Upstream changes:
1.06 August 21, 2013
! #87935 skip all MIME-Parser tests if it is not installed
! #87787 Use of uninitialized value $ns in Lite.pm
1.05 August 18, 2013
! #87848 Fix manifest, fix invalid http version from release blunder
======
* proxy/gnome: Fix "automatic" mode, which was mistakenly being
treated as "none" (Dan)
* proxy/gnome: Use this in Unity sessions as well as GNOME ones.
(#698936, Iain Lane)
* proxy/libproxy: Fix handling of SOCKS proxies (#699359, Dan)
since 1.24 see file NEWS in the distfile.
Security fixes since 1.24:
* Fix crash when processing crafted commands (CVE-2012-4502)
(possible with IP addresses allowed by cmdallow and localhost)
* Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES
replies (CVE-2012-4503) (not used by chronyc)
Reviewed by: Joerg Sonnenberger <joerg@netbsd.org>
- trial now has an --exitfirst flag which stops the test run after
the first error or failure.
- twisted.internet.ssl.CertificateOptions now supports chain
certificates.
- twisted.internet.endpoints now provides ProcessEndpoint, a child
process endpoint.
- Factory now has a forProtocol classmethod that constructs an
instance and sets its protocol attribute.
- twisted.internet.endpoints.connectProtocol allows connecting to a
client endpoint using only a protocol instance, rather than
requiring a factory.
- twisted.trial.unittest.SynchronousTestCase.assertNoResult no longer
swallows the result, if the assertion succeeds.
- twisted.python.constants.FlagConstant implements __iter__ so that
it can be iterated upon to find the flags that went into a flag
set, and implements __nonzero__ to test as false when empty.
- assertIs and assertIsNot have now been added to
twisted.trial.unittest.TestCase.
- twisted.trial.unittest.TestCase.failureResultOf now takes an
optional expected failure type argument.
- The POSIX implementation of
twisted.internet.interfaces.IReactorProcess now does not change the
parent process UID or GID in order to run child processes with a
different UID or GID.
Upstream changes:
1.04 August 9, 2013
! #87605 Skip XML::Parser::Lite tests if it is missing [github.com/omega]
1.03 August 4, 2013
! #87195 Remove DIME::Tools dep until we can work around its issues
1.02 July 30, 2013
! #87421 1.01 release blew out xml versions. mea culpa.
1.01 July 29, 2013
! #84168 Test t/02-payload.t fails under Perl 5.17.10
! #87127 TEST.pl removed from MANIFEST
! revert #85713 - various reports of environment failures
1.0 July 16, 2013
! #85713 SOAP::Transport::HTTP, 500 error skips parsing of response
! No more Windows 98 client support. Wait, wut?
! Merge SOAP::Transport::TCP back into SOAP::Lite (for now)
! #82416: xop href cid: URI encoded support reported by Michael R. Davis (mrdvt92)
! #85208 bad test plan
! #83750 different headers for mod_perl vs mod_perl2 [Mithun Bhattacharya]
0.716 May 10, 2013
! #17275 Client unable to detect fatal SOAP failure (e.g. unable to connect to host)
! #81471 Force array context for correct Apache header parsing in SOAP::Transport::HTTP
! #45611 deserializing SOAP message with composite attachment raises exception
! #84168 Test t/02-payload.t fails under Perl 5.17.10
! #85098 Monkey patch for LWP::Protocol confuses the toolchain
! #78692 / #84724 / #83715 Sending large object (many levels deep) throws error Incorrect parameter
! #78502 t/08-schema.t noisy under 5.17.2 (unescaped left brace in regex is deprecated)
! #78608 Documentation for "+trace"
! #78639 Spelling error reported by Debian tools
==============================
Release Notes for Samba 3.5.22
August 05, 2013
==============================
This is a security release in order to address
CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
server to loop with DOS).
o CVE-2013-4124:
All current released versions of Samba are vulnerable to a denial of
service on an authenticated or guest connection. A malformed packet
can cause the smbd server to loop the CPU performing memory
allocations and preventing any further service.
A connection to a file share, or a local account is needed to exploit
this problem, either authenticated or unauthenticated if guest
connections are allowed.
This flaw is not exploitable beyond causing the code to loop
allocating memory, which may cause the machine to exceed memory
limits.
Changes since 3.5.21:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list
reading can cause server to loop with DOS.
==============================
Release Notes for Samba 3.6.17
August 05, 2013
==============================
This is a security release in order to address
CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
server to loop with DOS).
o CVE-2013-4124:
All current released versions of Samba are vulnerable to a denial of
service on an authenticated or guest connection. A malformed packet
can cause the smbd server to loop the CPU performing memory
allocations and preventing any further service.
A connection to a file share, or a local account is needed to exploit
this problem, either authenticated or unauthenticated if guest
connections are allowed.
This flaw is not exploitable beyond causing the code to loop
allocating memory, which may cause the machine to exceed memory
limits.
Changes since 3.6.16:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list
reading can cause server to loop with DOS.
This is a major update, many fixes and improvements.
Main reason for the update was to sync the embedded sftp client
with putty after fixes for vulnerabilities.
Update HOMEPAGE, MASTER_SITES.
Set USE_GNU_READLINE to catch up to 2012Q3 devel/readline builtin detection.
0.99.22.3 basically contains a security bugfix for OSPF-API.
0.99.22.2 was not released.
0.99.22.1 contains a few non-security bugfixes.
Changes in 0.99.22 since 0.99.21:
- [bgpd] The semantics of default-originate route-map have changed.
The route-map is now used to advertise the default route conditionally.
The old behaviour which allowed to set attributes on the originated
default route is no longer supported.
- [bgpd] There is now a replace-as option to neighbor ... local-as ...
no-prepend. For details, refer to the user documentation.
- [zebra] An FPM interface has been added. This provides an alternate
interface to routing information and is geared at OpenFlow & co.
- [snmp] AgentX is now supported; the old smux backend is considered
deprecated. ospf6d has also had OSPFV3-MIB added.
- [*] several issues with configuration save/load/apply have been fixed,
in particular on ospf "max-metric router-lsa administrative" and
"distribute-list", bgpd "no neighbor activate", isisd "metric-style",
- [*] a lot of bugs have been fixed, please refer to the git log
based on PR pkg/48082.
3.5.0 - 03/15/2013
------------------
* Fixed bug #403: The "configuration" page of the webui doesn't use entity
encoding when displaying the "command expansion" item (Eric Stanley, Phil
Randal)
* Fixed bug #424: Nagios Core 3.4.4 seg fault (core dump) on restart after
removing config for running service (Eric Stanley)
* Updated CGI utility functions to support UTF-8 characters (Eric Stanley)
* Fixed bug where selecting Command Expansion from Configuration CGI page would
display commands instead (Eric Stanley)
* Fixed bug #369: status.cgi crashes with segfault when there are german ulauts
(äöüß) in the hostname or the servicename (Eric Stanley)
* Fixed bug #418: Scheduled Downtime Notifications Resent On Nagios
Restart/reload (Eric Stanley)
* Change to tar.gz file fetch
* Use perl5 automatic PLIST
* Add a patch so this works with Net::DNS 0.69
* Modify dependence on Net::DNS to be >= 0.42 in accordance with distribution
* Bump PKGREVISION
Thanks to wiz@ for help when I got stuck (auto-plist, include order etc.)
Only print script warnings when a script is used. Remove stray mention of script-security system.
Move settings of user script into set_user_script function
Move checking of script file access into set_user_script
Provide more accurate warning message
Fix NULL-pointer crash in route_list_add_vpn_gateway().
Fix problem with UDP tunneling due to mishandled pktinfo structures.
Always push basic set of peer info values to server.
make 'explicit-exit-notify' pullable again
Fix proto tcp6 for server & non-P2MP modes
Fix Windows script execution when called from script hooks
Fixed tls-cipher translation bug in openssl-build
Fixed usage of stale define USE_SSL to ENABLE_SSL
Fix segfault when enabling pf plug-ins
