New download link for server list
(upstream git commit 458e2c2f0d245eca88e9fea48e66bd40036162f4)
If successfully downloaded a server list, and are not connected at
the moment, try to connect.
This happens when no server met is available on startup.
(upstream git commit 41e0edaed86c9be58ae372e419e2cc02cebfa243)
Fix the blasted DoNetworkRearrange()
upstream git commits:
f2307fa12faf9cec62ba85ea02a3abd41b28c86b
mldonkey_importer.pl can import an unlimited number of files
(upstream git commit c7667a3e341c2499b0c9a7299f5b05096247556d)
notable changes:
- workaround for XML POST issues with authgroups (full fix in a future
release, but this interim release has been made to avoid an ABI break)
- fix potential memory corruption which could be triggered by a malicious server
you want a RADIUS server...
Note that radiusd-cistron will also hit the Attic unless someone still
uses it, since its homepage also states that it's now unmaintained and
one should use freeradius instead :)
while traversing inpt_queue. Fix botch in previous commit by
initializing next and prev once each, rather than prev twice and next
not at all. Eliminate 'skip:' and use 'continue' instead, since code
after 'skip:' was pointless. Nuke now unused variable 'head'.
* please refer to http://activemq.apache.org/activemq-590-release.html for an overview of new features/
bugfixes, including the new hawtio console.
if you updated permissions in jetty-realm.properties, apply the same in users.properties for the
new hawtio console (<hostname>:8161/hawtio/) !
Tor 0.2.4.20 fixes potentially poor random number generation for users
who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their
torrc file, 3) have "Sandy Bridge" or "Ivy Bridge" Intel processors,
and 4) have no state file in their DataDirectory (as would happen on
first start). Users who generated relay or hidden service identity
keys in such a situation should discard them and generate new ones.
(no CVE assigned yet)
share/config.kcfg/ to share/config.kcfg.kde3/. Tested on i386, including
run-time tests (not for all apps, though).
After this commit, there are only two conflicting files in kdelibs 3.x and
4.x packages left - to be solved soon.
spurring from espie@
CVE-2013-7106, CVE-2013-7107 https://dev.icinga.org/issues/5250
The icinga web gui is susceptible to several buffer overflow flaws,
which can be triggered as a logged on user. A remote attacker may
utilize a CSRF (cross site request forgery) attack vector against a
logged in user to exploit this flaw remotely.
CVE-2013-7108 https://dev.icinga.org/issues/5251
The icinga web gui are susceptible to an "off-by-one read" error
resulting from an improper assumption in the handling of user submitted
CGI parameters. [..] by sending a specially crafted cgi parameter,
the check routine can be forced to skip the terminating null pointer
and read the heap address right after the end of the parameter list.
Depending on the memory layout, this may result in a memory corruption
condition/crash or reading of sensitive memory locations.
Changelog:
* Fix for quote marks in private messages (thanks @jnm)
* -dontautoreply is a comma-separated list of names you don't want to
auto-reply to. Useful for users you don't want to interact with by mistake
Special thanks to Bhagya Bantwal of Sourcefire for a patch to fix
crashes on sparc64 on first alert.
Tested on sparc64 by Markus; tested on amd64, i386, and macppc by me.
