so rename the current no_x11 flavour to the default (with @pkgpath to
allow updates to work), rename what was the default flavour to gtk and
mark that broken. maintainer timeout.
- Never use a bridge or a controller-supplied node as an exit, even
if its exit policy allows it.
- Only build circuits if we have a sufficient threshold of the total
descriptors that are marked in the consensus with the "Exit"
flag.
- Provide controllers with a safer way to implement the cookie
authentication mechanism. With the old method, if another locally
running program could convince a controller that it was the Tor
process, then that program could trick the contoller into telling
it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE"
authentication method uses a challenge-response approach to prevent
this attack.
We are not affected by the openssl vulnerability.
Full release notes:
https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
ok sthen@ jasper@
- Set REGRESS_DEPENDS = ${FULLPKGPATH} because the test suite needs the
libnetdude package itself to be installed in order to build and run.
- Make the "check" target in test/Makefile actually execute the test
suite, instead of just building the test programs and exiting.
- Change the test suite program (test/lnd-test.c) to include
netinet/if_ether.h instead of net/ethernet.h which does not exist on
OpenBSD.
- Fix the last test to report the correct result.
- Let lnd-test exit with exit code 1 if any tests fail (previously it
would always exit with exit code 0 even if tests fail).
The test suite still fails due to the failure of one test, but at least
it builds and runs now. :)
ok sthen haesbaert henning
- Fix non-response to router-solicitations when router-advertisement
configured, but DHCPv6 not configured.
- Fix a bug which broke DHCPv6/RA with prefix lengths which are not
divisible by 8.
from Brad
check_postgres is a script for monitoring various attributes of
your database (transaction id status, blocked queries, long running
queries, connection status and more). It is designed to work with
Nagios, MRTG, or in standalone scripts.
steps, edit icinga.cfg and change broker_module=/usr/local/bin/idomod.o
to broker_module=/usr/local/lib/idomod.so, this is also mentioned in the
README.
Notable fixes:
- flexible downtimes now last the duration specified once triggered
- avoid insane looping through event list when rescheduling checks
- Fixed bug which caused missing periodic router advertisements with some configurations.
- Cope with router-solict packets which don't have a valid source address.
from Brad
This project develops a third-party plugin for the Pidgin multi-protocol
instant messenger. It implements the extended version of SIP/SIMPLE used
by various products:
Microsoft Office Communications Server (OCS 2007/2007 R2 and newer)
Microsoft Live Communications Server (LCS 2003/2005) Reuters Messaging
With this plugin you should be able to replace your Microsoft Office
Communicator client with Pidgin.
feedback/ok aja@
based on a submission by tom@singlesecond.com
for Tor, intended for command-line aficionados, ssh connections,
and anyone with a tty terminal. This works much like top does for
system usage, providing real time statistics for:
* bandwidth, cpu, and memory usage
* relay's current configuration
* logged events
* connection details (ip, hostname, fingerprint, and consensus data)
* ... etc
ok gonzalo@
http://www.samba.org/samba/security/CVE-2012-2111
Samba versions 3.4.x to 3.6.4 inclusive are affected by a
vulnerability that allows arbitrary users to modify privileges on a
file server.
Security checks were incorrectly applied to the Local Security
Authority (LSA) remote proceedure calls (RPC) CreateAccount,
OpenAccount, AddAccountRights and RemoveAccountRights allowing any
authenticated user to modify the privileges database.
This is a serious error, as it means that authenticated users can
connect to the LSA and grant themselves the "take ownership"
privilege. This privilege is used by the smbd file server to grant the
ability to change ownership of a file or directory which means users
could take ownership of files or directories they do not own.
- drop pointless patch, we only install the _epn version
- add mail to categories
- allow --imap-username / --imap-password by itself (avoiding the need
to specify a username which applies to smtp if auth is enabled).
While here, USE_GROFF is not needed, change _rbldns user homedir from
/var/empty to /nonexistent and we can still use -r /var/empty for the
chroot dir. Tested on i386.
OK, william@ (maintainer), aja@
gPodder downloads and manages free audio and video content ("podcasts")
for you. Listen directly on your computer or on your mobile devices.
* Supports RSS, Atom, YouTube, Soundcloud, Vimeo and XSPF feeds
* Discover new content at our Podcast directory
* Synchronize between devices with full gpodder.net integration
* Easily customizable - support for user-defined hooks and plugins
feedback/ok sthen@
The mygpoclient library provides an easy and structured way to access
the gpodder.net web services. In addition to subscription list
synchronization and storage, the advanced API support allows to upload
and download episode status changes.
ok sthen@
Command line interface to a local Icinga server (mostly compatible
with Nagios), featuring:
- Listing of service/host states, check queue or downtimes
- Detailed service/host info
- Scheduling of service rechecks, acknowledging of problems
- Detailed filtering (host/group/service name, state, acknowledged, etc.)
Flavors:
(default): use file locations for Icinga
nagios: use file locations for Nagios
Net::Pcap::Reassemble performs reassembly of fragmented datagrams in
libpcap packet capture data returned by the Net::Pcap loop() function.
Net::Pcap::Reassemble module supports reassembly of IPv4 and IPv6
fragments.
feedback and OK sthen@
from fgsch. ok okan@
sslh accepts HTTPS, SSH, OpenVPN, tinc and XMPP connections on the
same port. This makes it possible to connect to any of these servers
on port 443 (e.g. from inside a corporate firewall, which almost
never block port 443) while still serving HTTPS on that port.
