| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Summary for 4.7.3 tcpdump release
Capsicum fixes for FreeBSD 10
Monday March. 10, 2015 guy@alum.mit.edu
Summary for 4.7.2 tcpdump release
DCCP: update Packet Types with RFC4340/IANA names
fixes for CVE-2015-0261: IPv6 mobility header check issue
fixes for CVE-2015-2153, 2154, 2155: kday packets
Friday Nov. 12, 2014 guy@alum.mit.edu
Summary for 4.7.0 tcpdump release
changes to hex printing of CDP packets
Fix PPI printing
Radius: update Packet Type Codes and Attribute Types with RFC/IANA names
Add a routine to print "text protocols", and add FTP/HTTP/SMTP/RTSP support.
improvements to telnet printer, even if not -v
omit length for bcp, print-tcp uses it
formatting fixes for a bunch of protocols
new bounds checks for a number of protocols
split netflow 1,6, and 6 dissector up.
added geneve dissector
CVE-2014-9140 PPP dissector fixed.
|
|
Summary for 1.7.2 libpcap release
Support for filtering Geneve encapsulated packets.
Wednesday Nov. 12, 2014 guy@alum.mit.edu/mcr@sandelman.ca
Summary for 1.7.0 libpcap release
Fix handling of zones for BPF on Solaris
new DLT for ZWAVE
clarifications for read timeouts.
added bpf_filter1() with extensions
some fixes to compilation without stdint.h
EBUSY can now be returned by SNFv3 code.
Monday Aug. 12, 2014 guy@alum.mit.edu
Summary for 1.6.2 libpcap release
Don't crash on filters testing a non-existent link-layer type
field.
Fix sending in non-blocking mode on Linux with memory-mapped
capture.
Fix timestamps when reading pcap-ng files on big-endian
machines.
Saturday Jul. 19, 2014 mcr@sandelman.ca
Summary for 1.6.1 libpcap release
some fixes for the any device
changes for how --enable-XXX (--enable-sniffing, --enable-can) works
Wednesday Jul. 2, 2014 mcr@sandelman.ca
Summary for 1.6.0 libpcap release
Don't support D-Bus sniffing on OS X
fixes for byte order issues with NFLOG captures
Handle using cooked mode for DLT_NETLINK in activate_new().
on platforms where you can not capture on down interfaces, do not list them
but: do list interfaces which are down, if you can capture on them!
Wednesday December 18, 2013 guy@alum.mit.edu
Summary for 1.5.3 libpcap release
Don't let packets that don't match the current filter get to the
application when TPACKET_V3 is used. (GitHub issue #331)
Fix handling of pcap_loop()/pcap_dispatch() with a packet count
of 0 on some platforms (including Linux with TPACKET_V3).
(GitHub issue #333)
Work around TPACKET_V3 deficiency that causes packets to be lost
when a timeout of 0 is specified. (GitHub issue #335)
Man page formatting fixes.
Wednesday December 4, 2013 guy@alum.mit.edu
Summary for 1.5.2 libpcap release
Fix libpcap to work when compiled with TPACKET_V3 support and
running on a kernel without TPACKET_V3 support. (GitHub
issue #329)
Wednesday November 20, 2013 guy@alum.mit.edu
Summary for 1.5.1 libpcap release
Report an error, rather than crashing, if an IPv6 address is
used for link-layer filtering. (Wireshark bug 9376)
Wednesday October 30, 2013 guy@alum.mit.edu
Summary for 1.5.0 libpcap release
TPACKET_V3 support added for Linux
Point users to the the-tcpdump-group repository on GitHub rather
than the mcr repository
Checks added for malloc()/realloc()/etc. failures
Fixed build on Solaris 11
Support filtering filtering E1 SS7 traffic on MTP2 layer Annex A
Use "ln -s" to link man pages by default
Add support for getting nanosecond-resolution time stamps when
capturing and reading capture files
Many changes to autoconf to deal better with non-GCC compilers
added many new DLT types
|
|
* Changes in Wget 1.16.3
** Fix a regression introduced by wget 1.16.2 that --quiet is not
really quiet anymore.
|
|
Important Security Fixes
CVE-2013-5588 - XSS issue via installer or device editing
CVE-2013-5589 - SQL injection vulnerability in device editing
CVE-2014-2326 - XSS issue via CDEF editing
CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
CVE-2014-4002 - XSS issues in multiple files
CVE-2014-5025 - XSS issue via data source editing
CVE-2014-5026 - XSS issues in multiple files
Important Updates
New graph tree view
Updated graph list and graph preview
Refactor graph tree view to remove GPL incompatible code
Updated command line database upgrade utility
Graph zooming now from everywhere
|
|
|
|
This package contains supplementary Go networking libraries.
|
|
Remove patches that were applied upstream.
isisd is enabled, but pimd isn't yet (only because those are upstream defaults).
Upstream changes since 0.99.23:
User-visible changes:
- [pimd] New daemon: pimd provides IPv4 PIM-SSM multicast routing.
- [bgpd] New feature: "next-hop-self all" to override nexthop on iBGP route
reflector setups.
- [bgpd] route-maps have a new action "set ipv6 next-hop peer-address"
- [bgpd] route-maps have a new action "set as-path prepend last-as"
- [bgpd] Update validity checking (particularly MP-BGP / IPv6 routes) was
touched up significantly. Please report possible bugs.
- [ripd] New feature: RIP for IPv4 now supports equal-cost multipath (ECMP)
- [zebra] Multicast RIB support has been extended. It still is IPv4 only.
- [zebra] "no link-detect" is now printed in configurations since it won't
be the default anymore soon. To retain current behaviour, re-save your
configuration after updating to 0.99.24.
Distributor-visible changes:
- --enable-pimd is added to enable pimd. It is considered experimental, though
unless the distribution target is embedded systems with little flash, there
is no reason to not include it in packages.
- --disable-ipv6 no longer exists as an option. It's 2015, your C library
really needs to have IPv6 support by now.
- --disable-netlink no longer exists as an option. It didn't work anyway.
- --disable-solaris no longer exists as an option. It only controlled some
init scripts.
- --enable-isisd is now the default.
- mrlg.cgi is no longer included (it was severely outdated). It can be found
independently at http://mrlg.op-sec.us/
- build on Linux with the musl C library should now work
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Update net/mitmproxy to 0.11.3.
Changes:
29 Dec 2014: mitmproxy 0.11.3:
* Bug fixes (-w option and #435 issue).
29 Dec 2014: mitmproxy 0.11.2:
* Configuration files - mitmproxy.conf, mitmdump.conf, common.conf in the
.mitmproxy directory.
* Better handling of servers that reject connections that are not SNI.
* Many other small bugfixes and improvements.
15 November 2014: mitmproxy 0.11.1:
* Bug fixes: connection leaks some crashes
7 November 2014: mitmproxy 0.11:
* Performance improvements for mitmproxy console
* SOCKS5 proxy mode allows mitmproxy to act as a SOCKS5 proxy server
* Data streaming for response bodies exceeding a threshold
(bradpeabody@gmail.com)
* Ignore hosts or IP addresses, forwarding both HTTP and HTTPS traffic
untouched
* Finer-grained control of traffic replay, including options to ignore
contents or parameters when matching flows (marcelo.glezer@gmail.com)
* Pass arguments to inline scripts
* Configurable size limit on HTTP request and response bodies
* Per-domain specification of interception certificates and keys (see
--cert option)
* Certificate forwarding, relaying upstream SSL certificates verbatim (see
--cert-forward)
* Search and highlighting for HTTP request and response bodies in
mitmproxy console (pedro@worcel.com)
* Transparent proxy support on Windows
* Improved error messages and logging
* Support for FreeBSD in transparent mode, using pf (zbrdge@gmail.com)
* Content view mode for WBXML (davidshaw835@air-watch.com)
* Better documentation, with a new section on proxy modes
* Generic TCP proxy mode
* Countless bugfixes and other small improvements
28 January 2014: mitmproxy 0.10:
* Support for multiple scripts and multiple script arguments
* Easy certificate install through the in-proxy web app, which is now
enabled by default
* Forward proxy mode, that forwards proxy requests to an upstream HTTP server
* Reverse proxy now works with SSL
* Search within a request/response using the "/" and "n" shortcut keys
* A view that beatifies CSS files if cssutils is available
* Bug fix, documentation improvements, and more.
25 August 2013: mitmproxy 0.9.2:
* Improvements to the mitmproxywrapper.py helper script for OSX.
* Don't take minor version into account when checking for serialized file
compatibility.
* Fix a bug causing resource exhaustion under some circumstances for SSL
connections.
* Revamp the way we store interception certificates. We used to store these
on disk, they're now in-memory. This fixes a race condition related to
cert handling, and improves compatibility with Windows, where the rules
governing permitted file names are weird, resulting in errors for some
valid IDNA-encoded names.
* Display transfer rates for responses in the flow list.
* Many other small bugfixes and improvements.
16 June 2013: mitmproxy 0.9.1:
* Use "correct" case for Content-Type headers added by mitmproxy.
* Make UTF environment detection more robust.
* Improved MIME-type detection for viewers.
* Always read files in binary mode (Windows compatibility fix).
* Some developer documentation.
|
|
Changes:
0.11.2
------
* TCPClient: Use TLS1.1+ where available, BaseHandler: disable SSLv2.
0.11.1
------
* Fixes traceback in connection finish.
0.11
----
* Refactor TCP close.
* certstore: add support for cert chains
* certstore: add support for asterisk form to DNTree replacement
* Change the criticality of a number of X509 extentions, to match the RFCs and
real-world CAs/certs.
* Much more sophisticated certificate store:
- Handle wildcard lookup
- Handle lookup of SANs
- Provide hooks for registering override certs and keys for specific
domains (including wildcard specifications)
* Various bug fixes.
0.10
----
* Add IPv6 support for TCPServer.
* Various bug fixes.
|
|
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2015-07
The WCP dissector could crash. (Bug 10844) CVE-2015-2188
* wnpa-sec-2015-08
The pcapng file parser could crash. (Bug 10895) CVE-2015-2189
* wnpa-sec-2015-10
The TNEF dissector could go into an infinite loop. Discovered by
Vlad Tsyrklevich. (Bug 11023) CVE-2015-2190
The following bugs have been fixed:
* IPv6 AUTH mobility option parses Mobility SPI and Authentication
Data incorrectly. (Bug 10626)
* DHCP Option 125 Suboption: (1) option-len always expects 1 but
specification allows for more. (Bug 10784)
* Little-endian OS X Bluetooth PacketLogger files aren't handled.
(Bug 10861)
* X.509 certificate serial number incorrectly interpreted as negative
number. (Bug 10862)
* H.248 "ServiceChangeReasonStr" messages are not shown in text
generated by tshark. (Bug 10879)
* Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI.
(Bug 10897)
* MEGACO wrong decoding on media port. (Bug 10898)
* Wrong media format. (Bug 10899)
* BSSGP Status PDU decoding fault (missing Mandatory element (0x04)
BVCI for proper packet). (Bug 10903)
* Packets on OpenBSD loopback decoded as raw not null. (Bug
10956)
* Display Filter Macro unable to edit. (Bug 10957)
* IPv6 Local Mobility Anchor Address mobility option code is treated
incorrectly. (Bug 10961)
* Juniper Packet Mirror dissector expects ipv6 flow label = 0.
(Bug 10976)
* Infinite loop DoS in TNEF dissector. (Bug 11023)
- Updated Protocol Support
ANSI IS-637-A, DHCP, GSM MAP, H.248, IPv6, Juniper Jmirror, and X.509AF
- New and Updated Capture File Support
PacketLogger, and Pcapng
|
|
|
|
- convert just compile (by cc) into (almost) regular make packaging,
with minor trick, say, renaming WRKSRC etc.
(upstream)
- Update 1.96 to 1.104
(from) https://bitbucket.org/gotoh/connect/commits/all
------------------------------------------------------
Added tag 1.104 for changeset fd6f352325d4 2014-09-24
new version number to 1.104 2014-09-24
allow to use '@' in user name part of host spec string (close #6) 2014-09-24
Clang support on Win32. 2012-09-19
Win32 support for GNU-like toolchains in Makefile 2012-09-19
Fixed typos 2012-09-19
Added return type to domain_match 2012-09-11
Add Interix support 2012-08-25
Fix to support some old Solaris environment. (close #4) 2012-07-26
make Makefile as closs-platform (close #3) 2012-07-26
need ifdef for using make_localnet_as_direct(). 2012-06-20
Added tag 1.103 for changeset c7321796112d 2012-05-14
Use closesocket() on HTTP proxy. 2012-05-14
redefine ECONNRESET only when it is lacked. 2012-04-30
resolve hostname localy before determine direct. 2012-04-21
add feature to make direct access for hosts on the local network. 2012-04-21
doc: fix notes format a little 2012-04-21
Add document and support elisp code. 2009-12-17
Added tag 1.101 for changeset cf9579815b7e 2009-12-17
bump-up to version 1.101. 2009-12-17
fix-up path separator of ssh askpass executable on win32 except cygwin.
2009-12-17
Define version number string explicitly to remove SCM dependency. 2009-12-17
Added tag 1.100 for changeset 7c036cbffb61 2009-12-17
Import connect.c version 1.100. 2009-12-17
|
|
- Add LICENSE= gnu-gpl-v2
(upstream)
- Update 3.05 to 3.3
------------------
Following lines are from ChangeLog, but not really clear,
the date is overwrapped from last (pkgsrc) update.
------------------
2001-02-25 lars brinkhoff <lars@nocrew.org>
From Sampo Niskanen <sampo.niskanen@iki.fi>:
* common.c (handle_tunnel_input): write to stdout if fd = 0.
* htc.c (struct Arguments): add use_std and use_daemon.
(usage): add short option -z for --proxy-authorization-file.
add -s, --stdin-stdout option. add -w, --no-daemon option.
(parse_arguments): recognize new options.
(parse_arguments): write diagnostics to stderr instead of stdout.
(main): likewise.
* hts.c (struct Arguments): add use_std and use_daemon.
(usage): add -s, --stdin-stdout option. add -w, --no-daemon option.
(parse_arguments): recognize new options.
(main): write diagnostics to stderr instead of stdout.
2000-09-01 lars brinkhoff <lars@nocrew.org>
From Brian Somers <brian@Awfulhak.org>:
* htc.c (main): correct typo in log message.
* tunnel.c (tunnel_out_connect): use ntohl() to convert IP address.
(tunnel_accept): likewise.
* common.c (set_address): likewise.
2000-08-31 lars brinkhoff <lars@nocrew.org>
* configure.in: version 3.2
* debian/changelog: sync with new version.
2000-07-25 lars brinkhoff <lars@nocrew.org>
From Brian Somers <brian@Awfulhak.org>:
* tunnel.h: update tunnel_new_server prototype.
* tunnel.c (tunnel_is_server): tunnel is server when
server_socket != -1.
(tunnel_out_connect): log the port number.
(tunnel_in_connect): don't call http_destroy_response with
NULL argument.
(tunnel_accept): log client IP number and port.
(tunnel_new_server): accept char *host argument, which is used
to bind the server to a specific network interface. initialize
tunnel->bytes to 0. pass struct in_addr to server_socket.
(tunnel_new_client): initialize tunnel->bytes to 0.
* hts.c (parse_arguments): host defaults to NULL. recognize
[HOST:]PORT syntax.
(main): log host:port, if host was specified. pass host to
tunnel_new_server.
* common.c (server_socket): take a sockaddr_in * argument; improve
sockaddr_in initialization.
(set_address): improve sockaddr_in initialization.
* common.h: update server_socks prototype.
* htc.c (main): pass a struct in_addr to server_socket.
|
|
- Add LICENSE= 2-clause-bsd
- Takes care two targets by pkgsrc, not WRKSRC side:
do-extract and do-install
(upstream)
- Update 1.09 to 1.10
-------------------
CHANGES,v 1.26 2004/07/08 08:19:58 mavetju
Version 1.10:
- Add support for EDNS0 (extra big packets)
- Add support for querying of ANY records.
- Add represention of SRV, RP records.
|
|
|
|
- Add LICENSE= 2-clause-bsd
- Remove patch-ab (was edit from /usr/local/etc/dhclient.script
to /usr/pkg/sbin/dhclient-script)
Instead, includes above edit in SUBST to clean (false) pkglint flag.
(upstream)
- Update 20060526 to 20090812
---------------------------
2009-08-12 Hajimu UMEMOTO <ume@mahoroba.org>
* dtcpclient.script: Add an ability to assign an anycast address
by prefix delegation. When `anycast' is specified as `hostid' of
`prefix_delegation', an anycast address is assigned.
Requested by: Norikatsu Shigemura <nork@ninth-nine.com>
* dtcpclient.script: Add support for prefix_delegation='AUTO'. If
`AUTO' is specified, delegated IPv6 address is assigned to upped
interface automatically.
|
|
---------------------------
2013-06-02 Hajimu UMEMOTO <ume@mahoroba.org>
* dtcpauth.rb, dtcpc.rb, dtcps.rb: Make them work with Ruby 1.9.
|
|
-------------------
0.22 Tue Aug 13 16:52:44 UTC 2013
- Required host of webservice to be given.
0.21 Sat Dec 3 06:52:42 UTC 2011
- Really fixed the XML::Atom bug.
|
|
--------------
2.07 2015-01-22T10:44:21Z
Old versions of Test::SharedFork are incompatibles with the new
Test::Builder: I had "missing TB2::History" errors. It would be
helpful to upgrade the Test::SharedFork dependency to help the user to
avoid to encounter such hard to track deep errors.
(Reported by dolmen++)
|
|
--------------
1.10 Wed Mar 4 07:15:18 CET 2015
- bugfix: fallback on using Socket::GetAddrInfo for getaddrinfo()
|
|
- Add LICENSE= 2-clause-bsd
- Drop PKG_DESTDIR_SUPPORT=
- Add SUBST_CLASSES to edit Makefile for PREFIX
- Add SUBST_CLASSES to edit dhisd.h and README for VARVASE and PREFIX
- Add SPECIAL_PERMS to set mode 0700 owner root onto executables
(pkgsrc/DESCR)
- Add pointer to ${PREFIX}/share/doc/dhisd/README for info
(pkgsrc/patches/patch-aa)
- Removed
(upstream)
- Update 5.1 to 5.5
-----------------
On dhisd-5.5
The server no longer requires a 5.4 client to have rport=0
in order to reply to the sending port. This releases a small
issue that broke 5.4 clients with servers <= 5.3.
As of this version, if the client's version is 5.4 or higher,
the server always replies to the sending UDP port and disregards
rport. 5.5. clients however continue to fill in rport in order
to be compatible with <= 5.3 servers.
On dhisd-5.4:
The modular architecture has been dropped and the modules and
engines are no longer part of dhisd. Instead dhisd is again
a DNS only updating daemon without engines; the extra functionality
provided by previous engines can however still be replicated with
OnCmd and OffCmd scripts on a per-host basis.
The default configuration directory is now /usr/local/etc
The default binaries directory is now /usr/local/sbin
It is now possible to put all configuration parameters under a
config file; the default is /usr/local/etc/dhisd.conf
The pid file default location moved to /var/run/dhis/dhisd.pid
The log file default location moved to /var/log/dhis/dhisd.log
The server can now be bound to a specific IP address with either
the BindAddr config option or the -b command line option.
Multiple options have been added and are now possible with the
command line (dhisd -h) and the config file.
The server now binds to a UDP port (58800 by default) and sends
UDP messages from that port; in previous versions dhisd sent
UDP messages from a random port even though it listened on port 58000.
In addition to the database text file (specified by the -d option
or the DBFile config option), dhisd can now use a MySQL database
instead to achieve the same purpose of the dhis.db file. See
README and INSTALL for details.
This version of the server is compatible with NAT friendly 5.4 clients.
On dhisd-5.3:
Corrected bug that caused improper handling of comment character (;)
in the database file.
On dhisd-5.2:
Documentation Updates
|
|
more pkgsrcesque.
1) turn _USE_GITHUB into an internal infrastructure variable
2) put back MASTER_SITES in packages' Makefiles.
3) encode the account in the master site URL, remove GH_ACCOUNT
4) rename GH_PROJECT to GITHUB_PROJECT
5) rename GH_TAGNAME to GITHUB_TAG and allow it to accept commit hash
as well as tag. GH_COMMIT is gone.
6) turn on this functionality when MASTER_SITES matches a predefined github
pattern instead of via explicit USE_GITHUB setting.
|
|
|
|
|
|
------------------------------
Wed Nov 29 17:13:25 2006 dean gaudet <dean@arctic.org>
* flodo.c: flow statistics
Sun Nov 7 20:20:48 2004 dean gaudet <dean@arctic.org>
* flodo.c, local_mac.c: netbsd wants sys/types.h and sys/socket.h
Sun Nov 7 17:55:05 2004 dean gaudet <dean@arctic.org>
* hash.[ch]: generic hash implementation
* local_mac.[ch]: crude support for figuring out local MAC addrs
* flodo.c: use hash.[ch], and local_mac.[ch]
* flodo.c: added -1 one-shot mode
* flodo.8: created
* release v4
------------------------------
(previous package included flodo.8, so, above may have duplication)
|
|
--------------
2014-08-17 Flickcurl Version 1.26 Released
Switch all API endpoints and image URLs to https protocol after
announcement on 2014-04-30 that everything is going https only.
Fixed utility documentation: args consistency for PER-PAGE / PAGE.
Added new extras: url_q, url_n and url_c for new image sizes.
Configuration and build improvements for newer automake and autoconf.
Add new internal convienience libraries libmtwist and libgetopt.
Added build-time utility mangen to generate manpage and extras.
Generate and accept the new staticflickr.com domain for image URIs as
well as the existing static.flickr.com.
Multiple error path allocation fixes, several memory leak fixes and a
few overflows found via Coverity.
|
|
--------------
0.73 2015-03-06
- use JSON::MaybeXS instead of deprecated JSON::Any (Tim Vroom)
|
|
-------------------
ChangeLog unknown. Seems minor bug fix.
|
|
changed. Binary should be the same.
|
|
|
|
|
|
- Add LICENSE= modified-bsd
(upstream)
- Update 5.2 to 5.5
-----------------
WHATSNEW in 5.5
===============
In 5.4 the new NAT friendly behaviour was achieved by sending packets
with an rport of 0 to the server. In 5.5 this is no longer needed since
the server looks at the version number; hence 5.5 packets still go out
with rport set, making them compatible with servers of versions 5.3 or lower.
This was a small change/correction and 5.5 is a minor update.
WHATSNEW in 5.4
===============
DHIS packet messages leaving a host will now leave from the DHIS
return port (58800 by default) instead of a randomly assigned port.
Messages sent by this client to a server are marked with a return port of 0 in
the payload of the DHIS packet which causes the server to reply to the UDP port
from which it receives a packet. In other words, the return UDP port is no
longer embedded in a DHIS packet but instead is taken by the server from the
UDP layer of the network packet.
This feature (dhis client) only works with a DHIS server that implements it;
hence, a dhisd server of version 5.4 or above is required for a 5.4 client to
operate.
This feature is particularly useful in systems behind NAT; whereas before a
NAT redirect rule to the return DHIS port (58800 by default) was required, with
DHIS 5.4 this is no longer required since NAT boxes should keep the UDP state
and redirect back to the right host.
A new protocol is also implemented with DHID 5.4; instead of waiting for
server checks with CHECK_REQ, the client refreshes itself to the server
by sending periodic ECHO_REQ packets to it (every refresh period). The
server keeps the host online and only brings it offline it it doesn't
see any ECHO_REQ packets for up to 3 times the refresh period.
WHATSNEW in 5.3
===============
The documentation was updated.
DHID can now be executed under any user (not only root) without
changes to the code.
The pid file default location was changed to /var/run/dhid.pid
|
|
Reviewed by wiz@
|
|
added via PLIST_VARS
Reviewed by wiz@
|
|
Reviewed by wiz@
|
|
Bump package revision because of this bug fix.
|
|
20 dependencies that are not documented, plus a bug on egg info file generation.
These chances are reverted back:
12.0
Remove dependency on jaraco.util. Instead depend on surgical packages.
Deprecated irc.logging in favor of jaraco.logging.
Dropped support for Python 3.2.
|
|
|
|
pdtafti, hfath, asau, kristerw, jakllsch, and keckhardt.
OpenConnect is a client for Cisco's AnyConnect SSL VPN
released under LGPL v2.1.
|
|
|
