Xen is is a virtual machine monitor for x86 that supports execution of
multiple guest operating systems with unprecedented levels of performance
and resource isolation. Xen is Open Source software.
See http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ for more details on Xen.
See http://www.netbsd.org/Ports/xen/ for more details on NetBSD/xen.
Changes since 1.11.15:
**********************
SERVER SECURITY FIXES
* A potential buffer overflow vulnerability in the server has been fixed.
Prior to this patch, a malicious client could potentially use carefully
crafted server requests to run arbitrary programs on the CVS server machine.
This addresses the Common Vulnerabilities and Exposures Project's issue
#CAN-2004-0396. Please see <http://www.cve.mitre.org> for more information.
BUG FIXES
* The Microsoft Visual C++ workspace and project files have been repaired and
regenerated with MSVC++ 6.0.
* The cvs.1 man page is now generated automatically from a section of the CVS
Manual.
* Thanks to a report from Mark Andrews at the Internet Systems Consortium, the
:ext: connection method no longer relies on a transparent transport that uses
an argument processor that can handle arbitrary ordering of options and other
arguments when using a username other than the caller's.
* Thanks to Ken Raeburn at MIT, directory deletion, whether via `cvs release'
or empty directory pruning, now works on network shares under Windows XP.
- Some complilation fixes.
- Added the --xml parameter to the certtool utility.
Changes 1.0.12:
- Corrected bug in OpenPGP key loading using a callback.
- Renamed gnutls-srpcrypt to srptool
- Allow handshake requests by the client.
* Things backported from the development branch:
- Added support for authority key identifier and the extended key usage
X.509 extension fields. The certtoool was updated to support them.
- Added batch support to certtool. Now it can use templates.
- The RC2 cipher is no more included. The one in libgcrypt is now used.
Changes 1.0.11:
- Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name()
- Corrected bug in TLS renegotiation.
Changes 1.0.10:
- Corrected bug in RSA parameters handling which could cause
unexpected crashes.
- Corrected bug in SSL 3.0 authentication.
* First stable release.
Changes 1.1.94
* The support for multi-threaded users goes into its third
incarnation. We removed compile time support for thread libraries.
To support the thread library of your choice, you have to set up
callback handlers at initialization time. New data structures, a
new control command, and default initializers are provided for this
purpose.
* Interface changes relative to the 1.1.93 release:
libgcrypt-config --thread OBSOLETE
libgcrypt-pth.la REMOVED
libgcrypt-pthread.la REMOVED
GCRYCTL_SET_THREAD_CBS NEW
struct gcrypt_thread_cbs NEW
enum gcry_thread_option NEW
GCRY_THREAD_OPTION_PTH_IMPL NEW
GCRY_THREAD_OPTION_PTHREAD_IMPL NEW
Changes 1.1.93
* The automatic thread library detection has finally been removed.
From now on, only linking explicitely to libgcrypt, libgcrypt-pth
or libgcrypt-pthread is supported.
- Added scripts to assist in libtasn1 version detection
from configure scripts.
- Corrected a DER decoding bug which was reported
by Max Vozeler <max@hinterhof.net>.
Changes 0.2.9
- Accept negative numbers as range in INTEGER declarations
Changes 0.2.8
- Add asn1_delete_element function
It says to use "pseudo-device rnd" kernel configuration.
TODO: if the above instructions are fine for other
operating systems with /dev/urandom then add.
faults, and haven't tracked down why yet.
No allow PAM authentication if Linux (and USE_PAM is defined).
This will close my 20846 PR from March 2003.
Also, install the contrib/sshd.pam.generic file as the example
sshd.pam instead of the FreeBSD version, but this okay since
it was commented out in the first place.
TODO: test the PAM support on other platforms and allow
if USE_PAM is defined.
* Fixed: 'Missing HOLD_FILE' logic error fixed in lpd_rcvjob.c
* Fixed: configure with-initpath
--with-initpath=PATH now works correctly
* Fixed (well, clarified):
Errormsg() now checks for a 'null' error string and provides
a printable version of errno for logging.
* Edited the Scan_queue() function to print error message and removed
some dead code.
* lpc MOVE could result in endless loop.
* lpc MOVE will now start printing job in destination, rather than just copying
and preserving status of last operation.
* Added detailed error message for connection failure.
* Found a really small (1 byte) memory leak in LPD. Solves the mystery of
the server dying with malloc failed messages.
0.28: - Use netname() when running fping etc. Reject duplicate hostnames.
Problem noted by alan.
0.29: - Add ${fqdn} to the list of available keys in dirtrees.
- Allow 'key -= value' to remove values from key settings
- When '-d' is specified display the final state of the configuration
- If dirtrees is assigned with '=', disable the 'insert after ${type}'
behaviour for any subsequent 'distrees +=' option
0.30: - completely rework parsing of rdist
0.28: - Use netname() when running fping etc. Reject duplicate hostnames.
Problem noted by alan.
0.29: - Add ${fqdn} to the list of available keys in dirtrees.
- Allow 'key -= value' to remove values from key settings
- When '-d' is specified display the final state of the configuration
- If dirtrees is assigned with '=', disable the 'insert after ${type}'
behaviour for any subsequent 'distrees +=' option
0.30: - completely rework parsing of rdist
* The native Quicktime library can be used when reading/writing image files on Mac OS X.
* The -hibernate and -idlewait options now work on Mac OS X.
* Fixed a segfault when writing image files.
* Minor updates to allow compilation with gcc 3.4.0.
