Version 3.1.4.0
Install and use afunix_compat.h header. #556
Supporting SO_SNDTIMEO and SO_RCVTIMEO. #555
Emulating socketPair on Windows. #554
Version 3.1.3.0
Supporting AF_UNIX on Windows #553
Version 3.1.2.9
Resolving the runtime linker problem on Windows. #552
Version 3.1.2.8
Ignoring error from shutdown in gracefulClose
Fix bitsize of some msghdr and cmsghdr fields on Linux #535
Add SO_ACCEPTCONN SocketOption #524
v4.6.0
- FEATURE: Add (experimental) I2P support (glassez)
- FEATURE: Provide UI editor for the default theme (glassez)
- FEATURE: Various UI theming improvements (glassez)
- FEATURE: Implement torrent tags editing dialog (glassez)
- FEATURE: Revamp "Watched folder options" and "Automated RSS downloader" dialog (glassez)
- FEATURE: Allow to use another icons in dark mode (glassez)
- FEATURE: Allow to add new torrents to queue top (glassez)
- FEATURE: Allow to filter torrent list by save path (Tom)
- FEATURE: Expose 'socket send/receive buffer size' options (Chocobo1)
- FEATURE: Expose 'max torrent file size' setting (Chocobo1)
- FEATURE: Expose 'bdecode limits' settings (Chocobo1)
- FEATURE: Add options to adjust behavior of merging trackers to existing torrent (glassez)
- FEATURE: Add option to stop seeding when torrent has been inactive (Christopher)
- FEATURE: Allow to use proxy per subsystem (glassez)
- FEATURE: Expand the scope of "Proxy hostname lookup" option (glassez)
- FEATURE: Add shortcut for "Ban peer permanently" function (Luka Čelebić)
- FEATURE: Add option to auto hide zero status filters (glassez)
- FEATURE: Allow to disable confirmation of Pause/Resume All (glassez)
- FEATURE: Add alternative shortcut CTRL+E for CTRL+F (Luka Čelebić)
- FEATURE: Show filtered port numbers in logs (Hanabishi)
- FEATURE: Add button to copy library versions to clipboard (Chocobo1)
- BUGFIX: Ensure ongoing storage moving job will be completed when shutting down (Chocobo1)
- BUGFIX: Refactored many areas to call non UI blocking code (glassez)
- BUGFIX: Various improvements to the SQLite backend (glassez)
- BUGFIX: Improve startup window state handling (glassez)
- BUGFIX: Use tray icon from system theme only if option is set (glassez)
- BUGFIX: Inhibit system sleep while torrents are moving (Sentox6)
- BUGFIX: Use hostname instead of domain name in tracker filter list (tearfur)
- BUGFIX: Visually validate input path in torrent creator dialog (Chocobo1)
- BUGFIX: Disable symlink resolving in Torrent creator (Ignat Loskutov)
- BUGFIX: Change default value for `file pool size` and `stop tracker timeout` settings (stalkerok)
- BUGFIX: Log when duplicate torrents are being added (glassez)
- BUGFIX: Inhibit suspend instead of screen idle (axet)
- BUGFIX: Ensure file name is valid when exporting torrents (glassez)
- BUGFIX: Open "Save path" if torrent has no metadata (Xu Chao)
- BUGFIX: Prevent torrent starting unexpectedly edge case with magnet (Xu Chao)
- BUGFIX: Better ergonomics of the "Add new torrent" dialog (Xu Chao, glassez)
- WEBUI: Add log viewer (brvphoenix)
- WEBUI: WebAPI: Allow to specify session cookie name (glassez)
- WEBUI: Improve sync API performance (glassez)
- WEBUI: Add filelog settings (brvphoenix)
- WEBUI: Add multi-file renaming (loligans)
- WEBUI: Add "Add to top of queue" option (thalieht)
- WEBUI: Implement subcategories (Bartu Özen)
- WEBUI: Set "SameSite=None" if CSRF Protection is disabled (七海千秋)
- WEBUI: Show only hosts in tracker filter list (ttys3)
- WEBUI: Set Connection status and Speed limits tooltips (Raymond Ha)
- WEBUI: set Cross Origin Opener Policy to `same-origin` (Chocobo1)
- WEBUI: Fix response for HTTP HEAD method (Chocobo1)
- WEBUI: Preserve the network interfaces when connection is down (Fabricio Silva)
- WEBUI: Add "Add Tags" field for RSS rules (Matic Babnik)
- WEBUI: Fix missing error icon (Trim21)
- RSS: Add "Rename rule" button to RSS Downloader (BallsOfSpaghetti)
- RSS: Allow to edit RSS feed URL (glassez)
- RSS: Allow to assign priority to RSS download rule (glassez)
- SEARCH: Use python isolate mode (Chocobo1)
- SEARCH: Bump python version minimum requirement to 3.7.0 (Chocobo1)
- OTHER: Enable DBUS cmake option on FreeBSD (yuri@FreeBSD)
- OTHER: Numerous code improvements and refactorings (glassez, Chocobo1)
RabbitMQ 3.12.7
Core Server
Bug Fixes
Stream replication connections configured to use exclusively TLSv1.3 failed.
On startup, stream replicas will handle one more potential case of segment file corruption
after an unclean shutdown.
default_policies.*.queue_pattern definition in rabbitmq.conf was incorrectly parsed.
Avoid log noise when inter-node connections frequently fail and recover.
Enhancements
Optimized stream index scans. Longer scans could result in some replicas stopping
with a timeout.
Classic queue storage version is now a supported key for operator policies.
Queue length limit overflow behavior now can be configured via operator policies.
CLI Tools
Bug Fixes
rabbitmq-streams list_stream_consumer_groups incorrectly validated the set of columns it accepts.
Enhancements
Several list_stream_* commands (available via both rabbitmq-diagnostics and rabbitmq-streams) commands now can
display replica node in addition to other fields.
rabbitmqctl add_user now can accept a pre-generated salted password instead
of a plain text password, both as a positional argument and via standard input:
# This is just an example, DO NOT use this value in production!
# The 2nd argument is a Base64-encoded pre-hashed and salted value of "guest4"
rabbitmqctl -- add_user "guest4" "BMT6cj/MsI+4UOBtsPPQWpQfk7ViRLj4VqpMTxu54FU3qa1G" --pre-hashed-password
# try authenticating with a pair of credentials
rabbitmqctl authenticate_user "guest4" "guest4"
Management Plugin
Bug Fixes
Message consumption with the "Nack message, requeue: true" option did not actually requeue deliveries.
Enhancements
HTTP API request body size is now limited to 10 MiB by default.
Two endpoints, one that accepts messages for publishing (note: publishing over the HTTP API is greatly discouraged)
and another for definition import,
will now reject larger transfers with a 400 Bad Request response.
DELETE /api/queues/{vhost}/{name} now can delete exclusive queues.
Key supported by operator policies are now grouped by queue type in the UI.
MQTT Plugin
Enhancements
Improved data safety for confirms in environments where the plugin uses classic queues.
Web MQTT Plugin
Bug Fixes
Avoid an exception when a not fully established MQTT-over-WebSockets connection terminated.
JMS Topic Exchange Plugin
Bug Fixes
Recovery of bindings of durable queues bound to a transient JMS topic exchange failed.
Sharding Plugin
Bug Fixes
Recovery of bindings of durable queues bound to a transient x-modulo-hash exchange failed.
Recent History Exchange Plugin
Bug Fixes
Recovery of bindings of durable queues bound to a transient recent history exchange failed.
Dependency Upgrades
osiris has been upgraded to 1.6.9
Instead of depending on one of the removed packages (that are now included
in the base Python packages), include batteries-included.mk to require
a Python version that supplies them.
Remove now included packages.
Bump PKGREVISION.
gdbm will not be a default dependency of the batteries-included Python
packages. Until srcdist.mk gets support for 3.12, there is no py-gdbm
package for Python 3.12.
3.1.1:
Add PEP-561 with py.typed by @JCHacking in #109
Fix timeout by @saghul in #110
3.1.0:
Remove loop= param from asyncio.sleep() to fix tests on Python 3.10 by @mgorny in #96
Fix return type for resolver nameservers by @xtrochu in #102
Update supported Python versions by @saghul in #108
pkgsrc changes:
- Inject CFLAGS and LDFLAGS
Changes:
1.07
----
- Various fixes
- Makefile improvements for easier target and user build flags handling
- the tls code has (hopefuly) been improved a bit
- added support for "TOFU" TLS certificates, alongside the ability to
provide self-signed remote certificates
This is only needed for GOPATH-style builds of Go software,
which is going away. The only reverse dependencies of this are in wip
and probably crufty, otherwise they would use the newer go-module.mk.
pkgsrc changes:
- update DESCR (forgot to commit in previous)
Upstream changes:
* 3.7.2 (2023/10/19)
- fix a problem that transparent webp images are not drawn
- add --show-cw and --shownsfw options
- support NSFW images
- format messages a bit
- show external instance names
- implement reconnection on network errors
Version 1.20.1 (8 Oct 2023)
GitHub (8 Oct 2023)
- [Daniel Stenberg brought this change]
ares-test: silence warning (#564)
warning: comparison of integer expressions of different signedness
Fix By: Daniel Stenberg (@bagder)
Brad House (8 Oct 2023)
- fix README.md
GitHub (8 Oct 2023)
- [Brad House brought this change]
1.20.1 release (#563)
- [Brad House brought this change]
fix reference to freed memory (#562)
Issue #561 shows free'd memory could be accessed in some error conditions.
Fixes Issue #561
Fix By: Brad House (@bradh352)
Brad House (8 Oct 2023)
- reported build/test systems may timeout on intensive tests. reduce test case to still be relevant but to reduce false positive errors
GitHub (8 Oct 2023)
- [Gregor Jasny brought this change]
Regression: Fix typo in fuzzcheck target name (#559)
This seems to be a vim'esque typo introduced with c1b00c41.
Fix By: Gregor Jasny (@gjasny)
Version 1.20.0 (6 Oct 2023)
Brad House (6 Oct 2023)
- fix slist search off by 1
GitHub (6 Oct 2023)
- [Brad House brought this change]
1.20.0 release prep (#557)
- [Brad House brought this change]
ares__buf should return standard error codes. more helpers implemented. (#558)
The purpose of this PR is to hopefully make the private API of this set of routines less likely to need to be changed in a future release. While this is not a public API, it could become harder in the future to change usage as it becomes more widely used within c-ares.
Fix By: Brad House (@bradh352)
- [Brad House brought this change]
Update from 1989 MIT license text to modern MIT license text (#556)
ares (and thus c-ares) was originally licensed under the 1989 MIT license text:
https://fedoraproject.org/wiki/Licensing:MIT#Old_Style_(no_advertising_without_permission)
This change updates the license to the modern MIT license as recognized here:
https://opensource.org/license/mit/
care has been taken to ensure correct attributions remain for the authors contained within the copyright headers, and all authors with attributions in the headers have been contacted for approval regarding the change. Any authors which were not able to be contacted, the original copyright maintains, luckily that exists in only a single file `ares_parse_caa_reply.c` at this time.
Please see PR #556 for the documented approvals by each contributor.
Fix By: Brad House (@bradh352)
- [Brad House brought this change]
Test Harness: use ares_timeout() to calculate the value to pass to select() these days. (#555)
The test framework was using 100ms timeout passed to select(), and not using ares_timeout() to calculate the actual recommended value based on the queries in queue. Using ares_timeout() tests the functionality of ares_timeout() itself and will provide more responsive results.
Fix By: Brad House (@bradh352)
- [Brad House brought this change]
Fix for TCP back to back queries (#552)
As per #266, TCP queries are basically broken. If we get a partial reply, things just don't work, but unlike UDP, TCP may get fragmented and we need to properly handle that.
I've started creating a basic parser/buffer framework for c-ares for memory safety reasons, but it also helps for things like this where we shouldn't be manually tracking positions and fetching only a couple of bytes at a time from a socket. This parser/buffer will be expanded and used more in the future.
This also resolves#206 by allowing NULL to be specified for some socket callbacks so they will auto-route to the built-in c-ares functions.
Fixes: #206, #266
Fix By: Brad House (@bradh352)
- [Brad House brought this change]
remove acountry from built tools as nerd.dk is gone (#554)
The acountry utility required a third party DNSBL service from nerd.dk in order to operate. That service has been offline for about a year and there is no other comparable service offering. We are keeping the code in the repository as an example, but no longer building it.
Fixes: #537
Fix By: Brad House (@bradh352)
- [Brad House brought this change]
Don't requeue any queries for getaddrinfo() during destruction. (#553)
During ares_destroy(), any outstanding queries are terminated, however ares_getaddrinfo() had an ordering issue with status codes which in some circumstances could lead to a new query being enqueued rather than honoring the termination.
Fixes#532
Fix By: @Chilledheart and Brad House (@bradh352)
- [Brad House brought this change]
ares_getaddrinfo(): Fail faster on AF_UNSPEC if we've already received one address class (#551)
As per #541, when using AF_UNSPEC with ares_getaddrinfo() (and in turn with ares_gethostbynam()) if we receive a successful response for one address class, we should not allow the other address class to continue on with retries, just return the address class we have.
This will limit the overall query time to whatever timeout remains for the pending query for the other address class, it will not, however, terminate the other query as it may still prove to be successful (possibly coming in less than a millisecond later) and we'd want that result still. It just turns off additional error processing to get the result back quicker.
Fixes Bug: #541
Fix By: Brad House (@bradh352)
- [Sam Morris brought this change]
Avoid producing an ill-formed result when qualifying a name with the root domain (#546)
This prevents the result of qualifying "name" with "." being "name.." which is ill-formed.
Fixes Bug: #545
Fix By: Sam Morris (@yrro)
- [Brad House brought this change]
Configuration option to limit number of UDP queries per ephemeral port (#549)
Add a new ARES_OPT_UDP_MAX_QUERIES option with udp_max_queries parameter that can be passed to ares_init_options(). This value defaults to 0 (unlimited) to maintain existing compatibility, any positive number will cause new UDP ephemeral ports to be created once the threshold is reached, we'll call these 'connections' even though its technically wrong for UDP.
Implementation Details:
* Each server entry in a channel now has a linked-list of connections/ports for udp and tcp. The first connection in the list is the one most likely to be eligible to accept new queries.
* Queries are now tracked by connection rather than by server.
* Every time a query is detached from a connection, the connection that it was attached to will be checked to see if it needs to be cleaned up.
* Insertion, lookup, and searching for connections has been implemented as O(1) complexity so the number of connections will not impact performance.
* Remove is_broken from the server, it appears it would be set and immediately unset, so must have been invalidated via a prior patch. A future patch should probably track consecutive server errors and de-prioritize such servers. The code right now will always try servers in the order of configuration, so a bad server in the list will always be tried and may rely on timeout logic to try the next.
* Various other cleanups to remove code duplication and for clarification.
Fixes Bug: #444
Fix By: Brad House (@bradh352)
- [Brad House brought this change]
its not 1991 anymore, lower default timeout and retry count (#542)
A lot of time has passed since the original timeouts and retry counts were chosen. We have on and off issues reported due to this. Even on geostationary satellite links, latency is worst case around 1.5s. This PR changes the per-server timeout to 2s and the retry count lowered from 4 to 3.
Fix By: Brad House (@bradh352)
- [Brad House brought this change]
Modernization: Implement base data-structures and replace usage (#540)
c-ares currently lacks modern data structures that can make coding easier and more efficient. This PR implements a new linked list, skip list (sorted linked list), and hashtable implementation that are easy to use and hard to misuse. Though these implementations use more memory allocations than the prior implementation, the ability to more rapidly iterate on the codebase is a bigger win than any marginal performance difference (which is unlikely to be visible, modern systems are much more powerful than when c-ares was initially created).
The data structure implementation favors readability and audit-ability over performance, however using the algorithmically correct data type for the purpose should offset any perceived losses.
The primary motivation for this PR is to facilitate future implementation for Issues #444, #135, #458, and possibly #301
A couple additional notes:
The ares_timeout() function is now O(1) complexity instead of O(n) due to the use of a skiplist.
Some obscure bugs were uncovered which were actually being incorrectly validated in the test cases. These have been addressed in this PR but are not explicitly discussed.
Fixed some dead code warnings in ares_rand for systems that don't need rc4
Fix By: Brad House (@bradh352)
- [Jérôme Duval brought this change]
fix missing prefix for CMake generated libcares.pc (#530)
'pkg-config grpc --cflags' complains with:
Variable 'prefix' not defined in libcares.pc
Fix By: Jérôme Duval (@korli)
bradh352 (11 Jul 2023)
- windows get_DNS_Windows port fix for ipv6
- windows get_DNS_Windows port is in network byte order
- backoff to debian 11 due to coverage check failure
- extend on PR #534, windows should also honor a port
GitHub (11 Jul 2023)
- [Brad House brought this change]
Support configuration of DNS server ports (#534)
As per https://man.openbsd.org/OpenBSD-5.1/resolv.conf.5 we should
support bracketed syntax for resolv.conf entries to contain an optional
port number.
We also need to utilize this format for configuration of MacOS
DNS servers as seen when using the Viscosity OpenVPN client, where
it starts a private DNS server listening on localhost on a non-standard
port.
Fix By: Brad House (@bradh352)
Daniel Stenberg (9 Jun 2023)
- provide SPDX identifiers and a REUSE CI job to verify
All files have their licence and copyright information clearly
identifiable. If not in the file header, they are set separately in
.reuse/dep5.
All used license texts are provided in LICENSES/
GitHub (30 May 2023)
- [Alexey A Tikhonov brought this change]
Remove unreachable code as reported by Coverity (#527)
Coverity reported some code as unreachable. A manual inspection confirmed the reports.
Fix By: Alexey A Tikhonov (@alexey-tikhonov)
- [Ben Noordhuis brought this change]
rand: add support for getrandom() (#526)
glibc provides arc4random_buf() but musl does not and /dev/urandom is
not always available.
- [Tim Wojtulewicz brought this change]
Replace uses of sprintf with snprintf (#525)
sprintf isn't safe even if you think you are using it right. Switch to snprintf().
Fix By: Tim Wojtulewicz (@timwoj)
bradh352 (23 May 2023)
- update version and release procedure
GitHub (22 May 2023)
- [Douglas R. Reno brought this change]
INSTALL.md: Add Watcom instructions and update Windows documentation URLs (#524)
This commit adds instructions on how to use the WATCOM compiler to build c-ares. This was just tested on c-ares-1.19.1 and works well.
While going through the links for the C Runtime documentation for Windows systems, I discovered that all three of the KB articles that were linked are now nonexistent. This commit replaces KB94248 with the current replacement available on Microsoft's website, which also makes the other two KB articles obsolete.
Fix By: Douglas R. Reno (@renodr)
* privsep: allow __NR_mmap2
* privsep: allow __NR_clock_gettime32
* compat/arc4random.c: use memset instead of explicit_bzero
* privsep: avoid SIGPIPE errors when scripts write to stderr/stdout
after dhcpcd is daemonised
Direct setting of PKGVERSION was confusing the tooling at points so it
did not reflect that a PKGREVISION value was set. Fix this by setting
the version in DISTNAME and making a substition in PKGNAME instead.
Addresses PR pkg/57668 from Jason White.
Simplify std::unique_ptr get and release
Fix assertion failure
Reset ppe pending state explicitly
Print a correct program name after usage
Rename all occurrences of bbr2 to bbrv2
Fix compile error with libressl
Add dependabot to update actions
Bump actions/checkout from 3 to 4
Bump docker/login-action from 2 to 3
Bump docker/setup-buildx-action from 2 to 3
Bump docker/build-push-action from 4 to 5
docker: Bump base image to debian 12
Add release script
qlog: Support STREAMS_BLOCKED frame
qlog: Add missing stream_id to stream_data_blocked
Add tests for ngtcp2_qlog_write_frame
Merge ngtcp2_crypto into ngtcp2_stream
Bump quictls
Bbrv2 tweak
Support latest bbr only
Add log event filter
Add NGTCP2_LOG_EVENT_CC
Simplify *pfrc == NULL and rv != NGTCP2_ERR_NOBUF conditions
Simplify ngtcp2_vec_merge
Log event cc fix
ngtcp2_crypto_verify_retry_token: Return -1 if cil validation fails
Rename NGTCP2_LOG_EVENT_RCV to NGTCP2_LOG_EVENT_LDC
Shutdown stream between write stream calls
Fix assertion failure
Fix missing prefix for AF_INET macros in ngtcp2_crypto.c
Rework how network families are defined with generic sock addr
Refactor path validation
Write MAX_STREAMS after RESET_STREAM as the original comment suggests
Send RESET_STREAM if stream is reset by client
Bump quictls to 3.1.3
Bump boringssl
Bump picotls
Not early anymore
Fix uninitialized variables
Check return values from openssl functions
cmake: speed up warning option detection
cmake: delete unused detections, add missing #defines
Update examples/.gitignore
cmake: Enable werror
Require nghttp3 v1.0.0
6.1.9
Added Example and some sub features in slcli file volume-cancel, slcli file volume-duplicate, slcli file volume-limits
PyPi publishing update
fixed image detail object mask
added force feature for hardware poweron and poweroff
pip prod(deps): bump rich from 13.5.2 to 13.5.3
v0.116.0 (2023-10-13)
Feature
* Reduce type checking overhead at run time
v0.115.2 (2023-10-05)
Fix
* Ensure ServiceInfo cache is cleared when adding to the registry
v0.115.1 (2023-10-01)
Fix
* Add missing python definition for addresses_by_version
v0.115.0 (2023-09-26)
Feature
* Speed up outgoing multicast queue
v0.114.0 (2023-09-25)
Feature
* Speed up responding to queries
v0.113.0 (2023-09-24)
Feature
* Improve performance of loading records from cache in ServiceInfo
v0.112.0 (2023-09-14)
Feature
* Improve AsyncServiceBrowser performance
v0.111.0 (2023-09-14)
Feature
* Speed up question and answer internals
v0.110.0 (2023-09-14)
Feature
* Small speed ups to ServiceBrowser
v0.109.0 (2023-09-14)
Feature
* Speed up ServiceBrowsers with a cython pxd
v0.108.0 (2023-09-11)
Feature
* Improve performance of constructing outgoing queries
v0.107.0 (2023-09-11)
Feature
* Speed up responding to queries
v0.106.0 (2023-09-11)
Feature
* Speed up answering questions
v0.105.0 (2023-09-10)
Feature
* Speed up ServiceInfo with a cython pxd
v0.104.0 (2023-09-10)
Feature
* Speed up generating answers
25.1.1 is the first stable release with Python 3.12 wheels.
Changes:
- Allow Cython 0.29.35 to build Python 3.12 wheels (no longer require Cython 3)
Bugs fixed:
- Fix builds on Solaris by including generated platform.hpp
- Cleanup futures in `Socket.poll()` that are cancelled and never return
- Fix builds with `-j` when numpy is present in the build env
25.1.0
pyzmq 25.1 mostly changes some packaging details of pyzmq, including support for installation from source on Python 3.12 beta 1.
Enhancements:
- Include address in error message when bind/connect fail.
Packaging changes:
- Fix inclusion of some test files in source distributions.
- Add Cython as a build-time dependency in `build-system.requires` metadata, following current [recommendations][cython-build-requires] of the Cython maintainers.
We still ship generated Cython sources in source distributions, so it is not a _strict_ dependency for packagers using `--no-build-isolation`, but pip will install Cython as part of building pyzmq from source.
This makes it more likely that past pyzmq releases will install on future Python releases, which often require an update to Cython but not pyzmq itself.
For Python 3.12, Cython >=3.0.0b3 is required.
25.0.2
- Fix handling of shadow sockets in ZMQStream when the original sockets have been closed. A regression in 25.0.0, seen with jupyter-client 7.
25.0.1
Tiny bugfix release that should only affect users of {class}`~.PUBHandler` or pyzmq repackagers.
- Fix handling of custom Message types in {class}`~.PUBHandler`
- Small lint fixes to satisfy changes in mypy
- License files have been renamed to more standard LICENSE.BSD, LICENSE.LESSER to appease some license auto-detect tools.
25.0.0
New:
- Added `socket_class` argument to {func}`zmq.Context.socket`
- Support shadowing sockets with socket objects,
not just via address, e.g. `zmq.asyncio.Socket(other_socket)`.
Shadowing an object preserves a reference to the original,
unlike shadowing via address.
- in {mod}`zmq.auth`, CredentialsProvider callbacks may now be async.
- {class}`~.zmq.eventloop.zmqstream.ZMQStream` callbacks may now be async.
- Add {class}`zmq.ReconnectStop` draft constants.
- Add manylinux_2_28 wheels for x86_64 CPython 3.10, 3.11, and PyPy 3.9 (these are _in addition to_ not _instead of_ the manylinux_2014 wheels).
Fixed:
- When {class}`~.zmq.eventloop.zmqstream.ZMQStream` is given an async socket,
it now warns and hooks up events correctly with the underlying socket, so the callback gets the received message,
instead of sending the callback the incorrect arguments.
- Fixed toml parse error in `pyproject.toml`,
when installing from source with very old pip.
- Removed expressed dependency on `py` when running with pypy,
which hasn't been used in some time.
Deprecated:
- {class}`zmq.auth.ioloop.IOLoopAuthenticator` is deprecated in favor of {class}`zmq.auth.asyncio.AsyncioAuthenticator`
- As part of migrating toward modern pytest, {class}`zmq.tests.BaseZMQTestCase` is deprecated and should not be used outside pyzmq.
- `python setup.py test` is deprecated as a way to launch the tests.
Just use `pytest`.
Removed:
- Bundled subset of tornado's IOLoop (deprecated since pyzmq 17) is removed,
so ZMQStream cannot be used without an actual install of tornado.
- Remove support for tornado 4,
meaning tornado is always assumed to run on asyncio.
==============================
Release Notes for Samba 4.18.8
October 10, 2023
==============================
This is a security release in order to address the following defects:
o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to
existing unix domain sockets on the file system.
https://www.samba.org/samba/security/CVE-2023-3961.html
o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with
OVERWRITE disposition when using the acl_xattr Samba VFS
module with the smb.conf setting
"acl_xattr:ignore system acls = yes"
https://www.samba.org/samba/security/CVE-2023-4091.html
o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
attributes, including secrets and passwords. Additionally,
the access check fails open on error conditions.
https://www.samba.org/samba/security/CVE-2023-4154.html
o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
server block for a user-defined amount of time, denying
service.
https://www.samba.org/samba/security/CVE-2023-42669.html
o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
listeners, disrupting service on the AD DC.
https://www.samba.org/samba/security/CVE-2023-42670.html
libzmq 4.3.5
Relicensing from LGPL-3.0+ (with custom exceptions) to MPL-2.0 is now complete.
libzmq is now distributed under the Mozilla Public License 2.0. Relicensing
grants have been collected from all relevant authors, and some functionality
has been clean-room reimplemented where that was not possible. In layman terms,
the new license provides the same rights and obligations as before. Source
files are now tagged using the SPDX license identifier format.
Details of the relicensing process can be seen at:
Relicensing grants have been archived at:
https://github.com/rlenferink/libzmq-relicense
A special thanks to everybody who helped with this long and difficult task,
with the process, the reimplementations, the collections and everything else.
New DRAFT (see NEWS for 4.2.0) socket options:
ZMQ_BUSY_POLL will set the SO_BUSY_POLL socket option on the underlying
sockets, if it is supported.
ZMQ_HICCUP_MSG will send a message when the peer has been disconnected.
ZMQ_XSUB_VERBOSE_UNSUBSCRIBE will configure a socket to pass all
unsubscription messages, including duplicated ones.
ZMQ_TOPICS_COUNT will return the number of subscribed topics on a
PUB/SUB socket.
ZMQ_NORM_MODE, ZMQ_NORM_UNICAST_NACK, ZMQ_NORM_BUFFER_SIZE,
ZMQ_NORM_SEGMENT_SIZE, ZMQ_NORM_BLOCK_SIZE, ZMQ_NORM_NUM_PARITY,
ZMQ_NORM_NUM_AUTOPARITY and ZMQ_NORM_PUSH to control various aspect of
NORM sockets.
See doc/zmq_setsockopt.txt and doc/zmq_getsockopt.txt for details.
New DRAFT (see NEWS for 4.2.0) zmq_ppoll APIs was added that differs from
zmq_poll in the same way that ppoll differs from poll.
See doc/zmq_ppoll.txt for details.
Various bug fixes and performance improvements.
pkgsrc changes:
- workaround build errors of gcc7 on netbsd-9
- fix a problem that webp images with alpha channel are not shown properly
Upstream changes:
* 3.7.1 (2023/10/09)
- fix failures on drawing WebP images in some cases
- fix infinite loop on emoji notification messages
* 3.7.0 (2023/10/09)
- start support of Misskey
- drop functions to connect to Twitter
- drop --filter, --home, --no-rest, --post, and --token options
- add --twitter, --misskey, and --local options
- temporarily drop --ngword-* and --show-ng options
- rename --black/--white options to --dark/--light
Wireshark 4.0.10 Release Notes
What’s New
We do not ship official 32-bit Windows packages for Wireshark 4.0 and
later. If you need to use Wireshark on that platform, we recommend
using the latest 3.6 release. Issue 17779[1]
If you’re running Wireshark on macOS and upgraded to macOS 13 from an
earlier version, you might have to open and run the “Uninstall
ChmodBPF” package, then open and run “Install ChmodBPF” in order to
reset the ChmodBPF Launch Daemon. Issue 18734[2].
Bug Fixes
The following bugs have been fixed:
• Error loading g729.so plugin with Wireshark 4.0.9 and 3.6.17 on
macOS. Issue 19374[3].
DHCP: Don't crash on a test run
dhcpcd: Fix off-by-one overflow when read() writes full BUFSIZ
privsep: fix strlcpy overflow in psp_ifname
privsep: Fix a FD leak when processes exit
dhcpcd: Use a local variable instead of the optind
dhcpcd: Guard against handling many SIGTERM/SIGINT
DHCP6: Send correct amount of used buffer for prefix exclude option
options: andsf6 is DHCPv6, not DHCP
options: introduce the uri option as opposed to a string
DHCP6: Set all requested addrs as not stale when starting discovery
compat: update arc4random() to newer chacha20 based version from OpenBSD
compat: Support libcrypto for hmac and sha256
compat: use OpenSSL RAND_priv_bytes() for entropy
privsep: Allow diabling of SECCOMP on Linux
linux: fix wireless roaming
3.15.0
Added
Add pyotp Python dependency in Lexicon to help implementing OTP (one-time password) on providers whose API supports this kind of authentication.
Add OTP support on hover provider, with a new flag named --auth-totp-secret.
Add type marker py.typed to inform types checkers about availability of type annotations in Lexicon codebase.
Modified
Fix and modernize ReadTheDoc documentation build.
Better error management and resource cleanup when Client is used as a context manager.
Removed
Stop using cryptography in providers where only hashing is needed.
0.12.2 - Released on 01/10/2023
- Issue 205: Allow windows build without SMB support
- Issue 215: termscp not respecting port in SSH config. The port specified
for the host in the SSH configuration wasn't evaluated.
- Issue 213: termscp panicks if the terminal window is too small
7.1.17
add type hint for minio/credentials/credentials.py
Fix missed f-strings
prepare temporary directory when fget_object
Add CertificateIdentityProvider to imports
add type hint for Minio.put_object
add type hint for Minio.get_object
add type hint for Minio.__init__
Version: 1.5.8 - 2023-10-02
**Enhancements**
- removed Python 2.6 support.
- speedup logging by 28% by using `logging._srcfile = None` trick. This
avoids calling `calling sys._getframe()` for each log record.
- added support for Python 3.12.
OAuth version 2.0 is a follow-up on OAuth 1.0, which is not supported by
this module. The specification for version 2.0 can be found in
- RFC6749, Authorization framework: http://tools.ietf.org/html/rfc6749
- RFC6750, Bearer token usage: http://tools.ietf.org/html/rfc6750
Start with one these modules:
- Net::OAuth2::Profile::WebServer
- Net::OAuth2::Profile::Password
0.4.1 (2023-09-25)
- Reverting the short option of ``-R`` due to a clash with ``pytest-leaks``.
The short option is added to ``pytest-astropy`` instead.
Changes in tnftpd from 20200704 to 20231001:
Security fixes to improve error handling when switching UID/GID,
and to prevent MLSD and MLST before authentication succeeds.
Fix buffer overflows when counting users, and when authenticating
using PAM.
Qt 6.5.3 release is a patch release made on the top of Qt 6.5.2.
As a patch release, Qt 6.5.3 does not add any new functionality but provides
bug fixes and other improvements and maintains both forward and backward
compatibility (source and binary) with Qt 6.5.2.
For detailed information about Qt 6.5, refer to the online documentation
included in this distribution. The documentation is also available online:
https://doc.qt.io/qt-6/index.html
upstream changes:
-----------------
v1.24.0
Bugfixes:
#8965: v1.23.6 introduces untrusted sharing regression
Enhancements:
#5175: Record more performance metrics
#7456: Announce IPv6 ULA
#7973: Restore versions file filter should be case insensitive
#8767: Check interface for FlagRunning
Other issues:
#9021: panic: bug: ClusterConfig called on closed or nonexistent connection
#9034: Build with Go 1.21 out of the box
v1.23.7
Bugfixes:
#6597: setLowPriority should not increase process priority when already lower (in Windows)
#7698: ursrv: unrealistic uptime data, likely due to unset RTC (1970-01-01)
#8958: Extended attribute filter editor should be enabled when "send extended attributes" is checked
#8967: Shared With list ends with comma on 1 device
#9001: relaysrv crash after some weeks of operation
Enhancements:
#8890: Do not autoexpand tilde sign (~) to an absolute home directory path
#8957: Add environment variables for --home, --conf, and --data
#8968: Error for Windows invalid file names should indicate the invalid character or name part
Other issues:
#8973: 1.23.6 docker image no longer available for linux/arm/v7
#8983: Integrate govulncheck
v1.23.6
Bugfixes:
#7638: favicon not working Firefox & derivative browsers
#8899: Omitting %s from LDAP bind DN sends corrupted bind DN string to LDAP server
#8920: Untrusted device should be disallowed from being an introducer
#8960: relaysrv and discosrv docker images haven't been updated for more than year
Other issues:
#8691: Add arm64 architecture for syncthing/discosrv container
#8897: v1.23.5-rc.1 / v1.23.5: Missing sha1sum.txt.asc & sha256sum.txt.asc
#8898: v1.23.5-rc.1: Missing .debs for i386, armel, armhf
v1.23.5
bugfixes:
#8503: "syncthing cli config devices add" reflect error when using --addresses flag
#8764: ignore patterns creating during folder addition are not loaded
#8778: tests fail on windows with go 1.20
#8779: test cleanup fails all model tests on windows on go 1.20
#8859: incorrect handling of path for auto accepted folder
Other issues:
#8799: "fatal error: checkptr: converted pointer straddles multiple allocations" in crypto tests
0.11.0
🚀 Features
Handle 403 same as 401, and look for credentials on 404 error
🐞 Bug Fixes
Close response files correctly
Change FormatControl to respect the priority of only_binary over no_binary
Include useful message if VCS command not found
==============================
Release Notes for Samba 4.18.7
September 27, 2023
==============================
This is the latest stable release of the Samba 4.18 release series.
Changes since 4.18.6
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 15419: Weird filename can cause assert to fail in
openat_pathref_fsp_nosymlink().
* BUG 15423: use-after-free in aio_del_req_from_fsp during smbd shutdown
after failed IPC FSCTL_PIPE_TRANSCEIVE.
* BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized
pointer.
o Andrew Bartlett <abartlet@samba.org>
* BUG 15401: Avoid infinite loop in initial user sync with Azure AD Connect.
* BUG 15407: Samba replication logs show (null) DN.
o Ralph Boehme <slow@samba.org>
* BUG 15463: macOS mdfind returns only 50 results.
o Remi Collet <rcollet@redhat.com>
* BUG 14808: smbc_getxattr() return value is incorrect.
o Volker Lendecke <vl@samba.org>
* BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
previous cache entry value.
o Stefan Metzmacher <metze@samba.org>
* BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
impacts sendmail, zabbix, potentially more.
o MikeLiu <mikeliu@qnap.com>
* BUG 15453: File doesn't show when user doesn't have permission if
aio_pthread is loaded.
o Martin Schwenke <mschwenke@ddn.com>
* BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
1.9.1.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with
empty claims pac blobs (from Samba 4.19 or Windows).
* BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
in use.
yt-dlp 2023.09.24
Important changes
The minimum recommended Python version has been raised to 3.8
Since Python 3.7 has reached end-of-life, support for it will be dropped soon. Read more
Security: [CVE-2023-40581] Prevent RCE when using --exec with %q on Windows
The shell escape function is now using "" instead of \".
utils.Popen has been patched to properly quote commands.
iperf-3.15 2023-09-14
---------------------
* Notable user-visible changes
* Several bugs that could allow the iperf3 server to hang waiting
for input on the control connection has been fixed. ESnet thanks
Jorge Sancho Larraz from Canonical for reporting this issue. For
more information, see:
https://downloads.es.net/pub/iperf/esnet-secadv-2023-0002.txt.asc
* A bug that caused garbled output with UDP tests on 32-bit hosts
has been fixed.
* A bug in counting UDP messages has been fixed
9.18.19 (2023-09-20)
6246. [security] Fix use-after-free error in TLS DNS code when sending
data. (CVE-2023-4236) [GL #4242]
6245. [security] Limit the amount of recursion that can be performed
by isccc_cc_fromwire. (CVE-2023-3341) [GL #4152]
6244. [bug] Adjust log levels on malformed messages to NOTICE when
transferring in a zone. [GL #4290]
6241. [bug] Take into account the possibility of partial TLS writes
in TLS DNS code. That helps to prevent DNS messages
corruption on long DNS over TLS streams. [GL #4255]
6240. [bug] Use dedicated per-worker thread jemalloc memory
arenas for send buffers allocation to reduce memory
consumption and avoid lock contention. [GL #4038]
6239. [func] Deprecate the 'dnssec-must-be-secure' option.
[GL #3700]
6237. [bug] Address memory leaks due to not clearing OpenSSL error
stack. [GL #4159]
6235. [doc] Clarify BIND 9 time formats. [GL #4266]
6234. [bug] Restore stale-refresh-time value after flushing the
cache. [GL #4278]
6232. [bug] Following the introduction of krb5-subdomain-self-rhs
and ms-subdomain-self-rhs update rules, removal of
nonexistent PTR and SRV records via UPDATE could fail.
[GL #4280]
6231. [func] Make nsupdate honor -v for SOA requests if the server
is specified. [GL #1181]
6230. [bug] Prevent an unnecessary query restart if a synthesized
CNAME target points to the CNAME owner. [GL #3835]
6227. [bug] Check the statistics-channel HTTP Content-length
to prevent negative or overflowing values from
causing a crash. [GL #4125]
6224. [bug] Check the If-Modified-Since value length to prevent
out-of-bounds write. [GL #4124]
9.16.44 (2023-09-20)
6245. [security] Limit the amount of recursion that can be performed
by isccc_cc_fromwire. (CVE-2023-3341) [GL #4152]
6235. [doc] Clarify BIND 9 time formats. [GL #4266]
6230. [bug] Prevent an unnecessary query restart if a synthesized
CNAME target points to the CNAME owner. [GL #3835]
3.6.0 (2023-09-19)
* **Breaking** bugfixes
* Always include suffix if private suffix enabled and private suffix exists
* Add a 4th field `is_private: bool`, to the `ExtractResult`
`namedtuple`, indicating whether the extraction came from the PSL's
private domains or not.
* **This could cause issues when iterating over the tuple and assuming
only 3 fields.**
* Previously, the docs promoted iteration to rejoin parts of the tuple.
This is better achieved by individual access of fields of interest
(e.g. `ExtractResult.subdomain`) or convenience properties (e.g.
`ExtractResult.{fqdn,registered_domain}`).
Release: 0.9.0
Added:
* Add hash capabilities to OUI
Fixed:
* **Backwards incompatible:** Handle RFC 6164 IPv6 addresses (don't reserve first IP
address in point-to-point subnets) ($267, Damien Claisse)
* **Technically backwards incompatible:** Fix for is_loopback behaviour – consider
``IPNetwork('::1/128')`` to be loopback
* Include tutorials in source distributions
* Fix a documentation typo
* Fix print syntax in the documentation to be Python 3 compatible
* Fix the Sphinx syntax in the documentation
Changes in libsoup from 3.4.2 to 3.4.3:
* Fix incorrect UTF-8 encoding for params in headers [Leo Zi-You Assini]
* Numerous HTTP/2 fixes and improvements [Carlos Garcia Campos]
* Fix possible crashes in connection management [Michael Catanzaro]
* Fix small leak in SoupServer [Emil Ljungdahl]
* Fix the possibility of empty HTTP/2 frames being sent [Pawel Lampe]
2.8.3
- CI: do not use "groupinstall" for Fedora Rawhide builds
- CI: get rid of travis-ci wrapper for Coverity scan
- BUG/MEDIUM: quic: fix tasklet_wakeup loop on connection closing
- BUG/MINOR: hlua: fix invalid use of lua_pop on error paths
- DEV: flags/show-sess-to-flags: properly decode fd.state
- BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection
- BUG/MINOR: stktable: allow sc-add-gpc from tcp-request connection
- DOC: typo: fix sc-set-gpt references
- SCRIPTS: git-show-backports: automatic ref and base detection with -m
- REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (3)
- DOC: jwt: Add explicit list of supported algorithms
- BUILD: Makefile: add the USE_QUIC option to make help
- IMPORT: plock: also support inlining the int code
- MINOR: threads: inline the wait function for pthread_rwlock emulation
- MINOR: atomic: make sure to always relax after a failed CAS
- IMPORT: xxhash: update xxHash to version 0.8.2
- CI: fedora: fix "dnf" invocation syntax
- BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage
- DOC: lua: fix core.register_action typo
- BUG/MINOR: ssl_sock: fix possible memory leak on OOM
- BUILD: import: guard plock.h against multiple inclusion
- BUG/MINOR: ssl/cli: can't find ".crt" files when replacing a certificate
- BUG/MINOR: stream: protect stream_dump() against incomplete streams
- DOC: config: mention uid dependency on the tune.quic.socket-owner option
- BUG/MINOR: checks: do not queue/wake a bounced check
- DEBUG: applet: Properly report opposite SC expiration dates in traces
- BUG/MEDIUM: stconn: Update stream expiration date on blocked sends
- BUG/MINOR: stconn: Don't report blocked sends during connection establishment
- BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending shutdown
- BUG/MEDIUM: stconn: Don't block sends if there is a pending shutdown
- BUG/MINOR: quic: Possible skipped RTT sampling
- BUG/MAJOR: quic: Really ignore malformed ACK frames.
- BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer
- BUG/MINOR: stream: further protect stream_dump() against incomplete sessions
- DOC: configuration: update examples for req.ver
- MINOR: httpclient: allow to configure the retries
- MINOR: httpclient: allow to configure the timeout.connect
- BUG/MINOR: quic: Wrong RTT adjusments
- BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var)
- BUG/MEDIUM: applet: Fix API for function to push new data in channels buffer
- BUG/MEDIUM: stconn: Report read activity when a stream is attached to front SC
- BUG/MEDIUM: applet: Report an error if applet request more room on aborted SC
- BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout
- NUG/MEDIUM: stconn: Always update stream's expiration date after I/O
- BUG/MINOR: applet: Always expect data when CLI is waiting for a new command
- BUG/MINOR: ring/cli: Don't expect input data when showing events
- BUG/MINOR: hlua/action: incorrect message on E_YIELD error
- MEDIUM: capabilities: enable support for Linux capabilities
- CI: Update to actions/checkout@v4
0.7.0:
fixes compilation with go 1.21
0.6.2:
DNS resolver improvement
Support for dynamically adding of DNS records
0.6.1:
set proper protocol for stdio
0.6.0
Allow connections over stdio for WSL2
Support for using multiple protocols
Improve rxStream performance using bufio reader
Dependency updates
1.29.47
=======
* api-change:``cloud9``: Update to include information on Ubuntu 18 deprecation.
* api-change:``drs``: Updated existing APIs and added new ones to support using AWS Elastic Disaster Recovery post-launch actions. Added support for new regions.
* api-change:``firehose``: DocumentIdOptions has been added for the Amazon OpenSearch destination.
* api-change:``guardduty``: Add `managementType` field to ListCoverage API response.
* api-change:``internetmonitor``: This release updates the Amazon CloudWatch Internet Monitor API domain name.
* api-change:``ivs-realtime``: Doc only update that changes description for ParticipantToken.
* api-change:``simspaceweaver``: Edited the introductory text for the API reference.
* api-change:``xray``: Add StartTime field in GetTraceSummaries API response for each TraceSummary.
1.29.46
=======
* api-change:``ec2``: This release adds support for restricting public sharing of AMIs through AMI Block Public Access
* api-change:``events``: Update events command to latest version
* api-change:``kendra``: Amazon Kendra now supports confidence score buckets for retrieved passage results using the Retrieve API.
1.29.45
=======
* api-change:``ecr``: This release will have ValidationException be thrown from ECR LifecyclePolicy APIs in regions LifecyclePolicy is not supported, this includes existing Amazon Dedicated Cloud (ADC) regions. This release will also change Tag: TagValue and Tag: TagKey to required.
* api-change:``medialive``: AWS Elemental Link now supports attaching a Link UHD device to a MediaConnect flow.
* api-change:``quicksight``: This release launches new updates to QuickSight KPI visuals - support for sparklines, new templated layout and new targets for conditional formatting rules.
1.29.44
=======
* api-change:``fsx``: Amazon FSx documentation fixes
* api-change:``sagemaker``: Autopilot APIs will now support holiday featurization for Timeseries models. The models will now hold holiday metadata and should be able to accommodate holiday effect during inference.
* api-change:``sso-admin``: Content updates to IAM Identity Center API for China Regions.
* api-change:``workspaces``: A new field "ErrorDetails" will be added to the output of "DescribeWorkspaceImages" API call. This field provides in-depth details about the error occurred during image import process. These details include the possible causes of the errors and troubleshooting information.
1.29.43
=======
* api-change:``neptunedata``: Minor changes to send unsigned requests to Neptune clusters
* api-change:``securityhub``: Documentation updates for AWS Security Hub
* api-change:``simspaceweaver``: BucketName and ObjectKey are now required for the S3Location data type. BucketName is now required for the S3Destination data type.
1.29.42
=======
* api-change:``appflow``: Adding OAuth2.0 support for servicenow connector.
* api-change:``ec2``: This release adds 'outpost' location type to the DescribeInstanceTypeOfferings API, allowing customers that have been allowlisted for outpost to query their offerings in the API.
* api-change:``elbv2``: Update elbv2 command to latest version
* api-change:``medialive``: Adds advanced Output Locking options for Epoch Locking: Custom Epoch and Jam Sync Time
* api-change:``wafv2``: The targeted protection level of the Bot Control managed rule group now provides optional, machine-learning analysis of traffic statistics to detect some bot-related activity. You can enable or disable the machine learning functionality through the API.
1.29.41
=======
* api-change:``billingconductor``: This release adds support for line item filtering in for the custom line item resource.
* api-change:``cloud9``: Added support for Ubuntu 22.04 that was not picked up in a previous Trebuchet request. Doc-only update.
* api-change:``compute-optimizer``: This release adds support to provide recommendations for G4dn and P3 instances that use NVIDIA GPUs.
* api-change:``ec2``: Introducing Amazon EC2 C7gd, M7gd, and R7gd Instances with up to 3.8 TB of local NVMe-based SSD block-level storage. These instances are powered by AWS Graviton3 processors, delivering up to 25% better performance over Graviton2-based instances.
* api-change:``ecs``: Documentation only update for Amazon ECS.
* api-change:``events``: Update events command to latest version
* api-change:``rds``: Add support for feature integration with AWS Backup.
* api-change:``sagemaker``: SageMaker Neo now supports data input shape derivation for Pytorch 2.0 and XGBoost compilation job for cloud instance targets. You can skip DataInputConfig field during compilation job creation. You can also access derived information from model in DescribeCompilationJob response.
* api-change:``vpc-lattice``: This release adds Lambda event structure version config support for LAMBDA target groups. It also adds newline support for auth policies.
1.29.40
=======
* api-change:``chime-sdk-media-pipelines``: This release adds support for the Voice Analytics feature for customer-owned KVS streams as part of the Amazon Chime SDK call analytics.
* api-change:``connect``: Amazon Connect adds the ability to read, create, update, delete, and list view resources, and adds the ability to read, create, delete, and list view versions.
* api-change:``identitystore``: New Identity Store content for China Region launch
* api-change:``neptunedata``: Removed the descriptive text in the introduction.
1.29.39
=======
* api-change:``chime-sdk-media-pipelines``: This release adds support for feature Voice Enhancement for Call Recording as part of Amazon Chime SDK call analytics.
* api-change:``cloudhsm``: Deprecating CloudHSM Classic API Service.
* api-change:``connectcampaigns``: Amazon Connect outbound campaigns has launched agentless dialing mode which enables customers to make automated outbound calls without agent engagement. This release updates three of the campaign management API's to support the new agentless dialing mode and the new dialing capacity field.
* api-change:``connectparticipant``: Amazon Connect Participant Service adds the ability to get a view resource using a view token, which is provided in a participant message, with the release of the DescribeView API.
* api-change:``customer-profiles``: Adds sensitive trait to various shapes in Customer Profiles API model.
* api-change:``ecs``: This release adds support for an account-level setting that you can use to configure the number of days for AWS Fargate task retirement.
* api-change:``grafana``: Marking SAML RoleValues attribute as sensitive and updating VpcConfiguration attributes to match documentation.
* api-change:``health``: Adds new API DescribeEntityAggregatesForOrganization that retrieves entity aggregates across your organization. Also adds support for resource status filtering in DescribeAffectedEntitiesForOrganization, resource status aggregates in the DescribeEntityAggregates response, and new resource statuses.
* api-change:``ivs``: Updated "type" description for CreateChannel, UpdateChannel, Channel, and ChannelSummary.
* api-change:``kafkaconnect``: Minor model changes for Kafka Connect as well as endpoint updates.
* api-change:``payment-cryptography-data``: Make KeyCheckValue field optional when using asymmetric keys as Key Check Values typically only apply to symmetric keys
* api-change:``sagemaker-runtime``: Update sagemaker-runtime command to latest version
1.29.38
=======
* api-change:``appflow``: Add SAP source connector parallel and pagination feature
* api-change:``apprunner``: App Runner adds support for Bitbucket. You can now create App Runner connection that connects to your Bitbucket repositories and deploy App Runner service with the source code stored in a Bitbucket repository.
* api-change:``auditmanager``: This release marks some assessment metadata as sensitive. We added a sensitive trait to the following attributes: assessmentName, emailAddress, scope, createdBy, lastUpdatedBy, and userName.
* api-change:``cleanrooms``: This release decouples member abilities in a collaboration. With this change, the member who can run queries no longer needs to be the same as the member who can receive results.
* api-change:``datasync``: AWS DataSync introduces Task Reports, a new feature that provides detailed reports of data transfer operations for each task execution.
* api-change:``neptunedata``: Allows customers to execute data plane actions like bulk loading graphs, issuing graph queries using Gremlin and openCypher directly from the SDK.
* api-change:``network-firewall``: Network Firewall increasing pagination token string length
* api-change:``pca-connector-ad``: The Connector for AD allows you to use a fully-managed AWS Private CA as a drop-in replacement for your self-managed enterprise CAs without local agents or proxy servers. Enterprises that use AD to manage Windows environments can reduce their private certificate authority (CA) costs and complexity.
* api-change:``sagemaker``: Amazon SageMaker Canvas adds IdentityProviderOAuthSettings support for CanvasAppSettings
1.29.37
=======
* api-change:``cognito-idp``: Added API example requests and responses for several operations. Fixed the validation regex for user pools Identity Provider name.
* api-change:``fsx``: Documentation updates for project quotas.
* api-change:``omics``: Add RetentionMode support for Runs.
* api-change:``sesv2``: Adds support for the new Export and Message Insights features: create, get, list and cancel export jobs; get message insights.
1.29.36
=======
* api-change:``backup``: Add support for customizing time zone for backup window in backup plan rules.
* api-change:``compute-optimizer``: This release enables AWS Compute Optimizer to analyze and generate licensing optimization recommendations for sql server running on EC2 instances.
* api-change:``organizations``: Documentation updates for permissions and links.
* api-change:``securitylake``: Remove incorrect regex enforcement on pagination tokens.
* api-change:``service-quotas``: Service Quotas now supports viewing the applied quota value and requesting a quota increase for a specific resource in an AWS account.
* api-change:``workspaces-web``: WorkSpaces Web now enables Admins to configure which cookies are synchronized from an end-user's local browser to the in-session browser. In conjunction with a browser extension, this feature enables enhanced Single-Sign On capability by reducing the number of times an end-user has to authenticate.
1.29.35
=======
* api-change:``cloudtrail``: Add ThrottlingException with error code 429 to handle CloudTrail Delegated Admin request rate exceeded on organization resources.
* api-change:``cloudwatch``: Update cloudwatch command to latest version
* api-change:``detective``: Added protections to interacting with fields containing customer information.
1.29.34
=======
* api-change:``ec2``: Amazon EC2 M7a instances, powered by 4th generation AMD EPYC processors, deliver up to 50% higher performance compared to M6a instances. Amazon EC2 Hpc7a instances, powered by 4th Gen AMD EPYC processors, deliver up to 2.5x better performance compared to Amazon EC2 Hpc6a instances.
* api-change:``glue``: Added API attributes that help in the monitoring of sessions.
* api-change:``mediaconvert``: This release includes additional audio channel tags in Quicktime outputs, support for film grain synthesis for AV1 outputs, ability to create audio-only FLAC outputs, and ability to specify Amazon S3 destination storage class.
* api-change:``medialive``: MediaLive now supports passthrough of KLV data to a HLS output group with a TS container. MediaLive now supports setting an attenuation mode for AC3 audio when the coding mode is 3/2 LFE. MediaLive now supports specifying whether to include filler NAL units in RTMP output group settings.
* api-change:``mediatailor``: Adds new source location AUTODETECT_SIGV4 access type.
* api-change:``quicksight``: Excel support in Snapshot Export APIs. Removed Required trait for some insight Computations. Namespace-shared Folders support. Global Filters support. Table pin Column support.
* api-change:``rds``: This release updates the supported versions for Percona XtraBackup in Aurora MySQL.
* api-change:``s3control``: Updates to endpoint ruleset tests to address Smithy validation issues and standardize the capitalization of DualStack.
* api-change:``verifiedpermissions``: Documentation updates for Amazon Verified Permissions.
1.29.33
=======
* api-change:``apigateway``: This release adds RootResourceId to GetRestApi response.
* api-change:``ec2``: Marking fields as sensitive on BundleTask and GetPasswordData
* api-change:``polly``: Amazon Polly adds 1 new voice - Zayd (ar-AE)
1.29.32
=======
* api-change:``ce``: This release adds the LastUpdatedDate and LastUsedDate timestamps to help you manage your cost allocation tags.
* api-change:``globalaccelerator``: Global Accelerator now supports Client Ip Preservation for Network Load Balancer endpoints.
* api-change:``rds``: Adding parameters to CreateCustomDbEngineVersion reserved for future use.
* api-change:``verifiedpermissions``: Documentation updates for Amazon Verified Permissions. Increases max results per page for ListPolicyStores, ListPolicies, and ListPolicyTemplates APIs from 20 to 50.
1.29.31
=======
* api-change:``cloud9``: Doc only update to add Ubuntu 22.04 as an Image ID option for Cloud9
* api-change:``ec2``: The DeleteKeyPair API has been updated to return the keyPairId when an existing key pair is deleted.
* api-change:``finspace``: Allow customers to manage outbound traffic from their Kx Environment when attaching a transit gateway by providing network acl entries. Allow the customer to choose how they want to update the databases on a cluster allowing updates to possibly be faster than usual.
* api-change:``rds``: Adding support for RDS Aurora Global Database Unplanned Failover
* api-change:``route53domains``: Fixed typos in description fields
1.29.30
=======
* api-change:``codecommit``: Add new ListFileCommitHistory operation to retrieve commits which introduced changes to a specific file.
* api-change:``securityhub``: Added Inspector Lambda code Vulnerability section to ASFF, including GeneratorDetails, EpssScore, ExploitAvailable, and CodeVulnerabilities.
1.28.47
=======
* api-change:``cloud9``: [``botocore``] Update to include information on Ubuntu 18 deprecation.
* api-change:``drs``: [``botocore``] Updated existing APIs and added new ones to support using AWS Elastic Disaster Recovery post-launch actions. Added support for new regions.
* api-change:``firehose``: [``botocore``] DocumentIdOptions has been added for the Amazon OpenSearch destination.
* api-change:``guardduty``: [``botocore``] Add `managementType` field to ListCoverage API response.
* api-change:``internetmonitor``: [``botocore``] This release updates the Amazon CloudWatch Internet Monitor API domain name.
* api-change:``ivs-realtime``: [``botocore``] Doc only update that changes description for ParticipantToken.
* api-change:``simspaceweaver``: [``botocore``] Edited the introductory text for the API reference.
* api-change:``xray``: [``botocore``] Add StartTime field in GetTraceSummaries API response for each TraceSummary.
1.28.46
=======
* api-change:``ec2``: [``botocore``] This release adds support for restricting public sharing of AMIs through AMI Block Public Access
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``kendra``: [``botocore``] Amazon Kendra now supports confidence score buckets for retrieved passage results using the Retrieve API.
1.28.45
=======
* api-change:``ecr``: [``botocore``] This release will have ValidationException be thrown from ECR LifecyclePolicy APIs in regions LifecyclePolicy is not supported, this includes existing Amazon Dedicated Cloud (ADC) regions. This release will also change Tag: TagValue and Tag: TagKey to required.
* api-change:``medialive``: [``botocore``] AWS Elemental Link now supports attaching a Link UHD device to a MediaConnect flow.
* api-change:``quicksight``: [``botocore``] This release launches new updates to QuickSight KPI visuals - support for sparklines, new templated layout and new targets for conditional formatting rules.
1.28.44
=======
* api-change:``fsx``: [``botocore``] Amazon FSx documentation fixes
* api-change:``sagemaker``: [``botocore``] Autopilot APIs will now support holiday featurization for Timeseries models. The models will now hold holiday metadata and should be able to accommodate holiday effect during inference.
* api-change:``sso-admin``: [``botocore``] Content updates to IAM Identity Center API for China Regions.
* api-change:``workspaces``: [``botocore``] A new field "ErrorDetails" will be added to the output of "DescribeWorkspaceImages" API call. This field provides in-depth details about the error occurred during image import process. These details include the possible causes of the errors and troubleshooting information.
1.28.43
=======
* api-change:``neptunedata``: [``botocore``] Minor changes to send unsigned requests to Neptune clusters
* api-change:``securityhub``: [``botocore``] Documentation updates for AWS Security Hub
* api-change:``simspaceweaver``: [``botocore``] BucketName and ObjectKey are now required for the S3Location data type. BucketName is now required for the S3Destination data type.
1.28.42
=======
* api-change:``appflow``: [``botocore``] Adding OAuth2.0 support for servicenow connector.
* api-change:``ec2``: [``botocore``] This release adds 'outpost' location type to the DescribeInstanceTypeOfferings API, allowing customers that have been allowlisted for outpost to query their offerings in the API.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``medialive``: [``botocore``] Adds advanced Output Locking options for Epoch Locking: Custom Epoch and Jam Sync Time
* api-change:``wafv2``: [``botocore``] The targeted protection level of the Bot Control managed rule group now provides optional, machine-learning analysis of traffic statistics to detect some bot-related activity. You can enable or disable the machine learning functionality through the API.
1.28.41
=======
* api-change:``billingconductor``: [``botocore``] This release adds support for line item filtering in for the custom line item resource.
* api-change:``cloud9``: [``botocore``] Added support for Ubuntu 22.04 that was not picked up in a previous Trebuchet request. Doc-only update.
* api-change:``compute-optimizer``: [``botocore``] This release adds support to provide recommendations for G4dn and P3 instances that use NVIDIA GPUs.
* api-change:``ec2``: [``botocore``] Introducing Amazon EC2 C7gd, M7gd, and R7gd Instances with up to 3.8 TB of local NVMe-based SSD block-level storage. These instances are powered by AWS Graviton3 processors, delivering up to 25% better performance over Graviton2-based instances.
* api-change:``ecs``: [``botocore``] Documentation only update for Amazon ECS.
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``rds``: [``botocore``] Add support for feature integration with AWS Backup.
* api-change:``sagemaker``: [``botocore``] SageMaker Neo now supports data input shape derivation for Pytorch 2.0 and XGBoost compilation job for cloud instance targets. You can skip DataInputConfig field during compilation job creation. You can also access derived information from model in DescribeCompilationJob response.
* api-change:``vpc-lattice``: [``botocore``] This release adds Lambda event structure version config support for LAMBDA target groups. It also adds newline support for auth policies.
1.28.40
=======
* api-change:``chime-sdk-media-pipelines``: [``botocore``] This release adds support for the Voice Analytics feature for customer-owned KVS streams as part of the Amazon Chime SDK call analytics.
* api-change:``connect``: [``botocore``] Amazon Connect adds the ability to read, create, update, delete, and list view resources, and adds the ability to read, create, delete, and list view versions.
* api-change:``identitystore``: [``botocore``] New Identity Store content for China Region launch
* api-change:``neptunedata``: [``botocore``] Removed the descriptive text in the introduction.
1.28.39
=======
* api-change:``chime-sdk-media-pipelines``: [``botocore``] This release adds support for feature Voice Enhancement for Call Recording as part of Amazon Chime SDK call analytics.
* api-change:``cloudhsm``: [``botocore``] Deprecating CloudHSM Classic API Service.
* api-change:``connectcampaigns``: [``botocore``] Amazon Connect outbound campaigns has launched agentless dialing mode which enables customers to make automated outbound calls without agent engagement. This release updates three of the campaign management API's to support the new agentless dialing mode and the new dialing capacity field.
* api-change:``connectparticipant``: [``botocore``] Amazon Connect Participant Service adds the ability to get a view resource using a view token, which is provided in a participant message, with the release of the DescribeView API.
* api-change:``customer-profiles``: [``botocore``] Adds sensitive trait to various shapes in Customer Profiles API model.
* api-change:``ecs``: [``botocore``] This release adds support for an account-level setting that you can use to configure the number of days for AWS Fargate task retirement.
* api-change:``grafana``: [``botocore``] Marking SAML RoleValues attribute as sensitive and updating VpcConfiguration attributes to match documentation.
* api-change:``health``: [``botocore``] Adds new API DescribeEntityAggregatesForOrganization that retrieves entity aggregates across your organization. Also adds support for resource status filtering in DescribeAffectedEntitiesForOrganization, resource status aggregates in the DescribeEntityAggregates response, and new resource statuses.
* api-change:``ivs``: [``botocore``] Updated "type" description for CreateChannel, UpdateChannel, Channel, and ChannelSummary.
* api-change:``kafkaconnect``: [``botocore``] Minor model changes for Kafka Connect as well as endpoint updates.
* api-change:``payment-cryptography-data``: [``botocore``] Make KeyCheckValue field optional when using asymmetric keys as Key Check Values typically only apply to symmetric keys
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
1.28.38
=======
* api-change:``appflow``: [``botocore``] Add SAP source connector parallel and pagination feature
* api-change:``apprunner``: [``botocore``] App Runner adds support for Bitbucket. You can now create App Runner connection that connects to your Bitbucket repositories and deploy App Runner service with the source code stored in a Bitbucket repository.
* api-change:``auditmanager``: [``botocore``] This release marks some assessment metadata as sensitive. We added a sensitive trait to the following attributes: assessmentName, emailAddress, scope, createdBy, lastUpdatedBy, and userName.
* api-change:``cleanrooms``: [``botocore``] This release decouples member abilities in a collaboration. With this change, the member who can run queries no longer needs to be the same as the member who can receive results.
* api-change:``datasync``: [``botocore``] AWS DataSync introduces Task Reports, a new feature that provides detailed reports of data transfer operations for each task execution.
* api-change:``neptunedata``: [``botocore``] Allows customers to execute data plane actions like bulk loading graphs, issuing graph queries using Gremlin and openCypher directly from the SDK.
* api-change:``network-firewall``: [``botocore``] Network Firewall increasing pagination token string length
* api-change:``pca-connector-ad``: [``botocore``] The Connector for AD allows you to use a fully-managed AWS Private CA as a drop-in replacement for your self-managed enterprise CAs without local agents or proxy servers. Enterprises that use AD to manage Windows environments can reduce their private certificate authority (CA) costs and complexity.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Canvas adds IdentityProviderOAuthSettings support for CanvasAppSettings
1.28.37
=======
* api-change:``cognito-idp``: [``botocore``] Added API example requests and responses for several operations. Fixed the validation regex for user pools Identity Provider name.
* api-change:``fsx``: [``botocore``] Documentation updates for project quotas.
* api-change:``omics``: [``botocore``] Add RetentionMode support for Runs.
* api-change:``sesv2``: [``botocore``] Adds support for the new Export and Message Insights features: create, get, list and cancel export jobs; get message insights.
1.28.36
=======
* api-change:``backup``: [``botocore``] Add support for customizing time zone for backup window in backup plan rules.
* api-change:``compute-optimizer``: [``botocore``] This release enables AWS Compute Optimizer to analyze and generate licensing optimization recommendations for sql server running on EC2 instances.
* api-change:``organizations``: [``botocore``] Documentation updates for permissions and links.
* api-change:``securitylake``: [``botocore``] Remove incorrect regex enforcement on pagination tokens.
* api-change:``service-quotas``: [``botocore``] Service Quotas now supports viewing the applied quota value and requesting a quota increase for a specific resource in an AWS account.
* api-change:``workspaces-web``: [``botocore``] WorkSpaces Web now enables Admins to configure which cookies are synchronized from an end-user's local browser to the in-session browser. In conjunction with a browser extension, this feature enables enhanced Single-Sign On capability by reducing the number of times an end-user has to authenticate.
1.28.35
=======
* api-change:``cloudtrail``: [``botocore``] Add ThrottlingException with error code 429 to handle CloudTrail Delegated Admin request rate exceeded on organization resources.
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``detective``: [``botocore``] Added protections to interacting with fields containing customer information.
1.28.34
=======
* api-change:``ec2``: [``botocore``] Amazon EC2 M7a instances, powered by 4th generation AMD EPYC processors, deliver up to 50% higher performance compared to M6a instances. Amazon EC2 Hpc7a instances, powered by 4th Gen AMD EPYC processors, deliver up to 2.5x better performance compared to Amazon EC2 Hpc6a instances.
* api-change:``glue``: [``botocore``] Added API attributes that help in the monitoring of sessions.
* api-change:``mediaconvert``: [``botocore``] This release includes additional audio channel tags in Quicktime outputs, support for film grain synthesis for AV1 outputs, ability to create audio-only FLAC outputs, and ability to specify Amazon S3 destination storage class.
* api-change:``medialive``: [``botocore``] MediaLive now supports passthrough of KLV data to a HLS output group with a TS container. MediaLive now supports setting an attenuation mode for AC3 audio when the coding mode is 3/2 LFE. MediaLive now supports specifying whether to include filler NAL units in RTMP output group settings.
* api-change:``mediatailor``: [``botocore``] Adds new source location AUTODETECT_SIGV4 access type.
* api-change:``quicksight``: [``botocore``] Excel support in Snapshot Export APIs. Removed Required trait for some insight Computations. Namespace-shared Folders support. Global Filters support. Table pin Column support.
* api-change:``rds``: [``botocore``] This release updates the supported versions for Percona XtraBackup in Aurora MySQL.
* api-change:``s3control``: [``botocore``] Updates to endpoint ruleset tests to address Smithy validation issues and standardize the capitalization of DualStack.
* api-change:``verifiedpermissions``: [``botocore``] Documentation updates for Amazon Verified Permissions.
1.28.33
=======
* api-change:``apigateway``: [``botocore``] This release adds RootResourceId to GetRestApi response.
* api-change:``ec2``: [``botocore``] Marking fields as sensitive on BundleTask and GetPasswordData
* api-change:``polly``: [``botocore``] Amazon Polly adds 1 new voice - Zayd (ar-AE)
1.28.32
=======
* api-change:``ce``: [``botocore``] This release adds the LastUpdatedDate and LastUsedDate timestamps to help you manage your cost allocation tags.
* api-change:``globalaccelerator``: [``botocore``] Global Accelerator now supports Client Ip Preservation for Network Load Balancer endpoints.
* api-change:``rds``: [``botocore``] Adding parameters to CreateCustomDbEngineVersion reserved for future use.
* api-change:``verifiedpermissions``: [``botocore``] Documentation updates for Amazon Verified Permissions. Increases max results per page for ListPolicyStores, ListPolicies, and ListPolicyTemplates APIs from 20 to 50.
1.28.31
=======
* api-change:``cloud9``: [``botocore``] Doc only update to add Ubuntu 22.04 as an Image ID option for Cloud9
* api-change:``ec2``: [``botocore``] The DeleteKeyPair API has been updated to return the keyPairId when an existing key pair is deleted.
* api-change:``finspace``: [``botocore``] Allow customers to manage outbound traffic from their Kx Environment when attaching a transit gateway by providing network acl entries. Allow the customer to choose how they want to update the databases on a cluster allowing updates to possibly be faster than usual.
* api-change:``rds``: [``botocore``] Adding support for RDS Aurora Global Database Unplanned Failover
* api-change:``route53domains``: [``botocore``] Fixed typos in description fields
1.28.30
=======
* api-change:``codecommit``: [``botocore``] Add new ListFileCommitHistory operation to retrieve commits which introduced changes to a specific file.
* api-change:``securityhub``: [``botocore``] Added Inspector Lambda code Vulnerability section to ASFF, including GeneratorDetails, EpssScore, ExploitAvailable, and CodeVulnerabilities.
1.31.47
=======
* api-change:``cloud9``: Update to include information on Ubuntu 18 deprecation.
* api-change:``drs``: Updated existing APIs and added new ones to support using AWS Elastic Disaster Recovery post-launch actions. Added support for new regions.
* api-change:``firehose``: DocumentIdOptions has been added for the Amazon OpenSearch destination.
* api-change:``guardduty``: Add `managementType` field to ListCoverage API response.
* api-change:``internetmonitor``: This release updates the Amazon CloudWatch Internet Monitor API domain name.
* api-change:``ivs-realtime``: Doc only update that changes description for ParticipantToken.
* api-change:``simspaceweaver``: Edited the introductory text for the API reference.
* api-change:``xray``: Add StartTime field in GetTraceSummaries API response for each TraceSummary.
1.31.46
=======
* api-change:``ec2``: This release adds support for restricting public sharing of AMIs through AMI Block Public Access
* api-change:``events``: Update events client to latest version
* api-change:``kendra``: Amazon Kendra now supports confidence score buckets for retrieved passage results using the Retrieve API.
1.31.45
=======
* api-change:``ecr``: This release will have ValidationException be thrown from ECR LifecyclePolicy APIs in regions LifecyclePolicy is not supported, this includes existing Amazon Dedicated Cloud (ADC) regions. This release will also change Tag: TagValue and Tag: TagKey to required.
* api-change:``medialive``: AWS Elemental Link now supports attaching a Link UHD device to a MediaConnect flow.
* api-change:``quicksight``: This release launches new updates to QuickSight KPI visuals - support for sparklines, new templated layout and new targets for conditional formatting rules.
1.31.44
=======
* api-change:``fsx``: Amazon FSx documentation fixes
* api-change:``sagemaker``: Autopilot APIs will now support holiday featurization for Timeseries models. The models will now hold holiday metadata and should be able to accommodate holiday effect during inference.
* api-change:``sso-admin``: Content updates to IAM Identity Center API for China Regions.
* api-change:``workspaces``: A new field "ErrorDetails" will be added to the output of "DescribeWorkspaceImages" API call. This field provides in-depth details about the error occurred during image import process. These details include the possible causes of the errors and troubleshooting information.
1.31.43
=======
* api-change:``neptunedata``: Minor changes to send unsigned requests to Neptune clusters
* api-change:``securityhub``: Documentation updates for AWS Security Hub
* api-change:``simspaceweaver``: BucketName and ObjectKey are now required for the S3Location data type. BucketName is now required for the S3Destination data type.
1.31.42
=======
* api-change:``appflow``: Adding OAuth2.0 support for servicenow connector.
* api-change:``ec2``: This release adds 'outpost' location type to the DescribeInstanceTypeOfferings API, allowing customers that have been allowlisted for outpost to query their offerings in the API.
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``medialive``: Adds advanced Output Locking options for Epoch Locking: Custom Epoch and Jam Sync Time
* api-change:``wafv2``: The targeted protection level of the Bot Control managed rule group now provides optional, machine-learning analysis of traffic statistics to detect some bot-related activity. You can enable or disable the machine learning functionality through the API.
1.31.41
=======
* api-change:``billingconductor``: This release adds support for line item filtering in for the custom line item resource.
* api-change:``cloud9``: Added support for Ubuntu 22.04 that was not picked up in a previous Trebuchet request. Doc-only update.
* api-change:``compute-optimizer``: This release adds support to provide recommendations for G4dn and P3 instances that use NVIDIA GPUs.
* api-change:``ec2``: Introducing Amazon EC2 C7gd, M7gd, and R7gd Instances with up to 3.8 TB of local NVMe-based SSD block-level storage. These instances are powered by AWS Graviton3 processors, delivering up to 25% better performance over Graviton2-based instances.
* api-change:``ecs``: Documentation only update for Amazon ECS.
* api-change:``events``: Update events client to latest version
* api-change:``rds``: Add support for feature integration with AWS Backup.
* api-change:``sagemaker``: SageMaker Neo now supports data input shape derivation for Pytorch 2.0 and XGBoost compilation job for cloud instance targets. You can skip DataInputConfig field during compilation job creation. You can also access derived information from model in DescribeCompilationJob response.
* api-change:``vpc-lattice``: This release adds Lambda event structure version config support for LAMBDA target groups. It also adds newline support for auth policies.
1.31.40
=======
* api-change:``chime-sdk-media-pipelines``: This release adds support for the Voice Analytics feature for customer-owned KVS streams as part of the Amazon Chime SDK call analytics.
* api-change:``connect``: Amazon Connect adds the ability to read, create, update, delete, and list view resources, and adds the ability to read, create, delete, and list view versions.
* api-change:``identitystore``: New Identity Store content for China Region launch
* api-change:``neptunedata``: Removed the descriptive text in the introduction.
1.31.39
=======
* api-change:``chime-sdk-media-pipelines``: This release adds support for feature Voice Enhancement for Call Recording as part of Amazon Chime SDK call analytics.
* api-change:``cloudhsm``: Deprecating CloudHSM Classic API Service.
* api-change:``connectcampaigns``: Amazon Connect outbound campaigns has launched agentless dialing mode which enables customers to make automated outbound calls without agent engagement. This release updates three of the campaign management API's to support the new agentless dialing mode and the new dialing capacity field.
* api-change:``connectparticipant``: Amazon Connect Participant Service adds the ability to get a view resource using a view token, which is provided in a participant message, with the release of the DescribeView API.
* api-change:``customer-profiles``: Adds sensitive trait to various shapes in Customer Profiles API model.
* api-change:``ecs``: This release adds support for an account-level setting that you can use to configure the number of days for AWS Fargate task retirement.
* api-change:``grafana``: Marking SAML RoleValues attribute as sensitive and updating VpcConfiguration attributes to match documentation.
* api-change:``health``: Adds new API DescribeEntityAggregatesForOrganization that retrieves entity aggregates across your organization. Also adds support for resource status filtering in DescribeAffectedEntitiesForOrganization, resource status aggregates in the DescribeEntityAggregates response, and new resource statuses.
* api-change:``ivs``: Updated "type" description for CreateChannel, UpdateChannel, Channel, and ChannelSummary.
* api-change:``kafkaconnect``: Minor model changes for Kafka Connect as well as endpoint updates.
* api-change:``payment-cryptography-data``: Make KeyCheckValue field optional when using asymmetric keys as Key Check Values typically only apply to symmetric keys
* api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
1.31.38
=======
* api-change:``appflow``: Add SAP source connector parallel and pagination feature
* api-change:``apprunner``: App Runner adds support for Bitbucket. You can now create App Runner connection that connects to your Bitbucket repositories and deploy App Runner service with the source code stored in a Bitbucket repository.
* api-change:``auditmanager``: This release marks some assessment metadata as sensitive. We added a sensitive trait to the following attributes: assessmentName, emailAddress, scope, createdBy, lastUpdatedBy, and userName.
* api-change:``cleanrooms``: This release decouples member abilities in a collaboration. With this change, the member who can run queries no longer needs to be the same as the member who can receive results.
* api-change:``datasync``: AWS DataSync introduces Task Reports, a new feature that provides detailed reports of data transfer operations for each task execution.
* api-change:``neptunedata``: Allows customers to execute data plane actions like bulk loading graphs, issuing graph queries using Gremlin and openCypher directly from the SDK.
* api-change:``network-firewall``: Network Firewall increasing pagination token string length
* api-change:``pca-connector-ad``: The Connector for AD allows you to use a fully-managed AWS Private CA as a drop-in replacement for your self-managed enterprise CAs without local agents or proxy servers. Enterprises that use AD to manage Windows environments can reduce their private certificate authority (CA) costs and complexity.
* api-change:``sagemaker``: Amazon SageMaker Canvas adds IdentityProviderOAuthSettings support for CanvasAppSettings
1.31.37
=======
* api-change:``cognito-idp``: Added API example requests and responses for several operations. Fixed the validation regex for user pools Identity Provider name.
* api-change:``fsx``: Documentation updates for project quotas.
* api-change:``omics``: Add RetentionMode support for Runs.
* api-change:``sesv2``: Adds support for the new Export and Message Insights features: create, get, list and cancel export jobs; get message insights.
1.31.36
=======
* api-change:``backup``: Add support for customizing time zone for backup window in backup plan rules.
* api-change:``compute-optimizer``: This release enables AWS Compute Optimizer to analyze and generate licensing optimization recommendations for sql server running on EC2 instances.
* api-change:``organizations``: Documentation updates for permissions and links.
* api-change:``securitylake``: Remove incorrect regex enforcement on pagination tokens.
* api-change:``service-quotas``: Service Quotas now supports viewing the applied quota value and requesting a quota increase for a specific resource in an AWS account.
* api-change:``workspaces-web``: WorkSpaces Web now enables Admins to configure which cookies are synchronized from an end-user's local browser to the in-session browser. In conjunction with a browser extension, this feature enables enhanced Single-Sign On capability by reducing the number of times an end-user has to authenticate.
1.31.35
=======
* api-change:``cloudtrail``: Add ThrottlingException with error code 429 to handle CloudTrail Delegated Admin request rate exceeded on organization resources.
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``detective``: Added protections to interacting with fields containing customer information.
1.31.34
=======
* api-change:``ec2``: Amazon EC2 M7a instances, powered by 4th generation AMD EPYC processors, deliver up to 50% higher performance compared to M6a instances. Amazon EC2 Hpc7a instances, powered by 4th Gen AMD EPYC processors, deliver up to 2.5x better performance compared to Amazon EC2 Hpc6a instances.
* api-change:``glue``: Added API attributes that help in the monitoring of sessions.
* api-change:``mediaconvert``: This release includes additional audio channel tags in Quicktime outputs, support for film grain synthesis for AV1 outputs, ability to create audio-only FLAC outputs, and ability to specify Amazon S3 destination storage class.
* api-change:``medialive``: MediaLive now supports passthrough of KLV data to a HLS output group with a TS container. MediaLive now supports setting an attenuation mode for AC3 audio when the coding mode is 3/2 LFE. MediaLive now supports specifying whether to include filler NAL units in RTMP output group settings.
* api-change:``mediatailor``: Adds new source location AUTODETECT_SIGV4 access type.
* api-change:``quicksight``: Excel support in Snapshot Export APIs. Removed Required trait for some insight Computations. Namespace-shared Folders support. Global Filters support. Table pin Column support.
* api-change:``rds``: This release updates the supported versions for Percona XtraBackup in Aurora MySQL.
* api-change:``s3control``: Updates to endpoint ruleset tests to address Smithy validation issues and standardize the capitalization of DualStack.
* api-change:``verifiedpermissions``: Documentation updates for Amazon Verified Permissions.
1.31.33
=======
* api-change:``apigateway``: This release adds RootResourceId to GetRestApi response.
* api-change:``ec2``: Marking fields as sensitive on BundleTask and GetPasswordData
* api-change:``polly``: Amazon Polly adds 1 new voice - Zayd (ar-AE)
1.31.32
=======
* api-change:``ce``: This release adds the LastUpdatedDate and LastUsedDate timestamps to help you manage your cost allocation tags.
* api-change:``globalaccelerator``: Global Accelerator now supports Client Ip Preservation for Network Load Balancer endpoints.
* api-change:``rds``: Adding parameters to CreateCustomDbEngineVersion reserved for future use.
* api-change:``verifiedpermissions``: Documentation updates for Amazon Verified Permissions. Increases max results per page for ListPolicyStores, ListPolicies, and ListPolicyTemplates APIs from 20 to 50.
1.31.31
=======
* api-change:``cloud9``: Doc only update to add Ubuntu 22.04 as an Image ID option for Cloud9
* api-change:``ec2``: The DeleteKeyPair API has been updated to return the keyPairId when an existing key pair is deleted.
* api-change:``finspace``: Allow customers to manage outbound traffic from their Kx Environment when attaching a transit gateway by providing network acl entries. Allow the customer to choose how they want to update the databases on a cluster allowing updates to possibly be faster than usual.
* api-change:``rds``: Adding support for RDS Aurora Global Database Unplanned Failover
* api-change:``route53domains``: Fixed typos in description fields
1.31.30
=======
* api-change:``codecommit``: Add new ListFileCommitHistory operation to retrieve commits which introduced changes to a specific file.
* api-change:``securityhub``: Added Inspector Lambda code Vulnerability section to ASFF, including GeneratorDetails, EpssScore, ExploitAvailable, and CodeVulnerabilities.
## Release 0.13.0 (10-Aug-2023)
* Python 2.7 support is dropped (#457)
* Python 3.5 and 3.6 are past their EOL date and support is dropped (#448)
* SECURITY: Replace "weird" characters in receiver's display (#476)
* SECURITY: all past binary signatures are now in Git
* Use the HKDF primitive from "cryptography" (#462)
* `wormhole receive` now accepts `--allocate-code` so that a sender can
use `--code` to send them a file (#450)
* Stream to disk after 10MB on directory receive (#447)
* Handle SSH keys with comments properly (#434)
* Properly parse IPv6 Transit address (#461)
Also of interest to developers in this release are a few changes
to the experimental Dilation implementation and description; some
documentation cleanups; dropping of dependencies; and some test
cleanups. The Dilation changes properly send `use-version` and
split messages over Noise-sized chunks more seamlessly (allowing
the specified 4-byte maximum message size at the application layer).
# CHANGES
libasr 1.0.4
* add definition of MAXDNAME for systems that lack it
* some libc require include of nameser_compat.h for rr types definition
libasr 1.0.3
* add support for edns0 and dnssec
* remove support for HOSTALIASES
* remove support for non-standard [addr]:port syntax for
* nameserver
* remove support for YP
* always reload resolv.conf if pid changed
* various bugfixes and improvements
Changelog:
31.08.2023 Release v2.1.0
* New option --follow-sitemaps
* New option --dane (cert validation via DNS)
* Implement --check-certificate=quiet
* Support proxies on non-default ports
* Added CIDR support for no_proxy (IPv4 and IPv6)
* Improve recursive RSS/Atom processing
* Improve default cert/bundle paths for Windows
* Improve Windows and MSVC compatibility
* Use CONNECT for https_proxy
* Add decoding numeric XML entities
* Improve OpenSSL code
* Improve WolfSSL code
* Improve the progress bar
* New function wget_xml_decode_entities_inline()
* Support compilation of wget.h from C++
* Handle comments in robots.txt correctly
* Fix parsing HTMP/XML entities in URLs from HTML/XML
* Fix use-after-free when updating blacklist entries
* Don't try setting file timestamps on ttys
* Fix arguments parsing for --filter-urls
* Fix removing fragments when converting links
* Fix duplicate downloads for Link headers with rel=duplicate
* Fix segmentation fault (NULL dereference when no HTTP header has been received)
* Change arguments of wget_iri_compare to const
* Fix memory leak in wget_hashmap_clear()
* Extend network error messages with hostname and IP address
* Fix status code for 5xx errors
* Fix issue in wget_buffer_trim()
* Improve tests, documentation, building
Upstream's changelog:
workflow: add libcups2-dev dependency by @rdmark in #335
Correct doc README by @rdmark in #326
Fix all warnings on running bootstrap by @dgsga in #346
bootstrap: Add checks for required packages by @rdmark in #338
Enable compilation on macOS hosts v2 by @dgsga in #349
macros: Use the AC_LANG_SOURCE macro, issue #347 by @rdmark in #351
Remove redundant documentation in conf files; improve man pages, #333 by @rdmark in #334
Use non-interactive PAM session when available by @rdmark in #367
papd: Future-proof CUPS API usage by @rdmark in #373
Update atalkd.service to be consistent with other init scripts. by @rdmark in #372
Adopt downstream Debian patches by @rdmark in #370
Restore tarball distribution of doc/ (GitHub#374) by @rdmark in #375
Regenerate man pages from xml sources by @rdmark in #376
v4.5.5
- BUGFIX: Fix transfer list tab hotkey (thalieht)
- BUGFIX: Don't forget to enable the Apply button in the Options dialog (glassez)
- BUGFIX: Immediately update torrent status on moving files (glassez)
- BUGFIX: Improve performance when scrolling the file list of large torrents (gdim47)
- BUGFIX: Don't operate on random torrents when multiple are selected and a sort/filter is applied (glassez)
- RSS: Fix overwriting feeds.json with an incomplete load of it (Omar Abdul Azeez)
- WINDOWS: Software update check logic is disabled for < Win10 (sledgehammer999)
- WINDOWS: NSIS: Update Turkish and French translations (Burak Yavuz, MarcDrieu)
- WINDOWS: NSIS: Add Romanian translation (rusu-afanasie)
This package provides a plugin for the pytest framework that allows developers
to control unit tests that require access to data from the internet. It was
originally part of the astropy core package, but has been moved to a separate
package in order to be of more general use.
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
This release adds DNS cookies downstream, support to respond with EDE
error codes from cache, NAT64 support, and the capability to use a
socket queue timeout to discard old packets, and other features and bug
fixes.
The downstream DNS server cookies are from RFC7873 and RFC9018, it
is turned on with `answer-cookie: yes`. It generates a random cookie
secret, but for anycast setups the cookie secret can be configured with
`cookie-secret: "128bithex"` with the same value as the other instances.
Non cookie traffic can be disallowed with the `allow_cookie` acl option
for access-control. Queries with valid cookie bypass the ordinary
ratelimit, but a ratelimit can be configured for cookie queries
with `ip-ratelimit-cookie: 100`. The statistics has counters for
`query_cookie_valid` and `query_cookie_client` and
`query_cookie_invalid`.
When queries come in with CD flag, a DNSSEC validation EDE can be
returned, with information regarding a failure. EDE error information
is also stored in the cache with the query responses. There is also EDE
error information stored for the cachedb and the subnetcache.
There is NAT64 support, that is enabled with `do-nat64: yes`. The
NAT64 prefix can be configured too, if not the default
`nat64-prefix: 64:ff9b::0/96`. This is useful for an IPv6 only
host where Unbound is running, so that Unbound can use NAT64 to
connect to IPv4 servers.
The new default for the maximum UDP response size is 1232, with
`max-udp-size: 1232`. This is similar to other resolvers. The new
default is smaller and that makes it harder to get large responses.
Thanks to Xiang Li, from NISL Lab, Tsinghua University.
There is a new option `harden-unknown-additional: yes`. This removes
unknown records from the authority and additional section. This stops
unknown records from being copied from the upstream to the downstream
client, potentially exposing those clients to the extra records. Default
is no, because it could hamper future protocol developments that want to
add records. Thanks to Xiang Li, from NISL Lab, Tsinghua University.
With the `sock-queue-timeout: 3` option kernel timestamps are turned on
for UDP queries, and old packets are dropped. Queries that have waited
in the socket buffer for a long time are then discarded, and is useful
if the host was not running for a while. The statistics has
`num.queries_timed_out` and `query.queue_time_us.max` counters.
The local-zone type `block_a` is for when queries to IPv4 have to be
stopped to force IPv6 usage. It stops type A queries with nodata, and
transparently allows other queries.
The redis server can be contacted over a unix socket with
`redis-server-path: "/var/lib/redis/redis-server.sock"`. The redis
server password can be configured with
`redis-server-password: "password"`.
The number of hashtable collisions is logged in the statistics counters
`msg.cache.max_collisions` and `rrset.cache.max_collisions`. It can be
used to monitor for mistakes where the wrong or same hash value occurs
too frequently.
The repository does not have the bison and flex generated output in it,
so these tools are necessary to compile from a checkout, the tarball
distribution contains pregenerated files and can use either those files
or bison and flex tools on the compile system.
If kernel timestamps are enabled, with the sock-queue-timeout option,
they are also used to set the time for dnstap logs.
There is a yocto compatible init script available in the contrib
directory of the source code, `unbound.init_yocto`.
The number of cachedb hits from cache is output in `num.query.cachedb`.
There is support for the dohpath parameter for the SVCB record type.
Prefetch is supported for subnet cache entries.
Detection of the python paths on the system has been expanded.
Compared to the release candidate rc1, this release has an extra fix to
fix a compile issue on NetBSD.
Features
- Merge #826: #dd a metric about the maximum number of collisions in
lrushah.
- Set max-udp-size default to 1232. This is the same default value as
the default value for edns-buffer-size. It restricts client edns
buffer size choices, and makes unbound behave similar to other DNS
resolvers. The new choice, down from 4096 means it is harder to get
large responses from Unbound. Thanks to Xiang Li, from NISL Lab,
Tsinghua University.
- Add harden-unknown-additional option. It removes
unknown records from the authority section and additional section.
Thanks to Xiang Li, from NISL Lab, Tsinghua University.
- Merge #819: Added new static zone type block_a to suppress all A
queries for specific zones.
- Fix#835: [FR] Ability to use Redis unix sockets.
- Fix#833: [FR] Ability to set the Redis password.
- Merge #882 from vvfedorenko: Features/dropqueuedpackets, with
sock-queue-timeout option that drops packets that have been in the
socket queue for too long. Added statistics num.queries_timed_out
and query.queue_time_us.max that track the socket queue timeouts.
- Merge #722 from David 'eqvinox' Lamparter: NAT64 support.
- Fix#888: [FR] Use kernel timestamps for dnstap.
- Merge #903: contrib: add yocto compatible init script.
- Merge #892: Add cachedb hit stat. Introduces 'num.query.cachedb' as
a new statistical counter.
- Merge #739: Add SVCB dohpath support.
- Merge #802: add validation EDEs to queries where the CD bit is set.
- Merge #664 from tilan7763: Add prefetch support for subnet cache
entries.
- Merge #759 from Tom Carpay: Add EDE (RFC8914) caching.
- Merge #790 from Tom Carpay: Add support for EDE caching in cachedb
and subnetcache.
- Merge PR #762: Downstream DNS Server Cookies a la RFC7873 and
RFC9018. Create server cookies for clients that send client cookies.
This needs to be explicitly turned on in the config file with:
`answer-cookie: yes`. A `cookie-secret:` can be configured for
anycast setups. Without one, a random cookie secret is generated.
The acl option `allow_cookie` allows queries with either a valid
cookie or over a stateful transport. The statistics output has
`queries_cookie_valid` and `queries_cookie_client` and
`queries_cookie_invalid` information. The `ip\-ratelimit\-cookie:`
value determines a rate limit for queries with cookies, if desired.
Bug Fixes
- Fix#823: Response change to NODATA for some ANY queries since
1.12, tested on 1.16.1.
- Fix python module install path detection.
- Fix python version detection in configure.
- Improve documentation for #826, describe the large collisions amount.
- Fix not following cleared RD flags potentially enables amplification
DDoS attacks, reported by Xiang Li and Wei Xu from NISL Lab,
Tsinghua University. The fix stops query loops, by refusing to send
RD=0 queries to a forwarder, they still get answered from cache.
- Set default for harden-unknown-additional to no. So that it does
not hamper future protocol developments.
- Fix test for new default.
- Fix acx_nlnetlabs.m4 for -Wstrict-prototypes.
- Add duration variable for speed_local.test.
- Fix#841: Unbound won't build with aaaa-filter-iterator.patch.
- Fix to ignore entirely empty responses, and try at another authority.
This turns completely empty responses, a type of noerror/nodata into
a servfail, but they do not conform to RFC2308, and the retry can
fetch improved content.
- Fix unit tests for spurious empty messages.
- Fix consistency of unit test without roundrobin answers for the
cnametooptout unit test.
- Fix to git ignore the library symbol file that configure can create.
- Allow TTL refresh of expired error responses.
- Add testcase for refreshing expired error responses.
- Clean up iterator/iterator.c::error_response_cache() and allow for
better interaction with serve-expired, prefetch and cached error
responses.
- Fix#825: Unexpected behavior with client-subnet-always-forward
and serve-expired
- Fix for #852: Completion of error handling.
- Fix unbound-dnstap-socket test program to reply the finish frame
over a TLS connection correctly.
- Fix ssl.h include brackets, instead of quotes.
- Fix#812, fix#846, by using the SSL_OP_IGNORE_UNEXPECTED_EOF option
to ignore the unexpected eof while reading in openssl >= 3.
- iana portlist update.
- Fix issue #851: reserved identifier violation
- Fix issue #676: Unencrypted query is sent when
forward-tls-upstream: yes is used without tls-cert-bundle
- Extra consistency check to make sure that when TLS is requested,
either we set up a TLS connection or we return an error.
- Fix#870: NXDOMAIN instead of NOERROR rcode when asked for existing
CNAME record.
- Fix for #870: Add test case for the qname minimisation and CNAME.
- Fix build badge, from failing travis link to github ci action link.
- Merge #875: change obsolete txt URL in unbound-anchor.c to point
to RFC 7958, and Fix#874.
- Fix for #878: Invalid IP address in unbound.conf causes Segmentation
Fault on OpenBSD.
- Fix for #882: small changes, date updated in Copyright for
util/timeval_func.c and util/timeval_func.h. Man page entries and
example entry.
- Fix for #882: document variable to stop doxygen warning.
- Fix issue #860: Bad interaction with 0 TTL records and serve-expired
- Fix RPZ IP responses with trigger rpz-drop on cache entries, that
they are dropped.
- For #722: minor fixes, formatting, refactoring.
- Fix#885: Error: util/configlexer.c: No such file or directory,
adds error messages explaining to install flex and bison.
- Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h.
- Fix doxygen in addr_to_nat64 header definition.
- Fix warning in windows compile, in set_recvtimestamp.
- Fix to print debug log for ancillary data with correct IP address.
- Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR.
- Fix to remove unused variables from RPZ clientip data structure.
- Fix unbound-dnstap-socket printout when no query is present.
- Fix unbound-dnstap-socket time fraction conversion for printout.
- Merge #896: Fix: #895: pythonmodule: add all site-packages
directories to sys.path.
- Fix#895: python + sysconfig gives ANOTHER path comparing to
distutils.
- Fix for uncertain unit test for doh buffer size events.
- Properly handle all return values of worker_check_request during
early EDE code.
- Do not check the incoming request more than once.
- Fix for issue #887 (Timeouts to forward servers on BSD based
system with ASLR)
- Probably fixes#516 (Stream reuse does not work on Windows) as well
- Remove warning about unknown cast-function-type warning pragma.
- Fix python modules with multiple scripts, by incrementing reference
counts.
- More fixes for reference counting for python module and clean up
failure code.
- Merge #827 from rcmcdonald91: Eliminate unnecessary Python reloading
which causes memory leaks.
- Fix#906: warning: `Py_SetProgramName' is deprecated.
- Fix dereference of NULL variable warning in mesh_do_callback.
- Code cleanup for sldns_str2wire_svcparam_key_lookup.
- For #802: Cleanup comments and add RCODE check for CD bit test case.
- Skip the 00-lint test. splint is not maintained; it either does not
work or produces false positives. Static analysis is handled in the
clang test.
- For #664: Easier code flow for subnetcache prefetching.
- For #664: Add testcase.
- For #664: Rename subnet_prefetch tests to subnet_global_prefetch to
differentiate from the new subnet prefetch support.
- Merge #880 from chipitsine: services/authzone.c: remove redundant
check.
- More clear description of the different auth-zone behaviors on the
man page.
- Merge #909 from headshog: Numeric truncation when parsing TYPEXX and
CLASSXX representation.
- For #909: Fix return values.
- Merge #901 from Sergei Trofimovich: config: improve handling of
unknown modules.
- For #909: Fix RR class comparison.
- Merge #857 from eaglegai: fix potential memory leaks when errors
happen.
- For #857: fix mixed declarations and code.
- Merge #118 from mibere: Changed verbosity level for Redis init &
deinit.
- Merge #390 from Frank Riley: Add missing callbacks to the python
module.
- Cleaner failure code for callback functions in interface.i.
- Merge #889 from borisVanhoof: Free memory in error case + remove
unused function.
- For #889: use netcat-openbsd instead of netcat-traditional.
- For #889: Account for num_detached_states before possible
mesh_state_delete when erroring out.
- Fix unused variable compile warning for kernel timestamps in
netevent.c
- Merge #911 from natalie-reece: Exclude EDE before other EDNS options
when there isn't enough space.
- For #911: Try to trim EXTRA-TEXT (and LDNS_EDE_OTHER options
altogether) before giving up on attaching EDE options.
- More braces and formatting for Fix for EDNS EDE size calculation to
avoid future bugs.
- Fix to use the now cached EDE, if any, for CD_bit queries.
- Fix for EDNS EDE size calculation.
- Move a cache reply callback in worker.c closer to the cache reply
generation.
- Fix regional_alloc_init for potential unaligned source of the copy.
- Fix ip_ratelimit test to work with dig that enables DNS cookies.
- Fix for iter_dec_attempts that could cause a hang, part of
capsforid and qname minimisation, depending on the settings.
- Fix uninitialized memory passed in padding bytes of cmsg to sendmsg.
- Fix stat_values test to work with dig that enables DNS cookies.
- Debug Windows ci workflow.
- Fix windows ci workflow to install bison and flex.
- Fix for #925: unbound.service: Main process exited, code=killed,
status=11/SEGV. Fixes cachedb configuration handling.
- Fix#923: processQueryResponse() THROWAWAY should be mindful of
fail_reply.
- Fix unit test for unbound-control to work when threads are disabled,
and fix cache dump check.
- Fix compile error on NetBSD in util/netevent.h.
Version 1.2 Minor Feature Release
This adds support for IPv6 and fixes a couple of bugs.
Please remember that this project is in sustaining mode only, so some bugs remain unfixed.
libnice 0.1.21 (2023-01-07)
===========================
Only use `ifr_ifindex` if OS supports it, fixes build on iOS and FreeBSD
libnice 0.1.20 (2023-01-06)
===========================
Remove support for GStreamer 0.10 builds
Add macro to check LIBNICE version
Added utility function to get the STUN server from a candidate
Support additional header in built-in HTTP proxy client
Add boxed type for NiceAddress for bindings
Add API to get the interface index for a local address
Explicitly bind to a specific interface when creating UDP sockets
Limit the number of stored incoming checks based on a property
Do asynchronous DNS resolution for STUN and TURN servers
Add introspection friendly API to get an allocated string from a NiceCandidate
Enable gst-full to link in a single element
libnice 0.1.19 (2022-05-03)
===========================
Allow incoming connchecks before remote candidates are set, allows for connection based on received bind requests
Implement RFC 7675 for Consent Freshness
Use a single server reflexive and local relay candidate, reduces useless duplicated local candidates
Improved ICE restart implementation
Use Windows native crypto API, removing the need for OpenSSL
Add bytestream ICE-TCP and improve ICE-TCP
Add API to know if a NiceAddress is link-local
Add API to extact the relay address from a relayed NiceAddress
Improve support for detection addresses on Android, iOS, macOS
A number of bug fixes
libnice 0.1.18 (2020-10-20)
===========================
Remove the autotools build system, now only meson is available
On Windows, use crypto library instead of CryptGenRandom() which is deprecated
On Windows, use GetBestInterfaceEx() for UWP compatibility
On Windows, fix the listing of interfaces to use the correct APIs
On Windows, implement ignoring interfaces
Accept receiving messages in multiple steps over TCP
Accept duplicated ports as last option instead of spinning forever
Use sendmmsg if possible to send multiple packets in one call
Fail gathering if no port is available
Hide the implementation of NiceCandidate, this hides some parts that were previously visible
Enable TURN server connects where both TCP and UDP use the same port number
Don't count rejected STUN messages as keepalive packets
libnice 0.1.17 (2020-05-22)
===========================
Add API to retrieve the underlying BSD sockets
Support systems with multiple loopback devices
Ignore non-running network interfaces
Ignore multiple interface prefixes
Now tries to nominate matching pairs across components and streams
Retry TURN deallocation on timeout, requires not destoying the NiceAgent right after the stream
Use different port for every host candidate
Make timeouts and retransmissions more in line with the RFCs
Find OpenSSL without pkg-config, for Windows
Complete meson support
GLib required version update to 2.54
Removed deprecated GLib APIs
Many ICE compatibility and performance improvements
Many bug fixes
0.12.1 (stable)
===============
- Universal CP:
- Do not crash if a device disappears
- Fix issue with meson 1.2.0
- Translation updates
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gupnp-tools/issues/24
0.12.0 (stable)
===============
Dependency changes:
- GLib required is now 2.68
- GUPnP requirement up to 1.6
- Libsoup requirement up to 3.0
- All
- Port to GUPnP 1.6 and Libsoup3
- Fix inconsistencies regarding action errors
- Use more g_autoptr
- Drop gupnp_get_uuid() where used.
- Translation updates
- Common
- Fix potential NULL pointer dereference
- Use GUPnP utility functions for download of icons
- Universal CP:
- Fix missing icon on download error
- Fix uninitialized out value
- Event Dumper:
- Added new tool for dumping UPnP events on command line
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gupnp-tools/issues/23
Merge requests included in this release:
- https://gitlab.gnome.org/GNOME/gupnp-tools/merge_requests/4
0.14.1 (stable)
- Add utility function to format GDateTime to the iso variant
DIDL expects
0.14.0 (stable)
- Re-tag of 0.13.1 as stable version, no other changes
1.6.5 (stable)
- Fix build with meson 1.2
1.6.4 (stable)
==============
- Keep a weak reference to proxy in action
- Add API to provide HTTP credentials for simple authentication
- Remove xmlRecoverMemory usage
Bugs fixed in this release:
- Fixes: https://gitlab.gnome.org/GNOME/gupnp/-/issues/85
- https://gitlab.gnome.org/GNOME/gupnp/issues/86
1.6.3 (stable)
==============
- Fix handling of deprecated and tentative v6 addresses
- Bump GSSDP minimjal version to 1.6.2
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gupnp/issues/82
- https://gitlab.gnome.org/GNOME/gupnp/issues/83
1.6.2 (stable)
==============
- Add test for issue 81
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gupnp/issues/81
1.6.1 (stable)
==============
- ControlPoint: Fix error handling if description download fails
- Use proper method for detecting IFA_FLAGS availability
- ContextManager: Do not leak filtered contexts
- Network ContextManager: Do not leak list parts of context lists
- Introspection: Properly chain up to parent class
- ContextManager: Fix freeing unavailable contexts
- ControlPoint: Do not leak cancellable
- Service: Fix crash if subscription callback is points unreachable host
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gupnp/issues/80
- https://gitlab.gnome.org/GNOME/gupnp/issues/78
1.6.0 (stable)
==============
- Re-release of 1.5.4, no functional change
1.6.2 (stable)
==============
- Propagate random port up to client, partial fix for GUPnP/81
- Add manpage for sniffer
1.6.1 (stable)
==============
- Potential fix for sending discovery responses with the wrong
location
- Properly parse netlink messages in neighbour discovery
- Do not leak the host mask if it was alreay provided on object client
creation
- Fix install path for generated documentation
- Fix warning message for link-local v4 addresses
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gssdp/issues/22
- https://gitlab.gnome.org/GNOME/gssdp/issues/24
1.6.0 (stable)
==============
- Re-release of 1.5.2 as stable version. No functional changes
Changes since 4.18.5
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 15420: reply_sesssetup_and_X() can dereference uninitialized tmp
pointer.
* BUG 15430: Missing return in reply_exit_done().
o Andrew Bartlett <abartlet@samba.org>
* BUG 15289: post-exec password redaction for samba-tool is more reliable for
fully random passwords as it no longer uses regular expressions
containing the password value itself.
* BUG 9959: Windows client join fails if a second container CN=System exists
somewhere.
o Ralph Boehme <slow@samba.org>
* BUG 15342: Spotlight sometimes returns no results on latest macOS.
* BUG 15417: Renaming results in NT_STATUS_SHARING_VIOLATION if previously
attempted to remove the destination.
* BUG 15427: Spotlight results return wrong date in result list.
o Günther Deschner <gd@samba.org>
* BUG 15414: "net offlinejoin provision" does not work as non-root user.
o Pavel Filipenský <pfilipensky@samba.org>
* BUG 15400: rpcserver no longer accepts double backslash in dfs pathname.
* BUG 15433: cm_prepare_connection() calls close(fd) for the second time.
o Stefan Metzmacher <metze@samba.org>
* BUG 15346: 2-3min delays at reconnect with smb2_validate_sequence_number:
bad message_id 2.
* BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
* BUG 15446: DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed.
o Noel Power <noel.power@suse.com>
* BUG 15390: Python tarfile extraction needs change to avoid a warning
(CVE-2007-4559 mitigation).
* BUG 15435: Regression DFS not working with widelinks = true.
o Arvid Requate <requate@univention.de>
* BUG 9959: Windows client join fails if a second container CN=System exists
somewhere.
o Jones Syue <jonessyue@qnap.com>
* BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
* BUG 15449: mdssvc: Do an early talloc_free() in _mdssvc_open().
--- 9.18.18 released ---
6220. [func] Deprecate the 'dialup' and 'heartbeat-interval'
options. [GL #3700]
6219. [bug] Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
[GL #4032]
6215. [protocol] Return REFUSED to GSS-API TKEY requests if GSS-API
support is not configured. [GL #4225]
6213. [bug] Mark a primary server as temporarily unreachable if the
TCP connection attempt times out. [GL #4215]
6212. [bug] Don't process detach and close netmgr events when
the netmgr has been paused. [GL #4200]
3.1.2 (2023-08-16)
What's Changed
* Rename SSL-VPN *.device parameter values to be more generic by @mkienow-r7
in #559
* Add examples of testing matches by @adfoster-r7 in #557
* Add Paperless-ngx document management system HTML title fingerprint by
@mkienow-r7 in #561
* Add Paperless-ng document management system HTML title fingerprint by
@mkienow-r7 in #562
* Update README.md testing matches to set grep color to never by @mkienow-r7
in #564
* Add FatPipe Networks MPVPN, IPVPN, WARP, SDWAN fingerprints by @mkienow-r7
in #563
* Add Transmission by @jvoisin in #568
* Add 3CX Phone System Management Console favicon fingerprint by @mkienow-r7
in #566
* Add PaperCut MF and NG vendor only fingerprints by @mkienow-r7 in #567
* Add MeterSphere fingerprints by @mkienow-r7 in #569
* Add Apache Superset fingerprints by @mkienow-r7 in #570
* Correct param order in Transmission fingerprint by @mkienow-r7 in #572
* Add Jellyseerr fingerprints by @jvoisin in #565
* Add Sonarr/Radarr/Prowlarr by @jvoisin in #571
* Add fast reverse proxy (frp) fingerprints by @mkienow-r7 in #573
* Correct param order in Sonarr, Radarr, Prowlarr fingerprints by
@mkienow-r7 in #575
* CI Workflow: pin upper JRuby version to 9.4.2 as workaround for test
failures by @mkienow-r7 in #578
* Enhance CPE update script and update CPE values by @mkienow-r7 in #560
* Add Progress MOVEit Transfer fingerprints by @mkienow-r7 in #577
* Add Roundcube Webmail fingerprints by @mkienow-r7 in #580
* Add rubocop to CI by @dwelch-r7 in #579
New Contributors
* @dwelch-r7 made their first contribution in #579
0.0.3 (2023-08-14)
* Land #13, Add github actions and address deprecation warnings
* Land #14, Update Ubuntu version & Ruby setup
* Land #17, Update github actions runner version
* Land #19 , Update gemspec file ignore list
* Land #20, Bump version to 0.0.3
0.0.4 (2023-08-17)
* Land #16, Add custom error class and improve error messages
* Land #21, Add development documentation
* Land #22, Bump version to 0.0.4
upstream change summary:
New features
------------
- set WINS server via interactive service - this adds support for
"dhcp-option WINS 192.0.2.1" for DCO + wintun interfaces where no
DHCP server is used (Github #373).
Wireshark 4.0.8 Release Notes
What’s New
We do not ship official 32-bit Windows packages for Wireshark 4.0 and
later. If you need to use Wireshark on that platform, we recommend
using the latest 3.6 release. Issue 17779[1]
If you’re running Wireshark on macOS and upgraded to macOS 13 from an
earlier version, you might have to open and run the “Uninstall
ChmodBPF” package, then open and run “Install ChmodBPF” in order to
reset the ChmodBPF Launch Daemon. Issue 18734[2].
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2023-23[3] CBOR dissector crash. Issue 19144[4].
• wnpa-sec-2023-24[5] BT SDP dissector infinite loop. Issue
19258[6].
• wnpa-sec-2023-25[7] BT SDP dissector memory leak. Issue 19259[8].
• wnpa-sec-2023-26[9] CP2179 dissector crash. Issue 19229[10].
The following bugs have been fixed:
• TShark cannot capture to pipe on Windows correctly. Issue
17900[11].
• Wireshark wrongly blames group membership when pcap capabilities
are removed. Issue 18279[12].
• Packet bytes window broken layout. Issue 18326[13].
• RTP Player only shows waveform until sequence rollover. Issue
18829[14].
• Valid Ethernet CFM DMM packets are shown as malformed. Issue
19198[15].
• Crash on DICOM Export Objects window close. Issue 19207[16].
• The QUIC dissector is reporting the quic_transport_parameters
max_ack_delay with the title \"GREASE\" Issue 19209[17].
• Preferences: Folder name editing behaves weirdly, cursor jumps.
Issue 19213[18].
• DHCPFO: Expert info list does not show all expert infos. Issue
19216[19].
• Websocket packets not decoded and displayed for Field type=Custom
and Field name websocket.payload.text. Issue 19220[20].
• Cannot read pcapng file captured on OpenBSD and read on FreeBSD.
Issue 19230[21].
• UI: While capturing the Wireshark icon changes from green to blue
when new file is created. Issue 19252[22].
• Conversation: heap-use-after-free after wmem_leave_file_scope.
Issue 19265[23].
• IP Packets with DSCP 44 does not indicate "Voice-Admit" Issue
19270[24].
• NAS 5GS Malformed Packet Decoding SOR transparent container PLMN
ID and access technology list. Issue 19273[25].
• UI: Auto scroll button in the toolbar is turned on when manually
scrolling to the end of packet list. Issue 19274[26].
Changes in version 0.4.8.4 - 2023-08-23
Finally, this is the very first stable release of the 0.4.8.x series making
Proof-of-Work (prop#327) and Conflux (prop#329) available to the entire
network. Some major bugfixes since the release candidate detailed below.
o Major feature (denial of service):
- Extend DoS protection to partially opened channels and known
relays. Because re-entry is not allowed anymore, we can apply DoS
protections onto known IP namely relays. Fixes bug 40821; bugfix
on 0.3.5.1-alpha.
o Major bugfixes (conflux):
- Fix a relay-side crash caused by side effects of the fix for bug
40827. Reverts part of that fix that caused the crash and adds
additional log messages to help find the root cause. Fixes bug
40834; bugfix on 0.4.8.3-rc.
o Major bugfixes (proof of work, onion service, hashx):
- Fix a very rare buffer overflow in hashx, specific to the dynamic
compiler on aarch64 platforms. Fixes bug 40833; bugfix
on 0.4.8.2-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on August 23, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/08/23.
o Minor features (testing):
- All Rust code is now linted (cargo clippy) as part of GitLab CI, and
existing warnings have been fixed. - Any unit tests written in Rust now
run as part of GitLab CI.
o Minor bugfix (FreeBSD, compilation):
- Fix compilation issue on FreeBSD by properly importing
sys/param.h. Fixes bug 40825; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (compression):
- Right after compression/decompression work is done, check for
errors. Before this, we would consider compression bomb before
that and then looking for errors leading to false positive on that
log warning. Fixes bug 40739; bugfix on 0.3.5.1-alpha. Patch
by "cypherpunks".
Changes in version 0.4.8.3-rc - 2023-08-04
This is the first release candidate (and likely the only) of the 0.4.8.x
series. We fixed a major conflux bugfix which was a fatal asserts on the
relay Exit side. See below for more details. Couple minor bugfixes. Until
stable, name of the game here is stabilization.
o Major bugfixes (conflux):
- Fix a relay-side assert crash caused by attempts to use a conflux
circuit between circuit close and free, such that no legs were on
the conflux set. Fixed by nulling out the stream's circuit back-
pointer when the last leg is removed. Additional checks and log
messages have been added to detect other cases. Fixes bug 40827;
bugfix on 0.4.8.1-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on August 04, 2023.
- Regenerate fallback directories generated on July 26, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/07/26.
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/08/04.
o Minor bugfixes (compilation):
- Fix all -Werror=enum-int-mismatch warnings. No behavior change.
Fixes bug 40824; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (protocol warn):
- Wrap a handful of cases where ProtocolWarning logs could emit IP
addresses. Fixes bug 40828; bugfix on 0.3.5.1-alpha.
Changes in version 0.4.8.2-alpha - 2023-07-12
This is our second alpha containing some minor bugfixes and one major bugfix
about L2 vanguard rotation. We believe this will be the last alpha before the
rc in a couple of weeks.
o Major bugfixes (vanguards):
- Rotate to a new L2 vanguard whenever an existing one loses the
Stable or Fast flag. Previously, we would leave these relays in
the L2 vanguard list but never use them, and if all of our
vanguards end up like this we wouldn't have any middle nodes left
to choose from so we would fail to make onion-related circuits.
Fixes bug 40805; bugfix on 0.4.7.1-alpha.
o Minor feature (hs):
- Fix compiler warnings in equix and hashx when building with clang.
Closes ticket 40800.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on July 12, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/07/12.
o Minor bugfix (congestion control):
- Reduce the accepted range of a circuit's negotiated 'cc_sendme_inc'
to be +/- 1 from the consensus parameter value. Fixes bug 40569;
bugfix on 0.4.7.4-alpha.
- Remove unused congestion control algorithms and BDP calculation
code, now that we have settled on and fully tuned Vegas. Fixes bug
40566; bugfix on 0.4.7.4-alpha.
- Update default congestion control parameters to match consensus.
Fixes bug 40709; bugfix on 0.4.7.4-alpha.
o Minor bugfixes (compilation):
- Fix "initializer is not a constant" compilation error that
manifests itself on gcc versions < 8.1 and MSVC. Fixes bug 40773;
bugfix on 0.4.8.1-alpha
o Minor bugfixes (conflux):
- Count leg launch attempts prior to attempting to launch them. This
avoids inifinite launch attempts due to internal circuit building
failures. Additionally, double-check that we have enough exits in
our consensus overall, before attempting to launch conflux sets.
Fixes bug 40811; bugfix on 0.4.8.1-alpha.
- Fix a case where we were resuming reading on edge connections that
were already marked for close. Fixes bug 40801; bugfix
on 0.4.8.1-alpha.
- Fix stream attachment order when creating conflux circuits, so
that stream attachment happens after finishing the full link
handshake, rather than upon set finalization. Fixes bug 40801;
bugfix on 0.4.8.1-alpha.
- Handle legs being closed or destroyed before computing an RTT
(resulting in warns about too many legs). Fixes bug 40810; bugfix
on 0.4.8.1-alpha.
- Remove a "BUG" warning from conflux_pick_first_leg that can be
triggered by broken or malicious clients. Fixes bug 40801; bugfix
on 0.4.8.1-alpha.
o Minor bugfixes (KIST):
- Prevent KISTSchedRunInterval from having values of 0 or 1, neither
of which work properly. Additionally, make a separate
KISTSchedRunIntervalClient parameter, so that the client and relay
KIST values can be set separately. Set the default of both to 2ms.
Fixes bug 40808; bugfix on 0.3.2.1-alpha.
Changes in version 0.4.8.1-alpha - 2023-06-01
This is the first alpha of the 0.4.8.x series. Two major features in this
version which are Conflux and onion service Proof-of-Work (PoW). There are
also many small features in particular, worth noting, the MetricsPort is now
exporting more relay and onion service metrics. Finally, there are
also numerous minor bugfixes included in this version.
o Major features (onion service, proof-of-work):
- Implement proposal 327 (Proof-Of-Work). This is aimed at thwarting
introduction flooding DoS attacks by introducing a dynamic Proof-Of-Work
protocol that occurs over introduction circuits. This introduces several
torrc options prefixed with "HiddenServicePoW" in order to control this
feature. By default, this is disabled. Closes ticket 40634.
o Major features (conflux):
- Implement Proposal 329 (conflux traffic splitting). Conflux splits
traffic across two circuits to Exits that support the protocol.
These circuits are pre-built only, which means that if the pre-
built conflux pool runs out, regular circuits will then be used.
When using conflux circuit pairs, clients choose the lower-latency
circuit to send data to the Exit. When the Exit sends data to the
client, it maximizes throughput, by fully utilizing both circuits
in a multiplexed fashion. Alternatively, clients can request that
the Exit optimize for latency when transmitting to them, by
setting the torrc option 'ConfluxClientUX latency'. Onion services
are not currently supported, but will be in arti. Many other
future optimizations will also be possible using this protocol.
Closes ticket 40593.
o Major features (dirauth):
- Directory authorities and relays now interact properly with
directory authorities if they change addresses. In the past, they
would continue to upload votes, signatures, descriptors, etc to
the hard-coded address in the configuration. Now, if the directory
authority is listed in the consensus at a different address, they
will direct queries to this new address. Implements ticket 40705.
o Minor feature (CI):
- Update CI to use Debian Bullseye for runners.
o Minor feature (client, IPv6):
- Make client able to pick IPv6 relays by default now meaning
ClientUseIPv6 option now defaults to 1. Closes ticket 40785.
o Minor feature (compilation):
- Fix returning something other than "Unknown N/A" as libc version
if we build tor on an O.S. like DragonFlyBSD, FreeBSD, OpenBSD
or NetBSD.
o Minor feature (cpuworker):
- Always use the number of threads for our CPU worker pool to the
number of core available but cap it to a minimum of 2 in case of a
single core. Fixes bug 40713; bugfix on 0.3.5.1-alpha.
o Minor feature (lzma):
- Fix compiler warnings for liblzma >= 5.3.1. Closes ticket 40741.
o Minor feature (MetricsPort, relay):
- Expose time until online keys expires on the MetricsPort. Closes
ticket 40546.
o Minor feature (MetricsPort, relay, onion service):
- Add metrics for the relay side onion service interactions counting
seen cells. Closes ticket 40797. Patch by "friendly73".
o Minor features (directory authorities):
- Directory authorities now include their AuthDirMaxServersPerAddr
config option in the consensus parameter section of their vote.
Now external tools can better predict how they will behave.
Implements ticket 40753.
o Minor features (directory authority):
- Add a new consensus method in which the "published" times on
router entries in a microdesc consensus are all set to a
meaningless fixed date. Doing this will make the download size for
compressed microdesc consensus diffs much smaller. Part of ticket
40130; implements proposal 275.
o Minor features (network documents):
- Clients and relays no longer track the "published on" time
declared for relays in any consensus documents. When reporting
this time on the control port, they instead report a fixed date in
the future. Part of ticket 40130.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on June 01, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/06/01.
o Minor features (hs, metrics):
- Add tor_hs_rend_circ_build_time and tor_hs_intro_circ_build_time
histograms to measure hidden service rend/intro circuit build time
durations. Part of ticket 40757.
o Minor features (metrics):
- Add a `reason` label to the HS error metrics. Closes ticket 40758.
- Add service side metrics for REND and introduction request
failures. Closes ticket 40755.
- Add support for histograms. Part of ticket 40757.
o Minor features (pluggable transports):
- Automatically restart managed Pluggable Transport processes when
their process terminate. Resolves ticket 33669.
o Minor features (portability, compilation):
- Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5
compatibility. Fixes issue 40630; patch by Alex Xu (Hello71).
o Minor features (relay):
- Do not warn about configuration options that may expose a non-
anonymous onion service. Closes ticket 40691.
o Minor features (relays):
- Trigger OOS when bind fails with EADDRINUSE. This improves
fairness when a large number of exit connections are requested,
and properly signals exhaustion to the network. Fixes issue 40597;
patch by Alex Xu (Hello71).
o Minor features (tests):
- Avoid needless key reinitialization with OpenSSL during unit
tests, saving significant time. Patch from Alex Xu.
o Minor bugfix (relay, logging):
- The wrong max queue cell size was used in a protocol warning
logging statement. Fixes bug 40745; bugfix on 0.4.7.1-alpha.
o Minor bugfixes (logging):
- Avoid ""double-quoting"" strings in several log messages. Fixes
bug 22723; bugfix on 0.1.2.2-alpha.
- Correct a log message when cleaning microdescriptors. Fixes bug
40619; bugfix on 0.2.5.4-alpha.
o Minor bugfixes (metrics):
- Decrement hs_intro_established_count on introduction circuit
close. Fixes bug 40751; bugfix on 0.4.7.12.
o Minor bugfixes (pluggable transports, windows):
- Remove a warning `BUG()` that could occur when attempting to
execute a non-existing pluggable transport on Windows. Fixes bug
40596; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (relay):
- Remove a "BUG" warning for an acceptable race between a circuit
close and considering that circuit active. Fixes bug 40647; bugfix
on 0.3.5.1-alpha.
- Remove a harmless "Bug" log message that can happen in
relay_addr_learn_from_dirauth() on relays during startup. Finishes
fixing bug 40231. Fixes bug 40523; bugfix on 0.4.5.4-rc.
o Minor bugfixes (sandbox):
- Allow membarrier for the sandbox. And allow rt_sigprocmask when
compiled with LTTng. Fixes bug 40799; bugfix on 0.3.5.1-alpha.
- Fix sandbox support on AArch64 systems. More "*at" variants of
syscalls are now supported. Signed 32 bit syscall parameters are
checked more precisely, which should lead to lower likelihood of
breakages with future compiler and libc releases. Fixes bug 40599;
bugfix on 0.4.4.3-alpha.
o Minor bugfixes (state file):
- Avoid a segfault if the state file doesn't contains TotalBuildTimes
along CircuitBuildAbandonedCount being above 0. Fixes bug 40437;
bugfix on 0.3.5.1-alpha.
o Removed features:
- Remove the RendPostPeriod option. This was primarily used in
Version 2 Onion Services and after its deprecation isn't needed
anymore. Closes ticket 40431. Patch by Neel Chauhan.
1.8.0
Bug Fixes
Fix ‘Unknown key’ issue for actions and rules parameters
Fix a dnsheader unaligned case
secpoll: explicitly include necessary ctime header for time_t