- Fix for CVE-2008-1105.
- Remove man pages for ldb tools not included in Samba 3.0.
- Fix build for pam_smbpass.
- Fix a crash in tdb_wrap_log().
- BUG 5267: Fix for nmbd termination problems when no interfaces
found.
- BUG 5326: OS/2 servers give strange "high word" replies for
print jobs.
- Remove MS-DFS check that required the target host be ourself.
- BUG 5372: Fix high CPU usage of cupsd on large print servers
by using more efficient CUPS queries in smbd.
- Rewrite integer wrap checks to deal with gcc 4.x optimizations.
- BUG 5095: Fix the enforcement of the "Manage Documents" access right.
- Don't free memory from getpass() in mount.cifs.
- BUG 5460: Fix MS-DFS referral problem in server code.
- Fix bug in Winbind that caused the parent to ignore dead children.
- Fix compile warnings.
- Fix build for pam_smbpass.
- Document build fixes.
- BUG 4235: Improve compliance to the Squid helper protocol.
- BUG 5107: Fix handling of large DNS replies on AIX and Solaris.
- Prevent cycle in Wibind's list of children when reaping dead processes.
- BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2).
- Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts.
- Fix client connections and negotiation with Windows 2008 DCs
in member server code.
- Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2).
- BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket).
- Re-add samr getdispinfoindex parsing which got lost in the glue commit.
- BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex().
Corrects interop problem between Citrix PM and a Samba DC.
- BUG 3840: Fix smbclient connecting to NetApp filers when using
whitespace in the user's password.
- BUG 4901: Fix behavior of "ldap passwd sync = only".
- BUG 5317: Fix debug output from domain_client_validate().
- BUG 5338: Fix format string bug in rpcclient.
- Ensure that "wbinfo -a trusted\\user%password" works correctly
on a Samba DC with trusts.
- BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet
attribute.
- BUG 5350: Fallback to anonymous sessions if not trust password
could be obtained on Samba DCs and member servers.
- BUG 5366: Fix password chat on Sun OpenSolaris (Nevada).
- Fix signing problem in the client with trans requests.
- Fix alignment bug hitting Solaris with "reset in zero vc" activated.
- Fix build with glibc 2.8.
- Enable winbind child processes to do something with signals, in
particular closing and reopening logs on SIGHUP.
- Documentation cleanup after r emerging docs from svn to git and
back-porting from the v3-2 branch.
- Add implementation of machine-authenticated connection to netlogon
pipe used when connecting to win2k and newer domain controllers.
- Fix trusted users on a DC that uses the old idmap syntax.
- Only have Winbind cache domain password policies that were
successfully retrieved.
- Fix alignment bug when marshalling printer data replies.
- Fix DeleteDriverDriverEx() checks to prevent removing in use files.
0.51 Mon May 8 11:55:19 BST 2006
- Deprecation in favour of ZOOM-Perl.
- Fix some compiler warnings.
- Fix typo in documentation (thanks to Kimmo Valtonen).
0.50 Wed Jul 27 13:28:03 BST 2005
- Correct the ResultSet::present() fix that was supposed to be
in the previous release: that code inadvertently always
returned undef in asynchronous mode.
- "ywpriv.h" now #undefines "list", which the Perl development
header files inexplicably and inexcusably #define to
"Perl_list".
- "ywpriv.h" now #undefines "open", which Solaris 9 #defines
(I really can't believe this) to "open64". Maybe Sun would
like me to go round their place and dump a load of _my_ crap
in _their_ workspace?
- New querytype "cql" can be used to pass CQL queries,
untranslated, straight through to the server. Use like:
$conn->search(cql => "au=(kernighan and richie)")
0.49 Thu Apr 21 11:06:02 BST 2005
- Change to the ResultSet::present() API in asynchronous mode:
returns 1 if new requests were queued, 0 if all of the
requested records had already been queued. (No changes to
its usage in synchronous mode.)
- yazwrap/send.c no longer includes <yaz/log.h> (not needed,
generates warning)
0.48 Tue Apr 19 22:36:45 2005
- Patches supplied by Jan Bauer Nielsen <jbn@dtv.dk> to
interpret otherInformation packets, in search responses,
containing a search-info report of subquery counts.
- Patches supplied by Myron Turner <mturner@Ms.UManitoba.CA>
to protect the Net::Z3950 module against certain classes of
badly-behaved server.
- Bring "samples/multiplex.pl" up to date, illustrating the
use of this module to run sequences of queries against
multiple servers in parallel.
0.47 Tue Jan 4 22:15:07 2005
- The "connection refused" condition is now handled more
gracefully, so that there is no error message emitted by
Event.pm, just an undefined value returned and $! set to
ECONNREFUSED.
- Improve many of the comments on this subject.
0.46 Mon Nov 22 23:42:40 2004
- Use the MARC::Record module for rendering MARC records
instead of the older, unsupported and possibly buggy
MARC.pm.
WARNING: This change is backwards incompatible, but that
incompatibility will only affect you if you're relying on
the precise formatting of $rec->render() on MARC records.
0.45 Mon Nov 1 09:13:51 2004
- Support for "charset" and "language" options added by Adam
Dickmeiss.
0.44 Fri May 7 18:00:54 2004
Note that this release consists entirely of
backwards-incompatible changes to new functionality introduced
in 0.43, the previous release. If you use Scan, then all your
Scan code must change; if you do not use Scan, then this
release will not affect you at all.
- Change scan-option names to be ZOOM-compliant.
- Introduce a new enumeration, Net::Z3950::ScanStatus
- Add a new class, Net::Z3950::ScanSet, representing the
results of a Scan operation. This is compliant with the
ZOOM Abstract API, and supports much nicer client code than
the previous release:
$ss = $conn->scan('@attr 1=1003 kern');
$status = $ss->status();
print $ss->errmsg()
if $status == Net::Z3950::ScanSet::Failure;
$count = $ss->size();
($term, $hits) = $ss->term(0);
The scanResponse APDU, which used to be returned from the
scan() method, is still available via the scanResponse()
method, but there is no reason for new code to call this.
- Complete rewrite of the sample client "scan.pl" to use the
new API.
0.43 Thu May 6 14:19:56 2004
- Add support for Scan, using code contributed by Jan Bauer
Nielsen <jbn@dtv.dk>, somewhat tidied up. Use it like this:
$apdu = $conn->scan('@attr 1=1003 kern');
$status = $apdu->scanStatus();
if ($status == 6) print Dumper($apdu->diag());
$count = $apdu->numberOfEntriesReturned();
$term = $apdu->entries()->[0]->termInfo()->term()->general();
$hits = $apdu->entries()->[0]->termInfo()->globalOccurrences();
Subsequent releases will support more corners of the Scan
specification (e.g. displayTerm and friends), and present a
much nicer API with a ZOOM-like ScanSet object. See
http://zoom.z3950.org/api/zoom-1.4.html#3.6
- Included in the "samples" directory is a simple scanning
client program, "scan.pl".
0.42 Wed Mar 31 13:06:09 2004
- Add support for Unix-domain sockets: use "unix" as the
hostname, and the path to the socket file as the port, in
the connection constructor. Like this:
$conn = new Net::Z3950::Connection("unix", "/tmp/socket");
0.41 Wed Mar 17 13:33:43 2004
- When Net::Z3950::Manager::wait() times out, it now returns
an undefined value rather than, as in v0.40, the timeout
value. This code is now tested, thanks to Rick Jansen.
- Minor changes to some of the logic in ResultSet.pm
0.40 Tue Mar 16 13:57:33 2004
- A timeout may be set for a Net::Z3950::Manager's wait() by
setting that manager's "timeout" option to the maximum
number of seconds to wait. Donald Knuth once wrote,
"Beware: this code has not been tested, only proved
correct." _This_ code improves on Knuth in that it has been
neither tested _nor_ proved correct. However, I give you my
solemn promise that I think it probably works, as likely as
not.
0.39 Fri Dec 19 16:08:35 2003
- Recognise record-syntax names such as "USMARC" as well as
enumerators such as Net::Z3950::RecordSyntax::USMARC, in
accordance with what's specified in v1.4 of the ZOOM AAPI.
Such names are recgonised case- and hyphen-insensitively, so
"GRS-1" and "grs1" are equivalent.
- Add "XML" as an alias for the "TEXT_XML" record-syntax.
- Handle the ZOOM AAPI's standard options "pass" and "group"
in preference to the old options "password" and "groupid"
(although these are still also recognised, for the benefit
of old applications.)
- Handle the ZOOM AAPI's standard option "async" in preference
to the old "type" with _value_ "async" (although that's
still also recognised, for the benefit of old applications.)
- Makefile.PL includes support for and instructions about
building against a YAZ in a non-standard place ("non-root
install").
- Another slight refinement to samples/simple.pl's
diagnostics.
- Documentation for diagnostic methods now includes a link to
the BIB-1 diagnostics web-page.
0.38 Fri Oct 24 13:28:42 2003
- Fix a silly bug in Net::Z3950::Record::OPAC::rawdata(),
spotted by Kristina Long. It was trying to return $$this,
like the opaque-array-of-bytes record-types such as USMARC,
whereas in fact $this is itself a Perl structure
representing the record.
- Add a kludge to patch over anti-social behaviour from
servers that sometimes return USMARC records when asked for
OPAC records: the returned record is wrapped in an otherwise
empty OPAC record structure.
0.37 Tue Sep 16 15:14:40 2003
- Remove a pair of extraneous declarations (copied from
"yaz/include/yaz/z-opac.h" for reference) at the end of
translateHoldingsAndCirc(). On recent GCC versions, such as
mine, they were pointless but harmless; but older versions,
such as the one in Debian/stable, croak if you mix
statements and declarations.
- Improve behaviour when a server unilaterally closes the
connection while we're waiting for a Init response.
Previously, this would cause a segmentation fault; now you
get errno set to 104 (ECONNRESET) which is pretty close.
- Improve the OPAC record renderer in Z3950/Record.pm so that
it walks more of the OPAC-record structure. As well as
being prettier, this is better documentation-by-example of
how to use the record structure.
0.36 Fri Sep 12 23:47:00 2003
- Add support for the OPAC record syntax: OPAC records are now
translated into self-describing Perl data-structures,
blessed into the class Net::Z3950::Record::OPAC. There is a
rudimentary renderer included in that class, but
sophisticated applications will want to deal with the data
structure itself. To see it in action, use something like:
$ perl samples/simple.pl alpha.calarts.edu 210 \
MARION fruit preferredRecordSyntax 35
WARNING: for some servers, e.g. troy.lib.sfu.ca:210/innopac,
you MUST request elementSetName "F", otherwise you'll just
be fed USMARC records whatever your preferredRecordSyntax.
- Deal better with unrecognised or malformed APDUs from the
server, e.g. library.ucfv.bc.ca:2200/unicorn when asked
for the USMARC record found by "@attr 1=4 time". Now, the
operation fails with diagnostic code 1001 (Malformed APDU).
- Change all <mike@tecc.co.uk> addresses to
<mike@indexdata.com>. (This change is well overdue, since I
changed jobs seven months ago!)
- Fix reference for PQF in the YAZ manual.
0.35 Fri Jun 27 10:48:03 2003
- Fix all non-US MARC record-types to return raw data from the
rawdata() method rather than, as before, the render()
method.
- Add a new delete() method to Net::Z3950::ResultSet
0.34 Mon May 12 10:17:07 2003
- Slightly more robust cleanup in Manager::forget()
- Make samples/simple.pl a little less simple(!) by making a
manager so that pre-connection options such as
authentication parameters can be set.
- In Makefile.PL, LIBS and INC are now both set via yaz-config,
so you don't need to mess with that file before building.
(Adam Dickmeiss)
- The INC is now inherited by yazwrap/Makefile.PL, so that
this file also does not need to be edited. (Adam Dickmeiss)
- CCFLAGS is no longer set in the yazwrap directory. I only
did that in order to add "-Wall", which is pleasant luxury
but not really necessary; and doing so caused problems as
other, default, components of that setting were discarded on
some platforms. (Adam Dickmeiss)
- Add support for the MAB record syntax, thanks to Heiko
Jansen <JANSEN@hbz-nrw.de>
0.33 Thu Apr 3 09:10:16 2003
- Add explicit statement of GPL licence.
No code changes at all.
1.0 Fri Dec 02, 2005
- The "Nothing Special" release. It's just been almost
three years. I think we can call it 1.0, don't you?
- Added 'queries_exhausted' methods to indicate whether
Google API query limit has been reached (RT ticket
12001)
- Fixed POD errors in Net::Google::Response (RT ticket
8735)
- Updated t/002-spelling.t (RT ticket 11386/11458)
- Updated POD
- Replace ExtUtils::MakeMaker with Module::Build
- Pass maintainership to Bill Stillwell
0.62 Wed Jun 02, 2004
- Fixed POD in N:G:Response (RT bug #5351)
- Updated spel(l)ings in t/002-spelling.t
(RT bug #6183)
- Updated N:G:Search to account to weirdness
in the way SOAP::Lite handles booleans. Not
clear that this is necessarily a problem in
SOAP::Lite but the patch fixes a reported bug
and doesn't seem to break anything else so...
(RT bug #6167)
- Added explicit call to $search->filter(1)
in t/001-search.t (RT bug #6167)
Release 0.17 -- Wed Jul 18 06:30:05 CDT 2007
Enhancements
* Added support for IPv6 (patch from John Jason Brzozowski)
Change 746 on 2002/09/23 by <gbarr@pobox.com> (Graham Barr)
Fix return logic for get and put (patch from Bruce Gray)
Change 726 on 2002/05/27 by <gbarr@pobox.com> (Graham Barr)
Release 0.15
Change 725 on 2002/05/27 by <gbarr@pobox.com> (Graham Barr)
Fix 'Use of uninitialized' warning
Change 693 on 2002/01/11 by <gbarr@pobox.com> (Graham Barr)
Add O_TRUNC to open in get() so an existing file is truncated instead
of unlinked and recreated
Change 646 on 2001/09/17 by <gbarr@pobox.com> (Graham Barr)
Ensure local files are in binmode when transfer is octet mode
Avoid spurious Buffer underflow warning
Change 633 on 2001/09/03 by <gbarr@pobox.com> (Graham Barr)
Release 0.12
Change 614 on 2001/05/29 by <gbarr@pobox.com> (Graham Barr)
Move TFTP out of libnet
The Extensible Messaging and Presence Protocol (XMPP) is an IETF standard
that provides a complete cross protocol messaging solution. The problem
with current IM solutions is that they are all proprietary and cannot
talk to each other. XMPP seeks to get rid of those barriers.
For more information about the Jabber project visit http://www.xmpp.org.
Net::XMPP is a collection of Perl modules that provide a Perl Developer
access to the XMPP protocol. Using OOP modules we provide a clean
interface to writing anything from a full client to a simple protocol
tester.
INADYN is a dynamic DNS client. That is, it maintains the IP address of a
host name. It periodically checks whether the IP address stored by the DNS
server is the real current address of the machine that is running INADYN.
Features:
* supports the following dynamic DNS services:
* dyndns.org (in all three flavors: dynamic, static, custom)
* freedns.afraid.org
* zoneedit.com
* no-ip.com
* maintains up multiple aliases of the same IP address
* runs as a service (Windows 2000/XP, Linux)
* or runs as a console application
* updates the correct IP address even behind a NAT router.
* supports access via http proxy
* does not perform unnecessary updates.
* has 'install and forget it feature'. That is, after install one can
completely forget about it. No maintenance required. (as long as no
bugs are found;-)
BIND 9.5.0 has a number of new features over 9.4, including:
- GSS-TSIG support (RFC 3645).
- DHCID support.
- Experimental http server and statistics support for named via xml.
- More detailed statistics counters including those supported in BIND 8.
- Faster ACL processing.
- Internal documentation generated by Doxygen.
- Efficient LRU cache-cleaning mechanism.
- NSID support (RFC 5001).
Added new dependencies.
Changes:
0.44 Thu Mar 27 08:35:59 GMT 2008
- fix bug with storing files consisting of "0" (thanks to
Martin Atkins)
0.43 Sat Mar 1 10:55:54 GMT 2008
- add binmode() to support Windows (thanks to Gabriel Weinberg)
0.42 Thu Feb 28 06:39:59 GMT 2008
- add exponential backoff upon temporary errors with the new
retry option
0.41 Fri Nov 30 10:42:26 GMT 2007
- fix the expensive tests (patch by BDOLAN)
- added support for EU buckets (patch by BDOLAN)
0.40 Tue Oct 30 11:40:42 GMT 2007
- fix for content length with empty keys by Mark A. Hershberger
- get_key and get_key_filename now return content_length
- rewrote synopsis
- added support for common prefix (thanks to Andy Grundman)
0.39 Sun Aug 19 14:47:01 BST 2007
- add add_key_filename and get_key_filename which send files
directly from disk - good for large files (Jim Blomo)
- support UTF8 keys (Jim Blomo)
- switch back from Build.PL to Makefile.PL
0.38 Sun Mar 4 16:43:28 GMT 2007
- use http_proxy and https_proxy environment variables for proxy
settings (Ask Bjoern Hansen)
- don't add the Authorization header if one is already specified
when making a request - good for allowing caching to resources
that are public. (Ask Bjoern Hansen)
Version 0.4.16 [2008-06-18]
=================================================================
+new !fix ~change -remove | focus: minor bugfixes, improvements
+ --cache,-c
Provides a newt based interface for browsing and re-extracting
previously downloaded videos. Cache table schema (~/.clive/cache)
was updated: added new column "cache_url".
! Sevenload: improved support (reported: Kai Wasserbach)
Affected versions: 0.4.14 - 0.4.15
Some URLs were previously parsed incorrectly.
! Console: "error: unrecognized command"
Affected versions: 0.4.6 - 0.4.15
The above error would be printed out incorrectly if a duplicate
URL was already in the queue.
~ Removed: try..except (ffmpeg subprocess)
Unnecessary code. Cleaned up the subprocess call methods for
both ffmpeg and player.
Version 0.4.15 [2008-06-11]
=================================================================
+new !fix ~change -remove | focus: minor bugfixes, improvements
+ --write-conf: Use http_proxy environment setting
Write http_proxy enviroment setting to config file if it's set.
+ Support: myvideo.* (sr #2024)
As requested.
+ --mask: support for "no" (disable)
Added support for "no" which disables the filtering altogether, e.g.
% clive --mask=no URL
This is the easiest way to keep the original video title. See
the manual page for more info.
Note that this option was renamed to --filter (see further below).
! --scan: "UnicodeDecodeError: 'ascii' codec..." (bug #11805)
Affected versions: clive 0.4.13, 0.4.14
Should no longer occur. See the discussion at:
https://gna.org/bugs/?11805
! Metacafe: "error: extraction url not found"
Affected versions: clive < 0.4.15
Extraction would fail due to the changes made to page HTML.
! StringIO: import failsafe (try..except)
Affected versions: clive < 0.4.15
StringIO was imported incorrectly if cStringIO was not found.
~ Dump HTTP headers if "error: zero content length" occurs
The headers are dumped only if --quiet is not being used and the
headers are available.
~ Options printout: "cache:yes; paste:off; ..." -> "cache:yes / paste:off / .."
Modified the runtime options printout.
~ --mask: renamed (=> --filter)
Renamed --mask to --filter. Kept -m short option. Configuration file
command was also renamed from "output_title_mask" to "output_title_filter".
~ --xclip: append "-o"
clive now appends the "-o" option with a warning to the xclip path if
it's not present.
~ --write-conf: updated comments
Cleaned up the config file comments that clive produces with this option.
Changes in 2.12:
* Fix for unterminated multiline plugin (garbage) output.
Changes in 2.11:
* Added lib64 library paths to configure script for 64-bit systems.
* Added --with-ssl-lib configure script option.
* Added --with-log-facility option to control syslog logging.
Changes in 2.10:
* Moved PDF docs to docs/ subdirectory, added OpenOffice source document.
* A critical result is now returned for child processed that die due to a
signal.
Changes in 2.9:
* Fixed bug with --with-nrpe-group configure script option.
* Fixed bug with check_disk thresholds in sample config file.
* Added NRPE_PROGRAMVERSION and NRPE_MULTILINESUPPORT environment variables
for scripts that need to detect NRPE version and capabilities.
* Added asprintf() support for systems that are missing it.
Changes in 2.8.1:
* Fixed configure script error with user-specified NRPE group.
Changes in 2.8:
* Added support for multiline plugin output (limited to 1KB at the moment).
* Changes to sample config files.
* Added ';' as an additional prohibited metachar for command arguments.
* Updated documentation and added easier installation commands.
Changes in 2.7.1:
* Changed C++ style comment to C style to fix compilation errors on AIX.
Changes in 2.7:
* Patches for detection SSL header and library locations.
* NRPE daemon will now partially ignore non-fatal configuration file errors
and attempt to startup.
Changes in 2.6:
* Added -u option to check_nrpe to return UNKNOWN states on socket timeouts.
* Added connection_timeout variable to NRPE daemon to catch dead client
connections.
* Added graceful timeout to check_nrpe to ensure connection to NRPE daemon
is properly closed.
branch.
Changes since old version 2.5:
* Fix for unscheduled triggered downtime entries.
* Fix for embedded audio in tac and status CGIs.
* Fixed bug in nagiostats utility when reporting host/service check latency.
* Misc code cleanups for compiler warnings.
* Fixed error when reading empty (zero byte) config files.
* Default is now to check for orphaned service checks.
* Fixed bug with non-standard CGI config file location in status data.
* Fixed bugs and simplified examples in sample config files.
* Fix for leading whitespace before comments in object config files.
* Fix for scheduling immediate service check through WAP interface.
* Fix for segfault during expiration or deletion of scheduled downtime.
* Minor documentation updates.
* Minor patches to availability and status CGIs.
* Updated nagiostats with new MRTG vars for tracking buffer usage.
* p1.pl now sets environment var (NAGIOS_PLUGIN) to indicate patch of
plugin being executed.
* Added error messages for passive service checks that don't correspond to
a defined service.
* Fix for handling signals under NPTL.
* Fix for missing check timeout in event broker calls.
* Possible segfault fix during restarts when daemon was performing host
checks.
* Bug fix for bad date format submission in command CGI.
* Bug fix for using servicegroups in service dependency definitions.
* Bug fix for calculating notification interval with service escalations.
* Program version is now displayed in CGIs.
* Fix for keeping service checks in the event queue when active service
checks are disabled globally.
* Bug fix with attempting to access an uninitalized mutex if external
commands are disabled.
* Fix for incorrect latency calculation for passive service checks.
* Fix for a segfault when processing passive host check results with empty
output/perfdata.
* Minor bug fixes in CGIs.
* Fix for not logging passive host check results.
* Minor fix for notification timeout log messages.
* Fix for SIGTERMs being seen as SIGEXITs, non-logging of SIGTERMs/shutdowns.
* Patch to allow non-ASCII characters in notifications, etc.
* Fix for flap detection information not be retained across restarts.
* Fix for cfg_dir directive not working on Solaris.
* Fix for segfault in event broker module code.
* Fix for a possible memory leak in situations where overflow occurs in
check result buffer.
* Fix for a bug with processing service dependency templates with null
master host(group) names.
* Better error logging when failing to rename/move files.
* Minor bug fixes in CGIs to ensure extra host/servicegroup url strings
are terminated properly.
* Patches for possible XSS vulnerability in CGIs (CVE-2007-5803).
Please note that this now needs PTHREAD_DIAGASSERT=A to run properly under
NetBSD-4.0 without the fixsa patch.
Feature Improvements
* Permit SQL authorize_reply_query to be empty.
* Allow setting response packet type in Post-Proxy-Type Fail handler.
* Added install-chown target to set correct permission and ownership make RADMIN=radmin RGROUP=radius install-chown.
* Support for LDAP-Group and other dynamic comparison attribute in unlang. Developed from a patch by Jason Alderfer.
* Added chroot support. See radiusd.conf for comments.
* Allow clients of 0/0. We do not recommend using this, though.
* Moved many module configurations into raddb/modules/*.
Bug Fixes
* Allow proxying to virtual servers for accounting packets, too.
* Added num_fields function to PostgreSQL client. This lets clients be read from a PostgreSQL database.
* Updated proxy fallback mechanism to validate fallback servers, and to process fallback requests in a child thread.
* The realm module returns ok for LOCAL realms, not noop.
* Fixed some DHCP code handling. The examples should now work.
Based on MAINTAINER update request in PR 38930.
While here, add DESTDIR support.
Changes since 3.0.707:
- Implement limiting of number of ports tracked per host,
configurable on the commandline (--ports-max)
- Optionally don't track high ports (--highest-port)
Thanks Dennis!
- Fix rare use-after-free resulting from hosts table reduction.
- Make hosts limit configurable (--hosts-max)
- Option to read from capfile as alternative to live capture
(really only useful for development, benchmarking)
- Add the sniffed interface name to HTML reports.
Thanks Chris!
- pkgsrc - add rc.d script
libtrace 3.0.4 (2008-01-02)
Deprecate wtf:/wag: format. These traces no longer exist.
Cleanup bpf: capture format
add LINUX_SLL header support to get_source_mac()
deprecate trace_get_link() and replace it with the newer
trace_get_packet_buffer()/trace_get_layer2()
Bug: Don't crash when destroying an output trace that failed to
initialise
Use Linux's in kernel BPF filter if available
Add support for Cisco HDLC over PoS
Allow BPF bytecode to be used to construct a filter
Code cleanups
Fix libtrace_ip's bitfields
Fix pcapfile output bug
Documentation cleanups
Discard RT packets when writing pcapfile: files
Add a new "stats" example program
Build system cleanups
Avoid using assert() to report errors
RT packet issues
Properly deal with the packet parsing/length cache when using the
event system
Add a new loss counter framework
Bug: Event framework not generating sleep events when reading traces
from disk
Be more strict about returning NULL from trace_get_payload_from_X()
functions
libtrace 3.0.3 (2007-09-05)
Code cleanups w.r.t warnings
tracesplit_dir now provides a warning of the number of packets that had
an unknown direction at the end of the trace
Fix a segfault in tracereport with rxerrors, non ip
Add support for decoding 802.2 LLC/SNAP and Ethernet II in 802.11 frames
Documentation fixes and clarifications
Fix bug with trace_get_payload_from_80211() and 3 vs 4 frame formats
Deal correctly with uri's with parse errors causing segfaults on cleanup
Minor tidyups to protocol decoders
Add more information to libtracepktdump
Correctly deal with PPP captures
Cache trace_get_capture_length() and trace_get_l3() which are both
heavily used internally
Build system cleanups
Add a GRE tracepktdump decoder
Add a preliminary PPPoE tracepktdump decoder
Add more information to tracereport
Fix bug in legacy decoder with wire lengths
Fix bug in trace_ether_ntoa
Add legacynzix: trace format
Don't assert() on bad packets (instead return BADPACKET) for erf traces
Add TRACE_OPTION_EVENT_REALTIME to allow the event framework to playback
traces in realtime
Rename TRACE_META_FREQ to TRACE_OPTION_META_FREQ to follow naming
convention
Correctly deal with errors when using trace_set_option
Deal better with signals when writing packets to files
Add support for dag 3.x
Improved dag 2.5+ support
dag2.5+ supports setting the snaplen from libtrace
Add support for setting direction on linux int: formats
Consider loopback packets outgoing, not incoming
Fix trace_get_source_mac() for wireless frames
Add support for interfaces_per_input to tracemerge
Fix tracereport direction report
Deprecated wag: and wtf formats
libtrace 3.0.2 (2007-04-27)
Fixed make install for libpacketdump
Add support for tsh: and rf+ tracefiles.
Update support for radiotap
Add a new tool traceflow(1)
More correctly deal with pcap LINKTYPE's vs DLT's
Major cleanups of tracereport
libpacketdump Decoder cleanups
trace_event() memory leak fixes
Fix segfaults with bad arguments in tracesplit(1)
Don't suffix a number if we are only generating one file
Support snapping packets
Minor bugs in libtrace error handling
Misc cleanups and bug fixes
libtrace 3.0.1 (2007-03-26)
Added missing manpages to release tarball
Update manpages
Fixed TCP option length calculation in libpacketdump
tracereport has had a massive tidy up
getopt support for disabling/enabling reports.
Documentation cleanups
Fix 0 byte gzwrite(3)'s were causing the compressed file checksum to fail
RT closing issues
Metadata available
tracedump renamed tracepktdump due to naming conflict in debian
Implement better PoS decoding in libtrace for erf, legacypos.
Build fixes for MacOS
Take MAINTAINER (agreed with salo@)
o Updated to include the latest MAC Address prefixes from the IEEE in
nmap-mac-prefixes [Fyodor]
o NSE engine was cleaned up significantly.
o Nmap now understands the RFC 4007 percent syntax for IPv6 Zone IDs.
o Updated IANA assignment IP list for random IP (-iR)
generation. [Kris]
o NmapFE is now gone. (zenmap is the replacement)
o Added the NSE library (NSELib) which is a library of useful
functions (which can be implemented in LUA or as loadable C/C++
modules) for use by NSE scripts.
o Integrated the Nmap Scripting Engine (NSE) into mainline Nmap.
* Fix for potential vulnerability against compromised/malicious
servers (reported by iDefense)
* Fix for crash with recent versions of X.Org
* Fix for connection to Windows 2008 Server
* ALSA driver added
* Sound drivers can now be selected at runtime
* Smartcard support (Alexi Volkov <alexi@my...>)
* Send physical mouse buttons rather than logical ones
The security fixes had already been integrated into "pkgsrc" as patches.
---
(4.2.4p4) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 902] Fix problems with the -6 flag.
* Updated include/copyright.def (owner and year).
* [Bug 878] Avoid ntpdc use of refid value as unterminated string.
* [Bug 881] Corrected display of pll offset on 64bit systems.
* [Bug 886] Corrected sign handling on 64bit in ntpdc loopinfo command.
* [Bug 889] avoid malloc() interrupted by SIGIO risk
* ntpd/refclock_parse.c: cleanup shutdown while the file descriptor is still open.
* [Bug 885] use emalloc() to get a message at the end of the memory
unsigned types cannot be less than 0
default_ai_family is a short
lose trailing , from enum list
clarify ntp_restrict.c for easier automated analysis
* [Bug 884] don't access recv buffers after having them passed to the free list.
* [Bug 882] allow loopback interfaces to share addresses with other interfaces.
---
(4.2.4p3) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 863] unable to stop ntpd on Windows as the handle reference for events
changed
---
(4.2.4p2) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 854] Broadcast address was not correctly set for interface addresses
* [Bug 829] reduce syslog noise, while there fix Enabled/Disable logging
to reflect the actual configuration.
* [Bug 795] Moved declaration of variable to top of function.
* [Bug 789] Fix multicast client crypto authentication and make sure arriving
multicast packets do not disturb the autokey dance.
* [Bug 785] improve handling of multicast interfaces
(multicast routers still need to run a multicast routing
software/daemon)
* [Bug 527] Don't write from source address length to wrong location
* Upgraded autogen and libopts.
* [Bug 811] ntpd should not read a .ntprc file.
---
(4.2.4p1) (skipped)
---
(4.2.4p0) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 793] Update Hans Lambermont's email address in ntpsweep.
* [Bug 776] Remove unimplemented "rate" flag from ntpdate.
* [Bug 586] Avoid lookups if AI_NUMERICHOST is set.
* [Bug 770] Fix numeric parameters to ntp-keygen (Alain Guibert).
* [Bug 768] Fix io_setbclient() error message.
* [Bug 765] Use net_bind_service capability on linux.
* [Bug 760] The background resolver must be aware of the 'dynamic' keyword.
* [Bug 753] make union timestamp anonymous (Philip Prindeville).
* confopt.html: move description for "dynamic" keyword into the right section.
* pick the right type for the recv*() length argument.
---
(4.2.4) Released by Harlan Stenn <stenn@ntp.org>
* monopt.html fixes from Dave Mills.
* [Bug 452] Do not report kernel PLL/FLL flips.
* [Bug 746] Expert mouseCLOCK USB v2.0 support added.'
* driver8.html updates.
* [Bug 747] Drop <NOBR> tags from ntpdc.html.
* sntp now uses the returned precision to control decimal places.
* sntp -u will use an unprivileged port for its queries.
* [Bug 741] "burst" doesn't work with !unfit peers.
* [Bug 735] Fix a make/gmake VPATH issue on Solaris.
* [Bug 739] ntpd -x should not take an argument.
* [Bug 737] Some systems need help providing struct iovec.
* [Bug 717] Fix libopts compile problem.
* [Bug 728] parse documentation fixes.
* [Bug 734] setsockopt(..., IP_MULTICAST_IF, ...) fails on 64-bit platforms.
* [Bug 732] C-DEX JST2000 patch from Hideo Kuramatsu.
* [Bug 721] check for __ss_family and __ss_len separately.
* [Bug 666] ntpq opeers displays jitter rather than dispersion.
* [Bug 718] Use the recommended type for the saddrlen arg to getsockname().
* [Bug 715] Fix a multicast issue under Linux.
* [Bug 690] Fix a Windows DNS lookup buffer overflow.
* [Bug 670] Resolved a Windows issue with the dynamic interface rescan code.
* K&R C support is being deprecated.
* [Bug 714] ntpq -p should conflict with -i, not -c.
* WWV refclock improvements from Dave Mills.
* [Bug 708] Use thread affinity only for the clock interpolation thread.
* [Bug 706] ntpd can be running several times in parallel.
* [Bug 704] Documentation typos.
* [Bug 701] coverity: NULL dereference in ntp_peer.c
* [Bug 695] libopts does not protect against macro collisions.
* [Bug 693] __adjtimex is independent of ntp_{adj,get}time.
* [Bug 692] sys_limitrejected was not being incremented.
* [Bug 691] restrictions() assumption not always valid.
* [Bug 689] Deprecate HEATH GC-1001 II; the driver never worked.
* [Bug 688] Fix documentation typos.
* [Bug 686] Handle leap seconds better under Windows.
* [Bug 685] Use the Windows multimedia timer.
* [Bug 684] Only allow debug options if debugging is enabled.
* [Bug 683] Use the right version string.
* [Bug 680] Fix the generated version string on Windows.
* [Bug 678] Use the correct size for control messages.
* [Bug 677] Do not check uint_t in configure.ac.
* [Bug 676] Use the right value for msg_namelen.
* [Bug 675] Make sure ntpd builds without debugging.
* [Bug 672] Fix cross-platform structure padding/size differences.
* [Bug 660] New TIMESTAMP code fails tp build on Solaris Express.
* [Bug 659] libopts does not build under Windows.
* [Bug 658] HP-UX with cc needs -Wp,-H8166 in CFLAGS.
* [Bug 656] ntpdate doesn't work with multicast address.
* [Bug 638] STREAMS_TLI is deprecated - remove it.
* [Bug 635] Fix tOptions definition.
* [Bug 628] Fallback to ntp discipline not working for large offsets.
* [Bug 622] Dynamic interface tracking for ntpd.
* [Bug 603] Don't link with libelf if it's not needed.
* [Bug 523] ntpd service under Windows does't shut down properly.
* [Bug 500] sntp should always be built.
* [Bug 479] Fix the -P option.
* [Bug 421] Support the bc637PCI-U card.
* [Bug 342] Deprecate broken TRAK refclock driver.
* [Bug 340] Deprecate broken MSF EES refclock driver.
* [Bug 153] Don't do DNS lookups on address masks.
* [Bug 143] Fix interrupted system call on HP-UX.
* [Bug 42] Distribution tarballs should be signed.
* Support separate PPS devices for PARSE refclocks.
* [Bug 637, 51?] Dynamic interface scanning can now be done.
* Options processing now uses GNU AutoGen.
---
(4.2.2p4) Released by Harlan Stenn <stenn@ntp.org>
* [Bug 710] compat getnameinfo() has off-by-one error
* [Bug 690] Buffer overflow in Windows when doing DNS Lookups
---
(4.2.2p3) Released by Harlan Stenn <stenn@ntp.org>
* Make the ChangeLog file cleaner and easier to read
* [Bug 601] ntpq's decodeint uses an extra level of indirection
* [Bug 657] Different OSes need different sized args for IP_MULTICAST_LOOP
* release engineering/build changes
* Documentation fixes
* Get sntp working under AIX-5
---
(4.2.2p2) (broken)
* Get sntp working under AIX-5
---
(4.2.2p1)
* [Bug 661] Use environment variable to specify the base path to openssl.
* Resolve an ambiguity in the copyright notice
* Added some new documentation files
* URL cleanup in the documentation
* [Bug 657]: IP_MULTICAST_LOOP uses a u_char value/size
* quiet gcc4 complaints
* more Coverity fixes
* [Bug 614] manage file descriptors better
* [Bug 632] update kernel PPS offsets when PPS offset is re-configured
* [Bug 637] Ignore UP in*addr_any interfaces
* [Bug 633] Avoid writing files in srcdir
* release engineering/build changes
---
(4.2.2)
* SNTP
* Many bugfixes
* Implements the current "goal state" of NTPv4
* Autokey improvements
* Much better IPv6 support
* [Bug 360] ntpd loses handles with LAN connection disabled.
* [Bug 239] Fix intermittent autokey failure with multicast clients.
* Rewrite of the multicast code
* New version numbering scheme
- better logging for nsd-notify and db creation failures
- nsdc start checks if nsd is already running
- fix loading data from files with relative names when chrootdir ends
with a slash
- fix a case when nsd would return FORMERR for edns queries with version
0 and rdlen larger than 0.
- don't answer nsec3 wildcard information when DO bit is not set
* Changes in Wget 1.11.3
** Downgraded -N with -O to a warning, rather than an error.
* Changes in Wget 1.11.2
** Fixed a problem in authenticating over HTTPS through a proxy.
(Regression in 1.11 over 1.10.2.)
** The combination of -r or -p with -O, which was disallowed in 1.11,
has been downgraded to a warning in 1.11.2. (-O and -N, which was never
meaningful, is still an error.)
** Further improvements to progress bar displays in non-English locales
(too many spaces could be inserted, causing the display to scroll).
** Successive invocations of Wget on FTP URLS, with --no-remove-listing
and --continue, was causing Wget to append, rather than replace,
information in the .listing file, and thereby download the same files
multiple times. This has been fixed in 1.11.2.
** Wget 1.11 no longer allowed ".." to persist at the beginning of URLs,
for improved conformance with RFC 3986. However, this behavior presents
problems for some FTP setups, and so they are now preserved again, for
FTP URLs only.
- support $VARBASE
- vpnc.conf was installed in the wrong place, rather than move it use
default.conf instead to mirror what vpnc does natively, and install
with secure permissions (as it contains passwords)
- shell portability
Bump PKGREVISION. Ok'd Jukka/Hubert.
crashes on various architectures and system, such as, for example,
the check_icmp bus error on sparc64.
Changes in 1.4.4:
- check_ntp is now written in C instead of Perl.
- check_disk bugfixes.
- check_udp2, check_udp and check_tcp are now united.
- check_mailq now reports mailq errors better.
- check_snmp now compiles with a sane amount of effort.
Changes in 1.4.5:
- Fixed bug in perl's is_hostname routine.
Changes in 1.4.6:
- check_ping and netutils.c now do less DNS lookups.
- alloca.h related compile fixes.
- check_swap now works on Solaris too.
- check_disk perf data can now be monitored.
- check_procs had a buffer overflow.
- Fixed UNIX socket error handling.
- check_by_ssh now can pass -q and -o to ssh.
- GNUlib sync.
- check_jabber can now return things different from a warning.
Changes in 1.4.7:
- check_procs uses /usr/ucb/ps on Solaris which fixes pst3 problems.
- check_smtp does a non-broken HELO now.
- check_icmp can now have a minimum number of required hosts and also
works if running for a long time on BSDs.
- check_ping timeout reduced.
- Everybody can now execute SUID check plugins unless indicated otherwise
to configure.
Changes in 1.4.8:
- check_disk now has an extra option for regex matching and grouping of FSes.
- check_ntp various fixes.
Changes in 1.4.9:
- New plugin check_cluster (not built by pkgsrc).
- check_by_ssh now has improved stderr/stdout handling options (-E/-S).
- check_ldap, check_radius and check_pgsql compile fixes.
- check_snmp 64-bit counter support.
- Better underflow checking for check_time.
- check_http output is more consistent now.
- check_http HTTP redirect segfault fixes.
- check_tcp doesn't segfault anymore when multiple expect strings are given.
- check_tcp now supports -A to check if all expect strings match.
Changes in 1.4.10:
- check_http redirect buffer overflow vulnerability fixed (was fixed
in pkgsrc before).
- check_http now shuts down HTTP/1.1 keepalive connections cleanly.
- check_ldaps doesn't guess anymore whether to use SSL or STARTTLS.
- check_disk now calls stat on all file systems.
- check_disk now supports the -L flag for local file system checks.
- check_disk now supports -i/-I for ignoring paths/partitions by regex.
- check_disk now supports -A to select all file systems explicitly.
- check_disk now needs to have the -E flag passed before -p or -r/-R.
- check_disk is no longer buggy when case sensitive and insensitive regexes
are mixed.
- check_dhcp now supports -u (unicast) to emulate a relay.
- check_dhcp now lets you specify the MAC address in the request using -m.
- check_dhcp -r and -s options now accept host names.
- check_icmp no longer bus errors on various platforms.
- check_smtp now handles multiple-packet server responses properly.
- Negate command line options are no longer evaluated twice by the shell.
- Negate commands to be run must now be fully qualified.
- Negate can now remap custom states.
- check_radius now supports radius-client-ng (was already in pkgsrc).
- check_by_ssh now supports multiline output.
- check_ntp now honors ntp flags.
Changes in 1.4.10:
- check_ntp returns UNKNOWN rather than WARNING if no jitter is available.
- check_cluster now accept all valid characters in its thresholds.
- check_ntp is now deprecated in favor of check_ntp_peer and check_ntp_time.
- check_disk no longer reports OK if disk usage exceeds 100%.
- check_load handles non-triplet arguments correctly now.
- Nagios::Plugin updated to 0.22.
Fixed --version flag in dhcrelay
Clarified error message when lease limit exceeded
Log messages when failover peer names mismatch have been improved to point out t
he problem.
Manpage entries in dhcp-options.5 for the 'domain-list' format have been updated
.
The 'min-secs' configuration parameter's log message has been updated to be more
helpful.
Fixes to allow code to compile on Mac OS X Leopard (10.5).
See http://www.isc.org/sw/dhcp/dhcp_rel2.php for all the details
Fixed --version flag in dhcrelay
Clarified error message when lease limit exceeded
Log messages when failover peer names mismatch have been improved to point out the problem.
Manpage entries in dhcp-options.5 for the 'domain-list' format have been updated.
The 'min-secs' configuration parameter's log message has been updated to be more helpful.
Fixes to allow code to compile on Mac OS X Leopard (10.5).
See http://www.isc.org/sw/dhcp/dhcp_rel2.php for all the details
Version 0.4.14 [2008-05-26]
=================================================================
+new !fix ~change -remove | focus: minor bugfixes, improvements
+ Support: sevenload.com (sr #2015)
Contributor: Kai Wasserbach
http://bugs.debian.org/482289
Minor modifications were made to the contributed patch to maintain
backward compatibility with Python 2.4.
+ Scan: GoogleVideo support
--scan now looks for embedded google videos.
+ Scripts: run.py, build.py
These used to be available in the svn repository only.
build.py:
* builds and installs clive to top_srcdir/dist subdir
* wraps "configure" and "make install"
* wraps CFLAGS and LDFLAGS for building newt (bundled)
* takes any of the configure parameters
run.py: runs clive from the top_srcdir/dist subdir
* Wraps PYTHONPATH
* takes any of the clive parameters
Example:
% ./build.py --without-newt
% ./run.py --no-cache URL
! GoogleVideo: "error: extraction url not found" [blocker]
Affected versions: clive 0.4.12, 0.4.13
Low quality video extraction would fail due to page HTML changes.
! File extension
Affected versions: clive < 0.4.14
mp4 file extension was used incorrectly for Metacafe and Guba videos.
! manual page
Typos.
~ code cleanup
Replaced "if .. .find(..) !=/== -1" with "if .. in .."
Includes fix for CVE-2008-1804
[*] New Additions
* Target-Based support to allow rules to use an attribute table
describing services running on various hosts on the network.
Eliminates reliance on port-based rules.
* Support for GRE encapsulation for both IPv4 & IPv6.
* Support for IP over IP tunneling for both IPv4 & IPv6.
* SSL preprocessor to allow ability to not inspect encrypted traffic.
* Ability to read mulitple PCAPs from the command line.
* Support for new CVS rule detection options.
[*] Improvements
* Update to HTTP Inspect to identify overly long HTTP header fields.
* Updates to IPv6 support, including changes to avoid namespace
conflicts for certain Operating systems.
* Updates to address issues seen on various Sparc platforms.
* Stricter enforcement of shared object versions to avoid API
conflicts.
2008/05/02: version 2.9.5 = tag release-2-9-5
6503: Remove release status when download is finished
2008/03/31
6465: BT: Send correct downloaded value when download starts to tracker
(colchaodemola)
6477: Use $MLDONKEY_DIR/mlnet_tmp instead of /tmp
- This patch fixes problems with hash checking of multifile BT
downloads when /tmp is too small.
- To override $MLDONKEY_DIR/mlnet_tmp use variable $MLDONKEY_TEMP.
This patch has nothing to do with option temp_directory.
6472: Multiuser: Count only files in download queue for user/group statistics
6471: Clean logfile
6470: BT: Use default of max_upload_slots as minimum for BT-max_bt_uploaders
instead of hard-coded value
2008/03/18
6466: Fix option_hook loop when changing max_upload_slots < 3,
caused by patch #6451
2008/03/14
6462: Multiuser: Restrict chown to admin users only
2008/03/11
6458: Fix commit bug when filesystem reports negative values
for maximum filename length
2008/03/07
6451: BT: Implement minimum of 3 (like max_upload_slots)
for option max_bt_uploaders
Version 0.4.13 [2008-05-20]
=================================================================
+new !fix ~change -remove | focus: minor feature enhancements
+ --scan, -S
Causes clive to scan the fed URLs for identifiable video links.
The found links are then checked and displayed to the user for
selection.
Example:
% clive -S "http://fakesteve.blogspot.com/"
This feature currently scans for Youtube video links only.
Googlevideo support will follow.
! manual page
Cleaned up and fixed some typos.
~ config: url_feed -> feed_url
Renamed config file command "url_feed" to "feed_url".
Version 0.4.12 [2008-05-12]
=================================================================
+new !fix ~change -remove | focus: Minor bugfixes
! VGoogle: OSError: [Errno 2] No such file or directory (bug #11668)
Affected versions: clive 0.4.10, 0.4.11
Extraction would fail for google videos that did not have mp4
link available. See also:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480444
! cache: "OperationalError: no such column: cache_lowq" [blocker]
Affected versions: clive 0.4.10, 0.4.11
Cache upgrade would fail on some configurations for still unknown
reasons. clive will attempt to recreate the cache if the above error
occurs. Any existing cache data will be lost. See also:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479315
~ configure.ac: module checks
configure no longer checks for modules (urlgrabber, feedparser) when
--without-PACKAGE or --with-PACKAGE=no are being used.
~ Warnings: tweaked
Some warnings have been tweaked.
with previous versions, but also to have many new features, such as:
* simple policy language (see "man unlang")
* virtual servers (raddb/sites-available/README)
* IPv6 support
* better proxy support (raddb/proxy.conf)
* More EAP types
* Debugging output should be MUCH easier to understand
* VMPS support
* More modules are marked "stable" (python, etc.)
* SQL configuration has been cleaned up (see raddb/sql/*)
* limited support for HUP
* check configuration and exit (radiusd -C)
* Server core is now event based (simpler, more powerful)
check can be abused for implementation specific exploitation: depending on
the use of libbind, this can result in denial of service or even remote
code execution.
1) An integer underflow error in iso.c when processing RDP requests can
be exploited to cause a heap-based buffer overflow.
2) An input validation error in rdp.c when processing RDP redirect
requests can be exploited to cause a BSS-based buffer overflow.
3) A signedness error within "xrealloc()" in rdesktop.c can be exploited
to cause a heap-based buffer overflow.
Packages Collection.
NetAddr (formerly IPAdmin) is a Ruby package for working with
network addresses. Includes: ability to subnet/supernet IPv4 and
IPv6 space, create CIDR-based hierarchical trees, manipulate MAC
addresses, and much more.
