Age | Commit message (Collapse) | Author | Files | Lines |
|
This is a very large change, and incorporates the 4.8, 4.10, and 4.12 major
Xfce releases since 4.6.2, our previous pkgsrc release. For more information
about the thousands of changes in each major release since then, please see:
Xfce 4.12 announcement:
http://www.xfce.org/about/news
Xfce 4.12 tour:
http://www.xfce.org/about/tour
Xfce 4.10 announcement:
http://www.xfce.org/about/news/?post=1335571200
Xfce 4.10 tour:
http://www.xfce.org/about/tour410
Xfce 4.8 announcement:
http://www.xfce.org/about/news/?post=1295136000
Xfce 4.8 tour:
http://www.xfce.org/about/tour48
The pkgsrc changes since then are:
New packages:
archivers/xfce4-thunar-archive
graphics/elementary-xfce-icon-theme
mail/xfce4-mailwatch-plugin
misc/xfce4-time-out-plugin
multimedia/xfce4-thunar-media-tags
sysutils/xfce4-mount-plugin
sysutils/xfce4-taskmanager
sysutils/xfce4-thunar-vcs
sysutils/xfce4-verve-plugin
x11/xfce4-garcon
x11/xfce4-notifyd
x11/xfce4-tumbler
x11/xfce4-whiskermenu-plugin
Renamed packages:
devel/xfconf to devel/xfce4-conf
x11/libxfce4menu to x11/libxfce4ui
x11/xfce4-screenshooter-plugin to x11/xfce4-screenshooter
Updated packages:
audio/xfce4-mixer
audio/xfce4-xmms-plugin
devel/xfce4-dev-tools
editors/xfce4-mousepad
graphics/ristretto
meta-pkgs/xfce4-extras
meta-pkgs/xfce4
misc/xfce4-weather-plugin
multimedia/xfce4-mpc-plugin
net/xfce4-wavelan-plugin
sysutils/xfce4-appfinder
sysutils/xfce4-battery-plugin
sysutils/xfce4-cpugraph-plugin
sysutils/xfce4-diskperf-plugin
sysutils/xfce4-fsguard-plugin
sysutils/xfce4-genmon-plugin
sysutils/xfce4-netload-plugin
sysutils/xfce4-quicklauncher-plugin
sysutils/xfce4-systemload-plugin
sysutils/xfce4-thunar
sysutils/xfce4-xarchiver
sysutils/xfce4-xkb-plugin
textproc/xfce4-dict-plugin
time/xfce4-datetime-plugin
time/xfce4-orage
time/xfce4-timer-plugin
wm/xfce4-wm-themes
wm/xfce4-wm
x11/libxfce4gui
x11/libxfce4util
x11/xfce4-clipman-plugin
x11/xfce4-desktop
x11/xfce4-exo
x11/xfce4-eyes-plugin
x11/xfce4-gtk2-engine
x11/xfce4-notes-plugin
x11/xfce4-panel
x11/xfce4-places-plugin
x11/xfce4-session
x11/xfce4-settings
x11/xfce4-terminal
Removed packages:
sysutils/xfce4-volman
x11/xfce4-utils
This is based on a huge amount of work by the NetBSDfr team and Youri Mouton,
who takes over as MAINTAINER, and has been tested by Youri on a large number
of platforms prior to commit. A massive thanks to them. Any issues with the
import are mine alone as the committer-by-proxy.
|
|
several bug fixes, improved CGI support, and a more mandoc-friendly
man page.
Provided by Jeff Woodall in PR 49585.
|
|
v1.17: 09MAR2015
Support RFC5952-style IPv6 addresses, e.g. [::]:443.
Transparant proxy support for FreeBSD.
(Ruben van Staveren)
Using -F with no argument will try
/etc/sslh/sslh.cfg and then /etc/sslh.cfg as
configuration files. (argument to -F can no longer
be separated from the option by a space, e.g. must
be -Ffoo.cfg)
Call setgroups() before setgid() (fixes potential
privilege escalation).
(Lars Vogdt)
Use portable way of getting modified time for OSX
support.
(Aaron Madlon-Kay)
Example configuration for fail2ban.
(Every Mouw)
|
|
Twisted Core 15.1.0 (2015-04-02)
================================
Features
--------
- Optional dependencies can be installed using the extra_requires
facility provided by setuptools. (#3696)
Improved Documentation
----------------------
- Twisted Trial's basics documentation now has a link to the
documentation about how Trial finds tests. (#4526)
Deprecations and Removals
-------------------------
- twisted.application.internet.UDPClient, deprecated since Twisted
13.1.0, has been removed. (#7702)
Other
-----
- #6988, #7005, #7006, #7007, #7008, #7044, #7335, #7666, #7723,
#7724, #7725, #7748, #7763, #7765, #7766, #7768
Twisted Mail 15.1.0 (2015-04-02)
================================
Bugfixes
--------
- twisted.mail.smtp.ESMTPClient now does not fall back to plain SMTP
if authentication or TLS is required and not able to occur. (#7258)
Other
-----
- #6705
Twisted Names 15.1.0 (2015-04-02)
=================================
No significant changes have been made for this release.
Other
-----
- #7728
Twisted Runner 15.1.0 (2015-04-02)
==================================
No significant changes have been made for this release.
Other
-----
- #7726
Twisted Web 15.1.0 (2015-04-02)
===============================
Features
--------
- twisted.web.static.File allows defining a custom resource for
rendering forbidden pages. (#6951)
Other
-----
- #7000, #7485, #7750, #7762
Twisted Words 15.1.0 (2015-04-02)
=================================
Deprecations and Removals
-------------------------
- twisted.words.protocols.msn is now deprecated (#6395)
Other
-----
- #6494
|
|
* Release 0.8.0 (15-Apr-2015)
** UnauthenticatedTub is gone
As announced in the previous release, UnauthenticatedTub has been removed.
All Tubs are fully authenticated now.
** Security Improvements
Foolscap now generates better TLS certificates, with 2048-bit RSA keys and
SHA256 digests. Previous versions used OpenSSL's defaults, which typically
meant 1024-bit MD5.
To benefit from the new certificates, you must regenerate your Tubs, which
means creating new FURLs (with new TubIDs). Previously-created Tubs will
continue to work normally: only new Tubs will be different.
** Packaging/Dependency Changes
setup.py now requires setuptools
Foolscap now requires pyOpenSSL unconditionally, because all Tubs are
authenticated.
We now recommend "pip install ." to install Foolscap and all its
dependencies, instead of "python setup.py install". See #231 for details.
|
|
|
|
dependency. Bump BUILDLINK_A{B,P}I* in buildlink3.mk due to API changes.
From NEWS:
== GNU ZRTP 4.4.0 ==
Changes the handling of HMAC and Hash contexts to avoild tool
many malloc/free calls and thus memory pointer problems.
Enhance the handling an check the nonce when using multi-stream
mode. This required a modification to the class file and some
modifications on the API. The old functions are now deprecated
but still usable. Nevertheless you should change your application
to use the new fuctions which support the new nonce handling and
checks.
Some bug fixing as well.
== GNU ZRTP 4.3.1 ==
This is a bugfix release. It fixes several compiler issues in
iOS8 Clang, Mircosoft C++ compiler (VS 2012) etc.
This release also adds a fix to address a possible problem when
using 'memset(...)' on a memory area immediately followed by a
'free(...)' call to free this memory area. Some compilers may
otpimize the code and do not call 'memset(...)'. That's bad for
software that deals with secure keys :-) . The fix removes this
possible vulnerability.
== GNU ZRTP 4.3.0 ==
This version adds some new API that provide to set retry timer
values and to get some retry counters.
Application may now set some values of the retry counters during
the discovery (Hello) and the negotiation phase. Applications may
increase the number of retries or modify the capping to support
slow or bad networks.
To get some idea about the actual number of retries during ZRTP
negotiation an application may now use the new API to get an array
of counters. The ZRTP state engine records how many retries occured
during the different protocol states.
Note: only the ZRTP initiator performs packet retries after the
discovery (Hello) phase. The responder would always return zero
alues for the other retry counters.
Because we have a new set of functions the API changed, thus it's
necessary to recompile applications that use the new library version.
== GNU ZRTP 4.2.4 ==
Only small changes to enable Android X86 (see clients/tivi/android)
as an example.
Rename functions aes_init() to aes_init_zrtp() to avoid names clashes
with other libreries that may include own AES modules.
== GNU ZRTP 4.2.3 ==
The optional SAS relay feature (refer to RFC6189, chapter 7.3) is
not longer compiled by default. If your project needs this support
then modify the CMakeLists.txt file and uncomment a 'add_definition'
statments. See comment in the CMakelists.txt file.
The reasons to disable this optional feature in the default build:
it's rarely used and some concerns about misusing this feature.
== GNU ZRTP 4.2.2 ==
A small enhancement in SRTP handling to provide a longer bit-shift
register with 128 bits. The replay now check accepts packets which
are up to 127 sequence number behing the current packet. The upper
layer (codecs) gets more packets on slower/bad networks that we may
see on mobile 3G/4G connections.
If the codecs do not remove silence then this may lead to some longer
audio replay, similar to sattelite communication.
== GNU ZRTP 4.2.1 ==
Bug fixes in the SRTP part that checks for replay and updates the ROC.
The wrong computations lead to false replay indications and to wrong
HMAC, thus they dropped to much packets, in particular under bad network
conditions.
Changed the handling the the zrtp_getSasType function the the ZrtpCWrapper.
Please check the inline documentation and the compiler warning how to
use the return value of the function.
|
|
libgcrypt doesn't get used if openssl is installed. There's no way of disabling
openssl if it's found. Fix infodir using SUBST. Depends on latest version of
ucommon. From ChangeLog:
Changes from 2.1.1 to 2.1.2
- use ucommon cmake macros
- copyright assignment to Cherokees of Idaho
- copyright updates and corrections to bring current
Changes from 2.1.0 to 2.1.1
- fix endianness checks
- cleanup alloc/dealloc
- configure: fix libtoolize warning
- requires ucommon 6.2.2 for endian fixes
Changes from 2.0.9 to 2.1.0
- configure: add option to disable compilation of demos
- OSX: Check for macports glibtoolize.
- modernized cmake
- use standard header for malloc
- uptick of abi version for ucommon
2014-04-14 David Sugar (for 2.0.9)
Merged fix from Alexandre Lision for initial rtcp seq #
|
|
Changes:
2015.04.17
[QQMusic] Add new extractor
[srf] Add new extractor
2015.04.09
[Gamersyde] Add new extractor
[RadioJavan] Add new extractor
Remove check for ssl certs: When it uses a capath instead of a cafile,
'get_ca_certs' or 'cert_store_stats' only returns certificates already used in
a connection
[udn] Add new extractor
2015.04.03
[Dumpert] Add new extractor (Dutch video site Dumpert)
2015.03.28
[22tracks] Add new extractor
[Varzesh3] Add new extractor
2015.03.24
[safari] Add safaribooksonline extractor
[pornovoisines] Add extractor
[MiomioTV] Add new extractor
[nrk:playlist] Add extractor
2015.03.18
[ultimedia] Add extractor
[primesharetv] Add primeshare.tv extractor
[rtve] Add new extractor for rtve infantil
2015.03.15
[viewster] Add extractor
[kanalplay] Add extractor
[footyroom] Add extractor
[ssa] Add extractor
[yamusic] rename to yandexmusic
2015.03.09
[pladform] Add extractor
[gazeta] Add new extractor
[eagleplatform] Add extractor
[douyutv] Add new extractor
[playwire] Add extractor
2015.03.03.1
Make sure netrc works for all extractors with login support
2015.03.03
[downloader/external] Add support for custom options
2015.02.28
[thechive] remove in favor of Kaltura
[oppetarkiv] Add new extractor and merge with svtplay
[odnoklassniki] Add extractor
[kaltura] Add new extractor
[TheChiveIE] added support for thechive.com
|
|
|
|
This minor maintenance release provides accumulated build configuration
improvements and janitorial cleanups.
Alan Coopersmith (6):
Print which option was in error along with usage message
Add -version option to print program version
This is not a GNU project, so declare it foreign.
configure: Drop AM_MAINTAINER_MODE
autogen.sh: Honor NOCONFIGURE=1
xfindproxy 1.0.4
|
|
* Fix "-sqlite ssl" build (pkg-config required).
* Fix -nls build (PLIST problem).
Changelog:
aria2 1.18.10
=============
Release Note
------------
This releases fixes several bugs reported since the last release.
Changes
-------
* Add encoding specifier to Russian man page
Fixes GH-341
* Mingw: Use _wgetenv to get user's home directory
Fixes GH-342
* Handle linux getrandom returning EINTR on interrupts/signals
Also handle ENOTSUP failures where aria2 was build with linux
headers newer than the actual running kernel.
Fixes GH-336
aria2 1.18.9
============
Release Note
------------
This releases fixes memory leak with OpenSSL and crash on OSX when
proxy is used. We added several new features. Adler32 checksum is
now available in --checksum option and hash element in Metalink files.
We added --bt-detach-seed-only option, which excludes seed-only
downloads when counting concurrent active downloads (-j option). We
disabled SSLv3 by default. If you ever want to enable it or further
tune the TLS protocols to enable, use new --min-tls-version option.
--bt-force-encryption option was added to make requiring BitTorrent
full encryption easier. From this release, we build Android binary
using API level 16.
Changes
-------
* Support HTTP date ending "+0000" as well as "GMT".
Closes GH-330
* Revise getRandom facilities
Use one of the following to provide random bytes:
- Windows CryptGenRandom
- Linux getrandom (syscall interface to urandom, without nasty
corner cases such as file descriptor exhaustion or re-linked
/dev/urandom)
- std::device_random (C++ random device, which usually will be
urandom)
This also equalizes util::getRandom and SimpleRandomizer (the former
will now use the latter) instead of having essentially two different
PRNG interfaces with potentially different quality.
Closes GH-320
* Added debug log of all Metalink URLs with final priorities
Patch from Dan Fandrich
* Use gcc-4.9 and android-16 API level for android build
* Add --bt-force-encryption option
This option requires BitTorrent message payload encryption with
arc4. This is a shorthand of --bt-requre-crypto
--bt-min-crypto-level=arc4. If true is given, deny legacy
BitTorrent handshake and only use Obfuscation handshake and always
encrypt message payload. This option defaults to false.
* TLS: Fix memory leak with OpenSSL
Based on the patch submitted by midnight2k
* Warn about insecure SSL connections.
Fixed GH-313
* Add --min-tls-version option
The --min-tls-version option specifies minimum SSL/TLS version to
enable. Possible Values: SSLv3, TLSv1, TLSv1.1, TLSv1.2 Default:
TLSv1
* LibsslTLSContext: Disable SSLv3 and enable ECDHE cipher suites
* Add Dockerfile.mingw
Dockerfile.mingw builds aria2 Windows binary. It is probably the
easiest way to build the Windows binary.
* Fix crash when JSON batch response vector is empty
* Fix doc: Wrong rpc secret token prefix
* Add --bt-detach-seed-only option
This option excludes seed only downloads when counting concurrent
active downloads (-j option). This means that if -j3 is given and
this option is turned on and 3 downloads are active and one of those
enters seed mode, then it is excluded from active download count
(thus it becomes 2), and the next download waiting in queue gets
started. But be aware that seeding item is still recognized as
active download in RPC method.
* mingw: Use MoveFileExW for better atomic move
* Work around libintl's vprintf macro messing with OutputFile::vprintf
Patch from David Macek
* Fix crash on OSX when proxy is used
See GH-275
* Support Adler32 checksum
Adler32 checksum is available for --checksum option and hash element
in Metalink files. Currently, we use Adler32 implementation in
Zlib.
|
|
|
|
tech-pkg@ and pkgsrc-users@.
|
|
since 1.29 see file NEWS in the distfile.
Security fixes since 1.29:
* Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021)
(incompatible with previous protocol version, chronyc supports both)
* Protect authenticated symmetric NTP associations against DoS attacks
(CVE-2015-1799)
* Fix access configuration with subnet size indivisible by 4 (CVE-2015-1821)
* Fix initialization of reply slots for authenticated commands (CVE-2015-1822)
|
|
FreeBSD. Resolves PR #49703.
|
|
|
|
----------------
lldpd (0.7.14)
* Features:
+ Shutdown LLPDU are sent on MSAP change and when lldpd exits.
+ When an exact IP is provided as a management pattern, use it
unconditionally.
+ Ability to set port ID and description to an arbitrary value,
thanks to Alexandru Ardelean.
* Fix:
+ Incorrect boundary check when decoding management address and
protocol identity may lead to lldpd crash when processing
malformed LLDPDU.
+ Many edge cases where lldpd was leaving hanging processes after
crashing.
|
|
|
|
|
|
|
|
* don't die when IPv6 is enabled and interface has no IPv4 address
* IP wildcard for AddPinhole() is empty string
|
|
Changes in version 0.2.5.12 - 2015-04-06
Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
could be used by an attacker to crash hidden services, or crash clients
visiting hidden services. Hidden services should upgrade as soon as
possible; clients should upgrade whenever packages become available.
This release also backports a simple improvement to make hidden
services a bit less vulnerable to denial-of-service attacks.
o Major bugfixes (security, hidden service):
- Fix an issue that would allow a malicious client to trigger an
assertion failure and halt a hidden service. Fixes bug 15600;
bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
- Fix a bug that could cause a client to crash with an assertion
failure when parsing a malformed hidden service descriptor. Fixes
bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
o Minor features (DoS-resistance, hidden service):
- Introduction points no longer allow multiple INTRODUCE1 cells to
arrive on the same circuit. This should make it more expensive for
attackers to overwhelm hidden services with introductions.
Resolves ticket 15515.
|
|
NTP 4.2.8p2 (Harlan Stenn <stenn@ntp.org>, 2015/04/xx)
Focus: Security and Bug fixes, enhancements.
Severity: MEDIUM
In addition to bug fixes and enhancements, this release fixes the
following medium-severity vulnerabilities involving private key
authentication:
* [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
References: Sec 2779 / CVE-2015-1798 / VU#374268
Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not
including ntp-4.2.8p2 where the installation uses symmetric keys
to authenticate remote associations.
CVSS: (AV:A/AC:M/Au:N/C:P/I:P/A:P) Base Score: 5.4
Date Resolved: Stable (4.2.8p2) 07 Apr 2015
Summary: When ntpd is configured to use a symmetric key to authenticate
a remote NTP server/peer, it checks if the NTP message
authentication code (MAC) in received packets is valid, but not if
there actually is any MAC included. Packets without a MAC are
accepted as if they had a valid MAC. This allows a MITM attacker to
send false packets that are accepted by the client/peer without
having to know the symmetric key. The attacker needs to know the
transmit timestamp of the client to match it in the forged reply
and the false reply needs to reach the client before the genuine
reply from the server. The attacker doesn't necessarily need to be
relaying the packets between the client and the server.
Authentication using autokey doesn't have this problem as there is
a check that requires the key ID to be larger than NTP_MAXKEY,
which fails for packets without a MAC.
Mitigation:
Upgrade to 4.2.8p2, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Configure ntpd with enough time sources and monitor it properly.
Credit: This issue was discovered by Miroslav Lichvar, of Red Hat.
* [Sec 2781] Authentication doesn't protect symmetric associations against
DoS attacks.
References: Sec 2781 / CVE-2015-1799 / VU#374268
Affects: All NTP releases starting with at least xntp3.3wy up to but
not including ntp-4.2.8p2 where the installation uses symmetric
key authentication.
CVSS: (AV:A/AC:M/Au:N/C:P/I:P/A:P) Base Score: 5.4
Note: the CVSS base Score for this issue could be 4.3 or lower, and
it could be higher than 5.4.
Date Resolved: Stable (4.2.8p2) 07 Apr 2015
Summary: An attacker knowing that NTP hosts A and B are peering with
each other (symmetric association) can send a packet to host A
with source address of B which will set the NTP state variables
on A to the values sent by the attacker. Host A will then send
on its next poll to B a packet with originate timestamp that
doesn't match the transmit timestamp of B and the packet will
be dropped. If the attacker does this periodically for both
hosts, they won't be able to synchronize to each other. This is
a known denial-of-service attack, described at
https://www.eecis.udel.edu/~mills/onwire.html .
According to the document the NTP authentication is supposed to
protect symmetric associations against this attack, but that
doesn't seem to be the case. The state variables are updated even
when authentication fails and the peers are sending packets with
originate timestamps that don't match the transmit timestamps on
the receiving side.
This seems to be a very old problem, dating back to at least
xntp3.3wy. It's also in the NTPv3 (RFC 1305) and NTPv4 (RFC 5905)
specifications, so other NTP implementations with support for
symmetric associations and authentication may be vulnerable too.
An update to the NTP RFC to correct this error is in-process.
Mitigation:
Upgrade to 4.2.8p2, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Note that for users of autokey, this specific style of MITM attack
is simply a long-known potential problem.
Configure ntpd with appropriate time sources and monitor ntpd.
Alert your staff if problems are detected.
Credit: This issue was discovered by Miroslav Lichvar, of Red Hat.
* New script: update-leap
The update-leap script will verify and if necessary, update the
leap-second definition file.
It requires the following commands in order to work:
wget logger tr sed shasum
Some may choose to run this from cron. It needs more portability testing.
|
|
Changes since v0.5.2:
- Tools: Enable support for SSL in tools.
- Lib: ABI CHANGE: enable support for auto_delete, internal flags
to amqp_exchange_declare
- Lib: check for double-close in SSL/TCP socket impl
- Lib: allocate struct when method has no field.
- Lib: add support for SANs in OpenSSL socket impl.
- Lib: add functions to get negotiated frame_max and heartbeat parms.
|
|
|
|
identified by sevan@'s early build report. Update patches. Changes:
02.07.2014
Releasing 0.7.1.1
! Linux compilation issues corrected
28.06.2014
Releasing 0.7.1
+ Windows icons added
+ Warnings added for most common misconfigurations
+ ftppr NLSD command supported
! Ignore NTLM handshake if NTLM is not enabled
! memcpy replaced with memmove for overlapped region
! better EINTR handling on *nix
! FTP proxy debugging output removed, binding for data connection corrected
! memory leak fixed in ldapauth plugin
08.04.2014
Releasing as 0.7
Significant changes since 0.6.1:
!! auth iponly by default
! maxconn is 500 by default
! Improved HTTP/1.1 compatibility
! Functionality bugfixes
+ Few new plugins
11.07.2012
! fixed: counters over 4GB in webadmin
26.06.2012
! OpenSSL thread support functions added to SSL plugin
10.05.2012
! SSL plugin works. Commands to enable/disable SSL spoofing will be added later.
25.04.2012
! pcre_rewrite slash sequence logic corrected
16.04.2012
+ Added: SSLPlugin for SSL decryption with certificates spoofing
12.04.2012
+ Added: new filter callback function type (pre data filter) for things like SSL/TLS, gzip, etc.
WARNING: all plugins with filter functions need to be reviewed for compatibility
06.02.2012
+ Added: transparent redirection plugin for linux. Automatically detects redirection
address if traffic is redirected via iptables
15.08.2011
! Fixed: 100% CPU because of usleep with large value on NetBSD
11.06.2011
+ Support for extusername/extpassword added to smtpp
04.06.2011
! Fixed: web admin access
! Fixed: wrong error code in logfile in some rare cases
! Migrated to VC 9.0 compiler
14.04.2011
! Authentication: do not request username/password in mixed authentication
if all modules deny access.
12.04.2011
! Minor code cleanup
17.12.2010
- Debugging output to stdout removed
09.12.2010
! Code cleanup for sockets mapping and chunked encoding,
! Content-Length up to 4GB
25.11.2010
+ System locale handling added for mixed case username in WindowAuthentication
13.11.2010
+ Plugin utf8tocp1251 added to automatically detect UTF-8 (used by Chrome and
Opera in username/password.
usage
plugin "utf8tocp1251" utf8tocp1251
auth utf8tocp1251 strong
or
auth utf8tocp1251 cache windows
11.11.2010
! encoding paramter added to WWW-Authenticate and Proxy-Authenticate headers in
.3ps files according to
http://tools.ietf.org/id/draft-reschke-basicauth-enc-01.txt
12.08.2010
! Removed getservbyport() from webadmin to avoid potential race condition
09.08.2010
! Default .3ps files corrected
26.06.2010
! Fixed: keep-alive connections detection for HTTP/1.1
10.12.2009
! Fixed: external address may be incorrectly set if few requests are
received in single connection.
02.12.2009
! zero sockaddr before bind for some FreeBSD versions compatibity
26.10.2009
! Some changes for MD4/MD5 libraries 64-bit compatibility
01.10.2009
! Fixed: Content-Length is sent twice to server if there are content-handling
plugins.
17.09.2009
! Makefile.Linux: add3proxyuser.sh moved to INSTALL_CFG_OBJS
(thanks to Martin Wanicki)
+ Functionality added to intercept all socket-related calls for plugins
03.09.2009
! Fixed: client connection was not closed on removed Content-Length (may
cause connection hang for timeout at the end of large file transfer
if filtering plugins are used).
24.08.2009
+ Added transparent redirection to ICQ and MSN proxy
+ Added (untested) Last.fm ripper plugin - initial version, code needs to be
cleaned to work under *nix. Thanks to Denis Stanishevskiy.
14.08.2009
+ WinCE (Windows Mobile) support added
27.07.2009
! Fixed: use authnserver for name match check if configured
22.07.2009
+ authnserver command added (nserver to use only with auth dnsname)
13.07.2009
+ man pages for smtpp and icqpr added
! traffic correction plugin logics fixed
10.07.2009
+ 3proxy configuration parser: support added for empty strings ("").
09.07.2009
+ dnsname authentication added (auth dnsname) - puts validated reverse DNS
record (PTR) instead of username
+ PCREPlugin: Added: \r, \n support from pcre_rewrite rewrite string. Use \0
for empty string
+ PCREPlugin: Added: * may be used instead of regex (no regex is created
and checked in this case)
24.06.2009
! random redirections are really fixed (incomplete fix on 08.04.2009)
! icqpr "Need recync" problem fixed
! disable NTLM by default (because of Windows Vista) until NTLMv2 implemented
! set auth iponly to be default
08.04.2009
! Fixed: distribution between parent proxies was not even because of
non-linear probability
18.03.2009
! Marking as 0.7-devel
06.03.2009
! Fixed: filters were applied in reverse order
25.02.2009
! Fixed: beginning of HTTP data may be not passed to filter
22.02.2009
! handle Content-Length as unsigned long to allow files > 2GB.
10.02.2009
! Ldapauth plugin corrected according to changes on 02.02.2009
02.02.2009
+ countout / nocountout commands added
! Added workaround for Mac OS X / iPhone OS poll() (mis)behaviour.
30.01.2009
! Flush buffer in case of POLLxxx - probably required for Mac OS X / iPhone OS
24.01.2009
! Changed WindowsAuthentication to convert username to lowercase
10.12.2008
! Fixed: login may hang in ftppr in case of large server banner
30.10.2008
! WindowsAuthentication plugin may sometimes fail with 100122 error
on startup because of uninitialized variable.
30.09.2008
! -lXXX moved to $LIBS in Makefiles for linkers compatibility
+ 3proxy for Dummies v.1.2 by Kurmaeff Halit added (in Russian)
26.08.2008
! Fixed: end of chunked-encoded page may be incorrectly detected
24.07.2008
! Fixed: buffering problem on multiple chunks
21.07.2008
! Previous fix was incomplete
13.07.2008
Thanks to Hostile Fork:
! Fixed directory listing building for some rare FTP servers (e.g. HP)
! Fixed (probably) chunked encoding should now work. REQUIRES TESTING.
please report, if you have problems with chunked.
11.05.2008
+ minor plugin interface additions
03.05.2008
+ pcre_options implemented
24.04.2008
! Fixed: bandlimsout may not work if both bandlimsin and bandlimsout
are configured.
01.04.2008
! Fixed: chunked was actually converted to non-chunked
25.03.2008
+ HTTP chunked support (hopefully) added, not tested yet
13.02.2008
! Do not shutdown listening socket
! FTPPR was broken on 10.02 fix
! ':' may be encoded in ftp:// URI's in proxy
|
|
Numerous site-specific changes. For a complete list, see:
https://github.com/monsieurvideo/get-flash-videos/commits/master
Pkgsrc changes: Port to github.mk (yay!)
|
|
Changes in 2.2.0 (2014-09-16)
-----------------------------
- Support for Datastore sharing
- `DropboxClient.get_file()`: Add support for `start`, `length` parameters.
- Add support for the /longpoll_delta API
- Add direct support for /chunked_upload and /commit_chunked_upload APIs
- Fix error handling in ChunkedUploader
- Make tests compatible with py.test
- Various docstring updates (including OAuth 1->2 example)
- Fix encoding issues in example/cli_client.py
- Fix unicode handling for URL parameters
Changes in 2.1.0 (2014-06-03)
-----------------------------
- The datastore API now includes size accessors to allow you to check the size of your data and avoid the syncing limits.
- The datastore Date() constructor now truncates timestamps to the supported resolution, i.e. milliseconds.
- The datastore `await*()` calls now use POST instead of GET.
- Datastore IDs, table IDs, record IDs and field names may be 64 characters (increased from 32 characters). Before taking advantage of the new size limits ensure your application is fully upgraded to SDKs with this support.
- Option to `include_media_info` has been added to `DropboxClient.metadata()` and `DropboxClient.delta()`.
Changes in 2.0.0 (2013-12-19)
-----------------------------
- Add the Datastore API.
- Upgrade OAuth 1 tokens with `DropboxClient.create_oauth2_access_token` and `DropboxClient.disable_oauth2_access_token`.
- `DropboxClient.thumbnail()`: Fix `size` identifiers.
- `DropboxClient.delta()`: Add support for `path_prefix` parameter.
- Connection reuse/pooling using urllib3.
- Updated SSL settings.
- Various documentation reformatting.
Changes in 1.6 (2013-07-07)
----------------
- Added OAuth 2 support (use DropboxOAuth2Flow). OAuth 1 still works.
- Added a Flask-based example.
- Fixed many minor bugs.
Changes in 1.5.1 (2012-8-20)
-----------------
- Fixed packaging.
- Got rid of debug prints.
Changes in 1.5 (2012-8-15)
--------------------------
- Support for uploading large files via /chunked_upload
Changes in 1.4.1 (2012-5-16)
----------------------------
- Increase metadata() file list limit to 25,000 (used to be 10,000).
- Removed debug prints from search() call. Oops.
- Cleanup to make more compatible with Python 3.
Changes in 1.4 (2012-3-26)
--------------------------
- Add support for the /delta API.
- Add support for the "copy ref" API.
Changes in 1.3 (2012-1-11)
--------------------------
- Adds a method to the SDK that returns the file metadata when downloading a
file or its thumbnail.
- Validate server's SSL certificate against CAs in included certificate file.
Changes in 1.2 (2011-10-17)
---------------------------
- Fixes for bugs found during beta period
- Improved README to include steps to remove the v0 SDK if upgrading
Changes in 1.1 (2011-8-16)
--------------------------
- Fixed version number
- Updated CHANGELOG to be more detailed
Changes in 1.0 (2011-7-11)
--------------------------
- Backwards compatibility broken
- Completely removed 'callback' and 'status\_in\_response' parameters
- Change 'sandbox' references to 'app\_folder'
- Refactored auth.py and renamed it session.py
- Updated SDK to Dropbox API Version 1, supporting all calls
- Added 'rev' parameter to metadata and get\_file
- Added 'parent\_rev' parameter to put\_file
- Added search, share, media, revisions, and restore
- put\_file uses /files\_put instead of multipart POST and now takes a full path
- Removed methods for calls that were removed from v1 of the REST API
- Removed 'root' input parameter for all calls
- Changed return format for calls
- On error (non-200 response), an exception is raised
- On success, the JSON is parsed and a Python dict or list is returned
- Updated examples
- Renamed 'bin' directory to 'example'
- Heavily tweaked the CLI example
- Added a web app example
- Removed reliance on config files
- Assorted bugfixes and improvements
- Buffers large file uploads better in put\_file
- Improved path normalization
- All calls are now made over SSL
- Fully documented code for Pydoc generation
- Added a CHANGELOG
- Changed the distribution name from 'dropbox-client' to 'dropbox-python-sdk'
|
|
Changes from previous(Excerpt from release notes):
boto v2.30.0
============
This release adds new Amazon EC2 instance types, new regions for AWS
CloudTrail and Amazon Kinesis, Amazon S3 presigning using signature
version 4, and several documentation and bugfixes.
boto v2.31.0
============
This release adds support for Amazon CloudWatch Logs.
boto v2.31.1
============
This release fixes an installation bug in the 2.31.0 release.
boto v2.32.0
============
This release includes backward-compatible support for Python 3.3 and
3.4, support for IPv6, Amazon VPC connection peering, Amazon SNS
message attributes, new regions for Amazon Kinesis, and several fixes.
boto v2.32.1
============
This release fixes an incorrect Amazon VPC peering connection call,
and fixes several minor issues related to Python 3 support including a
regression when pickling authentication information.
boto v2.33.0
=============
This release adds support for Amazon Route 53 Domains, Amazon Cognito
Identity, Amazon Cognito Sync, the DynamoDB document model feature,
and fixes several issues.
boto v2.34.0
============
This release adds region support for ``eu-central-1`` , support to
create virtual mfa devices for Identity and Access Management, and
fixes several sigv4 issues.
boto v2.35.0
===========
This release adds support for Amazon EC2 Classic Link which allows
users to link classic instances to Classic Link enabled VPCs, adds
support for Amazon CloudSearch Domain, adds sigv4 support for Elastic
Load Balancing, and fixes several other issues including issues making
anonymous AWS Security Token Service requests.
boto v2.35.1
============
This release fixes a regression which results in an infinite while
loop of requests if you query an empty Amazon DynamoDB table.
boto v2.32.2
============
This release adds ClassicLink support for Auto Scaling and fixes a few
issues.
boto v2.36.0
============
This release adds support for AWS Key Management Service (KMS), AWS
Lambda, AWS CodeDeploy, AWS Config, AWS CloudHSM, Amazon EC2 Container
Service (ECS), Amazon DynamoDB online indexing, and fixes a few
issues.
boto v2.37.0
============
This release updates AWS CloudTrail to the latest API, adds new regional
service endpoints and fixes bugs in several services.
|
|
as requested.
|
|
In the last five years, the following has happened to inadyn:
- Binary moved from bin to sbin
- Added support for more DDNS providers
- Added SSL support
- Gained other minor features
- Fixed bugs
|
|
previously. That script was something from 10 years ago maintained on one
of our FTP servers. This one is the "official" one listed on the Nagios
plugin exchange. Their plugin links aren't DDLs and the upstream author
doesn't have the latest version in their repository. Therefore, it's
included here. This package doesn't change often (last change being 6 years
ago) so it doesn't seem to be an issue. If upstream updates their repo,
we'll stop maintaining the file in our repo. While the flags from the old
version and new version are similar, the newer version lacks some knobs
though it seems the overall functionality is retained.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
find it here: https://github.com/nagios-plugins/nagios-plugins/blob/master/NEWS
For pkgsrc, the changes aren't very interesting. Upstream applied a lot of
the patches we had, notably integrating IDE S.M.A.R.T. plugin support for
NetBSD.
|
|
patches. From: http://nagios.sourceforge.net/docs/nagioscore/4/en/whatsnew.html
Changes and New Features
Performance Improvements:
The performance improvements in Nagios Core 4 come primarily from the following areas:
Core Workers - Core workers are lightweight processes whose only job is to perform checks. Because they are smaller they spawn much more quickly than the the old process which forked the full Nagios Core. In addition, they communicate with the main Nagios Core process using in-memory techniques, eliminating the disk I/O latencies that could previously slow things down, especially in large installations.
Configuration Verification - Configuration verification has been improved so that each configuration item is verified only once. Previously configuration verification was an O(n2) operation.
Event Queue - The event queue now uses a data structure that has O(log n) insertion times versus the O(n) insertion time previously. This means that inserting events into the queue uses much less CPU than in Nagios Core 3.
Macro Resolution - Macros are now sorted on startup so macro lookup can use a binary search. In addition, frequently accessed macros $USERx$, $ARGx$, and $HOSTADDRESS$ are given special case, early lookups.
Object Definitions:
The following changes have been made to object definitions:
The host address attribute is now optional. The address attribute is set to the host name when it is absent. Most configurations set the host name attribute to the DNS host name making the address attribute redundant.
Both hosts and services now support an hourly value attribute. The hourly value attribute is intended to represent the value of a host or service to an organization and is used by the new minimum value contact attribute.
Services now support a parents attribute. A service parent performs a function similar to host parents and can be used in place of service dependencies in simple circumstances.
The failure_prediction_enabled flag has been removed from both host and service object definitions.
Contacts now support a minimum value attribute. The mininum value attribute is used with the host and service hourly value attributes to determine whether to notify a contact on host and service problems.
The host obess_over_host and the service obsess_over_service attributes can now both use the shortened attribute obsess.
Object Behavior:
Contact Inheritance - According to the documentation, contacts should only be inherited from host to service if the service has no other contacts whatsoever (and the same goes for escalations), but the way the code previously worked was that it handled contact_groups and contacts directives separately, meaning services with only 'contacts' specified were still eligible for inheriting 'contact_groups' from the host. This has been updated to comply with the documentation.
Timeperiods - There were several issues processing timeperiods when both exclusions and exceptions were involved. The issues have been corrected.
Configuration:
The following changes have been made to the main Nagios Core configuration, nagios.cfg:
Because there are many ways to obtain object information, the object information is no longer stored if in the object cache if the configuration variable object_cache_file equals '/dev/null'. Setting the variable to '/dev/null' will reduce the disk I/O load.
Because there are many ways to obtain status information, the status information is no longer stored if in the status data file if the configuration variable status_file equals '/dev/null'. Setting the variable to '/dev/null' will reduce the disk I/O load.
There is a new configuration variable, log_current_states, which determines whether current states will be logged in the log files when they are rotated. In Nagios Core 3, this was always the behavior and it is the default in Nagios Core 4. Disabling the logging of current states on log rotation can save considerable disk space for large installations.
There is a new configuration variable, check_workers, which specifies how many worker processes are created when Nagios Core starts. If not specified, the number of worker process is determine by the number of CPUs on the system.
There is a new configuration variable, query_socket, which specifies the location of the query handler socket. The default location is /usr/local/nagios/var/rw/nagios.qh.
The configuration variables, check_result_reaper_frequency and max_check_result_reaper_time, have been deprecated. Because of the new worker architecture, checks are no longer reaped, but they are fed back to core by the worker processes. As a result, these variables no longer make sense.
All file and directory configuration variables in the main nagios.cfg can now use paths that are relative to the location of nagios.cfg.
Although rarely used in the past, creating nagios objects in the main nagios.cfg configuration file was allowed. This is now prohibited.
Macros:
Additions - A new macro, $CHECKSOURCE$, has been added which contains information about what process performed a check.
Changes - If use_large_installation_tweaks is set, the $HOSTGROUPMEMBERS$ and $SERVICEGROUPMEMBERS$ macros are no longer exported because they can consume the available space for environment variables.
Macros are normally available as environment variables when check, event handler, notification, and other commands are run. This can be rather CPU intensive in large Nagios installations, so you can disable the export of environment variables completely with the enable_environment_macros option.
Macro information can be found here.
Query Handler:
The query handler is a general purpose communication mechanism that allows external entities to communicate with Nagios Core in a well-defined manner. As of this writing, all communication with the query handler takes place through a Unix-domain socket whose location is defined by the query_socket configuration variable.
There are currently 5 built-in query handlers.
core - provides Nagios Core management and information
wproc - provides worker process registration, management and information
nerd - provides a subscription service to the Nagios Event Radio Dispatcher (NERD)
help - provides help for the query handler
echo - implements a basic query handler that simply echoes back the queries sent to it
More information about the query handler interface, including an introduction to creating a custom query handler, can be found in the source-supplied documentation.
Core Workers:
Previously, all host and service checks were performed by the full Nagios Core process. This required forking the Nagios Core process for every check. The full Nagios Core process includes a lot of things that are not required to actually perform the check, including check scheduling, downtime handling, processing external commands, etc. As a result, forking the Nagios Core process was much slower than was necessary. When the actual check was run, the forked process again forked a shell to run the check and the shell forked to run the plugin.
In addition, disk files were used as the inter-process communication (IPC) mechanism between the forked Nagios process doing the checking and the main Nagios process handling the check results.
In Nagios Core 4, the process of performing host and service checks is now accomplished using a lightweight worker processes. Standard worker processes start up with the main Nagios Core process and additional, special-purpose workers, can be started at any time after Nagios Core starts. If the check command is "simple" (no shell escapes), the worker process can run the command directly, avoiding the 2 additional forks previously required.
Also in Nagios Core 4, the worker processes report the check results to the main Nagios Core process using in-memory IPC mechanisms (the query handler interface), eliminating the disk I/O bottleneck that used to be an issue in large installations.
When a worker process registers with the main Nagios Core process, it tells Nagios Core what checks it will handle. This feature allows external authors to create special-purpose workers which are optimized to perform certain checks. A sample special-purpose ping check worker is included with the Nagios Core source code in the worker/ping subdirectory.
More information about workers, including an introduction to creating custom workers can be found in the source-supplied documentation.
Nagios Event Radio Dispatcher (NERD):
The Nagios Event Radio Dispatcher (NERD) is a query handler based service that streams Nagios Core events to the subscriber. Currently, there are three channels that can be subscribed to: hostchecks, servicechecks and opathchecks.
libnagios:
libnagios is a library of functions that can be used by developers of query handlers and worker processes. libnagios currently contains the following components.
bitmap - bitmap library for calculating dependency graphs
dkhash - dual-keyed hash api
fanout - sparsely populated array used for downtime, comments, and worker jobs
iobroker - I/O broker library for multiplexing between running tasks and the master nagios process.
iocache - I/O caching libary for bulk-reading requests and parsing them
kvvec - key/value library for parsing requests and building responses
nsock - socket library for connecting to and communicating through the qh socket
nspath - general purpose path library for converting between relative and absolute paths
nsutils - small library with worker related utilities
pqueue - pqueue library written by Volkan Yazici
runcmd - for spawning and reaping commands
skiplist - skiplist library used within Nagios Core
squeue - for maintaining a queue of the running job's timeouts
worker - for utils and stuff nifty to have if you're a worker
Documentation:
Documentation of Nagios Core internals is now provided as part of the source distribution. To create an HTML version of this documentation run 'make dox' from the root of the source distribution tree. The doxygen utilities must be installed to make this documentation.
Tests:
A much more complete test suite is now incuded with the Nagios Core source distribution.
RPM Spec File:
The RPM spec file has been completely overhauled to support more current standards.
Deprecated Features:
Extended Host and Service Information - The hostextinfo and serviceextinfo objects are now deprecated and should not be used. Support for them will be removed in a future version. The same information specified in the hostextinfo and serviceextinfo objects can be specified in the host and service object respectively.
-x/--dont-verify-paths command line option (Don't check for circular object paths) - Because configuration checking is now so much faster, the option to skip checking for circular object paths has been deprecated.
The following configuration variables have been deprecated: check_result_reaper_frequency, max_check_result_reaper_time, sleep_time, external_command_buffer_slots, command_check_interval
Obsoleted Features:
Failure Prediction - As noted above, the failure_prediction_enabled flag has been removed from both host and service object definitions. Failure predition was never fully implemented and would require breaking the paradigm that Nagios Core knows nothing about the performance data returned by plugins. Failure prediction is much more approprately handled by an add-on than by Nagios Core.
-o/--dont-verify-objects command line option - This option, while accepted in Nagios Core 3, has neither been advertized nor has had any effect for quite some time. The option has been removed in Nagios Core 4.
Embedded Perl - Embedded Perl has historically been the least tested and the most problem prone part of Nagios Core. A significant part of the issue is that there are so many versions of Perl available. The performance enhancements provided by the new worker process architecture make up for any performance loss due to the removal of embeddd Perl. In addition, the worker process architecture makes possible the implementation of a special purpose worker to persistently load and run Perl plugins. The following configuration variables that were related to embedded Perl have been obsoleted: use_embedded_perl_implicitly, enable_embedded_perl, p1_file.
Miscellaneous:
Object IDs - Primarily only of interest to developers, all of the first-class objects now have object IDs. First-class objects are timeperiod, command, contact, host, service, escalations, dependencies and all kinds of groups. Object IDs are not persistent and are recreated on each restart.
|
|
Changes since 1.6.6:
2014-02-16 v1.6.12
- Add NAT pool port allocation
- Modify/fix NAT vrf tags. Add egress vrf ID
- Modify common record due to exporter exhaustion. new common record
type 10 adds 4 extra bytes. Reads v1 common record transparently
- Fix sflow potential crash
2013-11-13 v1.6.11
- Add ASA/NSEL 9.x protcol changes
- Make it llvm compilable
2013-08-12 v1.6.10p1
- Fix -t +/- n timeslot option
- Fix bug in nfanon - stat record update.
- Fix bug in netflow v5 mudule: extension map size wrong.
- Fix bug nfexport: In some cases could result in wrong flow counter.
- Fix nftrack - could coredump in some cases.
2013-05-16 v1.6.10
- Fix SPARC compile/optimise bug
- Add output packet/bytes counter to global stat - importatnt for NSEL flows ASA
> 8.5
- Add NSEL filter options xnet
- Modify extension descriptor code for nfdump1.7. Still use 1.6 extension map layout for compatibility
- Add prototype for nfpcapd - pcap -> nfdump collector. Converts traffoc directly to nfdump files.
- Fix bug in ipfix module: uninitialised variable
- Cleanup syslog/LogError calls
- Fix minor non critical bugs and compile issues
2013-03-02 v1.6.9
- Fix some bugs in beta 1.6.9 NSEL code
- Fix bug statistics update with aggreagted flow records
- Fix sflow bug sfcapd stores wrong (ghost) dump by past samples in same sflow datagram
2013-03-02 v1.6.9
- Fix some bugs in beta 1.6.9 NSEL code
- Fix bug statistics update with aggreagted flow records
- Fix sflow bug sfcapd stores wrong (ghost) dump by past samples in same sflow datagram
2012-12-31
- Add time received in csv output
- ICMP should handled better now - somewhat
- Implement ASA NSEL records
- Add definitions in nffile and nx for ASA NSEL extensions
2012-11-09 v1.6.8p1
- Add dynamic source directory tree for multiple exporters
- Fix exporter bug: 'too many exporters' with large time windows
- Fix uninitialised exporter sysid in default sampler record - v9
- Fix v9/ipfix cache initialisation with no templates > 1 in same packet
2012-10-26 v1.6.8
- Add ip list option for 'next ip' in filter syntax
- Accept v9 sampler_id in 2bytes
- Fix IPFIX mac address bug - did not get collected
- Add IPFIX packet/octet TotalCount fields 85/86
- Add received timestamp to sflow collector
- Fix long flow duration calculation - 32bit overflow
- Fix v9 sampling ID: allow 2 byte ID
- Add IPFIX options as rfc5101 section-6.2
- Add exporter records for sflow collector
- Fix bug for MAC address printing %idmc and %odmc.
- Add received time stamp extension
- Add recursive format parser. Allows to extend predefined formats.
- Change flow record sorting to heapsort. remove limit 1000
- Merge -m option to -O tstart. -m now depricated.
- Add -O tend. Print order according to tend of flows ascending
- Apply -O print order for printing flow cache. Applies to -A
2012-07-31 v1.6.7-tc-1
- Special version for TC
- Print exporter and sampling records with nfdump -E
- Added exporter and sampling records to file.
2012-07-30 v1.6.7
- Prepare for file catalog in current file format.
- Fix bug in ReadBlock when reading flow from stdin pipe
- Add new more flexible translation engine for v9
- Add nprobe client/server delay fields
- Prepare for NSEL merging
- Fix memory corruption with double -A flags
- Fix bug in nfreader with compat15 mode files
|
|
|
|
had a patch for that).
|
|
|
|
|
|
|
|
Bump PKGREVISION.
|
|
and zeromq options, which are disabled by default. ChangeLog:
PowerDNS Authoritative Server 3.4.3
Warning: Version 3.4.3 of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. Additionally, if you are coming from any 3.x version (including 3.3.1), there is a mandatory SQL schema upgrade. Please refer to the Upgrade documentation for important information on correct and stable operation, as well as notes on performance and memory use.
Released March 2nd, 2015
Bug fixes:
commit ceb49ce: pdns_control: exit 1 on unknown command (Ruben Kerkhof)
commit 1406891: evaluate KSK ZSK pairs per algorithm (Kees Monshouwer)
commit 3ca050f: always set di.notified_serial in getAllDomains (Kees Monshouwer)
commit d9d09e1: pdns_control: don't open socket in /tmp (Ruben Kerkhof)
New features:
commit 2f67952: Limit who can send us AXFR notify queries (Ruben Kerkhof)
Improvements:
commit d7bec64: respond REFUSED instead of NOERROR for "unknown zone" situations
commit ebeb9d7: Check for Lua 5.3 (Ruben Kerkhof)
commit d09931d: Check compiler for relro support instead of linker (Ruben Kerkhof)
commit c4b0d0c: Replace PacketHandler with UeberBackend where possible (Christian Hofstaedtler)
commit 5a85152: PacketHandler: Share UeberBackend with DNSSECKeeper (Christian Hofstaedtler)
commit 97bd444: fix building with GCC 5
Experimental API changes (Christian Hofstaedtler):
commit ca44706: API: move shared DomainInfo reader into it's own function
commit 102602f: API: allow writing to domains.account field
commit d82f632: API: read and expose domain account field
commit 2b06977: API: be more strict when parsing record contents
commit 2f72b7c: API: Reject unknown types (TYPE0)
commit d82f632: API: read and expose domain account field
PowerDNS Authoritative Server 3.4.2
Warning: Version 3.4.2 of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. Additionally, if you are coming from any 3.x version (including 3.3.1), there is a mandatory SQL schema upgrade. Please refer to the Upgrade documentation for important information on correct and stable operation, as well as notes on performance and memory use.
Released February 3rd, 2015
Find the downloads on our download page.
This is a performance and bugfix update to 3.4.1 and any earlier version. For high traffic setups, including those using DNSSEC, upgrading to 3.4.2 may show tremendous performance increases.
A list of changes since 3.4.1 follows.
Improvements:
commit 73004f1: implement CORS for the HTTP API
commit 4d9c289: qtype is now case insensitive in API and database
commit 13af5d8, commit 223373a, commit 1d5a68d, commit 705a73f, commit b418d52: Allow (optional) PIE hardening
commit 2f86f20: json-api: remove priority from json
commit cefcf9f: backport remotebackend fixes
commit 920f987, commit dd8853c: Support Lua 5.3
commit 003aae5: support single-type ZSK signing
commit 1c57e1d: Potential fix for ticket #1907, we now try to trigger libgcc_s.so.1 to load before we chroot. I can't reproduce the bug on my local system, but this "should" help. Seriously.
commit 031ab21: update polarssl to 1.3.9
Bug fixes:
commit 60b2b7c, commit d962fbc: refuse overly long labels in names
commit a64fd6a: auth: limit long version strings to 63 characters and catch exceptions in secpoll
commit fa52e02: pdnssec: fix ttl check for RRSIG records
commit 0678b25: fix up latency reporting for sub-millisecond latencies (would clip to 0)
commit d45c1f1: make sure we don't throw an exception on "pdns_control show" of an unknown variable
commit 63c8088: fix startup race condition with carbon thread already trying to broadcast uninitialized data
commit 796321c: make qsize-q more robust
commit 407867c: mind04 discovered we count corrupt packets and EAGAIN situations as validly received packets, skewing the udp questions/answers graphs on auth.
commit f06d069: make latency & qsize reporting 'live'. Plus fix that we only reported the qsize of the first distributor.
commit 2f3498e: fix up statbag for carbon protocol and function pointers
commit 0f2f999: get priority from table in Lua axfrfilter; fixes ticket #1857
commit 96963e2, commit bbcbbbe, commit d5c9c07: various backends: fix records pointing at root
commit e94c2c4: remove additional layer of trailing . stripping, which broke MX records to the root in the BIND backend. Should close ticket #1243.
commit 8f35ba2: api: use uncached results for getKeys()
commit c574336: read ALLOW-AXFR-FROM from the backend with the metadata
Minor changes:
commit 1e39b4c: move manpages to section 1
commit b3992d9: secpoll: Replace ~ with _
commit 9799ef5: only zones with an active ksk are secure
commit d02744f: api: show keys for zones without active ksk
New features:
commit 1b97ba0: add signatures metric to auth, so we can plot signatures/second
commit 92cef2d: pdns_control: make it posible to notify all zones at once
commit f648752: JSON API: provide flush-cache, notify, axfr-retrieve
commit 02653a7: add 'bench-db' to do very simple database backend performance benchmark
commit a83257a: enable callback based metrics to statbas, and add 5 such metrics: uptime, sys-msec, user-msec, key-cache-size, meta-cache-size, signature-cache-size
Performance improvements:
commit a37fe8c: better key for packetcache
commit e5217bb: don't do time(0) under signature cache lock
commit d061045, commit 135db51, commit 7d0f392: shard the packet cache, closing ticket #1910.
commit d71a712: with thanks to Jack Lloyd, this works around the default Botan allocator slowing down for us during production use.
|