* Automatically watch for changes to resolv.conf and reread it when that
happens.
* Refresh all the hosts files.
* Start using libevent2 in favor of libevent
Ok brad@
* A bug with hash_fold() regarding incoming IPv4 and IPv6 source
addresses has been fixed. The "hash" group mechanism is now working as
expected.
* Buffering has been disabled for interactive shell IO. A new
"assign" command has been added to allow changing of the host:port
assignment of a channel (only if disabled). A locking bug has been
fixed.
* A new option -6 has been added to force IPv6 bind.
* Problems with setting IPV6_V6ONLY socket option are now handled
more nicely with a syslog warning message.
* Balance now compiles also on systems where IPV6_V6ONLY is
undefined (like some Solaris systems).
* IPv6 support on the listening side has been added. MAXCHANNELS in
balance.h has been increased to 64.
Ok aja@ brad@
A specific query can cause BIND nameservers using DNS64 to exit
with a REQUIRE assertion failure.
BIND nameservers that are not using DNS64 are not at risk.
https://kb.isc.org/article/AA-00828 CVE-2012-5688
dnsfilter is a filter and rate limiter for the Domain Name
System. DNS queries should be redirected into the filter using
the pf(4) divert-packet command.
Tor 0.2.3.25, the first stable release in the 0.2.3 branch, features
significantly reduced directory overhead (via microdescriptors),
enormous crypto performance improvements for fast relays on new
enough hardware, a new v3 TLS handshake protocol that can better
resist fingerprinting, support for protocol obfuscation plugins (aka
pluggable transports), better scalability for hidden services, IPv6
support for bridges, performance improvements like allowing clients
to skip the first round-trip on the circuit ("optimistic data") and
refilling token buckets more often, a new "stream isolation" design
to isolate different applications on different circuits, and many
stability, security, and privacy fixes.
Also kill unneeded pthread patch.
Tested by dhill & dcoppa@.
ok dcoppa@
