Version 2.1 (January 12th, 2019)
Fixup release, correcting issues uncovered in the prior year.
Startup
Connect by default to Tor Browser's default port (9151) when it's available
Nyxrc color_override configuration values only worked if camel case (ticket)
'sqlite3.OperationalError' crash when ran with multiple users that share a home directory (ticket)
Process renaming could potentially crash (ticket)
Blank debug path caused us to crash (ticket)
Nyxrc password option for the controller credential (ticket)
Accept shorthand '--interface' arugments with a colon but no address (ticket)
Notification when connection information is unavailable (ticket)
When using python 3.x unable to run if distutils was unavailable (ticket)
Header
Right column of stats missing when using python 3.x
Graph
Removed confusing, unit-less 'measured' statistic
Connections
Geoip information unavailable for inbound connections
Dialog showing exit statistics crashed when no data was available (ticket)
More strictly scrub sensitive connection information (ticket)
Client and exit port usage dialogs counted each connection rather than unique clients and destinations (ticket)
Logging
Python3 crashed when dates are on year boundaries (ticket)
Configuration Editor
New tor configuration options crashed nyx when shown (ticket)
Errors when saving the configuration could result in a stacktrace (ticket)
Pressing 'esc' when editing values changed their value to 'none' (ticket)
Reset configuration option if set to an empty value
Interpreter
Line wrap content (ticket)
Large volume of content made the panel sluggish (ticket)
Curses
Resizing could crash the interface (ticket)
Implemented del key in editable text fields (ticket)
Website
Greatly expanded platforms available on the download page
Added 'How do I get started?' to the FAQ
Added 'Why can't I install with apt-get?' to the FAQ
Added 'Why can't I see Tor's connections?' to the FAQ
fping 4.2:
New features
* New option -x / --reachable to check if the number of reachable hosts is >= a certain number. Useful for example to implement connectivity-checks
Bugfixes and other changes
* Allow decimal numbers for '-t', '-i', '-p', and '-Q'
* Fix build with --disable-ipv6
* Fix hang with '-6', with ipv6 kernel module, but not loaded
* Assume '-6' if the binary is named 'fping6' (this is mostly for special embedded-distro use cases, and not meant to be used generally in place of compiling IPv6-only binary or using '-6'
* Get rid of warning "timeout (-t) value larger than period (-p) produces unexpected results"
Changes:
2.10.0
------
Features
- New hub pr list --format fields %pS and %pC for PR state and color
o %pS: "open", "draft", "merged", or "closed"
o %pC: green, gray, purple, or red
- Have commands with rich output respect the --color flag
o default: --color=auto
o --color is equivalent to --color=always
o --color=never disables color for TTYs
Fixes
- Make man pages parseable with whatis
- Make hub checkout work independently of remote refspec
Upstream changes:
mikutter 3.8.6
* backport yield_self for Ruby 2.4 and prior
* possible crash on too fast reply as @seibe
* extract pixiv images from OGP
* thanks Shibafu Midorino
Changes in Apache Libcloud 2.4.0
- Refuse installation with Python 2.6 and Python 3.3 (support was
already dropped in Libcloud 2.3.0)
- Support Python 3.7
- Cleanup various Python files
- Allow running tests with http_proxy set
Common
- [OpenStack] Document openstack_connection_kwargs method
- [OpenStack] Handle missing user email in OpenStackIdentityUser
Compute
- [ARM] Support OS disk size definition on node creation
- [Digital Ocean] Support floating IPs
- [Digital Ocean] Support attach/detach for floating IPs
- [Digital Ocean] Add ex_get_node_details
- [Digital Ocean] Add tags extra attribute to create_node
- [Dimension Data] Fix IndexError in list_images
- [EC2] Add AWS eu-west-3 (Paris) region
- [EC2] Add description to ex_authorize_security_group_ingress
- [EC2] Added script to automatically get EC2 instance sizes
- [EC2] Update instance sizes
- [EC2] Accept tags when create a snapshot
- [GCE] Expand Firewall options coverage
- [GCE] Expand network and subnetwork options coverage
- [GCE] Extend ex_create_address to allow internal ip creation
- [GCE] Allow shared VPC in managed instance group creation
- [GCE] Support disk_size parameter for boot disk when creating instance
- [GCE] Update public image projects list
- [GCE] Fix _find_zone_or_region for >500 instances
- [GCE] Allow routing_mode=None in ex_create_network
- [OpenStack] Implement Glance Image API v2
- [OpenStack] Fix spelling in ex_files description
- [OpenStack v2] Allow listing image members
- [OpenStack v2] Allow creating and accepting image members
- [OpenStack v2] Fix image members methods
- [OpenStack] Fix API doc for delete_floating_ip
- [OpenStack] Implement port attaching/detaching
- [OpenStack] Add methods for getting and creating ports
- [OpenStack] Add get_user method
- [OpenStack] Add ex_list_subnets to OpenStack_2_NodeDriver
- [OpenStack] The OpenStack_2_NodeDriver uses two connections
- [OpenStack] The OpenStack_2_NodeDriver /v2.0/networks instead of /os-networks
- [Scaleway] New Scaleway driver
- [Scaleway] Update Scaleway default API host
DNS
- [Google Cloud DNS] Document driver instantiation
Storage
- Update docstring for storage provider class
- [Azure Blob Storage] Allow filtering lists by prefix
- [Azure Blob Storage] Update driver documentation
- [Azure Blob Storage] Fix upload/download streams
- [Azure Blob Storage] Fix PageBlob headers
- [S3] Guess s3 upload content type
- [S3] Add Amazon S3 (cn-northwest-1) Storage Driver
Other
- Fixed spelling in 2.0 changes documentation
Changes in Apache Libcloud 2.3.0
- Drop support for Python 2.6 and Python 3.3
They're no longer supported, and the Python ecosystem is starting to
drop support: two of our test dependencies no longer support them.
- Made pytest-runner optional
Common
- Improve warning when CA_CERTS_PATH is incorrectly passed as a list
- Cleaned up and corrected third-party drivers documentation
- Modernized a few Python examples
- [OpenStack] Authentify with updated Identity API
Compute
- Fix "wait_until_running() method so it also works correctly and doesn't
append "None" to the addresses list if node has no IP address.
- [ARM] Fix checking for "location is None" in several functions
- [ARM] Fix error when using SSH key auth with Python 3
- [ARM] Fix API call on powerOff, understand PAUSED state
- [ARM] Delete VHDs more reliably in destroy_node(), raise exception on unhandled errors
- [ARM] Fix api version used to list and delete NICs
- [ARM] Allow faster list_nodes() with ex_fetch_power_state=False
- [ARM] Fix delete_old_vhd
- [ARM] Limit number of retries in destroy_node
- [ARM] Fix Retry-After header handling
- [CloudStack] Handle NICs without addresses
- [CloudStack] Add change size and restore
- [Digital Ocean] Add ex_enable_ipv6 in DigitalOcean_v2 driver
- [Digital Ocean] Add support for tags in list_nodes()
- [Digital Ocean] Add rebuild and resize commands
- [EC2] Add new x1.16xlarge and x1e.32xlarge instance type.
- [EC2] Add AWS EC2 c5 series
- [EC2] Add AWS EC2 M5 sizes
- [EC2] Update pricing information for EC2 instances.
- [EC2] Allow cn-north-1 even without pricing information
- [EC2] Fix EBS volume encryption
- [ECS Aliyun] Support modify_security_group_attributes
- [GCE] Allow adding labels to images
- [GCE] Allow adding license strings to images
- [GCE] Support GCE node labels.
- [GCE] Fix GCEList pagination.
- [GCE] Allow setting service account in instance templates
- [GCE] Add support for private IP addresses in GCE instance creation
- [GCE] Allow for use of shared network (VPC) and subnetwork
- [GCE] Add support for accelerators
- [ProfitBricks] Update driver and add support for the new API v4.
- [ProfitBricks] Fix list_snapshots() method
- [UpCloud] New driver for UpCloud
- [UpCloud] Use disk size and storage tier also when creating node from template
- [UpCloud] Allow to define hostname and username
- [UpCloud] Add pricing information to list_sizes
Storage
- Added Digital Ocean Spaces driver
- [Digital Ocean Spaces] Add support for AMS3 region
- [Digital Ocean Spaces] Add support for SGP1 region
- Fix a bug / regression which resulted in increased memory consumption when
using download_object method. This method would store whole object
content in memory even though there was no need for that.
This regression was introduced in 2.0.0 when we moved to using requests
library.
- Fix a regression with hash computation performance and memory usage on object
upload inadvertently introduced in 2.0.0 and make it more efficient.
Changes in version 0.3.5.8:
Tor 0.3.5.8 backports serveral fixes from later releases, including fixes
for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x
releases.
It also includes a fix for a medium-severity security bug affecting Tor
0.3.2.1-alpha and later. All Tor instances running an affected release
should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.
o Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can
put in the outbuf. Previously, KIST acted as though the outbuf
were empty, which could lead to the outbuf becoming too full. It
is possible that an attacker could exploit this bug to cause a Tor
client or relay to run out of memory and crash. Fixes bug 29168;
bugfix on 0.3.2.1-alpha. This issue is also being tracked as
TROVE-2019-001 and CVE-2019-8955.
o Major bugfixes (networking, backport from 0.4.0.2-alpha):
- Gracefully handle empty username/password fields in SOCKS5
username/password auth messsage and allow SOCKS5 handshake to
continue. Previously, we had rejected these handshakes, breaking
certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.
o Minor features (compilation, backport from 0.4.0.2-alpha):
- Compile correctly when OpenSSL is built with engine support
disabled, or with deprecated APIs disabled. Closes ticket 29026.
Patches from "Mangix".
o Minor features (geoip):
- Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
Country database. Closes ticket 29478.
o Minor features (testing, backport from 0.4.0.2-alpha):
- Treat all unexpected ERR and BUG messages as test failures. Closes
ticket 28668.
o Minor bugfixes (onion service v3, client, backport from 0.4.0.1-alpha):
- Stop logging a "BUG()" warning and stacktrace when we find a SOCKS
connection waiting for a descriptor that we actually have in the
cache. It turns out that this can actually happen, though it is
rare. Now, tor will recover and retry the descriptor. Fixes bug
28669; bugfix on 0.3.2.4-alpha.
o Minor bugfixes (IPv6, backport from 0.4.0.1-alpha):
- Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the
IPv6 socket was bound using an address family of AF_INET instead
of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from
Kris Katterjohn.
o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha):
- Update Cargo.lock file to match the version made by the latest
version of Rust, so that "make distcheck" will pass again. Fixes
bug 29244; bugfix on 0.3.3.4-alpha.
o Minor bugfixes (client, clock skew, backport from 0.4.0.1-alpha):
- Select guards even if the consensus has expired, as long as the
consensus is still reasonably live. Fixes bug 24661; bugfix
on 0.3.0.1-alpha.
o Minor bugfixes (compilation, backport from 0.4.0.1-alpha):
- Compile correctly on OpenBSD; previously, we were missing some
headers required in order to detect it properly. Fixes bug 28938;
bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (documentation, backport from 0.4.0.2-alpha):
- Describe the contents of the v3 onion service client authorization
files correctly: They hold public keys, not private keys. Fixes
bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".
o Minor bugfixes (logging, backport from 0.4.0.1-alpha):
- Rework rep_hist_log_link_protocol_counts() to iterate through all
link protocol versions when logging incoming/outgoing connection
counts. Tor no longer skips version 5, and we won't have to
remember to update this function when new link protocol version is
developed. Fixes bug 28920; bugfix on 0.2.6.10.
o Minor bugfixes (logging, backport from 0.4.0.2-alpha):
- Log more information at "warning" level when unable to read a
private key; log more information at "info" level when unable to
read a public key. We had warnings here before, but they were lost
during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (misc, backport from 0.4.0.2-alpha):
- The amount of total available physical memory is now determined
using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
when it is defined and a 64-bit variant is not available. Fixes
bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (onion services, backport from 0.4.0.2-alpha):
- Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
than one private key for a hidden service. Fixes bug 29040; bugfix
on 0.3.5.1-alpha.
- In hs_cache_store_as_client() log an HSDesc we failed to parse at
"debug" level. Tor used to log it as a warning, which caused very
long log lines to appear for some users. Fixes bug 29135; bugfix
on 0.3.2.1-alpha.
- Stop logging "Tried to establish rendezvous on non-OR circuit..."
as a warning. Instead, log it as a protocol warning, because there
is nothing that relay operators can do to fix it. Fixes bug 29029;
bugfix on 0.2.5.7-rc.
o Minor bugfixes (tests, directory clients, backport from 0.4.0.1-alpha):
- Mark outdated dirservers when Tor only has a reasonably live
consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.
o Minor bugfixes (tests, backport from 0.4.0.2-alpha):
- Detect and suppress "bug" warnings from the util/time test on
Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
- Do not log an error-level message if we fail to find an IPv6
network interface from the unit tests. Fixes bug 29160; bugfix
on 0.2.7.3-rc.
o Minor bugfixes (usability, backport from 0.4.0.1-alpha):
- Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate().
Some users took this phrasing to mean that the mentioned guard was
under their control or responsibility, which it is not. Fixes bug
28895; bugfix on Tor 0.3.0.1-alpha.
Update bind912 to 9.12.3pl4 (BIND 9.12.3-P4).
--- 9.12.3-P4 released ---
--- 9.12.3-P3 released (withdrawn) ---
5141. [security] Zone transfer controls for writable DLZ zones were
not effective as the allowzonexfr method was not being
called for such zones. (CVE-2019-6465) [GL #790]
--- 9.12.3-P2 released (withdrawn) ---
5118. [security] Named could crash if it is managing a key with
`managed-keys` and the authoritative zone is rolling
the key to an unsupported algorithm. (CVE-2018-5745)
[GL #780]
5110. [security] Named leaked memory if there were multiple Key Tag
EDNS options present. (CVE-2018-5744) [GL #772]
Update bind911 to 9.11.5pl4 (BIND 9.11.5-P4).
--- 9.11.5-P4 released ---
--- 9.11.5-P3 released (withdrawn) ---
5141. [security] Zone transfer controls for writable DLZ zones were
not effective as the allowzonexfr method was not being
called for such zones. (CVE-2019-6465) [GL #790]
--- 9.11.5-P2 released (withdrawn) ---
5118. [security] Named could crash if it is managing a key with
`managed-keys` and the authoritative zone is rolling
the key to an unsupported algorithm. (CVE-2018-5745)
[GL #780]
5110. [security] Named leaked memory if there were multiple Key Tag
EDNS options present. (CVE-2018-5744) [GL #772]
OpenVPN 2.4.7
- Fix subnet topology on NetBSD (2.4).
- add support for %lu in argv_printf and prevent ASSERT
- buffer_list: add functions documentation
- ifconfig-ipv6(-push): allow using hostnames
- Properly free tuntap struct on android when emulating persist-tun
- Add OpenSSL compat definition for RSA_meth_set_sign
- Add support for tls-ciphersuites for TLS 1.3
- Add better support for showing TLS 1.3 ciphersuites in --show-tls
- Use right function to set TLS1.3 restrictions in show-tls
- Add message explaining early TLS client hello failure
- Fallback to password authentication when auth-token fails
- systemd: extend CapabilityBoundingSet for auth_pam
- plugin: Export base64 encode and decode functions
- Add %d, %u and %lu tests to test_argv unit tests.
- Fix combination of --dev tap and --topology subnet across multiple platforms.
- Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
- preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)
- Minor reliability layer documentation fixes
- Resolves small IV_GUI_VER typo in the documentation.
- Clarify and expand management interface documentation
- Refactor NCP-negotiable options handling
- init.c: refine functions names and description
- interactive.c: fix usage of potentially uninitialized variable
- options.c: fix broken unary minus usage
- Remove extra token after #endif
- Fix error message when using RHEL init script
- man: correct a --redirection-gateway option flag
- Replace M_DEBUG with D_LOW as the former is too verbose
- Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
- Bump version of openvpn plugin argument structs to 5
- Move get system directory to a separate function
- Enable dhcp on tap adapter using interactive service
- Pass the hash without the DigestInfo header to NCryptSignHash()
- White-list pull-filter and script-security in interactive service
- Add Interactive Service developer documentation
- Detect TAP interfaces with root-enumerated hardware ID
- man: add security considerations to --compress section
- mbedtls: print warning if random personalisation fails
- Fix memory leak after sighup
- travis: add OpenSSL 1.1 Windows build
- Fix --disable-crypto build
- Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
- buffer_list_aggregate_separator(): simplify code
4.1.11
Since Spectre/Meltdown, system calls have become more expensive. This made exporting a very high number of protobuf messages costly, which is addressed in this release by reducing the number of sycalls per message.
Improvements
Add an option to export only responses over protobuf to the Lua protobufServer() directive.
Reduce systemcall usage in protobuf logging.
4.1.10
This release fixes a bug when trying to build PowerDNS Recursor with protobuf support disabled, thus this release is only relevant to people building PowerDNS Recursor from source and not if you’re installing it as a package from our repositories.
Bug Fixes
PowerDNS Recursor release 4.1.9 introduced a call to the Lua ipfilter() hook that required access to the DNS header, but the corresponding variable was only declared when protobuf support had been enabled.
4.1.9
This release fixes Security Advisory 2019-01 and Security Advisory 2019-02 that were recently discovered, affecting PowerDNS Recursor:
CVE-2019-3806, 2019-01: from 4.1.4 up to and including 4.1.8 ;
CVE-2019-3807, 2019-02: from 4.1.0 up to and including 4.1.8.
The issues are:
CVE-2019-3806, 2019-01: Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua ;
CVE-2019-3807, 2019-02: records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.
Improvements
Try another worker before failing if the first pipe was full
1.4.0:
- Build with Cython 0.29 in '3str' mode.
- Test with PyPy 6.0 on Windows.
- Add support for application-wide callbacks when Greenlet objects
are started.
- Fix consuming a single ready object using
next(gevent.iwait(objs)). Previously such a construction would
hang because iter was not called.
- Make gevent.iwait return an iterator that can now also be used as
a context manager. If you'll only be consuming part of the iterator,
use it in a with block to avoid leaking resources.
- Fix semaphores to immediately notify links if they are ready and
rawlink() is called. This behaves like Event and
AsyncEvent. Note that the order in which semaphore links are
called is not specified.
- Improve safety of handling exceptions during interpreter shutdown.
- Remove the deprecated ability to specify GEVENT_RESOLVER and
other importable settings as a path/to/a/package.module.item.
This had race conditions and didn't work with complicated resolver
implementations. Place the required package or module on sys.path
first.
- Reduce the chances that using the blocking monitor functionality
could result in apparently random SystemError:
Objects/tupleobject.c: bad argument to internal function.
- Refactored the gevent test runner and test suite to make them more
reusable. In particular, the tests are now run with python -m
gevent.tests.
- Make a monkey-patched socket.getaddrinfo return socket module
enums instead of plain integers for the socket type and address
family on Python 3.
- Make gevent's pywsgi server set the non-standard environment value
wsgi.input_terminated to True.
- Make gevent.util.assert_switches produce more informative messages
when the assertion fails.
- Python 2: If a gevent.socket was closed asynchronously (in a
different greenlet or a hub callback), AttributeError could result
if the socket was already in use. Now the correct socket.error
should be raised.
- Fix :meth:gevent.threadpool.ThreadPool.join raising a
UserWarning when using the libuv backend.
- Fix FileObjectPosix.seek raising OSError when it should have
been IOError on Python 2.
- Upgrade libuv from 1.23.2 to 1.24.0.
Change log:
* Translations update
* caja-share-bar: avoid deprecated 'g_type_class_add_private'
* drop obsolete configure option from distcheck
* Use make functions for HELP_LINGUAS
* adding help to transifex config
* disable deprecation warnings for distcheck
* file-share-properties.ui: avoid deprecated:
* update transifex config with branch specific resoures
Changes:
2.9.0
-----
Features
- Add support for hub ci-status --format <FORMAT> string
- Add hub create --remote-name <REMOTE> flag
- Allow passing in a raw request body via hub api --input <FILE>
- Cache HTTP 4xx (except 403) server responses in hub api --cache
Fixes
- Ensure consistent ordering of hub ci-status -v results
- Avoid crashing on invalid GitHub hostname
- Fix parsing empty string within command-line arguments
2.8.4
-----
- Add hub api -H flag to set HTTP request headers
- Add hub api -i flag to output HTTP response headers
- Change how hub api deals with HTTP errors:
- HTTP response is now printed on stdout regardless of HTTP status
- No longer print an extra newline after HTTP response body
- No more Error: HTTP {STATUS} message on stderr
- hub exits with status 22 instead of 1
- Fix hub execution under WSL (Windows Subsystem for Linux)
0MQ version 4.3.1 stable:
* CVE-2019-6250: A vulnerability has been found that would allow attackers to
direct a peer to jump to and execute from an address indicated by the
attacker.
This issue has been present since v4.2.0. Older releases are not affected.
NOTE: The attacker needs to know in advance valid addresses in the peer's
memory to jump to, so measures like ASLR are effective mitigations.
NOTE: this attack can only take place after authentication, so peers behind
CURVE/GSSAPI are not vulnerable to unauthenticated attackers.
See https://github.com/zeromq/libzmq/issues/3351 for more details.
Thanks to Guido Vranken for uncovering the issue and providing the fix!
* Note for packagers: as pkg-config's Requires.private is now used to properly
propagate dependencies for static builds, the libzmq*-dev or zeromq-devel or
equivalent package should now depend on the libfoo-dev or foo-devel packages
of all the libraries that zmq is linked against, or pkg-config --libs libzmq
will fail due to missing dependencies on end users machines.
0MQ version 4.3.0 stable:
* The following DRAFT APIs have been marked as STABLE and will not change
anymore:
- ZMQ_MSG_T_SIZE context option (see doc/zmq_ctx_get.txt)
- ZMQ_THREAD_AFFINITY_CPU_ADD and ZMQ_THREAD_AFFINITY_CPU_REMOVE (Posix only)
context options, to add/remove CPUs to the affinity set of the I/O threads.
See doc/zmq_ctx_set.txt and doc/zmq_ctx_get.txt for details.
- ZMQ_THREAD_NAME_PREFIX (Posix only) context option, to add a specific
integer prefix to the background threads names, to easily identify them.
See doc/zmq_ctx_set.txt and doc/zmq_ctx_get.txt for details.
- ZMQ_GSSAPI_PRINCIPAL_NAMETYPE and ZMQ_GSSAPI_SERVICE_PRINCIPAL_NAMETYPE
socket options, for the corresponding GSSAPI features. Additional
definitions for principal name types:
- ZMQ_GSSAPI_NT_HOSTBASED
- ZMQ_GSSAPI_NT_USER_NAME
- ZMQ_GSSAPI_NT_KRB5_PRINCIPAL
See doc/zmq_gssapi.txt for details.
- ZMQ_BINDTODEVICE socket option (Linux only), which will bind the
socket(s) to the specified interface. Allows to use Linux VRF, see:
https://www.kernel.org/doc/Documentation/networking/vrf.txt
NOTE: requires the program to be ran as root OR with CAP_NET_RAW
- zmq_timers_* APIs. These functions can be used for cross-platforms timed
callbacks. See doc/zmq_timers.txt for details.
- The following socket monitor events:
- ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL: unknown errors during handshake.
- ZMQ_EVENT_HANDSHAKE_SUCCEEDED: Handshake completed with authentication.
- ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL: Protocol errors with peers or ZAP.
- ZMQ_EVENT_HANDSHAKE_FAILED_AUTH: Failed authentication requests.
See doc/zmq_socket_monitor.txt for more details and error codes.
- zmq_stopwatch_intermediate which returns the time elapsed without stopping
the stopwatch.
- zmq_proxy_steerable command 'STATISTICS' to retrieve stats about the amount
of messages and bytes sent and received by the proxy.
See doc/zmq_proxy_steerable.txt for more information.
* The build-time configuration option to select the poller has been split, and
new API_POLLER (CMake) and --with-api-poller (autoconf) options will now
determine what system call is used to implement the zmq_poll/zmq_poller APIs.
The previous POLLER and --with-poller options now only affects the
internal I/O thread. In case API_POLLER is not specified, the behaviour keeps
backward compatibility intact and will be the same as with previous releases.
* The non-default "poll" poller for the internal I/O thread (note: NOT for the
zmq_poll/zmq_poller user APIs!) has been disabled on Windows as WSAPoll does
not report connection failures. For more information see:
- https://daniel.haxx.se/blog/2012/10/10/wsapoll-is-broken/
- https://curl.haxx.se/mail/lib-2012-10/0038.html
- https://bugs.python.org/issue16507
* New epoll implementation for Windows, using the following implementation:
https://github.com/piscisaureus/wepoll/tree/v1.5.4
To use this, select "epoll" as the poller option in the build system.
Note for distributors: the wepoll source code is embedded and distributed.
It is licensed under the BSD-2-Clause and thus it is compatible with LGPL-3.0.
Note that, if selected at build time, the license text must be distributed
with the binary in accordance to the license terms. A copy can be found at:
external/wepoll/license.txt
* The pre-made Visual Studio solutions file are deprecated, and users are
encouraged to use the CMake solution generation feature instead.
* New DRAFT (see NEWS for 4.2.0) socket options:
- ZMQ_ROUTER_NOTIFY to deliver a notification when a peer connects and/or
disconnects in the form of a routing id plus a zero-length frame.
- ZMQ_MULTICAST_LOOP to control whether the data sent should be looped back
on local listening sockets for UDP multicast sockets (ZMQ_RADIO).
See doc/zmq_setsockopt.txt and doc/zmq_getsockopt.txt for details.
* New perf tool, perf/benchmark_radix_tree, to measure the performance of the
different internal implementations of the trie algorithm used to track
subscriptions. Requires a compiler that supports C++11.
* New autoconf flag "--enable-force-CXX98-compat" which will force -std=gnu++98
and, if the compiler supports them (clang++ at the moment), it will also add
-Wc++98-compat -Wc++98-compat-pedantic so that compatibility with C++98 can
be tested.
* Many, many coding style, duplication and static analysis improvements.
* Many, many improvements to the CMake build system, especially on Windows.
* Many, many improvements to unit tests.
3.40.0 (2019-01-25)
- Official binaries are now linked against GnuTLS 3.6.6
3.40.0-rc2 (2019-01-22)
- Fix regression introduced in rc1 where adding files to queue creates extra server items if the connection was established through the Site Manager
3.40.0-rc1 (2019-01-18)
+ Added TLS 1.3 support by linking official binaries against GnuTLS 3.6.5
+ Refactored how sites and servers are being represented internally to fix issues trigged by renaming sites in the Site Manager
- Fix display of server names containing ampersands in several dialogs
- Fix regular expression filter in the quick search panel
- Fix a crash if files are added to the queue when there are already files for multiple different servers in the queue
- Fix a crash applying filters when there are no selected files and the focused item is past the new file count
- Fix a crash if emptying the queue while a directory creation item is active
- Fix a potential crash if FileZilla is being closed the moment a delayed dialog has already been created but before it is shown.
libnice 0.1.15 (2018-12-27)
===========================
Add support for Regular Nomination
Removal of the global lock over all agents
Add method to compare candidate targets
Added optional Meson build system, future releases will remove autotools
Renamed all members of PseudoTcpState enum (compile-time API change)
Now drops all packets from addresses that have not been validated by an ICE check
Multiple improvements to ICE interoperability
Improved RFC compliance
Improved OC2007 compatibility mode alternate-server support
0.5.2
* Fixed Google Drive login, broken by Google's new 2-page login sequence
* Added support for Google Drive two-factor authentication
* Fixed access to SharePoint root folder (tdf#101385)
* Limited the maximal number of redirections to 20 (rhbz#1410197)
* Switched library implementation to C++11 (the API remains
C++98-compatible)
* Fixed build with boost >= 1.68.0 (#19)
* Fixed encoding of OAuth2 credentials
* Dropped cppcheck run from "make check". A new "make cppcheck" target
was created for it
* Added proper API symbol exporting
* Speeded up building of tests a bit
* Fixed a few issues found by coverity and cppcheck
1.0.3
=====
- meson build fixes
- Fix running sniffer from meson build
- Fix issue on OS X when socket is destroyed after suspend
- Fix a memory leak in the device sniffer
- Fix a crash when sending a SSDP message after clearing the custom headers
- Use utsname.release for Server: header
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gssdp/issues/1
- https://bugzilla.gnome.org/show_bug.cgi?id=794340
4.3.0:
- Added Python 3.7 support.
- Avoid caching queues which are declared with a TTL.
Queues that are declared with a TTL are now also be excluded from the
in-memory cache in case they expire between publishes on the same channel.
- Added an index to the Message table for the SQLAlchemy transport.
The index allows to effectively sorting the table by the message's timestamp.
- Added a timeout that limits the amount of time we retry
to reconnect to a transport.
- :class:celery.asynchronous.hub.Hub is now reentrant.
This allows calling :func:celery.bin.celery.main to revive a worker in
the same process after rescuing from shutdown (:class:SystemExit).
- Queues now accept string exchange names as arguments as documented.
Tests were added to avoid further regressions.
- Specifying names for broadcast queues now work as expected.
Previously, named broadcast queues did not create multiple queues per worker.
They incorrectly declared the named queue which resulted in one queue per
fanout exchange, thus missing the entire point of a fanout exchange.
The behavior is now matched to unnamed broadcast queues.
- When initializing the Redis transport in conjunction with gevent
restore all unacknowledged messages to queue.
- Allow :class:kombu.simple.SimpleQueue to pass queue_arguments to Queue object.
This allows :class:kombu.simple.SimpleQueue to connect to RabbitMQ queues with
custom arguments like 'x-queue-mode'='lazy'.
- Add support for 'rediss' scheme for secure Redis connections.
The rediss scheme defaults to the least secure form, as
there is no suitable default location for ca_certs. The recommendation
would still be to follow the documentation and specify broker_use_ssl if
coming from celery.
- Added the Azure Storage Queues transport.
The transport is implemented on top of Azure Storage
Queues. This offers a simple but scalable and low-cost PaaS
transport for Celery users in Azure. The transport is intended to be
used in conjunction with the Azure Block Blob Storage backend.
- Added the Azure Service Bus transport.
The transport is implemented on top of Azure Service Bus and
offers PaaS support for more demanding Celery workloads in Azure.
The transport is intended to be used in conjunction with the Azure
CosmosDB backend.
- Drop remaining mentions of Jython support completely.
- When publishing messages to the Pidbox, retry if an error occurs.
- Fix infinite loop in :method:kombu.asynchronous.hub.Hub.create_loop.
- Worker shutdown no longer duplicates messages when using the SQS broker.
- When using the SQS broker, prefer boto's default region before our hardcoded default.
- Fixed closing of shared redis sockets which previously caused Celery to hang.
- the Pyro_ transport (:mod:kombu.transport.pyro) now works with
recent Pyro versions. Also added a Pyro Kombu Broker that this transport
needs for its queues.
- Handle non-base64-encoded SQS messages.
- Move the handling of Sentinel failures to the redis library itself.
Previously, Redis Sentinel worked only if the first node's sentinel
service in the URI was up. A server outage would have caused downtime.
- When using Celery and the pickle serializer with binary data as part of the
payload, UnicodeDecodeError would be raised as the content was not utf-8.
We now replace on errors.
- Allow setting :method:boto3.sqs.create_queue Attributes via transport_options.
- Fixed infinite loop when entity.channel is replaced by revive() on connection
drop.
- Added optional support for Brotli compression.
- When using the SQS broker, FIFO queues with names that ended with the 'f' letter
were incorrectly parsed. This is now fixed.
- Added optional support for LZMA compression.
- Added optional support for ZStandard compression.
- Require py-amqp 2.4.0 as the minimum version.
- The value of DISABLE_TRACEBACKS environment variable is now respected on debug, info
and warning logger level.
2.4.1:
- To avoid breaking the API basic_consume() now returns the consumer tag
instead of a tuple when nowait is True.
- Fix crash in basic_publish when broker does not support connection.blocked
capability.
- read_frame() is now Python 3 compatible for large payloads.
- Support float read_timeout/write_timeout.
- Always treat SSLError timeouts as socket timeouts.
- Treat EWOULDBLOCK as timeout.
This fixes a regression on Windows from 2.4.0.
Upstream changes:
mikutter 3.8.5
* update URLs of mikutter Web
* [photo-support] reddit
* thanks cob odo
* possible crash on receiving notifications
* thanks ncaq net
* happy new year
* use oEmbed API to get Gyazo images
* thanks Shibuya Rin
1.16.102
api-change:appstream: Update appstream command to latest version
api-change:mediapackage: Update mediapackage command to latest version
api-change:codebuild: Update codebuild command to latest version
1.16.101
api-change:ecs: Update ecs command to latest version
api-change:discovery: Update discovery command to latest version
api-change:dlm: Update dlm command to latest version
1.16.100
api-change:gamelift: Update gamelift command to latest version
api-change🇪🇸 Update es command to latest version
api-change:robomaker: Update robomaker command to latest version
api-change:medialive: Update medialive command to latest version
1.16.99
api-change:fsx: Update fsx command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.98
api-change🛡️ Update shield command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version
1.16.97
api-change:codecommit: Update codecommit command to latest version
api-change:workspaces: Update workspaces command to latest version
api-change:ecs: Update ecs command to latest version
api-change:application-autoscaling: Update application-autoscaling command to latest version
1.16.96
api-change:devicefarm: Update devicefarm command to latest version
api-change:mediaconnect: Update mediaconnect command to latest version
api-change:codecommit: Update codecommit command to latest version
api-change:medialive: Update medialive command to latest version
1.16.95
api-change:logs: Update logs command to latest version
api-change:ecr: Update ecr command to latest version
api-change:sms-voice: Update sms-voice command to latest version
api-change:elbv2: Update elbv2 command to latest version
api-change:rds: Update rds command to latest version
api-change:codebuild: Update codebuild command to latest version
1.16.94
api-change:acm-pca: Update acm-pca command to latest version
api-change:apigatewaymanagementapi: Update apigatewaymanagementapi command to latest version
api-change:worklink: Update worklink command to latest version
1.16.93
api-change:ssm: Update ssm command to latest version
api-change:dms: Update dms command to latest version
api-change:fms: Update fms command to latest version
api-change:discovery: Update discovery command to latest version
api-change:appstream: Update appstream command to latest version
1.16.92
api-change:glue: Update glue command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.91
api-change:rekognition: Update rekognition command to latest version
api-change:lightsail: Update lightsail command to latest version
api-change:lambda: Update lambda command to latest version
api-change:pinpoint: Update pinpoint command to latest version
1.16.90
api-change:dynamodb: Update dynamodb command to latest version
api-change:backup: Update backup command to latest version
api-change:ce: Update ce command to latest version
1.9.92
api-change:appstream: [botocore] Update appstream client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:mediapackage: [botocore] Update mediapackage client to latest version
1.9.91
api-change:discovery: [botocore] Update discovery client to latest version
api-change:ecs: [botocore] Update ecs client to latest version
api-change:dlm: [botocore] Update dlm client to latest version
1.9.90
api-change🇪🇸 [botocore] Update es client to latest version
api-change:medialive: [botocore] Update medialive client to latest version
api-change:gamelift: [botocore] Update gamelift client to latest version
api-change:robomaker: [botocore] Update robomaker client to latest version
1.9.89
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:fsx: [botocore] Update fsx client to latest version
1.9.88
api-change🛡️ [botocore] Update shield client to latest version
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.87
api-change:ecs: [botocore] Update ecs client to latest version
api-change:application-autoscaling: [botocore] Update application-autoscaling client to latest version
api-change:workspaces: [botocore] Update workspaces client to latest version
api-change:codecommit: [botocore] Update codecommit client to latest version
1.9.86
api-change:devicefarm: [botocore] Update devicefarm client to latest version
api-change:codecommit: [botocore] Update codecommit client to latest version
api-change:medialive: [botocore] Update medialive client to latest version
api-change:mediaconnect: [botocore] Update mediaconnect client to latest version
1.9.85
api-change:logs: [botocore] Update logs client to latest version
api-change:elbv2: [botocore] Update elbv2 client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:sms-voice: [botocore] Update sms-voice client to latest version
api-change:ecr: [botocore] Update ecr client to latest version
1.9.84
api-change:worklink: [botocore] Update worklink client to latest version
api-change:apigatewaymanagementapi: [botocore] Update apigatewaymanagementapi client to latest version
api-change:acm-pca: [botocore] Update acm-pca client to latest version
1.9.83
api-change:appstream: [botocore] Update appstream client to latest version
api-change:discovery: [botocore] Update discovery client to latest version
api-change:dms: [botocore] Update dms client to latest version
api-change:fms: [botocore] Update fms client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
1.9.82
api-change:glue: [botocore] Update glue client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.81
api-change:lightsail: [botocore] Update lightsail client to latest version
api-change:lambda: [botocore] Update lambda client to latest version
api-change:pinpoint: [botocore] Update pinpoint client to latest version
api-change:rekognition: [botocore] Update rekognition client to latest version
1.9.80
api-change:dynamodb: [botocore] Update dynamodb client to latest version
api-change:ce: [botocore] Update ce client to latest version
api-change:backup: [botocore] Update backup client to latest version
https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4225
* Sometimes qname-minimisation needs to be (temporarily) reverted.
* DNS-over-TLS would interact with qname-minimisation and would erroneously
echo back the query buffer instead of the answer.
Bump PKGREVISION.
1.12.92
api-change:appstream: Update appstream client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:mediapackage: Update mediapackage client to latest version
1.12.91
api-change:discovery: Update discovery client to latest version
api-change:ecs: Update ecs client to latest version
api-change:dlm: Update dlm client to latest version
1.12.90
api-change🇪🇸 Update es client to latest version
api-change:medialive: Update medialive client to latest version
api-change:gamelift: Update gamelift client to latest version
api-change:robomaker: Update robomaker client to latest version
1.12.89
api-change:ec2: Update ec2 client to latest version
api-change:fsx: Update fsx client to latest version
1.12.88
api-change🛡️ Update shield client to latest version
api-change:servicecatalog: Update servicecatalog client to latest version
api-change:ec2: Update ec2 client to latest version
1.12.87
api-change:ecs: Update ecs client to latest version
api-change:application-autoscaling: Update application-autoscaling client to latest version
api-change:workspaces: Update workspaces client to latest version
api-change:codecommit: Update codecommit client to latest version
1.12.86
api-change:devicefarm: Update devicefarm client to latest version
api-change:codecommit: Update codecommit client to latest version
api-change:medialive: Update medialive client to latest version
api-change:mediaconnect: Update mediaconnect client to latest version
1.12.85
api-change:logs: Update logs client to latest version
api-change:elbv2: Update elbv2 client to latest version
api-change:rds: Update rds client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:sms-voice: Update sms-voice client to latest version
api-change:ecr: Update ecr client to latest version
1.12.84
api-change:worklink: Update worklink client to latest version
api-change:apigatewaymanagementapi: Update apigatewaymanagementapi client to latest version
api-change:acm-pca: Update acm-pca client to latest version
1.12.83
api-change:appstream: Update appstream client to latest version
api-change:discovery: Update discovery client to latest version
api-change:dms: Update dms client to latest version
api-change:fms: Update fms client to latest version
api-change:ssm: Update ssm client to latest version
1.12.82
api-change:glue: Update glue client to latest version
api-change:ec2: Update ec2 client to latest version
1.12.81
api-change:lightsail: Update lightsail client to latest version
api-change:lambda: Update lambda client to latest version
api-change:pinpoint: Update pinpoint client to latest version
api-change:rekognition: Update rekognition client to latest version
1.12.80
api-change:dynamodb: Update dynamodb client to latest version
api-change:ce: Update ce client to latest version
api-change:backup: Update backup client to latest version
Upstream changelog:
* Changes in Wget 1.20.1
** --xattr is no longer default since it introduces privacy issues.
** --xattr saves the Referer as scheme/host/port, user/pw/path/query/fragment
are no longer saved to prevent privacy issues.
** --xattr saves the Original URL without user/password to prevent
privacy issues.
* Changes in Wget 1.20
** Add new option `--retry-on-host-error` to treat local errors as
transient and hence Wget will retry to download the file after
a brief waiting period.
** Fixed multiple potential resource leaks as found by static analysis
** Wget will now not create an empty wget-log file when running with
-q and -b switches together
** When compiled using the GnuTLS >= 3.6.3, Wget now has support for TLSv1.3
** Now there is support for using libpcre2 for regex pattern matching
** When downloading over FTP recursively, one can now use the
--{accept,reject}-regex switches to fine-tune the downloaded files
** Building Wget from the git sources now requires autoconf 2.63 or above.
Building from the Tarballs works as it used to.
Changes:
version 2019.02.08
Core
* [utils] Improve JSON-LD regular expression (#18058)
* [YoutubeDL] Fallback to ie_key of matching extractor while making
download archive id when no explicit ie_key is provided (#19022)
Extractors
+ [malltv] Add support for mall.tv (#18058, #17856)
+ [spankbang:playlist] Add support for playlists (#19145)
* [spankbang] Extend URL regular expression
* [trutv] Fix extraction (#17336)
* [toutv] Fix authentication (#16398, #18700)
* [pornhub] Fix tags and categories extraction (#13720, #19135)
* [pornhd] Fix formats extraction
+ [pornhd] Extract like count (#19123, #19125)
* [radiocanada] Switch to the new media requests (#19115)
+ [teachable] Add support for courses.workitdaily.com (#18871)
- [vporn] Remove extractor (#16276)
+ [soundcloud:pagedplaylist] Add ie and title to entries (#19022, #19086)
+ [drtuber] Extract duration (#19078)
* [soundcloud] Fix paged playlists extraction, add support for albums and update client id
* [soundcloud] Update client id
* [drtv] Improve preference (#19079)
+ [openload] Add support for openload.pw and oload.pw (#18930)
+ [openload] Add support for oload.info (#19073)
* [crackle] Authorize media detail request (#16931)
version 2019.01.30.1
Core
* [postprocessor/ffmpeg] Fix avconv processing broken in #19025 (#19067)
version 2019.01.30
Core
* [postprocessor/ffmpeg] Do not copy Apple TV chapter tracks while embedding
subtitles (#19024, #19042)
* [postprocessor/ffmpeg] Disable "Last message repeated" messages (#19025)
Extractors
* [yourporn] Fix extraction and extract duration (#18815, #18852, #19061)
* [drtv] Improve extraction (#19039)
+ Add support for EncryptedUri videos
+ Extract more metadata
* Fix subtitles extraction
+ [fox] Add support for locked videos using cookies (#19060)
* [fox] Fix extraction for free videos (#19060)
+ [zattoo] Add support for tv.salt.ch (#19059)
* IPv4LL: Fixed build with this disabled
* IPv4LL: Remember last address between carrier resets
* BSD: Fixed initial link infos reported as LINK_STATE_UNKNOWN
* FreeBSD: Avoid panicing kernel for IPv6 prefix routes
3.7.0:
- Fixes for cursoring API endpoints
- Improve html_for_tweet() parsing
- Documentation cleanup
- Documentation for cursor's return_pages keyword argument
- Update links to Twitter API in documentation
- Added create_metadata endpoint
- Raise error for when cursor is not provided a callable
3.6.0:
- Improve replacing of entities with links in html_for_tweet()
- Update classifiers for PyPI
3.5.0:
- Added support for "symbols" in Twython.html_for_tweet()
- Added support for extended tweets in Twython.html_for_tweet()
- You can now check progress of video uploads to Twitter when using Twython.upload_video()
Changes:
1.7.0
-----
- Added support for:
- `photobucket` (#117)
- `hentaifox` (#160)
- `tsumino` (#161)
- Added the ability to dynamically generate extractors based on a user's
config file for
- `mastodon` instances (#144)
- `foolslide` based sites
- `foolfuuka` based archives
- Added an extractor for `behance` collections (#157)
- Added login support for `luscious` (#159) and `tsumino` (#161)
- Added an option to stop downloading if the `exhentai` image limit is
exceeded (#141)
- Fixed extraction issues for `behance` and `mangapark`
Upstream changes:
This release contains the DNS Flag Day changes for Unbound. See the
reference here, https://dnsflagday.net/ . Or this presentation:
https://indico.dns-oarc.net/event/29/contributions/662/attachments/634/1063/EDNS_Flag_Day_-_OARC29.pdf
. The EDNS timeouts are not used to fallback to nonEDNS queries.
Features
- log-tag-queryreply: yes in unbound.conf tags the log-queries and
log-replies in the log file for easier log filter maintenance.
- ip-ratelimit-factor of 1 allows all traffic through, instead of the
previous blocking everything.
- Fix#4206: support openssl 1.0.2 for TLS hostname verification,
alongside the 1.1.0 and later support that is already there.
- Add contrib/unbound-fuzzme.patch from Jacob Hoffman-Andrews,
the patch adds a program used for fuzzing.
- streamtcp option -a send queries consecutively and prints answers
as they arrive.
- out-of-order processing for TCP and TLS.
- Add stream-wait-size: 4m config option to limit the maximum
memory used by waiting tcp and tls stream replies. This avoids
a denial of service where these replies use up all of the memory.
- unbound-control stats has mem.streamwait that counts TCP and TLS
waiting result buffers.
- Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites
options for unbound.conf.
- Patch for TLS session resumption from Manabu Sonoda,
enable with tls-session-ticket-keys in unbound.conf.
- ub_ctx_set_tls call for libunbound that enables DoT for the machines
set with ub_ctx_set_fwd. Patch from Florian Obser.
Bug Fixes
- Fix that unbound-checkconf does not complains if the config file
is not placed inside the chroot.
- Refuse to start with no ports.
- Remove clang analysis warnings.
- Patch for typo in unbound.conf man page.
- Fix icon, no ragged edges and nicer resolutions available, for eg.
Win 7 and Windows 10 display.
- cache-max-ttl also defines upperbound of initial TTL in response.
- Fix config parser memory leaks.
- Fix for FreeBSD port make with dnscrypt and dnstap enabled.
- Fixup openssl 1.0.2 compile
- Fix for crash in dns64 module if response is null.
- On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN,
and server tcp fastopen is enabled at compile time.
- Document interaction between the tls-upstream option in the server
section and forward-tls-upstream option in the forward-zone sections.
- Fix syntax in comment of local alias processing.
- Fix NSEC3 record that is returned in wildcard replies from
auth-zone zones with NSEC3 and wildcards.
- Log query name for looping module errors.
- For caps-for-id fallback, use the whitelist to avoid timeout
starting a fallback sequence for it.
- increase mesh max activation count for capsforid long fetches.
- Fix for #4219: secondaries not updated after serial change, unbound
falls back to AXFR after IXFR gives several timeout failures.
- Fix that auth zone after IXFR fallback tries the same master.
- Fix for IXFR fallback to reset counter when IXFR does not timeout.
- Newer aclocal and libtoolize used for generating configure scripts,
aclocal 1.16.1 and libtoolize 2.4.6.
- Fix unit test for python 3.7 new keyword 'async'.
- clang analysis fixes, assert arc4random buffer in init,
no check for already checked delegation pointer in iterator,
in testcode check for NULL packet matches, in perf do not copy
from NULL start list when growing capacity. Adjust host and file
only when present in test header read to please checker. In
testcode for unknown macro operand give zero result. Initialise the
passed argv array in test code. In test code add EDNS data
segment copy only when nonempty.
- Patch from Florian Obser fixes some compiler warnings:
include mini_event.h to have a prototype for mini_ev_cmp
include edns.h to have a prototype for apply_edns_options
sldns_wire2str_edns_keepalive_print is only called in the wire2str,
module declare it static to get rid of compiler warning:
no previous prototype for function
infra_find_ip_ratedata() is only called in the infra module,
declare it static to get rid of compiler warning:
no previous prototype for function
do not shadow local variable buf in authzone
auth_chunks_delete and az_nsec3_findnode are only called in the
authzone module, declare them static to get rid of compiler warning:
no previous prototype for function...
copy_rrset() is only called in the respip module, declare it
static to get rid of compiler warning:
no previous prototype for function 'copy_rrset'
no need for another variable "r"; gets rid of compiler warning:
declaration shadows a local variable in libunbound.c
no need for another variable "ns"; gets rid of compiler warning:
declaration shadows a local variable in iterator.c
- Moved includes and make depend.
- updated contrib/fastrpz.patch to cleanly diff.
- remove compile warnings from libnettle compile.
- output of newer lex 2.6.1 and bison 3.0.5.
- Set build system for added call in the libunbound API.
- List example config for root zone copy locally hosted with auth-zone
as suggested from draft-ietf-dnsop-7706-bis-02. But with updated
B root address.
- Fixed spelling of tls-ciphers option in example.conf.
- Added support for parsing natively lines with ':' (colons) within
environment variables for tcprules.
- Fixed bug in tcprules abending with certain with IPv4/CIDR addresses.
- New installation PREFIX is now 'net' (and not 'host').
Changes
3.7.1
Restored support for Java 8.
3.7.0
#71 Added support for empty passwords for BASIC and DIGEST auth.
#72 Ability to edit URL encoded body parameter.
#73 Zip distribution build was generating wrong format.
3.6.2
XML formatting now uses jxmlfmt.
Built using Java 10. Requires Java 10 to run.
Overall changes:
CMake now is the default build system, Autotools were removed.
In addition to TravisCI, all commits are now build-tested by AppVeyorCI.
LibVNCServer/LibVNCClient:
Numerous build fixes for Visual Studio compilers to the extent that
one can now build the project with these. The needed changes for
successfully running stuff will be implemented in 0.9.13.
Fixed building for Android and added build instructions.
Removed the unused PolarSSL wrapper.
Updated the bundled noVNC to latest release 1.0.0.
Allowed to use global LZO library instead of miniLZO.
LibVNCClient:
Support for OpenSSL 1.1.x.
Support for overriding the default rectangle decode handlers (with
hardware-accelerated ones for instance) thanks to Balazs Ludmany.
vnc2mpg updated.
Added support for X509 server certificate verification as part of the
handshake process thanks to Simon Waterman.
Added a TRLE decoder thanks to Wiki Wang.
Included Tight decoding optimizations from TurboVNC thanks to DRC.
Ported the SDL viewer from SDL 1.2 to SDL 2.0.
Numerous security fixes.
Added support for custom auth handlers in order to support additional
security types.
LibVNCServer:
Websockets rework to remove obsolete code thanks to Andreas Weigel.
Ensured compatibility with gtk-vnc 0.7.0+ thanks to Micha K pie .
The built-in webserver now sends correct MIME type for Javascript.
Numerous memory management issues fixed.
Made the TightVNC-style file transfer more stable.
Changelog:
Knot DNS 2.7.6 (2019-01-23)
===========================
Improvements:
-------------
- Zone status also shows when the zone load is scheduled
- Server workers status also shows background workers utilization
- Default control timeout for knotc was increased to 10 seconds
- Pkg-config files contain auxiliary variable with library filename
Bugfixes:
---------
- Configuration commit or server reload can drop some pending zone events
- Nonempty zone journal is created even though it's disabled #635
- Zone is completely re-signed during empty dynamic update processing
- Server can crash when storing a big zone difference to the journal
- Failed to link on FreeBSD 12 with Clang
Knot DNS 2.7.5 (2019-01-07)
===========================
Features:
---------
- Keymgr supports NSEC3 salt handling
Improvements:
-------------
- Zone history in journal is dropped apon AXFR-like zone update
- Libdnssec is no longer linked against libm #628
- Libdnssec is explicitly linked against libpthread if PKCS #11 enabled #629
- Better support for libknot packaging in Python
- Manually generated KSK is 'ready' by default
- Kdig supports '+timeout' as an alias for '+time'
- Kdig supports '+nocomments' option
- Kdig no longer prints empty lines between retries
- Kdig returns failure if operations not successfully resolved#632
- Fixed repeating of the 'KSK submission, waiting for confirmation' log
- Various improvements in documentation, Dockerfile, and tests
Bugfixes:
---------
- Knotc fails to unset huge configuration section
- Kjournalprint sometimes fails to display zone journal content
- Improper timing of ZSK removal during ZSK rollover
- Missing UTC time zone indication in the 'iso' keymgr list output
- A race condition in the online signing module
Knot DNS 2.7.4 (2018-11-13)
===========================
Features:
---------
- Added SNI configuration for TLS in kdig (Thanks to Alexander Schultz)
Improvements:
-------------
- Added warning log when DNSSEC events not successfully scheduled
- New semantic check on timer values in keymgr
- DS query no longer asks other addresses if got a negative answer
- Reintroduced 'rollover' configuration option for CDS/CDNSKEY publication
- Extended logging for zone loading
- Various documentation improvements
Bugfixes:
---------
- Failed to import module configuration #613
- Improper Cflags value in libknot.pc if built with embedded LMDB #615
- IXFR doesn't fall back to AXFR if malformed reply
- DNSSEC events not correctly scheduled for empty zone updates
- During algorithm rollover old keys get removed before DS TTL expires #617
- Maximum zone's RRSIG TTL not considered during algorithm rollover #620
Knot DNS 2.7.3 (2018-10-11)
===========================
Features:
---------
- New queryacl module for query access control
- Configurable answer rrset rotation #612
- Configurable NSEC bitmap in online signing
Improvements:
-------------
- Better error logging for KASP DB operations #601
- Some documentation improvements
Bugfixes:
---------
- Keymgr "list" output doesn't show key size for ECDSA algorithms #602
- Failed to link statically with embedded LMDB
- Configuration commit causes zone reload for all zones
- The statistics module overlooks TSIG record in a request
- Improper processing of an AXFR-style-IXFR response consisting of one-record messages
- Race condition in online signing during key rollover #600
- Server can crash if geoip module is enabled in the geo mode
Knot DNS 2.7.2 (2018-08-29)
===========================
Improvements:
-------------
- Keymgr list command displays also key size
- Kjournalprint displays total occupied size in the debug mode
- Server doesn't stop if failed to load a shared module from the module directory
- Libraries libcap-ng, pthread, and dl are linked selectively if needed
Bugfixes:
---------
- Sometimes incorrect result from dnssec_nsec_bitmap_contains (libdnssec)
- Server can crash when loading zone file difference and zone-in-journal is set
- Incorrect treatment of specific queries in the module RRL
- Failed to link module Cookies as a shared library
Knot DNS 2.7.1 (2018-08-14)
===========================
Improvements:
-------------
- Added zone wire size information to zone loading log message
- Added debug log message for each unsuccessful remote address operation
- Various improvements for packaging
Bugfixes:
---------
- Incompatible handling of RRSIG TTL value when creating a DNS message
- Incorrect RRSIG TTL value in zone differences and knotc zone operation outputs
- Default configure prefix is ignored
Knot DNS 2.7.0 (2018-08-03)
===========================
Features:
---------
- New DNS Cookies module and related '+cookie' kdig option
- New module for response tailoring according to client's subnet or geographic location
- General EDNS Client Subnet support in the server
- OSS-Fuzz integration (Thanks to Jonathan Foote)
- New '+ednsopt' kdig option (Thanks to Jan Včelák)
- Online Signing support for automatic key rollover
- Non-normal file (e.g. pipe) loading support in zscanner #542
- Automatic SOA serial incrementation if non-empty zone difference
- New zone file load option for ignoring zone file's SOA serial
- New build-time option for alternative malloc specification
- Structured logging for DNSSEC key submission event
- Empty QNAME support in kdig
Improvements:
-------------
- Various library and server optimizations
- Reduced memory consumption of outgoing IXFR processing
- Linux capabilities use overhaul #546 (Thanks to Robert Edmonds)
- Online Signing properly signs delegations and CNAME records
- CDS/CDNSKEY rrset is signed with KSK instead of ZSK
- DNSSEC-related records are ignored when loading zone difference with signing enabled
- Minimum allowed RSA key length was increased to 1024
- Removed explicit dependency on Nettle
Bugfixes:
---------
- Possible uninitialized address buffer use in zscanner
- Possible index overflow during multiline record parsing in zscanner
- kdig +tls sometimes consumes 100 % CPU #561
- Single-Type Signing doesn't work with single ZSK key #566
- Zone not flushed after re-signing during zone load #594
- Server crashes when committing empty zone transaction
- Incoming IXFR with on-slave signing sometimes leads to memory corruption #595
Compatibility:
--------------
- Removed obsolete RRL configuration
- Removed obsolete module names 'mod-online-sign' and 'mod-synth-record'
- Removed obsolete 'ixfr-from-differences' configuration option
- Removed old journal migration
- Removed module rosedb
Knot DNS 2.6.9 (2018-08-14)
===========================
Improvements:
-------------
- Added zone wire size to zone loading log message
- Added debug log message for each unsuccessful remote address operation
Bugfixes:
---------
- Zone not flushed after re-signing during zone load #594
- Server crashes when committing empty zone transaction
- Incoming IXFR with on-slave signing sometimes leads to memory corruption #595
Knot DNS 2.6.8 (2018-07-10)
===========================
Features:
---------
- New 'import-pkcs11' command in keymgr
Improvements:
-------------
- Unixtime serial policy mimics Bind – increment if lower #593
Bugfixes:
---------
- Creeping memory consuption upon server reload #584
- Kdig incorrectly detects QNAME if 'notify' is a prefix
- Server crashes when zone sign fails #587
- CSK->KZSK rollover retires CSK early #588
- Server crashes when zone expires during outgoing multi-message transfer
- Kjournalprint doesn't convert zone name argument to lower-case
- Cannot switch to a previously used ksk-shared dnssec policy #589
Knot DNS 2.6.7 (2018-05-17)
===========================
Features:
---------
- Added 'dateserial' (YYYYMMDDnn) serial policy configuration (Thanks to Wolfgang Jung)
Improvements:
-------------
- Trailing data indication from the packet parser (libknot)
- Better configuration check for a problematical option combination
Bugfixes:
---------
- Incomplete configuration option item name check
- Possible buffer overflow in 'knot_dname_to_str' (libknot)
- Module dnsproxy doesn't preserve letter case of QNAME
- Module dnsproxy duplicates OPT and TSIG in the non-fallback mode
Knot DNS 2.6.6 (2018-04-11)
===========================
Features:
---------
- New EDNS option counters in the statistics module
- New '+orphan' filter for the 'zone-purge' operation
Improvements:
-------------
- Reduced memory consuption of disabled statistics metrics
- Some spelling fixes (Thanks to Daniel Kahn Gillmor)
- Server no longer fails to start if MODULE_DIR doesn't exist
- Configuration include doesn't fail if empty wildcard match
- Added a configuration check for a problematical option combination
Bugfixes:
---------
- NSEC3 chain not re-created when SOA minimum TTL changed
- Failed to start server if no template is configured
- Possibly incorrect SOA serial upon changed zone reload with DNSSEC signing
- Inaccurate outgoing zone transfer size in the log message
- Invalid dname compression if empty question section
- Missing EDNS in EMALF responses
Knot DNS 2.6.5 (2018-02-12)
===========================
Features:
---------
- New 'zone-notify' command in knotc
- Kdig uses '@server' as a hostname for TLS authenticaion if '+tls-ca' is set
Improvements:
-------------
- Better heap memory trimming for zone operations
- Added proper polling for TLS operations in kdig
- Configuration export uses stdout as a default output
- Simplified detection of atomic operations
- Added '--disable-modules' configure option
- Small documentation updates
Bugfixes:
---------
- Zone retransfer doesn't work well if more masters configured
- Kdig can leak or double free memory in corner cases
- Inconsistent error outputs from dynamic configuration operations
- Failed to generate documentation on OpenBSD
Knot DNS 2.6.4 (2018-01-02)
===========================
Features:
---------
- Module synthrecord allows multiple 'network' specification
- New CSK handling support in keymgr
Improvements:
-------------
- Allowed configuration for infinite zsk lifetime
- Increased performance and security of the module synthrecord
- Signing changeset is stored into journal even if 'zonefile-load' is whole
Bugfixes:
---------
- Unintentional zone re-sign during reload if empty NSEC3 salt
- Inconsistent zone names in journald structured logs
- Malformed outgoing transfer for big zone with TSIG
- Some minor DNSSEC-related issues
Knot DNS 2.6.3 (2017-11-24)
===========================
Bugfixes:
---------
- Wrong detection of signing scheme rollover
Knot DNS 2.6.2 (2017-11-23)
===========================
Features:
---------
- CSK algorithm rollover and (KSK, ZSK) <-> CSK rollover support
Improvements:
-------------
- Allowed explicit configuration for infinite ksk lifetime
- Proper error messages instead of unclear error codes in server log
- Better support for old compilers
Bugfixes:
---------
- Unexpected reply for DS query with an owner below a delegation point
- Old dependencies in the pkg-config file
Knot DNS 2.6.1 (2017-11-02)
===========================
Features:
---------
- NSEC3 Opt-Out support in the DNSSEC signing
- New CDS/CDNSKEY publish configuration option
Improvements:
-------------
- Simplified DNSSEC log message with DNSKEY details
- +tls-hostname in kdig implies +tls-ca if neither +tls-ca nor +tls-pin is given
- New documentation sections for DNSSEC key rollovers and shared keys
- Keymgr no longer prints useless algorithm number for generated key
- Kdig prints unknown RCODE in a numeric format
- Better support for LLVM libFuzzer
Bugfixes:
---------
- Faulty DNAME semantic check if present in the zone apex and NSEC3 is used
- Immediate zone flush not scheduled during the zone load event
- Server crashes upon dynamic zone addition if a query module is loaded
- Kdig fails to connect over TLS due to SNI is set to server IP address
- Possible out-of-bounds memory access at the end of the input
- TCP Fast Open enabled by default in kdig breaks TLS connection
Knot DNS 2.6.0 (2017-09-29)
===========================
Features:
---------
- On-slave (inline) signing support
- Automatic DNSSEC key algorithm rollover
- Ed25519 algorithm support in DNSSEC (requires GnuTLS 3.6.0)
- New 'journal-content' and 'zonefile-load' configuration options
- keymgr tries to run as user/group set in the configuration
- Public-only DNSSEC key import into KASP DB via keymgr
- NSEC3 resalt and parent DS query events are persistent in timer DB
- New processing state for a response suppression within a query module
- Enabled server side TCP Fast Open if supported
- TCP Fast Open support in kdig
Improvements:
-------------
- Better record owner compression if related to the previous rdata dname
- NSEC(3) chain is no longer recomputed whole on every update
- Remove inconsistent and unnecessary quoting in log files
- Avoiding of overlapping key rollovers at a time
- More DNSSSEC-related semantic checks
- Extended timestamp format in keymgr
Bugfixes:
---------
- Incorrect journal free space computation causing inefficient space handling
- Interface-automatic broken on Linux in the presence of asymmetric routing
pkgsrc changes:
* Add logic to generate man page via pre-install target instead of
generating it manually
Changes:
### Changes since v2.7
* New `hub api` command for scripting with GitHub API
<https://github.com/github/hub/pull/2016>
* Re-implement CLI flag parsing so that `--message <MSG>` is equivalent to
`--message=<MSG>` <https://github.com/github/hub/pull/2008>
* Re-implement `make man-pages` in Go instead of Ruby
<https://github.com/github/hub/pull/1990>
* `issue create --label` is now `issue create --labels` to align with
existing documentation
* Output crash debugging information on stderr instead of stdout
* Build improvements:
- respect environment LDFLAGS
- strip the build path from resulting executable
- enable reproducible builds with SOURCE_DATE_EPOCH
Upstream changes:
0.41 2018/12/20 08:30:00
- Fixed supported() to say HELP isn't supported if OverriedHELP was used.
Wasn't doing this in 100% of the logic paths.
- Fixed nlst/list bug when filter patterns & callbacks were both in use.
The results of the end callback wasn't having the pattern applied to filter
the results. Patterns are now applied to filter things before & after the
callback is called, where before it was only done before the callback was
called.
- Fixed nlst/list to both call _common_list() instead of having list do both.
- The DebugLogFile option now turns autoflush on when the log file is opened.
I was loosing the log file contents on certain types of errors when
autoflush was turned off making it difficult to troubleshoot issues.
- Tweaked the ccc() hack slightly. Also the above log file fix seems to have
stabilized the CCC hack when the logs are turned on when it works. Though
some servers sometimes throw "Unexpeced EOF" errors after executing the CCC.
So I put in a couple of sleeps for 1 second each & the command became even
more stable. Suggesting that the "Unexpected EOF" errors were caused by
timing issues.
- Added uput2() method to deal with the problem that uput() can't always
tell you the actual name of the file on the FTPS server and you really need
to know that filename. (slow)
- Rewrote the uput() POD to reflect what the command actually does instead
of what it's supposed to do. Different servers implemented it differently.
- Tweaked the depreciated "useSSL" option to make it easier to remove in
the future.
- Minor tweaks to _help() & supported() dealing with OverrideHELP & _help()
can now include disabled commands in it's hash. (The key's value is 0 if
disabled. Else non-zero if a supported command.) Before it just silently
tossed disabled commands.
- Added mlsd() - List of files in machine readable format.
- Added mlst() - Get file details in machine readable foramt.
- Added parse_mlsx() to parse the returned values of mlsd() & mlst().
- Modified size() to have option of using MLST as an alternate way to get a
file's size.
- Modified is_dir() & is_file() to be able to use MLST as the prefered way
to do these tests. Falls back on original tests if MLST isn't supported
or doesn't have the TYPE feature enabled.
- Redesigned all the test cases from scratch! Rather than choose one of 3
huge scripts to run, everything has been replaced by a lot of smaller test
cases. Makes it much simpler to verify everything is working without the
need for messy complex code or having to carefully examine log files
afterwards.
- The test cases no longer uses the depreciated "useSSL" option. They use
the "SSL_version" option instead.
- t/test-helper/helper1234.pm, new helper module to centralize the asking
of questions and to share the answers between all the test cases. So
that "make test" only prompts you a single time for your server info.
- No longer uses environment variables to "remember" answers. Now uses
a dynamically built config file of options selected. Just have to
answer the questions the 1st time run via "make test".
- MANIFEST - Added all the new test cases and removed the old ones.
- Updated the LISCENSE file to say 2018 (from 2017)
- Update the README file to say 2018 (from 2017) Then completly rewrote it.
Changes in version 0.0.8 - 2019-01-20:
- Bug 24793: Send the correct authorization HTTP header for basic auth.
- (meek_lite) Explicitly set Content-Length to zero when there is no
data to send.
- Added optional support for building as a Go 1.11 module. Patch by
mvdan.
- Change the canonical upstream repo location to gitlab.
Changelog:
2019/01/08 : 1.8.17
- BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify()
- MINOR: mux-h2: only increase the connection window with the first update
- BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than the max
- BUG/MEDIUM: server: Also copy "check-sni" for server templates.
- MINOR: lb: allow redispatch when using consistent hash
- MINOR: stream/cli: fix the location of the waiting flag in "show sess all"
- MINOR: stream/cli: report more info about the HTTP messages on "show sess all"
- BUG/MEDIUM: cli: make "show sess" really thread-safe
- BUG/MINOR: lua: Return an error if a legacy HTTP applet doesn't send anything
- BUG/MINOR: lua: bad args are returned for Lua actions
- BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred
- BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used
2018/12/21 : 1.8.16
- BUG/MINOR: logs: leave startup-logs global and not per-thread
- BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response()
- BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns error
2018/12/13 : 1.8.15
- MINOR: threads: Make sure threads_sync_pipe is initialized before using it.
- DOC: clarify force-private-cache is an option
- BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2
- BUG/MINOR: backend: check that the mux installed properly
- BUG/MEDIUM: buffers: Make sure we don't wrap in buffer_insert_line2/replace2.
- MEDIUM: ssl: add support for ciphersuites option for TLSv1.3
- BUG/MEDIUM: Cur/CumSslConns counters not threadsafe.
- BUG/MINOR: checks: queues null-deref
- BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM.
- BUG/MEDIUM: stream: don't crash on out-of-memory
- BUILD: ssl: fix null-deref warning in ssl_fc_cipherlist_str sample fetch
- BUILD: ssl: fix another null-deref warning in ssl_sock_switchctx_cbk()
- BUILD: stick-table: make sure not to fail on task_new() during initialization
- BUILD: peers: check allocation error during peers_init_sync()
- DOC: Fix a few typos
- BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous point
- BUG/MEDIUM: threads: make sure threads_want_sync is marked volatile
- BUILD: compiler: add a new statement "__unreachable()"
- MINOR: lua: all functions calling lua_yieldk() may return
- BUILD: lua: silence some compiler warnings about potential null derefs (#2)
- BUILD: lua: silence some compiler warnings after WILL_LJMP
- CLEANUP: stick-tables: Remove unneeded double (()) around conditional clause
- BUILD: Makefile: add a "make opts" target to simply show the build options
- BUILD: Makefile: speed up compiler options detection
- BUILD: Makefile: silence an option conflict warning with clang
- MINOR: server: Use memcpy() instead of strncpy().
- MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80.
- MINOR: peers: use defines instead of enums to appease clang.
- DOC: fix reference to map files in MAINTAINERS
- BUILD: compiler: rename __unreachable() to my_unreachable()
- BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF.
- BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent.
- BUILD: Makefile: add the new ERR variable to force -Werror
- BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB).
- BUG/MINOR: cache: Wrong usage of shctx_init().
- BUG/MINOR: ssl: Wrong usage of shctx_init().
- DOC: cache: Missing information about "total-max-size"
- BUG/MINOR: only mark connections private if NTLM is detected
- BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic
- BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer
- BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe
- BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn
- BUG/MEDIUM: Make sure stksess is properly aligned.
- BUG/MINOR: config: Copy default error messages when parsing of a backend starts
- BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field
- BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id
- BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name
- BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed
- BUG/MINOR: lb-map: fix unprotected update to server's score
- BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR.
- BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation
- BUG/MINOR: mux-h2: refrain from muxing during the preface
- BUG/MINOR: mux-h2: advertise a larger connection window size
- BUILD: compression: fix build error with DEFAULT_MAXZLIBMEM
- BUILD: threads: fix minor build warnings when threads are disabled
- MINOR: stats: report the number of active jobs and listeners in "show info"
- MINOR: servers: Free [idle|safe|priv]_conns on exit.
- DOC: clarify that check-sni needs an argument.
- DOC: refer to check-sni in the documentation of sni
- BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name
- BUG: dns: Prevent out-of-bounds read in dns_read_name()
- BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()
- BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response()
- BUG: dns: Fix off-by-one write in dns_validate_dns_response()
- DOC: Update configuration doc about the maximum number of stick counters.
- DOC: restore note about "independant" typo
- DOC: Fix typos in README and CONTRIBUTING
- DOC: Fix typos in different subsections of the documentation
- DOC: fix a few typos in the documentation
- Fix GNU/Hurd build.
- Discover vpnc-script in default packaged location on FreeBSD/OpenBSD.
- Support split-exclude routes for GlobalProtect.
- Fix GnuTLS builds without libtasn1.
- Fix DTLS support with OpenSSL 1.1.1+.
- Add Cisco-compatible DTLSv1.2 support.
- Invoke script with reason=attempt-reconnect before doing so.
* OpenBSD: works alongside slaacd(8)
* NetBSD: sets SO_RERROR on to detect receive socket overflow
* BSD: route improvements to avoid listening for own changes
* Linux: use NETLINK_BROADCAST_ERROR
* BSD: avoid late address deletion messages by testing address existance
* IP6: implement IP6 address sharing
* BSD: catch UP/DOWN events when interfaces does support media changes
* IPv4LL: remember old address when carrier is lost
3.0.0
* Padding bytes are now properly validated when reading xdr values. According
to the XDR spec, padding must be zeros.
* Use activemodel and activesuport 5.2
maradns-2.0.16:
This is the stable release of MaraDNS. A very minor security update was made.
Deadwood updated to 3.2.12
maradns-2.0.15:
This is the stable release of MaraDNS. No security updates were done in this release.
Deadwood updated to 3.2.11
maradns-2.0.14:
This is the stable release of MaraDNS. No security updates were done in this release.
Deadwood updated to 3.2.10
Changes:
2.7.1
-----
* Respect chosen Enterprise host on `hub init -g`
* Ensure consistent order of options when prompted to choose between
multiple configured GitHub hosts
* Ensure alphabetical sort of `hub issue labels` output
* Improve contrast of label text vs. its background color
* Various documentation formatting tweaks
Changes:
1.6.3
-----
- Added `metadata` post-processor to write image metadata to an external
file (#135)
- Added option to reverse chapter order of manga extractors (#149)
- Added authentication support for `danbooru` (#151)
- Added tag metadata for `exhentai` and `hbrowse` galleries
- Improved `*reactor` extractors (#148)
- Fixed extraction issues for `nhentai` (#156), `pinterest`, `mangapark`
XXX Remove MESSAGE as nsd 4.0.0 came out in October 2013?
XXX Did not add dnstap support to pkg.
29 November 2018: Wouter
- Tag for 4.1.26rc1.
27 November 2018: Wouter
- Fix parsezone failure in 4194 fix.
26 November 2018: Wouter
- Fix to not set GLOB_NOSORT so the nsd.conf include: files are
sorted and in a predictable order.
- Added nsd-control changezone. nsd-control changezone name pattern
allows the change of a zone pattern option without downtime for
the zone, in one operation.
- Fix#3433: document that reconfig does not change per-zone stats.
20 November 2018: Wouter
- Fix#4205: enable-recvmmsg in mixed IPv4/IPv6 environment fails.
This sets the msg_hdr.msg_namelen correctly after receipt.
19 November 2018: Wouter
- Support SO_REUSEPORT_LB in FreeBSD 12 with the reuseport: yes
option in nsd.conf.
- Fix#4202: nsd-control delzone incorrect exit code on error.
- Tab style fix to use tab for 8 spaces, from Xiaobo Liu.
25 October 2018: Wouter
- Adjust dnstap socket path for chroot.
22 October 2018: Wouter
- Fix#4194: Zone file parser derailed by non-FQDN names in RHS of
DNSSEC RRs.
- Fix some more, neater code and checks for domain length limit.
- check that the dnstap socket file can be opened and exists, print
error if not.
4 October 2018: Wouter
- dnstap work, the dnstap.proto is a copy of the file from Unbound,
also dnstap.m4 configure include file.
- dnstap collector: free eventbase and memclean nicer.
- dnstap collector: send data and read it in collector.
- dnstap/dnstap.c and .h from Unbound's contribution from
Farsight Security, added to then adapt it for dnstap logging in NSD.
- dnstap.c with auth query and auth response, and called from
the collector.
- dnstap work, config nsd.conf parse.
- dnstap example config.
25 September 2018: Wouter
- NSD 4.1.25 released, trunk has 4.1.26 in development.
18 September 2018: Wouter
- tag for NSD 4.1.25rc1.
17 September 2018: Wouter
- Fix#4156: Fix systemd service manager state change notification
14 September 2018: Wouter
- Remove unused if clause during server service startup.
13 September 2018: Wouter
- Fix typo in clang analysis test.
- Annotate exit functions with noreturn.
- nsd-control prints neater errors for file failures.
12 September 2018: Wouter
- clang analysis test.
11 September 2018: Wouter
- Fix to combine the same error function into one, from Xiaobo Liu.
- Fix initialisation in remote.c.
- please clang analyzer and fix parse of IPSECKEY with bad gateway.
- Fix unit test code for clang analyzer.
- Fix nsd-checkconf fail on bad zone name.
10 September 2018: Wouter
- Fix coding style in nsd.c
7 September 2018: Wouter
- append_trailing_slash has one implementation and is not repeated
differently.
4 September 2018: Wouter
- Fix codingstyle in nsd-checkconf.c in patch from Sharp Liu.
15 August 2018: Wouter
- Fix use_systemd typo/leftover in remote.c.
13 August 2018: Wouter
- tag for 4.1.24 release.
- trunk is 4.1.25 in development.
- Fix that nsec3 precompile deletion happens before the RRs of
the zone are deleted.
- Fix printout of accepted remote control connection for unix sockets.
6 August 2018: Wouter
- tag for 4.1.24rc1 release.
dnstap: flexible, structured event replication format for DNS servers
dnstap implements an encoding format for DNS server events. It uses
a lightweight framing on top of event payloads encoded using Protocol
Buffers and is transport neutral.
dnstap can represent internal state inside a DNS server that is
difficult to obtain using techniques based on traditional packet
capture or unstructured textual format logging.
This repository contains a command-line tool named "dnstap" developed
in the Go programming language.
Frame Streams implementation in Go
https://github.com/farsightsec/golang-framestream
Frame Streams is a lightweight, binary-clean protocol that allows
for the transport of arbitrarily encoded data payload sequences
with minimal framing overhead.
This package provides a pure Golang implementation. The Frame
Streams implementation in C is at https://github.com/farsightsec/fstrm/.
The example framestream_dump program reads a Frame Streams formatted
input file and prints the data frames and frame byte counts.
This is fstrm, a C implementation of the Frame Streams data transport
protocol.
Frame Streams is a light weight, binary clean protocol that allows
for the transport of arbitrarily encoded data payload sequences
with minimal framing overhead -- just four bytes per data frame.
Frame Streams does not specify an encoding format for data frames
and can be used with any data serialization format that produces
byte sequences, such as Protocol Buffers, XML, JSON, MessagePack,
YAML, etc. Frame Streams can be used as both a streaming transport
over a reliable byte stream socket (TCP sockets, TLS connections,
AF_UNIX sockets, etc.) for data in motion as well as a file format
for data at rest. A "Content Type" header identifies the type of
payload being carried over an individual Frame Stream and allows
cooperating programs to determine how to interpret a given sequence
of data payloads.
fstrm is an optimized C implementation of Frame Streams that includes
a fast, lockless circular queue implementation and exposes library
interfaces for setting up a dedicated Frame Streams I/O thread and
asynchronously submitting data frames for transport from worker
threads. It was originally written to facilitate the addition of
high speed binary logging to DNS servers written in C using the
dnstap log format.
1.16.89
api-change:storagegateway: Update storagegateway command to latest version
api-change:mediaconvert: Update mediaconvert command to latest version
1.16.88
api-change:rds-data: Update rds-data command to latest version
api-change:emr: Update emr command to latest version
1.16.87
api-change:sagemaker: Update sagemaker command to latest version
api-change:iot: Update iot command to latest version
api-change:codedeploy: Update codedeploy command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.86
api-change:redshift: Update redshift command to latest version
api-change:docdb: Update docdb command to latest version
1.16.85
api-change:appmesh: Update appmesh command to latest version
1.16.84
api-change:ecs: Update ecs command to latest version
enhancment:cloudformation: Unroll yaml anchors in cloudformation package.
api-change:devicefarm: Update devicefarm command to latest version
1.16.83
api-change:iotanalytics: Update iotanalytics command to latest version
1.16.82
api-change:opsworkscm: Update opsworkscm command to latest version
1.16.81
api-change:dynamodb: Update dynamodb command to latest version
api-change:stepfunctions: Update stepfunctions command to latest version
api-change:sms-voice: Update sms-voice command to latest version
api-change:acm-pca: Update acm-pca command to latest version
1.16.80
api-change:transcribe: Update transcribe command to latest version
api-change:comprehend: Update comprehend command to latest version
api-change:medialive: Update medialive command to latest version
api-change:firehose: Update firehose command to latest version
api-change:cognito-idp: Update cognito-idp command to latest version
1.9.79
api-change:storagegateway: [botocore] Update storagegateway client to latest version
api-change:mediaconvert: [botocore] Update mediaconvert client to latest version
1.9.78
api-change:rds-data: [botocore] Update rds-data client to latest version
api-change:emr: [botocore] Update emr client to latest version
1.9.77
api-change:iot: [botocore] Update iot client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:codedeploy: [botocore] Update codedeploy client to latest version
api-change:sagemaker: [botocore] Update sagemaker client to latest version
1.9.76
api-change:docdb: [botocore] Update docdb client to latest version
api-change:redshift: [botocore] Update redshift client to latest version
1.9.75
api-change:appmesh: [botocore] Update appmesh client to latest version
1.9.74
api-change:ecs: [botocore] Update ecs client to latest version
api-change:devicefarm: [botocore] Update devicefarm client to latest version
1.9.73
api-change:iotanalytics: [botocore] Update iotanalytics client to latest version
1.9.72
enhancement:Paginator: [botocore] Added over 400 new paginators.
api-change:opsworkscm: [botocore] Update opsworkscm client to latest version
1.9.71
api-change:acm-pca: [botocore] Update acm-pca client to latest version
api-change:dynamodb: [botocore] Update dynamodb client to latest version
api-change:sms-voice: [botocore] Update sms-voice client to latest version
api-change:stepfunctions: [botocore] Update stepfunctions client to latest version
1.12.79
api-change:storagegateway: Update storagegateway client to latest version
api-change:mediaconvert: Update mediaconvert client to latest version
1.12.78
api-change:rds-data: Update rds-data client to latest version
api-change:emr: Update emr client to latest version
1.12.77
api-change:iot: Update iot client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:codedeploy: Update codedeploy client to latest version
api-change:sagemaker: Update sagemaker client to latest version
1.12.76
api-change:docdb: Update docdb client to latest version
api-change:redshift: Update redshift client to latest version
1.12.75
api-change:appmesh: Update appmesh client to latest version
1.12.74
api-change:ecs: Update ecs client to latest version
api-change:devicefarm: Update devicefarm client to latest version
1.12.73
api-change:iotanalytics: Update iotanalytics client to latest version
1.12.72
enhancement:Paginator: Added over 400 new paginators.
api-change:opsworkscm: Update opsworkscm client to latest version
1.12.71
api-change:acm-pca: Update acm-pca client to latest version
api-change:dynamodb: Update dynamodb client to latest version
api-change:sms-voice: Update sms-voice client to latest version
api-change:stepfunctions: Update stepfunctions client to latest version
Python FTP server library provides a high-level portable interface to easily
write very efficient, scalable and asynchronous FTP servers with Python. It is
the most complete RFC-959 FTP server implementation available for Python
programming language and it's used in projects like Google Chromium and Bazaar
and included in Debian, Fedora and FreeBSD package repositories.
A Python interface to sendfile(2). sendfile(2) is a system call which provides
a "zero-copy" way of copying data from one file descriptor to another (a
socket). The phrase "zero-copy" refers to the fact that all of the copying of
data between the two descriptors is done entirely by the kernel, with no
copying of data into userspace buffers. This is particularly useful when
sending a file over a socket (e.g. FTP).
Based on PR 53878 by David J. Weller-Fahy
This major release honors the fact that Syncthing is used widely
and since a while no longer "really in beta". It does not represent
a breaking change.
Bugfixes:
#5324: Incorrect warning when --home and path on same directory level
#5369: Empty file field in log when normalizePath failed
#5372: Event system can cause deadlock
Enhancements:
#2760: Option to limit max simultaneous scans
#5286: Add hardening options to systemd units
#5320: Show configured rate limit in the GUI
#5336: Show list of locally changed files for receive only folders
Other issues:
#5334: New chmduquesne/rollinghash breaks tests
#5362: lib/model: TestDeregister* tests are bad
Wireshark 2.6.6 Release Notes
What is Wireshark?
Wireshark is the world’s most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
What’s New
• The Windows installers now ship with Qt 5.9.7. Previously they
shipped with Qt 5.9.5.
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2019-01[1] The 6LoWPAN dissector could crash.
• wnpa-sec-2019-02[4] The P_MUL dissector could crash.
• wnpa-sec-2019-03[7] The RTSE dissector and other dissectors could
crash.
• wnpa-sec-2019-04[10] The ISAKMP dissector could crash.
The following bugs have been fixed:
• console.lua not found in a folder with non-ASCII characters in
its name.
• Disabling Update list of packets in real time. will generally
trigger crash after three start capture, stop capture cycles.
• UDP Multicast Stream double counts.
• text2pcap et al. set snaplength to 64kiB-1, while processing
frames of 256kiB.
• Builds without libpcap fail if the libpcap headers aren’t
installed.
• TCAP AnalogRedirectRecord parameter incorrectly coded as
mandatory in QualReq_rr message.
• macOS DMG appears to have duplicate files.
• Wireshark jumps behind other windows when opening UAT dialogs.
• Pathnames containing non-ASCII characters are mangled in error
dialogs on Windows.
• Executing -z http,stat -r file.pcapng throws a segmentation
fault.
• IS-41 TCAP RegistrationNotification Invoke has borderCellAccess
parameter coded as tag 50 (as denyAccess) but should be 58.
• In DNS statistics, response times > 1 sec not included.
• GTPv2 APN dissect problem.
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
6LoWPAN, ANSI MAP, DNP3, DNS, GSM A, GTP, GTPv2, IMF, ISAKMP, ISObus
VT, Kerberos, P_MUL, RTSE, S7COMM, and TCAP
2.4.0
- Fix inconsistent frame_handler return value.
The function returned by frame_handler is meant to return True
once the complete message is received and the callback is called,
False otherwise.
This fixes the return value for messages with a body split across
multiple frames, and heartbeat frames.
- Don't default content_encoding to utf-8 for bytes.
This is not an acceptable default as the content may not be
valid utf-8, and even if it is, the producer likely does not
expect the message to be decoded by the consumer.
- Fix encoding of messages with multibyte characters.
Body length was previously calculated using string length,
which may be less than the length of the encoded body when
it contains multibyte sequences. This caused the body of
the frame to be truncated.
- Respect content_encoding when encoding messages.
Previously the content_encoding was ignored and messages
were always encoded as utf-8. This caused messages to be
incorrectly decoded if content_encoding is properly respected
when decoding.
- Fix AMQP protocol header for AMQP 0-9-1.
- Add support for Python 3.7.
Change direct SSLSocket instantiation with wrap_socket.
Added Python 3.7 to CI.
- Add support for field type "x" (byte array).
- If there is an exception raised on Connection.connect or Connection.close,
ensure that the underlying transport socket is closed.
- TCP_USER_TIMEOUT has to be excluded from KNOWN_TCP_OPTS in BSD platforms.
- Handle negative acknowledgments.
- Added integration tests.
- Fix basic_consume() with no consumer_tag provided.
- Improved empty AMQPError string representation.
- Drain events before publish.
- Don't revive channel when connection is closing.
Upstream changes:
Version 3.64 (2018-12-30)
[NEW FEATURES]
* #283 support for Exinda/GFI traffic shapers (inphobia)
[ENHANCEMENTS]
* #282 Aerohive base MAC lookup (inphobia)
[BUG FIXES]
* many documentation fixes (inphobia)
Changes:
version 2019.01.10
Core
* [extractor/common] Use episode name as title in _json_ld
+ [extractor/common] Add support for movies in _json_ld
* [postprocessor/ffmpeg] Embed subtitles with non-standard language codes
(#18765)
+ [utils] Add language codes replaced in 1989 revision of ISO 639
to ISO639Utils (#18765)
Extractors
* [youtube] Extract live HLS URL from player response (#18799)
+ [outsidetv] Add support for outsidetv.com (#18774)
* [jwplatform] Use JW Platform Delivery API V2 and add support for more URLs
+ [fox] Add support National Geographic (#17985, #15333, #14698)
+ [playplustv] Add support for playplus.tv (#18789)
* [globo] Set GLBID cookie manually (#17346)
+ [gaia] Add support for gaia.com (#14605)
* [youporn] Fix title and description extraction (#18748)
+ [hungama] Add support for hungama.com (#17402, #18771)
* [dtube] Fix extraction (#18741)
* [tvnow] Fix and rework extractors and prepare for a switch to the new API
(#17245, #18499)
* [carambatv:page] Fix extraction (#18739)
version 2019.01.02
Extractors
* [discovery] Use geo verification headers (#17838)
+ [packtpub] Add support for subscription.packtpub.com (#18718)
* [yourporn] Fix extraction (#18583)
+ [acast:channel] Add support for play.acast.com (#18587)
+ [extractors] Add missing age limits (#18621)
+ [rmcdecouverte] Add support for live stream
* [rmcdecouverte] Bypass geo restriction
* [rmcdecouverte] Update URL regular expression (#18595, 18697)
* [manyvids] Fix extraction (#18604, #18614)
* [bitchute] Fix extraction (#18567)
- Corrected typo in pen.c per suggestion by Belinda Liu.
This fixes issue #38.
- Merged pull request from Vincent Bernat for OpenSSL 1.1.0 compatibility.
This fixes issue #28.
- Allow setting local address for upstream connections. This fixes issue #31.
- New penctl command "source" to set this option.
- Fixed issue #30: UDP not working in combination with a configuration file.
- In epoll.c: check for EPOLLHUP.
- In dsr.c: always use our real mac address, to avoid confusing switches.
- Cleaned up code residue surrounded by "#if 0".
- Added CS_HALFDEAD for UDP streams that haven't seen traffic in a while.
- Bug in pending_and_closing: don't modify the list we're looping over.
- Updated pen manpage.
- Deprecated -Q option (it didn't do anything since kqueue was already the
default where it was available).
- Fixed error handling in epoll support.
- Added transparent UDP test case to testsuite.sh.
- Contribution from Talik Eichinger: add X-Forwarded-Proto when doing
SSL decryption.
- Added tarpit test case to testsuite.sh.
- Tarpit functionality to be used with the DSR mode.
- pen.1: removed obsolete -S option, updated defaults for -x and -L.
- In failover_server: sanity checks to failover routine.
- In add_client: add the initial server to .client as well as .initial.
- In failover_server: changed abuse_server to ABUSE_SERVER and emerg_server
to EMERG_SERVER, to handle their default NO_SERVER values.
See issue #19 on Github.
- At the suggestion from Marcos Vinicius Rogowski, the hash algorith
will now include the client port number if the -r (roundrobin)
option is used. See https://github.com/UlricE/pen/pull/18
- Fixed IP-based client tracking.
- Removed unnecessary #include <pen.h> in dlist.c
- Added UDP mode for Direct Server Return.
- Updated configure.ac for compatibility with CentOS 6.
- Added #ifdef around SSLv3 initialization code in ssl, as
suggested by jca@openbsd.org.
- Transparent reverse proxy support for Linux, FreeBSD and OpenBSD.
- Allow the client table size to be updated on the fly. Default size still 2048.
- Allow the connection table size to be updated in the fly. Default still 500.
- See penctl.1, options clients_max and conn_max.
- Introduced the macro NO_SERVER to be used instead of -1 to signify
error conditions and such.
- Removed the fixed server table size along with the -S option.
- Fixed cosmetic bug in startup code which required port to be specified
on backend servers even if it was the same as the listening port.
- Numerous updates to support the madness that is Windows.
- Fix from Vincent Bernat: segfault when not using SSL.
- DSR support using Netmap on FreeBSD.
- Unbroke DSR on Linux.
- Replaced all calls to perror with debug(..., strerror(errno);
- Updated penlog and penlogd to use diag.[ch].
- More refactoring: broke out conn.[ch], client.[ch], server.[ch],
idler.[ch].
- Made a hash index such that the load balancer may balance load.
- Broke out Windows code from pen.c into windows.c. Added windows.h.
- Broke out public definitions for dsr into dsr.h.
- Broke out memory management into memory.[ch].
- Broke out dignostic and logging functions into diag.[ch].
- Broke out settings into settings.[ch].
- Broke out access lists into acl.[ch].
- Broke out event initialization into event.[ch].
- Added pen_epoll.h, pen_kqueue.h, pen_poll.h, pen_select.h.
- Broke out pen_aton et al into netconv.[ch].
- Added dsr.c
- Bug in copy_down affecting SSL connections fixed.
- Updated ocsp stapling to be compatible with server name indication.
- Added pen-ocsp.sh script.
- SSL code broken out into ssl.[ch]. SSL context creation broken
out from ssl_init to ssl_create_context.
- Server Name Indication support. New command to enable:
ssl_sni_path PATH
where PATH is the name of a directory containing domain.key,
domain.crt and domain.ca files for each domain.
- OCSP stapling. New command ssl_ocsp_response filename
specifies the location of the ocsp response to be stapled.
The response must be pre-fetched. The idea was borrowed
from Rob Stradling.
- New command ssl_client_renegotiation_interval specifies the
minimum number of seconds the client must wait between
renegotiation requests. Default 3600.
- Enabled SSL session resumption.
- In do_cmd: don't print "ignoring command" for comments starting
with '#'.
- Added ssl_option no_tlsv1.1 and ssl_option no_tlsv1.2 to disable
SSL 1.1 and 1.2 respectively.
- Added autoconf check that the ECDHE is available and not disabled.
- Bumped default max connections and listen queue to 500.
- Support for ECDHE cipher suites.
- New commands ssl_option and ssl_ciphers to individually disable
insecure protocols and ciphers.
- Updated penctl.1 with the new command.
- New knob to tweak max number of pending nonblocking connection
attempts: pending_max N (default 100).
- Moved dlist prototypes to dlist.h.
- Added check to close idle connections after a period of inactivity.
- Penctl: idle_timeout N (default 0 = never close idle connections).
- Moved git repository to GitHub..
- New feature: dummy server. Rather than acting as a proxy,
Pen will pretend to be a web server with just barely enough
functionality to work as a test target.
- Penctl: dummy|no dummy.
- Yet Another command: abort_on_error|no abort_on_error makes
Pen call abort() (or not) when encountering a fatal error.
- New feature: "reliable idling". Pen will make and maintain a
number of idle connections to the backend servers. When a connection
closes, a new one is made (hence "reliable"). Penctl: idlers [N].
- In do_cmd: return diagnostics to penctl so the user can see them,
instead of uselessly sending them to syslog.
- New penctl commands:
- socket N (print which connection the socket belongs to)
- connection N (print info on the specified connection)
- close N (forcibly close connection N)
- In open_listener: check that the requested port is in range.
- Fixed bug in dlist_insert.
- Even load distribution when a server is unavailable.
- Let pen save the settings for tcp_nodelay and tcp_fastclose.
- Make flush_up and flush_down return the correct value on error.
- Added config.h.win with reasonable settings for Windows.
- Better detection and blacklisting of unavailable servers.
- New penctl commands:
- tcp_nodelay sets TCP_NODELAY on sockets. Turn off with no tcp_nodelay.
- tcp_fastclose closes both upstream and downstream sockets if one of them
- closes theirs. Will take the values up, down, both or off (default).
- Rather than making a table of pending connections every time through
the main loop, keep them in a doubly linked list which is only updated
as needed. O(n) -> O(1).
- A bug in udp mode: after successful "connect", do not event_add downfd,
because it is equal to listenfd and epoll_ctl doesn't like that.
- Module kqueue.c updated.
- Module poll.c: set unused fd:s to -1, or Solaris will say ENOSYS.
- Enable diagnostic messages by default in configure.ac.
- Changed event bookkeeping from stateless to stateful.
- Made keepalive optional and added "keepalive / no keepalive" penctl command.
- Added windows.c and pen.h to the release tarball.
- More sensible autoconfiguration defaults: poll, kqueue, epoll, openssl and geoip
are built if found unless explicitly excluded.
- New event management defaults: kqueue, epoll, poll, select in that order.
- New penctl commands: kqueue, epoll, poll, select.
- New command line option: -O cmd where cmd is any penctl command.
E.g. -O select to use select instead of the compiled-in default.
- New penctl option "listen [address:]port" to allow listening address
to be changed on the fly or via a configuration file.
- New pen options -i and -u to install and uninstall Pen as a Windows service.
- See pen manpage.
- Reduced default timeout to 3 seconds.
- New autoconf option --enable-debugging to enable debugging code.
- Lots of fixes for compatibility with Windows.
- Fixed bug in mainloop which kept trying to write 0 bytes.
- MinGW port. Use Makefile.win to compile.
- Event management code broken out into select.c, poll.c, kqueue.c and epoll.c.
- New command-line option -m to accept multiple incoming connections in a batch.
- New command-line option -q to set incoming pending connection queue length.
- Close upfd when failing over.
- Adjusted debug logging levels.
- Started on epoll support for Linux.
- Rewrote output_net and output_file to take a variable number of arguments.
- Handle timed out connection attempts in mainloop_kqueue.
- Fixed mainloop_kqueue.
- A lot of code broken out from mainloop_select into separate functions.
- Fixed mainloop_poll.
- Bugfixes related to the new backend connection logic.
- Cleaned up and simplified add_client() and associated circuitry.
- Connections to back end servers are now nonblocking and parallel.
- Removed the -n option and all code explicitly using blocking sockets.
- Removed the -D option and the "delayed forward" feature.
- Renamed server and client fields in the conn, client and server structures
to better reflect what they are.
- Restructured the add_client, store_client, store_conn and try_server
functions.
- Allow write_cfg to save IPv6 and GeoIP access lists.
- Fixed a bug in write_cfg, where Pen would try to write to an unwritable
file. Reported by Steven Myint
- Return UDP replies from the server to the client.
- UDP load balancing code restructured and bugfixed.
- In mainloop_select: When there is a pending connection, keep accepting
up to multi_accept times *or* until EAGAIN *or* connection table is full.
This improves performance under load.
- Updated GeoIP support for IPv6.
- Servers can have ipv6 addresses. It is possible to use a mix of ipv4
and ipv6 servers:
./pen -df -S 2 -r :::2222 [::1]:22 [127.0.0.1]:22
- In order to allow server addresses with : in them (i.e. ipv6), it is now
possible to use square brackets around the address part of the server
specification: [address]:port (e.g. [::1]:8080).
- Pen can now listen on ipv6 sockets in addition to ipv4 and unix ones.
I.e. things like "pen ::1:2222 127.0.0.1:22" are now possible.
- snprintf format errors reported by Christopher Meng fixed in
pen.c and penctl.c.
- Updated pen manpage to clarify what the control socket does.
- Resist opening control socket running as root.
- Remove the default file name for web log.
- New feature: unix domain listening sockets.
- Redesigned server and client structs to allow ipv6 addresses and require
less casting (yuck) in the code.
- Updated penctl man page with syntax for IPv6 and GeoIP access lists.
- Fixed cosmetic signedness compiler warnings.
- Moved defines for ACE_IPV4 et al outside #ifdef HAVE_SSL clause.
Otherwise pen won't compile without ssl.
- GeoIP access lists.
- Added "special exception" clause for linking with OpenSSL.
- Penlog ipv6 compatible.
- Modernized automake configuration.
- Penctl ipv6 compatible.
- Updated autoconf to 2.69.
- Updated SSL code. Protocol ssl2 removed. Default changed to tls1.
- Added UDP patch from Zen.
- Added patch from Debian that fixes some issues with penctl.cgi.
- Priority based server selection algorithm.
- Patch from Stephen P. Schaefer fixes several issues in write_cfg.
- In the server_by_weight function, multiply current connections
by WEIGHT_FACTOR to make the selection mo fine grained when the
number of connections is small.
- Patch from Dana Contreras: send stdio to /dev/null after forking.
- Fixed a bunch of cosmetic signedness compiler warnings.
2018-12-05 Dustin Lundquist <dustin@null-ptr.net>
0.6.0 Release
* PROXY v1 protocol support
* SO_REUSEPORT support on Linux 3.9 and later
* Listener ipv6_only directive to accept only IPv6 connections
* TCP keepalive
Changes in version 0.3.5.7:
Tor 0.3.5.7 is the first stable release in its series; it includes
compilation and portability fixes, and a fix for a severe problem
affecting directory caches.
The Tor 0.3.5 series includes several new features and performance
improvements, including client authorization for v3 onion services,
cleanups to bootstrap reporting, support for improved bandwidth-
measurement tools, experimental support for NSS in place of OpenSSL,
and much more. It also begins a full reorganization of Tor's code
layout, for improved modularity and maintainability in the future.
Finally, there is the usual set of performance improvements and
bugfixes that we try to do in every release series.
There are a couple of changes in the 0.3.5 that may affect
compatibility. First, the default version for newly created onion
services is now v3. Use the HiddenServiceVersion option if you want to
override this. Second, some log messages related to bootstrapping have
changed; if you use stem, you may need to update to the latest version
so it will recognize them.
We have designated 0.3.5 as a "long-term support" (LTS) series: we
will continue to patch major bugs in typical configurations of 0.3.5
until at least 1 Feb 2022. (We do not plan to provide long-term
support for embedding, Rust support, NSS support, running a directory
authority, or unsupported platforms. For these, you will need to stick
with the latest stable release.)
- Support routes with different devs and gateways
- Revive route cleanup for /sbin/route code
- Support split-exclude rules from Pulse gateway
- Check if resolved is enabled in nsswitch.conf prior to using it
- Add support for systemd-resolved
- Fix memset_s() arguments.
- Fix OpenBSD build.
- Clear form submissions (which may include passwords) before freeing (CVE-2018-20319).
- Allow form responses to be provided on command line.
- Add support for SSL keys stored in TPM2.
- Fix ESP rekey when replay protection is disabled.
- Drop support for GnuTLS older than 3.2.10.
- Fix --passwd-on-stdin for Windows to not forcibly open console.
- Fix portability of shell scripts in test suite.
- Add Google Authenticator TOTP support for Juniper.
- Add RFC7469 key PIN support for cert hashes.
- Add protocol method to securely log out the Juniper session.
- Relax requirements for Juniper hostname packet response to support old gateways.
- Add API functions to query the supported protocols.
- Verify ESP sequence numbers and warn even if replay protection is disabled.
- Add support for PAN GlobalProtect VPN protocol (--protocol=gp).
- Reorganize listing of command-line options, and include information on supported protocols.
- SIGTERM cleans up the session similarly to SIGINT.
Extract most of MESSAGE to README.pkgsrc.
Remove vestigial Red Hat chkconfig stanza from main control script (we
have pkgtools/rc.d-boot now).
Use CONF_FILES where applicable.
rc.d script defaults:
- Tag log entries like qmail-run's; for instance, "nbtinydns" and
"nbdnscache" become "nbdjbdns/tiny" and "nbdjbdns/cache".
- Have tinydns listen on the network.
- Auto-rebuild CDBs as needed on service start.
Bump version.
Version 1.1.26:
Prevents OperationError from being raised when listPath() operation does not return any matching file results.
SMBConnection is now a context manager
Add rdp_protocol_error function that is used in several fixes
Refactor of process_bitmap_updates
Fix possible integer overflow in s_check_rem() on 32bit arch
Fix memory corruption in process_bitmap_data - CVE-2018-8794
Fix remote code execution in process_bitmap_data - CVE-2018-8795
Fix remote code execution in process_plane - CVE-2018-8797
Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
Fix Denial of Service in sec_recv - CVE-2018-20176
Fix minor information leak in rdpdr_process - CVE-2018-8791
Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
Fix Denial of Service in process_bitmap_data - CVE-2018-8796
Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
Fix Denial of Service in process_secondary_order - CVE-2018-8799
Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
Fix major information leak in ui_clip_handle_data - CVE-2018-20174
Fix memory corruption in rdp_in_unistr - CVE-2018-20177
Fix Denial of Service in process_demand_active - CVE-2018-20178
Fix remote code execution in lspci_process - CVE-2018-20179
Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
Fix remote code execution in seamless_process - CVE-2018-20181
Fix remote code execution in seamless_process_line - CVE-2018-20182
Fix building against OpenSSL 1.1
# Fix compilation on some systems.
# Add simplified Chinese localization.
# Fix compatibility with newer GNU/automake.
# Add systemd configuration file.
# Automatically load if_tun on FreeBSD.
# Use POSIX tree instead of linked list when libJudy is missing/disabled.
# Fix C pointer aliasing violations.
# Fix compilation with FreeBSD 7.2 or later.
- IPv6 capabilities based on fehQlibs allowing the use of compactified
IPv6 and LLU addresses,
- a CurveDNS secured query/response for dnscache based on NaCl with an
adapted Matthew Dempsky patch,
- including improvements for CNAME caching, and
- allowing a qualification of DNS Name Servers.
- rbldns supporting now IPv6 addresses.
- tinydns using now compactified IPv6 addresses within the tinydns-data
data file.
The decrypting djbdnscurve6 stub resolver can be used as standard lib
for other programs.
Version 2.4.0
- misc: fix building wheels for unavailable Python versions
- test: skip getaddrinfo6 test on Travis
- doc: add FreeBSD building instructions
- build: fix MinGW build
- ci, misc: add support for CPython 3.7
- ci: run on latest PyPy versions on TravisCI
- examples: extra examples
- ci: fix AppVeyor build
- test: fix TXT test
- core: fix repr for PTR results
0.10.9:
???
0.10.8:
* Fixed a bug that in certain circumstances could lead to an infinite
loop in netifaces.gateways() (thanks asomers).
* Fixed a memory management bug in an error path
It is sort of an update though. If you are interested in upstream
drama you can read here for the details: https://symless.com/blog
Also users might want to switch to wip/barrier instead.
v1.10.1-stable
Bug fixes:
#6339 Windows validating install step freezes
#6374 Windows background service crashes randomly
#6376 Undeclared identifier compile error in VS2017
Enhancements:
#6372 Forced use of TLS 1.2 without fallback method
#6338 Auto config checkbox on settings screen
#6384 Removal of GPL screen on Windows installer
#6383 Extend foreground mode for Windows daemon
#6382 Code comment for MSVC debugger logging
#6380 Compile without warnings using VS2017
v1.10.0-stable
Bug fixes:
#6347 Log to file defaults to unwritable location
#6345 Losing GUI config when restarting the OS
#4991 Oversized Bonjour protocol name could conflict
Enhancements:
#6348 Use different hard coded Qt path for CI
#6346 CLI argument to control screen lock feature
#6344 Customizable size limit on clipboard sharing
#6332 Decouple version from CI build properties
#6319 Bonjour auto-config disabled by default
#6318 Hide TIS/TSM error on config app log
#6312 Removal of redundant CURL library
#6306 Show version number in config app title
#6305 Support for Raspbian in package config
#6301 Combine enterprise and community codebases
Changes:
1.6.2
-----
- Added support for:
- `instagram` - https://www.instagram.com (#134)
- Added support for multiple items on sta.sh pages (#113)
- Added option to download `tumblr` avatars (#137)
- Changed defaults for visited post types and inline media on `tumblr`
- Improved inline extraction of `tumblr` posts (#133, #137)
- Improved error handling and retry behavior of all API calls
- Improved handling of missing fields in format strings (#136)
- Fixed hash extraction for unusual `tumblr` URLs (#129)
- Fixed image subdomains for `hitomi` galleries (#142)
- Fixed and improved miscellaneous issues for `kissmanga` (#20), `luscious`,
`mangapark`, `readcomiconline`
Changes:
2.7.0
-----
## Features
* Add support for `hub pr list --state=merged`
* Add base/head/merge commit SHA and merged date information to
`hub pr list --format=FORMAT`
* Un-deprecate converting issues to pull requests with
`hub pull-request -i <issue>` 2a748a048d6903eca78332a484e63f8d647caf02
## Fixes
* Improve detecting default `hub pull-request` base branch name
* Avoid the `Aborted: the origin remote doesn't point to a GitHub repository`
error by allowing other git remotes as fallback
* Improve `hub create` dealing with an existing "origin" remote
* Fix 256-color terminal support for macOS Terminal.app
* Don't choke on literal `%` output characters when using `--format=FORMAT`
* Replace deprecated Dial with DialContext
## Documentation
* Document how we scan git remotes and branch tracking information
https://hub.github.com/hub.1.html#CONVENTIONS
* Indicate that long-form CLI flags with values must use the equal sign like `--message=VALUE`
Changes:
version 2018.12.31
Extractors
+ [bbc] Add support for another embed pattern (#18643)
+ [npo:live] Add support for npostart.nl (#18644)
* [beeg] Fix extraction (#18610, #18626)
* [youtube] Unescape HTML for series (#18641)
+ [youtube] Extract more format metadata
* [youtube] Detect DRM protected videos (#1774)
* [youtube] Relax HTML5 player regular expressions (#18465, #18466)
* [youtube] Extend HTML5 player regular expression (#17516)
+ [liveleak] Add support for another embed type and restore original
format extraction
+ [crackle] Extract ISM and HTTP formats
+ [twitter] Pass Referer with card request (#18579)
* [mediasite] Extend URL regular expression (#18558)
+ [lecturio] Add support for lecturio.de (#18562)
+ [discovery] Add support for Scripps Networks watch domains (#17947)
PkgSrc changes:
* fix building on Darwin and probably other systems as well
* install manpages
* use correct install_name on Darwin
* does not collide with p5-Parse-Yapp anymore
* use cmocka and libgcrypt
* clean-ups
Changelog:
1.9.70
======
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* enhancement:EndpointDiscovery: [``botocore``] Add a config option, ``endpoint_discovery_enabled``, for automatically discovering endpoints
* api-change:``comprehend``: [``botocore``] Update comprehend client to latest version
* api-change:``firehose``: [``botocore``] Update firehose client to latest version
* api-change:``transcribe``: [``botocore``] Update transcribe client to latest version
* api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version
1.9.69
======
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``waf-regional``: [``botocore``] Update waf-regional client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``waf``: [``botocore``] Update waf client to latest version
1.9.68
======
* api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version
* bugfix:Credentials: [``botocore``] Fixes an issue where credentials would be checked when creating an anonymous client. Fixes `#1472 <https://github.com/boto/botocore/issues/1472>`__
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``elasticbeanstalk``: [``botocore``] Update elasticbeanstalk client to latest version
* api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator client to latest version
* enhancement:StreamingBody: [``botocore``] Support iterating lines from a streaming response body with CRLF line endings
* api-change:``apigatewaymanagementapi``: [``botocore``] Update apigatewaymanagementapi client to latest version
1.9.67
======
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
* api-change:``ecr``: [``botocore``] Update ecr client to latest version
1.9.66
======
* api-change:``alexaforbusiness``: [``botocore``] Update alexaforbusiness client to latest version
* api-change:``redshift``: [``botocore``] Update redshift client to latest version
* api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version
1.9.65
======
* api-change:``organizations``: [``botocore``] Update organizations client to latest version
* api-change:``pinpoint-email``: [``botocore``] Update pinpoint-email client to latest version
1.9.64
======
* api-change:``route53``: [``botocore``] Update route53 client to latest version
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``eks``: [``botocore``] Update eks client to latest version
1.9.63
======
* api-change:``mediastore``: [``botocore``] Update mediastore client to latest version
* api-change:``ecs``: [``botocore``] Update ecs client to latest version
* api-change:``connect``: [``botocore``] Update connect client to latest version
1.9.62
======
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* enhancement:AssumeRole: [``botocore``] Add support for duration_seconds when assuming a role in the config file (`#1600 <https://github.com/boto/botocore/issues/1600>`__).
* api-change:``iam``: [``botocore``] Update iam client to latest version
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
* api-change:``alexaforbusiness``: [``botocore``] Update alexaforbusiness client to latest version
1.9.61
======
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
1.9.60
======
* api-change:``mq``: [``botocore``] Update mq client to latest version
* api-change:``ce``: [``botocore``] Update ce client to latest version
* api-change:``mediatailor``: [``botocore``] Update mediatailor client to latest version
1.9.59
======
* api-change:``health``: [``botocore``] Update health client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
1.9.58
======
* api-change:``devicefarm``: [``botocore``] Update devicefarm client to latest version
* api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version
* api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
1.9.57
======
* bugfix:s3: [``botocore``] Add md5 header injection to new operations that require it
* api-change:``s3``: [``botocore``] Update s3 client to latest version
1.9.56
======
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
* api-change:``xray``: [``botocore``] Update xray client to latest version
* api-change:``lambda``: [``botocore``] Update lambda client to latest version
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``serverlessrepo``: [``botocore``] Update serverlessrepo client to latest version
* api-change:``kafka``: [``botocore``] Update kafka client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
1.9.55
======
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``appmesh``: [``botocore``] Update appmesh client to latest version
* api-change:``license-manager``: [``botocore``] Update license-manager client to latest version
* api-change:``servicediscovery``: [``botocore``] Update servicediscovery client to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``lightsail``: [``botocore``] Update lightsail client to latest version
1.9.54
======
* api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``fsx``: [``botocore``] Update fsx client to latest version
* api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version
1.9.53
======
* api-change:``meteringmarketplace``: [``botocore``] Update meteringmarketplace client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``codedeploy``: [``botocore``] Update codedeploy client to latest version
* api-change:``translate``: [``botocore``] Update translate client to latest version
* api-change:``logs``: [``botocore``] Update logs client to latest version
* api-change:``kinesisanalytics``: [``botocore``] Update kinesisanalytics client to latest version
* api-change:``comprehendmedical``: [``botocore``] Update comprehendmedical client to latest version
* api-change:``mediaconnect``: [``botocore``] Update mediaconnect client to latest version
* api-change:``kinesisanalyticsv2``: [``botocore``] Update kinesisanalyticsv2 client to latest version
* api-change:``ecs``: [``botocore``] Update ecs client to latest version
1.9.52
======
* api-change:``iot``: [``botocore``] Update iot client to latest version
* api-change:``sms``: [``botocore``] Update sms client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``iotanalytics``: [``botocore``] Update iotanalytics client to latest version
* api-change:``greengrass``: [``botocore``] Update greengrass client to latest version
* api-change:``kms``: [``botocore``] Update kms client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator client to latest version
1.9.51
======
* api-change:``amplify``: [``botocore``] Update amplify client to latest version
* api-change:``transfer``: [``botocore``] Update transfer client to latest version
* api-change:``snowball``: [``botocore``] Update snowball client to latest version
* api-change:``robomaker``: [``botocore``] Update robomaker client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``datasync``: [``botocore``] Update datasync client to latest version
1.9.50
======
* api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
1.9.49
======
* api-change:``autoscaling-plans``: [``botocore``] Update autoscaling-plans client to latest version
* api-change:``xray``: [``botocore``] Update xray client to latest version
* api-change:``devicefarm``: [``botocore``] Update devicefarm client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``redshift``: [``botocore``] Update redshift client to latest version
* api-change:``rds-data``: [``botocore``] Update rds-data client to latest version
* api-change:``appsync``: [``botocore``] Update appsync client to latest version
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
* api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
1.9.48
======
* api-change:``lightsail``: [``botocore``] Update lightsail client to latest version
* api-change:``workspaces``: [``botocore``] Update workspaces client to latest version
* api-change:``workdocs``: [``botocore``] Update workdocs client to latest version
* api-change:``batch``: [``botocore``] Update batch client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``devicefarm``: [``botocore``] Update devicefarm client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version
* api-change:``lambda``: [``botocore``] Update lambda client to latest version
* api-change:``config``: [``botocore``] Update config client to latest version
* api-change:``cloudtrail``: [``botocore``] Update cloudtrail client to latest version
* api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
* api-change:``iot``: [``botocore``] Update iot client to latest version
1.9.47
======
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``comprehend``: [``botocore``] Update comprehend client to latest version
* api-change:``workspaces``: [``botocore``] Update workspaces client to latest version
* api-change:``ce``: [``botocore``] Update ce client to latest version
* api-change:``ecs``: [``botocore``] Update ecs client to latest version
1.9.46
======
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``sms-voice``: [``botocore``] Update sms-voice client to latest version
* api-change:``redshift``: [``botocore``] Update redshift client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``dms``: [``botocore``] Update dms client to latest version
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* api-change:``s3control``: [``botocore``] Update s3control client to latest version
* api-change:``directconnect``: [``botocore``] Update directconnect client to latest version
* api-change:``ram``: [``botocore``] Update ram client to latest version
* api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version
* api-change:``route53resolver``: [``botocore``] Update route53resolver client to latest version
* api-change:``comprehend``: [``botocore``] Update comprehend client to latest version
* api-change:``transcribe``: [``botocore``] Update transcribe client to latest version
* api-change:``ecs``: [``botocore``] Update ecs client to latest version
* api-change:``iam``: [``botocore``] Update iam client to latest version
1.9.45
======
* api-change:``resource-groups``: [``botocore``] Update resource-groups client to latest version
* api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
* api-change:``mediatailor``: [``botocore``] Update mediatailor client to latest version
* api-change:``sns``: [``botocore``] Update sns client to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
1.9.44
======
* api-change:``chime``: [``botocore``] Update chime client to latest version
* api-change:``budgets``: [``botocore``] Update budgets client to latest version
* api-change:``redshift``: [``botocore``] Update redshift client to latest version
1.9.43
======
* api-change:``polly``: [``botocore``] Update polly client to latest version
* api-change:``batch``: [``botocore``] Update batch client to latest version
* api-change:``firehose``: [``botocore``] Update firehose client to latest version
* api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version
* api-change:``budgets``: [``botocore``] Update budgets client to latest version
* api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
1.9.42
======
* api-change:``mediapackage``: [``botocore``] Update mediapackage client to latest version
1.9.41
======
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``dlm``: [``botocore``] Update dlm client to latest version
* api-change:``events``: [``botocore``] Update events client to latest version
1.9.40
======
* api-change:``dms``: [``botocore``] Update dms client to latest version
* api-change:``ce``: [``botocore``] Update ce client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
1.9.39
======
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``pinpoint-email``: [``botocore``] Update pinpoint-email client to latest version
* api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
* api-change:``waf-regional``: [``botocore``] Update waf-regional client to latest version
* bugfix:session config: [``botocore``] Added the default session configuration tuples back to session.session_vars_map.
1.9.38
======
* api-change:``eks``: [``botocore``] Update eks client to latest version
* enhancement:Configuration: [``botocore``] Added new configuration provider methods allowing for more flexibility in how a botocore session loads a particular configuration value.
* api-change:``serverlessrepo``: [``botocore``] Update serverlessrepo client to latest version
1.9.37
======
* api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
* api-change:``clouddirectory``: [``botocore``] Update clouddirectory client to latest version
1.9.36
======
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
* enhancement:Exceptions: [``botocore``] Add the ability to pickle botocore exceptions (`834 <https://github.com/boto/botocore/issues/834>`__)
1.9.35
======
* api-change:``mediastore-data``: [``botocore``] Update mediastore-data client to latest version
* api-change:``secretsmanager``: [``botocore``] Update secretsmanager client to latest version
* api-change:``greengrass``: [``botocore``] Update greengrass client to latest version
* api-change:``config``: [``botocore``] Update config client to latest version
1.9.34
======
* api-change:``chime``: [``botocore``] Update chime client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``dms``: [``botocore``] Update dms client to latest version
1.9.33
======
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``alexaforbusiness``: [``botocore``] Update alexaforbusiness client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
1.9.32
======
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
1.9.31
======
* api-change:``codestar``: [``botocore``] Update codestar client to latest version
* api-change:``alexaforbusiness``: [``botocore``] Update alexaforbusiness client to latest version
1.9.30
======
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
1.9.29
======
* api-change:``inspector``: [``botocore``] Update inspector client to latest version
* api-change:``shield``: [``botocore``] Update shield client to latest version
1.9.28
======
* api-change:``workspaces``: [``botocore``] Update workspaces client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
1.9.27
======
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``route53``: [``botocore``] Update route53 client to latest version
* api-change:``appstream``: [``botocore``] Update appstream client to latest version
1.9.26
======
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
1.9.25
======
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``lightsail``: [``botocore``] Update lightsail client to latest version
* api-change:``resource-groups``: [``botocore``] Update resource-groups client to latest version
1.9.24
======
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``lambda``: [``botocore``] Update lambda client to latest version
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
1.9.23
======
* api-change:``cloudtrail``: [``botocore``] Update cloudtrail client to latest version
1.9.22
======
* api-change:``athena``: [``botocore``] Update athena client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``transcribe``: [``botocore``] Update transcribe client to latest version
* api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
* api-change:``directconnect``: [``botocore``] Update directconnect client to latest version
1.9.21
======
* api-change:``transcribe``: [``botocore``] Update transcribe client to latest version
* api-change:``comprehend``: [``botocore``] Update comprehend client to latest version
* api-change:``es``: [``botocore``] Update es client to latest version
1.9.20
======
* enhancement:TLS: [``botocore``] Added support for configuring a client certificate and key when establishing TLS connections.
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* bugfix:InstanceMetadataFetcher: [``botocore``] Fix failure to retry on empty credentials and invalid JSON returned from IMDS `1049 <https://github.com/boto/botocore/issues/1049>`__ `1403 <https://github.com/boto/botocore/issues/1403>`__
1.9.19
======
* api-change:``iot``: [``botocore``] Update iot client to latest version
* api-change:``iot-jobs-data``: [``botocore``] Update iot-jobs-data client to latest version
1.9.18
======
* api-change:``ds``: [``botocore``] Update ds client to latest version
1.9.17
======
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* enhancement:HTTP Session: [``botocore``] Added the ability to enable TCP Keepalive via the shared config file's ``tcp_keepalive`` option.
* api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
* api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version
1.9.16
======
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``secretsmanager``: [``botocore``] Update secretsmanager client to latest version
1.9.15
======
* api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
* api-change:``guardduty``: [``botocore``] Update guardduty client to latest version
1.9.14
======
* api-change:``codestar``: [``botocore``] Update codestar client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
1.9.13
======
* api-change:``mq``: [``botocore``] Update mq client to latest version
* api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
* enhancement:Event: [``botocore``] Add the `before-send` event which allows finalized requests to be inspected before being sent across the wire and allows for custom responses to be returned.
* api-change:``codecommit``: [``botocore``] Update codecommit client to latest version
1.9.12
======
* api-change:``sqs``: [``botocore``] Update sqs client to latest version
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``opsworkscm``: [``botocore``] Update opsworkscm client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
1.9.11
======
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
* api-change:``ds``: [``botocore``] Update ds client to latest version
1.9.10
======
* api-change:``connect``: [``botocore``] Update connect client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
1.9.9
=====
* api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
1.9.8
=====
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``ds``: [``botocore``] Update ds client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
1.9.7
=====
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``organizations``: [``botocore``] Update organizations client to latest version
1.9.6
=====
* bugfix:Serialization: [``botocore``] Fixes `#1557 <https://github.com/boto/botocore/issues/1557>`__. Fixed a regression in serialization where request bodies would be improperly encoded.
* api-change:``es``: [``botocore``] Update es client to latest version
* api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
1.9.5
=====
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* api-change:``elastictranscoder``: [``botocore``] Update elastictranscoder client to latest version
* api-change:``ecs``: [``botocore``] Update ecs client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``secretsmanager``: [``botocore``] Update secretsmanager client to latest version
* api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
1.9.4
=====
* enhancement:s3: [``botocore``] Adds encoding and decoding handlers for ListObjectsV2 `#1552 <https://github.com/boto/botocore/issues/1552>`__
* api-change:``polly``: [``botocore``] Update polly client to latest version
1.9.3
=====
* api-change:``ses``: [``botocore``] Update ses client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``fms``: [``botocore``] Update fms client to latest version
* api-change:``connect``: [``botocore``] Update connect client to latest version
1.9.2
=====
* api-change:``opsworkscm``: [``botocore``] Update opsworkscm client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
1.9.1
=====
* api-change:``redshift``: [``botocore``] Update redshift client to latest version
* api-change:``cloudhsmv2``: [``botocore``] Update cloudhsmv2 client to latest version
1.9.0
=====
* api-change:``logs``: [``botocore``] Update logs client to latest version
* api-change:``config``: [``botocore``] Update config client to latest version
* feature:Events: [``botocore``] This migrates the event system to using sevice ids instead of either client name or endpoint prefix. This prevents issues that might arise when a service changes their endpoint prefix, also fixes a long-standing bug where you could not register an event to a particular service if it happened to share its endpoint prefix with another service (e.g. ``autoscaling`` and ``application-autoscaling`` both use the endpoint prefix ``autoscaling``). Please see the `upgrade notes <https://botocore.amazonaws.com/v1/documentation/api/latest/index.html#upgrade-notes>`_ to determine if you are impacted and how to proceed if you are.
* feature:Events: This migrates the event system to using sevice ids instead of either client name or endpoint prefix. This prevents issues that might arise when a service changes their endpoint prefix, also fixes a long-standing bug where you could not register an event to a particular service if it happened to share its endpoint prefix with another service (e.g. ``autoscaling`` and ``application-autoscaling`` both use the endpoint prefix ``autoscaling``). Please see the `upgrade notes <https://boto3.amazonaws.com/v1/documentation/api/latest/guide/upgrading.html>`_ to determine if you are impacted and how to proceed if you are.
1.8.9
=====
* api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
* api-change:``codecommit``: [``botocore``] Update codecommit client to latest version
* api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
1.8.8
=====
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``appstream``: [``botocore``] Update appstream client to latest version
* api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version
* api-change:``elb``: [``botocore``] Update elb client to latest version
1.8.7
=====
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
1.8.6
=====
* api-change:``waf-regional``: [``botocore``] Update waf-regional client to latest version
* api-change:``waf``: [``botocore``] Update waf client to latest version
* api-change:``eks``: [``botocore``] Update eks client to latest version
1.8.5
=====
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* bugfix:signing: [``botocore``] Fix an issue where mixed endpoint casing could cause a SigV4 signature mismatch.
1.8.4
=====
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
* api-change:``mediapackage``: [``botocore``] Update mediapackage client to latest version
1.8.3
=====
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``xray``: [``botocore``] Update xray client to latest version
1.8.2
=====
* api-change:``iot``: [``botocore``] Update iot client to latest version
* api-change:``signer``: [``botocore``] Update signer client to latest version
* api-change:``redshift``: [``botocore``] Update redshift client to latest version
* api-change:``iotanalytics``: [``botocore``] Update iotanalytics client to latest version
1.8.1
=====
* api-change:``glue``: [``botocore``] Update glue client to latest version
1.8.0
=====
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version
* feature:urllib3: [``botocore``] The vendored version of requests and urllib3 are no longer being used and botocore now has a direct dependency on newer versions of upstream urllib3.
1.7.84
======
* api-change:``iot``: [``botocore``] Update iot client to latest version
* api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
* api-change:``lex-models``: [``botocore``] Update lex-models client to latest version
* api-change:``iotanalytics``: [``botocore``] Update iotanalytics client to latest version
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
1.7.83
======
* api-change:``snowball``: [``botocore``] Update snowball client to latest version
1.7.82
======
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``dlm``: [``botocore``] Update dlm client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``elasticbeanstalk``: [``botocore``] Update elasticbeanstalk client to latest version
Changelog:
1.16.78
=======
* api-change:``elasticbeanstalk``: Update elasticbeanstalk command to latest version
* api-change:``apigatewaymanagementapi``: Update apigatewaymanagementapi command to latest version
* api-change:``ec2``: Update ec2 command to latest version
* api-change:``globalaccelerator``: Update globalaccelerator command to latest version
* api-change:``apigatewayv2``: Update apigatewayv2 command to latest version
1.16.77
=======
* api-change:``quicksight``: Update quicksight command to latest version
* enhancement:``cloudformation``: Update ``cloudformation package`` command to upload readme and license files
* api-change:``ecr``: Update ecr command to latest version
1.16.76
=======
* api-change:``cloudformation``: Update cloudformation command to latest version
* api-change:``redshift``: Update redshift command to latest version
* api-change:``alexaforbusiness``: Update alexaforbusiness command to latest version
1.16.75
=======
* api-change:``pinpoint-email``: Update pinpoint-email command to latest version
* api-change:``organizations``: Update organizations command to latest version
1.16.74
=======
* bugfix:appstream: Fix issue where --feedback-url was loading the content of the url to use as the input value.
* api-change:``glue``: Update glue command to latest version
* api-change:``eks``: Update eks command to latest version
* api-change:``route53``: Update route53 command to latest version
* api-change:``sagemaker``: Update sagemaker command to latest version
1.16.73
=======
* api-change:``connect``: Update connect command to latest version
* api-change:``mediastore``: Update mediastore command to latest version
* enhancement:AssumeRole: Add support for duration_seconds in CLI config profiles (boto/botocore`#1600 <https://github.com/aws/aws-cli/issues/1600>`__).
* api-change:``ecs``: Update ecs command to latest version
1.16.72
=======
* api-change:``alexaforbusiness``: Update alexaforbusiness command to latest version
* api-change:``servicecatalog``: Update servicecatalog command to latest version
* api-change:``ec2``: Update ec2 command to latest version
* api-change:``iam``: Update iam command to latest version
1.16.71
=======
* api-change:``medialive``: Update medialive command to latest version
* api-change:``rds``: Update rds command to latest version
* api-change:``codebuild``: Update codebuild command to latest version
* api-change:``elbv2``: Update elbv2 command to latest version
1.16.70
=======
* api-change:``ce``: Update ce command to latest version
* api-change:``mediatailor``: Update mediatailor command to latest version
* api-change:``mq``: Update mq command to latest version
1.16.69
=======
* api-change:``s3``: Update s3 command to latest version
* api-change:``health``: Update health command to latest version
1.16.68
=======
* api-change:``mediaconvert``: Update mediaconvert command to latest version
* api-change:``devicefarm``: Update devicefarm command to latest version
* api-change:``storagegateway``: Update storagegateway command to latest version
* api-change:``servicecatalog``: Update servicecatalog command to latest version
1.16.67
=======
* api-change:``s3``: Update s3 command to latest version
1.16.66
=======
* api-change:``lambda``: Update lambda command to latest version
* api-change:``stepfunctions``: Update stepfunctions command to latest version
* api-change:``kafka``: Update kafka command to latest version
* api-change:``xray``: Update xray command to latest version
* api-change:``serverlessrepo``: Update serverlessrepo command to latest version
* api-change:``elbv2``: Update elbv2 command to latest version
* api-change:``events``: Update events command to latest version
* api-change:``s3``: Update s3 command to latest version
1.16.65
=======
* api-change:``sagemaker``: Update sagemaker command to latest version
* api-change:``appmesh``: Update appmesh command to latest version
* api-change:``license-manager``: Update license-manager command to latest version
* api-change:``ec2``: Update ec2 command to latest version
* api-change:``lightsail``: Update lightsail command to latest version
* api-change:``servicediscovery``: Update servicediscovery command to latest version
1.16.64
=======
* api-change:``dynamodb``: Update dynamodb command to latest version
* api-change:``fsx``: Update fsx command to latest version
* api-change:``securityhub``: Update securityhub command to latest version
* api-change:``rds``: Update rds command to latest version
1.16.63
=======
* api-change:``meteringmarketplace``: Update meteringmarketplace command to latest version
* api-change:``kinesisanalytics``: Update kinesisanalytics command to latest version
* api-change:``logs``: Update logs command to latest version
* api-change:``ec2``: Update ec2 command to latest version
* api-change:``codedeploy``: Update codedeploy command to latest version
* api-change:``mediaconnect``: Update mediaconnect command to latest version
* api-change:``kinesisanalyticsv2``: Update kinesisanalyticsv2 command to latest version
* api-change:``comprehendmedical``: Update comprehendmedical command to latest version
* api-change:``ecs``: Update ecs command to latest version
* api-change:``translate``: Update translate command to latest version
1.16.62
=======
* api-change:``globalaccelerator``: Update globalaccelerator command to latest version
* api-change:``sms``: Update sms command to latest version
* api-change:``greengrass``: Update greengrass command to latest version
* api-change:``iot``: Update iot command to latest version
* api-change:``kms``: Update kms command to latest version
* api-change:``ec2``: Update ec2 command to latest version
* api-change:``s3``: Update s3 command to latest version
* api-change:``iotanalytics``: Update iotanalytics command to latest version
1.16.61
=======
* api-change:``amplify``: Update amplify command to latest version
* api-change:``transfer``: Update transfer command to latest version
* api-change:``s3``: Update s3 command to latest version
* api-change:``snowball``: Update snowball command to latest version
* api-change:``robomaker``: Update robomaker command to latest version
* api-change:``datasync``: Update datasync command to latest version
1.16.60
=======
* api-change:``rekognition``: Update rekognition command to latest version
1.16.59
=======
* api-change:``quicksight``: Update quicksight command to latest version
* api-change:``autoscaling-plans``: Update autoscaling-plans command to latest version
* api-change:``devicefarm``: Update devicefarm command to latest version
* api-change:``ssm``: Update ssm command to latest version
* api-change:``rds-data``: Update rds-data command to latest version
* api-change:``xray``: Update xray command to latest version
* api-change:``medialive``: Update medialive command to latest version
* api-change:``cloudfront``: Update cloudfront command to latest version
* api-change:``appsync``: Update appsync command to latest version
* api-change:``cloudwatch``: Update cloudwatch command to latest version
* api-change:``redshift``: Update redshift command to latest version
1.16.58
=======
* api-change:``config``: Update config command to latest version
* api-change:``cloudformation``: Update cloudformation command to latest version
* api-change:``ec2``: Update ec2 command to latest version
* api-change:``cloudtrail``: Update cloudtrail command to latest version
* api-change:``workdocs``: Update workdocs command to latest version
* api-change:``mediaconvert``: Update mediaconvert command to latest version
* api-change:``devicefarm``: Update devicefarm command to latest version
* api-change:``lambda``: Update lambda command to latest version
* api-change:``lightsail``: Update lightsail command to latest version
* api-change:``iot``: Update iot command to latest version
* api-change:``batch``: Update batch command to latest version
* api-change:``workspaces``: Update workspaces command to latest version
* api-change:``rds``: Update rds command to latest version
1.16.57
=======
* api-change:``workspaces``: Update workspaces command to latest version
* api-change:``ecs``: Update ecs command to latest version
* api-change:``ce``: Update ce command to latest version
* api-change:``comprehend``: Update comprehend command to latest version
* api-change:``ssm``: Update ssm command to latest version
1.16.56
=======
* api-change:``rds``: Update rds command to latest version
* api-change:``transcribe``: Update transcribe command to latest version
* api-change:``pinpoint``: Update pinpoint command to latest version
* api-change:``s3``: Update s3 command to latest version
* api-change:``redshift``: Update redshift command to latest version
* api-change:``dms``: Update dms command to latest version
* api-change:``codebuild``: Update codebuild command to latest version
* api-change:``route53resolver``: Update route53resolver command to latest version
* api-change:``s3control``: Update s3control command to latest version
* api-change:``directconnect``: Update directconnect command to latest version
* api-change:``comprehend``: Update comprehend command to latest version
* api-change:``ram``: Update ram command to latest version
* api-change:``sms-voice``: Update sms-voice command to latest version
* api-change:``iam``: Update iam command to latest version
* api-change:``ecs``: Update ecs command to latest version
1.16.55
=======
* api-change:``autoscaling``: Update autoscaling command to latest version
* api-change:``ec2``: Update ec2 command to latest version
* api-change:``resource-groups``: Update resource-groups command to latest version
* api-change:``sagemaker``: Update sagemaker command to latest version
* api-change:``mediatailor``: Update mediatailor command to latest version
* api-change:``sns``: Update sns command to latest version
* api-change:``servicecatalog``: Update servicecatalog command to latest version
1.16.54
=======
* api-change:``chime``: Update chime command to latest version
* api-change:``budgets``: Update budgets command to latest version
* api-change:``redshift``: Update redshift command to latest version
1.16.53
=======
* api-change:``budgets``: Update budgets command to latest version
* api-change:``firehose``: Update firehose command to latest version
* api-change:``cloudformation``: Update cloudformation command to latest version
* api-change:``polly``: Update polly command to latest version
* api-change:``rds``: Update rds command to latest version
* api-change:``batch``: Update batch command to latest version
* api-change:``codepipeline``: Update codepipeline command to latest version
1.16.52
=======
* api-change:``mediapackage``: Update mediapackage command to latest version
1.16.51
=======
* api-change:``medialive``: Update medialive command to latest version
* api-change:``events``: Update events command to latest version
* api-change:``dlm``: Update dlm command to latest version
1.16.50
=======
* api-change:``ce``: Update ce command to latest version
* api-change:``dms``: Update dms command to latest version
* api-change:``ec2``: Update ec2 command to latest version
1.16.49
=======
* api-change:``waf-regional``: Update waf-regional command to latest version
* api-change:``pinpoint``: Update pinpoint command to latest version
* api-change:``pinpoint-email``: Update pinpoint-email command to latest version
* api-change:``apigateway``: Update apigateway command to latest version
* api-change:``codebuild``: Update codebuild command to latest version
* api-change:``ec2``: Update ec2 command to latest version
1.16.48
=======
* api-change:``serverlessrepo``: Update serverlessrepo command to latest version
* api-change:``eks``: Update eks command to latest version
1.16.47
=======
* api-change:``rekognition``: Update rekognition command to latest version
* api-change:``clouddirectory``: Update clouddirectory command to latest version
1.16.46
=======
* api-change:``servicecatalog``: Update servicecatalog command to latest version
1.16.45
=======
* api-change:``greengrass``: Update greengrass command to latest version
* api-change:``config``: Update config command to latest version
* api-change:``secretsmanager``: Update secretsmanager command to latest version
* api-change:``mediastore-data``: Update mediastore-data command to latest version
1.16.44
=======
* api-change:``chime``: Update chime command to latest version
* bugfix:Credentials: Fix issue where incorrect region was being used when using assume role credentials outside of the `aws` partition.
* api-change:``rds``: Update rds command to latest version
* api-change:``dms``: Update dms command to latest version
1.16.43
=======
* api-change:``alexaforbusiness``: Update alexaforbusiness command to latest version
* api-change:``ssm``: Update ssm command to latest version
* api-change:``sagemaker``: Update sagemaker command to latest version
1.16.42
=======
* api-change:``ec2``: Update ec2 command to latest version
1.16.41
=======
* api-change:``codestar``: Update codestar command to latest version
* api-change:``alexaforbusiness``: Update alexaforbusiness command to latest version
1.16.40
=======
* api-change:``ec2``: Update ec2 command to latest version
1.16.39
=======
* api-change:``shield``: Update shield command to latest version
* api-change:``inspector``: Update inspector command to latest version
1.16.38
=======
* api-change:``workspaces``: Update workspaces command to latest version
* api-change:``ssm``: Update ssm command to latest version
1.16.37
=======
* api-change:``medialive``: Update medialive command to latest version
* api-change:``appstream``: Update appstream command to latest version
* api-change:``route53``: Update route53 command to latest version
1.16.36
=======
* api-change:``apigateway``: Update apigateway command to latest version
* api-change:``events``: Update events command to latest version
1.16.35
=======
* api-change:``lightsail``: Update lightsail command to latest version
* api-change:``glue``: Update glue command to latest version
* api-change:``resource-groups``: Update resource-groups command to latest version
1.16.34
=======
* api-change:``lambda``: Update lambda command to latest version
* api-change:``servicecatalog``: Update servicecatalog command to latest version
* api-change:``rds``: Update rds command to latest version
1.16.33
=======
* api-change:``cloudtrail``: Update cloudtrail command to latest version
1.16.32
=======
* api-change:``mediaconvert``: Update mediaconvert command to latest version
* api-change:``directconnect``: Update directconnect command to latest version
* api-change:``athena``: Update athena command to latest version
* api-change:``transcribe``: Update transcribe command to latest version
* api-change:``ec2``: Update ec2 command to latest version
1.16.31
=======
* api-change:``es``: Update es command to latest version
* api-change:``comprehend``: Update comprehend command to latest version
* api-change:``transcribe``: Update transcribe command to latest version
1.16.30
=======
* api-change:``ssm``: Update ssm command to latest version
1.16.29
=======
* api-change:``iot``: Update iot command to latest version
* api-change:``iot-jobs-data``: Update iot-jobs-data command to latest version
1.16.28
=======
* api-change:``ds``: Update ds command to latest version
1.16.27
=======
* api-change:``ssm``: Update ssm command to latest version
* api-change:``storagegateway``: Update storagegateway command to latest version
* api-change:``apigateway``: Update apigateway command to latest version
* api-change:``codebuild``: Update codebuild command to latest version
1.16.26
=======
* api-change:``sagemaker``: Update sagemaker command to latest version
* api-change:``secretsmanager``: Update secretsmanager command to latest version
1.16.25
=======
* api-change:``rekognition``: Update rekognition command to latest version
* api-change:``guardduty``: Update guardduty command to latest version
1.16.24
=======
* api-change:``codestar``: Update codestar command to latest version
* bugfix:s3: Fixed a bug where `--sse-c-key` and `--sse-c-copy-source-key` were modeled as string values rather than bytes values, which make them impossible to use on python 3 unless your key happened to be all unicode.
* api-change:``ec2``: Update ec2 command to latest version
1.16.23
=======
* api-change:``apigateway``: Update apigateway command to latest version
* api-change:``codecommit``: Update codecommit command to latest version
* api-change:``mq``: Update mq command to latest version
1.16.22
=======
* api-change:``glue``: Update glue command to latest version
* api-change:``rds``: Update rds command to latest version
* api-change:``opsworkscm``: Update opsworkscm command to latest version
* api-change:``sqs``: Update sqs command to latest version
1.16.21
=======
* api-change:``cloudfront``: Update cloudfront command to latest version
* api-change:``ec2``: Update ec2 command to latest version
* api-change:``ds``: Update ds command to latest version
1.16.20
=======
* api-change:``connect``: Update connect command to latest version
* api-change:``rds``: Update rds command to latest version
1.16.19
=======
* api-change:``mediaconvert``: Update mediaconvert command to latest version
1.16.18
=======
* api-change:``rds``: Update rds command to latest version
* api-change:``ec2``: Update ec2 command to latest version
* api-change:``ds``: Update ds command to latest version
1.16.17
=======
* api-change:``s3``: Update s3 command to latest version
* api-change:``organizations``: Update organizations command to latest version
* api-change:``cloudwatch``: Update cloudwatch command to latest version
1.16.16
=======
* api-change:``es``: Update es command to latest version
* api-change:``rekognition``: Update rekognition command to latest version
1.16.15
=======
* api-change:``ec2``: Update ec2 command to latest version
* api-change:``codebuild``: Update codebuild command to latest version
* api-change:``elastictranscoder``: Update elastictranscoder command to latest version
* enhancement:s3: ``aws s3`` subcommands that list objects will use ListObjectsV2 instead of ListObjects `#3549 <https://github.com/aws/aws-cli/issues/3549>`__.
* api-change:``elasticache``: Update elasticache command to latest version
* api-change:``cloudwatch``: Update cloudwatch command to latest version
* api-change:``secretsmanager``: Update secretsmanager command to latest version
* api-change:``ecs``: Update ecs command to latest version
1.16.14
=======
* api-change:``polly``: Update polly command to latest version
1.16.13
=======
* api-change:``fms``: Update fms command to latest version
* api-change:``connect``: Update connect command to latest version
* api-change:``ec2``: Update ec2 command to latest version
* api-change:``ses``: Update ses command to latest version
1.16.12
=======
* api-change:``ssm``: Update ssm command to latest version
* api-change:``opsworkscm``: Update opsworkscm command to latest version
1.16.11
=======
* api-change:``redshift``: Update redshift command to latest version
* api-change:``cloudhsmv2``: Update cloudhsmv2 command to latest version
1.16.10
=======
* api-change:``config``: Update config command to latest version
* api-change:``logs``: Update logs command to latest version
1.16.9
======
* api-change:``apigateway``: Update apigateway command to latest version
* api-change:``mediaconvert``: Update mediaconvert command to latest version
* api-change:``codecommit``: Update codecommit command to latest version
1.16.8
======
* api-change:``dynamodb``: Update dynamodb command to latest version
* api-change:``rds``: Update rds command to latest version
* api-change:``elb``: Update elb command to latest version
* api-change:``appstream``: Update appstream command to latest version
* api-change:``s3``: Update s3 command to latest version
1.16.7
======
* api-change:``rds``: Update rds command to latest version
* api-change:``rekognition``: Update rekognition command to latest version
1.16.6
======
* api-change:``waf``: Update waf command to latest version
* api-change:``waf-regional``: Update waf-regional command to latest version
* api-change:``eks``: Update eks command to latest version
1.16.5
======
* api-change:``sagemaker``: Update sagemaker command to latest version
* api-change:``codebuild``: Update codebuild command to latest version
1.16.4
======
* api-change:``sagemaker-runtime``: Update sagemaker-runtime command to latest version
* api-change:``glue``: Update glue command to latest version
* api-change:``mediapackage``: Update mediapackage command to latest version
1.16.3
======
* api-change:``glue``: Update glue command to latest version
* api-change:``xray``: Update xray command to latest version
1.16.2
======
* api-change:``redshift``: Update redshift command to latest version
* api-change:``iotanalytics``: Update iotanalytics command to latest version
* api-change:``iot``: Update iot command to latest version
* api-change:``signer``: Update signer command to latest version
1.16.1
======
* api-change:``glue``: Update glue command to latest version
1.16.0
======
* api-change:``events``: Update events command to latest version
* feature:urllib3: Add support for ipv6 proxies by upgrading urllib3 version.
* api-change:``cognito-idp``: Update cognito-idp command to latest version
1.15.85
=======
* api-change:``iotanalytics``: Update iotanalytics command to latest version
* api-change:``medialive``: Update medialive command to latest version
* api-change:``rekognition``: Update rekognition command to latest version
* api-change:``iot``: Update iot command to latest version
* api-change:``lex-models``: Update lex-models command to latest version
1.15.84
=======
* api-change:``snowball``: Update snowball command to latest version
1.15.83
=======
* api-change:``elasticbeanstalk``: Update elasticbeanstalk command to latest version
* api-change:``ec2``: Update ec2 command to latest version
* api-change:``rds``: Update rds command to latest version
* api-change:``dlm``: Update dlm command to latest version
Release Notes for Samba 4.9.4
Major bug fixes include:
o dns: Fix CNAME loop prevention using counter regression.
Changes since 4.9.3:
* BUG 9175: libcli/smb: Don't overwrite status code.
* BUG 12164: wbinfo --group-info 'NT AUTHORITY\System' does not work.
* BUG 13661: Session setup reauth fails to sign response.
* BUG 13677: vfs_fruit: Validation of writes on AFP_AfpInfo stream.
* BUG 13688: vfs_shadow_copy2: Nicely deal with attempts to open previous
version for writing.
* BUG 13455: Restoring previous version of stream with vfs_shadow_copy2 fails
with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name.
* BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build.
* BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs.
* PEP8: fix E231: missing whitespace after ','.
* BUG 13629: winbindd: Fix crash when taking profiles.
* BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter
regression.
* BUG 13686: 'samba-tool user syscpasswords' fails on a domain with many DCs.
* BUG 13571: CVE-2018-16853: Do not segfault if client is not set.
* BUG 13679: lib:util: Fix DEBUGCLASS pointer initializiation.
* BUG 13696: ctdb-daemon: Exit with error if a database directory does not
exist.
* BUG 13498: s3:libads: Add net ads leave keep-account option.
pysmb-1.1.25:
- Fix buggy support for search parameter in listPath() method. Add
SMB_FILE_ATTRIBUTE_INCL_NORMAL bit constant to include 'normal' files with
other file types in the returned result. From now on, pysmb defines a 'normal' file
as a file entry that is not read-only, not hidden, not system, not archive and
not a directory; it ignores other attributes like compression, indexed, sparse,
temporary and encryption. listPath() method will now include 'normal' files
using the default search parameter.
- Add isNormal property to SharedFile class to support test if the file is a
'normal' file (according to pysmb definition of 'normal' file).
pysmb-1.1.24:
- Improve listPath implementation for SMB1
- Support for STATUS_PENDING responses across all SMB2 operations.
On BSD systems, ptrace(PT_DETACH) uses a third argument for
resume address, with the magic value (void *)1 to resume where
process stopped. Specifying NULL there leads to a crash because
process resumes at address 0.
We introduce an OS-dependent _PTRACE_DETACH macro to specify
third argument as NULL on Linux and (void *)1 on other systems.
Always using (void *)1 could be another solution, since basic
tests suggests passing (void *)1 as third argument on Linux
does not cause harm.
From upstream 1f8cd27b78
New Features:
New Dashboard.
IPS Dashboard.
IPS Signature Suppression.
Add support IPS signature categories control.
Add per radio uplink control.
Add speed and duplex config for USG interfaces.
Add Fallback VLAN support for USW when using 802.1X.
Add local SSO login.
Add Controller HD and Micro SD free space monitoring to admin notification settings.
Analytic Reporting.
New Cloud Access integration.
Various bug fixes and improvements.
Release date: 2018-09-24 20:31 UTC
Release state: stable
Release uploaded by: jon
Changelog:
* Don't disconnect when message size exceeds server limit
* Added GSSAPI support via the PECL krb5 module
* Updated composer requirements to use stable dependencies
Update bind912 to 9.12.3pl1 (BIND 9.12.3-P1).
--- 9.12.3-P1 released ---
5108. [bug] Named could fail to determine bottom of zone when
removing out of date keys leading to invalid NSEC
and NSEC3 records being added to the zone. [GL #771]
Update bind911 to 9.11.5pl1 (BIND 9.11.5-P1).
--- 9.11.5-P1 released ---
5108. [bug] Named could fail to determine bottom of zone when
removing out of date keys leading to invalid NSEC
and NSEC3 records being added to the zone. [GL #771]
the previous 0.9). From the changelog:
- Added IPV6_V6ONLY setsockoptions call.
- Improved poll handling in iopause.c considering poll RC.
- Added building of shared libraries + updated docs.
pkgsrc does not yet build shared libraries.
Changes:
2018.12.09
----------
Core
* [YoutubeDL] Keep session cookies in cookie file between runs
* [YoutubeDL] Recognize session cookies with expired set to 0 (#12929)
Extractors
+ [teachable] Add support for teachable platform sites (#5451, #18150, #18272)
+ [aenetworks] Add support for historyvault.com (#18460)
* [imgur] Improve gallery and album detection and extraction (#9133, #16577,
#17223, #18404)
* [iprima] Relax URL regular expression (#18453)
* [hotstar] Fix video data extraction (#18386)
* [ard:mediathek] Fix title and description extraction (#18349, #18371)
* [xvideos] Switch to HTTPS (#18422, #18427)
+ [lecturio] Add support for lecturio.com (#18405)
+ [nrktv:series] Add support for extra materials
* [nrktv:season,series] Fix extraction (#17159, #17258)
* [nrktv] Relax URL regular expression (#18304, #18387)
* [yourporn] Fix extraction (#18424, #18425)
* [tbs] Fix info extraction (#18403)
+ [gamespot] Add support for review URLs
Changes:
2.6.1
-----
- Fix using git aliases for git 2.20
- Add support for passing multiple --message options for compatibility
with git
- Allow the %h token in HostName value read from ssh config
Upstream changes:
Version 3.63 (2018-11-25)
[ENHANCEMENTS]
* #280 update to retrieve Aerohive serial
* #271 update os_ver for Alcatel-Lucent (stromsoe)
[BUG FIXES]
* #273 remove old ADTRAN modules not in netdisco-mibs
Upstream changes:
1.19 Nov 14, 2018
Show structure of EDNS options using Perl-like syntax.
Fix rt.cpan.org #127557
Net::DNS::Resolver::Base should use 3 args open
Fix rt.cpan.org #127182
Incorrect logic can cause DNS search to emit fruitless queries.
0.14.54
Bugfixes:
#5348: Web GUI doesn't work in older browsers
0.14.53
Bugfixes:
#4738: File restore doesn't work on one folder
#4780: Logging debugging flags stay after disabling all debug facilities in the web UI
#5267: Disabling the minimum disk free space check on folders doesn't work
#5270: panic: interface conversion: interface {} is map[string]string, not map[string]interface {}
#5291: panic: runtime error: index out of range
#5294: Removed devices do not influnce the list of locally needed files
#5296: strelaypoolsrv, cmd/ursrv: Google maps issue in the GUI
#5299: panic: bug: unknown device should already have been rejected
#5323: Files not deleted properly when one side has ignore permissions set
Enhancements:
#1347: Directory auto-complete should be case-insensitive
#3439: Ship .desktop files
#4000: Add "select all" / "deselect all" to folder and device sharing dialogs
#4480: Should show indication of local files/directories that can't be scanned for whatever reason
#5256: Upgrade SSL Certificate to use modern cipher
Other issues:
#5247: cmd/stdiscosrv: test suite sometimes seg faults on OpenBSD
#5280: Update to the new prometheus client API
v1.20: 20NOV2018
Added support for socks5 protocol (Eugene Protozanov)
New probing method:
Before, probes were tried in order, repeating on the
same probe as long it returned PROBE_AGAIN before
moving to the next one. This means a probe which
requires a lot of data (i.e. returne PROBE_AGAIN for
a long time) could prevent sucessful matches from
subsequent probes. The configuration file needed to
take that into account.
Now, all probes are tried each time new data is
found. If any probe matches, use it. If at least one
probe requires more data, wait for more. If all
probes failed, connect to the last one. So the only
thing to know when writing the configuration file is
that 'anyprot' needs to be last.
Test suite heavily refactored; `t` uses `test.cfg`
to decide which probes to test and all setup is
automatic; probes get tested with 'fast' (entire
first message in one packet) and 'slow' (one byte at
a time); when SNI/ALPN are defined, all combinations
are tested.
Old 'tls' probe removed, 'sni_alpn' probe renamed as 'tls'.
You'll need to change 'sni_alpn' to 'tls' in
your configuration file, if ever you used it.
Pkgsrc changes:
* Re-position configure diff.
Upstream changes:
Features
- Add fast-server-permil and fast-server-num options.
- Deprecate low-rtt and low-rtt-permil options.
- Change fast-server-num default to 3.
- Fix#4154: make ECS_MAX_TREESIZE configurable, with
the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options.
- Fix#4190: Please create a "ANY" deny option, adds the option
deny-any: yes in unbound.conf. This responds with an empty message
to queries of type ANY.
- Fix#4126: RTT_band too low on VSAT links with 600+ms latency,
adds the option unknown-server-time-limit to unbound.conf that
can be increased to avoid the problem.
- Add min-client-subnet-ipv6 and min-client-subnet-ipv4 options.
- Support SO_REUSEPORT_LB in FreeBSD 12 with the so-reuseport: yes
option in unbound.conf.
- Add unbound-control view_local_datas command, like local_datas.
Bug Fixes
- dnscrypt.c removed sizeof to get array bounds.
- Fix testlock code to set noreturn on error routine.
- Remove unused variable from contrib fastrpz/rpz.c and
remove unused diagnostic pragmas that themselves generate warnings
- clang analyze test is used only when assertions are enabled.
- Squelch EADDRNOTAVAIL errors when the interface goes away,
this omits 'can't assign requested address' errors unless
verbosity is set to a high value.
- Set default for so-reuseport to no for FreeBSD. It is enabled
by default for Linux and DragonFlyBSD. The setting can
be configured in unbound.conf to override the default.
- iana port update.
- Squelch log of failed to tcp initiate after TCP Fastopen failure.
- Fix#4192: unbound-control-setup generates keys not readable by
group.
- check that the dnstap socket file can be opened and exists, print
error if not.
- Add markdel function to ECS slabhash.
- Limit ECS scope returned to client to the scope used for caching.
- Fix#4191: NXDOMAIN vs SERVFAIL during dns64 PTR query.
- Fix#4141: More randomness to rrset-roundrobin.
- Fix#4132: Openness/closeness of RANGE intervals in rpl files.
- remade makefile dependencies.
- Fix#4152: Logs shows wrong time when using log-time-ascii: yes.
- Scrub NS records from NXDOMAIN responses to stop fragmentation
poisoning of the cache.
- Scrub NS records from NODATA responses as well.
- Add patch from Jan Vcelak for pythonmod,
add sockaddr_storage getters, add support for query callbacks,
allow raw address access via comm_reply and update API documentation.
- Removed compile warnings in pythonmod sockaddr routines.
- With ./configure --with-pyunbound --with-pythonmodule
PYTHON_VERSION=3.6 or with 2.7 unbound can compile and unit tests
succeed for the python module.
- pythonmod logs the python error and traceback on failure.
- ignore debug python module for test in doxygen output.
- review fixes for python module.
- Fix#4209: Crash in libunbound when called from getdns.
- auth zone zonefiles can be in a chroot, the chroot directory
components are removed before use.
- Fix that empty zonefile means the zonefile is not set and not used.
- Fix to not set GLOB_NOSORT so the unbound.conf include: files are
sorted and in a predictable order.
- Fix#4193: Fix that prefetch failure does not overwrite valid cache
entry with SERVFAIL.
- Fix DNS64 to not store intermediate results in cache, this avoids
other threads from picking up the wrong data. The module restores
the previous no_cache_store setting when the the module is finished.
- Fix#4208: 'stub-no-cache' and 'forward-no-cache' not work.
- New and better fix for Fix#4193: Fix that prefetch failure does
not overwrite valid cache entry with SERVFAIL.
- auth-zone give SERVFAIL when expired, fallback activates when
expired, and this is documented in the man page.
- stat count SERVFAIL downstream auth-zone queries for expired zones.
- Put new logos into windows installer.
- Fix windows compile for new rrset roundrobin fix.
- Update contrib fastrpz patch for latest release.
- Fix chroot auth-zone fix to remove chroot prefix.
- windows icon updated.
0.13.0:
- Remove all introspection logic for `progress` callback introduced in 0.12
- `progress` callback only accept 3 arguments again
- Introduce `progress4` parameter which accepts the peername as 4th argument
Wireshark 2.6.5 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2018-51[1] The Wireshark dissection engine could crash.
Bug 14466[2]. CVE-2018-19625[3].
• wnpa-sec-2018-52[4] The DCOM dissector could crash. Bug 15130[5].
CVE-2018-19626[6].
• wnpa-sec-2018-53[7] The LBMPDM dissector could crash. Bug
15132[8]. CVE-2018-19623[9].
• wnpa-sec-2018-54[10] The MMSE dissector could go into an infinite
loop. Bug 15250[11]. CVE-2018-19622[12].
• wnpa-sec-2018-55[13] The IxVeriWave file parser could crash. Bug
15279[14]. CVE-2018-19627[15].
• wnpa-sec-2018-56[16] The PVFS dissector could crash. Bug
15280[17]. CVE-2018-19624[18].
• wnpa-sec-2018-57[19] The ZigBee ZCL dissector could crash. Bug
15281[20]. CVE-2018-19628[21].
The following bugs have been fixed:
• VoIP Calls dialog doesn’t include RTP stream when preparing a
filter. Bug 13440[22].
• Wireshark installs on macOS with permissions for
/Library/Application Support/Wireshark that are too restrictive.
Bug 14335[23].
• Closing Enabled Protocols dialog crashes wireshark. Bug
14349[24].
• Unable to Export Objects → HTTP after sorting columns. Bug
14545[25].
• DNS Response to NS query shows as malformed packet. Bug
14574[26].
• Encrypted Alerts corresponds to a wrong selection in the packet
bytes pane. Bug 14712[27].
• Wireshark crashes/asserts with Qt 5.11.1 and assert/debugsymbols
enabled. Bug 15014[28].
• ESP will not decode since 2.6.2 - works fine in 2.4.6 or 2.4.8.
Bug 15056[29].
• text2pcap generates malformed packets when TCP, UDP or SCTP
headers are added together with IPv6 header. Bug 15194[30].
• Wireshark tries to decode EAP-SIM Pseudonym Identity. Bug
15196[31].
• Infinite read loop when extcap exits with error and error
message. Bug 15205[32].
• MATE unable to extract fields for PDU. Bug 15208[33].
• Malformed Packet: SV. Bug 15224[34].
• OPC UA Max nesting depth exceeded for valid packet. Bug
15226[35].
• TShark 2.6 does not print GeoIP information. Bug 15230[36].
• ISUP (ANSI) packets malformed in WS versions later than 2.4.8.
Bug 15236[37].
• Handover candidate enquire message not decoded. Bug 15237[38].
• TShark piping output in a cmd or PowerShell prompt stops working
when GeoIP is enabled. Bug 15248[39].
• ICMPv6 with routing header incorrectly placed. Bug 15270[40].
• IEEE 802.11 Vendor Specific fixed fields display as malformed
packets. Bug 15273[41].
• text2pcap -4 and -6 option should require -i as well. Bug
15275[42].
• text2pcap direction sensitivity does not affect dummy ethernet
addresses. Bug 15287[43].
• MLE security suite display incorrect. Bug 15288[44].
• Message for incorrect IPv4 option lengths is incorrect. Bug
15290[45].
• TACACS+ dissector does not properly reassemble large accounting
messages. Bug 15293[46].
• NLRI of S-PMSI A-D BGP route not being displayed. Bug 15307[47].
Updated Protocol Support
BGP, DCERPC, DCOM, DNS, EAP, ESP, GSM A BSSMAP, IEEE 802.11, IEEE
802.11 Radiotap, IPv4, IPv6, ISUP, LBMPDM, LISP, MLE, MMSE, OpcUa,
PVFS, SLL, SSL/TLS, SV, TACACS+, TCAP, Wi-SUN, XRA, and ZigBee ZCL
New and Updated Capture File Support
3GPP TS 32.423 Trace and IxVeriWave
New and Updated Capture Interfaces support
sshdump
[5.6.4]
Dedicated host cancel, cancel-guests, list-guests
added createDate and modifyDate parameters to sg rule-list
Fixed slcli subnet list
Fixed documentation link in image manager
Added description to slcli order
[5.6.3]
Updated urllib3 and requests libraries due to CVE-2018-18074
Fixed an ordering bug
Updated release process and fab-file
[5.6.0]
Support for Reserved Capacity
slcli vs capacity create
slcli vs capacity create-guest
slcli vs capacity create-options
slcli vs capacity detail
slcli vs capacity list
Fix post_uri parameter name on docstring
Fixed suspend cloud server order.
Update to use click 7
Add export/import capabilities to/from IBM Cloud Object Storage to the image manager as well as the slcli.
Wireshark 2.6.4 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2018-47[1]
• MS-WSP dissector crash. Bug 15119[2]. CVE-2018-18227[3].
• wnpa-sec-2018-48[4]
• Steam IHS Discovery dissector memory leak. Bug 15171[5].
CVE-2018-18226[6].
• wnpa-sec-2018-49[7]
• CoAP dissector crash. Bug 15172[8]. CVE-2018-18225[9].
• wnpa-sec-2018-50[10]
• OpcUA dissector crash. CVE-2018-12086[11].
The following bugs have been fixed:
• HTTP2 dissector decodes first SSL record only. Bug 11173[12].
• Undocumented sub-option for -N option in man page and tshark -N
help. Bug 14826[13].
• Mishandling of Port Control Protocol option padding. Bug
14950[14].
• MGCP: parameter lines are case-insensitive. Bug 15008[15].
• Details of 2nd sub-VSA in bundled RADIUS VSA are incorrect. Bug
15073[16].
• Heuristic DPLAY dissector fails to recognize DPLAY packets. Bug
15092[17].
• gsm_rlcmac_dl dissector exception. Bug 15112[18].
• dfilter_buttons file under user-created profile. Bug 15114[19].
• Filter buttons disappear when using pre-2.6 profile. Bug
15121[20].
• PROFINET Information element AM_DeviceIdentification in Asset
Management Info block is decoded wrongly. Bug 15140[21].
• Hw dest addr column shows incorrect address. Bug 15144[22].
• Windows dumpcap -i TCP@<ip-address> fails on pcapng stream. Bug
15149[23].
• Wildcard expansion doesn’t work on Windows 10 for command-line
programs in cmd.exe or PowerShell. Bug 15151[24].
• SSL Reassembly Error New fragment past old data limits. Bug
15158[25].
Updated Protocol Support
ASN.1 PER, Bluetooth HCI_SCO, CoAP, DPLAY, IEEE 802.11, Kafka,
Message Analyzer, MGCP, MS-WSP, Netmon, OpcUa, PCP, PNIO, RADIUS,
Steam IHS Discovery, and TLS
Bugfixes:
#5130: "Revert Local Changes" button stays when the file causing it is deleted
#5194: Unscanned/conflicting files are overwritten/removed in niche cases
#5226: Watcher fails due to filepath.EvalSymlinks error (FindFirstFile)
#5233: Folder restart can leave several folder instances running
#5249: Impossible to change device name from web UI
Enhancements:
#2497: CheckFolderHealth wakes up disk at index exchange
#3616: Disable GUI and make API available on unix socket
#5142: "Support bundle" download
#5193: Should exit with code zero when run with -help
#5236: Consider moving to Fork-Awesome or another free font
3.39.0 (2018-11-30)
- Fix timestamps of newly created empty files on the server if the option to preserve timestamps is set
3.39.0-rc1 (2018-11-23)
+ The down button on the keyboard now opens the quickconnect history dropdown menu if the quickconnect bar has the input focus
+ The down button on the keyboard now opens the search options if the quick search dialog has the input focus
- Refactored how close notifications were handled in the network code
- Fixed saving of the 'not equal' and 'less than' conditions for size filters
- Fixed regular expression filters not respecting the case-sensitivity checkbox in all situations
- Restore context menu item to delete file in local file search
3.38.1 (2018-10-27)
- Fixed crash if transferring three or more files in parallel when speed limits are enabled
3.38.0 (2018-10-26)
- Updated translations
3.38.0-rc1 (2018-10-19)
+ Refreshing remote file list while holding Ctrl now clears the remote directory cache for the current server
+ Changed default logon type if creating a new site in the Site Manager
- Fixed state of controls in the Site Manager when creating a new site after the previously viewed site has been predefined
- Fixed dragging remote files to queue
- Building and running FileZilla now depends on libfilezilla >= 0.15.0 (https://lib.filezilla-project.org/)
- Improve compatibility with GnuTLS 3.6.x
- Fix building with automake >= 1.16.0
3.37.4 (2018-09-04)
- MSW: Fix regression introduced in 3.37.3 with moving files locally using drag&drop
3.37.3 (2018-09-28)
- Fix issues with directory creation when uploading many files in parallel
- macOS: Fix crashes if dragging more than one file
- macOS: Opt out of Dark Mode
3.37.1 (2018-09-21)
- Local path is no longer forgotten when leaving synchronized browsing mode
3.37.0 (2018-09-17)
- Fix remote target path if uploading files through the search dialog
3.37.0-rc1 (2018-09-10)
+ Use a cache for the system trust store to speed up connecting establishment on systems with huge certificate revocation lists in the system trust store
- Fixed bug in GnuTLS causing crashes on connection establishment
- Fixed enabled state of controls in the Site Manager if switching to a protocol not supporting the previously selected logontype
0.15.1 (2018-11-22)
+ Add argument to fz::strtok to return empty tokens
- Fix compatibility issue with Nettle < 3.3
- Fix fz::random_bytes on MinGW
- Fix memory leak in fz::buffer
0.15.0 (2018-10-19)
+ libfilezilla now depends on Nettle >= 3.1
+ Added fz::sha512, fz::sha256, fz::sha1 and fz::md5 hash functions
+ Added fz::hash_accumulator
+ Added fz::hmac_sha256 HMAC function
+ Added asymmetric encryption scheme using X25519
+ Added signature scheme using Ed25519
- Changed and documented semantics of the return value of fz::remove_file, removing a non-existing file is not an error
0.14.0 (2018-10-04)
+ Added fz::equal_insensitive_ascii
+ Added insensitive_ascii parameter to fz::starts_with and fz::ends_with
- Fixed namespace of to_wstring in wx glue
0.13.2 (2018-09-21)
- Fix regression in fz::shared_value::clear
- Fix parsing of URIs without path
0.13.1 (2018-09-10)
+ Made fz::scoped_lock movable
- Fix a few compiler warnings
Recursor 4.1.8
Crafted query can cause a denial of service (CVE-2018-16855)
Recursor 4.1.7
Revert ‘Keep the EDNS status of a server on FormErr with EDNS’
Refuse queries for all meta-types
Recursor 4.1.6
Revert “rec: Authority records in AA=1 CNAME answer are authoritative”.
Recursor 4.1.5
PowerDNS Security Advisory 2018-04 (CVE-2018-10851)
PowerDNS Security Advisory 2018-06 (CVE-2018-14626)
PowerDNS Security Advisory 2018-07 (CVE-2018-14644)
Improvements
Add pdnslog to lua configuration scripts (Chris Hofstaedtler)
Fix compilation with libressl 2.7.0+
Export outgoing ECS value and server ID in protobuf (if any)
Switch to devtoolset 7 for el6
Allow the signature inception to be off by a number of seconds (Kees Monshouwer)
Bug Fixes
Crafted answer can cause a denial of service (CVE-2018-10851)
Packet cache pollution via crafted query (CVE-2018-14626)
Crafted query for meta-types can cause a denial of service (CVE-2018-14644)
Delay the creation of rpz threads until we have dropped privileges
Cleanup the netmask trees used for the ecs index on removals
Make sure that the ecs scope from the auth is < to the source
Authority records in aa=1 cname answer are authoritative
Avoid a memory leak in catch-all exception handler
Don’t require authoritative answers for forward-recurse zones
Release memory in case of error in the openssl ecdsa constructor
Convert a few uses to toLogString to print DNSName’s that may be empty in a safer manner
Avoid a crash on DEC Alpha systems
Clear all caches on (N)TA changes
4.1.5:
This release fixes the following security advisories:
* PowerDNS Security Advisory 2018-03 (CVE-2018-10851)
* PowerDNS Security Advisory 2018-05 (CVE-2018-14626)
Improvements
* Apply alias scopemask after chasing
* Release memory in case of error in the openssl ecdsa constructor
* Switch to devtoolset 7 for el6
Bug Fixes
* Fix compilation with libressl 2.7.0+
* Actually truncate truncated responses
* Crafted zone record can cause a denial of service (CVE-2018-10851, PowerDNS Security Advisory 2018-03)
* Packet cache pollution via crafted query (CVE-2018-14626, PowerDNS Security Advisory 2018-05)
=============================
Release Notes for Samba 4.9.3
November 27, 2018
=============================
This is a security release in order to address the following defects:
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
o CVE-2018-16857 (Bad password count in AD DC not always effective)
=======
Details
=======
o CVE-2018-14629:
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
o CVE-2018-16841:
When configured to accept smart-card authentication, Samba's KDC will call
talloc_free() twice on the same memory if the principal in a validly signed
certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate.
talloc is robust against further corruption from a double-free with
talloc_free() and directly calls abort(), terminating the KDC process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16851:
During the processing of an LDAP search before Samba's AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16852:
During the processing of an DNS zone in the DNS management DCE/RPC server,
the internal DNS server or the Samba DLZ plugin for BIND9, if the
DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
property is set, the server will follow a NULL pointer and terminate.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16853:
A user in a Samba AD domain can crash the KDC when Samba is built in the
non-default MIT Kerberos configuration.
With this advisory we clarify that the MIT Kerberos build of the Samba
AD DC is considered experimental. Therefore the Samba Team will not
issue security patches for this configuration.
o CVE-2018-16857:
AD DC Configurations watching for bad passwords (to restrict brute forcing
of passwords) in a window of more than 3 minutes may not watch for bad
passwords at all.
For more details and workarounds, please refer to the security advisories.
ChangeLog:
Released version 1.8.13 with the following main changes :
- MINOR: systemd: consider exit status 143 as successful
- BUG/MINOR: ssl: properly ref-count the tls_keys entries
- MINOR: mux: add a "show_fd" function to dump debugging information for "show fd"
- MINOR: h2: implement a basic "show_fd" function
- BUG/MINOR: h2: remove accidental debug code introduced with show_fd function
- MINOR: h2: keep a count of the number of conn_streams attached to the mux
- MINOR: h2: add the mux and demux buffer lengths on "show fd"
- BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in excess
- BUG/MEDIUM: h2: never leave pending data in the output buffer on close
- BUG/MEDIUM: h2: make sure the last stream closes the connection after a timeout
- BUG/MINOR: http: Set brackets for the unlikely macro at the right place
- BUILD: Generate sha256 checksums in publish-release
- MINOR: debug: Add check for CO_FL_WILL_UPDATE
- MINOR: debug: Add checks for conn_stream flags
- BUG/MEDIUM: threads: Fix the exit condition of the thread barrier
- MINOR: h2: add the error code and the max/last stream IDs to "show fd"
- BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full
- BUG/MEDIUM: stats: don't ask for more data as long as we're responding
- BUG/MINOR: servers: Don't make "server" in a frontend fatal.
- BUG/MEDIUM: threads/sync: use sched_yield when available
- BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever
- BUG/MINOR: config: stick-table is not supported in defaults section
- BUG/MINOR: threads: Handle nbthread == MAX_THREADS.
- BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS
- MINOR: threads: move "nbthread" parsing to hathreads.c
- BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number
- MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed
- SCRIPTS: git-show-backports: add missing quotes to "echo"
Released version 1.8.14 with the following main changes :
- BUG/MEDIUM: servers: check the queues once enabling a server
- BUG/MEDIUM: queue: prevent a backup server from draining the proxy's connections
- MINOR: dns: fix wrong score computation in dns_get_ip_from_response
- MINOR: dns: new DNS options to allow/prevent IP address duplication
- BUG/MEDIUM: lua: possible CLOSE-WAIT state with '\n' headers
- MINOR: threads: Introduce double-width CAS on x86_64 and arm.
- BUG/MEDIUM: threads: fix the double CAS implementation for ARMv7
- MINOR: threads: add more consistency between certain variables in no-thread case
- BUG/MEDIUM: threads: fix the no-thread case after the change to the sync point
- MEDIUM: hathreads: implement a more flexible rendez-vous point
- BUG/MEDIUM: cli: make "show fd" thread-safe
- BUG/MINOR: ssl: empty connections reported as errors.
- BUG/MEDIUM: ssl: fix missing error loading a keytype cert from a bundle.
- BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error.
- BUG/MINOR: map: fix map_regm with backref
- DOC: dns: explain set server ... fqdn requires resolver
- DOC: ssl: Use consistent naming for TLS protocols
- BUG/MEDIUM: lua: socket timeouts are not applied
- BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates
- BUG/MEDIUM: cli/threads: protect some server commands against concurrent operations
- DOC: Fix spelling error in configuration doc
- BUG/MEDIUM: unix: provide a ->drain() function
- BUG/MINOR: lua: Bad HTTP client request duration.
- BUG/MEDIUM: mux_pt: dereference the connection with care in mux_pt_wake()
- BUG/MEDIUM: lua: reset lua transaction between http requests
- BUG/MEDIUM: hlua: Make sure we drain the output buffer when done.
- BUG/MAJOR: thread: lua: Wrong SSL context initialization.
- BUG/MEDIUM: hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0.
- BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and server state file
- BUG/MEDIUM: ECC cert should work with TLS < v1.2 and openssl >= 1.1.1
- MINOR: thread: implement HA_ATOMIC_XADD()
- BUG/MINOR: stream: use atomic increments for the request counter
- BUG/MEDIUM: session: fix reporting of handshake processing time in the logs
- BUG/MEDIUM: h2: fix risk of memory leak on malformated wrapped frames
- BUG/MINOR: dns: check and link servers' resolvers right after config parsing
- BUG/MINOR: http/threads: atomically increment the error snapshot ID
- BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors
- BUG/MAJOR: kqueue: Don't reset the changes number by accident.
- BUG/MINOR: server: Crash when setting FQDN via CLI.
- DOC: Fix typos in lua documentation
- BUG/MEDIUM: patterns: fix possible double free when reloading a pattern list
- BUG/MINOR: tools: fix set_net_port() / set_host_port() on IPv4
- BUG/MINOR: cli: make sure the "getsock" command is only called on connections
- BUG/CRITICAL: hpack: fix improper sign check on the header index value
c-ares version 1.15.0:
Changes:
- Add ares_init_options() configurability for path to resolv.conf file
- Ability to exclude building of tools (adig, ahost, acountry) in CMake
- Android: Support for domain search suffix
- Report ARES_ENOTFOUND for .onion domain names as per RFC7686
Bug fixes:
- AIX build fix for trying to include both nameser_compat.h and onameser_compat.h
- Windows: Improve DNS suffixes extracting from WinNT registry
- Fix modern GCC warnings
- Apply the IPv6 server blacklist to all nameserver sources, not just Windows
- Fix warnings emitted by MSVC when using -W4
- Prevent changing name servers while queries are outstanding
- Harden and rationalize c-ares timeout computation
- Distribute ares_android.h
- ares_set_servers_csv() on failure should not leave channel in a bad state
- Add missing docs to distribution
Changes:
Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.0
- Added more checks to places where we are mapping a file
or checking for symbolic links. Should avoid trying to
operating on invalid path names or broken symlinks.
Issue reported by Xu.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.9
- Several checks added to chdir() and other
return codes to make sure syscalls are all returning
properly. Patch provided by Zhouyang Jia.
- Fixed some compiler warnings due to unused or
oddly indented code.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.8
- Fixed potential double-free bug during Bftpd shutdown.
- Fixed potential unititalized variable.
Thanks to Alex for reporting these bugs.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.7
- Fixed memory leak in rename function.
Thanks to Alex for reporting this bug.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.6
- Avoid memory corruption when reading config file by initalizing memory.
- Make sure CHROOT is default option, even if it is not specified
in the config file.
Thanks for Anton Yuzhaninov for providing the above two fixes.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.5
- Avoid potential buffer underflow in main.c
Thanks to Andreas for pointing out this problem.
Changelog:
* The value for netprobe_timeout was read from the command-line, but not from the configuration file any more. This is a regression introduced in the previous version, that has been fixed.
* The default value for netprobe timeouts has been raised to 60 seconds.
* A hash of the body is added to query parameters when sending DoH queries with the POST method in order to work around badly configured proxies.
pkgsrc changes:
- Remove patches/patch-aa, no longer needed (config.h is now
included and HAVE_DECL_BSWAP64 is now properly checked)
- perl is needed in the test phase and at runtime, add it to USE_TOOLS
- Remove no longer needed dependency to p5-IO-tty
- Add support for the test target (and REPLACE_PERL test target scripts)
Changes:
1.3.2
-----
* Platform support:
* Explicitly enable binding to both IPv4 and IPv6 addresses.
(Giel van Schijndel)
* Restore perl 5.8.8 support for RHEL5. (Alexander Chernyakhovsky)
* Make tests detect UTF-8 locale with a helper executable. (John Hood)
* Don't print /etc/motd on IllumOS. (John Hood)
* Print {,/var}/run/motd.dynamic on Ubuntu. (John Hood)
* Fix build on Haiku. (Adrien Destugues)
* Disable unicode-later-combining.test for tmux 2.4.
This fixes build failures. (John Hood)
* Bug fixes:
* In tests, explicitly set 80x24 tmux window, for newer versions
of tmux. (John Hood)
* Work around JuiceSSH rendering bug. (John Hood)
* Do not move cursor for SCROLL UP and SCROLL DOWN--
fixes an issue with tmux 2.4. (John Hood)
Discussed with <agc>, thanks!
pkgsrc changes:
- Update MASTER_SITES to avoid MASTER_SITE_DEBIAN
Changes:
2018-11-19 torsocks 2.3.0
* Fix a bunch of stuff in the wrapper script, #24967
* gethostbyaddr_r: always assign result
* log: Remove log line when logging is stopped
* gethostbyaddr_r: Don't put garbage in data->hostname
* gethostbyaddr_r: Populate h_addrtype field
* log: Avoid crash or file corruption when closing logs
* connect: Always pass .onion IP cookie to connection object
* Merge remote-tracking branch 'yawning/bug23715'
* Make torsocks always connect to the configured Tor port
* test: Make getpeername test connect to moria1
* socks5: Always use ATYP 0x03 for CONNECT command
* Merge remote-tracking branch 'upstream/master'
* doc: Clarify the libc limitation in README
* accept4: Initialize libc symbol early
* Bug 23715: Support memfd_create(2).
* test: Detect if tor is running in test_fd_passing
* No tab in the README
* Merge remote-tracking branch 'debian/bugfix/typo-subsytem'
* Merge remote-tracking branch 'debian/bugfix/typo-catched'
* Merge remote-tracking branch 'debian/bugfix/typo-conect'
* doc: Add autogen.sh step to README
* Add a -q/--quiet to torsocks
* tests: Add a check for a running Tor
* Make cpp conditional for definition of handle_mmap match use
* utils: Add useful function for later use
* man: Some words were missing
* Remove clang warnings
* Add missing quotes to variable in torsocks.in
* Fix check_addr() to return either 0 or 1
* Ignore stderr for getcap command
* syscall: Add seccomp, gettimeofday, clock_gettime, fork
* Fix typo: conect -> connect.
* Fix typo: subsytem -> subsystem.
* Fix typo: catched -> caught.
Changes:
1.6.0
-----
- Add wallhaven extractor
- Add yuki extractor
- Add a ytdl (youtube-dl) downloader to download media via youtube-dl
(Unfortunately at the moment youtube-dl package is not a multipackage (we do
not have py{27,34,35,37}-youtube-dl so this will work only if youtube-dl was
built with the same PYTHON_VERSION_DEFAULT of gallery-dl))
- Add '--no-check-certificate' command-line option
- Misc bug fixes and improvements
Changes:
Geomyidae v0.34 Release »Above the Oceans«
------------------------------------------
I am proud to announce the v0.34 release of geomyidae!
It is named »Above the Oceans«, because it is released 11km above the Atlantic
Ocean. I can't see whales from here.
Why a new release in such a short time?
In geomyidae v0.33 is a nasty listening bug, so do not use it.
What has changed from v0.33 v0.34:
* There is finally a multi-listening implementation, which allows constant
behaviour of IPv6 and IPv4 across all platforms, including the BSDs.
# bind to 0.0.0.0 and :: on port 7070
geomyidae -b $(pwd) -p 7070 -d
# bind to :: only on port 7070
geomyidae -6 -b $(pwd) -p 7070 -d
# bind to the IPv4 address of some interface only
geomyidae -4 -b $(pwd) -i google.com
# bind to IPv6 and IPv4 of many interfaces
geomyidae -b $(pwd) -i google.com -i google.de -i nsa.gov
Geomyidae v0.33 Release
-----------------------
I am proud to announce the v0.33 release of geomyidae!
What has changed:
* More links for geomyidae resources.
* Fixes in error messages. They now show useful messages.
* Do not exit on SIGHUP. (Fix for OpenBSD startup.)
* Fix of some memory leaks.
* Relative path support in gph files!
* This will make portable CGI applications easier possible.
* This is now possible:
[1|Some Cool Menu|../cool/menu|server|port]
* Fix to set the gph replacement port.
* Fix some IPv6 binding issues.
* Some separate binding for BSDs is still in the works.
* Manpage has been beautified.
* '/' is now stripped from base path.
I want to thank all contributors! You are making gopher better!
* Version 2.0.18
- Official builds now support TLS 1.3.
- The timeout for the initial connectivity check can now be set from
the command line.
- An `Accept:` header is now always sent with `GET` queries.
- BOMs are now ignored in configuration files.
- In addition to SOCKS, HTTP and HTTPS proxies are now supported for
DoH servers.
registrations of SIP clients on a private IP network, and rewrites the
SIP message bodies to make SIP connections work via a NAT firewall.
Imported from wip/siproxd.
Upstream changes:
mikutter 3.8.3
* fix use of an unintended function that should have been removed
but accidentally released in the Diva gem
* insufficient file dependencies
* thanks @ahiru3net
* remove dependencies on Photo plugin from the twitter, gui, and skin plugins
* add missed dependencies in the intent plugin
* thanks @ahiru3net
Upstream changes:
0.53 MOn Nov 05 2018 "Dean Hamstead" <dean@bytefoundry.com.au>"
- Fix some tests on Windows
- Various coding changes internally
- Expose CC Addresses and Admin CC Addresses on Queues
Upstream changes:
Changes for version 3.62 - 2018-10-29
ENHANCEMENTS
#278 Support for Cisco Firepower Threat Defense
#275 Document peth_port_ifindex for Junipers
#274 Add peth_port_ifindex override for Junipers
#270 Add support for additional Mikrotik models
Add HP 3810M, 2930M, 2930F and 2540 series switches
BUG FIXES
#265 Fix typos in L3::Huawei
Tor 0.3.4.9 is the second stable release in its series; it backports
numerous fixes, including a fix for a bandwidth management bug that
was causing memory exhaustion on relays. Anyone running an earlier
version of Tor 0.3.4.9 should upgrade.
o Major bugfixes (compilation, backport from 0.3.5.3-alpha):
- Fix compilation on ARM (and other less-used CPUs) when compiling
with OpenSSL before 1.1. Fixes bug 27781; bugfix on 0.3.4.1-alpha.
o Major bugfixes (mainloop, bootstrap, backport from 0.3.5.3-alpha):
- Make sure Tor bootstraps and works properly if only the
ControlPort is set. Prior to this fix, Tor would only bootstrap
when a client port was set (Socks, Trans, NATD, DNS or HTTPTunnel
port). Fixes bug 27849; bugfix on 0.3.4.1-alpha.
o Major bugfixes (relay, backport from 0.3.5.3-alpha):
- When our write bandwidth limit is exhausted, stop writing on the
connection. Previously, we had a typo in the code that would make
us stop reading instead, leading to relay connections being stuck
indefinitely and consuming kernel RAM. Fixes bug 28089; bugfix
on 0.3.4.1-alpha.
o Major bugfixes (restart-in-process, backport from 0.3.5.1-alpha):
- Fix a use-after-free error that could be caused by passing Tor an
impossible set of options that would fail during options_act().
Fixes bug 27708; bugfix on 0.3.3.1-alpha.
o Minor features (continuous integration, backport from 0.3.5.1-alpha):
- Don't do a distcheck with --disable-module-dirauth in Travis.
Implements ticket 27252.
- Only run one online rust build in Travis, to reduce network
errors. Skip offline rust builds on Travis for Linux gcc, because
they're redundant. Implements ticket 27252.
- Skip gcc on OSX in Travis CI, because it's rarely used. Skip a
duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on
Linux with default settings, because all the non-default builds
use gcc on Linux. Implements ticket 27252.
o Minor features (continuous integration, backport from 0.3.5.3-alpha):
- Use the Travis Homebrew addon to install packages on macOS during
Travis CI. The package list is the same, but the Homebrew addon
does not do a `brew update` by default. Implements ticket 27738.
o Minor features (geoip):
- Update geoip and geoip6 to the October 9 2018 Maxmind GeoLite2
Country database. Closes ticket 27991.
o Minor bugfixes (32-bit OSX and iOS, timing, backport from 0.3.5.2-alpha):
- Fix an integer overflow bug in our optimized 32-bit millisecond-
difference algorithm for 32-bit Apple platforms. Previously, it
would overflow when calculating the difference between two times
more than 47 days apart. Fixes part of bug 27139; bugfix
on 0.3.4.1-alpha.
- Improve the precision of our 32-bit millisecond difference
algorithm for 32-bit Apple platforms. Fixes part of bug 27139;
bugfix on 0.3.4.1-alpha.
- Relax the tolerance on the mainloop/update_time_jumps test when
running on 32-bit Apple platforms. Fixes part of bug 27139; bugfix
on 0.3.4.1-alpha.
o Minor bugfixes (C correctness, to appear in 0.3.5.4-alpha):
- Avoid undefined behavior in an end-of-string check when parsing
the BEGIN line in a directory object. Fixes bug 28202; bugfix
on 0.2.0.3-alpha.
o Minor bugfixes (CI, appveyor, to appear in 0.3.5.4-alpha):
- Only install the necessary mingw packages during our appveyor
builds. This change makes the build a little faster, and prevents
a conflict with a preinstalled mingw openssl that appveyor now
ships. Fixes bugs 27943 and 27765; bugfix on 0.3.4.2-alpha.
o Minor bugfixes (code safety, backport from 0.3.5.3-alpha):
- Rewrite our assertion macros so that they no longer suppress the
compiler's -Wparentheses warnings. Fixes bug 27709; bugfix
o Minor bugfixes (continuous integration, backport from 0.3.5.1-alpha):
- Stop reinstalling identical packages in our Windows CI. Fixes bug
27464; bugfix on 0.3.4.1-alpha.
o Minor bugfixes (directory authority, to appear in 0.3.5.4-alpha):
- Log additional info when we get a relay that shares an ed25519 ID
with a different relay, instead making a BUG() warning. Fixes bug
27800; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (directory connection shutdown, backport from 0.3.5.1-alpha):
- Avoid a double-close when shutting down a stalled directory
connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha.
o Minor bugfixes (HTTP tunnel, backport from 0.3.5.1-alpha):
- Fix a bug warning when closing an HTTP tunnel connection due to an
HTTP request we couldn't handle. Fixes bug 26470; bugfix
on 0.3.2.1-alpha.
o Minor bugfixes (netflow padding, backport from 0.3.5.1-alpha):
- Ensure circuitmux queues are empty before scheduling or sending
padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.
o Minor bugfixes (onion service v3, backport from 0.3.5.1-alpha):
- When the onion service directory can't be created or has the wrong
permissions, do not log a stack trace. Fixes bug 27335; bugfix
on 0.3.2.1-alpha.
o Minor bugfixes (onion service v3, backport from 0.3.5.2-alpha):
- Close all SOCKS request (for the same .onion) if the newly fetched
descriptor is unusable. Before that, we would close only the first
one leaving the other hanging and let to time out by themselves.
Fixes bug 27410; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha):
- When selecting a v3 rendezvous point, don't only look at the
protover, but also check whether the curve25519 onion key is
present. This way we avoid picking a relay that supports the v3
rendezvous but for which we don't have the microdescriptor. Fixes
bug 27797; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (protover, backport from 0.3.5.3-alpha):
- Reject protocol names containing bytes other than alphanumeric
characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix
on 0.2.9.4-alpha.
o Minor bugfixes (rust, backport from 0.3.5.1-alpha):
- Compute protover votes correctly in the rust version of the
protover code. Previously, the protover rewrite in 24031 allowed
repeated votes from the same voter for the same protocol version
to be counted multiple times in protover_compute_vote(). Fixes bug
27649; bugfix on 0.3.3.5-rc.
- Reject protover names that contain invalid characters. Fixes bug
27687; bugfix on 0.3.3.1-alpha.
o Minor bugfixes (rust, backport from 0.3.5.2-alpha):
- protover_all_supported() would attempt to allocate up to 16GB on
some inputs, leading to a potential memory DoS. Fixes bug 27206;
bugfix on 0.3.3.5-rc.
o Minor bugfixes (rust, directory authority, to appear in 0.3.5.4-alpha):
- Fix an API mismatch in the rust implementation of
protover_compute_vote(). This bug could have caused crashes on any
directory authorities running Tor with Rust (which we do not yet
recommend). Fixes bug 27741; bugfix on 0.3.3.6.
o Minor bugfixes (rust, to appear in 0.3.5.4-alpha):
- Fix a potential null dereference in protover_all_supported(). Add
a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha.
- Return a string that can be safely freed by C code, not one
created by the rust allocator, in protover_all_supported(). Fixes
bug 27740; bugfix on 0.3.3.1-alpha.
o Minor bugfixes (testing, backport from 0.3.5.1-alpha):
- If a unit test running in a subprocess exits abnormally or with a
nonzero status code, treat the test as having failed, even if the
test reported success. Without this fix, memory leaks don't cause
the tests to fail, even with LeakSanitizer. Fixes bug 27658;
bugfix on 0.2.2.4-alpha.
o Minor bugfixes (testing, backport from 0.3.5.3-alpha):
- Make the hs_service tests use the same time source when creating
the introduction point and when testing it. Now tests work better
on very slow systems like ARM or Travis. Fixes bug 27810; bugfix
on 0.3.2.1-alpha.
o Minor bugfixes (testing, to appear in 0.3.5.4-alpha):
- Treat backtrace test failures as expected on BSD-derived systems
(NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808.
(FreeBSD failures have been treated as expected since 18204 in
0.2.8.) Fixes bug 27948; bugfix on 0.2.5.2-alpha.
0.10.2
- Fixed build setup to use undeprecated pytest bin stub.
- Updated tox configuration.
- Added example of using responses with pytest.fixture
- Removed dependency on biscuits in py3. Instead http.cookies is being used.
0.10.1
- Packaging fix to distribute wheel
0.10.0
- Fix passing through extra settings
- Fix collections.abc warning on Python 3.7
- Use 'biscuits' library instead of 'cookies' on Python 3.4+
Changes:
version 2018.11.03
Core
* [extractor/common] Ensure response handle is not prematurely closed before
it can be read if it matches expected_status (#17195, #17846, #17447)
Extractors
* [laola1tv:embed] Set correct stream access URL scheme (#16341)
+ [ehftv] Add support for ehftv.com (#15408)
* [azmedien] Adopt to major site redesign (#17745, #17746)
+ [twitcasting] Add support for twitcasting.tv (#17981)
* [orf:tvthek] Fix extraction (#17737, #17956, #18024)
+ [openload] Add support for oload.fun (#18045)
* [njpwworld] Fix authentication (#17427)
+ [linkedin:learning] Add support for linkedin.com/learning (#13545)
* [theplatform] Improve error detection (#13222)
* [cnbc] Simplify extraction (#14280, #17110)
+ [cbnc] Add support for new URL schema (#14193)
* [aparat] Improve extraction and extract more metadata (#17445, #18008)
* [aparat] Fix extraction
Changes:
2.6.0
-----
Features
--------
- Use "scissors" line to delineate comments in editable messages instead of
stripping away lines that start with #. This helps preserve Markdown
headings in hub pull-request, hub release create, and similar commands
that open a text editor interactively.
Everything above the following line is kept in the message; everything
below is discarded:
# ------------------------ >8 ------------------------
- New command hub issue show <NUMBER>
- Add hub release show --format=<FORMAT> functionality
- hub pr list --format=%rs lists requested reviewers
- Add support for communicating with GitHub Enterprise over Unix socket
# ~/.config/hub
example.com:
user: USER
oauth_token: TOKEN
unix_socket: /path/to/socket
Fixes
-----
- Prevent hub create setting a public upstream when creating a private repo
- Fix hub create in place of a renamed repo
- Fix hub release create/edit/delete when there are multiple git remotes
- Auto-detect private/pushable repos in hub remote add
- Fix hub ci-status exit code when there is only Checks
- Allow hub compare <RANGE> even if not on any branch
- Ensure consistent sort direction when listing issues, PRs
- Match requested team names by slug instead of name in
hub pull-request -r <TEAM>
