If you have installed BIND 9.1.3-P1, BIND 9.1.3-P2, BIND 9.2.2-P1,
BIND 9.2.2-P2, BIND 9.2.3rc2 or BIND 9.2.3rc3 it is recommended that
you upgrade. These versions generate false positives when applying
delegation-only tests.
--- 9.2.3 released ---
1525. [bug] dns_cache_create() could trigger a REQUIRE
failure in isc_mem_put() during error cleanup.
1524. [port] AIX needs to be able to resolve all symbols when
creating shared libraries (--with-libtool).
1523. [bug] Fix race condition in rbtdb. [RT# 9189]
1522. [bug] dns_db_findnode() relax the requirements on 'name'.
[RT# 9286]
1518. [bug] dns_nxt_buildrdata(), and hence dns_nxt_build(),
contained a off-by-one error when working out the
number of octets in the bitmap.
1514. [bug] named: isc_hash_destroy() was being called too early.
[RT #9160]
1513. [doc] Add "US" to root-delegation-only exclude list.
--- 9.2.3rc4 released ---
1512. [bug] Extend the delegation-only logging to return query
type, class and responding nameserver.
1511. [bug] delegation-only was generating false positives
on negative answers from subzones.
--- 9.2.3rc3 released ---
1510. [func] New view option "root-delegation-only". Apply
delegation-only check to all TLDs and root.
Note there are some TLDs that are NOT delegation
only (e.g. DE, LV, US and MUSEUM) these can be excluded
from the checks by using exclude.
root-delegation-only exclude {
"DE"; "LV"; "US"; "MUSEUM";
};
1509. [bug] Hint zones should accept delegation-only. Forward
zone should not accept delegation-only.
1508. [bug] Don't apply delegation-only checks to answers from
forwarders.
1507. [bug] Handle BIND 8 style returns to NS queries to parents
when making delegation-only checks.
1506. [bug] Wrong return type for dns_view_isdelegationonly().
--- 9.2.3rc2 released ---
1505. [bug] Uninitialised rdataset in sdb. [RT #8750]
1504. [func] New zone type "delegation-only".
1503. [port] win32: install libeay32.dll outside of system32.
(9.2.2-P2 is somewhere around here)
All platforms:
Autokey, using OpenSSL.
IPv6 support.
Bugfixes in loopfilter and refclocks.
NetBSD:
Support for editline command line editing
in "ntpq" and "ntpdc".
NetBSD-current:
Use nanosecond resolution POSIX timers.
Changelog:
- Fixed a bug that could occur when upgrading an interpreted object to
precompiled.
- Fixed a bug with catch and atomic in precompiled code.
- Fixed a recursion problem for an error in runtime_error().
- Better fix for the callout pause problem.
Changelog:
latd (1.17-1) unstable; urgency=low
* Add support for a MOPRC_INTERFACE env variable.
* Fix bug in the lastest retransmit code that screwed up
queued connections rather badly.
* Don't show status messages to /dev/lat ports
* moprc is now a C++ program that uses the LATinterfaces class.
* llogin -p only locks devices if liblockdev is found
* Porting work for *BSD and Darwin.
HUGE thanks to Matthew Fredette of NetBSD for all the bpf work.
* Use autoconf to configure and build. Again Matthew Fredette did
most of the work for this, but I added the Linux bits.
latd (1.16-1) unstable; urgency=low
* Don't use an IP socket for finding interfaces. So now you
can use LAT (& moprc) with a kernel that doesn't have IP.
* Fix latcp man page (-J and -j were wrong way round)
* llogin -L disables locking when using -p
* latd now expires services if it doesn't receive HELLOs
* Expand escape sequences in /etc/issue.net or /etc/issue.lat
* Fix crash on queued connections referencing freed memory.
* moprc now ignores duplicate messages it receives. This fixes
odd behaviour with some Emulex targets
* Put a timeout on CONNECT and COMMAND messages so we can resend
them if we get no reply.
* Check connection IDs more carefully.
latd (1.15-1) unstable; urgency=low
* More DS90L+ fixes (keepalive message format)
* Fix iostreams so they produce the correct output in gcc 3.0 & 2.95.
Now I know why people really hate iostreams.
* Use getloadavg() rather than /proc to get load average.
* Close all FDs before forking server processes.
* Always send an ACK for a packet with data in it.
* llogin uses lock files for device connections
latd (1.14-1) unstable; urgency=low
* gcc-3.0 compilation fixes in the new bits
* Rewritten ethernet flow control
* Increase moprc timeout a little.
* Don't try to process zero-length packets
* Include lat.html documentation
* Tested on DECserver 700
* Send "no more slots on circuit" message when closing a connection for
that reason. Fixes reconnection on DECserver 90L+
pkgsrc changes:
* Fix building when using gcc3
* Use the bsd.pkg.install.mk framework to install the
configuration file into the right place.
protocol update in servers. Changes:
malware's contributions:
* Removed all font specifications from the XML resources.
* Do not start a search after adding an ED2K-Link.
* Enable clipping in download list control.
* FIXED: Bug rehashing a part file.
* FIXED: Various minor problems found by malloc debuggers.
* Keep the requested file in sync with the part status in CUpDownClient.
Un-Thesis' contributions:
* Fixed various compatibility issues with the new eDonkey servers.
http://lists.quagga.net/pipermail/quagga-users/2003-October/000543.html
- missing rip_enable_apply() which was causing lots of problems in
ripd
- revert of the generic PtP patch. This patch just caused way way too
many problems in its quest to try support FreeSWANs odd handling of
IPSec interfaces, particularly in ospfd.
Changes for 0.3.1:
* fix 32Bit signed/unsigned bug
* improve Linux /proc/net/dev parsing
* disable LED (set -DWITH_LED to enable them)
* make slurm Gbit-safe (tests with >100MByte/s will be done soon :))
* make -Wall happy on all systems
* calculate traffic correctly when using -d option
* add Mac OS X support (thanks Jan-Eric Kolbe for providing access!)
* print usage information if no interface was given at startup
Changes for 0.3.0:
* did some profiling and lowered cpu usage of sleep stuff
* misc small fixes and documentation updates
Changes for 0.3.0-pre1:
* theme support
* misc small typo fixes and internal changes
Changes for 0.2.3:
* Solaris interface speed detection code
* fix visual overflows in the display when running for long time
* prevent the missing 'E' from being overwritten
Changes for 0.2.2:
* Solaris auto* support
* -z option to virtualy reset displayed counters
* fix padding problems which lead to speeds like 123.45KB/s/s/s/s
- IPv4 database updated (20030906)
- add support of LACNIC registry
- add output format "octal"
Print octal representation of a given IPv6 address:
(useful for djbdns/tinydns)
3ffe:ffff::1 ->
\77\376\377\377\0\0\0\0\0\0\0\0\0\0\0\1
--printfulluncompressed 3ffe:ffff::1 ->
\077\376\377\377\000\000\000\000\000\000\000\000\000\000\000\001
Available format options:
--printfulluncompressed: Print in full uncompressed format
- New program "ipv6logstats" for parsing web server logs to get some
IPv4/IPv6 distribution data and build time line charts. See examples for
more.
- add input types:
"ipv4hex" (hexadecimal IPv4 address)
"ipv4revhex" (reverse hexadecimal IPv4 address)
- add support of spaces in MAC/EUI-48 addresses
- General bugfixing
Changes since 3.45:
===================
o Integrated an enormous number of version detection service
submissions. The database has almost doubled in size to 663
signatures representing the following 130 services:
3dm-http afp apcnisd arkstats bittorent chargen citrix-ica
cvspserver cvsup dantzretrospect daytime dict directconnect domain
echo eggdrop exec finger flexlm font-service ftp ftp-proxy gnats
gnutella-http hddtemp hp-gsg http http-proxy hylafax icecast ident
imap imaps imsp ipp irc ircbot irc-proxy issrealsecure jabber
kazaa-http kerberos-sec landesk-rc ldap linuxconf lmtp lotusnotes
lpd lucent-fwadm meetingmaker melange microsoft-ds microsoft-rdp
mldonkey msactivesync msdtc msrpc ms-sql-m mstask mud mysql
napster ncacn_http ncp netbios-ns netbios-ssn netrek netsaint
netstat netwareip networkaudio nntp nsclient nsunicast ntop-http
omniback oracle-mts oracle-tns pcanywheredata pksd pmud pop2 pop3
pop3s poppass postgresql powerchute printer qotd redcarpet
rendezvous rlogind rpc rsync rtsp sdmsvc sftp shell shivahose
sieve slimp3 smtp smux snpp sourceoffice spamd ssc-agent ssh ssl
svrloc symantec-av symantec-esm systat telnet time tinyfw upnp
uucp veritasnetbackup vnc vnc-http vtun webster whois wins
winshell wms X11 xfce zebra
o Added the ability to execute "helper functions" in version
templates, to help clean up/manipulate data captured from a server
response. The first defined function is P() which includes only
printable characters in a captured string. The main impetus for
this is to deal with unicode strings like
"W\0O\0R\0K\0G\0R\0O\0U\0P\0" that many MS protocols send. Nmap can
now decode that into "WORKGROUP".
o Added SUBST() helper function, which replaces strings in matched
appname/version/extrainfo strings with something else. For example,
VanDyke Vshell gives a banner that includes
"SSH-2\.0-VShell_2_2_0_528". A substring match is used to pick out
the string "2_2_0_528", and then SUBST(1,"_",".") is called on that
match to form the version number 2.2.0.528.
o If responses to a probe fail to match any of the registered match
strings for that probe, Nmap will now try against the registered "null
probe" match strings. This helps in the case that the NULL probe
initially times out (perhaps because of initial DNS lookup) but the
banner appears in later responses.
o Applied some portability fixes (particularly for OpenBSD) from Chad
Loder (cloder(a)loder.us), who is also now the OpenBSD Nmap port
maintainer.
o Applied some portability fixes from Marius Strobl
(marius(a)alchemy.franken.de).
o The tarball distribution of Nmap now strips the binary at install
time thanks to a patch from Marius Strobl
(marius(a)alchemy.franken.de).
o Fixed a problem related to building Nmap on systems that lack PCRE
libs (and thus have to use the ones included by Nmap). Thanks to Remi
Denis-Courmont (deniscr6(a)cti.ecp.fr) for the repot and patch.
o Alphebetized the service names in each Probe section in
nmap-service-probes (makes them easier to find and add to).
o Fixed the problem several people reported where Nmap would quit with
a "broken pipe" error during service scanning. Thanks to Jari Ruusu
(jari.ruusu(a)pp.inet.fi) for sending a patch. The actual error
message was "Unexpected error in NSE_TYPE_READ callback. Error
code: 32 (Broken pipe)"
o Fixed protocol scan (-sO), which I had broken when adding the new
output table format. It would complain "NmapOutputTable.cc:128:
failed assertion `row < numRows'". Thanks to Matt Burnett
(marukka(a)mac.com) for notifying me of the problem.
o Upgraded Libpcap to the latest tcpdump.org version (0.7.2) from
0.7.1
o Applied a patch from Peter Marschall (peter(a)adpm.de) which adds
version detection support to nmapfe.
o Fixed a problem with XML output being invalid when service detection
was done on SSL-tunneled ports. Thanks to the several people who
reported this - it means that folks are actually using the XML
output :).
o Fixed (I hope) some Solaris Sune ONE compiler compilation problems
reported (w/patches) by Mikael Mannstrom (candyman(a)penti.org)
o Fixed the --with-openssl configure option for people who have
OpenSSL installed in a path not automatically found by their
compilers. Thanks to Marius Strobl (marius(a)alchemy.franken.de) for
the patch.
o Made some portability changes for HP-UX and possibly other types of
machines, thanks to a patch from Petter Reinholdtsen (pere(a)hungry.com)
o Applied a patch from Matt Selsky (selsky@columbia.edu) which fixes
compilation on some Solaris boxes, and maybe others. The error said
"cannot compute sizeof (char)"
o Applied some patches from the NetBSD ports tree that Hubert Feyrer
(hubert.feyrer(a)informatik.fh-regensburg.de) sent me. The NetBSD
Nmap ports page is at http://www.NetBSD.org/packages/net/nmap/ .
o Applied some Makefile patches from the FreeBSD ports tree that I
found at http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/nmap/files/
v1.17 Dec 12 2002
- fixed a stupid bug in TCP reassembly; having received a particular order
of TCP out of frame segments, libnids could lost track of the current
seq, and miss the following data stream
- DLT_FDDI
- benign typo in hash.c
- mentioned usefulness of two process buffering on a fast network
v1.17rc1 Aug 30 2002
- support for libnet-1.1 and --with-libnet=no
- added support for libpcap save files
- finally, DLT_LINUX_SLL is recognized
- removed a horrible assumption on sizeof(pointer); it could result in
segfault in scan.c
- --enable-shared
- __i386 -> __i386__ || __i386 :(
- support for 802.1Q VLAN
- support for wireless frames (DLT_IEEE802_11)
- got rid of (obsolete) pcap_open_live_new
- bail out if link type is unknown, instead of pretending it is ethernet
- $(MAKE) -> $(MAKE) $(AM_MAKEFLAGS)
- added a working link to Ptacek-Newsham paper
- %hi -> %hu :)
- align IP header if necessary (should not be)
- improved libraries detection
- mentioned usefulness od setsockopt(...SO_RCVBUF...) on a fast network
v1.16 Nov 3 2000
- nah, at least a release forced by a security bug. A typo in libnids.c
could cause libnids to segfault when source routed frame has been received.
v1.15 Oct 9 2000
- token ring support
- new configurable option (non-default): if a tcp callback hasn't processed
all available data, it is called immediately again
- fixed alignment in hash.c, which caused sigsegv on Sparc
- another _obviously_ redundant include file added to configure test progs
- html version of the API documentation
The main change since 1.1 is working support for the SpeedTouch 330 USB
ADSL modem. The earlier SpeedTouch USB modem has not been shipping for
over a year, and 1.1 either runs extremely slowly with a 330, or locks
the machine solid and panics when unplugged.
(speedtouch has been in beta for over a year now)
assumed incorrectly that if you are using Linux, that you want to
use the nmap-provided libpcap code; but the libpcap package works
fine. (Okay'd by salo.)
Various changes, including:
* forbid mget of filenames that aren't in or below the local cwd.
* improve auto-fetch transfers
* improve www/proxy authentication support
* improve http response header parsing
* change UCB-licensed code from 4-clause to 3-clause
Various changes, including:
* forbid mget of filenames that aren't in or below the local cwd.
* improve auto-fetch transfers
* improve www/proxy authentication support
* improve http response header parsing
* change UCB-licensed code from 4-clause to 3-clause
but I'm not sure what they are, and the freenet6 site does not
appear to have an easy way to get older versions of the files.
This is an INTERACTIVE_STAGES= fetch package also, so people might
have some difficulty without this update.
Redirects TCP connections from one IP address and port to another.
rinetd is a single-process server which handles any number of
connections address/port pairs. Since rinetd runs as a single
process using nonblocking I/O, it is able to redirect a large
number of connections without a severe impact on the machine.
via pkgsrc-wip
The patches are adapated from FreeBSD's pygopherd "port".
This is an all-new, modern Gopher server. It can serve documents
with Gopher+, standard Gopher (RFC1436), and HTTP -- all on the same
port. Pygopherd features a modular extension system as well as
loadable scripts and much more. It contains full support for
UMN gopherd systems -- including .Links, .names, .cap, searches, etc.
Pygopherd also supports Bucktooth features such as gophermap files
and executables. In addition to all this, there are Pygopherd's own
extra features. All features are fully customizable and can be enabled
or disabled by editing etc/pygopherd/pygopherd.conf.
including <des.h> if we are on -current or create a symlink in the
BUILDLINK_DIR if we don't have OpenSSL 0.9.7).
Closes PR pkg/22710 by Soren Jacobsen. Bump pkgrevision to 4.
Patch provided by Adrian Portelli via PR pkg/22323 with some changes by me
(GCC 3.x fixes)
Changes:
* Made the source ansi compliant and fixed namespace usage.
* Made debuging a command line switch.
* Converted code to use namespaces.
* Files now only get allocated as they're downloaded and don't
fragment the hard drive
* Large torrents no longer hose the CPU
* Better network utilization and more consistent download rates
* Poorly seeded torrents get out faster
* Several important bug fixes
curses.buildlink2.mk. This was wrong because we _really_ do want to
express that we want _n_curses when we include the buildlink2.mk file.
We should have a better way to say that the NetBSD curses doesn't
quite work well enough. In fact, it's far better to depend on ncurses
by default, and exceptionally note when it's okay to use NetBSD curses
for specific packages. We will look into this again in the future.
3.1.6, 2003-08-25
+ Fixed an important bug that was causing socket leaks on Windows.
+ Added support for GCC 3.4 precompiled headers.
+ Aborting transfers is now more robust.
+ Re-fixed a problem where high ASCII characters at the NcFTP prompt
could cause it to exit.
+ Bug fixed where timeouts may not have worked.
+ To the improved ASCII handling from 3.1.5, added another case where we
workaround files sent by a buggy FTP server implementation whose
files have CR+CR+LF end-of-lines.
+ More fixes related to the above, as well as few other fixes from
Martin StorsjÃ.
+ Bug fixed where an upload filename could have been limited to 127
characters.
+ Firewall exception hosts are no longer case sensitive.
+ Bug fixed in ncftpput's "-c" option so it works with the "-f" option
(Thanks, ITO Tsuyoshi).
+ Ncftpbatch will now try to temporarily skip a failing host in the
current run (Thanks, Eric Engstrom).
+ Bug fixed where a several minute delay would be incurred if you
tried to transfer a file that did not exist.
+ For the malicious server problem that was addressed in 3.1.5, enhanced
the fix for better compatibility with Serv-U and WS_FTP servers.
3.1.5, 2002-10-13
+ Problem fixed where a malicious or trojaned FTP server could send back
pathnames with directories different from the directory requested.
For example, if you did:
cd /pub
get *.zip
the malicious server could
send back a pathname like ../../../some/other/dir/filename.here
rather than pathnames such as filename.zip and trick NcFTP into writing
into a different local pathname if your user privileges had permission
to write it.
For details, see the CERT Vulnerability Note, at
http://www.kb.cert.org/vuls/id/210409
+ Bug fixed where cd messages from remote server were not being displayed.
+ It's now possible to capture the output of the progress reports from
ncftpget/put by redirecting descriptor(s) to a file. Previous releases
required a "tty" to enable progress reports.
+ Compatibility fixes for AIX, Linux, Mac OS X, IRIX 6.2 and SunOS 4.
+ Be less pedantic about incorrectly formatted multi-line responses.
+ Bug fixed where NcFTP could hang at exit.
+ For ASCII transfers, try harder to handle non-native end-of-line formats.
3.1.4, 2002-07-02
+ Bug fixed in Win32 port which could cause NcFTP to mis-parse output
from Roxen FTP servers.
+ We now try to have ncftpbatch leave a core file for debugging if it
exits with SIGSEGV, SIGBUS, or SIGILL.
+ Fixed(?) an elusive bug which had been present for the past few versions
which could cause ncftpbatch to infinite loop or sleep too long.
+ New configure flag, --disable-ccdv.
+ Compatibility fixes for C++ and Linux.
+ Fixed a socket leak and a crash on Win32.
+ A few minor fixes for firewall logins (Thanks, Jochen Schnapka).
+ By default, proxy connections for PORT are no longer allowed. This is
mostly an extra security precaution, to eliminate cases where someone
could hijack a data connection by connecting to us after we issue PORT
but before the server could connect to us.
+ ncftpls now accepts a "-R" flag which is equivalent to "-x -lR".
+ Bugs fixed in configure script for our "--with-*" arguments
(Thanks, David Kaelbling).
+ A few new firewalls (permutations of type 1). (Thanks, Felix Buenemann)
3.1.3, 2002-03-27
+ Bug fixed on Solaris where a socket could be left in non-blocking mode.
+ Ls parsing is now more forgiving of weird /bin/ls implementations (AIX).
+ Be more lenient on broken server implementations which include extra
blank lines in the control connection conversation.
+ Fix for ncftpget which was exiting with code 3 if URL mode was used
and the file already existed.
+ Fix for resume prompts which in some cases was printing dates in the
format like "Sun Feb 20:02:15 CST 2002" instead of
"Sun Feb 24 20:02:15 CST 2002". (I.e. the day of the month was
missing.)
+ Compatibility fixes for IRIX 5.x and AIX 4.2.x.
+ Compatibility fixes for Cygwin
(Thanks, Charles Wilson <cwilson AT ece.gatech.edu>).
+ Some extra debugging information is now logged to the trace logs.
+ When running the Windows bookmark editor in standalone mode, the
program may not have launched NcFTP correctly with the selected
bookmark (Thanks, Jochen.Erwied AT mbs-software.de).
3.1.2, 2002-01-30:
+ A fix for the local hostname detection code which could result with only
the first character of the domain appended, rather than the entire domain
(Thanks, Bernhard Sadlowski <sadlowsk AT mathematik.uni-bielefeld.de>).
+ Another bug fixed in local hostname detection where looking up the host
by IP address was not done correctly.
+ Fixed a few portability problems on HP-UX 10.20 which were introduced
in 3.1.0.
+ Fixed bug with readdir_r usage on Solaris, which could cause crashes
when doing "put -R", among other things.
+ On Linux, use gethostbyname2_r() to specify that we only want IPv4
addresses returned.
+ Reversing behavior from 3.1.0 where we did a shutdown() on the half
of the socket that wasn't used. We suspect this was causing some
firewalls and routers to panic and assume the whole connection was
to be closed.
+ Bug fixed where an unresolvable hostname caused a pointless connection
attempt which would fail.
+ Shell utilities now print an error message when incompatible flags
are used in conjunction with "-b" or "-c".
+ A few fixes for ncftpbatch.
+ Numerous fixes for SOCKS5.
3.1.1, 2001-12-23:
+ Fixed bugs with our use of gethostbyname_r/addr_r on Linux.
+ Fixed bugs with our implementation of stat64() on Windows, which caused
problems when querying information about local directories.
+ Source distributions now include install-sh again.
+ Bug fixed with Win32 version of ncftpbookmarks, which could look
in $HOME/.ncftp rather than $HOME/ncftp. Many Win32 users weren't
affected, since the HOME environment variable is not always set.
3.1.0, 2001-12-17:
+ ACCT is now always sent if the server requests it and you're going
through the firewall.
+ Bug fixed where puts could delay a few seconds unnecessarily after
the file had been sent.
+ Bug fixed where passwords were saved if you chose to autosave bookmarks.
NcFTP also makes an effort to avoid saving passwords in the history
and trace files if you foolishly use passwords on your command lines.
+ Bug fixed on Win32 port where putting a file that did not exist could
cause a crash.
+ The "-r" (recursive) flag is back for "bgget" and "bgput". We now spool
the directory by creating individual spool files for each file in the
directory, which should increase reliability and usability of this feature.
+ The binary packages should be a bit leaner, since ncftpls wasn't getting
stripped.
+ Library optimizations should result in less unneeded code included with
programs that use the libraries. The binaries should be smaller as a
result.
+ Recursive uploading has been substantially reworked. "put -R" should now
work better, especially on the Win32 port. Arbitrary pathname sizes have
also been removed, so directory trees should only be limited by available
memory and stack space.
+ Huge number of lint fixes. NcFTP now compiles cleanly on several
platforms even with extra warning options enabled.
+ Large number of internal changes to the configure scripts.
+ Using my cool hack, "ccdv", in Makefiles. Originally this became a
necessity since some platforms could have $CFLAGS 4 or 5 lines long!
Besides streamlining the build process so that lint warnings can
easily be spotted, the builds are pleasing to the eye with ANSI color
if your $TERM supports it.
+ Fixed bug where Win32 $HOME bug fixed for 3.0.4 wasn't fixed for
ncftpbookmarks.
+ Fixes for large file support for the Win32 port.
+ Bugs fixed in Win32 port of ncftpbatch.
+ A few bug fixes for getline.
+ The default ASCII extensions list no longer include ".sh", since Sun
apparently distributes the JDK as a shell script with binary data
appended.
3.0.4, 2001-10-24:
+ Workaround new "feature" of glibc which defines printf as a macro if
gcc is version 2.97 or later.
+ Bug fixed from 3.0.3 that caused ^Z (suspend) to quit ncftp when it
was brought back to the foreground.
+ Bug fixed where large file support (LFS) was disabled on most systems.
+ New "ncftpspooler" utility program (actually a hard link to
"ncftpbatch") serves as a "Global batch FTP job processor daemon."
+ The utility program ncftpget now has a "-c" flag like ncftpput has.
+ Utility programs can now accept more than one -W/-X/-Y option, if
multiple commands are needed.
+ When changing directories, programs will try to change to the full path
first, then fall back to using "change one subdir at a time" mode.
+ Bug fixed where using the "delete local file after upload" option
and the "upload into temp file, then rename" option, the local file
would get deleted anyway if the rename failed.
+ Compatibility fixes for HP-UX.
+ Internal limits increased to handle longer command lines and more parameters.
+ Improvement to the reliability of the Win32 version by using the
_snprintf and _vsnprintf functions rather than sprintf and vsprintf.
+ A few more tweaks for MS-DOS pathname compatibility.
+ A tweak for better compatibility with Microsoft IIS.
+ A few tweaks for Cygwin support.
+ Fixes for --sysconfdir configure option courtesy of Christian Wiesgerber.
+ SOCKS5 is back in, but we don't support it.
+ Improved Y2K bug detection in remote servers.
+ Changed naming format for bgget/put spool files. The contents are now
documented; see the ncftpspooler man page.
+ Bug fixed in Win32 port which used $HOME rather than $HOME/ncftp as the
UNIX equivalent of the $HOME/.ncftp directory. Since most folks won't
have a $HOME environment variable on Win32, you'll probably not notice
the change.
(Note that anyway, maradns' installation process is screwed up. It uses
cp and mkdir to install things, it copies useless stuff like Makefiles,
installs duplicates of manpages, etc...)
Changes:
Cleaned up and fixed a bug in the MaraDNS startup
script. Now, the only prorcesses that will be killed
will be bona fide MaraDNS processes.
Closes PR pkg/22963.
patch provided by Quentin Garnier in PR 22320
rc2 changes
* Major code rewrite (me)
* Fix for a problem about port number printing in TCP mode (thanks to
Yann Berthier)
* MTU value sanity check in option parsing (Nicolas Jombart)
* Fix the use of -W option (Nicolas Jombart)
* strlcpy() when needed (Brieuc Jeunhomme)
* source routing and random bugfixes (Brieuc Jeunhomme)
* Fix a bug when using BSD and a PPP link as a default route, and more
(Nicolas Jombart)
* --rand-source for random source addresses (me)
* --rand-dest for random destination addresses + manpage update (me)
* all the atoi() call was replaced with strto[u]l() (me)
* seq/ack setting using strtoul() instead of atoi() (Shachar Shemesh)
* DF added to the icmp and udp output (me)
* --port ++ fixed with UDP and enanched for TCP/UDP. Now the packets
matches only with a sport that is in the range base_dest_port -
current_dest_port (me) (Thanks to David Bar <dbar@Checkpoint.com>
for the original report).
trickle is a portable lightweight userspace bandwidth shaper. It
can run in collaborative mode (together with trickled) or in stand
alone mode. trickle works by taking advantage of the unix loader
preloading. Essentially it provides, to the application, a new
version of the functionality that is required to send and receive
data through sockets. It then limits traffic based on delaying the
sending and receiving of data over a socket. Trickle runs entirely
in userspace and does not require root privileges.
Package provided by pancake <pancake@phreaker.net> via pkgsrc-wip.
MaraDNS is a package that implements the Domain Name Service (DNS), an
essential internet service. MaraDNS is intended for environments where a DNS
server must be secure and where the server must use the absolute minimum
number of resources possible. MaraDNS was created in response to issues
people had with the DNS servers available in early 2001; and has the
following design goals:
Security-aware programming. A DNS server needs to be secure. I have a number
of security features in the code, including:
1. The code uses a special string library which is resistant to buffer
overflows.
2. The code, if started as root, mandates running as an unpriviledged user
in a chroot() jail.
Open-Source. The 1.0 release of the DNS server is public-domain code;
the 1.2 release will be released under a very liberal BSD-style license.
Simplicity. This DNS server has the minimum number of features needed to
correctly act as an authoritative and/or recursive name server.
root/ignoreip, in response to Verisign's latest silliness. The
behavior of dnscache is unchanged unless you create this file. Bump
PKGREVISION.
While I'm here, change the "post-patch" target to "do-configure",
since that's what it's doing.
See <URL:http://tinydns.org/djbdns-1.05-ignoreip2.patch> for more
information about this patch.
Patch from Adrian Portelli via PR pkg/22900.
Changes:
- Added Thresholding and Suppression features (Marc Norton/Sourcefire)
- Fixed TCP RST processing bug found (Shai Rubin)
- Cleanup of spp_arpspoof (Jeff Nathan)
- Cleanup of win32 version including proper Event Log support (Chris Reid)
- Munged data fixes for stream4 (Chris Green)
--- 9.2.2-P3 released ---
1512. [bug] Extend the delegation-only logging to return query
type, class and responding nameserver.
1511. [bug] delegation-only was generating false positives
on negative answers from subzones.
Based on PR pkg/22680 by Jon Olsson.
Changes:
- add new build-time options: PURE_FTPD_USE_TLS, PURE_FTPD_USE_VIRTUAL_CHROOT
- make the MySQL support actually work
- install more documentation
1.0.16a:
========
- Fix typo (sizeof_resolved instead of sizeof resolved) in src/bsd-realpath.c
Not a vulnerability because it happens in the good way, but it sometimes
used to break uploadscript.
1.0.16:
=======
- An obsolete comment in pure-ftpd.conf was fixed : RPMs don't parse
/etc/sysconf/pure-ftpd any more.
- Recognize the '##' prefix as a shadowed password - make authentication work
on Solaris with shadow/NIS.
- Add back some random sleep() between authentication failures in addition to
the exponential sleep. Zzzzz... sleeping is good in summer...
- Upgrade to automake 1.7.5.
- The list of options in the pure-ftpd(8) man page was reordered -
Thanks to our beloved Claudiu Costin.
- SSL/TLS support was added (bits in src/{ftpd.c,ftp_parser.c,tls.c,tls.h,
configure.ac}, new doc: README.TLS, new globals: tls_ctx, tls_cnx). New
related commands were introduced : AUTH, PBSZ and PROT.
- Uploaded files are now removed when realpath() fails and bsd_realpath() was
modified to fall back to getcwd()/chdir() if we can't get a descriptor on
the current directory because it is not readable. It fixes pure-uploadscript
on some platforms like MacOS X.
- HAVE_BROKEN_REALPATH is gone. USE_BUILTIN_REALPATH is born.
- A typo in the Python configuration file wrapper was fixed : -t was used in
place of -y.
- MacOS X Panther has a lousy getnameinfo() implementation that doesn't fill
the buffer when no DNS entry is found for a host and a numerical result
wasn't explicitely asked. As a result, Pure-FTPd didn't even start on Panther
(saying "bad IP address") . We now check for EAI_NONAME if available and we
retry with NI_NUMERICHOST if this is what getnameinfo() returns. Thanks to
Yann Bizeul for his valuable help on this issue.
- Implement a working strdup() replacement in puredb for systems lacking it.
- Some MAXPATHLEN / MAXPATHLEN + 1 cleanups. Basically when paths are
generated by our own functions, we use MAXPATHLEN for the complete
zero-terminated string. When a buffer is passed to a libc function, we reserve
a MAXPATHLEN + 1 buffer and give a MAXPATHLEN size, just to avoid bad
surprises if an off-by-one ever occurs in a getcwd() like function.
- Don't use make_scrambled_password() in the MySQL backend because the API
changed since MySQL 4.1.
- Removed fixed-size constant arrays in src/crypto.c because of MacOS X linker
bugs (grrr...) .
Also closes PR pkg/22845 by Adrian Portelli.
Changes:
3.45:
=====
- Added new HTTPOptions and RTSPRequest probes suggested by MadHat
(madhat(a)unspecific.com)
- Integrated more service signatures from MadHat
(madhat(a)unspecific.com), Brian Hatch (bri(a)ifokr.org), Niels
Heinen (zillion(a)safemode.org), Solar Designer
(solar(a)openwall.com), Seth Master
(smaster(a)stanford.edu), and Curt Wilson
(netw3_security(a)hushmail.com),
- Applied a patch from Solar Eclipse (solareclipse(a)phreedom.org)
which increases the allowed size of the 'extrainfo' version field from
80 characters to 128. The main benefit is to allow longer apache module
version strings.
- Fixed Windows compilation.
- Applied some updates to README-WIN32 sent in by Kirby Kuehl
(kkuehl(a)cisco.com). He improved the list of suggested registry
changes and also fixed a typo or two. He also attached a .reg file
automate the Nmap connect() scan performance enhancing registry
changes. I am now including that with the Nmap Windows binary .zip
distribution (and in mswin32/ of the source distro).
- Applied a one-line patch from Dmitry V. Levin (ldv@altlinux.org)
which fixes a test Nmap does during compilation to see if an existing
libpcap installation is recent enough.
3.40PVT17:
==========
- Wrote and posted a new paper on version scanning to
http://www.insecure.org/nmap/versionscan.html . Updated
nmap-service-probes and the Nmap man page to simply refer to this
URL.
- Integrated more service signatures from my own scanning as well as
contributions from Brian Hatch (bri(a)ifokr.org), MadHat
(madhat(a)unspecific.com), Max Vision (vision(a)whitehats.com), HD
Moore (hdm(a)digitaloffense.net), Seth Master
(smaster(a)stanford.edu), and Niels Heinen (zillion(a)safemode.org).
MadHat also contributed a new probe for Windows Media Service. Many
people set a LOT of signatures, which has allowed
nmap-service-probes to grow from 295 to 356 signatures representing
85 service protocols!
- Applied a patch (with slight changes) from Brian Hatch
(bri(a)ifokr.org) which enables caching of SSL sessions so that
negotiation doesn't have to be repeated when Nmap reconnects to the same
between probes.
- Applied a patch from Brian Hatch (bri@ifokr.org) which optimizes the
requested SSL ciphers for speed rather than security. The list was
based on empirical evidence from substantial benchmarking he did with
tests that resemble nmap-service-scanning.
- Updated the Nmap man page to discuss the new version scanning
options (-sV, -A).
- I now include nmap-version/aclocal.m4 in the distribution as this is
required to rebuild the configure script ( thanks to Dmitry V. Levin
(ldv(a)altlinux.org) for notifying me of the problem.
- Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which
detects whether the PCRE include file is <pcre.h> or <pcre
- Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which
fixes typos in some error messages. The patch apparently came from
the highly-secure and stable Owl and Alt Linux distributions. Check
them out at http://www.openwall.com/Owl/ and
http://www.altlinux.com/
- Fixed compilation on Mac OS X - thanks to Brian Hatch
(bri(a)ifokr.org> and Ryan Lowe (rlowe(a)pablowe.net) for giving me
access to Mac OS X boxes.
- Stripped down libpcre build system to remove libtool dependency and
other cruft that Nmap doesn't need. (this was mostly a response to
libtool-related issues on Mac OS X).
- Added a new --version_trace option which causes Nmap to print out extensive
debugging info about what version scanning is doing (this is a subset
of what you would get with --packet_trace). You should usually use
this in combination with at least one -d option.
- Fixed a port number printing bug that would cause Nmap service
fingerprints to give a negative port number when the actual port was
above 32K. Thanks to Seth Master (smaster@stanford.edu) for finding
this.
- Updated all the header text again to clarify our interpretation of
"derived works" after some suggestions from Brian Hatch
(bri(a)ifokr.org)
- Updated the Nsock config.sub/config.guess to the same newer versions
that Nmap uses (for Mac OS X compilation).
3.40PVT16:
==========
- Fixed a compilation problem on systems w/o OpenSSL that was
discovered by Solar Designer. I also fixed some compilation
problems on non-IPv6 systems. It now compiles and runs on my
Solaris and ancient OpenBSD systems.
- Integrated more services thanks to submissions from Niels Heinen
(zillion(a)safemode.org).
- Canonicalized the headers at the top of each Nmap/Nsock header src
file. This included clarifying our interpretation of derived works,
updating the copyright date to 2003, making the header a bit wider,
and a few other light changes. I've been putting this off for a
while, because it required editing about a hundred !#$# files!
3.40PVT15:
==========
- Fixed a major bug in the Nsock time caching system. This could
cause service detection to inexplicably fail against certain ports in
the second or later machines scanned. Thanks to Solar Designer and HD
Moore for helping me track this down.
- Fixed some *BSD compilation bugs found by
Zillion (zillion(a)safemode.org).
- Integrated more services thanks to submissions from Fyodor Yarochkin
(fygrave(a)tigerteam.net), and Niels Heinen
(zillion(a)safemode.org), and some of my own exploring. There are
now 295 signatures.
- Fixed a compilation bug found by Solar Designer on machines that
don't have struct sockaddr_storage. Nsock now just uses "struct
sockaddr *" like connect() does.
- Fixed a bug found by Solar Designer which would cause the Nmap
portscan table to be truncated in -oN output files if the results are
very long.
- Changed a bunch of large stack arrays (e.g. int portlookup[65536])
into dynamically allocated heap pointers. The large stack variables
apparently caused problems on some architectures. This issue was
reported by osamah abuoun (osamah_abuoun(a)hotmail.com).
3.40PVT14:
==========
- Added IPv6 support for service scan.
- Added an 'sslports' directive to nmap-service-probes. This tells
Nmap which service checks to try first for SSL-wrapped ports. The
syntax is the same as the normal 'ports' directive for non-ssl ports.
For example, the HTTP probe has an 'sslports 443' line and
SMTP-detecting probes have and 'sslports 465' line.
- Integrated more services thanks to submissions from MadHat
(madhat(a)unspecific.com), Solar Designer (solar(a)openwall.com), Dug
Song (dugsong(a)monkey.org), pope(a)undersec.com, and Brian Hatch
(bri(a)ifokr.org). There are now 288 signatures, matching these 65
service protocols:
chargen cvspserver daytime domain echo exec finger font-service
ftp ftp-proxy http http-proxy hylafax ident ident imap imaps ipp
ircbot ircd irc-proxy issrealsecure landesk-rc ldap meetingmaker
microsoft-ds msrpc mud mysql ncacn_http ncp netbios-ns netbios-ssn
netsaint netwareip nntp nsclient oracle-tns pcanywheredata pop3
pop3s postgres printer qotd redcarpet rlogind rpc rsync rtsp shell
smtp snpp spamd ssc-agent ssh ssl telnet time upnp uucp vnc
vnc-http webster whois winshell X11
- Added a Lotus Notes probe from Fyodor Yarochkin
(fygrave(a)tigerteam.net).
- Dug Song wins the "award" for most obscure service fingerprint
submission. Nmap now detects Dave Curry's Webster dictionary server
from 1986 :).
- Service fingerprints now include a 'T=SSL' attribute when SSL
tunneling was used.
- More portability enhancements thanks to Solar Designer and his Linux
2.0 libc5 boxes.
- Applied a patch from Gisle Vanem (giva(a)bgnett.no) which improves
Windows emulation of the UNIX mmap() and munmap() memory mapping calls.
3.40PVT13:
==========
- Added SSL-scan-through support. If service detection finds a port to be
SSL, it will transparently connect to the port using OpenSSL and use
version detection to determine what service lies beneath. This
feature is only enabled if OpenSSL is available at build time. A
new --with-openssl=DIR configure option is available if OpenSSL is
not in your default compiler paths. You can use --without-openssl
to disable this functionality. Thanks to Brian Hatch
(bri(a)ifokr.org) for sample code and other assistance. Make sure
you use a version without known exploitable overflows. In
particular, versions up to and including OpenSSL 0.9.6d and
0.9.7-beta2 contained serious vulnerabilities described at
http://www.openssl.org/news/secadv_20020730.txt . Note that these
vulnerabilities are well over a year old at the time of this
writing.
- Integrated many more services thanks to submissions from Brian
Hatch, HellNBack ( hellnbak(a)nmrc.org ), MadHat, Solar Designer,
Simple Nomad, and Shawn Wallis (swallis(a)ku.edu). The number of
signatures has grown from 242 to 271. Thanks!
- Integrated Novell Netware NCP and MS Terminal Server probes from
Simple Nomad (thegnome(a)nmrc.org).
- Fixed a segfault found by Solar Designer that could occur when
scanning certain "evil" services.
- Fixed a problem reported by Solar Designer and MadHat (
madhat(a)unspecific.com ) where Nmap would bail when certain Apache
version/info responses were particularly long. It could happen in
other cases as well. Now Nmap just prints a warning.
- Fixed some portability issues reported by Solar Designer
( solar(a)openwall.com )
3.40PVT12:
==========
- I added probes for SSL (session startup request) and microsoft-ds
(SMB Negotiate Protocol request).
- I changed the default read timeout for a service probe from 7.5s to 5s.
- Fixed a one-character bug that broke many scans when -sV was NOT
given. Thanks to Blue Boar (BlueBoar(a)thievco.com) for the report.
3.40PVT11:
==========
- Integrated many more services thanks to submissions from Simple
Nomad, Solar Designer, jerickson(a)inphonic.com, Curt Wilson, and
Marco Ivaldi. Thanks! The match line count has risen from 201 to 242.
- Implemented a service classification scheme to separate the
vendor/product name from the version number and any extra info that
is provided. Instead of v/[big version string]/, the new match
lines include v/[vendor/productname]/[version]/[extrainfo]/ . See
the docs at the top of nmap-service-probes for more info. This
doesn't change the normal output (which lumps them together anyway),
but they are separate in the XML so that higher-level programs can
easily match against just a product name. Here are a few examples
of the improved service element:
<service name="ssh" product="OpenSSH" version="3.1p1"
extrainfo="protocol 1.99" method="probed" conf="10" />
<service name="domain" product="ISC Bind" version="9.2.1"
method="probed" conf="10" />
<state state="open" /><service name="rpcbind" version="2"
extrainfo="rpc #100000" method="probed" conf="10" />
<service name="rndc" method="table" conf="3" />
- I went through nmap-service-probes and added the vendor name to more
entries. I also added the service name where the product name
itself didn't make that completely obvious.
- SCO Corporation of Lindon, Utah (formerly Caldera) has lately taken
to an extortion campaign of demanding license fees from Linux users
for code that they themselves knowingly distributed under the terms
of the GNU GPL. They have also refused to accept the GPL, claiming
that some preposterous theory of theirs makes it invalid. Meanwhile
they have distributed GPL-licensed Nmap in (at least) their
"Supplemental Open Source CD". In response to these blatant
violations, and in accordance with section 4 of the GPL, we hereby
terminate SCO's rights to redistribute any versions of Nmap in any
of their products, including (without limitation) OpenLinux,
Skunkware, OpenServer, and UNIXWare.
3.40PVT10:
==========
- Added "soft matches". These are similar to normal match lines in
that they provide a regex for recognizing a service (but no version).
But instead of stopping at softmatch service recognition, the scan
continues looking for more info. It only launches probes that are
known-capable of matching the softmatched service. If no version
number is found, at least the determined service is printed. A
service print for submission is also provided in that case. So this
provides more informative results and improves efficiency.
- Cleaned up the Windows support a bit and did more testing and
fixing. Windows service detection seems to be working fine for me
now, although my testing is still pretty limited. This release
includes a Windows binary distribution and the README-WIN32 has been
updated to reflect new compilation instructions.
- More service fingerprints! Thanks to Solar Designer, Max Vision,
Frank Denis (Jedi/Sector One) for the submissions. I also added a
bunch from my own testing. The number of match lines went from 179
to 201.
- Updated XML output to handle new version and service detection
information. Here are a few examples of the new output:
<port protocol="tcp" portid="22"><state state="open" /><service
name="ssh" version="OpenSSH 3.1p1 (protocol 1.99)" method="probed"
conf="10" /></port>
<port protocol="tcp" portid="111"><state state="open" /><service
name="rpcbind" version="2 (rpc #100000)" method="probed" conf="10" /></port>
<port protocol="tcp" portid="953"><state state="open" /><service
name="rndc" method="table" conf="3" /></port>
- Fixed issue where Nmap would quit when ECONNREFUSED was returned
when we try to read from an already-connected TCP socket. FreeBSD
does this for some reason instead of giving ECONNRESET. Thanks to
Will Saxon (WillS(a)housing.ufl.edu) for the report.
- Removed the SERVICEMATCH_STATIC match type from
nmap-service-probes. There wasn't much benefit of this over regular
expressions, so it isn't worth maintaining the extra code.
3.40PVT9:
=========
- Added/fixed numerous service fingerprints thanks to submissions from
Max Vision, MadHat, Seth Master. Match lines went
from 164 to 179.
- The Winpcap libraries used in the Windows build process have been
upgraded to version 3.0.
- Most of the Windows port is complete. It compiles and service scan
works (I didn't test very deeply) on my WinXP box with VS.Net 2003.
I try to work out remaining kinks and do some cleanup for the next
version. The Windows code was restructured and improved quite a bit,
but much more work remains to be done in that area. I'll probably
do a Windows binary .zip release of the next version.
- Various minor fixes
3.40PVT8:
=========
- Service scan is now OFF by default. You can activate it with -sV.
Or use the snazzy new -A (for "All recommended features" or
"Aggressive") option which turns on both OS detection and service
detection.
- Fixed compilation on my ancient OpenBSD 2.3 machine (a Pentium 60 :)
- Added/fixed numerous service fingerprints thanks to submissions from
Brian Hatch, HD Moore, Anand R., and some of my own testing. The
number of match lines in this version grows from 137 to 164! Please
keep 'em coming!
- Various important and not-so-important fixes for bugs I encountered
while test scanning.
- The RPC grinder no longer prints a startup message if it has no
RPC-detected ports to scan.
- Some of the service fingerprint length limitations are relaxed a bit
if you enable debugging (-d).
3.40PVT7:
=========
- Added a whole bunch of services submitted by Brian Hatch
(bri(a)ifokr.org). I also added a few Windows-related probes.
Nmap-service-probes has gone from 101 match strings to 137. Please
keep the submissions coming.
- The question mark now only appears for ports in the OPEN state and
when service detection was requested.
- I now print a separator bar between service fingerprints when Nmap
prints more than one for a given host so that users understand to
submit them individually (suggested by Brian Hatch (bri(a)ifokr.org))
- Fixed a bug that would cause Nmap to print "empty" service
fingerprints consisting of just a semi-colon. Thanks to Brian Hatch
(bri(a)ifokr.org) for reporting this.
3.40PVT6:
=========
- Banner-scanned hundreds of thousands of machines for ports
21,23,25,110,3306 to collect default banners. Where the banner made
the service name/version obvious, I integrated them into
nmap-service-probes. This increased the number of 'match' lines from
27 to more than 100.
- Created the service fingerprint submission page at
http://www.insecure.org/cgi-bin/servicefp-submit.cgi
- Changed the service fingerprint format slightly for easier
processing by scripts.
- Applied a large portability patch from Albert Chin-A-Young
(china(a)thewrittenword.com). This cleans up a number of things,
particularly for IRIX, Tru64, and Solaris.
- Applied NmapFE patch from Peter Marschall (peter(a)adpm.de) which
"makes sure changes in the relay host and scanned port entry fields
are displayed immediately, and also keeps the fields editable after
de- and reactivating them."
3.40PVT4:
=========
- Limited the size of service fingerprints to roughly 1024 bytes.
This was suggested by Niels Heinen (niels(a)heinen.ws), because the previous
limit was excessive. The number of fingerprints printed is also now
limited to 10.
- Fixed a segmentation fault that could occur when ping-scanning large
networks.
- Fixed service scan to gracefully handle host_timeout occurrences when
they happen during a service scan.
- Fixed a service_scan bug that would cause an error when hosts send
data and then close() during the NULL probe (when we haven't sent
anything).
- Applied a patch from Solar Designer (solar(a)openwall.com) which
corrects some errors in the Russian man page translation and also a
couple typos in the regular man page. Then I spell-checked the man
page to reduce future instances of foreigners sending in diffs to
correct my English :).
3.40PVT3:
=========
- Nmap now prints a "service fingerprint" for services that it is
unable to match despite returning data. The web submission page it
references is not yet available.
- Service detection now does RPC grinding on ports it detects to be
running RPC.
- Fixed a bug that would cause Nmap to quit with an Nsock error when
--host_timeout was used (or when -T5 was used, which sets it
implicitly).
- Fixed a bug that would cause Nmap to fail to print the OS
fingerprint in certain cases. Thanks to Ste Jones
(root(a)networkpenetration.com) for the problem report.
3.40PVT2:
=========
- Nmap now has a simple VERSION detection scheme. The 'match' lines in
nmap-service-probes can specify a template version string
(referencing subexpression matches from the regex in a perl-like
manner) so that the version is determined at the same time as the
service. This handles many common services in a highly efficient
manner. A more complex form of version detection (that initiates
further communication w/the target service) may be necessary
eventually to handle services that aren't as forthcoming with
version details.
- The Nmap port state table now wastes less whitespace due to using a new
and stingy NmapOutputTable class. This makes it easier to read, and
also leaves more room for version info and possibly other enhancements.
- Added 's' option to match lines in nmap-service-probes. Just as
with the perl 's' option, this one causes '.' in the regular
expression to match any character INCLUDING newline.
- The WinPcap header timestamp is no longer used on Windows as it
sometimes can be a couple seconds different than gettimeofday() (which
is really _ftime() on Windows) for some reason. Thanks to Scott
Egbert (scott.egbert(a)citigroup.com) for the report.
- Applied a patch by Matt Selsky (selsky(a)columbia.edu) which fixes
configure.in in such a way that the annoying header file "present but
cannot be compiled" warning for Solaris.
- Applied another patch from Matt that (we hope) fixes the "present
but cannot be compiled" warning -- this time for Mac OS X.
- Port table header names are now capitalized ("SERVICE", "PORT", etc)
3.40PVT1:
=========
- Initial implementation of service detection. Nmap will now probe
ports to determine what is listening, rather than guessing based on
the nmap-services table lookup. This can be very useful for
services on unidentified ports and for UDP services where it is not
always clear (without these probes) whether the port is really open
or just firewalled. It is also handy for when services are run on
the well-known-port of another protocol -- this is happening more
and more as users try to circumvent increasingly strict firewall
policies.
- Nmap now uses the excellent libpcre (Perl Compatible Regular
Expressions) library from http://www.pcre.org/ . Many systems
already have this, otherwise Nmap will use the copy it now includes.
If your libpcre is hidden away in some nonstandard place, give
./configure the new --with-libpcre=DIR directive.
- Nmap now uses the C++ Standard Template Library (STL). This makes
programming easier, but if it causes major portability or bloat
problems, I'll reluctantly remove it.
- Applied a patch from Javier Kohen (jkohen(a)coresecurity.com) which
normalizes the names of many Microsoft entries in the
nmap-os-fingerprints file.
- Applied a patch by Florin Andrei (florin(a)sgi.com) to the Nmap RPM
spec file. This uses the 'Epoch' flag to prevent the Redhat Network
tool from marking my RPMs as "obsolete" and "upgrading" to earlier
Redhat-built versions. A compilation flag problem is also fixed.
--- 9.2.2-P2 released ---
1509. [bug] Hint zones should accept delegation-only. Forward
zone should not accept delegation-only.
1508. [bug] Don't apply delegation-only checks to answers from
forwarders.
1507. [bug] Handle BIND 8 style returns to NS queries to parents
when making delegation-only checks.
1506. [bug] Wrong return type for dns_view_isdelegationonly().
Changes:
RELEASE 4.1.2 SEP-11-2003
- Removed an unintended dependency on the Crypt::Rijndael that would cause
SNMPv3 support to be unavailable and the "usm.t" tests to fail due to
a "strict subs" error in Net::SNMP::Security::USM module.
RELEASE 4.1.1 SEP-09-2003
- Corrected a misinterpretation of the "The AES Cipher Algorithm in the
SNMP's User-based Security Model" draft specification that lead to
the incorrect encoding and decoding of the last block of the message.
- The syntax of the get_entries() method was changed to expect the column
values to entered as full OBJECT IDENTIFIERs allowing the traversal of
conceptual rows in different tables which are indexed identically.
- The processing of the serialization of an OBJECT IDENTIFIER was optimized.
- The oid_lex_sort() function was updated to order OBJECT IDENTIFIER strings
padded with spaces as lexicographically greater than unpadded strings.
- An empty contextEngineId in a response message is now accepted during
the SNMPv3 discovery process.
- Corrected an argument validation error with the get_bulk_request()
method.
RELEASE 4.1.0 MAY-06-2003
- Working in conjunction with the Extended Security Options Consortium
(http://www.snmp.com/eso), support for additional privacy protocols
has been added to the SNMPv3 User-based Security Model.
"Extension to the USM to Support Triple-DES EDE in 'Outside' CBC Mode"
Reeder and Gudmunsson; October 1999, expired April 2000
http://www.snmp.com/eso/draft-reeder-snmpv3-usm-3desede-00.txt
"The AES Cipher Algorithm in the SNMP's User-based Security Model"
Blumenthal, Maino, and McCloghrie; October 2002, expired April 2003
http://www.snmp.com/eso/draft-blumenthal-aes-usm-04.txt
- A new method called get_entries() was added to allow the retrieval
of columns of a table entry using get-next-requests or get-bulk-requests.
- The argument "-maxrepetitions" was added to the get_table() method.
- Responses to SNMPv3 messages with non-default contextEngineIDs or
contextNames are now properly processed.
- The method var_bind_names() was added to retrieve an array of the
ObjectNames in the VarBindList in the order in which they were
received in the GetResponse-PDU.
RELEASE 4.0.3 SEP-09-2002
- Net::SNMP objects are now destroyed as expected when they are no
longer referenced. An internal reference to the object allocated by
the Net::SNMP::Dispatcher module is now properly cleared.
- A socket with a file descriptor value of 0 is now accepted by the
Net::SNMP module as a valid and open filehandle.
- Removed an "optimization" which was intended to provide a smoother
initialization of the dispatcher but instead could lead to messages
incorrectly timing out.
RELEASE 4.0.2 MAY-06-2002
- The SNMPv3 request message sent for time synchronization is now sent
with the same securityLevel that is configured for the session.
- The "reserved" bits in the msgFlags field of an incoming SNMPv3
message are now ignored as suggested by RFC 2572.
- When encrypting a SNMPv3 message, the padding byte(s) are now set to
a value equal to the size of the padding. "The actual pad value is
irrelevant..." according RFC 2574 Section 8.1.1.2. However, there
are some agents that expect this byte pattern.
- Corrected a reference count mismatch which would leave a listening
socket open if no response is received from the remote agent.
- Corrected a "deep recursion" error that occurred when using the
get_table() method to retrieve large tables in blocking mode.
- Using the "-delay" argument with the get_table() method no longer
incorrectly delays between message exchanges when retrieving the table.
- Optimizations and improvements were made to the Net::SNMP::Dispatcher
event scheduling and handling procedures.
- The "translate unsigned" logic now correctly handles properly
formatted (but unexpected) negative Counter64, Counter, Gauge, and
TimeTick values.
Changes:
* kpf: Generate proper links in the HTML output for directories with spaces
and umlauts.
* knewsticker: Fix Bug 49114: KNewsticker news download still buggy?
* knewsticker: Fix Bug 52642: does not update an rdf feed when the new feed
has no entries
* knewsticker: Fix Bug 62129: Suggest button is not cancellable."
* knewsticker: Fix Bug 63224: knewsticker doesn't update news
* knewsticker: Fix Bug 63265: Ampersands in news source is shown as underline
* knewsticker: Filters now work properly with original (non-custom) newsfeed
names.
* knewsticker: Scrolltext now eats less CPU, scrolling speed slider influences
speed linearly.
* kmail: Fix crypto plugin loading.
* kmail: Fix decoding of subjected in embedded mime parts.
* kmail: Fix crash during configuring signatures.
* kmail: Fix portability issue in header field decoding.
* kmail: Fix bug that caused mailman to mangle headers.
* kmail: Fix mangling of multiline, quoted-printable encoded subject header.
* kmail: Roaming User Support.
* krfb: multihead fix.
* kget: Roaming User Support.
* knode: Roaming User Support.
Take over maintainership (per discussion with dbj@).
OK'd by seb@ and dbj@.
Close pkg/22706.
Poptop ChangeLog
---------------------------------------------------------------------------
v1.1.3
* Wed Apr 9 2003 Richard de Vroede <r.devroede@linvision.com>
- fixed a potential buffer-overflow in ctrlpacket.c
* Thu Aug 22 2002 Richard de Vroede <richard@linvision.com>
- added stimeout option to pptpd.conf manpage
- updated the Changelog file ;-)
* Tue Aug 20 2002 Richard de Vroede <richard@linvision.com>
- removed debug commandline option from pptpd.init
* Thu Aug 1 2002 Richard de Vroede <richard@linvision.com>
- added config(noreplace) so old configs don't get replaced
- fixed postscriptlet
- adapted spec to cvs tree
* Wed Jun 26 2002 Richard de Vroede <richard@linvision.com>
- specfile now supports --with[out] options
---------------------------------------------------------------------------
v0.9.13 -> v1.1.3
* June 18 2002 Richard de Vroede <richard@linvision.com>
- migrated to version higher than last poptop release
- bugfixed
---------------------------------------------------------------------------
---
BIND 9.2.2-P1 is now available.
In response to high demand from our users, ISC is releasing a patch for BIND
to support the declaration of "delegation-only" zones in caching/recursive
name servers. Briefly, a zone which has been declared "delegation-only" will
be effectively limited to containing NS RRs for subdomains, but no actual
data outside its apex (for example, its SOA RR and apex NS RRset). This can
be used to filter out "wildcard" or "synthesized" data from NAT boxes or from
authoritative name servers whose undelegated (in-zone) data is of no interest.
* Translations updated and added new ones.
* Make GTM work with galeon 2. Thanks to Philip Langdale
for the patch.
* GTM can now detach from wget and let it run in the background.
Thanks to Robert Millan for the patch.
* MIME support to open downloaded files. Thanks to Mark Heily
for this patch.
* GTM now works with wget 1.8.1. Thanks to Philip Langdale
for the patch. Many thanks to many others
who took the time to come up with a patch to fix this.
* The applet now opens GTM if the network is on. This is by default
off but you can change it on the applet properties.
* New proxy option to allow the user to use the same proxy options
for all the protocols. Thanks to Markus Saarinen
for the piece of code.
Patch provided by Adrian Portelli <adrianp@stindustries.net> in PR
pkg/22751.
Changes:
New and updated features
Many often-requested features have been added with this release. If
you're running an older version of Ethereal you may want to have a look.
Conversation List (aka "top talker") support has been added to Ethereal
and Tethereal. Protocol statistics in general have been updated.
Searching capture files has been improved even more -- a new "contains"
display filter operator that searches for strings in PDUs has been
added. The Find dialog now supports case-insensitive searches, hex data
searches, and more.
An H.225 dissector has been added. It can automatically recognize RTP
and RTCP conversations.
A preference file has been added for disabled protocols.
Color filters may now be imported and exported from within Ethereal.
A new column type has been added for cumulative bytes.
New protocols
GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN
Updated protocols
ArtNet, BOOTP/DHCP, DCE/RPC, DCERPCSTAT, DHCPv6, DOCSIS, ENIP, Ethernet,
FCIP, Frame Relay, H.245, HTTP, IPsec, iSCSI, LDAP, LWRES, M2UA, M3UA,
MEGACO, MTP3, NCP, NDPS, NFS, NTLMSSP, PPTP, Q.931, RPC, SAMR, SCCP,
SCTP, SIP, SMB, SMPP, SNA, SNMP, SRVLOC, SUA, TCP, TDS, UCD, UDP, WSP,
Updated capture file support
Support for Accellent 5Views and Endace ERF capture files was added.
CheckPoint FW-1 and Novell LANalyzer support has been enhanced.
Changes in pkgsrc:
o Now it uses GTK2 by default
Patch provided by Peter Reich <pr@alles.prima.de> via PR pkg/22542.
Changes:
0.85 Sep 24 09:51 2002 - 0.85 Mar 06 18:00 2003
- Lower timeouts during tests (Anil Madhavapeddy)
- Add configure_hook to MultiType (Michael Alan Dorman)
- More graceful exit of children in PreForkSimple (Helge Kraenz)
- Correct test for POSIX::setuid(0) success (Peter Chen)
- Allow DOS filenames for conf files (Mark M. Adkins)
- Allow for ndelay on Sys::Syslog::openlog (Doug Perham)
- Add documentation about run_dequeue.
- Add run_dequeue feature to Multiplex personality.
* also remove 6to4 addresses from internal interface, if set
* doc updates
Inspired by patch sent by Markus W Kilbinger <kilbi@rad.rwth-aachen.de>
in private mail.
Changes:
This version fixes more banner problems, fixes bug in compact mode so that
it now reads computer name properly, fixes a bug in the VNC code, and
updates and adds several translations.
adduser and deluser scripts into ${PKG_SYSCONFDIR} that are capable of
dealing with usernames containing a "$". These scripts basically
accept the same options as useradd/userdel. They're meant to be used
in "add user script" and "delete user script" to deal with samba
machine accounts.
Inspired by FreeBSD "ports".
Fix the PLISTs accordingly.
Also, while at it, remove now obsolete compileall.py calls in post-install
targets and insure that extension.mk is in included before builinlinks of
other Python modules.
Discussed with/ok'ed by drochner@.
Net-DNS-SEC updates, seems that IETF has been busy redefining DNSSEC.
When parsing resolver configuration files, IPv6 addresses are now skipped,
as Net::DNS does not yet have IPv6 support.
Broke Net::DNS::Resolver into seperate classes. Many of the globals in
Net::DNS::Resolver no longer exist. They were never documented
so you never used them.... right?
Options to Net::DNS::Resolver->new() are now supported, including
using your own configuration file.
Moved next_id() from Resolver.pm to Header.pm (which is where it is
used).
Tie::DNSHash removed from the package, see Tie::DNS from CPAN for a more
complete implementation of a DNS hash.
Applied David Carmean's patch for handling more than one string in a
TXT RR's RDATA section.
Applied patch from Dan Sully (daniel@electricrain.com) allowing multiple
questions to be part of a DNS packet.
USE_GCC2 or USE_GCC3 where appropriate.
the functionality of the old gcc.buildlink2.mk has been rolled into
compiler.mk now, which is automatically used.
more changes to come later...
Changes from NEWS file:
--------8<--------8<--------8<--------8<--------8<--------8<--------8<
*5.0.9*
SECURITY:
- An existing user/community could get access to data in MIB
objects that were explicitly excluded from their view.
Fixes:
- Perl build environment should better under Windows
- Misc kerberos support fixes.
- Improvements on various manual pages.
- A annoying bug with SETs being passed to pass scripts was fixed.
- The often talked about VACM optimization improvement was fixed again.
- mib2c handles augmentation tables better now.
- Various 64 bit issues have been addressed.
*5.0.8*
New:
- No new features will be added to the 5.0.x line.
Ports:
- Update libtool to version 1.4.3, for the benefit of Darwin
- diskio support for Darwin
- Updates for OpenBSD 3.
- Updates to solaris README
Fixes:
- find libwrap w/nsl on RedHat
- fix for openssl 0.9.7
- Fix some AgentX memory leaks
- use macro for inline function prototypes
- Attempt to find unused port before running tests
- Use SNMP_SLEEP environment variable when running tests
- calculate a proper ifSpeed under linux when possible
- better daemonization of snmpd
- close and reopen snmptrapd log files on HUP
- support for 16 bit reuqest ids
- Recognize new 't' code in display hints
- misc other fixes
*5.0.7*
New:
- VACM (access control) optimizations which will greatly benefit
people who wish to exclude large portions of the MIB tree from
some people. Previously this was a large resource drain.
- Add command line option to snmpd to set syslog facility
- Reverse DISPLAY-HINT processing, i.e. it allows you to input data
formatted like a DISPLAY-HINT prescribes
- Support setting of sysDescr and sysObjectID via snmpd.conf
configuration directives
- New output option to force display of strings as hex
- Persistent directory can be specified at runtime
- Add support for Linux virtual interfaces in the ipAddressTable.
- implemented the mteEventTable and the mteEventNotificationTable
form the DISMAN-EVENT-MIB.
Fixes:
- AgentX no longer flagged as experimental
- A few memory leak fixes for the table_iterator agent API.
- Processed flag cleared before each pass of a set request
- Remove snmpd pid file on exit
- Restore default behaviour of building shared libraries
- misc other fixes
--------8<--------8<--------8<--------8<--------8<--------8<--------8<
NetBSD packages collection as net/p5-RADIUS.
This is a perl module that provides an interface to turn RADIUS packets
into perl data structures and vice-versa.
This addresses PR 22722.
changes:
Version 1.2.4 - 16 Aug 2003
The final version
* Workaround for corrupted shares database problem which many Mac users seem to
have
* Notification for incomplete configuration
* Fix for a subtle race condition between starting transfers and getting a
list of privileged users
* It's now possible to give download privileges to users from the userlist
* Password entry box now uses ***
* Search responses are now buffered - less flicker, less stress on the client
* If log window is collapsed, messages are now duplicated in the status bar
* It's now possible to track status changes for the individual users from
the userlist
Version 1.2.3 - 23 Jul 2003
Added features from Hyriand's patch:
* Pyslsk will ping the server every 30 seconds (rewrote it to be
gui-independent)
* Search history (remembers 10 last searches)
* Log window is now collapsable (state is remembered between sessions),
rewrote it to look prettier than hyriand's version
* Resizable panels aren't deleted anymore when made really small
* Userinfo and browse tabs show user status
* /clear /c will clear a chat screen
* version in the window title
Other fixes:
* the default "queue if" limit is now 10 kb/s to avoid "how do I limit the
number of uploads" questions
* errors when decompressing filelists and search results no longer
cause a crash
* if locking a file is not possible, a download will continue anyway
with a warning
Version 1.2.2 - 24 Jun 2003
* wxPython 2.4.1 fixes; this version is now required, because it fixes
the "crash-on-tab in an empty notebook" problem and handles ctrl-c gracefully
* Ugly but working fix for the "cannot install idle handler twice" crash
Version 1.2.1 - 18 Jun 2003
* Python 2.3 fixes
* Python 2.2.0 fixes
* Fix for "too many open files problem"
* Aborted files are now not restarted when a user logs back on
* New address for postcards
1.3.5 08/07/2003 released
- Now ipa(8) removes created PID-file when exits
- Not it is possible to use OpenBSD PF on not OpenBSD (see the INSTALL file)
- Added a new parameter "debug_worktime"
- Some fixes for code that runs commands
Nicotine is a SoulSeek client written in Python, based on the
PySoulSeek project by Alexander Kanavin. It features, among other
things, a completely rewritten graphical user interface which uses
PyGTK-2 toolkit and a less strict user request policy.
Nicotine is a feature complete client for the SoulSeek filesharing
network. You can use it to upload, download, search and chat. You
can keep a "buddy" list and basically everything else a SoulSeek
client is supposed to do. If you are familliar with PySoulSeek,
you'll probably notice a striking resemblance in appearance. More
info: Daelstorm's Nicotine Propaganda page.
Changes:
Version 2.6.7 - 2003-08-29
* new settings ftp:use-size, ftp:use-mdtm, ftp:use-telnet-iac.
* optimized writing to local disk by increasing write size.
* fixed size catching from 150 ftp server reply.
* correct exit code of commands help, lftp (reported by trancefx).
* hftp improvements from Johannes Zellner: CSM proxy support; colored listings;
do not print hour:minute if not known.
* translations updated.
* fixed a bug with saving last working directory for a site.
* fixed a bug with FXP of zero sized files.
* fixed a bug happening when a 5xx reply is received after QUIT is sent.
* readline updated to version 4.3.
changes from webpage:
Quagga 0.96.2 has been released, which fixes a small but very
annoying ospfd bug. Also includes Mr. Ohara's command.c newline
fix.
Quagga 0.96.1 has been released, which fixes a small but significant
problem with the privileges code.
gnatsperl is a collection of perl modules providing a perl interface to the
gnatsd daemon (GNU gnats issue tracking system). It is intended to allow
developers to more easily create tie-in applications to gnats.
Packages imported from pkgsrc-wip. Ok'ed by wiz@
Net::Jabber is a collection of Perl modules that provide a Perl Developer
access to the Jabber protocol. Using OOP modules we provide a clean
interface to writing anything from a full client to a simple protocol
tester.
Package imported from pkgsrc-wip. Ok'ed by wiz@
Provided in PR pkg/22664 by Min Sik Kim <minskim at bawi dot org>.
Minor tuning by myself.
Changes since version -1.0a11a (aka 1.8a)
* [Tim Buchheim]Mon Feb 10 14:17:40 PST 2003
More updates for wireless animations:
* wireless broadcast packets now use "r" events when animating in
reverse, just like non-broadcast packets. (previously they used
the "h" event even when going backwards)
* wireless and wired nodes can now be mixed with better results.
This requires using the "W" event as well as supplying X and Y
coordinates for all nodes in the scenario.
* The range and duration of the animation of wireless packets can
now be specified on either a per-packet basis or by setting
global parameters.
* [Tim Buchheim]Tue Dec 10 19:02:19 PST 2002
Two changes to the animation of broadcast packets in wireless
scenarios:
* bcast packets used to be animate in real time, not virtual time.
so if you changed the playback speed (or even paused it) the
circles would always expand at the same real rate. Now, the
animation is done in virtual time, like all other objects. So if
you slow down the playback rate, the circles will move slower. If
you increase playback rate, they move faster.
* you can now set the speed for broadcast packets. (previously they
ran at a hardcoded speed.) Use something like the following:
v -t 0.0 -e set_bcast_duration 0.02
The default is currently set to 0.01 (units are seconds)
Version 1.2.1 - 19082003asg
- --------------------------------
* Fixed a bug in dologin.
Now the use of ftp.proxy with a fixed server works again.
Version 1.2.0 - 11072003asg
- --------------------------------
* Looking in this file this numbering scheme displeased me.
From now on every beta release get a subnumber and official
releases a major number.
So this new release will start with 1.2.0
Version 1.1.7.pre3 - 09072003asg
- --------------------------------
* Fixed missing line in the do_login function. Could solve unexpected
behaviour of ftp.proxy.
Mentioned by Michael A. Meiszl and Rasca Gmelch.
Version 1.1.7.pre2 - 06042003asg
- --------------------------------
* Another attempt to deal with an old problem: Suppose the client
lists an almost empty directory (or does any other small data
transmission with the remote server) is might happen that the
proxy receives and spools the data before the 150 response is
send to the client. ftp.proxy uses the TCP_NODELAY socket
options since version 1.1.4 but what if the server (or upstream
proxy) causes the problem?
The proxy does now track if the 150 response arrived already and
the data transmission between client and server is delayed until
it has been received.
Version 1.1.7.pre1 - 04042003asg
- --------------------------------
* Introducing `dynamic configuration programs' aka DCP's. In short
a DCP receives username and remote server as supplied by the user
and sends the proxy server the real FTP server the proxy should
connect to with perhaps different username and password.
Everything of this is optional. Furthermore there is yet no
documentation because DCPs are work in progress and even the DCP
scheme is not fixed yet. There is however a sample DCP named
operator.dcp showing how things basically work.
DCP's required changes to the source code. Even if you do not
use DCP's the changes may influence the way ftp.proxy is working.
The DCP's are based on the idea of 'connection translation program'
from Damian Ivereigh and replaces this feature introduced in 1.1.6.beta6
Version 1.1.6.beta8 - 25MAR2003asg
- ----------------------------------
* Changed -D option: the proxy server port number must now be set
with the -D option.
Version 1.1.6.beta7 - 10FEB2003asg
- ----------------------------------
* Added compile-help in src/Makefile for solaris and a putenv
workaround for the missing function.
Hope ftp.proxy will now compile on solaris without errors.
Mentioned by Gregoire Barbier, Lefteris Giakoumatos,
Christophe Giraud-Briquet, Neil McCalden and others.
* Complete rewrite of multiline server response handling.
Handling is now much more RFC conform in this point.
Version 1.1.6.beta6 - 22JAN2003asg
- ----------------------------------
* Added sample script to start ftp.proxy in debug mode.
* Added sample trp script.
* Do not fork ftp.proxy in daemon mode when debug option is set.
* Changed syslog calls to be more ANSI-C conform.
* Source code compatibility: changed the syslog's `%m' to `%s' with
a `strerror(errno)' argument.
* Added support connection translation program (short: trp's), mentioned
by Damian Ivereigh.
* Introduced version variable in Makefile.
* Added new command line option '-u' to allow usernames with a '@'
in it. Mentioned by Paul Dragicevich.
* Changed GPL to current version.
* Changed getc_fd to handle servers that close the data connection.
* Changed proxy response on PASV because mozilla does not like it.
* Added daemon mode. Now you can start ftp.proxy as daemon using '-D'.
This is still experimental do not use this on productive environments.
The feature will be added official in the next release.
Additional parameters are required.
* Applied patch which fixes problems with multi-line server greetings,
as it appears on 'AppleShare IP FTP Server'. Mentioned by Menno Smits.
* Changed default log facility to LOG_DAEMON. On Linux, FreeBSD and NetBSD
it is still LOG_FTP.
* Modified cfputs() to send the line together with the CR/LF in one
packet to make broken firewalls happy.
package of gftp which uses GTK+ version 1. Actually this package
uses GTK+ version 2. Ok'ed by wiz@
Changes (resumed):
Changes from 2.0.15rc2 to 2.0.15
* FTP: Fixes for selecting ASCII/Binary transfers
* Fixed crash when deleting files in the GTK+ port
* Fixed parsing directory listings that have timestamps that are
not in the current locale.
* More largefile support fixes.
* Updated translations (cs, pl, sr, sr@Latn, sv)
Changes from 2.0.15rc1 to 2.0.15rc2
* Largefile (>2.1GB) fixes.
* When resuming files, look up the right option name. gFTP would bail
out whenever it couldn't look up the right option.
* Fixes to the permissions of files when they are first transfered. New
files are created with the mode 0644 & ~umask.
* Change to the proper local directory when one was enabled with a
bookmark.
* Fixed crash that would occur in the options dialog when you hit Apply,
then OK.
* Fixed possible division by 0 when transfering a file.
* Fixed double free of a gftp_file structure member (utf8_file). This was
not present in 2.0.14.
* FreeBSD PTY and password prompt fixes.
* Detect write errors properly.
* Added --info argument to the command line. This will give some
information about how gFTP was compiled.
Changes from 2.0.14 to 2.0.15rc1
* I18N improvements in GTK+ 2.0 port. If the remote server is not
returning output in UTF8, it will first attempt to convert it from
the local character set and if that fails it will try the character
sets listed in the remote_charsets option.
* Added an improved internal configuration interface. You can now override
just about any option in the bookmarks dialog for a particular site.
* Each protocol that gFTP supports is now completely self contained in
it's own file. So, if gFTP doesn't support your favorite protocol, it
should be pretty easy to add support
... Please review the long list of changes here:
http://gftp.seul.org/changelog.html
Lots of changes and bug fixes since last packaged version,
see installed $PREFIX/share/doc/html/ns/CHANGES.html.
Provided in PR pkg/22633 by Min Sik Kim <minskim at bawi dot org>.
Minor tuning by myself.
Some highlights of changes since 4.2.3:
* PCRE updated to 4.3, GD to 2.0.15
* improved Apache2 support
* much improved stream & URL wrapper support, output compression support
* added CLI (Command Line Interface) SAPI
* debug_backtrace() backported from ZendEngine2
* faster build system
* huge number of other bug fixes and improvements
Packaging changes:
* 'pcre', 'xml', and 'session' modules folded back into main package -
'pcre' and 'xml' is required by PEAR, and 'session' is just too essential
to be separate
* 'gd' module now uses bundled PHP GD library, which is better integrated
* PHP modules use shared distinfo when possible to ease future PHP updates
* ${PREFIX}/bin/php is now CLI version, ${PREFIX}/libexec/cgi-big/php
remains CGI version
USE_PKGINSTALL is "YES". bsd.pkg.install.mk will no longer automatically
pick up a INSTALL/DEINSTALL script in the package directory and assume that
you want it for the corresponding *_EXTRA_TMPL variable.
Tsclient is a frontend for rdesktop
Features:
* GTK+-2.0
* GNOME panel applet to quickly launch saved rdp files
* supports most of the rdesktop-1.1.0 arguments
* reads .rdp files in the M$ Unicode format
* writes .rdp files in ascii (which can then be read by this
and the M$ client)
* looks and functions very much like the M$ client
* is written in C
* features an "rdp picker" which lists .rdp files in ~/.tsclient/
and launches rdesktop from the rdp file when selected
* VNC support as a client only (vncviewer)
Changes:
* Telnet.pm (getlines): Changed behavior so it works like
IO::Handle::getlines(). Instead of returning just the lines
currently available for reading, it now returns all lines until
end-of-file. To get the old behavior, use "All => ''" named
parameter.
* Telnet.pm (put): New method put() is like print(), except that
it doesn't write the trailing output_record_separator ("\n"). It
also takes named parameters.
* Telnet.pm (last_prompt): New method last_prompt() provides the
last prompt matched by cmd() or login().
* Telnet.pm (rs): New method rs() is synonymous with
input_record_separator().
* Telnet.pm (ors): New method ors() is synonymous with
output_record_separator.
* Telnet.pm (ofs): New method ofs() is synonymous with
output_field_separator().
* Telnet.pm (input_log, output_log, option_log): Fixed so they
always return the filehandle of the logfile or "" if logging
turned-off.
* Telnet.pm (dump_log, input_log, option_log, output_log): Fixed
so they work with an unblessed or tied filehandle.
* Telnet.pm (cmd_remove_mode, errmode, input_record_separator)
(max_buffer_length, option_callback, port, prompt, timeout): These
attribute methods now ignore an invalid argument and print a
warning to stderr. This also applies to a named parameter used to
override one of these attributes.
* Telnet.pm (cmd): Added named parameters to override Errmode, and
Input_record_separator.
* Telnet.pm (get, waitfor): Added named parameters to override
Binmode, Errmode, and Telnetmode.
* Telnet.pm (getline, getlines): Added named parameters to
override Binmode, Errmode, Input_record_separator, and Telnetmode.
* Telnet.pm (login, open): Added named parameter to override
Errmode.
* Telnet.pm (login): Added two 0.01 second delays to workaround
bug in Linux login program.
* Telnet.pm (break): Fixed to properly send TELNET break command.
* Telnet.pm (open): Fixed to properly handle an absolute timeout
value.
* Telnet.pm: Squelched the warning "isn't numeric" caused by
deficiency in ActiveState perl and MS-Windows.
* t/select.t: Fixed test #3 so it passes when running on Linux 2.4
or greater.
for a possessive (like her, his, whose, their, and its).
Note that I didn't check for proper use of "its" (when it should
be "it is" or "it has" instead).
I also saw over 15 other grammar or punctuation problems, but not
fixed in this commit.
Changelog of Samba2.2 Japanese Edition
Samba Users Group Japan
Here is the fix list of Samba2.2 Japanese Edition.
The sign of each line means:
*: Fix of Samba Japanese Edition only
x: Fix of sending a patch to Samba Team
c: Fix of being commited a patch by Samba Team
samba-2.2.8a-ja-1.1beta9
~~~~~~~~~~~~~~~~~~~~~~~~
Changes to the internationalized version
* Fixed build problem with Solaris for Sparc [sugj-tech:5695]
* Fixed html conversion problem for swat [sugj-tech:5696]
samba-2.2.8a-ja-1.1beta8
~~~~~~~~~~~~~~~~~~~~~~~~
Changes to the original version
* Fixed ineffective cd(chdir) problem in smbsh [sugj-tech:5647]
* Fixed smbsh problem with BSD original csh [sugj-tech:5649]
* Added target in Makefile for ipk packages [sugj-tech:5661]
samba-2.2.8a-ja-1.1beta7
~~~~~~~~~~~~~~~~~~~~~~~~
Changes to the original version
* Fixed smbsh problem for Linux except i386 [sugj-tech:5619]
* Fixed libtool dependence problem with VFS [sugj-tech:5624]
samba-2.2.8a-ja-1.1beta6
~~~~~~~~~~~~~~~~~~~~~~~~
Changes to the original version
* Fixed smbsh problem for some OSs [sugj-tech:5562]
* Fixed libtool dependence problem with VFS [sugj-tech:5593]
* Fixed Kerberos V problem [sugj-tech:5594]
* Fixed smbsh problem for Linux except i386 [sugj-tech:5596]
samba-2.2.8a-ja-1.1beta5
~~~~~~~~~~~~~~~~~~~~~~~~
Changes to the internationalized version
* Fixed no daemon problem for smbd/nmbd with RPM package
[sugj-tech:5515]
* Fixed alternative getpass() problem in configure [sugj-tech:5522]
Changes to the original version
* Fixed huge file problem for Linux/ppc [sugj-tech:5531]
* Fixed 64bits shared library problem on Solaris [sugj-tech:5535]
samba-2.2.8a-ja-1.1beta4
~~~~~~~~~~~~~~~~~~~~~~~~
Changes to the internationalized version
* Fixed existent gettext library problem [sugj-tech:5385]
* Added -t (specify coding system) option for smbsh [sugj-tech:5476]
Changes to the original version
* Suppressed any warnings on Solaris with Forte C [sugj-tech:5370]
* Fixed smbsh problem for some OSs [sugj-tech:5381]
* Fixed missing low-level getcwd() problem [sugj-tech:5415]
* Fixed timestamp problem for client programs [sugj-tech:5470]
samba-2.2.8a-ja-1.1beta3
~~~~~~~~~~~~~~~~~~~~~~~~
Changes to the internationalized version
* Fixed failure to compile for HP-UX 11.00 [sugj-tech:5320]
* Fixed failure to compile for Solaris [sugj-tech:5322]
Changes to the original version
* Suppressed any warnings on Solaris [sugj-tech:5324]
* Suppressed any warnings on some platforms for PAM [sugj-tech:5328]
samba-2.2.8a-ja-1.1beta2
~~~~~~~~~~~~~~~~~~~~~~~~
Changes to the original version
* Fixed ineffective problem of mangling char [sugj-tech:5308]
* Fixed shared library problem for IRIX [sugj-tech:5310]
* Suppressed any warnings on some platforms [sugj-tech:5310]
samba-2.2.8a-ja-1.1beta1
~~~~~~~~~~~~~~~~~~~~~~~~
Changes to the original version
* Fixed an unsetable problem for group permission from WinXP
[samba-jp:14786]
* Fixed NT architecture problem for WinXP/2003 Server
[samba-jp:14789]
* Fixed configure problem for Solaris [samba-jp:14793]
* Fixed password timeout ploblem with LDAP [sugj-tech:5299]
* Fixed missing send/receive ploblem for huge files [samba-jp:14822]
c Fixed using CIDR of 'hosts allow/deny' parameters [samba-jp:14615]
Highlights:
* Categories implemented.
* Much better No Needed/High Queue Ranking sources handling
* Shared files loading made 30x faster, now supports thousands of files.
* Numerous possible security exploits fixed.
* Generally, code is a lot clearner now.
* Enhanced OS support: NetBSD, OpenBSD, Solaris.
* New Extended Options:
* Various A4AF functionality,
* Drop No Needed Sources,
* Drop High QR Sources,
* Drop Full Queue Sources.
malware's contributions:
* Speed up the initial sharing by making KnowFileList a hash map.
* Remove the assign to category context menu entry only if it was
already there.
* Reimplemented hashing thread.
* Removed unused locks. As the NetBSD team pointed out they are
causing problems on their system because it does core dump on
unlocking a mutex that was not locked.
* Made the title for systray the same as for the main dialog.
* Never share a file twice.
* Fixed endless loop in sending UDP packets.
* Fixed a possibly exploitable bug as noticed by S. Esser from e-matters.
* Fixed new downloads assigned to random category.
* Check size of OP_SERVERSTATUS packet more strictly.
* Make xmule not to send the MOD_VERSION information. This does avoid a
problem with the LSD mod and other xmules.
* Removed memory leak from hashing thread.
* Minor fixes of problems detected by valgrind, mostly uninitialized
variables.
Un-Thesis' contributions:
* Implemented better GTK2 checks based on NetBSD team's and a Solaris user's
input
* Converted embedded XPMs to PNGs and JPEGs for better memory usage.
* FIXED: several bugs inherent in the source from previous devs/projects.
* FIXED: several memory leaks.
* Started refactoring the sourcecode.
* Got his own connection shut down by MPAA on 19 Aug :P
* Bringing website back to live.
* Kept xMule alive.
NetBSD team's contributions:
* Fixed bug with the mutex protecting calls to gethostbyname.
* Try to increase some resource limitation to the permitted maximum.
LFT, short for Layer Four Traceroute, is a sort of 'traceroute' that
often works much faster (than the commonly-used Van Jacobson method)
and goes through many configurations of packet-filter based firewalls.
More importantly, LFT implements numerous other features including AS
number lookups, loose source routing, netblock name lookups, et al.
package suggested by lukem.
malware's contributions:
* SECURITY: Removed possible format string exploits.
* FIXED: statistics color saving/loading.
* FIXED: a possibly exploitable bug as noticed by S. Esser from e-matters.
* FIXED: exception handling for CString/wxString.
* FIXED: endless loop in CClientUDPSocket::OnSend().
* FIXED: fatal exception handler not to fail in early stages.
* FIXED: endless loop in CListenSocket::KillAllSockets().
* FIXED: Lagloose's Shift+Doubleclick to show really only transfering
sources. Update still does not work.
* Decode %-escaped characters in URL within the ed2k application as
suggested by __JusSx__.
NetBSD team's contributions:
* Work-around not to unlock mutexes not locked.
* Try to increase some resource limits to the permitted maximum.
* FIXED: bug with the mutex protecting calls to gethostbyname.
Un-Thesis' contributions:
* Added support for adding multiple ED2K links.
* Added ED2K link support for GTK2.
FooMan's contributions:
* FIXED: for failing file access during download completion.
Changes:
* fix a problem with handling of exceptions that was uncovered by
Python 2.3.
* disable assigning to unknown attributes on stub instances. Saves
a little memory too.
* add CORBA.ORB.work_pending() and CORBA.ORB.perform_work() methods.
The hf6to4 script can be used to setup IPv6 on your home machine and net-
work for exploring IPv6 without any registrations. 6to4 is a mechanism by
which your IPv6 address(es) are derived from an assigned IPv4 address,
and which involves automatic tunnelling to one or more remote 6to4 hubs,
which will then forward your v6 packets on the 6bone etc. Replies are
routed back to you over IPv4 via (possibly) other 6to4 capable remote
gateways. As such, IPv6-in-IPv4-encapsulated packets are accepted from
all v4-hosts.
XXX this is a rewrite of 6to4 in /bin/sh, no more perl required.
reported by Gary Duzan in PR pkg/22274
-being here, uodate to 5.3.20
changes:
- Updated for current autoconf/gcc build environment.
- Repair tries to continue even when not all replicas can be mounted.
- I _think_ this code fixes the problem where venus dies when it is
restarted after a local-global conflict and required reinitialization.
- Added 'masquerade_port' option to venus.conf to force venus to use a
fixed port when 'masquerade=1'. Simplifies life for strict firewall
administrators.
- Improved Kerberos intergration.
- Fixed the problem where servers would crash when more than 30000 files
were created in a single volume.
summary of changes since 5.2.1 (there are a few, since this pkg is
~4 years old):
5.2.2 - Mon Sep 27, 1999
bug fix from Jamshid Majdavi (and Kevin Lahey), SYN-ACKs containing window
scaling were getting scaled (and shouldn't be).
5.2.3 - Interal changes and enhancements
5.2.4 - Tue Apr 11, 2000
bug fix by Priya - we were detecting rexmitted bytes in segments in error in
some cases
fixed bug in IPv6 header processing reported by Takayoshi Ohnishi,
IPPROTO_ICMPV6 was causing infinite loop
5.2.6 - Thu Jul 6, 2000
fixed bug in TCP checksum code, it was always saying CORRECT
6.0.0a - preparing for alpha release of version 6
6.0.1a - added support for atmsnoop output format in snoop.c
6.0.1a2 - changed all of the DLT_ constants in tcpdump.[ch] to PCAP_DLT_
with the same numbers to avoid OSs that are renumbering them.
6.0.1a3 - added format characters to several options, as an extension of a
suggestion by Brian Utterback.
6.0.0b4- Saturday, 6 Oct 2001
Added options :
--xplot_all_files and --xplot_args.
Added support for zero window probe packets and urgent data packets.
Fixed all sprintf's in the code to snprintf's to thwart any
buffer overflow attacks.
Changed functionality for window scaled connections so that
the output of "min win adv" does not print the minimum window
as advertised in SYN packets as SYN packets cannot be scaled
themselves.
Completely revamped the http module with code sent by Bruce Mah.
Added code to verify TCP and UDP checksums in IPv6 packets.
However, code has not been tested thoroughly yet.
6.0.1 - Mon Dec 3, 2001
This is the version we'll release
Also, added support with --print_seq_zero for printing sequence numbers
as relative to the SYN rather than absolute. NOTE: this only works for
"-P" which uses connection records, but NOT for "-p" (which doesn't)
Also fixed the SACK-printing code to print in decimal if requested.
Updated the manual page and made the necessary change to Makefile.in so
that the manual page gets installed when tcptrace is installed.
Fixed a bug with with the statistics for average window advertisement.
Average was showing more than max.
Fixed a bug with ACK sequence comparisons in the HTTP module. Many thanks to
Daikichi Osuga for pointing out the error.
Fixed a divide-by-zero error in PlotHist() in mod_rttgraph.c.
Matt Muggeridge has been very kind in providing detailed information regarding
porting tcptrace to OpenVMS. Please read the new file README.OpenVMS if you
are interested in running tcptrace on OpenVMS.
Changes made to code in order to be able to compile tcptrace under cygwin on
Windows. Now works on windows too. Does not support reading compressed dump
files directly though.
The ns code was modified by Angelos Stavrou to read in the more detailed
output from the extra headers in the ns FullTcp.
Fixed a bug with the host letters. The function HostLetter was skipping host
names after y, z ... jumping to ba, bb, ... instead of aa, ab ...
6.2.0 - Stable - Fri Jul 26, 2002
This is the version we'll release
6.2.1 - Fri Aug 09, 2002
enhance fulltcp file reading from r.schramp@kpn.com
6.2.2 - Fri Aug 30, 2002
added vlan support to snoop for Tysko. Need to add support in other
formats too, but I don't have a packet dump to test against yet - sdo
6.2.3 - Wed Sep 18, 2002
bugfix: For FIN segments with data only FIN was getting plotted and not the
data. Now data gets plotted with the default color and then one byte
is plotted with the synfin color. For no data, only one byte of FIN
is plotted with the synfin color.
6.2.4 - Wed Sep 18, 2002
bugfix: RST_IN relative offset was being calculated using the incorrect
sequence space.
6.2.5 - Mon Nov 11, 2002
bugfix: Negative sequence numbers were being printed by function
PrintSeqRep() for the packet print '-p' / '-P' switches. Changed the
print format from %d to %u.
6.2.6 - Thu Nov 14, 2002
bugfix: '-c' option - ignore non-complete connections was working only for
long output. Fixed it to work for brief output too.
Release 6.4.0
=============
Bugfix made to fix misbehavior due to FILE synchronization issues
found when tcptrace exits with "PCAP error - truncated file" when asked to
read real-time network packets from STDIN - Mani.
Patches added to process dumpfiles with 802.11 wireless headers for the
Prism2 chipset. Courtesy - Brandon Eisenmann.
Added new extended option "--nonreal_live_conn_interval" option to let the
user set the duration to timeout live connections, in non real-time mode
- Ramani.
Merged from development tree:
Added the options --oUDP, --iUDP, --oTCP, --iTCP to filter out TCP
and UDP connections - Mani
Added options --csv, --tsv, --sv=<SP> for comma/tab/<SP>-separated values to be
printed with the long output - Avinash
6.4.1 : 26 APR 2003 Mani
-----
Fixed a bug in the processing of IPv6 extension headers in ipv6.c:findheader()
6.4.2 : 3 MAY 2003 Jitesh
-----
Fixed the processing of duplicate ACKs as in the BSD stack to count towards
the 3 dupacks required for fast-retransmit.
Summary of changes from 1.0.0:
* Message sections are now lists of RRsets, not lists of nodes.
* Nodes no longer have names; owner names are associated with
nodes in the Zone object's nodes dictionary.
* Many tests have been added to the test suite; dnspython 1.0.0
had 47 tests, 1.1.0 has 275. The improved testing uncovered a
number of bugs, all of which have been fixed.
* The NameDict class provides a dictionary whose keys are DNS
names. In addition to behaving like a normal Python dictionary,
it also provides the get_deepest_match() method. If, for
example, you had a dictionary containing the keys foo.com and
com, then get_deepest_match() of the name a.b.foo.com would
match the foo.com key.
* A new Renderer class for those applications which want finer
control over the DNS wire format message generation process.
* Support for a "TooBig" exception if the size of wire format
output exceeds a specified limit.
* Zones now have find_rrset() and find_rdataset() convenience
methods. They let you retrieve rdata with the specified name
and type in one call, e.g.:
rrset = zone.find_rrset('foo', 'mx')
* Other new zone convenience methods include: find_node(),
delete_node(), delete_rdataset(), replace_rdataset(),
iterate_rdatasets(), and iterate_rdatas().
* get_ variants of find_ methods are provided; the difference is
that get_ methods return None if the desired object doesn't
exist, whereas the find_ methods raise an exception.
* Zones now have a to_file() method.
* The message and zone from_file() methods allow Unicode filenames
on platforms (and versions of python) which support
them. Universal newline support is also used if available.
* The Zone class now implements more of the standard mapping
interface. E.g. you can say zone.keys(), zone.get('name'),
zone.iteritems(), etc. __iter__() has been changed to iterate
the keys rather than values to match the standard mapping
interface's behavior.
* Rdatasets support more set operations
* Zone and Node factories may be specified, allowing applications
to subclass Zone or Node and yet still use the algorithms which
build zones from master files or AXFR data.
* dns.ipv6.inet_ntoa() now minimizes the text representation of
IPv6 addresses in the usual way,
e.g. "0000:0000:0000:0000:0000:0000:0000:0001" is minimized to
"::1".
* dns.query functions now take an optional address family parameter.
All known bugs from 1.0.0 are fixed in this release.
changes:
- Modifed WSDL.Proxy to pass along all arguments to SOAPProxy. This
should ensure that all features of SOAPProxy are accessible to users
of WSDL.Proxy
- Created URLopener.py, which contains a class extending
urllib.FancyURLopener. This class allows reading from URLs that
are protected by basic authenticatoin, have been relocated, etc.
- Modified WSDL.Proxy to use URLopener. It should now permit access
to WSDL files protected by basic authentication.
- Modified XMLSchema to extend UserTuple instead of tuple for python < 2.2.
- Added UserTuple class, taken from from Stefan Schwarzer's ftputil
library.
This version contains many changes/fixes.
among them:
- Major Change: The huge file SOAPpy/SOAP.py (4,122 lines, 131K) has
been split into 10 separate files:
Client.py NS.py SOAPBuilder.py Utilities.py
Config.py Parser.py Server.py
Errors.py SOAP.py Types.py
This should ease navigation and maintenance.
- Added client support for WSDL, ported from ZSI by Mark Bucciarelli
<mark@hubcapconsulting.com>
The NetBSD project now has the permission to download the archive from
the official Spread site and to mirror it, so remove the restrictions.
changes:
*) Fix memory corruption and crash with groups of large size.
*) Correct make install so it installs header files.
*) Fix syntax error in build.xml file for Java/Ant.
*) Cleanup prototypes to remove compiler warnings.
*) Fix parser to correctly recognize upper, lower, and mixed case command options.
*) During make install, remove old symlinks.
*) Change setgroups call to be more portable. (fixes MacOSX)
*) Change name of r and s to sprecv and spsend, and add as make targets.
They can be built by "make testprog" (not built by default).
*) Work on making long group names possible.
*) Increase listen backlog for accepting client connections.
*) Fix Win32 project files to have correct path to source files.
(note CVS was always ok, but 3.17.0 release had incorrect path)
*) Fix bug where large groups overflow Mess_buf in groups.c.
*) Fix memory corruption bug when a message header is received in
several separate packets in session.c. Thanks to Ryan Caudy for
many, many hours tracking this down.
*) Change order of build in Makefile so binaries are built before
documentation.
*) Fix Java bug where connection objects cannot be disconnected and
then reconnected, but must be created anew. They can now be reused.
*) Fix compile error on AIX for struct if_info.
*) Fix security issue with buffer checks in the C library.
*) Fix obscure off-by-one buffer error with the parser.
Changes (since 1.99.5):
* Work with latest HEAD branch (ORBit2 2.7.x).
* allow importing of CORBA or PortableServer without first importing
ORBit. This gives better compatibility with standard CORBA mapping.
* None is not a valid string/wstring value.
* accept strings for sequence<octet>.
* clean up base class list when building client stubs. This is
needed in order for the stubs to work with Python 2.3.
* fix some possible segfaults if the argument names are missing in
the IInterface structures, which occurs when using ORBit.load_file().
Package changes:
* Use bsd.pkg.install full power: rc script handling, OWN_DIRS.
* Tweak BUILD_DIRS instead of using post-build and post-install time
make invocations (with a little help of post-extract clean up).
* Automatic OPSYS PLIST handling.
* Install html documentation in a canonical pkgsrc directory.
Changes since bind version 8.3.4:
--- 8.4.1-REL released --- (Sun Jun 8 15:11:32 PDT 2003)
1548. [port] winnt: make recv visible from libbind.
1547. [port] cope with spurious EINVAL from evRead.
1546. [cleanup] dig now reports version 8.4.
1545. [bug] getifaddrs_sun6 was broken.
1544. [port] hpux 10.20 has a broken recvfrom(). Revert to recv()
in named-xfer and work around deprecated recv() in
OSF.
1543. [bug] named failed to send notifies to servers that live
in zones it was authoritative for.
1542. [bug] set IPV6_USE_MIN_MTU on IPv6 sockets if the kernel
supports it.
1541. [bug] getifaddrs_sun6() should be a no-op on early SunOS
releases.
--- 8.4.0-REL released --- (Sun Jun 1 17:49:31 PDT 2003)
1540. [bug] remove potential memory leak from net_data_create().
1539. [port] protect references to sin6_scope_id with #ifdef.
1538. [port] linux: not all distributions define IF_NAMESIZE.
--- 8.4.0-RC2 released --- (Tue May 27 18:31:53 PDT 2003)
1537. [bug] dig buffer overrun with large command lines.
1536. [cleanup] use NS_MAXMSG to define TCP buffers.
1535. [bug] winnt: large zone transfers failed.
1534. [func] The advertised EDNS UDP buffer size can now be set
via named.conf (edns-udp-size).
1533. [bug] don't artificially restrict the update message size.
1532. [bug] use maximum sized answer buffers in res_findzonecut().
1531. [port] darwin: has getifaddrs().
1530. [bug] nslookup computed incorrect reverse lookup for IPv6.
1529. [lint] unused variable in dnsquery.c::main().
1528. [bug] getaddrinfo() incorrectly rejected a numeric service
under certian circumstances.
1527. [proto] add ns_t_apl (42).
1526. [doc] res_{get,set}servers().
1525. [bug] named failed to start on linux machines w/o IPv6
support.
--- 8.4.0-RC1 released --- (Fri May 2 18:20:02 PDT 2003)
1524. [bug] update documentation for IPv6 transport support.
1523. [bug] getipnodebyname with AI_ADDRCONFIG set was broken
on HPUX 11.11. Detect IPv6 interfaces under linux.
1522. [port] ultrix doesn't have msg_control (NO_MSG_CONTROL).
1521. [bug] query-source{-v6} was broken.
1520. [port] hpux: socket returns EPROTONOSUPPORT for unsupported
family.
1519. [port] decunix: conflicting setnetgrent() and innetgr()
prototypes.
1518. [cleanup] silence "No root nameservers for class XX" when
"forward only;" is set in options.
1517. [cleanup] stop using putshort/putlong internally.
1516. [port] bsdos: now know correct appearance information for
getifaddrs/freeifaddrs.
--- 8.4.0-T2B released --- (Wed Apr 23 21:11:59 PDT 2003)
1515. [port] solaris doesn't have msg_control (NO_MSG_CONTROL).
1514. [port] hpux doesn't have msg_control (NO_MSG_CONTROL).
1513. [bug] use ipnodes.{byname,byaddr} for IPv6 NIS lookups.
Add support for "YP_MULTI_".
1512. [func] provide a getifaddrs() implementation for OS's
that don't have one. Includes IPv6 support for
Solaris, HPUX and Linux.
1511. [cleanup] don't use argument names in function prototypes.
1510. [port] openbsd uses /bsd not /kernel.
1509. [port] bsd: extract sin6_scope_id from internal form.
1508. [bug] not all references to sin6_scope_id were protected.
1507. [bug] don't attempt to send using address families not
supported by the kernel.
1506. [bug] named could sometimes set tc incorrectly.
1505. [bug] potential overflow if pointer arithmetic wrapped.
1504. [port] sa_family_t doesn't exist on all platforms.
1503. [bug] named could make unnecessary queries for glue if the
additional section was full.
1502. [port] some IPv6 references were not protected.
1501. [port] decunix: OSF 3.2 does not have native 64 bit support.
1500. [port] linux: namespace collision.
1499. [port] linux: #include <time.h> bin/dig/dig.c
1498. [bug] ns_makecanon() could under read its destination buffer
by one character and fail to properly canonicalise.
1497. [bug] res_mkupdate() used compression pointers when it
shouldn't.
1496. [bug] res_mkupdate() didn't support NAPTR.
--- 8.4.0-T1B released --- (Mon Apr 7 20:00:15 PDT 2003)
1495. [func] IPv6 transport support for named, named-xfer and
ndc.
1494. [bug] memory leak on thread destruction if gethostbyname() /
getnetbyname() have been called by the thread.
1493. [bug] check scope for link local servers.
1492. [placeholder]
1491. [cleanup] indentation problems.
1490. [bug] the seek offset was miscalculated when truncating
the ixfr log.
1489. [func] named no longer queries for missing additional A6
records.
1488. [port] decunix: TruCluster support.
See port/decunix/TruCluster.
1487. [bug] getnetgroup() takes (char **) not (const char **).
1486. [func] res_query() now generates more/better debug on failure
1485. [func] res_send() records the nameserver the response came
from. Dig retrieves this rather than reporting the
first address.
1484. [bug] dig use sin.sin_port for IPv4.
1483. [bug] nslookup could dereference a NULL pointer under certain
circumstances.
1482. [bug] provide local storage for localtime_r result.
1481. [bug] tv.tv_sec and time_t are not always the same type.
1480. [bug] gethostbyname(), getaddrinfo() could drop address
if the previous call contained one of the new
addresses.
1479. [func] try known lame servers if all other servers have
failed.
1478. [cleanup] libbind: don't look for A6 records, don't follow
DNAME record (use the CNAMES), remove some bitstring
related functions.
1477. [cleanup] libbind: namespace cleanup (irs_* to __irs*,
dst_* to __dst_* and tree_* to __tree*)
1476. [bug] dig wasn't using a random query id.
1475. [bug] "query-source address <listening interface> port *"
failed to use a system assigned port as documented.
1474. [bug] named wasn't seeing cached NODATA CNAME records.
1473. [bug] nslookup: buffer overrun when looking up reverse
IPv6 addresses under IP6.INT when not found under
IP6.ARPA.
1472. [port] freebsd; current has pselect().
1471. [port] 'dig -P' failed on some platforms.
1470. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30.
1467. [deleted]
1461. [func] return referrals for glue (NS/A/AAAA) if recursion is
disabled (recursion no;).
1460. [bug] NS_MD5RSA_MAX_BITS was not correct.
1459. [bug] ns_sign2() could fail to compute a correct signature
if the TSIG ownername was compressed.
1458. [bug] host: spurious "Unknown algorithm" message with default
zone listing. missing white space before '(' in SOA
format.
1457. [bug] bison didn't like ns_parser.y.
1456. [doc] document auth-nxdomain default is "no" (see # 524).
1455. [bug] named failed to allow a cached NODATA response for
a ANY query to be retrieved.
1454. [contrib] nsverifier from Bob.Whelton@qwest.com.
1453. [bug] SOA answers should only be cached for the current
tick.
1452. [bug] don't cache -ve response SOA record.
1451. [port] bsdos: maybe_fix_includes is not required.
1450. [bug] hint zones don't need to be reloaded when a "child"
zone is removed.
1449. [bug] it was possible to orphan glue records. this could
lead to panics in stale().
1438. [bug] glue from a parent zone beneath a child zone could
be deleted by loading a child zone.
1437. [bug] linux: probe_ipv6 was broken.
1436. [port] decunix: update sys/bitypes.h
1435. [func] named-xfer: log the zone name when reporting query
sent.
1434. [doc] the man page for dn_expand failed to document eomorig.
1433. [lint] remove unused variable.
1432. [func] log TSIG key name if used with zone transfer.
1431. [func] new category "update-security".
1430. [func] libbind: the default nameservers now include ::1/::
as well as 127.0.0.1/0.0.0.0 if none are specified in
resolv.conf.
1429. [port] libbind: use strlcat/strlcpy if available.
1428. [port] eventlib.c: cast tv_sec to long when calling *printf().
1427. [func] define INT8SZ
1426. [port] res_dprintf() now supports format checking w/ gcc.
1425. [bug] 'aa' was not being set appropriately with cross zone
CNAMES.
1424. [cleanup] ip6_str2scopeid() now returns u_int32_t.
1423. [bug] 'ndc restart' could fail to restart named if there
were no arguments to named.
1422. [cleanup] optarg() etc. are declared in unistd.h.
1421. [bug] clear and check errno when calling strtoul().
1420. [cleanup] use %p instead of %#x for printing pointers.
1419. [cleanup] getinfo(): kill buflen manipulation.
1418. [port] cast pointers to (size_t) when aligning.
1417. [cleanup] make1101inaddr(): kill size manipulation.
1416. [port] log_vwrite() now supports format checking w/ gcc.
1415. [port] irix: probe for in6addr_any.
1414. [bug] strtoul() cast (char*) to (unsigned char*).
1413. [bug] host: soa values are not signed.
1412. [bug] fix numeric port range check in getaddrinfo().
1411. [port] freebsd/netbsd/openbsd: #define USE_IFNAMELINKID.
1410. [port] probe for sin6_scope_id when probing for IPv6 structs.
1409. [bug] dig: reverse6 computed a incorrect nibble string.
1408. [cleanup] res_mkquery.c: kill buflen manipulation.
1407. [port] namespace clash EV_ERR -> EV_SETERR
- Honour PKG_SYSCONFDIR.
- Use RCD_SCRIPTS to automatically handle rc.d scripts.
Also convert the two installed rc.d scripts to the rc.subr framework (keeping
some compatibility if not present).
Bump PKGREVISION to 1.
