With OpenSSL 1.0.1p upgrade, DH parameters below 1024 bits are now
refused. MySQL hardcodes 512 bits DH parameters and will therefore
fail to run SSL connexions with OpenSSL 1.0.1p
Apply fix from upstream:
866b988a76
mcabber (1.0.0)
* Message Carbons support / XEP-0280 (Roeland Jago Douma)
* Support for using external password managers (Christian Burkert)
* [UI] Add a backward completion (Oleg)
* [UI] Multilanguage spell checking (Dmitry Potapov)
* [UI] New option 'buffer_smart_scrolling' to lock buffer automatically
when scrolled up (Hermitifier)
* [UI] New command /roster next_open_buffer
* [UI] New option 'attention_char'
* [UI] Try to display the GLib warnings in the log window
* [UI] Display the number of occupants in MUC rooms (shizeeque)
* [UI] New option switch /room topic -u to unescape the topic (shizeeque)
* [MUC] Support for storing MUC room passwords (Nico Golde)
* [MUC] Use bookmarked password (if any) when using "/room join"
* [Hooks] New "hook-mdr-received" hook
* Remove support for obsolete XEP 22 (Frank Zschockelt)
* Misc. bugfixes and minor improvements
-- Mikael, 2015-06-28
Fix build on SunOS.
Version 2.73
Fix crash at startup when an empty suffix is supplied to
--conf-dir, also trivial memory leak. Thanks to
Tomas Hozza for spotting this.
Remove floor of 4096 on advertised EDNS0 packet size when
DNSSEC in use, the original rationale for this has long gone.
Thanks to Anders Kaseorg for spotting this.
Use inotify for checking on updates to /etc/resolv.conf and
friends under Linux. This fixes race conditions when the files are
updated rapidly and saves CPU by noy polling. To build
a binary that runs on old Linux kernels without inotify,
use make COPTS=-DNO_INOTIFY
Fix breakage of --domain=<domain>,<subnet>,local - only reverse
queries were intercepted. THis appears to have been broken
since 2.69. Thanks to Josh Stone for finding the bug.
Eliminate IPv6 privacy addresses and deprecated addresses from
the answers given by --interface-name. Note that reverse queries
(ie looking for names, given addresses) are not affected.
Thanks to Michael Gorbach for the suggestion.
Fix crash in DNSSEC code with long RRs. Thanks to Marco Davids
for the bug report.
Add --ignore-address option. Ignore replies to A-record
queries which include the specified address. No error is
generated, dnsmasq simply continues to listen for another
reply. This is useful to defeat blocking strategies which
rely on quickly supplying a forged answer to a DNS
request for certain domains, before the correct answer can
arrive. Thanks to Glen Huang for the patch.
Revisit the part of DNSSEC validation which determines if an
unsigned answer is legit, or is in some part of the DNS
tree which should be signed. Dnsmasq now works from the
DNS root downward looking for the limit of signed
delegations, rather than working bottom up. This is
both more correct, and less likely to trip over broken
nameservers in the unsigned parts of the DNS tree
which don't respond well to DNSSEC queries.
Add --log-queries=extra option, which makes logs easier
to search automatically.
Add --min-cache-ttl option. I've resisted this for a long
time, on the grounds that disbelieving TTLs is never a
good idea, but I've been persuaded that there are
sometimes reasons to do it. (Step forward, GFW).
To avoid misuse, there's a hard limit on the TTL
floor of one hour. Thansk to RinSatsuki for the patch.
Cope with multiple interfaces with the same link-local
address. (IPv6 addresses are scoped, so this is allowed.)
Thanks to Cory Benfield for help with this.
Add --dhcp-hostsdir. This allows addition of new host
configurations to a running dnsmasq instance much more
cheaply than having dnsmasq re-read all its existing
configuration each time.
Don't reply to DHCPv6 SOLICIT messages if we're not
configured to do stateful DHCPv6. Thanks to Win King Wan
for the patch.
Fix broken DNSSEC validation of ECDSA signatures.
Add --dnssec-timestamp option, which provides an automatic
way to detect when the system time becomes valid after
boot on systems without an RTC, whilst allowing DNS
queries before the clock is valid so that NTP can run.
Thanks to Kevin Darbyshire-Bryant for developing this idea.
Add --tftp-no-fail option. Thanks to Stefan Tomanek for
the patch.
Fix crash caused by looking up servers.bind, CHAOS text
record, when more than about five --servers= lines are
in the dnsmasq config. This causes memory corruption
which causes a crash later. Thanks to Matt Coddington for
sterling work chasing this down.
Fix crash on receipt of certain malformed DNS requests.
Thanks to Nick Sampanis for spotting the problem.
Note that this is could allow the dnsmasq process's
memory to be read by an attacker under certain
circumstances, so it has a CVE, CVE-2015-3294
Fix crash in authoritative DNS code, if a .arpa zone
is declared as authoritative, and then a PTR query which
is not to be treated as authoritative arrived. Normally,
directly declaring .arpa zone as authoritative is not
done, so this crash wouldn't be seen. Instead the
relevant .arpa zone should be specified as a subnet
in the auth-zone declaration. Thanks to Johnny S. Lee
for the bugreport and initial patch.
Fix authoritative DNS code to correctly reply to NS
and SOA queries for .arpa zones for which we are
declared authoritative by means of a subnet in auth-zone.
Previously we provided correct answers to PTR queries
in such zones (including NS and SOA) but not direct
NS and SOA queries. Thanks to Johnny S. Lee for
pointing out the problem.
Fix logging of DHCPREPLY which should be suppressed
by quiet-dhcp6. Thanks to J. Pablo Abonia for
spotting the problem.
Try and handle net connections with broken fragmentation
that lose large UDP packets. If a server times out,
reduce the maximum UDP packet size field in the EDNS0
header to 1280 bytes. If it then answers, make that
change permanent.
Check IPv4-mapped IPv6 addresses when --stop-rebind
is active. Thanks to Jordan Milne for spotting this.
Allow DHCPv4 options T1 and T2 to be set using --dhcp-option.
Thanks to Kevin Benton for patches and work on this.
Fix code for DHCPCONFIRM DHCPv6 messages to confirm addresses
in the correct subnet, even of not in dynamic address
allocation range. Thanks to Steve Hirsch for spotting
the problem.
Add AddDhcpLease and DeleteDhcpLease DBus methods. Thanks
to Nicolas Cavallari for the patch.
Allow configuration of router advertisements without the
"on-link" bit set. Thanks to Neil Jerram for the patch.
Extend --bridge-interface to DHCPv6 and router
advertisements. Thanks to Neil Jerram for the patch.
NEW features of cdrtools-3.01a30:
****************
This is the final release candidate for cdrtools-3.01-final
****************
All:
- include/schily/signal.h now includes siginfo.h to make sure it
compiles even on very old Solaris versions where signal.h did not
yet include siginfo.h.
- include/schily/wait.h add a missing closing bracket for Haiku
- include/schily/wait.h added CLD_* macros and the enum idtype_t in case
they are missing. This allows to implement a waitid() emulation.
- include/schily/wait.h now includes schily/signal.h in case that
the local /usrinclude/sys/wait.h is non-POSIX and does not
define siginfo_t. This is e.g. the case on FreeBSD.
- The configure tests now include test that correctly identify Mac OS X as
non-POSIX with respect to waitid(). This prevents potential users of
waitid() from the unusable implementation on Mac OS X.
The rule for accepting an existing waitid() is the following:
- si.si_pid is set to be equal to the awaited pid
- si.si_code == CLD_EXITED for a chilt terminated by exit(2)
- si.si_status contains at least 16 bits from the exit(2)
code. This is still not POSIX but better than what we would
get from a historical wait*() call.
- The configure tests now check for the new FreeBSD wait6() and for
idtype_t.
- A new symlink for x86_64-cygwin32_nt-gcc.rul was added
- Added support for cygwin32_wow (not the already present cygwin32_wow64).
- The makefile system now allows to use:
COPTX=-DNO_PRAGMA_WEAK
to disable the use of #pragma weak. This may help to debug some
oddities of the GNU linker.
- The makefile system now includes a new test that needs constraints
that are not really supported by autoconf: it checks whether the
linker supports to link against external weak symbols in another
file. For this reason, a handcrafted complest was written.
This (currently) should fail on Cygwin due to a Cygwin bug.
A platform that allows to link against weak symbols defines
HAVE_LINK_WEAK. This permits the system to automatically detect
usability once e.g. linking on Cygwin will be fixed.
Thanks to Thomas Plank for reporting the known #pragma weak problem
in a new source file (libschily/error.c). Note that error() is a
UNIX (UNOS) libc function that exists since 1980 but some libc
implementors do not follow the rule not to introduce incompatible
interfaces for existing names. So we need to find a workaround
on these platforms.
- autoconf now checks for the type rlim_t in sys/resource.h
Libschily:
- libschily/comerr.c and libschily/fcomerr.c now have better
comment.
- libschily now uses the test:
#if defined(HAVE_PRAGMA_WEAK) && defined(HAVE_LINK_WEAK)
to prevent assuming that is suffucuent when the compiler supports
#pragma weak. We also need to have a linker that links against
weak symbols in libraries. HAVE_LINK_WEAK is e.g. not defined
on Cygwin...
Libmdigest:
- libmdigest now uses the test:
#if defined(HAVE_PRAGMA_WEAK) && defined(HAVE_LINK_WEAK)
to prevent assuming that is suffucuent when the compiler supports
#pragma weak. We also need to have a linker that links against
weak symbols in libraries. HAVE_LINK_WEAK is e.g. not defined
on Cygwin...
All:
- include/schily/sysexits.h adopts to the recent changes on Haiku that
prevent usual autoconf tests as #include <sysexits.h> works but symbols
are only defined with #define _BSD_SOURCE
- include/schily/wait.h now knows about the Haiku specific macro
WIFCORED() and #defines WCOREDUMP() to WIFCORED().
- Support for x86_64-haiku-cc.rul and x86_64-haiku-gcc.rul was added
to the makefile system.
- The file RULES/r-gmake.dep was modified to make sure that the
dependency files (*.d) depend from the include files as well.
Previous versions included xxx.d instead of $(ARCHDIR)/xxx.d
- Makefile system: two new targets have been added:
man creates localized versions of the man pages in the
OBJ directory
installman installs only the manual pages
Libschily:
- New function j_error() works where error() is to generic.
- make strlcatl() and wcslcatl() work with K&R compilers
- libschily/getargs.c now is more careful with calling va_arg()
and only calls it as many times as a related format is found in the
format string.
- libschily now contains a getdelim() implementation and always uses
getdelim() to implement the fgetaline() function.
- libschily: the *mem.c implementations now include new *mexval()
functions to set the exit code on failure to a static value instead
of the default "errno" value for the failure.
- libschily: the linker map file now also lists the forgotten new entries:
strlcatl() and wcslcatl()
- libschily/spawn.c:wait_chld() no longer returns 0 if the child process
was killed by a signal.
- libschily now adds some of the existing (old) man pages for various
functions from libschily.
Libfind:
- libfind/idcache.c now saves uname/gname as long as possible and uses
strlcpy() instead of strncpy().
- libfind: the forgotten entries find_hasexec() and find_hasprint()
have been added to the linker map file
Libsiconv:
- libsiconv: the forgotten sic_base() was added to the linker map file
Cdrecord:
- The programs cdrecord adopts to the recent Haiku
changes with a randomized address space and now use B_EXACT_ADDRESS
instead of B_ANY_ADDRESS for the clone_area() call to get shared memory
for a FIFO.
Cdda2wav (Maintained/enhanced by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):
- The programs cdda2wav adopts to the recent Haiku
changes with a randomized address space and now use B_EXACT_ADDRESS
instead of B_ANY_ADDRESS for the clone_area() call to get shared memory
for a FIFO.
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
- mkisofs: isodump did not compile on non c99 compilers.
libnice 0.1.13 (2015-04-28)
===========================
Fix build on non-Windows platforms that don't have getifaddrs()
Fix build regression on Windows
libnice 0.1.12 (2015-04-22)
===========================
Fix regression in SDP parser
Make examples work on Windows
Bug fixes on nicesrc
libnice 0.1.11 (2015-04-20)
===========================
API: nice_agent_set_local_credentials() for WebRTC
Nicesink: support GstBufferList
Better warnings on programming errors
Build fixes for Solaris and Windows
Bug and documentation fixes
Release 0.34.0
core:
* Splash: Fix crash in PDF with nested softmasks. Bug #91240
* Splash: Speed up of rendering icc based images. Bug #90171
* PSOutputDev: Embed Type1 fonts to PostScript files correctly. Bug #19747
* Fix pedantic memory leak
glib:
* update new symbols section
build system:
* cmake: Make sure ENABLE_LIBOPENJPEG is either 0 or 1
Release 0.33.0
core:
* Fix regression in pdftops parameter passing. Bug #89827
* Combine base characters and diacritical marks. Bug #87215
* Use width from W array for WMode positioning. Bug #89621
* Fixed adding annotation of Subtype Popup to pdf page. Bug #89136
* CairoOutputDev: Fix memory leak in CairoFreeTypeFont::create
* SplashOutputDev: memset on error to have reproducible outputs
qt4:
* Fix PDF Text String -> QString conversion. KDE Bug #344849
qt5:
* Fix PDF Text String -> QString conversion. KDE Bug #344849
glib:
* Add poppler_annot_markup_set_popup_rectangle()
* Fix segfault when creating PopplerAction. Bug #90093
utils:
* pdftohtml: Set exit status adecuately. Bug #83609
build system:
* configure: Fix invalid shell comparaison in libtiff test
1.1.2
-----
* Closes#269: setup_requires pbr 1.3
1.1.1
-----
* Closes#257: version the dependency on six
* Rename README.txt to README.rst
1.1.0
-----
* Make reproducing travis behaviour somewhat easier
* Cleanup version number handling
* Overhaul docs
* Update docs
* Remove stale MANIFEST.in, ignore pbr outputs
* Convert to a package, use pbr, update metadata
* Bump versions
* Officially drop 2.6 support
* Issue #23310: Fix MagicMock's initializer to work with __methods__. Behavior equivalent to m.configure_mock(). Patch by Kasia Jachim
* Issue #23568: Add rdivmod support to MagicMock() objects
* Issue #23581: Add matmul support to MagicMock
* Issue #23326: Removed __ne__ implementations. Since fixing default __ne__ implementation in issue #21408 they are redundant
* Issue #22823: Use set literals instead of creating a set from a list. Fixed an output of sets in examples
* Closes#21270 : We now override tuple methods in mock.call objects
* Suppress a couple more DeprecationWarnings in the test suite
* Closes#21256: Printout of keyword args in deterministic order in mock calls
* Removes unused varargs and varkwargs from assert_not_called()
* Closes Issue 21262: New method assert_not_called for Mock
* Closes Issue 21238: New keyword argument `unsafe` to Mock
* Closes issue 21239. unittest.mock.patch.stopall() did not work deterministically when the same name was patched multiple times
* Closes Issue 21222
* Closes issue 17660. You no longer need to explicitly pass create=True when patching builtin names
* Issue 17826. Setting an iterable side_effect on a mock created by create_autospec now works
* Issue 20968. unittest.mock.MagicMock now supports division
* Issue #20189: Four additional builtin types (PyTypeObject, PyMethodDescr_Type, _PyMethodWrapper_Type, and PyWrapperDescr_Type) have been modified to provide introspection information for builtins. Also: many additional Lib, test suite, and Argument Clinic fixes
* Issue #19594: Use specific asserts in unittest tests
* Remove shadowed test
* Adjust comment
* Issue #19013: add a __main__ to unittest.test.testmock to ease CLI invocation
* Issue #19013: add unittest.main() epilogs to unittest.mock's own test modules
* Process DEFAULT values in mock side_effect that returns iterator
* Closes issue 17467. Add readline and readlines support to unittest.mock.mock_open
* Issue #17047: remove doubled words added in 3.3 as reported by Serhiy Storchaka and Matthew Barnett
* Issue #17015: When it has a spec, a Mock object now inspects its signature when matching calls, so that arguments can be matched positionally or by name
* Closes issue 15323. Improve failure message of Mock.assert_called_once_with
* Close#14857: fix regression in references to PEP 3135 implicit __class__ closure variable. Reopens issue #12370, but also updates unittest.mock to workaround that issue
* Remove incorrect comment
* Closes issue 14634. unittest.mock.create_autospec now supports keyword only arguments
* unittest.mock: removed another bit of Python 2 only code
* Adding unittest.mock documentation
* unittest.mock: remove another piece of Python 2 specific code
* Remove more Python 2 code from unittest.mock (obsolete function attributes)
* Support subclassing unittest.mock._patch and fix various obscure bugs around patcher spec arguments
* unittest.mock.MagicMock objects are now unorderable by default
* Removed XXX from unittest.mock docstring and switch to a nicer try...except...finally
* Remove more Python 2 compatibility cruft from unittest.mock
* PEP 417: Adding unittest.mock
* Ignore patch rejects too
* Add NEWS
* Add PyPy to travis
* Issue #20189: Four additional builtin types
* Just hard-depend on unittest2
* Fix typo in test name
* Some basic release process notes
* Ignore more editor files
* Add testrepository configuration
* We never need sudo. Containers FTW
* Fixup ignores
* Iterating on .travis.yml
* Setup Travis-CI
NEW IN WAF 1.8.12
-----------------
* Fixed a regression when building in sub-folders - https://github.com/waf-project/waf/issues/1590
* New mac_files attribute which is expected to replace mac_resources in waf 1.9 (demos/mac_app/)
* env = env.derive().detach() to simplify deep copies
2015-07-12 meld 3.13.3
======================
Fixes:
* Fix syntax highlighting under Windows (Kai Willadsen)
* Update Windows build for newer pygi bundled libraries (Kai Willadsen)
* Fixes for incorrect descriptions in manual (Anders Jonsson, Kai Willadsen)
strnstr(3) was added to NetBSD -current but is not in netbsd-7 (or
earlier releases). This patch was confirmed to still work on -current by
wiz@ (7.99.19 amd64), and on netbsd-7 by myself (7.0_RC1, amd64).
Xfce 4 Modem Lights panel plugin is intended to simplify establishing a ppp
connection via a modem. It is primarily designed to work with the debian ppp
package and the pon/poff scripts provided by that package, but should be usable
with any scripts that create a lock file during dialing and retain it through
the connection.
Mozilla Thunderbird is a redesign of the Mozilla mail component. The
goal is to produce a cross platform stand alone mail application using
the XUL user interface language. This version tracks 31 ESR.
Pkgsrc changes:
* adapt one patch to changes upstream.
* adapt PLIST to newly installed files.
* rename and adapt patch to Makefile.in.
Upstream changes:
1.3.5a - Released 27-May-2015
--------------------------------
- Bug 4055 - "error setting listen fd IPV6_TCLASS: Protocol not available" log
message.
- Bug 3944 - Session closed if active data transfer fails due to "Address
already in use" error.
- Bug 4068 - MaxClients directive doesn't work for <Anonymous> sessions.
- Bug 4069 - NLST -a shows / directory instead of the current directory.
- Bug 4063 - Unable to create directory on NFS/CIFS partition: Permission
denied.
- Bug 4073 - Polycom VOIP phones unable to use FTPS data transfers.
- Bug 4077 - ShaperLog not closed/reopened on SIGHUP, causing log rotation
problems.
- Bug 4079 - Invalid response encoding for SFTP space-available request.
- Bug 4083 - Using SQLDefaultHomedir with null home results in "No such user".
- Bug 4087 - mod_sftp does not handle "MaxLoginAttempts none" properly.
- Bug 4089 - mod_sftp does not allow multiple attempts using a given
authentication method.
- Bug 4090 - mod_wrap2_file does not support IPv6 addresses properly.
- Bug 4091 - Log "Operation not permitted" privs errors at NOTICE rather than
ERROR.
- Bug 4094 - Available space on file system using %f displays wrong value.
- Bug 4108 - SSL handshakes for data connections sometimes stall for 3-30
seconds.
- Bug 4109 - setsockopt() call for IPV6_TCLASS should use IPPROTO_IPV6.
- Bug 4112 - Failure to connect using mod_sftp sometimes due to too-small
buffers.
- Bug 4114 - mod_tls should not support SSLv3 by default.
- Bug 4116 - Report exact SSL/TLS protocol version used in client connections.
- Bug 4124 - DeleteAbortedStores defaults to "on" for all transfers, not just
HiddenStores.
- Bug 4129 - mod_sql caches incorrect UID/GID when name cannot be retrieved.
- Bug 4131 - mod_sftp's autoconf script does not detect OpenSSL SHA2 support.
- Bug 4133 - LDAPUsers directive does not honor uid-number-filter-template
parameter.
- Bug 4137 - GeoIPDenyFilter incorrectly takes precedence over GeoIPAllowFilter.
- Bug 4140 - SFTP READLINK requests to symlinks to directories fail.
- Bug 4143 - HTTPS/FTPS protocol confusion leads to XSS.
- Bug 4145 - Segfault if AuthUserFile is a relative symlink.
- Bug 4152 - Reduce logging of non-fatal "unable to open incoming connection"
errors.
- Bug 4155 - SSH keys with too-long Comment headers aren't recognized by
mod_sftp_sql.
- Bug 4156 - Segfault handling LIST/NLST FTP command on Mac OS X.
- Bug 4160 - Malformed response to SSH_FXP_REALPATH with SFTP version 6.
- Bug 4169 - Unauthenticated copying of files via SITE CPFR/CPTO allowed by
mod_copy.
- Bug 4178 - TLS session reuse requirement for data connections not properly
enforced.
1.3.5 - Released 15-May-2014
--------------------------------
- Bug 4018 - Implement checks for sensitive directories when chrooted.
- Bug 4022 - "Directory not empty" error when creating directory is misleading.
- Bug 4025 - <IfClass> sections do not work for multiple SQLLog directives.
- Bug 4029 - TLSOptions EnableDiags logs "unknown version (771)" for
TLS 1.1/1.2 connections.
- Bug 3938 - mod_wrap2 uses reverse DNS regardless "UseReverseDNS off".
- Bug 4032 - Restarting proftpd with mod_sftp fails due to permissions on
SFTPHostKey file.
- Bug 4033 - mod_sftp fails to create SSH2 session using 'none' cipher.
- Bug 4034 - SSH publickey authentication fails with "MaxLoginAttempts 1".
- Bug 4024 - TLS 1.1/1.2 configurable, but not properly implemented.
- Bug 4046 - ALLO command failed because of bad size check.
- Bug 4048 - Race condition in mod_ban can lead to segfault of all new
connections.
- Bug 4049 - mod_exec should include supplemental groups when running commands
as logged-in user.
- Bug 4042 - MIC command between RNFR and RNTO should not be rejected.
- Bug 4044 - mod_facl prevents a normal SIGHUP reload.
- Bug 4052 - Enhance SQLPasswordPBKDF2 to support per-user query for settings.
1.3.5rc4 - Released 28-Jan-2014
--------------------------------
- Bug 3945 - Spurious log messages at session close.
- Bug 3946 - Null pointer dereference causes segfault when logging
%{transfer-status}, %{transfer-failure} LogFormat variables on EXIT.
- Bug 3947 - LogFormat %f variable not resolved properly for SFTP renames.
- Bug 3950 - LogFormat %d/%D variables not resolved properly for directory
listings.
- Bug 3949 - RNFR/RNTO not logged as expected for SFTP EXTENDED
posix-rename@openssh.com requests.
- Bug 3948 - Support FTP response codes in ExtendedLog for SFTP data transfers.
- Bug 3858 - mod_delay allows too-large values, leading to client hang on
authentication.
- Bug 3951 - Null pointer dereference for mod_ldap logins when
LDAPDefaultAuthScheme not configured.
- Bug 3954 - scp downloads result in segfault.
- Bug 3957 - ProFTPD configuration with thousands of <Directory>/<Limit>
sections leads to slow logins.
- Bug 3959 - mod_sftp does not honor <Directory>/<Limit> sections when symlinks
are involved.
- Bug 3958 - Directory creation does not honor single-parameter Umask setting.
- Bug 3960 - Support the CAP_FSETID Linux capability, for preserving directory
SGID bit.
- Bug 3962 - Directory creation fails (chmod(2) EPERM) when root privs are used
in some cases.
- Bug 3955 - Support secure FXP (site-to-site) transfers using SSCN.
- Bug 3966 - LogFormat %f variable not resolved for some commands.
- Bug 3971 - Support SQLOption for ignoring client library config files when
needed.
- Bug 3972 - Authentication error on Cygwin due to bad code.
- Bug 3973 - mod_sftp can be forced to allocate too much memory for
keyboard-interactive authentication.
- Bug 3974 - PathDenyFilter directive does not work as expected for SFTP
sessions.
- Bug 3963 - Improve permission setting when creating directories.
- Bug 3975 - Error printed to stderr when loading GeoIP Lite country database
using IndexCache flag.
- Bug 3976 - ProFTPD terminating (signal 11) crash for GeoLiteCity-20130903
database lookup.
- Bug 3964 - Support running ExecOnEvent actions with logged-in user's
permissions.
- Bug 3979 - mod_sql_odbc compiler warnings on 64-bit systems using unixODBC.
- Bug 3952 - Make PersistentPasswd default to 'off'.
- Bug 3981 - Null pointer dereference in mod_exec with ExecOption useStdin.
- Bug 3982 - Normalize log messages and levels.
- Bug 3888 - Add LDAPLog directive to mod_ldap.
- Bug 3982 - Normalize log messages and levels.
- Bug 3986 - Support filesystems which do not support chmod(2)/chown(2),
e.g. FAT/ExFAT.
- Bug 3991 - SSL session caching modules use incorrect OpenSSL cache mode flags,
breaking session caching.
- Bug 3987 - LogFormat variable for just the filename.
- Bug 3965 - Timeout directives have inconsistent maximum values.
- Bug 3998 - Support IgnoreSCPUploadTimes SFTPOption.
- Bug 3995 - ftpasswd utility should prevent concurrent modification of files.
- Bug 3994 - ftpasswd utility should support --lock/--unlock options.
- Bug 3970 - ProFTPD should not use fd 2 (stderr) for files.
- Bug 3772 - Support Elliptic Curve Cryptography (ECC) certs for
FTPS connections.
- Bug 3992 - RSA signature issue when connecting using PuTTY/WinSCP.
- Bug 3996 - Handling ALLO command can result in wrong response when chrooted.
- Bug 3876 - ExecOnEvent should be configurable per <VirtualHost>/<Global>.
- Bug 4001 - mod_sftp fails key exchange for 8192-bit DH group.
- Bug 4002 - Add 7680-bit DH parameter to mod_sftp bundled dhparams.pem file.
A 3072-bit DH group was also added.
- Bug 4004 - IgnoreSCPUploadPerms SFTPOption not honored properly for SCP
directory upload.
- Bug 4006 - RADIUS "service-type" attribute encoded with wrong length on
64-bit system.
- Bug 4011 - NLST ../ shows current directory contents rather than parent
directory.
- Bug 4013 - SCP upload of shorter file does not completely overwrite existing
file of same name.
- Bug 4014 - CommandBufferSize should override PR_DEFAULT_CMD_BUFSZ.
1.3.5rc3 - Released 14-Jun-2013
--------------------------------
- Bug 3910 - Clang's scan-build warns on set[u][g]id unchecked return value.
- Bug 3914 - 1.3.5rc2 fails to build on Solaris 10.
- Bug 3917 - Make DeleteAbortedStores on by default when HiddenStores enabled.
- Bug 3918 - mod_sftp segfault after SIGHUP when evaluating client banner.
- Bug 3864 - Support SQL query to lookup/use primary key for logged-in
user/group.
- Bug 3920 - Support umac-64@openssh.com digest for mod_sftp.
- Bug 3921 - Single failed keyboard-interactive login attempt causes SSH
connection to close prematurely.
- Bug 3923 - mod_cap does not revoke root privileges properly for SFTP
connections.
- Bug 3926 - Support OpenSSH fsync SFTP extension.
- Bug 3925 - SFTP directory listings are sensitive to locale environment
variables.
- Bug 3924 - HideFiles does not filter symlinks.
- Bug 3929 - pam_session_close() requires root privs on some platforms.
- Bug 3932 - SQLAuthType Backend returns "password mismatch" for MySQL
PASSWORD().
- Bug 3934 - HideUser/HideGroup do not work as expected for virtual users.
- Bug 3935 - scp download of nonexistent file results in client hang.
- Bug 3927 - Default ControlsSocket created despite custom ControlsSocket path.
- Bug 3937 - Segfault when retrieving SSH public key from LDAP directory.
- Added new mod_snmp contrib module.
- Bug 3939 - Disable Controls for "ServerType inetd" servers.
- Bug 3942 - mod_sftp_sql should support multiple keys concatenated together
in a single column.
- Bug 3943 - Support for PBKDF2 passwords in mod_sql_passwd.
- Bug 3941 - RLimitProcesses causes problems with setuid/setreuid.
1.3.5rc2 - Released 06-Mar-2013
--------------------------------
- Bug 3859 - MLSD fails to show symlinks when ShowSymlinks is not configured.
- Bug 3860 - Add a default deny option for mod_geoip.
- Bug 3862 - Support for FTPS-specific MasqueradeAddress functionality. A
new TLSMasqueradeAddress directive has been added to mod_tls.
- Bug 3863 - mod_sftp does not handle MaxLoginAttempts properly.
- Bug 3865 - BanEngine not set in "server config" results in "mod_ban not
enabled" ftpdctl error.
- Bug 3866 - Issuing invalid 'ftpdctl ban' request causes segfault.
- Bug 3867 - ftpasswd fails with "Permission denied" when adding subsequent
passwd/group entries.
- Bug 3868 - Only first DH param in TLSDHParamFile is used, regardless of
requested keylength.
- Bug 3870 - Handling of OPTS command can lead to crash.
- Bug 3779 - Generate new DH parameters for mod_tls and mod_sftp.
- Bug 3871 - REALPATH SFTP request not properly handled by <Limit DIRS>
configuration.
- Bug 3872 - Use HiddenStores directive to customise suffix.
- Bug 3873 - Provide FTP response code in ExtendedLog for failed SFTP REMOVE
request.
- Bug 3869 - Use longer SSL session cache expiration by default.
- Bug 3874 - Use of O_EXCL flag on HiddenStores files might break for NFS
filesystems.
- Bug 3878 - QuotaExcludeFilter not honored for uploads when 'hard' limits are
used.
- Bug 3879 - Allow additional columns in SQLNamedQuery queries used for quota
limits and tallies.
- Bug 3882 - DisplayLogin with an absolute path does not work properly within
an <IfGroup> section.
- Added new mod_log_forensic contrib module.
- Bug 3881 - <Directory> sections within <IfGroup> sections not applied as
expected.
- Bug 3884 - Configure script not detecting MySQL make_scrambled_password
functions.
- Bug 3887 - <Limit ALL> erroneously blocks the PROT command used for FTPS.
- Bug 3819 - Second and subsequent LIST of directory with many files is very
slow.
- Bug 3889 - Support millisecond timestamp LogFormat variable.
- Bug 3891 - Allow TLSProtocol directive in <VirtualHost> and <Global> sections.
- Bug 3753 - Support SFTP request names in <Limit> sections better.
- Bug 3892 - mod_auth_file should have strict permission checks of configured
files.
- Bug 3893 - Add SQLLogOnEvent directive, for performing SQL query on
configurable event.
- Bug 3894 - ftptop doesn't work with --enable-nls.
- Bug 3895 - Missing TransferLog entry under some out-of-space conditions.
- Bug 3897 - mod_sftp does not handle a REALPATH request properly for SFTP
protocol version 6.
- Bug 3896 - Warn when world-writable config files are used.
- Bug 3899 - Support authentication of users based on SSL/TLS client
certificate.
- Bug 3903 - With mod_log_forensic enabled, SSH connections fail randomly.
- Bug 3905 - Handle the Linux-specific PAM_RADIO_TYPE message properly.
- Bug 3709 - Support download-triggered emails in the ftpmail script.
- Bug 3904 - scp downloads using glob pattern sometimes fails.
- Bug 3900 - ProFTPD terminating (signal 11) on some sftp connections.
- Bug 3906 - Support ban rule for clients which perform SSL/TLS handshakes too
frequently.
1.3.5rc1 - Released 04-Jan-2013
--------------------------------
- Bug 3712 - mod_wrap2/mod_load build errors: missing config.h.
- Bug 3713 - mod_tls cannot be compiled using Openssl 0.9.6.
- Bug 3646 - Debug logging to stderr should include timestamps and PID.
- Bug 3714 - ftpwho/ftptop are not showing command arguments (e.g. downloaded
file name).
- Bug 3715 - MLSD/MLST fail when "DirFakeUser off" or "DirFakeGroup off" used.
- Bug 3717 - proftpd fails to run with "Abort trap" error message.
- Bug 3719 - LIST -R can loop endlessly if bad directory symlink exists.
- Bug 3720 - Various module logfile permissions are 0600 instead of 0640.
- Bug 3723 - mod_memcache segfault on server restart.
- Bug 3721 - mod_rewrite does not replace characters if there are more than
8 occurrences. To handle this situation, a new RewriteMaxReplace directive
has been added for configuring this limit.
- Bug 3724 - Unloading mod_quotatab causes segfault.
- Bug 3686 - Support SHA2 digests in mod_sftp. See the SFTPDigests directive
documentation for more information.
- Bug 3629 - Support <IfAuthenticated> conditional config section.
- Bug 3682 - Configure does not detect libiconv under Gentoo FreeBSD.
- Bug 3726 - mod_exec does not always capture stdout/stderr output from
executed command.
- Bug 3727 - mod_wrap2 causes unexpected LogFormat %u expansion for SFTP
connections.
- Bug 3729 - mod_ldap can segfault when LDAPUsers is used with no optional
filters.
- Bug 3728 - Build failure in wtmp.c on Gentoo/FreeBSD on sparc.
- Bug 3734 - DirFakeUser/DirFakeGroup off with name causes SIGSEGV for
MLSD/MLST commands.
- Bug 3739 - Allow for configurable SSH version identifiers in mod_sftp. The
SSH version identifier can now be configured for mod_sftp via the
ServerIdent directive.
- Bug 3718 - ftptop fails to build on OpenSUSE.
- Bug 3699 - ProFTPD crash on start up on Mac OSX Lion with NLS enabled.
- Bug 3744 - Support ls(1) -1 option for LIST command.
- Bug 3746 - Support applying ListOptions only to NLST or to LIST commands.
- Bug 3747 - Support option for displaying symlinks via MLSD using syntax
preferred by FileZilla. The new FactsOptions directive can be used for
this purpose.
- Bug 3745 - Reject PASV command if no IPv4 address available.
- Bug 3701 - Modify ScoreboardFile directive to support disabling scoreboarding.
- Bug 3742 - Improper handling of self-signed certificate in client-sent cert
list when "TLSVerifyClient on" is used.
- Bug 3749 - Compile of src/netacl.c fails on Tru64 UNIX (OSF/1) due to
conflict with system header.
- Bug 3743 - Random stalls/segfaults seen when transferring large files
via SFTP.
- Bug 3752 - proftpd process exit status is zero for "Failed binding to
address, port N: Address already in use" startup failure.
- Bug 3751 - mod_ban does not close/reopen the BanLog/BanTable file descriptors
on restart, causing a file descriptor leak.
- Bug 3707 - Add request/transfer ID to the logging of the initial and closing
commands for SFTP file transfers. This can now be accomplished using a
LogFormat variable of '%{note:sftp.file-handle}'.
- Bug 3757 - Support SFTPOption for ignoring requests to modify file ownership.
- Bug 3756 - mod_ctrls no longer listens on ControlsSocket after restart.
- Bug 3731 - Support active data transfers while RootRevoke is in effect.
- Bug 3737 - Allow UTF8 when UseEncoding is used.
- Bug 3573 - Support Elliptic Curve Cryptography (ECC) in SSH.
- Bug 3758 - ProFTPD crashes when handling mod_gss authentication due to null
pointer.
- Ability to load SSH host keys from an SSH agent, in addition to files on
disk. See doc/contrib/mod_sftp.html#SFTPHostKey for more information.
- Bug 3761 - SSH2 key exchange fails if client sends certain SSH message before
NEWKEYS.
- Bug 3763 - Ensure that mod_sftp operates properly when OpenSSL FIPS mode is
enabled.
- Bug 3764 - mod_sftp does not correctly handle a 'guess' KEX message when the
client guesses correctly.
- Bug 3765 - mod_sftp should honor the GroupOwner directive for MKDIR requests.
- Bug 3626 - Display variable %f off by a factor of 1024 on 64-bit platforms.
- Bug 3673 - Support date/timestamp variables in mod_rewrite.
- Bug 3754 - ProFTPD refuses to delete/rename a symlink pointing outside a
writable directory.
- Bug 3766 - Support a QuotaDefault directive, for configuring default limits.
- Bug 3767 - mod_rewrite segfault when handling SITE CHGRP without a parameter.
- Bug 3768 - ExecTimeout 0 (zero) not treated as infinite.
- Added new mod_geoip contrib module.
- Bug 3769 - Ensure that encoded strings are NUL-terminated.
- Bug 3732 - AIX build error: undefined symbol: .alloca.
- Bug 3782 - SQLShowInfo does not work properly for error responses.
- Bug 3780 - AIX gives "error setting listen fd IP_TOS: Invalid argument".
- Bug 3736 - Trying to re-authenticate an existing FTP connection causes invalid
503 response.
- Bug 3785 - Support resolution of tilde (~) within a chrooted session.
- Bug 3787 - Read-only SFTP OPEN request permissions not properly ignored.
- Bug 3740 - Overwrite permission denied when reloading multiple times and
multiple <VirtualHost> sections in proftpd.conf.
- Bug 3791 - Invalid handling of SCP control messages fragmented over multiple
SSH packets.
- Bug 3794 - Cygwin build failure in lib/tpl.c due to wrong include of mman.h.
- Bug 3795 - ProFTPD needs to use -pthread linker option if linking against
OpenSSL with thread support.
- Bug 3790 - Logfile timestamps change to GMT after MFMT command.
- Bug 3798 - Downloading nonexistent file via SCP results in timeout rather
than error.
- Bug 3800 - Multiple *Options directives should be handled properly.
- Bug 3801 - mod_tls should have directive like Apache mod_ssl's
SSLHonorCipherOrder. The mod_tls module now supports a
TLSServerCipherPreference directive.
- Bug 3804 - ioctl(RPROTDIS) code no longer needed on Solaris 11.
- Bug 3808 - Segfault in mod_tls when mod_tls_shmcache used.
- Bug 3809 - Segfaults in mod_radius when configured with RadiusGroupInfo.
- Bug 3811 - ExtendedLog entries not written if MaxClients limit reached.
- Bug 3814 - Support "configtest" command for contrib init.d script.
- Bug 3816 - Installation of ftpasswd does not honor DESTDIR environment
variable.
- Bug 3813 - Ability to use CreateHome to create parent directories as
non-root user, for better interoperability with NFS.
- Bug 3806 - Support reverse DNS resolution for IPv6 addresses when
gethostbyname2(3) is not available.
- Bug 3820 - Support device/interface names in <VirtualHost>, MasqueradeAddress,
and DefaultAddress.
- Bug 3822 - Resolving %U/%u LogFormat variables inconsistent between
mod_log/mod_sql in certain cases.
- Bug 3824 - Use RFC compliant address/port for data transfer if FTP client has
not sent PORT/PASV/EPRT/EPSV commands.
- Bug 3825 - Handle RFC 1918 IP addresses in PORT/EPRT commands.
- Bug 3827 - Use non-filesystem based SFTP handle generator instead of
mktemp(3).
- Bug 3828 - Certain sequences of FTP data transfer commands lead to NULL
pointer dereferences in mod_deflate.
- Bug 3830 - MFF/MFMT command segfaults due to insufficient parameter checks.
- Bug 3829 - RNFR without following RNTO can lead to NULL pointer dereference.
- Bug 3832 - Support disabling of system logging on per-connection basis.
- Bug 3792 - Recursive SCP uploads using preserve-time (-p) option may not work.
- Bug 3831 - Sporadic "451 Insufficient memory or file locked" failure when
downloading.
- Bug 3833 - Enable TCP keepalive by default, with configurable SocketOption.
- Bug 3837 - mod_tls unable to read certificate files after SIGHUP.
- Bug 3842 - Incorrect handling of REALPATH requests for symlink paths in
mod_sftp.
- Bug 3843 - ProFTPD should not fail when starting up due to loading same
module multiple times.
- Bug 3845 - mod_sftp does not provide response codes for %s LogFormat variable
for AUTH ExtendedLog.
- Bug 3846 - Avoid scanning ScoreboardFile needlessly on login if limits are
not configured.
- Bug 3850 - ftpasswd should support generating SHA-256, SHA-512 hashes where
possible.
- Bug 3851 - SFTPPassPhraseProvider fails due to incorrect pointer.
- Bug 3852 - Support directive for ignoring symlink DefaultRoot directories.
See the new AllowChrootSymlinks directive.
- Bug 3839 - Enhance mod_cap to support dropping root privs entirely.
- Bug 3841 - Possible symlink race when applying UserOwner to newly created
directory.
- Bug 3855 - Restarting proftpd may cause Include files not to be parsed.
