Fix incorrect output for some types of FAR or SEG references in the obj output format, and possibly other 16-bit output formats.
Fix the address in the list file for an instruction containing a TIMES directive.
Fix error with TIMES used together with an instruction which can vary in size, e.g. JMP.
Fix breakage on some uses of the DZ pseudo-op.
The 5.6.5 release was mostly a maintenance release. The release included two CVE fixes.
The first, CVE-2016-7420, was a procedural finding due to external build systems failing to define NDEBUG for release builds. The gap was the project's failure to tell users to define NDEBUG. The second, CVE-2016-7544, was a potential memory corruption on Windows platforms when using Microsoft compilers due to use of _malloca and _freea.
Due to CVE-2016-7420 and the possibility for an unwanted assert to egress data, users and distros are encouraged to recompile the library and all dependent programs.
* Recommend cron-daemon, rather than cron, as etckeeper only needs
cron.daily functionality. Closes: #762721
* Handle failure to commit in post-install, pre-install by showing a
warning, rather than propigating the error to apt.
This avoids breaking the apt run when eg, git is misconfigured and
cannot commit.
pre-install already did this when it was able to use debconf to display a
message, but now debconf is not used, and it always behaves this way.
Closes: #760011
* Ignore check-mk-agent-logwatch's FHS violating
/etc/check_mk/logwatch.state. Closes: #753903
* Only allow [-a-z_] in etckeeper commands to avoid any possible directory
traversal etc issues.
* update-ignore, uninit: Fix parsing of ignore files containing '\'
* Portability fixes. Thanks, Harald Dunkel.
* Add support for pushing to multiple remote repositories.
Thanks, Rouben.
* Fix handling of git ignores like dir/*
Thanks, Pim van den Berg
* Fix too broad matching of .gitignored files.
Closes: #732339
* Remove lvm/backup from default ignores, because lvm
documentation recommends backing that up, for use by
vgcfgrestore.
* Fix exporting of some git variables. Closes: #728583
* Fix git update-ignore syntax. Closes: #721873
* Avoid listing .gitignored files in .etckeeper file. Closes: #607665
Thanks, Zdenek Crha
* Fix hilarious typo hardcoding my name. Closes: #718425
* Guard git config calls. Closes: #717957
* Quote user and group names, in case one contains a space.
* Added support for the pacman package manager.
(Thanks, Tiago Stürmer Daitx)
* Use user.name and user.email from the .gitconfig file belonging to the
user who sued or sudoed to root, in preference to making up values for
that user.
* cron.daily: Fix typo in stale lockfile handling code.
Closes: #717908
* Deal with unix^wlinux portability nonsense.
* Add assertion that double-wide CAS target is aligned (msftc/x86[_64])
* Add configure --enable-gcov option (enable code coverage analysis)
* Code refactoring of gcc/powerpc.h to avoid code duplication
* Eliminate 'cast to long from void*' compiler warning in test_atomic
* Eliminate 'implicit declaration of close' warning in 'strict ANSI' mode
* Eliminate 'missing braces around initializer' gcc warning (hppa)
* Eliminate 'printf format specifies type void*' GCC pedantic warnings
* Eliminate 'value shift followed by expansion' false code defect warning
* Enable limited testing in Makefile.msft without Cygwin
* Fix (delete) comment for AO_and_full (x86)
* Fix block_all_signals compilation in 'strict ANSI' mode
* Fix missing .exe for test filenames in Makefile (MinGW)
* Fix missing printed value names (test_stack)
* Implement fetch-CAS for s390[x] (gcc)
* Move libraries version info to the beginning of Makefile.am
* Refine documentation in Makefile.msft how to run all tests (MS VC)
* Refine README about library downloading
* Rename doc/README.txt to doc/README_details.txt
* Support AIX/ppc (gcc)
* Support CFLAGS_EXTRA to pass extra user-defined compiler flags (make)
* Support n32 ABI for mips64
* Update shared libraries version info for 7.4.6+ (to 1:4:0)
* Use 'inline code' format for commands in README.md
* Use LLD and SCD instructions on mips64
* Workaround 'resource leak' false positives in AO_malloc, add_elements
* Workaround 'uninitialized memory use' MemorySanitizer warning (test_atomic)
Also, includes 7.2h changes
=====================================
Dependencies
------------
1.6b1
* (updated) latex output is tested with Ubuntu trusty's texlive packages (Feb.
2014) and earlier tex installations may not be fully compliant, particularly
regarding Unicode engines xelatex and lualatex
* (added) latexmk is required for ``make latexpdf`` on Unix-like platforms
Incompatible changes
--------------------
1.6b1
* 1061, 2336, 3235: Now generation of autosummary doesn't contain imported
members by default. Thanks to Luc Saffre.
* LaTeX ``\includegraphics`` command isn't overloaded: only ``\sphinxincludegraphics``
has the custom code to fit image to available width if oversized.
* The subclasses of ``sphinx.domains.Index`` should override ``generate()``
method. The default implementation raises NotImplementedError
* LaTeX positioned long tables horizontally centered, and short ones
flushed left (no text flow around table.) The position now defaults to center in
both cases, and it will obey Docutils 0.13 ``:align:`` option (refs 3415, 3377)
* option directive also allows all punctuations for the option name (refs: 3366)
* 3413: if :rst:dir:`literalinclude`'s ``:start-after:`` is used, make ``:lines:``
relative (refs 3412)
* ``literalinclude`` directive does not allow the combination of ``:diff:``
option and other options (refs: 3416)
* LuaLaTeX engine uses ``fontspec`` like XeLaTeX. It is advised ``latex_engine
= 'lualatex'`` be used only on up-to-date TeX installs (refs 3070, 3466)
* :confval:`latex_keep_old_macro_names` default value has been changed from
``True`` to ``False``. This means that some LaTeX macros for styling are
by default defined only with ``\sphinx..`` prefixed names. (refs: 3429)
* Footer "Continued on next page" of LaTeX longtable's now not framed (refs: 3497)
* 3529: The arguments of ``BuildEnvironment.__init__`` is changed
* 3082: Use latexmk for pdf (and dvi) targets (Unix-like platforms only)
* 3558: Emit warnings if footnotes and citations are not referenced. The
warnings can be suppressed by ``suppress_warnings``.
* latex made available (non documented) colour macros from a file distributed
with pdftex engine for Plain TeX. This is removed in order to provide better
support for multiple TeX engines. Only interface from ``color`` or
``xcolor`` packages should be used by extensions of Sphinx latex writer.
Snort 2.9 introduces the DAQ, or Data Acquisition library, for packet I/O. The
DAQ replaces direct calls to libpcap functions with an abstraction layer that
facilitates operation on a variety of hardware and software interfaces without
requiring changes to Snort. It is possible to select the DAQ type and mode
when invoking Snort to perform pcap readback or inline operation, etc. The
DAQ library may be useful for other packet processing applications and the
modular nature allows you to build new modules for other platforms.
Here are major changes since 2.4:
* we've moved to github!
* Bryan Chan has contributed s390x support
* stacktrace capturing via libgcc's _Unwind_Backtrace was implemented
(for architectures with missing or broken libunwind).
* "emergency malloc" was implemented. Which unbreaks recursive calls
to malloc/free from stacktrace capturing functions (such us glib'c
backtrace() or libunwind on arm). It is enabled by
--enable-emergency-malloc configure flag or by default on arm when
--enable-stacktrace-via-backtrace is given. It is another fix for a
number common issues people had on platforms with missing or broken
libunwind.
* C++14 sized-deallocation is now supported (on gcc 5 and recent
clangs). It is off by default and can be enabled at configure time
via --enable-sized-delete. On GNU/Linux it can also be enabled at
run-time by either TCMALLOC_ENABLE_SIZED_DELETE environment variable
or by defining tcmalloc_sized_delete_enabled function which should
return 1 to enable it.
* we've lowered default value of transfer batch size to 512. Previous
value (bumped up in 2.1) was too high and caused performance
regression for some users. 512 should still give us performance
boost for workloads that need higher transfer batch size while not
penalizing other workloads too much.
* Brian Silverman's patch finally stopped arming profiling timer
unless profiling is started.
* Andrew Morrow has contributed support for obtaining cache size of the
current thread and softer idling (for use in MongoDB).
* we've implemented few minor performance improvements, particularly
on malloc fast-path.
Version 8.27.0 [v8-stable] 2017-05-16
- imkafka: add module
- imptcp enhancements:
* optionally emit an error message if incoming messages are truncated
* optionally emit connection tracking message (on connection create and
close)
* add "maxFrameSize" parameter to specify the maximum size permitted
in octet-counted mode
* add parameter "discardTruncatedMsg" to permit truncation of
oversize messages
* improve octect-counted mode detection: if the octet count is larger
then the set frame size (or overly large in general), it is now
assumed that octet-stuffing mode is used. This probably solves a
number of issues seen in real deployments.
- imtcp enhancements:
* add parameter "discardTruncatedMsg" to permit truncation of
oversize messages
* add "maxFrameSize" parameter to specify the maximum size permitted
in octet-counted mode
- imfile bugfix: "file not found error" repeatedly being reported
for configured non-existing file.
- imfile: in inotify mode, add error message if configured file cannot
be found
- imfile: add parameter "fileNotFoundError" to optinally disable
"file not found" error messages
- core: replaced gethostbyname() with getaddrinfo() call
- omkafka: add "origin" field to stats output
- imuxsock: rate-limiting also uses process name
both for the actual limit procesing as well as warning messages emitted
- Added new module: KSI log signing ver. 1.2 (lmsig_ksi_ls12)
- rsylsog base functionality now builds on osx (Mac)
- build now works on solaris again
- imfile: fix cross-platform build issue
- bugfix core: segfault when no parser could parse message
- bugfix core: rate-limit internal messages when going to external log system
- bugfix core: when obtaining local hostname, a NULL pointer could be
accessed.
- bugfix core: on shutdown, stderr was written to, even if alrady closed
- bugfix core: perform MainqObj destruction only when not NULL already
- bugfix core: memory leak when internal messages not processed internally
- bugfix imptcp: potential overflow in octet count computation
when a very large octet count was specified, the counter could overflow
Pkgsrc changes:
Adapt PLIST.
Upstream changes:
* Version 3.5.12 (released 2017-05-11)
** libgnutls: enabled TCP Fast open for MacOSX. Patch by Tim Ruehsen.
** libgnutls: gnutls_x509_crt_check_hostname2() no longer matches IP addresses
against DNS fields of certificate (CN or DNSname). The previous behavior
was to tolerate some misconfigured servers, but that was non-standard
and skipped any IP constraints present in higher level certificates.
** libgnutls: when converting to IDNA2008, fallback to IDNA2003
(i.e., transitional encoding) if the domain cannot be converted.
That provides maximum compatibility with browsers like firefox
that perform the same conversion.
** libgnutls: fix issue in RSA-PSK client callback which resulted
in no username being sent to the peer. Patch by Nicolas Dufresne.
** libgnutls: fix regression causing stapled extensions in trust modules not
to be considered.
** certtool: introduced the email_protection_key option. This
option was introduced in documentation for certtool without an
implementation of it. It is a shortcut for option 'key_purpose_oid
= 1.3.6.1.5.5.7.3.4'.
** certtool: made printing of key ID and key PIN consistent between
certificates, public keys, and private keys. That is the private
key printing now uses the same format as the rest.
** gnutls-cli: introduced the --sni-hostname option. This allows overriding the
hostname advertised to the peer.
** API and ABI modifications:
No changes since last version.
* Version 3.5.11 (released 2017-04-07)
** gnutls.pc: do not include libtool options into Libs.private.
** libgnutls: Fixed issue when rehandshaking without a client certificate in
a session which initially used one. Reported by Frantisek Sumsal.
** libgnutls: Addressed read of 4 bytes past the end of buffer in OpenPGP
certificate parsing. Issues found using oss-fuzz project and were fixed
by Alex Gaynor:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=737https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=824
** libgnutls: Introduced locks in gnutls_pkcs11_privkey_t structure access.
That allows PKCS#11 operations such as signing to be performed with the
same object from multiple threads.
** libgnutls: Added support for MacOSX key chain for obtaining
trust store's root CA certificates. That is,
gnutls_x509_trust_list_add_system_trust() and
gnutls_certificate_set_x509_system_trust() will load the certificates
from the key chain. That also means that we no longer check for a
default trust store file in configure when building on MacOSX (unless
explicitly asked to). Patch by David Caldwell.
** libgnutls: when disabling OpenPGP authentication, the resulting library
is ABI compatible (with openpgp related functions being stubs that fail
on invocation).
** API and ABI modifications:
No changes since last version.
* Version 3.5.10 (released 2017-03-06)
** gnutls.pc: do not include libidn2 in Requires.private. The
libidn2 versions available do not include libidn2.pc, thus the
inclusion was causing pkg-config issues. Instead we include
-lidn2 in Libs.private when compile against libidn2.
** libgnutls: optimized access to subject alternative names (SANs)
in parsed certificates. The previous implementation assumed a
small number of SANs in a certificate, with repeated calls to
ASN.1 decoding of the extension without any intermediate caching.
That caused delays in certificates with a long list of names in
functions such as gnutls_x509_crt_check_hostname(). With the
current code, the SANs are parsed once on certificate import.
Resolves gitlab issue #165.
** libgnutls: Addressed integer overflow resulting to invalid memory
write in OpenPGP certificate parsing. Issue found using oss-fuzz
project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
[GNUTLS-SA-2017-3A]
** libgnutls: Addressed read of 1 byte past the end of buffer in OpenPGP
certificate parsing. Issue found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
** libgnutls: Addressed crashes in OpenPGP certificate parsing, related
to private key parser. No longer allow OpenPGP certificates (public keys)
to contain private key sub-packets. Issue found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 [GNUTLS-SA-2017-3B]
** libgnutls: Addressed large allocation in OpenPGP certificate parsing, that
could lead in out-of-memory condition. Issue found using oss-fuzz project,
and was fixed by Alex Gaynor:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 [GNUTLS-SA-2017-3C]
** libgnutls: Print the key PIN value used by the HPKP protocol as per RFC7469
when printing certificate information.
** libgnutls: gnutls_ocsp_resp_verify_direct() and gnutls_ocsp_resp_verify()
flags can be set from the gnutls_certificate_verify_flags enumeration.
This allows the functions to pass the same flags available for certificates
to the verification function (e.g., GNUTLS_VERIFY_DISABLE_TIME_CHECKS or
GNUTLS_VERIFY_ALLOW_BROKEN).
** libgnutls: gnutls_store_commitment() can accept flag
GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN. This is to allow the function to operate
in applications which use SHA1 for example, after SHA1 is deprecated.
** certtool: No longer ignore the 'add_critical_extension' template option if
the 'add_extension' option is not present.
** gnutls-cli: Added LMTP, POP3, NNTP, Sieve and PostgreSQL support to the
starttls-proto command. Patch by Robert Scheck.
** API and ABI modifications:
No changes since last version.
This is a regularly scheduled stable release.
Resolved issues:
#1879: It is now possible to create custom event subscriptions via the REST API.
#2250: Removing large folders now uses less memory.
#3307: The minimum disk space (per folder and for the home disk) can now be set to an absolute value.
#3965: Pausing or reconfiguring a folder will no longer start extra scans. Pausing a folder stops scanning.
#3996: Ignore patterns can now be set at folder creation time, and for paused folders.
#4020: It is no longer possible to configure the GUI/API to listen on a privileged port using the standard settings dialog.
#4096: The device allowed subnet list can now include negative ("!") entries to disallow subnets.
#4112: Doing "Override changes" now uses less memory.
* Fix "Segment not available from server" errors
* The --cache-init option. Use --cache-rebuild instead when upgrading.
* The SRT subtitles produced by get_iplayer now include <font> tags to
preserve the colour information from the TTML originals.
* get_iplayer now supports the BBC "bidi" CDN, so additional streams
are available for TV programmes.
* hvf modes (the default) for TV programmes will now produce files
with 320k audio, if available. 320k audio is not available for hls
or dvf modes.
Full release notes available fromt:
https://github.com/get-iplayer/get_iplayer/wiki/release301
Tue May 2 18:37:53 CEST 2017
Update manual. -CG
Add MHD_CONNECTION_INFO_REQUEST_HEADER_SIZE.
Releasing GNU libmicrohttpd 0.9.54. -CG
Thu Apr 27 22:31:00 CEST 2017
Replaced flags MHD_USE_PEDANTIC_CHECKS and MHD_USE_PERMISSIVE_CHECKS by
single option MHD_OPTION_STRICT_FOR_CLIENT. Flag MHD_USE_PEDANTIC_CHECKS
is still supported. -EG
Tue Apr 26 15:11:00 CEST 2017
Fixed shift in HTTP reasons strings.
Added test for HTTP reasons strings. -EG
Tue Apr 25 19:11:00 CEST 2017
Allow flag MHD_USE_POLL with MHD_USE_THREAD_PER_CONNECTION and without
flag MHD_USE_INTERNAL_POLLING_THREAD for backward compatibility. -EG
Mon Apr 24 17:29:45 CEST 2017
Enforce RFC 7230's rule on no whitespace by default,
introduce new MHD_USE_PERMISSIVE_CHECKS to disable. -CG
Sun Apr 23 20:05:44 CEST 2017
Enforce RFC 7230's rule on no whitespace in HTTP header
field names if MHD_USE_PEDANTIC_CHECKS is set. -CG
Sun Apr 23 19:20:33 CEST 2017
Replace remaining occurences of sprintf() with
MHD_snprintf_(). Thanks to Ram for pointing this out. -CG
Sat Apr 22 20:39:00 MSK 2017
Fixed builds in Linux without epoll.
Check for invalid --with-thread= configure parameters.
Fixed support for old libgcrypt on W32 with W32 threads. -EG
