Upstream changes:
mikutter 3.8.6
* backport yield_self for Ruby 2.4 and prior
* possible crash on too fast reply as @seibe
* extract pixiv images from OGP
* thanks Shibafu Midorino
Changes in Apache Libcloud 2.4.0
- Refuse installation with Python 2.6 and Python 3.3 (support was
already dropped in Libcloud 2.3.0)
- Support Python 3.7
- Cleanup various Python files
- Allow running tests with http_proxy set
Common
- [OpenStack] Document openstack_connection_kwargs method
- [OpenStack] Handle missing user email in OpenStackIdentityUser
Compute
- [ARM] Support OS disk size definition on node creation
- [Digital Ocean] Support floating IPs
- [Digital Ocean] Support attach/detach for floating IPs
- [Digital Ocean] Add ex_get_node_details
- [Digital Ocean] Add tags extra attribute to create_node
- [Dimension Data] Fix IndexError in list_images
- [EC2] Add AWS eu-west-3 (Paris) region
- [EC2] Add description to ex_authorize_security_group_ingress
- [EC2] Added script to automatically get EC2 instance sizes
- [EC2] Update instance sizes
- [EC2] Accept tags when create a snapshot
- [GCE] Expand Firewall options coverage
- [GCE] Expand network and subnetwork options coverage
- [GCE] Extend ex_create_address to allow internal ip creation
- [GCE] Allow shared VPC in managed instance group creation
- [GCE] Support disk_size parameter for boot disk when creating instance
- [GCE] Update public image projects list
- [GCE] Fix _find_zone_or_region for >500 instances
- [GCE] Allow routing_mode=None in ex_create_network
- [OpenStack] Implement Glance Image API v2
- [OpenStack] Fix spelling in ex_files description
- [OpenStack v2] Allow listing image members
- [OpenStack v2] Allow creating and accepting image members
- [OpenStack v2] Fix image members methods
- [OpenStack] Fix API doc for delete_floating_ip
- [OpenStack] Implement port attaching/detaching
- [OpenStack] Add methods for getting and creating ports
- [OpenStack] Add get_user method
- [OpenStack] Add ex_list_subnets to OpenStack_2_NodeDriver
- [OpenStack] The OpenStack_2_NodeDriver uses two connections
- [OpenStack] The OpenStack_2_NodeDriver /v2.0/networks instead of /os-networks
- [Scaleway] New Scaleway driver
- [Scaleway] Update Scaleway default API host
DNS
- [Google Cloud DNS] Document driver instantiation
Storage
- Update docstring for storage provider class
- [Azure Blob Storage] Allow filtering lists by prefix
- [Azure Blob Storage] Update driver documentation
- [Azure Blob Storage] Fix upload/download streams
- [Azure Blob Storage] Fix PageBlob headers
- [S3] Guess s3 upload content type
- [S3] Add Amazon S3 (cn-northwest-1) Storage Driver
Other
- Fixed spelling in 2.0 changes documentation
Changes in Apache Libcloud 2.3.0
- Drop support for Python 2.6 and Python 3.3
They're no longer supported, and the Python ecosystem is starting to
drop support: two of our test dependencies no longer support them.
- Made pytest-runner optional
Common
- Improve warning when CA_CERTS_PATH is incorrectly passed as a list
- Cleaned up and corrected third-party drivers documentation
- Modernized a few Python examples
- [OpenStack] Authentify with updated Identity API
Compute
- Fix "wait_until_running() method so it also works correctly and doesn't
append "None" to the addresses list if node has no IP address.
- [ARM] Fix checking for "location is None" in several functions
- [ARM] Fix error when using SSH key auth with Python 3
- [ARM] Fix API call on powerOff, understand PAUSED state
- [ARM] Delete VHDs more reliably in destroy_node(), raise exception on unhandled errors
- [ARM] Fix api version used to list and delete NICs
- [ARM] Allow faster list_nodes() with ex_fetch_power_state=False
- [ARM] Fix delete_old_vhd
- [ARM] Limit number of retries in destroy_node
- [ARM] Fix Retry-After header handling
- [CloudStack] Handle NICs without addresses
- [CloudStack] Add change size and restore
- [Digital Ocean] Add ex_enable_ipv6 in DigitalOcean_v2 driver
- [Digital Ocean] Add support for tags in list_nodes()
- [Digital Ocean] Add rebuild and resize commands
- [EC2] Add new x1.16xlarge and x1e.32xlarge instance type.
- [EC2] Add AWS EC2 c5 series
- [EC2] Add AWS EC2 M5 sizes
- [EC2] Update pricing information for EC2 instances.
- [EC2] Allow cn-north-1 even without pricing information
- [EC2] Fix EBS volume encryption
- [ECS Aliyun] Support modify_security_group_attributes
- [GCE] Allow adding labels to images
- [GCE] Allow adding license strings to images
- [GCE] Support GCE node labels.
- [GCE] Fix GCEList pagination.
- [GCE] Allow setting service account in instance templates
- [GCE] Add support for private IP addresses in GCE instance creation
- [GCE] Allow for use of shared network (VPC) and subnetwork
- [GCE] Add support for accelerators
- [ProfitBricks] Update driver and add support for the new API v4.
- [ProfitBricks] Fix list_snapshots() method
- [UpCloud] New driver for UpCloud
- [UpCloud] Use disk size and storage tier also when creating node from template
- [UpCloud] Allow to define hostname and username
- [UpCloud] Add pricing information to list_sizes
Storage
- Added Digital Ocean Spaces driver
- [Digital Ocean Spaces] Add support for AMS3 region
- [Digital Ocean Spaces] Add support for SGP1 region
- Fix a bug / regression which resulted in increased memory consumption when
using download_object method. This method would store whole object
content in memory even though there was no need for that.
This regression was introduced in 2.0.0 when we moved to using requests
library.
- Fix a regression with hash computation performance and memory usage on object
upload inadvertently introduced in 2.0.0 and make it more efficient.
Changes in version 0.3.5.8:
Tor 0.3.5.8 backports serveral fixes from later releases, including fixes
for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x
releases.
It also includes a fix for a medium-severity security bug affecting Tor
0.3.2.1-alpha and later. All Tor instances running an affected release
should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.
o Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can
put in the outbuf. Previously, KIST acted as though the outbuf
were empty, which could lead to the outbuf becoming too full. It
is possible that an attacker could exploit this bug to cause a Tor
client or relay to run out of memory and crash. Fixes bug 29168;
bugfix on 0.3.2.1-alpha. This issue is also being tracked as
TROVE-2019-001 and CVE-2019-8955.
o Major bugfixes (networking, backport from 0.4.0.2-alpha):
- Gracefully handle empty username/password fields in SOCKS5
username/password auth messsage and allow SOCKS5 handshake to
continue. Previously, we had rejected these handshakes, breaking
certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.
o Minor features (compilation, backport from 0.4.0.2-alpha):
- Compile correctly when OpenSSL is built with engine support
disabled, or with deprecated APIs disabled. Closes ticket 29026.
Patches from "Mangix".
o Minor features (geoip):
- Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
Country database. Closes ticket 29478.
o Minor features (testing, backport from 0.4.0.2-alpha):
- Treat all unexpected ERR and BUG messages as test failures. Closes
ticket 28668.
o Minor bugfixes (onion service v3, client, backport from 0.4.0.1-alpha):
- Stop logging a "BUG()" warning and stacktrace when we find a SOCKS
connection waiting for a descriptor that we actually have in the
cache. It turns out that this can actually happen, though it is
rare. Now, tor will recover and retry the descriptor. Fixes bug
28669; bugfix on 0.3.2.4-alpha.
o Minor bugfixes (IPv6, backport from 0.4.0.1-alpha):
- Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the
IPv6 socket was bound using an address family of AF_INET instead
of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from
Kris Katterjohn.
o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha):
- Update Cargo.lock file to match the version made by the latest
version of Rust, so that "make distcheck" will pass again. Fixes
bug 29244; bugfix on 0.3.3.4-alpha.
o Minor bugfixes (client, clock skew, backport from 0.4.0.1-alpha):
- Select guards even if the consensus has expired, as long as the
consensus is still reasonably live. Fixes bug 24661; bugfix
on 0.3.0.1-alpha.
o Minor bugfixes (compilation, backport from 0.4.0.1-alpha):
- Compile correctly on OpenBSD; previously, we were missing some
headers required in order to detect it properly. Fixes bug 28938;
bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (documentation, backport from 0.4.0.2-alpha):
- Describe the contents of the v3 onion service client authorization
files correctly: They hold public keys, not private keys. Fixes
bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".
o Minor bugfixes (logging, backport from 0.4.0.1-alpha):
- Rework rep_hist_log_link_protocol_counts() to iterate through all
link protocol versions when logging incoming/outgoing connection
counts. Tor no longer skips version 5, and we won't have to
remember to update this function when new link protocol version is
developed. Fixes bug 28920; bugfix on 0.2.6.10.
o Minor bugfixes (logging, backport from 0.4.0.2-alpha):
- Log more information at "warning" level when unable to read a
private key; log more information at "info" level when unable to
read a public key. We had warnings here before, but they were lost
during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (misc, backport from 0.4.0.2-alpha):
- The amount of total available physical memory is now determined
using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
when it is defined and a 64-bit variant is not available. Fixes
bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (onion services, backport from 0.4.0.2-alpha):
- Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
than one private key for a hidden service. Fixes bug 29040; bugfix
on 0.3.5.1-alpha.
- In hs_cache_store_as_client() log an HSDesc we failed to parse at
"debug" level. Tor used to log it as a warning, which caused very
long log lines to appear for some users. Fixes bug 29135; bugfix
on 0.3.2.1-alpha.
- Stop logging "Tried to establish rendezvous on non-OR circuit..."
as a warning. Instead, log it as a protocol warning, because there
is nothing that relay operators can do to fix it. Fixes bug 29029;
bugfix on 0.2.5.7-rc.
o Minor bugfixes (tests, directory clients, backport from 0.4.0.1-alpha):
- Mark outdated dirservers when Tor only has a reasonably live
consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.
o Minor bugfixes (tests, backport from 0.4.0.2-alpha):
- Detect and suppress "bug" warnings from the util/time test on
Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
- Do not log an error-level message if we fail to find an IPv6
network interface from the unit tests. Fixes bug 29160; bugfix
on 0.2.7.3-rc.
o Minor bugfixes (usability, backport from 0.4.0.1-alpha):
- Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate().
Some users took this phrasing to mean that the mentioned guard was
under their control or responsibility, which it is not. Fixes bug
28895; bugfix on Tor 0.3.0.1-alpha.
Update bind912 to 9.12.3pl4 (BIND 9.12.3-P4).
--- 9.12.3-P4 released ---
--- 9.12.3-P3 released (withdrawn) ---
5141. [security] Zone transfer controls for writable DLZ zones were
not effective as the allowzonexfr method was not being
called for such zones. (CVE-2019-6465) [GL #790]
--- 9.12.3-P2 released (withdrawn) ---
5118. [security] Named could crash if it is managing a key with
`managed-keys` and the authoritative zone is rolling
the key to an unsupported algorithm. (CVE-2018-5745)
[GL #780]
5110. [security] Named leaked memory if there were multiple Key Tag
EDNS options present. (CVE-2018-5744) [GL #772]
Update bind911 to 9.11.5pl4 (BIND 9.11.5-P4).
--- 9.11.5-P4 released ---
--- 9.11.5-P3 released (withdrawn) ---
5141. [security] Zone transfer controls for writable DLZ zones were
not effective as the allowzonexfr method was not being
called for such zones. (CVE-2019-6465) [GL #790]
--- 9.11.5-P2 released (withdrawn) ---
5118. [security] Named could crash if it is managing a key with
`managed-keys` and the authoritative zone is rolling
the key to an unsupported algorithm. (CVE-2018-5745)
[GL #780]
5110. [security] Named leaked memory if there were multiple Key Tag
EDNS options present. (CVE-2018-5744) [GL #772]
OpenVPN 2.4.7
- Fix subnet topology on NetBSD (2.4).
- add support for %lu in argv_printf and prevent ASSERT
- buffer_list: add functions documentation
- ifconfig-ipv6(-push): allow using hostnames
- Properly free tuntap struct on android when emulating persist-tun
- Add OpenSSL compat definition for RSA_meth_set_sign
- Add support for tls-ciphersuites for TLS 1.3
- Add better support for showing TLS 1.3 ciphersuites in --show-tls
- Use right function to set TLS1.3 restrictions in show-tls
- Add message explaining early TLS client hello failure
- Fallback to password authentication when auth-token fails
- systemd: extend CapabilityBoundingSet for auth_pam
- plugin: Export base64 encode and decode functions
- Add %d, %u and %lu tests to test_argv unit tests.
- Fix combination of --dev tap and --topology subnet across multiple platforms.
- Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
- preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)
- Minor reliability layer documentation fixes
- Resolves small IV_GUI_VER typo in the documentation.
- Clarify and expand management interface documentation
- Refactor NCP-negotiable options handling
- init.c: refine functions names and description
- interactive.c: fix usage of potentially uninitialized variable
- options.c: fix broken unary minus usage
- Remove extra token after #endif
- Fix error message when using RHEL init script
- man: correct a --redirection-gateway option flag
- Replace M_DEBUG with D_LOW as the former is too verbose
- Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
- Bump version of openvpn plugin argument structs to 5
- Move get system directory to a separate function
- Enable dhcp on tap adapter using interactive service
- Pass the hash without the DigestInfo header to NCryptSignHash()
- White-list pull-filter and script-security in interactive service
- Add Interactive Service developer documentation
- Detect TAP interfaces with root-enumerated hardware ID
- man: add security considerations to --compress section
- mbedtls: print warning if random personalisation fails
- Fix memory leak after sighup
- travis: add OpenSSL 1.1 Windows build
- Fix --disable-crypto build
- Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
- buffer_list_aggregate_separator(): simplify code
4.1.11
Since Spectre/Meltdown, system calls have become more expensive. This made exporting a very high number of protobuf messages costly, which is addressed in this release by reducing the number of sycalls per message.
Improvements
Add an option to export only responses over protobuf to the Lua protobufServer() directive.
Reduce systemcall usage in protobuf logging.
4.1.10
This release fixes a bug when trying to build PowerDNS Recursor with protobuf support disabled, thus this release is only relevant to people building PowerDNS Recursor from source and not if you’re installing it as a package from our repositories.
Bug Fixes
PowerDNS Recursor release 4.1.9 introduced a call to the Lua ipfilter() hook that required access to the DNS header, but the corresponding variable was only declared when protobuf support had been enabled.
4.1.9
This release fixes Security Advisory 2019-01 and Security Advisory 2019-02 that were recently discovered, affecting PowerDNS Recursor:
CVE-2019-3806, 2019-01: from 4.1.4 up to and including 4.1.8 ;
CVE-2019-3807, 2019-02: from 4.1.0 up to and including 4.1.8.
The issues are:
CVE-2019-3806, 2019-01: Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua ;
CVE-2019-3807, 2019-02: records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.
Improvements
Try another worker before failing if the first pipe was full
1.4.0:
- Build with Cython 0.29 in '3str' mode.
- Test with PyPy 6.0 on Windows.
- Add support for application-wide callbacks when Greenlet objects
are started.
- Fix consuming a single ready object using
next(gevent.iwait(objs)). Previously such a construction would
hang because iter was not called.
- Make gevent.iwait return an iterator that can now also be used as
a context manager. If you'll only be consuming part of the iterator,
use it in a with block to avoid leaking resources.
- Fix semaphores to immediately notify links if they are ready and
rawlink() is called. This behaves like Event and
AsyncEvent. Note that the order in which semaphore links are
called is not specified.
- Improve safety of handling exceptions during interpreter shutdown.
- Remove the deprecated ability to specify GEVENT_RESOLVER and
other importable settings as a path/to/a/package.module.item.
This had race conditions and didn't work with complicated resolver
implementations. Place the required package or module on sys.path
first.
- Reduce the chances that using the blocking monitor functionality
could result in apparently random SystemError:
Objects/tupleobject.c: bad argument to internal function.
- Refactored the gevent test runner and test suite to make them more
reusable. In particular, the tests are now run with python -m
gevent.tests.
- Make a monkey-patched socket.getaddrinfo return socket module
enums instead of plain integers for the socket type and address
family on Python 3.
- Make gevent's pywsgi server set the non-standard environment value
wsgi.input_terminated to True.
- Make gevent.util.assert_switches produce more informative messages
when the assertion fails.
- Python 2: If a gevent.socket was closed asynchronously (in a
different greenlet or a hub callback), AttributeError could result
if the socket was already in use. Now the correct socket.error
should be raised.
- Fix :meth:gevent.threadpool.ThreadPool.join raising a
UserWarning when using the libuv backend.
- Fix FileObjectPosix.seek raising OSError when it should have
been IOError on Python 2.
- Upgrade libuv from 1.23.2 to 1.24.0.
Change log:
* Translations update
* caja-share-bar: avoid deprecated 'g_type_class_add_private'
* drop obsolete configure option from distcheck
* Use make functions for HELP_LINGUAS
* adding help to transifex config
* disable deprecation warnings for distcheck
* file-share-properties.ui: avoid deprecated:
* update transifex config with branch specific resoures
Changes:
2.9.0
-----
Features
- Add support for hub ci-status --format <FORMAT> string
- Add hub create --remote-name <REMOTE> flag
- Allow passing in a raw request body via hub api --input <FILE>
- Cache HTTP 4xx (except 403) server responses in hub api --cache
Fixes
- Ensure consistent ordering of hub ci-status -v results
- Avoid crashing on invalid GitHub hostname
- Fix parsing empty string within command-line arguments
2.8.4
-----
- Add hub api -H flag to set HTTP request headers
- Add hub api -i flag to output HTTP response headers
- Change how hub api deals with HTTP errors:
- HTTP response is now printed on stdout regardless of HTTP status
- No longer print an extra newline after HTTP response body
- No more Error: HTTP {STATUS} message on stderr
- hub exits with status 22 instead of 1
- Fix hub execution under WSL (Windows Subsystem for Linux)
0MQ version 4.3.1 stable:
* CVE-2019-6250: A vulnerability has been found that would allow attackers to
direct a peer to jump to and execute from an address indicated by the
attacker.
This issue has been present since v4.2.0. Older releases are not affected.
NOTE: The attacker needs to know in advance valid addresses in the peer's
memory to jump to, so measures like ASLR are effective mitigations.
NOTE: this attack can only take place after authentication, so peers behind
CURVE/GSSAPI are not vulnerable to unauthenticated attackers.
See https://github.com/zeromq/libzmq/issues/3351 for more details.
Thanks to Guido Vranken for uncovering the issue and providing the fix!
* Note for packagers: as pkg-config's Requires.private is now used to properly
propagate dependencies for static builds, the libzmq*-dev or zeromq-devel or
equivalent package should now depend on the libfoo-dev or foo-devel packages
of all the libraries that zmq is linked against, or pkg-config --libs libzmq
will fail due to missing dependencies on end users machines.
0MQ version 4.3.0 stable:
* The following DRAFT APIs have been marked as STABLE and will not change
anymore:
- ZMQ_MSG_T_SIZE context option (see doc/zmq_ctx_get.txt)
- ZMQ_THREAD_AFFINITY_CPU_ADD and ZMQ_THREAD_AFFINITY_CPU_REMOVE (Posix only)
context options, to add/remove CPUs to the affinity set of the I/O threads.
See doc/zmq_ctx_set.txt and doc/zmq_ctx_get.txt for details.
- ZMQ_THREAD_NAME_PREFIX (Posix only) context option, to add a specific
integer prefix to the background threads names, to easily identify them.
See doc/zmq_ctx_set.txt and doc/zmq_ctx_get.txt for details.
- ZMQ_GSSAPI_PRINCIPAL_NAMETYPE and ZMQ_GSSAPI_SERVICE_PRINCIPAL_NAMETYPE
socket options, for the corresponding GSSAPI features. Additional
definitions for principal name types:
- ZMQ_GSSAPI_NT_HOSTBASED
- ZMQ_GSSAPI_NT_USER_NAME
- ZMQ_GSSAPI_NT_KRB5_PRINCIPAL
See doc/zmq_gssapi.txt for details.
- ZMQ_BINDTODEVICE socket option (Linux only), which will bind the
socket(s) to the specified interface. Allows to use Linux VRF, see:
https://www.kernel.org/doc/Documentation/networking/vrf.txt
NOTE: requires the program to be ran as root OR with CAP_NET_RAW
- zmq_timers_* APIs. These functions can be used for cross-platforms timed
callbacks. See doc/zmq_timers.txt for details.
- The following socket monitor events:
- ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL: unknown errors during handshake.
- ZMQ_EVENT_HANDSHAKE_SUCCEEDED: Handshake completed with authentication.
- ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL: Protocol errors with peers or ZAP.
- ZMQ_EVENT_HANDSHAKE_FAILED_AUTH: Failed authentication requests.
See doc/zmq_socket_monitor.txt for more details and error codes.
- zmq_stopwatch_intermediate which returns the time elapsed without stopping
the stopwatch.
- zmq_proxy_steerable command 'STATISTICS' to retrieve stats about the amount
of messages and bytes sent and received by the proxy.
See doc/zmq_proxy_steerable.txt for more information.
* The build-time configuration option to select the poller has been split, and
new API_POLLER (CMake) and --with-api-poller (autoconf) options will now
determine what system call is used to implement the zmq_poll/zmq_poller APIs.
The previous POLLER and --with-poller options now only affects the
internal I/O thread. In case API_POLLER is not specified, the behaviour keeps
backward compatibility intact and will be the same as with previous releases.
* The non-default "poll" poller for the internal I/O thread (note: NOT for the
zmq_poll/zmq_poller user APIs!) has been disabled on Windows as WSAPoll does
not report connection failures. For more information see:
- https://daniel.haxx.se/blog/2012/10/10/wsapoll-is-broken/
- https://curl.haxx.se/mail/lib-2012-10/0038.html
- https://bugs.python.org/issue16507
* New epoll implementation for Windows, using the following implementation:
https://github.com/piscisaureus/wepoll/tree/v1.5.4
To use this, select "epoll" as the poller option in the build system.
Note for distributors: the wepoll source code is embedded and distributed.
It is licensed under the BSD-2-Clause and thus it is compatible with LGPL-3.0.
Note that, if selected at build time, the license text must be distributed
with the binary in accordance to the license terms. A copy can be found at:
external/wepoll/license.txt
* The pre-made Visual Studio solutions file are deprecated, and users are
encouraged to use the CMake solution generation feature instead.
* New DRAFT (see NEWS for 4.2.0) socket options:
- ZMQ_ROUTER_NOTIFY to deliver a notification when a peer connects and/or
disconnects in the form of a routing id plus a zero-length frame.
- ZMQ_MULTICAST_LOOP to control whether the data sent should be looped back
on local listening sockets for UDP multicast sockets (ZMQ_RADIO).
See doc/zmq_setsockopt.txt and doc/zmq_getsockopt.txt for details.
* New perf tool, perf/benchmark_radix_tree, to measure the performance of the
different internal implementations of the trie algorithm used to track
subscriptions. Requires a compiler that supports C++11.
* New autoconf flag "--enable-force-CXX98-compat" which will force -std=gnu++98
and, if the compiler supports them (clang++ at the moment), it will also add
-Wc++98-compat -Wc++98-compat-pedantic so that compatibility with C++98 can
be tested.
* Many, many coding style, duplication and static analysis improvements.
* Many, many improvements to the CMake build system, especially on Windows.
* Many, many improvements to unit tests.
3.40.0 (2019-01-25)
- Official binaries are now linked against GnuTLS 3.6.6
3.40.0-rc2 (2019-01-22)
- Fix regression introduced in rc1 where adding files to queue creates extra server items if the connection was established through the Site Manager
3.40.0-rc1 (2019-01-18)
+ Added TLS 1.3 support by linking official binaries against GnuTLS 3.6.5
+ Refactored how sites and servers are being represented internally to fix issues trigged by renaming sites in the Site Manager
- Fix display of server names containing ampersands in several dialogs
- Fix regular expression filter in the quick search panel
- Fix a crash if files are added to the queue when there are already files for multiple different servers in the queue
- Fix a crash applying filters when there are no selected files and the focused item is past the new file count
- Fix a crash if emptying the queue while a directory creation item is active
- Fix a potential crash if FileZilla is being closed the moment a delayed dialog has already been created but before it is shown.
libnice 0.1.15 (2018-12-27)
===========================
Add support for Regular Nomination
Removal of the global lock over all agents
Add method to compare candidate targets
Added optional Meson build system, future releases will remove autotools
Renamed all members of PseudoTcpState enum (compile-time API change)
Now drops all packets from addresses that have not been validated by an ICE check
Multiple improvements to ICE interoperability
Improved RFC compliance
Improved OC2007 compatibility mode alternate-server support
0.5.2
* Fixed Google Drive login, broken by Google's new 2-page login sequence
* Added support for Google Drive two-factor authentication
* Fixed access to SharePoint root folder (tdf#101385)
* Limited the maximal number of redirections to 20 (rhbz#1410197)
* Switched library implementation to C++11 (the API remains
C++98-compatible)
* Fixed build with boost >= 1.68.0 (#19)
* Fixed encoding of OAuth2 credentials
* Dropped cppcheck run from "make check". A new "make cppcheck" target
was created for it
* Added proper API symbol exporting
* Speeded up building of tests a bit
* Fixed a few issues found by coverity and cppcheck
1.0.3
=====
- meson build fixes
- Fix running sniffer from meson build
- Fix issue on OS X when socket is destroyed after suspend
- Fix a memory leak in the device sniffer
- Fix a crash when sending a SSDP message after clearing the custom headers
- Use utsname.release for Server: header
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gssdp/issues/1
- https://bugzilla.gnome.org/show_bug.cgi?id=794340
4.3.0:
- Added Python 3.7 support.
- Avoid caching queues which are declared with a TTL.
Queues that are declared with a TTL are now also be excluded from the
in-memory cache in case they expire between publishes on the same channel.
- Added an index to the Message table for the SQLAlchemy transport.
The index allows to effectively sorting the table by the message's timestamp.
- Added a timeout that limits the amount of time we retry
to reconnect to a transport.
- :class:celery.asynchronous.hub.Hub is now reentrant.
This allows calling :func:celery.bin.celery.main to revive a worker in
the same process after rescuing from shutdown (:class:SystemExit).
- Queues now accept string exchange names as arguments as documented.
Tests were added to avoid further regressions.
- Specifying names for broadcast queues now work as expected.
Previously, named broadcast queues did not create multiple queues per worker.
They incorrectly declared the named queue which resulted in one queue per
fanout exchange, thus missing the entire point of a fanout exchange.
The behavior is now matched to unnamed broadcast queues.
- When initializing the Redis transport in conjunction with gevent
restore all unacknowledged messages to queue.
- Allow :class:kombu.simple.SimpleQueue to pass queue_arguments to Queue object.
This allows :class:kombu.simple.SimpleQueue to connect to RabbitMQ queues with
custom arguments like 'x-queue-mode'='lazy'.
- Add support for 'rediss' scheme for secure Redis connections.
The rediss scheme defaults to the least secure form, as
there is no suitable default location for ca_certs. The recommendation
would still be to follow the documentation and specify broker_use_ssl if
coming from celery.
- Added the Azure Storage Queues transport.
The transport is implemented on top of Azure Storage
Queues. This offers a simple but scalable and low-cost PaaS
transport for Celery users in Azure. The transport is intended to be
used in conjunction with the Azure Block Blob Storage backend.
- Added the Azure Service Bus transport.
The transport is implemented on top of Azure Service Bus and
offers PaaS support for more demanding Celery workloads in Azure.
The transport is intended to be used in conjunction with the Azure
CosmosDB backend.
- Drop remaining mentions of Jython support completely.
- When publishing messages to the Pidbox, retry if an error occurs.
- Fix infinite loop in :method:kombu.asynchronous.hub.Hub.create_loop.
- Worker shutdown no longer duplicates messages when using the SQS broker.
- When using the SQS broker, prefer boto's default region before our hardcoded default.
- Fixed closing of shared redis sockets which previously caused Celery to hang.
- the Pyro_ transport (:mod:kombu.transport.pyro) now works with
recent Pyro versions. Also added a Pyro Kombu Broker that this transport
needs for its queues.
- Handle non-base64-encoded SQS messages.
- Move the handling of Sentinel failures to the redis library itself.
Previously, Redis Sentinel worked only if the first node's sentinel
service in the URI was up. A server outage would have caused downtime.
- When using Celery and the pickle serializer with binary data as part of the
payload, UnicodeDecodeError would be raised as the content was not utf-8.
We now replace on errors.
- Allow setting :method:boto3.sqs.create_queue Attributes via transport_options.
- Fixed infinite loop when entity.channel is replaced by revive() on connection
drop.
- Added optional support for Brotli compression.
- When using the SQS broker, FIFO queues with names that ended with the 'f' letter
were incorrectly parsed. This is now fixed.
- Added optional support for LZMA compression.
- Added optional support for ZStandard compression.
- Require py-amqp 2.4.0 as the minimum version.
- The value of DISABLE_TRACEBACKS environment variable is now respected on debug, info
and warning logger level.
2.4.1:
- To avoid breaking the API basic_consume() now returns the consumer tag
instead of a tuple when nowait is True.
- Fix crash in basic_publish when broker does not support connection.blocked
capability.
- read_frame() is now Python 3 compatible for large payloads.
- Support float read_timeout/write_timeout.
- Always treat SSLError timeouts as socket timeouts.
- Treat EWOULDBLOCK as timeout.
This fixes a regression on Windows from 2.4.0.
Upstream changes:
mikutter 3.8.5
* update URLs of mikutter Web
* [photo-support] reddit
* thanks cob odo
* possible crash on receiving notifications
* thanks ncaq net
* happy new year
* use oEmbed API to get Gyazo images
* thanks Shibuya Rin
1.16.102
api-change:appstream: Update appstream command to latest version
api-change:mediapackage: Update mediapackage command to latest version
api-change:codebuild: Update codebuild command to latest version
1.16.101
api-change:ecs: Update ecs command to latest version
api-change:discovery: Update discovery command to latest version
api-change:dlm: Update dlm command to latest version
1.16.100
api-change:gamelift: Update gamelift command to latest version
api-change🇪🇸 Update es command to latest version
api-change:robomaker: Update robomaker command to latest version
api-change:medialive: Update medialive command to latest version
1.16.99
api-change:fsx: Update fsx command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.98
api-change🛡️ Update shield command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version
1.16.97
api-change:codecommit: Update codecommit command to latest version
api-change:workspaces: Update workspaces command to latest version
api-change:ecs: Update ecs command to latest version
api-change:application-autoscaling: Update application-autoscaling command to latest version
1.16.96
api-change:devicefarm: Update devicefarm command to latest version
api-change:mediaconnect: Update mediaconnect command to latest version
api-change:codecommit: Update codecommit command to latest version
api-change:medialive: Update medialive command to latest version
1.16.95
api-change:logs: Update logs command to latest version
api-change:ecr: Update ecr command to latest version
api-change:sms-voice: Update sms-voice command to latest version
api-change:elbv2: Update elbv2 command to latest version
api-change:rds: Update rds command to latest version
api-change:codebuild: Update codebuild command to latest version
1.16.94
api-change:acm-pca: Update acm-pca command to latest version
api-change:apigatewaymanagementapi: Update apigatewaymanagementapi command to latest version
api-change:worklink: Update worklink command to latest version
1.16.93
api-change:ssm: Update ssm command to latest version
api-change:dms: Update dms command to latest version
api-change:fms: Update fms command to latest version
api-change:discovery: Update discovery command to latest version
api-change:appstream: Update appstream command to latest version
1.16.92
api-change:glue: Update glue command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.91
api-change:rekognition: Update rekognition command to latest version
api-change:lightsail: Update lightsail command to latest version
api-change:lambda: Update lambda command to latest version
api-change:pinpoint: Update pinpoint command to latest version
1.16.90
api-change:dynamodb: Update dynamodb command to latest version
api-change:backup: Update backup command to latest version
api-change:ce: Update ce command to latest version
1.9.92
api-change:appstream: [botocore] Update appstream client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:mediapackage: [botocore] Update mediapackage client to latest version
1.9.91
api-change:discovery: [botocore] Update discovery client to latest version
api-change:ecs: [botocore] Update ecs client to latest version
api-change:dlm: [botocore] Update dlm client to latest version
1.9.90
api-change🇪🇸 [botocore] Update es client to latest version
api-change:medialive: [botocore] Update medialive client to latest version
api-change:gamelift: [botocore] Update gamelift client to latest version
api-change:robomaker: [botocore] Update robomaker client to latest version
1.9.89
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:fsx: [botocore] Update fsx client to latest version
1.9.88
api-change🛡️ [botocore] Update shield client to latest version
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.87
api-change:ecs: [botocore] Update ecs client to latest version
api-change:application-autoscaling: [botocore] Update application-autoscaling client to latest version
api-change:workspaces: [botocore] Update workspaces client to latest version
api-change:codecommit: [botocore] Update codecommit client to latest version
1.9.86
api-change:devicefarm: [botocore] Update devicefarm client to latest version
api-change:codecommit: [botocore] Update codecommit client to latest version
api-change:medialive: [botocore] Update medialive client to latest version
api-change:mediaconnect: [botocore] Update mediaconnect client to latest version
1.9.85
api-change:logs: [botocore] Update logs client to latest version
api-change:elbv2: [botocore] Update elbv2 client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:sms-voice: [botocore] Update sms-voice client to latest version
api-change:ecr: [botocore] Update ecr client to latest version
1.9.84
api-change:worklink: [botocore] Update worklink client to latest version
api-change:apigatewaymanagementapi: [botocore] Update apigatewaymanagementapi client to latest version
api-change:acm-pca: [botocore] Update acm-pca client to latest version
1.9.83
api-change:appstream: [botocore] Update appstream client to latest version
api-change:discovery: [botocore] Update discovery client to latest version
api-change:dms: [botocore] Update dms client to latest version
api-change:fms: [botocore] Update fms client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
1.9.82
api-change:glue: [botocore] Update glue client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.81
api-change:lightsail: [botocore] Update lightsail client to latest version
api-change:lambda: [botocore] Update lambda client to latest version
api-change:pinpoint: [botocore] Update pinpoint client to latest version
api-change:rekognition: [botocore] Update rekognition client to latest version
1.9.80
api-change:dynamodb: [botocore] Update dynamodb client to latest version
api-change:ce: [botocore] Update ce client to latest version
api-change:backup: [botocore] Update backup client to latest version
https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4225
* Sometimes qname-minimisation needs to be (temporarily) reverted.
* DNS-over-TLS would interact with qname-minimisation and would erroneously
echo back the query buffer instead of the answer.
Bump PKGREVISION.
1.12.92
api-change:appstream: Update appstream client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:mediapackage: Update mediapackage client to latest version
1.12.91
api-change:discovery: Update discovery client to latest version
api-change:ecs: Update ecs client to latest version
api-change:dlm: Update dlm client to latest version
1.12.90
api-change🇪🇸 Update es client to latest version
api-change:medialive: Update medialive client to latest version
api-change:gamelift: Update gamelift client to latest version
api-change:robomaker: Update robomaker client to latest version
1.12.89
api-change:ec2: Update ec2 client to latest version
api-change:fsx: Update fsx client to latest version
1.12.88
api-change🛡️ Update shield client to latest version
api-change:servicecatalog: Update servicecatalog client to latest version
api-change:ec2: Update ec2 client to latest version
1.12.87
api-change:ecs: Update ecs client to latest version
api-change:application-autoscaling: Update application-autoscaling client to latest version
api-change:workspaces: Update workspaces client to latest version
api-change:codecommit: Update codecommit client to latest version
1.12.86
api-change:devicefarm: Update devicefarm client to latest version
api-change:codecommit: Update codecommit client to latest version
api-change:medialive: Update medialive client to latest version
api-change:mediaconnect: Update mediaconnect client to latest version
1.12.85
api-change:logs: Update logs client to latest version
api-change:elbv2: Update elbv2 client to latest version
api-change:rds: Update rds client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:sms-voice: Update sms-voice client to latest version
api-change:ecr: Update ecr client to latest version
1.12.84
api-change:worklink: Update worklink client to latest version
api-change:apigatewaymanagementapi: Update apigatewaymanagementapi client to latest version
api-change:acm-pca: Update acm-pca client to latest version
1.12.83
api-change:appstream: Update appstream client to latest version
api-change:discovery: Update discovery client to latest version
api-change:dms: Update dms client to latest version
api-change:fms: Update fms client to latest version
api-change:ssm: Update ssm client to latest version
1.12.82
api-change:glue: Update glue client to latest version
api-change:ec2: Update ec2 client to latest version
1.12.81
api-change:lightsail: Update lightsail client to latest version
api-change:lambda: Update lambda client to latest version
api-change:pinpoint: Update pinpoint client to latest version
api-change:rekognition: Update rekognition client to latest version
1.12.80
api-change:dynamodb: Update dynamodb client to latest version
api-change:ce: Update ce client to latest version
api-change:backup: Update backup client to latest version
Upstream changelog:
* Changes in Wget 1.20.1
** --xattr is no longer default since it introduces privacy issues.
** --xattr saves the Referer as scheme/host/port, user/pw/path/query/fragment
are no longer saved to prevent privacy issues.
** --xattr saves the Original URL without user/password to prevent
privacy issues.
* Changes in Wget 1.20
** Add new option `--retry-on-host-error` to treat local errors as
transient and hence Wget will retry to download the file after
a brief waiting period.
** Fixed multiple potential resource leaks as found by static analysis
** Wget will now not create an empty wget-log file when running with
-q and -b switches together
** When compiled using the GnuTLS >= 3.6.3, Wget now has support for TLSv1.3
** Now there is support for using libpcre2 for regex pattern matching
** When downloading over FTP recursively, one can now use the
--{accept,reject}-regex switches to fine-tune the downloaded files
** Building Wget from the git sources now requires autoconf 2.63 or above.
Building from the Tarballs works as it used to.
Changes:
version 2019.02.08
Core
* [utils] Improve JSON-LD regular expression (#18058)
* [YoutubeDL] Fallback to ie_key of matching extractor while making
download archive id when no explicit ie_key is provided (#19022)
Extractors
+ [malltv] Add support for mall.tv (#18058, #17856)
+ [spankbang:playlist] Add support for playlists (#19145)
* [spankbang] Extend URL regular expression
* [trutv] Fix extraction (#17336)
* [toutv] Fix authentication (#16398, #18700)
* [pornhub] Fix tags and categories extraction (#13720, #19135)
* [pornhd] Fix formats extraction
+ [pornhd] Extract like count (#19123, #19125)
* [radiocanada] Switch to the new media requests (#19115)
+ [teachable] Add support for courses.workitdaily.com (#18871)
- [vporn] Remove extractor (#16276)
+ [soundcloud:pagedplaylist] Add ie and title to entries (#19022, #19086)
+ [drtuber] Extract duration (#19078)
* [soundcloud] Fix paged playlists extraction, add support for albums and update client id
* [soundcloud] Update client id
* [drtv] Improve preference (#19079)
+ [openload] Add support for openload.pw and oload.pw (#18930)
+ [openload] Add support for oload.info (#19073)
* [crackle] Authorize media detail request (#16931)
version 2019.01.30.1
Core
* [postprocessor/ffmpeg] Fix avconv processing broken in #19025 (#19067)
version 2019.01.30
Core
* [postprocessor/ffmpeg] Do not copy Apple TV chapter tracks while embedding
subtitles (#19024, #19042)
* [postprocessor/ffmpeg] Disable "Last message repeated" messages (#19025)
Extractors
* [yourporn] Fix extraction and extract duration (#18815, #18852, #19061)
* [drtv] Improve extraction (#19039)
+ Add support for EncryptedUri videos
+ Extract more metadata
* Fix subtitles extraction
+ [fox] Add support for locked videos using cookies (#19060)
* [fox] Fix extraction for free videos (#19060)
+ [zattoo] Add support for tv.salt.ch (#19059)
* IPv4LL: Fixed build with this disabled
* IPv4LL: Remember last address between carrier resets
* BSD: Fixed initial link infos reported as LINK_STATE_UNKNOWN
* FreeBSD: Avoid panicing kernel for IPv6 prefix routes
3.7.0:
- Fixes for cursoring API endpoints
- Improve html_for_tweet() parsing
- Documentation cleanup
- Documentation for cursor's return_pages keyword argument
- Update links to Twitter API in documentation
- Added create_metadata endpoint
- Raise error for when cursor is not provided a callable
3.6.0:
- Improve replacing of entities with links in html_for_tweet()
- Update classifiers for PyPI
3.5.0:
- Added support for "symbols" in Twython.html_for_tweet()
- Added support for extended tweets in Twython.html_for_tweet()
- You can now check progress of video uploads to Twitter when using Twython.upload_video()
Changes:
1.7.0
-----
- Added support for:
- `photobucket` (#117)
- `hentaifox` (#160)
- `tsumino` (#161)
- Added the ability to dynamically generate extractors based on a user's
config file for
- `mastodon` instances (#144)
- `foolslide` based sites
- `foolfuuka` based archives
- Added an extractor for `behance` collections (#157)
- Added login support for `luscious` (#159) and `tsumino` (#161)
- Added an option to stop downloading if the `exhentai` image limit is
exceeded (#141)
- Fixed extraction issues for `behance` and `mangapark`
Upstream changes:
This release contains the DNS Flag Day changes for Unbound. See the
reference here, https://dnsflagday.net/ . Or this presentation:
https://indico.dns-oarc.net/event/29/contributions/662/attachments/634/1063/EDNS_Flag_Day_-_OARC29.pdf
. The EDNS timeouts are not used to fallback to nonEDNS queries.
Features
- log-tag-queryreply: yes in unbound.conf tags the log-queries and
log-replies in the log file for easier log filter maintenance.
- ip-ratelimit-factor of 1 allows all traffic through, instead of the
previous blocking everything.
- Fix#4206: support openssl 1.0.2 for TLS hostname verification,
alongside the 1.1.0 and later support that is already there.
- Add contrib/unbound-fuzzme.patch from Jacob Hoffman-Andrews,
the patch adds a program used for fuzzing.
- streamtcp option -a send queries consecutively and prints answers
as they arrive.
- out-of-order processing for TCP and TLS.
- Add stream-wait-size: 4m config option to limit the maximum
memory used by waiting tcp and tls stream replies. This avoids
a denial of service where these replies use up all of the memory.
- unbound-control stats has mem.streamwait that counts TCP and TLS
waiting result buffers.
- Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites
options for unbound.conf.
- Patch for TLS session resumption from Manabu Sonoda,
enable with tls-session-ticket-keys in unbound.conf.
- ub_ctx_set_tls call for libunbound that enables DoT for the machines
set with ub_ctx_set_fwd. Patch from Florian Obser.
Bug Fixes
- Fix that unbound-checkconf does not complains if the config file
is not placed inside the chroot.
- Refuse to start with no ports.
- Remove clang analysis warnings.
- Patch for typo in unbound.conf man page.
- Fix icon, no ragged edges and nicer resolutions available, for eg.
Win 7 and Windows 10 display.
- cache-max-ttl also defines upperbound of initial TTL in response.
- Fix config parser memory leaks.
- Fix for FreeBSD port make with dnscrypt and dnstap enabled.
- Fixup openssl 1.0.2 compile
- Fix for crash in dns64 module if response is null.
- On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN,
and server tcp fastopen is enabled at compile time.
- Document interaction between the tls-upstream option in the server
section and forward-tls-upstream option in the forward-zone sections.
- Fix syntax in comment of local alias processing.
- Fix NSEC3 record that is returned in wildcard replies from
auth-zone zones with NSEC3 and wildcards.
- Log query name for looping module errors.
- For caps-for-id fallback, use the whitelist to avoid timeout
starting a fallback sequence for it.
- increase mesh max activation count for capsforid long fetches.
- Fix for #4219: secondaries not updated after serial change, unbound
falls back to AXFR after IXFR gives several timeout failures.
- Fix that auth zone after IXFR fallback tries the same master.
- Fix for IXFR fallback to reset counter when IXFR does not timeout.
- Newer aclocal and libtoolize used for generating configure scripts,
aclocal 1.16.1 and libtoolize 2.4.6.
- Fix unit test for python 3.7 new keyword 'async'.
- clang analysis fixes, assert arc4random buffer in init,
no check for already checked delegation pointer in iterator,
in testcode check for NULL packet matches, in perf do not copy
from NULL start list when growing capacity. Adjust host and file
only when present in test header read to please checker. In
testcode for unknown macro operand give zero result. Initialise the
passed argv array in test code. In test code add EDNS data
segment copy only when nonempty.
- Patch from Florian Obser fixes some compiler warnings:
include mini_event.h to have a prototype for mini_ev_cmp
include edns.h to have a prototype for apply_edns_options
sldns_wire2str_edns_keepalive_print is only called in the wire2str,
module declare it static to get rid of compiler warning:
no previous prototype for function
infra_find_ip_ratedata() is only called in the infra module,
declare it static to get rid of compiler warning:
no previous prototype for function
do not shadow local variable buf in authzone
auth_chunks_delete and az_nsec3_findnode are only called in the
authzone module, declare them static to get rid of compiler warning:
no previous prototype for function...
copy_rrset() is only called in the respip module, declare it
static to get rid of compiler warning:
no previous prototype for function 'copy_rrset'
no need for another variable "r"; gets rid of compiler warning:
declaration shadows a local variable in libunbound.c
no need for another variable "ns"; gets rid of compiler warning:
declaration shadows a local variable in iterator.c
- Moved includes and make depend.
- updated contrib/fastrpz.patch to cleanly diff.
- remove compile warnings from libnettle compile.
- output of newer lex 2.6.1 and bison 3.0.5.
- Set build system for added call in the libunbound API.
- List example config for root zone copy locally hosted with auth-zone
as suggested from draft-ietf-dnsop-7706-bis-02. But with updated
B root address.
- Fixed spelling of tls-ciphers option in example.conf.
- Added support for parsing natively lines with ':' (colons) within
environment variables for tcprules.
- Fixed bug in tcprules abending with certain with IPv4/CIDR addresses.
- New installation PREFIX is now 'net' (and not 'host').
