support, from unex@linija.org via PR pkg/32901.
Changes:
* When SHA1HANDSOFF is defined, we shouldn't cast a pointer to a large union to
a char buffer, because of alignment required by some architectures.
* WITH_THROTTLING should actually be THROTTLING in src/log_extauth.c . It fixes
throttling with extauth. Reported and fixed by Marcus Merighi <mcmer@tor.at>
through Brad our beloved OpenBSD maintainer.
* Rendezvous has been renamed Bonjour.
* A double-close in the CHMOD command has been fixed.
* The old PAM sample has been removed.
* -F option added to pure-pw.
* MAX_USER_LENGTH has been bumped to 127 due to popular demand.
* pam/* can now be used if security/* doesn't exist. Fixes PAM detection on
MacOS X.
* Call tzset() in chrooted apps in order to get correct time zones in syslog
messages.
* simplify() simplifies paths ending by /. and /..
* MySQL's hash_password() needs 3 arguments since mySQL 4.1.
* Experimental support for RFC2640 (UTF-8 filename encoding) has been added,
derived from code by Jui-Nan Lin ===> added as "utf8" pkgsrc option.
* The LDAP schema has been changed: FTPStatus should be a boolean.
* New switch: -p (--pidfile=) for pure-authd and pure-uploadscript, by Old
Sparky.
* By popular request, even non-chrooted users are now denied access if their
home directory is not mounted.
* If die() is called during a TLS-enabled session, encrypt the death message.
Contributed by Cynix.
* Don't wrongly abort transfer during file upload. Fix by Patrick Gosling.
* WITH_LARGE_FILES is now defined by default.
* sendfile64() support on Linux.
* privsep and main processes were swapped out so that pure-ftpwho displays the
right pid.
* OPTS MLST has been implemented.
* SITE UTIME has been implemented.
* TCP_CORK is on by default again. A new configure switch, --without-cork, can
disable it.
* Correctly format %c and %% in fakesprintf().
* The connection socket is now created with the Nagle algorithm disabled. It
was the trick to dramatically improve performance when transfering a lot of
small files.
* Updated getopt_long() and realpath() substitutes.
* Allow logging to named pipes (thanks to Steve Marple).
* Use CLIENT_MULTI_STATEMENTS while connecting to a MySQL server.
* Documentation updates.
* MySQL errors are now logged.
Changes in version 0.1.0.17 - 2006-02-17
o Crash bugfixes on 0.1.0.x:
- When servers with a non-zero DirPort came out of hibernation,
sometimes they would trigger an assert.
o Other important bugfixes:
- On platforms that don't have getrlimit (like Windows), we
were artificially constraining ourselves to a max of 1024
connections. Now just assume that we can handle
as many as 15000 connections. Hopefully this won't cause
other problems.
o Backported features:
- When we're a server, a client asks
for an old-style directory, and our write bucket is empty,
don't give it to him. This way small servers can
continue to serve the directory *sometimes*,
without getting overloaded.
- Whenever you get a 503 in response to a directory fetch, try
once more. This will become important once servers start sending
503's whenever they feel busy.
- Fetch a new directory every 120 minutes, not every 40 minutes.
Now that we have hundreds of thousands of users running the old
directory algorithm, it's starting to hurt a lot.
- Bump up the period for forcing a hidden service descriptor upload
from 20 minutes to 1 hour.
nsca and send_nsca are remote/passive network service daemons for nagios.
These are orignally from the NetSaint package (NSCA = NetSaint Check Acceptor)
Nagios is a program that will monitor hosts and services on your
network. It has the ability to email or page you when a problem arises
and when it gets resolved. Nagios is written in C and is designed to
run under Linux, although it should work under most other *NIX variants.
It can run either as a normal process or as a daemon, intermittently
running checks on various services that you specify. The actual service
checks are performed by external "plugins" which return service
information to Nagios. Several CGI programs are included with Nagios
in order to allow you to view the current service status, history, etc.
via a web browser.
This package provides the core nagios infrastructure and web pages.
- fix a hairy bug in BirdWhoisClient::getResponse (how did that ever work?)
- make stripRipeComments more lenient against an APNIC comment style problem
Mbrowse is an SNMP MIB browser based on GTK and net-snmp.
SNMP v1 and v2c are supported.
Pkgsrc changes:
- The 'pre-configure' target avoids an irritating warning message during
the configure stage.
- patch-aa works around an "identifier undeclared" error.
patch-ab updates the configure script accordingly.
btpd is a bittorrent client consisting of a daemon and client commands,
which can be used to read and/or manipulate the daemon state. The daemon
is capable of running several torrents simultaneously and only uses one
tcp port. It's fairly low on resource usage and should be perfect for a
torrent distribution site. Efficient downloads and ease of use makes this
client a good choice for the casual user as well.
Packaged by Richard Nyberg.
Changes:
- Fixed a bug that would cause bogus reverse-DNS resolution on
big-endian machines. Thanks to Doug Hoyte, Seth Miller, Tony Doan,
and Andrew Lutomirsky for helping to debug and patch the problem.
- Fixed an important memory leak in the raw ethernet sending system.
Thanks to Ganga Bhavani (GBhavani(a)everdreamcorp.com) for
identifying the bug and sending a patch.
- Fixed --system-dns option so that --system_dns works too. Error
messages were changed to reflect the former (preferred) name.
Thanks to Sean Swift (sean.swift(a)bradford.gov.uk) and Peter
VanEeckhoutte (Peter.VanEeckhoutte(a)saraleefoodseurope.com) for
reporting the problem.
- Fixed a crash which would report this message:
"NmapOutputTable.cc:143: void NmapOutputTable::addItem(unsigned int,
unsigned int, bool, const char*, int): Assertion `row < numRows'
failed." Thanks to Jake Schneider (Jake.Schneider(a)dynetics.com)
for reporting and helping to debug the problem.
- Whenever Nmap sends packets with the SYN bit set (except for OS
detection), it now includes the maximum segment size (MSS) tcp
option with a value of 1460. This makes it stand out less as almost
all hosts set at least this option. Thanks to Juergen Schmidt
(ju(a)heisec.de) for the suggestion.
- Applied a patch for a Windows interface reading bug in the aDNS
subsystem from Doug Hoyte.
- Minor changes to recognize DragonFly BSD in configure
scripts. Thanks to Joerg Sonnenberger (joerg(a)britannica.bec.de)
for sending the patch.
- Fixed a minor bug in an error message starting with "eth_send of ARP
packet returned". Thanks to J.W. Hoogervorst
(J.W.Hoogervorst(a)uva.nl) for finding this.
Pkgsrc changes:
- Removed hacks.mk. Net::DNS should work on Mac OS 10.4 withouth this
workaround.
- The package has two options now: "inet6" and "online-tests".
- p5-Net-DNS requires an additional package, p5-Net-IP.
Relevant changes since version 0.49:
====================================
- many bug fixes (see Changes and rt.cpan.org)
Feature Net::DNS::Nameserver loop_once()
Uncommented the documentation of the loop_once() function and introduced
get_open_tcp() that reports if there are any open TCP sockets (useful
when using loop_once().
loop_once() itself was introduced in version 0.53_02
Feature async nameserver behaviour.
Fix IPv6 on AIX
Binding to the local interface did not work when local address was
specified as "0" instead of "::". The problem was identified,
reported and fixed by Achim Adam.
Feature
Net::DNS::RR::OPT
added the the size(), do(),set_do() and clear_do() methods.
Feature:
Added "ignqrid" as an attribute to the Resolver.
use as:
ok (my $res=Net::DNS::Resolver->new(nameservers => ['127.0.0.1'],
port => 5354,
recurse => 0,
igntc => 1,
ignqrid => 1,
),
When the attribute is set to a non-zero value replies with the
qr bit clear and replies with non-matching query ids are
happily accepted. This opens the possibility to accept spoofed
answers. YOU CAN BURN YOURSELF WITH THIS FEATURE.
It is set to 0 per default and remains, except for this changes file
an undocumented feature.
Fix: Makefile.PL: Minor tweak to recognize Mac OS X 10.4 not so relevant
since netdnslib is distributed with the code.
Feature: Calling the Net::DNS::Resolver::dnssec method with a non-zero
argument will set the udppacketsize to 2048. The method will
also carp a warning if you pass a non-zero argument when
Net::DNS::SEC is not installed.
Feature: IPv6 transport support
IPv6 transport has been added to the resolver and to the
nameserver code.
To use IPv6 please make sure that you have IO::Socket::INET6 version
2.01 or later installed.
If IPv6 transport is available Net::DNS::Resolver::Recurse will make
use of it (picking randomly between IPv4 and IPv6 transport) use
the force_v4() method to only force IPv4.
Feature: Binary characters in labels
RFC 1035 3.1:
Domain names in messages are expressed in terms of a sequence of
labels. Each label is represented as a one octet length field
followed by that number of octets. Since every domain name ends
with the null label of the root, a domain name is terminated by a
length byte of zero. The high order two bits of every length octet
must be zero, and the remaining six bits of the length field limit
the label to 63 octets or less.
Unfortunatelly dname attributes are stored strings throughout
Net::DNS. (With hindsight dnames should have had their own class
in which one could have preserved the wire format.).
To be able to represent all octets that are allowed in domain
names I took the approach to use the "presentation format" for
the attributes. This presentation format is defined in RFC 1035
5.1.
I added code to parse presentation format domain names that has
escpaped data such as \ddd and \X (where X is not a number) to
wireformat and vice verse. In the conversion from wire format to
presentation format the characters that have special meaning in a
zone file are escaped (so that they can be cut-n-pasted without
pain).
These are " (0x22), $ (0x24), (0x28), ) (0x29), . (0x2e) , ;
(0x3b), @ (ox40) and \ (0x5c). The number between brackets
representing the ascii code in hex.
Note that wherever a name occurs as a string in Net::DNS it is
now in presentation format.
For those that dealth with 'hostnames' (subset of all possible
domain names) this will be a completely transparent change.
Details:
I added netdnslib wich contains Net::DNS's own dn_expand. Its
implemented in C and the source is a hodgepodge of Berkeley based
code and sniplets from ISC's bind9 distribution. The behavior, in
terms of which chars are escaped, is similare to bind9.
There are some functions added to DNS.pm that do conversion from
presentation and wire format and back. They should only be used
internally (although they live in EXPORT_OK.)
For esotheric test cases see t/11-escapedchars.t.
This makes the package build on Darwin. Patch from DarwinPorts.
The modified header file is used internally, and never installed. So
no visible changes to dependent packages.
> FreeRADIUS 1.1.0 ; $Date: 2006/01/04 05:55:19 $, urgency=low
> Feature improvements
> * rlm_ldap has "set_auth_type" configuration option, which should
> address some configuration problems when using it.
> * Fix MIT Kerberos bug
> * Modules can be load balanced, both in isolation and redundantly.
> See doc/load-balance.txt for more information.
> * rlm_perl is now marked "stable"
> * N-tier certificate patch from Mohammed Petiwala.
> * Copied dictionaries from the CVS head (many, many, more vendors)
> * Enabled support for weird VSA formats, like Lucent and Starent.
> * Support encrypted IP address and integers, for Juniper clients.
> * Add PEAP machine authentication support in module "rlm_mschap".
> * Support User-Password field encryption in digest mode.
> * rlm_x99_token has become rlm_otp (with lots of changes).
> * Add rlm_sqlcounter to the list of stable modules.
> * Read MySQL specific options in sections [freeradius] and [client]
> from file "my.cnf".
> * Support the ${Cisco-AVPair[n]} syntax.
> * Execute modules in {Pre,Post}-Proxy-Type stanzas.
> * Add new options to radclient to run stress tests on the server.
> * New module "rlm_sql_log" to postpone the storage of accounting data
> in a SQL database. See rlm_sql_log(5) manpage.
> * New program "radsqlrelay" which sends the SQL logfile according to
> the SQL server's capabilities.
>
> Bug fixes
> * 306 (HUP when built with threads, but executed with -s)
> * 285 (more attributes in dictionary.cisco.vpn3000)
> * rlm_digest has a number of bug fixes to authentication types.
> * Don't leak memory in module "rlm_sql".
> * Update the dictionaries, so that VALUEs with the same name,
> but different numbers, aren't allowed.
> * Queue the request before looking for available threads.
> * Don't free the check items after we received the proxy reply.
> * Expand config variables in included files, too.
> * Check the return value of accounting modules and don't proxy
> invalid requests.
> * In rlm_passwd, don't close a file stream more than once.
> * Fix format string errors in rlm_sql.c, spotted by Primoz Bratanic.
> * Walk the whole string in when escaping strings in rlm_ldap.
> * Include crypt.h if it is available so we get a prototype for crypt(),
> spotted by Konstantin Kubatkin.
> * Removed (for almost all uses) length restrictions on vendor names
> and VALUE names.
> * Don't leak memory when proxying an Access-Challenge response.
> * Make the sleep time user-defined, so radrelay can send more than
> 7 requests/s.
> * Fix a memory leak in rlm_checkval.
> * radclient doesn't resend countless times packets with invalid
> signature.
> * Fix segfault and mem leak in rlm_pam.
> ####################### V 1.4.3.1:
>
> corrections:
> PROBLEM: UNIX socket listen accepted only one (or a few) connections.
> FIX: do not remove listening UNIX socket in child process
>
> PROBLEM: SIGSEGV when TCP part of SSL connect failed
> FIX: check ssl pointer before calling SSH_shutdown
>
> In debug mode, show connect client port even when connect fails
>
> ####################### V 1.4.3.0:
>
> new features:
> socat options -L, -W for application level locking
>
> options "lockfile", "waitlock" for address level locking
> (Stefan Luethje)
>
> option "readbytes" limits read length (Adam Osuchowski)
>
> option "retry" for unix-connect, unix-listen, tcp6-listen (Dale Dude)
> socat options -L, -W for application level locking
>
> options "lockfile", "waitlock" for address level locking
> (Stefan Luethje)
>
> option "readbytes" limits read length (Adam Osuchowski)
>
> option "retry" for unix-connect, unix-listen, tcp6-listen (Dale Dude)
>
> pty symlink, unix listen socket, and named pipe are per default removed
> after use; option unlink-close overrides this new behaviour and also
> controls removal of other socat generated files (Stefan Luethje)
>
> corrections:
> option "retry" did not work with tcp-listen
>
> EPIPE condition could result in a 100% CPU loop
>
> further changes:
> support systems without SHUT_RD etc.
> handle more size_t types
> try to find makedepend options with gcc 3 (richard/OpenMacNews)
Changes:
- flush cache when changing ftp:charset.
- show all queued commands on `queue' command.
- support open ranges for `mirror --size-range'.
- new setting dns:max-retries.
- change dns:fatal-timeout setting to accept time interval suffixes.
- prefer getaddrinfo over gethostbyname2.
- treat GNUTLS_E_UNEXPECTED_PACKET_LENGTH as EOF indicator - this fixes
secure ftp with ProFTPD server.
- fixed netrc usage when no user name is given.
Changes:
* Kopete
o Fix disconnects/crashes after connecting to a Yahoo webcam
o Don't send picture information packets to Yahoo buddies when
connecting into invisible state, as one might use these packets to
reveal your real connection state
o Don't crash when deleting several contacts that are in several
groups
o Fix escaping of HTML in Yahoo messages
* KPPP
o fix initialization problem with some modems (Qualcomm 3G CDMA)
o support higher connection speeds (921600 bps)
Changes:
4.00:
=====
- Added the '?' command to the runtime interaction system. It prints
a list of accepted commands. Thanks to Andrew Lutomirski
(luto(a)myrealbox.com) for the patch.
3.9999:
=======
- Generated a new libpcre/configure to cope with changes in LibPCRE
6.4
- Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
(http://standards.ieee.org/regauth/oui/oui.txt)
- Updated nmap-protocols with the latest IEEE internet protocols
assignments (http://www.iana.org/assignments/protocol-numbers).
- Updated the Nmap version number and related fields that MS Visual
Studio places in the binary. This was done by editing
mswin32/nmap.rc.
3.999:
======
- Added runtime interaction support to Windows, thanks to patches from
Andrew Lutomirski (luto(a)myrealbox.com) and Gisle Vanem
(giva(a)bgnett.no).
- Changed a couple lines of tcpip.cc (put certain IP header fields in
host byte order rather than NBO) to (hopefully) support Mac OS X on
Intel. Thanks to Kurt Grutzmacher (grutz(a)jingojango.net) for the
patch.
- Upgraded the included LibPCRE from version 6.3 to 6.4. There was a
report of version detection crashes on the new Intel-based MACs with
6.3.
- Fixed an issue in which the installer would malfunction in rare
issues when installing to a directory with spaces in it. Thanks to
Thierry Zoller (Thierry(a)Zoller.lu) for the report.
3.99:
=====
- Integrated all remaining 2005 service submissions. The DB now has
surpassed 3,000 signatures for the first time. There now are 3,153
signatures for 381 service protocols. Those protocols span the
gamut from abc, acap, afp, and afs to zebedee, zebra, and
zenimaging. It even covers obscure protocols such as http, ftp,
smtp, and ssh :). Thanks to Version Detection Czar Doug Hoyte for
his excellent work on this.
- Created a Windows executable installer using the open source NSIS
(Nullsoft Scriptable Install System). It handles Pcap installation,
registry performance changes, and adding Nmap to your cmd.exe
executable path. The installer source files are in mswin32/nsis/ .
Thanks to Google SoC student Bo Jiang (jiangbo(a)brandeis.edu) for
creating the initial version.
- Fixed a backward compatibility bug in which Nmap didn't recognize
the --min_rtt_timeout option (it only recognized the newly
hyphenated --min-rtt-timeout). Thanks to Joshua D. Abraham
(jabra(a)ccs.neu.edu) for the bug report.
- Fixed compilation to again work with gcc-derivatives such as
MingW. Thanks to Gisle Vanem (giva(a)bgnett.no) for sending the
patches
3.98BETA1:
==========
- Added run time interaction as documented at
http://www.insecure.org/nmap/man/man-runtime-interaction.html .
While Nmap is running, you can now press 'v' to increase verbosity,
'd' to increase the debugging level, 'p' to enable packet tracing,
or the capital versions (V,D,P) to do the opposite. Any other key
(such as enter) will print out a status message giving the estimated
time until scan completion. This only works on UNIX for now. Do we
have any volunteers to add Windows support? You would need to
change a handful of UNIX-specific termio calls with the Windows
equivalents. This feature was created by Paul Tarjan
(ptarjan(a)stanford.edu) as part of the Google Summer of Code.
- Reverse DNS resolution is now done in parallel rather than one at a
time. All scans of large networks (particularly list, ping and
just-a-few-ports scans) should benefit substantially from this
change. If you encounter any problems, please let us know. The new
--system_dns option was added so you can use the (slow) system
resolver if you prefer that for some reason. You can specify a
comma separated list of DNS server IP addresses for Nmap to use with
the new --dns_servers option. Otherwise, Nmap looks in
/etc/resolve.conf (UNIX) or the system registry (Windows) to obtain
the nameservers already configured for your system. This excellent
patch was written by Doug Hoyte (doug(a)hcsw.org).
- Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts. Since virtually all
host IP stacks properly drop these packets, any responses received
are likely coming from a firewall or IDS that didn't bother to
verify the checksum. For more details on this technique, see
http://www.phrack.org/phrack/60/p60-0x0c.txt . The author of that
paper, Ed3f (ed3f(a)antifork.org), is also the author of this patch
(which I changed it a bit).
- The 26 Nmap commands that previously included an underscore
(--max_rtt_timeout, --send_eth, --host_timeout, etc.) have been
renamed to use a hyphen in the preferred format
(i.e. --max-rtt-timeout). Underscores are still supported for
backward compatibility.
- More excellent NmapFE patches from Priit Laes (amd(a)store20.com)
were applied to remove all deprecated GTK API calls. This also
eliminates the annoying Gtk-Critical and Gtk-WARNING runtime messages.
- Changed the way the __attribute__ compiler extension is detected so
that it works with the latest Fedora Core 4 updates (and perhaps other
systems). Thanks to Duilio Protti (dprotti(a)fceia.unr.edu.ar) for
writing the patch. The compilation error message this fixes was
usually something like: "nmap.o(.rodata+0x17c): undefined reference
to `__gthrw_pthread_cancel(unsigned long)"
- Added some exception handling code to mswin32/winfix.cc to prevent
Nmap from crashing mysteriously when you have WinPcap 3.0 or earlier
(instead of the required 3.1). It now prints an error message instead
asking you to upgrade, then reduces functionality to connect()-only
mode. I couldn't get it working with the C++ standard try/catch()
blocks, but as soon as I used the nonstandard MS conventions
(__try/__except(), everything worked fine. Shrug.
- Stripped the firewall API out of the libdnet included with Nmap
because Nmap doesn't use it anyway. This saves space and reduces the
likelihood of compilation errors and warnings.
- Modified the previously useless --noninteractive option so that it
deactivates runtime interaction.
3.96BETA1:
==========
- Added --max_retries option for capping the maximum number of
retransmissions the port scan engine will do. The value may be as low
as 0 (no retransmits). A low value can increase speed, though at the
risk of losing accuracy. The -T4 option now allows up to 6 retries,
and -T5 allows 2. Thanks to Martin Macok
(martin.macok(a)underground.cz) for writing the initial patch, which I
changed quite a bit. I also updated the docs to reflect this neat
new option.
- Many of the Nmap low-level timing options take a value in
milliseconds. You can now append an 's', 'm', or 'h' to the value
to give it in seconds, minutes, or hours instead. So you can specify
a 45 minute host timeout with --host_timeout 45m rather than specifying
--host_timeout 2700000 and hoping you did the math right and have the
correct number of zeros. This also now works for the
--min_rtt_timeout, --max_rtt_timeout, --initial_rtt_timeout,
--scan_delay, and --max_scan_delay options.
- Improved the NmapFE port to GTK2 so it better-conforms to the new
API and you don't get as many annoying messages in your terminal
window. GTK2 is prettier and more functional too. Thanks to Priit
Laes (amd(a)store20.com) for writing these
excellent patches.
- Fixed a problem which led to the error message "Failed to determine
dst MAC address for target" when you try to run Nmap using a
dialup/PPP adapter on Windows rather than a real ethernet card. Due
to Microsoft breaking raw sockets, Nmap no longer supports dialup
adapters, but it should now give you a clearer error message than
the "dst MAC address" nonsense.
- Debian GNU/kFreeBSD is now supported thanks to a patch to libdnet's
configure.in by Petr Salinger (Petr.Salinger(a)t-systems.cz).
- Tried to update to the latest autoconf only to find that there
hasn't been a new version in more than two years :(. I was able to
find new config.sub and config.guess files at
http://cvs.savannah.gnu.org/viewcvs/config/config/ , so I updated to
those.
- Fixed a problem with the -e option when run on Windows (or UNIX with
--send_eth) when run on an ethernet network against an external
(routed) host. You would get the message "NmapArpCache() can only
take IPv4 addresses. Sorry". Thanks to KX (kxmail(a)gmail.com) for
helping to track down the problem.
- Made some changes to allow source port zero scans (-g0). Nmap used
to refuse to do this, but now it just gives a warning that it may not
work on all systems. It seems to work fine on my Linux box. Thanks
to Bill Dale (bill_dale(a)bellsouth.net) for suggesting this feature.
- Made a change to libdnet so that Windows interfaces are listed as
down if they are disconnected, unplugged, or otherwise unavailable.
- Ceased including foreign translations in the Nmap tarball as they
take up too much space. HTML versions can be found at
http://www.insecure.org/nmap/docs.html , while XML and NROFF versions
are available from http://www.insecure.org/nmap/data/man-xlate/ .
- Changed INSTALL and README-WIN32 files to mostly just reference the
new Nmap Install Guide at http://www.insecure.org/nmap/install/ .
- Included docs/nmap-man.xml in the tarball distribution, which is the
DocBook XML source for the Nmap man page. Patches to Nmap that are
user-visible should include patches to the man page XML source rather
than to the generated Nroff.
- Fixed Nmap so it doesn't crash when you ask it to resume a previous
scan, but pass in a bogus file rather than actual Nmap output. Thanks
to Piotr Sobolewski (piotr_sobolewski(a)o2.pl) for the fix.
version 0.4.3. Changes since 0.7.6/0.3.6:
- New throttle implementation
- Improved config file parser
- Settings for using a http proxy and changing the process's umask.
- Many more bug fixes and improvements
New features:
- Browse Host (HTML and Gnutella), TLS and IPv6 support.
- Chinese and Greek translations of the user interface.
- D-BUS plugging.
- Added hot keys: F2, F8 and F9 (see menu View->...).
- Searches are now created with a configurable expiration date.
Improvements:
- Optimization of the UTF-8 processing.
- Better filename conversion to locale, with automagic charset detection.
- General performance improvements in QRP and search filters.
- Full "nl" translation.
- Sorting persistence.
Under the hood:
- Buffering of downloaded data to avoid excessive disk fragmentation
- Support for the epoll()/kqueue() system calls.
- More optimistic PARQ ETA, and PARQ back-off when QUEUE are unanswered.
- NFS-compatible session locking if anyone cares.
- Nifty property browser.
in the Prelude hybrid IDS system. This snort version will report alerts
to the coonfigured Prelude manager. The overhead of this reporting option
is comparable to barnyard.
This is one of several new Prelude packages.
Packages Collection.
DNSdoctor is intended to help solving misconfigurations or
inconsistencies in DNS zones by looking for potential errors, give
you a description of the problem and refer you to RFC or other
documents.
Changes:
- updated SCTP implementation.
- added new retransmission policy for sending fast retransmissions to
the same destination and timeout retransmissions to an alternate
destination
- added experimental feature: changePrimaryThresh_ sets a threshold for
when the primary destination is changed automatically
- added the ability to specify one of three dormant state actions
- added the ability to track the number of times fast retransmit,
multiple fast retransmit, and timeouts are invoked
- new TCL bindable variables: initial RTO, min RTO, max RTO, fast rtx
trigger, and sack delay
- bug fixes.
2005.11.28 - 0.11 - Sebastien Aperghis-Tramoni (SAPER)
- [CODE] Added the pcapinfo command.
- [DIST] Cygwin installation was simplified and should now Just Work.
- [TESTS] Improved the whole test suite to make it use the best device
it can find (was needed for Cygwin & Win32).
- [DOC] Corrected a few typos thanks to Test::Spelling.
- [DOC] Small documentation nits.
2005.11.xx - 0.10 - Sebastien Aperghis-Tramoni (SAPER)
- [BUGFIX] lookupnet() wasn't exported by :functions.
- [BUGFIX] Fixed findalldevs() emulation.
- [BUGFIX] Replaced several newSViv() with newSVuv() to respect the actual
unsigned nature of several fields.
- [TESTS] Fixed 03-openlive.t for Darwin/Mac OS X.
- [TESTS] RT#15342: lookupnet() fails if the device returned by lookupdev()
has no IP configured. Thanks to
- [TESTS] RT#15343: warnings when running t/14-datalink.t
- [TESTS] Fixed another corner case in t/02-lookup.t thanks to Rafael Garcia-Suarez.
- [TESTS] t/Utils.pm now sets the environment to C. Thanks to Karl Y. Pradene.
2005.10.26 - 0.09 - Sebastien Aperghis-Tramoni (SAPER)
- [BUGFIX] Restored compatibility with older versions of libpcap, namely the
traditional ones founds on BSD systems.
- [FEATURE] Added Microsoft Visual C++ 7 compatibility, thanks to Max Maischen
and Jean-Louis Morel.
- [CODE] Added new detection routines for looking which functions are actually
available on the host system.
- [CODE] Upgraded to Devel::PPPort 3.06_03
- [TESTS] Renamed t/CheckAuth.pm to t/Utils.pm, added function is_available().
- [TESTS] Changed the way the test utility module is loaded.
- [TESTS] Updated several test files so they skip the tests that depend on
a function that may be unavailable.
- [TESTS] Fixes several corner cases thanks to the benevolent testing of
Philippe Bruhat, David Morel and Scott Lanning.
2005.10.05 - 0.08 - Sebastien Aperghis-Tramoni (SAPER)
- [BUGFIX] RT#6320: loop() conflicts with alarm(). Thanks to RafaZ: Garcia-Suarez
for the patch. Also applied to dispatch() and next().
- [BUGFIX] setnonblock() and getnonblock() now checks that $err is a reference.
- [BUGFIX] Merged Jean-Louis Morel patch: modification of the detection code in
Makefile.PL for Win32; fixes for compiling with Microsoft compiler;
simplification of lookupdev().
- [BUGFIX] Restored compatibility with Perl 5.6, 5.5 and 5.4
- [BUGFIX] Fixed memory leak in lookupdev().
- [BUGFIX] Some XS wrappers (compile(), dispatch(), stats()) now resets the error
string before calling the underlying functions.
- [FEATURE] Now tries to use XSLoader if available, then falls back to DynaLoader.
- [FEATURE] Improved findalldevs(). See documentation.
- [FEATURE] Added wrapper for freecode(), dump_flush(), dump_file().
- [DIST] Improved detection code in Makefile.PL.
- [TESTS] Updated t/05-dump.t, t/12-next.t in order to increase code coverage (94%).
What remains uncovered is cargo-cult defensive, hence untestable, code.
- [TESTS] Updated t/01-api.t, t/05-dump.t, t/08-filter.t, t/10-fileno.t,
t/13-dispatch.t, t/16-setnonblock.t
- [TESTS] Updated all test scripts in order to suppress warnings.
- [TESTS] Moved the the check whether pcap can be used in t/CheckAuth.pm and
added Win32 specific code, supplied by Jean-Louis Morel.
- [TESTS] Added t/rt-6320.t for checking the bugfix of RT#6320.
- [TESTS] Added t/distchk.t
2005.09.23 - 0.07 - Sebastien Aperghis-Tramoni (SAPER)
- [BUGFIX] RT#7455: Memory corruption when using Net::Pcap::Compile()
- [BUGFIX] Merged Win32 fix to pcap_lookupdev() from JLM/0.04.02
- [FEATURE] Added wrappers for lib_version(), open_dead(), set_datalink(),
datalink_name_to_val(), datalink_val_to_name(), datalink_val_to_description()
- [FEATURE] Added support for all DLT_*, MODE_*, PCAP_* and useful BPF_*
numeric macros using ExtUtils::Constant.
- [FEATURE] Added const qualifiers when appropriate.
- [FEATURE] Added ppport.h
- [DIST] Added libpcap detection using have_library() from XML::LibXML::Common
- [TESTS] Fixed scripts t/10-fileno.t,
- [TESTS] Added t/17-lib_version.t, t/18-open_dead.t, 19-breakloop.t
- [TESTS] Updated t/14-datalink.t
- [DOC] Updated documentation.
2005.09.15 - 0.06 - Sebastien Aperghis-Tramoni (SAPER)
- [FEATURE] RT#7594: added pcap_setnonblock() and pcap_getnonblock(). Thanks
to Ernesto Domat for the patch.
- [FEATURE] Changed the warning returned by stats() in order to be uniform
with other similar warnings
- [TESTS] Completely rewrote the tests suite using Test::More and better
(and portable) methods to skip tests when appropriate.
- [TESTS] Added t/podcover.t, t/pod.t, t/portfs.t
- [TESTS] Added t/15-is_swapped.t, t/16-setnonblock.t
- [DIST] Updated Makefile.PL
- [DOC] RT#7671: documentation typo
- [DOC] Updated the documentation.
In the process of the development of Asterisk a new protocol has gathered
the attention among the VoIP users - the Inter-Asterisk eXchange, or IAX
(TM), Protocol, used as a the native communication protocol between
Asterisk PBX Servers. What is particularly good in it is that it requires
only one UDP port per endpoint to create a successful communication channel
for VoIP calls. This makes it much friendlier for users behind NAT, which
is not the case with SIP and H.323 - they required specific router
configurations for their channel establishment, thus hindering faster
spread of VoIP on the home and corporate desktop.
*** Security Fix ***
Changes 5.3:
*** Important Notes ***
Several very significant changes have been made in Net-SNMP for this
release that warrant special attention.
- shared library version number no longer matches the release number. We
now follow the versioning scheme recommended by libtool. For the 5.3
release this means that the libraries now have a SONAME ending with
".so.10", e.g. libnetsnmp.so.10.
- snmpd has not been truncating log files at startup, as documented in
the man pages, for a while now. This default behaviour has been restored.
Please use the '-A' flag if you want to continue appending to your log
files at startup.
- snmptrapd will no longer accept all traps by default. It must be
configured with authorized SNMPv1/v2c community strings and/or SNMPv3
users. Non-authorized traps/informs will be dropped.
- Due to a copyright statement that didn't allow modifications,
snmpnetstat has been completely rewritten. The new version now
accepts the same command-line options as the other tools, which
has introduced a number of incompatible changes. However, it
does now finally support SNMPv3.
And set it in the make environment.
This fixes installation of man page as seen on DragonFly bulk build.
Revision not bumped since no change for systems where this worked before.
requires more than the default 64. Bump PKGREVISION to 1.
Fixes PR pkg/32602.
I guess the real solution could be to modify mldonkey's source to unlimit
this value itself, but I don't want to deal with (i.e., learn) ocaml code...
This fixes vulnid:1747 (denial-of-service vulnerability).
18-Jan-2006 Don Moore <bboy@bboy.net> [1.1.0]
- Implemented RFC 2136 (DNS UPDATE). See the manual for usage instructions.
- Fixed minor bug in admin.php where if db_get_settings() failed, it might
display an error message without consistent formatting.
- Added two additional fields to the --verbose query log. The opcode of the
query (QUERY or UPDATE), and a quoted field containing a description of the
UPDATE performed, if the opcode was UPDATE.
- Updated contrib/stats.php to handle new log fields.
- Fixed bug in --dump-config -- if present, fields without default values
("no-listen", "soa-where", "rr-where", and "recursive") were not being
dumped.
- Made --dump-config dump ALL possible configuration options, even if no value
was originally specified. As such, MyDNS will no longer warn the user when
a config option doesn't have a value. It will be silently ignored.
- Including <inttypes.h> after a suggestion by Christian Tschenett, to help
things out on 64-bit platforms like OSX. If this creates problems on your
platform, please let me know.
- Modified admin.php to allow a backslash in the 'mbox' field, immediately
preceding a dot. This is used in DNS to indicate the presence of a dot in
the username part of the administrator's email address. There was an
additional bug report from Andreas Grip that MyDNS was replying with the
slashes doubled up in this case, but it appears to be a problem with the
"dig" program, not MyDNS.
- Fixed bug with "rr-where" clause -- conf.c was using "soa-where" instead.
David Darville first reported this bug. Michael Gile submitted it two
minutes later, with a patch.
- Added "create_domain.pl" to the contrib/ directory. Thanks to Gerard de
Brieder for this script. See contrib/README for more information.
- Fixed bug in src/lib/rr.c (mydns_rr_load) that caused a segfault if origin
was NULL (it was designed to allow NULL, but this version is the first to
ever call it in that way).
- Added support for NAPTR (RFC 2915) records. Users with existing MyDNS
databases will need to alter their tables to allow "NAPTR" in the "type"
column if they want to use NAPTR.
- Renamed library functions mydns_parse_rr() and mydns_parse_soa() to
mydns_rr_parse() and mydns_soa_parse(), for consistency.
- Library functions mydns_rr_dup() and mydns_soa_dup() now fail (terminating
the program) if out of memory.
- Moved routines that parse data for individual RR types (RP, SRV, and NAPTR)
into individual functions from mydns_rr_parse for clarity.
- Fixed bug where AXFR might transmit incorrect information if a FQDN is used
in the 'name' field.
- Fixed AXFR bug with ALIAS enabled. Thanks to Sven Wegener for the patch.
- Created file "README.mysql" to address various problems common while
compiling with MySQL support.
- Fixed "use of cast expressions as lvalues is deprecated" warning (caused
compilation abort with --enable-debug).
- Added hostname to beginning of SIGUSR1 status output.
- Renamed "update" column in the soa table to "update_acl"; how could I be so
stupid as to name a column "update"?!
- Fixed a critical denial-of-service vulnerability.
2006/01/19: version 2.7.3 = tag release-2-7-3
4791: web_infos: New type geoip.dat, save files to local disk,
re-download only if file on server is newer
- now all files except type "rss" in web_infos are saved to local disk
if not present or server version is newer
- MLDonkey uses HTML header last-modified to check if a file has been updated
- downloaded file timestamp is changed to last-modified time
- show number of IP blocking ranges in runinfo
- new web_infos kind: geoip.dat
- automatically add geoip.dat to web_infos
- support for *.gz|bz2|zip compressed GeoIP.dat files
4811: EDK: Print warning when starting a file too big for filesystem,
clean Ux32 logging
4810: Update search results with highest avail/completesources tags (zet)
2006/01/16
4803: BT: force uniqueness of added trackers by "trackers" command (pango)
4801: EDK: add more server info fields (html and guiprot) (zet)
4798: Fix thread recognition on *BSD
2006/01/15
4797: EDK: Always put server connect requests in connection queue,
whether max_opened_connections is reached or not
Connection will be established later when a socket is available
2006/01/14
4796: Windows: Log proper warning when MaxUserPort is reached (thx to Enig)
4795: Mailer: Fix Subject encoding (bogeyman)
4716: BT: new command "tracker" to add trackers (bogeyman)
2006/01/12
4792: GeoIP: Add license (distrib/GeoIP_LICENSE.txt, runinfo)
This product includes GeoLite data created by MaxMind,
available from http://maxmind.com/
4776: EDK: Avoid LowID if max_indirect_connections is reached (thx to zet)
4787: EDK: Show server version (ported from Mulus - thx to Knocker),
disconnect blocked server after loading IP blocklist
2006/01/11
4790: Some logging stuff
4781: Disconnect connected server before removing
4782: Configure: Replace AC_CHECK_FILE with "test -d" to allow cross-compile
2006/01/09
4770: Change file opening mechanism, open rw only when needed (pango)
new verbosity option "file" to control Unix32 file handling
4777: Display IP:port for LowID clients, GUI protocol update (zet)
2006/01/07
4769: HTML: Fix some Geoip display bugs
2006/01/06
4768: Dynamic loop delay (pango)
4765: Add GeoIP.dat support (zet)
GeoIP is a GPL database that maps IPs to countries.
http://www.maxmind.com/download/geoip/database/
This patch adds support for a "geoip_dat" option.
It is a simple ocaml translation of just the geoip country lookup code.
If active, the file is left open and consulted on demand.
It didn't seem to slow anything down on my slow system.
Sends the country # to the gui, use latest Sancho version to use it.
Web: displays country codes in a column (name in tooltip).
Maybe someone wants to add flag images (please make them optional).
"extract" script for extraction. Many cases where a custom EXTRACT_CMD
simply copied the distfile into the work directory are no longer
needed. The extract script also hides differences between pax and
tar behind a common command-line interface, so we no longer need code
that's conditional on whether EXTRACT_USING is tar or pax.
Avoid union shm on DragonFly, it conflicts with system provided version.
Hack around some namespace pollution in arpa/inet.h inherited from
FreeBSD which results in G_LOCK(inet_ptona) being partly mapped to
G_LOCK(__inet_ptona), but not consistently.
* Fixed a crash when using NTLM connections [316313, probably
also 318252]. (Also 321208, which was a bug introduced in
the original fix for 316313.)
* Fixed a bug that could cause soup to suck up all available
CPU when a connection to a SoupServer was dropped by the
other side [319305, patch from Jonathan Matthew]
* Fixed the creation of struct elements in XMLRPC messages
[321362, patch from Sebastian Bauer]
* Plugged a small memory leak in SoupSocket (from Wang Xin).
* Fixed two compile problems, a gccism [320349, patch from
Roland Illig], and a strict-aliasing warning from gcc 4.1.
* Correctly resolve nested symlinks without accessing
invalid memory
* Synch xdgmime with upstream to fix handling of the
mime cache
* Improve parsing of files which have names that match dates,
years or times of day.
* Correctly return GNOME_VFS_ERROR_CANCELLED if an
authentication was cancelled in the ftp, sftp and smb method
* Fix problem with multiple cd volumes
* Add logic for Win32 so we won't return crap like /x:/foo/bar.zap
and fix handling of file overwrites.
* Version 1.1:
- The non-preemptive mode should work flawlessly.
- Syslog facilities can now be changed.
- Self-sent packets are now filtered out.
- Portability has been improved.
Add ssl (default off) and tcpwrappers (default on) options.
Changes:
- Improve logging (log deletes, renames, chmods, etc. as requested by users).
- Add no_log_lock to work around Solaris / Veritas locking hangs.
- Add EPRT, EPSV, PASV and TVFS to FEAT response.
- Implement use of MDTM to set timestamps.
- Recognize FEAT prior to login.
- Add OpenSSL (AUTH TLS / SSL) support for encrypted control and data
connections! Hurrah.
- Increase max size of .message files to 4000 characters, thanks to Eric
Pancer for the report.
- Add easy builddefs.h ability to disable PAM builds even when PAM is installed.
- Report vsftpd version in STAT output.
- Add REFS file.
- Change parent<->child socket comms from DGRAM to STREAM for increased
reliability. The main benefit is should the parent be killed (or crash out)
then the child won't block on a read() that will never return.
- Make str_reserve reserve space for the trailing zero as well, so we don't
cause a reallocation if we exactly fill the buffer.
- Optimize the sending of strings over the parent<->child comms links.
- Improve the build system so tcp_wrappers, PAM and OpenSSL can be forcibly
compiled out.
- Fix vsftpd.conf.5 typos, thanks to Dmitry V. Levin
- If trans_chunk_size is between 1 and 4096, use 4096 rather than ignoring
totally. Thanks to Brad
- Lose Makefile.sun and README.solaris special cases.
- Add SSL / TLS info to SECURITY texts.
- Add README.ssl
- Add documentation for new SSL options to vsftpd.conf.5.
- Add support for CWD ~ (and in general support ~ at start of any filename).
Also support stuff like ~chris/pics, if tilde_user_enable=YES is set. Note that
all of this is for very very broken clients :-(
- Fix compile warnings.
- Update INSTALL with (recent) OS X as a working platform.
At this point: v2.0.0 released!
===============================
- Add -lcrypto for the SSL build; needed for some systems! Thanks to Nelson
Chang
- Oops; fix session bale out if an empty length password is given.
- Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so).
- Fix vsftpd.conf.5 man page error in "ssl_sslv3", thanks to Etienne Chevillard
- Clarify licensing: I allow linking of my GPL software with the OpenSSL
libraries. Thanks to Jonas Bofjall
- Add COPYRIGHT.
- Fix build on OpenBSD, FreeBSD, probably NetBSD too (they aren't SuSv2
compliant; timezone should be a variable not a function).
- Fix build where PAM build is enabled but PAM headers are missing.
- Fix build on RHEL3 (remove errant include from twoprocess.c).
At this point: v2.0.1 released!
===============================
- Fix FAQ typo, thanks to Jose Santiago Oyervides Gonzalez
- Emit data transfer status messages (success / failure) after flushing and
waiting for the full data transfer to reach the client. This should help work
around buggy FTP clients such as FlashFXP, which is known to truncate files
incorrectly.
(v2.0.2pre1)
- Make str_empty actually allocate an empty string.
- Change the ASCII receive code to ONLY rip out \r if it is just before a \n;
someone finally complained about this.
(v2.0.2pre2)
- Enable AIX Large File Support #define from Tomas gren
- Add a couple of FAQ entries.
- Fix time delta code areas to cope with negative deltas, which will occur
if the clock is adjusted backwards. Thanks to Andrew Anderson
for a great report.
- Fix "errno" checks to be robust in multiple places; previously, calls to
failing library calls could be made inbetween the original library call and
the "errno" reads. Thanks to Andrew Anderson for a great
report.
- Make bandwidth limiter work with SSL data connections.
(v2.0.2pre3)
- Note that the SSL / bandwidth limiter bug fixed a much more serious bug:
SSL data connection dropouts after data_connection_timeout seconds.
- Typo fixes.
At this point: v2.0.2 released! (need to get the SSL dropout fix out)
=====================================================================
- Document what regex expressions are supported in the man page.
- New settings rsa_private_key_file and dsa_private_key_file to allow
separate files for the certificates and private keys.
- Initial, simple fix for timed out processes not exiting when SSL is in use.
Better fix (which reports timeout to client properly) to follow.
- Add which setsockopt option failed to die("setsockopt") calls.
- Fix when running on recent OpenBSDs - OpenBSD change broke vsftpd. Lower
linger timeout from INT_MAX to 32767 (SHORT_MAX). Reported by
Ewoud van der Vliet and Ed Vazquez (v2.0.3pre1)
- Fix error with IPv4 connections to IPv6 listeners and PORT type data
connections when connect_from_port_20 is set. RedHat bugzilla 134541. Reported
by Joe Orton, Radek Vokal and Andreas Kupfer
- Remove vsf_sysutil_sockaddr_same_family (unused).
- Support protocol 1 (IPv4) in EPRT.
- Add ssl.c to AUDIT.
- Allow config file to use "ssl_ciphers=" to use default OpenSSL cipher list.
- Allow "EPSV 1" to mean IPv4 EPSV.
- Report dummy IP but correct port with IPv6 / PASV.
- Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read and SSL_write;
fixes SSL upload failures when data timeouts are in use with some clients.
Specifically, I used the test case FileZilla 2.2.12a on Windows XP. Reported
by Lee Lawrence (using CuteFTP and BackupEdge) and
Christian DELAIR (using lftp, FileZilla and
SmartFTP). Thanks to these two people for valuable help.
(v2.0.3pre2)
- Implicitly disable connect_from_port_20 and chown_uploads when a non-root
user is using run_as_launching_user.
- Add force_anon_logins_ssl and force_anon_data_ssl for a fully SSL secure
anonymous-only solution (useful when you don't have root access and a range
of acceptable anonymous passwords as credentials).
- Use SSL BIO callbacks to fix data connection timeout checks; the checks
weren't all occurring promply.
At this point: v2.0.3 released! (need to get about three imporant fixes out)
============================================================================
- Add explicit "This FTP server does not allow anonymous logins" message.
- Add paranoid checks to sysutil.c for large values / lengths.
- Fix incorrect comment about ASCII and SIZE in the vsftpd.conf example.
- Load per-IP config files earlier; allows more settings to be tuned on a
per-IP level. Suggested by Reber Tobias
- Fix MDTM on non-existant files. Reported by Ken A
- {} regex fix so that {*} correctly matches everything. Reported by
Tom Van de Wiele
- Add "mdtm_write" option to disable MDTM being able to set file timestamps.
- Fix HPUX build, thanks to Kevin Vajk
- Add optional file locking support via lock_upload_files (default on).
- Apply LDFLAGS patch from Mads Martin Joergensen
- Add pasv_addr_resolve option to allow pasv_address to get DNS resolved once
at startup.
- Apply patch to fix timezone issues (caused by chroot() interacting badly with
newer glibc versions). Thanks to Dmitry V. Levin and
Mads Martin Joergensen
At this point: v2.0.4 released!
===============================
version 3.3.0
New features:
* YTalk now recognizes GNU talk (gtalk)
* Much improved VT100 support
Changes:
* YTalk is now released under the GNU GPL
* The X11 interface has been removed since no one was using it
and it had grown way too outdated
* Unidentified talk clients are now called "BSD talk",
since talk(1) originally appeared in 4.2BSD.
* Moved to GNU automake
* Re-indented sources with hard tabs
* Added a couple of tests (run with 'make check')
Bug fixes:
* YTalk now tolerates stacking invite/import requests
* Fixed a build problem on systems without snprintf()
* Once again use $HOME when looking for personal ytalkrc
version 3.2.0
New features:
* Added far-right "stomping", fixes procps top(1) among other things
* Separated handling of CR and LF, makes a lot of programs work better
* Added support for 'G' escape sequence used by Gentoo's init scripts
* Added "escape-yesno" patch from FreeBSD that optionally requires
that you press <escape> before answering yes/no questions
* Added a "YTALK_VERSION" environment variable to subshells
Changes:
* --with-x is now --enable-x
Bug fixes:
* Fixed an endless loop in curses titlebar code
* We now use snprintf() instead of sprintf() if available
* Restored limit on auto-invite hostnames from 16 to 64 characters
version 3.1.6
Changes:
* Don't even build pty allocation code if system has openpty()
* Made all debugging code strictly optional, add --enable-debug
to ./configure if you want it
Bug fixes:
* Fixed a crash when resizing YTalk in an XTerm
* Fixed a remote-crash format string bug in auto-invite daemon
* Fixed build problems on SunOS
* Fixed --with-x on X.org (broken since 3.1.2)
version 3.1.5
New features:
* We now use openpty() if available to securely allocate ptys
* Added the prompt-quit patch from Debian again (oops, lost in 3.1.3)
Bug fixes:
* Fixed a problem with the configure script on Slackware
* Added a missing part of VT100 scrolling support
* Fixed a small memory leak in terminal tab handling
* Small documentation fixes and updates
version 3.1.4
New features:
* Added "rering all" to main menu (requested by Matthew Vernon in '99)
* Added --with-curses=DIR option to configure script
Bug fixes:
* Fixed detection of `socklen_t' type on OpenBSD
* Fixed a minor problem with the no-beep mode
* Fixed a minor signed/unsigned issue
* Cleaned up the configure script a bit
version 3.1.3
New features:
* Added support for job control on BSD systems
* Added terminal tab handling
* Added terminal keypad modes
* Added "ignorebreak" mode (^C is ignored unless a shell is running)
* Added "beeps" to the ytalkrc flags (applies to all beeps)
* Added internal memory management and tracking
Changes:
* Maintainer change to Andreas Kling
* Dropped getlogin() in favor of getpwuid()
* Removed "debug" logging code
Bug fixes:
* Fixed the shell on Tru64 UNIX
* restored compatibility with old talk daemons (broken in 3.1.2)
* restored command line parsing (broken on many systems in 3.1.2)
* Removed debug code that broke terminal raw mode in 3.1.2
version 3.1.2
New features:
* Debug logger added
* Now optionally prompts user before quitting (when using -q),
patch from Colin Watson
* Added parsing of long options
* Fixed maximum username length to 11 instead of 8
Changes:
* Maintainer change to Jessica Peterson
* X support isn't compiled as default anymore
* -x command line switch now enables X11 mode instead of disabling it.
* Scrolling is enabled by default
* Upgraded to autoconf 2.59
Bug fixes:
* Fixed a possible buffer overflow regarding a oversized $HOME
when loading the configuration file
* Reset handling of SIGCHLD for shells - patch from P. Maragakis
following hints by Jason Gunthorpe
client-server applications. They conform to the UNIX Client-Server
Program Interface, UCSPI.
sslserver listens for connections, and runs a program for each
connection it accepts. The program environment includes variables
that hold the local and remote host names, IP addresses, and port
numbers. sslserver offers a concurrency limit on acceptance of new
connections, and selective handling of connections based on client
identity.
sslclient requests a connection to a TCP socket, and runs a program.
The program environment includes the same variables as for sslserver.
The "tls" option applies Scott Gifford's patch to implement UCSPI-TLS
in sslserver.
Assume that x86_64 has the same drivers as i386, addresses PR 32332.
No PKGREVISION bump since it didn't compile on amd64 before.
While here:
remove superfluous patches patch-af, patch-ag to config.sub files
(get replaced by CONFIG_SUB_OVERRIDE anyway)
split up multi-patch patch-aa into four patches patch-a[hijk]
2006/01/05: version 2.7.2 = tag release-2-7-2
4764: Patch for MLDonkey-compiled Ocaml-3.09.1 to fix GTK1 oldgui compile
4763: Compile patch for GTK1 oldgui with Ocaml 3.09.1
Ocaml 3.09.1 has a bug which prevents compiling GTK1 oldgui.
A patch can be found here: http://caml.inria.fr/mantis/view.php?id=3948
2006/01/04
4761: Insert glibc version in archives build by release targets
4760: Allow use of Ocaml 3.09.1
MLDonkey can now be compiled with Ocaml 3.08.3/4, 3.09.0/1
Default for MLDonkey-compiled Ocaml is now 3.09.1
4759: Configure: Improve gcc check
4757: Compile patches for MorphOS (Christian Rosentreter)
4748: HTML: Allow rename of files with '#', '&' and '%',
remove invalid chars from filenames depending on OS (thx to pango)
4756: HTML: Print build- and runinfo on main page,
fix reload bug when changing html_mods/html_themes (Knocker)
2006/01/03
4751: Ease use of messages_filter option (pango)
4753: Allow upper case MD4 for ed2k-links in mldonkey_submit (fcrozat)
4754: New parameter --auth for mldonkey_command (plf team)
2006/01/02
4749: GUI: send shared sub_files to gui (zet)
2006/01/01
4712: Change terminal color for command line from blue to cyan (romildo)
4742: Log: remove verbosity "tor" & "file", improve verbosity "verb"
4743: EDK: Print "File is already shared" when trying to start downloading
an already shared file
4744: Split client_timeout into ED2K-client_timeout and BT-client_timeout,
increase BT-client_timeout to 90 (tradie)
4745: Update config.guess and config.sub to version 2005-12-23
2005/12/28
4725: Check if ulimit is sufficient for MLDonkey,
auto-adjust max_opened_connections
* moved ED2K-max_indirect_connections to downloads.ini
* max_indirect_connections is now a %-value of max_opened_connections
* minimum ulimit for open files is now 150 (most systems have 1024),
MLDonkey will refuse to start if ulimit is lower
* minimum max_opened_connections is now 75
* reduced max_concurrent_downloads from 60 to 50
* minimum ulimit -n 150 is used like this:
- 75 max_opened_connections
- 50 downloading files
- 5 upload slots
- 20 fd as reserve for ini files
4704: Fix some C compile warnings (schlumpf)
4739: Fix some cross-compiling obstacles, remove Ocaml 3.08.2 compatability
* Cross-compiling is only possible with a correct Ocaml toolchain
* MLDonkey can not build this Ocaml toolchain
* This patch only fixes some autoconf checks
4735: MinGW: pause before core exit because of existing Pid file
4736: New commands: sysinfo, runinfo and diskinfo
* removed temp_directory and core_directory from shares command output
* new commands sysinfo, runinfo and diskinfo
* buildinfo now prints only buildinfo
* runinfo prints run-time information
* new command diskinfo prints filesystem data about temp_directory,
core_directory and all shared dirs
* sysinfo prints buildinfo, runinfo and diskinfo alltogether
4712: Change terminal color for downloading files from blue to cyan (romildo)
2005/12/24
4732: Log: More infos for verbosity = " verb"
2005/12/21
4728: fix date format (zet)
4730: BT: parse path.utf-8 (zet)
2005/12/19
4726: New option space_overhead to adjust garbage collection (bogeyman)
4724: Windows: 10 seconds pause when core start fails
to make error messages readable
2005/12/18
4723: New build target: make ocamldoc (pango)
4721: Log: Improve output for verbosity "verb", remove verbosity "hid"
2005/12/17
4719: Fix linking of dp500 (pango)
4715: OV: Improve searching, longer ov timeout, some more bugfixes (bogeyman)
4718: Fix bug which prevented proper write to files introduced in patch #4694
4717: EDK: Removed unused variable file_md4s_to_register (bogeyman)
2005/12/16
4703: BT: Deactivate dead trackers,
re-enable them if no active trackers are found (pango)
4708: HTML upstats: Enable preview for shared files
4652: dllink: reject EDK files > 4GB, print access errors for .torrent files
2005/12/15
Removed orphaned files:
src/networks/donkey/donkeyFiles.mli
src/networks/donkey/donkeyInteractive.mli
src/networks/donkey/donkeyMain.mli
4710: Re-add some protocol information as comments removed by patch 4694
4709: Fix zip file extract broken due to patch 4694 (Ocaml 3.09)
4707: Fix recover_temp broken by patch 4674 (force_download)
2005/12/14
4706: EDK: Remove donkeyChunks, use commonSwarming for op_file_check
4702: Correct timezone in e-mail, nicer uptime, timezone and uptime in runinfo
4694: Fix lots of compile warnings in Ocaml 3.09
4705: Update config.guess and config.sub to version 2005-11-11
Mozilla MLdonkey Protocol Handler updated to version 1.7
2005/12/13
Removed orphaned files:
src/networks/fasttrack/fasttrack.ml
src/networks/gnutella/gnutella1.ml
src/networks/gnutella/gnutella.ml
src/networks/gnutella/gnutellaScheduler.ml
src/networks/gnutella/gnutellaZlib.ml
src/networks/gnutella2/g2Scheduler.mlt
src/networks/gnutella2/gnutella2.ml
4700: Log: New verbosity option "gui" to debug GUI protocol
4696: Fix some C compiler warnings
2005/12/10
4687: Compile fix for Ocaml 3.09.0 (gildor), MLDonkey can now be compiled
with Ocaml 3.08.[2,3,4] and Ocaml 3.09.x (4687_min2.patch)
4693: Compile patch in sha1.c for FreeBSD (lioux)
4689: Catch exception in file_completed_cmd to let commit complete
4691: file_completed_cmd: $DURATION in seconds (debonair)
07/03/2005: Version 2.3.5
- Fix crash with replay live mode (-S)
- Fix longstanding tcpprep auto/router mode bug
06/05/2005: Version 2.3.4
- Support libpcap <= 0.5 for OpenBSD
- libpcap 0.5 doesn't have pcap_open_dead, so disable -w, -W and -D in
that case
- Fix configure errors regarding libpcapnav
- Fix compile problem in libpcap.c with OpenBSD
- Fix compile problem where libpcap and libnet are in /usr and
libpcapnav is somehwere else
- Don't ship .svn directories
- Close stdin so we can reopen it if necessary
Remove BROKEN_IN, since it builds fine for me on 3.99.15/i386.
rather than PKG_FAIL_REASON, so that they provide useful error
messages in build logs, and so that they continue to work on platforms
where they aren't broken.
* ignore \r in config files
* (hopefuly) fixed 64bit bugs (Nicolas Boichat and Zach Brown)
* added support for "Split-Net" Routing
* introduced vpnc-script and removed vpnc-connect
* always search for configfiles in /etc/vpnc/ expect if the
filename contains at least one "/"
* only read /etc/vpnc/default.conf and /etc/vpnc.conf if no other
configfiles are provided
* various other fixes contributed by Anton Altaparmakov, Randy
Chou, "krabat", Andre Vanha and Nikolay Sturm
Bug Fixes
Three security vulnerabilities have been fixed since the previous
release (fixed in pkgsrc via patches):
- The IRC dissector could go into an infinite loop.
- iDefense found a buffer overflow in the OSPF dissector.
and
- The GTP dissector could go into an infinite loop.
New and Updated Features
The following features are new (or have been significantly updated)
since the last release:
- The Windows installer now ships with GTK+ 2.6 instead of GTK+ 2.4.
This should fix several long-standing bugs.
- If you're loading a saved capture file and press "Cancel", Ethereal
will now display the packets read up to that point. In previous
versions, Ethereal would abort the attempt completely and clear the
packet list. This means that if you're loding a huge capture file,
you can stop loading in the middle and still be able to analyze part
of the file.
- The maximum number of files allowed in a ring buffer has been increased
from 1024 to 10,000.
- OID to name resolution has been improved.
- TCP graphs now handle upper and lower bounds better.
New Protocol Support
3Com Netjack200, CDT, CIGI, DAP, DISP, DOP, DSP, FTBP, MS NLB, NBAP, NCP
SSS, NCS, NHRP, P_Mul, RNSAP, SMB2, STANAG 5066, TIPC, UDP-Lite, X.501
Updated Protocol Support
ACSE, AIM, ALCAP, AMR, ANSI MAP, BER, BitTorrent, BOOTP, CAMEL, CMP,
CMS, COPS, CRMF, DCCP, DCERPC (DCERPC, DSSETUP, INITSHUTDOWN, NT,
WINREG), DEC DNA RT, DNP, DTP, eDonkey, ENIP, ESS, Etheric, FC-DNS,
FC-FZS, FMIPv6, GRE, GSM A, GSM MAP, GTP, H.225, H.235, H.245, H.248,
H.263, H.450, IAPP, IEEE 802.11, INAP, IP, IPv6, IRC, ISIS LSP, ISUP,
IUUP, Juniper, LLDP, M3UA, MIP, MIPv6, Modbus/TCP, MTP3, NCP, NDPS, NDS,
NEMO, NMAS, NTLMSSP, OSPF, PER, PN-DCP, PPP CHAP, PPPoE, PVFS2, Q.931,
RADIUS, RANAP, RDT, RLOGIN, RMT, ROS, RTCP, RTP, RTSE, S4406, SCCP,
SCTP, SES, SIP, SMB, SNDCP, SRVLOC, STUN, T.38, UMA, WINS Replication,
X.411, X.420, X.509
New and Updated Capture File Support
DOS Sniffer, Endace ERF, HP-UX nettl, IBM iSeries traces, Tektronix K12
Bugfixes:
o Address a bug in the oplock code which may cause clients to stall
when multiple users are accessing a share concurrently
o Missing groups in a user's token when logging in via kerberos
o Incompatibilities with newer MS Windows hotfixes and
embedded OS platforms
o Portability and crash bugs.
o Performance issues in winbindd.
Additions:
o Complete NTLMv2 support by consolidating authentication
mechanism used at the CIFS and RPC layers.
o The capability to manage Unix services using the Win32
Service Control API.
o The capability to view external Unix log files via the
Microsoft Event Viewer.
o New libmsrpc share library for application developers.
o Rewrite of CIFS oplock implementation.
o Performance Counter external daemon.
o Winbindd auto-detection query methods when communicating with
a domain controller.
o The ability to enumerate long share names in libsmbclient
applications.
The patches are a modified version of some enhancements to tcpflow from Debian
Adds the following options:
-e When outputting to the console each flow will be output in alternating
colours.
-C Console print without the packet source and destination details being
printed. Print the contents of packets to stdout as they are received,
without storing any captured data to files (implies -s).
- update to mDNSResponder core 58-8-1
- compile out heap debugging when NDEBUG macro is set during compilation
- errors encountered when parsing conf file are logged
- fix various unsafe sprintf calls (contributed by
David Young dyoung@pobox.com)
- compiles cleanly using cygwin
- support for compiling under OpenBSD
- error in docs regarding swapped parameters to sw_discovery_publish_reply
AICCU (Automatic IPv6 Connectivity Client Utility) makes it easy for users to
get IPv6 connectivity via SixXs. After having requested an account, tunnel and
optionally a subnet, AICCU can be used to automatically configure the tunnel.
AICCU supports TIC (Tunnel Information & Control protocol), which it uses for
retrieving the tunnel configuration information, AYIYA, which allows tunnels to
be created even behind firewalls and NATs.
