Tor 0.2.2.32, the first stable release in the 0.2.2 branch, is finally
ready. More than two years in the making, this release features improved
client performance and hidden service reliability, better compatibility
for Android, correct behavior for bridges that listen on more than
one address, more extensible and flexible directory object handling,
better reporting of network statistics, improved code security, and
many many other features and bugfixes.
o Wedge in DESTDIR support. This is a little tricky since the
installation procedure wants to run scotty to parse and dump
the MIB files, and this needs to be done in DESTDIR. Therefore
we use the post-install target, to fix things up before packaging
and the real install.
o Fix the "dns" functionality not to use _res, since this program
is linked with libpthread that won't work on NetBSD (aborts the
program). Though the modified version still uses a global static
variable.
o Add comments to all the patch files.
o Eliminate use of ${WRKSRC}/.., since pkglint objects to it. Instead
use BUILD_DIRS and CONFIGURE_DIRS.
o Add a LICENSE setting, 2-clause-bsd appears most similar.
o Bump PKGREVISION for the above changes.
pkgsrc change: add a patch to fix build problem with some PKG_OPTIONS,
such as "ldap".
New Features
9.8.1
* Added a new include file with function typedefs for the DLZ
"dlopen" driver. [RT #23629]
* Added a tool able to generate malformed packets to allow testing of
how named handles them. [RT #24096]
* The root key is now provided in the file bind.keys allowing DNSSEC
validation to be switched on at start up by adding
"dnssec-validation auto;" to named.conf. If the root key provided
has expired, named will log the expiration and validation will not
work. More information and the most current copy of bind.keys can
be found at http://www.isc.org/bind-keys. *Please note this feature
was actually added in 9.8.0 but was not included in the 9.8.0
release notes. [RT #21727]
Security Fixes
9.8.1
* If named is configured with a response policy zone (RPZ) and a
query of type RRSIG is received for a name configured for RRset
replacement in that RPZ, it will trigger an INSIST and crash the
server. RRSIG. [RT #24280]
* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
* Using Response Policy Zone (RPZ) to query a wildcard CNAME label
with QUERY type SIG/RRSIG, it can cause named to crash. Fix is
query type independant. [RT #24715]
* Using Response Policy Zone (RPZ) with DNAME records and querying
the subdomain of that label can cause named to crash. Now logs that
DNAME is not supported. [RT #24766]
* Change #2912 populated the message section in replies to UPDATE
requests, which some Windows clients wanted. This exposed a latent
bug that allowed the response message to crash named. With this
fix, change 2912 has been reduced to copy only the zone section to
the reply. A more complete fix for the latent bug will be released
later. [RT #24777]
Feature Changes
9.8.1
* Merged in the NetBSD ATF test framework (currently version 0.12)
for development of future unit tests. Use configure --with-atf to
build ATF internally or configure --with-atf=prefix to use an
external copy. [RT #23209]
* Added more verbose error reporting from DLZ LDAP. [RT #23402]
* The DLZ "dlopen" driver is now built by default, no longer
requiring a configure option. To disable it, use "configure
--without-dlopen". (Note: driver not supported on win32.) [RT
#23467]
* Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
* Make --with-gssapi default for ./configure. [RT #23738]
* Improved the startup time for an authoritative server with a large
number of zones by making the zone task table of variable size
rather than fixed size. This means that authoritative servers with
lots of zones will be serving that zone data much sooner. [RT
#24406]
* Per RFC 6303, RFC 1918 reverse zones are now part of the built-in
list of empty zones. [RT #24990]
* Image Preview: fix open failer with multi-line HTML tag.
* Image Preview: enable to force extracting short URL.
* With Ruby 1.8.7: fix crash at right-click on tweets contains URL.
* With Ruby 1.8.7: fix rare crash at connection timeout.
* fix rare crash at extracting bit.ly URL.
* improve URL extracting speed.
Flickcurl is a C library for the Flickr API, handling creating the
requests, signing, token management, calling the API, marshalling
request parameters and decoding responses. It uses libcurl to call
the REST web service and libxml2 to manipulate the XML responses.
Flickcurl supports all of the API including the functions for
photo/video uploading, browsing, searching, adding and editing
comments, groups, notes, photosets, categories, activity, blogs,
favorites, places, tags, machine tags, institutions, pandas and
photo/video metadata. It also includes a program flickrdf to turn
photo metadata, tags, machine tags and places into an RDF triples
description.
0.2.19 Fri Aug 05 2011 Toni Gundogdu
Fixes: Webscripts
- ted.lua: attempt to index local 's' (#65)
- youtube.lua: no match: fmt_url_map (#63)
- Thanks to Zefram <zefram@fysh.org> for the patch
- funnyordie.lua: no match: flv url (#64)
Fixes
* With Ruby 1.8.7, crash with right click at tweet contains URL.
* on scroll timeline top to down, accidently auto scroll-up once.
* Not mute for various notify.
* rare crash at refresh timeline.
* user information may be old one.
* rare crash at timeout.
1.3.2:
Release date: 2011-08-06 23:05 UTC
Release state: stable
Changelog:
* Fix referrals if host data or user credentials are passed to connect() and
login() instead of the constructor (Aleksander Machniak, Bug #17107).
1.3.1:
Release date: 2011-08-06 01:56 UTC
Release state: stable
Changelog:
* Query capabilities again after successful authentication (Jesse Crawford,
Request #18382).
* Escape quotes and backslashes in script names, and use literal strings for
script names with non-ASCII characters (Aleksander Machniak, Bug #16691).
* Work around broken STARTTLS behavior in Cyrus versions before 2.3.10
(Aleksander Machniak, Bug #18241).
* Improve string literal parsing (Aleksander Machniak, Bug #18228).
Revision history for Perl extension Net::Amazon:
0.60 (08/01/2011)
(cb) Fix the page and max_pages parameter to correctly fetch the specified
number of pages, and start at the correct offset. Reported as rt 69201.
(cb) Add a method to get similar products. Patch submitted by Jennifer.
(cb) Push from cpanservice: Small dist maintenance. Please use latest
ExtUtils::MakeMaker for release.
For some reason the "Checking for work-directory references" test
didn't catch the fact that ${DESTDIR}${LIBDIR} was being compiled
into the main binary as its library search path.
Noted by moof.
PKGREVISION -> 7
Here is partial changes:
= Version 0.7.2
* [BUG] Server-named queues declared en masse now get their unique names instead of all beign assigned the first generated name
* [API] Connection URI (string) format for vhosts no longer assumes that vhosts begin with a slash (/), learn more at http://bit.ly/mfzwcB
* [BUG] Queue#reset leaks consumer tags [#40].
For full changes, please refer:
ftp://ftp.isc.org/isc/bind9/9.7.4/RELEASE-NOTES-BIND-9.7.4.html
New Features
9.7.4
* A new test has been added to check the apex NSEC3 records after
DNSKEY records have been added via dynamic update. [RT #23229]
* Added a tool able to generate malformed packets to allow testing of
how named handles them. [RT #24096]
Security Fixes
9.7.4
* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
* Change #2912 (see CHANGES) exposed a latent bug in the DNS message
processing code that could allow certain UPDATE requests to crash
named. [RT #24777] [CVE-2011-2464]
Feature Changes
9.7.4
* Merged in the NetBSD ATF test framework (currently version 0.12)
for development of future unit tests. Use configure --with-atf to
build ATF internally or configure --with-atf=prefix to use an
external copy. [RT #23209]
* Added more verbose error reporting from DLZ LDAP. [RT #23402]
* Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
For full changes, please refer:
ftp://ftp.isc.org/isc/bind9/9.6-ESV-R5/RELEASE-NOTES-BIND-9.6-ESV.html
New Features
9.6-ESV-R5
* Added a tool able to generate malformed packets to allow testing of
how named handles them. [RT #24096]
Security Fixes
9.6-ESV-R5
* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
* Change #2912 populated the message section in replies to UPDATE
requests, which some Windows clients wanted. This exposed a latent
bug that allowed the response message to crash named. With this
fix, change 2912 has been reduced to copy only the zone section to
the reply. A more complete fix for the latent bug will be released
later. [RT #24777]
Feature Changes
9.6-ESV-R5
* Merged in the NetBSD ATF test framework (currently version 0.12)
for development of future unit tests. Use configure --with-atf to
build ATF internally or configure --with-atf=prefix to use an
external copy. [RT #23209]
* Added more verbose error reporting from DLZ LDAP. [RT #23402]
* Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
Changelog:
aria2 1.12.1
============
Release Note
------------
This release adds RFC 6249 Metalink/HTTP support. Current
implementation only uses rel=duplicate links. --enable-direct-io
option was deprecated because of performance issue. Since recent
GnuTLS uses libnettle as default instead of libgcrypt, this release
added initialization code for libgcrypt.
Changes
-------
* Initialize libgcrypt. We relied initialization of libgcrypt on
gnutls_global_init(), but recent change in gnutls, which changes
default crypto backend from libgcrypt to libnettle, leaves
libgcrypt uninitialized if it uses libnettle as backend(and this is
likely because libnettle is chosen by default). To fix this issue,
we simply initialize libgcrypt on our own.
* Throw exception with error message if gnutls_global_init() failed.
* Implemented Metalink/HTTP. Link header fields from first Metalink
server is utilized as described in rfc6249. We only set digest from
Digest header field to DownloadContext only when PieceStorage is
not initialized(in other words, before file size is known). After
PieceStorage is initialized, Digest header field is used to check
the value is the same in digest in DownloadContext. Current
implementation only handles rel=duplicate.
* Remove Metalink content-type after first server response. We don't
accept Metalink content-type after first server response.
* Updated Russian translation of aria2 man page. Thanks to ITriskTI
for translation.
* Fixed the bug due to dangling pointers in RequestGroup.
RequestGroup holds a poitner to btRuntime_ and peerStorage_. After
removing them from BtRegistry, we failed to set 0 to them. When
program access them, it goes undefined world, such as random crash.
We found this bug when pasuing download and valgrind warned memory
corruption.
* Added log message to clarify error for BitTorrent server socket.
* Added #deprecated help tag.
* Removed deprecated options: --enable-xml-rpc, --xml-rpc-listen-all,
--xml-rpc-listen-port, --xml-rpc-max-request-size, --xml-rpc-user,
--xml-rpc-passwd.
* Removed use of O_DIRECT because of performance issue. Deprecated
--enable-direct-io option.
* Increased the maximum number of in-flight request in BitTorrent.
* Added --log option to aria2rpc
* Added
* speed up MIKU Lang
* add `open URL' mikutter command
* Fixed
* fail to start with no full color environment
* with UserStream, follow notification will be risen twice per one person
* not work configuration `up FAVed tweet on TL'
* crash if removed a tweet from TL in getting in_reply_to_status of the tweet.
- can not replace a file by renaming another to its name under WIN32
fix in rateup #104
- Fix scaling when noo and noi options are used. fix for #95
- Stop staticly linking rateup. fix for #97
- Only set LD_RUN_PATH if it is actually necessary. patch from #98
- Net::SNMP only support aes128, des and 3des ... fix for cfgmaker from #99
- Understand desc and descr in ifdesc option of cfgmaker
- only set $args{'-maxrepetitions'} if $Net_SNMP_util::MaxRepetitions > 0
- do not load Net_SNMP_util unless snmpv3 is requested ... fix for #75
- be more agressive about updating the confcache. If a key is missing, go
looking for it again and complain. fix for #74
- only apply 32bit counter wrap compensation when the wrap is within 32bit
range. fix for #70
- implement pngdate as TimeStrPos[x]: RU instead of separately. for for #68
- add missing <p> tag arount 'last updated ... ' in html output. fix for #63
- remove rececondition when writing new trafic graph files by writing to a
temp file and moving it later. fix for #51
- make snmpopt_current available in cfgmaker templates. fix for #48
- explicitly import Socket6 routines in SNMP_Session. fix for #45
- default ThreshHyst to 0.1 only if ThreshDir is define. fix for #42
- point out when there is an unknown interface found. fix for #41.
- allow for $speed to return 0 and still use SNMPv2 ... some Cisco Gear
seems todo that. Fix for #33
- add dlink support for ifAlias OIDs to cfgmaker from #50
- add WWP (Ciena) support for ifAlias OIDs to cfgmaker from #66
- Updated squid docu #80
- Fix russian translation bug #92
- added rrdcached support
- new keyword: RRDCached: which overrides anything set in the RRDCACHED_ADDRESS
environment variable and sets MRTG to work in RRDCached mode. This verifies
that you're using a unix-domain socket and the socket is writeable.
- Check for environment variable RRDCACHED_ADDRESS and use this if no
explicit address was set in the cfg file, making the same config validity
checks.
- Make warning if using rrdcached to the effect that the thresholding
checks will no longer work.
- If in rrdcached-mode, and using RRDTool 1.4, then force use of update
rather than updatev (as rrdcached does not yet support updatev) and
consequently bypass the thresholding checks.
- Changes to validity check error messages to also report the file
containing the error (as well as the line).
- Added support for glob patterns in include
- Make daemon reload cfg automatically when it changes
- added support for Arista to cfgmaker
- fix cfgmaker to work in mixed v1/2/3 snmp environment
- do not strigify arguments to conversion function let eval take care of this
- untaint inlast and outlast to make perl taint mode happy
- teach cfgmaker about openbsd
pkgsrc changes:
- Avoid "Subroutine SNMP_Session::pack_sockaddr_in6 redefined" warnings
with the Perl 5.14.1. As the patch might break "mrtg" with older version
of Perl require at least version 5.14.1 of the "perl5" package.
Changes since version 2.65:
- IO-Socket is doing some imports so we now do use IO::Socket ().
- Fixed the rest of the imports.
- Thanks to LeoNerd
- Made the use Socket call import constants selectively, and not rely
on @EXPORT's whims:
- http://www.cpantesters.org/cpan/report/d6e547be-19b5-11e0-bbdc-e5c0d6c987b5
This update stops warnings about re-defining "sockaddr_in6" produced
by e.g. "mrtg" or "spamassassin".
* Fix access to Samba shares when Windows security patch KB2536276 is installed
* Fix DoS in Winbind and smbd with many file descriptors open
* Fix Winbind panics if verify_idpool() fails
- openvpn_chrootdir variable was introduced for running openvpn in chroot
- openvpn_flags variable was introduced for extra flag passed to openvpn
++pkgrevision
Changes since 3.2.3:
ENHANCEMENTS
* Added support for same host service dependencies with servicegroups (Mathieu Gagné)
* Empty hostgroups referenced from services now optionally generate a warning instead of an error.
* Documentation links now point to online resources
* Matt Wall's Exfoliation theme is now installed by default. You can reinstall the classic theme with "make install-classicui"
* Downtime delete commands made "distributable" by deleting by host group name, host name or start time/comment (Opsview team)
* Allow status.cgi to order by "host urgency" (Jochen Bern)
* Added news items and quick links to main splash page
* Added ability to authenticate to CGIs using contactgroup name (Stephen Gran)
FIXES
* Fixes status.cgi when called with no parameters, where host should be set to all if none specified (Michael Friedrich)
* Fixes possible validation error with empty hostgroups/servicegroups (Sven-Göran Bergh)
* Performance-data handling and checking is now thread-safe so long as embedded perl is not used.
* Children should no longer hang on mutex locks held in parent for localtime() (and similar) calls.
* Debug logging is now properly serialized, using soft-locking with a timeout of 150 milliseconds to avoid multiple threads competing for the privilege to write debug info.
* Fixed extraneous alerts for services when host is down
* Fixed incorrect parsing of multi-line host check results (Jochen Bern)
* Fixed bug with passive host checks being incorrectly sent to event brokers as active checks
* Fixed bug where passive host check status updates were not being propagated to event brokers
* Reverted 'Fix for retaining host display name and alias, as well as service display name' as configuration information stored incorrectly over a reload
* Fixed compile warnings for size_t (Michael Friedrich)
* Fixed problem where acknowledgements were getting reset when a hard state change occurred
* Removed duplicated unlinks for check result files with multiple results
* Fixed race condition on flexible downtime commands when duration not set or zero (Michael Friedrich)
* Fixed flexible downtime on service hard state change doesn't get triggered/activated (Michael Friedrich)
* Fixed XSS vulnerability in config.cgi and statusmap.cgi (Stefan Schurtz)
* Fixed segfault when sending host notifications (Michael Friedrich)
* Fixed bug where unauthorized contacts could issue hostgroup and servicegroup commands (Sven Nierlein)
"checking for replacing readdir using getdirentries()".
The functions in samba-3.5.10/lib/replace/repdir_getdirentries.c
fail on NetBSD 5.99.54, and the test code in
samba-3.5.10/lib/replace/test/os2_delete.c
did not handle the failure.
Not bumping PKGREVISION, because this affects only the
configure script, and the package did not build on
NetBSD-current before.
to version 0.8.9. Changes since version 0.12.6 respectively 0.8.6:
- Added multithreading support for XMLRPC calls. Sponsored by Xirvik.
- Discard dht cache if it is corrupt, instead of killing rtorrent.
- Better handling of resume after crash/reboot alliviating the need to
full hash checks. Sponsored by anonymous source.
- Added support for Linux's fallocate and Darwin's
fcntl(...,F_PREALLOCATE,...) to preallocate files by default. The
'system.file_allocate' setting will now only be used to indicate you
want posix_fallocate called, which may block while it zeros out the
file manually.
- Added 'event.download.hash_failed' and 'event.download.hash_final_failed'.
- Cleaning up command names. The deprecated commands will be redirected.
- Renamed 'system.method.*' to 'method.*'.
- Added 'system.files.{opened,closed,failed}_counter' commands.
- Added xmlrpc calls for peer snubbed, banned and disconnect.
- Added '-D' flag which turns of redirects for deprecated commands.
Use this to ensure your scripts/webui's will be compatible with future
releases.
- Added separate '-I' and '-K' switches for command redirects, the
former is for testing rtorrent code, the latter for webui's.
- Added a static_map implementation based on Josef's patches.
- Commited the DHT changes from dht-pex-static_map.diff with changes
so it works with the modified static_map implementation.
- Applied the magnet-uri patch.
- Don't install the out-of-date man page.
- Added 'execute.*.bg' commands for non-blocking calls. Always returns 0.
- Added support for prioritizing first/last chunk of files matching
specified patterns. Default:
file.prioritize_toc.set=0
file.prioritize_toc.first.set = {*.avi,*.mp4,*.mkv,*.gz}
file.prioritize_toc.last.set = {*.zip}
- Added 'method.rlookup' and 'method.rlookup.clear' commands for looking
up the event handlers holding a specified key, and set views to support
rlookup.
- Added 'd.timestamp.finished' that is set when a downloading torrent
completes. For torrents that only seed it remains '0'.
- Added 'elapsed.{less,greater}' for checking the time elapsed since a
time is less/greater, and it also returns false in all cases where
the time is '0'.
- Moved the default value for 'system.files.max_size' to rtorrent, and
set the default in libtorrent to ~0.
- Increased the default values for min/max_peers and max_uploads.
- Fixed a bug that would cause hash checking to block excessively in some
cases.
- Fixed a bug when setting the pex flags.
- Fixed an issue where DHT's hashing function for TR1 unordered_map was
casting unaligned size_t pointers.
- Fixed default session name.
- Added a missing inline that could cause linking errors.
Added
* none
Fixed
* crash at first startup
* support for Twitter API bug
* fire click even if too far location between a mousedown and a mousedown.
* not startup non-full-color environment
* remove a unwanted file
* crash at mis-extract bit.ly.
Changelog:
* Support short URI containing only video ID.
* Follow redirect in retriving watch page.
XXX At least on NetBSD 5.99.55, nicovide-dl hungs due to openssl issue.
* fixed a coredump in torrent on linux with a ppp interface.
* translation updated (ru).
Version 4.3.0 - 2011-06-17
* new command `attach' to control a backgrounded lftp.
* automatically fill torrent:ipv6 setting.
* slightly improved torrent status display.
* fixed reconnect interval (it was sometimes uninitialized).
* several fixes for the case of cmd:parallel>1
Bug Fixes:
* removed ldns-src tarball inside the unbound tarball.
* [bugzilla: 395 ]
fix that id bits of other query may leak out under conditions
* fix replyaddr count wrong after jostled queries, which leads to eventual starvation where the daemon has no replyaddrs left to use.
* fix that the listening socket is not closed when too many remote control connections are made at the same time.
* version number in example config file.
* fix that --enable-static-exe does not complain about it unknown.
* iana portlist updated
1.4.11:
Features:
* log-queries: yesno option, default is no, prints querylog.
* ignore-cd-flag: yesno to provide dnssec to legacy servers.
* Use -flto compiler flag for link time optimization, if supported.
* unbound-control has version number in the header, and uses port number registered with IANA, 8953.
Bug Fixes:
* Fix Makefile for U in environment, since wrong U is more common than deansification necessity.
* defense in depth against the assertion failure bug fixed in 1.4.10, an error is printed to log instead of an assertion failure.
* [bugzilla: 386 ]
--enable-allsymbols option links all binaries to libunbound and reduces install size significantly.
* Fix TTL of SOA so negative TTL is separately cached from normal TTL.
* configure created with newer autoconf 2.66.
* [bugzilla: 378 ]
Fix that configure checks for ldns_get_random presence.
* queries with CD flag set cause DNSSEC validation, but the answer is not withheld if it is bogus. Thus, unbound will retry if it is bad and curb the TTL if it is bad, thus protecting the cache for use by downstream validators.
* val-override-date: -1 ignores dates entirely, for NTP usage.
* harden-below-nxdomain: changed so that it activates when the cached nxdomain is dnssec secure. This avoids backwards incompatibility because those old servers do not have dnssec.
* statistics-interval prints the number of jostled queries to log.
* IPv6 service address for d.root-servers.net (2001:500:2D::D).
* updated ldns tarball to 1.6.10rc2 snapshot
* iana portlist updated.
* New example tool added: ldns-gen-zone.
* bugfix #359: Serial-arithmetic for the inception and expiration
fields of a RRSIG and correctly converting them to broken-out time
information.
* bugfix #364: Slight performance increase of ldns-verifyzone.
* bugfix #367: Fix to allow glue records with the same name as the
delegation.
* Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and*
glue when the zone is opt-out.
* bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations,
ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too.
* pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit
performance)
* Better handling of reference variables in ldns_rr_new_frm_fp_l from
pyldns, with a very nice generator function by Bedrich Kosata.
* Decoupling of the rdfs in rrs in the python wrappers to enable
the python garbage collector by Bedrich Kosata.
* bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at
build time and when used.
* bugfix #383: Fix detection of empty nonterminals of multiple labels.
* Fixed the ommission of rrsets in nsec(3)s and rrsigs to all occluded
names (in stead of just the ones that contain glue only) and all
occluded records on the delegation points (in stead of just the glue).
* Clarify the operation of ldns_dnssec_mark_glue and the usage of
ldns_dnssec_node_next_nonglue functions in the documentation.
* Added function ldns_dnssec_mark_and_get_glue as an real fast
alternative for ldns_zone_glue_rr_list.
* Fix parse buffer overflow for max length domain names.
* Fix Makefile for U in environment, since wrong U is more common than
deansification necessity.
==============================
Release Notes for Samba 3.3.16
July 26, 2011
==============================
This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.
o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.
Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.
Changes since 3.3.15
--------------------
o Kai Blin <kai@samba.org>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.
==============================
Release Notes for Samba 3.5.10
July 26, 2011
==============================
This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.
o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.
Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.
Changes since 3.5.9:
--------------------
o Kai Blin <kai@samba.org>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.
Lose the only patch, since upstream fixed the "test ==" bashisms.
Use curl to fetch distfile from https site
From the CHANGES file:
btpd 0.16:
----------
Misc:
- Added "start all" (start -a) command.
- Allow adding multiple torrents at once.
- Custom list formatting options.
- Man pages for btpd, btcli, and btinfo.
Bug fixes:
- Handle .torrent files larger than 2MB.
- http parsing and addrinfo freeing fixes.
The major changes since version 1.4.* are:
- Wireshark is now distributed as an installation package rather
than a drag-installer on OS X. The installer adds a startup
item that should make it easier to capture packets.
- Large file (greater than 2 GB) support has been improved.
- Wireshark and TShark can import text dumps, similar to
text2pcap.
- You can now view Wireshark's dissector tables (for example the
TCP port to dissector mappings) from the main window.
- Wireshark can export SSL session keys via File→Export→SSL
Session Keys...
- TShark can show a specific occurrence of a field when using
'-T fields'.
- Custom columns can show a specific occurrence of a field.
- You can hide columns in the packet list.
- Wireshark can now export SMB objects.
- dftest and randpkt now have manual pages.
- TShark can now display iSCSI, ICMP and ICMPv6 service response
times.
- Dumpcap can now save files with a user-specified group id.
- Syntax checking is done for capture filters.
- You can display the compiled BPF code for capture filters in
the Capture Options dialog.
- You can now navigate backwards and forwards through TCP and
UDP sessions using Ctrl+, and Ctrl+. .
- Packet length is (finally) a default column.
- TCP window size is now avaiable both scaled and unscaled. A
TCP window scaling graph is available in the GUI.
- 802.1q VLAN tags are now shown in the Ethernet II protocol
tree instead of a separate tree.
- Various dissectors now display some UTF-16 strings as proper
Unicode including the DCE/RPC and SMB dissectors.
- The RTP player now has an option to show the time of day in
the graph in addition to the seconds since beginning of
capture.
- The RTP player now shows why media interruptions occur.
- Graphs now save as PNG images by default.
- TShark can read and write host name information from and to
pcapng-formatted files. Wireshark can read it. TShark can dump
host name information via
[-z hosts]
.
- TShark's -z option now uses the
[-z <proto>,srt]
syntax instead of
[-z <proto>,rtt]
for all protocols that support service response time
statistics. This matches Wireshark's syntax for this option.
- Wireshark and TShark can now read compressed Windows Sniffer
files.
- New Protocol Support
ADwin, ADwin-Config, Apache Etch, Aruba PAPI, Babel Routing
Protocol, Broadcast/Multicast Control, Constrained Application
Protocol (COAP), Digium TDMoE, Erlang Distribution Protocol,
Ether-S-I/O, FastCGI, Fibre Channel over InfiniBand (FCoIB),
Gopher, Gigamon GMHDR, IDMP, Infiniband Socket Direct Protocol
(SDP), JSON, LISP Control, LISP Data, LISP, MikroTik MAC-Telnet,
MRP Multiple Mac Registration Protocol (MMRP) Mongo Wire Protocol,
MUX27010, Network Monitor 802.11 radio header, OPC UA
ExtensionObjects, openSAFETY, PPI-GEOLOCATION-GPS, ReLOAD, ReLOAD
Framing, RObust Header Compression (ROHC), RSIP, SAMETIME, SCoP,
SGSAP, Tektronix Teklink, USB/AT Commands, uTorrent Transport
Protocol, WAI authentication, Wi-Fi P2P (Wi-Fi Direct)
- New and Updated Capture File Support
Apple PacketLogger, Catapult DCT2000, Daintree SNA, Endace ERF, HP
OpenVMS TCPTrace, IPFIX (the file format, not the protocol),
Lucent/Ascend debug, Microsoft Network Monitor, Network
Instruments, TamoSoft CommView
- Bug Fixes
- The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The Lucent/Ascend file parser was susceptible to an infinite
loop.
Versions affected: 1.2.0 to 1.2.17, 1.4.0 to 1.4.7, and 1.6.0.
CVE-2011-2597
o The ANSI MAP dissector was susceptible to an infinite loop.
(Bug 6044)
Versions affected: 1.4.0 to 1.4.7, and 1.6.0.
CVE-2011-????
- The following bugs have been fixed:
o TCP dissector doesn't decode TCP segments of length 1. (Bug
4716)
o Wireshark 1.4.0rc1 and python - spurious message. (Bug 4878)
o Missing LUA function. (Bug 5006)
o Lua API description about creating a new Tvb from a bytearray
is not correct in wireshark's user guide. (Bug 5199)
o sflow decode error for some extended formats. (Bug 5379)
o White space in protocol field abbreviation causes runtime
failure while registering Lua dissector. (Bug 5569)
o "File not found" box uses wrong filename encoding. (Bug 5715)
o capinfos: #ifdef HAVE_LIBGCRYPT block includes a line too
many. (Bug 5803)
o Wireshark crashes if Lua contains "Pref.range()" with missing
arguments. (Bug 5895)
o The "range" field in Lua's "Pref.range()" serves as default
while the "default" field does nothing. (Bug 5896)
o Wireshark crashes when calling TreeItem:set_len() on TreeItem
without tvb. (Bug 5941)
o TvbRange_string(lua_State* L) call a wrong function. (Bug
5960)
o VoIP call flow graph displays BICC APM as a BICC ANM. (Bug
5966)
o H323 rate multiplier wrong. (Bug 6009)
o tshark crashes when loading Lua script that contains GUI
function. (Bug 6018)
o 802.11 Disassociation Packet's "Reason Code" field is
imprecisely decoded/described. (Bug 6022)
o Wireshark crashes when setting custom column's field name with
conditional. (Bug 6028)
o GTS Descriptor count limited to 3 instead of 7. (Bug 6055)
o The SSL dissector can not resemble correctly the frames after
TCP zero window probe packet. (Bug 6059)
o Packet parser takes too long for this trace. (Bug 6073)
o 802.11 Association Response Packet's "Status Code" field is
imprecisely decoded/described. (Bug 6093)
o Wireshark 1.6.0 and Python support: installer fails to create
the wspy_dissectors subdirectory and . (Bug 6110)
o Wireshark crash during RTP stream analysis. (Bug 6120)
o Tshark custom columns: Why don't I get an error message? (Bug
6131)
- Updated Protocol Support
ANSI MAP, GIOP, H.323, IEEE 802.11, MSRP, RPCAP, sFlow, TCP,
- New and Updated Capture File Support
Lucent/Ascend.
2011-03-24 Bob Halley <halley@dnspython.org>
* dns/rdata.py (Rdata._wire_cmp): We need to specify no
compression and an origin to _wire_cmp() in case names in the
rdata are relative names.
* dns/rdtypes/ANY/SIG.py (SIG._cmp): Add missing 'import struct'.
Thanks to Arfrever Frehtes Taifersar Arahesis for reporting the
problem.
2011-03-24 Bob Halley <halley@dnspython.org>
* (Version 1.9.3 released)
2011-03-22 Bob Halley <halley@dnspython.org>
* dns/resolver.py: a boolean parameter, 'raise_on_no_answer', has
been added to the query() methods. In no-error, no-data
situations, this parameter determines whether NoAnswer should be
raised or not. If True, NoAnswer is raised. If False, then an
Answer() object with a None rrset will be returned.
* dns/resolver.py: Answer() objects now have a canonical_name field.
2011-01-11 Bob Halley <halley@dnspython.org>
* Dnspython was erroneously doing case-insensitive comparisons
of the names in NSEC and RRSIG RRs. Thanks to Casey Deccio for
reporting this bug.
2010-12-17 Bob Halley <halley@dnspython.org>
* dns/message.py (_WireReader._get_section): use "is" and not "=="
when testing what section an RR is in. Thanks to James Raftery
for reporting this bug.
2010-12-10 Bob Halley <halley@dnspython.org>
* dns/resolver.py (Resolver.query): disallow metaqueries.
* dns/rdata.py (Rdata.__hash__): Added a __hash__ method for rdata.
2010-11-23 Bob Halley <halley@dnspython.org>
* (Version 1.9.2 released)
2010-11-23 Bob Halley <halley@dnspython.org>
* dns/dnssec.py (_need_pycrypto): DSA and RSA are modules, not
functions, and I didn't notice because the test suite masked
the bug! *sigh*
2010-11-22 Bob Halley <halley@dnspython.org>
* (Version 1.9.1 released)
2010-11-22 Bob Halley <halley@dnspython.org>
* dns/dnssec.py: the "from" style import used to get DSA from
PyCrypto trashed a DSA constant. Now a normal import is used
to avoid namespace contamination.
2010-11-20 Bob Halley <halley@dnspython.org>
* (Version 1.9.0 released)
2010-11-07 Bob Halley <halley@dnspython.org>
* dns/dnssec.py: Added validate() to do basic DNSSEC validation
(requires PyCrypto). Thanks to Brian Wellington for the patch.
* dns/hash.py: Hash compatibility handling is now its own module.
2010-10-31 Bob Halley <halley@dnspython.org>
* dns/resolver.py (zone_for_name): A query name resulting in a
CNAME or DNAME response to a node which had an SOA was incorrectly
treated as a zone origin. In these cases, we should just look
higher. Thanks to Gert Berger for reporting this problem.
* Added zonediff.py to examples. This program compares two zones
and shows the differences either in diff-like plain text, or
HTML. Thanks to Dennis Kaarsemaker for contributing this
useful program.
2010-10-27 Bob Halley <halley@dnspython.org>
* Incorporate a patch to use poll() instead of select() by
default on platforms which support it. Thanks to
Peter Schüller and Spotify for the contribution.
2010-10-17 Bob Halley <halley@dnspython.org>
* Python prior to 2.5.2 doesn't compute the correct values for
HMAC-SHA384 and HMAC-SHA512. We now detect attempts to use
them and raise NotImplemented if the Python version is too old.
Thanks to Kevin Chen for reporting the problem.
* Various routines that took the string forms of rdata types and
classes did not permit the strings to be Unicode strings.
Thanks to Ryan Workman for reporting the issue.
* dns/tsig.py: Added symbolic constants for the algorithm strings.
E.g. you can now say dns.tsig.HMAC_MD5 instead of
"HMAC-MD5.SIG-ALG.REG.INT". Thanks to Cillian Sharkey for
suggesting this improvement.
* dns/tsig.py (get_algorithm): fix hashlib compatibility; thanks to
Kevin Chen for the patch.
* dns/dnssec.py: Added key_id() and make_ds().
* dns/message.py: message.py needs to import dns.edns since it uses
it.
2010-05-04 Bob Halley <halley@dnspython.org>
* dns/rrset.py (RRset.__init__): "covers" was not passed to the
superclass __init__(). Thanks to Shanmuga Rajan for reporting
the problem.
2010-03-10 Bob Halley <halley@dnspython.org>
* The TSIG algorithm value was passed to use_tsig() incorrectly
in some cases. Thanks to 'ducciovigolo' for reporting the problem.
Changes:
added
* none
fixed
* On icons of voter, screen_name is not shown in tip help. And user profile is
not shown on click.
* Wheel scroll does not work on follow/follower list.
* at fire /statuses/update, with include_entities=1, so that own tweet with
entity.
* correct index with counting escaped string in an appropriate manner (wip)
* crash when retweet at the tweet is removed from TL.
libtrace 3.0.10 (2011-03-11)
Bug Fixes
Improvements
* Significantly improved performance of libtrace event API
* Transport headers and payload length are now cached for each
packet, saving time on subsequent lookups
libtrace 3.0.9 (2011-01-25)
Bug Fixes
Improvements
* tracesplit can now accept multiple input URIs which are read in turn
libtrace 3.0.8 (2010-12-03)
Bug Fixes
New Features
* Added a new API function called trace_get_payload_length() that returns
the length of the original payload content (i.e. the size of the
post-transport header payload prior to any snapping)
Improvements
* Added IPv6 and IPv6 fragmentation header decoders to libpacketdump
* traceanon can now read cryptopan keys from a file
Changelog:
1.12.0
Changes
-------
* Use ServerStat to find faster server. This is useful when several
downloads were started in parallel, but one download is slow and
the other downloads have completed. Then aria2 knows which servers
are fast by the results of completed downloads, and check the
available URIs of slow downloads to see faster server is available
there. If so, use it instead of current slow one to make download
faster.
* Added Russian translation of man page and HTML manual contributed
by ITriskTI.
* Added aria2.getGlobalStat RPC method. It returns overall
download/upload speed and the number of active/stopped/waiting
downloads.
* Added --pause option. This option pauses download after
added. This option is effective only when --enable-rpc=true is
given. When --save-session option is used and there are paused
downloads, they are saved with --pause=true so that it will become
paused state when the session is recovered.
* Abort aria2 if it could not setup any RPC server.
* Added --truncate-console-readout option. This option truncates
console readout to fit in a single line. This is default. Give
false value to this option to tell aria2 not to truncate console
readout.
* Cache and reuse RpcMethod objects.
* Allowed missing params in system.multicall RPC method.
* Added --stream-piece-selector option. This option specifies piece
selection algorithm used in HTTP/FTP download. Piece means fixed
length segment which is downloaded in parallel in segmented
download. If 'default' is given, aria2 selects piece so that it
reduces the number of establishing connection. This is reasonable
default behaviour because establishing connection is an expensive
operation. If 'inorder' is given, aria2 selects piece which has
minimum index. Index=0 means first of the file. This will be useful
to view movie while downloading it. --enable-http-pipelining option
may be useful to reduce reconnection overhead. Please note that
aria2 honors --min-split-size option, so it will be necessary to
specify a reasonable value to --min-split-size option.
* Removed unnecessary template parameter from std::make_pair call.
The patch was contributed from Dan Fandrich.
* Implemented fast file allocation in MinGW32 build. We use
SetFilePointerEx and SetEndOfFile to allocate extents. This only
works with NTFS. To enable this feature, --file-allocation=falloc
must be given.
* Only percent-encode non-printable ASCII chars(0x00-0x1f), non-ASCII
chars(>0x7f), ' ', '"', '<' and '>' for URIs supplied by user and
remote server(usually Location header field).
* Don't throw exception if Z_BUF_ERROR is encountered in GZipEncoder.
This fixed the bug that compressed RPC request failed.
* Don't save removed download in --save-session text file. Now stat
column of removed downloads in Download Results is 'RM' instead of
INPR.
1.11.2
Changes
-------
* Updated Japanese, Spanish and Simplified Chinese translation.
Thanks to all translators.
* Eliminated few seconds delay when downloads stop or pause.
* Added --metalink-base-uri option. --metalink-uri option specifies
base URI to resolve relative URI in metalink file stored in local
disk. If URI points to a directory, URI must end with '/'.
* Run batch file with cmd.exe. Quoted user command. It seems that we
have to specify the full path to cmd.exe in the first argument of
CreateProcess() to run batch file in proper manner. We first
determine the full path to cmd.exe. To do this, we get windir
environment variable and concatenate it with "\system32\cmd.exe".
* Fixed the bug that the message "Loaded cookies from ..." appears
when loading cookies from that file failed.
* Applied patch from Dan Fandrich. This patch fixes compatibility
issue when compiling aria2 on older systems.
* Support relative URI in Metalink file. If relative URI is found in
Metalink file, aria2 resolves its full URI contatenating the URI
from which Metalink file is retrieved and relative URI in Metalink
file. This feature is not available if Metalink file in local disk
is specified in command line.
* Erase user and password specified in command-line from argv. The
user and password is masked with '*'.
* If no data type tag is used in XML-RPC, treat the data as string.
Changes:
added
* none
fixes
* rare crash at startup
* all process invoked by mikutter will be zombie
* crash with replying to deleted tweets
* rare crash at deleting own tweets
== 2.3 ==
2.3.1.1 Sun Jun 19 2011 Toni Gundogdu
Fixes:
- Missing details in --help output
2.3.1 Sat Jun 18 2011 Toni Gundogdu
Changes:
- Add --query-formats, deprecate "--format list"
- Detect quvi and/or download command from $PATH
- In the absence of --quvi and/or --get-with
- Bump quvi prerequisite to 0.2.17
- Revise manual
* Don't define ENABLE_PUSH_PEER_INFO if SSL is not available
* Fix compiling issues with pkcs11 when --disable-management is configured
* Remove support for Linux 2.2 configuration fallback
* Fix compile issues when using --enable-small and
--disable-ssl/--disable-crypto
* Fix 2.2.0 build failure when management interface disabled
* Added info about --show-proxy-settings
* Documented --x509-username-field option
* Updated "easy-rsa" for OpenSSL 1.0.0
* Fixes to easy-rsa/2.0
* Made domake-win builds to use easy-rsa/2.0/openssl-1.0.0.cnf
* Fix a build-ca issue on Windows
* Fix issues with some older GCC compilers
* Fix segfault when typing invalid oid number
Changes 0.4.2:
* Fix spurious autoscrolling
Changes 0.4.1:
* Code cleanup, get rid of some deprecated components
* Support saving of window size
* Support more oid types/input conventions
Changes 0.4.0:
* New maintainer
* Upgrade to gtk2
* Improve autodetection of oid type (now supports unsigned, etc.)
* Handle gui events while performing long tasks
* Put scrollbars on the right side
* Make output wrapping configurable
The package name was selected as:
- Make sure to greater version from bind-9.6.3.
- Include "ESV" (Extended Support Version) string.
Since changes from BIND 9.6.3 are too may, please refer changes in detail:
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4/CHANGES
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P1/RELEASE-NOTES-BIND-9.6-ESV-R4-P1.html
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P3/RELEASE-NOTES-BIND-9.6-ESV-R4-P3.html
--- 9.7.3-P3 released ---
3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]
--- 9.7.3-P2 released (withdrawn) ---
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
Introduction
BIND 9.8.0-P4 is security patch for BIND 9.8.0.
Please see the CHANGES file in the source code release for a complete
list of all changes.
--- 9.8.0-P4 released ---
3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]
--- 9.8.0-P3 released (withdrawn) ---
3126. [security] Using DNAME record to generate replacements caused
RPZ to exit with a assertion failure. [RT #23766]
3125. [security] Using wildcard CNAME records as a replacement with
RPZ caused named to exit with a assertion failure.
[RT #24715]
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
3115. [bug] Named could fail to return requested data when
following a CNAME that points into the same zone.
[RT #2445]
---
Release messages:
The RabbitMQ team is pleased to announce the release of RabbitMQ 2.1.1.
This release fixes a number of bugs and introduces some enhancements,
including exchange to exchange bindings and some performance improvements,
in the server and clients.
The RabbitMQ team is pleased to announce the release of RabbitMQ 2.2.0.
This release fixes a number of bugs and introduces some enhancements,
including automatic upgrades of non-clustered brokers, per-queue message
TTLs and significantly reduced memory usage for pending acknowledgements.
Perfectly timed one day before the start of the year of the Rabbit,
the RabbitMQ team is pleased to announce the release of RabbitMQ 2.3.0.
This release fixes a number of bugs and introduces some enhancements,
including streaming publish confirmations, new plugin mechanisms for
authentication and authorisation, and a great deal more.
The RabbitMQ team is pleased to announce the release of RabbitMQ 2.3.1.
This release fixes a small number of bugs, in particular one serious bug
in 2.3.0 which could lead to queue processes crashing.
The RabbitMQ team is delighted to announce the release of RabbitMQ 2.4.0.
This release fixes a number of bugs and introduces some enhancements,
including fast routing for topic exchanges, sender-selected distribution
and server-side consumer cancellation notifications.
The RabbitMQ team is delighted to announce the release of RabbitMQ 2.4.1.
This release fixes a number of bugs, in particular one bug in 2.4.0 that
would break upgrades if durable queues were present. A notable enhancement
included in this release are cluster upgrades.
The RabbitMQ team is delighted to announce the release of RabbitMQ 2.5.0.
This release fixes a number of bugs. In particular:
recovery has been simplified, improving startup times when many exchanges
or bindings exist
bindings are recovered between durable queues and non-durable exchanges
on restart of individual cluster nodes
better performance under high load and memory pressure
source compatibility with the new Erlang R14B03 release
New features include:
tracing facility for debugging incoming and outgoing messages, (see firehose)
improved inbound network performance
improved routing performance
new rabbitmqctl commands ('report', 'environment', and 'cluster_status')
The RabbitMQ team is pleased to announce the release of RabbitMQ 2.5.1.
This release correctly upgrades from RabbitMQ 2.1.1 and 2.2.0.
There are no other changes compared with 2.5.0.
Added
* resume last retrieved follow/follower at startup.
Fixes
* only get last 200 follow/follower.
* crash when leaving a tweet selected.
* crash if failed to extract URL.
* rare crash at startup.
Update GeoIP to 1.4.8.
1.4.8
* Fix GEOIP_DOMAIN_EDITION_V6 ( Boris Zentner )
* Add new Datatypes GEOIP_NETSPEED_EDITION_REV1_V6 and
GEOIP_NETSPEED_EDITION_REV1 ( Boris Zentner )
* Fix possible directory traversal weakness in geoipupdate-pureperl.pl with
malicious update server ( Boris Zentner )
* Fix GEOIP_ORG_EDITION_V6 and GEOIP_ISP_EDITION_V6 ( Boris Zentner )
While here, unset DIST_SUBDIR.
Changes since 3.0.713:
- IPv6 support! Big ups to Mats Erik Andersson who did most
of this work!
- Allow sort on last-seen, thanks to Dirk Koopman.
- Support multiple bind addresses.
- Add --disable-debug configure flag, thanks to Malte S. Stretz.
- Make it possible to save the DB without resetting it (SIGUSR2).
- Web: Use relative URLs, so darkstat works properly behind mod_proxy,
thanks to Malte S. Stretz.
pkgsrc change:
- Add LICENSE.
- Add more example files.
Fixed Bugs of 1.3.7:
#1668 Scroll lock has opposite behavior 1.3.x 0
#2952 Visual C++ 2008 Redistributable unpacks to root of hard drive 1.3.6 0
#2939 The hook DLL (synrgyhk.dll) is not compiled to the bin dir 1.3.6 0
#2938 Argument --help does not work 1.3.6 0
#2834 Fix buildbot console (it has nothing on it) 1.3.6 0
#691 fix compilation errors for gcc 4.3 1.2.6 0
#1187 Compile broken for modern C++ 1.3.1 0
#683 Only cross screens on during special keypress 1.3.0 0
#128 In Linux focused window loses focus when cursor moved to another screen
(big problem for 1B.o3x.3ee) 12
#1663 "hos" != "host" 1.3.1 1
#610 Client side crash - Linux x64 1.3.5 2
* don't write passwords to transfer_log.
* new setting mirror:no-empty-dirs.
* allow `jobs' output to be redirected.
* don't list not connected torrent peers by default.
* show torrent validation rate and ETA.
Version 4.2.2 - 2011-04-11
* fixed `cd -'`.
* fixed pget for URLs with special symbols.
* translations updated (cs, ru). detlist_end VERSION(4.2.0, 2011-03-03) detlist_begin
* changed ssl:verify-certificate default to yes.
* check certificate common name in openssl case (code from curl).
* disable weak algorithms in openssl (Ludwig Nussel).
* new setting xfer:log-file (Timur Sufiev).
* support for netkey pasword in ftp (Ryan Thomas).
* added torrent ipv6 support (new setting torrent:ipv6)
* don't accept new connections when no torrent can accept them.
* allow to specify job numbers in ``jobs'' command.
* fixed a segfault in pget when an error happens on second chunk. detlist_end VERSION(4.1.3, 2011-01-17) detlist_begin
* fixed a coredump in torrent (introduced in 4.1.2). detlist_end VERSION(4.1.2, 2010-12-31) detlist_begin
* new command ln [-s], supported by FTP (SITE [SYM]LINK), FISH, SFTP, and locally via file: schema.
* create remote symlinks in mirror -R if supported by server.
* detect and remove duplicate peers in torrent. detlist_end VERSION(4.1.0, 2010-11-22) detlist_begin
* send path components to ftp server separately, unless TVFS is in FEAT reply.
* save pget status at the very beginning of pget execution.
* allow mirror pget continuation (mirror -c --use-pget).
* allow multiple torrent startup at once (e.g. torrent *.torrent).
* pre-allocate disk space in torrent, if posix_fallocate(3) is supported.
* new command prefix ``local''. It makes the following command use local session instead of remote.
* added torrent multi-tracker support.
* fixed convert-mozilla-cookies cookie duplication. detlist_end VERSION(4.0.10, 2010-09-01) detlist_begin
* use cached file set, dont parse file listing again.
* updated convert-netscape-cookies.
* fixed a problem with zeroed errno in http.
* fixed coredump on mirror --log=file when the file cannot be opened.
* translations updated (de, ru).
Bugfixes:
* Do setusercontext before chroot, otherwise login.conf etc. are required inside chroot.
* Bugfix #216: Fix leak of compressiontable when the domain table increases in size.
* Bugfix #348: Don't include header/library path if OpenSSL is in /usr.
* Bugfix #350: Refused notifies should log client ip.
* Bugfix #352: Fix hard coded paths in man pages.
* Bugfix #354: The realclean target deletes a bit too much.
* Bugfix #357, make xfrd quit with many zones.
* Bugfix #362: outgoing-interface and v4 vs. v6 leads to spurious warning messages.
* Bugfix #363: nsd-checkconf -v does not print outgoing-interface ok.
* Bugfix: nsd-checkconf -o outgoing-interface omits NOKEY.
* Undo Bugfix #235: Don't skip dname compression, messes up packets that do need compression.
Operational notes:
* Use 'make clean' to clean up files that make created.
* Use 'make realclean' to also clean up files that were generated by running ./configure.
* Use 'make devclean' to also clean up autoconf, autoheader files.
NSD 3.2.7:
Bugfixes:
* Bugfix #253: Don't put NS RRs in a response with QTYPE=DS.
* Bugfix #320: use arcrandom(4) for QID generation if available.
* Bugfix #328: nsd-checkconf overrun.
* Bugfix #343: nsdc update fix.
* Bugfix #347: Wrong NSEC3 returned for nodata response QTYPE=DS no delegation.
* Bugfix: Allow for huge amount of strings in TXT (and other) records.
* Bugfix: nsdc can now deal with tsig algorithms other than hmac-md5.
* Fixed several parts in the documentation, including #306, #345.
Release date: 2011-06-06 04:41 UTC
Release state: stable
Changelog:
- Adding a new command() method for sending arbitrary SMTP commands.
- More kinds of socket write() failures are now detected.
- Improved PEAR_Error internal handling. (Bug 18469)
- External authentication methods are now supported via setAuthMethod().
- Resource-based data streams are no longer terminated prematurely. (Bug 18563)
Net::LDAP for Ruby (also called net-ldap) implements client access for the
Lightweight Directory Access Protocol (LDAP), an IETF standard protocol for
accessing distributed directory services. Net::LDAP is written completely in
Ruby with no external dependencies. It supports most LDAP client features
and a subset of server features as well.
Net::LDAP has been tested against modern popular LDAP servers including
OpenLDAP and Active Directory. The current release is mostly compliant with
earlier versions of the IETF LDAP RFCs (2251-2256, 2829-2830, 3377, and 3771).
Our roadmap for Net::LDAP 1.0 is to gain full *client* compliance with
the most recent LDAP RFCs (4510-4519, plus portions of 4520-4532).
While here, let to allow co-existence with ruby-escape package.
Improvements
* none
Fixes
* impossible to search with Japanese
* impossible to google search with Japanese
* fire shortcut key for tweet when typing search string
* memory leaks
* devours API with retrying tweet of keyed account that does not authenticat me
* not play sound on some platforms.
= Version 0.7.1
* [BUG] AMQP gem no longer conflicts with Builder 2.1.2 on Ruby 1.9.
All Ruby on Rails 3 users who run Ruby 1.9 are highly recommended
to upgrade!
* [API] AMQP::Exchange.default no longer caches exchange object between calls
because it may lead to very obscure issues when channel that exchange was
using is closed (due to connection loss, as part of test suite teardown
or in any other way).
* [API] AMQP::Exchange.default now accepts channel as a parameter.
* [API] AMQP::Exchange#channel
* [BUG] Basic.Return is not supported by amqp gem yet, but it should not result in obscure exceptions
* [API] AMQP::Exchange#publish now supports content type overriding.
* [API] Introduce AMQP::Exchange #durable?, #transient?, #auto_deleted? and #passive?
* [API] Introduce AMQP::Channel#open?
* [BUG] AMQP connection was considered established prematurely.
* [API] MQ.logging is removed; please use AMQP.logging from now on.
* [API] MQ::Queue class is deprecated; please use AMQP::Queue from now on.
* [API] MQ::Exchange class is deprecated; please use AMQP::Exchange from now on.
* [API] MQ class is deprecated; please use AMQP::Channel from now on.
* [API] require "mq" is deprecated; please use require "amqp" from now on.
= Version 0.7
* [BUG] Sync API for queues and exchanges, support for server-generated queues & exchange names (via semi-lazy collection).
* [BUG] Sync API for MQ#close (Channel.Close) [issue #34].
* [FEATURE] AMQP URL from majek's fork, with some fixes. Example: AMQP.start("amqps://")
* [DEVELOP] Added some em-spec-based specs, bin/irb, Gemfile.
* [FEATURE] Added MQ::Exchange.default for the default exchange.
* [FEATURE] Raise an exception if we're trying to use Basic.Reject with RabbitMQ.
* [FEATURE] Fail if an entity is re-declared with different options.
* [BUG] Don't reconnect if the credentials are wrong.
* [BUG] Fixed an exception which occurred when Queue#bind was called synchronously with a callback.
* [DEVELOPMENT] Added a lot of specs (Bacon replaced by rSpec 2).
## Addressable 2.2.6
- changed the way ambiguous paths are handled
- fixed bug with frozen URIs
- https supported in heuristic parsing
## Addressable 2.2.5
- 'parsing' a pre-parsed URI object is now a dup operation
- introduced conditional support for libidn
- fixed normalization issue on ampersands in query strings
- added additional tests around handling of query strings
## Addressable 2.2.4
- added origin support from draft-ietf-websec-origin-00
- resolved issue with attempting to navigate below root
- fixed bug with string splitting in query strings
## Addressable 2.2.3
- added :flat_array notation for query strings
* PCRE is not needed anymore.
Changlog:
0.2.17 Fri Jun 17 2011 Toni Gundogdu
Changes: dist
- Remove --enable-verbose-test, set TEST_VERBOSE for same effect
- Rewrite doc/ files for NaturalDocs and place under doc/nd/
- Add doc/nd/ with NaturalDocs formatted text files
- These are not installed with quvi, see also --with-doc below
- Bump libcurl prerequisite to 7.18.2 (#58)
- Rename --with-man -> --with-manual
- Remove --with-doc
- Apart from doc/man1/quvi.1, nothing is installed from doc/
- See also --with-manual
Changes: API
- Mark QUVIOPT_WRITEFUNCTION as deprecated (removed in 0.2.20)
- Remove QUVI_WRITEFUNC_ABORT
- Remove quvi_callback_write
- Rewrite header files to use NaturalDocs comments instead
- Move function descriptions to src/lib/*_api.c
- Add quvi_query_formats
Changes: quvi
- Make minor changes to "--support arg" output
- Add --query-formats
Changes: Webscripts
- academicearth.lua: Rewrite to redirect to Blip
- collegehumor.lua: Add support for dorkly (#55)
- Thanks to Lionel Elie Mamane for the original patch
- vimeo.lua: Handle player.vimeo.com URLs (#56)
- Thanks Lionel
Fixes: Webscripts
- bikeradar.lua: Title parsing
0.96 10 Jan 2006 22:54 Major bugfixes
Changes: This release fixes bugs that prevented the client from bootstrapping
from other nodes.
0.95 05 Mar 2005 23:14 Major feature enhancements
Changes: This release now supports UPnP and Zeroconf/Rendezvous for node
discovery. Nodes behind NAT can now be first-class members of the network.
Groups of nodes on the same network can form into a private Kenosis network.
This release also features increased time between identical calls to the same
remote node and improved handling of timeouts between nodes
* Improvements
* Add notification related events. Add following plugins
* alsa - plugin for playing sound with alsa.
* libnotify - plugin for notify with libnotify.
* Fixes
* crash at limiting.
* included JSON library is too old.
* defect that settings may not be saved correctly.
* defect that link position move over.
* some API cache functions.
* defect of crash at editing shorcut key.
Changes:
New features
* Support to preview images for Twitter official image upload service.
* If extracted short URL is gotten with Twitter API, use it.
Fixes
* fixes link string position gap on timeline.
* some memory leaks.
- Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o Large/infinite loop in the DICOM dissector. (Bug 5876)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that a corrupted Diameter dictionary file could
crash Wireshark.
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that a corrupted snoop file could crash Wireshark.
(Bug 5912)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o David Maciejak of Fortinet's FortiGuard Labs discovered that
malformed compressed capture data could crash Wireshark. (Bug
5908)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that a corrupted Visual Networks file could crash
Wireshark. (Bug 5934)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
- The following bugs have been fixed:
o AIM dissector has some endian issues. (Bug 5464)
o Telephony→MTP3→MSUS doesn't display window. (Bug 5605)
o Support for MS NetMon 3.x traces containing raw IPv6 ("Type
7") packets. (Bug 5817)
o Service Indicator in M3UA protocol data. (Bug 5834)
o IEC60870-5-104 protocol, incorrect decoding of timestamp type
CP56Time2a. (Bug 5889)
o DNP3 dissector incorrect constants AL_OBJ_FCTR_16NF
_FDCTR_32NF _FDCTR_16NF. (Bug 5920)
o 3GPP QoS: Traffic class is not decoded properly. (Bug 5928)
o Wireshark crashes when creating ProtoField.framenum in Lua.
(Bug 5930)
o Fix a wrong mask to extract FMID from DECT packets dissector.
(Bug 5947)
o Incorrect DHCPv6 remote identifier option parsing. (Bug 5962)
- Updated Protocol Support
DICOM, IEC104, M3UA, TCP,
- New and Updated Capture File Support
Network Monitor.
Remove patch-ad since upstream is not accepting it (originated in 2008)
and it no longer applies.
This revision also adds a lot of experimental ipv6 support.
Full release notes:
* Upd timezone.c Add SX, BQ and CW remove AN and FX ( Boris Zentner )
* Add support for the new types in geoiplookup6 ( Boris Zentner )
* Add new database types GEOIP_CITY_EDITION_REV0_V6,
GEOIP_CITY_EDITION_REV1_V6, GEOIP_DOMAIN_EDITION_V6,
GEOIP_ORG_EDITION_V6 and GEOIP_ISP_EDITION_V6 ( Boris Zentner )
* Remove AN and FX. Add SX, BQ and CW ( Boris Zentner )
* Fix possible segfault in geoipupdate if the connection disappear
unexpected. ( Boris Zentner )
* Add sanity check for geoipupdate-pureperl.pl ( Boris Zentner )
* Add GEOIP_USERTYPE_EDITION and GEOIP_USERTYPE_EDITION_V6
datatypes ( Boris Zentner )
* Add new functions GeoIP_is_private_ipnum_v4 and GeoIP_is_private_v4
( Boris Zentner )
* Add new functions GeoIP_teredo and GeoIP_enable_teredo.
teredo is enabled by default ( Boris Zentner )
* Fix output of geoiplookup for unknown or private regions.
( Boris Zentner )
* Fix geoipupdate-pureperl.pl to accept more product codes.
( Boris Zentner )
* Fix minor output issue in geoipupdate -v ( Boris Zentner )
* Add support for various databases. ( Boris Zentner )
* Add experimental teredo support ( Boris Zentner )
* Fix possible buffer overflow in conjunction with
http_proxies ( Elso Andras )
* Remove memcpy/bcopy macro for BSD ( Boris Zentner )
* Add GeoIP_lib_version and GeoIP_cleanup ( Ladar Levison )
* Upd Makefile.vc ( Thomas Winzig )
* Fix typo in DK,18,Midtjylland ( Boris Zentner )
* Update libGeoIP/regionName.c with FIPS codes 20100810 ( Boris Zentner )
* Fix continent codes ( Boris Zentner )
* Fix 3letter country codes for ATA, BVT, IOT, CXR, CCK, ATF, HMD,
MYT, SGS and UMI ( Boris Zentner )
* Fix typo/segfault in GeoIP_id_by_name_v6 ( Boris Zentner )
* Update libGeoIP/regionName.c with FIPS codes 20100529 ( Boris Zentner )
* Remove buffered IO functions, to fix issues with dup'ed file
descriptors ( Boris Zentner )
* Fix very minor memleak in geoipupdate ( Boris Zentner )
* Add GEOIP_CITYCONFIDENCEDIST_EDITION, GEOIP_LARGE_COUNTRY_EDITION
and GEOIP_LARGE_COUNTRY_EDITION_V6 database types ( Boris Zentner )
* Update libGeoIP/regionName.c with FIPS codes 20100422 ( Boris Zentner )
* Update libGeoIP/regionName.c with FIPS codes 20100420 ( Boris Zentner )
* Update libGeoIP/regionName.c with FIPS codes 20100221 ( Boris Zentner )
* Add missing timezones ( Boris Zentner )
* Add missing include for Windows 2000 ( Jaap Keute )
* 'GeoIP Database up to date' and 'Updated database' prints to stdout
instead of stderr ( Boris Zentner )
* Add missing GeoIPRecord_delete to geoiplookup.c ( Piotr Kaczuba )
* Add some IPv4 helper functions
unsigned long GeoIP_addr_to_num(const char *addr);
char * GeoIP_num_to_addr(unsigned long ipnum); ( Boris Zentner )
* Fix default name for the accuracy radius database to GeoIPDistance.dat ( Boris Zentner )
* Add GEOIP_CITYCONFIDENCE_EDITION database type. ( Boris Zentner )
* geoiplookup use GeoIPDistance.dat files if avail ( Boris Zentner )
* Fix geoiplookup/geoiplookup6 output, when the databaseinfo string is
not avail. ( Boris Zentner )
* Change continent code for RU from AS to EU ( Boris Zentner )
* Add GEOIP_ACCURACYRADIUS_EDITION database type. ( Boris Zentner )
* Add GEOIP_LOCATIONA_EDITION the database to map back from binary to
the csv database ( Boris Zentner )
* Change Turkey's continent code from Asia to Europe ( Boris Zentner )
* Rename _iso_8859_1__utf8 to _GeoIP_iso_8859_1__utf8 ( Boris Zentner )
* GEOIP_ORG_EDITION, GEOIP_ISP_EDITION, GEOIP_DOMAIN_EDITION and
GEOIP_ASNUM_EDITION databases return UTF8 results, if gi->charset is set
to GEOIP_CHARSET_UTF8 ( Boris Zentner )
* Avoid unnecesary call to gettimeofday when GEOIP_CHECK_CACHE is not set ( John Douglass )
* Delayed loading of changed database files for 60 seconds. To avoid
reading halve written databases ( Boris Zentner )
* Update README.OSX for Leopard and Snow Leopard ( Boris Zentner )
* Add more IPv6 functions ( Boris Zentner )
const char *GeoIP_country_code_by_addr_v6 (GeoIP* gi, const char *addr);
const char *GeoIP_country_code_by_name_v6 (GeoIP* gi, const char *host);
const char *GeoIP_country_code3_by_addr_v6 (GeoIP* gi, const char *addr);
const char *GeoIP_country_code3_by_name_v6 (GeoIP* gi, const char *host);
const char *GeoIP_country_name_by_addr_v6 (GeoIP* gi, const char *addr);
const char *GeoIP_country_name_by_name_v6 (GeoIP* gi, const char *host);
* Make sure that GeoIP_*_v6 functions refuse GEOIP_PROXY_EDITION and
GEOIP_NETSPEED_EDITION databases ( Boris Zentner )
* Update libGeoIP/regionName.c with FIPS codes from 20090723 ( Boris Zentner )
* Fix geoipupdate's -v option to not change the license filename ( Thom May )
* Fix geoipupdate's exit code ( Thom May )
* Add support for ASNUM_EDITION ( Boris Zentner )
* Fix -i output for larger values, sign issue ( Boris Zentner )
* Add -i flag for more information on netmask, range_by_ip and the current network range ( Boris Zentner )
* Add support for DOMAIN_EDITION database type ( Boris Zentner )
* Fix apps/geoipupdate-pureperl.pl output layer on W32 ( Boris Zentner )
0MQ version 2.1.7 (Stable), released on 2011/05/12
==================================================
Bug fixes
---------
* Fixed issue 191, message atomicity issue with PUB sockets (an old issue).
* Fixed issue 199 (affected ROUTER/XREP sockets, an old issue).
* Fixed issue 206, assertion failure in zmq.cpp:223, affected all sockets
(bug was introduced in 2.1.6 as part of message validity checking).
* Fixed issue 211, REP socket asserted if sent malformed envelope (old issue
due to abuse of assertions for error checking).
* Fixed issue 212, reconnect failing after resume from sleep on Windows
(due to not handling WSAENETDOWN).
* Properly handle WSAENETUNREACH on Windows (e.g. if client connects
before server binds).
Changes
-------
* Runtime checking of socket and context validity, to catch e.g. using a
socket after closing it, or passing an invalid pointer to context/socket
methods.
* Test cases moved off port 5555, which conflicts with other services.
* Clarified zmq_poll man page that the resolution of the timeout is 1msec.
after 0.0.3.5, included escape.rb is required
(crash with one from ruby-escape package, so it must be removed).
0.0.3.6
* fix: Unshown right click menu on timeline with ruby-1.8.
* fix: Always crash to assign new short cut keys with ruby-1.8
* fix: Segmentation fault at update of MiraclePainter with ruby-1.8.
* fix: Crash of string selection with ruby-1.8.
* fix: bug of shown muted users on timeline.
* fixes retweet and un-retweet mikutter command.
* add mikutter comand for cancel fav.
* new feature: search selection with Google.
* include some using files of ruby-hmac-0.4.0.
* and other misc fixes.
0.0.3.5
* Changes TL rendering method
* speeding up
* work in progress for some features
* renovation of short cut key settings
* allow to assign a shortcut key to all functions with right-click menu.
* OID Typedef Bug Fix: The oid typedef was changed in 5.6.1 to an u_int32 from
a u_long. This broke binary compatibility and likely 3rd-party code. 5.6.1.1
reverts this change and fixes an underlying OID printing problem in two agent
modules that caused someone to change the typedef in the first place.
Changes 5.6.1:
* General:
- The DTLS and TLS transports and the TSM security model are no
longer "beta" (they've undergone rigorous interoperability testing).
- Many Bug Fixes (see the CHANGES and ChangeLog files for full details)
* snmpd:
- 0 Patch 3141462: from fenner: fix agentx subagent issues with
multiple-object requests
- Patch from Niels to fix VACM persistant storage.
Changes 5.6:
* all:
- Implemented the SNMP over TLS and SNMP over DTLS protocols [RFC-to-be]
- Implemented the "Transport Security Model" [RFC5591]
- Generic host-specific configuration .conf files are now read.
- Include statements can now be used in .conf files.
* snmpd:
- Fix handling of multiple matching VACM entries. (Use the "best"
match, rather than the first one). Reported by Adam Lewis. Note
that this could potentially affect the behaviour of existing access
control configurations.
- Agent will no longer call table handlers if a set request for the
handler has invalid indexes
- table_data/tdata next handler will not be called during get
processing if no valid rows are found for the handler
- [PATCH 2952708]: Added Perl implementation of BRIDGE-MIB
- moved all functions defined in libnetsnmphelpers to
libnetsnmpagent. libnetsnmphelpers is now an empty library.
- Implemented the TSM-MIB and the TLSTM-MIB
- new API for indicating that persistent store needs to be saved
after the current request finishes processing
- [PATCH 2931446]: make the load averages writable.
* apps:
- A new tool 'net-snmp-cert' that easily creates and manages
X.509 certificates for use with the SNMP over (D)TLS protocols.
- Added an 'agentxtrap' command to send notifications via AgentX
- -T command line flag can be used to pass configuration
directly to transports that can accept configuration tokens
- A new 'snmptls' command for manipulating the agent's TLS configuration
* snmplib:
- A more modular transport subsystem that allows third party
extensions and dependencies for code reuse.
- New transport functions: f_config, f_open, f_copy and f_setup_session
- Transports can now specify session defaults
- [PATCH 2942940]: Add a new function, netsnmp_parse_args, that is
like snmp_parse_args but takes an additional bitmask, flags, to
affect the behaviour. Also remove the magic handling of some
application names.
- A new X.509 certificate API for indexing and reading certificates
- new experimental row creation API which uses a state machine
to try really hard to create a row from a given varbind list
- netsnmp_container enhancements:
- added a free_item function
- added a CONTAINER_FREE_ALL macro/function
- added an interface for duplicating a container (CONTAINER_DUP)
- added a remove function to container_iterators
- added an ability to set options on binary_array containers
- new snmp token logOption allows specifying log destinations
via configuration conf files
- A very significant reduction in compiler warning output
- new experimental simple state machine handling API
--- 9.7.3-P1 released ---
3121. [security] An authoritative name server sending a negative
response containing a very large RRset could
trigger an off-by-one error in the ncache code
and crash named. [RT #24650]
3120. [bug] Named could fail to validate zones listed in a DLV
that validated insecure without using DLV and had
DS records in the parent zone. [RT #24631]
--- 9.8.0-P2 released ---
3121. [security] An authoritative name server sending a negative
response containing a very large RRset could
trigger an off-by-one error in the ncache code
and crash named. [RT #24650]
3120. [bug] Named could fail to validate zones listed in a DLV
that validated insecure without using DLV and had
DS records in the parent zone. [RT #24631]
Purpose of command is to count usage ratio of each IP range and shared network
pool which ISC dhcpd is in control of. The command has no native monitoring
capability, for instance the tool will not talk nagios protocol. To accomodiate
this need the CSV output format is meant to be parsed by some organization
specific script etc. Users of the command are most likely ISPs and other
organizations that have large IP space.
Changelog:
* Don't create queue.xml anymore if it does not exist
* MSW: Progress lines in transfer queue now appear in correct position after changing the Windows theme
* MSW: Work around a bug in Windows where a list controls' scroll position changes without the control being notified in any way
* Several fixes to build system and environment
* Added experimental setting to strip file revision upon download from VMS servers. Set "Strip VMS revisions" to 1 in FileZilla.xml to enable
* The string coalescer benchmark debug option no longer crashes if benchmarking an empty string coalescer
* The transfer queue is now stored in an SQLite database. This greatly improves performance and vastly reduces memory consumption while loading/saving the queue
* Additional improvements to general queue performance and memory consumption
* The provided Linux binaries are now compiled for Debian Squeeze instead of Lenny
* Fixed crash during shutdown of FileZilla
* Clearing the queue when it was not yet fully populated no longer causes a crash
* If using ask login type for a site and no username is given, the initial focus is now on the user box in the login dialog
Changes since 1.0:
Features:
+ [] Add report with number of ports per device that are up, recently
down and down for a longer time.
+ [] Allow selecting multiple devices in admin_dev.html for actions
that don't require confirmation (eg macsuck, arpnip, refresh).
Based on patch by Michael Rubashenkov.
+ [] Add arpnip_min_age, macsuck_min_age and discover_min_age config
directives, which can be used to prevent polling devices too often.
+ [2982386] Add port_search page so that users can search for ports based
on the configured description/name. -bldewolf
+ [] Add "Port Usage" report page. Work in progress. -jeroenvi
+ [] Add config option for adding edge styles for graphs. -bldewolf
+ [] Small changes to support devices without sysServices ("layers")
+ [] Add "show free ports" option to Device View. -jeroenvi
+ [] New version of device.html - more columns to be shown/hidden,
(hopefully) easier to maintain & extend. For testing purposes
added as "device-new.html". -jeroenvi
+ [] Detect wrapping in device uptime counter & compensate. -jeroenvi
+ [2982390] Added command line option for saving configurations that have
been modified by jobs in the last x minutes. Added commented
cronjob to call this hourly.
+ [] Add support for IPv6 node address tracking. -jeroenvi
+ [] Add device_port_power.power column to store output power per
PSE port in milliwatts. -jeroenvi
+ [2777415] Improved PoE support in new Device View with accurate PoE source
d
power per port (if device supports it, fallback to class-based
estimation). -jeroenvi
+ [] IPv6 address to hostname resolving (quick hack by rkerr)
+ [3106690] Add "arpwalk", "macwalk" and "nbtwalk" to admin panel. Patch from
Nic Bernstein.
+ [3148218] Detect Proxim wireless APs in WAP search (J R Binks)
Bugfixes:
* [] Fix sort_port() for ports like "GigabitEthernet2/2/3" -maxb
* [3002989] Performance improvement for add_arp SQL query. -bldewolf
* [2991159] Fix complaints when doing a partial MAC search. -bldewolf
* [] Fix complaints from reports.html with no report type. -bldewolf
* [] Improve query performance in expire_ips(). -bldewolf
+ Support for older HP switch models moved to new L2::HP4000 class
+ Fix VLAN changing in L2::HP and L2::HP4000 classes
* Updated model lists in HP classes
+ [2980782] Added L3::CiscoFWSM for Cisco Firewall Services Modules
(Brian De Wolf)
+ Added L3::Pf for FreeBSD PFSense Firewalls (max)
* Added specific functions for neighbor mgmt addresses to CDP class
* Implemented os_bin() method in CiscoStats
+ [2980787] Fix for C1900 bp_index not containing interfaces.
(Brian De Wolf)
+ [2599795] Added vendor_i_type() method to HP and HP4000 clases
+ [2688801] Minor modification for obscure Proxim/Orinoco device
(jrbinks)
+ [3051443] Add PoE measured power per port to Cisco, Extrme and HP
classes (jeroenvi)
* Minor tweaks to support devices without sysServices
* Added Cisco CBS3xxx blade switches to L3::C6500
* Fix for FWSMs not being detected properly. Special thanks goes to
Jukka Pirhonen for pointing it out. (Brian De Wolf)
+ Added support for IPv6 to physical address mapping
* Added ME340x to L3::C3550
* Added new ProCurve models to HP class
* Display messages work properly again.
* Fixes plaintext command injection vulnerability in FTPS implementation
(i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for
details.
* Fixes CVE-2011-1137 (badly formed SSH messages cause DoS). See
http://bugs.proftpd.org/show_bug.cgi?id=3586 for details.
* Performance improvements, especially during server startup/restarts.
-patch replacement getline() to be of type ssize_t, so that this builds
on NetBSD >=5.99
Problem reported by Matthias Kretschmer and Luca Sironi; first part of
fix by Matthias, too.
This package was submited as part of PR pkg/43929 which adds the Koha Integrated Library System
submitted by Edgar Fuß
-------------------------------------
Net::CUPS is an object oriented interface to the Common Unix Printing System.
1.5.2 (stable) 2011-04-17 02:29 UTC
- Avoid requesting immediate socket timeouts. (Bug 18335)
- Added support for passing additional socket options. (Request 18418)
1.5.1 (stable) 2011-03-11 06:27 UTC
- Fixing SASL proxy authentication for DIGEST-MD5. (Bug 17538)
- Fixing the default socket timeout. (Bug 18335)
1.5.0 (stable) 2011-02-07 04:11 UTC
- Avoid appending an extra space in mailFrom() when $params is empty. (Bug
17989)
- Differentiating between a connection timeout and general socket I/O
timeouts. (Request 18197)
== 2.3 ==
2.3.0.3 Mon May 02 2011 Toni Gundogdu
Changes:
- Add support to read input from files
2.3.0.2 Tue Mar 15 2011 Toni Gundogdu
Changes:
- Make --version less verbose
- Manual: Add SYNOPSIS
- examples/cliverc, Manual: Add --category-http (quvi 0.2.12+)
Bugfixes:
- examples/cliverc: Typo in --get-with
2.3.0.1 Sat Feb 12 2011 Toni Gundogdu
Changes:
- Replace outdated webm_480p with mp4_360p in examples
- README: Cleanup, add notes for packagers
- Add examples/git/hooks/pre-commit
- Manual: Cleanup, add HISTORY
- Add vim modeline
Other:
- Create "2.2" branch from "master"
- Merge "2.3_gws" into "master" branch
- http://sourceforge.net/apps/trac/clive/wiki/Changes-2.3
2.3.0_4 (beta 4, 2.3_gws) Sat Dec 18 2010 Toni Gundogdu
Changes:
- Generate ChangeLog from git log
2.3.0_3 (beta 3, 2.3_gws) Wed Dec 01 2010 legatvs
Changes:
- Add support for /etc/xdg/clive/clive.conf
- Add support /etc/xdg/clive.conf
- Add --format list pattern
- Add --format list
- Add --format help
2.3.0_2 (beta 2, 2.3_gws) Thu Nov 04 2010 legatvs
Changes:
- Use quvi(1) for parsing video details, --quvi arg
- Use external command to download, --get-with arg
- Use version->declare instead of version::qv
- Add JSON::XS dependency
- Add examples/cliverc
- Additional config file search paths (e.g. system-wide)
- Remove WWW::Quvi dependency
- Remove WWW::Curl dependency
- Remove Term::ReadKey dependency
- Remove --continue, --overwrite, --proxy
- Remove --no-proxy, --agent, --throttle
2.3.0_1 (beta 1) Wed Oct 27 2010
Changes:
- Use libquvi (WWW::Quvi) to parse video details
- Remove options / features
- Rename options
- Prerequisites
Bugfixes:
- Progressbar unicode issues
2.3.0 "Glorified Wrapper Script" (2.3_gws)
* Single-script vs. multiple-clive-modules
- clive is no longer dispersed all over the file system in Perl packages
* Use quvi(1) to parse the video details
- 2.3 was going to use WWW::Quvi and libquvi (beta 1)
- Had a piffany (beta 2)
* Leave downloading for an external 3rd party command to do
- e.g. curl, wget or whatever
* Complete command line interface clean up
- Esoteric, or otherwise now completely obsoleted, features were discarded
See also:
<http://sourceforge.net/apps/trac/clive/wiki/DevelopmentStatus>
while here, simplify package (not using patches for handling config files).
= 0.6.30
This is a bugfix release.
* Make IPv6 work again
* i18n updates
* Minor other updates
= 0.6.29
This is a bugfix release.
* Updates regarding systemd integration
* Compatibility with newer gtk3 and gobject introspection
* i18n updates
* Minor other updates
* Fix CVE-2011-1002, fixing the fix for CVE-2010-2244
= 0.6.28
This is a bugfix release.
* Updates regarding systemd integration
* Properly avoid bus activation on non-systemd systems
* Compatibility with newer gtk3 and gobject introspection
* i18n updates
* Minor other updates
* Add HTTP proxy support.
* Support notify with Growl.
* Support sound with SDL.
* Fix to get tweet from keyed account.
* Some bug fixes and performance improvements.
maradns-1.4.06:
This is the stable branch of MaraDNS.
* Fix for CVE-2011-0520
* Deadwood updated to 3.0.02
(2011.01.28)
maradns-1.4.05:
This is a stable branch of MaraDNS.
* Deadwood updated to the stable 3.0.01 release.
* MicroDNS now returns "not implemented" when given an EDNS packet
* FAQ updated.
(2010.09.25)
maradns-1.4.04:
This is the stable branch of MaraDNS.
* Bugfix: NAPTR records now work when ~ is used to separate
records
* NAPTR records now documented
* Bugfix: ANY queries now correctly work with NS referrals
* Example IPv6 addresses now use RFC-4193 compliant IPs
* Website updated to point out that Deadwood is now feature
complete and ready for beta-testing
* Some updates to the SQA regressions
* Deadwood updated to Deadwood 2.9.02
* Windows-only mkSecretTxt program added (*NIX users can
just type in "dd if=/dev/urandom of=secret.txt bs=64
count=1"; this gives Windows the same ability).
(2010.07.31)
0MQ version 2.1.6 (Stable), released on 2011/04/26
==================================================
Bug fixes
---------
* Fixed memory leak with threads on Windows.
* Assert during SUB socket termination fixed.
Changes
-------
* Checks zmq_msg_t validity at each operation.
* Inproc performance tests now work on Windows.
* PGM wire format specification improved in zmq_pgm(7)
* Added thread latency/throughput performance examples.
* Added "--with-system-pgm" configure option to use already installed
OpenPGM.
0MQ version 2.1.5 (Broken), released on 2011/04/20
==================================================
Note that this version contained a malformed patch and is not usable.
It is not available for download, but is available in the git via the
2.1.5 tag.
0MQ version 2.1.4 (Stable), released on 2011/03/30
==================================================
Bug fixes
---------
* Fix to OpenPGM which was asserting on small messages (Steven McCoy).
Changes
-------
* Upgraded OpenPGM to version 5.1.115 (Pieter Hintjens).
* OpenPGM build changed to not install OpenPGM artifacts.
0MQ version 2.1.3 (Stable), released on 2011/03/21
==================================================
Bug fixes
---------
* Fix to PUSH sockets, which would sometimes deliver tail frames of a
multipart message to new subscribers (Martin Sustrik).
* Fix to PUB sockets, which would sometimes deliver tail frames of a
multipart message to new subscribers (Martin Sustrik).
* Windows build was broken due to EPROTONOSUPPORT not being defined. This
has now been fixed (Martin Sustrik).
* Various fixes to make OpenVMS port work (Brett Cameron).
* Corrected Reference Manual to note that ZMQ_LINGER socket option may be
set at any time, not just before connecting/binding (Pieter Hintjens).
* Fix to C++ binding to properly close sockets (Guido Goldstein).
* Removed obsolete assert from pgm_socket.cpp (Martin Sustrik).
Changes
-------
* Removed stand-alone devices (/devices subdirectory) from distribution.
These undocumented programs remain available in older packages (Pieter
Hintjens).
* OpenPGM default rate raised to 40mbps by default (Steven McCoy).
* ZMQ_DEALER and ZMQ_ROUTER macros provided to ease upgrade to 0MQ/3.0.
These are scheduled to replace ZMQ_XREQ and ZMQ_XREP (Pieter Hintjens).
* Added man page for zmq_device(3) which was hereto undocumented (Pieter
Hintjens).
* Removed zmq_queue(3), zmq_forwarder(3), zmq_streamer(3) man pages
(Pieter Hintjens).
OpenPGM Integration
-------------------
* Upgraded OpenPGM to version 5.1.114 (Steven McCoy, Mikko Koppanen).
* Build system now calls OpenPGM build process directly, allowing easier
future upgrades of OpenPGM (Mikko Koppanen).
* Build system allows configuration with arbitrary versions of OpenPGM
(./configure --with-pgm=libpgm-x.y.z) (Mikko Koppanen).
* OpenPGM uses new PGM_ODATA_MAX_RTE controlling original data instead of
PGM_TXW_MAX_RTE covering entire channel (Steven McCoy).
Building
--------
* 0MQ builds properly on FreeBSD (Mikko Koppanen).
0MQ version 2.1.2 (rc2), released on 2011/03/06
===============================================
Bug fixes
---------
* 0MQ now correctly handles durable inproc sockets; previously it ignored
explicit identities on inproc sockets.
* Various memory leaks were fixed.
* OpenPGM sender/receiver creation fixed.
0MQ version 2.1.1 (rc1), released on 2011/02/23
===============================================
New functionality
-----------------
* New socket option ZMQ_RECONNECT_IVL_MAX added, allows for exponential
back-off strategy when reconnecting.
* New socket option ZMQ_RECOVERY_IVL_MSEC added, as a fine-grained
counterpart to ZMQ_RECOVERY_IVL (for multicast transports).
* If memory is exhausted, 0MQ warns with an explicit message before
aborting the process.
* Size of inproc HWM and SWAP is sum of peers' HWMs and SWAPs (Douglas
Greager, Martin Sustrik).
Bug fixes
---------
* 0MQ no longer asserts in mailbox.cpp when multiple peers connect with
the same identity.
* 0MQ no longer asserts when rejecting an oversized message.
* 0MQ no longer asserts in pipe.cpp when the swap fills up.
* zmq_poll now works correctly with an empty poll set.
* Many more.
Building
--------
* 0MQ now builds correctly on CentOS, Debian 6, and SunOS/gcc3.
* Added WithOpenPGM configuration into MSVC builds.
Known issues
------------
* OpenPGM integration is still not fully stable.
0MQ version 2.1.0 (Beta), released on 2010/12/01
================================================
New functionality
-----------------
* New semantics for zmq_close () and zmq_term () ensure that all messages
are sent before the application terminates. This behaviour may be
modified using the new ZMQ_LINGER socket option; for further details
refer to the reference manual.
* The new socket options ZMQ_FD and ZMQ_EVENTS provide a way to integrate
0MQ sockets into existing poll/event loops.
* Sockets may now be migrated between OS threads, as long as the
application ensures that a full memory barrier is issued.
* The 0MQ ABI exported by libzmq.so has been formalised; DSO symbol
visibility is used on supported platforms to ensure that only public ABI
symbols are exported. The library ABI version has been set to 1.0.0 for
this release.
* OpenPGM has been updated to version 5.0.92. This version no longer
depends on GLIB, and integration with 0MQ should be much improved.
* zmq_poll() now honors timeouts precisely, and no longer returns if no
events are signaled.
* Blocking calls now return EINTR if interrupted by the delivery of a
signal; this also means that language bindings which previously had
problems with handling SIGINT/^C should now work correctly.
* The ZMQ_TYPE socket option was added; this allows retrieval of the socket
type after creation.
* Added a ZMQ_VERSION macro to zmq.h for compile-time API version
detection.
* The ZMQ_RECONNECT_IVL and ZMQ_BACKLOG socket options have been added.
Bug fixes
---------
* Forwarder and streamer devices now handle multi-part messages correctly.
* 0MQ no longer asserts when malformed data is received on the wire.
* 0MQ internal timers now work correctly if the TSC jumps backwards.
* The internal signalling functionality (mailbox) has been improved
to automatically resize socket buffers on POSIX systems.
* Many more.
Building
--------
* 0MQ now builds correctly with many more non-GCC compilers (Sun Studio,
Intel ICC, CLang).
* AIX and HP-UX builds should work now.
* FD_SETSIZE has been set to 1024 by default for MSVC builds.
* Windows builds using GCC (MinGW) now work out of the box.
Distribution
------------
* A simple framework for regression tests has been added, along with a few
basic self-tests. The tests can be run using "make check".
Fixes https://www.isc.org/CVE-2011-1907.
--- 9.8.0-P1 released ---
3100. [security] Certain response policy zone configurations could
trigger an INSIST when receiving a query of type
RRSIG. [RT #24280]
* aria2-metalink option is removed. This is enabled by default already.
Changelog:
aria2 1.11.1
============
Release Note
------------
This release fixes the bug that aria2 does not work on platforms which
have kqueue() system call due to invalid timeout parameter. The
--show-console-readout option was added. This option toggles the
appearance of console readout.
Changes
-------
* Added --show-console-readout option. This option toggles
appearance of console readout.
* Fixed the bug that microsecond part of timeval overwlows in
waitData(). This bug affects platforms which have kqueue() system
call. Those systems are FreeBSD, OpenBSD, NetBSD and Darwin (Mac OS
X).
aria2 1.11.0
============
Release Note
------------
This release adds JSON-RPC interface. The JSON-RPC and XML-RPC shares
same APIs. The JSON-RPC also supports JSONP. 2 new options were added:
--retry-wait and --async-dns-server. The downloads added by
aria2.addTorrent and aria2.addMetalink RPC method are now saved to the
file specified in --save-session option. The proxy options and related
environment variables now accept https:// and ftp:// scheme. This
release fixes the bug that causes segmentation fault when unpausing
downloads in some situations. MinGW32 build now looks for USERPROFILE
and the combination of HOMEDRIVE and HOMEPATH to get user's home
directory and doesn't check permission of .netrc file.
Changes
-------
* Updated gettext to 0.18
* Added JSON-RPC support. --enable-xml-rpc was deprecated and
--enable-rpc should be used instead. Similarly, --xml-rpc-*
options were replaced with --rpc-* options. We are implementing
JSON-RPC based on JSON-RPC 2.0 draft spec.
* Fixed rounding error in DownloadEngine::run(). This fixes the bug
that executeCommand() with Command::STATUS_ALL is not called in
every interval correctly because of rounding error in timer.
* Refresh buckets at DHT initialization without checking serialized
time. Checking serialized time does not work if you stop aria2 as
soon as it started DHT. The serialized time in dht.dat will be
updated, but buckets are not updated and still old. When you
restart aria2 again soon, it does not refresh buckets because
serialized time is recent.
* Save downloads added by aria2.addTorrent or aria2.addMetalink in
--save-session file. Uploaded data are saved as file named hex
string of sha1 hash of uploaded data plus extension(".torrent" for
torrent and ".meta4" for metalink). For example,
0a3893293e27ac0490424c06de4d09242215f0a6.torrent. The directory
where these files are saved is specified by --dir option. These
file paths are written in --save-session file.
* Fixed the bug that causes segmentation fault when unpause
RequestGroup which has resolved BtDependency.
* Look for USERPROFILE and the combination of HOMEDRIVE and HOMEPATH
to get user's home directory in MinGW32 build. Usually HOME
environment variable is defined in *nix like OSes, but not in
Windows. So in MinGW32 build, if HOME is not defined, we also look
for USERPROFILE and the combination of HOMEDRIVE and HOMEPATH.
* Fixed the bug that DownloadContext::basePath_ is not escaped.
* Added Date, Expires and Cache-Control response header field to RPC
response.
* Added --async-dns-server option. This option accepts comma
separated list of DNS server addresses used in asynchronous DNS
resolver. Usually asynchronous DNS resolver reads DNS server
addresses from /etc/resolv.conf. When this option is used, it uses
DNS servers specified in this option instead of ones in
/etc/resolv.conf. You can specify both IPv4 and IPv6 address. This
option is useful when the system does not have /etc/resolv.conf and
user does not have the permission to create it.
* Accept https:// and ftp:// in proxy options and environment variables.
* Fixed overflow in the calculation of progress percentage for file
allocation and hash check when off_t is 32bit.
* Accept HTTP 304 reply as success when If-None-Match request-header
field is specified using --header option. When --conditional-get
is used, --allow-overwrite is now required to overwrite existing
file.
* Added aria2.removeDownloadResult RPC method. The method signature
is aria2.removeDownloadResult(gid). This method removes
completed/error/removed download denoted by gid from memory. This
method returns "OK" for success.
* Use IP address of control connection to connect to the remote server in
FTP passive mode.
* Don't check permission of .netrc file in MinGW32 build.
* Added --retry-wait option. This option was once existed in aria2
but erased on 2009-09-20. Now it is resurrected once again. We
choose 0 as default value for backward compatibility. Now we retry
HTTP download when remote server returns "503 Service Unavailable"
if --retry-wait > 0. We also added error code 29:
HTTP_SERVICE_UNAVAILABLE.
* Don't show metadata download and paused download in "Download Results".
This fixes some important bugs and is therefore recommended for all users.
Key changes:
* Security: Directory traversal vulnerability with disk redirection (disallow /.. requests)
* New maintainer: Peter Åstrand <astrand@...>
* Brush cache support
* Removed the hardcoded limit of the username length
* Increased domain name length to 255 chars
* Improved compatibility with PulseAudio/padsp
* Cleaned up and documented the return values
* Keyboard fix: avoid stuck keys in certain cases
* Support for new pointers
* License has been changed to GPLv3
* EWMH fixes for 64-bit machines
* RandR support: automatically resize session if using relative screen size
* Improved support for Windows 2008 Session Broker
* Japanese keyboard map has been improved
* New keyboard map: fr-bepo
* Many stability fixes regarding smart card redirection
* Windows 2008 R2 / 7: Fix sound playback when not using other redirections
* Windows 2008 R2 / 7: Solve disk redirection read-only issues
* Windows 2008 R2 / 7: Solve issue with recursive deletion
* Avoid exit when printing, if lpr command terminates early
PR#44929.
The main changes are to sc_tracediff, a program that displays traceroutes side
by side that have changed. There are bug fixes to sc_tracediff, as well as
enhancements.
* not to notify action from mute users.
* fix to locd JSON library correctly.
* deprecate SQLite plugin.
* support new Twitter search API.
* add settings not to move to ttweet Fav or RT by myself to top.
* fixes crash with old RubyGTK on ubuntu 11.04.
patch provided by Matthew Luckie via PR#44919.
A lot of changed in scamper since 2008.
For some idea about what is in scamper today, please check the website,
in particular the scamper man page.
* Several man-page updates
* Several buildsystem fixes
* Fixed a bug with GUI icon deletion on upgrade from 2.2-RC or earlier
* Change the default --tmp-dir path to a more suitable path
* Improve the mysprintf() issue in openvpnserv.c
* Fixed bug in port-share that could cause port share process to crash
* Fix the --client-cert-not-required feature
+ fixes cross-site scripting vulnerabilities (SA44036)
+ contains a lot of filename cleanup work (no more bb and hobbit)
please read upgrade-to-430.txt when upgrading from a previous pkg
(see also the install message)
change: Incoming SSL connections can time out waiting for SSL_accept to
complete
pkgsrc change: remove the patch which did daemonize omniNames in
the code -- this was bad because it sent all diagnostic output
to /dev/null. send it to background in the rc.d script instead, and
set a reasonable logfile location
Bug Fixes:
* Added explicit note on unbound-anchor usage: Please note usage of
unbound-anchor root anchor is at your own risk and under the terms of our
LICENSE (see that file in the source).
* Fix remove private address does not throw away entire response. [bugzilla: 361 ]
* Fix, time.elapsed variable not reset with stats_noreset.
* Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout.
* give config parse error for multiple names on a stub or forward zone.
* updated ldns tarball to 1.6.9(snapshot).
* iana portlist updated.
Changelog:
This release fixes a program crash that was happening with certain YouTube
videos, and fixes the date extraction regular expression in YouTube.
* Update BUILDLINK_API_DEPENDS.quvi to 0.4.0
Changelog:
0.2.15 Fri Apr 15 2011 Toni Gundogdu
Changes:
- Add support for reading URLs from the stdin
- quvi_supported: Improve URL checking (#29)
- Check additional URL parts (vs. domain only)
- Remove obsoleted (by new test suite) options from quvi command
- --test-all
- --test
- --page-title
- --video-id
- --file-length
- --file-suffix
- --dump
Changes: Build system
- New testsuite (see $top_srcdir/test/README)
- Use CPPFLAGS (src|lib|examples)/Makefile.am
- configure:
- Add --enable-nlfy, --enable-verbose-tests
- Rename --enable-broken -> --enable-todo
Changes: API
- Add "media" interface, deprecating the old "video" interface
- The deprecated symbols will be removed in 0.2.20
- Add quvi_next_media_url (depr. quvi_next_videolink)
- Add quvi_media_t (depr. quvi_video_t)
- Add QUVIPROP_MEDIAID (depr. QUVIPROP_VIDEOID)
- Add QUVIPROP_MEDIAURL (depr. QUVIPROP_VIDEOURL)
- Add QUVIPROP_MEDIACONTENTLENGTH (depr. QUVIPROP_VIDEOFILELENGTH)
- Add QUVIPROP_MEDIACONTENTTYPE (depr.QUVIPROP_VIDEOFILECONTENTTYPE)
- Add QUVIPROP_FILESUFFIX (depr. QUVIPROP_VIDEOFILESUFFIX)
- Add QUVIPROP_FORMAT (depr. QUVIPROP_VIDEOFORMAT)
- Add QUVIPROP_MEDIATHUMBNAILURL, QUVIPROP_MEDIADURATION
- Thanks to Bastien Nocera for the patch
Changes: Website scripts
- Add soundcloud.lua, ted.lua: Thanks to Bastien Nocera for scripts
- Add megavideo.lua: Thanks to Paul Kocialkowski for the script
- Add tvlux.lua
- collegehumor.lua: Mark as TODO (#35)
- cbsnews.lua (#30)
- Improve 'best' parsing (compare height and bitrate)
- Update format IDs
- youtube.lua:
- Add support for "#at=" as start-time
- Add support additional embed URL types (/e/,/embed/)
- Process the starttime string (#36)
- Remove the dangling format IDs (tgp_144p, webm_*)
- vimeo.lua: Exit with server returned error message (#27)
- arte.lua: Improve handling of expired URLs
Bugfixes:
- "error: (null)" with LUA scripts that use 'redirect' (#46)
- quvi: Do not exit if preceeding URL fails (#40)
- Compilation when PATH_MAX is not defined (#32)
Bugfixes: Build system
- Include doc subdir with --with-doc flag only (#33)
Bugfixes: Website scripts
- cbsnews.lua: attempt to compare number with nil (#30)
- Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The NFS dissector could crash on Windows. (Bug 5209)
Versions affected: 1.4.0 to 1.4.4.
o The X.509if dissector could crash. (Bug 5754, Bug 5793)
Versions affected: 1.2.0 to 1.2.15 and 1.4.0 to 1.4.4.
o Paul Makowski from SEI/CERT discovered that the DECT dissector
could overflow a buffer. He verified that this could allow
remote code execution on many platforms.
Versions affected: 1.4.0 to 1.4.4.
The following bugs have been fixed:
o Export HTTP > All - System Appears Hung (but isn't). (Bug 1671)
o Some HTTP responses don't decode with TCP reassembly on. (Bug 3785)
o Wireshark crashes when cancelling a large sort operation. (Bug 5189)
o Wireshark crashes if SSL preferences RSA key is actually a DSA key.
(Bug 5662)
o tshark incorrectly calculates TCP stream for some syn packets.
(Bug 5743)
o Wireshark not able to decode the PPP frame in a sflow
(RFC3176) flow sample packet because Wireshark incorrectly
read the protocol in PPP frame header. (Bug 5746)
o Mysql protocol dissector: all fields should be little endian.
(Bug 5759)
o Error when opening snoop from Juniper SSG-140. (Bug 5762)
o svnversion: command not found. (Bug 5798)
o capinfos: #ifdef HAVE_LIBGCRYPT block includes a line too
many. (Bug 5803)
o Value of TCP segment data cannot be copied. (Bug 5811)
o proto_field_is_referenced() is not exported in
libwireshark.dll. (Bug 5816)
o Wireshark ver. 1.4.4 not displayed "Granted QoS" field in a
A11 packet. (Bug 5822)
- Updated Protocol Support
HTTP, LDAP, MySQL, NFS, sFlow, SSL, TCP
SNMPTT (SNMP Trap Translator) is an SNMP trap handler written in Perl for
use with the Net-SNMP / UCD-SNMP snmptrapd program (www.net-snmp.org).
SNMPTT supports Linux, Unix and Windows.
Snmptt can log to any of the following destinations: text log, syslog,
NT Event log or a SQL database. External programs can also be run to pass
the translated trap to an email client, paging software, Nagios etc.
In addition to variable substitution, SNMPTT allows complex configurations
allowing:
* the ability to accept or reject a trap based on the host name,
ip address, network range, or variable values inside of the trap
enterprise variables
* execute external programs to send pages, emails etc
* perform regular expression search and replace on the translated message
such as translating the variable value "Building alarm 4" to
"Moisture detection alarm"
This release contains several enhancements, including rate calculation in check_snmp. There are also lots of bug fixes.
* New check_ntp_peer -m and -n options to check the number of usable time sources ("truechimers")
* New check_disk_smb -a option which allows for specifying the IP address of the remote server
ChangeLog:
- Fixed bug with NSCA daemon eating CPU if child process couldn't accept a connection in multi-process mode (Chris Wilson)
- Fixed bug that prevented single mode daemon from working properly
- Added sample scripts for testing functionality to nsca_tests/ (Ton Voon/Altinity)
- Fixed crash from malformed command line
- Updated to config.sub and config.guess to latest from GNU Savannah
ChangeLog:
* Fixes problem where disabling all active hosts/services was not taking effect
* Fixes for compiler warnings (code cleanup by Stephen Gran)
* Fixes for format errors in event handler logging (Guillaume Rousse)
* Fixed incorrect info in sample nagios.cfg file for state_retention_file (Michael Friedrich)
* Fixed broker_event_handler() to return ERR if data is NULL (Michael Friedrich)
* Patch to new_mini_epn to allow any command line length without breaking on extra trailing or leading whitespace (Ray Bengen)
* Patch to mini_epn to allow any command line length (Thomas Guyot-Sionnest)
* Patch to speed up loading of state retention data (Matthieu Kermagoret)
* Custom notifications are now suppressed during scheduled downtime (Sven Nierlein)
* Added code to warn user about exit code of 126 meaning plugin is not executable (bug #153)
* Scheduled downtime can now start on SOFT error states (bug #47)
* Main window frame URL can now be specify with a "corewindow=" parameter
* Improved config CGI shows commands, command args in an easier to use manner (Jochen Bern)
* Added ability for NEB modules to override execution of event handlers (Sven Nierlein)
* Custom macros are no longer cleaned/stripped as they are user-defined and should be trusted (Peter Morch)
* Fix for choosing next valid time on day of DST change when clocks go one hour backwards
* Fix for nagios now erroring when "Error: Could not find any contactgroup matching..." displayed
* Fix tap tests for Sol0 and newer versions of Test::Harness
* Fix for notifications not being sent out when scheduled downtime is canceluzzner)
* Fix for first notification delay being calculated incorrectly, and notifications potentially going out early (Plachowski)
* Fix for text of scheduling downtime of all services on a host (Holger Weiss)
* Fix for services inheriting notification period from hosts if not defined (Gordon Messmer)
* Fix for incorrect service states on host failures (bug #130 Pet)
* Fix for incorrect service state attributes being set on host failures (bug #128 Petya Kohts)
* Fix for non-scheduled hostsnd services not being updated in NDOUtils
* Fix for typos in TAC, CMD CGIs (bugs #150, #144, #148)
* Fix for types in documentation (bugs #145, #105, #106)
* Fix for incorrect host state counts in status CGI when viewing servicegroups (bug #72)
* Fix few Splunk integration query parameters (bug #136)
* Fix for extra field header in availability CSV export (bug #113)
* Fix foracro processing code modifying input string (Jochen Bern)
* Fix for update check API
* Fix for CGI speedup when persistent=0 f comments
* Fix for event execution loop re-scheduling host checks instead of executing them if service checks are disabled (b #152)
* Fix for segfaults on Solaris (Torsten Huebler)
* Fix for incorrect comment expiration times being passed to event bror (Mattieu Kermagot)
* Doc updates related to cleaning of custom macros (Peter Valdemar Morch)
* Fix to sample notify-service--email command (bug #62)
* Fix for retaining host display name and alias, as well as service display name (Folkert van Heusden* Link to allow scheduling downtime for all services on a host (Hendrik Baecker)
* Speedup to CGIs when lots of comments or dotimes in status.dat file (Jonathan Kamens)
* Patch for new_mini_epn to allow for any command line length without breaking extra trailing or leading whitespace (Ray Bengen)
* Fix for incorrect scheduling when time has gone back an hour (partial fix for 24x7)
* Fix for compile on Fedora Core 3 (bug #0000082)
* Fix for compile on Solaris
* Fix for logging test, which was not timezone aware (bug #0000077 - Allan Clark)
* Trivial cleanups for autoconf (Allan Clark)
* Fix for CSS validation of padding: X
* Fix for documentation re: case-insensitive nature of custom variables (Marc Powell)
* Fix for template configurations which use negated wildcards (Tim Wilde)
* Fix for read-only permissions bug in CGIs that caused problems viewing comments (bug #0000029)
* Fix for incorrect CGI reports (availability, trends, etc.) when reporting period spans Daylight Savings Time (bug #0000046)
* Fix for detection of truecolor support in GD library (Lars Hecking)
* Reverted to use --datadir configure script option instead of the more recently introduced --datarootdir option
* Status and retention files are now flushed/synced to disk to prevent incomplete information being displayed in CGIs
* Fix for incorrect next service check time calculation when Nagios is reloaded with different timeperiod ranges
* Updated Fedora quistart guide to indicate PHP requirements
* Known issue: Service checks that are defined with timeperiods that contain "exclude" directives are incorrectly re-scheduled. Don't use these for now - we'll get this
fixed for 3.4
NEWS for rsync 3.0.8 (26 Mar 2011)
Protocol: 30 (unchanged)
Changes since 3.0.7:
BUG FIXES:
- Fixed two buffer-overflow issues: one where a directory path that is
exactly MAXPATHLEN was not handled correctly, and one handling a
--backup-dir that is extra extra large.
- Fixed a data-corruption issue when preserving hard-links without
preserving file ownership, and doing deletions either before or during
the transfer (CVE-2011-1097). This fixes some assert errors in the
hard-linking code, and some potential failed checksums (via -c) that
should have matched.
- Fixed a potential crash when an rsync daemon has a filter/exclude list
and the transfer is using ACLs or xattrs.
- Fixed a hang if a really large file is being processed by an rsync that
can't handle 64-bit numbers. Rsync will now complain about the file
being too big and skip it.
- For devices and special files, we now avoid gathering useless ACL and/or
xattr information for files that aren't being copied. (The un-copied
files are still put into the file list, but there's no need to gather
data that is not going to be used.) This ensures that if the user uses
--no-D, that rsync can't possibly complain about being unable to gather
extended information from special files that are in the file list (but
not in the transfer).
- Properly handle requesting remote filenames that start with a dash. This
avoids a potential error where a filename could be interpreted as a
(usually invalid) option.
- Fixed a bug in the comparing of upper-case letters in file suffixes for
--skip-compress.
- If an rsync daemon has a module configured without a path setting, rsync
will now disallow access to that module.
- If the destination arg is an empty string, it will be treated as a
reference to the current directory (as 2.x used to do).
- If rsync was compiled with a newer time-setting function (such as
lutimes), rsync will fall-back to an older function (such as utimes) on a
system where the newer function is not around. This helps to make the
rsync binary more portable in mixed-OS-release situations.
- Fixed a batch-file writing bug that would not write out the full set of
compatibility flags that the transfer was using. This fixes a potential
protocol problem for a batch file that contains a sender-side I/O error:
it would have been sent in a way that the batch-reader wasn't expecting.
- Some improvements to the hard-linking code to ensure that device-number
hashing is working right, and to supply more information if the hard-link
code fails.
- The --inplace code was improved to not search for an impossible checksum
position. The quadruple-verbose chunk[N] message will now mention when
an inplace chunk was handled by a seek rather than a read+write.
- Improved ACL mask handling, e.g. for Solaris.
- Fixed a bug that prevented --numeric-ids from disabling the translation
of user/group IDs for ACLs.
- Fixed an issue where an xattr and/or ACL transfer that used an alt-dest
option (e.g. --link-dest) could output an error trying to itemize the
changes against the alt-dest directory's xattr/ACL info but was instead
trying to access the not-yet-existing new destination directory.
- Improved xattr system-error messages to mention the full path to the
file.
- The --link-dest checking for identical symlinks now avoids considering
attribute differences that cannot be changed on the receiver.
- Avoid trying to read/write xattrs on certain file types for certain OSes.
Improved configure to set NO_SYMLINK_XATTRS, NO_DEVICE_XATTRS, and/or
NO_SPECIAL_XATTRS defines in config.h.
- Improved the unsafe-symlink errors messages.
- Fixed a bug setting xattrs on new files that aren't user writable.
- Avoid re-setting xattrs on a hard-linked file w/the same xattrs.
- Fixed a bug with --fake-super when copying files and dirs that aren't
user writable.
- Fixed a bug where a sparse file could have its last sparse block turned
into a real block when rsync sets the file size (requires ftruncate).
- If a temp-file name is too long, rsync now avoids truncating the name in
the middle of adjacent high-bit characters. This prevents a potential
filename error if the filesystem doesn't allow a name to contain an
invalid multi-byte sequence.
- If a muli-protocol socket connection fails (i.e., when contacting a
daemon), we now report all the failures, not just the last one. This
avoids losing a relevant error (e.g. an IPv4 connection-refused error)
that happened before the final error (e.g. an IPv6 protocol-not-supported
error).
- Generate a transfer error if we try to call chown with a -1 for a uid or
a gid (which is not settable).
- Fixed the working of --force when used with --one-file-system.
- Fix the popt arg parsing so that an option that doesn't take an arg will
reject an attempt to supply one (can configure --with-included-popt if
your system's popt library doesn't yet have this fix).
- A couple minor option tweaks to the support/rrsync script, and also some
regex changes that make vim highlighting happier.
- Fixed some issues in the support/mnt-excl script.
- Various manpage improvements.
ENHANCEMENTS:
- Added ".hg/" to the default cvs excludes (see -C & --cvs-exclude).
DEVELOPER RELATED:
- Use lchmod() whenever it is available (not just on symlinks).
- A couple fixes to the socketpair_tcp() routine.
- Updated the helper scripts in the packaging subdirectory.
- Renamed configure.in to configure.ac.
- Fixed configure's checking for iconv routines for newer OS X versions.
- Fixed the testsuite/xattrs.test script on OS X.
The 0MQ lightweight messaging kernel is a library which extends the
standard socket interfaces with features traditionally provided by
specialised messaging middleware products. 0MQ sockets provide an
abstraction of asynchronous message queues, multiple messaging
patterns, message filtering (subscriptions), seamless access to
multiple transport protocols and more.
* 20-resolv.conf now uses the correct variable for $IF_METRIC
* Compiles on RedHat9
* Exclude interface values when dumping the lease
* Parse static value subnet_mask when it exists instead of deriving from
ip address
* logger calls now resemble dhcpcd calls to syslog(3)
* Reject offered IP address if INADDR_BROADCAST or INADDR_ANY
* Change the route if source address has changed
* Handle partial UDP checksums so we work in Xen domU
Thanks to Marius Tomaschewski <mt@suse.de>
* Note the address we are requesting in the broadcast log entry
* When operating on one interface, respect the timeout for in dhcpcd.conf
* Escape | and & characters before passing the value to the shell
Ensure we set a valid hostname, DNS domain and NIS domain.
Document the need for input validation in dhcpcd-run-hooks(8).
Fixes CVE-2011-996
Based on a patch to dhcpcd-3 by Marius Tomaschewski <mt@suse.de>
Patch provided by Wen Heping in PR 42833.
Changes:
- Added Timor-Leste country code: .tl
- Updated database: Tue Feb 16 06:40:01 2010 UTC
- Using date-based version number
- Code and documentation cleanup
- Added some new tests
- Updated list of country codes
- Updated database: Wed Oct 7 06:40:02 2009 UTC
- Removed webgeo2ipct.pl script as you can now download a suitable file
straight from the web: http://software77.net/geo-ip/
- Updated database: Tue Sep 8 06:40:01 2009 UTC
- Fix undef warning in Faster()
- Tidy up benchmark script
- Tidy up txt<->dat conversion scripts
For all mikker and ill of twitter users best twitter client.
Miku is so moe, so cute, so beautiful, fantastic, excellent,
magnificent, brilliant and my wife. moeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
0.9.8
- Overall changes:
* Automagically generated API documentation using doxygen.
* Added support for pkg-config.
* Fixed Mingw32 cross compilation.
* Fixed CMake build system.
- LibVNCServer/LibVNCClient:
* All files used by _both_ LibVNCServer and LibVNCClient were put into
a 'common' directory, reducing code duplication.
* Implemented xvp VNC extension.
* Updated minilzo library used for Ultra encoding to ver 2.04.
According to the minilzo README, this brings a significant
speedup on 64-bit architechtures.
- LibVNCServer:
* Thread safety for ZRLE, Zlib, Tight, RRE, CoRRE and Ultra encodings.
This makes all VNC encodings safe to use with a multithreaded server.
* A DisplayFinishedHook for LibVNCServer. If set, this hook gets called
just before rfbSendFrameBufferUpdate() returns.
* Fix for tight security type for RFB 3.8 in TightVNC file transfer
(Debian Bug #517422).
- LibVNCClient:
* Unix sockets support.
* Anonymous TLS security type support.
* VeNCrypt security type support.
* MSLogon security type support.
* ARD (Apple Remote Desktop) security type support.
* UltraVNC Repeater support.
* A new FinishedFrameBufferUpdate callback that is invoked after each
complete framebuffer update.
* A new non-forking listen (reverse VNC) function that works under
Windows.
* IPv6 support. LibVNCClient is now able to connect to IPv6 VNC servers.
* IP QoS support. This enables setting the DSCP/Traffic Class field of
IP/IPv6 packets sent by a client. For example starting a client with
-qosdscp 184 marks all outgoing traffic for expedited forwarding.
Implementation for Win32 is still a TODO, though.
* Fixed hostname resolution problems under Windows.
- SDLvncviewer
* Is now resizable and can do key repeat, mouse wheel scrolling
and clipboard copy and paste.
- LinuxVNC:
* Fix for no input possible because of ctrl key being stuck.
Issue was reported as Debian bug #555988.
* Version 1.0.30:
- pure-quotacheck can now work with a large number of files.
- OPTS UTF-8 is now an alias to OPTS UTF8.
- Fix a STARTTLS flaw similar to Postfix's CVE-2011-0411.
Changelog:
* Updated translations
* Disabled automatic negotiation of FTP over TLS introduced in 3.4.0-beta1. Will be added in a future version instead
* Add checkbox to settings dialog to not save passwords
* Add timestamp columns to successful and failed queue tabs showing when the transfers completed or failed
* Fixed infinite loop in TinyXML when loading settings from corrupt XML documents
* Parsing MDTM reply now takes seconds into account
* MSW: Handling of paths relative to the drive-root in local directory input box
* Compatibility with MVS listing containing PO-E type entries
* Fix Resizing issues with manual transfers dialog
* MSW: Remote file editing did not correctly handle files that were still open
* Normal FTP connections now always attempt to negotiate secure FTP over TLS
* Added option to force use of insecure plain FTP to Site Manager
* Kiosk mode option can now also be read from FileZilla.xml, with fzdefaults.xml having priority if setting exists in both files
* Fix memory leak in directory cache
* Compatibility with obscure DOS servers using forward slashes as path delimiter
* MSW: Horizontal scroll bar in file lists and queue did not appear if changing column widths
* Improve text wrapping engine
Upstream NEWS is weak; release notes for 2.8.5.1 follow.
[*] Improvements
* Fixed syslog output when running on Windows.
* Fixed potential segfault when printing IPv6 packets using the -v option.
Thanks to Laurent Gaffie for reporting this issue.
* Fixed segfault when additional policies were added during a configuration
reload.
Fix patch to quota-check.m4 so that the autoconf'ed configure will
define HAVE_LIBQUOTA too
Use QL_STATUS(quota_check_limit()) instead of quota_check_limit(). This is
the only visible change in binaries.
Do not bump PKGREVISION as the previous code has been there for only a few
hours.
check for getfsquota() in libquota. If it's there, use getfsquota() and
quota_check_limit() from libquota instead of local getnfsquota or direct
calls to quotactl().
Tested on NetBSD-current and NetBSD 5.1. OK agc@
Features:
* harden-below-nxdomain config option, default off (because very old software
may be incompatible). We could enable it by default in the future.
From draft-vixie-dnsext-resimprove-00.
* typetransparent localzone: does not block other RR types.
* so-sndbuf option for very busy servers, a bit like so-rcvbuf.
Bug Fixes:
* Fix so a changed NS RRset does not get moved name stuck on old server,
for type NS the TTL is not increased.
* Fix prefetch so it does not get stuck on old server for moved names.
* Fix insecure CNAME sequence marked as secure, reported by Bert Hubert.
* faster lruhash get_mem routine.
* [bugzilla: 346 ] remove ITAR scripts from contrib,
the service is discontinued, use the root.
* Fix in infra cache that could cause rto larger than TOP_TIMEOUT kept.
* algorithm compromise protection using the algorithms signalled in the DS
record. Also, trust anchors, DLV, and RFC5011 receive this, and thus,
if you have multiple algorithms in your trust-anchor-file then it will now
behave different than before. Also, 5011 rollover for algorithms needs to be
double-signature until the old algorithm is revoked.
* squelch 'tcp connect: bla' in logfile, (set verbosity 2 to see them)
* fix validation in this case: CNAME to nodata for co-hosted opt-in
NSEC3 insecure delegation, was bogus, fixed to be insecure.
* Fix our 'BDS' license (typo reported by Xavier Belanger).
* [bugzilla: 338 ] print address when socket creation fails.
* Fix storage of EDNS failures in the infra cache.
* silence 'tcp connect: broken pipe' and 'net down' at low verbosity.
* unbound-anchor compiles with openssl 0.9.7.
* Be lenient and accept imgw.pl malformed packet (like BIND).
* the included ldns tarball is updated (to 1.6.8)
* iana portlist updated.
unbound 1.47:
Features:
* unbound-anchor app, unbound requires libexpat (xml parser library).
It creates or updates a root.key file. Use it before you start the validator
(e.g. at system boot time).
* dump_infra and flush_infra commands for unbound-control.
Bug Fixes:
* GOST code enabled by default (RFC 5933).
* Configure detects libev-4.00.
* do not synthesize a CNAME message from cache for qtype DS.
* Use central entropy to seed threads.
* Change the rtt used to probe EDNS-timeout hosts to 1000 msec.
* Fix validation failure for parent and child on same server with an insecure
childzone and a CNAME from parent to child.
* Change of timeout code. No more lost and backoff in blockage. At 12sec timeout
(and at least 2x lost before) one probe per IP is allowed only. At 120sec,
the IP is blocked. After 15min, a 120sec entry has a single retry packet.
* no timeout backoff if meanwhile a query succeeded.
* Configure errors if ldns is not found.
* Windows 7 fix for the installer.
* Fix bug where fallback_tcp causes wrong roundtrip and edns observation to be
noted in cache. Fix bug where EDNSprobe halted exponential backoff if EDNS
status unknown.
* interface automatic works for some people with ip6 disabled. Therefore the
error check is removed, so they can use the option.
* Fix TCP so it uses a random outgoing-interface.
* Fix bug when DLV below a trust-anchor that uses NSEC3 optout where the zone
has a secure delegation hosted on the same server did not verify as secure
(it was insecure by mistake).
* Fix alloc_reg_release for longer uptime in out of memory conditions.
* [bugzilla: 329 ] in example.conf show correct ipv4 link-local 169.254/16.
* compliance with draft-ietf-dnsop-default-local-zones-14,
removed reverse ipv6 orchid prefix from builtin list.
* Algorithm rollover operational reality intrudes, for trust-anchor and
5011-store, if one key matches it's good enough.
* Fix reported validation error in out of memory condition.
* Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout.
* increased mesh-max-activation from 1000 to 3000 for crazy domains like
_tcp.slb.com with 262 servers.
* [bugzilla: 327 ] Fix for cannot access stub zones until the root is primed.
* openbsd-lint fixes
* [bugzilla: 321 ] Fix resolution of rs.ripe.net artifacts with 0x20.
Delegpt structures checked for duplicates always.
No more nameserver lookups generated when depth is full anyway.
* [bugzilla: 322 ] Fix, configure does not respect CFLAGS on Solaris.
Pass CFLAGS="-xO4 -xtarget=generic" on the configure command line if use
sun-cc, but some systems need different flags.
* Fix acx_nlnetlabs.m4 configure output for autoconf-2.66 AS_TR_CPP changes,
uses m4_bpatsubst now.
* make test (or make check) should be more portable and run the unit test and
testbound scripts. (make longtest has special requirements).
* More pleasant remote control command parsing.
* Fix name of rrset printed that failed validation.
* Return NXDOMAIN after chain of CNAMEs ends at name-not-found.
* Fix validation in case a trust anchor enters into a zone with
unsupported algorithms.
* iana portlist updated.
* updated ldns tarball.
* TXT record presentation format parsing fixes.
* NAPTR record presentation format parsing fixes.
* SEP flag no longer required (for use with Combined Signing Key).
* Validation routines improved.
* Recursor now handles hints and nameservers better.
* Various bug fixes.
* Fix creating NSEC(3) bitmaps: make array size 65536,
don't add doubles.
* Fix printout of escaped binary in TXT records.
* Parsing TXT records: don't skip starting whitespace that is quoted.
* bugfix #358: Check if memory was successfully allocated in
ldns_rdf2str().
* Added more memory allocation checks in host2str.c
* python wrapper for ldns_fetch_valid_domain_keys.
* fix to compile python wrapper with swig 2.0.2.
* Don't fallback to SHA-1 when creating NSEC3 hash with another
algorithm identifier, fail instead (no other algorithm identifiers
are assigned yet).
1.6.8
* Fix ldns zone, so that $TTL definition match RFC 2308.
* Fix lots of missing checks on allocation failures and parse of
NSEC with many types and max parse length in hosts_frm_fp routine
and off by one in read_anchor_file routine.
* bugfix #335: Drill: Print both SHA-1 and SHA-256 corresponding DS
records.
* Print correct WHEN in query packet (is not always 1-1-1970)
* ldns-test-edns: new example tool that detects EDNS support.
* fix ldns_resolver_send without openssl.
* bugfix #342: patch for support for more CERT key types (RFC4398).
* bugfix #351: fix udp_send hang if UDP checksum error.
* fix set_bit (from NSEC3 sign).
* changed ssl:verify-certificate default to yes.
* check certificate common name in openssl case (code from curl).
* disable weak algorithms in openssl.
* new setting xfer:log-file.
* support for netkey pasword in ftp.
* added torrent ipv6 support (new setting torrent:ipv6)
* don't accept new connections when no torrent can accept them.
* allow to specify job numbers in `jobs' command.
* fixed a segfault in pget when an error happens on second chunk.
