--- 4.1.2 2010/11/02
Move yaz-config man pages to section 1.
More documentation about SOLR.
tcp comstack: change behavior for @-specs (anyaddr). @ listens on
AF_INET (IPV4) peers, and @6 listens to AF_INET6 (ipv6) peers.
Previously @ listened on AF_INET6 which accepted both IPV4 and IPV6
peers on some Linux systems. However, in general that does not work
so YAZ can not rely on that to work. Debian changed behavior in this
respect from Debian lenny to Debian squeeze (still testing as of Oct
2010). Refer to:
http://www.mail-archive.com/debian-devel@lists.debian.org/msg277726.html
zoomsh: remove "debugging" output. Was added by mistake in 4.1.0.
- The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
- Nephi Johnson of BreakingPoint discovered that the LDSS
dissector could overflow a buffer. (Bug 5318)
Versions affected: 1.2.0 to 1.2.12 and 1.4.0 to 1.4.1.
- The ZigBee ZCL dissector could go into an infinite loop. (Bug 5303)
Versions affected: 1.4.0 to 1.4.1.
- The following bugs have been fixed:
- File-Open Display Filter is overwritten by Save-As Filename. (Bug 3894)
- Wireshark crashes with "Gtk-ERROR **: Byte index 6 is off the
end of the line" if click on last PDU. (Bug 5285)
- GTK-ERROR can occur in packets when there are multiple
Netbios/SMB headers in a single frame. (Bug 5289)
- "Tshark -G values" crashes on Windows. (Bug 5296)
- PROFINET I&M0FilterData packet not fully decoded. (Bug 5299)
- PROFINET MRP linkup/linkdown decoding incorrect. (Bug 5300)
- [lua] Dumper:close() will cause a segfault due later GC of the
Dumper. (Bug 5320)
- Network Instruments' trace files sometimes cannot be read with
an error message of "Observer: bad record: Invalid magic
number". (Bug 5330)
- IO Graph Time of Day times incorrect for filtered data. (Bug
5340)
- Wireshark tools do not detect and read some ERF files
correctly. (Bug 5344)
- "editcap -h" sends some lines to stderr and others to stdout.
(Bug 5353)
- IP Timestamp Option: "flag=3" variant (prespecified) not
displayed correctly. (Bug 5357)
- AgentX PDU Header 'hex field highlighting' incorrectly spans
extra bytes. (Bug 5364)
- AgentX dissector cannot handle null OID in Open-PDU. (Bug
5368)
- Crash with "Gtk-ERROR **: Byte index 6 is off the end of the
line". (Bug 5374)
- ANCP Portmanagment TLV wrong decoded. (Bug 5388)
- Crash during startup because of Python SyntaxError in
wspy_libws.py. (Bug 5389)
- Updated Protocol Support
AgentX, ANCP, DIAMETER, HTTP, IP, LDSS, MIME, NBNS, PROFINET, SIP,
TCP, Telnet, ZigBee
- New and Updated Capture File Support
Endace ERF, Network Instruments Observer.
* EXPERIMENTAL ecdsa implementation, please do not enable on real
servers.
* GOST code enabled by default (RFC 5933).
* bugfix #326: ignore whitespace between directives and their values.
* Header comment to advertise ldns_axfr_complete to check for
successfully completed zone transfers.
* read resolv.conf skips interface labels, e.g. %eth0.
* Fix drill verify NSEC3 denials.
* Use closesocket() on windows.
* Add ldns_get_signing_algorithm_by_name that understand aliases,
names changed to RFC names and aliases for compatibility added.
* bugfix: don't print final dot if the domain is relative.
* bugfix: resolver search continue when packet rcode != NOERROR.
* bugfix: resolver push all domains in search directive to list.
* bugfix: resolver search by default includes the root domain.
* bugfix: tcp read could fail on single octet recv.
* bugfix: read of RR in unknown syntax with missing fields.
* added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next()
to sign and verify TSIG RRs on subsequent messages
(section 4.4, RFC 2845).
* bugfix: signer sigs nsecs with zsks only.
* bugfix #333: fix ldns_dname_absolute for name ending with backslash.
* Fixes for CERT and TSIG, DNAME and RRSet.
* Fixes for RP records.
* Some handling of priming responses with no additional section.
* Validation disabled for the DNS class
Previous patch for NetBSD wasn't really for netbsd4 but 4.99.58 and later.
So, I changed "#ifdef netbsd4" to "#ifdef NETBSD_STATS_VIA_SYSCTL" and
clean up patches. Should be fix PR pkg/43288.
It is fix of build problem only, so no PKG_REVISION bump.
changes:
-bugfixes
-Usernames/passwords specified explicitly in request URIs now
override existing cached auth info
-Added another workaround for stupid servers that close the
connection before returning the full response
-Added regression tests
Removed all occurrences of the "locked" attribute that was
deprecated in Perl 5.12.0.
I didn't upgrade the package to 6.0.1 because it causes incompatibilities
with net/mrtg
PKGREVISON++
Changes since 2.0.7
- Remove .postlogin.c.swp (thanks Kaibin Li <kbli@fortinet.com>)!
- findlibs repairs for libcap; builds on my Ubuntu 6.06 again.
- Apply patch to fix "error: assignment of read-only member '__in'" build
error on broken systems where the WIFEXITED() etc. macros write to their
argument. Thanks Ingo Terpelle <it@exanto.de>.
- Replace spaces in xferlog with underscores, report from
Michael Wittauer <michael.wittauer@sonydadc.com>.
- Reload default config values before re-parsing config file on SIGHUP. This
makes the values correct in the case a setting was removed from the file.
- Do not issue an FTP response for a blank line on the control channel. Fixes
issues with some broken NAT devices. ProFTPd does the same, so hopefully
nothing will break. Report from Frank Bulk <fbulk@mypremieronline.com>.
- Replace usage of broken _syscall() with syscall(). Fixes build errors for
those without libcap-devel installed.
- Add implicit SSL support with implicit_ssl option.
- Remove arbitrary restriction on one process model + SSL.
- Set a session ID on the SSL context.
- Add the skeleton of a built-in ptrace sandbox. Not yet useful for anything
other than catching compile errors. Yes, I'm crazy :P
- Use PR_SET_PDEATHSIG all over the place so that when the listener is killed,
existing sessions are booted too.
- Use SSL_peek; makes SSL pipelining work. Note that I never found any SSL
client that need it, but still a nice code clean-up.
- Change ASCII download behaviour so \r\n does not become \r\r\n. This mirrors
proftpd behaviour instead of wu-ftpd. Thanks Paul Abel <pabel@fexcodcc.com>.
- Switch all sighandlers to the synchronous ones. Prevents us having to
block and unblock signals all the time.
- Add a "use alarm" option to synchronous signal handlers, to ensure the race
condition against a blocking call does not result in a permanent
non-delivery.
- Use SIGTERM for privileged parent process shutdown, so they can still update
u/wtmp properly.
- Do RAND_load_file from /dev/urandom in the child context because I don't
trust the OpenSSL API vs. fork(). Different children do have different RNG
state; this is defense in depth.
- More thoroughly close the remote ends of the priv_sock, ensuring that child
death results in no blocking in the parent. This is a matter of tidyness; the
SIGCHLD handler will reliably tear down the parent.
- Do the same for the SSL slave / consumer channels.
- Fix OpenBSD build.
- Move SSL data handling into the SSL slave process. Incurs some extra
overhead in terms of context switches and copies, but it enables this next
item:
- By default, require SSL data connections to exhibit SSL session re-use of
the control channel. Unlike the cert thing, this _is_ something we can turn
on by default as most clients seem to do reuse. Yay.
- Change 522 response for SSL connection fail to note when session reuse is
required.
(v2.1.0pre1 here)
- More work on the inbuilt ptrace()-sandbox support.
- Clear the idle alarm when starting data transfer if there is no data alarm.
- Fix syslog format; don't embed 2nd copy of date, pid. Thanks to
Ren
- Lock file before truncating it for upload. Fixes various simultaneous
upload corruption issues.
- Make sure to give 426 error code on uploads if ABOR was received.
- Add cmds_denied option to complement cmds_allowed.
- Ignore lines in config file containing only white space.
- Require write_enable / anon_upload_enable / etc. to process STOU.
- FC10 patch (vsftpd-1.0.1-missingok.patch): tweak to logrotate file.
- FC10 patch (vsftpd-1.2.1-nonrootconf.patch): bail if the config file is not
owned by the currently running user.
- FC10 patch (vsftpd-2.0.1-tcp_wrappers.patch): explicitly call openlog() to
avoid syslog() bug where some settings are not initialized.
- FC10 patch (vsftpd-2.0.3-daemonize_fds.patch): when backgrounding, replace
fd 0,1,2 with /dev/null fd.
- FC10 patch (vsftpd-2.0.5-correct_comments.patch): comment tweaks in the
sample config file.
- FC10 patch (vsftpd-2.0.5-fix_unique.patch): use the default filename given
by STOU if it is available.
- FC10 patch (vsftpd-2.0.5-pam_end.patch): call pam_end() properly so modules
can act on errors if they want.
- FC10 patch (vsftpd-2.0.5-pasv_dot.patch): Strict RFC compliance for PASV
command; add a trailing period.
- FC10 patch (vsftpd-2.0.5-uname_size.patch): allow longer usernames. It's not
1990 any more, so trust PAM etc. to not stack-buffer-overflow.
- FC10 patch (vsftpd-2.0.5-underscore_uname.patch): permit username to start
with underscore or period.
- FC10 patch (vsftpd-2.0.6-listen.patch): default listen to YES.
- Fix crash on SIGHUP introduced in 2.1.0pre1. Oops.
- FC10 patch (vsftpd-2.0.5-bind_denied.patch): retry PASV bind() on EACCES
too, which can happen on SELinux systems.
- Default resource limit for child processes: 100MB address space.
- Finishing touches to the initial sandbox policy; only permit connect() to
the host on the control channel being the nicest touch.
(v2.1.0pre2 here)
- Fix 64-bit build (oops)! Thanks Martin Nagy <mnagy@redhat.com>.
- Fix config of SSL built in; not enabled; two process model. Report from
Martin.
- Shutdown the command connection in the priv parent's SIGTERM handler; kills
of children where the PR_SET_PDEATHSIG cannot due to different user ids.
(v2.1.0pre3 here)
- Fix build on FC10.
- Some FAQ tweaks.
- Permit fcntl(F_GETFD) in sandbox policy. Needed for FC10. Not sure where it
comes from but it is harmless. (My guess would be glibc-2.9's new support for
using O_CLOEXEC more).
- Fix build warning on 64-bit.
- Fix build on OpenBSD again.
(v2.1.0pre4 here)
- Bring userlist_deny handling inside the max_login_fail accounting.
At this point: v2.1.0 released!
===============================
- Apply Tavis' RLIMIT_NOFILE trick in the twoprocess model's initial
unprivileged child.
- Fix build error due to __NR_utimes.
- Ugh. Can't use RLIMIT_NOFILE in the SSL case because the process later
receives data transfer fd's via recvmsg(). It's a total shame because doing
the SSL handshake under even lower privs would be a real boost.
(v2.1.1pre1 here)
- Fix some declarations occuring in the middle of a block; broke older more
strict compilers.
- Handle the case where libcap is now libcap.so.2; fixes build on my new
Ubuntu 9.04.
- Enhance 522 error message to point to require_ssl_reuse option.
- Fix NASTY regression whereby data transfer timeouts would fire incorrectly
under SSL transfers. In addition, the transfer rate caps were not working
under SSL transfers. Reported by several people.
- Use the login delay machinery for userlist-based denials too. Thanks to
Tomas Hoger <thoger@redhat.com> for the patch.
- Fix another tedious regression whereby absent per-user config files were
causing a session fail rather than being gracefully ignored.
- Use the somewhat new CLONE_NEWPID / CLONE_NEWIPC to provide more isolation
in the vsftpd low-priv processes (CLONE_NEWNET pending).
- Use RLIMIT_NPROC to disallow fork()ing etc. in processes that do not need
to create new ones.
- Add "isolate" config flag to disable the new weird clone() flags if
necessary.
At this point: v2.1.1 released!
===============================
- Fix compile error in sysdeputil.c on some Linux systems.
At this point: v2.1.2 released!
===============================
- Fix compile on systems with no RLIMIT_NPROC, oops.
- Change some unsigned int to socklen_t's to avoid warnings on various
platforms, e.g. AIX.
- Add some syscall constants to ptracesandbox.c to fix the build on systems
with 2.4 kernel headers.
- Look for libs in /lib64 and /usr/lib64 too (Fixes Fedora 11 x86_64 compile).
- Fix EACCES mapping, thanks Solar Designer <solar@openwall.com>.
- Dont emit a bogus "OOPS: " message upon a QUIT, report from Solar Designer
<solar@openwall.com>.
- Tweak example vsftpd.conf to add commented out chroot_local_user=YES,
from Ivan I. Grushin <mcgru@intrice.ru>.
- Where available, use CLONE_NEWNET to isolate the untrusted processes so that
they can't do arbitrary connect() and instead have to ask the privileged
process for sockets. Moderate code disturbance - hope for no breakage :-/
- Disable implicit activation of one_process_model so that an anonymous setup
can benefit from the no-network isolation of the unprivileged process (where
available).
(vsftpd-2.2.0pre1)
- Call pam_get_item(PAM_USER) after authentication in case a PAM module
remapped the username. Based on a patch from John McNair <john.mcnair@ihg.com>.
- Apply a couple of IPv6 fixes from Corinna Schultz <corinna.schultz@gmail.com>,
particularly when MS operating systems are talking on link local addresses.
- Handle the error case for accepting a PASV connection in the two process
model properly.
- Pull in a couple of minor tidyup patches from Openwall.
- Add "-o" command line option to specify option, e.g. vsftpd -olisten=NO. Also
respect ordering with respect config files, e.g.
vsftpd -olisten=NO /etc/vsftpd.conf -olocal_enable=NO
Inspiration from Solar / Openwall.
(vsftpd-2.2.0pre2)
- Revert listen to be "NO" by default and also set max_per_ip / max_clients
to 2000 / 50 as a default. Thanks to Solar.
- Sanity check for admin: check config files are regular files.
- Error out if opening the per-user config file gives an error other than
ENOENT. Thanks Solar (who is on fire today ;-)
(vsftpd-2.2.0pre3)
- Apply some typo fixes from Solar.
- Error out on read() errors when reading config files.
(vsftpd-2.2.0pre4)
- Add tunable_isolate_network to parseconf.c, thanks Stefan Pfetzing
<dreamind@dreamind.de>.
- Don't try and use CLONE_NEWPID etc. if we get EPERM -- may happen even to
root if using linux-vserver. Also thanks to Stefan Pfetzing
<dreamind@dreamind.de>.
- Couple of typo tweaks from Cristi Terpea <cristi.terpea@fortech.ro>.
- Change // style comments to /* style.
- Fix pointer aliasing issue in new PAM_USER item support, thanks to Solar.
At this point: v2.2.0 released!
===============================
- Apply patch to set SSL context timeout to maximum, from Tim Kosse
<tim.kosse@filezilla-project.org>. Should prevent data connection failures
after a long transfer or idle period.
- Apply async-safety signal tweaks from Solar.
- Fix crash regression with the pasv_address option enabled.
- Typo fix and look for libnsl in /lib64, from Robby Workman
<rworkman@slackware.com>.
- When asking the client to send us a cert, make sure we broadcast some suitable
certificates. Fixes compatibility with the z/OS FTP client when
tunable_ssl_request_cert=YES.
- Rip out the silly "cached time" concept. Simplifies things and fixes
incorrect transfer time bug reported by Rajeev V. Pillai. Explicitly pass around
the cached current time in seconds in the one place that needs to avoid
repeated gettimeofday() calls (directory listing).
- Do the login fail delay in the parent process for cases where we checked
a username / password.
At this point: v2.2.1 released!
===============================
- Change "File receive OK." to "Transfer complete." to placate some broken
clients. Thanks Holger Kiehl <Holger.Kiehl@dwd.de>.
- Fix erroneous "child died" upon FTP client connect, when under load. Awesome
thanks to Holger Kiehl <Holger.Kiehl@dwd.de> for running diagnostic tests on
his live server.
- Boot the session if an overly long line is encountered.
(vsftpd-2.2.2pre1)
At this point: v2.2.2 released!
===============================
- Add extremely simply HTTP support. It's very experimental, ignorant of HTTP
protocol and headers, and likely has all sorts of other issues. The use case
it might satisfy is if you need to serve simple static unathenticated content
with large levels of paranoia.
- Fix port_promiscuous breakage. Report from Soeren <soeren84@fastmail.net>.
(v2.3.0pre1)
- Minor FAQ update.
- Use a larger address space limit if using text_userdb_names=YES
- Always use CLONE_NEWNET if possible when in HTTP mode.
- Change REST + STOR so that it's possible to overwrite part of file without
truncating it.
(v2.3.0pre2)
- Boot the session if we see a USER where encryption was required. May prevent
the transmission of plaintext passwords by buggy clients. Idea from
Marcin Hlybin <marcin@rootnode.net>.
- Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n
fixups.
At this point: v2.3.0 released!
===============================
- Fix silly regression re: log files being overwritten from the start.
- Rename a few file-open functions to make it clearer what they do.
At this point: v2.3.1 released!
===============================
- Argh! Fix version number.
At this point: v2.3.2 released!
===============================
pksrc changes:
* Instead of patch&subst to change layout of statedir, pass it to configure
instead (and subst for manpages are fixed).
* Convert custom mod_wrap library modification to SUBST.
* Need to buildlink with security/tcp_wappers for mod_wrap.
NEWS:
1.3.3c - Released 29-Oct-2010
--------------------------------
- Bug 3511 - SQLAuthType Backend not properly rejected by mod_sql_sqlite.
- Bug 3513 - EPERM error logged unnecessarily for SFTP logins on Linux.
- Bug 3517 - mod_quotatab decrements file tally improperly for failed DELE
commands.
- Bug 3518 - Support SiteMiscEngine directive, for disabling mod_site_misc
functionality via proftpd.conf.
- Bug 3519 - Inappropriate directory traversal allowed by mod_site_misc.
- Bug 3521 - Telnet IAC processing stack overflow.
1.3.3b - Released 09-Sep-2010
--------------------------------
- Bug 3481 - Problem with SFTP directory listings.
- Bug 3483 - NULL pointer dereference handling SITE command in mod_quotatab.
- Bug 3485 - Disabling IPv6 via -4 or --ipv4 command-line options does not work.
- Bug 3487 - Null pointer dereference with EPRT/EPSV/PASV/PORT command during
data transfer.
- Bug 3482 - ProFTPD corrupts utmpx log files on FreeBSD 9.0/HEAD.
- Bug 3491 - Directory pattern not matching as expected.
- Bug 3492 - Null pointer dereference during data transfer due to RNFR/RNTO.
- Bug 3494 - Null pointer dereference for IPv6-enabled proftpd when no
DefaultServer configured.
- Bug 3501 - <Anonymous> logins with "AuthAliasOnly on" still handled as
anonymous logins.
1.3.3a - Released 01-Jul-2010
--------------------------------
- Bug 3400 - Add Japanese translation.
- Bug 3401 - mod_sftp does not compile with pre-0.9.7 OpenSSL.
- Bug 3402 - mod_tls does not compile with pre-0.9.7 OpenSSL due to Bug#3349.
- Bug 3403 - File upload followed by MLSD leads to wrong file size entries in
TransferLog.
- Bug 3405 - Multiple SFTPAuthorizedUserKeys stores causes segfault on 64-bit
platforms.
- Bug 3354 - Renaming a file across mount points to a full disk does not fail
as expected.
- Bug 3408 - Use <termios.h> instead of <sys/termios.h> where possible.
- Bug 3412 - Include files not included after restart due to permissions.
- Bug 3409 - Build failure on newer FreeBSD due to utmp/utmpx system changes.
- Bug 3417 - Unsafe use of pointer when scanning config for ScoreboardFile.
- Bug 3418 - %U sometimes showing up as "(none)" in ExtendedLog.
- Bug 3421 - RewriteHome does not work properly for SFTP connections.
- Bug 3419 - SSL_shutdown() errors with openssl-0.9.8m.
- Bug 3423 - Last line of multiline DisplayLogin file improperly handled.
- Bug 3426 - mod_sftp does not log to TransferLog by default.
- Bug 3425 - Improperly constructed destination paths for SCP uploads.
- Bug 3427 - mod_sftp does not handle recursive SCP uploads properly.
- Bug 3432 - ExecBeforeCommand does not interpolate the %F/%f variables
properly.
- Bug 3434 - TraceLog contains messages even with "Trace DEFAULT:0" configured.
- Bug 3435 - Encoding/decoding conversion can cause CPU spike.
- Bug 3436 - Support build-time option to disable use of nonblocking open of
log files. Use --disable-nonblocking-log-open to get the pre-1.3.3 behavior
of opening log files.
- Bug 3437 - UseImplicitSSL TLSOption causes PBSZ/PROT commands to fail.
- Bug 3439 - Encoding fails if an NLS-enabled proftpd starts in a UTF8 locale.
- Bug 3446 - .ftpaccess ignored in some cases.
- Bug 3447 - mod_sftp can become confused during large recursive SCP uploads.
- Bug 3448 - Ensure that STAT/LSTAT/FSTAT SFTP requests do not use cached/stale
data.
- Bug 3449 - mod_sftp does not properly handle the O_TRUNC flag in a SFTP OPEN
request.
- Bug 3450 - mod_sftp does not properly handle the O_APPEND flag in a SFTP OPEN
request.
- Bug 3451 - WinSCP can't upload files using protocol version 5 with mod_sftp.
- Bug 3452 - mod_sftp does not advertise its supported SFTP extensions for
protocol version 5.
- Bug 3454 - msgfmt(1) options used for generating NLS files are not compatible
with Solaris' msgfmt.
- Bug 3456 - Problem attempting to recursively download a directory via SCP.
- Bug 3458 - mod_sftp incorrectly performs OpenSSL cleanup.
- Bug 3459 - mod_radius segfaults during incorrect login due to stale data.
- Bug 3460 - REALPATH SFTP request can cause improperly cached directory
configuration.
- Bug 3462 - ftpasswd script's --delete-user option does not work.
- Bug 3463 - ftpasswd script's --delete-group option does not work.
- Bug 3465 - SIGSEGV at LIST after CCC.
- Bug 3470 - Deferred resolution <Directory> paths not handled properly by
mod_sftp.
- Bug 3469 - ExtendedLog's %f variable not properly expanded for DELE if path
begins with tilde ('~').
- Bug 3467 - mod_ifsession does not merge <Directory> blocks properly.
- Bug 3471 - Null values in allow/deny rules causes mod_wrap2 to segfault.
- Bug 3472 - mod_sftp publickey authentication fails for large keys.
- Bug 3424 - Bad LDAP lookup can cause mod_ldap segfault under some conditions.
- Bug 3476 - LIST/NLST of path starting with "-" fails.
- Bug 3475 - Add new 'noGetgrouplist' AuthUnixOption to work around buggy
libc code.
- Bug 3474 - Using SQLite database and SQLLog directive can lead to problems
under load.
* Add linux inotify support, allowing monitoring of file system
events.
* Deferreds now support cancellation.
* Added new "endpoint" interfaces in twisted.internet.interfaces,
which abstractly describe stream transport endpoints which can be
listened on or connected to. Implementations for TCP and SSL
clients and servers are present in twisted.internet.endpoints.
Notably, client endpoints' connect() methods return cancellable
Deferreds, so code written to use them can bypass the awkward
"ClientFactory.clientConnectionFailed" and
"Connector.stopConnecting" methods, and handle errbacks from or
cancel the returned deferred, respectively.
* twisted.protocols.amp.Integer's documentation now clarifies that
integers of arbitrary size are supported and that the wire format
is a base-10 representation.
* twisted.protocols.amp now includes support for transferring
timestamps (amp.DateTime) and decimal values (amp.Decimal).
* twisted.protocol.ftp.IWriteFile now has a close() method, which can
return a Deferred. Previously a STOR command would finish
immediately upon the receipt of the last byte of the uploaded file.
With close(), the backend can delay the finish until it has
performed some other slow action (like storing the data to a
virtual filesystem).
* FilePath now calls os.stat() only when new status information is
required, rather than immediately when anything changes. For some
applications this may result in fewer stat() calls. Additionally,
FilePath has a new method, 'changed', which applications may use to
indicate that the FilePath may have been changed on disk and
therefore the next status information request must fetch a new
stat result. This is useful if external systems, such as C
libraries, may have changed files that Twisted applications are
referencing via a FilePath.
* Documentation improvements are now summarized in the NEWS file.
* twisted.internet.task.deferLater now returns a cancellable
Deferred.
* The connect methods of twisted.internet.protocol.ClientCreator now
return cancellable Deferreds.
* twisted.spread.pb now has documentation covering some of its
limitations.
* twisted.spread.jelly now supports jellying and unjellying classes
defined with slots if they also implement __getstate__ and
__setstate__.
* twisted.protocols.amp.ListOf arguments can now be specified as
optional.
* Bugfixes
4.5.3 brings a number of improvements:
* KSharedDataCache has cache invalidation bug fixed that caused stability
when daylight saving time changed.
* Icon overlays in Dolphin are now positioned correctly after adjusting
the zoom level.
* Okular, KDE's universal document viewer has seen improvements in the
DjVu and XPS backends.
* Install the "radcrypt" program.
* Enable radclient to send requests containing MS-CHAPv1 Send packets with:
MS-CHAP-Password = "password". It will be automatically converted to the
correct MS-CHAP attributes.
* Added "-t" command-line option to radtest. You can use "-t pap", "-t chap",
"-t mschap", or "-t eap-md5". The default is "-t pap"
* Make the "inner-tunnel" virtual server listen on 127.0.0.1:18120 This change
and the previous one makes PEAP testing much easier.
* Added more documentation and examples for the "passwd" module.
* Added dictionaries for RFC 5607 and RFC 5904.
* Added note in proxy.conf that we recommend setting
"require_message_authenticator = yes" for all home servers.
* Added example of second "files" configuration, with documentation.
This shows how and where to use two instances of a module.
* Updated radsniff to have it write pcap files, too. See '-w'.
* Print out large WARNING message if we send an Access-Challenge for EAP, and
receive no follow-up messages from the client.
* Added Cached-Session-Policy for EAP session resumption. See raddb/eap.conf.
* Added support for TLS-Cert-* attributes. For details, see
raddb/sites-available/default, "post-auth" section.
* Added sample raddb/modules/{opendirectory,dynamic_clients}
* Updated Cisco and Huawei, HP, Redback, and ERX dictionaries.
* Added RFCs 5607, 5904, and 5997.
* For EAP-TLS, client certificates can now be validated using an external
command. See eap.conf, "validate" subsection of "tls".
* Made rlm_pap aware of {nthash} prefix, for compatibility with legacy RADIUS
systems.
* Add Module-Failure-Message for mschap module (ntlm_auth)
* Made rlm_sql_sqlite database configurable. Use "filename" in sql{} section.
* Added %{tolower: ...string ... }, which returns the lowercase version of the
string. Also added %{toupper: ... } for uppercase.
* Bug fixes.
Changelog:
Version 1.0.29:
* Fixed corruption when downloading files larger than 4 Gb on a 32-bits arch.
* Fixed error on exit on Linux.
* Downloading should be slightly faster.
Version 1.0.28:
* When —autorename is enabled, an upload script will now get the final file name instead of the original one.
* The ALLO command now checks for the actual disk space in addition to the virtual quota.
* ABOR on OSX has been fixed.
* Fixed the virtual quota computation after an atomic upload has been resumed.
* Fixed AUTH_ENCRYPTED.
* A workaround against spurious disconnections with ncftp has been implemented.
4.5.2
translation updates, performance and stability improvements and other
bugfixes.
4.5.0
new versions of the Plasma Workspaces, the KDE Applications and the KDE
Development Platform in version 4.5.0. While focus within this release
cycle lay on stability, the overall polish and performance gain is well
noticable. Features such as the reworked notification area, Marble's map
routing and support for WebKit in Konqueror round up this release.
- use prctl(2) to set process name [Cameron]
- add --version option [Cameron]
- remove superfluous sigset [Cameron/Gono]
- default options file to not require MPPE (#166394) [Howarth]
- add PROTOCOL-SECURITY discussion [Cameron/Mueller]
Fixes old PR pkg/38038
* Replaced IO subsystem with wandio abstraction
* IO / compression / decompression is now performed in a separate thread, resulting in improved performance
* Modular design makes it easy to add support for new compression formats
* Added native support for reading and writing bzip files
* Added native support for writing lzo files
* JITing of BPF bytecode using LLVM, leading to faster BPF filtering
* Added enums for post-IP protocols and Ethertypes
* Write support added for DAG cards - thanks to Daniel Lawson
* Added new trace tool: tracetop. Shows the top N flows each second
* Added new trace tool: tracereplay. Attempts to replay trace files in trace time
* Added new trace tool: tracediff. Displays packets that differ between two trace files
* Added trace_get_timespec() function
* If the format is not specified as part of the URI, libtrace can now attempt to guess the trace format
* Libpacketdump can now decode CHDLC and PPP/HDLC headers
* Added all the code examples from the libtrace tutorial to the examples directory
Bug Fixes:
* Fixed bug where packets read from a DAG card that did not match the filter were causing lengthy sleep events under the event API
* Fixed various tools that were not reporting the occurrence of a read error
* Fixed segfault caused by malformed URIs
* Fixed bug where reading a zero-length payload from a PCAP trace would result in an EOF being incorrectly reported
* Fixed bug where filtered packet count was not initialised to zero
* trace_get_payload_from_ip() now returns NULL when the IP version is incorrect rather than asserting
* Fixed segfault when writing packets to a Linux native socket, caused by byte ordering issue
* Fixed bug where custom pcap event function was not being used
* Fixed misplaced assertion in the pcap file reading code
* Fixed bug where trace_event would never get a packet event under recent versions of libpcap
* Fixed assertion failure when an unknown linktype is encountered by libpacketdump
* Fixed error caused by LCP packets that are common in some trace sets, e.g. Leipzig
* Increased size of RT packet buffer to fix problems caused by jumbograms
* Fixed errors caused by 32- and 64-bit incompatibility when sending Linux Native packets using the RT protocol
* trace_get_*_port() functions now always return 0 for ICMP packets
* Fixed problems with decoding HDLC and CHDLC headers
* Fixed segfault when reading PCAP packets that had no packet content
* Fixed bug where PCAP packets would be written with a larger capture length than the wire length
* Fixed segfault in the TCP segment report in tracereport caused by segments larger than 1500 bytes
* Fixed bug with restarting a PCAP trace file
* Fixed bugs relating to the size of the TSH packet records
* Fixed bug where we were not accounting for the FCS in legacy Ethernet captures
* Fixed bug where libpacketdump could not decode Linux SLL properly due to using an "undefined" function
* Fixed bug where libpacketdump was not skipping IP options before attempting to decode the next header
* Fixed bug where padding was being treated as part of a truncated header
* Fixed assertion when converting a packet with a corrupt wire length to PCAP
* More fixes for missing #includes
Improvements:
* trace_get_source_address() and trace_get_destination_address() now return link layer addresses in the absence of an IP header wherever possible
* trace_get_<protocol> short-cut functions now return NULL if the entire header (minus options) is not present in the packet
* Added missing set_capture_length() functionality for Linux Native
* traceanon can now write compressed traces
* traceanon now replaces checksums with zeroes
* traceanon, tracesplit and tracemerge now support all libtrace compression types for output
* tracereport no longer does the flow report by default
* Added support for new ERF types
* Added linktype for Experimental Ethernet
* Added --count option to tracereport
* Added --merge-inputs option to tracertstats
* Added support for ARPHRD_NONE
* Added a libpacketdump decoder for ubiquity headers
* Improved libpacketdump's method of searching for decoders
* More efficient arrangement of internal structures
* Tidied up exported symbols
* General code maintenance
* Tidied up manpages
* Improved documentation
Changelog:
* Set a minimum size for column widths in directory lists and transfer queue
* Fix build-time check for system TinyXML
* Correctly handle symbolic links pointing to files in search dialog
* Fix crash in options initialization
This is pulled in early because it fixes a serious problem with servers
providing both IPv4 and v6: previous versions tried only the first
address returned by DNS, whether the box has connectivity or not.
Should fix problems with webkit in particular, as also reported by
Pouya D. Tafti.
AuthSub is Google's method of authentication for their web services.
It is also used by other web sites.
This package contains a perl module to interact with such sites.
Changes in 2.1.4
~~~~~~~~~~~~~~~~
* FIX: afpd: Downstream fix for FreeBSD PR 148022
* FIX: afpd: Fixes for bugs 3074077 and 3074078
* FIX: afpd: Better handling of symlinks in combination with ACLs and EAs.
Fixes bug 3074076.
* FIX: dbd: Adding a file with the CNID from it's adouble file did
not work in case that CNID was alread occupied in the database
* FIX: macusers: add support for Solaris
* NEW: cnid_metad: use a PID lockfile
* NEW: afpd: prevent log flooding
* UPD: dbd: ignore ".zfs" snapshot directories
* UPD: dbd: support interrupting -re mode
Does not fix pkg/43953, unfortunately.
Version 2.2.16
September 28, 2010
Changes:
* Add support for webm_480p, webm_720p [youtube]
* Thanks to Mark Weaver for the patch, <http://is.gd/fmwv5>
* Misc. minor tweaks in manual (e.g. URLs, etc.)
* Migrate issue tracking from Googlecode to Sourceforge, <http://is.gd/fmylF>
--- 4.1.1 2010/10/05
Fix yaz-config output: echo_source not set correctly by configure.
--- 4.1.0 2010/10/05
SOLR WebService support for yaz-client and ZOOM.
Define record syntax JSON. OID: 1.2.840.10003.5.1000.81.3 .
2010-01-13 Bob Halley <halley@dnspython.org>
* dns/dnssec.py: Added RSASHA256 and RSASHA512 codepoints; added
other missing codepoints to _algorithm_by_text.
2010-01-12 Bob Halley <halley@dnspython.org>
* Escapes in masterfiles now work correctly. Previously they were
only working correctly when the text involved was part of a domain
name.
* dns/tokenizer.py: The tokenizer's get() method now returns Token
objects, not (type, text) tuples.
2009-11-13 Bob Halley <halley@dnspython.org>
* Support has been added for hmac-sha1, hmac-sha224, hmac-sha256,
hmac-sha384 and hmac-sha512. Thanks to Kevin Chen for a
thoughtful, high quality patch.
* dns/update.py (Update::present): A zero TTL was not added if
present() was called with a single rdata, causing _add() to be
unhappy. Thanks to Eugene Kim for reporting the problem and
submitting a patch.
* dns/entropy.py: Use os.urandom() if present. Don't seed until
someone wants randomness.
2009-09-16 Bob Halley <halley@dnspython.org>
* dns/entropy.py: The entropy module needs locking in order to be
used safely in a multithreaded environment. Thanks to Beda Kosata
for reporting the problem.
2009-07-27 Bob Halley <halley@dnspython.org>
* dns/query.py (xfr): The socket was not set to nonblocking mode.
Thanks to Erik Romijn for reporting this problem.
2009-07-23 Bob Halley <halley@dnspython.org>
* dns/rdtypes/IN/SRV.py (SRV._cmp): SRV records were compared
incorrectly due to a cut-and-paste error. Thanks to Tommie
Gannert for reporting this bug.
* dns/e164.py (query): The resolver parameter was not used.
Thanks to Matías Bellone for reporting this bug.
2009-06-23 Bob Halley <halley@dnspython.org>
* dns/entropy.py (EntropyPool.__init__): open /dev/random unbuffered;
there's no need to consume more randomness than we need. Thanks
to Brian Wellington for the patch.
- Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The Penetration Test Team of NCNIPC (China) discovered that
the ASN.1 BER dissector was susceptible to a stack overflow.
(Bug 5230)
[A patch for this bug was already in version 1.4.0 in "pkgsrc".]
- The following bugs have been fixed:
o Incorrect behavior using sorting in the packet list. (Bug
2225)
o Cooked-capture dissector should omit the source address field
if empty. (Bug 2519)
o MySQL dissector doesn't dissect MySQL stream. (Bug 2691)
o Wireshark crashes if active display filter macro is renamed.
(Bug 5002)
o Incorrect dissection of MAP V2 PRN_ACK. (Bug 5076)
o TCP bytes_in_flight becomes inflated with lost packets. (Bug
5132)
o GTP header is exported in PDML with an incorrect size. (Bug
5162)
o Packet list hidden columns will not be parsed correctly from
preferences file. (Bug 5163)
o Wireshark does not display the t.38 graph. (Bug 5165)
o Wireshark don't show mgcp calls in "Telephony → VoIP calls".
(Bug 5167)
o Wireshark 1.4.0 & VoIP calls "Prepare Filter" problem. (Bug
5172)
o GTPv2: IMSI is decoded improperly. (Bug 5179)
o [NAS EPS] EPS Quality of Service IE decoding is wrong. (Bug
5186)
o Wireshark mistakenly writes "not all data available" for IPv4
checksum. (Bug 5194)
o GSM: Cell Channel Description, range 1024 format. (Bug 5214)
o Wrong SDP interpretation on VoIP call flow chart. (Bug 5220)
o The CLDAP attribute value on a CLDAP reply is no longer being
decoded. (Bug 5239)
o [NAS EPS] Traffic Flow Template IE dissection bugs. (Bug 5243)
o [NAS EPS] Use Request Type IE defined in 3GPP 24.008. (Bug
5246)
o NTLMSSP_AUTH domain and username truncated to first letter
with IE8/Windows7 (generating the NTLM packet). (Bug 5251)
o IPv6 RH0: dest addr is to be used i.s.o. last RH address when
0 segments remain. (Bug 5252)
o EIGRP dissection error in Flags field in external route TLVs.
(Bug 5261)
o MRP packet is not correctly parsed in PROFINET multiple write
record request. (Bug 5267)
o MySQL Enhancement: support of Show Fields and bug fix. (Bug
5271)
o [NAS EPS] Fix TFT decoding when having several Packet Filters
defined. (Bug 5274)
o Crash if using ssl.debug.file with no password for
ssl.keys_list. (Bug 5277)
- Updated Protocol Support
ASN.1 BER, ASN.1 PER, EIGRP, GSM A RR, GSM Management, GSM MAP,
GTP, GTPv2, ICMPv6, Interlink, IPv4, IPv6, IPX, LDAP, LLC, MySQL,
NAS EPS, NTLMSSP, PN-IO, PPP, RPC, SDP, SLL, SSL, TCP
Approved by Alistair Crooks.
New Features
* Zones may be dynamically added and removed with the "rndc addzone"
and "rndc delzone" commands. These dynamically added zones are
written to a per-view configuration file. Do not rely on the
configuration file name nor contents as this will change in a
future release. This is an experimental feature at this time.
* Added new "filter-aaaa-on-v4" access control list to select which
IPv4 clients have AAAA record filtering applied.
* A new command "rndc secroots" was added to dump a combined summary
of the currently managed keys combined with statically configured
trust anchors.
* Added support to load new keys into managed zones without signing
immediately with "rndc loadkeys". Added support to link keys with
"dnssec-keygen -S" and "dnssec-settime -S".
Changes
* Documentation improvements
* ORCHID prefixes were removed from the automatic empty zone list.
* Improved handling of GSSAPI security contexts. Specifically, better
memory management of cached contexts, limited lifetime of a context
to 1 hour, and added a "realm" command to nsupdate to allow
selection of a non-default realm name.
* The contributed tool "ztk" was updated to version 1.0.
Security Fixes
* If BIND, acting as a DNSSEC validating server, has two or more
trust anchors configured in named.conf for the same zone (such as
example.com) and the response for a record in that zone from the
authoritative server includes a bad signature, the validating
server will crash while trying to validate that query.
* A flaw where the wrong ACL was applied was fixed. This flaw allowed
access to a cache via recursion even though the ACL disallowed it.
Bug Fixes
* Removed a warning message when running BIND 9 under Windows for
when a TCP connection was aborted. This is a common occurrence and
the warning was extraneous.
* Worked around a race condition in the cache database memory
handling. Without this fix a DNS cache DB or ADB could incorrectly
stay in an over memory state, effectively refusing further caching,
which subsequently made a BIND 9 caching server unworkable.
* Partially disabled change 2864 because it would cause infinite
attempts of RRSIG queries.
* BIND did not properly handle non-cacheable negative responses from
insecure zones. This caused several non-protocol-compliant zones to
become unresolvable. BIND is now more accepting of responses it
receives from less strict servers.
* A bug, introduced in BIND 9.7.2, caused named to fail to start if a
master zone file was unreadable or missing. This has been corrected
in 9.7.2-P1.
* BIND previously accepted answers from authoritative servers that
did not provide a "proper" response, such as not setting AA bit.
BIND was changed to be more strict in what it accepted but this
caused operational issues. This new strictness has been backed out
in 9.7.2-P1.
* remove adding PYTHON=${PYTHONBIN} to CONFIGURE_ENV, it alredy in ALL_ENV.
* remove pre-install target, because no need, broke destdir installation
* some cosmetic fixes.
- The following bugs have been fixed:
- Update time display in background. (Bug 1275)
- Tshark returns 0 even with an invalid interface or capture
filter. (Bug 4735)
- The following features are new (or have been significantly
updated) since version 1.2:
- The packet list internals have been rewritten and are now more
efficient.
- Columns are easier to use. You can add a protocol field as a
column by right-clicking on its packet detail item, and you
can adjust some column preferences by right-clicking the
column header.
- Preliminary Python scripting support has been added.
- Many memory leaks have been fixed.
- Packets can now be ignored (excluded from dissection), similar
to the way they can be marked.
- Manual IP address resolution is now supported.
- Columns with seconds can now be displayed as hours, minutes
and seconds.
- You can now set the capture buffer size on UNIX and Linux if
you have libpcap 1.0.0 or greater.
- TShark no longer needs elevated privileges on UNIX or Linux to
list interfaces. Only dumpcap requires privileges now.
- Wireshark and TShark can enable 802.11 monitor mode directly
if you have libpcap 1.0.0 or greater.
- You can play RTP streams directly from the RTP Analysis
window.
- Capinfos and editcap now respectively support time order
checking and forcing.
- Wireshark now has a "jump to timestamp" command-line option.
- You can open JPEG files directly in Wireshark.
- New Protocol Support
3GPP Nb Interface RTP Multiplex, Access Node Control Protocol,
Apple Network-MIDI Session Protocol, ARUBA encapsulated remote
mirroring, Assa Abloy R3, Asynchronous Transfer Mode, B.A.T.M.A.N.
Advanced Protocol, Bluetooth AMP Packet, Bluetooth OBEX, Bundle
Protocol, CIP Class Generic, CIP Connection Configuration Object,
CIP Connection Manager, CIP Message Router, collectd network data,
Control And Provisioning of Wireless Access Points, Controller
Area Network, Device Level Ring, DOCSIS Bonded Initial Ranging
Message, Dropbox LAN sync Discovery Protocol, Dropbox LAN sync
Protocol, DTN TCP Convergence Layer Protocol, EtherCAT Switch
Link, Fibre Channel Delimiters, File Replication Service DFS-R,
Gateway Load Balancing Protocol, Gigamon Header, GigE Vision
Control Protocol, Git Smart Protocol, GSM over IP ip.access CCM
sub-protocol, GSM over IP protocol as used by ip.access, GSM
Radiotap, HI2Operations, Host Identity Protocol, HP encapsulated
remote mirroring, HP NIC Teaming Heartbeat, IEC61850 Sampled
Values, IEEE 1722 Protocol, InfiniBand Link, Interlink Protocol,
IPv6 over IEEE 802.15.4, ISO 10035-1 OSI Connectionless
Association Control Service, ISO 9548-1 OSI Connectionless Session
Protocol, ISO 9576-1 OSI Connectionless Presentation Protocol,
ITU-T Q.708 ISPC Analysis, Juniper Packet Mirror, Licklider
Transmission Protocol, MPLS PW ATM AAL5 CPCS-SDU mode
encapsulation, MPLS PW ATM Cell Header, MPLS PW ATM Control Word,
MPLS PW ATM N-to-One encapsulation, no CW, MPLS PW ATM N-to-One
encapsulation, with CW, MPLS PW ATM One-to-One or AAL5 PDU
encapsulation, Multiple Stream Reservation Protocol, NetPerfMeter
Protocol, NetScaler Trace, NexusWare C7 MTP, NSN FLIP, OMRON FINS
Protocol, packetbb Protocol, Peer Network Resolution Protocol,
PKIX Attribute Certificate, Pseudowire Padding, Server/Application
State Protocol, Solaris IPNET, TN3270 Protocol, TN5250 Protocol,
TRILL, Twisted Banana, UMTS FP Hint, UMTS MAC, UMTS Metadata, UMTS
RLC, USB HID, USB HUB, UTRAN Iuh interface HNBAP signalling, UTRAN
Iuh interface RUA signalling, V5.2, Vendor Specific Control
Protocol, Vendor Specific Network Protocol, VMware Lab Manager,
VXI-11 Asynchronous Abort, VXI-11 Core Protocol, VXI-11 Interrupt,
X.411 Message Access Service, ZigBee Cluster Library
- Updated Protocol Support
There are too many to list here.
- New and Updated Capture File Support
Accellent 5Views, ASN.1 Basic Encoding Rules, Catapult DCT2000,
Daintree SNA, Endace ERF, EyeSDN, Gammu DCT3 trace, IBM iSeries,
JPEG/JFIF, libpcap, Lucent/Ascend access server trace, NetScaler,
PacketLogger, pcapng, Shomiti/Finisar Surveyor, Sun snoop, Symbian
OS btsnoop, Visual Networks
Pkgsrc changes:
A fix for the security vulnerability reported in SA41535 has been
integrated from the Wireshark SVN repository.
Changelog:
NEW FEATURES
ISC DHCP 4.1.x includes several new DHCPv6 features that were not included
in DHCP 4.0.x. These include:
- Support for the rapid-commit option on the client side
- Prefix Delegation support
- IA_TA address support
- A basic DHCPv6 relay agent
- Basic and partial DHCPv6 leasequery support
There are a number of DHCPv6 limitations and features missing in this
release, which will be addressed in the future:
- Only Solaris, Linux, FreeBSD, NetBSD, and OpenBSD are supported.
- Only a single address is supported per IA.
- DHCPv6 includes human-readable text in status code messages. These
should be configurable, and probably localized via gettext() or the
like.
- The "host-identifier" option is limited to a simple token.
- The client and server can only operate DHCPv4 or DHCPv6 at a time,
not both. To use both protocols simultaneously, two instances of the
relevant daemon are required, one with the '-6' command line option.
For information on how to install, configure and run this software, as
well as how to find documentation and report bugs, please consult the
README file.
ISC DHCP uses standard GNU configure for installation. Please review the
output of "./configure --help" to see what options are available.
The system has only been tested on Linux, FreeBSD, and Solaris, and may not
work on other platforms. Please report any problems and suggested fixes to
<dhcp-users@isc.org>.
Changes since 4.1.1
- A bug was fixed that could cause the DHCPv6 server to advertise/assign a
previously allocated (active) lease to a client that has changed subnets,
despite being on different shared networks. Dynamic prefixes specifically
allocated in shared networks also now are not offered if the client has
moved. [ISC-Bugs #21152]
! Accept a client id of length 0 while hashing. Previously the server would
exit if it attempted to hash a zero length client id, providing attackers
with a simple denial of service attack. [ISC-Bugs #21253]
Changes since 4.1.1rc1
- When using 'ignore client-updates;', the FQDN returned to the client
is no longer truncated to one octet.
Changes since 4.1.1b3
- None.
Changes since 4.1.1b2
- Fix test in dhcp_interface_signal_handler to check that the inner handler
has a signal_handler before calling it.
- Both host and subnet6 configuration groups are now included whether a
fixed-address6 (DHCPv6) is in use or not. Host scoped configuration takes
precedence. This fixes two bugs, one where host scoped configuration
would not be included from a non-fixed-address6 host record, and the equal
and opposite bug where subnet6 scoped configuration would not be used when
over-riding values were not present in a matching fixed-address6 host
configuration.
- ./configure now checks to ensure the intX_t and u_intX_t types are defined,
correcting a compilation failure when using Sun's compiler.
- Modified the handling of a connection to avoid releasing the omapi io
object for the connection while it is still in use. One symptom from
this error was a segfault when a failover secondary attempted to connect
to the failover primary if their clocks were not synchronized.
Changes since 4.1.1b1
- Remove infinite loop in token_print_indent_concat().
- Memory leak in the load_balance_mine() function is fixed. This would
leak ~20-30 octets per DHCPDISCOVER packet while failover was in use
and in normal state.
- Various compilation fixes have been included for the memory related
DEBUG #defines in includes/site.h.
- Fixed Linux client script 'unary operator expected' errors with DHCPv6.
- Fixed setting hostname in Linux hosts that require hostname argument
to be double-quoted. Also allow server-provided hostname to
override hostnames 'localhost' and '(none)'.
- Added client support for setting interface MTU and metric, thanks to
Roy "UberLord" Marples <roy@marples.name>.
- Fixed failover reconnection retry code to continue to retry to reconnect
rather than restarting the listener.
- Compilation on Solaris with USE_SOCKETS defined in includes/site.h has
been repaired. Other USE_ overrides should work better.
- A check for the local flavor of IFNAMSIZ had a broken 'else' condition,
that probably still resulted in the correct behaviour (but wouldn't use
a larger defined value provided by the host OS).
- Fixed a bug where an OMAPI socket disconnection message would not result
in scheduling a failover reconnection, if the link had not negotiated a
failover connect yet (e.g.: connection refused, asynch socket connect()
timeouts).
- A bug was fixed that caused the 'conflict-done' state to fail to be parsed
in failover state records.
! A stack overflow vulnerability was fixed in dhclient that could allow
remote attackers to execute arbitrary commands as root on the system,
or simply terminate the client, by providing an over-long subnet-mask
option. CERT VU#410676 - CVE-2009-0692
- Versions 3.0.x syntax with multiple name->code option definitions is now
supported. Note that, similarly to 3.0.x, for by-code lookups only the
last option definition is used.
- Fixed a bug where a time difference of greater than 60 seconds between a
failover pair could cause the primary to crash on contact with the
secondary. Thanks to a patch from Steinar Haug.
- Don't look for IPv6 interfaces on Linux when running in DHCPv4 mode.
Thanks to patches from Matthew Newton and David Cantrell.
- Secondary servers in a failover pair will now perform ddns removals if
they had performed ddns updates on a lease that is expiring, or was
released through the primary. As part of the same fix, stale binding scopes
will now be removed if a change in identity of a lease's active client is
detected, rather than simply if a lease is noticed to have expired (which it
may have expired without a failover server noticing in some situations).
- A patch supplied by David Cantrell at RedHat was applied that detects
invalid calling parameters given to the ns_name_ntop() function.
Specifically, it detects if the caller passed a pointer and size pair
that causes the pointer to integer-wrap past zero.
! Fixed a fenceposting bug when a client had two host records configured,
one using 'uid' and the other using 'hardware ethernet'. CVE-2009-1892
Changes since 4.1.0
- Validate the argument to the -p option.
- The notorious 'option <unknown> ... larger than buffer' log line,
which is seen in some malformed DHCP client packets, was modified.
It now logs the universe name, and does not log the length values
(which are bogus corruption read from the packet anyway). It also
carries a hopefully more useful explanation.
- A bug was fixed that caused the server not to answer some valid Solicit
and Request packets, if the dynamic range covering any requested addresses
had been deleted from configuration.
- Suppress spurious warnings from configure about --datarootdir
- Update the code to deal with GCC 4.3. This included two sets of changes.
The first is to the configuration files to include the use of
AC_USE_SYSTEM_EXTENSIONS. The second is to deal with return values that
were being ignored.
- The db-time-format option was documented in manpages.
- Using reserved leases no longer results in 'lease with binding state
free not on its queue' error messages, thanks to a patch from Frode
Nordahl.
- DDNS removal routines were updated so that the DHCID is not removed until
the client has been deprived of all A and AAAA records (not only the last
one of either of those). This resolves a bug where dual stack clients
would not be able to regain their names after either expiration event.
- Fix a build error in dhcrelay, using older versions of gcc with
dhcpv6 disabled.
- Two uninitialized stack structures are now memset to zero, thanks to
patch from David Cantrell at Red Hat.
- Fixed a cosmetic bug where pretty-printing valid domain-search options would
result in an erroneous error log message ('garbage in format string').
- A bug in DLPI packet transmission (Solaris, HP/UX) that caused the server
to stop receiving packets is fixed. The same fix also means that the MAC
address will no longer appear 'bogus' on DLPI-based systems.
- A bug in select handling was discovered where the results of one select()
call were discarded, causing the server to process the next select() call
and use more system calls than required. This has been repaired - the
sockets will be handled after the first return from select(), resulting in
fewer system calls.
- The update-conflict-detection feature would leave an FQDN updated without
a DHCID (still currently implemented as a TXT RR). This would cause later
expiration or release events to fail to remove the domain name. The feature
now also inserts the client's up to date DHCID record, so records may safely
be removed at expiration or release time. Thanks to a patch submitted by
Christof Chen.
pkgsrc changes:
- add license definition
Upstream changes:
0.18 -- Mon May 31 10:38:13 CDT 2010
* Added support for IPv6 (patch from John Jason Brzozowski)
* Added .gitignore file [Maik Hentsche]
* added unit tests [Maik Hentsche]
* added directory for unit test [Maik Hentsche]
* handle unlink error [Maik Hentsche]
* added unit test for missing host [Maik Hentsche]
* Fix warning for new() without host argument [Maik Hentsche]
pkgsrc changes:
- add license
Upstream changes since 0.4:
version 0.42 (2009/10/01):
- don't hangup when receiving abandonRequest in order to support
clients like Evolution which expect that the socket is still
alive after such a request (patch by Bill Lindley)
RabbitMQ is a complete and highly reliable Enterprise Messaging
system. The RabbitMQ client libraries and broker daemon can be used
together to create an AMQP network, or used individually to bring
the benefits of RabbitMQ to established networks.
(Based on wip/rabbitmq.)
Lua extension library that is composed by two parts: a C core that provides
support for the TCP and UDP transport layers, and a set of Lua modules that
add support for functionality commonly needed by applications that deal
with the Internet.
(Based on wip/luasocket.)
Version 2.2.15
September 10, 2010
Changes:
* New Youtube test URL
* --format, "flv" is now called "default"
* Add Youtube 1080p support (#62)
* Update Youtube format IDs to match those used with quvi
Bugfixes:
* Vimeo support (http/404), thanks to Jonas Smedegaard for the fix (#61)
- <http://bugs.debian.org/595486>
Version 2.2.14
September 2, 2010
Bugfixes:
* Output File path encoding (#60)
Version 2.2.13
August 12, 2010
Changes:
* Add --license option
Upstream changes:
3.13008 2010-08-26
- use HTTPS for all OAuth token negotiation steps
3.13007 2010-07-06
- decode_html_entities now decodes all fields (incl source in search
results)
- Role::OAuth doc patch by Doug Bell <doug@plainblack.com>
- fixed: incompatibility between "since" and InflateObjects
3.13006 2010-06-18
- test fix: bump the skip count for a new test in t/unicode.t for
optional module
3.13005 2010-06-18
- fixed: since (synthetic arg) filtering
- fixed: don't use args for OAuth signature on multi-part mime posts
3.13004 2010-06-18
- fixed: OAuth signature error with unicode args (RT#58493)
3.13003 2010-05-21
- production release with Lists API refactor and OAuth changes
3.13002_03 2010-05-13
- fixed: generate new OAuth authorization hearder on retry
(RetryOnError trait)
3.13002_02 2010-05-12
- fixed: removed redundant alias declarations
3.13002_01 2010-05-12
- Refactored the Lists API to use Net::Twitter::API
3.13001 2010-11
- use POST with Authorization header for XAuth (per Twitter
documentation)
- replace homegrown XAuth support with Net::OAuth's native support
- accommodate 2 base URLs for API::Search (search and trends* methods
use different base URLs)
- enable SSL support for API::Search
3.13000 2010-05-09
- added support and documentation for optional timeline parameter
skip_user
- fixed tests: plan was called twice when LWP was too old
- added friends_incoming and friendships_outgoing methods
3.12000 2010-03-19
- added new API methods: retweeted_by and retweeted_by_ids
- fixed: t/51_since.t was actually connecting to twitter
==============================
Release Notes for Samba 3.3.14
September 14, 2010
==============================
This is a security release in order to address CVE-2010-3069.
o CVE-2010-3069:
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.
--- 4.0.12 2010/08/17
Z39.50 facet support. Facet specifications are passed for search in
other-information with ASN.1 as defined in facet.asn and OID
.10.1000.81.5 . Facets are expressed as an Attribute list as known
from Type-1/RPN queries. Type 1 is field. Type 2 is sort order. Type
3 is limit (number of entries to get in response). yaz-ztest returns
dummy facets if a client asks for them.
1.06
- depend to Test::SharedFork 0.14. It fixes issue with Test::Builder2.
1.05
- workaround for $@ issue in test case.
Data::Util's method modifier clears $@.
Addressable is a replacement for the URI implementation that is part of
Ruby's standard library. It more closely conforms to the relevant RFCs and
adds support for IRIs and URI templates.
* Add LICENSE.
* Ajust new ruby package's framework.
* Add PKG_DESTDIR_SUPPORT.
* Add "-Ku" option on shbang line to specify scripts' character encoding
explicitly. (Hopefully, it work on ruby19).
2008-03-19 Simon Leinen <simon.leinen@switch.ch>
* lib/SNMP_Session.pm: Improved initialization of the flags for
non-blocking behavior in receive_response_3(). The __DIE__ and
__WARN__ signal handlers should be bound to the defaults, because
the caller might be binding those and get in our way. Also, we
only want to compute the flags once, on initialization.
2007-12-22 Simon Leinen <simon.leinen@switch.ch>
* lib/SNMP_util.pm, lib/SNMP_Session.pm, lib/BER.pm:
Upgraded to Artistic License 2.0.
Copyright notice updated for 2008.
* Artistic: Upgraded to Artistic License 2.0, from
http://svn.perl.org/viewcvs/parrot/trunk/LICENSE?view=markup&rev=19096
2007-11-01 Simon Leinen <simon.leinen@switch.ch>
* lib/SNMP_util.pm: New MIB parsing code from Mike Mitchell.
2007-10-13 Simon Leinen <simon.leinen@switch.ch>
* lib/SNMP_Session.pm ($VERSION):
Upgraded to 1.11, to pick up change to SNMP_util.pm.
* changes.html: Document loop detection fix in SNMP_util.pm.
* faq.html, index.html: Updated my e-mail address.
* README, README.SNMP_util, lib/SNMP_Session.pm, lib/SNMP_util.pm,
changes.html: Changed Tobi Oetiker's mail address.
* README, index.html: Changed MRTG URL.
* lib/SNMP_util.pm: [All changes from Mike Mitchell]
Global replace || => or, && => and, to avoid precedence errors.
(snmpwalk_flg): Improved loop detection.
2007-10-13 Simon Leinen <simon.leinen@switch.ch>
* lib/SNMP_Session.pm ($VERSION): Upgraded to 1.11, to pick up
change to SNMP_util.pm.
* README, README.SNMP_util, changes.html, lib/SNMP_Session.pm:
Changed Tobi Oetiker's mail address.
* lib/SNMP_util.pm: [All changes from Mike Mitchell]
Changed Tobi Oetiker's mail address.
Global replace || => or, && => and, to avoid precedence errors.
(snmpwalk_flg): Improved loop detection.
* README: Changed MRTG URL.
2007-05-18 Simon Leinen <simon.leinen@switch.ch>
* README, changes.html, index.html: Updated copyright.
* lib/SNMP_util.pm (Check_OID):
Fix regexp for qualified OID case (Mike Mitchell).
2007-05-03 Simon Leinen <simon.leinen@switch.ch>
* lib/SNMP_Session.pm: Added Mike Fischer as a contributor.
($VERSION): Incremented to 1.10.
(receive_response_3): Added optional "dont_block" argument. If
this is present and non-zero, pass MSG_DONTWAIT to the recv()
call. MSG_DONTWAIT is wrapped in an eval, to avoid breaking the
code on systems that don't have the flag.
(request_response_5): Pass dont_block=1 to receive_response_3.
According to Mike Fisher, Linux sometimes blocks on recv() even
though a select() for readability has returned, for example when a
checksum fails.
2007-05-03 Simon Leinen <simon.leinen@switch.ch>
* lib/SNMP_Session.pm: Added Mike Fischer as a contributor.
($VERSION): Incremented to 1.10.
(receive_response_3): Added optional "dont_block" argument. If
this is present and non-zero, pass MSG_DONTWAIT to the recv()
call. MSG_DONTWAIT is wrapped in an eval, to avoid breaking the
code on systems that don't have the flag.
(request_response_5): Pass dont_block=1 to receive_response_3.
According to Mike Fisher, Linux sometimes blocks on recv() even
though a select() for readability has returned, for example when a
checksum fails.
2007-01-06 Simon Leinen <simon.leinen@switch.ch>
* lib/BER.pm: Updated copyright notice.
(pretty_print): Use PDU names according to RFC3416.
2006-12-21 Simon Leinen <simon.leinen@switch.ch>
* test/cricket-genconf-sensor:
Try to install newly generated configuration, where possible.
* test/cricket-genconf-sensor: Added header comment.
* test/cricket-genconf-sensor: New script.
2006-12-15 Simon Leinen <simon.leinen@switch.ch>
* test/entls (router_pretty_name):
New subroutine, greps RANCID configuration file
for `hostname' command. Caches the result so that files are only
opened once.
(print_physical): Use new forms of per-router defaults.
* test/entls:
Changed so that `-t' generates a Cricket configuration file to measure
all transceivers that support DOM (Digital Optical Monitoring). This
involves some structural changes.
(print_phys_tree): Implemented in terms of the new
`print_phys_tree_1'.
(print_phys_tree_1): Maintain a stack of parent nodes when traversing
the node tree. This stack is stored in each node's `parent_stack'
slot, and can be used by the node class' `tostring' method.
* test/entls ($print_vendor_type, $print_ent_physical_index):
New variables.
(Entity::PhysicalEntry::tostring): Added optional printing of index
and entPhysicalVendorType, controlled by the above variables.
2006-10-12 Simon Leinen <simon.leinen@switch.ch>
* lib/SNMP_Session.pm, lib/BER.pm: Updated copyright string.
2006-08-06 Simon Leinen <simon.leinen@switch.ch>
* faq.html:
Updated SNMPv3 text, mentioning that SNMPv3 is supported by MRTG 2.13
and up, using Net::SNMP.
* lib/SNMP_util.pm (snmpLoad_OID_Cache):
Strip single or double quotes around the OID and
value. This allows us to read SunNet Manager OID files, which are
also distributed by e.g. Cisco (ftp://ftp.cisco.com/pub/mibs/oid).
Idea by Jan van Keulen, code cleanup by Mike Mitchell.
2006-07-13 Simon Leinen <simon.leinen@switch.ch>
* lib/SNMP_Session.pm ($VERSION): Incremented to 1.08.
* lib/SNMP_Session.pm (BEGIN):
Bind the __DIE__ signal handler, so that detection of IPv6
capability works even when someone else has bound that handler.
(Patch from Tobi Oetiker.)
2006-04-09 Simon Leinen <simon.leinen@switch.ch>
* lib/SNMP_Table.pm (snmp_row_to_object): Added.
2006-04-05 Simon Leinen <simon.leinen@switch.ch>
* test/trap-listener: Added prettyfication of OIDs.
Suppressed less-than-useful output such as the trap community or the
source port.
2006-03-16 Simon Leinen <simon.leinen@switch.ch>
* README: Update copyright notice for 2006.
2006-02-17 Simon Leinen <simon.leinen@switch.ch>
* test/entls: New "entls" script.
pkgsrc changes:
- remove patch which remove a sub signature - it's fixed upstream
Upstream changes:
1.23 Sun Jun 13 2010
- Setting values for read only tied hash %! is illegal. removing code.
1.22 Fri Jun 11 09:00:00 CST 2010
- Remove Apache (mod_perl) as a dep for this module
1.21 Fri Jun 11 01:00:00 CST 2010
- Move sub around to fix prototyping bug.
- Remove broken ident hosts from list so tests don't break. Right now
i know of no working public ident hosts. Patches welcome!
- Update Makefile.PL with new options
- Add META.yml to module
- use %! to determine if error was EINPROGRESS to function in other
languages
pkgsrc changes:
- adjust dependencies according to upstream's META.yml
Upstream changes:
0.27 Wed, 16 Jun 2010 20:39:59 UTC
Added class for Yahoo! access token refresh request (thanks Marc Mims)
0.26 Wed, 16 Jun 2010 19:59:04 UTC
Message::encode no longer tries fix potential 'double-encoding' (in any
case it appeared to be doing it wrong). Now it just complains if you
try to pass in undecoded strings. (thanks Daisuke Maki and KATOU Akira)
0.25 Sun, 21 Mar 2010 03:50:40 UTC
Gah, $VERSION lameness
0.24 Sun, 21 Mar 2010 03:39:40 UTC
Fix test breakage in 0.23
0.23 Thu, 18 Mar 2010 17:23:36 UTC
Removed UNIVERSAL::require dependency
Net::OAuth->request constructor now dies if module fails to load
(thanks Mike Schleif)
Fixed https://rt.cpan.org/Ticket/Display.html?id=55635 Incorrect
dependencies (thanks Jens Rehsack)
Replaced die() with croak()
0.73 Tuesday March 16, 2010, 10:45:00 PM -0700
* MANIFEST
* t/28_parser_bugs_50013.t (deleted)
* t/90_rt50013_parser_bugs.t (added)
Rename of t/28_parser_bugs_50013.t to fit more universal scheme
for test suites that directly address specific RT bugs.
* lib/RPC/XML/Server.pm
* t/90_rt54183_sigpipe.t (added)
RT #54183: Provide handling of SIGPIPE when sending the
response to the client, in case they've terminated the
connection.
* MANIFEST
Forgot to add the new test suite to MANIFEST.
* lib/RPC/XML/Server.pm
Forgot to update the module version number.
* lib/RPC/XML.pm
Fix typo in reftype() call.
* lib/RPC/XML.pm
* t/90_rt54494_blessed_refs.t (added)
RT #54494: Fix handling of blessed references in smart_encode().
* lib/Apache/RPC/Server.pm
* lib/Apache/RPC/Status.pm
* lib/RPC/XML.pm
* lib/RPC/XML/Client.pm
* lib/RPC/XML/Function.pm
* lib/RPC/XML/Method.pm
* lib/RPC/XML/Parser.pm
* lib/RPC/XML/Parser/XMLLibXML.pm
* lib/RPC/XML/Parser/XMLParser.pm
* lib/RPC/XML/ParserFactory.pm
* lib/RPC/XML/Procedure.pm
* lib/RPC/XML/Server.pm
Large-scale code clean-up driven by Perl::Critic. All critic
flags down to severity 1 now removed.
* MANIFEST
Forgot to add t/90_rt54494_blessed_refs.t when it was created.
