Summary for 1.3.0 libpcap release
Handle DLT_PFSYNC in {FreeBSD, other *BSD+Mac OS X, other}.
Linux: Don't fail if netfilter isn't enabled in the kernel.
Add new link-layer type for NFC Forum LLCP.
Put the CANUSB stuff into EXTRA_DIST, so it shows up in the release tarball.
Add LINKTYPE_NG40/DLT_NG40.
Add DLT_MPEG_2_TS/LINKTYPE_MPEG_2_TS for MPEG-2 transport streams.
[PATCH] Fix AIX-3.5 crash with read failure during stress
AIX fixes.
Introduce --disable-shared configure option.
Added initial support for canusb devices.
Include the pcap(3PCAP) additions as 1.2.1 changes.
many updates to documentation: pcap.3pcap.in
Improve 'inbound'/'outbound' capture filters under Linux.
Note the cleanup of handling of new DLT_/LINKTYPE_ values.
On Lion, don't build for PPC.
For mac80211 devices we need to clean up monitor mode on exit.
Summary for 1.2.1 libpcap release
Update README file.
Fix typoes in README.linux file.
Clean up some compiler warnings.
Fix Linux compile problems and tests for ethtool.h.
Treat Debian/kFreeBSD and GNU/Hurd as systems with GNU
toolchains.
Support 802.1 QinQ as a form of VLAN in filters.
Treat "carp" as equivalent to "vrrp" in filters.
Fix code generated for "ip6 protochain".
Add some new link-layer header types.
Support capturing NetFilter log messages on Linux.
Clean up some error messages.
Turn off monitor mode on exit for mac80211 interfaces on Linux.
Fix problems turning monitor mode on for non-mac80211 interfaces
on Linux.
Properly fail if /sys/class/net or /proc/net/dev exist but can't
be opened.
Fail if pcap_activate() is called on an already-activated
pcap_t, and add a test program for that.
Fix filtering in pcap-ng files.
Don't build for PowerPC on Mac OS X Lion.
Simplify handling of new DLT_/LINKTYPE_ values.
Expand pcap(3PCAP) man page.
Summary for 1.2 libpcap release
All of the changes listed below for 1.1.1 and 1.1.2.
Changes to error handling for pcap_findalldevs().
Fix the calculation of the frame size in memory-mapped captures.
Add a link-layer header type for STANAG 5066 D_PDUs.
Add a link-layer type for a variant of 3GPP TS 27.010.
Noted real nature of LINKTYPE_ARCNET.
Add a link-layer type for DVB-CI.
Fix configure-script discovery of VLAN acceleration support.
see http://netoptimizer.blogspot.com/2010/09/tcpdump-vs-vlan-tags.html
Linux, HP-UX, AIX, NetBSD and OpenBSD compilation/conflict fixes.
Protect against including AIX 5.x's <net/bpf.h> having been included.
Add DLT_DBUS, for raw D-Bus messages.
Treat either EPERM or EACCES as "no soup for you".
Changes to permissions on DLPI systems.
Add DLT_IEEE802_15_4_NOFCS for 802.15.4 interfaces.
own build docs), this actually makes remmina offer ssh and sftp, and makes
the NX plugin build. Thus bumping revision.
XXX TODO:
XXX - RDP still isn't offered in the menu.
XXX - upstream package is 1.0
Thanks to Noud Brouwer for the original libssh-0.5.4 package from
pkgsrc-wip, which was used as security/libssh with some corrections.
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2013-01
Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI
DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS,
SDP, and SIP dissectors. Reported by Laurent Butti. (Bugs
8036, 8037, 8038, 8040, 8041, 8042, 8043, 8198, 8199, 8222)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-02
The CLNP dissector could crash. Discovered independently by
Laurent Butti and the Wireshark development team. (Bug 7871)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-03
The DTN dissector could crash. (Bug 7945)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-04
The MS-MMC dissector (and possibly others) could crash. (Bug
8112)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-05
The DTLS dissector could crash. Discovered by Laurent Butti.
(Bug 8111)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-06
The ROHC dissector could crash. (Bug 7679)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-07
The DCP-ETSI dissector could corrupt memory. Discovered by
Laurent Butti. (Bug 8213)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-08
The Wireshark dissection engine could crash. Discovered by
Laurent Butti. (Bug 8197)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-09
The NTLMSSP dissector could overflow a buffer. Discovered by
Ulf Härnhammar. (Bug X)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
- The following bugs have been fixed:
o SNMPv3 Engine ID registration. (Bug 2426)
o Wrong decoding of gtp.target identification. (Bug 3974)
o Reassemble.c leaks memory for GLIB > 2.8. (Bug 4141)
o Wireshark crashes when starting due to out-of-date plugin left
behind from earlier installation. (Bug 7401)
o Failed to dissect TLS handshake packets. (Bug 7435)
o ISUP dissector problem with empty Generic Number. (Bug 7632)
o Illegal character is used in temporary capture file name. (Bug
7877)
o Lua code crashes wireshark after update to 1.8.3. (Bug 7976)
o Timestamp info is not saved correctly when writing DOS Sniffer
files. (Bug 7998)
o 1.8.3 Wireshark User's Guide version is 1.6. (Bug 8009)
o Core dumped when the file is closed. (Bug 8022)
o LPP is misspelled in APDU parameter in
e-CIDMeasurementInitiation request for LPPA message. (Bug
8023)
o Wrong packet bytes are selected for ISUP CUG binary code. (Bug
8035)
o Decodes FCoE Group Multicast MAC address as Broadcom MAC
address. (Bug 8046)
o The SSL dissector stops decrypting the SSL conversation with
Malformed Packet:SSL error messages. (Bug 8075)
o Unable to Save/Apply [Unistim Port] in Preferences. (Bug 8078)
o Some Information Elements in GTPv2 are not dissected
correctly. (Bug 8079)
o Wrong bytes highlighted with "Find Packet...". (Bug 8085)
o 3GPP ULI AVP. SAI is not correctly decoded. (Bug 8098)
o Wireshark does not show "Start and End Time" information for
Cisco Netflow/IPFIX with type 154 to 157. (Bug 8105)
o GPRS Tunnel Protocoll GTP Version 1 does not decode DAF flag
in Common Flags IE. (Bug 8193)
o Wrong parcing of ULI of gtpv2 messages - errors in SAC, RAC &
ECI. (Bug 8208)
o Version Number in EtherIP dissector. (Bug 8211)
o Warn Dissector bug, protocol JXTA. (Bug 8212)
o Electromagnetic Emission Parser parses field Event Id as
Entity Id. (Bug 8227)
- Updated Protocol Support
ANSI IS-637-A, ASN.1 PER, AX.25, Bluetooth HCI, CLNP, CSN.1,
DCP-ETSI, DIAMETER, DIS PDU, DOCSIS CM-STATUS, DTLS, DTN, EtherIP,
Fibre Channel, GPRS, GTP, GTPv2, HomePlug AV, IEEE 802.3 Slow,
IEEE 802.15.4, ISUP, JXTA, LAPD, LPPa, MPLS, MS-MMC, NAS-EPS,
NTLMSSP, ROHC, RSL, RTPS, SDP, SIP, SNMP, SSL
- New and Updated Capture File Support
DOS Sniffer
The Tor Project ceased to recommend privoxy years ago; the only way
they recommend browsing the web is through the Tor Browser Bundle,
which Someone^TM ought to find some way to package up.
==============================
Release Notes for Samba 3.6.12
January 30, 2013
==============================
This is a security release in order to address
CVE-2013-0213 (Clickjacking issue in SWAT) and
CVE-2013-0214 (Potential XSRF in SWAT).
o CVE-2013-0213:
All current released versions of Samba are vulnerable to clickjacking in the
Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into
a malicious web page via a frame or iframe and then overlaid by other content,
an attacker could trick an administrator to potentially change Samba settings.
In order to be vulnerable, SWAT must have been installed and enabled
either as a standalone server launched from inetd or xinetd, or as a
CGI plugin to Apache. If SWAT has not been installed or enabled (which
is the default install state for Samba) this advisory can be ignored.
o CVE-2013-0214:
All current released versions of Samba are vulnerable to a cross-site
request forgery in the Samba Web Administration Tool (SWAT). By guessing a
user's password and then tricking a user who is authenticated with SWAT into
clicking a manipulated URL on a different web page, it is possible to manipulate
SWAT.
In order to be vulnerable, the attacker needs to know the victim's password.
Additionally SWAT must have been installed and enabled either as a standalone
server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has
not been installed or enabled (which is the default install state for Samba)
this advisory can be ignored.
Changes since 3.6.11:
--------------------
o Kai Blin <kai@samba.org>
* BUG 9576: CVE-2013-0213: Fix clickjacking issue in SWAT.
* BUG 9577: CVE-2013-0214: Fix potential XSRF in SWAT.
==============================
Release Notes for Samba 3.5.21
January 30, 2013
==============================
This is a security release in order to address
CVE-2013-0213 (Clickjacking issue in SWAT) and
CVE-2013-0214 (Potential XSRF in SWAT).
o CVE-2013-0213:
All current released versions of Samba are vulnerable to clickjacking in the
Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into
a malicious web page via a frame or iframe and then overlaid by other content,
an attacker could trick an administrator to potentially change Samba settings.
In order to be vulnerable, SWAT must have been installed and enabled
either as a standalone server launched from inetd or xinetd, or as a
CGI plugin to Apache. If SWAT has not been installed or enabled (which
is the default install state for Samba) this advisory can be ignored.
o CVE-2013-0214:
All current released versions of Samba are vulnerable to a cross-site
request forgery in the Samba Web Administration Tool (SWAT). By guessing a
user's password and then tricking a user who is authenticated with SWAT into
clicking a manipulated URL on a different web page, it is possible to manipulate
SWAT.
In order to be vulnerable, the attacker needs to know the victim's password.
Additionally SWAT must have been installed and enabled either as a standalone
server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has
not been installed or enabled (which is the default install state for Samba)
this advisory can be ignored.
Changes since 3.5.20:
---------------------
o Kai Blin <kai@samba.org>
* BUG 9576: CVE-2013-0213: Fix clickjacking issue in SWAT.
* BUG 9577: CVE-2013-0214: Fix potential XSRF in SWAT.
Also bump PKGREVISION for a few packages using it.
The packages I did this for:
net/yaz
lang/parrot
misc/openoffice3 (where I noticed the run-time failure due to missing shared library)
www/webkit-gtk
sysutils/open-vm-tools
inputmethod/ibus-qt
I didn't do this recursively or for all packages using icu
since I didn't know if they used the shared library directly,
some use was optional. The list of packages I didn't touch:
devel/devhelp
databases/idzebra
databases/sqlite3
devel/gnustep-base/
finance/gnucash
games/openttd
graphics/shotwell
lang/mono
meta-pkgs/boost
misc/calibre
misc/libreoffice
news/tin
textproc/php-intl
www/deforaos-surfer
www/epiphany
www/liferea-current
www/midori
================
Changes in PyZMQ
================
2.2.0.1
=======
This is a tech-preview release, to try out some new features.
It is expected to be short-lived, as there are likely to be issues to iron out,
particularly with the new pip-install support.
Experimental New Stuff
----------------------
These features are marked 'experimental', which means that their APIs are not set in stone,
and may be removed or changed in incompatible ways in later releases.
Threadsafe ZMQStream
********************
With the IOLoop inherited from tornado, there is exactly one method that is threadsafe:
:meth:`.IOLoop.add_callback`. With this release, we are trying an experimental option
to pass all IOLoop calls via this method, so that ZMQStreams can be used from one thread
while the IOLoop runs in another. To try out a threadsafe stream:
.. sourcecode:: python
stream = ZMQStream(socket, threadsafe=True)
pip install pyzmq
*****************
PyZMQ should now be pip installable, even on systems without libzmq.
In these cases, when pyzmq fails to find an appropriate libzmq to link against,
it will try to build libzmq as a Python extension.
This work is derived from `pyzmq_static <https://github.com/brandon-rhodes/pyzmq-static>`_.
To this end, PyZMQ source distributions include the sources for libzmq (2.2.0) and libuuid (2.21),
both used under the LGPL.
zmq.green
*********
The excellent `gevent_zeromq <https://github.com/traviscline/gevent_zeromq>`_ socket
subclass which provides `gevent <http://www.gevent.org/>`_ compatibility has been merged as
:mod:`zmq.green`.
.. seealso::
:ref:`zmq_green`
Bugs fixed
----------
* TIMEO sockopts are properly included for libzmq-2.2.0
* avoid garbage collection of sockets after fork (would cause ``assert (mailbox.cpp:79)``).
2.2.0
=====
Some effort has gone into refining the pyzmq API in this release to make it a model for
other language bindings. This is principally made in a few renames of objects and methods,
all of which leave the old name for backwards compatibility.
.. note::
As of this release, all code outside ``zmq.core`` is BSD licensed (where
possible), to allow more permissive use of less-critical code and utilities.
Name Changes
------------
* The :class:`~.Message` class has been renamed to :class:`~.Frame`, to better match other
zmq bindings. The old Message name remains for backwards-compatibility. Wherever pyzmq
docs say "Message", they should refer to a complete zmq atom of communication (one or
more Frames, connected by ZMQ_SNDMORE). Please report any remaining instances of
Message==MessagePart with an Issue (or better yet a Pull Request).
* All ``foo_unicode`` methods are now called ``foo_string`` (``_unicode`` remains for
backwards compatibility). This is not only for cross-language consistency, but it makes
more sense in Python 3, where native strings are unicode, and the ``_unicode`` suffix
was wedded too much to Python 2.
Other Changes and Removals
--------------------------
* ``prefix`` removed as an unused keyword argument from :meth:`~.Socket.send_multipart`.
* ZMQStream :meth:`~.ZMQStream.send` default has been changed to `copy=True`, so it matches
Socket :meth:`~.Socket.send`.
* ZMQStream :meth:`~.ZMQStream.on_err` is deprecated, because it never did anything.
* Python 2.5 compatibility has been dropped, and some code has been cleaned up to reflect
no-longer-needed hacks.
* Some Cython files in :mod:`zmq.core` have been split, to reduce the amount of
Cython-compiled code. Much of the body of these files were pure Python, and thus did
not benefit from the increased compile time. This change also aims to ease maintaining
feature parity in other projects, such as
`pyzmq-ctypes <https://github.com/svpcom/pyzmq-ctypes>`_.
New Stuff
---------
* :class:`~.Context` objects can now set default options when they create a socket. These
are set and accessed as attributes to the context. Socket options that do not apply to a
socket (e.g. SUBSCRIBE on non-SUB sockets) will simply be ignored.
* :meth:`~.ZMQStream.on_recv_stream` has been added, which adds the stream itself as a
second argument to the callback, making it easier to use a single callback on multiple
streams.
* A :attr:`~Frame.more` boolean attribute has been added to the :class:`~.Frame` (née
Message) class, so that frames can be identified as terminal without extra queires of
:attr:`~.Socket.rcvmore`.
Experimental New Stuff
----------------------
These features are marked 'experimental', which means that their APIs are not
set in stone, and may be removed or changed in incompatible ways in later releases.
* :mod:`zmq.web` added for load-balancing requests in a tornado webapp with zeromq.
This plugin for the agent provides two tasks that were previously distributed
separatly:
* the NetDiscovery task allows the agent to scan the network to find remote
devices, through nmap, NetBios or SNMP, and to identify them
* the NetInventory task allows the agent to extract various informations from
a remote device through SNMP protocol
The FusionInventory agent is a generic management agent. It can perform a
certain number of tasks, according to its own execution plan, or on behalf of a
GLPI server with fusioninventory plugin, acting as a control point.
Two of these tasks are included in agent source distribution, local inventory
and wake on lan. Other tasks are distributed separatly, excepted for binary
distributions where they are bundled together.
BWPing is a tool to measure bandwidth and response times between
two hosts using Internet Control Message Protocol (ICMP) echo
request/echo reply mechanism. It does not require any special
software on the remote host. The only requirement is the ability
to respond on ICMP echo request messages.
