* Add support of image preview from some web services.
* Fix image preview from gyazo
* Fix rare `retweet error' shown at close profile tab.
* Fix issue that debug mode cannot be enabled on certain processing in debug mode.
Changes in version 0.2.2.37 - 2012-06-06
Tor 0.2.2.37 introduces a workaround for a critical renegotiation
bug in OpenSSL 1.0.1 (where 20% of the Tor network can't talk to itself
currently).
o Major bugfixes:
- Work around a bug in OpenSSL that broke renegotiation with TLS
1.1 and TLS 1.2. Without this workaround, all attempts to speak
the v2 Tor connection protocol when both sides were using OpenSSL
1.0.1 would fail. Resolves ticket 6033.
- When waiting for a client to renegotiate, don't allow it to add
any bytes to the input buffer. This fixes a potential DoS issue.
Fixes bugs 5934 and 6007; bugfix on 0.2.0.20-rc.
- Fix an edge case where if we fetch or publish a hidden service
descriptor, we might build a 4-hop circuit and then use that circuit
for exiting afterwards -- even if the new last hop doesn't obey our
ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha.
o Minor bugfixes:
- Fix a build warning with Clang 3.1 related to our use of vasprintf.
Fixes bug 5969. Bugfix on 0.2.2.11-alpha.
o Minor features:
- Tell GCC and Clang to check for any errors in format strings passed
to the tor_v*(print|scan)f functions.
Patch submitted by Christian Sturm, fixes PR pkg/46609.
* rfc2045mkboundary.c was broken in 0.68
Changes 0.68:
* rfc2045/rfc2045mkboundary.c (rfc2045_mk_boundary): truncate
the hostname portion of the boundary to 30 chars.
* courier/doc/courier.sgml: Remove descriptions of some configuration
files that were moved to the courier-authlib package a while ago.
They don't belong here any more.
* courier/submit.C: Use the authenticated address, instead of the
return address, for domain-based virtual configuration.
* courier/libs/cfilename.c (config_has_vhost): Checks whether
vhost.[ip] exists.
* courier/module.esmtp/courieresmtpd.c (main): Only set a message's
virtual host if vhost.[ip] exists.
* courier/module.esmtp/esmtpclient.c (get_sourceaddr): Make sure the
input buffer is null-terminated.
* courier/submit.C (getrcpts): If there's no vhost setting from the
sender's IP address (this includes local mail!) if vhost.domain exists,
use [domain] as the virtual host.
* Remove config_search(), which simply called config_localfilename().
Change all current callers to call config_localfilename().
* courier/libs/cfilename.c (config_set_local_vhost): saves a string
that gets appended as a suffix, by config_localfilename(), and if that
filename exists, that's returned as the filename, otherwise it's the
original string without the suffix. config_get_local_vhost() returns
the suffix string.
to config_set_local_vhost().
* courier/libs/comsubmitclient.c (submit_fork): If
config_get_local_vhost(), add a -vhost parameter to submit().
* courier/submit.C (cppmain): -vhost sets config_set_local_vhost().
* courier/submit2.C (closectl): New COMCTLFILE_VHOST parameter in the
config file, taken from the vhost setting.
* courier/libs/comctlfile.c (ctlfile_setvhost): If COMCTLFILE_VHOST is
set, call ctlfile_setvhost(), return an indication if the vhost has
changed. Absence of a COMCTLFILE_VHOST treated as a discrete "(null)"
setting.
* courier/module.esmtp/esmtpclient.c (esmtpchild): If ctlfile_setvhost()
then disconnect the current socket, if one is open.
* courier/module.esmtp/esmtpclient.c (get_sourceaddr): The IP address
specified in ipout or ip6out overrides SOURCE_ADDRESS and
SOURCE_ADDRESS_IPV6 environment variable.
* courier/module.local/localmail.c (main): Call ctlfile_setvhost().
* courier/module.uucp/uucp.c (uux): Call ctlfile_setvhost().
* courier/module.dsn/dsn.c (main): Call ctlfile_setvhost().
* liblock/mail.c (dotlock_exists): Quell a compiler warning.
* courier/courierd.dist.in SOURCE_ADDRESS: Add a note that this setting
is deprecated.
Features:
* unbound-control forward_add, forward_remove, stub_add, stub_remove can modify stubs and forwards for running unbound they can also add and remove domain-insecure for the zone. This is to support reconfiguration of a DNSSEC validator on a computer that changes networks and has to enable new network config for the new location.
* new approach to NS fetches for DS lookup that works with cornercases, and is more robust and considers forwarders.
* contrib/validation-reporter follows rotated log file
* Applied patch for rrset-roundrobin and minimal-responses features (new options, enable in unbound.conf to use).
* ECDSA support (RFC 6605) by default. Use --disable-ecdsa for older openssl.
* Patch for access to full DNS packet data in unbound python module
* forward-first option. Tries without forward if a query fails. Also stub-first option that is similar.
Bug Fixes:
* Fix possible uninitialised variable in windows pipe implementation.
* Fix alignment problem in util/random on sparc64/freebsd.
* Fix for accept spinning reported by OpenBSD.
* Fix validation of nodata for DS query in NSEC zones
* [bugzilla: 444 ] Fix that setusercontext was called too late
* [bugzilla: 443 ] Fix --with-chroot-dir not honoured by configure.
* [bugzilla: 442 ] Fix that Makefile depends on pythonmod headers even using --without-pythonmodule.
* Fix to locate nameservers for DS lookup with NS fetches.
* Applied line-buffer patch from Augie Schwer to validation.reporter.sh.
* flush_infra cleans timeouted servers from the cache too.
* Fix from code review, if EINPROGRESS not defined chain if statement differently.
* [bugzilla: 434 ] Fix windows port to check registry for config file location for unbound-control.exe, and unbound-checkconf.exe.
* Fix to squelch 'network unreachable' errors from tcp connect in logs, high verbosity will show them.
* Fix prefetch and sticky NS ghost domain. It picks nameservers that 'would be valid in the future', and if this makes the NS timeout, it updates that NS by asking delegation from the parent again. If child NS has longer TTL, that TTL does not get refreshed from the lookup to the child nameserver.
* RT#2955 Fix for cygwin compilation.
* Slightly smaller critical region in one case in infra cache.
* Fix timeouts to keep track of query type, A, AAAA and other, if another has caused timeout blacklist, different type can still probe.
unit test fix for nomem_cnametopos.rpl race condition.
* fix memory leak in errorcase for DSA signatures.
* workaround for openssl 0.9.8 ecdsa sha2 and evp problem.
* fix for windows, rename() is not posix compliant on windows.
* iana portlist updated
quagga installs man pages for several programs only if the programs
are built. This commit just moves some man pages to PLIST.v6 and
PLIST.opaquelsa.
No revbump because the package, if it built before, will be unchanged.
But now building with non-default options should work.
* Changes in Quagga 0.99.21
- [bgpd] BGP multipath support has been merged
- [bgpd] SAFI (Multicast topology) support has been extended to propagate
the topology to zebra.
- [bgpd] AS path limit functionality has been removed
- [babeld] a new routing daemon implementing the BABEL ad-hoc mesh routing
protocol has been merged.
- [isisd] a major overhaul has been picked up. Please note that isisd is
STILL NOT SUITABLE FOR PRODUCTION USE.
- [*] a lot of bugs have been fixed, please refer to the git log
ISC's Release Signing Key can be obtained at:
http://www.isc.org/about/openpgp/
Changes since 4.2.4rc1
- Rotate the lease file when running in v6 mode.
Thanks to Christoph Moench-Tegeder at Astaro for the
report and the first version of the patch.
[ISC-Bugs #24887]
Changes since 4.2.4b1
- None
Changes since 4.2.3
! Add a check for a null pointer before calling the regexec function.
Without this check we could, under some circumstances, pass
a null pointer to the regexec function causing it to segfault.
Thanks to a report from BlueCat Networks.
[ISC-Bugs #26704].
CVE: CVE-2011-4539
! Modify the DDNS handling code. In a previous patch we added logging
code to the DDNS handling. This code included a bug that caused it
to attempt to dereference a NULL pointer and eventually segfault.
While reviewing the code as we addressed this problem, we determined
that some of the updates to the lease structures would not work as
planned since the structures being updated were in the process of
being freed: these updates were removed. In addition we removed an
incorrect call to the DDNS removal function that could cause a failure
during the removal of DDNS information from the DNS server.
Thanks to Jasper Jongmans for reporting this issue.
[ISC-Bugs #27078]
CVE: CVE-2011-4868
- Fixed the code that checks if an address the server is planning
to hand out is in a reserved range. This would appear as
the server being out of addresses in pools with particular ranges.
[ISC-Bugs #26498]
- In the DDNS code handle error conditions more gracefully and add more
logging code. The major change is to handle unexpected cancel events
from the DNS client code.
[ISC-Bugs #26287]
- Tidy up the receive calls and eliminate the need for found_pkt.
[ISC-Bugs #25066]
- Add support for Infiniband over sockets to the server and
relay code. We've tested this on Solaris and hope to expand
support for Infiniband in the future. This patch also corrects
some issues we found in the socket code.
[ISC-Bugs #24245]
- Add a compile time check for the presence of the noreturn attribute
and use it for log_fatal if it's available. This will help code
checking programs to eliminate false positives.
[ISC-Bugs #27539]
- Fixed many compilation problems ("set, but not used" warnings) for
gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588]
- Modify the code that determines if an outstanding DDNS request
should be cancelled. This patch results in cancelling the
outstanding request less often. It fixes the problem caused
by a client doing a release where the TXT and PTR records
weren't removed from the DNS.
[ISC-BUGS #27858]
- Use offsetof() instead of sizeof() to get the sizes for dhcpv6_relay_packet
and dhcpv6_packet in several more places. Thanks to a report from
Bruno Verstuyft and Vincent Demaertelaere of Excentis.
[ISC-Bugs #27941]
- Remove outdated note in the description of the bootp keyword about the
option not satisfying the requirement of failover peers for denying
dynamic bootp clients.
[ISC-bugs #28574]
- Multiple items to clean up IPv6 address processing.
When processing an IA that we've seen check to see if the
addresses are usable (not in use by somebody else) before
handing it out.
When reading in leases from the file discard expired addresses.
When picking an address for a client include the IA ID in
addition to the client ID to generally pick different addresses
for different IAs.
[ISC-Bugs #23138] [ISC-Bugs #27945] [ISC-Bugs #25586]
[ISC-Bugs #27684]
- Remove unnecessary checks in the lease query code and clean up
several compiler issues (some dereferences of NULL and treating
an int as a boolean).
[ISC-Bugs #26203]
- Fix the NA and PD allocation code to handle the case where a client
provides a preference and the server doesn't have any addresses or
prefixes available. Previoulsy the server ignored the request with
this patch it replies with a NoAddrsAvail or NoPrefixAvail response.
By default the code performs according to the errata of August 2010
for RFC 3315 section 17.2.2; to enable the previous style see the
section on RFC3315_PRE_ERRATA_2010_08 in includes/site.h. This option
may be removed in the future.
Thanks to Jiri Popelka at Red Hat for the patch.
[ISC-Bugs #22676]
- Fix up some issues found by static analysis.
A potential memory leak and NULL dereference in omapi.
The use of a boolean test instead of a bitwise test in dst.
[ISC-Bugs #28941]
Security release for CVE-2012-1667.
--- 9.6-ESV-R7-P1 released ---
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
(1) With gcc 4.5, cpp does not fold lines separated by a escaped
newline in the output. Therefore when nasd_rpcgen runs its rpc
definitions through cpp, what comes out contains syntax errors. The
parser then reports these with SIGSEGV. First fix the cpp plumbing to
use the cpp tool wrapper during build, and then have it use -traditional.
(2) On amd64, roughly half the build thinks it's actually i386. Patch
the other half to agree. This may not turn out to work, but it does
build instead of dumping out bizarre compile errors.
Changelog:
* Rename QName::ns property to QName::prefix.
* Fix parsing multipart/related responses (Bugs #14756, #14854).
* Fix parsing certain WSDLs with attachments (Bill Blough, Bug #16968).
* Use PCRE instead of ereg_* functions (Olle Jonsson, Bug #17726).]
QA release
Bug #11729 WSDL Local File loading
Bug #14344 Use Net_Server in SOAP_Server_TCP
Bug #14756 multipart/related response is not parsed
Bug #14782 logic problem in SOAP_Base bulids multidimensional arrays instead of flat
Bug #14854 multipart/related responses no longer handled correctly
Bug #16968 Bad array assignment when using WSDL client
Bug #17659 Assigning the return value of new by reference is deprecated
Bug #17726 Patch: Using PCRE functions to avoid deprecated functions
Bug #18458 Returning SOAP_Attachment in MIME
Bug #18492 Wrong response when returning multiple results
per maintainer update request by PR 46517.
ChangeLog:
2.0.12
Changelog:
* inmproved performance with large search results
* Fixed some minor issues with Net_LDAP2_Filter and Net_LDAP2->dnExists()
* Added NOT filter to Net_LDAP2_Filter::create() so negating is more easily now
2.0.11
Changelog:
* (doc issue) Fix for #17861: Missing komma in example
* Fix for #18202: Adding attributes to a Fresh Entry saving and laterly updating
fails
2.0.10
Changelog:
* Added schema handling methods to make schema checks more easily accessible
* Bugfix for #17245. The check in the code was not working properly. Schema
checking is considered the users responsibility.
If now an attribute is requested that is not set at the entry, an empty string
is returned.
* Bugfix for #17770. Some Net_LDAP2 files were included with relative path
("Util.php"), not absolute ("Net/LDAP2/Util.php").
* Bugfix for #17314. LDIF support for attributes with modifiers ("attr1;binary").
PR 46515 by Francois Tigeot.
2.002 May 31 2012
- Make HTTP output header parsing more consistent - and catch more errors
- Add exec_cgi and exec_trusted_perl methods to HTTP
- Add bugfix for ipv=>"*" combined with UNIX sockets. (Mark Martinec)
- Fix the SSL_test.t to use exit rather than quit so the parent departs
2.001 May 30 2012
- Bug fix wrong usage of File::Temp::tempfile.
- Fix HTTP_COOKIES to be HTTP_COOKIE
- Handle multiple header values better in HTTP
- Add Log::Log4perl logging courtesy of TONVOON@cpan
2.000 May 30 2012
- Sorry for the amazingly long delay. This release represents change to much of the code base. Future patch submissions should be more promptly handled
- Bring Net::Server::Proto::SSL back. It is now fully functional under all scenarios, including IPv4 and IPv6
- Change Proto interface to allow passing more information. This represents an internal API change.
- Updates to the HUP mechanisms to make sure we rebind all types of ports correctly.
- Add IPv6 integration via ::1 style addresses as well as the ipv configuration parameter (Mark Martinec)
- Added graceful shutdown (Tatsuhiko Miyagawa)
- Added hot deploy via TTIN and TTOU (Tatsuhiko Miyagawa)
- Internal code retidying
- Finish out support for connecting to ports by service name
- Don't loose track of fork and prefork children on a hup - make sure to actively wait them off
- Correct accept to take a classname, and optionally be called in array context
- Cleanup numerous configuration issues.
- Added sig_passthrough option to Fork, PreFork, and PreForkSimple servers allowing for arbitrary signals to propagate to children
- Add syswrite/sysread support to SSLEAY (Sergey Zasenko).
- Add PSGI module.
- Many small accumulated bugfixes.
# Addressable 2.2.8
- fixed issues with dot segment removal code
- form encoding can now handle multiple values per key
- updated development environment
5.2.0nb4 to 6.0.1.
pkgsrc changes:
- Adjust license
- Adjust dependencies
- remove patch which correct bogus attributes (upstream fixed)
Upstream changes:
RELEASE 6.0.1 SEP-09-2010
- Removed all occurrences of the "locked" attribute that was
deprecated in Perl 5.12.0.
- Changed the test validating the presence of a monotonic time value
to check for invalid implementations.
- The SNMPv3 contextEngineID and contextName are now stored as part
of the request allowing for these values to be changed between
messages.
RELEASE 6.0.0 SEP-09-2009
- Substantial internal code cleanup was performed based upon the
Perl::Critic module and the "Perl Best Practices" book.
- Added support for the Module::Build system for building, testing,
and installing Perl modules.
- The translation logic for OCTET STRINGs now uses the definition of
a DisplayString in RFC 2579 to determine if the octets are to be
converted into a hexadecimal representation.
- The get_table() and get_entries() methods were refactored as part
of the code cleanup. The get_entries() method now handles "holes"
in tables better and indexes with a value of zero.
- The inheritance structure of the Transport Domain objects was
updated to reduce code duplication and increase maintainability.
- The resolution of IPv6 addresses was made more exhaustive.
- The handling of OBJECT IDENTIFIERs was made more efficient by
using [un]pack() with a BER compressed integer template.
- Additional validation of the values passed to most methods is now
performed and the error messages have been made more robust.
- The documented examples were updated based upon commonly asked
questions (specifically Example 3 and Example 4).
- A Response-PDU with an error-status set to "noError" no longer
generates an error when the error-index is non-zero, as decribed
in Section 4.2.4 of RFC 3416.
- The function oid_lex_cmp() was added to provide for the
lexicographical comparison of two OBJECT IDENTIFIERs.
- The error-status is no longer set for the exceptions noSuchObject,
noSuchInstance, and endOfMibView when translation is not enabled.
2012/05/13: version 3.1.2 = tag release-3-1-2 (expect no binary updates)
7726: Add support for Debian/Hurd, really ;)
2012/04/05: version 3.1.1 = tag release-3-1-1
2012/04/04
7732: Remove the non-existant -O6 optimization level (blickly)
7755: CryptoPP: Fix build with GCC 4.7
2012/02/22
7728: Update GNU config.guess and config.sub to version 2012-02-10
7727: Makefile: call `$(CPP) -x c` instead of `cpp` (ygrek)
7726: Add support for Debian/Hurd
2011/10/25
7647: Update options description of allow_local_network (ygrek)
7646: Include .desktop file in source package (ported from Arch Linux)
7645: DC: show hashing progress in dcinfo (ygrek)
7644: Fix broken target release.utils.static
7642: Update GNU config.guess and config.sub to version 2011/10
7641: DC: fix ownership for downloads by non-admin users (ygrek)
7593: Less allocations (ygrek)
pkgsrc.
* Release 0.6.3 (05-Jan-2012)
** Compatibility Fixes
This release really is compatible with Twisted-11.1.0 . The previous Foolscap
release (0.6.2), despite the changes described below, suffered mild
incompatibilites with the new TLS code in the final Twisted-11.1.0 release.
The most common symptom is a DirtyReactorError in unit tests that use
Tub.stopService() in their tearDown() method (to coordinate shutdown and
cleanup). Another symptom is tests overlapping with one another, causing
port-already-in-use errors.
This incompatibility did not generally affect normal operation, but only
impacted unit tests.
** Other Changes
The Debian packaging tools in misc/ were removed, as they were pretty stale.
These days, both Debian and Ubuntu make their own Foolscap packages.
* Release 0.6.2 (15-Oct-2011)
** Compatibility Fixes
Foolscap-0.6.2 will be compatible with future versions of Twisted (>11.0.0).
The 0.6.1 release will not: a TLS change went into Twisted trunk recently
(after the 11.0.0 release) which broke Foolscap 0.6.1 and earlier.
This release also fixes a minor incompatibility with newer versions of
OpenSSL (0.9.8o was ok, 1.0.0d was not), which caused errors in the test
suite (but normal runtime operation) on e.g. Ubuntu 11.10 "Oneiric".
** Git-Over-Foolscap Tools
The doc/examples/ directory contains two executables (git-foolscap and
git-remote-pb) which, when placed in your $PATH, make it easy to use Foolscap
to access a Git repository. These use the flappserver/flappclient tools and
let you build a FURL that provides read-only or read-write access to a single
repository. This is somewhat like providing SSH access to a repo, but with a
much smaller scope: the client will only be able to manipulate the one
repository, and gets no other authority on the target system. See the tool's
inline comments for usage instructions.
** Minor Fixes
Using 'flappserver upload-file FILE1 FILE2 FILE3..' (with three or more
files) now correctly uploads all files: previously it only managed to upload
the first and last.
'flappserver' argument handling was improved slightly. A workaround was added
to handle a Twisted stdio-closing bug which affected flappserver's
run-command function and broke the git-foolscap tool. Several changes were
made for the benefit of Windows: log filenames all use hyphens (not colons),
log filtering tools tolerate the lack of atomic-rename filesystem operations,
and some unixisms in the test suite were removed.
The Tub.setLogGathererFURL() method can now accept a list (iterable) of log
gatherer FURLs, not just a single one.
ChangeLog:
2012/05/21 : 1.4.21
- MINOR: patch for minor typo (ressources/resources)
- CLEANUP: fix typo in findserver() log message
- DOC: cleanup indentation, alignment, columns and chapters
- DOC: fix some keywords arguments documentation
- MINOR: stats admin: allow unordered parameters in POST requests
- MINOR: stats admin: use the backend id instead of its name in the form
- BUG/MAJOR: trash must always be the size of a buffer
- DOC: fix minor regex example issue and improve doc on stats
- BUG/MAJOR: possible crash when using capture headers on TCP frontends
- MINOR: config: disable header captures in TCP mode and complain
- BUG/MEDIUM: balance source did not properly hash IPv6 addresses
- CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
- CLEANUP: remove a few warning about unchecked return values in debug code
- CLEANUP: http: remove unused http_msg->col
- BUG/MINOR: http: error snapshots are wrong if buffer wraps
- BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set
- MINOR: proxy: make findproxy() return proxies from numeric IDs too
- BUILD: http: stop gcc-4.1.2 from complaining about possibly uninitialized values
- BUG/MINOR: stop connect timeout when connect succeeds
2012/03/10 : 1.4.20
- BUG/MINOR: fix typo in processing of http-send-name-header
- BUG/MEDIUM: correctly disable servers tracking another disabled servers.
- BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
- MINOR: halog: add some help on the command line (cherry picked from commit 615674cdec067066a42f53f5d55628ab7b207e6c)
- BUILD: fix build error on FreeBSD
- BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
- BUG: http: disable TCP delayed ACKs when forwarding content-length data
- BUG: checks: fix server maintenance exit sequence
- BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on partial writes
- DOC: enumerate valid status codes for "observe layer7"
- BUILD: make it possible to look for pcre in the default system paths