The Net::Inspect module allows to inspect data on various network
layers.
The idea of Net::Inspect is to plug various layers of network
inspection together to analyze data. This is kind of what wireshark
or IDS do, exept this is in perl and therefore slower to execute
but faster to develop and maybe more flexibel too.
from Stefan Rinkes <stefan.rinkes AT gmail DOT com>
o Fixed sorting of 'fake' domain ; ucfirst not is required.
o Capitalize region names ; fake domains (like 'Master') should be
ucfirst, and go to the top of the report list ; 'proper' regions
are sorted 'lc'. The ISO-country-list is now utf8,
Capitalized and complete.
o Faster probe-load averaging by always probing the average number
of mirrors. The 'ok' and 'not ok' mirrors are averaged separately.
o Show 'project_name' when reporting changes in the mirror-list.
o Show 'path' for rsync urls in the report like 'site::path'.
While here GROFF is not needed.
Ok sthen@ (maintainer)
* Changed HTTP authentication code to a modular one.
* Added SASL support for HTTP authentication.
* Fixed compilation issues with libpng 1.5.x.
And other, while here GROFF is not needed, change
configure style, add rc.d(8) script, and edd@ drop
maintership, I take care of this now.
Tested on amd64 and i386.
Ok edd@
IMP is a protocol for inspection, modification and rejection of
data between two sides (client and server) using an analyzer
implementing this interface.
OK sthen@
Thank you to all who tested: Markus Lude (sparc64), abieber@ (macppc),
and Adam Jeanguenat (i386); I also tested on amd64 and i386. Thank you
to Rodolfo Gouveia for help/tests on earlier versions, and brad@ for
comments on an earlier version.
From Markus Lude (maintainer), and includes changes done based on
feedback from sthen@ and myself.
OK abieber@ sthen@
DAQ, or Data Acquisition library, is a library for packet I/O. The DAQ
replaces direct calls to PCAP functions with an abstraction layer.
This port is needed by the upcoming Snort 2.9.3.1 update.
From Markus Lude, and includes a tweak from sthen@.
OK abieber@ sthen@
ports, for the ports that are built both on ruby 1.8 and ruby 1.9,
switch the category Makefiles to explicitly list the ruby18 FLAVOR
instead of the ruby19 FLAVOR.
Also, for home_run, fastri, and fastercsv, explicitly build only the
ruby 1.8 version of the port. These libraries can run on ruby 1.9, but
it doesn't make sense to build a ruby 1.9 version by default.
The situation is this: even when we --disable-gtk-doc, if gtk-doc is
actually installed at configure stage, tools like gtkdoc-rebase will be
picked up and run during the install target. That is bad because the
gtk-doc package may have been removed by then, especially during dpb(1)
bulks (we explicitely disable support for it so why should it stay...).
So for now, let's add the following env to configure whenever we use
--disable-gtk-doc, until a bettersolution is found...
CONFIGURE_ENV +=ac_cv_path_GTKDOC_CHECK="" \
ac_cv_path_GTKDOC_REBASE="" \
ac_cv_path_GTKDOC_MKPDF=""
An issue with the use of lease times was found and fixed. Making
certain changes to the end time of an IPv6 lease could cause the
server to abort. Thanks to Glen Eustace of Massey University,
New Zealand for finding this issue.
Changes in version 0.2.2.39 - 2012-09-11
Tor 0.2.2.39 fixes two more opportunities for remotely triggerable
assertions.
o Security fixes:
- Fix an assertion failure in tor_timegm() that could be triggered
by a badly formatted directory object. Bug found by fuzzing with
Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
- Do not crash when comparing an address with port value 0 to an
address policy. This bug could have been used to cause a remote
assertion failure by or against directory authorities, or to
allow some applications to crash clients. Fixes bug 6690; bugfix
on 0.2.1.10-alpha.
No CVEs for these vulnerabilities yet.
https://kb.isc.org/article/AA-00778
If a record with RDATA in excess of 65535 bytes is loaded into a
nameserver, a subsequent query for that record will cause named to exit
with an assertion failure.
This vulnerability can be exploited remotely against recursive servers
by inducing them to query for records provided by an authoritative
server. It affects authoritative servers if a zone containing this type
of resource record is loaded from file or provided via zone transfer.
with no objections. It relies on a GUI toolkit which hasn't been updated
in 10 years, needs to run as root in order to get tcpdump to parse
capture files, and even then it still doesn't work.
* Fix warnings reported by clang.
* Using -1 is the same as 0, except older libpcap left 0 undefined.
* Fixed non-conflict.
* Always process all waiting packets.
Tested on amd64.
Ok benoit@ (maintainer)
* Improved HTTPS cipher handling and added support for chained certificates.
* Allow the source password to be undefined. There was a corner case,
where a default password would have taken effect. It would require the
admin to remove the 'source-password' from the icecast config to take
effect. Default configs ship with the password set, so this
vulnerability doesn't trigger there.
* Prevent error log injection of control characters by substituting
non-alphanumeric characters with a '.' (CVE-2011-4612). Injection
attempts can be identified via access.log, as that stores URL encoded
requests. Investigation if further logging code needs to have
sanitized output is ongoing.
Tested on amd64.
Reads fine aja@
r1.1183 this is now subpackage-dependent - nfsen sets a different PREFIX for
different subpackages and this change caused failures in DPB builds (but not
normal builds) as they pass the subpackage in SUBDIR.
Problem reported by krw, ok espie@.
- MINOR: stats admin: allow unordered parameters in POST requests
- BUG/MAJOR: possible crash when using capture headers on TCP frontends
- MINOR: config: disable header captures in TCP mode and complain
- CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
- BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set
- MINOR: proxy: make findproxy() return proxies from numeric IDs too
- BUG/MINOR: stop connect timeout when connect succeeds
And others (http://haproxy.1wt.eu/download/1.4/src/CHANGELOG), while here GROFF is not needed,
add a rc.d(8) script and maintainer drop maintainership.
Tested on i386.
Ok sthen@ (untested)
Changes in version 0.2.2.38 - 2012-08-12
Tor 0.2.2.38 fixes a rare race condition that can crash exit relays;
fixes a remotely triggerable crash bug; and fixes a timing attack that
could in theory leak path information.
CVE-2012-3570: An Error in the Handling of an Unexpected Client
Identifiers can Cause Server Crash When Serving DHCPv6
CVE-2012-3571: An Error in the Handling of Malformed Client Identifiers
can Cause a Denial-of-Service Condition in Affected Servers
CVE-2012-3954: Memory Leaks Found in ISC DHCP
- rc.d script now generates the unbound-control keys if they don't exist
and the sample config file is patched to enable this, various rc.d/unbound
actions depend on this, pointed out/ok aja@
version of BIND than is in the base OS (some people require features
from this version e.g. DNS64), but note that it does not include
the hardening changes made to the version in base.
feedback from naddy@ giovanni@, ok giovanni@.
"BIND is open source software that implements the Domain Name System
(DNS) protocols for the Internet. It is a reference implementation
of those protocols, but it is also production-grade software,
suitable for use in high-volume and high-reliability applications."
TTG is a small command-line utility to display the throughput (bandwidth
usage) on an interface of a remote device such as a router, switch, etc.,
over SNMP.
Unlike tools like MRTG which sample bandwidth over a relatively long
interval (often 5 minutes), TTG is normally used to display throughput
over as little as one second.
(from FreeBSD)
Fix a bug where manual tracker update for a preferred tracker that
fails would end up rerequesting instantly
(upstream git commit 78f56ee74cecd8e82d39baaea10395301fbec4b8)
* Creates a BitTorrent metainfo file from a file or directory in a
simple and fast way.
* Supports multiple trackers.
* Can add a custom comment to the metainfo file.
* Can add the private flag to dissalow DHT and Peer Exchange.
* Can add web seed URLs.
* Hashing can be done multi threaded and supports multiple CPUs.
Change Web and MASTER_SITE, zap some white spaces and change License, and
put myself as maintainer.
Tested on i386 and sparc64.
Ok stsp@ (ex-maintainer) naddy@
Net::SMTP::TLS::ButMaintained is a TLS and AUTH capable SMTP client
which offers an interface that users will find familiar from Net::SMTP.
Net::SMTP::TLS::ButMaintained implements a subset of the methods
provided by that module, but certainly not (yet) a complete mirror
image of that API.
It is forked from the no-longer-maintained Net::SMTP::TLS.
OSPFView Perl module OSPF::LSDB reads the link-state database from
an OSPF daemon. Then it creates a dot graphic which can be displayed
with graphviz.
The OSPF::LSDB Perl module and its submodules implement the
functionality to hold, parse, check, display the content of an OSPF
link-state database.
Additionally the OSPFView package contains command-line tools to
read the link-state database from an ospf daemon. Then it creates
a dot graphic which can be displayed with graphviz. At the moment
OpenBSD ospfd and ospf6d and gated 3.6 are supported. Cisco support
is experimental.
OK sthen@
Net::TCLink is a module that allows for fast, secure, reliable credit
card and check transactions via the TrustCommerce IP gateway. The
module consists of a single function call that accepts a hash
describing the requested transaction and returns a map that describes
the result.
o Fix possible memory leaks in the Samba master process (bug #8970).
o Fix uninitialized memory read in talloc_free().
o Fix joining of XP Pro workstations to 3.6 DCs (bug #8373).
from Jona Joachim, ok landry@.
WeeChat (Wee Enhanced Environment for Chat) is a fast and light chat
environment for many operating systems. Everything can be done with a
keyboard. It is customizable and extensible with scripts.
flag --enable-strict-rfc2181 we use by default, and unbreak rc script.
While here, GROFF is not needed, and update the web. Tested on i386 and amd64.
Ok aja@ and test from Brad.
csync is a lightweight utility to synchronize files between two
directories on a system or between multiple systems.
<...>
inputs/ok jasper@
NOTE that currently the owncloud module is commented in the PLIST
because there is something wrong with our neon library for webdav which
segfaults. I am working on this -- for now at least local and sftp sync
work fine.
Don't redirect errors to /dev/null and don't return true(1)
unconditionally. Instead, don't check for the existence of index.theme.
This will allow us to catch errors that may be happening because of a
missing dependency in the chain.
Some hidden issues may appear, in which case please contact me.
discussed with and ok blind jasper@
so rename the current no_x11 flavour to the default (with @pkgpath to
allow updates to work), rename what was the default flavour to gtk and
mark that broken. maintainer timeout.
- Never use a bridge or a controller-supplied node as an exit, even
if its exit policy allows it.
- Only build circuits if we have a sufficient threshold of the total
descriptors that are marked in the consensus with the "Exit"
flag.
- Provide controllers with a safer way to implement the cookie
authentication mechanism. With the old method, if another locally
running program could convince a controller that it was the Tor
process, then that program could trick the contoller into telling
it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE"
authentication method uses a challenge-response approach to prevent
this attack.
We are not affected by the openssl vulnerability.
Full release notes:
https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
ok sthen@ jasper@
- Set REGRESS_DEPENDS = ${FULLPKGPATH} because the test suite needs the
libnetdude package itself to be installed in order to build and run.
- Make the "check" target in test/Makefile actually execute the test
suite, instead of just building the test programs and exiting.
- Change the test suite program (test/lnd-test.c) to include
netinet/if_ether.h instead of net/ethernet.h which does not exist on
OpenBSD.
- Fix the last test to report the correct result.
- Let lnd-test exit with exit code 1 if any tests fail (previously it
would always exit with exit code 0 even if tests fail).
The test suite still fails due to the failure of one test, but at least
it builds and runs now. :)
ok sthen haesbaert henning
- Fix non-response to router-solicitations when router-advertisement
configured, but DHCPv6 not configured.
- Fix a bug which broke DHCPv6/RA with prefix lengths which are not
divisible by 8.
from Brad
check_postgres is a script for monitoring various attributes of
your database (transaction id status, blocked queries, long running
queries, connection status and more). It is designed to work with
Nagios, MRTG, or in standalone scripts.
steps, edit icinga.cfg and change broker_module=/usr/local/bin/idomod.o
to broker_module=/usr/local/lib/idomod.so, this is also mentioned in the
README.
Notable fixes:
- flexible downtimes now last the duration specified once triggered
- avoid insane looping through event list when rescheduling checks
- Fixed bug which caused missing periodic router advertisements with some configurations.
- Cope with router-solict packets which don't have a valid source address.
from Brad
This project develops a third-party plugin for the Pidgin multi-protocol
instant messenger. It implements the extended version of SIP/SIMPLE used
by various products:
Microsoft Office Communications Server (OCS 2007/2007 R2 and newer)
Microsoft Live Communications Server (LCS 2003/2005) Reuters Messaging
With this plugin you should be able to replace your Microsoft Office
Communicator client with Pidgin.
feedback/ok aja@
based on a submission by tom@singlesecond.com
