Patch provided by Christian Sturm and back to maintainer.
Changes in version 0.2.0.34 - 2009-02-08
o Security fixes:
- Fix an infinite-loop bug on handling corrupt votes under certain
circumstances. Bugfix on 0.2.0.8-alpha.
- Fix a temporary DoS vulnerability that could be performed by
a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
- Avoid a potential crash on exit nodes when processing malformed
input. Remote DoS opportunity. Bugfix on 0.2.0.33.
- Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
Spec conformance issue. Bugfix on Tor 0.0.2pre27.
o Minor bugfixes:
- Fix compilation on systems where time_t is a 64-bit integer.
Patch from Matthias Drochner.
- Don't consider expiring already-closed client connections. Fixes
bug 893. Bugfix on 0.0.2pre20.
Changes between 1.0.5 and 1.0.6.:
- The following vulnerabilities have been fixed:
* On non-Windows systems, Wireshark could crash if the HOME environment
variable contained sprintf-style string formatting characters.
* Wireshark could crash while reading a malformed NetScreen snoop file.
* Wireshark could crash while reading a Tektronix K12 text capture file.
- The following bugs have been fixed:
* Crash when loading capture file and Preferences: NO Info column
* Some Lua scripts may lead to corruption via out of bounds stack
* Build with GLib 1.2 fails with error: 'G_MININT32' undeclared
* Wrong decoding IMSI with GSM MAP protocol
* Segmentation fault for "Follow TCP stream" (Bug 3119)
* SMPP optional parameter 'network_error_code' incorrectly decoded
* DHCPv6 dissector doesn't handle malformed FQDN
* WCCP overrides CFLOW as decoded protocol (Bug 3175)
* Improper decoding of MPLS echo reply IPv4 Interface and Label Stack Object
* ANSI MAP fix for TRN digits/SMS and OTA subdissection (Bug 3214)
- Updated Protocol Support
* AFS, ATM, DHCPv6, DIS, E.212, RTP, UDP, USB, WCCP, WPS
- New and Updated Capture File Support
* NetScreen snoop
Changes between version 1.0.4 and 1.0.5:
- The following vulnerabilities have been fixed. See the security advisory
for details and a workaround.
* The SMTP dissector could consume excessive amounts of CPU and memory.
* The WLCCP dissector could go into an infinte loop.
- The following bugs have been fixed:
* Missing CRLF during HTTP POST in the "packet details" window
* Memory assertion in time_secs_to_str_buf() when compiled with GCC 4.2.3
* Diameter dissector fails RFC 4005 compliance
* LDP vendor private TLV type is not correctly shown
* Wireshark on MacOS does not run when there are spaces in its path
* Compilation broke when compiling without zlib
* Memory leak: saved_repoid
* Memory leak: follow_info
* Memory leak: follow_info
* Memory leak: tacplus_data
* Memory leak: col_arrows
* Memory leak: col_arrows
* Incorrect address structure assigned for find_conversation() in WSP
* Memory leak with unistim in voip_calls
* Error parsing the BSSGP protocol
* Assertion thrown in fvalue_get_uinteger when decoding TIPC
* LUA script : Wireshark crashes after closing and opening again a window
used by a listener.draw() function.
- Updated Protocol Support
* ANSI MAP, BSSGP, CIP, Diameter, ENIP, GIOP, H.263, H.264, HTTP, MPEG PES
* PostgreSQL, PPI, PTP, Rsync, RTP, SMTP, SNMP, STANAG 5066, TACACS, TIPC
* WLCCP, WSP
The package update was provided by Matthias Drochner in private e-mail.
* replace hard coded user and mode for hping-suid option with SPECIAL_PERMS.
* replace remaining of hard coded "man" with ${PKGMANDIR}.
* add DESTDIR support.
* merge patch-a{e,g}, both for same file.
* patch to replace __sun__ with __sun for portability, pkglint(1) said.
* also regen other patches with mkpatches(1).
- restart system calls for SIGINFO, will do the status update on the
next return
- handle FETCH_TIMEOUT like SIGALRM, and don't print errors about
writing the output file
- explicitly check for -1 as return from fetchIO_read.
Add support for conditional GET using the 'i' flag. Inspired by
the HTTP support for the same feature in FreeBSD by Murray Stokely, but
mostly rewritten and extended to work for all protocols.
approved by both MAINTAINERs,
+minor cosmetics and a time_t printf format fix on NetBSD-current
(tested against a Cisco VPN 3000 Concentrator with psk)
Upstream changes:
4.024 Mon Jan 26 00:27:32 PST 2009
documentation update
4.023 Fri Jan 16 14:30:40 PST 2009
added the capability to set the CASE of ipV6 text return
values to either upper or lower. Thanks to
Rob Riepel <riepel@networking.Stanford.EDU> for developing
this improvement and providing a comprehensive patch
Collection.
The Perl 5 module Cisco::Abbrev converts between Cisco canonical
interface names (i.e. GigabitEthernet0/1) and the abbreviated forms
often output by their devices (i.e. Gi0/1).
Collection.
The Perl 5 module Net::CIDR::Set represents sets of IP addresses
and allows standard set operations (union, intersection, membership
test etc) to be performed on them. In spite of the name it can
work with sets consisting of arbitrary ranges of IP addresses - not
just CIDR blocks. Both IPv4 and IPv6 addresses are handled - but
they may not be mixed in the same set.
Bug Fixes:
- Initialize xattr data in a couple spots in the hlink code, which avoids a
crash when the xattr pointer's memory happens to start out non-zero.
Also fixed the itemizing of an alt-dest file's xattrs when hard-linking.
- Don't send a bogus "-" option to an older server if there were no short
options specified.
- Fixed skipping of unneeded updates in a batch file when incremental
recursion is active. Added a test for this. Made batch-mode handle
"redo" files properly (and without hanging).
- Fix the %P logfile escape when the daemon logs from inside a chroot.
- Fixed the use of -s (--protect-args) when used with a remote source or
destination that had an empty path (e.g. "host:"). Also fixed a problem
when -s was used when accessing a daemon via a remote-shell.
- Fixed the use of a dot-dir path (e.g. foo/./bar) inside a --files-from
file when the root of the transfer isn't the current directory.
- Fixed a bug with "-K --delete" removing symlinks to directories when
incremental recursion is active.
- Fixed a hard to trigger hang when using --remove-source-files.
- Got rid of an annoying delay when accessing a daemon via a remote-shell.
- Properly ignore (superfluous) source args on a --read-batch command.
- Improved the manpage's description of the '*' wildcard to remove the
confusing "non-empty" qualifier.
- Fixed reverse lookups in the compatibility-library version of
getnameinfo().
- Fixed a bug when using --sparse on a sparse file that has over 2GB of
consecutive sparse data.
- Avoid a hang when using at least 3 --verbose options on a transfer with a
client sender (which includes local copying).
- Fixed a problem with --delete-delay reporting an error when it was ready
to remove a directory that was now gone.
- Got rid of a bunch of "warn_unused_result" compiler warnings.
- If an ftruncate() on a received file fails, it now causes a partial-
transfer warning.
- Allow a path with a leading "//" to be preserved (CYGWIN only).
Enhancements:
- Made the support/atomic-rsync script able to perform a fully atomic
update of the copied hierarchy when the destination is setup using a
particular symlink idiom.
2009/01/20: version 2.9.7 = tag release-2-9-7
6727: Web_infos: Replace old GeoIP URL with new one
- old code added the new URL, even if GeoIP was not present in web_infos
2009/01/04
6714: BT: Fix bug when computing limits for max_bt_uploaders
6713: GeoIP: New web_infos URL for country list (thx to Choby)
- old URLs are updated to:
http://www.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
2008/12/13
6689: Allow compilation with Ocaml 3.11.0
2008/09/01
6629: Mail: Move hostname from subject to body (eydaimon)
Updated Mozilla protocol handler to version 2.5
- original source from http://www.informatik.uni-oldenburg.de/~dyna/mldonkey
6628: IP discover: Use http://whatismyip.org, old URL is not working anymore
ProxyTunnel is a program that connects stdin and stdout to a server
somewhere on the network, through a standard HTTPS proxy. We mostly use it
to tunnel SSH sessions through HTTP(S) proxies, allowing us to do many
things that wouldn't be possible without ProxyTunnel.
Provide an option knob for building against dbus.
New features in 0.6.7
* added support for Wi-Fi Protected Setup (WPS)
* added support for EAP-AKA
* added support for using driver_test over UDP socket
* updated management frame protection to use IEEE 802.11w/D7.0
(There are some unclean typecasts in the code, but the cases I've
seen are harmless -- as long as poll intervals, cert lifetimes etc
don't reach into y2037 which would be problematic in any case.)
Unworkable is a BSD-licensed BitTorrent implementation written by
Niall O'Higgins <niallo@p2presearch.com>. Goals of this project
include efficiency, simplicity and high code quality.
Unworkable is single threaded and asynchronous, written in portable
ANSI C using libevent and mmap() for performance.
Changelog:
* A huge number of bug fixes, including a security relavant one (CVE-2008-5081,
low risk)
* Add two new configuration directives "allow-interfaces" and "deny-interfaces"
which can be used to make Avahi ignore certain network interfaces or only use
certain network interfaces.
* A lot of translation updates
Fix PR pkg/40281, by defining _DARWIN_C_SOURCE under darwin
Changes in libsoup from 2.24.2.1 to 2.24.3:
* Fixed SoupCookieJar to not send "Cookie: (null)", which is
(a) wrong, and (b) confusing to some servers.
[bugs.webkit.org #23240]
* Fixed soup_form_decode() to correctly handle forms with
URI-encoded parameter names. [#563302, Evan Nemerson]
* Fixed SoupSession to use Digest auth when both Digest and
Basic are available. (It was mistakenly comparing the
strengths backwards before, choosing the weakest-available
auth instead of the strongest.) [#562339, Pontus Oldberg]
* Fixed a bug in the Client How-To docs. [#562411, Andreas
Bruse]
* What's changed ?
==================
- Make sure sound events are played through the correct devices. (#564370)
- Fixed crash on missed call.
- Do not show the assistant after an upgrade for which Ekiga was already successfully setup.
- Added settings migration from Ekiga 2.0.x.
- Allow answering/rejecting calls from the main window even if we use notifications.
- Do not try refreshing SUBSCRIBE requests for which the 200 OK contains an expire time of 0.
- Fixed sending ACK request to incorrect address when particular types of proxies are being used.
- Fixed test for CANCEL receipt on INVITE clearing call.
- Ignore multiple forked CANCEL messages.
- Fixed issue with registration to a non-standard port.
- Fixed restarting timers if get pathological response to a transaction with incorrect Cseq header field.
- Fixed missing route set on SIP commands in a dialog when using outbound proxy.
Pkgsrc changes:
o Adjust dependencies according to new requirements
Upstream changes:
0.48 Thu Dec 4 09:24:23 GMT 2008
- be slightly less strict about bucket names: they can contain uppercase
letters, Amazon just doesn't recommend it (noticed by Simon Elliott,
fixes Brackup)
0.47 Tue Dec 2 08:03:39 GMT 2008
- fix listing with a prefix (spotted by Nobuo Danjou)
0.46 Mon Nov 24 08:53:18 GMT 2008
- refactor request creation into Net::Amazon::S3::Request
and many subclasses
- move to Moose
- add Net::Amazon::S3::Client and subclasses
This module tries to find middle ground between one at a time and
all at once processing of data sets.
The purpose of this module is to avoid the overhead of implementing
an iterative api when this isn't necessary, without breaking forward
compatibility in case that becomes necessary later on.
The API optimizes for when a data set typically fits in memory and
is returned as an array, but the consumer cannot assume that the
data set is bounded.
The API is destructive in order to minimize the chance that resultsets
are leaked due to improper usage.
Upstream changes:
1.36 December 20th 2008
- Add the methodes charset and set_charset to the pureperl fallback ( Boris Zentner )
- Fix: We require CAPI 1.4.5 not 1.4.4 for range_by_ip ( Boris Zentner )
- Add isp_by_addr and org_by_addr to the pureperl fallback ( Boris Zentner )
From www.quagga.net:
Stable release candidate
Most regressions in 0.99 over 0.98 are now believed to be fixed. This
release should be considered a release-candidate for a new stable
series, and we urge any remaining users of 0.98 to test this release
and report any bugs. A blocker meta-bug exists to track critical
regressions.
bgpd: Preliminary UI and Linux-IPv4 support for TCP-MD5 merged
Initial support for TCP-MD5 has been merged. This adds the neighbor
... password command, and some support for setting TCP-MD5 on
pure-IPv4 connections on Linux. On Linux systems with IPv6 available,
passing the -l 0.0.0.0 argument to bgpd may allow TCP-MD5 support to
work. It's not possible at this point to have IPv6 sessions and also
use TCP-MD5 on IPv4 sessions. This will hopefully be rectified in a
future release.
bgpd: Fix double-free crash in bgp_table_finish, seen with rs-client
Though diagnosed with rs-clients, this fix very likely addresses a
number of crashes reported to Quagga bugzilla.
zebra: ignore dead routes in RIB update
This fix may address some issues reported with routes not being
consistent between the zebra RIB and the kernel FIB, remaining after
the fixes in last release.
Solaris: Sync SMF bits with OpenSolaris SFW
The Quagga packaging support for Solaris has been updated to
synchronise with OpenSolaris SFW. Of particular note is that SMF
schema has been updated to match the Sun PSARC approved schema, which
is supported by the OpenSolaris routeadm utility. User's may need to
familiarise themselves with the changed FMRIs, and may need to update
any administrative scripts.
From NEWS:
* Changes in Quagga 0.99.10
- [bgpd] 4-byte AS support added
- [bgpd] MRT format changes to version 2. Those relying on
bgpd MRT table dumps may need to update their tools.
- [bgpd] Added new route-map set statement: "as-path exclude"
- Zebra RIB updates queue has evolved into a multi-level
structure to address RIB consistency issues.
* Many WHOIS data updates and translation updates; 4 new translations
* Reset euid and egid to uid and gid before calling the user specified browser
* Added support for libidn
* Added patch to support conversion of whois server output to local charset.
* Changed to GNU GPL v3
Local change: WHOIS servers for some geographical subdomains in .ru and .su TLDs.
OK by wiz@.
Version 2.1.2
(December 29, 2008)
* Removed "See --manual" from --version output
* Added support for evisortv
- http://code.google.com/p/clive/issues/detail?id=4
* Fixed: reused incorrectly last http error code for remaining urls in queue
* Fixed: progressbar reported 100% even if error had occurred (e.g. http/403)
Version 2.1.1
(December 19, 2008)
* Fixed "Requested range was not delivered by the server (http/33)" w/ -c
- this would occur with a batch of URLs while using the --continue option,
e.g. if the first file was continued, the following page fetches exited
with the above error
* Added --savebatch option
* Added --overwrite option
* Replaced the buggy progressbar with a "lazy man's progressbar"
* Fixed "print() on closed filehandle STDOUT" with --grep+delete
* Fixed progressbar display with --continue
Version 2.1.0
(December 10, 2008)
NOTE: Changed license GPL3 => ISC/OpenBSD.
* Added --modversion option
* Replaced Term::Progressbar with a built-in thermometer progressbar
* Removed --progress=bar:nominor support due to above changes
* Added liveleakcom support
- http://code.google.com/p/clive/issues/detail?id=3
Version 2.0.0
(December 2, 2008)
* Fixed gvideo/mp4 support (http/404 even if the extraction link existed)
* Changed "found redirect" message
* Changed --play, --rencode status messages to use file basename
Version 2.0beta4
(November 22, 2008)
* Removed metacafe support until fixed (see known issues)
* Changed Youtube login to report if there were "too many login failures"
* Fixed Youtube login support: reported failures incorrectly as OK
* Added support clivepass(1) utility (http://code.google.com/p/clive-utils)
* Added support for metacafe and sevenload embed URL translation
version 2.0beta3
(November 1, 2008)
* Fixed pasting from clipboard containing multiple URLs
* Fixed page fetch progress glitch that occured with 1+ batches
* Added --agent option
* Added --proxy option
* Added --savedir option
* Added --cclass option
* Added --filename-format option
* Added --show-format option
* Added --youtube-user and --youtube-pass options
* Added --emit-xml option
* Added --progress=[none|bar|dot]
* Replaced --noprogress with --progress=none
* Added avg. transfer rate notification
* Fixed filename printing for existing output files (e.g. output.flv.1)
* Added --play option
* Fixed metacafe support (error: failed to extract videoCDNURL)
* Added --rencode option
Version 2.0beta2
(October 15, 2008)
* clive now ignores input lines that start with the '#' character
* Added support for CLIVE_CONFIGDIR environment variable
* Ported lastfm video support from 1.x
* --version now displays XML::Simple
* Changed "= Play:" to "=> Playing ..."
* Playing occurs now subsequently after going over the URL batch
Version 2.0beta1
(September 23, 2008)
A complete overhaul and rewrite of 1.x.
* Users are expected to use the --continue/-c option to resume transfers
* Configuration file format (=> INI), path was changed (=> ~/.config/clive)
* All extractions now assume flv as the default download format
* Users are expected to understand when/how use the --format/-f option
* Reading input from multiple sources is possible (e.g. % clive -x URL URL)
* Added: --grep: used to grep and recall cached URL entries
* Added: --background and --output=logfile, --append=logfile options
* Many old cmdline and config options were removed due to new design
* Improved GoogleVideo support: handles redirects to other hosts
* Pager is used where needed (e.g. --show/-s)
* Changed default output file naming format to "%n-(%i)-[%d].%s"
* Removed: guba (deadweight), myvideo (borked), dmotion (bitches @ anon users)
2522. [security] Handle -1 from DSA_do_verify().
2498. [bug] Removed a bogus function argument used with
ISC_SOCKET_USE_POLLWATCH: it could cause compiler
warning or crash named with the debug 1 level
of logging. [RT #18917]
--- 3.0.41 2008/12/29
Fixed Fixed test that makes VERSION_SHA1 appear on dist versions too.
--- 3.0.40 2008/12/29
For configure, using option --without-xml2 also disables Libxslt/Libexslt
support.
Fixed bug #2352: yaz-marcdump crashes for certain record.
Added man page 'bib1-attr' which includes list of common Bib-1 attributes.
Added support for Danmarc2 to UTF-8 conversion.
Added support for ISO5426 to UTF-8 conversion.
zget_InitRequest/zget_InitResponse returns GIT SHA1 hash as part of
implementation version.
Function yaz_version returns GIT SHA1 hash for parameter sha1_str.
--- 3.0.38 2008/11/10
ZOOM C now only fires one ZOOM_EVENT_SEARCH per search-task. Previously,
ZOOM_EVENT_SEARCH was fired for each searchRetrieve Response received.
ZOOM C now interprets databaseName option for ZOOM connection as path
(SRU "database").
Windows version bundled with Libxml2 2.7.1 / Libxslt 1.1.24 / ICU 4.0.
Fixed CCL to RPN/PQF conversion which could result in invalid PQF.
Dummy Libxml2 types no longer defined in headers of YAZ'.
Fixed memory violation for ZOOM C - could occur when SRU diagnostics was
received.
pkgsrc changes:
PKG_DESTDIR_SUPPORT= user-destdir
### 2.0.24.1 ###
- fixed several \0 char exploits in the TCP query interface which could cause database corruption
### 2.0.23.22 ###
- fixed a security issue which could enable an attcker to read files from your harddisk via the
servers built-in web administration interface
### 2.0.23.21 ###
- fixed a XSS bug in the servers built-in web administration interface
### 2.0.23.20 ###
- fixed a SQL injection issue which only affects servers running on MySQL databases
The MiniUPnP project offers software which supports the UPnP Internet Gateway
Device (IGD) specifications. Recently, NAT-PMP support was added to
MiniUPnPd. For client side NAT-PMP support, use libnatpmp.
UPnP and NAT-PMP are used to improve internet connectivity for devices behind
a NAT router. Any peer to peer network application such as games, IM, etc.
can benefit from a NAT router supporting UPnP and/or NAT-PMP.
The latest generation Microsoft XBOX 360 and Sony Playstation 3 game machines
use UPnP commands to enable the online play with the XBOX Live service and
the Playstation Network. It has been reported that miniupnpd is correctly
working with the two consoles.
Fixed the --script-updatedb command
Fixed several byte-order bugs in Traceroute
Service fingerprints in XML output are no longer be truncated
Added a UDP SNMPv3 probe to version detection
Zenmap no longer leaves any temporary files lying around.
*Lots* of Zenmap fixes
See CHANGELOG for all the details
pkgsrc changes:
- placate pkglint: fix SUBST_FILES.fixperl assignation and SUBST_SED.fixperl
style fix
Upstream changes:
4.022
In Util.xs 1.28
set uninitialized "carry" in XS bin2bcd to zero
This insidious bug only showed up on 64 bit hosts running perl 5.6.2
Thanks to Oliver Paukstadt <pstadt@sourcentral.org> for taking the
time to do the testing for me on his s390 system.
4.021 Wed Dec 10 11:09:36 PST 2008
Removed test code that produces a warning about all perl versions,
OOPS!! instead of just the buggy 5.8.0 - 5.8.5 versions.
Thanks to paul@city-fan.org for reporting this.
4.020 Tue Dec 9 16:25:46 PST 2008
cleaned up various typo's with good patch from
Rob Riepel <riepel@networking.Stanford.EDU>
thanks Rob.
revised UtilPP v1.7 to work around perl 5.8.4
failures with certain @_ operations of goto &sub...
see perl bug [ 23429]. Unfortunately, perl-5.8.4 is
the distribution of choice for many solaris boxes
ISC DHCP 4.1.x will have several new DHCPv6 features that were not in DHCP 4.0.x. These new features include:
* Support for the rapid-commit option on the client side
* Prefix Delegation support
* IA_TA address support
* A basic DHCPv6 relay agent
* basic DHCPv6 Leasequery support
which allows you to communicate with a Radius server from Perl. You can
just authenticate usernames/passwords via Radius, or comletely imitate
AAA requests and process server response.
Resolver could try unreachable servers multiple times.
Adb's handling of lame addresses was different for IPv4 and IPv6.
Remove NULL pointer dereference in dns_journal_print().
libbind: Out of bounds reference in dns_ho.c:addrsort.
Set initial timeout to 800ms.
TSIG context leak
For all the details see:
http://oldwww.isc.org/sw/bind/view/?release=9.4.3#RELEASE
Specifying a fixed query source port was broken.
Address race condition in the socket code.
Give TCP connections longer to complete.
libxml2: support versions 2.7.* in addition to 2.6.*.
Document -m (enable memory usage debugging) option for dig
Set initial timeout to 800ms.
For all the details see:
http://oldwww.isc.org/sw/bind/view/?release=9.5.1#RELEASE
timeval's seconds are "long" rather than "time_t". Passing these
seconds to localtime_r() breaks on 64-bit platforms where those types
aren't the same. Fixes PR 40323 from Andreas Burghardt.
PKGREVISION++ as a precaution, since I patched the source.
Add an "inet6" option for enabling IPv6 support.
Add a "ban" option for enabling mod_ban.
Make the "wrap" option compile all binaries successfully.
Fix generating language catalog with older versions of msgfmt.
configuration files and binaries in a number of cases. This should hopefully
fix them all. Without this patch they look in /etc only and fail to start
if the file is not present.
Based on PR 40241 by Taylor R Campbell.
While here, add DESTDIR support.
Changes in version 0.2.0.32 - 2008-11-20
o Security fixes:
- The "User" and "Group" config options did not clear the
supplementary group entries for the Tor process. The "User" option
is now more robust, and we now set the groups to the specified
user's primary group. The "Group" option is now ignored. For more
detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
- The "ClientDNSRejectInternalAddresses" config option wasn't being
consistently obeyed: if an exit relay refuses a stream because its
exit policy doesn't allow it, we would remember what IP address
the relay said the destination address resolves to, even if it's
an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
o Major bugfixes:
- Fix a DOS opportunity during the voting signature collection process
at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x.
o Major bugfixes (hidden services):
- When fetching v0 and v2 rendezvous service descriptors in parallel,
we were failing the whole hidden service request when the v0
descriptor fetch fails, even if the v2 fetch is still pending and
might succeed. Similarly, if the last v2 fetch fails, we were
failing the whole hidden service request even if a v0 fetch is
still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha.
- When extending a circuit to a hidden service directory to upload a
rendezvous descriptor using a BEGIN_DIR cell, almost 1/6 of all
requests failed, because the router descriptor has not been
downloaded yet. In these cases, do not attempt to upload the
rendezvous descriptor, but wait until the router descriptor is
downloaded and retry. Likewise, do not attempt to fetch a rendezvous
descriptor from a hidden service directory for which the router
descriptor has not yet been downloaded. Fixes bug 767. Bugfix
on 0.2.0.10-alpha.
o Minor bugfixes:
- Fix several infrequent memory leaks spotted by Coverity.
- When testing for libevent functions, set the LDFLAGS variable
correctly. Found by Riastradh.
- Avoid a bug where the FastFirstHopPK 0 option would keep Tor from
bootstrapping with tunneled directory connections. Bugfix on
0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam.
- When asked to connect to A.B.exit:80, if we don't know the IP for A
and we know that server B rejects most-but-not all connections to
port 80, we would previously reject the connection. Now, we assume
the user knows what they were asking for. Fixes bug 752. Bugfix
on 0.0.9rc5. Diagnosed by BarkerJr.
- If we overrun our per-second write limits a little, count this as
having used up our write allocation for the second, and choke
outgoing directory writes. Previously, we had only counted this when
we had met our limits precisely. Fixes bug 824. Patch from by rovv.
Bugfix on 0.2.0.x (??).
- Remove the old v2 directory authority 'lefkada' from the default
list. It has been gone for many months.
- Stop doing unaligned memory access that generated bus errors on
sparc64. Bugfix on 0.2.0.10-alpha. Fixes bug 862.
- Make USR2 log-level switch take effect immediately. Bugfix on
0.1.2.8-beta.
o Minor bugfixes (controller):
- Make DNS resolved events into "CLOSED", not "FAILED". Bugfix on
0.1.2.5-alpha. Fix by Robert Hogan. Resolves bug 807.
GNOME VFS provides an abstraction layer of the file system; applications
use this layer to access many different protocols and simulate that they
are part of the local file system.
This package provides the dns-sd module for GNOME VFS, which allows it to
discover sftp, webdav, and ftp services advertised with multicast DNS.
then majorly reworked by myself. You can blame us both now ;)
Avahi is an Implementation the DNS Service Discovery and Multicast DNS
specifications for Zeroconf Computing. It uses D-BUS for communication
between user applications and a system daemon. The daemon is used to
coordinate application efforts in caching replies, necessary to minimize
the traffic imposed on networks.
This should fix PR#39952
MAKE_JOBS_SAFE=no
05 December 2008 - Version 2.1.3 has been released.
The focus of this release is stability.
Feature Improvements
* Allow running with user=radiusd and binding to secure sockets.
* Start sending Status-Server "are you alive" messages earlier, which helps with proxying multiple realms to a home server.
* Removed thread pool code from rlm_perl. It's not necessary.
* Added example Perl configuration to raddb/modules/perl
* Force OpenSSL to support certificates with SHA256. This seems to be necessary for WiMAX certs.
Bug Fixes
* Fix Debian patch to allow it to build.
* Fix potential NULL dereference in debugging mode on certain platforms for TTLS and PEAP inner tunnels.
* Fix uninitialized memory in handling of vendor definitions
* Fix parsing of quoted (but non-string) attributes in the users< file.
* Initialize unknown NAS IP to 255.255.255.255, rather than 0.0.0.0
* use SUN_LEN in control socket, to avoid truncation on some platforms.
* Correct internal handling of debug condition to prevent it from being over-written.
* Check return code of regcomp in unlang, so that invalid regular expressions are caught rather than mishandled.
* Make rlm_sql use <ltdl.h>. Addresses bug #610.
* Document list "type = status" better. Closes bug #580.
* Set "default days" for certificates, because OpenSSL won't do it. This closes bug #615.
* Reference correct list in example raddb/modules/ldap. Closes#596.
* Increase default schema size for Acct-Session-Id to 64. Closes#540.
* Fix use of temporary files in dialup-admin. Closes#605 and addresses CVE-2008-4474.
* Addressed a number of minor issues found by Coverity.
* Added DHCP option 150 to the dictionary. Closes#618.
04 December 2008 - Version 2.1.2 has been released.
Due to packaging issues, 2.1.2 has been pulled from the net.
Noteable changes include:
NetBSD-5 support
Optional DBus and IPv6 support
ISC leasefile support removed
Support DHCP clients in multiple DNS domains
Re-read /etc/resolv.conf when an "interface up" event occurs
- improve chroot handling
- even stricter validation
- support for blocking DNS rebinding attacks
- DLV support
- bugfixes
The package now uses the normal net/ldns package instead of the local
copy.
- better TCP fallback, improved TSIG support
- namespace cleanup
- bugfixes
Require the new version and switch to normal runtime dependencies as it
is normally linked dynamically.
- improved IXFR support
- support for hmac-sha1 and hmac-sha256 in TSIG
- selection of source ip for notifies and zone requests
- NSEC3 is enabled by default
- option to disable CHAOS version support
- bugfixes
resolution of domain names. Normally this file is either static or maintained
by a local daemon, normally a DHCP daemon. But what happens if more than one
thing wants to control the file? Say you have wired and wireless interfaces to
different subnets and run a VPN or two on top of that, how do you say which one
controls the file? It's also not as easy as just adding and removing the
nameservers each client knows about as different clients could add the same
nameservers.
Enter resolvconf, the middleman between the network configuration services and
/etc/resolv.conf. resolvconf itself is just a script that stores, removes and
lists a full resolv.conf generated for the interface. It then calls all the
helper scripts it knows about so it can configure the real /etc/resolv.conf
and optionally any local nameservers other can libc.
Note this is the development version and this package is not marked
-devel.
(The version in NetBSD -current is also a development version.)
The patch is based on changes as seen in NetBSD's custom driver_netbsd.c
(as compared to driver_bsd.c).
The wpa_supplicant package provides a wireless client daemon that supports
WPA, WPA2 (IEEE 802.11i / RSN), and WEP. It implements key
negotiation with a WPA Authenticator and it controls the roaming
and IEEE 802.11 authentication/association of the wlan driver. It
supports several EAP authentication methods.
This package also includes the wpa_cli console frontend.
Requested by maintainer in PR 40128.
Changes since 3.0.711:
- Web: Add --no-macs option to hide mac addresses.
Thanks Dennis!
- Web: Make tables prettier.
- Host detail view now triggers a DNS lookup.
- Manpage tweaks, also move from section 1 to section 8.
- Track and show how long ago a host was last seen.
Suggested by: Prof A Olowofoyeku (The African Chief)
- Show pcap_stats (like number of packets dropped) in the web
interface and also upon exit.
