summaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)AuthorFilesLines
2017-01-18Update to 1.0.18. Changes not found.wiz2-7/+7
2017-01-18Updated py-foolscap to 0.12.6.wiz2-7/+7
* Release 0.12.6 (12-Jan-2017) This is a minor release to improve compatibility with Twisted and I2P. In this release, the Foolscap test suite no longer uses several deprecated and/or internal Twisted attributes, so it should pass cleanly on the next release of Twisted (which will probably be named Twisted-17.0.0). In addition, the I2P connection handler was enhanced to let applications pass arbitrary kwargs through to the underlying "SAM" API. Finally connection-status error messages should be slightly cleaner and provide more useful information in the face of unrecogized exceptions.
2017-01-18Fix typo in version number.wiz1-2/+2
2017-01-17Update net/py-lexicon to 1.2.1.fhajny3-17/+9
No changelog published. From the commitlog: lexicon 1.2.1 - Fix ttl handling. lexicon 1.2.0 - Python 3 compatibility, removed support for Python 2.6. - Fix route53 compat errors. - Remove gandi and transip support. Transip library is no longer maintained and is incompatible with python3.
2017-01-16Recursive bump for libvpx shlib major change.wiz3-6/+6
2017-01-16Updated filezilla to 3.24.0.wiz3-7/+23
3.24.0 (2017-01-13) - Fixed a possible crash if sending FTP commands fails during a directory listing operation - *nix: Fixed a scrolling issue in the message log if wxWidgets is built against GTK3 3.24.0-rc1 (2017-01-06) + The context menu for remote file search results now has a "Copy URL(s) to clipboard" item + Alt+number can now be used to switch between tabs in addition to Ctrl+number + SFTP hostkey fingerprints are now also shown as base64 encoded SHA256 hashes to match the new format displayed by OpenSSH - Errors at the end of SFTP transfers now correctly result in transfer failures instead - Cancelling synchronized browsing questions no longer prevents further directory changes - Fix display issues for the filter conditions dialog - Fix deleting multiple extensions on the filetype page in the settings - OS X: Do not open dialogs while already processing an event, e.g. while a context menu is open
2017-01-14Update net/youtube-dl to youtube-dl-20170114leot3-20/+32
Changes: version 2017.01.14 Core + [common] Add ability to customize akamai manifest host + [utils] Add more date formats Extractors - [mtv] Eliminate _transform_rtmp_url * [mtv] Generalize triforce mgid extraction + [cmt] Add support for full episodes and video clips (#11623) + [mitele] Extract DASH formats + [ooyala] Add support for videos with embedToken (#11684) * [mixcloud] Fix extraction (#11674) * [openload] Fix extraction (#10408) * [tv4] Improve extraction (#11698) * [freesound] Fix and improve extraction (#11602) + [nick] Add support for beta.nick.com (#11655) * [mtv,cc] Use HLS by default with native HLS downloader (#11641) * [mtv] Fix non-HLS extraction version 2017.01.10 Extractors * [youtube] Fix extraction (#11663, #11664) + [inc] Add support for inc.com (#11277, #11647) + [youtube] Add itag 212 (#11575) + [egghead:course] Add support for egghead.io courses version 2017.01.08 Core * Fix "invalid escape sequence" errors under Python 3.6 (#11581) Extractors + [hitrecord] Add support for hitrecord.org (#10867, #11626) - [videott] Remove extractor * [swrmediathek] Improve extraction - [sharesix] Remove extractor - [aol:features] Remove extractor * [sendtonews] Improve info extraction * [3sat,phoenix] Fix extraction (#11619) * [comedycentral/mtv] Add support for HLS videos (#11600) * [discoverygo] Fix JSON data parsing (#11219, #11522) version 2017.01.05 Extractors + [zdf] Fix extraction (#11055, #11063) * [pornhub:playlist] Improve extraction (#11594) + [cctv] Add support for ncpa-classic.com (#11591) + [tunein] Add support for embeds (#11579) version 2017.01.02 Extractors * [cctv] Improve extraction (#879, #6753, #8541) + [nrktv:episodes] Add support for episodes (#11571) + [arkena] Add support for video.arkena.com (#11568) version 2016.12.31 Core + Introduce --config-location option for custom configuration files (#6745, #10648) Extractors + [twitch] Add support for player.twitch.tv (#11535, #11537) + [videa] Add support for videa.hu (#8181, #11133) * [vk] Fix postlive videos extraction * [vk] Extract from playerParams (#11555) - [freevideo] Remove extractor (#11515) + [showroomlive] Add support for showroom-live.com (#11458) * [xhamster] Fix duration extraction (#11549) * [rtve:live] Fix extraction (#11529) * [brightcove:legacy] Improve embeds detection (#11523) + [twitch] Add support for rechat messages (#11524) * [acast] Fix audio and timestamp extraction (#11521) version 2016.12.22 Core * [extractor/common] Improve detection of video-only formats in m3u8 manifests (#11507) Extractors + [theplatform] Pass geo verification headers to SMIL request (#10146) + [viu] Pass geo verification headers to auth request * [rtl2] Extract more formats and metadata * [vbox7] Skip malformed JSON-LD (#11501) * [uplynk] Force downloading using native HLS downloader (#11496) + [laola1] Add support for another extraction scenario (#11460) version 2016.12.20 Core * [extractor/common] Improve fragment URL construction for DASH media * [extractor/common] Fix codec information extraction for mixed audio/video DASH media (#11490) Extractors * [vbox7] Fix extraction (#11494) + [uktvplay] Add support for uktvplay.uktv.co.uk (#11027) + [piksel] Add support for player.piksel.com (#11246) + [vimeo] Add support for DASH formats * [vimeo] Fix extraction for HLS formats (#11490) * [kaltura] Fix wrong widget ID in some cases (#11480) + [nrktv:direkte] Add support for live streams (#11488) * [pbs] Fix extraction for geo restricted videos (#7095) * [brightcove:new] Skip widevine classic videos + [viu] Add support for viu.com (#10607, #11329)
2017-01-14Use GITHUB framework to fetch the distfile. No distfile changeryoon1-2/+4
2017-01-14Update to 1.4.1ryoon7-22/+49
Changelog: Version 1.4.1 (2017-01-08) - Lower the required gspell version to 1.0 - Work around a binding problem in the gtk+ 3.18 vapi of vala 0.30 Version 1.4 (2017-01-06) - Images in quoted tweets now look more like they actually belong to the quoted tweet instead of the quoting tweet. - Allow deleting tweets from the tweet info page and not just from timelines. - Fix the user completion not showing all possible results - Focus the already opened window for an account if the account gets selected in the accounts popover - Avoid window resizing when typing in the Direct Message text box - Add 'q' accelerator to tweet rows for quoting - Add spellchecking. This add a dependency to gspell - Increase gtk+ dependency to 3.18 to get rid of some workarounds. - Increase avatar size in profiles and slightly overlap them over the banner. Also, always show the full banner. - Fix completion popup positioning under Wayland - Add experimental meson build files - Fix some videos not playing correctly - Add a minimal video progress indicator to the video dialog - Fix the retweet/favorite count updating in the tweet info page
2017-01-13Add a dependency to graphics/adwaita-icon-theme (for the gtk3 option)leot2-2/+4
Bump PKGREVISION Pointed out by Joern Clausen via PR pkg/51835.
2017-01-12Update bind99 to 9.9.9pl5 (BIND 9.9.9-P5), including security fixes.taca2-7/+7
--- 9.9.9-P5 released --- 4530. [bug] Change 4489 broke the handling of CNAME -> DNAME in responses resulting in SERVFAIL being returned. [RT #43779] 4528. [bug] Only set the flag bits for the i/o we are waiting for on EPOLLERR or EPOLLHUP. [RT #43617] 4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534] 4517. [security] Named could mishandle authority sections that were missing RRSIGs triggering an assertion failure. (CVE-2016-9444) [RT # 43632] 4510. [security] Named mishandled some responses where covering RRSIG records are returned without the requested data resulting in a assertion failure. (CVE-2016-9147) [RT #43548] 4508. [security] Named incorrectly tried to cache TKEY records which could trigger a assertion failure when there was a class mismatch. (CVE-2016-9131) [RT #43522]
2017-01-12Update bind910 to 9.10.4pl5 (BIND 9.10.4-P5), including security fixes.taca2-8/+7
--- 9.10.4-P5 released --- 4530. [bug] Change 4489 broke the handling of CNAME -> DNAME in responses resulting in SERVFAIL being returned. [RT #43779] 4528. [bug] Only set the flag bits for the i/o we are waiting for on EPOLLERR or EPOLLHUP. [RT #43617] 4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534] 4517. [security] Named could mishandle authority sections that were missing RRSIGs triggering an assertion failure. (CVE-2016-9444) [RT # 43632] 4510. [security] Named mishandled some responses where covering RRSIG records are returned without the requested data resulting in a assertion failure. (CVE-2016-9147) [RT #43548] 4508. [security] Named incorrectly tried to cache TKEY records which could trigger a assertion failure when there was a class mismatch. (CVE-2016-9131) [RT #43522]
2017-01-112.0.1:rodent2-8/+7
* Fixed returning all IP addresses from SDLNet_GetLocalAddresses() on Windows
2017-01-11Restore .includes to fix dependent package buildsryoon1-1/+15
2017-01-10Updated syncthing to 0.14.19.wiz2-7/+7
This is a regularly scheduled bugfix and improvement release recommended for all users. Resolved issues: #3846: Changing bandwidth rate limits now takes effect immediately without restart. #3859: The event log (-audit) can now be directed to stderr for piping into another program. #3584: A panic on folder listing at startup has been fixed. #3857: On Windows, we now make sure to never descend into directory symlinks. #3819: When a folder is deleted, the .stfolder marker is also removed. The ignore file and .stversions directory are retained, if present. #3839: Several scenarios where a device would get stuck with "not a directory" errors are now handled again. #3861: Third party copyrights in the about box are now more up to date. Also: Hashing performance has been improved again, after it was inadvertently reduced in v0.4.17.
2017-01-09Update to newest version.morr2-8/+7
ChangeLog: 2016/12/25 : 1.6.11 - BUILD: contrib: fix ip6range build on Centos 7 - BUG/MINOR: cli: fix pointer size when reporting data/transport layer name - BUG/MINOR: cli: dequeue from the proxy when changing a maxconn - BUG/MINOR: cli: wake up the CLI's task after a timeout update - BUG/MINOR: freq-ctr: make swrate_add() support larger values - BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos - BUG/MAJOR: stream: fix session abort on resource shortage - BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect - BUG/MEDIUM: variables: some variable name can hide another ones - BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full - MINOR: applet: Count number of (active) applets - MINOR: task: Rename run_queue and run_queue_cur counters - BUG/MEDIUM: stream: Save unprocessed events for a stream - BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled - BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2) - BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW - DOC: lua: section declared twice - DOC: fix small typo in fe_id (backend instead of frontend) - BUG/MINOR: lua: memory leak executing tasks - BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake - BUG/MEDIUM: ssl: avoid double free when releasing bind_confs - BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled - BUG/MEDIUM: ssl: for a handshake when server-side SNI changes - BUG/MINOR: systemd: potential zombie processes 2016/11/20 : 1.6.10 - BUG/MINOR: Fix OSX compilation errors - BUG/MINOR: displayed PCRE version is running release - MINOR: show Built with PCRE version - MINOR: show Running on zlib version - MINOR: Add fe_req_rate sample fetch - MEDIUM: make SO_REUSEPORT configurable - BUG/MINOR: vars: use sess and not s->sess in action_store() - BUG/MINOR: vars: make smp_fetch_var() more robust against misuses - BUG/MINOR: vars: smp_fetch_var() doesn't depend on HTTP but on the session - BUG/MINOR: ssl: Check malloc return code - BUG/MINOR: ssl: prevent multiple entries for the same certificate - BUG/MINOR: systemd: make the wrapper return a non-null status code on error - BUG/MINOR: systemd: always restore signals before execve() - BUG/MINOR: systemd: check return value of calloc() - MINOR: systemd: report it when execve() fails - BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed - BUILD: protocol: fix some build errors on OpenBSD - BUILD: log: iovec requires to include sys/uio.h on OpenBSD - BUILD: tcp: do not include netinet/ip.h for IP_TTL - BUILD: checks: remove the last strcat and eliminate a warning on OpenBSD - BUILD: poll: remove unused hap_fd_isset() which causes a warning with clang - MINOR: cfgparse: few memory leaks fixes. - MINOR: build: Allow linking to device-atlas library file - DOC: Fix typo in description of `-st` parameter in man page - BUG/MEDIUM: peers: on shutdown, wake up the appctx, not the stream - BUG/MEDIUM: peers: fix use after free in peer_session_create() - BUG/MEDIUM: systemd-wrapper: return correct exit codes - BUG/MEDIUM: srv-state: properly restore the DRAIN state - BUG/MINOR: srv-state: allow to have both CMAINT and FDRAIN flags - BUG/MEDIUM: servers: properly propagate the maintenance states during startup - BUG: vars: Fix 'set-var' converter because of a typo - BUG/MEDIUM: channel: bad unlikely macro - CLEANUP: lua: move comment - CLEANUP: lua: control executed twice - CLEANUP: ssl: Fix bind keywords name in comments - DOC: ssl: Use correct wording for ca-sign-pass - BUG/MINOR: stick-table: handle out-of-memory condition gracefully - BUG/MEDIUM: connection: check the control layer before stopping polling - BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory - CONTRIB: initiate a debugging suite to make debugging easier - BUG/MINOR: cli: properly decrement ref count on tables during failed dumps - BUG/MEDIUM: lua: In some case, the return of sample-fetche is ignored
2017-01-09Update ruby-addressable to 2.5.0.taca3-9/+10
# Addressable 2.5.0 - dropping support for Ruby 1.9 - adding support for Ruby 2.4 preview - add support for public suffixes and tld; first runtime dependency - hostname escaping should match RFC; underscores in hostnames no longer escaped - paths beginning with // and missing an authority are now considered invalid - validation now also takes place after setting a path - handle backslashes in authority more like a browser for `heuristic_parse` - unescaped backslashes in host now raise an `InvalidURIError` - `merge!`, `join!`, `omit!` and `normalize!` don't disable deferred validation - `heuristic_parse` now trims whitespace before parsing - host parts longer than 63 bytes will be ignored and not passed to libidn - normalized values always encoded as UTF-8
2017-01-09Add and enable ruby-public_suffix.taca1-1/+2
2017-01-09Add ruby-public_suffix package version 2.0.5.taca4-0/+56
It was required by ruby-addressable 2.5.0. PublicSuffix can parse and decompose a domain name into top level domain, domain and subdomains.
2017-01-09Revert unintentional revbumpryoon1-2/+2
2017-01-09Recursive revbump from net/libvncserverryoon5-10/+10
2017-01-09Update to 0.9.11ryoon7-154/+23
* Update buildlink3.mk * Update HOMEPAGE and MASTER_SITES Changelog: 0.9.11: Overall changes: LibVNCServer/LibVNCClient development now uses continous intregration, provided by TravisCI. LibVNCClient: Now initializes libgcrypt before use if the application did not do it. Fixes a crash when connection to Mac hosts (#45). Various fixes that result in more stable handling of malicious or broken servers. Removed broken and unmaintained H264 decoding. Some documentation fixes. Added hooks to WriteToTLS() for optional protection by mutex. LibVNCServer: Stability fixes for the WebSocket implementation. Replaced SHA1 implementation with the one from RFC 6234. The built-in HTTP server does not allow directory traversals anymore. The built-in HTTP now sends correct MIME types for CSS and SVG. Added support for systemd socket activation. Made it possible to get autoPort behavior with either ipv4 or ipv6 disabled. Fixed starting of an onHold-client in threaded mode. 0.9.10: Overall changes: Moved the whole project from sourceforge to https://libvnc.github.io/. Cleaned out the autotools build system which now uses autoreconf. Updated noVNC HTML5 client to latest version. Split out x11vnc sources into separate repository at https://github.com/LibVNC/x11vnc Split out vncterm sources into separate repository at https://github.com/LibVNC/vncterm Split out VisualNaCro sources into separate repository at https://github.com/LibVNC/VisualNaCro Merged Debian patches. LibVNCServer/LibVNCClient: Fixed some security-related buffer overflow cases. Added compatibility headers to make LibVNCServer/LibVNCClient build on native Windows 8. Update LZO to version 2.07, fixing CVE-2014-4607. LibVNCServer: Merged patches from KDE/krfb. Can now do IPv6 without IPv4. Fixed a use-after-free issue in scale.c.
2017-01-08Update mikutter to 3.5.1.tsutsui3-10/+10
Upstream changes: # mikutter 3.5.1 * image file cache did not work * intent dialog was shown when screenname in profile tab was clicked
2017-01-08tor: update to 0.2.9.8maya2-7/+7
Updated provided by reezer (maintainer) in PR pkg/51745 Changes in version 0.2.9.8 - 2016-12-19 Tor 0.2.9.8 is the first stable release of the Tor 0.2.9 series. The Tor 0.2.9 series makes mandatory a number of security features that were formerly optional. It includes support for a new shared- randomness protocol that will form the basis for next generation hidden services, includes a single-hop hidden service mode for optimizing .onion services that don't actually want to be hidden, tries harder not to overload the directory authorities with excessive downloads, and supports a better protocol versioning scheme for improved compatibility with other implementations of the Tor protocol. And of course, there are numerous other bugfixes and improvements. This release also includes a fix for a medium-severity issue (bug 21018 below) where Tor clients could crash when attempting to visit a hostile hidden service. Clients are recommended to upgrade as packages become available for their systems. Below are listed the changes since Tor 0.2.8.11. For a list of changes since 0.2.9.7-rc, see the ChangeLog file. o New system requirements: - When building with OpenSSL, Tor now requires version 1.0.1 or later. OpenSSL 1.0.0 and earlier are no longer supported by the OpenSSL team, and should not be used. Closes ticket 20303. - Tor now requires Libevent version 2.0.10-stable or later. Older versions of Libevent have less efficient backends for several platforms, and lack the DNS code that we use for our server-side DNS support. This implements ticket 19554. - Tor now requires zlib version 1.2 or later, for security, efficiency, and (eventually) gzip support. (Back when we started, zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was released in 2003. We recommend the latest version.) o Deprecated features: - A number of DNS-cache-related sub-options for client ports are now deprecated for security reasons, and may be removed in a future version of Tor. (We believe that client-side DNS caching is a bad idea for anonymity, and you should not turn it on.) The options are: CacheDNS, CacheIPv4DNS, CacheIPv6DNS, UseDNSCache, UseIPv4Cache, and UseIPv6Cache. - A number of options are deprecated for security reasons, and may be removed in a future version of Tor. The options are: AllowDotExit, AllowInvalidNodes, AllowSingleHopCircuits, AllowSingleHopExits, ClientDNSRejectInternalAddresses, CloseHSClientCircuitsImmediatelyOnTimeout, CloseHSServiceRendCircuitsImmediatelyOnTimeout, ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup, UseNTorHandshake, and WarnUnsafeSocks. - The *ListenAddress options are now deprecated as unnecessary: the corresponding *Port options should be used instead. These options may someday be removed. The affected options are: ControlListenAddress, DNSListenAddress, DirListenAddress, NATDListenAddress, ORListenAddress, SocksListenAddress, and TransListenAddress. o Major bugfixes (parsing, security, new since 0.2.9.7-rc): - Fix a bug in parsing that could cause clients to read a single byte past the end of an allocated region. This bug could be used to cause hardened clients (built with --enable-expensive-hardening) to crash if they tried to visit a hostile hidden service. Non- hardened clients are only affected depending on the details of their platform's memory allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE- 2016-12-002 and as CVE-2016-1254. o Major features (build, hardening): - Tor now builds with -ftrapv by default on compilers that support it. This option detects signed integer overflow (which C forbids), and turns it into a hard-failure. We do not apply this option to code that needs to run in constant time to avoid side-channels; instead, we use -fwrapv in that code. Closes ticket 17983. - When --enable-expensive-hardening is selected, stop applying the clang/gcc sanitizers to code that needs to run in constant time. Although we are aware of no introduced side-channels, we are not able to prove that there are none. Related to ticket 17983. o Major features (circuit building, security): - Authorities, relays, and clients now require ntor keys in all descriptors, for all hops (except for rare hidden service protocol cases), for all circuits, and for all other roles. Part of ticket 19163. - Authorities, relays, and clients only use ntor, except for rare cases in the hidden service protocol. Part of ticket 19163. o Major features (compilation): - Our big list of extra GCC warnings is now enabled by default when building with GCC (or with anything like Clang that claims to be GCC-compatible). To make all warnings into fatal compilation errors, pass --enable-fatal-warnings to configure. Closes ticket 19044. - Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS to automatically turn on C and POSIX extensions. (Previously, we attempted to do this on an ad hoc basis.) Closes ticket 19139. o Major features (directory authorities, hidden services): - Directory authorities can now perform the shared randomness protocol specified by proposal 250. Using this protocol, directory authorities generate a global fresh random value every day. In the future, this value will be used by hidden services to select HSDirs. This release implements the directory authority feature; the hidden service side will be implemented in the future as part of proposal 224. Resolves ticket 16943; implements proposal 250. o Major features (downloading, random exponential backoff): - When we fail to download an object from a directory service, wait for an (exponentially increasing) randomized amount of time before retrying, rather than a fixed interval as we did before. This prevents a group of Tor instances from becoming too synchronized, or a single Tor instance from becoming too predictable, in its download schedule. Closes ticket 15942. o Major features (resource management): - Tor can now notice it is about to run out of sockets, and preemptively close connections of lower priority. (This feature is off by default for now, since the current prioritizing method is yet not mature enough. You can enable it by setting "DisableOOSCheck 0", but watch out: it might close some sockets you would rather have it keep.) Closes ticket 18640. o Major features (single-hop "hidden" services): - Add experimental HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode options. When both are set to 1, every hidden service on that Tor instance becomes a non-anonymous Single Onion Service. Single Onions make one-hop (direct) connections to their introduction and rendezvous points. One-hop circuits make Single Onion servers easily locatable, but clients remain location-anonymous. This is compatible with the existing hidden service implementation, and works on the current Tor network without any changes to older relays or clients. Implements proposal 260, completes ticket 17178. Patch by teor and asn. o Major features (subprotocol versions): - Tor directory authorities now vote on a set of recommended "subprotocol versions", and on a set of required subprotocol versions. Clients and relays that lack support for a _required_ subprotocol version will not start; those that lack support for a _recommended_ subprotocol version will warn the user to upgrade. This change allows compatible implementations of the Tor protocol(s) to exist without pretending to be 100% bug-compatible with particular releases of Tor itself. Closes ticket 19958; implements part of proposal 264. o Major bugfixes (circuit building): - Hidden service client-to-intro-point and service-to-rendezvous- point circuits use the TAP key supplied by the protocol, to avoid epistemic attacks. Fixes bug 19163; bugfix on 0.2.4.18-rc. o Major bugfixes (download scheduling): - Avoid resetting download status for consensuses hourly, since we already have another, smarter retry mechanism. Fixes bug 8625; bugfix on 0.2.0.9-alpha. - If a consensus expires while we are waiting for certificates to download, stop waiting for certificates. - If we stop waiting for certificates less than a minute after we started downloading them, do not consider the certificate download failure a separate failure. Fixes bug 20533; bugfix on 0.2.0.9-alpha. - When using exponential backoff in test networks, use a lower exponent, so the delays do not vary as much. This helps test networks bootstrap consistently. Fixes bug 20597; bugfix on 20499. o Major bugfixes (exit policies): - Avoid disclosing exit outbound bind addresses, configured port bind addresses, and local interface addresses in relay descriptors by default under ExitPolicyRejectPrivate. Instead, only reject these (otherwise unlisted) addresses if ExitPolicyRejectLocalInterfaces is set. Fixes bug 18456; bugfix on 0.2.7.2-alpha. Patch by teor. o Major bugfixes (hidden services): - Allow Tor clients with appropriate controllers to work with FetchHidServDescriptors set to 0. Previously, this option also disabled descriptor cache lookup, thus breaking hidden services entirely. Fixes bug 18704; bugfix on 0.2.0.20-rc. Patch by "twim". - Clients now require hidden services to include the TAP keys for their intro points in the hidden service descriptor. This prevents an inadvertent upgrade to ntor, which a malicious hidden service could use to distinguish clients by consensus version. Fixes bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor. o Major bugfixes (relay, resolver, logging): - For relays that don't know their own address, avoid attempting a local hostname resolve for each descriptor we download. This will cut down on the number of "Success: chose address 'x.x.x.x'" log lines, and also avoid confusing clock jumps if the resolver is slow. Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha. o Minor features (port flags): - Add new flags to the *Port options to give finer control over which requests are allowed. The flags are NoDNSRequest, NoOnionTraffic, and the synthetic flag OnionTrafficOnly, which is equivalent to NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic. Closes enhancement 18693; patch by "teor". o Minor features (build, hardening): - Detect and work around a libclang_rt problem that would prevent clang from finding __mulodi4() on some 32-bit platforms, and thus keep -ftrapv from linking on those systems. Closes ticket 19079. - When building on a system without runtime support for the runtime hardening options, try to log a useful warning at configuration time, rather than an incomprehensible warning at link time. If expensive hardening was requested, this warning becomes an error. Closes ticket 18895. o Minor features (client, directory): - Since authorities now omit all routers that lack the Running and Valid flags, we assume that any relay listed in the consensus must have those flags. Closes ticket 20001; implements part of proposal 272. o Minor features (code safety): - In our integer-parsing functions, ensure that the maximum value we allow is no smaller than the minimum value. Closes ticket 19063; patch from "U+039b". o Minor features (compilation, portability): - Compile correctly on MacOS 10.12 (aka "Sierra"). Closes ticket 20241. o Minor features (config): - Warn users when descriptor and port addresses are inconsistent. Mitigates bug 13953; patch by teor. o Minor features (controller): - Allow controllers to configure basic client authorization on hidden services when they create them with the ADD_ONION controller command. Implements ticket 15588. Patch by "special". - Fire a STATUS_SERVER controller event whenever the hibernation status changes between "awake"/"soft"/"hard". Closes ticket 18685. - Implement new GETINFO queries for all downloads that use download_status_t to schedule retries. This allows controllers to examine the schedule for pending downloads. Closes ticket 19323. o Minor features (development tools, etags): - Teach the "make tags" Makefile target how to correctly find "MOCK_IMPL" function definitions. Patch from nherring; closes ticket 16869. o Minor features (directory authority): - After voting, if the authorities decide that a relay is not "Valid", they no longer include it in the consensus at all. Closes ticket 20002; implements part of proposal 272. - Directory authorities now only give the Guard flag to a relay if they are also giving it the Stable flag. This change allows us to simplify path selection for clients. It should have minimal effect in practice, since >99% of Guards already have the Stable flag. Implements ticket 18624. - Directory authorities now write their v3-status-votes file out to disk earlier in the consensus process, so we have a record of the votes even if we abort the consensus process. Resolves ticket 19036. o Minor features (fallback directory list, new since 0.2.9.7-rc): - Replace the 81 remaining fallbacks of the 100 originally introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks (123 new, 54 existing, 27 removed) generated in December 2016. Resolves ticket 20170. o Minor features (hidden service): - Stop being so strict about the payload length of "rendezvous1" cells. We used to be locked in to the "TAP" handshake length, and now we can handle better handshakes like "ntor". Resolves ticket 18998. o Minor features (infrastructure, time): - Tor now includes an improved timer backend, so that we can efficiently support tens or hundreds of thousands of concurrent timers, as will be needed for some of our planned anti-traffic- analysis work. This code is based on William Ahern's "timeout.c" project, which implements a "tickless hierarchical timing wheel". Closes ticket 18365. - Tor now uses the operating system's monotonic timers (where available) for internal fine-grained timing. Previously we would look at the system clock, and then attempt to compensate for the clock running backwards. Closes ticket 18908. o Minor features (logging): - Add a set of macros to check nonfatal assertions, for internal use. Migrating more of our checks to these should help us avoid needless crash bugs. Closes ticket 18613. - Provide a more useful warning message when configured with an invalid Nickname. Closes ticket 18300; patch from "icanhasaccount". - When dumping unparseable router descriptors, optionally store them in separate files, named by digest, up to a configurable size limit. You can change the size limit by setting the MaxUnparseableDescSizeToLog option, and disable this feature by setting that option to 0. Closes ticket 18322. o Minor features (performance): - Change the "optimistic data" extension from "off by default" to "on by default". The default was ordinarily overridden by a consensus option, but when clients were bootstrapping for the first time, they would not have a consensus to get the option from. Changing this default saves a round-trip during startup. Closes ticket 18815. o Minor features (relay, usability): - When the directory authorities refuse a bad relay's descriptor, encourage the relay operator to contact us. Many relay operators won't notice this line in their logs, but it's a win if even a few learn why we don't like what their relay was doing. Resolves ticket 18760. o Minor features (security, TLS): - Servers no longer support clients that lack AES ciphersuites. (3DES is no longer considered an acceptable cipher.) We believe that no such Tor clients currently exist, since Tor has required OpenSSL 0.9.7 or later since 2009. Closes ticket 19998. o Minor features (testing): - Disable memory protections on OpenBSD when performing our unit tests for memwipe(). The test deliberately invokes undefined behavior, and the OpenBSD protections interfere with this. Patch from "rubiate". Closes ticket 20066. - Move the test-network.sh script to chutney, and modify tor's test- network.sh to call the (newer) chutney version when available. Resolves ticket 19116. Patch by teor. - Use the lcov convention for marking lines as unreachable, so that we don't count them when we're generating test coverage data. Update our coverage tools to understand this convention. Closes ticket 16792. - Our link-handshake unit tests now check that when invalid handshakes fail, they fail with the error messages we expected. - Our unit testing code that captures log messages no longer prevents them from being written out if the user asked for them (by passing --debug or --info or --notice or --warn to the "test" binary). This change prevents us from missing unexpected log messages simply because we were looking for others. Related to ticket 19999. - The unit tests now log all warning messages with the "BUG" flag. Previously, they only logged errors by default. This change will help us make our testing code more correct, and make sure that we only hit this code when we mean to. In the meantime, however, there will be more warnings in the unit test logs than before. This is preparatory work for ticket 19999. - The unit tests now treat any failure of a "tor_assert_nonfatal()" assertion as a test failure. - We've done significant work to make the unit tests run faster. o Minor features (testing, ipv6): - Add the hs-ipv6 chutney target to make test-network-all's IPv6 tests. Remove bridges+hs, as it's somewhat redundant. This requires a recent chutney version that supports IPv6 clients, relays, and authorities. Closes ticket 20069; patch by teor. - Add the single-onion and single-onion-ipv6 chutney targets to "make test-network-all". This requires a recent chutney version with the single onion network flavors (git c72a652 or later). Closes ticket 20072; patch by teor. o Minor features (Tor2web): - Make Tor2web clients respect ReachableAddresses. This feature was inadvertently enabled in 0.2.8.6, then removed by bugfix 19973 on 0.2.8.7. Implements feature 20034. Patch by teor. o Minor features (unix domain sockets): - When configuring a unix domain socket for a SocksPort, ControlPort, or Hidden service, you can now wrap the address in quotes, using C-style escapes inside the quotes. This allows unix domain socket paths to contain spaces. Resolves ticket 18753. o Minor features (user interface): - Tor now supports the ability to declare options deprecated, so that we can recommend that people stop using them. Previously, this was done in an ad-hoc way. There is a new --list-deprecated-options command-line option to list all of the deprecated options. Closes ticket 19820. o Minor features (virtual addresses): - Increase the maximum number of bits for the IPv6 virtual network prefix from 16 to 104. In this way, the condition for address allocation is less restrictive. Closes ticket 20151; feature on 0.2.4.7-alpha. o Minor bug fixes (circuits): - Use the CircuitBuildTimeout option whenever LearnCircuitBuildTimeout is disabled. Previously, we would respect the option when a user disabled it, but not when it was disabled because some other option was set. Fixes bug 20073; bugfix on 0.2.4.12-alpha. Patch by teor. o Minor bugfixes (build): - The current Git revision when building from a local repository is now detected correctly when using git worktrees. Fixes bug 20492; bugfix on 0.2.3.9-alpha. o Minor bugfixes (relay address discovery): - Stop reordering IP addresses returned by the OS. This makes it more likely that Tor will guess the same relay IP address every time. Fixes issue 20163; bugfix on 0.2.7.1-alpha, ticket 17027. Reported by René Mayrhofer, patch by "cypherpunks". o Minor bugfixes (memory allocation): - Change how we allocate memory for large chunks on buffers, to avoid a (currently impossible) integer overflow, and to waste less space when allocating unusually large chunks. Fixes bug 20081; bugfix on 0.2.0.16-alpha. Issue identified by Guido Vranken. o Minor bugfixes (bootstrap): - Remember the directory server we fetched the consensus or previous certificates from, and use it to fetch future authority certificates. This change improves bootstrapping performance. Fixes bug 18963; bugfix on 0.2.8.1-alpha. o Minor bugfixes (circuits): - Make sure extend_info_from_router() is only called on servers. Fixes bug 19639; bugfix on 0.2.8.1-alpha. o Minor bugfixes (client, fascistfirewall): - Avoid spurious warnings when ReachableAddresses or FascistFirewall is set. Fixes bug 20306; bugfix on 0.2.8.2-alpha. o Minor bugfixes (client, unix domain sockets): - Disable IsolateClientAddr when using AF_UNIX backed SocksPorts as the client address is meaningless. Fixes bug 20261; bugfix on 0.2.6.3-alpha. o Minor bugfixes (code style): - Fix an integer signedness conversion issue in the case conversion tables. Fixes bug 19168; bugfix on 0.2.1.11-alpha. o Minor bugfixes (compilation): - Build correctly on versions of libevent2 without support for evutil_secure_rng_add_bytes(). Fixes bug 19904; bugfix on 0.2.5.4-alpha. - When building with Clang, use a full set of GCC warnings. (Previously, we included only a subset, because of the way we detected them.) Fixes bug 19216; bugfix on 0.2.0.1-alpha. - Detect Libevent2 functions correctly on systems that provide libevent2, but where libevent1 is linked with -levent. Fixes bug 19904; bugfix on 0.2.2.24-alpha. Patch from Rubiate. - Run correctly when built on Windows build environments that require _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha. o Minor bugfixes (configuration): - When parsing quoted configuration values from the torrc file, handle Windows line endings correctly. Fixes bug 19167; bugfix on 0.2.0.16-alpha. Patch from "Pingl". o Minor bugfixes (directory authority): - Authorities now sort the "package" lines in their votes, for ease of debugging. (They are already sorted in consensus documents.) Fixes bug 18840; bugfix on 0.2.6.3-alpha. - Die with a more useful error when the operator forgets to place the authority_signing_key file into the keys directory. This avoids an uninformative assert & traceback about having an invalid key. Fixes bug 20065; bugfix on 0.2.0.1-alpha. - When allowing private addresses, mark Exits that only exit to private locations as such. Fixes bug 20064; bugfix on 0.2.2.9-alpha. - When parsing a detached signature, make sure we use the length of the digest algorithm instead of a hardcoded DIGEST256_LEN in order to avoid comparing bytes out-of-bounds with a smaller digest length such as SHA1. Fixes bug 19066; bugfix on 0.2.2.6-alpha. o Minor bugfixes (getpass): - Defensively fix a non-triggerable heap corruption at do_getpass() to protect ourselves from mistakes in the future. Fixes bug 19223; bugfix on 0.2.7.3-rc. Bug found by Guido Vranken, patch by nherring. o Minor bugfixes (guard selection): - Don't mark guards as unreachable if connection_connect() fails. That function fails for local reasons, so it shouldn't reveal anything about the status of the guard. Fixes bug 14334; bugfix on 0.2.3.10-alpha. - Use a single entry guard even if the NumEntryGuards consensus parameter is not provided. Fixes bug 17688; bugfix on 0.2.5.6-alpha. o Minor bugfixes (hidden services): - Increase the minimum number of internal circuits we preemptively build from 2 to 3, so a circuit is available when a client connects to another onion service. Fixes bug 13239; bugfix on 0.1.0.1-rc. - Allow hidden services to run on IPv6 addresses even when the IPv6Exit option is not set. Fixes bug 18357; bugfix on 0.2.4.7-alpha. - Stop logging intro point details to the client log on certain error conditions. Fixed as part of bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor. - When deleting an ephemeral hidden service, close its intro points even if they are not completely open. Fixes bug 18604; bugfix on 0.2.7.1-alpha. - When configuring hidden services, check every hidden service directory's permissions. Previously, we only checked the last hidden service. Fixes bug 20529; bugfix on 0.2.6.2-alpha. o Minor bugfixes (IPv6, testing): - Check for IPv6 correctly on Linux when running test networks. Fixes bug 19905; bugfix on 0.2.7.3-rc; patch by teor. o Minor bugfixes (Linux seccomp2 sandbox): - Add permission to run the sched_yield() and sigaltstack() system calls, in order to support versions of Tor compiled with asan or ubsan code that use these calls. Now "sandbox 1" and "--enable-expensive-hardening" should be compatible on more systems. Fixes bug 20063; bugfix on 0.2.5.1-alpha. o Minor bugfixes (logging): - Downgrade a harmless log message about the pending_entry_connections list from "warn" to "info". Mitigates bug 19926. - Log a more accurate message when we fail to dump a microdescriptor. Fixes bug 17758; bugfix on 0.2.2.8-alpha. Patch from Daniel Pinto. - When logging a directory ownership mismatch, log the owning username correctly. Fixes bug 19578; bugfix on 0.2.2.29-beta. - When we are unable to remove the bw_accounting file, do not warn if the reason we couldn't remove it was that it didn't exist. Fixes bug 19964; bugfix on 0.2.5.4-alpha. Patch from pastly. o Minor bugfixes (memory leak): - Fix a series of slow memory leaks related to parsing torrc files and options. Fixes bug 19466; bugfix on 0.2.1.6-alpha. - Avoid a small memory leak when informing worker threads about rotated onion keys. Fixes bug 20401; bugfix on 0.2.6.3-alpha. - Fix a small memory leak when receiving AF_UNIX connections on a SocksPort. Fixes bug 20716; bugfix on 0.2.6.3-alpha. - When moving a signed descriptor object from a source to an existing destination, free the allocated memory inside that destination object. Fixes bug 20715; bugfix on 0.2.8.3-alpha. - Fix a memory leak and use-after-free error when removing entries from the sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on 0.2.5.5-alpha. Patch from "cypherpunks". - Fix a small, uncommon memory leak that could occur when reading a truncated ed25519 key file. Fixes bug 18956; bugfix on 0.2.6.1-alpha. o Minor bugfixes (option parsing): - Count unix sockets when counting client listeners (SOCKS, Trans, NATD, and DNS). This has no user-visible behavior changes: these options are set once, and never read. Required for correct behavior in ticket 17178. Fixes bug 19677; bugfix on 0.2.6.3-alpha. Patch by teor. o Minor bugfixes (options): - Check the consistency of UseEntryGuards and EntryNodes more reliably. Fixes bug 20074; bugfix on 0.2.4.12-alpha. Patch by teor. - Stop changing the configured value of UseEntryGuards on authorities and Tor2web clients. Fixes bug 20074; bugfix on commits 51fc6799 in 0.1.1.16-rc and acda1735 in 0.2.4.3-alpha. Patch by teor. o Minor bugfixes (relay): - Ensure relays don't make multiple connections during bootstrap. Fixes bug 20591; bugfix on 0.2.8.1-alpha. - Do not try to parallelize workers more than 16x without the user explicitly configuring us to do so, even if we do detect more than 16 CPU cores. Fixes bug 19968; bugfix on 0.2.3.1-alpha. o Minor bugfixes (testing): - The test-stem and test-network makefile targets now depend only on the tor binary that they are testing. Previously, they depended on "make all". Fixes bug 18240; bugfix on 0.2.8.2-alpha. Based on a patch from "cypherpunks". - Allow clients to retry HSDirs much faster in test networks. Fixes bug 19702; bugfix on 0.2.7.1-alpha. Patch by teor. - Avoid a unit test failure on systems with over 16 detectable CPU cores. Fixes bug 19968; bugfix on 0.2.3.1-alpha. - Let backtrace tests work correctly under AddressSanitizer: disable ASAN's detection of segmentation faults while running test_bt.sh, so that we can make sure that our own backtrace generation code works. Fixes bug 18934; bugfix on 0.2.5.2-alpha. Patch from "cypherpunks". - Fix the test-network-all target on out-of-tree builds by using the correct path to the test driver script. Fixes bug 19421; bugfix on 0.2.7.3-rc. - Stop spurious failures in the local interface address discovery unit tests. Fixes bug 20634; bugfix on 0.2.8.1-alpha; patch by Neel Chauhan. - Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has removed the ECDH ciphers which caused the tests to fail on platforms which use it. Fixes bug 20460; bugfix on 0.2.8.1-alpha. - The tor_tls_server_info_callback unit test no longer crashes when debug-level logging is turned on. Fixes bug 20041; bugfix on 0.2.8.1-alpha. o Minor bugfixes (time): - Improve overflow checks in tv_udiff and tv_mdiff. Fixes bug 19483; bugfix on all released tor versions. - When computing the difference between two times in milliseconds, we now round to the nearest millisecond correctly. Previously, we could sometimes round in the wrong direction. Fixes bug 19428; bugfix on 0.2.2.2-alpha. o Minor bugfixes (Tor2web): - Prevent Tor2web clients from running hidden services: these services are not anonymous due to the one-hop client paths. Fixes bug 19678. Patch by teor. o Minor bugfixes (user interface): - Display a more accurate number of suppressed messages in the log rate-limiter. Previously, there was a potential integer overflow in the counter. Now, if the number of messages hits a maximum, the rate-limiter doesn't count any further. Fixes bug 19435; bugfix on 0.2.4.11-alpha. - Fix a typo in the passphrase prompt for the ed25519 identity key. Fixes bug 19503; bugfix on 0.2.7.2-alpha. o Code simplification and refactoring: - Remove redundant declarations of the MIN macro. Closes ticket 18889. - Rename tor_dup_addr() to tor_addr_to_str_dup() to avoid confusion. Closes ticket 18462; patch from "icanhasaccount". - Split the 600-line directory_handle_command_get function into separate functions for different URL types. Closes ticket 16698. o Documentation: - Add module-level internal documentation for 36 C files that previously didn't have a high-level overview. Closes ticket 20385. - Correct the IPv6 syntax in our documentation for the VirtualAddrNetworkIPv6 torrc option. Closes ticket 19743. - Correct the minimum bandwidth value in torrc.sample, and queue a corresponding change for torrc.minimal. Closes ticket 20085. - Fix spelling of "--enable-tor2web-mode" in the manpage. Closes ticket 19153. Patch from "U+039b". - Module-level documentation for several more modules. Closes tickets 19287 and 19290. - Document the --passphrase-fd option in the tor manpage. Fixes bug 19504; bugfix on 0.2.7.3-rc. - Document the default PathsNeededToBuildCircuits value that's used by clients when the directory authorities don't set min_paths_for_circs_pct. Fixes bug 20117; bugfix on 0.2.4.10-alpha. Patch by teor, reported by Jesse V. - Fix manual for the User option: it takes a username, not a UID. Fixes bug 19122; bugfix on 0.0.2pre16 (the first version to have a manpage!). - Fix the description of the --passphrase-fd option in the tor-gencert manpage. The option is used to pass the number of a file descriptor to read the passphrase from, not to read the file descriptor from. Fixes bug 19505; bugfix on 0.2.0.20-alpha. o Removed code: - We no longer include the (dead, deprecated) bufferevent code in Tor. Closes ticket 19450. Based on a patch from "U+039b". o Removed features: - Remove support for "GET /tor/bytes.txt" DirPort request, and "GETINFO dir-usage" controller request, which were only available via a compile-time option in Tor anyway. Feature was added in 0.2.2.1-alpha. Resolves ticket 19035. - There is no longer a compile-time option to disable support for TransPort. (If you don't want TransPort, just don't use it.) Patch from "U+039b". Closes ticket 19449. o Testing: - Run more workqueue tests as part of "make check". These had previously been implemented, but you needed to know special command-line options to enable them. - We now have unit tests for our code to reject zlib "compression bombs". (Fortunately, the code works fine.)
2017-01-04Revert previous, not needed. erlang framework prefixes "erlang".wiz1-2/+1
2017-01-04Make PKGNAME match directory name.wiz1-1/+2
2017-01-04Updated net/mrstat to 1.21abs2-13/+11
v1.21 update email and man reference, plus switch from googlecode
2017-01-04Use the curses framework.roy7-16/+18
2017-01-04Use the curses framework.roy1-7/+2
2017-01-04Use the curses framework.roy2-5/+6
2017-01-04Enable erlang-xmppfhajny1-1/+2
2017-01-04Remove build dependency on ncurses because libsoup doesn't use cursesroy1-8/+2
even indirectly and py-curses no longer depends on ncurses.
2017-01-04Use the curses framework.roy1-2/+2
2017-01-04Use the curses framework.roy1-3/+4
2017-01-04- inet6 patch: update to latestschmonz3-9/+10
- ucspi-tcp-nodefaultrbl patch: add SHA512 Bump PKGREVISION.
2017-01-04Use the curses framework.roy1-2/+2
2017-01-04Use the curses framework.roy1-2/+2
2017-01-03Import erlang-xmpp-1.1.14 as net/erlang-xmpp.fhajny5-0/+92
Fast Expat based Erlang XML parsing and manipulation library, with a strong focus on XML stream parsing from network.
2017-01-03Update net/erlang-esip to 1.0.10.fhajny3-15/+15
Version 1.0.10 - Use stun 1.0.9 - Use fast_tls 1.0.9 Version 1.0.9 - Use p1_utils 1.0.6 - Make sure esip_codec isn't compiled to native code - Update fast_tls and stun
2017-01-03Update net/erlang-stun to 1.0.9.fhajny3-13/+13
Version 1.0.9 - Use fast_tls 1.0.9 Version 1.0.8 - Use p1_utils 1.0.6 - Update Fast TLS
2017-01-03chrony does not use curses.roy1-3/+2
2017-01-03Use "${MV} || ${TRUE}" and "${RM} -f" consistently in post-install targets.jperkin4-31/+31
2017-01-03Updated syncthing to 0.14.18.wiz2-7/+7
This is a hotfix release to fix connectivity issues between 0.14.17 and previous Syncthing releases. Resolved issues: #3855: Connections to older Syncthing versions are no longer closed due to unmarshalling message: proto: wrong wireType = 2 for field BlockIndexes.
2017-01-03Update openconnect to version 7.08khorben3-8/+8
Changelog: Add SHA256 support for server cert hashes. Enable DHE ciphers for Cisco DTLS. Increase initial oNCP configuration buffer size. Reopen CONIN$ when stdin is redirected on Windows. Improve support for point-to-point routing on Windows. Check for non-resumed DTLS sessions which may indicate a MiTM attack. Add TUNIDX environment variable on Windows. Fix compatibility with Pulse Secure 8.2R5. Fix IPv6 support in Solaris. Support DTLS automatic negotiation. Support --key-password for GnuTLS PKCS#11 PIN. Support automatic DTLS MTU detection with OpenSSL. Drop support for combined GnuTLS/OpenSSL build. Update OpenSSL to allow TLSv1.2, improve compatibility options. Remove --no-cert-check option. It was being (mis)used. Fix OpenSSL support for PKCS#11 EC keys without public key. Support for final OpenSSL 1.1 release. Fix polling/retry on "tun" socket when buffers full. Fix AnyConnect server-side MTU setting. Fix ESP replay detection. Allow build with LibreSSL (for fetishists only; do not use this as DTLS is broken). Add certificate torture test suite. Support PKCS#11 PIN via pin-value= and --key-password for OpenSSL. Fix integer overflow issues with ESP packet replay detection. Add --pass-tos option as in OpenVPN. Support rôle selection form in Juniper VPN. Support DER-format certificates, add certificate format torture tests. For OpenSSL >= 1.0.2, fix certificate validation when only an intermediate CA is specified with the --cafile option. Support Juniper "Pre Sign-in Message".
2017-01-02Update to 1.60.0wen3-8/+9
Upstream changes: v1.60.0 TCP multi-packet support fixed Response 'Message' now included with exception. Docs added CNAME dynamic update fix
2017-01-02Update nagios-plugin-mysqlslave to 0.2manu2-7/+7
This update fixes SSL connexions.
2017-01-01Revbump after boost updateadam37-73/+74
2017-01-01Updated filezilla to 3.23.0.2.wiz4-96/+81
3.23.0.2 (2016-12-06) Bugfixes and minor changes: Key file paths entered in the Site Manager are now saved to corresponding server entries in the transfer queue MSW: Work around a bug in wxWidgets causing bad icons in the remote directory tree due to wxImageList::GetBitmap errorneously stripping the alpha channel from images Allow relative paths and environment variables in the "Cache directory" setting. 3.23.0.1 (2016-12-06) Bugfixes and minor changes: Work around a bug in wxWidgets that has been causing a virtually infinite loop when deleting toolbar buttons 3.23.0 (2016-12-05) Bugfixes and minor changes: Speed up icon scaling and cache scaled icons for faster subsequent loading. The cache directory can be changed through fzdefaults.xml using the "Cache directory" setting OS X: Fixed icon display on high-DPI displays in a few more dialogs Loading a corrupted layout.xml or search.xml no longer shows an error message, these files are now silently overwritten MSW: Fixed a regression where UNC paths where not handled correctly as config location in fzdefaults.xml 3.23.0-rc1 (2016-11-28) New features: New high-resolution icons Improvements to the sizing of icons and other user interface elements on high-DPI displays. For technical reasons, existing theme settings have been reverted to their default values. They can be changed again in the settings dialog. Make use of the Unix.ownername and Unix.groupname facts for MLSD if available Bugfixes and minor changes: The bookmarks menu updates again after changing global bookmarks Adding a site to the Site Manager as part of adding a site-specific bookmark no longer fails if sitemanager.xml does not yet exist Strip byte order marks at the beginning of directory listings Add an option to filezilla.xml to control cache ttl 3.22.2.2 (2016-11-01) Bugfixes and minor changes: Fixed trimming of FEAT response lines leading to incorrectly detected server features 3.22.2.1 (2016-11-01) Bugfixes and minor changes: OS X: Rebuilt to work around a nasty bug in XCode: Even when linking with -Wl,-no-weak-imports it links against functions not available on older OS X versions Fixed a crash on exotic servers only implementing factless MLST/MLSD 3.22.2 (2016-11-01) Bugfixes and minor changes: Tuned appearance of progress bar in transfer queue 3.22.2-rc2 (2016-10-28) Bugfixes and minor changes: SFTP: Renaming a file or directory where the new name already refers to a directory no longer moves the file into this directory. Fix regression from -rc1 with custom ports in the quickconnect bar Fix regression from -rc1 parsing the EPSV reply 3.22.2-rc1 (2016-10-25) New features: Building and running FileZilla now depends on libfilezilla >= 0.8.0 (https://lib.filezilla-project.org/). Bugfixes and minor changes: Non-existing key files are no longer silently dropped from the SFTP page in the settings dialog Further abbreviate log output if transferring files using SFTP Generic proxy usernames and passwords containing non-ASCII characters are again handled correctly Fixed an assertion if Ctrl+A is pressed in an empty file list *nix: Fixed color of status message in the message log *nix, OS X: Fixed an assertion adding files to the queue after having selected a large range of items *nix, OS X: Fixed an assertion due to a timing issue when renaming local files 3.22.1 (2016-10-03) Bugfixes and minor changes: OS X: Work around a nasty bug in XCode where programs explicitly compiled for older versions of OS X were silently pulling in features exclusive to the new version, resulting in crashes at runtime Fixed a potential crash when using SFTP 3.22.0 (2016-10-01) Bugfixes and minor changes: Bookmarks with the "Directory comparison" checkbox set now work correctly MSW: Fix background clearing issue on the size format settings page MSW: Toggling the log timestamp option no longer results in wrong log colors Fix for premature queue completion action 3.22.0-rc1 (2016-09-24) New features: Directory listing filters can now be exported and imported Added the "not all" filter match type to filter out all items not matching all conditions Added the "not all" search match type to search for all items not matching all conditions Building and running FileZilla now depends on libfilezilla >= 0.7.0 (https://lib.filezilla-project.org/). Building and running FileZilla now depends on GnuTLS >= 3.4.15 Bugfixes and minor changes: Speed up creation of socket and file i/o threads through the use of a thread pool Replace invalid characters in filenames when calculating the local filename for editing remote files The updater can now handle HTTPS servers that redirect to other HTTPS servers SFTP: Try password based login if a password-protected keyfile is rejected by the server instead of failing the login MSW: Tee shell extension now supports long paths on Windows 10
2017-01-01Updated libfilezilla to 0.9.0.wiz3-9/+10
2016-11-28 - libfilezilla 0.9.0 released New features: Added parameter to fz::to_integral to specify which value is returned on error. Added fz::remove_file Added fz::hex_encode and fz::hex_decode 2016-10-25 - libfilezilla 0.8.0 released New features: Added fz::str_toupper_ascii to complement fz::str_tolower_ascii Added fz::trim and fz::trimmed for removing leading and trailing whitespace from string Added fz::str_is_ascii Bugfixes and minor changes: Fixed zero-padding for x and X string format conversion specifiers 2016-10-03 - libfilezilla 0.7.1 released Bugfixes and minor changes: OS X: Work around a nasty bug in XCode where programs explicitly compiled for older versions of OS X were silently pulling in features exclusive to the new version, resulting in crashes at runtime MSW: Fix detection of thread creation failures
2017-01-01Add python-3.6 to incompatible versions.wiz55-110/+110