mate-user-share is a small package that binds together various free
software projects to bring easy to use user-level file sharing to the
masses.
The program is meant to run in the background when the user is logged
in, and when file sharing is enabled a webdav server is started that
shares the $HOME/Public folder. The share is then published to all
computers on the local network using mDNS/rendezvous, so that it shows
up in the Network location in Gnome.
The dav server used is apache, so you need that installed. Avahi or
Howl is used for mDNS support, so you need to have that installed and
mDNSResolver running.
for all pkgsrc dir/file ownership rules. Fixes unprivileged
user/group names from leaking into binary packages, manifest as
non-fatal chown/chgrp failure messages at pkg_add time.
Bump respective packages' PKGREVISION.
ChangeLog:
- BUG/MINOR: log: Don't use strftime() which can clobber timezone if chrooted
- BUILD: namespaces: fix a potential build warning in namespaces.c
- DOC: add encoding to json converter example
- BUG/MINOR: conf: "listener id" expects integer, but its not checked
- DOC: Clarify tunes.vars.xxx-max-size settings
- BUG/MEDIUM: peers: fix incorrect age in frequency counters
- BUG/MEDIUM: Fix RFC5077 resumption when more than TLS_TICKETS_NO are present
- BUG/MAJOR: Fix crash in http_get_fhdr with exactly MAX_HDR_HISTORY headers
- BUG/MINOR: lua: can't load external libraries
- DOC: "addr" parameter applies to both health and agent checks
- DOC: timeout client: pointers to timeout http-request
- DOC: typo on stick-store response
- DOC: stick-table: amend paragraph blaming the loss of table upon reload
- DOC: typo: ACL subdir match
- DOC: typo: maxconn paragraph is wrong due to a wrong buffer size
- DOC: regsub: parser limitation about the inability to use closing square brackets
- DOC: typo: req.uri is now replaced by capture.req.uri
- DOC: name set-gpt0 mismatch with the expected keyword
- BUG/MEDIUM: stick-tables: some sample-fetch doesn't work in the connection state.
- DOC: fix "needed" typo
- BUG/MINOR: dns: inapropriate way out after a resolution timeout
- BUG/MINOR: dns: trigger a DNS query type change on resolution timeout
- BUG/MINOR : allow to log cookie for tarpit and denied request
- OPTIM/MINOR: session: abort if possible before connecting to the backend
- BUG/MEDIUM: trace.c: rdtsc() is defined in two files
- BUG/MEDIUM: channel: fix miscalculation of available buffer space (2nd try)
- BUG/MINOR: cfgparse: couple of small memory leaks.
- BUG/MEDIUM: sample: initialize the pointer before parse_binary call.
- DOC: fix discrepancy in the example for http-request redirect
- DOC: Clarify IPv4 address / mask notation rules
- CLEANUP: fix inconsistency between fd->iocb, proto->accept and accept()
- BUG/MEDIUM: fix maxaccept computation on per-process listeners
- BUG/MINOR: listener: stop unbound listeners on startup
- BUG/MINOR: fix maxaccept computation according to the frontend process range
- MEDIUM: unblock signals on startup.
- BUG/MEDIUM: channel: don't allow to overwrite the reserve until connected
- BUG/MEDIUM: channel: incorrect polling condition may delay event delivery
- BUG/MEDIUM: channel: fix miscalculation of available buffer space (3rd try)
- BUG/MEDIUM: log: fix risk of segfault when logging HTTP fields in TCP mode
- BUG/MEDIUM: lua: protects the upper boundary of the argument list for converters/fetches.
- BUG/MINOR: log: fix a typo that would cause %HP to log <BADREQ>
- MINOR: channel: add new function channel_congested()
- BUG/MEDIUM: http: fix risk of CPU spikes with pipelined requests from dead client
- BUG/MAJOR: channel: fix miscalculation of available buffer space (4th try)
- BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly cleared
- BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1 transfers
- BUG/MEDIUM: stats: show servers state may show an empty or incomplete result
- BUG/MEDIUM: stats: show backend may show an empty or incomplete result
- MINOR: stats: fix typo in help messages
- MINOR: stats: show stat resolvers missing in the help message
- BUG/MINOR: dns: fix DNS header definition
- BUG/MEDIUM: dns: fix alignment issue when building DNS queries
- CLEANUP/MINOR: stats: fix accidental addition of member "env" in the applet ctx
While here, update HOMEPAGE to better one.
Changes since OpenNTPD 5.7p4
============================
* When a single "constraint" is specified, try all returned addresses
until one succeeds, rather than the first returned address.
* Relaxed the constraint error margin to be proportional to the number
of NTP peers, avoid constant reconnections when there is a bad NTP
peer.
* Removed disabled hotplug sensor support.
* Added support for detecting crashes in constraint subprocesses.
* Moved the execution of constraints from the ntp process to the
parent process, allowing for better privilege separation since the
ntp process can be further restricted.
* Added pledge(2) support.
* Updated to require LibreSSL 2.3.2 or greater.
* Fixed high CPU usage when the network is down.
* Fixed various memory leaks.
* Switched to RMS for jitter calculations.
* Unified logging functions with other OpenBSD base programs.
OpenNTPD portable-specific changes:
* Added support for syncing time with the Realtime Clock (RTC) on OSes
that require it.
* CFLAGS is no longer overridden by the build system.
* FreeBSD RTABLE support is disabled
* FreeBSD is no longer linked with -lmd to avoid hash function
collisions, causing failures in constraint certificate loading.
* Fixed crashes due to __progname being used before initialized.
* Added Solaris 10 compatibility.
* Added --disable-https-constraint build option for explicitly
disabling constraint support.
* Synced build system files with LibreSSL
Note that HTTPS TLS constraints are currently disabled in pkgsrc pending
evaluation of how best to deal with libressl.
This is a security release to fix three vulnerabilities all related
to the possibility of the automatic upgrade response being intercepted
by a man-in-the-middle. In one case, a downgrade could be enforced
by the attacker; in another, a denial of service could be created
by serving a malformed package archive; in the third, an XSS attack
could be performed against the local web UI. These were all reported
by Sebastian Py.
- lib/upgrade: Enforce limits on download archives (fixes#3045) (calmh)
- lib/upgrade: Auto upgrade signature should cover version & arch (fixes#3044) (calmh)
- gui: Backport angular and angular-translate updates from master (calmh)
* pidfile directory is now created correctly at startup.
* bootp "leases" are now stored so dhcpcd can dump them.
* ARP state is keep open so we can detect duplicates
(currently this is only logged, no action is taken).
* --lastleastextend allows dhcpcd to extend a DHCP lease once
it has expired. The lease is dropped if any other node
claims the address.
* Delegated Prefix reject routes will be correctly bound to the
loopback interface. If a delegated address uses the whole prefix,
then the reject route is removed. If this address is removed, the
reject route is restored.
* dhcp code has been reworked around a classic BOOTP structure
instead of a fixed size DHCP structure based on a max MTU of 1500.
Each reference to it also has a size so we know it's length.
Adding an option to a message is now guarded via easy macros.
Option concatenation buffer is no longer a fixed size.
* many more changes so that dhcpcd passes all current Coverity tests.
This release fixes some regressions introduced by the last security fixes.
Please see bug https://bugzilla.samba.org/show_bug.cgi?id=11849 for a list of
bugs addressing these regressions and more information.
Changes since 4.3.8:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 11742: lib: tevent: Fix memory leak when old signal action restored.
* BUG 11771: lib: tevent: Fix memory leak when old signal action restored.
* BUG 11822: s3: libsmb: Fix error where short name length was read as 2
bytes, should be 1.
o Andrew Bartlett <abartlet@samba.org>
* BUG 11780: smbd: Only check dev/inode in open_directory, not the full
stat().
* BUG 11789: pydsdb: Fix returning of ldb.MessageElement.
o Berend De Schouwer <berend.de.schouwer@gmail.com>
* BUG 11643: docs: Add example for domain logins to smbspool man page.
o Günther Deschner <gd@samba.org>
* BUG 11789: libsmb/pysmb: Add pytalloc-util dependency to fix the build.
o Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
* BUG 8093: access based share enum: Handle permission set in configuration
files.
o Volker Lendecke <vl@samba.org>
* BUG 11816: nwrap: Fix the build on Solaris.
* BUG 11827: vfs_catia: Fix memleak.
* BUG 11878: smbd: Avoid large reads beyond EOF.
o Stefan Metzmacher <metze@samba.org>
* BUG 11622: libcli/smb: Make sure we have a body size of 0x31 before
dereferencing an ioctl response.
* BUG 11623: libcli/smb: Fix BUFFER_OVERFLOW handling in tstream_smbXcli_np.
* BUG 11755: s3:libads: Setup the msDS-SupportedEncryptionTypes attribute on
ldap_add.
* BUG 11771: tevent: Version 0.9.28. Fix memory leak when old signal action
restored.
* BUG 11782: s3:winbindd: Don't include two '\0' at the end of the domain
list.
* BUG 11789: s3:wscript: pylibsmb depends on pycredentials.
* BUG 11841: Fix NT_STATUS_ACCESS_DENIED when accessing Windows public share.
* BUG 11847: Only validate MIC if "map to guest" is not being used.
* BUG 11849: auth/ntlmssp: Add ntlmssp_{client,server}:force_old_spnego
option for testing.
* BUG 11850: NetAPP SMB servers don't negotiate NTLMSSP_SIGN.
* BUG 11858: Allow anonymous smb connections.
* BUG 11870: Fix ads_sasl_spnego_gensec_bind(KRB5).
* BUG 11872: Fix 'wbinfo -u' and 'net ads search'.
o Noel Power <noel.power@suse.com>
* BUG 11738: libcli: Fix debug message, print sid string for new_ace trustee.
o Garming Sam <garming@catalyst.net.nz>
* BUG 11789: build: Mark explicit dependencies on pytalloc-util.
o Partha Sarathi <partha@exablox.com>
* BUG 11819: Fix the smb2_setinfo to handle FS info types and FSQUOTA
infolevel.
o Jorge Schrauwen <sjorge@blackdot.be>
* BUG 11816: configure: Don't check for inotify on illumos.
o Uri Simchoni <uri@samba.org>
* BUG 11691: winbindd: Return trust parameters when listing trusts.
* BUG 11753: smbd: Ignore SVHDX create context.
* BUG 11763: passdb: Add linefeed to debug message.
* BUG 11788: build: Fix disk-free quota support on Solaris 10.
* BUG 11798: build: Fix build when '--without-quota' specified.
* BUG 11806: vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
is set.
* BUG 11852: libads: Record session expiry for spnego sasl binds.
o Hemanth Thummala <hemanth.thummala@nutanix.com>
* BUG 11740: Real memory leak(buildup) issue in loadparm.
* BUG 11840: Mask general purpose signals for notifyd.
git repository to make package compile with ocaml 4.0.3.
Changes include:
* Cryptography: adding basic support for public key cryptography
(provided by GnuTLS)
* Authentication: the module types for SASL and HTTP authentication
have been changed to a stateless style. Added an experimental
SCRAM module for HTTP.
* Nethttp_client: Supporting Digest authentication with
SHA-256 as hash algorithm. Supporting Basic authentication
with "charset" parameter.
* XDR/RPC: supporting that direct mappings can be disabled
when this is disadvantegous. For now, this is done for
internal RPC services, because direct mappings do not
copy values, which would be very surprising here.
* Netplex: adding support for so-called internal services.
This is a fast and type-safe way of exchanging messages
between netplex containers.
* ALL MODULES: Transitioning to the new "bytes" type for
mutable strings while using "string" only for immutable
strings. If compiled with OCaml-4.02 or newer, Ocamlnet
is built with the -safe-string compiler option.
* Netplex_sharedvar: implementing a new protocol that uses shared
memory for announcing variable updates. Also, almost all functions
can now be called from controller context.
* Netsys_global: new module, for keeping a dictionary of global
strings. The dictionary is connected with Netplex_sharedvar, so
that the strings can be updated across process boundaries if used
with Netplex.
* Netsys_polysocket: adding this module
* Netsys_polypipe: adding this module
* Netasn1_encoder: new module for encding ASN.1 messages
* Netnumber: on 64 bit platforms, the functions lt_uint4 and
lt_uint8 were wrong. Fixed now.
Note: ABI issue
Changes in libsoup from 2.54.0.1 to 2.54.1:
* *** IMPORTANT ***
Fixed an ABI break in 2.54.0 caused by adding a member to
SoupAuthClass; 2.54.1 is ABI-compatible with 2.53.92 and
earlier, but NOT with the anomalous 2.54.0. If you built
packages against 2.54.0, you will need to rebuild them
against 2.54.1.
* Fixed NTLM authentication when ntlm_auth from the latest
version of Samba is present. [#765106, Milan Crha]
* Updates to MSVC build, including for GSS-API support
[Chun-wei Fan]
* Updated translations:
Friulian
PKG_OPTIONS change:
* Remove rrl which is always enabled.
* Add fetchlimit, geoip, pkcs11, sit and tuning.
Security Fixes
* Duplicate EDNS COOKIE options in a response could trigger an
assertion failure. This flaw is disclosed in CVE-2016-2088. [RT
#41809]
* The resolver could abort with an assertion failure due to improper
DNAME handling when parsing fetch reply messages. This flaw is
disclosed in CVE-2016-1286. [RT #41753]
* Malformed control messages can trigger assertions in named and
rndc. This flaw is disclosed in CVE-2016-1285. [RT #41666]
* Certain errors that could be encountered when printing out or
logging an OPT record containing a CLIENT-SUBNET option could be
mishandled, resulting in an assertion failure. This flaw is
disclosed in CVE-2015-8705. [RT #41397]
* Specific APL data could trigger an INSIST. This flaw is disclosed
in CVE-2015-8704. [RT #41396]
* Incorrect reference counting could result in an INSIST failure if a
socket error occurred while performing a lookup. This flaw is
disclosed in CVE-2015-8461. [RT#40945]
* Insufficient testing when parsing a message allowed records with an
incorrect class to be be accepted, triggering a REQUIRE failure
when those records were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #40987]
New Features
* The following resource record types have been implemented: AVC,
CSYNC, NINFO, RKEY, SINK, SMIMEA, TA, TALINK.
* Added a warning for a common misconfiguration involving forwarded
RFC 1918 and IPv6 ULA (Universal Local Address) zones.
* Contributed software from Nominum is included in the source at
contrib/dnsperf-2.1.0.0-1/. It includes dnsperf for measuring the
performance of authoritative DNS servers, resperf for testing the
resolution performance of a caching DNS server, resperf-report for
generating a resperf report in HTML with gnuplot graphs, and
queryparse to extract DNS queries from pcap capture files. This
software is not installed by default with BIND.
* When loading a signed zone, named will now check whether an RRSIG's
inception time is in the future, and if so, it will regenerate the
RRSIG immediately. This helps when a system's clock needs to be
reset backwards.
Feature Changes
* Updated the compiled-in addresses for H.ROOT-SERVERS.NET and
L.ROOT-SERVERS.NET.
* The default preferred glue is now the address type of the transport
the query was received over.
* On machines with 2 or more processors (CPU), the default value for
the number of UDP listeners has been changed to the number of
detected processors minus one.
* Zone transfers now use smaller message sizes to improve message
compression. This results in reduced network usage.
* named -V output now also includes operating system details.
Porting Changes
* The Microsoft Windows install tool BINDInstall.exe which requires a
non-free version of Visual Studio to be built, now uses two files
(lists of flags and files) created by the Configure perl script
with all the needed information which were previously compiled in
the binary. Read win32utils/build.txt for more details. [RT #38915]
Bug Fixes
* rndc flushtree now works even if there wasn't a cached node at the
specified name. [RT #41846]
* Don't emit records with zero TTL unless the records were received
with a zero TTL. After being returned to waiting clients, the
answer will be discarded from the cache. [RT #41687]
* For Windows platforms, the SIT (Source Identity Token) support was
restored. (It was mistakenly partially replaced in a previous beta
with new 9.11 COOKIE support.) [RT #41905]
* When deleting records from a zone database, interior nodes could be
left empty but not deleted, damaging search performance afterward.
[RT #40997] [RT #41941]
* The server could crash due to a use-after-free if a zone transfer
timed out. [RT #41297]
* Authoritative servers that were marked as bogus (e.g. blackholed in
configuration or with invalid addresses) were being queried anyway.
[RT #41321]
* Some of the options for GeoIP ACLs, including "areacode",
"metrocode", and "timezone", were incorrectly documented as "area",
"metro" and "tz". Both the long and abbreviated versions are now
accepted.
* Zones configured to use map format master files can't be used as
policy zones because RPZ summary data isn't compiled when such
zones are mapped into memory. This limitation may be fixed in a
future release, but in the meantime it has been documented, and
attempting to use such zones in response-policy statements is now a
configuration error. [RT #38321]
All Security Fixes should be fixed by 9.9.8-P4.
Security Fixes
* The resolver could abort with an assertion failure due to improper
DNAME handling when parsing fetch reply messages. This flaw is
disclosed in CVE-2016-1286. [RT #41753]
* Malformed control messages can trigger assertions in named and
rndc. This flaw is disclosed in CVE-2016-1285. [RT #41666]
* Specific APL data could trigger an INSIST. This flaw is disclosed
in CVE-2015-8704. [RT #41396]
* Incorrect reference counting could result in an INSIST failure if a
socket error occurred while performing a lookup. This flaw is
disclosed in CVE-2015-8461. [RT#40945]
* Insufficient testing when parsing a message allowed records with an
incorrect class to be be accepted, triggering a REQUIRE failure
when those records were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #40987]
New Features
* The following resource record types have been implemented: AVC,
CSYNC, NINFO, RKEY, SINK, SMIMEA, TA, TALINK.
* Added a warning for a common misconfiguration involving forwarded
RFC 1918 and IPv6 ULA (Universal Local Address) zones.
* Contributed software from Nominum is included in the source at
contrib/dnsperf-2.1.0.0-1/. It includes dnsperf for measuring the
performance of authoritative DNS servers, resperf for testing the
resolution performance of a caching DNS server, resperf-report for
generating a resperf report in HTML with gnuplot graphs, and
queryparse to extract DNS queries from pcap capture files. This
software is not installed by default with BIND.
* When loading a signed zone, named will now check whether an RRSIG's
inception time is in the future, and if so, it will regenerate the
RRSIG immediately. This helps when a system's clock needs to be
reset backwards.
Feature Changes
* Updated the compiled-in addresses for H.ROOT-SERVERS.NET and
L.ROOT-SERVERS.NET.
* The default preferred glue is now the address type of the transport
the query was received over.
* On machines with 2 or more processors (CPU), the default value for
the number of UDP listeners has been changed to the number of
detected processors minus one.
* Zone transfers now use smaller message sizes to improve message
compression. This results in reduced network usage.
* named -V output now also includes operating system details.
Porting Changes
* The Microsoft Windows install tool BINDInstall.exe which requires a
non-free version of Visual Studio to be built, now uses two files
(lists of flags and files) created by the Configure perl script
with all the needed information which were previously compiled in
the binary. Read win32utils/build.txt for more details. [RT #38915]
Bug Fixes
* rndc flushtree now works even if there wasn't a cached node at the
specified name. [RT #41846]
* Don't emit records with zero TTL unless the records were received
with a zero TTL. After being returned to waiting clients, the
answer will be discarded from the cache. [RT #41687]
* When deleting records from a zone database, interior nodes could be
left empty but not deleted, damaging search performance afterward.
[RT #40997] [RT #41941]
* The server could crash due to a use-after-free if a zone transfer
timed out. [RT #41297]
* Authoritative servers that were marked as bogus (e.g. blackholed in
configuration or with invalid addresses) were being queried anyway.
[RT #41321]
the version we have doesn't include the teeny version number.
Possibly we should arrange to pass that in and require it exactly; I'm
not sure exactly what the compatibility semantics of version numbers
are supposed to be in tcl-land; but it's definitely wrong the way it
has been.
Fixes PR 50244 wherein tkined fails to run.
libasr is a FREE asynchronous DNS resolver.
libasr runs on top of the OpenBSD operating system but also has a portable
version that can build and run on several systems, including:
* Linux
* FreeBSD
* NetBSD
* DragonFly
* MacOSX
3.17.0 (2016-04-21)
- *nix: Removed a label on the filter dialog that doesn't apply to *nix builds
- Fix compilation if Nettle is installed in a custom location
- Fix potential issues with destruction order when closing FileZilla
3.17.0-rc1 (2016-04-15)
+ Recursivly queuing local files for upload now displays the progress below the local file list
+ MSW: Use dynamic TCP send buffer sizes to improve upload speeds on high-latency connections
+ SFTP: Use hardware-accelerated AES on x86_64 CPUs if available by using the AES implementation from Nettle instead of PuTTY
+ Building FileZilla now depends on the Nettle library, version 3.1 or later
+ Building FileZilla now depends on libfilezilla >= 0.5.0 (https://lib.filezilla-project.org/).
- MSW: The installer now warns if it detects old versions of FileZilla outside of the installation directory
- Improve compatibility with directory listings where midnight is represented as 24:00:00 of the prior day
- SFTP: Failed downloads due to write failures, e.g. due to a full disk, no longer show up as successful
- SFTP: Fix transfer failures if multiple transfers try to list the same directory
- SFTP: Updated PuTTY components
- FTP over TLS: Debug logs now contain additional information about the TLS handshake
3.16.1 (2016-03-16)
! MSW: Updated installer to NSIS 3.0b3 to prevent DLL hijacking
- MSW: Fix string conversion functions of MinGW runtime libraries
- Updated PuTTY components
- Updated translations
- Official binaries now link against GnuTLS 3.4.10
- Official binaries now link against SQLite 3.11.1
3.16.0 (2016-02-29)
- Small fix for remembering queue completion actions
3.16.0-rc1 (2016-02-21)
+ Make notification bubble on queue completion configurable though the queue's context menu
+ Selected queue completion action is now remembered, excluding the system shutdown/sleep actions.
+ Added new servertype to the Site Manager for servers using MS-DOS style paths with forward slashes as separators
+ Building FileZilla now depends on libfilezilla >= 0.4.0 (https://lib.filezilla-project.org/).
- Fixes for network configuration wizard leading to incorrect test result
- MSW: Installer now removes leftover files from improperly uninstalled previous versions
3.15.0.2 (2016-02-10)
- MSW: Binaries are now also signed using a SHA256 signature and certificate.
- OS X: Move location of COPYING file containing the GPL to a different location in the bundle. On some systems OS X cannot verify the bundle with the file at the old location
- Restore focused item if changing directory listing sort order
- Fix restoring the column widths of the failed transfers tab in the queue when starting FileZilla
- MSW: Double-clicking a divider between a list header in the queue now adjust the sizes in the other tabs just as dragging the width would
3.15.0.1 (2016-02-02)
- Fix for search dialog not displaying the results from the last visited directory of a search
3.15.0 (2016-01-30)
+ MSW: Display notification bubble if FileZilla isn't in the forgeground and all active transfers have finished.
3.15.0-rc1 (2016-01-23)
- Fix regression from 3.16.0-beta1 where extra data being appended to some downloaded files
- Fix setting initial pane sizes when creating new tabs
- OS X: Fix display of issuer and subject details in certificate verification dialog
- Updated SFTP components from PuTTY
- Official binaries now link against GnuTLS 3.4.8
- Official binaries now link against SQLite 3.10.2
3.15.0-beta1 (2016-01-13)
+ Building FileZilla now depends on libfilezilla 0.3.0 (https://lib.filezilla-project.org/).
+ Added support for downloading and deleting multiple unrelated directories from the search dialog
+ *nix: Vastly speed up line-ending conversion when downloading files using the ASCII data type
+ Improved compatibility with broken servers omitting the mandatory 1yz reply to transfer commands
- Fix handling of SFTP keyfiles with non-ASCII characters in their paths
- Add missing directory comparison checkbox to new bookmark dialog
- MSW: Installer now sets appid on desktop icon
- Updated built-in pugixml
3.14.1 (2015-10-16)
+ For third-party builds, add configure flag to allow using system ciphers for FTP over TLS. Display a warning if an insecure cipher is negotiated as result of using system ciphers.
- Fixed loading of the directory comparison flag for bookmakrs in the Site Manager
- Changing the interface layout and icon theme no longer results in an inconsistent UI state
- Some SFTP servers send additional information on errors. This information is now shown in the message log
- If the local file cannot be opened on SFTP transfers FileZilla no longer automatically retries
- Updated SFTP components from PuTTY
3.14.0 (2015-09-16)
- When connecting using SFTP, show an error message instead of silently failing when encountering an insecure cipher
3.14.0-rc2 (2015-09-09)
- Removing selected queue items is now faster
- Reduced memory usage of queue
- When connecting to hostnames with multiple IPs, reset timeout if trying the next address
3.14.0-rc1 (2015-09-04)
+ Add support for password-protected SSH private keys
+ SSH private keys not in PuTTY's native format no longer need to be converted if they aren't password-protected
+ When using synchronized browsing, changing to a directory that does not exist on both sides now asks whether the missing directory should be created
- SSH1 support for SFTP has been disabled
3.13.1 (2015-08-24)
- Fix SFTP component crashing on some combinations of encryption and key exchange algorithm
- Fixed Ctrl+Shift+I shortcut to toggle filters
- OS X: Fixed Ctrl+, shortcut to open settings dialog
- Optimizations to reduce memory footprint
- Build system fixes
3.13.0 (2015-08-15)
+ Display home directory instead of root directory if the last used directory does not exist
+ Larger initial size of main window if there is no stored size
+ Slightly increased size of page selection box in settings dialog
- Fix assertion in directory listing parser
- Fix drag&drop of remote files which broke in 3.13.0-rc1
3.13.0-rc2 (2015-08-10)
- Updated SFTP components from PuTTY
- Official binaries now link against GnuTLS 3.4.4
- Official binaries now link against SQLite 3.8.11.1
3.13.0-rc1 (2015-08-05)
+ For SFTP servers the private key file to use can now be specified in the Site Manager
+ The contents of each queue tab can now be exported through the context menu
+ MSW: The installer now registers the App Path so that FileZilla is recognized in the Win+R dialog
+ FileZilla now uses pugixml instead of TinyXML to parse and create XML files
+ Several performance improvements
+ Code cleanup and modernization, building FileZilla now requires a C++14 compiler
- Fixed an assert loading sitemanager.xml created by an old version
- If password saving is disabled, specifying a password on the command-line no longer leads to extraneous password prompts when transferring files
- If deleting remote directories via the directory tree, navigate out of the directory tree that is to be deleted
3.12.0.2 (2015-07-09)
- Fix regression on servers that have MLSD facts disabled by default
3.12.0.1 (2015-07-09)
- Fix detection of UTF-8 support
- Fix location of file list status bar, it was shifted by one pixel
libfilezilla is a free, open source C++ library, offering some basic
functionality to build high-performing, platform-independent programs.
Some of the highlights include:
* A typesafe, multi-threaded event system that's very simple to use
yet extremely efficient
* Timers for periodic events
* A datetime class that not only tracks timestamp but also their
accuracy, which simplifies dealing with timestamps originating from
different sources
* Simple process handling for spawning child processes with redirected
I/O
Upstream changes:
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn.
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks. HStenn.
* [Sec 2978] Interleave can be partially triggered. HStenn.
* [Sec 3007] Validate crypto-NAKs. Danny Mayer.
* [Sec 3008] Always check the return value of ctl_getitem().
- initial work by HStenn
- Additional cleanup of ctl_getitem by perlinger@ntp.org
* [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
- added more stringent checks on packet content
* [Sec 3010] remote configuration trustedkey/requestkey values
are not properly validated. perlinger@ntp.org
- sidekick: Ignore keys that have an unsupported MAC algorithm
but are otherwise well-formed
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
- graciously accept the same IP multiple times. perlinger@ntp.org
* [Sec 3020] Refclock impersonation. HStenn.
* [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
- fixed yet another race condition in the threaded resolver code.
* [Bug 2858] bool support. Use stdbool.h when available. HStenn.
* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
- integrated patches by Loganaden Velvidron <logan@ntp.org>
with some modifications & unit tests
* [Bug 2952] Symmetric active/passive mode is broken. HStenn.
* [Bug 2960] async name resolution fixes for chroot() environments.
Reinhard Max.
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
* [Bug 2995] Fixes to compile on Windows
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
- Patch provided by Ch. Weisgerber
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
- A change related to [Bug 2853] forbids trailing white space in
remote config commands. perlinger@ntp.org
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
- report and patch from Aleksandr Kostikov.
- Overhaul of Windows IO completion port handling. perlinger@ntp.org
* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
- fixed memory leak in access list (auth[read]keys.c)
- refactored handling of key access lists (auth[read]keys.c)
- reduced number of error branches (authreadkeys.c)
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
when the time of server changed. perlinger@ntp.org
- Check the initial delay calculation and reject/unpeer the broadcast
server if the delay exceeds 50ms. Retry again after the next
broadcast packet.
* [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
* Update html/xleave.html documentation. Harlan Stenn.
* Update ntp.conf documentation. Harlan Stenn.
* Fix some Credit: attributions in the NEWS file. Harlan Stenn.
* Fix typo in html/monopt.html. Harlan Stenn.
* Add README.pullrequests. Harlan Stenn.
* Cleanup to include/ntp.h. Harlan Stenn.
---
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
- applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger@ntp.org
- Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
- added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
- integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose. Harlan Stenn.
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.
