| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
ok by wiz@.
pkgsrc changes:
o Install the fish completion file in the proper directory (thanks to wiz@ for
noticing that)
Changes:
2015.08.09
o [periscope] add extractor
o [quickscope] add extractor
o misc bug fixes and improvements
2015.08.06
o misc bug fixes and improvements
2015.07.28
o [bbcnews] add support for bbc.com/news
o [dcn] add new extractor
o [lecture2go] add new extractor
o misc bug fixes and improvements
2015.07.21
o [sportschau] add support for sportschau.de
o [appleconnect] add new extractor
o misc bug fixes and improvements
2015.07.18
o [rdsca] new extractor
o [myvi:embed] add extractor
o misc bug fixes and improvements
2015.07.07
o [gfycat] various fixes
|
|
pkgsrc-users@.
ok wiz@
pkgsrc changes:
o Pass COPTS via MAKE_FLAGS. This avoid to completely rebuild dnsmasq when dbus
option is selected.
Changes:
version 2.75
Fix reversion on 2.74 which caused 100% CPU use when a
dhcp-script is configured. Thanks to Adrian Davey for
reporting the bug and testing the fix.
version 2.74
Fix reversion in 2.73 where --conf-file would attempt to
read the default file, rather than no file.
Fix inotify code to handle dangling symlinks better and
not SEGV in some circumstances.
DNSSEC fix. In the case of a signed CNAME generated by a
wildcard which pointed to an unsigned domain, the wrong
status would be logged, and some necessary checks omitted.
|
|
via pkgsrc-users@.
ok by wiz@.
Changes:
2014/09/12 Duane Wessels
Added 'new-gtlds' filter, which includes only queries for names
ending with one of the new (2013/2014) generic TLDs. This may
be useful to find hosts/servers using internal names which may
collide with new gTLDs once they become active. If you use
short (not fully qualified) names internally you may be uknownlying
relying on root (or other) name servers to return NXDOMAIN for
them. If so, "you're gonna have a bad time."
Along with this new feature, TLD lists are now hashed in the
code for faster lookups.
2012/11/30 Duane Wessels
Added more entries to the table of known query type names (HINFO,
AFSDB, PX, SSHFP, NSEC3, NSEC3PARAM, TLSA, DLV).
2012/10/15 Duane Wessels
The 'refused' filter only works on responses, which are not
processed by default. Now, if the 'refused' filter is specified,
dnstop will automatically process responses and ignore queries.
2012/06/11 Duane Wessels
Added "qtype-any" filter for displaying ANY queries which are
now fashionable in DNS based attacks.
2011/05/02 Duane Wessels
Anand Buddhev pointed out that LDFLAGS= is missing from Makefile.in.
Also updated known_tlds.h.
2011/01/27 Duane Wessels
Fixed some portability bugs (OpenBSD, gmake 3.82) and other
minor bugs.
Added a feature (-n option) to restrict counting to a given
query name.
2011/01/05 Duane Wessels
Found a fixed a few problems after spending some quality time
looking at the code.
1) Hash table performance was terrible and has been improved.
The hash table size is now configurable via command line
option.
2) Some things were double-counted when both -Q and -R were
given.
3) Added cumulative percentage totals to the tables
4) Added -X option to disable the source+queryname tables, which
could consume a lot of memory.
5) Imported "inX_addr" mini-library for storing IPv4/IPv6
addresses.
2010/12/27 Duane Wessels
Fixed a bug where if stdout was a TTY but stdin was not a TTY,
then dnstop would enter a loop on keyboard input and consume
100% CPU. Now it checks that stdin is a TTY as well.
|
|
ok by wiz@.
Changes:
2012-03-22
Added -Y option to specify the IP address of responses that
should not be captured. This option is useful when you want
to capture queries and spoofed response (DDoS attack) traffic,
but not the normal response traffic.
Added -L option to specify that dnscap should capture both
VLAN-tagged and un-tagged packets. This is in contrast
to the existing -l option which causes untagged packets
to be ignored.
|
|
|
|
Twisted Core 15.3.0 (2015-08-04)
================================
Features
--------
- twisted.application.app is now ported to Python 3 (#6914)
- twisted.plugin now supports Python 3 (#7182)
- twisted.cred.checkers is now ported to Python 3. (#7834)
- twisted.internet.unix is now ported to Python 3. (#7874)
- twisted.python.sendmsg has now been ported to Python 3, using the
stdlib sendmsg/recvmsg functionality when available. (#7884)
- twisted.internet.protocol.Factory now uses the new logging system
(twisted.logger) for all its logging statements. (#7897)
- twisted.internet.stdio is now ported to Python 3. (#7899)
- The isDocker method has been introduced on
twisted.python.runtime.Platform to detect if the running Python is
inside a Docker container. Additionally, Platform.supportsINotify()
now returns False if isDocker() is True, because of many Docker
storage layers having broken INotify. (#7968)
Bugfixes
--------
- twisted.logger.LogBeginner.beginLoggingTo now outputs the correct
warning when it is called more than once. (#7916)
Deprecations and Removals
-------------------------
- twisted.cred.pamauth (providing PAM support) has been removed due
to it being unusable in current supported Python versions. (#3728)
- twisted.application.app.HotshotRunner (twistd's hotshot profiler
module) is removed and twistd now uses cProfile by default. (#5137)
- twisted.python.win32.getProgramsMenuPath and
twisted.python.win32.getProgramFilesPath are now deprecated.
(#7883)
- twisted.lore has now been removed, in preference to Sphinx. (#7892)
- Deprecated zsh tab-complete files are now removed in preference to
twisted.python.usage's tab-complete functionality. (#7898)
- twisted.python.hashlib, deprecated since 13.1, has now been
removed. (#7905)
- twisted.trial.runner.DryRunVisitor, deprecated in Twisted 13.0, has
now been removed. (#7919)
- twisted.trial.util.getPythonContainers, deprecated since Twisted
12.3, is now removed. (#7920)
- Twisted no longer supports being packaged as subprojects. (#7964)
Other
-----
- #6136, #7035, #7803, #7817, #7827, #7844, #7876, #7906, #7908,
#7915, #7931, #7940, #7967, #7983
Twisted Conch 15.3.0 (2015-08-04)
=================================
Bugfixes
--------
- The Conch Unix server now sets the HOME environment variable when
executing commands. (#7936)
Other
-----
- #7937
Twisted Web 15.3.0 (2015-08-04)
===============================
Features
--------
- twisted.web.xmlrpc is now ported to Python 3. (#7795)
- twisted.web.template and twisted.web.util are now ported to Python
3. (#7811)
- twisted.web.error is now ported to Python 3. (#7845)
Deprecations and Removals
-------------------------
- twisted.web.html is now deprecated in favor of
twisted.web.template. (#4948)
Other
-----
- #7895, #7942, #7949, #7952, #7975
|
|
bump PKGREVISION
|
|
required by the resulting libfetch.a are pulled in for dependencies.
|
|
|
|
This package was partially migrated from libdes to OpenSSL and therefore
still exhibited some build failites: bin/afppasswd/afppasswd.c was patched
but not etc/uams/uams_randnum.c. Update the later to work around the problem.
|
|
so let's define it similar to RROP_UNROLL_CASE8/RROP_UNROLL_CASE16.
fixes build on netbsd/sparc64.
|
|
|
|
Fixes pkg/50084.
|
|
No functional change intended.
|
|
3.07 2015-07-17
- Net::FTP::rmdir() has been made more robust by making use of the MLSD
command in addition to the NLST command since the latter is known not to
be processed correctly by some FTP servers.
[Chris Lindee, CPAN RT#100694]
- Net::FTP, Net::NNTP, Net::POP3 and Net::SMTP can now restrict domain to
IPv4 even if IPv6 is available by using the new Domain or Family argument.
Net::NNTP now supports the LocalPort argument in addition to LocalAddr.
Net::POP3 now supports the LocalAddr and LocalPort arguments in addition
to ResvPort (which is retained for backwards compatibility).
[Steffen Ullrich, PR#18]
- Fixed a bug in Net::Cmd::datasend() which caused octets in [\x80-\xFF]
stored in a "binary string" to be replaced with their UTF-8 encodings if
the string happened to be stored internally in an "upgraded" state (i.e.
with the UTF-8 flag on). (As noted below, strings passed to datasend()
should always be encoded first, and therefore not stored in such a state
anyway, but it is all too easy for perl to change this internal state
unless the encodeing is done at the very last minute before calling
datasend(), so it helps if datasend() plays more nicely in this case. In
particular, it was wrong of datasend() to treat upgraded and downgraded
strings differently when their contents were identical at the Perl level.)
This bugfix results in a breaking change to the case of a "text string"
with characters in U+0080..U+00FF stored internally in an upgraded state
since those characters are likewise no longer encoded to UTF-8 by
datasend(), but callers of datasend() should not have been relying on this
behaviour anyway: In general, datasend() has no idea what encoding is
required for output so callers should always encode the data to be output
to whatever encoding is required first. This has now been clarified in
the documentation.
Finally, a text string with characters >= U+0100 will now cause a "Wide
character in print" warning from datasend() since such characters cannot
be output as bytes and datasend() no longer encodes to UTF-8. In this
case, UTF-8 bytes will still be output as before since that happens to be
the internal representation of such characters, but the warning is new.
Callers should heed this warning and encode such strings to whatever
encoding is required before calling datasend(), as noted above.
[Ricardo Signes, CPAN RT#104433]
|
|
0.05 2015-05-25
Fix test error when NO_NETWORK_TESTING is set (Karen Etheridge,
RT#101996, GH#3)
|
|
|
|
Chagelog:
Release 1.8.4 July 13th 2015
Release to ship a security release of openSSL. No source changes of the ownCloud Client code.
Release 1.8.3 June 23th 2015
Fix a bug in the Windows Installer that could crash explorer (#3320)
Reduce 'Connection closed' errors (#3318, #3313, #3298)
Ignores: Force a remote discovery after ignore list change (#3172)
Shibboleth: Avoid crash by letting the webview use its own QNAM (#3359)
System Ignores: Removed *.tmp from system ignore again. If a user wants to ignore *.tmp, it needs to be added to the user ignore list.
Release 1.8.2 (retracted) June 8th 2015
Improve reporting of server error messages (#3220)
Discovery: Ignore folders with any 503 (#3113)
Wizard: Show server error message if possible (#3220)
QNAM: Fix handling of mitm cert changes (#3283)
Win32: Installer translations added (#3277)
Win32: Allow concurrent OEM (un-)installers (#3272)
Win32: Make Setup/Update Mutex theme-unique (#3272)
HTTP: Add the branding name to the UserAgent string
ConnectonValidator: Always run with new credentials (#3266)
Recall Feature: Admins can trigger an upload of a file from client to server again (#3246)
Propagator: Add 'Content-Length: 0' header to MKCOL request (#3256)
Switch on checksum verification through branding or config
Add ability for checksum verification of up and download
Fix opening external links for some labels (#3135)
AccountState: Run only a single validator, allow error message overriding (#3236, #3153)
SyncJournalDB: Minor fixes and simplificatons
SyncEngine: Force re-read of folder Etags for upgrades from 1.8.0 and 1.8.1
Propagator: Limit length of temporary file name (#2789)
ShareDialog: Password ui fixes (#3189)
Fix startup hang by removing QSettings lock file (#3175)
Wizard: Allow SSL cert dialog to show twice (#3168)
ProtocolWidget: Fix rename message (#3210)
Discovery: Test better, treat invalid hrefs as error (#3176)
Propagator: Overwrite local data only if unchanged (#3156)
ShareDialog: Improve error reporting for share API fails
OSX Updater: Only allow updates only if in /Applications (#2931)
Wizard: Fix lock icon (#1447)
Fix compilation with GCC 5
Treat any 503 error as temporary (#3113)
Work around for the Qt PUT corruption bug (#2425)
OSX Shell integration: Optimizations
Windows Shell integration: Optimizations
|
|
|
|
Upstream says that it "can not" work with perl 5.22 and has even
forked perl as "stableperl" to allow his package to work instead
of fixing it differently.
See http://blog.schmorp.de/2015-06-06-stableperl-faq.html
Ok bsiegert@
|
|
0.10.3
======
- Fix potential crash if gupnp_dlna_value_list_new failed.
- Fix hang if no meta-data back-end is available.
- Remove use of gnome-common, add compiler warnings and fix const
correctness.
- Fix memory leak in gst-audio-information.
- Fix unit tests for new automake
- Make it possible to override the DLNA profile dir using
GUPNP_DLNA_PROFILE_DIR environment variable
- Fix discoverer testsuite to run completely uninstalled.
- Fix gupnp-dlna-info -a to be stuck if profile guesser does not work.
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=704096
- https://bugzilla.gnome.org/show_bug.cgi?id=707909
- https://bugzilla.gnome.org/show_bug.cgi?id=750929
- https://bugzilla.gnome.org/show_bug.cgi?id=751295
- https://bugzilla.gnome.org/show_bug.cgi?id=751634
All contributors to this release:
- Jens Georg <mail@jensge.org>
- Philip Withnall <philip@tecnocode.co.uk>
- Mark Ryan <mark.d.ryan@intel.com>
- Ludovic Ferrandis <ludovic.ferrandis@intel.com>
|
|
--- 9.10.2-P3 released ---
4165. [security] A failure to reset a value to NULL in tkey.c could
result in an assertion failure. (CVE-2015-5477)
[RT #40046]
|
|
--- 9.9.7-P2 released ---
4165. [security] A failure to reset a value to NULL in tkey.c could
result in an assertion failure. (CVE-2015-5477)
[RT #40046]
|
|
2015-07-12 Keith Winstein <mosh-devel@mit.edu>
* Version 1.2.5 released.
* New features:
* Bind to a specific IP address with --bind-server. (Philipp
Haselwarter)
* MOSH_ESCAPE_KEY configures escape character. (Timo
J. Rinne)
* Support non-roaming IPv6. (Anders Kaseorg)
* Implement XTerm mouse mode. (Barosl LEE, Andrew Chin,
Louis Kruger)
* Report Git revision along with version if available.
(John Hood)
* Platform support:
* Add pselect() emulation. (Jérémie Courrèges-Anglas)
* OpenBSD, OS X: Fix be64toh-related issues. (Jérémie
Courrèges-Anglas)
* ARM Neon: fix gcc4.8 compiling problem(Pasi Sjöholm)
* NaCl: Conditionally rename main to mosh_main. (Richard
Woodbury)
* FreeBSD: Token pasting, forkpty(), ARM fixes. (John Hood)
* AIX: Implement CTTY grabbing when TIOCSCTTY is missing
(Anton Lundin)
* OS X: Broaden build support to cover OS X 10.5 through
10.10. (John Hood)
* Debian: Improve bash-completion install and
functionality. (Suggested by Gabriel Filion, John Hood)
* Bug fixes:
* Automake/autoconf workarounds. (Anders Kaseorg)
* mosh-server: Allow startup without PTY. (Keith Winstein)
* network.cc: Properly close old fd on Socket assignment
operator. (Thanks to Igor Bukanov)
* mosh-server: Allow startup with zero-window-size PTY.
(Igor Bukanov)
* AddrInfo: Fix error message generation when node == NULL
(Anders Kaseorg)
* Timestamp: Prevent integer overflow on Darwin PPC 32-bit
(Anders Kaseorg)
* scripts/mosh: Fix hang when remote closes the connection
(Anders Kaseorg)
* Fix issues with parsing of 256-color SGR sequences.
(John Hood)
* Numerous code hygiene, Coverity, and Clang static analyzer
fixes. (Anders Kaseorg, Geoffrey Thomas, John Hood)
|
|
####################### V 1.7.3.0:
security:
(CVE Id pending)
Fixed problems with signal handling caused by use of not async signal
safe functions in signal handlers that could freeze socat, allowing
denial of service attacks.
Many changes in signal handling and the diagnostic messages system were
applied to make the code async signal safe but still provide detailled
logging from signal handlers:
Coded function vsnprintf_r() as async signal safe incomplete substitute
of libc vsnprintf()
Coded function snprinterr() to replace %m in strings with a system error
message
Instead of gettimeofday() use clock_gettime() when available
Pass Diagnostic messages from signal handler per unix socket to the main
program flow
Use sigaction() instead of signal() for better control
Turn off nested signal handler invocations
Thanks to Peter Lobsinger for reporting and explaining this issue.
Red Hat issue 1019975: add TLS host name checks
OpenSSL client checks if the server certificates names in
extensions/subjectAltName/DNS or in subject/commonName match the name
used to connect or the value of the openssl-commonname option.
Test: OPENSSL_CN_CLIENT_SECURITY
OpenSSL server checks if the client certificates names in
extensions/subjectAltNames/DNS or subject/commonName match the value of
the openssl-commonname option when it is used.
Test: OPENSSL_CN_SERVER_SECURITY
Red Hat issue 1019964: socat now uses the system certificate store with
OPENSSL when neither options cafile nor capath are used
Red Hat issue 1019972: needs to specify OpenSSL cipher suites
Default cipherlist is now "HIGH:-NULL:-PSK:-aNULL" instead of empty to
prevent downgrade attacks
new features:
OpenSSL addresses set couple of environment variables from values in
peer certificate, e.g.:
SOCAT_OPENSSL_X509_SUBJECT, SOCAT_OPENSSL_X509_ISSUER,
SOCAT_OPENSSL_X509_COMMONNAME,
SOCAT_OPENSSL_X509V3_SUBJECTALTNAME_DNS
Tests: ENV_OPENSSL_{CLIENT,SERVER}_X509_*
Added support for methods TLSv1, TLSv1.1, TLSv1.2, and DTLS1
Tests: OPENSSL_METHOD_*
Enabled OpenSSL server side use of ECDHE ciphers. Feature suggested
by Andrey Arapov.
Added a new option termios-rawer for ptys.
Thanks to Christian Vogelgsang for pointing me to this requirement
corrections:
Bind with ABSTRACT commands used non-abstract namespace (Linux).
Test: ABSTRACT_BIND
Thanks to Denis Shatov for reporting this bug.
Fixed return value of nestlex()
Option ignoreeof on the right address hung.
Test: IGNOREEOF_REV
Thanks to Franz Fasching for reporting this bug.
Address SYSTEM, when terminating, shut down its parent addresses,
e.g. an SSL connection which the parent assumed to still be active.
Test: SYSTEM_SHUTDOWN
Passive (listening or receiving) addresses with empty port field bound
to a random port instead of terminating with error.
Test: TCP4_NOPORT
configure with some combination of disable options produced config
files that failed to compile due to missing IPPROTO_TCP.
Thanks to Thierry Fournier for report and patch.
fixed a few minor bugs with OpenSSL in configure and with messages
Socat did not work in FIPS mode because 1024 instead of 512 bit DH prime
is required. Thanks to Zhigang Wang for reporting and sending a patch.
Christophe Leroy provided a patch that fixes memory leaks reported by
valgrind
Help for filan -L was bad, is now corrected to:
"follow symbolic links instead of showing their properties"
Address options fdin and fdout were silently ignored when not applicable
due to -u or -U option. Now these combinations are caught as errors.
Test: FDOUT_ERROR
Issue reported by Hendrik.
Added option termios-cfmakeraw that calls cfmakeraw() and is preferred
over option raw which is now obsolote. On SysV systems this call is
simulated by appropriate setting.
Thanks to Youfu Zhang for reporting issue with option raw.
porting:
Socat included <sys/poll.h> instead of POSIX <poll.h>
Thanks to John Spencer for reporting this issue.
Version 1.7.2.4 changed the check for gcc in configure.ac; this
broke cross compiling. The particular check gets reverted.
Thanks to Ross Burton and Danomi Manchego for reporting this issue.
Debian Bug#764251: Set the build timestamp to a deterministic time:
support external BUILD_DATE env var to allow to build reproducable
binaries
Joachim Fenkes provided an new adapted spec file.
Type bool and macros Min and Max are defined by socat which led to
compile errors when they were already provided by build framework.
Thanks to Liyu Liu for providing a patch.
David Arnstein contributed a patch for NetBSD 5.1 including stdbool.h
support and appropriate files in Config/
Lauri Tirkkonen contributed a patch regarding netinet/if_ether.h
on Illumos
Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
_POSIX_PTHREAD_SEMANTICS; and minor changes
Red Hat issue 1182005: socat 1.7.2.4 build failure missing
linux/errqueue.h
Socat failed to compile on on PPC due to new requirements for
including <linux/errqueue.h> and a weakness in the conditional code.
Thanks to Michel Normand for reporting this issue.
doc:
In the man page the PTY example was badly formatted. Thanks to
J.F.Sebastian for sending a patch.
Added missing CVE ids to security issues in CHANGES
testing:
Do not distribute testcert.conf with socat source but generate it
(and new testcert6.conf) during test.sh run.
####################### V 1.7.2.4:
corrections:
LISTEN based addresses applied some address options, e.g. so-keepalive,
to the listening file descriptor instead of the connected file
descriptor
Thanks to Ulises Alonso for reporting this bug
make failed after configure with non gcc compiler due to missing
include. Thanks to Horacio Mijail for reporting this problem
configure checked for --disable-rawsocket but printed
--disable-genericsocket in the help text. Thanks to Ben Gardiner for
reporting and patching this bug
In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
Probably no impact.
Thanks to David Binderman for reproting this issue.
procan could not cleanly format ulimit values longer than 16 decimal
digits. Thanks to Frank Dana for providing a patch that increases field
width to 24 digits.
OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
"Invalid argument"
Thanks to Emile den Tex for reporting this bug.
Changed some variable definitions to make gcc -O2 aliasing checker happy
Thanks to Ilya Gordeev for reporting these warnings
On big endian platforms with type long >32bit the range option applied a
bad base address. Thanks to hejia hejia for reporting and fixing this bug.
Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()
Red Hat issue 1022063: out-of-range shifts on net mask bits
Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()
Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
uses
Red Hat issue 1021958: fixed a bug with faulty buffer/data length
calculation in xio-ascii.c:_xiodump()
Red Hat issue 1021972: fixed a missing NUL termination in return string
of sysutils.c:sockaddr_info() for the AF_UNIX case
fixed some typos and minor issues, including:
Red Hat issue 1021967: formatting error in manual page
UNIX-LISTEN with fork option did not remove the socket file system entry
when exiting. Other file system based passive address types had similar
issues or failed to apply options umask, user e.a.
Thanks to Lorenzo Monti for pointing me to this issue
porting:
Red Hat issue 1020203: configure checks fail with some compilers.
Use case: clang
Performed changes for Fedora release 19
Adapted, improved test.sh script
Red Hat issue 1021429: getgroupent fails with large number of groups;
use getgrouplist() when available instead of sequence of calls to
getgrent()
Red Hat issue 1021948: snprintf API change;
Implemented xio_snprintf() function as wrapper that tries to emulate C99
behaviour on old glibc systems, and adapted all affected calls
appropriately
Mike Frysinger provided a patch that supports long long for time_t,
socklen_t and a few other libc types.
Artem Mygaiev extended Cedril Priscals Android build script with pty code
The check for fips.h required stddef.h
Thanks to Matt Hilt for reporting this issue and sending a patch
Check for linux/errqueue.h failed on some systems due to lack of
linux/types.h inclusion. Thanks to Michael Vastola for sending a patch.
autoconf now prefers configure.ac over configure.in
Thanks to Michael Vastola for sending a patch.
type of struct cmsghdr.cmsg is system dependend, determine it with
configure; some more print format corrections
docu:
libwrap always logs to syslog
added actual text version of GPLv2
|
|
It turns out that [^a]* matches all files not beginning with a on Darwin
and all files beginning with a on NetBSD. Work around this by crafting
a for loop with a case expression.
|
|
* Update MASTER_SITES.
Changelog:
Version 4.6.3 - 2015-06-17
* new mirror setting mirror:overwrite and options --overwrite/--no-overwrite.
* new mirror option --upload-older.
* new mirror option --recursion={always,never,missing,newer}.
* try to download zero sized files as they may be non-empty.
* torrent: new options --only-new, --only-incomplete.
* torrent: fixed endless loop in FD deallocation.
* fixed a memleak when parsing a directory listing with special files.
* fixed one byte buffer overflow in cls.
* fixed cmd:fail-exit description in the man page.
* fixed large stack usage when parsing fish directory listings.
Version 4.6.2 - 2015-04-16
* new command "edit" instead of the edit alias.
* new setting ssl:priority for disabling selected protocols.
* new settings fish:auto-confirm and sftp:auto-confirm.
* new setting file:use-lock to lock local files before accessing.
* ftp: fixed disconnecting on timeout (broken in 4.6.0).
* http: enclose ipv6 address in brackets in URLs and Host header.
* fixed mirror for http protocol with redirections.
* fixed `bookmark edit' to use correct XDG path if XDG is used.
* fixed a wildcard certificate validation vulnerability (CVE-2014-0139).
* fixed proxy authentication for CONNECT method.
* fixed exit code of `help' command.
* fixed sftp to show file names with slashes.
* fixed pget status display when all chunks are done except the first one.
* Ukrainian translation updated (Yuri Chornoivan).
* Russian translation updated.
Version 4.6.1 - 2014-12-29
* new mirror option --scan-all-first.
* mirror --Remove-source-files now removes files already present at the target.
* added a workaround for FUSE with HadoopFS I/O error during rename(2).
* fixed du to round file size up to block size.
* fixed compilation with libressl.
* fixed OPTS MLST, removed trailing semicolon.
* fixed put to sftp with special files (like /dev/stdin).
* fixed ftp to copy SID properly with GnuTLS (Tim Kosse).
* fixed mirror to follow redirections to files (Tomas Hozza).
Version 4.6.0 - 2014-10-13
* new torrent --share option.
* new setting mirror:require-source.
* new settings xfer:use-temp-file and xfer:temp-file-name.
* ftp: wait for QUIT reply before closing control socket.
Version 4.5.6 - 2014-10-13
* display valid IDN in URLs without percent encoding.
* ftp: shutdown SSL connection before closing control socket.
* ftp: avoid duplication of PROT command.
* fixed debug -o to append to the log file.
* fixed compilation without SSL.
* http: don't uncompress files ending with .gz, .Z or .tgz
* http: fixed inflation of some files.
* minor fixes in torrent protocol.
Version 4.5.5 - 2014-09-04
* added support for internationalized domain names.
* added lftp --norc option.
* added mirror "Finished" message.
* added ftp:catch-size setting.
* fixed net:max-retries setting.
* fixed byte counters in mirror status.
* fixed a segfault in ftps.
* fixed a spurious error message in fxp and ftp.
Version 4.5.4 - 2014-08-07
* new setting mirror:sort-by (name, size, date).
* torrent: reduced cpu and memory usage.
* fixed occasional "BUG:deadlock" message.
* fixed a segfault when a directory contains duplicate file names.
* fixed a memory leak in torrent.
* fixed byte counters in mirror --depth-first.
* fixed timeout checks in FISH.
* translations updated (pl).
Version 4.5.3 - 2014-07-06
* new setting ftp:site.
* don't uncompress http body when Contrent-Type is compressed.
* check source address of DHT replies.
* discard disconnected torrent peers only after a timeout.
Version 4.5.2 - 2014-06-11
* fixed a coredump on startup when compiled with certain gcc versions.
* mkdir -q option for quiet operation.
* glob --exist and --not-exist options.
* improved torrent status, show piece availability statistics.
* remove unconnectable torrent peers on trackerless torrents.
Version 4.5.1 - 2014-06-02
* show piece availabilty in torrent status.
* fixed a coredump in ftp when data connection fails.
* fixed default values of some settings.
* fixed http redirection handling.
* fixed compilation with gcc-4.8.3.
Version 4.5.0 - 2014-05-23
* optimized cpu usage for 10Gb/s transfers by using better data structures
and algorithms.
* new open option --env-password to take password from LFTP_PASSWORD
environment variable.
* new `exit parent' subcommand.
* new settings http:accept-encoding, http:decode.
* new setting xfer:max-log-size to limit transfer log size.
* show last disconnect cause for a few seconds in the session status.
* improved mirror status to display real-time aggregated byte count and rate.
* save torrent matadata on disk and load if available when needed.
* improved torrent DHT search.
* fixed exit behavior to flush buffered commands.
* fixed transfer rate reporting for mirror --parallel.
Version 4.4.16 - 2014-05-07
* fixed mirror --loop to re-check base directory contents.
* fixed sftp and fish authentication by password with FreeBSD server.
* fixed directory index parsing for some http servers.
* fixed find command output to avoid extra slash for plain files.
* fixed several bugs which could cause segfault.
Version 4.4.15 - 2014-01-21
* new setting pget:min-chunk-size.
* improved DHT search by preferring responded nodes.
* allow UTC timezone in http timestamps.
* fixed WebDAV rmdir operation.
* fixed torrent hang on shutdown when a tracker is unresposive.
* fixed adding too many slashes to URLs in http.
Version 4.4.14 - 2013-12-13
* fixed HEAD/PROPFIND handling in http.
* a minor memory leak fixed.
Version 4.4.13 - 2013-11-26
* fixed a bug in file size checking code.
Version 4.4.12 - 2013-11-26
* new option -l (--ls) for find command.
* improve workaround for single NL replies from an FTP server.
* Ukrainian translation updated (Yuri Chornoivan).
* fixed spinning in "get" when no remote session is open.
* don't pre-fetch file information in "get" when not needed.
* fixed handling of 400/501 http codes for PROPFIND to switch to HEAD.
* fixed a crash after cls.
* added file size decrease checking.
* used a newer libtool for ppc64le platform.
Version 4.4.11 - 2013-11-11
* fixed a slow down in mirror from http (thanks to OGAWA Hirofumi).
* fixed a coredump in sftp when accessing an inexistent file.
Version 4.4.10 - 2013-10-11
* mirror new option --file/-f to mirror a single file.
* mirror new option -O for get/put similarity.
* WebDAV fixes and improvements.
* new setting ftp:use-utf8 to disable utf-8 activation.
* fixed handling of incorrect encoding of file names.
* fixed compilation without libiconv.
* fixed occasional hang in mirror.
* kill ssh when terminating fish or sftp connection.
Version 4.4.9 - 2013-08-23
* implemented support for mirror -L in sftp.
* pass all 3 std file descriptors when attaching to lftp instance.
* ftp: added a workaround for incorrectly formatted multiline replies.
* sftp: added a workaround for RouterOS v6.
* fixed mirror --no-empty-dirs to skip directories with no included files.
* fixed segfault when there is no TERM environment variable.
* fixed torrent for meta-info files with % in their names.
* fixed compilation when IPV6_V6ONLY if not defined.
* fixed compilation with older zlib.
* fixed FD_CLOEXEC flag on cwd and transfer_log.
* fixed MLSD parsing for semicolons in file names.
* new translation: Ukrainian (thanks to Yuri Chornoivan).
* man page updated.
Version 4.4.8 - 2013-05-29
* add support for redirections in torrent metainfo fetching.
* add support for gzip Content-Encoding in http.
* fixed an endless loop in mirror from sftp.
Version 4.4.7 - 2013-05-23
* translations update (pl, cs).
* fixed "get -c" looping in some cases.
* fixed translations encoding (pl, it, es, pt_BR).
* fixed occasional file corruption and garbage logging in Fish protocol.
|
|
TigerVNC 1.5.0 - Lots of changes have been made since
the last release, but the highlights are:
- IPv6 support in the servers
- You can now have two passwords, one for full access and one for
"view only".
- syslog support in Xvnc
- GnuTLS priority configuration
- Performance fixes
- You can now easily start more clients on OS X
- More translations
TigerVNC 1.4.3 - This release addresses the following issues:
- Upstream patches applied to the underlying Xorg code base to
mitigate CVE-2015-0255.
- Fixes for performance regressions introduced in 1.4.0.
- Character encoding of clipboard text send by Java viewer now
strictly adheres to the RFB specification.
TigerVNC 1.4.1 - This is release is in response to the recent Xorg
Security Advisory. There are no known vulnerabilities in TigerVNC itself
related to this advisory, however some of the changes to the Xorg
codebase were not compatible with TigerVNC.
TigerVNC 1.4.0 - Lots of changes have been made since
the last release, but the highlights are:
- Colour map (aka indexed, palette) mode is largely removed. TigerVNC
is still compatible with other VNC implementations, but you can no
longer run Xvnc in colour map mode.
- Improvements to the keyboard handling both on the server and client
- Support for newer Xorg versions in the server build
- x0vncserver now supports XDamage for instant updates, making it
slightly less useless
- WinVNC now works in service mode on newer Windows versions
- Better full screen mode for the Java client on OS X
- man pages should now be up to date
- Improved TLS implementation in the Java client
- Lots and lots of cleanups and bug fixes
|
|
Tinc now forces glibc to reload /etc/resolv.conf for every hostname lookup.
Fixed —logfile without a filename on Windows.
Ensure tinc can be compiled when using musl libc.
|
|
the option by a space, e.g. must be -Ffoo.cfg.
Otherwise, /etc/rc.d/sslh start|stop|... will do nothing.
|
|
* user profile tab was not properly restored on startup
* user object cache for user's account was not updated
* occasional crash when list is added
|
|
Changes in version 0.2.6.10 - 2015-07-12
Tor version 0.2.6.10 fixes some significant stability and hidden
service client bugs, bulletproofs the cryptography init process, and
fixes a bug when using the sandbox code with some older versions of
Linux. Everyone running an older version, especially an older version
of 0.2.6, should upgrade.
o Major bugfixes (hidden service clients, stability):
- Stop refusing to store updated hidden service descriptors on a
client. This reverts commit 9407040c59218 (which indeed fixed bug
14219, but introduced a major hidden service reachability
regression detailed in bug 16381). This is a temporary fix since
we can live with the minor issue in bug 14219 (it just results in
some load on the network) but the regression of 16381 is too much
of a setback. First-round fix for bug 16381; bugfix
on 0.2.6.3-alpha.
o Major bugfixes (stability):
- Stop crashing with an assertion failure when parsing certain kinds
of malformed or truncated microdescriptors. Fixes bug 16400;
bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch
by "cypherpunks_backup".
- Stop random client-side assertion failures that could occur when
connecting to a busy hidden service, or connecting to a hidden
service while a NEWNYM is in progress. Fixes bug 16013; bugfix
on 0.1.0.1-rc.
o Minor features (geoip):
- Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
- Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
o Minor bugfixes (crypto error-handling):
- Check for failures from crypto_early_init, and refuse to continue.
A previous typo meant that we could keep going with an
uninitialized crypto library, and would have OpenSSL initialize
its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
when implementing ticket 4900. Patch by "teor".
o Minor bugfixes (Linux seccomp2 sandbox):
- Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
these when eventfd2() support is missing. Fixes bug 16363; bugfix
on 0.2.6.3-alpha. Patch from "teor".
|
|
validation errors when accessing Youtube URLs.
|
|
Features:
- [bugzilla: 644 ] harden-algo-downgrade option, if turned off,
fixes the reported excessive validation failure when multiple
algorithms are present. If set to 'no', it allows the weakest
algorithm to validate the zone.
- stats reports tcp usage, of incoming-num-tcp buffers.
- contrib/unbound_smf22.tar.gz: Solaris SMF installation/removal
scripts.
- Add ip-transparent config option for bind to non-local addresses.
- Synthesize ANY responses from cache. Does not search exhaustively,
but MX,A,AAAA,SOA,NS also CNAME.
- unbound-control list_insecure command shows the negative trust
anchors currently configured.
- ratelimit feature, ratelimit: 1000, can be used to turn it on. It
ratelimits recursion effort per zone. For particular names you can
configure exceptions in unbound.conf.
- Ratelimit does not apply to prefetched queries, and
ratelimit-factor is default 10. Repeated normal queries get resolved
and with prefetch stay in the cache.
- unbound-control ratelimit_list lists high rate domains.
- caps-whitelist in unbound.conf allows whitelist of loadbalancers
that cannot work with caps-for-id or its fallback.
- RFC 7553 RR type URI support, is now enabled by default.
- cache-max-negative-ttl config option, default 3600.
- Add local-zone type inform_deny, that logs query and drops answer.
Bug Fixes:
- Unbound exits with a fatal error when the auto-trust-anchor-file
fails to be writable. This is seconds after startup. You can load a
readonly auto-trust-anchor-file with trust-anchor-file. The file has
to be writable to notice the trust anchor change, without it, a trust
anchor change will be unnoticed and the system will then become
inoperable.
- DLV is going to be decommissioned. Advice to stop using it, and
put text in the example configuration and man page to that effect.
- Patch from Brad Smith that syncs compat/getentropy_linux with
OpenBSD's version (2015-03-04).
- 0x20 fallback improved: servfail responses do not count as missing
comparisons (except if all responses are errors), inability to find
nameservers does not fail equality comparisons, many nameservers does
not try to compare more than max-sent-count, parse failures start 0x20
fallback procedure.
- store caps_response with best response in case downgrade response
happens to be the last one.
- Document that incoming-num-tcp increase is good for large servers.
- Fix lintian warning in unbound-checkconf man page.
- Updated default keylength in unbound-control-setup to 3k.
- Fixup compile on cygwin, more portable openssl thread id.
- Use reallocarray for integer overflow protection.
- Fixed to add integer overflow checks on allocation (defense in depth).
- Fix segfault on user not found at startup.
- [bugzilla: 657 ] Fix that libunbound(3) recommends deprecated
CRYPTO_set_id_callback.
- If unknown trust anchor algorithm, and libressl is used, error
message encourages upgrade of the libressl package.
- rename ldns subdirectory to sldns to avoid name collision.
- [bugzilla: 660 ] Fix interface-automatic broken in the presence of
asymmetric routing.
- Libunbound skips dos-line-endings from etc/hosts.
- Fix crash in dnstap: Do not try to log TCP responses after timeout.
- Fix that get_option for cache-sizes does not print double newline.
- [bugzilla: 663 ] Fix that ssl handshake fails when using unix
socket because dh size is too small.
- [bugzilla: 664 ] libunbound python3 related fixes (from Tomas
Hozza); Use print_function also for Python2. libunbound examples:
produce sorted output. libunbound-Python: libldns is not used anymore.
Fix issue with Python 3 mapping of FILE* using file_py3.i from ldns.
- Fix leaked dns64prefix configuration string.
- Removed contrib/unbound_unixsock.diff, because it has been
integrated, use control-interface: /path in unbound.conf.
- Change syntax of particular validator error to be easier for
machine parse, swap rrset and ip adres info so it looks like:
validation failure <www.example.nl. TXT IN>: signature crypto failed
from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN>
- Fix that unparseable error responses are ratelimited.
- SOA negative TTL is capped at minimumttl in its rdata section.
- [bugzilla: 674 ] Do not free pointers given by getenv.
- [bugzilla: 677 ] Fix CNAME corresponding to a DNAME was checked
incorrectly and was therefore always synthesized.
And fix DNAME responses from cache that failed internal chain test.
- iana portlist update.
|
|
Fix build on SunOS.
Version 2.73
Fix crash at startup when an empty suffix is supplied to
--conf-dir, also trivial memory leak. Thanks to
Tomas Hozza for spotting this.
Remove floor of 4096 on advertised EDNS0 packet size when
DNSSEC in use, the original rationale for this has long gone.
Thanks to Anders Kaseorg for spotting this.
Use inotify for checking on updates to /etc/resolv.conf and
friends under Linux. This fixes race conditions when the files are
updated rapidly and saves CPU by noy polling. To build
a binary that runs on old Linux kernels without inotify,
use make COPTS=-DNO_INOTIFY
Fix breakage of --domain=<domain>,<subnet>,local - only reverse
queries were intercepted. THis appears to have been broken
since 2.69. Thanks to Josh Stone for finding the bug.
Eliminate IPv6 privacy addresses and deprecated addresses from
the answers given by --interface-name. Note that reverse queries
(ie looking for names, given addresses) are not affected.
Thanks to Michael Gorbach for the suggestion.
Fix crash in DNSSEC code with long RRs. Thanks to Marco Davids
for the bug report.
Add --ignore-address option. Ignore replies to A-record
queries which include the specified address. No error is
generated, dnsmasq simply continues to listen for another
reply. This is useful to defeat blocking strategies which
rely on quickly supplying a forged answer to a DNS
request for certain domains, before the correct answer can
arrive. Thanks to Glen Huang for the patch.
Revisit the part of DNSSEC validation which determines if an
unsigned answer is legit, or is in some part of the DNS
tree which should be signed. Dnsmasq now works from the
DNS root downward looking for the limit of signed
delegations, rather than working bottom up. This is
both more correct, and less likely to trip over broken
nameservers in the unsigned parts of the DNS tree
which don't respond well to DNSSEC queries.
Add --log-queries=extra option, which makes logs easier
to search automatically.
Add --min-cache-ttl option. I've resisted this for a long
time, on the grounds that disbelieving TTLs is never a
good idea, but I've been persuaded that there are
sometimes reasons to do it. (Step forward, GFW).
To avoid misuse, there's a hard limit on the TTL
floor of one hour. Thansk to RinSatsuki for the patch.
Cope with multiple interfaces with the same link-local
address. (IPv6 addresses are scoped, so this is allowed.)
Thanks to Cory Benfield for help with this.
Add --dhcp-hostsdir. This allows addition of new host
configurations to a running dnsmasq instance much more
cheaply than having dnsmasq re-read all its existing
configuration each time.
Don't reply to DHCPv6 SOLICIT messages if we're not
configured to do stateful DHCPv6. Thanks to Win King Wan
for the patch.
Fix broken DNSSEC validation of ECDSA signatures.
Add --dnssec-timestamp option, which provides an automatic
way to detect when the system time becomes valid after
boot on systems without an RTC, whilst allowing DNS
queries before the clock is valid so that NTP can run.
Thanks to Kevin Darbyshire-Bryant for developing this idea.
Add --tftp-no-fail option. Thanks to Stefan Tomanek for
the patch.
Fix crash caused by looking up servers.bind, CHAOS text
record, when more than about five --servers= lines are
in the dnsmasq config. This causes memory corruption
which causes a crash later. Thanks to Matt Coddington for
sterling work chasing this down.
Fix crash on receipt of certain malformed DNS requests.
Thanks to Nick Sampanis for spotting the problem.
Note that this is could allow the dnsmasq process's
memory to be read by an attacker under certain
circumstances, so it has a CVE, CVE-2015-3294
Fix crash in authoritative DNS code, if a .arpa zone
is declared as authoritative, and then a PTR query which
is not to be treated as authoritative arrived. Normally,
directly declaring .arpa zone as authoritative is not
done, so this crash wouldn't be seen. Instead the
relevant .arpa zone should be specified as a subnet
in the auth-zone declaration. Thanks to Johnny S. Lee
for the bugreport and initial patch.
Fix authoritative DNS code to correctly reply to NS
and SOA queries for .arpa zones for which we are
declared authoritative by means of a subnet in auth-zone.
Previously we provided correct answers to PTR queries
in such zones (including NS and SOA) but not direct
NS and SOA queries. Thanks to Johnny S. Lee for
pointing out the problem.
Fix logging of DHCPREPLY which should be suppressed
by quiet-dhcp6. Thanks to J. Pablo Abonia for
spotting the problem.
Try and handle net connections with broken fragmentation
that lose large UDP packets. If a server times out,
reduce the maximum UDP packet size field in the EDNS0
header to 1280 bytes. If it then answers, make that
change permanent.
Check IPv4-mapped IPv6 addresses when --stop-rebind
is active. Thanks to Jordan Milne for spotting this.
Allow DHCPv4 options T1 and T2 to be set using --dhcp-option.
Thanks to Kevin Benton for patches and work on this.
Fix code for DHCPCONFIRM DHCPv6 messages to confirm addresses
in the correct subnet, even of not in dynamic address
allocation range. Thanks to Steve Hirsch for spotting
the problem.
Add AddDhcpLease and DeleteDhcpLease DBus methods. Thanks
to Nicolas Cavallari for the patch.
Allow configuration of router advertisements without the
"on-link" bit set. Thanks to Neil Jerram for the patch.
Extend --bridge-interface to DHCPv6 and router
advertisements. Thanks to Neil Jerram for the patch.
|
|
|
|
|
|
libnice 0.1.13 (2015-04-28)
===========================
Fix build on non-Windows platforms that don't have getifaddrs()
Fix build regression on Windows
libnice 0.1.12 (2015-04-22)
===========================
Fix regression in SDP parser
Make examples work on Windows
Bug fixes on nicesrc
libnice 0.1.11 (2015-04-20)
===========================
API: nice_agent_set_local_credentials() for WebRTC
Nicesink: support GstBufferList
Better warnings on programming errors
Build fixes for Solaris and Windows
Bug and documentation fixes
|
|
Pkgsrc changes:
* adapt one patch to changes upstream.
* adapt PLIST to newly installed files.
* rename and adapt patch to Makefile.in.
Upstream changes:
1.3.5a - Released 27-May-2015
--------------------------------
- Bug 4055 - "error setting listen fd IPV6_TCLASS: Protocol not available" log
message.
- Bug 3944 - Session closed if active data transfer fails due to "Address
already in use" error.
- Bug 4068 - MaxClients directive doesn't work for <Anonymous> sessions.
- Bug 4069 - NLST -a shows / directory instead of the current directory.
- Bug 4063 - Unable to create directory on NFS/CIFS partition: Permission
denied.
- Bug 4073 - Polycom VOIP phones unable to use FTPS data transfers.
- Bug 4077 - ShaperLog not closed/reopened on SIGHUP, causing log rotation
problems.
- Bug 4079 - Invalid response encoding for SFTP space-available request.
- Bug 4083 - Using SQLDefaultHomedir with null home results in "No such user".
- Bug 4087 - mod_sftp does not handle "MaxLoginAttempts none" properly.
- Bug 4089 - mod_sftp does not allow multiple attempts using a given
authentication method.
- Bug 4090 - mod_wrap2_file does not support IPv6 addresses properly.
- Bug 4091 - Log "Operation not permitted" privs errors at NOTICE rather than
ERROR.
- Bug 4094 - Available space on file system using %f displays wrong value.
- Bug 4108 - SSL handshakes for data connections sometimes stall for 3-30
seconds.
- Bug 4109 - setsockopt() call for IPV6_TCLASS should use IPPROTO_IPV6.
- Bug 4112 - Failure to connect using mod_sftp sometimes due to too-small
buffers.
- Bug 4114 - mod_tls should not support SSLv3 by default.
- Bug 4116 - Report exact SSL/TLS protocol version used in client connections.
- Bug 4124 - DeleteAbortedStores defaults to "on" for all transfers, not just
HiddenStores.
- Bug 4129 - mod_sql caches incorrect UID/GID when name cannot be retrieved.
- Bug 4131 - mod_sftp's autoconf script does not detect OpenSSL SHA2 support.
- Bug 4133 - LDAPUsers directive does not honor uid-number-filter-template
parameter.
- Bug 4137 - GeoIPDenyFilter incorrectly takes precedence over GeoIPAllowFilter.
- Bug 4140 - SFTP READLINK requests to symlinks to directories fail.
- Bug 4143 - HTTPS/FTPS protocol confusion leads to XSS.
- Bug 4145 - Segfault if AuthUserFile is a relative symlink.
- Bug 4152 - Reduce logging of non-fatal "unable to open incoming connection"
errors.
- Bug 4155 - SSH keys with too-long Comment headers aren't recognized by
mod_sftp_sql.
- Bug 4156 - Segfault handling LIST/NLST FTP command on Mac OS X.
- Bug 4160 - Malformed response to SSH_FXP_REALPATH with SFTP version 6.
- Bug 4169 - Unauthenticated copying of files via SITE CPFR/CPTO allowed by
mod_copy.
- Bug 4178 - TLS session reuse requirement for data connections not properly
enforced.
1.3.5 - Released 15-May-2014
--------------------------------
- Bug 4018 - Implement checks for sensitive directories when chrooted.
- Bug 4022 - "Directory not empty" error when creating directory is misleading.
- Bug 4025 - <IfClass> sections do not work for multiple SQLLog directives.
- Bug 4029 - TLSOptions EnableDiags logs "unknown version (771)" for
TLS 1.1/1.2 connections.
- Bug 3938 - mod_wrap2 uses reverse DNS regardless "UseReverseDNS off".
- Bug 4032 - Restarting proftpd with mod_sftp fails due to permissions on
SFTPHostKey file.
- Bug 4033 - mod_sftp fails to create SSH2 session using 'none' cipher.
- Bug 4034 - SSH publickey authentication fails with "MaxLoginAttempts 1".
- Bug 4024 - TLS 1.1/1.2 configurable, but not properly implemented.
- Bug 4046 - ALLO command failed because of bad size check.
- Bug 4048 - Race condition in mod_ban can lead to segfault of all new
connections.
- Bug 4049 - mod_exec should include supplemental groups when running commands
as logged-in user.
- Bug 4042 - MIC command between RNFR and RNTO should not be rejected.
- Bug 4044 - mod_facl prevents a normal SIGHUP reload.
- Bug 4052 - Enhance SQLPasswordPBKDF2 to support per-user query for settings.
1.3.5rc4 - Released 28-Jan-2014
--------------------------------
- Bug 3945 - Spurious log messages at session close.
- Bug 3946 - Null pointer dereference causes segfault when logging
%{transfer-status}, %{transfer-failure} LogFormat variables on EXIT.
- Bug 3947 - LogFormat %f variable not resolved properly for SFTP renames.
- Bug 3950 - LogFormat %d/%D variables not resolved properly for directory
listings.
- Bug 3949 - RNFR/RNTO not logged as expected for SFTP EXTENDED
posix-rename@openssh.com requests.
- Bug 3948 - Support FTP response codes in ExtendedLog for SFTP data transfers.
- Bug 3858 - mod_delay allows too-large values, leading to client hang on
authentication.
- Bug 3951 - Null pointer dereference for mod_ldap logins when
LDAPDefaultAuthScheme not configured.
- Bug 3954 - scp downloads result in segfault.
- Bug 3957 - ProFTPD configuration with thousands of <Directory>/<Limit>
sections leads to slow logins.
- Bug 3959 - mod_sftp does not honor <Directory>/<Limit> sections when symlinks
are involved.
- Bug 3958 - Directory creation does not honor single-parameter Umask setting.
- Bug 3960 - Support the CAP_FSETID Linux capability, for preserving directory
SGID bit.
- Bug 3962 - Directory creation fails (chmod(2) EPERM) when root privs are used
in some cases.
- Bug 3955 - Support secure FXP (site-to-site) transfers using SSCN.
- Bug 3966 - LogFormat %f variable not resolved for some commands.
- Bug 3971 - Support SQLOption for ignoring client library config files when
needed.
- Bug 3972 - Authentication error on Cygwin due to bad code.
- Bug 3973 - mod_sftp can be forced to allocate too much memory for
keyboard-interactive authentication.
- Bug 3974 - PathDenyFilter directive does not work as expected for SFTP
sessions.
- Bug 3963 - Improve permission setting when creating directories.
- Bug 3975 - Error printed to stderr when loading GeoIP Lite country database
using IndexCache flag.
- Bug 3976 - ProFTPD terminating (signal 11) crash for GeoLiteCity-20130903
database lookup.
- Bug 3964 - Support running ExecOnEvent actions with logged-in user's
permissions.
- Bug 3979 - mod_sql_odbc compiler warnings on 64-bit systems using unixODBC.
- Bug 3952 - Make PersistentPasswd default to 'off'.
- Bug 3981 - Null pointer dereference in mod_exec with ExecOption useStdin.
- Bug 3982 - Normalize log messages and levels.
- Bug 3888 - Add LDAPLog directive to mod_ldap.
- Bug 3982 - Normalize log messages and levels.
- Bug 3986 - Support filesystems which do not support chmod(2)/chown(2),
e.g. FAT/ExFAT.
- Bug 3991 - SSL session caching modules use incorrect OpenSSL cache mode flags,
breaking session caching.
- Bug 3987 - LogFormat variable for just the filename.
- Bug 3965 - Timeout directives have inconsistent maximum values.
- Bug 3998 - Support IgnoreSCPUploadTimes SFTPOption.
- Bug 3995 - ftpasswd utility should prevent concurrent modification of files.
- Bug 3994 - ftpasswd utility should support --lock/--unlock options.
- Bug 3970 - ProFTPD should not use fd 2 (stderr) for files.
- Bug 3772 - Support Elliptic Curve Cryptography (ECC) certs for
FTPS connections.
- Bug 3992 - RSA signature issue when connecting using PuTTY/WinSCP.
- Bug 3996 - Handling ALLO command can result in wrong response when chrooted.
- Bug 3876 - ExecOnEvent should be configurable per <VirtualHost>/<Global>.
- Bug 4001 - mod_sftp fails key exchange for 8192-bit DH group.
- Bug 4002 - Add 7680-bit DH parameter to mod_sftp bundled dhparams.pem file.
A 3072-bit DH group was also added.
- Bug 4004 - IgnoreSCPUploadPerms SFTPOption not honored properly for SCP
directory upload.
- Bug 4006 - RADIUS "service-type" attribute encoded with wrong length on
64-bit system.
- Bug 4011 - NLST ../ shows current directory contents rather than parent
directory.
- Bug 4013 - SCP upload of shorter file does not completely overwrite existing
file of same name.
- Bug 4014 - CommandBufferSize should override PR_DEFAULT_CMD_BUFSZ.
1.3.5rc3 - Released 14-Jun-2013
--------------------------------
- Bug 3910 - Clang's scan-build warns on set[u][g]id unchecked return value.
- Bug 3914 - 1.3.5rc2 fails to build on Solaris 10.
- Bug 3917 - Make DeleteAbortedStores on by default when HiddenStores enabled.
- Bug 3918 - mod_sftp segfault after SIGHUP when evaluating client banner.
- Bug 3864 - Support SQL query to lookup/use primary key for logged-in
user/group.
- Bug 3920 - Support umac-64@openssh.com digest for mod_sftp.
- Bug 3921 - Single failed keyboard-interactive login attempt causes SSH
connection to close prematurely.
- Bug 3923 - mod_cap does not revoke root privileges properly for SFTP
connections.
- Bug 3926 - Support OpenSSH fsync SFTP extension.
- Bug 3925 - SFTP directory listings are sensitive to locale environment
variables.
- Bug 3924 - HideFiles does not filter symlinks.
- Bug 3929 - pam_session_close() requires root privs on some platforms.
- Bug 3932 - SQLAuthType Backend returns "password mismatch" for MySQL
PASSWORD().
- Bug 3934 - HideUser/HideGroup do not work as expected for virtual users.
- Bug 3935 - scp download of nonexistent file results in client hang.
- Bug 3927 - Default ControlsSocket created despite custom ControlsSocket path.
- Bug 3937 - Segfault when retrieving SSH public key from LDAP directory.
- Added new mod_snmp contrib module.
- Bug 3939 - Disable Controls for "ServerType inetd" servers.
- Bug 3942 - mod_sftp_sql should support multiple keys concatenated together
in a single column.
- Bug 3943 - Support for PBKDF2 passwords in mod_sql_passwd.
- Bug 3941 - RLimitProcesses causes problems with setuid/setreuid.
1.3.5rc2 - Released 06-Mar-2013
--------------------------------
- Bug 3859 - MLSD fails to show symlinks when ShowSymlinks is not configured.
- Bug 3860 - Add a default deny option for mod_geoip.
- Bug 3862 - Support for FTPS-specific MasqueradeAddress functionality. A
new TLSMasqueradeAddress directive has been added to mod_tls.
- Bug 3863 - mod_sftp does not handle MaxLoginAttempts properly.
- Bug 3865 - BanEngine not set in "server config" results in "mod_ban not
enabled" ftpdctl error.
- Bug 3866 - Issuing invalid 'ftpdctl ban' request causes segfault.
- Bug 3867 - ftpasswd fails with "Permission denied" when adding subsequent
passwd/group entries.
- Bug 3868 - Only first DH param in TLSDHParamFile is used, regardless of
requested keylength.
- Bug 3870 - Handling of OPTS command can lead to crash.
- Bug 3779 - Generate new DH parameters for mod_tls and mod_sftp.
- Bug 3871 - REALPATH SFTP request not properly handled by <Limit DIRS>
configuration.
- Bug 3872 - Use HiddenStores directive to customise suffix.
- Bug 3873 - Provide FTP response code in ExtendedLog for failed SFTP REMOVE
request.
- Bug 3869 - Use longer SSL session cache expiration by default.
- Bug 3874 - Use of O_EXCL flag on HiddenStores files might break for NFS
filesystems.
- Bug 3878 - QuotaExcludeFilter not honored for uploads when 'hard' limits are
used.
- Bug 3879 - Allow additional columns in SQLNamedQuery queries used for quota
limits and tallies.
- Bug 3882 - DisplayLogin with an absolute path does not work properly within
an <IfGroup> section.
- Added new mod_log_forensic contrib module.
- Bug 3881 - <Directory> sections within <IfGroup> sections not applied as
expected.
- Bug 3884 - Configure script not detecting MySQL make_scrambled_password
functions.
- Bug 3887 - <Limit ALL> erroneously blocks the PROT command used for FTPS.
- Bug 3819 - Second and subsequent LIST of directory with many files is very
slow.
- Bug 3889 - Support millisecond timestamp LogFormat variable.
- Bug 3891 - Allow TLSProtocol directive in <VirtualHost> and <Global> sections.
- Bug 3753 - Support SFTP request names in <Limit> sections better.
- Bug 3892 - mod_auth_file should have strict permission checks of configured
files.
- Bug 3893 - Add SQLLogOnEvent directive, for performing SQL query on
configurable event.
- Bug 3894 - ftptop doesn't work with --enable-nls.
- Bug 3895 - Missing TransferLog entry under some out-of-space conditions.
- Bug 3897 - mod_sftp does not handle a REALPATH request properly for SFTP
protocol version 6.
- Bug 3896 - Warn when world-writable config files are used.
- Bug 3899 - Support authentication of users based on SSL/TLS client
certificate.
- Bug 3903 - With mod_log_forensic enabled, SSH connections fail randomly.
- Bug 3905 - Handle the Linux-specific PAM_RADIO_TYPE message properly.
- Bug 3709 - Support download-triggered emails in the ftpmail script.
- Bug 3904 - scp downloads using glob pattern sometimes fails.
- Bug 3900 - ProFTPD terminating (signal 11) on some sftp connections.
- Bug 3906 - Support ban rule for clients which perform SSL/TLS handshakes too
frequently.
1.3.5rc1 - Released 04-Jan-2013
--------------------------------
- Bug 3712 - mod_wrap2/mod_load build errors: missing config.h.
- Bug 3713 - mod_tls cannot be compiled using Openssl 0.9.6.
- Bug 3646 - Debug logging to stderr should include timestamps and PID.
- Bug 3714 - ftpwho/ftptop are not showing command arguments (e.g. downloaded
file name).
- Bug 3715 - MLSD/MLST fail when "DirFakeUser off" or "DirFakeGroup off" used.
- Bug 3717 - proftpd fails to run with "Abort trap" error message.
- Bug 3719 - LIST -R can loop endlessly if bad directory symlink exists.
- Bug 3720 - Various module logfile permissions are 0600 instead of 0640.
- Bug 3723 - mod_memcache segfault on server restart.
- Bug 3721 - mod_rewrite does not replace characters if there are more than
8 occurrences. To handle this situation, a new RewriteMaxReplace directive
has been added for configuring this limit.
- Bug 3724 - Unloading mod_quotatab causes segfault.
- Bug 3686 - Support SHA2 digests in mod_sftp. See the SFTPDigests directive
documentation for more information.
- Bug 3629 - Support <IfAuthenticated> conditional config section.
- Bug 3682 - Configure does not detect libiconv under Gentoo FreeBSD.
- Bug 3726 - mod_exec does not always capture stdout/stderr output from
executed command.
- Bug 3727 - mod_wrap2 causes unexpected LogFormat %u expansion for SFTP
connections.
- Bug 3729 - mod_ldap can segfault when LDAPUsers is used with no optional
filters.
- Bug 3728 - Build failure in wtmp.c on Gentoo/FreeBSD on sparc.
- Bug 3734 - DirFakeUser/DirFakeGroup off with name causes SIGSEGV for
MLSD/MLST commands.
- Bug 3739 - Allow for configurable SSH version identifiers in mod_sftp. The
SSH version identifier can now be configured for mod_sftp via the
ServerIdent directive.
- Bug 3718 - ftptop fails to build on OpenSUSE.
- Bug 3699 - ProFTPD crash on start up on Mac OSX Lion with NLS enabled.
- Bug 3744 - Support ls(1) -1 option for LIST command.
- Bug 3746 - Support applying ListOptions only to NLST or to LIST commands.
- Bug 3747 - Support option for displaying symlinks via MLSD using syntax
preferred by FileZilla. The new FactsOptions directive can be used for
this purpose.
- Bug 3745 - Reject PASV command if no IPv4 address available.
- Bug 3701 - Modify ScoreboardFile directive to support disabling scoreboarding.
- Bug 3742 - Improper handling of self-signed certificate in client-sent cert
list when "TLSVerifyClient on" is used.
- Bug 3749 - Compile of src/netacl.c fails on Tru64 UNIX (OSF/1) due to
conflict with system header.
- Bug 3743 - Random stalls/segfaults seen when transferring large files
via SFTP.
- Bug 3752 - proftpd process exit status is zero for "Failed binding to
address, port N: Address already in use" startup failure.
- Bug 3751 - mod_ban does not close/reopen the BanLog/BanTable file descriptors
on restart, causing a file descriptor leak.
- Bug 3707 - Add request/transfer ID to the logging of the initial and closing
commands for SFTP file transfers. This can now be accomplished using a
LogFormat variable of '%{note:sftp.file-handle}'.
- Bug 3757 - Support SFTPOption for ignoring requests to modify file ownership.
- Bug 3756 - mod_ctrls no longer listens on ControlsSocket after restart.
- Bug 3731 - Support active data transfers while RootRevoke is in effect.
- Bug 3737 - Allow UTF8 when UseEncoding is used.
- Bug 3573 - Support Elliptic Curve Cryptography (ECC) in SSH.
- Bug 3758 - ProFTPD crashes when handling mod_gss authentication due to null
pointer.
- Ability to load SSH host keys from an SSH agent, in addition to files on
disk. See doc/contrib/mod_sftp.html#SFTPHostKey for more information.
- Bug 3761 - SSH2 key exchange fails if client sends certain SSH message before
NEWKEYS.
- Bug 3763 - Ensure that mod_sftp operates properly when OpenSSL FIPS mode is
enabled.
- Bug 3764 - mod_sftp does not correctly handle a 'guess' KEX message when the
client guesses correctly.
- Bug 3765 - mod_sftp should honor the GroupOwner directive for MKDIR requests.
- Bug 3626 - Display variable %f off by a factor of 1024 on 64-bit platforms.
- Bug 3673 - Support date/timestamp variables in mod_rewrite.
- Bug 3754 - ProFTPD refuses to delete/rename a symlink pointing outside a
writable directory.
- Bug 3766 - Support a QuotaDefault directive, for configuring default limits.
- Bug 3767 - mod_rewrite segfault when handling SITE CHGRP without a parameter.
- Bug 3768 - ExecTimeout 0 (zero) not treated as infinite.
- Added new mod_geoip contrib module.
- Bug 3769 - Ensure that encoded strings are NUL-terminated.
- Bug 3732 - AIX build error: undefined symbol: .alloca.
- Bug 3782 - SQLShowInfo does not work properly for error responses.
- Bug 3780 - AIX gives "error setting listen fd IP_TOS: Invalid argument".
- Bug 3736 - Trying to re-authenticate an existing FTP connection causes invalid
503 response.
- Bug 3785 - Support resolution of tilde (~) within a chrooted session.
- Bug 3787 - Read-only SFTP OPEN request permissions not properly ignored.
- Bug 3740 - Overwrite permission denied when reloading multiple times and
multiple <VirtualHost> sections in proftpd.conf.
- Bug 3791 - Invalid handling of SCP control messages fragmented over multiple
SSH packets.
- Bug 3794 - Cygwin build failure in lib/tpl.c due to wrong include of mman.h.
- Bug 3795 - ProFTPD needs to use -pthread linker option if linking against
OpenSSL with thread support.
- Bug 3790 - Logfile timestamps change to GMT after MFMT command.
- Bug 3798 - Downloading nonexistent file via SCP results in timeout rather
than error.
- Bug 3800 - Multiple *Options directives should be handled properly.
- Bug 3801 - mod_tls should have directive like Apache mod_ssl's
SSLHonorCipherOrder. The mod_tls module now supports a
TLSServerCipherPreference directive.
- Bug 3804 - ioctl(RPROTDIS) code no longer needed on Solaris 11.
- Bug 3808 - Segfault in mod_tls when mod_tls_shmcache used.
- Bug 3809 - Segfaults in mod_radius when configured with RadiusGroupInfo.
- Bug 3811 - ExtendedLog entries not written if MaxClients limit reached.
- Bug 3814 - Support "configtest" command for contrib init.d script.
- Bug 3816 - Installation of ftpasswd does not honor DESTDIR environment
variable.
- Bug 3813 - Ability to use CreateHome to create parent directories as
non-root user, for better interoperability with NFS.
- Bug 3806 - Support reverse DNS resolution for IPv6 addresses when
gethostbyname2(3) is not available.
- Bug 3820 - Support device/interface names in <VirtualHost>, MasqueradeAddress,
and DefaultAddress.
- Bug 3822 - Resolving %U/%u LogFormat variables inconsistent between
mod_log/mod_sql in certain cases.
- Bug 3824 - Use RFC compliant address/port for data transfer if FTP client has
not sent PORT/PASV/EPRT/EPSV commands.
- Bug 3825 - Handle RFC 1918 IP addresses in PORT/EPRT commands.
- Bug 3827 - Use non-filesystem based SFTP handle generator instead of
mktemp(3).
- Bug 3828 - Certain sequences of FTP data transfer commands lead to NULL
pointer dereferences in mod_deflate.
- Bug 3830 - MFF/MFMT command segfaults due to insufficient parameter checks.
- Bug 3829 - RNFR without following RNTO can lead to NULL pointer dereference.
- Bug 3832 - Support disabling of system logging on per-connection basis.
- Bug 3792 - Recursive SCP uploads using preserve-time (-p) option may not work.
- Bug 3831 - Sporadic "451 Insufficient memory or file locked" failure when
downloading.
- Bug 3833 - Enable TCP keepalive by default, with configurable SocketOption.
- Bug 3837 - mod_tls unable to read certificate files after SIGHUP.
- Bug 3842 - Incorrect handling of REALPATH requests for symlink paths in
mod_sftp.
- Bug 3843 - ProFTPD should not fail when starting up due to loading same
module multiple times.
- Bug 3845 - mod_sftp does not provide response codes for %s LogFormat variable
for AUTH ExtendedLog.
- Bug 3846 - Avoid scanning ScoreboardFile needlessly on login if limits are
not configured.
- Bug 3850 - ftpasswd should support generating SHA-256, SHA-512 hashes where
possible.
- Bug 3851 - SFTPPassPhraseProvider fails due to incorrect pointer.
- Bug 3852 - Support directive for ignoring symlink DefaultRoot directories.
See the new AllowChrootSymlinks directive.
- Bug 3839 - Enhance mod_cap to support dropping root privs entirely.
- Bug 3841 - Possible symlink race when applying UserOwner to newly created
directory.
- Bug 3855 - Restarting proftpd may cause Include files not to be parsed.
|
|
BPALogin is a replacement for the Telstra supplied client for connecting
and using Telstra's Big Pond Advance powered by Cable.
There is an open bug against it, http://gnats.netbsd.org/24771, which
suggests that it has been obsolete for a long time.
|
|
{perl>=5.16.6,p5-ExtUtils-ParseXS>=3.15}:../../devel/p5-ExtUtils-ParseXS
since pkgsrc enforces the newest perl version anyway, so they
should always pick perl, but sometimes (pkg_add) don't due to the
design of the {,} syntax.
No effective change for the above reason.
Ok joerg
|
|
the package explicitly claims to support Linux, so add that too.
|
|
build out of the box but should require only minor attention.
|
|
the box, but should only require minor attention. This way they stand
some chance of getting it.
|
|
depends on tunneling interfaces and such, so porting isn't entirely
trivial; but most remaining pkgsrc platforms are like one it already
supports.
|
|
Solaris, so enable that; and if it works on NetBSD and Dragonfly with
a single "bsd" setting we can reasonably assume that it will work on
FreeBSD and OpenBSD (and MirBSD and Bitrig) with only minor
adjustments.
These probably won't all quite work out of the box yet, but that's
what bulk runs are for.
|
|
update the list from the package's own build system (taken from
common/Imakefile) - this adds FreeBSD, and also OSF1 and IRIX.
Probably porting this package requires nothing besides flogging imake.
|
|
underapproximation (doesn't match some of the newer variants) and
possibly an overapproxmation (matches "GNUkFreeBSD", which most likely
won't work)... write it out instead. Also, this way if we ever get
canned infrastructure support for this list, grep will find this case.
|
|
logic that decides whether to use -lcrypto. These need to stay the same
to avoid the possibility of getting a silent dependence on a (possibly
very old) builtin openssl. Of course, all it uses -lcrypto for is MD5,
but still...
PKGREVISION -> 1.
XXX: this probably shouldn't be using MD5 anyway :-/
|
|
particularly BSD-specific. It might not build on vintage SVR3 but we
probably don't care... and it will probably need minor patching on
Solaris and Linux but we can do that.
|
