These releases have better performance, numerous new features and
incorporate many bug fixes. Notable bug fixes and improvements include:
* Tcp stream properly reassembled after failed sequence check,
which may lead to possible detection evasion.
* Added configurable stream flushpoints.
* Improved rpc processing.
* Improved portscan detection.
* Improved http request processing and handling of possible
evasion cases.
* Improved performance monitoring.
Security:
ripd:
- RIPD unauthenticated route table broadcast:
CVE-2006-2223, OSVDB ID 25224, Secunia SA19910
- RIPD unauthenticated route injection:
CVE-2006-2224, OSVDB ID 25225, Secunia SA19910
[ripd] 0.98 specific command changes, allow no-auth to be set
[ripd] bugs #261, #262: Fix RIPv1 info-leak and unauthenticated route updates
[doc] Add text on 0.98 specific RIP authentication changes
[docs] Update ripd docs on version and authentication, see bugs #261,#262
Thanks to Konstantin V. Gavrilenko for report and testing.
bgpd:
- bgpd Telnet Interface DoS:
OSVDB ID 25245:
http://www.osvdb.org/displayvuln.php?osvdb_id=25245
[quagga-dev 4051]:
http://lists.quagga.net/pipermail/quagga-dev/2006-March/004052.html
[bgpd] Fix infinite loop in community_str2com
[No NEWS entries for 0.98.2 to 0.98.6; many bugfixes]
From Changes:
1.27 September 8th 2005
- Fixed Autoloader/open issue (Alexander Vasiljev)
- Fixed compilation error in Perl 5.005 with semicolon
in GeoIP_database_info in IP.xs (Stephen Schulte)
- Added support for open_type (Frank Mather)
1.26 May 19th 2005
- Fixed segfault issue if non-resolvable domain name is
passed to region_by_addr or region_by_name
- Added support for GEOIP_INDEX_CACHE - which just caches
the most frequently accessed index portion of the database, resulting
in faster lookups than GEOIP_STANDARD, but less memory usage than
GEOIP_MEMORY_CACHE
From ChangeLog:
1.3.17 2006-5-14
* Fixed headers for Windows/Netware compliation (Guenter Knauf)
* Fixed Received Error -21 (Sanity check database_info string failed)
when running geoipupdate with GeoIP Country when UserId and
productIds were not specified. Bug was introduced in 1.3.15.
1.3.16 2006-4-17
* Fixed compliation error in GeoIPUpdate.c
1.3.15 2006-4-14
* Updated README documentation
* Updated geoipupdate so that it writes file as it is uncompressed instead
of storing entire GeoIP.dat file in memory (Frank Mather)
* Updated geoiplookup so that it returns GeoIP Domain Name if available
(Frank Mather)
* Updated geoipupdate so that it reports whether databases are updated
in non-verbose mode (Frank Mather)
documents that the user may wish to employ Geography::Countries in his/her
own code. Remove extraneous DEPENDS.
IP::Country only requires Geo::IP if using the MaxMind database wrapper
IP::Country::MaxMind. The default recommended database in IP::Country doc
(IP::Country::{Medium,Fast}) is builtin to IP::Country and does not require
Geo::IP at all. Remove optional DEPENDS, and add a MESSAGE instead.
Bump PKGREVISION for changes.
specified in additional variables, i.e. PKG_GECOS, PKG_HOME, PKG_SHELL,
etc., as stated in both the pkgsrc guide and the pkginstall.mk comments
since 2006/04/23, or one month before this package was imported.
all PEAR packages to php?-pear-* and all Apache packages to ap13-* or
ap2-* respectively. Add new variables to simplify the Makefile
handling. Add CONFLICTS on the old names. Reset revisions of bumped
packages. ap-php will now depend on the default Apache and PHP version.
All programs using it have an implicit option of the Apache version
as well.
OK from jlam@ and adrianp@.
Changes:
* Hot key screen switching now restores last cursor position
* Fixed loss of hot keys when reloading configuration
* Fixed autorepeating on win32 (no longer sending repeating key releases)
* Fixed autorepeating on X11 (non-repeating keys were repeating)
* Fixed AltGr issues on X11
* Fixed modifier mapping bug on OS X client (caused wrong characters)
* Fixed one way for modifiers to get stuck active on all platforms
* Fixed bugs in win32 GUI
* Removed alloca() from unix code (should fix FreeBSD build)
* Added more debugging output for network problems
* Fixed failure to detect some errors on X11
Changes:
* Added preliminary support for configurable hot keys (Lorenz Schori)
* Major rewrite of keyboard handling code
* Fixed non-US keyboard handling (AltGr and ISO_Level3_Shift)
* Now supporting all installed keyboard layouts simultaneously
* Fixed bug in handling remapped caps-lock on X11
* Fixed control and alt keys getting stuck on on X11
* Fixed desktop focus problems requiring extra clicks on win32
* Fixed alt key event getting passed to server when on client on win32
* Synergy would prevent alt+numpad character entry; this is fixed
* Fixed suppression of xscreensaver 2.21 on X11
* Fixed middle mouse button dragging on OSX server (Brian Kendall)
* Fixed caps/num/scroll lock toggles getting out of sync
* Enhanced support for converting clipboard text to the Latin-1 encoding
* Added autostart documentation for KDE users
* Added more details about using Terminal for OSX users
* Fixed crash when using --help on certain platforms
Changes:
* Kopete
o Fix automatic spellchecking when turning off rich text
o Prevent contacts from being added to a server side group called
Top Level
o Message notification in contactlist
o Fix crash for AIM
o Kopete is closing down all connections and reconnects after
about each 1 minute
o Fix Kopete crash after change ICQ status to online.
o Fix crash in ICQ on disconnect due to connect elsewhere.
Changes in libsoup from 2.2.92 to 2.2.93:
* Fixed outgoing data corruption caused when SoupServer
started writing out a response a second time after already
having started once. [334469]. Also fixed 342640 and another
bug caused by the workaround for 334469 in 2.2.92. Based on
patches and analysis from William Jon McCann and Armin
Bauer.
* Fixed a deadlock when changing a session's proxy URI.
[309867 / bnc 174255, based on a patch by Veerapuram
Varadhan].
* Fixed https-via-proxies in the synchronous case. [bnc 174255]
* Fixed a crash in evolution-exchange [342545, fix based on an
analysis by Wang Xin].
* Fixed simple-proxy to not crash at startup. Oops. (Alex
Larsson)
Changes:
- get1 can now automatically rename files to server suggested file name.
- new settings fish:charset and sftp:charset (for sftp version<4).
- fixed http chunked transfers with explicit Content-Length.
- fixed compilation with sun c++ compiler.
- fixed compilation without ssl.