changes:
- Preliminary pyGlobus support (contributed by Ivan R. Judson)
- Fixes for many of the test scripts in tests/*.py, as well as
documentation in tests/README of what tests succeed and fail.
- New/Changed configuration settings:
- Added 'strict' option to the WSDL class constructor. If strict is
true, a RuntimeException will be raised if an unrecogned message is
recieved. If strict is false, a warning will be printed to the
console, the message type will be added to the WSDL schema, and
processing will continue. This is in response to the second half of
bug report [ 817331 ] "Some WSDL.py changes", submitted by Rudolf
Ruland.
- Config.simplify_objects=1 now converts all SOAPpy objects into basic
Python types (list, dictionary, tuple, double, float, etc.). By default,
Config.simplify_objects=0 for backward compatibility.
- Config.dict_encoding='ascii' converts the keys of dictionaries
(e.g. created when Config.simplify_objects=1) to ascii == plain python
strings instead of unicode strings. This variable can be set to any
encoding known to string.encode().
- Config.strict_range=1 forces the SOAP parsing routines to perform
range checks on recieved SOAP float and double objects. When
The following bugs have been fixed:
[ 752882 ] "SSL SOAP Server no longer working."
[ 792258 ] "SOAPBuilder.SOAPBuilder.dump can catch wrong exceptions"
[ 792600 ] "SOAPBuilder.SOAPBuilder.dump possibly should not call gentag"
[ 817331 ] "Some WSDL.py changes"
[ 858168 ] 'xsi:nil="true" causes exception'
In addtion, all of the outstanding bugs in the WSDL implementation
have been fixed, so WSDLProxy should now function properly.
ZSI, the Zolera SOAP Infrastructure, is a pure-Python module that
provides an implementation of SOAP messaging, as described in The
SOAP 1.1 Specification (see http://www.w3.org/TR/soap). It can also
be used to build applications using SOAP Messages with Attachments.
(see http://www.w3.org/TR/SOAP-attachments) ZSI is intended to make it
easier to write web services in Python.
In particular, ZSI parses and generates SOAP messages, and converts
between native Python datatypes and SOAP syntax. Simple dispatch and
invocation methods are supported. There are no known bugs. It's only
known limitation is that it cannot handle multi-dimensional arrays.
What's new since 2.6.10:
* fixed mirror -c for empty files.
* a rare coredump fixed in http 0.9 handling, when first line of reply is empty.
* compilation fixes for compilers other than gcc.
* translations update.
(will be included in the next release) and make the package honour
PKG_SYSCONFDIR.
use CONF_FILES to install the sample configuration ftpd.conf and
ftpusers.
bump PKGREVISION, as the default configuration file location has
changed to ${PKG_SYSCONFDIR}. set PKG_SYSCONFDIR.tnftpd=/etc to get
the previous behaviour.
Changes from version 1.1:
* Added support for hex netmasks.
* Minor bugfixes, cleanup.
Provided by the maintainer - Joe Laffey <joe@laffeycomputer.com>, thanks!
l2tpd is a user-space L2TP daemon. L2TP is the Layer Two Tunneling
Protocol described in RFC 2661. It allows you to tunnel PPP sessions
over a network or transport protocol (in this case, UDP.)
Part of the l2tp code is implemented in the l2tpd program, and part of
it is implemented as "handlers". A handler is a shared-object library
which is dynamically linked into l2tpd at run-time using the
"load-handler" configuration directive.
Although the handlers included with this package (sync-pppd and cmd)
are licensed under the GPL, as a special exception, you may write your
own handlers which link to code in this package and not release them
under the GPL. There may be other reasons why your handlers must
be released under the GPL (for example, they may link with other GPL'd
code), but in the absence of other reasons, you may keep your handlers
proprietary.
Changes:
* Version 1.0.17a:
+ An old standing issue has been fixed : ungracefully aborted transfers
caused the session to exit without removing ftpwho entry and atomic
files. This fix also speeds up ftpwho and peruserlimit.
* Version 1.0.17:
+ The SSL certificate file can now be changed through a new configuration
switch, --with-certfile. It doesn't depend on sysconfdir any more and it
defaults to the original location : /etc/ssl/private/pure-ftpd.pem.
+ Shadowed NIS accounts and MacOS X Panther system accounts are now
processed by the pure-pwconvert tool.
+ The server doesn't reject users any more on Linux when capabilities are
used.
+ The documentation has been improved (man pages, README, FAQ, typos).
+ Optimizations have been made.
+ SO_REUSEPORT is now used on FreeBSD to always bind the ftp-data port.
+ SSL-related error messages are now more explicit.
+ The SITE TIME command has been implemented.
+ The sample PAM configuration file has been rewritten.
+ A logfile parser has been added to the contribs.
+ MacOS X Panther specific instructions have been added.
+ Upload is now atomic. A file is uploaded with a temporary name and it
gets its final name only once the upload has been completed. If a file
already exists with the same name, the content can be preserved until the
new content has been fully transfered (using the new --notruncate run-time
switch).
Web servers will no more serve partially transfered files during uploads.
The new handling of uploads also limits the races in virtual quota
handling.
* Version 1.0.16c:
+ The PAM backend and the CGI mode were accidentally broken in version
1.0.16b. This version fixes both issues.
+ The Norwegian translation has been updated.
* Version 1.0.16b:
+ The server now properly compiles with SSL/TLS on RedHat 9 systems.
+ pure-ftpwho now outputs nice-looking XHTML 1.1 conformant code, an XSS
issue has been fixed and the local host name is now properly displayed in
verbose mode.
+ The path to SSL certificates now follows the --sysconfdir prefix.
+ Minor optimizations have been made.
+ IPv4 and IPv6 addresses will now listen for connections even
without the -4 switch on NetBSD and FreeBSD.
Changes:
0.6.b 20030710
+ Plugins now works with GTK+ interface
+ Updated the passive OS fingerprint database (1279 records)
!! Fixed internal refreshing (for huge traffic loads)
!! Fixed wifi-dump support
!! Fixed doppleganger re-arp
!! Fixed a problem with signed char under mac G3
!! Fixed some possible buffer overflows
0.6.a 20030507
+ Buffered Data Connections (only for ncurses)
+ New Sniffing method (Port Stealing)
+ Updated the passive OS fingerprint database (1189 records)
+ enhanced smb dissector
+ enhanced troll plugin against request caching
+ NEW PLUGIN: Confusion,Hunter, SMB suite
+ partial wifi-dump support (experimental)
!! Fixed demonization problem
!! Fixed StateMachine problem
!! a bouch of bug fix
* Improved portability to Tru64, IRIX, and other LP64 platforms.
(Inbuilt ls works on IRIX now. Thanks to Onno van der Linden
for highlighting the underlying issue!)
* License updates on third party code.
* Update fts(3) code to include fix for possible race condition.
Changes since 0.7.5:
0.9.0 - fix range of MaxCPE (1-254)
- add support for Win32 with Cygwin
- fix ReAuthTimeout upper limit (30)
- add script to generate HTML help from
the symbol table
- add NSIS packaging script for Win32
- added configure script, re-organized stuff
- source code clean-up
0.8.8 02/07/03 - fix handling of label-hinted suffix to OIDs
evvolve - check for string length overflow while parsing
- added mibs to distribution
- change SNMPv3* labels to SNMP*
- add Docsis20Enable configuration setting
- complete support for SnmpV3NotificationReceiver
Many thanks to Rudy Zijlstra for pointing out a few bugs.
0.8.7 20/6/03 - fix bug with encoding HexStrings with trailing zeros
Ronald Rosenfeld - fix double declaration of symbol T_MAC
- add support for negative integers
evvolve - change -lcrypto to -lcrypt to make default
more "mainstream".
- add support for ASN_GAUGE encodings
- fix VendorSpecific decoding
- print label as comment for enums
Many thanks to Ronald Rosenfeld for sending in three patches.
0.8.6 31/05/03 - add support for SNMPv3Kickstart and
evvolve partial support for SNMPv3 Notification Receiver
- fix compilation warnings
- add support for PHS Rule (untested)
- cleanup indexes in docsis_symtable.h
- add regression test script
0.8.4 10/05/03 - fixed SNMP handling ... hopefully for the last time :)
evvolve - fixed Solaris support
ctrl - added support for VendorSpecific TLVs
0.8.2 30/01/03 - Integrated fixes from Adrian Kwong and Cornel.
evvolve - Updated OID format to accept "-" and "_" in labels
ctrl - We can now encode decoded files directly !
akwong (thanks to help from Adrian Kwong)
- MIB output format changed.
- NET-SNMP 5.x support.
- Dropped support for ucd-snmp.
- Made SNMP decoding smarter - i.e. output OID
suffix only; but switch to full-OID output
if MIBs are not installed.
- Hacked support for encoding MTA configuration files.
- Added support for Vendor Specific info.
- Worked around string formatting issues in NET-SNMP.
- Added indent functionality.
Update provided by Simas Mockevicius (the new maintainer) in private
mail, with some changes by me.
* Fix checkrad.pl::cisco_snmp and usrhiper_snmp so that communities
other than "public" can be used too.
* Error out on superflous command line args (optind >= argc)
* Encrypt CHAP-Password in radclient so that CHAP can be tested too
* Add "wildcard" option to realms - if you set this option, you can
match on the entire username using shell wildcards in the realms file.
* If the nastype in /etc/raddb/naslist is set to 'none' for a nas,
logins on that nas will have no simultaneous use restrictions imposed
and those logins will not count towards the total amount of logins.
* Removed 'raduse' and manpage.
* Can disable radutmp with "-u none" (likewise radwtmp with "-W none",
though we already had "-w" for that).
* Call checkrad with an extra argument, the framed IP address.
* Fix bug where $INCLUDEing a file without any records would
cause the rest of the original file to be ignored
* Support for 64-bit wide integers (integer8 type). If compiled with
gcc, users file can contain both hex and decimal 64-bit values,
and 64-bit values are printed in decimal. With other compilers
(no "long long" support) only hex 64-bit values are supported.
* Change "_" to "-" in dictionary.redback and change the 64 bits
values to integer8.
* Moved the dictionary files to /usr/local/share/radius. Now
only /etc/raddb/dictionary remains that $INCLUDES all the others.
For new installs only; existing installations won't be changed
* Make integer in the format string of sprintf(buf, "%03d:%.20s", ..) in
make_wtmp() unsigned (%u), otherwise the sprintf could in some cases
(negative NAS-Port, very long NAS-name) overrun the buffer by one
byte, overwriting the least significant byte of the return address
on the stack with a \0. Not sure if this is exploitable or not,
but it could be a security problem.
* Make sure ut.login (struct radutmp member) is treated everywhere
as a NON-zero terminated string.
* Make sure unsigned integers are used in all places using lvalues
(32 bits radius values), especially nas_port.
* radrelay: update id of packet when retransmitting.
* Print an error and free the request struct if we receive an unknown
packet type.
* rad_check_multi: if username/NAS/port match, don't count as dup.
Patch provided by Adrian Portelli in PR 23764
From the CHANGELOG:
2003-10-28 Hajimu UMEMOTO <ume@mahoroba.org>
* Bump version number to 0.12.
* Socket6.pm: Mention that getipnodeby*() was deprecated in
RFC3493.
2001-09-20 Hajimu UMEMOTO <ume@mahoroba.org>
* getaddrinfo.c (getaddrinfo): Correct AI_PASSIVE parsing bug.
2001-09-18 Hajimu UMEMOTO <ume@mahoroba.org>
* Socket6.pm: Bump version number to 0.11.
* getaddrinfo.c (getaddrinfo), gai.h: Add support of AI_NUMERICHOST.
* getnameinfo.c (getnameinfo): Use socklen_t rather than size_t.
* getnameinfo.c (getnameinfo): Fix buffer overflow problem.
2001-09-17 Hajimu UMEMOTO <ume@mahoroba.org>
* Socket6.pm, Socket6.xs, config.h.in, configure.in: Add glue
functions for getipnodeby*() and gai_strerror().
* Socket6.xs: inet_pton() should work as it is.
* Socket6.xs: Better documentation of inet_pton() and inet_ntop().
* Socket6.pm: Description was filled.
* Socket6.pm, Socket6.xs: Return an error message string if
getaddrinfo() fails.
2001-03-27 Hajimu UMEMOTO <ume@mahoroba.org>
* Socket6.pm: Bump version number to 0.10.
* Socket6.xs: Make compilable under OpenBSD. Though OpenBSD has
KAME, OpenBSD doesn't have netinet6/ipsec.h.
2001-03-21 Hajimu UMEMOTO <ume@mahoroba.org>
* Socket6.pm: Bump version number to 0.09.
* aclocal.m4 (IPv6_CHECK_FUNC): There is getaddrinfo(3) in
libsocket under Solaris8.
Patch provided by Min Sik Kim in PR 23772
Changes since 2.4.0:
- Not disable deprecations by default.
- Fix a crash when debugging a program not in the path. Fix#115147
overflow vulnerability in the HTML parser code affecting "ls" command on
malicious HTTP server.
See http://lists.netsys.com/pipermail/full-disclosure/2003-December/014824.html
Version 2.6.10 - 2003-12-11
* security fixes in html parsing code.
* fxp between ftps session is now possible (unencrypted yet).
* fixed a rare bug with access to freed memory in ftp.
* fixed a bug in mirror, now it does not incorrectly append directory name
when target directory is the root.
* fixed compilation on AIX.
* Polish translation updated.
Changes:
5.1.0 (2003-11-09)
* GNU TLS support (alternative to OpenSSL),
* Small licence change,
* Portability fixes (MacOS X)
5.0.1 (2002-11-04)
* Small bug fixes,
* Better error messages with invalid options
5.0.0 (2002-10-11)
* Now uses getnameinfo/getaddrinfo. Two consequences:
- you can compile only on a recent Unix
- you have IPv6 support
* With -v, now able to separate kernel (TCP) and application latency
* Now displays the standard deviation for repeated tests. Warning:
this may break some scripts which parse the output of echoping.
4.2.0 (2001-03-16)
* New -a and -A options to control the proxy/cache (disable caching).
Fixes bug/wish #232324
* Support for microsecond wait (uses usleep)
* New option (-p) to set socket priority (Linux only)
* New option (-P) to set IP Type of Service octet
* Bug fixes: #230384 (SSL records are different from text lines)
