Named could mishandle authority sections that were missing RRSIGs triggering
an assertion failure. CVE-2016-9444
Named mishandled some responses where covering RRSIG records are returned
without the requested data resulting in a assertion failure. CVE-2016-9147
Named incorrectly tried to cache TKEY records which could trigger an
assertion failure when there was a class mismatch. CVE-2016-9131
only) - ok jca@ krw@
(a) A NULL pointer dereference in the nickcmp function found by Joseph
Bisch. (CWE-690)
(b) Use after free when receiving invalid nick message (Issue #466, CWE-146)
(c) Out of bounds read in certain incomplete control codes found by
Joseph Bisch. (CWE-126)
(d) Out of bounds read in certain incomplete character sequences found
by Hanno Böck and independently by J. Bisch. (CWE-126)
but skipping the new config file for now because we can't force daemonizing
for the rc script (or setting uid) while using the config file. (the ideal
situation for scripts would be to allow these flags to override things on
the config file).
intermittently following the big qt5 reorganisation. List it as a hard
dep; even though it doesn't actually show in objdump -p for the binary
(perhaps that is because of as-needed linking).
OK sthen@
Comment:
decode and encode NetFlow/IPFIX datagrams
Description:
The Flow module provides the decoding function for NetFlow version
5,9 and IPFIX, and the encoding function for NetFlow version 9 and
IPFIX.
Beginning with Python 3.5 .pyo files are no longer used and
have been replaced by a more flexible scheme that includes
the optimization level explicitly in .pyc name (See PEP-488).
to Rabbitmq backend communication via SSL
MCollective is the only dependent port of ruby-stomp
As suggested by aja@, jasper@, add a comment about the MCollective
breakage
OK ajacoutot@, jasper@
port changes:
- upstream now provides proper tarballs so we switch
from GH_* vars to MASTER_SITES
- we no longer need autoconf as the upstream rolled
tarball includes the generated build files
- devel/libtool & textproc/intltool no longer needed
(spotted by fcambus@)
- simplified license comment (spotted by fcambus@)
upstream changelog:
---
Version 1.3.3 (2016-10-01)
Changelog:
- Support longer tweets in a few more places
- Properly escape ampersand characters in user mentions to fix
GtkLabel warnings about wrong escape characters in tooltips
- Fix tweet length calculations for whitespace-only tweets
- Check for duplicated entries in media arrays. This is apparently a
problem on Twitter's side but led to crashes in Corebird (see #627)
- Use the correct nsfw status of a tweet, i.e. the one that can
actually show images.
- Fix a crash when sending a tweet with multiple images attached
- Fix tweet length calculation of quote tweets. This previously led to
tweets getting rejected by the server even though Corebird claimed
they were fine. See #628
Version 1.3.2 (2016-09-25)
Changelog:
- Cope with the tweet length changes introduced by Twitter
- Fix a problem with malformed media URLs
---
OK juanfra@, fcambus@
applied to *all* subpackages, so REVISION-qt must be 2, not 0. Move
REVISION-qt up (right under REVISION), so it becomes obvious that
-qt got an extra bump.
