* Release 0.9.1 (21-Sep-2015)
Point release to deal with PyPI upload problems. No code changes.
* Release 0.9.0 (21-Sep-2015)
** Plugins for Connection Handlers (#236)
New types of connection hints can now be used, by installing a suitable
connection handler into the Tub. These hints could point to I2P servers or
Tor hidden-service (.onion) addresses. The built-in TCP handler can be
replaced entirely to protect a client's IP address by routing all connections
through Tor. Implementation of these plugins are left as exercise for the
reader: Foolscap only provides the built-in "DefaultTCP" handler. See
doc/connection-handlers.rst for details.
** Shared Listeners are removed (#239)
Until this version, it was possible to create a single Listener that serviced
multiple Tubs (by passing the Listener returned from `l=tubA.listenOn(where)`
into `tubB.listenOn(l)`). This seemed useful a long time ago, but in fact was
not, and the implementation caused irreparable problems that were exposed
while testing the new connection handlers. So support for shared Listeners
has been removed: Tubs can still use multiple Listeners, but each Listener
now services at most one Tub. In particular, `Tub.listenOn()` now only
accepts a string, not a Listener instance.
Note that relays and redirects are still on the roadmap, but neither feature
requires sharing a Listener between multiple local Tubs.
** Extended-Form Connection Hints are removed
Support for extended-form connection hints has been removed. These were hints
with explicit key names like "tcp:host=example.org:port=12345", or
"tcp:example.org:timeout=30". They were added in the 0.7.0 release, but since
then we've realized that this is power that should not be granted to external
FURL providers.
The parser now only accepts "tcp:example.org:12345" and "example.org:12345".
Foolscap has never particularly encouraged applications to call
Tub.setLocation() with anything other than these two forms, so we do not
expect any compatibility problems.
** Option to Disable Gifts (#126)
"Gifts", more precisely known as "third-party reference introductions", occur
when one Tub sends you a message that includes a reference to some object on
a third Tub. This allows references to be passed around transparently,
without regard to which Tub they live on (yours, mine, or theirs), but allows
other Tubs to cause you to create network connections to hosts and ports of
their choosing. If this bothers you, the new `tub.setOption("accept-gifts",
False)` option instructs your Tub to reject these third-party references,
causing the calls that used them to signal a Violation error instead.
** Unreachable Tubs now fully supported (#208)
Unreachable "client-only" Tubs can be created by simply not calling either
`tub.listenOn()` nor `tub.setLocation()`. These Tubs can make outbound
connections, but will not accept inbound ones. `tub.registerReference()` will
throw an error, and Gifts delivered to third parties will not work.
Previous versions suggested using `tub.setLocation("")`: this is no longer
recommended.
** new util.allocate_tcp_port() function
To support a future deprecation of `Tub.listenOn("tcp:0")`, the new
allocate_tcp_port() function was added to return (synchronously) a
currently-unused TCP port integer. This can be used during app configuration
to decide on a listening port, which can then be passed into
`Tub.listenOn("tcp:%d" % portnum)`. This may allow Tub.setLocation() to be
called *before* the reactor is started, simplifying application startup code
(this also requires a suitable hostname or IP address, which is a separate
issue).
** Packaging/Dependency Changes
Foolscap now requires Twisted 10.1.0 or newer, to use Endpoints and
connection handler plugins.
Foolscap's logging system (specifically the twisted-to-foolscap bridge) is
now compatible with Twisted-15.2.0. The previous version had problems with
the new contents of twisted.logger's "eventDict" objects. (#235)
**** 1.02 September 16, 2015
Fix rt.cpan.org #107052
suppress messages: Can't locate Net/DNS/Resolver/linux.pm
Fix rt.cpan.org #106916
Dependency on MIME::Base32 makes Net::DNS not installable on MSWin32
Fix rt.cpan.org #106565
Net::DNS::Resolver::Recurse and IPv6 Reverse DNS
Fix rt.cpan.org #105808
Version test for Pod::Test is broken
Upstream changes:
2.14 2015-09-29T22:36:44Z
- Fix race condition in t/10_oo.t(exodist)
2.13 2015-07-24T02:30:17Z
- check whether the OS implements IPV6_V6ONLY before using it
2.12 2015-05-18T08:14:30Z
- Fixed spelling mistake
(Reported by gregor herrmann)
2.11 2015-04-07T00:07:25Z
- declare IO::Socket::IP as dependency #36
2.10 2015-04-06T19:23:43Z
- ensure the test object is DESTROYed when Net::EmptyPort::empty_port exits https://rt.cpan.org/Public/Bug/Display.html?id=103299
2.09 2015-04-02T21:55:18Z
- fix tests running for a long time on systems that do not support IPv6 #35
2.08 2015-04-02T04:04:33Z
- add `host` argument to various functions for binding to arbitrary address (incl. IPv6) #33
- add function `Net::EmptyPort::can_bind` #34
* Typo's, thanks to Herbert Parentes Fortes Neto
* Clarify that private_interfaces="*" will not forward the root zone
* Change from bzip2 to xz for builiding the source tarball
* ensure that domain-insecure always appears in a server clause for
the unbound subscriber
Changelog:
=============================
Release Notes for Samba 4.3.0
September 8, 2015
=============================
This is the first stable release of Samba 4.3.
UPGRADING
=========
Read the "New FileChangeNotify subsystem" and "smb.conf changes" sections
(below).
NEW FEATURES
============
Logging
-------
The logging code now supports logging to multiple backends. In
addition to the previously available syslog and file backends, the
backends for logging to the systemd-journal, lttng and gpfs have been
added. Please consult the section for the 'logging' parameter in the
smb.conf manpage for details.
Spotlight
---------
Support for Apple's Spotlight has been added by integrating with Gnome
Tracker.
For detailed instructions how to build and setup Samba for Spotlight,
please see the Samba wiki: <https://wiki.samba.org/index.php/Spotlight>
New FileChangeNotify subsystem
------------------------------
Samba now contains a new subsystem to do FileChangeNotify. The
previous system used a central database, notify_index.tdb, to store
all notification requests. In particular in a cluster this turned out
to be a major bottleneck, because some hot records need to be bounced
back and forth between nodes on every change event like a new created
file.
The new FileChangeNotify subsystem works with a central daemon per
node. Every FileChangeNotify request and every event are handled by an
asynchronous message from smbd to the notify daemon. The notify daemon
maintains a database of all FileChangeNotify requests in memory and
will distribute the notify events accordingly. This database is
asynchronously distributed in the cluster by the notify daemons.
The notify daemon is supposed to scale a lot better than the previous
implementation. The functional advantage is cross-node kernel change
notify: Files created via NFS will be seen by SMB clients on other
nodes per FileChangeNotify, despite the fact that popular cluster file
systems do not offer cross-node inotify.
Two changes to the configuration were required for this new subsystem:
The parameters "change notify" and "kernel change notify" are not
per-share anymore but must be set globally. So it is no longer
possible to enable or disable notify per share, the notify daemon has
no notion of a share, it only works on absolute paths.
New SMB profiling code
----------------------
The code for SMB (SMB1, SMB2 and SMB3) profiling uses a tdb instead
of sysv IPC shared memory. This avoids performance problems and NUMA
effects. The profile stats are a bit more detailed than before.
Improved DCERPC man in the middle detection for kerberos
--------------------------------------------------------
The gssapi based kerberos backends for gensec have support for
DCERPC header signing when using DCERPC_AUTH_LEVEL_PRIVACY.
SMB signing required in winbindd by default
-------------------------------------------
The effective value for "client signing" is required
by default for winbindd, if the primary domain uses active directory.
Experimental NTDB was removed
-----------------------------
The experimental NTDB library introduced in Samba 4.0 has been
removed again.
Improved support for trusted domains (as AD DC)
-----------------------------------------------
The support for trusted domains/forests has improved a lot.
samba-tool got "domain trust" subcommands to manage trusts:
create - Create a domain or forest trust.
delete - Delete a domain trust.
list - List domain trusts.
namespaces - Manage forest trust namespaces.
show - Show trusted domain details.
validate - Validate a domain trust.
External trusts between individual domains work in both ways
(inbound and outbound). The same applies to root domains of
a forest trust. The transitive routing into the other forest
is fully functional for kerberos, but not yet supported for NTLMSSP.
While a lot of things are working fine, there are currently a few limitations:
- Both sides of the trust need to fully trust each other!
- No SID filtering rules are applied at all!
- This means DCs of domain A can grant domain admin rights
in domain B.
- It's not possible to add users/groups of a trusted domain
into domain groups.
SMB 3.1.1 supported
-------------------
Both client and server have support for SMB 3.1.1 now.
This is the dialect introduced with Windows 10, it improves the secure
negotiation of SMB dialects and features.
There's also a new optinal encryption algorithm aes-gcm-128,
but for now this is only selected as fallback and aes-ccm-128
is preferred because of the better performance. This might change
in future versions when hardware encryption will be supported.
See https://bugzilla.samba.org/show_bug.cgi?id=11451.
New smbclient subcommands
-------------------------
- Query a directory for change notifications: notify <dir name>
- Server side copy: scopy <source filename> <destination filename>
New rpcclient subcommands
-------------------------
netshareenumall - Enumerate all shares
netsharegetinfo - Get Share Info
netsharesetinfo - Set Share Info
netsharesetdfsflags - Set DFS flags
netfileenum - Enumerate open files
netnamevalidate - Validate sharename
netfilegetsec - Get File security
netsessdel - Delete Session
netsessenum - Enumerate Sessions
netdiskenum - Enumerate Disks
netconnenum - Enumerate Connections
netshareadd - Add share
netsharedel - Delete share
New modules
-----------
idmap_script - see 'man 8 idmap_script'
vfs_unityed_media - see 'man 8 vfs_unityed_media'
vfs_shell_snap - see 'man 8 vfs_shell_snap'
New sparsely connected replia graph (Improved KCC)
--------------------------------------------------
The Knowledge Consistency Checker (KCC) maintains a replication graph
for DCs across an AD network. The existing Samba KCC uses a fully
connected graph, so that each DC replicates from all the others, which
does not scale well with large networks. In 4.3 there is an
experimental new KCC that creates a sparsely connected replication
graph and closely follows Microsoft's specification. It is turned off
by default. To use the new KCC, set "kccsrv:samba_kcc=true" in
smb.conf and let us know how it goes. You should consider doing this
if you are making a large new network. For small networks there is
little benefit and you can always switch over at a later date.
Configurable TLS protocol support, with better defaults
-------------------------------------------------------
The "tls priority" option can be used to change the supported TLS
protocols. The default is to disable SSLv3, which is no longer
considered secure.
Samba-tool now supports all 7 FSMO roles
-------------------------------------------------------
Previously "samba-tool fsmo" could only show, transfer or seize the
five well-known FSMO roles:
Schema Master
Domain Naming Master
RID Master
PDC Emulator
Infrastructure Master
It can now also show, transfer or seize the DNS infrastructure roles:
DomainDnsZones Infrastructure Master
ForestDnsZones Infrastructure Master
CTDB logging changes
--------------------
The destination for CTDB logging is now set via a single new
configuration variable CTDB_LOGGING. This replaces CTDB_LOGFILE and
CTDB_SYSLOG, which have both been removed. See ctdbd.conf(5) for
details of CTDB_LOGGING.
CTDB no longer runs a separate logging daemon.
CTDB NFS support changes
------------------------
CTDB's NFS service management has been combined into a single 60.nfs
event script. This updated 60.nfs script now uses a call-out to
interact with different NFS implementations. See the CTDB_NFS_CALLOUT
option in the ctdbd.conf(5) manual page for details. A default
call-out is provided to interact with the Linux kernel NFS
implementation. The 60.ganesha event script has been removed - a
sample call-out is provided for NFS Ganesha, based on this script.
The method of configuring NFS RPC checks has been improved. See
ctdb/config/nfs-checks.d/README for details.
Improved Cross-Compiling Support
--------------------------------
A new "hybrid" build configuration mode is added to improve
cross-compilation support.
A common challenge in cross-compilation is that of obtaining the results
of tests that have to run on the target, during the configuration
phase of the build. The Samba build system already supports the following
means to do so:
- Executing configure tests using the --cross-execute parameter
- Obtaining the results from an answers file using the --cross-answers
parameter
The first method has the drawback of inaccurate results if the tests are
run using an emulator, or a need to be connected to a running target
while building, if the tests are to be run on an actual target. The
second method presents a challenge of figuring out the test results.
The new hybrid mode runs the tests and records the result in an answer file.
To activate this mode, use both --cross-execute and --cross-answers in the
same configure invocation. This mode can be activated once against a
running target, and then the generated answers file can be used in
subsequent builds.
Also supplied is an example script that can be used as the
cross-execute program. This script copies the test to a running target
and runs the test on the target, obtaining the result. The obtained
results are more accurate than running the test with an emulator, because
they reflect the exact kernel and system libraries that exist on the
target.
Improved Sparse File Support
----------------------------
Support for the FSCTL_SET_ZERO_DATA and FSCTL_QUERY_ALLOCATED_RANGES
SMB2 requests has been added to the smbd file server.
This allows for clients to deallocate (hole punch) regions within a
sparse file, and check which portions of a file are allocated.
######################################################################
Changes
#######
smb.conf changes
----------------
Parameter Name Description Default
-------------- ----------- -------
logging New (empty)
msdfs shuffle referrals New no
smbd profiling level New off
spotlight New no
tls priority New NORMAL:-VERS-SSL3.0
use ntdb Removed
change notify Changed to [global]
kernel change notify Changed to [global]
client max protocol Changed default SMB3_11
server max protocol Changed default SMB3_11
Removed modules
---------------
vfs_notify_fam - see section 'New FileChangeNotify subsystem'.
KNOWN ISSUES
============
Currently none.
CHANGES SINCE 4.2.0rc4
======================
o Andrew Bartlett <abartlet@samba.org>
* Bug 10973: No objectClass found in replPropertyMetaData on ordinary
objects (non-deleted)
* Bug 11429: Python bindings don't check integer types
* Bug 11430: Python bindings don't check array sizes
o Ralph Boehme <slow@samba.org>
* Bug 11467: Handling of 0 byte resource fork stream
o Volker Lendecke <vl@samba.org>
* Bug 11488: AD samr GetGroupsForUser fails for users with "()" in
their name
o Stefan Metzmacher <metze@samba.org>
* Bug 11429: Python bindings don't check integer types
o Matthieu Patou <mat@matws.net>
* Bug 10973: No objectClass found in replPropertyMetaData on ordinary
objects (non-deleted)
CHANGES SINCE 4.2.0rc3
======================
o Ralph Boehme <slow@samba.org>
* Bug 11444: Crash in notify_remove caused by change notify = no
o Günther Deschner <gd@samba.org>
* Bug 11411: smbtorture does not build when configured --with-system-mitkrb5
o Volker Lendecke <vl@samba.org>
* Bug 11455: fix recursion problem in rep_strtoll in lib/replace/replace.c
* Bug 11464: xid2sid gives inconsistent results
* Bug 11465: ctdb: Fix the build on FreeBSD 10.1
o Roel van Meer <roel@1afa.com>
* Bug 11427: nmbd incorrectly matches netbios names as own name
o Stefan Metzmacher <metze@samba.org>
* Bug 11451: Poor SMB3 encryption performance with AES-GCM
* Bug 11458: --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't
disable ldb build and install
o Andreas Schneider <asn@samba.org>
* Bug 9862: Samba "map to guest = Bad uid" doesn't work
CHANGES SINCE 4.3.0rc2
======================
o Andrew Bartlett <abartlet@samba.org>
* Bug 11436: samba-tool uncaught exception error
* Bug 10493: revert LDAP extended rule 1.2.840.113556.1.4.1941
LDAP_MATCHING_RULE_IN_CHAIN changes
o Ralph Boehme <slow@samba.org>
* Bug 11278: Stream names with colon don't work with
fruit:encoding = native
* Bug 11426: net share allowedusers crashes
o Amitay Isaacs <amitay@gmail.com>
* Bug 11432: Fix crash in nested ctdb banning
* Bug 11434: Cannot build ctdbpmda
* Bug 11431: CTDB's eventscript error handling is broken
o Stefan Metzmacher <metze@samba.org>
* Bug 11451: Poor SMB3 encryption performance with AES-GCM (part1)
* Bug 11316: tevent_fd needs to be destroyed before closing the fd
o Arvid Requate <requate@univention.de>
* Bug 11291: NetApp joined to a Samba/ADDC cannot resolve SIDs
o Martin Schwenke <martin@meltin.net>
* Bug 11432: Fix crash in nested ctdb banning
CHANGES SINCE 4.3.0rc1
======================
o Jeremy Allison <jra@samba.org>
* BUG 11359: strsep is not available on Solaris
o Björn Baumbach <bb@sernet.de>
* BUG 11421: Build with GPFS support is broken
o Justin Maggard <jmaggard@netgear.com>
* BUG 11320: "force group" with local group not working
o Martin Schwenke <martin@meltin.net
* BUG 11424: Build broken with --disable-python
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
* Fix preview of Instagram images
* Allow uppercase extensions on preview of image URLs
* Fix error on fetching private or protected users' lists
when multiple accounts are registered and selected account
doesn't have privileges to access the private lists
* Reduce Twitter API requests to get lists
Add LICENSE
Upstream changes:
maradns-2.0.13:
This is the stable release of MaraDNS.
Two non-critical buffer overflows from ParseMaraRc fixed. One can never be exploited; the other one can only be exploted by the (usually) root user by writing to the system mararc file.
Deadwood updated to 3.2.09
(2015-09-25)
maradns-2.0.12:
This is the stable release of MaraDNS.
Security fix for improper free() in zoneserver
Deadwood updated to 3.2.08
Zone transfers now work with newer versions of dig
Documentation updates
(2015.08.19)
maradns-2.0.11:
This is the stable release of MaraDNS.
Deadwood updated to 3.2.07
(2015.01.30)
maradns-2.0.10:
This is the stable release of MaraDNS.
Deadwood updated to 3.2.06
Zoneserver now compiles and runs in Cygwin (so Windows users can have DNS-over-TCP support).
(2015.01.24)
maradns-2.0.09:
This is the stable release of MaraDNS.
Deadwood updated to 3.2.05
Startup scripts are now chkconfig-compatible
(2014.02.12)
maradns-2.0.08:
This is the stable release of MaraDNS.
Deadwood updated to 3.2.04
Make DNS packet compression case-insensitive
Attach IPv6 glue to NS and MX records when MaraDNS is compiled for IPv6
Remove warning when MaraDNS is compiled for IPv6
Remove warning when compiling getzone.c
(2014.01.14)
maradns-2.0.07d:
This is the stable release of MaraDNS.
Deadwood updated to 3.2.03d to patch security hole discussed at samiam.org/blog/20131202.html
(2013.12.02)
maradns-2.0.07c:
This is the stable release of MaraDNS.
Seven-line fix to Deadwood to fix resolution problem; more details in blog
(2013.07.20; declared stable 2013.09.20)
maradns-2.0.07b:
This is the stable release of MaraDNS.
One-line fix to Deadwood to fix resolution problem
(2013.04.23; declared stable 2013.06.22)
maradns-2.0.07:
This is the stable release of MaraDNS.
MaraDNS updated for CentOS 6
Deadwood updated to 3.2.03
GPG key updated
Installs and tests pass in new CentOS install
(2013.01.20)
maradns-2.0.06:
This is a stable release of MaraDNS.
Deadwood updated to 3.2.02
(2012.03.11)
Add rc script, and launch as daemon by default.
1.0.1
=====
* Update the version because of a **stupid** "feature"(TM) of PyPI
1.0 - Sunflower
===============
* Enhanced performances (by Mathieu Dupuy)
* Add MD5-APR1 and BCRYPT for htpasswd-based authentication (by
Jan-Philip Gehrcke)
* Use PAM service (by Stephen Paul Weber)
* Don't discard PROPPATCH on empty collections (Markus Unterwaditzer)
* Write the path of the collection in the git message (Matthew Monaco)
* Tests launched on Travis
syncffsd uses rsync(1) to replicate a directory tree to another host.
This involves detecting changes, something NetBSD is not well prepared to
handle. The kqueue(2) interface can detect changes, but it needs to use a
file descriptor for every node monitored, and this does not scales very
well for huge directories trees.
syncffsd attempts to improve the situation until kqueue(2) gets better,
by using FFS superblock's fs_time field, which is updated on every
filesystem change. This lets syncffsd detects a change immediatly if the
filesystem is mounted synchronous, or after a few seconds if mounted with
WAPBL(4) enabled.
Once a change is detected, the relevant nodes are found by walking source
looking for files that changed since the previous filesystem modification.
The resulting nodes are deduped (i.e.: we do not retain a node in
a directory if the directory itself changed), and are fed to rsync(1).
This is preferable for binary package use as it allowes the user to choose
which features to enable by changeing the configuration file instead of
recompiling. This is also how ProFTPD is usually packaged in other systems.
For details about ProFTPD and DSO see:
http://www.proftpd.org/docs/howto/DSO.html
This change removes the following PKG_OPTIONS.proftpd:
ban, ldap, mysql, pgsql, proftpd-readme, quota, tls and wrap
The modules that were previously compiled when enabling ban, proftpd-readme,
quota or tls are now always included. To load them use a configuration
directive like:
LoadModule mod_ban.c
In addition the proftpd package includes by default many other modules that
were previously unavailble like: mod_load, mod_radius, mod_sftp and more.
The module that was provided by the wrap option is replaced by the wrap2 module
which is also always included.
The ldap option is superseded by the proftpd-ldap package.
The mysql option is superseded by the proftpd-mysql package.
The pgsql option is superseded by the proftpd-postgresql package.
Using proftpd-postgresql will create one binary package for each PostgreSQL
version in pkgsrc.
In addition the following added packages provide new functionality:
- proftpd-geoip (access GeoIP details)
- proftpd-memcached (mod_memcache and mod_tls_memcache)
- proftpd-odbc (access any ODBC database)
- proftpd-sqlite (access to sqlite3)
- Various performance improvements in the server
- Reduce default heartbeat interval from 580 to 60 seconds
- Force essential TCP options, especially {reuseaddr, true}.
- Catch SIGTERM and other signals in the rabbitmq-server script to stop
RabbitMQ gracefully
- Fix a queue hang when a slave node is lost
- Fix a crash during startup when RabbitMQ tries to clean non-existing
bindings
- Support backticks in the password field when adding a user with
rabbitmqctl on Unix
- Fix a problem in gen_server2 causing calls to timeout under certain
conditions
- Federation: Fix a crash when certain headers are already present
in the forwarded message
- Federation: Increase reconnection delay from 1 to 5 seconds
- Federation: Ignore federation-specific headers added by clients
- Management UI: Do not consider non-UTF-8 content as invalid
- Management UI: Split long Base64 content in multiple lines
- Management UI: Fix a bug with rounding moving averages
- MQTT: Coerce default_user, default_pass, exchange and vhost to
Erlang binaries
- Stomp: Set the redelivered header to a boolean value
- Stomp: Properly propagate extensions headers (x-headers) in
the SUBSCRIBE and SEND frames
- Stomp: Duplicate subscription IDs no longer result in unhandled
exceptions
Full release notes:
https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_5_5
=========
FEATURES:
- RFC7553 RR Type URI support.
- removed hardcoded interface limit, --with-max-ips removed.
- SO_REUSEPORT support, by default on Linux, or with reuseport: yes.
- Admitted axfrs are logged at verbosity 1. Refused at verbosity 2.
- --enable-pie and --enable-relro-now options for a safer executable.
BUG FIXES:
- Fix NSID response for short edns sizes.
- Fix that for expired zones NSD performs an AXFR and accepts newer
and older serial numbers.
- Document that minimal responses only minimizes responses to fit
in one datagram. It does not minimize smaller responses.
- Fix#618: documented need to list ip-addresses seperately in
nsd.conf if there are multiple, because the source address of
replies can otherwise go wrong.
- Fix that notify from nsd-control contains soa serial.
- Fix#698 formatting errors and typos in nsd.8.in.
Fixes problem reported in PR 50220 by Germain Le Chapelain.
2014/03/22: version 3.1.5 = tag release-3-1-5
8415: Revert patch #8328 to fix GTK2 gui's compilation (ygrek)
2014/03/10: version 3.1.4 = tag release-3-1-4
8388: BT: use porttest service from EDK module (ygrek)
8352: CryptoPP: Fix compilation with gcc-4.7 (Jaakko Perttilä)
8351: CryptoPP: Fix FreeBSD build with clang on i386 (tijl)
8350: CryptoPP: Fix compilation on armhf (ygrek)
Changes:
***
*** Wednesday, September 3, 2014 -- Dante v1.4.1
***
o Fixed configure problem with detection of libc.so on recent FreeBSD
versions.
Problem report and testing by Mikhail <mp39590@gmail.com.example.com>.
o Fixed problem in configure test used for figuring out which
buffer in an IPC socket is used for determining bytes that can
be buffered. Should fix problem on FreeBSD.
Diagnosed in detail by Mikhail <mp39590@gmail.com.example.com>.
Also reported by Carlos Jacobo Puga Medina <cpm@fbsd.es.example.com>.
o Fixed bug in handling of buffered GSSAPI data.
o Added keywords for specifying that only IPv4 or IPv6 should be used
on internal or external interfaces.
o Fix bug that prevented external.rotation: same-same from working correctly.
Reported by Alexander.V.Makkoveev (makkoveev@gmail.com.example.com).
o AIX 6.1 compilation fixes.
o NetBSD 6.1.3 gethostbyaddr() configure fix.
Problem reported by Anthony Howe <achowe@snert.com.example.com>.
o Use wait3(2) rather than wait4(2), as the latter (implemented as a
wrapper on Solaris) has a bug on Solaris in the handling of the WAIT_ANY
value. This is -1 traditionally, but on Solaris wait4(2) is expecting
it to be the value 0. This change also fixes a similar problem on AIX.
o Remove extra CRLF from CONNECT request, as in patch submitted by
"Dyson, Brian J" <Brian.Dyson@ca.com.example.com>.
***
*** Monday, November 18, 2013 -- Dante v1.4.0
***
o Older syntax for setting the socket buffer sizes via
socket.recvbuf.udp, socket.sendbuf.udp, socket.recvbuf.tcp and
socket.sendbuf.tcp options have been deprecated and replaced with
the more general API for setting socket options.
"socket.recvbuf.udp" can now be set by "<interface-side>.udp.so_rcvbuf"
"socket.sendbuf.udp" can now be set by "<interface-side>.udp.so_sndbuf"
"socket.recvbuf.tcp" can now be set by "<interface-side>.tcp.so_rcvbuf"
"socket.sendbuf.tcp" can now be set by "<interface-side>.tcp.so_sndbuf"
<interface-side> refers to either "internal", for Dante's internal
interface(s), or "external", for Dante's external interface(s).
o socks-rules now require a "socks" prefix (like client-rules require a
"client" prefix), and the socks "method" keyword has been renamed to
"socksmethod".
o The "socksmethod" keyword can now be set in client-rules too. It
is used to override the default preference for what socksmethod to
select for which clients addresses, making it possible to by
default e.g., have the preference "gssapi username none", but for
some client-ranges have a different preference, e.g., "none
username gssapi".
Normally there is no need to use set this keyword in a client-rule.
o Fallback to direct (non-proxy) routes now defaults to off in the client,
as well as in the server.
To keep previous behaviour in the client, with direct route fallback
for destinations with no matching route, set SOCKS_DIRECTROUTE_FALLBACK
to "yes" in the environment, or ./configure with --enable-drt-fallback.
Direct fallback is enabled if there are no routes configured (as is
usually the case in a server configuration), and disabled otherwise.
o IPv6 is now supported in the server.
Standard IPv6 address syntax is used for addresses, with the addition
of the special address "0/0" used for matching both all IPv4 and
all IPv6 addresses.
o New "monitor" object added. Syntax is similar to rules and routes,
but instead of applying to individual sessions, it applies to all
sessions currently matching the addresses to monitor.
This can be used for monitoring network anomalies related to too
little data being transferred or too many disconnects occurring,
triggering alarms if detected.
o Possibility to configure system errors and DNS-errors for
special logging in certain cases (when connecting and performing
hostname resolving).
o More aggressive regarding how many processes to fork when starting
and how many processes to reserve for future clients.
o Added new log keyword: "tcpinfo". Used to report more extensive
statistics about sessions, including TCP_INFO on supported platforms.
o SIGINFO/SIGUSR1 output is now logged at level "info" instead of level
"debug".
o SIGHUP code rewritten. Should function considerably better in
environments were SIGHUP is, for whatever reason, sent an excessive
amount of times every second.
o Default for the maximum number of clients an i/o process can handle has
been increased from 8 to 32.
o Improved UDP compatibility by sending appropriate ICMP unreachable
errors to clients and targets, if running with the appropriate
privileges (typically, root is required for this).
Makes it possible for a client or target to be notified that a UDP
packet it wanted the Dante server to forward was not forwarded.
o Reduction in memory consumption at the expense of allocating extra
memory dynamically in the very rare, perhaps non-existing, cases
where the extra memory is needed.
o The default timeout for TCP i/o (timeout.io.tcp) has been changed from
84000 to 0. 0 means use the kernels default, which in most cases will
mean no timeout. See UPGRADE for more information.
o The session module has been merged with the mainstream Dante code,
and has also been extended to support the following new features:
- connection throttling (number of new sessions accepted per second).
- state-keys.
Two state keys are currently supported:
- per-IP address.
- per-hostid (hostid is supported on certain platforms, with
certain kernel patches, with certain clients).
The syntax has also changed (see UPGRADE).
See the manual for more information about the new features.
o Code used for finding the correct outgoing address to bind when
external.rotation is set to "route" replaced with much simpler,
but hopefully equally (or better) functioning code.
Idea taken from Quagga.
o Use getpassphrase() rather then getpass() to obtain password for
username authentication when available. Avoids 9 character limit
on Solaris. Suggested by Albert Fluegel <af@muc.de.example.com>
o Use sqrt() rather than sqrtl() in stddev calculation, as sqrtl() is not
available on some platforms (such as FreeBSD 7.2). Problem reported
by Rudolf Polzer <rpolzer@one-it.de.example.org>.
o If the authentication method used was RFC931 (ident), the username
was not always logged when it should be.
Reported by Gregory Charot (EVENIUM) <gcharot@evenium.com.example.com>.
o Syntax checking has been improved to better detect invalid or
likely incorrect server configurations.
This can result in some configurations that have previously been
accepted or accepted with warnings by Dante, to now cause an error
on startup, preventing the Dante server from starting up until the
configuration error has been fixed.
o Fixed compilation on OpenBSD with compilers not supporting -Wbounded.
Problem report and testing by
Mikael More <mikael.more@gmail.com.example.com>.
o GSSAPI "clear" is no longer enabled by default, as it is not part
of the SOCKS GSSAPI standard per se.
o external.rotation was not handling non-IPv4 target addresses correctly.
Reported and diagnosed by Rudolf Polzer <rpolzer@one-it.de.example.com>.
o The "--disable-libwrap" option has been renamed "--without-libwrap".
o Fixed bug that would cause the following warning to sometimes be
erroneously reported:
"warning: accept(2) failed: Resource temporarily unavailable"
o SIGINFO log information extended to include information about i/o
buffer status and as well as UDP packet latency.
o Real-time scheduling priority settings and CPU affinity settings made
available in sockd.conf.
See https://www.inet.no/dante/files/dante_realtime_preview.pdf for
a performance analysis done in relation to these new features.
o General API for setting socket options on sockets used by Dante
made available in sockd.conf.
o Support for cross compilation of client library for Android
(system name 'arm-linux-androideabi').
Testing and analysis by Yoav Weiss <weiss.yoav@gmail.com.example.com>.
o Problem with sockd.init generation in dante.spec fixed.
Reported by Luiz Gustavo Nascimento <luizgn@gmail.com.example.com>.
***
*** Thursday, August 4, 2011 -- Dante v1.3.2
***
o Part of the possible resource optimization indicated in section 4.4
of the Dante 1.3.1 performance evaluation report
(http://www.inet.no/dante/doc/1.3.x/dante_performance_1.3.1.pdf)
has been implemented: scheduling new clients to the Dante process
with fewest free slots available.
o If a proxy server (socks, http, or upnp) is configured via
environment variables, don't attempt to also parse any socks.conf
files.
o The "HTTP_PROXY" environment variable has been renamed to
"HTTP_CONNECT_PROXY" to avoid conflict with HTTP proxies that do not
support the HTTP CONNECT request.
o Fixed an unintended change to ACL semantics regarding bind requests in
Dante 1.2.3.
Noted by Ralf Wenk <Ralf.Wenk@hs-karlsruhe.de.example.com>. Many thanks.
o Fixed a bug regarding handling of cases where the ulimit for max number
of files is unlimited. Reported and analyzed by
Ralf Wenk <Ralf.Wenk@hs-karlsruhe.de.example.com>.
o Fixed a bug introduced in 1.3.1 related to privileges during startup
on Solaris.
***
*** Tuesday, June 21, 2011 -- Dante v1.3.1
***
o Fixed a bug regarding handling of socks clients that do not follow the
spec and start sending traffic data before request has been granted.
o Fixed an error related to ACL on UDP-packets. If a given SOCKS
client was allowed to send some UDP packets, in some cases packets
from the same SOCKS client that should have been blocked were allowed.
***
*** Tuesday, June 14, 2011 -- Dante v1.3.0
***
o Fixed a bug related to parsing the HTTP_PROXY environment variable.
Problem reported by John Fletcher <john.fletcher@rd.bbc.co.uk.example.com>.
Note that the format of the HTTP_PROXY variable has also changed.
o Logfiles can now be added or changed in sockd.conf after startup.
o The priority of proxy routes has changed, so that a SOCKS v4 route is
now preferred over a SOCKS v5 route when both can be used, because
v4 requests can be performed faster than v5 requests.
o Support for a new module, providing LDAP based authorisation.
Developed by Markus Moeller (markus_moeller at compuserve.com).
Note that modules need to be purchased separately.
See "http://www.inet.no/dante/module.html" for more information about
Dante modules.
o Resource requirements have been significantly reduced.
Performance has also been improved.
o When checking whether a username is member of a group, as used in
in group-based authentication checks, also check against the
primary groupname of the user, as listed in /etc/passwd or similar,
rather than only against the entries in /etc/group or similar.
Based on a patch from Ralf Wenk <Ralf.Wenk@hs-karlsruhe.de.example.com>.
Thanks.
o The socket buffer sizes can now be set in sockd.conf. The default
value is 0, which lets the kernel choose the buffer sizes itself.
o A new keyword has been added to the configuration files: "errorlog".
The syntax is the same as for the "logoutput" keyword, but
"errorlog" is used to specify how errors, and only errors, should
be logged.
The meaning of the "logoutput" keyword has not changed, and will
still log errors if configured to do so.
o "child.maxidle: yes" is now the default setting, meaning most idle
sockd child processes will be terminated automatically.
o A bug that prevented binding privileged ports in the client from working
has been fixed.
Bug reported by Christophe Réquillart <requillart@gmail.com.example.com>
o Two new timeout parameters have been added to sockd.conf:
- "timeout.connect":
This controls how many seconds the server will wait for a connect
initiated on behalf of the SOCKS-client to complete. The default
is 30. Setting it to 0 will use the kernel default.
- "timeout.tcp_fin_wait":
This controls the equivalent of TCP FIN-WAIT-2.
Note that FIN-WAIT-2 is a normal TCP state. Having many tcp
connections stuck in this state does not indicate something is wrong,
but it can create a resource problem for the kernel if there are
too many of them.
The default value is 0, meaning, let the kernel handle it as before
rather than for Dante to time out sessions in this state.
o "timeout.connect" is now supported also in socks.conf. The value
overrides the default timeout when the client attempts to connect
to the SOCKS server.
o The different server timeouts (negotiate, connect, i/o) can now be
set on a rule-by-rule basis, and not just globally for all rules.
o The config.h variables MAX_ROUTE_FAILS and BADROUTE_EXPIRE can now
set in the configuration files instead of at compile time.
The new values are "route.maxfail" and "route.badexpire" and control
how to handle bad routes (to e.g., a SOCKS/HTTP proxy server).
o Support for a new value for the "external.rotation" keyword: "same-same".
This will tell the Dante server to use the same address for outgoing
connections as the address the SOCKS client was accepted on, i.e.,
one of the internal addresses.
Based on a patch from Lysenko Konstantin <gshaud@gmail.com.example.com>.
Thanks.
o Fixed a bug where we could end up exiting if we got a SIGHUP
at a point where we had no more free file descriptors, and
thus could not reopen the sockd.conf.
Problem reported by Mark Sinner <mark.sinner@db.com.example.com>.
o The most time consuming part of the work performed by the request
children (waiting for connect(2) to complete) has been moved to the
i/o children.
This should reduce the total number of sockd processes necessary to
handle medium and higher loads, since the request children can only
handle one client at a time, while the i/o children can handle many.
o The "srchost" parameter "nomismatch" has been renamed to "nodnsmismatch",
while "nounknown" has been renamed to "nodnsunknown".
The "nodnsmismatch" and "nodnsunknown" functionality is now
implemented internally in sockd, rather than via libwrap; there is
no longer any dependency on libwrap ("tcp_wrappers") when using
these options.
o BSD authentication support on OpenBSD.
o Option ordering in sockd.conf is now enforced, rather than just
recommended. Server options now always have to come before rules
and routes.
o The file to write the pid to can now be specified on the command line
using the "-p" option.
o If TMPDIR is not set, temporary files will be created in the
current working directory when sockd is started. If this fails,
temporary files will be created in "/tmp" as before.
o A 64-bit version of libdsocks is now built on 64-bit OpenSolaris machines.
Should make socksify work with 64-bit applications.
o Fix compilation on machines with Linuxthreads. Locking via
Linuxthreads is however not supported.
Problem report and testing by
Nicolas VANHAUTE <nicolas.vanhaute@ac-clermont.fr.example.com>
o Fix usage of negation operation in shell scripts causing problems
for socksify when using Bourne shell on Solaris 8.
Problem reported by Sebastian Kayser <skayser@opencsw.org.example.com>.
o Size of byte and packet counters used for logging changed to 64 bits.
o IBM Visual Age C/C++ V8 compilation fixes for AIX.
Problem reported by Kieron Curtis2 <KCURTIS2@uk.ibm.com.example.com>
***
*** Monday, March 21, 2011 -- Dante v1.2.3
***
o Fix problem introduced in version 1.2.1, causing the SO_REUSEADDR
flag to not be set. Would cause problems during server restart if
only the main process was killed.
Thanks to Ralf Wenk <Ralf.Wenk@hs-karlsruhe.de.example.com> for
reporting this problem.
o The regular expression for host and interface name parsing has been
relaxed somewhat, allowing the use of some interface names and host
names containing characters that were not allowed previously.
Fixes problem reported by karesmakro <ipcop@it-connect-unix.de.example.com>,
Ralf Wenk <Ralf.Wenk@hs-karlsruhe.de.example.com>,
and <Adam.Barclay@barclayscapital.com.example.com>.
o The traffic log format has been slightly extended and now includes
complete information about all communication endpoints, for both
normal usage and with server chaining.
o Compilation fixes for older Linux distributions.
o Fix bug where the Solaris capabilities were not correctly
added/removed at all times.
o Compilation fixes for AIX 6.1. Problem report and testing by
Ville O Kesola <ville.kesola@fi.ibm.com.example.com> and
Ralf Wenk <iz-dante-0910@hs-karlsruhe.de.example.com>.
***
*** Tuesday, September 21, 2010 -- Dante v1.2.2
***
o Fix PAM bug introduced in v1.2.0 that would leak resources when
using PAM. Also relax the code handling PAM concerning
unknown msg_styles.
o Set PAM_RUSER so that rhosts-based PAM authentication can work.
o Wrapper for calling getsockopt(2) with SO_ERROR added.
o Compilation fixes for AIX 6.1.
Problem reported by Ralf Wenk <iz-dante-0910@hs-karlsruhe.de.example.com>.
Note to Ralf Wenk: we have been unable to contact you on the email
address you send from.
***
*** Friday, May 28, 2010 -- Dante v1.2.1
***
o GSSAPI support is no longer disabled on Heimdal versions older than
0.8.0, which have no wrap/unwrap support for aes256-cts-hmac-sha1-96.
The following krb5.conf configuration might be needed to ensure that
AES-256 is not used:
default_etypes = arcfour-hmac-md5 des3-cbc-sha1 des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
Problem analyzed by Markus Moeller <markus_moeller at compuserve.com>.
o Code for shutting down idle sockd processes put back and can be
enabled again, if desired. It is not recommended for busy servers
however as performance may be slightly degraded.
o Fix bug related to clients using MSG_PEEK and GSSAPI on Linux.
Problem found by Markus Moeller <markus_moeller at compuserve.com>.
o Don't print warning if accept(2) fails when started with the -N<k> option.
When started with the -N option, it is expected that accept(2) will
fail in 1/k of the cases. Instead just log a debug message about it.
Should fix problem reported by Mark Sinner <mark.sinner@db.com.example.org>.
o The fflush() wrapper function did not handle a NULL argument.
Reported by "Kirby Zhou" <kirbyzhou@sohu-rd.com.example.org> and
Victor Sologoubov <victor0@rambler.ru.example.org>
o Fix libsocks upnpcleanup() linking problem when compiled without
libminiupnpc.
Problem reported by Kyle Thurow <krthurow@gmail.com.example.com> and
Adam Prato <adam.prato@gmail.com.example.com>.
o Assert failure related to message passing on some 64-bit architectures
fixed. Problem reported by Soner Tari <soner@comixwall.org.example.com>.
o The capi/socks.h file was not correctly installed.
Problem reported by Soner Tari <soner@comixwall.org.example.com>.
o Compilation fixes for OpenSuse 11.1.
Problem reported by Markus Moeller (markus_moeller at compuserve.com).
o Compilation fix for config_parse.y compilation without YYDEBUG.
Problem reported by Markus Moeller (markus_moeller at compuserve.com).
o Compilation fixes for AIX 6.1.
Problem reported by Ralf Wenk <iz-dante-0910@hs-karlsruhe.de.example.com>.
Tested by Marcel Augenstein.
***
*** Tuesday, October 27, 2009 -- Dante v1.2.0
***
o Improvements to client thread compatibility. The client
library should now be mostly thread safe.
o Solaris privilege model support. Based on patch from
Mayuresh Nirhali <Mayuresh.Nirhali@Sun.COM.example.com> & co.
o Make support for the socks 5 version described in draft-5.05 be
configurable. Before this was always enabled, but it breaks clients
based on NEC socks code in some cases as they use the same bit to
mean something completely different.
A new option has been added to sockd.conf to enable it:
"compatibility: draft-5.05". Unless explicitly enabled, the Dante
server will not use the socks 5.05 draft specification.
Problem found by Markus Moeller (markus_moeller at compuserve.com).
o Don't leak username/passwords provided to us for local authentication
to upstream proxy server when server-chaining. Error reported by
Mathieu DELAPLACE <mathieu.delaplace@gmail.com.example.com>.
o Fixed a bug/oversight that imposed an artificial limit on the number
of sockd processes that could be created, even when the load required
more.
o Slight improvement of configuration parsing in an attempt to avoid
confusing non-qualified hostnames with NIC interface names.
o The default connect-timeout/negotiate-timeout has been reduced from
120 seconds to 30 seconds. The "connecttimeout" name has also been
deprecated in favour of "timeout.negotiate".
o Separate iotimeouts can be set for udp and tcp clients. The "iotimeout"
object has also been deprecated in favour of "timeout.io".
o New configure option: "--disable-drt-fallback".
Used to disable the attempted automatic fallback to a direct route
if there are no usable proxy routes. Default is, as before,
automatic fallback.
o Added a new option: "udp.connectdst". Controls whether the server
should connect udp sockets to the destination.
The default for this release is yes, which improves performance,
but _may_ be incompatible with some udp-based application protocols.
Please let us know if you experience problems with some applications
no longer working.
o Markus Moeller (markus_moeller at compuserve.com) contributed support
for GSSAPI encryption/authentication (RFC 1961) to both the socks
server and socks client. Many thanks to Markus for this and for a
lot of help in testing it.
o Fixed problem with connection close before accept on HPUX.
Based on patch from Reine Persson <reine.persson@skatteverket.se>.
o Support for SunOS 4 and Solaris 2.5.1 removed.
o Added gethostbyaddr prototype for compilation on FreeBSD v6.2.
Patch from "Igor Mozolevsky" <igor@hybrid-lab.co.uk>.
o Fix getifa compilation problem on Solaris 8.
Reported by "Thomas" <dante@birdhouse.ch.example.com>.
o Patch from Markus Moeller (markus_moeller at compuserve.com),
to limit the range of udp-ports used between the socks-client
and the Dante server.
o By default, try to auto-add direct routes for all addresses on the LAN.
To disable it, set SOCKS_AUTOADD_LANROUTES to "no".
o Fix bug that caused problems with certain combinations of
bind(2)/accept(2)/close(2).
Reported by Markus Moeller (markus_moeller at compuserve.com).
o Fix bug that erroneously blocked the bind request from some clients.
Reported by Markus Moeller (markus_moeller at compuserve.com).
o Add support for environment variables SOCKS4_SERVER, SOCKS5_SERVER,
HTTP_PROXY, and UPNP_IGD.
If set, they specify the socks v4, socks v5 server, http proxy,
or UPNP-enabled ID to use, without the need for a socks.conf.
This should make it possible to run socksify with reasonable results
even without a socks.conf, as long as one of these new environment
variables are set correctly.
o Auto-add direct routes for all gateways. Should make the client
a little more user-friendly by not having to specify "direct" routes
for the proxyserver any longer.
o More fine grained marking of when to mark a proxy route as "bad" so that
it will not be used again by the same client.
Also add a new variable to config.h, MAX_ROUTE_FAILS, determining
how many times a route can fail before being blacklisted. Default
is one (same semantics as before there was a variable to control this).
o Fix bug that could prevent password authentication from working
on some systems. Spotted by
Nathan Johnson <n.johnson@vanderbilt.edu.example.com>.
o Add configure option --without-glibc-secure, which disables check for
the glibc variable __libc_enable_secure. Creates undesired dependencies
for packaging. Reported by Mathieu CHOUQUET-STRINGER
<mathieu.chouquet-stringer@sgcib.com.example.com>.
o New getifaddrs() compatibility function, taken from Heimdal-1.2.1.
o (Open)Solaris sa_len compilation problem fixed.
Reported by Markus Moeller (markus_moeller at compuserve.com).
o New version of the BSD version of "external.rotation: route",
from Christoph Badura <bad@bsd.de.example.com>.
o Support for interface names in sockd rules, and in the destination
address for socks routes.
Should make it easier to set up direct routes for local lan in
the client (specify all local interface names in route statements),
and block connections to e.g. loopback addresses (specify the the
loopback interface name in a block rule) in the server.
o UPnP support in the client, using the miniupnp library by
Thomas Bernard (http://miniupnp.free.fr/).
UPnP is a protocol implemented by many home/small-business routers
and adsl-modems. It allows you to dynamically open up ports on
the router for accepting incoming connections, as well as figuring
out what the external ipaddress of the router is.
Dante uses this to make socksify of ftp/bittorent/etc programs
work via the UPnP router.
Note that only the miniupnp library with release date 2009/09/21
or later is expected to work with Dante.
o Be less strict about bind in the client. The standards says
it is expected that the client first performs a connect via
the socks server, but it seems some/many socks servers support
the client requesting a bind without a previous connect, so we
assume that is the case in the client from now on.
o Changed the magic bytes that indicate the client is requesting
use of the Dante-specific bind extension from 0x00000000 to
0xffffffff, as part of the process to become less strict about
the bind command requiring a previous connection.
o Don't zero password in client if we read it from environment, or
it will not work the next time the same client process tries to
authenticate to the server.
Found by Pavel Fedin <fedin@matek.ru.example.com>.
That mail address no longer works. Please contact us if you have
another address for Mr. Fedin.
o Add support for "group:" syntax to rules, similar to "user:" statement.
Requested by Don Harvie <donharvi@au1.ibm.com.example.com>
o Close connection to PAM server each time we get an error-reply from
it, fixing a bug.
Patch from Robert Marcano <robert@marcanoonline.com.example.com>.
o Incorrect assert fixed. Problem reported by
"d binderman" <dcb314@hotmail.com.example.com>.
o Log close of client-rule with correct command.
Fixes bug reported by Tom Vandenbelt <tvandenb@au1.ibm.com.example.com>.
o Update to autoconf 2.61 and libtool 1.5.26.
## Changes between 1.9.x and 2.0.0
2.0.0 has **breaking changes** in header encoding.
### Signed Integer Encoding in Headers
Integer values in headers are now encoded as signed 64-bit
(was unsigned 32-bit previously, unintentionally).
This is a breaking change: consuming messages with integers in headers
published with older versions of this library will break!
### Signed 16 Bit Integer Decoding
Signed 16 bit integers are now decoded correctly.
### Signed 8 Bit Integer Decoding
Signed 8 bit integers are now decoded correctly.
Contributed by Benjamin Conlan.
1.7.1
Release date: 2015-09-07 18:05 UTC
Changelog:
- Fix a syntax error in the quotedata() test.
- Fix an undefined value resulting from a bad merge. (#23)
- Add TLSv1.1 and TLSv1.2 support for STARTTLS connections. (#22)
1.7.0
Release date: 2015-09-06 19:20 UTC
Changelog:
- This version drops PHP 4 support in favor of more modern PHP language
constructs.
librsync implements the rolling-checksum algorithm of remote
file synchronization that was popularized by the rsync utility. This
algorithm transfers the differences between 2 files without needing both
files on the same system. librsync is for building other programs that
transfer files as efficiently as rsync. You can use librsync in a program
you write to do backups, distribute binary patches to programs, or
sync directories to a server or between peers.
