* Support DLV records.
* New option 'tcp-query-count:', to limit the maximum number of DNS
queries on a single tcp connection.
* New option 'tcp-timeout:', to override the default tcp timeout.
The option can also be set at build time, --with-tcp-timeout.
* New option 'notify-retry:', to configure how many times NSD should
retry a NOTIFY message.
* New options 'ipv4-edns-size:' and 'ipv6-edns-size:', to set your
preferred EDNS buffer size.
* Ignore SIGHUP to child processes.
* UDP/IPv4 sockets have new options set that will disable the DF
flag in IP packets.
Based on PR#42711 by Fredrik Pettai.
Pkgsrc changes:
Honor VARBASE.
* Version 1.0.27:
- IPv6 connections are accepted again (regression from version 1.0.26)
- SSLv3 renegociation has been disabled
- .pureftpd-upload-* files can be deleted by users with no quota.
- The server can be forced to shut down on iPhone.
* Version 1.0.26:
- Fix incompatibilities with Cyberduck and dramatically speed up directory
listings and transfers when TLS is enabled with some other clients like LFTP.
- Allow authentication of non-chrooted users again. It was a regression
from version 1.0.25. Spotted by Juergen Daubert.
* Version 1.0.25:
- The FTP server can now be built as a library for iPhone and iPod Touch.
- Display symbolic links in the MSLD command as symbolic links, unless the
broken clients mode is enabled, just like STAT/LIST/NLST.
- Enhanced compatibility with gcc 2.x and with custom installation paths.
- Fix packaging issues, especially when the server isn't installed in the
default paths
- Downloads now require less CPU and less memory.
- Fix an infinite loop that could lead to a client process burning a CPU
core if the client didn't disconnect properly. Reported by Thomas Min and
Margus Kaidja.
- Handle fake download resumes the traditional way for the sake of being
compatible with weird clients that insist on doing that.
- The group name is now always displayed instead of the gid when it matches the
primary user group.
* Version 1.0.24:
- When using LDAP in BIND mode, empty passwords are refused. Reported by
Henning Brauer.
* Version 1.0.23:
- The LDAP schema has been fixed.
- LDAP authentication through binding is now possible in addition to
passwords. This allows for the FTP server to run with an unprivileged LDAP
account.
- In LDAP objects, the "enabled" value is accepted again as a FTPStatus
property.
- Privilege separation is now enabled by default.
- The server should now properly compile on Solaris with privsep.
- Charset conversions are properly made on directory names.
- Transfers now handle every kind of disconnection.
- More informative log messages for errors and activity reporting.
- Virtual quotas are way more reliable and uploads are interrupted as soon as
quotas are exceeded.
- Atomic uploads are only used when necessary and only if --notruncate is
enabled.
- Dangling .pureftpd-upload files should be a thing of past.
- Enhanced conformance with RFCs and better compatibility with FTP clients.
- Improved SSL performance, compatibility and commands support.
- By default, up to 10000 files per directory can be listed instead of 2000.
- ALLO can now tell clients whether an upload would blow quotas before the
upload actually starts.
- PAM is now enabled by default on OSX.
- Switch euid to the _pure-ftpd account (unless it's nonexistent) in the
privsep process.
- --without-banner is not necessary any more. Having a cookie file
(--fortunefile=...) automatically disables the default banner, thus allowing
full customization of the welcome banner.
- ./configure --localstatedir is now honored in order to change the
run-time directory.
- Support for building a FTPS (implicit SSL/TLS) server, using
--with-implicittls
* Version 1.0.22:
- the LDAP authentication backend now supports TLS encryption.
- TLS encryption is supported on data channels.
- downloads require way less CPU time on platforms with slow mmap() calls.
- MySQL 5+ stored procedures can now be used in the authentication process.
- time zones issues should be fixed for good.
- on-demand directories can now be created with any set of permissions.
- password scrambling of MySQL 5+ is now supported.
- a catalan translation has been contributed.
- spurious disconnections due to some clients keepalive tricks have
been fixed.
- custom authentication handlers are now informed about the encryption
status of the session.
- standard-conformance and compatibility with several clients have improved.
- large files are now supported by default.
- enhanced support for Solaris.
- a bunch of bug fixes, optimizations and compatibility with newer
libraries and operating system versions.
- "ftp" and "anonymous" user names can have passwords if the -E switch (no
anonymous logins) is specified.
- in compatibility mode, non-dangling symbolic links are now displayed as
if they were regular files/directories.
- --with-everything now includes privsep.
--- 4.0.1 2010/01/26
New glob file pattern utility. Like POSIX glob. For Windows too. Refer to
yaz/file_glob.h.
New simple local-file XML include facility which allows file glob-patterns.
Refer to yaz/xml_include.h.
Utility yaz-json-parse which parses JSON and demonstrates the JSON parser
API.
ZOOM_record_get supports new parameter "format" which makes it format XML
record content.
Fix JSON parser WRT start symbol. The start grammar symbol (referred to as
JSONText in ECMA-262) is JSONValue, not JSONObject.
--- 4.0.0 2010/01/20
Windows binaries for YAZ now compiled with Visual Studio 2008 (VC9).
Older versions of YAZ was compiled with Visual Studio 6.0 (1998).
Update so/DLL to version 4. Windows version builds YAZ4.DLL.
POSIX/Unix builds .so with major version 4.
Remove old LOG_-defines from log.h. They have been obsolete and
undefined by default for the last 5 years.
Odr_int is now of type 'long long'. Used to be 'int' in YAZ 3 series.
GFS: Remove socket (int *fd) from search_rr handler. The socket
descriptor ptr is a facility that allowed a search handler to supply
a socket which would serve as a callback - when search was complete.
This facility has now been in use for years.
COMSTACK API changes: cs_stackerr, cs_addrstr. COMSTACK method cs_stackerr
removed. It is not implemented by tcpip or unix COMSTACK, perhaps for ISO
SR which was removed 7 years ago. COMSTACK macro / method cs_addrstr now
returns 'const char *' rather than 'char *. The returned string is
read-only and should not be modified by applications. COMSTACK cs_close is
now a void function - it no longer returns int. No applications check for
the value and the implementations has always returned 0.
ZOOM: use size_t for scan hit counts and str size. Functions
ZOOM_scanset_term and ZOOM_scanset_display_term have changed, so that
occ (hit count) and len (string length) are now of type size_t pointer
rather than int pointer. This is to be able to represent large hit counts
and to also just to use the proper type for string length (strlen result).
New JSON parser. Refer to include/yaz/json.h .
WRBUF API changes.. For size parameters for WRBUF size_t is now used ..
Used to be int in some cases. Many wrbuf_-functions used to return an int
indicating some length.. These return values were never used. And so they
are now void.
ODR: odr_malloc, odr_total now takes size_t for size.
clone_z_type: fix leak; occurred for encoding failures.
pkgsrc changes:
- Adjusting dependencies
Upstream changes:
3.11003 2009-01-29
- Renamed "retweeted_of_me" REST API call to the correct "retweets_of_me" (Dan Moore @mgrdcm)
- Back the Moose requirement down to 0.09 (earliest version with native traits)
3.11002 2009-01-28
- Use Moose 0.94 with native traits (resolves CPAN testers failing reports)
3.11001 2009-01-28
- Honor synthetic args (authenticate and since) for Lists API calls
3.11000 2009-01-27
- Lists API overhaul; bug fixes, added parameters, documentation
- Create meaninful names for anonymous classes; better error context
- Added "Paging and Cursors" documentation section
3.10003 2009-12-15
- Oops! Fixed bug in new test in t/10_net-twitter-regression.t (oh, the irony!)
3.10002 2009-12-15
- Added netrc_machine option to new with default 'api.twitter.com'
- Fixed: netrc failed without trait API::REST
- Fixed: retweeted_{to,of}_me API URLs (RT#52784)
3.10001 2009-11-26
- Fixed: new t/51_rate_limit.t needs to skip tests unless LWP >= 5.819
3.10000 2009-11-24
- Fixed: ssl not applied when both Lists and REST api used
- Added Role::RateLimit
- Added trends_available and trends_location methods to the REST API
- Documented the lat and long parameters to update
(refer to RFC3720 about iSCSI) for FreeBSD 7.1 or later.
It includes iSCSI protocol processor and SPC-3 (SCSI Primary
Commands - 3) based logical unit emulation.
Version 20100125
Based on PR#42669 by Wen Heping (and take maintainership).
Version 0.70 (2009-10-29)
* New "major" version because it may break compatibility
* Fix __cmp__(): IP('0.0.0.0/0') and IP('0.0.0.0') are not equal
* Fix IP.net() of the network "::/0": "::" instead of "0.0.0.0".
IPy 0.63 should fix this bug, but it wasn't.
Version 0.64 (2009-08-19)
* Create MANIFEST.in to fix setup.py bdist_rpm, fix by Robert Nickel
Version 0.63 (2009-06-23)
* Fix formatting of "IPv4 in IPv6" network, eg. IP('::ffff:192.168.10.0/120'),
the netmask ("/120" in the example) was missing!
Version 0.62 (2008-07-15)
* Fix reverse DNS of IPv6 address: use ".ip6.arpa." suffix instead of
deprecated ".ip6.int." suffix
Version 0.61 (2008-06-12)
* Patch from Aras Vaichas allowing the [-1] operator
to work with an IP object of size 1.
Version 0.60 (2008-05-16)
* strCompressed() formats '::ffff:a.b.c.d' correctly
* Use strCompressed() instead of strFullsize() to format IP addresses,
ouput is smarter with IPv6 address
* Remove check_addr_prefixlen because it generates invalid IP address
2008-02-05
* Release IPy 0.56
* Fix IPv6 parser for unit tests: reject
'1111::2222:3333:4444:5555:6666:7777:8888' address since '::' is
useless
2007-08-16
* Release IPy 0.55
* Rewrite IPv6 parser to allow address "1:2:3:4:5:6::"
2007-06-22
* Release IPy 0.54
* make_net() match from James Teh: transform an IP address into a network
address by applying the given netmask
2007-02-28
* Release IPy 0.53
* Reject '0.0.0.0-0.0.0.4' if check_addr_prefixlen is enable
* Fix many english spelling mistakes
2006-11-06
* Release IPy 0.52
* Fix strCompressed() for IPv6 "ffff:ffff:ffff:ffff:ffff:f:f:fffc/127"
2006-11-02
* Release IPy 0.51
* Write real name of IPy author (Maximillian Dornseif)
* Use version "0.51" to help packaging since 0.5 was smaller than 0.42
* Fix unit test for Python 2.3 (don't use doctest.testfile) and 2.5
(problem of hex() lower case)
* "make test" also check IPy documentation
* IPy now works on Python 2.2 to 2.5
2006-10-26
* Release IPy 0.5
* Apply Jean Gillaux patch for netmask "/0.0.0.0" bug
* Apply William McVey patch for __nonzero__() bug
* Apply Victor Stinner patch: setup.py can use setuptools and fix URLs
* Allow "172.30.1.0/22" with new option IPy.check_addr_prefixlen=False
* Add regression tests
* Create AUTHORS file
2004-08-22
* IPy 0.42 works on Python 2.3 without warnings
2002-01-16
* IPy 0.41 has Python < 2.2 compatible unit tests and a README file
* arc4random from OpenBSD imported for better randomness on Linux
* -h, --xidhwaddr uses the last 4 bytes of the hardware address as
the DHCP xid
* no longer warn about InfiniBand being an unsupported family
* infinite lease times are valid when reading old leases
* discard address correctly if lease is invalid
The locale files are now always installed and not only if a Python
interpreter named "python" is available for whatever reasons.
This fixes PR pkg/42691 by Olaf 'Rhialto' Seibert.
Changes from 3.1.7 include:
* Fixed CVE-2009-4009 and CVE-2009-4010
* Improved error messages when parsing zones
* Resilience against whitespace in configuration
* Performance increase
Changes from dnsmasq-2.51 include
* More conservative in detecing "A for A" queries
* Increased default number of leases to 1000
* Added support for RFC3925 "Vendor-Identifying Vendor Options"
* Default DNS packet size now 4096 as recommended by RFC5625
* Security fixes for fts in the internal ls.
Received from OpenBSD via US-CERT as VU #590371.
* Portability improvements.
* Add support for Tru64 Security Integration Architecture (SIA) authentication.
* Fix shadow password expiry check for users with large sp_max values.
* A number of bugs in KIO have been squashed, making updating of shown
directories work again and solving some other stability issues
* A crash when creating an avatar from the webcam in Kopete has been fixed
* kded taking 100% CPU time in certain situations has been cured
Based on PR#42657 by Wen Heping.
1.2.4 2008-12-16
* Add charset and set_charset methods , as well as
the new attributes GeoIP.GEOIP_CHARSET_ISO_8859_1 and
GeoIP.GEOIP_CHARSET_UTF8 ( Boris Zentner )
* Add test_city_charset.py script showing howto use
charset and set_charset ( Boris Zentner )
* Add last_netmask ( Boris Zentner )
* Fix compile warnings ( Boris Zentner )
* fix small memoryleak in database_info, org_by_name and org_by_addr ( Boris Zentner )
* fix version number in setup.py ( Boris Zentner )
* remove dma_code from test_city.py example ( Boris Zentner )
1.2.3 2008-09-11
* update test.py - replace www.government.de with www.bundestag.de.
Add range_by_ip example. ( Boris Zentner )
* Add range_by_ip - returns largest start and stop ip for any ip.
Remember to use a IP not a name ( Boris Zentner )
* Add metro_code as a alias for the depreciated dma_code ( Boris Zentner )
1.2.2 2008-08-13
* Update test_city.py and test_region.py ( Boris Zentner )
* Add region_name to GeoIPRegion ( Boris Zentner )
* Add database_info and database_edition attributes to GeoIP object
(James Henstridge)
* Add region_name and time_zone keys to GeoIPRecord wrapper (James
Henstridge).
* Export the country list, country code -> country name mapping, and
country->continent mapping ( Ignacio Vazquez-Abrams )
* Raise country code counter from 251 to 253 ( Boris Zentner )
!! record_by_addr and record_by_name return None instead of throwing a
exception. See test_city.py ( Boris Zentner )
* Add a py_geoip.error Exception object. (Boris Zentner)
* Export the country list, country code -> country name mapping, and country->continent
mapping ( Ignacio Vazquez-Abrams )
* Changed license to LGPL from GPL
Revamp FTP connection cache. Move it to the common layer to be later
shared with HTTP (for persistent connection). The application controls
how much caching is desired. Drop the reference counting on connections.
Add a callback when the cached connection is dropped due to LRU.
Over all, this allows more than one session cached per host and sessions
cached to different servers.
BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3. It addresses a
potential cache poisoning vulnerability, in which data in the additional
section of a response could be cached without proper DNSSEC validation.
Changes since 9.4.3-P3:
2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
BIND 9.4.3-P5 is a SECURITY PATCH for BIND 9.4.3. It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.
CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341
Changes since 9.4.3-P4:
2831. [security] Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
answer; it must be re-fetched from its original
source and validated in that context. [RT #20819]
2828. [security] Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]
2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
