---------------------
Features:
* Server is logging remote control commands
* 'knotc reload' doesn't refresh unchanged zones
* 'knotc -f refresh' forces zone retransfer
Bugfixes:
* Missing notifications after DDNS/automatic resign
* Zone is rebootstrapped if the zone file is unreadable
* Progressive bootstrap retry backoff
* Zone file parser allows asterisk as part of the label
* Journal maximum entry size fixes
* Sign DNSKEYs in non-apex nodes as regular RR sets
* Various spelling and typo fixes
Upstream changes:
* Added handler for SIGXFSZ signal (Eric Stanley)
* Fixed bug #444: Nagios 3.5.0 problem with macro $ADMINEMAIL$ :
@ is converted to %40 after 2 nagios reload (Duplicate of bug #407)
* Fixed bug #407: Reloading nagios config causes spaces in
notifications to become plus signs (Alexey Dvoryanchikov)
* Fixed bug #445: Adding triggered downtime for child hosts causes
a SIGSEGV on restart/reload (Eric Stanley)
* Fixed bug #375: Freshness expiration never reached and bug #427:
freshness threshold doesn't work if it is set long (Scott Wilkerson,
Eric Stanley)
* Fixed bug #432: Downtime scheduled as "Nagios Process" and not
the Users name (Sam Lansing, Eric Stanley)
off-by-one errors causing information leakage and possibly DoS.
Restructure the patch files to follow the newer naming conventions.
Add the rc.d script to PLIST.
Bump PKGREVISION.
future releases, the most prominent of which is removal of rancid-fe and
several device-specific script in exchange for device-specific and generic
libraries and a generic script. The generic script, which assumed the
name rancid, loads the relevant library and runs commands as defined by a
configuration file, which means less code duplication, users can more
easily adjust the commands that are run and create their own "device_types"
or filters without altering the base code, and hopefully this means it is
easier for users to upgrade to future versions.
See rancid.types.conf(5). Please, for your benefit and ours, do not alter
the rancid.types.base configuration file; new versions of RANCiD purposely
overwrite this file at installation time.
Not all of the device types have been converted to libraries yet, just
the prominent ones or those prominent to us: Cisco, Juniper, Compass,
Arbor, MRV. We also still have suggestions from users about this new
process to consider and/or implement.
3.0 also includes a new version of par(1) implemented in C. It fixes a
few bugs in the perl version and hopefully does not introduce any new ones.
NOTE WELL: The router.db field separator has been changed to ';' from ':'
to avoid conflict with IPv6 addresses and etc.
==== All Platforms ====
* Fix webseed crash
* Fix crash when adding UDP trackers whose host's canonical name couldn't be found
* Fix crash when sending handshakes to some peers immediately after adding a magnet link
* Fix crash when parsing incoming encrypted handshakes when the user is removing the related torrent
* Add safeguard to prevent zombie processes after running a script when a torrent finishes downloading
* Fix "bad file descriptor" error
* Queued torrents no longer show up as paused after exiting & restarting
* Fix 2.81 compilation error on OpenBSD
* Don't misidentify Tixati as BitTornado
==== Mac Client ====
* Fix bug that had slow download speeds until editing preferences
==== GTK+ Client ====
* Fix crash that occurred in some cases after using Torrent > Set Location
* Fix crash where on_app_exit() got called twice in a row
* Fix 2.81 compilation error on older versions of glib
* Can now open folders that have a '#' in their names
* Silence gobject warning when updating a blocklist from URL
==== Qt Client ====
* Qt 5 support
==== Web Client ====
* Fix syntax error in index.html's meta name="viewport"
* Fix file uploading issue in Internet Explorer 11
Changelog:
aria2 1.18.4
============
Release Note
------------
This release adds new RPC authorization mechanism using --rpc-secret
option. The existing --rpc-user and --rpc-passwd options are now
deprecated, and all applications using RPC API is strongly encouraged
to migrate to the new mechanism. See RPC INTERFACE section in aria2
manual page for the details. The new RPC method, aria2.saveSession,
was added, which tells aria2 server to save session file immediately.
There are several enhancements and bug fixes. See the changes for the
details.
Changes
-------
* Added support for RPC channel encryption in aria2rpc
Patch from David Macek
* Add aria2.saveSession RPC method
This method saves the current session to a file specified by
--save-session option. This method returns "OK" if it succeeds.
* Add numStoppedTotal key to aria2.getGlobalStat() RPC method response
It shows the number of stopped downloads in the current session and
not capped by --max-download-result option. On the other hand, the
existing numStopped key also shows the number of stopped downloads,
but it is capped by --max-download-result option.
* Better handling of 30x HTTP status codes
Reference: http://greenbytes.de/tech/tc/httpredirects/
* Implement new RPC authorization using --rpc-secret option
Add future deprecation warning to --rpc-user and --rpc-passwd. Warn
if neither --rpc-secret nor a combination of --rpc-user/rpc-passwd
is set.
* Add --enable-color option to enable/disable terminal color output
* Add DSCP support
* gnutls: Don't fail handshake if returned error is not fatal
* Add workaround GnuTLS bug with OCSP status extension and
non-blocking socket
GnuTLS version 3.1.3 - 3.1.18 and 3.2.0 - 3.2.8, inclusive, has this
bug. For these versions, we disable OCSP status extension.
* Make GnuTLS log level dependent on the aria2 ones
aria2 1.18.3
============
Release Note
------------
This release fixes the bug which may cause assertion failure after
multi-file downloads (e.g., multi-file metalink or torrent) are
performed several times due to the bad handling of --bt-max-open-files
option.
Changes
-------
* Fix crash if unpause failed before assigning BtProgressInfoFile
object
* Enable and check PIE in makerelease-osx
* Fix bug that numOpenFile_ is not reduced when MultiDiskAdaptor is
deleted
This bug caused assertion error in
RequestGroupMan::ensureMaxOpenFileLimit
o OSPF stub router option (RFC 3137).
o TTL security for OSPF and RIP.
o Protocol packet priority and traffic class handling.
o Multiple routing tables support for FreeBSD and OpenBSD.
o Extends constants to all filter data types.
o Implements eval command.
o 'bgppath ~ int set' filter operation.
o Several bugfixes.
Version 1.3.10 (2013-04-30)
o Lightweight BIRD client for embedded environments.
o Dynamic IPv6 router advertisements.
o New 'next hop keep' option for BGP.
o Smart default routing table for 'show route export/preexport/protocol'.
o Automatic router ID selection could be configured to use address of loopback.
o Allows configured global addresses of NBMA neighbors in OSPFv3.
o Allows BIRD commands from UNIX shell even in restricted mode.
o Route limits inherited from templates can be disabled.
o Symbol names enclosed by apostrophes can contain dots.
o Several bugfixes.
Version 1.3.9 (2013-01-11)
o BIRD can be configured to keep and show filtered routes.
o Separate receive and import limits.
o Several new reconfiguration cmd options (undo, timeout, check).
o Configurable automatic router ID selection.
o Dragonfly BSD support.
o Fixed OSPFv3 vlinks.
o Several minor bugfixes.
Version 1.3.8 (2012-08-07)
o Generalized import and export route limits.
o RDNSS and DNSSL support for RAdv.
o Include in config file support wildcards.
o History deduplication in BIRD client.
o New route attributes krt_source, krt_metric.
o Different instance ID support for OSPFv3.
o Real broadcast mode for OSPFv2.
o Several minor bugfixes.
Version 1.3.7 (2012-03-22)
o Route Origin Authorization basics.
o RIPng working again.
o Extended clist operations in filters.
o Fixes several bugs in BSD iface handling.
o Several minor bugfixes and enhancements.
==============================
Release Notes for Samba 3.6.23
March 11, 2014
==============================
This is a security release in order to address
CVE-2013-4496 (Password lockout not enforced for SAMR password changes).
o CVE-2013-4496:
Samba versions 3.4.0 and above allow the administrator to implement
locking out Samba accounts after a number of bad password attempts.
However, all released versions of Samba did not implement this check for
password changes, such as are available over multiple SAMR and RAP
interfaces, allowing password guessing attacks.
== 1.7.2 - 21-Jan-2014
* Fixed a bug in the Ping::HTTP constructor where it was not honoring the
port if provided as the second argument. Thanks go to Florian Anderiasch
for the spot.
* Removed win32-open3 require in the Ping::External class since it isn't
needed in Ruby 1.9.x or later.
* Refactored the Ping::External class so that it checks the exit status rather
than try to parse output. Thanks go to Miguel Tubia for the suggestion.
* Dropped explicit support for Windows XP.
* Removed reference to win32-open3 in README.
== 1.7.1 - 26-Sep-2013
* Fixed a bug in the Ping::TCP class where it could return nil instead
of false. Thanks go to Grandy Nguyen for the patch.
== 1.7.0 - 25-Aug-2013
* Now requires Ruby 1.9.x or later.
* Replaced the main ping code for the Ping::TCP class. The timeout module
really doesn't work very well with sockets, and so a raw socket approach
combined with IO.select is now used instead.
* Updates to the doc/ping.txt file.
== 1.6.2 - 8-Aug-2013
* Fixed a bug in the ICMP ping helper module. Thanks go to Yuichi
Tsunematsu for the spot.
* The win32-security library is not just a development dependency. Thanks
again go to Yuichi Tsunematsu for the spot.
* Updated the icmp ping tests.
* Updated the gemspec for MS Windows.
== 1.6.1 - 17-Jul-2013
* Automatically set the scheme to "http" if not present when performing
HTTP pings. See https://bugs.ruby-lang.org/issues/8645 for an issue
with the uri library that led to this change. Thanks go to Preston Lee
for the spot.
* Removed the windows/system_info dependency, since it added other
dependencies just to check the Windows version. Instead, I added a
helper file that adds some needed Windows functions using FFI.
* Added Rake as a development dependency and updated the Gemfile
source because Bundler. Thanks to Jean-Philippe Doyle for the patches.
* Added some warning text to the Net::Ping::External tests for users
who are using OpenDNS. In short, you will probably get test failures
and surprising true results for bad hosts.
== 1.6.0 - 19-Mar-2013
* Split out the ldap portion of the code into its own branch.
* Don't require resolv-replace on Ruby 1.9.3 or later.
* Now gets proxy information from the http_proxy, https_proxy, and
no_proxy environment variables and uses that when making requests.
Thanks go to Kevin Olbrich for the patch.
## Changes between 1.9.x and 1.10.0
### Signed 16 Bit Integer Decoding
Signed 16 bit integers are now decoded correctly.
Contributed by Benjamin Conlan.
## Changes between 1.8.0 and 1.9.0
### Performance Improvements in AMQ::BitSet
`AMQ::BitSet#next_clear_bit` is now drastically more efficient
(down from 6 minutes for 10,000 iterations to 4 seconds for 65,536 iterations).
Contributed by Doug Rohrer, Dave Anderson, and Jason Voegele from
[Neo](http://www.neo.com).
## Changes between 1.7.0 and 1.8.0
### Body Framing Fix
Messages exactly 128 Kb in size are now framed correctly.
Contributed by Nicolas Viennot.
Bug Fixes:
- Fix nsd.db unclean close check. Previous databases are considered
unclean by the code and are created anew.
- Adds nsd.db larger than 400Tb check for sanity. Also test if
filesize as documented in the file is correct.
- nsd waits for tasks to complete on stop, prevents nsd.db corruption.
- fix to not delete tmpdir too early in shutdown process.
- disabled udb checking functionality that made it very slow,
this was enabled when enable-checking was turned on.
Features:
* separate ldns into core ldns inside ldns/ subdirectory. No more
configure --with-ldns is needed and unbound does not rely on libldns.
* Accept ip-address: as an alternative for interface: for
consistency with nsd.conf syntax.
* Fix ref#536: acl_deny_non_local and refuse_non_local added.
* so-reuseport: yesno option to distribute queries evenly over
threads on Linux (Thanks Robert Edmonds).
Reuseport is attempted, then fallback to without on failure.
* delay-close: msec option that delays closing ports for which
the UDP reply has timed out. Keeps the port open, only accepts
the correct reply. This correct reply is not used, but the port
is open so that no port-denied ICMPs are generated.
Bug Fixes:
* Fix#528: if very high logging (4 or more) segfault on allow_snoop.
* Fix#531: Set SO_REUSEADDR so that the wildcard interface and a
more specific interface port 53 can be used at the same time, and
one of the daemons is unbound.
* if configured --with-libunbound-only fix make install.
* Patch from Neel Goyal to fix callback in libunbound.
* Patch from Neel Goyal to fix async id assignment if callback
is called by libunbound in the mesh attach.
* Fix bug#537: compile python plugin without ldns library.
* Windows port, adjust %lld to %I64d, and warning in win_event.c.
* Fix#544: Fixed +i causes segfault when running with module conf
"iterator".
* Fix#547: no trustanchor written if filesystem full, fclose checked.
* unbound-event.h is installed if you configure --enable-event-api.
It contains low-level library calls, that use libevent's event_base
and a wireformat return packet in a buffer to perform async
resolution in the client's eventloop.
* speed up unbound, by reducing lock contention on localzones.lock.
* Fix parse (in ldns) of quoted parenthesized text strings.
* Detect libevent2 install automatically by configure and fixup
link with lib/event2 subdir.
* Fix#551: License change "Regents" to "Copyright holder", matching
the BSD license on opensource.org.
* Fix parse of #553(NSD) string in sldns, quotes without spaces.
* Be lenient when a NSEC NameError response with RCODE=NXDOMAIN is
received. This is okay according 4035, but not after revising
existence in 4592. NSEC empty non-terminals exist and thus the
RCODE should have been NOERROR. If this occurs, and the RRsets
are secure, we set the RCODE to NOERROR and the security status
of the response is also considered secure.
* iana portlist updated.
* Fix bug#561: contrib/cacti plugin did not report SERVFAIL rcodes
because of spelling..
Features:
* Return REFUSED for queries to non-hosted zones.
Bug Fixes:
* Fix expired zones to give SERVFAIL, also when parent zone loaded.
* documented nsd-control zonestatus output in nsd-control manpage.
* remove mention of nsdc from nsd-checkconf manpage.
* Disabled recvmmsg and sendmmsg usage by default because kernel
versions have implementation issues: ipv6 ignored, security issues.
* Detect libevent2 install automatically by configure, and use
event2 header files if necessary.
* Fix#551: change Regent to Copyright holder in the LICENSE,
to match the definition on opensource.org for the BSD License.
* Fix#552: zonefile loads on nsd-control reconfig when the name
of the file has changed.
* Fix leak of zone name after zonefile read and fix malloc too
large that would be leaked in the radix tree.
* Fix from 3.2: make SOA RDATA comparisons in XFR more lenient (only
check serial).
* Fix that NSD will delete and recreate not-clean-closed databases.
libnice 0.1.5 (2014-03-06)
==========================
API: nice_agent_recv() and nice_agent_recv_nonblocking() as an alternative to
the nice_agent_attach_recv()
API: nice_agent_recv_messages() and nice_agent_recv_messages_nonblocking() to
receive multiple messages at the same time
API: nice_agent_get_io_stream() to get a GIOStream in reliable mode
API: nice_agent_get_selected_socket() to extract the selected GSocket
Import Google's newer PseudoTCP code including window scaling
Improve PseudoTCP performance
Improve performance
Build fixes
