included by default.
*******************
* GUPnP IGD 0.2.3 *
*******************
- Emit errors as boxed types
- Various build improvements
- Make tests less racy
Changes since 4.2.0 (new features)
- If a client renews before 'dhcp-cache-threshold' percent of its lease
has elapsed (default 25%), the server will reuse the allocated lease
(provide a lease within the currently allocated lease-time) rather
than extend or renew the lease. This absolves the server of needing
to perform an fsync() operation on the lease database before reply,
which improves performance. [ISC-Bugs #22228]
Updated this patch to support asynchronous DDNS. If the server is
attempting to do DDNS on a lease it should be udpated and written to
disk even if that wouldn't be necessary due to the thresholding.
[ISC-Bugs #26311]
- The 'no available billing' log line now also logs the name of the last
matching billing class tried before failing to provide a billing.
[ISC-Bugs #21759]
- A problem with missing get_hw_addr function when --enable-use-sockets
was used is now solved on GNU/Linux, BSD and GNU/Hurd systems. Note
that use-sockets feature was not tested on those systems. Client and
server code no longer use MAX_PATH constant that is not defined on
GNU/Hurd systems. [ISC-Bugs #25979]
- Add a perl script in the contrib directory, dhcp-lease-list.pl, which
can parse v4 lease files and output the lease information in a more
human friendly manner. This was written by Christian Hammers with
some updates by vom and ISC. This is contributed code and is not
supported by ISC; however it may be useful to some users.
[ISC-Bugs #20680]
- Add support in v6 for on-commit, on-expire and on-release.
[ISC-Bugs #27912]
- Add support for using classes with v6.
[ISC-Bugs #26510]
- Update the DDNS code to current standards and allow for sharing
of DDNS entries between v4 and v6 clients. The new code is used
if the ddns-update-style is set to "standard", the older code is
still available if ddns-update-style is set to "interim". The
oldest DDNS code "ad-hoc" has been removed. Thanks to Thomas Pegeot
who submitted a patch for this issue. This patch is based on
that work with some modifications.
[ISC-Bugs #21139]
- Add a configuration option to the server to suppress using fsync().
Enabling this option will mean that fsync() is never called. This
may provide better performance but there is also a risk that a lease
will not be properly written to the disk after it has been issued
to a client and before the server stops. Using this option is
not recommended.
[ISC-Bugs #34810]
- Add some logging statements to indicate when the server is ready
to serve. One statement is emitted after the server has finished
reading its files and is about to enter the dispatch loop.
This is "Server starting service.".
The second is emitted when a server determines that both it and
its failover peer are in the normal state.
This is "failover peer <name>: Both servers normal."
[ISC-Bugs #33208]
- Add support for accessing options from v6 relays. The v6relay
statement allows the administrator to choose which relay to
use when searching for an option, see the dhcp-options man page
for a description. The host-identifier option has also been
updated to support the use of relay options, see the dhcpd.conf
man page for a description.
[ISC-Bugs #19598]
- When doing DDNS if there isn't an appropriate zone statement attempt
to find a reasonable nameserver via a DNS resolver. This restores
some functionality that was lost in the transition to asynchronous
DDNS. Due to the lack of security and increase in fragility of the
system when using this feature we strongly recommend the use of
appropriate zone statements rather than using this functionality.
[ISC-Bugs #30461]
- Add support for specifying the address from which to send
DDNS updates on the DHCP server. There are two new options
"ddns-local-address4" and "ddns-local-address6" that each take
one instance of their respective address types.
[ISC-Bugs #34779]
- Add ignore-client-uids option in the server. This option causes
the server to not record a client's uid in its lease. This
violates the specification but may also be useful when a client
can dual boot using different client ids but the same mac address.
Thank you to Brian De Wolf at Cal Poly Pomona for the patch.
[ISC-Bugs #32427]
[ISC-Bugs #35066]
- Extend the DHCPINFORM processing to honor the subnet selection option
and take host declarations into account.
Thanks to Christof Chen for testing and submitting the patch.
[ISC-Bugs #35015]
- Extend the hardware expression to look into the lease structure
for a hardware address if there is no packet. This allows the
server to find the hardware address during on-expiry processing.
[ISC-Bugs #24584]
- Add definitions for some options that have been specified by the IETF.
[ISC-Bugs #29268]
[ISC-Bugs #35198]
Changes since 4.3.0b1
- Tidy up receive packet processing.
Thanks to Brad Plank of GTA for reporting the issue and suggesting
a possible patch.
[ISC-Bugs #34447]
Changes since 4.3.0a1
- Modify the message displayed when a process hits a fatal error.
The new message is much shorter and simply points to the README
and our website for directions on bug submissions.
[ISC-Bugs #24789]
- Handle an absent resolv.conf file better.
[ISC-Bugs #35194]
changes:
-Re-factored Grilo Net library and fixed several bugs
-Show 'slow' keys in grl-inspect
-Updates in documentation
-Added new core function: grl_operation_set_data_full()
-fixes
=============
Some extracts from the git log:
* Add new DNSKEY algorithms registered by IANA
* Add AUTH checking over both UDP and TCP. [Fixes#80]
* New queue dispatch
* Clean out dead code, add tests to new code and add log entries.
[Closes#89]
* Log when an AS prefix is discarded
* Add simple command-line tool to add domains to the dispatcher queue
* Add callback functionality to logger
* Perl 5.18 fix (hash key order randomization)
* The authoritative servers for ARPA are the root servers, which caused
problems for our parent-finding algorithm. Worked around by special
-casing so that single-label names always return root as the parent.
[Closes#92]
* Make allowed maximum NSEC3 iterations a policy parameter
* Detect DNSCurve-supporting nameservers
* Significant improvements to glue checking
* Fix for referral check under undelegated
* More tests for new glue-checking code
* Detect names in domains reserved by IANA (RFC 6761). [Closes#96]
* Log messages for reserved ASs. [Closes#97]
This is a small sample cross-platform networking library, with a sample chat
client and server application. The chat client uses the GUIlib GUI framework
library.
Changelog:
3.0.10
======
- Now depends on :mod:`amqp` 1.4.1.
- ``maybe_declare`` now raises a "recoverable connection error" if
the channel is disconnected instead of a :exc:`ChannelError` so that
the operation can be retried.
- Redis: ``Consumer.cancel()`` is now thread safe.
This fixes an issue when using gevent/eventlet and a
message is handled after the consumer is cancelled resulting
in a "message for queue without consumers" error.
- Retry operations would not always respect the interval_start
value when calculating the time to sleep for (Issue #303).
- Timer: Fixed "unhashable type" error on Python 3.
- Hub: Do not attempt to unregister operations on an already closed
poller instance.
3.0.9
=====
- Now depends on :mod:`amqp` 1.4.0.
- Redis: Basic cancel for fanout based queues now sends a corresponding
``UNSUBSCRIBE`` command to the server.
This fixes an issue with pidbox where reply messages could be received
after the consumer was cancelled, giving the ``"message to queue without
consumers"`` error.
- MongoDB: Improved connection string and options handling
(Issue #266 + Issue #120).
- SQS: Limit the number of messages when receiving in batch to 10.
This is a hard limit enforced by Amazon so the sqs transport
must not exceeed this value.
- ConsumerMixin: ``consume`` now checks heartbeat every time the
socket times out.
- Retry Policy: A max retries of 0 did not retry forever.
- Simple: If passing a Queue object the simple utils will now take
default routing key from that queue.
- ``repr(producer)`` no longer evaluates the underlying channnel.
- Redis: The map of Redis error classes are now exposed at the module level
using the :func:`kombu.transport.redis.get_redis_error_classes` function.
- Async: ``Hub.close`` now sets ``.poller`` to None.
distfile. From Changelog:
1.4.2
=====
- Heartbeat negotiation would use heartbeat value from server even
if heartbeat disabled (Issue #31).
1.4.1
=====
- Fixed error occurring when heartbeats disabled.
1.4.0
=====
- Heartbeat implementation improved (Issue #6).
The new heartbeat behavior is the same approach as taken by the
RabbitMQ java library.
This also means that clients should preferably call the ``heartbeat_tick``
method more frequently (like every second) instead of using the old
``rate`` argument (which is now ignored).
- Heartbeat interval is negotiated with the server.
- Some delay is allowed if the heartbeat is late.
- Monotonic time is used to keep track of the heartbeat
instead of relying on the caller to call the checking function
at the right time.
- NoneType is now supported in tables and arrays.
- SSLTransport: Now handles ``ENOENT``.
Security fixes were already covered by 9.6.3.1.ESV.10pl2 and this is
the final release of 9.6.ESV.
Several bug fixes and clean up, please refer CHANGES file in detail.
This project is a CalDAV (RFC4791) client library for Python. A lot of work
still needs to be done; however, it can read everything, and write a few things
(create calendars, events, modify events and properties).
---------------------
Bugfixes:
* AXFR/IXFR compatibility issues with tinydns/axfrdns
* Journal file is created only when needed
* Zone-related log messages are logged into correct category
* DNSSEC: Refresh signatures earlier (3 days before their expiration
with the default signature lifetime)
* Fixed RCU synchronization causing deadlock on 'knotc signzone'
* RRSIG not fitting in the additional records doesn't cause truncation
v1.4.1 - Jan 13, 2014
---------------------
Bugfixes:
* Empty APL record support
* 'zonestatus' when using immediate zone syncing
* Immediate zone syncing after reload
* Race condition writing time values to zone file
v1.4.0 - Jan 6, 2014
---------------------
Features:
* Zone SERIAL policies (INCREMENT, UNIXTIME)
Bugfixes:
* AXFR crash with specific packet
* QNAME case-sensitive since 1.4.0-rc0
* DNSSEC records over DDNS
* Semantic check fail in AXFR is only soft-error
* Journal race condition
* Notifies are sent immediately
v1.4.0-rc2 - Dec 13, 2013
-------------------------
Features:
* IDN support in Knot utilities
* DNSSEC: support for GOST algorithm
Bugfixes:
* Crash in particular additionals processing
* Race condition in event cancelation
* Journal corruption after failed transactions
* DNSSEC: fixed detection of ECDSA support
Other improvements:
* ./configure prints build configuration summary
* Pretty zone file output (DNSSEC-related data separately)
* Lower memory consumption
* config: option 'dnssec-keydir' can be set per zone
* config: option 'storage' can be set per zone
v1.4.0-rc1 - Nov 20, 2013
-------------------------
Features:
* Better logging of automatic DNSSEC events
* Support for DNSSEC key pre-publication
Bugfixes:
* Refactored zone loading
* Improved journal locking and fixed some race conditions
* Various fixes in client utilities
* Fixed memory errors in automatic DNSSEC signing
* 'dnssec-keydir' doesn't auto-enable signing
* Fixed rescheduling of zone resigns
v1.4.0-beta - Oct 28, 2013
--------------------------
Features:
* Experimental automatic DNSSEC signing
* Reduced memory usage
* Attempt to compile with OS X/pf
* Make all manufacturer info configurable thanks to Leo Moll
Merge PCP support (see https://github.com/miniupnp/miniupnp)
* Changes in Wget 1.15
** Add support for --method.
** Add support for file names longer than MAX_FILE.
** Support FTP listing for the FTP Server on Windows Server 2008 R2.
** Fix a regression when -c and --content-disposition are used together.
** Support shorthand URLs in an input file.
** Fix -c with servers that don't specify a content-length.
** Add support for MD5-SESS
** Do not fail on non fatal GNU TLS alerts during handshake.
** Add support for --https-only. When used wget will follow only
HTTPS links in recursive mode.
** Support Perfect-Forward Secrecy in --secure-protocol.
** Fix a problem with some IRI links that are not followed when contained in a
HTML document.
** Support some FTP servers that return an empty list with "LIST -a".
** Specify Host with the HTTP CONNECT method.
** Use the correct HTTP method on a redirection.
Features:
* recognizes ip-address and interface as synonyms for convenience.
* Support for EUI48 and EUI64 RR types enabled by default (RFC 7043).
* Support for CAA RRtype (RFC 6844).
* NSID can be set with "ascii_somestring" in ascii.
Bug fixes:
* Fix xfrd when zone transfer TCP contains zero length packets.
* Fix for NSEC3 zones where parent zone is co-hosted, also NSEC3,
because AXFRs overwrote nsec3 administration in the child zone.
* Fix that bad IXFR updates do not result in double SOA records,
and that an AXFR is started (attempted) when the zone state seems
to be inconsistent with the master's zone state.
* Log ip address for sendto and sendmmsg failures.
* Fix segfaults after read of zones with rr type WKS from zonefile.
* Seed PRNG for openssl at start of daemon, fixes SSL connection issue.
* Bugfix #534: IXFR query loop over UDP for zones that are unchanged.
* (same as in 3.2.16): fix wildcard cname to nxdomain repeated rrset.
* (same as in 3.2.16): Bugfix #542: Match RRSIG TTL with SOA TTL in
negative response.
* Check if configure in srcdir collides with outofdir build.
* Fix#546: output format errors in nsd_munin_ (Thanks Tom Hendrikx).
* Fix printout of high-chars in TXT on NetBSD.
from PR pkg/48546
scamper-dealias:
* many slight improvements to the implementation of the 'ally' alias
resolution algorithm.
* add flag to prefixscan that says the alias was inferred using a common
source address
* for json output, print flags, bump version.
scamper-ping:
* record ICMP parameter problem responses to ping.
* for json output, print tx time on probes.
sc_attach:
* add support for starting as a daemon.
* add support for specifying a command which will be used with each address
* document these options in manual page
sc_analysis_dump:
* update manual page to document unintuitive behaviour of -e option.
misc:
* getopt returns an int, not a char. important on arm. fixed in
sc_wartscat, sc_speedtrap, and sc_analysis_dump,
* silence benign warnings from clang on MacOS and cppcheck.
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
however they are still listed in the shared mapfile. The SunOS linker is more
strict and declares them undefined, so avoid the mapfile on SunOS for the GTK3
build.
Pymetar is a python module and command line tool designed to fetch Metar
reports from the NOAA (http://www.noaa.gov) and allow access to the included
weather information.
Changes in libsoup from 2.44.1 to 2.44.2:
* Fixed a hang with internet radio streams in Rhythmbox (and
some other places). [#710494, Dan]
* Fixed a connection leak when cancelling the close of
a message GInputStream. [#711260, Dan]
* Plugged a few memory leaks [#711085, Christophe Fergeau]
* Fix build with --without-ntlm [#710267, Dan]
* Fixed a few warnings [Dan, Fabiano Fidêncio]
* Fixed connection-test to pass with current glib [#711361,
Colin Walters]
* Tests are now more verbose by default under "make check",
since current automake just redirects all the output to a
log file anyway. [Dan]
Changes in libsoup from 2.44.0 to 2.44.1:
* If you called g_input_stream_close() on SoupMessage or
SoupRequests's GInputStream before you finished reading it,
it would block until the rest of the response had been read
(which in the case of, eg, an infinite audio stream, meant
that it would block forever). This was an unintended change
from 2.42 and is now fixed. [#695652, Dan]
* soup_session_queue_message() on a plain SoupSession (not
SoupSessionAsync) was operating synchronously rather than
asynchronously as it should have. [#707711, Dan]
* soup-form methods now use the HTML5 x-www-form-urlencoded
rules rather than the HTML4 ones. (In particular, they leave
"-", "_", and "." unencoded.) [#708621, Alban Browaeys]
* The test programs now explicitly request the "memory"
GSettings backend, meaning they won't print a warning if
they get it accidentally, and they won't accidentally use
the dconf proxy settings if the dconf backend is available.
[Dan]
* Fix SoupSession so that if you override the proxy
configuration at construct time, it doesn't try to resolve
the default GProxyResolver. (This is important in particular
for programs that expect to run outside a user session,
which would otherwise spew errors from the dconf GSettings
backend about not being able to connect to dconf.) Likewise
with TLS settings and the TLS backend. [#708696, Dan]
* Fix the SoupServer:tls-certificate property;
soup_server_is_https() had not been updated to recognize it,
and so would return FALSE, which in turn meant that the
server would return 400 Bad Request in response to https
requests. [#709647, Fabiano Fidêncio]
* Fixed a sporadic failure in tests/connection-test. [Dan]
* Updated translations:
Tajik
Changes in libsoup from 2.43.92 to 2.44.0:
* New/updated translations:
Dutch, Indonesian
Changes in libsoup from 2.43.90 to 2.43.92:
* Fixed a bug in the connection-pool code, which would in
certain cases accidentally keep using a connection after a
message was cancelled while in progress, causing the next
request on that connection to get the response to the
previous request, etc. [#708006, David Woodhouse]
* Fixed some problems when falling back from samba
single-sign-on-based NTLM to ordinary ask-for-a-password
NTLM. [#703186, David Woodhouse]
* When sending a conditional GET request, SoupCache now
preserves the original message's list of disabled features,
ensure that it gets back the same kind of response the
original message would have. [#706338, Andre Moreira
Magalhaes]
* Fixed a warning when the remote host closes the connection
while we are writing something using chunked encoding.
[#703297, Dan]
* Added SoupServer:http-aliases and :https-aliases properties,
to specify URI schemes that should be treated as though they
were http (just like SoupSession:http-aliases and
:https-aliases, but on the server side). [#703694, Dan]
* Fixed race conditions in cache-test and timeout-test that
could case spurious failures. [#698305, #660581, Dan]
Changes in libsoup from 2.43.5 to 2.43.90:
* Fixed the handling of unsatisfiable range requests in
SoupServer [pointed out on mailing list, Dan]. Also, added
more documentation clarifying that you don't need to handle
range requests yourself in many cases.
* Fixed the handling of IPv6 address literals with scope IDs.
(Requires the latest glib as well for the complete fix.)
[#669724, Dan]
Changes in libsoup from 2.43.4 to 2.43.5:
* SoupProxyURIResolver is now deprecated in favor of the
SoupSession:proxy-resolver property (which takes a
GProxyResolver). [#680273, Dan]
* The SoupKnownStatusCode enum is now called SoupStatus. The
old name continues to exist as an alias, but is deprecated.
(This change has no visible effect in C; it is primarily to
help language bindings, so that, eg, SOUP_STATUS_NOT_FOUND
maps to "Soup.Status.NOT_FOUND" rather than
"Soup.KnownStatusCode.NOT_FOUND".) [#684409, Dan]
* Fixed the parsing of URI schemes in SoupURI (in particular,
to allow scheme names with digits in them). [#703776, Dan]
* Fixed SoupLogger to print a message's response headers even
if the message gets cancelled before the complete response
body is received. [#703200, Andres Gomez]
* Fixed a build problem in non-UTF-8 locales [#702534, Ross
Lagerwall]
* SoupSession now warns if you use
soup_session_pause_message() or
soup_session_unpause_message() on a synchronous message
(which has never worked, though that fact wasn't
documented). [#703461, Philip Withnall]
Changes in libsoup from 2.43.2 to 2.43.4:
* Fixed a bug that could cause synchronous sessions to get
stuck in a state where no new messages would ever get
processed. [#703463, Philip Withnall]
* Fixed another memory leak in SoupSocket (found while
added a test case for #700472)
* Switched to using g_cclosure_marshal_generic() rather than
using glib-genmarshal. [#686042, Olivier Blin]
* Changed SoupServer to call unref() on the query hash table
after calling the handler, rather than destroy(), so that
the handler can keep a copy of the query data if it wants.
[#702793, Bernhard Schuster]
* Fixed a few introspection annotations
* Updated examples/get to use SoupLogger and to allow
redirecting the output to a file [#703231, #703229, Andres
Gomez]
Changes in libsoup from 2.43.1 to 2.43.2:
* Fixed an authentication error when using NTLM when
connecting to an https site over a proxy; the code was
getting confused and thinking that the 200 OK response to
the CONNECT meant that NTLM auth had succeeded. [#698728,
Dan]
* Fixed a memory leak in SoupSocket. [#700472, Richard
Röjfors]
* Fixed a missing include error on some platforms [#700003,
Erik van Pienbroek]
* Fixed warnings when running against the "dummy" TLS backend.
[#700518, Dan]
Changes in libsoup from 2.42.1 to 2.43.1:
* Including <libsoup/soup.h> no longer pulls in the system
networking headers. This may cause some packages to no
longer compile, if they were accidentally depending on this.
Adding "#include <gio/gnetworking.h>" will fix them on both
unix and Windows. (This was done as part of fixing the build
on Windows.) [#692134, Dan]
* Fixed SoupSession:proxy-resolver [#698163, Dan]
* Added soup_message_set_priority(), to mark messages as being
high, low, or normal priority, and update the message queue
to prioritize them accordingly. [#696277, Sergio]
* Fixed several test programs to still work if glib-networking
isn't installed [Dan], and fixed another to still work if
the kernel has no IPv6 support. [#698220, Dan]
Changes since omniORB 4.1.6
---------------------------
- Bug fixes and platform updates. See bugfixes-416.xml
- ZIOP support. See src/examples/ziop/README.txt for details.
Changes since omniORB 4.1.5
---------------------------
- Bug fixes. See bugfixes-415.xml
- New clientOpenConnection and serverAcceptConnection interceptors.
dnspython is a DNS toolkit for Python. It provides both high and low
level access to DNS. The high level classes perform queries for data
of a given name, type, and class, and return an answer set. The low
level classes allow direct manipulation of DNS zones, messages, names,
and records.
This is the python-3.x version of the module.
* (Version 1.11.1 released)
* dns/tsigkeyring.py (to_text): we want keyname.to_text(), not
dns.name.to_text(keyname). Thangs to wangwang for the fix.
* dns/tsig.py (sign): multi-message TSIGs were broken for
algorithms other than HMAC-MD5 because we weren't passing the
right digest module to the HMAC code. Thanks to salzmdan for
reporting the bug.
* dns/dnssec.py (_find_candidate_keys): we tried to extract the
key from the wrong variable name. Thanks to Andrei Fokau for the
fix.
* dns/resolver.py: we want 'self.retry_servfail' not just
retry_servfail. Reported by many, thanks! Thanks to
Jeffrey C. Ollie for the fix.
* tests/grange.py: fix tests to use older-style print formatting
for backwards compatibility with python 2.4. Thanks to
Jeffrey C. Ollie for the fix.
* (Version 1.11.0 released)
* dns/name.py (Name.to_wire): Do not add items with offsets >= 2^14
to the compression table. Thanks to Casey Deccio for discovering
this bug.
* dns/ipv6.py (inet_ntoa): We now comply with RFC 5952 section
5.2.2, by *not* using the :: syntax to shorten just one 16-bit
field. Thanks to David Waitzman for reporting the bug and
suggesting the fix.
* lock caches in case they are shared
* raise YXDOMAIN if we see one
* do not print empty rdatasets
* Add contributed $GENERATE support (thanks uberj)
* Remove DNSKEY keytag uniqueness assumption (RFC 4034, section 8)
(thanks James Dempsey)
* added set_flags() method to dns.resolver.Resolver
* added support for TLSA RR
* dns/rdtypes/ANY/NSEC3.py (NSEC3.from_text): The NSEC3 from_text()
method could erroneously emit empty bitmap windows (i.e. windows
with a count of 0 bytes); such bitmaps are illegal.
* (Version 1.10.0 released)
* dns/message.py (make_query): All EDNS values may now be
specified when calling make_query()
* dns/query.py: Specifying source_port had no effect if source was
not specified. We now use the appropriate wildcard source in
that case.
* dns/resolver.py (Resolver.query): source_port may now be
specified.
* dns/resolver.py (Resolver.query): Switch to TCP when a UDP
response is truncated. Handle nameservers that serve on UDP
but not TCP.
* dns/zone.py (from_xfr): dns.zone.from_xfr() now takes a
'check_origin' parameter which defaults to True. If set to
False, then dnspython will not make origin checks on the zone.
Thanks to Carlos Perez for the report.
* dns/rdtypes/ANY/SSHFP.py (SSHFP.from_text): Allow whitespace in
the text string. Thanks to Jan Andres for the report and the
patch.
* dns/message.py (from_wire): dns.message.from_wire() now takes
an 'ignore_trailing' parameter which defaults to False. If set
to True, then trailing junk will be ignored instead of causing
TrailingJunk to be raised. Thanks to Shane Huntley for
contributing the patch.
* dns/resolver.py: Added LRUCache. In this cache implementation,
the cache size is limited to a user-specified number of nodes, and
when adding a new node to a full cache the least-recently used
node is removed.
* dns/resolver.py: dns.resolver.override_system_resolver()
overrides the socket module's versions of getaddrinfo(),
getnameinfo(), getfqdn(), gethostbyname(), gethostbyname_ex() and
gethostbyaddr() with an implementation which uses a dnspython stub
resolver instead of the system's stub resolver. This can be
useful in testing situations where you want to control the
resolution behavior of python code without having to change the
system's resolver settings (e.g. /etc/resolv.conf).
dns.resolver.restore_system_resolver() undoes the change.
* dns/ipv4.py: dnspython now provides its own, stricter, versions
of IPv4 inet_ntoa() and inet_aton() instead of using the OS's
versions.
* dns/ipv6.py: inet_aton() now bounds checks embedded IPv4 addresses
more strictly. Also, now only dns.exception.SyntaxError can be
raised on bad input.
* Old DNSSEC types (KEY, NXT, and SIG) have been removed.
* Bounds checking of slices in rdata wire processing is now more
strict, and bounds errors (e.g. we got less data than was
expected) now raise dns.exception.FormError rather than
IndexError.
HATop is an interactive ncurses client and real-time monitoring, statistics
displaying tool for the HAProxy TCP/HTTP load balancer.
HATop's appearance is similar to top(1). It supports various modes for detailed
statistics of all configured proxies and services in near realtime. In addition,
it features an interactive CLI for the haproxy unix socket. This allows
administrators to control the given haproxy instance (change server weight, put
servers into maintenance mode, ...) directly out of hatop (using keybinds or
the CLI) and monitor the results immediately.
HATop is written in pure Python and has no external dependencies.
1.) Handle installation of the script to determine the amount of free
memory and swap space on the local machine automatically.
2.) Fix the NetBSD implementation of the above script.
3.) Create a wrapper shell script for invoking Cacti's poller.
4.) Simplify the installation instrunctions using the above enhancements.
5.) Don't included the log file in the package list. It doesn't belong
there and "pkg_delete" will correctly complain that it has been
modified.
ToDo:
- The log file and the "rrdtool" database still need to be moved to
a directory under "${VARBASE}".
- "config.php" should really be a config file to allow using a
non-default password for the MySQL database. But the file would have
to be readable by both the user of the webserver and that cacti user.
pkgsrc change: remove patches/patch-configure.in.
--- 9.9.4-P2 released ---
3693. [security] memcpy was incorrectly called with overlapping
ranges resulting in malformed names being generated
on some platforms. This could cause INSIST failures
when serving NSEC3 signed zones. [RT #35120]
3658. [port] linux: Address platform specific compilation issue
when libcap-devel is installed. [RT #34838]
--- 9.8.6-P2 released ---
3693. [security] memcpy was incorrectly called with overlapping
ranges resulting in malformed names being generated
on some platforms. This could cause INSIST failures
when serving NSEC3 signed zones. [RT #35120]
3658. [port] linux: Address platform specific compilation issue
when libcap-devel is installed. [RT #34838]
fix for CVE-2014-0591.
--- 9.6-ESV-R10-P2 released ---
3693. [security] memcpy was incorrectly called with overlapping
ranges resulting in malformed names being generated
on some platforms. This could cause INSIST failures
when serving NSEC3 signed zones. [RT #35120]
3658. [port] linux: Address platform specific compilation issue
when libcap-devel is installed. [RT #34838]
http://secunia.com/advisories/53818/ From NEWS:
== GNU ZRTP 4.1.1 ==
Is a bug fix release that fixes some problems when building a standalone
version of the library, i.e. with embedded crypto algorithms and not using
on openSSL.
Another fix was necessary for NetBSD thread handling.
== GNU ZRTP 4.1.0 ==
Small enhancements when dealing with non-NIST algorithms. An application may
set a ''algorithm selection policy'' to control the selection behaviour. In
addition the the standrad selection policy (as per RFC6189) this version
provides a _non-NIST_ selection policy: if the selected public key algorithm
is a non-NIST ECC algorithm then the other selection functions prefer non-NIST
HASH algorithms (Skein etc).
== GNU ZRTP 4.0.0 ==
For this version I added some new algorithms for the DH key agreement
and the Skein Hash for ZRTP. Not further functional enhancments.
Added a new (old) build parameter -DCORE_LIB that will build a ZRTP core
library. This was available in V2.3 but I somehow lost this for 3.0
You may add other build parameters, such as SQLITE and CRYPTO_STANDALONE
if you build the core library.
== GNU ZRTP 3.2.0 ==
The main ZRTP modules contain fixes for three vulnerabilities found by Mark
Dowd. Thus we advise application developers to use this version of the
library. The vulnerabilities may lead to application crashes during ZRTP
negotiation if an attacker sends prepared ZRTP packets. The fixes remove these
attack vectors.
Some small other enhancements and cleanup, mainly inside client code.
Some enhancements in cache handling and the handling of retained shared
secrets. This change was proposed by Phil, is a slight security enhacement and
is fully backward comaptible.
Because of some API changes clients must be compiled and linked with the new
library.
For details please refer to the Git logs.
== GNU ZRTP 3.1.0 ==
This version adds some new features and code that supports some other
client and this accounts for the most changes inside this release.
The ZRTP core functionality was not changed as much (bug fixes, cleanup
mainly) and remains fully backward compatible with older library
versions. However, one nice enhancement was done: the addition of a standalone
SDES support module. This module supports basic SDES only without the fancy
stuff like many other SDES implementations. Thus it's pretty interoperable.
Some other features are:
- add some android support for a client, may serve as template for others
- documentation and code cleanup
Because of some API changes clients must be compiled and linked with the new
library.
== GNU ZRTP 3.0.0 ==
This is a major enhancement and restructuring of the overall ZRTP
distribution. This was necessary because more and more other clients use ZRTP
and add their specific glue code. Also some clients are not prepared to use
openSSL or other crypto libraries to their code and distributions.
Here a summary of the changes
- a new directory layout to accomodate various clients
- add standalone crypto modules, for example for AES, to have a real
standalone ZRTP/SRTP library that does not require any other crypto library
(optional via CMake configuration)
- Re-structure ZRTP cache and add SQlite3 as optional storage backend
The default settings for CMake build the normal ZRTP library that use openSSL
as crypto backend, use the normal file based cache and include the GNU ccRTP
modules. This is a librray that is to a large degree compatible with the
earlier builds.
Please refer to the top level CMakeFile.txt for options how to switch on the
standalone crypto mode or the SQlite3 based cache storage.
- bug: Fixed issue with custom data source information being lost when
saved from edit
- bug: Repopulate the poller cache on new installations
- bug: Fix issue with poller not escaping the script query path correctly
- bug: Allow snmpv3 priv proto none
- bug: Fix issue where host activate may flush the entire poller item
cache
-security: SQL injection and shell escaping issues
Also add the fix for the security vulnerability reported in SA54531
taken from the SVN repository.
* This package requires gcc 4.7 later from pkgsrc
Changelog:
aria2 1.18.2
============
Release Note
------------
This release fixes the wrong handling of return value of fork(), which
leads to high CPU usage. The progress readout has some color output.
Mingw32 build now receives colorized output. Mingw32 build now can
read unicode command-line arguments. The build script of OSX was
rewritten. The --bt-max-open-files now limits the number of opened
file globally for multi-file downloads instead of per download basis.
Changes
-------
* Remove the outdated, broken build_osx_release.sh
* Initial revision of the a new OSX release Makefile
* Allow using libgmp with AppleTLS/WinTLS
* Fix crash when metaurl contains unsupported URI or text
* Fix bad fork() return value handling
* Use some colors in progress reports (where available)
* Implement basic color support for the Windows console
Only \033[*m (SGR) is supported, with a 16+16 color terminal.
* AppleTLS: Implement PKCS12 loading.
* Limit number of opened file globally with --bt-max-open-files option
This change changes the behavior of --bt-max-open-files. Previously,
it specifies the maximum number of opened files for each multi-file
download. Since it is more useful to limit the number globally, the
option now specifies the global limit. This change suggests that
aria2.changeOption() method now ignores --bt-max-open-files and
aria2.changeGlobalOption now reads it and dynamically change the
limit.
* Don't fail multiple concurrent dl same file if auto-file-renaming is
enabled
* mingw32: Use CommandLineToArgvW() and GetCommandLineW() to read
cmd-line args
This change enables aria2 to read unicode characters in
command-line.
aria2 1.18.1
============
Release Note
------------
This release fixes the percent-encoding bug which affects file name
encodings. It adds PKCS12 support in certificate import. It also adds
experimental internal implementation of message digest functions, ARC4
cipher and bignum. It means that no external libraries are required to
build BitTorrent support, but this feature is still marked as
experimental. This release also fixes the android build with NDK r9.
Changes
-------
* LibsslTLSContext: Remove weak cipher suite
* AppleTLS: Enable --certificate
* util::percentEncodeMini: Fix regression bug removed unsignedness
srange-based for around std::string is convenient but several
functions depend unsigned char for correctness and readability.
* Log exception; throw error if loading private key and/or certificate
failed
* Provide internal ARC4 implementation
Now you can build bittorrent support without without external
libraries, meaning you can skip libnettle, libgmp, libgcrypt, GnuTLS
and OpenSSL on OSX (for now).
* Internal implementation of DHKeyExchange
Reusing a bignum (well, unsigned very-long) implementation I had
lying around for years and just cleaned up a bit and brought to
C++11 land.
It might not be the most performant implementation, but it shoud be
fast enough for our purposes and will go a long way of removing
gcrypt, nettle, gmp, openssl dependencies when using AppleTLS and
WinTLS (upcoming).
* PKCS12 support in --certificate and --rpc-certificate options.
* Add --disable-ssl configure option
* Add internal md5 and sha1 message digests
* Fix AppleMessageDigestImpl use with large data
* Set old cookie's creation-time to new cookie on replacement
As described in http://tools.ietf.org/html/rfc6265#section-5.3
* Fix link error with Android NDK r9
Since Android ndk r9, __set_errno is deprecated. It is now defined
as inline function in errno.h. The syscall assembly calls
__set_errno, but since libc.so does not export it, the link
fails. To workaround this, replace all occurrences of __set_errno
with a2_set_errno and define it as normal C function.
aria2 1.18.0
============
Release Note
------------
This release changes the default disk cache size to 16 MiB. To change
the default size, --with-disk-cache configure option was added. Now
used URIs are also saved by --save-session option. The control file is
now always saved if --force-save is given. The ctrl-c handling on
Mingw build was improved. The internal intl library is no longer
supplied. From this release, C++11 compiler is required to build aria2
executable. For gcc, at least 4.6.3 is required.
Changes
-------
* Use AM subdir-objects
Doing so in AM_INIT_AUTOMAKE seems to be the most compatible way of
doing so.
Closes GH-120
* AM_SILENT_RULES([yes]) with backwards-compatiblity
Supported since automake-1.11. There is no point in having the very
verbose compile stuff running about, which cannot even silenced
properly with `make -s` by default. Otherwise, `make V=1` or
`--disable-silent-rules` are your friends
* Fix automake-1.14 am_aux_dir
AC_USE_SYSTEM_EXTENSIONS will cause AC_PROG_CC, which is overridden
by automake-1.14, which will then init (part) of automake, in
particular am_aux_dir expansion, which in turn relies on ac_aux-dir,
which is not initialized at this point, and thus: certain doom (or
fun, depending on your POV and mood :p)
Hence call AC_USE_SYSTEM_EXTENSIONS only after
AM_INIT_AUTOMAKE. This, of course, caused a lot of related macro
shuffling.
Tested against automake-1.10 (OSX Lion/XCode version) and
automake-1.14 (homebrew version)
* Require external gettext for --enable-nls
And stop using the internal flavor with ./intl
* Make AX_CXX_COMPILE_STDCXX_11 test for -stdlib=libc++ via std::shared_ptr
The clang shipped with OSX XCode and clangs not build enabling
libcpp, will default to the libstdc++ headers and lib installed on
the system. In the OSX case, that libstdc++ is the one bundles with
gcc-4.2, which is far too old to provide all required C++11 types,
such as std::shared_ptr. Hence, the C++11 check should try to
compile a program with a C++11 type and try -stdlib=libc++ if the
default lib fails to compile said program.
* Make the configure check for C++11 compiler mandatory
Remove stray "dnl", so that mandatory actually works with (my)
autoreconf.
* Always build doc/manual-src
Should sphinx-build be not available AND the man file not be prsent,
then just "touch" it into existence (and warn about that)
* Win: Use SetConsoleCtrlHandler for SIGINT/SIGTERM
* Implement a simple resource lock (threading)
In this initial implementation Locks are no-ops on platforms other
than Windows.
* Check for sphinx-build during configure
* Add --with-disk-cache configure option
Enables packagers more fine grained control over the default value
without having to mess with config files.
See GH-115
* Change defaults: Enable 16M disk cache by default.
* Always save control file if --force-save is given
* Set log level DEBUG for unittests
* Check that C++ compiler supports override keyword
If the compiler supports override, define CXX11_OVERRIDE as
override, otherwise define it as empty. Use CXX11_OVERRIDE instead
of override.
* AppleTLS: Fix MessageDigestImpl
* AppleTLS: Fix session CFRelease stuff
* Use AX_CXX_COMPILE_STDCXX_11 macro to detect C++0x/C++11 support in
compiler
* Require -std=c++11 and use std::shared_ptr instead of SharedHandle
* Join URI on redirect
* Send HAVE message to the peer which the piece is downloaded from
Historically, aria2 did not send HAVE message to the peer which the
piece is coming from, thinking it is obvious that the peer knows we
have the piece. But it is not obvious if one piece is download from
more than 1 peers (e.g., end game mode). So it is better to send
HAVE to all peers connected.
* Improvements to --follow-torrent=false documentation.
Patch from gt
* SessionSerializer: Truly unique URIs
Before, only spent uris where sanitized not to be contained within
remaining uris. Change this so that each uri in the
union(remaining,spent) get saved once at most. The order of the
uris will won't be changed, with remaining uris going first followed
by spent uris.
Also avoid copying the uri std::strings around during dupe checking,
usually resulting in better performance regarding CPU and space.
* Make getOption RPC method return option for stopped downloads
* SessionSerializer: Save spent URIs as well as remaining ones
- new plugin: BetterNotify
- support for Twitter API v1.1
- 'mark timeline as read' menu item added
- Show 'in reply to' in Twitter search timelines
- identi.ca support removed from StatusNet plugin
- other minor fixes
3.2.2
This release fixes a number of bugs in the broker (including High Availability
mode) and plugins (LDAP, Management and MQTT).
3.2.1
This fixes a number of bugs in 3.2.0 and earlier versions.
3.2.0
This release introduces federated queues and features enhanced policies for
aspects of the broker which previously required AMQP arguments. Clients can
now obtain better feedback about authentication failures and broker alarm
conditions.
This release corrects a number of defects in the broker and plugins.
Note that major additions are CredSSP and smart card single-sign-on, but
I have no way of testing them, so rather than adding untested dependencies,
I disabled those options.
rdesktop (1.8.1)
* Fix a typo in configure.ac
* Fix a bug which made rdesktop steal CPU cycles.
* Fix issue with reconnect, make use of deactivate variable
* Added 4 new disconnect reasons with exit codes
* Fix issues of window handling in SeamlessRDP parts of rdesktop
* Fix a backward compability with OpenSSL < 0.9.9
* Fix a bug when code needs a x window available but there are none.
* Fix a sigsegv zeroing memory
* Fix a 64bit portability issue
-- Henrik Andersson <hean01@users.sourceforge.net> 2013-11-18
rdesktop (1.8.0)
* Support for protocol negotiation eg. SSL/TLSv1 and CredSSP
* Support for CredSSP + Kerberos authentication (NLA)
* Support for smart card single-sign-on
* Support passing smart card pin as password as argument
* Added IPC for controlling a master rdesktop process
* Support for connection sharing when using SeamlessRDP
* Improved handling of network connection failures
* Autoreconnect using the connection cookie at network failure
* Fix a few smart card issues
* Fix bug with mouse scroll handling
* Fix for left/right braces in Italian keymap
* Fix crash and memory leak in local drive redirection
* Fixes issues with license files loading/saving
-- Henrik Andersson <hean01@users.sourceforge.net> 2013-08-09
per documentation. Updated to latest release, 3.0.8. From Changelog:
3.0.8
=====
- Serializer: loads and dumps now wraps exceptions raised into
:exc:`~kombu.exceptions.DecodeError` and
:exc:`kombu.exceptions.EncodeError` respectively.
- Redis: Would attempt to read from the wrong connection if a
select/epoll/kqueue exception event happened.
- Redis: Disabling ack emulation now works properly.
- Redis: :exc:`IOError` and :exc:`OSError` are now treated as recoverable
connection errors.
- SQS: Improved performance by reading messages in bulk.
- Connection Pool: Attempting to acquire from a closed pool will now
raise :class:`RuntimeError`.
3.0.7
=====
- Fixes Python 2.6 compatibility.
- Redis: Fixes 'bad file descriptor' issue.
3.0.6
=====
- Timer: No longer attempts to hash keyword arguments (Issue #275).
- Async: Did not account for the long type for file descriptors.
- PyPy: kqueue support was broken.
- Redis: Bad pub/sub payloads no longer crashes the consumer.
- Redis: Unix socket URLs can now specify a virtual host by including
it as a query parameter.
- ``kombu.VERSION`` is now a named tuple.
3.0.5
=====
- Now depends on :mod:`amqp` 1.3.3.
- Redis: Fixed Python 3 compatibility problem (Issue #270).
- MongoDB: Fixed problem with URL parsing when authentication used.
- pyamqp: Fixed small issue when publishing the message and
the property dictionary was set to None.
- Fixed problem in ``repr(LaxBoundedSemaphore)``.
- Tests now passing on Python 3.3.
3.0.4
=====
- common.QoS: ``decrement_eventually`` now makes sure the value
does not go below 1 if a prefetch count is enabled.
3.0.3
=====
- SQS: Properly reverted patch that caused delays between messages.
- select: Clear all registerd fds on poller.cloe
- Eventloop: unregister if EBADF raised.
3.0.2
=====
- Now depends on :mod:`amqp` version 1.3.2.
- select: Fixed problem where unregister did not properly remove
the fd.
3.0.1
=====
- Now depends on :mod:`amqp` version 1.3.1.
- Redis: New option ``fanout_keyprefix``
This transport option is recommended for all users as it ensures
that broadcast (fanout) messages sent is only seen by the current
virtual host:
Connection('redis://', transport_options={'fanout_keyprefix': True})
However, enabling this means that you cannot send or receive messages
from older Kombu versions so make sure all of your participants
are upgraded and have the transport option enabled.
This will be the default behavior in Kombu 4.0.
- Distribution: Removed file ``requirements/py25.txt``.
- MongoDB: Now disables ``auto_start_request``.
- MongoDB: Enables ``use_greenlets`` if eventlet/gevent used.
- Pidbox: Fixes problem where expires header was None,
which is a value not supported by the amq protocol.
- ConsumerMixin: New ``consumer_context`` method for starting
the consumer without draining events.
3.0.0
=====
- Now depends on :mod:`amqp` version 1.3.
- No longer supports Python 2.5
The minimum Python version supported is now Python 2.6.0 for Python2,
and Python 3.3 for Python3.
- Dual codebase supporting both Python 2 and 3.
No longer using ``2to3``, making it easier to maintain support for
both versions.
- pickle, yaml and msgpack deserialization is now disabled by default.
This means that Kombu will by default refuse to handle any content type
other than json.
- kombu.async: Experimental event loop implementation.
- Utility function ``kombu.common.ipublish`` has been removed.
Use ``Producer(..., retry=True)`` instead.
- Utility function ``kombu.common.isend_reply`` has been removed
Use ``send_reply(..., retry=True)`` instead.
- ``kombu.common.entry_to_queue`` and ``kombu.messaging.entry_to_queue``
has been removed.
Use ``Queue.from_dict(name, **options)`` instead.
- Redis: Messages are now restored at the end of the list.
- ``StdConnectionError`` and ``StdChannelError`` is removed
and :exc:`amqp.ConnectionError` and :exc:`amqp.ChannelError` is used
instead.
- Message object implementation has moved to :class:`kombu.message.Message`.
- Serailization: Renamed functions encode/decode to
:func:`~kombu.serialization.dumps` and :func:`~kombu.serialization.loads`.
For backward compatibility the old names are still available as aliases.
- The ``kombu.log.anon_logger`` function has been removed.
Use :func:`~kombu.log.get_logger` instead.
- ``queue_declare`` now returns namedtuple with ``queue``, ``message_count``,
and ``consumer_count`` fields.
- LamportClock: Can now set lock class
- :mod:`kombu.utils.clock`: Utilities for ordering events added.
- :class:`~kombu.simple.SimpleQueue` now allows you to override
the exchange type used.
- Zookeeper transport updated to support new changes in the :mod:`kazoo`
library.
- pyamqp/librabbitmq: Transport options are now forwarded as keyword arguments
to the underlying connection (Issue #214).
- Transports may now distinguish between recoverable and irrecoverable
connection and channel errors.
- ``kombu.utils.Finalize`` has been removed: Use
:mod:`multiprocessing.util.Finalize` instead.
- Memory transport now supports the fanout exchange type.
- Experimental new `Pyro`_ transport (:mod:`kombu.transport.pyro`).
.. _`Pyro`: http://pythonhosted.org/Pyro
- Experimental new `SoftLayer MQ`_ transport (:mod:`kombu.transport.SLMQ`).
.. _`SoftLayer MQ`: http://www.softlayer.com/services/additional/message-queue
- Eventio: Kqueue breaks in subtle ways so select is now used instead.
- SQLAlchemy transport: Can now specify table names using the
``queue_tablename`` and ``message_tablename`` transport options.
Redis transport: Now supports using local UNIX sockets to communicate with the
Redis server (Issue #1283)
To connect using a UNIX socket you have to use the ``redis+socket``
URL-prefix: ``redis+socket:///tmp/redis.sock``.
This functionality was merged from the `celery-redis-unixsocket`_ project.
Contributed by Maxime Rouyrre.
ZeroMQ transport: drain_events now supports timeout.
.. _`celery-redis-unixsocket`:
https://github.com/piquadrat/celery-redis-unixsocket
2.5.16
======
- Python3: Fixed problem with dependencies not being installed.
2.5.15
======
- Declaration cache: Now only keeps hash of declaration
so that it does not keep a reference to the channel.
- Declaration cache: Now respects ``entity.can_cache_declaration``
attribute.
- Fixes Python 2.5 compatibility.
- Fixes tests after python-msgpack changes.
- ``Queue.get``: Now supports ``accept`` argument.
2.5.14
======
- safe_str did not work properly resulting in
:exc:`UnicodeDecodeError` (Issue #248).
2.5.13
======
- Now depends on :mod:`amqp` 1.0.13
- Fixed typo in Django functional tests.
- safe_str now returns Unicode in Python 2.x
- amqp: Transport options are now merged with arguments
supplied to the connection.
- Tests no longer depends on distribute, which was deprecated
and merged back into setuptools.
- ConsumerMixin now also restarts on channel related errors.
This is a fork of amqplib which was originally written by Barry Pederson. It is
maintained by the Celery project, and used by kombu as a pure python alternative
when librabbitmq is not available.
This library should be API compatible with librabbitmq.
* Fix: bug when displaying EOR
* Fix: invalid check on next-hop for multi-line routes
* Fix: badly parsing command line for run option
* Fix: allow the creation of 'allow' flows
* Fix: bad JSON encoding for EOR
* Fix: API message encoding
* Improvement: allow digit:digit in extended communities
* Improvement: healtcheck.py, python 2.6 and community support
- The following bugs have been fixed:
* Wireshark stops showing new packets but dumpcap keeps
writing them to the temp file. (Bug 9571)
* Wireshark 1.10.4 shuts down when promiscuous mode is
unchecked. (Bug 9577)
* Homeplug dissector bug: STATUS_ACCESS_VIOLATION: dissector
accessed an invalid memory address. (Bug 9578)
- Updated Protocol Support
GSM BSSMAP, GSM BSSMAP LE, GSM SMS, Homeplug, NAS-EPS, and SGSAP
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2013-66
The SIP dissector could go into an infinite loop.
Discovered by Alain Botti. (Bug 9388)
Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
CVE-2013-7112
* wnpa-sec-2013-67
The BSSGP dissector could crash. Discovered by Laurent
Butti. (Bug 9488)
Versions affected: 1.10.0 to 1.10.3
CVE-2013-7113
* wnpa-sec-2013-68
The NTLMSSP v2 dissector could crash. Discovered by Garming
Sam.
Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
CVE-2013-7114
The following bugs have been fixed:
* "On-the-wire" packet lengths are limited to 65535 bytes.
(Bug 8808, ws-buglink:9390)
* Tx MCS set is not interpreted properly in WLAN beacon
frame. (Bug 8894)
* VoIP Graph Analysis window - some calls are black. (Bug
8966)
* Wireshark fails to decode single-line, multiple Contact:
URIs in SIP responses. (Bug 9031)
* epan/follow.c - Incorrect "bytes missing in capture file"
in "check_fragments" due to an unsigned int wraparound?.
(Bug 9112)
* gsm_map doesn't decode MAPv3 reportSM-DeliveryStatus
result. (Bug 9382)
* Incorrect NFSv4 FATTR4_SECURITY_LABEL value. (Bug 9383)
* Timestamp decoded for Gigamon trailer is not padded
correctly. (Bug 9433)
* SEL Fast Message Bug-fix for Signed 16-bit Integer Fast
Meter Messages. (Bug 9435)
* DNP3 Bug Fix for Analog Data Sign Bit Handling. (Bug
9442)
* GSM SMS User Data header fill bits are wrong when using a 7
bits ASCII / IA5 encoding. (Bug 9478)
* WCDMA RLC dissector cannot assemble PDUs with SNs skipped
and wrap-arounded. (Bug 9505)
* DTLS: fix buffer overflow in mac check. (Bug 9512)
* Correct data length in SCSI_DATA_IN packets (within
iSCSI). (Bug 9521)
* GSM SMS UDH EMS control expects 4 octets instead of 3 with
OPTIONAL 4th. (Bug 9550)
* Fix "decode as ..." for packet-time.c. (Bug 9563)
- Updated Protocol Support
ANSI IS-637-A, BSSGP, DNP3, DVB-BAT, DVB-CI, GSM MAP, GSM SMS,
IEEE 802.11, iSCSI, NFSv4, NTLMSSP v2, RLC, SEL FM, SIP, and Time
server into a router, but to allow engineers to control their BGP (rfc4271)
network easily. Think of it as Software Defined Networking for people with
"commodity" routers.
ExaBGP transform BGP (rfc4271) messages into friendly plain text or JSON
which can be easily manipulate by scripts.
It allows the creation of tools such as:
* advanced looking glass graphically display the routing of prefix
* high availability tool which automatically isolate broken services
* DDOS mitigation
* an anycasted server
(Note newer tw-1.0.2 has been released already, but it requires
recent tw-twitter 5.x.y which requires much more gems not in pkgsrc)
Changes from History.txt:
=== 0.5.2 2013-09-19
* do not show dialogue with "--yes" option
Originally packaged by Fredrik Pettai, updated by Nils Ratusznik and
requested with PR pkg/48436.
Spine, formally Cactid, is a poller for Cacti that primarily strives to be
as fast as possible. For this reason it is written in native C, makes use of
POSIX threads, and is linked directly against the net-snmp library for minmumal
SNMP polling overhead. Spine is a replacement for the default cmd.php poller
so you must decide if using Spine makes sense for your installation.
Changes since 3.6.21:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field.
o Stefan Metzmacher <metze@samba.org>
* BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field.
o Noel Power <noel.power@suse.com>
* BUGs 10300, 10306: CVE-2012-6150: Fail authentication if user isn't
member of *any* require_membership_of specified groups.
Changes since 3.6.20:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 10139: Valid utf8 filenames cause "invalid conversion error"
messages.
* BUG 10167: s3-smb2 server: smb2 breaks "smb encryption = mandatory".
* BUG 10187: Missing talloc_free can leak stackframe in error path.
* BUG 10247: xattr: Fix listing EAs on *BSD for non-root users.
o Korobkin <korobkin+samba@gmail.com>
* BUG 10118: Raise debug level for being unable to open a printer.
o Volker Lendecke <vl@samba.org>
* BUG 10195: nsswitch: Fix short writes in winbind_write_sock.
o Arvid Requate <requate@univention.de>
* BUG 10267: Fix Windows 8 printing via local printer drivers.
o Andreas Schneider <asn@cryptomilk.org>
* BUG 10194: Make offline logon cache updating for cross child domain
group membership.
Changes since version 1.0.22:
- Check for writability when waiting for a socket to finish connecting.
- Don't send PING requests on connections which are not active yet.
- Fix segfault when Name = $HOST but $HOST is not set.
- Fix typos in the documentation.
- Modernize the build system.
- Get rid of the splay tree implementation.
- Add description of IffOneQueue and MaxTimeout to the info manual.
- Clean up child processes from proxy type exec.
I had a few bugs in 1.2 and I figured I'd just pack them up and
release again.
* Fix -import exit value
* Fix version number reported by serve
* Rename '.egg' file calypso.egg
Features:
* Implement max-udp-size config option, default 4096 with fix#524 for
nonEDNS0 queries.
* add unbound-control insecure_add and insecure_remove for the administration
of negative trust anchors.
* install copy of unbound-control.8 man page for unbound-control-setup.
* code improve for minimal responses, small speed increase.
* max include of 100.000 files (depth and globbed at one time).
This is to preserve system memory in bug cases, or endless cases.
* unbound.h header file has UNBOUND_VERSION_MAJOR define.
* get_option, set_option, unbound-checkconf -o and libunbound getoption() and
setoption() support cache-min-ttl and cache-max-ttl. Also log-time-ascii,
python-script, val-sig-skew-min and val-sig-skew-max. log-time-ascii takes
effect immediately. The others are mostly useful for libunbound users.
* configure --disable-flto option.
* streamtcp man page.
* Make reverse zones easier by documenting the nodefault statements
commented-out in the example config file.
Bug Fixes:
* committed libunbound version 4:1:2 for binary API updated in 1.4.20
* Fix for 2038, with time_t instead of uint32_t.
* Fix resolve of names that use a mix of public and private addresses.
* [bugzilla: 492 ] Fix endianness detection, revert to older lookup3.c
detection and put new detect lines after previous tests, to avoid
regressions but allow new detections to succeed.
And add detection for machine/endian.h to it.
* Fix queries leaking up for stubs and forwards, if the configured
nameservers all fail to answer.
* unbound-anchor review: BIO_write can return 0 successfully if it has
successfully appended a zero length string.
* Fix so that for a configuration line of include: "*.conf" it is not an
error if there are no files matching the glob pattern.
* own implementation of compat/snprintf.c.
* [bugzilla: 491 ] pick program name (0th argument) as syslog identity.
* Fixup snprintf return value usage, fixed libunbound_get_option.
* Robust checks on dname validity from rdata for dname compare.
* iana portlist update.
* Fix round-robin doesn't work with some Windows clients.
* [bugzilla: 500 ] use on non-initialised values on socket bind failures.
* [bugzilla: 499 ] use-after-free in out-of-memory handling code.
* Explain bogus and secure flags in libunbound more.
* Update acx_pthreads.m4 to ax_pthreads.4 (2013-03-29), and apply patch to it
to not fail when -Werror is also specified, from the autoconf-archives.
* Fixup manpage syntax.
* Fix for const string literals in C++ for libunbound.
* Squelch sendto-permission denied errors when the network is not connected,
to avoid spamming syslog.
* libunbound documentation on how to avoid openssl race conditions.
* [bugzilla: 512 ] NSS returned arrays out of setup function to be statics.
* [bugzilla: 516 ] dnssec lameness detection for answers that are improper.
* [bugzilla: 519 ] ub_ctx_delete may hang in some scenarios (libunbound).
* [bugzilla: 520 ] Errors found by static analysis
- Integrated NetBSD ioctl driver (modified) from Rui Paulo.
- Fixed buffer overflow in draw_rate, exposed in 64 sistems due
to extended precision in floating point values.
- Include Becker's changes for trend support and set trend support on by
default.
- Integrate FreeBSD's driver patch.
- Do not blink leds when an interface is offline
- Do not require 'link_up' in solaris_kstat (but use it if present),
since on OpenSolaris many nic drivers seem to be broken.
- Fix the installation path of wmndrc.
* Twisted now includes a HostnameEndpoint implementation which uses IPv4 and IPv6 in parallel, speeding up the connection by using whichever connects first (the 'Happy Eyeballs'/RFC 6555 algorithm).
* Improved support for Cancellable Deferreds by kaizhang, our GSoC student.
* Improved Twisted.Mail documentation by shira, our Outreach Program for Women intern.
* twistd now waits for the application to start successfully before exiting after daemonization.
* SSL server endpoint string descriptions now support the specification of chain certificates.
* Over 70 closed tickets since 13.1.0.
Upstream changes:
1.08 November 8, 2013
! #15703 add no_index for examples to prevent CPAN pollution [githumb.com/sergeyromanov]
1.07 November 7, 2013
! #89948 Remove warning when Content-Id is not present
These are security releases in order to address CVE-2013-4475 (ACLs are not checked on opening an alternate data stream on a file or directory) and CVE-2013-4476 (Private key in key.pem world readable).
--------------------------
Bugfixes:
* Improved zone loading error messages
* Correct control socket permissions
* Improved log syntax documentation
* Fixed wrong assertions in DDNS prerequisites checking
* Fixed processing of some malformed DNS packets
* Fixed notify messages being ignored in some cases
v1.3.2 - Sep 30, 2013
---------------------
Bugfixes:
* Configuration option for EDNS0 max UDP payload.
* Max UDP payload from EDNS0 affected TCP responses.
* Fixed build on SLE 10.
* knotc reload did not close files included from config.
Based on PR pkg/48320 by Nils Ratusznik.
Pkgsrc change:
* add startup script.
ChangeLog:
v1.15: 27JUL2013
Added --transparent option for transparent proxying.
See README for iptables magic and capability
management.
Fixed bug in sslh-select: if number of opened file
descriptor became bigger than FD_SETSIZE, bad things
would happen.
Fixed bug in sslh-select: if socket dropped while
defered_data was present, sslh-select would crash.
Increased FD_SETSIZE for Cygwin, as the default 64
is too low for even moderate load.
v1.14: 21DEC2012
Corrected OpenVPN probe to support pre-shared secret
mode (OpenVPN port-sharing code is... wrong). Thanks
to Kai Ellinger for help in investigating and
testing.
Added an actual TLS/SSL probe.
Added configurable --on-timeout protocol
specification.
Added a --anyprot protocol probe (equivalent to what
--ssl was).
Makefile respects the user's compiler and CFLAG
choices (falling back to the current values if
undefined), as well as LDFLAGS.
(Michael Palimaka)
Added "After" and "KillMode" to systemd.sslh.service
(Thomas Weißschuh).
Added LSB tags to etc.init.d.sslh
(Thomas Varis).
v1.13: 18MAY2012
Write PID file before dropping privileges.
Added --background, which overrides 'foreground'
configuration file setting.
Added example systemd service file from Archlinux in
scripts/
https://projects.archlinux.org/svntogit/community.git/tree/trunk/sslh.service?h=packages/sslh
(Sébastien Luttringer)
v1.12: 08MAY2012
Added support for configuration file.
New protocol probes can be defined using regular
expressions that match the first packet sent by the
client.
sslh now connects timed out connections to the first
configured protocol instead of 'ssh' (just make sure
ssh is the first defined protocol).
sslh now tries protocols in the order in which they
are defined (just make sure sslh is the last defined
protocol).
v1.11: 21APR2012
WARNING: defaults have been removed for --user and
--pidfile options, update your start-up scripts!
No longer stop sslh when reverse DNS requests fail
for logging.
Added HTTP probe.
No longer create new session if running in
foreground.
No longer default to changing user to 'nobody'. If
--user isn't specified, just run as current user.
No longer create PID file by default, it should be
explicitely set with --pidfile.
No longer log to syslog if in foreground. Logs are
instead output to stderr.
The four changes above make it straightforward to
integrate sslh with systemd, and should help with
launchd.
v1.10: 27NOV2011
Fixed calls referring to sockaddr length so they work
with FreeBSD.
Try target addresses in turn until one works if
there are several (e.g. "localhost:22" resolves to
an IPv6 address and an IPv4 address and sshd does
not listen on IPv6).
Fixed sslh-fork so killing the head process kills
the listener processes.
Heavily cleaned up test suite. Added stress test
t_load script. Added coverage (requires lcov).
Support for XMPP (Arnaud Gendre).
Updated README.MacOSX (Aaron Madlon-Kay).
v1.9: 02AUG2011
WARNING: This version does not work with FreeBSD and
derivatives!
WARNING: Options changed, you'll need to update your
start-up scripts! Log format changed, you'll need to
update log processing scripts!
Now supports IPv6 throughout (both on listening and
forwarding)
Logs now contain IPv6 addresses, local forwarding
address, and resolves names (unless --numeric is
specified).
Introduced long options.
Options -l, -s and -o replaced by their long
counterparts.
Defaults for SSL and SSH options suppressed (it's
legitimate to want to use sslh to mux OpenVPN and
tinc while not caring about SSH nor SSL).
Bind to multiple addresses with multiple -p options.
Support for tinc VPN (experimental).
Numeric logging option.
v1.8: 15JUL2011
Changed log format to make it possible to link
connections to subsequent logs from other services.
Updated CentOS init.d script (Andre Krajnik).
Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not
propagated to the child process, so we set up signals after
the fork.) (François FRITZ)
Added -o "OpenVPN" and OpenVPN probing and support.
Added single-threaded, select(2)-based version.
Added support for "Bold" SSH clients (clients that speak first)
Thanks to Guillaume Ricaud for spotting a regression
bug.
Added -f "foreground" option.
Added test suite. (only tests connexions. No test for libwrap,
setsid, setuid and so on) and corresponding 'make
test' target.
Added README.MacOSX (thanks Aaron Madlon-Kay)
Documented use with proxytunnel and corkscrew in
README.
Security Fixes
Treat an all zero netmask as invalid when generating the localnets
acl. A Winsock library call on some Windows systems can return
an incorrect value for an interface's netmask, potentially
causing unexpected matches to BIND's built-in "localnets" Access
Control List. (CVE-2013-6230) [RT #34687]
Security Fixes
Treat an all zero netmask as invalid when generating the localnets
acl. A Winsock library call on some Windows systems can return
an incorrect value for an interface's netmask, potentially causing
unexpected matches to BIND's built-in "localnets" Access Control
List. (CVE-2013-6230) [RT #34687]
Security Fixes
Treat an all zero netmask as invalid when generating the localnets
acl. A Winsock library call on some Windows systems can return
an incorrect value for an interface's netmask, potentially causing
unexpected matches to BIND's built-in "localnets" Access Control
List. (CVE-2013-6230) [RT #34687]
* Image preview
* catch up Tumblr spec chane
* Fixes 100% CPU when network is disconnected.
* Fixes display past tweets in threads.
* Fixes rare crash handling list.
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2013-61
The IEEE 802.15.4 dissector could crash. (Bug 9139)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6336
* wnpa-sec-2013-62
The NBAP dissector could crash. Discovered by Laurent
Butti. (Bug 9168)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6337
* wnpa-sec-2013-63
The SIP dissector could crash. (Bug 9228)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6338
* wnpa-sec-2013-64
The OpenWire dissector could go into a large loop.
Discovered by Murali. (Bug 9248)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6339
* wnpa-sec-2013-65
The TCP dissector could crash. (Bug 9263)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6340
- The following bugs have been fixed:
* new_packet_list: EAP-TLS reassemble does not happen when
NEW_PACKET_LIST is toggled. (Bug 5349)
* TLS decryption fails with XMPP start_tls. (Bug 8871)
* Wrong Interpretation of GTS starting slot. (Bug 8946)
* "Follow TCP Stream" shows only the first HTTP req+res.
(Bug 9044)
* The value of SEND_TO_UE in the DIAMETER Gx dictionary for
Packet-Filter-Usage AVP is 0 instead of 1. (Bug 9126)
* Crash then try to delete the same entry (length range)
twice. (Bug 9129)
* Crash if wrong "packet lengths range" entered. (Bug
9130)
* Bssgp => SGSN-INVOKE-TRACE use the wrong function...
(Bug 9157)
* Minor correction to dissection of DLR frames in Ethernet/IP
dissector. (Bug 9186)
* WebSphere MQ V7 Bug Fix 8322 TSHM_EBCDIC. (Bug 9198)
* EDNS0 "Higher bits in extended RCODE" incorrectly decoded
in packet-dns.c. (Bug 9199)
* Files with pcap-ng Simple Packet Blocks can't be read.
(Bug 9200)
* Bug in RTP dissector if RTP extension is present. (Bug
9204)
* Improve "eHRPD Indicator" NVSE dissection in 3GPP2 A11
Registration Request. (Bug 9206)
* "make debian-package" fails, missing wsicon32.xpm. (Bug
9209)
* Fix typo in MODCOD list of DVB-S2 dissector. (Bug 9218)
* Ring buffer crash when tshark gets too far behind dumpcap.
(Bug 9258)
* PTP Dissector Wrongfully Reports Malformed Packet. (Bug
9262)
* Wireshark lua dissector unable to load for
media_type=application/octet-stream. (Bug 9296)
* Wireshark crash when dissecting packet with NTLMSSP.
(Bug 9299)
* Padding in uint64 field in DCERPC protocol wrongly
reported. (Bug 9300)
* DCERPC data_blobs are not correctly dissected when NDR64
encoding is used. (Bug 9301)
* Multiple PDUs in the same DCERPC packet are not correctly
decrypted. (Bug 9302)
* The tshark summary line doesn't display the frame number or
displays it sporadically. (Bug 9317)
* Bluetooth: SDP improvements and minor fixes. (Bug 9327)
* Duplicate IRC header field abbreviation breaks filter
(example: irc.response.command). (Bug 9360)
- Updated Protocol Support
3GPP2 A11, Bluetooth SDP, BSSGP, DCERPC, DCERPC NDR, DCERPC NT,
DIAMETER, DNS, DVB-S2, Ethernet, EtherNet/IP, H.225, IEEE
802.15.4, IRC, NBAP, NTLMSSP, OpenWire, PTP, RTP, SIP, TCP,
WiMax, and XMPP
e-mail address). Changes include:
* Shell.to_file: implement the append flag as documented
* The libraries netcamlbox and netmulticore are now only built
if completely supported.
* Porting netcamlbox and netmulticore to ocaml-4.01:
There are new implementations in OCaml for caml_modify and
caml_initialize that are incompatible with our usage here.
Fortunately, these symbols are now weak, and we can override
them. This is done in netsys.outofheap, and for the time being
we just use the old implementation from ocaml-4.00.
* Porting netsys to ocaml-4.01: O_CLOEXEC is now supported
if found
* Netsys_sem: fix for systems that don't have
Netsys_posix.sysconf_open_max (e.g. Win32).
* Http_fs: read method: fixing a problem with resent messages
* Http_client: better reaction after "100" responses
* Http_client: implementing verbose_response_header, and
verbose_response_contents again
* Uq_ssl: debugging of payload data (Uq_ssl.Debug.dump_data)
* Http_fs: fixing chunked encoding for PUT (this is already done
in Http_client)
* Nethttp: new function base_code
* Http_client: handling the case better that an unknown status
code is returned by the server. Before, [response_status] simply
raised [Not_found]. Now, the base status is returned instead.
* Extending ocamlrpcgen: It supports now six new directives,
_lowercase, _uppercase, _capitalize, _prefix, _equals,
and _tuple (see documentation).
Changes:
- Set default timing method to either gtod or abstime (#404)
- Fix IPv6 parsing of CIDR's (#405)
- Add support for preloading the memory cache (#410)
- Generate more useful error when packets are too small (#411)
- Update to libopts/Autogen 5.9.9 (#412)
- Ship Win32Readme.txt file (#413)
- Update copyright notice to 2010 (#416)
- Dramatically enhance --portmap option (#417)
- Update autotools (#423)
- Add support for printing statistics periodically during the run (#424)
- Warn user when pcap snaplen < 65535 (#425)
- Add 802.1q processing support tcpprep (#428)
- Link libnl when newer versions of libpcap require it (#397)
- Ship m4 directory (#398)
- Upgrade to latest autotools scripts (#400)
- Fix error message when running autogen.sh (#401)
- Added extensive IPv6 support to tcprewrite & tcpreplay-edit (#11)
- Add IPv6 fragroute support (#388)
- Add IPv6 decoding support to tcpprep (#11)
- Fix compile time error in err.h (#390)
- Add --endpoints support in tcpreplay-edit (#393)
Features:
* documented in doc/NSD-4-features. Change configuration without restart,
direct nameserver control with nsd-control, support a higher number of zones.
Higher performance (compared to NSD3).
* nsdc is gone. Use kill -HUP for reload (also checks if zonefiles have
changed and rereads them), and kill -TERM for quit. Or use nsd-control
for detailed control.
* cron job for nsdc patch is gone. nsd-control write creates zonefiles.
* nsd.db has a new format that compacts itself when it is changed,
thus nsdc patch is no longer necessary.
* nsd.db is memory mapped, NSD needs (part of) that mmap in ram.
* tcp-count can go above 1000; epoll/kqueue support with libevent.
* nsd-control reconfig for updates with no restart (zones, keys, ..)
* nsd-control-setup to create keys for nsd-control (enable nsd-control
with remote-control: yes in nsd.conf).
Changes since puf-0.93.2a:
1.0.0 (16 Oct 2005)
- Fixed command line parsing error that caused -d to be taken as -dc
- -r[+[+]] doesn't imply -p any more, but it advances -p to -pr[+[+]]
- The scope of URL-based switches can be limited with brackets now
- The file supplied to -i is now interpreted as a generic command file
with one command line switch (incl. argument) or URL per line
- Dropped SPEC format - use -O and the new -xy/-xyy switches instead
- $http_proxy is now obeyed if no proxies are specified with -y/-iy
- Scope of -O switch unified with other URL-based switches
- Made -O buffer output when dumping multiple sources to one target
- Added support for "-O -"
- Added -A, -R, -D, -Dl, -Dr, -xr, -xu, -xs, -xo and -xO switches
- Removed -xe switch
- -xE now enumerates per occurrence of -P
- Vast performance improvements of large downloads
- Automatically %-escape [invalid] spaces in URLs
- Various bug fixes
- Change of versioning scheme to something more reasonable
0.93.3 (20 May 2004)
- Don't retry after HTTP errors 403 and 404. Added -xT switch to
enforce the old behaviour (for some really broken servers)
- Don't spawn a separate process for every DNS lookup, but use a
pool of DNS helper processes instead
- Added -xh and -dc switches
- Fixed file corruption on CygWin
