Features:
* Implement max-udp-size config option, default 4096 with fix#524 for
nonEDNS0 queries.
* add unbound-control insecure_add and insecure_remove for the administration
of negative trust anchors.
* install copy of unbound-control.8 man page for unbound-control-setup.
* code improve for minimal responses, small speed increase.
* max include of 100.000 files (depth and globbed at one time).
This is to preserve system memory in bug cases, or endless cases.
* unbound.h header file has UNBOUND_VERSION_MAJOR define.
* get_option, set_option, unbound-checkconf -o and libunbound getoption() and
setoption() support cache-min-ttl and cache-max-ttl. Also log-time-ascii,
python-script, val-sig-skew-min and val-sig-skew-max. log-time-ascii takes
effect immediately. The others are mostly useful for libunbound users.
* configure --disable-flto option.
* streamtcp man page.
* Make reverse zones easier by documenting the nodefault statements
commented-out in the example config file.
Bug Fixes:
* committed libunbound version 4:1:2 for binary API updated in 1.4.20
* Fix for 2038, with time_t instead of uint32_t.
* Fix resolve of names that use a mix of public and private addresses.
* [bugzilla: 492 ] Fix endianness detection, revert to older lookup3.c
detection and put new detect lines after previous tests, to avoid
regressions but allow new detections to succeed.
And add detection for machine/endian.h to it.
* Fix queries leaking up for stubs and forwards, if the configured
nameservers all fail to answer.
* unbound-anchor review: BIO_write can return 0 successfully if it has
successfully appended a zero length string.
* Fix so that for a configuration line of include: "*.conf" it is not an
error if there are no files matching the glob pattern.
* own implementation of compat/snprintf.c.
* [bugzilla: 491 ] pick program name (0th argument) as syslog identity.
* Fixup snprintf return value usage, fixed libunbound_get_option.
* Robust checks on dname validity from rdata for dname compare.
* iana portlist update.
* Fix round-robin doesn't work with some Windows clients.
* [bugzilla: 500 ] use on non-initialised values on socket bind failures.
* [bugzilla: 499 ] use-after-free in out-of-memory handling code.
* Explain bogus and secure flags in libunbound more.
* Update acx_pthreads.m4 to ax_pthreads.4 (2013-03-29), and apply patch to it
to not fail when -Werror is also specified, from the autoconf-archives.
* Fixup manpage syntax.
* Fix for const string literals in C++ for libunbound.
* Squelch sendto-permission denied errors when the network is not connected,
to avoid spamming syslog.
* libunbound documentation on how to avoid openssl race conditions.
* [bugzilla: 512 ] NSS returned arrays out of setup function to be statics.
* [bugzilla: 516 ] dnssec lameness detection for answers that are improper.
* [bugzilla: 519 ] ub_ctx_delete may hang in some scenarios (libunbound).
* [bugzilla: 520 ] Errors found by static analysis
- Integrated NetBSD ioctl driver (modified) from Rui Paulo.
- Fixed buffer overflow in draw_rate, exposed in 64 sistems due
to extended precision in floating point values.
- Include Becker's changes for trend support and set trend support on by
default.
- Integrate FreeBSD's driver patch.
- Do not blink leds when an interface is offline
- Do not require 'link_up' in solaris_kstat (but use it if present),
since on OpenSolaris many nic drivers seem to be broken.
- Fix the installation path of wmndrc.
* Twisted now includes a HostnameEndpoint implementation which uses IPv4 and IPv6 in parallel, speeding up the connection by using whichever connects first (the 'Happy Eyeballs'/RFC 6555 algorithm).
* Improved support for Cancellable Deferreds by kaizhang, our GSoC student.
* Improved Twisted.Mail documentation by shira, our Outreach Program for Women intern.
* twistd now waits for the application to start successfully before exiting after daemonization.
* SSL server endpoint string descriptions now support the specification of chain certificates.
* Over 70 closed tickets since 13.1.0.
Upstream changes:
1.08 November 8, 2013
! #15703 add no_index for examples to prevent CPAN pollution [githumb.com/sergeyromanov]
1.07 November 7, 2013
! #89948 Remove warning when Content-Id is not present
These are security releases in order to address CVE-2013-4475 (ACLs are not checked on opening an alternate data stream on a file or directory) and CVE-2013-4476 (Private key in key.pem world readable).
--------------------------
Bugfixes:
* Improved zone loading error messages
* Correct control socket permissions
* Improved log syntax documentation
* Fixed wrong assertions in DDNS prerequisites checking
* Fixed processing of some malformed DNS packets
* Fixed notify messages being ignored in some cases
v1.3.2 - Sep 30, 2013
---------------------
Bugfixes:
* Configuration option for EDNS0 max UDP payload.
* Max UDP payload from EDNS0 affected TCP responses.
* Fixed build on SLE 10.
* knotc reload did not close files included from config.
Based on PR pkg/48320 by Nils Ratusznik.
Pkgsrc change:
* add startup script.
ChangeLog:
v1.15: 27JUL2013
Added --transparent option for transparent proxying.
See README for iptables magic and capability
management.
Fixed bug in sslh-select: if number of opened file
descriptor became bigger than FD_SETSIZE, bad things
would happen.
Fixed bug in sslh-select: if socket dropped while
defered_data was present, sslh-select would crash.
Increased FD_SETSIZE for Cygwin, as the default 64
is too low for even moderate load.
v1.14: 21DEC2012
Corrected OpenVPN probe to support pre-shared secret
mode (OpenVPN port-sharing code is... wrong). Thanks
to Kai Ellinger for help in investigating and
testing.
Added an actual TLS/SSL probe.
Added configurable --on-timeout protocol
specification.
Added a --anyprot protocol probe (equivalent to what
--ssl was).
Makefile respects the user's compiler and CFLAG
choices (falling back to the current values if
undefined), as well as LDFLAGS.
(Michael Palimaka)
Added "After" and "KillMode" to systemd.sslh.service
(Thomas Weißschuh).
Added LSB tags to etc.init.d.sslh
(Thomas Varis).
v1.13: 18MAY2012
Write PID file before dropping privileges.
Added --background, which overrides 'foreground'
configuration file setting.
Added example systemd service file from Archlinux in
scripts/
https://projects.archlinux.org/svntogit/community.git/tree/trunk/sslh.service?h=packages/sslh
(Sébastien Luttringer)
v1.12: 08MAY2012
Added support for configuration file.
New protocol probes can be defined using regular
expressions that match the first packet sent by the
client.
sslh now connects timed out connections to the first
configured protocol instead of 'ssh' (just make sure
ssh is the first defined protocol).
sslh now tries protocols in the order in which they
are defined (just make sure sslh is the last defined
protocol).
v1.11: 21APR2012
WARNING: defaults have been removed for --user and
--pidfile options, update your start-up scripts!
No longer stop sslh when reverse DNS requests fail
for logging.
Added HTTP probe.
No longer create new session if running in
foreground.
No longer default to changing user to 'nobody'. If
--user isn't specified, just run as current user.
No longer create PID file by default, it should be
explicitely set with --pidfile.
No longer log to syslog if in foreground. Logs are
instead output to stderr.
The four changes above make it straightforward to
integrate sslh with systemd, and should help with
launchd.
v1.10: 27NOV2011
Fixed calls referring to sockaddr length so they work
with FreeBSD.
Try target addresses in turn until one works if
there are several (e.g. "localhost:22" resolves to
an IPv6 address and an IPv4 address and sshd does
not listen on IPv6).
Fixed sslh-fork so killing the head process kills
the listener processes.
Heavily cleaned up test suite. Added stress test
t_load script. Added coverage (requires lcov).
Support for XMPP (Arnaud Gendre).
Updated README.MacOSX (Aaron Madlon-Kay).
v1.9: 02AUG2011
WARNING: This version does not work with FreeBSD and
derivatives!
WARNING: Options changed, you'll need to update your
start-up scripts! Log format changed, you'll need to
update log processing scripts!
Now supports IPv6 throughout (both on listening and
forwarding)
Logs now contain IPv6 addresses, local forwarding
address, and resolves names (unless --numeric is
specified).
Introduced long options.
Options -l, -s and -o replaced by their long
counterparts.
Defaults for SSL and SSH options suppressed (it's
legitimate to want to use sslh to mux OpenVPN and
tinc while not caring about SSH nor SSL).
Bind to multiple addresses with multiple -p options.
Support for tinc VPN (experimental).
Numeric logging option.
v1.8: 15JUL2011
Changed log format to make it possible to link
connections to subsequent logs from other services.
Updated CentOS init.d script (Andre Krajnik).
Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not
propagated to the child process, so we set up signals after
the fork.) (François FRITZ)
Added -o "OpenVPN" and OpenVPN probing and support.
Added single-threaded, select(2)-based version.
Added support for "Bold" SSH clients (clients that speak first)
Thanks to Guillaume Ricaud for spotting a regression
bug.
Added -f "foreground" option.
Added test suite. (only tests connexions. No test for libwrap,
setsid, setuid and so on) and corresponding 'make
test' target.
Added README.MacOSX (thanks Aaron Madlon-Kay)
Documented use with proxytunnel and corkscrew in
README.
Security Fixes
Treat an all zero netmask as invalid when generating the localnets
acl. A Winsock library call on some Windows systems can return
an incorrect value for an interface's netmask, potentially
causing unexpected matches to BIND's built-in "localnets" Access
Control List. (CVE-2013-6230) [RT #34687]
Security Fixes
Treat an all zero netmask as invalid when generating the localnets
acl. A Winsock library call on some Windows systems can return
an incorrect value for an interface's netmask, potentially causing
unexpected matches to BIND's built-in "localnets" Access Control
List. (CVE-2013-6230) [RT #34687]
Security Fixes
Treat an all zero netmask as invalid when generating the localnets
acl. A Winsock library call on some Windows systems can return
an incorrect value for an interface's netmask, potentially causing
unexpected matches to BIND's built-in "localnets" Access Control
List. (CVE-2013-6230) [RT #34687]
* Image preview
* catch up Tumblr spec chane
* Fixes 100% CPU when network is disconnected.
* Fixes display past tweets in threads.
* Fixes rare crash handling list.
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2013-61
The IEEE 802.15.4 dissector could crash. (Bug 9139)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6336
* wnpa-sec-2013-62
The NBAP dissector could crash. Discovered by Laurent
Butti. (Bug 9168)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6337
* wnpa-sec-2013-63
The SIP dissector could crash. (Bug 9228)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6338
* wnpa-sec-2013-64
The OpenWire dissector could go into a large loop.
Discovered by Murali. (Bug 9248)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6339
* wnpa-sec-2013-65
The TCP dissector could crash. (Bug 9263)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6340
- The following bugs have been fixed:
* new_packet_list: EAP-TLS reassemble does not happen when
NEW_PACKET_LIST is toggled. (Bug 5349)
* TLS decryption fails with XMPP start_tls. (Bug 8871)
* Wrong Interpretation of GTS starting slot. (Bug 8946)
* "Follow TCP Stream" shows only the first HTTP req+res.
(Bug 9044)
* The value of SEND_TO_UE in the DIAMETER Gx dictionary for
Packet-Filter-Usage AVP is 0 instead of 1. (Bug 9126)
* Crash then try to delete the same entry (length range)
twice. (Bug 9129)
* Crash if wrong "packet lengths range" entered. (Bug
9130)
* Bssgp => SGSN-INVOKE-TRACE use the wrong function...
(Bug 9157)
* Minor correction to dissection of DLR frames in Ethernet/IP
dissector. (Bug 9186)
* WebSphere MQ V7 Bug Fix 8322 TSHM_EBCDIC. (Bug 9198)
* EDNS0 "Higher bits in extended RCODE" incorrectly decoded
in packet-dns.c. (Bug 9199)
* Files with pcap-ng Simple Packet Blocks can't be read.
(Bug 9200)
* Bug in RTP dissector if RTP extension is present. (Bug
9204)
* Improve "eHRPD Indicator" NVSE dissection in 3GPP2 A11
Registration Request. (Bug 9206)
* "make debian-package" fails, missing wsicon32.xpm. (Bug
9209)
* Fix typo in MODCOD list of DVB-S2 dissector. (Bug 9218)
* Ring buffer crash when tshark gets too far behind dumpcap.
(Bug 9258)
* PTP Dissector Wrongfully Reports Malformed Packet. (Bug
9262)
* Wireshark lua dissector unable to load for
media_type=application/octet-stream. (Bug 9296)
* Wireshark crash when dissecting packet with NTLMSSP.
(Bug 9299)
* Padding in uint64 field in DCERPC protocol wrongly
reported. (Bug 9300)
* DCERPC data_blobs are not correctly dissected when NDR64
encoding is used. (Bug 9301)
* Multiple PDUs in the same DCERPC packet are not correctly
decrypted. (Bug 9302)
* The tshark summary line doesn't display the frame number or
displays it sporadically. (Bug 9317)
* Bluetooth: SDP improvements and minor fixes. (Bug 9327)
* Duplicate IRC header field abbreviation breaks filter
(example: irc.response.command). (Bug 9360)
- Updated Protocol Support
3GPP2 A11, Bluetooth SDP, BSSGP, DCERPC, DCERPC NDR, DCERPC NT,
DIAMETER, DNS, DVB-S2, Ethernet, EtherNet/IP, H.225, IEEE
802.15.4, IRC, NBAP, NTLMSSP, OpenWire, PTP, RTP, SIP, TCP,
WiMax, and XMPP
e-mail address). Changes include:
* Shell.to_file: implement the append flag as documented
* The libraries netcamlbox and netmulticore are now only built
if completely supported.
* Porting netcamlbox and netmulticore to ocaml-4.01:
There are new implementations in OCaml for caml_modify and
caml_initialize that are incompatible with our usage here.
Fortunately, these symbols are now weak, and we can override
them. This is done in netsys.outofheap, and for the time being
we just use the old implementation from ocaml-4.00.
* Porting netsys to ocaml-4.01: O_CLOEXEC is now supported
if found
* Netsys_sem: fix for systems that don't have
Netsys_posix.sysconf_open_max (e.g. Win32).
* Http_fs: read method: fixing a problem with resent messages
* Http_client: better reaction after "100" responses
* Http_client: implementing verbose_response_header, and
verbose_response_contents again
* Uq_ssl: debugging of payload data (Uq_ssl.Debug.dump_data)
* Http_fs: fixing chunked encoding for PUT (this is already done
in Http_client)
* Nethttp: new function base_code
* Http_client: handling the case better that an unknown status
code is returned by the server. Before, [response_status] simply
raised [Not_found]. Now, the base status is returned instead.
* Extending ocamlrpcgen: It supports now six new directives,
_lowercase, _uppercase, _capitalize, _prefix, _equals,
and _tuple (see documentation).
Changes:
- Set default timing method to either gtod or abstime (#404)
- Fix IPv6 parsing of CIDR's (#405)
- Add support for preloading the memory cache (#410)
- Generate more useful error when packets are too small (#411)
- Update to libopts/Autogen 5.9.9 (#412)
- Ship Win32Readme.txt file (#413)
- Update copyright notice to 2010 (#416)
- Dramatically enhance --portmap option (#417)
- Update autotools (#423)
- Add support for printing statistics periodically during the run (#424)
- Warn user when pcap snaplen < 65535 (#425)
- Add 802.1q processing support tcpprep (#428)
- Link libnl when newer versions of libpcap require it (#397)
- Ship m4 directory (#398)
- Upgrade to latest autotools scripts (#400)
- Fix error message when running autogen.sh (#401)
- Added extensive IPv6 support to tcprewrite & tcpreplay-edit (#11)
- Add IPv6 fragroute support (#388)
- Add IPv6 decoding support to tcpprep (#11)
- Fix compile time error in err.h (#390)
- Add --endpoints support in tcpreplay-edit (#393)
Features:
* documented in doc/NSD-4-features. Change configuration without restart,
direct nameserver control with nsd-control, support a higher number of zones.
Higher performance (compared to NSD3).
* nsdc is gone. Use kill -HUP for reload (also checks if zonefiles have
changed and rereads them), and kill -TERM for quit. Or use nsd-control
for detailed control.
* cron job for nsdc patch is gone. nsd-control write creates zonefiles.
* nsd.db has a new format that compacts itself when it is changed,
thus nsdc patch is no longer necessary.
* nsd.db is memory mapped, NSD needs (part of) that mmap in ram.
* tcp-count can go above 1000; epoll/kqueue support with libevent.
* nsd-control reconfig for updates with no restart (zones, keys, ..)
* nsd-control-setup to create keys for nsd-control (enable nsd-control
with remote-control: yes in nsd.conf).
Changes since puf-0.93.2a:
1.0.0 (16 Oct 2005)
- Fixed command line parsing error that caused -d to be taken as -dc
- -r[+[+]] doesn't imply -p any more, but it advances -p to -pr[+[+]]
- The scope of URL-based switches can be limited with brackets now
- The file supplied to -i is now interpreted as a generic command file
with one command line switch (incl. argument) or URL per line
- Dropped SPEC format - use -O and the new -xy/-xyy switches instead
- $http_proxy is now obeyed if no proxies are specified with -y/-iy
- Scope of -O switch unified with other URL-based switches
- Made -O buffer output when dumping multiple sources to one target
- Added support for "-O -"
- Added -A, -R, -D, -Dl, -Dr, -xr, -xu, -xs, -xo and -xO switches
- Removed -xe switch
- -xE now enumerates per occurrence of -P
- Vast performance improvements of large downloads
- Automatically %-escape [invalid] spaces in URLs
- Various bug fixes
- Change of versioning scheme to something more reasonable
0.93.3 (20 May 2004)
- Don't retry after HTTP errors 403 and 404. Added -xT switch to
enforce the old behaviour (for some really broken servers)
- Don't spawn a separate process for every DNS lookup, but use a
pool of DNS helper processes instead
- Added -xh and -dc switches
- Fixed file corruption on CygWin
Add missing DEPENDS
Upstream changes:
0.11 2012-02-13
- needs to actually depend on Path::Class
0.10 2012-02-12
- Fix ::FileHandle on pre-5.14 perls
0.09 2012-02-12
- oops, missed rafl's upload, rerelease with the correct version number
pax -rw, the destination directory must exist. pax in NetBSD creates it if
not, pax in MirBSD complains. I read through all pkgsrc Makefiles that use
pax and added an entry to INSTALLATION_DIRS, or an INSTALL_DATA_DIR
invocation.
I did not test all the changes but they should be fairly safe. If you notice
any breakage because of this change, please contact me.
- Use USE_PHP_EXT_PATCHES in net/php-sockets.
- Make AI_V4MAPPED noop if platform dosen't have it.
It is poor assumption that AI_V4MAPPED is always defined and V4 mapped
address is always available.
Changes since version 1.0.13:
* Better optional argument handling.
* Set $NAME when calling host-up/down and subnet-up/down scripts.
* Don't echo broadcast packets back when Broadcast = direct.
* Update copyright notices.
* Fix combination of Mode = router and DeviceType = tap on Linux.
* Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
* Use /dev/tap0 by default on FreeBSD and NetBSD when using Mode = switch.
* Document how to load the tap driver on FreeBSD.
* Update THANKS file.
* Also clarify hostnames=[yes|no] in tinc.conf(5).
* Attribution for Vil Brekin and some code style cleanups.
* Don't ignore Makefile.am.
* Fix links in documenation.
* Attribution for Martin Schürrer.
* Add strict checks to hex to binary conversions.
* Clear connection options and status fields in free_connection_partially().
* Fix warnings from cppcheck.
* Clear Ethernet header when reading packets from a tun device.
* Clear status and options fields of unreachable nodes.
* Fix warnings from groff.
* Using alloca() for a constant sized buffer is very silly.
* Make sure PMTU discovery works in switch mode with VLAN tags.
* Mention in the manual that support for LZO and zlib can be disabled.
* Fix configure script help text for --enable options.
* Don't take the address of a variable whose scope is about to disappear.
* Send broadcast packets using a random socket, and properly support IPv6.
* Remove text saying you must have one of PrivateKey or PrivateKeyFile in tinc.conf.
* Fix support for tunemu on iOS devices.
* Make sure PriorityInheritance also works in switch mode.
* Detect increases in PMTU.
* Fix a compiler warning.
* Fix segmentation fault when trying to connect via a SOCKS5 proxy.
* Don't send proxy requests for incoming connections.
* Fix compiler warnings on Windows.
* Fix detection of rejected SOCKS5 proxy requests.
* Basic patch for android cross-compilation.
* Replace hard-code with new ScriptsInterpreter configuration property.
* Add basic .gitignore file, cleaning (most) files generated by autotools.
* Use __ANDROID__ define rather than dirty hard-code to allow android NDK cross-compilation.
* Android cross-compilation instructions.
* Output details of encryption errors
* Minor clarification, tinc.conf hostnames=[yes|no] variable only resolves names for logging purposes.
* Support :: in IPv6 Subnets.
* Remove newline from log message.
* Add support for systemd style socket activation.
* Allow environment variables to be used for Name.
* Allow broadcast packets to be sent directly instead of via the MST.
* Add basic support for SOCKS 4 and HTTP CONNECT proxies.
* Add support for SOCKS 5 proxies.
* Add support for proxying through an external command.
* Document new proxy types.
* Small fixes in proxy code.
* Fix compiler warnings.
* Fix crash when using Broadcast = direct.
* configure.in: fix AC_ARG_ENABLE and AC_ARG_WITH
* add (errnum) in front of windows error messages
* Always try next Address when an outgoing connection fails to authenticate.
* Allow a port to be specified in BindToAddress statements.
* Add support for multicast communication with UML/QEMU/KVM.
* Set default value of DecrementTTL to "no".
* Add #ifdefs in case not all platforms support IPv4 and IPv6 multicast.
* Allow scoped addresses to be used for IPv6 multicast socket.
* Fix compiler warnings.
* Fix return value type of vde_send().
* Fix some more compiler warnings.
* Document OpenBSD "ifconfig link0" and Linux "ip tuntap" commands.
* Fix return type of vde_recv() as well.
* Mark DecrementTTL option experimental.
* Prevent read_rsa_public_key() from returning an uninitialized RSA structure.
* Return false instead of void when there is an error.
* Fix compilation of VDE and UML interfaces.
* Add vde/device.c to the tarball.
* Fix a few small memory leaks.
* Allow linking with multiple device drivers.
* Set FD_CLOEXEC flag on all sockets.
* Allow multiple BindToAddress statements.
* Merge branch 'master' of black:tinc
* Send packets back using the same socket as they were received on.
* Allow setting DeviceType to tun or tap on Linux.
* Merge branch 'master' of black:tinc
* Only compile raw socket code when it is supported on that platform.
* Decrement TTL of incoming packets.
* Don't bind outgoing TCP sockets anymore.
* Rename connection_t *broadcast to everyone.
* Allow disabling of broadcast packets.
* Move initialization of char *priority up to prevent freeing an uninitialized pointer.
* Document the command line flag -o and provide --option as well.
* Fix a bug that caused tinc to ignore all but the last listening socket.
* Fix check for raw socket support.
* Pass index into listen_socket[] to handle_incoming_vpn_data().
* Add LocalDiscovery option which tries to detect peers on the local network.
* Don't send ICMP Time Exceeded messages for other Time Exceeded messages.
* Stricter checks against routing loops.
* Only use broadcast at the start of the PMTU discovery phase.
* Only log errors sending UDP packets when debug level >= 5.
* Accept Subnets passed with the -o option when StrictSubnets = yes.
* Add missing ICMP6 message type definitions.
* Make sure disabling old RSA keys works on Windows.
* Update copyright notices.
* Add missing ICMP message type definitions.
* Make code to detect two nodes with the same Name less triggerhappy.
* Flush output buffer in send_tcppacket().
* Use usleep() instead of sleep(), MinGW complained.
* Reorder checks for libraries to allow ./configure LDFLAGS=-static.
* Make return value of SetPriorityClass() behave the same as setpriority().
* Fix sparse warnings and add an extra sprinkling of const.
* Remove newlines from log messages.
* Remove a few unnecessary #includes.
* Attribution for Loïc Grenié.
* Improved --logfile option.
* Remove redundant @CFLAGS@ from AM_CFLAGS.
* Nearly tickless tinc.
* Fix reading configuration files that do not end with a newline. Again.
* Define WINVER before including any other header file on Windows.
* Use intptr_t instead of long to store a pointer.
* OpenSSL 1.0.0 compiled for 64 bit Windows requires linking with -lcrypt32.
* Fix all warnings when compiling with mingw64.
* Use strrchr() insteaad of rindex().
* Detect and prevent two nodes with the same Name being on the VPN simultaneously.
* Use 64 bit counters to keep track of bytes sent/received from the virtual network interface.
* Do not append an address to ANS_KEY messages if we don't know any address.
* Merge local host configuration with server configuration.
* Remove duplicate command-line option parsing.
* Attribution for Julien Muchembled.
* Attribution for Timothy Redaelli.
* Ensure there is a newline character before a PEM key is written.
* Abort disabling old PEM keys on I/O errors.
* Remove unused variables.
* Quit when there are too many consecutive errors on the tun/tap device.
* Read error counter must be static.
* Add short options -R and -U to the tincd(8) manpage.
* Don't use strlen() on a NULL pointer.
* Provide usleep() for Windows.
* Use variable length arrays instead of alloca().
* Fix warning message when setting SO_RCVBUF or SO_SNDBUF fails.
* Free replay window when freeing a node_t.
* Fix variable length array declaration.
* Attribution for Brandon Black.
* Use setpriority() instead of nice() on UNIX-like systems.
* Always send MTU probes at least once every PingInterval.
* Close all filedescriptors in Solaris close_device().
* Limit field width when scanning PID file.
* Replace bogus #else with #endif.
* Remove unused variables.
* Document the behavior of "-n."
* Update the manual.
* Update the NEWS.
* Proper check and dropin replacement for usleep().
* Fix typo spotted by Andrew Scheller.
* Add support for VDE through libvdeplug.
* Fix spurious misidentification of incoming UDP packets.
* Prevent anything from updating our own UDP address.
* Do not set indirect flag on edges from nodes with multiple addresses.
* Increase threshold for detecting two nodes with the same Name.
* Always use the default signal handler for ABRT signals.
* Check for EVP_EncryptInit_ex instead of SHA1_Version in OpenSSL.
* Update THANKS and copyright information.
* Ensure proper linking with OpenSSL with recent versions of MinGW.
* Include <inttypes.h> when using intptr_t.
* Experimental IFF_ONE_QUEUE support for Linux
* Configurable SO_RCVBUF/SO_SNDBUF for the UDP socket
* Configurable ReplayWindow size, zero disables
* Improved handling of queue-jumping packets on receive
* New '-o' option to configure server or hosts from command line
* Fix command-line '-o' option for host configuration
* Fix warnings showed using -D_FORTIFY_SOURCE=2
* Fix warnings under BSD
* Treat netname="." in a special way.
* DragonFlyBSD support
Changes since 3.6.18:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 5917: Make Samba work on site with Read Only Domain Controller.
o Christian Ambach <ambi@samba.org>
* BUG 8955: NetrServerPasswordSet2 timeout is too short.
o Günther Deschner <gd@samba.org>
* BUG 9899: Fix fallback to ncacn_np in cm_connect_lsat().
* BUG 9615: Fix fallback to ncacn_np in cm_connect_lsat().
* BUG 10127: Fix 'smbstatus' as non-root user.
o Volker Lendecke <vl@samba.org>
* BUG 8955: Give machine password changes 10 minutes of time.
* BUG 10106: Honour output buffer length set by the client for SMB2 GetInfo
requests.
* BUG 10114: Handle Dropbox (write-only-directory) case correctly in
pathname lookup.
o Karolin Seeger <kseeger@samba.org>
* BUG 10076: Fix variable list in man vfs_crossrename.
o Andreas Schneider <asn@samba.org>
* BUG 9994: s3-winbind: Do not delete an existing valid credential cache.
* BUG 10073: 'net ads join': Fix segmentation fault in
create_local_private_krb5_conf_for_domain.
o Richard Sharpe <realrichardsharpe@gmail.com>
* BUG 10097: MacOSX 10.9 will not follow path-based DFS referrals handed
out by Samba.
- Fix memory leak caused by latcp -d & llogin -d
- Loads of protocol fixes and speed enhancements
NOTE: There are known problems with DECserver 90L terminal servers
- Add better support for DS90L servers reverse LAT
- Fix REQID message in moprc so it works with more servers.
Based on PR pkg/48269 by Gianni D'Aprile, with various fixes and improvements.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP),
released under the Apache license.
Based on PR pkg/48217 by Leonardo Taccari.
Changes:
v1.24 Mar 14 2010
- fixed another remotely triggerable NULL dereference in ip_fragment.c
- unofficial patch that enables tracking of already established TCP connections
- missing reset of some tcp_* variables upon nids_exit
- correct calculation of radiotap header
- compilation warning fixes with newer gcc
- use pcap_get_selectable_fd() instead of pcap_fileno()
OUTPUT CHANGES:
- Output numbers in 3-digit groups by default (e.g. 1,234,567). See the
--human-readable option for a way to turn it off. See also the daemon's
"log format" parameter and related command-line options (including
--out-format) for a modifier that can be used to request digit-grouping
or human-readable output in log escapes. (Note that log output is
unchanged by default.)
- The --list-only option is now affected by the --human-readable setting.
It will display digit groupings by default, and unit suffixes if higher
levels of readability are requested. Also, the column width for the size
output has increased from 11 to 14 characters when human readability is
enabled. Use --no-h to get the old-style output and column size.
- The output of the --progress option has changed: the string "xfer" was
shortened to "xfr", and the string "to-check" was shortened to "to-chk",
both designed to make room for the (by default) wider display of file
size numbers without making the total line-length longer. Also, when
incremental recursion is enabled, the string "ir-chk" will be used
instead of "to-chk" up until the incremental-recursion scan is done,
letting you know that the value to check and the total value will still
be increasing as new files are found.
- Enhanced the --stats output: 1) to mention how many files were created
(protocol >= 28), 2) to mention how many files were deleted (a new line
for protocol 31, but only output when --delete is in effect), and 3) to
follow the file-count, created-count, and deleted-count with a subcount
list that shows the counts by type. The wording of the transferred count
has also changed so that it is clearer that it is only a count of regular
files.
More...
1.80: 2012-02-26
-- FLV streaming plugin (Gosuke Miyashita <gosukenator@gmail.com>)
-- New Throttle plugin (Adam Thomason <thomason@reticulatedsplines.net>)
-- Force keepalives off when we haven't finished reading a request body, but we
are already sending a response. (Jonathan Steinert <hachi@kuiki.net>)
-- Add support for Content-MD5 checking on PUT requests to web server services.
(Eric Wong <normalperson@yhbt.net>)
-- Include an XFFExtras plugin that can add X-Forwarded-Port and X-Forwarded-Proto
headers to help proxy backends construct canonical URLs with less configuration.
(RT 60260) (Jonathan Steinert <hachi@kuiki.net>)
-- Fix perlbal-check's age calculation to get the maximum age of queues across all
Perlbals. (Abe Hassan <ahassan@saymedia.com>)
-- Add DEFAULT command to allow setting default values for later service tunables
(Mark Smith <mark@qq.is>)
-- Change IO::Socket::SSL version requirement error to reflect what we actually
require. (Jonathan Steinert <hachi@kuiki.net>)
-- Completely redo the deps list for perlbal. This addresses an issue exposed when
LWP was split into component modules (RT 68490) , plus other subtle issues we've
been ignoring or unaware of. (Jonathan Steinert <hachi@kuiki.net>)
-- Stop loading Storable, we don't use it (Jonathan Steinert <hachi@kuiki.net>)
-- Switch Devel::Peek to an optional requirement (Jonathan Steinert <hachi@kuiki.net>)
-- Change perlbal-check to use IO::Socket::INET, not just IO::Socket
(Jonathan Steinert <hachi@kuiki.net>)
-- Can use PERLBAL_REMOVE_FIELDS=1 to disable fields and improve performance
(Nicolas Rochelemagne <nicolas.rochelemagne@cpanel.net>)
-- Optimize handling of SET for bool values
(Nicolas Rochelemagne <nicolas.rochelemagne@cpanel.net>)
ryo-on, and myself.
cclive is a command line video extraction utility similar to clive
but with lower requirements. Its features are few and essential.
Supports Youtube, Googlevideo, Break, Liveleak, Sevenload, Evisortv
and Dailymotion.
0MQ version 3.2.4 stable, released on 2013/09/20
================================================
* LIBZMQ-84 (Windows) Assertion failed: Address already in use at signaler.cpp:80
* LIBZMQ-456 ZMQ_XPUB_VERBOSE does not propagate in a tree of XPUB/XSUB devices
* LIBZMQ-532 (Windows) critical section not released on error
* LIBZMQ-569 Detect OpenPGM 5.2 system library
* LIBZMQ-563 Subscribers sometimes stopped receiving messages (aka LIBZMQ-541)
* LIBZMQ-XXX Added support for Travis Continuous Integration
* LIBZMQ-XXX Several improvements to MSVC support
chrysn and Joe Nahmias have done a bunch of work on Calypso, and I even
managed to fix a couple of bugs. I've merged their stuff in and pushed
out a version 1.2 release this afternoon, along with an updated debian
package. A this point, all reported Debian bugs are closed (surely that
can't last through more than one release).
The only piece unmerged was the ForkingMixin stuff as that means that
each connection has to re-read the entire database at startup as there's
no persistent in-memory state. I'd love to figure out how to use the
ThreadingMixin instead, providing the same multi-session support along
with caching.
0.8 - Rainbow
=============
* New authentication and rights management modules (by Matthias Jordan)
* Experimental database storage
* Command-line option for custom configuration file (by Mark Adams)
* Root URL not at the root of a domain (by Clint Adams, Fabrice Bellet, Vincent Untz)
* Improved support for iCal, CalDAVSync, CardDAVSync, CalDavZAP and CardDavMATE
* Empty PROPFIND requests handled (by Christoph Polcin)
* Colon allowed in passwords
* Configurable realm message
0.62 (01/26/2013)
(dc) Add support for HTTP compression where available, enabled by default.
(cb) Add support for EAN to the US locale, as reported by Jacob Turino.
(cb) Add Spain and Italy locales, as implemented by Menno Blom.
(cb) Add some new departments in Amazon.co.jp, as implemented Naoya Ito.
Features:
* New config option "ip-transparent:" to allow NSD to bind to non local
addresses. Default no.
* Use IPV6 minimum MTU settings with TCP to reduce failures that are caused
by delays in learning working PMTU when communicating through a tunnel.
* Bugfix #496: Support for EUI48 and EUI64 RR types. Experimental,
turned off by default. Enable with --enable-draft-rrtypes.
* New config option "rrl-slip:" to set the average number of packets
discarded before we send back a truncated response.
* New config option "rrl-ipv4-prefix-length:" and "rrl-ipv6-prefix-length:"
to set the prefix lengths.
* Improved RRL logging, also print triggering query src address and QTYPE.
* Provide RRL documentation in nsd.conf.sample.
Bugfixes:
* Bugfix #357: Parent process waits until children closed down sockets,
to prevent NSD failing to bind to sockets when restarting.
* Bugfix #487: lookup3.c determine endianness for BSD systems.
* Bugfix #491: pick program name (0th argument) as syslog identity.
* Bugfix #494: Exit with return code 1 if socket code fails.
* Bugfix #495: Wrong bufsize in dname_to_string for root.
* Fix outgoing-interface: Don't fail if family is IPv6 but only IPv4
outgoing-interface is set, or vice versa.
* RRtypes ASFDB, RP, RT should not compress dnames.
* Check that zone directory is within chroot directory.
* Better XFR checking, fallback to AXFR (if allowed) if three malformed
XFR packets have been seen.
(CVE-2013-4854 and CVE-2013-3919 were already fixed in pkgsrc).
Security Fixes
Previously an error in bounds checking on the private type
'keydata' could be used to deny service through a deliberately
triggerable REQUIRE failure (CVE-2013-4854). [RT #34238]
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
New Features
Added Response Rate Limiting (RRL) functionality to reduce the
effectiveness of DNS as an amplifier for reflected denial-of-service
attacks by rate-limiting substantially-identical responses. [RT
#28130]
Feature Changes
rndc status now also shows the build-id. [RT #20422]
Improved OPT pseudo-record processing to make it easier to support
new EDNS options. [RT #34414]
"configure" now finishes by printing a summary of optional BIND
features and whether they are active or inactive. ("configure
--enable-full-report" increases the verbosity of the summary.)
[RT #31777]
Addressed compatibility issues with newer versions of Microsoft
Visual Studio. [RT #33916]
Improved the 'rndc' man page. [RT #33506]
'named -g' now no longer works with an invalid logging configuration.
[RT #33473]
The default (and minimum) value for tcp-listen-queue is now 10
instead of 3. This is a subtle control setting (not applicable
to all OS environments). When there is a high rate of inbound
TCP connections, it controls how many connections can be queued
before they are accepted by named. Once this limit is exceeded,
new TCP connections will be rejected. Note however that a value
of 10 does not imply a strict limit of 10 queued TCP connections
- the impact of changing this configuration setting will be
OS-dependent. Larger values for tcp-listen queue will permit
more pending tcp connections, which may be needed where there
is a high rate of TCP-based traffic (for example in a dynamic
environment where there are frequent zone updates and transfers).
For most production servers the new default value of 10 should
be adequate. [RT #33029]
Added support for OpenSSL versions 0.9.8y, 1.0.0k, and 1.0.1e
with PKCS#11. [RT #33463]
Added logging messages on slave servers when they forward DDNS
updates to a master. [RT #33240]
Changed the logging category for RRL events from 'queries' to
'query-errors'. [RT #33540]
Bug Fixes
Fixed the "allow-query-on" option to correctly check the destination
address. [RT #34590]
Fix forwarding for forward only "zones" beneath automatic empty
zones. [RT #34583]
Fix DNSSEC auto maintenance so signatures can be removed from a
zone with only KSK keys for an algorithm. [RT #34439]
Fix DNSSEC auto maintenance so signatures from newly inactive
keys are removed (when publishing a new key while deactivating
another key at the same time). [RT #32178]
Remove bogus warning log message about missing signatures when
receiving a query for a SIG record. [RT #34600]
Fix Response Policy Zones on slave servers so new RPZ changes
take effect. [RT #34450]
Fix the "zone-statistics" option to work with the default
traditional statistics (not new "--enable-newstats" feature).
[RT #34466]
named could crash when deleting inline-signing zones with "rndc
delzone". [RT #34066]
Improved resistance to a theoretical authentication attack based
on differential timing. [RT #33939]
named was failing to answer queries during "rndc reload" [RT
#34098]
win32: Some executables had been omitted from the installer. [RT
#34116]
fixed a broken 'Invalid keyfile' error message in dnssec-keygen.
[RT #34045]
The build of BIND now installs isc/stat.h so that it's available
to /isc/file.h when building other applications that reference
these header files - for example dnsperf (see Debian bug ticket
#692467). [RT #33056]
Better handle failures building XML for stats channel responses.
[RT #33706]
Fixed a memory leak in GSS-API processing. [RT #33574]
Fixed an acache-related race condition that could cause a crash.
[RT #33602]
rndc now properly fails when given an invalid '-c' argument. [RT
#33571]
Fixed an issue with the handling of zero TTL records that could
cause improper SERVFAILs. [RT #33411]
Fixed a crash-on-shutdown race condition with DNSSEC validation.
[RT #33573]
Corrected the way that "rndc addzone" and "rndc delzone" handle
non-standard characters in zone names. [RT #33419]
Adjusted RRL behavior for recursive queries to defer rate-limiting
until after recursion is complete. Also uses correct rcode for
slipped NXDOMAIN responses. [RT #33604]
Previously, BIND could erroneously report a missing file
specification when using inline slave zones. [RT #33662]
(CVE-2013-4854 and CVE-2013-3919 were already fixed in pkgsrc.)
Security Fixes
Previously an error in bounds checking on the private type
'keydata' could be used to deny service through a deliberately
triggerable REQUIRE failure (CVE-2013-4854). [RT #34238]
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
Feature Changes
rndc status now also shows the build-id. [RT #20422]
Improved OPT pseudo-record processing to make it easier to support
new EDNS options. [RT #34414]
"configure" now finishes by printing a summary of optional BIND
features and whether they are active or inactive. ("configure
--enable-full-report" increases the verbosity of the summary.)
[RT #31777]
Addressed compatibility issues with newer versions of Microsoft
Visual Studio. [RT #33916]
Improved the 'rndc' man page. [RT #33506]
'named -g' now no longer works with an invalid logging configuration.
[RT #33473]
The default (and minimum) value for tcp-listen-queue is now 10
instead of 3. This is a subtle control setting (not applicable
to all OS environments). When there is a high rate of inbound
TCP connections, it controls how many connections can be queued
before they are accepted by named. Once this limit is exceeded,
new TCP connections will be rejected. Note however that a value
of 10 does not imply a strict limit of 10 queued TCP connections
- the impact of changing this configuration setting will be
OS-dependent. Larger values for tcp-listen queue will permit
more pending tcp connections, which may be needed where there
is a high rate of TCP-based traffic (for example in a dynamic
environment where there are frequent zone updates and transfers).
For most production servers the new default value of 10 should
be adequate. [RT #33029]
Added support for OpenSSL versions 0.9.8y, 1.0.0k, and 1.0.1e
with PKCS#11. [RT #33463]
Added logging messages on slave servers when they forward DDNS
updates to a master. [RT #33240]
Bug Fixes
Fixed the "allow-query-on" option to correctly check the destination
address. [RT #34590]
Fix DNSSEC auto maintenance so signatures can be removed from a
zone with only KSK keys for an algorithm. [RT #34439]
Fix forwarding for forward only "zones" beneath automatic empty
zones. [RT #34583]
Fix DNSSEC auto maintenance so signatures from newly inactive
keys are removed (when publishing a new key while deactivating
another key at the same time). [RT #32178]
Remove bogus warning log message about missing signatures when
receiving a query for a SIG record. [RT #34600]
Fix Response Policy Zones on slave servers so new RPZ changes
take effect. [RT #34450]
Improved resistance to a theoretical authentication attack based
on differential timing. [RT #33939]
named was failing to answer queries during "rndc reload" [RT
#34098]
Fixed a broken 'Invalid keyfile' error message in dnssec-keygen.
[RT #34045]
The build of BIND now installs isc/stat.h so that it's available
to /isc/file.h when building other applications that reference
these header files - for example dnsperf (see Debian bug ticket
#692467). [RT #33056]
Better handle failures building XML for stats channel responses.
[RT #33706]
Fixed a memory leak in GSS-API processing. [RT #33574]
Fixed an acache-related race condition that could cause a crash.
[RT #33602]
rndc now properly fails when given an invalid '-c' argument. [RT
#33571]
Fixed an issue with the handling of zero TTL records that could
cause improper SERVFAILs. [RT #33411]
Fixed a crash-on-shutdown race condition with DNSSEC validation.
[RT #33573]
Corrected the way that "rndc addzone" and "rndc delzone" handle
non-standard characters in zone names. [RT #33419]
(CVE-2013-3919 is already fixed in pkgsrc).
Security Fixes
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
Feature Changes
rndc status now also shows the build-id. [RT #20422]
Improved OPT pseudo-record processing to make it easier to support
new EDNS options. [RT #34414]
"configure" now finishes by printing a summary of optional BIND
features and whether they are active or inactive. ("configure
--enable-full-report" increases the verbosity of the summary.)
[RT #31777]
Addressed compatibility issues with newer versions of Microsoft
Visual Studio. [RT #33916]
Improved the 'rndc' man page. [RT #33506]
'named -g' now no longer works with an invalid logging configuration.
[RT #33473]
The default (and minimum) value for tcp-listen-queue is now 10
instead of 3. This is a subtle control setting (not applicable
to all OS environments). When there is a high rate of inbound
TCP connections, it controls how many connections can be queued
before they are accepted by named. Once this limit is exceeded,
new TCP connections will be rejected. Note however that a value
of 10 does not imply a strict limit of 10 queued TCP connections
- the impact of changing this configuration setting will be
OS-dependent. Larger values for tcp-listen queue will permit
more pending tcp connections, which may be needed where there
is a high rate of TCP-based traffic (for example in a dynamic
environment where there are frequent zone updates and transfers).
For most production servers the new default value of 10 should
be adequate. [RT #33029]
Bug Fixes
Fixed the "allow-query-on" option to correctly check the destination
address. [RT #34590]
Fix forwarding for forward only "zones" beneath automatic empty
zones. [RT #34583]
Remove bogus warning log message about missing signatures when
receiving a query for a SIG record. [RT #34600]
Improved resistance to a theoretical authentication attack based
on differential timing. [RT #33939]
The build of BIND now installs isc/stat.h so that it's available
to /isc/file.h when building other applications that reference
these header files - for example dnsperf (see Debian bug ticket
#692467). [RT #33056]
Better handle failures building XML for stats channel responses.
[RT #33706]
Fixed a memory leak in GSS-API processing. [RT #33574]
Fixed an acache-related race condition that could cause a crash.
[RT #33602]
rndc now properly fails when given an invalid '-c' argument. [RT
#33571]
Fixed an issue with the handling of zero TTL records that could
cause improper SERVFAILs. [RT #33411]
Fixed a crash-on-shutdown race condition with DNSSEC validation.
[RT #33573]
(leaf package, mainly bugfixes, checked with MAINTAINER)
v3.0.717 (14 August 2013)
- (OS X only) Work around lack of clock_gettime().
- Fix crash due to str_appendf() not understanding %ld.
v3.0.716 (8 August 2013)
- Implement support for multiple capture interfaces.
- Support multiple local IPs on an interface.
- Only error out if we fail to create all HTTP sockets.
In particular, this helps on IPv6-incapable platforms.
- Use monotonic time over wall time where appropriate.
- Portability fixes for NetBSD and OpenBSD.
EM-Socksify: Transparent SOCKS support for any EventMachine protocol
Dealing with SOCKS proxies is pain. EM-Socksify provides a simple shim to
setup & negotiate a SOCKS5 connection for any EventMachine protocol. To add
SOCKS support, all you have to do is include the module and provide your
destination address.
changes:
-scripting improvements
-added lua scripting support to ncat
-hundreds of new OS and service detection signatures
-version scanning through a chain of proxies
-improved target specification
-performance enhancements and bug fixes
pkgsrc note: added "lua" option
approved by The Maintainer
freediameter (1.2.0) UNRELEASED; urgency=low
* Major changes in the logging system to be more syslog and production friendly
* New extension: dict_dcca_3gpp
* New extension: dict_dcca_starent (Starent DCCA vendor-specific AVPs)
* New extension: rt_ignore_dh (hide network topology by proxying Destination-Host).
* New extension: rt_load_balance (load balancer based on pending queue size).
* New extension: rt_busypeers. See doc/rt_busypeers.conf.sample.
* New extension: dbg_msg_timings. Measures timing of message operations.
* New extension: dbg_msg_dumps. Use to control hooks display.
* New API (fd_hook_*) for extensions to control messages logging & profiling
* New API (fd_stats_*) for extensions to monitor framework state (e.g. SNMP implem)
* API change: all the fd_*_dump functions now return malloc'd strings instead of logging directly.
* API change: callback parameter of fd_rt_out_register had its signature updated.
* Updated dbg_monitoring extension to use the new API
* New script to generate dictionary extensions from org file (see contrib/tools)
* New compilation option: WORKAROUND_ACCEPT_INVALID_VSAI to improve compatibility
with invalid Vendor-Specific-Application-Id AVPs received from some equipments (e.g. Cisco).
* New compilation option: DISABLE_PEER_EXPIRY for use in test environments.
* Extensions are now also searched in LD_LIBRARY_PATH.
* Copy Proxy-Info AVP automatically in new answers.
* Port value 0 allowed in configuration to disable local server (e.g. disable non-secure port).
* API change: fd_msg_send_timeout now takes a separate callback for timeout situation.
* Function changes: fd_msg_dump_* now split in three different type of output.
* New test testmesg_stress to measure message parser performance
* Fix termination of the framework to avoid failures.
* Fix invalid timespec value in peer PSM appearing randomly (leading to crash).
* Return DIAMETER_LOOP_DETECTED if local peer in the Route-Record list of a message.
* Allow running without TLS configuration.
* Upgraded SCTP code to comply with RFC 6458
* Using default secure Diameter port number 5658 as per RFC 6733
* Updated TLS code for performance improvements with new GNU TLS.
* Fix interlocking problem when large number of requests were failed over.
* New option in test_app.fdx extension for long messages payload.
* Performance improvement in message sending code path.
-- Sebastien Decugis <sdecugis@freediameter.net> Sat, 14 Sep 2013 18:08:07 +0800
---------------------
Bugfixes:
* Response with NSID contained extra bytes after reload
* List of remotes is scanned for longest prefix match
* Multipacket TSIG signatures for transfers
* Wrongly parsed TSIG key secret without quotes
* Removed autoconf checks for extended instruction sets
v1.3.0 - Aug 5, 2013
--------------------
Features:
* Defaults for CH TXT id.server,version.server (see doc)
Bugfixes:
* Progressive interval for bootstrap retry
* Transfers randomly cancelled
* Disabling RRL on reload
* Secondary groups not initialized when dropping privileges
* Responding to DS queries for names at or below delegation points
v1.3.0-rc5 - Jul 29, 2013
-------------------------
Features:
* Much faster bootstrap of many zones
Bugfixes:
* Removed deprecated 'knotc -w' option
* Slave ignores out-of-zone records in zone
* Support for obsolete types in zone transfers
* Slave zone file names fixes
* Long transfers being randomly dropped
v1.3.0-rc4 - Jul 15, 2013
-------------------------
Features:
* --with-configdir option for default config path
* Reintroducted 'pidfile' config option
Bugfixes:
* AXFR/IXFR subsystem performance improvements
* Rescheduling of AXFR in some cases
* RRSIGs not in the same section for DS records
* Log messages leaking to syslog
* 'knotc restart' option removed due to several limitations
v1.3.0-rc3 - Jun 28, 2013
-------------------------
Features:
* Utility to estimate memory consumption (see 'knotc memstats')
* PID file is not created when running on foreground
* UNIX sockets support for knotc
* Configurable 'rundir' and 'storage'
Bugfixes:
* IXFR with an arbitrary number of diffs
* Processing of knotc TSIG keyfile
* Atomic PID file writing, removed deprecated 'knotc start'
* Performance regression when RRSIGs came before covered RRs in AXFR
v1.3.0-rc2 - Jun 14, 2013
-------------------------
Bugfixes:
* Label compression related bug
* Proper resolution of some CNAME chains
* Unstable response rate in rare cases
* Several log messages
v1.3.0-rc1 - Jun 4, 2013
---------------------------
Features:
* Faster zone parser
* Full support for EUI and ILNP resource records
* Lower memory footprint for large zones
* No compilation of zones
* Improved scheduling of zone transfers
* Logging of serials and timing information for zone transfers
* Config: 'groups' keyword allowing to create groups of remotes
* Config: 'include' keyword allowing other file includes
* Client utilities: kdig, khost, knsupdate
* Server identification using TXT/CH queries (RFC 4892)
* Improved build scripts
* Improved dname compression and performance
Bugfixes:
* Fixed creating of PID file when dropping privileges
lldpd (0.7.6)
* Features:
+ Provide a way to build packages for OSX.
+ Add an option to update interface description with neighbor name.
* Fixes:
+ Compilation fix for OSX 10.6.
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2013-54
The Bluetooth HCI ACL dissector could crash. Discovered by
Laurent Butti. (Bug 8827)
Versions affected: 1.10.0 to 1.10.1
* wnpa-sec-2013-55
The NBAP dissector could crash. Discovered by Laurent
Butti. (Bug 9005)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-56
The ASSA R3 dissector could go into an infinite loop.
Discovered by Ben Schmidt. (Bug 9020)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-57
The RTPS dissector could overflow a buffer. Discovered by
Ben Schmidt. (Bug 9019)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-58
The MQ dissector could crash. (Bug 9079)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-59
The LDAP dissector could crash. Versions affected: 1.10.0
to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-60
The Netmon file parser could crash. Discovered by G.
Geshev. (Bug 8742)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
- The following bugs have been fixed:
* Lua ByteArray:append() causes wireshark crash. (Bug
4461)
* Lua script can not get "data-text-lines" protocol data.
(Bug 5200)
* Lua: Trying to use Field.new("tcp.segments") to get
reassembled TCP data is failed. (Bug 5201)
* "Edit Interface Settings": "Capture Filter" combo box is
not populated across Wireshark sessions. (Bug 7278)
* PER normally small non-negative whole number decoding is
wrong when >= 64. (Bug 8841)
* Strange behavior of tree expand/collapse in packet details.
(Bug 8908)
* Incorrect parsing of IPFIX *IpTotalLength elements.
(Bug 8918)
* IO graph/advanced, max/min/summ error on frames with
multiple Diameter messages. (Bug 8980)
* pod2man error on reordercap.pod. (Bug 8982)
* SGI Nsym disambiguation is unconditionally displayed when
dissecting VHT. (Bug 8989)
* The Wireshark icon doesn't show up in OS X 10.5. (Bug
8993)
* Build fails if system Python is version 3+. (Bug 8995)
* SCSI dissector does not parse PERSISTENT RESERVE commands
correctly. (Bug 9012)
* SDP messages throws an assert. (Bug 9022)
* Wireshark fails to decode single-line, multiple Contact:
URIs in SIP responses. (Bug 9031)
* PN_MRP LinkUp Message is shown as LinkDown in info.
(Bug 9035)
* Dissector for EtherCAT: ADS highlighting in the Packet
Bytes Pane is incorrect. (Bug 9036)
* 802.11 HT Extended Capabilities B10 decode incorrect.
(Bug 9038)
* Wrong dissection of MSTI Root Identifiers for all MSTIs.
(Bug 9088)
* Weird malformed HTTP error. (Bug 9101)
* Warning for attempting to install 64-bit Wireshark on a
32-bit machine has an embedded "\n". (Bug 9103)
* Wireshark crashes when using "Export Specified Packets" >
"Displayed". (Bug 9106)
- Updated Protocol Support
ASN.1 PER, ASSA R3, Bluetooth HCI ACL, EtherCAT AMS, GTPv2,
HTTP, IEEE 802.11, IPFIX, ISDN SUP, LDAP, MQ, NBAP, Novell SSS,
PROFINET MRP, Radiotap, ROHC, RTPS, SCSI, SIP, and STP
- New and Updated Capture File Support
Microsoft Network Monitor, pcap-ng.
2013-09-01 Flickcurl Version 1.25 Released
More OAuth fixes including getting uploading fully working.
Multiple internal OAuth changes to simplify code.
Updated the coverage for API calls added in the last year
approximately.
Added new API call to get the most frequently used tags for a user.
This does not seem to work over OAuth:
flickcurl_tag** flickcurl_tags_getMostFrequentlyUsed(flickcurl* fc);
Added new API call to get the groups of a user:
flickcurl_group** flickcurl_people_getGroups(flickcurl* fc,
const char* user_id, const char* extras);
Added new API call to get contacts tagging suggestions but reordered
the parameters to match the rest of the contacts.get* API calls.
flickcurl_contact** flickcurl_contacts_getTaggingSuggestions(flickcurl* fc,
const char* include_self, const char* include_address_book,
int page, int per_page);
Added new API calls flickcurl_groups_join(),
flickcurl_groups_joinRequest() and flickcurl_groups_leave() for (some
of) the new group API:
int flickcurl_groups_join(flickcurl* fc, const char* group_id,
const char* accept_rules);
int flickcurl_groups_joinRequest(flickcurl* fc, const char* group_id,
const char* message, const char* accept_rules);
int flickcurl_groups_leave(flickcurl* fc, const char* group_id,
const char* delete_photos);
Updated the example code flickrdf.c to use the non-deprecated
flickcurl_photos_getInfo2()
Updated deprecated flickcurl-config(1) program to be independent of
pkg-config. This allows make distcheck to work.
This minor maintenance release provides accumulated build configuration
improvements and janitorial cleanups.
Alan Coopersmith (8):
xfindproxy only depends on xproto, not x11
Convert STRING_BYTES & STORE_STRING from macros to inline functions
Fix some clang warnings about implicit integer size/sign conversions
Stop casting malloc return values
Move global appContext into main() to avoid shadow warnings
Mark input string to cvthexkey() as const
Fix some clang integer conversion warnings in cvthexkey()
xfindproxy 1.0.3
Changes from History.txt:
=== 0.5.0 2013-08-26
* show RT/Fav count on % tw --id=1234552234
=== 0.4.9 2013-08-22
* show tweet by status_id % tw --id=1234543234
The PowerDNS nameserver is a modern, advanced and high performance
authoritative-only nameserver. It is written from scratch and conforms
to all the relevant DNS standards documents. PowerDNS is open source.
The PowerDNS nameserver utilizes a flexible backend architecture that
can access DNS information from any data source. This includes file
formats, BIND zone files, relational databases or LDAP directories.
This packages provides the SQLite version 3 backend module.
**** 0.72 Dec 28, 2012
Fix rt.cpan.org #82148
nxrrset fails to ignore RDATA.
Fix rt.cpan.org #82134
TSIG key and algorithm names not downcased in digest.
Class not forced to ANY.
Fix rt.cpan.org #82063
yxrrset, nxrrset and rr_del functions should force zero TTL.
Fix rt.cpan.org #82047
Clarify documentation to indicate that header counts may
differ from the number of RRs present if a packet is corrupt.
Fix rt.cpan.org #81941
Clarify documentation to make clear that bgread will not switch to
TCP when a truncated packet is received.
**** 0.71 Dec 15, 2012
Temporary workaround rt.cpan.org #81760
The rdatastr method for TXT RRs will return unconditionally
quoted rdata fields to work around an issue with updating
SpamAssassin rules. This workaround will be reverted after
release of a version of SpamAssassin which resolves the issue.
Fix rt.cpan.org #81942
Fix memory leak on packet cleanup. The back-reference via the
header attribute (with xbody) caused the garbage collector not
to clean a packet. Header is now explicitly cleaned via
Net::DNS::Packet::DESTROY.
Fix TSIG initialization
Uninitialised algorithm attribute caused signature generation
to fail silently when creating a TSIG signed packet.
Fix rt.cpan.org #81869
The rr_del auxilliary function broken by a conflicting change
in the RR.pm string parser. Note the ambiguous use of ANY,
which may stand for CLASS255 or TYPE255 depending upon the
argument string presented.
Fix rt.cpan.org #81756
Test failures on Perl 5.8.5 .. 5.8.8.
lc(), uc() and case insensitive regex matching broken for UTF8.
Thanks are due to Paul Howarth for patient work with perl -d.
Fix rt.cpan.org #81787
NXDOMAIN no longer reported by $resolver->errorstring.
Fix rt.cpan.org #81814
Allow zero in format, tag and algorithm fields of CERT RR.
Fix rt.cpan.org #81786
Substitute last owner for leading spaces in multiline zonefile RR.
Fix rt.cpan.org #77444
Make use of new extended header modus operandi for OPT records
also in the resolver. Preventing a warning.
**** 0.70 Dec 6, 2012
Feature added support for NID L32 L64 LP, RFC6742.
(allow ruby-2.0 and fixes locale data installation)
== 2.0.1: 2013-08-29
A bug fix release for the first time in a year!
=== Improvements
* Supported initial setup on environments that don't support opening a URI
from GTK+ such as OS X.
0.20.4
======
Changes since 0.20.3:
- Fix warnings in gtk-doc run.
- Some minor improvements to the documentation.
- Make the user-agent ASCII-only to fix issues with discovery when
g_get_application_name () returned a translated string.
- Force HTTP version to be 1.1 in SOAP requests.
- Fix potential crashes in XML parsing.
- Fix potential memory leak in gupnp_service_proxy_send_action_valist.
- Some codestyle fixes.
- Add gupnp_device_info_list_dlna_device_class_identifier () to retrieve the
content of <dlna:X_DLNADOC> nodes.
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=704953
- https://bugzilla.gnome.org/show_bug.cgi?id=702555
- https://bugzilla.gnome.org/show_bug.cgi?id=704094
- https://bugzilla.gnome.org/show_bug.cgi?id=700947
All contributors to this release:
Ludovic Ferrandis <ludovic.ferrandis@intel.com>
Jens Georg <mail@jensge.org>
Sébastien Bianti <sebastien.bianti@linux.intel.com>
Bastien Nocera <hadess@hadess.net>
0.14.4
======
- Fix gtk-doc warnings.
- Use SO_REUSEPORT on FreeBSD and Debian/kFreeBSD.
- Fix discovery issue with some devices when g_get_application_name returned a
non-ASCII translated version of the name.
- Fix a compiler warning about parentheses.
- Use GNOME_COMPILE_WARNINGS for a safe set of strict compiler warnings.
- Remove the use of INCLUDES which has been deprecated for a while.
All contributors to this release:
Jens Georg <jensg@openismus.com>
Bastien Nocera <hadess@hadess.net>
* Fix build with lua 5.2.
Changelog:
Main changes for LuaSocket 3.0-rc1 are IPv6 support and Lua 5.2 compatibility.
* Added: Compatible with Lua 5.2
- Note that unless you define LUA_COMPAT_MODULE, package
tables will not be exported as globals!
* Added: IPv6 support;
- Socket.connect and socket.bind support IPv6 addresses;
- Getpeername and getsockname support IPv6 addresses, and
return the socket family as a third value;
- URL module updated to support IPv6 host names;
- New socket.tcp6 and socket.udp6 functions;
- New socket.dns.getaddrinfo and socket.dns.getnameinfo functions;
* Added: getoption method;
* Fixed: url.unescape was returning additional values;
* Fixed: mime.qp, mime.unqp, mime.b64, and mime.unb64 could
mistaking their own stack slots for functions arguments;
* Fixed: Receiving zero-length datagram is now possible;
* Improved: Hidden all internal library symbols;
* Improved: Better error messages;
* Improved: Better documentation of socket options.
* Fixed: manual sample of HTTP authentication now uses correct
"authorization" header (Alexandre Ittner);
* Fixed: failure on bind() was destroying the socket (Sam Roberts);
* Fixed: receive() returns immediatelly if prefix can satisfy
bytes requested (M Joonas Pihlaja);
* Fixed: multicast didn't work on Windows, or anywhere
else for that matter (Herbert Leuwer, Adrian Sietsma);
* Fixed: select() now reports an error when called with more
sockets than FD_SETSIZE (Lorenzo Leonini);
* Fixed: manual links to home.html changed to index.html (Robert Hahn);
* Fixed: mime.unb64() would return an empty string on results that started
with a null character (Robert Raschke);
* Fixed: HTTP now automatically redirects on 303 and 307 (Jonathan Gray);
* Fixed: calling sleep() with negative numbers could
block forever, wasting CPU. Now it returns immediately (MPB);
* Improved: FTP commands are now sent in upper case to
help buggy servers (Anders Eurenius);
* Improved: known headers now sent in canonic
capitalization to help buggy servers (Joseph Stewart);
* Improved: Clarified tcp:receive() in the manual (MPB);
* Improved: Decent makefiles (LHF).
* Fixed: RFC links in documentation now point to IETF (Cosmin Apreutesei).
PR pkg/48156
* add a sc_warts2json utility program that prints out JSON renderings
of trace, ping, and dealias objects in scamper warts files. this is
useful when developing simple analysis programs in perl. the
initial implementation of JSON output for ping and trace was
supplied by Internap. Thanks a lot Internap!
* add a sc_speedtrap utility program that resolves a set of IPv6
interfaces for aliases (which interfaces belong to the same router).
documented in sc_speedtrap(1) man page.
http://www.caida.org/~mjl/pubs/speedtrap.pdf
* add a sc_ipiddump utility program that prints out all IPIDs received
in ping and dealias objects. documented in sc_ipiddump(1) man page.
in ping and dealias objects. documented in sc_ipiddump(1) man page.
in scamper:
* output json objects with -O json
* add -O debugfileappend, causing the debugfile to be appended to
rather than truncated
* do not output debugging information to stderr if NDEBUG was
specified
* drain fds that are not used by any measurement but have not been
closed yet
* improve the use of poll()
* allow a control socket client to specify its mixing priority
* correctly interpret the neighbour discovery cache sysctl on MacOS.
* fix build on MacOS systems without IPFW.
* fixes prompted by clang static analysis.
* fixes prompted by clang static analysis.
in sc_analysis_dump:
* improvements to the comment header printed automatically at the start
* add -M option to print out MPLS headers in ICMP extensions.
* add -Q option to print out Quoted IP TTL
* add -T option to print out the IP TTL of the response packet
in scamper-ping
* implement stats function so that the stats printed are not junk
* add an -M <mtu> option which causes scamper to send a PTB in
response to a packet larger than the given size.
* add a -P icmp-time option which causes ping to send ICMP timestamp
requests.
requests.
in scamper-sting:
* various improvements in the hole filling phase.
* add -U <userid>
in scamper-dealias:
* implement IPv6 support for Ally and RadarGun which is induced by
sending ICMP echo packets larger than a given pseudo MTU size
(causing a responses to be fragmented and thus an ID field revealed.
* implement IPv6 support for Mercator
* be more strict in declaring two interfaces to be aliases: infer
the byte ordering by determining if the shortest distance in a
sequence of ID values is in byte-swapped or not, and then using
that byte ordering mode.
=============================================
Release Highlights
==================
server
------
bug fixes
25713 fix crash in the delegate mechanism leading to various crashes, and
intra-cluster incompatibility between RabbitMQ 3.1.4 and other members
of the 3.1.x series (since 3.1.4)
25700 25710 prevent (harmless) errors being logged when pausing in
pause_minority mode (since 3.1.0)
LDAP plugin
-----------
bug fixes
25703 prevent channel crash when attempting to retrieve LDAP attribute that
does not exist (since 2.7.0)
Changes in 3.1.4
=============================================
Security Fixes
==============
server
------
25686 ensure DLX declaration checks for publish permission (since 2.8.0)
management plugin
-----------------
24803 update to a later version of Mochiweb that fixes a directory traversal
vulnerability allowing arbitrary file access on Windows (since 2.1.0)
Release Highlights
==================
server
------
bug fixes
25638 fix resource leak with mirrored queues when whole clusters stop
(since 3.0.0)
25624 fix queue crash in mirrored queue handling of messages during promotion
(since 2.6.0)
25615 25670 fix race conditions in mirrored queues when different cluster
nodes start and stop near-simultaneously (since 2.6.0)
25617 fix corrupt_cluster_status_files error after abrupt node shutdown
(since 3.0.0)
25645 fix mirrored queue sync failure in the presence of un-acked messages
not at the head of the queue (since 3.1.0)
25640 fix race condition leading to channel crash with low prefetch count
repeated basic.consume and basic.cancel (since 3.1.0)
25625 fix memory leak of mirrored queue messages during promotion
(since 2.6.0)
25649 allow hipe compilation on Erlang R16B01
25659 allow offline cluster node removal with a node which is not second
from last (since 3.0.0)
25648 make `rabbitmqctl join_cluster' idempotent (since 3.0.0)
25651 improve `rabbitmqctl cluster_status' handling of partition info when
cluster nodes are in the process of stopping (since 3.1.0)
25689 ensure launch of subprocesses to monitor disk space and file handles
works correctly when clink shell is installed on Windows (since 2.1.0)
25594 fix rabbit_error_logger crash during failed startup (since 1.4.0)
25631 fix bug in shutdown sequence that could lead to spurious
INTERNAL_ERRORs being sent to clients (since 3.1.0)
erlang client
-------------
bug fixes
25632 fix broken error handling in amqp_network_connection that could lead
to a crash during broker shutdown (since 2.4.0)
25688 fix bug in challenge-response auth handling (since 2.3.0)
enhancements
25674 add amqp_rpc_{client,server}:start_link()
STOMP plugin
------------
bug fixes
25691 fix connection crash on consumer cancellation notification (since 3.0.0)
build and packaging
-------------------
bug fixes
25668 add ssl support to OS X standalone package
25584 ensure that VERSION is set correctly when building src packages
(since 2.7.0)
Upstream changes:
1.06 August 21, 2013
! #87935 skip all MIME-Parser tests if it is not installed
! #87787 Use of uninitialized value $ns in Lite.pm
1.05 August 18, 2013
! #87848 Fix manifest, fix invalid http version from release blunder
======
* proxy/gnome: Fix "automatic" mode, which was mistakenly being
treated as "none" (Dan)
* proxy/gnome: Use this in Unity sessions as well as GNOME ones.
(#698936, Iain Lane)
* proxy/libproxy: Fix handling of SOCKS proxies (#699359, Dan)
since 1.24 see file NEWS in the distfile.
Security fixes since 1.24:
* Fix crash when processing crafted commands (CVE-2012-4502)
(possible with IP addresses allowed by cmdallow and localhost)
* Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES
replies (CVE-2012-4503) (not used by chronyc)
Reviewed by: Joerg Sonnenberger <joerg@netbsd.org>
