so rename the current no_x11 flavour to the default (with @pkgpath to
allow updates to work), rename what was the default flavour to gtk and
mark that broken. maintainer timeout.
- Never use a bridge or a controller-supplied node as an exit, even
if its exit policy allows it.
- Only build circuits if we have a sufficient threshold of the total
descriptors that are marked in the consensus with the "Exit"
flag.
- Provide controllers with a safer way to implement the cookie
authentication mechanism. With the old method, if another locally
running program could convince a controller that it was the Tor
process, then that program could trick the contoller into telling
it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE"
authentication method uses a challenge-response approach to prevent
this attack.
We are not affected by the openssl vulnerability.
Full release notes:
https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
ok sthen@ jasper@
- Set REGRESS_DEPENDS = ${FULLPKGPATH} because the test suite needs the
libnetdude package itself to be installed in order to build and run.
- Make the "check" target in test/Makefile actually execute the test
suite, instead of just building the test programs and exiting.
- Change the test suite program (test/lnd-test.c) to include
netinet/if_ether.h instead of net/ethernet.h which does not exist on
OpenBSD.
- Fix the last test to report the correct result.
- Let lnd-test exit with exit code 1 if any tests fail (previously it
would always exit with exit code 0 even if tests fail).
The test suite still fails due to the failure of one test, but at least
it builds and runs now. :)
ok sthen haesbaert henning
- Fix non-response to router-solicitations when router-advertisement
configured, but DHCPv6 not configured.
- Fix a bug which broke DHCPv6/RA with prefix lengths which are not
divisible by 8.
from Brad
check_postgres is a script for monitoring various attributes of
your database (transaction id status, blocked queries, long running
queries, connection status and more). It is designed to work with
Nagios, MRTG, or in standalone scripts.
steps, edit icinga.cfg and change broker_module=/usr/local/bin/idomod.o
to broker_module=/usr/local/lib/idomod.so, this is also mentioned in the
README.
Notable fixes:
- flexible downtimes now last the duration specified once triggered
- avoid insane looping through event list when rescheduling checks
- Fixed bug which caused missing periodic router advertisements with some configurations.
- Cope with router-solict packets which don't have a valid source address.
from Brad
This project develops a third-party plugin for the Pidgin multi-protocol
instant messenger. It implements the extended version of SIP/SIMPLE used
by various products:
Microsoft Office Communications Server (OCS 2007/2007 R2 and newer)
Microsoft Live Communications Server (LCS 2003/2005) Reuters Messaging
With this plugin you should be able to replace your Microsoft Office
Communicator client with Pidgin.
feedback/ok aja@
based on a submission by tom@singlesecond.com
for Tor, intended for command-line aficionados, ssh connections,
and anyone with a tty terminal. This works much like top does for
system usage, providing real time statistics for:
* bandwidth, cpu, and memory usage
* relay's current configuration
* logged events
* connection details (ip, hostname, fingerprint, and consensus data)
* ... etc
ok gonzalo@
http://www.samba.org/samba/security/CVE-2012-2111
Samba versions 3.4.x to 3.6.4 inclusive are affected by a
vulnerability that allows arbitrary users to modify privileges on a
file server.
Security checks were incorrectly applied to the Local Security
Authority (LSA) remote proceedure calls (RPC) CreateAccount,
OpenAccount, AddAccountRights and RemoveAccountRights allowing any
authenticated user to modify the privileges database.
This is a serious error, as it means that authenticated users can
connect to the LSA and grant themselves the "take ownership"
privilege. This privilege is used by the smbd file server to grant the
ability to change ownership of a file or directory which means users
could take ownership of files or directories they do not own.
- drop pointless patch, we only install the _epn version
- add mail to categories
- allow --imap-username / --imap-password by itself (avoiding the need
to specify a username which applies to smtp if auth is enabled).
