| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
root/ignoreip, in response to Verisign's latest silliness. The
behavior of dnscache is unchanged unless you create this file. Bump
PKGREVISION.
While I'm here, change the "post-patch" target to "do-configure",
since that's what it's doing.
See <URL:http://tinydns.org/djbdns-1.05-ignoreip2.patch> for more
information about this patch.
|
|
|
|
Fixes vulnerability: http://xforce.iss.net/xforce/alerts/id/154
|
|
Patch from Adrian Portelli via PR pkg/22900.
Changes:
- Added Thresholding and Suppression features (Marc Norton/Sourcefire)
- Fixed TCP RST processing bug found (Shai Rubin)
- Cleanup of spp_arpspoof (Jeff Nathan)
- Cleanup of win32 version including proper Event Log support (Chris Reid)
- Munged data fixes for stream4 (Chris Green)
|
|
user supplies part of the string. Bump PKGREVISION.
|
|
|
|
|
|
|
|
|
|
--- 9.2.2-P3 released ---
1512. [bug] Extend the delegation-only logging to return query
type, class and responding nameserver.
1511. [bug] delegation-only was generating false positives
on negative answers from subzones.
|
|
- "pcap2ipstat" now supports PPPoE dumps.
- Fixes build problems with GCC 3.3.1.
|
|
Fixes some problems in totd 1.3 and addds some new functionality.
Closes PR 22882 from Feico W. Dillema.
|
|
|
|
|
|
|
|
|
|
Based on PR pkg/22680 by Jon Olsson.
Changes:
- add new build-time options: PURE_FTPD_USE_TLS, PURE_FTPD_USE_VIRTUAL_CHROOT
- make the MySQL support actually work
- install more documentation
1.0.16a:
========
- Fix typo (sizeof_resolved instead of sizeof resolved) in src/bsd-realpath.c
Not a vulnerability because it happens in the good way, but it sometimes
used to break uploadscript.
1.0.16:
=======
- An obsolete comment in pure-ftpd.conf was fixed : RPMs don't parse
/etc/sysconf/pure-ftpd any more.
- Recognize the '##' prefix as a shadowed password - make authentication work
on Solaris with shadow/NIS.
- Add back some random sleep() between authentication failures in addition to
the exponential sleep. Zzzzz... sleeping is good in summer...
- Upgrade to automake 1.7.5.
- The list of options in the pure-ftpd(8) man page was reordered -
Thanks to our beloved Claudiu Costin.
- SSL/TLS support was added (bits in src/{ftpd.c,ftp_parser.c,tls.c,tls.h,
configure.ac}, new doc: README.TLS, new globals: tls_ctx, tls_cnx). New
related commands were introduced : AUTH, PBSZ and PROT.
- Uploaded files are now removed when realpath() fails and bsd_realpath() was
modified to fall back to getcwd()/chdir() if we can't get a descriptor on
the current directory because it is not readable. It fixes pure-uploadscript
on some platforms like MacOS X.
- HAVE_BROKEN_REALPATH is gone. USE_BUILTIN_REALPATH is born.
- A typo in the Python configuration file wrapper was fixed : -t was used in
place of -y.
- MacOS X Panther has a lousy getnameinfo() implementation that doesn't fill
the buffer when no DNS entry is found for a host and a numerical result
wasn't explicitely asked. As a result, Pure-FTPd didn't even start on Panther
(saying "bad IP address") . We now check for EAI_NONAME if available and we
retry with NI_NUMERICHOST if this is what getnameinfo() returns. Thanks to
Yann Bizeul for his valuable help on this issue.
- Implement a working strdup() replacement in puredb for systems lacking it.
- Some MAXPATHLEN / MAXPATHLEN + 1 cleanups. Basically when paths are
generated by our own functions, we use MAXPATHLEN for the complete
zero-terminated string. When a buffer is passed to a libc function, we reserve
a MAXPATHLEN + 1 buffer and give a MAXPATHLEN size, just to avoid bad
surprises if an off-by-one ever occurs in a getcwd() like function.
- Don't use make_scrambled_password() in the MySQL backend because the API
changed since MySQL 4.1.
- Removed fixed-size constant arrays in src/crypto.c because of MacOS X linker
bugs (grrr...) .
|
|
Sync with nmap update.
|
|
Also closes PR pkg/22845 by Adrian Portelli.
Changes:
3.45:
=====
- Added new HTTPOptions and RTSPRequest probes suggested by MadHat
(madhat(a)unspecific.com)
- Integrated more service signatures from MadHat
(madhat(a)unspecific.com), Brian Hatch (bri(a)ifokr.org), Niels
Heinen (zillion(a)safemode.org), Solar Designer
(solar(a)openwall.com), Seth Master
(smaster(a)stanford.edu), and Curt Wilson
(netw3_security(a)hushmail.com),
- Applied a patch from Solar Eclipse (solareclipse(a)phreedom.org)
which increases the allowed size of the 'extrainfo' version field from
80 characters to 128. The main benefit is to allow longer apache module
version strings.
- Fixed Windows compilation.
- Applied some updates to README-WIN32 sent in by Kirby Kuehl
(kkuehl(a)cisco.com). He improved the list of suggested registry
changes and also fixed a typo or two. He also attached a .reg file
automate the Nmap connect() scan performance enhancing registry
changes. I am now including that with the Nmap Windows binary .zip
distribution (and in mswin32/ of the source distro).
- Applied a one-line patch from Dmitry V. Levin (ldv@altlinux.org)
which fixes a test Nmap does during compilation to see if an existing
libpcap installation is recent enough.
3.40PVT17:
==========
- Wrote and posted a new paper on version scanning to
http://www.insecure.org/nmap/versionscan.html . Updated
nmap-service-probes and the Nmap man page to simply refer to this
URL.
- Integrated more service signatures from my own scanning as well as
contributions from Brian Hatch (bri(a)ifokr.org), MadHat
(madhat(a)unspecific.com), Max Vision (vision(a)whitehats.com), HD
Moore (hdm(a)digitaloffense.net), Seth Master
(smaster(a)stanford.edu), and Niels Heinen (zillion(a)safemode.org).
MadHat also contributed a new probe for Windows Media Service. Many
people set a LOT of signatures, which has allowed
nmap-service-probes to grow from 295 to 356 signatures representing
85 service protocols!
- Applied a patch (with slight changes) from Brian Hatch
(bri(a)ifokr.org) which enables caching of SSL sessions so that
negotiation doesn't have to be repeated when Nmap reconnects to the same
between probes.
- Applied a patch from Brian Hatch (bri@ifokr.org) which optimizes the
requested SSL ciphers for speed rather than security. The list was
based on empirical evidence from substantial benchmarking he did with
tests that resemble nmap-service-scanning.
- Updated the Nmap man page to discuss the new version scanning
options (-sV, -A).
- I now include nmap-version/aclocal.m4 in the distribution as this is
required to rebuild the configure script ( thanks to Dmitry V. Levin
(ldv(a)altlinux.org) for notifying me of the problem.
- Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which
detects whether the PCRE include file is <pcre.h> or <pcre
- Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which
fixes typos in some error messages. The patch apparently came from
the highly-secure and stable Owl and Alt Linux distributions. Check
them out at http://www.openwall.com/Owl/ and
http://www.altlinux.com/
- Fixed compilation on Mac OS X - thanks to Brian Hatch
(bri(a)ifokr.org> and Ryan Lowe (rlowe(a)pablowe.net) for giving me
access to Mac OS X boxes.
- Stripped down libpcre build system to remove libtool dependency and
other cruft that Nmap doesn't need. (this was mostly a response to
libtool-related issues on Mac OS X).
- Added a new --version_trace option which causes Nmap to print out extensive
debugging info about what version scanning is doing (this is a subset
of what you would get with --packet_trace). You should usually use
this in combination with at least one -d option.
- Fixed a port number printing bug that would cause Nmap service
fingerprints to give a negative port number when the actual port was
above 32K. Thanks to Seth Master (smaster@stanford.edu) for finding
this.
- Updated all the header text again to clarify our interpretation of
"derived works" after some suggestions from Brian Hatch
(bri(a)ifokr.org)
- Updated the Nsock config.sub/config.guess to the same newer versions
that Nmap uses (for Mac OS X compilation).
3.40PVT16:
==========
- Fixed a compilation problem on systems w/o OpenSSL that was
discovered by Solar Designer. I also fixed some compilation
problems on non-IPv6 systems. It now compiles and runs on my
Solaris and ancient OpenBSD systems.
- Integrated more services thanks to submissions from Niels Heinen
(zillion(a)safemode.org).
- Canonicalized the headers at the top of each Nmap/Nsock header src
file. This included clarifying our interpretation of derived works,
updating the copyright date to 2003, making the header a bit wider,
and a few other light changes. I've been putting this off for a
while, because it required editing about a hundred !#$# files!
3.40PVT15:
==========
- Fixed a major bug in the Nsock time caching system. This could
cause service detection to inexplicably fail against certain ports in
the second or later machines scanned. Thanks to Solar Designer and HD
Moore for helping me track this down.
- Fixed some *BSD compilation bugs found by
Zillion (zillion(a)safemode.org).
- Integrated more services thanks to submissions from Fyodor Yarochkin
(fygrave(a)tigerteam.net), and Niels Heinen
(zillion(a)safemode.org), and some of my own exploring. There are
now 295 signatures.
- Fixed a compilation bug found by Solar Designer on machines that
don't have struct sockaddr_storage. Nsock now just uses "struct
sockaddr *" like connect() does.
- Fixed a bug found by Solar Designer which would cause the Nmap
portscan table to be truncated in -oN output files if the results are
very long.
- Changed a bunch of large stack arrays (e.g. int portlookup[65536])
into dynamically allocated heap pointers. The large stack variables
apparently caused problems on some architectures. This issue was
reported by osamah abuoun (osamah_abuoun(a)hotmail.com).
3.40PVT14:
==========
- Added IPv6 support for service scan.
- Added an 'sslports' directive to nmap-service-probes. This tells
Nmap which service checks to try first for SSL-wrapped ports. The
syntax is the same as the normal 'ports' directive for non-ssl ports.
For example, the HTTP probe has an 'sslports 443' line and
SMTP-detecting probes have and 'sslports 465' line.
- Integrated more services thanks to submissions from MadHat
(madhat(a)unspecific.com), Solar Designer (solar(a)openwall.com), Dug
Song (dugsong(a)monkey.org), pope(a)undersec.com, and Brian Hatch
(bri(a)ifokr.org). There are now 288 signatures, matching these 65
service protocols:
chargen cvspserver daytime domain echo exec finger font-service
ftp ftp-proxy http http-proxy hylafax ident ident imap imaps ipp
ircbot ircd irc-proxy issrealsecure landesk-rc ldap meetingmaker
microsoft-ds msrpc mud mysql ncacn_http ncp netbios-ns netbios-ssn
netsaint netwareip nntp nsclient oracle-tns pcanywheredata pop3
pop3s postgres printer qotd redcarpet rlogind rpc rsync rtsp shell
smtp snpp spamd ssc-agent ssh ssl telnet time upnp uucp vnc
vnc-http webster whois winshell X11
- Added a Lotus Notes probe from Fyodor Yarochkin
(fygrave(a)tigerteam.net).
- Dug Song wins the "award" for most obscure service fingerprint
submission. Nmap now detects Dave Curry's Webster dictionary server
from 1986 :).
- Service fingerprints now include a 'T=SSL' attribute when SSL
tunneling was used.
- More portability enhancements thanks to Solar Designer and his Linux
2.0 libc5 boxes.
- Applied a patch from Gisle Vanem (giva(a)bgnett.no) which improves
Windows emulation of the UNIX mmap() and munmap() memory mapping calls.
3.40PVT13:
==========
- Added SSL-scan-through support. If service detection finds a port to be
SSL, it will transparently connect to the port using OpenSSL and use
version detection to determine what service lies beneath. This
feature is only enabled if OpenSSL is available at build time. A
new --with-openssl=DIR configure option is available if OpenSSL is
not in your default compiler paths. You can use --without-openssl
to disable this functionality. Thanks to Brian Hatch
(bri(a)ifokr.org) for sample code and other assistance. Make sure
you use a version without known exploitable overflows. In
particular, versions up to and including OpenSSL 0.9.6d and
0.9.7-beta2 contained serious vulnerabilities described at
http://www.openssl.org/news/secadv_20020730.txt . Note that these
vulnerabilities are well over a year old at the time of this
writing.
- Integrated many more services thanks to submissions from Brian
Hatch, HellNBack ( hellnbak(a)nmrc.org ), MadHat, Solar Designer,
Simple Nomad, and Shawn Wallis (swallis(a)ku.edu). The number of
signatures has grown from 242 to 271. Thanks!
- Integrated Novell Netware NCP and MS Terminal Server probes from
Simple Nomad (thegnome(a)nmrc.org).
- Fixed a segfault found by Solar Designer that could occur when
scanning certain "evil" services.
- Fixed a problem reported by Solar Designer and MadHat (
madhat(a)unspecific.com ) where Nmap would bail when certain Apache
version/info responses were particularly long. It could happen in
other cases as well. Now Nmap just prints a warning.
- Fixed some portability issues reported by Solar Designer
( solar(a)openwall.com )
3.40PVT12:
==========
- I added probes for SSL (session startup request) and microsoft-ds
(SMB Negotiate Protocol request).
- I changed the default read timeout for a service probe from 7.5s to 5s.
- Fixed a one-character bug that broke many scans when -sV was NOT
given. Thanks to Blue Boar (BlueBoar(a)thievco.com) for the report.
3.40PVT11:
==========
- Integrated many more services thanks to submissions from Simple
Nomad, Solar Designer, jerickson(a)inphonic.com, Curt Wilson, and
Marco Ivaldi. Thanks! The match line count has risen from 201 to 242.
- Implemented a service classification scheme to separate the
vendor/product name from the version number and any extra info that
is provided. Instead of v/[big version string]/, the new match
lines include v/[vendor/productname]/[version]/[extrainfo]/ . See
the docs at the top of nmap-service-probes for more info. This
doesn't change the normal output (which lumps them together anyway),
but they are separate in the XML so that higher-level programs can
easily match against just a product name. Here are a few examples
of the improved service element:
<service name="ssh" product="OpenSSH" version="3.1p1"
extrainfo="protocol 1.99" method="probed" conf="10" />
<service name="domain" product="ISC Bind" version="9.2.1"
method="probed" conf="10" />
<state state="open" /><service name="rpcbind" version="2"
extrainfo="rpc #100000" method="probed" conf="10" />
<service name="rndc" method="table" conf="3" />
- I went through nmap-service-probes and added the vendor name to more
entries. I also added the service name where the product name
itself didn't make that completely obvious.
- SCO Corporation of Lindon, Utah (formerly Caldera) has lately taken
to an extortion campaign of demanding license fees from Linux users
for code that they themselves knowingly distributed under the terms
of the GNU GPL. They have also refused to accept the GPL, claiming
that some preposterous theory of theirs makes it invalid. Meanwhile
they have distributed GPL-licensed Nmap in (at least) their
"Supplemental Open Source CD". In response to these blatant
violations, and in accordance with section 4 of the GPL, we hereby
terminate SCO's rights to redistribute any versions of Nmap in any
of their products, including (without limitation) OpenLinux,
Skunkware, OpenServer, and UNIXWare.
3.40PVT10:
==========
- Added "soft matches". These are similar to normal match lines in
that they provide a regex for recognizing a service (but no version).
But instead of stopping at softmatch service recognition, the scan
continues looking for more info. It only launches probes that are
known-capable of matching the softmatched service. If no version
number is found, at least the determined service is printed. A
service print for submission is also provided in that case. So this
provides more informative results and improves efficiency.
- Cleaned up the Windows support a bit and did more testing and
fixing. Windows service detection seems to be working fine for me
now, although my testing is still pretty limited. This release
includes a Windows binary distribution and the README-WIN32 has been
updated to reflect new compilation instructions.
- More service fingerprints! Thanks to Solar Designer, Max Vision,
Frank Denis (Jedi/Sector One) for the submissions. I also added a
bunch from my own testing. The number of match lines went from 179
to 201.
- Updated XML output to handle new version and service detection
information. Here are a few examples of the new output:
<port protocol="tcp" portid="22"><state state="open" /><service
name="ssh" version="OpenSSH 3.1p1 (protocol 1.99)" method="probed"
conf="10" /></port>
<port protocol="tcp" portid="111"><state state="open" /><service
name="rpcbind" version="2 (rpc #100000)" method="probed" conf="10" /></port>
<port protocol="tcp" portid="953"><state state="open" /><service
name="rndc" method="table" conf="3" /></port>
- Fixed issue where Nmap would quit when ECONNREFUSED was returned
when we try to read from an already-connected TCP socket. FreeBSD
does this for some reason instead of giving ECONNRESET. Thanks to
Will Saxon (WillS(a)housing.ufl.edu) for the report.
- Removed the SERVICEMATCH_STATIC match type from
nmap-service-probes. There wasn't much benefit of this over regular
expressions, so it isn't worth maintaining the extra code.
3.40PVT9:
=========
- Added/fixed numerous service fingerprints thanks to submissions from
Max Vision, MadHat, Seth Master. Match lines went
from 164 to 179.
- The Winpcap libraries used in the Windows build process have been
upgraded to version 3.0.
- Most of the Windows port is complete. It compiles and service scan
works (I didn't test very deeply) on my WinXP box with VS.Net 2003.
I try to work out remaining kinks and do some cleanup for the next
version. The Windows code was restructured and improved quite a bit,
but much more work remains to be done in that area. I'll probably
do a Windows binary .zip release of the next version.
- Various minor fixes
3.40PVT8:
=========
- Service scan is now OFF by default. You can activate it with -sV.
Or use the snazzy new -A (for "All recommended features" or
"Aggressive") option which turns on both OS detection and service
detection.
- Fixed compilation on my ancient OpenBSD 2.3 machine (a Pentium 60 :)
- Added/fixed numerous service fingerprints thanks to submissions from
Brian Hatch, HD Moore, Anand R., and some of my own testing. The
number of match lines in this version grows from 137 to 164! Please
keep 'em coming!
- Various important and not-so-important fixes for bugs I encountered
while test scanning.
- The RPC grinder no longer prints a startup message if it has no
RPC-detected ports to scan.
- Some of the service fingerprint length limitations are relaxed a bit
if you enable debugging (-d).
3.40PVT7:
=========
- Added a whole bunch of services submitted by Brian Hatch
(bri(a)ifokr.org). I also added a few Windows-related probes.
Nmap-service-probes has gone from 101 match strings to 137. Please
keep the submissions coming.
- The question mark now only appears for ports in the OPEN state and
when service detection was requested.
- I now print a separator bar between service fingerprints when Nmap
prints more than one for a given host so that users understand to
submit them individually (suggested by Brian Hatch (bri(a)ifokr.org))
- Fixed a bug that would cause Nmap to print "empty" service
fingerprints consisting of just a semi-colon. Thanks to Brian Hatch
(bri(a)ifokr.org) for reporting this.
3.40PVT6:
=========
- Banner-scanned hundreds of thousands of machines for ports
21,23,25,110,3306 to collect default banners. Where the banner made
the service name/version obvious, I integrated them into
nmap-service-probes. This increased the number of 'match' lines from
27 to more than 100.
- Created the service fingerprint submission page at
http://www.insecure.org/cgi-bin/servicefp-submit.cgi
- Changed the service fingerprint format slightly for easier
processing by scripts.
- Applied a large portability patch from Albert Chin-A-Young
(china(a)thewrittenword.com). This cleans up a number of things,
particularly for IRIX, Tru64, and Solaris.
- Applied NmapFE patch from Peter Marschall (peter(a)adpm.de) which
"makes sure changes in the relay host and scanned port entry fields
are displayed immediately, and also keeps the fields editable after
de- and reactivating them."
3.40PVT4:
=========
- Limited the size of service fingerprints to roughly 1024 bytes.
This was suggested by Niels Heinen (niels(a)heinen.ws), because the previous
limit was excessive. The number of fingerprints printed is also now
limited to 10.
- Fixed a segmentation fault that could occur when ping-scanning large
networks.
- Fixed service scan to gracefully handle host_timeout occurrences when
they happen during a service scan.
- Fixed a service_scan bug that would cause an error when hosts send
data and then close() during the NULL probe (when we haven't sent
anything).
- Applied a patch from Solar Designer (solar(a)openwall.com) which
corrects some errors in the Russian man page translation and also a
couple typos in the regular man page. Then I spell-checked the man
page to reduce future instances of foreigners sending in diffs to
correct my English :).
3.40PVT3:
=========
- Nmap now prints a "service fingerprint" for services that it is
unable to match despite returning data. The web submission page it
references is not yet available.
- Service detection now does RPC grinding on ports it detects to be
running RPC.
- Fixed a bug that would cause Nmap to quit with an Nsock error when
--host_timeout was used (or when -T5 was used, which sets it
implicitly).
- Fixed a bug that would cause Nmap to fail to print the OS
fingerprint in certain cases. Thanks to Ste Jones
(root(a)networkpenetration.com) for the problem report.
3.40PVT2:
=========
- Nmap now has a simple VERSION detection scheme. The 'match' lines in
nmap-service-probes can specify a template version string
(referencing subexpression matches from the regex in a perl-like
manner) so that the version is determined at the same time as the
service. This handles many common services in a highly efficient
manner. A more complex form of version detection (that initiates
further communication w/the target service) may be necessary
eventually to handle services that aren't as forthcoming with
version details.
- The Nmap port state table now wastes less whitespace due to using a new
and stingy NmapOutputTable class. This makes it easier to read, and
also leaves more room for version info and possibly other enhancements.
- Added 's' option to match lines in nmap-service-probes. Just as
with the perl 's' option, this one causes '.' in the regular
expression to match any character INCLUDING newline.
- The WinPcap header timestamp is no longer used on Windows as it
sometimes can be a couple seconds different than gettimeofday() (which
is really _ftime() on Windows) for some reason. Thanks to Scott
Egbert (scott.egbert(a)citigroup.com) for the report.
- Applied a patch by Matt Selsky (selsky(a)columbia.edu) which fixes
configure.in in such a way that the annoying header file "present but
cannot be compiled" warning for Solaris.
- Applied another patch from Matt that (we hope) fixes the "present
but cannot be compiled" warning -- this time for Mac OS X.
- Port table header names are now capitalized ("SERVICE", "PORT", etc)
3.40PVT1:
=========
- Initial implementation of service detection. Nmap will now probe
ports to determine what is listening, rather than guessing based on
the nmap-services table lookup. This can be very useful for
services on unidentified ports and for UDP services where it is not
always clear (without these probes) whether the port is really open
or just firewalled. It is also handy for when services are run on
the well-known-port of another protocol -- this is happening more
and more as users try to circumvent increasingly strict firewall
policies.
- Nmap now uses the excellent libpcre (Perl Compatible Regular
Expressions) library from http://www.pcre.org/ . Many systems
already have this, otherwise Nmap will use the copy it now includes.
If your libpcre is hidden away in some nonstandard place, give
./configure the new --with-libpcre=DIR directive.
- Nmap now uses the C++ Standard Template Library (STL). This makes
programming easier, but if it causes major portability or bloat
problems, I'll reluctantly remove it.
- Applied a patch from Javier Kohen (jkohen(a)coresecurity.com) which
normalizes the names of many Microsoft entries in the
nmap-os-fingerprints file.
- Applied a patch by Florin Andrei (florin(a)sgi.com) to the Nmap RPM
spec file. This uses the 'Epoch' flag to prevent the Redhat Network
tool from marking my RPMs as "obsolete" and "upgrading" to earlier
Redhat-built versions. A compilation flag problem is also fixed.
|
|
--- 9.2.2-P2 released ---
1509. [bug] Hint zones should accept delegation-only. Forward
zone should not accept delegation-only.
1508. [bug] Don't apply delegation-only checks to answers from
forwarders.
1507. [bug] Handle BIND 8 style returns to NS queries to parents
when making delegation-only checks.
1506. [bug] Wrong return type for dns_view_isdelegationonly().
|
|
|
|
|
|
is not in pkgsrc any longer. Okayed by hubertf, the maintainer.
|
|
Changes:
RELEASE 4.1.2 SEP-11-2003
- Removed an unintended dependency on the Crypt::Rijndael that would cause
SNMPv3 support to be unavailable and the "usm.t" tests to fail due to
a "strict subs" error in Net::SNMP::Security::USM module.
RELEASE 4.1.1 SEP-09-2003
- Corrected a misinterpretation of the "The AES Cipher Algorithm in the
SNMP's User-based Security Model" draft specification that lead to
the incorrect encoding and decoding of the last block of the message.
- The syntax of the get_entries() method was changed to expect the column
values to entered as full OBJECT IDENTIFIERs allowing the traversal of
conceptual rows in different tables which are indexed identically.
- The processing of the serialization of an OBJECT IDENTIFIER was optimized.
- The oid_lex_sort() function was updated to order OBJECT IDENTIFIER strings
padded with spaces as lexicographically greater than unpadded strings.
- An empty contextEngineId in a response message is now accepted during
the SNMPv3 discovery process.
- Corrected an argument validation error with the get_bulk_request()
method.
RELEASE 4.1.0 MAY-06-2003
- Working in conjunction with the Extended Security Options Consortium
(http://www.snmp.com/eso), support for additional privacy protocols
has been added to the SNMPv3 User-based Security Model.
"Extension to the USM to Support Triple-DES EDE in 'Outside' CBC Mode"
Reeder and Gudmunsson; October 1999, expired April 2000
http://www.snmp.com/eso/draft-reeder-snmpv3-usm-3desede-00.txt
"The AES Cipher Algorithm in the SNMP's User-based Security Model"
Blumenthal, Maino, and McCloghrie; October 2002, expired April 2003
http://www.snmp.com/eso/draft-blumenthal-aes-usm-04.txt
- A new method called get_entries() was added to allow the retrieval
of columns of a table entry using get-next-requests or get-bulk-requests.
- The argument "-maxrepetitions" was added to the get_table() method.
- Responses to SNMPv3 messages with non-default contextEngineIDs or
contextNames are now properly processed.
- The method var_bind_names() was added to retrieve an array of the
ObjectNames in the VarBindList in the order in which they were
received in the GetResponse-PDU.
RELEASE 4.0.3 SEP-09-2002
- Net::SNMP objects are now destroyed as expected when they are no
longer referenced. An internal reference to the object allocated by
the Net::SNMP::Dispatcher module is now properly cleared.
- A socket with a file descriptor value of 0 is now accepted by the
Net::SNMP module as a valid and open filehandle.
- Removed an "optimization" which was intended to provide a smoother
initialization of the dispatcher but instead could lead to messages
incorrectly timing out.
RELEASE 4.0.2 MAY-06-2002
- The SNMPv3 request message sent for time synchronization is now sent
with the same securityLevel that is configured for the session.
- The "reserved" bits in the msgFlags field of an incoming SNMPv3
message are now ignored as suggested by RFC 2572.
- When encrypting a SNMPv3 message, the padding byte(s) are now set to
a value equal to the size of the padding. "The actual pad value is
irrelevant..." according RFC 2574 Section 8.1.1.2. However, there
are some agents that expect this byte pattern.
- Corrected a reference count mismatch which would leave a listening
socket open if no response is received from the remote agent.
- Corrected a "deep recursion" error that occurred when using the
get_table() method to retrieve large tables in blocking mode.
- Using the "-delay" argument with the get_table() method no longer
incorrectly delays between message exchanges when retrieving the table.
- Optimizations and improvements were made to the Net::SNMP::Dispatcher
event scheduling and handling procedures.
- The "translate unsigned" logic now correctly handles properly
formatted (but unexpected) negative Counter64, Counter, Gauge, and
TimeTick values.
|
|
|
|
notification! (pt -> pt_PT). Thanks again to Robert Elz, because I didn't
know that.
|
|
try to contact with the author, reported by Robert Elz #PR pkg/22842,
thanks :)
|
|
Changes:
* kpf: Generate proper links in the HTML output for directories with spaces
and umlauts.
* knewsticker: Fix Bug 49114: KNewsticker news download still buggy?
* knewsticker: Fix Bug 52642: does not update an rdf feed when the new feed
has no entries
* knewsticker: Fix Bug 62129: Suggest button is not cancellable."
* knewsticker: Fix Bug 63224: knewsticker doesn't update news
* knewsticker: Fix Bug 63265: Ampersands in news source is shown as underline
* knewsticker: Filters now work properly with original (non-custom) newsfeed
names.
* knewsticker: Scrolltext now eats less CPU, scrolling speed slider influences
speed linearly.
* kmail: Fix crypto plugin loading.
* kmail: Fix decoding of subjected in embedded mime parts.
* kmail: Fix crash during configuring signatures.
* kmail: Fix portability issue in header field decoding.
* kmail: Fix bug that caused mailman to mangle headers.
* kmail: Fix mangling of multiline, quoted-printable encoded subject header.
* kmail: Roaming User Support.
* krfb: multihead fix.
* kget: Roaming User Support.
* knode: Roaming User Support.
|
|
USE_PKGSRC_GCC as appropriate, as this is handled by compiler.mk now.
|
|
Take over maintainership (per discussion with dbj@).
OK'd by seb@ and dbj@.
Close pkg/22706.
Poptop ChangeLog
---------------------------------------------------------------------------
v1.1.3
* Wed Apr 9 2003 Richard de Vroede <r.devroede@linvision.com>
- fixed a potential buffer-overflow in ctrlpacket.c
* Thu Aug 22 2002 Richard de Vroede <richard@linvision.com>
- added stimeout option to pptpd.conf manpage
- updated the Changelog file ;-)
* Tue Aug 20 2002 Richard de Vroede <richard@linvision.com>
- removed debug commandline option from pptpd.init
* Thu Aug 1 2002 Richard de Vroede <richard@linvision.com>
- added config(noreplace) so old configs don't get replaced
- fixed postscriptlet
- adapted spec to cvs tree
* Wed Jun 26 2002 Richard de Vroede <richard@linvision.com>
- specfile now supports --with[out] options
---------------------------------------------------------------------------
v0.9.13 -> v1.1.3
* June 18 2002 Richard de Vroede <richard@linvision.com>
- migrated to version higher than last poptop release
- bugfixed
---------------------------------------------------------------------------
|
|
|
|
---
BIND 9.2.2-P1 is now available.
In response to high demand from our users, ISC is releasing a patch for BIND
to support the declaration of "delegation-only" zones in caching/recursive
name servers. Briefly, a zone which has been declared "delegation-only" will
be effectively limited to containing NS RRs for subdomains, but no actual
data outside its apex (for example, its SOA RR and apex NS RRset). This can
be used to filter out "wildcard" or "synthesized" data from NAT boxes or from
authoritative name servers whose undelegated (in-zone) data is of no interest.
|
|
* Translations updated and added new ones.
* Make GTM work with galeon 2. Thanks to Philip Langdale
for the patch.
* GTM can now detach from wget and let it run in the background.
Thanks to Robert Millan for the patch.
* MIME support to open downloaded files. Thanks to Mark Heily
for this patch.
* GTM now works with wget 1.8.1. Thanks to Philip Langdale
for the patch. Many thanks to many others
who took the time to come up with a patch to fix this.
* The applet now opens GTM if the network is on. This is by default
off but you can change it on the applet properties.
* New proxy option to allow the user to use the same proxy options
for all the protocols. Thanks to Markus Saarinen
for the piece of code.
|
|
Patch provided by Adrian Portelli <adrianp@stindustries.net> in PR
pkg/22751.
Changes:
New and updated features
Many often-requested features have been added with this release. If
you're running an older version of Ethereal you may want to have a look.
Conversation List (aka "top talker") support has been added to Ethereal
and Tethereal. Protocol statistics in general have been updated.
Searching capture files has been improved even more -- a new "contains"
display filter operator that searches for strings in PDUs has been
added. The Find dialog now supports case-insensitive searches, hex data
searches, and more.
An H.225 dissector has been added. It can automatically recognize RTP
and RTCP conversations.
A preference file has been added for disabled protocols.
Color filters may now be imported and exported from within Ethereal.
A new column type has been added for cumulative bytes.
New protocols
GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN
Updated protocols
ArtNet, BOOTP/DHCP, DCE/RPC, DCERPCSTAT, DHCPv6, DOCSIS, ENIP, Ethernet,
FCIP, Frame Relay, H.245, HTTP, IPsec, iSCSI, LDAP, LWRES, M2UA, M3UA,
MEGACO, MTP3, NCP, NDPS, NFS, NTLMSSP, PPTP, Q.931, RPC, SAMR, SCCP,
SCTP, SIP, SMB, SMPP, SNA, SNMP, SRVLOC, SUA, TCP, TDS, UCD, UDP, WSP,
Updated capture file support
Support for Accellent 5Views and Endace ERF capture files was added.
CheckPoint FW-1 and Novell LANalyzer support has been enhanced.
Changes in pkgsrc:
o Now it uses GTK2 by default
|
|
chat/zephyr).
|
|
Implicit approval by maintainer, mycroft@, deduced from a conversation
about 2 years ago ;)
|
|
Patch provided by Peter Reich <pr@alles.prima.de> via PR pkg/22542.
Changes:
0.85 Sep 24 09:51 2002 - 0.85 Mar 06 18:00 2003
- Lower timeouts during tests (Anil Madhavapeddy)
- Add configure_hook to MultiType (Michael Alan Dorman)
- More graceful exit of children in PreForkSimple (Helge Kraenz)
- Correct test for POSIX::setuid(0) success (Peter Chen)
- Allow DOS filenames for conf files (Mark M. Adkins)
- Allow for ndelay on Sys::Syslog::openlog (Doug Perham)
- Add documentation about run_dequeue.
- Add run_dequeue feature to Multiplex personality.
|
|
* also remove 6to4 addresses from internal interface, if set
* doc updates
Inspired by patch sent by Markus W Kilbinger <kilbi@rad.rwth-aachen.de>
in private mail.
|
|
discovered by hubertf's bulk-build
|
|
While at it, make this a distuils package.
|
|
|
|
"the main change is to fix .ORG lookups (whois.publicinterestregistry.net
returns responses with a spurious extra CR)."
|
|
Changes:
This version fixes more banner problems, fixes bug in compact mode so that
it now reads computer name properly, fixes a bug in the VNC code, and
updates and adds several translations.
|
|
Since this package is unmaintained, remove it altogether from pkgsrc.
|
|
|
|
adduser and deluser scripts into ${PKG_SYSCONFDIR} that are capable of
dealing with usernames containing a "$". These scripts basically
accept the same options as useradd/userdel. They're meant to be used
in "add user script" and "delete user script" to deal with samba
machine accounts.
|
|
|
|
|
|
Inspired by FreeBSD "ports".
Fix the PLISTs accordingly.
Also, while at it, remove now obsolete compileall.py calls in post-install
targets and insure that extension.mk is in included before builinlinks of
other Python modules.
Discussed with/ok'ed by drochner@.
|
|
|
