3.07 2015-07-17
- Net::FTP::rmdir() has been made more robust by making use of the MLSD
command in addition to the NLST command since the latter is known not to
be processed correctly by some FTP servers.
[Chris Lindee, CPAN RT#100694]
- Net::FTP, Net::NNTP, Net::POP3 and Net::SMTP can now restrict domain to
IPv4 even if IPv6 is available by using the new Domain or Family argument.
Net::NNTP now supports the LocalPort argument in addition to LocalAddr.
Net::POP3 now supports the LocalAddr and LocalPort arguments in addition
to ResvPort (which is retained for backwards compatibility).
[Steffen Ullrich, PR#18]
- Fixed a bug in Net::Cmd::datasend() which caused octets in [\x80-\xFF]
stored in a "binary string" to be replaced with their UTF-8 encodings if
the string happened to be stored internally in an "upgraded" state (i.e.
with the UTF-8 flag on). (As noted below, strings passed to datasend()
should always be encoded first, and therefore not stored in such a state
anyway, but it is all too easy for perl to change this internal state
unless the encodeing is done at the very last minute before calling
datasend(), so it helps if datasend() plays more nicely in this case. In
particular, it was wrong of datasend() to treat upgraded and downgraded
strings differently when their contents were identical at the Perl level.)
This bugfix results in a breaking change to the case of a "text string"
with characters in U+0080..U+00FF stored internally in an upgraded state
since those characters are likewise no longer encoded to UTF-8 by
datasend(), but callers of datasend() should not have been relying on this
behaviour anyway: In general, datasend() has no idea what encoding is
required for output so callers should always encode the data to be output
to whatever encoding is required first. This has now been clarified in
the documentation.
Finally, a text string with characters >= U+0100 will now cause a "Wide
character in print" warning from datasend() since such characters cannot
be output as bytes and datasend() no longer encodes to UTF-8. In this
case, UTF-8 bytes will still be output as before since that happens to be
the internal representation of such characters, but the warning is new.
Callers should heed this warning and encode such strings to whatever
encoding is required before calling datasend(), as noted above.
[Ricardo Signes, CPAN RT#104433]
Chagelog:
Release 1.8.4 July 13th 2015
Release to ship a security release of openSSL. No source changes of the ownCloud Client code.
Release 1.8.3 June 23th 2015
Fix a bug in the Windows Installer that could crash explorer (#3320)
Reduce 'Connection closed' errors (#3318, #3313, #3298)
Ignores: Force a remote discovery after ignore list change (#3172)
Shibboleth: Avoid crash by letting the webview use its own QNAM (#3359)
System Ignores: Removed *.tmp from system ignore again. If a user wants to ignore *.tmp, it needs to be added to the user ignore list.
Release 1.8.2 (retracted) June 8th 2015
Improve reporting of server error messages (#3220)
Discovery: Ignore folders with any 503 (#3113)
Wizard: Show server error message if possible (#3220)
QNAM: Fix handling of mitm cert changes (#3283)
Win32: Installer translations added (#3277)
Win32: Allow concurrent OEM (un-)installers (#3272)
Win32: Make Setup/Update Mutex theme-unique (#3272)
HTTP: Add the branding name to the UserAgent string
ConnectonValidator: Always run with new credentials (#3266)
Recall Feature: Admins can trigger an upload of a file from client to server again (#3246)
Propagator: Add 'Content-Length: 0' header to MKCOL request (#3256)
Switch on checksum verification through branding or config
Add ability for checksum verification of up and download
Fix opening external links for some labels (#3135)
AccountState: Run only a single validator, allow error message overriding (#3236, #3153)
SyncJournalDB: Minor fixes and simplificatons
SyncEngine: Force re-read of folder Etags for upgrades from 1.8.0 and 1.8.1
Propagator: Limit length of temporary file name (#2789)
ShareDialog: Password ui fixes (#3189)
Fix startup hang by removing QSettings lock file (#3175)
Wizard: Allow SSL cert dialog to show twice (#3168)
ProtocolWidget: Fix rename message (#3210)
Discovery: Test better, treat invalid hrefs as error (#3176)
Propagator: Overwrite local data only if unchanged (#3156)
ShareDialog: Improve error reporting for share API fails
OSX Updater: Only allow updates only if in /Applications (#2931)
Wizard: Fix lock icon (#1447)
Fix compilation with GCC 5
Treat any 503 error as temporary (#3113)
Work around for the Qt PUT corruption bug (#2425)
OSX Shell integration: Optimizations
Windows Shell integration: Optimizations
Upstream says that it "can not" work with perl 5.22 and has even
forked perl as "stableperl" to allow his package to work instead
of fixing it differently.
See http://blog.schmorp.de/2015-06-06-stableperl-faq.html
Ok bsiegert@
0.10.3
======
- Fix potential crash if gupnp_dlna_value_list_new failed.
- Fix hang if no meta-data back-end is available.
- Remove use of gnome-common, add compiler warnings and fix const
correctness.
- Fix memory leak in gst-audio-information.
- Fix unit tests for new automake
- Make it possible to override the DLNA profile dir using
GUPNP_DLNA_PROFILE_DIR environment variable
- Fix discoverer testsuite to run completely uninstalled.
- Fix gupnp-dlna-info -a to be stuck if profile guesser does not work.
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=704096
- https://bugzilla.gnome.org/show_bug.cgi?id=707909
- https://bugzilla.gnome.org/show_bug.cgi?id=750929
- https://bugzilla.gnome.org/show_bug.cgi?id=751295
- https://bugzilla.gnome.org/show_bug.cgi?id=751634
All contributors to this release:
- Jens Georg <mail@jensge.org>
- Philip Withnall <philip@tecnocode.co.uk>
- Mark Ryan <mark.d.ryan@intel.com>
- Ludovic Ferrandis <ludovic.ferrandis@intel.com>
--- 9.10.2-P3 released ---
4165. [security] A failure to reset a value to NULL in tkey.c could
result in an assertion failure. (CVE-2015-5477)
[RT #40046]
--- 9.9.7-P2 released ---
4165. [security] A failure to reset a value to NULL in tkey.c could
result in an assertion failure. (CVE-2015-5477)
[RT #40046]
2015-07-12 Keith Winstein <mosh-devel@mit.edu>
* Version 1.2.5 released.
* New features:
* Bind to a specific IP address with --bind-server. (Philipp
Haselwarter)
* MOSH_ESCAPE_KEY configures escape character. (Timo
J. Rinne)
* Support non-roaming IPv6. (Anders Kaseorg)
* Implement XTerm mouse mode. (Barosl LEE, Andrew Chin,
Louis Kruger)
* Report Git revision along with version if available.
(John Hood)
* Platform support:
* Add pselect() emulation. (Jérémie Courrèges-Anglas)
* OpenBSD, OS X: Fix be64toh-related issues. (Jérémie
Courrèges-Anglas)
* ARM Neon: fix gcc4.8 compiling problem(Pasi Sjöholm)
* NaCl: Conditionally rename main to mosh_main. (Richard
Woodbury)
* FreeBSD: Token pasting, forkpty(), ARM fixes. (John Hood)
* AIX: Implement CTTY grabbing when TIOCSCTTY is missing
(Anton Lundin)
* OS X: Broaden build support to cover OS X 10.5 through
10.10. (John Hood)
* Debian: Improve bash-completion install and
functionality. (Suggested by Gabriel Filion, John Hood)
* Bug fixes:
* Automake/autoconf workarounds. (Anders Kaseorg)
* mosh-server: Allow startup without PTY. (Keith Winstein)
* network.cc: Properly close old fd on Socket assignment
operator. (Thanks to Igor Bukanov)
* mosh-server: Allow startup with zero-window-size PTY.
(Igor Bukanov)
* AddrInfo: Fix error message generation when node == NULL
(Anders Kaseorg)
* Timestamp: Prevent integer overflow on Darwin PPC 32-bit
(Anders Kaseorg)
* scripts/mosh: Fix hang when remote closes the connection
(Anders Kaseorg)
* Fix issues with parsing of 256-color SGR sequences.
(John Hood)
* Numerous code hygiene, Coverity, and Clang static analyzer
fixes. (Anders Kaseorg, Geoffrey Thomas, John Hood)
####################### V 1.7.3.0:
security:
(CVE Id pending)
Fixed problems with signal handling caused by use of not async signal
safe functions in signal handlers that could freeze socat, allowing
denial of service attacks.
Many changes in signal handling and the diagnostic messages system were
applied to make the code async signal safe but still provide detailled
logging from signal handlers:
Coded function vsnprintf_r() as async signal safe incomplete substitute
of libc vsnprintf()
Coded function snprinterr() to replace %m in strings with a system error
message
Instead of gettimeofday() use clock_gettime() when available
Pass Diagnostic messages from signal handler per unix socket to the main
program flow
Use sigaction() instead of signal() for better control
Turn off nested signal handler invocations
Thanks to Peter Lobsinger for reporting and explaining this issue.
Red Hat issue 1019975: add TLS host name checks
OpenSSL client checks if the server certificates names in
extensions/subjectAltName/DNS or in subject/commonName match the name
used to connect or the value of the openssl-commonname option.
Test: OPENSSL_CN_CLIENT_SECURITY
OpenSSL server checks if the client certificates names in
extensions/subjectAltNames/DNS or subject/commonName match the value of
the openssl-commonname option when it is used.
Test: OPENSSL_CN_SERVER_SECURITY
Red Hat issue 1019964: socat now uses the system certificate store with
OPENSSL when neither options cafile nor capath are used
Red Hat issue 1019972: needs to specify OpenSSL cipher suites
Default cipherlist is now "HIGH:-NULL:-PSK:-aNULL" instead of empty to
prevent downgrade attacks
new features:
OpenSSL addresses set couple of environment variables from values in
peer certificate, e.g.:
SOCAT_OPENSSL_X509_SUBJECT, SOCAT_OPENSSL_X509_ISSUER,
SOCAT_OPENSSL_X509_COMMONNAME,
SOCAT_OPENSSL_X509V3_SUBJECTALTNAME_DNS
Tests: ENV_OPENSSL_{CLIENT,SERVER}_X509_*
Added support for methods TLSv1, TLSv1.1, TLSv1.2, and DTLS1
Tests: OPENSSL_METHOD_*
Enabled OpenSSL server side use of ECDHE ciphers. Feature suggested
by Andrey Arapov.
Added a new option termios-rawer for ptys.
Thanks to Christian Vogelgsang for pointing me to this requirement
corrections:
Bind with ABSTRACT commands used non-abstract namespace (Linux).
Test: ABSTRACT_BIND
Thanks to Denis Shatov for reporting this bug.
Fixed return value of nestlex()
Option ignoreeof on the right address hung.
Test: IGNOREEOF_REV
Thanks to Franz Fasching for reporting this bug.
Address SYSTEM, when terminating, shut down its parent addresses,
e.g. an SSL connection which the parent assumed to still be active.
Test: SYSTEM_SHUTDOWN
Passive (listening or receiving) addresses with empty port field bound
to a random port instead of terminating with error.
Test: TCP4_NOPORT
configure with some combination of disable options produced config
files that failed to compile due to missing IPPROTO_TCP.
Thanks to Thierry Fournier for report and patch.
fixed a few minor bugs with OpenSSL in configure and with messages
Socat did not work in FIPS mode because 1024 instead of 512 bit DH prime
is required. Thanks to Zhigang Wang for reporting and sending a patch.
Christophe Leroy provided a patch that fixes memory leaks reported by
valgrind
Help for filan -L was bad, is now corrected to:
"follow symbolic links instead of showing their properties"
Address options fdin and fdout were silently ignored when not applicable
due to -u or -U option. Now these combinations are caught as errors.
Test: FDOUT_ERROR
Issue reported by Hendrik.
Added option termios-cfmakeraw that calls cfmakeraw() and is preferred
over option raw which is now obsolote. On SysV systems this call is
simulated by appropriate setting.
Thanks to Youfu Zhang for reporting issue with option raw.
porting:
Socat included <sys/poll.h> instead of POSIX <poll.h>
Thanks to John Spencer for reporting this issue.
Version 1.7.2.4 changed the check for gcc in configure.ac; this
broke cross compiling. The particular check gets reverted.
Thanks to Ross Burton and Danomi Manchego for reporting this issue.
Debian Bug#764251: Set the build timestamp to a deterministic time:
support external BUILD_DATE env var to allow to build reproducable
binaries
Joachim Fenkes provided an new adapted spec file.
Type bool and macros Min and Max are defined by socat which led to
compile errors when they were already provided by build framework.
Thanks to Liyu Liu for providing a patch.
David Arnstein contributed a patch for NetBSD 5.1 including stdbool.h
support and appropriate files in Config/
Lauri Tirkkonen contributed a patch regarding netinet/if_ether.h
on Illumos
Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
_POSIX_PTHREAD_SEMANTICS; and minor changes
Red Hat issue 1182005: socat 1.7.2.4 build failure missing
linux/errqueue.h
Socat failed to compile on on PPC due to new requirements for
including <linux/errqueue.h> and a weakness in the conditional code.
Thanks to Michel Normand for reporting this issue.
doc:
In the man page the PTY example was badly formatted. Thanks to
J.F.Sebastian for sending a patch.
Added missing CVE ids to security issues in CHANGES
testing:
Do not distribute testcert.conf with socat source but generate it
(and new testcert6.conf) during test.sh run.
####################### V 1.7.2.4:
corrections:
LISTEN based addresses applied some address options, e.g. so-keepalive,
to the listening file descriptor instead of the connected file
descriptor
Thanks to Ulises Alonso for reporting this bug
make failed after configure with non gcc compiler due to missing
include. Thanks to Horacio Mijail for reporting this problem
configure checked for --disable-rawsocket but printed
--disable-genericsocket in the help text. Thanks to Ben Gardiner for
reporting and patching this bug
In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
Probably no impact.
Thanks to David Binderman for reproting this issue.
procan could not cleanly format ulimit values longer than 16 decimal
digits. Thanks to Frank Dana for providing a patch that increases field
width to 24 digits.
OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
"Invalid argument"
Thanks to Emile den Tex for reporting this bug.
Changed some variable definitions to make gcc -O2 aliasing checker happy
Thanks to Ilya Gordeev for reporting these warnings
On big endian platforms with type long >32bit the range option applied a
bad base address. Thanks to hejia hejia for reporting and fixing this bug.
Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()
Red Hat issue 1022063: out-of-range shifts on net mask bits
Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()
Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
uses
Red Hat issue 1021958: fixed a bug with faulty buffer/data length
calculation in xio-ascii.c:_xiodump()
Red Hat issue 1021972: fixed a missing NUL termination in return string
of sysutils.c:sockaddr_info() for the AF_UNIX case
fixed some typos and minor issues, including:
Red Hat issue 1021967: formatting error in manual page
UNIX-LISTEN with fork option did not remove the socket file system entry
when exiting. Other file system based passive address types had similar
issues or failed to apply options umask, user e.a.
Thanks to Lorenzo Monti for pointing me to this issue
porting:
Red Hat issue 1020203: configure checks fail with some compilers.
Use case: clang
Performed changes for Fedora release 19
Adapted, improved test.sh script
Red Hat issue 1021429: getgroupent fails with large number of groups;
use getgrouplist() when available instead of sequence of calls to
getgrent()
Red Hat issue 1021948: snprintf API change;
Implemented xio_snprintf() function as wrapper that tries to emulate C99
behaviour on old glibc systems, and adapted all affected calls
appropriately
Mike Frysinger provided a patch that supports long long for time_t,
socklen_t and a few other libc types.
Artem Mygaiev extended Cedril Priscals Android build script with pty code
The check for fips.h required stddef.h
Thanks to Matt Hilt for reporting this issue and sending a patch
Check for linux/errqueue.h failed on some systems due to lack of
linux/types.h inclusion. Thanks to Michael Vastola for sending a patch.
autoconf now prefers configure.ac over configure.in
Thanks to Michael Vastola for sending a patch.
type of struct cmsghdr.cmsg is system dependend, determine it with
configure; some more print format corrections
docu:
libwrap always logs to syslog
added actual text version of GPLv2
It turns out that [^a]* matches all files not beginning with a on Darwin
and all files beginning with a on NetBSD. Work around this by crafting
a for loop with a case expression.
* Update MASTER_SITES.
Changelog:
Version 4.6.3 - 2015-06-17
* new mirror setting mirror:overwrite and options --overwrite/--no-overwrite.
* new mirror option --upload-older.
* new mirror option --recursion={always,never,missing,newer}.
* try to download zero sized files as they may be non-empty.
* torrent: new options --only-new, --only-incomplete.
* torrent: fixed endless loop in FD deallocation.
* fixed a memleak when parsing a directory listing with special files.
* fixed one byte buffer overflow in cls.
* fixed cmd:fail-exit description in the man page.
* fixed large stack usage when parsing fish directory listings.
Version 4.6.2 - 2015-04-16
* new command "edit" instead of the edit alias.
* new setting ssl:priority for disabling selected protocols.
* new settings fish:auto-confirm and sftp:auto-confirm.
* new setting file:use-lock to lock local files before accessing.
* ftp: fixed disconnecting on timeout (broken in 4.6.0).
* http: enclose ipv6 address in brackets in URLs and Host header.
* fixed mirror for http protocol with redirections.
* fixed `bookmark edit' to use correct XDG path if XDG is used.
* fixed a wildcard certificate validation vulnerability (CVE-2014-0139).
* fixed proxy authentication for CONNECT method.
* fixed exit code of `help' command.
* fixed sftp to show file names with slashes.
* fixed pget status display when all chunks are done except the first one.
* Ukrainian translation updated (Yuri Chornoivan).
* Russian translation updated.
Version 4.6.1 - 2014-12-29
* new mirror option --scan-all-first.
* mirror --Remove-source-files now removes files already present at the target.
* added a workaround for FUSE with HadoopFS I/O error during rename(2).
* fixed du to round file size up to block size.
* fixed compilation with libressl.
* fixed OPTS MLST, removed trailing semicolon.
* fixed put to sftp with special files (like /dev/stdin).
* fixed ftp to copy SID properly with GnuTLS (Tim Kosse).
* fixed mirror to follow redirections to files (Tomas Hozza).
Version 4.6.0 - 2014-10-13
* new torrent --share option.
* new setting mirror:require-source.
* new settings xfer:use-temp-file and xfer:temp-file-name.
* ftp: wait for QUIT reply before closing control socket.
Version 4.5.6 - 2014-10-13
* display valid IDN in URLs without percent encoding.
* ftp: shutdown SSL connection before closing control socket.
* ftp: avoid duplication of PROT command.
* fixed debug -o to append to the log file.
* fixed compilation without SSL.
* http: don't uncompress files ending with .gz, .Z or .tgz
* http: fixed inflation of some files.
* minor fixes in torrent protocol.
Version 4.5.5 - 2014-09-04
* added support for internationalized domain names.
* added lftp --norc option.
* added mirror "Finished" message.
* added ftp:catch-size setting.
* fixed net:max-retries setting.
* fixed byte counters in mirror status.
* fixed a segfault in ftps.
* fixed a spurious error message in fxp and ftp.
Version 4.5.4 - 2014-08-07
* new setting mirror:sort-by (name, size, date).
* torrent: reduced cpu and memory usage.
* fixed occasional "BUG:deadlock" message.
* fixed a segfault when a directory contains duplicate file names.
* fixed a memory leak in torrent.
* fixed byte counters in mirror --depth-first.
* fixed timeout checks in FISH.
* translations updated (pl).
Version 4.5.3 - 2014-07-06
* new setting ftp:site.
* don't uncompress http body when Contrent-Type is compressed.
* check source address of DHT replies.
* discard disconnected torrent peers only after a timeout.
Version 4.5.2 - 2014-06-11
* fixed a coredump on startup when compiled with certain gcc versions.
* mkdir -q option for quiet operation.
* glob --exist and --not-exist options.
* improved torrent status, show piece availability statistics.
* remove unconnectable torrent peers on trackerless torrents.
Version 4.5.1 - 2014-06-02
* show piece availabilty in torrent status.
* fixed a coredump in ftp when data connection fails.
* fixed default values of some settings.
* fixed http redirection handling.
* fixed compilation with gcc-4.8.3.
Version 4.5.0 - 2014-05-23
* optimized cpu usage for 10Gb/s transfers by using better data structures
and algorithms.
* new open option --env-password to take password from LFTP_PASSWORD
environment variable.
* new `exit parent' subcommand.
* new settings http:accept-encoding, http:decode.
* new setting xfer:max-log-size to limit transfer log size.
* show last disconnect cause for a few seconds in the session status.
* improved mirror status to display real-time aggregated byte count and rate.
* save torrent matadata on disk and load if available when needed.
* improved torrent DHT search.
* fixed exit behavior to flush buffered commands.
* fixed transfer rate reporting for mirror --parallel.
Version 4.4.16 - 2014-05-07
* fixed mirror --loop to re-check base directory contents.
* fixed sftp and fish authentication by password with FreeBSD server.
* fixed directory index parsing for some http servers.
* fixed find command output to avoid extra slash for plain files.
* fixed several bugs which could cause segfault.
Version 4.4.15 - 2014-01-21
* new setting pget:min-chunk-size.
* improved DHT search by preferring responded nodes.
* allow UTC timezone in http timestamps.
* fixed WebDAV rmdir operation.
* fixed torrent hang on shutdown when a tracker is unresposive.
* fixed adding too many slashes to URLs in http.
Version 4.4.14 - 2013-12-13
* fixed HEAD/PROPFIND handling in http.
* a minor memory leak fixed.
Version 4.4.13 - 2013-11-26
* fixed a bug in file size checking code.
Version 4.4.12 - 2013-11-26
* new option -l (--ls) for find command.
* improve workaround for single NL replies from an FTP server.
* Ukrainian translation updated (Yuri Chornoivan).
* fixed spinning in "get" when no remote session is open.
* don't pre-fetch file information in "get" when not needed.
* fixed handling of 400/501 http codes for PROPFIND to switch to HEAD.
* fixed a crash after cls.
* added file size decrease checking.
* used a newer libtool for ppc64le platform.
Version 4.4.11 - 2013-11-11
* fixed a slow down in mirror from http (thanks to OGAWA Hirofumi).
* fixed a coredump in sftp when accessing an inexistent file.
Version 4.4.10 - 2013-10-11
* mirror new option --file/-f to mirror a single file.
* mirror new option -O for get/put similarity.
* WebDAV fixes and improvements.
* new setting ftp:use-utf8 to disable utf-8 activation.
* fixed handling of incorrect encoding of file names.
* fixed compilation without libiconv.
* fixed occasional hang in mirror.
* kill ssh when terminating fish or sftp connection.
Version 4.4.9 - 2013-08-23
* implemented support for mirror -L in sftp.
* pass all 3 std file descriptors when attaching to lftp instance.
* ftp: added a workaround for incorrectly formatted multiline replies.
* sftp: added a workaround for RouterOS v6.
* fixed mirror --no-empty-dirs to skip directories with no included files.
* fixed segfault when there is no TERM environment variable.
* fixed torrent for meta-info files with % in their names.
* fixed compilation when IPV6_V6ONLY if not defined.
* fixed compilation with older zlib.
* fixed FD_CLOEXEC flag on cwd and transfer_log.
* fixed MLSD parsing for semicolons in file names.
* new translation: Ukrainian (thanks to Yuri Chornoivan).
* man page updated.
Version 4.4.8 - 2013-05-29
* add support for redirections in torrent metainfo fetching.
* add support for gzip Content-Encoding in http.
* fixed an endless loop in mirror from sftp.
Version 4.4.7 - 2013-05-23
* translations update (pl, cs).
* fixed "get -c" looping in some cases.
* fixed translations encoding (pl, it, es, pt_BR).
* fixed occasional file corruption and garbage logging in Fish protocol.
TigerVNC 1.5.0 - Lots of changes have been made since
the last release, but the highlights are:
- IPv6 support in the servers
- You can now have two passwords, one for full access and one for
"view only".
- syslog support in Xvnc
- GnuTLS priority configuration
- Performance fixes
- You can now easily start more clients on OS X
- More translations
TigerVNC 1.4.3 - This release addresses the following issues:
- Upstream patches applied to the underlying Xorg code base to
mitigate CVE-2015-0255.
- Fixes for performance regressions introduced in 1.4.0.
- Character encoding of clipboard text send by Java viewer now
strictly adheres to the RFB specification.
TigerVNC 1.4.1 - This is release is in response to the recent Xorg
Security Advisory. There are no known vulnerabilities in TigerVNC itself
related to this advisory, however some of the changes to the Xorg
codebase were not compatible with TigerVNC.
TigerVNC 1.4.0 - Lots of changes have been made since
the last release, but the highlights are:
- Colour map (aka indexed, palette) mode is largely removed. TigerVNC
is still compatible with other VNC implementations, but you can no
longer run Xvnc in colour map mode.
- Improvements to the keyboard handling both on the server and client
- Support for newer Xorg versions in the server build
- x0vncserver now supports XDamage for instant updates, making it
slightly less useless
- WinVNC now works in service mode on newer Windows versions
- Better full screen mode for the Java client on OS X
- man pages should now be up to date
- Improved TLS implementation in the Java client
- Lots and lots of cleanups and bug fixes
Tinc now forces glibc to reload /etc/resolv.conf for every hostname lookup.
Fixed —logfile without a filename on Windows.
Ensure tinc can be compiled when using musl libc.
Changes in version 0.2.6.10 - 2015-07-12
Tor version 0.2.6.10 fixes some significant stability and hidden
service client bugs, bulletproofs the cryptography init process, and
fixes a bug when using the sandbox code with some older versions of
Linux. Everyone running an older version, especially an older version
of 0.2.6, should upgrade.
o Major bugfixes (hidden service clients, stability):
- Stop refusing to store updated hidden service descriptors on a
client. This reverts commit 9407040c59218 (which indeed fixed bug
14219, but introduced a major hidden service reachability
regression detailed in bug 16381). This is a temporary fix since
we can live with the minor issue in bug 14219 (it just results in
some load on the network) but the regression of 16381 is too much
of a setback. First-round fix for bug 16381; bugfix
on 0.2.6.3-alpha.
o Major bugfixes (stability):
- Stop crashing with an assertion failure when parsing certain kinds
of malformed or truncated microdescriptors. Fixes bug 16400;
bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch
by "cypherpunks_backup".
- Stop random client-side assertion failures that could occur when
connecting to a busy hidden service, or connecting to a hidden
service while a NEWNYM is in progress. Fixes bug 16013; bugfix
on 0.1.0.1-rc.
o Minor features (geoip):
- Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
- Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
o Minor bugfixes (crypto error-handling):
- Check for failures from crypto_early_init, and refuse to continue.
A previous typo meant that we could keep going with an
uninitialized crypto library, and would have OpenSSL initialize
its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
when implementing ticket 4900. Patch by "teor".
o Minor bugfixes (Linux seccomp2 sandbox):
- Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
these when eventfd2() support is missing. Fixes bug 16363; bugfix
on 0.2.6.3-alpha. Patch from "teor".
Features:
- [bugzilla: 644 ] harden-algo-downgrade option, if turned off,
fixes the reported excessive validation failure when multiple
algorithms are present. If set to 'no', it allows the weakest
algorithm to validate the zone.
- stats reports tcp usage, of incoming-num-tcp buffers.
- contrib/unbound_smf22.tar.gz: Solaris SMF installation/removal
scripts.
- Add ip-transparent config option for bind to non-local addresses.
- Synthesize ANY responses from cache. Does not search exhaustively,
but MX,A,AAAA,SOA,NS also CNAME.
- unbound-control list_insecure command shows the negative trust
anchors currently configured.
- ratelimit feature, ratelimit: 1000, can be used to turn it on. It
ratelimits recursion effort per zone. For particular names you can
configure exceptions in unbound.conf.
- Ratelimit does not apply to prefetched queries, and
ratelimit-factor is default 10. Repeated normal queries get resolved
and with prefetch stay in the cache.
- unbound-control ratelimit_list lists high rate domains.
- caps-whitelist in unbound.conf allows whitelist of loadbalancers
that cannot work with caps-for-id or its fallback.
- RFC 7553 RR type URI support, is now enabled by default.
- cache-max-negative-ttl config option, default 3600.
- Add local-zone type inform_deny, that logs query and drops answer.
Bug Fixes:
- Unbound exits with a fatal error when the auto-trust-anchor-file
fails to be writable. This is seconds after startup. You can load a
readonly auto-trust-anchor-file with trust-anchor-file. The file has
to be writable to notice the trust anchor change, without it, a trust
anchor change will be unnoticed and the system will then become
inoperable.
- DLV is going to be decommissioned. Advice to stop using it, and
put text in the example configuration and man page to that effect.
- Patch from Brad Smith that syncs compat/getentropy_linux with
OpenBSD's version (2015-03-04).
- 0x20 fallback improved: servfail responses do not count as missing
comparisons (except if all responses are errors), inability to find
nameservers does not fail equality comparisons, many nameservers does
not try to compare more than max-sent-count, parse failures start 0x20
fallback procedure.
- store caps_response with best response in case downgrade response
happens to be the last one.
- Document that incoming-num-tcp increase is good for large servers.
- Fix lintian warning in unbound-checkconf man page.
- Updated default keylength in unbound-control-setup to 3k.
- Fixup compile on cygwin, more portable openssl thread id.
- Use reallocarray for integer overflow protection.
- Fixed to add integer overflow checks on allocation (defense in depth).
- Fix segfault on user not found at startup.
- [bugzilla: 657 ] Fix that libunbound(3) recommends deprecated
CRYPTO_set_id_callback.
- If unknown trust anchor algorithm, and libressl is used, error
message encourages upgrade of the libressl package.
- rename ldns subdirectory to sldns to avoid name collision.
- [bugzilla: 660 ] Fix interface-automatic broken in the presence of
asymmetric routing.
- Libunbound skips dos-line-endings from etc/hosts.
- Fix crash in dnstap: Do not try to log TCP responses after timeout.
- Fix that get_option for cache-sizes does not print double newline.
- [bugzilla: 663 ] Fix that ssl handshake fails when using unix
socket because dh size is too small.
- [bugzilla: 664 ] libunbound python3 related fixes (from Tomas
Hozza); Use print_function also for Python2. libunbound examples:
produce sorted output. libunbound-Python: libldns is not used anymore.
Fix issue with Python 3 mapping of FILE* using file_py3.i from ldns.
- Fix leaked dns64prefix configuration string.
- Removed contrib/unbound_unixsock.diff, because it has been
integrated, use control-interface: /path in unbound.conf.
- Change syntax of particular validator error to be easier for
machine parse, swap rrset and ip adres info so it looks like:
validation failure <www.example.nl. TXT IN>: signature crypto failed
from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN>
- Fix that unparseable error responses are ratelimited.
- SOA negative TTL is capped at minimumttl in its rdata section.
- [bugzilla: 674 ] Do not free pointers given by getenv.
- [bugzilla: 677 ] Fix CNAME corresponding to a DNAME was checked
incorrectly and was therefore always synthesized.
And fix DNAME responses from cache that failed internal chain test.
- iana portlist update.
Fix build on SunOS.
Version 2.73
Fix crash at startup when an empty suffix is supplied to
--conf-dir, also trivial memory leak. Thanks to
Tomas Hozza for spotting this.
Remove floor of 4096 on advertised EDNS0 packet size when
DNSSEC in use, the original rationale for this has long gone.
Thanks to Anders Kaseorg for spotting this.
Use inotify for checking on updates to /etc/resolv.conf and
friends under Linux. This fixes race conditions when the files are
updated rapidly and saves CPU by noy polling. To build
a binary that runs on old Linux kernels without inotify,
use make COPTS=-DNO_INOTIFY
Fix breakage of --domain=<domain>,<subnet>,local - only reverse
queries were intercepted. THis appears to have been broken
since 2.69. Thanks to Josh Stone for finding the bug.
Eliminate IPv6 privacy addresses and deprecated addresses from
the answers given by --interface-name. Note that reverse queries
(ie looking for names, given addresses) are not affected.
Thanks to Michael Gorbach for the suggestion.
Fix crash in DNSSEC code with long RRs. Thanks to Marco Davids
for the bug report.
Add --ignore-address option. Ignore replies to A-record
queries which include the specified address. No error is
generated, dnsmasq simply continues to listen for another
reply. This is useful to defeat blocking strategies which
rely on quickly supplying a forged answer to a DNS
request for certain domains, before the correct answer can
arrive. Thanks to Glen Huang for the patch.
Revisit the part of DNSSEC validation which determines if an
unsigned answer is legit, or is in some part of the DNS
tree which should be signed. Dnsmasq now works from the
DNS root downward looking for the limit of signed
delegations, rather than working bottom up. This is
both more correct, and less likely to trip over broken
nameservers in the unsigned parts of the DNS tree
which don't respond well to DNSSEC queries.
Add --log-queries=extra option, which makes logs easier
to search automatically.
Add --min-cache-ttl option. I've resisted this for a long
time, on the grounds that disbelieving TTLs is never a
good idea, but I've been persuaded that there are
sometimes reasons to do it. (Step forward, GFW).
To avoid misuse, there's a hard limit on the TTL
floor of one hour. Thansk to RinSatsuki for the patch.
Cope with multiple interfaces with the same link-local
address. (IPv6 addresses are scoped, so this is allowed.)
Thanks to Cory Benfield for help with this.
Add --dhcp-hostsdir. This allows addition of new host
configurations to a running dnsmasq instance much more
cheaply than having dnsmasq re-read all its existing
configuration each time.
Don't reply to DHCPv6 SOLICIT messages if we're not
configured to do stateful DHCPv6. Thanks to Win King Wan
for the patch.
Fix broken DNSSEC validation of ECDSA signatures.
Add --dnssec-timestamp option, which provides an automatic
way to detect when the system time becomes valid after
boot on systems without an RTC, whilst allowing DNS
queries before the clock is valid so that NTP can run.
Thanks to Kevin Darbyshire-Bryant for developing this idea.
Add --tftp-no-fail option. Thanks to Stefan Tomanek for
the patch.
Fix crash caused by looking up servers.bind, CHAOS text
record, when more than about five --servers= lines are
in the dnsmasq config. This causes memory corruption
which causes a crash later. Thanks to Matt Coddington for
sterling work chasing this down.
Fix crash on receipt of certain malformed DNS requests.
Thanks to Nick Sampanis for spotting the problem.
Note that this is could allow the dnsmasq process's
memory to be read by an attacker under certain
circumstances, so it has a CVE, CVE-2015-3294
Fix crash in authoritative DNS code, if a .arpa zone
is declared as authoritative, and then a PTR query which
is not to be treated as authoritative arrived. Normally,
directly declaring .arpa zone as authoritative is not
done, so this crash wouldn't be seen. Instead the
relevant .arpa zone should be specified as a subnet
in the auth-zone declaration. Thanks to Johnny S. Lee
for the bugreport and initial patch.
Fix authoritative DNS code to correctly reply to NS
and SOA queries for .arpa zones for which we are
declared authoritative by means of a subnet in auth-zone.
Previously we provided correct answers to PTR queries
in such zones (including NS and SOA) but not direct
NS and SOA queries. Thanks to Johnny S. Lee for
pointing out the problem.
Fix logging of DHCPREPLY which should be suppressed
by quiet-dhcp6. Thanks to J. Pablo Abonia for
spotting the problem.
Try and handle net connections with broken fragmentation
that lose large UDP packets. If a server times out,
reduce the maximum UDP packet size field in the EDNS0
header to 1280 bytes. If it then answers, make that
change permanent.
Check IPv4-mapped IPv6 addresses when --stop-rebind
is active. Thanks to Jordan Milne for spotting this.
Allow DHCPv4 options T1 and T2 to be set using --dhcp-option.
Thanks to Kevin Benton for patches and work on this.
Fix code for DHCPCONFIRM DHCPv6 messages to confirm addresses
in the correct subnet, even of not in dynamic address
allocation range. Thanks to Steve Hirsch for spotting
the problem.
Add AddDhcpLease and DeleteDhcpLease DBus methods. Thanks
to Nicolas Cavallari for the patch.
Allow configuration of router advertisements without the
"on-link" bit set. Thanks to Neil Jerram for the patch.
Extend --bridge-interface to DHCPv6 and router
advertisements. Thanks to Neil Jerram for the patch.
libnice 0.1.13 (2015-04-28)
===========================
Fix build on non-Windows platforms that don't have getifaddrs()
Fix build regression on Windows
libnice 0.1.12 (2015-04-22)
===========================
Fix regression in SDP parser
Make examples work on Windows
Bug fixes on nicesrc
libnice 0.1.11 (2015-04-20)
===========================
API: nice_agent_set_local_credentials() for WebRTC
Nicesink: support GstBufferList
Better warnings on programming errors
Build fixes for Solaris and Windows
Bug and documentation fixes
Pkgsrc changes:
* adapt one patch to changes upstream.
* adapt PLIST to newly installed files.
* rename and adapt patch to Makefile.in.
Upstream changes:
1.3.5a - Released 27-May-2015
--------------------------------
- Bug 4055 - "error setting listen fd IPV6_TCLASS: Protocol not available" log
message.
- Bug 3944 - Session closed if active data transfer fails due to "Address
already in use" error.
- Bug 4068 - MaxClients directive doesn't work for <Anonymous> sessions.
- Bug 4069 - NLST -a shows / directory instead of the current directory.
- Bug 4063 - Unable to create directory on NFS/CIFS partition: Permission
denied.
- Bug 4073 - Polycom VOIP phones unable to use FTPS data transfers.
- Bug 4077 - ShaperLog not closed/reopened on SIGHUP, causing log rotation
problems.
- Bug 4079 - Invalid response encoding for SFTP space-available request.
- Bug 4083 - Using SQLDefaultHomedir with null home results in "No such user".
- Bug 4087 - mod_sftp does not handle "MaxLoginAttempts none" properly.
- Bug 4089 - mod_sftp does not allow multiple attempts using a given
authentication method.
- Bug 4090 - mod_wrap2_file does not support IPv6 addresses properly.
- Bug 4091 - Log "Operation not permitted" privs errors at NOTICE rather than
ERROR.
- Bug 4094 - Available space on file system using %f displays wrong value.
- Bug 4108 - SSL handshakes for data connections sometimes stall for 3-30
seconds.
- Bug 4109 - setsockopt() call for IPV6_TCLASS should use IPPROTO_IPV6.
- Bug 4112 - Failure to connect using mod_sftp sometimes due to too-small
buffers.
- Bug 4114 - mod_tls should not support SSLv3 by default.
- Bug 4116 - Report exact SSL/TLS protocol version used in client connections.
- Bug 4124 - DeleteAbortedStores defaults to "on" for all transfers, not just
HiddenStores.
- Bug 4129 - mod_sql caches incorrect UID/GID when name cannot be retrieved.
- Bug 4131 - mod_sftp's autoconf script does not detect OpenSSL SHA2 support.
- Bug 4133 - LDAPUsers directive does not honor uid-number-filter-template
parameter.
- Bug 4137 - GeoIPDenyFilter incorrectly takes precedence over GeoIPAllowFilter.
- Bug 4140 - SFTP READLINK requests to symlinks to directories fail.
- Bug 4143 - HTTPS/FTPS protocol confusion leads to XSS.
- Bug 4145 - Segfault if AuthUserFile is a relative symlink.
- Bug 4152 - Reduce logging of non-fatal "unable to open incoming connection"
errors.
- Bug 4155 - SSH keys with too-long Comment headers aren't recognized by
mod_sftp_sql.
- Bug 4156 - Segfault handling LIST/NLST FTP command on Mac OS X.
- Bug 4160 - Malformed response to SSH_FXP_REALPATH with SFTP version 6.
- Bug 4169 - Unauthenticated copying of files via SITE CPFR/CPTO allowed by
mod_copy.
- Bug 4178 - TLS session reuse requirement for data connections not properly
enforced.
1.3.5 - Released 15-May-2014
--------------------------------
- Bug 4018 - Implement checks for sensitive directories when chrooted.
- Bug 4022 - "Directory not empty" error when creating directory is misleading.
- Bug 4025 - <IfClass> sections do not work for multiple SQLLog directives.
- Bug 4029 - TLSOptions EnableDiags logs "unknown version (771)" for
TLS 1.1/1.2 connections.
- Bug 3938 - mod_wrap2 uses reverse DNS regardless "UseReverseDNS off".
- Bug 4032 - Restarting proftpd with mod_sftp fails due to permissions on
SFTPHostKey file.
- Bug 4033 - mod_sftp fails to create SSH2 session using 'none' cipher.
- Bug 4034 - SSH publickey authentication fails with "MaxLoginAttempts 1".
- Bug 4024 - TLS 1.1/1.2 configurable, but not properly implemented.
- Bug 4046 - ALLO command failed because of bad size check.
- Bug 4048 - Race condition in mod_ban can lead to segfault of all new
connections.
- Bug 4049 - mod_exec should include supplemental groups when running commands
as logged-in user.
- Bug 4042 - MIC command between RNFR and RNTO should not be rejected.
- Bug 4044 - mod_facl prevents a normal SIGHUP reload.
- Bug 4052 - Enhance SQLPasswordPBKDF2 to support per-user query for settings.
1.3.5rc4 - Released 28-Jan-2014
--------------------------------
- Bug 3945 - Spurious log messages at session close.
- Bug 3946 - Null pointer dereference causes segfault when logging
%{transfer-status}, %{transfer-failure} LogFormat variables on EXIT.
- Bug 3947 - LogFormat %f variable not resolved properly for SFTP renames.
- Bug 3950 - LogFormat %d/%D variables not resolved properly for directory
listings.
- Bug 3949 - RNFR/RNTO not logged as expected for SFTP EXTENDED
posix-rename@openssh.com requests.
- Bug 3948 - Support FTP response codes in ExtendedLog for SFTP data transfers.
- Bug 3858 - mod_delay allows too-large values, leading to client hang on
authentication.
- Bug 3951 - Null pointer dereference for mod_ldap logins when
LDAPDefaultAuthScheme not configured.
- Bug 3954 - scp downloads result in segfault.
- Bug 3957 - ProFTPD configuration with thousands of <Directory>/<Limit>
sections leads to slow logins.
- Bug 3959 - mod_sftp does not honor <Directory>/<Limit> sections when symlinks
are involved.
- Bug 3958 - Directory creation does not honor single-parameter Umask setting.
- Bug 3960 - Support the CAP_FSETID Linux capability, for preserving directory
SGID bit.
- Bug 3962 - Directory creation fails (chmod(2) EPERM) when root privs are used
in some cases.
- Bug 3955 - Support secure FXP (site-to-site) transfers using SSCN.
- Bug 3966 - LogFormat %f variable not resolved for some commands.
- Bug 3971 - Support SQLOption for ignoring client library config files when
needed.
- Bug 3972 - Authentication error on Cygwin due to bad code.
- Bug 3973 - mod_sftp can be forced to allocate too much memory for
keyboard-interactive authentication.
- Bug 3974 - PathDenyFilter directive does not work as expected for SFTP
sessions.
- Bug 3963 - Improve permission setting when creating directories.
- Bug 3975 - Error printed to stderr when loading GeoIP Lite country database
using IndexCache flag.
- Bug 3976 - ProFTPD terminating (signal 11) crash for GeoLiteCity-20130903
database lookup.
- Bug 3964 - Support running ExecOnEvent actions with logged-in user's
permissions.
- Bug 3979 - mod_sql_odbc compiler warnings on 64-bit systems using unixODBC.
- Bug 3952 - Make PersistentPasswd default to 'off'.
- Bug 3981 - Null pointer dereference in mod_exec with ExecOption useStdin.
- Bug 3982 - Normalize log messages and levels.
- Bug 3888 - Add LDAPLog directive to mod_ldap.
- Bug 3982 - Normalize log messages and levels.
- Bug 3986 - Support filesystems which do not support chmod(2)/chown(2),
e.g. FAT/ExFAT.
- Bug 3991 - SSL session caching modules use incorrect OpenSSL cache mode flags,
breaking session caching.
- Bug 3987 - LogFormat variable for just the filename.
- Bug 3965 - Timeout directives have inconsistent maximum values.
- Bug 3998 - Support IgnoreSCPUploadTimes SFTPOption.
- Bug 3995 - ftpasswd utility should prevent concurrent modification of files.
- Bug 3994 - ftpasswd utility should support --lock/--unlock options.
- Bug 3970 - ProFTPD should not use fd 2 (stderr) for files.
- Bug 3772 - Support Elliptic Curve Cryptography (ECC) certs for
FTPS connections.
- Bug 3992 - RSA signature issue when connecting using PuTTY/WinSCP.
- Bug 3996 - Handling ALLO command can result in wrong response when chrooted.
- Bug 3876 - ExecOnEvent should be configurable per <VirtualHost>/<Global>.
- Bug 4001 - mod_sftp fails key exchange for 8192-bit DH group.
- Bug 4002 - Add 7680-bit DH parameter to mod_sftp bundled dhparams.pem file.
A 3072-bit DH group was also added.
- Bug 4004 - IgnoreSCPUploadPerms SFTPOption not honored properly for SCP
directory upload.
- Bug 4006 - RADIUS "service-type" attribute encoded with wrong length on
64-bit system.
- Bug 4011 - NLST ../ shows current directory contents rather than parent
directory.
- Bug 4013 - SCP upload of shorter file does not completely overwrite existing
file of same name.
- Bug 4014 - CommandBufferSize should override PR_DEFAULT_CMD_BUFSZ.
1.3.5rc3 - Released 14-Jun-2013
--------------------------------
- Bug 3910 - Clang's scan-build warns on set[u][g]id unchecked return value.
- Bug 3914 - 1.3.5rc2 fails to build on Solaris 10.
- Bug 3917 - Make DeleteAbortedStores on by default when HiddenStores enabled.
- Bug 3918 - mod_sftp segfault after SIGHUP when evaluating client banner.
- Bug 3864 - Support SQL query to lookup/use primary key for logged-in
user/group.
- Bug 3920 - Support umac-64@openssh.com digest for mod_sftp.
- Bug 3921 - Single failed keyboard-interactive login attempt causes SSH
connection to close prematurely.
- Bug 3923 - mod_cap does not revoke root privileges properly for SFTP
connections.
- Bug 3926 - Support OpenSSH fsync SFTP extension.
- Bug 3925 - SFTP directory listings are sensitive to locale environment
variables.
- Bug 3924 - HideFiles does not filter symlinks.
- Bug 3929 - pam_session_close() requires root privs on some platforms.
- Bug 3932 - SQLAuthType Backend returns "password mismatch" for MySQL
PASSWORD().
- Bug 3934 - HideUser/HideGroup do not work as expected for virtual users.
- Bug 3935 - scp download of nonexistent file results in client hang.
- Bug 3927 - Default ControlsSocket created despite custom ControlsSocket path.
- Bug 3937 - Segfault when retrieving SSH public key from LDAP directory.
- Added new mod_snmp contrib module.
- Bug 3939 - Disable Controls for "ServerType inetd" servers.
- Bug 3942 - mod_sftp_sql should support multiple keys concatenated together
in a single column.
- Bug 3943 - Support for PBKDF2 passwords in mod_sql_passwd.
- Bug 3941 - RLimitProcesses causes problems with setuid/setreuid.
1.3.5rc2 - Released 06-Mar-2013
--------------------------------
- Bug 3859 - MLSD fails to show symlinks when ShowSymlinks is not configured.
- Bug 3860 - Add a default deny option for mod_geoip.
- Bug 3862 - Support for FTPS-specific MasqueradeAddress functionality. A
new TLSMasqueradeAddress directive has been added to mod_tls.
- Bug 3863 - mod_sftp does not handle MaxLoginAttempts properly.
- Bug 3865 - BanEngine not set in "server config" results in "mod_ban not
enabled" ftpdctl error.
- Bug 3866 - Issuing invalid 'ftpdctl ban' request causes segfault.
- Bug 3867 - ftpasswd fails with "Permission denied" when adding subsequent
passwd/group entries.
- Bug 3868 - Only first DH param in TLSDHParamFile is used, regardless of
requested keylength.
- Bug 3870 - Handling of OPTS command can lead to crash.
- Bug 3779 - Generate new DH parameters for mod_tls and mod_sftp.
- Bug 3871 - REALPATH SFTP request not properly handled by <Limit DIRS>
configuration.
- Bug 3872 - Use HiddenStores directive to customise suffix.
- Bug 3873 - Provide FTP response code in ExtendedLog for failed SFTP REMOVE
request.
- Bug 3869 - Use longer SSL session cache expiration by default.
- Bug 3874 - Use of O_EXCL flag on HiddenStores files might break for NFS
filesystems.
- Bug 3878 - QuotaExcludeFilter not honored for uploads when 'hard' limits are
used.
- Bug 3879 - Allow additional columns in SQLNamedQuery queries used for quota
limits and tallies.
- Bug 3882 - DisplayLogin with an absolute path does not work properly within
an <IfGroup> section.
- Added new mod_log_forensic contrib module.
- Bug 3881 - <Directory> sections within <IfGroup> sections not applied as
expected.
- Bug 3884 - Configure script not detecting MySQL make_scrambled_password
functions.
- Bug 3887 - <Limit ALL> erroneously blocks the PROT command used for FTPS.
- Bug 3819 - Second and subsequent LIST of directory with many files is very
slow.
- Bug 3889 - Support millisecond timestamp LogFormat variable.
- Bug 3891 - Allow TLSProtocol directive in <VirtualHost> and <Global> sections.
- Bug 3753 - Support SFTP request names in <Limit> sections better.
- Bug 3892 - mod_auth_file should have strict permission checks of configured
files.
- Bug 3893 - Add SQLLogOnEvent directive, for performing SQL query on
configurable event.
- Bug 3894 - ftptop doesn't work with --enable-nls.
- Bug 3895 - Missing TransferLog entry under some out-of-space conditions.
- Bug 3897 - mod_sftp does not handle a REALPATH request properly for SFTP
protocol version 6.
- Bug 3896 - Warn when world-writable config files are used.
- Bug 3899 - Support authentication of users based on SSL/TLS client
certificate.
- Bug 3903 - With mod_log_forensic enabled, SSH connections fail randomly.
- Bug 3905 - Handle the Linux-specific PAM_RADIO_TYPE message properly.
- Bug 3709 - Support download-triggered emails in the ftpmail script.
- Bug 3904 - scp downloads using glob pattern sometimes fails.
- Bug 3900 - ProFTPD terminating (signal 11) on some sftp connections.
- Bug 3906 - Support ban rule for clients which perform SSL/TLS handshakes too
frequently.
1.3.5rc1 - Released 04-Jan-2013
--------------------------------
- Bug 3712 - mod_wrap2/mod_load build errors: missing config.h.
- Bug 3713 - mod_tls cannot be compiled using Openssl 0.9.6.
- Bug 3646 - Debug logging to stderr should include timestamps and PID.
- Bug 3714 - ftpwho/ftptop are not showing command arguments (e.g. downloaded
file name).
- Bug 3715 - MLSD/MLST fail when "DirFakeUser off" or "DirFakeGroup off" used.
- Bug 3717 - proftpd fails to run with "Abort trap" error message.
- Bug 3719 - LIST -R can loop endlessly if bad directory symlink exists.
- Bug 3720 - Various module logfile permissions are 0600 instead of 0640.
- Bug 3723 - mod_memcache segfault on server restart.
- Bug 3721 - mod_rewrite does not replace characters if there are more than
8 occurrences. To handle this situation, a new RewriteMaxReplace directive
has been added for configuring this limit.
- Bug 3724 - Unloading mod_quotatab causes segfault.
- Bug 3686 - Support SHA2 digests in mod_sftp. See the SFTPDigests directive
documentation for more information.
- Bug 3629 - Support <IfAuthenticated> conditional config section.
- Bug 3682 - Configure does not detect libiconv under Gentoo FreeBSD.
- Bug 3726 - mod_exec does not always capture stdout/stderr output from
executed command.
- Bug 3727 - mod_wrap2 causes unexpected LogFormat %u expansion for SFTP
connections.
- Bug 3729 - mod_ldap can segfault when LDAPUsers is used with no optional
filters.
- Bug 3728 - Build failure in wtmp.c on Gentoo/FreeBSD on sparc.
- Bug 3734 - DirFakeUser/DirFakeGroup off with name causes SIGSEGV for
MLSD/MLST commands.
- Bug 3739 - Allow for configurable SSH version identifiers in mod_sftp. The
SSH version identifier can now be configured for mod_sftp via the
ServerIdent directive.
- Bug 3718 - ftptop fails to build on OpenSUSE.
- Bug 3699 - ProFTPD crash on start up on Mac OSX Lion with NLS enabled.
- Bug 3744 - Support ls(1) -1 option for LIST command.
- Bug 3746 - Support applying ListOptions only to NLST or to LIST commands.
- Bug 3747 - Support option for displaying symlinks via MLSD using syntax
preferred by FileZilla. The new FactsOptions directive can be used for
this purpose.
- Bug 3745 - Reject PASV command if no IPv4 address available.
- Bug 3701 - Modify ScoreboardFile directive to support disabling scoreboarding.
- Bug 3742 - Improper handling of self-signed certificate in client-sent cert
list when "TLSVerifyClient on" is used.
- Bug 3749 - Compile of src/netacl.c fails on Tru64 UNIX (OSF/1) due to
conflict with system header.
- Bug 3743 - Random stalls/segfaults seen when transferring large files
via SFTP.
- Bug 3752 - proftpd process exit status is zero for "Failed binding to
address, port N: Address already in use" startup failure.
- Bug 3751 - mod_ban does not close/reopen the BanLog/BanTable file descriptors
on restart, causing a file descriptor leak.
- Bug 3707 - Add request/transfer ID to the logging of the initial and closing
commands for SFTP file transfers. This can now be accomplished using a
LogFormat variable of '%{note:sftp.file-handle}'.
- Bug 3757 - Support SFTPOption for ignoring requests to modify file ownership.
- Bug 3756 - mod_ctrls no longer listens on ControlsSocket after restart.
- Bug 3731 - Support active data transfers while RootRevoke is in effect.
- Bug 3737 - Allow UTF8 when UseEncoding is used.
- Bug 3573 - Support Elliptic Curve Cryptography (ECC) in SSH.
- Bug 3758 - ProFTPD crashes when handling mod_gss authentication due to null
pointer.
- Ability to load SSH host keys from an SSH agent, in addition to files on
disk. See doc/contrib/mod_sftp.html#SFTPHostKey for more information.
- Bug 3761 - SSH2 key exchange fails if client sends certain SSH message before
NEWKEYS.
- Bug 3763 - Ensure that mod_sftp operates properly when OpenSSL FIPS mode is
enabled.
- Bug 3764 - mod_sftp does not correctly handle a 'guess' KEX message when the
client guesses correctly.
- Bug 3765 - mod_sftp should honor the GroupOwner directive for MKDIR requests.
- Bug 3626 - Display variable %f off by a factor of 1024 on 64-bit platforms.
- Bug 3673 - Support date/timestamp variables in mod_rewrite.
- Bug 3754 - ProFTPD refuses to delete/rename a symlink pointing outside a
writable directory.
- Bug 3766 - Support a QuotaDefault directive, for configuring default limits.
- Bug 3767 - mod_rewrite segfault when handling SITE CHGRP without a parameter.
- Bug 3768 - ExecTimeout 0 (zero) not treated as infinite.
- Added new mod_geoip contrib module.
- Bug 3769 - Ensure that encoded strings are NUL-terminated.
- Bug 3732 - AIX build error: undefined symbol: .alloca.
- Bug 3782 - SQLShowInfo does not work properly for error responses.
- Bug 3780 - AIX gives "error setting listen fd IP_TOS: Invalid argument".
- Bug 3736 - Trying to re-authenticate an existing FTP connection causes invalid
503 response.
- Bug 3785 - Support resolution of tilde (~) within a chrooted session.
- Bug 3787 - Read-only SFTP OPEN request permissions not properly ignored.
- Bug 3740 - Overwrite permission denied when reloading multiple times and
multiple <VirtualHost> sections in proftpd.conf.
- Bug 3791 - Invalid handling of SCP control messages fragmented over multiple
SSH packets.
- Bug 3794 - Cygwin build failure in lib/tpl.c due to wrong include of mman.h.
- Bug 3795 - ProFTPD needs to use -pthread linker option if linking against
OpenSSL with thread support.
- Bug 3790 - Logfile timestamps change to GMT after MFMT command.
- Bug 3798 - Downloading nonexistent file via SCP results in timeout rather
than error.
- Bug 3800 - Multiple *Options directives should be handled properly.
- Bug 3801 - mod_tls should have directive like Apache mod_ssl's
SSLHonorCipherOrder. The mod_tls module now supports a
TLSServerCipherPreference directive.
- Bug 3804 - ioctl(RPROTDIS) code no longer needed on Solaris 11.
- Bug 3808 - Segfault in mod_tls when mod_tls_shmcache used.
- Bug 3809 - Segfaults in mod_radius when configured with RadiusGroupInfo.
- Bug 3811 - ExtendedLog entries not written if MaxClients limit reached.
- Bug 3814 - Support "configtest" command for contrib init.d script.
- Bug 3816 - Installation of ftpasswd does not honor DESTDIR environment
variable.
- Bug 3813 - Ability to use CreateHome to create parent directories as
non-root user, for better interoperability with NFS.
- Bug 3806 - Support reverse DNS resolution for IPv6 addresses when
gethostbyname2(3) is not available.
- Bug 3820 - Support device/interface names in <VirtualHost>, MasqueradeAddress,
and DefaultAddress.
- Bug 3822 - Resolving %U/%u LogFormat variables inconsistent between
mod_log/mod_sql in certain cases.
- Bug 3824 - Use RFC compliant address/port for data transfer if FTP client has
not sent PORT/PASV/EPRT/EPSV commands.
- Bug 3825 - Handle RFC 1918 IP addresses in PORT/EPRT commands.
- Bug 3827 - Use non-filesystem based SFTP handle generator instead of
mktemp(3).
- Bug 3828 - Certain sequences of FTP data transfer commands lead to NULL
pointer dereferences in mod_deflate.
- Bug 3830 - MFF/MFMT command segfaults due to insufficient parameter checks.
- Bug 3829 - RNFR without following RNTO can lead to NULL pointer dereference.
- Bug 3832 - Support disabling of system logging on per-connection basis.
- Bug 3792 - Recursive SCP uploads using preserve-time (-p) option may not work.
- Bug 3831 - Sporadic "451 Insufficient memory or file locked" failure when
downloading.
- Bug 3833 - Enable TCP keepalive by default, with configurable SocketOption.
- Bug 3837 - mod_tls unable to read certificate files after SIGHUP.
- Bug 3842 - Incorrect handling of REALPATH requests for symlink paths in
mod_sftp.
- Bug 3843 - ProFTPD should not fail when starting up due to loading same
module multiple times.
- Bug 3845 - mod_sftp does not provide response codes for %s LogFormat variable
for AUTH ExtendedLog.
- Bug 3846 - Avoid scanning ScoreboardFile needlessly on login if limits are
not configured.
- Bug 3850 - ftpasswd should support generating SHA-256, SHA-512 hashes where
possible.
- Bug 3851 - SFTPPassPhraseProvider fails due to incorrect pointer.
- Bug 3852 - Support directive for ignoring symlink DefaultRoot directories.
See the new AllowChrootSymlinks directive.
- Bug 3839 - Enhance mod_cap to support dropping root privs entirely.
- Bug 3841 - Possible symlink race when applying UserOwner to newly created
directory.
- Bug 3855 - Restarting proftpd may cause Include files not to be parsed.
BPALogin is a replacement for the Telstra supplied client for connecting
and using Telstra's Big Pond Advance powered by Cable.
There is an open bug against it, http://gnats.netbsd.org/24771, which
suggests that it has been obsolete for a long time.
{perl>=5.16.6,p5-ExtUtils-ParseXS>=3.15}:../../devel/p5-ExtUtils-ParseXS
since pkgsrc enforces the newest perl version anyway, so they
should always pick perl, but sometimes (pkg_add) don't due to the
design of the {,} syntax.
No effective change for the above reason.
Ok joerg
Solaris, so enable that; and if it works on NetBSD and Dragonfly with
a single "bsd" setting we can reasonably assume that it will work on
FreeBSD and OpenBSD (and MirBSD and Bitrig) with only minor
adjustments.
These probably won't all quite work out of the box yet, but that's
what bulk runs are for.
update the list from the package's own build system (taken from
common/Imakefile) - this adds FreeBSD, and also OSF1 and IRIX.
Probably porting this package requires nothing besides flogging imake.
underapproximation (doesn't match some of the newer variants) and
possibly an overapproxmation (matches "GNUkFreeBSD", which most likely
won't work)... write it out instead. Also, this way if we ever get
canned infrastructure support for this list, grep will find this case.
logic that decides whether to use -lcrypto. These need to stay the same
to avoid the possibility of getting a silent dependence on a (possibly
very old) builtin openssl. Of course, all it uses -lcrypto for is MD5,
but still...
PKGREVISION -> 1.
XXX: this probably shouldn't be using MD5 anyway :-/
particularly BSD-specific. It might not build on vintage SVR3 but we
probably don't care... and it will probably need minor patching on
Solaris and Linux but we can do that.
some docs, so it'll run anywhere there's a suitable JVM.
It seems that the ONLY_FOR_PLATFORM setting was originally inserted to
conservatively limit the package to platforms that had or where pkgsrc
could provide a JVM, and then both persisted after that was no longer
necessary and got cargo-culted elsewhere.
Gnome Online Accounts (GOA) provides a centralized service that
allows a set of online accounts to be configured for use with core
GNOME applications. In UX terms, GOA provides a static list of
online accounts that can be setup by users (through the Online
Accounts panel in System Settings). These accounts can then be used
by core GNOME applications.
While third party applications can access the accounts setup through
GOA, this is not its explicit goal, nor does GOA set out to enable
third party applications to add online accounts of their own. There
are several reasons for this:
* Third-party applications should be able to identify themselves
to online services for the purposes of branding and tracking.
* Third-party applications shouldn't be able to identify themselves
under a generic OS or distributor key - this would be misleading
as to what is actually accessing the account, and would prevent
there from being specific contracts of trust between users and
applications who access their data.
* It would prevent users from blocking specific applications from
accessing their account (should an application sandboxing framework
come into effect).
Overview of changes from libgdata 0.16.0 to libgdata 0.16.1
===========================================================
Major changes:
• Add a --disable-tests configure option to build without uhttpmock
• Remove downstream fix for ISO 8601 dates which was breaking Contacts
• Various fixes for the Google Tasks service
Bugs fixed:
• Bug 739395 — Add an option to build without uhttpmock
• Bug 737799 — Error while updating google address book
Overview of changes from libgdata 0.15.2 to libgdata 0.16.0
===========================================================
Major changes:
• Update date parsing to handle recent changes in Google’s servers
• Support ACLs with keys (e.g. for link-only sharing of documents)
• Add gzip encoding support for network packet compression
• Support for libsoup ≥ 2.47.3 (but the dependency has not been bumped)
• Basic test suite for the Google Tasks service
• Fix mutex warnings with new GLib versions
API changes:
• Add GDataAccessRule:key
• Add gdata_access_rule_get_key()
• Add GDATA_TASKS_STATUS_NEEDS_ACTION
• Add GDATA_TASKS_STATUS_COMPLETED
• Deprecate the ‘q’ parameter of gdata_tasks_query_new()
• Add GDATA_SERVICE_ERROR_API_QUOTA_EXCEEDED
Bugs fixed:
• Bug 732809 — evolution-3.12.3: cannot edit google contact due to invalid
format of timestamp
• Bug 734863 — Google contacts without email address block search/autocomplete
• Bug 690628 — <gAcl:withKey/> element Not Handled by libgdata
• Bug 703192 — The global log handler interferes with other application
• Bug 666623 — Add gzip encoding support
Overview of changes from libgdata 0.15.1 to libgdata 0.15.2
===========================================================
Major changes:
• Support PicasaWeb in the GOA authoriser (thanks to Saurav Agarwalla)
• Fix a data corruption bug in the downloads/uploads code
Bugs fixed:
• Bug 731269 — Wrong scope information in authorization domain
• Bug 731949 — Memory leak from gdata_parser_int64_to_iso8601()
• Bug 731946 — Removing a task result in error, but succeeds
• Bug 732890 — Refresh authoriser on receiving SOUP_STATUS_NOT_FOUND
Overview of changes from libgdata 0.15.0 to libgdata 0.15.1
===========================================================
Major changes:
• Add a Freebase service and demo (thanks to Carlos Garnacho)
• Various minor fixes to make libgdata compile without Coverity errors
API changes:
• Add GDATA_LINK_PARENT
• Add GDataFreebase*
Bugs fixed:
• Bug 707477 — Fill in GDataCategory::label for GDataDocumentsDocument
instances
• Bug 725827 — Define GDATA_LINK_PARENT
• Bug 726486 — Add support for the Freebase service
Overview of changes from libgdata 0.14.0 to libgdata 0.15.0
===========================================================
Major changes:
• Add JSON support and a Google Tasks service (thanks to Pēteris Krišjānis)
- This adds a dependency on json-glib ≥ 0.15 and breaks ABI (but not API)
• Add support for GProxyResolver proxies (thanks to Matthew Barnes)
• Fix build with recent gnome-common versions
• Fix build and installed header files for C++
• Remove deprecated function calls
• Fix compilation with -fstrict-aliasing
• Port local tests to use libuhttpmock (which is a new dependency)
API changes:
• Add gdata_parsable_new_from_json()
• Add gdata_parsable_get_json()
• Add GDataParsable->get_content_type
• Add GDataService:proxy-resolver, gdata_service_get_proxy_resolver(),
gdata_service_set_proxy_resolver()
• Add GDataClientLoginAuthorizer:proxy-resolver,
gdata_client_login_authorizer_get_proxy_resolver(),
gdata_client_login_authorizer_set_proxy_resolver()
• Add GDataOAuth1Authorizer:proxy-resolver,
gdata_oauth1_authorizer_get_proxy_resolver(),
gdata_oauth1_authorizer_set_proxy_resolver()
• Add Google Tasks service: GDataTasksService, GDataTasksQuery,
GDataTasksTasklist, GDataTasksTask
Bugs fixed:
• Bug 712565 — Fix compilation's warnings
• Bug 719647 — gdata-goa-authorizer.h broken for C++
Overview of changes from libgdata 0.13.3 to libgdata 0.13.4
===========================================================
Major changes:
• Fixes to request cancellation and progress notification
• Fix tests to be more reliable in the face of distributed system
non-synchronisation
• Add support for running tests offline using stored HTTP request traces
API changes:
• Added GDATA_YOUTUBE_SERVICE_ERROR_CHANNEL_REQUIRED
Bugs fixed:
• Bug 627895 — Pretty-print XML in test output
• Bug 703192 — The global log handler interferes with other application
• Bug 705266 — make check fails
Overview of changes from libgdata 0.13.2 to libgdata 0.13.3
===========================================================
Major changes:
• Fix dependencies in pkg-config file
• Add OAuth 2.0 support to the GOA authoriser
• Fix some licencing inconsistencies (libgdata is entirely licenced under
LGPLv2.1+)
• Add support for PDF documents in Google Documents
• Add in-tree Vala bindings (they were previously in Vala’s tree)
Bugs fixed:
• Bug 685464 — [PATCH] Package config file depends on too much
• Bug 685289 — GOA now uses OAuth 2.0 for Calendar, Contacts and Documents
• Bug 690281 — do not add unused gnome dependencies to libgdata.pc when
configured with --disable-gnome
• Bug 690225 — [patch] Make GOA optional
• Bug 690656 — unhandled XML warnings from totem youtube plugin
• Bug 693855 — Port introspection fixes from Vala bindings
• Bug 693958 — Add PDF support
• Bug 693865 — Add Vala bindings
• Bug 694415 — Don't require introspection.m4 to be installed system-wide
Overview of changes from libgdata 0.13.1 to libgdata 0.13.2
===========================================================
Major changes:
• Expand the documentation and add more examples
• Explicitly check for libxml2 in configure
• Port code coverage support to use gnome-common
Bugs fixed:
• Bug 683209 — Port to gnome-common code coverage macros
Overview of changes from libgdata 0.13.0 to libgdata 0.13.1
===========================================================
Major changes:
• Add support for Google Drawings
• Fix some of the test suite
• Add support for copying Google documents
• Moved GOA authoriser from EDS/GNOME Documents into libgdata (adding a GOA dependency)
• Remove libgnome-keyring dependency in favour of libgcr-base
API changes:
• Added GDataDocumentsDrawing
• Added gdata_documents_service_copy_document(), gdata_documents_service_copy_document_async(), gdata_documents_service_copy_document_finish()
• Added GDataGoaAuthorizer
• Added gdata_documents_document_get_download_uri()
Bugs fixed:
• Bug 633548 — Add Google Drawings support
• Bug 679072 — Tests for all Google services fail
• Bug 607270 — Support copying documents
• Bug 656976 — Merge eds and GNOME Documents GOA authorisers
• Bug 679867 — Use libgcr-base instead of libgnome-keyring for secure memory
• Bug 656970 — Add thumbnail support
Overview of changes from libgdata 0.12.0 to libgdata 0.13.0
===========================================================
Major changes:
• Bump GLib dependency to 2.31.0 in order to use its new threading primitives
• Add basic support for resumable uploads to GDataUploadStream (bug #607272)
• Update support for Google Documents to v3 of the API
• Add support for arbitrary file uploads to Google Documents (using GDataDocumentsDocuemtn),
and document conversion on upload (using GDataDocumentsUploadQuery)
API changes:
• Added gdata_upload_stream_new_resumable()
• Added GDataUploadStream:content-length, gdata_upload_stream_get_content_length()
• Added gdata_documents_service_upload_document_resumable()
• Added gdata_documents_service_update_document_resumable()
• Added GDataDocumentsUploadQuery
• Made GDataDocumentsDocument instantiable (this isn’t a real API break, though)
• Added GDATA_DOCUMENTS_TEXT_JPEG
• GDataDocumentsEntry:quota-used, gdata_documents_entry_get_quota_used()
Bugs fixed:
• Bug 593537 — Upgrade Documents service to version 3.0
• Bug 607616 — Permit the uploading of documents of any type
• Bug 656971 — Deprecate GDataDocumentsDocument subclasses
• Bug 588714 — <gd:quotaBytesUsed> handling in GDataDocumentsEntry
Overview of changes from libgdata 0.11.0 to libgdata 0.11.1
===========================================================
Major changes:
* Bump libsoup dependency to 2.37.91 in order to ensure it checks the validity of TLS certificates before accepting them
(Note that this was implemented in 0.10.2 using a --with-ca-certs configure argument. This argument isn't necessary with 0.11.1, since the newer
libsoup version which 0.11.1 requires already knows where the system CA cert file is.)
Bugs fixed:
* Bug 667577 — fix introspection for srcdir != builddir builds
* Bug 668365 — libgdata 0.10.x link error because of exported symbols that don't exist
* Bug 671535 — Security issue in libgdata
Overview of changes from libgdata 0.10.0 to libgdata 0.11.0
===========================================================
Major changes:
* Added version checking macros (thanks to Holger Berndt)
* Ported scrapbook demo to GtkGrid; this sets our GTK+ dependency to 2.91.2
* Added a LIBGDATA_DISABLE_DEPRECATED macro for disabling deprecated API in headers
* Sensitive details (passwords, auth. tokens, etc.) are now redacted from logs unless LIBGDATA_DEBUG=4 is set (which is a new logging level)
* Sensitive details are also now stored in non-pageable memory as much as possible to reduce the risk of them being leaked
NOTE: This has not been formally certified or reviewed, and is a precaution rather than a guarantee of security
This adds a dependency on libgnome-keyring when libgdata is configured with --enable-gnome (and is disabled otherwise)
* Use GHmac instead of liboauth's HMAC; this bumps our GLib dependency to 2.30.0
* Use the new GLib threading API iff compiled with GLib ≥ 2.31.0 (this doesn't bump the hard dependency, though)
API changes:
* Added GDATA_MAJOR_VERSION, GDATA_MINOR_VERSION, GDATA_MICRO_VERSION, GDATA_CHECK_VERSION
* Added GDataDocumentsEntry:resource-id, gdata_documents_entry_get_resource_id()
* Deprecated GDataDocumentsEntry:document-id, gdata_documents_entry_get_document_id()
* Added GDataYouTubeQuery:license, gdata_youtube_query_get_license(), gdata_youtube_query_set_license()
* Deprecated GDATA_DOCUMENTS_PRESENTATION_SWF
* Added GDATA_CATEGORY_SCHEMA_LABELS, GDATA_CATEGORY_SCHEMA_LABELS_STARRED
* Added GDataContactsContact:file-as, gdata_contacts_contact_get_file_as(), gdata_contacts_contact_set_file_as()
Bugs fixed:
* Bug 659016 — @rel not mandatory in website references
* Bug 660038 — Add preprocessor macro for version checking
* Bug 656972 — Tidy up document IDs
* Bug 658865 — Add support for the license query parameter
* Bug 660174 — Deprecate SWF export of presentations
* Bug 659148 — Add search-term query example to documentation
* Bug 656973 — Add an example of starring a document
* Bug 656783 — Review security of memory storing authentication details
* Bug 662290 — Can't update contact that has no full name
Overview of changes from libgdata 0.9.1 to libgdata 0.10.0
==========================================================
Major changes:
* Added support for comments to YouTube and PicasaWeb (thanks to Richard Schwarting)
* Added a “scrapbook” demo application (thanks to Joe Cortes)
* Added lots of cancellation tests
API changes:
* Added GDataCommentable
* Added GDataComment, GDataYouTubeComment, GDataPicasaWebComment
* Added gdata_entry_remove_link()
* Added gdata_youtube_video_get_media_rating(), GDATA_YOUTUBE_RATING_TYPE_SIMPLE, GDATA_YOUTUBE_RATING_TYPE_MPAA, GDATA_YOUTUBE_RATING_TYPE_V_CHIP
Bugs fixed:
* Bug 618587 — Implement GDataGDFeedLink
* Bug 598752 — Support comments
* Bug 647882 — Support rating schemes
* Bug 628069 — Add some demo applications
* Bug 656529 — undefined references trying to compile/build libgdata
* Bug 633364 — Add cancellation tests
Overview of changes from libgdata 0.9.0 to libgdata 0.9.1
=========================================================
Major changes:
* Added GDestroyNotify parameters to query-type methods so that they're properly introspectable, breaking API (see below)
* Fixed seeking in GDataDownloadStream
* Made the tests individually idempotent, so the test suites should be less of a tangled mess now
* Fixed uploading to non-default PicasaWeb albums
* Fixed GDataAuthorizer to re-process requests after refreshing, involving a slight change to the semantics of GDataAuthorizer (see bgo#653535)
* Ensure that Google Contacts uses HTTPS for everything
* Fixed the IDs used for Google Documents so that deleting documents now consistently works, even when they're in folders
API changes:
* Changed the following methods, adding GDestroyNotify parameters for their progress user data parameters:
- gdata_access_handler_get_rules_async()
- gdata_service_query_async()
- gdata_calendar_service_query_all_calendars_async()
- gdata_calendar_service_query_own_calendars_async()
- gdata_calendar_service_query_events_async()
- gdata_contacts_service_query_contacts_async()
- gdata_contacts_service_query_groups_async()
- gdata_documents_service_query_documents_async()
- gdata_picasaweb_service_query_all_albums_async()
- gdata_picasaweb_service_query_files_async()
- gdata_youtube_service_query_standard_feed_async()
- gdata_youtube_service_query_videos_async()
- gdata_youtube_service_query_related_async()
* Added GDataCalendarQuery:max-attendees, gdata_calendar_query_get_max_attendees(), gdata_calendar_query_set_max_attendees()
* Added GDataCalendarQuery:show-deleted, gdata_calendar_query_show_deleted(), gdata_calendar_query_set_show_deleted()
* Added gdata_picasaweb_service_get_user_async(), gdata_picasaweb_service_get_user_finish()
Bugs fixed:
* Bug 649728 — Add introspection annotations for documents_service_query(_async)
* Bug 639405 — Add max-attendees query parameter
* Bug 637664 — Fix GSeekable interface implementation in GDataDownloadStream
* Bug 633359 — Make tests individually idempotent
* Bug 653535 — Let GDataAuthorizer re-process request after refreshing
* Bug 653530 — Bogus run-time warnings
* Bug 653224 — Add gdata_picasaweb_service_get_user_async()
Overview of changes from libgdata 0.8.0 to libgdata 0.9.0
=========================================================
Major changes:
* Switched to even–odd/stable–unstable versioning (so 0.9.0 is an *unstable* release)
* Use HTTPS for all requests
* Some minor parsing fixes
* Fixed some nasty threading/cancellation problems
* Removed the old authentication API in favour of a more extensible, flexible one based on a GDataAuthorizer interface:
- ClientLogin is now handled by GDataClientLoginAuthorizer
- OAuth 1.0 support has been added with GDataOAuth1Authorizer
* Added a dependency on liboauth ≥ 0.9.4
* Introspection annotation improvements by Philip Chimento <philip.chimento@gmail.com>
* Removed some outdated contact photo API
API changes:
* Added GDATA_AUTHENTICATION_ERROR_INVALID_SECOND_FACTOR (later renamed to GDATA_CLIENT_LOGIN_AUTHORIZER_ERROR_INVALID_SECOND_FACTOR as below).
* Rename GDataAuthenticationError to GDataClientLoginAuthorizerError
* Rename GDATA_AUTHENTICATION_ERROR and gdata_authentication_error_quark() similarly.
* Remove gdata_service_authenticate() in favour of using GDataClientLoginAuthorizer with GDataService::authorizer:
- Remove gdata_service_authenticate(), gdata_service_authenticate_async() and gdata_service_authenticate_finish().
- Replace gdata_service_is_authenticated() by gdata_service_is_authorized() with much the same functionality.
- Add GDataService::authorizer, gdata_service_get_authorizer(), gdata_service_set_authorizer() and gdata_service_get_authorization_domains().
- Remove gdata_service_get_client_id() in favour of GDataClientLoginAuthorizer::client-id.
- Remove gdata_service_get_username() in favour of GDataClientLoginAuthorizer::username.
- Remove gdata_service_get_password() in favour of GDataClientLoginAuthorizer::password.
- Remove GDataServiceClass->service_name in favour of GDataAuthorizationDomain::service-name.
- Remove GDataServiceClass->authentication_uri and GDataServiceClass->parse_authentication_response in favour of different GDataAuthorizer
implementations.
- Add GDataAuthorizer parameters to and remove client_id parameters from: gdata_calendar_service_new(), gdata_contacts_service_new(),
gdata_documents_service_new(), gdata_picasaweb_service_new() and gdata_youtube_service_new().
* Add GDataAuthorizationDomain.
- Add GDataServiceClass->get_authorization_domains and gdata_service_get_authorization_domains().
- Add auth. domain getters to various GDataService subclasses: gdata_youtube_service_get_primary_authorization_domain(),
gdata_contacts_service_get_primary_authorization_domain(), gdata_calendar_service_get_primary_authorization_domain(),
gdata_picasaweb_service_get_primary_authorization_domain(), gdata_documents_service_get_primary_authorization_domain() and
gdata_documents_service_get_spreadsheet_authorization_domain().
- Add auth. domain properties to various standalone request objects: GDataDownloadStream::authorization-domain with
gdata_download_stream_get_authorization_domain(), GDataUploadStream::authorization-domain with gdata_upload_stream_get_authorization_domain() and
GDataBatchOperation::authorization-domain with gdata_batch_operation_get_authorization_domain().
- Add GDataAccessHandlerIface->get_authorization_domain. This doesn't have to be implemented by existing GDataAccessHandlers, but it's
highly recommended.
- Add a GDataAuthorizationDomain parameter to GDataServiceClass->append_query_headers, gdata_service_query(), gdata_service_query_async(),
gdata_service_query_single_entry(), gdata_service_query_single_entry_async(), gdata_service_insert_entry(), gdata_service_insert_entry_async(),
gdata_service_update_entry(), gdata_service_update_entry_async(), gdata_service_delete_entry(), gdata_service_delete_entry_async(),
gdata_batchable_create_operation(), gdata_download_stream_new() and gdata_upload_stream_new().
* Add GDataAuthorizer as described above, implemented by GDataClientLoginAuthorizer.
* Add GDataOAuth1Authorizer and all its properties and methods.
* Remove gdata_contacts_contact_has_photo() and GDataContactsContact:has-photo (use gdata_contacts_contact_get_photo_etag() instead).
Bugs fixed:
* Bug 642983 — libgdata-0.8.0: test fail with --enable-gtk-doc
* Bug 644940 — Use HTTPS only
* Bug 644946 — Support two-factor authentication
* Bug 639610 — Allow access to a contact's photo ETag
* Bug 648058 — Doesn't allow empty names for user defined fields
* Bug 650835 — [abrt] evolution-data-server-3.0.1-1.fc15: Process /usr/libexec/e-addressbook-factory was killed by signal 6 (SIGABRT)
Overview of changes from libgdata 0.7.0 to libgdata 0.8.0
=========================================================
Major changes:
* Added async counterparts to all remaining blocking methods
* Added various cancellation tests to the test suite
* Many fixes and improvements for cancellation of various operations
* Fixed many race conditions in authentication and cancellation of operations
* Removed the separate youtube-user property for YouTube authentication
* Fixed attribute escaping across all of libgdata
* Removed some deprecated PicasaWeb properties (file clients and positions)
* Switched to stream-based downloading for all download operations
* Tidied up (i.e. broke) the Documents service API a lot
* Tidied up a few test cases and made them idempotent
* Fixed several minor and major memory leaks
* Ensured that batch operations' callbacks are always called, even if the entire batch operation errors out
* Bumped our gdk-pixbuf dependency to 2.14
* Fixed all the XML comparison tests in light of an invalid assumption we made about hash table ordering being broken
* Added GeoRSS support to YouTube videos
* Overhauled download and upload streams, fixing many race conditions and deadlocks and adding some test cases
* Added support for flushing GDataUploadStream instances
* Added many code examples to the documentation and expanded a few other bits of the documentation
API changes:
* Added gdata_picasaweb_service_insert_album_async()
* Added gdata_picasaweb_service_query_files_async()
* Removed GDataYouTubeService:youtube-user, gdata_youtube_service_get_youtube_user()
* Removed GDataPicasaWebFile:client, gdata_picasaweb_file_get_client(), gdata_picasaweb_file_set_client()
* Removed GDataPicasaWebFile:position, gdata_picasaweb_file_get_position(), gdata_picasaweb_file_set_position()
* Changed gdata_documents_document_download() to be stream-based
* Changed gdata_documents_service_upload_document(), gdata_documents_service_update_document() to be stream-based
* Added gdata_documents_service_finish_upload()
* Renamed gdata_documents_service_move_document_to_folder() to gdata_documents_service_add_entry_to_folder()
* Renamed gdata_documents_service_remove_document_from_folder() to gdata_documents_service_remove_entry_from_folder()
* Added gdata_documents_service_add_entry_to_folder_async(), gdata_documents_service_add_entry_to_folder_finish()
* Added gdata_documents_service_from_entry_from_folder_async(), gdata_documents_service_from_entry_from_folder_finish()
* Changed GDataDownloadStream::content-length, GDataDownloadStream::content-type to be emitted in the download thread rather than the main thread
* Changed gdata_picasaweb_service_upload_file() to be stream-based
* Removed gdata_picasaweb_service_upload_file_async(), gdata_picasaweb_service_upload_file_finish()
* Added gdata_picasaweb_service_finish_file_upload()
* Changed gdata_media_content_download() to be stream-based
* Changed gdata_media_thumbnail_download() to be stream-based
* Changed gdata_youtube_service_upload_video() to be stream-based
* Added gdata_youtube_service_finish_video_upload()
* Added gdata_calendar_service_query_events_async()
* Added gdata_calendar_service_insert_event_async()
* Changed gdata_contacts_contact_get_photo(), gdata_contacts_contact_set_photo() to use guint8 instead of gchar for image data
* Added gdata_contacts_contact_get_photo_async(), gdata_contacts_contact_get_photo_finish()
* Changed gdata_contacts_contact_set_photo() to require a content type to be passed in
* Added gdata_contacts_contact_set_photo_async(), gdata_contacts_contact_set_photo_finish()
* Added GDataYouTubeVideo:latitude, GDataYouTubeVideo:longitude, gdata_youtube_video_get_coordinates(), gdata_youtube_video_set_coordinates()
* Changed gdata_upload_stream_new() to take a GCancellable
* Added GDataUploadStream:cancellable, gdata_upload_stream_get_cancellable()
* Changed gdata_download_stream_new() to take a GCancellable
* Added GDataDownloadStream:cancellable, gdata_download_stream_get_cancellable()
Bugs fixed:
* Bug 607620 — Cancelled uploads appear partially complete in PicasaWeb
* Bug 635959 — Proper cancellation support for GDataUploadStream
* Bug 635736 — Asynchronous authentication tests broken
* Bug 634033 — Use standard login URI for YouTube
* Bug 635335 — GIR missing exported packages information
* Bug 631033 — Fix escaping and add tests
* Bug 633363 — Add missing *_async() methods
* Bug 594814 — Handle GeoRSS for YouTube videos
* Bug 637036 — Overhaul cancellation support
* Bug 579885 — Add code examples to documentation
Overview of changes from libgdata 0.6.0 to libgdata 0.7.0
=========================================================
Major changes:
* Improved and updated introspection support and annotations for gobject-introspection >= 0.9.7 (which we now depend on)
* Added more code examples to documentation
* Added support for service localisation using gdata_service_set_locale()
* Added support for listing video categories from YouTube
* Tidied up object comparison using a new GDataComparable interface instead of lots of *_compare() methods
* Added batch operation support and implemented it for the Contacts, YouTube, Calendar and Documents services
* Fixed ID projection issues with Contact entries
* Added support for alerting the user of account migration with GDATA_AUTHENTICATION_ERROR_ACCOUNT_MIGRATED
* Added support for a --no-internet option to the tests, so that more of the test suite can be run automatically without an internet connection
* Split handling of entries with inline content from external content (using the new gdata_entry_get_content_uri())
* Rearranged Documents classes so that instantiable entries are now subclasses of a new GDataDocumentsDocument, which handles downloading of document
files
* Use gtk-doc's no-tmpl flavour, bumping our gtk-doc requirement to 1.14
* Tightened up URI escaping
* Switched to depending on only gdk-pixbuf instead of the whole of GDK, since we only (optionally) use GdkPixbuf for the test suite
* Tightened up attribute escaping
* Switched from GTimeVal to gint64 for representing UNIX timestamps
* Switched to using upstream gettext instead of glib-gettext
* Added support for manipulating Contact groups
API changes:
* Added gdata_entry_get_authors
* Added gdata_service_get_locale, gdata_service_set_locale
* Added GDataYouTubeCategory, GDataAPPCategories
* Added gdata_youtube_service_get_categories, gdata_youtube_service_get_categories_async, gdata_youtube_service_get_categories_finish
* Added GDataComparable
* Removed *_compare() functions in favour of implementing the GDataComparable interface
* Added GDataEntryClass->kind_term
* Added GDataBatchable, GDataBatchOperation
* Added GDATA_AUTHENTICATION_ERROR_ACCOUNT_MIGRATED
* Added GDATA_DOCUMENTS_PRESENTATION_PDF, GDATA_DOCUMENTS_PRESENTATION_PNG, GDATA_DOCUMENTS_PRESENTATION_PPT, GDATA_DOCUMENTS_PRESENTATION_SWF
GDATA_DOCUMENTS_PRESENTATION_TXT, GDATA_DOCUMENTS_SPREADSHEET_CSV, GDATA_DOCUMENTS_SPREADSHEET_HTML, GDATA_DOCUMENTS_SPREADSHEET_ODS,
GDATA_DOCUMENTS_SPREADSHEET_PDF, GDATA_DOCUMENTS_SPREADSHEET_TSV, GDATA_DOCUMENTS_SPREADSHEET_XLS, GDATA_DOCUMENTS_TEXT_DOC,
GDATA_DOCUMENTS_TEXT_HTML, GDATA_DOCUMENTS_TEXT_ODT, GDATA_DOCUMENTS_TEXT_PDF, GDATA_DOCUMENTS_TEXT_PNG, GDATA_DOCUMENTS_TEXT_RTF,
GDATA_DOCUMENTS_TEXT_TXT, GDATA_DOCUMENTS_TEXT_ZIP
* Removed GDataDocumentsPresentationFormat, GDataDocumentsSpreadsheetFormat, GDataDocumentsTextFormat and made the appropriate changes to the relevant
Documents functions which took them
* Added gdata_entry_get_content_uri, gdata_entry_set_content_uri and changed the behaviour of gdata_entry_get_content as appropriate
* Added GDataDocumentsDocument as a subclass of GDataDocumentsEntry and the parent of GDataDocumentsPresentation, GDataDocumentsSpreadsheet and
GDataDocumentsText
* Added gdata_documents_document_download, gdata_documents_document_get_download_uri
* Removed gdata_documents_presentation_download_document, gdata_documents_presentation_get_download_uri,
gdata_documents_spreadsheet_download_document, gdata_documents_text_download_document, gdata_documents_text_get_download_uri (moved to
GDataDocumentsDocument)
* Made GDataDocumentsEntry abstract
* Removed gdata_contacts_service_update_contact (use gdata_service_update_entry instead)
* Removed GDataTimeVal (boxed type)
* Removed GTimeVal from the public API, in favour of gint64
* Added GDATA_LINK_ACCESS_CONTROL_LIST
* Removed gdata_access_handler_insert_rule (use gdata_service_insert_entry instead), gdata_access_handler_update_rule (use gdata_service_update_entry
instead), gdata_access_handler_delete_rule (use gdata_service_delete_entry instead)
* Added gdata_access_handler_get_rules_async
* Added gdata_contacts_service_insert_contact_async
* Added GDataContactsGroup
* Added gdata_contacts_service_query_groups, gdata_contacts_service_query_groups_async, gdata_contacts_service_insert_group,
gdata_contacts_service_insert_group_async
Bugs fixed:
* Bug 616222 — libgdata fails to build from a remote directory
* Bug 579885 — Add code examples to documentation
* Bug 618584 — Implement gdata_entry_get_authors()
* Bug 615721 — Support listing video categories
* Bug 618586 — gdata_service_query_single_entry() encounters NULL type class
* Bug 579169 — Add batch processing support
* Bug 624142 — Add batch operation support to Calendar service
* Bug 624141 — Add batch operation support to Documents service
* Bug 630350 — Email address cannot contain name
libgdata is a GLib-based library for accessing online service APIs using the
GData protocol Google's services. It provides APIs to access the common Google
services, and has full asynchronous support.
* Change packaging from bz2 to xz
* Fixed waitip
* For Prefix Delegation, servers must now support RFC7550
* Fixed detecting host routes in DHCP messages
* Fixed ARP checking that failed in some situations
* Fixed static address assignment in dhcpcd.conf
* Split IPv4LL state from DHCP and into it's own state
* Reject any NA/RA with a hop limit != 255
* Replace if_oneup with if_afwaited and af_waited for hook scripts
* Fix a potential buffer overrun if an embedded DHCP option is
a zero length or fails to parse - thanks to Paul Stewart
* Check fclose for errors - thanks to Bob
* wpad_url has been added to dhcpcd-definitions.conf
* Fix a double free when failing to send a DHCPv6 RELEASE
Thanks to Todd Blanchard.
* Correct IPv6 public address test, thanks to Micha? K?pie?
* Fix DHCPv6 starting if no public addresses found in the RA
but the M or O bit was set
* Replaced custom uptime() with clock_gettime(2)
* Fix DHCPv6 elapsed time
This file only lists a short summary of the changes between FileZilla versions.
For a full list of changes, please read the ChangeLog file.
Legend:
! Security related bugfix or otherwise critical bugfix
+ New feature or important bugfix
- Bugfixes
Platform prefixes:
MSW: Microsoft Windows
*nix: Unix (e.g BSD) and Unix-like systems (e.g. Linux)
OS X: Apple Mac OS X
3.12.0 (2015-07-08)
+ Directory comparison can be configured for Site Manager entires and bookmarks
- Instead of skipping commands due to spontaneous connection failures while
executing a command, reconnect and retry
- FileZilla no longer shows popup dialogs such as the file exists dialog if
another dialog or message box is already shown
- Improved compatibility with servers sending malformed FEAT replies
3.12.0-rc1 (2015-06-29)
+ FileZilla no longer visually enters each visited directory during recursive
operations, e.g. when downloading or deleting remote directories. During recursive
operations the server's directory structure can now be navigated as if idle
+ Ask for confirmation if trying to load Site Manager data originating from a
future version of FileZilla
+ Display location of settings directory on the About dialog
+ Display detected CPU features (on x86) on the About dialog
- Remove certificate verification messages in the message log for data connections
- Speed up parsing of the PASV reply
- The status bar of the search dialog now shows the number of found matches again
- OS X: Configuring SFTP keys no longer fails if the full path of FileZilla's
application bundle contains spaces
- *nix: Make waitable conditions immune to wallclock changes if the system
supports both clock_gettime and pthread_condattr_setclock
- Fixed a rare crash when queuing many socket threads for deletion at the same time
3.11.0.2 (2015-06-02)
- Fixed a potential crash if a connection gets remotely closed in the same
moment a new connection is to be opened
- Improved compatibility with servers sending pre-epoch timestamps
- Fixed pt_BR translation
3.11.0.1 (2015-05-22)
! Reject Diffie-Hellman Groups smaller than 1024 bits when using FTP over TLS to
protect against the Logjam attack
- Do not bind the source IP address of the data connection if the server is not
configured properly
- Deleting bookmarks from the bookmarks dialog no longer deletes the wrong bookmark
- Fixed CPU compatibility issues on 64bit binaries
3.11.0 (2015-05-19)
- Ensure the title bar is at least partially inside the screen boundary when
restoring a saved window position
- Fixed crash if opening a wrapped dialog without having restarted FileZilla
after having change language to Chinese or Japanese
3.11.0-rc1 (2015-05-12)
+ Implemented new date/time handling to solve issues with DST conversion
+ *nix: Official Linux binaries are now built for Debian Jessie
+ In passive mode transfer, the source IP of the data connection is now bound to
the same source IP as the control connection
- Requeueing of folder items no longer prints an error message
- Fix disabling of timeouts
- MSW: Fix the returned error level of the installer
- Fix a crash if disconnecting during transfers
- Official binaries now link against GnuTLS 3.4.1
- Official binaries now link against SQLite 3.8.10.1
=================
Use POSIC fcntl() instead of flock() on SunOS as well as apply to upstream
workarounds to redefinition involving 'struct mutex' on SunOS.
Add xgettext to USE_TOOLS.
**** 1.01 Jul 6, 2015
Feature
The RRs previously only available with Net::DNS::SEC are now
integrated with Net::DNS. Net::DNS::SEC needs to be installed
to enable the signature generation and verification functions.
Fix rt.cpan.org #105491
Can't call method "zclass" on an undefined value at ... Net/DNS/Packet.pm line 474
Fix rt.cpan.org #105421
Dead link in Net::DNS::FAQ
Fix rt.cpan.org #104657
Wrong split on Cygwin
Fix rt.cpan.org #102810
Dynamic update: rr_add overrides ttl of zero
Fix rt.cpan.org #102809
CAA broken
Changes:
Released version 1.5.14 with the following main changes :
- BUILD/MINOR: tools: rename popcount to my_popcountl
- BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data
Released version 1.5.13 with the following main changes :
- BUG/MINOR: check: fix tcpcheck error message
- CLEANUP: deinit: remove codes for cleaning p->block_rules
- DOC: Update doc about weight, act and bck fields in the statistics
- MINOR: ssl: add a destructor to free allocated SSL ressources
- BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
- MEDIUM: ssl: replace standards DH groups with custom ones
- BUG/MINOR: debug: display (null) in place of "meth"
- BUG/MINOR: cfgparse: fix typo in 'option httplog' error message
- BUG/MEDIUM: cfgparse: segfault when userlist is misused
- BUG/MEDIUM: stats: properly initialize the scope before dumping stats
- BUG/MEDIUM: http: don't forward client shutdown without NOLINGER except for tunnels
- CLEANUP: checks: fix double usage of cur / current_step in tcp-checks
- BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
- CLEANUP: checks: simplify the loop processing of tcp-checks
- BUG/MAJOR: checks: always check for end of list before proceeding
- BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
- BUG/MEDIUM: peers: apply a random reconnection timeout
- BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
- MEDIUM: init: don't stop proxies in parent process when exiting
- MINOR: peers: store the pointer to the signal handler
- MEDIUM: peers: unregister peers that were never started
- MEDIUM: config: propagate the table's process list to the peers sections
- MEDIUM: init: stop any peers section not bound to the correct process
- MEDIUM: config: validate that peers sections are bound to exactly one process
- MAJOR: peers: allow peers section to be used with nbproc > 1
- DOC: relax the peers restriction to single-process
- CLEANUP: config: fix misleading information in error message.
- MINOR: config: report the number of processes using a peers section in the error case
- BUG/MEDIUM: config: properly compute the default number of processes for a proxy
pkgsrc changes:
Thanks to "rename popcount to my_popcountl" one of patches can be removed.
Changes since 0.9.9:
added option to disable system keyring storage to prevent crashes
reverted default sorting order to "Descending"
compiled to run on vintage systems like Windows XP
fixed vanishing Nagstamon submenu in Ubuntu Appindicator
fixed too narrow fullscreen display
added custom event notification with custom commands
added highlighting of new events
added storage of passwords in OS keyring
added optional tooltip for full status information
added support for applying custom actions to specific monitor only
added copy buttons for servers and actions dialogs
added stopping notification if event already vanished
added support for Op5Monitor 6.3 instead of Ninja
added experimental Zabbix support
added automatic refreshing after acknowledging
added permanent hamburger menu
unified layout of dialogs
various Check_MK improvements
fixed old regression not-staying-on-top-bug
fixed Check_MK-Recheck-DOS-bug
fixed pop window size calculation on multiple screens
fixed following popup window on multiple screens
fixed hiding dialogs in MacOSX
fixed ugly statusbar font in MacOSX
fixed use of changed colors
fixed non-ascending default sort order
fixed Opsview downtime dialog
fixed sometimes not working context menu
fixed some GUI glitches
fixed password saving bug
fixed Centreon language inconsistencies
fixed regression Umlaut bug
Changes since OpenNTPD 5.7p3
============================
* Added support for using HTTPS time constraints to validate NTP responses.
* Workaround a bug in the Solaris adjtime call that caused the olddelta to
never reach 0, leading to continual sync/unsync messages from ntpd.
* Workaround an overflow on systems with 32-bit time_t. This can result in a
failure to set the time if the initial clock is set later than early 2036.
Systems with a 32-bit time_t should upgrade well in advance of this date, but
today this helps with systems that boot with an invalid initial time.
Note:the HTTPS time constraints feature is not currently available
in pkgsrc due to the lack of libtls.
Please refer NEWS and ChangeLog for full changes.
NTP 4.2.8p3 (Harlan Stenn <stenn@ntp.org>, 2015/06/29)
Focus: 1 Security fix. Bug fixes and enhancements. Leap-second improvements.
Severity: MEDIUM
Security Fix:
* [Sec 2853] Crafted remote config packet can crash some versions of
ntpd. Aleksis Kauppinen, Juergen Perlinger, Harlan Stenn.
Under specific circumstances an attacker can send a crafted packet to
cause a vulnerable ntpd instance to crash. This requires each of the
following to be true:
1) ntpd set up to allow remote configuration (not allowed by default), and
2) knowledge of the configuration password, and
3) access to a computer entrusted to perform remote configuration.
This vulnerability is considered low-risk.
New features in this release:
Optional (disabled by default) support to have ntpd provide smeared
leap second time. A specially built and configured ntpd will only
offer smeared time in response to client packets. These response
packets will also contain a "refid" of 254.a.b.c, where the 24 bits
of a, b, and c encode the amount of smear in a 2:22 integer:fraction
format. See README.leapsmear and http://bugs.ntp.org/2855 for more
information.
*IF YOU CHOOSE TO CONFIGURE NTPD TO PROVIDE LEAP SMEAR TIME*
*BE SURE YOU DO NOT OFFER THAT TIME ON PUBLIC TIMESERVERS.*
We've imported the Unity test framework, and have begun converting
the existing google-test items to this new framework. If you want
to write new tests or change old ones, you'll need to have ruby
installed. You don't need ruby to run the test suite.
There's a new option to disable the system tray.
As mentioned above, we now have a plugin for Pump.io microblogs.
We have a new plugin for expansion of short URLs, and dropped old UnTiny
plugin.
A preview for photos posted to Twitter.com is now available.
Issues in updating friends list of Twitter is fixed and sending direct
message is working again.
There's a new option in User menu for Reporting a User to Twitter.
A long wanted request on StatusNet(Gnu social) plugin was ability to take
into account the server's custom set, char limit. now we have it.
IMStatus plugin now supports KDE Telepathy.
Yourls and Goo.gl shortening plugins are fixed and now they are working
again.
Broken shortening plugins are dropped.
- Explicitly disable samba-regedit for now, it is built depending on
various curses characteristics that we do not currently support.
- Avoid epoll implementation on SmartOS.
- Pull in Active Directory and LDAP options from net/samba, LDAP support
is dynamically configured and we need to ensure that, if enabled, we
correctly pull in openldap. The SunOS native LDAP is missing some TLS
functions that Samba depends upon.
Tested with various PKG_OPTIONS combinations, fixes build on SmartOS.
2015/05/02 : 1.5.12
- BUG/MINOR: ssl: Display correct filename in error message
- DOC: Fix L4TOUT typo in documentation
- BUG/MEDIUM: Do not consider an agent check as failed on L7 error
- BUG/MINOR: pattern: error message missing
- BUG/MEDIUM: pattern: some entries are not deleted with case insensitive match
- BUG/MEDIUM: buffer: one byte miss in buffer free space check
- BUG/MAJOR: http: don't read past buffer's end in http_replace_value
- BUG/MEDIUM: http: the function "(req|res)-replace-value" doesn't respect the HTTP syntax
- BUG/MEDIUM: peers: correctly configure the client timeout
- BUG/MINOR: compression: consider the expansion factor in init
- BUG/MEDIUM: http: hdr_cnt would not count any header when called without name
- BUG/MEDIUM: listener: don't report an error when resuming unbound listeners
- BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only
- BUG/MEDIUM: stream-int: always reset si->ops when si->end is nullified
- BUG/MEDIUM: http: remove content-length from chunked messages
- DOC: http: update the comments about the rules for determining transfer-length
- BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to HTTP/1.1
- BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad request
- BUG/MEDIUM: http: remove content-length form responses with bad transfer-encoding
- MEDIUM: http: restrict the HTTP version token to 1 digit as per RFC7230
- MEDIUM: http: add option-ignore-probes to get rid of the floods of 408
- BUG/MINOR: config: clear proxy->table.peers.p for disabled proxies
- MINOR: stick-table: don't attach to peers in stopped state
- MEDIUM: config: initialize stick-tables after peers, not before
- MEDIUM: peers: add the ability to disable a peers section
- DOC: document option http-ignore-probes
- DOC: fix the comments about the meaning of msg->sol in HTTP
- BUG/MEDIUM: http: wait for the exact amount of body bytes in wait_for_request_body
- BUG/MAJOR: http: prevent risk of reading past end with balance url_param
- DOC: update the doc on the proxy protocol
=========
FEATURES:
- nsd-control addzones and delzones read list of zones from stdin.
- hmac sha224, sha384 and sha512 support.
- max-interfaces raised to 32.
BUG FIXES:
- Fix#665: when removing subdomain, nsd does not reparse parent zone.
- Fix task and zonestat files to be stored in a subdirectory in tmp
to stop privilege elevation.
- Fix crash in zone parser for relative dname after error in origin.
- Fix that formerrors are ratelimited.
Changelog:
Release 1.8.1 May 7th 2015
Make "operation canceled" error a soft error
Do not throw an error for files that are scheduled to be removed, but can not be found on the server. (#2919)
Windows: Reset QNAM to proper function after hibernation. (#2899, #2895, #2973)
Fix argument verification of --confdir (#2453)
Fix a crash when accessing a dangling UploadDevice pointer (#2984)
Add-folder wizard: Make sure there is a scrollbar if folder names are too long (#2962)
Add-folder Wizard: Select the newly created folder
Activity: Correctly restore column sizes (#3005)
SSL Button: do not crash on empty certificate chain
SSL Button: Make menu creation lazy (#3007, #2990)
Lookup system proxy async to avoid hangs (#2993, #2802)
ShareDialog: Some GUI refinements
ShareDialog: On creation of a share always retrieve the share. This makes sure that if a default expiration date is set this is reflected in the dialog. (#2889)
ShareDialog: Only show share dialog if we are connected.
HttpCreds: Fill pw dialog with previous password. (#2848, #2879)
HttpCreds: Delete password from old location. (#2186)
Do not store Session Cookies in the client cookie storage
CookieJar: Don't accidentally overwrite cookies. (#2808)
ProtocolWidget: Always add seconds to the DateTime locale. (#2535)
Updater: Give context as to which app is about to be updated (#3040)
Windows: Add version information for owncloud.exe. This should help us know what version or build number a crash report was generated with.
Fix a crash on shutdown in ~SocketApi (#3057)
SyncEngine: Show more timing measurements (#3064)
Discovery: Add warning if returned etag is 0
Fix a crash caused by an invalid DiscoveryDirectoryResult::iterator (#3051)
Sync: Fix sync of deletions during 503. (#2894)
Handle redirect of auth request. (#3082)
Discovery: Fix parsing of broken XML replies, which fixes local file disappearing (#3102)
Migration: Silently restore files that were deleted locally by bug (#3102)
Sort folder sizes SelectiveSyncTreeView numerically (#3112)
Sync: PropagateDownload: Read the mtime from the file system after writing it (#3103)
Sync: Propagate download: Fix restoring files for which the conflict file exists (#3106)
Use identical User Agents and version for csync and the Qt parts
Prevent another crash in ~SocketApi (#3118)
Windows: Fix rename of finished file (#3073)
AccountWizard: Fix auth error handling (#3155)
Documentation fixes
Infrastructure/build fixes
Win32/OS X: Apply patch from OpenSSL to handle oudated intermediates gracefully (#3087)
This is the fork of original "Grive" (https://github.com/Grive/grive)
Google Drive client with the support for the new Drive REST API
and partial sync.
Grive can be considered still beta or pre-beta quality. It simply
downloads all the files in your Google Drive into the current
directory. After you make some changes to the local files, run
grive again and it will upload your changes back to your Google
Drive. New files created locally or in Google Drive will be uploaded
or downloaded respectively. Deleted files will also be "removed".
Currently Grive will NOT destroy any of your files: it will only
move the files to a directory named .trash or put them in the Google
Drive trash. You can always recover them.
run a system with ~100 hosts and 1100+ checks which run every 1-3 mins,
you will have a very terrible experience with this package. See discussion
at:
http://support.nagios.com/forum/viewtopic.php?f=7&t=33274&p=141473#p141473
This patch changes the limit from a whopping three (3) to 128, which is
more reasonable. Though, if others are continuing to have problems with
this package, we could increase it to 1024. Defuzz the rest of the patches.
Changes in version 0.2.6.9 - 2015-06-11
Tor 0.2.6.9 fixes a regression in the circuit isolation code, increases the
requirements for receiving an HSDir flag, and addresses some other small
bugs in the systemd and sandbox code. Clients using circuit isolation
should upgrade; all directory authorities should upgrade.
o Major bugfixes (client-side privacy):
- Properly separate out each SOCKSPort when applying stream
isolation. The error occurred because each port's session group was
being overwritten by a default value when the listener connection
was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch
by "jojelino".
o Minor feature (directory authorities, security):
- The HSDir flag given by authorities now requires the Stable flag.
For the current network, this results in going from 2887 to 2806
HSDirs. Also, it makes it harder for an attacker to launch a sybil
attack by raising the effort for a relay to become Stable which
takes at the very least 7 days to do so and by keeping the 96
hours uptime requirement for HSDir. Implements ticket 8243.
o Minor bugfixes (compilation):
- Build with --enable-systemd correctly when libsystemd is
installed, but systemd is not. Fixes bug 16164; bugfix on
0.2.6.3-alpha. Patch from Peter Palfrader.
o Minor bugfixes (Linux seccomp2 sandbox):
- Fix sandboxing to work when running as a relaymby renaming of
secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes
bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader.
- Allow systemd connections to work with the Linux seccomp2 sandbox
code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
Peter Palfrader.
o Minor bugfixes (tests):
- Fix a crash in the unit tests when built with MSVC2013. Fixes bug
16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
--- 9.10.2-P1 released ---
4134. [cleanup] Include client-ip rules when logging the number
of RPZ rules of each type. [RT #39670]
4131. [bug] Addressed further problems with reloading RPZ
zones. [RT #39649]
4126. [bug] Addressed a regression introduced in change #4121.
[RT #39611]
4122. [bug] The server could match a shorter prefix than what was
available in CLIENT-IP policy triggers, and so, an
unexpected action could be taken. This has been
corrected. [RT #39481]
4121. [bug] On servers with one or more policy zones
configured as slaves, if a policy zone updated
during regular operation (rather than at
startup) using a full zone reload, such as via
AXFR, a bug could allow the RPZ summary data to
fall out of sync, potentially leading to an
assertion failure in rpz.c when further
incremental updates were made to the zone, such
as via IXFR. [RT #39567]
4120. [bug] A bug in RPZ could cause the server to crash if
policy zones were updated while recursion was
pending for RPZ processing of an active query.
[RT #39415]
4116. [bug] Fix a bug in RPZ that could cause some policy
zones that did not specifically require
recursion to be treated as if they did;
consequently, setting qname-wait-recurse no; was
sometimes ineffective. [RT #39229]
4063. [bug] Asynchronous zone loads were not handled
correctly when the zone load was already in
progress; this could trigger a crash in zt.c.
[RT #37573]
4062. [bug] Fix an out-of-bounds read in RPZ code. If the
read succeeded, it doesn't result in a bug
during operation. If the read failed, named
could segfault. [RT #38559]
PowerDNS Authoritative Server 3.4.5
Bug fixes:
- Be careful reading empty lines in our config parser and prevent
integer overflow.
- prevent crash after --list-modules (Ruben Kerkhof)
- Limit the maximum length of a qname
Improvements:
- Support /etc/default for our debian/ubuntu packages (Aki Tuomi)
- Detect GCC 5.1 for boost (Ruben Kerkhof)
- Various PKCS#11 fixes and improvements (Aki Tuomi)
- Fix Coverity issues (Aki Tuomi)
- Fix building on OpenBSD (Florian Obser and Ruben Kerkhof)
- Look for mbedtls before polarssl (Ruben Kerkhof)
- Let pkg-config determine botan dependency libs (Ruben Kerkhof)
- Kill some further mallocs and add note to remind us not to add them back
- Move remotebackend-unix test socket to testsdir (Aki Tuomi)
- Defer launch of coprocess until first question (Aki Tuomi)
- pdnssec: check for glue and delegations in parent zones (Kees Monshouwer)
PowerDNS Authoritative Server 3.4.4
Bug fixes:
- Fix rectify-(all)-zones for mixed case domain names
- Fix CVE-2015-1868
- Blocking IO in busy-wait for remote backend (Wieger Opmeer)
- Fix double dot for root MX/SRV in bind slave zone files (Kees Monshouwer)
- Properly lock lmdb database, fixes ticket #1954 (Aki Tuomi)
- Fix segfault in zone2lmdb (Ruben Kerkhof)
New Features:
- pdnssec: warn for insecure wildcards in opt-out zones
- TKEY record type (Aki Tuomi)
- Many PKCS#11 improvements (Aki Tuomi)
- Introduce xfrBlobNoSpaces and use them for TSIG (Aki Tuomi)
Improvements:
- Allow "pdnssec set-nsec3 ZONE" for insecure zones; this saves on
one rectify when securing a NSEC3 zone
- Improvements to the config-file parsing (Aki Tuomi)
- Postgresql check should not touch LDFLAGS (Ruben Kerkhof)
- Log error when remote cannot do AXFR (Aki Tuomi)
- Speed improvements when AXFR is disabled (Christian Hofstaedtler)
- NSEC3 and related RRSIGS are not part of the dnstree (Kees Monshouwer)
- Change ifdef to check for __GLIBC__ instead of __linux__ to prevent
errors with other libc's (James Taylor)
- Try to raise open files before dropping privileges (Aki Tuomi)
- Add newline to carbon error message on auth (Aki Tuomi)
- Make sure we send servfail on error (Aki Tuomi)
- Ship lmdb-example.pl in tarball (Ruben Kerkhof)
- Allocate TCP buffer dynamically, decreasing stack usage
- Throw if getSOA gets non-SOA record
Add SMF support.
Defuzz patches.
PowerDNS Recursor 3.7.3
- Limit the maximum length of a qname
- pdnssec: check for glue and delegations in parent zones
PowerDNS Recursor 3.7.2
- Fix handling of forward references in label compressed packets;
fixes CVE-2015-1868.
- Minor improvements and bugfixes.
PowerDNS Recursor 3.7.1
- New root-nx-trust flag makes PowerDNS generalize NXDOMAIN responses
from the root-servers
- getregisteredname() for Lua, which turns 'www.bbc.co.uk' into 'bbc.co.uk'
- Lua preoutquery filter
- Lua IP-based filter (ipfilter) before parsing packets
- iputils class for Lua, to quickly process IP addresses and netmasks
in their native format
- getregisteredname function for Lua, to find the registered domain
for a given name
- Various new ringbuffers: top-servfail-remotes, top-largeanswer-remotes,
top-servfail-queries
- Minor improvements and bugfixes.
PowerDNS Recursor 3.6.2
- Minor improvements and bugfixes.
PowerDNS Recursor 3.6.1
- Fix for a crash under a specific sequence of packets.
PowerDNS Recursor 3.6.0
- Implement minimum-ttl-override config setting, plus runtime configurability
via 'rec_control set-minimum-ttl'.
- Lots of work on the JSON API, which is exposed via Aki Tuomi's 'yahttp'.
- Lua modules can now use 'pdnslog(INFO..')
- Adopt any-to-tcp feature to the recursor.
- Implement built-in statistics dumper using the 'carbon' protocol, which
is also understood by metronome (our mini-graphite). Use 'carbon-server',
'carbon-ourname' and 'carbon-interval' settings.
- New setting 'udp-truncation-threshold' to configure from how many bytes
we should truncate. commit a09a8ce.
- Proper support for CHaos class for CHAOS TXT queries.
- Added support for Lua scripts to drop queries w/o further processing.
- Kevin Holly added qtype statistics to recursor and rec_control.
- Add support for include-files in configuration, also reload ACLs and zones
defined in them.
- Paulo Anes contributed server-down-max-fails which helps combat
Recursive DNS based amplification attacks.
- Implement "followCNAMERecords" feature in the Lua hooks.
- Minor improvements and bugfixes.
PowerDNS Recursor 3.5.3
- This is a bugfix and performance update to 3.5.2. It brings serious
performance improvements for dual stack users.
PowerDNS Recursor 3.5.2
- This is a stability and bugfix update to 3.5.1. It contains important
fixes that improve operation for certain domains.
PowerDNS Recursor 3.5.1
- This is a stability and bugfix update to 3.5.
PowerDNS Recursor 3.5
- The local zone server now understands wildcards.
- The Lua postresolve and nodata hooks.
- A new feature, rec_control trace-regex allows the tracing of lookups
for specific names
- A new setting, export-etc-hosts-search-suffix, adds a configurable
suffix to names imported from /etc/hosts
- Minor improvements & bugfixes
PowerDNS Recursor 3.3.1
- Small number of important fixes, adds some memory usage statistics,
but no new features
RabbitMQ 3.5.3:
- If rabbitmqctl can't contact a node, suggest to verify any Erlang TLS
distribution configuration
- Ensure the memory monitor is fully started before the file handle cache
is used
- Management plugin: Fix a crash during RabbitMQ startup if
force_fine_statistics is set in rabbitmq_management_agent configuration
RabbitMQ 3.5.2:
- Improve integration with Docker
- Add a way to send log messages (both "normal" and sasl messages) to stdout
- Do not try to use exec before su ... as su(1) forks a process anyway
- Report a queue is under flow control only if it was in this situation
in the last 1 second, instead of the last 5 seconds previously
- Add a check to ensure the Mnesia directory is not shared with the PID file
location or the plugin expansion directory
- Ensure the file handle cache remains under the memory high watermark
when syncing a mirrored queue
- Restore support for messages stored on disk with the previous x-death
header format
- Ensure passwords containing $ characters are properly escaped so they are
not interpreted by the shell, when a password is changed using rabbitmqctl
change_password
- Management plugin: Allow to configure rates_mode even if only
rabbitmq-management-agent is enabled
- Management plugin: Fix a badarith crash if for some reasons, the disk free
space or the file descriptors count are temporarily reported incorrectly
- STOMP plugin: Ensure the "processor" thread is terminated at the same time
the "reader" thread exits
RabbitMQ 3.5.1:
- Introduce a new channel log category for channel log messages
- Ensure consumer_closed events are emitted for the actually closed channels
only, not all of them
- Ensure the number of x-death message headers doesn't grow indefinitely
- Adjust the file read buffer cache size to avoid useless reads
- Ensure the priority queue plugin reports its memory consumption properly
- Prevent a crash while synchronising paged out priority queues
- Pass the PID file to rabbitmqctl stop in rabbitmq-server.ocf, exactly
like Debian- and Red Hat-flavour init scripts
- AMQP plugin: Fix heartbeats
- AMQP plugin: Respond with a protocol error if a disposition frame
is incorrect
- AMQP plugin: Fix a crash if the initial-delivery-count is not 0
## v1.58.0
* Add TCP pipelining (reusing a single TCP connection for multiple requests).
* Enhance zone reading, including reading data from a string.
* Add add_answer! method for adding duplicate answers, as needed for an AXFR response.
* Add support for GPOS and NXT resource records.
* Test cleanup, including removal of use of Nominet servers, soak_test cleanup.
* Refactorings: MessageDecoder, Resolv, Resolver (part).
* Fix zone reader adding unwanted dot to relative hostnames being converted to absolute.
* Fix default access for tsig options in Resolver.
* Fix ZoneTransfer not to use deprecated SingleResolver.
* Fix Resolver bug in parameter to create_tsig_options.
* Fix tests to always use working copy and not gem.
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.
libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).
Features:
* Completely Asynchronous
* Connection cache
* HTTP chunked transfer support
* HTTP, SOCKS4, and SOCKS5 authenticated proxy support
* SSL Support using OpenSSL or GnuTLS
* Client support for Digest, NTLM, and Basic authentication
* HTTP server
* Server support for Digest and Basic authentication
2015-04-07 Dustin Lundquist <dustin@null-ptr.net>
0.4.0 release
* Improve DNS resolver:
Support for AAAA records
Configuration options
* Global access log
* Man page for sniproxy.conf
* Reject IP literals as hostnames for wildcard backends
get_iplayer 2.94 was released shortly after 2.93 to fix a bug that
broke live streaming for BBC News, BBC 6 Music and BBC 1Xtra. There
were no other changes in 2.94. If you already installed 2.93 and do not
require live streaming for the above stations, updating to 2.94 is not
necessarily required. However, all users are strongly advised to do so.
New/Changed
1. TV listing feeds
On 02/06/2015 the BBC removed the listing feeds used by get_iplayer to
populate the TV programme data cache used to support searching.
get_iplayer has now switched to using BBC schedule data instead. This
is what you need to know:
* If you added --refresh-feeds-tv=schedule to your preferences as a
temporary measure to support the web pvr, remove it now from the
command line with:
get_iplayer --prefs-del --refresh-feeds-tv=schedule
* Refreshing your TV data cache will be MUCH slower than before.
Remember this especially if you use --refresh-future, which doubles
the indexing time. The schedule parsing is based on old code
inherited from the original version of get_iplayer, but hopefully
it should improve a bit in future releases.
* Programmes unique to local BBC One variants are not indexed by
default. This reduces the indexing time by about half at the
expense of a handful of programmes, many of which are local news
cut-outs. If you wish to index the BBC One local variants, use
--refresh-exclude-groups-tv=none.
* You may find some TV programmes in search results that are older
than 7 days. This is because the schedule data used for indexing
goes back to the beginning of the previous calendar week.
* You may find some TV programmes in search results that are older
than 7 days and no longer available (e.g., films). You may also
find some future programmes that are not yet available. This
hopefully should be improved in a future release.
* Fewer TV programmes will be indexed. The TV schedule data does not
contain old archive programmes lurking in the iPlayer site. Only
programmes in the schedule listings will be indexed.
* You can no longer search TV programmes for signed or audio
described versions. That facility is unlikely ever to return.
However, you should still be able to download those versions where
available.
* You can no longer search TV programmes by category. That facility
is unlikely ever to return. Category information will not appear in
search results (for the present a blank space will be displayed).
REMEMBER: Any programme not in your data caches (and thus not found in
your search results) should still be available with --pid <PID> or
--url <URL>.
2. Live TV and radio streaming
On 02/06/2015 the BBC removed some metadata resources used by
get_iplayer to locate live streams. get_iplayer has been repaired to
work around this problem. Live streaming should work as before, though
not all streams have been tested.
3. Other changes
* Added support for BBC One/Two Northern Ireland/Scotland/Wales live
streams. HD streams are available for BBC One variants, but BBC Two
variants are SD only. To access those streams with a search string,
you must full spell out which region you want, e.g., get_iplayer
--get --type=livetv "BBC One Scotland".
* Added support for HD TV programmes available via HLS
(--mode=hlshd).
* The --playlist-metadata option is now ignored and will be removed
in the next release.
Fixed
* Fixed "Not a SCALAR reference at get_iplayer.pl line 7099" errors.
There should no longer be any need to use -exclude-supplier=akamai
or -exclude-supplier=limelight to work around those errors.
* Fixed problem with future repeat overwriting previous broadcast of
same programme in cache data.
* Fixed problem with downloading "open subtitles" programme versions
with embedded subtitles (e.g., opera broadcasts).
Full log at https://squarepenguin.co.uk/wiki/releasenotes/release293
Twisted Core 15.2.1 (2015-05-23)
================================
Bugfixes
--------
- twisted.logger now marks the `isError` key correctly on legacy
events generated by writes to stderr. (#7903)
Improved Documentation
----------------------
- twisted.logger's documentation is now correctly listed in the table
of contents. (#7904)
Upstream changes:
version 3.27 (2015-05-05)
[ENHANCEMENTS]
* Cisco Aironet PSU information
* Only log adding mibdirs at debug level 2
[BUG FIXES]
* [#221] Drop Cisco Voice VLAN 4096
version 3.26 (2015-03-07)
[ENHANCEMENTS]
* Add fan and psu reporting to Layer3::Dell
* Include Voice VLANs in (tagged) VLAN Membership on Cisco devices
[BUG FIXES]
* Fix typo in MRO::print_superclasses
version 3.25 (2015-02-25)
[ENHANCEMENTS]
* Add new model name mappings for to Layer2::HP
version 3.24 (2015-02-04)
[ENHANCEMENTS]
* Support RSTP and ieee8021d STP operating modes in RapidCity
[BUG FIXES]
* Fix single instance leafs defined in %FUNCS to behave like table leafs
* Fix incorrect FDB ID to VLAN ID mapping in Bridge and L3:Enterasys
version 3.23 (2014-12-09)
[ENHANCEMENTS]
* Update MIB used in L1::Asante
* Enhanced STP support for L3::Extreme
[BUG FIXES]
* Fix Cisco VLAN membership issue introduced in 3.22 related to capturing
port VLANs on Cisco interfaces which are configured for trunking but
are not in operational trunking mode
version 3.22 (2014-12-02)
[NEW FEATURES]
* Support obtaining FDB in Avaya SPBM edge deployments in L2::Baystack
NOTE: This requires a RAPID-CITY MIB with the rcBridgeSpbmMacTable
* Support for Fortinet devices in new class L3::Fortinet
[ENHANCEMENTS]
* Include LLDP support in base Layer2 and Layer3 classes. Due to the
widespread adoption of LLDP, this should improve mapping networks
when devices aren't supported in a more specific class.
* No longer ignore interfaces based on name, in base L2/L3/L7 device
classes. For several device classes SNMP::Info will now return tunnel
interfaces and/or loopbacks, if present.
* Use dot1qVlanCurrentTable if available to capture dynamic and static
VLANs, fall back to dot1qVlanStaticTable if not available.
* New method i_vlan_membership_untagged() for VLANs transmitted as
untagged frames.
* Capture Aruba AP hardware and software version when available
* New STP methods to support gathering information from devices running
mutiple STP instances such as PVST and MST
* Enhanced STP support for Avaya and Foundry classes
[BUG FIXES]
* [#64] Misdetection: Wireless APs, add products MIB to L2::3Com
* Use FDB ID to VID mapping if available to determine end station VLAN
rather than assuming they are the same.
* Capture port VLANs on Cisco interfaces which are configured for
trunking but are not in operational trunking mode
* Correct munging of stp_p_port(), i_stp_port(), and stp_root() methods
in Bridge
* In LLDP.pm don't create a variable in a conditional
version 3.20 (2014-09-08)
[NEW FEATURES]
* Override layers in Juniper for routers with switch modules
[BUG FIXES]
* Update MANIFEST to include Ubiquiti files
version 3.19 (2014-08-01)
[NEW FEATURES]
* Support for Ubiquiti Access Points in new class L2::Ubiquiti (begemot)
* Preliminary support for 3Com switches in new class L2::3Com (begemot)
[BUG FIXES]
* Fix Avaya detection lldp_port()
* Silence uninitialized value warning in L3::Cisco
* H3C fixes (begemot)
* Only use L2::ZyXEL_DSLAM for ZyXEL DSL modules
version 3.18 (2014-07-02)
[ENHANCEMENTS]
* Pseudo ENTITY-MIB methods added to L3::Tasman for hardware information
* Capture VPC Keepalive IP addresses in L3::Nexus (jeroenvi)
* L2::Netgear inheritance clean up and removal of unnecessary c_* methods
defined in Info base class
[BUG FIXES]
* Correctly identify device type (class) for instantiated objects which
have overridden layers.
* [#58] Fix inheritance in L3::FWSM and L3::CiscoASA
* [#71] Don't try to match on a false port description in lldp_if
* [#54] Possible bad values returned for cdp_id and lldp_port with some HP
gear (Joel Leonhardt)
version 3.17 (2014-06-23)
[ENHANCEMENTS]
* POD tests are not required for distribution.
version 3.16 (2014-06-23)
[ENHANCEMENTS]
* Add method resolution discovery in SNMP::Info::MRO helper module
* Consolidate CiscoImage class into CiscoStats class
* Clean up inheritance for Cisco classes. With this change
all applicable classes now inherit CiscoAgg, CiscoStpExtensions,
CiscoPortSecurity, CiscoPower, and LLDP classes.
* Remove inheritance of classes the devices do not support in L3::FWSM
and L3::CiscoASA
[BUG FIXES]
* Use CiscoVTP methods to get interface VLAN in L3::Cisco rather than
solely relying on the interface description.
version 3.15 (2014-07-10)
[NEW FEATURES]
* Offline mode and Cache export/priming.
[ENHANCEMENTS]
* Return serial number for Cisco 3850 from entPhysicalSerialNum
[BUG FIXES]
* Cisco SB serial number probably did not work
version 3.14 (2014-06-07)
[ENHANCEMENTS]
* Improvements to Mikrotik module (Alex Z)
* Don't unshift length from broken lldpRemManAddrTable implementations (G. Shtern)
* 802.3ad LAG support in Layer3::H3C
* Add LLDP capabilities to Layer2::HPVC class
[BUG FIXES]
* Return correct VLAN info with qb_fw_table() on Layer2::HP
version 3.13 (2014-03-27)
[ENHANCEMENTS]
* Cisco PAgP support added to LAG method
* HP ProCurve LAG support by inheriting Info::Aggregate class
version 3.12 (2014-02-10)
[ENHANCEMENTS]
* Modify L3::Passport to obtain forwarding table information from
RAPID-CITY if information is not available in either Q-BRIDGE-MIB or
BRIDGE-MIB. Needed for VSP 9000 prior to version 4.x (Tobias Gerlach)
[BUG FIXES]
* [#52] NETSCREEN-IP-ARP-MIB considered harmful
* Foundry/Brocade aggreate port master ifIndex resolved properly
version 3.11 (2014-01-26)
[NEW FEATURES]
* [#31] port-channel (aggregate) support. Aggregate support added in new
agg_ports() method. Inital support added for Arista (ifStack),
Avaya (MLT), Brocade (MST), and Cisco (802.3ad).
[ENHANCEMENTS]
* Use Q-BRIDGE-MIB as default with fallback to BRIDGE-MIB across all
classes for the fw_mac, fw_port, and fw_status methods
* Additional support for Avaya 8800 series in L3::Passport
[BUG FIXES]
* Modify cdp_cap() to handle devices which return space delimited strings
for cdpCacheCapabilities rather than hex strings
* [#51] Netdisco shows broken topology for devices with no alias entry
for primary IP - Collect nsIfMngIp when getting IP interfaces in
L3::Netscreen
* Fix Extreme XOS i_vlan_membership - Revert [28bbe0], fix bug with
untagged being added to @ret twice (Robert Kerr)
* Skip default CPU management addresses on VSP and 8800/8600 series in
L3::Passport to prevent erroneous duplicate addresses
version 3.10 (2013-12-16)
[BUG FIXES]
* Data values of zero are now sent to munge method instead of skipped
version 3.09 (2013-12-15)
[NEW FEATURES]
* [#45] IBM (Blade Network Technologies) Rackswitch support in new class
L3::IBMGbTor
* [] set_i_untagged combines both set_i_vlan and set_i_pvid in one method
* [#41] Riverbed Steelhead support added in new class L3::Steelhead
* New c_cap(), cdp_cap(), and lldp_cap() methods which return a hash of
arrays with each array containing the system capabilities reported as
supported by the remote system via CDP or LLDP.
[ENHANCEMENTS]
* Remove "Switch" from model name in L3::Foundry
* [#49] IOS-XR support, add identification of IOS XR and version in
CiscoStats
* Aruba POE Support
* Aruba utilizes Q-BRIDGE-MIB when available for VLAN information to
better support wired switches
* Add lldp_platform() method which uses lldp_rem_sysdesc() or
lldp_rem_sysname() to provide a clue to type of remote LLDP capable
device.
* [RT#78232] Extend cdpCacheCapabilities to show more CDP bits
[BUG FIXES]
* Modify _xos_i_vlan_membership() in L3::Extreme to only include tagged
ports
* When determining the BSSID in Airespace there is only one hexadecimal
digit available so skip if outside the range of 1-16, 17 is reserved
for 3rd party AP's
* Don't assume entity index 1 is the chassis and has serial in Layer3
* Capture serial number on newer Aruba devices
* munge_bits() correctly unpacks BITS
* Fix for single instance table leafs in test_class_mocked.pl
* Fix power module indexing
version 3.08 (2013-10-22)
[ENHANCEMENTS]
* Rewrite of L3::Aruba, now supports pseudo ENTITY-MIB methods to gather
module information, more interface information for APs, more
wireless information to include client stats, and arpnip information
from wireless clients. WARNING: AP device interfaces are now based on
AP MAC and radio versus BSSID to align with other wireless classes.
* [#64] Add i_speed_admin() to L2::2900 (psychiatric)
* [#66] Support for VSS via CISCO-VIRTUAL-SWITCH-MIB in L3::6500
* [#67] Add the possibility to set speed for Layer3::C4000 (psychiatric)
* [#69] set speed and duplex on Cisco VSS system (psychiatric)
* munge_null() now removes all non-printable control characters
* Support Aironet standalone access points (Layer2::Aironet) running IOS15
* lldp_port() returns port ID instead of port description if the port ID
subtype is "interface name". This improves the ability to correlate
ports by name when a port description is also set.
* Add docs note about make_snmpdata.pl under EXTENDING SNMP::Info
* [#46] Brocade (Foundry) Module Support
* Brocade (Foundry) POE Support
* Support peth_port_power() power supplied by PoE ports in L2::Baystack
* Update test_class.pl utility to allow ignore of snmp.conf and test
summarize more standard class methods
* On EOS, the LLDP port ID is a dot1d port
* Use LLDP in Layer3::Aruba, for switches
* Clean up more model names in L2::Baystack
[BUG FIXES]
* [#68] Fix device_port entries for switches with non-unique
ifDesc (Nic Bernstein)
* Don't try to munge undef values
* [#49] Perl 5.18 UNIVERSAL::can change could cause infinite loop
* Silence warning from uninitialized variable in L3::Passport e_descr()
version 3.07 (2013-10-01)
[ENHANCEMENTS]
* Support for Pica8 switches in L3::Pica8
* Factor out cache/munge code from global/attr methods
[BUG FIXES]
* [#48] Switch duplicate J9624A for J9626A in Layer2/HP (R. Kerr)
* Correct device serial number reporting for Nexus devices
* Override ipAddrTable methods in L3::Nexus as some versions do not
index the table with the IPv4 address in accordance with the MIB
definition.
version 3.05 (2013-08-16)
[ENHANCEMENTS]
* [#47] Add model info on HP 2530 and HP 2920 series
* Add support for Cisco Small Business series
Layer2/CiscoSB class
* Add proper LLDP support to Netgear.pm
* Change $netgear->interfaces() to use ifName rather than ifDescr
as the former is unique per interface while the latter is not.
If ifName is not present, concatenate ifDescr and ifIndex
to achieve a unique value.
* Properly report hardware version, Serial No. and OS Version for
Netgear.
version 3.03 (2013-07-11)
[BUG FIXES]
* Add missing =back to POD (A. Hartmaier)
version 3.02 (2013-07-08)
[ENHANCEMENTS]
* Properly pull os_ver from Netgear GS series switches.
* Support Alcatel devices with layer3 features.
* Identify Cisco Aironet 1140 APs as Layer2::Aironet
* LAN switch support added to Layer3::Aruba class
* [RT#86725] - Identify Cisco Catalyst 3850 as Layer3::C6500 (C. Causer)
version 3.01 (2013-04-13)
[API Changes]
* The methods c_ip(), c_if(), c_port(), c_id(), and c_platform() now
represent common topology methods and will try to return a combined
hash of data from all L2 topology protocols either running on the
device or specified in the method call. The topology specific methods
have been been prefixed with the protocol name in lowercase so that
they can be called directly, sonmp_ip(), cdp_ip(), etc.
* L2::Bay and L2::Foundry have been removed from the distribution. Both
classes were depreciated and all functionality is available through
L2::Baystack and L3::Foundry.
[NEW FEATURES]
* [3160037] - Support _raw suffix on methods to skip munging
* [3185391] - Support for F5 devices in new class L3::F5
* [3323814] - Arp support for Netscreen (David Baldwin)
* [3323821] - Support for Netscreen w/ WLAN (eg SSG5) (David Baldwin)
* [3599277] - Q-BRIDGE Support to collect VLAN in macsuck
* [3033731] - Alcatel-Lucent OmniSwich AMAP Support in new AMAP class
* [3598896] - Lantronix device support (J R Binks)
* [3598337] - Lantronix SLC support
* Support for Cisco ASA in L3::CiscoASA (Kraus/Hartmaier/Bernstein)
* Support for Avaya VSP 9000 series in L3::Passport
* Support for Avaya VSP 7000 series in L2::Baystack
* Support Avaya (Trapeze) Wireless Controllers in new class L2::NWSS2300
* Support Juniper (Trapeze) Wireless Controllers in new class L2::Trapeze
* Support for newer Radware Alteon ADC switches 4408/4416/5412/5224 and
older AWS 2000/3000 series in existing L3::AlteonAD
* Support for H3C & HP A-series in new class L3::H3C
* Support for Citrix Netscaler appliances in new class L7::Netscaler
* New configuration option IgnoreNetSNMPConf will ignore Net-SNMP
configuration files on object initialization
* Two new utilities added in t/util to assist in developing device
support; make_snmpdata.pl gathers SNMP data (snmpwalk) in a format that
can be used with test_class_mocked.pl which mocks an SNMP agent to
enable testing with no network access to a device.
[ENHANCEMENTS]
* UNIVERSAL::can() now works with dynamic methods
* Dynamically generated methods are added to symbol table to avoid
AUTOLOAD on subsequent calls
* L2::Airespace now supports 802.11n client tx rates
* L2::Airespace now reports AP Ethernet MAC as port MAC for radio ports
* CiscoStats improvements to determine os versions, eg IOS XE ver on Sup7L-E
* CiscoStats now reports 'ios-xe' if the device runs IOS XE (used to be 'ios')
* Improved support of XOS based Extreme devices
[BUG FIXES]
* [3564920] - lldp_if gives wrong data for Enterasys
version 2.11 (2012-12-09)
[BUG FIXES]
* Add fall-back for sysDescr on Force10
version 2.10 (2012-12-08)
[NEW FEATURES]
* Support for Force10 devices (W. Bulley)
Update DEPENDS
Upstream changes:
1.14 March 24, 2015
+ Add header and body tags [@bubi6608]
! Fixed typo in trace logging example [@oschwald]
+ Converted the dist from using ExtUtils::MakeMaker to using Dist::Zilla [@mvuets]
! Cleaned up prereqs [@mvuets]
! Cleaned up author and release tests [@mvuets]
1.13 December 30, 2014
! Fixed undefined value error when using bugzilla's xmlrpc.cgi (bugzilla's API) [dbeusee]
1.12 November 26, 2014
! #100557 Redefined sub in SOAP::Lite::Deserializer::XMLSchema2001
NetBSD's libc and Samba both proide SHA2 function with the same
protoype, but with different private context structures. The
Samba version must not override the libc version, otherwise they
are used when using LDAP/SSL, through libldap/libssl/libcrypto
but libcrtypo expect to use the libc flavor.
Without this fix, Samba cannot connect to a LDAP directory that
has a SHA2-signed certificate. This rather cryptic error is raised
in smbd logs:
error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
Twisted Core 15.2.0 (2015-05-18)
================================
Features
--------
- twisted.internet.process has now been ported to Python 3. (#5987)
- twisted.cred.credentials is now ported to Python 3. (#6176)
- twisted.trial.unittest.TestCase's assertEqual, assertTrue, and
assertFalse methods now pass through the standard library's more
informative failure messages. (#6306)
- The new package twisted.logger provides a new, fully tested, and
feature-rich logging framework. The old module twisted.python.log
is now implemented using the new framework. The new logger HOWTO
documents the new framework. (#6750)
- twisted.python.modules is now ported to Python 3. (#7804)
- twisted.python.filepath.FilePath now supports Unicode (text) paths.
Like the os module, instantiating it with a Unicode path will
return a Unicode-mode FilePath, instantiating with a bytes path
will return a bytes-mode FilePath. (#7805)
- twisted.internet.kqreactor is now ported to Python 3 (#7823)
- twisted.internet.endpoints.ProcessEndpoint is now ported to Python
3. (#7824)
- twisted.python.filepath.FilePath now has asBytesMode and asTextMode
methods which return a FilePath in the requested mode. (#7830)
- twisted.python.components.proxyForInterface now creates method
proxies that can be used with functools.wraps. (#7832)
- The tls optional dependency will now also install the idna package
to validate idna2008 names. (#7853)
Bugfixes
--------
- Don't raise an exception if `DefaultLogObserver.emit()` gets an
event with a message that raises when `repr()` is called on it.
Specifically: use `textFromEventDict()` instead of a separate (and
inferior) message rendering implementation. (#6569)
- twisted.cred.credentials.DigestedCredentials incorrectly handled
md5-sess hashing according to the RFC, which has now been fixed.
(#7835)
- Fixed an issue with twisted.internet.task.LoopingCall.withCount
where sometimes the passed callable would be invoked with "0" when
we got close to tricky floating point boundary conditions. (#7836)
- twisted.internet.defer now properly works with the new logging
system. (#7851)
- Change `messages` key to `log_io` for events generated by
`LoggingFile`. (#7852)
- twisted.logger had literal characters in docstrings that are now
quoted. (#7854)
- twisted.logger now correctly formats a log event with a key named
`message` when passed to a legacy log observer. (#7855)
- twisted.internet.endpoints.HostnameEndpoint now uses getaddrinfo
properly on Python 3.4 and above. (#7886)
Improved Documentation
----------------------
- Fix a typo in narrative documentation for logger (#7875)
Deprecations and Removals
-------------------------
- tkunzip and tapconvert in twisted.scripts were deprecated in 11.0
and 12.1 respectively, and are now removed. (#6747)
- twisted.protocols.gps is deprecated in preference to
twisted.positioning. (#6810)
- twisted.scripts.tap2deb and twisted.scripts.tap2rpm are now
deprecated. (#7682)
- twisted.trial.reporter.TestResult and
twisted.trial.reporter.Reporter contained deprecated methods (since
8.0) which have now been removed. (#7815)
Other
-----
- #6027, #7287, #7701, #7727, #7758, #7776, #7786, #7812, #7819,
#7831, #7838, #7865, #7866, #7869, #7872, #7877, #7878, #7885
Twisted Conch 15.2.0 (2015-05-18)
=================================
Features
--------
- twisted.conch.ssh.forwarding now supports local->remote forwarding
of IPv6 (#7751)
Twisted Mail 15.2.0 (2015-05-18)
================================
Features
--------
- twisted.mail.smtp.sendmail now uses ESMTP. It will
opportunistically enable encryption and allow the use of
authentication. (#7257)
Twisted Web 15.2.0 (2015-05-18)
===============================
Features
--------
- twisted.web.static is now ported to Python 3. (#6177)
- twisted.web.server.Site accepts requestFactory as constructor
argument. (#7016)
Deprecations and Removals
-------------------------
- twisted.web.util had some HTML generation functions deprecated
since 12.1 that have now been removed. (#7828)
Other
-----
- #6927, #7797, #7802, #7846
Twisted Words 15.2.0 (2015-05-18)
=================================
Bugfixes
--------
- The resumeOffset argument to
twisted.words.protocol.irc.DccFileReceive now works as it is
documented. (#7775)
This contains various bugfixes (hangs, excessive logging) related to SSL
protocol use.
There is no mention in release notes but please be advised that the client
appears to refuse to talk to servers running old versions due to protocol
incompatibility.
Pkgsrc changes: adapt PLIST; the healtcheck script moved
Upstream changes:
This release is a bug fix "mostly" release, back porting fixes
performed in master.
* Change: install healthcheck in bin
* Feature: Allow single line flow route requested by: Pavel Odintsov
* Feature: show route (extensive) can take a neighbor as parameter
requested by: jtkdpu
* Fix: Do shutdown when waiting for a new connection to a peer
* Fix: Bad ASN enconding when ASN4 is not negotiated reported by:
Orangefish on github
* Fix: Shutdown when waiting for a new outgoing connection to establish
* Fix: JSON counter reported by:
* Fix: JSON flow printing for source and destination
* Fix: Do not always locate exabgp.env reported by: Florian Obser
* Fix: Correctly drop root privileges reported by: Florian Obser
* Fix: validation of flow routes
* Fix: Python differences between Unix version breaking process forking
* Fix: Allow = with flowspec singleton reported by: Pavel Odintsov
* Fix: selfcheck feature
* Fix: do not refuse to parse multiple MP attributes in an update
* Fix: possible bug with attribute information due to caching
