pkgsrc, in preparation for gnome1-libs removal(*).
There was no feedback for keeping these packages after my
HEADS UP mail to pkgsrc-users a week ago.
(*) More to come before that can happen, though.
Patch provided by MAINTAINER, Bartosz Kuzma in PR 36250.
Changes from 3.0.540 to 3.0.619:
- Decode DLT_PPP and DLT_PPP_SERIAL on NetBSD,
patch courtesy of Bartosz Kuzma.
- Don't use pcap_setnonblock(), with help from Colin Phipps.
- Reduce the number of syscalls made.
- Answer FAQ about graph axes / labels / scale.
- Fix build on OpenBSD (thanks Chris!) and Solaris.
- Commandline arg (-n) to disable promiscuous mode when
sniffing, thanks to Chris Kuethe for the implementation.
- Commandline arg (-r) to disable DNS resolver.
- Track and report per-host last seen MAC address.
- Move FAQ into manpage.
- Implement display of start time and running time.
- Web: implement sorting the hosts table by in/out/total.
- Web: implement paging through the hosts table.
- Web: implement full view of hosts table.
- Don't die if the capture interface loses its IP address.
- Make daemonize (previously -d) the default, and make -D the
argument to suppress it.
- Commandline arg (-l) to graph traffic entering/leaving the
local network as opposed to just the local IP. v2 had this.
- Allow configure-time override of CHROOT_DIR and PRIVDROP_USER.
- Web: new color scheme.
This is the Perl API for (the consumer half of) OpenID, a distributed
identity system based on proving you own a URL, which is then your
identity. More information is available at:
http://openid.net/
The package was originally created by Roman Kulik in pkgsrc-wip. Very
small changes by me.
The RPC::XML package is an implementation of XML-RPC. The module
provides classes for sample client and server implementations, a
server designed as an Apache location-handler, and a suite of
data-manipulation classes that are used by them.
FIX: Rewritten speed limiting code, so limits work much better now
FIX: Directory entry and path caching
FIX: Minor file exists dialog problems
FIX: Some issues related to using multiple transfer threads
FIX: Local directory scans now honor priority settings
FIX: Total speed display for multiple running transfers (patch by David
Gnedt)
ADD: Added a quick option to set speed limits and number of threads
2007/04/23: version 2.8.5 = tag release-2-8-5
5855: Increase Unix32.max_cache_size, fix max_opened_connections check
(thx to pango)
2007/04/21
5878: HTML: Fix preview in vd <num> broken by patch #5866
2007/04/20
5876: HTML: Send mime-type video/mpeg for file extension .vob
2007/04/19
5857: EDK: Remove upload compression (patch #5665) due to ineffective caching
5875: Swarmer: Some cosmetic changes (pango)
5856: EDK: Set TCP backlog to max_upload_slots for donkey_port socket
5869: EDK/Swarmer: Try harder to read corrupt files.ini
- reset chunk table to missing after re-creating a missing temp file
- discard swarmers without files entry in files.ini instead of stopping
- check that partial hashes file_md4s match with file_md4 when reading files.ini
5870: Updated distrib/mldonkey_submit, it now uses command dllink instead of dd,
it also supports http and sig2dat links (atordo)
2007/04/13
5866: HTML: fix third button row to also successful act within frames (schlumpf)
2007/04/12
5867: EDK: Show country code/flags for indirect clients
5862: BT: Informative GUI console messages after sending a .torrent file to GUI
5859: HTML: Support sending files from $MLDONKEY_DIR/html_themes/
2007/04/10
5861: HTML: Fix errors reported by w3.org validator in html_header_mods0
5860: HTML: fix broken refresh on Opera/Safari (schlumpf)
2007/04/08
5854: Set shared_check_files = 0 to disable scanning of shared directories
5853: New option defaults
- download_sample_size 100, 10 is too low, download rate is computed wrong
- ED2K-propagate_sources false, this activates outdated MLDonkey-style source
exchange, MLDonkey supports eMule-style source exchange which is not affected
by this option
- ED2K-update_server_list_server should be false, there are lots of fake servers
out there, trust only servers from trusted server lists. For more details read
http://mldonkey.sourceforge.net/ServerList#Fake_search_results
- ED2K-upload_full_chunks should be true to reflect the same default eMule uses
- ED2K-upload_compression_table_size should not be smaller than max_upload_slots
2007/04/03
5821: New variables for file_completed_cmd:
file_group_cnt, file_group_user, file_group_dir
5849: EDK: Report correct short versions for Windows clients
2007/04/02
5847: BT: Fix exceptions when handling BT clients as friends
5845: Do not reverse order in files.ini after restart (pango)
5844: HTML: Keep totals line when sorting statistics tables (schlumpf)
CVE-2007-2241: A sequence of queries can cause a recursive nameserver
to exit. While it is unlikely these will occur in normal operation, an
attack can use them to cause the affected versions to exit. This attack
is a denial of service, and does not allow an attacker to gain control
of affected systems.
TeamSpeak is a quality, scalable application which enables people
to speak with one another over the Internet. TeamSpeak consists of
both client and server software. The server acts as a host to
multiple client connections, capable of handling literally thousands
of simultaneous users. This results in an Internet based teleconferencing
solution that works in a variety of applications such as team mates
speaking with one another while playing their favorite online game,
small businesses cutting costs on long distance charges, or for
personal communication with friends and family.
This package contains the TeamSpeak server for Linux/i386
* DragonFly BSD support by Hans-Werner Hilse
* Solaris 10 fixes by Sunil
* support to read obfuscated passwords from .pcf files, based on work
from "HAL-9000@evilscientists.de"
* granted Dan Villiom Podlaski Christiansen svn commit privileges
* Darwin support by Dan Villiom Podlaski Christiansen
* UDP IP keepalive support from FreeBSD port
* Juniper/ScreenOS support from Marc Huber
* replace "--disable-natt --force-natt --udp" with "--natt-mode"
* null cipher support from Simon Lipp
* Windows/Cygwin and tap support from Paolo Zarpellon
* rekeying support
* various other fixes contributed by Joerg Mayer, Heiko Stamer, Plamen
Todorov, Asgeir, Jukka Salmi, Wolfram Sang, Laurence MOINDROT, Chris
Osicki, Anton Altaparmakov, Adam Simpkins, Ken Bell, Hanno Boeck,
Kyle McKay, Dennis Schneider
Also, the binary is now in .../sbin instead of .../bin.
Patch contributed by Jukka Salmi <j+pkgsrc@salmi.ch> in private mail.
Major Changes:
- Several changes to WPAN module.
- Several changes to allow ns to compile on Solaris with the Sun C compiler.
- Significant change to PackMime-HTTP HTTP/1.1 behavior.
- Updated SCTP implementation.
- corrected sendpacket() signature.
- Major XCP cleanup.
- Minor changes to TCP.
- TFRC changes.
- Adding DelayBox and PackMimeHTTP modules.
Version 3.5.11 - 2007-04-11
* fixed mirror for MDTM-less ftp servers.
* fixed readline prompt for \[\] (visible on win32).
* fixed compilation with Sun native compiler (Yann Rouillard).
Version 3.5.10 - 2007-03-26
* fixed core dump when doing ls on file: connection.
* fixed core dump when doing pget to write-protected directory.
Fix compiling on AIX (, at end of ENUM)
Updated list of DNS RR typecodes
Use local Ethernet defs on WIN32
Add support for Frame-Relay ARP
Fixes for compiling under MSVC++
Add support for parsing Juniper .pcap files
Add support for FRF.16 Multilink Frame-Relay (DLT_MFR)
Rework the OSPFv3 printer
Fix printing for 4.4BSD/NetBSD NFS Filehandles
Add support for Cisco style NLPID encapsulation
Add cisco prop. eigrp related, extended communities
Add support for BGP signaled VPLS
Cleanup the bootp printer
Add support for PPP over Frame-Relay
Add some bounds checking to the IP options code, and clean up
the options output a bit.
Add additional modp groups to ISAKMP printer
Add support for Address-Withdraw and Label-Withdraw Msgs
Add support for the BFD Discriminator TLV
Fixes for 64bit compiling
Add support for PIMv2 checksum verification
Add support for further dissection of the IPCP Compression Option
Add support for Cisco's proposed VQP protocol
Add basic support for keyed authentication TCP option
Lots of minor cosmetic changes to output printers
part of the network initialization. Use similar dependences as the
(corrected) "route6d" script. Bump package revision because of this fix.
This should fix PR pkg/36203.
News
Jan 5th 2007
Version 1.0.7 released.
* Fixed a bug that caused slow network speeds on Windows.
* Fixed a bug that caused tinc unable to write packets to the tun device on OpenBSD.
Dec 18th 2006
Version 1.0.6 released.
* More flexible detection of the LZO libraries when compiling.
* Fixed a bug where broadcasts in switch and hub modes sometimes would not work anymore when part of the VPN had become disconnected from the rest.
Nov 14th 2006
Version 1.0.5 released.
* Lots of small fixes.
* Broadcast packets no longer grow in size with each hop. This should fix switch mode (again).
* Generic host-up and host-down scripts.
* Optionally dump graph in graphviz format to a file or a script.
* Support LZO 2.0 and later.
to version 0.7.4. Changes since versions 0.11.1 and 0.7.1 respectively:
- Added "max_open_http" option that limits the max number of simultaneous
http connections. By default set to 32.
- Directory structured view of the file list. The '/' key collapses
directories, while the right arrow or ^F enters the selected directory.
Changing the priority for a directory changes all contained files.
- Added "create_link" and "delete_link" options which apply to a download.
These must be used with the new "on_*" options, so as to allow you to
create symbolic links when starting, stopping, finishing, etc, a torrent.
- The "tos" option was parsing the hex value with unit == 0, which caused
it to always zero it.
- Forgot to check if there were any torrents hashing before starting new
non-fast-resume checks, which would cause multiple torrents to be hashed
at once.
- File progress is now updated when hash_check is called, and no longer
cleared on close. This fixes a bug with >100% file progress being reported
and optimizes file progress updating for completed torrents.
- Disabled IPv6 http requests so the trackers won't think we support it,
and enabled curl's support for gzip encodings.
- Added 'seeding' view on key 8.
- Added "max_{up,down}loads_{div,global}" options. See the man page for
more information.
- Added support for dvorak keyboard layout. Patch by matled at gmx.net.
- The STOPPED request was being canceled when a download was closed with
f.ex ^K, moved it so it only happens when the download is removed.
- Allow properly quoted and escaped arguments to options. F.ex "schedule
= wd,10,10,load_start=~/Foo\ Bar/*.torrent" and "schedule =
wd,10,10,load_start="~/Foo Bar/*.torrent"" now works.
- Added unlimited setting for max unchoked in ChokeManager and made it
the default. Set with 0 as a temporary hack.
- Don't resize empty files used for creating directories.
Feature Improvements
* Added more dictionaries
Bug Fixes
* Corrected typo in rlm_pap.c (closes#440)
* Corrected typo in src/main/auth.c (closes#437)
* Suppress SSL error messages if error is zero. (closes#436)
* Don't complain about "Error in read client certificate A" if we expect to
read it in the next packet. Fix based on patch by Dan Lukes.
* Corrected nearly 30 bugs found by Coverity See also http://scan.coverity.com
* Don't die on HUP. Instead leak memory (sorry). After a few hundred HUP's, the
server will have leaked a few megabytes of memory, and you should probably
re-start it. It's ugly, but better than dying. (Closes#426)
* Corrected a few double free's
* Corrected typo in radrelay, which prevented it from working
* Made Firebird module build
* Fixed bug in PostgreSQL module that caused server crash.
* Fixed bug in SQL module that could cause server to crash.
This client library and basic utilities for performing logins authenticated
by a Radiusd server. All these programs are based on a library which lets
you develop a RADIUS-aware application in less than 50 lines of C code.
It is highly portable and runs on Linux, many BSD variants and Solaris.
Vino 2.18.1
===========
Fixes
+ Fix the non-XDAMAGE, non-XSHM support, bug #423887 (Mark)
+ Fix crash on vino_input_init(), bug #425863 (Jonh, Mark)
+ Fix crashes on critical warning in vino-preferences applet,
bug #418836 and bug #423027 (Halton Huo, Jonh)
Vino 2.18.0
===========
Fixes
+ Fix build fail with --enable-http-server (Halton Huo)
+ Fix crash when 'disconnect client' menu item is called twice (Jonh, Mark)
+ Adjusts in .desktop file, making it valid according with freedesktop.org (Jonh)
Vino 2.17.92
===========
Fixes
+ A few issues related to new Vino Status Icon (Jonh, Christian Persch)
+ Adjust Categories in desktop file according with new Control Center (Denis Washington)
+ Fix minor issues about GnomeIconTheme usage (Jani Monoses)
+ Updates port number in preferences window when server starts (Jonh)
Vino 2.17.5
===========
Features
+ Add D-Bus support so that capplet can find out the port number
from the server (Jonh, Mark)
+ Display a notification bubble when someone connects if we
haven't already prompted the user for authorization (Jonh, Mark)
Fixes
+ Replace deprecated GnomeIconTheme usage with GtkIconTheme (Christian Persch)
+ Don't mark GObject property descriptions for translation (Mark)
Vino 2.17.4
===========
Features
+ Add a status icon allowing you to disconnect users
(Jonh Wendell, Christian Persch, Mark, Calum, Andre Klapper)
Fixes
+ Hide the help button in the prompt dialog (Mark)
+ Fix broken keyboard under Xsun (Halton Huo, Mark)
+ Fix the desktop name remoted to the client (Jonh Wendell)
+ Fix the stringification of the client hostname (Jonh Wendell)
Vino 2.17.2
===========
Features
+ Add "local_only" GConf key for use with SSH tunnels (Mark, Shaya Potter)
+ Add "alternative_port" GConf key (Mark, John Wendell)
+ Add ability to use gnome-keyring to store VNC password (Mark, Steven Zhang)
+ Add IPv6 support (Mark, Srirama Sharma)
Fixes
+ Update for RFB 3.8 (Dan Winship)
+ Fix for X servers which don't support XShm (Dan Winship)
+ Fix CoRRE encoding problem (Mark)
+ Back-port some fixes from upstream libvncserver (Mark)
+ Add GTK category to .desktop file (Mark)
+ Mark some weird glade strings as non-translatable (Mark)
+ Fix icons not changing when icon theme changes (Mark)
+ Use glib's base64 functions instead of our own (Mark)
+ Use GtkLinkButton instead of VinoURL (Mariano Suárez-Alvarez)
Vino 2.16.0
===========
Fixes
+ Fix hang on wrong login (Gary Coady)
+ Build fixes for FreeBSD (Diego Pettenò)
+ Build fixes (Leonardo Boshell)
2006.03.05 Version 1.1.5 has been released.
The focus of this release is stability.
Feature Improvements
* Added more dictionaries
* Dictionary files now MUST NOT be globally writable.
* Configuration files now MUST NOT be globally writable.
* Be more aggressive about freeing memory on clean exit.
* Updated rlm_python.
* Added another experimental SQL IP Pool module
Bug Fixes
* Corrected base64 decoding in rlm_pap
* Don't retransmit accounting packets. The NAS should do this.
* Handle Client-Error in EAP-SIM. (Closes#419)
* Port OpenSSL locking fixes from CVS head. This makes PEAP more stable on i
some systems.
* Require Message-Authenticator in Status-Server packets.
* Correct Tunnel-Medium-Type VALUEs in dictionary.rfc2868.
* Increase buffer size for dynamic expansion, which allows longer SQL queries.
(Closes#405)
* Use correct line number when there's a parse error in one of the
configuration sections. (Closes#421)
* Terminate SSL sessions in EAP on error, rather than continuing in some cases.
* Increase buffer size to allow parsing of long octet strings,
* Fix string termination on xlat in rlm_perl.
* Use the new plugin functionality available and build the dns, random and whois
plugins by default.
* The postgresql and ldap plugins can be optionally built by setting
PKG_OPTIONS.echoping.
6.0.1 (2007-04-04)
* Bug fixes only
6.0.0 (2007-03-26)
* Plugins: several plugins (whois, postgresql, dns) are now
shipped with echoping and you can write your own. All new
protocols will now be supported via plugins. Consequences:
* you now need an Unix with a working dlopen(3)
* echoping now requires the popt parsing library
* popt: echoping now depends on popt. One main change: options
parsing is lightly different so some scripts *may* break. A
typical example is that "old-school" Unix aggreation of arguments
("echoping -v4 localhost") is no longer accepted (use "echoping -v
-4 localhost").
* Many bug fixes, see the list at Sourceforge
Some new features/corrections include:
* new addresses IP-DATAGRAM and UDP-DATAGRAM allow versatile broadcast
and multicast modes
* range option supports form address:mask with IPv4
* changed behaviour of SSL-LISTEN to require and verify client
certificate per default
* filan (and socat -D) could hang when a socket was involved
See: http://www.dest-unreach.org/socat/doc/CHANGES for all the details
Changes since 2.17:
* The native OS X user interface has been enormously improved by Ben
Willmore and Trevor Jim.
* The backup functionality has been completely rewritten. The
external interface has not changed, but numerous bugs, irregular
behaviors, and cross-platform inconsistencies have been corrected.
* Some important safety improvements:
+ Added a new mountpoint preference, which can be used to
specify a path that must exist in both replicas at the end of
update detection (otherwise Unison aborts).
+ The confirmation of "big deletes" is now controlled by a
boolean preference confirmbigdeletes. Default is true, which
gives the same behavior as previously.
+ If Unison is asked to "follow" a symbolic link but there is
nothing at the other end of the link, it will now flag this
path as an error, rather than treating the symlink itself as
missing or deleted.
* Smaller changes:
+ Added forcepartial and preferpartial preferences
+ Refined debugging code so that the verbosity of individual
modules can be controlled separately. Instead of just putting
'-debug verbose' on the command line, you can put '-debug
update+', which causes all the extra messages in the Update
module, but not other modules, to be printed. Putting '-debug
verbose' causes all modules to print with maximum verbosity.
+ Rewrote some of the merging functionality, for better
cooperation with external Harmony instances.
+ Changed the temp file prefix from .# to .unison.
+ Compressed the output from the text user interface
+ Added .mpp files to the "never fastcheck" list
* Many small bugfixes, including:
+ Fixed a bug that would occasionally cause the archives to be
left in non-identical states on the two hosts after
synchronization.
+ Fixed a bug that prevented Unison from communicating
correctly between 32- and 64-bit architectures.
+ Set read-only file to R/W on OSX before attempting to change
other attributes.
+ Fixed bug resulting in spurious "Aborted" errors during
transport (thanks to Jerome Vouillon)
+ Enable diff if file contents have changed in one replica, but
only properties in the other.
+ Removed misleading documentation for 'repeat' preference.
+ Fixed a bug in merging code where Unison could sometimes
deadlock with the external merge program, if the latter
produced large amounts of output.
+ Workaround for a bug compiling gtk2 user interface against
current versions of gtk2+ libraries.
+ Added a better error message for "ambiguous paths".
+ Squashed a longstanding bug that would cause file transfer to
fail with the message "Failed: Error in readWrite: Is a
directory."
2007/04/01: version 2.8.4 = tag release-2-8-4
5840: Some small stuff (logging, code improvements)
5839: IP block: Scan all files inside a .zip file when loading
a blocklist, use the first valid file
5831: BT: New option BT-tracker_retries
2007/03/26
5819: MinGW: Fix charsetstubs.c compile with latest MinGW
2007/03/25
5817: Code updates for Ocaml 3.10.0beta compatability
- to use Ocaml 3.10 add ./configure option --enable-ocamlver=3.10
- MLDonkey will accept the new Ocaml version without this option when
the final version of Ocaml 3.10 is released and proven to be working
- GTK1 oldgui does currently not compile with Ocaml 3.10 code
- lablgtk1 & lablgtk2 compile with Ocaml 3.10, but some MLDonkey code
still needs fixing, GTK1 newgui and GTK2 gui compile with Ocaml 3.10
- parts of the patch by pango
2007/03/24
5813: Options: Use original file rights in tar.gz backup,
save backups with rights 600
2007/03/18
5807: Implement new command "man" to display command help
2007/03/17
5806: Update GNU config.guess and config.sub to version 2007/01
5775: http_client: Fix loading URLs with ()' (orbit)
5781: web_infos: Load local file if remote file can not be accessed
(thx to xergius)
5802: Telnet: Support non-ascii input (Hung-Te Lin)
2007/03/16
Updated Mozilla protocol handler to version 2.0
(re-committed after data loss due to Savannah crash on 2007/03/12)
2007/03/11
5799: Flags: Added Aland Islands, Guernsey and Jersey,
fixed debug_pictures command
5797: Remove unused source code in src/applets/*
5775: removed, it breaks BT downloads
5775: HTML: Fix url parsing for URLs with ()' (orbit)
5774: BT: fix upload managment (orbit)
5786: HTML: small javascript search improve (orbit)
2007/03/08
5787: HTML/Geoip: Show country flags
- new option html_flags to disable display of flags
- favicon.ico now built-in
- fix sorting bug in costats (thx to orbit)
2007/03/06
5784: Gd: Implement binding for function gdImageFilledArc
5773: Geoip: Country-based up-/download statistics
- new ini file statistics.ini, to be used later for all statistics
- new command "costats", accepts parameters:
without parameter it displays all countries where data was transfered to
parameter "all" displays all seen countries, countries where MLDonkey never
saw a client are not part of the statistics data
regular expressions can be used for country names/codes and continents,
like "costats *aus*" (Austria and Australia), "costats *europe* *africa*"
- new command "countries" to print country database
- new command "reset_costats" to reset country statistics
- mem_stats support for modules CommonStats & Geoip
- updated country database based on GeoIP 1.4.2 C-library
2007/03/04
5765: Change hard-coded maximum value for client_buffer_size
- default stays at 500.000
- for high-volume links raise this value to 1.000.000 or higher
5767: HTML: Improve bw_stats
5768: New default for option messages_filter (thx to atordo)
5766: Windows/Unicode: Fix broken get_info function for non-ascii filenames
5782: Improve CommonNetwork.network_display_stats function
2007/02/28
5757: Some improvements for byte-code build
- "make utils" now builds byte-code if needed
- new build targets: mlnet.byte.static, release.mlnet.byte.static
- print configure infos when byte-code is to be compiled
- buildinfo prints the binary name if not "mlnet" or "mlnet.static"
- remove some unneeded variables from configure
5759: OV/KAD: improve stats, remove obsolete options, save bandwidth (bogeyman)
2007/02/19
5754: mld_hash: Compute AICH hashes (thx to pango)
- parameter hash takes new option: aich to compute eMule AICH hashes
- new parameter partial_zone: Display hashing of zones (subparts of chunks)
- new parameter check_keep, keep files after checking functions (-check) for later testing
- parameter check, option filesize is now Int64 and in bytes
5752: Fix core hanging on ARM CPUs
5750: EDK: New option upload_compression_ext_exclude (thx to pango)
- space-separated list of file extensions which are not compressed when uploaded
2007/02/18
5753: Multiuser: New variable $USER_MAIL for file_completed_cmd
5751: Improve startup log messages, remove unused code, optimize Date code
5749: BT: recognize more BT client types (orbit)
5748: KAD/OV: Limit searches for sources (bogeyman)
2007/02/15
5738: Remove obsolete multicast files (orbit)
5743: BT: Show shared torrents in upload list after commit (xergius)
5744: EDK: Fix SecureUserIdent between machines with different endianness
Pkgsrc changes:
- Removed patch-ac for t/11-inet6.t, this got integrated by the software
maintainer.
Changes since version 0.58:
===========================
*** 0.59 September 18, 2006
Fix rt.cpan.org 20836, 20857, 20994, and 21402
These tickets all revolved around proper reverse mapping of IPv6
addresses.
Note that directly calling Question->new() withouth arguments will
cause the qclass,qtype to be IN, A instead of ANY, ANY.
Net::DNS::Resolver's search() method would always gracefully
interpret a qname in the form of an IPv4 address. It would go out
and do a PTR query in the reverse address tree. This behavior has
also been applied to IPv6 addresses in their many shapes and
forms.
This change did two things, 1) root zone not implicitly added to
search list when looking up short name, 2) default domain appended
to short name if DEFNAMES and not DNSRCH.
Fix rt.cpan.org 18113
Minor error due to unapplied part of patch fixed.
Feature: Experimental NSEC3 hooks.
Added hook for future support of (experimental) NSEC3 suppport
(NSEC3 having an experimental type code).
libtrace is a library for trace processing. It supports multiple input methods,
including device capture, raw and gz-compressed trace, and sockets; and
multiple input formats, including pcap and DAG.
Features
* Understands PCAP, ERF, DAG, legacy POS, ATM and Ethernet and preliminary
WAG formats
* Read from tracefile, gz-compressed tracefile
* Native DAG read support
* BPF filter support on all input formats
* Format conversion into ERF and PCAP formats
* Write to tracefile for all formats
* Write to interface via PCAP or Natively under Linux
* libpacketdump, a packet dumping library useful for diagnosis
* Various tools for trace manipulation
Changes:
* Security bugfix:
- SetUID is no longer honored for the local cell by default. The
"fs setcellstatus" command must be issued for any cell the system
administrator wishes to allow setuid files in.
>From 1.4.3:
All unix systems:
- Fix Universal AFS Error mapping when the local OS does not define some
errors.
- Avoid byte range locking for java when it means to ask for a whole file
lock but uses a -1 length.
- Reinit resolver library on afsdb failure.
All systems:
- Make rxdebug be less aggressive when retransmitting.
- Allow unix domain socket for fileserver-volserver communication.
- Fix server fake address support when NetRestrict is being used.
- Fix crash when 3.4 jumbograms are part of an Rx connection.
- Fix crashes in pts chown and pts rename.
- Make asetkey buildable with Heimdal.
- Avoid potential orphaned files during vos restore.
- Improve ubik debug logging.
- Add vldb repair tool.
- Avoid potential bosserver process list corruption.
- Revert to previous fileserver startup attachment order.
>From 1.4.2:
All systems:
* Volume dump parsing code in the volserver has better error checking.
* salvager has improved damaged volume handling on namei fileservers.
* fileserver has size validity checks for when large file support is
disabled.
* fileserver avoids potentially multiply adding a host to its hash table.
* rxkad client private data storage is allocated dynamically on ticket size.
* Handle universal error code translation for file locking.
* fileserver needs to swap callback connections on a client IP change.
* fileserver host package revised to reduce lock contention.
* Rx has been fixed to count hard acks, thus opening the congestion window.
* All servers support bound Rx sockets (on one interface).
* namei fileserver no longer use lockf() to avoid range locking issues.
* most binaries now support the -version switch.
* backup suite fixes for 64 bit platforms.
* volserver avoids holding holds during volume purges.
* volserver avoids losing files on namei during vos zap.
> Since 1.4.1:
All systems:
* Fix rx usage of WSAStartup/WSACleanup
* Fix the code that writes the backconnectionhostnames value
to ensure that the data buffer is written with the correct
length.
* Do not panic if the maximum number of volume entries are in use
and one of them can be recycled.
* Add a missing lock that was lost during the pullup
of patchs for 1.4.1c
* Fix the pthread library so that it can be loaded
and unloaded safely by an application.
Tested by KAWAMOTO Yoshihisa (kawamoto@).
WIDE-DHCPv6 is an open-source implementation of Dynamic Host
Configuration Protocol for IPv6 (DHCPv6) developed by the KAME
project.
The implementation mainly conforms to the following standards:
- RFC3315: Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
- RFC3319: Dynamic Host Configuration Protocol (DHCPv6) Options
for Session Initiation Protocol (SIP) Servers
- RFC3633: IPv6 Prefix Options for Dynamic Host Configuration
Protocol (DHCP)
- RFC3646: DNS Configuration options for Dynamic Host
Configuration Protocol for IPv6 (DHCPv6)
- RFC4075: Simple Network Time Protocol (SNTP) Configuration
Option for DHCPv6
- RFC4242: Information Refresh Time Option for Dynamic Host
Configuration Protocol for IPv6 (DHCPv6)
All the components of the main protocol are provided, i.e.,
DHCPv6 clients, servers, and relay agents.
Supported message types are as follows:
Solicit, Advertise, Request, Renew, Rebind, Release, Reply,
Information-request, Relay-forward and Relay-reply.
Note that the current implementation does not support IPv6
temporary address allocation by DHCPv6, and there is no plan to
implement that feature at the moment.
o security = share and NTLMv2
Fixes an issues with servers set to "security = share" and Vista
clients that send NTLMv2 responses by default.
o Vista Point-n-Print
Fixes several point-n-print bugs with Vista clients.
o BUG 4361
Fix failure when using the Vista backup utility.
o BUG 4093
Fix expansion of the %a smb.conf variable for Vista clients.
o BUG 4356
Fix MS-DFS referrals with Windows Vista clients.
o BUG 4188
Fix for Vista failing to delete directories on a Samba share.
Bump PKGREVISION.
Summary of changes since 1.3.3:
* dns/rdtypes/IN/DHCID.py: Added support for the DHCID RR type.
* dns/query.py (udp): Messages from unexpected sources can now be
ignored by setting ignore_unexpected to True.
* dns/query.py (udp): When raising UnexpectedSource, add more
detail about what went wrong to the exception.
* dns/message.py (Message.use_edns): add reasonable defaults for
the ednsflags, payload, and request_payload parameters.
* dns/message.py (Message.want_dnssec): add a convenience method for
enabling/disabling the "DNSSEC desired" flag in requests.
* dns/message.py (make_query): add "use_edns" and "want_dnssec"
parameters.
* dns/resolver.py (Resolver.read_resolv_conf): If /etc/resolv.conf
doesn't exist, just use the default resolver configuration (i.e.
the same thing we would have used if resolv.conf had existed and
been empty).
* dns/resolver.py (Resolver._config_win32_fromkey): fix
cut-and-paste error where we passed the wrong variable to
self._config_win32_search(). Thanks to David Arnold for finding
the bug and submitting a patch.
* dns/resolver.py (Answer): Add more support for the sequence
protocol, forwarding requests to the answer object's rrset.
E.g. "for a in answer" is equivalent to "for a in answer.rrset",
"answer[i]" is equivalent to "answer.rrset[i]", and
"answer[i:j]" is equivalent to "answer.rrset[i:j]".
* dns/query.py (xfr): Add IXFR support.
* dns/rdtypes/IN/IPSECKEY.py: Added support for the IPSECKEY RR type.
* dns/rdtypes/ANY/SPF.py: Added support for the SPF RR type.
* (Version 1.4.0 released)
* dns/rrset.py (RRset.to_rdataset): Added a convenience method
to convert an rrset into an rdataset.
* Added dns.e164.query(). This function can be used to look for
NAPTR RRs for a specified number in several domains, e.g.:
dns.e164.query('16505551212',
['e164.dnspython.org.', 'e164.arpa.'])
* dns/resolver.py (Resolver.query): The resolver deleted from
a list while iterating it, which makes the iterator unhappy.
* dns/resolver.py (Resolver.query): The resolver needlessly
delayed responses for successful queries.
* dns/rdata.py: added a validate() method to the rdata class. If
you change an rdata by assigning to its fields, it is a good
idea to call validate() when you are done making changes.
For example, if 'r' is an MX record and then you execute:
r.preference = 100000 # invalid, because > 65535
r.validate()
The validation will fail and an exception will be raised.
* dns/ttl.py: TTLs are now bounds checked to be within the closed
interval [0, 2^31 - 1].
* The BIND 8 TTL syntax is now accepted in the SOA refresh, retry,
expire, and minimum fields, and in the original_ttl field of
SIG and RRSIG records.
* dns/resolver.py: The windows registry irritatingly changes the
list element delimiter in between ' ' and ',' (and vice-versa)
in various versions of windows. We now cope by always looking
for either one (' ' first).
* dns/e164.py: Added routines to convert between E.164 numbers and
their ENUM domain name equivalents.
* dns/reversename.py: Added routines to convert between IPv4 and
IPv6 addresses and their DNS reverse-map equivalents.
* dns/rdtypes/ANY/LOC.py (_tuple_to_float): The sign was lost when
converting a tuple into a float, which broke conversions of
south latitudes and west longitudes.
* dns/zone.py: The 'origin' parameter to from_text() and from_file()
is now optional. If not specified, dnspython will use the
first $ORIGIN in the text as the zone's origin.
* dns/zone.py: Sanity checks of the zone's origin node can now
be disabled.
* dns/name.py: Preliminary Unicode support has been added for
domain names. Running dns.name.from_text() on a Unicode string
will now encode each label using the IDN ACE encoding. The
to_unicode() method may be used to convert a dns.name.Name with
IDN ACE labels back into a Unicode string. This functionality
requires Python 2.3 or greater.
* (Version 1.3.5 released)
* dns/zone.py: Zone.iterate_rdatasets() and Zone.iterate_rdatas()
did not have a default rdtype of dns.rdatatype.ANY as their
docstrings said they did. They do now.
* dns/name.py: Added the parent() method, which returns the
parent of a name.
* dns/resolver.py: Added zone_for_name() helper, which returns
the name of the zone which contains the specified name.
* dns/resolver.py: Added get_default_resolver(), which returns
the default resolver, initializing it if necessary.
* dns/resolver.py (Resolver._compute_timeout): If time goes
backwards a little bit, ignore it.
* (Version 1.3.4 released)
* dns/message.py (make_response): Trying to respond to a response
threw a NameError while trying to throw a FormErr since it used
the wrong name for the FormErr exception.
* dns/query.py (_connect): We needed to ignore EALREADY too.
* dns/query.py: Optional "source" and "source_port" parameters
have been added to udp(), tcp(), and xfr(). Thanks to Ralf
Weber for suggesting the change and providing a patch.
* dns/query.py: The requirement that the "where" parameter be
an IPv4 or IPv6 address is now documented.
* dns/resolver.py: The resolver now does exponential backoff
each time it runs through all of the nameservers.
* dns/resolver.py: rcodes which indicate a nameserver is likely
to be a "permanent failure" for a query cause the nameserver
to be removed from the mix for that query.
NetBSD-current.
Changes since 0.2:
0.21_03 Fri Sep 15 11:26:17 IDT 2006
- Received official maintainership from Sergey
- In Makefile.PL check for the location of the header file,
report if it could not be found.
0.21_02 Sep 10 2006
- Cleaning up the C code (indentation)
- More tests
- Cleaning up the documentation, replacing the bad English of Sergey
with the bad English of Gabor.
- new() dies if wrong or duplicate protocols given
All by Gabor Szabo
0.21_01 Sat Sep 9 23:59:07 IDT 2006
- Cleaning up many warnings that were probably due to using gcc 4+
- Cleaning up several assignment errors that were probably due to gcc 4+
- Lots of cleanup in the Perl code
- Add tests
All by Gabor Szabo
requested by <martin>
Changes:
20061217:
=========
- Portability fix: provide a replacement daemon(3) if necessary.
20061204:
=========
- Fix buffer overflow in local version of glob(3). (already fixed in pkgsrc)
- Implement -D to run as a stand-alone daemon.
- Add ftpd.conf(5) options:
hidesymlinks
recvbufsize
- Enforce account expiration, and support shadow password aging where
appropriate.
- Return 450 instead of 550 upon NLST error.
- Portability fixes and improvements.
Changes in libsoup from 2.2.99 to 2.2.100:
* Fixed soup_headers_parse_status_line() so WebDAV response
parsing will work again. [406997]
* Fixed a bug in the header-parsing regression test that
caused the test to fail sometimes, even though the actual
header-parsing code was fine.
an effect of the "check" library installed -- introduce an option
which either requires devel/check or disables it completely
-Being here, update to 1.11. No changelog available.
version 2.24
Updated contrib/openvpn/dnsmasq.patch from Joseph Tate.
Tweaked DHCP NAK code, a DHCP NAK is now unicast as a
fallback in cases where a broadcast is futile: namely in
response to a unicast REQUEST from a non-local network
which was not sent via a relay.
Slightly changed the semantics of domain matching in
--server and --address configs. --server=/domain.com/ still
matches domain.com and sub.domain.com but does not
now match newdomain.com The semantics of
--server=/.domain.com/ are unchanged.
Thanks to Chris Blaise for the patch.
Added backwards-compatible internationalisation support.
The existing make targets, (all, dnsmasq, install) work as
before. New ones (all-i18n, and install-i18n) add gettext.
The translations live in po/ There are not too many
strings, so if anybody can provide translations (and for
the manpage....) please send them in.
Tweak behaviour on receipt of REFUSED or SERVFAIL rcodes,
now the query gets retried on all servers before returning
the error to the source of the query. Thanks to Javier
Kohen for the report.
Added Polish translation - thanks to Tomasz Sochanski.
Changed default manpage install location from /usr/man
to /usr/share/man
Added Spanish translation - thanks to Christopher Chatham.
Log a warning when a DHCP packet is truncated due to lack
of space. (Thanks to Michael Welle for the prompt to do
this.)
Added French translation - thanks to Lionel Tricon.
Added Indonesian translation - thanks to Salman AS.
Tweaked the netlink code to cope with interface broadcast
address not set, or set to 0.0.0.0.
Fixed problem assigning fixed addresses to hosts when more
than one dhcp-range is available. Thanks to Sorin Panca
for help chasing this down.
Added more explict error mesages to the hosts file and
ethers file reading code. Markus Kaiserswerth suffered to
make this happen.
Ensure that a hostname supplied by a DHCP client can never
override one configured on the server. Previously, any
host claiming a name would be given it, even if that
over-rode a dhcp-host declaration, leading to potentially
confusing situations.
Added Slackware package-build stuff into contrib/ The i18n
effort broke the current scripts, and working ones were
needed for testing, so they ended up here rather than make
Pat re-invent the wheel.
Added Romanian translation, thanks to Sorin Panca for
that.
version 2.25
Fixed RedHat spec file for FC4 - thanks to Werner Hoelzl
and Andrew Bird.
Fixed Suse spec file - thanks to Steven Springl.
Fixed DHCP bug when two distict subnets are on the same
physical interface. Thanks to Pawel Zawora for finding
this and suggesting the fix.
Added logging to make it explicit when dnsmasq falls back
from using RT-netlink sockets to the old ioctl API for
getting information about interfaces. Doing this
completely silently made remote debugging hard.
Merged uclibc build fixes from the OpenWRT package into
src/config.h
Added Norwegian translation - thanks to Jan Erik Askildt.
version 2.26
Fixed SuSe rpm patch problem - thanks to Steven Springl.
Fixed crash when attempting to send a DHCP NAK to a host
which believes it has a lease on an unknown
network. Thanks to Lutz Pressler for the bug report and
patch.
version 2.27
Tweaked DHCP behaviour when a client attempts to renew a lease
which dnsmasq doesn't know about. Previously that would always
result in a DHCPNAK. Now, in dhcp-authoritative mode, the
lease will be created, if it's legal. This makes dnsmasq work
better if the lease database is lost, for example on an OpenWRT
system which reboots. Thanks to Stephen Rose for work on
this.
Added the ability to support RFC-3442 style destination
descriptors in dhcp-options. This makes classless static
routes easy to do, eg dhcp-option=121,192.168.1.0/24,1.2.3.4
Added error-checking to the code which writes the lease
file. If this fails for any reason, an error is logged,
and a retry occurs after one minute. This should improve
things eg when a filesystem is full. Thanks to Jens Holze
for the bug report.
Fixed breakage of the "/#/ matches any domain" facility
which happened in 2.24. Thanks to Peter Surda for the bug
report.
Use "size_t" and "ssize_t" types where appropriate in the
code.
Fix buggy CNAME handling in mixed IPv4 and IPv6
queries. Thanks to Andreas Pelme for help finding that.
Added some code to attempt to re-transmit DNS queries when
a network interface comes up. This helps on DoD links,
where frequently the packet which triggers dialling is
a DNS query, which then gets lost. By re-sending, we can
avoid the lookup failing. This function is only active
when netlink support is compiled in, and therefore only
under Linux. Thanks to Jean Wolter for help with this.
Tweaked the DHCP tag-matching code to work correctly with
NOT-tag conditions. Thanks to Lutz Pressler for finding
the bug.
Generalised netid-tag matching in dhcp-range statements to
allow more than one tag.
Added --dhcp-mac to do MAC address matching in the same
way as vendorclass and userclass matching. A good
suggestion from Lutz Pressler.
Add workaround for buggy early Microsoft DHCP clients
which need zero-termination in string options.
Thanks to Fabiano Pires for help with this.
Generalised the DHCP code to cope with any hardware
address type, at least on Linux. *BSD is still limited to
ethernet only.
version 2.28
Eliminated all raw network access when running on
Linux. All DHCP network activity now goes through the IP
stack. Packet sockets are no longer required. Apart from
being a neat hack, this should also allow DHCP over IPsec
to work better. On *BSD and OS X, the old method of raw net
access through BPF is retained.
Simplified build options. Networking is now slimmed down
to a choice of "linux" or "other". Netlink is always used
under Linux. Since netlink has been available since 2.2
and non-optional in an IPv4-configured kernel since 2.4,
and the dnsmasq netlink code is now well tested, this
should work out fine.
Removed decayed build support for libc5 and Solaris.
Removed pselect code: use a pipe for race-free signal
handling instead, as this works everywhere.
No longer enable the ISC leasefile reading code in the
distributed sources. I doubt there are many people left
using this 1.x compatibility code. Those that are will
have to explicitly enable it in src/config.h.
Don't send the "DHCP maximum message size" option, even if
requested. RFC2131 says this is a "MUST NOT".
Support larger-than-minimum DHCP message. Dnsmasq is now
happy to get larger than 576-byte DHCP messages, and will
return large messages, if permitted by the "maximum
message size" option of the message to which it is
replying. There's now an arbitrary sanity limit of 16384
bytes.
Added --no-ping option. This fixes an RFC2131 "SHOULD".
Building on the 2.27 MAC-address changes, allow clients to
provide no MAC address at all, relying on the client-id as
a unique identifier. This should make things like DHCP for
USB come easier.
Fixed regression in netlink code under 2.2.x kernels which
occurred in 2.27. Erik Jan Tromp is the vintage kernel fan
who found this. P.S. It looks like this "netlink bind:
permission denied" problem occured in kernels at least as
late a 2.4.18. Good information from Alain Richoux.
Added a warning when it's impossible to give a host its
configured address because the address is leased
elsewhere. A sensible suggestion from Mircea Bardac.
Added minimal support for RFC 3046 DHCP relay agent-id
options. The DHCP server now echoes these back to the
relay, as required by the RFC. Also, RFC 3527 link selection
sub-options are honoured.
Set the process "dumpable" flag when running in debug
mode: this makes getting core dumps from root processes
much easier.
Fixed one-byte buffer overflow which seems to only cause
problems when dnsmasq is linked with uclibc. Thanks to
Eric House and Eric Spakman for help in chasing this down.
Tolerate configuration screwups which lead to the DHCP
server attemping to allocate its own address to a
client; eg setting the whole subnet range as a DHCP
range. Addresses in use by the server are now excluded
from use by clients.
Did some thinking about HAVE_BROKEN_RTC mode, and made it
much simpler and better. The key is to just keep lease
lengths in the lease file. Since these normally never
change, even as the lease is renewed, the lease file never
needs to change except when machines arrive on the network
or leave. This eliminates the code for timed writes, and
reduces the amount of wear on a flash filesystem to the
absolute minimum. Also re-did the basic time function in
this mode to use the portable times(), rather than parsing
/proc/uptime.
Believe the source port number when replying to unicast
DHCP requests and DHCP requests via a relay, instead of always
using the standard ports. This will allow relays on
non-standard ports and DHCPINFORM from unprivileged ports
to work. The source port sent by unconfigured clients is still
ignored, since this may be unreliable. This means that a DHCP
client must use the standard port to do full configuration.
version 2.29
Fixed compilation on OpenBSD (thanks to Tom Hensel for the
report).
Fixed false "no interface" errors when --bind-interfaces is
set along with --interface=lo or --listen-address. Thanks
to Paul Wise for the report.
Updated patch for SuSE rpm. Thanks to Steven Springl.
It turns out that there are some Linux kernel
configurations which make using the capability system
impossible. If this situation occurs then continue, running
as root, and log a warning. Thanks to Scott Wehrenberg
for help tracking this down.
version 2.30
Fixed crash when a DHCP client requested a broadcast
reply. This problem was introduced in version 2.28.
Thanks to Sandra Dekkers for the bug report.
version 2.31
Added --dhcp-script option. There have been calls for this
for a long time from many good people. Fabio Muzzi gets
the prize for finally convincing me.
Added example dbus config file and moved dbus stuff into
its own directory.
Removed horribly outdated Redhat RPM build files. These
are obsolete now that dnsmasq in in Fedora extras. Thanks
to Patrick "Jima" Laughton, the Fedora package
maintainer.
Added workaround for Linux kernel bug. This manifests
itself as failure of DHCP on kernels with "support for
classical IP over ATM" configured. That includes most
Debian kernel packages. Many thanks to A. Costa and
Benjamin Kudria for their huge efforts in chasing this
down.
Force-kill child processes when dnsmasq is sent a sigterm,
otherwise an unclosed TCP connection could keep dnsmasq
hanging round for a few minutes.
Tweaked config.h logic for uclibc build. It will now pick
up MMU and IPV6 status correctly on every system I tested.
version 2.32
Attempt a better job of replacing previous configuration
when re-reading /etc/hosts and /etc/ethers. SIGHUP is
still not identical to a restart under all circumstances,
but it is for the common case of name->MAC address in
/etc/ethers and name->IP address in /etc/hosts.
Fall back to broadcast for DHCP to an unconfigured client
when the MAC address size is greater than 14 bytes.
Fix problem in 2.28-onwards releases which breaks DNS on
Mac OS X. Thanks to Doug Fields for the bug report and
testing.
Added fix to allow compilation on c89-only compilers.
Thanks to John Mastwijk for the patch.
Tweak resolv file polling code to work better if there is
a race between updating the mtime and file contents. This
is not normally a problem, but it can be on systems which
replace nameservers whilst active. The code now continues
to read resolv.conf until it gets at least one usable
server. Thanks to Holger Mauermann for help with this.
If a client DECLINEs an address which is allocated to it
via dhcp-host or /etc/hosts, lock that address out of use
for ten minutes, instead of forever, and log when it's not
being used because of the lock-out. This should provide
less surprising behaviour when a configured address can't be
used. Thanks to Peter Surda and Heinz Deinhart for input
on this.
Fixed *BSD DHCP breakage with only some
arches/compilers, depending on structure padding rules.
Thanks to Jeb Campbell and Tom Hensel for help with this.
Added --conf-dir option. Suggestion from Aaron Tygart.
Applied patch from Brent Cook which allows netids in
dhcp-option configuration lines to be prefixed by
"net:". This is not required by the syntax, but it is
consistent with other configuration items.
Added --log-facility option. Suggestion from Fabio Muzzi.
Major update to Spanish translation. Many thanks to Chris
Chatham.
Fixed gcc-4.1 strict-alias compilation warning.
version 2.33
Remove bash-specific shellcode from the Makefile.
Fix breakage with some DHCP relay implementations which
was introduced in 2.28. Believing the source port in
DHCP requests and sending the reply there is sometimes a
bad thing to do, so I've reverted to always sending to
the relay on port 68. Thanks to Daniel Hamlin and Alex
(alde) for bug reports on this.
Moved the SuSe packaging files to contrib. I will no
longer attempt to maintain this in the source tarball. It
will be done externally, in the same way as packaging for
other distros. Suse packages are available from
ftp://ftp.suse.com/pub/people/ug/
Merged patch from Gentoo to honour $LDFLAGS environment.
Fix bug in resolv.conf processing when more than one file
is being checked.
Add --dns-forward-max option.
Warn if --resolv-file flags are ignored because of
--no-resolv. Thanks to Martin F Krafft for spotting this
one.
Add --leasefile-ro option which allows the use of an
external lease database. Many thanks to Steve Horbachuk
for assistance developing this feature.
Provide extra information to lease-change script via its
environment. If the host has a client-id, then
DNSMASQ_CLIENT_ID will be set. Either the lease length (in
DNSMASQ_LEASE_LENGTH) or lease expiry time (in
DNSMASQ_LEASE_EXPIRES) will be set, depending on the
HAVE_BROKEN_RTC compile-time option. This extra
information should make it possible to maintain the lease
database in external storage such as LDAP or a relational
database. Note that while leasefile-ro is set, the script
will be called with "old" events more often, since
changes to the client-id and lease length
(HAVE_BROKEN_RTC) or lease expiry time (otherwise)
are now flagged.
Add contrib/wrt/* which is an example implementation of an
external persistent lease database for *WRT distros with
the nvram command.
Add contrib/wrt/dhcp_release.c which is a small utility
which removes DHCP leases using DHCPRELEASE operation in
the DHCP protocol.
version 2.34
Tweak network-determination code for another corner case:
in this case a host forced to move between dhcp-ranges on
the same physical interface. Thanks to Matthias Andree.
Improve handling of high DNS loads by throttling acceptance of
new queries when resources are tight. This should be a
better response than the "forwarding table full..."
message which was logged before.
Fixed intermittent infinite loop when re-reading
/etc/ethers after SIGHUP. Thanks to Eldon Ziegler for the
bug report.
Provide extra information to the lease-change script: when
a lease loses its hostname (because a new lease comes
along and claims the same new), the "old" action is called
with the current state of the lease, ie no name. The
change is to provide the former name which the lease had
in the environment variable DNSMASQ_OLD_HOSTNAME. This
helps scripts which do stuff based on hostname, rather
than IP address. Also provide vendor-class and user-class
information to the lease-change script when a new lease is
created in the DNSMASQ_VENDOR_CLASS and
DNSMASQ_USER_CLASS<n> environment variables. Suggestion
from Francois-Xavier Le Bail.
Run the lease change script as root, even when dnsmasq is
configured to change UID to an unprivileged user. Since
most uses of the lease change script need root, this
allows its use whilst keeping the security advantages of
running the daemon without privs. The script is invoked
via a small helper process which keeps root UID, and
validates all data received from the main process. To get
root, an attacker would have to break dnsmasq and then
break the helper through the restricted comms channel
linking the two.
Add contrib/port-forward/* which is a script to set up
port-forwards using the DHCP lease-change script. It's
possible to add a host to a config file by name, and when
that host gets a DHCP lease, the script will use iptables
to set up port-forwards to configured ports at the address
which the host is allocated. The script also handles
setting up the port-forward iptables entries after reboot,
using the persistent lease database, and removing them
when a host leaves and its DHCP lease expires.
Fix unaligned access problem which caused wrong log
messages with some clients on some architectures. Thanks
to Francois-Xavier Le Bail for the bugreport.
Fixed problem with DHCPRELEASE and multi-address
interfaces. Enhanced contrib/wrt/dhcp_release to cope
under these circumstances too. Thanks to Eldon Ziegler for
input on this.
Updated French translation: thanks to Gildas Le Nadan.
Upgraded the name hash function in the DNS cache. Thanks
to Oleg Khovayko for good work on this.
Added --clear-on-reload flag. Suggestion from Johannes
Stezenbach.
Treat a nameserver address of 0.0.0.0 as "nothing". Erwin
Cabrera spotted that specifying a nameserver as 0.0.0.0
breaks things badly; this is because the network stack
treats is as "this host" and an endless loop ensues.
Added Webmin module in contrib/webmin. Thanks to Neil
Fisher for that.
version 2.35
Generate an "old" script event when a client does a DHCPREQUEST
in INIT-REBOOT or SELECTING state and the lease already
exists. Supply vendor and user class information to these
script calls.
Added support for Dragonfly BSD to src/config.h
Removed "Upgrading to 2.0" document, which is ancient
history now.
Tweak DHCP networking code for BSD, esp OpenBSD. Added a
workaround for a bug in OpenBSD 4.0: there should finally
be support for multiple interfaces under OpenBSD now.
Note that no version of dnsmasq before 2.35 will work for
DHCP under OpenBSD 4.0 because of a kernel bug.
Thanks to Claudio Jeker, Jeb Campbell and Cristobal
Palmer for help with this.
Optimised the cache code for the case of large
/etc/hosts. This is mainly to remove the O(n-squared)
algorithm which made reading large (50000 lines) files
slow, but it also takes into account the size of
/etc/hosts when building hash tables, so overall
performance should be better. Thanks to "koko" for
pointing out the problem.
version 2.36
Added --dhcp-ignore-names flag which tells dnsmasq not to
use names provided by DHCP clients. Suggestion from
Thomas M Steenholdt.
Send netmask and broadcast address DHCP options always,
even if the client doesn't request them. This makes a few
odd clients work better.
Added simple TFTP function, optimised for net-boot. It is
now possible to net boot hosts using only dnsmasq. The
TFTP server is read-only, binary-mode only, and designed to be
secure; it adds about 4K to the dnsmasq binary.
Support DHCP option 120, SIP servers, (RFC 3361). Both
encodings are supported, so both --dhcp-option=120,192.168.2.3
and --dhcp-option=120,sip.example.net will work. Brian
Candler pointed out the need for this.
Allow spaces in domain names, to support DNS-SD.
Add --ptr-record flag, again for DNS-SD. Thanks to Stephan
Sokolow for the suggestion.
Tolerate leading space on lines in the config file. Thanks
to Luigi Rizzo for pointing this out.
Fixed netlink.c to cope with headers from the Linux 2.6.19
kernel. Thanks to Philip Wall for the bug report.
Added --dhcp-bridge option, but only to the FreeBSD
build. This fixes an oddity with a a particular bridged
network configuration on FreeBSD. Thanks to Luigi Rizzo
for the patch.
Added FAQ entry about running dnsmasq in a Linux
vserver. Thanks to Gildas le Nadan for the information.
Fixed problem with option parsing which interpreted "/" as
an address and not a string. Thanks to Luigi Rizzo
for the patch.
Ignore the --domain-needed flag when forwarding NS
and SOA queries, since NS queries of TLDs are always legit.
Marcus Better pointed out this problem.
Take care to forward signed DNS requests bit-perfect, so
as not to affect the validity of the signature. This
should allow DDNS updates to be forwarded.
version 2.37
Add better support for RFC-2855 DHCP-over-firewire and RFC
-4390 DHCP-over-InfiniBand. A good suggestion from Karl Svec.
Some efficiency tweaks to the cache code for very large
/etc/hosts files. Should improve reverse (address->name)
lookups and garbage collection. Thanks to Jan 'RedBully'
Seiffert for input on this.
Fix regression in 2.36 which made bogus-nxdomain
and DNS caching unreliable. Thanks to Dennis DeDonatis
and Jan Seiffert for bug reports.
Make DHCP encapsulated vendor-class options sane. Be
warned that some conceivable existing configurations
using these may break, but they work in a much
simpler and more logical way now. Prepending
"vendor:<client-id>" to an option encapsulates it
in option 43, and the option is sent only if the
client-supplied vendor-class substring-matches with
the given client-id. Thanks to Dennis DeDonatis for
help with this.
Apply patch from Jan Seiffert to tidy up tftp.c
Add support for overloading the filename and servername
fields in DHCP packet. This gives extra option-space when
these fields are not being used or with a modern client
which supports moving them into options.
Added a LIMITS section to the man-page, with guidance on
maximum numbers of clients, file sizes and tuning.
release 2.38
Fix compilation on *BSD. Thanks to Tom Hensel.
Don't send length zero DHCP option 43 and cope with
encapsulated options whose total length exceeds 255 octets
by splitting them into multiple option 43 pieces.
Avoid queries being retried forever when --strict-order is
set and an upstream server returns a SERVFAIL
error. Thanks to Johannes Stezenbach for spotting this.
Fix BOOTP support, broken in version 2.37.
Add example dhcp-options for Etherboot.
Add \e (for ASCII ESCape) to the set of valid escapes
in config-file strings.
Added --dhcp-option-force flag and examples in the
configuration file which use this to control PXELinux.
Added --tftp-no-blocksize option.
Set netid tag "bootp" when BOOTP (rather than DHCP) is in
use. This makes it easy to customise which options are
sent to BOOTP clients. (BOOTP allows only 64 octets for
options, so it can be necessary to trim things.)
Fix rare hang in cache code, a 2.37 regression. This
probably needs an infinite DHCP lease and some bad luck to
trigger. Thanks to Detlef Reichelt for bug reports and testing.
worked. But somehow, today it didn't work anymore.
Fixed everything by removing the patch for the Makefile and doing the
whole build command in the package Makefile.
Fixes PR 35786.
Added optional minimum-number-of-bytes parameter to --inactive directive.
Added --route-metric option to set a default route metric for --route
Added --lladdr option to specify the link layer (MAC) address
for the tap interface on non-Windows platforms
Security Vulnerability CVE-2006-1629
Extended tun device configure code to support ethernet bridging on NetBSD
Added --port-share option for allowing OpenVPN and HTTPS
server to share the same port number.
Added --management-client option to connect as a client to management GUI app
rather than be connected to as a server.
Added "bytecount" command to management interface.
Added --connect-timeout option to control the timeout on TCP client
connection attempts (doesn't work on all OSes). This patch also
makes OpenVPN signalable during TCP connection attempts.
Allow ca, cert, key, and dh files to be specified inline via XML-like syntax
without needing to reference an explicit file.
Allow plugin and push directives to have multi-line parameter lists
Added connect-retry-max option
Added a backtrack-hardened system time algorithm.
Added --remote-cert-ku, --remote-cert-eku, and
--remote-cert-tls options for verifying certificate attributes
Added PKCS#11 support
Added --bind option for TCP client connections
Made LZO setting pushable
Plus numerous bug fixes.
2.6.1 provides new functionality including the following:
* New pattern matcher with a significantly reduced memory footprint
* Introduction of stream5 for experimental use
* Improvements to stream4, including UDP session tracking and optimizations for the reassembly buffer
* Handling for reassembly of SMB fragmented data in DCE/RPC
* An ssh preprocessor for experimental use
* Updated Snort decoder that can decode GRE encapsulated packets
* Output plugin to allow Snort to configure Aruba access control
Snort 2.6.0:
* Tcp stream properly reassembled after failed sequence check, which may lead to possible detection evasion.
* Added configurable stream flushpoints.
* Improved rpc processing.
* Improved portscan detection.
* Improved http request processing and handling of possible evasion cases.
* Improved performance monitoring.
The Snort 2.6 release also introduces the ability to use dynamic rules and dynamic preprocessors and contains further improvements to the Snort detection engine.
Remove snort-{pgsql,mysql,prelude}. The new snort package uses options.mk
to specify build options.
* Major enhancements to rlm_pap, that make "encryption_scheme"
a think of the past. See "man rlm_pap" for details.
* Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use
work-arounds that enable Windows Vista clients to work.
* Added preliminary code to support Firebird.
Use at your own risk!
* Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more
platforms.
* Add a new "reply-name" directive in rlm_sqlcounter to define the
name of the reply attribute.
* Added more dictionaries and attributes
* Print ntlm_auth failure reason in Module-Failure-Message
* radsqlrelay is able to get the DB password from a file instead
of command line.
Bug fixes
* Fix a parse error in the digest module, where malformed
digest requests would result in the user being accepted. Oops...
* VALUEs can only be defined for 'integer', to catch mistakes
with setting VALUEs for type 'string'.
* Better parsing of VALUE names, so that values starting with
a digit work correctly.
* Check return from malloc
* Fix a double free() in rlm_eap_tls.c
* Check return code of malloc() during initialization.
* Fix a corner case where the proxy port isn't set either in
radiusd.conf or in proxy.conf.
new features:
new datagram modes for udp, rawip, unix domain sockets
socat option -T specifies inactivity timeout
rewrote lexical analysis to allow nested socat calls
addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6
socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP,
SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection
addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6
option protocol-family (pf), esp. for openssl-listen
range option supports IPv6 - syntax: range=[::1/128]
option ipv6-v6only (ipv6only)
new tcp-wrappers options allow-table, deny-table, tcpwrap-etc
FIPS version of OpenSSL can be integrated - initial patch provided by
David Acker. See README.FIPS
support for resolver options res-debug, aaonly, usevc, primary, igntc,
recurse, defnames, stayopen, dnsrch
options for file attributes on advanced filesystems (ext2, ext3,
reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump,
ext2-noatime, journal-data etc.
option cool-write controls severeness of write failure (EPIPE, ECONNRESET)
option o-noatime
socat option -lh for hostname in log output
traffic dumping provides packet headers
configure.in became part of distribution
socats unpack directory now has full version, e.g. socat-1.5.0.0/
corrected docu of option verify
corrections:
fixed tcpwrappers integration - initial fix provided by Rudolf Cejka
exec with pipes,stderr produced error
setuid-early was ignored with many address types
some minor corrections
Samba distribution since version 3.0.23. "mysql" and "pgsql" passdb backends
are now maintained via http://pdbsql.sourceforge.net/ and will have to be
packaged separately.
source), from pkgsrc-wip and packaged by iMil.
Csup is a rewrite of CVSup in C.
CVSup(R) is a software for distributing and updating collections of files
accross a network. It can efficiently and accurately mirror all types of files,
including sources, binaries, hard links, symbolic links, and even device nodes.
In addition to being a great general-purpose mirroring tool, CVSup includes
special features and optimizations specifically tailored to CVS repositories.
It is being used as the preferred way to update sources within the FreeBSD,
NetBSD and OpenBSD projects and more.
2007/02/11: version 2.8.3 = tag release-2-8-3
5734: Update camlzip to version 1.03 (thx to orbit for reporting)
5735: BT: Fix make_torrents to sort dictionary entries alphabetically
Bittornado did not read MLDonkey-made torrents (amadeo)
5737: MinGW: Work-around missing Unix.fstat
- fixes failed removal of torrent files from torrents/[incoming|downloads]
2007/02/06
5719: Unix2: Fix copying files > 1GB (1073741823 bytes),
bug was introduced by patch 5589 after release of 2.8.2
2007/02/04
5724: http_client: Retry GET request if HEAD request returns http error 400
5723: HTML: print tracker errors in html table at 'vd <num>' (Schlumpf)
5722: HTML: use Printf2.html_mods_cntr () for table row classes (Schlumpf)
5720: Swarmer: block choice algorithm 2 from patch 5141 is new default
- remove swarming_block_selection_algorithm = 1
because it finishes chunks too slowly
- remove swarming_block_selection_algorithm = 3 from TripleM
because it uses too much CPU power.
- remove option swarming_block_selection_algorithm, hard-coded default is now 2
- remove option block_switching, hard-coded default is now true
2007/01/30
5717: Optimize function print_command_result
2007/01/28
5715: Improve porttest (Schlumpf)
- use 'porttest' command to start the network porttest the first time,
after this to see the results
- new command 'force_porttest' to force an new porttest
- improve html porttest output and make it also available in telnet
5716: EDK: Do not send share list to servers with state Connecting
5713: HTML: show messages link in vd clickable (Schlumpf)
2007/01/25
5712: Multiuser: New verbosity "com" to log commands by non-admin users
5711: Multiuser: Block commands preferred, bs, bp, port for non-admin users
5642: Swarmer: swarming_block_selection_algorithm = 3 (TripleM)
- this new algorithm select always the rarest choice, if average availability
is below 5, or one choice_availability is below average availability
- added a hashtable to store blockmaps of uploaders for a given swarmer
- long term memory usage has to be observed
5710: Swarmer: Fix chunk propagation (pango)
2007/01/21
5693: "voo changed" prints changed options only, useful for support (Schlumpf)
5698: EDK: fix display of porttest result images (Schlumpf)
5699: Multiuser: Fix wrong file path (user_commit_dir) in notification mail
5695: Command "set": better error text if option does not exist
5694: Fix small typo in buildinfo
2007/01/17
5673: New core start parameter: -useradd "user pass", needed for Debian package
5678: New options for command force_web_infos: kind/URL (thx to Schlumpf)
2007/01/15
5691: EDK: Recognize compatibleclient 60: IMPmule (imp-project.net)
5689: EDK: Log downloading file name when client disconnects
5684: GUI: Fix build of mlprogress (Alt linux)
5677: Options: New concept of option types, fix non-admin Sancho http preview
2007/01/11
5665: EDK: Support compressed upload, implement file read cache (TripleM)
new options:
- ED2K_upload_compression to enable compressed upload, default true
- ED2K_upload_compression_threshold, default 2000 bytes
Size difference in bytes between one zone (180 kBytes) and its compressed
counterpart, which has to occure, to send compressed parts instead of plain.
- ED2K_upload_compression_level, Zlib compression level, default 9
- ED2K_upload_compression_table_size, default 20
5669: HTML: Add HTML headers to prohibit browser-side caching (Schlumpf)
5671: Configure: Fix question whether to compile lablgtk, same as patch 5401
5675: Updated Mozilla protocol handler to version 1.10
2007/01/08
5666: New option upload_complete_chunks (TripleM)
- default false, if true, each client is allowed to complete only one chunk,
independent, if it is empty or partial. this setting overrides
upload_full_chunks and dynamic_upload_lifetime, but is, as a failsafe,
limited by upload_lifetime (should be set reasonable high)
5664: EDK: Avoid uploading data more than due
to eMules rotating block requests (pango)
5596: EDK: New option upload_full_chunks (thx to TripleM)
- If the new option upload_full_chunks is set to true, each client is
allowed to receive one chunk, this setting overrides upload_lifetime.
Well, not exactly one chunk. eMule has this code in opcode.h:
#define SESSIONMAXTRANS (PARTSIZE+20*1024) //
"Try to send complete chunks" always sends this amount of data
MLdonkey now does the same, if upload_full_chunks is true and client A got
9728000+20*1024 bytes during the current session its upload slot will be
revoked unless pending slots are empty.
5619: EDK: Print network specific infos in command "vc <num>",
remove unneeded fields from client structures
5627: commonHasher: fix wrong arg types from several functions (Schlumpf)
5626: MinGW: fix missing declarations and wrong pointer
initialization in stubs_c.c (Schlumpf)
2007/01/06
5599: EDK: Support for files >4GB (TripleM, pango)
- this patch does not include >4GB support for Kademlia
5660: Swarming: Enable wrongly disabled select block memoization (pango)
5659: GD: Fix wrong months display (skeeve)
2006/12/08
5617: New option share_scan_interval
- how often (in minutes) should MLDonkey scan all shared directories
for new/removed files, default one minute
- on slow machines raise the interval to a higher value to reduce CPU load
- to force a re-scan of shared directories use command "reshare"
2006/12/06
5613: Another longhelp cleanup (anhi)
5615: EDK: Parse more fields from server.met files
2006/12/04
5612: EDK: OP_HELLO tag 0x75, print os_info in logfile
2006/12/03
5602: HTML: Display share status in upstats
5609: New field type Field_KNOWN, EDK: recognize more HELLO/EmuleInfo tags
5610: CommonSources: Cleanups and reformatting the code (pango)
2006/12/02
5608: Multiuser, chgrp: Prevent change of file_group to None
if the user is not file_owner
5607: Multiuser, chown: Change file_group to user_default_group
if the new user is not member of file_group
5606: Introduce display of session transfer values
- new columns for session up-/download
- send session values to GUIs
2006/12/01
5605: HTML: Fix search list display when html_checkbox_search_file_list = true
2006/11/29
5598: Remove use of deprecated sort module, remove unused sort2.ml* (pango)
5589: New option create_file_mode,
rename create_dir_mask to create_dir_mode (pango)
5595: EDK: Fully parse emule_miscoptions1/2
5594: EDK: If update_server_list_client true, add yet unknown server
of lowid clients
* make cfgmaker detect broken snmpv1 counters more reliably
* latest Net_SNMP_util.pm with many small fixes
* more cfgmaker smarts and documentation for snmpv3
* be happy even if no threshmail sending is configured
* add install target for traffic-summer
* fix mrtg-traffic-sum default catch expression to be in sync with docs
Major changes since version 3.0.22:
- CVE-2007-0452 (Potential Denial of Service bug in smbd)
- CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
- CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)
- Stability fixes for winbindd
- Portability fixes on FreeBSD and Solaris operating systems.
- Authentication failures in pam_winbind when the AD domain
policy is set to not expire passwords.
- Authorization failures when using smb.conf options such
as "valid users" with the smbpasswd passdb backend.
- Ambiguity with unqualified names in smb.conf parameters
such as "force user" and "valid users".
- Errors in 'net ads join' caused by bad IP address in the list
of domain controllers.
- SMB signing errors in the client and server code.
- Domain join failures when using smbpasswd on a Samba PDC.
- Failure to strip the domain name from groups when 'winbind
use default domain = yes'
- Failure in pam_winbind to correctly parse arguments.
- Bad token creation of local users on member servers not
running winbindd.
- Failure to add users or groups to ACLs using the Windows
object picker.
- Failure in file serving code when 'kernel oplocks = yes'.
- New "createupn" option to "net ads join"
- Rewritten Kerberos keytab generation when 'use kerberos
keytab = yes'
- Improved 'make test'
- New offline mode in winbindd.
- New Kerberos support for pam_winbind.so.
- New handling of unmapped users and groups.
- New non-root share management tools.
- Improved support for local and BUILTIN groups.
- Winbind IDMAP integration with RFC2307 schema objects supported
by Windows 2003 R2.
- Rewritten 'net ads join' to mimic Windows XP without requiring
administrative rights to join a domain.
libnet 1.20 -- Fri Feb 2 19:42:51 CST 2007
Bug Fixes
* Fixed incorrect handling of CRLF that straddled two blocks
* Fix bug in response() which was too liberal in what it thought was a response line
* Silence uninitialized value warnings in Net::Cmd during testing on Win32
* Documentations typos and updates
Enhancements
* Added support for ORCPT into Net::SMTP
* Support for servers that expect the USER command in upper or lower case. Try USER
first then try user if that fails
- The default configuration now enables embedded Perl and the Perl
modules by default when possible unless explicitly disabled. You
may use the --disable-embedded-perl and --without-perl-modules
configure options, respectively, to revert to the former default
configuration.
Changes since version 0.99.4:
- Bug Fixes
o The TCP dissector could hang or crash while reassembling HTTP
packets.
Versions affected: 0.99.2 to 0.99.4
CVE-2007-0459
o The HTTP dissector could crash.
Versions affected: 0.99.3 to 0.99.4
CVE-2007-0458
o On some systems, the IEEE 802.11 dissector could crash.
Versions affected: 0.10.14 to 0.99.4
CVE-2007-0457
o On some systems, the LLT dissector could crash.
Versions affected: 0.99.3 to 0.99.4
CVE-2007-0456
The following bugs have been fixed:
o The end of HTTP chunked encoding wasn't being displayed.
o The Follow TCP Stream window could omit characters.
o Opening a flow graph could crash Wireshark.
o Follow TCP Stream would sometimes get the direction wrong.
o The foreground text in the coloring rules editor was always
black.
o The CSV export format was incorrect.
o On some Windows systems Wireshark could take a long time to
start up.
o Malformed UDLD packets could cause an exception.
o The ISUP statistics report could overflow a buffer and crash
when displaying IPv6 addresses.
- New and Updated Features
o Decryption support for WPA/WPA2 and SNMPv3 has been added. The
TDS / MS SQL dissector now de-obfuscates passwords.
o 64-bit file handling has been improved.
o The Find function now selects the corresponding packet detail
item. Find functionality has been added to the TCP and SSL
stream dialogs.
o Main window keyboard navigation has been improved.
o ASN.1 BER-encoded files can now be dissected according to a
user-specified syntax.
- New Protocol Support
DMP, Homeplug (INT51X1), NBD, OMAPI, PKCS#12, RGMP, Roofnet, STUN
v2
- Updated Protocol Support
2dparityfec, ACN, AIM, AMR, ANSI 637, ANSI A, ANSI MAP, ARP, ASN.1
BER, ASN.1 PER, BACapp, BPDU, CAMEL, DCERPC (DCERPC, EFS,
EVENTLOG, NSPI, PN-IO, WINREG), DCOM CBA, DCP, DHCP, DHCPv6, DMP,
DNS, E.164, EAP, EPL, ETSI DCP, FCP, GIOP, GSM A, H.245, H.248,
HPSW, HTTP, ICMP, ICMPv6, IEEE 802.11, IMAP, INAP, IPMI, IPsec,
IRC, ISAKMP, iSCSI, ISIS LSP, IuUP, K12, Kerberos, LDAP, LLDP,
MEGACO, MGCP, MIME Multipart, MMS, MMSE, MSRP, MySQL, NetFlow,
NFS, NTLMSSP, NTP, OSPF, PN-PTCP, PPPoE, Q.931, Radiotap, RADIUS,
RPC, RSVP, RTCP, S4406, SCCP, SCSI, SDP, SES, sFlow, SIGCOMP, SIP,
SIR, Skinny, SMB (SMB, NETLOGON), SMTP, SNMP, SPNEGO, SSL, T.38,
TCP, TDS, text/media, TIPC, UDLD, UDP Lite, UDP, UMA, UMTS FP,
USB, VNC, WBXML, WLCCP, WSP, X.411, X.420, XML, XOT, YMSG
- New and Updated Capture File Support
Catapult DCT2000, Netttl, Windows Sniffer / NetXray
the default RBL from rblsmtpd using Charles Cazabon's patch. (If
you don't specify which RBLs you want, you get rbl.maps.vix.com,
which according to Vixie on NANOG hasn't existed "since 1999 or
so.") Bump PKGREVISION.
- "share/doc/bind9" shouldn't be group-writable.
- "share/doc/bind9/arm/Bv9ARM.pdf" shouldn't be executable.
Bump package revision because of these fixes.
2006-02-10 DNSdoctor-1.0.1
* l10n: chinese translation thanks to cnnic
* man: fixed man page hyphens for UTF-8
* check: new test checking that the nameservers are not part
of the same domain (all_same_domain)
* check: added timeout for the whole smtp session
* check: smtp timeout are now configurable
* html: use italic for guessed values (ns, ip addresses)
* html: added correct favicon
Lots of changes, see http://www.isc.org/sw/bind/view/?release=9.3.4#RELEASE
for all the details:
In brief:
2126. [security] Serialise validation of type ANY responses.
2124. [security] It was possible to dereference a freed fetch
context.
2089. [security] Raise the minimum safe OpenSSL versions to
OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
prior to these have known security flaws which
are (potentially) exploitable in named.
2088. [security] Change the default RSA exponent from 3 to 65537.
2066. [security] Handle SIG queries gracefully.
1941. [bug] ncache_adderesult() should set eresult even if no
rdataset is passed to it.
version 0.7.1. Major changes since 0.10.4/0.6.4:
- support for the CANCEL piece request message
- support for tunneling through HTTP 1.0 proxies
- Azureus-style encryption
