Local changes:
o Remove patch now included upstream
o Adapt PLIST to installed files
Upstream changes:
- Core
+ Prevent interpreter from dying twice
+ Complete rewrite of the IO system, including new unified IO PMC
semantics.
+ The Integer and Float PMCs now have a get_pointer vtable which is
needed when using NCI to bind to Fortran libraries such as LAPACK
- Deprecations
+ Moved dynpmc/os to pmc os. loadlib 'os' is not needed anymore.
- Platforms
+ Fixed for the FileHandle open method the append mode on Windows.
+ Fix compilation on Windows without working mt.exe
+ Detect GNU/Hurd as linux proper.
+ Fixed broken int3 trap on Solaris with gcc.
+ Updated the vms port on a YAPC::EU hackathon with vaxman and mvorl.
- Tests
+ Improve testability with valgrind or thread-sanitizer
Changelog:
NEW
A Menu Button is now shown to new users by default
NEW
Tabs are now drawn in the title bar on Windows
FIXED
An issue causing spell-checking only parts of words in Thunderbird 16 is now fixed (790475)
FIXED
An issue causing Thunderbird 16 to repeatedly download emails is now fixed (806760)
FIXED
RSS feeds can now be viewed in the Wide View Layout (531397)
FIXED
Various fixes and performance improvements
FIXED
Various security fixes
CHANGED
Mac OS X 10.5 is no longer supported
Security fixes:
Fixed in Thunderbird 17
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
FreeRADIUS 2.2.0 Mon 10 Sep 2012 12:00:00 CEST, urgency=medium
Feature improvements
* 100% configuration file compatible with 2.1.x.
The only fix needed is to disallow "hashsize=0" for rlm_passwd
* Update Aruba, Alcatel Lucent, APC, BT, PaloAlto, Pureware,
Redback, and Mikrotik dictionaries
* Switch to using SHA1 for certificate digests instead of MD5.
See raddb/certs/*.cnf
* Added copyright statements to the dictionaries, so that we know
when people are using them.
* Better documentation for radrelay and detail file writer.
See raddb/modules/radrelay and raddb/radrelay.conf
* Added TLS-Cert-Subject-Alt-Name-Email from patch by Luke Howard
* Added -F <file> to radwho
* Added query timeouts to MySQL driver. Patch from Brian De Wolf.
* Add /etc/default/freeradius to debian package.
Patch from Matthew Newton
* Finalize DHCP and DHCP relay code. It should now work everywhere.
See raddb/sites-available/dhcp, src_ipaddr and src_interface.
* DHCP capabilitiies are now compiled in by default.
It runs as a DHCP server ONLY when manually enabled.
* Added one letter expansions: %G - request minute and %I request
ID.
* Added script to convert ISC DHCP lease files to SQL pools.
See scripts/isc2ippool.pl
* Added rlm_cache to cache arbitrary attributes.
* Added max_use to rlm_ldap to force connection to be re-established
after a given number of queries.
* Added configtest option to Debian init scripts, and automatic
config test on restart.
* Added cache config item to rlm_krb5. When set to "no" ticket
caching is disabled which may increase performance.
Bug fixes
* Fix CVE-2012-3547. All users of 2.1.10, 2.1.11, 2.1.12,
and 802.1X should upgrade immediately.
* Fix typo in detail file writer, to skip writing if the packet
was read from this detail file.
* Free cached replies when closing resumed SSL sessions.
* Fix a number of issues found by Coverity.
* Fix memory leak and race condition in the EAP-TLS session cache.
Thanks to Phil Mayers for tracking down OpenSSL APIs.
* Restrict ATTRIBUTE names to character sets that make sense.
* Fix EAP-TLS session Id length so that OpenSSL doesn't get
excited.
* Fix SQL IPPool logic for non-timer attributes. Closes bug #181
* Change some informational messages to DEBUG rather than error.
* Portability fixes for FreeBSD. Closes bug #177
* A much better fix for the _lt__PROGRAM__LTX_preloaded_symbols
nonsense.
* Safely handle extremely long lines in conf file variable expansion
* Fix for Debian bug #606450
* Mutex lock around rlm_perl Clone routines. Patch from Eike Dehling
* The passwd module no longer permits "hashsize = 0". Setting that
is pointless for a host of reasons. It will also break the server.
* Fix proxied inner-tunnel packets sometimes having zero authentication
vector. Found by Brian Julin.
* Added $(EXEEXT) to Makefiles for portability. Closes bug #188.
* Fix minor build issue which would cause rlm_eap to be built twice.
* When using "status_check=request" for a home server, the username
and password must be specified, or the server will not start.
* EAP-SIM now calculates keys from the SIM identity, not from the
EAP-Identity. Changing the EAP type via NAK may result in
identities changing. Bug reported by Microsoft EAP team.
* Use home server src_ipaddr when sending Status-Server packets
* Decrypt encrypted ERX attributes in CoA packets.
* Fix registration of internal xlat's so %{mschap:...} doesn't
disappear after a HUP.
* Can now reference tagged attributes in expansions.
e.g. %{Tunnel-Type:1} and %{Tunnel-Type:1[0]} now work.
* Correct calculation of Message-Authenticator for CoA and Disconnect
replies. Patch from Jouni Malinen
* Install rad_counter, for managing rlm_counter files.
* Add unique index constraint to all SQL flavours so that alternate
queries work correctly.
* The TTLS diameter decoder is now more lenient. It ignores
unknown attributes, instead of rejecting the TTLS session.
* Use "globfree" in detail file reader. Prevents very slow leak.
Closes bug #207.
* Operator =~ shouldn't copy the attribute, like :=. It should
instead behave more like ==.
* Build main Debian package without SQL dependencies
* Use max_queue_size in threading code
* Update permissions in raddb/sql/postgresql/admin.sql
* Added OpenSSL_add_all_algorithms() to fix issues where OpenSSL
wouldn't use methods it knew about.
* Add more sanity checks in dynamic_clients code so the server won't
crash if it attempts to load a badly formated client definition.
Drop sed patch (applied upstream).
- 2.36 | 2012-11-22
- portability fixes
- import some procs explicitly (Guile 1.4.x)
Guile 1.4.x does not implicitly provide, e.g., SRFI 13.
- use appropriate u8 i/o procs
The "compiler" (har har) build-aux/guile-baux/mm, in cahoots w/
the configure script, now tries to DTRT for various versions of
Guile. Precisely:
1.4.x -- custom procs based on ‘read-char’ / ‘display’
1.8 -- uniform-vector-{read!,write} (the "normal" case)
2.x -- custom procs based on those in ‘(ice-9 binary-ports)’
With this change, "make check" under Guile 2.0.6 no longer
displays any deprecation warnings. Any that you might encounter
(for any Guile) is now considered a bug; please report it.
- avoid ‘\n’ in sed ‘s’ RHS (FreeBSD)
This was a problem in the "make check" prep (test harness).
- less "values outside ‘call-with-values’ context"
Another case was found, but this was internal. Perhaps others
lurk -- why doesn't Someone just do a formal audit already?!
- bootstrap tools upgrade
- GNU Automake 1.12.5
- Guile-BAUX 20121120.1242.e233fad
* Set MAINTANINER as pkgsrc-users@
And
* Set CATEGORIES as print
* Fix dependency patterns
XXX This package depends on pkgsrc-wip packages.
XXX This problem should be fixed.
Clang was hardwired to search for crt* stuff and libstdc++ at
/usr/lib/gcc41. This worked for most people even when DragonFly
moved to gcc 4.4 as the primary base compiler since gcc 4.1 was
usually also on the system.
With the release of DragonFly 3.2, gcc 4.7 replaced gcc 4.1 and
clang stopped compiling due to not being able to find libraries and
crt* objects. The new patches make clang driver first look for
gcc 4.7 and failing to find that: gcc 4.4.
The other patches were "de-fuzzed".
Revision bump was necessary because clang did build, it just didn't
work.
Patches submitted upstream:
http://llvm.org/bugs/show_bug.cgi?id=14417
Changelog:
2012-11-21
# Changes and additions
* On Windows, process now returns real process ids as in UNIX, not Windows process handles.
* The cgi.lsp module now handles multiform data in POST requests.
* Two new make files for compiling RedHat Fedora and CentOS distributions. The configure utility called by make will handle these two subflavors of RedHat Linux automatically.
# Bug fixes
* Memory overrun of invalid UTF8 strings now causes an error message "invalid UTF8 string".
* The function ref did sometimes not handle correctly multiple, nested matching expressions.
* The float function did sometimes not work correctly when used on list members.
* OpenBSD did not load .init.lsp.
# Compatibility with previous versions
* This version is compatible with previous versions in the 10.4 series of newLISP.
5.2.2 (10-Sep-2012)
Bugs fixed:
* Server disconnects on the execution of a query following execution of a SP
returning resultset(s) and OUT parameters. (Bug# 14512187)
* Crash while executing after binding BLOB datatype as INOUT parameter
(Bug# 14501952)
* SP having 2 BLOB OUT parameters crashes at execution (Bug# 14563386)
* ASSERT for INOUT parameter of BIT(N>3) type (Bug#14560916)
* Using ADO, driver returns wrong type and value for bit(>1) parameter
(Bug# 14555713)
* Blobs used in as INOUT parameters have inconsistent behaviour in ADO
(Bug# 14580316)
* my_isspace calls cause ODBC driver crashes (Bug# 14363601)
* SQLNativeSql did not null-terminate output string after copying
(Bug# 14559721)
* Incorrect length value passed to SQLSetConnectAttr could cause
driver crash. (Bug# 14620420)
Built using MySQL 5.5.27.
----
5.2.1 (09-Aug-2012)
Functionality added or changed:
* Driver prepares statements on server
* Support of INOUT and OUT parameters(WL#6116)
* Increased the timeout in tests from 30 to 60 seconds to avoid failures in
slow tests that involve catalog functions and Information_Schema queries.
Bugs fixed:
* Long table names crash OBDC driver. (Bug# 14085211/65200)
* Close proximity issue when handling OS signlals in myodbc (Bug# 14303803)
* "String data right truncated" error is not always correct (Bug# 14285620)
Built using MySQL 5.5.27.
----
5.2.0
Functionality added or changed:
* Driver available in Unicode and ANSI versions(WL#5850)
* Driver by default uses server side prepared statements
* Connection string option NO_SSPS prevents using of server side prepared
statements. It is configurable via GUI dialog.
Built using MySQL 5.5.25.
----
5.1.11
Functionality added or changed:
* MyODBC queries log is written to %TEMP%\myodbc.sql, or to C:\myodbc.sql if
TEMP is not defined.
* Added pre-fetch functionality implemented through LIMIT to avoid reading the
entire resultset for full table SELECT queries. (WL#6211)
Bugs fixed:
* Fractional parts of second is ignored in SQLGetData. (Bug #12767740/60646)
* ODBC prepared statements ignore fractional part of temporal data types.
(Bug #12767761/60648)
* Memory leak on Windows on each connection attepmt. (Bug #11766029/59059)
* SQLTables() function does not return the catalog correctly if the wildcard
or SQL_ALL_CATALOGS is used. (Bug #13914518)
----
5.1.10(02-Feb-2012)
Functionality added or changed:
Bugs fixed:
* In some cases TIMESTAMP field could be described as SQL_NO_NULLS.
(Bug #13532987)
* SQLFetch has to return error if indicator pointer is NULL for NULL value.
(Bug #13542600)
* A failure on one stmt causes another stmt to fail. (Bug #13097201/#62657)
Built using MySQL 5.5.18.
----
5.1.9 (04-Oct-2011)
Functionality added or changed:
* Support of windows authentication.
Bugs fixed:
* SQLFetch() did not return SQL_ERROR if connection was dropped due to a
timeout. (Bug #39878)
* MS Access with VARCHAR NOT NULL columns. (Bug #31067)
* sqlwcharchr might read one SQLWCHAR after end of string. (Bug #61586)
* Column parameter binding makes SQLExecute not to return SQL_ERROR on
disconnect. (Bug #59772)
* If pre-execution failed some catalog functions called right after that
would return only one row. (Bug #12824839)
* MyODBC driver does not call mysql_thread_end() when the thread ends causing
error messages such as this: Error in my_thread_global_end(): 1 threads
didn't exit. (Bug #57727)
* When NO_BINARY_RESULT was set driver failed to perform the expected data
conversion. (Bug#11765110/58038)
Built using MySQL 5.5.16.
Change MASTER_SITE, and therefore fetch with curl.
Specify C99, after guessing that from warnings.
Enable extra warnings (reported upstream).
2012-02-29 - Version 1.10
* PolarSSL crypto engine by Adriaan de Jong
* build: --disable-crypto-engine-win32 renamed to --disable-crypto-engine-cryptoapi
* api: PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_WIN32 renamed to
PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_CRYPTOAPI.
* api: PKCS11H_ENGINE_CRYPTO_WIN32 renamed to
PKCS11H_ENGINE_CRYPTO_CRYPTOAPI
2011-08-16 - Version 1.09
* Do not retry if CKR_BUFFER_TOO_SMALL and none NULL target.
* Fixup OpenSSL engine's rsa_priv_enc to use RSA size output buffer.
