* make test works again
* Many bounds checking fixes from Tobias Stoeckmann
* Improve error when the authentication token cannot be found
* close the IPv4 specific UDP socket when done sending
* Implemented a write queue to the control sockets
* Only send interfaces to control sockets when in a BOUND state
* Add a sample controlgroup directive to dhcpcd.conf to make setup easier
* Add variables if_oneup and if_ipwaited so hook scripts know the overall
state of dhcpcd better
* Pass RC_SVCNAME from enviromment to hooks so that a service hook can
know it's name (may not be dhcpcd)
* Document every variable set for dhcpcd-run-hooks(8)
* Use the nl80211 interface on Linux to get the wireless SSID if we fail
to get it via WEXT
* Allow SSIDs with non printable characters to be used in ssid selection
in dhcpcd.conf
* Add an unprivileged control socket so that normal users can obtain
dhcpcd running state
* Remove all instances of if_indextoname as we already know the index
* Only bring in linux/ipv6.h for linux AND glibc
* Add _DEFAULT_SOURCE #define to to make glibc-2.20 happy
* Check we have allocated IPv6 resources before checkings RA's
* configure errors are now logged to config.log
* Only hunt for a cross compiler if build != host
* Detect removal of IPv6 routes
* Don't add link-local addresses to POINTOPOINT interfaces
* Don't discard expired DHCPv6 leases when dumping them
* If a DHCPv6 lease has no timers, expire it right away
* Report delegated addresses
* Call dhcpcd-run-hooks correctly when delegated prefixes already exist
* Fix a memory error when ia_* config exists but IPv6 is disabled
* Ensure servername and bootfile are safely exported
* Sanitise the following characters using svis(3) with VIS_CTYLE and
VIS_OCTAL:
| ^ & ; < > ( ) $ ` \ " ' <tab> <newline>
This allows a non buggy unvis(1) to decode it 100% and stays compatible
with how dhcpcd used to handle encoding on most platforms.
For systems that supply svis(3) there is a code reduction, for systems
that do not, a slight code increase. This change mitigates systems
affected by bash CVE-2014-6271 and CVE-2014-7169.
OK: jperkin@
fix inode check result rrd handling for all BSDish systems; if you use
xymon-4.3.17nb1 on *BSD you may have lots of inode<number>.rrd files
in /var/xymon/rrd, since it used iavail instead of the name of the
filesystem mount to identify the inode usage stats.
* Update translations
* Add Portuguese language
* Fixes crash with passing Listner to select of setting DSL
* Remove unused remaining UI settings
* show retweets
* show faved
* Fixes to work some checkbox in standard plugins' settings properly.
On behalf of Twisted Matrix Laboratories, Iâm releasing Twisted
14.0.1, a security release for Twisted 14.0. It is strongly suggested
that users of 14.0.0 upgrade to this release.
This patches a bug in Twisted Webâs Agent, where BrowserLikePolicyForHTTPS
would not honour the trust root given, and would use the system
trust root instead. This would have broken, for example, attempting
to pin the issuer for your HTTPS application because you only trust
one issuer.
Note: on OS X, with the system OpenSSL, you still can't fully rely
on this API for issuer pinning, due to modifications by Apple â
please see https://hynek.me/articles/apple-openssl-verification-surprises/
for more details.
Changes:
- BUG: config: error in http-response replace-header number of arguments
- BUG/MINOR: Fix search for -p argument in systemd wrapper.
- BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm
- BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported
- MEDIUM: connection: add new bit in Proxy Protocol V2
- BUG/MINOR: server: move the directive #endif to the end of file
- BUG/MEDIUM: http: tarpit timeout is reset
- BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
- BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
- BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
- BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
- BUG/MEDIUM: acl: correctly compute the output type when a converter is used
- CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
- BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer
patches/patch-aa seems to have been committed upstream. Passing readline
location to configure and fixing CCOPTS in Makefile.in seems to not be
necessary anymore. From CHANGES:
####################### V 1.7.2.4:
corrections:
LISTEN based addresses applied some address options, e.g. so-keepalive,
to the listening file descriptor instead of the connected file
descriptor
make failed after configure with non gcc compiler due to missing
include.
configure checked for --disable-rawsocket but printed
--disable-genericsocket in the help text.
In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
Probably no impact.
procan could not cleanly format ulimit values longer than 16 decimal
digits. Thanks to Frank Dana for providing a patch that increases field
width to 24 digits.
OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
"Invalid argument"
Changed some variable definitions to make gcc -O2 aliasing checker happy
On big endian platforms with type long >32bit the range option applied a
bad base address.
Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()
Red Hat issue 1022063: out-of-range shifts on net mask bits
Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()
Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
uses
Red Hat issue 1021958: fixed a bug with faulty buffer/data length
calculation in xio-ascii.c:_xiodump()
Red Hat issue 1021972: fixed a missing NUL termination in return string
of sysutils.c:sockaddr_info() for the AF_UNIX case
fixed some typos and minor issues, including:
Red Hat issue 1021967: formatting error in manual page
UNIX-LISTEN with fork option did not remove the socket file system entry
when exiting. Other file system based passive address types had similar
issues or failed to apply options umask, user e.a.
porting:
Red Hat issue 1020203: configure checks fail with some compilers.
Use case: clang
Performed changes for Fedora release 19
Adapted, improved test.sh script
Red Hat issue 1021429: getgroupent fails with large number of groups;
use getgrouplist() when available instead of sequence of calls to
getgrent()
Red Hat issue 1021948: snprintf API change;
Implemented xio_snprintf() function as wrapper that tries to emulate C99
behaviour on old glibc systems, and adapted all affected calls
appropriately
Mike Frysinger provided a patch that supports long long for time_t,
socklen_t and a few other libc types.
Artem Mygaiev extended Cedril Priscals Android build script with pty code
The check for fips.h required stddef.h
Check for linux/errqueue.h failed on some systems due to lack of
linux/types.h inclusion.
autoconf now prefers configure.ac over configure.in
type of struct cmsghdr.cmsg is system dependend, determine it with
configure; some more print format corrections
docu:
libwrap always logs to syslog
added actual text version of GPLv2
####################### V 1.7.2.3:
security:
CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
overflow with data from command line (see socat-secadv5.txt)
libnet 1.27 -- Fri May 30 2014
* Simplified Makefile.PL requirements.
libnet 1.26 -- Fri May 30 2014
* Set minimum required ExtUtils::MakeMaker version to 6.64 to ensure that all
parameters used are supported, to save jumping through hoops to support
earlier versions. (This should not be a problem since ExtUtils::MakeMaker
6.64 is easily installed into Perl 5.8.1 and above, that being the whole
point of the new choice of minimum supported Perl version.)
* Set minimum required Perl version to 5.8.1. This is in line with the
minimum requirement of the "Perl Toolchain".
libnet 1.25 -- Tue Feb 04 2014
* Fix Net::FTP::pasv_wait() not handling errors from Net::Cmd::reponse()
[bergner@cs.umu.se; resolves CPAN RT#50420]
* Make inheritance from Net::Cmd clearer in the documentation [Resolves CPAN
RT#72889]
* Set timeout for data connection creation in Net::FTP [Oleg G; resolves CPAN
RT#78926]
* Stop Net::Domain::domainname() from giving out warnings in android [Brian
Fraser]
libnet 1.24 -- Mon Jan 06 2014
* Fix incorrect handling of CRLF in Net::FTP [Willem Monsuwé; resolves CPAN
RT#41642/62029]
* POD fixes [Dominic Hargreaves; resolves CPAN RT#91761]
4.075 Wed Jun 11 11:41:17 PDT 2014
make CPAN happy with new rev number
4.074 Wed Jun 11 09:36:10 PDT 2014
In Lite.pm v1.54,
change input filter for resolvable hostnames
to allow the underscore character
Thanks to grankio [...] gmail.com for the heads up on this issue.
4.073 Sat Apr 5 09:32:11 PDT 2014
add documentation about FQDN conversion and
an option to disable
4.072 Mon Jan 27 11:59:58 PST 2014
modify Makefile.PL to bypass missing 'pod2text'
4.071 Mon Sep 30 13:41:03 PDT 2013
add method "canon" by request from <tom.jones@bccx.com>
4.070 Thu Sep 12 12:54:22 PDT 2013
nth documention error fixed. thanks to Anton tobez@tobez.org
Lite v1.51, add new6FFFF, RFC4291 compliant ipv4->ipV6 new
**** 0.79 Aug 22, 2014
Feature rt.cpan.org #98149
Add support for Android platform.
Fix rt.cpan.org #97736
Net::DNS::Resolver->new mistakenly copies supplied arguments
into default configuration on first instantiation.
Fix rt.cpan.org #97502
Net::DNS::Resolver->retrans does not accept a value of 1 (uses 2 instead)
Fix rt.cpan.org #83642
Configure CD flag in Net::DNS::Resolver->new
Fix rt.cpan.org #81760
Reverted workaround for TXT issue preventing propagation of
rule updates for SpamAssassin versions earlier than 3.4.0
Fix rt.cpan.org #16630
Net::DNS::Resolver::Recurse issues lots of IMHO unnecessary DNS requests.
**** 0.78 Jul 10, 2014
Fix rt.cpan.org #97036
Nameserver identification on Cygwin
Fix rt.cpan.org #96814
Trailing comments not stripped in /etc/resolv.conf
Fix rt.cpan.org #96812
Net::DNS::Resolver->new() hangs if nameserver :: exists
Fix rt.cpan.org #96755
RFC 3597 (hex) parsing mistake
Fix rt.cpan.org #96708
String treated as boolean in TXT
Fix rt.cpan.org #96608
"Insecure dependency in connect" with Net::DNS::Resolver over TCP
Fix rt.cpan.org #96535
Net::DNS::Resolver warns "Use of uninitialized value in length"
Fix rt.cpan.org #96531
Calling $resolver->nameservers multiple times returns an
increasingly-long list (on some perl installations)
Fix rt.cpan.org #96439
Uninitialised decoding object when printing packet
**** 0.77 Jun 13, 2014
Fix rt.cpan.org #96151
Unlocalised $_ modified when reading config file
Fix rt.cpan.org #96135
Deep recursion problem on Cygwin
Fix rt.cpan.org #96119
"Too late to run INIT block" warning for require Net::DNS
Fix rt.cpan.org #96035
Insert missing plan 'no-plan' in 10-recurse.t
Fix inefficient Net::DNS::SEC compatibility code
**** 0.76 May 23, 2014
Fix rt.cpan.org #95738
Test failure with IPv6 address in resolver.conf but without
prerequisite IO::Socket::INET6 package installed.
Fix rt.cpan.org #95596
Incorrect parsing of nameserver lines in resolv.conf
Feature rt.cpan.org #79568
Implement prefer_v6 resolver configuration attribute.
Fix rt.cpan.org #67602
Set resolver configuration defaults at first instantiation
instead of module load time.
**** 0.75 May 8, 2014
Fix rt.cpan.org #94069
Compile-time constant in Domain.pm/Text.pm cannot be used to
store pointer to encoding object when using perlcc compiler.
Thanks are due to Reini Urban for testing the revised code.
Fix rt.cpan.org #93764
Resolver gives unhelpful errorstring when attempting to use
IPv6-only nameserver without INET6 and Socket6 installed.
Fix rt.cpan.org #92626
Clarify documentation surrounding SRV RR sorting
Feature
Implement TSIG verified zone transfer.
Fix rt.cpan.org #92433 & #91241
TSIG: implement sign/verify for multi-packet message.
Fix rt.cpan.org #79569
Iterate nameservers in AXFR
**** 0.74 Jan 16, 2014
Fix rt.cpan.org #91306
Nameserver crashes on malformed UDP query.
Fix rt.cpan.org #91241
TSIG: Fix incorrectly generated %algbyval table.
Feature
Add CAA, EUI48 and EUI64 RR implementation.
**** 0.73 Nov 29, 2013
Fix rt.cpan.org #88778
$update->unique_push() does not work as advertised.
Fix rt.cpan.org #88744
Nameserver crashes on malformed TCP query.
Fix rt.cpan.org #84601/#81942
Fix memory leak on packet cleanup. Indirect self-reference via
header prevented garbage collector from deallocating packet.
Feature rt.cpan.org #84468
TSIG: add support for HMAC-SHA1 .. HMAC-SHA512
Fix rt.cpan.org #84110
Incorrect parsing of PTR records in zonefile.
Fix rt.cpan.org #83755
Erroneous attempt to invoke Net::LibIDN package in Domain.pm.
Fix rt.cpan.org #83078
Can't locate Net/DNS/Resolver/linux.pm in @INC
Conjecture: eval{ ... }; if ($@) { ... }; broken by threads.
Fix rt.cpan.org #83075
ZoneFile.pm wrongly rejects $TTL 0 directive.
Fix rt.cpan.org #82621
Error string empty after failed TCP query.
Fix rt.cpan.org #82296
IPv6 with embedded IPv4 address not mapped to ip6.arpa.
Fix rt.cpan.org #82294
Perl taint inadvertently removed in Domain and Text objects.
Feature rt.cpan.org #53610
add TSIG validation support
2013-06-23 Shlomi Fish <shlomif@shlomifish.org>
* Add minimum version of perl to 5.8.x (CPANTS Kwalitee).
* Add LICENSE file. (CPANTS).
* New Release IO-Socket-INET6-2.72
o Integrated all of your IPv4 OS fingerprint submissions since June 2013
(2700+ of them). Added 366 fingerprints, bringing the new total to 4485.
Additions include Linux 3.10 - 3.14, iOS 7, OpenBSD 5.4 - 5.5, FreeBSD 9.2,
OS X 10.9, Android 4.3, and more. Many existing fingerprints were improved.
Highlights: http://seclists.org/nmap-dev/2014/q3/325
o (Windows) Upgraded the included OpenSSL to version 1.0.1i.
o (Windows) Upgraded the included Python to version 2.7.8.
o Removed the External Entity Declaration from the DOCTYPE in Nmap's XML. This
was added in 6.45, and resulted in trouble for Nmap XML parsers without
network access, as well as increased traffic to Nmap's servers. The doctype
is now:
<!DOCTYPE nmaprun>
o [Ndiff] Fixed the installation process on Windows, which was missing the
actual Ndiff Python module since we separated it from the driver script.
o [Ndiff] Fixed the ndiff.bat wrapper in the zipfile Windows distribution,
which was giving the error, "\Microsoft was unexpected at this time." See
https://support.microsoft.com/kb/2524009
o [Zenmap] Fixed the Zenmap .dmg installer for OS X. Zenmap failed to launch,
producing this error:
Could not import the zenmapGUI.App module:
'dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so, 2):
Library not loaded: /Users/david/macports-10.5/lib/libffi.5.dylib\n
Referenced from:
/Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so\n
Reason: image not found'.
o [Ncat] Fixed SOCKS5 username/password authentication. The password length was
being written in the wrong place, so authentication could not succeed.
o Avoid formatting NULL as "%s" when running nmap --iflist. GNU libc converts
this to the string "(null)", but it caused segfault on Solaris.
o [Zenmap][Ndiff] Avoid crashing when users have the antiquated PyXML package
installed. Python tries to be nice and loads it when we import xml, but it
isn't compatible. Instead, we force Python to use the standard library xml
module.
o Handle ICMP admin-prohibited messages when doing service version detection.
Crash reported by Nathan Stocks was: Unexpected error in NSE_TYPE_READ
callback. Error code: 101 (Network is unreachable)
o [NSE] Fix a bug causing http.head to not honor redirects.
o [Zenmap] Fix a bug in DiffViewer causing this crash:
TypeError: GtkTextBuffer.set_text() argument 1 must be string or read-only
buffer, not NmapParserSAX
Crash happened when trying to compare two scans within Zenmap.
Junos PyEZ is a Python library to remotely manage/automate Junos devices.
Junos PyEZ is designed to provide the same capabilties as a user
would have on the Junos CLI, but in an environment built for
automation tasks. These capabiltieis include, but are not limited
to:
* Remote connectivty and management of Junos devices via NETCONF
* Provide "facts" about the device such as software-version,
serial-number, etc.
* Retrieve "operational" or "run-state" information as Tables/Views
* Retrieve configuration information as Tables/Views
* Make configuration changes in unstructured and structured ways
* Provide common utilities for tasks such as secure copy of files
and software updates
network addresses.
It support the ability to work and interact with the following:
- IPv4 and IPv6 addresses and subnets
- MAC addresses, OUI and IAB identifiers, IEEE EUI-64 identifiers
- arbitrary (non-aligned) IP address ranges and IP address sets
- various non-CIDR IP range formats such as nmap and glob-style formats
py-ncclient is a Python library that facilitates client-side scripting
and application development around the NETCONF protocol. `ncclient` was
developed by [Shikar Bhushan](http://schmizz.net). It is now maintained
by [Leonidas Poulopoulos (@leopoul)](http://ncclient.grnet.gr)
This version includes a merge of [Juniper Networks](http://www.juniper.net)
and [Cisco Systems](http://www.cisco.com) respective ncclient forks based
on [leopoul/ncclient v0.3.2](https://github.com/leopoul/ncclient)
Based on PR pkg/48141 by Tobias Nygren.
1.4.12
======
Bug #3565 - Encryption fails when typing fast (Invalid message from client)
Bug #3606 - GUI is elevated after setup
Bug #3572 - Mac caps lock causes disconnect
1.4.11
======
Feature #12 - Encryption
Feature #421 - Portable version
Bug #2855 - Mouse cursor remains hidden on Mac client (intermittently/randomly)
Bug #3281 - server start on OS X defaults to 'interactive'
Bug #3310 - P&ort in settings screen
1.4.10
======
Bug #2799 - Right shift broken (Windows server, Mac OS X client)
Bug #3302 - GUI does not show/hide when tray icon is double clicked (Windows)
Bug #3303 - Mac OS X IPC integ test fails intermittently
Feature #2974 - Gesture Support for Magic Mouse/Trackpad
Feature #3172 - Button to stop Synergy when in service mode
Feature #3241 - Option to elevate synergyc/s when in service mode
Feature #3242 - Show a list of available IP addresses and screen name on the main screen
Feature #3296 - 64-bit Windows installer should display helpful message on 32-bit Windows
Feature #3300 - Make service mode default mode (now that we have elevate option)
Feature #3301 - Add process mode option to settings (remove startup wizard page)
Feature #3306 - Gatekeeper compatibility on Mac OS X 10.8
1.4.9
=====
Bug #3159 - In service mode, server doesn't start unless GUI is running
Bug #3214 - Client sometimes can't connect if GUI is closed
Bug #56 - Mac OS X server not sending keystrokes to client
Bug #3161 - First time GUI appears, service doesn't send logging
Bug #3164 - In service mode, you need to add a firewall exception
Bug #3166 - Service shutdown stalls when GUI is closed
Bug #3216 - Fatal error if plugins folder doesn't exist
Bug #3221 - ERROR: could not connect to service, error: 2
Feature #3192 - Add support for JOYINFOEX structure to poll game device info
Feature #3202 - Plugin support (sending for primary screen events on Windows only)
Feature #3155 - Cross-platform TCP IPC between GUI and service
Task #3177 - Fix Mac buildslave to build multiple versions
Task #3193 - Add Micro Synergy to repository
Task #3275 - Change hostname label to "IP address or hostname"
Task #3276 - Installation recovery mechanism for synrgyhk.dll
1.4.8
=====
Bug #143: Cursor on Mac OS X goes to center when inactive
Bug #146: Screen Resize causes problems with moving off right-hand side of screen
Bug #3058: Modifier keys not working on Mac OS X server
Bug #3139: Double click too strict (click, move, click should not count)
Bug #3195: Service install can fail first time
Bug #3196: Wizard buttons not visible
Bug #3197: GUI doesn't take focus after install
Bug #3202: Hook DLL (synrgyhk.dll) is not released
Feature #3143: Setup wizard for first time users
Feature #3145: Check for updates
Feature #3174: Startup mode wizard page
Feature #3184: New service for process management
1.4.7
=====
Bug #3132: GUI hides before successful connection
Bug #3133: Can't un-hide GUI on Mac
Feature #3054: Hide synergy[cs] dock icon (Mac OS X)
Feature #3135: Integrate log into main window
Task #3134: Move hotkey warnings to DEBUG
1.4.6
=====
Bug #155: Build error on FreeBSD (missing sentinel in function call)
Bug #571: Synergy SegFaults with "Unknown Quartz Event type: 0x1d"
Bug #617: xrandr rotation on client confines cursor in wrong area
Bug #642: `synergyc --help` segfaults on sparc64 architecture
Bug #652: Stack overflow in getIDForKey
Bug #1071: Can't copy from the Firefox address bar on Linux
Bug #1662: Copying text from remote computer crashes java programs.
Bug #1731: YouTube can cause server to freeze randomly
Bug #2752: Use SAS for ctrl+alt+del on win7
Bug #2763: Double-click broken on Mac OS
Bug #2817: Keypad Subtract has wrong keycode on OS X
Bug #2958: GNOME 3 mouse problem (gnome-shell)
Bug #2962: Clipboard not working on mac client
Bug #3063: Segfault in copy buffer
Bug #3066: Server segfault on clipboard paste
Bug #3089: Comma and Period translated wrong when using the NEO2-layout
Bug #3092: Wrong screen rotation detected
Bug #3105: There doesn't seem to be a system tray available. Quitting
Bug #3116: Memory Leak due to the XInput2 patches
Bug #3117: Dual monitors not detected properly anymore
Feature #3073: Re-introduce auto-start GUI (Windows)
Feature #3076: Re-introduce auto-start backend
Feature #3077: Re-introduce hidden on start
Feature #3091: Add option to remap altgr modifier
Feature #3119: Mac OS X secondary screen
Task #2905: Unit tests: Clipboard classes
Task #3072: Downgrade Linux build machines
Task #3090: CXWindowsKeyState integ test args wrong
(no changelog for prior versions).
* Release 0.6.5 (12-Aug-2014)
** Compatibility Fixes
This release is compatible with Twisted-14.0.0.
Foolscap no longer claims compatability with python-2.4.x or 2.5.x . These
old versions might still work, but there are no longer automated tests to
ensure this. Future versions will almost certainly *not* work with anything
older than python-2.6.x . Foolscap remains incompatible with py3, sorry.
** Forward Compatibility
When parsing FURLs, the connection hints can now use TCP sockets described
with the Twisted Endpoints syntax (e.g. "tcp:host=127.0.0.1:port=9999"), in
addition to the earlier host:port "127.0.0.1:9999" form. Foolscap-0.6.5
ignores any hint that is not in one of these two forms. This should make it
easier to introduce new hint types in the future.
** Minor Changes
The "ChangeLog" file is no longer updated.
Violation reports now include the method name. (#201)
The "flappserver" tool explicitly rejects unicode input, rather than
producing hard-to-diagnose errors later. (#209)
While here also add a comment to document how to get a useful changelog (altough
it is also very complete because it include all commit messages) for future
pkgsrc commits.
Changes:
2014.08.05:
o [vimeo] various improvements
2014.08.02.1:
o [ubu] better quality support (.mp4)
o [pbs] various improvements (including frontline video support)
======
Security Fixes
--------------
* [Security: `CELERYSA-0002`_] Insecure default umask.
The built-in utility used to daemonize the Celery worker service sets
an insecure umask by default (umask 0).
This means that any files or directories created by the worker will
end up having world-writable permissions.
Special thanks to Red Hat for originally discovering and reporting the
issue!
This version will no longer set a default umask by default, so if unset
the umask of the parent process will be used.
.. _`CELERYSA-0002`:
http://github.com/celery/celery/tree/master/docs/sec/CELERYSA-0002.txt
News
----
- **Requirements**
- Now depends on :ref:`Kombu 3.0.21 <kombu:version-3.0.21>`.
- Now depends on :mod:`billiard` 3.3.0.18.
- **App**: ``backend`` argument now also sets the :setting:`CELERY_RESULT_BACKEND`
setting.
- **Task**: ``signature_from_request`` now propagates ``reply_to`` so that
the RPC backend works with retried tasks
- **Task**: ``retry`` will no longer attempt to requeue the task if sending
the retry message fails.
Unrelated exceptions being raised could cause a message loop, so it was
better to remove this behavior.
- **Beat**: Accounts for standard 1ms drift by always waking up 0.010s
earlier.
This will adjust the latency so that the periodic tasks will not move
1ms after every invocation.
- Documentation fixes
- **Worker**: Removed an outdated assert statement that could lead to errors
being masked
DESCR:
This is the Python 'netsnmp' extension module. The 'netsnmp' module
provides a full featured, tri-lingual SNMP (SNMPv3, SNMPv2c,
SNMPv1) client API. The 'netsnmp' module internals rely on the
Net-SNMP toolkit library.
- The following vulnerabilities have been fixed.
* wnpa-sec-2014-08
The Catapult DCT2000 and IrDA dissectors could underrun a
buffer.
Versions affected: 1.10.0 to 1.10.8
* wnpa-sec-2014-09
The GSM Management dissector could crash. (Bug 10216)
Versions affected: 1.10.0 to 1.10.8
* wnpa-sec-2014-10
The RLC dissector could crash. (Bug 9795)
Versions affected: 1.10.0 to 1.10.8
* wnpa-sec-2014-11
The ASN.1 BER dissector could crash. (Bug 10187)
Versions affected: 1.10.0 to 1.10.8
- The following bugs have been fixed:
* GSM MAP: ensure that p2p_dir is always initialized before
calling GSM SMS dissector (Bug 10234)
* BFCP: include padding length in calculation of correct
attribute length (Bug 10240)
* GTP: allow empty Data Record Packet IE (Bug 10277)
* WebSocket: increase max unmask payload size to 256K and
indicate that packet is truncated is going above the new
limit (Bug 10283)
when it's defined otherwise than a separate file with a matching
name. When committing to the NetBSD wiki, I'm seeing RPC::XML errors
that suggest otherwise ("Can't locate RPC/XML/datatype.pm" and so on).
I don't know why we're having this problem on wiki.n.o and I haven't
managed to reproduce it elsewhere, but it sure looks fixed after
switching to `use parent -norequire`. `use parent` seems to be
generally preferred usage anyway.
Bump PKGREVISION.
* lib/RPC/XML.pm
A patch to loop detection in smart_encode from Dag-Erling
Smørgrav. Some other minor bits.
* lib/RPC/XML/Procedure.pm
RT #83108: Fixed a spelling error. Some other fixes, too.
* lib/RPC/XML.pm
RT #86187: Force key-ordering in struct as_string and
serialize. Was getting some intermittent bug reports of
failures in t/15_serialize.t that amounted to the keys in a
fault struct not being in consistent order.
* lib/RPC/XML.pm
* t/15_serialize.t
Undo the previous change and fix the test. The previous change
didn't feel right, so this rolls it back and fixes the problem
at the level of the test, instead.
* Makefile.PL
* lib/RPC/XML.pm
* lib/RPC/XML/Client.pm
* lib/RPC/XML/Server.pm
Replace direct evals for loading optional modules with
Module::Load. Required adding this to Makefile.PL because
Module::Load is not core in 5.8.8. Also did some slight doc
tweaking.
* lib/RPC/XML.pm
* lib/RPC/XML/Client.pm
Merge pull request #5 from alexrj/utf8-encode. Use
utf8::encode() instead of utf8::downgrade().
* lib/RPC/XML.pm
* lib/RPC/XML/Client.pm
* lib/RPC/XML/Server.pm
Finish the uft8 encode vs. downgrade change from the previous
commit. Changed in places that were overlooked, and adjusted
the version number in all three modules.
* lib/RPC/XML.pm
* lib/RPC/XML/Parser/XMLLibXML.pm
Merge pull request #6 from dctabuyz/master. Added 'no_blanks'
libxml option to skip blank XML::LibXML::Text nodes.
* lib/RPC/XML/Server.pm
Merge pull request #7 from kvar/master. Initialize $do_compress
in RPC::XML::Server between requests.
* lib/RPC/XML.pm
* lib/RPC/XML/Parser/XMLLibXML.pm
* lib/RPC/XML/Server.pm
Bump version numbers on modules changed in github pulls.
* t/15_serialize.t
Fix a test failure on Windows.
* lib/RPC/XML.pm
RT #70408: Fix spelling error in man page, reported by Debian
group.
* t/90_rt54183_sigpipe.t
Fix to handle cases where server creation fails. Now skips the
tests rather than dying.
* lib/RPC/XML/Client.pm
RT #67486: Add port to Host header in client requests.
* lib/RPC/XML/Server.pm
RT #65341: Added "use" of forgotten library File::Temp. This
was causing failure when "message_file_thresh" kicked in.
* t/10_data.t
RT #78602: Changed 64-bit test from use64bitint to longsize. On
some systems (such as OS X), use64bitint can be true even when
in 32-bit mode.
* t/21_xml_libxml.t
Fix from Christian Walde, skip passed test on Windows.
* lib/RPC/XML/Server.pm
* t/40_server.t
Checkpoint refactoring and additional tests. Work is not
complete here, but the Net::Server changes demand immediate
attention
* t/20_xml_parser.t
RT #72780: Check for a possible parser failure. One instance of
XML::Parser failing to parse the extern entities test. Cannot
reproduce, so wrap it in a "skip" block for now.
* lib/RPC/XML/Procedure.pm
* t/30_method.t
RT #71452: Correct handling of dateTime parameters. Existing
code in lib/RPC/XML/Procedure.pm did not properly handle
parameters of the dateTime.iso8601 type. Also, there were no
tests for these.
* MANIFEST
* t/30_method.t (deleted)
* t/30_proceudre.t (added)
Renamed t/30_method.t to t/30_procedure.t.
* lib/RPC/XML/Server.pm
RT #77992: Make RPC::XML::Server work with Net::Server again,
after the API changes of Net::Server 2.x.
* Correct DHCPv6 Prefix Delegation option decoding
* Ensure that a given buffer is at least BUFSIZ (for getline compat)
* Poll interfaces on BSD for IFF_RUNNING if link state cannot be obtained
* Check for an IA to use in DHCPv6 lease validation
* Fix compile on NetBSD-6 (and possibly earlier NetBSDs)
* Warn about exceeding IDGEN_RETRIES when a stable private address cannot
be obtained
* Fix DHCP option overload handling, thanks to Tobias Stoeckmann
Changes in version 0.2.4.23 - 2014-07-28
Tor 0.2.4.23 brings us a big step closer to slowing down the risk from
guard rotation, and also backports several important fixes from the
Tor 0.2.5 alpha release series.
o Major features:
- Clients now look at the "usecreatefast" consensus parameter to
decide whether to use CREATE_FAST or CREATE cells for the first hop
of their circuit. This approach can improve security on connections
where Tor's circuit handshake is stronger than the available TLS
connection security levels, but the tradeoff is more computational
load on guard relays. Implements proposal 221. Resolves ticket 9386.
- Make the number of entry guards configurable via a new
NumEntryGuards consensus parameter, and the number of directory
guards configurable via a new NumDirectoryGuards consensus
parameter. Implements ticket 12688.
o Major bugfixes:
- Fix a bug in the bounds-checking in the 32-bit curve25519-donna
implementation that caused incorrect results on 32-bit
implementations when certain malformed inputs were used along with
a small class of private ntor keys. This bug does not currently
appear to allow an attacker to learn private keys or impersonate a
Tor server, but it could provide a means to distinguish 32-bit Tor
implementations from 64-bit Tor implementations. Fixes bug 12694;
bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
Adam Langley.
o Minor bugfixes:
- Warn and drop the circuit if we receive an inbound 'relay early'
cell. Those used to be normal to receive on hidden service circuits
due to bug 1038, but the buggy Tor versions are long gone from
the network so we can afford to resume watching for them. Resolves
the rest of bug 1038; bugfix on 0.2.1.19.
- Correct a confusing error message when trying to extend a circuit
via the control protocol but we don't know a descriptor or
microdescriptor for one of the specified relays. Fixes bug 12718;
bugfix on 0.2.3.1-alpha.
- Avoid an illegal read from stack when initializing the TLS
module using a version of OpenSSL without all of the ciphers
used by the v2 link handshake. Fixes bug 12227; bugfix on
0.2.4.8-alpha. Found by "starlight".
o Minor features:
- Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
Country database.
Upstream changes:
Version 0.81 (2013-04-08)
* Correct reverseName() for IPv6 addresses, so IP('::1').reverseName() returns correct.
* Add network mask awareness to v46map()
* Fix Python 3 errors in IPSet class
* Make IPSet base class be object when MutableSet isn't available, fixing
errors in Python 2.5
Version 0.80 (2013-03-26)
------------
* Drop support of Python older than 2.4
* Python 3 does not need 2to3 conversion anymore (same code base)
* Fix adding of non-adjacent networks:
192.168.0.0/24 + 192.168.255.0/24 made 192.168.0.0/23
* Fix adding networks that don't create a valid subnet:
192.168.1.0/24 + 192.168.2.0/24 made 192.168.1.0/23
* Fix adding with an IPv6 address where .int() was < 32 bits made IPy believe it
was an IPv4 address:
::ffff:0/112 + ::1:0:0/112 made 255.255.0.0/111
* Add support of IPSets
* Add support for subtracting a network range
* Prevent IPv4 and IPv6 ranges from saying they contain each other
* Add a .v46map() method to convert mapped address ranges
such as IP('::ffff:192.168.1.1'); RFC 4291
* Change sort order to more natural:
IPv4 before IPv6; less-specific prefixes first (/0 before /32)
Version 0.76 (2013-03-19)
-------------------------
* ip == other and ip != other doesn't fail with an exception anymore if other
is not a IP object
* Add IP.get_mac() method: get the 802.3 MAC address from IPv6 RFC 2464
address.
* Fix IP('::/0')[0]: return an IPv6 instead of an IPv4 address
2014/07/25 : 1.5.3
- DOC: fix typo in Unix Socket commands
- BUG/MEDIUM: connection: fix memory corruption when building a proxy
v2 header
- BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
- DOC: mention that Squid correctly responds 400 to PPv2 header
- BUG/MINOR: http: base32+src should use the big endian version of base32
- BUG/MEDIUM: connection: fix proxy v2 header again!
Some parts are ported to python-3, but most parts not, so leave
it disabled for now.
Twisted Core 14.0.0 (2014-05-08)
================================
Features
--------
- twisted.internet.interfaces.IUDPTransport - and that interface's
implementations in Twisted - now supports enabling broadcasting.
(#454)
- trial's TestCase will now report a test method as an error if that
test method is a generator function, preventing an issue when a
user forgets to decorate a test method with defer.inlineCallbacks,
causing the test method to not run. (#3917)
- twisted.positioning, a new API for positioning systems such as GPS,
has been added. It comes with an implementation of NMEA, the most
common wire protocol for GPS devices. It will supersede
twisted.protoocols.gps. (#3926)
- The new interface twisted.internet.interfaces.IStreamClientEndpoint
StringParserWithReactor will supply the reactor to its
parseStreamClient method, passed along from
twisted.internet.endpoints.clientFromString. (#5069)
- IReactorUDP.listenUDP, IUDPTransport.write and
IUDPTransport.connect now accept ipv6 address literals. (#5086)
- A new API, twisted.internet.ssl.optionsForClientTLS, allows clients
to specify and verify the identity of the peer they're communicating
with. When used with the service_identity library from PyPI, this
provides support for service identity verification from RFC 6125, as
well as server name indication from RFC 6066. (#5190)
- Twisted's TLS support now provides a way to ask for user-configured
trust roots rather than having to manually configure such
certificate authority certificates yourself.
twisted.internet.ssl.CertificateOptions now accepts a new argument,
trustRoot, which combines verification flags and trust sources, as
well as a new function that provides a value for that argument,
twisted.internet.ssl.platformTrust, which allows using the trusted
platform certificate authorities from OpenSSL for certificate
verification. (#5446)
- Constants are now comparable/orderable based on the order in which
they are defined. (#6523)
- "setup.py install" and "pip install" now work on Python 3.3,
installing the subset of Twisted that has been ported to Python 3.
(#6539)
- twisted.internet.ssl.CertificateOptions now supports ECDHE for
servers by default on pyOpenSSL 0.14 and later, if the underlying
versions of cryptography.io and OpenSSL support it. (#6586)
- twisted.internet.ssl.CertificateOptions now allows the user to set
acceptable ciphers and uses secure ones by default. (#6663)
- The Deferred returned by
twisted.internet.defer.DeferredFilesystemLock.deferUntilLocked can
now be cancelled. (#6720)
- twisted.internet.ssl.CertificateOptions now enables TLSv1.1 and
TLSv1.2 by default (in addition to TLSv1.0) if the underlying
version of OpenSSL supports these protocol versions. (#6772)
- twisted.internet.ssl.CertificateOptions now supports Diffie-Hellman
key exchange. (#6799)
- twisted.internet.ssl.CertificateOptions now disables TLS
compression to avoid CRIME attacks and, for servers, uses server
preference to choose the cipher. (#6801)
- SSL server endpoint string descriptions now support the
specification of Diffie-Hellman key exchange parameter files.
(#6924)
- twisted.python.reflect.requireModule was added to handle
conditional imports of python modules and work around pyflakes
warnings of unused imports code. (#7014)
Bugfixes
--------
- If a ProcessProtocol.processExited method raised an exception a
broken process handler would be left in the global process state
leading to errors later on. This has been fixed and now an error
will be logged instead. (#5151)
- Twisted now builds on Solaris. Note that lacking a Buildbot slave
(see http://buildbot.twistedmatrix.com/boxes-supported) Solaris is
not a supported Twisted platform. (#5728)
- twisted.internet.utils is now correctly installed on Python 3.
(#6929)
- twisted.python.threadpool.ThreadPool no longer starts new workers
when its pool size is changed while the pool is not running.
(#7011)
Improved Documentation
----------------------
- Twisted now uses the Sphinx documentation generator for its
narrative documentation, which means that the source format for
narrative documentation has been converted to ReStructuredText.
(#4500)
- The Sphinx documentation is now also configured to allow
intersphinx links to standard library documentation. (#4582)
- The docstring for twisted.internet.task.react now better documents
the main parameter (#6071)
- The writing standard now explicitly mandates the usage of
ungendered pronouns. (#6858)
Deprecations and Removals
-------------------------
- test_import.py was removed as it was redundant. (#2053)
- Support for versions of pyOpenSSL older than 0.10 has been removed.
Affected users should upgrade pyOpenSSL. (#5014)
- twisted.internet.interfaces.IStreamClientEndpointStringParser is
now deprecated in favor of twisted.internet.interfaces.IStreamClien
tEndpointStringParserWithReactor. (#5069)
- unsignedID and setIDFunction, previously part of
twisted.python.util and deprecated since 13.0, have now been
removed. (#6707)
- FTPClient.changeDirectory was deprecated in 8.2 and is now removed.
(#6759)
- twisted.internet.stdio.StandardIO.closeStdin, an alias for
loseWriteConnection only available on POSIX and deprecated since
2.1, has been removed. (#6785)
- twisted.python.reflect.getcurrent is now deprecated and must not be
used. twisted.python.reflect.isinst is now deprecated in favor of
the built-in isinstance. (#6859)
Other
-----
- #1822, #5929, #6239, #6537, #6565, #6614, #6632, #6690, #6784,
#6792, #6795, #6821, #6843, #6846, #6854, #6856, #6857, #6872,
#6892, #6902, #6906, #6922, #6926, #6936, #6941, #6942, #6943,
#6944, #6945, #6946, #6948, #6979, #7001, #7049, #7051, #7094,
#7098
Twisted Conch 14.0.0 (2014-05-08)
=================================
Improved Documentation
----------------------
- The docstring for twisted.conch.ssh.userauth.SSHUserAuthClient is
now clearer on how the preferredOrder instance variable is handled.
(#6850)
Other
-----
- #6696, #6807, #7054
Twisted Lore 14.0.0 (2014-05-08)
================================
Deprecations and Removals
-------------------------
- twisted.lore is now deprecated in favor of Sphinx. (#6907)
Other
-----
- #6998
Twisted Mail 14.0.0 (2014-05-08)
================================
Improved Documentation
----------------------
- twisted.mail.alias now has full API documentation. (#6637)
- twisted.mail.tap now has full API documentation. (#6648)
- twisted.mail.maildir now has full API documentation. (#6651)
- twisted.mail.pop3client now has full API documentation. (#6653)
- twisted.mail.protocols now has full API documentation. (#6654)
- twisted.mail.pop now has full API documentation. (#6666)
- twisted.mail.relay and twisted.mail.relaymanager now have full API
documentation. (#6739)
- twisted.mail.pop3client public classes now appear as part of the
twisted.mail.pop3 API. (#6761)
Other
-----
- #6696
Twisted Names 14.0.0 (2014-05-08)
=================================
Features
--------
- twisted.names.root.Resolver now accepts a resolverFactory argument,
which makes it possible to control how root.Resolver performs
iterative queries to authoritative nameservers. (#6095)
- twisted.names.dns.Message now has a repr method which shows only
those instance flags, fields and sections which are set to non-
default values. (#6847)
- twisted.names.dns.Message now support rich comparison. (#6848)
Bugfixes
--------
- twisted.names.server.DNSServerFactory now responds with messages
whose flags and fields are reset to their default values instead of
copying these from the request. This means that AD and CD flags,
and EDNS OPT records in the request are no longer mirrored back to
the client. (#6645)
Improved Documentation
----------------------
- twisted.names now has narrative documentation showing how to create
a custom DNS server. (#6864)
- twisted.names.server now has full API documentation. (#6886)
- twisted.names now has narrative documentation explaining how to use
its client APIs. (#6925)
- twisted.names now has narrative documentation and examples showing
how to perform reverse DNS lookups. (#6969)
Other
-----
- #5675, #6222, #6672, #6696, #6887, #6940, #6975, #6990
Twisted News 14.0.0 (2014-05-08)
================================
No significant changes have been made for this release.
Other
-----
- #6991
Twisted Pair 14.0.0 (2014-05-08)
================================
Features
--------
- twisted.pair.tuntap now has complete test coverage, basic
documentation, and works without the difficult-to-find system
bindings it used to require. (#6169)
Other
-----
- #6898, #6931, #6993
Twisted Runner 14.0.0 (2014-05-08)
==================================
No significant changes have been made for this release.
Other
-----
- #6992
Twisted Web 14.0.0 (2014-05-08)
===============================
Features
--------
- twisted.web.http.proxiedLogFormatter can now be used with
twisted.web.http.HTTPFactory (and subclasses) to record X
-Forwarded-For values to the access log when the HTTP server is
deployed behind a reverse proxy. (#1468)
- twisted.web.client.Agent now uses
twisted.internet.ssl.CertificateOptions for SSL/TLS and benefits
from its continuous improvements. (#6893)
Bugfixes
--------
- twisted.web.client.Agent now correctly manage flow-control on
pooled connections, and therefore requests will no longer hang
sometimes when deliverBody is not called synchronously within the
callback on Request. (#6751)
- twisted.web.client.Agent now verifies that the provided server
certificate in a TLS connection is trusted by the platform. (#7042)
- When requesting an HTTPS URL with twisted.web.client.Agent, the
hostname of the presented certificate will be checked against the
requested hostname; mismatches will now result in an error rather
than a man-in-the-middle opportunity for attackers. This may break
existing code that incorrectly depended on insecure behavior, but
such code was erroneous and should be updated. (#4888)
Other
-----
- #5004, #6881, #6956
Twisted Words 14.0.0 (2014-05-08)
=================================
Bugfixes
--------
- twisted.words.protocols.jabber.sasl_mechansisms.DigestMD5 now works
with unicode arguments. (#5066)
Other
-----
- #6696
NEWS for rsync 3.1.1 (22 Jun 2014)
Protocol: 31 (unchanged)
Changes since 3.1.0:
BUG FIXES:
- If the receiver gets bogus filenames from the sender (an unexpected
leading slash or a ".." infix dir), exit with an error. This prevents a
malicious sender from trying to inject filenames that would affect an
area outside the destination directories.
- Fixed a failure to remove the partial-transfer temp file when interrupted
(and rsync is not saving the partial files).
- Changed the chown/group/xattr-set order to avoid losing some security-
related xattr info (that would get cleared by a chown).
- Fixed a bug in the xattr-finding code that could make a non-root-run
receiver not able to find some xattr numbers.
- Fixed a bug in the early daemon protocol where a timeout failed to be
honored (e.g. if the remote side fails to send us the initial protocol
greeting).
- Fixed unintended inclusion of commas in file numbers in the daemon log.
- We once again send the 'f' sub-flag (of -e) to the server side so it
knows that we can handle incremental-recursion directory errors properly
in older protocols.
- Fixed an issue with too-aggressive keep-alive messages causing a problem
for older rsync versions early in the transfer.
- Fixed an incorrect message about backup-directory-creation when using
--dry-run and the backup dir is not an absolute path.
- Fixed a bug where a failed deletion and/or a failed sender-side removal
would not affect the exit code.
- Fixed a bug that caused a failure when combining --delete-missing-args
with --xattrs and/or --acls.
- Fixed a strange dir_depth assertion error that was caused by empty-dir
removals and/or duplicate files in the transfer.
- Fixed a problem with --info=progress2's output stats where rsync would
only update the stats at the end of each file's transfer. It now uses
the data that is flowing for the current file, making the stats more
accurate and less jumpy.
- Fixed an itemize bug that affected the combo of --link-dest, -X, and -n.
- Fixed a problem with delete messages not appearing in the log file when
the user didn't use --verbose.
- Improve chunked xattr reading for OS X.
- Removed an attempted hard-link xattr optimization that was causing a
transfer failure. This removal is flagged in the compatibility code, so
if a better fix can be discovered, we have a way to flip it on again.
- Fixed a bug when the receiver is not configured to be able to hard link
symlimks/devices/special-file items but the sender sent some of these
items flagged as hard-linked.
- We now generate a better error if the buffer overflows in do_mknod().
- Fixed a problem reading more than 16 ACLs on some OSes.
- Fixed the reading of the secrets file to avoid an infinite wait when
the username is missing.
- Fixed a parsing problem in the --usermap/--groupmap options when using
MIN-MAX numbers.
- Switched Cygwin back to using socketpair "pipes" to try to speed it up.
- Added knowledge of a few new options to rrsync.
ENHANCEMENTS:
- Tweaked the temp-file naming when --temp-dir=DIR is used: the temp-file
names will not get a '.' prepended.
- Added support for a new-compression idiom that does not compress all the
matching data in a transfer. This can help rsync to use less cpu when a
transfer has a lot of matching data, and also makes rsync compatible with
a non-bundled zlib. See the --new-compress and --old-compress options in
the manpage.
- Added the support/rsync-no-vanished wrapper script.
- Made configure more prominently mention when we failed to find yodl (in
case the user wants to be able to generate manpages from *.yo files).
- Have manpage mention how a daemon's max-verbosity setting affects info
and debug options. Also added more clarification on backslash removals
for excludes that contain wildcards.
- Have configure check if for the attr lib (for getxattr) for those systems
that need to link against it explicitly.
- Change the early dir-creation logic to only use that idiom in an
inc-recursive copy that is preserving directory times. e.g. using
--omit-dir-times will avoid these early directories being created.
- Fix a bug in cmp_time() that would return a wrong result if the 2 times
differed by an amount greater than what a time_t can hold.
DEVELOPER RELATED:
- We now include an example systemd file (in packaging/systemd).
- Tweaked configure to make sure that any intended use of the included popt
and/or zlib code is put early in the CFLAGS.
The most important change in this release is that TLS version negotiation is no longer used unless it's explicitly turned on in the configuration files, thus reverting back to the 2.3.2 behaviour as interoperability issues were encountered in 2.3.3. Other notable changes include addition of SSL library version reporting, fixing of SOCKSv5 authentication logic and making serial env exporting consistent between OpenSSL and PolarSSL. This release also contains a number of other bug fixes and small enhancements.
mk/krb5.buildlink3.mk.
It prevent link libcrypt twice with PREFER_PKGSRC=openssl.
Fix was provided Chuck Silvers via private e-mail about two weeks ago and
I've confirmed the problem.
Bump PKGREVISION.
Upstream changes:
2.1.0
Changelog:
* New feature: Filter::matches() can do simple filtering on entry sets (supported: equals, contain, begin, end, any; NOT, AND, OR. Filtering is simple based on regexp, no schema checks and matchRules yet!)
* Fixed minor bugs in Filter, LDAP and Entry class
* Util::split_attribute_string(): Added support for extended match operators from filters
* Util::split_attribute_string(): Added support for delimeter retrieval
======
- Fixed remaining bug in ``maybe_declare`` for ``auto_delete`` exchanges.
- MongoDB: Creating a channel now properly evaluates a connection (Issue #363).
3.0.20
======
- Reverts change in 3.0.17 where ``maybe_declare`` caches the declaration
of auto_delete queues and exchanges.
- Redis: Fixed race condition when using gevent and the channel is closed.
1.5.2
-----
Two extra important issues were discovered since 1.5.1 which were fixed
in 1.5.2. The first one can cause some sample fetch combinations to fail
together in a same expression, and one artificial case (but totally
useless) may even crash the process. The second one is an incomplete
fix in 1.5-dev23 for the request body forwarding. Hash-based balancing
algorithms and http-send-name-header may fail if a request contains
a body which starts to be forwarded before the contents are used.
A few other bugs were fixed, and the max syslog line length is now
configurable per logger.
1.5.1
-----
Version 1.5.1 fixes a few bugs from 1.5.0 among which a really annoying
one which can cause some file descriptor leak when dealing with clients
which disappear from the net, resulting in the impossibility to accept
new connections after some time.
1.5.0
-----
1.5 expands 1.4 with many new features and performance improvements,
including native SSL support on both sides with SNI/NPN/ALPN and OCSP
stapling, IPv6 and UNIX sockets are supported everywhere, full HTTP
keep-alive for better support of NTLM and improved efficiency in
static farms, HTTP/1.1 compression (deflate, gzip) to save bandwidth,
PROXY protocol versions 1 and 2 on both sides, data sampling on
everything in request or response, including payload, ACLs can use
any matching method with any input sample maps and dynamic ACLs
updatable from the CLI stick-tables support counters to track
activity on any input sample custom format for logs, unique-id,
header rewriting, and redirects, improved health checks (SSL,
scripted TCP, check agent, ...), much more scalable configuration
supports hundreds of thousands of backends and certificates without
sweating.
Full changelog for the 1.5 branch:
http://www.haproxy.org/download/1.5/src/CHANGELOG
* If just given a domain and no search list, make the search list the domain
* Skip arpping directives if we have a profile but not parsing one
* Allow the request of a DHCPv6 address or prefix, a prefix length must be
specified
* Add the ability to dump DHCPv6 leases
* Improve startup with regards to carrier checking and adding a link-local
IPv6 address
* Start the correct interface reference for added devices
* Support
http://datatracker.ietf.org/doc/draft-ietf-dhc-dhcpv6-stateful-issues-06
via the ia_pd_mix option
* Fix link handling where kernel reported flags in LINK_UP may not be
valid when we actually process them
* Fix defining new options in dhcpcd.conf and requesting them
* Fix a potential segfault when reloading configurations
* Print user defined options via -V
* Add support for RFC6603, Prefix Exclude option
* When requesting a IA_PD and another IA type, create a psuedo interface
to handle the IA_PD
* Handle truncated DHCPv6 saved leases
* FIX: at getting tab order, unwanted non-existet tab may be created.
* FIX: properly handle mentions to multiple accounts.
* CHANGE: colorize rule of metions for tweets with multi accounts.
*
2014-06-16: 0.7.0 "Kryoptonite"
- Partial IPv6 support (#107)
Client can connect to iodined through an relaying IPv6
nameserver. Server only supports IPv4 for now.
Traffic inside tunnel is IPv4.
- Add socket activation for systemd, by Michael Scherer.
- Add automated lookup of external ip (via -n auto).
- Bugfix for OS X (Can't assign requested address)
- Fix DNS tunneling bug caused by uninitialized variable, #94
- Handle spaces when entering password interactively, fixes#93.
Patch by Hagar.
- Add -R option to set OpenBSD routing domain for the DNS socket.
Patch by laurent at gouloum fr, fixes#95.
- Add android patches and makefile, from Marcel Bokhorst, fixes#105.
- Added missing break in iodine.c, by Pavel Pergamenshchik, #108.
- A number of minor patches from Frank Denis, Gregor Herrmann and
Barak A. Pearlmutter.
- Testcase compilation fixes for OS X and FreeBSD
- Do not let sockets be inherited by sub-processes, fixes#99.
- Add unspecified RR type (called PRIVATE; id 65399, in private use
range). For servers with RFC3597 support. Fixes#97.
- Fix authentication bypass vulnerability; found by Oscar Reparaz.
==============================
Release Notes for Samba 3.6.24
June 23, 2014
==============================
This is a security release in order to address
CVE-2014-0244 (Denial of service - CPU loop) and
CVE-2014-3493 (Denial of service - Server crash/memory corruption).
o CVE-2014-0244:
All current released versions of Samba are vulnerable to a denial of
service on the nmbd NetBIOS name services daemon. A malformed packet
can cause the nmbd server to loop the CPU and prevent any further
NetBIOS name service.
This flaw is not exploitable beyond causing the code to loop expending
CPU resources.
o CVE-2014-3493:
All current released versions of Samba are affected by a denial of service
crash involving overwriting memory on an authenticated connection to the
smbd file server.
SyntaxError: Non-UTF-8 code starting with '\xb7' in file youtube-dl on line 3, but no encoding declared; see http://python.org/dev/peps/pep-0263/ for details
by installing the original unmodified file and a wrapper script.
I'm not sure why it broke or why this works better, but it does for me (TM).
Bump PKGREVISION.
