| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Almost certainly no one is using them, and it's been years since
they've been deprecated.
|
|
|
|
PR 46597.
XXX: please update the condition if it is not adapted to your platforms.
|
|
|
|
|
|
Stop a silent dependency on LDAP if such is found.
|
|
* rfc2045mkboundary.c was broken in 0.68
Changes 0.68:
* rfc2045/rfc2045mkboundary.c (rfc2045_mk_boundary): truncate
the hostname portion of the boundary to 30 chars.
* courier/doc/courier.sgml: Remove descriptions of some configuration
files that were moved to the courier-authlib package a while ago.
They don't belong here any more.
* courier/submit.C: Use the authenticated address, instead of the
return address, for domain-based virtual configuration.
* courier/libs/cfilename.c (config_has_vhost): Checks whether
vhost.[ip] exists.
* courier/module.esmtp/courieresmtpd.c (main): Only set a message's
virtual host if vhost.[ip] exists.
* courier/module.esmtp/esmtpclient.c (get_sourceaddr): Make sure the
input buffer is null-terminated.
* courier/submit.C (getrcpts): If there's no vhost setting from the
sender's IP address (this includes local mail!) if vhost.domain exists,
use [domain] as the virtual host.
* Remove config_search(), which simply called config_localfilename().
Change all current callers to call config_localfilename().
* courier/libs/cfilename.c (config_set_local_vhost): saves a string
that gets appended as a suffix, by config_localfilename(), and if that
filename exists, that's returned as the filename, otherwise it's the
original string without the suffix. config_get_local_vhost() returns
the suffix string.
to config_set_local_vhost().
* courier/libs/comsubmitclient.c (submit_fork): If
config_get_local_vhost(), add a -vhost parameter to submit().
* courier/submit.C (cppmain): -vhost sets config_set_local_vhost().
* courier/submit2.C (closectl): New COMCTLFILE_VHOST parameter in the
config file, taken from the vhost setting.
* courier/libs/comctlfile.c (ctlfile_setvhost): If COMCTLFILE_VHOST is
set, call ctlfile_setvhost(), return an indication if the vhost has
changed. Absence of a COMCTLFILE_VHOST treated as a discrete "(null)"
setting.
* courier/module.esmtp/esmtpclient.c (esmtpchild): If ctlfile_setvhost()
then disconnect the current socket, if one is open.
* courier/module.esmtp/esmtpclient.c (get_sourceaddr): The IP address
specified in ipout or ip6out overrides SOURCE_ADDRESS and
SOURCE_ADDRESS_IPV6 environment variable.
* courier/module.local/localmail.c (main): Call ctlfile_setvhost().
* courier/module.uucp/uucp.c (uux): Call ctlfile_setvhost().
* courier/module.dsn/dsn.c (main): Call ctlfile_setvhost().
* liblock/mail.c (dotlock_exists): Quell a compiler warning.
* courier/courierd.dist.in SOURCE_ADDRESS: Add a note that this setting
is deprecated.
|
|
bug fixes.
|
|
Features:
* unbound-control forward_add, forward_remove, stub_add, stub_remove can modify stubs and forwards for running unbound they can also add and remove domain-insecure for the zone. This is to support reconfiguration of a DNSSEC validator on a computer that changes networks and has to enable new network config for the new location.
* new approach to NS fetches for DS lookup that works with cornercases, and is more robust and considers forwarders.
* contrib/validation-reporter follows rotated log file
* Applied patch for rrset-roundrobin and minimal-responses features (new options, enable in unbound.conf to use).
* ECDSA support (RFC 6605) by default. Use --disable-ecdsa for older openssl.
* Patch for access to full DNS packet data in unbound python module
* forward-first option. Tries without forward if a query fails. Also stub-first option that is similar.
Bug Fixes:
* Fix possible uninitialised variable in windows pipe implementation.
* Fix alignment problem in util/random on sparc64/freebsd.
* Fix for accept spinning reported by OpenBSD.
* Fix validation of nodata for DS query in NSEC zones
* [bugzilla: 444 ] Fix that setusercontext was called too late
* [bugzilla: 443 ] Fix --with-chroot-dir not honoured by configure.
* [bugzilla: 442 ] Fix that Makefile depends on pythonmod headers even using --without-pythonmodule.
* Fix to locate nameservers for DS lookup with NS fetches.
* Applied line-buffer patch from Augie Schwer to validation.reporter.sh.
* flush_infra cleans timeouted servers from the cache too.
* Fix from code review, if EINPROGRESS not defined chain if statement differently.
* [bugzilla: 434 ] Fix windows port to check registry for config file location for unbound-control.exe, and unbound-checkconf.exe.
* Fix to squelch 'network unreachable' errors from tcp connect in logs, high verbosity will show them.
* Fix prefetch and sticky NS ghost domain. It picks nameservers that 'would be valid in the future', and if this makes the NS timeout, it updates that NS by asking delegation from the parent again. If child NS has longer TTL, that TTL does not get refreshed from the lookup to the child nameserver.
* RT#2955 Fix for cygwin compilation.
* Slightly smaller critical region in one case in infra cache.
* Fix timeouts to keep track of query type, A, AAAA and other, if another has caused timeout blacklist, different type can still probe.
unit test fix for nomem_cnametopos.rpl race condition.
* fix memory leak in errorcase for DSA signatures.
* workaround for openssl 0.9.8 ecdsa sha2 and evp problem.
* fix for windows, rename() is not posix compliant on windows.
* iana portlist updated
|
|
|
|
quagga installs man pages for several programs only if the programs
are built. This commit just moves some man pages to PLIST.v6 and
PLIST.opaquelsa.
No revbump because the package, if it built before, will be unchanged.
But now building with non-default options should work.
|
|
* Changes in Quagga 0.99.21
- [bgpd] BGP multipath support has been merged
- [bgpd] SAFI (Multicast topology) support has been extended to propagate
the topology to zebra.
- [bgpd] AS path limit functionality has been removed
- [babeld] a new routing daemon implementing the BABEL ad-hoc mesh routing
protocol has been merged.
- [isisd] a major overhaul has been picked up. Please note that isisd is
STILL NOT SUITABLE FOR PRODUCTION USE.
- [*] a lot of bugs have been fixed, please refer to the git log
|
|
ISC's Release Signing Key can be obtained at:
http://www.isc.org/about/openpgp/
Changes since 4.2.4rc1
- Rotate the lease file when running in v6 mode.
Thanks to Christoph Moench-Tegeder at Astaro for the
report and the first version of the patch.
[ISC-Bugs #24887]
Changes since 4.2.4b1
- None
Changes since 4.2.3
! Add a check for a null pointer before calling the regexec function.
Without this check we could, under some circumstances, pass
a null pointer to the regexec function causing it to segfault.
Thanks to a report from BlueCat Networks.
[ISC-Bugs #26704].
CVE: CVE-2011-4539
! Modify the DDNS handling code. In a previous patch we added logging
code to the DDNS handling. This code included a bug that caused it
to attempt to dereference a NULL pointer and eventually segfault.
While reviewing the code as we addressed this problem, we determined
that some of the updates to the lease structures would not work as
planned since the structures being updated were in the process of
being freed: these updates were removed. In addition we removed an
incorrect call to the DDNS removal function that could cause a failure
during the removal of DDNS information from the DNS server.
Thanks to Jasper Jongmans for reporting this issue.
[ISC-Bugs #27078]
CVE: CVE-2011-4868
- Fixed the code that checks if an address the server is planning
to hand out is in a reserved range. This would appear as
the server being out of addresses in pools with particular ranges.
[ISC-Bugs #26498]
- In the DDNS code handle error conditions more gracefully and add more
logging code. The major change is to handle unexpected cancel events
from the DNS client code.
[ISC-Bugs #26287]
- Tidy up the receive calls and eliminate the need for found_pkt.
[ISC-Bugs #25066]
- Add support for Infiniband over sockets to the server and
relay code. We've tested this on Solaris and hope to expand
support for Infiniband in the future. This patch also corrects
some issues we found in the socket code.
[ISC-Bugs #24245]
- Add a compile time check for the presence of the noreturn attribute
and use it for log_fatal if it's available. This will help code
checking programs to eliminate false positives.
[ISC-Bugs #27539]
- Fixed many compilation problems ("set, but not used" warnings) for
gcc 4.6 that may affect Ubuntu 11.10 users. [ISC-Bugs #27588]
- Modify the code that determines if an outstanding DDNS request
should be cancelled. This patch results in cancelling the
outstanding request less often. It fixes the problem caused
by a client doing a release where the TXT and PTR records
weren't removed from the DNS.
[ISC-BUGS #27858]
- Use offsetof() instead of sizeof() to get the sizes for dhcpv6_relay_packet
and dhcpv6_packet in several more places. Thanks to a report from
Bruno Verstuyft and Vincent Demaertelaere of Excentis.
[ISC-Bugs #27941]
- Remove outdated note in the description of the bootp keyword about the
option not satisfying the requirement of failover peers for denying
dynamic bootp clients.
[ISC-bugs #28574]
- Multiple items to clean up IPv6 address processing.
When processing an IA that we've seen check to see if the
addresses are usable (not in use by somebody else) before
handing it out.
When reading in leases from the file discard expired addresses.
When picking an address for a client include the IA ID in
addition to the client ID to generally pick different addresses
for different IAs.
[ISC-Bugs #23138] [ISC-Bugs #27945] [ISC-Bugs #25586]
[ISC-Bugs #27684]
- Remove unnecessary checks in the lease query code and clean up
several compiler issues (some dereferences of NULL and treating
an int as a boolean).
[ISC-Bugs #26203]
- Fix the NA and PD allocation code to handle the case where a client
provides a preference and the server doesn't have any addresses or
prefixes available. Previoulsy the server ignored the request with
this patch it replies with a NoAddrsAvail or NoPrefixAvail response.
By default the code performs according to the errata of August 2010
for RFC 3315 section 17.2.2; to enable the previous style see the
section on RFC3315_PRE_ERRATA_2010_08 in includes/site.h. This option
may be removed in the future.
Thanks to Jiri Popelka at Red Hat for the patch.
[ISC-Bugs #22676]
- Fix up some issues found by static analysis.
A potential memory leak and NULL dereference in omapi.
The use of a boolean test instead of a bitwise test in dst.
[ISC-Bugs #28941]
|
|
Security release for CVE-2012-1667.
--- 9.6-ESV-R7-P1 released ---
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
|
|
Security release for CVE-2012-1667.
--- 9.7.6-P1 released ---
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
|
|
Security release for CVE-2012-1667.
--- 9.8.3-P1 released ---
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
|
|
Security release for CVE-2012-1667.
--- 9.9.1-P1 released ---
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
|
|
|
|
fixes last month changed installed headers, excluding some that have
already been bumped.
|
|
(1) With gcc 4.5, cpp does not fold lines separated by a escaped
newline in the output. Therefore when nasd_rpcgen runs its rpc
definitions through cpp, what comes out contains syntax errors. The
parser then reports these with SIGSEGV. First fix the cpp plumbing to
use the cpp tool wrapper during build, and then have it use -traditional.
(2) On amd64, roughly half the build thinks it's actually i386. Patch
the other half to agree. This may not turn out to work, but it does
build instead of dumping out bizarre compile errors.
|
|
Changelog:
* Rename QName::ns property to QName::prefix.
* Fix parsing multipart/related responses (Bugs #14756, #14854).
* Fix parsing certain WSDLs with attachments (Bill Blough, Bug #16968).
* Use PCRE instead of ereg_* functions (Olle Jonsson, Bug #17726).]
QA release
Bug #11729 WSDL Local File loading
Bug #14344 Use Net_Server in SOAP_Server_TCP
Bug #14756 multipart/related response is not parsed
Bug #14782 logic problem in SOAP_Base bulids multidimensional arrays instead of flat
Bug #14854 multipart/related responses no longer handled correctly
Bug #16968 Bad array assignment when using WSDL client
Bug #17659 Assigning the return value of new by reference is deprecated
Bug #17726 Patch: Using PCRE functions to avoid deprecated functions
Bug #18458 Returning SOAP_Attachment in MIME
Bug #18492 Wrong response when returning multiple results
|
|
per maintainer update request by PR 46517.
ChangeLog:
2.0.12
Changelog:
* inmproved performance with large search results
* Fixed some minor issues with Net_LDAP2_Filter and Net_LDAP2->dnExists()
* Added NOT filter to Net_LDAP2_Filter::create() so negating is more easily now
2.0.11
Changelog:
* (doc issue) Fix for #17861: Missing komma in example
* Fix for #18202: Adding attributes to a Fresh Entry saving and laterly updating
fails
2.0.10
Changelog:
* Added schema handling methods to make schema checks more easily accessible
* Bugfix for #17245. The check in the code was not working properly. Schema
checking is considered the users responsibility.
If now an attribute is requested that is not set at the entry, an empty string
is returned.
* Bugfix for #17770. Some Net_LDAP2 files were included with relative path
("Util.php"), not absolute ("Net/LDAP2/Util.php").
* Bugfix for #17314. LDIF support for attributes with modifiers ("attr1;binary").
|
|
PR 46515 by Francois Tigeot.
2.002 May 31 2012
- Make HTTP output header parsing more consistent - and catch more errors
- Add exec_cgi and exec_trusted_perl methods to HTTP
- Add bugfix for ipv=>"*" combined with UNIX sockets. (Mark Martinec)
- Fix the SSL_test.t to use exit rather than quit so the parent departs
2.001 May 30 2012
- Bug fix wrong usage of File::Temp::tempfile.
- Fix HTTP_COOKIES to be HTTP_COOKIE
- Handle multiple header values better in HTTP
- Add Log::Log4perl logging courtesy of TONVOON@cpan
2.000 May 30 2012
- Sorry for the amazingly long delay. This release represents change to much of the code base. Future patch submissions should be more promptly handled
- Bring Net::Server::Proto::SSL back. It is now fully functional under all scenarios, including IPv4 and IPv6
- Change Proto interface to allow passing more information. This represents an internal API change.
- Updates to the HUP mechanisms to make sure we rebind all types of ports correctly.
- Add IPv6 integration via ::1 style addresses as well as the ipv configuration parameter (Mark Martinec)
- Added graceful shutdown (Tatsuhiko Miyagawa)
- Added hot deploy via TTIN and TTOU (Tatsuhiko Miyagawa)
- Internal code retidying
- Finish out support for connecting to ports by service name
- Don't loose track of fork and prefork children on a hup - make sure to actively wait them off
- Correct accept to take a classname, and optionally be called in array context
- Cleanup numerous configuration issues.
- Added sig_passthrough option to Fork, PreFork, and PreForkSimple servers allowing for arbitrary signals to propagate to children
- Add syswrite/sysread support to SSLEAY (Sergey Zasenko).
- Add PSGI module.
- Many small accumulated bugfixes.
|
|
# Addressable 2.2.8
- fixed issues with dot segment removal code
- form encoding can now handle multiple values per key
- updated development environment
|
|
|
|
5.2.0nb4 to 6.0.1.
pkgsrc changes:
- Adjust license
- Adjust dependencies
- remove patch which correct bogus attributes (upstream fixed)
Upstream changes:
RELEASE 6.0.1 SEP-09-2010
- Removed all occurrences of the "locked" attribute that was
deprecated in Perl 5.12.0.
- Changed the test validating the presence of a monotonic time value
to check for invalid implementations.
- The SNMPv3 contextEngineID and contextName are now stored as part
of the request allowing for these values to be changed between
messages.
RELEASE 6.0.0 SEP-09-2009
- Substantial internal code cleanup was performed based upon the
Perl::Critic module and the "Perl Best Practices" book.
- Added support for the Module::Build system for building, testing,
and installing Perl modules.
- The translation logic for OCTET STRINGs now uses the definition of
a DisplayString in RFC 2579 to determine if the octets are to be
converted into a hexadecimal representation.
- The get_table() and get_entries() methods were refactored as part
of the code cleanup. The get_entries() method now handles "holes"
in tables better and indexes with a value of zero.
- The inheritance structure of the Transport Domain objects was
updated to reduce code duplication and increase maintainability.
- The resolution of IPv6 addresses was made more exhaustive.
- The handling of OBJECT IDENTIFIERs was made more efficient by
using [un]pack() with a BER compressed integer template.
- Additional validation of the values passed to most methods is now
performed and the error messages have been made more robust.
- The documented examples were updated based upon commonly asked
questions (specifically Example 3 and Example 4).
- A Response-PDU with an error-status set to "noError" no longer
generates an error when the error-index is non-zero, as decribed
in Section 4.2.4 of RFC 3416.
- The function oid_lex_cmp() was added to provide for the
lexicographical comparison of two OBJECT IDENTIFIERs.
- The error-status is no longer set for the exceptions noSuchObject,
noSuchInstance, and endOfMibView when translation is not enabled.
|
|
|
|
|
|
|
|
|
|
|
|
2012/05/13: version 3.1.2 = tag release-3-1-2 (expect no binary updates)
7726: Add support for Debian/Hurd, really ;)
2012/04/05: version 3.1.1 = tag release-3-1-1
2012/04/04
7732: Remove the non-existant -O6 optimization level (blickly)
7755: CryptoPP: Fix build with GCC 4.7
2012/02/22
7728: Update GNU config.guess and config.sub to version 2012-02-10
7727: Makefile: call `$(CPP) -x c` instead of `cpp` (ygrek)
7726: Add support for Debian/Hurd
2011/10/25
7647: Update options description of allow_local_network (ygrek)
7646: Include .desktop file in source package (ported from Arch Linux)
7645: DC: show hashing progress in dcinfo (ygrek)
7644: Fix broken target release.utils.static
7642: Update GNU config.guess and config.sub to version 2011/10
7641: DC: fix ownership for downloads by non-admin users (ygrek)
7593: Less allocations (ygrek)
|
|
|
|
pkgsrc.
* Release 0.6.3 (05-Jan-2012)
** Compatibility Fixes
This release really is compatible with Twisted-11.1.0 . The previous Foolscap
release (0.6.2), despite the changes described below, suffered mild
incompatibilites with the new TLS code in the final Twisted-11.1.0 release.
The most common symptom is a DirtyReactorError in unit tests that use
Tub.stopService() in their tearDown() method (to coordinate shutdown and
cleanup). Another symptom is tests overlapping with one another, causing
port-already-in-use errors.
This incompatibility did not generally affect normal operation, but only
impacted unit tests.
** Other Changes
The Debian packaging tools in misc/ were removed, as they were pretty stale.
These days, both Debian and Ubuntu make their own Foolscap packages.
* Release 0.6.2 (15-Oct-2011)
** Compatibility Fixes
Foolscap-0.6.2 will be compatible with future versions of Twisted (>11.0.0).
The 0.6.1 release will not: a TLS change went into Twisted trunk recently
(after the 11.0.0 release) which broke Foolscap 0.6.1 and earlier.
This release also fixes a minor incompatibility with newer versions of
OpenSSL (0.9.8o was ok, 1.0.0d was not), which caused errors in the test
suite (but normal runtime operation) on e.g. Ubuntu 11.10 "Oneiric".
** Git-Over-Foolscap Tools
The doc/examples/ directory contains two executables (git-foolscap and
git-remote-pb) which, when placed in your $PATH, make it easy to use Foolscap
to access a Git repository. These use the flappserver/flappclient tools and
let you build a FURL that provides read-only or read-write access to a single
repository. This is somewhat like providing SSH access to a repo, but with a
much smaller scope: the client will only be able to manipulate the one
repository, and gets no other authority on the target system. See the tool's
inline comments for usage instructions.
** Minor Fixes
Using 'flappserver upload-file FILE1 FILE2 FILE3..' (with three or more
files) now correctly uploads all files: previously it only managed to upload
the first and last.
'flappserver' argument handling was improved slightly. A workaround was added
to handle a Twisted stdio-closing bug which affected flappserver's
run-command function and broke the git-foolscap tool. Several changes were
made for the benefit of Windows: log filenames all use hyphens (not colons),
log filtering tools tolerate the lack of atomic-rename filesystem operations,
and some unixisms in the test suite were removed.
The Tub.setLogGathererFURL() method can now accept a list (iterable) of log
gatherer FURLs, not just a single one.
|
|
|
|
ChangeLog:
2012/05/21 : 1.4.21
- MINOR: patch for minor typo (ressources/resources)
- CLEANUP: fix typo in findserver() log message
- DOC: cleanup indentation, alignment, columns and chapters
- DOC: fix some keywords arguments documentation
- MINOR: stats admin: allow unordered parameters in POST requests
- MINOR: stats admin: use the backend id instead of its name in the form
- BUG/MAJOR: trash must always be the size of a buffer
- DOC: fix minor regex example issue and improve doc on stats
- BUG/MAJOR: possible crash when using capture headers on TCP frontends
- MINOR: config: disable header captures in TCP mode and complain
- BUG/MEDIUM: balance source did not properly hash IPv6 addresses
- CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
- CLEANUP: remove a few warning about unchecked return values in debug code
- CLEANUP: http: remove unused http_msg->col
- BUG/MINOR: http: error snapshots are wrong if buffer wraps
- BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set
- MINOR: proxy: make findproxy() return proxies from numeric IDs too
- BUILD: http: stop gcc-4.1.2 from complaining about possibly uninitialized values
- BUG/MINOR: stop connect timeout when connect succeeds
2012/03/10 : 1.4.20
- BUG/MINOR: fix typo in processing of http-send-name-header
- BUG/MEDIUM: correctly disable servers tracking another disabled servers.
- BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
- MINOR: halog: add some help on the command line (cherry picked from commit 615674cdec067066a42f53f5d55628ab7b207e6c)
- BUILD: fix build error on FreeBSD
- BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
- BUG: http: disable TCP delayed ACKs when forwarding content-length data
- BUG: checks: fix server maintenance exit sequence
- BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on partial writes
- DOC: enumerate valid status codes for "observe layer7"
- BUILD: make it possible to look for pcre in the default system paths
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Currently it's possible to install Nagios plugins independently of
net/nagios-base. However, the directories that the plugins install
into are created and owned by net/nagios-base, so it has to be
installed first to avoid unwanted directory removal when the only
plugin is deinstalled.
|
|
Thanks to Hans Rosenfeld for noticing.
|
|
|
|
* New -S option for ldns-verify-zone to chase signatures online.
* New -k option for ldns-verify-zone to validate using a trusted key.
* New inception and expiration margin options (-i and -e) to
ldns-verify-zone.
* New ldns_dnssec_zone_new_frm_fp and ldns_dnssec_zone_new_frm_fp_l
functions.
* New ldns_duration* functions (copied from OpenDNSSEC source)
* fix ldns-verify-zone to allow NSEC3 signatures to come before
the NSEC3 RR in all cases.
* Zero the correct flag (opt-out) when creating NSEC3PARAMS.
* Canonicalize RRSIG's Signer's name too when validating, because
bind and unbound do that too.
* bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label
* bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free
* bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT
* bugfix #427: Explicitely link ssl with the programs that use it.
* Fix reading \DDD: Error on values that are outside range (>255).
* bugfix #429: fix doxyparse.pl fails on NetBSD because specified
path to perl.
* New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl.
* fix verifying denial of existence for DS's in NSEC3 Opt-Out zones.
|
|
- The following vulnerabilities have been fixed:
o wnpa-sec-2012-08
Infinite and large loops in the ANSI MAP, ASF, BACapp,
Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 dissectors
have been fixed. Discovered by Laurent Butti. (Bugs 6805,
7118, 7119, 7120, 7121, 7122, 7124, 7125)
Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.
o wnpa-sec-2012-09
The DIAMETER dissector could try to allocate memory improperly
and crash. (Bug 7138)
Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.
o wnpa-sec-2012-10
Wireshark could crash on SPARC processors due to misaligned
memory. Discovered by Klaus Heckelmann. (Bug 7221)
Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.
- The following bugs have been fixed:
o User-Password - PAP decoding passwords longer than 16 bytes.
(Bug 6779)
o The MSISDN is not seen correctly in GTP packet. (Bug 7042)
o Wireshark doesn't calculate the right IPv4 destination using
source routing options when bad options precede them. (Bug
7043)
o BOOTP dissector issue with DHCP option 82 - suboption 9. (Bug
7047)
o MPLS dissector in 1.6.7 and 1.7.1 misdecodes some MPLS CW
packets. (Bug 7089)
o ANSI MAP infinite loop. (Bug 7119)
o HCIEVT infinite loop. (Bug 7122)
o Wireshark doesn't decode NFSv4.1 operations. (Bug 7127)
o LTP infinite loop. (Bug 7124)
o Wrong values in DNS CERT RR. (Bug 7130)
o Megaco parser problem with LF in header. (Bug 7198)
o OPC UA bytestring node id decoding is wrong. (Bug 7226)
- Updated Protocol Support
ANSI MAP, ASF, BACapp, Bluetooth HCI, DHCP, DIAMETER, DNS, GTP,
IEEE 802.11, IEEE 802.3, IPv4, LTP, Megaco, MPLS, NFS, OPC UA,
RADIUS
- New and Updated Capture File Support
5View, CSIDS, pcap, pcap-ng
|
|
|
|
New Features
* None
Feature Changes
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
Bug Fixes
* The locking strategy around the handling of iterative queries
has been tuned to reduce unnecessary contention in a multi-threaded
environment. (Note that this may not provide a measurable
improvement over previous versions of BIND, but it corrects the
performance impact of change 3309 / RT #27995) [RT #29239]
* Addresses a race condition that can cause named to to crash when
the masters list for a zone is updated via rndc reload/reconfig
[RT #26732]
* Fixes a race condition in zone.c that can cause named to crash
during the processing of rndc delzone [RT #29028]
* Prevents a named segfault from resolver.c due to procedure
fctx_finddone() not being thread-safe. [RT #27995]
* Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
an assertion when flushing cache data. [RT #28571]
* Resolves inconsistencies in locating DNSSEC keys where zone names
contain characters that require special mappings [RT #28600]
* A new flag -R has been added to queryperf for running tests
using non-recursive queries. It also now builds correctly on
MacOS version 10.7 (darwin) [RT #28565]
* Named no longer crashes if gssapi is enabled in named.conf but
was not compiled into the binary [RT #28338]
* SDB now handles unexpected errors from back-end database drivers
gracefully instead of exiting on an assert. [RT #28534]
|
