Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Changes since 4.3.2rc2
- None
Changes since 4.3.2rc1
- Corrected a compilation error introduced by the fix for ISC-Bugs #37415.
The error occurs on Linux variants that do not support VLAN tag information
in packet auxiliary data. The configure script now only enables inclusion
of the VLAN tag-based logic if it is supported by the underlying OS.
[ISC-Bugs #38677]
Changes since 4.3.2b1
- Specifying the option, --disable-debug, on the configure script command line
now disables debug features. Prior to this, specifying --disable-debug
incorrectly enabled debug features. Thanks to Gustavo Zacarias for reporting
the issue.
[ISC-Bugs #37780]
- Unit test execution now uses a path augmented during configuration
processing of the --with-atf option to locate ATF runtime tools, atf-run
and atf-report. For most installations of ATF, this should alleviate the
need to manually include them in the PATH, as was formerly required.
If the configure script cannot locate the tools it will emit a warning,
informing the user that the tools must be in the PATH when running unit
tests.
Secondly, please note that "make check" will now exit with a failure status
code (non-zero) if one or more unit tests fail. This means that invoking
"make check" from an upper level directory will cause the make process to
STOP after the first test subdirectory with failed test(s). To force all
tests in all subdirectories to run, regardless of individual test outcome,
use the command "make -k check".
[ISC-Bugs #38619]
|
|
Enhancement #4313 - SSL encrypted secure connection
Enhancement #4168 - Plugin manager for GUI
Enhancement #4307 - Always show client auto-detect dialog
Enhancement #4397 - Modernize Mac build script (deployment and signing)
Enhancement #4398 - Remove obsolete Mac database cleaner
Enhancement #4337 - Remove IStreamFilterFactory dead code
|
|
ChangeLog :
===========
2015/02/01 : 1.5.11
- BUG/MEDIUM: backend: correctly detect the domain when use_domain_only is used
- MINOR: ssl: load certificates in alphabetical order
- BUG/MINOR: checks: prevent http keep-alive with http-check expect
- BUG/MEDIUM: Do not set agent health to zero if server is disabled in config
- MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent health is zero
- BUG/MINOR: stats:Fix incorrect printf type.
- DOC: add missing entry for log-format and clarify the text
- BUG/MEDIUM: http: fix header removal when previous header ends with pure LF
- BUG/MEDIUM: channel: fix possible integer overflow on reserved size computation
- BUG/MINOR: channel: compare to_forward with buf->i, not buf->size
- MINOR: channel: add channel_in_transit()
- MEDIUM: channel: make buffer_reserved() use channel_in_transit()
- MEDIUM: channel: make bi_avail() use channel_in_transit()
- BUG/MEDIUM: channel: don't schedule data in transit for leaving until connected
- BUG/MAJOR: log: don't try to emit a log if no logger is set
- BUG/MINOR: args: add missing entry for ARGT_MAP in arg_type_names
- BUG/MEDIUM: http: make http-request set-header compute the string before removal
- BUG/MINOR: http: fix incorrect header value offset in replace-hdr/replace-value
- BUG/MINOR: http: abort request processing on filter failure
2014/12/31 : 1.5.10
- DOC: fix a few typos
- BUG/MINOR: http: fix typo: "401 Unauthorized" => "407 Unauthorized"
- BUG/MINOR: parse: refer curproxy instead of proxy
- DOC: httplog does not support 'no'
- MINOR: map/acl/dumpstats: remove the "Done." message
- BUG/MEDIUM: sample: fix random number upper-bound
- BUG/MEDIUM: patterns: previous fix was incomplete
- BUG/MEDIUM: payload: ensure that a request channel is available
- BUG/MINOR: tcp-check: don't condition data polling on check type
- BUG/MEDIUM: tcp-check: don't rely on random memory contents
- BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
- BUG/MINOR: config: fix typo in condition when propagating process binding
- BUG/MEDIUM: config: do not propagate processes between stopped processes
- BUG/MAJOR: stream-int: properly check the memory allocation return
- BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
- BUG/MEDIUM: compression: correctly report zlib_mem
|
|
|
|
|
|
|
|
|
|
Version 2.92 -- Fri, 13 Mar 2015
* Tag version 2.92
* Hold off on Makefile changes
* Makefile changes
* Sort programme types in help text
* Pick up flashlow stream from mobile data
* Clean up Kodi .nfo files
* Updated help text and man page
* No ddlaacmed mode
* Automatically use mediaselector/4 for obvious archive programmes
* Added World Service to generated HLS live radio streams
* Fixed playlist URL parsing in archive pages
* Reinstate --mediaselector option (for archive programmes)
* Update ddlaac modes
* Combine AAC and MP3 in "shoutcast" mode alias for live radio
* Rework live stream location override options
* Rework default programme version determination
* Tweak mode size formatting
* Fixed incorrect processing of --stop and --start in HLS streamer
* Make --check-duration aware of --start and --stop
* Ignore rtmpdump error code = 2 with --stop
* When selecting default, ignore versions with only subtitles stream
* Don't check if main script writable on update unless it will be written
* Update live radio options in man page
* Updated Flash player URL
* Added --liveradio-intl option, removed "nonuk" mode alias
* Remove live radio mode list exception for World Service
* Removed deleted live Flash stream for World Service
* Fixed priority order of HLS live streams
* Added --no-proxy option
* Added DDL opts to manpage
* Cache listing with earliest availability when using schedule feeds
* Cache mis-catalogued news programmes
* Generate all additional live streams with --live{tv,radio}-uk
* Web PVR: Fixed escaping in form param parsing
* Revamped support for direct download AAC files
* Removed unnecessary thumbnail download notice
* Don't attempt to tag file with --raw
* Add full metadata to media clips (changes re-applied)
* Revert clip metadata changes
* Added shoutcast options to man page
* Removed rtsp recording modes
* Ignore --mediaselector option
* Added support for direct download AAC files
* Added support for Shoutcast live radio streams
* Revamped stream data processing
* Don't create series web link if no parent entity
* Handle rare subseries (split episodes)
* Move fallback metadata collection to ensure title is populated first
* Process all programme versions (including duplicates) to find stream info
* Cache audio described programmes from ION feeds
* Added additional HD/SD streams with --hds-livetv
* Fix runtime in Freevo/Kodi metadata
* widen first column in --dump-options output
* Updated SWF player URL
* bump dev version
|
|
|
|
|
|
(package is only for NetBSD so this is a no-op dependency annotation)
|
|
|
|
This updates the package from netcat-openbsd-1 to netcat-openbsd-20131208.
No other change.
|
|
5.14.0
------
* [Add `Twitter::NullObject#respond_to?`](https://github.com/sferik/twitter/commit/438e311d93f382960650e20898203c880ade6b25)
* [Add `Twitter::Media::Video`, `Twitter::Media::VideoInfo`, and `Twitter::Media::Variant`](https://github.com/sferik/twitter/commit/158193f85843ebac7b3188bbad26d73907577f6a)
* [Add `Twitter::Media::AnimatedGif` media entity](https://github.com/sferik/twitter/commit/76cb6645a54969edc7c9195e9e27e3728f5fd683) ([@nidev](https://twitter.com/nidev))
5.13.0
------
* [Deprecate `Twitter::REST::Client#get` and `Twitter::REST::Client#post`](https://github.com/sferik/twitter/commit/65773c7d741098490f4164fae9e4433365cd4292)
* [Rename `Twitter::REST::Client::URL_PREFIX` to `Twitter::REST::Client::BASE_URL`](https://github.com/sferik/twitter/commit/73e2b9be19acf1403f324e5be48a550d3756d822)
* [Extract `Twitter::Headers` class](https://github.com/sferik/twitter/commit/e0d4c36bade95253b98b3ee657af409bfeadbbb6)
* [Move `Twitter::Request` to `Twitter::REST::Request`](https://github.com/sferik/twitter/commit/a46d9f21067724c437d40c7cb9c609f6cd304df1)
* [Add `Twitter::REST::Request#rate_limit`](https://github.com/sferik/twitter/commit/0c9f9d6a15835a0260a5a56a8aaffdc3f3e39eed)
* [Rename `Twitter::REST::Utils` methods](https://github.com/sferik/twitter/commit/2b1cceca0d37a038d3afd0b5763f2308b3db1b2d)
* [Update default `User-Agent` to comply with Section 5.5.3 of RFC 7231](https://github.com/sferik/twitter/commit/e5eb8d451d8be2d2751e6dda132c65039e5c879c)
5.12.0
------
* [Rescue `Twitter::Error::NotFound` for safe `#favorite` and `#retweet`](https://github.com/sferik/twitter/commit/5e6223df20217fd6b0ac78b44b0defdb46d1e018)
* [Make `Twitter::User#profile_background_image_uri` methods return a URI](https://github.com/sferik/twitter/commit/d96194c0c3b17076e48faed1b05cd48d043a6778)
* [Un-deprecate `Twitter::Base#to_hash`](https://github.com/sferik/twitter/commit/f45ce597408ab2bae2b55db6456543bf6d9ea081)
* [Add `Twitter::Tweet#possibly_sensitive?`](https://github.com/sferik/twitter/commit/917e8f14f7707eb646e8057827ed0ba9d1766eeb)
* [Namespace registered Faraday middleware](https://github.com/sferik/twitter/commit/a96931171e32c142f36318547f2cffa6ccd5c199) ([@godfoca](https://twitter.com/godfoca))
* [Fix test failures on Ruby 2.2.0-preview1](https://github.com/sferik/twitter/commit/74fb2e676f5882c62a6d4f07d7bbf8ca1f469fe2)
* [Make Twitter::NullObject Comparable](https://github.com/sferik/twitter/commit/9635db5128708525f3368800f11c519d6b14b1e4)
5.11.0
------
* [Return a Twitter::NullObject for empty attributes](https://github.com/sferik/twitter/commit/bca179eefb1c157f19b882a88ba608f6817b76bb)
* [Add `iso_language_code` attribute to `Twitter::Metadata`](https://github.com/sferik/twitter/commit/7bf3a1b6ad0c35dc608b03ba2b3321b594e4da1c)
5.10.0
------
* [Add support for extended entities](https://github.com/sferik/twitter/commit/ed7c708e4208de1df27d141678c14e23422504a0)
* [Add `Twitter::REST::Client#upload`](https://github.com/sferik/twitter/commit/f5a747b53c4866bb378d6022f309d6176620122e)
|
|
0.10.3 02/24/15
===============
error when Dir.home is not readable
|
|
# Addressable 2.3.7
- fix scenario in which invalid URIs don't get an exception until inspected
- handle hostnames with two adjacent periods correctly
- upgrade of RSpec
|
|
if the "ssl" option is set
|
|
|
|
|
|
Summary for 4.7.3 tcpdump release
Capsicum fixes for FreeBSD 10
Monday March. 10, 2015 guy@alum.mit.edu
Summary for 4.7.2 tcpdump release
DCCP: update Packet Types with RFC4340/IANA names
fixes for CVE-2015-0261: IPv6 mobility header check issue
fixes for CVE-2015-2153, 2154, 2155: kday packets
Friday Nov. 12, 2014 guy@alum.mit.edu
Summary for 4.7.0 tcpdump release
changes to hex printing of CDP packets
Fix PPI printing
Radius: update Packet Type Codes and Attribute Types with RFC/IANA names
Add a routine to print "text protocols", and add FTP/HTTP/SMTP/RTSP support.
improvements to telnet printer, even if not -v
omit length for bcp, print-tcp uses it
formatting fixes for a bunch of protocols
new bounds checks for a number of protocols
split netflow 1,6, and 6 dissector up.
added geneve dissector
CVE-2014-9140 PPP dissector fixed.
|
|
Summary for 1.7.2 libpcap release
Support for filtering Geneve encapsulated packets.
Wednesday Nov. 12, 2014 guy@alum.mit.edu/mcr@sandelman.ca
Summary for 1.7.0 libpcap release
Fix handling of zones for BPF on Solaris
new DLT for ZWAVE
clarifications for read timeouts.
added bpf_filter1() with extensions
some fixes to compilation without stdint.h
EBUSY can now be returned by SNFv3 code.
Monday Aug. 12, 2014 guy@alum.mit.edu
Summary for 1.6.2 libpcap release
Don't crash on filters testing a non-existent link-layer type
field.
Fix sending in non-blocking mode on Linux with memory-mapped
capture.
Fix timestamps when reading pcap-ng files on big-endian
machines.
Saturday Jul. 19, 2014 mcr@sandelman.ca
Summary for 1.6.1 libpcap release
some fixes for the any device
changes for how --enable-XXX (--enable-sniffing, --enable-can) works
Wednesday Jul. 2, 2014 mcr@sandelman.ca
Summary for 1.6.0 libpcap release
Don't support D-Bus sniffing on OS X
fixes for byte order issues with NFLOG captures
Handle using cooked mode for DLT_NETLINK in activate_new().
on platforms where you can not capture on down interfaces, do not list them
but: do list interfaces which are down, if you can capture on them!
Wednesday December 18, 2013 guy@alum.mit.edu
Summary for 1.5.3 libpcap release
Don't let packets that don't match the current filter get to the
application when TPACKET_V3 is used. (GitHub issue #331)
Fix handling of pcap_loop()/pcap_dispatch() with a packet count
of 0 on some platforms (including Linux with TPACKET_V3).
(GitHub issue #333)
Work around TPACKET_V3 deficiency that causes packets to be lost
when a timeout of 0 is specified. (GitHub issue #335)
Man page formatting fixes.
Wednesday December 4, 2013 guy@alum.mit.edu
Summary for 1.5.2 libpcap release
Fix libpcap to work when compiled with TPACKET_V3 support and
running on a kernel without TPACKET_V3 support. (GitHub
issue #329)
Wednesday November 20, 2013 guy@alum.mit.edu
Summary for 1.5.1 libpcap release
Report an error, rather than crashing, if an IPv6 address is
used for link-layer filtering. (Wireshark bug 9376)
Wednesday October 30, 2013 guy@alum.mit.edu
Summary for 1.5.0 libpcap release
TPACKET_V3 support added for Linux
Point users to the the-tcpdump-group repository on GitHub rather
than the mcr repository
Checks added for malloc()/realloc()/etc. failures
Fixed build on Solaris 11
Support filtering filtering E1 SS7 traffic on MTP2 layer Annex A
Use "ln -s" to link man pages by default
Add support for getting nanosecond-resolution time stamps when
capturing and reading capture files
Many changes to autoconf to deal better with non-GCC compilers
added many new DLT types
|
|
* Changes in Wget 1.16.3
** Fix a regression introduced by wget 1.16.2 that --quiet is not
really quiet anymore.
|
|
Important Security Fixes
CVE-2013-5588 - XSS issue via installer or device editing
CVE-2013-5589 - SQL injection vulnerability in device editing
CVE-2014-2326 - XSS issue via CDEF editing
CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
CVE-2014-4002 - XSS issues in multiple files
CVE-2014-5025 - XSS issue via data source editing
CVE-2014-5026 - XSS issues in multiple files
Important Updates
New graph tree view
Updated graph list and graph preview
Refactor graph tree view to remove GPL incompatible code
Updated command line database upgrade utility
Graph zooming now from everywhere
|
|
|
|
This package contains supplementary Go networking libraries.
|
|
Remove patches that were applied upstream.
isisd is enabled, but pimd isn't yet (only because those are upstream defaults).
Upstream changes since 0.99.23:
User-visible changes:
- [pimd] New daemon: pimd provides IPv4 PIM-SSM multicast routing.
- [bgpd] New feature: "next-hop-self all" to override nexthop on iBGP route
reflector setups.
- [bgpd] route-maps have a new action "set ipv6 next-hop peer-address"
- [bgpd] route-maps have a new action "set as-path prepend last-as"
- [bgpd] Update validity checking (particularly MP-BGP / IPv6 routes) was
touched up significantly. Please report possible bugs.
- [ripd] New feature: RIP for IPv4 now supports equal-cost multipath (ECMP)
- [zebra] Multicast RIB support has been extended. It still is IPv4 only.
- [zebra] "no link-detect" is now printed in configurations since it won't
be the default anymore soon. To retain current behaviour, re-save your
configuration after updating to 0.99.24.
Distributor-visible changes:
- --enable-pimd is added to enable pimd. It is considered experimental, though
unless the distribution target is embedded systems with little flash, there
is no reason to not include it in packages.
- --disable-ipv6 no longer exists as an option. It's 2015, your C library
really needs to have IPv6 support by now.
- --disable-netlink no longer exists as an option. It didn't work anyway.
- --disable-solaris no longer exists as an option. It only controlled some
init scripts.
- --enable-isisd is now the default.
- mrlg.cgi is no longer included (it was severely outdated). It can be found
independently at http://mrlg.op-sec.us/
- build on Linux with the musl C library should now work
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Update net/mitmproxy to 0.11.3.
Changes:
29 Dec 2014: mitmproxy 0.11.3:
* Bug fixes (-w option and #435 issue).
29 Dec 2014: mitmproxy 0.11.2:
* Configuration files - mitmproxy.conf, mitmdump.conf, common.conf in the
.mitmproxy directory.
* Better handling of servers that reject connections that are not SNI.
* Many other small bugfixes and improvements.
15 November 2014: mitmproxy 0.11.1:
* Bug fixes: connection leaks some crashes
7 November 2014: mitmproxy 0.11:
* Performance improvements for mitmproxy console
* SOCKS5 proxy mode allows mitmproxy to act as a SOCKS5 proxy server
* Data streaming for response bodies exceeding a threshold
(bradpeabody@gmail.com)
* Ignore hosts or IP addresses, forwarding both HTTP and HTTPS traffic
untouched
* Finer-grained control of traffic replay, including options to ignore
contents or parameters when matching flows (marcelo.glezer@gmail.com)
* Pass arguments to inline scripts
* Configurable size limit on HTTP request and response bodies
* Per-domain specification of interception certificates and keys (see
--cert option)
* Certificate forwarding, relaying upstream SSL certificates verbatim (see
--cert-forward)
* Search and highlighting for HTTP request and response bodies in
mitmproxy console (pedro@worcel.com)
* Transparent proxy support on Windows
* Improved error messages and logging
* Support for FreeBSD in transparent mode, using pf (zbrdge@gmail.com)
* Content view mode for WBXML (davidshaw835@air-watch.com)
* Better documentation, with a new section on proxy modes
* Generic TCP proxy mode
* Countless bugfixes and other small improvements
28 January 2014: mitmproxy 0.10:
* Support for multiple scripts and multiple script arguments
* Easy certificate install through the in-proxy web app, which is now
enabled by default
* Forward proxy mode, that forwards proxy requests to an upstream HTTP server
* Reverse proxy now works with SSL
* Search within a request/response using the "/" and "n" shortcut keys
* A view that beatifies CSS files if cssutils is available
* Bug fix, documentation improvements, and more.
25 August 2013: mitmproxy 0.9.2:
* Improvements to the mitmproxywrapper.py helper script for OSX.
* Don't take minor version into account when checking for serialized file
compatibility.
* Fix a bug causing resource exhaustion under some circumstances for SSL
connections.
* Revamp the way we store interception certificates. We used to store these
on disk, they're now in-memory. This fixes a race condition related to
cert handling, and improves compatibility with Windows, where the rules
governing permitted file names are weird, resulting in errors for some
valid IDNA-encoded names.
* Display transfer rates for responses in the flow list.
* Many other small bugfixes and improvements.
16 June 2013: mitmproxy 0.9.1:
* Use "correct" case for Content-Type headers added by mitmproxy.
* Make UTF environment detection more robust.
* Improved MIME-type detection for viewers.
* Always read files in binary mode (Windows compatibility fix).
* Some developer documentation.
|
|
Changes:
0.11.2
------
* TCPClient: Use TLS1.1+ where available, BaseHandler: disable SSLv2.
0.11.1
------
* Fixes traceback in connection finish.
0.11
----
* Refactor TCP close.
* certstore: add support for cert chains
* certstore: add support for asterisk form to DNTree replacement
* Change the criticality of a number of X509 extentions, to match the RFCs and
real-world CAs/certs.
* Much more sophisticated certificate store:
- Handle wildcard lookup
- Handle lookup of SANs
- Provide hooks for registering override certs and keys for specific
domains (including wildcard specifications)
* Various bug fixes.
0.10
----
* Add IPv6 support for TCPServer.
* Various bug fixes.
|
|
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2015-07
The WCP dissector could crash. (Bug 10844) CVE-2015-2188
* wnpa-sec-2015-08
The pcapng file parser could crash. (Bug 10895) CVE-2015-2189
* wnpa-sec-2015-10
The TNEF dissector could go into an infinite loop. Discovered by
Vlad Tsyrklevich. (Bug 11023) CVE-2015-2190
The following bugs have been fixed:
* IPv6 AUTH mobility option parses Mobility SPI and Authentication
Data incorrectly. (Bug 10626)
* DHCP Option 125 Suboption: (1) option-len always expects 1 but
specification allows for more. (Bug 10784)
* Little-endian OS X Bluetooth PacketLogger files aren't handled.
(Bug 10861)
* X.509 certificate serial number incorrectly interpreted as negative
number. (Bug 10862)
* H.248 "ServiceChangeReasonStr" messages are not shown in text
generated by tshark. (Bug 10879)
* Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI.
(Bug 10897)
* MEGACO wrong decoding on media port. (Bug 10898)
* Wrong media format. (Bug 10899)
* BSSGP Status PDU decoding fault (missing Mandatory element (0x04)
BVCI for proper packet). (Bug 10903)
* Packets on OpenBSD loopback decoded as raw not null. (Bug
10956)
* Display Filter Macro unable to edit. (Bug 10957)
* IPv6 Local Mobility Anchor Address mobility option code is treated
incorrectly. (Bug 10961)
* Juniper Packet Mirror dissector expects ipv6 flow label = 0.
(Bug 10976)
* Infinite loop DoS in TNEF dissector. (Bug 11023)
- Updated Protocol Support
ANSI IS-637-A, DHCP, GSM MAP, H.248, IPv6, Juniper Jmirror, and X.509AF
- New and Updated Capture File Support
PacketLogger, and Pcapng
|