Feature improvements
* Add radmin command "stats detail <file>" to see what
is going on inside of a detail file reader.
* Added documentation for CoA. See raddb/sites-available/coa
* Add sub-option support for Option 82. See dictionary.dhcp
* Add "server" field to default SQL NAS table, and documented it.
Bug fixes
* Reset "received ping" counter for Status-Server checks. In some
corner cases it was not getting reset.
* Handle large VMPS attributes.
* Count accounting responses from a home server in SNMP / statistics
code.
* Set EAP-Session-Resumed = Yes, not "No" when session is resumed.
* radmin packet counter statistics are now unsigned, for numbers
2^31..2^32. After that they roll over to zero.
* Be more careful about expanding data in PAP and MS-CHAP modules.
This prevents login failures when passwords contain '{'.
* Clean up zombie children if there were many "exec" modules being
run for one packet, all with "wait = no".
* re-open log file after HUP.
* Fix "no response to proxied packet" complaint for Coa / Disconnect
packets. It shouldn't ignore replies to packets it sent.
* Calculate IPv6 netmasks correctly.
* Fix SQL module to re-open sockets if they unexpectedly close.
* Track scope for IPv6 addresses. This lets us use link-local
addresses properly.
* Updated Makefiles to no longer use the shell for recursing into
subdirs. "make -j 2" should now work.
* Updated raddb/sql/mysql/ippool.conf to use "= NULL".
* Updated Makefiles so that "make reconfig" no longer uses the shell
for recursing into subdirs, and re-builds all "configure" files.
* Used above method to regenerate all configure scripts.
* Updated SQL module to allow "server" field of "nas" table
to be blank: "". This means the same as it being NULL.
* Fixed regex realm example. Create Realm attribute with value
of realm from User-Name, not from regex.
* If processing a DHCP Discover returns "fail / reject", ignore
the packet rather than sending a NAK.
* Allow '%' to be escaped in sqlcounter module.
* Fix typo internal hash table.
* For PEAP and TTLS, the tunneled reply is added to the reply,
rather than integrated via the operators. This allows multiple
VSAs to be added, where they would previously be discarded.
* Make request number unsigned. This changes nothing other than
the debug output when the server receives more than 2^31 packets.
* Don't block when reading child output in 'exec wait'. This means
that blocked children get killed, instead of blocking the server.
* Enabled building without any proxy functionality
* radclient now prefers IPv4, to match the default server config.
* Print useful error when a realm regex is invalid
* relaxed rules for preprocess module "with_cisco_vsa_hack". The
attributes can now be integer, ipaddr, etc. (i.e. non-string)
* Allow rlm_ldap to build if ldap_set_rebind_proc() has only
2 arguments.
* Update configure script for rlm_python to avoid dynamic linking
problems on some platforms.
* Do suid to "user" when running in debug mode as root
* Make "allow_core_dumps" work in more situations.
* In detail file reader, treat bad records as EOF.
This allows it to continue working when the disk is full.
* Fix Oracle default accounting queries to work when there are no
gigawords attributes. Other databases already had the fix.
* Fix rlm_sql to show when it opens and closes sockets. It already
says when it cannot connect, so it should say when it can connect.
* "chmod -x" for a few C source files.
* Pull update spec files, etc. from RedHat into the redhat/ directory.
* Allow spaces when parsing integer values. This helps people who
put "too much" into an SQL value field.
snmpd:
- Change default AgentX target from 0.0.0.0:705 to localhost:705
- Fix CVE-2008-4309 (GETBULK issue reported by Oscar Mira-Sanchez)
- Fix handling of multiple matching VACM entries
(Use the "best" match, rather than the first one).
Note that this could potentially affect the behaviour of
existing access control configurations.
- Latch large-disk statistics at 2Tb (rather than wrapping)
Linux:
- Fix build on modern distributions (using rpm-4.6)
Windows:
- Fix various builds (recent MSVC, MinGW, IPv6, winExtDLL)
Changes in 2.1.3
================
* FIX: afpd: fix a serious error in networking IO code
* FIX: afpd: Solaris 10 compatibilty fix: don't use SO_SNDTIMEO, use
non-blocking IO and select instead for writing/sending data.
* UPD: Support for BerkeleyDB 5.0.
Changes in 2.1.2
================
* FIX: afpd: fix for possible crash in case more then one server is
configured in afpd.conf.
* FIX: afpd: ExtendedAttributes in FreeBSD
* FIX: afpd: sharing home folders corrupted the per volume umask.
* UPD: afpd: umask for home folders is no longer taken from startup umask.
* UPD: afpd: dont and permissions with parent folder when creating new
directories on "upriv" volumes.
* UPD: afpd: use 'afpserver@fqdn' instead of 'afpserver/fqdn@realm'.
Prevents a crash in older GNU GSSAPI libs on eg. CentOS 5.x.
Changes in 2.1.1
================
* UPD: fallback to a temporary in memory tdb CNID database if the volume
database can't be opened now works with the default backend "dbd" too.
* FIX: afpd: afp_ldap.conf was missing from tarball. This only effected
[Open]Solaris.
* FIX: afpd: Check if options->server is set in set_signature, preventing
SIGSEGV.
* FIX: afpd: server signature wasn't initialized in some cases
* FIX: DESTDIR support: DESTDIR was expanded twice
* FIX: Fix for compilation error if header files of an older Netatalk
version are installed.
Changes in 2.1-release
======================
* NEW: afpd: new volume option "volsizelimit" for limitting reported volume
size. Useful for limitting TM backup size.
* UPD: dbd: -c option for rebuilding volumes which prevents the creation
of .AppleDouble stuff, only removes orphaned files.
Changes in 2.1-beta2
====================
* NEW: afpd: static generated AFP signature stored in afp_signature.conf,
cf man 5 afp_signature.conf
* NEW: afpd: clustering support: new per volume option "cnidserver".
* UPD: afpd: set volume defaults options "upriv" and "usedots" in the
volume config file AppleVolumes.default. This will only affect
new installations, but not upgrades.
* FIX: afpd: prevent security attack guessing valid server accounts. afpd
now returns error -5023 for unknown users, as does AppleFileServer.
Changes in 2.1-beta1
====================
* NEW: afpd: AFP 3.2 support
* NEW: afpd: Extended Attributes support using native attributes or
using files inside .AppleDouble directories.
* NEW: afpd: ACL support with ZFS
* NEW: cnid_metad: options -l and -f to configure logging
* NEW: IPv6 support
* NEW: AppleDouble compatible UNIX files utility suite `ad ...`.
With 2.1 only `ad ls`.
* NEW: CNID database maintanance utility dbd
* NEW: support BerkeleyDB upgrade. Starting with the next release
after 2.1 in case of BerkeleyDB library updates, Netatalk
will be able to upgrade the CNID databases.
* NEW: afpd: store and read CNIDs to/from AppleDouble files by default.
This is used as a cache and as a backup in case the database
is deleted or corrupted. It can be disabled with a new volume
option "nocnidcache".
* NEW: afpd: sending SIGINT to a child afpd process enables debug logging
to /tmp/afpd.PID.XXXXXX.
* NEW: configure args to download and install a "private" Webmin instance
including only basic Webmin modules plus our netatalk.wbm.
* NEW: fallback to a temporary in memory tdb CNID database if the volume
database can't be opened.
* NEW: support for Unicode characters in the range above U+010000 using
internal surrogate pairs
* NEW: apple_dump: utility to dump AppleSingle and AppleDouble files
* NEW: afpldaptest: utility to check afp_ldap.conf.
* UPD: atalkd and papd are now disabled by default. AppleTalk is legacy.
* UPD: slp advertisement is now disabled by default. server option -slp
SRVLOC is legacy.
* UPD: cdb/dbd CNID backend requires BerkeleyDB >= 4.6
* UPD: afpd: default CNID backend is "dbd"
* UPD: afpd: try to install PAM config that pulls in system|common auth
* UPD: afpd: symlink handling: never followed server side, client resolves
them, so it's safe to use them now.
* UPD: afpd: Comment out all extension->type/creator mappings in
AppleVolumes.system. They're unmaintained, possibly wrong and
do not fit for OS X.
* FIX: rewritten logger
* FIX: afpd: UNIX permissions handling
* FIX: cnid_dbd: always use BerkeleyDB transactions
* FIX: initscripts installation now correctly uses autoconf paths,
ie they're installed to --sysconfdir.
* FIX: UTF-8 volume name length
* FIX: atalkd: workaround for broken Linux 2.6 AT kernel module:
Linux 2.6 sends broadcast queries to the first available socket
which is in our case the last configured one. atalkd now tries to
find the right one.
Note: now a misconfigured or plugged router can broadcast a wrong route !
* REM: afpd: removed CNID backends "db3", "hash" and "mtab"
* REM: cnid_maint: use dbd
* REM: cleanappledouble.pl: use dbd
* REM: nu: use `macusers` instead
S3cmd lets you copy files from/to Amazon S3 (Simple Storage Service) using a
simple to use command line client. Supports rsync-like backup, GPG encryption,
and more. Also supports management of Amazon's CloudFront content delivery
network.
* added dnssec support.
* new setting cmd:stifle-rl-history to limit command history size.
* fixed exit code of mget/mput.
* fixed compilation on some systems.
* fixed crash of `cls -s' on MacOS X x64.
* torrent: don't try to connect back to peers which connected to us.
* rancid: remove sequences from IPv6 prefix-lists
* clogin: adjust default ssh password prompt for ExtremeOS 12.3.3.6
* rancid: Accept '>' prompt, rather than just '#'
* avologin: fix ssh command substitution
* fnrancid: filter application signature, System Time & conf_file_ver=
from GetSystem/GetConf
* mrvrancid: filter other oscillating info from show version
* xrrancid: disable timestamps
* hlogin: implement -autoenable for newer hp procurve releases
* cat5rancid: snmp community may have multiple spaces b/t community name
and permissions
* cat5rancid: filter local user password
* f5rancid: filter Failover time stamps
* hlogin: Add support for ssh identity file & passphrase for newer boxes
* rancid: split IOS-XR into its own device type: cisco-xr
* clogin: set term width for catos like for ios.
* rancid: parse admin show diag for XR better with a separate function
* hlogin: hpuifilter got omitted from the ssh spawn; replace it.
* nxrancid: match unknown command errors appropriately & GC some junk
carried-over from IOS-rancid.
* rancid: check for device busy when opening flash fails, which seems to
occur on 6500s when some other command is run.
* *login: support :port method syntax for ssh and adjust to allow spaces
in sshcmd
* jrancid: fix return values of formatting functions
* clogin: set terminal width so that o/p is consistent
* rancid: filter some crud resulting from the change in handling non-empty
comment lines. fail if the configuration buffer fills. filter
dhcp_[^[:space:].].txt from flash directories, so it does not create
constant changes resulting from the ip dhcp database saves. filter ldap host
password on PIX. when compressing consecutive comment lines, only consider
empty lines.
* arancid: handle password filter for HP 1:10Gb Ethernet Blade Switch
5.0.4-Base, running AOS
* *login: add cloginrc timeout directive
* nrancid: fix control number match
* rancid: remove ASA coredump* filter - Cisco Bug CSCsz85597, fixed in
8.2(1.2), 8.3(0.0), 100.3(0.3)M
* f5rancid: adjust fan rpm and config sync time filters for new f5 code
* rancid: ACE/SANOS report invalid input differently. skip leading blank lines
in config.remove ASA keys such as tacacs and radius. match non-space for
usernames in "Written by" line.
* *rancid: quote meta characters
* rancid: Fail on error msg "% Configuration buffer full" seen on 6500. Dont
filter 'show vlan' on Catalyst 3550/4500s
* import Arista script
* jerancid: fix for 'show environment all' for filtering with auto-sync
on BRASes
* francid,flogin: edgeiron can not disable the pager and does not offer
some commands found on the bigirons
* rancid: filter coredumpinfo/coredump.cfg found on ASA - rancid-discuss@
* f5rancid: fileter HA peer status
* WTI scripts from Geert Jan de Groot with a few tweaks
* jerancid: include standby slots in showversion o/p
* lg: add code for LG_SINGLE config knob
* clogin: run_commands() needs do_saveconfig
* f10rancid: change fan status parsing to handle c300
* nxrancid: collect license info; fix 'show env temp' & 'show
env power' parsing; drop unused code.
* change zero-config check to avoid broken awks
Upstream changes:
0.99 July 13 2010
- Add customizable check_for_spawn and min_child_ttl settings in PreFork (Graham Barr)
- Add other_child_died_hook (Daniel Kahn Gillmor)
- Make Multiplex do $mux->add($sock) for UDP sockets (Kristoffer Møllerhøj)
- Change Net::Server::Daemonize to use kill 0 rather than the unportable `ps`
- Fix calling conventions of MultiType
- Avoid select in SSLEAY that was allowing for infinite spin loop
- Fix tie_stdout mode to not warn about unopen handles.
- Added Net::Server::HTTP base class for basic HTTP daemon handling.
- Change examples/httpd to use Net::Server::HTTP
0.98 May 05 2010
- Add SSLeay proto - finally a workable SSL solution.
- Add minimal Net::Server::TiedHandle to allow for STDIN and STDOUT to work with SSLEAY
- Net::Server::TiedHandle also support tied_stdin_callback and tied_stdout_callback
Feb 08 2008
- Allow for port => 0 which lets the OS auto assign a port on some OSes (Blackie Hlasek)
- Add idle_loop_hook to PreForkSimple and PreFork (David Zuhn)
- Add consistent formatting capabilities to the log method (whethere Syslog is used or not) (David Zuhn)
- Warn when default listen value is used - try to make it a sensible default (Mark Martinec)
- Allow for non-zero exit value - particularly when called from fatal (David Schweikert)
--- 9.7.1-P2 released ---
2931. [security] Temporarily and partially disable change 2864
because it would cause inifinite attempts of RRSIG
queries. This is an urgent care fix; we'll
revisit the issue and complete the fix later.
[RT #21710]
--- 9.7.1-P1 released ---
2926. [rollback] Temporarially rollback change 2748. [RT #21594]
2925. [bug] Named failed to accept uncachable negative responses
from insecure zones. [RT# 21555]
Based on PR#43610 by Wen Heping.
While here, convert tclsh related matters to use pkgsrc frameworks.
--- 4.0.11 2010/07/09
CCL fixes: bug 2895 and bug 3539.
GR1-display: add comma in display - was removed by mistake in
version 4.0.0.
Windows installer: bundle MSVCP90.dll - used by icuuc42.dll.
SRU: Merge cookies on HTTP redirects (Giannis Kosmas <kosmas@lib.uoc.gr>).
--- 4.0.10 2010/06/18
ZOOM C: Add ZOOM_resultset_release. ZOOM_resultset_release releases a
result set from a connection. The result set will be on its own
thereafter; no operations on it will perform retrievals from a target.
Only cached copies are returned.
ZOOM C:fix case for HTTP servers responding with Connection:close.
Ensure that if there is a current task it is resumed (like fetching
more records in a result set) . Bug #3484.
PQF parser: use odr_atoi for Odr_int (not atoi)
Minor PQF encoding and decoding changes; reformat. PQF decoding: attribute
values that contain any non-digits are treated as string attributes
(previously decoding only checked for leading character ([0-9]). PQF
encoding: attribute string values are not surrounded by double-quotes.
* fix "P_DETACH" and Pod::Usage issues with perl 5.12
* relax cfgmaker option parsing when figuring whether to test for highspeed
counters or not.
* fix sorting of numbered interface names index maker
* belarusian translation for mrtg 2.16
Changes 2.16.3:
* three new config options to compliment the existing
RRDRowCount option to explicitly set the size of all RRAs
* allow to rename target in the clonedirectory option
* add import to the require File::Copy
* support multiple options in ifdesc and ifref setting for cfgmaker
* teach cfgmaker about nortel switches
* make sure rates over 4G work too
* allow group and user option to be set to roo
Changes from dhcpcd-5.2.4 include:
* Always daemonise in master mode as some interface up/downs can trigger timeout
* Improved NTP handling on Debian based systems
* dhcpcd -n will now re-read the configuration file
This switches to the gnome-2.30 release branch.
pkgsrc note: added "telepathy" option for integration with the
telepathy/farsight framework (defaults to "off" for now)
--- 9.7.1 released ---
--- 9.7.1rc1 released ---
2909. [bug] named-checkconf -p could die if "update-policy local;"
was specified in named.conf. [RT #21416]
2908. [bug] It was possible for re-signing to stop after removing
a DNSKEY. [RT #21384]
2907. [bug] The export version of libdns had undefined references.
[RT #21444]
2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
2905. [port] aix: set use_atomic=yes with native compiler.
[RT #21402]
2904. [bug] When using DLV, sub-zones of the zones in the DLV,
could be incorrectly marked as insecure instead of
secure leading to negative proofs failing. This was
a unintended outcome from change 2890. [RT# 21392]
2903. [bug] managed-keys-directory missing from namedconf.c.
[RT #21370]
--- 9.7.1b1 released ---
2902. [func] Add regression test for change 2897. [RT #21040]
2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
2900. [bug] The placeholder negative caching element was not
properly constructed triggering a INSIST in
dns_ncache_towire(). [RT #21346]
2899. [port] win32: Support linking against OpenSSL 1.0.0.
2898. [bug] nslookup leaked memory when -domain=value was
specified. [RT #21301]
2897. [bug] NSEC3 chains could be left behind when transitioning
to insecure. [RT #21040]
2896. [bug] "rndc sign" failed to properly update the zone
when adding a DNSKEY for publication only. [RT #21045]
2895. [func] genrandom: add support for the generation of multiple
files. [RT #20917]
2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
2893. [bug] Improve managed keys support. New named.conf option
managed-keys-directory. [RT #20924]
2892. [bug] Handle REVOKED keys better. [RT #20961]
2891. [maint] Update empty-zones list to match
draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
2890. [bug] Handle the introduction of new trusted-keys and
DS, DLV RRsets better. [RT #21097]
2889. [bug] Elements of the grammar where not properly reported.
[RT #21046]
2888. [bug] Only the first EDNS option was displayed. [RT #21273]
2887. [bug] Report the keytag times in UTC in the .key file,
local time is presented as a comment within the
comment. [RT #21223]
2886. [bug] ctime() is not thread safe. [RT #21223]
2885. [bug] Improve -fno-strict-aliasing support probing in
configure. [RT #21080]
2884. [bug] Insufficient valadation in dns_name_getlabelsequence().
[RT #21283]
2883. [bug] 'dig +short' failed to handle really large datasets.
[RT #21113]
2882. [bug] Remove memory context from list of active contexts
before clearing 'magic'. [RT #21274]
2881. [bug] Reduce the amount of time the rbtdb write lock
is held when closing a version. [RT #21198]
2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
consistent. [RT #21078]
2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
[RT #21106]
2878. [func] Incrementally write the master file after performing
a AXFR. [RT #21010]
2877. [bug] The validator failed to skip obviously mismatching
RRSIGs. [RT #21138]
2876. [bug] Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131]
2875. [bug] dns_time64_fromtext() could accept non digits.
[RT #21033]
2874. [bug] Cache lack of EDNS support only after the server
successfully responds to the query using plain DNS.
[RT #20930]
2873. [bug] Canceling a dynamic update via the dns/client module
could trigger an assertion failure. [RT #21133]
2872. [bug] Modify dns/client.c:dns_client_createx() to only
require one of IPv4 or IPv6 rather than both.
[RT #21122]
2871. [bug] Type mismatch in mem_api.c between the definition and
the header file, causing build failure with
--enable-exportlib. [RT #21138]
2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
[RT #20877]
2868. [cleanup] Run "make clean" at the end of configure to ensure
any changes made by configure are integrated.
Use --with-make-clean=no to disable. [RT #20994]
2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
don't like it. [RT #20986]
2866. [bug] Windows does not like the TSIG name being compressed.
[RT #20986]
2865. [bug] memset to zero event.data. [RT #20986]
2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
[RT #21050]
2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
[RT #21056]
2862. [bug] nsupdate didn't default to the parent zone when
updating DS records. [RT #20896]
2861. [doc] dnssec-settime man pages didn't correctly document the
inactivation time. [RT #21039]
2860. [bug] named-checkconf's usage was out of date. [RT #21039]
2859. [bug] When cancelling validation it was possible to leak
memory. [RT #20800]
2858. [bug] RTT estimates were not being adjusted on ICMP errors.
[RT #20772]
2857. [bug] named-checkconf did not fail on a bad trusted key.
[RT #20705]
2856. [bug] The size of a memory allocation was not always properly
recorded. [RT #20927]
2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
2851. [doc] nslookup.1, removed <informalexample> from the docbook
source as it produced bad nroff. [RT #21007]
2850. [bug] If isc_heap_insert() failed due to memory shortage
the heap would have corrupted entries. [RT #20951]
Several bugs in encoding and refreshing in Konsole have been fixed
A couple of crashes in Okular's PDF viewer have been fixed
Alarms have received some fixes in KDE PIM
The changelog lists more, if not all improvements since KDE SC 4.4.4.
Changelog:
* Fix transfer statusbar regression introduced in the release candidate
* Do not include IPv6 zone index in the argument to the EPRT command
* Correct tab order in filter edit and search dialogs
* *nix: Revert cursor changes
* Added "does not contain" filter condition to name and path filter types
* Pressing Alt+Left or Alt+Up (Cmd+Left, Cmd+Up on OS X) in file lists enters parent directory
* Pressing Alt+Down (Cmd+Down on OS X) in file lists transfers selected items
* Pressing Alt+Right (Cmd+Right on OS X) in file lists activates selected item(s)
* Add operating system information to about dialog
* MSW: Auto-update check now transmits whether the operating system is 32bit or 64bit
* Small performance improvements, mostly benefiting *nix users
* OS X: Remember hidden state of toolbar, make quickconnect bar look more Mac-ish
* Add option to display momentary transfer speed instead of average speed
* Fix problem with rekeying of SFTP connections if not permanently trusting the server's hostkey
* Certificate details dialog no longer changes size if selecting a different certificate in the chain
* Some dialogs did not display icons using the correct size
* Show "Not connected" instead of "Empty directory" in remote filelist statusbar if not connected
* MSW: Replace some additional characters not allowed in filenames on MSW
* MSW: Selecting files while holding Ctrl+Shift no longer shows incorrect values in the filelist status bars
* gpglib/list.c: Handle GnuPG 2 --with-colons output format changes.
* gpglib/mimegpgfork.c: GnuPG 2 wants --batch when specifying passphrase-fd.
* tcpd/configure.in: Check if explicit linking with libgpg-error is required.
* tcpd/libcouriergnutls.c (tls_connect): Fix bad call to
gnutls_server_name_set(). Affects Courier compiled with GnuTLS support.
* maildrop/mailbot.c (main): Set close-on-exec bit on opened files.
* courier/doc/courier.sgml: Move the SPF section to a separate refsect2
to work around misformatting by the manpage stylesheet.
* rfc2045/rfc2045reply.c (mkreply): Fix sender's name in the reply salutation.
* html/en-us/newmsg.html: Ditto.
* rfc2045/reformime.sgml: Document the -c option to reformime.
* imapd.c (main): Fix typo in alert message.
* Big quota patch (with some changes).
(See the Changelog(s) for previous releases)
Based on patch(es) from PR pkg/42989 by Brian Candler.
Changes:
2009.12.11 -- Version 2.1.1
* Fixed some breakage in openvpn.spec (which is required to build an
RPM distribution) where it was referencing a non-existent
subdirectory in the tarball, causing it to fail (patch from
David Sommerseth).
2009.12.11 -- Version 2.1.0
* Fixed a couple issues in sample plugins auth-pam.c and down-root.c.
(1) Fail gracefully rather than segfault if calloc returns NULL.
(2) The openvpn_plugin_abort_v1 function can potentially be called
with handle == NULL. Add code to detect this case, and if so, avoid
dereferencing pointers derived from handle (Thanks to David
Sommerseth for finding this bug).
* Documented "multihome" option in the man page.
2009.11.20 -- Version 2.1_rc22
* Fixed a client-side bug on Windows that occurred when the
"dhcp-pre-release" or "dhcp-renew" options were combined with
"route-gateway dhcp". The release/renew would not occur
because the Windows DHCP renew function is blocking and
therefore must be called from another process or thread
so as not to stall the tunnel.
* Added a hard failure when peer provides a certificate chain
with depth > 16. Previously, a warning was issued.
Enable silent rules with automake 1.11
Fix race if g_main_loop_quit() is called just before g_main_loop_run()
override the main-context construct time property in the constructor
Fixed installation of python bindings
Add test for empty ip address
Test invalid IP address
Remove empty lines
Validate returned IP addresses
(missed those and *emacs* the first time round because they pull
in their png dependencies via default-on options; they were included
in the test bulk build though)
Upstream changes:
2010-06-11 Shlomi Fish <shlomif@iglu.org.il>
* Add a fix for t/io_multihomed6.t to make sure
ok 3 will be printed before ok 4. due to many failures in the tests.
Such as:
- http://www.cpantesters.org/cpan/report/07413426-b19f-3f77-b713-d32bba55d77f
* New Release IO-Socket-INET6-2.65
2010-06-08 Shlomi Fish <shlomif@iglu.org.il>
* Applied a patch to fix t/io_multihomed6.t on old Perls / old Linux
distributions:
- https://rt.cpan.org/Ticket/Display.html?id=58198
- Thanks to Paul.
* New Release IO-Socket-INET6-2.64
2010-05-29 Shlomi Fish <shlomif@iglu.org.il>
* Applied a modified patch to t/io_multihomed6.t to correct the test
on Fedora 10 and others:
- https://rt.cpan.org/Public/Bug/Display.html?id=57676
* New Release IO-Socket-INET6-2.63
- Bug Fixes
- The following vulnerabilities have been fixed.
- The SMB dissector could dereference a NULL pointer. (Bug 4734)
- J. Oquendo discovered that the ASN.1 BER dissector could overrun
the stack.
- The SMB PIPE dissector could dereference a NULL pointer on some
platforms.
- The SigComp Universal Decompressor Virtual Machine could go into an
infinite loop. (Bug 4826)
- The SigComp Universal Decompressor Virtual Machine could overrun
a buffer. (Bug 4837)
- The following bugs have been fixed:
- Cannot open file with File -> Open. (Bug 1791)
- Application crash when changing real-time option. (Bug 4035)
- Crash in filter autocompletion. (Bug 4306)
- The XML dissector doesn't allow dots (".") in tags. (Bug 4405)
- Live capture stops when using zlib 1.2.5. (Bug 4708)
- Want to be able to apply decode as to Data Portion of Lan Trace.
(Bug 4721)
- SABP short pdu (packet_per.c). (Bug 4743)
- Kerberos pre-auth type constants - MS extensions are wrong. (Bug 4752)
- Check HTTP Content-Length parsing for overflow. (Bug 4758)
- Wrong variable used for proto_tree_add_text() in ptp dissector.
(Bug 4773)
- Crash when close window frame of gtk file chooser. (Bug 4778)
- Wrong decoding for BGP ORF. (Bug 4782)
- Crash when Ctrl-Backspacing the display filter. (Bug 4797)
- Acker AFI field incorrect size in PGM dissector. (Bug 4798)
- Fedora 13: wireshark fails to build (linking problem). (Bug 4815)
- The NFS FH hash (nfs.fh.hash) incorrectly matches multiple filehandles.
(Bug 4839)
- AES-CTR decoding not working, (dissectors/packet_ipsec.c using gcrypt).
(Bug 4838)
- Updated Protocol Support
ASN.1 BER, BGP, HTTP, IGMP, IPsec, Kerberos, NFS, PGM, PTP, SABP, SigComp,
SMB, TCAP, XML,
- Updated Capture File Support
ERF, PacketLogger.
No changelog published; from the commit history:
* Allow :no_declare=>true on new Exchanges to prevent sending Exchange.Declare
* Add MQ::Queue#purge (thanks Uwe Kubosch)
* Avoid opts.delete() to prevent issues during reconnect and wrapper apis that pass in options
* Add MQ#recover to redeliver unackd messages
* Add :confirm => some_proc for Queue#subscribe to receive ConsumeOk
* Make rpc return queues autodelete
* Re-send prefetch command on reconnect
* Stop adding to the load path, use File.expand_path instead
* Remove a queue from MQ#queues on CancelOk if it is autodelete
Changes:
* Minor changes to Manager class. The :Transport option may now be an
object or a class. Explicity call Timeout.timeout so that a timeout
method may be defined in subclasses. Thanks to Eric Monti.
--- 4.0.9 2010/05/21
New utility for managing threads - thread_create.h.
Add socket pipe utility - spipe.h. The socket pipe has same purpose as
Unix pipe . Unfortunately Windows pipes do not work on select/poll -
but YAZ' implementation do.
Fixes for yaz_cond-functions on Windows 7.
DLL export more symbols.
zoomsh: show record do NOT render opac.
Remove *.la files from Debian and RPM packages.
--- 4.0.8 2010/05/11
Debian package libyaz-dev depends on libgnutls-dev again (was
removed in YAZ 4.0.6, but due to Libtool it is still needed
even though yaz-config do not list libgnutls libs).
ZOOM: Use only one WRBUF for returning string results for
ZOOM_resultset. Reduces memory usage for ZOOM in general.
ZOOM: ZOOM_connection do not use a shared pointer to
ZOOM_resultset after ZOOM_resultset is destructed by
user. Reverts to YAZ 4.0.4 behavior.
--- 4.0.7 2010/05/04
record-conv: fix problem with at least one XSL conversion -
due to probably incorrect usage of XML XSL documents.
Changes in libsoup from 2.30.0 to 2.30.1:
* Fix for https through proxies that close the connection when
returning a "407 Proxy Authentication Required" response,
and add a regression test for that case. [#611663]
* Fixed multiple forms/multipart-related interoperability
problems reported by Egon Andersen:
* Don't quote the multipart boundary string if it's
not needed, since RFC 2616 recommends that you
don't, and some servers don't handle quotes there
correctly. (Sigh.) [#614176]
* Don't put an extra blank line before the first
multipart part, since it's unnecessary and some
servers don't handle a multipart preamble correctly.
(Sigh.) [#614183]
* Don't put Content-Transfer-Encoding headers in the
multipart/form-data parts, even though the HTML 4
spec says you must, since no other browsers do, and
some servers don't handle them correctly. (Sigh.)
[#614198]
* Changed SoupCookieJarSqlite to actually erase deleted
cookies from the database. [#615711, Lukasz Slachciak]
* Fixed SoupLogger to be more robust against getting passed
bad data by the session. [#611663]
* Fixed SoupAuthDomain to ignore paths when doing proxy auth
* Fixed a g_warning when hovering over a javascript link in
WebKit. [#613442, Xan Lopez]
Changes in libsoup from 2.29.91 to 2.30.0:
* Fixed a crash in the whitespace-stripping code in
soup_uri_new() [#612644, "arnaud.lb"]
* Update content-sniffing algorithm to match Chrome and the
soon-to-be-updated sniffing spec. [#611502, Gustavo Noronha
Silva]
* We now handle "Content-Encoding: x-gzip" as well as "gzip"
(even though "x-gzip" has been deprecated for more than 10
years). [#611476]
* Fixed leaks found by valgrind
* Make the "make check" programs only bind to 127.0.0.1, not
any public network interfaces. [#609489, Saleem Absulrasool]
* Add a test to sniffing-test to make sure that Content-Type
parameters are preserved correctly. [Gustavo Noronha Silva]
Changes in libsoup from 2.29.90 to 2.29.91:
* Added SOUP_SESSION_SSL_STRICT and
SOUP_MESSAGE_CERTIFICATE_TRUSTED, to allow callers to
determine if an https response comes from a server with a
recognized/valid or unrecognized/invalid certificate.
[#610374, Gustavo Noronha Silva]
* Fixed handling of certain badly-formatted URIs [#590524]
Changes in libsoup from 2.29.6 to 2.29.90:
* Added soup_cookie_jar_set_accept_policy() and related API
for implementing cookie acceptance policies. [#608353, Xan
Lopez]
* Fixed the "request-read" signal in SoupServer to actually be
emitted.
Changes in libsoup from 2.29.5 to 2.29.6:
* Fixed SoupContentDecoder to ignore trailing junk after the
encoded message body (as other browsers do), rather than
getting stuck in an infinite loop. [#606352]
* Fixed an invalid read in soup_cookie_applies_to_uri()
[#607024, pointed out by Xan]
* Fixed linking on OS X [#606959]
* Removed a harmless warning in SoupServer. [#606645]
Changes in libsoup from 2.29.3 to 2.29.5:
* Added SoupContentDecoder, providing support for
Content-Encoding: gzip for WebKitGTK. [#522772]
* Added "accept-language" and "accept-language-auto"
properties to SoupSession, to support the Accept-Language
header. [#597004, Mario Sanchez Prada]
* Fixed a bug in SoupPasswordManagerGNOME that could cause
crashes if you typed the wrong password once and then tried
again. [#595554, debugged by Gustavo Noronha Silva]
* Fixed a crash in SoupAuthDigest if the server claims support
for both qop=auth and qop=auth-int. (This was not noticed
sooner because no one actually supports qop=auth-int, and
the server in question here was probably confused. :)
* Updated cookie parsing/output to more closely match
draft-ietf-httpstate-cookie-00. [Also fixes#603496 (WebKit
unit test), and #604794 (hang parsing malformed Set-Cookie
header)]
* Fixed https-via-proxy to not hang if there is an error
communicating with the proxy immediately after the TLS
negotiation. [#587528]
* Fixed a bug that broke gobject-introspection's introspection
of libsoup. [#603696, Vincent Untz]
* Handle spurious CR/LFs between responses. [#602863,
Alexander V. Butenko]
* Fixed soup-message-client-io to not erroneously include URI
fragments on the Request-Line when sending via a proxy.
[Related to WebKit bug #28687]
* Fixed Digest authentication against certain (buggy?)
clients/servers that require you to use quotes in exactly the
same places where the spec uses them. [#582219]
* Fix ugly gtype-related hack to work with the latest unstable
glib. [Benjamin Otte]
ancient sources predating a move in the repo.
Source does not maintain a CHANGELOG. It is anticipated that most changes
are build related, though PR/42651 is also addressed by this.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.9
- Bftpdwill attempt to create it's utmp directory
if that directory does not exist. Fixes issue on
Ubuntu where the direcotry is wiped out at each
reboot.
- The ROOTDIR option now works properly for
anonymous users.
Thanks to Paul for reporting this bug.
GStreamer is a library that allows the construction of graphs of
media-handling components, ranging from simple Ogg/Vorbis playback to
complex audio (mixing) and video (non-linear editing) processing.
Applications can take advantage of advances in codec and filter technology
transparently. Developers can add new codecs and filters by writing a
simple plugin with a clean, generic interface.
GStreamer is released under the LGPL.
This package is part of the 'bad' plugins for GStreamer. It provides the
mms plugin, for Microsoft Multi Media Server streaming protocol support.
While here, set LICENSE=gnu-lgpl-v2.1.
2010-05-30 libmms-0.6 release (Hans de Goede <j.w.r.degoede@hhs.nl>)
--------------------------------------------------------------------
* libmms hosting has moved back to sf.net and switched to git as vcs
* For mms:// uris try mmsh before mms like mediaplayer does, this avoids
large connection delays with servers which silently drop packets to the
mmsh port. This resolves:
https://bugs.launchpad.net/libmms/+bug/517007https://bugs.launchpad.net/libmms/+bug/512089
* mmsh: allow stream ids > 23
This brings the mms patch from below to our mmsh support code as well:
https://sourceforge.net/tracker/?func=detail&aid=1521441&group_id=101989&atid=630609
* Add support for GUID_ASF_EXTENDED_STREAM_PROPERTIES to mms, add the
GUID_ASF_EXTENDED_STREAM_PROPERTIES support added to the mmsh code in
the 0.5 release to our mms code too
* Many cleanups and out of bounds buffer access checks added
* Debug printf's are now always compiled in, but they are silent by default
set the LIBMMS_DEBUG environment variable to enable them
* Don't fall back to lowest bitrate video stream when id 0 is the one we want
* Remove percent escaping from mms uris before sending them to the server:
http://bugs.xine-project.org/show_bug.cgi?id=99
* Testing has shown the above bugfixes also resolve:
https://bugs.launchpad.net/libmms/+bug/540476https://bugs.launchpad.net/libmms/+bug/531326http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493735https://bugs.launchpad.net/libmms/+bug/477876
Old per change ChangeLog entries
--------------------------------
2009-11-03 Maxim Levitsky <maximlevitsky@gmail.com>
* Rework URL handling
* Increase buffer size for very long URLS and handle buffer overflow
2007-12-11 Hans de Goede <j.w.r.degoede@hhs.nl>
* Remove out of date (not working with recent autotools) autogen.sh,
use: "autoreconf -i -f -v" instead.
2007-12-11 Hans de Goede <j.w.r.degoede@hhs.nl>
* Better tracking of seekable state in mms.c, return immediately
from the seek functions when they gat called on a non seekable
stream.
2007-12-11 Hans de Goede <j.w.r.degoede@hhs.nl>
* Do some minimal sanity checks on the information parsed from the
asf header.
2007-12-11 Hans de Goede <j.w.r.degoede@hhs.nl>
* Add mmsx.c / .h, mmsx.c is a small wrapper around mms.c and mmsh.c
The mmsx functions provide transparent access to both protocols
so that programs who wish to support both can do so with a single
code path if desired.
2007-12-11 Hans de Goede <j.w.r.degoede@hhs.nl>
* Add an atrribute to the mms / mmsh structs to track if the
stream is seekable and export it.
2007-12-11 Hans de Goede <j.w.r.degoede@hhs.nl>
* Add support for both time and byte offset based mmsh seeking!
2007-12-11 Hans de Goede <j.w.r.degoede@hhs.nl>
* Export (add get methods for) asf header- and packet-length.
2007-12-11 Hans de Goede <j.w.r.degoede@hhs.nl>
* Calculate length returned by mss_get_length() instead if returning
the filesize from the header. The filesize usually is bigger then
then the header + all packets because the end of the file contains
time->packet offset lookup tables, however these tables are not
accessible through mms.
2007-12-11 Hans de Goede <j.w.r.degoede@hhs.nl>
* Some off_t changes so that applications no longer need to be
have _FILE_OFFSET_BITS defined to 64 when compiling, when they
will be linked against a libmms which did have _FILE_OFFSET_BITS
defined to 64 during its compile (which gets defined by default
by configure on systems which support it).
2007-09-10 Soren Hansen <shawarma@users.sourceforge.net>
* Fix libmms to work with URL's that contain a query string.
Many thanks to Bob Richmond for discovering this and providing
a patch!
2007-09-10 Soren Hansen <shawarma@users.sourceforge.net>
* Fix hardcoded path in pkgconfig. Thanks to Ronald Bultje for
the patch!
2007-09-09 Soren Hansen <shawarma@users.sourceforge.net>
* Make libmms C89 compliant. Thanks to Jens Granseuer for the
patch!
2007-09-09 Soren Hansen <shawarma@users.sourceforge.net>
* Fix discarded first mmsh packet. Thanks to
azwemmer@users.sourceforge.net for the patch!
2007-09-09 Soren Hansen <shawarma@users.sourceforge.net>
* Fix URL handling. Thanks to Gabriel Velo for the patch!
2007-09-09 Soren Hansen <shawarma@users.sourceforge.net>
* Added seeking support. Many thanks to Anon Sricharoenchai
for this excellent work!
2007-09-09 Soren Hansen <shawarma@users.sourceforge.net>
* Fix stream ID > 23. Thanks to Fabrizio Gennari for the patch!
2007-09-09 Soren Hansen <shawarma@users.sourceforge.net>
* Double the acceptable size of ASF headers. Thanks to Sjoerd
Simons for the patch!
* deletion of unattached GDL added.
* Polish translation update by Emil.
* fix UADDR list redisplay problem.
* fix a crash of dc_gui2_stat when there is nothing to display.
* add upload stat to dc_gui2_stat (only DCTC v0.85.9 provides upload logs).
* fix a user display problem. If a user entering the hub is already created
(used by GDL, upload, share list, ...), he was not displayed in the user
clist.
* Fix incorrect global stat values occuring when multiple 'done' files are
loaded.
* Bittorrent tab is handled by an external program: dc_gui2_bt
* To ease development of future external program, most of the configuration is
* now store in gconf instead gnome_config.
* dc_gui2 command line parameters are back (dc_gui2 --help for the list).
* update .spec file to support fedora (based on Sammy Atmadja modification).
* 'done' log file contains upload log.
* fix the incorrect information sent to the UI when uploading a file bigger than
2GB (only the display is buggy, the transfer works).
* update .spec file to support fedora (based on Sammy Atmadja modification).
* Several bugs in filename sorting in the Dolphin file manager have been
fixed
* Issues with encoded filenames in ZIP archives have been fixed
* A number of bugs in games, such as KMines, KNetwalk and LSkat and
KSpaceDuel have been fixed
The changelog lists more
1.1002 Fri Dec 4 18:33:23 PST 2009
- Updated for Net::SNMP v6.0.0
- looking more closely at my fail reports, they have another
problem: Net::SNMP uses a v-string, and it doesn't compare
properly in the test suite. Tweaked Makefile.PL.
- Applied cleanup patches from gcola aka acferen__yahoo.com to
eliminate some harmless but annoying warnings.
- Turns out that using POE::Kernel->method as a global access
to the kernel is unsupported. Since I'm already importing
POE::Kernel, I have $poe_kernel in my namespace already, so
use that instead.
1.1003
- Cleanups
1.1004 Mon Dec 7 13:17:15 PST 2009
- more cleanups
1.1005 Mon Dec 7 13:30:08 PST 2009
- Apparently my 'eval { use Sub::Identify }' is causing
hiccups with smoke testing. Rewritten to 'eval { require Sub::Identify }'
1.1006 Sun Jan 10 20:17:10 PST 2010
- well I'm now blushing because I finally found a bug that was
reported to me but I was previously unable to reproduce.
The author of Net::SNMP has released v6.0.0, which doesn't
compare very well to a "regular" number like 5.0. This
broke my 4.x support. So I have removed it.
Based on PR#43352 by Wen Heping.
pkgsrc changes:
* set LICENSE=gnu-gpl-v2
* simplify patch-aa.
* remove patch-ab, replace with SUBST instead, and also replace /etc in manpage.
* add patch-ac for fixes standalone mode. XXX: IPv4 only
* cosmetics fixes.
Upstream ChangeLog:
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.8
- Added patch which will allow client to see hidden
files if the "-a" parameter is used in list commands.
Hidden files are only shown if SHOW_HIDDEN_FILES
is enabled in the config file.
Patch provded by Raster.
- Swapped out glob function for custom directory
search matching. Allows clients to see broken
symbolic links if "SHOW_NONREADABLE_FILES" is set
to "yes".
Patch supplied by Raster.
- Added patch to clean up zombies if several children
processes all die at the same time. We were cleaning up
just one child per signal before.
Patch supplied by Raster.
- Fixed typo in log error message.
- Made sure we can read user config file options
even with unusual compile flags.
- Fixed anonymous login.
- Anonymous login disabled by default in the config file.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.7
- Added patch from Raster which returns more speicifc error
messages to the client when a file or directory cannot be
removed. This should avoid confusing some clients when the
user attempts to remove a directory.
- Added checks for increased security/stability and to remove
compiler warnings.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.6
- Removed some debugging information from the log file.
- Made certain that bandwidth log will not over-write itself
when multiple users are logged in.
- Bandwidth log file is flushed to avoid loss of data.
- Bftpd will write to bandwidth log even if client does
not disconnect cleanly.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.5
- Added better UTF support. Clients that check for this
will now enable UTF-8. For example, Filezilla.
- Made sure remote admin login was disabled. This shouldn't
have worked anyway, but disabled the feautre to make sure.
- Added additional log file which tracks user bandwidth.
See the option in the config file called BANDWIDTH.
- Updated README file to contain notes on logging.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.4
- Fixed a possible security hole which would allow
attackers to perform a DoS attack against bftpd.
(Thanks to Dazhi for pointing out this problem.)
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.2.1 (aka 2.3)
- Bftpd should not attempt to close stdin, stdout and stderr
if they do not exist. Fixed this in main.c.
(Patch provided by Ivan A-R.)
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.2
- Bftpd does not exit when an incorrect password is given.
The server does drop connections in cases where logins are
specifically denied, full server or if an error appears in
the config file.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.1.2
- Added option to not show files in a dir list
if the file is not readable. Thanks to Eric
Woltermann for sending in this patch.
By default non-readable files are not listed.
See the SHOW_NONREADABLE_FILES config option.
- Make the replace() function safer with
range checking to avoid buffer over-flow.
- Fixed calls to replace() function.
- Most string buffers now have a set size of
MAX_STRING_LENGTH, rather than some arbitraty size.
- Applied patch to allow user specific data to
be subsituted into the user MOTD file path.
The symbols %u and %h and be used in place of the
user's username and home directory in the MOTD_USER
config option.
Thanks to Eric Woltermann for submitting this patch.
- Bftpd now prompts for a password, even on anonymous
accounts to help increase compatiblity with some
web browsers.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.1.1
- Fixed directory creation so that the proper
umask is used. thanks to Thiemo for pointing
out this problem.
- Fixed buffer under-size error in options.c
Thanks to Athan for reporting this bug.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.1
- By default, the SITE command is now disabled
in the bftpd.conf file. This is to prevent
security holes and DoS attacks via "site md5 <filename>"
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.0.3
- Added md5 support for amd64 machines.
- If no arch is defined for md5, assume little endian.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.0.2
- Transfer buffer size now defaults to staying the
same (max) size for all transfers. To get a variable
buffer size, change the config option CHANGE_BUFSIZE
to "yes".
- Added config file option SHOW_HIDDEN_FILES. When this
option is set to "yes", bftpd shows hidden files in directory
listings. By default this is set to "no".
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.0.1
- Avoid possible segfault in replace() function
in mystring.c
- Avoid memory error in main.c using strdup()
- Avoid segfault in options.c the create_options()
- Added ability to use the SITE command to provide md5
checksums of files. (usage: site md5 filename)
Very many thanks to Ulrich Drepper and Gray Watson for
the md5 library!
- Changed ratio calculations to use double type to
allow for larger files and data transfers.
- Added HELP option to the SITE command.
(usage: site help)
- Added config file variable CHANGE_BUFSIZE. This
determines whether the transfer buffer changes size.
It defaults to "yes".
- Removed extra fileno() calles in file receives.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.0
- Avoid memory error in options.c
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.9.3
- Avoid segfaults in options.c and cwd.c
- Added memory checks in options.c
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.9.2
- Avoid segfaults in options.c and dirlist.c
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.9.1
- Avoid segfaults in options.c and main.c
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.9
- Added limits.h entry to main.c and options.c
for compatibility with FreeBSD.
(All problems with bftpd on FreeBSD were found and
corrected by Beech of the FreeBSD team.)
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.8.4
- When printing file sizes for files larger than 4GB
the file size is now displayed correctly.
- When a FTP client drops a connection without sending
an ABORT (ABOR) signal, Bftpd will detect the dropped
connection and log it. This prevents stale connections
preventing new users from connecting.
(Bug found and fixed by: Thorsten)
- Added limits.h and signal.h to list of headers used
in commands.c, for compatibility with BSD.
- Changed sighandler_t in "run_script()" to sig_t
for compatibility between Linux and BSD.
- Added OpenPAM patch from FreeBSD (login.c)
- Added limits.h include to login.c file for
compatibility with BSD.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.8.3
- If Bftpd is unable to create bftpdutmp file, an error
should now be written to the log file.
- Directory output corrected for when large files (> 2GB)
are listed.
- Documentation for xinetd config updated.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.8.2
- Changed bftpd's direcotry name to plain "bftpd"
rather than "bftpd-version". This will, hopefully, make
it easier to run scripts which build/run bftpd.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.8.1
- Avoid segfault in getoption() (options.c)
Credit to Mats Erik Andersson for finding this bug.
- Fixed potential memory leaks in commands.c
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.7.2
- Fixed serious bug which would cause bftpd to crash
while sending a file. Double-free error.
(Credit to Davide Pozza for reporting these bugs below.)
- Prevent buffer over-flow in parsecmd() when
forming confstr variable.
- Check return values of strtoul() to make sure they
do not over-flow an int.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.7.1
(Credit to Davide Pozza for reporting these bugs.)
- Avoid memory over-flow in bftpd_login (login.c)
with the str[] variable. Made size 512 + 1.
- Avoid buffer over-flow in str[] variable in
main().
- Prevent buffer over-flow in check_file_password()
when performing fscanf().
- In check_file_password() made calloc() allocate
larger buffer to prevent over-flow.
- Performed range checking on the number of users on
the system to make sure they don't over-flow a 32-bit int.
- Make sure malloc calls in commands.c do not allocate
too much or too little memory.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.6
- Perform memory allocation check in bftpd_cwd_mappath()
- Changed a strcmp() to strcasecmp() in command_retr function.
- Performed free(mapped) at end of command_retr.
- Performed memory checks and clean-up in various functions.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.5
- The when using the FILE_AUTH option, the text
password file can contain anonymous users. That is,
users who do not require passwords. THIS IS DANGEROUS
ON MOST SYSTEMS. A entry with the password field set to
a * (star) does not require a password. See the
config file option FILE_AUTH for more information.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.4
- Allow ANONYMOUS_USER config file option to be used with
the FILE_AUTH option. This basically allows anyone
to login to the system without a password if both
options are used!
- When a chroot fails during login the server will
no longer tell the client which directory it was trying
to chroot to.
- When the config.h file contains a definition for
NO_GETPWNAM then the getpwnam() function is not used.
Also, this forces the use of the FILE_AUTH option. If
NO_GETPWNAM is defined and FILE_AUTH is not used, all
connections are dropped.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.3
- Introduced option to over-ride the local/LAN
IP address assigned to the host computer. This
option takes a 4-number IP address in the format
of "127.0.3.101". See OVERRIDE_IP in bftpd.conf for
more information.
- Removed description-pak file from source tree.
- The options PRE_WRITE_SCRIPT and POST_WRITE_SCRIPT
have been added to the bftpd.conf file. These options
let you run scripts before and after any command writes
to the file system. Handy if you want to re-mount.
Please see the bftpd.conf file for details.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.2
- When using FILE_AUTH to login, check
DO_CHROOT option before performing
a chroot().
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6.1
- Removed code which uses sendfile().
The sendfile code appears to cause a
conflict on some systems when used
with 64-bit file size variables.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.6
- Released bftpd without code changes, but
with updated Polish documentation.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.5
- Added Polish documentation to website.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.4.1
- Added ability to use a plain text file
for authentication. See config file option
FILE_AUTH for details.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.4
- Fixed default configuration.
- Fixed compile warnings for vanilla config.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.3.2
- Fixed Makefile to erase config.cache file during
"make clean"
- Added ability to uncompress files on the fly
during downloads. Any file with the extension
".gz" can be decompressed during transfer to
the client with the use of the GZ_DOWNLOAD
in the config file. This option requires bftpd
be configured (pre-compile time) with the flag
--enable-libz.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.3.1
- Changed ratio values to unsigned long
variables to support large files.
- Editted Makefile to allow bftpd to handle large
files (2GB+).
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.2.2
- Added ability to upload files and
compress them into .gz files on the fly.
See bftpd.conf file for the option.
This option requires --enable-libz be
used when running the configure script.
- Cleaned up code to avoid compiler warnings
from gcc 4.0.2.
Files changed: main.c commands.c
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.2.1
- When the config file is re-read, global
are changed only.
Files changes: options.c options.h
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.2
- Made re-reable options be able to hold larger
values. Up to 256 bytes/characters long.
- Replaced old rpm spec file with one from
Joe, which will be used from now on for
rpm builds.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.1.3
- When a child/client dies, the
parent process will now attempt to
remove the client's log entry
from the bftpdutmp file. This
should prevent stale entries.
- Changed some default values to
constants in options.h
- Fixed typo(s) in bftpd.conf
- Set delete/over-write for global
users to be disabled by default
in bftpd.conf.
- Added the XFER_DELAY option to
the bftpd.conf file. This allows
the admin to set a time delay
between data transfer bursts.
This aid in bandwidth throttling.
Please see bftpd.conf for more
details on this feature.
- Added more re-read options
when catching signal SIGHUP.
The re-readable options are now:
HELLO_STRING, QUIT_MSG, XFERBUFSIZE,
DATA_TIMEOUT, CONTROL_TIMEOUT,
USERLIMIT_GLOBAL, USERLIMIT_SINGLEUSER,
USERLIMIT_HOST, DENY_LOGIN and XFER_DELAY.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.1.2
- Program now catches signal SIGHUP.
- When bftpd catches the SIGHUP (hang up)
it re-reads the config file. It looks
for some config values, but not all.
At this time, the values which are
re-read are:
HELLO_STRING, QUIT_MSG and XFERBUFSIZE
Jesse Smith <jessefrgsmith@yahoo.ca> -> 1.1.1
- Added rpm spec file to redhat directory.
- Changed numberic string length (512) to a defined
string length (MAXCMD). Makes code more
compatible with main.c and uses less stack
memory. File changed: commands.c
- When receiving files, the transfer buffer
(XFER_BUFSIZE) is divided by the number of
connected clients. This should prevent bandwidth
being sucked back by multiple connections.
- Minor fixes, checking for malloc errors,
freeing memory and closing sockets.
File changed: commands.c
- When sending files, the transfer buffer
(XFER_BUFSIZE) is divided by the number
of connected clients. This should prevent
bandwidth being taken over by multiple connections.
- Changed Makefile so bftpd.8 gets installed as
a manual page in the proper location.
Also updated rpm spec file to include man page.
Jesse Smith <slicer69@hotmail.com> -> 1.1.0
- Changed some bftpdutmp_log(0) lines to
calls to bftpdutmp_end(). This should be safer.
- Made sure that clients cannot write or append
to files if the "delete" command is disabled. I
think if they cannot delete the file they shouldn't
be allowed to truncate it to zero bytes either.
- Added reason for login failure to log file.
- Removed logging of getting user count from
temp file. Just seems to be taking up space.
(This is simply based on net/bind96).
BIND 9.7.0pl2 (9.7.0-P2)
New Features in BIND 9.7 - 'DNSSEC for Humans'
BIND 9.7 introduces several improvements, especially for simplifying
DNSSEC configuration and DNSSEC maintenance. This article lists some
of the new features and significant changes in BIND 9.7.
For more information please refer these webpage.
http://www.isc.org/software/bind/new-features/9.7http://www.isc.org/files/release-notes/9.7.0-P2%20rel%20notes.txt
Based on packaged by Jeff Woodall and provided via PR#43254.
Enhanced CTorrent is a BitTorrent console client written in C/C++. Like
ctorrent, which it is based on, high performance with minimal system
resources and dependencies is a priority. Enhanced CTorrent adds additional
features like dynamic adjustments and fixes several bugs in the original
ctorrent client (obsolete and marked EOL in pkgsrc repository).
More info at: http://www.rahul.net/dholmes/ctorrent/
Simple Ruby client library for twitter streaming API. Uses EventMachine for
connection handling. Adheres to twitter's reconnection guidline. JSON format
only.
Changes include:
* compile on FreeBSD-8 where closefrom(3) returns void
* log the pid of dhcpcd
* Indicate server IP received message from even if server ID not present
* Fix crashes on IPv4LL failure and add more logging
- Feature improvements
* Print more descriptive error message for too many EAP sessions.
This gives hints on what to do when "failed to store handler"
* Commands received from radmin are now printed on stdout when
in debugging mode.
* Allow accounting packets to be written to a detail file, even
if they were read from a different detail file.
* Added OpenSSL license exception (src/LICENSE.openssl)
- Bug fixes
* DHCP sockets can now set the broadcast flag before binding to a
socket. You need to set "broadcast = yes" in the DHCP listener.
* Be more restrictive on string parsing in the config files
* Fix password length in scripts/create-users.pl
* Be more flexible about parsing the detail file. This allows
it to read files where the attributes have been edited.
* Ensure that requests read from the detail file are cleaned up
(i.e. don't leak) if they are proxied without a response.
* Write the PID file after opening sockets, not before
(closes bug #29)
* Proxying large numbers of packets no longer gives error
"unable to open proxy socket".
* Avoid mutex locks in libc after fork
* Retry packet from detail file if there was no response.
* Allow old-style dictionary formats, where the vendor name is the
last field in an ATTRIBUTE definition.
* Removed all recursive use of mutexes. Some systems just don't
support this.
* Allow !* to work as documented.
* make templates work (see templates.conf)
* Enabled "allow_core_dumps" to work again
* Print better errors when reading invalid dictionaries
* Sign client certificates with CA, rather than server certs.
* Fix potential crash in rlm_passwd when file was closed
* Fixed corner cases in conditional dynamic expansion.
* Use InnoDB for MySQL IP Pools, to gain transactional support
* Apply patch to libltdl for CVE-2009-3736.
* Fixed a few issues found by LLVM's static checker
* Keep track of "bad authenticators" for accounting packets
* Keep track of "dropped packets" for auth/acct packets
* Synced the "debian" directory with upstream
* Made "unlang" use unsigned 32-bit integers, to match the
dictionaries.
While here fix broken user destination directory installation as well.
libdlna aims at being the reference open-source implementation of DLNA (Digital
Living Network Alliance) standards. Its primary goal is to provide DLNA support
to uShare, an embedded DLNA & UPnP A/V Media Server, but it will be used to
build both DLNA servers and players in the long term.
libdlna is written in C and relies on FFMPEG librairies (libavformat and
libavcodec) to handle and demux A/V streams. You still need libupnp to provide
basic UPnP support to your project.
libdlna is based on official DLNA specifications and aims at a providing a
complete respect of the defined standards. Right now, libdlna can be used to
build compliant DLNA Media Servers.
libdlna is free software - it is licensed under the terms of the GNU Lesser
General Public License (LGPL).
changes:
-new MediaServer backends
-first implementation of an JSON/REST API
-advancements of the GStreamer MediaRenderer
-refinements in the transcoding section
-bugfixes and enhancements
Changes:
* bug fix
* changed api url
* added a example for xAuth
* added method 'get_request_token'
* removed a old example
* added utility module Rubytter::OAuth
* added utility module 'Rubytter::XAuth'
* xAuth support
* require 'oauth' by default
* Fix crash in client more (regression from 1.1.6).
* Thread-safety fixes (with regards to sigaction and strerror).
* Incomplete ISATAP support removed.
In the mean time, proper support was added within the Linux kernel.
* Fix server link-local address, compatibility with Vista clients.
* Fix SIGHUP signal handling.
* Fix compiling on MacOS X and/or without libJudy.
* Fix unlikely race condition in Teredo maintenance procedure setup.
* Fix Teredo address randomization (reachability problems).
* Better debug messages.
* Allow GNU General Public License version 3 (and would be later).
* Fix filtering error within miredo-server (regression from 1.1.0).
* Fix fatal padding mistake on old ABI ARM achitecture.
* Remove NAT type determination:
Miredo now runs behind any type of NAT. However, connectivity might
be severely degraded behind the worst devices, such as symmetric NATs.
* Add 12 bits of randomness to Teredo client address:
Teredo addresses are less predictible, which should enhance host
protection against network scanning.
* Remove brittle and battery-unfriendly "autoclient" mode:
Proper default IPv6 source address selection (RFC3484) implementation
would address most of the use cases for this, as well as other issues.
If that is not sufficient, an external connection management system
is anyway needed to start/stop Miredo when appropriate.
* Restore "cone" RelayType:
All relays should use it, as it improves support for some kinds of
(pretty broken but nevertheless deployed) NAT devices.
* Use a hook shell script for client interface configuration.
* Add a bunch of debug messages to debug builds.
* Rewrite clock subsystem to avoid polling when idle (battery savings).
Changes in version 0.2.1.26 - 2010-05-02
Tor 0.2.1.26 addresses the recent connection and memory overload
problems we've been seeing on relays, especially relays with their
DirPort open. If your relay has been crashing, or you turned it off
because it used too many resources, give this release a try.
This release also fixes yet another instance of broken OpenSSL libraries
that was causing some relays to drop out of the consensus.
o Major bugfixes:
- Teach relays to defend themselves from connection overload. Relays
now close idle circuits early if it looks like they were intended
for directory fetches. Relays are also more aggressive about closing
TLS connections that have no circuits on them. Such circuits are
unlikely to be re-used, and tens of thousands of them were piling
up at the fast relays, causing the relays to run out of sockets
and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling
their directory fetches over TLS).
- Fix SSL renegotiation behavior on OpenSSL versions like on Centos
that claim to be earlier than 0.9.8m, but which have in reality
backported huge swaths of 0.9.8m or 0.9.8n renegotiation
behavior. Possible fix for some cases of bug 1346.
- Directory mirrors were fetching relay descriptors only from v2
directory authorities, rather than v3 authorities like they should.
Only 2 v2 authorities remain (compared to 7 v3 authorities), leading
to a serious bottleneck. Bugfix on 0.2.0.9-alpha. Fixes bug 1324.
o Minor bugfixes:
- Finally get rid of the deprecated and now harmful notion of "clique
mode", where directory authorities maintain TLS connections to
every other relay.
o Testsuite fixes:
- In the util/threads test, no longer free the test_mutex before all
worker threads have finished. Bugfix on 0.2.1.6-alpha.
- The master thread could starve the worker threads quite badly on
certain systems, causing them to run only partially in the allowed
window. This resulted in test failures. Now the master thread sleeps
occasionally for a few microseconds while the two worker-threads
compete for the mutex. Bugfix on 0.2.0.1-alpha.
- The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The DOCSIS dissector could crash. (Bug 4644), (bug 4646) -->
Versions affected: 0.9.6 to 1.0.12, 1.2.0 to 1.2.7
- The following bugs have been fixed:
o HTTP parser limits with Content-Length. (Bug 1958)
o MATE dissector bug with GOGs. (Bug 3010)
o Changing fonts and deleting system time from preferences,
results in wireshark crash. (Bug 3387)
o ERF file starting with record with timestamp=0,1 or 2 not
recognized as ERF file. (Bug 4503)
o The SSL dissector can not correctly resemple SSL records when
the record header is spit between packets. (Bug 4535)
o TCP reassembly can call subdissector with incorrect TCP
sequence number. (Bug 4624)
o PTP dissector displays big correction field values wrong. (Bug
4635)
o MSF is at Anthorn, not Rugby. (Bug 4678)
o ProtoField __tostring() description is missing in Wireshark's
Lua API Reference Manual. (Bug 4695)
o EVRC packet bundling not handled correctly. (Bug 4718)
o Completely unresponsive when run very first time by root user.
(Bug 4308)
- Updated Protocol Support: DOCSIS, HTTP, SSL
- Updated Capture File Support: ERF, PacketLogger.
Main changelog is in Japanese. Author says:
Main changes:
support auto size of block device at various OS. (includes
NetBSD,MacOSX,Linux)
remove ZFS and /usr/local from src.
remove unused config.
Also includes patches from pkgsrc fed upstream (thanks Daisuke!).
* DNSKEY#key= raises ArgumentError if bad key used at creation.
* Arrays of DNSKEYs allowed for verify_rrset().
* dnssec-bis-updates recommendation for NSEC and RRSIG.
* ZoneReader handles absolute binary names properly.
* Test fixes for more platforms.
Numerous fixes in Konsole, KDE's terminal emulator, among them two possible
crashers in session management
Flash plugin support in KHTML has been enhanced to work with newest Youtube
skins
Case-sensitivity in renaming fixes in KIO, KDE's network-transparent I/O
library
Hiding the mouse cursor in some special cases in presentation mode and two
possible crashers have been fixed
Features:
* New option 'nsid:', to specify the NSID (Bugfix #298).
* The default chroot can be set with --with-chroot=dir.
If not set, by default chroot will not be used.
* Optimized zonec and b64_pton compatibility code.
* Optimized memory allocations. Use mmap/munmap instead of malloc/free.
Experimental, by default off. Enable it at build time with --enable-mmap.
Bugfixes:
* NSD will not start if chroot is configured,
but changing root is not possible
* Make use of the more secure strl* functions.
* Bugfix #303: spelling error.
Operational notes:
* NSID support is now enabled by default.
Features:
* Experimental ECC-GOST algorithm support.
* unbound-host disables use-syslog from config file.
* Include less in config.h and include per code file for ldns, ssl.
Bug Fixes:
* [bugzilla: 305 ] (regarding pkt_dname_tolower).
* Fix chain of trust with CNAME, for the DS processing proof.
* Fix validation of queries with wildcard names (*.example).
* Fix EDNS probe for .de DNSSEC testbed failure (backoff).
* unbound control flushed items are not counted when flushed again.
* iana portlist updated.
* [bugzilla: 301 ] (regarding unbound-checkconf).
* Fixed random numbers for port, interface and server selection.
* Refer to the listing in unbound-control man page in the extended \
statistics entry in the unbound.conf man page.
* Fix interface-automatic for OpenBSD: msg.controllen was too small.
* check for IP_SENDSRCADDR for interface-automatic or IP_PKTINFO.
* for NSEC3 check if signatures are cached.
* Reordered configure checks so fork and -lnsl -lsocket checks are earlier.
* ldns tarball updated.
* Fix python use when multithreaded.
* Fix solaris python compile.
* spelling fix in validation error involving cnames.
--- 4.0.6 2010/04/29
Fix yaz-config for static mode and the use of SSL (gnutls).
--- 4.0.5 2010/04/29
Forward decl timeval struct in mutex.h and gettimeofday.h.
yaz-config: fix 'static' mode linking.
--- 4.0.4 2010/04/28
Add functions yaz_cond_{create,destroy,wait,signal,broadcast}. These
are wrappers for pthreads or Windows. For Windows these are put in
a separate DLL: yaz_cond4.
libyaz.la (whole source) is compiled with thread. If thread support
is enabled enabled, all source of YAZ is compiled with treading support.
This allows core utilities such as yaz_log to use thread facilities.
Previously (YAZ 3 and YAZ 4 releases), only libyaz_server.la was using
thread utilities. This commit moves mutex utilities (mutex.c) from
libyaz_server.la to libyaz.la.
yaz-json-parse displays leading text until error.
libnice 0.0.11 (2010-03-18)
===========================
Handle EAGAIN for UDP sockets
Fix coverity warnings
Fix a bug with TURN and Channel Bindings
Add a reliable transport mode using libjingle's PseudoTcp implementation
Various fixes
Changes since 0.13.2:
- Include the Content-Type header in the HTTP messages. This satisfies DLNA
CTT test cases 7.2.5.9 and 7.2.29.1.
- Use g_message instead of g_warning if we can't connect to DBus.
- Make the HTTP server listen on the context's interface only.
- Fix some potential crashes in GUPnPServiceProxy and GUPnPContextManager code.
- Fix build issues in jhbuild environment.
- Fix some gcc warnings.
- Add new API to host path for specific user-agent(s).
- Add gobject-introspection support:
- Provide gobject-introspection GIR and typelib.
- Add needed annotations to doc comments.
- Add GList variants of action-related functions to satisfy PyGI.
- A few non-functional improvments.
Dependency related changes:
- gssdp >= 0.7.1
Bugs fixed in this release:
2054 - Xbox hacks
1965 - gcc warning fixes
2039 - GUPnP is hard to use with jhbuild
1948 - Signal handler are not disconnected when ContextManager is disposed
2030 - gupnp context listens on 0.0.0.0 instead of the context's ip
1924 - Content-Type header must contain charset="utf-8" in all HTTP transactions
2006 - Implement 3 new functions for language bindings (begin_action_list,
end_action_list, gupnp_service_action_get_value_type)
1919 - Add GObject Introspection Annotations and Makefile
1979 - g_warning make gupnp-igd test fails
1906 - Tests failed with gupnp 0.13
0.7.2
=====
- Provide gobject-introspection GIR and typelib.
- Use silent build rules.
- Fix issues with version-independence magic in SSDP code.
- Fix build issues in jhbuild environment.
Bugs fixed in this release:
2025 - autogen.sh fails to find autoconf macros when they're installed in a
non-standard location
1927 - gssdp fails to answer M-SEARCH sometimes
1921 - GObject Introspection Makefile for GSSDP
Changes since 1.0.9:
* Mark Forwarding and DirectOnly options as being experimental.
* Don't redefine MAX if it already exists.
* Fixes for definitions under Windows.
* Ensure subnet-up/down scripts are called after HUP when necessary.
* Fix reloading Subnets when StrictSubnets is set.
* Reload Subnets when getting a HUP signal and StrictSubnets is used.
* Ensure ICMP_NET_ANO is defined.
* Convert Port to numeric form before sending it to other nodes.
If one uses a symbolic name for the Port option, tinc will send that name
literally to other nodes. However, it is not guaranteed that all nodes have
the same contents in /etc/services, or have such a file at all.
* Never delete Subnets when StrictSubnets is set
If a node is unreachable, and not connected to an edge anymore, it gets
deleted. When this happens its subnets are also removed, which should
not happen with StrictSubnets=yes.
Solution:
- do not remove subnets in src/net.c::purge(), we know that all subnets
in the list came from our hosts files.
I think here you got the check wrong by looking at the tunnelserver
code below it - with strictsubnets we still inform others but do not
remove the subnet from our data.
- do not remove nodes in net.c::purge() that still have subnets
attached.
* Log unauthorized Subnets when StrictSubnets is set.
* ConnectTo does not mean tinc does not listen for incoming connections anymore.
* Fixes for the Forwarding option.
* Add the DirectOnly option.
When this option is enabled, packets that cannot be sent directly to the destination node,
but which would have to be forwarded by an intermediate node, are dropped instead.
When combined with the IndirectData option,
packets for nodes for which we do not have a meta connection with are also dropped.
* Add the Forwarding option.
This determines if and how incoming packets that are not meant for the local
node are forwarded. It can either be off, internal (tinc forwards them itself,
as in previous versions), or kernel (packets are always sent to the TUN/TAP
device, letting the kernel sort them out).
* Add the StrictSubnets option.
When this option is enabled, tinc will not accept dynamic updates of Subnets
from other nodes, but will only use Subnets read from local host config files
to build its routing table.
* Preload all Subnets in TunnelServer mode.
This simplifies the logic in protocol_subnet.c.
* Check for dirent.h.
* Simplify reading lines from configuration files.
Instead of allocating storage for each line read, we now read into fixed-size
buffers on the stack. This fixes a case where a malformed configuration file
could crash tinc.
* Clamp MSS to miminum MTU in both directions.
Clamp MSS of both incoming and outgoing packets, and use the minimum of the
PMTU of both directions when clamping.
* Add --disable-zlib configure option
* Add --disable-lzo configure option
* Ensure peers with a meta connection always have our key.
This keeps UDP probes going, which in turn keeps NAT mappings alive.
* Update copyright notices.
* Try to set DF bit on BSDs as well.
Every operating system seems to have its own, slightly different way to disable
packet fragmentation. Emit a compiler warning when no suitable way is found.
On OpenBSD, it seems impossible to do it for IPv4.
* Immediately exchange keys when establishing a meta connection.
This in turn will trigger PMTU discovery, and ensures nodes know each others
reflexive UDP address and port.
* Determine peer's reflexive address and port when exchanging keys.
To help peers that are behind NAT connect to each other directly via UDP, they
need to know the exact external address and port that they use. Keys exchanged
between NATted peers necessarily go via a third node, which knows this address
and port, and can append this information to the keys, which is in turned used
by the peers.
Since PMTU discovery will immediately trigger UDP communication from both sides
to each other, this should allow direct communication between peers behind
full, address-restricted and port-restricted cone NAT.
* Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.
When we got a key request for or from a node we don't know, we disconnected the
node that forwarded us that request. However, especially in TunnelServer mode,
disconnecting does not help. We now ignore such requests, but since there is no
way of telling the original sender that the request was dropped, we now retry
sending REQ_KEY requests when we don't get an ANS_KEY back.
* Run subnet-up/down scripts for local MAC addresses as well.
* Fix subnet-up/down scripts being called with an empty SUBNET.
Commit 052ff8b2c598358d1c5febaa9f9f5fc5d384cfd3 contained a bug that causes
scripts to be called with an empty, or possibly corrupted SUBNET variable when
a Subnet is added or removed while the owner is still online. In router mode,
this normally does not happen, but in switch mode this is normal.
* Make MSS clamping configurable, but enabled by default.
It can either be set globally in tinc.conf, or per-node in host config files.
* Also clamp MSS of TCP over IPv6 packets.
* Optimise handling of select() returning <= 0.
Before, we immediately retried select() if it returned -1 and errno is EAGAIN
or EINTR, and if it returned 0 it would check for network events even if we
know there are none. Now, if -1 or 0 is returned we skip checking network
events, but we do check for timer and signal events.
* Ping nodes immediately when receiving SIGALRM.
One reason to send the ALRM signal is to let tinc immediately try to connect to
outgoing nodes, for example when PPP or DHCP configuration of the outgoing
interface finished. Conversely, when the outgoing interface goes down one can
now send this signal to let tinc quickly detect that links are down too.
* Clamp MSS of IPv4 SYN packets.
Some ISPs block the ICMP Fragmentation Needed packets that tinc sends. We
clamp the MSS of IPv4 SYN packets to prevent hosts behind those ISPs from
sending too large packets.
* Allow Port and PMTUDiscovery options in tinc.conf, always enable PMTUDiscovery by default.
* Use xstrdup() instead of xasprintf() to copy static strings.
* Allow port to be specified in Address statements.
This allows one to connect to use more than one port number to connect to
another node. The syntax is now:
Address = <hostname> [<port>]
* Do not fragment packets smaller than RFC defined minimum MTUs.
For IPv6, the minimum MTU is 1280 (RFC 2460), for IPv4 the minimum is actually
68, but this is such a low limit that it will probably hurt performance, so we
do as if it is 576 (the minimum packet size hosts should be able to handle, RFC
791). If we detect a path MTU smaller than those minima, and we have to handle
a packet that is bigger than the PMTU but smaller than those minima, we forward
them via TCP instead of fragmenting or returning ICMP packets.
* Forget addresses of unreachable nodes.
We clear the cached address used for UDP connections when a node becomes
unreachable. This also prevents host-up scripts from passing the old, cached
address from when the host becomes reachable again from a different address.
* Remove unused variable in lookup_subnet_*() functions.
* When learning MAC addresses, only check our own Subnets for previous entries.
Before it would check all addresses, and not learn an address if another node
already claimed that address. This caused fast roaming to fail, the code from
commit 6f6f426b353596edca77829c0477268fc2fc1925 was never triggered.
* Start a tinc service if it already exists.
* Fast handoff of roaming MAC addresses.
In switch mode, if a known MAC address is claimed by a second node before it
expired at the first node, it is likely that this is because a computer has
roamed from the LAN of the first node to that of the second node. To ensure
packets for that computer are routed to the second node, the first node should
delete its corresponding Subnet as soon as possible, without waiting for the
normal expiry timeout.
* Move socket error interpretation to utils.h.
* Use WSAGetLastError() to determine cause of network errors on Windows.
This reduces log spam and lets path MTU discovery work faster.
* Remove localedir leftovers.
* Use IP_DONTFRAGMENT instead of IP_MTU_DISCOVER on Windows.
This ensures the DF bit on outgoing UDP packets gets set on Windows when path
MTU discovery is enabled, reducing fragmentation.
* Forward packets to not directly reachable hosts via UDP if possible.
If MTU probing discovered a node was not reachable via UDP, packets for it were
forwarded to the next hop, but always via TCP, even if the next hop was
reachable via UDP. This is now fixed by retrying to send the packet using
send_packet() if the destination is not the same as the nexthop.
* Make maxmtu equal to minmtu when fixing the path MTU to a node.
This ensures MTU probes used to ping nodes are not too large, and prevents
restarting MTU probing unnecessarily.
* Always reply to MTU probes via UDP.
It could sometime happen that a node would return MTU probes via TCP, which
does not make a lot of sense.
* Allow UDP packets with an address different from the corresponding TCP connection.
* Use uint32_t instead of long int for connection options.
Options should have a fixed width anyway, but this also fixes a possible MinGW
compiler bug where %lx tries to print a 64 bit value, even though a long int is
only 32 bits.
* Add dummy device.
* Clarify and increase level of log message about MTU probes to unreachable nodes.
* Handle weighted Subnets in switch and hub modes.
We now handle MAC Subnets in exactly the same way as IPv4 and IPv6 Subnets.
This also fixes a problem that causes unncessary broadcasting of unicast
packets in VPNs where some daemons run 1.0.10 and some run other versions.
* Fix a possible crash when sending the HUP signal.
When the HUP signal is sent while some outgoing connections have not been made
yet, or are being retried, a NULL pointer could be dereferenced resulting in
tinc crashing. We fix this by more careful handling of outgoing_ts, and by
deleting all connections that have not been fully activated yet at the HUP
signal is received.
* Fix description of the WEIGHT environment variable.
* Include missing header.
* Remove debugging message when reading packets from a BSD device.
* Allow the cloning /dev/tap interface to be used on FreeBSD and NetBSD.
This device works like /dev/tun on Linux, automatically creating a new tap
interface when a program opens it. We now pass the actual name of the newly
created interface in $INTERFACE.
* Use MTU probes to regularly ping other nodes over UDP.
This keeps NAT mappings for UDP alive, and will also detect when a node is not
reachable via UDP anymore or if the path MTU is decreasing. Tinc will fall back
to TCP if the node has become unreachable.
If UDP communication is impossible, we stop sending probes, but we retry if it
changes its keys.
We also decouple the UDP and TCP ping mechanisms completely, to ensure tinc
properly detects failure of either method.
* Small updates to the documentation.
Mention that TCPOnly is not necessary anymore since tinc will autodetect
whether it can send via UDP or not. Also mention the WEIGHT environment
variable and the new default value (2048 bits) of RSA keys.
* Ensure that the texinfo manual can be converted to HTML.
The top node was made conditional with the @iftex command, since it should not
appear in PostScript and PDF output. However, it is still necessary for
texi2html, so we have to use @ifnottex instead.
Texi2html also complains about the use of @cindex in the copyright statement,
so we remove that.
* Revert "Raise default crypto algorithms to AES256 and SHA256."
Although it would be better to have the new defaults, only the most recent
releases of most of the platforms supported by tinc come with a version of
OpenSSL that supports SHA256. To ensure people can compile tinc and that nodes
can interact with each other, we revert the default back to Blowfish and SHA1.
* Remove code duplication when checking ADD_EDGE/DEL_EDGE messages.
* Don't disconnect clients in TunnelServer mode who send unauthorised ADD_SUBNETs.
So that we are liberal in what we accept.
* Removed last gettext function.
* Remove autogenerated files from EXTRA_DIST.
Apparently they were once necessary, but autoconf now includes them
automatically. Some of them are not used anymore, and this caused make dist to
fail.
* Update the NEWS.
* Add more authors to the copyright headers.
Git's log and blame tools were used to find out which files had significant
contributions from authors who sent in patches that were applied before we used
git.
* Drop support for localisation.
Localised messages don't make much sense for a daemon, and there is only the
Dutch translation which costs time to maintain.
* Remove checkpoint tracing.
This feature is not necessary anymore since we have tools like valgrind today
that can catch stack overflow errors before they make a backtrace in gdb
impossible.
* K&R style braces.
* Update the address of the Free Software Foundation in all copyright headers.
* Remove Ivo's old email addresses.
* Remove all occurences of $Id$.
* Update copyright information.
- Update year numbers in copyright headers.
- Add copyright information for Michael Tokarev and Florian Forster to the
copyright headers of files to which they have contributed significantly.
- Mention Michael and Florian in AUTHORS.
- Mention that tinc is GPLv3 or later if compiled with the --enable-tunemu
flag.
* Send large packets we cannot handle properly via TCP.
During the path MTU discovery phase, we might not know the maximum MTU yet, but
we do know a safe minimum. If we encounter a packet that is larger than that
the minimum, we now send it via TCP instead to ensure it arrives. We also
allow large packets that we cannot fragment or create ICMP replies for to be
sent via TCP.
* Raise default RSA key length to 2048 bits.
* Use a mutex to allow the TAP reader to process packets faster on Windows.
The TAP-Win32 device is not a socket, and select() under Windows only works
with sockets. Tinc used a separate thread to read from the TAP-Win32 device,
and passed this via a local socket to the main thread which could then select()
from it. We now use a global mutex, which is only unlocked when the main thread
is waiting for select(), to allow the TAP reader thread to process packets
directly.
* Remove extra {.
* Raise default crypto algorithms to AES256 and SHA256.
In light of the recent improvements of attacks on SHA1, the default hash
algorithm in tinc is now SHA256. At the same time, the default symmetric
encryption algorithm has been changed to AES256.
* Use access() instead of stat() for checking whether scripts exist.
* Remove dropin random() function, as it is not used anymore.
* Allow compiling for Windows XP and higher.
This allows us to use getaddrinfo(), getnameinfo() and related functions, which
allow tinc to make connections over existing IPv6 networks. These functions are
not available on Windows 2000 however. By default, support is enabled, but when
compiling for Windows 2000 the configure switch --with-windows2000 should be
used.
Since getaddrinfo() et al. are not functions but macros on Windows, we have to
use AC_CHECK_DECLS() instead of AC_CHECK_FUNCS() in configure.in.
* Also do not use drand48(), it is not available on Windows.
* Use only rand(), not random().
We used both rand() and random() in our code. Since it returns an int, we have
to use %x in our format strings instead of %lx. This fixes a crash under
Windows when cross-compiling tinc with a recent version of MinGW.
* Apparently it's impolite to ask GCC to subtract two pointers.
If two pointers do not belong to the same array, pointer subtraction gives
nonsensical results, depending on the level of optimisation and the
architecture one is compiling for. It is apparently not just subtracting the
pointer values and dividing by the size of the object, but uses some kind of
higher magic not intended for mere mortals. GCC will not warn about this at
all. Casting to void * is also a no-no, because then GCC does warn that strict
aliasing rules are being broken. The only safe way to query the ordering of two
pointers is to use the (in)equality operators.
The unsafe implementation of connection_compare() has probably caused the "old
connection_t for ... still lingering" messages. Our implementation of AVL trees
is augmented with a doubly linked list, which is normally what is traversed.
Only when deleting an old connection the tree itself is traversed.
* Remove superfluous call to avl_delete().
* Handle unicast packets larger than PMTU in switch mode.
If PMTUDiscovery is enabled, and we see a unicast packet that is larger than
the path MTU in switch mode, treat it just like we would do in router mode.
* Allow PMTUDiscovery in switch and hub modes again.
PMTUDiscovery was disabled in commit d5b56bbba56480b5565ffb38496175a7c1df60ac
because tinc did not handle packets larger than the path MTU in switch and hub
modes. We now allow it again in preparation of proper support, but default to
off.
* Put Subnet weight in a separate environment variable.
Commit 5674bba5c54c1aee3a4ac5b3aba6b3ebded91bbc introduced weighted Subnets,
but the weight was included in the SUBNET variable passed to subnet-up/down
scripts. This makes it harder to use in those scripts. The weight is now
stripped from the SUBNET variable and put in the WEIGHT variabel.
* Don't stat() on iPhone/iPod.
Grzegorz Dymarek noted that tinc segfaults at the stat() call in
execute_script() on the iPhone. We can omit the stat() call for the moment,
the subsequent call to system() will fail with just a warning.
* Add support for iPhones and recent iPods.
This is a slightly modified patch from Grzegorz Dymarek that allows tinc to use
the tunemu device, which allows tinc to be compiled for iPhones and recent
iPods. To enable support for tunemu, the --enable-tunemu option has to be used
when running the configure script.
* Another safe bitfield conversion.
* Add the GPL license to the repository.
Tinc is licensed under the GPL version 2 or later. To ensure autoconf does not
install the wrong license if COPYING is missing, we have to put the right one
in place.
* Convert bitfields to integers in a safe way.
This is commit eb391c52eed46f3f03b404553df417851fc0cb90 redone, but without the
non-standard anonymous union.
* Ensure tinc compiles with gcc -std=c99.
We use a lot of C99 features already, but also some extensions which are not in
the standard.
* UNIX signal numbers start at 1.
* Replace asprintf() by xasprintf().
* Check the return value of fscanf() when reading a PID file.
* Add xasprintf() and xvasprintf().
These functions wrap asprintf() and vasprintf(), and check the return value. If
the function failed, tinc will exit with an error message, similar to xmalloc()
and friends.
* Remove extra semicolon in my definition of setpriority()
* Always remove a node from the UDP tree before freeing it.
Valgrind caught tinc reading free'd memory during a purge(). This was caused by
first removing it from the main node tree, which will already call free_node(),
and then removing it from the UDP tree. This might cause spurious segmentation
faults.
* Change level of some debug messages, zero pointer after freeing hostname.
* Do not log errors when recvfrom() returns EAGAIN or EINTR.
Although we select() before we call recvfrom(), it sometimes happens that
select() tells us we can read but a subsequent read fails anyway. This is
harmless.
* Remove pending MTU probe events when a node's reachability status changes.
* Don't try to send MTU probes to unreachable nodes.
If there is an outstanding MTU probe event for a node which is not reachable
anymore, a UDP packet would be sent to that node, which caused a key request to
be sent to that node, which triggered a NULL pointer dereference. Probes and
other UDP packets to unreachable nodes are now dropped.
* Properly set HMAC length for incoming packets.
* try outgoing connections before chroot/drop_privs
When chrooted, we either need to force-initialize resolver
and/or nsswitch somehow (no clean way) or resolve all the
names we want before entering chroot jail. The latter
looks cleaner, easier and it is actually safe because
we still don't talk with the remote nodes there, only
initiating outgoing connections.
* cleanup setpriority thing to make it readable
* Add some const where appropriate.
* Add ProcessPriority option.
This option can be set to low, normal or high. On UNIX flavours, this changes
the nice value of the process by +10, 0 and -10 respectively. On Windows, it
sets the priority to BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS and
HIGH_PRIORITY_CLASS respectively.
A high priority might help to reduce latency and packet loss on the VPN.
* src/net_socket.c: Bind outgoing TCP sockets to `BindToAddress'.
If a host has multiple addresses on an interface, the source address of the TCP
connection(s) was picked by the operating system while the UDP packets used a
bound socket, i. e. the source address was the address specified by the user.
This caused problems because the receiving code requires the TCP connection and
the UDP connection to originate from the same IP address.
This patch adds support for the `BindToInterface' and `BindToAddress' options
to the setup of outgoing TCP connections.
Tested with Debian Etch on x86 and Debian Lenny on x86_64.
Signed-off-by: Florian Forster <octo@verplant.org>
* src/linux/device.c: Fix segfault when running without `--net'.
If running without `--net', the (global) variable `netname' is NULL. This
creates a segmentation fault because this NULL-pointer is passed to strdup:
Program terminated with signal 11, Segmentation fault.
#0 0xb7d30463 in strlen () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0 0xb7d30463 in strlen () from /lib/tls/i686/cmov/libc.so.6
#1 0xb7d30175 in strdup () from /lib/tls/i686/cmov/libc.so.6
#2 0x0805bf47 in xstrdup (s=0x0) at xmalloc.c:118 <---
#3 0x0805be33 in setup_device () at device.c:66
#4 0x0805072e in setup_myself () at net_setup.c:432
#5 0x08050db2 in setup_network () at net_setup.c:536
#6 0x0805b27f in main (argc=Cannot access memory at address 0x0) at tincd.c:580
This patch fixes this by checking `netname' in `setup_device'. An alternative
would be to check for NULL-pointers in `xstrdup' and return NULL in this case.
Signed-off-by: Florian Forster <octo@verplant.org>
* tunnelserver: log which ADD_SUBNET was refused
Add some logging about refused ADD_SUBNET
(it causes subsequent client disconnect so it's
important to know which subnet was at fault).
Maybe we should just ignore it completely.
* Do not forward broadcast packets when TunnelServer is enabled.
First of all, the idea behind the TunnelServer option is to hide all other
nodes from each other, so we shouldn't forward broadcast packets from them
anyway. The other reason is that since edges from other nodes are ignored, the
calculated minimum spanning tree might not be correct, which can result in
routing loops.
* Use packet size before decompression to calculate path MTU.
Since compression can either grow or shrink a packet, the size of an MTU probe
after decompression might not reflect the real path MTU. Now we use the size
before decompression, which is independent of the compression algorithm, and
substract a safety margin such that the calculated path MTU will be safe even
for packets which grow as much as possible after compression.
* Add declaration for sockaddrcmp_noport().
* Fix ans_key exchange in recent changes
send_ans_key() was using the wrong in vs. outkeylength to
terminate the key being sent, so it was always empty.
* Use xrealloc instead of if(ptr) ptr = xmalloc().
* Fix initialisation of packet decryption context broken by commit 3308d13e7e3bf20cfeaf6f2ab17228a9820cea66.
Instead of a single, global decryption context, each node has its own context.
However, in send_ans_key(), the global context was initialised. This commit
fixes that and removes the global context completely.
Also only set status.validkey after all checks have been evaluated.
* don't log every strange packet coming to the UDP port
it's a sure way to fill up syslog. Only log those if
debug level is up to PROTOCOL
* Fix link to Mattias Nissler's tun/tap driver for MacOS/X.
* If PMTUDiscovery is not set, do not forward packets via TCP unnecessarily.
* ignore indirect edge registrations in tunnelserver mode
In tunnelserver mode we're not interested to hear about
our client edges, just like in case of subnets. Just
ignore all requests which are not about our node or the
client node.
The fix is very similar to what was done for subnets.
Note that we don't need to add the "unknown" nodes to
the list in tunnelserver mode too, so move allocation
of new nodes down the line.
* TunnelServer: Don't disconnect client on DEL_SUBNET too
Similar changes as was in 2327d3f6eb5982bcc922ff1ab1ec436ba6aeffdc
but for del_subnet_h().
Before, we vere returning false (and causing disconnect of the
client) in case of tunnelserver and the client sending DEL_SUBNET
for non-his subnet or for subnet which owner isn't in our connection
list.
After the mentioned change to add_subnet_h() that routine does not
add such indirect owners to the connection list anymore, so that
was ok (owner == NULL and we return true).
But if we too has a connection with the node about which the client
is sending DEL_SUBNET notification, say, because that client lost
connection with that other node, we'll disconnect this client from
us too, returning false for indirect DEL_SUBNET.
Fix that by allowing and ignoring indirect DEL_SUBNET in tunnelserver
mode.
Also rearranged the function a bit, to match add_subnet_h() (in
particular, syntax-check everything first, see if we've seen this
request before).
And also fix some comments.
* format 'not supported on this platform' error message
Format it in a similar way in all places, to make translation happier.
No functional changes.
* change error messages in droppriv code to match the rest
Change formatting of error messages about failed syscalls
to be the same as in other places in tincd.
Also suggest a change in "$foo not supported on this platform"
message as it's now used more than once.
* bugfix: chdir(/) after chroot
Fix the famous chdir(".") vs chdir("/") after chroot(something).
* bugfix: move mlock to after detach() so it works for child, not parent
mlock()/mlockall() are not persistent across fork(), and it's
done in parent process before daemon() which does fork(). So
basically, current --mlock does nothing useful.
Move mlock() to after detach() so it works for child process
instead of parent.
Also, check if the platform supports mlock right when processing
options (since else we'll have to die after startup, not at
startup, the error message will be in log only).
* bugfix: initialize pid (as read from pidfile) to zero
If we didn't read any number from a pid file, we'll return
an unitialized variable to the caller, and it will treat
that garbage as a pid of a process (possible to kill).
Fix that.
* Implement privilege dropping
Add two options, -R/--chroot and -U/--user=user, to chroot to the
config directory (where tinc.conf is located) and to perform
setuid to the user specified, after all the initialization is done.
What's left is handling of pid file since we can't remove it anymore.
* Rename setup_network_connections() and split out try_outgoing_connections()
In preparation of chroot/setuid operations, split out call to
try_outgoing_connections() from setup_network_connections()
(which was the last call in setup_network_connections()).
This is because dropping privileges should be done in-between
setup_network_connections() and try_outgoing_connections().
This patch renames setup_network_connections() to setup_network()
and moves call to try_outgoing_connections() into main routine.
No functional changes.
* Handle UDP packets from different and ports than advertised.
Previously, tinc used a fixed address and port for each node for UDP packet
exchange. The port was the one advertised by that node as its listening port.
However, due to NAT the port might be different. Now, tinc sends a different
session key to each node. This way, the sending node can be determined from
incoming packets by checking the MAC against all session keys. If a match is
found, the address and port for that node are updated.
* Use a simple Random Early Drop algorithm in send_tcppacket().
* Disable PMTUDiscovery in switch and hub modes.
In switch and hub modes, tinc does not generate ICMP packets in response to
packets that are larger than the path MTU. However, if PMTUDiscovery is
enabled, the IP_MTU_DISCOVER and IPV6_MTU_DISCOVER option is set on the UDP
sockets, which causes all UDP packets to be sent with the DF bit set, causing
large packets to be dropped, even if they would otherwise be routed fine.
* Update THANKS and copyright information.
* Allow weight to be assigned to Subnets.
Tinc allows multiple nodes to own the same Subnet, but did not have a sensible
way to decide which one to send packets to. Tinc also did not check the
reachability of nodes when deciding where to route packets to, so it would not
automatically fail over to a reachable node.
Tinc now assigns a weight to each Subnet. The default weight is 10, with lower
weights having higher priority. The Subnets are now internally sorted in the
same way as the kernel's routing table, and the Subnets are search linearly,
skipping those of unreachable nodes. A small cache of recently used addresses
is used to speed up the lookup functions.
* Enable PMTUDiscovery only if BOTH sides wants it.
Don't enable PMTUDiscovery if at least one side does not support it.
Before it was enabled if at least one side supported it, now both are required.
* Handle neighbor solicitation requests without link layer addresses.
Apparently FreeBSD likes to send out neighbor solicitation requests, even on a
tun interface where this is completely pointless. These requests do not have an
option header containing a link layer address, so the proxy-neighborsol code
was treating these requests as invalid. We now handle such requests, and send
back equally pointless replies, also without a link layer address. This seems
to satisfy FreeBSD.
* Allow tunnelserver to work with clients that have other peers.
In TunnelServer mode, tinc server disconnects any client if it announces
indirect subnets -- subnets that are not theirs (e.g. subnets for nodes
the CLIENT has connections now, even if those nodes are known to the server
too). Fix that by ignoring such (indirect) announces instead.
While we're at it, move check for such indirect subnet registration to
before allocating new node structure, as in TunnelServer mode we don't
really need to know that other node.
* Disable old RSA keys when generating new ones.
When generating an RSA keypair, the new public and private keys are appended to
files. However, when OpenSSL reads keys it only reads the first in a file, not
the last. Instead of printing an easily ignored warning, tinc now disables old
keys when appending new ones.
* Validate Name before using it in a filename when generating a keypair.
* Allow reading config files with CRLF endings on Unix systems.
* Remove unused definitions from net.h.
* Use a global list to track outgoing connections.
Previously an outgoing_t was maintained for each outgoing connection,
but the pointer to it was either stored in a connection_t or in an event_t.
This made it very hard to keep track of and to clean up.
Now a list is created when tinc starts and reads all the ConnectTo variables,
and which is recreated when tinc receives a HUP signal.
* Add missing cleanup functions in close_network_connections().
* Change flush_events() to expire_events().
The former function made a totally bogus shallow copy of the event_tree, called
the handler of each event and then deleted the whole tree. This should've
caused tinc to crash when an ALARM signal was sent more than once, but for some
reason it didn't. It also behaved incorrectly when a handler added a new event.
The new function just moves the expiration time of all events to the past.
* Move free()s at the end om main() to the proper destructor functions.
* Only send packets via UDP if UDP communication is possible.
When no session key is known for a node, or when it is doing PMTU discovery but
no MTU probes have returned yet, packets are sent via TCP. Some logic is added
to make sure intermediate nodes continue forwarding via TCP. The per-node
packet queue is now no longer necessary and has been removed.
* Consistently allocate device and iface variables on the heap.
This fixes a segfault when no Device has been specified and tinc exits, and it
would try to free() a static string. Thanks to Borg for spottin.
* Update documentation for git.
--- 4.0.3 2010/04/09
Handle HTTP redirect for SRU GET in yaz-client and ZOOM C. Based on
patch from Giannis Kosmas.
SRU: no longer URL encode SRU database. The URL for an SRU server is
a URL and such is alreeady encoded - at least when given with leading
http:// or https://. This reverts behavior to YAZ 3.0.50.
Support for new MARC XML notation TurboMARC which like MARCXML is a
complete representation of MARC/ISO2709.. This one, however, is more
compact and allows for faster processing with XSLT. TurboMARC can be
used in the marcdisp.h API, from the yaz-marcdump utility and from
the API of ZOOM C.
yaz-ztest can be configured - via the database - to perform certain
delays when it performs operations search, present and single record
fetch. This allows testers to make yaz-ztest act as a real or even slow
Z39.50 server. Refer to the yaz-ztest man pages for details.
Packages Collection.
The Perl 5 module Net::Server::Coro implements multithreaded server
for the Net::Server architecture, using Coro and Coro::Socket to
make all reads and writes non-blocking. Additionally, it supports
non-blocking SSL negotiation.
Packages Collection.
The Perl 5 module Net::Server::Coro implements multithreaded server
for the Net::Server architecture, using Coro and Coro::Socket to
make all reads and writes non-blocking. Additionally, it supports
non-blocking SSL negotiation.
Changelog:
corrections:
user-late and group-late, when applied to a pty, affected the system
device /dev/ptmx instead of the pty (thanks to Matthew Cloke for
pointing me to this bug)
socats openssl addresses failed with "nonblocking operation did not
complete" when the peer performed a renegotiation. Thanks to Benjamin
Delpy for reporting this bug.
info message during socks connect showed bad port number on little
endian systems due to wrong byte order (thanks to Peter M. Galbavy for
bug report and patch)
Debian bug 531078: socat execs children with SIGCHLD ignored; corrected
to default. Thanks to Martin Dorey for reporting this bug.
porting:
building socat on systems that predefined the CFLAGS environment to
contain -Wall failed (esp.RedHat). Thanks to Paul Wouters for reporting
this problem and to Simon Matter for providing the patch
support for Solaris 8 and Sun Studio support (thanks to Sebastian
Kayser for providing the patches)
on some 64bit systems a compiler warning "cast from pointer to integer
of different size" was issued on some option definitions
added struct sockaddr_ll to union sockaddr_union to avoid "strict
aliasing" warnings (problem reported by Paul Wouters)
docu:
minor corrections in docu
Change Log:
3.2.4, 2010-04-07
* Ncftpget and ncftpput can now read $HOME/.ncftp/bookmarks and take a bookmark name in place of a hostname. If the hostname specified is not fully qualified (i.e. does not contain a period), then bookmarks will be queried; if no bookmarks match, then a local hostname is assumed. Bookmarks are also queried for the config file option, -f, when the file specified by -f does not exist.
* Compatibility fixes for FreeBSD 8.
* Support for local validation of DNSSEC when combined with libraries available from the DNSSEC Tools project (Thanks, Robert Story).
* Microsoft disabled recursive directory listings altogether when fixing KB975254 (Thanks, Andrew Coggeshall). When entire directories are downloaded, instead of using "LIST -R" for one efficient listing of all files, the directories are manually traversed with one directory listing for each subdirectory. This will improve reliability of recursive downloads, except for the case when their are circular symbolic links (which is why "LIST -R" had been favored, which the server can easily handle).
* Compatibility fixes for Mac OS X for building from source code (Thanks, Mathieu Rene)
the complete changelog is available here:
http://www.ncftp.com/ncftp/doc/changelog.html
Inspired by PR#43126 from Wen Heping.
While here, set LICENSE and TEST_TARGET.
adns (1.4); urgency=low
Improvements for multithreaded programs:
* New documentation comment in adns.h explaining thread guarantees
(or lack of them), replaces `single-threaded' note at the top.
* Fix string conversion of adns_r_addr not to use a static buffer
(function csp_addr) so as to make thread promise true.
* Make an internal variable const-correct (expectdomain in pa_ptr).
-- Ian Jackson <ian@davenant.greenend.org.uk> Tue, 17 Oct 2006 17:05:08 +0100
adns (1.3); urgency=low
Portability fixes:
* Cast ptrdiff_t to int for %.*s length in adnsheloex and adnslogres,
as is required. (Report from Jim Meyering.)
* In configure.in, quote macro name argument to define() to
suppress spurious autoconf error. (Report from Mihai Ibanescu.)
* Use autoconf's values for {bin,lib,include}dir rather than inventing
our own from @exec_prefix@, making configure --libdir work.
(Patch from Mihai Ibanescu.)
* Remove spurious `_' from {bin,lib,include}dir Makefile variables.
(Report from Mihai Ibanescu.)
* Do away with `mismatch' variable in parse.c:adns__findrr_anychk so that
overzealous GCC cannot complain about members of eo_fls being
uninitialised. (Report from Jim Meyering.)
-- Ian Jackson <ian@davenant.greenend.org.uk> Tue, 6 Jun 2006 20:22:30 +0100
adns (1.2); urgency=medium
New features:
* Support for SRV RRs.
* Support for unknown RR types (according to RFC3597) via adns_r_unknown.
* Allow `;'-comments in resolv.conf (report from Colin Charles).
* New adnsheloex client courtesy of Tony Finch.
* New adns_init_logfn etc. for having logging use a callback function.
Bugfixes:
* Fix error in prototype in definition of adns__parse_domain.
* Add missing ENOTSOCK to hcommon.c.m4 (was already in hcommon.c!)
Portability fixes prompted by Bernd Eckenfels, the Debian maintainer:
* Correct type of various printf arguments: ptrdiff_t != int.
* Do not print size of leaked blocks of memory (this causes
a spurious regression test failure on some platforms).
* Provide adns_if_none and adns_qf_none (which will help with compilers
which complain about plain `0' being passed where an enum is wanted).
* adnstest converts some errno values to EFOOBAR: all of the ones
mentioned in adns.h, at least. This makes the regression test
more portable (fixes problem noticed by Bernd Eckenfels).
* Add -Wno-pointer-sign if GCC has that option.
Documentation improvements:
* Add documentation comment by definition of adns_r_ptr_raw type enum.
* Document in adns.h EINVAL from adns_init meaning bad configuration.
* Include several new references to related programs to README.html.
* Redacted the TODO list.
* New LICENCE.WAIVERS file for GPL-incompatility workarounds.
* Clarified GPL-vs-LGPL: a bit less hostile and a bit more mercenary.
* Copyright notices updated.
Packaging changes:
* Update MINOR to 2 and DISTVERSION and ADNS_VERSION_STRING to 1.2.
* Reran autoconf/autoheader (autoconf Debian 2.13-54).
* Create $(bin_dir) and $(lib_dir) on `make install', and also
make a libadns.so.1 -> libadns.so.1.<minor> link. (Suggestions
and patch from Nix of esperi.org.uk.)
* Add .PHONY: install to Makefile, to help people with demented fs's.
* Darwin listed in INSTALL.
Minor test harness improvements:
* Hgettimeofday calls Tensurerecordfile (was Tensureinput/outputfile).
* Add bind(2) and listen(2) wrappers (for epithet, but harmless in adns).
-- Ian Jackson <ian@davenant.greenend.org.uk> Sat, 8 Apr 2006 15:41:28 +0100
ISC's libbind provides the standard resolver library,
along with header files and documentation, for communicating
with domain name servers, retrieving network host entries
from /etc/hosts or via DNS, converting CIDR network addresses,
perform Hesiod information lookups, retrieve network entries
from /etc/networks, implement TSIG transaction/request
security of DNS messages, perform name-to-address and
address-to-name translations, utilize /etc/resolv.conf
for resolver configuration.
It contains many of the same historical functions and headers
included with many Unix operating systems.
Originally written for BIND 8, it was included in BIND 9 as
optionally-compiled code through release 9.5. It has been
removed from subsequent releases of BIND 9 and is now
provided as a separate package.
Changes:
- Don't require --verbose for pcap_stats.
- Survive interface going down on Linux.
- Support DLT_RAW, implemented by Anton S. Ustyuzhanin.
- Skip accounting for hosts or ports if their max is set to zero.
- Implement --hexdump for troubleshooting.
- Web: Implement --no-lastseen
- Implement --snaplen manual override.
- Fix snaplen problem on recent (1-2 years?) Linux kernels.
- Implement --syslog
- Implement --wait as a NetworkManager workaround.
Pkgsrc changes:
- Adjust dependencies
Upstream changes:
2010-03-25 Shlomi Fish <shlomif@iglu.org.il>
* Fix the inet_pton / inet_ntop import warnings:
- https://rt.cpan.org/Ticket/Display.html?id=55901
- Thanks to Todd Rinaldo for the patch.
* Fix listening on :: or 0.0.0.0 - a random address instead of
the specified would be used. Added test listen_port_only.t
- Regression from 2.57:
- https://rt.cpan.org/Ticket/Display.html?id=54656
- Thanks to Steffen Ullrich for the patch.
* New Release IO-Socket-INET6-2.60
* Fixes to t/listen_port_only.t.
* New Release IO-Socket-INET6-2.61
2010-03-19 Shlomi Fish <shlomif@iglu.org.il>
* Syntax change to adapt for older Perls:
- https://rt.cpan.org/Ticket/Display.html?id=54656
- Thanks to paul.
* New Release IO-Socket-INET6-2.59
2010-03-18 Shlomi Fish <shlomif@iglu.org.il>
* Applied a patch by Steffen Ullrich, fixing:
https://rt.cpan.org/Ticket/Display.html?id=54656
* New Release IO-Socket-INET6-2.58
NetBSD Packages Collection.
The Perl 5 module Net::Server::SS::PreFork is Net::Server personality,
extending Net::Server::PreFork, that can be run by the start_server
script of Server::Starter.
Nagstamon is a Nagios status monitor for the desktop inspired by Nagios Checker
for Firefox.
It connects to multiple Nagios servers and resides in systray or as a floating
statusbar at the desktop showing a brief summary of critical, warning, unknown,
unreachable and down hosts and services and pops up a detailed status overview
when moving the mouse pointer over it. Connecting to displayed hosts and
services is easily established by context menu via SSH, RDP and VNC. Users can
be notified by sound. Hosts and Services can be filtered by category and
regular expressions.
For 4.4.0 major new technologies have been introduced, including social
networking and online collaboration features, a new netbook-oriented
interface and infrastructural innovations such as the KAuth authentication
framework. According to KDE's bug-tracking system, 7293 bugs have been
fixed and 1433 new feature requests were implemented.
KDE SC 4.4.1 has a number of improvements:
A performance problem in KMail when sending emails has been fixed
Various fixes in Plasma widgets and other addons, such as the analog clock
and the picture frame
A number of fixes in Konsole, KDE's powerful terminal application
KDE SC 4.4.2 has a number of improvements:
Possible crashes in Plasma, Dolphin and Okular have been fixed
The Microblog applet now shows the correct time in the timeline
The audioplayer KRunner plugin has been fixed to not freeze the KRunner UI
anymore
Based on PR#43124 by Wen Heping.
Changes since version 1.2.0b1:
* Fix DIGEST-MD5 authentication (Aleksander Machniak, Bug #17285).
* Don't try to call dl() if mbstring extension isn't loaded (Bug #17038).
Changes since version 1.1.7:
* Added support for adding a custom debug handler (Aleksander Machniak, Request #16681).
* Fix breakage with certain locales, especially Turkish.
* Fix reading authentication responses without literals (Bug #16647).
* Code cleanup.
changes.
Version 2.2.11
--------------
April 3, 2010
Bugfixes:
* Youtube, update patterns to reflect website changes
Version 2.2.10
--------------
March 24, 2010
Changes:
* Add buzzhumor.com support
* Mark ehrensenf.de support as broken
Bugfixes:
* Update --hosts format strings
* dailymotion.com
# Change format IDs to reflect website changes (yet again):
* h264-hd -> hd
* h264-hq -> hq
* removed h264 and spark-mini (no longer even listed)
# Parse title from elsewhere
* Title was previously parsed from the title HTML tag
* Which usually contained more than we cared for
# Spew out an error if the video looks like a partner video
* break.com
# Support, thanks to Werner Elsler for the fix
# Title parsing, ported from libquvi
Bug fixes:
- SNMPv3 Engine ID registration. (Bug 2426)
- Open file dialog always displayed when clicking anywhere on
Wireshark. (Bug 2478)
- tshark reports wrong number of bytes on big dumpfiles with -z
io,stat. (Bug 3205)
- Negative INTEGER number displayed as positive number in SNMP
dissector. (Bug 3230)
- Add support for FT_BOOLEAN fields to wslua FieldInfo. (Bug 4049)
- Wireshark crashes w/ GLib error when trying to play RTP
stream. (Bug 4119)
- Windows 2000 support has been restored. (Bug 4176)
- Wrong dissection on be_cell_id_list for bssmap. (Bug 4437)
- I/O Graph dropdown boxes not working correctly. (Bug 4487)
- Runtime Error when right-clicking field and selecting "Filter
Field Reference". (Bug 4522)
- In GSM SMS PDU TPVPF showing wrong. (Bug 4524)
- Profinet: May be wrong defined byte meaning. (Bug 4525)
- GLib-CRITICAL ** Message. (Bug 4547)
- Certain EDP display filters trigger Wireshark/tshark runtime
error. (Bug 4563)
- Some NCP frames trigger "Dissector bug, protocol NCP". (Bug 4565)
- The encapsulation abbreviation "bluetooth-h4" is ambiguous.(Bug 4613)
Updated Protocol Support:
- BSSMAP, DMP, GSM SMS, LDSS, NCP, PN/IO, PPP, SIP, SNMP
Requested by Alistair Crooks.
Changes in version 0.2.1.25 - 2010-03-16
o Major bugfixes:
- Fix a regression from our patch for bug 1244 that caused relays
to guess their IP address incorrectly if they didn't set Address
in their torrc and/or their address fails to resolve. Bugfix on
0.2.1.23; fixes bug 1269.
- When freeing a session key, zero it out completely. We only zeroed
the first ptrsize bytes. Bugfix on 0.0.2pre8. Discovered and
patched by ekir. Fixes bug 1254.
o Minor bugfixes:
- Fix a dereference-then-NULL-check sequence when publishing
descriptors. Bugfix on 0.2.1.5-alpha. Discovered by ekir; fixes
bug 1255.
- Fix another dereference-then-NULL-check sequence. Bugfix on
0.2.1.14-rc. Discovered by ekir; fixes bug 1256.
- Make sure we treat potentially not NUL-terminated strings correctly.
Bugfix on 0.1.1.13-alpha. Discovered by rieo; fixes bug 1257.
* The broadcast flag is now automatically set for interfaces that require
it, via platform detection. Currently qeth on Linux.
* Fix a file descriptor leak on Linux getting platform info.
* Don't send a maximum DHCP message size beyond what we can handle.
* ip_ip is now randomized.
* IPTOS_LOWDELAY and IP_DF flags are no longer set.
* SSID is now correctly terminated on Linux.
Requested by Rumko by PR#43069.
Version 2.2.6 - The "we don't have holidays" version.
----------
2009-09-16
GonoszTopi:
* Fixed obfuscated server UDP communication.
* Fixed cross-endian Kad node verification.
* Fixed name conflict in builtin PHP parser.
* Fixed configure finding unwanted Crypto++ installations.
Marcell:
* Properly update transfers tab's bottom pane's title.
mr_hyde:
* Fixed a bug in detecting and using the fallocate() function.
Sam Hocevar:
* Now really fixed that security issue.
Stu Redman:
* Fixed HTTP download if server transmits no content-length
* Fixed several cases of amulecmd printing zero on big endian machines
* Fixed amuleweb crashing on tiny downloads
* Added version resources to MSVC binaries
* Fixed wrong search text in search dialog after deleting a tab
* Fixed download limit in amuled (which was 50% of what was set)
Wuischke:
* Fix amuleweb progress bar display for files > 4GB
Special Thanks To:
* stefanero and his bleeding-edge system
While here, set LICENSE=gnu-gpl-v2.
2008-06-28 Roland Riegel <feedback@roland-riegel.de>
* Really fix compilation with g++ 4.3
2008-02-27 Roland Riegel <feedback@roland-riegel.de>
* If devices are given on the command line, display only these
* Use --sysconfdir as given to configure
Changelog:
* Remember location of update download directory
* Cancel file renaming on actions that change the file list, such as changing sort order or performing a refresh
* Cancel file renaming if starting a drag&drop operation
* Filter invalid characters if downloading through double-clicking files or if adding from the search dialog
* Fix site-specific bookmarks menu
* The menu did not reflect initial value of preserve timestamp option properly
* MSW: Keep FileZilla subdirectory in startmenu when updating, preserves custom order
* MSW: Add AppID support to installer
Some of highlights are:
o Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
o Added 7 new NSE scripts for a grand total of 79!
o Performed a memory consumption audit and made changes to
dramatically reduce Nmap's footprint.
o A major service detection submission integration.
o Added some new service detection probes
o Added 14 new NSE scripts for a grand total of 72! You can learn
about them all at http://nmap.org/nsedoc/. Here are the new ones:
o Nmap's --traceroute has been rewritten for better performance.
o Integrated 1,349 fingerprints (and 81 corrections).
o [NSE] Default socket parallelism has been doubled from 10 to 20.
o [NSE] Now supports worker threads
o Zenmap now includes ports in the services view whenever Nmap found
them "interesting," whatever their state.
o [Ncat, Ndiff] The exit codes of these programs now reflect whether
they succeeded.
o Optimize MAC address prefix lookup by using an std::map
o Canonicalized the list of OS detection device types to a smaller set.
o Zenmap's UI performance has improved significantly.
o [NSE] socket garbage collection was rewritten for better performance.
Many many bugfixes!
For full changelog, see http://nmap.org/changelog.html
Ok'ed during freeze by wiz@
PR 43013 by Brook Milligan: fetch(3) violates RFC 1738 for ftp:// URLs
if the home directory is not the root directory.
Remember the current directory the first time a CWD / CDUP has to be
issued. Use the document as full URL if the URL started with two /
(quoted or not), otherwise append it to the initial directory.
net/p5-Net-Rendezvous (supersedes).
Net::Bonjour is a set of modules that allow one to discover local services
via multicast DNS (mDNS) or enterprise services via traditional DNS. This
method of service discovery has been branded as Bonjour by Apple Computer.
Upstream changes:
1.11 - Wed Nov 4 13:48:18 EST 2009
More test adjustments /re Win32 (BRAMBLE)
1.09
Refactored tests to prevent false negatives on Win32 (ADAMK)
1.08 Mon Nov 2 11:23:33 EST 2009
Test fixes and spelling corrections (BRAMBLE)
Upstream changes:
3.11012 2010-03-13
- fixed: added fallback since Test::More 0.95_01 does not
stringify in "is" (tokuhirom)
3.11011 2010-03-11
- fixed documentation to include lookup_users
3.11010 2010-03-11
- Added lookup_users API method
3.11009 2010-03-10
- Added RetryOnError trait
(see perldoc Net::Twitter::Role::RetryOnError)
- Import Sclar::Util::blessed in the POD Synopsis to make it clear
callers need to do so (RT#55283)
- Use newly documented "preferred" oauth endpoints:
http://api.twitter.com/oauth/*
- Added SimulateCursors trait for Identi.ca compatibility
pkgsrc changes:
- fix typo in dependencies
Upstream changes:
0.21 Wed, 10 Mar 2010 22:20:49 UTC
* Added xAuth support with xAuthAccessTokenRequest (thanks Masayoshi
Sekimura and Simon Wistow)
* Added performance patch to decrease stat() system calls when requiring
modules (thanks Brad Whitaker)
0.22 Thu, 11 Mar 2010 00:21:26 UTC
* Renamed xAuthAccessTokenRequest to XauthAccessTokenRequest for
CamelCaseConsistency
* Added a couple tests for XauthAccessTokenRequest
- Fix a memory alignment issue, that can be triggered remote on (some)
64bit systems
- Fix daemonize on Solaris 10 to correctly detach from terminal
- Extend unbound-control with new functions
- Better VERB_DETAIL output
- Improve latency of DNSSEC requeries by optionally prefetching the key
earlier in the validation process
- Prefetch option for popular queries before they expire
- Fix re-query pattern on invalid DNSKEY or DS records to reduce traffic
to a few packets / zone instead of a few packets / record
--- 4.0.2 2010/03/09
wrbuf_destroy allows NULL WRBUF passed to it.
Fix CCL qualifier aliases (did not work since YAZ 2.1.56).
Add ZOOM_connection_close.
No fixed size buffers for ZOOM shell - bug #3257.
tstodr: make it work on s390 platform.
New icu iterator-functions. The new icu_iter-functions makes it possible
to use ICU chains from many threads.
yaz-client: better syntax check for show command.
The interface is inspired to the ping(8) unix command, but hping isn't
only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP
protocols, has a traceroute mode, the ability to send files between a
covered channel, and many other features.
Some files were missing from the tarball depending on how it was
packaged; added them to MANIFEST.in to make sure they get included.
Also updated mk-constants with the latest DLT_* entries from
tcpdump.org.
* pylibpcap-0.6.1, 25 July 2007
Clarified the license terms. Rewrote some of the module initialization
to hopefully make it less fragile when SWIG changes. Added a bunch of
new DLT_* constants. Made a few changes to the syntax in pcap.i to match
with the current SWIG-1.3.x syntax.
* pylibpcap-0.6, 2007-02-14
Had to manually add SWIG_PY_INT to mk-constants.py to support
swig-1.3.31
Normalized indentation to Python semi-standard 4 spaces.
Changed #!/usr/bin/env lines from python2 to python, since
no distros use python2 anymore.
including software and hardware (cards, serial numbers, etc) and uses CVS
(Concurrent Version System) or Subversion to maintain history of changes.
CVE-2008-4979 (getipacctg) is still not fixed by upstream, however,
that script is not part of the core fuction (rather a contrib)
and probably not going to be used by the normal users of this package.
It provides a complete DNS client implementation, including full DNSSEC support.
Dnsruby is currently used in projects such as OpenDNSSEC and ISC's DLV service.
to options. Changes since 0.99.15:
bgpd:
use monotonic clock for time of day
code cleanup
compile warnings cleanup
work around warning in assegments_parse()
ospfd:
fix debug messages that were masked by DISCARD_LSA
remove unneeded memset from a very hot function
VTY strings cleanup
comment out unused function
make local functions static
enable more OSPF cost command aliases
lib:
fix memory logging
make some structures constant
move check_bit into prefix common code
fix warning on little endian
make match functions take const args
remove unused function: route_dump_node()
log source of vty connections (bug #566)
zebra:
change router-id selection algo
deal with irdp compile warnings
cleanup RIB meta queue code
fix more warnings in rtadv
fix more compiler warnings
remove unused function to fix warning
handle RTF_CLONING removal from FreeBSD 8.0
fix argument reference in strncpy() call for BSD
fix RIB debug message for IPv6
make declaration const in rtm_flag_dump()
fix router advertisements for non-Ethernet link layer addresses
ospf6d:
remove dead code
fix warnings from recent prefix bit commit
review LSA sequence number comparison
fix LSA locking in ospf6_new_ls_id()
other:
ripd: fix compiler warnings
ripngd: compiler warnings cleanup
isisd: fix --enable-isis-topology for 64-bit Linux
isisd: fix BPF ioctl() calls, treat "true" and "false" as reserved
configure: fix spelling
configure: fix HAVE_CLOCK_MONOTONIC spelling
Upstream changes:
Changes for 1.20
- Solved Issue 2: Host-specific start_time and end_time.
- Applied Patch provided by briandlong on retrieving
start_time and end_time attributes for host.
- Solved Issue 6: _del_port not removing port 0.
- Thomas Equeter submitted patch to support traceroute in nmap
output.
pkgsrc changes:
- Add license definition
- Adjust dependencies
Upstream changes:
0.14 2010/01/04 08:30:00
- Added minimum requirement of IO::Socket::SSL v1.08, since I just got word
that v0.97 caused Net-FTPSSL to hang! And v1.08 was the release I
originally developed Net::FTPSSL with & is easily available for Windows
users as a pre-built release. But that release is still pretty old.
(IO::Socket::SSL is currently at v1.31 as of this writting.)
- Fixed bug in _common_put() where it didn't actually test the final status
message when closing the data connection. So missed a rare failure case.
- Fixed similar bugs in list() & get() as well.
- Caught more list() & nlst() error conditions that returned undef instead of
the empty list as documented.
- Added the Server/Port to start of trace file after the version # since not
all servers returned this info in their log messagse.
0.13 2009/11/01 08:30:00
- Decided to skip unlucky release # 13!
0.12 2009/09/29 08:30:00
- Made some POD changes.
- Fixed so each class instance has it's own file hande so multiple instances
won't write to the log file of the last Net::FTPSSL->new() call made with
Debug turned on. Also fixed t/10-complex.t to use multiple connections so
we can manually verify this is finally corrected.
- Made sure the version of FTPSSL used always gets written out when Debug is
turned on. So removed this code from t/10-complex.t as no longer needed.
- Fixed "quit" to close the DebugLogFile, will write to STDERR if anything
else is improperly called after "quit" is called!
- Fixed "put" tie file handle problem from Tkt # 49378.
- Added mdtm() & mfmt() to follow FTP specs & exposed _mdtm() & _mfmt() in
the POD text, which uses timestamps instead. Per request # 49376. The
underscore versions are more user friendly.
- Added size() per request # 49377.
- Minor fixes to 10-complex.t to support new functionality.
- Reorged some older code to make it easier to maintain. Making some blocks
of code much smaller and less awkward.
- Fixed xput & xget to delete the dest file before renaming the scratch file.
Avoids rare file permission issues when the dest file already exists and the
file recognizer is down.
0.11 2009/07/19 08:30:00
- Added ccc() to end of 10-complex.t test script.
- Updated the ccc() docs on issues with older IO::Socket::SSL versions.
- Provided solution to Tkt # 47659, problems with CCC - RFC 4217 Section 12.3.
Where CCC behaves differently for different FTPS servers.
- Added Debug option to allow writing to DebugLogFile in append mode instead
of creating a new log file every time. So can use same log file when
serially making FTPS connections.
- Now allows overriding of the IMP_CRYPT port 990 to something else. Found a
server that allowed me to change the implicit port # for this. Tkt # 46851.
0.10 2009/06/30 08:30:00
- Updated the Port vs IMP_CRYPT documentation to state you can't override
port 990 for IMP_CRYPT. Where before this was just assumed.
- Added option DebugLogFile to allow you to write your Debug info to a
file of your choice instead of STDERR. This way multiple FTPS connections
can be traced separately of each other. Also keeps other writes to STDERR
separate.
0.09 2009/05/13 08:30:00
- Fixed some typos in the documentation.
- Fixed so list() & nlst() no longer return undef on some errors instead of
the empty list as documented.
- Fixed bug # 45710 where nlst() has issues returning zero rows.
- Fixed xput() so the scratch file is guaranteed to appear in the same
directory as the final file unless the prefix overrides it with a directory
of it's own. Fixes issue where the remote file wasn't being written to the
current directory on the remote server and we couldn't write to the current
directory on that server for the scratch file.
- Added xget() as the complement to xput(). Where the file recognizer is on
the client side.
- Added ccc() for finally supporting the CCC command. (Clear Command Channel)
- Improved get() logic for removing zero byte files if it can't download the
requested file. Still leaves behind partially downloaded files on purpose.
- Enhanced t/10-complex.t to test new functionality. (But not CCC due to
security concerns.)
- Added last_status_code() to return the 1 digit status returned by message()
so your code can branch on particular issues instead of just pass/fail.
0.08 2009/03/23 08:30:00
- Fixed new() to also accept a hash reference. So can do either way now!
Pass the hash by reference or pass the hash by value.
- Fixed command() & response() undefined function bug when called by a
socket data type in new() and a fatal error was encountered. Solved by
not calling the member function in the normal way.
- Added $Net::FTPSSL::ERRSTR to give you access to the error messages
generated when you couldn't create a Net::FTPSSL object via new(). Also
set when Croak is called even though you had the special perl variable $@
for this. It is also printed to STDERR when Debug is turned on.
- Fixed response() case where the ending message had CR's in it and it was
being truncated.
- Fixed response() to detect unexpected EOF: Bug # 43670.
- Now passes Timeout to start_SSL() calls in new().
- Added plain old FTP as option CLR_CRYPT. Just avoids encrypting the
command channel. Still doesn't support the CCC command.
- Fixed implicit problem. Turned out to be a bug in choosing the "default"
port as well as reading the response to soon. Bug # 28914.
- Exposed all the FTP CMD status constants for public use.
- Added unsupported option SSL_Advanced for Enhancement Request # 44042.
Use at your own risk! It's not supported by the developer of Net::FTPSSL.
- Enhanced t/10-complex.t to print the version of Net-FTPSSL being tested and
support/test the new functionality. Also now generates a backup copy of
the trace log named after the options selected to ease testing of multiple
configurations.
- Added xput for avoiding file recognizer issues on the FTPS server side
during file transfers. IE the file recognizer picks the file up before the
transfer completes. After the rename the file recognizer can safely assume
the file transfer has completed without issues.
- Added option in new() to support preserving the timestamps on files
transfered between the client & server via get(), put(), uput() & xput().
Works providing the FTPS server supports this functionality.
- Fixed response() timing bug where sysread() sometimes read the results of
multiple commands. Ex: the 150 INFO msg for opening the data connection and
the 226 transfer complete message. This bug caused FTPSSL to randomly hang
when connected to some servers.
- Fixed bug where nlst() hung if it returned zero rows on some servers.
- Removed total from list() since it wasn't always present for all servers
and it was the total block size, not the total # of files or bytes returned.
- Fixed list() & nlst() to allow wildcard filters similar to unix "ls" cmd.
The only wildcards being "*" or "?".
0.07 2009/02/24 08:30:00
- Corrected some typos in the documentation.
- Implemented call back functionality for all data channel functions.
- Fixed uput() to return the file name used on success instead of just
true/false. Will still return "undef" on failure. Needed in order to
figure out what the other server actually called the file we sent it.
- Exposed the DataProtLevel constants for public use.
- Added callback feature for all data channel FTP functions.
- Now uses caller() extensively to combine multiple similar functions together
and for callback support.
- Another fix to the get() bug introduced by the Bug 17537 fix. The previous
attempt in v0.06 didn't fully fix the problem! So took different approach.
- Enhanced t/10-complex.t & t/00-basic.t
The following changes may break some existing code ...
- Added new option 'Croak' to cause all failures to call croak() instead of
returning undef. This caused some minor incompatabilities on error handling
if your code depended on some old croak() calls. But the new code is now
consistant in error handling in either always returning failure or always
calling croak! It no longer does a combination of both.
- Added set_croak() to help mitigate above issue, by being able to turn the
croak feature on & off. t/10-complex.t uses this logic while initializing
the connection.
- user() & password() have been renamed since internal functions.
0.06 2009/02/03 08:30:00
- Added new() DataProtLevel option to allow selecting the Data Channel
Protection.
- Fixed _help() so supported() works for some new servers.
- new() now allows you to select SSL over TLS for connections via useSSL.
- Fixed get() bug that sometimes added extra \015 to ASCII files downloaded.
Introduced when Bug 17537 was fixed.
- Enhanced t/10-complex.t
0.05 2009/01/05 08:30:00
- Fixed resonse() to properly get the entire response instead of just the 1st
line of it. This change fixes many of the reported bugs reported against
this module.
- Fixed command() & response() to also log socket() calls in debug mode with
"SKT >>>" & "SKT <<<" prefixes.
- Added supported(), quot(), & _help()
- All response calls in new() are now tested & added debug flag to socket
object.
- Enhanced t/10-complex.t
- Other minor fixes.
- Bugs Fixed: 41665, 31720, 16751, 30359, 24136, 17537, 17538, 34818
pkgsrc changes:
- Add license definition
- Remove patch-aa (applied upstream)
Upstream changes:
1.012 Mon Mar 8 10:42:51 PST 2010
Interface.xs add test for NULL interface value to skip invalids
thanks to Brian West <brian@freeswitch.org> for the fix
typo update in Developer.pm
1.011 Mon Mar 23 13:55:58 PDT 2009
update inst/netsymbols.pl v0.09 to use $Config{perlpath}
instead of the default '/usr/bin/perl' when building
lib/Net/Interface/NetSymbols.pm
This will make 'pkgsrc' happy
pkgsrc changes:
- Add license definition
- Adjust dependencies
Upstream changes:
0.54 Refined listing script to reflect a "no foreign sales" policy.
0.53 Added support for return policy in my sample listing script
0.52 Patch by Michael Hendrix to make eBay client retry up to 2
times (configurable) in case of connection errors.
0.51 Added a missing dependency.
o CVE-2010-0728:
In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
was added to fix a problem with Linux asynchronous IO handling.
This code introduced a bad security flaw on Linux platforms if the
binaries were built on Linux platforms with libcap support.
The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
capabilities, allowing all file system access to be allowed
even when permissions should have denied access.
Samba 3.0 and 3.3. They were completely broken before this.
Bump PKGREVISION for both samba and samba33.
Fix from PR pkg/38961 by Makoto Fujiwara <makoto at ki dot nu>.
pkgsrc changes:
- Remove inactive and non-responsive maintainer
- Activate M:I:B module type
Upstream changes:
3.11008 2010-03-02
- Added support for new api methods: reverse_geocode, geo_id
- Updated method "update" with new parameters: place_id,
display_coordinates
3.11007 2010-02-27
- xAuth implemented and tested
3.11006_01 2010-02-26
- xAuth implemented: @oauth = $nt->xauth($username, $password);
3.11006 2010-02-25
- Fixed: unicode.t skip needed number of tests to skip (miyagawa)
3.11005 2010-02-25
- Fixed: image updates accept a single array ref argument (RT#54422)
- Fixed: "since" synthetic arg with InflateObjects role (RT#54901)
- Fixed: utf8 encoding error for latin1 using Basic Authentication
- Allow a pre-created user agent object as argument to new (ua => $ua)
- FAQ: How do I get Twitter to display something other than
"from Perl Net::Twitter"?
3.11004 2010-02-09
- Removed an extraneous tar ball from the distribution (no code changes)
pkgsrc changes:
- Adjust license definition
- Adjust homepage
Upstream changes:
0.17 Thu Jan 14 09:20:00 2010
- Support for RFC3579 - Message-Authenticator
0.16 Mon Dec 14 13:34:00 2009
- Generate random authenticators
- Support for CoA request (thanks to Oleg Gawriloff for the patch)
- Ability to specify the source IP/port for outgoing packets
0.15 Mon Oct 05 12:00:00 2009
- Bugfixes in error handling
0.14 Mon Aug 17 15:00:00 2009
- Authen::Radius is now distributed under the Perl Artistic
License v2.0
- Support for RADIUS retransmits
- For the "check_pwd" method plance the local socket's "real"
IP address into the NAS-IP-Address attribute
instead of 127.0.0.1
pkgsrc changes:
- Remove big-endian check, big-endian architectures are supported since
3.24
Upstream changes:
*** This will probably be the last release. From now on, please use
Net::Frame::* modules on CPAN. This framework is obsolete.
3.27 Mon Nov 9 19:19:57 CET 2009
- bugfix: PPPoE packing payload
=> http://rt.cpan.org/Public/Bug/Display.html?id=51112
- update: copyright notice
Based on PR#42918 by Wen Heping
Pkgsrc changes:
* set LICENSE to mit
* add handling of plugin cache file
Upstream changes:
from 8.1.0 to 10.0.0 is too long to put here.
please refer: http://twistedmatrix.com/trac/browser/trunk/NEWS
Thanks to Taylor R Campbell for nudge to update, and a patch to do so.
Pkgsrc changes:
o Add LICENSE=modified-bsd setting
Upstream changes (also includes changes from the enclosing "ldns"):
1.6.4 2010-01-20
* Imported pyldns contribution by Zdenek Vasicek and Karel Slany.
Changed its configure and Makefile to fit into ldns.
Added its dname_* methods to the rdf_* class (as is the ldns API).
Changed swig destroy of ldns_buffer class to ldns_buffer_free.
Declared ldns_pkt_all and ldns_pkt_all_noquestion so swig sees them.
* Bugfix: parse PTR target of .tomhendrikx.nl with error not crash.
* Bugfix: handle escaped characters in TXT rdata.
* bug292: no longer crash on malformed domain names where a label is
on position 255, which was a buffer overflow by one.
* Fix ldns_get_rr_list_hosts_frm_fp_l (strncpy to strlcpy change),
which fixes resolv.conf reading badly terminated string buffers.
* Fix ldns_pkt_set_random_id to be more random, and a little faster,
it did not do value 0 statistically correctly.
* Fix ldns_rdf2native_sockaddr_storage to set sockaddr type to zeroes,
for portability.
* bug295: nsec3-hash routine no longer case sensitive.
* bug298: drill failed nsec3 denial of existence proof.
1.6.3 2009-12-04
* Bugfix: allow for unknown resource records in zonefile with rdlen=0.
* Bugfix: also mark an RR as question if it comes from the wire
* Bugfix: NSEC3 bitmap contained NSEC
* Bugfix: Inherit class when creating signatures
1.6.2 2009-11-12
* Fix Makefile patch from Havard Eidnes, better install.sh usage.
* Fix parse error on SOA serial of 2910532839.
Fix print of ';' and readback of '\;' in names, also for '\\'.
Fix parse of '\(' and '\)' in names. Also for file read. Also '\.'
* Fix signature creation when TTLs are different for RRs in RRset.
* bug273: fix so EDNS rdata is included in pkt to wire conversion.
* bug274: fix use of c++ keyword 'class' for RR class in the code.
* bug275: fix memory leak of packet edns rdata.
* Fix timeout procedure for TCP and AXFR on Solaris.
* Fix occasional NSEC bitmap bogus
* Fix rr comparing (was in reversed order since 1.6.0)
* bug278: fix parsing HINFO rdata (and other cases).
* Fix previous owner name: also pick up if owner name is @.
* RFC5702: enabled sha2 functions by default. This requires
OpenSSL 0.9. 8 or higher. Reason for this default is the
root to be signed with RSASHA256.
* Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP,
very long lines
* Fix: Make ldns_dname_is_subdomain case insensitive.
* Fix ldns-verify-zone so that address records at zone NS set
are not considered glue (Or glue records fall below delegation)
* Fix LOC RR altitude printing.
* Feature: Added period (e.g. '3m6d') support at explicit TTLs.
* Feature: DNSKEY rrset by default signed with minimal signatures
but -A option for ldns-signzone to sign it with all keys.
This makes the DNSKEY responses smaller for signed domains.
1.6.1 2009-09-14
* --enable-gost : use the GOST algorithm (experimental).
* Added some missing options to drill manpage
* Some fixes to --without-ssl option
* Fixed quote parsing withing strings
* Bitmask fix in EDNS handling
* Fixed non-fqdn domain name completion for rdata field domain
names of length 1
* Fixed chain validation with SHA256 DS records
1.6.0
Additions:
* Addition of an ldns-config script which gives cflags and libs
values, for use in configure scripts for applications that use
use ldns. Can be disabled with ./configure --disable-ldns-config
* Added direct sha1, sha256, and sha512 support in ldns.
With these functions, all NSEC3 functionality can still be
used, even if ldns is built without OpenSSL. Thanks to OpenBSD,
Steve Reid, and Aaron D. Gifford for the code.
* Added reading/writing support for the SPF Resource Record
* Base32 functions are now exported
Bugfixes:
* ldns_is_rrset did not go through the complete rrset, but
only compared the first two records. Thanks to Olafur
Gudmundsson for report and patch
* Fixed a small memory bug in ldns_rr_list_subtype_by_rdf(),
thanks to Marius Rieder for finding an patching this.
* --without-ssl should now work. Make sure that examples/ and
drill also get the --without-ssl flag on their configure, if
this is used.
* Some malloc() return value checks have been added
* NSEC3 creation has been improved wrt to empty nonterminals,
and opt-out.
* Fixed a bug in the parser when reading large NSEC3 salt
values.
* Made the allowed length for domain names on wire
and presentation format the same.
Example tools:
* ldns-key2ds can now also generate DS records for keys without
the SEP flag
* ldns-signzone now equalizes the TTL of the DNSKEY RRset (to
the first non-default DNSKEY TTL value it sees)
1.5.1
Example tools:
* ldns-signzone was broken in 1.5.0 for multiple keys, this
has been repaired
Build system:
* Removed a small erroneous output warning in
examples/configure and drill/configure
1.5.0
Bug fixes:
* fixed a possible memory overflow in the RR parser
* build flag fix for Sun Studio
* fixed a building race condition in the copying of header
files
* EDNS0 extended rcode; the correct assembled code number
is now printed (still in the EDNS0 field, though)
* ldns_pkt_rr no longer leaks memory (in fact, it no longer
copies anything all)
API addition:
* ldns_key now has support for 'external' data, in which
case the OpenSSL EVP structures are not used;
ldns_key_set_external_key() and ldns_key_external_key()
* added ldns_key_get_file_base_name() which creates a
'default' filename base string for key storage, of the
form "K<zone>+<algorithm>+<keytag>"
* the ldns_dnssec_* family of structures now have deep_free()
functions, which also free the ldns_rr's contained in them
* there is now an ldns_match_wildcard() function, which checks
whether a domain name matches a wildcard name
* ldns_sign_public has been split up; this resulted in the
addition of ldns_create_empty_rrsig() and
ldns_sign_public_buffer()
Examples:
* ldns-signzone can now automatically add DNSKEY records when
using an OpenSSL engine, as it already did when using key
files
* added new example tool: ldns-nsec3-hash
* ldns-dpa can now filter on specific query name and types
* ldnsd has fixes for the zone name, a fix for the return
value of recvfrom(), and an memory initialization fix
(Thanks to Colm MacCárthaigh for the patch)
* Fixed memory leaks in ldnsd
1.4.1
Bug fixes:
* fixed a build issue where ldns lib existence was done too early
* removed unnecessary check for pcap.h
* NSEC3 optout flag now correctly printed in string output
* inttypes.h moved to configured inclusion
* fixed NSEC3 type bitmaps for empty nonterminals and unsigned
delegations
API addition:
* for that last fix, we added a new function
ldns_dname_add_from() that can clone parts of a dname
Changes since 3.3.10
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 6557: Fix vfs_full_audit.
* BUG 7036: Fix 'net rpc getsid' in hardened Windows environments.
* BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls.
* BUG 7067: Fix failing of smbd to respond to a read or a write caused by
Linux asynchronous IO (aio).
* BUG 7072: Fix unlocking of accounts from ldap.
* BUG 7104: "wide links" and "unix extensions" are incompatible.
* BUG 7122: Fix reading of large browselist.
* BUG 7154: "mangling method = hash" can crash storing a name containing
a '.'.
* BUG 7155: Valgrind Conditional jump or move depends on uninitialised
value(s) error when "mangling method = hash".
o Gunther Deschner <gd@samba.org>
* BUG 7043: Fix crash bug in "SMBC_parse_path".
o Volker Lendecke <vl@samba.org>
* BUG 5626: Fix build on AIX.
* BUG 5885: Fix bogus ip address in SWAT.
* BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS
server.
o Stefan Metzmacher <metze@samba.org>
* BUG 7098: Fix results of 'smbclient -L' with a large browse list.
* BUG 7170: Fix handling of external domains in setups with one way trusts.
o William Jojo <w.jojo@hvcc.edu>
* BUG 7052: Fix DFS on AIX (maybe others).
o Bo Yang <boyang@samba.org>
* BUG 7106: Fix malformed require_membership_of_sid.
Changes in version 0.2.1.24 - 2010-02-21
Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time
for sure!
o Minor bugfixes:
- Work correctly out-of-the-box with even more vendor-patched versions
of OpenSSL. In particular, make it so Debian and OS X don't need
customized patches to run/build.
Changes in version 0.2.1.23 - 2010-02-13
Tor 0.2.1.23 fixes a huge client-side performance bug, makes Tor work
again on the latest OS X, and updates the location of a directory
authority.
o Major bugfixes (performance):
- We were selecting our guards uniformly at random, and then weighting
which of our guards we'd use uniformly at random. This imbalance
meant that Tor clients were severely limited on throughput (and
probably latency too) by the first hop in their circuit. Now we
select guards weighted by currently advertised bandwidth. We also
automatically discard guards picked using the old algorithm. Fixes
bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.
o Major bugfixes:
- Make Tor work again on the latest OS X: when deciding whether to
use strange flags to turn TLS renegotiation on, detect the OpenSSL
version at run-time, not compile time. We need to do this because
Apple doesn't update its dev-tools headers when it updates its
libraries in a security patch.
- Fix a potential buffer overflow in lookup_last_hid_serv_request()
that could happen on 32-bit platforms with 64-bit time_t. Also fix
a memory leak when requesting a hidden service descriptor we've
requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
by aakova.
o Minor bugfixes:
- Refactor resolve_my_address() to not use gethostbyname() anymore.
Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik.
o Minor features:
- Avoid a mad rush at the beginning of each month when each client
rotates half of its guards. Instead we spread the rotation out
throughout the month, but we still avoid leaving a precise timestamp
in the state file about when we first picked the guard. Improves
over the behavior introduced in 0.1.2.17.
Changelog:
* *nix: Add support for forward and backward mouse buttons
* Speed limits can be re-enabled on SFTP connections
* Changed settings did not come into effect unless FileZilla was restarted
* Small performance improvements
* Spelling fixes
* Rebuilt due to timer problems
* Speed limits can be quickly set using the menu and a new indicator in the status bar
* Display number of bytes transferred and duration of transfer in log
* MSW: React to back button of mouse in file lists
* Updated blukis icon set
* Refactored large parts of the toolbar and menubar code
* A race condition in the socket code could lead to crashes
* Fix connecting to addresses longer than 15 characters if using SOCKS proxy
* Get add to queue in local directory tree context menu working again
* Do not open request dialogs if user is holding a mouse button
* Forward all Ctrl+Tab key events to tab bar
* Do not report SFTP exitcodes that do not originate from the server
* VendorID is now dhcpcd-$version:$OS-$version:$machine:$platform
* IPv4LL address range can now be used in DHCP requests
* sysctl net.ipv4.conf.$iface.promote_secondaries enabled on Linux
This resolves a long standing issue of changing ip on the same subnet.
* IPv4LL correctly resets the DHCP timer.
The changes in version 1.24 are
Security fixes
--------------
* Don't reply to invalid cmdmon packets (CVE-2010-0292)
* Limit client log memory size (CVE-2010-0293)
* Limit rate of syslog messages (CVE-2010-0294)
Bug fixes/Enhancements
----------------------
* Support for reference clocks (SHM, SOCK, PPS drivers)
* IPv6 support
* Linux capabilities support (to drop root privileges)
* Memory locking support on Linux
* Real-time scheduler support on Linux
* Leap second support on Linux
* Support for editline library
* Support for new Linux readonly adjtime
* NTP client support for KoD RATE
* Read kernel timestamps for received NTP packets
* Reply to NTP requests with correct address on multihomed hosts
* Retry name resolving after temporary failure
* Fix makestep command, make it available on all systems
* Add makestep directive for automatic clock stepping
* Don't require _bigadj kernel symbol on NetBSD
* Avoid blocking read in Linux RTC driver
* Support for Linux on S/390 and PowerPC
* Fix various bugs on 64-bit systems
* Fix valgrind errors and compiler warnings
* Improve configure to support common options and variables
* Improve status checking and printing in chronyc
* Return non-zero exit code on errors in chronyc
* Reduce request timeout in chronyc
* Print estimated offset in sourcestats
* Changed chronyc protocol, incompatible with older versions
Reviewed by: Joerg Sonnenberger <joerg@netbsd.org>
have any gnome-keyring so I get this error:
===> Creating toolchain wrappers for gst-plugins0.10-soup-0.10.18
ERROR: gnome-keyring>=0.4.0 is not installed; can't buildlink files.
*** Error code 1
My workaround is to abuse the BUILDLINK_API_DEPENDS to:
BUILDLINK_API_DEPENDS.libsoup24+= libsoup24>=2.28.0
(where that version is when the include of gnome-keyring was added)
In addition, the program now features a generic downloader that attempts
to work with any unknown URL the user provides, and appears to work
with several sites in tests.
Version 1.2.7.
-- msdl
* 13th release
* -a inf for infinite download retries.
$ msdl -a inf rtsp://foo.com/bar.wma
* mmsh resumeing (partly) supported
Still cannot resume in some cases, but mmsh resume support added.
* mmst to mmsh auto fallback added. if mmst fails to connect, it automatically tries mmsh.
* added check on fwrite()
* fixed possible memory leaks which happens when --logfile a --logfile b etc.
* msdl.spec added, for rpm systems.
the "msdl.spec" file was originally created by Mr.Zidlicky. Thanks.
Collection.
The Perl 5 module allows you to run tests which translate as DNS
queries. It's simple to use and abstracts all the difficult query
checks from you.
Upstream changes:
Mon Jul 20 22:38:14 CET 2009
* Compilation fix for GCC 4.4, patch from Artem Zolochevskiy.
* Compilation fix Sun Studio 11 on Solaris 8 x86, patch from Ian Dickinson.
* Version 1.1.5
from Wen Heping.
* Fixed Bug #16940 (Net_LDAP2::startTLS should ignore errors before ldap_start_tls() being called)
* Fixed Bug #17023 (improper handling of wrapped lines in LDIF files)
* Fixed Bug #17057 (problem with parsing certain NOT-Filters)
An indentation change in DESCR, too.
This isn't latest release, but diffrence from current package is minimal
supported release.
Since changes are too huge to write here, please refer each release notes:
http://www.samba.org/samba/history/
And this pacakge already contain fix for CVE-2009-3297.
0.8
====
Changes since 0.7.1:
- Add lenient mode: Just pick-up the first resource available.
- Specify filter in Browse actions to reduce network usage.
- Don't browse containers with no children.
- Always re-browse containers on updates.
- Update childCount after browsing is done.
- Support for multiple networks.
- Leave selection of resource to gupnp-av.
- No need to search for all UPnP resources anymore.
- Fix infinite loop in icon cancelation code.
- No need to care about hosting of description document anymore.
- Adapt to new gupnp-av API.
- Add cmdline option to gupnp-upload to specify network interface.
- Many other minor/internal fixes.
Dependencies changed:
- gssdp >= 0.7
- gupnp >= 0.13
- gupnp-av >= 0.5
All contributors:
Zeeshan Ali (Khattak) <zeeshanak@gnome.org>
Ross Burton <ross@linux.intel.com>
0.5.4
=====
Changes since 0.5.2:
- Gracefully handle empty or no 'res' node.
- Function to get the list of descriptors from DIDL-Lite objects.
- More complete comparison for LPCM mime types.
- Fix incorrect type conversion of DLNA flags.
- DLNA flags should not default to a specific DLNA version.
- New APIs to deal with contributor-related properties in DIDL-Lite objects.
- Remove redundant construction methods.
- Add forgotten header to the meta-header file.
- Add and fix gobject-introspection annotations.
- Lots of documentation fixes.
- Many minor non-functional fixes/improvements.
Bug fixes in this release:
1935 - Incorrect conversion while parsing primary DLNA Flags
1934 - DLNA Flags should not default to a specific DLNA version.
1933 - Content type matching fails when additional parameters exist in LPCM
mime-type
1814 - Add "artists" property to GUPnPDIDLLiteObject
All contributors to this release:
Zeeshan Ali (Khattak) <zeeshanak@gnome.org>
Yakup Akbay <yakbay@ubicom.com>
Zachary Goldberg <zach@zachgoldberg.com>
0.5.2
=====
Changes since 0.5.1:
- Add a missing NULL check.
- Fix a potential leak of xmlDoc.
- Register a (g)type for GUPnPSearchCriteriaOp for better gtk-doc and
vala-gen-introspect support.
- Fix docs for GUPnPSearchCriteriaParser::expression.
- Fix parsing of SearchCriteria strings: Closing parenthesis doesn't imply end
of SearchCriteria expression.
All contributors to this release:
Zeeshan Ali (Khattak) <zeeshanak@gnome.org>
0.5.1
=====
A micro release to fix a regression in DLNA profile guessing code in the
previous (0.5) release.
0.5
===
Changes in this release:
- New completely object-oriented, much simpler and consistent API:
* GUPnPDIDLLiteResource & GUPnPDIDLLiteObject are now first-class GObjects.
* Convert the helper methods to read props and their attributes from DIDL-Lite
xml node into new first-class objects with writable properties:
- GUPnPDIDLLiteObject
- GUPnPDIDLLiteItem
- GUPnPDIDLLiteContainer
* GUPnPDIDLLiteObject provides a convenient method to get the compatible
resource given a SinkProtocolInfo string.
* A new class for dealing with protocolInfo fields: GUPnPProtocolInfo.
* A new class for dealing with DIDL-Lite descriptors: GUPnPDIDLLiteDescriptor.
* GUPnPDIDLLiteWriter now provides a much simpler API that is consistent with
rest of the GUPnP AV API.
* GUPnPDIDLLiteWriter now handles filtering of DIDL-Lite XML.
* Correct possible values of GUPnPDLNAFlags.
* Replace GUPnPDIDLLiteParserObjectCallback by following signals:
- object-available
- container-available
- item-available
- New Error domain for protocol related errors.
- Workaround for broken printf() implementations.
- Bitrate is in bytes/second and not bits/second.
- Enable DLL on windows.
Dependencies changed:
- gupnp >= 0.13
Bug fixes in this release:
1729 - bitrate checks in gupnp-dlna.c look wrong.
1579 - Minor fixes to enable dynamic library on windows
All contributors to this release:
Zeeshan Ali (Khattak) <zeeshanak@gnome.org>
Sven Neumann <s.neumann@raumfeld.com>
Jens Georg <mail@jensge.org>
Ross Burton <ross@openedhand.com>
WARNING: This release is API and ABI incompatible with previous releases.
