| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
3.0.19:
FEATURE IMPROVEMENTS
Update dictionary.cisco.
Update sqlippool to allow for stored procedures with PostgreSQL. This increases performance substantially Patch from Nathan Ward.
Re-added "show client config" command to radmin.
Cleaned up mods-available/sql example so that it is easier to understand.
Added pfSense dictionary.
Update dictionary.h3c
Update elasticsearch/logstash config for v6.7.0.
EAP-PWD security fixes from Mathy Vanhoef. See http://freeradius.org/security/.
BUG FIXES
Update dynamic_client module and server core so that the functionality works. This has been broken since at least v2.
Fix crash in sqlippool due to escaping changes Patch from Nathan Ward.
Fix systemd notify, watchdog and unit files
Fix erroneous length check in EAP-FAST.
Update documentation to remove old "ignore_null" configuration.
Fix default POD port. Should be 3799.
Correctly encode vendor-specific "encrypted" attributes
3.0.18:
FEATURE IMPROVEMENTS
cleanup_delay can now be 30 seconds. This helps with proxies that have packet loss.
Do-Not-Respond policies can now be set in the "post-auth" section.
Encode / Decode ADSL Forum DHCP options.
Fix module ordering issues. e.g. when "sqlippool" needs "sql". See the "instantiate" section of radiusd.conf.
Add Big Switch dictionary.
Add sql_session_start policy (raddb/policy.d/accounting) This minimizes race conditions when using Simultaneous-Use Patch from Philippe Wooding.
For rlm_perl, all variables are now tainted by default. See raddb/mods-available/perl, and the "perl_flags" configuration item. This change should only affect people who are using variables in insecure ways.
Allow "sqlcounter" module to be listed in "post-auth".
Add support for IPv6 attributes in SQL.
The server is better at handling fail-over for outbound RadSec and TCP connections.
The server is now more aggressive about retrying failed outbound RadSec and TCP connections.
Add TLS-Session-Version and TLS-Session-Cipher-Suite to the "session_state" list.
Add expansion for Radsec connections. "%{listen:TLS-...}" for TLS-Client-Cert-* and TLS-Cert-* attributes.
Add notes on running "ldapsearch" using the parameters from the LDAP module.
"ipaddr" attributes can now be cast to "integer" type attributes in an "update" section.
Move main thread queue to using atomic queues. This should help with contention in high load scenarios.
Add "recv_buff" setting to listeners. For more details, see sites-available/default.
The sqlippool module can now use attributes other than "Pool-Name" to assign IP pools. The "Pool-Name" attribute is still the default.
The "unpack" expansion can now unpack substrings. See mods-available/unpack for documentation and examples.
The preprocess module now does "ciscvo_vsa_hack" for Eltex-AVPair. Vendors SHOULD NOT USE THAT KIND OF ATTRIBUTE.
Allow for <instance>-LDAP-UserDN. See mods-available/ldap for more information.
Add sanitizing of control list for moonshot.
Update rlm_sql_mysql to be compatible with MySQL 8 Fixes https://bugs.launchpad.net/bugs/1795310.
Allow logging of only Access-Accept or Access-Reject messages See radiusd.conf, "auth_accept" and "auth_reject".
Removed Connect-Rate comparison. It was unused and broken.
Add dictionary.infinera.
RPMs can now change raddb location with rpmbuild parameter --define '_sysconfdir /etc'.
OpenDirectory module now points to Apple documentation for help with build and configuration.
Use OpenSSL HMAC functions instead of local ones.
Some SQL modules can now use "auto_escape" to escape unsafe strings See mods-config/sql/main/mysql/queries.conf.
Add wispr2date conversion in mods-available/date.
Implement dictionary-based handling in rlm_python.
Add support for SKIP LOCKED in sqlippool. This can improve performance by an order of magnitude or more. See raddb/mods-config/sql/ippool/*/queries.conf
Updated Debian packages to allow for libssl1.1
Allow PSK and certificates at the same time Except for TLS 1.3 which does not support that.
Update Debian packages for newer releases
Update docker scripts.
Add crypt xlat.
MySQL connections can now skip verifying the server certificate.
Add better mechanism to detect MariaDB (Old MySQL).
Add RFC 7532 "bang path" support for realms
Update dictionary.ukerna documentation.
Add support for systemd service and watchdogs
Check for openss/rand.h, and allow building without OpenSSL engine.
The default PosgtreSQL queries now use "ON CONFLICT" to better deal with issues. This requires PostgreSQL 9.5 or later. Please use a recent version of PostgreSQL, or edit the default queries to remove "ON CONFLICT".
BUG FIXES
The session-state list is no longer cleaned in the inner-tunnel. This lets the outer Access-Reject section access session-state.
Fix typo in lock initialization for TLS sockets Found by Sergio NNX.
Add check for crash when home server down
Add username key for postauth table.
Better libpcap checks, when the header files or libraries are missing.
Allow building with old versions of OpenSSL
Allow non-FreeRADIUS State attributes to be used with the "session-state" list. i.e. State length != 16.
Be more aggressive about cleaning up zombie children when running in debug mode.
Use LTDL_DEEPBIND, which fixes issues with Oracle libraries exporting LDAP API functions.
unlock files when asked to unlock them.
return error instead of asserting in map code.
Don't write 0 bytes to SSL.
Remove "expiry_time IS NULL" from allocate_update query.
Various dictionary cleanups and consistency checks
rlm_python has stronger thread locking to prevent reported issues. Performance may be affected.
Don't allow Message-Authenticator to overflow past the end of a large packet.
Fix crash in sqlippool when SQL server goes away
Typos in man pages. Patch from Nikolai Kondrashov
Check for correct OpenSSL version in vulnerability list. Patch from Christian Hesse.
Fix crash with CoA packets/
Fix crash in rlm_exec with CoA.
Print errors while parsing the log config, and don't quit when deprecated log settings are found.
Fix DHCP encoder xlat so that it can be used with a list of attributes. It previously only encoded the first member of the list, and now encodes all members.
The "expr" module now skips more whitespace.
Remove internal FreeRADIUS-Response-Delay attributes from attr_filter Access-Reject.
Don't send junk to redis when maximum args reached.
Small updates to IPv6 for accounting schema
Fix OpenDirectory integration in rlm_mschap.
Fix slow memory leak with dynamic clients.
Don't artificially truncate debug output for long strings.
Fix memory leak in EAP-PWD.
Fix crash in "hints" file with Fall-Through = yes.
Fix crash / timer issues with many CoA packets.
Fix attr_filter so that it does not treat vendor attributes of number 26 as Vendor-Specific.
Fix reconnect correctly in rlm_sql_mysql.
Fix rlm_cache to properly use Cache-TTL < 0
Fix rare occurance of bad xlat expansion.
Check for rare race condition when a proxy reply arrives too late.
|
|
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause licence
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
|
|
Release v1.22.0
Python
Add Debug Example.
Add Python 3.8 test.
Clean up Python Channel.del logic.
Surface exception from metadata credentials plugin methods.
Add python deprecation notices.
Unsubscribe all connectivity callbacks on Channel.close.
|
|
Release v1.22.0
Core
building upb as part of cmake build is not necessary (for v1.22.x).
Convert TraceFlags in the hot path to DebugTraceFlags.
Fix a bug where POST_RECV_MESSAGE was not being triggered.
Adjust the order of IOMgr timer initialization and comment of grpc_timer::heap_index.
C++
use bazel wrapper for "bazel" invocations in grpc workspace.
Add method to validate service config json.
Update comment on ssl hostname override.
Rename root certificate bundle in gRPC-C++ pod.
|
|
Changes:
2019.07.02
----------
Core
+ [utils] Introduce random_user_agent and use as default User-Agent (#21546)
Extractors
+ [vevo] Add support for embed.vevo.com URLs (#21565)
+ [openload] Add support for oload.biz (#21574)
* [xiami] Update API base URL (#21575)
* [yourporn] Fix extraction (#21585)
+ [acast] Add support for URLs with episode id (#21444)
+ [dailymotion] Add support for DM.player embeds
* [soundcloud] Update client id
|
|
|
|
18.0.2
- Compatibility with Python 3.8 prerelease by regenerating Cython sources
with Cython 0.29.10.
- Fix language_level=2 in Cython sources, for compatibility with Cython 0.30
- Show missing path for ENOENT errors on ipc connections.
|
|
|
|
I'm going to assume they have a good reason.
|
|
|
|
|
|
This is needed as a dependency for www/ocaml-cohttp.
|
|
|
|
Make usage of LSDEAD conditional.
|
|
Changes:
Fixes:
- hub pull-request: Avoid crash when the current branch is pushed to a
non-GitHub remote
- BROWSER environment variable now supports values with spaces in them
(must be shell-quoted)
- hub help: support man appearing in a path that has spaces
- Docs: mention that comma-separated lists must not have spaces
|
|
The former now redirects to the latter.
This covers the most simple cases where http://search.cpan.org/dist/name
can be changed to https://metacpan.org/release/name.
Reviewed by hand to hopefully make sure no unwanted changes sneak in.
|
|
Changes:
1.8.7
-----
Additions:
- Support for
- `vanillarock` (#254)
- `nsfwalbum` (#287)
- `artist` and `tags` metadata for `hentaicafe` (#238)
- `description` metadata for `instagram` (#310)
- Format string option to replace a substring with another
- `R<old>/<new>/` (#318)
Changes:
- Delete empty archives created by the `zip` post-processor (#316)
Fixes:
- Handle `hitomi` Game CG galleries correctly (#321)
- Miscellaneous fixes for `deviantart`, `hitomi`, `pururin`, `kissmanga`,
`keenspot`, `mangoxo`, `imagefap`
|
|
Changes:
20190627
--------
Extractors
+ [go] Add support for disneynow.com (#21528)
* [mixer:vod] Relax URL regular expression (#21531, #21536)
* [drtv] Relax URL regular expression
* [fusion] Fix extraction (#17775, #21269)
- [nfb] Remove extractor (#21518)
+ [beeg] Add support for api/v6 v2 URLs (#21511)
+ [brightcove:new] Add support for playlists (#21331)
+ [openload] Add support for oload.life (#21495)
* [vimeo:channel,group] Make title extraction non fatal
* [vimeo:likes] Implement extrator in terms of channel extractor (#21493)
+ [pornhub] Add support for more paged video sources
+ [pornhub] Add support for downloading single pages and search pages (#15570)
* [pornhub] Rework extractors (#11922, #16078, #17454, #17936)
+ [youtube] Add another signature function pattern
* [tf1] Fix extraction (#21365, #21372)
* [crunchyroll] Move Accept-Language workaround to video extractor since
it causes playlists not to list any videos
* [crunchyroll:playlist] Fix and relax title extraction (#21291, #21443)
|
|
This is just the usual use of PKGVERSION_NOREV. Pointed out by Oskar.
|
|
|
|
intended (or observed on OS X), and might help CentOS 7 bulk build
failure that I can't reproduce.
|
|
|
|
This inadvertently opened up the named process to more privileges than
necessary and could be considered a security risk. This may affect chroot
support, adding back in support for that will need to be done carefully.
Bump PKGREVISIONs.
|
|
The server side public license, used by databases/mongodb (version 4),
appears to be incompatible with ubiquiti-license. Also,
databases/mongodb does not build on platforms where net/unifi works
(e.g., netbsd-8 amd64).
|
|
|
|
* OpenBSD: compiles again
* BSD: Check RTM lengths incase of kernel issues
* DHCP6: Don't stop even when last router goes away
* DHCP6: Fix inform from RA
* hostname: Fix short hostname check
|
|
|
|
Previously, an IPv6 split tunnel with a /128 request would result in a
default tunnel, rather than a specific route. Correctly set the default
route if we request a /0.
If `which ip` returns something on a non-Linux OS, it's an unrelated
tool that won't work for routing configuration; don't try to set IPROUTE
on another OS. This should fix the macOS issue discovered at:
<https://github.com/dlenski/openconnect/issues/132#issuecomment-470475009>
|
|
|
|
|
|
|
|
Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.1
- Fixed duplicate error message when user tries to
sign in with invalid username.
- Make sure user can change username before
successfully authenticating.
- Fix error message when "type" command is not
given a parameter.
- Make sure we do not return multiple error
codes when an account is disabled.
- Do not drop connection to client when
selected account is disabled.
- Make sure when accounts are disabled/denied, they print the
proper reason (set in the config file) back to the client
|
|
|
|
Upstream changes:
* quickstep
* crash on a retweet tab in Tweet details tabs when non-Twitter World
is selected
* pass application name to notify-send
* thanks Shibafu Midorino
* improve performance of toot cache
* crash on Fav'ed from Mastodon World when Current World is not
fav'ed account
|
|
Reported in the upstream Ticket #39067:
https://osdn.net/projects/nicovideo-dl/ticket/39067
Also use https for HOMEPAGE and take maintainership.
Bump PKGREVISION.
|
|
|
|
|
|
Changes:
2019.06.21
----------
Core
* [utils] Restrict parse_codecs and add theora as known vcodec (#21381)
Extractors
* [youtube] Update signature function patterns (#21469, #21476)
* [youtube] Make --write-annotations non fatal (#21452)
+ [sixplay] Add support for rtlmost.hu (#21405)
* [youtube] Hardcode codec metadata for av01 video only formats (#21381)
* [toutv] Update client key (#21370)
+ [biqle] Add support for new embed domain
* [cbs] Improve DRM protected videos detection (#21339)
|
|
4.6.3
- Revert FastUUID for kombu 4.6
4.6.2
- Fix sbugs and regressions
4.6.1
- Fix some newly introduced bug in kombu 4.6
|
|
2.5.0
- Drop Python 3.4
- Add new platform
- Numerious bug fixes
|
|
0.7.1:
[BUGFIX] multiprocess: don't crash on missing gauge_live/sum files
[BUGFIX] correctly bind method on Python 2.x
|
|
|
|
Update bind914 to 9.14.3 (BIND 9.14.3).
--- 9.14.3 released ---
5244. [security] Fixed a race condition in dns_dispatch_getnext()
that could cause an assertion failure if a
significant number of incoming packets were
rejected. (CVE-2019-6471) [GL #942]
5243. [bug] Fix a possible race between dispatcher and socket
code in a high-load cold-cache resolver scenario.
[GL #943]
5242. [bug] In relaxed qname minimizatiom mode, fall back to
normal resolution when encountering a lame
delegation, and use _.domain/A queries rather
than domain/NS. [GL #1055]
5241. [bug] Fix Ed448 private and public key ASN.1 prefix blobs.
[GL #225]
5240. [bug] Remove key id calculation for RSAMD5. [GL #996]
5238. [bug] Fix a possible deadlock in TCP code. [GL #1046]
5237. [bug] Recurse to find the root server list with 'dig +trace'.
[GL #1028]
5234. [port] arm: just use the compiler's default support for
yield. [GL #981]
|
|
Update bind912 to 9.12.4pl2 (BIND 9.12.4-P2).
--- 9.12.4-P2 released ---
5244. [security] Fixed a race condition in dns_dispatch_getnext()
that could cause an assertion failure if a
significant number of incoming packets were
rejected. (CVE-2019-6471) [GL #942]
|
|
Update bind911 to 9.11.8 (BIND 9.11.8).
--- 9.11.8 released ---
5244. [security] Fixed a race condition in dns_dispatch_getnext()
that could cause an assertion failure if a
significant number of incoming packets were
rejected. (CVE-2019-6471) [GL #942]
5241. [bug] Fix Ed448 private and public key ASN.1 prefix blobs.
[GL #225]
5237. [bug] Recurse to find the root server list with 'dig +trace'.
[GL #1028]
|
|
|
|
- fixed bug in tinydns-data with false translation of IPv6|v4 addresses
for MX records.
- fixed bug in dnsip abending while evaluating IPv6 addresses.
- fixed alignment bug in dd.c for dd6 (tx vise).
- fixed bug in dns_nd.c for IPv6; dnsfilter is working now for IPv4 and IPv6
(tx vise).
- dns_ip, dns_mx, dns_txt, and dns_name return now number of answers given
(fehQlibs-12).
- libsodium compatibility checked and verified.
|
|
- Added DSA/DSS (+ECC) signature verification additionally to RSA.
- Added compatibility with fehQlibs-12.
|
|
- Added fehQlibs-12 compatibility.
|
|
- dns_ip, dns_cname, dns_txt, dns_name and dns_mx
return now the number of DNS answers received
unlike the number of bytes for the given output.
- Added convenience routines for forthcoming s/qmail.
- Added ia4_fmt, ia6_fmt and dns_cname (for *qmail).
- Changed dns_transmit lookup time constants.
|
