setuid nobody. If the maintainer would like to develop a workaround
similar to one discussed on the security list then please let me know.
Submitted by: Sergey N. Voronkov <serg@dor.zaural.ru>
packets. A popular ADSL service in Korea sends this result code.
It is wrong, but the patch doesn't harm anybody else.
PR: ports/16372
Submitted by: CHOI Junho <cjh@kr.FreeBSD.ORG>
Reviewed by: jdp
honor of the occasion I have bumped the version number to 1.1.
The port now depends upon the cvsup-bin and cvsupd-bin ports rather
than on the more trouble-prone cvsup port.
The CVSup server is run with "-C 100" (max. 100 clients at a time)
and the true limit is set in the "/usr/local/etc/cvsup/cvsupd.access"
file. This is nice because you can change the limit by editing
the file; you don't have to restart the server. The cvsupd.access
file also contains a rule to limit each individual host to one
connection at a time.
The CVSup client is now run under its own unprivileged user ID
instead of root. This is a security enhancement. It makes it
impossible for a compromised master site to install files into
places outside the mirror area of the filesystem. The permissions
of various other files such as /usr/local/etc/cvsup have also been
strengthened to enhance security.
Both client and server now cd to /var/tmp to run, so that if they
decide to croak they'll be able to write the core file. :-)
The /usr/local/etc/rc.d/cvsupd.sh script now honors the "start"
and "stop" arguments.
The configure script no longer attempts to tell you the sizes of
the various collections. That's impossible to maintain. When I
have time I plan to make a web page where one can obtain that
information from an automatically-updated source. Then I will
reference the URL in the configure script.
It is possible to upgrade an existing cvsup-mirror-1.0 installation
to this new version, but it is tricky because of the change in
ownership of the mirrored files. I will post instructions to the
freebsd-hubs mailing list after I make sure I have the procedure
just right.
And port changes from sumikawa@ebina.hitachi.co.jp:
- add 'ipv6' on CATEGORIES
- get rid of 'USE_INET6' and use 'OSVERSION' instead of it.
- make PLIST.v6 only difference from PLIST for easily maintanance
Submitted by: sumikawa@ebina.hitachi.co.jp
which I've found to be handy when doing things like bouncing SMTP or POP
connections on a machine that already has an MTA or POP daemon running...
Submitted by: Scot Elliott <scot@tech.boo.com>
Also use our zlib rather than the one in the distfile.
Unfortunately the KAME IPv6 diff will not apply to the 2.3.2 code, and
has thus be turned off. :-(
PR: 15880
Submitted by: Maxim Sobolev <sobomax@altavista.net> [zlib changes]
datapipe is a simple program that allows a listening TCP/IP port to be
constructed on the machine it is running on. Any connections to that port
will then be forwarded to the specified remote host and remote port.
them to the network layer. ngrep somewhat replaces tcpdump.
{DESCR,COMMENT} Obtained from: NetBSD
[after I started making this port, I realized NetBSD had a port if it]
- remove zebra.sh from ${PREFIX}/etc/rc.d
- start zebra now from /etc/rc.conf.local
- new zebra start script is ${PREFIX}/sbin/zebractl {start|stop|restart}
Example:
/etc/rc.conf.local:
defaultrouter="NO"
router_enable="YES"
router="/usr/local/sbin/zebractl"
router_flags="start"
The previous a.out binaries contained the bug which was later fixed
in patch-bv of the modula-3-lib port. The new binaries solve that
problem. Note, these are a.out binaries and they are used only on
-2.2 systems. The ELF binaries were already OK.
1. Fix build problems on 4.0-CURRENT (submitted by both
Mike Haertel <mike@ducky.net> and "Chris D. Faulhaber" <jedgar@fxp.org>).
2. Fix package-building problems, noted by scripts on bento.
PR: 15391
Submitted by: maintainer
domain is configured and functioning correctly. It makes no
attempt to validate the data inside a domain, only the structure.
PR: 15256
Submitted by: MIHIRA Yoshiro <sanpei@sanpei.org>
also an overflow with ospf_monitor which may result in being able to corrupt
routing traffic (which I've reported to the developers)
According to the docs, gdc shouldn't be installed root:wheel and setuid,
but put into its own gdmaint group. This still doesn't prevent people in
that group from gaining root, though.
Submitted by: Brock Tellier <btellier@usa.net> (gdc bug)
From pkg/COMMENT:
A circuit-level firewall/proxy.
From kris@FreeBSD.org:
It's a BSD-licensed SOCKS4/5/MS_PROXY server/client, which
exceeds in functionality the (restrictively licensed) NEC
SOCKS5 referenece implementation.
PR: 14442
Submitted by: Anders Nordby <anders@fix.no>
freebsd -> FreeBSD
I considered removing the current MASTER_SITE, it's definatly unfetchable
from there (only our mirrors have the file, ftpsearch didn't come up
with anything beyond FreeBSD mirrors) but I'll leave that up to the
MAINTAINER.
Elsa is a standards-based Quicktime server
based on the RTSP (RFC 2326) and RTP (RFC 1889)
standards. This version is a beta which is
currently free for non-commercial use.
The server can serve media from QuickTime 4.0
"hinted" files which transparently support
multiple media formats (e.g. QuickTime, AVI,
MP3, WAV, AU, etc.).
PR: 14172
Submitted by: Chris D. Faulhaber <jedgar@fxp.org>
Taken from tasic@planka.carrier.kiev.ua
+ some modifications by me
(style, patch additions to compile cleanly, pkg/*)
added convert utility to port/package to enable people
to do migrations, if needed, see the docu for details.
PR: 13716
Submitted by: tasic@planka.carrier.kiev.ua
* Bug fix: grep -v changed to grep -iv (compare domains caselessly).
* Bug fix: nameservers now sorted in SOA serial number order, largest first.
This way you can dlint the primary server immediately after making changes
to it (previously had to wait for secondaries to do their update).
* Optimization: if any nameserver does not return an SOA record in Test 1,
it is removed from the list of nameservers and a warning is reported.
This way dlint won't use broken nameservers during the rest of the run.
* Sanity check domain names of nameservers themselves: any nameserver with
in-addr.arpa. in its name generates a warning and is skipped.
The skip of 0.7.6 was not due to my usual lazyness, we found it didn't
work with bmake, and the authors actually _care_ about interplatform
building (and most of them use FreeBSD as a development platform) so
we worked out some problems with that and some autoconf "smarts" with
SNMP.
Corrected DESCR regarding name of BPF in -CURRENT.
Added #!/bin/sh to two shellscripts in the distribution.
PR: 14520
Submitted by: maintainer
adding the following functionality to trafd:
-D run in foregroud
-I don't distinguish ports/protocols (count only by IP)
-S count only IP from this range(s) (all other IP accounted AS 255.255.255.255)
-A aggregate IP-addresses in given network(s)
PR: 14521
Submitted by: maintainer
Added #!/bin/sh to two shellscripts in the distribution.
PR: 14520
Submitted by: maintainer
adding the following functionality to trafd:
-D run in foregroud
-I don't distinguish ports/protocols (count only by IP)
-S count only IP from this range(s) (all other IP accounted AS 255.255.255.255)
-A aggregate IP-addresses in given network(s)
PR: 14521
Submitted by: maintainer
Port was o.k. to get tacacs up and running using a Cisco router and
I really missed it.
- Added me as maintainer of the port
- Moved sources to my homepage download area
- Compressed sources using bzip2
- Removed some not needed variables in Makefile
- Committed with new nd5 checksum
Programming Volume 2, 2nd Edition". It contains the library and headers
used in the examples as well as all programs from the text that compile on
FreeBSD systems.
For more information on the book, see
http://www.phptr.com/ptrbooks/ptr_013490012X.html
For more info on W. Richard Stevens, see
http://www.kohala.com/~rstevens/
PR: ports/14058
Submitted by: James FitzGibbon <james@targetnet.com>
Programming Volume 1, 2nd Edition". It contains the library and headers
used in the examples as well as all programs from the text that compile on
FreeBSD systems.
PR: ports/14057
Submitted by: James FitzGibbon <james@targetnet.com>
Remove patches integrated since r9.
1/2 of patch-aa was integrated, the second half has been retained.
Add new patch (patch-ak) from web site for s5fakehost files.
Add new patch (patch-al) to fix long standing telnet failure to build (it
is a kludge, so hasn't been submitted to the socks maintainers).
nstreams analyzes the streams that occur on a network. It displays which
streams are generated by users and can optionally generation
ipfw rules that will match these streams, thus only allowing
what is required for the users, and nothing more.
PR: 13913
Submitted by: Daniel O'Connor <darius@dons.net.au>
samba on freebsd.
Following is description made by one of the Samba developers:
"The problem is we switched to using recv() with the MSG_WAITALL flag
instead of read(). This makes Samba faster on most systems. On FreeBSD it
causes a massive slowdown and I don't know why. To fix it, change
the definition of MSG_WAITALL to be zero in lib/util_sock.c and
recompile 2.0.5a. I'm hoping someone from FreeBSD will get back to me
with some explanation. Regards, Jeremy Allison, Samba Team."
This problem where observed by almost all samba-2.0.5a users and typically
it led to 10-20x decrease in write speed.
PR: 13894
Submitted by: Maxim Sobolev <sobomax@altavista.net>
o Look for perl in the right place (patch-ah)
o Add a typedef that ucd-snmp wants (patch-ag)
o Install headers files with the right permissions
Submitted by: <jack@germanium.xtalwind.net>
PR: ports/13539
----------------------------------------------------------------------
o Remove extraneous HAS_CONFIGURE introduced by nectar in rev1.19
o Use the PATCH_* framework and grab 012.patch from the authors.
with the addition of relevant parts of src/usr.bin/telnet/*
Once the dateline hase crossed the repository, the original will
be led outside, given a perfunctory trial, and shot.
Due to the size difference between a struct timeval on FreeBSD/Alpha
(2 longs for a total of 128 bits) and a struct timeval nearly
everywhere else in the known universe (2 ints, for a total of 64-bits,
even on DEC OSF/1), and the way zephyr uses timevals, it needs a bit
of help.
Submitted by: Adrew Gallatin <gallatin@cs.duke.edu>
Obtained from: NetBSD
ICQnix is an ICQ client for X that is designed to look and feel as much
like the Mirabilis ICQ client as possible.
PR: 13428
Submitted by: Yin-Jieh Chen <yinjieh@Crazyman.Dorm13.NCTU.edu.tw>
Upgrade p5-SNMP to 1.8.1 and mark it broken as it is incompatible
with the ucd-snmp changes. If this is a huge problem, then a
repo copy of ucd-snmp can be made and we can have the hassle of
keeping two copies in our tree.
Tcpflow is a tool for capturing data transmitted as part of TCP connections
(flows), and stores it in a way that is convenient for protocol
analysis or debugging. tcpflow reconstructs the actual data streams
and stores each flow in a seperate file for later analysis.
PR: 13362
Submitted by: Jose M. Alcaide <jose@we.lc.ehu.es>
From: Kunihiro Ishiguro <kunihiro@zebra.org>
Date: Sun, 15 Aug 1999 23:47:59 +0900
This beta includes brand new ripd. Almost codes of ripd is rewritten.
ripd's dynamic `network' command configuration is improved. `timers
basic' command's semantics is changed to conforms to RFC2453. ripngd
is also updated as same as ripd. IPv6 kernel route handling bug is
fixed. SIGUSR1 reopen logging file. ospfd's bug of originating
network LSA is fixed. Redistribute routes handling is much improved.
Now `no redistribute' works as expected. BGP-4+ withdraw bug is
fixed. IPv6 router advertisement codes are added but not yet usable.
* Changes in zebra-0.77
* Changes in lib
** SIGUSR1 reopen logging file.
** route-map is extended to support multi-protocol routing information.
** When compiling under GNU libc 2.1 environment don't use inet6-apps.
* Changes in zebra
** Basic IPv6 router advertisement codes added. It is not yet usable.
** Fix IPv6 route addition/deletion bug is fixed.
** `show ip route A.B.C.D' works
* Changes in bgpd
** When invalid unfeasible routes length comes, bgpd send notify then
continue to process the packet. Now bgpd stop parsing invalid packet
then return to main loop.
** BGP-4+ withdrawn routes parse bug is fixed.
** When BGP-4+ information passed to non shared network's peer, trim
link-local next-hop information.
** `no redistribute ROUTE_TYPE' withdraw installed routes from BGP
routing information.
** `show ipv6 route IPV6ADDR' command added.
** BGP start timer has jitter.
** Holdtimer configuration bug is fixed. Now configuration does not
show unconfigured hold time value.
* Changes in ripngd
** Now update timer (default 30 seconds) has +/- 50% jitter value.
** Add timers basic command.
** `network' configuration is dynamically reflected.
** `timers basic <update> <timeout> <garbage>' added.
* Changes in ripd
** Reconstruct almost codes.
** `network' configuration is dynamically reflected.
** RIP timers now conforms to RFC2453. So user can configure update,
timeout, garbage timer.
** `timers basic <update> <timeout> <garbage>' works.
* Changes in ospfd
** Bug of originating network LSA is fixed.
** `no router ospf' core dump bug is fixed.
* Changes in ospf6d
** Redistribute route works.
BGP-4+ route handling is much improved. ripngd perform route
aggregation with aggregate-address command. When zebra starts up,
delete all installed routes which installed by zebra. ospfd DR
election problem fixed. `terminal length 0' bug is fixed.
BGP route-map now properly handles permit/deny and match/no match
mixture. This fix is done by Rick Payne <rickp@rossfell.co.uk>.
--
Kunihiro Ishiguro
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
* Changes in zebra-0.75
* Changes in lib
** `termnal length 0' bug is fixed.
* Changes in zebra
** When zebra starts up, sweep all zebra installed routes. If -k or
--keep_kernel option is specified to zebra dameon. This function is
not performed.
* Changes in ripngd
** Aggreagte address command supported. In router ripngd,
`aggregate-address IPV6PREFIX' works.
* Changes in bgpd
** Input route-map's bug which cause segmentation violation is fixed.
** route-map method improved.
** BGP-4+ nexthop detection improved.
** BGP-4+ route re-selection bug is fixed.
** BGP-4+ iBGP route's nexthop calculation works.
** After connection Established `show ip bgp neighbor' display BGP TCP
connection's source and destination address.
** In case of BGP-4+ `show ip bgp neighbor' display BGP-4+ global and
local nexthop which used for originated route. This address will be
used when `next-hop-self'.
* Changes in ospfd
** Fix bug of DR election.
** Set IP precedence field with IPTOS_PREC_INTERNET_CONTROL.
** Schedule NeighborChange event if NSM status change.
** Never include a neighbor in Hello packet, when the neighbor goes
down.
ftptool gftp greed gtm jmirror lftp llnlxdir llnlxftp mirror moxftp
ncftp ncftp2 ncftp3 omi pavuk proftpd spegla wget wu-ftpd wxftp yafc
yale-tftpd
have been moved to new category "ftp".
TUND allows to organize IP over IP tunnel (IP packets are incapsulated
into UDP one). It works together with FreeBSD ipfw(8). Can be used
for tunneling private networks behind NATD.
PR: 12718
Submitted by: Sergey Kosyakov <ks@itp.ac.ru>
OSPFd core dump during startup should be fixed.
BTW it's still not a complete OSPF implementation
as the author says on the mailing list:
"This is the first beta relase which includes (partly) workable ospfd.
Now ospfd works as inter area OSPF router. When it works properly
route goes into the kernel. Please note it does not support intra
area route, AS external route, multiple area, aging of LSA, etc...
Please use ospfd only in test environment.
BGP serious bug is fixed. ripngd is almost rewritten to conform to
RFC2080. ospf6d's LSA data structure is improved. And also many bugs
are fixed."
Submitted by: Leo Kim <leo@florida.sarang.net>
Reviewed by: Ying-Chieh Liao <ijliao@csie.nctu.edu.tw>
Missing a locale perl module when install mrtg, add it back.
Submitted by: Ying-Chieh Liao <ijliao@Terry.Dorm10.NCTU.edu.tw>
Update mrtg to 2.8.6.
The original maintainer, jfitz, has disappeared about more than a month.
I can't contact him by email, and have no idea to reach him in the other
way. So I take the update request from the submitter.
