Pkgsrc changes:
- patch-bb for no longer necessary (integrated upstream).
Changes since version 3.1.2:
============================
- bug 4926: given a certain set of parameters to spamd and a specially
formatted input message, users could cause spamd to execute arbitrary
commands as the spamd user
- bug 4932: the userstate dir and userprefs file would not be created
under certain conditions.
Security:
ripd:
- RIPD unauthenticated route table broadcast:
CVE-2006-2223, OSVDB ID 25224, Secunia SA19910
- RIPD unauthenticated route injection:
CVE-2006-2224, OSVDB ID 25225, Secunia SA19910
[ripd] 0.98 specific command changes, allow no-auth to be set
[ripd] bugs #261, #262: Fix RIPv1 info-leak and unauthenticated route updates
[doc] Add text on 0.98 specific RIP authentication changes
[docs] Update ripd docs on version and authentication, see bugs #261,#262
Thanks to Konstantin V. Gavrilenko for report and testing.
bgpd:
- bgpd Telnet Interface DoS:
OSVDB ID 25245:
http://www.osvdb.org/displayvuln.php?osvdb_id=25245
[quagga-dev 4051]:
http://lists.quagga.net/pipermail/quagga-dev/2006-March/004052.html
[bgpd] Fix infinite loop in community_str2com
[No NEWS entries for 0.98.2 to 0.98.6; many bugfixes]
if PKG_SKIP_REASON or PKG_FAIL_REASON is defined. This commit adds
!target(...) guards around those target definitions to avoid "duplicate
target definition" warnings.
From Changes:
1.27 September 8th 2005
- Fixed Autoloader/open issue (Alexander Vasiljev)
- Fixed compilation error in Perl 5.005 with semicolon
in GeoIP_database_info in IP.xs (Stephen Schulte)
- Added support for open_type (Frank Mather)
1.26 May 19th 2005
- Fixed segfault issue if non-resolvable domain name is
passed to region_by_addr or region_by_name
- Added support for GEOIP_INDEX_CACHE - which just caches
the most frequently accessed index portion of the database, resulting
in faster lookups than GEOIP_STANDARD, but less memory usage than
GEOIP_MEMORY_CACHE
From ChangeLog:
1.3.17 2006-5-14
* Fixed headers for Windows/Netware compliation (Guenter Knauf)
* Fixed Received Error -21 (Sanity check database_info string failed)
when running geoipupdate with GeoIP Country when UserId and
productIds were not specified. Bug was introduced in 1.3.15.
1.3.16 2006-4-17
* Fixed compliation error in GeoIPUpdate.c
1.3.15 2006-4-14
* Updated README documentation
* Updated geoipupdate so that it writes file as it is uncompressed instead
of storing entire GeoIP.dat file in memory (Frank Mather)
* Updated geoiplookup so that it returns GeoIP Domain Name if available
(Frank Mather)
* Updated geoipupdate so that it reports whether databases are updated
in non-verbose mode (Frank Mather)
3.6.7 is a maintenance release
BUGFIX: Using UIDInSignature, wrong UID is written to message when using groups
BUGFIX: PostgreSQL driver does not reconnect on failure in daemon mode
BUGFIX: X-DSPAM-Probability sometimes misreported when multiple algorithms used
BUGFIX: Agent segfaults when DeliveryHost or ClientHost not specified, --client
BUGFIX: Agent segfaults on some systems when syslog is used
BUGFIX: Agent segfaults when dlopen() to storage library fails
BUGFIX: Infinite loop created when deleting preference, not using extensions
BUGFIX: ATX (agent context) does not hold enough bits for 'flags' variable
3.6.6 is a maintenance release
MAINT: Phased out deprecated Berkeley DB drivers
MAINT: Phased out legacy tools (dspam_corpus, dspam_genaliases)
BUGFIX: When using logfile, write errors result in segfault
BUGFIX: Compiler warnings with sqlite_drv and sqlite3_drv
BUGFIX: MySQLUIDInSignature causes segfault on retrain
BUGFIX: trainPristine preference "off" does not override default
documents that the user may wish to employ Geography::Countries in his/her
own code. Remove extraneous DEPENDS.
IP::Country only requires Geo::IP if using the MaxMind database wrapper
IP::Country::MaxMind. The default recommended database in IP::Country doc
(IP::Country::{Medium,Fast}) is builtin to IP::Country and does not require
Geo::IP at all. Remove optional DEPENDS, and add a MESSAGE instead.
Bump PKGREVISION for changes.
empty string (because no translation has yet been made), it's okay to
have mismatching "\n" in the msgid and msgstr texts. This should fix
PR pkg/33645 by Carl Brewer.
The changes since the 2.5 release include:
msfconsole:
* Tab completion improvements
* Remember last used exploit after save
* Improved reload/rexploit/rcheck commands
* Security fixes for handling terminal escapes
msfcli:
* Security fixes for handling terminal escapes
msfweb:
* Security fixes when using defanged mode
meterpreter:
* Addition of the SAM password dump extension
* Improvements to the VNC injection
msfpescan:
* PE fingerprinting via the -S option
* Additional information via the -D option
* Major bug fixes to PE format parser
exploits:
* Major rewrites of many exploit modules
* Reliability improvements across the entire set
* 42 new exploits added since 2.5 was released
* Improved IPS evasion for SMB/DCERPC/HTTP modules
libraries:
* Human-friendly SMB and DCERPC error codes
* Reworking of the entire DCERPC API
* Incremental improvements to the SMB stack
* Integration of commonly-duplicated routines
* Major improvements to PEInfo module
(1) "msgstr" not followed by any string (GNU extension), e.g.
msgid "foo"
msgstr
"bar"
(2) "\n" mismatch between msgid and msgstr, e.g.
msgid "foo\n"
msgstr "bar"
This fixes .po compilation problems in www/epiphany and
multimedia/gnome2-media.
