Experimental version released on July 10th, 2012.
* Added a --enable-tools flag to configure to request the build of the
deprecated ATF tools, whose build is now disabled by default. In order
to continue running tests, you should migrate to Kyua instead of enabling
the build of the deprecated tools. The kyua-atf-compat package provides
transitional compatibility versions of atf-run and atf-report built on
top of Kyua.
* Tweaked the ATF_TEST_CASE macro of atf-c++ so that the compiler can
detect defined but unused test cases.
* PR bin/45859: Fixed some XSLT bugs that resulted in the tc-time and
tp-time XML tags leaking into the generated HTML file. Also improved
the CSS file slightly to correct alignment and color issues with the
timestamps column.
* Optimized atf-c++/macros.hpp so that GNU G++ consumes less memory during
compilation with GNU G++.
* Flipped the default to building shared libraries for atf-c and atf-c++,
and started versioning them. As a side-effect, this removes the
--enable-unstable-shared flag from configure that appears to not work any
more (under NetBSD). Additionally, some distributions require the use of
shared libraries for proper dependency tracking (e.g. Fedora), so it is
better if we do the right versioning upstream.
* Project hosting moved from an adhoc solution (custom web site and
Monotone repository) to Google Code (standard wiki and Git). ATF now
lives in a subcomponent of the Kyua project.
rename "xcpu" back to "cpu" now that the conflicting global variable
has been renamed out of the way. this also fixes some cases
where references to the local variable "cpu" had not been renamed
and thus were accidentally referring to the former global "cpu".
adapt the urtwn(4) driver to use the new files. The firmware files were
extracted from the Linux driver at www.realtek.com, version 0005.1230.2011
and the license permits redistribution without modification.
While I'm here, install the files in /libdata/firmware/if_urtwn, like
most of the other network adapter firmware.
urtwn(4) can now operate without needing external files installed. Tested
on my Edimax adapter.
used to do it for the xdm greeter, looks extremely ugly.
Unfortunately xdm has no means to load and mix alpha channel images,
so provide a png file and precomputed xpms with proper background colour
for the greeter.
If users change their greeter resources and change the background, they will
have to regenerate that xpm file, provide proper instructions for this.
While there, use less clunky fonts (hi Jared!).
XXX the fonts are not exactly perfect, if anyone feels like fine tuning
this further, please be my guest.
- The "change header" milter request could replace the wrong header. A long
header name could match a shorter one, because a length check was done on
the wrong string. Reported by Vladimir Vassiliev.
- Core dump when postlog emitted the "usage" message, caused by an extraneous
null assignment. Reported by Kant (fnord.hammer).
- These releases add support to turn off the TLSv1.1 and TLSv1.2 protocols.
Introduced with OpenSSL version 1.0.1, these protocols are known to cause
inter-operability problems, for example with some hotmail services.
The radical workaround is to temporarily turn off problematic protocols
globally:
/etc/postfix/main.cf:
smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtpd_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
However, it may be better to temporarily turn off problematic protocols for
broken sites only:
/etc/postfix/main.cf:
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
/etc/postfix/tls_policy:
example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
Notes:
Note the use of ":" instead of comma or space. Also, note that there is NO
space around the "=" in "protocols=".
The smtp_tls_policy_maps lookup key must match the "next-hop" destination
that is given to the Postfix SMTP client. If you override the next-hop
destination with transport_maps, relayhost, sender_dependent_relayhost_maps,
or otherwise, you need to specify the same destination for the
smtp_tls_policy_maps lookup key.
- OpenSSL related (all supported Postfix versions).
Some people have reported program crashes when the OpenSSL library was
updated while Postfix was accessing the Postfix TLS session cache. To avoid
this, the Postfix TLS session cache ID now includes the OpenSSL library
version number. This cache ID is not shared via the network.
- The OpenSSL workaround introduced with the previous stable and legacy
releases did not compile with older gcc compilers. These compilers can't
handle #ifdef inside a macro invocation (NOT: definition).
- To avoid repeated warnings from postscreen(8) with "connect to
private/dnsblog service: Connection refused" on FreeBSD, the dnsblog(8)
daemon now uses the single_server program driver instead of the multi_server
driver. This one-line code change has no performance impact for other
systems, and eliminates a high-frequency accept() race on a shared socket
that appears to cause trouble on FreeBSD. The same single_server program
driver has proven itself for many years in smtpd(8). Problem reported by
Sahil Tandon.
- Laptop-friendly support (all supported Postfix versions). A little-known
secret is that Postfix has always had support to avoid unnecessary disk
spin-up for MTIME updates, by doing s/fifo/unix/ in master.cf (this is
currently not supported on Solaris systems). However, two minor fixes are
needed to make this bullet-proof.
- In laptop-friendly mode, the "postqueue -f" and "sendmail -q" commands did
not wait until their requests had reached the pickup and qmgr servers before
closing their UNIX-domain request sockets.
- In laptop-friendly mode, the unused postkick command waited for more than
a minute because the event_drain() function was comparing bitmasks
incorrectly on systems with kqueue(2), epoll(2) or /dev/poll support.
caches, merge together pool_drain_start() and pool_drain_end() into
bool pool_drain(struct pool **ppp);
"bool" value indicates whether reclaiming was fully done (true) or not (false)
"ppp" will contain a pointer to the pool that was drained (optional).
See http://mail-index.netbsd.org/tech-kern/2012/06/04/msg013287.html
1.0.6 (6 Sept 10)
~~~~~~~~~~~~~~~~~
* Security fix for CVE-2010-0405. This was reported by Mikolaj
Izdebski.
* Make the documentation build on Ubuntu 10.04
instead, which is the main thread instead of the currently executing thread
which is not what we want, since we've been running and nother thread might
have just started.
1. thread_self() returns a pointer, not an unsigned integer
2. Add NetBSD to Apple and FreeBSD defines
3. Add _NETBSD_SOURCE where needed
4. Add an extra define BEGIN_PROTECTV for void functions to avoid return
free(); where free is void.
5. Avoid weak symbol hacks to determine if we are threaded or not. We
have a threaded copy of the library, why bother?
6. change __attribute -> __attribute__ since the former is not covered by
our cdefs.h
causes gcc indigestion (internal compiler error) for all m68k ports.
mrg@ says this will do for now, and committing to this generated-
by-mknative file is ok.
Fixes CVE-2012-1147, CVE-2012-1148 and CVE-2012-0876 (other security
issues have been previously fixed in our tree)
relevant Changes:
Release 2.1.0 Sat March 24 2012
- Bug Fixes:
#1742315: Harmful XML_ParserCreateNS suggestion.
#2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
#1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
#1983953, 2517952, 2517962, 2649838:
Build modifications using autoreconf instead of buildconf.sh.
#2815947, #2884086: OBJEXT and EXEEXT support while building.
#1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
#2517938: xmlwf should return non-zero exit status if not well-formed.
#2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
#2855609: Dangling positionPtr after error.
#2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
#2958794: CVE-2012-1148 - Memory leak in poolGrow.
#2990652: CMake support.
#3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
#3206497: Unitialized memory returned from XML_Parse.
#3287849: make check fails on mingw-w64.
#3496608: CVE-2012-0876 - Hash DOS attack.
- Patches:
#1749198: pkg-config support.
#3010222: Fix for bug #3010819.
#3312568: CMake support.
#3446384: Report byte offsets for attr names and values.
- New Features / API changes:
Added new API member XML_SetHashSalt() that allows setting an intial
value (salt) for hash calculations. This is part of the fix for
bug #3496608 to randomize hash parameters.
When compiled with XML_ATTR_INFO defined, adds new API member
XML_GetAttributeInfo() that allows retrieving the byte
offsets for attribute names and values (patch #3446384).
Added CMake build system.
See bug #2990652 and patch #3312568.
Added run-benchmark target to Makefile.in - relies on testdata module
present in the same relative location as in the repository.
* Add a suffix to all our config files so that RA never stamps on IPv4
* All valgrind errors fixed on FreeBSD (with ./configure --debug=YES)
* When started with an interface list, respect that with signal handling
* Fix a potential route table corruption if we failed to add a route
* Added resolv_conf_local_only which defaults to true.
This means that if you configure a local nameserver we don't add
any other nameservers to resolv.conf to avoid duplicate queries.
* Add domain_blacklist and name_server_blacklist variables.
We default name_server_blacklist to 0.0.0.0 to handle some faulty
routers.
* Add .Lk macro to URLs.
* Fix IPv6 parsing on domains which include an IPv4 server for dnsmasq.
The full changelog is at
http://pcc.ludd.ltu.se/fisheye/changelog/~date=2012-03-25T06%3A00%3A00/pcc
and includes some bug and documentation fixes.
The siginifcant improvements were that the __returns_twice__ attribute is
now accepted, and a problem parsing attributes on parameters of function
prototypes was fixed.
(both of these issues caused problems compiling with the NetBSD headers)
mean average). Program behaviour now tallies with the man page, but more
importantly, the default behaviour is now sensible for modern multi-core
machines.
If you want the previous behaviour, please set TOP="-1" in your environment.
Fix multiple "1" options not toggling and thus allow settings in TOP
environmental variable to be reversed by a command line option.
Tweak description of "1" command in interactive mode.
OK christos@
New sentence, new line.
Sort options and option descriptions.
Sort SEE ALSO.
Use Fl Fl for long options.
Comment out --version description which binary doesn't support.
* We store the RA against the interface so we can do a comparsion
so we don't spam the log frequently.
* By default only fork on RA if it has a valid RDNSS option
* Add .Lk macros to the man pages
* Use correct event loop calls in RA handling code
* Fix several memory overrun issues
* Use CSR more than once
* Allow operation on Bridge and VLAN interfaces
- Add a -w flag which will make the sanity script sleep for a second before
and after checkouts, commits, and updates.
- Fix expected output to look for the right default action on empty log
message. It's now "abort".
- Add new requests "Checkin-prog" and "Update-prog" to expectation values.
- Add new "access"âand "group" files to CVSROOT admin database expectation
values.
- All tests pass except client-20, which hangs.
The problem has to do with the threaded initialization.
After we take the first breakpoint and we enter single step mode,
we set trap_expected = 1 in the thread_info structure for main <pid,0,0>.
After the threads initialize, the main thread becomes <pid,1,0>, and so
we get a new thread_info struct with trap_expected = 0, and so we break.
message.
Currently you can't prepare that in advance and then use cvs import -F
file to supply the log message in a file. Will file a PR on cvs for this.
with something not from the previous decade.
NB: I should eventually put back the OS specific stuff I've removed so
that we can have a complete distribution.
1.) Correct set-uid check to allow "root" to run "crontab -l" again.
2.) Don't the the last error reported in "errno" in case "crontab" is not
installed set-uid "root". As no system-call failed "errno" is set
to zero.
- memory leak in liblzma fixed
- better validation
- correct behavior for suid/sgid/sticky bit and hard links with xz --force
- cleanup and new translations
- pkg_install 20120128:
- Explicitly stat(2) if mkdir failed. errno detection doesn't work e.g.
on Solaris.
- Provide a stable order for package names that only differe in the base
name, not the version number.
- pkg_install 20110805:
- Fix for pkg_delete on NFS from Anthony Mallet.
- The Postfix sqlite client, introduced with Postfix 2.8, had an
embarassing bug in its quoting routine. As the result of a
last-minute code cleanup before release, this routine returned the
unquoted text instead of the quoted text. The opportunities for
mis-use are limited: Postfix sqlite database files are usually owned
by root, and Postfix daemons usually run with non-root privileges so
they can't corrupt the database. This problem was reported by Rob
McGee (rob0).
- The Postfix 2.8.4 fix for local delivery agent database lookup
errors was incomplete. The fix correctly added new code to detect
database lookup errors with mailbox_transport_maps,
mailbox_command_maps or fallback_transport_maps, but it failed to
log the problem, and to produce a defer logfile record which is
needed for "delayed mail" and "mail too old" delivery status
notifications.
- The trace(8) service, used for DSN SUCCESS notifications, did not
distinguish between notifications for a non-bounce or a bounce
message, causing it to "reply" to mail with the null sender
address. Problem reported by Sabahattin Gucukoglu.
- Support for Dovecot auth over TCP sockets, using code that already
existed for testing purposes. Patrick Koetter kindly provided an
update for the SASL_README file.
- Workaround in the LDAP client for changes in the under-documented
OpenLDAP API, by Victor Duchovni.
jmmv