This is an update to address security issues, but contains more changes.
Packaging changes include:
remove lib/privs.c patch (integrated upstream)
opaque LSA no longer an option (always on)
pimd enabled by default upstream and hence in the package
Upstream changes from http://savannah.nongnu.org/news/?group=quagga
Quagga 1.0.20160315 Released
Quagga 1.0.20160309 has been released, and is available at
http://download.savannah.gnu.org/releases/quagga/
This is a bug fix release. It addresses a crash in protocols with a
redistribute statement.
Quagga 1.0.20160309 Released
Quagga 1.0.20160309 has been released, and is available at
http://download.savannah.gnu.org/releases/quagga/
This release addresses Security Vulnerability VU #270232.
Users using VPNv4 to untrusted peers and zebra that have
untrusted clients talking to it are advised to upgrade to
this release. For further details see the CERT Vulnerability note:
https://www.kb.cert.org/vuls/id/270232
Major user-visible changes:
[quagga] - Namespace VRF Support has been added.
[lib] - Add 'show commandtree'
[bgpd] - vpnv4 and vpnv6 handling has been included.
[bgpd] - Add 'set metric (rtt|+rtt|-rtt)' to route map handling.
[bgpd] - Addition of 'show ip bgp dampening' command tree.
[bgpd] - If route-map does not exist default to DENY for redistribute
statements
[bgpd] - Lower default 'timers connect' in BGP to 10 seconds.
[bgpd] - Enable "bgp log-neighbor-changes" by default
[bgpd] - Add support for timer commands with peer-group syntax
[bgpd] - Extend Dump to allow Extended Time Format
[babeld] - Removed from the distribution.
[isisd] - Allow the adjustment of lsp-mtu
[isisd] - Allow the import of routes from other protocols
[ospfd] - Add per interface 'ip ospf area' command
[ospfd] - Lower the default OSPF spf timers to '0 50 5000'
[ripngd] - Add ECMP support
[pimd] - Add multicast static routes.
[pimd] - Add ability to set DR priority for an interface
[pimd] - Add ability to modify hello and hold timers per interface
[vtysh] - Add 'show thread cpu ..' and 'show work-queues'
[vtysh] - Add 'show run <protocol>' command
[vtysh] - Fix history handling
Changelog:
Release 2.1.1 Februrary 10th 2016
UI improvements for HiDPI screens, error messages, RTL languages
Fix occurences of "Connection Closed" when a new unauthenticated TCP socket is used
Fix undeliberate WiFi scanning done by Qt Network classes
Several fixes/improvements to the sharing dialog
Several fixes/improvements to the server activity tab
Create the directory when using --confdir and it does not exist
Windows Overlay icons: Fix DLL and icon oddities
Mac Overlay icons: Don't install legacy Finder plugin on >= 10.10
Linux Overlay icons: Nemo plugin
Overlay icons: Fix several wrong icon state computations
Allow changeable upload chunk size in owncloud.cfg
Crash fixes on account deletion
Forget password on explicit sign-out
OS X: Fix the file system watcher ignoring unicode paths (#4424)
Windows Installer: Update to NSIS 2.50, fixes possible DLL injection
Sync Engine: .lnk files
Sync Engine: symlinked syn directories
Sync Engine: Windows: Fix deleting and replacing of read-only files (#4308, #4277)
Sync Engine: Fixes for files becoming directories and vice versa (#4302)
Misc other fixes/improvements
* Use RegEx literal instead of String literal
* Use regex literals instead of string literals for char class ranges that might get minized and decomposed
* added FULLWIDTH TILDE U+FF5E as a valid hashtag special character
* added WAVE DASH U+301C as a valid hashtag special character
* Ignore Emojified # or keycap # when scanning for hashtags
* Support Cyrillic characters in URLs path section
* Version in bower file is deprecated, rely solely on git tag
* also add a bower badge and removed old repo list
* Update bower.json
* update tlds and forward exit code from rake tests
* add desc, license and fix source_files for podfile
ipaddress 0.8.2
CHANGED merged bundler branch to cleanup gemspec and Rakefiles
FIXED IPAddress::IPv4.split handling (Issue #40)
NEW Added #[]= method to IPv4/6 classes to add octet writing support. (Issue #24)
NEW IPV4#multicast?
NEW IPV4#loopback?
NEW IPV4#to()
1.3.5b - Released 10-Mar-2016
--------------------------------
- Bug 4187 - mod_geoip does not load all of the GeoIPTables properly.
- Bug 4191 - "Incorrect string value" reported by mod_sql_mysql for some UTF8
characters.
- Bug 4097 - SSH rekey fails when using RSA hostkey smaller than 2048 bits.
- Bug 4198 - MLSD/MLST fact type "cdir" is incorrectly used for the current
working directory.
- Bug 4201 - HiddenStores temporary files not removed when exceeding quota
using SCP.
- Bug 4202 - MLSD lines not properly terminated with CRLF.
- Bug 4209 - Zero-length memory allocation possible, with undefined results.
- Bug 4210 - Avoid unbounded SFTP extended attribute key/values.
- Bug 4212 - Ensure that FTP data transfer commands fail appropriately when
"RootRevoke on" is in effect.
- Bug 4217 - Handle FTP re-authentication attempts better.
- Bug 4223 - Permissions on files uploaded via STOU do not honor configured
Umask.
- Bug 4227 - Support SFTP clients that send multiple INIT requests.
- Bug 4230 - TLSDHParamFile directive appears ignored because unexpected DH is
chosen.
2016/03/14 : 1.6.4
- BUG/MINOR: http: fix several off-by-one errors in the url_param
parser
- BUG/MINOR: http: Be sure to process all the data received from a
server
- BUG/MINOR: chunk: make chunk_dup() always check and set
dst->size
- MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero
- MINOR: chunks: add chunk_strcat() and chunk_newstr()
- MINOR: chunk: make chunk_initstr() take a const string
- MINOR: lru: new function to delete <nb> least recently used keys
- DOC: add Ben Shillito as the maintainer of 51d
- BUG/MINOR: 51d: Ensures a unique domain for each configuration
- BUG/MINOR: 51d: Aligns Pattern cache implementation with HAProxy
best practices.
- BUG/MINOR: 51d: Releases workset back to pool.
- BUG/MINOR: 51d: Aligned const pointers to changes in 51Degrees.
- CLEANUP: 51d: Aligned if statements with HAProxy best practices
and removed casts from malloc.
- DOC: fix a few spelling mistakes
- DOC: fix "workaround" spelling
- BUG/MINOR: examples: Fixing haproxy.spec to remove references to
.cfg files
- MINOR: fix the return type for dns_response_get_query_id()
function
- MINOR: server state: missing LF (\n) on error message printed
when parsing server state file
- BUG/MEDIUM: dns: no DNS resolution happens if no ports provided
to the nameserver
- BUG/MAJOR: servers state: server port is erased when dns
resolution is enabled on a server
- BUG/MEDIUM: servers state: server port is used uninitialized
- BUG/MEDIUM: config: Adding validation to stick-table expire
value.
- BUG/MEDIUM: sample: http_date() doesn't provide the right day of
the week
- BUG/MEDIUM: channel: fix miscalculation of available buffer
space.
- MEDIUM: pools: add a new flag to avoid rounding pool size up
- BUG/MEDIUM: buffers: do not round up buffer size during
allocation
- BUG/MINOR: stream: don't force retries if the server is DOWN
- BUG/MINOR: counters: make the sc-inc-gpc0 and sc-set-gpt0 touch
the table
- MINOR: unix: don't mention free ports on EAGAIN
- BUG/CLEANUP: CLI: report the proper field states in "show sess"
- MINOR: stats: send content-length with the redirect to allow
keep-alive
- BUG: stream_interface: Reuse connection even if the output
channel is empty
- DOC: remove old tunnel mode assumptions
- BUG/MAJOR: http-reuse: fix risk of orphaned connections
- BUG/MEDIUM: http-reuse: do not share private connections across
backends
- BUG/MINOR: ssl: Be sure to use unique serial for regenerated
certificates
- BUG/MINOR: stats: fix missing comma in stats on agent drain
- BUG/MINOR: lua: unsafe initialization
- DOC: lua: fix somme errors
- DOC: add server name at rate-limit sessions example
- BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation
- BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation
- DOC: LUA: fix some typos and syntax errors
- MINOR: cfgparse: warn for incorrect 'timeout retry' keyword
spelling in resolvers
- MINOR: mailers: increase default timeout to 10 seconds
- MINOR: mailers: use <CRLF> for all line endings
- BUG/MAJOR: lua: applets can't sleep.
- BUG/MINOR: server: some prototypes are renamed
- BUG/MINOR: lua: Useless copy
- BUG/MEDIUM: stats: stats bind-process doesn't propagate the
process mask correctly
- BUG/MINOR: server: fix the format of the warning on address
change
- BUG/MEDIUM: chunks: always reject negative-length chunks
- BUG/MINOR: systemd: ensure we don't miss signals
- BUG/MINOR: systemd: report the correct signal in debug message
output
- BUG/MINOR: systemd: propagate the correct signal to haproxy
- MINOR: systemd: ensure a reload doesn't mask a stop
- BUG/MEDIUM: cfgparse: wrong argument offset after parsing server
"sni" keyword
- CLEANUP: stats: Avoid computation with uninitialized bits.
- CLEANUP: pattern: Ignore unknown samples in pat_match_ip().
- CLEANUP: map: Avoid memory leak in out-of-memory condition.
- BUG/MINOR: tcpcheck: fix incorrect list usage resulting in
failure to load certain configs
- BUG/MAJOR: samples: check smp->strm before using it
- MINOR: sample: add a new helper to initialize the owner of a
sample
- MINOR: sample: always set a new sample's owner before evaluating
it
- BUG/MAJOR: vars: always retrieve the stream and session from the
sample
- CLEANUP: payload: remove useless and confusing nullity checks
for channel buffer
- BUG/MINOR: ssl: fix usage of the various sample fetch functions
- MINOR: cfgparse: warn when uid parameter is not a number
- MINOR: cfgparse: warn when gid parameter is not a number
- BUG/MINOR: standard: Avoid free of non-allocated pointer
- BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition
- CLEANUP: http: fix a build warning introduced by a recent fix
- BUG/MINOR: log: GMT offset not updated when entering/leaving DST
0.3.5
#466: Fixed a small issue that can effect new installions. Existing working installations do not need to upgrade.
0.3.4
Last build was broken, contained data in the Specific/ directory. This affected new installs but not upgrades.
0.3.3
#457: The realm was not correctly set from configuration for Digest auth.
Reduced memory usage in upgrade script. Should help with upgrading large databases.
Removed BAIKAL_PATH_SABREDAV setting. It was no longer used.
build machine's hostname and then trying (often incorrectly) to
convert it to a FQDN. I was getting "Host" as the alleged FQDN; the
bulk build tnn@ just posted was getting ";;", which caused the package
to not even compile.
While 'localhost' is hardly an ideal hardwired loghost, it's better
than the possibly-internal-only name of some random package build host
used to build binary packages... even assuming the FQDN extraction
worked. If anyone has any better ideas, let me know. (See pkgsrc-users.)
PKGREVISION -> 12.
================
FEATURES:
- #732: tcp-mss, outgoing-tcp-mss options for nsd.conf.
- #739: zonefile changes when mtime is small are detected on reload,
if filesystem supports precision mtime values.
- RR type CSYNC (RFC7477) syntax is supported.
BUG FIXES:
- take advantage of arc4random_uniform if available.
- Fix flto check for OSX clang.
- Define _DEFAULT_SOURCE with _BSD_SOURCE for glibc 2.20 on Linux.
- Fix#736: segfault during zone transfer.
- Fix#744: Fix that NSD replies for configured but unloaded zone
with SERVFAIL, not REFUSED.
--- 9.9.8-P4 released ---
4319. [security] Fix resolver assertion failure due to improper
DNAME handling when parsing fetch reply messages.
(CVE-2016-1286) [RT #41753]
4318. [security] Malformed control messages can trigger assertions
in named and rndc. (CVE-2016-1285) [RT #41666]
--- 9.10.3-P4 released ---
4322. [security] Duplicate EDNS COOKIE options in a response could
trigger an assertion failure. (CVE-2016-2088)
[RT #41809]
4319. [security] Fix resolver assertion failure due to improper
DNAME handling when parsing fetch reply messages.
(CVE-2016-1286) [RT #41753]
4318. [security] Malformed control messages can trigger assertions
in named and rndc. (CVE-2016-1285) [RT #41666]
**** 1.05 March 7, 2016
Fix rt.cpan.org #111559
1.04: TSIG not working anymore (TSIG.pm)
Fix rt.cpan.org #108908
Installing recent version gets shadowed by old version.
Warnings added to Makefile.PL and t/00-version.t.
Fix rt.cpan.org #66900
Net::DNS::Async unable to retry truncated UDP using TCP because
of limitations in Net::DNS.
=============
Features:
---------
- ip-transparent option for FreeBSD with IP_BINDANY socket option.
- insecure-lan-zones: yesno config option.
- RR Type CSYNC support RFC 7477, in debug printout and config input.
- RR Type OPENPGPKEY support (draft-ietf-dane-openpgpkey-07).
- [bugzilla: 731 ] tcp-mss, outgoing-tcp-mss options for unbound.conf
- Support RFC7686: handle ".onion" Special-Use Domain. It is blocked
by default, and can be unblocked with "nodefault" localzone config.
- ub_ctx_set_stub() function for libunbound to config stub zones.
Bug Fixes:
----------
- Fix that NSEC3 negative cache is used when there is no salt.
- sorted ubsyms.def file with exported libunbound functions.
- Print understandable debug log when unusable DS record is seen.
- load gost algorithm if digest is seen before key algorithm.
- Fix that "make install" fails due to "text file busy" error.
- Set IPPROTO_IP6 for ipv6 sockets otherwise invalid argument error.
- wait for sendto to drain socket buffers when they are full.
- Neater cmdline_verbose increment patch from Edgar Pettijohn.
- Made NetBSD sendmsg test nonfatal, in case of false positives.
- [bugzilla: 741 ] Fix: log message for dnstap socket connection is
more clear.
- [bugzilla: 734 ] Fix: chown the pidfile if it resides inside the
chroot.
- Fix cmsg alignment for argument to sendmsg on NetBSD.
- Fix that unbound complains about unimplemented IP_PKTINFO for
sendmsg on NetBSD (for interface-automatic).
- [bugzilla: 738 ] Fix: Swig should not be invoked with CPPFLAGS.
- Squelch 'cannot assign requested address' log messages unless
verbosity is high, it was spammed after network down.
- Fix to simplify empty string checking.
- [bugzilla: 734 ] Fix: Do not log an error when the PID file cannot
be chown'ed.
- Fix test if -pthreads unused to use better grep for portability.
- Fix mingw crosscompile for recent mingw.
- Update aclocal, autoconf output with new versions (1.15, 2.4.6).
- Define DEFAULT_SOURCE together with BSD_SOURCE when that is defined,
for Linux glibc 2.20.
- Fixup contrib/aaaa-filter-iterator.patch for moved contents in the
source code, so it applies cleanly again. Removed unused variable
warnings.
- [bugzilla: 729 ] Fix: omit use of escape sequences in echo since
they are not portable (unbound-control-setup).
- remove NULL-checks before free, patch from Michael McConville.
- updated ax_pthread.m4 to version 21 with clang support, this removes
a warning from compilation.
- OSX portability, detect if sbrk is deprecated.
- OSX clang, stop -pthread unused during link stage warnings.
- OSX clang new flto check.
- iana portlist update.
* Provide more metadata
* Add support for alternative layout
* add support pages of type embed
* add support for pages of type tag
* Fix resolution with missing height in output template dict
* fix video_id for --download-archive
* Fix config URL extraction
* support ap.vgtv.no and fix old videos extraction
Changelog:
v3.1 Sat Sep 11 12:03:58 PDT 2010
- Don't complain about missing dots for ip6.arpa ptr's
- Update default location of named.conf
- Fix Makefile.in to honor the CFLAGS environment variable when
configure is run
v3.0 Fri Mar 5 20:13:17 PST 2010
- Add IPv6 support.
v2.2 Fri Mar 13 22:29:52 PDT 2009
- Convert source tree to subversion
