| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* The SSL validation fix from 2.2.1 [64414] is now completely fixed. (Part
of the fix didn't actually make it into 2.2.1)
* HTTPS certificate validation now works when using an HTTP proxy. [68583]
* HTTP proxy code deals better with proxies that try to make the user do
HTML-form-based authentication. [68531]
* 64-bit fixes for NTLM auth code. [70323, from Michael Zucchi]
|
|
|
|
While here port it properly so that the route statements in the configuration
file work. Also add patches so that der Mouse's if_tap driver can be used.
Changes since 1.5.0:
2004.05.09 -- Version 1.6.0
* Unchanged from 1.6-rc4 except for version number
upgrade.
2004.04.01 -- Version 1.6-rc4
* Made minor customizations to devcon and
renamed as tapinstall.exe for Windows version.
* Fixed "storage size of `iv' isn't known" build
problem on FreeBSD.
* OpenSSL 0.9.7d bundled with Windows self-install.
2004.03.13 -- Version 1.6-rc3
* Minor Windows fixes for --ip-win32 dynamic, relating to
the way the TAP-Win32 driver responds to a DHCP request
from the Windows DHCP client.
* The net_gateway environmental variable wasn't being
set correctly for called scripts (Paul Zuber).
* Added code to determine the default gateway on FreeBSD,
allowing the --redirect-gateway option to work
(Juan Rodriguez Hervella).
2004.03.04 -- Version 1.6-rc2
* Fixed bug in Windows version where the NetBIOS node-type
DHCP option might have been passed even if it was not
specified.
* Fixed bug in Windows version introduced in 1.6-rc1, where
DHCP timeout would be set to 0 seconds if --ifconfig option
was used and --ip-win32 option was not explicitly specified.
* Added some new --dhcp-option types for Windows version.
2004.03.02 -- Version 1.6-rc1
* For Windows, make "--ip-win32 dynamic" the default.
* For Windows, make "--route-delay 10" the default
unless --ip-win32 dynamic is not used or --route-delay
is explicitly specified.
* L_TLS mutex could have been left in a locked state
for certain kinds of TLS errors.
2004.02.22 -- Version 1.6-beta7
* Allow scheduling priority increase (--nice) together
with UID/GID downgrade (--user/--group).
* Code that causes SIGUSR1 restart on TLS errors in TCP
mode was not activated in pthread builds.
* Save the certificate serial number in an environmental
variable called tls_serial_{n} prior to calling the
--tls-verify script. n is the current cert chain level.
* Added NetBSD IPv6 tunnel capability (also requires
a kernel patch) (Horst Laschinsky).
* Fixed bug in checking the return value of the nice()
function (Ian Pilcher).
* Bug fix in new FreeBSD IPv6 over TUN code which was
originally added in 1.6-beta5 (Nathanael Rensen).
* More Socks5 fixes -- extended the struct frame
infrastructure to accomodate proxy-based encapsulation
overhead.
* Added --dhcp-option to Windows version for setting
adapter properties such as WINS & DNS servers.
* Use a default route-delay of 5 seconds when
--ip-win32 dynamic is specified (only applicable when
--route-delay is not explicitly specified).
* Added "log_append" registry variable to control
whether the OpenVPN service wrapper on Windows
opens log files in append (log_append="1") or
truncate (log_append="0") mode. The default
is truncate.
2004.02.05 -- Version 1.6-beta6
* UDP over Socks5 fix to accomodate Socks5 encapsulation
overhead (Christof Meerwald).
* Minor --ip-win32 dynamic tweaks (use long lease time,
invalidate existing lease with DHCPNAK).
2004.02.01 -- Version 1.6-beta5
* Added Socks5 proxy support (Christof Meerwald).
* IPv6 tun support for FreeBSD (Thomas Glanzmann).
* Special TAP-Win32 debug mode for Windows self-install that was
enabled in beta4 is now turned off.
* Added some new Solaris notes to INSTALL (Koen Maris).
* More work on --ip-win32 dynamic.
2004.01.27 -- Version 1.6-beta4
* For this beta, the Windows self-install is a debug version
and will run slower -- use only for testing.
* Reverted the --ip-win32 default back to 'ipapi'
from 'dynamic'.
* Added the offset parameter to '--ip-win32 dynamic' which
can be used to control the address of the masqueraded
DHCP server which replies to Windows DHCP requests.
* Added a wait/nowait option to --inetd (nowait can only
be used with TCP sockets, TLS authentication, and over
a bridged configuration -- see FAQ for more info)
(Stefan `Sec` Zehl).
* Added a build-time capability where TAP-Win32 driver
debug messages can be output by OpenVPN at --verb 6
or higher.
2004.01.20 -- Version 1.6-beta2
* Added ./configure --enable-iproute2 flag which
uses iproute2 instead of route + ifconfig --
this is necessary for the LEAF Linux distro
(Martin Hejl).
* Added renewal-time and rebind-time to set of
DHCP options returned by the TAP-Win32 driver when
"--ip-win32 dynamic" is used.
2004.01.14 -- Version 1.6-beta1
* Fixed --proxy bug that sometimes caused plaintext
control info generated by the proxy prior to http
CONNECT method establishment to be incorrectly
parsed as OpenVPN data.
* For Windows version, implemented the
"--ip-win32 dynamic" method and made it the default.
This method sets the TAP-Win32 adapter IP address
and netmask by replying to the kernel's DHCP queries.
See the man page for more detailed info.
* Added --connect-retry parameter which controls
the time interval (in seconds) between connect()
retries when --proto tcp-client is used. Previously,
this value was hardcoded to 5 seconds, and still
defaults as such.
* --resolv-retry can now be used with a parameter
of "infinite" to retry indefinitely.
* Added SSL_CTX_use_certificate_chain_file() to ssl.c
for support of multi-level certificate chains
(Sten Kalenda).
* Fixed --tls-auth incompatibility with 1.4.x and earlier
versions of OpenVPN when the passphrase file is an
OpenVPN static key file (as generated by --genkey).
* Added shell-escape support in config files using
the backslash character ("\") so that (for example)
double quotes can be passed to the shell.
* Added "contrib" subdirectory on tarball, source zip,
and CVS containing user-submitted contributions.
* Added an optional patch to the Redhat init script to
allow the configuration file directory to be a
multi-level directory hierarchy (Farkas Levente).
See contrib/multilevel-init.patch
* Added some scripts and documentation on using
Linux "fwmark" iptables rules to enable
fine-grained routing control over the VPN
(Sean Reifschneider, <jafo@tummy.com>).
See contrib/openvpn-fwmarkroute-1.00
|
|
|
|
PLIST.${MACHINE_ARCH:C/i[3-6]86/i386/g}
PLIST.${OPSYS}-${MACHINE_ARCH:C/i[3-6]86/i386/g}
and remove the package hack for MD PLIST files.
Rename PLIST.pre to PLIST.common and PLIST.post to PLIST.common_end
|
|
|
|
included in ruby (base) package.
Bump PKGREVISION.
|
|
|
|
environment, and document it in DESCR by lack of a better place.
o Fix a reference to local in (yet unused) bl3.mk file.
Both issues reported by Hubert Feyrer.
|
|
|
|
|
|
|
|
|
|
|
|
obsolete interface to gnutls. Bump PKGREVISION and depend on it.
|
|
|
|
- Fix for PR #29437 opened by luiszuccolo(at)ciudad.com.ar, thanks for the PR !
> FreeRADIUS 1.0.2 ; $Date: 2005/02/13 01:03:20 $, urgency=medium
> * Novell eDirectoty support. Patch from Novell.
> * localweb & Trapeze dictionary updates.
> * EAP-SIM fixes.
> * Make "Strip-User-Name = No" work.
> * Don't declare zero-length arrays in rlm_passwd
> * Bug fix to make udpfromto code work
> * radrelay shouldn't dump core if it can't read a VP from the
> detail file.
> * Only initialize the random pool once.
> * In rlm_sql, don't escape characters twice.
> * Fix MD4 calculation on big-endian machines.
> * In rlm_ldap, only claim Auth-Type if a plain text password is present.
> * Treat Quintium VSAs like Cisco VSAs
> * Locking fixes in threading code
> * rlm_krb5 includes /usr/include/et for Fedora Core
> * Fix post-auth REJECT stanza processing for rejections from external
> processes or home RADIUS servers
> * Fix building on gcc-4.0 by not trying to access static auth_port from
> other files.
> * Fix building SNMP support on Solaris 9, which needs -lkstat
|
|
Changes unknown (I tested this on Linux).
|
|
Also fix string constants quoting for flow-export's PostgreSQL and MySQL
support.
Bump PKGREVISION to 2.
|
|
PKGREVISION++
|
|
definition of the abs() macro. Based on a suggestion by Roland Illig.
|
|
|
|
|
|
|
|
|
|
|
|
Submitted by Alexander Mayr in PR 29349.
Changes between 0.8.6 - 0.8.9:
2004-12-28 Markus Kern <mkern@users.berlios.de>
* Fixed crash on firewalled source abortion.
2004-12-19 Markus Kern <mkern@users.berlios.de>
* Fixed unchecked FST_PLUGIN->session access in fst_download.c
* Fixed url decoder memmove overrun.
2004-11-27 Markus Kern <mkern@users.berlios.de>
* Added windows installer.
2004-11-11 Markus Kern <mkern@users.berlios.de>
* Finalized multi-supernode connection code.
* Fixed NULL pointer crash on some corrupt search results.
2004-09-03 Markus Kern <mkern@users.berlios.de>
* Fixed abuse of gethostbyname in HTTP client.
2004-06-19 Markus Kern <mkern@users.berlios.de>
* Fixed remote DoS on HTTP server (not exploitable).
* Fixed remote DoS on HTTP client (not exploitable).
2004-06-16 HEx <hex@users.berlios.de>
* Use default nodes file if cache runs out of nodes.
|
|
Submitted by Alexander Mayr (maintainer) in PR 29349.
Changes between 0.11.7 - 0.11.8:
giftd 0.11.8:
* Shares are now keyed by pathname instead of by hash. (Hashes
weren't guaranteed to exist, could collide for identical files,
and no lookup function was provided in any case).
* Handle syncing properly. Share objects are no longer freed
without letting plugins know, and plugin-specific data is no
longer leaked.
* ImageMagick support removed and replaced by Jef Pokanzer's
image_size. This fixes a multitude of problems related to
dependencies, performance, stability and security.
* The --index-only option no longer tries to bind to the interface
port.
* Avoid aborting on transfers >=2Gb. Such transfers still don't
work, though, but this is a stdio limitation and cannot be portably
solved.
giftd 0.11.7:
* Filter LOCATE requests so that they are not delivered to protocol plugins
which do not have a registered hash handler for the hash type being
searched for.
* Preserve extension when renaming downloaded files because the file name
is already used.
* Removed requirement for state files having leading dot on Windows.
* Fixed bug which prevented completed dir from being shared if no sharing
root was set.
* Added meta data extraction for bittorrent files.
* Added check to not share incoming dir if not specifically allowed by
config.
* Fixed some bugs which could lead to shares db corruption.
* Added saving of download paused state across restarts.
libgift 0.11.8.1:
* Fixed a serious bug in TCP buffering introduced in 0.11.8.
libgift 0.11.8:
* The SI suffixes k, M and G multiply configuration values by 2^10,
2^20 and 2^30 respectively.
libgift 0.11.7:
* Fixed VA_COPY bug in strobj which led to crashes on AMD64 (possibly other
platforms?)
* Fixed fd leak in platform_child() implementation.
* Fixed a bug where we possibly send SIGTERM to random processes
in platform_cleanup().
libgiftproto 0.11.8:
* Synchronized the version to match giftd.
libgiftproto 0.11.7:
* Synchronized the version to match giftd.
|
|
|
|
in some file, use subst.mk and remove the patch.
|
|
|
|
It seems to be the origin of the security problem reported in
http://www.python.org/security/PSF-2005-001/.
Instead of fixing this dead end (unused in the pkgsrc tree) just
remove it.
|
|
Bump PKGREVISION.
|
|
because the configuration created by the user might still be in that
directory.
|
|
pkgsrc changes:
- depend on tsocks to allow torification of other applications
- create a user for this application to run as
- install a suitable rc script
ChangeLog says:
o Bugfixes on 0.0.9:
- Fix an assert bug that took down most of our servers: when
a server claims to have 500 GB of bandwidthburst, don't
freak out.
- Don't crash as badly if we have spawned the max allowed number
of dnsworkers, or we're out of file descriptors.
- Block more file-sharing ports in the default exit policy.
- MaxConn is now automatically set to the hard limit of max
file descriptors we're allowed (ulimit -n), minus a few for
logs, etc.
- Give a clearer message when servers need to raise their
ulimit -n when they start running out of file descriptors.
- SGI Compatibility patches from Jan Schaumann.
- Tolerate a corrupt cached directory better.
- When a dirserver hasn't approved your server, list which one.
- Go into soft hibernation after 95% of the bandwidth is used,
not 99%. This is especially important for daily hibernators who
have a small accounting max. Hopefully it will result in fewer
cut connections when the hard hibernation starts.
- Load-balance better when using servers that claim more than
800kB/s of capacity.
- Make NT services work (experimental, only used if compiled in).
|
|
patch-BitTorrent::Rerequester.py
o Chase latest CVS version
- Add {show_infopage,infopage_redirect,scrape_allowed}
options to tracker
- Try to resolve IPs when possible
patch-BitTorrent::track.py
o Chase latest CVS version
- Add {show_infopage,infopage_redirect,scrape_allowed}
options to tracker
- Try to resolve IPs when possible
patch-BitTorrent::zurllib.py
o A better fix for the python 2.4 issue: there are still some minor
adjustments required but the port is quite useable again
patch-btcompletedir.py
o Chase latest CVS version
- Add {show_infopage,infopage_redirect,scrape_allowed}
options to tracker
- Try to resolve IPs when
Bump PKGREVISION.
|
|
|
|
|
|
|
|
* Added NetBSD 1.6.2 support (untested)
|
|
- no changelog available
|
|
Migrate WET_USE_SSL to PKG_OPTIONS.wget=ssl (on by default, as previously).
|
|
Changes:
- Nmap now prints a warning message on Windows if Winpcap is not found
(it then reverts to raw sockets mode if available, as usual).
- documentation fixes and updates.
|
|
|
|
There are many FTP clients around these days. Most are console based, some
feature a graphical user interface. What most clients are missing is support
for latest or not so common technologies like ZeroConf, TLS/SSL or FXP (just
to name a few), accompanied by a decent user interface, that tries to support
the user instead of frustrating him.
KFTPGrabber tries to make a complete FTP client solution with support for
plugins, scripting and everything else the users needs, based on the
latest technologies KDE provides.
Here are some of the features:
- Multiple FTP sessions (tabs)
- Transfer queue
- TLS/SSL support for encrypted connections (implicit and explicit)
- Partial X509 certificate support for authentication
- FXP transfer support (site-to-site)
- OTP (one time password) support - s/key, md5, rmd160, sha1
- Drag&Drop support
- Site bookmarking
- Encrypted bookmark support (password can be saved to KWallet)
- Distributed FTP support (PRET)
- SSCN and CPSV support
- Skiplist
- ZeroConf (aka. Rendezvous) support for local site discovery
- Bookmark sharing with Kopete contacts (KDE >= 3.3)
- Bookmark import plugins
- Support for SFTP protocol [experimental]
|
|
before using it.
Bump PKGREVISION.
|
|
Fix the rc.d script: add rcvar definition and no need to source /etc/rc.subr
twice.
Bump PKGREVISION to 7.
|
|
Really lots of changes since last packaged version (0.83).
Unfortunately there is now changes list included with the distribution file
even if it is stated otherwise.
See http://www.switch.ch/misc/leinen/snmp/perl/changes.html.
Among remarkable things please note IPv6 support and of course many
bug fixes.
|
|
within NetBSD-current's bsd.own.mk, which conflicts with its usage in
pkgsrc. The package that use USE_PAM have been converted to use the
bsd.options.mk framework. This should fix PR pkg/29257.
|
|
- Thanks to diro (at) nixsys.bz for reporting this in PR# 25955 and testing the
patch.
|
