| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
2.6.1 provides new functionality including the following:
* New pattern matcher with a significantly reduced memory footprint
* Introduction of stream5 for experimental use
* Improvements to stream4, including UDP session tracking and optimizations for the reassembly buffer
* Handling for reassembly of SMB fragmented data in DCE/RPC
* An ssh preprocessor for experimental use
* Updated Snort decoder that can decode GRE encapsulated packets
* Output plugin to allow Snort to configure Aruba access control
Snort 2.6.0:
* Tcp stream properly reassembled after failed sequence check, which may lead to possible detection evasion.
* Added configurable stream flushpoints.
* Improved rpc processing.
* Improved portscan detection.
* Improved http request processing and handling of possible evasion cases.
* Improved performance monitoring.
The Snort 2.6 release also introduces the ability to use dynamic rules and dynamic preprocessors and contains further improvements to the Snort detection engine.
Remove snort-{pgsql,mysql,prelude}. The new snort package uses options.mk
to specify build options.
|
|
* Major enhancements to rlm_pap, that make "encryption_scheme"
a think of the past. See "man rlm_pap" for details.
* Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use
work-arounds that enable Windows Vista clients to work.
* Added preliminary code to support Firebird.
Use at your own risk!
* Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more
platforms.
* Add a new "reply-name" directive in rlm_sqlcounter to define the
name of the reply attribute.
* Added more dictionaries and attributes
* Print ntlm_auth failure reason in Module-Failure-Message
* radsqlrelay is able to get the DB password from a file instead
of command line.
Bug fixes
* Fix a parse error in the digest module, where malformed
digest requests would result in the user being accepted. Oops...
* VALUEs can only be defined for 'integer', to catch mistakes
with setting VALUEs for type 'string'.
* Better parsing of VALUE names, so that values starting with
a digit work correctly.
* Check return from malloc
* Fix a double free() in rlm_eap_tls.c
* Check return code of malloc() during initialization.
* Fix a corner case where the proxy port isn't set either in
radiusd.conf or in proxy.conf.
|
|
new features:
new datagram modes for udp, rawip, unix domain sockets
socat option -T specifies inactivity timeout
rewrote lexical analysis to allow nested socat calls
addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6
socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP,
SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection
addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6
option protocol-family (pf), esp. for openssl-listen
range option supports IPv6 - syntax: range=[::1/128]
option ipv6-v6only (ipv6only)
new tcp-wrappers options allow-table, deny-table, tcpwrap-etc
FIPS version of OpenSSL can be integrated - initial patch provided by
David Acker. See README.FIPS
support for resolver options res-debug, aaonly, usevc, primary, igntc,
recurse, defnames, stayopen, dnsrch
options for file attributes on advanced filesystems (ext2, ext3,
reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump,
ext2-noatime, journal-data etc.
option cool-write controls severeness of write failure (EPIPE, ECONNRESET)
option o-noatime
socat option -lh for hostname in log output
traffic dumping provides packet headers
configure.in became part of distribution
socats unpack directory now has full version, e.g. socat-1.5.0.0/
corrected docu of option verify
corrections:
fixed tcpwrappers integration - initial fix provided by Rudolf Cejka
exec with pipes,stderr produced error
setuid-early was ignored with many address types
some minor corrections
|
|
|
|
the latest version of Samba.
|
|
Samba distribution since version 3.0.23. "mysql" and "pgsql" passdb backends
are now maintained via http://pdbsql.sourceforge.net/ and will have to be
packaged separately.
|
|
|
|
source), from pkgsrc-wip and packaged by iMil.
Csup is a rewrite of CVSup in C.
CVSup(R) is a software for distributing and updating collections of files
accross a network. It can efficiently and accurately mirror all types of files,
including sources, binaries, hard links, symbolic links, and even device nodes.
In addition to being a great general-purpose mirroring tool, CVSup includes
special features and optimizations specifically tailored to CVS repositories.
It is being used as the preferred way to update sources within the FreeBSD,
NetBSD and OpenBSD projects and more.
|
|
2007/02/11: version 2.8.3 = tag release-2-8-3
5734: Update camlzip to version 1.03 (thx to orbit for reporting)
5735: BT: Fix make_torrents to sort dictionary entries alphabetically
Bittornado did not read MLDonkey-made torrents (amadeo)
5737: MinGW: Work-around missing Unix.fstat
- fixes failed removal of torrent files from torrents/[incoming|downloads]
2007/02/06
5719: Unix2: Fix copying files > 1GB (1073741823 bytes),
bug was introduced by patch 5589 after release of 2.8.2
2007/02/04
5724: http_client: Retry GET request if HEAD request returns http error 400
5723: HTML: print tracker errors in html table at 'vd <num>' (Schlumpf)
5722: HTML: use Printf2.html_mods_cntr () for table row classes (Schlumpf)
5720: Swarmer: block choice algorithm 2 from patch 5141 is new default
- remove swarming_block_selection_algorithm = 1
because it finishes chunks too slowly
- remove swarming_block_selection_algorithm = 3 from TripleM
because it uses too much CPU power.
- remove option swarming_block_selection_algorithm, hard-coded default is now 2
- remove option block_switching, hard-coded default is now true
2007/01/30
5717: Optimize function print_command_result
2007/01/28
5715: Improve porttest (Schlumpf)
- use 'porttest' command to start the network porttest the first time,
after this to see the results
- new command 'force_porttest' to force an new porttest
- improve html porttest output and make it also available in telnet
5716: EDK: Do not send share list to servers with state Connecting
5713: HTML: show messages link in vd clickable (Schlumpf)
2007/01/25
5712: Multiuser: New verbosity "com" to log commands by non-admin users
5711: Multiuser: Block commands preferred, bs, bp, port for non-admin users
5642: Swarmer: swarming_block_selection_algorithm = 3 (TripleM)
- this new algorithm select always the rarest choice, if average availability
is below 5, or one choice_availability is below average availability
- added a hashtable to store blockmaps of uploaders for a given swarmer
- long term memory usage has to be observed
5710: Swarmer: Fix chunk propagation (pango)
2007/01/21
5693: "voo changed" prints changed options only, useful for support (Schlumpf)
5698: EDK: fix display of porttest result images (Schlumpf)
5699: Multiuser: Fix wrong file path (user_commit_dir) in notification mail
5695: Command "set": better error text if option does not exist
5694: Fix small typo in buildinfo
2007/01/17
5673: New core start parameter: -useradd "user pass", needed for Debian package
5678: New options for command force_web_infos: kind/URL (thx to Schlumpf)
2007/01/15
5691: EDK: Recognize compatibleclient 60: IMPmule (imp-project.net)
5689: EDK: Log downloading file name when client disconnects
5684: GUI: Fix build of mlprogress (Alt linux)
5677: Options: New concept of option types, fix non-admin Sancho http preview
2007/01/11
5665: EDK: Support compressed upload, implement file read cache (TripleM)
new options:
- ED2K_upload_compression to enable compressed upload, default true
- ED2K_upload_compression_threshold, default 2000 bytes
Size difference in bytes between one zone (180 kBytes) and its compressed
counterpart, which has to occure, to send compressed parts instead of plain.
- ED2K_upload_compression_level, Zlib compression level, default 9
- ED2K_upload_compression_table_size, default 20
5669: HTML: Add HTML headers to prohibit browser-side caching (Schlumpf)
5671: Configure: Fix question whether to compile lablgtk, same as patch 5401
5675: Updated Mozilla protocol handler to version 1.10
2007/01/08
5666: New option upload_complete_chunks (TripleM)
- default false, if true, each client is allowed to complete only one chunk,
independent, if it is empty or partial. this setting overrides
upload_full_chunks and dynamic_upload_lifetime, but is, as a failsafe,
limited by upload_lifetime (should be set reasonable high)
5664: EDK: Avoid uploading data more than due
to eMules rotating block requests (pango)
5596: EDK: New option upload_full_chunks (thx to TripleM)
- If the new option upload_full_chunks is set to true, each client is
allowed to receive one chunk, this setting overrides upload_lifetime.
Well, not exactly one chunk. eMule has this code in opcode.h:
#define SESSIONMAXTRANS (PARTSIZE+20*1024) //
"Try to send complete chunks" always sends this amount of data
MLdonkey now does the same, if upload_full_chunks is true and client A got
9728000+20*1024 bytes during the current session its upload slot will be
revoked unless pending slots are empty.
5619: EDK: Print network specific infos in command "vc <num>",
remove unneeded fields from client structures
5627: commonHasher: fix wrong arg types from several functions (Schlumpf)
5626: MinGW: fix missing declarations and wrong pointer
initialization in stubs_c.c (Schlumpf)
2007/01/06
5599: EDK: Support for files >4GB (TripleM, pango)
- this patch does not include >4GB support for Kademlia
5660: Swarming: Enable wrongly disabled select block memoization (pango)
5659: GD: Fix wrong months display (skeeve)
2006/12/08
5617: New option share_scan_interval
- how often (in minutes) should MLDonkey scan all shared directories
for new/removed files, default one minute
- on slow machines raise the interval to a higher value to reduce CPU load
- to force a re-scan of shared directories use command "reshare"
2006/12/06
5613: Another longhelp cleanup (anhi)
5615: EDK: Parse more fields from server.met files
2006/12/04
5612: EDK: OP_HELLO tag 0x75, print os_info in logfile
2006/12/03
5602: HTML: Display share status in upstats
5609: New field type Field_KNOWN, EDK: recognize more HELLO/EmuleInfo tags
5610: CommonSources: Cleanups and reformatting the code (pango)
2006/12/02
5608: Multiuser, chgrp: Prevent change of file_group to None
if the user is not file_owner
5607: Multiuser, chown: Change file_group to user_default_group
if the new user is not member of file_group
5606: Introduce display of session transfer values
- new columns for session up-/download
- send session values to GUIs
2006/12/01
5605: HTML: Fix search list display when html_checkbox_search_file_list = true
2006/11/29
5598: Remove use of deprecated sort module, remove unused sort2.ml* (pango)
5589: New option create_file_mode,
rename create_dir_mask to create_dir_mode (pango)
5595: EDK: Fully parse emule_miscoptions1/2
5594: EDK: If update_server_list_client true, add yet unknown server
of lowid clients
|
|
Fixed pkglint warnings.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* make cfgmaker detect broken snmpv1 counters more reliably
* latest Net_SNMP_util.pm with many small fixes
* more cfgmaker smarts and documentation for snmpv3
* be happy even if no threshmail sending is configured
* add install target for traffic-summer
* fix mrtg-traffic-sum default catch expression to be in sync with docs
|
|
Major changes since version 3.0.22:
- CVE-2007-0452 (Potential Denial of Service bug in smbd)
- CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
- CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)
- Stability fixes for winbindd
- Portability fixes on FreeBSD and Solaris operating systems.
- Authentication failures in pam_winbind when the AD domain
policy is set to not expire passwords.
- Authorization failures when using smb.conf options such
as "valid users" with the smbpasswd passdb backend.
- Ambiguity with unqualified names in smb.conf parameters
such as "force user" and "valid users".
- Errors in 'net ads join' caused by bad IP address in the list
of domain controllers.
- SMB signing errors in the client and server code.
- Domain join failures when using smbpasswd on a Samba PDC.
- Failure to strip the domain name from groups when 'winbind
use default domain = yes'
- Failure in pam_winbind to correctly parse arguments.
- Bad token creation of local users on member servers not
running winbindd.
- Failure to add users or groups to ACLs using the Windows
object picker.
- Failure in file serving code when 'kernel oplocks = yes'.
- New "createupn" option to "net ads join"
- Rewritten Kerberos keytab generation when 'use kerberos
keytab = yes'
- Improved 'make test'
- New offline mode in winbindd.
- New Kerberos support for pam_winbind.so.
- New handling of unmapped users and groups.
- New non-root share management tools.
- Improved support for local and BUILTIN groups.
- Winbind IDMAP integration with RFC2307 schema objects supported
by Windows 2003 R2.
- Rewritten 'net ads join' to mimic Windows XP without requiring
administrative rights to join a domain.
|
|
|
|
changes: bugfixes (thread termination failure, crashes)
|
|
wireshark maintainers.
|
|
line numbers into generated ".c" files. The GCC 3.3.3 distributed with
NetBSD-i386 3.3.1 can now build this package without problems.
|
|
|
|
|
|
libnet 1.20 -- Fri Feb 2 19:42:51 CST 2007
Bug Fixes
* Fixed incorrect handling of CRLF that straddled two blocks
* Fix bug in response() which was too liberal in what it thought was a response line
* Silence uninitialized value warnings in Net::Cmd during testing on Win32
* Documentations typos and updates
Enhancements
* Added support for ORCPT into Net::SMTP
* Support for servers that expect the USER command in upper or lower case. Try USER
first then try user if that fails
|
|
|
|
into the build system, so override cpu_nlist on DragonFly.
|
|
- The default configuration now enables embedded Perl and the Perl
modules by default when possible unless explicitly disabled. You
may use the --disable-embedded-perl and --without-perl-modules
configure options, respectively, to revert to the former default
configuration.
|
|
|
|
Changes since version 0.99.4:
- Bug Fixes
o The TCP dissector could hang or crash while reassembling HTTP
packets.
Versions affected: 0.99.2 to 0.99.4
CVE-2007-0459
o The HTTP dissector could crash.
Versions affected: 0.99.3 to 0.99.4
CVE-2007-0458
o On some systems, the IEEE 802.11 dissector could crash.
Versions affected: 0.10.14 to 0.99.4
CVE-2007-0457
o On some systems, the LLT dissector could crash.
Versions affected: 0.99.3 to 0.99.4
CVE-2007-0456
The following bugs have been fixed:
o The end of HTTP chunked encoding wasn't being displayed.
o The Follow TCP Stream window could omit characters.
o Opening a flow graph could crash Wireshark.
o Follow TCP Stream would sometimes get the direction wrong.
o The foreground text in the coloring rules editor was always
black.
o The CSV export format was incorrect.
o On some Windows systems Wireshark could take a long time to
start up.
o Malformed UDLD packets could cause an exception.
o The ISUP statistics report could overflow a buffer and crash
when displaying IPv6 addresses.
- New and Updated Features
o Decryption support for WPA/WPA2 and SNMPv3 has been added. The
TDS / MS SQL dissector now de-obfuscates passwords.
o 64-bit file handling has been improved.
o The Find function now selects the corresponding packet detail
item. Find functionality has been added to the TCP and SSL
stream dialogs.
o Main window keyboard navigation has been improved.
o ASN.1 BER-encoded files can now be dissected according to a
user-specified syntax.
- New Protocol Support
DMP, Homeplug (INT51X1), NBD, OMAPI, PKCS#12, RGMP, Roofnet, STUN
v2
- Updated Protocol Support
2dparityfec, ACN, AIM, AMR, ANSI 637, ANSI A, ANSI MAP, ARP, ASN.1
BER, ASN.1 PER, BACapp, BPDU, CAMEL, DCERPC (DCERPC, EFS,
EVENTLOG, NSPI, PN-IO, WINREG), DCOM CBA, DCP, DHCP, DHCPv6, DMP,
DNS, E.164, EAP, EPL, ETSI DCP, FCP, GIOP, GSM A, H.245, H.248,
HPSW, HTTP, ICMP, ICMPv6, IEEE 802.11, IMAP, INAP, IPMI, IPsec,
IRC, ISAKMP, iSCSI, ISIS LSP, IuUP, K12, Kerberos, LDAP, LLDP,
MEGACO, MGCP, MIME Multipart, MMS, MMSE, MSRP, MySQL, NetFlow,
NFS, NTLMSSP, NTP, OSPF, PN-PTCP, PPPoE, Q.931, Radiotap, RADIUS,
RPC, RSVP, RTCP, S4406, SCCP, SCSI, SDP, SES, sFlow, SIGCOMP, SIP,
SIR, Skinny, SMB (SMB, NETLOGON), SMTP, SNMP, SPNEGO, SSL, T.38,
TCP, TDS, text/media, TIPC, UDLD, UDP Lite, UDP, UMA, UMTS FP,
USB, VNC, WBXML, WLCCP, WSP, X.411, X.420, XML, XOT, YMSG
- New and Updated Capture File Support
Catapult DCT2000, Netttl, Windows Sniffer / NetXray
|
|
the default RBL from rblsmtpd using Charles Cazabon's patch. (If
you don't specify which RBLs you want, you get rbl.maps.vix.com,
which according to Vixie on NANOG hasn't existed "since 1999 or
so.") Bump PKGREVISION.
|
|
|
|
changes: minor bugfixes
|
|
ftp://asim.lip6.fr/outgoing/packages/i386/3.1/20070114.1132/broken.html
(latest 3.1/i386 bulk build of 2006Q4).
Feel free to fix them...
|
|
- "share/doc/bind9" shouldn't be group-writable.
- "share/doc/bind9/arm/Bv9ARM.pdf" shouldn't be executable.
Bump package revision because of these fixes.
|
|
has been corrected.
|
|
|
|
No cookie for minskim.
|
|
|
|
2006-02-10 DNSdoctor-1.0.1
* l10n: chinese translation thanks to cnnic
* man: fixed man page hyphens for UTF-8
* check: new test checking that the nameservers are not part
of the same domain (all_same_domain)
* check: added timeout for the whole smtp session
* check: smtp timeout are now configurable
* html: use italic for guessed values (ns, ip addresses)
* html: added correct favicon
|
|
Lots of changes, see http://www.isc.org/sw/bind/view/?release=9.3.4#RELEASE
for all the details:
In brief:
2126. [security] Serialise validation of type ANY responses.
2124. [security] It was possible to dereference a freed fetch
context.
2089. [security] Raise the minimum safe OpenSSL versions to
OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
prior to these have known security flaws which
are (potentially) exploitable in named.
2088. [security] Change the default RSA exponent from 3 to 65537.
2066. [security] Handle SIG queries gracefully.
1941. [bug] ncache_adderesult() should set eresult even if no
rdataset is passed to it.
|
|
|
|
|
|
version 0.7.1. Major changes since 0.10.4/0.6.4:
- support for the CANCEL piece request message
- support for tunneling through HTTP 1.0 proxies
- Azureus-style encryption
|
|
|
|
|
|
OpenFT 0.2.1.6:
* Fixed a bug where full parents could trigger an assertion failure.
* Index tokens database by array index instead of by pointer
(should improve space efficiency, especially on 64-bit platforms).
* Clean up the database properly. Not only does this avoid leaving
huge temporary files lying around, but potentially allows the db to be
shutdown and restarted at will.
* Avoid unaligned memory accesses, which cause problems on some
RISC platforms.
* Don't die on malformed URLs.
OpenFT 0.2.1.5:
* Major search database rethink: shares are keyed by host plus a
unique identifier instead of by hash. Hopefully this will improve
space efficiency (and reduce I/O), and also eliminate the (non-)handling
of duplicate hashes that existed previously.
* New tokenization API.
* Removed support for hidden searches due to new improved hashing algorithm.
* New searching functionality: exclusion tokens and quoted queries.
* Moved local shares into search database. This should reduce CPU usage
with a large number of shares.
* Improved documentation about search node configuration.
* Fixed two bugs in stats initialization.
* Added Bloom filter support, which is currently unused but may eventually
be used to optimize query routing.
* Temporarily backed out of cleaning up the database environment on exit,
because it would try to sync the entire database to disk. This will be
fixed properly later when individual children are tracked within
ft_search_db.c.
* Implemented automatic compressed stream handling for unbounded
data (currently search queries and forwarded search results). This
reduces bandwidth usage significantly, sometimes by as much as 50%.
* Increased maximum packet size, although this is currently unused for
compatibility reasons.
OpenFT 0.2.1.4:
* Fixed a signedness bug that could cause problems with non-ASCII characters
on some platforms.
* Fixed a packet handling bug that could cause an infinite loop.
* Minor networking tweaks.
* Fixed clipping of the nodes cache.
|
|
Gnutella 0.0.11:
* Made SHA1 implementation work correctly on 64 bit machines.
* Create new client GUID on each startup to prevent stupid packagers
from hurting the network.
* Disable the timebomb once and for all.
Gnutella 0.0.10.1:
* Added additional revision digit to version number so we can release
packages with updated GT_RELEASE_DATE if nothing else has changed.
* Increased web cache disabling to 365 days after built and complete
shutdown to 1.5 years.
Gnutella 0.0.10:
* Disconnect idle nodes that don't reply to pings.
* Support Vendor Messages.
* Support ConnectBack vendor message for better firewalled status
detection.
* Slightly improved the random number seed.
* Send an empty error page when the remote side supports queueing.
* All searches now timeout after at most 10 minutes.
* Only use the full http:// URL in GWebcache requests when using a proxy
(see RFC 2616 (HTTP/1.1) for further information).
* Support outgoing compression of message streams.
* Drop "urn:" trailer from queries sent.
* Send full filename in PUSH uploads; seems LimeWire requires it.
* Support p->share_hide/show for hiding shares from other nodes with
a HopsFlow message, allowing them to be efficiently un/re-shared.
* Basic support for sending GGEP blocks.
* Change "really-old" auto-deactivation to silent failure to avoid
creating surprises for people who don't care.
* Support push proxies: put a GGEP block containing the IP address of
some servers we're connected to in order to improve upload performance
of firewalled nodes.
* Ban webcaches that resolve to local IP addresses.
|
|
|
