* Fixed potential local privilege escalation vulnerability in
Windows service.
* Added Python-based based alternative build system for Windows using
Visual Studio 2008 (in win directory).
* When aborting in a non-graceful way, try to execute do_close_tun in
init.c prior to daemon exit to ensure that the tun/tap interface is
closed and any added routes are deleted.
* Fixed an issue where AUTH_FAILED was not being properly delivered
to the client when a bad password is given for mid-session reauth,
causing the connection to fail without an error indication.
* Don't advance to the next connection profile on AUTH_FAILED errors.
* Fixed an issue in the Management Interface that could cause
a process hang with 100% CPU utilization in --management-client
mode if the management interface client disconnected at the
point where credentials are queried.
* Fixed an issue where if reneg-sec was set to 0 on the client,
so that the server-side value would take precedence,
the auth_deferred_expire_window function would incorrectly
return a window period of 0 seconds. In this case, the
correct window period should be the handshake window period.
* Modified ">PASSWORD:Verification Failed" management interface
notification to include a client reason string:
>PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING']
* Enable exponential backoff in reliability layer retransmits.
* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after
socket is created rather than waiting until after connect/listen.
* Management interface performance optimizations:
1. Added env-filter MI command to perform filtering on env vars
passed through as a part of --management-client-auth
2. man_write will now try to aggregate output into larger blocks
(up to 1024 bytes) for more efficient i/o
* Fixed minor issue in Windows TAP driver DEBUG builds
where non-null-terminated unicode strings were being
printed incorrectly.
* Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support
was not being compiled in.
* Proxy improvements:
* Implemented http-proxy-override and http-proxy-fallback directives to make it
easier for OpenVPN client UIs to start a pre-existing client config file with
proxy options, or to adaptively fall back to a proxy connection if a direct
connection fails.
* Implemented a key/value auth channel from client to server.
* Fixed issue where bad creds provided by the management interface
for HTTP Proxy Basic Authentication would go into an infinite
retry-fail loop instead of requerying the management interface for
new creds.
pkgsrc changes:
- add license definition (see https://rt.cpan.org/Ticket/Display.html?id=60954)
- add homepage
- clarify that it requires a c compiler and Module::Build
Upstream changes:
0.43.1 2010-06-11 21:45:15 America/Montreal
* Change a test to use explicit number of tests instead of 'done_testing'.
0.43.0 May 23rd, 2010
* Fixed UDP checksum. Thanks to Hal Finkel. (RT#56235)
* Added Joel Knight's code for IPv6 support from
http://www.packetmischief.ca/code/netpacket/.
Thanks to Doug Farley for the bug report. (RT#57560)
0.42.0 March 25th, 2010
* Updated license to Artistic 2.0
* Fixed bad call to 'data()' in ICMP. Thanks to Ventz Petkov.
(RT#52627)
Features:
* Builtin root hints contain AAAA for I.ROOT-SERVERS.NET.
* unbound.h has extern "C" statement for easier include in c++.
* added feature to print configure date, target and options with -h.
* added feature to print event backend system details with -h.
* (ports and works on Minix 3.1.7). On Minix, add /usr/gnu/bin to PATH,
use ./configure AR=/usr/gnu/bin/gar and gmake.
* GOST enabled if SSL is recent and ldns has GOST enabled too.
Bug Fixes:
* Fix TCPreply on systems with no writev, if just 1 byte could be sent.
* Fix to use one pointer less for iterator query state store_parent_NS.
* Max referral count from 30 to 130, because 128 one character domains is valid DNS.
* added documentation for the histogram printout to syslog.
* Fix assertion failure reported by Kai Storbeck from XS4ALL, the assertion was wrong.
* updated ldns tarball.
* iana portlist updated.
* Unbound reports libev or libevent correctly in logs in verbose mode.
* Fix handling of corner case reply from lame server, follows rfc2308.
* Fix jostle list bug found by Vince (luoce at cnnic), it caused the qps in
overload situations to be about 5 qps for the class of shortly serviced
queries.
* Fix the max number of reply-address count to be applied for duplicate queries,
and not for new query list entries.
* Fix RFC4035 compliance with 2.2 statement that the DNSKEY at apex must be
signed with all algorithms from the DS rrset at the parent.
* Fix validation of qtype DNSKEY when a key-cache entry exists but no rr-cache
entry is used (it expired or prefetch), it then goes back up to the DS or
trust-anchor to validate the DNSKEY.
* log if a server is skipped because it is on the donotquery list, at verbosity
4, to enable diagnosis why no queries to 127.0.0.1.
* failure to chown the pidfile is not fatal any more.
* Neat function prototypes, unshadowed local declarations.
* Fix integer underflow in prefetch ttl creation from cache.
This fixes a potential negative prefetch ttl.
* Changed the defaults for num-queries-per-thread/outgoing-range.
* Fix ldns_rr_clone to copy question rrs properly.
* Fix ldns_sign_zone(_nsec3) to clone the soa for the new zone.
* Fix ldns_wire2dname size check from reading 1 byte beyond buffer end.
* Fix ldns_wire2dname from reading 1 byte beyond end for pointer.
* Fix crash using GOST for particular platform configurations.
* extern C declarations used in the header file.
* Removed debug fprintf from resolver.c.
* ldns-signzone checks if public key file is for the right zone.
* NETLDNS, .NET port of ldns functionality, in contrib.
* Fix handling of comments in resolv.conf parse.
* GOST code enabled if SSL recent, RFC 5933.
* bugfix #317: segfault util.c ldns_init_random() fixed.
* Fix ldns_tsig_mac_new: allocate enough memory for the hash, fix use of
b64_pton_calculate_size.
* Fix ldns_dname_cat: size calculation and handling of realloc().
* Fix ldns_rr_pop_rdf: fix handling of realloc().
* Fix ldns-signzone for single type key scheme: sign whole zone if there
are only KSKs.
* Fix ldns_resolver: also close socket if AXFR failed (if you don't,
it would block subsequent transfers).
* Fix drill: allow for a secure trace if you use DS records as trust
anchors.
1.6.5
* Catch \X where X is a digit as an error.
* Fix segfault when ip6 ldns resolver only has ip4 servers.
* Fix NSEC record after DNSKEY at zone apex not properly signed.
* Fix syntax error if last label too long and no dot at end of domain.
* Fix parse of \# syntax with space for type LOC.
* Fix ldns_dname_absolute for escape sequences, fixes some parse errs.
* bugfix #297: linking ssl, bug due to patch submitted as #296.
* bugfix #299: added missing declarations to host2str.h
* ldns-compare-zones -s to not exclude SOA record from comparison.
* --disable-rpath fix
* fix ldns_pkt_empty()
* fix ldns_resolver_new_frm_fp not ignore lines after a comment.
* python code for ldns_rr.new_question_frm_str()
* Fix ldns_dnssec_verify_denial: the signature selection routine.
* Type TALINK parsed (draft-ietf-dnsop-trust-history).
* bugfix #304: fixed dead loop in ldns_tcp_read_wire() and
ldns_tcp_read_wire_timeout().
* GOST support with correct algorithm numbers. The plan is to make it
enabled if openssl support is detected, but it is disabled by
default in this release because the RFC is not ready.
* Fixed comment in rbtree.h about being first member and data ptr.
* Fixed possibly leak in case of out of memory in ldns_native2rdf...
* ldns_dname_is_wildcard added.
* Fixed: signatures over wildcards had the wrong labelcount.
* Fixed ldns_verify() inconsistent return values.
* Fixed ldns_resolver to copy and free tsig name, data and algorithm.
* Fixed ldns_resolver to push search onto searchlist.
* A ldns resolver now defaults to a non-recursive resolver that handles
the TC bit.
* ldns_resolver_print() prints more details.
* Fixed ldns_rdf2buffer_str_time(), which did not print timestamps
on 64bit systems.
* Make ldns_resolver_nameservers_randomize() more random.
* bugfix #310: POSIX specifies NULL second argument of gettimeofday.
* fix compiler warnings from llvm clang compiler.
* bugfix #309: ldns_pkt_clone did not clone the tsig_rr.
* Fix gentoo ebuild for drill, 'no m4 directory'.
* bugfix #313: drill trace on an empty nonterminal continuation.
Pkgsrc changes:
- adjust dependencies
Upstream changes:
1.04
- fixed local $@ issue. this happens on some version of perl5.
1.03
- release to cpan
- fixed win32 issue(charsbar)
1.02_02
- use randomness on finding empty port(suggested by kazuhooku)
- try to connect the port before bind(Tatsuhiko Miyagawa)
1.02_01
- better cleanup code by RAII pattern.
https://rt.cpan.org/Ticket/Display.html?id=60657
(reported by dgl)
1.02
- lazy loading issue was fixed at Test::SharedFork 0.12.
Depend to it.
https://rt.cpan.org/Public/Bug/Display.html?id=60426
(reported by J.)
1.01
- remove unused deps for use_test_base().
1.00
- bump up version!
0.16_02
- oops. packaging miss.
0.16_01
- Do not depend to IO::Socket::INET 1.31.
Test::TCP works well with older IO, I hope.
(suggested by mst)
Changes:
2010/08/15: version 3.0.4 = tag release-3-0-4
7280: BT: fix make_torrent creates sometimes torrents without name argument
(ygrek)
7278: configure: more useful --enable-debug (ygrek)
- enable also for ocamlopt
- enable when profiling
7274: DC: Increase message buffer size to fix communication with bots
(somedamnthing)
2010/08/08
7267: http proxy authentication support (ygrek)
- new options http_proxy_login and http_proxy_password control authentication
for TCP CONNECT and plain HTTP requests through http proxy
2010/08/07
7273: Fix compile errors on Debian/kFreeBSD
7272: Configure: Use Ocaml 3.12.0 as default compiler
7269: Fix typos (glondu)
-------------------------------------------------------------------------------
2010/08/01: version 3.0.3 = tag release-3-0-3
2010/07/28
7262: BT: improve porttest (ygrek)
7254: BT/bandwidth controllers: accept incoming connections while downloading
- should improve upload when downlink is saturated (ygrek)
2010/07/24
7258: russian i18n mlnet_strings (Balamutick/ygrek)
2010/07/18
7253: Fix downloading Ocaml 3.12 archive, use lablgtk-2.12.0 for Ocaml < 3.10
7252: GTK2 GUI: Fix compile bug with lablgtk2-20100620 and Ocaml 3.12
7251: BT: OCaml 3.08.3 compatibility fix (ygrek)
7250: DC: discover self IP (ygrek)
7249: DC: fix parsing MyINFO with non-latin nicks (ygrek)
2010/07/17
7248: DC: correctly parse dchub:// entries in xml hublist (ygrek)
7247: BT tracker: remember tracked files after restart (ygrek)
2010/07/16
7245: HTML: Fix unstable option sections links position (ygrek)
7210: upload scheduler: correctly handle clock jumps (ygrek)
7219: fsync rename options files (ygrek)
2010/07/15
7208: New aliases (ygrek)
- "unpause", "continue" for command "resume"
- "man" for command "help"
7233: BT: Announce shared files when share_scan_interval = 0 (ygrek)
2010/05/26
7206: MinGW: Fix diskinfo on large partitions
2010/05/24
7201: DC: Whitespace fixes (ygrek)
7202: BT: Improve internal tracker (ygrek)
- continue tracking files even if there are no requests
- better logging and error reporting
- remove peer from peers list when it sends 'stopped' event
7203: Fix linking with binutils-gold
2010/05/23
7183: DC: magnet links and html ui usability tweaks (ygrek)
7180: DC: better encoding handling (ygrek)
- new option default_encoding for communications with hubs, default CP1252
7181: HTML: Fix sorting of friends' file list (ygrek)
7200: Allow compilation with upcoming Ocaml 3.12
-------------------------------------------------------------------------------
2010/04/25: version 3.0.2 = tag release-3-0-2
7175: DC: PtokaX compatibility (ygrek)
7169: Equal scales for graphical up/down stats (ygrek)
7167: Improve add_mail_brackets option description,
change default according to RFC (ygrek)
2010/04/11
7164: BT: more user-friendly tracker (ygrek)
- `compute_torrent` shows full path and url to generated torrent file
- `torrents` output htmlized
- corrected server header
- improved comments for tracker options
- search torrents in old directory too
7163: Fix not sending UDP packets when max_hard_upload_rate = 0 (ygrek)
2010/04/10
7162: filter longhelp output (ygrek)
- longhelp (or ??) with parameters will output only those commands that
contain all of the specified parameters as substring
2010/04/08
7161: bw_toggle: Add options "high" and "low"
- bw_toggle without options works as before
- if "high" is added, the *_2 option set is used if max_opened_connections_2
is higher than max_opened_connections, otherwise the option values are kept
- if "low" is added, the *_2 option set is used if max_opened_connections_2
is lower than max_opened_connections, otherwise the option values are kept
6959: DC: Fix invalid XML (ygrek)
- enhanced patch (use Xml.escape and properly escape attributes in Xml.to_string)
2010/04/04
7153: BT: correctly handle failed tracker requests (ygrek)
7155: DC: understand hublist.xml (ygrek)
2010/04/02
7151: BT: html ui tweaks (ygrek)
2010/04/01
7150: BT: track torrents created with compute_torrent (ygrek)
2010/03/27
7142: BT: max_uploaders_per_torrent option not restored from .ini files (xboct)
7140: MinGW: Fix linking with Ocaml 3.11.2
7139: BT: Some improvements and fixes (ygrek)
- Don't request sources from tracker (set numwant=0) if we don't need them e.g.
'stopped' event or when sharing
- Prevent client from repeatedly sending 'started' events for shared files
- Check that peer addresses, returned from tracker in compact format, are valid
and not blocked (same check as for non-compact format)
- Show torrent info_hash in html ui
7138: BT: Recognize more client brands (ygrek)
7137: Fix error in calculating average upload speed for client (ygrek)
7136: GTK2 GUI: start downloads from search results items
by double-click (soulcatcher)
2010/03/20
7128: BT: Fix ratio reporting (ygrek)
7127: Configure: Use Ocaml 3.11.2 as default compiler
7076: Support preallocating files on Unix systems (drwho)
Recent Linux kernels support fast preallocation when the filesystem is
XFS, EXT4 or BTRFS, this patch adds preallocation support when
posix_fallocate() is available
6968: GTK2 GUI: Fix switching server preferred status (dcoppa)
The most important change is in correcting handling of malformed data
in BGP sessions.
bgpd:
fix handling of AS path data
tighten bounds checking in RR ORF msg reader
ospfd:
Only refresh external default route once.
Make sure ospf_distribute_list_update_timer() eventually runs.
Make sure all external routes are updated.
zebra:
fix infinite loop when deleting an interface
ospf6d:
Fix crash when '[no] ipv6 ospf6 advertise prefix-list' is in startup-config
isisd:
change ISIS_METHOD to use C preprocessor
other:
build: ignore mkinstalldirs and texinfo.tex
build: Add QuaggaId to README.NetBSD
build/extra: Enhance README.NetBSD make/gmake decision.
git: add pointers to out-of-tree work
git: add (generated) m4 files to .gitignore
Update for git and emphasize asking for good reports.
doc: fixed spelling in bgpd.texi
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.
sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
Correct homepage.
Include hicolor-icon-theme.
Add descriptive description.
Increased version to 0.5.1. Sorry I can't find the changelog.
This provides a manual page.
Update okayed by maintainer, Roy (but over a month ago).
Requested by PR#43761 from Kamel Derouiche.
* Update user-agent string
* Fix metacafe.com code not working due to gdaKey again (fixes issue #185)
* Merge Gavin van Lelyveld's patch for --playlist-start option
* Put back -b option as a placeholder with a warning message
* Consider the file downloaded if the size differs in less than 100 bytes
(fixes issue #175)
* Reorganize request code to make it a bit more robust
* Properly detect YouTube error messages to print them on screen (fixes issue
#172)
Changelog:
security:
fixed a stack overflow vulnerability that occurred when command
line arguments (whole addresses, host names, file names) were longer
than 512 bytes.
Note that this could only be exploited when an attacker was able to
inject data into socat's command line.
Full credits to Felix Grobert, Google Security Team, for finding and
reporting this issue
abuse of the options framework
being here, update to 0.0.13
changes:
- Add support for IPv6
- Fix crc32 function conflict with libz.so
- Various bug fixing and code cleaning
- Validate the remote candidate address before adding it
Version 2.2.12
July 25, 2010
Changes:
* Mark cctv support as broken
Bugfixes:
* [youtube] http/404, ported from quvi, fix by Daniel Schaal (quvi #7)
* break.com support, thanks to Werner Elsler for the fix (#57)
NetBSD Packages Collection.
The Perl 5 module WebService::Google::Reader provides an interface
to the Google Reader service through the unofficial (as-yet
unpublished) API.
pkgsrc changes:
- adjust dependencies
Upstream changes since 1.710.10:
0.712
! #57409 SOAP::Lite installation problem
! #52015 defined(%hash) deprecated in Perl 5.11
! #39546 use of version.pm
! #52637 error sending a request in perl 5.10.0 containing
utf-8 data using the string data type
! #55962 Spelling errors
0.711
SOAP::Transport::JABBER, SOAP::Transport::MQ and SOAP::Tranport::FTP
are now in their own distributions.
! [2790747] Bugtracker specification in META.yml missing
! #45997: Inconsistency in SOAP::Serializer documentation
! #55618: HTTP_TRANSFER_ENCODING can be undefined in SOAP/Transpo
! [2946245] / #54106 Only last Cookie Set
! #50178: Win32 isuue with IO::SessionData and IO::SessionSet
! #41527: SOAP::Lite 0.69 with Apache2 HTTP Server module and mod_perl 2
returns 500 Internal
reports using CPAN::Reporter over TLS.
Net::SMTP::TLS is a TLS and AUTH capable SMTP client which offers an
interface that users will find familiar from Net::SMTP. Net::SMTP::TLS
implements a subset of the methods provided by that module, but certainly
not (yet) a complete mirror image of that API.
Upstream changes:
1.00 - Fri Jul 02 2010
- (je) Improve parsing performance significantly.
- (je) Improve parsing of quoted data and data with escape sequences.
- (je) Add error message to unparsable line callback.
- (je) Catch more errors with invalid data sections (invalid escapes,
bad quoting).
- (je) Add support for $GENERATE directives.
- (je) Add support for $ORIGIN directives.
- (je) Add method to help construct FQDNs from record names.
- (je) Support reversed CLASS/TTL entries in zonefiles.
- (je) Increase the number of unit tests (still incomplete).
Pkgsrc changes:
- set PERL5_MODULE_TYPE to Module::Build
- adjust dependencies
Upstream changes:
0.08 12.06.10
- adding is_txt
- switched to dzil, hope it works out
Changes include:
* Compile on Slackware again
* Use dynamically sized buffers for reading kernel link events
Fixes carrier status on Linux-2.6.35 64bit kernels
* Use the active link address on NetBSD-5
* Fix syslog support in dhcpcd-run-hooks
- Bug Fixes
o The SigComp Universal Decompressor Virtual Machine could
overrun a buffer. (Bug 4867)
Versions affected: 0.10.8 to 1.0.14, 1.2.0 to 1.2.9
CVE-2010-2287
o The GSM A RR dissector could crash. (Bug 4897)
Versions affected: 1.2.2 to 1.2.9
o Due to a regression the ASN.1 BER dissector could overrun the stack.
Versions affected: 0.10.13 to 1.0.14, 1.2.0 to 1.2.9
CVE-2010-2284
o The IPMI dissector could go into an infinite loop.
Versions affected: 1.2.0 to 1.2.9
- The following bugs have been fixed:
o Wireshark crashes after configuring new Information column.
(Bug 4854)
o Crash triggered when changing display filter from right-mouse
pop-up menu via packet-list. (Bug 4860)
o Wireshark crash selecting Inter-Asterisk exchange v2 packet
data. (Bug 4868)
o zlib-1.2.5 cause tshark to stop live capture. (Bug 4916)
o Crash when adding SNMP users. (Bug 4926)
o Wireshark via ssh -X on ipv6 link-local address fails to allow
capture. (Bug 4945)
o OMAPI dissector fails to parse combined initialization
messages. (Bug 4982)
o QUERY_FS_INFO for Macintosh level 0x301 - MacSupportFlags
decodes wrong. (Bug 4993)
o SCSI dissector misidentifies ATA PASSTHROUGH command as ACCESS
CONTROL IN. (Bug 5037)
o Wrong decoding of GTP Prime (GTP') packets. (Bug 5055)
- Updated Protocol Support
ASN.1 BER, GSM A RR, GTP, IAX2, IPMI, OMAPI, PRES, SCSI, SMB, UNISTIM
