Changes:
2.9.8
* TLS Interoperability workaround: turn on SHA-2 digests by force.
This improves interoperability with clients and servers that
deploy SHA-2 digests without the required support for TLSv1.2-style
digest negotiation.
* TLS Performance workaround: the Postfix SMTP server TLS session
cache had become ineffective because recent OpenSSL versions
enable session tickets by default, resulting in a different
ticket encryption key for each smtpd(8) process. The workaround
turns off session tickets. Postfix 2.11 will enable session
tickets properly.
* TLS Interoperability workaround: Debian Exim versions before
4.80-3 may fail to communicate with Postfix and possibly other
MTAs, with the following Exim SMTP client error message:
TLS error on connection to server-name [server-address]
(gnutls_handshake): The Diffie-Hellman prime sent by the
server is not acceptable (not long enough)
See the RELEASE_NOTES file for a Postfix SMTP server configuration
workaround.
* Bugfix (defect introduced: 1997): memory leak while forwarding
mail with the local(8) delivery agent, in code that handles a
cleanup(8) server error.
2.9.7
* Bugfix (introduced: Postfix 2.0): when myhostname is not listed in
mydestination, the trivial-rewrite resolver may log "do not list in both
mydestination and ". The fix is to re-resolve a domain-less address after
adding $myhostname as the surrogate domain, so that it pops out with the
right address-class label. Reported by Quanah Gibson-Mount.
* Bugfix (introduced: Postfix 2.3): don't reuse TCP connections when
smtp_tls_policy_maps is specified. TLS policies may depend on the remote
destination, but the Postfix <2.11 SMTP connection cache client does not
distinguish between different destinations that resolve to the same IP
address. Victor Duchovni. Found during Postfix 2.11 code maintenance.
* Bugfix (introduced: Postfix 2.2): don't reuse TCP connections when SASL
authentication is enabled. SASL passwords may depend on the remote SMTP
server hostname, but the Postfix <2.11 SMTP connection cache client does not
distinguish between different hostnames that resolve to the same IP
address. Found during Postfix 2.11 code maintenance.
The PowerDNS nameserver is a modern, advanced and high performance
authoritative-only nameserver. It is written from scratch and conforms
to all the relevant DNS standards documents. PowerDNS is open source.
The PowerDNS nameserver utilizes a flexible backend architecture that
can access DNS information from any data source. This includes file
formats, BIND zone files, relational databases or LDAP directories.
This packages provides the SQLite version 3 backend module.
tnn, and myself.
Contains the xcutsel and xclipboard programs which help with managing the X
server clipboard.
This is from the modular X.org X11 project.
Version 3.4
---------------------
02/17/11: beazley
Minor patch to make cpp.py compatible with Python 3. Note: This
is an experimental file not currently used by the rest of PLY.
02/17/11: beazley
Fixed setup.py trove classifiers to properly list PLY as
Python 3 compatible.
01/02/11: beazley
Migration of repository to github.
------------------------------------------
version 1.222 at 2013-08-15 07:12:54 +0000
------------------------------------------
Change: 3161b01391d7ec55d7fd8f06b6de9ceb31126416
Author: Rocco Caputo <rcaputo@cpan.org>
Date : 2013-08-15 03:03:53 +0000
Automate more of dist.ini.
------------------------------------------
version 1.221 at 2013-08-04 06:13:24 +0000
------------------------------------------
Change: 4e0b8cc01214485a5d4f40b7318f2646f84c5ccb
Author: Rocco Caputo <rcaputo@cpan.org>
Date : 2013-08-04 02:13:24 +0000
Add .gitignore and MANIFEST.SKIP to ignore build artifacts.
Releases will fail because the release built artifacts look like
untracked files. Ignore them in .gitignore. Also ignore temporary
files in MANIFEST.SKIP.
Change: c5467dc4260c3ceb57e8253957c1449d3d00617a
Author: Rocco Caputo <rcaputo@cpan.org>
Date : 2013-08-04 02:01:30 +0000
[rt.cpan.org 65060] Don't destroy the server list when connections
fail.
Connections may fail for transient reasons. It's better to assume the
servers will come back eventually and take the performance hit on
reconnect than to exhaust the list and never succeed again.
If this fix helps you, thank Timo Santi for reporting the bug.
Change: b9835824080c25817a37bcbf6d1c3bb4ab5d51f7
Author: Rocco Caputo <rcaputo@cpan.org>
Date : 2013-08-04 01:43:39 +0000
Switch to Dist::Zilla.
Change: 15ec95acbfed79a4f4e341e150af25964fc776a3
Author: Rocco Caputo <rcaputo@cpan.org>
Date : 2010-03-08 01:29:07 +0000
Fix the repository URLs and copyright date in the docs.
1.11 - Sat Jul 28 16:09:37 2012
* Clarify the license as LGPL v3 (29 June 2007) (RT 78629)
1.10 - Wed Jul 11 19:25:12 2012
* Add MirBSD support. It's the same options as Sun stuff.
#-----------------------------------------------------------------------
# Version 2.25 - 24th July 2013
#------------------------------------------------------------------------
* Jon Jensen fixed the behaviour of split() which changed in Perl 5.18.0
* Jay Hannah added repository information for metacpan.org et. al.
* Colin Keith fixed Template::Provider's handling of directories
* Kevin Goess made the date plugin accept the ISO8601 "T" separator
* David Steinbrunner fixed various typos.
* Andreas Koenig silenced recent Pod::Simple warnings
* Slaven Rezic silenced warnings in the replace vmethod.
* Ricardo Signes made the Image plugin emit extra tags in a predictable order
* Johan Vromans added the --link option to ttree.
* Smylers added documentation for the ENCODING option.
* Andy Wardley made some minor documentation changes relating to github.
2.08 Thu Aug 22 23:11:45 CDT 2013
====================================
[ENHANCEMENTS]
ack now ignores CMake's build/cache directories by default. Thanks,
Volodymyr Medvid.
Add shebang matching for --lua files.
Add documentation for --ackrc.
Add Elixir filetype.
Add --cathy option. Thanks to Joe McMahon.
Add some helpful debugging tips when an invalid option is found.
Thanks to Charles Lee.
Ignore PDF files by default, because Perl will detect them as text.
Ignore .gif, .jpg, .jpeg and .png files. They won't normally be
selected, but this is an optimization so that ack doesn't have to
open them to know.
[FIXES]
Ack's colorizing of output would get confused with multiple sets
of parentheses. This has been fixed. (Issue #276)
Ack would get confused when trying to colorize the output in
DOS-format files. This has been fixed. (Issue #145)
2.05_01 Tue May 28 10:12:04 CDT 2013
====================================
[ENHANCEMENTS]
We now ignore the node_modules directories created by npm. Thanks,
Konrad Borowski.
--pager without an argument implies --pager=$PAGER.
--perl now recognizes Plack-style .psgi files. Thanks, Ron Savage.
Added filetypes for Coffescript, JSON, LESS, and Sass.
[FIXES]
Command-line options now override options set in ackrc files.
ACK_PAGER and ACK_PAGER_COLOR now work as advertised.
Fix a bug resulting in uninitialized variable warnings when more
than one capture group was specified in the search pattern.
Make sure ack is happy to build and test under cron and other
console-less environments.
Colored output is now supported and on by default on Windows.
2012-07-05 Slaven Rezic <slaven@rezic.de>
Release 1.36
Stable release with all changes in 1.35_50..1.35_51
2013-06-28 Slaven Rezic <slaven@rezic.de>
Release 1.35_51
Ignore reading jpeg thumbnail image with no content, patch
provided by Kosei Moriyama,
https://github.com/eserte/image-info/pull/2)
2013-05-06 Slaven Rezic <slaven@rezic.de>
Release 1.35_50
Fixed pod_cov.t test.
2013-04-10 Slaven Rezic <slaven@rezic.de>
Release 1.35
Stable release with the change in 1.34_50
2013-04-03 Slaven Rezic <slaven@rezic.de>
Release 1.34_50
image_info on Jpeg with bad EXIF data produced "substr outside of
string" exception in Image::TIFF (RT #84122, patch provided by
Steve Purkis)
2.06 - Fri May 31 15:41:48 2013
* Bump to a stable user release. There are no code changes.
2.05_03 - Sun Aug 5 14:50:30 2012
Fix test with now-valid group code (RT 78671)
2.05_01 - Tue Jul 19 07:12:18 2011
* Update the URL for the Worldcat stuff so xisbn works.
* Various distro cleanups.
1.953 2013/7/22
- fixes to IO::Socket::SSL::Utils, thanks to rurban[AT]x-ray[DOT]at,
RT#87052
1.952 2013/7/11
- fix t/acceptSSL-timeout.t on Win32, RT#86862
1.951 2013/7/3
- better document builtin defaults for key,cert,CA and how they are depreceated
- use Net::SSLeay::SSL_CTX_set_default_verify_paths to use openssl's builtin
defaults for CA unless CA path/file was given (or IO::Socket::SSL builtins
used)
1.950 2013/7/3
- MAJOR BEHAVIOR CHANGE:
ssl_verify_mode now defaults to verify_peer for client.
Until now it used verify_none, but loudly complained since 1.79 about it.
It will not complain any longer, but the connection might probably fail.
Please don't simply disable ssl verification, but instead set SSL_ca_file
etc so that verification succeeds!
- MAJOR BEHAVIOR CHANGE:
it will now complain if the builtin defaults of certs/my-ca.pem or ca/
for CA and certs/{server,client}-{key,cert}.pem for cert and key are used,
e.g. no certificates are specified explicitly.
In the future these insecure (relative path!) defaults will be removed
and the CA replaced with the system defaults.
v1.94 2013.06.01
- Makefile.PL reported wrong version of openssl, if Net::SSLeay was not
installed instead of reporting missing dependency to Net::SSLeay.
v1.93 2013.05.31
- need at least OpenSSL version 0.9.8 now, since last 0.9.7 was released 6
years ago. Remove code to work around older releases.
- changed AUTHOR in Makefile.PL from array back to string, because the
array feature is not available in MakeMaker shipped with 5.8.9 (RT#85739)
v1.92 2013.05.30
- Intercept: use sha1-fingerprint of original cert for id into cache unless
otherwise given
- Fix pod error in IO::Socket::SSL::Utils RT#85733
v1.91 2013.05.30
- added IO::Socket::SSL::Utils for easier manipulation of certificates and keys
- moved SSL interception into IO::Socket::SSL::Intercept and simplified it
using IO::Socket::SSL::Utils
- enhance meta information in Makefile.PL
v1.90 2013.05.27
- RT#85290, support more digest, especially SHA-2.
Thanks to ujvari[AT]microsec[DOT]hu
- added support for easy SSL interception (man in the middle) based
on ideas found in mojo-mitm proxy (which was written by Karel Miko)
- make 1.46 the minimal required version for Net::SSLeay, because it
introduced lots of useful functions.
v1.89 2013.05.14
- if IO::Socket::IP is used it should be at least version 0.20, otherwise
we get problems with HTTP::Daemon::SSL and maybe others (RT#81932)
- Spelling corrections, thanks to dsteinbrunner
v1.88 2013.05.02
- consider a value of '' the same as undef for SSL_ca_(path|file), SSL_key*
and SSL_cert* - some apps like Net::LDAP use it that way.
Thanks to alexander[AT]kuehn[AT]nagilum[DOT]de for reporting the problem.
v1.87 2013.04.24
- RT#84829 - complain if given SSL_(key|cert|ca)_(file|path) do not exist or
if they are not readable. Thanks to perl[AT]minty[DOT]org
- fix use of SSL_key|SSL_file objects instead of files, broken with 1.83
1.55 2013-06-08
Added support for TLSV1_1 and TLSV1_2 methods with SSL_CTX_tlsv1_1_new(),
SSL_CTX_tlsv1_2_new(), TLSv1_1_method() and TLSv1_2_method(), where
available in the underlying openssl.
Added CRL support functions X509_CRL_get_ext(), X509_CRL_get_ext_by_NID(),
X509_CRL_get_ext_count(). Patch from Franck Youssef.
Fixed a problem which could cause content with a value of '0' to not be
correctly encoded by do_httpx3 and friends. Reported by Victor Efimov via
RT.
Added support for SSL_get_tlsa_record_byname() required for DANE support in
openssl-1.0.2 and later. SSL_get_tlsa_record_byname() was added to
OpenSSL with the financial assistance of .SE.
Testing with openssl-1.0.2-stable-SNAP-20130521.
Added X509_NAME_new and X509_NAME_hash, patched by Franck Youssef.
**** 0.72 Dec 28, 2012
Fix rt.cpan.org #82148
nxrrset fails to ignore RDATA.
Fix rt.cpan.org #82134
TSIG key and algorithm names not downcased in digest.
Class not forced to ANY.
Fix rt.cpan.org #82063
yxrrset, nxrrset and rr_del functions should force zero TTL.
Fix rt.cpan.org #82047
Clarify documentation to indicate that header counts may
differ from the number of RRs present if a packet is corrupt.
Fix rt.cpan.org #81941
Clarify documentation to make clear that bgread will not switch to
TCP when a truncated packet is received.
**** 0.71 Dec 15, 2012
Temporary workaround rt.cpan.org #81760
The rdatastr method for TXT RRs will return unconditionally
quoted rdata fields to work around an issue with updating
SpamAssassin rules. This workaround will be reverted after
release of a version of SpamAssassin which resolves the issue.
Fix rt.cpan.org #81942
Fix memory leak on packet cleanup. The back-reference via the
header attribute (with xbody) caused the garbage collector not
to clean a packet. Header is now explicitly cleaned via
Net::DNS::Packet::DESTROY.
Fix TSIG initialization
Uninitialised algorithm attribute caused signature generation
to fail silently when creating a TSIG signed packet.
Fix rt.cpan.org #81869
The rr_del auxilliary function broken by a conflicting change
in the RR.pm string parser. Note the ambiguous use of ANY,
which may stand for CLASS255 or TYPE255 depending upon the
argument string presented.
Fix rt.cpan.org #81756
Test failures on Perl 5.8.5 .. 5.8.8.
lc(), uc() and case insensitive regex matching broken for UTF8.
Thanks are due to Paul Howarth for patient work with perl -d.
Fix rt.cpan.org #81787
NXDOMAIN no longer reported by $resolver->errorstring.
Fix rt.cpan.org #81814
Allow zero in format, tag and algorithm fields of CERT RR.
Fix rt.cpan.org #81786
Substitute last owner for leading spaces in multiline zonefile RR.
Fix rt.cpan.org #77444
Make use of new extended header modus operandi for OPT records
also in the resolver. Preventing a warning.
**** 0.70 Dec 6, 2012
Feature added support for NID L32 L64 LP, RFC6742.
