freediameter (1.2.0) UNRELEASED; urgency=low
* Major changes in the logging system to be more syslog and production friendly
* New extension: dict_dcca_3gpp
* New extension: dict_dcca_starent (Starent DCCA vendor-specific AVPs)
* New extension: rt_ignore_dh (hide network topology by proxying Destination-Host).
* New extension: rt_load_balance (load balancer based on pending queue size).
* New extension: rt_busypeers. See doc/rt_busypeers.conf.sample.
* New extension: dbg_msg_timings. Measures timing of message operations.
* New extension: dbg_msg_dumps. Use to control hooks display.
* New API (fd_hook_*) for extensions to control messages logging & profiling
* New API (fd_stats_*) for extensions to monitor framework state (e.g. SNMP implem)
* API change: all the fd_*_dump functions now return malloc'd strings instead of logging directly.
* API change: callback parameter of fd_rt_out_register had its signature updated.
* Updated dbg_monitoring extension to use the new API
* New script to generate dictionary extensions from org file (see contrib/tools)
* New compilation option: WORKAROUND_ACCEPT_INVALID_VSAI to improve compatibility
with invalid Vendor-Specific-Application-Id AVPs received from some equipments (e.g. Cisco).
* New compilation option: DISABLE_PEER_EXPIRY for use in test environments.
* Extensions are now also searched in LD_LIBRARY_PATH.
* Copy Proxy-Info AVP automatically in new answers.
* Port value 0 allowed in configuration to disable local server (e.g. disable non-secure port).
* API change: fd_msg_send_timeout now takes a separate callback for timeout situation.
* Function changes: fd_msg_dump_* now split in three different type of output.
* New test testmesg_stress to measure message parser performance
* Fix termination of the framework to avoid failures.
* Fix invalid timespec value in peer PSM appearing randomly (leading to crash).
* Return DIAMETER_LOOP_DETECTED if local peer in the Route-Record list of a message.
* Allow running without TLS configuration.
* Upgraded SCTP code to comply with RFC 6458
* Using default secure Diameter port number 5658 as per RFC 6733
* Updated TLS code for performance improvements with new GNU TLS.
* Fix interlocking problem when large number of requests were failed over.
* New option in test_app.fdx extension for long messages payload.
* Performance improvement in message sending code path.
-- Sebastien Decugis <sdecugis@freediameter.net> Sat, 14 Sep 2013 18:08:07 +0800
Changes
-------------------------
0.42 - made a "char" array in the charstring classh explicitly "signed char"
for arm and similar platforms where "char" is actually
"unsigned char"
fixed variadic macros in codetree class for MSVC
fixed rpm->rpmbuild in installation docs
0.41 - fixed a few bugs in the codetree class and improved its debug
added comments to codetree class header
added new search paths and default prefix for syllable
initialized an uninitialized variable in clientsocket
added support for syllable os
0.40 - fixed -pthread annoyance
added -Werror to default build
fixed various issues revealed by -Werror
fixed hostentry::getAddressString() for numbers greater than 127
fixed bugs that could lead to a crash when using the hostentry class
with NULL hostnames
reads that error out with EAGAIN are treated as successful reads of 0
bytes now
all sockets are manually set to blocking mode after creation now
sockets created by accept() are set to the blocking/non-blocking mode
of the socket that was accepted on
fixed charstring::safeCopy to copy the NULL terminator
made charstring::copy NULL-safe
refactored windows make.bat script
made crypt class salt NULL-safe
0.39 - filedescriptor::getPeerAddress returns NULL now for non-inet sockets
added charstring::safeCopy methods
made regularexpression::getSubstring* methods return const char *'s
fixed a bug where xmldomnode::deleteAttribute() on a non-existent
attribute name would crash
added xmldomnode::getTree and xmldomnode::print methods
added codetree class
fixed a longstanding memory leak in dictionary::clear()
0.38 - included some contributed updates to chat, charstring and modemclient
added several more wrappers to system class
refactored configure/make for non-gnu make compatibility
upated passFileDescriptor to dynamically allocate the control buffer
for OS X 10.7 whos CMSG_LEN ultimately calls a function
updated msvc build to create Release code rather than Debug by default
added posix analogs (rewind, skip and read) to directory class
updated filedescriptor debug so debugging of the buffering can be
enabled/disabled
integrated patches from Neowiz for:
using -g3 if available when --enable-debug is specified
testing the result of getaddrinfo for any non-zero result
when checking for EINTR, not just EAI_SYSTEM,
and also to reset errno between tries
clientsocket to use WSAConnect and friends on windows
disabling code that uses AF_UNIX sockets outright for windows
inetserversocket::listen() to reuse addresses
added process::exitImmediately
updated error::getErrorString() to be thread safe when it uses
strerror_r or strerror_s internally
fixed charstring::isInteger/isNumber to return false when the string
passed in is either - or . without any actual number
changed longs in snooze class to uint32_t's
0.37 - updated logger to exclude : if header isn't supplied
updated logger not to print double-returns after each log message
added file::createPipe()
fixed net-to-host and host-to-net byte order conversions for 64-bit
integers on windows
fixed charstring::copy that I'd broken in 0.36
fixed missing [] in a delete in filedescriptor::read() with terminator
that could cause leaks and corruption
fixed a leak in filedescriptor::read() with terminator that could
occur when it fell through with an error, timeout or 0-byte
read
applied Georgiy Kirichenko's fix to the safePoll call in
filedescriptor::readFileDescriptor() - swapped true/false
arguments so it would wait using POLLIN
added xmldomnode::getPosition()
fixed display of seconds from datetime::getString()
fixed optimum buffer size calculation in xmlsax
fixed several dlclose()-related bugs
0.36 - various fixes for SCO and Ultrix
renamed some methods to avoid collisions with macros
modified methods that take or return internal structures to take or
return void pointers instead
added charstring::replace methods
renamed all .C files to .cpp for windows
added msvc project and got most classes building natively on windows
0.35 - added ( to set of chars to capitalize after
added methods to control whether semaphoreset operations are retried
after they have been interrupted by a signal
added charstring::findFirstOrEnd
added character::inSet
* liboath: Add new API methods for validating TOTP OTPs
The new methods (oath_totp_validate3 and oath_totp_validate3_callback)
introduce a new parameter *otp_counter, which is set to the actual
counter used to calculate the OTP (unless it is a NULL pointer). This
allows for easier OTP replay detection in applications using liboath.
Patch from Fabian Grünbichler <fabian.gruenbichler@tuwien.ac.at>.
Version 2.2.0 (released 2013-07-07)
* libpskc: Add functions for setting PSKC data.
The new functions are pskc_add_keypackage and all pskc_set_* functions
(see libpskc/include/pskc/keypackage.h). This allow you to write
programs that generate new PSKC structures.
* liboath: Permit different passwords for different tokens for the same user.
Thanks to Christian Hesse <list@eworm.de>.
* build: Improve building from git with most recent automake and gengetopt.
Thanks to Christian Hesse <list@eworm.de>.
* build: Valgrind is not enabled by default.
It causes too much false positives. For developers who want, use
--enable-valgrind-tests. It is still enabled by default when building
from the version controlled sources (see cfg.mk). Thanks to Christian
Hesse <list@eworm.de>.
* liboath: Make header file usable from C++ (extern "C" guard).
Reported by Alan Markus <alan.markus@gmail.com>.
* Fixups of import/export.
Add targetConfig to show in which slot a configuration is intended.
Possible memory leaks on error conditions.
* Add -d switch to ykpersonalize for dry-run.
* Add ykp_clear_config() for clearing configuration flags.
* Add getter functions for all configuration flags.
* Add -V to all tools to output version.
* Add ykp_get_acccode_type() and ykp_set_acccode_type()
Only to do with export, showing where the access code came from
in the ycfg.
* Add -1 and -2 options to ykinfo to show programming state.
* Fix: hash table growth (for small tables) should be limited
* Document build work-around on MacOS X
* Fix tests: use of uninitialized variables
* tests: add missing unsigned long casts to pthread_self()
Userspace RCU 0.7.7
* rculfhash: document destroy context limitation
* Fix: Use a filled signal mask to disable all signals
* Document: rculfhash destroy and resize side-effect in 0.7
* Add "sparc" host cpu to configure.ac
* Fix: tests/api.h use cpuset.h
* Fix hurd-i386: move cpuset tests outside of sched_setaffinity conditional
* Fix tests: finer-grained use of CPU_SET, CPU_ZERO and cpu_set_t
* Test for CPU_SET
* Fix build on architectures with HAVE_SCHED_GETCPU but without HAVE_SYSCONF
* README: document that Clang 3.0 (based on LLVM 3.0) is supported
* clang: silence "unused expression result" warning
* rculfhash: add assertions on node alignment
* uatomic: style fix
- [UTMP input] New input module parsing utmp/wtmp files in Linux
- [SELINUX input] New input module parsing SELinux audit files in Linux
- [l2t_process] Renamed to l2t_process_old, being replaced by l2t_process.py
from l2t-tools.
- [EVTX Library] Fixed a small bug in the code, causing some EVTX file
parsing to fail.
- [Altiris input] Fixed a small bug when the date is malformed.
- [Log2Timeline library] Fixed few bugs:
- Small error in the format sort, caused oxml to sometimes be skipped
in processing.
- [GENERIC_LINUX input] Added a small extra eval sentence.
- [LS_QUARANTINE] Fixed a minor bug in the get_time routine, if a database
occurs it is caught by an eval sentence.
- [TEST] Added few more tests.
- [MOST INPUT MODULES] Changed the line:
my $line = <$fh> or return undef;
in most input modules.
- [WIN library] Added few more transformations of Windows stored time zones
into a "olson" ones understood by DateTime.
- [CHROME input] Fixed a small unicode bug in the "File Downloaded" section.
- [faersluskra2timalina] Added a new frontend to the tool, exact copy of
log2timeline, except all parameters in Icelandic... kinda
Aprils fool joke, except not in April.. so enjoy.
- [timescanner tool] Removed this frontend from the Makefile since it serves
no purpose (as in no longer part of the automatic installation).
also added a netbsd-specific build option
(changes)
2013.58 - Thursday 18 April 2013
- Fix building with Zlib disabled, thanks to Hans Harder and cuma@freetz
- Use % as a separator for ports, fixes scp in multihop mode, from Hans Harder
- Reject logins for other users when running as non-root, from Hans Harder
- Disable client immediate authentication request by default, it prevents
passwordless logins from working
2013.57 - Monday 15 April 2013
- Decreased connection setup time particularly with high latency connections,
the number of round trips has been reduced for both client and server.
CPU time hasn't been changed.
- Client will send an initial key exchange guess to save a round trip.
Dropbear implements an extension kexguess2@matt.ucc.asn.au to allow the first
packet guess to succeed in wider circumstances than the standard behaviour.
When communicating with other implementations the standard behaviour is used.
- Client side: when public key or password authentication with
$DROPBEAR_PASSWORD is used an initial authentication request will
be sent immediately rather than querying the list of available methods.
This behaviour is enabled by CLI_IMMEDIATE_AUTH option (on by default),
please let the Dropbear author know if it causes any interoperability
problems.
- Implement client escape characters ~. (terminate session) and
~^Z (background session)
- Server will more reliably clean up utmp when connection is closed, reported by
Mattias Walstr<C3><B6>m
- Don't crash if /dev/urandom isn't writable (RHEL5), thanks to Scott Case
- Add "-y -y" client option to skip host key checking, thanks to Hans Harder
- scp didn't work properly on systems using vfork(), thanks to Frank Van Uffelen
- Added IUTF8 terminal mode support (Linux and Mac OS). Not standardised yet
though probably will be soon
- Some verbose DROPBEAR_TRACE output is now hidden unless $DROPBEAR_TRACE2
enviroment variable is set
- Fix using asymmetric MAC algorithms (broke in )
- Renamed configure.in to configure.ac to quieten autoconf, from Mike Frysinger
2013.56 - Thursday 21 March 2013
- Allow specifying cipher (-c) and MAC (-m) lists for dbclient
- Allow using 'none' cipher or MAC (off by default, use options.h). Encryption
is used during authentication then disabled, similar to OpenSSH HPN mode
- Allow a user in immediately if the account has a blank password and blank
passwords are enabled
- Include a few extra sources of entropy from /proc on Linux, hash private keys
as well. Dropbear will also write gathered entropy back into /dev/urandom
- Added hmac-sha2-256 and hmac-sha2-512 support (off by default, use options.h)
- Don't sent bad address "localhost" for -R forward connections,
reported by Denis Bider
- Add "-B" runtime option to allow blank passwords
- Allow using IPv6 bracket notation for addresses in server "-p" option, from Ben Jencks
- A few improvements for Android from Reimar D<C3><B6>ffinger
- Fix memory leak for TCP forwarded connections to hosts that timed out,
reported by Norbert Bencz<C3><BA>r. Appears to be a very long-standing bug.
- Fix "make clean" for out of tree builds
- Fix compilation when ENABLE_{SVR,CLI}_AGENTFWD are unset
* OPENDNSSEC-428: ods-ksmutil: Add option for 'ods-ksmutil key generate' to
take number of zones as a parameter
Bugfixes:
* SUPPORT-66: Signer Engine: Fix file descriptor leak in case of TCP write
error [OPENDNSSEC-427].
* SUPPORT-71: Signer Engine: Fix double free crash in case of HSM connection
error during signing [OPENDNSSEC-444].
* OPENDNSSEC-401: 'ods-signer sign <zone> --serial <nr>' command produces seg
fault when run directly on command line (i.e. not via interactive mode)
* OPENDNSSEC-440: 'ods-ksmutil key generate' and the enforcer can create
too many keys if there are keys already available and the KSK and ZSK use
same algorithm and length
* OPENDNSSEC-424: Signer Engine: Respond to SOA queries from file instead
of memory. Makes response non-blocking.
* OPENDNSSEC-425 Change "hsmutil list" output so that the table header goes
to stdout not stderr
* OPENDNSSEC-438: 'ods-ksmutil key generate' and the enforcer can create
too many keys for <SharedKeys/> policies when KSK and ZSK use same
algorithm and length
* OPENDNSSEC-443: ods-ksmutil: Clean up of hsm connection handling
* Signer Engine: Improved Inbound XFR checking.
* Signer Engine: Fix double free corruption in case of adding zone with
DNS Outbound Adapters and NotifyCommand enabled.
Bugfixes
[CPPOST-83] - Compile error with boost 1.53
[CPPOST-86] - samlsign core dumps when -dig option is used
2.5.2:
(none)
2.5.1:
Bugfixes
[CPPOST-79] - Typo in "metadata intance failed manual validation checking"
log message
[CPPOST-80] - SAMLTIME_MAX constant breaks for universal Mac builds
Improvement
[CPPOST-78] - Add metadata:rpi schema to OpenSAML
2.5.0:
Bugfixes
[CPPOST-65] - Remove compile time version output where possible.
[CPPOST-70] - Problem calling virtual functions from base class constructors
[CPPOST-71] - Various clone methods are broken.
[CPPOST-75] - ChainingTrustEngine resets SOAP/TLS-based null peer entity name,
forces TrustEngine name matching
Improvements
[CPPOST-74] - metadata provider should check validity before replacing
old metadata
[CPPOST-76] - filter IdPs somehow that don't declare themselves "ready"
New Features
[CPPOST-69] - Load Folders of Metadata
[CPPOST-73] - Metadata filter that can add EntityAttribute tags
Bugfix
[CPPXT-92] - Update xmlsig 1.1 schema to final CR
Improvements
[CPPXT-94] - Configuration check should check for missing private key
[CPPXT-95] - Improve logging when libcurl is built without OpenSSL
1.5.2:
Bugfixes
[CPPXT-89] - Regression in deprecated catalog_path option during initialization
[CPPXT-90] - X509Digest generates base64 based on hex digest instead of binary
Improvement
[CPPXT-91] - KeyInfoResolver code returns empty credential object.
1.5.1:
Improvement
[CPPXT-88] - Support path resolution in ParserPool / catalog files
1.5.0:
Bugfixes
[CPPXT-76] - Remove compile time version output where possible.
[CPPXT-79] - link fails if xml-security-c library outside default link path
[CPPXT-83] - Transport layer not handling Last-Modified header correctly
[CPPXT-84] - Problems compiling log4shib on Solaris SPARC 10 with Sun
Studio 12.1 with 64bit libraries
[CPPXT-86] - Small Memory Leak in XMLObjectBuilder::buildFromElement()
Improvements
[CPPXT-70] - Improve remote CRL access and caching support
[CPPXT-78] - Support configuration of name and policy restrictions for the
signature metadata filter (signing certificate)
[CPPXT-82] - libcurl, ExplicitKeyTrustEngine, PKIX could provide additional
debug information
[CPPXT-87] - Libcurl versions before 7.20 do not refresh caches of IdP IP
address look-ups - this breaks SAML1 attribute query if the IdP's
IP address is changed
---------------------
Bugfixes:
* Response with NSID contained extra bytes after reload
* List of remotes is scanned for longest prefix match
* Multipacket TSIG signatures for transfers
* Wrongly parsed TSIG key secret without quotes
* Removed autoconf checks for extended instruction sets
v1.3.0 - Aug 5, 2013
--------------------
Features:
* Defaults for CH TXT id.server,version.server (see doc)
Bugfixes:
* Progressive interval for bootstrap retry
* Transfers randomly cancelled
* Disabling RRL on reload
* Secondary groups not initialized when dropping privileges
* Responding to DS queries for names at or below delegation points
v1.3.0-rc5 - Jul 29, 2013
-------------------------
Features:
* Much faster bootstrap of many zones
Bugfixes:
* Removed deprecated 'knotc -w' option
* Slave ignores out-of-zone records in zone
* Support for obsolete types in zone transfers
* Slave zone file names fixes
* Long transfers being randomly dropped
v1.3.0-rc4 - Jul 15, 2013
-------------------------
Features:
* --with-configdir option for default config path
* Reintroducted 'pidfile' config option
Bugfixes:
* AXFR/IXFR subsystem performance improvements
* Rescheduling of AXFR in some cases
* RRSIGs not in the same section for DS records
* Log messages leaking to syslog
* 'knotc restart' option removed due to several limitations
v1.3.0-rc3 - Jun 28, 2013
-------------------------
Features:
* Utility to estimate memory consumption (see 'knotc memstats')
* PID file is not created when running on foreground
* UNIX sockets support for knotc
* Configurable 'rundir' and 'storage'
Bugfixes:
* IXFR with an arbitrary number of diffs
* Processing of knotc TSIG keyfile
* Atomic PID file writing, removed deprecated 'knotc start'
* Performance regression when RRSIGs came before covered RRs in AXFR
v1.3.0-rc2 - Jun 14, 2013
-------------------------
Bugfixes:
* Label compression related bug
* Proper resolution of some CNAME chains
* Unstable response rate in rare cases
* Several log messages
v1.3.0-rc1 - Jun 4, 2013
---------------------------
Features:
* Faster zone parser
* Full support for EUI and ILNP resource records
* Lower memory footprint for large zones
* No compilation of zones
* Improved scheduling of zone transfers
* Logging of serials and timing information for zone transfers
* Config: 'groups' keyword allowing to create groups of remotes
* Config: 'include' keyword allowing other file includes
* Client utilities: kdig, khost, knsupdate
* Server identification using TXT/CH queries (RFC 4892)
* Improved build scripts
* Improved dname compression and performance
Bugfixes:
* Fixed creating of PID file when dropping privileges
Changes in 0.9.1:
* Config: Fix the workaround for LuaSec 0.4.x to apply the ssl 'ciphers'
option correctly
* Config: Ability to specify the ssl 'dhparam' option simply as a path to
a file, instead of a callback function
* Windows: Fix s2s issues
* Windows: Fix the ability to specify absolute paths to SSL certificates
in the config
* Build: Fix compilation issue on non-Linux systems that have glibc (such as
Debian GNU/kFreeBSD)
* API: Fix to our set library, that caused the :include() and :exclude()
methods to behave incorrectly
Changes in 0.9.0:
* IPv6 support for c2s, s2s and all other services (e.g. HTTP)
* Server-to-server authentication using certificates (SASL EXTERNAL)
* A new HTTP subsystem, supporting virtual hosts, and fully reloadable modules
* Client and server connections are now handled by modules: mod_c2s, mod_s2s
* mod_pubsub: Basic pubsub service (some features not yet implemented)
* prosodyctl about - show information about a Prosody installation
* prosodyctl cert - command to generate XMPP certificates and CSRs
* Many very nice enhancements to our module API
* MUC: Configurable per-room history length
* MUC: Plugins can now extend the room configuration form
See notes on upgrading from 0.8.x:
https://prosody.im/doc/release/0.9.0#upgrading
Changelog:
Version 5.0.11 Sep 10th 2013
Fixing upload in shared folders with create privileges
Making ldap more robust in certain situations
Handing quota violation earlier to make the desktop clients more robust
Several quota fixes
Fix issues with certain file names like 0 or false
Disable smb in files_External on windows servers
Enable user to decrypt files again after encryption app was disabled
Improved Encryption messages
Add a searchByMime call to API
Fix multiselects for Firefox on Mac in groups management
Reduce the number of ldap connections
Show a “password incorrect” notice when used shared password is wrong
Switch to the completely new Google Drive SDK.
Scanner: additional tests for reusing etags during scanning
Fix accessing files that are newly created by setting the right mime type
Several Calendar bugfixes
Fixed “Show on Map” in Contacts
A lof of Contacts fixes
Several “Tasks” fixes
= Backports --- History
== Version 3.2.0 - April 3rd, 2013
* Moved `Proc#yield` & `Hash#key` from 1.8.7 to 1.9.1
== Version 3.2.0 - April 2nd, 2013
* Moved `Dir.mktmpdir` to the stdlib 'tmpdir' for Ruby 1.8.7
* Removed `returning` as it is no longer part of Rails.
== Version 3.1.0 - March 5th, 2013
* Backports can now be loaded separately!
* Small tweaks and fixes for many methods to pass more RubySpecs
== Version 3.0.0 - February 24th, 2013
* Features of 2.0.0 are now required when requiring 'backports'.
* Additional features of 2.0.0
* Struct#to_h, NilClass#to_h, Hash#to_h
* Hash#default_proc = nil
* OpenStruct lib
* 1.8.7's Enumerator#with_index (it wasn't in the 1.8.7 NEWS file...)
Ruby-atomic is an atomic reference implementation for JRuby, Rubinius, and MRI.
This library provides:
* an Atomic class that guarantees atomic updates to its contained value
The Atomic class provides accessors for the contained "value" plus two update
methods:
* update will run the provided block, passing the current value and replacing
it with the block result iff the value has not been changed in the mean
time. It may run the block repeatedly if there are other concurrent updates
in progress.
* try_update will run the provided block, passing the current value and
replacing it with the block result. If the value changes before the update
can happen, it will throw Atomic::ConcurrentUpdateError.
