| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* EXPERIMENTAL ecdsa implementation, please do not enable on real
servers.
* GOST code enabled by default (RFC 5933).
* bugfix #326: ignore whitespace between directives and their values.
* Header comment to advertise ldns_axfr_complete to check for
successfully completed zone transfers.
* read resolv.conf skips interface labels, e.g. %eth0.
* Fix drill verify NSEC3 denials.
* Use closesocket() on windows.
* Add ldns_get_signing_algorithm_by_name that understand aliases,
names changed to RFC names and aliases for compatibility added.
* bugfix: don't print final dot if the domain is relative.
* bugfix: resolver search continue when packet rcode != NOERROR.
* bugfix: resolver push all domains in search directive to list.
* bugfix: resolver search by default includes the root domain.
* bugfix: tcp read could fail on single octet recv.
* bugfix: read of RR in unknown syntax with missing fields.
* added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next()
to sign and verify TSIG RRs on subsequent messages
(section 4.4, RFC 2845).
* bugfix: signer sigs nsecs with zsks only.
* bugfix #333: fix ldns_dname_absolute for name ending with backslash.
|
|
* Fixes for CERT and TSIG, DNAME and RRSet.
* Fixes for RP records.
* Some handling of priming responses with no additional section.
* Validation disabled for the DNS class
|
|
Previous patch for NetBSD wasn't really for netbsd4 but 4.99.58 and later.
So, I changed "#ifdef netbsd4" to "#ifdef NETBSD_STATS_VIA_SYSCTL" and
clean up patches. Should be fix PR pkg/43288.
It is fix of build problem only, so no PKG_REVISION bump.
|
|
changes:
-bugfixes
-Usernames/passwords specified explicitly in request URIs now
override existing cached auth info
-Added another workaround for stupid servers that close the
connection before returning the full response
-Added regression tests
|
|
|
|
Bump ABI_DEPENDS (and recursive bump).
|
|
|
|
Removed all occurrences of the "locked" attribute that was
deprecated in Perl 5.12.0.
I didn't upgrade the package to 6.0.1 because it causes incompatibilities
with net/mrtg
PKGREVISON++
|
|
|
|
This is a bug-fix release.
|
|
Changes since 2.0.7
- Remove .postlogin.c.swp (thanks Kaibin Li <kbli@fortinet.com>)!
- findlibs repairs for libcap; builds on my Ubuntu 6.06 again.
- Apply patch to fix "error: assignment of read-only member '__in'" build
error on broken systems where the WIFEXITED() etc. macros write to their
argument. Thanks Ingo Terpelle <it@exanto.de>.
- Replace spaces in xferlog with underscores, report from
Michael Wittauer <michael.wittauer@sonydadc.com>.
- Reload default config values before re-parsing config file on SIGHUP. This
makes the values correct in the case a setting was removed from the file.
- Do not issue an FTP response for a blank line on the control channel. Fixes
issues with some broken NAT devices. ProFTPd does the same, so hopefully
nothing will break. Report from Frank Bulk <fbulk@mypremieronline.com>.
- Replace usage of broken _syscall() with syscall(). Fixes build errors for
those without libcap-devel installed.
- Add implicit SSL support with implicit_ssl option.
- Remove arbitrary restriction on one process model + SSL.
- Set a session ID on the SSL context.
- Add the skeleton of a built-in ptrace sandbox. Not yet useful for anything
other than catching compile errors. Yes, I'm crazy :P
- Use PR_SET_PDEATHSIG all over the place so that when the listener is killed,
existing sessions are booted too.
- Use SSL_peek; makes SSL pipelining work. Note that I never found any SSL
client that need it, but still a nice code clean-up.
- Change ASCII download behaviour so \r\n does not become \r\r\n. This mirrors
proftpd behaviour instead of wu-ftpd. Thanks Paul Abel <pabel@fexcodcc.com>.
- Switch all sighandlers to the synchronous ones. Prevents us having to
block and unblock signals all the time.
- Add a "use alarm" option to synchronous signal handlers, to ensure the race
condition against a blocking call does not result in a permanent
non-delivery.
- Use SIGTERM for privileged parent process shutdown, so they can still update
u/wtmp properly.
- Do RAND_load_file from /dev/urandom in the child context because I don't
trust the OpenSSL API vs. fork(). Different children do have different RNG
state; this is defense in depth.
- More thoroughly close the remote ends of the priv_sock, ensuring that child
death results in no blocking in the parent. This is a matter of tidyness; the
SIGCHLD handler will reliably tear down the parent.
- Do the same for the SSL slave / consumer channels.
- Fix OpenBSD build.
- Move SSL data handling into the SSL slave process. Incurs some extra
overhead in terms of context switches and copies, but it enables this next
item:
- By default, require SSL data connections to exhibit SSL session re-use of
the control channel. Unlike the cert thing, this _is_ something we can turn
on by default as most clients seem to do reuse. Yay.
- Change 522 response for SSL connection fail to note when session reuse is
required.
(v2.1.0pre1 here)
- More work on the inbuilt ptrace()-sandbox support.
- Clear the idle alarm when starting data transfer if there is no data alarm.
- Fix syslog format; don't embed 2nd copy of date, pid. Thanks to
Ren
- Lock file before truncating it for upload. Fixes various simultaneous
upload corruption issues.
- Make sure to give 426 error code on uploads if ABOR was received.
- Add cmds_denied option to complement cmds_allowed.
- Ignore lines in config file containing only white space.
- Require write_enable / anon_upload_enable / etc. to process STOU.
- FC10 patch (vsftpd-1.0.1-missingok.patch): tweak to logrotate file.
- FC10 patch (vsftpd-1.2.1-nonrootconf.patch): bail if the config file is not
owned by the currently running user.
- FC10 patch (vsftpd-2.0.1-tcp_wrappers.patch): explicitly call openlog() to
avoid syslog() bug where some settings are not initialized.
- FC10 patch (vsftpd-2.0.3-daemonize_fds.patch): when backgrounding, replace
fd 0,1,2 with /dev/null fd.
- FC10 patch (vsftpd-2.0.5-correct_comments.patch): comment tweaks in the
sample config file.
- FC10 patch (vsftpd-2.0.5-fix_unique.patch): use the default filename given
by STOU if it is available.
- FC10 patch (vsftpd-2.0.5-pam_end.patch): call pam_end() properly so modules
can act on errors if they want.
- FC10 patch (vsftpd-2.0.5-pasv_dot.patch): Strict RFC compliance for PASV
command; add a trailing period.
- FC10 patch (vsftpd-2.0.5-uname_size.patch): allow longer usernames. It's not
1990 any more, so trust PAM etc. to not stack-buffer-overflow.
- FC10 patch (vsftpd-2.0.5-underscore_uname.patch): permit username to start
with underscore or period.
- FC10 patch (vsftpd-2.0.6-listen.patch): default listen to YES.
- Fix crash on SIGHUP introduced in 2.1.0pre1. Oops.
- FC10 patch (vsftpd-2.0.5-bind_denied.patch): retry PASV bind() on EACCES
too, which can happen on SELinux systems.
- Default resource limit for child processes: 100MB address space.
- Finishing touches to the initial sandbox policy; only permit connect() to
the host on the control channel being the nicest touch.
(v2.1.0pre2 here)
- Fix 64-bit build (oops)! Thanks Martin Nagy <mnagy@redhat.com>.
- Fix config of SSL built in; not enabled; two process model. Report from
Martin.
- Shutdown the command connection in the priv parent's SIGTERM handler; kills
of children where the PR_SET_PDEATHSIG cannot due to different user ids.
(v2.1.0pre3 here)
- Fix build on FC10.
- Some FAQ tweaks.
- Permit fcntl(F_GETFD) in sandbox policy. Needed for FC10. Not sure where it
comes from but it is harmless. (My guess would be glibc-2.9's new support for
using O_CLOEXEC more).
- Fix build warning on 64-bit.
- Fix build on OpenBSD again.
(v2.1.0pre4 here)
- Bring userlist_deny handling inside the max_login_fail accounting.
At this point: v2.1.0 released!
===============================
- Apply Tavis' RLIMIT_NOFILE trick in the twoprocess model's initial
unprivileged child.
- Fix build error due to __NR_utimes.
- Ugh. Can't use RLIMIT_NOFILE in the SSL case because the process later
receives data transfer fd's via recvmsg(). It's a total shame because doing
the SSL handshake under even lower privs would be a real boost.
(v2.1.1pre1 here)
- Fix some declarations occuring in the middle of a block; broke older more
strict compilers.
- Handle the case where libcap is now libcap.so.2; fixes build on my new
Ubuntu 9.04.
- Enhance 522 error message to point to require_ssl_reuse option.
- Fix NASTY regression whereby data transfer timeouts would fire incorrectly
under SSL transfers. In addition, the transfer rate caps were not working
under SSL transfers. Reported by several people.
- Use the login delay machinery for userlist-based denials too. Thanks to
Tomas Hoger <thoger@redhat.com> for the patch.
- Fix another tedious regression whereby absent per-user config files were
causing a session fail rather than being gracefully ignored.
- Use the somewhat new CLONE_NEWPID / CLONE_NEWIPC to provide more isolation
in the vsftpd low-priv processes (CLONE_NEWNET pending).
- Use RLIMIT_NPROC to disallow fork()ing etc. in processes that do not need
to create new ones.
- Add "isolate" config flag to disable the new weird clone() flags if
necessary.
At this point: v2.1.1 released!
===============================
- Fix compile error in sysdeputil.c on some Linux systems.
At this point: v2.1.2 released!
===============================
- Fix compile on systems with no RLIMIT_NPROC, oops.
- Change some unsigned int to socklen_t's to avoid warnings on various
platforms, e.g. AIX.
- Add some syscall constants to ptracesandbox.c to fix the build on systems
with 2.4 kernel headers.
- Look for libs in /lib64 and /usr/lib64 too (Fixes Fedora 11 x86_64 compile).
- Fix EACCES mapping, thanks Solar Designer <solar@openwall.com>.
- Dont emit a bogus "OOPS: " message upon a QUIT, report from Solar Designer
<solar@openwall.com>.
- Tweak example vsftpd.conf to add commented out chroot_local_user=YES,
from Ivan I. Grushin <mcgru@intrice.ru>.
- Where available, use CLONE_NEWNET to isolate the untrusted processes so that
they can't do arbitrary connect() and instead have to ask the privileged
process for sockets. Moderate code disturbance - hope for no breakage :-/
- Disable implicit activation of one_process_model so that an anonymous setup
can benefit from the no-network isolation of the unprivileged process (where
available).
(vsftpd-2.2.0pre1)
- Call pam_get_item(PAM_USER) after authentication in case a PAM module
remapped the username. Based on a patch from John McNair <john.mcnair@ihg.com>.
- Apply a couple of IPv6 fixes from Corinna Schultz <corinna.schultz@gmail.com>,
particularly when MS operating systems are talking on link local addresses.
- Handle the error case for accepting a PASV connection in the two process
model properly.
- Pull in a couple of minor tidyup patches from Openwall.
- Add "-o" command line option to specify option, e.g. vsftpd -olisten=NO. Also
respect ordering with respect config files, e.g.
vsftpd -olisten=NO /etc/vsftpd.conf -olocal_enable=NO
Inspiration from Solar / Openwall.
(vsftpd-2.2.0pre2)
- Revert listen to be "NO" by default and also set max_per_ip / max_clients
to 2000 / 50 as a default. Thanks to Solar.
- Sanity check for admin: check config files are regular files.
- Error out if opening the per-user config file gives an error other than
ENOENT. Thanks Solar (who is on fire today ;-)
(vsftpd-2.2.0pre3)
- Apply some typo fixes from Solar.
- Error out on read() errors when reading config files.
(vsftpd-2.2.0pre4)
- Add tunable_isolate_network to parseconf.c, thanks Stefan Pfetzing
<dreamind@dreamind.de>.
- Don't try and use CLONE_NEWPID etc. if we get EPERM -- may happen even to
root if using linux-vserver. Also thanks to Stefan Pfetzing
<dreamind@dreamind.de>.
- Couple of typo tweaks from Cristi Terpea <cristi.terpea@fortech.ro>.
- Change // style comments to /* style.
- Fix pointer aliasing issue in new PAM_USER item support, thanks to Solar.
At this point: v2.2.0 released!
===============================
- Apply patch to set SSL context timeout to maximum, from Tim Kosse
<tim.kosse@filezilla-project.org>. Should prevent data connection failures
after a long transfer or idle period.
- Apply async-safety signal tweaks from Solar.
- Fix crash regression with the pasv_address option enabled.
- Typo fix and look for libnsl in /lib64, from Robby Workman
<rworkman@slackware.com>.
- When asking the client to send us a cert, make sure we broadcast some suitable
certificates. Fixes compatibility with the z/OS FTP client when
tunable_ssl_request_cert=YES.
- Rip out the silly "cached time" concept. Simplifies things and fixes
incorrect transfer time bug reported by Rajeev V. Pillai. Explicitly pass around
the cached current time in seconds in the one place that needs to avoid
repeated gettimeofday() calls (directory listing).
- Do the login fail delay in the parent process for cases where we checked
a username / password.
At this point: v2.2.1 released!
===============================
- Change "File receive OK." to "Transfer complete." to placate some broken
clients. Thanks Holger Kiehl <Holger.Kiehl@dwd.de>.
- Fix erroneous "child died" upon FTP client connect, when under load. Awesome
thanks to Holger Kiehl <Holger.Kiehl@dwd.de> for running diagnostic tests on
his live server.
- Boot the session if an overly long line is encountered.
(vsftpd-2.2.2pre1)
At this point: v2.2.2 released!
===============================
- Add extremely simply HTTP support. It's very experimental, ignorant of HTTP
protocol and headers, and likely has all sorts of other issues. The use case
it might satisfy is if you need to serve simple static unathenticated content
with large levels of paranoia.
- Fix port_promiscuous breakage. Report from Soeren <soeren84@fastmail.net>.
(v2.3.0pre1)
- Minor FAQ update.
- Use a larger address space limit if using text_userdb_names=YES
- Always use CLONE_NEWNET if possible when in HTTP mode.
- Change REST + STOR so that it's possible to overwrite part of file without
truncating it.
(v2.3.0pre2)
- Boot the session if we see a USER where encryption was required. May prevent
the transmission of plaintext passwords by buggy clients. Idea from
Marcin Hlybin <marcin@rootnode.net>.
- Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n
fixups.
At this point: v2.3.0 released!
===============================
- Fix silly regression re: log files being overwritten from the start.
- Rename a few file-open functions to make it clearer what they do.
At this point: v2.3.1 released!
===============================
- Argh! Fix version number.
At this point: v2.3.2 released!
===============================
|
|
pksrc changes:
* Instead of patch&subst to change layout of statedir, pass it to configure
instead (and subst for manpages are fixed).
* Convert custom mod_wrap library modification to SUBST.
* Need to buildlink with security/tcp_wappers for mod_wrap.
NEWS:
1.3.3c - Released 29-Oct-2010
--------------------------------
- Bug 3511 - SQLAuthType Backend not properly rejected by mod_sql_sqlite.
- Bug 3513 - EPERM error logged unnecessarily for SFTP logins on Linux.
- Bug 3517 - mod_quotatab decrements file tally improperly for failed DELE
commands.
- Bug 3518 - Support SiteMiscEngine directive, for disabling mod_site_misc
functionality via proftpd.conf.
- Bug 3519 - Inappropriate directory traversal allowed by mod_site_misc.
- Bug 3521 - Telnet IAC processing stack overflow.
1.3.3b - Released 09-Sep-2010
--------------------------------
- Bug 3481 - Problem with SFTP directory listings.
- Bug 3483 - NULL pointer dereference handling SITE command in mod_quotatab.
- Bug 3485 - Disabling IPv6 via -4 or --ipv4 command-line options does not work.
- Bug 3487 - Null pointer dereference with EPRT/EPSV/PASV/PORT command during
data transfer.
- Bug 3482 - ProFTPD corrupts utmpx log files on FreeBSD 9.0/HEAD.
- Bug 3491 - Directory pattern not matching as expected.
- Bug 3492 - Null pointer dereference during data transfer due to RNFR/RNTO.
- Bug 3494 - Null pointer dereference for IPv6-enabled proftpd when no
DefaultServer configured.
- Bug 3501 - <Anonymous> logins with "AuthAliasOnly on" still handled as
anonymous logins.
1.3.3a - Released 01-Jul-2010
--------------------------------
- Bug 3400 - Add Japanese translation.
- Bug 3401 - mod_sftp does not compile with pre-0.9.7 OpenSSL.
- Bug 3402 - mod_tls does not compile with pre-0.9.7 OpenSSL due to Bug#3349.
- Bug 3403 - File upload followed by MLSD leads to wrong file size entries in
TransferLog.
- Bug 3405 - Multiple SFTPAuthorizedUserKeys stores causes segfault on 64-bit
platforms.
- Bug 3354 - Renaming a file across mount points to a full disk does not fail
as expected.
- Bug 3408 - Use <termios.h> instead of <sys/termios.h> where possible.
- Bug 3412 - Include files not included after restart due to permissions.
- Bug 3409 - Build failure on newer FreeBSD due to utmp/utmpx system changes.
- Bug 3417 - Unsafe use of pointer when scanning config for ScoreboardFile.
- Bug 3418 - %U sometimes showing up as "(none)" in ExtendedLog.
- Bug 3421 - RewriteHome does not work properly for SFTP connections.
- Bug 3419 - SSL_shutdown() errors with openssl-0.9.8m.
- Bug 3423 - Last line of multiline DisplayLogin file improperly handled.
- Bug 3426 - mod_sftp does not log to TransferLog by default.
- Bug 3425 - Improperly constructed destination paths for SCP uploads.
- Bug 3427 - mod_sftp does not handle recursive SCP uploads properly.
- Bug 3432 - ExecBeforeCommand does not interpolate the %F/%f variables
properly.
- Bug 3434 - TraceLog contains messages even with "Trace DEFAULT:0" configured.
- Bug 3435 - Encoding/decoding conversion can cause CPU spike.
- Bug 3436 - Support build-time option to disable use of nonblocking open of
log files. Use --disable-nonblocking-log-open to get the pre-1.3.3 behavior
of opening log files.
- Bug 3437 - UseImplicitSSL TLSOption causes PBSZ/PROT commands to fail.
- Bug 3439 - Encoding fails if an NLS-enabled proftpd starts in a UTF8 locale.
- Bug 3446 - .ftpaccess ignored in some cases.
- Bug 3447 - mod_sftp can become confused during large recursive SCP uploads.
- Bug 3448 - Ensure that STAT/LSTAT/FSTAT SFTP requests do not use cached/stale
data.
- Bug 3449 - mod_sftp does not properly handle the O_TRUNC flag in a SFTP OPEN
request.
- Bug 3450 - mod_sftp does not properly handle the O_APPEND flag in a SFTP OPEN
request.
- Bug 3451 - WinSCP can't upload files using protocol version 5 with mod_sftp.
- Bug 3452 - mod_sftp does not advertise its supported SFTP extensions for
protocol version 5.
- Bug 3454 - msgfmt(1) options used for generating NLS files are not compatible
with Solaris' msgfmt.
- Bug 3456 - Problem attempting to recursively download a directory via SCP.
- Bug 3458 - mod_sftp incorrectly performs OpenSSL cleanup.
- Bug 3459 - mod_radius segfaults during incorrect login due to stale data.
- Bug 3460 - REALPATH SFTP request can cause improperly cached directory
configuration.
- Bug 3462 - ftpasswd script's --delete-user option does not work.
- Bug 3463 - ftpasswd script's --delete-group option does not work.
- Bug 3465 - SIGSEGV at LIST after CCC.
- Bug 3470 - Deferred resolution <Directory> paths not handled properly by
mod_sftp.
- Bug 3469 - ExtendedLog's %f variable not properly expanded for DELE if path
begins with tilde ('~').
- Bug 3467 - mod_ifsession does not merge <Directory> blocks properly.
- Bug 3471 - Null values in allow/deny rules causes mod_wrap2 to segfault.
- Bug 3472 - mod_sftp publickey authentication fails for large keys.
- Bug 3424 - Bad LDAP lookup can cause mod_ldap segfault under some conditions.
- Bug 3476 - LIST/NLST of path starting with "-" fails.
- Bug 3475 - Add new 'noGetgrouplist' AuthUnixOption to work around buggy
libc code.
- Bug 3474 - Using SQLite database and SQLLog directive can lead to problems
under load.
|
|
This is a bugfix release.
|
|
* pdnsd support
* Ability to append to the search domains
|
|
* Add linux inotify support, allowing monitoring of file system
events.
* Deferreds now support cancellation.
* Added new "endpoint" interfaces in twisted.internet.interfaces,
which abstractly describe stream transport endpoints which can be
listened on or connected to. Implementations for TCP and SSL
clients and servers are present in twisted.internet.endpoints.
Notably, client endpoints' connect() methods return cancellable
Deferreds, so code written to use them can bypass the awkward
"ClientFactory.clientConnectionFailed" and
"Connector.stopConnecting" methods, and handle errbacks from or
cancel the returned deferred, respectively.
* twisted.protocols.amp.Integer's documentation now clarifies that
integers of arbitrary size are supported and that the wire format
is a base-10 representation.
* twisted.protocols.amp now includes support for transferring
timestamps (amp.DateTime) and decimal values (amp.Decimal).
* twisted.protocol.ftp.IWriteFile now has a close() method, which can
return a Deferred. Previously a STOR command would finish
immediately upon the receipt of the last byte of the uploaded file.
With close(), the backend can delay the finish until it has
performed some other slow action (like storing the data to a
virtual filesystem).
* FilePath now calls os.stat() only when new status information is
required, rather than immediately when anything changes. For some
applications this may result in fewer stat() calls. Additionally,
FilePath has a new method, 'changed', which applications may use to
indicate that the FilePath may have been changed on disk and
therefore the next status information request must fetch a new
stat result. This is useful if external systems, such as C
libraries, may have changed files that Twisted applications are
referencing via a FilePath.
* Documentation improvements are now summarized in the NEWS file.
* twisted.internet.task.deferLater now returns a cancellable
Deferred.
* The connect methods of twisted.internet.protocol.ClientCreator now
return cancellable Deferreds.
* twisted.spread.pb now has documentation covering some of its
limitations.
* twisted.spread.jelly now supports jellying and unjellying classes
defined with slots if they also implement __getstate__ and
__setstate__.
* twisted.protocols.amp.ListOf arguments can now be specified as
optional.
* Bugfixes
|
|
4.5.3 brings a number of improvements:
* KSharedDataCache has cache invalidation bug fixed that caused stability
when daylight saving time changed.
* Icon overlays in Dolphin are now positioned correctly after adjusting
the zoom level.
* Okular, KDE's universal document viewer has seen improvements in the
DjVu and XPS backends.
|
|
|
|
* Install the "radcrypt" program.
* Enable radclient to send requests containing MS-CHAPv1 Send packets with:
MS-CHAP-Password = "password". It will be automatically converted to the
correct MS-CHAP attributes.
* Added "-t" command-line option to radtest. You can use "-t pap", "-t chap",
"-t mschap", or "-t eap-md5". The default is "-t pap"
* Make the "inner-tunnel" virtual server listen on 127.0.0.1:18120 This change
and the previous one makes PEAP testing much easier.
* Added more documentation and examples for the "passwd" module.
* Added dictionaries for RFC 5607 and RFC 5904.
* Added note in proxy.conf that we recommend setting
"require_message_authenticator = yes" for all home servers.
* Added example of second "files" configuration, with documentation.
This shows how and where to use two instances of a module.
* Updated radsniff to have it write pcap files, too. See '-w'.
* Print out large WARNING message if we send an Access-Challenge for EAP, and
receive no follow-up messages from the client.
* Added Cached-Session-Policy for EAP session resumption. See raddb/eap.conf.
* Added support for TLS-Cert-* attributes. For details, see
raddb/sites-available/default, "post-auth" section.
* Added sample raddb/modules/{opendirectory,dynamic_clients}
* Updated Cisco and Huawei, HP, Redback, and ERX dictionaries.
* Added RFCs 5607, 5904, and 5997.
* For EAP-TLS, client certificates can now be validated using an external
command. See eap.conf, "validate" subsection of "tls".
* Made rlm_pap aware of {nthash} prefix, for compatibility with legacy RADIUS
systems.
* Add Module-Failure-Message for mschap module (ntlm_auth)
* Made rlm_sql_sqlite database configurable. Use "filename" in sql{} section.
* Added %{tolower: ...string ... }, which returns the lowercase version of the
string. Also added %{toupper: ... } for uppercase.
* Bug fixes.
|
|
Bug fixes: Fix crash (memcpy with length -1) when invalid Tunnel-Password
attributes are received.
|
|
|
|
Changelog:
Version 1.0.29:
* Fixed corruption when downloading files larger than 4 Gb on a 32-bits arch.
* Fixed error on exit on Linux.
* Downloading should be slightly faster.
Version 1.0.28:
* When —autorename is enabled, an upload script will now get the final file name instead of the original one.
* The ALLO command now checks for the actual disk space in addition to the virtual quota.
* ABOR on OSX has been fixed.
* Fixed the virtual quota computation after an atomic upload has been resumed.
* Fixed AUTH_ENCRYPTED.
* A workaround against spurious disconnections with ncftp has been implemented.
|
|
4.5.2
translation updates, performance and stability improvements and other
bugfixes.
4.5.0
new versions of the Plasma Workspaces, the KDE Applications and the KDE
Development Platform in version 4.5.0. While focus within this release
cycle lay on stability, the overall polish and performance gain is well
noticable. Features such as the reworked notification area, Marble's map
routing and support for WebKit in Konqueror round up this release.
|
|
|
|
- use prctl(2) to set process name [Cameron]
- add --version option [Cameron]
- remove superfluous sigset [Cameron/Gono]
- default options file to not require MPPE (#166394) [Howarth]
- add PROTOCOL-SECURITY discussion [Cameron/Mueller]
Fixes old PR pkg/38038
|
|
* Replaced IO subsystem with wandio abstraction
* IO / compression / decompression is now performed in a separate thread, resulting in improved performance
* Modular design makes it easy to add support for new compression formats
* Added native support for reading and writing bzip files
* Added native support for writing lzo files
* JITing of BPF bytecode using LLVM, leading to faster BPF filtering
* Added enums for post-IP protocols and Ethertypes
* Write support added for DAG cards - thanks to Daniel Lawson
* Added new trace tool: tracetop. Shows the top N flows each second
* Added new trace tool: tracereplay. Attempts to replay trace files in trace time
* Added new trace tool: tracediff. Displays packets that differ between two trace files
* Added trace_get_timespec() function
* If the format is not specified as part of the URI, libtrace can now attempt to guess the trace format
* Libpacketdump can now decode CHDLC and PPP/HDLC headers
* Added all the code examples from the libtrace tutorial to the examples directory
Bug Fixes:
* Fixed bug where packets read from a DAG card that did not match the filter were causing lengthy sleep events under the event API
* Fixed various tools that were not reporting the occurrence of a read error
* Fixed segfault caused by malformed URIs
* Fixed bug where reading a zero-length payload from a PCAP trace would result in an EOF being incorrectly reported
* Fixed bug where filtered packet count was not initialised to zero
* trace_get_payload_from_ip() now returns NULL when the IP version is incorrect rather than asserting
* Fixed segfault when writing packets to a Linux native socket, caused by byte ordering issue
* Fixed bug where custom pcap event function was not being used
* Fixed misplaced assertion in the pcap file reading code
* Fixed bug where trace_event would never get a packet event under recent versions of libpcap
* Fixed assertion failure when an unknown linktype is encountered by libpacketdump
* Fixed error caused by LCP packets that are common in some trace sets, e.g. Leipzig
* Increased size of RT packet buffer to fix problems caused by jumbograms
* Fixed errors caused by 32- and 64-bit incompatibility when sending Linux Native packets using the RT protocol
* trace_get_*_port() functions now always return 0 for ICMP packets
* Fixed problems with decoding HDLC and CHDLC headers
* Fixed segfault when reading PCAP packets that had no packet content
* Fixed bug where PCAP packets would be written with a larger capture length than the wire length
* Fixed segfault in the TCP segment report in tracereport caused by segments larger than 1500 bytes
* Fixed bug with restarting a PCAP trace file
* Fixed bugs relating to the size of the TSH packet records
* Fixed bug where we were not accounting for the FCS in legacy Ethernet captures
* Fixed bug where libpacketdump could not decode Linux SLL properly due to using an "undefined" function
* Fixed bug where libpacketdump was not skipping IP options before attempting to decode the next header
* Fixed bug where padding was being treated as part of a truncated header
* Fixed assertion when converting a packet with a corrupt wire length to PCAP
* More fixes for missing #includes
Improvements:
* trace_get_source_address() and trace_get_destination_address() now return link layer addresses in the absence of an IP header wherever possible
* trace_get_<protocol> short-cut functions now return NULL if the entire header (minus options) is not present in the packet
* Added missing set_capture_length() functionality for Linux Native
* traceanon can now write compressed traces
* traceanon now replaces checksums with zeroes
* traceanon, tracesplit and tracemerge now support all libtrace compression types for output
* tracereport no longer does the flow report by default
* Added support for new ERF types
* Added linktype for Experimental Ethernet
* Added --count option to tracereport
* Added --merge-inputs option to tracertstats
* Added support for ARPHRD_NONE
* Added a libpacketdump decoder for ubiquity headers
* Improved libpacketdump's method of searching for decoders
* More efficient arrangement of internal structures
* Tidied up exported symbols
* General code maintenance
* Tidied up manpages
* Improved documentation
|
|
Changelog:
* Set a minimum size for column widths in directory lists and transfer queue
* Fix build-time check for system TinyXML
* Correctly handle symbolic links pointing to files in search dialog
* Fix crash in options initialization
|
|
|
|
change: fix free on error of uninitialized IOR components
|
|
changes:
-fixes for gobject-introspection (not in pkgsrc yet)
-Fixed a few small leaks
|
|
This is pulled in early because it fixes a serious problem with servers
providing both IPv4 and v6: previous versions tried only the first
address returned by DNS, whether the box has connectivity or not.
Should fix problems with webkit in particular, as also reported by
Pouya D. Tafti.
|
|
|
|
|
|
|
|
AuthSub is Google's method of authentication for their web services.
It is also used by other web sites.
This package contains a perl module to interact with such sites.
|
|
Changes in 2.1.4
~~~~~~~~~~~~~~~~
* FIX: afpd: Downstream fix for FreeBSD PR 148022
* FIX: afpd: Fixes for bugs 3074077 and 3074078
* FIX: afpd: Better handling of symlinks in combination with ACLs and EAs.
Fixes bug 3074076.
* FIX: dbd: Adding a file with the CNID from it's adouble file did
not work in case that CNID was alread occupied in the database
* FIX: macusers: add support for Solaris
* NEW: cnid_metad: use a PID lockfile
* NEW: afpd: prevent log flooding
* UPD: dbd: ignore ".zfs" snapshot directories
* UPD: dbd: support interrupting -re mode
Does not fix pkg/43953, unfortunately.
|
|
Version 2.2.16
September 28, 2010
Changes:
* Add support for webm_480p, webm_720p [youtube]
* Thanks to Mark Weaver for the patch, <http://is.gd/fmwv5>
* Misc. minor tweaks in manual (e.g. URLs, etc.)
* Migrate issue tracking from Googlecode to Sourceforge, <http://is.gd/fmylF>
|
|
--- 4.1.1 2010/10/05
Fix yaz-config output: echo_source not set correctly by configure.
--- 4.1.0 2010/10/05
SOLR WebService support for yaz-client and ZOOM.
Define record syntax JSON. OID: 1.2.840.10003.5.1000.81.3 .
|
|
2010-01-13 Bob Halley <halley@dnspython.org>
* dns/dnssec.py: Added RSASHA256 and RSASHA512 codepoints; added
other missing codepoints to _algorithm_by_text.
2010-01-12 Bob Halley <halley@dnspython.org>
* Escapes in masterfiles now work correctly. Previously they were
only working correctly when the text involved was part of a domain
name.
* dns/tokenizer.py: The tokenizer's get() method now returns Token
objects, not (type, text) tuples.
2009-11-13 Bob Halley <halley@dnspython.org>
* Support has been added for hmac-sha1, hmac-sha224, hmac-sha256,
hmac-sha384 and hmac-sha512. Thanks to Kevin Chen for a
thoughtful, high quality patch.
* dns/update.py (Update::present): A zero TTL was not added if
present() was called with a single rdata, causing _add() to be
unhappy. Thanks to Eugene Kim for reporting the problem and
submitting a patch.
* dns/entropy.py: Use os.urandom() if present. Don't seed until
someone wants randomness.
2009-09-16 Bob Halley <halley@dnspython.org>
* dns/entropy.py: The entropy module needs locking in order to be
used safely in a multithreaded environment. Thanks to Beda Kosata
for reporting the problem.
2009-07-27 Bob Halley <halley@dnspython.org>
* dns/query.py (xfr): The socket was not set to nonblocking mode.
Thanks to Erik Romijn for reporting this problem.
2009-07-23 Bob Halley <halley@dnspython.org>
* dns/rdtypes/IN/SRV.py (SRV._cmp): SRV records were compared
incorrectly due to a cut-and-paste error. Thanks to Tommie
Gannert for reporting this bug.
* dns/e164.py (query): The resolver parameter was not used.
Thanks to Matías Bellone for reporting this bug.
2009-06-23 Bob Halley <halley@dnspython.org>
* dns/entropy.py (EntropyPool.__init__): open /dev/random unbuffered;
there's no need to consume more randomness than we need. Thanks
to Brian Wellington for the patch.
|
|
* fixed faulty optimization
* fixed failing query method
* Merge remote branch 'mrflip/master'
|
|
|
|
- Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The Penetration Test Team of NCNIPC (China) discovered that
the ASN.1 BER dissector was susceptible to a stack overflow.
(Bug 5230)
[A patch for this bug was already in version 1.4.0 in "pkgsrc".]
- The following bugs have been fixed:
o Incorrect behavior using sorting in the packet list. (Bug
2225)
o Cooked-capture dissector should omit the source address field
if empty. (Bug 2519)
o MySQL dissector doesn't dissect MySQL stream. (Bug 2691)
o Wireshark crashes if active display filter macro is renamed.
(Bug 5002)
o Incorrect dissection of MAP V2 PRN_ACK. (Bug 5076)
o TCP bytes_in_flight becomes inflated with lost packets. (Bug
5132)
o GTP header is exported in PDML with an incorrect size. (Bug
5162)
o Packet list hidden columns will not be parsed correctly from
preferences file. (Bug 5163)
o Wireshark does not display the t.38 graph. (Bug 5165)
o Wireshark don't show mgcp calls in "Telephony → VoIP calls".
(Bug 5167)
o Wireshark 1.4.0 & VoIP calls "Prepare Filter" problem. (Bug
5172)
o GTPv2: IMSI is decoded improperly. (Bug 5179)
o [NAS EPS] EPS Quality of Service IE decoding is wrong. (Bug
5186)
o Wireshark mistakenly writes "not all data available" for IPv4
checksum. (Bug 5194)
o GSM: Cell Channel Description, range 1024 format. (Bug 5214)
o Wrong SDP interpretation on VoIP call flow chart. (Bug 5220)
o The CLDAP attribute value on a CLDAP reply is no longer being
decoded. (Bug 5239)
o [NAS EPS] Traffic Flow Template IE dissection bugs. (Bug 5243)
o [NAS EPS] Use Request Type IE defined in 3GPP 24.008. (Bug
5246)
o NTLMSSP_AUTH domain and username truncated to first letter
with IE8/Windows7 (generating the NTLM packet). (Bug 5251)
o IPv6 RH0: dest addr is to be used i.s.o. last RH address when
0 segments remain. (Bug 5252)
o EIGRP dissection error in Flags field in external route TLVs.
(Bug 5261)
o MRP packet is not correctly parsed in PROFINET multiple write
record request. (Bug 5267)
o MySQL Enhancement: support of Show Fields and bug fix. (Bug
5271)
o [NAS EPS] Fix TFT decoding when having several Packet Filters
defined. (Bug 5274)
o Crash if using ssl.debug.file with no password for
ssl.keys_list. (Bug 5277)
- Updated Protocol Support
ASN.1 BER, ASN.1 PER, EIGRP, GSM A RR, GSM Management, GSM MAP,
GTP, GTPv2, ICMPv6, Interlink, IPv4, IPv6, IPX, LDAP, LLC, MySQL,
NAS EPS, NTLMSSP, PN-IO, PPP, RPC, SDP, SLL, SSL, TCP
Approved by Alistair Crooks.
|
|
|
|
|
|
|
|
No need to build in subdir and failed in intl subdirectory, because
some @XXXX@ are not replaced, syntax error for recent gmake.
|
|
|
|
New Features
* Zones may be dynamically added and removed with the "rndc addzone"
and "rndc delzone" commands. These dynamically added zones are
written to a per-view configuration file. Do not rely on the
configuration file name nor contents as this will change in a
future release. This is an experimental feature at this time.
* Added new "filter-aaaa-on-v4" access control list to select which
IPv4 clients have AAAA record filtering applied.
* A new command "rndc secroots" was added to dump a combined summary
of the currently managed keys combined with statically configured
trust anchors.
* Added support to load new keys into managed zones without signing
immediately with "rndc loadkeys". Added support to link keys with
"dnssec-keygen -S" and "dnssec-settime -S".
Changes
* Documentation improvements
* ORCHID prefixes were removed from the automatic empty zone list.
* Improved handling of GSSAPI security contexts. Specifically, better
memory management of cached contexts, limited lifetime of a context
to 1 hour, and added a "realm" command to nsupdate to allow
selection of a non-default realm name.
* The contributed tool "ztk" was updated to version 1.0.
Security Fixes
* If BIND, acting as a DNSSEC validating server, has two or more
trust anchors configured in named.conf for the same zone (such as
example.com) and the response for a record in that zone from the
authoritative server includes a bad signature, the validating
server will crash while trying to validate that query.
* A flaw where the wrong ACL was applied was fixed. This flaw allowed
access to a cache via recursion even though the ACL disallowed it.
Bug Fixes
* Removed a warning message when running BIND 9 under Windows for
when a TCP connection was aborted. This is a common occurrence and
the warning was extraneous.
* Worked around a race condition in the cache database memory
handling. Without this fix a DNS cache DB or ADB could incorrectly
stay in an over memory state, effectively refusing further caching,
which subsequently made a BIND 9 caching server unworkable.
* Partially disabled change 2864 because it would cause infinite
attempts of RRSIG queries.
* BIND did not properly handle non-cacheable negative responses from
insecure zones. This caused several non-protocol-compliant zones to
become unresolvable. BIND is now more accepting of responses it
receives from less strict servers.
* A bug, introduced in BIND 9.7.2, caused named to fail to start if a
master zone file was unreadable or missing. This has been corrected
in 9.7.2-P1.
* BIND previously accepted answers from authoritative servers that
did not provide a "proper" response, such as not setting AA bit.
BIND was changed to be more strict in what it accepted but this
caused operational issues. This new strictness has been backed out
in 9.7.2-P1.
|
|
PR#43924.
|
|
|
|
rest part of PR#43921.
|
