| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* Changes in Wget 1.17
** Remove FTP passive to active fallback due to privacy concerns.
** Add support for --if-modified-since.
** Add support for metalink through --input-metalink and --metalink-over-http.
** Add support for HSTS through --hsts and --hsts-file.
** Add option to restrict filenames under VMS.
** Add support for --rejected-log which logs to a separate file the reasons why
URLs are being rejected and some context around it.
** Add support for FTPS.
** Do not download/save file on error when --spider enabled
** Add --convert-file-only option. This option converts only the
filename part of the URLs, leaving the rest of the URLs untouched.
|
|
* Major Nmap Scripting Engine (NSE) Expansion
* Mature IPv6 support
* Infrastructure Upgrades
* Faster Scans
* SSL/TLS scanning solution of choice
* Ncat Enhanced
* Extreme Portability
|
|
Clean up and work around the silly coreutils (readlink) dependency.
Bump PKGREVISION.
|
|
Noted by Edgar Fuß in private mail. Bump PKGREVISION.
|
|
|
|
GStreamer 1.6.1 Release Notes
The GStreamer team is proud to announce the first bugfix release in the stable 1.6 release series of your favourite cross-platform multimedia framework!
This release only contains bugfixes and it is safe to update from 1.6.0. For a full list of bugfixes see Bugzilla.
See http://gstreamer.freedesktop.org/releases/1.6/ for the latest version of this document.
Last updated: Friday 30 October 2015, 14:00 UTC (log)
Major bugfixes
Crashes in the gst-libav encoders were fixed
More DASH-IF test streams are working now
Live DASH, HLS and MS SmoothStreaming streams work more reliable and other fixes for the adaptive streaming protocols
Reverse playback works with scaletempo to keep the audio pitch
Correct stream-time is reported for negative applied_rate
SRTP packet validation during decoding does not reject valid packets anymore
Fixes for audioaggregator and aggregator to start producing output at the right time, and e.g. not outputting lots of silence in the beginning
gst-libav's internal ffmpeg snapshot was updated to 2.8.1
cerbero has support for Mac OS X 10.11 (El Capitan)
Various memory leaks were fixed, including major leaks in playbin, playsink and decodebin
Various GObject-Introspection annotation fixes for bindings
and many, many more
GStreamer 1.6 Release Notes
The GStreamer team is proud to announce a new major feature release in the stable 1.x API series of your favourite cross-platform multimedia framework!
This release has been in the works for more than a year and is packed with new features, bug fixes and other improvements.
See http://gstreamer.freedesktop.org/releases/1.6/ for the latest version of this document.
Highlights
Stereoscopic 3D and multiview video support
Trick mode API for key-frame only fast-forward/fast-reverse playback etc.
Improved DTS (decoding timestamp) vs. PTS (presentation timestamp) handling to account for negative DTS
New GstVideoConverter API for more optimised and more correct conversion of raw video frames between all supported formats, with rescaling
v4l2src now supports renegotiation
v4l2transform can now do scaling
V4L2 Element now report Colorimetry properly
Easier chunked recording of MP4, Matroska, Ogg, MPEG-TS: new splitmuxsink and multifilesink improvements
Content Protection signalling API and Common Encryption (CENC) support for DASH/MP4
Many adaptive streaming (DASH, HLS and MSS) improvements
New PTP and NTP network client clocks and better remote clock tracking stability
High-quality text subtitle overlay at display resolutions with glimagesink or gtkglsink
RECORD support for the GStreamer RTSP Server
Retransmissions (RTX) support in RTSP server and client
RTSP seeking support in client and server has been fixed
RTCP scheduling improvements and reduced size RTCP support
MP4/MOV muxer acquired a new "robust" mode of operation which attempts to keep the output file in a valid state at all times
Live mixing support in aggregator, audiomixer and compositor was improved a lot
compositor now also supports rescaling of inputs streams on the fly
New audiointerleave element with proper input synchronisation and live input support
Blackmagic Design DeckLink capture and playback card support was rewritten from scratch; 2k/4k support; mode sensing
KLV metadata support in RTP and MPEG-TS
H.265 video encoder (x265), decoders (libav, libde265) and RTP payloader and depayloaders
New DTLS plugin and SRTP/DTLS support
OpenGL3 support, multiple contexts and context propagation, 3D video, transfer/conversion separation, subtitle blending
New OpenGL-based QML video sink, Gtk GL video sink, CoreAnimation CAOpenGLLayerSink video sink
gst-libav switched to ffmpeg as libav-provider, gains support for 3D/multiview video, trick modes, and the CAVS codec
GstHarness API for unit tests
gst-editing-services got a completely new ges-launch-1.0 interface, improved mixing support and integration into gst-validate
gnonlin has been deprecated in favor of nle (Non Linear Engine) in gst-editing-services
gst-validate has a new plugin system, an extensive default testsuite, support for concurrent test runs and valgrind support
cerbero build tool for SDK binary packages gains new 'bundle-source' command
Various improvements to the Android, iOS, OS X and Windows platform support
Full log at
http://gstreamer.freedesktop.org/releases/1.6/
|
|
All tests pass. Changes not found.
|
|
Changes:
* Statistics: 399 commits, 13 contributors, 79 closed issues, 37 closed
PRs, 103 days
* Docs: Greatly updated docs now hosted on ReadTheDocs!
http://docs.mitmproxy.org
* Docs: Fixed Typos, updated URLs etc. (Nick Badger, Ben Lerner, Choongwoo
Han, onlywade, Jurriaan Bremer)
* mitmdump: Colorized TTY output
* mitmdump: Use mitmproxy's content views for human-readable output (Chris
Czub)
* mitmproxy and mitmdump: Support for displaying UTF8 contents
* mitmproxy: add command line switch to disable mouse interaction (Timothy
Elliott)
* mitmproxy: bug fixes (Choongwoo Han, sethp-jive, FreeArtMan)
* mitmweb: bug fixes (Colin Bendell)
* libmproxy: Add ability to fall back to TCP passthrough for non-HTTP
connections.
* libmproxy: Avoid double-connect in case of TLS Server Name Indication.
This yields a massive speedup for TLS handshakes.
* libmproxy: Prevent unneccessary upstream connections (macmantrl)
* Inline Scripts: New API for HTTP Headers:
http://docs.mitmproxy.org/en/latest/dev/models.html#netlib.http.Headers
* Inline Scripts: Properly handle exceptions in `done` hook
* Inline Scripts: Allow relative imports, provide `__file__`
* Examples: Add probabilistic TLS passthrough as an inline script
|
|
Changes:
* netlib: Refactored HTTP protocol handling code
* netlib: ALPN support
* netlib: fixed a bug in the optional certificate verification.
* netlib: Initial Python 3.5 support (this is the first prerequisite for
3.x support in mitmproxy)
|
|
* Adapt to Twitter's display requirement changes (fav -> like)
* Use ruby-gtk2 3.0.7
* add -v option to check mikutter version (thanks @Akkiesoft)
|
|
From Petar Bogdanovic on pkgsrc-users.
|
|
|
|
ChangeLog (only stable versions):
2015/11/03 : 1.6.2
- BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < 1.0.0
- DOC: fix a typo for a "deviceatlas" keyword
- FIX: small typo in an example using the "Referer" header
- BUG/MEDIUM: config: count memory limits on 64 bits, not 32
- BUG/MAJOR: dns: first DNS response packet not matching queried hostname may lead to a loop
- BUG/MINOR: dns: unable to parse CNAMEs response
- BUG/MINOR: examples/haproxy.init: missing brace in quiet_check()
- DOC: deviceatlas: more example use cases.
- BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin.
- BUG/MAJOR: http: don't requeue an idle connection that is already queued
- DOC: typo on capture.res.hdr and capture.req.hdr
- BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section was missing
- CLEANUP: use direction names in place of numeric values
- BUG/MEDIUM: lua: sample fetches based on response doesn't work
2015/10/20 : 1.6.1
- DOC: specify that stats socket doc (section 9.2) is in management
- BUILD: install only relevant and existing documentation
- CLEANUP: don't ignore debian/ directory if present
- BUG/MINOR: dns: parsing error of some DNS response
- BUG/MEDIUM: namespaces: don't fail if no namespace is used
- BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is disabled
- MEDIUM: dns: Don't use the ANY query type
2015/10/13 : 1.6.0
- BUG/MINOR: Handle interactive mode in cli handler
- DOC: global section missing parameters
- DOC: backend section missing parameters
- DOC: stats paramaters available in frontend
- MINOR: lru: do not allocate useless memory in lru64_lookup
- BUG/MINOR: http: Add OPTIONS in supported http methods (found by find_http_meth)
- BUG/MINOR: ssl: fix management of the cache where forged certificates are stored
- MINOR: ssl: Release Servers SSL context when HAProxy is shut down
- MINOR: ssl: Read the file used to generate certificates in any order
- MINOR: ssl: Add support for EC for the CA used to sign generated certificates
- MINOR: ssl: Add callbacks to set DH/ECDH params for generated certificates
- BUG/MEDIUM: logs: fix time zone offset format in RFC5424
- BUILD: Fix the build on OSX (htonll/ntohll)
- BUILD: enable build on Linux/s390x
- BUG/MEDIUM: lua: direction test failed
- MINOR: lua: fix a spelling error in some error messages
- CLEANUP: cli: ensure we can never double-free error messages
- BUG/MEDIUM: lua: force server-close mode on Lua services
- MEDIUM: init: support more command line arguments after pid list
- MEDIUM: init: support a list of files on the command line
- MINOR: debug: enable memory poisonning to use byte 0
- BUILD: ssl: fix build error introduced by recent commit
- BUG/MINOR: config: make the stats socket pass the correct proxy to the parsers
- MEDIUM: server: implement TCP_USER_TIMEOUT on the server
- DOC: mention the "namespace" options for bind and server lines
- DOC: add the "management" documentation
- DOC: move the stats socket documentation from config to management
- MINOR: examples: update haproxy.spec to mention new docs
- DOC: mention management.txt in README
- DOC: remove haproxy-{en,fr}.txt
- BUILD: properly report when USE_ZLIB and USE_SLZ are used together
- MINOR: init: report use of libslz instead of "no compression"
- CLEANUP: examples: remove some obsolete and confusing files
- CLEANUP: examples: remove obsolete configuration file samples
- CLEANUP: examples: fix the example file content-sw-sample.cfg
- CLEANUP: examples: update sample file option-http_proxy.cfg
- CLEANUP: examples: update sample file ssl.cfg
- CLEANUP: tests: move a test file from examples/ to tests/
- CLEANUP: examples: shut up warnings in transparent proxy example
- CLEANUP: tests: removed completely obsolete test files
- DOC: update ROADMAP to remove what was done in 1.6
- BUG/MEDIUM: pattern: fixup use_after_free in the pat_ref_delete_by_id
|
|
**** 1.03 November 6, 2015
Fix rt.cpan.org #107897
t/10-recurse.t freezes, never completes
Fix rt.cpan.org #101978
Update Net::DNS to use IO::Socket::IP
Fix rt.cpan.org #84375
Timeout doesn't work with bgsend/bgread
Fix rt.cpan.org #47050
persistent sockets for Resolver::bg(send|read|isready)
Fix rt.cpan.org #15515
bgsend on TCP
|
|
Changes:
o Fix and improvements to various extractors (most user visible change is the
support for new base.js html5 youtube player).
|
|
|
|
Changelog only has "Bug fixes"
Several pkgsrc patches merged
pkgsrc changes: Switch to new Github handling
|
|
|
|
|
|
|
|
|
|
|
|
|
|
why the openbsd build failed.
|
|
Tests don't run through because of
===> Testing for py27-gevent-1.0.2
Traceback (most recent call last):
File "testrunner.py", line 2, in <module>
import six
File "/scratch/net/py-gevent/work/gevent-1.0.2/greentest/six.py", line 2, in <module>
from gevent.hub import PY3
ImportError: No module named gevent.hub
*** Error code 1
Release 1.0.2
-------------
- Fix LifoQueue.peek() to return correct element. PR #456. Patch by Christine Spang.
- Upgrade to libev 4.19
- Remove SSL3 entirely as default TLS protocol
- Import socket on Windows (closes #459)
- Fix C90 syntax error (PR #449)
- Add compatibility with Python 2.7.9's SSL changes. Issue #477.
|
|
It's safe to assume the test for MACHINE_ARCH == "amd64" doesn't actually apply
to NetBSD, hence being redundant.
ok joerg@
|
|
|
|
Avoid SDK build on OS X.
|
|
|
|
|
|
in the ejabberd 15.10 update that follows.
|
|
Problems found with existing digests:
Package haproxy distfile haproxy-1.5.14.tar.gz
159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Problems found locating distfiles:
Package bsddip: missing distfile bsddip-1.02.tar.Z
Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
Package djbdns: missing distfile djbdns-cachestats.patch
Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
Package gated: missing distfile gated-3-5-11.tar.gz
Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
Package poink: missing distfile poink-1.6.tar.gz
Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
Package waste: missing distfile waste-source.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
* Fix extraction and update test checksum
* fix info extraction
* unified_strdate: Return None if the date format can't be recognized
|
|
The changelog only goes as far back as 3.1. Major changes are:
- Mac OS X port
- Provide minimal interface information on BSD
- Fixes for all defects identified by coverity
- Fix accuracy issue on total rate calculation
- Better example config file
- Only initialize curses module if actually used
- Bugfixes
Also saner build system and new source code location (github).
|
|
|
|
Changelog:
Release 2.0.2 October 22nd 2015
csync_file_stat_s: Save a bit of memory
Shibboleth: Add our base user agent to WebKit
SelectiveSync: Increase folder list timeout to 60
Propagation: Try another sync on 423 Locked (#3387)
Propagation: Make 423 Locked a soft error (#3387)
Propagation: Reset upload blacklist if a chunk succeeds
Application: Fix crash on early shutdown (#3898)
Linux: Don't show settings dialog always when launched twice (#3273, #3771, #3485)
win32 vio: Add the OPEN_REPARSE_POINTS flag to the CreateFileW call. (#3813)
AccountSettings: only expand root elements on single click.
AccountSettings: Do not allow to expand the folder list when disconnected.
Use application SHORT name for the name of the MacOSX pkg file (ownBrander).
FolderMan: Fix for removing a syncing folder (#3843)
ConnectionMethodDialog: Don't be insecure on close (#3863)
Updater: Ensure folders are not removed (#3747)
Folder settings: Ensure path is cleaned (#3811)
Propagator: Simplify sub job finished counting (#3844)
Share dialog: Hide settings dialog before showing (#3783)
UI: Only expand 1 level in folder list (#3585)
UI: Allow folder expanding from button click (#3585)
UI: Expand folder treeview on single click (#3585)
GUI: Change tray menu order (#3657)
GUI: Replace term "sign in" with "Log in" and friends.
SetupPage: Fix crash caused by uninitialized Account object.
Use a themable WebDAV path all over.
Units: Back to the "usual" mix units (JEDEC standard).
csync io: Full UNC path support on Win (#3748)
Tray: Don't use the tray workaround with the KDE theme (#3706, #3765)
ShareDialog: Fix folder display (#3659)
AccountSettings: Restore from legacy only once (#3565)
SSL Certificate Error Dialog: show account name (#3729)
Tray notification: Don't show a message about modified folder (#3613)
PropagateLocalRemove: remove entries from the DB even if there was an error.
Settings UI improvements (eg. #3713, #3721, #3619 and others)
Folder: Do not create the sync folder if it does not exist (#3692)
Shell integration: don't show share menu item for top level folders
Tray: Hide while modifying menus (#3656, #3672)
AddFolder: Improve remote path selection error handling (#3573)
csync_update: Use excluded_traversal() to improve performance (#3638)
csync_excluded: Add fast _traversal() function (#3638)
csync_exclude: Speed up significantly (#3638)
AccountSettings: Adjust quota info design (#3644, #3651)
Adjust buttons on remove folder/account questions (#3654)
Release 2.0.1 September 1st 2015
AccountWizard: fix when the theme specifies an override URL (#3699)
Release 2.0.0 August 25th 2015
Add support for multiple accounts (#3084)
Do not sync down new big folders from server without users consent (#3148)
Integrate Selective Sync into the default UI
OS X: Support native finder integration for 10.10 Yosemite (#2340)
Fix situation where client would not reconnect after timeout (#2321)
Use SI units for the file sizes
Improve progress reporting during sync (better estimations, show all files, show all bandwidth)
Windows: Support paths >255 characters (#57) by using Windows API instead of POSIX API
Windows, OS X: Allow to not sync hidden files (#2086)
OS X: Show file name in UI if file has invalid UTF-8 in file name
Sharing: Make use of Capability API (#3439)
Sharing: Do not allow sharing the root folder (#3495)
Sharing: Show thumbnail
Client Updater: Check for updates periodically, not only once per run (#3044)
Windows: Remove misleading option to remove sync data (#3461)
Windows: Do not provoke AD account locking if password changes (#2186)
Windows: Fix installer when installing unprivileged (#2616, #2568)
Quota: Only refresh from server when UI is shown
SSL Button: Show more information
owncloudcmd: Fix --httpproxy (#3465)
System proxy: Ask user for credentials if needed
Several fixes and performance improvements in the sync engine
Network: Try to use SSL session tickets/identifiers. Check the SSL button to see if they are used.
Bandwidth Throttling: Provide automatic limit setting for downloads (#3084)
Systray: Workaround for issue with Qt 5.5.0 (#3656)
|
|
|
|
* TMPDIR is no longer defined
Applications which use TMPDIR and expect it to be a valid directory
no longer complain.
|
|
|
|
- apply the "warmup" patch only on linux. should fix the build on netbsd-6
|
|
|
|
|
|
(NetBSD's implementation of recvmmsg() is not 100% with the Linux version)
|
|
===========================
Bugfixes:
---------
- Do not reload expired zones on 'knotc reload' and server startup
- Fix rare race-condition in event scheduling causing delayed event execution
- Fix skipping of non-authoritative nodes in NSEC proofs
- Fix TC flag setting in RRL slipped answers
- Disable domain name compression for root label
- Log via journald only when running under systemd
- Fix CNAME following when quering for NSEC RR type
- Fix refreshing of DNSSEC signatures for zone keys
- Fix binding an unavailable IPv6 address on Linux (IP_FREEBIND)
- Fix infinite loop in knotc zonestatus and memstats
- Fix memory leak in configuration on server shutdown
- Fix broken dnsproxy module
- Fix DNSSEC KASP timestamps parsing in strict POSIX environment
- fix multi value parsing on big-endian
- Adapt to Nettle 3 API break causing base64 decoding failures on big-endian
Features:
---------
- Add 'keymgr zone key ds' to show key's DS record
- Add 'keymgr tsig generate' to generate TSIG keys
- Add query module scoping to process either all queries or zone queries only
- Add support for file name globbing in config file includes
- Add 'request-edns-option' config option to add custom EDNS0 option into
server initiated queries
Improvements:
-------------
- Send minimal responses (remove NS from Authority section for NOERROR)
- Update persistent timers only on shutdown for better performance
- Allow change of RR TTL over DDNS
- Documentation fixes, updates, and improvements in formatting
- Install yparser and zscanner header files
- Improve lookup of libsystemd build dependencies
- Fix compilation warnings in endian conversion functions on OpenBSD
Knot DNS 2.0.0 (2015-06-26)
===========================
Bugfixes:
---------
- Fix lost NOTIFY message if received during zone transfer
- Disable fast zone parser when compiled in Clang (workaround for Clang bug)
- kdig: Record correct dnstap SocketProtocol when retrying over TCP
- kdig: Hide TSIG section with +noall
- Do not set AA flag for AXFR/IXFR queries
Features:
---------
- DNSSEC: separate library, switch to GnuTLS, new utilities
- DNSSEC: basic KASP support (generate initial keys, ZSK rollover)
- Configuration: New text format in YAML, binary store in LMDB
- Zone parser: Split long TXT/SPF strings into multiple strings
- kdig: Add generic dump style option (+generic)
- Try all master servers in multi-master environment
- Improved remotes and ACLs (multiple addresses, multiple keys)
- Basic support for zone file patterns (%s to substitute zone name)
- Disable zone file synchronization by setting 'zonefile_sync' to '-1'
- knsupdate: Add input prompt in interactive mode and 'quit' command
- knsupdate: Allow TSIG algorithm specification in interactive prompt
Improvements:
-------------
- Zone dump: Do not write class for SOA record (unified with other RR types)
- Zone dump: Do not write master server address into the zone file
- Documentation: Manual pages are included in HTML and PDF
|
|
All dylibs get their -install_name set to ${PREFIX}/lib/libname.lib,
but plugins go in different directories which causes the check to misfire.
|
|
This is similar to tcptraceroute, but for IPv6.
This is the version from 1.0.3 of the NDisc6 package.
|
|
|
|
pkgsrc change:
* Remove duplicated HTML documents.
* Install some addtional documents.
Changes are too many to write here, please refer NEWS files and this
release fixes security problems.
October 2015 NTP Security Vulnerability Announcement (Medium)
NTF's NTP Project has been notified of the following 13 low- and
medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on
Wednesday, 21 October 2015:
* Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association
authentication bypass via crypto-NAK (Cisco ASIG)
* Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning
FAIL on some bogus values (IDA)
* Bug 2921 CVE-2015-7854 Password Length Memory Corruption
Vulnerability. (Cisco TALOS)
* Bug 2920 CVE-2015-7853 Invalid length data provided by a custom refclock
driver could cause a buffer overflow. (Cisco TALOS)
* Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption
Vulnerability. (Cisco TALOS)
* Bug 2918 CVE-2015-7851 saveconfig Directory Traversal
Vulnerability. (OpenVMS) (Cisco TALOS)
* Bug 2917 CVE-2015-7850 remote config logfile-keyfile. (Cisco TALOS)
* Bug 2916 CVE-2015-7849 trusted key use-after-free. (Cisco TALOS)
* Bug 2913 CVE-2015-7848 mode 7 loop counter underrun. (Cisco TALOS)
* Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC. (Tenable)
* Bug 2902 : CVE-2015-7703 configuration directives "pidfile" and "driftfile"
should only be allowed locally. (RedHat)
* Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should
validate the origin timestamp field. (Boston University)
* Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey
data packet length checks. (Tenable)
The only generally-exploitable bug in the above list is the crypto-NAK bug,
which has a CVSS2 score of 6.4.
Additionally, three bugs that have already been fixed in ntp-4.2.8 but were
not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all
below 1.8 CVSS score, so we're reporting them here:
* Bug 2382 : Peer precision < -31 gives division by zero
* Bug 1774 : Segfaults if cryptostats enabled when built without OpenSSL
* Bug 1593 : ntpd abort in free() with logconfig syntax error
|
|
This is a security release fixing CVE-2015-5230.
Bug fixes:
- Avoid superfluous backend recycling
- Removal of dnsdist from the authoritative server distribution
- Add EDNS unknown version handling and tests EDNS unknown version handling
Improvements:
- Update YaHTTP to v0.1.7
- Make trailing/leading spaces stand out in pdnssec check_zone
- GCC 5.2 support and sync boost.m4 macro with upstream
- Log answer packets only if log-dns-details is enabled
|
|
=============
Features:
* Default for ssl-port is port 853, the temporary port assignment for
secure domain name system traffic. If you used to rely on the older default
of port 443, you have to put a clause in unbound.conf for that. The new
value is likely going to be the standardised port number for this traffic.
* ANY responses include DNAME records if present,
as per Evan Hunt's remark in dnsop.
Bug Fixes:
* Fix segfault in the dns64 module in the formaterror error path.
* Fix manpage to suggest using SIGTERM to terminate the server.
* iana portlist update.
Unbound 1.5.5
=============
Features:
* Change default of harden-algo-downgrade to off.
This is lenient for algorithm rollover.
* Added permit-small-holddown config to debug fast 5011 rollover.
* Allow certificate chain files to allow for intermediate certificates.
* Enable ECDHE for servers. Where available, use SSL_CTX_set_ecdh_auto()
for TLS-wrapped server configurations to enable ECDHE. Otherwise,
manually offer curve p256. Client connections should automatically
use ECDHE when available.
* [bugzilla: 699 ] Feature --enable-pie option to that builds PIE binary.
* [bugzilla: 700 ] Feature --enable-relro-now option that enables full
read-only relocation.
* [bugzilla: 702 ] New IPs for for h.root-servers.net.
Bug Fixes:
* [bugzilla: 681 ] Fix setting forwarders with unbound-control forward
implicitly turns on forward-first.
* [bugzilla: 690 ] Fix that reload fails when so-reuseport is yes
after changing num-threads.
* please afl-gcc (llvm) for uninitialised variable warning.
* Fix mktime in unbound-anchor not using UTC.
* Fix 5011 anchor update timer after reload.
* 5011 implementation does not insist on all algorithms,
when harden-algo-downgrade is turned off.
* Document in the manual more text about configuring locally served zones.
* Document that local-zone nodefault matches exactly and transparent can
be used to release a subzone.
* [bugzilla: 694 ] Fix that configure script does not detect LibreSSL 2.2.2
* Fix deadlock for local data add and zone add when unbound-control
list_local_data printout is interrupted.
* [bugzilla: 697 ] Fix get PY_MAJOR_VERSION failure at configure for
python 2.4 to 2.6.
* changed windows setup compression to be more transparent.
* Fix config globbed include chroot treatment, this fixes reload of globs.
* [bugzilla: 705 ] Fix ub_ctx_set_fwd() return value mishandled on windows.
* Fix minor error in unbound.conf.5.in.
* Fix unbound.conf(5) access-control description for precedence and default.
* Fix unbound-control flush that does not succeed in removing data.
* MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution failures.
* iana portlist update.
|
