Changes since omniORB 4.1.6
---------------------------
- Bug fixes and platform updates. See bugfixes-416.xml
- ZIOP support. See src/examples/ziop/README.txt for details.
Changes since omniORB 4.1.5
---------------------------
- Bug fixes. See bugfixes-415.xml
- New clientOpenConnection and serverAcceptConnection interceptors.
dnspython is a DNS toolkit for Python. It provides both high and low
level access to DNS. The high level classes perform queries for data
of a given name, type, and class, and return an answer set. The low
level classes allow direct manipulation of DNS zones, messages, names,
and records.
This is the python-3.x version of the module.
* (Version 1.11.1 released)
* dns/tsigkeyring.py (to_text): we want keyname.to_text(), not
dns.name.to_text(keyname). Thangs to wangwang for the fix.
* dns/tsig.py (sign): multi-message TSIGs were broken for
algorithms other than HMAC-MD5 because we weren't passing the
right digest module to the HMAC code. Thanks to salzmdan for
reporting the bug.
* dns/dnssec.py (_find_candidate_keys): we tried to extract the
key from the wrong variable name. Thanks to Andrei Fokau for the
fix.
* dns/resolver.py: we want 'self.retry_servfail' not just
retry_servfail. Reported by many, thanks! Thanks to
Jeffrey C. Ollie for the fix.
* tests/grange.py: fix tests to use older-style print formatting
for backwards compatibility with python 2.4. Thanks to
Jeffrey C. Ollie for the fix.
* (Version 1.11.0 released)
* dns/name.py (Name.to_wire): Do not add items with offsets >= 2^14
to the compression table. Thanks to Casey Deccio for discovering
this bug.
* dns/ipv6.py (inet_ntoa): We now comply with RFC 5952 section
5.2.2, by *not* using the :: syntax to shorten just one 16-bit
field. Thanks to David Waitzman for reporting the bug and
suggesting the fix.
* lock caches in case they are shared
* raise YXDOMAIN if we see one
* do not print empty rdatasets
* Add contributed $GENERATE support (thanks uberj)
* Remove DNSKEY keytag uniqueness assumption (RFC 4034, section 8)
(thanks James Dempsey)
* added set_flags() method to dns.resolver.Resolver
* added support for TLSA RR
* dns/rdtypes/ANY/NSEC3.py (NSEC3.from_text): The NSEC3 from_text()
method could erroneously emit empty bitmap windows (i.e. windows
with a count of 0 bytes); such bitmaps are illegal.
* (Version 1.10.0 released)
* dns/message.py (make_query): All EDNS values may now be
specified when calling make_query()
* dns/query.py: Specifying source_port had no effect if source was
not specified. We now use the appropriate wildcard source in
that case.
* dns/resolver.py (Resolver.query): source_port may now be
specified.
* dns/resolver.py (Resolver.query): Switch to TCP when a UDP
response is truncated. Handle nameservers that serve on UDP
but not TCP.
* dns/zone.py (from_xfr): dns.zone.from_xfr() now takes a
'check_origin' parameter which defaults to True. If set to
False, then dnspython will not make origin checks on the zone.
Thanks to Carlos Perez for the report.
* dns/rdtypes/ANY/SSHFP.py (SSHFP.from_text): Allow whitespace in
the text string. Thanks to Jan Andres for the report and the
patch.
* dns/message.py (from_wire): dns.message.from_wire() now takes
an 'ignore_trailing' parameter which defaults to False. If set
to True, then trailing junk will be ignored instead of causing
TrailingJunk to be raised. Thanks to Shane Huntley for
contributing the patch.
* dns/resolver.py: Added LRUCache. In this cache implementation,
the cache size is limited to a user-specified number of nodes, and
when adding a new node to a full cache the least-recently used
node is removed.
* dns/resolver.py: dns.resolver.override_system_resolver()
overrides the socket module's versions of getaddrinfo(),
getnameinfo(), getfqdn(), gethostbyname(), gethostbyname_ex() and
gethostbyaddr() with an implementation which uses a dnspython stub
resolver instead of the system's stub resolver. This can be
useful in testing situations where you want to control the
resolution behavior of python code without having to change the
system's resolver settings (e.g. /etc/resolv.conf).
dns.resolver.restore_system_resolver() undoes the change.
* dns/ipv4.py: dnspython now provides its own, stricter, versions
of IPv4 inet_ntoa() and inet_aton() instead of using the OS's
versions.
* dns/ipv6.py: inet_aton() now bounds checks embedded IPv4 addresses
more strictly. Also, now only dns.exception.SyntaxError can be
raised on bad input.
* Old DNSSEC types (KEY, NXT, and SIG) have been removed.
* Bounds checking of slices in rdata wire processing is now more
strict, and bounds errors (e.g. we got less data than was
expected) now raise dns.exception.FormError rather than
IndexError.
HATop is an interactive ncurses client and real-time monitoring, statistics
displaying tool for the HAProxy TCP/HTTP load balancer.
HATop's appearance is similar to top(1). It supports various modes for detailed
statistics of all configured proxies and services in near realtime. In addition,
it features an interactive CLI for the haproxy unix socket. This allows
administrators to control the given haproxy instance (change server weight, put
servers into maintenance mode, ...) directly out of hatop (using keybinds or
the CLI) and monitor the results immediately.
HATop is written in pure Python and has no external dependencies.
1.) Handle installation of the script to determine the amount of free
memory and swap space on the local machine automatically.
2.) Fix the NetBSD implementation of the above script.
3.) Create a wrapper shell script for invoking Cacti's poller.
4.) Simplify the installation instrunctions using the above enhancements.
5.) Don't included the log file in the package list. It doesn't belong
there and "pkg_delete" will correctly complain that it has been
modified.
ToDo:
- The log file and the "rrdtool" database still need to be moved to
a directory under "${VARBASE}".
- "config.php" should really be a config file to allow using a
non-default password for the MySQL database. But the file would have
to be readable by both the user of the webserver and that cacti user.
pkgsrc change: remove patches/patch-configure.in.
--- 9.9.4-P2 released ---
3693. [security] memcpy was incorrectly called with overlapping
ranges resulting in malformed names being generated
on some platforms. This could cause INSIST failures
when serving NSEC3 signed zones. [RT #35120]
3658. [port] linux: Address platform specific compilation issue
when libcap-devel is installed. [RT #34838]
--- 9.8.6-P2 released ---
3693. [security] memcpy was incorrectly called with overlapping
ranges resulting in malformed names being generated
on some platforms. This could cause INSIST failures
when serving NSEC3 signed zones. [RT #35120]
3658. [port] linux: Address platform specific compilation issue
when libcap-devel is installed. [RT #34838]
fix for CVE-2014-0591.
--- 9.6-ESV-R10-P2 released ---
3693. [security] memcpy was incorrectly called with overlapping
ranges resulting in malformed names being generated
on some platforms. This could cause INSIST failures
when serving NSEC3 signed zones. [RT #35120]
3658. [port] linux: Address platform specific compilation issue
when libcap-devel is installed. [RT #34838]
http://secunia.com/advisories/53818/ From NEWS:
== GNU ZRTP 4.1.1 ==
Is a bug fix release that fixes some problems when building a standalone
version of the library, i.e. with embedded crypto algorithms and not using
on openSSL.
Another fix was necessary for NetBSD thread handling.
== GNU ZRTP 4.1.0 ==
Small enhancements when dealing with non-NIST algorithms. An application may
set a ''algorithm selection policy'' to control the selection behaviour. In
addition the the standrad selection policy (as per RFC6189) this version
provides a _non-NIST_ selection policy: if the selected public key algorithm
is a non-NIST ECC algorithm then the other selection functions prefer non-NIST
HASH algorithms (Skein etc).
== GNU ZRTP 4.0.0 ==
For this version I added some new algorithms for the DH key agreement
and the Skein Hash for ZRTP. Not further functional enhancments.
Added a new (old) build parameter -DCORE_LIB that will build a ZRTP core
library. This was available in V2.3 but I somehow lost this for 3.0
You may add other build parameters, such as SQLITE and CRYPTO_STANDALONE
if you build the core library.
== GNU ZRTP 3.2.0 ==
The main ZRTP modules contain fixes for three vulnerabilities found by Mark
Dowd. Thus we advise application developers to use this version of the
library. The vulnerabilities may lead to application crashes during ZRTP
negotiation if an attacker sends prepared ZRTP packets. The fixes remove these
attack vectors.
Some small other enhancements and cleanup, mainly inside client code.
Some enhancements in cache handling and the handling of retained shared
secrets. This change was proposed by Phil, is a slight security enhacement and
is fully backward comaptible.
Because of some API changes clients must be compiled and linked with the new
library.
For details please refer to the Git logs.
== GNU ZRTP 3.1.0 ==
This version adds some new features and code that supports some other
client and this accounts for the most changes inside this release.
The ZRTP core functionality was not changed as much (bug fixes, cleanup
mainly) and remains fully backward compatible with older library
versions. However, one nice enhancement was done: the addition of a standalone
SDES support module. This module supports basic SDES only without the fancy
stuff like many other SDES implementations. Thus it's pretty interoperable.
Some other features are:
- add some android support for a client, may serve as template for others
- documentation and code cleanup
Because of some API changes clients must be compiled and linked with the new
library.
== GNU ZRTP 3.0.0 ==
This is a major enhancement and restructuring of the overall ZRTP
distribution. This was necessary because more and more other clients use ZRTP
and add their specific glue code. Also some clients are not prepared to use
openSSL or other crypto libraries to their code and distributions.
Here a summary of the changes
- a new directory layout to accomodate various clients
- add standalone crypto modules, for example for AES, to have a real
standalone ZRTP/SRTP library that does not require any other crypto library
(optional via CMake configuration)
- Re-structure ZRTP cache and add SQlite3 as optional storage backend
The default settings for CMake build the normal ZRTP library that use openSSL
as crypto backend, use the normal file based cache and include the GNU ccRTP
modules. This is a librray that is to a large degree compatible with the
earlier builds.
Please refer to the top level CMakeFile.txt for options how to switch on the
standalone crypto mode or the SQlite3 based cache storage.
- bug: Fixed issue with custom data source information being lost when
saved from edit
- bug: Repopulate the poller cache on new installations
- bug: Fix issue with poller not escaping the script query path correctly
- bug: Allow snmpv3 priv proto none
- bug: Fix issue where host activate may flush the entire poller item
cache
-security: SQL injection and shell escaping issues
Also add the fix for the security vulnerability reported in SA54531
taken from the SVN repository.
* This package requires gcc 4.7 later from pkgsrc
Changelog:
aria2 1.18.2
============
Release Note
------------
This release fixes the wrong handling of return value of fork(), which
leads to high CPU usage. The progress readout has some color output.
Mingw32 build now receives colorized output. Mingw32 build now can
read unicode command-line arguments. The build script of OSX was
rewritten. The --bt-max-open-files now limits the number of opened
file globally for multi-file downloads instead of per download basis.
Changes
-------
* Remove the outdated, broken build_osx_release.sh
* Initial revision of the a new OSX release Makefile
* Allow using libgmp with AppleTLS/WinTLS
* Fix crash when metaurl contains unsupported URI or text
* Fix bad fork() return value handling
* Use some colors in progress reports (where available)
* Implement basic color support for the Windows console
Only \033[*m (SGR) is supported, with a 16+16 color terminal.
* AppleTLS: Implement PKCS12 loading.
* Limit number of opened file globally with --bt-max-open-files option
This change changes the behavior of --bt-max-open-files. Previously,
it specifies the maximum number of opened files for each multi-file
download. Since it is more useful to limit the number globally, the
option now specifies the global limit. This change suggests that
aria2.changeOption() method now ignores --bt-max-open-files and
aria2.changeGlobalOption now reads it and dynamically change the
limit.
* Don't fail multiple concurrent dl same file if auto-file-renaming is
enabled
* mingw32: Use CommandLineToArgvW() and GetCommandLineW() to read
cmd-line args
This change enables aria2 to read unicode characters in
command-line.
aria2 1.18.1
============
Release Note
------------
This release fixes the percent-encoding bug which affects file name
encodings. It adds PKCS12 support in certificate import. It also adds
experimental internal implementation of message digest functions, ARC4
cipher and bignum. It means that no external libraries are required to
build BitTorrent support, but this feature is still marked as
experimental. This release also fixes the android build with NDK r9.
Changes
-------
* LibsslTLSContext: Remove weak cipher suite
* AppleTLS: Enable --certificate
* util::percentEncodeMini: Fix regression bug removed unsignedness
srange-based for around std::string is convenient but several
functions depend unsigned char for correctness and readability.
* Log exception; throw error if loading private key and/or certificate
failed
* Provide internal ARC4 implementation
Now you can build bittorrent support without without external
libraries, meaning you can skip libnettle, libgmp, libgcrypt, GnuTLS
and OpenSSL on OSX (for now).
* Internal implementation of DHKeyExchange
Reusing a bignum (well, unsigned very-long) implementation I had
lying around for years and just cleaned up a bit and brought to
C++11 land.
It might not be the most performant implementation, but it shoud be
fast enough for our purposes and will go a long way of removing
gcrypt, nettle, gmp, openssl dependencies when using AppleTLS and
WinTLS (upcoming).
* PKCS12 support in --certificate and --rpc-certificate options.
* Add --disable-ssl configure option
* Add internal md5 and sha1 message digests
* Fix AppleMessageDigestImpl use with large data
* Set old cookie's creation-time to new cookie on replacement
As described in http://tools.ietf.org/html/rfc6265#section-5.3
* Fix link error with Android NDK r9
Since Android ndk r9, __set_errno is deprecated. It is now defined
as inline function in errno.h. The syscall assembly calls
__set_errno, but since libc.so does not export it, the link
fails. To workaround this, replace all occurrences of __set_errno
with a2_set_errno and define it as normal C function.
aria2 1.18.0
============
Release Note
------------
This release changes the default disk cache size to 16 MiB. To change
the default size, --with-disk-cache configure option was added. Now
used URIs are also saved by --save-session option. The control file is
now always saved if --force-save is given. The ctrl-c handling on
Mingw build was improved. The internal intl library is no longer
supplied. From this release, C++11 compiler is required to build aria2
executable. For gcc, at least 4.6.3 is required.
Changes
-------
* Use AM subdir-objects
Doing so in AM_INIT_AUTOMAKE seems to be the most compatible way of
doing so.
Closes GH-120
* AM_SILENT_RULES([yes]) with backwards-compatiblity
Supported since automake-1.11. There is no point in having the very
verbose compile stuff running about, which cannot even silenced
properly with `make -s` by default. Otherwise, `make V=1` or
`--disable-silent-rules` are your friends
* Fix automake-1.14 am_aux_dir
AC_USE_SYSTEM_EXTENSIONS will cause AC_PROG_CC, which is overridden
by automake-1.14, which will then init (part) of automake, in
particular am_aux_dir expansion, which in turn relies on ac_aux-dir,
which is not initialized at this point, and thus: certain doom (or
fun, depending on your POV and mood :p)
Hence call AC_USE_SYSTEM_EXTENSIONS only after
AM_INIT_AUTOMAKE. This, of course, caused a lot of related macro
shuffling.
Tested against automake-1.10 (OSX Lion/XCode version) and
automake-1.14 (homebrew version)
* Require external gettext for --enable-nls
And stop using the internal flavor with ./intl
* Make AX_CXX_COMPILE_STDCXX_11 test for -stdlib=libc++ via std::shared_ptr
The clang shipped with OSX XCode and clangs not build enabling
libcpp, will default to the libstdc++ headers and lib installed on
the system. In the OSX case, that libstdc++ is the one bundles with
gcc-4.2, which is far too old to provide all required C++11 types,
such as std::shared_ptr. Hence, the C++11 check should try to
compile a program with a C++11 type and try -stdlib=libc++ if the
default lib fails to compile said program.
* Make the configure check for C++11 compiler mandatory
Remove stray "dnl", so that mandatory actually works with (my)
autoreconf.
* Always build doc/manual-src
Should sphinx-build be not available AND the man file not be prsent,
then just "touch" it into existence (and warn about that)
* Win: Use SetConsoleCtrlHandler for SIGINT/SIGTERM
* Implement a simple resource lock (threading)
In this initial implementation Locks are no-ops on platforms other
than Windows.
* Check for sphinx-build during configure
* Add --with-disk-cache configure option
Enables packagers more fine grained control over the default value
without having to mess with config files.
See GH-115
* Change defaults: Enable 16M disk cache by default.
* Always save control file if --force-save is given
* Set log level DEBUG for unittests
* Check that C++ compiler supports override keyword
If the compiler supports override, define CXX11_OVERRIDE as
override, otherwise define it as empty. Use CXX11_OVERRIDE instead
of override.
* AppleTLS: Fix MessageDigestImpl
* AppleTLS: Fix session CFRelease stuff
* Use AX_CXX_COMPILE_STDCXX_11 macro to detect C++0x/C++11 support in
compiler
* Require -std=c++11 and use std::shared_ptr instead of SharedHandle
* Join URI on redirect
* Send HAVE message to the peer which the piece is downloaded from
Historically, aria2 did not send HAVE message to the peer which the
piece is coming from, thinking it is obvious that the peer knows we
have the piece. But it is not obvious if one piece is download from
more than 1 peers (e.g., end game mode). So it is better to send
HAVE to all peers connected.
* Improvements to --follow-torrent=false documentation.
Patch from gt
* SessionSerializer: Truly unique URIs
Before, only spent uris where sanitized not to be contained within
remaining uris. Change this so that each uri in the
union(remaining,spent) get saved once at most. The order of the
uris will won't be changed, with remaining uris going first followed
by spent uris.
Also avoid copying the uri std::strings around during dupe checking,
usually resulting in better performance regarding CPU and space.
* Make getOption RPC method return option for stopped downloads
* SessionSerializer: Save spent URIs as well as remaining ones
- new plugin: BetterNotify
- support for Twitter API v1.1
- 'mark timeline as read' menu item added
- Show 'in reply to' in Twitter search timelines
- identi.ca support removed from StatusNet plugin
- other minor fixes
3.2.2
This release fixes a number of bugs in the broker (including High Availability
mode) and plugins (LDAP, Management and MQTT).
3.2.1
This fixes a number of bugs in 3.2.0 and earlier versions.
3.2.0
This release introduces federated queues and features enhanced policies for
aspects of the broker which previously required AMQP arguments. Clients can
now obtain better feedback about authentication failures and broker alarm
conditions.
This release corrects a number of defects in the broker and plugins.
Note that major additions are CredSSP and smart card single-sign-on, but
I have no way of testing them, so rather than adding untested dependencies,
I disabled those options.
rdesktop (1.8.1)
* Fix a typo in configure.ac
* Fix a bug which made rdesktop steal CPU cycles.
* Fix issue with reconnect, make use of deactivate variable
* Added 4 new disconnect reasons with exit codes
* Fix issues of window handling in SeamlessRDP parts of rdesktop
* Fix a backward compability with OpenSSL < 0.9.9
* Fix a bug when code needs a x window available but there are none.
* Fix a sigsegv zeroing memory
* Fix a 64bit portability issue
-- Henrik Andersson <hean01@users.sourceforge.net> 2013-11-18
rdesktop (1.8.0)
* Support for protocol negotiation eg. SSL/TLSv1 and CredSSP
* Support for CredSSP + Kerberos authentication (NLA)
* Support for smart card single-sign-on
* Support passing smart card pin as password as argument
* Added IPC for controlling a master rdesktop process
* Support for connection sharing when using SeamlessRDP
* Improved handling of network connection failures
* Autoreconnect using the connection cookie at network failure
* Fix a few smart card issues
* Fix bug with mouse scroll handling
* Fix for left/right braces in Italian keymap
* Fix crash and memory leak in local drive redirection
* Fixes issues with license files loading/saving
-- Henrik Andersson <hean01@users.sourceforge.net> 2013-08-09
