release number, 0=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.1-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 2.10 or earlier, read RELEASE_NOTES-2.11
before proceeding.
Notes for distribution maintainers
----------------------------------
* New backwards-compatibility safety net.
With NEW Postfix installs, you MUST install a main.cf file with
the setting "compatibility_level = 2". See conf/main.cf for an
example.
With UPGRADES of existing Postfix systems, you MUST NOT change the
main.cf compatibility_level setting, nor add this setting if it
does not exist.
Several Postfix default settings have changed with Postfix 3.0. To
avoid massive frustration with existing Postfix installations,
Postfix 3.0 comes with a safety net that forces Postfix to keep
running with backwards-compatible main.cf and master.cf default
settings. This safety net depends on the main.cf compatibility_level
setting (default: 0). Details are in COMPATIBILITY_README.
* New Postfix build system.
The Postfix build/install procedure has changed to support Postfix
dynamically-linked libraries and database plugins. These must not
be "shared" with non-Postfix programs, and therefore must not be
installed in a public directory.
To avoid massive frustration due to broken patches, PLEASE BUILD
POSTFIX FIRST WITHOUT APPLYING ANY PATCHES. Follow the INSTALL
instructions (see "Building with Postfix dynamically-linked libraries
and database plugins"), and see how things work and what the
dynamically-linked libraries, database plugin, and configuration
files look like. Then, go ahead and perform your platform-specific
customizations. The INSTALL section "Tips for distribution maintainers"
has further suggestions.
Major changes - critical
------------------------
[Incompat 20140714] After upgrading Postfix, "postfix reload" (or
start/stop) is required. Several Postfix-internal protocols have
been extended to support SMTPUTF8. Failure to reload or restart
will result in mail staying queued, while Postfix daemons log
warning messages about unexpected attributes.
Major changes - default settings
--------------------------------
[Incompat 20141009] The default settings have changed for relay_domains
(new: empty, old: $mydestination) and mynetworks_style (new: host,
old: subnet). However the backwards-compatibility safety net will
prevent these changes from taking effect, giving the system
administrator the option to make an old default setting permanent
in main.cf or to adopt the new default setting, before turning off
backwards compatibility. See COMPATIBILITY_README for details.
[Incompat 20141001] A new backwards-compatibility safety net forces
Postfix to run with backwards-compatible main.cf and master.cf
default settings after an upgrade to a newer but incompatible Postfix
version. See COMPATIBILITY_README for details.
While the backwards-compatible default settings are in effect,
Postfix logs what services or what email would be affected by the
incompatible change. Based on this the administrator can make some
backwards-compatibility settings permanent in main.cf or master.cf,
before turning off backwards compatibility.
See postconf.5.html#compatibility_level for details.
[Incompat 20141001] The default settings
have changed for append_dot_mydomain (new: no. old: yes), master.cf
chroot (new: n, old: y), and smtputf8 (new: yes, old: no).
Major changes - access control
------------------------------
[Feature 20141119] Support for BCC actions in header/body_checks
and milter_header_checks. There is no limit on the number of BCC
actions that may be specified, other than the implicit limit due
to finite storage. BCC support will not be implemented in Postfix
delivery agent header/body_checks.
It works in the same way as always_bcc and sender/recipient_bcc_maps:
there can be only one address per action, recipients are added with
the NOTIFY=NONE delivery status notification option, and duplicate
recipients are ignored (with the same delivery status notification
options).
[Incompat 20141009] The default settings have changed for relay_domains
(new: empty, old: $mydestination) and mynetworks_style (new: host,
old: subnet). However the backwards-compatibility safety net will
prevent these changes from taking effect, giving the system
administrator the option to make an old default setting permanent
in main.cf or to adopt the new default setting, before turning off
backwards compatibility. See COMPATIBILITY_README for details.
[Feature 20140618] New INFO action in access(5) tables, for consistency
with header/body_checks.
[Feature 20140620] New check_xxx_a_access (for xxx in client,
reverse_client, helo, sender, recipient) implements access control
on all A and AAAA IP addresses for respectively the client hostname,
helo parameter, sender domain or recipient domain. This complements
the existing check_xxx_mx_access and check_xxx_ns_access features.
Major changes - address rewriting
---------------------------------
[Incompat 20141001] The default settings have changed for
append_dot_mydomain (new: no. old: yes), master.cf chroot (new:
n, old: y), and smtputf8 (new: yes, old: no).
Major changes - address verification
------------------------------------
[Feature 20141227] The new smtp_address_verify_target parameter
(default: rcpt) specifies what protocol stage decides if a recipient
is valid. Specify "data" for servers that reject invalid recipients
in response to the DATA command.
Major changes - database support
--------------------------------
[Feature 20140512] Support for Berkeley DB version 6.
[Feature 20140618] The "randmap" lookup table performs random
selection. This may be used to implement load balancing, for example:
/etc/postfix/transport:
# Deliver my own domain as usual.
example.com :
.example.com :
/etc/postfix/main.cf:
transport_maps =
# Deliver my own domain as usual.
hash:/etc/postfix/transport
# Deliver other domains via randomly-selected relayhosts
randmap:{smtp:smtp0.example.com, smtp:smtp1.example.com}
A variant of this can randomly select SMTP clients with different
smtp_bind_address settings.
To implement different weights, specify lookup results multiple
times. For example, to choose smtp:smtp1.example.com twice as often
as smtp:smtp0.example.com, specify smtp:smtp1.example.com twice.
A future version may support randmap:/path/to/file to load a list
of results from file.
[Feature 20140618] As the name suggests, the "pipemap" table
implements a pipeline of lookup tables. The name of the table
specifies the pipeline as a sequence of tables. For example, the
following prevents SMTP mail to system accounts that have "nologin"
as their login shell:
/etc/postfix/main.cf:
local_recipient_maps =
pipemap:{unix:passwd.byname, pcre:/etc/postfix/no-nologin.pcre}
alias_maps
/etc/postfix/no-nologin.pcre:
!/nologin/ whatever
Each "pipemap:" query is given to the first table. Each table
lookup result becomes the query for the next table in the pipeline,
and the last table produces the final result. When any table lookup
produces no result, the entire pipeline produces no result.
A future version may support pipemap:/path/to/file to load a list
of lookup tables from file.
[Feature 20140924] Support for unionmap, with the same syntax as
pipemap. This sends a query to all tables, and concatenates non-empty
results, separated by comma.
[Feature 20131121] The "static" lookup table now supports whitespace
when invoked as "static:{ text with whitespace }", so that it can
be used, for example, at the end of smtpd_mumble_restrictions as
"check_mumble_access static:{reject text...}".
[Feature 20141126] "inline:{key=value, { key = text with comma/space}}"
avoids the need to create a database for just a few entries.
Major changes - delivery status notifications
---------------------------------------------
[Feature 20140321] Delivery status filter support, to replace the
delivery status codes and explanatory text of successful or
unsuccessful deliveries by Postfix mail delivery agents.
This was originally implemented for sites that want to turn certain
soft delivery errors into hard delivery errors, but it can also be
used to censor out information from delivery confirmation reports.
This feature is implemented as a filter that replaces the three-number
enhanced status code and descriptive text in Postfix delivery agent
success, bounce, or defer messages. Note: this will not override
"soft_bounce=yes", and this will not change a successful delivery
status into an unsuccessful status or vice versa.
The first example turns specific soft TLS errors into hard
errors, by overriding the first number in the enhanced status code.
/etc/postfix/main.cf:
smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter
/etc/postfix/smtp_dsn_filter:
/^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/ 5$1
/^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/ 5$1
The second example removes the destination command name and file
name from local(8) successful delivery reports, so that they will
not be reported when a sender requests confirmation of delivery.
/etc/postfix/main.cf:
local_delivery_status_filter = pcre:/etc/postfix/local_dsn_filter
/etc/postfix/local_dsn_filter:
/^(2\S+ delivered to file).+/ $1
/^(2\S+ delivered to command).+/ $1
This feature is supported in the lmtp(8), local(8), pipe(8), smtp(8)
and virtual(8) delivery agents. That is, all delivery agents that
actually deliver mail. It will not be implemented in the error and
retry pseudo-delivery agents.
The new main.cf parameters and default values are:
default_delivery_status_filter =
lmtp_delivery_status_filter = $default_delivery_status_filter
local_delivery_status_filter = $default_delivery_status_filter
pipe_delivery_status_filter = $default_delivery_status_filter
smtp_delivery_status_filter = $default_delivery_status_filter
virtual_delivery_status_filter = $default_delivery_status_filter
See the postconf(5) manpage for more details.
[Incompat 20140618] The pipe(8) delivery agent will now log a limited
amount of command output upon successful delivery, and will report
that output in "SUCCESS" delivery status reports. This is another
good reason to disable inbound DSN requests at the Internet perimeter.
[Feature 20140907] With "confirm_delay_cleared = yes", Postfix
informs the sender when delayed mail leaves the queue (this is in
addition to the delay_warning_time feature that warns when mail is
still queued). This feature is disabled by default, because it can
result in a sudden burst of notifications when the queue drains at
the end of a prolonged network outage.
Major changes - dns
-------------------
[Feature 20141128] Support for DNS server reply filters in the
Postfix SMTP/LMTP client and SMTP server. This helps to work around
mail delivery problems with sites that have incorrect DNS information.
Note: this has no effect on the implicit DNS lookups that are made
by nsswitch.conf or equivalent mechanisms.
This feature renders each lookup result as one line of text in
standard zone-file format as shown below. The class field is always
"IN", the preference field exists only for MX records, the names
of hosts, domains, etc. end in ".", and those names are in ASCII
form (xn--mumble form for internationalized domain names).
name ttl class type preference value
---------------------------------------------------------
postfix.org. 86400 IN MX 10 mail.cloud9.net.
Typically, one would match this text with a regexp: or pcre: table.
When a match is found, the table lookup result specifies an action.
By default, the table query and the action name are case-insensitive.
Currently, only the IGNORE action is implemented.
For safety reasons, Postfix logs a warning or defers mail delivery
when a DNS reply filter removes all lookup results from a successful
query.
The Postfix SMTP/LMTP client uses the smtp_dns_reply_filter and
lmtp_dns_reply_filter features only for Postfix SMTP client lookups
of MX, A, and AAAAA records to locate a remote SMTP or LMTP server,
including lookups that implement the features reject_unverified_sender
and reject_unverified_recipient. The filters are not used for lookups
made through nsswitch.conf and similar mechanisms.
The Postfix SMTP server uses the smtpd_dns_reply_filter feature
only for Postfix SMTP server lookups of MX, A, AAAAA, and TXT records
to implement the features reject_unknown_helo_hostname,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_rbl_*, and reject_rhsbl_*. The filter is not used for lookups
made through nsswitch.conf and similar mechanisms, such as lookups
of the remote SMTP client name.
[Feature 20141126] Nullmx support (MX records with a null hostname).
This change affects error messages only. The Postfix SMTP client
already bounced mail for such domains, and the Postfix SMTP server
already rejected such domains with reject_unknown_sender/recipient_domain.
This feature introduces a new SMTP server configuration parameter
nullmx_reject_code (default: 556).
Major changes - dynamic linking
-------------------------------
[Feature 20140530] Support to build Postfix with Postfix
dynamically-linked libraries, and with dynamically-loadable database
clients. These MUST NOT be used by non-Postfix programs. Postfix
dynamically-linked libraries introduce minor runtime overhead and
result in smaller Postfix executable files. Dynamically-loadable
database clients are useful when you distribute or install pre-compiled
packages. Postfix 3.0 supports dynamic loading for CDB, LDAP, LMDB,
MYSQL, PCRE, PGSQL, SDBM, and SQLITE database clients.
This implementation is based on Debian code by LaMont Jones, initially
ported by Viktor Dukhovni. Currently, support exists for recent
versions of Linux, FreeBSD, MacOS X, and for the ancient Solaris 9.
To support Postfix dynamically-linked libraries and dynamically-loadable
database clients, the Postfix build procedure had to be changed
(specifically, the files makedefs and Makefile.in, and the files
postfix-install and post-install that install or update Postfix).
[Incompat 20140530] The Postfix 3.0 build procedure expects that
you specify database library dependencies with variables named
AUXLIBS_CDB, AUXLIBS_LDAP, etc. With Postfix 3.0 and later, the
old AUXLIBS variable still supports building a statically-loaded
CDB etc. database client, but only the new AUXLIBS_CDB etc. variables
support building a dynamically-loaded or statically-loaded CDB etc.
database client. See CDB_README, LDAP_README, etc. for details.
Failure to follow this advice will defeat the purpose of dynamic
database client loading. Every Postfix executable file will have
database library dependencies. And that was exactly what dynamic
database client loading was meant to avoid.
Major changes - future proofing
-------------------------------
[Cleanup 20141224] The changes described here have no visible effect
on Postfix behavior, but they make Postfix code easier to maintain,
and therefore make new functionality easier to add.
* Compile-time argument typechecks of non-printf/scanf-like variadic
function argument lists.
* Deprecating the use of "char *" for non-text purposes such as
memory allocation and pointers to application context for call-back
functions. This dates from long-past days before void * became
universally available.
* Replace integer types for counters and sizes with size_t or ssize_t
equivalents. This eliminates some wasteful 64<->32bit conversions
on 64-bit systems.
Major changes - installation pathnames
--------------------------------------
[Incompat 20140625] For compliance with file system policies, some
non-executable files have been moved from $daemon_directory to the
directory specified with the new meta_directory configuration
parameter which has the same default value as the config_directory
parameter. This change affects non-executable files that are shared
between multiple Postfix instances such as postfix-files, dynamicmaps.cf,
and multi-instance template files.
For backwards compatibility with Postfix 2.6 .. 2.11, specify
"meta_directory = $daemon_directory" in main.cf before installing
or upgrading Postfix, or specify "meta_directory = /path/name" on
the "make makefiles", "make install" or "make upgrade" command line.
Major changes - milter
----------------------
[Feature 20140928] Support for per-Milter settings that override
main.cf parameters. For details see the section "Advanced policy
client configuration" in the SMTPD_POLICY_README document.
Here is an example that uses both old and new syntax:
smtpd_milters = { inet:127.0.0.1:port1, default_action=accept, ... },
inet:127.0.0.1:port2, ...
The supported attribute names are: command_timeout, connect_timeout,
content_timeout, default_action, and protocol. These have the same
names as the corresponding main.cf parameters, without the "milter_"
prefix.
The per-milter settings are specified as attribute=value pairs
separated by comma or space; specify { name = value } to allow
spaces around the "=" or within an attribute value.
[Feature 20141018] DMARC compatibility: when a Milter inserts a
header ABOVE Postfix's own Received: header, Postfix no longer
exposes its own Received: header to Milters (violating protocol)
and Postfix no longer hides the Milter-inserted header from Milters
(wtf).
Major changes - parameter syntax
--------------------------------
[Feature 20140921] In preparation for configurable mail headers and
logging, new main.cf support for if-then-else expressions:
${name?{text1}:{text2}}
and for logical expressions:
${{text1}=={text2}?{text3}:{text4}}
${{text1}!={text2}?{text3}:{text4}}
Whitespace before and after {text} is ignored. This can help to
make complex expressions more readable. See the postconf(5) manpage
for further details.
[Feature 20140928] Support for whitespace in daemon command-line
arguments. For details, see the "Command name + arguments" section
in the master(5) manpage. Example:
smtpd -o { parameter = value containing whitespace } ...
The { ... } form is also available for non-option command-line
arguments in master.cf, for example:
pipe ... argv=command { argument containing whitespace } ...
In both cases, whitespace immediately after "{" and before "}"
is ignored.
[Feature 20141005] Postfix import_environment and export_environment
now allow "{ name=value }" to protect whitespace in attribute values.
[Feature 20141006] The new message_drop_header parameter replaces
a hard-coded table that specifies what message headers the cleanup
daemon will remove. The list of supported header names covers RFC
5321, 5322, MIME RFCs, and some historical names.
Major changes - pipe daemon
---------------------------
[Incompat 20140618] The pipe(8) delivery agent will now log a limited
amount of command output upon successful delivery, and will report
that output in "SUCCESS" delivery status reports. This is another
good reason to disable inbound DSN requests at the Internet perimeter.
Major changes - policy client
-----------------------------
[Feature 20140703] This release introduces three new configuration
parameters that control error recovery for failed SMTPD policy
requests.
* smtpd_policy_service_default_action (default: 451 4.3.5 Server
configuration problem): The default action when an SMTPD policy
service request fails.
* smtpd_policy_service_try_limit (default: 2): The maximal number
of attempts to send an SMTPD policy service request before
giving up. This must be a number greater than zero.
* smtpd_policy_service_retry_delay (default: 1s): The delay between
attempts to resend a failed SMTPD policy service request. This
must be a number greater than zero.
See postconf(5) for details and limitations.
[Feature 20140928] Support for per-policy service settings that
override main.cf parameters. For details see the section "Different
settings for different Milter applications" in the MILTER_README
document.
Here is an example that uses both old and new syntax:
smtpd_recipient_restrictions = ...
check_policy_service { inet:127.0.0.1:port3, default_action=DUNNO }
check_policy_service inet:127.0.0.1:port4
...
The per-policy service settings are specified as attribute=value pairs
separated by comma or space; specify { name = value } to allow
spaces around the "=" or within an attribute value.
The supported attribute names are: default_action, max_idle, max_ttl,
request_limit, retry_delay, timeout, try_limit. These have the same
names as the corresponding main.cf parameters, without the
"smtpd_policy_service_" prefix.
[Feature 20140505] A client port attribute was added to the policy
delegation protocol.
[Feature 20140630] New smtpd_policy_service_request_limit feature to
limit the number of requests per Postfix SMTP server policy connection.
This is a workaround to avoid error-recovery delays with policy
servers that cannot maintain a persistent connection.
Major changes - position-independent executables
------------------------------------------------
[Feature 20150205] Preliminary support for building position-independent
executables (PIE), tested on Fedora Core 20, Ubuntu 14.04, FreeBSD
9 and 10, and NetBSD 6. Specify:
$ make makefiles pie=yes ...other arguments...
On some systems, PIE is used by the ASLR exploit mitigation technique
(ASLR = Address-Space Layout Randomization). Whether specifying
"pie=yes" has any effect at all depends on the compiler. Reportedly,
some compilers always produce PIE executables.
Major changes - postscreen
--------------------------
[Feature 20140501] Configurable time limit (postscreen_dnsbl_timeout)
for DNSBL or DNSWL lookups. This is separate from the timeouts in
the dnsblog(8) daemon which are controlled by system resolver(3)
routines.
Major changes - session fingerprint
-----------------------------------
[Feature 20140801] The Postfix SMTP server now logs at the end of
a session how many times an SMTP command was successfully invoked,
followed by the total number of invocations if some invocations
were unsuccessful.
This logging will enough to diagnose many problems without using
verbose logging or network sniffer.
Normal session, no TLS:
disconnect from name[addr] ehlo=1 mail=1 rcpt=1 data=1 quit=1
Normal session. with TLS:
disconnect from name[addr] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1
All recipients rejected, no ESMTP command pipelining:
disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 quit=1
All recipients rejected, with ESMTP command pipelining:
disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1
Password guessing bot, hangs up without QUIT:
disconnect from name[addr] ehlo=1 auth=0/1
Mis-configured client trying to use TLS wrappermode on port 587:
disconnect from name[addr] unknown=0/1
Logfile analyzers can trigger on the presence of "/". It indicates
that Postfix rejected at least one command.
[Feature 20150118] As a late addition, the SMTP server now also
logs the total number of commands (as "commands=x/y") even when the
client did not send any commands. This helps logfile analyzers to
recognize sessions without commands.
Major changes - smtp client
---------------------------
[Feature 20141227] The new smtp_address_verify_target parameter
(default: rcpt) determines what protocol stage decides if a recipient
is valid. Specify "data" for servers that reject recipients after
the DATA command.
Major changes - smtputf8
------------------------
[Incompat 20141001] The default settings have changed for
append_dot_mydomain (new: no, old: yes), master.cf chroot (new:
n, old: y), and smtputf8 (new: yes, old: no).
[Incompat 20140714] After upgrading Postfix, "postfix reload" (or
start/stop) is required. Several Postfix-internal protocols have
been extended to support SMTPUTF8. Failure to reload or restart
will result in mail staying queued, while Postfix daemons log
warning messages about unexpected attributes.
[Feature 20140715] Support for Email Address Internationalization
(EAI) as defined in RFC 6531..6533. This supports UTF-8 in SMTP/LMTP
sender addresses, recipient addresses, and message header values.
The implementation is based on initial work by Arnt Gulbrandsen
that was funded by CNNIC.
See SMTPUTF8_README for a description of Postfix SMTPUTF8 support.
[Feature 20150112] UTF-8 Casefolding support for Postfix lookup
tables and matchlists (mydestination, relay_domains, etc.). This
is enabled only with "smtpuf8 = yes".
[Feature 20150112] With smtputf8_enable=yes, SMTP commands with
UTF-8 syntax errors are rejected, table lookup results with invalid
UTF-8 syntax are handled as configuration errors, and UTF-8 syntax
errors in policy server replies result in execution of the policy
server's default action.
Major changes - tls support
---------------------------
(see "Major changes - delivery status notifications" above for
turning 4XX soft errors into 5XX bounces when a remote SMTP server
does not offer STARTTLS support).
[Feature 20140209] the Postfix SMTP client now also falls back to
plaintext when TLS fails AFTER the TLS protocol handshake.
[Feature 20140218] The Postfix SMTP client now requires that a queue
file is older than $minimal_backoff_time, before falling back from
failed TLS to plaintext (both during or after the TLS handshake).
[Feature 20141021] Per IETF TLS WG consensus, the tls_session_ticket_cipher
default setting was changed from aes-128-cbc to aes-256-cbc.
[Feature 20150116] TLS wrappermode support in the Postfix smtp(8)
client (new smtp_tls_wrappermode parameter) and in posttls-finger(1)
(new -w option). There still is life in that deprecated protocol,
and people should not have to jump hoops with stunnel.
* test/btyacc/expr.oxout.error, test/btyacc/expr.oxout.output, test/btyacc/expr.oxout.tab.c, test/btyacc/expr.oxout.tab.h, test/yacc/expr.oxout.error, test/yacc/expr.oxout.output, test/yacc/expr.oxout.tab.c, test/yacc/expr.oxout.tab.h:
RCS_BASE
* package/debian/copyright: update copyright
* reader.c, defs.h, main.c:
avoid using regex.h since some low-end platforms do not have this
* test/expr.oxout.y: RCS_BASE
* configure: regen
* aclocal.m4: quiet a strict gcc warning in CF_MKSTEMP
2017-02-01 Tom.Shields
* main.c, reader.c, defs.h:
process #line directives, like bison and flex
2017-02-01 Thomas E. Dickey <dickey@invisible-island.net>
* VERSION, package/byacc.spec, package/debian/changelog, package/mingw-byacc.spec, package/pkgsrc/Makefile:
bump
2016-12-31 Thomas E. Dickey <dickey@invisible-island.net>
* config.guess, config.sub: 2017-01-01
2016-12-02 Thomas E. Dickey <dickey@invisible-island.net>
* test/btyacc/quote_calc4-s.tab.c, test/btyacc/varsyntax_calc1.tab.c, test/btyacc/error.tab.c, test/btyacc/grammar.tab.c, test/btyacc/inherit0.tab.c, test/btyacc/inherit1.tab.c, test/btyacc/inherit2.tab.c, test/btyacc/ok_syntax1.tab.c, test/btyacc/pure_calc.tab.c, test/btyacc/pure_error.tab.c, test/btyacc/quote_calc-s.tab.c, test/btyacc/quote_calc.tab.c, test/btyacc/quote_calc2-s.tab.c, test/btyacc/quote_calc2.tab.c, test/btyacc/quote_calc3-s.tab.c, test/btyacc/quote_calc3.tab.c, test/btyacc/quote_calc4.tab.c, test/btyacc/calc.tab.c, test/btyacc/calc1.tab.c, test/btyacc/calc2.tab.c, test/btyacc/calc3.tab.c, test/btyacc/code_calc.code.c, test/btyacc/code_error.code.c, test/btyacc/empty.tab.c, test/btyacc/err_inherit3.tab.c, test/btyacc/err_inherit4.tab.c, test/btyacc/err_syntax10.tab.c, test/btyacc/err_syntax11.tab.c, test/btyacc/err_syntax12.tab.c, test/btyacc/err_syntax18.tab.c, test/btyacc/err_syntax20.tab.c, test/btyacc/rename_debug.c, test/btyacc/btyacc_calc1.tab.c, test/btyacc/btyacc_demo.tab.c, test/btyacc/btyacc_destroy1.tab.c, test/btyacc/btyacc_destroy2.tab.c, test/btyacc/btyacc_destroy3.tab.c, btyaccpar.c:
regen
* btyaccpar.skel: changes from NetBSD
+ use YYINT rather than short in btyaccpar.skel
(some of this had already been done by Tom Shields)
+ remove some casts of malloc/realloc
* yaccpar.c, yaccpar.skel, output.c: changes from NetBSD
- Add some more bison stuff to make the mesa/gallium parser work:
%initial-action (add missing source struct member in location)
%debug (unimplemented)
%error-verbose (unimplemented)
This changes some existing code:
+ yylloc is now a pointer, so
+ the first parameter to YYERROR_DECL() is a pointer
+ struct YYLTYPE now has a "source" field
* test/btyacc/btyacc_demo.tab.h, test/btyacc/code_calc.tab.c, test/btyacc/code_error.tab.c, test/btyacc/err_inherit4.tab.h:
regen
* btyaccpar.c, btyaccpar.skel, reader.c: changes from NetBSD
- Add some more bison stuff to make the mesa/gallium parser work:
%initial-action (add missing source struct member in location)
%debug (unimplemented)
%error-verbose (unimplemented)
This changes some existing code:
+ yylloc is now a pointer, so
+ the first parameter to YYERROR_DECL() is a pointer
+ struct YYLTYPE now has a "source" field
* reader.c:
fix from NetBSD: correct off-by-one when adding a null in copy_param()
* reader.c: adapted from NetBSD
- Convert *most* error fingerprints to:
-unterminated_arglist(int a_lineno, char *a_line, char *a_cptr)
+unterminated_arglist(const struct ainfo *a)
- Cast new <ctype.h> args to unsigned char
* defs.h: changes from NetBSD
- Add some more bison stuff to make the mesa/gallium parser work:
%initial-action (add missing source struct member in location)
%debug (unimplemented)
%error-verbose (unimplemented)
This changes some existing code:
+ yylloc is now a pointer, so
+ the first parameter to YYERROR_DECL() is a pointer
+ struct YYLTYPE now has a "source" field
* defs.h: adapted from NetBSD
- Convert *most* error fingerprints to:
-unterminated_arglist(int a_lineno, char *a_line, char *a_cptr)
+unterminated_arglist(const struct ainfo *a)
- Cast new <ctype.h> args to unsigned char
* main.c: changes from NetBSD
- Add some more bison stuff to make the mesa/gallium parser work:
%initial-action (add missing source struct member in location)
%debug (unimplemented)
%error-verbose (unimplemented)
This changes some existing code:
+ yylloc is now a pointer, so
+ the first parameter to YYERROR_DECL() is a pointer
+ struct YYLTYPE now has a "source" field
* error.c: adapted from NetBSD
- Convert *most* error fingerprints to:
-unterminated_arglist(int a_lineno, char *a_line, char *a_cptr)
+unterminated_arglist(const struct ainfo *a)
- Cast new <ctype.h> args to unsigned char
* mstring.c: adapted change from NetBSD to add casts for ctype macros
* test/btyacc/btyacc_demo.tab.h, test/btyacc/err_inherit4.tab.h: regen
* output.c: reorder to eliminate a forward-reference
2016-12-02 Tom.Shields
* output.c:
modify output to enable compilation of a lexer generated by flex (using
"%option bison-bridge" and "%option bison-locations") to be used with a parser
generated by b(t)yacc (using directives "%locations" and "%pure-parser").
2016-12-02 Thomas E. Dickey <dickey@invisible-island.net>
* configure: regen
* aclocal.m4: Improved autoconf macros
CF_CC_ENV_FLAGS
+ improve split between compiler and options, prompted by report where user
had "ccache" before the compiler
+ leave non-preprocessor options in "$CC" (but still copy them to "$CFLAGS"
since that's where they should be)
CF_GNU_SOURCE,v
+ recent glibc (Debian 2.23-4 for example) has misordered ifdef/checks for new
symbol _DEFAULT_SOURCE, producing warning messages when only _GNU_SOURCE is
defined. Add a followup check to define _DEFAULT_SOURCE.
CF_XOPEN_SOURCE
+ add "uclinux" to list of Linux's (patch by Yann E. Morin)
+ use _GNU_SOURCE for cygwin headers
+ build-fixes for OS/2
* VERSION, package/byacc.spec, package/debian/changelog, package/mingw-byacc.spec, package/pkgsrc/Makefile:
bump
2016-11-20 Thomas E. Dickey <dickey@invisible-island.net>
* config.sub: 2016-11-19
* config.guess: 2016-10-02
2016-06-06 Thomas E. Dickey <dickey@invisible-island.net>
* configure: regen
* aclocal.m4: improved autoconf macros:
CF_CC_ENV_FLAGS - don't limit the check to -I, -U and -D options, since the
added options can include various compiler options before and after
preprocessor options.
CF_PROG_LINT - add cpplint to programs to use; drop ad hoc tdlint and alint.
* VERSION, package/byacc.spec, package/debian/changelog, package/mingw-byacc.spec, package/pkgsrc/Makefile:
bump
* lalr.c: indented
* btyaccpar.c: regen
* skel2c:
adjust whitespace so that generated skeleton will follow the same format
as other code
* mkpar.c, verbose.c, lr0.c, reader.c, error.c, output.c: indented
* reader.c: fix two compiler warnings
* test/btyacc/inherit2.tab.c, test/btyacc/ok_syntax1.tab.c, test/btyacc/pure_calc.tab.c, test/btyacc/pure_error.tab.c, test/btyacc/quote_calc-s.tab.c, test/btyacc/quote_calc.tab.c, test/btyacc/quote_calc2-s.tab.c, test/btyacc/quote_calc2.tab.c, test/btyacc/quote_calc3-s.tab.c, test/btyacc/quote_calc3.tab.c, test/btyacc/quote_calc4-s.tab.c, test/btyacc/quote_calc4.tab.c, test/btyacc/varsyntax_calc1.tab.c, test/btyacc/err_syntax12.tab.c, test/btyacc/err_syntax18.tab.c, test/btyacc/err_syntax20.tab.c, test/btyacc/error.tab.c, test/btyacc/grammar.tab.c, test/btyacc/inherit0.tab.c, test/btyacc/inherit1.tab.c, test/btyacc/btyacc_calc1.tab.c, test/btyacc/btyacc_demo.tab.c, test/btyacc/btyacc_destroy1.tab.c, test/btyacc/btyacc_destroy2.tab.c, test/btyacc/btyacc_destroy3.tab.c, test/btyacc/calc.tab.c, test/btyacc/calc1.tab.c, test/btyacc/calc2.tab.c, test/btyacc/calc3.tab.c, test/btyacc/code_calc.code.c, test/btyacc/code_error.code.c, test/btyacc/empty.tab.c, test/btyacc/err_inherit3.tab.c, test/btyacc/err_inherit4.tab.c, test/btyacc/err_syntax10.tab.c, test/btyacc/err_syntax11.tab.c, test/btyacc/rename_debug.c, btyaccpar.c, test/yacc/quote_calc2-s.tab.c, test/yacc/quote_calc2.tab.c, test/yacc/quote_calc3-s.tab.c, test/yacc/quote_calc3.tab.c, test/yacc/quote_calc4-s.tab.c, test/yacc/quote_calc4.tab.c, test/yacc/varsyntax_calc1.tab.c, test/yacc/err_syntax20.tab.c, test/yacc/error.tab.c, test/yacc/grammar.tab.c, test/yacc/ok_syntax1.tab.c, test/yacc/pure_calc.tab.c, test/yacc/pure_error.tab.c, test/yacc/quote_calc-s.tab.c, test/yacc/quote_calc.tab.c, test/yacc/calc.tab.c, test/yacc/calc1.tab.c, test/yacc/calc2.tab.c, test/yacc/calc3.tab.c, test/yacc/code_calc.code.c, test/yacc/code_error.code.c, test/yacc/empty.tab.c, test/yacc/err_syntax10.tab.c, test/yacc/err_syntax11.tab.c, test/yacc/err_syntax12.tab.c, test/yacc/err_syntax18.tab.c, test/yacc/rename_debug.c, yaccpar.c:
regen
2016-06-06 Tom.Shields
* btyaccpar.skel, yaccpar.skel:
small fix for an edge case of initialized data in Chris Dodd's btyacc changes:
"Avoid crash when input pops up an Action error at the first token"
2016-06-01 Thomas E. Dickey <dickey@invisible-island.net>
* test/yacc/quote_calc2-s.tab.c, test/yacc/quote_calc3-s.tab.c, test/yacc/quote_calc3.tab.c, test/yacc/quote_calc4-s.tab.c, test/yacc/quote_calc4.tab.c, test/yacc/varsyntax_calc1.tab.c, test/yacc/err_syntax18.tab.c, test/yacc/err_syntax20.tab.c, test/yacc/err_syntax24.error, test/yacc/error.tab.c, test/yacc/grammar.tab.c, test/yacc/ok_syntax1.tab.c, test/yacc/pure_calc.tab.c, test/yacc/pure_error.tab.c, test/yacc/quote_calc-s.tab.c, test/yacc/quote_calc.tab.c, test/yacc/quote_calc2.tab.c, test/yacc/calc.tab.c, test/yacc/calc1.tab.c, test/yacc/calc2.tab.c, test/yacc/calc3.tab.c, test/yacc/code_calc.code.c, test/yacc/code_calc.tab.c, test/yacc/code_calc.tab.h, test/yacc/code_error.code.c, test/yacc/empty.tab.c, test/yacc/err_syntax10.tab.c, test/yacc/err_syntax11.tab.c, test/yacc/err_syntax12.tab.c, test/yacc/rename_debug.c, yaccpar.c, test/btyacc/quote_calc-s.tab.c, test/btyacc/quote_calc.tab.c, test/btyacc/quote_calc2-s.tab.c, test/btyacc/quote_calc2.tab.c, test/btyacc/quote_calc3-s.tab.c, test/btyacc/quote_calc3.tab.c, test/btyacc/quote_calc4-s.tab.c, test/btyacc/quote_calc4.tab.c, test/btyacc/varsyntax_calc1.tab.c, test/btyacc/err_syntax13.tab.c, test/btyacc/err_syntax14.tab.c, test/btyacc/err_syntax15.tab.c, test/btyacc/err_syntax16.tab.c, test/btyacc/err_syntax17.tab.c, test/btyacc/err_syntax18.tab.c, test/btyacc/err_syntax19.tab.c, test/btyacc/err_syntax2.tab.c, test/btyacc/err_syntax20.tab.c, test/btyacc/err_syntax21.tab.c, test/btyacc/err_syntax22.tab.c, test/btyacc/err_syntax23.tab.c, test/btyacc/err_syntax24.error, test/btyacc/err_syntax24.tab.c, test/btyacc/err_syntax25.tab.c, test/btyacc/err_syntax26.tab.c, test/btyacc/err_syntax27.tab.c, test/btyacc/err_syntax3.tab.c, test/btyacc/err_syntax4.tab.c, test/btyacc/err_syntax5.tab.c, test/btyacc/err_syntax6.tab.c, test/btyacc/err_syntax7.tab.c, test/btyacc/err_syntax7a.tab.c, test/btyacc/err_syntax7b.tab.c, test/btyacc/err_syntax8.tab.c, test/btyacc/err_syntax8a.tab.c, test/btyacc/err_syntax9.tab.c, test/btyacc/error.tab.c, test/btyacc/grammar.tab.c, test/btyacc/inherit0.tab.c, test/btyacc/inherit1.tab.c, test/btyacc/inherit2.output, test/btyacc/inherit2.tab.c, test/btyacc/ok_syntax1.tab.c, test/btyacc/pure_calc.tab.c, test/btyacc/pure_error.tab.c, test/btyacc/btyacc_calc1.tab.c, test/btyacc/btyacc_demo.error, test/btyacc/btyacc_demo.output, test/btyacc/btyacc_demo.tab.c, test/btyacc/btyacc_destroy1.tab.c, test/btyacc/btyacc_destroy2.tab.c, test/btyacc/btyacc_destroy3.tab.c, test/btyacc/calc.tab.c, test/btyacc/calc1.tab.c, test/btyacc/calc2.tab.c, test/btyacc/calc3.tab.c, test/btyacc/code_calc.code.c, test/btyacc/code_calc.tab.c, test/btyacc/code_calc.tab.h, test/btyacc/code_error.code.c, test/btyacc/empty.tab.c, test/btyacc/err_inherit1.tab.c, test/btyacc/err_inherit2.tab.c, test/btyacc/err_inherit3.output, test/btyacc/err_inherit3.tab.c, test/btyacc/err_inherit4.output, test/btyacc/err_inherit4.tab.c, test/btyacc/err_inherit5.tab.c, test/btyacc/err_syntax1.tab.c, test/btyacc/err_syntax10.tab.c, test/btyacc/err_syntax11.tab.c, test/btyacc/err_syntax12.tab.c, test/btyacc/rename_debug.c, btyaccpar.c:
regen
2016-06-01 Tom.Shields
* btyaccpar.skel, defs.h, error.c, output.c, reader.c, test/code_calc.y, test/err_inherit4.y, test/run_make.sh, yaccpar.skel:
fixes for issues in btyacc (report by Francis Andre):
+ correction to the placement of the #line directive for a %union specification
+ recovery of a set of casts originally added into btyaccpar.c rather than into
btyaccpar.skel, and so are lost whenever building from scratch
+ Chris Dodd's btyacc improved handling of inherited attributes to eliminate
implicit empty copy rules that are not necessary, and thereby avoiding the
introduction of extra parsing ambiguity
+ Chris Dodd's added support for @-N syntax to reference inherited position
information
+ correction to bad interaction between %token-table and YYDEBUG, where YYDEBUG
was required to be defined in order to compile the generated code
+ correction to yyname[] access in code included with YYDEBUG defined for
single character symbols not recognized (e.g., input containing '&' character
where grammar doesn't define that as a symbol) - map to existing
"illegal-symbol" entry in byname[]
+ fixes to test/run_make.sh: skip test-err_* files; in the bison test phase
skip additional files that contain features not supported by bison and
inhibit new bison warning messages
+ minor changes to btyaccpar.skel & yaccpar.skel so they are more similar in
their commonality; makes it easier to maintain the pair of files using
vimdiff
+ changes to a couple of test cases for coverage of #3, #4 and #5 above
2016-06-01 Thomas E. Dickey <dickey@invisible-island.net>
* VERSION, package/byacc.spec, package/debian/changelog, package/mingw-byacc.spec, package/pkgsrc/Makefile:
bump
2016-03-24 Thomas E. Dickey <dickey@invisible-island.net>
* reader.c: unused variable
* package/pkgsrc/Makefile, package/debian/copyright: bump
2016-03-24 Jung-uk.Kim
* main.c:
correct logic for finding output suffix in the "-o" option, which matched
the first occurrence of ".c" in the name in 2005-08-13 changes rather than
at the end of the filename (patch by Jung-uk Kim)
2016-03-24 Thomas E. Dickey <dickey@invisible-island.net>
* aclocal.m4:
update CF_WITH_MAN2HTML to use configured shell rather than /bin/sh
* VERSION, package/byacc.spec, package/debian/changelog, package/mingw-byacc.spec, package/pkgsrc/Makefile:
bump
2016-01-25 Thomas E. Dickey <dickey@invisible-island.net>
* config.guess, config.sub: 2016-01-01
* release 5.30
2017-02-07 23:27 Christos Zoulas <christos@zoulas.com>
* If we exceeded the offset in a search return no match
(Christoph Biedl)
* Be more lenient on corrupt CDF files (Christoph Biedl)
2017-02-04 16:46 Christos Zoulas <christos@zoulas.com>
* pacify ubsan sign extension (oss-fuzz/524)
2017-02-01 12:42 Christos Zoulas <christos@zoulas.com>
* off by one in cdf parsing (PR/593)
* report debugging sections in elf (PR/591)
2016-11-06 10:52 Christos Zoulas <christos@zoulas.com>
* Allow @@@ in extensions
* Add missing overflow check in der magic (Jonas Wagner)
2016-10-25 10:40 Christos Zoulas <christos@zoulas.com>
* release 5.29
2016-10-24 11:20 Christos Zoulas <christos@zoulas.com>
* der getlength overflow (Jonas Wagner)
* multiple magic file load failure (Christoph Biedl)
2016-10-17 11:26 Christos Zoulas <christos@zoulas.com>
* CDF parsing improvements (Guy Helmer)
2016-07-20 7:26 Christos Zoulas <christos@zoulas.com>
* Add support for signed indirect offsets
2016-07-18 7:41 Christos Zoulas <christos@zoulas.com>
* cat /dev/null | file - should print empty (Christoph Biedl)
2016-07-05 15:20 Christos Zoulas <christos@zoulas.com>
* Bump string size from 64 to 96.
2016-06-13 20:20 Christos Zoulas <christos@zoulas.com>
* PR/556: Fix separators on annotations.
2016-06-13 19:40 Christos Zoulas <christos@zoulas.com>
* release 5.28
* fix leak on allocation failure
2016-06-01 1:20 Christos Zoulas <christos@zoulas.com>
* PR/555: Avoid overflow for offset > nbytes
* PR/550: Segv on DER parsing:
- use the correct variable for length
- set offset to 0 on failure.
2016-05-13 12:00 Christos Zoulas <christos@zoulas.com>
* release 5.27
2016-04-18 9:35 Christos Zoulas <christos@zoulas.com>
* Errors comparing DER entries or computing offsets
are just indications of malformed non-DER files.
Don't print them.
* Offset comparison was off-by-one.
* Fix compression code (Werner Fink)
* Put new bytes constant in the right file (not the generated one)
2016-04-16 18:34 Christos Zoulas <christos@zoulas.com>
* release 5.26
2016-03-31 13:50 Christos Zoulas <christos@zoulas.com>
* make the number of bytes read from files configurable.
2016-03-21 13:40 Christos Zoulas <christos@zoulas.com>
* Add bounds checks for DER code (discovered by Thomas Jarosch)
* Change indirect recursion limit to indirect use count and
bump from 15 to 50 to prevent abuse.
2016-03-13 20:39 Christos Zoulas <christos@zoulas.com>
* Add -00 which prints filename\0description\0
2016-03-01 13:28 Christos Zoulas <christos@zoulas.com>
* Fix ID3 indirect parsing
2016-01-19 10:18 Christos Zoulas <christos@zoulas.com>
* add DER parsing capability
2015-11-13 10:35 Christos Zoulas <christos@zoulas.com>
* provide dprintf(3) for the OS's that don't have it.
2015-11-11 16:25 Christos Zoulas <christos@zoulas.com>
* redo the compression code report decompression errors
2015-11-10 23:25 Christos Zoulas <christos@zoulas.com>
* REG_STARTEND code is not working as expected, delete it.
2015-11-09 16:05 Christos Zoulas <christos@zoulas.com>
* Add zlib support if we have it.
2015-11-05 11:22 Christos Zoulas <christos@zoulas.com>
* PR/492: compression forking was broken with magic_buffer.
2015-09-16 9:50 Christos Zoulas <christos@zoulas.com>
* release 5.25
2015-09-11 13:25 Christos Zoulas <christos@zoulas.com>
* add a limit to the length of regex searches
2015-09-08 9:50 Christos Zoulas <christos@zoulas.com>
* fix problems with --parameter (Christoph Biedl)
2015-07-11 10:35 Christos Zoulas <christos@zoulas.com>
* Windows fixes PR/466 (Jason Hood)
2015-07-09 10:35 Christos Zoulas <christos@zoulas.com>
* release 5.24
2015-06-11 8:52 Christos Zoulas <christos@zoulas.com>
* redo long option encoding to fix off-by-one in 5.23
2015-06-10 13:50 Christos Zoulas <christos@zoulas.com>
* release 5.23
2015-06-09 16:10 Christos Zoulas <christos@zoulas.com>
* Fix issue with regex range for magic with offset
* Always return true from mget with USE (success to mget not match
indication). Fixes mime evaluation after USE magic
* PR/459: Don't insert magic entries to the list if there are parsing
errors for them.
2015-06-03 16:00 Christos Zoulas <christos@zoulas.com>
* PR/455: Add utf-7 encoding
2015-06-03 14:30 Christos Zoulas <christos@zoulas.com>
* PR/455: Implement -Z, look inside, but don't report on compression
* PR/454: Fix allocation error on bad magic.
2015-05-29 10:30 Christos Zoulas <christos@zoulas.com>
* handle MAGIC_CONTINUE everywhere, not just in softmagic
2015-05-21 14:30 Christos Zoulas <christos@zoulas.com>
* don't print descriptions for NAME types when mime.
2015-04-09 15:59 Christos Zoulas <christos@zoulas.com>
* Add --extension to list the known extensions for this file type
Idea by Andrew J Roazen
2015-02-14 12:23 Christos Zoulas <christos@zoulas.com>
* Bump file search buffer size to 1M.
2015-01-09 14:35 Christos Zoulas <christos@zoulas.com>
* Fix multiple issues with date formats reported by Christoph Biedl:
- T_LOCAL meaning was reversed
- Arithmetic did not work
Also stop adjusting daylight savings for gmt printing.
2015-01-05 13:00 Christos Zoulas <christos@zoulas.com>
* PR/411: Fix memory corruption from corrupt cdf file.
4558. [bug] Synthesised CNAME before matching DNAME was still
being cached when it should have been. [RT #44318]
4557. [security] Combining dns64 and rpz can result in dereferencing
a NULL pointer (read). (CVE-2017-3135) [RT#44434]
libpthread_dbg(3) is a remnant library from the M:N thread model
(pre-NetBSD-5.0) API to introspect threads within a process and for use
of debuggers.
Currently in the 1:1 model it's not used in GDB neither in LLDB and it's
not either planned to be used. It's current function to read pthread_t
structures is realizable within a regular debugger capable to
instrospect objects within a tracee (GDB, LLDB...).
pthread_dbg(3) is going to be removed from the base distribution and moved
to pkgsrc.
Patch reviewed by <christos>
Sponsored by <The NetBSD Foundation>
libpthread_dbg(3) is a remnant library from the M:N thread model
(pre-NetBSD-5.0) API to introspect threads within a process and for use
of debuggers.
Currently in the 1:1 model it's not used in GDB neither in LLDB and it's
not either planned to be used. It's current function to read pthread_t
structures is realizable within a regular debugger capable to
instrospect objects within a tracee (GDB, LLDB...).
pthread_dbg(3) is going to be removed from the base distribution and moved
to pkgsrc.
Patch reviewed by <christos>
Sponsored by <The NetBSD Foundation>
This update fixes the following vulnerabilities:
CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926
CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931
CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936
CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973
CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985
CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575
CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341
CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485
CVE-2017-5486 (all buffer overflows in various parts of tcpdump)
Upstream Changelog:
General updates:
Improve separation frontend/backend (tcpdump/libnetdissect)
Don't require IPv6 library support in order to support IPv6 addresses
Introduce data types to use for integral values in packet structures
Fix display of timestamps with -tt, -ttt and -ttttt options
Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others
(More information in the log with CVE-2016-* and CVE-2017-*)
Change the way protocols print link-layer addresses (Fix heap overflows
in CALM-FAST and GeoNetworking printers)
Pass correct caplen value to ether_print() and some other functions
Fix lookup_nsap() to match what isonsap_string() expects
Clean up relative time stamp printing (Fix an array overflow)
Fix some alignment issues with GCC on Solaris 10 SPARC
Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks
Add a fn_printztn() which returns the number of bytes processed
Add nd_init() and nd_cleanup() functions. Improve libsmi support
Add CONTRIBUTING file
Add a summary comment in all printers
Compile with more warning options in devel mode if supported (-Wcast-qual, ...)
Fix some leaks found by Valgrind/Memcheck
Fix a bunch of de-constifications
Squelch some Coverity warnings and some compiler warnings
Update Coverity and Travis-CI setup
Update Visual Studio files
Frontend:
Fix capsicum support to work with zerocopy buffers in bpf
Try opening interfaces by name first, then by name-as-index
Work around pcap_create() failures fetching time stamp type lists
Fix a segmentation fault with 'tcpdump -J'
Improve addrtostr6() bounds checking
Add exit_tcpdump() function
Don't drop CAP_SYS_CHROOT before chrooting
Fixes issue where statistics not reported when -G and -W options used
New printers supporting:
Generic Protocol Extension for VXLAN (VXLAN-GPE)
Home Networking Control Protocol (HNCP), RFCs 7787 and 7788
Locator/Identifier Separation Protocol (LISP), type 3 and type 4 packets
Marvell Extended Distributed Switch Architecture header (MEDSA)
Network Service Header (NSH)
REdis Serialization Protocol (RESP)
Updated printers:
802.11: Beginnings of 11ac radiotap support
802.11: Check the Protected bit for management frames
802.11: Do bounds checking on last_presentp before dereferencing it (Fix a heap overflow)
802.11: Fix the radiotap printer to handle the special bits correctly
802.11: If we have the MCS field, it's 11n
802.11: Only print unknown frame type or subtype messages once
802.11: Radiotap dBm values get printed as dB; Update a test output accordingly
802.11: Source and destination addresses were backwards
AH: Add a bounds check
AH: Report to our caller that dissection failed if a bounds check fails
AP1394: Print src > dst, not dst > src
ARP: Don't assume the target hardware address is <= 6 octets long (Fix a heap overflow)
ATALK: Add bounds and length checks (Fix heap overflows)
ATM: Add some bounds checks (Fix a heap overflow)
ATM: Fix an incorrect bounds check
BFD: Update specification from draft to RFC 5880
BFD: Update to print optional authentication field
BGP: Add decoding of ADD-PATH capability
BGP: Add support for the AIGP attribute (RFC7311)
BGP: Print LARGE_COMMUNITY Path Attribute
BGP: Update BGP numbers from IANA; Print minor values for FSM notification
BOOTP: Add a bounds check
Babel: Add decoder for source-specific extension
CDP: Filter out non-printable characters
CFM: Fixes to match the IEEE standard, additional bounds and length checks
CSLIP: Add more bounds checks (Fix a heap overflow)
ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow)
DHCP: Fix MUDURL and TZ options
DHCPv6: Process MUDURL and TZ options
DHCPv6: Update Status Codes with RFCs/IANA names
DNS: Represent the "DNSSEC OK" bit as "DO" instead of "OK". Add a test case
DTP: Improve packet integrity checks
EGP: Fix bounds checks
ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later
ESP: Handle OpenSSL 1.1.x
Ethernet: Add some bounds checking before calling isoclns_print (Fix a heap overflow)
Ethernet: Print the Length/Type field as length when needed
FDDI: Fix -e output for FDDI
FR: Add some packet-length checks and improve Q.933 printing (Fix heap overflows)
GRE: Add some bounds checks (Fix heap overflows)
Geneve: Fix error message with invalid option length; Update list option classes
HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes
ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS()
ICMP6: dagid is always an IPv6 address, not an opaque 128-bit string
IGMP: Add a length check
IP: Add a bounds check (Fix a heap overflow)
IP: Check before fetching the protocol version (Fix a heap overflow)
IP: Don't try to dissect if IP version != 4 (Fix a heap overflow)
IP: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
IPComp: Check whether we have the CPI before we fetch it (Fix a heap overflow)
IPoFC: Fix -e output (IP-over-Fibre Channel)
IPv6: Don't overwrite the destination IPv6 address for routing headers
IPv6: Fix header printing
IPv6: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
ISAKMP: Clean up parsing of IKEv2 Security Associations
ISOCLNS/IS-IS: Add support for Purge Originator Identifier (RFC6232) and test cases
ISOCLNS/IS-IS: Don't overwrite packet data when checking the signature
ISOCLNS/IS-IS: Filter out non-printable characters
ISOCLNS/IS-IS: Fix segmentation faults
ISOCLNS/IS-IS: Have signature_verify() do the copying and clearing
ISOCLNS: Add some bounds checks
Juniper: Make sure a Juniper header TLV isn't bigger than what's left in the packet (Fix a heap overflow)
LLC/SNAP: With -e, print the LLC header before the SNAP header; without it, cut the SNAP header
LLC: Add a bounds check (Fix a heap overflow)
LLC: Clean up printing of LLC packets
LLC: Fix the printing of RFC 948-style IP packets
LLC: Skip the LLC and SNAP headers with -x for 802.11 and some other protocols
LLDP: Implement IANA OUI and LLDP MUD option
MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks
MPLS: "length" is now the *remaining* packet length
MPLS: Add bounds and length checks (Fix a heap overflow)
NFS: Add a test that makes unaligned accesses
NFS: Don't assume the ONC RPC header is nicely aligned
NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault)
NFS: Don't run past the end of an NFSv3 file handle
OLSR: Add a test to cover a HNA sgw case
OLSR: Fix 'Advertised networks' count
OLSR: Fix printing of smart-gateway HNAs in IPv4
OSPF: Add a bounds check for the Hello packet options
OSPF: Do more bounds checking
OSPF: Fix a segmentation fault
OSPF: Fix printing 'ospf_topology_values' default
OTV: Add missing bounds checks
PGM: Print the formatted IP address, not the raw binary address, as a string
PIM: Add some bounds checking (Fix a heap overflow)
PIMv2: Fix checksumming of Register messages
PPI: Pass an adjusted struct pcap_pkthdr to the sub-printer
PPP: Add some bounds checks (Fix a heap overflow)
PPP: Report invalid PAP AACK/ANAK packets
Q.933: Add a missing bounds check
RADIUS: Add Value 13 "VLAN" to Tunnel-Type attribute
RADIUS: Filter out non-printable characters
RADIUS: Translate UDP/1700 as RADIUS
RESP: Do better checking of RESP packets
RPKI-RTR: Add a return value check for "fn_printn" call
RPKI-RTR: Remove printing when truncated condition already detected
RPL: Fix 'Consistency Check' control code
RPL: Fix suboption print
RSVP: An INTEGRITY object in a submessage covers only the submessage
RSVP: Fix an infinite loop; Add bounds and length checks
RSVP: Fix some if statements missing brackets
RSVP: Have signature_verify() do the copying and clearing
RTCP: Add some bounds checks
RTP: Add some bounds checks, fix two segmentation faults
SCTP: Do more bounds checking
SFLOW: Fix bounds checking
SLOW: Fix bugs, add checks
SMB: Before fetching the flags2 field, make sure we have it
SMB: Do bounds checks on NBNS resource types and resource data lengths
SNMP: Clean up the "have libsmi but no modules loaded" case
SNMP: Clean up the object abbreviation list and fix the code to match them
SNMP: Do bounds checks when printing character and octet strings
SNMP: Improve ASN.1 bounds checks
SNMP: More bounds and length checks
STP: Add a bunch of bounds checks, and fix some printing (Fix heap overflows)
STP: Filter out non-printable characters
TCP: Add bounds and length checks for packets with TCP option 20
TCP: Correct TCP option Kind value for TCP Auth and add SCPS-TP
TCP: Fix two bounds checks (Fix heap overflows)
TCP: Make sure we have the data offset field before fetching it (Fix a heap overflow)
TCP: Put TCP-AO option decoding right
TFTP: Don't use strchr() to scan packet data (Fix a heap overflow)
Telnet: Add some bounds checks
TokenRing: Fix -e output
UDLD: Fix an infinite loop
UDP: Add a bounds check (Fix a heap overflow)
UDP: Check against the packet length first
UDP: Don't do the DDP-over-UDP heuristic check up front
VAT: Add some bounds checks
VTP: Add a test on Mgmt Domain Name length
VTP: Add bounds checks and filter out non-printable characters
VXLAN: Add a bound check and a test case
ZeroMQ: Fix an infinite loop
Release 2.2.0 Tue June 21 2016
Security fixes:
#537 CVE-2016-0718 -- Fix crash on malformed input
CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
CVE-2015-2716 introduced with Expat 2.1.1
#499 CVE-2016-5300 -- Use more entropy for hash initialization
than the original fix to CVE-2012-0876
#519 CVE-2012-6702 -- Resolve troublesome internal call to srand
that was introduced with Expat 2.1.0
when addressing CVE-2012-0876 (issue #496)
Bug fixes:
Fix uninitialized reads of size 1
(e.g. in little2_updatePosition)
Fix detection of UTF-8 character boundaries
Other changes:
#532 Fix compilation for Visual Studio 2010 (keyword "C99")
Autotools: Resolve use of "$<" to better support bmake
Autotools: Add QA script "qa.sh" (and make target "qa")
Autotools: Respect CXXFLAGS if given
Autotools: Fix "make run-xmltest"
Autotools: Have "make run-xmltest" check for expected output
p90 CMake: Fix static build (BUILD_shared=OFF) on Windows
#536 CMake: Add soversion, support -DNO_SONAME=yes to bypass
#323 CMake: Add suffix "d" to differentiate debug from release
CMake: Define WIN32 with CMake on Windows
Annotate memory allocators for GCC
Address all currently known compile warnings
Make sure that API symbols remain visible despite
-fvisibility=hidden
Remove executable flag from source files
Resolve COMPILED_FROM_DSP in favor of WIN32
introducing since release of software to be recognised. This should hopefully
allow the builds to progress a littles further on systems such as the POWER8
which features a little endian 64-bit PowerPC CPU identified as ppc64le.
