Age | Commit message (Collapse) | Author | Files | Lines |
|
2.7.9
- Minor fixes
2.7.8
- Adding henet to supported providers
2.7.7
- Fix for cloudns
2.7.6
- Tests fixes
2.7.5
- Add support for inwx provider
2.7.4
- Add support for Plesk API
|
|
|
|
Changes:
19 Sep 2018: chrony-3.4 released
Enhancements
Add filter option to server/pool/peer directive
Add minsamples and maxsamples options to hwtimestamp directive
Add support for faster frequency adjustments in Linux 4.19
Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit
Disable sub-second polling intervals for distant NTP sources
Extend range of supported sub-second polling intervals
Get/set IPv4 destination/source address of NTP packets on FreeBSD
Make burst options and command useful with short polling intervals
Modify auto_offline option to activate when sending request failed
Respond from interface that received NTP request if possible
Add onoffline command to switch between online and offline state according to current system network configuration
Improve example NetworkManager dispatcher script
Bug fixes
Avoid waiting in Linux getrandom system call
Fix PPS support on FreeBSD and NetBSD
4 Apr 2018: chrony-3.3 released
Enhancements
Add burst option to server/pool directive
Add stratum and tai options to refclock directive
Add support for Nettle crypto library
Add workaround for missing kernel receive timestamps on Linux
Wait for late hardware transmit timestamps
Improve source selection with unreachable sources
Improve protection against replay attacks on symmetric mode
Allow PHC refclock to use socket in /var/run/chrony
Add shutdown command to stop chronyd
Simplify format of response to manual list command
Improve handling of unknown responses in chronyc
Bug fixes
Respond to NTPv1 client requests with zero mode
Fix -x option to not require CAP_SYS_TIME under non-root user
Fix acquisitionport directive to work with privilege separation
Fix handling of socket errors on Linux to avoid high CPU usage
Fix chronyc to not get stuck in infinite loop after clock step
15 Sep 2017: chrony-3.2 released
Enhancements
Improve stability with NTP sources and reference clocks
Improve stability with hardware timestamping
Improve support for NTP interleaved modes
Control frequency of system clock on macOS 10.13 and later
Set TAI-UTC offset of system clock with leapsectz directive
Minimise data in client requests to improve privacy
Allow transmit-only hardware timestamping
Add support for new timestamping options introduced in Linux 4.13
Add root delay, root dispersion and maximum error to tracking log
Add mindelay and asymmetry options to server/peer/pool directive
Add extpps option to PHC refclock to timestamp external PPS signal
Add pps option to refclock directive to treat any refclock as PPS
Add width option to refclock directive to filter wrong pulse edges
Add rxfilter option to hwtimestamp directive
Add -x option to disable control of system clock
Add -l option to log to specified file instead of syslog
Allow multiple command-line options to be specified together
Allow starting without root privileges with -Q option
Update seccomp filter for new glibc versions
Dump history on exit by default with dumpdir directive
Use hardening compiler options by default
Bug fixes
Don’t drop PHC samples with low-resolution system clock
Ignore outliers in PHC tracking, RTC tracking, manual input
Increase polling interval when peer is not responding
Exit with error message when include directive fails
Don’t allow slash after hostname in allow/deny directive/command
Try to connect to all addresses in chronyc before giving up
31 Jan 2017: chrony-3.1 released
Enhancements
Add support for precise cross timestamping of PHC on Linux
Add minpoll, precision, nocrossts options to hwtimestamp directive
Add rawmeasurements option to log directive and modify measurements option to log only valid measurements from synchronised sources
Allow sub-second polling interval with NTP sources
Bug fixes
Fix time smoothing in interleaved mode
16 Jan 2017: chrony-3.0 released
Enhancements
Add support for software and hardware timestamping on Linux
Add support for client/server and symmetric interleaved modes
Add support for MS-SNTP authentication in Samba
Add support for truncated MACs in NTPv4 packets
Estimate and correct for asymmetric network jitter
Increase default minsamples and polltarget to improve stability with very low jitter
Add maxjitter directive to limit source selection by jitter
Add offset option to server/pool/peer directive
Add maxlockage option to refclock directive
Add -t option to chronyd to exit after specified time
Add partial protection against replay attacks on symmetric mode
Don’t reset polling interval when switching sources to online state
Allow rate limiting with very short intervals
Improve maximum server throughput on Linux and NetBSD
Remove dump files after start
Add tab-completion to chronyc with libedit/readline
Add ntpdata command to print details about NTP measurements
Allow all source options to be set in add server/peer command
Indicate truncated addresses/hostnames in chronyc output
Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
Bug fixes
Fix crash with disabled asynchronous name resolving
21 Nov 2016: chrony-2.4.1 released
Bug fixes
Fix processing of kernel timestamps on non-Linux systems
Fix crash with smoothtime directive
Fix validation of refclock sample times
Fix parsing of refclock directive
7 Jun 2016: chrony-2.4 released
Enhancements
Add orphan option to local directive for orphan mode compatible with ntpd
Add distance option to local directive to set activation threshold (1 second by default)
Add maxdrift directive to set maximum allowed drift of system clock
Try to replace NTP sources exceeding maximum distance
Randomise source replacement to avoid getting stuck with bad sources
Randomise selection of sources from pools on start
Ignore reference timestamp as ntpd doesn’t always set it correctly
Modify tracking report to use same values as seen by NTP clients
Add -c option to chronyc to write reports in CSV format
Provide detailed manual pages
Bug fixes
Fix SOCK refclock to work correctly when not specified as last refclock
Fix initstepslew and -q/-Q options to accept time from own NTP clients
Fix authentication with keys using 512-bit hash functions
Fix crash on exit when multiple signals are received
Fix conversion of very small floating-point numbers in command packets
Removed features
Drop documentation in Texinfo format
16 Feb 2016: chrony-2.3 released
Enhancements
Add support for NTP and command response rate limiting
Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris
Add require and trust options for source selection
Enable logchange by default (1 second threshold)
Set RTC on Mac OS X with rtcsync directive
Allow binding to NTP port after dropping root privileges on NetBSD
Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled
Resolve names in separate process when seccomp filter is enabled
Replace old records in client log when memory limit is reached
Don’t reveal local time and synchronisation state in client packets
Don’t keep client sockets open for longer than necessary
Ignore poll in KoD RATE packets as ntpd doesn’t always set it correctly
Warn when using keys shorter than 80 bits
Add keygen command to generate random keys easily
Add serverstats command to report NTP and command packet statistics
Bug fixes
Fix clock correction after making step on Mac OS X
Fix building on Solaris
20 Jan 2016: chrony-2.2.1 and chrony-1.31.2 released
Security fixes
Restrict authentication of NTP server/peer to specified key (CVE-2016-1567)
CVE-2016-1567: Impersonation between authenticated peers
When a server/peer was specified with a key number to enable authentication with a symmetric key, packets received from the server/peer were accepted if they were authenticated with any of the keys contained in the key file and not just the specified key.
This allowed an attacker who knew one key of a client/peer to modify packets from its servers/peers that were authenticated with other keys in a man-in-the-middle (MITM) attack. For example, in a network where each NTP association had a separate key and all hosts had only keys they needed, a client of a server could not attack other clients of the server, but it could attack the server and also attack its own clients (i.e. modify packets from other servers).
To not allow the server/peer to be authenticated with other keys, the authentication test was extended to check if the key ID in the received packet is equal to the configured key number. As a consequence, it’s no longer possible to authenticate two peers to each other with two different keys, both peers have to be configured to use the same key.
This issue was discovered by Matt Street of Cisco ASIG.
19 Oct 2015: chrony-2.2 released
Enhancements
Add support for configuration and monitoring over Unix domain socket (accessible by root or chrony user when root privileges are dropped)
Add support for system call filtering with seccomp on Linux (experimental)
Add support for dropping root privileges on NetBSD
Control frequency of system clock on FreeBSD, NetBSD, Solaris
Add system leap second handling mode on FreeBSD, NetBSD, Solaris
Add dynamic drift removal on Mac OS X
Add support for setting real-time priority on Mac OS X
Add maxdistance directive to limit source selection by root distance (3 seconds by default)
Add refresh command to get new addresses of NTP sources
Allow wildcard patterns in include directive
Restore time from driftfile with -s option if later than RTC time
Add configure option to set default hwclockfile
Add -d option to chronyc to enable debug messages
Allow multiple addresses to be specified for chronyc with -h option and reconnect when no valid reply is received
Make check interval in waitsync command configurable
Bug fixes
Fix building on NetBSD, Solaris
Restore time from driftfile with -s option if reading RTC failed
Removed features
Drop support for authentication with command key (run-time configuration is now allowed only for local users that can access the Unix domain socket)
23 Jun 2015: chrony-2.1.1 released
Bug fixes
Fix clock stepping by integer number of seconds on Linux
22 Jun 2015: chrony-2.1 released
Enhancements
Add support for Mac OS X
Try to replace unreachable and falseticker servers/peers specified by name like pool sources
Add leaponly option to smoothtime directive to allow synchronised leap smear between multiple servers
Use specific reference ID when smoothing served time
Add smoothing command to report time smoothing status
Add smoothtime command to activate or reset time smoothing
Bug fixes
Fix crash in source selection with preferred sources
Fix resetting of time smoothing
Include packet precision in peer dispersion
Fix crash in chronyc on invalid command syntax
27 Apr 2015: chrony-2.0 released
Enhancements
Update to NTP version 4 (RFC 5905)
Add pool directive to specify pool of NTP servers
Add leapsecmode directive to select how to correct clock for leap second
Add smoothtime directive to smooth served time and enable leap smear
Add minsources directive to set required number of selectable sources
Add minsamples and maxsamples options for all sources
Add tempcomp configuration with list of points
Allow unlimited number of NTP sources, refclocks and keys
Allow unreachable sources to remain selected
Improve source selection
Handle offline sources as unreachable
Open NTP server port only when necessary (client access is allowed by allow directive/command or peer/broadcast is configured)
Change default bindcmdaddress to loopback address
Change default maxdelay to 3 seconds
Change default stratumweight to 0.001
Update adjtimex synchronisation status
Use system headers for adjtimex
Check for memory allocation errors
Reduce memory usage
Add configure options to compile without NTP, cmdmon, refclock support
Extend makestep command to set automatic clock stepping
Bug fixes
Add sanity checks for time and frequency offset
Don’t report synchronised status during leap second
Don’t combine reference clocks with close NTP sources
Fix accepting requests from configured sources
Fix initial fallback drift setting
|
|
|
|
|
|
|
|
|
|
|
|
Bugfixes:
#5038: Repeating INFO: UPnP parse: unrecognized UPnP device of type upnp:rootdevice
#5063: panic: cannot start already running folder
#5073: lib/logger: tests fail due to compilation error with go 1.11
#5089: Invalid files shouldn't affect global state
#5144: Tests fail on Go 1.11 / Windows
#5149: Index updates lost
Other issues:
#3595: stdiscosrv: Doesn't build on Solaris
#5043: root on symlinked path causes panic when using "Watch for changes"
Also:
This release includes initial support for "receive only" folders.
See https://docs.syncthing.net/users/foldertypes.html#receive-only-folder.
|
|
Submitted by Antonio Huete in joyent/pkgsrc#108. Bump PKGREVISION.
|
|
|
|
http://lists.dragonflybsd.org/pipermail/commits/2018-April/672047.html
|
|
Doing so overwrites uuid.pc that belongs to libuuid through the symlink.
|
|
|
|
|
|
|
|
Haven't found anything that can be used as a NEWS/changelog, possibly
due to losing history in a repository move.
However, author states there's a few security/bug fixes.
update MAINTAINER, HOMEPAGE, etc.
PR pkg/53638
|
|
by default. Deprecate 'djbdns-qmerge1'.
When applying the 'djbdns-mergequeries' patch, also apply a missing
bounds check. Patch from Tim Stewart on dns@list.cr.yp.to.
Bump PKGREVISION.
|
|
|
|
|
|
|
|
|
|
Fixes build.
Based on patch by Mustafa Dogan in private mail.
|
|
|
|
Provided by Coy Hile in joyent/pkgsrc#131. Fixes an issue where the module
builds would fail if they found a system LDAP. Fix print-PLIST while here.
FreeRADIUS 3.0.17 Tue 17 Apr 2018 14:00:00 EDT urgency=low
Feature improvements
* Add CURLOPT_CAINFO. Patch from Nicolas C.
#2167
* "stats home server" now supports "src IPADDR",
to specify home server also by source IP. Fixes #2169.
* Add Dockerfiles for a selection of common systems.
* Increase number of permitted file descriptors, for
systems with many home servers.
* Add TLS-Client-Cert-X509v3-Extended-Key-Usage-OIDs.
Patch from Isaac Boukris. Fixes #2205.
* Update main READMEs. Patches from Matthew Newton.
* Added dictionary.mimosa
Bug fixes
* Don't call post-proxy twice when proxying to
a virtual server. Matthew Newton, #2161.
* Use "raw" string value for shared secrets and dynamic clients.
It now parses strings with backslashes and "special characters"
correctly. Fixes #2168.
* Fix RuntimeDirectory for RedHat, from Alan Buxey.
* Relax checks in 'if' parser from Isaac Bourkis
* Minor cleanups for %{debug_attr:&request} from Isaac Boukris.
* Be more aggressive about cleaning up cached certificate attributes,
due to deficiencies in OpenSSL. Reported by Nicolas Reich.
* Be more accepting when parsing IPv6 addresses. Bug noted
by Klara Mall.
* Fix double free in rlm_sql. Fixes #2180.
* rlm_detail now writes empty Access-Accept packets.
* rlm_python can now create tagged attributes.
* Don't crash on duplicate realm + authhost / accthost.
Bug found by Richard Palmer.
* Allow partial certificate chain to trusted CA. Fixes #2162
* Treat SSL_read() returning zero as error. Fixes #2164.
* detail writer now checks if the file was renamed or deleted.
* Add User-Name to Access-Accept if EAP-Message exists,
not Stripped-User-Name.
* RedHat Systemd updates. Fixes #2184
* Use correct API for State variable in rlm_securid.
* Remove broken radclient option "-i".
* Fix "users" file (and hints, etc). So that it does not
get confused about entry ordering with multiple $INCLUDEs.
* Fix rlm_sql to expand the un-escaped string, not the raw string.
* Link default and inner-tunnel only if they exist. Fixes #2206.
* Don't use both IP_PKTINFO and IP_SENDSRCADDR.
* Always install signal handler for SIGINT (needed by Docker).
* Fix intermediate CA flow for OCSP. Fixes #2160.
Intermediate certs which are not self-signed will now be
checked.
* sqlippool now returns "fail" if it fails IP allocation.
* Fix rlm_yubikey to look for correct attribute in replay
attack check.
|
|
|
|
they were hiding in the pkgconfig file
|
|
Changes:
version 2018.09.18
Core
+ [extractor/common] Introduce channel meta fields
Extractors
* [adobepass] Don't pollute default headers dict
* [udemy] Don't pollute default headers dict
* [twitch] Don't pollute default headers dict
* [youtube] Don't pollute default query dict (#17593)
* [crunchyroll] Prefer hardsubless formats and formats in locale language
* [vrv] Make format ids deterministic
* [vimeo] Fix ondemand playlist extraction (#14591)
+ [pornhub] Extract upload date (#17574)
+ [porntube] Extract channel meta fields
+ [vimeo] Extract channel meta fields
+ [youtube] Extract channel meta fields (#9676, #12939)
* [porntube] Fix extraction (#17541)
* [asiancrush] Fix extraction (#15630)
+ [twitch:clips] Extend URL regular expression (closes #17559)
+ [vzaar] Add support for HLS
* [tube8] Fix metadata extraction (#17520)
* [eporner] Extract JSON-LD (#17519)
version 2018.09.10
Core
+ [utils] Properly recognize AV1 codec (#17506)
Extractors
+ [iprima] Add support for prima.iprima.cz (#17514)
+ [tele5] Add support for tele5.de (#7805, #7922, #17331, #17414)
* [nbc] Fix extraction of percent encoded URLs (#17374)
|
|
This is the latest git version of the program (from 2015 though).
Switch the build to use gnutls for the command line program,
since openssl 1.1 is not supported.
Various changes since the last released version, but only git log
available. Mostly bugfixes.
Update bl3.mk file: neither zlib nor openssl nor gnutls headers/libraries
are used by the library, so remove all bl3.mk includes.
|
|
|
|
Changes for version 1.3.1:
* Cleaned up deprecation warnings
* Fixed SNMP::Integer#<=> method for Ruby 2.3.0 and later
* Removed artificial limit on number of non-repeaters for GetBulkRequest
* SNMP::BER module no longer pollutes global namespace
|
|
Changes are too many to write here, please refer
<https://github.com/rapid7/ruby_smb/compare/v0.0.23...v1.0.4> in detail.
|
|
v2.1.23 (2018/09/20)
* use yaml for remapping; remove json transpose code (#177)
- use yaml for remapping; remove json transpose code
- temporarily revert cpe change on win2k3
* TELNET: Initial commit (#178)
* Add better support for Array networks/ArrayOS
v.2.1.22 - 2018.09.04
* New fingerprint coverage: apache_modules.xml #174
- Adds support for performing version detection of Apache modules in HTTP
Server headers.
- Client software calling Recog is expected to split an Apache banner based
on spaces and toss the individual values at Recog.
- This is a first pass, more work will be required to fully flesh this out.
* Improved coverage: http_servers.xml #175
- Leveraging Project Sonar data from 2018.08.13 has resulted in significant
(multiple millions) improvement of fingerprinting against that data set.
- hw.* values added where possible
* Minor FTP tweaks
v.2.1.22 - 2018.08.29
* New capability: CPE 2.3 data #172
- Added preliminary support for returning CPE 2.3 information via a new
fingerprint param named service.cpe23 which can be literal strings or
interpolated values.
Example:
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:1"/>
or
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:{service.version}"/>
- Software, other than Ruby Recog, that leverage the XML directly will need
to support interpolating the values in order to fully utilize this
capability.
- Future changes to enhance this capability and make creating interpolated
results easier are expected in the near future.
- See PR #172 for more details
* Misc fingerprint updates and changes, some of which were to support CPE
changes.
- Changed the use of 'F5 Labs' to 'F5' in multiple files #171
- Change certain Cisco PIX fingerprints from 'service.' to 'os.' #170
v.2.1.20 - 2018.06.27
* Compatibility: Adjustments to the regex of multiple fingerprints to remove
negative lookaheads and other contructs that Golang doesn't support. #162
v.2.1.19 - 2018.04.16
* Improved coverage: xml/smtp_banners.xml #160
- Note: Due to effort to cleanup description lines (remove duplicates,
remove multilines, provide context, standardize format) almost every value
for <description> has changed. This will impact the value returned as
matched with tools such as DAP.
- Project Sonar SMTP survey data was used to enhance and improve the
coverage. Full details and metrics can be found in #160
- Improved the accuracy and/or flexibility of multiple fingerprints.
- Changed ALL instances of flags="REG_ICASE" to an inline flag (?i:) in
order to make the regex compatible with more languages.
- Implemented fingerprint examples for those fingerprints where examples
could be found.
- This sometimes resulted in removing fingerprints that were actually
duplicates or trivially different.
- Reworked description values so as to remove examples and ensure that this
field is unique within the file as the value of description serves as an
identifier when processing fingerprints. Multiline descriptions were
reduced to single line where possible. Many descriptions were modified.
- Fixed multiple instances where captures where under/over capturing. For
example, some fingerprints would have captured the examples but the
examples were missing leading or ending spaces. Other fingerprints were
over-broad in what they would capture leading to fall positives or
misidentification.
- Fixed multiple instances where the portion of the version banner that was
captured was different between two products in the same family.
- Removed various real and example hostnames from examples and standardized
on 'foo.bar'
- Corrected system.time.format so as to match timestamp provided by service
- Reworked date regex for multiple matches to remove inadvertent requirement
for two digit day value when the banner included a single digit day.
|
|
#### Release 3.0.3
- CHANGED: Updated definitions.
|
|
0.13.0 (2018/07/25)
* added tests for open_dead
* Add lib_version function to Pcap module
|
|
2.0.4 (2018/03/29)
* Fix for exception bug
2.0.5 (2018/08/17)
* Fixed a bug in the Ping::HTTP class where it didn't reflect user_agent
setting to actual http request
* Fixed Ping::HTTP to support custom User-Agent
|
|
Update the eTLD database to 2018-04-17T23:50:25Z.
|
|
##v1.61.2
* Add new root key
|
|
2.2.2
------
- Add pool `size` and `available` accessors for metrics and monitoring
purposes [#97, robholland]
|
|
1.4.4 (2018-09-09 03:19 UTC)
Changelog:
* Fix PHP 7.3: Declaration of case-insensitive constants is deprecated
|
|
Remove bind99 from pkgsrc since BIND 9.9 became EOL on 30 June 2018.
|
|
|
|
Backport changes between BIND 9.11.4-P1 and 9.11.4-P2.
Bump PKGREVISION.
|
|
Now having `geomyidae=yes' in rc.conf correctly works.
Bump PKGREVISION
|
|
4.1:
Fix problem when socket fd is 0
Fix running on servers with disabled IPv6
Allow running "fping -h" or "--help" even when raw socket can't be opened
Fix build issue with FreeBSD and IPv6
|
|
|
|
|
|
Update bind912 to 9.12.2pl2 (BIND 9.12.2-P2).
--- 9.12.2-P2 released ---
5022. [doc] Update ms-self, ms-subdomain, krb5-self, and
krb5-subdomain documentation. [GL !708]
5015. [bug] Reloading all zones caused zone maintenance to cease
for inline-signed zones. [GL #435]
5014. [bug] Signatures loaded from the journal for the signed
version of an inline-signed zone were not scheduled for
refresh. [GL #482]
5013. [bug] A referral response with a non-empty ANSWER section was
inadvertently being treated as an error. [GL #390]
5004. [bug] 'rndc reconfig' could cause inline zones to stop
re-signing. [GL #439]
|
|
Update bind911 to 9.11.4pl2 (BIND 9.11.4-P2).
--- 9.11.4-P2 released ---
5022. [doc] Update ms-self, ms-subdomain, krb5-self, and
krb5-subdomain documentation. [GL !708]
5015. [bug] Reloading all zones caused zone maintenance to cease
for inline-signed zones. [GL #435]
5014. [bug] Signatures loaded from the journal for the signed
version of an inline-signed zone were not scheduled for
refresh. [GL #482]
|
|
Remove extra spaces after backslash.
|