In the process of the development of Asterisk a new protocol has gathered
the attention among the VoIP users - the Inter-Asterisk eXchange, or IAX
(TM), Protocol, used as a the native communication protocol between
Asterisk PBX Servers. What is particularly good in it is that it requires
only one UDP port per endpoint to create a successful communication channel
for VoIP calls. This makes it much friendlier for users behind NAT, which
is not the case with SIP and H.323 - they required specific router
configurations for their channel establishment, thus hindering faster
spread of VoIP on the home and corporate desktop.
*** Security Fix ***
Changes 5.3:
*** Important Notes ***
Several very significant changes have been made in Net-SNMP for this
release that warrant special attention.
- shared library version number no longer matches the release number. We
now follow the versioning scheme recommended by libtool. For the 5.3
release this means that the libraries now have a SONAME ending with
".so.10", e.g. libnetsnmp.so.10.
- snmpd has not been truncating log files at startup, as documented in
the man pages, for a while now. This default behaviour has been restored.
Please use the '-A' flag if you want to continue appending to your log
files at startup.
- snmptrapd will no longer accept all traps by default. It must be
configured with authorized SNMPv1/v2c community strings and/or SNMPv3
users. Non-authorized traps/informs will be dropped.
- Due to a copyright statement that didn't allow modifications,
snmpnetstat has been completely rewritten. The new version now
accepts the same command-line options as the other tools, which
has introduced a number of incompatible changes. However, it
does now finally support SNMPv3.
And set it in the make environment.
This fixes installation of man page as seen on DragonFly bulk build.
Revision not bumped since no change for systems where this worked before.
requires more than the default 64. Bump PKGREVISION to 1.
Fixes PR pkg/32602.
I guess the real solution could be to modify mldonkey's source to unlimit
this value itself, but I don't want to deal with (i.e., learn) ocaml code...
This fixes vulnid:1747 (denial-of-service vulnerability).
18-Jan-2006 Don Moore <bboy@bboy.net> [1.1.0]
- Implemented RFC 2136 (DNS UPDATE). See the manual for usage instructions.
- Fixed minor bug in admin.php where if db_get_settings() failed, it might
display an error message without consistent formatting.
- Added two additional fields to the --verbose query log. The opcode of the
query (QUERY or UPDATE), and a quoted field containing a description of the
UPDATE performed, if the opcode was UPDATE.
- Updated contrib/stats.php to handle new log fields.
- Fixed bug in --dump-config -- if present, fields without default values
("no-listen", "soa-where", "rr-where", and "recursive") were not being
dumped.
- Made --dump-config dump ALL possible configuration options, even if no value
was originally specified. As such, MyDNS will no longer warn the user when
a config option doesn't have a value. It will be silently ignored.
- Including <inttypes.h> after a suggestion by Christian Tschenett, to help
things out on 64-bit platforms like OSX. If this creates problems on your
platform, please let me know.
- Modified admin.php to allow a backslash in the 'mbox' field, immediately
preceding a dot. This is used in DNS to indicate the presence of a dot in
the username part of the administrator's email address. There was an
additional bug report from Andreas Grip that MyDNS was replying with the
slashes doubled up in this case, but it appears to be a problem with the
"dig" program, not MyDNS.
- Fixed bug with "rr-where" clause -- conf.c was using "soa-where" instead.
David Darville first reported this bug. Michael Gile submitted it two
minutes later, with a patch.
- Added "create_domain.pl" to the contrib/ directory. Thanks to Gerard de
Brieder for this script. See contrib/README for more information.
- Fixed bug in src/lib/rr.c (mydns_rr_load) that caused a segfault if origin
was NULL (it was designed to allow NULL, but this version is the first to
ever call it in that way).
- Added support for NAPTR (RFC 2915) records. Users with existing MyDNS
databases will need to alter their tables to allow "NAPTR" in the "type"
column if they want to use NAPTR.
- Renamed library functions mydns_parse_rr() and mydns_parse_soa() to
mydns_rr_parse() and mydns_soa_parse(), for consistency.
- Library functions mydns_rr_dup() and mydns_soa_dup() now fail (terminating
the program) if out of memory.
- Moved routines that parse data for individual RR types (RP, SRV, and NAPTR)
into individual functions from mydns_rr_parse for clarity.
- Fixed bug where AXFR might transmit incorrect information if a FQDN is used
in the 'name' field.
- Fixed AXFR bug with ALIAS enabled. Thanks to Sven Wegener for the patch.
- Created file "README.mysql" to address various problems common while
compiling with MySQL support.
- Fixed "use of cast expressions as lvalues is deprecated" warning (caused
compilation abort with --enable-debug).
- Added hostname to beginning of SIGUSR1 status output.
- Renamed "update" column in the soa table to "update_acl"; how could I be so
stupid as to name a column "update"?!
- Fixed a critical denial-of-service vulnerability.
2006/01/19: version 2.7.3 = tag release-2-7-3
4791: web_infos: New type geoip.dat, save files to local disk,
re-download only if file on server is newer
- now all files except type "rss" in web_infos are saved to local disk
if not present or server version is newer
- MLDonkey uses HTML header last-modified to check if a file has been updated
- downloaded file timestamp is changed to last-modified time
- show number of IP blocking ranges in runinfo
- new web_infos kind: geoip.dat
- automatically add geoip.dat to web_infos
- support for *.gz|bz2|zip compressed GeoIP.dat files
4811: EDK: Print warning when starting a file too big for filesystem,
clean Ux32 logging
4810: Update search results with highest avail/completesources tags (zet)
2006/01/16
4803: BT: force uniqueness of added trackers by "trackers" command (pango)
4801: EDK: add more server info fields (html and guiprot) (zet)
4798: Fix thread recognition on *BSD
2006/01/15
4797: EDK: Always put server connect requests in connection queue,
whether max_opened_connections is reached or not
Connection will be established later when a socket is available
2006/01/14
4796: Windows: Log proper warning when MaxUserPort is reached (thx to Enig)
4795: Mailer: Fix Subject encoding (bogeyman)
4716: BT: new command "tracker" to add trackers (bogeyman)
2006/01/12
4792: GeoIP: Add license (distrib/GeoIP_LICENSE.txt, runinfo)
This product includes GeoLite data created by MaxMind,
available from http://maxmind.com/
4776: EDK: Avoid LowID if max_indirect_connections is reached (thx to zet)
4787: EDK: Show server version (ported from Mulus - thx to Knocker),
disconnect blocked server after loading IP blocklist
2006/01/11
4790: Some logging stuff
4781: Disconnect connected server before removing
4782: Configure: Replace AC_CHECK_FILE with "test -d" to allow cross-compile
2006/01/09
4770: Change file opening mechanism, open rw only when needed (pango)
new verbosity option "file" to control Unix32 file handling
4777: Display IP:port for LowID clients, GUI protocol update (zet)
2006/01/07
4769: HTML: Fix some Geoip display bugs
2006/01/06
4768: Dynamic loop delay (pango)
4765: Add GeoIP.dat support (zet)
GeoIP is a GPL database that maps IPs to countries.
http://www.maxmind.com/download/geoip/database/
This patch adds support for a "geoip_dat" option.
It is a simple ocaml translation of just the geoip country lookup code.
If active, the file is left open and consulted on demand.
It didn't seem to slow anything down on my slow system.
Sends the country # to the gui, use latest Sancho version to use it.
Web: displays country codes in a column (name in tooltip).
Maybe someone wants to add flag images (please make them optional).
"extract" script for extraction. Many cases where a custom EXTRACT_CMD
simply copied the distfile into the work directory are no longer
needed. The extract script also hides differences between pax and
tar behind a common command-line interface, so we no longer need code
that's conditional on whether EXTRACT_USING is tar or pax.
Avoid union shm on DragonFly, it conflicts with system provided version.
Hack around some namespace pollution in arpa/inet.h inherited from
FreeBSD which results in G_LOCK(inet_ptona) being partly mapped to
G_LOCK(__inet_ptona), but not consistently.
* Fixed a crash when using NTLM connections [316313, probably
also 318252]. (Also 321208, which was a bug introduced in
the original fix for 316313.)
* Fixed a bug that could cause soup to suck up all available
CPU when a connection to a SoupServer was dropped by the
other side [319305, patch from Jonathan Matthew]
* Fixed the creation of struct elements in XMLRPC messages
[321362, patch from Sebastian Bauer]
* Plugged a small memory leak in SoupSocket (from Wang Xin).
* Fixed two compile problems, a gccism [320349, patch from
Roland Illig], and a strict-aliasing warning from gcc 4.1.
* Correctly resolve nested symlinks without accessing
invalid memory
* Synch xdgmime with upstream to fix handling of the
mime cache
* Improve parsing of files which have names that match dates,
years or times of day.
* Correctly return GNOME_VFS_ERROR_CANCELLED if an
authentication was cancelled in the ftp, sftp and smb method
* Fix problem with multiple cd volumes
* Add logic for Win32 so we won't return crap like /x:/foo/bar.zap
and fix handling of file overwrites.
* Version 1.1:
- The non-preemptive mode should work flawlessly.
- Syslog facilities can now be changed.
- Self-sent packets are now filtered out.
- Portability has been improved.
Add ssl (default off) and tcpwrappers (default on) options.
Changes:
- Improve logging (log deletes, renames, chmods, etc. as requested by users).
- Add no_log_lock to work around Solaris / Veritas locking hangs.
- Add EPRT, EPSV, PASV and TVFS to FEAT response.
- Implement use of MDTM to set timestamps.
- Recognize FEAT prior to login.
- Add OpenSSL (AUTH TLS / SSL) support for encrypted control and data
connections! Hurrah.
- Increase max size of .message files to 4000 characters, thanks to Eric
Pancer for the report.
- Add easy builddefs.h ability to disable PAM builds even when PAM is installed.
- Report vsftpd version in STAT output.
- Add REFS file.
- Change parent<->child socket comms from DGRAM to STREAM for increased
reliability. The main benefit is should the parent be killed (or crash out)
then the child won't block on a read() that will never return.
- Make str_reserve reserve space for the trailing zero as well, so we don't
cause a reallocation if we exactly fill the buffer.
- Optimize the sending of strings over the parent<->child comms links.
- Improve the build system so tcp_wrappers, PAM and OpenSSL can be forcibly
compiled out.
- Fix vsftpd.conf.5 typos, thanks to Dmitry V. Levin
- If trans_chunk_size is between 1 and 4096, use 4096 rather than ignoring
totally. Thanks to Brad
- Lose Makefile.sun and README.solaris special cases.
- Add SSL / TLS info to SECURITY texts.
- Add README.ssl
- Add documentation for new SSL options to vsftpd.conf.5.
- Add support for CWD ~ (and in general support ~ at start of any filename).
Also support stuff like ~chris/pics, if tilde_user_enable=YES is set. Note that
all of this is for very very broken clients :-(
- Fix compile warnings.
- Update INSTALL with (recent) OS X as a working platform.
At this point: v2.0.0 released!
===============================
- Add -lcrypto for the SSL build; needed for some systems! Thanks to Nelson
Chang
- Oops; fix session bale out if an empty length password is given.
- Fix build on Fedora Core 2 (-lcap cannot seem to find /lib/libcap.so).
- Fix vsftpd.conf.5 man page error in "ssl_sslv3", thanks to Etienne Chevillard
- Clarify licensing: I allow linking of my GPL software with the OpenSSL
libraries. Thanks to Jonas Bofjall
- Add COPYRIGHT.
- Fix build on OpenBSD, FreeBSD, probably NetBSD too (they aren't SuSv2
compliant; timezone should be a variable not a function).
- Fix build where PAM build is enabled but PAM headers are missing.
- Fix build on RHEL3 (remove errant include from twoprocess.c).
At this point: v2.0.1 released!
===============================
- Fix FAQ typo, thanks to Jose Santiago Oyervides Gonzalez
- Emit data transfer status messages (success / failure) after flushing and
waiting for the full data transfer to reach the client. This should help work
around buggy FTP clients such as FlashFXP, which is known to truncate files
incorrectly.
(v2.0.2pre1)
- Make str_empty actually allocate an empty string.
- Change the ASCII receive code to ONLY rip out \r if it is just before a \n;
someone finally complained about this.
(v2.0.2pre2)
- Enable AIX Large File Support #define from Tomas gren
- Add a couple of FAQ entries.
- Fix time delta code areas to cope with negative deltas, which will occur
if the clock is adjusted backwards. Thanks to Andrew Anderson
for a great report.
- Fix "errno" checks to be robust in multiple places; previously, calls to
failing library calls could be made inbetween the original library call and
the "errno" reads. Thanks to Andrew Anderson for a great
report.
- Make bandwidth limiter work with SSL data connections.
(v2.0.2pre3)
- Note that the SSL / bandwidth limiter bug fixed a much more serious bug:
SSL data connection dropouts after data_connection_timeout seconds.
- Typo fixes.
At this point: v2.0.2 released! (need to get the SSL dropout fix out)
=====================================================================
- Document what regex expressions are supported in the man page.
- New settings rsa_private_key_file and dsa_private_key_file to allow
separate files for the certificates and private keys.
- Initial, simple fix for timed out processes not exiting when SSL is in use.
Better fix (which reports timeout to client properly) to follow.
- Add which setsockopt option failed to die("setsockopt") calls.
- Fix when running on recent OpenBSDs - OpenBSD change broke vsftpd. Lower
linger timeout from INT_MAX to 32767 (SHORT_MAX). Reported by
Ewoud van der Vliet and Ed Vazquez (v2.0.3pre1)
- Fix error with IPv4 connections to IPv6 listeners and PORT type data
connections when connect_from_port_20 is set. RedHat bugzilla 134541. Reported
by Joe Orton, Radek Vokal and Andreas Kupfer
- Remove vsf_sysutil_sockaddr_same_family (unused).
- Support protocol 1 (IPv4) in EPRT.
- Add ssl.c to AUDIT.
- Allow config file to use "ssl_ciphers=" to use default OpenSSL cipher list.
- Allow "EPSV 1" to mean IPv4 EPSV.
- Report dummy IP but correct port with IPv6 / PASV.
- Handle SSL_WANT_READ and SSL_WANT_WRITE retries in SSL_read and SSL_write;
fixes SSL upload failures when data timeouts are in use with some clients.
Specifically, I used the test case FileZilla 2.2.12a on Windows XP. Reported
by Lee Lawrence (using CuteFTP and BackupEdge) and
Christian DELAIR (using lftp, FileZilla and
SmartFTP). Thanks to these two people for valuable help.
(v2.0.3pre2)
- Implicitly disable connect_from_port_20 and chown_uploads when a non-root
user is using run_as_launching_user.
- Add force_anon_logins_ssl and force_anon_data_ssl for a fully SSL secure
anonymous-only solution (useful when you don't have root access and a range
of acceptable anonymous passwords as credentials).
- Use SSL BIO callbacks to fix data connection timeout checks; the checks
weren't all occurring promply.
At this point: v2.0.3 released! (need to get about three imporant fixes out)
============================================================================
- Add explicit "This FTP server does not allow anonymous logins" message.
- Add paranoid checks to sysutil.c for large values / lengths.
- Fix incorrect comment about ASCII and SIZE in the vsftpd.conf example.
- Load per-IP config files earlier; allows more settings to be tuned on a
per-IP level. Suggested by Reber Tobias
- Fix MDTM on non-existant files. Reported by Ken A
- {} regex fix so that {*} correctly matches everything. Reported by
Tom Van de Wiele
- Add "mdtm_write" option to disable MDTM being able to set file timestamps.
- Fix HPUX build, thanks to Kevin Vajk
- Add optional file locking support via lock_upload_files (default on).
- Apply LDFLAGS patch from Mads Martin Joergensen
- Add pasv_addr_resolve option to allow pasv_address to get DNS resolved once
at startup.
- Apply patch to fix timezone issues (caused by chroot() interacting badly with
newer glibc versions). Thanks to Dmitry V. Levin and
Mads Martin Joergensen
At this point: v2.0.4 released!
===============================
