horrible Nagios NSCA passive check acceptor. Command lines are compatible
but the protocol is not - however the two servers can coexist to assist
during a migration. Fix/ok rpe@
* Added a whole bunch of security validation to DwCompress.c
* We now handle EasyDNS' bad truncation in a reasonable manner
* Added new SQA test for es-us.noticias.yahoo.com issue in May/June 2012
And other, also fix the homepage.
Ok sthen@
rebar wants to download missing dependencies on the fly, but that won't work out
too good in the ports tree, so erlang.port.mk now removes those dependency declaration
sections.
erl-ibrowse is a HTTP client written in Erlang. Featuring:
- RFC2616 compliant
- Supports GET, POST, OPTIONS, HEAD, PUT, DELETE, TRACE, MKCOL,
PROPFIND, PROPPATCH, LOCK, UNLOCK, MOVE and COPY
- Understands HTTP/0.9, HTTP/1.0 and HTTP/1.1
- Understands chunked encoding
- Can generate requests using Chunked Transfer-Encoding
- Pools of connections to each webserver
- Pipelining support
- Download to file
- Asynchronous requests. Responses are streamed to a process
- and much more
ok aja@
erl-gen_bunny is a RabbitMQ client library for erlang whose primary goal is
to be easy to use. Especially for simple publisher and consumer
applications.
ok aja@
WhatWeb identifies websites. It's goal is to answer the question, "What
is that Website?". WhatWeb recognises web technologies including content
management systems (CMS), blogging platforms, statistic/analytics
packages, JavaScript libraries, web servers, and embedded devices.
WhatWeb has over 900 plugins, each to recognise something different.
WhatWeb also identifies version numbers, email addresses, account ID's,
web framework modules, SQL errors, and more.
ok jasper@
protect the oinkcode from being exposed. Also update the Snort version
in the URLs to 2.9.4.0 to match the current version of our Snort port.
Tweak the regexp that oinkmaster uses to validate HTTPS URLs so that it
won't treat a bad URL that starts with httpsssss:// as valid (this
regexp tweak was jointly worked on by me and maintainer).
regexp feedback zhuk@
OK Markus Lude (maintainer), earlier version OK sthen@
HTTPS to protect the oinkcode from being exposed (suggested by David
Hill).
Also add a note that registered users without a paid subscription are
only allowed to download the official Snort ruleset once every 15
minutes (suggested by Adam Jeanguenat). This restriction is not obvious
on the snort.org site, so I think this note would be helpful to users.
OK Markus Lude (maintainer), sthen@
a fixed stack buffer when constructing HTTP requests. Prevents an overflow
if a malicious VPN gateway sends a very long hostname/path (for redirects)
or cookie list. (There is a newer release of OpenConnect which includes
this fix, but also some bigger code changes, so that will wait until we
are done with 5.3 release). ok aja@ jasper@
gconf_ping() will try to shutdown gconfd, but since installing pkg is
done as root, there is not gconfd nor dbus that can be started when
DISPLAY isn't set and an annoying warning is issued.
discussed with espie@
Apache ActiveMQ is the most popular and powerful open source
messaging and Integration Patterns server. Apache ActiveMQ is fast,
supports many Cross Language Clients and Protocols, comes with easy to
use Enterprise Integration Patterns and many advanced features while
fully supporting JMS 1.1 and J2EE 1.4.
rc.d help and ok aja@
Fix wrong use of mutexes and some wrong error checking
related to pthreads. (The patch for this had been sent
upstream)
Hack around the abuse of NS_IN6ADDRSZ and NS_INT16S probably
found on certain systems (see Makefile for an explanation).
ok sthen@
- at least three remotely exploitable buffer overflows in the
unique_service_name() function, which is called to process incoming
SSDP requests on UDP port 1900.
- devices that use libupnp may also accept UPnP queries over the
WAN interface, therefore exposing the vulnerabilitites to the
internet.
(and roll shared libs from PFRAG.shared into PLIST while there).
libircclient is a small but extremely powerful library which implements
the IRC protocol. It is designed to be small, fast, portable and
compatible with the RFC standards as well as non-standard but popular
features. It is perfect for building the IRC clients and bots.
tweaks and ok sthen@
* Show punycode encoded urls if they contain non-ascii chars
* Fix crash when pressing Esc in chat window
* Support Network Manager 0.9
* decrypt GPG messages in the correct order
While here GROFF is not needed.
Ok pea@ (maintainer)
(cvs checkout needed for upcoming GnuGK update).
Remove plugins support, they are useless for GnuGK and other apps using
H323 plugins use opal nowadays.
Notable changes:
* Consolidation of IPv6 -- now only a single build supports both
IPv4 & IPv6, and removal of the IPv4 "only" code paths.
* File API and improvements to file processing for HTTP downloads
and email attachments via SMTP, POP, and IMAP to facilitate
broader file support
* Use of address space ID for tracking Frag & Stream connections
when it is available with the DAQ
* Logging of packet data that triggers PPM for post-analysis via
Snort event
* Decoding of IPv6 with PPPoE
This commit also includes a patch to snort.conf that was done by myself
with feedback from Markus. The snort.conf patch ensures that Snort will
load the latest Snort ruleset since the rule files have been reorganized
by upstream. It also excludes local.rules by default, since rule
managers like Oinkmaster skip that file when downloading rules.
Tested by Markus on i386 and sparc64, Rodolfo Gouveia on 5.2/amd64 with
his own snort.conf, and myself on amd64 and i386.
OK sthen@
xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661),
which works by opening a pseudo-tty for communicating with pppd.
L2TP allows you to tunnel PPP over UDP. Some ISPs use L2TP to tunnel user
sessions from dial-in servers (modem banks, ADSL DSLAMs) to back-end PPP
servers. Another important application is Virtual Private Networks where
the IPsec protocol is used to secure the L2TP connection (L2TP/IPsec,
RFC 3193).
HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS and FILE.
libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading,
HTTP form based upload, proxies, cookies, user+password authentication
(Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer resume, http
proxy tunneling and more!
This package provides a Haskell binding to libcurl.
From MAINTAINER David Schaefer.
ok dcoppa@
necessary for GnuGK to work and the unmaintained code does not build
with anything modern for FFmpeg getting in the way of updating FFmpeg.
ok ajacoutot@
Changes since last release (http://lists.suckless.org/dev/1301/13945.html):
1.7 (2013-01-05)
- -k now specifies an environment variable that contains the
server key. This behaviour has been changed in order to not
expose the password in the process list.
- Fix parsing of JOIN messages for certain servers.
Thanks Ivan Kanakarakis!
- Use , rather than _ for slash characters in channel names.
As per RFC , is not allowed in a channel name, while _ is.
Thanks plomplomplom and Nils Dagsson Moskopp!
ok gsoares@ (maintainer)
- update icinga-web to 1.8.1
- now, as the versions of icinga-core and icinga-web seem to diverge,
move version information to the individual Makefiles in core/ and
web/
ok sthen@ (MAINTAINER)
Changes for icinga-core 1.8.3:
Bugs
* idoutils: fix unknown column contactaddress_id (thx fmbiete) #3483 - MF
Changes for icinga-web 1.8.1:
Bugs
* Removed duplicate insert in sql upgrade scripts #3328
* IE7 window fix for cronk save dialog
* Disabled grouping of of unhandled problems grid #3320
* Re-added missing command restriction class #3457
* Removed ghost column after changing to new grid events #3458
* Fixes PNP extension #3427
* Removed flash for packaging and flash security fixes
* Various custom cronk dialog fixes
Features
* Allow xtypes in grid events to customize menues
* Clearcache enhancements
* Make ApiComboBox default for filters (Pagination)
* Automatically watch for changes to resolv.conf and reread it when that
happens.
* Refresh all the hosts files.
* Start using libevent2 in favor of libevent
Ok brad@
* A bug with hash_fold() regarding incoming IPv4 and IPv6 source
addresses has been fixed. The "hash" group mechanism is now working as
expected.
* Buffering has been disabled for interactive shell IO. A new
"assign" command has been added to allow changing of the host:port
assignment of a channel (only if disabled). A locking bug has been
fixed.
* A new option -6 has been added to force IPv6 bind.
* Problems with setting IPV6_V6ONLY socket option are now handled
more nicely with a syslog warning message.
* Balance now compiles also on systems where IPV6_V6ONLY is
undefined (like some Solaris systems).
* IPv6 support on the listening side has been added. MAXCHANNELS in
balance.h has been increased to 64.
Ok aja@ brad@
A specific query can cause BIND nameservers using DNS64 to exit
with a REQUIRE assertion failure.
BIND nameservers that are not using DNS64 are not at risk.
https://kb.isc.org/article/AA-00828 CVE-2012-5688
