1.3.5b - Released 10-Mar-2016
--------------------------------
- Bug 4187 - mod_geoip does not load all of the GeoIPTables properly.
- Bug 4191 - "Incorrect string value" reported by mod_sql_mysql for some UTF8
characters.
- Bug 4097 - SSH rekey fails when using RSA hostkey smaller than 2048 bits.
- Bug 4198 - MLSD/MLST fact type "cdir" is incorrectly used for the current
working directory.
- Bug 4201 - HiddenStores temporary files not removed when exceeding quota
using SCP.
- Bug 4202 - MLSD lines not properly terminated with CRLF.
- Bug 4209 - Zero-length memory allocation possible, with undefined results.
- Bug 4210 - Avoid unbounded SFTP extended attribute key/values.
- Bug 4212 - Ensure that FTP data transfer commands fail appropriately when
"RootRevoke on" is in effect.
- Bug 4217 - Handle FTP re-authentication attempts better.
- Bug 4223 - Permissions on files uploaded via STOU do not honor configured
Umask.
- Bug 4227 - Support SFTP clients that send multiple INIT requests.
- Bug 4230 - TLSDHParamFile directive appears ignored because unexpected DH is
chosen.
Changes noted in doc/en/ReleaseNote:
ver 3.7.0
* Support OSC 1337. (See http://www.iterm2.com/images.html)
* Support animation gif of OSC 5379 show_picture on MacOSX/cocoa.
* Enable to place configuration files in mlterm.app/mlterm/ on MacOSX/Cocoa.
* Add 'mlfc' tool which automatically generates ~/.mlterm/aafont and ~/.mlterm/font-fb.
* Change the format of ~/.mlterm/*font is changed as follows.
[Charset] = [Font name];[Size],[Font name];[Size],[Font name];...
-> [Charset] = [Font name]
* Drop XT_CBLINK (CSI?12h/CSI?12l) support.
* Simplify font configuration of OSC 5379. ('mlcc font USASCII <Font name>' is available.)
* "CSI 38;2;r;g;b m" and "CSI 48;2;r;g;b m" shows high colors instead of
approximate vt 256 colors. "vt_color_mode" / --vtcolor(=256/high/true) option
changes the behavior.
* Bug fixes:
Fix illegal memory access on MacOSX/Cocoa and Android.
Fix segfault in spliting window on MacOSX/Cocoa. (Enbugged at 3.6.2)
Changelog: 2016-03-05 PuTTY 0.67 released, fixing a SECURITY HOLE
PuTTY 0.67, released today, fixes a security hole in 0.66 and
before: vuln-pscp-sink-sscanf. It also contains a few other small
bug fixes.
Also, for the first time, the Windows executables in this release
(including the installer) are signed using an Authenticode certificate,
to help protect against tampering in transit from our website or
after downloading. You should find that they list "Simon Tatham"
as the verified publisher.
Changelog:
* Noteworthy changes in release 2.24 (2016-03-10) [stable]
** Bug fixes
grep -z would match strings it should not. To trigger the bug, you'd
have to use a regular expression including an anchor (^ or $) and a
feature like a range or a backreference, causing grep to forego its DFA
matcher and resort to using re_search. With a multibyte locale, that
matcher could mistakenly match a string containing a newline.
For example, this command:
printf 'a\nb\0' | LC_ALL=en_US.utf-8 grep -z '^[a-b]*b'
would mistakenly match and print all four input bytes. After the fix,
there is no match, as expected.
[bug introduced in grep-2.7]
grep -Pz now diagnoses attempts to use patterns containing ^ and $,
instead of mishandling these patterns. This problem seems to be
inherent to the PCRE API; removing this limitation is on PCRE's
maint/README wish list. Patterns can continue to match literal ^
and $ by escaping them with \ (now needed even inside [...]).
[bug introduced in grep-2.5]
during the build:
---8<---
downloading ICU data library (icudt)
the files will be extracted to: /pkgsrc-obj/textproc/R-stringi/work/.destdir/usr/pkg/lib/R/library/stringi/libs
no icudt in a local repo
trying URL 'http://static.rexamine.com/packages/icudt55l.zip'
Warning in download.file(paste(href, fname, sep = ""), outfname, mode = "wb") :
unable to resolve 'static.rexamine.com'
Error in download.file(paste(href, fname, sep = ""), outfname, mode = "wb"): cannot open URL 'http://static.rexamine.com/packages/icudt55l.zip'
Changes since 4.0.0:
As a successor to OpenCPN Version 4.0, OpenCPN Version 4.2 contains many new features and enhanced functions.
Among them are:
..Increased performance in all modes, particularly when using OpenGL graphics acceleration.
..Integrated Chart Downloader PlugIn, allowing systematic tracking and donwload of latest online charts from several popular sources.
..Integrated World Magnetic Model (WMM) PlugIn, providing accuratley calculated magnetic variation worldwide.
..Major update to embedded Users Manual.
..Measurably improved performance and reliability over all supported platforms.
more details here: http://opencpn.org/ocpn/release4.2
The cmake-gui(1) gained options to control warnings about deprecated functionality.
The cmake-gui(1) learned an option to set the toolset to be used with VS IDE and Xcode generators, much like the existing -T option to cmake(1).
The cmake-gui(1) gained a Regular Expression Explorer which may be used to create and evaluate regular expressions in real-time. The explorer window is available via the Tools menu.
The -Wdev and -Wno-dev cmake(1) options now also enable and suppress the deprecated warnings output by default.
The suppression of developer warnings as errors can now be controlled with the new -Werror=dev and -Wno-error=dev cmake(1) options.
The cmake(1) -E command-line tools copy, copy_if_different, copy_directory, and make_directory learned to support multiple input files or directories.
The cmake_parse_arguments() command is now implemented natively. The CMakeParseArguments module remains as an empty placeholder for compatibility.
The install(DIRECTORY) command learned to support generator expressions in the list of directories.
The CMAKE_ERROR_DEPRECATED variable can now be set using the -Werror=deprecated and -Wno-error=deprecated cmake(1) options.
The CMAKE_WARN_DEPRECATED variable can now be set using the -Wdeprecated and -Wno-deprecated cmake(1) options.
The VS_GLOBAL_<variable> target property is now implemented for VS 2010 and above. Previously it worked only in VS 2008 and below.
The ExternalProject module learned a new GIT_REMOTE_NAME option to control the git clone --origin value.
The FindBoost module now provides imported targets such as Boost::boost and Boost::filesystem.
The FindFLEX module FLEX_TARGET macro learned a new DEFINES_FILE option to specify a custom output header to be generated.
The FindGTest module now provides imported targets.
The FindGTK2 module, when GTK2_USE_IMPORTED_TARGETS is enabled, now sets GTK2_LIBRARIES to contain the list of imported targets instead of the paths to the libraries. Moreover it now sets a new GTK2_TARGETS variable containing all the targets imported.
The FindOpenMP module learned to support Clang.
The FindOpenSSL module gained a new OPENSSL_MSVC_STATIC_RT option to search for libraries using the MSVC static runtime.
The FindPNG module now provides imported targets.
The FindTIFF module now provides imported targets.
A FindXalanC module was introduced to find the Apache Xalan-C++ XSL transform processing library.
The FindXercesC module now provides imported targets.
Fixes CVE-2016-2145 and CVE-2016-2146
Changes since 0.10.0 frome NEWS file and patches/patch-0274
patch-0274
---------------------------------------------------------------------------
* Return 500 Internal Server Error if probe discovery fails.
Version 0.12.0
---------------------------------------------------------------------------
Security fixes:
* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client.
* [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
resource exhaustion) due to missing size checks when reading
POST data.
In addition this release contains the following new features and fixes:
* Add MellonRedirecDomains option to limit the sites that
mod_auth_mellon can redirect to. This option is enabled by default.
* Add support for ECP service options in PAOS requests.
* Fix AssertionConsumerService lookup for PAOS requests.
Version 0.11.1
---------------------------------------------------------------------------
Security fixes:
* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client.
* [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
resource exhaustion) due to missing size checks when reading
POST data
Version 0.11.0
---------------------------------------------------------------------------
* Add SAML 2.0 ECP support.
* The MellonDecode option has been disabled. It was used to decode
attributes in a Feide-specific encoding that is no longer used.
* Set max-age=0 in Cache-Control header, to ensure that all browsers
verifies the data on each request.
* MellonMergeEnvVars On now accepts second optional parameter, the
separator to be used instead of the default ';'.
* Add option MellonEnvVarsSetCount to specify if the number of values
for any attribute should also be stored in environment variable
suffixed _N.
* Add option MellonEnvVarsIndexStart to specify if environment variables
for multi-valued attributes should start indexing with 0 (default) or
with 1.
* Bugfixes:
* Fix error about missing authentication with DirectoryIndex in
Apache 2.4.
Changes since 2.4.1 from NEWS file:
2.5.1 - February 19th 2016
---------------------------
17 commits, 16 files changed, 1096 insertions, 42 deletions
- Add missing urn constants used in PAOS HTTP header
- Set NotBefore in SAML 2.0 login assertions
- tests: fix leak in test test16_test_get_issuer
- id-ff: fix leak of profile->private_data->message_id
- saml-2.0: fix leak of message_id in
lasso_profile_saml20_build_paos_request_msg
- tests: fix leaks in test_ecp
- xml: fix wrong termination of comment
- xml: fix leak in lasso_soap_envelope_new_full
- profile: fix leak of private idp_list field
- saml-2.0: fix leaks of url
- tests: fix leak
- tests: update valgrind suppressions
- perl: remove quotes from $PERL -V::ccflags: output (#9572)
- Fix wrong snippet type (fixes#9616). Thanks to Brett Gardner for the patch.
- tools.c: use correct NID and digest length when building RSA signature
using SHA-2 digest
(fixes#10019) Thanks to Brett Gardner for the patch.
- bindings/php5: fix enum getters and setters (fixes#10032). Thanks to
Brett Gardner for the bug report.
- fix warning about INCLUDES directive
2.5.0 - September 2nd 2015
--------------------------
151 commits, 180 files changed, 8391 insertions, 1339 deletions
- lots of bugfixes (reported by static analysis tools like clang,
coverity and manual inspection) thanks to Simo Sorce and John Dennis from
RedHat
- xsd:choices are now parsed correctly by implementing a real finite automata
for parsing XML documents. New flag for jumping forward and backward in
schema snippets have been added. It fixes parsing of message from third
party not following the ordre from the schema (they are entitled to do it but
most SAML implementations do not)
- added C CGI examples for SP and IdP side
- removed the _POSIX_SOURCE declaration
- added support for the SHA-2 family of hash functions
- fixed protocol profile selection when parsing AuthnRequest
- added support for Python 3, thanks to Houzefa Abbasbhay from
XCG Consulting
- fixed default value of WantAuthnRequestSigned in metadata parsing
- SAML 2.0 ECP is now functionnal, thanks to John Dennis from RedHat
- added two new API function to LassoProfile to extract the Issuer and
InResponseTo attribute of messages, allowing pre-treatment before parsing
the message, to load the metadata of the remote provider, or find the request
which the response matches.
- fixed segfault when parsing HTTP-Redirect marlformed base64 content
- added support for automake 1.15 (jdennis)
2016/03/14 : 1.6.4
- BUG/MINOR: http: fix several off-by-one errors in the url_param
parser
- BUG/MINOR: http: Be sure to process all the data received from a
server
- BUG/MINOR: chunk: make chunk_dup() always check and set
dst->size
- MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero
- MINOR: chunks: add chunk_strcat() and chunk_newstr()
- MINOR: chunk: make chunk_initstr() take a const string
- MINOR: lru: new function to delete <nb> least recently used keys
- DOC: add Ben Shillito as the maintainer of 51d
- BUG/MINOR: 51d: Ensures a unique domain for each configuration
- BUG/MINOR: 51d: Aligns Pattern cache implementation with HAProxy
best practices.
- BUG/MINOR: 51d: Releases workset back to pool.
- BUG/MINOR: 51d: Aligned const pointers to changes in 51Degrees.
- CLEANUP: 51d: Aligned if statements with HAProxy best practices
and removed casts from malloc.
- DOC: fix a few spelling mistakes
- DOC: fix "workaround" spelling
- BUG/MINOR: examples: Fixing haproxy.spec to remove references to
.cfg files
- MINOR: fix the return type for dns_response_get_query_id()
function
- MINOR: server state: missing LF (\n) on error message printed
when parsing server state file
- BUG/MEDIUM: dns: no DNS resolution happens if no ports provided
to the nameserver
- BUG/MAJOR: servers state: server port is erased when dns
resolution is enabled on a server
- BUG/MEDIUM: servers state: server port is used uninitialized
- BUG/MEDIUM: config: Adding validation to stick-table expire
value.
- BUG/MEDIUM: sample: http_date() doesn't provide the right day of
the week
- BUG/MEDIUM: channel: fix miscalculation of available buffer
space.
- MEDIUM: pools: add a new flag to avoid rounding pool size up
- BUG/MEDIUM: buffers: do not round up buffer size during
allocation
- BUG/MINOR: stream: don't force retries if the server is DOWN
- BUG/MINOR: counters: make the sc-inc-gpc0 and sc-set-gpt0 touch
the table
- MINOR: unix: don't mention free ports on EAGAIN
- BUG/CLEANUP: CLI: report the proper field states in "show sess"
- MINOR: stats: send content-length with the redirect to allow
keep-alive
- BUG: stream_interface: Reuse connection even if the output
channel is empty
- DOC: remove old tunnel mode assumptions
- BUG/MAJOR: http-reuse: fix risk of orphaned connections
- BUG/MEDIUM: http-reuse: do not share private connections across
backends
- BUG/MINOR: ssl: Be sure to use unique serial for regenerated
certificates
- BUG/MINOR: stats: fix missing comma in stats on agent drain
- BUG/MINOR: lua: unsafe initialization
- DOC: lua: fix somme errors
- DOC: add server name at rate-limit sessions example
- BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation
- BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation
- DOC: LUA: fix some typos and syntax errors
- MINOR: cfgparse: warn for incorrect 'timeout retry' keyword
spelling in resolvers
- MINOR: mailers: increase default timeout to 10 seconds
- MINOR: mailers: use <CRLF> for all line endings
- BUG/MAJOR: lua: applets can't sleep.
- BUG/MINOR: server: some prototypes are renamed
- BUG/MINOR: lua: Useless copy
- BUG/MEDIUM: stats: stats bind-process doesn't propagate the
process mask correctly
- BUG/MINOR: server: fix the format of the warning on address
change
- BUG/MEDIUM: chunks: always reject negative-length chunks
- BUG/MINOR: systemd: ensure we don't miss signals
- BUG/MINOR: systemd: report the correct signal in debug message
output
- BUG/MINOR: systemd: propagate the correct signal to haproxy
- MINOR: systemd: ensure a reload doesn't mask a stop
- BUG/MEDIUM: cfgparse: wrong argument offset after parsing server
"sni" keyword
- CLEANUP: stats: Avoid computation with uninitialized bits.
- CLEANUP: pattern: Ignore unknown samples in pat_match_ip().
- CLEANUP: map: Avoid memory leak in out-of-memory condition.
- BUG/MINOR: tcpcheck: fix incorrect list usage resulting in
failure to load certain configs
- BUG/MAJOR: samples: check smp->strm before using it
- MINOR: sample: add a new helper to initialize the owner of a
sample
- MINOR: sample: always set a new sample's owner before evaluating
it
- BUG/MAJOR: vars: always retrieve the stream and session from the
sample
- CLEANUP: payload: remove useless and confusing nullity checks
for channel buffer
- BUG/MINOR: ssl: fix usage of the various sample fetch functions
- MINOR: cfgparse: warn when uid parameter is not a number
- MINOR: cfgparse: warn when gid parameter is not a number
- BUG/MINOR: standard: Avoid free of non-allocated pointer
- BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition
- CLEANUP: http: fix a build warning introduced by a recent fix
- BUG/MINOR: log: GMT offset not updated when entering/leaving DST
of itself, but cuts down on noise from libdrm and MesaLib in X11_TYPE=native
bulk builds. Also, only enable the Present extension if building with DRI.
CVS: ----------------------------------------------------------------------
CVS: CVSROOT cvs.NetBSD.org:/cvsroot
CVS: please use "PR category/123" to have the commitmsg appended to PR 123
CVS: ----------------------------------------------------------------------
CVS: CVSROOT cvs.NetBSD.org:/cvsroot
CVS: please use "PR category/123" to have the commitmsg appended to PR 123
This package is well beyond obsolete, and is no longer maintained
upstream. It only existed because postgis2 (now at 2.2, 2 major
releases later) was added instead of just updating this one.
