| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
* Install the "radcrypt" program.
* Enable radclient to send requests containing MS-CHAPv1 Send packets with:
MS-CHAP-Password = "password". It will be automatically converted to the
correct MS-CHAP attributes.
* Added "-t" command-line option to radtest. You can use "-t pap", "-t chap",
"-t mschap", or "-t eap-md5". The default is "-t pap"
* Make the "inner-tunnel" virtual server listen on 127.0.0.1:18120 This change
and the previous one makes PEAP testing much easier.
* Added more documentation and examples for the "passwd" module.
* Added dictionaries for RFC 5607 and RFC 5904.
* Added note in proxy.conf that we recommend setting
"require_message_authenticator = yes" for all home servers.
* Added example of second "files" configuration, with documentation.
This shows how and where to use two instances of a module.
* Updated radsniff to have it write pcap files, too. See '-w'.
* Print out large WARNING message if we send an Access-Challenge for EAP, and
receive no follow-up messages from the client.
* Added Cached-Session-Policy for EAP session resumption. See raddb/eap.conf.
* Added support for TLS-Cert-* attributes. For details, see
raddb/sites-available/default, "post-auth" section.
* Added sample raddb/modules/{opendirectory,dynamic_clients}
* Updated Cisco and Huawei, HP, Redback, and ERX dictionaries.
* Added RFCs 5607, 5904, and 5997.
* For EAP-TLS, client certificates can now be validated using an external
command. See eap.conf, "validate" subsection of "tls".
* Made rlm_pap aware of {nthash} prefix, for compatibility with legacy RADIUS
systems.
* Add Module-Failure-Message for mschap module (ntlm_auth)
* Made rlm_sql_sqlite database configurable. Use "filename" in sql{} section.
* Added %{tolower: ...string ... }, which returns the lowercase version of the
string. Also added %{toupper: ... } for uppercase.
* Bug fixes.
|
|
Bug fixes: Fix crash (memcpy with length -1) when invalid Tunnel-Password
attributes are received.
|
|
|
|
Changelog:
Version 1.0.29:
* Fixed corruption when downloading files larger than 4 Gb on a 32-bits arch.
* Fixed error on exit on Linux.
* Downloading should be slightly faster.
Version 1.0.28:
* When —autorename is enabled, an upload script will now get the final file name instead of the original one.
* The ALLO command now checks for the actual disk space in addition to the virtual quota.
* ABOR on OSX has been fixed.
* Fixed the virtual quota computation after an atomic upload has been resumed.
* Fixed AUTH_ENCRYPTED.
* A workaround against spurious disconnections with ncftp has been implemented.
|
|
4.5.2
translation updates, performance and stability improvements and other
bugfixes.
4.5.0
new versions of the Plasma Workspaces, the KDE Applications and the KDE
Development Platform in version 4.5.0. While focus within this release
cycle lay on stability, the overall polish and performance gain is well
noticable. Features such as the reworked notification area, Marble's map
routing and support for WebKit in Konqueror round up this release.
|
|
|
|
- use prctl(2) to set process name [Cameron]
- add --version option [Cameron]
- remove superfluous sigset [Cameron/Gono]
- default options file to not require MPPE (#166394) [Howarth]
- add PROTOCOL-SECURITY discussion [Cameron/Mueller]
Fixes old PR pkg/38038
|
|
* Replaced IO subsystem with wandio abstraction
* IO / compression / decompression is now performed in a separate thread, resulting in improved performance
* Modular design makes it easy to add support for new compression formats
* Added native support for reading and writing bzip files
* Added native support for writing lzo files
* JITing of BPF bytecode using LLVM, leading to faster BPF filtering
* Added enums for post-IP protocols and Ethertypes
* Write support added for DAG cards - thanks to Daniel Lawson
* Added new trace tool: tracetop. Shows the top N flows each second
* Added new trace tool: tracereplay. Attempts to replay trace files in trace time
* Added new trace tool: tracediff. Displays packets that differ between two trace files
* Added trace_get_timespec() function
* If the format is not specified as part of the URI, libtrace can now attempt to guess the trace format
* Libpacketdump can now decode CHDLC and PPP/HDLC headers
* Added all the code examples from the libtrace tutorial to the examples directory
Bug Fixes:
* Fixed bug where packets read from a DAG card that did not match the filter were causing lengthy sleep events under the event API
* Fixed various tools that were not reporting the occurrence of a read error
* Fixed segfault caused by malformed URIs
* Fixed bug where reading a zero-length payload from a PCAP trace would result in an EOF being incorrectly reported
* Fixed bug where filtered packet count was not initialised to zero
* trace_get_payload_from_ip() now returns NULL when the IP version is incorrect rather than asserting
* Fixed segfault when writing packets to a Linux native socket, caused by byte ordering issue
* Fixed bug where custom pcap event function was not being used
* Fixed misplaced assertion in the pcap file reading code
* Fixed bug where trace_event would never get a packet event under recent versions of libpcap
* Fixed assertion failure when an unknown linktype is encountered by libpacketdump
* Fixed error caused by LCP packets that are common in some trace sets, e.g. Leipzig
* Increased size of RT packet buffer to fix problems caused by jumbograms
* Fixed errors caused by 32- and 64-bit incompatibility when sending Linux Native packets using the RT protocol
* trace_get_*_port() functions now always return 0 for ICMP packets
* Fixed problems with decoding HDLC and CHDLC headers
* Fixed segfault when reading PCAP packets that had no packet content
* Fixed bug where PCAP packets would be written with a larger capture length than the wire length
* Fixed segfault in the TCP segment report in tracereport caused by segments larger than 1500 bytes
* Fixed bug with restarting a PCAP trace file
* Fixed bugs relating to the size of the TSH packet records
* Fixed bug where we were not accounting for the FCS in legacy Ethernet captures
* Fixed bug where libpacketdump could not decode Linux SLL properly due to using an "undefined" function
* Fixed bug where libpacketdump was not skipping IP options before attempting to decode the next header
* Fixed bug where padding was being treated as part of a truncated header
* Fixed assertion when converting a packet with a corrupt wire length to PCAP
* More fixes for missing #includes
Improvements:
* trace_get_source_address() and trace_get_destination_address() now return link layer addresses in the absence of an IP header wherever possible
* trace_get_<protocol> short-cut functions now return NULL if the entire header (minus options) is not present in the packet
* Added missing set_capture_length() functionality for Linux Native
* traceanon can now write compressed traces
* traceanon now replaces checksums with zeroes
* traceanon, tracesplit and tracemerge now support all libtrace compression types for output
* tracereport no longer does the flow report by default
* Added support for new ERF types
* Added linktype for Experimental Ethernet
* Added --count option to tracereport
* Added --merge-inputs option to tracertstats
* Added support for ARPHRD_NONE
* Added a libpacketdump decoder for ubiquity headers
* Improved libpacketdump's method of searching for decoders
* More efficient arrangement of internal structures
* Tidied up exported symbols
* General code maintenance
* Tidied up manpages
* Improved documentation
|
|
Changelog:
* Set a minimum size for column widths in directory lists and transfer queue
* Fix build-time check for system TinyXML
* Correctly handle symbolic links pointing to files in search dialog
* Fix crash in options initialization
|
|
|
|
change: fix free on error of uninitialized IOR components
|
|
changes:
-fixes for gobject-introspection (not in pkgsrc yet)
-Fixed a few small leaks
|
|
This is pulled in early because it fixes a serious problem with servers
providing both IPv4 and v6: previous versions tried only the first
address returned by DNS, whether the box has connectivity or not.
Should fix problems with webkit in particular, as also reported by
Pouya D. Tafti.
|
|
|
|
|
|
|
|
AuthSub is Google's method of authentication for their web services.
It is also used by other web sites.
This package contains a perl module to interact with such sites.
|
|
Changes in 2.1.4
~~~~~~~~~~~~~~~~
* FIX: afpd: Downstream fix for FreeBSD PR 148022
* FIX: afpd: Fixes for bugs 3074077 and 3074078
* FIX: afpd: Better handling of symlinks in combination with ACLs and EAs.
Fixes bug 3074076.
* FIX: dbd: Adding a file with the CNID from it's adouble file did
not work in case that CNID was alread occupied in the database
* FIX: macusers: add support for Solaris
* NEW: cnid_metad: use a PID lockfile
* NEW: afpd: prevent log flooding
* UPD: dbd: ignore ".zfs" snapshot directories
* UPD: dbd: support interrupting -re mode
Does not fix pkg/43953, unfortunately.
|
|
Version 2.2.16
September 28, 2010
Changes:
* Add support for webm_480p, webm_720p [youtube]
* Thanks to Mark Weaver for the patch, <http://is.gd/fmwv5>
* Misc. minor tweaks in manual (e.g. URLs, etc.)
* Migrate issue tracking from Googlecode to Sourceforge, <http://is.gd/fmylF>
|
|
--- 4.1.1 2010/10/05
Fix yaz-config output: echo_source not set correctly by configure.
--- 4.1.0 2010/10/05
SOLR WebService support for yaz-client and ZOOM.
Define record syntax JSON. OID: 1.2.840.10003.5.1000.81.3 .
|
|
2010-01-13 Bob Halley <halley@dnspython.org>
* dns/dnssec.py: Added RSASHA256 and RSASHA512 codepoints; added
other missing codepoints to _algorithm_by_text.
2010-01-12 Bob Halley <halley@dnspython.org>
* Escapes in masterfiles now work correctly. Previously they were
only working correctly when the text involved was part of a domain
name.
* dns/tokenizer.py: The tokenizer's get() method now returns Token
objects, not (type, text) tuples.
2009-11-13 Bob Halley <halley@dnspython.org>
* Support has been added for hmac-sha1, hmac-sha224, hmac-sha256,
hmac-sha384 and hmac-sha512. Thanks to Kevin Chen for a
thoughtful, high quality patch.
* dns/update.py (Update::present): A zero TTL was not added if
present() was called with a single rdata, causing _add() to be
unhappy. Thanks to Eugene Kim for reporting the problem and
submitting a patch.
* dns/entropy.py: Use os.urandom() if present. Don't seed until
someone wants randomness.
2009-09-16 Bob Halley <halley@dnspython.org>
* dns/entropy.py: The entropy module needs locking in order to be
used safely in a multithreaded environment. Thanks to Beda Kosata
for reporting the problem.
2009-07-27 Bob Halley <halley@dnspython.org>
* dns/query.py (xfr): The socket was not set to nonblocking mode.
Thanks to Erik Romijn for reporting this problem.
2009-07-23 Bob Halley <halley@dnspython.org>
* dns/rdtypes/IN/SRV.py (SRV._cmp): SRV records were compared
incorrectly due to a cut-and-paste error. Thanks to Tommie
Gannert for reporting this bug.
* dns/e164.py (query): The resolver parameter was not used.
Thanks to Matías Bellone for reporting this bug.
2009-06-23 Bob Halley <halley@dnspython.org>
* dns/entropy.py (EntropyPool.__init__): open /dev/random unbuffered;
there's no need to consume more randomness than we need. Thanks
to Brian Wellington for the patch.
|
|
* fixed faulty optimization
* fixed failing query method
* Merge remote branch 'mrflip/master'
|
|
|
|
- Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The Penetration Test Team of NCNIPC (China) discovered that
the ASN.1 BER dissector was susceptible to a stack overflow.
(Bug 5230)
[A patch for this bug was already in version 1.4.0 in "pkgsrc".]
- The following bugs have been fixed:
o Incorrect behavior using sorting in the packet list. (Bug
2225)
o Cooked-capture dissector should omit the source address field
if empty. (Bug 2519)
o MySQL dissector doesn't dissect MySQL stream. (Bug 2691)
o Wireshark crashes if active display filter macro is renamed.
(Bug 5002)
o Incorrect dissection of MAP V2 PRN_ACK. (Bug 5076)
o TCP bytes_in_flight becomes inflated with lost packets. (Bug
5132)
o GTP header is exported in PDML with an incorrect size. (Bug
5162)
o Packet list hidden columns will not be parsed correctly from
preferences file. (Bug 5163)
o Wireshark does not display the t.38 graph. (Bug 5165)
o Wireshark don't show mgcp calls in "Telephony → VoIP calls".
(Bug 5167)
o Wireshark 1.4.0 & VoIP calls "Prepare Filter" problem. (Bug
5172)
o GTPv2: IMSI is decoded improperly. (Bug 5179)
o [NAS EPS] EPS Quality of Service IE decoding is wrong. (Bug
5186)
o Wireshark mistakenly writes "not all data available" for IPv4
checksum. (Bug 5194)
o GSM: Cell Channel Description, range 1024 format. (Bug 5214)
o Wrong SDP interpretation on VoIP call flow chart. (Bug 5220)
o The CLDAP attribute value on a CLDAP reply is no longer being
decoded. (Bug 5239)
o [NAS EPS] Traffic Flow Template IE dissection bugs. (Bug 5243)
o [NAS EPS] Use Request Type IE defined in 3GPP 24.008. (Bug
5246)
o NTLMSSP_AUTH domain and username truncated to first letter
with IE8/Windows7 (generating the NTLM packet). (Bug 5251)
o IPv6 RH0: dest addr is to be used i.s.o. last RH address when
0 segments remain. (Bug 5252)
o EIGRP dissection error in Flags field in external route TLVs.
(Bug 5261)
o MRP packet is not correctly parsed in PROFINET multiple write
record request. (Bug 5267)
o MySQL Enhancement: support of Show Fields and bug fix. (Bug
5271)
o [NAS EPS] Fix TFT decoding when having several Packet Filters
defined. (Bug 5274)
o Crash if using ssl.debug.file with no password for
ssl.keys_list. (Bug 5277)
- Updated Protocol Support
ASN.1 BER, ASN.1 PER, EIGRP, GSM A RR, GSM Management, GSM MAP,
GTP, GTPv2, ICMPv6, Interlink, IPv4, IPv6, IPX, LDAP, LLC, MySQL,
NAS EPS, NTLMSSP, PN-IO, PPP, RPC, SDP, SLL, SSL, TCP
Approved by Alistair Crooks.
|
|
|
|
|
|
|
|
No need to build in subdir and failed in intl subdirectory, because
some @XXXX@ are not replaced, syntax error for recent gmake.
|
|
|
|
New Features
* Zones may be dynamically added and removed with the "rndc addzone"
and "rndc delzone" commands. These dynamically added zones are
written to a per-view configuration file. Do not rely on the
configuration file name nor contents as this will change in a
future release. This is an experimental feature at this time.
* Added new "filter-aaaa-on-v4" access control list to select which
IPv4 clients have AAAA record filtering applied.
* A new command "rndc secroots" was added to dump a combined summary
of the currently managed keys combined with statically configured
trust anchors.
* Added support to load new keys into managed zones without signing
immediately with "rndc loadkeys". Added support to link keys with
"dnssec-keygen -S" and "dnssec-settime -S".
Changes
* Documentation improvements
* ORCHID prefixes were removed from the automatic empty zone list.
* Improved handling of GSSAPI security contexts. Specifically, better
memory management of cached contexts, limited lifetime of a context
to 1 hour, and added a "realm" command to nsupdate to allow
selection of a non-default realm name.
* The contributed tool "ztk" was updated to version 1.0.
Security Fixes
* If BIND, acting as a DNSSEC validating server, has two or more
trust anchors configured in named.conf for the same zone (such as
example.com) and the response for a record in that zone from the
authoritative server includes a bad signature, the validating
server will crash while trying to validate that query.
* A flaw where the wrong ACL was applied was fixed. This flaw allowed
access to a cache via recursion even though the ACL disallowed it.
Bug Fixes
* Removed a warning message when running BIND 9 under Windows for
when a TCP connection was aborted. This is a common occurrence and
the warning was extraneous.
* Worked around a race condition in the cache database memory
handling. Without this fix a DNS cache DB or ADB could incorrectly
stay in an over memory state, effectively refusing further caching,
which subsequently made a BIND 9 caching server unworkable.
* Partially disabled change 2864 because it would cause infinite
attempts of RRSIG queries.
* BIND did not properly handle non-cacheable negative responses from
insecure zones. This caused several non-protocol-compliant zones to
become unresolvable. BIND is now more accepting of responses it
receives from less strict servers.
* A bug, introduced in BIND 9.7.2, caused named to fail to start if a
master zone file was unreadable or missing. This has been corrected
in 9.7.2-P1.
* BIND previously accepted answers from authoritative servers that
did not provide a "proper" response, such as not setting AA bit.
BIND was changed to be more strict in what it accepted but this
caused operational issues. This new strictness has been backed out
in 9.7.2-P1.
|
|
PR#43924.
|
|
|
|
rest part of PR#43921.
|
|
|
|
a part of PR#43921.
|
|
|
|
|
|
|
|
and locally defined functions of the same name.
Patch supplied by Sverre Froyen in private e-mail.
|
|
* remove adding PYTHON=${PYTHONBIN} to CONFIGURE_ENV, it alredy in ALL_ENV.
* remove pre-install target, because no need, broke destdir installation
* some cosmetic fixes.
|
|
- The following bugs have been fixed:
- Update time display in background. (Bug 1275)
- Tshark returns 0 even with an invalid interface or capture
filter. (Bug 4735)
- The following features are new (or have been significantly
updated) since version 1.2:
- The packet list internals have been rewritten and are now more
efficient.
- Columns are easier to use. You can add a protocol field as a
column by right-clicking on its packet detail item, and you
can adjust some column preferences by right-clicking the
column header.
- Preliminary Python scripting support has been added.
- Many memory leaks have been fixed.
- Packets can now be ignored (excluded from dissection), similar
to the way they can be marked.
- Manual IP address resolution is now supported.
- Columns with seconds can now be displayed as hours, minutes
and seconds.
- You can now set the capture buffer size on UNIX and Linux if
you have libpcap 1.0.0 or greater.
- TShark no longer needs elevated privileges on UNIX or Linux to
list interfaces. Only dumpcap requires privileges now.
- Wireshark and TShark can enable 802.11 monitor mode directly
if you have libpcap 1.0.0 or greater.
- You can play RTP streams directly from the RTP Analysis
window.
- Capinfos and editcap now respectively support time order
checking and forcing.
- Wireshark now has a "jump to timestamp" command-line option.
- You can open JPEG files directly in Wireshark.
- New Protocol Support
3GPP Nb Interface RTP Multiplex, Access Node Control Protocol,
Apple Network-MIDI Session Protocol, ARUBA encapsulated remote
mirroring, Assa Abloy R3, Asynchronous Transfer Mode, B.A.T.M.A.N.
Advanced Protocol, Bluetooth AMP Packet, Bluetooth OBEX, Bundle
Protocol, CIP Class Generic, CIP Connection Configuration Object,
CIP Connection Manager, CIP Message Router, collectd network data,
Control And Provisioning of Wireless Access Points, Controller
Area Network, Device Level Ring, DOCSIS Bonded Initial Ranging
Message, Dropbox LAN sync Discovery Protocol, Dropbox LAN sync
Protocol, DTN TCP Convergence Layer Protocol, EtherCAT Switch
Link, Fibre Channel Delimiters, File Replication Service DFS-R,
Gateway Load Balancing Protocol, Gigamon Header, GigE Vision
Control Protocol, Git Smart Protocol, GSM over IP ip.access CCM
sub-protocol, GSM over IP protocol as used by ip.access, GSM
Radiotap, HI2Operations, Host Identity Protocol, HP encapsulated
remote mirroring, HP NIC Teaming Heartbeat, IEC61850 Sampled
Values, IEEE 1722 Protocol, InfiniBand Link, Interlink Protocol,
IPv6 over IEEE 802.15.4, ISO 10035-1 OSI Connectionless
Association Control Service, ISO 9548-1 OSI Connectionless Session
Protocol, ISO 9576-1 OSI Connectionless Presentation Protocol,
ITU-T Q.708 ISPC Analysis, Juniper Packet Mirror, Licklider
Transmission Protocol, MPLS PW ATM AAL5 CPCS-SDU mode
encapsulation, MPLS PW ATM Cell Header, MPLS PW ATM Control Word,
MPLS PW ATM N-to-One encapsulation, no CW, MPLS PW ATM N-to-One
encapsulation, with CW, MPLS PW ATM One-to-One or AAL5 PDU
encapsulation, Multiple Stream Reservation Protocol, NetPerfMeter
Protocol, NetScaler Trace, NexusWare C7 MTP, NSN FLIP, OMRON FINS
Protocol, packetbb Protocol, Peer Network Resolution Protocol,
PKIX Attribute Certificate, Pseudowire Padding, Server/Application
State Protocol, Solaris IPNET, TN3270 Protocol, TN5250 Protocol,
TRILL, Twisted Banana, UMTS FP Hint, UMTS MAC, UMTS Metadata, UMTS
RLC, USB HID, USB HUB, UTRAN Iuh interface HNBAP signalling, UTRAN
Iuh interface RUA signalling, V5.2, Vendor Specific Control
Protocol, Vendor Specific Network Protocol, VMware Lab Manager,
VXI-11 Asynchronous Abort, VXI-11 Core Protocol, VXI-11 Interrupt,
X.411 Message Access Service, ZigBee Cluster Library
- Updated Protocol Support
There are too many to list here.
- New and Updated Capture File Support
Accellent 5Views, ASN.1 Basic Encoding Rules, Catapult DCT2000,
Daintree SNA, Endace ERF, EyeSDN, Gammu DCT3 trace, IBM iSeries,
JPEG/JFIF, libpcap, Lucent/Ascend access server trace, NetScaler,
PacketLogger, pcapng, Shomiti/Finisar Surveyor, Sun snoop, Symbian
OS btsnoop, Visual Networks
Pkgsrc changes:
A fix for the security vulnerability reported in SA41535 has been
integrated from the Wireshark SVN repository.
|
|
Changelog:
NEW FEATURES
ISC DHCP 4.1.x includes several new DHCPv6 features that were not included
in DHCP 4.0.x. These include:
- Support for the rapid-commit option on the client side
- Prefix Delegation support
- IA_TA address support
- A basic DHCPv6 relay agent
- Basic and partial DHCPv6 leasequery support
There are a number of DHCPv6 limitations and features missing in this
release, which will be addressed in the future:
- Only Solaris, Linux, FreeBSD, NetBSD, and OpenBSD are supported.
- Only a single address is supported per IA.
- DHCPv6 includes human-readable text in status code messages. These
should be configurable, and probably localized via gettext() or the
like.
- The "host-identifier" option is limited to a simple token.
- The client and server can only operate DHCPv4 or DHCPv6 at a time,
not both. To use both protocols simultaneously, two instances of the
relevant daemon are required, one with the '-6' command line option.
For information on how to install, configure and run this software, as
well as how to find documentation and report bugs, please consult the
README file.
ISC DHCP uses standard GNU configure for installation. Please review the
output of "./configure --help" to see what options are available.
The system has only been tested on Linux, FreeBSD, and Solaris, and may not
work on other platforms. Please report any problems and suggested fixes to
<dhcp-users@isc.org>.
Changes since 4.1.1
- A bug was fixed that could cause the DHCPv6 server to advertise/assign a
previously allocated (active) lease to a client that has changed subnets,
despite being on different shared networks. Dynamic prefixes specifically
allocated in shared networks also now are not offered if the client has
moved. [ISC-Bugs #21152]
! Accept a client id of length 0 while hashing. Previously the server would
exit if it attempted to hash a zero length client id, providing attackers
with a simple denial of service attack. [ISC-Bugs #21253]
Changes since 4.1.1rc1
- When using 'ignore client-updates;', the FQDN returned to the client
is no longer truncated to one octet.
Changes since 4.1.1b3
- None.
Changes since 4.1.1b2
- Fix test in dhcp_interface_signal_handler to check that the inner handler
has a signal_handler before calling it.
- Both host and subnet6 configuration groups are now included whether a
fixed-address6 (DHCPv6) is in use or not. Host scoped configuration takes
precedence. This fixes two bugs, one where host scoped configuration
would not be included from a non-fixed-address6 host record, and the equal
and opposite bug where subnet6 scoped configuration would not be used when
over-riding values were not present in a matching fixed-address6 host
configuration.
- ./configure now checks to ensure the intX_t and u_intX_t types are defined,
correcting a compilation failure when using Sun's compiler.
- Modified the handling of a connection to avoid releasing the omapi io
object for the connection while it is still in use. One symptom from
this error was a segfault when a failover secondary attempted to connect
to the failover primary if their clocks were not synchronized.
Changes since 4.1.1b1
- Remove infinite loop in token_print_indent_concat().
- Memory leak in the load_balance_mine() function is fixed. This would
leak ~20-30 octets per DHCPDISCOVER packet while failover was in use
and in normal state.
- Various compilation fixes have been included for the memory related
DEBUG #defines in includes/site.h.
- Fixed Linux client script 'unary operator expected' errors with DHCPv6.
- Fixed setting hostname in Linux hosts that require hostname argument
to be double-quoted. Also allow server-provided hostname to
override hostnames 'localhost' and '(none)'.
- Added client support for setting interface MTU and metric, thanks to
Roy "UberLord" Marples <roy@marples.name>.
- Fixed failover reconnection retry code to continue to retry to reconnect
rather than restarting the listener.
- Compilation on Solaris with USE_SOCKETS defined in includes/site.h has
been repaired. Other USE_ overrides should work better.
- A check for the local flavor of IFNAMSIZ had a broken 'else' condition,
that probably still resulted in the correct behaviour (but wouldn't use
a larger defined value provided by the host OS).
- Fixed a bug where an OMAPI socket disconnection message would not result
in scheduling a failover reconnection, if the link had not negotiated a
failover connect yet (e.g.: connection refused, asynch socket connect()
timeouts).
- A bug was fixed that caused the 'conflict-done' state to fail to be parsed
in failover state records.
! A stack overflow vulnerability was fixed in dhclient that could allow
remote attackers to execute arbitrary commands as root on the system,
or simply terminate the client, by providing an over-long subnet-mask
option. CERT VU#410676 - CVE-2009-0692
- Versions 3.0.x syntax with multiple name->code option definitions is now
supported. Note that, similarly to 3.0.x, for by-code lookups only the
last option definition is used.
- Fixed a bug where a time difference of greater than 60 seconds between a
failover pair could cause the primary to crash on contact with the
secondary. Thanks to a patch from Steinar Haug.
- Don't look for IPv6 interfaces on Linux when running in DHCPv4 mode.
Thanks to patches from Matthew Newton and David Cantrell.
- Secondary servers in a failover pair will now perform ddns removals if
they had performed ddns updates on a lease that is expiring, or was
released through the primary. As part of the same fix, stale binding scopes
will now be removed if a change in identity of a lease's active client is
detected, rather than simply if a lease is noticed to have expired (which it
may have expired without a failover server noticing in some situations).
- A patch supplied by David Cantrell at RedHat was applied that detects
invalid calling parameters given to the ns_name_ntop() function.
Specifically, it detects if the caller passed a pointer and size pair
that causes the pointer to integer-wrap past zero.
! Fixed a fenceposting bug when a client had two host records configured,
one using 'uid' and the other using 'hardware ethernet'. CVE-2009-1892
Changes since 4.1.0
- Validate the argument to the -p option.
- The notorious 'option <unknown> ... larger than buffer' log line,
which is seen in some malformed DHCP client packets, was modified.
It now logs the universe name, and does not log the length values
(which are bogus corruption read from the packet anyway). It also
carries a hopefully more useful explanation.
- A bug was fixed that caused the server not to answer some valid Solicit
and Request packets, if the dynamic range covering any requested addresses
had been deleted from configuration.
- Suppress spurious warnings from configure about --datarootdir
- Update the code to deal with GCC 4.3. This included two sets of changes.
The first is to the configuration files to include the use of
AC_USE_SYSTEM_EXTENSIONS. The second is to deal with return values that
were being ignored.
- The db-time-format option was documented in manpages.
- Using reserved leases no longer results in 'lease with binding state
free not on its queue' error messages, thanks to a patch from Frode
Nordahl.
- DDNS removal routines were updated so that the DHCID is not removed until
the client has been deprived of all A and AAAA records (not only the last
one of either of those). This resolves a bug where dual stack clients
would not be able to regain their names after either expiration event.
- Fix a build error in dhcrelay, using older versions of gcc with
dhcpv6 disabled.
- Two uninitialized stack structures are now memset to zero, thanks to
patch from David Cantrell at Red Hat.
- Fixed a cosmetic bug where pretty-printing valid domain-search options would
result in an erroneous error log message ('garbage in format string').
- A bug in DLPI packet transmission (Solaris, HP/UX) that caused the server
to stop receiving packets is fixed. The same fix also means that the MAC
address will no longer appear 'bogus' on DLPI-based systems.
- A bug in select handling was discovered where the results of one select()
call were discarded, causing the server to process the next select() call
and use more system calls than required. This has been repaired - the
sockets will be handled after the first return from select(), resulting in
fewer system calls.
- The update-conflict-detection feature would leave an FQDN updated without
a DHCID (still currently implemented as a TXT RR). This would cause later
expiration or release events to fail to remove the domain name. The feature
now also inserts the client's up to date DHCID record, so records may safely
be removed at expiration or release time. Thanks to a patch submitted by
Christof Chen.
|
|
pkgsrc changes:
- add license definition
Upstream changes:
0.18 -- Mon May 31 10:38:13 CDT 2010
* Added support for IPv6 (patch from John Jason Brzozowski)
* Added .gitignore file [Maik Hentsche]
* added unit tests [Maik Hentsche]
* added directory for unit test [Maik Hentsche]
* handle unlink error [Maik Hentsche]
* added unit test for missing host [Maik Hentsche]
* Fix warning for new() without host argument [Maik Hentsche]
|
|
|
|
gonna be maintained (and hasn't been the last years)
|
|
Changes:
------------------------------------------------------------------------
r432 | alexd | 2010-09-15 10:06:11 +0100 (Wed, 15 Sep 2010) | 1 line
Removing trailing SOA record from returned AXFR data
------------------------------------------------------------------------
r431 | alexd | 2010-09-15 10:05:40 +0100 (Wed, 15 Sep 2010) | 1 line
Making RRs comparable - they now sort by owner name then type then rdata
------------------------------------------------------------------------
r430 | alexd | 2010-09-02 14:48:18 +0100 (Thu, 02 Sep 2010) | 1 line
Suppress unnecessary fatal error
------------------------------------------------------------------------
r429 | alexd | 2010-08-26 11:28:43 +0100 (Thu, 26 Aug 2010) | 1 line
Handle exceptions when closing potentially borked sockets
------------------------------------------------------------------------
r428 | alexd | 2010-08-25 16:16:39 +0100 (Wed, 25 Aug 2010) | 1 line
Synchronising access properly - rubyforge 28504
|
|
=== Addressable 2.2.1
- added support for application/x-www-form-urlencoded.
|
|
|
|
pkgsrc changes:
- add license
Upstream changes since 0.4:
version 0.42 (2009/10/01):
- don't hangup when receiving abandonRequest in order to support
clients like Evolution which expect that the socket is still
alive after such a request (patch by Bill Lindley)
|
