixed, where the last bytes where not copied
corrected if hardbs == softbs. 1.29 also brings a number of
new features; the ability to write the same (softbs sized)
block again and again (option -R, automatically set if infile
is /dev/zero), the ability to limit transfer size such that
the outfile won't be enlarged (-M) and the possibility to use
userspace random numbers (libc/frandom) to fill files with
random data (options -z and -Z). Last not least, OBS also
builds .deb binaries for Ubu12.04 / Deb6 now.
Version is 1.28 (released 2012-05-19)
uses better defaults for hard and softblock sizes (4k/64k
for buffered I/O, 512/1M for direct IO), as suggested by Jan
Kara. Also the copying of access times with the option -p
was fixed.
Version 1.27
allowed to do 512b direct IO (which is possible in latest
Linux kernels) -- idea and patch from Jan Kara. Change
posix_memalign() variable assignment. It has a number of
fixes from Valentin Lab; most importantly, when exiting
because of an error, it updates the variables that are
output. dd_rescue now avoid specal characters in the
logfile. It handles situations gracefully, where wrong
positions resulted in the progress graph causing
faults. Some come from illegal input (negative offset ...),
which is nw detected.
Version 1.25
contains a fix for spurious "Success" messages that resulted
from overwritten (cleared) errno. Bad blocks are formatted
in a way that they are not overwritten on screen and block
numbers are output as unsigned.
Version 1.24
contains a compile fix for Linux versions that contain the
splice syscall but not the other definitions. I also allows
for specifying a directory (such as ".") as output filename
in which case dd_rescue just appends the input file basename
to it, just like cp does. Maybe most importantly, the RPM
now contains the latest version of dd_rhelp (0.1.2).
VS: ----------------------------------------------------------------------
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
All:
- Due to an incorrect message from last release, here is corrected
information on when a Linux installation is potentially dangerous:
New autoconf tests for sys/capability.h and cap_*() functions
from Linux -lcap
WARNING: If you do not see this:
checking for sys/capability.h... yes
...
checking for cap_get_proc in -lcap... yes
checking for cap_get_proc... yes
checking for cap_set_proc... yes
checking for cap_set_flag... yes
checking for cap_clear_flag... yes
your Linux installation is insecure in case you ever use the
command "setcap" to set up file capabilities for executable commands.
Note that cdrtools (as any other command) need to be capabylity aware
in order to avoid security leaks with enhanced privileges. In most
cases, privileges are only needed for a very limited set of operations.
If cdrtools (cdrecord, cdda2wav, readcd) are installed suid-root, the
functions to control privileges are in the basic set of supported
functions and thus there is no problem for any program to control it's
privileges - if they have been obtained via suid root, you are on a
secure system.
If you are however on an incomplete installation, that supports to
raise privileges via fcaps but that does not include developer support
for caps, the programs get the privileges without being able to know
about the additional privileges and thus keep them because they cannot
control them.
WARNING: If you are on a Linux system that includes support for
fcaps (this is seems to be true for all newer systems with
Linux >= 2.6.24) and there is no development support for capabilities
in the base system, you are on an inherently insecure system that allows
to compile and set up programs with enhanced privileges that cannot
control them.
In such a case, try to educate the security manager for the related
Linux distribution. Note that you may turn your private installation
into a secure installation by installing development support for libcap.
- WARNING: the include structure of include/schily/*.h and several sources
has been restructured to cause less warnings with older OS platforms.
If you see any new problem on your personal platform, please report.
- New includefiles:
schily/poll.h Support poll()
schily/stdarg.h An alias to schily/varargs.h (but using the std name)
schily/sunos4_proto.h Missing prototypes for SunOS-4.x to make gcc quiet
schily/timeb.h Needed for users of ftime()
- Many minor bug-fixes for the files include/schily/*.h
- include/schily/archconf.h now defines __SUNOS5 for easier coding
- include/schily/priv.h now defines platform independent fine grained privileges
- Updated README.compile:
Some typo patches from Jan Engelhardt <jengelh@inai.de>
Documented the "LINKMODE=" macro to explain how to create dynamically
linked bynaries.
Libschily:
- Added #include <schily/libport.h> to libschily/fnmatch.c
Libedc (Optimized by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):
- Added #include <schily/libport.h>
Libdeflt:
- Added #include <schily/libport.h>
Libfind:
- dirname -> dir_name to avoid a gcc warning
Libhfs_iso:
- Rename variable "utime" to "uxtime" to avoid a compiler warning
Libscg:
- Repositioned #ifdefs to avoid unused variable definitions in
libscg/scsi-sun.c
- libscg/scsi-linux-ata.c now aborts early if errno == EPERM. This now
makes it behave like libscg/scsi-linux-sg.c
- A new scg flag SCGF_PERM_PRINT tells libscg to print a more verbose error
in case that a SCSI comand was aborted with errno == EPERM.
Cdrecord:
- Allow to compile without Linux libcap using "smake COPTX=-DNO_LINUX_CAPS LIB_CAP="
- Cdrecord now checks whether there are sufficient fine grained privileges.
- Cdrecord now uses the new flag SCGF_PERM_PRINT to get better warnings if the
permissions granted by the OS are not sufficient.
Cdda2wav (Maintained/enhanced by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):
- Include file reordering to avoid warnings on older platforms
- Allow to compile without Linux libcap using "smake COPTX=-DNO_LINUX_CAPS LIB_CAP="
- Repositioned #ifdefs to avoid unused variable definitions in
cdda2wav/sndconfig.c
- Cdda2wav now checks whether there are sufficient fine grained privileges.
- Work around a bug in sys/param.h FreeBSD-9.1, that #define's __FreeBSD_kernel__
instead of #define __FreeBSD_kernel__ 9 that would be needed for Debian
k-FreeBSD compatibility.
The bug affects cdda2wav/mycdrom.h
Readcd:
- Allow to compile without Linux libcap using "smake COPTX=-DNO_LINUX_CAPS LIB_CAP="
- Readcd now checks whether there are sufficient fine grained privileges.
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
- Make mkisofs compile without -DUDF and without -DDVD_VIDEO
Thanks to a hint from rmd4work@mail.ru
add: new supported ThinkPad X40
chg: adjusted poll interval to 200ms, which has a acceptable responsiveness
add: support for udev filesystem
and many bug fixes.
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
D-Bus Python Bindings 1.2.0 (2013-05-07)
========================================
The "compile like it's 1998" release.
Dependencies:
• libdbus 1.6 or later is now required.
Enhancements:
• Unicode Corrigendum 9: when used with a suitable version of libdbus
(1.6.10 or later, or 1.7.2 or later), noncharacters in strings are
now accepted
Fixes:
• Support DBusException('something with non—ASCII') under Python 2
(Michael Vogt, smcv; fd.o #55899)
• Correct some misleading wording in COPYING which was written under the
assumption that libdbus could actually be relicensed to MIT/X11
(Thiago Macieira)
• Avoid variable-length arrays, because MSVC++ is still stuck in 1998
(based on patches from Christoph Höger, fd.o #51725)
• Remove unnecessary uses of stdint.h (fd.o #51725)
• Add support for Unix compilers not supporting 'inline', for completeness
• Use GObject.__class__ instead of GObjectMeta, which can no longer be
imported from gi.repository.GObject in pygobject 3.8
• Fix autoreconfiscation on Automake 1.13 (Marko Lindqvist, fd.o #59006)
etckeeper is a collection of tools to let /etc be stored in a git,
mercurial, darcs, or bzr repository. It hooks into apt (and other
package managers including yum and pacman-g2) to automatically commit
changes made to /etc during package upgrades. It tracks file metadata
that revison control systems do not normally support, but that is
important for /etc, such as the permissions of /etc/shadow.
It's quite modular and configurable, while also being simple to use
if you understand the basics of working with revision control.
The GFM is an application allowing to manipulate single/group/tigroup files. It
can:
* create a new file
* open an existing file
* save file
* rename variables
* remove variables
* create folders
* group files into a group/tigroup file
* ungroup a group/tigroup file into single files
D-Bus Python Bindings 1.2.0 (2013-05-07)
========================================
The "compile like it's 1998" release.
Dependencies:
• libdbus 1.6 or later is now required.
Enhancements:
• Unicode Corrigendum 9: when used with a suitable version of libdbus
(1.6.10 or later, or 1.7.2 or later), noncharacters in strings are
now accepted
Fixes:
• Support DBusException('something with non—ASCII') under Python 2
(Michael Vogt, smcv; fd.o #55899)
• Correct some misleading wording in COPYING which was written under the
assumption that libdbus could actually be relicensed to MIT/X11
(Thiago Macieira)
• Avoid variable-length arrays, because MSVC++ is still stuck in 1998
(based on patches from Christoph Höger, fd.o #51725)
• Remove unnecessary uses of stdint.h (fd.o #51725)
• Add support for Unix compilers not supporting 'inline', for completeness
• Use GObject.__class__ instead of GObjectMeta, which can no longer be
imported from gi.repository.GObject in pygobject 3.8
• Fix autoreconfiscation on Automake 1.13 (Marko Lindqvist, fd.o #59006)
D-Bus 1.6.10 (2013-04-24)
==
The “little-known facts about bananas” release.
• Following Unicode Corrigendum #9, the noncharacters U+nFFFE, U+nFFFF,
U+FDD0..U+FDEF are allowed in UTF-8 strings again.
(fd.o #63072, Simon McVittie)
• Diagnose incorrect use of dbus_connection_get_data() with negative slot
(i.e. before allocating the slot) rather than returning junk
(fd.o #63127, Dan Williams)
• In the activation helper, when compiled for tests, do not reset the system
bus address, fixing the regression tests. (fd.o #52202, Simon)
• Fix building with Valgrind 3.8, at the cost of causing harmless warnings
with Valgrind 3.6 on some compilers (fd.o #55932, Arun Raghavan)
• Don't leak temporary fds pointing to /dev/null (fd.o #56927, Michel HERMIER)
• Create session.d, system.d directories under CMake (fd.o #41319,
Ralf Habacker)
• Unix-specific:
· Include alloca.h for alloca() if available, fixing compilation on
Solaris 10 (fd.o #63071, Dagobert Michelsen)
- added to MESSAGE advising of rc.d script changes
- added BASH as a tool
- fixed pygrub install so that it doesn't get overwritten with a symlink
- turned oxenstored.conf into a proper config file
functional for PV domains. Support for HVM domains and grant tables
is still to come. Note that xm/xend is deprecated in this version.
You should switch to using xl (which is tested to be working) if
you can.
----- 4.2.2
Xen 4.2.2 is a maintenance release in the 4.2 series and contains:
We recommend that all users of Xen 4.2.1 upgrade to Xen 4.2.2.
This release fixes the following critical vulnerabilities:
CVE-2012-5634 / XSA-33: VT-d interrupt remapping source
validation flaw
CVE-2013-0151 / XSA-34: nested virtualization on 32-bit
exposes host crash
CVE-2013-0152 / XSA-35: Nested HVM exposes host to being
driven out of memory by guest
CVE-2013-0153 / XSA-36: interrupt remap entries shared and
old ones not cleared on AMD IOMMUs
CVE-2013-0154 / XSA-37: Hypervisor crash due to incorrect
ASSERT (debug build only)
CVE-2013-0215 / XSA-38: oxenstored incorrect handling of
certain Xenbus ring states
CVE-2012-6075 / XSA-41: qemu (e1000 device driver): Buffer
overflow when processing large packets
CVE-2013-1917 / XSA-44: Xen PV DoS vulnerability with SYSENTER
CVE-2013-1919 / XSA-46: Several access permission issues with
IRQs for unprivileged guests
CVE-2013-1920 / XSA-47: Potential use of freed memory in event
channel operations
CVE-2013-1922 / XSA-48: qemu-nbd format-guessing due to missing
format specification
This release contains many bug fixes and improvements (around
100 since Xen 4.2.1). The highlights are:
ACPI APEI/ERST finally working on production systems
Bug fixes for other low level system state handling
Bug fixes and improvements to the libxl tool stack
Bug fixes to nested virtualization
----- 4.2.1
Xen 4.2.1 is a maintenance release in the 4.2 series and contains:
We recommend that all users of Xen 4.2.0 upgrade to Xen 4.2.1.
The release fixes the following critical vulnerabilities:
CVE-2012-4535 / XSA-20: Timer overflow DoS vulnerability
CVE-2012-4537 / XSA-22: Memory mapping failure DoS
vulnerability
CVE-2012-4538 / XSA-23: Unhooking empty PAE entries DoS
vulnerability
CVE-2012-4539 / XSA-24: Grant table hypercall infinite
loop DoS vulnerability
CVE-2012-4544, CVE-2012-2625 / XSA-25: Xen domain builder
Out-of-memory due to malicious kernel/ramdisk
CVE-2012-5510 / XSA-26: Grant table version switch list
corruption vulnerability
CVE-2012-5511 / XSA-27: Several HVM operations do not
validate the range of their inputs
CVE-2012-5513 / XSA-29: XENMEM_exchange may overwrite
hypervisor memory
CVE-2012-5514 / XSA-30: Broken error handling in
guest_physmap_mark_populate_on_demand()
CVE-2012-5515 / XSA-31: Several memory hypercall operations
allow invalid extent order values
CVE-2012-5525 / XSA-32: several hypercalls do not validate
input GFNs
Among many bug fixes and improvements (around 100 since Xen 4.2.0):
A fix for a long standing time management issue
Bug fixes for S3 (suspend to RAM) handling
Bug fixes for other low level system state handling
Bug fixes and improvements to the libxl tool stack
Bug fixes to nested virtualization
----- 4.2.0
The Xen 4.2 release contains a number of important new features
and updates including:
The release incorporates many new features and improvements to
existing features. There are improvements across the board including
to Security, Scalability, Performance and Documentation.
XL is now the default toolstack: Significant effort has gone
in to the XL tool toolstack in this release and it is now feature
complete and robust enough that we have made it the default. This
toolstack can now replace xend in the majority of deployments, see
XL vs Xend Feature Comparison. As well as improving XL the underlying
libxl library has been significantly improved and supports the
majority of the most common toolstack features. In addition the
API has been declared stable which should make it even easier for
external toolstack such as libvirt and XCP's xapi to make full use
of this functionality in the future.
Large Systems: Following on from the improvements made in 4.1
Xen now supports even larger systems, with up to 4095 host CPUs
and up to 512 guest CPUs. In addition toolstack feature like the
ability to automatically create a CPUPOOL per NUMA node and more
intelligent placement of guest VCPUs on NUMA nodes have further
improved the Xen experience on large systems. Other new features,
such as multiple PCI segment support have also made a positive
impact on such systems.
Improved security: The XSM/Flask subsystem has seen several
enhancements, including improved support for disaggregated systems
and a rewritten example policy which is clearer and simpler to
modify to suit local requirements.
Documentation: The Xen documentation has been much improved,
both the in-tree documentation and the wiki. This is in no small
part down to the success of the Xen Document Days so thanks to all
who have taken part.
---- 4.2.2
Xen 4.2.2 is a maintenance release in the 4.2 series and contains:
We recommend that all users of Xen 4.2.1 upgrade to Xen 4.2.2.
This release fixes the following critical vulnerabilities:
CVE-2012-5634 / XSA-33: VT-d interrupt remapping source
validation flaw
CVE-2013-0151 / XSA-34: nested virtualization on 32-bit
exposes host crash
CVE-2013-0152 / XSA-35: Nested HVM exposes host to being
driven out of memory by guest
CVE-2013-0153 / XSA-36: interrupt remap entries shared and
old ones not cleared on AMD IOMMUs
CVE-2013-0154 / XSA-37: Hypervisor crash due to incorrect
ASSERT (debug build only)
CVE-2013-0215 / XSA-38: oxenstored incorrect handling of
certain Xenbus ring states
CVE-2012-6075 / XSA-41: qemu (e1000 device driver): Buffer
overflow when processing large packets
CVE-2013-1917 / XSA-44: Xen PV DoS vulnerability with SYSENTER
CVE-2013-1919 / XSA-46: Several access permission issues with
IRQs for unprivileged guests
CVE-2013-1920 / XSA-47: Potential use of freed memory in event
channel operations
CVE-2013-1922 / XSA-48: qemu-nbd format-guessing due to missing
format specification
This release contains many bug fixes and improvements (around
100 since Xen 4.2.1). The highlights are:
ACPI APEI/ERST finally working on production systems
Bug fixes for other low level system state handling
Bug fixes and improvements to the libxl tool stack
Bug fixes to nested virtualization
----- 4.2.1
Xen 4.2.1 is a maintenance release in the 4.2 series and contains:
We recommend that all users of Xen 4.2.0 upgrade to Xen 4.2.1.
The release fixes the following critical vulnerabilities:
CVE-2012-4535 / XSA-20: Timer overflow DoS vulnerability
CVE-2012-4537 / XSA-22: Memory mapping failure DoS vulnerability
CVE-2012-4538 / XSA-23: Unhooking empty PAE entries DoS vulnerability
CVE-2012-4539 / XSA-24: Grant table hypercall infinite
loop DoS vulnerability
CVE-2012-4544, CVE-2012-2625 / XSA-25: Xen domain builder
Out-of-memory due to malicious kernel/ramdisk
CVE-2012-5510 / XSA-26: Grant table version switch list
corruption vulnerability
CVE-2012-5511 / XSA-27: Several HVM operations do not
validate the range of their inputs
CVE-2012-5513 / XSA-29: XENMEM_exchange may overwrite hypervisor memory
CVE-2012-5514 / XSA-30: Broken error handling in
guest_physmap_mark_populate_on_demand()
CVE-2012-5515 / XSA-31: Several memory hypercall operations
allow invalid extent order values
CVE-2012-5525 / XSA-32: several hypercalls do not validate input GFNs
Among many bug fixes and improvements (around 100 since Xen 4.2.0):
A fix for a long standing time management issue
Bug fixes for S3 (suspend to RAM) handling
Bug fixes for other low level system state handling
Bug fixes and improvements to the libxl tool stack
Bug fixes to nested virtualization
----- 4.2.0
The Xen 4.2 release contains a number of important new features
and updates including:
The release incorporates many new features and improvements to
existing features. There are improvements across the board including
to Security, Scalability, Performance and Documentation.
XL is now the default toolstack: Significant effort has gone
in to the XL tool toolstack in this release and it is now feature
complete and robust enough that we have made it the default. This
toolstack can now replace xend in the majority of deployments, see
XL vs Xend Feature Comparison. As well as improving XL the underlying
libxl library has been significantly improved and supports the
majority of the most common toolstack features. In addition the
API has been declared stable which should make it even easier for
external toolstack such as libvirt and XCP's xapi to make full use
of this functionality in the future.
Large Systems: Following on from the improvements made in 4.1
Xen now supports even larger systems, with up to 4095 host CPUs
and up to 512 guest CPUs. In addition toolstack feature like the
ability to automatically create a CPUPOOL per NUMA node and more
intelligent placement of guest VCPUs on NUMA nodes have further
improved the Xen experience on large systems. Other new features,
such as multiple PCI segment support have also made a positive
impact on such systems.
Improved security: The XSM/Flask subsystem has seen several
enhancements, including improved support for disaggregated systems
and a rewritten example policy which is clearer and simpler to
modify to suit local requirements.
Documentation: The Xen documentation has been much improved,
both the in-tree documentation and the wiki. This is in no small
part down to the success of the Xen Document Days so thanks to all
who have taken part.
