The hack to let lib/bsd-list.h substitute for <sys/queue.h> and
prevent the latter's processing fails miserably on NetBSD, because
on NetBSD, <net/if.h> requires the TAILQ_* macros which are not
defined in lib/bsd-list.h.
No PKGREVISION bump since this is a build fix only.
pkgsrc changes:
- add a patch for workaround for upstream Redmine ticket #1064
- update dependencies per upstream Gemfile
Upstream changes:
- error messages about ja_KS locale on startup
- restrict version of Deferred to avoid issue on the latest one
- fix typo
- new functions for UserConfig
- trigger 'userconfig_modify' events when UserConfig values are updated
- abandon use of UserConfig.connect to avoid memory leak on some error paths
- crash in some case if actual timeline is not created
- specify gtk2 3.1.8
Based on a PR from @coyhile
(https://github.com/joyent/pkgsrc/issues/18). Splits modules with
external dependencies into separate packages.
The 1.1.x branch was EOL'd in 2008. No upgrade guide from 1.1.x to 3.0.x
seem to exist.
Summary of improvements in 3.x:
- Moved configuration entries in radiusd.conf to make more sense.
- Added the "integer64" and "ipv4prefix" data types.
- Added RADIUS over TLS (i.e. RadSec). See raddb/sites-available/tls.
- Updated internal API to support new attributes and formats.
- Added code to send SNMP Traps. See raddb/trigger.conf.
- Added preliminary support for Apple's Grand Central Dispatch.
- Added provisions for raddb/dictionary.local, for local changes See
raddb/dictionary for more details.
- Added packet/s tracking. See max_pps in the "listen" section.
- The %{} expansions and "unlang" conditions are now parsed at server
start. Descriptive errors are produced for syntax and format errors.
- Casting is now supported for "unlang" comparisons. See "man unlang"
e.g. <ipaddr>127.0.0.1 == Framed-IP-Address.
- Direct comparison of attribute references is now supported e.g. &Foo
== &Bar. This avoids stringification of the attributes.
- Direct assignment of attributes is now supported e.g. Foo := &Bar. It
also works for "octets" data types.
- Comparisons of IPv4 and IPv6 prefixes are now supported The "<"
operator means "within the prefix" for comparisons.
- New sha1 xlat expansion (thanks to Alan Buxey).
- Colourised log messages when logging to stdout. Look for yellow
warnings and red errors. Doing this will save you a LOT of grief.
- If the PCRE library is available, use it (insted of the POSIX
functions) to process regular expressions (thanks to Phil Mayers).
- -xv now displays all the features the server was built with, and the
versions of the core libraries (libtalloc, libssl).
Summary of improvements in 2.x:
- simple policy language (see "man unlang")
- virtual servers ("raddb/sites-available/README")
- IPv6 support
- better proxy support ("raddb/proxy.conf")
- More EAP types
- Debugging output should be <em>much</em> easier to understand
- VMPS support
- More modules have been moved to "stable" status (python, etc.)
- SQL configuration has been cleaned up (see "raddb/sql/*")
- limited support for HUP. (The configuration for some modules is
re-loaded on HUP. Nothing else is reloaded.)
- check configuration and exit ("radiusd -C")
- Server core is now event based (simpler, more powerful)
- fix for CVE-2016-7069 and CVE-2017-7557.
- applying rules on cache hits
- addition of runtime changeable rules that matches IP address for a
certain time: TimedIPSetRule
- SNMP support, exporting statistics and sending traps
- preventing the packet cache from ageing responses when deployed in
front of authoritative servers
- TTL alteration capabilities
- consistent hash results over multiple deployments
- exporting CNAME records over protobuf
- tuning the size of the ringbuffers used to keep track of recent
queries and responses
- various DNSCrypt-related fixes and improvements, including automatic
key rotation
Full changelog:
https://dnsdist.org/changelog.html
Upstream changes:
21 Aug 2017: Wouter
- Fix install of trust anchor when two anchors are present, makes both
valid. Checks hash of DS but not signature of new key. This fixes
installs between sep11 and oct11 2017.
- Tag 1.6.5
Version 1.0.15
- Updating stun to version 1.0.14.
- Updating fast_tls to version 1.0.15.
Version 1.0.14
- Updating fast_tls to version 1.0.14.
- Updating stun to version 1.0.13.
From upstream https://github.com/NagiosEnterprises/nagioscore/pull/417
Once nagios is done with a file in the checkresults directory,
it deletes it. This was done with a relative file path, causing
failures if nagios working directory is not the checkresults
directory. As a consequence, old result file remained intact,
causing system slowdowns as the directory grew and nagios spent
more and more time attempting to clean it up.
The fix is just to use an absolute path, so that it works
regardeless of current directory setting.
This project uses CMake to configure the software. Force the GNU
info files to be installed into ${CMAKE_INSTALL_INFODIR}, which is
defined by the GNUInstallDirs CMake module included by the
top-level CMakeLists.txt file. The corrct environment variables
are passed so that ${CMAKE_INSTALL_INFODIR} points into
${PKGINFODIR}.
Remove the subst.mk section that tried to force GNU info files to
be always installed under "info".
Complete the support for installing manpages into ${PKGMANDIR}
that was previously started -- also copy the manpage into the
correct directory under ${PKGMANDIR}.
This project uses CMake to configure the software. Force the
manpages to be installed into ${CMAKE_INSTALL_MANDIR}, which is
defined by the included GNUInstallDirs CMake module. The correct
environment variables are passed so that ${CMAKE_INSTALL_MANDIR}
points into ${PKGMANDIR}.
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-13
WBMXL dissector infinite loop ([2]Bug 13477, [3]Bug 13796)
[4]CVE-2017-7702, cve-idlink:CVE-2017-11410[] Note: This is an
update for a fix in Wireshark 2.2.6 and 2.0.12.
* [5]wnpa-sec-2017-28
openSAFETY dissector memory exhaustion ([6]Bug 13649, [7]Bug 13755)
[8]CVE-2017-9350, [9]CVE-2017-11411 Note: This is an update for a
fix in Wireshark 2.2.7.
* [10]wnpa-sec-2017-34
AMQP dissector crash. ([11]Bug 13780) [12]CVE-2017-11408
* [13]wnpa-sec-2017-35
MQ dissector crash. ([14]Bug 13792) [15]CVE-2017-11407
* [16]wnpa-sec-2017-36
DOCSIS infinite loop. ([17]Bug 13797) [18]CVE-2017-11406
The following bugs have been fixed:
* Y.1711 dissector reverses defect type order. ([19]Bug 8292)
* Packet list keeps scrolling back to selected packet while names are
being resolved. ([20]Bug 12074)
* [REGRESSION] Export Objects do not show files from a SMB2 capture.
([21]Bug 13214)
* LTE RRC: lte-rrc.q_RxLevMin filter fails on negative values.
([22]Bug 13481)
* Hexpane showing in proportional font again. ([23]Bug 13638)
* Regression in SCCP fragments handling. ([24]Bug 13651)
* TCAP SRT incorrectly matches TC_BEGINs and TC_ENDs. ([25]Bug 13739)
* Dissector for WSMP (IEEE 1609.3) not current. ([26]Bug 13766)
* RANAP: possible issue in the heuristic code. ([27]Bug 13770)
* [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type
int in packet-btrfcomm.c:314:37. ([28]Bug 13783)
* RANAP: false positives on heuristic algorithm. ([29]Bug 13791)
* Automatic name resolution not saved to PCAP-NG NRB. ([30]Bug 13798)
* DAAP dissector dissect_daap_one_tag recursion stack exhausted.
([31]Bug 13799)
* Malformed DCERPC PNIO packet decode, exception handler invalid
poionter reference. ([32]Bug 13811)
* It seems SPVID was decoded from wrong field. ([33]Bug 13821)
* README.dissectors: Add notes about predefined string structures not
available to plugin authors. ([34]Bug 13828)
* Statistics->Packet Lengths doesn't display details for 5120 or
greater. ([35]Bug 13844)
* cmake/modules/FindZLIB.cmake doesn't find inflatePrime. ([36]Bug
13850)
* BGP: incorrect decoding COMMUNITIES whose length is larger than
255. ([37]Bug 13872)
Updated Protocol Support
AMQP, BGP, BSSMAP, BT RFCOMM, DAAP, DOCSIS, E.212, FDDI, GSM A GM, GSM
BSSMAP, IEEE 802.11, IP, ISIS LSP, LTE RRC, MQ, OpenSafety, OSPF,
PROFINET IO, RANAP, SCCP, SGSAP, SMB2, TCAP, TCP, UMTS FP, UMTS RLC,
WBXML, WSMP, and Y.1711
Changes in version 0.3.0.10 - 2017-08-02
Tor 0.3.0.10 backports a collection of small-to-medium bugfixes
from the current Tor alpha series. OpenBSD users and TPROXY users
should upgrade; others are probably okay sticking with 0.3.0.9.
o Major features (build system, continuous integration, backport from 0.3.1.5-alpha):
- Tor's repository now includes a Travis Continuous Integration (CI)
configuration file (.travis.yml). This is meant to help new
developers and contributors who fork Tor to a Github repository be
better able to test their changes, and understand what we expect
to pass. To use this new build feature, you must fork Tor to your
Github account, then go into the "Integrations" menu in the
repository settings for your fork and enable Travis, then push
your changes. Closes ticket 22636.
o Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha):
- Fix a typo that had prevented TPROXY-based transparent proxying
from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
Patch from "d4fq0fQAgoJ".
o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
- Avoid an assertion failure bug affecting our implementation of
inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
handling of "0xfoo" differs from what we had expected. Fixes bug
22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
o Minor features (backport from 0.3.1.5-alpha):
- Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2
Country database.
o Minor bugfixes (bandwidth accounting, backport from 0.3.1.2-alpha):
- Roll over monthly accounting at the configured hour and minute,
rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1.
Found by Andrey Karpov with PVS-Studio.
o Minor bugfixes (compilation warnings, backport from 0.3.1.5-alpha):
- Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
bugfix on 0.2.8.1-alpha.
- Fix warnings when building with libscrypt and openssl scrypt
support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
- When building with certain versions of the mingw C header files,
avoid float-conversion warnings when calling the C functions
isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix
on 0.2.8.1-alpha.
o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
- Backport a fix for an "unused variable" warning that appeared
in some versions of mingw. Fixes bug 22838; bugfix on
0.2.8.1-alpha.
o Minor bugfixes (coverity build support, backport from 0.3.1.5-alpha):
- Avoid Coverity build warnings related to our BUG() macro. By
default, Coverity treats BUG() as the Linux kernel does: an
instant abort(). We need to override that so our BUG() macro
doesn't prevent Coverity from analyzing functions that use it.
Fixes bug 23030; bugfix on 0.2.9.1-alpha.
o Minor bugfixes (directory authority, backport from 0.3.1.1-alpha):
- When rejecting a router descriptor for running an obsolete version
of Tor without ntor support, warn about the obsolete tor version,
not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha.
o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.5-alpha):
- Avoid a sandbox failure when trying to re-bind to a socket and
mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
o Minor bugfixes (unit tests, backport from 0.3.1.5-alpha)
- Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
Fixes bug 22803; bugfix on 0.3.0.1-alpha.
