The connection sharing didn't handle the case of active transfers
correctly and tried to close the connection in that case (PR 42607).
Correctly check if there is a transfer going on and just leave the
connection alone in that case.
by dillo@
Changes in version 0.2.1.21 - 2009-12-21
o Major bugfixes:
- Work around a security feature in OpenSSL 0.9.8l that prevents our
handshake from working unless we explicitly tell OpenSSL that we
are using SSL renegotiation safely. We are, of course, but OpenSSL
0.9.8l won't work unless we say we are.
- Avoid crashing if the client is trying to upload many bytes and the
circuit gets torn down at the same time, or if the flip side
happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.
o Minor bugfixes:
- Do not refuse to learn about authority certs and v2 networkstatus
documents that are older than the latest consensus. This bug might
have degraded client bootstrapping. Bugfix on 0.2.0.10-alpha.
Spotted and fixed by xmux.
- Fix a couple of very-hard-to-trigger memory leaks, and one hard-to-
trigger platform-specific option misparsing case found by Coverity
Scan.
- Fix a compilation warning on Fedora 12 by removing an impossible-to-
trigger assert. Fixes bug 1173.
check twice with AC_CHECK_LIB (without and with OTHER-LIBRARIES) doesn't
work due to caching. So give up and just check separately for
-lssl/-lcrypto and hope for the best.
- Fixed a bogus free when using --xattrs with --backup.
- Avoid an error when --dry-run was trying to stat a prior hard-link file
that hasn't really been created.
- Fixed a problem with --compress (-z) where the receiving side could
return the error "inflate (token) returned -5".
- Fixed a bug where --delete-during could delete in a directory before it
noticed that the sending side sent an I/O error for that directory (both
sides of the transfer must be at least 3.0.7).
- Improved --skip-compress's error handling of bad character-sets and got
rid of a lingering debug fprintf().
- Fixed the daemon's conveyance of io_error value from the sender.
- An rsync daemon use seteuid() (when available) if it used setuid().
- Get the permissions right on a --fake-super transferred directory that
needs more owner permissions to emulate root behavior.
- An absolute-path filter rule (i.e. with a '/' modifier) no longer loses
its modifier when sending the filter rules to the remote rsync.
- Improved the "--delete does not work without -r or -d" message.
- Improved rsync's handling of --timeout to avoid a weird timeout case
where the sender could timeout even though it has recently written data
to the socket (but hasn't read data recently, due to the writing).
- Some misc manpage improvements.
- Fixed the chmod-temp-dir testsuite on a system without /var/tmp.
- Make sure that a timeout specified in the daemon's config is used as a
maximum timeout value when the user also specifies a timeout.
- Improved the error-exit reporting when rsync gets an error trying to
cleanup after an error: the initial error is reported.
- Improved configure's detection of IPv6 for solaris and cygwin.
- The AIX sysacls routines will now return ENOSYS if ENOTSUP is missing.
- Made our (only used if missing) getaddrinfo() routine use inet_pton()
(which we also provide) instead of inet_aton().
- The exit-related debug messages now mention the program's role so it is
clear who output what message.
Approved by Alistair Crooks.
Changes:
- Added a simple scheduler framework.
- Don't send numwant in STOPPED messages as some trackers are stupid about
it.
- Reintroduced clearing of epoll event list when a socket is closed as
it might cause race conditions.
- Added cppUnit test framework. Tests will be added on rather unregular
basis.
- Logging for SCGI calls.
- Fixed handling of errors when writing out session torrents, it should
no longer hit an infinite loop.
- Fixed a bug that would cause reading of a piece to hang rtorrent if
the incoming data contains only data up to a file boundary, but not
the next file's data.
- Fixes a file handle leak in the execute_capture functions.
- Fixed crash on empty bitfield in 'd.bitfield'.
- Fixed the Object::flag_unordered code to handle initial zero-length
keys. Ticket #1950.
- Made torrent::Rate::rate_type uint64_t and added sanity checks due to
reports of bad download/upload values being reported to some trackers.
OK tron@ wiz@
* dhcpcd logs even in quiet mode.
* Sleep for 1/100th of a second to give time for kernel to send RELEASE.
* -S option now works.
* Only warn about using CSR on bind.
* Fix detection of route deletion on Linux.
Changes since version 1.3.2:
* Added Taiwan translation.
* Added a workaround in mod_tls to deal with the vulnerability found in
SSL/TLS protocol during renegotiation (CVE-2009-3555). Good
descriptions of this vulnerability can be found here:
http://extendedsubset.com/?p=8http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
The workaround implemented in mod_tls (Bug#3324) is one of the suggested
mitigation approaches: the server now refuses all client-initiated
SSL/TLS session renegotiations.
* Bug and regression fixes.
* Added French, Bulgarian, Korean translations.
* Various bug and regression fixes.
Changes since 1.2.4:
Bugfixes:
* The following vulnerabilities have been fixed. See the security advisory
for details and a workaround.
* The Daintree SNA file parser could overflow a buffer. (Bug 4294)
* The SMB and SMB2 dissectors could crash. (Bug 4301)
* The IPMI dissector could crash on Windows. (Bug 4319)
* Wireshark does not graph rtp streams. (Bug 3801)
* Wireshark showing extraneous data in a TCP stream. (Bug 3955)
* Wrong decoding of gtp.target identification. (Bug 3974)
* TTE dissector bug. (Bug 4247)
* Upper case in Lua pref symbol causes Wireshark to crash. (Bug 4255)
* OpenBSD 4.5 build fails at epan/dissectors/packet-rpcap.c. (Bug 4258)
* Incorrect display of stream data using "Follow tcp stream" option. (Bug 4288)
* Custom RADIUS dictionary can cause a crash. (Bug 4316)
Updated Protocol Support:
* DAP, eDonkey, GTP, IPMI, MIP, RADIUS, RANAP, SMB, SMB2, TCP, TTE, VNC,
X.509sat
Updated Capture File Support:
* Daintree SNA.
This is a bug fix release, which includes some important fixes to --extra-opts (a way of specifying command line options within files).
* check_http has options to specify the HTTP method (#2155152)
* check_users thresholds were not working exactly as documented (>= rather
than >)
Changes since 3.1.0:
* Fix for CPU hogging in service and host check scheduling logic
* New "important check command" flag for use in service templates,
to aid configuration in distributed environments
* Fix for nagios validation error when no services defined
* Fix for stylesheet link
* Fix for extinfo.cgi error message when cgi.cfg doesn't exist
* Fix for notifications.cgi where Update button on right didn't retain
host information wh en no host= was in query parameters
* Fix for potential bug where a contactgroup with no members could cause
parsing errors
* Fix for W3 validation for history.cgi
* Fix for W3 validation for extinfo.cgi
* Fix for nagiostats to return non-zero with failures in MRTG mode
* Added t/ directory for tests. Use make test to run. Requires perl on
development server
* Fix for duplicate event_id attributes in status and retention data
* Fix for duplicate unlink() during check processing
* Added missing check period column to host config display (CGI)
* Fix for embedded Perl initialization under FreeBSD
* Fix for incorrect re-initialization of mutext after program restart
* Fix for incorrect weighting in host flap detection logic
* Added libtap to distribution. Use ./configure --enable-libtap to compile
* nagios.log permissions are now kept after log rotation
* Fix for "Max concurrent service checks (X) has been reached" messages -
will now push se rvices 5 + random(10) seconds ahead for retry
* Fix for incorrect service history link text in CGIs
* Fix for useless code loop in netutils.c
* Fix for potential divide by zero in event scheduling code
* Fix for trailing backslash in plugin output causing memory corruption
in CGIs
* Fix for bug that could affect host/service scheduling during clock time
skew or changes to timeperod definitions between restarts
* Leading whitespace from continuation lines in configuration files is
now stripped out
* Fix for bug where pipe (used by IPC) file descriptors get inherited by
child processed ( e.g. event handlers) (bug #0000026)
* Fix for failure to daemonize - Nagios now bails (bug #0000011)
* Fix for notifications about flapping starting not processed properly by
retention data
* Patch to add transparency to statusmap icons for truecolor images
* Patch to add read-only permissions to extinfo CGI
* Security fix for statuswml.cgi where arbitrary shell injection was
possible
2009-11-23 Shlomi Fish <shlomif@iglu.org.il>
* Applied a modified version of a patch by Matthew Horsfall
<wolfsage@gmail.com> in order to add t/blocking.t and deal with the
blocking sockets properly.
* New Release IO-Scoket-INET6-2.57
libnice 0.0.10 (2009-11-04)
===========================
Fix some memory leaks with the gstreamer elements
Fix username/foundation for google TURN candidates
Fix the sending of hundreds of connectivity checks at once the stream is connected
Fix BSD support
Fix reprocessing of already processed early incoming checks when in dribble-mode
Fix a rare crash with failing relay candidates allocations
Add a stun_agent_set_software API
Add a nice_agent_set_software API
pkgsrc changes:
* change HOMEPAGE and MASTER_SITES to new Sourceforge's one.
* set LICENSE=2-clause-bsd
* add user-destdir support
ISIC (v0.07) 12/22/2006, by Shu Xiao (sxiao@cisco.com)
- New IPv6 utilities: isic6, tcpsic6, udpsic6, icmpsic6.
- New tool multisic for sending random multicast UDP packets.
- Fixed compilation errors with GCC v4.
- Added -k skip option for esic per the request from some users.
- Placed the flood control under low traffic limit case only.
The original flood protection code calls gettimeofday(),
and runs after sending each packet. This is time consumping
and prevents the tool from reaching high traffic limit
on high speed interface (eg. 1000Base-TX). Now the flood
control will take effect only if the specified maximum rate
is less than 10MB/s.
- Corrected -t option bug with tcpsic:
The old one was using it reversely, e.g. -t 30 would generate
packet with 30% of them having correct TCP checksum. But -t
is actually for the percentage of bad TCP checksum.
- Changed to used 32-bit random numbers for some fields:
For IPv4 *sic tools, the source/destination IP address and
TCP sequence/acknowledge numbers are 32-bit width, and
should be assigned with equal size random numbers. The old
code did not do shifting correctly.
- Changed the default value to 10 for all percentage options.
- Cleaned the usage printout of icmpsic:
There were ports used in the usage printout of icmpsic. This
was misleading since no ports arguments needed for it.
- New manual page, try to get more help with "man isic".
* buildlink bin/libnet{10,11}-config to bin/libnet-config for comvenience
(they ware renamed in pkgsrc to avoid conflict)
* remove -lnet from BUILDLINK_CPPFLAGS.libnet11.
linker flags should not be in CPPFLAGS, and it berak likage with libtool
as reported in PR 37300.
* libnet11 install just a static library, so set defaut DEPMETHOD = build
Bump PKGREVISION for libnet11 related packages (net/isic will be updated later).
* remove addition CFLAGS=-I${LOCALBASE}/include to CONFIGURE_ENV.
${LOCALBASE} should not used in package's Makefile,
and should not reset CFLAGS here, moreover, default CFLAGS is sufficient.
* add user-destdir support.
--- 3.0.52 2009/12/03
tcpip comstack: fix use of uinitialized variable in cs_straddr. This
bug was introduced in 3.0.51.
--- 3.0.51 2009/12/02
tcpip comstack: Remove TCP receiver buffer optimizations for Solaris.
tcpip comstack: fix leak for getaddrinfo.
Encoding of SRU database is performed by yaz_encode_sru_dbpath_odr or
yaz_encode_sru_dbpath_buf. Now used by yaz-client and the ZOOM API.
Decoding of SRU "path" database is performed by private function
yaz_decode_sru_dbpath_odr . This in turn is used by yaz_srw_decode
and yaz_sru_decode in server applications, GFS, yazproxy, metaproxy.
yaz-client: honor base command for SRU. Change when database setting
is applied for SRU and ensure it is kept when a connection is reset.
Change also the way errors are displayed or SRU (decoding of packages).
1.6.3 2009-12-04
* Bugfix: allow for unknown resource records in zonefile with rdlen=0.
* Bugfix: also mark an RR as question if it comes from the wire
* Bugfix: NSEC3 bitmap contained NSEC
* Bugfix: Inherit class when creating signatures
1.6.2 2009-11-12
* Fix Makefile patch from Havard Eidnes, better install.sh usage.
* Fix parse error on SOA serial of 2910532839.
Fix print of ';' and readback of '\;' in names, also for '\\'.
Fix parse of '\(' and '\)' in names. Also for file read. Also '\.'
* Fix signature creation when TTLs are different for RRs in RRset.
* bug273: fix so EDNS rdata is included in pkt to wire conversion.
* bug274: fix use of c++ keyword 'class' for RR class in the code.
* bug275: fix memory leak of packet edns rdata.
* Fix timeout procedure for TCP and AXFR on Solaris.
* Fix occasional NSEC bitmap bogus
* Fix rr comparing (was in reversed order since 1.6.0)
* bug278: fix parsing HINFO rdata (and other cases).
* Fix previous owner name: also pick up if owner name is @.
* RFC5702: enabled sha2 functions by default. This requires OpenSSL 0.9.8 or higher.
Reason for this default is the root to be signed with RSASHA256.
* Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP, very long lines
* Fix: Make ldns_dname_is_subdomain case insensitive.
* Fix ldns-verify-zone so that address records at zone NS set are not considered glue
(Or glue records fall below delegation)
* Fix LOC RR altitude printing.
* Feature: Added period (e.g. '3m6d') support at explicit TTLs.
* Feature: DNSKEY rrset by default signed with minimal signatures
but -A option for ldns-signzone to sign it with all keys.
This makes the DNSKEY responses smaller for signed domains.
KDE SC 4.3.4 has a number of improvements:
* A bugfix in Plasma's pixmap cache makes the workspace more responsive
* Okular, the document viewer improved stability in certain situations
* Marble, the desktop globe has seen some polish
* Passphrases with non-ASCII characters have been fixed in the KGpg
encryption tool
