Upstream changes:
2.021 2014-02-20
- Fixed numerous bugs in the string parsing code, including the
one reported in [RT #63918] by Frank Doepper.
- [RT #41049] Rewrote literal string parsing to prevent a stack
overflow due to an inefficient regex (reported by Sergei
Fetisov).
- [RT #91822] Fix compression of GIF images to ensure that output
codes don't exceed 12 bits (reported by Vadim Repin).
- The RunLengthDecode filter didn't actually work. Its code has
been rewritten and now passes basic encoding and decoding tests.
- Fix Code128 barcode switching from Code C to Code B in certain
cases (reported by Doru Petrescu).
Upstream changes:
0.043 2014-02-20 20:40:23-05:00 America/New_York
[FIXED]
- Does not send absolute request URI when tunneling SSL via proxy
- Fixes regression in setting host name to verify SSL
- Protects tests from https_proxy and all_proxy when doing mock testing
0.042 2014-02-18 11:23:17EST-0500 America/New_York
[ADDED]
- If IO::Socket::IP 0.25+ is installed, HTTP::Tiny will use it for
transparent IPv4 or IPv6 support.
0.041 2014-02-17 13:07:54-05:00 America/New_York
[no code change, only an amended Changes file]
[INCOMPATIBLE CHANGES (from 0.039)]
- The 'proxy' attribute no longer takes precedence over the
'http_proxy' environment variable. With the addition of http_proxy
and https_proxy attributes (and corresponding environment variable
defaults), the legacy 'proxy' attribute now maps to the
all_proxy/ALL_PROXY environment variable and only takes effect when
other proxy attributes are not defined.
[ADDED (since 0.039)]
- Added 'keep_alive' attribute for single-server persistent connections
(Clinton Gormley)
- Added support for Basic authorization with proxies
- Added support for https proxies via CONNECT
[FIXED (since 0.039)]
- Requests are made with one less write for lower latency (Martin
Evans)
0.040 2014-02-17 13:02:47-05:00 America/New_York
[INCOMPATIBLE CHANGES]
- The 'proxy' attribute no longer takes precedence over the
'http_proxy' environment variable. With the addition of http_proxy
and https_proxy attributes (and corresponding environment variable
defaults), the legacy 'proxy' attribute now maps to the
all_proxy/ALL_PROXY environment variable and only takes effect when
other proxy attributes are not defined.
[ADDED]
- Added support for Basic authorization with proxies
- Added support for https proxies via CONNECT
Upstream changes:
3.07 Fri Feb 21 2014
- fix for is_core tests and perls ending in 0
3.06 Thu Feb 20 2014
- updated for 5.19.9
- fix Module::CoreList::is_core default perl version
- fix Module::CoreList::is_core version comparision
3.05
- Prepared for v5.19.9
Upstream changes:
1.11 February 21, 2014
! #93080 bug when SOAP::Lite is trying to parse WSDL definition by https with custom settings
1.10 January 23, 2014
! Fixed uninitialized warning when Context-Length is not set [github/dbeusee]
! avoid string eval in as_base64 [github/otrosien]
! #88915 warnings issued with using importing with +trace
1.09 January 14, 2013
! #92025 tighten multipart content-type matching [dmn@debian.org]
Itcl 4.0.0 is bundled.
XXX: but not works well yet.
2.0p1 04/16/2004
Compilation of the file libdesk/tixImgXpm.c fails when using a Tk version lower than 8.3.
2.0p2 04/20/2004
Some Linux distributions are using newer "unofficial" versions of Incr Tcl
(Itcl). Though TkDesk 2.0 works with the official Itcl 3.2.1 release, these
newer Itcl installations disable backwards compatibility for some older Itcl
syntax that TkDesk still requires. The typical symptom of this problem is this
error message when TkDesk is started:
Error in startup script: can't rename "itcl_class": command doesn't exist...
(PKGREVISION++ not necessary, failing to build after recent revbump)
-.include "../../lang/tcl-itcl/buildlink3.mk"
+#include "../../lang/tcl-itcl/buildlink3.mk"
.include "../../lang/tcl/buildlink3.mk"
Removed patch-libxc_xc_dom_h: commited as cb08944a
This fixes the following critical vulnerabilities:
- CVE-2013-2212 / XSA-60 Excessive time to disable caching with HVM guests with
PCI passthrough
- CVE-2013-1442 / XSA-62 Information leak on AVX and/or LWP capable CPUs
- CVE-2013-4355 / XSA-63 Information leaks through I/O instruction emulation
- CVE-2013-4361 / XSA-66 Information leak through fbld instruction emulation
- CVE-2013-4368 / XSA-67 Information leak through outs instruction emulation
- CVE-2013-4369 / XSA-68 possible null dereference when parsing vif ratelimiting
info
- CVE-2013-4370 / XSA-69 misplaced free in ocaml xc_vcpu_getaffinity stub
- CVE-2013-4371 / XSA-70 use-after-free in libxl_list_cpupool under memory press
ure
- CVE-2013-4375 / XSA-71 qemu disk backend (qdisk) resource leak
- CVE-2013-4416 / XSA-72 ocaml xenstored mishandles oversized message replies
- CVE-2013-4494 / XSA-73 Lock order reversal between page allocation and grant t
able locks
- CVE-2013-4553 / XSA-74 Lock order reversal between page_alloc_lock and mm_rwlo
ck
- CVE-2013-4551 / XSA-75 Host crash due to guest VMX instruction execution
- CVE-2013-4554 / XSA-76 Hypercalls exposed to privilege rings 1 and 2 of HVM gu
ests
- CVE-2013-6375 / XSA-78 Insufficient TLB flushing in VT-d (iommu) code
- CVE-2013-6400 / XSA-80 IOMMU TLB flushing may be inadvertently suppressed
- CVE-2013-6885 / XSA-82 Guest triggerable AMD CPU erratum may cause host hang
- CVE-2014-1642 / XSA-83 Out-of-memory condition yielding memory corruption duri
ng IRQ setup
- CVE-2014-1891 / XSA-84 integer overflow in several XSM/Flask hypercalls
- CVE-2014-1895 / XSA-85 Off-by-one error in FLASK_AVC_CACHESTAT hypercall
- CVE-2014-1896 / XSA-86 libvchan failure handling malicious ring indexes
- CVE-2014-1666 / XSA-87 PHYSDEVOP_{prepare,release}_msix exposed to unprivilege
d guests
- CVE-2014-1950 / XSA-88 use-after-free in xc_cpupool_getinfo() under memory pre
ssure
Apart from those there are many further bug fixes and improvements.
This fixes the following critical vulnerabilities:
- CVE-2013-2212 / XSA-60 Excessive time to disable caching with HVM guests with PCI passthrough
- CVE-2013-1442 / XSA-62 Information leak on AVX and/or LWP capable CPUs
- CVE-2013-4355 / XSA-63 Information leaks through I/O instruction emulation
- CVE-2013-4361 / XSA-66 Information leak through fbld instruction emulation
- CVE-2013-4368 / XSA-67 Information leak through outs instruction emulation
- CVE-2013-4369 / XSA-68 possible null dereference when parsing vif ratelimiting info
- CVE-2013-4370 / XSA-69 misplaced free in ocaml xc_vcpu_getaffinity stub
- CVE-2013-4371 / XSA-70 use-after-free in libxl_list_cpupool under memory pressure
- CVE-2013-4375 / XSA-71 qemu disk backend (qdisk) resource leak
- CVE-2013-4416 / XSA-72 ocaml xenstored mishandles oversized message replies
- CVE-2013-4494 / XSA-73 Lock order reversal between page allocation and grant table locks
- CVE-2013-4553 / XSA-74 Lock order reversal between page_alloc_lock and mm_rwlock
- CVE-2013-4551 / XSA-75 Host crash due to guest VMX instruction execution
- CVE-2013-4554 / XSA-76 Hypercalls exposed to privilege rings 1 and 2 of HVM guests
- CVE-2013-6375 / XSA-78 Insufficient TLB flushing in VT-d (iommu) code
- CVE-2013-6400 / XSA-80 IOMMU TLB flushing may be inadvertently suppressed
- CVE-2013-6885 / XSA-82 Guest triggerable AMD CPU erratum may cause host hang
- CVE-2014-1642 / XSA-83 Out-of-memory condition yielding memory corruption during IRQ setup
- CVE-2014-1891 / XSA-84 integer overflow in several XSM/Flask hypercalls
- CVE-2014-1895 / XSA-85 Off-by-one error in FLASK_AVC_CACHESTAT hypercall
- CVE-2014-1896 / XSA-86 libvchan failure handling malicious ring indexes
- CVE-2014-1666 / XSA-87 PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests
- CVE-2014-1950 / XSA-88 use-after-free in xc_cpupool_getinfo() under memory pressure
Apart from those there are many further bug fixes and improvements.
Remove unused options bos-new-config, fast-restart, & largefile.
Remove patches fixed upstream.
OpenAFS 1.6.6
All platforms
* As of this release, OpenAFS no longer ships uncompressed source tarballs.
Tarballs are still shipped with both compression formats, gzip and bzip2.
(10131)
* Documentation improvements (10136 10314 10601)
* Improved diagnostics and error messages (9412 10085 10274)
* Avoid redefining "assert" in our public header files, which could
cause failures when building some applications using them. (10096)
* Fixes for parallel builds (10005 10309 10337)
* Added a -s switch to afscp (not installed by default) to help simulate
a slow client. (9416 9417)
* Added a -probe switch to vlclient test program (not installed by default)
to ping all vlservers in a cell in parallel. (9570)
All server platforms
* The fileserver now ignores any vice partitions with a NeverAttach flag
file present in the root directory. (RT #130561) (9470 9471)
* Restrict forcing CPS ("Current Protection Subdomain") recalculation in
the fileserver to administrators. Also fixed a bug that could cause this
operation to be incomplete. (9485 9487)
* Allow non-DAFS fileservers to attach unusable volumes, restoring pre-1.6
behaviour. (RT #131505) (9499)
* Restored the pre-1.6 behaviour when running vos examine for a volume
currently in a transaction, showing the volume as busy again rather than
offline. (9685 9915 9916)
* Reduced the minimum time a bos salvage takes from 5 seconds to 1. (9476)
* Fixed buserver to not segfault when started with the -servers option.
(RT #131706) (10166)
* Salvager fixes, addressing a wide variety of possible problems from
unnecessary salvaging to aborts (9282 9283 9457 9458 9459 9461 9462 9480
9481 10165 10167)
* Fixed a bug that could cause saved state information to be discarded
when restarting a large or busy fileserver, which negatively impacted
performance. (9683)
* Fixed a bug that could have caused undefined behaviour in the vlserver
in rare cases when a fileserver registered its addresses in the VLDB.
(9429)
* Added the -preserve-vol-stats switch to volserver, allowing it to keep
the access statistics across volume restore and reclone operations
instead of resetting them. (9477)
* Inserted an exponential delay between retries when bosserver attempts to
restart a server process. (9571 10199)
* Improved vldb_check (not installed by default) to cope with broken
vlentry names and volids, and provide more output to aid debugging.
(10268)
* Releasing a volume after adding a new RO site no longer touches any of
the existing RO sites, if the RW data hasn't changed since the last
release. (10174)
* Make the copyDate field for RO clones have the same meaning as for
remote RO volumes. Previously, the copyDate field for clones was updated
every time we released. (9451)
* Fixed potentially undefined behaviour in ptserver when too many pts
ids are allocated. (10124)
* Note that the server side NAT pings feature present in the prereleases
was removed before the final release, since no positive feedback
was provided during prerelease testing. (9420 10135)
Linux servers
* Start bosserver with -nofork in the systemd unit file, to allow systemd
to track its state (10093)
All client platforms
* No longer track file locks on read-only volumes. Write locks can't
succeed, read locks always will. Avoids log messages about this kind
of lock. (8910)
* Added the "fs flushall" subcommand, which makes the client discard all
cached data. This was previously available on Windows only. (9065 9388
9389 9390)
* Fixed a bug that could make the client incorrectly believe its cache
is up to date. This change could negatively impact AFS <-> DFS
translators, should those still be running anywhere. (8898)
* Several changes to avoid panicing in certain error conditions.
(9131 9287 10354 10355 10356 10357) (partially addressing RT #131747)
* Added the -rxmaxfrags switch to afsd, allowing to limit the number
of UDP fragments sent or received per RX packet. (9430)
* Build fixes for aklog on several platforms (RT #131716) (9917 10107 10275)
* Require that the AFS mountpoint specified in the cacheinfo file is
an absolute path. Relative paths result in a client that basically
works but is not fully functional. (10253)
* Fixed a bug that could cause one of the afsd threads to enter an infinite
loop (10431 .. 10436)
Linux clients
* Support Linux kernels up to 3.13 (10241)
* Fixed a bug that made readv/writev calls in AFS space fail with Linux
kernels where generic_file_aio_read exists but those operations have
not been switched to using aio_read/aio_write. This was a regression
introduced with release 1.6.3 and affected at least RHEL 5.9 kernels.
(10248)
* Fixed a similar bug making core dumps fail in AFS space, affecting
a much wider range of kernels including the most recent ones.
(RT #131729) (10254)
* Enhanced the keyring code to make PAGs work correctly on kernels with a
distribution specific change to the Linux keyring code. This affected at
least SLES 11 SP3 kernels. (10252)
* Fixed a bug that could make failures during PAG instantiation go
unnoticed. (10255)
* Fixed a bug that made compilation fail for Linux kernels without
keyring support. This affected at least the SLE 10 SDK and an
OEM version of SLES 11 SP1. (10325)
* Fixed build for kernels with user namespace support enabled. Likely
to be required for Ubuntu 14.04 and eventually other distributions.
(10456 10457 10458 10518 10472)
* Support RHEL 6.5 kernels, and possibly others with changes backported
from recent mainline kernels that touch getname/putname, by no longer
using those functions. Previously, the client could cause a kernel
panic when syscall auditing was enabled. (10578)
* Make tmpfs usable as the cache filesystem again. This had been broken
since kernel 3.1 (9950 10193)
* When starting the client fails, clean up the backing device information
created in sysfs, to avoid error messages during a subsequent start
and possible system instability later on (10454)
* Update Red Hat packaging to support Fedora >= 20, RHEL >= 7 and
ELrepo kernels (10597 10619 10622 10703 10704)
OS X Clients
* Support OS X 10.9 "Mavericks" (10519 10541 10542 10543 10548 10549)
AIX clients
* Fixed a bug that caused the 1.6 AIX client to never receive any RX
packets in the kernel. (RT #131725)
FUSE client
* Support Solaris 11 (9454 9455)
* Allow other users to access filesystems mounted by root. (9452)
FreeBSD
* Build tvolser and dvolser on this platform (10122)
* Several fixes to catch up with newer releases (10374 .. 10381)
NetBSD
* Build tsalvaged, tvolser and dvolser on this platform (10121)
* Fixed build on NetBSD 5 and newer. (10138)
don't redefine 'pkg_info' if it already exists.
This is notably for pkg_rolling_replace -u in case pkg_install
was revbump'd and openssl happens to be in PKG_DEFAULT_OPTIONS.
