+ fixes cross-site scripting vulnerabilities (SA44036)
+ contains a lot of filename cleanup work (no more bb and hobbit)
please read upgrade-to-430.txt when upgrading from a previous pkg
(see also the install message)
change: Incoming SSL connections can time out waiting for SSL_accept to
complete
pkgsrc change: remove the patch which did daemonize omniNames in
the code -- this was bad because it sent all diagnostic output
to /dev/null. send it to background in the rc.d script instead, and
set a reasonable logfile location
Bug Fixes:
* Added explicit note on unbound-anchor usage: Please note usage of
unbound-anchor root anchor is at your own risk and under the terms of our
LICENSE (see that file in the source).
* Fix remove private address does not throw away entire response. [bugzilla: 361 ]
* Fix, time.elapsed variable not reset with stats_noreset.
* Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout.
* give config parse error for multiple names on a stub or forward zone.
* updated ldns tarball to 1.6.9(snapshot).
* iana portlist updated.
Changelog:
This release fixes a program crash that was happening with certain YouTube
videos, and fixes the date extraction regular expression in YouTube.
* Update BUILDLINK_API_DEPENDS.quvi to 0.4.0
Changelog:
0.2.15 Fri Apr 15 2011 Toni Gundogdu
Changes:
- Add support for reading URLs from the stdin
- quvi_supported: Improve URL checking (#29)
- Check additional URL parts (vs. domain only)
- Remove obsoleted (by new test suite) options from quvi command
- --test-all
- --test
- --page-title
- --video-id
- --file-length
- --file-suffix
- --dump
Changes: Build system
- New testsuite (see $top_srcdir/test/README)
- Use CPPFLAGS (src|lib|examples)/Makefile.am
- configure:
- Add --enable-nlfy, --enable-verbose-tests
- Rename --enable-broken -> --enable-todo
Changes: API
- Add "media" interface, deprecating the old "video" interface
- The deprecated symbols will be removed in 0.2.20
- Add quvi_next_media_url (depr. quvi_next_videolink)
- Add quvi_media_t (depr. quvi_video_t)
- Add QUVIPROP_MEDIAID (depr. QUVIPROP_VIDEOID)
- Add QUVIPROP_MEDIAURL (depr. QUVIPROP_VIDEOURL)
- Add QUVIPROP_MEDIACONTENTLENGTH (depr. QUVIPROP_VIDEOFILELENGTH)
- Add QUVIPROP_MEDIACONTENTTYPE (depr.QUVIPROP_VIDEOFILECONTENTTYPE)
- Add QUVIPROP_FILESUFFIX (depr. QUVIPROP_VIDEOFILESUFFIX)
- Add QUVIPROP_FORMAT (depr. QUVIPROP_VIDEOFORMAT)
- Add QUVIPROP_MEDIATHUMBNAILURL, QUVIPROP_MEDIADURATION
- Thanks to Bastien Nocera for the patch
Changes: Website scripts
- Add soundcloud.lua, ted.lua: Thanks to Bastien Nocera for scripts
- Add megavideo.lua: Thanks to Paul Kocialkowski for the script
- Add tvlux.lua
- collegehumor.lua: Mark as TODO (#35)
- cbsnews.lua (#30)
- Improve 'best' parsing (compare height and bitrate)
- Update format IDs
- youtube.lua:
- Add support for "#at=" as start-time
- Add support additional embed URL types (/e/,/embed/)
- Process the starttime string (#36)
- Remove the dangling format IDs (tgp_144p, webm_*)
- vimeo.lua: Exit with server returned error message (#27)
- arte.lua: Improve handling of expired URLs
Bugfixes:
- "error: (null)" with LUA scripts that use 'redirect' (#46)
- quvi: Do not exit if preceeding URL fails (#40)
- Compilation when PATH_MAX is not defined (#32)
Bugfixes: Build system
- Include doc subdir with --with-doc flag only (#33)
Bugfixes: Website scripts
- cbsnews.lua: attempt to compare number with nil (#30)
- Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The NFS dissector could crash on Windows. (Bug 5209)
Versions affected: 1.4.0 to 1.4.4.
o The X.509if dissector could crash. (Bug 5754, Bug 5793)
Versions affected: 1.2.0 to 1.2.15 and 1.4.0 to 1.4.4.
o Paul Makowski from SEI/CERT discovered that the DECT dissector
could overflow a buffer. He verified that this could allow
remote code execution on many platforms.
Versions affected: 1.4.0 to 1.4.4.
The following bugs have been fixed:
o Export HTTP > All - System Appears Hung (but isn't). (Bug 1671)
o Some HTTP responses don't decode with TCP reassembly on. (Bug 3785)
o Wireshark crashes when cancelling a large sort operation. (Bug 5189)
o Wireshark crashes if SSL preferences RSA key is actually a DSA key.
(Bug 5662)
o tshark incorrectly calculates TCP stream for some syn packets.
(Bug 5743)
o Wireshark not able to decode the PPP frame in a sflow
(RFC3176) flow sample packet because Wireshark incorrectly
read the protocol in PPP frame header. (Bug 5746)
o Mysql protocol dissector: all fields should be little endian.
(Bug 5759)
o Error when opening snoop from Juniper SSG-140. (Bug 5762)
o svnversion: command not found. (Bug 5798)
o capinfos: #ifdef HAVE_LIBGCRYPT block includes a line too
many. (Bug 5803)
o Value of TCP segment data cannot be copied. (Bug 5811)
o proto_field_is_referenced() is not exported in
libwireshark.dll. (Bug 5816)
o Wireshark ver. 1.4.4 not displayed "Granted QoS" field in a
A11 packet. (Bug 5822)
- Updated Protocol Support
HTTP, LDAP, MySQL, NFS, sFlow, SSL, TCP
SNMPTT (SNMP Trap Translator) is an SNMP trap handler written in Perl for
use with the Net-SNMP / UCD-SNMP snmptrapd program (www.net-snmp.org).
SNMPTT supports Linux, Unix and Windows.
Snmptt can log to any of the following destinations: text log, syslog,
NT Event log or a SQL database. External programs can also be run to pass
the translated trap to an email client, paging software, Nagios etc.
In addition to variable substitution, SNMPTT allows complex configurations
allowing:
* the ability to accept or reject a trap based on the host name,
ip address, network range, or variable values inside of the trap
enterprise variables
* execute external programs to send pages, emails etc
* perform regular expression search and replace on the translated message
such as translating the variable value "Building alarm 4" to
"Moisture detection alarm"
This release contains several enhancements, including rate calculation in check_snmp. There are also lots of bug fixes.
* New check_ntp_peer -m and -n options to check the number of usable time sources ("truechimers")
* New check_disk_smb -a option which allows for specifying the IP address of the remote server
ChangeLog:
- Fixed bug with NSCA daemon eating CPU if child process couldn't accept a connection in multi-process mode (Chris Wilson)
- Fixed bug that prevented single mode daemon from working properly
- Added sample scripts for testing functionality to nsca_tests/ (Ton Voon/Altinity)
- Fixed crash from malformed command line
- Updated to config.sub and config.guess to latest from GNU Savannah
ChangeLog:
* Fixes problem where disabling all active hosts/services was not taking effect
* Fixes for compiler warnings (code cleanup by Stephen Gran)
* Fixes for format errors in event handler logging (Guillaume Rousse)
* Fixed incorrect info in sample nagios.cfg file for state_retention_file (Michael Friedrich)
* Fixed broker_event_handler() to return ERR if data is NULL (Michael Friedrich)
* Patch to new_mini_epn to allow any command line length without breaking on extra trailing or leading whitespace (Ray Bengen)
* Patch to mini_epn to allow any command line length (Thomas Guyot-Sionnest)
* Patch to speed up loading of state retention data (Matthieu Kermagoret)
* Custom notifications are now suppressed during scheduled downtime (Sven Nierlein)
* Added code to warn user about exit code of 126 meaning plugin is not executable (bug #153)
* Scheduled downtime can now start on SOFT error states (bug #47)
* Main window frame URL can now be specify with a "corewindow=" parameter
* Improved config CGI shows commands, command args in an easier to use manner (Jochen Bern)
* Added ability for NEB modules to override execution of event handlers (Sven Nierlein)
* Custom macros are no longer cleaned/stripped as they are user-defined and should be trusted (Peter Morch)
* Fix for choosing next valid time on day of DST change when clocks go one hour backwards
* Fix for nagios now erroring when "Error: Could not find any contactgroup matching..." displayed
* Fix tap tests for Sol0 and newer versions of Test::Harness
* Fix for notifications not being sent out when scheduled downtime is canceluzzner)
* Fix for first notification delay being calculated incorrectly, and notifications potentially going out early (Plachowski)
* Fix for text of scheduling downtime of all services on a host (Holger Weiss)
* Fix for services inheriting notification period from hosts if not defined (Gordon Messmer)
* Fix for incorrect service states on host failures (bug #130 Pet)
* Fix for incorrect service state attributes being set on host failures (bug #128 Petya Kohts)
* Fix for non-scheduled hostsnd services not being updated in NDOUtils
* Fix for typos in TAC, CMD CGIs (bugs #150, #144, #148)
* Fix for types in documentation (bugs #145, #105, #106)
* Fix for incorrect host state counts in status CGI when viewing servicegroups (bug #72)
* Fix few Splunk integration query parameters (bug #136)
* Fix for extra field header in availability CSV export (bug #113)
* Fix foracro processing code modifying input string (Jochen Bern)
* Fix for update check API
* Fix for CGI speedup when persistent=0 f comments
* Fix for event execution loop re-scheduling host checks instead of executing them if service checks are disabled (b #152)
* Fix for segfaults on Solaris (Torsten Huebler)
* Fix for incorrect comment expiration times being passed to event bror (Mattieu Kermagot)
* Doc updates related to cleaning of custom macros (Peter Valdemar Morch)
* Fix to sample notify-service--email command (bug #62)
* Fix for retaining host display name and alias, as well as service display name (Folkert van Heusden* Link to allow scheduling downtime for all services on a host (Hendrik Baecker)
* Speedup to CGIs when lots of comments or dotimes in status.dat file (Jonathan Kamens)
* Patch for new_mini_epn to allow for any command line length without breaking extra trailing or leading whitespace (Ray Bengen)
* Fix for incorrect scheduling when time has gone back an hour (partial fix for 24x7)
* Fix for compile on Fedora Core 3 (bug #0000082)
* Fix for compile on Solaris
* Fix for logging test, which was not timezone aware (bug #0000077 - Allan Clark)
* Trivial cleanups for autoconf (Allan Clark)
* Fix for CSS validation of padding: X
* Fix for documentation re: case-insensitive nature of custom variables (Marc Powell)
* Fix for template configurations which use negated wildcards (Tim Wilde)
* Fix for read-only permissions bug in CGIs that caused problems viewing comments (bug #0000029)
* Fix for incorrect CGI reports (availability, trends, etc.) when reporting period spans Daylight Savings Time (bug #0000046)
* Fix for detection of truecolor support in GD library (Lars Hecking)
* Reverted to use --datadir configure script option instead of the more recently introduced --datarootdir option
* Status and retention files are now flushed/synced to disk to prevent incomplete information being displayed in CGIs
* Fix for incorrect next service check time calculation when Nagios is reloaded with different timeperiod ranges
* Updated Fedora quistart guide to indicate PHP requirements
* Known issue: Service checks that are defined with timeperiods that contain "exclude" directives are incorrectly re-scheduled. Don't use these for now - we'll get this
fixed for 3.4
NEWS for rsync 3.0.8 (26 Mar 2011)
Protocol: 30 (unchanged)
Changes since 3.0.7:
BUG FIXES:
- Fixed two buffer-overflow issues: one where a directory path that is
exactly MAXPATHLEN was not handled correctly, and one handling a
--backup-dir that is extra extra large.
- Fixed a data-corruption issue when preserving hard-links without
preserving file ownership, and doing deletions either before or during
the transfer (CVE-2011-1097). This fixes some assert errors in the
hard-linking code, and some potential failed checksums (via -c) that
should have matched.
- Fixed a potential crash when an rsync daemon has a filter/exclude list
and the transfer is using ACLs or xattrs.
- Fixed a hang if a really large file is being processed by an rsync that
can't handle 64-bit numbers. Rsync will now complain about the file
being too big and skip it.
- For devices and special files, we now avoid gathering useless ACL and/or
xattr information for files that aren't being copied. (The un-copied
files are still put into the file list, but there's no need to gather
data that is not going to be used.) This ensures that if the user uses
--no-D, that rsync can't possibly complain about being unable to gather
extended information from special files that are in the file list (but
not in the transfer).
- Properly handle requesting remote filenames that start with a dash. This
avoids a potential error where a filename could be interpreted as a
(usually invalid) option.
- Fixed a bug in the comparing of upper-case letters in file suffixes for
--skip-compress.
- If an rsync daemon has a module configured without a path setting, rsync
will now disallow access to that module.
- If the destination arg is an empty string, it will be treated as a
reference to the current directory (as 2.x used to do).
- If rsync was compiled with a newer time-setting function (such as
lutimes), rsync will fall-back to an older function (such as utimes) on a
system where the newer function is not around. This helps to make the
rsync binary more portable in mixed-OS-release situations.
- Fixed a batch-file writing bug that would not write out the full set of
compatibility flags that the transfer was using. This fixes a potential
protocol problem for a batch file that contains a sender-side I/O error:
it would have been sent in a way that the batch-reader wasn't expecting.
- Some improvements to the hard-linking code to ensure that device-number
hashing is working right, and to supply more information if the hard-link
code fails.
- The --inplace code was improved to not search for an impossible checksum
position. The quadruple-verbose chunk[N] message will now mention when
an inplace chunk was handled by a seek rather than a read+write.
- Improved ACL mask handling, e.g. for Solaris.
- Fixed a bug that prevented --numeric-ids from disabling the translation
of user/group IDs for ACLs.
- Fixed an issue where an xattr and/or ACL transfer that used an alt-dest
option (e.g. --link-dest) could output an error trying to itemize the
changes against the alt-dest directory's xattr/ACL info but was instead
trying to access the not-yet-existing new destination directory.
- Improved xattr system-error messages to mention the full path to the
file.
- The --link-dest checking for identical symlinks now avoids considering
attribute differences that cannot be changed on the receiver.
- Avoid trying to read/write xattrs on certain file types for certain OSes.
Improved configure to set NO_SYMLINK_XATTRS, NO_DEVICE_XATTRS, and/or
NO_SPECIAL_XATTRS defines in config.h.
- Improved the unsafe-symlink errors messages.
- Fixed a bug setting xattrs on new files that aren't user writable.
- Avoid re-setting xattrs on a hard-linked file w/the same xattrs.
- Fixed a bug with --fake-super when copying files and dirs that aren't
user writable.
- Fixed a bug where a sparse file could have its last sparse block turned
into a real block when rsync sets the file size (requires ftruncate).
- If a temp-file name is too long, rsync now avoids truncating the name in
the middle of adjacent high-bit characters. This prevents a potential
filename error if the filesystem doesn't allow a name to contain an
invalid multi-byte sequence.
- If a muli-protocol socket connection fails (i.e., when contacting a
daemon), we now report all the failures, not just the last one. This
avoids losing a relevant error (e.g. an IPv4 connection-refused error)
that happened before the final error (e.g. an IPv6 protocol-not-supported
error).
- Generate a transfer error if we try to call chown with a -1 for a uid or
a gid (which is not settable).
- Fixed the working of --force when used with --one-file-system.
- Fix the popt arg parsing so that an option that doesn't take an arg will
reject an attempt to supply one (can configure --with-included-popt if
your system's popt library doesn't yet have this fix).
- A couple minor option tweaks to the support/rrsync script, and also some
regex changes that make vim highlighting happier.
- Fixed some issues in the support/mnt-excl script.
- Various manpage improvements.
ENHANCEMENTS:
- Added ".hg/" to the default cvs excludes (see -C & --cvs-exclude).
DEVELOPER RELATED:
- Use lchmod() whenever it is available (not just on symlinks).
- A couple fixes to the socketpair_tcp() routine.
- Updated the helper scripts in the packaging subdirectory.
- Renamed configure.in to configure.ac.
- Fixed configure's checking for iconv routines for newer OS X versions.
- Fixed the testsuite/xattrs.test script on OS X.
The 0MQ lightweight messaging kernel is a library which extends the
standard socket interfaces with features traditionally provided by
specialised messaging middleware products. 0MQ sockets provide an
abstraction of asynchronous message queues, multiple messaging
patterns, message filtering (subscriptions), seamless access to
multiple transport protocols and more.
* 20-resolv.conf now uses the correct variable for $IF_METRIC
* Compiles on RedHat9
* Exclude interface values when dumping the lease
* Parse static value subnet_mask when it exists instead of deriving from
ip address
* logger calls now resemble dhcpcd calls to syslog(3)
* Reject offered IP address if INADDR_BROADCAST or INADDR_ANY
* Change the route if source address has changed
* Handle partial UDP checksums so we work in Xen domU
Thanks to Marius Tomaschewski <mt@suse.de>
* Note the address we are requesting in the broadcast log entry
* When operating on one interface, respect the timeout for in dhcpcd.conf
* Escape | and & characters before passing the value to the shell
Ensure we set a valid hostname, DNS domain and NIS domain.
Document the need for input validation in dhcpcd-run-hooks(8).
Fixes CVE-2011-996
Based on a patch to dhcpcd-3 by Marius Tomaschewski <mt@suse.de>
Patch provided by Wen Heping in PR 42833.
Changes:
- Added Timor-Leste country code: .tl
- Updated database: Tue Feb 16 06:40:01 2010 UTC
- Using date-based version number
- Code and documentation cleanup
- Added some new tests
- Updated list of country codes
- Updated database: Wed Oct 7 06:40:02 2009 UTC
- Removed webgeo2ipct.pl script as you can now download a suitable file
straight from the web: http://software77.net/geo-ip/
- Updated database: Tue Sep 8 06:40:01 2009 UTC
- Fix undef warning in Faster()
- Tidy up benchmark script
- Tidy up txt<->dat conversion scripts
