Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
o Fixes for two Denial of Service vulnerabalities
(CVE ID# CAN-2004-0807 & CAN-2004-0808).
o Winbind failure to return user entries under certain conditions.
o Syntax errors in the OpenLDAP schema file (samba.schema).
o Printing errors caused by not setting default values for the various
printing commands.
* Disable 'winbind enable local accounts' by default.
o Schannel failure in winbindd.
o Incompatibilities between the 'write list' and 'force user' smb.conf
options.
o Premature optimization of the open_directory() internal function that
broke tools such as the ArcServe backup agent, Macromedia HomeSite,
and Robocopy.
o Sharing violation errors commonly seen when opening when serving
Microsoft Office documents from a Samba file share.
o Browsing problems caused by an apostrophe (') in the computer's
description field.
o Problems creating special file types from UNIX CIFS clients and
enabling 'unix extensions'.
o Fix stalls in smbd caused by inaccessible LDAP servers.
o Remove various memory leaks.
o Fix issues in the password lockout feature.
o Using a cups server other than localhost.
o Maintaining the service principal entry in the system keytab for
integration with other kerberized services. Please refer to the
'use kerberos keytab' entry in smb.conf(5). When using the heimdal
kerberos libraries, you must also specify the following in /etc/krb5.conf:
[libdefaults]
default_keytab_name = FILE:/etc/krb5.keytab
o Support for maintaining individual printer names stored separately
from the printer's sharename.
o Support for maintaining user password history.
o Support for honoring the logon times for user in a Samba domain.
* Reintroduce 'force unknown acl user' parameter. When getting a security
descriptor for a file, if the owner sid is not known, the owner uid is
set to the current uid. Same for group sid.
|
|
Remove NOT_FOR_PLATFORM line.
|
|
|
|
WINS modules. Fix from PR pkg/26640 by John Benninghoff with
modifications by me.
|
|
|
|
if_ieee80211.h header file.
|
|
check and set PKG_FAIL_REASON to get a better error msg
|
|
2. py-soappy needs a threaded Python
1+2: we need threads
|
|
|
|
|
|
|
|
Add dante to CONFLICTS as they install files with the same name (dante already
has socks4 in its own CONFLICTS).
|
|
|
|
This fixes the build of this package, which was failing because recent
versions of automake do not accept some constructions used in it.
|
|
|
|
ftplibpp is a C++ class providing ftp client functionality. It is a
direct derivate from the great ftplib C library by Thomas Pfau.
|
|
|
|
otherwise the default is better (and the variable doesn't need to be set).
Remove a few cases where it was set unnecessarily.
|
|
* Fix aclocal quotation issue (Tomasz K³oczko)
|
|
are useful only for services configured in the standard way (with
{dnscache,tinydns}-conf(8)).
On second thought, don't use the G prefix for the account names.
It makes the dnscache account longer than 8 characters, which in
turn makes noise in the nightly report. (Also, it looks a little
funny.) Since this is already a heavily customized way of running
djbdns services, it's just a little more customized now.
Bump version.
|
|
|
|
|
|
but I didn't, so there isn't one! This does not imply world peace.
|
|
rc.d scripts (inspired by Bennett Todd's Linux init.d scripts) to
run djbdns services. It also includes Jonathan de Boyne Pollard's
dnscache-showctl and tinydns-showctl scripts.
|
|
already knows.
|
|
* merge changes from http://cr.yp.to/djbdns/doc.tar.gz into: axfr-get.8,
tinydns-data.8.
* pickdns-conf.8, pickdns-data.8, pickdns.8: remove.
* dnscache-conf.8, rbldns-conf.8, tinydns-conf.8, walldns-conf.8: adapt.
* axfrdns-conf.8: new.
pkgsrc changes:
* Convert to bsd.options.mk. Available options: "ignoreip2 inet6".
* Set USE_BUILDLINK3=yes.
* Patch to honor PKG_SYSCONFDIR.
* As long as we're patching, patch the installer to avoid setting unusual
permissions on ${PREFIX} and ${PREFIX}/bin.
* Work around the standard djbware errno problem on recent Linux glibc.
* Update to the latest pkgsrc djbware RESTRICTED clause.
* Remove the third-party logfile formatters (they can go elsewhere if needed).
* Take maintainership (suggested by zuntum).
Bump PKGREVISION.
|
|
Significant changes:
- Rewrote core port scanning engine, which is now named ultra_scan().
Improved algorithms make this faster (often dramatically so) in
almost all cases. Not only is it superior against single hosts, but
ultra_scan() can scan many hosts (sometimes hundreds) in parallel.
This offers many efficiency/speed advantages. For example, hosts
often limit the ICMP port unreachable packets used by UDP scans to
1/second. That made those scans extraordinarily slow in previous
versions of Nmap. But if you are scanning 100 hosts at once,
suddenly you can receive 100 responses per second. Spreading the
scan amongst hosts is also gentler toward the target hosts. Nmap
can still scan many ports at the same time, as well. If you find
cases where ultra_scan is slower or less accurate, please send a
report (including exact command-lines, versions used, and output, if
possible) to Fyodor.
- Added --max_hostgroup option which specifies the maximum number of
hosts that Nmap is allowed to scan in parallel.
- Added --min_hostgroup option which specifies the minimum number of
hosts that Nmap should scan in parallel (there are some exceptions
where Nmap will still scan smaller groups -- see man page). Of
course, Nmap will try to choose efficient values even if you don't
specify hostgroup restrictions explicitly.
- Rewrote TCP SYN, ACK, Window, and Connect() scans to use
ultra_scan() framework, rather than the old pos_scan().
- Rewrote FIN, Xmas, NULL, Maimon, UDP, and IP Protocol scans to use
ultra_scan(), rather than the old super_scan().
- Overhauled UDP scan. Ports that don't respond are now classified as
"open|filtered" (open or filtered) rather than "open". The (somewhat
rare) ports that actually respond with a UDP packet to the empty
probe are considered open. If version detection is requested, it
will be performed on open|filtered ports. Any that respond to any of
the UDP probes will have their status changed to open. This avoids a
the false-positive problem where filtered UDP ports appear to be
open, leading to terrified newbies thinking their machine is
infected by back orifice.
- Nmap now estimates completion times for almost all port scan types
(any that use ultra_scan()) as well as service scan (version
detection). These are only shown in verbose mode (-v). On scans
that take more than a minute or two, you will see occasional updates
like:
SYN Stealth Scan Timing: About 30.01% done; ETC: 16:04 (0:01:09 remaining)
New updates are given if the estimates change significantly.
- Added --exclude option, which lets you specify a comma-separated
list of targets (hosts, ranges, netblocks) that should be excluded
from the scan. This is useful to keep from scannig yourself, your
ISP, particularly sensitive hosts, etc. The new --excludefile reads
the list (newline-delimited) from a given file. All the work was
done by Mark-David McLaughlin (mdmcl(a)cisco.com> and William McVey
( wam(a)cisco.com ), who sent me a well-designed and well-tested
patch.
- Nmap now has a "port scan ping" system. If it has received at least
one response from any port on the host, but has not received
responses lately (usually due to filtering), Nmap will "ping" that
known-good port occasionally to detect latency, packet drop rate,
etc.
- Service/version detection now handles multiple hosts at once for
more efficient and less-intrusive operation.
- Nmap now wishes itself a happy birthday when run on September 1 in
verbose mode! The first public release was on that date in 1997.
- The port randomizer now has a bias toward putting
commonly-accessible ports (80, 22, etc.) near the beginning of the
list. Getting a response early helps Nmap calculate response times and
detect packet loss, so the scan goes faster.
- Host timeout system (--host_timeout) overhauled to support host
parallelization. Hosts times are tracked separately, so a host that
finishes a SYN scan quickly is not penalized for an exceptionally
slow host being scanned at the same time.
- When Nmap has not received any responses from a host, it can now
use certain timing values from other hosts from the same scan
group. This way Nmap doesn't have to use absolute-worst-case
(300bps SLIP link to Uzbekistan) round trip timeouts and such.
- Enabled MAC address reporting when using the Windows version
of Nmap. Thanks to Andy Lutomirski (luto(a)stanford.edu) for
writing and sending the patch.
- Workaround crippled raw sockets on Microsoft Windows XP SP2 scans.
I applied a patch by Andy Lutomirski (luto(a)stanford.edu) which
causes Nmap to default to winpcap sends instead. The winpcap send
functionality was already there for versions of Windows such as NT and
Win98 that never supported Raw Sockets in the first place.
- Changed how Nmap sends Arp requests on Windows to use the iphlpapi
SendARP() function rather than creating it raw and reading the
response from the Windows ARP cache. This works around a
(reasonable) feature of Windows Firewall which ignored such
unsolicited responses. The firewall is turned on by default as of
Windows XP SP2. This change was implemented by Dana Epp
(dana(a)vulscan.com).
- Fixed some Windows portability issues discovered by Gisle Vanem
(giva(a)bgnett.no).
- Upgraded libpcap from version 0.7.2 to 0.8.3. This was an attempt
to fix an annoying bug, which I then found was actually in my code
rather than libpcap :).
- Removed Ident scan (-I). It was rarely useful, and the
implementation would have to be rewritten for the new ultra_scan()
system. If there is significant demand, perhaps I'll put it back in
sometime.
- Documented the --osscan_limit option, which saves time by skipping
OS detection if at least one open and one closed port are not found on
the remote hosts. OS detection is much less reliable against such
hosts anyway, and skipping it can save some time.
- Updated nmapfe.desktop file to provide better NmapFE desktop support
under Fedora Core and other systems. Thanks to Mephisto
(mephisto(a)mephisto.ma.cx) for sending the patch.
- Further nmapfe.desktop changes to better fit the freedesktop
standard. The patch came from Murphy (m3rf(a)swimmingnoodle.com).
- Fixed capitalization (with a perl script) of many over-capitalized
vendor names in nmap-mac-prefixes.
- Ensured that MAC address vendor names are always escaped in XML
output if they contain illegal characters (particularly '&'). Thanks
to Matthieu Verbert (mve(a)zurich.ibm.com) for the report and a patch.
- Changed xmloutputversion in XML output from 1.0 to 1.01 to note that
there was a slight change (which was actually the MAC stuff in 3.55).
Thanks to Lionel CONS (lionel.cons(a)cern.ch) for the suggestion.
- Many Windows portability fix and bug fixes, thanks to patch from
Gisle Vanem (giva(a)bgnett.no). With these changes, he was able to
compile Nmap on Windows using MingW + gcc 3.4 C++ rather than MS
Visual Studio.
- Removed (addport) tags from XML output. They used to provide open
ports as they were discovered, but don't work now that the port
scanners scan many hosts at once. They did not specify an IP
address. Of course the appropriate (port) tags are still printed
once scanning of a target is complete.
- Configure script now detects GNU/k*BSD systems (whatever those are),
thanks to patch from Robert Millan (rmh@debian.org)
- Fixed various crashes and assertion failures related to the new
ultra_scan() system, that were found by Arturo "Buanzo" Busleiman
(buanzo(a)buanzo.com.ar), Eric (catastrophe.net), and Bill Petersen
(bill.petersen(a)alcatel.com).
- Fixed some minor memory leaks relating to ping and list scanning as
well as the Nmap output table. These were found with valgrind (
http://valgrind.kde.org/ ).
- Provide limited --packet_trace support for TCP connect() (-sT)
scans.
- Fixed compilation on certain Solaris machines thanks to a patch by
Tom Duffy (tduffy(a)sun.com)
- Fixed some warnings that crop up when compiling nbase C files with a
C++ compiler. Thanks to Gisle Vanem (giva(a)bgnett.no) for sending
the patch.
- Tweaked the License blurb on source files and in the man page. It
clarifies some issues and includes a new GPL exception that
explicitly allows linking with the OpenSSL library. Some people
believe that the GPL and OpenSSL licenses are incompatable without
this special exception.
- Fixed some serious runtime portability issues on *BSD systems.
Thanks to Eric (catastrophe.net) for reporting the problem.
- Changed the argument parser to better detect bogus arguments to the
-iR option.
- Removed a spurious warning message relating to the Windows ARP cache
being empty. Patch by Gisle Vanem (giva(a)bgnett.no).
- Removed some C++-style line comments (//) from nbase, because some C
compilers (particularly on Solaris) barf on those. Problem reported
by Raju Alluri <Raju.Alluri(a)Sun.COM>
|
|
for older NetBSD releases, since this package needs the net80211/*.h header files.
Addresses PR 26814.
|
|
patch submitted by Ove Soerensen in PR 26810
3.1.8.1, 2004-07-27
+ A fix for some DNS resolution problems on Linux.
3.1.8, 2004-07-07
+ Ncftpget, ncftpput, and ncftpls now try to erase the arguments to the
-u/-p/-j (user, password, account) options so they do not show in
a "ps" command (Thanks, Konstantin Gavrilenko).
+ Recognize broken IBM mainframe FTP servers and work around them.
+ Working around a problem with ProFTPD 1.2.9 and later which would
cause recursive downloads to fail.
+ Fixed a bug where ncftpput in recursive mode could lock up if you
used a trailing slash on the directory to upload.
+ For the malicious server problem that was addressed in 3.1.5, enhanced
the fix for better compatibility with mainframe FTP servers.
+ Ncftpget, ncftpput, and ncftpls, and ncftp's open command now accept
an additional advanced option (-o) which lets you do things like disable
NcFTP's use of SITE UTIME, FEAT, HELP SITE, etc.
+ Several HP-UX 10 compatibility bugs fixed (Thanks, Laurent FAILLIE).
+ A couple of looping problems with ncftpbatch fixed (Thanks, George Goffe).
+ Bug fixed with the upload socket buffer not being set (Thanks, ybobble).
+ The utility programs now accept "-" for the config file name used
with "-f" to denote standard input (Thanks, Jeremy Monin).
+ Bug fixed with ncftpput when using both -c and -A (Thanks, Ken Woodmansee).
+ Support for boldface text in Windows version (Thanks, Adam Gates).
3.1.7, 2004-01-07
+ Fixed a memory leak introduced in 3.1.6.
+ Fixed problem where it was assumed that daylight saving's time occurred
at the same time each year for all timezones.
+ Bug fixed with running a shell escape.
+ Ncftpget now uses passive-with-fall-back-to-port mode like ncftpput and
ncftpls.
+ Problem fixed with "ls -a" where occasionally a row with ".." and another
file would be omitted.
+ Ncftpbatch now uses the UTC timezone for spool files.
+ The configure script can now detect when the config.cache file has been
improperly recycled from a machine with a different OS.
+ The Windows version now uses the USERPROFILE environment variable, if it
was set, as the location of the user's home directory.
+ Recognize broken DG/UX servers and work around them.
|
|
* patches for netware support
* the optional Conversion function wants to have the original
data pulled in via snmp to work with, mapping \n and \r to nothing
and stripping spaces must happen later.
* better error message for missing library
* Updated to snmp_session 1.05
* fix for cuin and cout values saved in html comments
* fix for polish translation
* nodetach option for running mrtg under daemontools
* fixed indexmaker. added missing last for --section=portname code
* fixed scaling bug in rateup (unsigned long) should have been long long
* fix indexmaker when used with 14all
|
|
|
|
bash, since it uses lots of bash features. Addresses PR 26799
by Simon Hitzemann.
Bump PKGREVISION for bash dependency.
|
|
|
|
intended transformation: use "rm" to remove an option, "rmdir" to remove
all options containing a path starting with a given directory name, and
"rename" to rename options to something else.
|
|
|
|
which are the full option names used to set rpath directives for the
linker and the compiler, respectively. In places were we are invoking
the linker, use "${LINKER_RPATH_FLAG} <path>", where the space is
inserted in case the flag is a word, e.g. -rpath. The default values
of *_RPATH_FLAG are set by the compiler/*.mk files, depending on the
compiler that you use. They may be overridden on a ${OPSYS}-specific
basis by setting _OPSYS_LINKER_RPATH_FLAG and _OPSYS_COMPILER_RPATH_FLAG,
respectively. Garbage-collect _OPSYS_RPATH_NAME and _COMPILER_LD_FLAG.
|
|
This is a NetBSD decompressor for PPP compatible with the Stac LZS
scheme as described in rfc1974. The algorithm is apparently covered
by patents held by Hifn in the USA and Europe though it was written
independently with no help from Hifn or anybody associated with them,
and with no reference to the patents. You might want to consider this
'example' code only if that makes you feel better.
This package patches the included pppd in NetBSD and thus, in order to
compile this, you will need to have the NetBSD source sets installed.
|
|
It is a PPP daemon and LKM with Stac LZS decompression.
This was packaged by Iain Hibbert and provided via pkgsrc-wip.
This is a NetBSD decompressor for PPP compatible with the Stac LZS
scheme as described in rfc1974. The algorithm is apparently covered
by patents held by Hifn in the USA and Europe though it was written
independently with no help from Hifn or anybody associated with them,
and with no reference to the patents. You might want to consider this
'example' code only if that makes you feel better.
This package patches the included pppd in NetBSD and thus, in order to
compile this, you will need to have the NetBSD source sets installed.
NOTE: I didn't test this software.
|
|
change the way the program works, so the package version has not been changed.
|
|
into the bsd.options.mk framework. Instead of appending to
${PKG_OPTIONS_VAR}, it appends to PKG_DEFAULT_OPTIONS. This causes
the default options to be the union of PKG_DEFAULT_OPTIONS and any
old USE_* and FOO_USE_* settings.
This fixes PR pkg/26590.
|
|
Changes:
* Kopete
o Implement Jabber file transfers. Till Gerken
o Add Jabber group chat support. Till Gerken
o Complete Kopete's handling of external changes to IM data stored
in KABC - add new contacts if added in KABC and rearrange
metacontacts following the data in KABC, similarly, remove. Will
Stephenson
o New connection API that supporting logging in as a different status
than "online" Matt Rogers
o New disconnect API so we can tell when we've been disconnected by
the server and can then reconnect. Matt Rogers
o Latex render plugin Duncan Mac-Vicar
o Add support for bold, italic and underlined messages to Yahoo Matt
Rogers
o Add new mail notifications to the Yahoo! plugin Matt Rogers
o Add SSL Support in IRC Jason Keirstead
o Add the ability to associate custom KNotify event notifications with
a metacontact (Buddy Pounce) Will Stephenson
o Add support for irc:// protocols in Konqueror Jason Keirstead
o Change the KopeteAwayAction to be more like Konqueror's Recent
Documents Jason Keirstead
o Add an alias plugin Jason Keirstead
o Seperate the password handling from KopeteAccount Richard Smith
o Support amaroK in Kopete's Now Listening plugin Will Stephenson
o Action to toggle encryption on/off in a chat. Olivier Goffart
o Implement KIMIface in Kopete to enable presence and messaging
integration across the desktop. Will Stephenson
o Merge data acquired from Kopete's protocols to the KDE address book,
e.g. names, email addresses and phone numbers. Will Stephenson
o Plugin to invite MSN contacts to uses gnomemeeting. Olivier Goffart
o "Send Email..." context menu entry. Reuben Sutton
o ICQ, support mimetype application/x-icq to add contacts Stefan Gehn
o AIM, support aim: protocol to add contacts Stefan Gehn
o ICQ, support for ignore-, invisible- and visible-list Stefan Gehn
o MSN incoming File transfers trought the chat session as MSN
Messenger 6 does.Olivier Goffart
* Remote Desktop Connection (krdc)
o Rewrote the RDP client to use an external rdesktop process, which
includes support for RDP 5. Currently this requires a patched
rdesktop version to be installed. Future rdesktop versions will have
this support built-in. Arend van Beelen jr.
o Switch to enforce the local cursor. Tim Jansen
* KWiFiManager
o when multiple cards are in use, each instance shows information
for one card Stefan Winter
o major code cleanup Stefan Winter
o support for wireless scanning Stefan Winter
* File Sharing
o Create an advanced fileshare Control Center module, based on
KSambaPlugin and KNFSPlugin Jan Schaefer
o Create an advanced Konqueror properties dialog plugin, based on
KSambaPlugin and KNFSPlugin Jan Schaefer
|
|
wait3(status, options, NULL).
|
|
fix (using autoconf) will be submitted to the rsync maintainers for a
future release.
|
|
in host, not network format. At least, this is the case for NetBSD. I don't
know what systems out there exist where this is not the case, but Linux is
one possibility.
|
|
|
|
- fix typos in DESCR
suggestions by snj@.
|
|
Changes from 2.2.9.1.0 is a fix for CAN-2004-0686 included in samba 2.2.10
though it is already applied by ja-samba-2.2.9.1.0nb1 package.
This pkgsrc also contains a fix by Samba 2.2.11; smbd crash problem
by Windos XP SP2 client.
|
|
|
|
- Remove FreeBSD header from pkgsrc Makefile
- ok'ed snj@/wiz@
From the ChangeLog:
- Fixed the processing of duplicate ACKs as in the BSD stack to count towards
the 3 dupacks required for fast-retransmit.
- Fixed the bug in processing IPv6 extension headers in ipv6.c:gethdrlength()
based on the patch sent by Thomas Bohnert.
- Added dsack counter to long output format and dsack sample input and output
- Fixed bug in the calculation of the "avg win adv" field, so that now avg.
falls in between min and max.
- Changes made to make gcc-3.3 make lesser warnings with tcptrace.
- Made the --csv/--tsv/--sv options' implementation better.
- Fixed a bug in traffic module, so that the number of open connections are
printed correct in the traffic_stats.dat file, even without giving
the -C option.
- Included the code to recognize Endace ERF (Extensible Record Format), sent
by Jesper Peterson.
- Included the code to recognize the PPP (Point-to-Point) input file format,
sent by Yann Samama.
- Fixing the bug with filtering connections based on hostname/portname with
the -f option.
- Included the code to generate PF file with '-c' option. Error messages are
made more logical when generating error messages for unsupported input and
captured file formats.
- Applied patch from Ulisses Alonso Camaro that lets SYN segments following
zero window advertisements from the opposite direction *not* be treated
as window probes. Also fixed a compilation problem due to the previous
patch by Jitesh (moved the "static int count=0" line to the beginning of
trace_done() function in trace.c).
- Fixed bunch of gcc3.3.1 warnings in erf.c (unused variable warning), netm.c,
ns.c (dereferencing type-punned pointer warnings).
- Fixed the typo(?) that made us have a #ifndef __WIN32 to #ifdef __WIN32 in
ipv6.h for the in6_addr structure definition.
- Patching in changes to mod_http.c making it more robust to print
information in cases where connections get closed with RST instead of
FINs and other trivia based on Yufei Wang's patch.
- Applying the patch courtesy John Heffner that displays a yellow rwnd line
in owin plots. Also adding --showrwinline option to control the yellow
rwnd line, in case it gets annoying.
- Also fixing trivia (type conversions for certain uint to int, etc.) in
output.c to keep gcc3.3 from warning on MacOSX 10.3.
- All the changes you see above in the 6.4.x series are part of the release
6.6.0.
- Includes a bugfix by Ramani, that restored the old semantics of the
SameConn() and WhichDir() functions and includes
new functions AVL_CheckHash() and AVL_CheckDir() to support the AVL tree
hash-bucket implementation.
- Includes a fix to ns.c to correctly read port numbers; added
functionality to track LEAST variables and reno LEAST algorithm to trace.c;
added isRTO() in rexmit.c : all by Wes.
|