SU_CMD= ${LOCALBASE}/bin/sudo doesn't seem to work #11
Comments
|
The binary packages are created as the normal user, did you perhaps Jonathan Perkin www.perkin.org.uk |
|
Indeed these where owned by root... probably when I updated and put everything back to default I may have been in pfexec bash. |
ghost
closed this as
jperkin
pushed a commit
that referenced
this issue
Dec 17, 2012
# News
## <a id="2-3-5">2.3.5</a>: 2012-12-11
This is a bug fix release.
### Fixes
* [POParser] Fixed the class name for backward compatibility.
## <a id="2-3-4">2.3.4</a>: 2012-12-11
This is a many changes and new implements release.
### Improvements
* [Merger] Implemented "fuzzy-match" with Levenshtein distance.
* Added the class "PO" for management PO entries. Please use PO
instead of PoData. (see details in
http://rubydoc.info/gems/gettext/GetText/PO.html)
* [POEntry (renamed from PoMessages)] Supported to specify msgstr.
* [POEntry] Stored comments each type
(translator\_comment, extracted\_comment, flag, previous).
see
http://www.gnu.org/software/gettext/manual/html_node/PO-Files.html
for details of comment type.
* [POEntry] Checked if specified type is valid in #type=.
* [PoParser][MO] Concatenated msgctxt, msgid, msgid\_plural to
"#{msgctxt}\004#{msgid}\000"{msgid\_plural}" by MO instead of
PoParser. PoData and MO treat a concatenated string as msgid, but
PO doesn't.
* [PoParser] Parsed each type comment from whole comment.
### Changes
* Rename some classes and methods.
* PoMessage to PoEntry. This isn't "message" but "entry".
(See http://www.gnu.org/software/gettext/manual/gettext.html#PO-Files)
* PoMessages#== to POEntry#mergeable?.
* PoMessages#to\_po\_str to POEntry#to\_s.
* PoMessages#sources(sources=) to POEntry#references(references=)
* MoFile to MO. For backword compatible, MoFile can be used now.
* PoParser to POParser. For backword compatible, PoParser can be used now.
* Raised no error when POEntry doesn't have references.
It is useful for no references in .PO file.
# News
## <a id="2-3-3">2.3.3</a>: 2012-10-18
It's a package fix and msginit improvement release.
### Improvements
* [msginit] Supported plural forms for Bosnian, Catalan, Norwegian
Bokmal and Chinese.
### Fixes
* Fixed the bug that messages (i.e. the help message for rmsgfmt)
aren't localized in each environment. However, some
messages aren't tranlated or resolved fuzzy. Please
help us to translate or resolve them.
[Github #12][Reported by mtasaka]
* Used String#% to localize some messages.
### Thanks
* mtasaka
## <a id="2-3-2">2.3.2</a>: 2012-09-20
It's a bug fix release.
### Fixes
* Fixed the bug that untranslated messages are included in a .mo file.
[Github #11][Reported by Ramón Cahenzli]
### Thanks
* Ramón Cahenzli
jperkin
pushed a commit
that referenced
this issue
Jan 7, 2013
== 1.2.11.6 / 2012-12-10 - Fix breakage of writable IO stream detection on Windows (github #11).
jperkin
pushed a commit
that referenced
this issue
May 24, 2013
Changelog: Version 1.1.20 (released 24-Apr-2013) * fix tab-to-space handling regression in markup view * fix regression in root lookup handling (issue #526) Version 1.1.19 (released 22-Apr-2013) * improve root lookup performance (issue #523) * new 'max_filesize_kbytes' config option and handling (issue #524) * tarball generation improvements: - preserve Subversion symlinks in generated tarballs (issue #487) - reduce memory usage of tarball generation logic - fix double compression of generated tarballs (issue #525) * file content handling improvements: - expanded support for encoding detection and transcoding (issue #11) - fix tab-to-space conversion bugs in markup, annotate, and diff views - fix handling of trailing whitespace in diff view * add support for timestamp display in ISO8601 format (issue #46) Version 1.1.18 (released 28-Feb-2013) * fix exception raised by BDB-backed SVN repositories (issue #519) * hide revision-less files when rcsparse is in use * include branchpoints in branch views using rcsparse (issue #347) * miscellaneous cvsdb improvements: - add --port option to make-database (issue #521) - explicitly name columns in queries (issue #522) - update MySQL syntax to avoid discontinued "TYPE=" terms
mamash
pushed a commit
that referenced
this issue
Aug 12, 2013
Changelog:
NSS 3.15.1 release notes
Introduction
Network Security Services (NSS) 3.15.1 is a patch release for NSS 3.15. The bug fixes in NSS 3.15.1 are described in the "Bugs Fixed" section below.
Distribution Information
NSS 3.15.1 source distributions are also available on ftp.mozilla.org for secure HTTPS download:
Source tarballs:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_1_RTM/src/
New in NSS 3.15.1
New Functionality
TLS 1.2: TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations.
The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1.
AES GCM cipher suites are not yet supported.
New Functions
None.
New Types
in sslprot.h
SSL_LIBRARY_VERSION_TLS_1_2 - The protocol version of TLS 1.2 on the wire, value 0x0303.
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_NULL_SHA256 - New TLS 1.2 only HMAC-SHA256 cipher suites.
in sslerr.h
SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM, SSL_ERROR_DIGEST_FAILURE, SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM - New error codes for TLS 1.2.
in sslt.h
ssl_hmac_sha256 - A new value in the SSLMACAlgorithm enum type.
ssl_signature_algorithms_xtn - A new value in the SSLExtensionType enum type.
New PKCS #11 Mechanisms
None.
Notable Changes in NSS 3.15.1
Bug 856060 - Enforce name constraints on the common name in libpkix when no subjectAltName is present.
Bug 875156 - Add const to the function arguments of SEC_CertNicknameConflict.
Bug 877798 - Fix ssltap to print the certificate_status handshake message correctly.
Bug 882829 - On Windows, NSS initialization fails if NSS cannot call the RtlGenRandom function.
Bug 875601 - SECMOD_CloseUserDB/SECMOD_OpenUserDB fails to reset the token delay, leading to spurious failures.
Bug 884072 - Fix a typo in the header include guard macro of secmod.h.
Bug 876352 - certutil now warns if importing a PEM file that contains a private key.
Bug 565296 - Fix the bug that shlibsign exited with status 0 even though it failed.
The NSS_SURVIVE_DOUBLE_BYPASS_FAILURE build option is removed.
Bugs fixed in NSS 3.15.1
https://bugzilla.mozilla.org/buglist.cgi?list_id=5689256;resolution=FIXED;classification=Components;query_format=advanced;target_milestone=3.15.1;product=NSS
Compatibility
NSS 3.15.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.15.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
NSS 3.15 release notes
Introduction
The NSS team has released Network Security Services (NSS) 3.15, which is a minor release.
Distribution Information
The HG tag is NSS_3_15_RTM. NSS 3.15 requires NSPR 4.10 or newer.
NSS 3.15 source distributions are available on ftp.mozilla.org for secure HTTPS download:
Source tarballs:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_RTM/src/
New in NSS 3.15
New Functionality
Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.
Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.
certutil has been updated to support creating name constraints extensions.
New Functions
in ssl.h
SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension.
SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension.
in ocsp.h
CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses.
in secpkcs7.h
SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time.
in xconst.h
CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10.
in secitem.h
SECITEM_AllocArray
SECITEM_DupArray
SECITEM_FreeArray
SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays
SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938.
in pk11pub.h
PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.
PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.
New Types
in secitem.h
SECItemArray - Represents a variable-length array of SECItems.
New Macros
in ssl.h
SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE
Notable Changes in NSS 3.15
SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code.
NSS has migrated from CVS to the Mercurial source control management system.
Updated build instructions are available at Migration to HG
As part of this migration, the source code directory layout has been re-organized.
The list of root CA certificates in the nssckbi module has been updated.
The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache.
Applications that use SSL_AuthCertificateHook to override the default handler should add appropriate calls to SSL_PeerStapledOCSPResponse and CERT_CacheOCSPResponseFromSideChannel.
Bug 554369: Fixed correctness of CERT_CacheOCSPResponseFromSideChannel and other OCSP caching behaviour.
Bug 853285: Fixed bugs in AES GCM.
Bug 341127: Fix the invalid read in rc4_wordconv.
Faster NIST curve P-256 implementation.
Dropped (32-bit) SPARC V8 processor support on Solaris. The shared library libfreebl_32int_3.so is no longer produced.
Bugs fixed in NSS 3.15
This Bugzilla query returns all the bugs fixed in NSS 3.15:
https://bugzilla.mozilla.org/buglist.cgi?list_id=6278317&resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.15
jperkin
pushed a commit
that referenced
this issue
Sep 16, 2013
$Revision: 2.54 $ $Date: 2013/08/29 16:47:39 $ ! Encode.xs + t/cow.t Addressed: COW breakage with _utf8_on() https://rt.cpan.org/Ticket/Display.html?id=88230 ! Encode.pm Reverted the document accordingly to #11 dankogai/p5-encode#10 + t/decode.t Unit test for decoding behavior change in #11 dankogai/p5-encode#12 2.53 2013/08/29 15:20:31 ! Encode.pm Merged: Do not short-circuit decode_utf8 with utf8 flags dankogai/p5-encode#11 Merged: document decode_utf8 behaviour more precise dankogai/p5-encode#10 ! Makefile.PL Added repository cpan metadata dankogai/p5-encode#9 2.52 2013/08/14 02:29:54 ! ucm/*.ucm Addressed: Unicode Mappping tables are missing Unicode Inc. license notification All files including "as long as this notice remains attached" now have that notice attached in the comment section. (cp* and mac* do not since their source files do not include that notice) https://rt.cpan.org/Ticket/Display.html?id=87340 ! lib/Encode/MIME/Header.pm t/mime-header.t Addressed: encoding "0" with MIME-Headers gets a blank string https://rt.cpan.org/Ticket/Display.html?id=87831 ! Encode.pm Addressed: Documentation buglet https://rt.cpan.org/Ticket/Display.html?id=84992 ! Byte/Makefile.PL CN/Makefile.PL EBCDIC/Makefile.PL Encode/Makefile_PL.e2x JP/Makefile.PL KR/Makefile.PL Symbol/Makefile.PL TW/Makefile.PL Applied: Patch to output #includes in deterministic order https://rt.cpan.org/Ticket/Display.html?id=86974 2.51 2013/04/29 22:19:11 ! Encode.xs Addressed: Encode.xs doesn't compile with Microsoft C compiler https://rt.cpan.org/Public/Bug/Display.html?id=84920 ! MANIFEST Addressed: t/taint.t missing https://rt.cpan.org/Public/Bug/Display.html?id=84919 2.50 2013/04/26 18:30:46 ! Encode.xs Unicode/Unicode.xs lib/Encode/Unicode/UTF7.pm lib/CN/HZ.pm lib/Encode/GSM0338.pm t/taint.t Addressed: Encode::encode and Encode::decode gratuitously launders tainted data Taintedness now propagates as it should. https://rt.cpan.org/Ticket/Display.html?id=84879 ! encoding.pm Addressed: 5.18 deprecation https://rt.cpan.org/Ticket/Display.html?id=84709 ! bin/piconv Applied: Update piconv documentation https://rt.cpan.org/Ticket/Display.html?id=84695 2.49 2013/03/05 03:12:49 ! Encode.xs Addressed: Encoding objects leak memory if decoding fails dankogai/p5-encode#8 2.48 2013/02/18 02:23:56 ! encoding.pm t/Mod_EUCJP.pm t/enc_data.t t/enc_eucjp.t t/enc_module.t t/enc_utf8.t t/encoding.t t/jperl.t [PATCH] Deprecate encoding.pm https://rt.cpan.org/Ticket/Display.html?id=81255 ! Encode/Supported.pod Fixed: Pod errors https://rt.cpan.org/Ticket/Display.html?id=81426 ! Encode.pm t/Encode.t [PATCH] Fix for shared hash key scalars https://rt.cpan.org/Ticket/Display.html?id=80608 ! Encode.pm Fixed: Uninitialized value warning from Encode->encodings() https://rt.cpan.org/Ticket/Display.html?id=80181 ! Makefile.PL Install to 'site' instead of 'perl' when perl version is 5.11+ https://rt.cpan.org/Ticket/Display.html?id=78917 ! Encode/Makefile_PL.e2x find enc2xs.bat if it works on windows. dankogai/p5-encode#7 ! t/piconv.t Fix finding piconv in t/piconv.t dankogai/p5-encode#6
jperkin
pushed a commit
that referenced
this issue
Nov 1, 2013
Changelog:
Security Advisories
The following security-relevant bugs have been resolved in NSS 3.15.2. Users are encouraged to upgrade immediately.
Bug 894370 - (CVE-2013-1739) Avoid uninitialized data read in the event of a decryption failure.
New in NSS 3.15.2
New Functionality
AES-GCM Ciphersuites: AES-GCM cipher suite (RFC 5288 and RFC 5289) support has been added when TLS 1.2 is negotiated. Specifically, the following cipher suites are now supported:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
New Functions
PK11_CipherFinal has been introduced, which is a simple alias for PK11_DigestFinal.
New Types
No new types have been introduced.
New PKCS #11 Mechanisms
No new PKCS#11 mechanisms have been introduced
Notable Changes in NSS 3.15.2
Bug 880543 - Support for AES-GCM ciphersuites that use the SHA-256 PRF
Bug 663313 - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs, consistent with their handling for general certificate signatures.
Bug 884178 - Add PK11_CipherFinal macro
Bugs fixed in NSS 3.15.2
Bug 734007 - sizeof() used incorrectly
Bug 900971 - nssutil_ReadSecmodDB() leaks memory
Bug 681839 - Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished.
Bug 848384 - Deprecate the SSL cipher policy code, as it's no longer relevant. It is no longer necessary to call NSS_SetDomesticPolicy because all cipher suites are now allowed by default.
A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.2&product=NSS&list_id=7982238
Compatibility
NSS 3.15.2 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.15.2 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
jperkin
pushed a commit
that referenced
this issue
Nov 1, 2013
Changes: - Set default timing method to either gtod or abstime (#404) - Fix IPv6 parsing of CIDR's (#405) - Add support for preloading the memory cache (#410) - Generate more useful error when packets are too small (#411) - Update to libopts/Autogen 5.9.9 (#412) - Ship Win32Readme.txt file (#413) - Update copyright notice to 2010 (#416) - Dramatically enhance --portmap option (#417) - Update autotools (#423) - Add support for printing statistics periodically during the run (#424) - Warn user when pcap snaplen < 65535 (#425) - Add 802.1q processing support tcpprep (#428) - Link libnl when newer versions of libpcap require it (#397) - Ship m4 directory (#398) - Upgrade to latest autotools scripts (#400) - Fix error message when running autogen.sh (#401) - Added extensive IPv6 support to tcprewrite & tcpreplay-edit (#11) - Add IPv6 fragroute support (#388) - Add IPv6 decoding support to tcpprep (#11) - Fix compile time error in err.h (#390) - Add --endpoints support in tcpreplay-edit (#393)
jperkin
pushed a commit
that referenced
this issue
Nov 1, 2013
* Version 3.2.6 (released 2013-10-31) ** libgnutls: Support for TPM via trousers is now enabled by default. ** libgnutls: Camellia in GCM mode has been added in default priorities, and GCM mode is prioritized over CBC in all of the default priority strings. ** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384. ** libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. Reported by Stefan Buehler. ** libgnutls: Added support for ISO OID for RSA-SHA1 signatures. ** libgnutls: Minimum acceptable DH group parameters were increased to 767 bits from 727. ** libgnutls: Added function to obtain random data from PKCS #11 tokens. Contributed by Wolfgang Meyer zu Bergsten. ** gnulib: updated. ** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the previous fix. Reported by Tomas Mraz. ** p11tool: Added option generate-random. ** API and ABI modifications: gnutls_pkcs11_token_get_random: Added
jperkin
pushed a commit
that referenced
this issue
Dec 3, 2013
* Version 3.2.7 (released 2013-11-23) ** libgnutls: gnutls_cipher_get_iv_size() now returns the correct IV size in GCM ciphers (previously it returned the implicit IV used in TLS). ** libgnutls: gnutls_certificate_set_x509_key_file() et al when provided with a PKCS #11 URL pointing to a certificate, will attempt to load the whole chain. ** libgnutls: When traversing PKCS #11 tokens looking for an object, avoid looking in unrelated to the object tokens. ** libgnutls: Added an experimental %DUMBFW option in priority strings. This avoids a black hole behavior in some firewalls by sending a large client hello. See http://www.ietf.org/mail-archive/web/tls/current/msg10423.html ** libgnutls: The GNUTLS_DEBUG_LEVEL variable if set to a log level number will force output of debug messages to stderr. ** libgnutls: Fixed the setting of the ciphersuite when gnutls_premaster_set() is used with another protocol than the GNUTLS_DTLS0_9 protocol. ** libgnutls: gnutls_x509_crt_set_expiration_time() will set the no well defined expiration date when (time_t)-1 is specified as date. ** libgnutls: Session tickets are encrypted using AES-GCM. ** libgnutls: Corrected issue in record decompression. Issue pinpointed by Frank Zschockel. ** libgnutls: Forbid all compression methods in DTLS. ** gnutls-serv: Fixed issue with IPv6 address in UDP mode. ** certtool: When exporting an encrypted PEM private key do not output the key parameters. ** certtool: Expiration days template option allows for a -1 value which will set to the no well defined expiration date (RFC5280), and no longer chokes on integer overflows. Suggested by Stefan Buehler. ** certtool: Added new template options: 'activation_date', and 'expiration_date'. ** tools: The environment variable GNUTLS_PIN can be used to read any PIN requested from tokens. ** tools: The installed version of libopts is used if the autogen tool is present. ** API and ABI modifications: gnutls_pkcs11_obj_export3: Added gnutls_pkcs11_get_raw_issuer: Added gnutls_est_record_overhead_size: Exported
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
3.1.1: 2011-11-03 * Supported Rails 3.1.1. * [GitHub:#9] Fixed a typo in document. [warden] * [GitHub:#11] Added persisted?. [bklier] * [GitHub:#16] Supported 4 or more bytes salt for SSHA and SMD5. [Alex Tomlins] Thanks * warden * bklier * Alex Tomlins 3.1.0: 2011-07-09 * Supported Rails 3.1.0.rc4. [Ryan Tandy, Narihiro Nakamura, Hidetoshi Yoshimoto] * Removed ActiveRecord dependency and added ActiveModel dependency. * Used YARD instead of RDoc as documentation sysytem.
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
Based on PR 45754 by Radoslaw Kujawa. Enhancements in v4.0 (28/Mar/2011) * Support for testing with multiple CPUs. All tests except for #11 (Bit Fade) have been multi-threaded. A maximum of 16 CPUs will be used for testing. * CPU detection has been completely re-written to use the brand ID string rather than the cumbersome, difficult to maintain and often out of date CPUID family information. All new processors will now be correctly identified without requiring code support. * All code related to controller identification, PCI and DMI has been removed. This may be a controversial decision and was not made lightly. The following are justifications for the decision: 1. Controller identification has nothing to do with actual testing of memory, the core purpose of Memtest86. 2. This code needed to be updated with every new chipset. With the ever growing number of chipsets it is not possible to keep up with the changes. The result is that new chipsets were more often than not reported in-correctly. In the authors opinion incorrect information is worse than no information. 3. Probing for chipset information carries the risk of making the program crash. 4. The amount of code involved with controller identification was quite large, making support more difficult. Removing this code also had the unfortunate effect of removing reporting of correctable ECC errors. The code to support ECC was hopelessly intertwined the controller identification code. A fresh, streamlined implementation of ECC reporting is planned for a future release. * A surprising number of conditions existed that potentially cause problems when testing more than 4 GB of memory. Most if not all of these conditions have been identified and corrected. * A number of cases were corrected where not all of memory was being tested. For most tests the last word of each test block was not tested. In addition an error in the paging code was fixed that omitted from testing the last 256 bytes of each block above 2 GB. * The information display has been simplified and a number of details that were not relevant to testing were removed. * Memory speed measurement has been parallelized for more accurate reporting for multi channel memory controllers. * This is a major re-write of the Memtest86 with a large number of minor bug-fixes and substantial cleanup and re-organization of the code.
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
== MIME::Types 1.18 / 2012-03-20 * New MIME Types: * Types reported in Issue #6 (mime-types/ruby-mime-types#6): * CoffeeScript (text/x-coffeescript; .coffee; 8bit). * AIR (application/vnd.adobe.air-applicationinstaller-package+zip, .air; base64). * WOFF (application/font-woff; .woff; base64). * TrueType (application/x-font-truetype; .ttf; base64). * OpenType (application/x-font-opentype; .otf; base64). * WebM (audio/webm, video/webm; .webm). Issue #11 (mime-types/ruby-mime-types#11). * New extensions: * f4v/f4p (video/mp4, used by Adobe); f4a/fb4 (audio/mp4, used by Adobe). * Bug Fixes: * It was pointed out that Licence.txt was incorrectly named. Fixed by renaming to Licence.rdoc (from Issue/Pull Request #8, mime-types/ruby-mime-types#8). * It was pointed out that a plan to have the test output generated automatically never went through. Issue #10 (mime-types/ruby-mime-types#10)
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
== 1.7.2 / 2012-04-03 Bug Fixes - Fixed segmentation fault on exit [issue #30] - Fixed syswrite warning when IO contains unflushed data in buffer [issue #31] - Added "mingw" to the list of Windows host versions == 1.7.1 / 2012-03-05 Bug Fixes - Fixed deprecated use of Config::* [issue #29] == 1.7.0 / 2012-02-18 Enhancements - Move appender factories [issue #28] - ActionMail compatible options in the email appender [issue #27] - Add TLS support to the email appender [issue #25] - Refactoring appender shutdown [issue #20] Bug Fixes - File locking fails on windows using JRuby [issue #22] == 1.6.2 / 2012-01-05 Bug Fixes - Fix typo in the Readme [issue #14] - Fix spelling in a variety of places [issue #15] - Solaris does not have Syslog#LOG_PERROR defined [issue #17] - Fix failing tests for Ruby 1.9.3 [issue #18] - Check for RUBY_ENGINE for Ruby 1.8.7 [issue #19] - Whitespace and '# EOF' cleanup - Support for Rubinious == 1.6.1 / 2011-09-09 Bug Fixes - Rails compatibility methods [issue #11] - Blocked rolling file appender [issue #12] == 1.6.0 / 2011-08-22 Enhancements - Adding periodic flushing of buffered messages [issue #10] - Accessor for a logger's appenders [issue #9] - Better support for capturing log messages in RSpec version 1 & 2 == 1.5.2 / 2011-07-07 Bug Fixes - Changing working directory breaks rolling file appenders [issue #8] == 1.5.1 / 2011-06-03 Bug Fixes - IO streams cannot be buffered when using syswrite - JRuby does not allow shared locks on write only file descriptors - Fixing tests for JRuby 1.6.X == 1.5.0 / 2011-03-22 Minor Enhancements - removed mutexes in favor of IO#syswrite - no round tripping through the buffer array when auto_flushing is true - added a Proxy object that will log all methods called on it - colorization of log messages
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
* libgnutls: When decoding a PKCS #11 URL the pin-source field is assumed to be a file that stores the pin. * libgnutls: Added strict tests in Diffie-Hellman and SRP key exchange public keys. * minitasn1: Upgraded to libtasn1 version 2.13 (pre-release).
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
Upstream changes:
0.46 Tue Oct 2 13:23:00 EDT 2012
- with() enables argument matching on mocked methods
- raises() makes mocked methods raise exceptions
Contributed by Kjell-Magne .ierud (issue #12)
0.45 Mon May 7 10:08:13 EDT 2012
- Add support for TAP version 13.
Contributed by Michael G. Schwern (issue #11)
0.44 Mon Apr 30 11:04:00 CST 2012
- Allow shared_examples_for to be defined in any context.
0.43 Sat Apr 14 16:22:00 EST 2012
- Fixed runtests() to honor its contract to run only the examples specified
in its @patterns parameter or SPEC environment variable.
0.42 Mon Mar 05 21:18:00 CST 2012
- Added context() and xcontext() aliases for describe/xdescribe
(reported by intrigeri)
0.41 Sat Mar 03 19:04:00 EST 2012
- Added license info to Makefile.PL (RT #75400)
- Fixed test suite problems on Windows
0.40 Mon Jan 30 18:38:00 EST 2012
- Fixed problem that caused Test::Spec usage errors (e.g. 'describe "foo";'
without a subroutine argument) to be reported from inside the library,
instead of the caller's perspective where the actual error is.
0.39 Wed Aug 31 00:52:00 EST 2011
- Added xit/xthey/xdescribe to mark TODO tests, inspired by the
Jasmine JavaScript framework.
Contributed by Marian Schubert (issue #10).
0.38 Sat Jul 09 23:16:00 EST 2011
- Added share() function to facilitate spec refactoring.
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
# News
## <a id="2-3-5">2.3.5</a>: 2012-12-11
This is a bug fix release.
### Fixes
* [POParser] Fixed the class name for backward compatibility.
## <a id="2-3-4">2.3.4</a>: 2012-12-11
This is a many changes and new implements release.
### Improvements
* [Merger] Implemented "fuzzy-match" with Levenshtein distance.
* Added the class "PO" for management PO entries. Please use PO
instead of PoData. (see details in
http://rubydoc.info/gems/gettext/GetText/PO.html)
* [POEntry (renamed from PoMessages)] Supported to specify msgstr.
* [POEntry] Stored comments each type
(translator\_comment, extracted\_comment, flag, previous).
see
http://www.gnu.org/software/gettext/manual/html_node/PO-Files.html
for details of comment type.
* [POEntry] Checked if specified type is valid in #type=.
* [PoParser][MO] Concatenated msgctxt, msgid, msgid\_plural to
"#{msgctxt}\004#{msgid}\000"{msgid\_plural}" by MO instead of
PoParser. PoData and MO treat a concatenated string as msgid, but
PO doesn't.
* [PoParser] Parsed each type comment from whole comment.
### Changes
* Rename some classes and methods.
* PoMessage to PoEntry. This isn't "message" but "entry".
(See http://www.gnu.org/software/gettext/manual/gettext.html#PO-Files)
* PoMessages#== to POEntry#mergeable?.
* PoMessages#to\_po\_str to POEntry#to\_s.
* PoMessages#sources(sources=) to POEntry#references(references=)
* MoFile to MO. For backword compatible, MoFile can be used now.
* PoParser to POParser. For backword compatible, PoParser can be used now.
* Raised no error when POEntry doesn't have references.
It is useful for no references in .PO file.
# News
## <a id="2-3-3">2.3.3</a>: 2012-10-18
It's a package fix and msginit improvement release.
### Improvements
* [msginit] Supported plural forms for Bosnian, Catalan, Norwegian
Bokmal and Chinese.
### Fixes
* Fixed the bug that messages (i.e. the help message for rmsgfmt)
aren't localized in each environment. However, some
messages aren't tranlated or resolved fuzzy. Please
help us to translate or resolve them.
[Github #12][Reported by mtasaka]
* Used String#% to localize some messages.
### Thanks
* mtasaka
## <a id="2-3-2">2.3.2</a>: 2012-09-20
It's a bug fix release.
### Fixes
* Fixed the bug that untranslated messages are included in a .mo file.
[Github #11][Reported by Ramón Cahenzli]
### Thanks
* Ramón Cahenzli
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
== 1.2.11.6 / 2012-12-10 - Fix breakage of writable IO stream detection on Windows (github #11).
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
1.0.8
Updated Spanish translation
Updated Japanese translation
Rework initial subtitle visibility setting
1.0.8b
Updated Korean translation
Run make update-po
Add message when screenshot capture fails
Switch to GLIB for GMLIB header files, since GTK is not included
Switch to GTK VERSION tags when possible
Updated Japanese translation
Fix compliation of gmtk_media_tracker in generic application
Run make update-po
Remove audio export filter when codec cannot use it
Remove cairo variable from gmtk_media_player
Version bump to 1.0.8a
Use cairo and the draw event to draw the background in GTK3
Set background color in gmtk_media_player widget using specific realize events
Address parallel build problem from Issue #11
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
Changelog: Version 1.1.20 (released 24-Apr-2013) * fix tab-to-space handling regression in markup view * fix regression in root lookup handling (issue #526) Version 1.1.19 (released 22-Apr-2013) * improve root lookup performance (issue #523) * new 'max_filesize_kbytes' config option and handling (issue #524) * tarball generation improvements: - preserve Subversion symlinks in generated tarballs (issue #487) - reduce memory usage of tarball generation logic - fix double compression of generated tarballs (issue #525) * file content handling improvements: - expanded support for encoding detection and transcoding (issue #11) - fix tab-to-space conversion bugs in markup, annotate, and diff views - fix handling of trailing whitespace in diff view * add support for timestamp display in ISO8601 format (issue #46) Version 1.1.18 (released 28-Feb-2013) * fix exception raised by BDB-backed SVN repositories (issue #519) * hide revision-less files when rcsparse is in use * include branchpoints in branch views using rcsparse (issue #347) * miscellaneous cvsdb improvements: - add --port option to make-database (issue #521) - explicitly name columns in queries (issue #522) - update MySQL syntax to avoid discontinued "TYPE=" terms
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
* Version 3.2.1 (released 2013-06-01) ** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain openssl versions. ** libgnutls: Fixes in interrupted function resumption. Report and patch by Tim Kosse. ** libgnutls: Corrected issue when receiving client hello verify requests in DTLS. ** libgnutls: Fixes in DTLS record overhead size calculations. ** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by Mann Ern Kang. ** API and ABI modifications: gnutls_session_set_id: Added * Version 3.2.0 (released 2013-05-10) ** libgnutls: Use nettle's elliptic curve implementation. ** libgnutls: Added Salsa20 cipher ** libgnutls: Added UMAC-96 and UMAC-128 ** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96. As they are not standardized they are defined using private ciphersuite numbers. ** libgnutls: Added support for DTLS 1.2. ** libgnutls: Added support for the Application Layer Protocol Negotiation (ALPN) extension. ** libgnutls: Removed support for the RSA-EXPORT ciphersuites. ** libgnutls: Avoid linking to librt (that also avoids unnecessary linking to pthreads if p11-kit isn't used). ** API and ABI modifications: gnutls_cipher_get_iv_size: Added gnutls_hmac_set_nonce: Added gnutls_mac_get_nonce_size: Added * Version 3.1.10 (released 2013-03-22) ** certtool: When generating PKCS #12 files use by default the ARCFOUR (RC4) cipher to be compatible with devices that don't support AES with PKCS #12. ** libgnutls: Load CA certificates in android 4.x systems. ** libgnutls: Optimized CA certificate loading. ** libgnutls: Private keys are overwritten on deinitialization. ** libgnutls: PKCS #11 slots are scanned only when needed, not on initialization. This speeds up gnutls initialization when smart cards are present. ** libgnutls: Corrected issue in the (deprecated) external key signing interface, when used with TLS 1.2. Reported by Bjorn H. Christensen. ** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by Joke de Buhr. ** libgnutls-dane: Updated DANE verification options. ** configure: Trust store file must be explicitly set or unset when cross compiling. ** API and ABI modifications: gnutls_x509_crt_get_issuer_dn2: Added gnutls_x509_crt_get_dn2: Added gnutls_x509_crl_get_issuer_dn2: Added gnutls_x509_crq_get_dn2: Added gnutls_x509_trust_list_remove_trust_mem: Added gnutls_x509_trust_list_remove_trust_file: Added gnutls_x509_trust_list_remove_cas: Added gnutls_session_get_desc: Added gnutls_privkey_sign_raw_data: Added gnutls_privkey_status: Added * Version 3.1.9 (released 2013-02-27) ** certtool: Option --to-p12 will now ask for a password to generate a PKCS #12 file from an encrypted key file. Reported by Yan Fiz. ** libgnutls: Corrected issue in gnutls_pubkey_verify_data(). ** libgnutls: Corrected parsing issue in XMPP within a subject alternative name. Reported by James Cloos. ** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11 modules, and not only the ones loaded via p11-kit. ** libgnutls: Added function to check whether the private key is still available (inserted). ** libgnutls: Try to detect fork even during nonce generation. ** API and ABI modifications: gnutls_handshake_set_random: Added gnutls_transport_set_int2: Added gnutls_transport_get_int2: Added gnutls_transport_get_int: Added gnutls_record_cork: Exported gnutls_record_uncork: Exported gnutls_pkcs11_privkey_status: Added * Version 3.1.8 (released 2013-02-10) ** libgnutls: Fixed issue in gnutls_x509_privkey_import2() which didn't return GNUTLS_E_DECRYPTION_FAILED in all cases, and affect certtool operation with encrypted keys. Reported by Yan Fiz. ** libgnutls: The minimum DH bits accepted by priorities NORMAL and PERFORMANCE was set to previous defaults 727 bits. Reported by Diego Elio Petteno. ** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash() to operate with long keys. Reported by Erik A Jensen. ** API and ABI modifications: No changes since last version. * Version 3.1.7 (released 2013-02-04) ** certtool: Added option "dn" which allows to directly set the DN in a template from an RFC4514 string. ** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters. ** libgnutls-xssl: Added a new library to simplify GnuTLS usage. ** libgnutls-dane: Added function to specify a DLV file. ** libgnutls: Heartbeat code was made optional. ** libgnutls: Fixes in server side of DTLS-0.9. ** libgnutls: DN variable 'T' was expanded to 'title'. ** libgnutls: Fixes in record padding parsing to prevent a timing attack. Issue reported by Kenny Paterson and Nadhem Alfardan. ** libgnutls: Added functions to directly set the DN in a certificate or request from an RFC4514 string. ** libgnutls: Optimizations in the random generator. The re-seeding of it is now explicitly done on every session deinit. ** libgnutls: Simplified the DTLS sliding window implementation. ** libgnutls: The minimum DH bits accepted by a client are now set by the specified priority string. The current values correspond to the previous defaults (727 bits), except for the SECURE128 and SECURE192 strings which increase the minimum to 1248 and 1776 respectively. ** libgnutls: Added the gnutls_record_cork() and uncork API to enable buffering in sending application data. ** libgnutls: Removed default random padding, and added a length-hiding interface instead. Both the server and the client must support this extension. Whether length-hiding can be used on a given session can be checked using gnutls_record_can_use_length_hiding(). Contributed by Alfredo Pironti. ** libgnutls: Added the experimental %NEW_PADDING priority string. It enables a new padding mechanism in TLS allowing arbitrary padding in TLS records in all ciphersuites, which makes length-hiding more efficient and solves the issues with timing attacks on CBC ciphersuites. ** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD ciphers (i.e., AES-GCM). Reported by William McGovern. ** API and ABI modifications: gnutls_db_check_entry_time: Added gnutls_record_set_timeout: Added gnutls_record_get_random_padding_status: Added gnutls_x509_crt_set_dn: Added gnutls_x509_crt_set_issuer_dn: Added gnutls_x509_crq_set_dn: Added gnutls_range_split: Added gnutls_record_send_range: Added gnutls_record_set_max_empty_records: Added gnutls_record_can_use_length_hiding: Added gnutls_rnd_refresh: Added xssl_deinit: Added xssl_flush: Added xssl_read: Added xssl_getdelim: Added xssl_write: Added xssl_printf: Added xssl_sinit: Added xssl_client_init: Added xssl_server_init: Added xssl_get_session: Added xssl_get_verify_status: Added xssl_cred_init: Added xssl_cred_deinit: Added dane_state_set_dlv_file: Added GNUTLS_SEC_PARAM_EXPORT: Added GNUTLS_SEC_PARAM_VERY_WEAK: Added * Version 3.1.6 (released 2013-01-02) ** libgnutls: Fixed record padding parsing issue. Reported by Kenny Patterson and Nadhem Alfardan. ** libgnutls: Several updates in the ASN.1 string handling subsystem. ** libgnutls: gnutls_x509_crt_get_policy() allows for a list of zero policy qualifiers. ** libgnutls: Ignore heartbeat messages when received out-of-order, instead of issuing an error. ** libgnutls: Stricter RSA PKCS #1 1.5 encoding and decoding. Reported by Kikuchi Masashi. ** libgnutls: TPM support is disabled by default because GPL programs cannot link with it. Use --with-tpm to enable it. ** libgnutls-guile: Fixed parallel compilation issue. ** gnutls-cli: It will try to connect to all possible returned addresses before failing. ** API and ABI modifications: No changes since last version. * Version 3.1.5 (released 2012-11-24) ** libgnutls: Added functions to parse the certificates policies extension. ** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished Name by translating it to UTF-8 (works on windows or systems with iconv). ** libgnutls: Added PKCS #11 key generation function that returns the public key on generation. ** libgnutls: Corrected bug in priority string parsing, that mostly affected combined levels. Patch by Tim Kosse. ** certtool: The --pubkey-info option can be combined with the --load-privkey or --load-request to print the corresponding public keys. ** certtool: It is able to set certificate policies via a template. ** certtool: Added --hex-numbers option which prints big numbers in an easier to parse format. ** p11tool: After key generation, outputs the public key (useful in tokens that do not store the public key). ** danetool: It is being built even without libgnutls-dane (the --check functionality is disabled though). ** API and ABI modifications: gnutls_pkcs11_privkey_generate2: Added gnutls_x509_crt_get_policy: Added gnutls_x509_crt_set_policy: Added gnutls_x509_policy_release: Added gnutls_pubkey_import_x509_crq: Added gnutls_pubkey_print: Added GNUTLS_CRT_PRINT_FULL_NUMBERS: Added * Version 3.1.4 (released 2012-11-10) ** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on the available revocation data validity. ** libgnutls: Added gnutls_certificate_verification_status_print(), a function to print the verification status code in human readable text. ** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS. ** libgnutls: Simplified certificate verification by adding gnutls_certificate_verify_peers3(). ** libgnutls: Added support for extension to establish keys for SRTP. Contributed by Martin Storsjo. ** libgnutls: The X.509 verification functions check the key usage bits and pathlen constraints and on failure output GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE. ** libgnutls: gnutls_x509_crl_verify() includes the time checks. ** libgnutls: Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN and made GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default. ** libgnutls: Always tolerate key usage violation errors from the side of the peer, but also notify via an audit message. ** gnutls-cli: Added --local-dns option. ** danetool: Corrected bug that prevented loading PEM files. ** danetool: Added --check option to allow querying and verifying a site's DANE data. ** libgnutls-dane: Added pkg-config file for the library. ** API and ABI modifications: gnutls_session_get_id2: Added gnutls_sign_is_secure: Added gnutls_certificate_verify_peers3: Added gnutls_ocsp_status_request_is_checked: Added gnutls_certificate_verification_status_print: Added gnutls_srtp_set_profile: Added gnutls_srtp_set_profile_direct: Added gnutls_srtp_get_selected_profile: Added gnutls_srtp_get_profile_name: Added gnutls_srtp_get_profile_id: Added gnutls_srtp_get_keys: Added gnutls_srtp_get_mki: Added gnutls_srtp_set_mki: Added gnutls_srtp_profile_t: Added dane_cert_type_name: Added dane_match_type_name: Added dane_cert_usage_name: Added dane_verification_status_print: Added GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: Added GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: Added GNUTLS_CERT_UNEXPECTED_OWNER: Added GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added * Version 3.1.3 (released 2012-10-12) ** libgnutls: Added support for the OCSP Certificate Status extension. ** libgnutls: gnutls_certificate_verify_peers2() will use the OCSP certificate status extension in verification. ** libgnutls: Bug fixes in gnutls_x509_privkey_import_openssl(). ** libgnutls: Increased maximum password length in the PKCS #12 functions. ** libgnutls: Fixed the receipt of session tickets during session resumption. Reported by danblack at http://savannah.gnu.org/support/?108146 ** libgnutls: Added functions to export structures in an allocated buffer. ** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP response corresponds to the given certificate. ** libgnutls: In client side gnutls_init() enables the session ticket and OCSP certificate status request extensions by default. The flag GNUTLS_NO_EXTENSIONS can be used to prevent that. ** libgnutls: Several updates in the OpenPGP code. The generating code is fully RFC6091 compliant and RFC5081 support is only supported in client mode. ** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC certificate verification. ** gnutls-cli: Added --dane option to enable DANE certificate verification. ** danetool: Added tool to generate DANE TLSA Resource Records (RR). ** API and ABI modifications: gnutls_certificate_get_peers_subkey_id: Added gnutls_certificate_set_ocsp_status_request_function: Added gnutls_certificate_set_ocsp_status_request_file: Added gnutls_ocsp_status_request_enable_client: Added gnutls_ocsp_status_request_get: Added gnutls_ocsp_resp_check_crt: Added gnutls_dh_params_export2_pkcs3: Added gnutls_pubkey_export2: Added gnutls_x509_crt_export2: Added gnutls_x509_dn_export2: Added gnutls_x509_crl_export2: Added gnutls_pkcs7_export2: Added gnutls_x509_privkey_export2: Added gnutls_x509_privkey_export2_pkcs8: Added gnutls_x509_crq_export2: Added gnutls_openpgp_crt_export2: Added gnutls_openpgp_privkey_export2: Added gnutls_pkcs11_obj_export2: Added gnutls_pkcs12_export2: Added gnutls_pubkey_import_openpgp_raw: Added gnutls_pubkey_import_x509_raw: Added dane_state_init: Added dane_state_deinit: Added dane_query_tlsa: Added dane_query_status: Added dane_query_entries: Added dane_query_data: Added dane_query_deinit: Added dane_verify_session_crt: Added dane_verify_crt: Added dane_strerror: Added * Version 3.1.2 (released 2012-09-26) ** libgnutls: Fixed bug in gnutls_x509_trust_list_add_system_trust() and gnutls_x509_trust_list_add_trust_mem() that prevented the loading of certificates in the windows platform. ** libgnutls: Corrected bug in OpenPGP subpacket encoding. ** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk. (the work was done during Google Summer of Code). ** libgnutls: Added X.509 certificate verification flag GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification of unsorted certificate chains and is enabled by default for TLS certificate verification (if gnutls_certificate_set_verify_flags() does not override it). ** libgnutls: Prints warning on certificates that contain keys of an insecure level. If the %COMPAT priority flag is not specified the TLS connection fails. ** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode if interrupted during the retrasmition of handshake data. ** libgnutls: Better mingw32 support (patch by LRN). ** libgnutls: The %COMPAT keyword, if specified, will tolerate key usage violation errors (they are far too common to ignore). ** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(), which provides a tool to counter compression-related attacks where parts of the data are controlled by the attacker _and_ are placed in separate records (use with care - do not use compression if not sure). ** libgnutls: Depends on libtasn1 2.14 or later. ** certtool: Prints the number of bits of the public key algorithm parameter in a private key. ** API and ABI modifications: gnutls_x509_privkey_get_pk_algorithm2: Added gnutls_heartbeat_ping: Added gnutls_heartbeat_pong: Added gnutls_heartbeat_allowed: Added gnutls_heartbeat_enable: Added gnutls_heartbeat_set_timeouts: Added gnutls_heartbeat_get_timeout: Added GNUTLS_SEC_PARAM_WEAK: Added GNUTLS_SEC_PARAM_INSECURE: Added * Version 3.1.1 (released 2012-09-02) ** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link. ** certtool: Changes in password handling of certtool. Ask password when required and only if the '--password' option is not given. If the '--password' option is given during key generation then assume the PKCS #8 file format, instead of ignoring the password. ** tpmtool: No longer asks for key password in registered keys. ** libgnutls: Elliptic curve code was optimized by Ilya Tumaykin. wmNAF is now used for point multiplication and other optimizations. (the major part of the work was done during Google Summer of Code). ** libgnutls: The default pull_timeout_function only uses select instead of a combination of select() and recv() to prevent issues when used in stream sockets in some systems. ** libgnutls: Be tolerant in ECDSA signature violations (e.g. using SHA256 with a SECP384 curve instead of SHA-384), to interoperate with openssl. ** libgnutls: Fixed DSA and ECDSA signature generation in smart cards. Thanks to Andreas Schwier from cardcontact.de for providing me with ECDSA capable smart cards. ** API and ABI modifications: gnutls_sign_algorithm_get: Added gnutls_sign_get_hash_algorithm: Added gnutls_sign_get_pk_algorithm: Added * Version 3.1.0 (released 2012-08-15) ** libgnutls: Added direct support for TPM as a cryptographic module in gnutls/tpm.h. TPM keys can be used in functions accepting files using URLs of the following types: tpmkey:file=/path/to/file tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user ** libgnutls: Priority string level keywords can be combined. For example the string "SECURE256:+SUITEB128" is now allowed. ** libgnutls: requires libnettle 2.5. ** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5) for encryption and signatures. ** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between generic errors and signature verification errors in the verification functions. ** libgnutls: Added gnutls_pkcs12_simple_parse() as a helper function to simplify parsing in most PKCS #12 use cases. ** libgnutls: gnutls_certificate_set_x509_simple_pkcs12_file() adds the whole certificate chain (if any) to the credentials structure, instead of only the end-user certificate. ** libgnutls: Key import functions such as gnutls_pkcs12_simple_parse() and gnutls_x509_privkey_import_pkcs8(), return consistently GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no password was provided. ** libgnutls: Added gnutls_handshake_set_timeout() a function that allows to set the maximum time spent in a handshake. ** libgnutlsxx: Added session::set_transport_vec_push_function. Patch by Alexandre Bique. ** tpmtool: Added. It is a tool to generate private keys in the TPM. ** gnutls-cli: --benchmark-tls was split to --benchmark-tls-kx and --benchmark-tls-ciphers ** certtool: generated PKCS #12 structures may hold more than one private key. Patch by Lucas Fisher. ** certtool: Added option --null-password to generate/decrypt keys that use a NULL password (in schemas that distinguish between NULL an empty passwords). ** minitasn1: Upgraded to libtasn1 version 2.13. ** API and ABI modifications: GNUTLS_CERT_SIGNATURE_FAILURE: Added GNUTLS_CAMELLIA_192_CBC: Added GNUTLS_PKCS_NULL_PASSWORD: Added gnutls_url_is_supported: Added gnutls_pkcs11_obj_list_import_url2: Added gnutls_pkcs11_obj_set_pin_function: Added gnutls_pkcs11_privkey_set_pin_function: Added gnutls_pkcs11_get_pin_function: Added gnutls_privkey_import_tpm_raw: Added gnutls_privkey_import_tpm_url: Added gnutls_privkey_import_pkcs11_url: Added gnutls_privkey_import_openpgp_raw: Added gnutls_privkey_import_x509_raw: Added gnutls_privkey_import_ext2: Added gnutls_privkey_import_url: Added gnutls_privkey_set_pin_function: Added gnutls_tpm_privkey_generate: Added gnutls_tpm_key_list_deinit: Added gnutls_tpm_key_list_get_url: Added gnutls_tpm_get_registered: Added gnutls_tpm_privkey_delete: Added gnutls_pubkey_import_tpm_raw: Added gnutls_pubkey_import_tpm_url: Added gnutls_pubkey_import_url: Added gnutls_pubkey_verify_hash2: Added gnutls_pubkey_set_pin_function: Added gnutls_x509_privkey_import2: Added gnutls_x509_privkey_import_openssl: Added gnutls_x509_crt_set_pin_function: Added gnutls_load_file: Added gnutls_pkcs12_simple_parse: Added gnutls_certificate_set_x509_system_trust: Added gnutls_certificate_set_pin_function: Added gnutls_x509_trust_list_add_system_trust: Added gnutls_x509_trust_list_add_trust_file: Added gnutls_x509_trust_list_add_trust_mem: Added gnutls_pk_to_sign: Added gnutls_handshake_set_timeout: Added gnutls_pubkey_verify_hash: Deprecated (use gnutls_pubkey_verify_hash2) gnutls_pubkey_verify_data: Deprecated (use gnutls_pubkey_verify_data2)
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
Upstream changes:
version 0.96 at 2013-07-08 06:53:34 +0000
-----------------------------------------
Change: a78109ca3e2c9338bf98185c2014ba2be4a04942
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-07-08 07:53:34 +0000
Fix patch applying for v5.18.0
-----------------------------------------
version 0.94 at 2013-07-07 13:45:00 +0000
-----------------------------------------
Change: c5257739abd2cde575036ba9b105977679a30273
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-07-07 14:45:00 +0000
Added commit 4149c7198d9b78d861df289cce40dd865cab57e7
Fixes a regmatch pointer 32-bit wraparound regression in v5.18.0
-----------------------------------------
version 0.92 at 2013-07-07 13:29:48 +0000
-----------------------------------------
Change: 8881838495367f05f599939d4e1eac86106785fa
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-07-07 14:29:48 +0000
Update Midnight BSD hints for 0.4-RELEASE
-----------------------------------------
version 0.90 at 2013-05-18 22:58:06 +0000
-----------------------------------------
Change: fe0a97026ae5a56374b1d9a5968554a0c9b693bc
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-05-18 23:58:06 +0000
Bumped version to 0.90
Change: cc5a37b1298b45fe2e74a4db92e85561a12f1052
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-05-18 23:50:04 +0000
Added gcc m64 fixes for Solaris 11
http://perl5.git.perl.org/perl.git/commitdiff/1ddb6a4
http://perl5.git.perl.org/perl.git/commitdiff/767f54d
Change: 815ff70a8a86c97742a0afdc5a092c590c729e80
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-05-18 22:04:29 +0000
Update hpux hints
Change: 089592af98239448a956586cf8998dee7b2ab7b6
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-05-18 21:46:55 +0000
Added hints audit tool
Change: 842e6a11a1dac1adfa253a4a9dbd60d53286fa8e
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-05-18 18:24:52 +0000
Added 'hints' function to Devel::PatchPerl::Hints
-----------------------------------------
version 0.88 at 2013-05-16 12:02:55 +0000
-----------------------------------------
Change: 7a381f7a969eeb683343ddc3511169298aa19889
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-05-16 13:02:55 +0000
Make determine_version() available in the public API
bingos/devel-patchperl#12
-----------------------------------------
version 0.86 at 2013-05-08 15:39:07 +0000
-----------------------------------------
Change: 50d0a6e5c2b5f25de596463f219c78204e0ae477
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-05-08 16:39:07 +0000
Bump version
Change: 09c3d04f1eddb60cdbba7b597a9c114c7396be2f
Author: Chris Williams <chris@bingosnet.co.uk>
Date : 2013-05-08 08:11:48 +0000
Merge pull request #11 from hirose31/prevent-premature-hsplit
Add patch on prevent premature hsplit for Perl 5.8.[89], 5.10.1,
5.12.5
Change: 19a38ec13e6634a4707bb5043da051b6c551c23f
Author: HIROSE Masaaki <hirose31@gmail.com>
Date : 2013-05-08 13:52:42 +0000
Add patch on prevent premature hsplit for Perl 5.8.[89], 5.10.1,
5.12.5
-----------------------------------------
version 0.84 at 2013-03-08 21:35:14 +0000
-----------------------------------------
Change: 7b5f0d6c51dbff9a22f250813e230816d3d36f08
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-03-08 21:35:14 +0000
Remove requirement on IPC::Cmd
This should make the perlbrew peeps happy
-----------------------------------------
version 0.82 at 2013-02-25 21:38:08 +0000
-----------------------------------------
Change: 3e146301433f8098460dc6fd5d1930fc48c2903a
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-02-25 21:38:08 +0000
Update Linux hints
-----------------------------------------
version 0.80 at 2013-02-25 12:04:03 +0000
-----------------------------------------
Change: ef4dfcccd90f7f786847998cba8891b69fd5a2e1
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-02-25 12:04:03 +0000
Bump version to 0.80
Change: 4e3020edfa3b3adcb79dd4d3c8e410f8cb12bf53
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-02-25 12:02:09 +0000
Ensure that the linux hints file gets updated for kfreebsd as well
Change: 52fde6650e6a6324c7817fb81d9d08260f73d96a
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-02-25 11:41:38 +0000
Add updated hints for gnukfreebsd
-----------------------------------------
version 0.78 at 2013-02-17 16:58:31 +0000
-----------------------------------------
Change: 0c2be36694492d5824f7704cf9d3473c28228d99
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-02-17 16:58:31 +0000
Added midnightbsd hints file which supports 0.4
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
Changelog:
NSS 3.15.1 release notes
Introduction
Network Security Services (NSS) 3.15.1 is a patch release for NSS 3.15. The bug fixes in NSS 3.15.1 are described in the "Bugs Fixed" section below.
Distribution Information
NSS 3.15.1 source distributions are also available on ftp.mozilla.org for secure HTTPS download:
Source tarballs:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_1_RTM/src/
New in NSS 3.15.1
New Functionality
TLS 1.2: TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations.
The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1.
AES GCM cipher suites are not yet supported.
New Functions
None.
New Types
in sslprot.h
SSL_LIBRARY_VERSION_TLS_1_2 - The protocol version of TLS 1.2 on the wire, value 0x0303.
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_NULL_SHA256 - New TLS 1.2 only HMAC-SHA256 cipher suites.
in sslerr.h
SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM, SSL_ERROR_DIGEST_FAILURE, SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM - New error codes for TLS 1.2.
in sslt.h
ssl_hmac_sha256 - A new value in the SSLMACAlgorithm enum type.
ssl_signature_algorithms_xtn - A new value in the SSLExtensionType enum type.
New PKCS #11 Mechanisms
None.
Notable Changes in NSS 3.15.1
Bug 856060 - Enforce name constraints on the common name in libpkix when no subjectAltName is present.
Bug 875156 - Add const to the function arguments of SEC_CertNicknameConflict.
Bug 877798 - Fix ssltap to print the certificate_status handshake message correctly.
Bug 882829 - On Windows, NSS initialization fails if NSS cannot call the RtlGenRandom function.
Bug 875601 - SECMOD_CloseUserDB/SECMOD_OpenUserDB fails to reset the token delay, leading to spurious failures.
Bug 884072 - Fix a typo in the header include guard macro of secmod.h.
Bug 876352 - certutil now warns if importing a PEM file that contains a private key.
Bug 565296 - Fix the bug that shlibsign exited with status 0 even though it failed.
The NSS_SURVIVE_DOUBLE_BYPASS_FAILURE build option is removed.
Bugs fixed in NSS 3.15.1
https://bugzilla.mozilla.org/buglist.cgi?list_id=5689256;resolution=FIXED;classification=Components;query_format=advanced;target_milestone=3.15.1;product=NSS
Compatibility
NSS 3.15.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.15.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
NSS 3.15 release notes
Introduction
The NSS team has released Network Security Services (NSS) 3.15, which is a minor release.
Distribution Information
The HG tag is NSS_3_15_RTM. NSS 3.15 requires NSPR 4.10 or newer.
NSS 3.15 source distributions are available on ftp.mozilla.org for secure HTTPS download:
Source tarballs:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_RTM/src/
New in NSS 3.15
New Functionality
Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.
Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.
certutil has been updated to support creating name constraints extensions.
New Functions
in ssl.h
SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension.
SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension.
in ocsp.h
CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses.
in secpkcs7.h
SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time.
in xconst.h
CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10.
in secitem.h
SECITEM_AllocArray
SECITEM_DupArray
SECITEM_FreeArray
SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays
SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938.
in pk11pub.h
PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.
PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.
New Types
in secitem.h
SECItemArray - Represents a variable-length array of SECItems.
New Macros
in ssl.h
SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE
Notable Changes in NSS 3.15
SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code.
NSS has migrated from CVS to the Mercurial source control management system.
Updated build instructions are available at Migration to HG
As part of this migration, the source code directory layout has been re-organized.
The list of root CA certificates in the nssckbi module has been updated.
The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache.
Applications that use SSL_AuthCertificateHook to override the default handler should add appropriate calls to SSL_PeerStapledOCSPResponse and CERT_CacheOCSPResponseFromSideChannel.
Bug 554369: Fixed correctness of CERT_CacheOCSPResponseFromSideChannel and other OCSP caching behaviour.
Bug 853285: Fixed bugs in AES GCM.
Bug 341127: Fix the invalid read in rc4_wordconv.
Faster NIST curve P-256 implementation.
Dropped (32-bit) SPARC V8 processor support on Solaris. The shared library libfreebl_32int_3.so is no longer produced.
Bugs fixed in NSS 3.15
This Bugzilla query returns all the bugs fixed in NSS 3.15:
https://bugzilla.mozilla.org/buglist.cgi?list_id=6278317&resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.15
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
$Revision: 2.54 $ $Date: 2013/08/29 16:47:39 $ ! Encode.xs + t/cow.t Addressed: COW breakage with _utf8_on() https://rt.cpan.org/Ticket/Display.html?id=88230 ! Encode.pm Reverted the document accordingly to #11 dankogai/p5-encode#10 + t/decode.t Unit test for decoding behavior change in #11 dankogai/p5-encode#12 2.53 2013/08/29 15:20:31 ! Encode.pm Merged: Do not short-circuit decode_utf8 with utf8 flags dankogai/p5-encode#11 Merged: document decode_utf8 behaviour more precise dankogai/p5-encode#10 ! Makefile.PL Added repository cpan metadata dankogai/p5-encode#9 2.52 2013/08/14 02:29:54 ! ucm/*.ucm Addressed: Unicode Mappping tables are missing Unicode Inc. license notification All files including "as long as this notice remains attached" now have that notice attached in the comment section. (cp* and mac* do not since their source files do not include that notice) https://rt.cpan.org/Ticket/Display.html?id=87340 ! lib/Encode/MIME/Header.pm t/mime-header.t Addressed: encoding "0" with MIME-Headers gets a blank string https://rt.cpan.org/Ticket/Display.html?id=87831 ! Encode.pm Addressed: Documentation buglet https://rt.cpan.org/Ticket/Display.html?id=84992 ! Byte/Makefile.PL CN/Makefile.PL EBCDIC/Makefile.PL Encode/Makefile_PL.e2x JP/Makefile.PL KR/Makefile.PL Symbol/Makefile.PL TW/Makefile.PL Applied: Patch to output #includes in deterministic order https://rt.cpan.org/Ticket/Display.html?id=86974 2.51 2013/04/29 22:19:11 ! Encode.xs Addressed: Encode.xs doesn't compile with Microsoft C compiler https://rt.cpan.org/Public/Bug/Display.html?id=84920 ! MANIFEST Addressed: t/taint.t missing https://rt.cpan.org/Public/Bug/Display.html?id=84919 2.50 2013/04/26 18:30:46 ! Encode.xs Unicode/Unicode.xs lib/Encode/Unicode/UTF7.pm lib/CN/HZ.pm lib/Encode/GSM0338.pm t/taint.t Addressed: Encode::encode and Encode::decode gratuitously launders tainted data Taintedness now propagates as it should. https://rt.cpan.org/Ticket/Display.html?id=84879 ! encoding.pm Addressed: 5.18 deprecation https://rt.cpan.org/Ticket/Display.html?id=84709 ! bin/piconv Applied: Update piconv documentation https://rt.cpan.org/Ticket/Display.html?id=84695 2.49 2013/03/05 03:12:49 ! Encode.xs Addressed: Encoding objects leak memory if decoding fails dankogai/p5-encode#8 2.48 2013/02/18 02:23:56 ! encoding.pm t/Mod_EUCJP.pm t/enc_data.t t/enc_eucjp.t t/enc_module.t t/enc_utf8.t t/encoding.t t/jperl.t [PATCH] Deprecate encoding.pm https://rt.cpan.org/Ticket/Display.html?id=81255 ! Encode/Supported.pod Fixed: Pod errors https://rt.cpan.org/Ticket/Display.html?id=81426 ! Encode.pm t/Encode.t [PATCH] Fix for shared hash key scalars https://rt.cpan.org/Ticket/Display.html?id=80608 ! Encode.pm Fixed: Uninitialized value warning from Encode->encodings() https://rt.cpan.org/Ticket/Display.html?id=80181 ! Makefile.PL Install to 'site' instead of 'perl' when perl version is 5.11+ https://rt.cpan.org/Ticket/Display.html?id=78917 ! Encode/Makefile_PL.e2x find enc2xs.bat if it works on windows. dankogai/p5-encode#7 ! t/piconv.t Fix finding piconv in t/piconv.t dankogai/p5-encode#6
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2013
Changelog:
Security Advisories
The following security-relevant bugs have been resolved in NSS 3.15.2. Users are encouraged to upgrade immediately.
Bug 894370 - (CVE-2013-1739) Avoid uninitialized data read in the event of a decryption failure.
New in NSS 3.15.2
New Functionality
AES-GCM Ciphersuites: AES-GCM cipher suite (RFC 5288 and RFC 5289) support has been added when TLS 1.2 is negotiated. Specifically, the following cipher suites are now supported:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
New Functions
PK11_CipherFinal has been introduced, which is a simple alias for PK11_DigestFinal.
New Types
No new types have been introduced.
New PKCS #11 Mechanisms
No new PKCS#11 mechanisms have been introduced
Notable Changes in NSS 3.15.2
Bug 880543 - Support for AES-GCM ciphersuites that use the SHA-256 PRF
Bug 663313 - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs, consistent with their handling for general certificate signatures.
Bug 884178 - Add PK11_CipherFinal macro
Bugs fixed in NSS 3.15.2
Bug 734007 - sizeof() used incorrectly
Bug 900971 - nssutil_ReadSecmodDB() leaks memory
Bug 681839 - Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished.
Bug 848384 - Deprecate the SSL cipher policy code, as it's no longer relevant. It is no longer necessary to call NSS_SetDomesticPolicy because all cipher suites are now allowed by default.
A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.2&product=NSS&list_id=7982238
Compatibility
NSS 3.15.2 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.15.2 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
jperkin
pushed a commit
that referenced
this issue
Jun 2, 2014
* Version 3.2.15 (released 2014-05-30) ** libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. ** libgnutls: Several memory leaks caused by error conditions were fixed. The leaks were identified using valgrind and the Codenomicon TLS test suite. ** libgnutls: Increased the maximum certificate size buffer in the PKCS #11 subsystem. ** libgnutls: Check the return code of getpwuid_r() instead of relying on the result value. That avoids issue in certain systems, when using tofu authentication and the home path cannot be determined. Issue reported by Viktor Dukhovni. ** gnutls-cli: if dane is requested but not PKIX verification, then only do verify the end certificate. ** ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. ** API and ABI modifications: No changes since last version. * Version 3.2.14 (released 2014-05-06) ** libgnutls: Fixed issue with the check of incoming data when two different recv and send pointers have been specified. Reported and investigated by JMRecio. ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. ** libgnutls: Fixed client memory leak in the PSK key exchange, if a server hint was provided. ** libgnutls: Several small bug fixes identified using valgrind and the Codenomicon TLS test suite. ** libgnutls: Several small bug fixes found by coverity. ** libgnutls-dane: Accept a certificate using DANE if there is at least one entry that matches the certificate. Patch by simon [at] arlott.org. ** configure: Added --with-nettle-mini option, which allows linking with a libnettle that contains gmp. ** certtool: The ECDSA keys generated by default use the SECP256R1 curve which is supported more widely than the previously used SECP224R1. ** API and ABI modifications: No changes since last version. * Version 3.2.13 (released 2014-04-07) ** libgnutls: gnutls_openpgp_keyring_import will no longer fail silently if there are no base64 data. Report and patch by Ramkumar Chinchani. ** libgnutls: gnutls_record_send is now safe to be called under DTLS when in corked mode. ** libgnutls: Ciphersuites that use the SHA256 or SHA384 MACs are only available in TLS 1.0 as SSL 3.0 doesn't specify parameters for these algorithms. ** libgnutls: Changed the behaviour in wildcard acceptance in certificates. Wildcards are only accepted when there are more than two domain components after the wildcard. This drops support for the permissive RFC2818 wildcards and adds more conservative support based on the suggestions in RFC6125. Suggested by Jeffrey Walton. ** certtool: When no password is provided to export a PKCS #8 keys, do not encrypt by default. This reverts to the certtool behavior of gnutls 3.0. The previous behavior of encrypting using an empty password can be replicating using the new parameter --empty-password. ** p11tool: Avoid dual initialization of the PKCS #11 subsystem when the --provider option is given. ** API and ABI modifications: No changes since last version.
jperkin
pushed a commit
that referenced
this issue
Jul 23, 2014
* Remove SvREFCNT_dec_NN until it can be implemented properly. (Thanks to bulk88 for reporting GH #10) * Fix GH #11 - compiler warning under clang (Thanks to jhi for reporting it) * Fix GH #12 - compiler warnings (Thanks to jhi for reporting it) * Add support for HeUTF8 * Add GetFileContents() to retrieve the contents of the ppport.h file * Update MAX_VER to be 5.20 * Update issue tracker to GitHub * Add support for the following API SvREFCNT_dec_NN mg_findext sv_unmagicext * Update META Move bug tracker to github Provide link to repository * Avoid syntax disallowed by C++11 (Thanks to Tony C for the patch) * Fix cpan #87870: Merge core perl commit 90b0dc0e2e (Thanks to Father Chrysostomos for the original patch and to Steve Hay for forwarding it) * Fix cpan #86975: Deterministically order API elements in POD (Thanks to Karl Williamson for providing a patch.) * Fix cpan #81796: my $_ is deprecated (Thanks to Nicholas Clark for providing a patch) * Fix cpan #81484: fix isASCII and isCNTRL for inputs > 255 (Thanks to Karl Williamson for providing a patch) * Fix cpan #80314: make use of PERL_NO_GET_CONTEXT the default * Fix cpan #79814: Install to 'site' for perl 5.11+ (Thanks to Robert Sedlacek for providing a patch) * Fix cpan #78271: Need SvPV_nomg_nolen * Adapt buildperl.pl for newer Perl releases * Update masked_versions regex for 5.005 thread builds * Some tweaks needed to support 5.003 on 64-bit platforms
jperkin
pushed a commit
that referenced
this issue
Sep 3, 2014
Version 1.2 -- August 26, 2014 ============================== - Fixed compilation with neither libswresample nor libavresample (#11) - Fixed compilation with static libav (#10) - Functions chromaprint_encode_fingerprint and chromaprint_decode_fingerprint are changed to accept const pointer as input - Added support for using the Kiss FFT library (should make Android port easier) - Removed obsolete dev tools from the package - More compatible DEBUG() macro
jperkin
pushed a commit
that referenced
this issue
Dec 9, 2014
* Version 3.2.19 (released 2014-10-13) ** libgnutls: Fixes in the transparent import of PKCS #11 certificates. Reported by Joseph Peruski. ** libgnutls: Fixed issue with unexpected non-fatal errors resetting the handshake's hash buffer, in applications using the heartbeat extension or DTLS. Reported by Joeri de Ruiter. ** libgnutls: fix issue in DTLS retransmission when session tickets were in use; reported by Manuel Pégourié-Gonnard. ** libgnutls: Prevent abort() in library if getrusage() fails. Try to detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. ** guile: new 'set-session-server-name!' procedure; see the manual for details. ** API and ABI modifications: No changes since last version.
jperkin
pushed a commit
that referenced
this issue
Apr 16, 2015
Add test target
Upstream changes:
2015-03-14 -- 1.3.6
* Class.slots raises NotImplementedError for old style classes.
Closes issue #67.
* Add a new option to AstroidManager, `optimize_ast`, which
controls if peephole optimizer should be enabled or not.
This prevents a regression, where the visit_binop method
wasn't called anymore with astroid 1.3.5, due to the differences
in the resulting AST. Closes issue #82.
2015-03-11 -- 1.3.5
* Add the ability to optimize small ast subtrees,
with the first use in the optimization of multiple
BinOp nodes. This removes recursivity in the rebuilder
when dealing with a lot of small strings joined by the
addition operator. Closes issue #59.
* Obtain the methods for the nose brain tip through an
unittest.TestCase instance. Closes Pylint issue #457.
* Fix a crash which occurred when a class was the ancestor
of itself. Closes issue #78.
* Improve the scope_lookup method for Classes regarding qualified
objects, with an attribute name exactly as one provided in the
class itself.
For example, a class containing an attribute 'first',
which was also an import and which had, as a base, a qualified name
or a Gettattr node, in the form 'module.first', then Pylint would
have inferred the `first` name as the function from the Class,
not the import. Closes Pylint issue #466.
* Implement the assigned_stmts operation for Starred nodes,
which was omitted when support for Python 3 was added in astroid.
Closes issue #36.
2015-01-17 -- 1.3.4
* Get the first element from the method list when obtaining
the functions from nose.tools.trivial. Closes Pylint issue #448.
2015-01-16 -- 1.3.3
* Restore file_stream to a property, but deprecate it in favour of
the newly added method Module.stream. By using a method instead of a
property, it will be easier to properly close the file right
after it is used, which will ensure that no file descriptors are
leaked. Until now, due to the fact that a module was cached,
it was not possible to close the file_stream anywhere.
file_stream will start emitting PendingDeprecationWarnings in
astroid 1.4, DeprecationWarnings in astroid 1.5 and it will
be finally removed in astroid 1.6.
* Add inference tips for 'tuple', 'list', 'dict' and 'set' builtins.
* Add brain definition for most string and unicode methods
* Changed the API for Class.slots. It returns None when the class
doesn't define any slots. Previously, for both the cases where
the class didn't have slots defined and when it had an empty list
of slots, Class.slots returned an empty list.
* Add a new method to Class nodes, 'mro', for obtaining the
the method resolution order of the class.
* Add brain tips for six.moves. Closes issue #63.
* Improve the detection for functions decorated with decorators
which returns static or class methods.
* .slots() can contain unicode strings on Python 2.
* Add inference tips for nose.tools.
2014-11-22 -- 1.3.2
* Fixed a crash with invalid subscript index.
* Implement proper base class semantics for Python 3, where
every class derives from object.
* Allow more fine-grained control over C extension loading
in the manager.
2014-11-21 -- 1.3.1
* Fixed a crash issue with the pytest brain module.
2014-11-20 -- 1.3.0
* Fix a maximum recursion error occured during the inference,
where statements with the same name weren't filtered properly.
Closes pylint issue #295.
* Check that EmptyNode has an underlying object in
EmptyNode.has_underlying_object.
* Simplify the understanding of enum members.
* Fix an infinite loop with decorator call chain inference,
where the decorator returns itself. Closes issue #50.
* Various speed improvements. Patch by Alex Munroe.
* Add pytest brain plugin. Patch by Robbie Coomber.
* Support for Python versions < 2.7 has been dropped, and the
source has been made compatible with Python 2 and 3. Running
2to3 on installation for Python 3 is not needed anymore.
* astroid now depends on six.
* modutils._module_file opens __init__.py in binary mode.
Closes issues #51 and #13.
* Only C extensions from trusted sources (the standard library)
are loaded into the examining Python process to build an AST
from the live module.
* Path names on case-insensitive filesystems are now properly
handled. This fixes the stdlib detection code on Windows.
* Metaclass-generating functions like six.with_metaclass
are now supported via some explicit detection code.
* astroid.register_module_extender has been added to generalize
the support for module extenders as used by many brain plugins.
* brain plugins can now register hooks to handle failed imports,
as done by the gobject-introspection plugin.
* The modules have been moved to a separate package directory,
`setup.py develop` now works correctly.
2014-08-24 -- 1.2.1
* Fix a crash occurred when inferring decorator call chain.
Closes issue #42.
* Set the parent of vararg and kwarg nodes when inferring them.
Closes issue #43.
* namedtuple inference knows about '_fields' attribute.
* enum members knows about the methods from the enum class.
* Name inference will lookup in the parent function
of the current scope, in case searching in the current scope
fails.
* Inference of the functional form of the enums takes into
consideration the various inputs that enums accepts.
* The inference engine handles binary operations (add, mul etc.)
between instances.
* Fix an infinite loop in the inference, by returning a copy
of instance attributes, when calling 'instance_attr'.
Closes issue #34 (patch by Emile Anclin).
* Don't crash when trying to infer unbound object.__new__ call.
Closes issue #11.
2014-07-25 -- 1.2.0
* Function nodes can detect decorator call chain and see if they are
decorated with builtin descriptors (`classmethod` and `staticmethod`).
* infer_call_result called on a subtype of the builtin type will now
return a new `Class` rather than an `Instance`.
* `Class.metaclass()` now handles module-level __metaclass__ declaration
on python 2, and no longer looks at the __metaclass__ class attribute on
python 3.
* Function nodes can detect if they are decorated with subclasses
of builtin descriptors when determining their type
(`classmethod` and `staticmethod`).
* Add `slots` method to `Class` nodes, for retrieving
the list of valid slots it defines.
* Expose function annotation to astroid: `Arguments` node
exposes 'varargannotation', 'kwargannotation' and 'annotations'
attributes, while `Function` node has the 'returns' attribute.
* Backported most of the logilab.common.modutils module there, as
most things there are for pylint/astroid only and we want to be
able to fix them without requiring a new logilab.common release
* Fix names grabed using wildcard import in "absolute import mode"
(ie with absolute_import activated from the __future__ or with
python 3). Fix pylint issue #58.
* Add support in pylint-brain for understanding enum classes.
2014-04-30 -- 1.1.1
* `Class.metaclass()` looks in ancestors when the current class
does not define explicitly a metaclass.
* Do not cache modules if a module with the same qname is already
known, and only return cached modules if both name and filepath
match. Fixes pylint Bitbucket issue #136.
2014-04-18 -- 1.1.0
* All class nodes are marked as new style classes for Py3k.
* Add a `metaclass` function to `Class` nodes to
retrieve their metaclass.
* Add a new YieldFrom node.
* Add support for inferring arguments to namedtuple invocations.
* Make sure that objects returned for namedtuple
inference have parents.
* Don't crash when inferring nodes from `with` clauses
with multiple context managers. Closes #18.
* Don't crash when a class has some __call__ method that is not
inferable. Closes #17.
* Unwrap instances found in `.ancestors()`, by using their _proxied
class.
jperkin
pushed a commit
that referenced
this issue
Apr 28, 2015
jperkin
pushed a commit
that referenced
this issue
May 21, 2015
-------------------
0.23
- fix test error on Windows due to the use of
unescaped paths in regex patterns (by nanis) #11 #13
0.22
- fix regression in 0.21 (use of here-doc within `<?= ?>` causes syntax error) #12
- add support for `prepend` property for prepending code (by LoonyPandora) #3
0.21
- fix the strange rule for multi-line expression #10
jperkin
pushed a commit
that referenced
this issue
May 21, 2015
- Add three BUILD_DEPENDS for 'make test'.
p5-JSON-MaybeXS, p5-Module-Pluggable, p5-Test-Deep
(upstream)
- Update to 1.004
---------------
1.004 2015-03-05 05:18:44Z
- fix the Gist plugin to work with github's stricter validation
(PR #11, Tatsuhiko Miyagawa)
- removed +x permissions on files (RT#102361)
- mark the Codepeek service as deprecated (RT#101823)
jperkin
pushed a commit
that referenced
this issue
May 21, 2015
Upstream changes: 20150503 + add --with-man2html configure option + improve description of -W options and how they can be combined into a comma-separated list (adapted from Leif LeBaron). + modify parsing for -Wexec to permit its value to be separated by '=' in addition to a space, for consistency with the other -W options. + cosmetic changes to configure script macros, from work on xterm. + update config.guess and config.sub 20141206 + Mawk behaves incorrectly when using the nextfile statement. It marks the file as dead, but does not check such state and thus ends reading from a closed fd (patch by Ismael Luceno). 20141027 + remove a special check for anchored regular expressions in gsub3 which did not handle expressions with "|" alternation (report by "Ypnose"). 20140914 + rename vs6.mak / vs6.h to vs2008 for Visual Studio 2008 compiles. + remove MS-DOS support. + add a check in split for empty regex, treating that the same as an empty string (Original-Mawk #9). + correct inconsistently-ifdef'd reset of errno in check_strnum() function, which caused some values to be internally classified as strings rather than strnums (Original-Mawk #26). + add parameter to REmatch to control use of REG_NOTBOL and its equivalent in mawk (prompted by discussion with Mike Brennan, Original-Mawk #24). + settle on "gsub3" implementation (suggested by Mike Brennan, Original-Mawk #11). + change default for configure option --enable-init-srand to enable this (discussion with Mike Brennan). + add -W random option to set initial srand() seed. + add TraceVA, use to provide debug-traces for errmsg(). + add note in manpage about "nextfile", see for example: http://www.opengroup.org/austin/docs/austin_578.txt http://austingroupbugs.net/view.php?id=607 + make it possible to build with "bsd" library ported to Linux by setting LIBS=-lbsd before running configure script. + show random-function names in version message, as well as maximum integer-value. + modify initialization of srand default seed from time of day to use gettimeofday, etc., so that successive runs of mawk are less likely to use the same seed value (suggested by Mike Brennan). + make a further refinement, "gsub3" which uses a single pass. + change SType and SLen types to improve performance as well as handling larger regular expressions (suggested by Mike Brennan). + fix some minor issues reported by Coverity. + regenerate parse.c using byacc 20140422 + modify makefile-rule for generating parse.c to keep the "#line" preprocessor lines consistent with the actual filename. This is needed by lcov. + add test/reg7.awk to help with recent testing. + discard intermediate new_gsub used for regression-testing, will do further improvements based on "gsub2". + fix a comparison in rexp3.c to work with embedded nulls (patch by Mike Brennan). + in-progress changes to implement "gsub2", which will reduce copying. + discard intermediate old_gsub used for regression-testing, using original gsub function renamed to "gsub0" for that purpose. + remove old compiler information from version message. + remove NF value from version message. + patches by Mike Brennan: + changed the intermediate storage of STRINGS used by split. + cleaned up the xxx_split() functions. a) removed hand loop unrolling. What was an optimization for intel 8086/88 is silly today. b) consequence of a) some macros went away so the code is easier to read/understand. c) handles null in input string Note: re_split() does \x00 null correctly, but it calls REmatch() which does not. I have examples where REmatch works with nulls and examples of not working. That needs to be fixed. + changed field allocation to support no upper limit. + when comparing two strings, allow for embedded nulls. + add checks in rexp3.c for infinite loop for testcase noloop.awk (report by Tibor Palinkas). + improve test-package for debian by adding postrm script to restore "mawk-base" to its unalternatized configuration, as well as adding messages to the other pre/post scripts. + patches by Mike Brennan: + increase some limits: NF is now 1048575, sprintf limit is 8192. + updated array.w; mostly documentation improvements + add array.pdf generated from array.w + add -Wu / -Wusage / -Wh / -Whelp to show usage message, like gawk. If long options are enabled, honor --help and --usage as well. + if no command-line parameters are given, show usage message like gawk and BWK (report by Michael Sanders). + improve configure macros CF_ADD_CFLAGS, CF_ADD_LIBS, CF_XOPEN_SOURCE, e.g., for Minix3.2 port. + restore in-progress change to gsub; resolved problem handling its internal use of vectors for second parameter when "&" marker is used. + improve configure check for Intel compiler warnings; trim unwanted -no-gcc option. + for Solaris suppress the followup check for defining _XOPEN_SOURCE + update config.guess and config.sub
jperkin
pushed a commit
that referenced
this issue
Jun 17, 2015
patch refresh grace of mkpatches upstream notable changes list since the 3.2 to 3.3 branch point (excerpt of the NEWS file): * Version 3.3.15 (released 2015-05-03) ** libgnutls: gnutls_certificate_get_ours: will return the certificate even if a callback was used to send it. ** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. ** libgnutls: Check for invalid length in the X.509 version field. Without the check certificates with invalid length would be detected as having an arbitrary version. Reported by Hanno Böck. ** API and ABI modifications: No changes since last version. * Version 3.3.14 (released 2015-03-30) ** libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo structures use BER to decode them (requires libtasn1 4.3). That allows to decode some more complex structures. ** libgnutls: When an end-certificate with no name is present and there are CA name constraints, don't reject the certificate. This follows RFC5280 advice closely. Reported by Fotis Loukos. ** libgnutls: Fixed handling of supplemental data with types > 255. Patch by Thierry Quemerais. ** libgnutls: Fixed double free in the parsing of CRL distribution points certificate extension. Reported by Robert Święcki. ** libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That protocol is not enabled by default (used by openconnect VPN). ** libgnutls: The maximum user data send size is set to be the same for block and non-block ciphersuites. This addresses a regression with wine: https://bugs.winehq.org/show_bug.cgi?id=37500 ** libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN, and CKA_DECRYPT when needed. ** libgnutls: Allow names with zero size to be set using gnutls_server_name_set(). That will disable the Server Name Indication. Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2 ** API and ABI modifications: No changes since last version. * Version 3.3.13 (released 2015-02-25) ** libgnutls: Enable AESNI in GCM on x86 ** libgnutls: Fixes in DTLS message handling ** libgnutls: Check certificate algorithm consistency, i.e., check whether the signatureAlgorithm field matches the signature field inside TBSCertificate. ** gnutls-cli: Fixes in OCSP verification. ** API and ABI modifications: No changes since last version. * Version 3.3.12 (released 2015-01-17) ** libgnutls: When negotiating TLS use the lowest enabled version in the client hello, rather than the lowest supported. In addition, do not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0 is the only protocol supported. That addresses issues with servers that immediately drop the connection when the encounter SSL 3.0 as the record version number. See: http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html ** libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters. ** libgnutls: Handle zero length plaintext for VIA PadLock functions. This solves a potential crash on AES encryption for small size plaintext. Patch by Matthias-Christian Ott. ** libgnutls: In DTLS don't combine multiple packets which exceed MTU. Reported by Andreas Schultz. https://savannah.gnu.org/support/?108715 ** libgnutls: In DTLS decode all handshake packets present in a record packet, in a single pass. Reported by Andreas Schultz. https://savannah.gnu.org/support/?108712 ** libgnutls: When importing a CA file with a PKCS #11 URL, simply import the certificates, if the URL specifies objects, rather than treating it as trust module. ** libgnutls: When importing a PKCS #11 URL and we know the type of object we are importing, don't require the object type in the URL. ** libgnutls: fixed openpgp authentication when gnutls_certificate_set_retrieve_function2 was used by the server. ** guile: Fix compilation on MinGW. Previously only the static version of the 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. ** guile: Fix harmless warning during compilation of gnutls.scm Initially reported at <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>. ** certtool: --pubkey-info will also attempt to load a public key from stdin. ** gnutls-cli: Added --starttls-proto option. That allows to specify a protocol for starttls negotiation. ** API and ABI modifications: No changes since last version. * Version 3.3.11 (released 2014-12-11) ** libgnutls: Corrected regression introduced in 3.3.9 related to session renegotiation. Reported by Dan Winship. ** libgnutls: Corrected parsing issue with OCSP responses. ** API and ABI modifications: No changes since last version. * Version 3.3.10 (released 2014-11-10) ** libgnutls: Refuse to import v1 or v2 certificates that contain extensions. ** libgnutls: Fixes in usage of PKCS #11 token callback ** libgnutls: Fixed bug in gnutls_x509_trust_list_get_issuer() when used with a PKCS #11 trust module and without the GNUTLS_TL_GET_COPY flag. Reported by David Woodhouse. ** libgnutls: Removed superfluous random generator refresh on every call of gnutls_deinit(). That reduces load and usage of /dev/urandom. ** libgnutls: Corrected issue in export of ECC parameters to X9.63 format. Reported by Sean Burford [GNUTLS-SA-2014-5]. ** libgnutls: When gnutls_global_init() is called for a second time, it will check whether the /dev/urandom fd kept is still open and matches the original one. That behavior works around issues with servers that close all file descriptors. ** libgnutls: Corrected behavior with PKCS #11 objects that are marked as CKA_ALWAYS_AUTHENTICATE. ** certtool: The default cipher for PKCS #12 structures is 3des-pkcs12. That option is more compatible than AES or RC4. ** API and ABI modifications: No changes since last version. * Version 3.3.9 (released 2014-10-13) ** libgnutls: Fixes in the transparent import of PKCS #11 certificates. Reported by Joseph Peruski. ** libgnutls: Fixed issue with unexpected non-fatal errors resetting the handshake's hash buffer, in applications using the heartbeat extension or DTLS. Reported by Joeri de Ruiter. ** libgnutls: When both a trust module and additional CAs are present account the latter as well; reported by David Woodhouse. ** libgnutls: added GNUTLS_TL_GET_COPY flag for gnutls_x509_trust_list_get_issuer(). That allows the function to be used in a thread safe way when PKCS #11 trust modules are in use. ** libgnutls: fix issue in DTLS retransmission when session tickets were in use; reported by Manuel Pégourié-Gonnard. ** libgnutls-dane: Do not require the CA on a ca match to be direct CA. ** libgnutls: Prevent abort() in library if getrusage() fails. Try to detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. ** guile: new 'set-session-server-name!' procedure; see the manual for details. ** certtool: The authority key identifier will be set in a certificate only if the CA's subject key identifier is set. ** API and ABI modifications: No changes since last version. * Version 3.3.8 (released 2014-09-18) ** libgnutls: Updates in the name constraints checks. No name constraints will be checked for intermediate certificates. As our support for name constraints is limited to e-mail addresses in DNS names, it is pointless to check them on intermediate certificates. ** libgnutls: Fixed issues in PKCS #11 object listing. Previously multiple object listing would fail completely if a single object could not be exported. ** libgnutls: Improved the performance of PKCS #11 object listing/retrieving, by retrieving them in large batches. Report and suggestion by David Woodhouse. ** libgnutls: Fixed issue with certificates being sanitized by gnutls prior to signature verification. That resulted to certain non-DER compliant modifications of valid certificates, being corrected by libtasn1's parser and restructured as the original. Issue found and reported by Antti Karjalainen and Matti Kamunen from Codenomicon. ** libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle strings with embedded spaces and escaped commas. ** libgnutls: when comparing a CA certificate with the trusted list compare the name and key only instead of the whole certificate. That is to handle cases where a CA certificate was superceded by a different one with the same name and the same key. ** libgnutls: when verifying a certificate against a p11-kit trusted module, use the attached extensions in the module to override the CA's extensions (that requires p11-kit 0.20.7). ** libgnutls: In DTLS prevent sending zero-size fragments in certain cases of MTU split. Reported by Manuel Pégourié-Gonnard. ** libgnutls: Added gnutls_x509_trust_list_verify_crt2() which allows verifying using a hostname and a purpose (extended key usage). That enhances PKCS #11 trust module verification, as it can now check the purpose when this function is used. ** libgnutls: Corrected gnutls_x509_crl_verify() which would always report a CRL signature as invalid. Reported by Armin Burgmeier. ** libgnutls: added option --disable-padlock to allow disabling the padlock CPU acceleration. ** p11tool: when listing tokens, list their type as well. ** p11tool: when listing objects from a trust module print any attached extensions on certificates. ** API and ABI modifications: gnutls_x509_crq_get_extension_by_oid2: Added gnutls_x509_crt_get_extension_by_oid2: Added gnutls_x509_trust_list_verify_crt2: Added gnutls_x509_ext_print: Added gnutls_x509_ext_deinit: Added gnutls_x509_othername_to_virtual: Added gnutls_pkcs11_obj_get_exts: Added * Version 3.3.7 (released 2014-08-24) ** libgnutls: Added function to export the public key of a PKCS #11 private key. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: Explicitly set the exponent in PKCS #11 key generation. That improves compatibility with certain PKCS #11 modules. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: When generating a PKCS #11 private key allow setting the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: gnutls_pkcs11_privkey_t will always hold an open session to the key. ** libgnutls: bundle replacements of inet_pton and inet_aton if not available. ** libgnutls: initialize parameters variable on PKCS #8 decryption. ** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1 algorithms. ** libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125 requirement of checking the Common Name (CN) part of DN only if there is a single CN present in the certificate. ** libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS mode, when set to 1. ** libgnutls: In DTLS ignore only errors that relate to unexpected packets and decryption failures. ** p11tool: Added --info parameter. ** certtool: Added --mark-wrap parameter. ** danetool: --check will attempt to retrieve the server's certificate chain and verify against it. ** danetool/gnutls-cli-debug: Added --app-proto parameters which can be used to enforce starttls (currently only SMTP and IMAP) on the connection. ** danetool: Added openssl linking exception, to allow linking with libunbound. ** API and ABI modifications: GNUTLS_PKCS11_OBJ_ATTR_MATCH: Added gnutls_pkcs11_privkey_export_pubkey: Added gnutls_pkcs11_obj_flags_get_str: Added gnutls_pkcs11_obj_get_flags: Added * Version 3.3.6 (released 2014-07-23) ** libgnutls: Use inet_ntop to print IP addresses when available ** libgnutls: gnutls_x509_crt_check_hostname and friends will also check IP addresses, and match documented behavior. Reported by David Woodhouse. ** libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024 bit parameters. ** libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens being usable after a reinitialization. ** libgnutls: fixed PKCS #11 private key operations after a fork. ** libgnutls: fixed PKCS #11 ECDSA key generation. ** libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to explicitly enable/disable the use of certain CPU capabilities. Note that CPU detection cannot be overriden, i.e., VIA options cannot be enabled on an Intel CPU. The currently available options are: 0x1: Disable all run-time detected optimizations 0x2: Enable AES-NI 0x4: Enable SSSE3 0x8: Enable PCLMUL 0x100000: Enable VIA padlock 0x200000: Enable VIA PHE 0x400000: Enable VIA PHE SHA512 ** libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott. ** p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set. ** p11tool: ask for label when one isn't provided. ** p11tool: added --batch parameter to disable any interactivity. ** p11tool: will not implicitly enable so-login for certain types of objects. That avoids issues with tokens that require different login types. ** certtool/p11tool: Added the --curve parameter which allows to explicitly specify the curve to use. ** API and ABI modifications: gnutls_certificate_set_x509_trust_dir: Added gnutls_x509_trust_list_add_trust_dir: Added * Version 3.3.5 (released 2014-06-26) ** libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit(). These functions provide a variant of gnutls_record_recv() that avoids the final memcpy of data. ** libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a faster variant of gnutls_x509_crl_get_crt_serial() when coping with very large structures. ** libgnutls: When the decoding of a printable DN element fails, then treat it as unknown and print its hex value rather than failing. That works around an issue in a TURKTRST root certificate which improperly encodes the X520countryName element. ** libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number of certificates present in a PKCS #11 token when loading it. ** libgnutls: Allow the post client hello callback to put the handshake on hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. ** certtool: option --to-p12 will now consider --load-ca-certificate ** certtol: Added option to specify the PKCS #12 friendly name on command line. ** p11tool: Allow marking a certificate copied to a token as a CA. ** API and ABI modifications: GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Added gnutls_x509_crl_iter_deinit: Added gnutls_x509_crl_iter_crt_serial: Added gnutls_record_recv_packet: Added gnutls_packet_deinit: Added gnutls_packet_get: Added * Version 3.3.4 (released 2014-05-31) ** libgnutls: Updated Andy Polyakov's assembly code. That prevents a crash on certain CPUs. ** API and ABI modifications: No changes since last version. * Version 3.3.3 (released 2014-05-30) ** libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. ** libgnutls: gnutls_global_set_mutex() was modified to operate with the new initialization process. ** libgnutls: Increased the maximum certificate size buffer in the PKCS #11 subsystem. ** libgnutls: Check the return code of getpwuid_r() instead of relying on the result value. That avoids issue in certain systems, when using tofu authentication and the home path cannot be determined. Issue reported by Viktor Dukhovni. ** libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552 ** gnutls-cli: --dane will only check the end certificate if PKIX validation has been disabled. ** gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot be emulated with the implicit initialization of gnutls. ** certtool: Allow multiple organizations and organizational unit names to be specified in a template. ** certtool: Warn when invalid configuration options are set to a template. ** ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. ** API and ABI modifications: gnutls_credentials_get: Added * Version 3.3.2 (released 2014-05-06) ** libgnutls: Added the 'very weak' certificate verification profile that corresponds to 64-bit security level. ** libgnutls: Corrected file descriptor leak on random generator initialization. ** libgnutls: Corrected file descriptor leak on PSK password file reading. Issue identified using the Codenomicon TLS test suite. ** libgnutls: Avoid deinitialization if initialization has failed. ** libgnutls: null-terminate othername alternative names. ** libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly on a PKCS #11 trust list. ** libgnutls: Several small bug fixes identified using valgrind and the Codenomicon TLS test suite. ** libgnutls-dane: Accept a certificate using DANE if there is at least one entry that matches the certificate. Patch by simon [at] arlott.org. ** libgnutls-guile: Fixed compilation issue. ** certtool: Allow exporting a CRL on DER format. ** certtool: The ECDSA keys generated by default use the SECP256R1 curve which is supported more widely than the previously used SECP224R1. ** API and ABI modifications: GNUTLS_PROFILE_VERY_WEAK: Added * Version 3.3.1 (released 2014-04-19) ** libgnutls: Enforce more strict checks to heartbeat messages concerning padding and payload. Suggested by Peter Dettman. ** libgnutls: Allow decoding PKCS #8 files with ECC parameters from openssl. ** libgnutls: Several small bug fixes found by coverity. ** libgnutls: The conditionally available self-test functions were moved to self-test.h. ** libgnutls: Fixed issue with the check of incoming data when two different recv and send pointers have been specified. Reported and investigated by JMRecio. ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. Reported by André Klitzing. ** libgnutls: Fixed client memory leak in the PSK key exchange, if a server hint was provided. ** libgnutls: Corrected the *get_*_othername_oid() functions. ** API and ABI modifications: No changes since last version. * Version 3.3.0 (released 2014-04-10) ** libgnutls: The initialization of the library was moved to a constructor. That is, gnutls_global_init() is no longer required unless linking with a static library or a system that does not support library constructors. ** libgnutls: static libraries are not built by default. ** libgnutls: PKCS #11 initialization is delayed to first usage. That avoids long delays in gnutls initialization due to broken PKCS #11 modules. ** libgnutls: The PKCS #11 subsystem is re-initialized "automatically" on the first PKCS #11 API call after a fork. ** libgnutls: certificate verification profiles were introduced that can be specified as flags to verification functions. They are enumerations in gnutls_certificate_verification_profiles_t and can be converted to flags for use in a verification function using GNUTLS_PROFILE_TO_VFLAGS(). ** libgnutls: Added the ability to read system-specific initial keywords, if they are prefixed with '@'. That allows a compile-time specified configuration file to be used to read pre-configured priority strings from. That can be used to impose system specific policies. ** libgnutls: Increased the default security level of priority strings (NORMAL and PFS strings require at minimum a 1008 DH prime), and set a verification profile by default. The LEGACY keyword is introduced to set the old defaults. ** libgnutls: Added support for the name constraints PKIX extension. Currently only DNS names and e-mails are supported (no URIs, IPs or DNs). ** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. ** libgnutls: Added new API in x509-ext.h to handle X.509 extensions. This API handles the X.509 extensions in isolation, allowing to parse similarly formatted extensions stored in other structures. ** libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS can be used to specify a particular subgroup as the number of bits in gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256). ** libgnutls: DH parameter generation is now delegated to nettle. That unfortunately has the side-effect that DH parameters longer than 3072 bits, cannot be generated (not without a nettle update). ** libgnutls: Separated nonce RNG from the main RNG. The nonce random number generator is based on salsa20/12. ** libgnutls: The buffer alignment provided to crypto backend is enforced to be 16-byte aligned, when compiled with cryptodev support. That allows certain cryptodev drivers to operate more efficiently. ** libgnutls: Return error when a public/private key pair that doesn't match is set into a credentials structure. ** libgnutls: Depend on p11-kit 0.20.0 or later. ** libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has been removed. It was not approved by IETF. ** libgnutls: The experimental xssl library is removed from the gnutls distribution. ** libgnutls: Reduced the number of gnulib modules used in the main library. ** libgnutls: Added priority string %DISABLE_WILDCARDS. ** libgnutls: Added the more extensible verification function gnutls_certificate_verify_peers(), that allows checking, in addition to a peer's DNS hostname, for the key purpose of the end certificate (via PKIX extended key usage). ** certtool: Timestamps for serial numbers were increased to 8 bytes, and in batch mode to 12 (appended with 4 random bytes). ** certtool: When no CRL number is provided (or value set to -1), then a time-based number will be used, similarly to the serial generation number in certificates. ** certtool: Print the SHA256 fingerprint of a certificate in addition to SHA1. ** libgnutls: Added --enable-fips140-mode configuration option (unsupported). That option enables (when running on FIPS140-enabled system): o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. o Self-tests on initialization on ciphers/MACs, public key algorithms and the random generator. o HMAC-SHA256 verification of the library on load. o MD5 is included for TLS purposes but cannot be used by the high level hashing functions. o All ciphers except AES are disabled. o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5). o All keys (temporal and long term) are zeroized after use. o Security levels are adjusted to the FIPS140-2 recommendations (rather than ECRYPT). ** API and ABI modifications: GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS: Added gnutls_certificate_verify_peers: Added gnutls_privkey_generate: Added gnutls_pkcs11_crt_is_known: Added gnutls_fips140_mode_enabled: Added gnutls_sec_param_to_symmetric_bits: Added gnutls_pubkey_export_ecc_x962: Added (replaces gnutls_pubkey_get_pk_ecc_x962) gnutls_pubkey_export_ecc_raw: Added (replaces gnutls_pubkey_get_pk_ecc_raw) gnutls_pubkey_export_dsa_raw: Added (replaces gnutls_pubkey_get_pk_dsa_raw) gnutls_pubkey_export_rsa_raw: Added (replaces gnutls_pubkey_get_pk_rsa_raw) gnutls_pubkey_verify_params: Added gnutls_privkey_export_ecc_raw: Added gnutls_privkey_export_dsa_raw: Added gnutls_privkey_export_rsa_raw: Added gnutls_privkey_import_ecc_raw: Added gnutls_privkey_import_dsa_raw: Added gnutls_privkey_import_rsa_raw: Added gnutls_privkey_verify_params: Added gnutls_x509_crt_check_hostname2: Added gnutls_openpgp_crt_check_hostname2: Added gnutls_x509_name_constraints_init: Added gnutls_x509_name_constraints_deinit: Added gnutls_x509_crt_get_name_constraints: Added gnutls_x509_name_constraints_add_permitted: Added gnutls_x509_name_constraints_add_excluded: Added gnutls_x509_crt_set_name_constraints: Added gnutls_x509_name_constraints_get_permitted: Added gnutls_x509_name_constraints_get_excluded: Added gnutls_x509_name_constraints_check: Added gnutls_x509_name_constraints_check_crt: Added gnutls_x509_crl_get_extension_data2: Added gnutls_x509_crt_get_extension_data2: Added gnutls_x509_crq_get_extension_data2: Added gnutls_subject_alt_names_init: Added gnutls_subject_alt_names_deinit: Added gnutls_subject_alt_names_get: Added gnutls_subject_alt_names_set: Added gnutls_x509_ext_import_subject_alt_names: Added gnutls_x509_ext_export_subject_alt_names: Added gnutls_x509_crl_dist_points_init: Added gnutls_x509_crl_dist_points_deinit: Added gnutls_x509_crl_dist_points_get: Added gnutls_x509_crl_dist_points_set: Added gnutls_x509_ext_import_crl_dist_points: Added gnutls_x509_ext_export_crl_dist_points: Added gnutls_x509_ext_import_name_constraints: Added gnutls_x509_ext_export_name_constraints: Added gnutls_x509_aia_init: Added gnutls_x509_aia_deinit: Added gnutls_x509_aia_get: Added gnutls_x509_aia_set: Added gnutls_x509_ext_import_aia: Added gnutls_x509_ext_export_aia: Added gnutls_x509_ext_import_subject_key_id: Added gnutls_x509_ext_export_subject_key_id: Added gnutls_x509_ext_export_authority_key_id: Added gnutls_x509_ext_import_authority_key_id: Added gnutls_x509_aki_init: Added gnutls_x509_aki_get_id: Added gnutls_x509_aki_get_cert_issuer: Added gnutls_x509_aki_set_id: Added gnutls_x509_aki_set_cert_issuer: Added gnutls_x509_aki_deinit: Added gnutls_x509_ext_import_private_key_usage_period: Added gnutls_x509_ext_export_private_key_usage_period: Added gnutls_x509_ext_import_basic_constraints: Added gnutls_x509_ext_export_basic_constraints: Added gnutls_x509_ext_import_key_usage: Added gnutls_x509_ext_export_key_usage: Added gnutls_x509_ext_import_proxy: Added gnutls_x509_ext_export_proxy: Added gnutls_x509_policies_init: Added gnutls_x509_policies_deinit: Added gnutls_x509_policies_get: Added gnutls_x509_policies_set: Added gnutls_x509_ext_import_policies: Added gnutls_x509_ext_export_policies: Added gnutls_x509_key_purpose_init: Added gnutls_x509_key_purpose_deinit: Added gnutls_x509_key_purpose_set: Added gnutls_x509_key_purpose_get: Added gnutls_x509_ext_import_key_purposes: Added gnutls_x509_ext_export_key_purposes: Added gnutls_digest_self_test: Added (conditionally) gnutls_mac_self_test: Added (conditionally) gnutls_pk_self_test: Added (conditionally) gnutls_cipher_self_test: Added (conditionally) gnutls_global_set_mem_functions: Deprecated
jperkin
pushed a commit
that referenced
this issue
Aug 24, 2015
ok wiz@. pkgsrc changes: * Delete a patch that is now imported upstream * Add test target support Changes: 2014-05-30: v1.0.19 * Add support for USB bulk streams on Linux and Mac OS X (#11) * Windows: Add AMD and Intel USB-3.0 root hub support * Windows: Fix USB 3.0 speed detection on Windows 8 or later (#10) * Added Russian translation for libusb_strerror strings * All: Various small fixes and cleanups The (#xx) numbers are libusb issue numbers, see ie: libusb/libusb#11 2014-01-25: v1.0.18 * Fix multiple memory leaks * Fix a crash when HID transfers return no data on Windows * Ensure all pending events are consumed * Improve Android and ucLinux support * Multiple Windows improvements (error logging, VS2013, VIA xHCI support) * Multiple OS X improvements (broken compilation, SIGFPE, 64bit support) 2013-09-06: v1.0.17 * Hotplug callbacks now always get passed a libusb_context, even if it is the default context. Previously NULL would be passed for the default context, but since the first context created is the default context, and most apps use only 1 context, this meant that apps explicitly creating a context would still get passed NULL * Android: Add .mk files to build with the Android NDK * Darwin: Add Xcode project * Darwin: Fix crash on unplug (#121) * Linux: Fix hang (deadlock) on libusb_exit * Linux: Fix libusb build failure with --disable-udev (#124) * Linux: Fix libusb_get_device_list() hang with --disable-udev (#130) * OpenBSD: Update OpenBSD backend with support for control transfers to non-ugen(4) devices and make get_configuration() no longer generate I/O. Note that using this libusb version on OpenBSD requires using OpenBSD 5.3-current or later. Users of older OpenBSD versions are advised to stay with the libusb shipped with OpenBSD (mpi) * Windows: fix libusb_dll_2010.vcxproj link errors (#129) * Various other bug fixes and improvements 2013-07-11: v1.0.16 * Add hotplug support for Darwin and Linux (#9) * Add superspeed endpoint companion descriptor support (#15) * Add BOS descriptor support (#15) * Make descriptor parsing code more robust * New libusb_get_port_numbers API, this is libusb_get_port_path without the unnecessary context parameter, libusb_get_port_path is now deprecated * New libusb_strerror API (#14) * New libusb_set_auto_detach_kernel_driver API (#17) * Improve topology API docs (#95) * Logging now use a single write call per log-message, avoiding log-message "interlacing" when using multiple threads. * Android: use Android logging when building on Android (#101) * Darwin: make libusb_reset reenumerate device on descriptors change (#89) * Darwin: add support for the LIBUSB_TRANSFER_ADD_ZERO_PACKET flag (#91) * Darwin: add a device cache (#112, #114) * Examples: Add sam3u_benchmark isochronous example by Harald Welte (#109) * Many other bug fixes and improvements The (#xx) numbers are libusbx issue numbers, see ie: https://github.com/libusbx/libusbx/issues/9 2013-04-15: v1.0.15 * Improve transfer cancellation and avoid short read failures on broken descriptors * Filter out 8-bit characters in libusb_get_string_descriptor_ascii() * Add WinCE support * Add library stress tests * Add Cypress FX3 firmware upload support for fxload sample * Add HID and kernel driver detach support capabilities detection * Add SuperSpeed detection on OS X * Fix bInterval value interpretation on OS X * Fix issues with autoclaim, composite HID devices, interface autoclaim and early abort in libusb_close() on Windows. Also add VS2012 solution files. * Improve fd event handling on Linux * Other bug fixes and improvements 2012-09-26: v1.0.14 * Reverts the previous API change with regards to bMaxPower. If this doesn't matter to you, you are encouraged to keep using v1.0.13, as it will use the same attribute as v2.0, to be released soon. * Note that LIBUSB_API_VERSION is *decreased* to 0x010000FF and the previous guidelines with regards to concurrent use of MaxPower/bMaxPower still apply. 2012-09-20: v1.0.13 * [MAJOR] Fix a typo in the API with struct libusb_config_descriptor where MaxPower was used instead of bMaxPower, as defined in the specs. If your application was accessing the MaxPower attribute, and you need to maintain compatibility with libusb or older versions, see APPENDIX A below. * Fix broken support for the 0.1 -> 1.0 libusb-compat layer * Fix unwanted cancellation of pending timeouts as well as major timeout related bugs * Fix handling of HID and composite devices on Windows * Introduce LIBUSB_API_VERSION macro * Add Cypress FX/FX2 firmware upload sample, based on fxload from http://linux-hotplug.sourceforge.net * Add libusb0 (libusb-win32) and libusbK driver support on Windows. Note that while the drivers allow it, isochronous transfers are not supported yet in libusb. Also not supported yet is the use of libusb-win32 filter drivers on composite interfaces * Add support for the new get_capabilities ioctl on Linux and avoid unnecessary splitting of bulk transfers * Improve support for newer Intel and Renesas USB 3.0 controllers on Windows * Harmonize the device number for root hubs across platforms * Other bug fixes and improvements 2012-06-15: v1.0.12 * Fix a potential major regression with pthread on Linux * Fix missing thread ID from debug log output on cygwin * Fix possible crash when using longjmp and MinGW's gcc 4.6 * Add topology calls: libusb_get_port_number(), libusb_get_parent() & libusb_get_port_path() * Add toggleable debug, using libusb_set_debug() or the LIBUSB_DEBUG environment variable * Define log levels in libusb.h and set timestamp origin to first libusb_init() call * All logging is now sent to to stderr (info was sent to stdout previously) * Update log messages severity and avoid polluting log output on OS-X * Add HID driver support on Windows * Enable interchangeability of MSVC and MinGW DLLs * Additional bug fixes and improvements 2012-05-08: v1.0.11 * Revert removal of critical Windows event handling that was introduced in 1.0.10 * Fix a possible deadlock in Windows when submitting transfers * Add timestamped logging * Add NetBSD support (experimental) and BSD libusb_get_device_speed() data * Add bootstrap.sh alongside autogen.sh (bootstrap.sh doesn't invoke configure) * Search for device nodes in /dev for Android support * Other bug fixes 2012-04-17: v1.0.10 * Public release * Add libusb_get_version * Add Visual Studio 2010 project files * Some Windows code cleanup * Fix xusb sample warnings ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ APPENDIX A - How to maintain code compatibility with versions of libusb and libusb that use MaxPower: If you must to maintain compatibility with versions of the library that aren't using the bMaxPower attribute in struct libusb_config_descriptor, the recommended way is to use the new LIBUSB_API_VERSION macro with an #ifdef. For instance, if your code was written as follows: if (dev->config[0].MaxPower < 250) Then you should modify it to have: #if defined(LIBUSB_API_VERSION) && (LIBUSB_API_VERSION >= 0x01000100) if (dev->config[0].bMaxPower < 250) #else if (dev->config[0].MaxPower < 250) #endif
jperkin
pushed a commit
that referenced
this issue
Sep 1, 2015
1.2.1: * Add travis configuration (Christian Weiske). * Try to autoload Console_Color2 first (Jurgen Rutten, PR #11). * Fix Composer definition syntax (Rob Loach, PR #9). 1.2.0: * Make border visibility configurable (Christian Weiske, Request #20186). * Allow to customize all border characters (Christian Weiske, Request #20182). * Fix notice when using setAlign() on other than first column (Christian Weiske, Bug #20181). * Use Console_Color2 to avoid notices from PHP 4 code (Christian Weiske, Bug #20188) 1.1.6: Use line breaks dependent on the current operating system.
jperkin
pushed a commit
that referenced
this issue
Sep 7, 2015
-------------------------------
1.20150527 2015-05-27 08:33:52-07:00 America/Los_Angeles
- improved dependencies (build/run/requires), (Olivier Mengue, GH PR #10)
- improved runtime loading (Olivier Mengue, GH PR #11)
1.20150521 2015-05-21 09:09:19-07:00 America/Los_Angeles
- updated CGI dependency
- improved README for GitHub (Rob Van Dam, GH PR #9)
jperkin
pushed a commit
that referenced
this issue
Sep 18, 2015
## 1.3.4 / 2015-08-28 * Catch `TimeoutError` to further support 1.9.3 (#16) ## 1.3.3 / 2015-08-20 * Fix gemspec to allow Ruby 1.9.3 (relates to #14) ## 1.3.2 / 2016-08-19 * Re-add support for Ruby 1.9.3. Fixes #11 for 1.9.3 (#14) * Replaced `OpenURI` with `Net::HTTP` and introduced timeout of 3 seconds (#11) ## 1.3.1 / 2015-08-16 (yanked) * Replaced `OpenURI` with `Net::HTTP` and introduced timeout of 3 seconds (#11) ## 1.3.0 / 2015-08-05 * Added an `noscript` fallback for browsers without JavaScript enabled. (#7)
jperkin
pushed a commit
that referenced
this issue
Jan 9, 2016
Version 1.2.2 - 8-Aug-2014 -------------------------- * Fix an error with duplicates being returned by Timezone#all_country_zones and Timezone#all_country_zone_identifiers when used with tzinfo-data v1.2014.6 or later. * Use the zone1970.tab file for country timezone data if it is found in the zoneinfo directory (and fallback to zone.tab if not). zone1970.tab was added in tzdata 2014f. zone.tab is now deprecated. Version 1.2.1 - 1-Jun-2014 -------------------------- * Support zoneinfo files generated with zic version 2014c and later. * On platforms that only support positive 32-bit timestamps, ensure that conversions are accurate from the epoch instead of just from the first transition after the epoch. * Minor documentation improvements. Version 1.2.0 - 26-May-2014 --------------------------- * Raise the minimum supported Ruby version to 1.8.7. * Support loading system zoneinfo data on FreeBSD, OpenBSD and Solaris. Resolves #15. * Add canonical_identifier and canonical_zone methods to Timezone. Resolves #16. * Add a link to a DataSourceNotFound help page in the TZInfo::DataSourceNotFound exception message. * Load iso3166.tab and zone.tab files as UTF-8. * Fix Timezone#local_to_utc returning local Time instances on systems using UTC as the local time zone. Resolves #13. * Fix == methods raising an exception when passed an instance of a different class by making <=> return nil if passed a non-comparable argument. * Eliminate "require 'rational'" warnings. Resolves #10. * Eliminate "assigned but unused variable - info" warnings. Resolves #11. * Switch to minitest v5 for unit tests. Resolves #18. Version 1.1.0 - 25-Sep-2013 --------------------------- * TZInfo is now thread safe. ThreadSafe::Cache is now used instead of Hash to cache Timezone and Country instances returned by Timezone.get and Country.get. The tzinfo gem now depends on thread_safe ~> 0.1. * Added a transitions_up_to method to Timezone that returns a list of the times where the UTC offset of the timezone changes. * Added an offsets_up_to method to Timezone that returns the set of offsets that have been observed in a defined timezone. * Fixed a "can't modify frozen String" error when loading a Timezone from a zoneinfo file using an identifier String that is both tainted and frozen. Resolves #3. * Support TZif3 format zoneinfo files (now produced by zic from tzcode version 2013e onwards). * Support using YARD to generate documentation (added a .yardopts file). * Ignore the +VERSION file included in the zoneinfo directory on Mac OS X. * Added a note to the documentation concerning 32-bit zoneinfo files (as included with Mac OS X). Version 1.0.1 - 22-Jun-2013 --------------------------- * Fix a test case failure when tests are run from a directory that contains a dot in the path (issue #29751). Version 1.0.0 - 2-Jun-2013 -------------------------- * Allow TZInfo to be used with different data sources instead of just the built-in Ruby module data files. * Include a data source that allows TZInfo to load data from the binary zoneinfo files produced by zic and included with many Linux and Unix-like distributions. * Remove the definition and index Ruby modules from TZInfo and move them into a separate TZInfo::Data library (available as the tzinfo-data gem). * Default to using the TZInfo::Data library as the data source if it is installed, otherwise use zoneinfo files instead. * Preserve the nanoseconds of local timezone Time objects when performing conversions (issue #29705). * Don't add the tzinfo lib directory to the search path when requiring 'tzinfo'. The tzinfo lib directory must now be in the search path before 'tzinfo' is required. * Add utc_start_time, utc_end_time, local_start_time and local_end_time instance methods to TimezonePeriod. These return an identical value as the existing utc_start, utc_end, local_start and local_end methods, but return Time instances instead of DateTime. * Make the start_transition, end_transition and offset properties of TimezonePeriod protected. To access properties of the period, callers should use other TimezonePeriod instance methods instead (issue #7655).
jperkin
pushed a commit
that referenced
this issue
Feb 11, 2016
--------------
0.17 2016-02-03T18:35:33Z
- Added URI::_ado, which subclasses URI::_odbc to provide a `dbi_dsn()`
that returns a DSN using DBD::ADO. NOTE: This class is experimental,
since I was unable to figure out the best default values for the
connection string -- there are so many options! Feedback and
recommendations wanted (Issue #11).
- The `dbi_dsn` method of URI::mssql now supports a single argument to
specify the DBI driver for which to return a DSN. Pass in "sybase" or
"ado" (experimental) to get a DSN for either of those drivers,
instead. Based on work by Dan Muey.
jperkin
pushed a commit
that referenced
this issue
Feb 11, 2016
-------------------
1.50 2016-02-11
- Switched to a production version.
1.49_08 2016-01-30
- no significant code changes
- Resolved RT#111558: Virtual table tests depend on enhanced
query syntax availability (vlmarek++)
- Ingore FTS tests if FTS is not available
1.49_07 2016-01-21
- Updated to SQLite 3.10.2, which fixed a case-folding bug
in the LIKE operator introduced in SQLite 3.10.0.
1.49_06 2016-01-15
- Updated to SQLite 3.10.1, which fixed an old bug that could
generate incorrect results when a scalar subquery attempts
to use the block sorting optimization.
1.49_05 2016-01-11
*** CHANGES THAT MAY POSSIBLY BREAK YOUR OLD APPLICATIONS ***
- Updated to SQLite 3.10.0.
Because of the addition of LIKE/GLOB/REGEXP support on
virtual tables, previous ::PerlData virtual table got broken.
This is hopefully fixed by adding strlike/strglob functions
to DBD::SQLite but if you use this virtual table, please
test it carefully.
- Now you can make a database connection read-only if you
turn on the ReadOnly attribute when you connect. (RT #110439)
If you set it after you connect to a database, DBD::SQLite
warns because the database doesn't actually become read-only.
- Improved ::Constants
- to load DBD::SQLite by itself
- to expose SQLITE_VERSION_NUMBER
- introduced a few new (shorter) tags
1.49_04 2015-11-24
- Updated ::Constants
- Fixed a sqlite version number in a test (GH-14; NANIS++)
1.49_03 2015-11-05
- Updated to SQLite 3.9.2, with JSON support
1.49_02 2015-10-10
- Added a workaround to resolve #106950 Extra warnings
with savepoints (hopefully)
- Not to run tests for table_column_metadata unless
ENABLE_COLUMN_METADATA is set
1.49_01 2015-08-04
- Updated to SQLite 3.8.11.1
- Resolved #106151 SAVEPOINT bug
- Made sure to keep what's left in unprepared_statements when
allow_multiple_statements is set. (GH #11)
jperkin
pushed a commit
that referenced
this issue
Mar 1, 2016
=========================== Bugfixes: --------- - DNSSEC: Allow import of duplicate private key into the KASP - DNSSEC: Avoid duplicate NSEC for Wildcard No Data answer - Fix server crash when an incomming transfer is in progress and reload is issued - Fix socket polling when configured with many interfaces and threads - Fix compilation against Nettle 3.2 Improvements: ------------- - Select correct source address for UDP messages recieved on ANY address - Extend documentation of knotc commands Knot DNS 2.1.0 (2016-01-14) =========================== Features: --------- - Per-thread UDP socket binding using SO_REUSEPORT on Linux - Support for dynamic configuration database - DNSSEC: Support for cryptographic tokens via PKCS #11 interface - DNSSEC: Experimental support for online signing Improvements: ------------- - Support for zone file name patterns - Configurable location of zone timer database - Non-blocking network operations and better timeout handling - Caching of Critical configuration values for better performance - Logging of ACL failures - RRL: Add rate-limit-slip zero support to drop all responses - RRL: Document behavior for different rate-limit-slip options - kdig: Warning instead of error on TSIG validation failure - Cleanup of support libraries interfaces (libknot, libzscanner, libdnssec) - Remove possibly insecure server control over a network socket - Remove implementation limit for the number of network interfaces Bugfixes: --------- - synth-record module: Fix application of default configuration options - TSIG: Allow compressed TSIG name when forwarding DDNS updates - Schedule zone bootstrap after slave zone fails to load from disk
jperkin
pushed a commit
that referenced
this issue
Mar 3, 2016
1.24 2016-02-29 - The last release partially broke $dt->time. If you passed a value to use as unit separator, this was ignored. Reported by Sergiy Zuban. RT #112585. 1.23 2016-02-28 - Make all DateTime::Infinite objects return the system's representation of positive or negative infinity for any method which returns a number of string representation (year(), month(), ymd(), iso8601(), etc.). Previously some of these methods could return "Nan", "-Inf--Inf--Inf", and other confusing outputs. Reported by Greg Oschwald. RT #110341. 1.22 2016-02-21 (TRIAL RELEASE) - Fixed several issues with the handling of non-integer values passed to from_epoch(). This method was simply broken for negative values, which would end up being incremented by a full second, so for example -0.5 became 0.5. The method did not accept all valid float values. Specifically, it did not accept values in scientific notation. Finally, this method now rounds all non-integer values to the nearest millisecond. This matches the precision we can expect from Perl itself (53 bits) in most cases. Patch by Christian Hansen. GitHub #11. 1.21 2015-09-30 - Make all tests pass with both the current DateTime::Locale and the upcoming new version (currently still in trial releases).
jperkin
pushed a commit
that referenced
this issue
Jun 20, 2016
=========================== Bugfixes: --------- - Fix separate logging of server and zone events - Fix concurrent zone file flushing with many zones - Fix possible server crash with empty hostname on OpenWRT - Fix control timeout parsing in knotc - Fix "Environment maxreaders limit reached" error in knotc - Don't apply journal changes on modified zone file - Remove broken LTO option from configure script - Enable multiple zone names completion in interactive knotc - Set the TC flag in a response if a glue doesn't fit the response - Disallow server reload when there is an active configuration transaction Improvements: ------------- - Distinguish unavailable zones from zones with zero serial in log messages - Log warning and error messages to standard error output in all utilities - Document tested PKCS #11 devices - Extended Python configuration interface Knot DNS 2.2.0 (2016-04-26) =========================== Bugfixes: --------- - Fix build dependencies on FreeBSD - Fix query/response message type setting in dnstap module - Fix remote address retrieval from dnstap capture in kdig - Fix global modules execution for queries hitting existing zones - Fix execution of semantic checks after an IXFR transfer - Fix PKCS#11 support detection at build time - Fix kdig failure when the first AXFR message contains just the SOA record - Exclude non-authoritative types from NSEC/NSEC3 bitmap at a delegation - Mark PKCS#11 generated keys as sensitive (required by Luna SA) - Fix error when removing the only zone from the server - Don't abort knotc transaction when some check fails Features: --------- - URI and CAA resource record types support - RRL client address based white list - knotc interactive mode Improvements: ------------- - Consistent IXFR error messages - Various fixes for better compatibility with PKCS#11 devices - Various keymgr user interface improvements - Better zone event scheduler performance with many zones - New server control interface - kdig uses local resolver if resolv.conf is empty
jperkin
pushed a commit
that referenced
this issue
Aug 30, 2016
=========================== Bugfixes: --------- - No wildcard expansion below empty non-terminal for NSEC signed zone - Avoid multiple loads of the same PKCS #11 module - Fix kdig IXFR response processing if the transfer content is empty - Don't ignore non-existing records to be removed in IXFR Improvements: ------------- - Refactored semantic checks and improved error messages - Set TC flag in delegation only if mandatory glue doesn't fit the response - Separate EDNS(0) payload size configuration for IPv4 and IPv6 Features: --------- - DNSSEC policy can be defined in server configuration - Automatic NSEC3 resalt according to DNSSEC policy - Zone content editing using control interface - Zone size limit restriction for DDNS, AXFR, and IXFR (CVE-2016-6171) - DNS-over-TLS support in kdig (RFC 7858) - EDNS(0) padding and alignment support in kdig (RFC 7830)
jperkin
pushed a commit
that referenced
this issue
Aug 30, 2016
------------------------------ --- 5.16.0 2016/04/29 Allow multi-byte indicators for MARC subsystem. GitHub #11. --- 5.15.3 2016/04/06 Fix yaz_query2xml aborts for attribute type 0. GitHub #9. backtrace: exit with same signal as original fired Until now with backtrace any signal would end up being an SIGABRT. backtrace: cancel alarm if backtrace succeeds This is to avoid "backtrace hangs" message that should not be printed and gdb be invoked twice. Fix some broken URLs in documentation and code. yaz_marc_write_iso2709: truncate if 99,999 limit is reached. --- 5.15.2 2016/01/11 Re-organize Windows build. Use ICU compiled with VS 2015 to use same runtime as rest of components (YAZ, Libxml2, etc). Move YAZ and many other software components to GitHub. --- 5.15.1 2015/11/12 Bundle sha1 rather than use libgcrypt/nettle. This means that configure no longer accepts --with-gcrypt and --with-nettle. Fix rpn2cql fails for Bib-1 set in qry+conf YAZ-865 --- 5.15.0 2015/11/11 CCL: fix r=o, r=r WRT inherited attributes YAZ-864 (more 1400 lines are listed in NEWS, omitted) (pkgsrc changes) - Add following line to find backtrace and backtrace_symbols # backtrace and backtrace_symbols LDFLAGS+= -lexecinfo
jperkin
pushed a commit
that referenced
this issue
Sep 20, 2016
* Version 3.5.4 (released 2016-09-08) ** libgnutls: Corrected the comparison of the serial size in OCSP response. Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't (GNUTLS-SA-2016-3). Reported by Stefan Buehler. ** libgnutls: Added support for IP name constraints. Patch by Martin Ukrop. ** libgnutls: Added support of PKCS#8 file decryption using DES-CBC-MD5. This is added to allow decryption of PKCS #8 private keys from openssl prior to 1.1.0. ** libgnutls: Added support for decrypting PKCS#8 files which use HMAC-SHA256 as PRF. This allow decrypting PKCS #8 private keys generated with openssl 1.1.0. ** libgnutls: Added support for internationalized passwords in PKCS#12 files. Previous versions would only encrypt or decrypt using passwords from the ASCII set. ** libgnutls: Addressed issue with PKCS#11 signature generation on ECDSA keys. The signature is now written as unsigned integers into the DSASignatureValue structure. Previously signed integers could be written depending on what the underlying module would produce. Addresses #122. ** gnutls-cli: Fixed starttls regression from 3.5.3. ** API and ABI modifications: GNUTLS_E_MALFORMED_CIDR: Added gnutls_x509_cidr_to_rfc5280: Added gnutls_oid_to_mac: Added * Version 3.5.3 (released 2016-08-09) ** libgnutls: Added support for TCP fast open (RFC7413), allowing to reduce by one round-trip the handshake process. Based on proposal and patch by Tim Ruehsen. ** libgnutls: Adopted a simpler with less memory requirements DTLS sliding window implementation. Based on Fridolin Pokorny's implementation for AF_KTLS. ** libgnutls: Use getrandom where available via the syscall interface. This works around an issue of not-using getrandom even if it exists since glibc doesn't declare such function. ** libgnutls: Fixed DNS name constraints checking in the case of empty intersection of domain names in the chain. Report and fix by Martin Ukrop. ** libgnutls: Fixed name constraints checking in the case of chains where the higher level certificates contained different types of constraints than the ones present in the lower intermediate CAs. Report and fix by Martin Ukrop. ** libgnutls: Dropped support for the EGD random generator. ** libgnutls: Allow the decoding of raw elements (starting with #) in RFC4514 DN string decoding. ** libgnutls: Fixes in gnutls_x509_crt_list_import2, which was ignoring flags if all certificates in the list fit within the initially allocated memory. Patch by Tim Kosse. ** libgnutls: Corrected issue which made gnutls_certificate_get_x509_crt() to return invalid pointers when returned more than a single certificate. Report and fix by Stefan Sørensen. ** libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the complete chain, even when the extra_certs was non-null. Report and fix by Stefan Sørensen. ** certtool: Added the "add_extension" and "add_critical_extension" template options. This allows specifying arbitrary extensions into certificates and certificate requests. ** gnutls-cli: Added the --fastopen option. ** API and ABI modifications: GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE: Added gnutls_x509_crq_set_extension_by_oid: Added gnutls_x509_dn_set_str: Added gnutls_transport_set_fastopen: Added * Version 3.5.2 (released 2016-07-06) ** libgnutls: Address issue when utilizing the p11-kit trust store for certificate verification (GNUTLS-SA-2016-2). ** libgnutls: Fixed DTLS handshake packet reconstruction. Reported by Guillaume Roguez. ** libgnutls: Fixed issues with PKCS#11 reading of sensitive objects from SafeNet Network HSM. Reported by Anthony Alba in #108. ** libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER. Report and fix by Stanislav Židek. ** libgnutls: Added AES-GCM optimizations using the AVX and MOVBE instructions. Uses Andy Polyakov's assembly code. ** API and ABI modifications: No changes since last version. * Version 3.5.1 (released 2016-06-14) ** libgnutls: The SSL 3.0 protocol support can completely be removed using a compile time option. The configure option is --disable-ssl3-support. ** libgnutls: The SSL 2.0 client hello support can completely be removed using a compile time option. The configure option is --disable-ssl2-support. ** libgnutls: Added support for OCSP Must staple PKIX extension. That is, implemented the RFC7633 TLSFeature for OCSP status request extension. Feature implemented by Tim Kosse. ** libgnutls: More strict OCSP staple verification. That is, no longer ignore invalid or too old OCSP staples. The previous behavior was to rely on application use gnutls_ocsp_status_request_is_checked(), while the new behavior is to include OCSP verification by default and set the GNUTLS_CERT_INVALID_OCSP_STATUS verification flag on error. ** libgnutls: Treat CA certificates with the "Server Gated Cryptography" key purpose OIDs equivalent to having the GNUTLS_KP_TLS_WWW_SERVER OID. This improves interoperability with several old intermediate CA certificates carrying these legacy OIDs. ** libgnutls: Re-read the system wide priority file when needed. Patch by Daniel P. Berrange. ** libgnutls: Allow for fallback in system-specific initial keywords (prefixed with '@'). That allows to specify a keyword such as "@keyword1,KEYWORD2" which will use the first available of these two keywords. Patch by Daniel P. Berrange. ** libgnutls: The SSLKEYLOGFILE environment variable can be used to log session keys. These session keys are compatible with the NSS Key Log Format and can be used to decrypt the session for debugging using wireshark. ** API and ABI modifications: GNUTLS_CERT_INVALID_OCSP_STATUS: Added gnutls_x509_crt_set_crq_extension_by_oid: Added gnutls_x509_ext_import_tlsfeatures: Added gnutls_x509_ext_export_tlsfeatures: Added gnutls_x509_tlsfeatures_add: Added gnutls_x509_tlsfeatures_init: Added gnutls_x509_tlsfeatures_deinit: Added gnutls_x509_tlsfeatures_get: Added gnutls_x509_crt_get_tlsfeatures: Added gnutls_x509_crt_set_tlsfeatures: Added gnutls_x509_crq_get_tlsfeatures: Added gnutls_x509_crq_set_tlsfeatures: Added gnutls_ext_get_name: Added * Version 3.5.0 (released 2016-05-09) ** libgnutls: Added SHA3 based signing algorithms for DSA, RSA and ECDSA, based on http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html ** libgnutls: Added support for curve X25519 (RFC 7748, draft-ietf-tls-rfc4492bis-07). This curve is disabled by default as it is still on specification status. It can be enabled using the priority string modifier +CURVE-X25519. ** libgnutls: Added support for TLS false start (draft-ietf-tls-falsestart-01) by introducing gnutls_init() flag GNUTLS_ENABLE_FALSE_START (#73). ** libgnutls: Added new APIs to access the FIPS186-4 (Shawe-Taylor based) provable RSA and DSA parameter generation from a seed. ** libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This cipher is prioritized after AES-GCM. ** libgnutls: On a rehandshake ensure that the certificate of the peer or its username remains the same as in previous handshakes. That is to protect applications which do not check user credentials on rehandshakes. The threat to address depends on the application protocol. Primarily it protects against applications which authenticate the peer initially and perform accounting using the session's information, from being misled by a rehandshake which switches the peer's identity. Applications can disable this protection by using the %GNUTLS_ALLOW_ID_CHANGE flag in gnutls_init(). ** libgnutls: Be strict in TLS extension decoding. That is, do not tolerate parsing errors in the extensions field and treat it as a typical Hello message structure. Reported by Hubert Kario (#40). ** libgnutls: Old and unsupported version numbers in client hellos are rejected with a "protocol_version" alert message. Reported by Hubert Kario (#42). ** libgnutls: Lifted the limitation of calling the gnutls_session_get_data*() functions, only on non-resumed sessions. This brings the API in par with its usage (#79). ** libgnutls: Follow RFC5280 strictly in name constraints computation. The permitted subtrees is intersected with any previous values. Report and patch by Daiki Ueno. ** libgnutls: Enforce the RFC 7627 (extended master secret) requirements on session resumption. Reported by Hubert Kario (#69). ** libgnutls: Consider the max-record TLS extension even when under DTLS. Reported by Peter Dettman (#61). ** libgnutls: Replaced writev() system call with sendmsg(). ** libgnutls: Replaced select() system call with poll() on POSIX systems. ** libgnutls: Preload the system priority file on library load. This allows applications that chroot() to also use the system priorities. ** libgnutls: Applications are allowed to override the built-in key and certificate URLs. ** libgnutls: The gnutls.h header marks constant and pure functions explictly. ** certtool: Added the ability to sign certificates using SHA3. ** certtool: Added the --provable and --verify-allow-broken options. ** gnutls-cli: The --dane option will cause verification failure if gnutls is not compiled with DANE support. ** crywrap: The tool was unbundled from gnutls' distribution. It can be found at https://github.com/nmav/crywrap ** guile: .go files are now built and installed ** guile: Fix compatibility issue of the test suite with Guile 2.1 ** guile: When --with-guile-site-dir is passed, modules are installed in a versioned directory, typically $(datadir)/guile/site/2.0 ** guile: Tests no longer leave zombie processes behind ** API and ABI modifications: GNUTLS_FORCE_CLIENT_CERT: Added GNUTLS_ENABLE_FALSE_START: Added GNUTLS_INDEFINITE_TIMEOUT: Added GNUTLS_ALPN_SERVER_PRECEDENCE: Added GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING: Added GNUTLS_E_HANDSHAKE_DURING_FALSE_START: Added gnutls_check_version_numeric: Added gnutls_x509_crt_equals: Added gnutls_x509_crt_equals2: Added gnutls_x509_crt_set_subject_alt_othername: Added gnutls_x509_crt_set_issuer_alt_othername: Added gnutls_x509_crt_get_signature_oid: Added gnutls_x509_crt_get_pk_oid: Added gnutls_x509_crq_set_subject_alt_othername: Added gnutls_x509_crq_get_pk_oid: Added gnutls_x509_crq_get_signature_oid: Added gnutls_x509_crl_get_signature_oid: Added gnutls_x509_privkey_generate2: Added gnutls_x509_privkey_get_seed: Added gnutls_x509_privkey_verify_seed: Added gnutls_privkey_generate2: Added gnutls_privkey_get_seed: Added gnutls_privkey_verify_seed: Added gnutls_decode_ber_digest_info: Added gnutls_encode_ber_digest_info: Added gnutls_dh_params_import_dsa: Added gnutls_session_get_master_secret: Added * Version 3.4.3 (released 2015-07-12) ** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for dates prior to 2050. ** libgnutls: Force 16-byte alignment to all input to ciphers (previously it was done only when cryptodev was enabled). ** libgnutls: Removed support for pthread_atfork() as it has undefined semantics when used with dlopen(), and may lead to a crash. ** libgnutls: corrected failure when importing plain files with gnutls_x509_privkey_import2(), and a password was provided. ** libgnutls: Don't reject certificates if a CA has the URI or IP address name constraints, and the end certificate doesn't have an IP address name or a URI set. ** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites. ** p11tool: Added --list-token-urls option, and print the token module name in list-tokens. ** API and ABI modifications: gnutls_ecc_curve_get_oid: Added gnutls_digest_get_oid: Added gnutls_pk_get_oid: Added gnutls_sign_get_oid: Added gnutls_ecc_curve_get_id: Added gnutls_oid_to_digest: Added gnutls_oid_to_pk: Added gnutls_oid_to_sign: Added gnutls_oid_to_ecc_curve: Added gnutls_pkcs7_get_signature_count: Added * Version 3.4.2 (released 2015-06-16) ** libgnutls: DTLS blocking API is more robust against infinite blocking, and will notify of more possible timeouts. ** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported by Manuel Pegourie-Gonnard. ** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That allows to disable SIGPIPE for writes done within gnutls. ** libgnutls: Enhanced the PKCS #7 API to allow signing and verification of structures. API moved to gnutls/pkcs7.h header. ** certtool: Added options to generate PKCS #7 bundles and signed structures. ** API and ABI modifications: gnutls_x509_dn_get_str: Added gnutls_pkcs11_get_raw_issuer_by_subject_key_id: Added gnutls_x509_trust_list_get_issuer_by_subject_key_id: Added gnutls_x509_crt_verify_data2: Added gnutls_pkcs7_get_crt_raw2: Added gnutls_pkcs7_signature_info_deinit: Added gnutls_pkcs7_get_signature_info: Added gnutls_pkcs7_verify_direct: Added gnutls_pkcs7_verify: Added gnutls_pkcs7_get_crl_raw2: Added gnutls_pkcs7_sign: Added gnutls_pkcs7_attrs_deinit: Added gnutls_pkcs7_add_attr: Added gnutls_pkcs7_get_attr: Added gnutls_pkcs7_print: Added * Version 3.4.1 (released 2015-05-03) ** libgnutls: gnutls_certificate_get_ours: will return the certificate even if a callback was used to send it. ** libgnutls: Check for invalid length in the X.509 version field. Without the check certificates with invalid length would be detected as having an arbitrary version. Reported by Hanno Böck. ** libgnutls: Handle DNS name constraints with a leading dot. Patch by Fotis Loukos. ** libgnutls: Updated system-keys support for windows to compile in more versions of mingw. Patch by Tim Kosse. ** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. ** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout by default. That caused issues with non-blocking programs. ** certtool: It can generate SHA256 key IDs. ** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos. ** configure: re-enabled the --enable-local-libopts flag ** API and ABI modifications: gnutls_x509_crt_get_pk_ecc_raw: Added * Version 3.4.0 (released 2015-04-08) ** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251) ciphersuites. The former are enabled by default, the latter need to be explicitly enabled, since they reduce the overall security level. ** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. That is currently provided as technology preview and is not enabled by default, since there are no assigned ciphersuite points by IETF and there is no guarrantee of compatibility between draft versions. The ciphersuite priority string to enable it is "+CHACHA20-POLY1305". ** libgnutls: Added support for encrypt-then-authenticate in CBC ciphersuites (RFC7366 -taking into account its errata text). This is enabled by default and can be disabled using the %NO_ETM priority string. ** libgnutls: Added support for the extended master secret (triple-handshake fix) following draft-ietf-tls-session-hash-02. ** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). ** libgnutls: SSL 3.0 is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+VERS-SSL3.0". ** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+ARCFOUR-128". ** libgnutls: DSA signatures and DHE-DSS are no longer included in the default priorities list. They have to be explicitly enabled, e.g., with a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The DSA ciphersuites were dropped because they had no deployment at all on the internet, to justify their inclusion. ** libgnutls: The priority string EXPORT was completely removed. The string was already defunc as support for the EXPORT ciphersuites was removed in GnuTLS 3.2.0. ** libgnutls: Added API to utilize system specific private keys in "gnutls/system-keys.h". It is currently provided as technology preview and is restricted to windows CNG keys. ** libgnutls: gnutls_x509_crt_check_hostname() and friends will use RFC6125 comparison of hostnames. That introduces a dependency on libidn. ** libgnutls: Depend on p11-kit 0.23.1 to comply with the final PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21). ** libgnutls: Depend on nettle 3.1. ** libgnutls: Use getrandom() or getentropy() when available. That avoids the complexity of file descriptor handling and issues with applications closing all open file descriptors on startup. ** libgnutls: Use pthread_atfork() to detect fork when available. ** libgnutls: If a key purpose (extended key usage) is specified for verification, it is applied into intermediate certificates. The verification result GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. ** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in combination with PKCS #11, or TPM URLs, it will utilize the provided password as PIN if required. That removes the requirement for the application to set a callback for PINs in that case. ** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding protocols only, and the VERS-ALL string is introduced to catch all possible protocols. ** libgnutls: Added helper functions to obtain information on PKCS #8 structures. ** libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED. ** libgnutls: Added functions to export and set the record state. That allows for gnutls_record_send() and recv() to be offloaded (to kernel, hardware or any other subsystem). ** libgnutls: Added the ability to register application specific URL types, which express certificates and keys using gnutls_register_custom_url(). ** libgnutls: Added API to override existing ciphers, digests and MACs, e.g., to override AES-GCM using a system-specific accelerator. That is, (crypto.h) gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(), gnutls_crypto_register_mac(), and gnutls_crypto_register_digest(). ** libgnutls: Added gnutls_ext_register() to register custom extensions. Contributed by Thierry Quemerais. ** libgnutls: Added gnutls_supplemental_register() to register custom supplemental data handshake messages. Contributed by Thierry Quemerais. ** libgnutls-openssl: it is no longer built by default. ** certtool: Added --p8-info option, which will print PKCS #8 information even if the password is not available. ** certtool: --key-info option will print PKCS #8 encryption information when available. ** certtool: Added the --key-id and --fingerprint options. ** certtool: Added the --verify-hostname, --verify-email and --verify-purpose options to be used in certificate chain verification, to simulate verification for specific hostname and key purpose (extended key usage). ** certtool: --p12-info option will print PKCS #12 MAC and cipher information when available. ** certtool: it will print the A-label (ACE) names in addition to UTF-8. ** p11tool: added options --set-id and --set-label. ** gnutls-cli: added options --priority-list and --save-cert. ** guile: Deprecated priority API has been removed. The old priority API, which had been deprecated for some time, is now gone; use 'set-session-priorities!' instead. ** guile: Remove RSA parameters and related procedures. This API had been deprecated. ** guile: Fix compilation on MinGW. Previously only the static version of the 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. ** API and ABI modifications: gnutls_record_get_state: Added gnutls_record_set_state: Added gnutls_aead_cipher_init: Added gnutls_aead_cipher_decrypt: Added gnutls_aead_cipher_encrypt: Added gnutls_aead_cipher_deinit: Added gnutls_pkcs12_generate_mac2: Added gnutls_pkcs12_mac_info: Added gnutls_pkcs12_bag_enc_info: Added gnutls_pkcs8_info: Added gnutls_pkcs_schema_get_name: Added gnutls_pkcs_schema_get_oid: Added gnutls_pcert_export_x509: Added gnutls_pcert_export_openpgp: Added gnutls_pcert_import_x509_list: Added gnutls_pkcs11_privkey_cpy: Added gnutls_x509_crq_get_signature_algorithm: Added gnutls_x509_trust_list_iter_get_ca: Added gnutls_x509_trust_list_iter_deinit: Added gnutls_x509_trust_list_get_issuer_by_dn: Added gnutls_pkcs11_get_raw_issuer_by_dn: Added gnutls_certificate_get_trust_list: Added gnutls_privkey_export_x509: Added gnutls_privkey_export_pkcs11: Added gnutls_privkey_export_openpgp: Added gnutls_privkey_import_ext3: Added gnutls_certificate_get_x509_key: Added gnutls_certificate_get_x509_crt: Added gnutls_certificate_get_openpgp_key: Added gnutls_certificate_get_openpgp_crt: Added gnutls_record_discard_queued: Added gnutls_session_ext_master_secret_status: Added gnutls_priority_string_list: Added gnutls_dh_params_import_raw2: Added gnutls_memset: Added gnutls_memcmp: Added gnutls_pkcs12_bag_set_privkey: Added gnutls_ocsp_resp_get_responder_raw_id: Added gnutls_system_key_iter_deinit: Added gnutls_system_key_iter_get_info: Added gnutls_system_key_delete: Added gnutls_system_key_add_x509: Added gnutls_system_recv_timeout: Added gnutls_register_custom_url: Added gnutls_pkcs11_obj_list_import_url3: Added gnutls_pkcs11_obj_list_import_url4: Added gnutls_pkcs11_obj_set_info: Added gnutls_crypto_register_cipher: Added gnutls_crypto_register_aead_cipher: Added gnutls_crypto_register_mac: Added gnutls_crypto_register_digest: Added gnutls_ext_register: Added gnutls_supplemental_register: Added gnutls_supplemental_recv: Added gnutls_supplemental_send: Added gnutls_openpgp_crt_check_email: Added gnutls_x509_crt_check_email: Added gnutls_handshake_set_hook_function: Modified gnutls_pkcs11_privkey_generate3: Added gnutls_pkcs11_copy_x509_crt2: Added gnutls_pkcs11_copy_x509_privkey2: Added gnutls_pkcs11_obj_list_import_url: Removed gnutls_pkcs11_obj_list_import_url2: Removed gnutls_certificate_client_set_retrieve_function: Removed gnutls_certificate_server_set_retrieve_function: Removed gnutls_certificate_set_rsa_export_params: Removed gnutls_certificate_type_set_priority: Removed gnutls_cipher_set_priority: Removed gnutls_compression_set_priority: Removed gnutls_kx_set_priority: Removed gnutls_mac_set_priority: Removed gnutls_protocol_set_priority: Removed gnutls_rsa_export_get_modulus_bits: Removed gnutls_rsa_export_get_pubkey: Removed gnutls_rsa_params_cpy: Removed gnutls_rsa_params_deinit: Removed gnutls_rsa_params_export_pkcs1: Removed gnutls_rsa_params_export_raw: Removed gnutls_rsa_params_generate2: Removed gnutls_rsa_params_import_pkcs1: Removed gnutls_rsa_params_import_raw: Removed gnutls_rsa_params_init: Removed gnutls_sign_callback_get: Removed gnutls_sign_callback_set: Removed gnutls_x509_crt_verify_data: Removed gnutls_x509_crt_verify_hash: Removed gnutls_pubkey_get_verify_algorithm: Removed gnutls_x509_crt_get_verify_algorithm: Removed gnutls_pubkey_verify_hash: Removed gnutls_pubkey_verify_data: Removed gnutls_record_set_max_empty_records: Removed guile: set-session-cipher-priority!: Removed set-session-mac-priority!: Removed set-session-compression-method-priority!: Removed set-session-kx-priority!: Removed set-session-protocol-priority!: Removed set-session-certificate-type-priority!: Removed set-session-default-priority!: Removed set-session-default-export-priority!: Removed make-rsa-parameters: Removed rsa-parameters?: Removed set-certificate-credentials-rsa-export-parameters!: Removed pkcs1-import-rsa-parameters: Removed pkcs1-export-rsa-parameters: Removed
jperkin
pushed a commit
that referenced
this issue
Feb 28, 2017
0.36 2017-02-19 - Inlined coercions would attempt to coerce for every type which matched the value given, instead of stopping after the first type. Fixed by Graham Knop (GH #11). - Inlined coercions did not include the inline environment variables needed by the type from which the coercion was being performed. Fixed by Graham Knop (GH #8). - When you use the same type repeatedly as coderef (for example, as a constraint with Moo), it will only generated its subified form once, rather than regenerating it each time it is de-referenced. - Added an API to Specio::Subs to allow you to combine type libraries and helper subs in one package for exporting. See the Specio::Exporter docs for more details.
jperkin
pushed a commit
that referenced
this issue
Apr 18, 2017
The necessary patches have been submitted upstream. This still does not build with PKGSRC_FORTIFY yet though. List of intermediate commits: * Prepare 0.15 release. * Do not use rand() within fseek(), it might break reproducibility. * Work around an issue with fseek() diversion. Closes #7. * More verbose debug messages. * Merge pull request #12 from edmcman/feature/retain_file_extension_in_copy_mode * Also include alloca.h * Retain file extension in copy mode. * Merge pull request #11 from CERTCC-Vulnerability-Analysis/feature/add_opmode_null_to_run_without_fuzzing * Add new "null" opmode which doesn't mutate the file. * Export VERBOSE=1 in Travis so that the test suite outputs debug information. * Add #pragma once directives in all our headers, for safety. * Tell Travis to try to build on OS X, too. * Add Travis build status to README. * Move Travis builds to the container-based infrastructure. * Tell Travis to bootstrap before running configure. * Add a .travis.yml configuration file for CI. * Disable the mmap regression test on OS X. * Hopefully fix OS X compilation now. Fixes #5. * Disable unnecessary weak symbol declaration. * Merge pull request #4 from x9prototype/master * Merge pull request #1 from x9prototype/x9prototype-patch-1 * Update libzzuf/lib-stream.c * zzuf: set program version to 0.14 and prepare release. * win32: using <stdint.h> instead of defining our own types. * misc: fix a few minor issues found by static code analysis. * sys: unsatisfying workaround for an issue with libasan. * win32: clean up some Windows code. * libzzuf: protect library initialisation with a mutex. * build: remove spurious binary file. * libzzuf: fix compiler warnings by adding declarations for functions that are unlikely to be exposed by system headers. * Allow debug_str to be provided a negative length count for convenience. * zzuf: fix a minor inconsistency between short and long options when compiled on a system with a useless rlimit(). * doc: group command line options by category in the man page. * stream: fix a nasty bug that completely messed up with the streambuf structure tracking. Now when the new streambuf position is exactly at the end of the previous streambuf, we only fuzz the streambuf if new data is available (i.e. when streambuf_count != 0); otherwise, it just means that we?re at the end of the file, waiting for new read orders. * debug: minor tweak to the debug string formatter. * debug: refactor a lot of buffer debug functions using a shared formatter. * test: use the -d flag in unit tests so that we can find potential errors in the debug() function calls. * misc: rename a lot of _zz_-prefixed variables. * test: add a regression test for a bug in our mmap function. * zzuf: add a -X flag for hexadecimal dumps. * debug: try to output as much debug output as possible and make debug() thread safe on Unix platforms. * stream: rename a few functions for clarity. * stream: fuzz the whole stream buffer upon opening. * stream: refactor some streambuf getter functions. * test: add a new regression test for a bug at stream EOF. * stream: rename ?s? to ?stream? for consistency. * mem: fix a buffer overflow bug in the mmap() replacement. * misc: factor several common tests into one must_fuzz_fd() function. * test: add a regression test for a bug in our mmap function. * misc: C99 refactoring; put variable declarations closer to their first use * misc: typo of the ass. * win32: some compilation fixes introduced by refactoring for Linux. * doc: update copyright and URLs. * zzuf: replace a critical section with a simple spinlock. * misc: move a lot of generic stuff to a new util/ source subdirectory. * win32: some mingw32/mingw64 warning and compilation fixes. * build: remove ChangeLog, as it?s convenient enough to have it in Git. * misc: various compilation warning fixes and copyright updates. * libzzuf: fix fseeko64 parameter type. * fork: document more code and fix a bug reported by Will Newton. * test: several fixes in the testsuite. * misc: now that Visual Studio supports it some 15 years later, switch to C99. * misc: minor fixes for compilation warnings. * win32: Windows-specific compilation fixes. * win32: add spinlock implementation for Windows. * win32: update to newer mingw compiler version. * build: remove the libcaca dependency and embed code instead. * build: refresh build system. * build: fix a few compilation warnings. * core: add a lightweight spinlock to protect the list of file descriptors. * sys: fix coding style. * fix crash on windows 32-bit and compute_patch_size * win32: add some console handling function diversions. * win32: add more explicit error messages and add support for 0xb8 opcode. * add relocate_hook to improve api hooking, fix dll name string comparison (no case sensitive), fix used after free on win32, add more hooks related to async file access * build: fix compilation by including <wchar.h> and checking for regwexec. * cosmetic: get rid of CRLF line endings. * add new hook for windows (CreateFileMapping(A|W), MapViewOfFile, ReadFileEx), re-enable option -U, start to port network on windows * port zzuf to win64 (amd64) * add regex feature for win32 * change the method of hooking, now we disassemble the beginning of the targeted function and insert a jump to the new function. * start to implement hotpatch hook on win32 port, but some API don't look to use it for some reason (e.g. kernel32!ReadFile) * win32 port starts to fuzz executable (only few functions related to file handling are implemented) * fix tmp file creation on win32, start to implement handling of win32 exception with GetExitCodeProcess * on win32, use a named pipe and IOCP to read stdout, stderr and debugfd correctly. * * win32: add debug information to the function diversion code. * linux: fix a few compilation warnings. * Fix a weird problem with lib6 versioned symbols. * osx: do not enforce flat namespace in copy mode on OS X. * Win64 support in the VS solution. * Fix wrong pointer types in the network range structures. * Fix line endings. * Get rid of the getopt reimplementation and depend on libcaca instead. * Implement ReOpenFile and fix a few Win32 compilation warnings. * Fix Win32 intermediate build directories. * Fix missing ZZUF_DEBUGFD passing and debug function availability. * Fix a bug in the %i formatting and implement %S. * Get the debug channel to work on Win32. * Treat %x arguments as unsigned in the printf reimplementation. * Fix the printf reimplementation to properly handle INT_MIN. * Disable select() on Win32. It is not supported on non-sockets. * Remove useless PARENT_FD/CHILD_FD hack. * Make it easier to dynamically allocate the debug filedescriptor later. * Filedescriptor 0 is the debug channel, not stdin! Fix that. * Proper child command line construction on Win32. There is no need to hardcode stuff for debugging purposes any longer. * Inherit stdin/stdout/stderr in the child process under Win32. * Remove useless code for Win32 diversions. * Mark diverted Win32 functions as __stdcall, it's the correct calling convention. * Divert ReadFile() and CloseHandle(). * Drop Visual Studio 2008 support and require the 2010 version. The 2010 express version is free to use and it's a lot better. * Fix compilation warnings on Win32. * Divert CreateFileW in addition to CreateFileA. * Fix the Linux build to accomodate with the new Win32 features. * CreateFile() diversion proof of concept. * Add a mechanism for Win32 diversions. * Fix a bug caused by undefined function call precedence. * Fix zzat compilation on Win32 and create a .vcxproj file for it. * Minor Win32 code simplification in sys.c. * Divert AttachConsole() and AllocConsole() for debugging purposes. * Full support for ASLR in the Win32 loader. * Refactor the DLL initialisation code to allow several diversions. * Improve the DLL injection code. Now seems to work rather well under Windows. But it needs a lot of polishing. * Do not build ASLR binaries on Windows for now. * Fix Win32 build. * Add a few comments in the code for new Win32 strategies. * Make check-zzuf-r-ratio slightly more tolerant. * New operating mode "copy". It uses temporary files instead of preloading libzzuf into the process. * Grammar. * Add a regression test for our Gentoo __fread_chk() bug. * Fix old typos in check-utils. * Add fortify versions of libc calls to zzat. * Fortify functions actually have extra arguments. Fix that. * Update TODO list. * Revert any potential overriding macro before declaring a new function. * Add support for fortified glibc functions (__fgets_chk, __read_chk, etc.). * Rename zzcat to zzat to avoid conflicts with zziplib. * Clean up ChangeLog generation. * Split check-build into check-source and check-win32. * Add an OS X build script that generates fat binaries. * Add missing svn:ignore properties. * On OS X, resident_size is actually in bytes, not pages. Fixing memory check routine.
jperkin
pushed a commit
that referenced
this issue
Jun 6, 2017
## 1.0.3 (2017-05-18) * [#16](httprb/form_data#16) Fix ruby < 2.0.0 support. [@ixti][] ## 1.0.2 (2017-05-08) * [#5](httprb/form_data#5) Allow setting Content-Type non-file parts [@abotalov] * [#6](httprb/form_data#6) Creation of file parts without filename [@abotalov] * [#11](httprb/form_data#11) Deprecate `HTTP::FormData::File#mime_type`. Use `#content_type` instead. [@ixti]
wiedi
pushed a commit
to wiedi/pkgsrc-legacy
that referenced
this issue
Jan 28, 2018
PowerDNS Authoritative Server 4.1.0 =========================================================== - Improved performance: 400% speedup in some scenarios - Crypto API: DNSSEC fully configurable via RESTful API - Improved documentation - Database related improvements - Enhanced tooling - Support for TCP Fast Open - Support for non-local bind - Support for Botan 2.x (and removal of support for Botan 1.10) - Our packages now ship with PKCS TritonDataCenter#11 support. - Recursor passthrough removal Full changelog: https://doc.powerdns.com/authoritative/changelog/4.1.html PowerDNS Authoritative Server 4.0.5 =========================================================== Fixes - Fix for missing check on API operations (CVE-2017-15091) - Bindbackend: do not corrupt data supplied by other backends in getAllDomains - API: prevent sending nameservers list and zone-level NS in rrsets - gpgsql: make statement names actually unique - Fix remotebackend params - Fix godbc query logging - For create-slave-zone, actually add all slaves, and not only first n times - Fix a regression in axfr-rectify + test - When making a netmask from a comboaddress, we neglected to zero the port - Fix libatomic detection on ppc64 - Catch DNSName exception in the Zoneparser - Publish inactive KSK/CSK as CDNSKEY/CDS - Handle AFSDB record separately due to record structure. - Treat requestor's payload size lower than 512 as equal to 512 - Correctly purge entries from the caches after a transfer - Handle a signing pipe worker dying with work still pending - Ignore SOA-EDIT for PRESIGNED zones. - Check return value for all getTSIGKey calls. Improvements - Fix ldap-strict autoptr feature, including a test - mydnsbackend: Add getAllDomains - Stubresolver: Use only recursor setting if given - LuaWrapper: Allow embedded NULs in strings received from Lua - sdig: Clarify that the ednssubnet option takes "subnet/mask" - Tests: Ensure all required tools are available - PowerDNS sdig does not truncate trailing bits of EDNS Client Subnet mask - LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace - Add support for Botan 2.x - Ship ldapbackend schema files in tarball - Collection of schema changes - Fix typo in two log messages - Add help text on autodetecting systemd support - Use a unique pointer for bind backend's d_of - Fix some of the issues found by @jpmens
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If I understand chapter 9.12 (http://www.netbsd-france.org/docs/pkgsrc/faq.html#using-sudo-with-pkgsrc) correctly:
When installing packages as non-root user and using the just-in-time su(1) feature of pkgsrc, it can become annoying to type in the root password for each required package installed. To avoid this, the sudo package can be used, which does password caching over a limited time. To use it, install sudo (either as binary package or from security/sudo) and then put the following into your mk.conf, somewhere after the definition of the LOCALBASE variable:
I tried this, and tried substitutin /usr/bin/bash for /bin/sh and finally chopped everything off after the sudo,
but I still need (e.g. in pkgsrc/doc/guide when doing a simple $bmake as a non-root user) to break out in each dependency package and do a sudo bmake install... simple bmake install gives the following type of error:
I checked the following:
here is the shell level debug output
Is there something else that needs to be set for a non root user?
The text was updated successfully, but these errors were encountered: