* Maintenance release
ARQ rx/tx
* Added tx code to correct transfers of 8 bit ARQ data.
Needed to circumvent recent UTF-8 char support when
transferring data files.
* Added status bar notification when AMP extraction is
is being processed.
* Removed timeout on "Extracting FLAMP" and "Extracting FLMSG"
status messages.
Here are change changes from release note. Note security fixes except
CVE-2012-5166 should be already fixed in previous version of bind99 package.
Please refer https://kb.isc.org/article/AA-00798 for list of full bug fixes.
Security Fixes
* A deliberately constructed combination of records could cause named to hang
while populating the additional section of a response. [CVE-2012-5166] [RT
#31090]
* Prevents a named assert (crash) when queried for a record whose RDATA
exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
* Prevents a named assert (crash) when validating caused by using "Bad cache"
data before it has been initialized. [CVE-2012-3817] [RT #30025]
* A condition has been corrected where improper handling of zero-length RDATA
could cause undesirable behavior, including termination of the named
process. [CVE-2012-1667] [RT #29644]
* ISC_QUEUE handling for recursive clients was updated to address a race
condition that could cause a memory leak. This rarely occurred with UDP
clients, but could be a significant problem for a server handling a steady
rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]
New Features
* Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are
now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-checkds" command that checks a zone to
determine which DS records should be published in the parent zone, or which
DLV records should be published in a DLV zone, and queries the DNS to ensure
that it exists. (Note: This tool depends on python; it will not be built or
installed on systems that do not have a python interpreter.) [RT #28099]
* Introduces a new tool "dnssec-verify" that validates a signed zone, checking
for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673]
* Adds configuration option "max-rsa-exponent-size <value>;" that can be used
to specify the maximum rsa exponent size that will be accepted when
validating [RT #29228]
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer.
[RT #29492]
Here are change changes from release note. Note security fixes except
CVE-2012-5166 should be already fixed in previous version of bind98 package.
Please refer https://kb.isc.org/article/AA-00797 for list of full bug fixes.
Security Fixes
* A deliberately constructed combination of records could cause named to hang
while populating the additional section of a response. [CVE-2012-5166] [RT
#31090]
* Prevents a named assert (crash) when queried for a record whose RDATA
exceeds 65535 bytes [CVE-2012-4244] [RT #30416]
* Prevents a named assert (crash) when validating caused by using "Bad cache"
data before it has been initialized. [CVE-2012-3817] [RT #30025]
* A condition has been corrected where improper handling of zero-length RDATA
could cause undesirable behavior, including termination of the named
process. [CVE-2012-1667] [RT #29644]
New Features
* Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are
now supported per RFC 6605. [RT #21918]
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer.
[RT #29492]
Here are change changes from release note. Note security fixes except
CVE-2012-5166 should be already fixed in previous version of bind97 package.
Please refer https://kb.isc.org/article/AA-00796 for list of full bug fixes.
Security Fixes
* A deliberately constructed combination of records could cause named to hang
while populating the additional section of a response. [CVE-2012-5166] [RT
#31090]
* Prevents a named assert (crash) when queried for a record whose RDATA
exceeds 65535 bytes [CVE-2012-4244] [RT #30416]
* Prevents a named assert (crash) when validating caused by using "Bad cache"
data before it has been initialized. [CVE-2012-3817] [RT #30025]
* A condition has been corrected where improper handling of zero-length RDATA
could cause undesirable behavior, including termination of the named
process. [CVE-2012-1667] [RT #29644]
New Features
None
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer.
[RT #29492]
Here are change changes from release note. Note security fixes except
CVE-2012-5166 should be already fixed in previous version of bind96 package.
Please refer https://kb.isc.org/article/AA-00795 for list of full bug fixes.
Security Fixes
* A deliberately constructed combination of records could cause named to hang
while populating the additional section of a response. [CVE-2012-5166] [RT
#31090]
* Prevents a named assert (crash) when queried for a record whose RDATA
exceeds 65535 bytes [CVE-2012-4244] [RT #30416]
* Prevents a named assert (crash) when validating caused by using "Bad cache"
data before it has been initialized. [CVE-2012-3817] [RT #30025]
* A condition has been corrected where improper handling of zero-length RDATA
could cause undesirable behavior, including termination of the named
process. [CVE-2012-1667] [RT #29644]
New Features
None
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer.
[RT #29492]
pkg/47045
pkg/47047
pkg/47049
Following change pulled up from wip/ghostscript (9.06)
(3) patch-freetype_include_freetype_internal_t1types_h
Delete due to (1) patch will take care.
pkg/47045
pkg/47047
pkg/47049
Following change pulled up from wip/ghostscript (9.06)
(1) patch-ah (configure)
Add CPPFLAG to refer ghostscript-included freetype
(regardless of X11_TYPE=native or modular).
(2) patch-af (base/unix-dll.mk)
Adjust to build on Mac OS X.
(3) patch-freetype_include_freetype_internal_t1types_h
Delete due to (1) patch will take care.
Rather than passing -Wno-unused-but-set-variable flag to satisfy -Werror,
just remove the -Werror directive. This protects older compilers that
might break on an unrecognized future flag.
GCC 4.6+ does not tolerate flags starting with "--" like older versions
of GCC do. These flags were meant to fall to the linker but starting
with GCC 4.6, they must be explicitly prefixed with "-Wl,"
Fixes the gcc 4.7.2 breakage on "--no-undefined".
Changes:
The Type 1 Euler fonts have been upgraded so that some inconsistencies
with the character widths in the corresponding TFM files have been
fixed, and minor optimizations were carried out on some of the
character outlines. The changes affect only the PFB, AFM, and PFM
files.
xsltproc and Docbook packages do not enable this unexpectedly. Fixes
the build whenever manpages get enabled for some reason, as the PLIST
does not account for them.
GCC 4.6+ does not tolerate flags starting with "--" like older versions
do. These flags were meant to fall to the linker, but starting with
GCC 4.6, they have to be explicitly prefixed with "-Wl,".
Fix the gcc 4.7 breakage on "--warn-common".
Although the claim that using the -Wno-unused-but-set-variable flag
breaks the build for older GCCs is unsubstantiated at this time, the
previous fix for gcc47 is removed in favor of deleting -Werror which
is exactly what the cross/binutils makefile does.
geoclue uses -Werror, but gcc4.6+ has a new warning,
unused-but-set-variable which will break the build. Add a CFLAG to
inhibit the warning to fix build on gcc4.6+.
