| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Changelog:
- Use default netmask of class when no netmask is given
|
|
|
|
--- 9.1.3 released ---
--- 9.1.3rc3 released ---
911. [bug] Fail gracefully with multiple hint zones. [RT #1433]
910. [port] Some pre-RFC2133 IPv6 implementations do not define
IN6ADDR_ANY_INIT. [RT #1416]
--- 9.1.3rc2 released ---
904. [bug] The server would leak memory if attempting to use
an expired TSIG key. [RT #1406]
903. [bug] dig should not crash when receiving a TCP packet
of length 0.
902. [bug] The -d option was ignored if both -t and -g were also
specified.
901. [cleanup] The man pages no longer have empty lines outside of
literal blocks.
898. [bug] "dig" failed to set a nonzero exit status
on UDP query timeout. [RT #1323]
894. [bug] When using the DNSSEC tools, a message intended to warn
when the keyboard was being used because of the lack
of a suitable random device was not being printed.
892. [bug] The server could attempt to refresh a zone that
was being loaded, causing an assertion failure.
[RT #1335]
891. [bug] Return an error when a SIG(0) signed response to
an unsigned query is seen. This should actually
do the verification, but it's not currently
possible. [RT #1391]
888. [bug] Don't die when using TKEY to delete a nonexistent
TSIG key. [RT #1392]
860. [interop] Drop cross class glue in zone transfers.
852. [bug] Handle responses from servers which do not
now about IXFR.
850. [bug] dns_rbt_findnode() would not find nodes that were
split on a bitstring label somewhere other than in
the last label of the node. [RT #1351]
705. [port] Work out resource limit type for use where rlim_t is
not available. [RT #695]
704. [port] RLIMIT_NOFILE is not available on all platforms.
703. [port] sys/select.h is needed on older platforms. [RT #695]
--- 9.1.3rc1 released ---
831. [bug] The configure script tried to determine
endianness before making its final decision on
which C compiler to use, causing Solaris/x86
systems with gcc to be incorrectly identified
as big-endian. [RT #1315]
827. [bug] When an IXFR protocol error occurs, the slave
should retry with AXFR.
826. [bug] Some IXFR protocol errors were not detected.
825. [bug] zone.c:ns_query() detached from the wrong zone
reference. [RT #1264]
824. [bug] Correct line numbers reported by dns_master_load().
[RT #1263]
822. [bug] Sending nxrrset prerequisites would crash nsupdate.
[RT #1248]
806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
the calling stack to the zone maintence level, causing
zones to not reload when an included file was touched
but the top-level zone file was not.
771. [cleanup] TSIG errors related to unsynchronized clocks
are logged better. [RT #919]
734. [bug] An attempt to re-lock the zone lock could occur if
the server was shutdown during a zone tranfer.
[RT #830]
712. [bug] Sending a large signed update message caused an
assertion failure. [RT #718]
669. [bug] dnssec-keygen now makes the public key file
non-world-readable for symmetric keys. [RT #403]
|
|
|
|
|
|
|
|
USE_BUILDLINK_ONLY.
|
|
|
|
|
|
|
|
|
|
Ruby module for handling ICMP packets.
|
|
druby (DRb) - distributed ruby.
DRb can be used to exchange messages among Ruby scripts.
|
|
from the package name.
|
|
big enough, resulting into overwriting of stack variables making wmnet
core dump because of segfault. Increase buffer size to avoid that.
Bump to 1.06nb2.
|
|
so remove it from package Makefiles. Also move the inclusion of the
buildlink.mk files to the end of the Makefile to just before bsd.pkg.mk
to ensure that any Makefile settings occur before the buildlink.mk files.
|
|
|
|
|
|
|
|
|
|
|
|
changes to the Makefile, and mark as USE_BUILDLINK_ONLY.
|
|
pre-current systems.
|
|
|
|
|
|
pkgsrc/databases/p5-perl-ldap, and has been around since '99.
Therefore, that one takes precedence. Mea summa culpa.
|
|
- Handle PKGLOCALEDIR in PLIST.
|
|
|
|
This is quite a different package from pkgsrc/devel/p5-LDAP; this one
doesn't require the mozilla ldapsdk, and also seems to be the 'standard'
LDAP interface these days.
|
|
and over again in the pkgsrc tree.
|
|
|
|
|
|
|
|
WHATS NEW IN Samba 2.2.0a: 23rd June 2001
==========================================
SECURITY FIX
============
This is a security bugfix release for Samba 2.2.0. This release provides the
following two changes *ONLY* from the 2.2.0 release.
1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com)
and described in the security advisory below.
2). Fix for the hosts allow/hosts deny parameters not being honoured.
No other changes are being made for this release to ensure a security fix only.
For new functionality (including these security fixes) download Samba 2.2.1
when it is available.
The security advisory follows :
IMPORTANT: Security bugfix for Samba
------------------------------------
June 23rd 2001
Summary
-------
A serious security hole has been discovered in all versions of Samba
that allows an attacker to gain root access on the target machine for
certain types of common Samba configuration.
The immediate fix is to edit your smb.conf configuration file and
remove all occurances of the macro "%m". Replacing occurances of %m
with %I is probably the best solution for most sites.
Details
-------
A remote attacker can use a netbios name containing unix path
characters which will then be substituted into the %m macro wherever
it occurs in smb.conf. This can be used to cause Samba to create a log
file on top of an important system file, which in turn can be used to
compromise security on the server.
The most commonly used configuration option that can be vulnerable to
this attack is the "log file" option. The default value for this
option is VARDIR/log.smbd. If the default is used then Samba is not
vulnerable to this attack.
The security hole occurs when a log file option like the following is
used:
log file = /var/log/samba/%m.log
In that case the attacker can use a locally created symbolic link to
overwrite any file on the system. This requires local access to the
server.
If your Samba configuration has something like the following:
log file = /var/log/samba/%m
Then the attacker could successfully compromise your server remotely
as no symbolic link is required. This type of configuration is very
rare.
The most commonly used log file configuration containing %m is the
distributed in the sample configuration file that comes with Samba:
log file = /var/log/samba/log.%m
in that case your machine is not vulnerable to this attack unless you
happen to have a subdirectory in /var/log/samba/ which starts with the
prefix "log."
Credit
------
Thanks to Michal Zalewski (lcamtuf@bos.bindview.com) for finding this
vulnerability.
New Release
-----------
While we recommend that vulnerable sites immediately change their
smb.conf configuration file to prevent the attack we will also be
making new releases of Samba within the next 24 hours to properly fix
the problem. Please see http://www.samba.org/ for the new releases.
Please report any attacks to the appropriate authority.
The Samba Team
security@samba.org
|
|
|
|
This is pconsole, the parallel console tool. pconsole was meant as an
interactive administrative shell tool for clusters.
pconsole allows you to connect to each node of your cluster simultaneously,
and you can type your administrative commands in a specialized window that
'multiplies' the input to each of the connections you have opened.
pconsole is best run from within X Windows, although it is possible to
employ it without X (in console mode) as well.
You need to install pconsole on only 1 machine in the cluster, this would
usually be your central administrative node.
pconsole makes use of ssh if possible.
|
|
FOO_REQD=1.0 being converted to foo>=1.0, one can now directly specify
the dependency pattern as FOO_DEPENDS=foo>=1.0. This allows things like
JPEG_DEPENDS=jpeg-6b, or fancier expressions like for postgresql-lib.
Change existing FOO_REQD definitions in Makefiles to FOO_DEPENDS.
|
|
(e.g. lo0, gif0, ...). From Takahiro Hayashi in pkg/13206.
|
|
|
|
buildlink.mk files. Mark as USE_BUILDLINK_ONLY.
|
|
Changes include:
4.2.1.23, Released Sunday 17 June 2001, changes:
Fixed compilation error in stats-sol.c
4.2.1.22, Released Saturday 16 June 2001, changes:
Darwin / MacOS X support
BeOS support
Improved Irix support
BSD idle-time-submit(tm) support
New SendCPULevel option (BSD, Solaris & Irix only)
Debian init.d script
Alternative to the upchk script added
Fixed compilating error when using the NR_LINUX_UPTIME_WRAPAROUNDS
That's all folks!
|
|
Notable changes in reverse order (newest on top):
* mrtg_lib had broken scanning for Ip tables in populateconfcache
this caused reference by IP to break
* new option for mrtg --logging replaces $main::debugfile from 2.9.13.
It can be set to a file which will take all mrtg output. On Win32 it can
also be set to 'eventlog' which will make all mrtg output go to the
eventlog.
* snmpv2 regexp did not match in cfgmaker
* fix for indexmakers extension feature
* improved mrtg logfile format description
* require perl 5.005 for mrtg_lib
* populateconfcache steps across non existing tables gracefully
* in mrtg, handle bigint more carefully and remove excess + from results
as some perls seem to crash on them ...
* check if gd was linked with jpeg and even freetype ...
* if $main::debugfile is set to a writeable filename, all output form mrtg
will go there (Firedeamon Suggenstion)
* SNMP_Session 0.86 added ... lenient_source_port_matching replaces the ad hoc
only_ip_address_matching from mrtg 2.9.11 ... AS/400 folks beware
* added --section=portname to indexmaker
* try to fix IsCounterBroken test in cfgmaker ... just cant find any broken
coutners to test this :-(
* fix for broken --dns-domain in cfgmaker
* fix for broken RouterUptime[] configurable
* fix for broken snmp with returns negative numbers for counters ...
* integrated my SNMP_utils changes into the real thing.
* make sure cfgmaker puts now raw < or > into the PageTop tag
* properly integrated ytics support in rateup
* properly deal with target math resulting in non integer data even when
logging to rateup which can not deal with floats.
* cleanup of rateup.c and some new options -b -a -o -i
* new options for mrtg noborder, noarrow, noi, noo, nobanner and nolegend
check reference.pod for docs.
* generator meta tag to html pages
* add 'only_ip_address_matching' feature to SNMP_Session. We are
more libaral when accepting snmp responses now.
* be more tolerant with external scripts input
* added feature to SNMP_utils: If first snmp var name is a HASH pointer,
the hash contents is used to set snmp options on the connection
* handle descriptions with & in cfgmaker
* added SnmpOptions: command to mrtg.cfg lanuage ... It allows
to set Snmp Options as available in SNMP_Session. Check the reference.txt file.
* test for availability of ifHCInOctets when running cfgmaker for v2 targets
* fixed indexmake image path for situations with Directories
* added option --prefix to indexmaker for people keeping thier index
somewhere else than default.
* honor background option in cfg file for indexmaker pages
* fixed warning in indexmaker (Use of uninitialized value in concatenation <.>
at indexmaker line 174)
* when the integer option was specified, there was still a .x printed in the summary area ...
* mrtg will now timestamp any warning and error message it emits
* fixed threshold processing ... IT REALY WORKS NOW! ...
**** Incompatible CHANGE ****************
ThreshProgOK now gets the same
commandline arguments as the normal ThreshProg ...
**** Incompatible CHANGE ****************
* configurable confcache (.ok) file location
* add <meta http-equiv="Cache-Control" content="no-cache">
to html files as this seems to be more understandable than "Pragma" content="no-cache"
|
|
|
|
USE_BUILDLINK_ONLY.
|
|
check for __NetBSD__ and refer to ncurses header as <ncurses.h>.
|
|
|
|
|
|
|
|
|
|
vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure. Obviously
this is not a guarantee, but a reflection that I have written the entire
codebase with security in mind, and carefully designed the program to be
resilient to attack.
Recent evidence suggests that vsftpd is also extremely fast (and this is
before any explicit performance tuning!) In tests against wu-ftpd, vsftpd
was always faster, supporting over twice as many users in some tests.
Package provided by Jacek Latos <vaneth@krasnik.org> in pkg/13208;
minor modifications by me.
|
