| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* Bug #236: Allow RRs before the SOA in a zonefile.
* Bug #229: Remove the C99 code.
* Bug #253: Don't put NS RRs in a response with QTYPE=DNSKEY.
* Bug #263: Make TSIG algorithm comparison case insensitive.
* Bug #266: Build failed on systems without strptime.
* Fix install hickup.
* Fix to use 4096 EDNS limit for IPv6 on Linux.
|
|
interest rather than something useful.
|
|
KDE 4.3.3 has a number of improvements that will make your life just a
little bit better. Some of KWin's effects have been smoothed and freed
of visual glitches, JuK should now be more stable, KDE PIM has seen its
share of improvements while in the back-rooms of KDE, the developers are
working hard on porting all applications to the new Akonadi storage and
cache.
|
|
|
|
- add ${PKGMANDIR}/man1 and bin directories to INSTALLATION_DIRS to
support installation using user-destdir
- remove the url2pkg marker
Thanks!
|
|
security/dsniff.
|
|
2009-06-19 Bob Halley <halley@dnspython.org>
* (Version 1.7.1 released)
2009-06-19 Bob Halley <halley@dnspython.org>
* DLV.py was omitted from the kit
* Negative prerequisites were not handled correctly in _get_section().
2009-06-19 Bob Halley <halley@dnspython.org>
* (Version 1.7.0 released)
2009-06-19 Bob Halley <halley@dnspython.org>
* On Windows, the resolver set the domain incorrectly. Thanks
to Brandon Carpenter for reporting this bug.
* Added a to_digestable() method to rdata classes; it returns the
digestable form (i.e. DNSSEC canonical form) of the rdata. For
most rdata types this is the same uncompressed wire form. For
certain older DNS RR types, however, domain names in the rdata
are downcased.
* Added support for the HIP RR type.
2009-06-18 Bob Halley <halley@dnspython.org>
* Added support for the DLV RR type.
* Added various DNSSEC related constants (e.g. algorithm identifiers,
flag values).
* dns/tsig.py: Added support for BADTRUNC result code.
* dns/query.py (udp): When checking that addresses are the same,
use the binary form of the address in the comparison. This
ensures that we don't treat addresses as different if they have
equivalent but differing textual representations. E.g. "1:00::1"
and "1::1" represent the same address but are not textually equal.
Thanks to Kim Davies for reporting this bug.
* The resolver's query() method now has an optional 'source' parameter,
allowing the source IP address to be specified. Thanks to
Alexander Lind for suggesting the change and sending a patch.
* Added NSEC3 and NSEC3PARAM support.
2009-06-17 Bob Halley <halley@dnspython.org>
* Fixed NSEC.to_text(), which was only printing the last window.
Thanks to Brian Wellington for finding the problem and fixing it.
2009-03-30 Bob Halley <halley@dnspython.org>
* dns/query.py (xfr): Allow UDP IXFRs. Use "one_rr_per_rrset" mode when
doing IXFR.
2009-03-30 Bob Halley <halley@dnspython.org>
* Add "one_rr_per_rrset" mode switch to methods which parse
messages from wire format (e.g. dns.message.from_wire(),
dns.query.udp(), dns.query.tcp()). If set, each RR read is
placed in its own RRset (instead of being coalesced).
2009-03-30 Bob Halley <halley@dnspython.org>
* Added EDNS option support.
2008-10-16 Bob Halley <halley@dnspython.org>
* dns/rdtypes/ANY/DS.py: The from_text() parser for DS RRs did not
allow multiple Base64 chunks. Thanks to Rakesh Banka for
finding this bug and submitting a patch.
2008-10-08 Bob Halley <halley@dnspython.org>
* Add entropy module.
* When validating TSIGs, we need to use the absolute name.
2008-06-03 Bob Halley <halley@dnspython.org>
* dns/message.py (Message.set_rcode): The mask used preserved the
extended rcode, instead of everything else in ednsflags.
* dns/message.py (Message.use_edns): ednsflags was not kept
coherent with the specified edns version.
2008-02-06 Bob Halley <halley@dnspython.org>
* dns/ipv6.py (inet_aton): We could raise an exception other than
dns.exception.SyntaxError in some cases.
* dns/tsig.py: Raise an exception when the peer has set a non-zero
TSIG error.
|
|
--- 3.0.49 2009/10/01
Make a number of functions defined in xmlquery.c static. These have
never been declared in a public header file (yaz/xmlquery.h) and was
made public by mistake.
Improve speed of character conversions (iconv utilities). This makes
conversions from MARC-8 faster.
ZOOM_record_get returns 0 pointer if a MARC record can not be decoded -
unless type desired is "raw". This will prevent type "xml" from
returning ISO2709 .. Which obviously can not be XML parsed.
Fix memory leak in ZOOM that would occur if option apdulog was used
on a re-used connection.
Frontend server logs HTTP requests.
Frontend server now sends Z39.50 close when it times out (sesssion has
been idle for too long). Versions 2.0.30 and earlier also sent close.
But due to a mistake this was disabled in all versions after that, i.e.
the server would just close the socket immediately.
yaz-client emits a better message when receiving an unrecognised
userInformationField.
Skip zero-length subfields when decoding ISO2709. This rare case happens
if a record has two FS characters in a sequence. Without this patch
there would be a reference beyond char array in using_code_len fragments
in marcdisp.c.
Fix yaz-marcdump error that would occur if option -n was used (bug #3028).
|
|
below).
** Mailing list MOVED to bug-wget@gnu.org
** SECURITY FIX: It had been possible to trick Wget into accepting
SSL certificates that don't match the host name, through the trick of
embedding NUL characters into the certs' common name. Fixed by Joao
Ferreira <joao@joaoff.com>.
** Added support for CSS. This includes:
- Parsing links from CSS files, and from CSS content found in HTML
style tags and attributes.
- Supporting conversion of links found within CSS content, when
--convert-links is specified.
- Ensuring that CSS files end in the ".css" filename extension,
when --convert-links is specified.
CSS support in Wget is thanks to Ted Mielczarek
<ted.mielczarek@gmail.com>.
** Added support for Internationalized Resource Identifiers (IRIs, RFC
3987). When support is enabled (requires libidn and libiconv), links
with non-ASCII bytes are translated from their source encoding to UTF-8
before percent-encoding. IRI support was added by Saint Xavier
<wget@sxav.eu>, as his project for the Google Summer of Code.
** Wget now provides more sensible exit status codes when downloads
don't proceed as expected (see the manual).
** --default-page option (and associated wgetrc command) added to
support alternative default names for index.html.
** --ask-password option (and associated wgetrc command) added to
support password prompts at the console.
** The --input-file option now also handles retrieving links from
an external file.
** The output generated by the --version option now includes
information on how it was built, and the set of configure-time options
that were selected.
** --html-extension has been renamed to --adjust-extension, to reflect
the fact that it now also applies to CSS content. --html-extension is
still acceptable, but is now deprecated.
** An "ascii" specifier is now accepted by --restrict-file-names, which
forces the percent-encoding of all non-ASCII bytes
** Several previously existing, but undocumented .wgetrc options are
now documented: save_headers, spider, and user_agent,
auth_no_challenge, and keep_session_cookies. Also added documentation
for the "lowercase" and "uppercase" values for --restrict-file-names, which had been present since Wget 1.11.
|
|
2009/10/23: version 3.0.1 = tag release-3-0-1
6961: BT: Fix torrent parsing when announce-list is empty
2009/10/22
6959: DC: Fix invalid XML (lucasn)
6804: EDK: Log incoming chat messages with ip:port info (Dennis Nezic)
6772: New option max_result_name_len, shortens strings in
HTML/Telnet search results
6958: EDK: Fix server connects on Solaris due to missing SO_KEEPALIVE
6957: Configure: Make Ocaml 3.11.1 the default compiler
6956; BT: Fix download of torrent files with no 'announce' field (Hose Bag)
2009/02/28
6759: HTML: Properly sort column hits in Options, IP blocking
|
|
|
|
Cntlm is an NTLM/NTLMv2 authenticating HTTP proxy. It takes the address of your
proxy or proxies (host1..N and port1..N) and opens a listening socket,
forwarding each request to the parent proxy (moving in a circular list if the
active parent stops working). Along the way, a connection to the parent is
created anew and authenticated or, if available, previously cached connection
is reused to achieve higher efficiency and faster responses. When the chain is
set up, cntlm should be used as a proxy in your applications. Cntlm also
integrates transparent TCP/IP port forwarding (tunneling) through the parent
(incl. authentication).
It can be used against most ISA servers, and helps to provide ease of
integration for programs not supporting NTLM authentication directly, via
cntlm's builtin SOCKS5 proxy.
|
|
|
|
|
|
libtrace 3.0.6 (2008-11-27)
* Fixed compilation errors caused by missing #includes (r1382)
* Added trace_get_payload_from_pppoe() to external API (r1383)
* autoconf now correctly detects libgdc properly for tracertstats (r1384)
* Fixed some warnings on recent versions of gcc (r1385)
|
|
- Add support for any number of custom download values identified by
string keys.
d.set_custom=key,value
d.get_custom=key (returns "" if not set)
d.get_custom_throw=key (returns error if not set)
- With this patch, rtorrent will detect and complain about .torrent
files with broken bencode representation (e.g. where the order of
dictionary keys is not lexicographic).
- Choose a different poll type using the RTORRENT_POLL env. variable
(if it's implemented), probably only useful as RTORRENT_POLL=select.
- Add the commands execute_capture and execute_capture_nothrow that
work like their other counterparts but return the OUTPUT (stdout) of
the given command.
- Fixes the code that detects which peer was sending bad data. Peers
are then automatically banned after sending three bad chunks.
- Stops rtorrent from always creating and resizing ALL files, even
those set to "off". Files will still be created, but with a size of
zero, until a part of them is getting downloaded. This helps with
filesystems that don't support sparse files (such as FAT, HFS+, and
others).
- Fix inefficient piece distribution due to linear chunk request
strategy by randomizing position every few (on average 32) chunks, see
ticket #190.
- Enable custom throttles, both per-download or per-IP. See
http://libtorrent.rakshasa.no/ticket/20 for info and instructions.
- Fix crashes/errors due to rtorrent attempting to pass non-utf-8
strings to xmlrpc.
- Added support for using posix_fallocate on newly resized files.
- Include locally available chunks in the "chunks seen" statistics for
completed/distributed copies. Patch by Josef Drexler.
- Added 'd.get_bitfield' command for retrieving the bitfield in hex
format. Patch by Thomas Rosner.
- Fixed include headers for gcc-4.4.0. Patch by 'kloeri'.
|
|
- The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The Paltalk dissector could crash on alignment-sensitive
processors. (Bug 3689)
Versions affected: 1.2.0 to 1.2.2
o The DCERPC/NT dissector could crash.
Versions affected: 0.10.10 to 1.2.2
o The SMB dissector could crash.
Versions affected: 1.2.0 to 1.2.2
- The following bugs have been fixed:
o Wireshark memory leak with each file open and/or display
filter change. (Bug 2375)
o DHCP Dissector displays negative lease time. (Bug 2733)
o Invalid advertised window line on tcptrace style graph. (Bug
3417)
o SMB get_dfs_referral referral entry is not dissected
correctly. (Bug 3542)
o Error dissecting eMule sourceOBFU message. (Bug 3848)
o Typos in Diameter XML files. (Bug 3878)
o RSL dissector for MS Power IE is broken. (Bug 4017)
o Manifest problem in 1.2.2 Win64 build. (Bug 4024)
o FIP dissector throws assertion. (Bug 4046)
o TCAP problem with indefinite length 'components' SEQ OF. (Bug
4053)
o GSM MAP: an-APDU not decoded. (Bug 4095)
o Add "Drag and Drop entries..." message on Columns preferences
page. (Bug 4099)
o Editcap -t and -w option parses fractional digits incorrectly.
(Bug 4162)
- Updated Protocol Support
DCERPC NT, DHCP, Diameter, E.212, eDonkey, FIP, IPsec, MGCP, NCP,
Paltalk, RADIUS, RSL, SBus, SMB, SNMP, SSL, TCP, Teamspeak2, WPS
|
|
changes:
-minor fixes
-translation updates
pkgsrc note: build against newer gnutls was fixed, don't need the
libgnutls-config hack anymore
|
|
This switches to the gnome-2.28 release branch.
|
|
changes:
-bugfixes
-Support SASL authentication extension
-API and UI improvements
-translation updates
|
|
Version 1.2.6.
-- msdl
* 12th release
* -o chain enabled, you can do
$ msdl -o 1.foo -o 2.foo -o 3.foo http://bar/file1 http://bar/file2 http://bar/file3
* --stream-timeout option for quit streaming after some time.
$ msdl --stream-timeout 3m30s rtsp://foo.com/bar.wmv
to download the first 3 and a half minutes.
This is helpful for downloading the real-time streaming, which ignores
RTSP Range parameters.
|
|
* waitip is enabled when running on a single interface.
* Classless Static Routes are now enabled by default in dhcpcd.conf
instead of being always being requested.
|
|
|
|
|
|
|
|
Kamel Derouiche per pkgsrc-wip
|
|
changes:
-libsoup will now attempt to make multiple connections to a
server at once when there are multiple messages queued to
that server
-bugfixes
|
|
Version 2.2.7
(September 29, 2009)
User-visible changes:
* Fix: dailymotion id parsing
* Youtube:
# Accept -f fmt34
# fmt34 is now treated as yet another (new?) format
# Rewrite youtube section of the FORMATS in the manual
* Fix: --format=best not working with youtube (closes issue #39)
# Thanks to Peter Baranyi for the fix
Known issues:
* redtube: broken (verify -> http/404)
Version 2.2.6
(September 14, 2009)
User-visible changes:
* Fix: liveleak: "error: Unsupported protocol (http/1)" (closes #36)
* Fix: vimeo: title parsing (Thanks to Peter Baranyi for the fix, closes #37)
- Fixes title issues with accented chars
* Fix: break: http/403 (Thanks to Werner Elsler for the fix, closes #38)
|
|
- Fixed bug where NSEC3 signature was not checked. This meant that
a DS could be spoofed away by a carefully crafted packet.
A downgrade attack on existing secure delegations.
- updated iana port list.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
pkgsrc changes:
- Adjusting dependencies
- Adding license definition
Upstream changes:
0.710.10
! #49981: UDDI::Lite version not parsable by cpanplus (again)
0.710.09
! #46444: use SOAP::Lite::Deserializer::XMLSchemaSOAP1_2 missing
! #37151: Strawberry perl 5.10 - Tests fail and then later hang
! #49981: UDDI::Lite version not parsable by cpanplus
! #49011: Fails to install under strawberry perl
! [2825166] In Constant DEFAULT_HTTP_CONTENT_TYPE
! [2832939] chunked client requests are returned 411(Length Required)
! [2860559] serious utf8 bug
! #44568 Tracing unavailable when SOAP::Lite is used as a server
! #44195 submitting patches / mention Nginx transport module in documentation
! [2777361] SOAP 1.2 Content-Type rejected
! #41937 ([patch] enable more tests)
! #39101: Apache2::Const::HTTP_BAD_REQUEST not defined
! #39672: serialization and autotype 'off'
! #41348: t/SOAP/Transport/HTTP/CGI.t failing on 5.6.x
! #20569: XMLRPC::Lite "wrong element 'nil'" exception on '<value><nil/></value>'
+ require Task::Weaken
+ better META.yml generated (Alexandr Ciornii)
|
|
Lightly tested (some of ospf, bgp, ripng on i386/amd64/sparc64).
No NEWS, but basically bugfixes and minor improvements.
|
|
* ClientID is now reported when interface starts
* -w, --wait forces dhcpcd to wait until an interface gets a lease or
times out
* Ensure DHCP socket is open when sending a DECLINE
* Uses new hwaddr if existing interface is downed and then changed.
* No longer works on firewire interfaces by default.
dhcpcd-5.1.2 has a new behaviour change - when starting up and at least 1
interface has a carrier then it tries to get a lease or times out.
It still daemonises regardless. This, along with the -b and -w flags
allows total control over the desired behaviour of dhcpcd.
|
|
need gdbm for avahi-discover, suggested by Simon Schubert in PR 42171.
|
|
- Add support to aggressively cache directory listenings, useful for
HTTP
- Avoid leaking memory in error cases. From Xavier from Arch Linux.
|
|
http://git.gnome.org/cgit/libsoup/plain/NEWS?id=LIBSOUP_2_28_0
|
|
- added license term
ChangeLog:
1.38 May 16th 2009
- PurePerl region_by_addr and region_by_name return '00' for unknown regions, like the CAPI does ( Boris Zentner )
- Update to latest FIPS codes from 20090401 ( Boris Zentner )
- Fix Pureperl handling of GEOIP_REGION_EDITION_REV0 ( Boris Zentner )
- Fix segfault when undef is supplied as filename to open ( Boris Zentner )
- Fix PP GEOIP_ISP_EDITION handling ( Boris Zentner )
- Add PP support for GEOIP_DOMAIN_EDITION ( Boris Zentner )
- Handle database types in the same way, as the CAPI does ( Boris Zentner )
- Remove Australia double timezones entries. ( Boris Zentner )
1.37 March 6th 2009
- Document region_by_addr and region_by_name ( Boris Zentner )
- region_by_addr and region_by_name return undef for unknown countries and regions. Instead of "\0" and '000' ( Boris Zentner )
- Add PP function region_by_addr ( Boris Zentner )
- Change the default values of Geo::IP::Record fields for metro_code and area_code to 0 instead of '' PurePerl only ( Boris Zentner )
- Change the default values of Geo::IP::Record fields for region, postal_code and region_name to undef instead of '' ( Boris Zentner )
- Force the output of Geo::IP::Record::longitude and ::latitude to four decimal places ( Boris Zentner )
- Fix PurePerl three letter code for Romania ( Boris Zentner )
- Update PurePerl regionnames 20090201 ( Boris Zentner )
- Update PurePerl timezones 20090201 ( Boris Zentner )
- Update timezones for Australia
! Fix: PurePerl's get_city_record_as_hash, record_by_addr and record_by_name to return undef for private and unknown IP's. Former we returned a Geo::IP::Record object with everything undef. The PurePerl code and the CAPI wrapper are now behave the same. ( Boris Zentner )
- Update region codes from http://www.maxmind.com/app/fips10_4 Dec 17th, 2008 ( Boris Zentner )
|
|
Changelog:
* Fix crash if creating filters with attributes or permissions rule
* MSW: Fix column reordering and hiding in file lists
* MSW: Fix crash if trying to edit a file without any associated program nor default editor
* Use REST+STOR to resume upload instead of APPE if server advertises REST STREAM support
|
|
BUILDLINK_API_DEPENDS.gnutls+= gnutls>=2.1.7
|
|
NEW in 0.69:
==============
- Display messages in notification, not count of tweets. (Thomas Thurman)
- Use https, not http api. (Evan McClain)
- Fix incorrect pluralising of relative time. (Deskin Miller)
- Fixed #1998551, the double-escaping of < and >. (Mike Lundy)
- Fixed #1961611, character count behavior. (Brian Pepple)
NEW in 0.68:
==============
- Fixed #1963695, Save avatars a little more sensibly. (Brian Pepple)
- Use Enchant, instead of ASpell. (Brian Pepple)
- Add option to have sound notication when new tweets arrive . (Brian Pepple)
- Add help (Brian Pepple)
NEW in 0.65:
==============
- Add support for Online Accounts Service (Marina Zhurakhinskaya, Colin Walters)
* More info about OAS can be found here: https://fedoraproject.org/wiki/Features/OnlineAccountsService
- Fixed #2122886, Fix date parsing on other than C/POSIX locale (Hiroshi Miura)
- Fixed #2083410, have textview in send message dialog get focus.
- Fixed #1961570, time issue w/ "1 hour" & "1 minute". (Derick Rethans)
- add Japanese translation (Hiroshi Miura)
|
|
2009.10.01 -- Version 2.1_rc20
* Fixed a bug introduced in 2.1_rc17 (svn r4436) where using the
redirect-gateway option by itself, without any extra parameters,
would cause the option to be ignored.
* Fixed build problem when ./configure --disable-server is used.
* Fixed ifconfig command for "topology subnet" on FreeBSD (Stefan Bethke).
* Added --remote-random-hostname option.
* Added "load-stats" management interface command to get global server
load statistics.
* Added new ./configure flags:
--disable-def-auth Disable deferred authentication
--disable-pf Disable internal packet filter
* Added "setcon" directive for interoperability with SELinux (Sebastien
Raveau).
* Optimized PUSH_REQUEST handshake sequence to shave several seconds
off of a typical client connection initiation.
* The maximum number of "route" directives (specified in the config
file or pulled from a server) can now be configured via the new
"max-routes" directive.
* Eliminated the limitation on the number of options that can be pushed
to clients, including routes. Previously, all pushed options needed
to fit within a 1024 byte options string.
* Added --server-poll-timeout option : when polling possible remote
servers to connect to in a round-robin fashion, spend no more than
n seconds waiting for a response before trying the next server.
* Added the ability for the server to provide a custom reason string
when an AUTH_FAILED message is returned to the client. This
string can be set by the server-side managment interface and read
by the client-side management interface.
* client-kill management interface command, when issued on server, will
now send a RESTART message to client.
This feature is intended to make UDP clients respond the same as TCP
clients in the case where the server issues a RESTART message in
order to force the client to reconnect and pull a new options/route
list.
2009.07.16 -- Version 2.1_rc19
* In Windows TAP driver, refactor DHCP/ARP packet injection code to
use a DPC (deferred procedure call) to defer packet injection until
IRQL < DISPATCH_LEVEL, rather than calling NdisMEthIndicateReceive
in the context of AdapterTransmit. This is an attempt to reduce kernel
stack usage, and prevent EXCEPTION_DOUBLE_FAULT BSODs that have been
observed on Vista. Updated TAP driver version number to 9.6.
* In configure.ac, use datadir instead of datarootdir for compatibility
with <autoconf-2.60.
2009.06.07 -- Version 2.1_rc18
* Fixed compile error on ./configure --enable-small
* Fixed issue introduced in r4475 (2.1-rc17) where cryptoapi.c change
does not build on Windows on non-MINGW32.
2009.05.30 -- Version 2.1_rc17
* Reduce the debug level (--verb) at which received management interface
commands are echoed from 7 to 3. Passwords will be filtered.
* Fixed race condition in management interface recv code on
Windows, where sending a set of several commands to the
management interface in quick succession might cause the
latter commands in the set to be ignored.
* Increased management interface input command buffer size
from 256 to 1024 bytes.
* Minor tweaks to Windows build system.
* Added "redirect-private" option which allows private subnets
to be pushed to the client in such a way that they don't accidently
obscure critical local addresses such as the DHCP server address and
DNS server addresses.
* Added new 'autolocal' redirect-gateway flag. When enabled, the OpenVPN
client will examine the routing table and determine whether (a) the
OpenVPN server is reachable via a locally connected interface, or (b)
traffic to the server must be forwarded through the default router.
Only add a special bypass route for the OpenVPN server if (b) is true.
If (a) is true, behave as if the 'local' flag is specified, and do not
add a bypass route.
The new 'autolocal' flag depends on the non-portable test_local_addr()
function in route.c, which is currently only implemented for Windows.
The 'autolocal' flag will act as a no-op on platforms that have not
yet defined a test_local_addr() function.
* Increased TLS_CHANNEL_BUF_SIZE to 2048 from 1024 (this will allow for
more option content to be pushed from server to client).
* Raised D_MULTI_DROPPED debug level to 4 from 3 to filter out (at debug
levels <=3) a common and usually innocuous warning.
* Fixed issue of symbol conflicts interfering with Windows CryptoAPI
functionality (Alon Bar-Lev).
* Fixed bug where the remote_X environmental variables were not being
set correctly when the 'local' option is specifed.
2009.05.17 -- Version 2.1_rc16
* Windows installer changes:
1. ifdefed out the check Windows version code which is causing
problems on Windows 7
2. don't define SF_SELECTED if it is already defined
3. Use LZMA instead of BZIP2 compression for better compression
4. Upgraded OpenSSL to 0.9.8k
* Added the ability to read the configuration file
from stdin, when "stdin" is given as the config
file name.
* Allow "management-client" directive to be used
with unix domain sockets.
* Added errors-to-stderr option. When enabled, fatal errors
that result in the termination of the daemon will be written
to stderr.
* Added optional "nogw" (no gateway) flag to --server-bridge
to inhibit the pushing of the route-gateway parameter to
clients.
* Added new management interface command "pid" to show the
process ID of the current OpenVPN process (Angelo Laub).
* Fixed issue where SIGUSR1 restarts would fail if private
key was specified as an inline file.
* Added daemon_start_time and daemon_pid environmental variables.
* In management interface, added new ">CLIENT:ESTABLISHED" notification.
* Build fixes:
1. Fixed some issues with C++ style comments that leaked into the code.
2. Updated configure.ac to work on MinGW64.
3. Updated common.h types for _WIN64.
4. Fixed issue involving an #ifdef in a macro reference that breaks early gcc
compilers.
5. In cryptoapi.c, renamed CryptAcquireCertificatePrivateKey to
OpenVPNCryptAcquireCertificatePrivateKey to work around
a symbol conflict in MinGW-5.1.4.
2008.11.19 -- Version 2.1_rc15
* Fixed issue introduced in 2.1_rc14 that may cause a
segfault when a --plugin module is used.
* Added server-side --opt-verify option: clients that connect
with options that are incompatible with those of the server
will be disconnected (without this option, incompatible
clients would trigger a warning message in the server log
but would not be disconnected).
* Added --tcp-nodelay option: Macro that sets TCP_NODELAY socket
flag on the server as well as pushes it to connecting clients.
* Minor options check fix: --no-name-remapping is a
server-only option and should therefore generate an
error when used on the client.
* Added --prng option to control PRNG (pseudo-random
number generator) parameters. In previous OpenVPN
versions, the PRNG was hardcoded to use the SHA1
hash. Now any OpenSSL hash may be used. This is
part of an effort to remove hardcoded references to
a specific cipher or cryptographic hash algorithm.
* Cleaned up man page synopsis.
2008.11.16 -- Version 2.1_rc14
* Added AC_GNU_SOURCE to configure.ac to enable struct ucred,
with the goal of fixing a build issue on Fedora 9 that was
introduced in 2.1_rc13.
* Added additional method parameter to --script-security to preserve
backward compatibility with system() call semantics used in OpenVPN
2.1_rc8 and earlier. To preserve backward compatibility use:
script-security 3 system
* Added additional warning messages about --script-security 2
or higher being required to execute user-defined scripts or
executables.
* Windows build system changes:
Modified Windows domake-win build system to write all openvpn.nsi
input files to gen, so that gen can be disconnected from
the rest of the source tree and makensis openvpn.nsi will
still function correctly.
Added additional SAMPCONF_(CA|CRT|KEY) macros to settings.in
(commented out by default).
Added optional files SAMPCONF_CONF2 (second sample configuration
file) and SAMPCONF_DH (Diffie-Helman parameters) to Windows
build system, and may be defined in settings.in.
* Extended Management Interface "bytecount" command
to work when OpenVPN is running as a server.
Documented Management Interface "bytecount" command in
management/management-notes.txt.
* Fixed informational message in ssl.c to properly indicate
deferred authentication.
* Added server-side --auth-user-pass-optional directive, to allow
connections by clients that do not specify a username/password, when a
user-defined authentication script/module is in place (via
--auth-user-pass-verify, --management-client-auth, or a plugin module).
* Changes to easy-rsa/2.0/pkitool and related openssl.cnf:
Calling scripts can set the KEY_NAME environmental variable to set
the "name" X509 subject field in generated certificates.
Modified pkitool to allow flexibility in separating the Common Name
convention from the cert/key filename convention.
For example:
KEY_CN="James's Laptop" KEY_NAME="james" ./pkitool james
will create a client certificate/key pair of james.crt/james.key
having a Common Name of "James's Laptop" and a Name of "james".
* Added --no-name-remapping option to allow Common Name, X509 Subject,
and username strings to include any printable character including
space, but excluding control characters such as tab, newline, and
carriage-return (this is important for compatibility with external
authentication systems).
As a related change, added --status-version 3 format (and "status 3"
in the management interface) which uses the version 2 format except
that tabs are used as delimiters instead of commas so that there
is no ambiguity when parsing a Common Name that contains a comma.
Also, save X509 Subject fields to environment, using the naming
convention:
X509_{cert_depth}_{name}={value}
This is to avoid ambiguities when parsing out the X509 subject string
since "/" characters could potentially be used in the common name.
* Fixed some ifconfig-pool issues that precluded it from being combined
with --server directive.
Now, for example, we can configure thusly:
server 10.8.0.0 255.255.255.0 nopool
ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0
to have ifconfig-pool manage only a subset
of the VPN subnet.
* Added config file option "setenv FORWARD_COMPATIBLE 1" to relax
config file syntax checking to allow directives for future OpenVPN
versions to be ignored.
|
|
|
