Upstream changes:
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn.
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks. HStenn.
* [Sec 2978] Interleave can be partially triggered. HStenn.
* [Sec 3007] Validate crypto-NAKs. Danny Mayer.
* [Sec 3008] Always check the return value of ctl_getitem().
- initial work by HStenn
- Additional cleanup of ctl_getitem by perlinger@ntp.org
* [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
- added more stringent checks on packet content
* [Sec 3010] remote configuration trustedkey/requestkey values
are not properly validated. perlinger@ntp.org
- sidekick: Ignore keys that have an unsupported MAC algorithm
but are otherwise well-formed
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
- graciously accept the same IP multiple times. perlinger@ntp.org
* [Sec 3020] Refclock impersonation. HStenn.
* [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
- fixed yet another race condition in the threaded resolver code.
* [Bug 2858] bool support. Use stdbool.h when available. HStenn.
* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
- integrated patches by Loganaden Velvidron <logan@ntp.org>
with some modifications & unit tests
* [Bug 2952] Symmetric active/passive mode is broken. HStenn.
* [Bug 2960] async name resolution fixes for chroot() environments.
Reinhard Max.
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
* [Bug 2995] Fixes to compile on Windows
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
- Patch provided by Ch. Weisgerber
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
- A change related to [Bug 2853] forbids trailing white space in
remote config commands. perlinger@ntp.org
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
- report and patch from Aleksandr Kostikov.
- Overhaul of Windows IO completion port handling. perlinger@ntp.org
* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
- fixed memory leak in access list (auth[read]keys.c)
- refactored handling of key access lists (auth[read]keys.c)
- reduced number of error branches (authreadkeys.c)
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
when the time of server changed. perlinger@ntp.org
- Check the initial delay calculation and reject/unpeer the broadcast
server if the delay exceeds 50ms. Retry again after the next
broadcast packet.
* [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
* Update html/xleave.html documentation. Harlan Stenn.
* Update ntp.conf documentation. Harlan Stenn.
* Fix some Credit: attributions in the NEWS file. Harlan Stenn.
* Fix typo in html/monopt.html. Harlan Stenn.
* Add README.pullrequests. Harlan Stenn.
* Cleanup to include/ntp.h. Harlan Stenn.
---
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
- applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger@ntp.org
- Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
- added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
- integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose. Harlan Stenn.
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.
This release will become the new LTS later in 2016.
The following significant changes have been made since the
previous Node.js v5.0.0 release.
Buffer
- New Buffer constructors have been added #4682 and #5833.
- Existing Buffer() and SlowBuffer() constructors have been
deprecated in docs #4682 and #5833.
- Previously deprecated Buffer APIs are removed #5048, #4594.
- Improved error handling #4514.
- The Buffer.prototype.lastIndexOf() method has been added #4846.
Cluster
- Worker emitted as first argument in 'message' event #5361.
- The worker.exitedAfterDisconnect property replaces
worker.suicide #3743.
Console
- Calling console.timeEnd() with an unknown label now emits a
process warning rather than throwing #5901.
Crypto
- Improved error handling #3100, #5611.
- Simplified Certificate class bindings #5382.
- Improved control over FIPS mode #5181.
- pbkdf2 digest overloading is deprecated #4047.
Dependencies
- Reintroduce shared c-ares build support #5775.
- V8 updated to 5.0.71.35 #6372.
DNS
- Add dns.resolvePtr() API to query plain DNS PTR records #4921.
Domains
- Clear stack when no error handler #4659.
Events
- The EventEmitter.prototype._events object no longer inherits
from Object.prototype #6092.
- The EventEmitter.prototype.prependListener() and
EventEmitter.prototype.prependOnceListener() methods have been
added #6032.
File System
- The fs.realpath() and fs.realpathSync() methods have been
updated to use a more efficient libuv-based implementation. This
change includes the removal of the cache argument and the method
can throw new errors #3594.
- FS apis can now accept and return paths as Buffers #5616.
- Error handling and type checking improvements #5616, #5590,
#4518, #3917.
- fs.read's string interface is deprecated #4525.
HTTP
- 'clientError' can now be used to return custom errors from an
HTTP server #4557.
pkgsrc changes:
o Update MASTER_SITES (archive/ subdirectory contains all the distfiles,
latest stable version and also older ones)
o Bump BUILDLINK_A[BP]I_DEPENDS.mupdf to 1.9a due to several API and ABI
changes
Changes:
MuPDF 1.9a (2016-04-26)
-----------------------
Version 1.9a is a bug fix release. If you run into issues with selecting or
searching for text with ligatures, you should upgrade from 1.9.
MuPDF 1.9 (2016-04-18)
-----------------------
The 1.9 release is here!
Headline changes:
* New command line tools: create and run.
* New low-level Java interface for desktop and android.
* Bidirectional layout for Arabic and Hebrew scripts.
* Shaping complex scripts for EPUB text layout.
* Noto fallback fonts for EPUB layout.
mutool create:
* Create new PDF files from scratch.
* Read an annotated content stream in a text file and write a PDF file,
automatically embedding font and image resources.
mutool run:
* Run javascript scripts with MuPDF bindings.
* The interface is similar to the new Java interface.
mutool draw:
* Optional multi-threaded operation (Windows and pthreads).
* Optional low memory mode (primarily for testing).
Upstream Release Notes
HPLIP 3.16.3 - This release has the following changes:
Added Support for the Following New Printers:
- HP PageWide Pro 577dw Multifunction Printer
- HP PageWide Pro 577z Multifunction Printer
- HP PageWide Pro 552dw Printer
- HP PageWide Pro 452dw Printer
- HP PageWide Pro 452dn Printer
- HP PageWide Pro 477dw Multifunction Printer
- HP PageWide Pro 477dn Multifunction Printer
- HP DeskJet GT 5810 All-in-One Printer
- HP DeskJet GT 5820 All-in-One Printer
Added support for the following new Distro's:
- Ubuntu 16.04 (beta)
Issues fixed:
- Traceback error occurs when ESC button is hit upon the promt for
root/superuser credentials while installing hp-plugin.
Announcements:
- Discontinued the RPM packaging for RHEL-5.X
This release adds ALTSVC frame support in libnghttp2. nghttp gets new option to exercise expect/continue dance with server. nghttpx gets several new features, robust load balancing, and bug fixes.
Buffer:
- Buffer.prototype.compare can now compare sub-ranges of two
Buffers.
deps:
- update to http-parser 2.7.0
- update ESLint to 2.7.0
net:
- adds support for passing DNS lookup hints to createConnection()
node:
- Make the builtin libraries available for the --eval and --print
CLI options
npm:
- upgrade npm to 3.8.6
repl:
- Pressing enter in the repl will repeat the last command by default
if no input has been received. This behaviour was in node
previously and was not removed intentionally.
src:
- add SIGINFO to supported signals
streams:
- Fix a regression that caused by net streams requesting multiple
chunks synchronously when combined with cork/uncork
zlib:
- The flushing flag is now configurable allowing for decompression
of partial data
* Install index.theme to same directory it always was in
* Install into oxygen/base/ so icons move from apps don't clash with
version installed by those apps
* Replicate symlinks from breeze-icons
* Add new emblem-added and emblem-remove icons for sync with breeze
Changes
* CMake requirement aligned with libphonon (2.6.2 => 2.8.9)
Bug Fixes
* Fixed finding GStreamer 1.0
* Only build X11 renderer if X11 is found (enables building on OSX
and Windows)
Changes
* VLC 2.0 support was removed, VLC 2.1 is at least required to use the
backend
* CMake requirement aligned with libphonon (2.6.2 => 2.8.9)
* Muting is now implemented asynchronously
Bug Fixes
* Restore build support with Qt <= 5.2 in the Qt 5 build.
* Fixed building videowidget for OSX.
* Fixed schemeless URLs
VLC 2.2 API Pickup
* New device listing API used for listing devices without PulseAudio
enabled
* New internal signals for muting, corking, and volume changes (these
directly relate to new AudioOutputInterface49 API in libphonon providing
these new libvlc features with appropriate frontend control in libphonon)
* This partially improves PulseAudio integration as at least volume and
mute control is now working correctly again via libvlc natively.
PulseAudio Limitations
* PulseAudio support is still not fully backed via libvlc and cannot be
correctly intercepted by libphonon. As a result the following features
continue to not work correctly:
* runtime-device-rerouting: changing the device order in the Phonon
configuration at runtime cannot force libvlc to use the correct
device, if a device was manually set before it will not automatically
migrate to a new device
* runtime-device-selection: selecting a device at runtime is not possible
(see above), as a result applications wanting to do this will get no
result and a warning will be shown. This also means that the
configuration module's Test button does not actually play a sound for
anything but the primary device.
* stream-category: setting a stream category (pulesaudio role) is not
possible, all streams are always category Video
Changes
* Builsystem helpers are now installed to CMAKE_INSTALL_DATAROOTDIR
* CMake 2.8.9 is required to use GNUInstallDirs and for the Qt5 code
branches
* automoc4 support was removed. Building always use the cmake built-in
solution now.
* Qt5 and Qt4 builds use different CMake configurations now
* Qt4 is as it always has been
* Qt5 moved away from crudely ported Qt4 configurations to using
extra-cmake-modules' KDE compiler and cmake flags.
* Installation paths and so forth are still jointly configured as to
retain backwards compatibility (i.e. Qt5 build does not follow ECM's
KDEInstallationPaths)
Bug Fixes
* VolumeSlider has seen async behavior improvements making the slider
not hop around when changing the volume rapidly and the backend is
lagging a bit behind. The volume change now occurs upon slider release
rather than instantly.
* Fixed a duble encoding issue with local paths that contain percent
encoded characters being double-encoded
New API
* New AudioOutputInterface49 for backends to implement. This interface
implements long-existing frontend interfaces for muting, giving the
backend easier access and control.
* setMuted(bool) mutes an AudioOuput (without the 4.9 interface this
is done via setVolume(0.0) on the backend)
* mutedChanged(bool) signal emitted by the backend to asyncronuously
notify of the mute application
* The interface is only used if PulseSupport is not intercepting calls
* New methods to differntiate states of PulseSupport
* request(bool) is used by backends to request PulseAudio usage but no
interception, this essentially enables device listing but lets
everything else fall through to the backend (the existing isActive()
method will not return true after request(true), which makes it
different from enable(true))
* isRequested() is a getter for request()'s state
* isUsable() is part of the previouys isActive() behavior, it is true
iff pulseaudio can be used (daemon running, connected etc)
* isUsed() is a combination of isRequested() and isUsable() (i.e. active
but not intercepting)
* The existing isActive() communicates the same state as before (active
and intercepting) but now also takes requested into consideration
* Enabling always implies requsting automatically, so request(false)
and enable(true) will ultimately still restul in isRequested==true
- Add a way to get the frequency for a mode as a floating number
- Reduce log spam in thumbnailing
- Capitalize language and territory names
- Add default keyboard layout for Mexico and Guatemala
- Avoid a crash when thumbnailing
- Be more careful when parsing locales
- Fix a compiler warning in gnome-rr
- Fix turning off tiled monitors
- Fix thumbnailing of animations
- Support g_autoptr() for all libgnome-desktop object types
- Remove unused EDID parsing code
- Support underscanning
- Export dpms information
- Add support for tiled monitors
- Fix build of installed-tests
- Add support for overscan compensation in displays (#748560)
- Translation updates
16.03
=====
Protocols
- mod_mix: Experimental support for MIX (XEP-0369)
- mod_http_upload: Add support for XEP-0363 v0.2
Core
- Use SASL PLAIN authzid as client identity if auth module permits
it
- Make auto generated resources shorter
- Start ezlib only if required, as it's optional
- Make it possible to get virtual host of a registered route
LDAP improvements
- Fix issue getting shared roster
- Do not call to deprected/undefined functions from
mod_shared_roster_ldap
- Proper naming for LDAP test function for shared roster
SQL databases support
- New parse transform for SQL queries, use prepare/execute calls
with Postgres
- Support for run-time SQL queries selection depending on DBMS
version
- In SQL files create Users table with SCRAM support by default
- Do not auto append IP suffix to usernames
- Fix some LIMIT related problems with MSSQL
- Update Microsoft SQL Server schema
Riak
- Add support for Riak authentication
- Fix is_connected/0 function
- Keep alive Riak connections by default
API and Commands
- Add support for ReST admin commands that are only restricted by
source IP. This is key for easy integration with other backend
using ReST API.
- Fix add_commands and remove_commands options
- Pass noauth when auth isn't provided
- Improve ban_account command to work with other DBs than Mnesia
- Escape quoting node name for ejabberdctl ping
- Bare JID in 'from' of Roster Push (RFC 6121 section 2.1.6) in
mod_admin_extra
- Fix result type of "connected_users_info" command
- New command delete_mnesia deletes all tables that can be
exported. This is useful after you have migrated to another
backend, like SQL.
PubSub
- Unregister route at the very end
- Define PubSub node configuration per route/host explicitly
- Fix config fetch and pubsub disco after host/serverhost cleanup
Admin and build chain
- Update OTP release to use R17.5 and drop release 17.1
- Compile ejabberd_config early to stop undefined behaviour
warnings
- Fix start via systemd
- Fixed type specifications for 'rebar doc'
- Specify lacking nodename in ejabberdctl
Dependencies
- Update p1_pgsql to 1.1.0: This add support for prepared
statements.
- Uptate fast_yaml to 1.0.3: This improves the error reporting on
syntax errors in Yaml configuration file.
- Use the v0.2 release of luerl instead of a commit.
Test framework
- Add Coveralls support
- Add ability to run the ejabberd test suite in a modular way. You
can now run the test suite, even if you only have a a single
backend locally.
Other
- mod_mam: Don't store watchdog notifications in MAM archives
- mod_multicast: Fix Addresses element which lacked others local
destinations
- mod_offline: Mark get_queue_length obsolete, and use
count_offline_messages
- Update Gallician translation
16.02
=====
New XMPP Extensions support
- New Flexible Offline Message Retrieval (XEP-0013) support
Admin
- New migration script from Prosody to ejabberd
- Fix --disable-debug compilation flag
- don't escape ERL_OPTIONS
- Two new global timeouts configurable: c2s_hibernate,
receiver_hibernate
- Make it possible to define sm_db_type per virtual host
- configuration checker: Describe option type in code for
domain_balancing option
- Log failed SQL requests
- Include mod_muc.hrl and fix records
- mod_http_upload: Expand docroot before using it, also expand
@HOST@
Commands
- New import_prosody command
- Start documenting arguments in mod_admin_extra commands
- We added a way to get all ejabberd_commands, not only those that
was registered
- Allow to pass \n in argument to ejabberdctl
- Add error handling to send_stanza command
- Fix format_result so get_room_options command works again after
commit reference aa5caa3
Dependencies
- lager is the default (and only) logging module and we removed
p1_logger
- Handle spaces in vsn attribute of app file when installing deps
- Renamed dependencies and modules for consistency but also to
reflect huge performance gains:
. p1_iconv -> iconv
. p1_stringprep -> stringprep
. p1_stun -> stun
. p1_tls -> fast_tls
. p1_yaml -> fast_yaml
. p1_zlib -> ezlib
Message Archive Management
- Advertise MUC MAM v0.4.1 in room JID's disco#info
- Add "delete_old_mam_messages" admin command
- Add 'from' attribute to tag
- Add "request_activates_archiving" option
- Respond to form requests
- Support XEP-0313 v0.2 MUC archive queries
- Check whether MUC message is desired
- Reject -based paging
- Limit result set page size
- Sort messages returned by Mnesia
- Strip existing JID tags from MUC messages
- Expose MUC occupant JID in more cases
- Don't let outcasts access MUC archive
- Send new preferences when they are set
- Stream management (XEP-0198): Let MAM take care of pending
messages
GroupChat
- Send presence with code 170 in initial presence from MUC
- Add most status codes only to initial MUC presence
- mod_muc_room: Don't expose JIDs in anonymous rooms
- mod_muc_room: Let members see admin/owner JIDs
PubSub
- Fix presence-based delivery
- Make caps warning less confusing
- Fix host/serverhost usage
- Add support of pubsub#itemreply=publisher
Other
- Accept stream compression request after SASL
- Make C2S session establishment optional to better conform to
XMPP specifications and still be friendly with older clients.
- MUC: new regexp_room_id option to limit possible room names.
- ODBC: Set utf8mb4 charset on MySQL connection to support emoji
storage as default.
- LDAP: Improve LDAP shared roster support.
- mod_register_web: Allow setting host when deleting account or
changing password.
- Rename timestamp_to_iso functions in jlib.
- Stream management (XEP-0198): Fix session timeout corner case.
- Several improvements in Elixir support.
- Updated many translations.
- Improve web admin stylesheet to fix rendering issues in some
browsers.
Updated databases/p5-DBI to 1.635
Updated www/p5-Mojolicious to 6.59
Updated devel/p5-CPAN-Perl-Releases to 2.66
Updated devel/p5-ExtUtils-MakeMaker to 7.14
Updated devel/p5-Devel-PatchPerl to 1.42
Updated devel/p5-Devel-Cover to 1.23
----------------------------------------
Date : 2016-04-21 17:08:59 +0000
Update hints file for Darwin
Date : 2016-04-21 17:08:52 +0000
- Don't patch the patchlevel if in Git repository
- This should address https://rt.cpan.org/Ticket/Display.html?id=108689
Date : 2016-01-01 01:41:04 +0000
- Merge pull request #25 from book/master
- Add the proper patch for ext/Errno/Errno_pm.PL in Perl 5.7.2
Date : 2015-12-30 08:47:59 +0000
- Add the proper patch for ext/Errno/Errno_pm.PL in Perl 5.7.2
- Fixes GH #24
-------------------------------------------
7.14 Sun Apr 24 13:53:33 BST 2016
No changes since 7.13_01
7.13_01 Sat Apr 23 16:41:20 BST 2016
Bug fixes:
- Make dynamic depend on config again, fixes issues with Inline
Fast TLS is a native TLS / SSL driver for Erlang / Elixir. It is
based on OpenSSL, a proven and efficient TLS implementation. It
is designed for efficiency, speed and compliance.
----------------------------------
6.59 2016-04-22
- Removed deprecated xss_escape function from Mojo::Util.
- Improved HTML Living Standard compliance of Mojo::DOM::HTML.
- Improved Mojo::Server::Daemon to log when a connection has been closed
prematurely.
- Improved Mojo::Server::Prefork to log when the manager process has been
stopped.
- Fixed a few tests to keep up with breaking changes in IO::Socket::SSL.
- Fixed a few timing bugs in tests.
