Version 1.0.2
(October 14 2008, from branches/release/1.0.x)
svn://svn.gna.org/svn/clive/tags/1.0.2
User-visible changes:
* Added --hosts to list supported hosts
* Removed myvideo support (broken)
Developer-visible changes:
* Fixed googlevideo support, extraction would fail for some videos
* Fixed "AttributeError: 'builtin_function_or_method' object has no
attribute 'write'" (partially related to bug #12290)
* Added embedded link support for metacafe
- Thanks to Kai Wasserbach <debian@carbon-project.org> for the fix
* Updated AUTHORS and HACKING file
* Fixed man files with some syntax problems (bug #12266)
- Thanks to Marco Rodrigues <gothicx@sapo.pt> for the fixes
Bump ABI depends because of shlib major bump.
--- 3.0.36 2008/09/26
Various ODR chapter fixes.
Windows version uses libxml2 2.6.32+, libxslt 1.1.23+ and ICU 4.0.
Added missing source for Windows compilation, mutex.c.
Fixed compilation of YAZ for Visual Studio 2008. Bug #2256.
For SRU connections in ZOOM all records up to "count" are now fetched.
Fixed crash in generic frontend server (and yaz-ztest) which occurred
in Windows due to bad error handling for Libxml2.
Added facility for sending arbitrary records (ASN.1 any) using
ZOOM C's Extended service update. Patch by Sam Reynolds.
New options for ZOOM C's connection, logapdu which makes ZOOM log
APDUs.
--- 3.0.34 2008/06/18
YAZ uses GNU TLS without the OpenSSL compatibility wrapper.
--- 3.0.32 2008/06/12
Fixed memory violation that could occur when decoding UTF-8. This bug
was only present in 3.0.30 of YAZ.
--- 3.0.30 2008/06/06
Implemented SSL sockets using GNU TLS. OpenSSL is still supported, but
GNU TLS is used by default (if found).
yaz-ztest returns OPAC records if a client asks for OPAC.
Improved speed of MARC-8 encoding.
Added support for lossy and loss-less MARC-8 encoding.
Changed yaz_record_conv_record to be reentrant for XSLT conversions.
Added new Windows Service wrapper (sc).
yaz-client's itemorder command may now send a file.
Fixed yaz-marcdump to allow the use of NS prefix for record element.
Added new function yaz_log_xml_errors.
Allow (but warn) unknown XML attributes in MARCXML parsing.
Handle G1 sequneces in MARC-8 decoding. Bug #2115.
The UTF-8 to MARC-8 conversion now uses a different set of characters
for Greek symbols. Bug #2120.
--- 3.0.26 2008/02/21
Added yaz_daemon (daemon.h).
Fixed bug #2068: pkg-config trouble
Fixed bug #395: ZOOM_record / OPAC record encoding problems.
--- 3.0.24 2008/01/28
Document --with-xml2 option.
Added OPAC XML XSD (etc/opacxml.xsd).
Allow glob mask for name attribute in retrieval element for the
generic frontend server's retrieval facility.
Changed yaz_poll_poll to return yaz_poll_except for all returned events
except POLLIN/POLLOUT.
Fixed error handling in cs_listen. Bug #2037.
--- 3.0.22 2008/01/20
Fixed version in yaz/yaz-version.h.
Fixed bug #2027: Crash when closing connection.
Changed configure so that ICU support is only enabled if only ICU
and Libxml2 is available (because the ICU chain is XML based).
--- 3.0.20 2008/01/15
YAZ now makes ICU utilities for Windows. A separate DLL, yaz_icu3.dll,
is built. Only this DLL depends on the ICU runtime.
yaz-ziffy is no longer part of YAZ. It is distributed separately by
Index Data because ziffy's license is GPL2 rather then 'Revised BSD'.
Changed license of CCL module to 'Revised BSD'. After consultation with
remaining members of the original EUROPAGATE consortium, we are re-issuing
the CCL module without a separate license. The software was developed by
Index Data as part of a research project. The special license was included
to help feed usage information back to the project consortium to support
project evaluation. At this time, the project consortium has long-since
disbanded, and the majority of the original principals have retired. At the
same time, we have significantly modified the software during the following
years, to the point where very practically no original code remains. To
simplify re-use of the software, we have contacted those members of the
consortium who could be reached, and agreed to re-issue the module as a
proper part of the YAZ package.
Tcl scripts uses /usr/bin/tclsh as preferred shell.
CQL closer to being version 1.2 compliant. CQL also allows free-form
terms, such as 'title=a b', and thus, make the CQL parser more CCL-like
and user-frendly.
Fixed bug in ZOOM_options_getl WRT setting of parameter lenp. This
bug could make Extended services handling crash in the ZOOM layer. This
bug was only present in YAZ 3.0.18.
--- 3.0.18 2007/12/19
ziffy uses YAZ' options rather than getopt; getopt is unavailable on
some systems.
yaz-marcdump reads and writes collection wrapped records.
Handle OPAC for record conversion module.
Fixes for ICU wrapper.
Allow ICU libs to be controlled with --with-icu .
--- 3.0.16 2007/11/12
Added yaz_poll which is a wrapper for select/poll. When poll is available
and non-buggy, it is used, by yaz_poll . This allows more than 1024
sockets to be in use.
Added ICU wrapper library which exposes ICU http://www.icu-project.org/
functionality through an XML based configuration (ICU chain). This system
is useful for search facilities such as Pazpar2 and Zebra that needs to
perform tokenization of indexed material. The ICU code in a separate
library libyaz3_icu.a.
Added HTTP tunnel facility for COMSTACK, bug #1752.
This is a facility that allows a Web proxy, such as squid, to tunnel
Z39.50 traffic. This facility is "transparent" to must applications
using YAZ. It's enabled by using pseudo transport connect: followed by
the proxy address, followed by command, then follwed by he regular
"virtual" addresss. For example,
connect:webproxy.com:3128,tcp:z3950.loc.gov:7090/voyager .
More MARC-8/UTF-8 conversion fixes. Bugs #1666, #1667, #1778.
--- 3.0.14 2007/09/21
Fixed bad memory reference in ZOOM_record - cuased by member not being
initialized. This was a problem only in YAZ 3.0.12.
Fixed bug in conversion from MARC to XML: Non-XML characters in control
fields were not removed.
Changed the way C code is generated from codetables.xml. Made a MARC-8
conversion trie for each characterSet section rather than codeTable.
This is ensure the code can deal with G0/G1 sequences. Use of a newer version
of codetables.xml from Larry Dixson, LOC. Bug #1464.
--- 3.0.12 2007/09/12
ZOOM C now handles SRU surrogate diagnostics (i.e. errors returned
from ZOOM_record_error).
ZOOM C function ZOOM_record_get returns record schema for type="schema".
Implemented HTTP Basic authentication to SRU/GET, SRU/POST and SRW requests.
Added new ZOOM C connection option 'sru_option' which specifies SRU version.
Better SRW-to-Bib-1 diagnostic mapping.
ZOOM C and yaz-client announces SRU version 1.2 by default.
yaz-client 'sru' command may specifiy both SRU version and transport (SOAP,
GET or POST).
Fixed in yaz_sru_decode to allow other version than 1.1.
--- 3.0.10 2007/08/22
Added support for SRU scan for ZOOM.
Added support for the use of the older versions or Extended Service
Update in ZOOM. To faciliate this, an option "updateVersion" may be
set to the version , 1=first, 2=second, 3=third. The third version is
what ZOOM C has used so far. And that, obviously, is the default.
Added support for CCL queries in Z39.50 queries sent to the GFS (and
therefore in Zebra and in SimpleServer-based applications). The new
<ccl2rpn> element in a GFS configuration file, if present, names a CCL
qualifier file used to transform incoming CCL queries into Type-1 RPN,
which is passed into the back-end search callback function.
Added support for HTTP Basic authentication in clients: the SRU/W
codec encodes the username/password elements of the PDU structure
appropriately, and these may be set using the "user" and "password"
options in ZOOM-C applications (the same options that are used for
Z39.50 authentication).
--- 3.0.8 2007/06/25
Fixed bug #1208: SSL appears to be broken in ZOOM.
Fixed bug #1206: Libxml2 include path weirdness.
Added oid_name_to_dotstring.
Allow elementSetName to be specified for ZOOM C record update.
Allow waitAction to be specified for ZOOM C based for Extended Services.
Fixed NULL ptr reference bug in yaz-ztest - caused by omitted record
syntax OID. Bug introduced in YAZ 3 series.
Updated WIN32 build to include Libxml2 2.6.28 / Libxslt 1.1.19.
--- 3.0.6 2007/06/06
Fixed bug #1157: yaz-client does not read .yazclientrc from current
directory. yaz-client now reads commands from file given by option -f
if specified; then tries to read .yazclientrc in current directory.
Failing that, it reads .yazclientrc from user's home directory.
Added support for correlationInfo Note and ID for Record Update via
ZOOM C.
Added yaz-client command querycharset which specifies character set for
query terms for Z39.50 RPN queries and Z39.50 Scan Requests
(termListAndStartPoint).
Charset ISO5428:1984 is an alias for ISO5428-1984.
Implemented a way to perform scan in a result set using Z39.50. This
is achieved by attaching the result set name in the characterInfo
(type InternationalString) of OtherInformation in the Scan Request PDU.
The result set is identified in the otherinformation by the new OID:
USERINFO, Z3950_PREFIX.10.1000.81.4, "Scan-Set
This allows for scan in result set and faceted search . Zebra did some
of this in the APT term using attribute type 8 and value being result
set. Using the OtherInformation approach for this is cleaner and easier
to work with in proxies and the like. This facility can be used in
yaz-client using new command setscan which takes a result set as first
argument, start position (APT) as second.
Changed decoding of SRU XML packed records to deal with servers that
have recordData with XML data with multiple root nodes. Also make
comparison for recordPacking case insensitive. Again, one server
returns "XML" where others return "xml".
For SRU responses allow Content-Type application/xml as well as text/xml.
--- 3.0.4 2007/05/21
Fixed bug in character set conversion of BER strings. Bug introduced
in 3.0.0.
--- 3.0.2 2007/05/08
For OIDs use Odr_oid type everywhere, i.e. do not assume Odr_oid=int.
For OID class, use oid_class consistently.
Fixed external handling for SUTRS and Explain records (bug appeared in 3.0
series).
Added partial support for ISO5428-1984, which is the "Greek alphabet coded
character set for bibliographic information interchange". By Giannis Kosmas.
Added documentation on new OID API.
--- 3.0.0 2007/05/02
Changes to generic frontend server interface: added new member
'query_charset' for bend_initrequest structure. A backend init handler
should set this member to its native character set for query terms.
When defined, the frontend server logic will announce this character set
to a client if the negotiationModel bit is set by the client. All server
implementors are encouraged to specify this. If a backend server does not
specify this a warning is issued using yaz_log(YLOG_WARN,..).
Added CCL utility to remove terms (stop words) from resulting RPN
tree. This is handled by functions with prefix ccl_stop_words_ .
New ZOOM C option, "rpnCharset", which allows client-side conversion of
terms in RPN queries.
Clean-up the CCL API. Moved some internal structures from ccl.h to
private header cclp.h. Changed ccl_parser_create so that a Bibset must
be supplied. Removed tokenize API from ccl.h - including ccl_parser_find.
This is replaced by ccl_parser_find_str which takes a string instead.
Split YAZ library into two libs : libyaz.la and libyaz_server.la.
libyaz.la is the core of YAZ except the generic frontend server and
does not depend on POSIX threads anymore. libyaz_server.la is the
generic frontend server facilities and uses POSIX thread functionality
if available. The libyaz.la no longer depends on POSIX threads because
the number of global structures is limited. NMEM no longer re-uses blocks
between threads ; it simply free's memory immediately but allocates in
"large" chunks as usual. We don't expect any performance penalties
because of this. The yaz_log system is still using a global log_level so
caution must be taken when modifying it with yaz_log_init_.. +
yaz_log_mask_str. This, however, should not cause any trouble because
these functions are called during initialization of application code
anyway. `yaz-config --libs server` returns libs for server applications;
`yaz-config --libs` returns libs for non-server applications.
New OID database - with public definitions in oid_db.h. Removed old OID
database including the head oid.h and definitions such as enum oid_value
and struct oident. The new OID database uses the same string names as
before but the 'protocol' is gone. There are now only two representations
raw OID (int *) and string. Functions with prefix yaz_string_to_oid
converts from string to OID; functions with prefix yaz_oid_to_string
converts the other way.
Change to emit_term() in CQL-to-PQF query translation: when a term has
the /regexp relation modifier, do not process it for leading and
trailing "^" and "*", which have quite different meanings in regular
expressions.
Attempted fix of bug #976: Segfault in yaz_iconv. The yaz_iconv function
write handlers no longer carries a 'last' parameter. This will make
yaz_iconv flush "less" characters. A flush is performed by call to
yaz_iconv(cd, 0, 0, &outbut, &outbytesleft) .
Definition of wrbuf_diags moved to querytowrbuf.h. Function wrbuf_put_zquery
removed, because function yaz_query_to_wrbuf does the same.
API changes to WRBUF. wrbuf_free removed; replaced by wrbuf_destroy. And
wrbuf_puts no longer appends '\0'. Use wrbuf_cstr to get C-string out.
Deprecated MARC utility functions removed.
Changed prototype of yaz_marc_decode_buf: const char for result and size_t
for rsize.
Approved by MAINTAINER.
Pkgsrc changes: switched to the IO-Socket-INET6 distribution
tarball without changing the package name, mark as not
requiring any compiler.
Changes since last packaged version (2.01):
2008-10-06 Shlomi Fish <shlomif@iglu.org.il>
* Applied a modified version of a patch by Anicka Bernathova
<anicka@suse.cz>:
{{{
Previously IO-Socket-INET6 tried to bind even when one side
is AF_INET and the other AF_INET6 and this cannot work.
The FAMILY_CHECK loop is meant to make sure both sides have
the same family.
}}}
* New Release IO-Socket-INET6-2.56
2008-09-24 Shlomi Fish <shlomif@iglu.org.il>
* Fixed: http://rt.cpan.org/Ticket/Display.html?id=39550 :
Problem with connect to IPv4 w/o given domain on FreeBSD6.1 (and
other BSD systems). (Thanks to Steffen Ullrich)
* New Release IO-Socket-INET6-2.55
2008-02-22 Shlomi Fish <shlomif@iglu.org.il>
* Added pack_sockaddr_in6_all to the imports from Socket6 to fix
the "configure" sub in several cases. Added t/configure6.t to test it.
* New Release IO-Socket-INET6-2.54
2008-02-21 Shlomi Fish <shlomif@iglu.org.il>
* Converted to Build.PL and placed INET6.pm under lib/.
* Added a "repository" URL to the POD.
* Added the pod.t and pod-coverage.t files and we now have full POD
coverage.
* Added more dependencies to the Build.PL.
* Added the credit of "Shlomi Fish".
* Changed the email address of Rafael to the new one in the ChangeLog
and README files.
* Someone reported that sockflow() and peerflow() were broken. The reason
for that was that unpack_sockaddr_in6_all was not imported from Socket6.
This release fixes it (with tests in t/host6.t).
* New Release IO-Socket-INET6-2.53
2008-02-05 Shlomi Fish <shlomif@iglu.org.il>
* New Release IO-Socket-INET6-2.52
* Added a test for peerhost() too.
* Fixed sockhost() with the fact that inet_ntop() was not imported.
- Added a test.
* Added "use warnings" to IO::Socket::INET6.
* Added a modified version of my patch (with more comments) to patch
the problems I found in IO-Socket-INET6. (generating
warnings upon using and failed tests.).
2004-18-10 Rafael Martinez Torres <rmartine@fdi.ucm.es>
* New Release INET6-2.51 .
* Patch from David Town <David.Town@marconi.com>
- peeraddr(), sockaddr() methods implemented.
- peerhost(), peerport(), sockhost(), sockport() improved efficiency.
- New optional parameters: Local(Peer)Flow,Local(Peer)Scopeid. (Only for IPv6)
- Local hack for MSWin32 platforms.
Patches mainly from adam@ with some changes by me
05 September 2008 - Version 2.1.0 has been released.
The focus of this release is features.
Feature Improvements
* Clients may now be defined dynamically, based on IP address. See raddb/sites-available/dynamic-clients.
* SNMP support is now available through an experimental Perl script. See scripts/snmp-proxy/README
* SNMP statistics are also available through Status-Server packets. See raddb/sites-available/status
* Added more Microsoft attributes from bug #568.
* The linelog module has more functionality and flexibility. See raddb/modules/linelog.
* The debugging output has been sanitized. It should be much more readable.
* Debug logs can now be turned on/off while the server is running, for a user, group, realm, etc. See the log section of raddb/radiusd.conf.
* Added support for WiMAX Forum attributes. The dynamic keys are not yet calculated. See share/dictionary.wimax
* Added session resumption for PEAP and TTLS. See raddb/eap.conf, and the cache sub-section.
* Added radmin command-line tool for administering a running server. See man radmin and raddb/sites-available/control-socket.
Bug Fixes
* Double escaping of '\\' in the users (and some other) files has been fixed. If you have '\\' in the users file, your configuration will need to be checked, and fixed!
* Parse security section of radiusd.conf. This was accidentally deleted in 2.0.5. Closes bug #566.
* Bind to interface before IP, which allows DHCP sockets to listen on "*" for multiple interfaces.
* Fix handling of giaddr in DHCP responses.
* Corrected parsing of status_check in home_server so that it works.
* Fix hints so that "Puser" works again.
* Removed length restrictions on attribute names in the dictionaries.
* Update socket code to avoid C compiler optimizations.
25 September 2008 - Version 2.1.1 has been released.
The focus of this release is stability.
Feature Improvements
* Many more options and features are available via radmin. See man radmin and raddb/sites-available/control-socket.
* Many more commands available via the control socket. Connect via radmin, and type help for more information.
* Added dictionary.networkphysics and dictionary.lancom.
* Calculate WiMAX MIP keys, and added sample WiMAX SQL tables.
Bug Fixes
* Fixed bug that made radmin not work.
* Fixed Suse && Debian package scripts.
* Fixed issues with dynamic clients.
* Fixed configure checks for -lreadline
* rlm_sqlippool no longer needs to be linked to rlm_sql.
* Add statistics for detail file listeners. This closes bug #593.
* Fixed printing of some WiMAX attributes.
* Fixed double free on exit() in rlm_attr_filter.
* Fixed build issues on Solaris.
* Fixed fast session resumption for EAP-TLS.
ORBit2-2.14.16
- bug fixes
+ fix make check on Mac OS/X
+ The ORBNetID option was not consistent in relation to
ORBIIOPIPName. This fix ensures that ORBIIOPIPName always
takes precedence. (Jules Colding)
ORBit2-2.14.15
- bug fixes
+ fix some leaks (Jules Colding)
+ fix for Mike's recent fixes (Mike Gorse)
+ fix potential make loop (Diego Pettenò)
2008.10.07 -- Version 2.1_rc13
* Bundled OpenSSL 0.9.8i with Windows installer.
* Management interface can now listen on a unix
domain socket, for example:
management /tmp/openvpn unix
Also added management-client-user and management-client-group
directives to control which processes are allowed to connect
to the socket.
* Copyright change to OpenVPN Technologies, Inc.
2008.09.23 -- Version 2.1_rc12
* Patched Makefile.am so that the new t_cltsrv-down.sh script becomes
part of the tarball (Matthias Andree).
* Fixed --lladdr bug introduced in 2.1-rc9 where input validation code
was incorrectly expecting the lladdr parameter to be an IP address
when it is actually a MAC address (HoverHell).
2008.09.14 -- Version 2.1_rc11
* Fixed a bug that can cause SSL/TLS negotiations in UDP mode
to fail if UDP packets are dropped.
2008.09.10 -- Version 2.1_rc10
* Added "--server-bridge" (without parameters) to enable
DHCP proxy mode: Configure server mode for ethernet
bridging using a DHCP-proxy, where clients talk to the
OpenVPN server-side DHCP server to receive their IP address
allocation and DNS server addresses.
* Added "--route-gateway dhcp", to enable the extraction
of the gateway address from a DHCP negotiation with the
OpenVPN server-side LAN.
* Fixed minor issue with --redirect-gateway bypass-dhcp or bypass-dns
on Windows. If the bypass IP address is 0.0.0.0 or 255.255.255.255,
ignore it.
* Warn when ethernet bridging that the IP address of the bridge adapter
is probably not the same address that the LAN adapter was set to
previously.
* When running as a server, warn if the LAN network address is
the all-popular 192.168.[0|1].x, since this condition commonly
leads to subnet conflicts down the road.
* Primarily on the client, check for subnet conflicts between
the local LAN and the VPN subnet.
* Added a 'netmask' parameter to get_default_gateway, to return
the netmask of the adapter containing the default gateway.
Only implemented on Windows so far. Other platforms will
return 255.255.255.0. Currently the netmask information is
only used to warn about subnet conflicts.
* Minor fix to cryptoapi.c to not compile itself unless USE_CRYPTO
and USE_SSL flags are enabled (Alon Bar-Lev).
* Updated openvpn/t_cltsrv.sh (used by "make check") to conform to new
--script-security rules. Also adds retrying if the addresses are in
use (Matthias Andree).
* Fixed build issue with ./configure --disable-socks --disable-http.
* Fixed separate compile errors in options.c and ntlm.c that occur
on strict C compilers (such as old versions of gcc) that require
that C variable declarations occur at the start of a {} block,
not in the middle.
* Workaround bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8, which
the new implementation of extract_x509_field_ssl depends on.
* LZO compression buffer overflow errors will now invalidate
the packet rather than trigger a fatal assertion.
* Fixed minor compile issue in ntlm.c (mid-block declaration).
* Added --allow-pull-fqdn option which allows client to pull DNS names
from server (rather than only IP address) for --ifconfig, --route, and
--route-gateway. OpenVPN versions 2.1_rc7 and earlier allowed DNS names
for these options to be pulled and translated to IP addresses by default.
Now --allow-pull-fqdn will be explicitly required on the client to enable
DNS-name-to-IP-address translation of pulled options.
* 2.1_rc8 and earlier did implicit shell expansion on script
arguments since all scripts were called by system().
The security hardening changes made to 2.1_rc9 no longer
use system(), but rather use the safer execve or CreateProcess
system calls. The security hardening also introduced a
backward incompatibility with 2.1_rc8 and earlier in that
script parameters were no longer shell-expanded, so
for example:
client-connect "docc CLIENT-CONNECT"
would fail to work because execve would try to execute
a script called "docc CLIENT-CONNECT" instead of "docc"
with "CLIENT-CONNECT" as the first argument.
This patch fixes the issue, bringing the script argument
semantics back to pre 2.1_rc9 behavior in order to preserve
backward compatibility while still using execve or CreateProcess
to execute the script/executable.
* Modified ip_or_dns_addr_safe, which validates pulled DNS names,
to more closely conform to RFC 3696:
(1) DNS name length must not exceed 255 characters
(2) DNS name characters must be limited to alphanumeric,
dash ('-'), and dot ('.')
* Fixed bug in intra-session TLS key rollover that was introduced with
deferred authentication features in 2.1_rc8.
008.07.31 -- Version 2.1_rc9
* Security Fix -- affects non-Windows OpenVPN clients running
OpenVPN 2.1-beta14 through 2.1-rc8 (OpenVPN 2.0.x clients are NOT
vulnerable nor are any versions of the OpenVPN server vulnerable).
An OpenVPN client connecting to a malicious or compromised
server could potentially receive an "lladdr" or "iproute" configuration
directive from the server which could cause arbitrary code execution on
the client. A successful attack requires that (a) the client has agreed
to allow the server to push configuration directives to it by including
"pull" or the macro "client" in its configuration file, (b) the client
succesfully authenticates the server, (c) the server is malicious or has
been compromised and is under the control of the attacker, and (d) the
client is running a non-Windows OS. Credit: David Wagner.
* Miscellaneous defensive programming changes to multiple
areas of the code. In particular, use of the system() call
for calling executables such as ifconfig, route, and
user-defined scripts has been completely revamped in favor
of execve() on unix and CreateProcess() on Windows.
* In Windows build, package a statically linked openssl.exe to work around
observed instabilities in the dynamic build since the migration to
OpenSSL 0.9.8h.
2008.06.11 -- Version 2.1_rc8
* Added client authentication and packet filtering capability
to management interface. In addition, allow OpenVPN plugins
to take advantage of deferred authentication and packet
filtering capability.
* Added support for client-side connection profiles.
* Fixed unbounded memory growth bug in environmental variable
code that could have caused long-running OpenVPN sessions
with many TLS renegotiations to incrementally
increase memory usage over time.
* Windows release now packages openssl-0.9.8h.
* Build system changes -- allow building on Windows using
autoconf/automake scripts (Alon Bar-Lev).
* Changes to Windows build system to make it easier to do
partial builds, with a reduced set of prerequisites,
where only a subset of OpenVPN installer
components are built. See ./domake-win comments.
* Cleanup IP address for persistence interfaces for tap and also
using ifconfig, gentoo#209055 (Alon Bar-Lev).
* Fall back to old version of extract_x509_field for OpenSSL 0.9.6.
* Clarified tcp-queue-limit man page entry (Matti Linnanvuori).
* Added new OpenVPN icon and installer graphic.
* Minor pkitool changes.
* Added --pkcs11-id-management option, which will cause OpenVPN to
query the management interface via the new NEED-STR asynchronous
notification query to get additional PKCS#11 options (Alon Bar-Lev).
* Added NEED-STR management interface asynchronous query and
"needstr" management interface command to respond to the query
(Alon Bar-Lev).
* Added Dragonfly BSD support (Francis-Gudin).
* Quote device names before passing to up/down script (Josh Cepek).
* Bracketed struct openvpn_pktinfo with #pragma pack(1) to
prevent structure padding from causing an incorrect length
to be returned by sizeof (struct openvpn_pktinfo) on 64-bit
platforms.
* On systems that support res_init, always call it
before calling gethostbyname to ensure that
resolver configuration state is current.
* Added NTLMv2 proxy support (Miroslav Zajic).
* Fixed an issue in extract_x509_field_ssl where the extraction
would fail on the first field of the subject name, such as
the common name in: /CN=foo/emailAddress=
foo@bar.comThis e-mail address is being protected from spambots. You need
JavaScript enabled to view it
* Made "Linux ip addr del failed" error nonfatal.
* Amplified --client-cert-not-required warning.
* Added #pragma pack to proto.h.
* Don't split large commands into multiple commands; just fail on them.
This prevents cross-site request forgery (CSRF)-like attacks,
when a web browser is used to access an ftp server.
* Enhance -C to support an optional @host ('-C user[@host]'):
checks whether user as connecting from host would be granted
access by ftpusers(5).
* Support IPv6 in the host directive of ftpusers(5).
* Implement -n to disable hostname lookups.
* Disable SOCKS support; I don't have the ability to test it,
and the autoconf checks were very out of date.
* Add configure --with-pam to enable PAM authentication support.
Defaults to checking for PAM.
* Add configure --with-skey to enable S/Key authentication support.
Incompatible with --with-pam, defaults to no.
* Fix pathnames in the installed manual pages to contain
the appropriate $(prefix) substitution.
* Use fcntl(3) locking instead of flock(3) or lockf(3).
* Various other portability improvements.
stricter filtering to defeat some additional DNS attacks and support for
source address randomisation and optional capitalisation support. The
former can be configured when multiple public IPs are present, the
latter is considered experimental as a small number of servers doesn't
support it.
Change FTP backend to use passive mode by default and fallback to active
mode on syntax errors as discussed with and suggested by Luke Mewburn.
Retire 'p' now and introduce 'a' flag to get the old default behavior.
Fix line buffering to not drop content after the line we are interested
in. This magically worked for a local tnftpd that was only sending a
normal one line return message due to the challenge response protocol
always having the desired size. With the patch fetch_read will process
the remaining part of the buffer and fetch_getln will remember how much
of the data it was actually interested in, so it will now process the
complete output again.
- only include openssl if the openssl option is present
- include arpa/inet.h to get ntohl and friends on older platforms like
Interix
- use new netdb.h compat code from libnbcompat
- include inttypes.h only when present
- don't name local variables err, Interix has a symbol like that in
default namespace
- allow fetch_read to do short read and do more intelligent buffering
for header processing; effectively don't do a system call for each
byte read
Version 1.2.2.
-msdl
- 8th release
- http redirect support
- added MPlayer/xine-lib copyright infos in each file
Version 1.2.1.
-msdl
- 7th release
- fixed fatal bug on mmst
- some change on wmserver/real
Ekiga (formely known as GnomeMeeting) is an open source VoIP and video
conferencing application for GNOME. Ekiga uses both the H.323 and SIP
protocols. It supports many audio and video codecs, and is interoperable
with other SIP compliant software and also with Microsoft NetMeeting.
v2.0.5
- Apply fix for O_NONBLOCK vs. XFS DMAPI filesystem. Thanks to Sudha Srinivasan
<sudhas@sgi.com>.
- Fix build warnings exposed by my upgrade to Fedora Core 5 / GCC4.1.1.
- Be more honest in FEAT response if PORT or PASV are disabled! Reported by
Charles Honton <chas@honton.org>. Allows MS Explorer to get the transfer mode
correct.
- pam_pwdb.so -> pam_unix.so in example PAM file. Thanks to
Rhodes, Colin <colin.rhodes@airways.co.nz>.
- Add FAQ issue regarding "chroot fails with SSL" - in fact, sshd is being hit
here instead ;-)
- Minor man page doc tweaks.
- Tiny bit of paranoia in privops.c.
- Revert change to reject anonymous logins before asking for password. This
fixes complaints about IE not showing the FTP login dialog.
- Change SSL certificate load to cater for chaining too.
- Added delay_failed_login and delay_successful_login to help limit resources
taken by brute force attacks.
- Kick session after a few login fails. Allows IP blocking solutions to be more
immediately effective.
- Replace setenv() with more portable putenv(). First part of Solaris fix.
- Replace tm_gmtoff usage with timezone and daylight. Second part of Solaris
fix.
- Set PAM items TTY and RUSER if possible.
- OpenBSD build warning fixes.
- So, timezone and daylight are not available on BSD, so redo the whole TZ
thing again. Should use only very portable constructs now.
v2.0.6
- Fix delay_failed_login typo. Oops.
- Patch the getcwd and readlink sysutil helpers to reflect that they wouldn't
like a 0-sized buf. No caller is affected. Thanks Ilja van Sprundel
<ilja@suresec.org>.
- Allow a (fake) reauth as the same user as the logged in user. Should resolve
.NET related report from Sabo Jim <Jim.Sabo@thomson.net>.
- Tweak from Lucian Adrian Grijincu <lucian.grijincu@gmail.com> to take
unnecessary port calculations out of a loop.
- Fix byte I/O accounting in the error path of do_file_send_rwloop, thanks to
<echen@siac.com>.
- Don't log FireFox's attempts to RETR directories! Reported by
Nixdorf, Tim <tnixdorf@dnps.com>.
- Fix STOU sending the same 150 status line twice - oops! Reported by
<yamazaki@iij.ad.jp>.
- Fix xferlog format for virtual (guest) users, reported by Andy Fletcher
<andy@withnail.org>.
- Fix bug with empty user list file and userlist_deny=NO. Reported by
Marcin Zawadzki/GlobalVanet.com <marcin.zawadzki@globalvanet.com>.
- Pretend we have proper UTF8 support and respond positively to OPTS UTF8 ON.
Thanks Stanislav Maslovski <stanislav.maslovski@gmail.com>.
- Add control over the file permissions used in the chown()ing of anonymous
uploads: chown_upload_mode (default 0600 as before). Suggestion from
An Pham <apham@medforcetech.com>.
- Do a retry getting the active ftp socket in vsf_privop_get_ftp_port_sock();
should help buggy Solaris systems. Reported by Michael Masterson
<mjmasterson@xo.com>.
- Add debug_ssl option to dump out some SSL connection details.
- Use code 522, not 521, to indicate that the server requires an encrypted
data connection. Still does not seem to coax lftp to retry :(
- Recognize OPTS pre-login.
- A whole ton of SSL improvements, including ability to force requirement of
a client cert; data and control channel client cert cross checking. Ability
to require fully valid / authentic client certs. No cert-based auth yet.
- Change my e-mail to my GMail account.
v2.0.7
- Fix finding libcap for the link on Slackware systems, thanks to Roman
Kravchenko <roman@atech.lv>.
- Fix build on Solaris 2.8 due to non-standard C, thanks to IIDA Yosiaki
<y-iida@secom.co.jp>.
- Fix man page typo, thanks Matt Selsky <selsky@columbia.edu>.
- Bring the PASV listen() into the bind() retry loop to resolve a race under
extreme load. Thanks to Curtis Taylor <cjt@us.ibm.com>.
- Enhance logging for debug_ssl.
- Shutdown the SSL data connections properly. This prevents clients such as
recent FileZilla from complaining. Reported by various people.
- Add option to enforce proper SSL shutdown on uploads. Left it off after much
agonizing because clients are so broken in this area.
- Add option to delete failed uploads.
1.2.9 binding to an adapter did not work, 'SIGPIPE' was not handled correctly
1.2.8 fixed a segfault introduced in version 1.2.7
1.2.7 http statuscodes are now correctly interpreted (if selected)
1.2.6 Can now split measured latency in time to connect and time to exchange a request with the HTTP server
wireless network models, and bug fixes.
Changes since 2.31:
Wireless shadowing bug fix; originally reported by Marcello Caleffi;
suggestion from Nicola Baldo applied
AODV bug fix from Marco Fiore
Add dynamic libraries patch from SIGNET group, University of Padova
Add 80211Ext models from Mercedes-Benz/Karlsruhe team
Add Ilango Purushothaman's 802.11 infrastructure mode support.
Add ns-2 TCP Linux patch and calendar scheduler improvements.
Enable Tk for ns-2.
Several changes to SCTP module, contributed by Nasif Ekiz and Protocol
Engineering Lab at the University of Delaware
Changes since 3.0.3:
BUG FIXES:
- Fixed a bug in the hard-linking code where it would sometimes try to
allocate 0 bytes of memory (which fails on some OSes, such as AIX).
- Fixed the hard-linking of files from a device that has a device number
of 0 (which seems to be a common device number on NetBSD).
- Fixed the handling of a --partial-dir that cannot be created. This
particularly impacts the --delay-updates option (since the files cannot
be delayed without a partial-dir), and was potentially destructive if
the --remove-source-files was also specified.
- Fixed a couple issues in the --fake-super handling of xattrs when the
destination files have root-level attributes (e.g. selinux values) that
a non-root copy can't affect.
- Improved the keep-alive check in the generator to fire consistently in
incremental-recursion mode when --timeout is enabled.
- The --iconv option now converts the content of a symlink too, instead
of leaving it in the wrong character-set (requires 3.0.4 on both sides
of the transfer).
- When using --iconv, if a filename fails to convert on the receiving side,
this no longer makes deletions in the root-dir of the transfer fail
silently (the user now gets a warning about deletions being disabled
due to IO error as long as --ignore-errors was not specified).
- When using --iconv, if a server-side receiver can't convert a filename,
the error message sent back to the client no longer mangles the name
with the wrong charset conversion.
- Fixed a potential alignment issue in the IRIX ACL code when allocating
the initial "struct acl" object. Also, cast mallocs to avoid warnings.
- Changed some errors that were going to stdout to go to stderr.
- Made human_num() and human_dnum() able to output a negative number
(rather than outputting a cryptic string of punctuation).
ENHANCEMENTS:
- Rsync will avoid sending an -e option to the server if an older protocol
is requested (and thus the option would not be useful). This lets the
user specify the --protocol=29 option to access an overly-restrictive
server that is rejecting the protocol-30 use of -e to the server.
- Improved the message output for an RERR_PARTIAL exit.
DEVELOPER RELATED:
- The Makefile will not halt for just a timestamp change on the Makefile
or the configure files, only for actual changes in content.
- Changed some commands in the testsuite's xattrs.test that called "rsync"
instead of "$RSYNC".
- Enhanced the release scripts to be able to handle a branch release and
to do even more consistency checks on the files.
Pkgsrc changes:
o Instead of pointing to ../../wip/ (oops!), use ../../databases
for the newly imported p5-MARC-Record package, which is a dependency
of this package. Should fix PR#39562.
from the DESCR:
Jifty is a full-stack web framework. It provides an optional REST
interface for applications. Using this module, you can interact with
that REST interface to write client-side utilities. You can use this
module directly, but you'll be better off subclassing it, such as what
we've done for Net::Hiveminder. This module also provides a number of
convenient methods for writing short scripts.
Adapted from submission in PR#39542.
Adds a patch to portably pull in $Config{ldflags} to avoid run-path
lossage which would otherwise ensue.
Provides bindings for GNU Libidn, a C library for handling Internationalized
Domain Names according to IDNA (RFC 3490), in a way very much inspired by
Turbo Fredriksson's PHP-IDN.
Some of the tests fails, but that appears to be due to some remote
server no longer providing the expected service. Also fix one test's
count of tests.
The Net::Z3950::ZOOM distribution contains three Perl modules for the
price of one. They all provide facilities for building information
retrieval clients using the standard Z39.50 and SRW/U protocols, but
do so using different APIs.
Pkgsrc changes:
o Change HOMEPAGE to use search.cpan.org, retain old commented out
Upstream changes:
version 2.00 (08/01/08)
+ Support for Alcatel-Lucent OmniSwitch via L3::AlcatelLucent
+ Support for Alcatel-Lucent Service Router via L3::Timetra
+ Support for Alcatel-Lucent OmniAccess via L2::Aruba
* Silence warnings in MAU due to uninitialized variables
version 1.09 (07/22/08) - Beta/developer release
+ Added support for HP ProCurve Foundry OEM switches, such as the 9300
series, in new class L3::HP9300 (contributions from Douglas McKeown and
Ivan Auger)
+ Added support for CISCO-PAE-MIB in CiscoPortSecurity (Kesy)
+ Support for D-Link devices through L3::Dell
+ Support for Linksys SRW2048 through L3::Dell
+ Support for IBM BladeCenter 4-Port GB Ethernet Switch Module through
L3::Dell (Alex Kramarov)
+ Support for newer Nortel Alteon switches and Nortel BladeCenter Switch
Modules in L3::AlteonAD
+ Support for Cisco 1250 series through L2::Aironet
+ Updates to fan, power supply, and serial number methods in
L2::HP (Jeroen van Ingen)
+ Use Cisco Client Association MIBs for Aironet client reporting
via fw_mac
+ Support VLANs on Aironet
+ Get the proper radio MAC address from aironet in MBSS mode
+ Additional wireless statistics from Aironet
+ Add support to specify MIB to resolve leaf names conflicts in
%GLOBALS and %FUNCS.
+ Added munge_port_list() and modify_port_list() methods to assist in
working with PortList objects.
+ Added set_multi() method to enable a SNMP set command on several new
values in one request. Required for complex set operations
on some agents.
+ Infrastructure for SNMPv3 support:
+ Save the SecName passed into the constructor
+ Create an update() function, which replaces the underlying
SNMP session using different parameters.
+ Return the SecName instead of community from snmp_comm() when using
SNMPv3.
* L2::HP now isa Layer3 instead of Layer2 to support arpnip
(Dudley Freeman)
* Silence warnings from Cisco devices which don't return values for
extended VLAN range (1024-4096)
* Documentation coverage, spelling, and syntax updates
* set_i_pvid(), set_i_vlan(), set_add_i_vlan_tagged(),
set_remove_i_vlan_tagged() removed from Bridge and HP classes due to
incompatibility across devices.
version 1.07 (11/26/07) - Beta/developer release
version 1.05 (11/25/07) - CVS only. No official release
+ Added support for LLDP in new class LLDP (contributions from Bernhard
Augenstein)
+ Added device specific support for LLDP in L2::HP, L2::Baystack,
L3::Enterasys and L3::Foundry
+ Added support for Enterasys devices as new class L3::Enterasys
+ Added support for Dell PowerConnect switches as new class L3::Dell
+ Added basic support for generic routers running Microsoft Windows OS
as new class L3::Microsoft (begemot)
+ Added basic support for Sun routers as new class L3::Sun (begemot)
+ Added basic support for Juniper NetScreen devices as new class
L3::Netscreen (Kent Hamilton)
+ Added support for Cyclades terminal servers as new class L1::Cyclades
+ Added support for Cisco (Airespace) wireless controllers as new class
L2::Airespace
+ Added support for Nortel Ethernet Routing Switch 2500 series and
Business Ethernet Switches (David Siebörger)
+ Update of L3::Foundry to support all Foundry devices including newer
switches. Depreciate L2::Foundry.
+ Added generic device type detection using IANA assigned enterpise
number extracted from sysObjectID
+ Added ifDiscards and other missing entries from IF-MIB::ifEntry (Greg King)
+ Added CGESM devices to L2::C2900 class (Alexander Hartmaier)
+ Added support for dual speed 10/100 hubs and i_speed() in L1::Bayhub
+ Added i_ssidlist(), i_ssidbcast(), and i_80211channel() methods to
L2::Aruba, Airespace, and L2::NAP222x classes
+ New class IEEE802dot11 class for generic standards based wireless AP
support to include i_ssidlist()and i_80211channel() methods.
+ L2::Orinoco inherits from new IEEE802dot11 for i_ssidlist()and
i_80211channel() support.
+ Added new VLAN methods i_pvid(), i_vlan_membership(), set_i_pvid(),
set_i_vlan(), set_add_i_vlan_tagged(), set_remove_i_vlan_tagged() to
Bridge, CiscoVTP, Extreme, HP, and RapidCity classes.
+ Added set_i_speed_admin() method to RapidCity class,
+ Added set_i_duplex_admin() method to RapidCity class,
+ Added OSPF Neighbor Tables, SF Patch 1577918 to Layer 3 (Andrew Herrick)
+ Added CiscoConfig class, SF Patch 1555001 (Justin Hunter)
+ Enable load_ methods for %GLOBALS and MIB Leaf node names.
+ Enable dynamic methods in AUTOLOAD with MIB Leaf node names for loaded
MIBs without definition in %FUNCS or %GLOBALS. Single instance mib leafs
will be treated as a GLOBAL and returna scalar while mib leafs which
reside in a table will be treated as a FUNC and return a reference to a
hash.
+ Enable load_ methods for %GLOBALS and MIB Leaf node names.
+ Add loop detect option and code for getnext table column walks.
+ Add Layer3::NetSNMP for Net-SNMP-based hosts, part of
SF patch 1557529 (Bradley Baetz).
+ Add EIGRP Neighbor Tables to L3::Cisco SF Patch 1577927 (Andrew Herrick)
+ Additions to CiscoQOS and CiscoStats (Alexander Hartmaier)
+ Emulate ENTITY-MIB Physical Table methods for devices which don't
have ENTITY-MIB support in Airespace, Bayhub, Baystack, BayRS,
NortelStack, and Passport classes.
+ Enable use of MIB Leaf node names in SNMP sets.
+ Add POWER-ETHERNET-MIB and CISCO-POWER-ETHERNET-EXT-MIB support.
* Fix for bug where an SNMP error in any operation would cause subsequent
table get operations to fail while using the same session, originally
identified by Nicolai Petri.
* Enable single instance partial table fetches (Alexander Hartmaier)
* Enable partial table fetches in overriden table methods (Justin Hunter)
* Allow partial table fetches with load_ methods.
* Fixed vlan trunk port handling bug in L2:HP (Michael Robbert)
* Correct bp_port() definition in Bridge class (Reported by Nicolai Petri)
* Remove port security definitions from CiscoStack and move into new class
CiscoPortSecurity. Needed to support devices such a L3::C4000 which
support CISCO-PORT-SECURITY-MIB, but not CISCO-STACK-MIB.
(Reported by Prakash RudraRaju)
* Correct port numbering for Nortel 8110, 1100, 1150 in L3:Passport
(Reported by David Pinkoski)
* Documentation updates
* Translate OIDs returned by Entity MIB e_type
* Modify inheritance to use Cisco classes before generic classes
* Create e_index method in ENTITY-MIB to facilitate emulation methods in
other classes as entPhysicalIndex is not-accessible.
* Only return MAC from munge_mac() if it actually is a MAC. Fix for
netdisco where device would not be inserted in DB due to malformed MAC.
* Enable SUPER class calls to find autoloaded methods (Bernhard Augenstein)
* Clear attribute cache on sucessful SNMP set.
* Improve accuracy of operational and administrative duplex reporting on
devices using CiscoStack.
* All i_type() methods now use standard IANAifType values.
* Report bridge groups (VLANs) in L2::C1900.
* Turn on bulkwalk for C6500. Users with buggy OS versions can turn
it off when creating the object.
* c_ip() now attempts to return only IPV4 addresses, use c_addr() for all
address types.
Pkgsrc changes:
o Canonicalize HOMEPAGE
o Fix MASTER_SITES to use MASTER_SITES_PERL_CPAN
o Add patch to recognize lo0 on NetBSD. This probably breaks the test
on Linux. It's not portable to insist on particular names for
interfaces (lo or lo0), but this patch doesn't improve the portability,
it just makes it pass on NetBSD.
o Add patch to not do the mem_leak test if Proc::ProcessTable is installed
but the platform does not provide the virtual size of the process via
"size". (We probably should have a kvm-using version of Proc::ProcessTable,
but that's for another day.)
Upstream changes:
0.23 Tue Jan8 2007
- add version number to submodules
0.22 Tue Jan8 2007
- remove dependency on List::MoreUtils
0.22_01 Mon Jul 16 2007 (Steve Bonds)
- fix endianness bug in ICMP packet creation
- add lots of comments on what's going on in the ICMP portion
of the RawIP.xs and RawIP.pm files
- break out sub-packages to their own files so "make test"
works even with Critic enabled
0.21 Mon Mar 26 22:53:48 2007
- fix looping bug in set_icmp (Micha Nasriachi)
- fix tests to work both as root and as regular user
0.21_04
- Skipped
conferencing application for GNOME. Ekiga uses both the H.323 and SIP
protocols. It supports many audio and video codecs, and is interoperable
with other SIP compliant software and also with Microsoft NetMeeting.
Pkgsrc changes:
o Canonicalize HOMEPAGE
Upstream changes:
2007-06-17 Malcolm Nooning <m.nooning@comcast.net> (0.43)
* lib/Net/Daemon.pm Needed to up the VERSION number
2007-06-16 Malcolm Nooning <m.nooning@comcast.net> (0.42)
* t/forkm.t: Added a wait so that the parent will not loop
around and make another child until the previous child has
been destroyed.
2007-05-23 Malcolm Nooning <m.nooning@comcast.net> (0.41)
* t/forkm.t: When all ten childs are exited,
sub CatchChild will now exit.
2007-05-16 Malcolm Nooning <m.nooning@comcast.net> (0.40)
* t/threadm.t: The tests are now skipped with a
passing indication when usethreads is defined, which
would mean that the ithreadm tests are the ones that
matter.
Test.pm: A patch from todd.e.rinaldo was used. I do
not remember what the issues were.
Based on patch provided by Mustafa Dogan in PR 39503.
Add DESTDIR support and note that test target require bash and python.
Release 1.5 (2008/07/22)
========================
ALL:
- XORP now builds on DragonFlyBSD-1.10.1, DragonFlyBSD-1.12.2,
FreeBSD-7.0, Linux Debian-4.0 (etch), Linux Fedora 7,
Linux Fedora 8, Linux Fedora 9, Linux Gentoo 2008.0,
Linux Ubuntu-7.04, Linux Ubuntu-7.10, Linux Ubuntu-8.04.1,
NetBSD-4.0, OpenBSD-4.1, OpenBSD-4.2, OpenBSD-4.3, Mac OS X 10.5.2,
Mac OS 10.5.3, and Mac OS X 10.5.4.
CONFIGURATION:
- Addition of new FEA configuration statements to set the IPv4/IPv6
unicast forwarding table IDs:
fea {
unicast-forwarding4 {
table-id: 254
}
unicast-forwarding6 {
table-id: 254
}
}
If the table ID is not configured, the FEA will use the default
table ID for the system.
Note that not all systems support multiple forwarding tables.
Currently, they exist only on Linux (among all systems supported by
XORP).
- The "DISCARD" network interface flag is printed as appropriate
when displaying the list of interfaces in the CLI.
- Addition of new FEA configuration statement to support
"unreachable" interfaces. Such interfaces are similar to "discard"
interfaces, except that instead of silently throwing away packets,
the system will respond with "ICMP destination unreachable".
interfaces {
interface my_unreachable {
unreachable: true
vif my_unreachable {
}
}
}
The default value for the "unreachable" statement is false.
- Addition of new FEA configuration statement to flag an interface
for "management" purpose. An interface that is flagged as
"management" might be used in the future by some of the protocols
for protocol-specific purpose.
interfaces {
interface fxp0 {
management: true
vif fxp0 {
address 10.10.10.10 {
prefix-length: 24
}
}
}
}
The default value for the "management" statement is false.
- Addition of support to configure VLANs on an interface.
A VLAN is configured by using a "vlan" block that includes
the VLAN ID:
interfaces {
interface fxp0 {
vif fxp0 {
address 10.10.10.10 {
prefix-length: 24
}
}
vif vlan1 {
vlan {
vlan-id: 1
}
address 10.10.20.20 {
prefix-length: 24
}
}
}
}
- Addition of preliminary support to configure firewall rules.
Firewall rules are configured by using numbered entries:
firewall {
rule4 100 {
action: "drop"
protocol: 6 /* TCP */
source {
interface: "fxp0"
vif: "fxp0"
network: 0.0.0.0/0
port-begin: 0
port-end: 65535
}
destination {
network: 10.10.0.0/24
port-begin: 0
port-end: 1024
}
}
}
Note that compiling firewall support on Linux systems require
patching some of the system header files. See ERRATA for details.
- The following PIM-SM configuration statements have been deprecated,
because PIM-SM doesn't use Router Alert IP option anymore:
protocols {
pimsm4 {
interface foo {
vif foo {
enable-ip-router-alert-option-check: true
}
}
}
}
protocols {
pimsm6 {
interface foo {
vif foo {
enable-ip-router-alert-option-check: true
}
}
}
}
LIBXORP:
- The local system-independent xorp_random() implemenation is used
instead of the random(3) provided by the system.
- Improved MAC address support (classes Mac and EtherMac).
- More consistent usage of XORP_OK and XORP_ERROR to return error
codes.
LIBXIPC:
- Bug fix in the internal mechanism for obtaining the IPv4 addresses
from the system. After the bug fix, a secondary (alias) IP address
can be specified with the "-i <addr>" command-line option to
the xorp_rtrmgr or xorp_finder binaries.
LIBFEACLIENT:
- No significant changes.
XRL:
- Critical bug fix that can be triggered by malformatted XRLs.
- Addition of support for 64-bit integers: i64 and u64 for
signed and unsigned respectively.
RTRMGR:
- Addition of preliminary mechanism to log events to a file or
to a syslog facility.
- Addition of support to run XORP in background (in daemon mode).
XORPSH:
- Bug fix related to assigning the node ID position in case the
previous (sibling) node was deleted at the same time a new node
was added.
This fixes "Found out-of-order term(s) inside policy ..." error
inside the policy manager.
- The "-c <cmd>" command line option can be used more than once to
run multiple commands.
- Fix a long configuration delay when using xorpsh in
non-interactive mode (e.g., "cat commands.txt | xorpsh").
- Addition of a new "-e" command line option. It can be used to tell
xorpsh to exit immediately if the connection to the Finder fails.
POLICY:
- No significant changes.
FEA/MFEA:
- Major refactoring of the FEA/MFEA internals.
- Critical bug fix that affects recent NetBSD and OpenBSD releases.
- Critical IPv6-related bug fix when adding unicast forwarding
entries to the kernel. This bug was exposed only on *BSD systems
with 64-bit CPU.
- If MFEA is started, it will explicitly enable the multicast
forwarding flags that have been added to recent OpenBSD releases:
net.inet.ip.mforwarding (for OpenBSD-3.9 and later) and
net.inet6.ip6.mforwarding (for OpenBSD-4.0 and later).
RIB:
- No significant changes.
RIP/RIPng:
- Addition of support for "show ripng" xorpsh operational commands.
- Critical RIPng-related bug fix. Previously the RIPng installed
routes had incorrect outgoing interface toward the destination.
- Bug fix related to the TTL for RIPng multicast packets: now it is
set to 255 as specified in the protocol specification (RFC 2080)
instead of 1.
OLSR:
- Added support for RFC 3626 Optimized Link State Routing Protocol.
This is a fully fledged XORP routing process with policy route
redistribution capability. The work was generously funded over
2007/2008 by CenGen, Inc.
OSPF:
- Bug fix related to OSPFv3 link-local scope LSAs. Previously the
link-local scope LSAs were incorrectly flooded to links other
than the one they belonged to.
- Bug fix related to OSPFv3 Inter-Area-Prefix-LSAs. The check for
the minimum size of an Inter-Area-Prefix-LSA was incorrect so
short prefixes such as the default route would be rejected.
- Added a clear database command.
- In the OSPFv2 configuration "passive" is no longer a bool but a
directive. Previously setting an interface to passive would set
the interface to loopback and announce a host route for the
interface. Using the passive keyword will still set the
interface to loopback but now the network will be announced. If
the previous behaviour of of announcing the host route is
required the host variable can be set to true.
BGP:
- Added support for 4-byte AS numbers, as detailed in RFC 4893.
From 1st Jan 2009 4-byte AS numbers will be allocated by default
by RIPE, so it is desirable that all BGP implementations support
four-byte AS numbers by that time. Currently 4-byte support is
not enabled in XORP by default, but can be enabled using the
"enable-4byte-as-numbers" configuration option.
STATIC_ROUTES:
- Bug fix that prevented the deletion of interface-specific routes
using xorpsh.
MLD/IGMP:
- No significant changes.
MLD/IGMP-Lite:
- An implementation of Lightweight IGMP/MLD is available in
directory ${XORP}/contrib/mld6igmp_lite. It can be used instead
of the existing MLD/IGMP vanilla implementation by using the
following command before compiling XORP:
./configure --with-mld6igmp_lite
PIM-SM:
- No significant changes.
FIB2MRIB:
- No significant changes.
CLI:
- No significant changes.
SNMP:
- No significant changes.
Pkgsrc changes:
o Canonicalize HOMEPAGE
Upstream changes:
1.14 Sat May 17 15:23:36 BST 2008
- Updated test case to use Test::POE::Server::TCP
- Removed kwalitee test.
- Added license information
1.12 Wed Mar 5 09:24:15 GMT 2008
- We had no explicit return values, I'm shocked it worked at all.
1.10 Thu Jan 31 11:23:41 GMT 2008
- Enabled perl-5.5.5 compatibility.
1.08 Thu Jan 17 14:16:39 GMT 2008
- Fixed up test script naming.
1.07 Wed Oct 31 17:19:56 GMT 2007
- Updated Module::Install to 0.68
1.06 Sun Aug 05 11:44:11 BST 2007
- Fixed abstract_from and build_requires in Makefile.PL
1.04 Thu Dec 7 17:27:17 GMT 2006
- Ident-Agent was hanging on to a reference to the spawning
session. Changed to session->ID.
1.02 Fri Sep 1 10:27:59 BST 2006
- Rearranged distribution file structure.
- Added test pod and pod coverage.
- Fixed documentation coverage.
1.01 Fri May 19 16:41:56 BST 2006
- Minor bug in Agent.pm was causing two error events to be
generated in the case of a socket error.
1.00 Wed Apr 26 13:48:34 BST 2006
- Minor code revisions
- switched test script to Test::More
0.8 Thu Nov 3 12:55:56 GMT 2005
- Changed Ident-Agent API to be objectified.
Changes in version 0.2.0.31 - 2008-09-03
o Major bugfixes:
- Make sure that two circuits can never exist on the same connection
with the same circuit ID, even if one is marked for close. This
is conceivably a bugfix for bug 779. Bugfix on 0.1.0.4-rc.
- Relays now reject risky extend cells: if the extend cell includes
a digest of all zeroes, or asks to extend back to the relay that
sent the extend cell, tear down the circuit. Ideas suggested
by rovv.
- If not enough of our entry guards are available so we add a new
one, we might use the new one even if it overlapped with the
current circuit's exit relay (or its family). Anonymity bugfix
pointed out by rovv.
o Minor bugfixes:
- Recover 3-7 bytes that were wasted per memory chunk. Fixes bug
794; bug spotted by rovv. Bugfix on 0.2.0.1-alpha.
- Correctly detect the presence of the linux/netfilter_ipv4.h header
when building against recent kernels. Bugfix on 0.1.2.1-alpha.
- Pick size of default geoip filename string correctly on windows.
Fixes bug 806. Bugfix on 0.2.0.30.
- Make the autoconf script accept the obsolete --with-ssl-dir
option as an alias for the actually-working --with-openssl-dir
option. Fix the help documentation to recommend --with-openssl-dir.
Based on a patch by "Dave". Bugfix on 0.2.0.1-alpha.
- Disallow session resumption attempts during the renegotiation
stage of the v2 handshake protocol. Clients should never be trying
session resumption at this point, but apparently some did, in
ways that caused the handshake to fail. Bug found by Geoff Goodell.
Bugfix on 0.2.0.20-rc.
- When using the TransPort option on OpenBSD, and using the User
option to change UID and drop privileges, make sure to open
/dev/pf before dropping privileges. Fixes bug 782. Patch from
Christopher Davis. Bugfix on 0.1.2.1-alpha.
- Try to attach connections immediately upon receiving a RENDEZVOUS2
or RENDEZVOUS_ESTABLISHED cell. This can save a second or two
on the client side when connecting to a hidden service. Bugfix
on 0.0.6pre1. Found and fixed by Christian Wilms; resolves bug 743.
- When closing an application-side connection because its circuit is
getting torn down, generate the stream event correctly. Bugfix on
0.1.2.x. Anonymous patch.
files. The report produced by Nipper includes; detailed security-related
issues with recommendations, a configuration report and various
appendices. Nipper has a large number of configuration options.
Added Turkish translation. Updated German and Russian translations.
If an error occurred with a URI, remove identical URI from remaining
URI list because it is likely that same error occurred in the end and it
is waste of time.
Added -lrt to LIBCARES_LIBS if -lrt is needed to link program with
-lcares.
Moved implementation to SimpleRandomizer.cc from SimpleRandomizer.h.
Added return value of getpid() to argument of srand() to achieve more
randomized value.
Contact tracker frequently when the number of connections are 0 and
download is not finished yet.
Moved threshold values to UTPexExtensionMessage.
Added _incoming member to Peer class and made it true if the peer
initiated connection. Don't add those peer to UTPex message.
If extended handshake is received, assign _incoming to false.
Fixed infinite loop bug in FTP when SIZE command failed.
Made files whose name ends with ".gz", ".tgz" not inflated by Content
Encoding Decoder. Removed size threshold for turning off on the fly
inflation because resulting file may or may not be inflated depending
on the file size and I think it is not expected by users.
This change fixes segmentation fault when Metalink file contains gzipped
file and its filesize is provided.
Fixed chunk checksum validation cannot detect trailing garbage data.
BUG#2074141
ORBit2-2.14.14
- portability
+ Fix build on win32 (Tor)
+ Mac OS/X fixes (Jules Colding)
- bug fixes
+ use ORBIT_SOCKETDIR to propagate the socket dir to children
wherever possible: has two benefits: speeds up ORBit2 launch,
and allows root owned apps to talk to the user's AT. (Mike Gorse)
+ other linc2 fixes (Michael, Mike)
+ Cleanups (JP, Jules Colding, dmacks at netspace org)
=========================== 0.8.11 ========================
2008-06-02 Tor Lillqvist <tml@novell.com>
Bug 536165 - Make libIDL correctly parse cl's pre-processor output
* lexer.l: Further change needed when using MSVC's cl.exe as the
preprocessor. Patch by Marcelo Vanzin.
2008-05-19 Tor Lillqvist <tml@novell.com>
Bug 522697 - Patch: make libIDL work with Microsoft's compilers
Patch by Marcelo Vanzin, applied with modifications.
* configure.in: Define Automake confitional OS_WIN32.
* Makefile.am: Use --export-symbols libIDL.def on Windows.
* Makefile.msc.in: Significant changes. Build a DLL with the same
name as libtool does. Use pkg-config.
* util.c: Make it work also in the !HAVE_CPP_STDIN && !HAVE_SYMLINK case.
* util.h: Make __IDL_tmp_filename const.
* include/libIDL/IDL.h.in: Rework the dllimport logic. Use
LIBIDL_VAR to decorate imported variables, similar to
GLIB_VAR. Unlike Marcelo's patch, I decided not to decorate
functions. Maybe later I can be convinced it would be a good idea,
but for now just use the .def file to export them and let them be
imported automatically.
* README.win32
* libIDL.def: Update.
2008-03-18 Christian Persch <chpe@gnome.org>
* configure.in: Update glib version req. Bug #517088, patch by
Mart Raudsepp.
Version 1.0.1
(August 30 2008, from branches/release/1.0.x)
svn://svn.gna.org/svn/clive/tags/1.0.1
User-visible changes:
* minor startup performance improvements
* config: warn/error messages now contain absolute path to config file
* fixed: VGoogle: embedded URL -> video page URL conversion (patch #1097)
* fixed: scan: progress is now immediately flushed to stdout
* console: renamed commands
- q_r_file -> q_import
- q_w_write -> q_export
- q_r_paste -> q_paste
- q_r_recall -> q_recall
Developer-visible changes:
* Youtube: parser no longer attempts to "guess" whether video is available
- Had a long history of detecting errors incorrectly
- Ignorant of non-English errors.
* ~/.clive/passwd: permissions are set to 0600
* added: HACKING file
* import statements are now used conservatively to reduce overhead
- clive.modules.Modules caches the most commonly used imports
* runtime options are no longer passed and copied back and forth
* clive.modules.Modules is now a singleton
* clive.opts.Options is now a singleton
* added: src/clive/singleton.py
* Makefile.am: clean-local: remove dist/ subdir
Known issues:
* Myvideo extraction fails ("error: extraction url not found")
- Security-related bugs in the NCP dissector, zlib compression code, and
Tektronix .rf5 file parser have been fixed.
- WPA group key decryption is now supported.
- A bug that could cause packets to be wrongly dissected as "Redback
Lawful Intercept" has been fixed.
This update address the security vulnerability reported in CVE-2008-3146.
- Prevent crash bug in Winbind caused by a race condition
when a child process becomes unresponsive.
- Fix interactive password prompting in the "net" command.
- Documentation clarifications and typographical fixes.
- Correct issues with running Winbind running on a Samba PDC.
- Problems with trusted Windows 2008 domains.
- Difficulty joining an NT4 or Windows 2000 AD domain.
Changes since 3.0.708:
- Split --debug into --verbose and --no-daemon
- Include launchd config and instructions for running darkstat
on Mac OS X. Contributed by Damien Clauzel.
- Implement PPPoE decoding on ethernet iface. (--pppoe)
- Web: Add automatic reload button. Thanks Dennis!
- Web: Add a graph legend with min/avg/max.
- Web: Remove hashtable stats pages.
Pkgsrc changes:
o Canonicalize HOMEPAGE
o Adjust dependencies to match Makefile.PL
Upstream changes (at least I *think* these are the ones for 0.99 and 1.00):
======================================
9999-99-99 99:99:99.999999Z (untagged)
======================================
2007-01-06 18:12:47 (r64) by rcaputo; DNS.pm M
By the power of PAUSEskull, this is a fine morning! Release 1.00!
2007-01-06 18:11:52 (r63) by rcaputo; DNS.pm M
Expose the underlying Net::DNS::Resolver with a get_resolver()
accessor. Thanks to Chris Williams for kinda suggesting it. :)
2006-11-06 19:23:35 (r62) by rcaputo; Makefile.PL M
Set a LICENSE. Cheap kwalitee points!
2006-10-17 16:35:24 (r61) by rcaputo; t/06_hosts.t M
Don't try to call a method on a failed request. Resolves rt.cpan.org
21190 by Alexandr Ciornii.
2006-10-17 15:05:34 (r60) by rcaputo; Makefile.PL M
Some rt.cpan.org tickets refer to issues in Net::DNS. Require the
latest version of that dependency in the hopes that some things are
fixed. Too bad I don't have test cases for those issues... there's no
way for me to tell if anything's fixed by this simple change.
=========================
2006-05-21 20:45:46 v0_99
=========================
2006-05-21 20:45:11 (r58) by rcaputo; DNS.pm M
Bump up the version.
2006-05-21 20:44:39 (r57) by rcaputo; DNS.pm M
Fix shutdown(). It was not performing nearly enough cleanup.
Replace some post() calls with call() to avoid race conditions. In
general, method interfaces should use call() rather than post() so
that they affect internal structures synchronously.
2006-05-21 20:43:08 (r56) by rcaputo
t/02_tag_args.t M; t/03_api_3.t M; t/05_api_4.t M; t/06_hosts.t M
Turn on ASSERT_DEFAULT for some of the tests. Add _stop handlers so
they don't fail with all POE asserts on.
2006-03-24 03:58:51 (r55) by rcaputo; DNS.pm M
Belatedly bump up the version.
Pkgsrc changes:
o Add commented-out HOMEPAGE as an addition, using search.cpan.org
Upstream changes:
Changes for 1.16
- Fixed minor bug in scanner.t where the number of tests
to skip when nmap was not found was incorrect.
- Repackaged to remove all the ._* files from the package.
- Fixed POD errors and added more documentation
Changes for 1.14
- Added cache_scan() to save the output of a parsescan()
to a file before parsing.
- Added new tests for servicefp fingerpriting and cache_scan().
- Ran PerlTidy against module and other tools
- Updated documentation
Changes for 1.13
- Added fingerprint() to Service object (thanks jpomiane)
- Added documentation.
Changes for 1.12
- Added references to Google Code Project page.
Changes for 1.11
- Added parsing of distance information.
- Fixed bug #1671876 on tcp_service() always returning null
- Added ignoring of taskend,taskbegin and taskprogress information.
- Added tests for nmap 4.20.
- Changed lisence to MIT.
- Points to new website http://nmapparser.wordpress.com
Changes for 1.06
- Added patch for new OS fingerprint (Thanks Okan Demirmen)
- New os_fingerprint() method for Nmap::Parser::Host::OS
- Updated documentation
- Updated scan.pl to also read xml files (good for debugging)
Changes for 1.05
- Major speed improvements (less compile time)
- Major reduction in unwanted memory usage
- Redundant functions (or less used functions) are now created
dynamically. (AUTOLOAD)
- Documentation fixes
Changes for 1.00
- To see the changes, please read over the new documentation
- Internal code is much (MUCH) cleaner and readable
- removed 'ducttape' fixes and made stable & roubust changes
- improved performance, removed unwanted code (legacy)
- complete overhaul of internal code - new Framework
- support for IPv6 addresses
- data overwrite (overflow) protection
- better support for multiple instances
- fixed some minor bugs
- process owner information obtained
- all OS accuracy information obtained
- some functions now take new parameters (more concise)
- some functions renamed for clarity
- new shortcut functions (for doing repetitive tasks easier)
- Removed parsing filters (finally)
- All indexes now start at 0 (not at 1).
- Removed internal OS generic matching function since this is given by
nmap now in the osclass tags
- Removed the use of constants for indexes
- Nmap::Parser::Host::Service object
provides OO interface to service information for a given port
- Nmap::Parser::Host::OS object
provides OO interface to OS signature information for a given host
- Nmap::Parser::Session replaces old Nmap::Parser::ScanInfo package
- Nmap2SQLite security script included
- removed old security tools
- rewrote scan.pl (from scanhost.pl)
- rewrote old tools to fit new framework
- Fully updated documentation
Pkgsrc changes:
o Canonicalize MASTER_SITES and HOMEPAGE
Upstream changes:
1.03 Fri Mar 21 17:20:00 CET 2008
- added support for IP_HDRINCL with IPv6 raw sockets (Linux only)
=> in fact, it should have worked before, but it appears to be a regression
1.02 Tue Feb 19 12:11:21 CET 2008
- bugfix: due to Socket6 update, AF_INET6 definition has changed
1.01 Sun Feb 17 19:08:15 CET 2008
- update: portability patches for other Unix systems (untested), concerning
IP_HDRINCL constants and the like
- update: license string (lc(Artistic)), to make CPANTS happy
Pkgsrc changes:
o Add a patch to handle all BSD systems the same in test 03
o Added a commented-out build dependency, Test::Distribution
does not appear to work for this package (and is optional anyway)
Upstream changes:
2008.01.01 - 0.16 - Sebastien Aperghis-Tramoni (SAPER)
- [BUGFIX] A typo prevented the new function names from working.
- [TESTS] Added new tests: 21-next_ex.t, 22-open.t, 23-srcstr.t,
50-poe-component-pcap.t
- [TESTS] Added support for user prefered device. See README.
- [TESTS] Improved small bits of the tests here and there.
2007.12.02 - 0.15 - Sebastien Aperghis-Tramoni (SAPER)
- [BUGFIX] CPAN-RT#30745: Fix WinPcap support.
- [BUGFIX] CPAN-RT#25076: Fix next_ex().
- [API] Now providing "pcap_"-prefixed aliases for all functions.
Documentation was changed to use these names instead of the old ones.
- [CMD] pcapinfo(1) no longer need IO::Interface.
- [TESTS] CPAN-RT#30903: Fix t/03-openlive.t failure on Linux.
- [DOC] CPAN-RT#27369: Several documentation fixes.
- [DOC] CPAN-RT#31111: Document that pcap_stats() does not work
on savefiles.
- KES reported a build problem. Turns out I need to install gtk-1.2
on my development sytem, otherwise my release script causes the
build to break.
- changed some docs to advertise the new mailing list.
- added documentation for the Mac OS X compilation problem.
- added -Wno-pointer-sign to the compiler options.
- Nico Lichtmaier's cleanup-gtk patch. (now mtr uses a more modern
dialect of gtk).
- as possible after opening the sockets, it still had some
sprintf calls, which have now been converted into snprintf.
pkgsrc changes:
- Move more definitions to Makefile.common, drop some that had default values.
- Depend on py-OpenSSL and py-ZopeInterface.
- Add do-test target.
- Remove patch-aa and install all bin/ script with plain names, not with
${PYVERSSUFFIX} appended. setup.py is now much, much simpler, and rewriting
the patch would be difficult. It doesn't matter anyway, as I tried really
hard to install py-OpenSSL for both python24 and python25 and it just
doesn't work.
Bug Fixes:
- 1870957: Wrong sign could cause out-of-bounds read and potentially a crash.
- Firewalled status was not re-verified after a port change if the previously
used port was open.
- Fixed issue that caused the local peer cache to degenerate.
Improvements:
- Client-side support for tigertree hashes (TTH/THEX).
- Replaced navigation tree by tabs.
- Redesigned download user-interface to make it more accessible.
- Added some selectable pre-defined search filters.
- Bitzi tickets are displayed in full raw indented XML.
- Display Bitzi and ShareMonkey URLs as search result details.
- Topless mode is available at run-time via command-line switch.
- Added default shared filename extensions:
.7z, .bittorrent, .oga, .ogv, .spx, .tbz2
- Removed default shared filename extensions: .doc
- Updated translations: Japanese, Norwegian Bokmal, French.
Under the hood:
- Changed default to dual use of IPv4 and IPv6 instead of IPv4-only.
- Support the "as" (Alternate Source) key in magnet links.
- Eszett is finally normalized to "ss" in search queries.
- Avoid display updates for elements not currently visible.
- Take full advantage of persistent HTTP connections to fetch multiple
files from the same peer through over the same connection if scheduling
permits.
- Improved TLS support and blocking detection.
- Updated list of hostile IP adress ranges, bogons, Geo-IP data,
spam patterns and spam samples.
Based on PPR 38486 by Peter Eisch.
http://www.twitter.com provides a web 2.0 type of ubiquitous presence.
This module allows you to set your status, as well as review the statuses of
your friends.
significant feature enhancements; it also now builds on OpenSolaris
(tested with NexentaOS by development community).
I urge all users to upgrade.
A _partial_ list of changes:
- Added and/or updated Danish, Greek, Spanish, Catalan,
Norwegian Nynorsk, Bulgarian, French, Catalan, and Japanese
translations.
- Man page fixes.
- Fixed: numCommand is less than the value specified in -C option.
- Myriad bug fixes.
- Now uses name attribute in Metalink as local filename in
BitTorrent downloads. BUG#2033999
- Fixed memory leaks in test code.
- Fixed wrong argument passing to BitfieldMan::isBitSet()
- Initialized _directIOAllowed
- Fixed memory leak in gzip decoder and metalink parser state
machine.
- Plug many other memory leaks and fix unmatch malloc/free calls.
- Removed max chunk size check. This change fixes BUG#2040169
- Fixed the bug that causes segmentaion fault when resuming
download using metalink without size tag. Reproducible only
using HTTP URI.
- Removed writable check when socket's send buffer is full in
BitTorrent downloads to lower CPU usage.
- Fixed broken gzip inflation.
Turn off segmented downloading if gzip content is smaller than
or equal to 1MiB and inflate the data on the fly, because HTTP
response header doesn't contain the length of inflated
file we can't determin where the chunk of data should be written.
On the other hand, if gzip content is larger than 1MB, then
turn off on the fly inflation, because some servers returns
"content-type: gzip" for *.tgz, *.gz files.
- Added gzip decompressor via libz.
- Cache last calculated average download/upload speed.
- Supported absolute/relative path in Location header field.
- Use File::exists() instead of File::isFile() to allow non-
regular file such as block special files.
- Added a message "aria2 doesn't verify signature" to log message
when signature file is saved.
- Added the ability to save signature when download is completed
if signature is available. The filename of signature file is
the path to download file followed by ".sig". If it already
exists, then signature will not be saved.
- Improve accuracy of documentation and rename some options to be
more descriptive of their functions/purposes.
- Added the ability to retrieve signature from Metalink file.
A retrieved signature is stored in Signature class and it is
held by DownloadContext class. Note that aria2 doesn't
verify signature.
- Added --bt-seed option. If --bt-seed=true is given at the
command-line, aria2 seeds previously downloaded files
without validating piece hashes.
- Fixed the compile error on Nexenta OS(GNU/Solaris OS).
(Don't define `struct addrinfo' when __sun is defined)
- Fixed the bug that UTF-8 encoded URL is not URL-encoded
- Properly differentiate between ftp errors and actual zero-byte
files (now supports ftp servers which do not recognize SIZE
raw command).
Pkgsrc changes:
o Canonicalize HOMEPAGE
o Add USE_LANGUAGES=c
Upstream changes:
2008-08-17 Hajimu UMEMOTO <ume@mahoroba.org>
* Socket6.pm: Bump version number to 0.21.
* Socket6.xs: Make it buildable on the following environment by
defining WINVER as 0x0501:
- Windows XP SP3
- ActivePerl-5.10.0.1003-MSWin32-x86-285500
- MinGW-5.1.4
- nmake 9.00.21022.08 (shipped with VisualStudio 2008 Express)
Submitted by: "IWAMURO Motonori" <vmi@nifty.com>
Pkgsrc changes:
o Adjust dependencies to match the package's Makefile.PL
Upstream changes:
0.50 Patches by Michael Hendrick to enable compression and use
of 'warn' instead of print STDERR.
0.49 Patches by Michael Hendrick and Tim Keefer.
0.48 Changes ebay-search.pl to add --currency and --country
0.47 Added more Scripts
0.46 Fixed POD coverage; changed some scripts in a minor way
0.45 Updated listing script to submit picture URL.
0.44 Added dependency on DateTime::Precise
0.43 Changed stuff for new way of specifying pictures when listing items
0.42 Added _last_text variable to have the last original XML response value
* better master/slave secrets documentation
* first cut at mtr integration
* use localtime to construct the rawlog filename
New in 2.4:
* SmokeTrace: An Ajax Traceroute tool.
* The 'blazemode' option for the FPing probe, so that the first (slow) ping packet can be ignored.
Ok'ed bouyer@
Version 1.0.0
(August 9 2008, from branches/release/1.0.x)
svn://svn.gna.org/svn/clive/tags/1.0.0
User-visible changes:
- Major new features:
* added: support for encrypted passwords, see clive(1) (--youtube,--dmotion)
* added: clive-passwd utility for storing encrypted login passwords
* added: --passwd option for using encrypted login passwords
- Minor improvements:
* fixed: some errors were still using "--youtube-user" and "--dmotion-user"
* --version: print pycrypto, pysqlite and newt (? if found, otherwise -)
Developer-visible changes:
* urlgrabber is now the only prerequisite that is needed to run clive:
features that req. other modules are disabled if a module is not found
* added: prerequisite pycrypto
* added: man/clive-passwd.1
* added: src/clive/passwd.py
* added: run-passwd.py
* added: src/clive/modules.py
* fixed: sqlite3 ImportError is now handled (src/clive/cache.py)
* removed: *all* bundled packages
- each dep. is best installed separately for security reasons
* removed: --with-installed-PACKAGE configure options
- now obsolete due to above change
* removed: obsolete configuration scripts
- acinclude.m4, config.guess, config.h.in, config.sub, depcomp, ltmain.sh
* removed: obsolete src/clive/*.py.in files
- src/clive/__init__.py.in remains
* cleanups: INSTALL, README, NEWS, ChangeLog, TODO, configure.ac
* configure.ac: if trunk: use revision for release date string
Version 0.5.0
(August 5 2008, from branches/release/0.5.x)
svn://svn.gna.org/svn/clive/tags/0.5.0
New features, enhancements:
* Added support for break.com
Thanks to Jan Hulsbergen <afoo@gmail.com> for the initial patch
* Added CHANGES file (ChangeLog and NEWS files are no longer updated)
* Added xine,mplayer detection (--write-conf)
* Added --no-login option
* Added --no-proxy option
* Added --no-confirm option (closes sr #2065)
* Replaced --$host-(user|pass) with --$host=$username:$password
* Replaced config $host_(user|pass) with $host_login="$username:$password"
* Revived AC_PROG_RANLIB in configure.ac
* Tweaked program description
Bugfixes
* --check-update: flawed version checking (e.g. 0.5.0 < 0.4.20)
Other
* Trackers now allow anononymous submissions
https://gna.org/projects/clive
* Added clive-users mailing list (General questions and discussion)
https://lists.sourceforge.net/lists/listinfo/clive-users
At the moment anything clive related can be discussed here including
development related issues. clive-dev is likely to be added later.
* Release branches are now used in the development
svn://svn.gna.org/svn/clive/branches
svn://svn.gna.org/svn/clive/trunk
svn://svn.gna.org/svn/clive/tags
* Release numbering is no longer as ad hoc as before
Starting with this release, the project follows the following
release numbering strategy:
major.minor.micro
major = Expected to have new features or entire feature sets
marks compatibility boundaries - may be forward/backward incompatible
minor = New features, usually only few at once
must be backward compatible, not necessarily forward compatible
micro = Bug fixes only or minor enhancements to existing features
must be forward/backward compatible, no new features
- avoid returning large fileids on Windows, for better compatibility
with clients such as Linux 2.6.24
- try to prevent races between READDIR and removal of files
2008/08/04: version 2.9.6 = tag release-2-9-6
6599: Allow values lower than max_upload_slots for BT-max_bt_uploaders
2008/07/29
6593: CryptoPP performance fix for ARM (Marc Pignat)
6592: HTML: Fix invalid html respond when login is invalid
2008/07/17
6571: Runinfo: Include DirectConnect in list of enabled nets
2008/07/02
6558: Fix text relocation warnings on hardened distributions (Davide Pesavento)
6557: BT: Send correct downloaded value when download is stopped to tracker
(Fox Mulder)
The changes in version 1.23 are
* Support for MIPS, x86_64, sparc, alpha, arm, FreeBSD
* Fix serious sign-extension error in handling IP addresses
* RTC support can be excluded at compile time
* Make sources gcc-4 compatible
* Fix various compiler warnings
* Handle fluctuations in peer distance better.
* Fixed handling of stratum zero.
* Fix various problems for 64-bit systems
* Flush chronyc output streams after each command, to allow it to be
driven through pipes
* Manpage improvements
The changes in version 1.21 are
* Don't include Linux kernel header files any longer : allows chrony to
compile on recent distros.
* Stop trying to use RTC if continuous streams of error messages would
occur (Linux with HPET).
Updates net/Geomyidae[1] gopher server package to current release (0.12)
which includes the following changes:
- fixes script.cgi user/group permissions security issue [2]
- changes the default logging level from 7 to 15
- updates files/Geomyidae.sh and Geomyidae.8
[1] http://www.r-36.net/
[2] patch by jneitzel@freeshell.org
(I only tested install and deinstall -- reed.)
1.10 Fri Jul 25 01:39:08 PDT 2008
- lots of small fixes
1.1001 Fri Aug 1 01:58:09 PDT 2008
- nope, still didn't get it right. left a stray dependency.
changed my version system because I seem to do this alot. now
releasing version 1.1001. I'm hoping I don't have to release
version 1.1002 tomorrow. :)
--------------------------
From: Steven Bakker steven.bakker ams-ix.net
* globally disable __DIE__ handler in eval using $^S check
* updated to SNMP_Session 1.12
From: Tobi
* make SNMP_Session.pm work on windows even when a __DIE__ handler ist
installed.
Pkgsrc changes:
o Add a commented-out HOMEPAGE using search.cpan.org
Upstream changes:
1.34 August 4th 2008
- Add Geo::IP::Record::region_name to the PurePerl API (Boris Zentner)
- Add missing record_by_name function to the PurePerl API
(Boris Zentner)
- Add missing country/country code 'Other' for the pureperl
fallback (Boris Zentner)
- Fix trash of $_ in Geo::Mirror (Boris Zentner)
- Geo::Mirror die, if open failed (Boris Zentner)
- Fix pureperl time_zone for countries with region codes,
but only one time_zone (Boris Zentner)
- Add continent_code to the pureperl and C API (Boris Zentner)
- minimum perl version is 5.6 now (Boris Zentner)
Fix non-priv'ed builds which should fix PR 39260
2008-07-24 - Snort 2.8.2.2
[*] Improvements
* Fix issue with evaluating PCRE rule options with /U modifier that
are followed by a relative content rule option.
* Fix issue with dsize range check.
2008-06-12 - Snort 2.8.2.1
[*] Improvements
* Fix support for pass rules that sometimes did not take precedence
over alert and/or drop rules.
--- 9.5.0-P2 released ---
2406. [bug] Some operating systems have FD_SETSIZE set to a
low value by default, which can cause resource
exhaustion when many simultaneous connections are
open. Linux in particular makes it difficult to
increase this value. To use more sockets with
select(), set ISC_SOCKET_FDSETSIZE. Example:
STD_CDEFINES="-DISC_SOCKET_FDSETSIZE=4096" ./configure
(This should not be necessary in most cases, and
never for an authoritative-only server.) [RT #18328]
2405. [cleanup] The default value for dnssec-validation was changed to
"yes" in 9.5.0-P1 and all subsequent releases; this
was inadvertently omitted from CHANGES at the time.
2404. [port] hpux: files unlimited support.
2403. [bug] TSIG context leak. [RT #18341]
2402. [port] Support Solaris 2.11 and over. [RT #18362]
2401. [bug] Expect to get E[MN]FILE errno internal_accept()
(from accept() or fcntl() system calls). [RT #18358]
2399. [bug] Abort timeout queries to reduce the number of open
UDP sockets. [RT #18367]
2398. [bug] Improve file descriptor management. New,
temporary, named.conf option reserved-sockets,
default 512. [RT #18344]
2397. [bug] gssapi_functions had too many elements. [RT #18355]
2396. [bug] Don't set SO_REUSEADDR for randomized ports.
[RT #18336]
2395. [port] Avoid warning and no effect from "files unlimited"
on Linux when running as root. [RT #18335]
2394. [bug] Default configuration options set the limit for
open files to 'unlimited' as described in the
documentation. [RT #18331]
2393. [bug] nested acls containing keys could trigger an
assertion in acl.c. [RT #18166]
2392. [bug] remove 'grep -q' from acl test script, some platforms
don't support it. [RT #18253]
2387. [bug] Silence compiler warnings in lib/isc/radix.c.
[RT #18147] [RT #18258]
--- 9.4.2-P2 released ---
2406. [bug] Some operating systems have FD_SETSIZE set to a
low value by default, which can cause resource
exhaustion when many simultaneous connections are
open. Linux in particular makes it difficult to
increase this value. To use more sockets with
select(), set ISC_SOCKET_FDSETSIZE. Example:
STD_CDEFINES="-DISC_SOCKET_FDSETSIZE=4096" ./configure
(This should not be necessary in most cases, and
never for an authoritative-only server.) [RT #18328]
2404. [port] hpux: files unlimited support.
2403. [bug] TSIG context leak. [RT #18341]
2402. [port] Support Solaris 2.11 and over. [RT #18362]
2401. [bug] Expect to get E[MN]FILE errno internal_accept()
(from accept() or fcntl() system calls). [RT #18358]
2399. [bug] Abort timeout queries to reduce the number of open
UDP sockets. [RT #18367]
2398. [bug] Improve file descriptor management. New,
temporary, named.conf option reserved-sockets,
default 512. [RT #18344]
2396. [bug] Don't set SO_REUSEADDR for randomized ports.
[RT #18336]
2395. [port] Avoid warning and no effect from "files unlimited"
on Linux when running as root. [RT #18335]
2394. [bug] Default configuration options set the limit for
open files to 'unlimited' as described in the
documentation. [RT #18331]
2392. [bug] remove 'grep -q' from acl test script, some platforms
don't support it. [RT #18253]
2322. [port] MacOS: work around the limitation of setrlimit()
for RLIMIT_NOFILE. [RT #17526]
This release fixes a bug in the Unicode video title treatment, and another
one with output templates referencing absolute paths. The main change is
the program being able to download videos from metacafe.com and YouTube
playlists.
Also some pkgsrc cleanup.
Thanks to athaba, netcap, and tvierling.
Changes in version 0.2.0.30 - 2008-07-15
This new stable release switches to a more efficient directory
distribution design, adds features to make connections to the Tor
network harder to block, allows Tor to act as a DNS proxy, adds separate
rate limiting for relayed traffic to make it easier for clients to
become relays, fix a variety of potential anonymity problems, and
includes the usual huge pile of other features and bug fixes.
