| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
pax -rw, the destination directory must exist. pax in NetBSD creates it if
not, pax in MirBSD complains. I read through all pkgsrc Makefiles that use
pax and added an entry to INSTALLATION_DIRS, or an INSTALL_DATA_DIR
invocation.
I did not test all the changes but they should be fairly safe. If you notice
any breakage because of this change, please contact me.
|
|
0.20.7
======
Changes since 0.20.6:
- Fix GCC warnings about local includes.
- Do not hand out libxml2-allocated strings.
- Fix a crash when a notification host was not available.
- Always call action call-back asynchronously, even when there was an error.
- Add performance measurement options to light-server/-client.
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=669729
- https://bugzilla.gnome.org/show_bug.cgi?id=703263
- https://bugzilla.gnome.org/show_bug.cgi?id=708162
- https://bugzilla.gnome.org/show_bug.cgi?id=708575
- https://bugzilla.gnome.org/show_bug.cgi?id=708751
All contributors to this release:
- Jens Georg <mail@jensge.org>
- Andrzej Bieniek <andyhelp@gmail.com>
- Emanuele Aina <emanuele.aina@collabora.com>
0.20.6
======
Changes since 0.20.5:
- Don't do excessive network rescans.
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=706996
All contributors to this release:
- Ludovic Ferrandis <ludovic.ferrandis@intel.com>
- Jens Georg <mail@jensge.org>
0.20.5
======
Changes since 0.20.4:
- Add some missing G_{BEGIN,END}_DECLS guards.
- Fix uninitialized variable use introduced in previous version.
- Add simple network device whitelisting infrastructure.
- Port gupnp-binding-tool so it's usable with python3.
- Minor code fixes.
- Fix crashes in NetworkManager context manager during some async calls.
- Fix a small memory leak in the unix and windows CM.
- Always enable GTest tests.
- Upgrade gtk-doc stuff.
- Fix the service example in documentation.
- Remove the test for inverted arguments in the GUPnPContext tests.
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=694454
- https://bugzilla.gnome.org/show_bug.cgi?id=704094
- https://bugzilla.gnome.org/show_bug.cgi?id=704383
- https://bugzilla.gnome.org/show_bug.cgi?id=705712
- https://bugzilla.gnome.org/show_bug.cgi?id=706326
All contributors to this release:
- Jens Georg <mail@jensge.org>
- Ludovic Ferrandis <ludovic.ferrandis@intel.com>
- Olivier Crête <olivier.crete@collabora.com>
- Bohuslav Kabrda <bkabrda@redhat.com>
|
|
|
|
- Use USE_PHP_EXT_PATCHES in net/php-sockets.
- Make AI_V4MAPPED noop if platform dosen't have it.
It is poor assumption that AI_V4MAPPED is always defined and V4 mapped
address is always available.
|
|
|
|
Upstream changes:
1.132870 2013-10-14
- Updated database: Mon Oct 14 06:40:01 2013 UTC.
1.131650 2013-06-14
- Updated database: Fri Jun 14 06:40:02 2013 UTC.
|
|
Changes since version 1.0.13:
* Better optional argument handling.
* Set $NAME when calling host-up/down and subnet-up/down scripts.
* Don't echo broadcast packets back when Broadcast = direct.
* Update copyright notices.
* Fix combination of Mode = router and DeviceType = tap on Linux.
* Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
* Use /dev/tap0 by default on FreeBSD and NetBSD when using Mode = switch.
* Document how to load the tap driver on FreeBSD.
* Update THANKS file.
* Also clarify hostnames=[yes|no] in tinc.conf(5).
* Attribution for Vil Brekin and some code style cleanups.
* Don't ignore Makefile.am.
* Fix links in documenation.
* Attribution for Martin Schürrer.
* Add strict checks to hex to binary conversions.
* Clear connection options and status fields in free_connection_partially().
* Fix warnings from cppcheck.
* Clear Ethernet header when reading packets from a tun device.
* Clear status and options fields of unreachable nodes.
* Fix warnings from groff.
* Using alloca() for a constant sized buffer is very silly.
* Make sure PMTU discovery works in switch mode with VLAN tags.
* Mention in the manual that support for LZO and zlib can be disabled.
* Fix configure script help text for --enable options.
* Don't take the address of a variable whose scope is about to disappear.
* Send broadcast packets using a random socket, and properly support IPv6.
* Remove text saying you must have one of PrivateKey or PrivateKeyFile in tinc.conf.
* Fix support for tunemu on iOS devices.
* Make sure PriorityInheritance also works in switch mode.
* Detect increases in PMTU.
* Fix a compiler warning.
* Fix segmentation fault when trying to connect via a SOCKS5 proxy.
* Don't send proxy requests for incoming connections.
* Fix compiler warnings on Windows.
* Fix detection of rejected SOCKS5 proxy requests.
* Basic patch for android cross-compilation.
* Replace hard-code with new ScriptsInterpreter configuration property.
* Add basic .gitignore file, cleaning (most) files generated by autotools.
* Use __ANDROID__ define rather than dirty hard-code to allow android NDK cross-compilation.
* Android cross-compilation instructions.
* Output details of encryption errors
* Minor clarification, tinc.conf hostnames=[yes|no] variable only resolves names for logging purposes.
* Support :: in IPv6 Subnets.
* Remove newline from log message.
* Add support for systemd style socket activation.
* Allow environment variables to be used for Name.
* Allow broadcast packets to be sent directly instead of via the MST.
* Add basic support for SOCKS 4 and HTTP CONNECT proxies.
* Add support for SOCKS 5 proxies.
* Add support for proxying through an external command.
* Document new proxy types.
* Small fixes in proxy code.
* Fix compiler warnings.
* Fix crash when using Broadcast = direct.
* configure.in: fix AC_ARG_ENABLE and AC_ARG_WITH
* add (errnum) in front of windows error messages
* Always try next Address when an outgoing connection fails to authenticate.
* Allow a port to be specified in BindToAddress statements.
* Add support for multicast communication with UML/QEMU/KVM.
* Set default value of DecrementTTL to "no".
* Add #ifdefs in case not all platforms support IPv4 and IPv6 multicast.
* Allow scoped addresses to be used for IPv6 multicast socket.
* Fix compiler warnings.
* Fix return value type of vde_send().
* Fix some more compiler warnings.
* Document OpenBSD "ifconfig link0" and Linux "ip tuntap" commands.
* Fix return type of vde_recv() as well.
* Mark DecrementTTL option experimental.
* Prevent read_rsa_public_key() from returning an uninitialized RSA structure.
* Return false instead of void when there is an error.
* Fix compilation of VDE and UML interfaces.
* Add vde/device.c to the tarball.
* Fix a few small memory leaks.
* Allow linking with multiple device drivers.
* Set FD_CLOEXEC flag on all sockets.
* Allow multiple BindToAddress statements.
* Merge branch 'master' of black:tinc
* Send packets back using the same socket as they were received on.
* Allow setting DeviceType to tun or tap on Linux.
* Merge branch 'master' of black:tinc
* Only compile raw socket code when it is supported on that platform.
* Decrement TTL of incoming packets.
* Don't bind outgoing TCP sockets anymore.
* Rename connection_t *broadcast to everyone.
* Allow disabling of broadcast packets.
* Move initialization of char *priority up to prevent freeing an uninitialized pointer.
* Document the command line flag -o and provide --option as well.
* Fix a bug that caused tinc to ignore all but the last listening socket.
* Fix check for raw socket support.
* Pass index into listen_socket[] to handle_incoming_vpn_data().
* Add LocalDiscovery option which tries to detect peers on the local network.
* Don't send ICMP Time Exceeded messages for other Time Exceeded messages.
* Stricter checks against routing loops.
* Only use broadcast at the start of the PMTU discovery phase.
* Only log errors sending UDP packets when debug level >= 5.
* Accept Subnets passed with the -o option when StrictSubnets = yes.
* Add missing ICMP6 message type definitions.
* Make sure disabling old RSA keys works on Windows.
* Update copyright notices.
* Add missing ICMP message type definitions.
* Make code to detect two nodes with the same Name less triggerhappy.
* Flush output buffer in send_tcppacket().
* Use usleep() instead of sleep(), MinGW complained.
* Reorder checks for libraries to allow ./configure LDFLAGS=-static.
* Make return value of SetPriorityClass() behave the same as setpriority().
* Fix sparse warnings and add an extra sprinkling of const.
* Remove newlines from log messages.
* Remove a few unnecessary #includes.
* Attribution for Loïc Grenié.
* Improved --logfile option.
* Remove redundant @CFLAGS@ from AM_CFLAGS.
* Nearly tickless tinc.
* Fix reading configuration files that do not end with a newline. Again.
* Define WINVER before including any other header file on Windows.
* Use intptr_t instead of long to store a pointer.
* OpenSSL 1.0.0 compiled for 64 bit Windows requires linking with -lcrypt32.
* Fix all warnings when compiling with mingw64.
* Use strrchr() insteaad of rindex().
* Detect and prevent two nodes with the same Name being on the VPN simultaneously.
* Use 64 bit counters to keep track of bytes sent/received from the virtual network interface.
* Do not append an address to ANS_KEY messages if we don't know any address.
* Merge local host configuration with server configuration.
* Remove duplicate command-line option parsing.
* Attribution for Julien Muchembled.
* Attribution for Timothy Redaelli.
* Ensure there is a newline character before a PEM key is written.
* Abort disabling old PEM keys on I/O errors.
* Remove unused variables.
* Quit when there are too many consecutive errors on the tun/tap device.
* Read error counter must be static.
* Add short options -R and -U to the tincd(8) manpage.
* Don't use strlen() on a NULL pointer.
* Provide usleep() for Windows.
* Use variable length arrays instead of alloca().
* Fix warning message when setting SO_RCVBUF or SO_SNDBUF fails.
* Free replay window when freeing a node_t.
* Fix variable length array declaration.
* Attribution for Brandon Black.
* Use setpriority() instead of nice() on UNIX-like systems.
* Always send MTU probes at least once every PingInterval.
* Close all filedescriptors in Solaris close_device().
* Limit field width when scanning PID file.
* Replace bogus #else with #endif.
* Remove unused variables.
* Document the behavior of "-n."
* Update the manual.
* Update the NEWS.
* Proper check and dropin replacement for usleep().
* Fix typo spotted by Andrew Scheller.
* Add support for VDE through libvdeplug.
* Fix spurious misidentification of incoming UDP packets.
* Prevent anything from updating our own UDP address.
* Do not set indirect flag on edges from nodes with multiple addresses.
* Increase threshold for detecting two nodes with the same Name.
* Always use the default signal handler for ABRT signals.
* Check for EVP_EncryptInit_ex instead of SHA1_Version in OpenSSL.
* Update THANKS and copyright information.
* Ensure proper linking with OpenSSL with recent versions of MinGW.
* Include <inttypes.h> when using intptr_t.
* Experimental IFF_ONE_QUEUE support for Linux
* Configurable SO_RCVBUF/SO_SNDBUF for the UDP socket
* Configurable ReplayWindow size, zero disables
* Improved handling of queue-jumping packets on receive
* New '-o' option to configure server or hosts from command line
* Fix command-line '-o' option for host configuration
* Fix warnings showed using -D_FORTIFY_SOURCE=2
* Fix warnings under BSD
* Treat netname="." in a special way.
* DragonFlyBSD support
|
|
On systems where time_t is 64 bit supplying a 32 bit integer to ctime()
may cause problems.
Bump PKGREVISION
|
|
|
|
since version 2013.08.17 is not available unfortunately.
|
|
Requested by Jean-Yves Moulin <jym@baaz.fr>
Bump PKGREVISION.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Changes since 3.6.18:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 5917: Make Samba work on site with Read Only Domain Controller.
o Christian Ambach <ambi@samba.org>
* BUG 8955: NetrServerPasswordSet2 timeout is too short.
o Günther Deschner <gd@samba.org>
* BUG 9899: Fix fallback to ncacn_np in cm_connect_lsat().
* BUG 9615: Fix fallback to ncacn_np in cm_connect_lsat().
* BUG 10127: Fix 'smbstatus' as non-root user.
o Volker Lendecke <vl@samba.org>
* BUG 8955: Give machine password changes 10 minutes of time.
* BUG 10106: Honour output buffer length set by the client for SMB2 GetInfo
requests.
* BUG 10114: Handle Dropbox (write-only-directory) case correctly in
pathname lookup.
o Karolin Seeger <kseeger@samba.org>
* BUG 10076: Fix variable list in man vfs_crossrename.
o Andreas Schneider <asn@samba.org>
* BUG 9994: s3-winbind: Do not delete an existing valid credential cache.
* BUG 10073: 'net ads join': Fix segmentation fault in
create_local_private_krb5_conf_for_domain.
o Richard Sharpe <realrichardsharpe@gmail.com>
* BUG 10097: MacOSX 10.9 will not follow path-based DFS referrals handed
out by Samba.
|
|
* Not known.
|
|
- Fix memory leak caused by latcp -d & llogin -d
- Loads of protocol fixes and speed enhancements
NOTE: There are known problems with DECserver 90L terminal servers
- Add better support for DS90L servers reverse LAT
- Fix REQID message in moprc so it works with more servers.
|
|
|
|
NtBSD-current.
|
|
|
|
|
|
|
|
Based on PR pkg/48269 by Gianni D'Aprile, with various fixes and improvements.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP),
released under the Apache license.
|
|
|
|
Based on PR pkg/48217 by Leonardo Taccari.
Changes:
v1.24 Mar 14 2010
- fixed another remotely triggerable NULL dereference in ip_fragment.c
- unofficial patch that enables tracking of already established TCP connections
- missing reset of some tcp_* variables upon nids_exit
- correct calculation of radiotap header
- compilation warning fixes with newer gcc
- use pcap_get_selectable_fd() instead of pcap_fileno()
|
|
|
|
|
|
|
|
executable bit on errlist.sh.
|
|
OUTPUT CHANGES:
- Output numbers in 3-digit groups by default (e.g. 1,234,567). See the
--human-readable option for a way to turn it off. See also the daemon's
"log format" parameter and related command-line options (including
--out-format) for a modifier that can be used to request digit-grouping
or human-readable output in log escapes. (Note that log output is
unchanged by default.)
- The --list-only option is now affected by the --human-readable setting.
It will display digit groupings by default, and unit suffixes if higher
levels of readability are requested. Also, the column width for the size
output has increased from 11 to 14 characters when human readability is
enabled. Use --no-h to get the old-style output and column size.
- The output of the --progress option has changed: the string "xfer" was
shortened to "xfr", and the string "to-check" was shortened to "to-chk",
both designed to make room for the (by default) wider display of file
size numbers without making the total line-length longer. Also, when
incremental recursion is enabled, the string "ir-chk" will be used
instead of "to-chk" up until the incremental-recursion scan is done,
letting you know that the value to check and the total value will still
be increasing as new files are found.
- Enhanced the --stats output: 1) to mention how many files were created
(protocol >= 28), 2) to mention how many files were deleted (a new line
for protocol 31, but only output when --delete is in effect), and 3) to
follow the file-count, created-count, and deleted-count with a subcount
list that shows the counts by type. The wording of the transferred count
has also changed so that it is clearer that it is only a count of regular
files.
More...
|
|
1.80: 2012-02-26
-- FLV streaming plugin (Gosuke Miyashita <gosukenator@gmail.com>)
-- New Throttle plugin (Adam Thomason <thomason@reticulatedsplines.net>)
-- Force keepalives off when we haven't finished reading a request body, but we
are already sending a response. (Jonathan Steinert <hachi@kuiki.net>)
-- Add support for Content-MD5 checking on PUT requests to web server services.
(Eric Wong <normalperson@yhbt.net>)
-- Include an XFFExtras plugin that can add X-Forwarded-Port and X-Forwarded-Proto
headers to help proxy backends construct canonical URLs with less configuration.
(RT 60260) (Jonathan Steinert <hachi@kuiki.net>)
-- Fix perlbal-check's age calculation to get the maximum age of queues across all
Perlbals. (Abe Hassan <ahassan@saymedia.com>)
-- Add DEFAULT command to allow setting default values for later service tunables
(Mark Smith <mark@qq.is>)
-- Change IO::Socket::SSL version requirement error to reflect what we actually
require. (Jonathan Steinert <hachi@kuiki.net>)
-- Completely redo the deps list for perlbal. This addresses an issue exposed when
LWP was split into component modules (RT 68490) , plus other subtle issues we've
been ignoring or unaware of. (Jonathan Steinert <hachi@kuiki.net>)
-- Stop loading Storable, we don't use it (Jonathan Steinert <hachi@kuiki.net>)
-- Switch Devel::Peek to an optional requirement (Jonathan Steinert <hachi@kuiki.net>)
-- Change perlbal-check to use IO::Socket::INET, not just IO::Socket
(Jonathan Steinert <hachi@kuiki.net>)
-- Can use PERLBAL_REMOVE_FIELDS=1 to disable fields and improve performance
(Nicolas Rochelemagne <nicolas.rochelemagne@cpanel.net>)
-- Optimize handling of SET for bool values
(Nicolas Rochelemagne <nicolas.rochelemagne@cpanel.net>)
|
|
|
|
|
|
|
|
ryo-on, and myself.
cclive is a command line video extraction utility similar to clive
but with lower requirements. Its features are few and essential.
Supports Youtube, Googlevideo, Break, Liveleak, Sevenload, Evisortv
and Dailymotion.
|
|
0MQ version 3.2.4 stable, released on 2013/09/20
================================================
* LIBZMQ-84 (Windows) Assertion failed: Address already in use at signaler.cpp:80
* LIBZMQ-456 ZMQ_XPUB_VERBOSE does not propagate in a tree of XPUB/XSUB devices
* LIBZMQ-532 (Windows) critical section not released on error
* LIBZMQ-569 Detect OpenPGM 5.2 system library
* LIBZMQ-563 Subscribers sometimes stopped receiving messages (aka LIBZMQ-541)
* LIBZMQ-XXX Added support for Travis Continuous Integration
* LIBZMQ-XXX Several improvements to MSVC support
|
|
chrysn and Joe Nahmias have done a bunch of work on Calypso, and I even
managed to fix a couple of bugs. I've merged their stuff in and pushed
out a version 1.2 release this afternoon, along with an updated debian
package. A this point, all reported Debian bugs are closed (surely that
can't last through more than one release).
The only piece unmerged was the ForkingMixin stuff as that means that
each connection has to re-read the entire database at startup as there's
no persistent in-memory state. I'd love to figure out how to use the
ThreadingMixin instead, providing the same multi-session support along
with caching.
|
|
0.8 - Rainbow
=============
* New authentication and rights management modules (by Matthias Jordan)
* Experimental database storage
* Command-line option for custom configuration file (by Mark Adams)
* Root URL not at the root of a domain (by Clint Adams, Fabrice Bellet, Vincent Untz)
* Improved support for iCal, CalDAVSync, CardDAVSync, CalDavZAP and CardDavMATE
* Empty PROPFIND requests handled (by Christoph Polcin)
* Colon allowed in passwords
* Configurable realm message
|
|
* Prevent to show "Retweet" command for protected account
* Change permanent link for tweets in Activity tab.
* Add icon for Activity.
|
|
so that no pkgsrc lua is pulled in)
tested by John Klos
|
|
|
|
Changes from History.txt:
=== 0.5.1 2013-09-18
* tweet with file % tw 'yummy!!' --file=food.jpg
|
|
0.62 (01/26/2013)
(dc) Add support for HTTP compression where available, enabled by default.
(cb) Add support for EAN to the US locale, as reported by Jacob Turino.
(cb) Add Spain and Italy locales, as implemented by Menno Blom.
(cb) Add some new departments in Amazon.co.jp, as implemented Naoya Ito.
|
|
Features:
* New config option "ip-transparent:" to allow NSD to bind to non local
addresses. Default no.
* Use IPV6 minimum MTU settings with TCP to reduce failures that are caused
by delays in learning working PMTU when communicating through a tunnel.
* Bugfix #496: Support for EUI48 and EUI64 RR types. Experimental,
turned off by default. Enable with --enable-draft-rrtypes.
* New config option "rrl-slip:" to set the average number of packets
discarded before we send back a truncated response.
* New config option "rrl-ipv4-prefix-length:" and "rrl-ipv6-prefix-length:"
to set the prefix lengths.
* Improved RRL logging, also print triggering query src address and QTYPE.
* Provide RRL documentation in nsd.conf.sample.
Bugfixes:
* Bugfix #357: Parent process waits until children closed down sockets,
to prevent NSD failing to bind to sockets when restarting.
* Bugfix #487: lookup3.c determine endianness for BSD systems.
* Bugfix #491: pick program name (0th argument) as syslog identity.
* Bugfix #494: Exit with return code 1 if socket code fails.
* Bugfix #495: Wrong bufsize in dname_to_string for root.
* Fix outgoing-interface: Don't fail if family is IPv6 but only IPv4
outgoing-interface is set, or vice versa.
* RRtypes ASFDB, RP, RT should not compress dnames.
* Check that zone directory is within chroot directory.
* Better XFR checking, fallback to AXFR (if allowed) if three malformed
XFR packets have been seen.
|
|
(CVE-2013-4854 and CVE-2013-3919 were already fixed in pkgsrc).
Security Fixes
Previously an error in bounds checking on the private type
'keydata' could be used to deny service through a deliberately
triggerable REQUIRE failure (CVE-2013-4854). [RT #34238]
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
New Features
Added Response Rate Limiting (RRL) functionality to reduce the
effectiveness of DNS as an amplifier for reflected denial-of-service
attacks by rate-limiting substantially-identical responses. [RT
#28130]
Feature Changes
rndc status now also shows the build-id. [RT #20422]
Improved OPT pseudo-record processing to make it easier to support
new EDNS options. [RT #34414]
"configure" now finishes by printing a summary of optional BIND
features and whether they are active or inactive. ("configure
--enable-full-report" increases the verbosity of the summary.)
[RT #31777]
Addressed compatibility issues with newer versions of Microsoft
Visual Studio. [RT #33916]
Improved the 'rndc' man page. [RT #33506]
'named -g' now no longer works with an invalid logging configuration.
[RT #33473]
The default (and minimum) value for tcp-listen-queue is now 10
instead of 3. This is a subtle control setting (not applicable
to all OS environments). When there is a high rate of inbound
TCP connections, it controls how many connections can be queued
before they are accepted by named. Once this limit is exceeded,
new TCP connections will be rejected. Note however that a value
of 10 does not imply a strict limit of 10 queued TCP connections
- the impact of changing this configuration setting will be
OS-dependent. Larger values for tcp-listen queue will permit
more pending tcp connections, which may be needed where there
is a high rate of TCP-based traffic (for example in a dynamic
environment where there are frequent zone updates and transfers).
For most production servers the new default value of 10 should
be adequate. [RT #33029]
Added support for OpenSSL versions 0.9.8y, 1.0.0k, and 1.0.1e
with PKCS#11. [RT #33463]
Added logging messages on slave servers when they forward DDNS
updates to a master. [RT #33240]
Changed the logging category for RRL events from 'queries' to
'query-errors'. [RT #33540]
Bug Fixes
Fixed the "allow-query-on" option to correctly check the destination
address. [RT #34590]
Fix forwarding for forward only "zones" beneath automatic empty
zones. [RT #34583]
Fix DNSSEC auto maintenance so signatures can be removed from a
zone with only KSK keys for an algorithm. [RT #34439]
Fix DNSSEC auto maintenance so signatures from newly inactive
keys are removed (when publishing a new key while deactivating
another key at the same time). [RT #32178]
Remove bogus warning log message about missing signatures when
receiving a query for a SIG record. [RT #34600]
Fix Response Policy Zones on slave servers so new RPZ changes
take effect. [RT #34450]
Fix the "zone-statistics" option to work with the default
traditional statistics (not new "--enable-newstats" feature).
[RT #34466]
named could crash when deleting inline-signing zones with "rndc
delzone". [RT #34066]
Improved resistance to a theoretical authentication attack based
on differential timing. [RT #33939]
named was failing to answer queries during "rndc reload" [RT
#34098]
win32: Some executables had been omitted from the installer. [RT
#34116]
fixed a broken 'Invalid keyfile' error message in dnssec-keygen.
[RT #34045]
The build of BIND now installs isc/stat.h so that it's available
to /isc/file.h when building other applications that reference
these header files - for example dnsperf (see Debian bug ticket
#692467). [RT #33056]
Better handle failures building XML for stats channel responses.
[RT #33706]
Fixed a memory leak in GSS-API processing. [RT #33574]
Fixed an acache-related race condition that could cause a crash.
[RT #33602]
rndc now properly fails when given an invalid '-c' argument. [RT
#33571]
Fixed an issue with the handling of zero TTL records that could
cause improper SERVFAILs. [RT #33411]
Fixed a crash-on-shutdown race condition with DNSSEC validation.
[RT #33573]
Corrected the way that "rndc addzone" and "rndc delzone" handle
non-standard characters in zone names. [RT #33419]
Adjusted RRL behavior for recursive queries to defer rate-limiting
until after recursion is complete. Also uses correct rcode for
slipped NXDOMAIN responses. [RT #33604]
Previously, BIND could erroneously report a missing file
specification when using inline slave zones. [RT #33662]
|
|
(CVE-2013-4854 and CVE-2013-3919 were already fixed in pkgsrc.)
Security Fixes
Previously an error in bounds checking on the private type
'keydata' could be used to deny service through a deliberately
triggerable REQUIRE failure (CVE-2013-4854). [RT #34238]
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
Feature Changes
rndc status now also shows the build-id. [RT #20422]
Improved OPT pseudo-record processing to make it easier to support
new EDNS options. [RT #34414]
"configure" now finishes by printing a summary of optional BIND
features and whether they are active or inactive. ("configure
--enable-full-report" increases the verbosity of the summary.)
[RT #31777]
Addressed compatibility issues with newer versions of Microsoft
Visual Studio. [RT #33916]
Improved the 'rndc' man page. [RT #33506]
'named -g' now no longer works with an invalid logging configuration.
[RT #33473]
The default (and minimum) value for tcp-listen-queue is now 10
instead of 3. This is a subtle control setting (not applicable
to all OS environments). When there is a high rate of inbound
TCP connections, it controls how many connections can be queued
before they are accepted by named. Once this limit is exceeded,
new TCP connections will be rejected. Note however that a value
of 10 does not imply a strict limit of 10 queued TCP connections
- the impact of changing this configuration setting will be
OS-dependent. Larger values for tcp-listen queue will permit
more pending tcp connections, which may be needed where there
is a high rate of TCP-based traffic (for example in a dynamic
environment where there are frequent zone updates and transfers).
For most production servers the new default value of 10 should
be adequate. [RT #33029]
Added support for OpenSSL versions 0.9.8y, 1.0.0k, and 1.0.1e
with PKCS#11. [RT #33463]
Added logging messages on slave servers when they forward DDNS
updates to a master. [RT #33240]
Bug Fixes
Fixed the "allow-query-on" option to correctly check the destination
address. [RT #34590]
Fix DNSSEC auto maintenance so signatures can be removed from a
zone with only KSK keys for an algorithm. [RT #34439]
Fix forwarding for forward only "zones" beneath automatic empty
zones. [RT #34583]
Fix DNSSEC auto maintenance so signatures from newly inactive
keys are removed (when publishing a new key while deactivating
another key at the same time). [RT #32178]
Remove bogus warning log message about missing signatures when
receiving a query for a SIG record. [RT #34600]
Fix Response Policy Zones on slave servers so new RPZ changes
take effect. [RT #34450]
Improved resistance to a theoretical authentication attack based
on differential timing. [RT #33939]
named was failing to answer queries during "rndc reload" [RT
#34098]
Fixed a broken 'Invalid keyfile' error message in dnssec-keygen.
[RT #34045]
The build of BIND now installs isc/stat.h so that it's available
to /isc/file.h when building other applications that reference
these header files - for example dnsperf (see Debian bug ticket
#692467). [RT #33056]
Better handle failures building XML for stats channel responses.
[RT #33706]
Fixed a memory leak in GSS-API processing. [RT #33574]
Fixed an acache-related race condition that could cause a crash.
[RT #33602]
rndc now properly fails when given an invalid '-c' argument. [RT
#33571]
Fixed an issue with the handling of zero TTL records that could
cause improper SERVFAILs. [RT #33411]
Fixed a crash-on-shutdown race condition with DNSSEC validation.
[RT #33573]
Corrected the way that "rndc addzone" and "rndc delzone" handle
non-standard characters in zone names. [RT #33419]
|
