Add an "inet6" option for enabling IPv6 support.
Add a "ban" option for enabling mod_ban.
Make the "wrap" option compile all binaries successfully.
Fix generating language catalog with older versions of msgfmt.
configuration files and binaries in a number of cases. This should hopefully
fix them all. Without this patch they look in /etc only and fail to start
if the file is not present.
Based on PR 40241 by Taylor R Campbell.
While here, add DESTDIR support.
Changes in version 0.2.0.32 - 2008-11-20
o Security fixes:
- The "User" and "Group" config options did not clear the
supplementary group entries for the Tor process. The "User" option
is now more robust, and we now set the groups to the specified
user's primary group. The "Group" option is now ignored. For more
detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
- The "ClientDNSRejectInternalAddresses" config option wasn't being
consistently obeyed: if an exit relay refuses a stream because its
exit policy doesn't allow it, we would remember what IP address
the relay said the destination address resolves to, even if it's
an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
o Major bugfixes:
- Fix a DOS opportunity during the voting signature collection process
at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x.
o Major bugfixes (hidden services):
- When fetching v0 and v2 rendezvous service descriptors in parallel,
we were failing the whole hidden service request when the v0
descriptor fetch fails, even if the v2 fetch is still pending and
might succeed. Similarly, if the last v2 fetch fails, we were
failing the whole hidden service request even if a v0 fetch is
still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha.
- When extending a circuit to a hidden service directory to upload a
rendezvous descriptor using a BEGIN_DIR cell, almost 1/6 of all
requests failed, because the router descriptor has not been
downloaded yet. In these cases, do not attempt to upload the
rendezvous descriptor, but wait until the router descriptor is
downloaded and retry. Likewise, do not attempt to fetch a rendezvous
descriptor from a hidden service directory for which the router
descriptor has not yet been downloaded. Fixes bug 767. Bugfix
on 0.2.0.10-alpha.
o Minor bugfixes:
- Fix several infrequent memory leaks spotted by Coverity.
- When testing for libevent functions, set the LDFLAGS variable
correctly. Found by Riastradh.
- Avoid a bug where the FastFirstHopPK 0 option would keep Tor from
bootstrapping with tunneled directory connections. Bugfix on
0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam.
- When asked to connect to A.B.exit:80, if we don't know the IP for A
and we know that server B rejects most-but-not all connections to
port 80, we would previously reject the connection. Now, we assume
the user knows what they were asking for. Fixes bug 752. Bugfix
on 0.0.9rc5. Diagnosed by BarkerJr.
- If we overrun our per-second write limits a little, count this as
having used up our write allocation for the second, and choke
outgoing directory writes. Previously, we had only counted this when
we had met our limits precisely. Fixes bug 824. Patch from by rovv.
Bugfix on 0.2.0.x (??).
- Remove the old v2 directory authority 'lefkada' from the default
list. It has been gone for many months.
- Stop doing unaligned memory access that generated bus errors on
sparc64. Bugfix on 0.2.0.10-alpha. Fixes bug 862.
- Make USR2 log-level switch take effect immediately. Bugfix on
0.1.2.8-beta.
o Minor bugfixes (controller):
- Make DNS resolved events into "CLOSED", not "FAILED". Bugfix on
0.1.2.5-alpha. Fix by Robert Hogan. Resolves bug 807.
GNOME VFS provides an abstraction layer of the file system; applications
use this layer to access many different protocols and simulate that they
are part of the local file system.
This package provides the dns-sd module for GNOME VFS, which allows it to
discover sftp, webdav, and ftp services advertised with multicast DNS.
then majorly reworked by myself. You can blame us both now ;)
Avahi is an Implementation the DNS Service Discovery and Multicast DNS
specifications for Zeroconf Computing. It uses D-BUS for communication
between user applications and a system daemon. The daemon is used to
coordinate application efforts in caching replies, necessary to minimize
the traffic imposed on networks.
This should fix PR#39952
MAKE_JOBS_SAFE=no
05 December 2008 - Version 2.1.3 has been released.
The focus of this release is stability.
Feature Improvements
* Allow running with user=radiusd and binding to secure sockets.
* Start sending Status-Server "are you alive" messages earlier, which helps with proxying multiple realms to a home server.
* Removed thread pool code from rlm_perl. It's not necessary.
* Added example Perl configuration to raddb/modules/perl
* Force OpenSSL to support certificates with SHA256. This seems to be necessary for WiMAX certs.
Bug Fixes
* Fix Debian patch to allow it to build.
* Fix potential NULL dereference in debugging mode on certain platforms for TTLS and PEAP inner tunnels.
* Fix uninitialized memory in handling of vendor definitions
* Fix parsing of quoted (but non-string) attributes in the users< file.
* Initialize unknown NAS IP to 255.255.255.255, rather than 0.0.0.0
* use SUN_LEN in control socket, to avoid truncation on some platforms.
* Correct internal handling of debug condition to prevent it from being over-written.
* Check return code of regcomp in unlang, so that invalid regular expressions are caught rather than mishandled.
* Make rlm_sql use <ltdl.h>. Addresses bug #610.
* Document list "type = status" better. Closes bug #580.
* Set "default days" for certificates, because OpenSSL won't do it. This closes bug #615.
* Reference correct list in example raddb/modules/ldap. Closes#596.
* Increase default schema size for Acct-Session-Id to 64. Closes#540.
* Fix use of temporary files in dialup-admin. Closes#605 and addresses CVE-2008-4474.
* Addressed a number of minor issues found by Coverity.
* Added DHCP option 150 to the dictionary. Closes#618.
04 December 2008 - Version 2.1.2 has been released.
Due to packaging issues, 2.1.2 has been pulled from the net.
Noteable changes include:
NetBSD-5 support
Optional DBus and IPv6 support
ISC leasefile support removed
Support DHCP clients in multiple DNS domains
Re-read /etc/resolv.conf when an "interface up" event occurs
- improve chroot handling
- even stricter validation
- support for blocking DNS rebinding attacks
- DLV support
- bugfixes
The package now uses the normal net/ldns package instead of the local
copy.
- better TCP fallback, improved TSIG support
- namespace cleanup
- bugfixes
Require the new version and switch to normal runtime dependencies as it
is normally linked dynamically.
- improved IXFR support
- support for hmac-sha1 and hmac-sha256 in TSIG
- selection of source ip for notifies and zone requests
- NSEC3 is enabled by default
- option to disable CHAOS version support
- bugfixes
resolution of domain names. Normally this file is either static or maintained
by a local daemon, normally a DHCP daemon. But what happens if more than one
thing wants to control the file? Say you have wired and wireless interfaces to
different subnets and run a VPN or two on top of that, how do you say which one
controls the file? It's also not as easy as just adding and removing the
nameservers each client knows about as different clients could add the same
nameservers.
Enter resolvconf, the middleman between the network configuration services and
/etc/resolv.conf. resolvconf itself is just a script that stores, removes and
lists a full resolv.conf generated for the interface. It then calls all the
helper scripts it knows about so it can configure the real /etc/resolv.conf
and optionally any local nameservers other can libc.
Note this is the development version and this package is not marked
-devel.
(The version in NetBSD -current is also a development version.)
The patch is based on changes as seen in NetBSD's custom driver_netbsd.c
(as compared to driver_bsd.c).
The wpa_supplicant package provides a wireless client daemon that supports
WPA, WPA2 (IEEE 802.11i / RSN), and WEP. It implements key
negotiation with a WPA Authenticator and it controls the roaming
and IEEE 802.11 authentication/association of the wlan driver. It
supports several EAP authentication methods.
This package also includes the wpa_cli console frontend.
