allow you to investigate disk images. The core functionality of TSK allows
you to analyze volume and file system data. The plug-in framework allows
you to incorporate additional modules to analyze file contents and build
automated systems. The library can be incorporated into larger digital
forensics tools and the command line tools can be directly used to find
evidence.
mod_fastcgi: fix mix up of “mode” => “authorizer” in other fastcgi configs (fixes 2465, thx peex)
fix handling of If-Modified-Since if If-None-Match is present (don’t return 412 for date parsing errors);
follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags.
[mod_fastcgi,log] support multi line logging (fixes 2252)
call ERR_clear_error only for ssl connections in CON_STATE_ERROR
reject non ASCII characters in HTTP header names
[mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes 2483)
[mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn’t use any salt, md5 with salt is probably better.
[mod_auth] fix base64_decode (2484)
fix some bugs found with canalyze (fixes 2484, thx Zhenbo Xu)
fix undefined stuff found with clang
[cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add Wl,-as-needed to extra warnings (fixes 2448)
[mod_auth] fix invalid read in digest qop=auth-int handling (fixes 2478)
[auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes 2490)
[mod_userdir] add userdir.active option, “enabled” by default
[core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS
[core] recognize more http methods to forward to backends (fixes 2346)
[ssl] use DH only if openssl supports it (fixes 2479)
[network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes 2470)
[ssl] Fix $HTTP[“scheme”] conditional, could be “http” for ssl connections if the ssl $SERVER[“socket”] conditional was nested (fixes 2501)
[ssl] accept ssl renegotiations if they are not disabled (fixes 2491)
[ssl] add option ssl.empty-fragments, defaulting to disabled (fixes 2492)
[auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes 2495)
[auth] new method “extern” to use already present REMOTE_USER (from magnet, ssl, …) (fixes 2436)
[core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all
[core] check whether server.chroot exists
[mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting)
[mod_accesslog] add accesslog.syslog-level option (fixes 2480)
[core] allow files to be used as document-root (fixes 2475)
[core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes 2502)
changes: bugfixes, among them a format string problem (CVE-2013-4474)
pkgsrc change: kill the poppler-cms/lcms option, it got broken recently
and it is not useful enough to justify the complexity
Features:
* documented in doc/NSD-4-features. Change configuration without restart,
direct nameserver control with nsd-control, support a higher number of zones.
Higher performance (compared to NSD3).
* nsdc is gone. Use kill -HUP for reload (also checks if zonefiles have
changed and rereads them), and kill -TERM for quit. Or use nsd-control
for detailed control.
* cron job for nsdc patch is gone. nsd-control write creates zonefiles.
* nsd.db has a new format that compacts itself when it is changed,
thus nsdc patch is no longer necessary.
* nsd.db is memory mapped, NSD needs (part of) that mmap in ram.
* tcp-count can go above 1000; epoll/kqueue support with libevent.
* nsd-control reconfig for updates with no restart (zones, keys, ..)
* nsd-control-setup to create keys for nsd-control (enable nsd-control
with remote-control: yes in nsd.conf).
Release 3.0.9 - 2013/10/29
--------------------------
Improvements
^^^^^^^^^^^^
* [doc][httpd] Added documentation about :ref:`groonga-database-auto-create` directive.
* [httpd] Added :ref:`groonga-cache-limit` directive.
* [doc] Added description why zlib/lzo compression are disabled by default. [groonga-dev, 01845] [Suggested by Naoya Murakami]
* Remove a restriction related to RLIMIT_NOFILE on HTTP server.
It enables HTTP server process to handle over 4096 files.
* [experimental] Added some API to integrate mruby into groonga. [GitHub#109, #110, #111, #112, #113, #114, #115, #116, #117, #118] [Patch by wanabe]
* [travis] Supported CMake build on Travis-CI.
* [doc] Added documentation about :doc:`reference/tuning`.
* [experimental] Added :doc:`ruby_load` command.
* [httpd] Supported multiple buffered body of POST request.
The load command caused timeout in such a case. [GitHub #120] [Patch by Motoi Washida]
* [gqtp] Supported error message. The body is changed to return
raw text insted of double quoted text. This is incompatible changes.
* [http] Supported "400 Bad request" for invalid argument error.
* [doc] Added examples for :doc:`/suggest/completion`
* Supported Ubuntu 13.10 (Saucy Salamander).
Fixes
^^^^^
* Fixed a bug that it cause SEGV by arithmetic overflow.
This problem occurs when the size of indexes exceeds
the size of virtual memory. [groonga-dev,01661]
[Reported by Naoya Murakami]
* Fixed needless lock for creating table.
This change fixes a performance regression instroduced at Groonga 3.0.5.
* Fixed a bug that database which has reference column can't be removed.
It affects the case that indexed tables/columns and referenced tables
are removed at first, then remove operation to index columns and
reference columns fails. [Reported by Eito Katagiri] [GitHub Rroonga #13]
* Fixed a bug that removing database which uses DAT key may remain garbage.
* [http] Fixed a small memory leak which is caused by shared HTTP header buffer in the same worker thread.
* [httpd] Fixed a bug that :ref:`groonga-database-auto-create` parameter
isn't inherited. It means that these parameters are just ignored in non location blocks.
* Fixed a bug that status command may returns invalid cache hit rate.
* Fix a bug that casting to Time may causes overflow issue.
It affects the case that assignment of the Time value which indicate over 32bit value.
This is a security fix to address CVE-2013-1445
Upstream changes:
-----------------
2.6.1
=====
* [CVE-2013-1445] Fix PRNG not correctly reseeded in some situations.
In previous versions of PyCrypto, the Crypto.Random PRNG exhibits a
race condition that may cause forked processes to generate identical
sequences of 'random' numbers.
Upstream changes:
-----------------
* Release 0.10 (23 Oct 2013)
Make the secp256k1 available in __init__.py too (thanks to Scott Bannert).
While here, adjust HOMEPAGE.
Django 1.5.5 fixes a couple security-related bugs and several other bugs in the 1.5 series.
Readdressed denial-of-service via password hashers
Django 1.5.4 imposes a 4096-byte limit on passwords in order to mitigate a denial-of-service attack through submission of bogus but extremely large passwords. In Django 1.5.5, we’ve reverted this change and instead improved the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
Properly rotate CSRF token on login
This behaviour introduced as a security hardening measure in Django 1.5.2 did not work properly and is now fixed.
Bugfixes
Fixed a data corruption bug with datetime_safe.datetime.combine.
Fixed a Python 3 incompatability in django.utils.text.unescape_entities().
Fixed a couple data corruption issues with QuerySet edge cases under Oracle and MySQL.
Fixed crashes when using combinations of annotate(), select_related(), and only()
Upstream changes:
0.322 2013-10-28 08:00:35 America/New_York
require a newer Getopt::Long to avoid --version conflicts
0.321 2013-10-26 07:44:19 America/New_York
avoiding getting [undef] in argument list in Simple apps
add --version support via version command (thanks, Jakob Voss!)
