* Use RTF_PINNED when deleting routes when available
Allows dhcpcd to control IPv4 routing on newer FreeBSDs
* Don't work on bridge, or ptp interfaces unless explicitly told
* Poll for IFF_RUNNING again but avoid constantly sending IFF_UP
(should now fix all carrier problems on BSD virtual interfaces)
* Don't crash when processing IPv6 route calls from the kernel
when IPv6 resources have been disabled in dhcpcd
* Allow the same IP address to be shared across different interfaces
Interface with the lowest metric gets the IP address, will move
to the next highest if dropped (interface departs, carrier drops, etc)
* Use correct interface gateway on FreeBSD, removes need for linkaddr.c
on kFreeBSD
* Delegated prefix addresses are now reported via DELEGATE6
* Fix copying the correct timezone file
* Work better with unknown delegated prefix lengths
* Move IPv4LL and ARP to the DHCP eloop queue to fix timing issues
* Add IA PD documentation update from christos@netbsd.org
Security Fixes
A query specially crafted to exploit a defect in EDNS option
processing could cause named to terminate with an assertion
failure, due to a missing isc_buffer_availablelength() check
when formatting packet contents for logging. For more information,
see the security advisory at https://kb.isc.org/article/AA-01166/.
[CVE-2014-3859] [RT #36078]
A programming error in the prefetch feature could cause named
to crash with a "REQUIRE" assertion failure in name.c. For more
information, see the security advisory at
https://kb.isc.org/article/AA-01161/. [CVE-2014-3214] [RT #35899]
New Features
Support for CAA record types, as described in RFC 6844 "DNS
Certification Authority Authorization (CAA) Resource Record",
was added. [RT#36625] [RT #36737]
Disallow "request-ixfr" from being specified in zone statements
where it is not valid (it is only valid for slave and redirect
zones) [RT #36608]
Support for CDS and CDNSKEY resource record types was added. For
details see the proposed Informational Internet-Draft "Automating
DNSSEC Delegation Trust Maintenance" at
http://tools.ietf.org/html/draft-ietf-dnsop-delegation-trust-maintainance-14.
[RT #36333]
Added version printing options to various BIND utilities. [RT #26057]
[RT #10686]
Optionally allows libseccomp-based (secure computing mode)
system-call filtering on Linux. This sandboxing mechanism may
be used to isolate "named" from various system resources. Use
"configure --enable-seccomp" at build time to enable it. Thank you
to Loganaden Velvindron of AFRINIC for the contribution. [RT #35347]
Feature Changes
"geoip asnum" ACL elements would not match unless the full
organization name was specified. They can now match against the
AS number alone (e.g., AS1234). [RT #36945]
Adds RPZ SOA to the additional section of responses to clearly
indicate the use of RPZ in a manner that is intended to avoid
causing issues for downstream resolvers and forwarders [RT #36507]
rndc now gives distinct error messages when an unqualified zone
name matches multiple views vs. matching no views [RT #36691]
Improves the accuracy of dig's reported round trip times. [RT #36611]
When an SPF record exists in a zone but no equivalent TXT record
does, a warning will be issued. The warning for the reverse
condition is no longer issued. See the check-spf option in the
documentation for details. [RT #36210]
Aging of smoothed round-trip time measurements is now limited
to no more than once per second, to improve accuracy in selecting
the best name server. [RT #32909]
DNSSEC keys that have been marked active but have no publication
date are no longer presumed to be publishable. [RT #35063]
Bug Fixes
The Makefile in bin/python was changed to work around a bmake
bug in FreeBSD 10 and NetBSD 6. [RT #36993] (**)
Corrected bugs in the handling of wildcard records by the DNSSEC
validator: invalid wildcard expansions could be treated as valid
if signed, and valid wildcard expansions in NSEC3 opt-out ranges
had the AD bit set incorrectly in responses. [RT #37093] [RT #37072]
An assertion failure could occur if a route event arrived while
shutting down. [RT #36887]
When resigning, dnssec-signzone was removing all signatures from
delegation nodes. It now retains DS and (if applicable) NSEC
signatures. [RT #36946]
The AD flag was being set inappopriately on RPZ responses. [RT #36833]
Updates the URI record type to current draft standard,
draft-faltstrom-uri-08, and allows the value field to be zero
length [RT #36642] [RT #36737]
On some platforms, overhead from DSCP tagging caused a performance
regression between BIND 9.9 and BIND 9.10. [RT #36534]
RRSIG sets that were not loaded in a single transaction at start
up were not being correctly added to re-signing heaps. [RT #36302]
Setting '-t aaaa' in .digrc had unintended side-effects. [RT #36452]
Fixed a bug where some updated policy zone contents could be
ignored due to stale RPZ summary information [RT #35885]
A race condition could cause a crash in isc_event_free during
shutdown. [RT #36720]
Addresses some problems with unrecoverable lookup failures. [RT #36330]
Addresses a race condition issue in dispatch. [RT #36731]
acl elements could be miscounted, causing a crash while loading
a config [RT #36675]
Corrects a deadlock between view.c and adb.c. [RT #36341]
liblwres wasn't properly handling link-local addresses in
nameserver clauses in resolv.conf. [RT #36039]
Disable the GCC 4.9 "delete null pointer check" optimizer option,
and refactor dns_rdataslab_fromrdataset() to separate out the
handling of an rdataset with no records. This fixes problems
when using GNU GCC 4.9.0 where its compiler code optimizations
may cause crashes in BIND. For more information, see the operational
advisory at https://kb.isc.org/article/AA-01167/. [RT #35968]
Fixed a bug that could cause repeated resigning of records in
dynamically signed zones. [RT #35273]
Fixed a bug that could cause an assertion failure after forwarding
was disabled. [RT #35979]
Fixed a bug that caused GeoIP ACLs not to work when referenced
indirectly via named or nested ACLs. [RT #35879]
FIxed a bug that could cause problems with cache cleaning when
SIT was enabled. [RT #35858]
Fixed a bug that caused SERVFAILs when using RPZ on a system
configured as a forwarder. [RT #36060]
Worked around a limitation in Solaris's /dev/poll implementation
that could cause named to fail to start when configured to use
more sockets than the system could accomodate. [RT #35878]
Fixed a bug that could cause an assertion failure when inserting
and deleting parent and child nodes in a response-policy zone.
[RT #36272]
New Features
Support for CAA record types, as described in RFC 6844 "DNS
Certification Authority Authorization (CAA) Resource Record",
was added. [RT#36625] [RT #36737]
Disallow "request-ixfr" from being specified in zone statements
where it is not valid (it is only valid for slave and redirect
zones) [RT #36608]
Support for CDS and CDNSKEY resource record types was added. For
details see the proposed Informational Internet-Draft "Automating
DNSSEC Delegation Trust Maintenance" at
http://tools.ietf.org/html/draft-ietf-dnsop-delegation-trust-maintainance-14.
[RT #36333]
Added version printing options to various BIND utilities. [RT #26057]
[RT #10686]
On Windows, enable the Python tools "dnssec-coverage" and
"dnssec-checkds". [RT #34355]
Added a "no-case-compress" ACL, which causes named to use
case-insensitive compression (disabling change #3645) for specified
clients. (This is useful when dealing with broken client
implementations that use case-sensitive name comparisons, rejecting
responses that fail to match the capitalization of the query
that was sent.) [RT #35300]
Feature Changes
Adds RPZ SOA to the additional section of responses to clearly
indicate the use of RPZ in a manner that is intended to avoid
causing issues for downstream resolvers and forwarders [RT #36507]
rndc now gives distinct error messages when an unqualified zone
name matches multiple views vs. matching no views [RT #36691]
Improves the accuracy of dig's reported round trip times. [RT #36611]
The Windows installer now places files in the Program Files area
rather than system services. [RT #35361]
When an SPF record exists in a zone but no equivalent TXT record
does, a warning will be issued. The warning for the reverse
condition is no longer issued. See the check-spf option in the
documentation for details. [RT #36210]
"named" will now log explicitly when using rndc.key to configure
command channel. [RT #35316]
The default setting for the -U option (setting the number of UDP
listeners per interface) has been adjusted to improve performance.
[RT #35417]
Aging of smoothed round-trip time measurements is now limited
to no more than once per second, to improve accuracy in selecting
the best name server. [RT #32909]
DNSSEC keys that have been marked active but have no publication
date are no longer presumed to be publishable. [RT #35063]
Bug Fixes
The Makefile in bin/python was changed to work around a bmake
bug in FreeBSD 10 and NetBSD 6. [RT #36993] (**)
Corrected bugs in the handling of wildcard records by the DNSSEC
validator: invalid wildcard expansions could be treated as valid
if signed, and valid wildcard expansions in NSEC3 opt-out ranges
had the AD bit set incorrectly in responses. [RT #37093] [RT #37072]
When resigning, dnssec-signzone was removing all signatures from
delegation nodes. It now retains DS and (if applicable) NSEC
signatures. [RT #36946]
The AD flag was being set inappopriately on RPZ responses. [RT #36833]
Updates the URI record type to current draft standard,
draft-faltstrom-uri-08, and allows the value field to be zero
length [RT #36642] [RT #36737]
RRSIG sets that were not loaded in a single transaction at start
up were not being correctly added to re-signing heaps. [RT #36302]
Setting '-t aaaa' in .digrc had unintended side-effects. [RT #36452]
A race condition could cause a crash in isc_event_free during
shutdown. [RT #36720]
Addresses a race condition issue in dispatch. [RT #36731]
acl elements could be miscounted, causing a crash while loading
a config [RT #36675]
Corrects a deadlock between view.c and adb.c. [RT #36341]
liblwres wasn't properly handling link-local addresses in
nameserver clauses in resolv.conf. [RT #36039]
Buffers in isc_print_vsnprintf were not properly initialized
leading to potential overflows when printing out quad values.
[RT #36505]
Don't call qsort() with a null pointer, and disable the GCC 4.9
"delete null pointer check" optimizer option. This fixes problems
when using GNU GCC 4.9.0 where its compiler code optimizations
may cause crashes in BIND. For more information, see the operational
advisory at https://kb.isc.org/article/AA-01167/. [RT #35968]
Fixed a bug that could cause repeated resigning of records in
dynamically signed zones. [RT #35273]
Fixed a bug that could cause an assertion failure after forwarding
was disabled. [RT #35979]
Fixed a bug that caused SERVFAILs when using RPZ on a system
configured as a forwarder. [RT #36060]
Worked around a limitation in Solaris's /dev/poll implementation
that could cause named to fail to start when configured to use
more sockets than the system could accomodate. [RT #35878]
Changes since 4.3.1rc1
- None
Changes since 4.3.1b1
- Modify the linux and openwrt dhclient scripts to process information
from a stateless request. Thanks to Jiri Popelka at Red Hat for the
bug report and patch.
[ISC-Bugs 36102]
- Remove more unused RCSID tags. These weren't noticed in 4.3 as
the code isn't used anymore but we remove them here to keep the
code consistent across versions.
[ISC-Bugs #36451]
libnice 0.1.8 (2014-10-09)
==========================
Added FIN-ACK behavior in the PseudoTCP
ICE-TCP, both standard mode and Microsoft compatible
Microsoft compatible TURN-TCP
API: nice_address_equal_no_port() to compare NiceAddresses ignoring the port
API: nice_agent_get_component_state() to get the current component state
API: agent:keepalive-conncheck to make the agent use conncheck as keepalives
and fail the connection if there is no answer
API: agent:ice-tcp, agent:udp-tcp to control ICE-UDP vs ICE-TCP behaviours
API: agent:bytestream-tcp to know if the send/receives in reliable mode create full packets or not
API: New signals agent::new-selected-pair-full, agent::new-candidate-full,
agent::new-remote-candidate-full which include the NiceCandidates directly
API: Deprecated agent::new-selected-pair and agent::new-candidate and
agent::new-remote-candidate signals
Now all signals are emitted at the function return time
* netstring-pcre: removing dependency on camlp4 (an oversight).
* Fixing bad format strings (Damien Doligez)
* Windows: various fixes, including int sizes for 64-bit Windows,
the invocation of cppo, and CR characters. Also, unixsupport.h
is now used instead of declaring the prototypes directly.
(Andreas Hauptmann)
* C99: use int64_t instead of int64 in C code. The latter is gone
in OCaml-4.02. (Richard Jones)
* Build: no longer requiring camlp4 (as it is not distributed with
ocaml-4.02)
* Fixing some unit tests
* Netexn: new exception representation in ocaml-4.02
* Build: renaming file for a configure test to avoid a
naming conflict (Richard Jones)
* Https_client and aggressive connection caching: In previous
versions there was a problem with the reinitialization of the
SSL socket when a former connection was reused. The fix requires
an API change of connection_cache: The SSL socket can now be
stored with the inactive connection.
* Http_client: fixing a bug with connection caching: Address
resolution was not taken into account for computing the key
in the connection cache.
* ssl_exts_stubs.c: releasing global lock on shutdown error
(T<F6>r<F6>k Edwin)
* Uq_ssl: Fix error path when SSL connection fails during the
handshake
0.7.10 [2014-07-21 18:06:54 +0200]:
- [87ebf13df38c] NEWS: add a word about json-c library support (Vincent Bernat)
- [5dcd280d1267] lldpcli: fix jansson implementation of the JSON output (Vincent Bernat)
- [71542b4ec734] configure: if --with-json, default to jansson implementation (Vincent Bernat)
- [368daef3d649] cdp: complete manual page with CDP-related options (Vincent Bernat)
- [611aba00053c] cdp: Make it possible to enable CDPv2 without enabling CDPv1 (Michel Stam)
- [5d8f75fe9fdc] lldpcli: Add json description to lldpcli usage (Michel Stam)
- [619c379964fd] cdp: Add power requirement to CDPv2 frames (Michel Stam)
- [8ff14a6d117e] lldpcli: Add support for JSON-C (Michel Stam)
- [62d6f99d2d17] lldpcli: make complete command work on privleged commands as well (Vincent Bernat)
- [314f382a5093] lldpcli: provide a hidden complete command for shell completion (Vincent Bernat)
- [e13945c02c44] lldpcli: change how privileged commands are declared (Vincent Bernat)
- [40df69956ad0] lldpcli: reformat a bit bash completion to be more readable (Vincent Bernat)
- [ecd41283aa58] priv: avoid a socket leak when interface is already in promisc (Vincent Bernat)
- [ba908c4eedaa] snmp: avoid deferencing a pointer when it may be NULL (Vincent Bernat)
- [5317a14a3f0e] dcbx tlv recd are printed as log_debug (Sam Tannous)
- [7efa65c16ec7] lldpcli: use protocol map from liblldpctl to select protocol (Vincent Bernat)
- [baaa96d1530c] lldpcli: document `-u` argument in synopsis (Vincent Bernat)
- [494264f0f831] lldpcli: add display filter to show nbrs running specific protocols (Sam Tannous)
- [e147917d5257] lib: update liblldpctl versioning (Vincent Bernat)
- [1fa64c11d337] Add call to process more messages from data already read. (Sam Tannous)
- [0469161dd554] Add error code to the multicast address add/delete failure msg (Sam Tannous)
- [4f670a1e8ace] Move interface update msg to debug level (Sam Tannous)
- [003620d3104b] Add ignore handler for SIGHUP in lldpcli (Sam Tannous)
- [aef05ae38c63] This patch adds bash completion for lldpcli. (Sam Tannous)
- [ea51049df882] snmp: use poll() to wait for AgentX socket to be ready (Vincent Bernat)
- [dc6436adb4db] snmp: preserve previous flags when making AgentX socket non-blocking (Vincent Bernat)
- [b93e39a16736] make agentx socket non-blocking (Sam Tannous)
- [ad21b578b215] Make "too many neighbors for port" msg appear less frequently (Sam Tannous)
- [aca48e4ba570] lldpd: Fix netlink notification group for address changes (Sam Tannous)
- [b0b8841b0b42] Increase event buffer (Sam Tannous)
- [e595efb4c177] log: info messages should be logged on syslog but not on first debug level (Vincent Bernat)
- [254e5134d933] lldpd: fix log_info (Sam Tannous)
- [5e23c6b99bd3] NEWS: credit seccomp fix (Vincent Bernat)
- [d64549384f6f] lldpd: fix use of NULL in execl* (Vincent Bernat)
- [d769cdb235cc] Merge pull request #70 from chutz/seccomp-whitelist (Vincent Bernat)
- [285b33afd0da] lldpd: whitelist sendto, poll, recvmsg and readv in seccomp sandbox (Patrick McLean)
- [1059a20e7e2d] NEWS: add a word about ability to disable LLDP (Vincent Bernat)
- [b8a802bc7d8a] lldpd: fix how LLDP can be disabled (Vincent Bernat)
- [806eaef4832a] cdp: don't expect and off-by-one checksum (Vincent Bernat)
- [a5a60bbf97ed] frame: fix CDP checksum (udbxtd2008)
- [f4da5f84837c] README: document the new promisc interface in README as well (Vincent Bernat)
- [0a6f3866b830] lldpcli: give more details in the manual page about promiscuous mode (Vincent Bernat)
- [f84199ddf6c9] lldpcli: add an option to enable promisc mode on managed interfaces (Vincent Bernat)
- [ace524261458] priv: don't output rc status twice when unable to open socket (Vincent Bernat)
- [50724a52606f] README: more about Cisco sending LLDP frames on VLAN 1 (Vincent Bernat)
- [af5f56616c7f] osx: update version to 0.7.9 (Vincent Bernat)
* Removed dhcpcd-dbus dependency
* Split icons off into dhcpcd-icons
* Add dhcpcd-qt front end
* Improved IPv6 support in dhcpcd-6 is now reported
* Numerous bug fixes
* SSID menus now update in realtime when new scans come in
* Fix an unaligned access error on BeagleBone Black with FreeBSD.
Thanks to Guy Yur for the patch.
* Remove the fast loop trying to up an interface which does not
report carrier.
* Remove vis based encoding - instead validate against option type and
stop at invalid [1]
This removes all shell escaped encoding - dhcpcd will assume that IF
the --script option is a shell, it will quote variables correctly.
The stock dhcpcd-run-hooks does.
* dhcpcd -V now prints how the variables will be decoded.
* Changed some options in dhcpcd-definitions.conf to more sensible defaults.
* Don't daemonise on delegated address dad.
* Don't drop delegated reject route when forking.
* Fix IPv6 handling of link-local addresses on KAME stacks.
* Work on OpenBSD-5.6 without any special interface setup needed.
* Callout to handlecarrier when we don't have real carrier support and
rely on looking at IFF_UP and IFF_RUNNING.
This allows our hooks to know that dhcpcd thinks we have a carrier or not.
[1] DHCP option encodings defined in dhcpcd-definitions.conf
* domain (RFC3397)/dname (string) is strict domain name allowance
(ie, [alnum] with _- (but not at the start or end))
* string is now printable ascii (1-127) until invalid
* ascii is all ascii (1-127) until invalid
* raw is all chars (1-255) until NUL
* binhex is a hex representation of the option including embedded NULs
* ssid is still escpaed octal because it's expected to be human readable
AND can technically be all NUL
* everything else has strict option -> value encoding
- Version 3.3.5 fixes a number of bugs in 3.3.4 and earlier versions.
- Version 3.3.4 fixes a small number of bugs in 3.3.3 and earlier versions.
In particular it fixes a bug introduced in 3.3.3 which could cause startup
to fail under some circumstances.
- Version 3.3.3 fixes a small number of bugs in 3.3.2 and earlier versions.
In particular it fixes a bug introduced in 3.3.2 which could cause
logging to stop under some circumstances.
Changes in 0.5.2
fcdf0f8 Autoconf: check for htonll as declaration in a header file
5790ec7 SSL: correctly report hostname verification errors.
d60c28c Build: disable OpenSSL deprecation warnings on OSX
072191a Lib: include platform, version and copyright in AMQP handshake
8b448c6 Examples: print message body in amqp[s]_listen[q] examples
7188e5d Tools: Add flag to set prefetch for amqp-consume tool
Changes in 0.5.1
a566929 SSL: Add support for wildcards in hostname verification (Mike Steinert)
a78aa8a Lib: Use poll(2) instead of select(2) for timeouts on sockets.
357bdb3 Lib: support for specifying frame and decoding pool sizes. (Mike Stitt)
8956003 Lib: improve invalid frame detection code.
b852f84 Lib: Add missing amqp_get_server_properties() function.
7001e82 Lib: Add missing ssize_t on Win32 (emazv72)
c2ce2cb Lib: Correctly specify WINVER on Win32 when unspecified.
fe844e4 CMake: specify -DHAVE_CONFIG_H in examples.
932de5f Lib: correct time computation on Win32 (jestor)
3e83192 HPUX: use gethrtime on HP-UX for timers.
cb1b44e HPUX: correct include location of sys/uio.h
8ce585d Lib: incorrect OOM condition when 0-lenth exchange name is received.
c7716b8 CMake: correct htonll detection code on platforms defined with a macro.
4dc4eda Lib: remove unused assignment.
45302cf Lib: remove range-check of channel-ids.
Note that this announcement includes everything from 1.4.2 too, which was
never officially released as some critical bugs were found.
Bug reports fixed in this release:
GStreamer core:
* 734412 : multiqueue: The buffering logic can lead to a pipeline stuck in PAUSED forever
* 735574 : buffer: do not touch memory tag flag when copying buffer flags
* 736295 : multiqueue: posts buffering message holding lock
* 736424 : query: add annotations to gst_query_set_nth_allocation_pool
* 736680 : basesrc: possible pool and allocator leak in prepare_allocation()
* 736736 : query: add annotations to gst_query_add_allocation_pool
* 736813 : typefindelement leaks sticky events upon flush_stop
* 737102 : queue: Do not hold GST_QUEUE_LOCK while posting ERROR messages
* 737133 : Missing gstconfig.h include
GStreamer Plugins Base:
* 732908 : audioresample: skips samples unless input buffers have correct size
* 727255 : playbin: filter out buffering messages when switching URI and the previous URI is still playing
* 729811 : output-selector: test example in gstreamer plugin base is giving " Internal data flow error "
* 735569 : rtspconnection: Crash due to no protection of watchs readsrc
* 735748 : playbin: can't play an avi file in totem with audio-filter=scaletempo
* 735800 : textoverlay: Two textoverlay in sequence fail to negotiate (regression)
* 735844 : basetextoverlay/pango: overlay negotiation fails when it should not
* 735952 : videorate: GstStructure refcount critical message
* 736071 : audiobasesink: Don't hold object lock while calling into other objects like the clock
* 736118 : videofilter: The buffer is not writable in transform_frame_ip
* 736739 : audiocdsrc: do not leak uid after parsing TOC select event
* 736779 : typefind: h265 IRAP picture always true
* 736788 : audiodecoder: leaks events
* 736796 : videoencoder: do not leak events when flushing them
* 736861 : playbin: Reference count bug
* 736679 : videodecoder: do not leak pool and allocator in error case
* 736969 : queue2: dead lock when buffering
* 709868 : Keep still meaningfull pending events on FLUSH_STOP
GStreamer Plugins Good:
* 719359 : vp8dec: Doesn't handle changes in resolution
* 733607 : v4l2transform: Rank should have been NONE
* 734266 : vp8dec: fails when input format changes
* 735520 : aacparse: skip valid ADTS/LOAS frames
* 735804 : smpte: Creates incomplete raw video caps
* 735833 : matroskademux: parse error at end of file
* 735859 : videomixer: Dynamically changing the FPS leads to an incorrect buffer time
* 736192 : avidemux: some AVI files crash (regression)
* 736266 : wavparse: error in reading adtl chunk
* 736384 : v4l2sink: pool not unreffed after usage
* 736670 : v4l2allocator: O_CLOEXEC needs _GNU_SOURCE
* 736805 : multipartdemux leaks new stream events
* 736807 : rtpbin: pad leaked in error case
* 735660 : v4l2: fix new v4l2 code not working with certain devices (regression)
* 736944 : videoscale: vs_image_scale_4tap_Y offset should use stride to calculate buffer offset
* 737219 : flacparse: When generating headers, leave total_samples at 0 if upstream duration query returns GST_CLOCK_TIME_NONE.
GStreamer Plugins Bad:
* 735861 : dataurisrc: make src thread safe
* 736090 : aiffparse: duplicate else-if condition
* 736390 : tsdemux: plug for a memory leak
* 736426 : mpegpsmux: memory leak with h264/avc stream
* 736474 : vc1parse: malformed sequence layer header and STRUCT_C
* 736490 : tsdemux: fix overflow of packet_length field of PESHeader
* 736729 : glmixer: do not leak pool in error cases
* 736730 : gltestsrc: do not leak pool in error cases
* 736731 : openni2src: do not leak pool
* 736732 : glfilter: do not leak pool in error cases
* 736733 : vdpdecoder: do not leak pool
* 736735 : waylandsink: do not leak buffer pool in error case
* 736750 : vc1parse: fix sequence-layer/frame-layer endianness
* 736871 : codecparsers_vc1: sequence-layer parser is broken due to endianness issue.
* 736919 : hlsdemux: attempt to unlock an already unlocked mutex in gst_hls_demux_change_playlist
* 736951 : vc1parse: initialize sent_codec_tag before using it
GStreamer Plugins Ugly:
* 736060 : asfdemux: add GUID for ASF_Metadata_Library_Object
GStreamer libav Plugins:
* 734661 : avviddec: After draining frames, flush the libav decoder
* 736515 : avviddec: keep draining buffers from libav until libav says so
* 737144 : avauddec: keep draining buffers from libav until libav says so
GStreamer RTSP Server:
* 735570 : Race condition between close() and handle_tunnel() causing crash
* 736017 : Sequence number is not monotonic after PAUSE command
* Release 0.7.0 (23-Sep-2014)
** Security Fixes
The "flappserver" feature was found to have a vulnerability in the
service-lookup code which, when combined with an attacker who has the ability
to write files to a location where the flappserver process could read them,
would allow that attacker to obtain control of the flappserver process.
Users who run flappservers should upgrade to 0.7.0, where this was fixed as
part of #226.
Each flappserver runs from a "base directory", and uses multiple files within
the basedir to track the services that have been configured. The format of
these files has changed. The flappserver tool in 0.7.0 remains capable of
reading the old format (safely), but will upgrade the basedir to the new
format when you use "flappserver add" to add a new service. Brand new
servers, created with "flappserver create", will use the new format.
The flappserver tool in 0.6.5 (or earlier) cannot handle this new format, and
will believe that no services have been configured. Therefore downgrading to
an older version of Foolscap will require manual reconstruction of the
configured services.
** Major Changes
UnauthenticatedTub has been deprecated, and will be removed in the next
release (0.8.0). This seldom-used feature provides Foolscap's RPC semantics
without any of the security, and was included to enable the use of Foolscap
without depending upon the (challenging-to-install) PyOpenSSL library.
However, in practice, the lack of a solid dependency on PyOpenSSL has made
installation more difficult for applications that *do* want the security, and
UnauthenticatedTub is a footgun waiting to go off. Foolscap's code and
packaging will be simpler without it. (#67)
** Minor Changes
The "git-foolscap" tools, which make it possible to publish and clone Git
repositories over a Foolscap (flappserver) connection, have been moved from
their hiding place in doc/examples/ into their own project, hosted at
https://github.com/warner/git-foolscap . They will also be published on PyPI,
to enable "pip install git-foolscap".
The documentation was converted from Lore to ReStructuredText (.rst). Thanks
to Koblaid for the patient work. (#148)
The connection-hint parser in 0.7.0 has been changed to handle all TCP forms
of Twisted's "Client Endpoint Descriptor" syntax, including the short
"tcp:127.0.0.1:9999" variant. A future version should handle arbitrary
endpoint descriptors (including Tor and i2p, see #203), but this small step
should improve forward compatibility. (#216, #217)
**** 0.80 Sep 22, 2014
Removal of Win32::IPHelper support with cygwin
Resolvers on Cygwin can get their DNS configuration from the
registry directly via the /proc filesystem. Getting rid of
the other method reduces dependencies and makes installations
less error prone.
Rework rt.cpan.org #96119
"Too late to run INIT block" warning for require Net::DNS
3.9.0.3 (2014-08-13)
- Fix potential crash on connection failures
- Fixed navigating through the different controls in FileZilla's main window using the Tab key
- OS X: If FileZilla becomes the active program, the focus no longer jumps to the quickconnect bar
- MSW: Improve compatibility with DFS network shares
3.9.0.2 (2014-07-31)
+ Handle setting files redirected using symbolic links
- MSW: Updated installer to fix an issue with re-registring the shell extension after a reboot on 32bit system if a another program keeps the extension locked
- Closing FileZilla during a recursive operation no longer hangs
- OS X: Manually handle CMD+V and CMD+A for password fields as Cocoa cannot seem to do it by itself
- OS X: Manually handle CMD+X, CMD+C, CMD+V and CMD+A in the path combo boxes
- OS X: Creating new tabs selects the newly created tab again
- Detect some types TLS error conditions earlier instead of waiting for a timeout
- Small performance imprvement for TLS handshakes
- Do not show error message if "Create and enter" is used with synchronized browsing enabled
3.9.0.1 (2014-07-22)
- MSW: Fix installation issue with locked DLLs affecting users of 32bit Windows
3.9.0 (2014-07-21)
+ Added Lao translation
+ Added an additional icon set
+ OS X: Holding modifier key while clicking Site Manager toolbar icon now shows the site dropdown menu
- MSW: Fix assertion when entering UNC paths
- Fix button layout of editing dialogs
- *nix, OS X: Small performance improvement recursing through local directories
3.9.0-rc3 (2014-07-16)
- OS X: Fix random crashes if adding text to the message log
- Fixed drag&drop when dropping on local file list and directory tree
- Fixed assertion when using format specified for date/time formatting
- Fixed assertion when closing FileZilla in response to system shutdown
- Various code cleanup
3.9.0-rc2 (2014-07-09)
+ Display a helpful message if login fails and either username or password starts or begins with a space.
- Small performance and memory consumption optimizations
- Various code cleanup and modernization
3.9.0-rc1 (2014-07-04)
+ Binaries are now being built with DEP and ASLR enabled where supported
- OS X: Fixed creating new tabs
- OS X: Fixed assertion and crash when renaming files
- Fixed assertion when sorting by modification time
- Fixed toolbar button to hide remote directory tree
3.9.0-beta3 (2014-07-01)
- OS X: Fixed rendering of the main window
- MSW: Fixed support for right-to-left languages
- Fixed several small layout problems
3.9.0-beta2 (2014-06-26)
- Natural sort now also works with directory comparison
- Toolbar state now updates if directory tree visibility is toggled by enabling directory comparison
- *nix: Fixed minimizing to tray not working
- Fixed background of activity indicators
- Several dialog layout fixes
- Removed spurious error message when closing FileZilla
3.9.0-beta1 (2014-06-21)
+ Added natural sort to file name comparison and added option to select which algorithm to use
+ FileZilla now builds against wxWidgets 3.0 instead of wxWidgets 2.8
3.8.1 (2014-06-01)
! Updated official binaries to use GnuTLS 3.2.15, addressing CVE-2014-3466
+ OS X: Partial support for retina displays
- Fixed several small memory leaks
3.8.1-rc3 (2014-05-25)
- Fixed bundling of .xrc resources in non-Windows binaries
3.8.1-rc2 (2014-05-25)
- Rebuilt to address a problem with the filenames of the rc1 binaries.
3.8.1-rc1 (2014-05-25)
+ MSW: Windows XP and derivatives are no longer supported. Minimum supported operating system is Windows Vista.
+ OS X: The old PowerPC architecture is no longer supported
+ Added checkbox to remember the selected action of the "Already connected" dialog
+ Added context menu item in file lists to create and enter a new directory
+ *nix: FileZilla now honors the XDG_CONFIG_HOME environment variable
+ Small usability improvement for setting number of concurrent transfers in the settings dialog
- Additional fixes to the focus handling in directory listings
- Fixed compatibility with FTP servers sending French directory listings
- *nix: Fixed DBus integration
- MSW: Fixed installation error when auto-uninstalling in order to update to a new version.
================
FEATURES:
- database: "" starts without mmap of database. Less memory is used,
zones are read from text zonefile.
- optimised zonefile parse code and zonefile write code.
- zonefiles-write option in nsd.conf, enabled when database is "".
The server writes changed zonefiles to disk every hour.
- xfrdfile: "" disables xfrd.state. If enabled, zones that are
same as before are not checked for a serial update at server start.
- include: "foo/nsd.d/*.conf" works, wildcard glob on includes.
- nsd shuts down during init process if given signal.
- log-time-ascii option, default yes, with readable timestamp in log.
- nsd-control addzone reports if zone already exists.
- Fix#564: add nsd-checkzone tool to check zonefile correctness.
- Increased default --with-max-ips from 8 to 16, this increases the
number of interfaces you can specify in nsd.conf to listen to.
BUG FIXES:
- Fixed shutdown message sporadically not printed on exit.
- Documented zonefile %s syntax in nsd.conf man page.
- Fix manpage to put colon after zonefiles check and write.
- Change from 'Zone" to "zone" with ".. serial .. is updated" log
message.
- Changed maxbackoff for no-content secondary zones from 4h to 24h.
- Fix print filename of encompassing config file on read failure.
- Fix delete or rename of a lot of zones and make it take a
non-enormous time.
- Speed up deletion of zone contents a lot, (56s to 1s), speeds up
delete, rename and AXFR for zones.
- Fix#571: unused variable and incompatible pointer warnings when
compiled on a system without INET6.
- Fix write_socket return value check in server.c
- Fix that xfrd reaps children also if the signal is lost.
- Fix#577: makefile incorrectly installed manpages from srcdir.
- Fix#587: Default value for statistics is 0.
- Fix#553: Improve TXT parsing.
- Fix#590: rrl log does not print wildcard as a star but escaped.
- Fix#591: rrl log messages at verbosity level 1.
- fix strptime implicit declaration error on OpenBSD.
- Fix -O3 compile flag to -O2 to avoid miscompilations.
- Allow user to override the -g -O2 CFLAGS in ./configure.
- Fix endian.h include for OpenBSD.
- Fix#600: document that provide-xfr provides AXFR and not IXFR.
- Fix rising-load-average or memory-leaks in OSes (Linux since 2.6),
that keep track of all past process parents, or leak memory
for them. Fix makes it so there is no very deep string of
process parents.
- Remove .LP after .SH in man pages.
* make test works again
* Many bounds checking fixes from Tobias Stoeckmann
* Improve error when the authentication token cannot be found
* close the IPv4 specific UDP socket when done sending
* Implemented a write queue to the control sockets
* Only send interfaces to control sockets when in a BOUND state
* Add a sample controlgroup directive to dhcpcd.conf to make setup easier
* Add variables if_oneup and if_ipwaited so hook scripts know the overall
state of dhcpcd better
* Pass RC_SVCNAME from enviromment to hooks so that a service hook can
know it's name (may not be dhcpcd)
* Document every variable set for dhcpcd-run-hooks(8)
* Use the nl80211 interface on Linux to get the wireless SSID if we fail
to get it via WEXT
* Allow SSIDs with non printable characters to be used in ssid selection
in dhcpcd.conf
* Add an unprivileged control socket so that normal users can obtain
dhcpcd running state
* Remove all instances of if_indextoname as we already know the index
* Only bring in linux/ipv6.h for linux AND glibc
* Add _DEFAULT_SOURCE #define to to make glibc-2.20 happy
* Check we have allocated IPv6 resources before checkings RA's
* configure errors are now logged to config.log
* Only hunt for a cross compiler if build != host
* Detect removal of IPv6 routes
* Don't add link-local addresses to POINTOPOINT interfaces
* Don't discard expired DHCPv6 leases when dumping them
* If a DHCPv6 lease has no timers, expire it right away
* Report delegated addresses
* Call dhcpcd-run-hooks correctly when delegated prefixes already exist
* Fix a memory error when ia_* config exists but IPv6 is disabled
* Ensure servername and bootfile are safely exported
* Sanitise the following characters using svis(3) with VIS_CTYLE and
VIS_OCTAL:
| ^ & ; < > ( ) $ ` \ " ' <tab> <newline>
This allows a non buggy unvis(1) to decode it 100% and stays compatible
with how dhcpcd used to handle encoding on most platforms.
For systems that supply svis(3) there is a code reduction, for systems
that do not, a slight code increase. This change mitigates systems
affected by bash CVE-2014-6271 and CVE-2014-7169.
OK: jperkin@
