# CHANGES
libasr 1.0.4
* add definition of MAXDNAME for systems that lack it
* some libc require include of nameser_compat.h for rr types definition
libasr 1.0.3
* add support for edns0 and dnssec
* remove support for HOSTALIASES
* remove support for non-standard [addr]:port syntax for
* nameserver
* remove support for YP
* always reload resolv.conf if pid changed
* various bugfixes and improvements
Changelog:
31.08.2023 Release v2.1.0
* New option --follow-sitemaps
* New option --dane (cert validation via DNS)
* Implement --check-certificate=quiet
* Support proxies on non-default ports
* Added CIDR support for no_proxy (IPv4 and IPv6)
* Improve recursive RSS/Atom processing
* Improve default cert/bundle paths for Windows
* Improve Windows and MSVC compatibility
* Use CONNECT for https_proxy
* Add decoding numeric XML entities
* Improve OpenSSL code
* Improve WolfSSL code
* Improve the progress bar
* New function wget_xml_decode_entities_inline()
* Support compilation of wget.h from C++
* Handle comments in robots.txt correctly
* Fix parsing HTMP/XML entities in URLs from HTML/XML
* Fix use-after-free when updating blacklist entries
* Don't try setting file timestamps on ttys
* Fix arguments parsing for --filter-urls
* Fix removing fragments when converting links
* Fix duplicate downloads for Link headers with rel=duplicate
* Fix segmentation fault (NULL dereference when no HTTP header has been received)
* Change arguments of wget_iri_compare to const
* Fix memory leak in wget_hashmap_clear()
* Extend network error messages with hostname and IP address
* Fix status code for 5xx errors
* Fix issue in wget_buffer_trim()
* Improve tests, documentation, building
Upstream's changelog:
workflow: add libcups2-dev dependency by @rdmark in #335
Correct doc README by @rdmark in #326
Fix all warnings on running bootstrap by @dgsga in #346
bootstrap: Add checks for required packages by @rdmark in #338
Enable compilation on macOS hosts v2 by @dgsga in #349
macros: Use the AC_LANG_SOURCE macro, issue #347 by @rdmark in #351
Remove redundant documentation in conf files; improve man pages, #333 by @rdmark in #334
Use non-interactive PAM session when available by @rdmark in #367
papd: Future-proof CUPS API usage by @rdmark in #373
Update atalkd.service to be consistent with other init scripts. by @rdmark in #372
Adopt downstream Debian patches by @rdmark in #370
Restore tarball distribution of doc/ (GitHub#374) by @rdmark in #375
Regenerate man pages from xml sources by @rdmark in #376
v4.5.5
- BUGFIX: Fix transfer list tab hotkey (thalieht)
- BUGFIX: Don't forget to enable the Apply button in the Options dialog (glassez)
- BUGFIX: Immediately update torrent status on moving files (glassez)
- BUGFIX: Improve performance when scrolling the file list of large torrents (gdim47)
- BUGFIX: Don't operate on random torrents when multiple are selected and a sort/filter is applied (glassez)
- RSS: Fix overwriting feeds.json with an incomplete load of it (Omar Abdul Azeez)
- WINDOWS: Software update check logic is disabled for < Win10 (sledgehammer999)
- WINDOWS: NSIS: Update Turkish and French translations (Burak Yavuz, MarcDrieu)
- WINDOWS: NSIS: Add Romanian translation (rusu-afanasie)
This package provides a plugin for the pytest framework that allows developers
to control unit tests that require access to data from the internet. It was
originally part of the astropy core package, but has been moved to a separate
package in order to be of more general use.
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
This release adds DNS cookies downstream, support to respond with EDE
error codes from cache, NAT64 support, and the capability to use a
socket queue timeout to discard old packets, and other features and bug
fixes.
The downstream DNS server cookies are from RFC7873 and RFC9018, it
is turned on with `answer-cookie: yes`. It generates a random cookie
secret, but for anycast setups the cookie secret can be configured with
`cookie-secret: "128bithex"` with the same value as the other instances.
Non cookie traffic can be disallowed with the `allow_cookie` acl option
for access-control. Queries with valid cookie bypass the ordinary
ratelimit, but a ratelimit can be configured for cookie queries
with `ip-ratelimit-cookie: 100`. The statistics has counters for
`query_cookie_valid` and `query_cookie_client` and
`query_cookie_invalid`.
When queries come in with CD flag, a DNSSEC validation EDE can be
returned, with information regarding a failure. EDE error information
is also stored in the cache with the query responses. There is also EDE
error information stored for the cachedb and the subnetcache.
There is NAT64 support, that is enabled with `do-nat64: yes`. The
NAT64 prefix can be configured too, if not the default
`nat64-prefix: 64:ff9b::0/96`. This is useful for an IPv6 only
host where Unbound is running, so that Unbound can use NAT64 to
connect to IPv4 servers.
The new default for the maximum UDP response size is 1232, with
`max-udp-size: 1232`. This is similar to other resolvers. The new
default is smaller and that makes it harder to get large responses.
Thanks to Xiang Li, from NISL Lab, Tsinghua University.
There is a new option `harden-unknown-additional: yes`. This removes
unknown records from the authority and additional section. This stops
unknown records from being copied from the upstream to the downstream
client, potentially exposing those clients to the extra records. Default
is no, because it could hamper future protocol developments that want to
add records. Thanks to Xiang Li, from NISL Lab, Tsinghua University.
With the `sock-queue-timeout: 3` option kernel timestamps are turned on
for UDP queries, and old packets are dropped. Queries that have waited
in the socket buffer for a long time are then discarded, and is useful
if the host was not running for a while. The statistics has
`num.queries_timed_out` and `query.queue_time_us.max` counters.
The local-zone type `block_a` is for when queries to IPv4 have to be
stopped to force IPv6 usage. It stops type A queries with nodata, and
transparently allows other queries.
The redis server can be contacted over a unix socket with
`redis-server-path: "/var/lib/redis/redis-server.sock"`. The redis
server password can be configured with
`redis-server-password: "password"`.
The number of hashtable collisions is logged in the statistics counters
`msg.cache.max_collisions` and `rrset.cache.max_collisions`. It can be
used to monitor for mistakes where the wrong or same hash value occurs
too frequently.
The repository does not have the bison and flex generated output in it,
so these tools are necessary to compile from a checkout, the tarball
distribution contains pregenerated files and can use either those files
or bison and flex tools on the compile system.
If kernel timestamps are enabled, with the sock-queue-timeout option,
they are also used to set the time for dnstap logs.
There is a yocto compatible init script available in the contrib
directory of the source code, `unbound.init_yocto`.
The number of cachedb hits from cache is output in `num.query.cachedb`.
There is support for the dohpath parameter for the SVCB record type.
Prefetch is supported for subnet cache entries.
Detection of the python paths on the system has been expanded.
Compared to the release candidate rc1, this release has an extra fix to
fix a compile issue on NetBSD.
Features
- Merge #826: #dd a metric about the maximum number of collisions in
lrushah.
- Set max-udp-size default to 1232. This is the same default value as
the default value for edns-buffer-size. It restricts client edns
buffer size choices, and makes unbound behave similar to other DNS
resolvers. The new choice, down from 4096 means it is harder to get
large responses from Unbound. Thanks to Xiang Li, from NISL Lab,
Tsinghua University.
- Add harden-unknown-additional option. It removes
unknown records from the authority section and additional section.
Thanks to Xiang Li, from NISL Lab, Tsinghua University.
- Merge #819: Added new static zone type block_a to suppress all A
queries for specific zones.
- Fix#835: [FR] Ability to use Redis unix sockets.
- Fix#833: [FR] Ability to set the Redis password.
- Merge #882 from vvfedorenko: Features/dropqueuedpackets, with
sock-queue-timeout option that drops packets that have been in the
socket queue for too long. Added statistics num.queries_timed_out
and query.queue_time_us.max that track the socket queue timeouts.
- Merge #722 from David 'eqvinox' Lamparter: NAT64 support.
- Fix#888: [FR] Use kernel timestamps for dnstap.
- Merge #903: contrib: add yocto compatible init script.
- Merge #892: Add cachedb hit stat. Introduces 'num.query.cachedb' as
a new statistical counter.
- Merge #739: Add SVCB dohpath support.
- Merge #802: add validation EDEs to queries where the CD bit is set.
- Merge #664 from tilan7763: Add prefetch support for subnet cache
entries.
- Merge #759 from Tom Carpay: Add EDE (RFC8914) caching.
- Merge #790 from Tom Carpay: Add support for EDE caching in cachedb
and subnetcache.
- Merge PR #762: Downstream DNS Server Cookies a la RFC7873 and
RFC9018. Create server cookies for clients that send client cookies.
This needs to be explicitly turned on in the config file with:
`answer-cookie: yes`. A `cookie-secret:` can be configured for
anycast setups. Without one, a random cookie secret is generated.
The acl option `allow_cookie` allows queries with either a valid
cookie or over a stateful transport. The statistics output has
`queries_cookie_valid` and `queries_cookie_client` and
`queries_cookie_invalid` information. The `ip\-ratelimit\-cookie:`
value determines a rate limit for queries with cookies, if desired.
Bug Fixes
- Fix#823: Response change to NODATA for some ANY queries since
1.12, tested on 1.16.1.
- Fix python module install path detection.
- Fix python version detection in configure.
- Improve documentation for #826, describe the large collisions amount.
- Fix not following cleared RD flags potentially enables amplification
DDoS attacks, reported by Xiang Li and Wei Xu from NISL Lab,
Tsinghua University. The fix stops query loops, by refusing to send
RD=0 queries to a forwarder, they still get answered from cache.
- Set default for harden-unknown-additional to no. So that it does
not hamper future protocol developments.
- Fix test for new default.
- Fix acx_nlnetlabs.m4 for -Wstrict-prototypes.
- Add duration variable for speed_local.test.
- Fix#841: Unbound won't build with aaaa-filter-iterator.patch.
- Fix to ignore entirely empty responses, and try at another authority.
This turns completely empty responses, a type of noerror/nodata into
a servfail, but they do not conform to RFC2308, and the retry can
fetch improved content.
- Fix unit tests for spurious empty messages.
- Fix consistency of unit test without roundrobin answers for the
cnametooptout unit test.
- Fix to git ignore the library symbol file that configure can create.
- Allow TTL refresh of expired error responses.
- Add testcase for refreshing expired error responses.
- Clean up iterator/iterator.c::error_response_cache() and allow for
better interaction with serve-expired, prefetch and cached error
responses.
- Fix#825: Unexpected behavior with client-subnet-always-forward
and serve-expired
- Fix for #852: Completion of error handling.
- Fix unbound-dnstap-socket test program to reply the finish frame
over a TLS connection correctly.
- Fix ssl.h include brackets, instead of quotes.
- Fix#812, fix#846, by using the SSL_OP_IGNORE_UNEXPECTED_EOF option
to ignore the unexpected eof while reading in openssl >= 3.
- iana portlist update.
- Fix issue #851: reserved identifier violation
- Fix issue #676: Unencrypted query is sent when
forward-tls-upstream: yes is used without tls-cert-bundle
- Extra consistency check to make sure that when TLS is requested,
either we set up a TLS connection or we return an error.
- Fix#870: NXDOMAIN instead of NOERROR rcode when asked for existing
CNAME record.
- Fix for #870: Add test case for the qname minimisation and CNAME.
- Fix build badge, from failing travis link to github ci action link.
- Merge #875: change obsolete txt URL in unbound-anchor.c to point
to RFC 7958, and Fix#874.
- Fix for #878: Invalid IP address in unbound.conf causes Segmentation
Fault on OpenBSD.
- Fix for #882: small changes, date updated in Copyright for
util/timeval_func.c and util/timeval_func.h. Man page entries and
example entry.
- Fix for #882: document variable to stop doxygen warning.
- Fix issue #860: Bad interaction with 0 TTL records and serve-expired
- Fix RPZ IP responses with trigger rpz-drop on cache entries, that
they are dropped.
- For #722: minor fixes, formatting, refactoring.
- Fix#885: Error: util/configlexer.c: No such file or directory,
adds error messages explaining to install flex and bison.
- Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h.
- Fix doxygen in addr_to_nat64 header definition.
- Fix warning in windows compile, in set_recvtimestamp.
- Fix to print debug log for ancillary data with correct IP address.
- Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR.
- Fix to remove unused variables from RPZ clientip data structure.
- Fix unbound-dnstap-socket printout when no query is present.
- Fix unbound-dnstap-socket time fraction conversion for printout.
- Merge #896: Fix: #895: pythonmodule: add all site-packages
directories to sys.path.
- Fix#895: python + sysconfig gives ANOTHER path comparing to
distutils.
- Fix for uncertain unit test for doh buffer size events.
- Properly handle all return values of worker_check_request during
early EDE code.
- Do not check the incoming request more than once.
- Fix for issue #887 (Timeouts to forward servers on BSD based
system with ASLR)
- Probably fixes#516 (Stream reuse does not work on Windows) as well
- Remove warning about unknown cast-function-type warning pragma.
- Fix python modules with multiple scripts, by incrementing reference
counts.
- More fixes for reference counting for python module and clean up
failure code.
- Merge #827 from rcmcdonald91: Eliminate unnecessary Python reloading
which causes memory leaks.
- Fix#906: warning: `Py_SetProgramName' is deprecated.
- Fix dereference of NULL variable warning in mesh_do_callback.
- Code cleanup for sldns_str2wire_svcparam_key_lookup.
- For #802: Cleanup comments and add RCODE check for CD bit test case.
- Skip the 00-lint test. splint is not maintained; it either does not
work or produces false positives. Static analysis is handled in the
clang test.
- For #664: Easier code flow for subnetcache prefetching.
- For #664: Add testcase.
- For #664: Rename subnet_prefetch tests to subnet_global_prefetch to
differentiate from the new subnet prefetch support.
- Merge #880 from chipitsine: services/authzone.c: remove redundant
check.
- More clear description of the different auth-zone behaviors on the
man page.
- Merge #909 from headshog: Numeric truncation when parsing TYPEXX and
CLASSXX representation.
- For #909: Fix return values.
- Merge #901 from Sergei Trofimovich: config: improve handling of
unknown modules.
- For #909: Fix RR class comparison.
- Merge #857 from eaglegai: fix potential memory leaks when errors
happen.
- For #857: fix mixed declarations and code.
- Merge #118 from mibere: Changed verbosity level for Redis init &
deinit.
- Merge #390 from Frank Riley: Add missing callbacks to the python
module.
- Cleaner failure code for callback functions in interface.i.
- Merge #889 from borisVanhoof: Free memory in error case + remove
unused function.
- For #889: use netcat-openbsd instead of netcat-traditional.
- For #889: Account for num_detached_states before possible
mesh_state_delete when erroring out.
- Fix unused variable compile warning for kernel timestamps in
netevent.c
- Merge #911 from natalie-reece: Exclude EDE before other EDNS options
when there isn't enough space.
- For #911: Try to trim EXTRA-TEXT (and LDNS_EDE_OTHER options
altogether) before giving up on attaching EDE options.
- More braces and formatting for Fix for EDNS EDE size calculation to
avoid future bugs.
- Fix to use the now cached EDE, if any, for CD_bit queries.
- Fix for EDNS EDE size calculation.
- Move a cache reply callback in worker.c closer to the cache reply
generation.
- Fix regional_alloc_init for potential unaligned source of the copy.
- Fix ip_ratelimit test to work with dig that enables DNS cookies.
- Fix for iter_dec_attempts that could cause a hang, part of
capsforid and qname minimisation, depending on the settings.
- Fix uninitialized memory passed in padding bytes of cmsg to sendmsg.
- Fix stat_values test to work with dig that enables DNS cookies.
- Debug Windows ci workflow.
- Fix windows ci workflow to install bison and flex.
- Fix for #925: unbound.service: Main process exited, code=killed,
status=11/SEGV. Fixes cachedb configuration handling.
- Fix#923: processQueryResponse() THROWAWAY should be mindful of
fail_reply.
- Fix unit test for unbound-control to work when threads are disabled,
and fix cache dump check.
- Fix compile error on NetBSD in util/netevent.h.
Version 1.2 Minor Feature Release
This adds support for IPv6 and fixes a couple of bugs.
Please remember that this project is in sustaining mode only, so some bugs remain unfixed.
libnice 0.1.21 (2023-01-07)
===========================
Only use `ifr_ifindex` if OS supports it, fixes build on iOS and FreeBSD
libnice 0.1.20 (2023-01-06)
===========================
Remove support for GStreamer 0.10 builds
Add macro to check LIBNICE version
Added utility function to get the STUN server from a candidate
Support additional header in built-in HTTP proxy client
Add boxed type for NiceAddress for bindings
Add API to get the interface index for a local address
Explicitly bind to a specific interface when creating UDP sockets
Limit the number of stored incoming checks based on a property
Do asynchronous DNS resolution for STUN and TURN servers
Add introspection friendly API to get an allocated string from a NiceCandidate
Enable gst-full to link in a single element
libnice 0.1.19 (2022-05-03)
===========================
Allow incoming connchecks before remote candidates are set, allows for connection based on received bind requests
Implement RFC 7675 for Consent Freshness
Use a single server reflexive and local relay candidate, reduces useless duplicated local candidates
Improved ICE restart implementation
Use Windows native crypto API, removing the need for OpenSSL
Add bytestream ICE-TCP and improve ICE-TCP
Add API to know if a NiceAddress is link-local
Add API to extact the relay address from a relayed NiceAddress
Improve support for detection addresses on Android, iOS, macOS
A number of bug fixes
libnice 0.1.18 (2020-10-20)
===========================
Remove the autotools build system, now only meson is available
On Windows, use crypto library instead of CryptGenRandom() which is deprecated
On Windows, use GetBestInterfaceEx() for UWP compatibility
On Windows, fix the listing of interfaces to use the correct APIs
On Windows, implement ignoring interfaces
Accept receiving messages in multiple steps over TCP
Accept duplicated ports as last option instead of spinning forever
Use sendmmsg if possible to send multiple packets in one call
Fail gathering if no port is available
Hide the implementation of NiceCandidate, this hides some parts that were previously visible
Enable TURN server connects where both TCP and UDP use the same port number
Don't count rejected STUN messages as keepalive packets
libnice 0.1.17 (2020-05-22)
===========================
Add API to retrieve the underlying BSD sockets
Support systems with multiple loopback devices
Ignore non-running network interfaces
Ignore multiple interface prefixes
Now tries to nominate matching pairs across components and streams
Retry TURN deallocation on timeout, requires not destoying the NiceAgent right after the stream
Use different port for every host candidate
Make timeouts and retransmissions more in line with the RFCs
Find OpenSSL without pkg-config, for Windows
Complete meson support
GLib required version update to 2.54
Removed deprecated GLib APIs
Many ICE compatibility and performance improvements
Many bug fixes
0.12.1 (stable)
===============
- Universal CP:
- Do not crash if a device disappears
- Fix issue with meson 1.2.0
- Translation updates
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gupnp-tools/issues/24
0.12.0 (stable)
===============
Dependency changes:
- GLib required is now 2.68
- GUPnP requirement up to 1.6
- Libsoup requirement up to 3.0
- All
- Port to GUPnP 1.6 and Libsoup3
- Fix inconsistencies regarding action errors
- Use more g_autoptr
- Drop gupnp_get_uuid() where used.
- Translation updates
- Common
- Fix potential NULL pointer dereference
- Use GUPnP utility functions for download of icons
- Universal CP:
- Fix missing icon on download error
- Fix uninitialized out value
- Event Dumper:
- Added new tool for dumping UPnP events on command line
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gupnp-tools/issues/23
Merge requests included in this release:
- https://gitlab.gnome.org/GNOME/gupnp-tools/merge_requests/4
0.14.1 (stable)
- Add utility function to format GDateTime to the iso variant
DIDL expects
0.14.0 (stable)
- Re-tag of 0.13.1 as stable version, no other changes
1.6.5 (stable)
- Fix build with meson 1.2
1.6.4 (stable)
==============
- Keep a weak reference to proxy in action
- Add API to provide HTTP credentials for simple authentication
- Remove xmlRecoverMemory usage
Bugs fixed in this release:
- Fixes: https://gitlab.gnome.org/GNOME/gupnp/-/issues/85
- https://gitlab.gnome.org/GNOME/gupnp/issues/86
1.6.3 (stable)
==============
- Fix handling of deprecated and tentative v6 addresses
- Bump GSSDP minimjal version to 1.6.2
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gupnp/issues/82
- https://gitlab.gnome.org/GNOME/gupnp/issues/83
1.6.2 (stable)
==============
- Add test for issue 81
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gupnp/issues/81
1.6.1 (stable)
==============
- ControlPoint: Fix error handling if description download fails
- Use proper method for detecting IFA_FLAGS availability
- ContextManager: Do not leak filtered contexts
- Network ContextManager: Do not leak list parts of context lists
- Introspection: Properly chain up to parent class
- ContextManager: Fix freeing unavailable contexts
- ControlPoint: Do not leak cancellable
- Service: Fix crash if subscription callback is points unreachable host
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gupnp/issues/80
- https://gitlab.gnome.org/GNOME/gupnp/issues/78
1.6.0 (stable)
==============
- Re-release of 1.5.4, no functional change
1.6.2 (stable)
==============
- Propagate random port up to client, partial fix for GUPnP/81
- Add manpage for sniffer
1.6.1 (stable)
==============
- Potential fix for sending discovery responses with the wrong
location
- Properly parse netlink messages in neighbour discovery
- Do not leak the host mask if it was alreay provided on object client
creation
- Fix install path for generated documentation
- Fix warning message for link-local v4 addresses
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gssdp/issues/22
- https://gitlab.gnome.org/GNOME/gssdp/issues/24
1.6.0 (stable)
==============
- Re-release of 1.5.2 as stable version. No functional changes
Changes since 4.18.5
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 15420: reply_sesssetup_and_X() can dereference uninitialized tmp
pointer.
* BUG 15430: Missing return in reply_exit_done().
o Andrew Bartlett <abartlet@samba.org>
* BUG 15289: post-exec password redaction for samba-tool is more reliable for
fully random passwords as it no longer uses regular expressions
containing the password value itself.
* BUG 9959: Windows client join fails if a second container CN=System exists
somewhere.
o Ralph Boehme <slow@samba.org>
* BUG 15342: Spotlight sometimes returns no results on latest macOS.
* BUG 15417: Renaming results in NT_STATUS_SHARING_VIOLATION if previously
attempted to remove the destination.
* BUG 15427: Spotlight results return wrong date in result list.
o Günther Deschner <gd@samba.org>
* BUG 15414: "net offlinejoin provision" does not work as non-root user.
o Pavel Filipenský <pfilipensky@samba.org>
* BUG 15400: rpcserver no longer accepts double backslash in dfs pathname.
* BUG 15433: cm_prepare_connection() calls close(fd) for the second time.
o Stefan Metzmacher <metze@samba.org>
* BUG 15346: 2-3min delays at reconnect with smb2_validate_sequence_number:
bad message_id 2.
* BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
* BUG 15446: DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed.
o Noel Power <noel.power@suse.com>
* BUG 15390: Python tarfile extraction needs change to avoid a warning
(CVE-2007-4559 mitigation).
* BUG 15435: Regression DFS not working with widelinks = true.
o Arvid Requate <requate@univention.de>
* BUG 9959: Windows client join fails if a second container CN=System exists
somewhere.
o Jones Syue <jonessyue@qnap.com>
* BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
* BUG 15449: mdssvc: Do an early talloc_free() in _mdssvc_open().
--- 9.18.18 released ---
6220. [func] Deprecate the 'dialup' and 'heartbeat-interval'
options. [GL #3700]
6219. [bug] Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
[GL #4032]
6215. [protocol] Return REFUSED to GSS-API TKEY requests if GSS-API
support is not configured. [GL #4225]
6213. [bug] Mark a primary server as temporarily unreachable if the
TCP connection attempt times out. [GL #4215]
6212. [bug] Don't process detach and close netmgr events when
the netmgr has been paused. [GL #4200]
3.1.2 (2023-08-16)
What's Changed
* Rename SSL-VPN *.device parameter values to be more generic by @mkienow-r7
in #559
* Add examples of testing matches by @adfoster-r7 in #557
* Add Paperless-ngx document management system HTML title fingerprint by
@mkienow-r7 in #561
* Add Paperless-ng document management system HTML title fingerprint by
@mkienow-r7 in #562
* Update README.md testing matches to set grep color to never by @mkienow-r7
in #564
* Add FatPipe Networks MPVPN, IPVPN, WARP, SDWAN fingerprints by @mkienow-r7
in #563
* Add Transmission by @jvoisin in #568
* Add 3CX Phone System Management Console favicon fingerprint by @mkienow-r7
in #566
* Add PaperCut MF and NG vendor only fingerprints by @mkienow-r7 in #567
* Add MeterSphere fingerprints by @mkienow-r7 in #569
* Add Apache Superset fingerprints by @mkienow-r7 in #570
* Correct param order in Transmission fingerprint by @mkienow-r7 in #572
* Add Jellyseerr fingerprints by @jvoisin in #565
* Add Sonarr/Radarr/Prowlarr by @jvoisin in #571
* Add fast reverse proxy (frp) fingerprints by @mkienow-r7 in #573
* Correct param order in Sonarr, Radarr, Prowlarr fingerprints by
@mkienow-r7 in #575
* CI Workflow: pin upper JRuby version to 9.4.2 as workaround for test
failures by @mkienow-r7 in #578
* Enhance CPE update script and update CPE values by @mkienow-r7 in #560
* Add Progress MOVEit Transfer fingerprints by @mkienow-r7 in #577
* Add Roundcube Webmail fingerprints by @mkienow-r7 in #580
* Add rubocop to CI by @dwelch-r7 in #579
New Contributors
* @dwelch-r7 made their first contribution in #579
0.0.3 (2023-08-14)
* Land #13, Add github actions and address deprecation warnings
* Land #14, Update Ubuntu version & Ruby setup
* Land #17, Update github actions runner version
* Land #19 , Update gemspec file ignore list
* Land #20, Bump version to 0.0.3
0.0.4 (2023-08-17)
* Land #16, Add custom error class and improve error messages
* Land #21, Add development documentation
* Land #22, Bump version to 0.0.4
upstream change summary:
New features
------------
- set WINS server via interactive service - this adds support for
"dhcp-option WINS 192.0.2.1" for DCO + wintun interfaces where no
DHCP server is used (Github #373).
Wireshark 4.0.8 Release Notes
What’s New
We do not ship official 32-bit Windows packages for Wireshark 4.0 and
later. If you need to use Wireshark on that platform, we recommend
using the latest 3.6 release. Issue 17779[1]
If you’re running Wireshark on macOS and upgraded to macOS 13 from an
earlier version, you might have to open and run the “Uninstall
ChmodBPF” package, then open and run “Install ChmodBPF” in order to
reset the ChmodBPF Launch Daemon. Issue 18734[2].
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2023-23[3] CBOR dissector crash. Issue 19144[4].
• wnpa-sec-2023-24[5] BT SDP dissector infinite loop. Issue
19258[6].
• wnpa-sec-2023-25[7] BT SDP dissector memory leak. Issue 19259[8].
• wnpa-sec-2023-26[9] CP2179 dissector crash. Issue 19229[10].
The following bugs have been fixed:
• TShark cannot capture to pipe on Windows correctly. Issue
17900[11].
• Wireshark wrongly blames group membership when pcap capabilities
are removed. Issue 18279[12].
• Packet bytes window broken layout. Issue 18326[13].
• RTP Player only shows waveform until sequence rollover. Issue
18829[14].
• Valid Ethernet CFM DMM packets are shown as malformed. Issue
19198[15].
• Crash on DICOM Export Objects window close. Issue 19207[16].
• The QUIC dissector is reporting the quic_transport_parameters
max_ack_delay with the title \"GREASE\" Issue 19209[17].
• Preferences: Folder name editing behaves weirdly, cursor jumps.
Issue 19213[18].
• DHCPFO: Expert info list does not show all expert infos. Issue
19216[19].
• Websocket packets not decoded and displayed for Field type=Custom
and Field name websocket.payload.text. Issue 19220[20].
• Cannot read pcapng file captured on OpenBSD and read on FreeBSD.
Issue 19230[21].
• UI: While capturing the Wireshark icon changes from green to blue
when new file is created. Issue 19252[22].
• Conversation: heap-use-after-free after wmem_leave_file_scope.
Issue 19265[23].
• IP Packets with DSCP 44 does not indicate "Voice-Admit" Issue
19270[24].
• NAS 5GS Malformed Packet Decoding SOR transparent container PLMN
ID and access technology list. Issue 19273[25].
• UI: Auto scroll button in the toolbar is turned on when manually
scrolling to the end of packet list. Issue 19274[26].
Changes in version 0.4.8.4 - 2023-08-23
Finally, this is the very first stable release of the 0.4.8.x series making
Proof-of-Work (prop#327) and Conflux (prop#329) available to the entire
network. Some major bugfixes since the release candidate detailed below.
o Major feature (denial of service):
- Extend DoS protection to partially opened channels and known
relays. Because re-entry is not allowed anymore, we can apply DoS
protections onto known IP namely relays. Fixes bug 40821; bugfix
on 0.3.5.1-alpha.
o Major bugfixes (conflux):
- Fix a relay-side crash caused by side effects of the fix for bug
40827. Reverts part of that fix that caused the crash and adds
additional log messages to help find the root cause. Fixes bug
40834; bugfix on 0.4.8.3-rc.
o Major bugfixes (proof of work, onion service, hashx):
- Fix a very rare buffer overflow in hashx, specific to the dynamic
compiler on aarch64 platforms. Fixes bug 40833; bugfix
on 0.4.8.2-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on August 23, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/08/23.
o Minor features (testing):
- All Rust code is now linted (cargo clippy) as part of GitLab CI, and
existing warnings have been fixed. - Any unit tests written in Rust now
run as part of GitLab CI.
o Minor bugfix (FreeBSD, compilation):
- Fix compilation issue on FreeBSD by properly importing
sys/param.h. Fixes bug 40825; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (compression):
- Right after compression/decompression work is done, check for
errors. Before this, we would consider compression bomb before
that and then looking for errors leading to false positive on that
log warning. Fixes bug 40739; bugfix on 0.3.5.1-alpha. Patch
by "cypherpunks".
Changes in version 0.4.8.3-rc - 2023-08-04
This is the first release candidate (and likely the only) of the 0.4.8.x
series. We fixed a major conflux bugfix which was a fatal asserts on the
relay Exit side. See below for more details. Couple minor bugfixes. Until
stable, name of the game here is stabilization.
o Major bugfixes (conflux):
- Fix a relay-side assert crash caused by attempts to use a conflux
circuit between circuit close and free, such that no legs were on
the conflux set. Fixed by nulling out the stream's circuit back-
pointer when the last leg is removed. Additional checks and log
messages have been added to detect other cases. Fixes bug 40827;
bugfix on 0.4.8.1-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on August 04, 2023.
- Regenerate fallback directories generated on July 26, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/07/26.
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/08/04.
o Minor bugfixes (compilation):
- Fix all -Werror=enum-int-mismatch warnings. No behavior change.
Fixes bug 40824; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (protocol warn):
- Wrap a handful of cases where ProtocolWarning logs could emit IP
addresses. Fixes bug 40828; bugfix on 0.3.5.1-alpha.
Changes in version 0.4.8.2-alpha - 2023-07-12
This is our second alpha containing some minor bugfixes and one major bugfix
about L2 vanguard rotation. We believe this will be the last alpha before the
rc in a couple of weeks.
o Major bugfixes (vanguards):
- Rotate to a new L2 vanguard whenever an existing one loses the
Stable or Fast flag. Previously, we would leave these relays in
the L2 vanguard list but never use them, and if all of our
vanguards end up like this we wouldn't have any middle nodes left
to choose from so we would fail to make onion-related circuits.
Fixes bug 40805; bugfix on 0.4.7.1-alpha.
o Minor feature (hs):
- Fix compiler warnings in equix and hashx when building with clang.
Closes ticket 40800.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on July 12, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/07/12.
o Minor bugfix (congestion control):
- Reduce the accepted range of a circuit's negotiated 'cc_sendme_inc'
to be +/- 1 from the consensus parameter value. Fixes bug 40569;
bugfix on 0.4.7.4-alpha.
- Remove unused congestion control algorithms and BDP calculation
code, now that we have settled on and fully tuned Vegas. Fixes bug
40566; bugfix on 0.4.7.4-alpha.
- Update default congestion control parameters to match consensus.
Fixes bug 40709; bugfix on 0.4.7.4-alpha.
o Minor bugfixes (compilation):
- Fix "initializer is not a constant" compilation error that
manifests itself on gcc versions < 8.1 and MSVC. Fixes bug 40773;
bugfix on 0.4.8.1-alpha
o Minor bugfixes (conflux):
- Count leg launch attempts prior to attempting to launch them. This
avoids inifinite launch attempts due to internal circuit building
failures. Additionally, double-check that we have enough exits in
our consensus overall, before attempting to launch conflux sets.
Fixes bug 40811; bugfix on 0.4.8.1-alpha.
- Fix a case where we were resuming reading on edge connections that
were already marked for close. Fixes bug 40801; bugfix
on 0.4.8.1-alpha.
- Fix stream attachment order when creating conflux circuits, so
that stream attachment happens after finishing the full link
handshake, rather than upon set finalization. Fixes bug 40801;
bugfix on 0.4.8.1-alpha.
- Handle legs being closed or destroyed before computing an RTT
(resulting in warns about too many legs). Fixes bug 40810; bugfix
on 0.4.8.1-alpha.
- Remove a "BUG" warning from conflux_pick_first_leg that can be
triggered by broken or malicious clients. Fixes bug 40801; bugfix
on 0.4.8.1-alpha.
o Minor bugfixes (KIST):
- Prevent KISTSchedRunInterval from having values of 0 or 1, neither
of which work properly. Additionally, make a separate
KISTSchedRunIntervalClient parameter, so that the client and relay
KIST values can be set separately. Set the default of both to 2ms.
Fixes bug 40808; bugfix on 0.3.2.1-alpha.
Changes in version 0.4.8.1-alpha - 2023-06-01
This is the first alpha of the 0.4.8.x series. Two major features in this
version which are Conflux and onion service Proof-of-Work (PoW). There are
also many small features in particular, worth noting, the MetricsPort is now
exporting more relay and onion service metrics. Finally, there are
also numerous minor bugfixes included in this version.
o Major features (onion service, proof-of-work):
- Implement proposal 327 (Proof-Of-Work). This is aimed at thwarting
introduction flooding DoS attacks by introducing a dynamic Proof-Of-Work
protocol that occurs over introduction circuits. This introduces several
torrc options prefixed with "HiddenServicePoW" in order to control this
feature. By default, this is disabled. Closes ticket 40634.
o Major features (conflux):
- Implement Proposal 329 (conflux traffic splitting). Conflux splits
traffic across two circuits to Exits that support the protocol.
These circuits are pre-built only, which means that if the pre-
built conflux pool runs out, regular circuits will then be used.
When using conflux circuit pairs, clients choose the lower-latency
circuit to send data to the Exit. When the Exit sends data to the
client, it maximizes throughput, by fully utilizing both circuits
in a multiplexed fashion. Alternatively, clients can request that
the Exit optimize for latency when transmitting to them, by
setting the torrc option 'ConfluxClientUX latency'. Onion services
are not currently supported, but will be in arti. Many other
future optimizations will also be possible using this protocol.
Closes ticket 40593.
o Major features (dirauth):
- Directory authorities and relays now interact properly with
directory authorities if they change addresses. In the past, they
would continue to upload votes, signatures, descriptors, etc to
the hard-coded address in the configuration. Now, if the directory
authority is listed in the consensus at a different address, they
will direct queries to this new address. Implements ticket 40705.
o Minor feature (CI):
- Update CI to use Debian Bullseye for runners.
o Minor feature (client, IPv6):
- Make client able to pick IPv6 relays by default now meaning
ClientUseIPv6 option now defaults to 1. Closes ticket 40785.
o Minor feature (compilation):
- Fix returning something other than "Unknown N/A" as libc version
if we build tor on an O.S. like DragonFlyBSD, FreeBSD, OpenBSD
or NetBSD.
o Minor feature (cpuworker):
- Always use the number of threads for our CPU worker pool to the
number of core available but cap it to a minimum of 2 in case of a
single core. Fixes bug 40713; bugfix on 0.3.5.1-alpha.
o Minor feature (lzma):
- Fix compiler warnings for liblzma >= 5.3.1. Closes ticket 40741.
o Minor feature (MetricsPort, relay):
- Expose time until online keys expires on the MetricsPort. Closes
ticket 40546.
o Minor feature (MetricsPort, relay, onion service):
- Add metrics for the relay side onion service interactions counting
seen cells. Closes ticket 40797. Patch by "friendly73".
o Minor features (directory authorities):
- Directory authorities now include their AuthDirMaxServersPerAddr
config option in the consensus parameter section of their vote.
Now external tools can better predict how they will behave.
Implements ticket 40753.
o Minor features (directory authority):
- Add a new consensus method in which the "published" times on
router entries in a microdesc consensus are all set to a
meaningless fixed date. Doing this will make the download size for
compressed microdesc consensus diffs much smaller. Part of ticket
40130; implements proposal 275.
o Minor features (network documents):
- Clients and relays no longer track the "published on" time
declared for relays in any consensus documents. When reporting
this time on the control port, they instead report a fixed date in
the future. Part of ticket 40130.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on June 01, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/06/01.
o Minor features (hs, metrics):
- Add tor_hs_rend_circ_build_time and tor_hs_intro_circ_build_time
histograms to measure hidden service rend/intro circuit build time
durations. Part of ticket 40757.
o Minor features (metrics):
- Add a `reason` label to the HS error metrics. Closes ticket 40758.
- Add service side metrics for REND and introduction request
failures. Closes ticket 40755.
- Add support for histograms. Part of ticket 40757.
o Minor features (pluggable transports):
- Automatically restart managed Pluggable Transport processes when
their process terminate. Resolves ticket 33669.
o Minor features (portability, compilation):
- Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5
compatibility. Fixes issue 40630; patch by Alex Xu (Hello71).
o Minor features (relay):
- Do not warn about configuration options that may expose a non-
anonymous onion service. Closes ticket 40691.
o Minor features (relays):
- Trigger OOS when bind fails with EADDRINUSE. This improves
fairness when a large number of exit connections are requested,
and properly signals exhaustion to the network. Fixes issue 40597;
patch by Alex Xu (Hello71).
o Minor features (tests):
- Avoid needless key reinitialization with OpenSSL during unit
tests, saving significant time. Patch from Alex Xu.
o Minor bugfix (relay, logging):
- The wrong max queue cell size was used in a protocol warning
logging statement. Fixes bug 40745; bugfix on 0.4.7.1-alpha.
o Minor bugfixes (logging):
- Avoid ""double-quoting"" strings in several log messages. Fixes
bug 22723; bugfix on 0.1.2.2-alpha.
- Correct a log message when cleaning microdescriptors. Fixes bug
40619; bugfix on 0.2.5.4-alpha.
o Minor bugfixes (metrics):
- Decrement hs_intro_established_count on introduction circuit
close. Fixes bug 40751; bugfix on 0.4.7.12.
o Minor bugfixes (pluggable transports, windows):
- Remove a warning `BUG()` that could occur when attempting to
execute a non-existing pluggable transport on Windows. Fixes bug
40596; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (relay):
- Remove a "BUG" warning for an acceptable race between a circuit
close and considering that circuit active. Fixes bug 40647; bugfix
on 0.3.5.1-alpha.
- Remove a harmless "Bug" log message that can happen in
relay_addr_learn_from_dirauth() on relays during startup. Finishes
fixing bug 40231. Fixes bug 40523; bugfix on 0.4.5.4-rc.
o Minor bugfixes (sandbox):
- Allow membarrier for the sandbox. And allow rt_sigprocmask when
compiled with LTTng. Fixes bug 40799; bugfix on 0.3.5.1-alpha.
- Fix sandbox support on AArch64 systems. More "*at" variants of
syscalls are now supported. Signed 32 bit syscall parameters are
checked more precisely, which should lead to lower likelihood of
breakages with future compiler and libc releases. Fixes bug 40599;
bugfix on 0.4.4.3-alpha.
o Minor bugfixes (state file):
- Avoid a segfault if the state file doesn't contains TotalBuildTimes
along CircuitBuildAbandonedCount being above 0. Fixes bug 40437;
bugfix on 0.3.5.1-alpha.
o Removed features:
- Remove the RendPostPeriod option. This was primarily used in
Version 2 Onion Services and after its deprecation isn't needed
anymore. Closes ticket 40431. Patch by Neel Chauhan.
1.8.0
Bug Fixes
Fix ‘Unknown key’ issue for actions and rules parameters
Fix a dnsheader unaligned case
secpoll: explicitly include necessary ctime header for time_t
Stern allows you to tail multiple pods on Kubernetes and multiple
containers within the pod. Each result is color coded for quicker
debugging.
The query is a regular expression or a Kubernetes resource in the form
<resource>/<name> so the pod name can easily be filtered and you don't
need to specify the exact id (for instance omitting the deployment id).
If a pod is deleted it gets removed from tail and if a new pod is added
it automatically gets tailed.
When a pod contains multiple containers Stern can tail all of them too
without having to do this manually for each one. Simply specify the
container flag to limit what containers to show. By default all
containers are listened to.
Packaged in pkgsrc-wip by myself.
A tldr client written in Rust.
tlrc can be customized with a toml configuration file.
To generate a default config file, run:
tldr --gen-config > $(tldr --config-path)
pkgsrc changes:
- Remove patch-sysutils.c, patch-xio-openssl.c, patch-xio-socket.c: applied
upstream
Changes:
1.7.4.4
=======
Corrections:
- In error.c msg2() there was a stack overflow on long messages: The
terminating \0 Byte was written behind the last position.
Thanks to Martin Liška for sending the address sanitizer report.
- UDP-RECVFROM with fork sometimes terminated when multiple packets
arrived. This issue was introduced with a bug fix in version 1.7.4.0.
Reason was not handling EAGAIN on recvmsg().
Thanks to Jamie McQuillan for reporting this issue.
- Address TCP with options connect-timeout and retry terminated
immediately when a connection attempt failed on network error or
connection refused.
Test: TCP_TIMEOUT_RETRY
Thanks to Kamil Holubicki for reporting this issue.
- There were a couple of weaknesses and errors when accessing invalid or
incompatible file system entries with UNIX domain, file, and generic
addresses.
For example, UNIX-CONNECT, when using a non matching socktype, failed
with -1 and did not print an error message, instead of printing an
error message and exiting with rc=1.
Thanks to Paul Wise for reporting and analyzing the case of accessing
a left over socket entry with GOPEN.
- The rawer option failed because it tried to clear CREAD.
- UDP-SEND and UPD-SENDTO with option lowport always bound to port 1
instead of a free port in range 640..1023
- Fixed bad parser error message on "socat /tmp/x\"x/x -"
- Tightened syntax checks to detect numerical arguments that are missing
or have trailing garbage.
- ctype(3) functions need there arguments to be unsigned char.
Thanks to Taylor R Campbell for sending a patch.
- Filan library uses Socats diag/error message system and therefore had
always the signal handler messages socket pair open. This fix avoids
this socketpair in standalone Filan.
- Corrected printf format for type socklen_t in two places.
Porting:
- OpenSSL, at least 1.1 on Ubuntu, crashed with SIGSEGV under certain
conditions: client connection to server with certificate with empty
subject, and pressing ^C after successful connect.
This crash is now prevented by setting OPENSSL_INIT_NO_ATEXIT.
Thanks to Martin Dorey for reporting and analyzing this issue, and for
providing an environment for reproduction.
- Socat failed to compile on platforms that have
IP_ADD_SOURCE_MEMBERSHIP but not struct ip_mreq_source
Thanks to Justin Yackoski for sending a patch.
- configure.ac's detection of getprotobynumber_r() variant did not
recognize if this function does not exist, e.g. on Musl libc.
Thanks to Alexander Kanavin and Baruch Siach for sending patches.
- Corrected message format when no strftime() is available; improved
handling of very long host or program names
- Solaris requires that termios options are always applied to the slave
side of PTY.
- Fixed ancillary messages on Solaris.
- Filan: Solaris has the open file path infos in /proc/<pid>/path/
Thanks to Andy Fiddaman to directing me to the patch.
- Filan now recognizes and prints Solaris doors and event ports.
- Solaris derivatives no longer need librt for clock_gettime()
Thanks to Andy Fiddaman to directing me to the patch.
Building:
- Failure during building documentation, e.g. due to missing Yodl
packages, now does not let the build process fail.
Feature requested by Seyhun.
Features:
- Filan prints target of symlink when appropriate
- VSOCK-LISTEN now generates environment variables SOCAT_PEERADDR,
SOCAT_PEERPORT, SOCAT_SOCKADDR, SOCAT_SOCKPORT
New address aliases VSOCK, VSOCK-L
Documentation:
- Fixed typo in doc/socat-tun.html and link in README.
Thanks to William Suthers for reporting.
- Fixed hard coded path in docu examples.
Thanks to Jakub Wilk for sending a patch.
- Updated doc/socat-openssltunnel.html: 2048 bits, commonname
Testing:
- Unset SOCAT_MAIN_WAIT on informational Socat calls
- SOCAT=socat used ./socat instead of the version derived by $PATH
- Do not try VSOCK_ECHO test when feature is not compiled in.
- Fixed logging of test 220 TUNINTERFACE
Musl libc refuses to execve() shell scripts, 2 tests needed to be
adapted.
- Musl libc has FOPEN_MAX=1000 which made bash dumping core on test
EXCEED_FOPEN_MAX.
- Added tests for failures of UNIX socket and GOPEN accesses to non
matching file system entries.
- On RHEL-9 SCTP support requires installation of package
kernel-modules-extra. test.sh now detects when SCTP is missing in
kernel and reacts with warnings instead of errors.
- VSOCK loopback still does not seem to work even in kernel 5.13, so just
issue warning on "No such device".
Changes:
GitHub CLI 2.32.1
-----------------
- Bug fixes
GitHub CLI 2.32.0
-----------------
## gh ruleset
Repository Rulesets are in beta on git hub dot com and they are now
also in beta on git hub sea ell eye. You can list, view, and check
branches against rulesets set at the repository or organization level.
Major shoutouts to @vaindil for this big contribution]. My favorite
command in here is `gh rs check <branch>` which will tell you what
rules would apply to a hypothetical branch name. To learn more, run `gh
help ruleset`.
## gh cache
`gh cache` is a new top level command in our suite of support for
Actions. It lets you list and delete caches saved in Actions.
- Minor improvements
- Bug fixes
GitHub CLI 2.31.0
-----------------
- New suite of `project` commands for interacting with and manipulating projects.
- New `search code` command
- New `cs view` command
- Minor improvements
- Bug fixes
High-level C binding for ZeroMQ. czmq is trying to create shorter and
more readable applications by wrapping the ZeroMQ core API in better
semantics. It also tries to hide the differences between versions of
ZeroMQ as far as possible.
3.14.0 - 13/08/2023
Added
New way to invoke Lexicon as a library: lexicon.client.Client becomes a context manager. When invoked with the with keyword, it will provide an operation object that embeds the target provider fully authenticated (authenticate method called on the Provider). This operation object gives access to four methods: create_record, update_record, delete_record and list_records. These methods can be invoked instead of the old execute method to execute a specific action on the DNS zone. In this case, type, name, content fields do not need to be set in the config anymore, since they are passed directly as arguments to the new methods. Upon context manager closing, the cleanup method defined in the Provider is ensured to be called. See the README file of the project for an example of how to use this new approach.
Python warnings are emitted from the code to alert about the deprecations listed below.
Modified
Former NAMESERVER_DOMAIN variable and provider_parser function that had to be defined in each provider module are respectively migrated to get_nameservers and configure_parser static methods in each Provider class. They are defined as abstract in the interface and must be implemented in the concrete classes.
Former private methods _create_record, _modify_record, _delete_record and _list_records are migrated to their public counterpart create_record, modify_record, delete_record and list_records in each Provider class. These are the new abstract methods for each action that need to be implemented.
Method lexicon.client.Client.execute is deprecated and will be removed in Lexicon 4.
Package lexicon.providers, containing the actual provider implementations, is migrated to lexicon._private.providers. The provider implementations are not supposed to be used directly, please use lexicon.client.Client instead with the new methods described above. Package lexicon.providers stubs to lexicon._private.providers to ease the migration path, but it is deprecated and will be removed in Lexicon 4.
Module lexicon.providers.base, that contains the Provider interface to implement, is migrated to module lexicon.interfaces. Module lexicon.providers.base stubs to lexicon.interfaces to ease the migration path, but it is deprecated and will be removed in Lexicon 4.
Modules lexicon.cli, lexicon.parser and lexicon.discovery are migrated to the private package lexicon._private as they are not part of the public API. Old modules stubs to the new modules in the private package lexicon._private to ease the migration path, but it is deprecated and will be removed in Lexicon 4.
Update documentation, in particular the developer guide, to take into account the new architecture of the code to implement a new Provider.
Functional codebase in /lexicon folder is moved in /src/lexicon folder to comply with modern Python project layouts. Tests are migrated to /tests folder.
Removed
Drop support for Python 3.7
6.8p1 - New release based on OpenBSD 6.8
* The ntpd daemon now gets and sets the clock in a secure way when booting
even when a battery-backed clock is absent.
* Improvements in DNS resolving and constraints checking, especially during
startup. Unreliable NTP peers are removed from the pool and DNS resolving
is repeated to add replacements.
* Improved reliability and security of TLS constraint checking.
* Improved logging of failure cases.
* Prevent the case of multiple ntpds running at once by checking presence
of the local control socket.
* TLS certificates are now searched in TLS_CA_CERT_FILE.
* The default ntpd.conf configuration file now uses 9.9.9.9 and
2620:fe::fe, in addition to google.com, when performing time constraint
validation.
* Improved handling unsynched mode when there is no replies from an NTP
server, such as when there are network connectivity issues.
* To build OpenNTPD with time constraint support, libtls from LibreSSL
3.2.2 or later are recommended. LibreSSL 3.2.2 and later include a
self-contained libtls, which allows OpenNTPD to work with constraints
even on systems even where libcrypto and libssl are not from LibreSSL.
6.2p3 - Bug fixes
* Fixed build on OS X
6.2p2 - Bug fixes
* Fixed support for 'query from' and clarified usage.
6.2p1 - New release based on OpenBSD 6.2
* Added option "query from <ip>" to ntpd.conf, to specify a local IP
address for outgoing NTP queries.
6.1p1 - New release based on OpenBSD 6.1
* Quieted warnings about constraint connection retries.
* Implemented fork+exec for ntpd child processes.
* Added imsg inter-process reliability fixes.
* Fixed memory leaks and reduced heap memory usage.
* Numerous logging improvements and additions.
* Added macOS 10.12 getentropy support.
* Fixed arc4random blacklist use native implementations where
possible.
v0.74.0 (2023-08-04)
Feature
* Speed up unpacking text records in ServiceInfo
Fix
* Remove typing on reset_ttl for cython compat
v0.73.0 (2023-08-03)
Feature
* Add a cache to service_type_name
v0.72.3 (2023-08-03)
Fix
* Revert adding typing to DNSRecord.suppressed_by
v0.72.2 (2023-08-03)
Fix
* Revert DNSIncoming cimport in _dns.pxd
v0.72.1 (2023-08-03)
Fix
* Race with InvalidStateError when async_request times out
v0.72.0 (2023-08-02)
Feature
* Speed up processing incoming records
v0.71.5 (2023-08-02)
Fix
* Improve performance of ServiceInfo.async_request
v0.71.4 (2023-07-24)
Fix
* Cleanup naming from previous refactoring in ServiceInfo
v0.71.3 (2023-07-23)
Fix
* Pin python-semantic-release to fix release process
v0.71.2 (2023-07-23)
Fix
* No change re-release to fix wheel builds
v0.71.1 (2023-07-23)
Fix
* Add missing if TYPE_CHECKING guard to generate_service_query
v0.71.0 (2023-07-08)
Feature
* Improve incoming data processing performance
v0.70.0 (2023-07-02)
Feature
* Add support for sending to a specific `addr` and `port` with `ServiceInfo.async_request` and `ServiceInfo.request`
2.1.0
Add -m flag to enforce cache-miss
Add -r flag to clear RD flag (disable recursion)
Bump dependency versions to latest
Remove support for python 3.4 - 3.6
Other minor quality of life improvements
2.4.2
Async queries could wait forever instead of respecting the timeout if the timeout was 0 and a packet was lost. The timeout is now respected.
Restore HTTP/2 support which was accidentally broken during the https refactoring done as part of 2.4.0.
When an inception time and lifetime are specified, the signer now sets the expiration to the inception time plus lifetime, instead of the current time plus the lifetime.
2.8.2
- DOC: ssl: Fix typo in 'ocsp-update' option
- DOC: ssl: Add ocsp-update troubleshooting clues and emphasize on crt-list only aspect
- BUG/MINOR: tcp_sample: bc_{dst,src} return IP not INT
- BUG/MINOR: cache: A 'max-age=0' cache-control directive can be overriden by a s-maxage
- BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv()
- BUG/MINOR: http_ext: unhandled ERR_ABORT in proxy_http_parse_7239()
- BUG/MINOR: sink: missing sft free in sink_deinit()
- BUG/MINOR: ring: size warning incorrectly reported as fatal error
- BUG/MINOR: ring: maxlen warning reported as alert
- BUG/MINOR: log: LF upsets maxlen for UDP targets
- MINOR: sink/api: pass explicit maxlen parameter to sink_write()
- BUG/MEDIUM: log: improper use of logsrv->maxlen for buffer targets
- BUG/MINOR: log: fix missing name error message in cfg_parse_log_forward()
- BUG/MINOR: log: fix multiple error paths in cfg_parse_log_forward()
- BUG/MINOR: log: free errmsg on error in cfg_parse_log_forward()
- BUG/MINOR: sink: invalid sft free in sink_deinit()
- BUG/MINOR: sink: fix errors handling in cfg_post_parse_ring()
- BUG/MINOR: server: set rid default value in new_server()
- MINOR: hlua_fcn/mailers: handle timeout mail from mailers section
- BUG/MINOR: sink/log: properly deinit srv in sink_new_from_logsrv()
- EXAMPLES: maintain haproxy 2.8 retrocompatibility for lua mailers script
- BUG/MINOR: hlua_fcn/queue: use atomic load to fetch queue size
- BUG/MINOR: config: Remove final '\n' in error messages
- BUG/MEDIUM: quic: token IV was not computed using a strong secret
- BUG/MINOR: quic: retry token remove one useless intermediate expand
- BUG/MEDIUM: quic: missing check of dcid for init pkt including a token
- BUG/MEDIUM: quic: timestamp shared in token was using internal time clock
- CLEANUP: quic: remove useless parameter 'key' from quic_packet_encrypt
- BUG/MINOR: hlua: hlua_yieldk ctx argument should support pointers
- BUG/MEDIUM: hlua_fcn/queue: bad pop_wait sequencing
- DOC: config: Fix fc_src description to state the source address is returned
- BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters
- BUG/MINOR: http: Return the right reason for 302
- CI: add naming convention documentation
- CI: explicitely highlight VTest result section if there's something
- BUILD: quic: fix warning during compilation using gcc-6.5
- BUG/MINOR: hlua: add check for lua_newstate
- BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses
- MINOR: cpuset: add cpu_map_configured() to know if a cpu-map was found
- BUG/MINOR: config: do not detect NUMA topology when cpu-map is configured
- BUG/MINOR: cpuset: remove the bogus "proc" from the cpu_map struct
- BUG/MINOR: init: set process' affinity even in foreground
- BUG/MINOR: server: Don't warn on server resolution failure with init-addr none
- BUG/MINOR: quic: Missing parentheses around PTO probe variable.
- BUG/MINOR: server-state: Ignore empty files
- BUG/MINOR: server-state: Avoid warning on 'file not found'
- BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary
- MINOR: quic: Make ->set_encryption_secrets() be callable two times
- MINOR: quic: Useless call to SSL_CTX_set_quic_method()
- BUG/MINOR: ssl: OCSP callback only registered for first SSL_CTX
- BUG/MEDIUM: h3: Properly report a C-L header was found to the HTX start-line
- DOC: configuration: describe Td in Timing events
- BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full
- BUG/MEDIUM: h3: Be sure to handle fin bit on the last DATA frame
- BUG/MEDIUM: bwlim: Reset analyse expiration date when then channel analyse ends
- BUG/MEDIUM: quic: consume contig space on requeue datagram
- BUG/MINOR: http-client: Don't forget to commit changes on HTX message
- BUG/MINOR: quic: reappend rxbuf buffer on fake dgram alloc error
- BUILD: quic: fix wrong potential NULL dereference
- BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement
- REORG: http: move has_forbidden_char() from h2.c to http.h
- BUG/MAJOR: h3: reject header values containing invalid chars
- BUG/MAJOR: http: reject any empty content-length header value
- MINOR: ist: add new function ist_find_range() to find a character range
- MINOR: http: add new function http_path_has_forbidden_char()
- MINOR: h2: pass accept-invalid-http-request down the request parser
- REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests
- BUG/MINOR: h1: do not accept '#' as part of the URI component
- BUG/MINOR: h2: reject more chars from the :path pseudo header
- BUG/MINOR: h3: reject more chars from the :path pseudo header
- REGTESTS: http-rules: verify that we block '#' by default for normalize-uri
- DOC: clarify the handling of URL fragments in requests
- BUG/MINOR: http: skip leading zeroes in content-length values
[1.2.2] - 2023-08-08
- Added option to set different shades of color gradients for each of the
available themes
- Added new application themes: Dracula, Gruvbox, Nord, and Solarized
- Other aesthetic improvements (see #119 for more info):
- redesigned page tabs
- highlighted headings with different colors
- simplified scrollables style
- improvements to Deep Sea and Mon Amour color palettes
- Added Finnish translation 🇫🇮
- Added support for --help and --version command line arguments
- Migrated to Iced 0.10, that is now able to select the graphical renderer at
runtime: a fallback one (tiny-skia) will be used in case the default one
(wgpu) crashes
- Added app id in order to correctly show the icon and app name on Linux
Wayland (fixes#292)
- Restructured issue templates to let users open issues in a more efficient and
effective way
- Updated French translation to v1.2
- Color palettes in settings page are now built as Rule widgets, without
involving the use of external SVGs anymore
- Fixed alt+tab shortcut — fixes#262
- Fixed problem that didn't allow opening links and the report file on
operating systems different from Windows, macOS, and Linux
- Use scrollable to make active filters visible when the selected adapter name
is long (overview page)
- Ensure no colored pixel is shown if the respective packets or bytes number
is zero
- Minor fix to Chinese translation
WebSocket++/0.8.2
This is a bug fix patch that fixes a major issue affecting compatibility with newer versions of the Asio library (including the one bundled in Boost 1.70 and higher). It also includes some documentation, cmake, and OpenSSL compatibility fixes.
WebSocket++/0.8.1
This is a bug fix patch to fix a major test suite regression introduced in 0.8.0 and adjust installation behavior to make downstream packaging easier.
pkgsrc changes:
* update MESSAGE
(mikutter-plugins-twitter will soon to be removed due to API EOL)
Upstream changes:
https://mikutter.hatenablog.com/entry/2023/08/06/004104
mikutter 5.0.5
* use gtk3 4.1.7
* thanks Izumi Tsutsui
* update icon for social.mikutter.hachune.net
* thanks Izumi Tsutsui
* fix non-working function to delay retry period on reconnecting to
mastodon streaming APIs
* thanks ahiru
s3cmd-2.3.0 - 2022-10-03
===============
* Added "getnotification", "setnotification", and "delnotification" commands for notification policies (hrchu)
* Added support for AWS_STS_REGIONAL_ENDPOINTS
* Added ConnectionRefused [111] exit code to handle connection errors (Salar Nosrati-Ershad)
* Added support for IMDSv2. Should work automatically on ec2 (Anthony Foiani)
* Added --list-allow-unordered to list objects unordered. Only supported by Ceph based s3-compatible services
* Fixed --exclude dir behavior for python >= 3.6 (Daniil Tararukhin)
* Fixed Cloudfront invalidate retry issue (Yuan-Hsiang Lee)
* Fixed 0 byte cache files crashing s3cmd
* Fixed --continue behavior for the "get" command
* Fixed unicode issue with fixbucket
* Fixed CannotSendRequest and ConnectionRefusedError errors at startup
* Fixed error reporting for object info when the object does not exist
* Fixed "setup.py test" to do nothing to avoid failure that could be problematic for distribution packaging
* Improved expire command to use Rule/Filter/Prefix for LifecycleConfiguration
* Improved PASS/CHECK/INCLUDE/EXCLUDE debug log messages
* Improved setup.py with python 3.9 and 3.10 support info(Ori Avtalion)
* Many other bug fixes
s3cmd-2.2.0 - 2021-09-27
===============
* Added support for metadata modification of files bigger than 5 GiB
* Added support for remote copy of files bigger than 5 GiB using MultiPart copy (Damian Martinez, Florent Viard)
* Added progress info output for multipart copy and current-total info in output for cp, mv and modify
* Added support for all special/foreign character names in object names to cp/mv/modify
* Added support for SSL authentication (Aleksandr Chazov)
* Added the http error 429 to the list of retryable errors
* Added support for listing and resuming of multipart uploads of more than 1000 parts
* Added time based expiration for idle pool connections in order to avoid random broken pipe errors
* Added support for STS webidentity authentication (ie AssumeRole and AssumeRoleWithWebIdentity) (Samskeyti, Florent Viard)
* Added support for custom headers to the mb command
* Improved MultiPart copy to preserve acl and metadata of objects
* Improved the server errors catching and reporting for cp/mv/modify commands
* Improved resiliency against servers sending garbage responses
* Improved remote copy to have consistent copy of metadata in all cases: multipart or not, aws or not
* Improved security by revoking public-write acl when private acl is set
* Improved speed when running on an EC2 instance
* Reduced connection_max_age to 5s to avoid broken pipes as AWS closes https conns after around 6s
* Ensure that KeyboardInterrupt are always properly raised
* Changed sized of multipart copy chunks to 1 GiB
* Fixed ValueError when using more than one ":" inside add_header in config file
* Fixed extra label issue when stdin used as source of a MultiPart upload
* Fixed remote copy to allow changing the mime-type (ie content-type) of the new object
* Fixed remote_copy to ensure that meta-s3cmd-attrs will be set based on the real source and not on the copy source
* Fixed deprecation warnings due to invalid escape sequences (Karthikeyan Singaravelan)
* Fixed getbucketinfo that was broken when the bucket lifecycle uses the filter element (Liu Lan)
* Fixed RestoreRequest XML namespace URL
* Fixed PARTIAL exit code that was not properly set when needed for object_get
* Fixed a possible inifinite loop when a file is truncated during hashsum or upload
* Fixed report_exception wrong error when LANG env var was not set
* Fixed wrong wiki url in error messages (Alec Barrett)
* Py3: Fixed an AttributeError when using the "files-from" option
* Py3: Fixed compatibility issues due to the removal of getchildren() from ElementTree in python 3.9
* Py3: Fixed compatibility issues due to the removal of encodestring() in python 3.9
* Fixed a crash when the AWS_ACCESS_KEY env var is set but not AWS_SECRET_KEY
* Cleanup of check_md5 (Riccardo Magliocchetti)
* Removed legacy code for dreamhost that should be necessary anymore
* Migrated CI tests to use github actions (Arnaud Jaffre)
* Improved README with a link to INSTALL.md (Sia Karamalegos)
* Improved help content (Dmitrii Korostelev, Roland Van Laar)
* Improvements for setup and build configurations
* Many other bug fixes
s3cmd-2.1.0 - 2020-04-07
===============
* Changed size reporting using k instead of K as it a multiple of 1024
* Added "public_url_use_https" config to generate public url using https
* Added option to make connection pooling configurable and improvements (Arto Jantunen)
* Added support for path-style bucket access to signurl (Zac Medico)
* Added docker configuration and help to run test cases with multiple Python versions (Doug Crozier)
* Relaxed limitation on special chars for --add-header key names
* Fixed all regions that were automatically converted to lower case (Harshavardhana)
* Fixed size and alignment of DU and LS output reporting
* Fixes for SignatureDoesNotMatch error when host port 80 or 443 is specified, due to stupid servers
* Fixed the useless retries of requests that fail because of ssl cert checks
* Fixed a possible crash when a file disappears during cache generation
* Fixed unicode issues with IAM
* Fixed unicode errors with bucked Policy/CORS requests
* Fixed unicode issues when loading aws_credential_file
* Fixed an issue with the tenant feature of CephRGW. Url encode bucket_name for path-style requests
* Fixed signature v2 always used when bucket_name had special chars
* Allow to use signature v4 only, even for commands without buckets specified
* Fixed small open file descriptor leaks.
* Py3: Fixed hash-bang in headers to not force using python2 when setup/s3cmd/run-test scripts are executed directly.
* Py3: Fixed unicode issues with Cloudfront
* Py3: Fixed http.client.RemoteDisconnected errors
* Py3: Fixed 'dictionary changed size during iteration' error when using a cache-file
* Py3: Fixed the display of file sizes (Vlad Presnyak)
* Py3: Python 3.8 compatibility fixes (Konstantin Shalygin)
* Py2: Fixed unicode errors sometimes crashing remote2remote sync
* Added s3cmd.egg-info to .gitignore (Philip Dubé)
* Improved run-test script to not use hard-coded bucket names
* Renamed INSTALL to INSTALL.md and improvements (Nitro, Prabhakar Gupta)
* Improved the restore command help (Hrchu)
* Updated the storage-class command help with the recent aws s3 classes
* Fixed typo in the --continue-put help message (Pengyu Chen)
* Fixed typo
* Improvements for setup and build configurations
* Many other bug fixes
s3cmd-2.0.2 - 2018-07-15
===============
* Fixed unexpected timeouts encountered during requests or transfers due to AWS strange connection short timeouts
* Fixed a throttle issue slowing down too much transfers in some cases
* Added support for $AWS_PROFILE
* Added clarification comment for the socket_timeout configuration value OS limit
* Avoid distutils usage at runtime (Matthias Klose)
* Python 2 compatibility: Fixed import error of which with fallback code (Gianfranco Costamagna)
* Fixed Python 3 bytes string encoding when getting IAM credentials (Alexander Allakhverdiyev)
* Fixed handling of config tri-state bool values (like acl_public) (Brian C. Lane)
* Fixed V2 signature when restore command is used (Jan Kasiak)
* Fixed setting full_control on objects with public read access (Matthew Vernon)
* Fixed a bug when only one path is supplied with Cloudfront. (Mikael Svensson)
* Fixed signature errors with 'modify' requests (Radek Simko)
* Fixed - Fix setacl command exception (Robert Moucha)
* Fixed error reporting if deleting a source object failed after a move
* Many other bug fixes
Important info: AWS S3 doesn't allow anymore uppercases and underscores in bucket names since march 1, 2018
s3cmd-2.0.1 - 2017-10-21
===============
* Support for Python 3 is now stable
* Fixed signature issues due to upper cases in hostname
* Improved support for Minio Azure gateway (Julien Maitrehenry, Harshavardhana)
* Added signurl_use_https option to use https prefix for signurl (Julien Recurt)
* Fixed a lot of remaining issues and regressions for Python 3
* Fixed --configure option with Python 3
* Fixed non string cmdline parameters being ignored
* Windows support fixes
* Don't force anymore to have a / on last parameter for the "modify" command
* Removed the python3 support warning
* Detect and report error 403 in getpolicy for info command
* Added a specific error message when getting policy by non owner
* Many other bug fixes
s3cmd-2.0.0 - 2017-06-26
===============
* Added support for Python 3 (Shaform, Florent Viard)
* Added getlifecycle command (Daniel Gryniewicz)
* Added --cf-inval for invalidating multiple CF distributions (Joe Mifsud)
* Added --limit to "ls" and "la" commands to return the specified number of objects (Masashi Ozawa)
* Added --token-refresh and --no-token-refresh and get the access token from the environment (Marco Jakob)
* Added --restore-priority and --restore-days for S3 Glacier (Robert Palmer)
* Fixed requester pays header with HEAD requests (Christian Rodriguez)
* Don't allow mv/cp of multiple files to single file (Guy Gur-Ari)
* Generalize wildcard certificate forgiveness (Mark Titorenko)
* Multiple fixes for SSL connections and proxies
* Added support for HTTP 100-CONTINUE
* Fixes for s3-like servers
* Big cleanup and many unicode fixes
* Many other bug fixes
1.5.2 (2023-07-30)
- FIX: Add missing pip dependency
- MAINT: Feat/dependabot
- FIX: Health endpoint usage is missing.
- MAINT: Bump waitress from 1.4.4 to 2.1.2 in /docker
- MAINT: update docs folder
- MAINT: Update README.rst and config.py
- MAINT: add help output for `run` and `update` to README
- MAINT: Update README to reflect run/update commands
- MAINT: Upgrade to psf/black stable style 2023
- MAINT: disable tests on Python3.6
- FIX: explicit optional types in `config.py`
- ENH: 🩺 allow customized health check endpoint
- FIX: correct 1.5.1 tag date in CHANGES
- MAINT: from importlib import reload for Python 3
- FIX: force setuptools update + no duplicate runs in GH Actions
- MAINT: Support current versions of CPython
- MAINT: Upgrade GitHub Actions:
Qt 6.5.2 release is a patch release made on the top of Qt 6.5.1.
As a patch release, Qt 6.5.2 does not add any new functionality but provides
bug fixes and other improvements and maintains both forward and backward
compatibility (source and binary) with Qt 6.5.1.
https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.5.2/release-note.md
C++03 due to failing to build with a C++14 default compiler
with FORCE_CXX_STD instead of USE_LANGUAGES.
(Third round: packages missed due to stderr from cvs overwriting less)
4.1.13
General:
* The ISO-regions introduced in 4.1.12 are now locked behind an environment variable: `MOTO_ENABLE_ISO_REGIONS`
* General performance improvements in the URL matching logic - especially `mock_all` users should notice improvements
New Methods:
* APIGatewayV2:
* create_stage()
* delete_stage()
* get_stage()
* get_stages()
* CloudFront:
* create_origin_access_control()
* delete_origin_access_control()
* get_origin_access_control()
* list_origin_access_controls()
* update_origin_access_control()
* Lambda:
* list_aliases()
* Logs:
* delete_destination()
* describe_destinations()
* get_destination()
* put_destination()
* put_destination_policy()
* Route53:
* get_health_check_status()
* SSM:
* deregister_task_from_maintenance_window()
* describe_maintenance_window_tasks()
* register_task_with_maintenance_window()
Miscellaneous:
* Batch: create_compute_environment() now validates instanceRole and minvCpu
* CloudFront: create_distribution() now correctly handles a single alias
* CloudFront - CustomOrigins now have default timeouts if not supplied
* DynamoDB: delete_item() now throws the correct error when the table is not found
* EC2: describe_security_group_rules() now returns the GroupId
* ECR: create_repository() now validates the repositoryName-parameter
* Lambda: create_function() now returns the ImageConfigResponse and EphemeralStorage parameters
* IOTData: publish() can now handle non-Unicode bytes
* RDS: Automated snapshots now have the appropriate SnapshotType
* Route53: create_hosted_zone() now returns the Location
* Scheduler: get_schedule() now returns the CreationDate and LastModificationDate
* SecretsManager: delete_secret() now throws an error when setting the Recovery to 0 days
* StepFunctions: start_execution() now validates the name-length
0.23.2
------
> This release is the last to support Python 3.7
* Updated dependency to urllib3>=2 and requests>=2.30.0.
* Fixed issue when custom adapters were sending only positional args.
* Expose `unbound_on_send` method in `RequestsMock` class. This method returns new function
that is called by `RequestsMock` instead of original `send` method defined by any adapter.
RabbitMQ 3.12.2
Core Server
Enhancements
Free disk space monitor on Windows is now more selective in what errors are
logged.
Bug Fixes
Queue recovery on node restart in certain conditions could run into an exception
file_handle_cache operations are now safer when handling non-existent keys.
Fixed a potential resource leak in at-least-once dead lettering from quorum queues.
CLI Tools
Enhancements
A new command, rabbitmqctl deactivate_free_disk_space_monitoring, can be used to (temporarily or permanently) disable
free disk space monitoring on a node.
To re-activate it, use rabbitmqctl activate_free_disk_space_monitoring.
AMQP 1.0 Plugin
Bug Fixes
AMQP 1.0 clients that try to publish in a way that results in the message not being routed
anywhere are now notified with a more sensible settlement status.
Prometheus Plugin
Enhancements
Prometheus scraping API endpoints now support optional authentication.
The plugin now filters out values that are undefined or NaN, simply excluding
them from the API endpoint response.
Previously, if a metric was not computed for any reason (e.g. free disk space monitor
was disabled on the node), its value could end up being rendered as undefined or NaN,
two values that Prometheus scrapers cannot handle (for numerical types such as gauges).
Management Plugin
Bug Fixes
It was not possible to close a table column selection pane on
screens that had little vertical space.
STOMP Plugin
Bug Fixes
This is a potentially breaking change.
The plugin will now enforce maximum STOMP frame size. Frames larger than that
size will be rejected. The default maximum size is 4 MiB. It can be increased or decreased:
# increase maximum supported STOMP frame size to 10 MiB
stomp.max_frame_size = 10485760
To reduce it from the default 4 MiB to 2 MiB:
# 2 MiB
stomp.max_frame_size = 2097152
Shovel Plugin
Bug Fixes
Shovel will gracefully stop when its destination (target) does not exist.
Such shovels will then be periodically restarted to retry.
Web MQTT Plugin
Enhacements
It is now possible to opt in to deactivate file handle cache use in the plugin:
web_mqtt.use_file_handle_cache = false
Web STOMP Plugin
Enhacements
It is now possible to opt in to deactivate file handle cache use in the plugin:
web_stomp.use_file_handle_cache = false
Dependency Upgrades
ra was upgraded to 2.6.3
- update icon for social.mikutter.hachune.net (#1590)
- fix non-working function to delay retry period on reconnecting to
mastodon streaming APIs (#1591)
Bump PKGREVISION.
23.7.0 (2023-07-11)
===================
Features
--------
- Add preliminary support for Python 3.12, using greenlet 3.0a1. This
is somewhat tricky to build from source at this time, and there is
one known issue: On Python 3.12b3, dumping tracebacks of greenlets
is not available.
:issue:`1969`.
- Update the bundled c-ares version to 1.19.1.
See :issue:`1947`.
Bugfixes
--------
- Fix an edge case connecting a non-blocking ``SSLSocket`` that could result
in an AttributeError. In a change to match the standard library,
calling ``sock.connect_ex()`` on a subclass of ``socket`` no longer
calls the subclass's ``connect`` method.
Initial fix by Priyankar Jain.
See :issue:`1932`.
- Make gevent's ``FileObjectThread`` (mostly used on Windows) implement
``readinto`` cooperatively. PR by Kirill Smelkov.
See :issue:`1948`.
- Work around an ``AttributeError`` during cyclic garbage collection
when Python finalizers (``__del__`` and the like) attempt to use
gevent APIs. This is not a recommended practice, and it is unclear if
catching this ``AttributeError`` will fix any problems or just shift
them. (If we could determine the root situation that results in this
cycle, we might be able to solve it.)
See :issue:`1961`.
Deprecations and Removals
-------------------------
- Remove support for obsolete Python versions. This is everything prior
to 3.8.
Related changes include:
- Stop using ``pkg_resources`` to find entry points (plugins).
Instead, use ``importlib.metadata``.
- Honor ``sys.unraisablehook`` when a callback function produces an
exception, and handling the exception in the hub *also* produces an
exception. In older versions, these would be simply printed.
- ``setup.py`` no longer includes the ``setup_requires`` keyword.
Installation with a tool that understands ``pyproject.toml`` is
recommended.
- The bundled tblib has been updated to version 2.0.
1.29.8
======
* api-change:``codecatalyst``: This release adds support for updating and deleting spaces and projects in Amazon CodeCatalyst. It also adds support for creating, getting, and deleting source repositories in CodeCatalyst projects.
* api-change:``connectcases``: This release adds the ability to assign a case to a queue or user.
* api-change:``lexv2-models``: Update lexv2-models command to latest version
* api-change:``route53resolver``: This release adds support for Route 53 On Outposts, a new feature that allows customers to run Route 53 Resolver and Resolver endpoints locally on their Outposts.
* api-change:``s3``: Improve performance of S3 clients by simplifying and optimizing endpoint resolution.
* api-change:``sagemaker-featurestore-runtime``: Cross account support for SageMaker Feature Store
* api-change:``sagemaker``: Cross account support for SageMaker Feature Store
* api-change:``securitylake``: Adding support for Tags on Create and Resource Tagging API.
* api-change:``transcribe``: Added API argument --toxicity-detection to startTranscriptionJob API, which allows users to view toxicity scores of submitted audio.
1.29.7
======
* api-change:``savingsplans``: Savings Plans endpoints update
1.29.6
======
* api-change:``cloudformation``: SDK and documentation updates for GetTemplateSummary API (unrecognized resources)
* api-change:``ec2``: Amazon EC2 documentation updates.
* api-change:``grafana``: Amazon Managed Grafana now supports grafanaVersion update for existing workspaces with UpdateWorkspaceConfiguration API. DescribeWorkspaceConfiguration API additionally returns grafanaVersion. A new ListVersions API lists available versions or, if given a workspaceId, the versions it can upgrade to.
* api-change:``medical-imaging``: General Availability (GA) release of AWS Health Imaging, enabling customers to store, transform, and analyze medical imaging data at petabyte-scale.
* api-change:``ram``: This release adds support for securely sharing with AWS service principals.
* api-change:``ssm-sap``: Added support for SAP Hana High Availability discovery (primary and secondary nodes) and Backint agent installation with SSM for SAP.
* api-change:``wafv2``: Added the URI path to the custom aggregation keys that you can specify for a rate-based rule.
1.29.5
======
* api-change:``codeguru-security``: Documentation updates for CodeGuru Security.
* api-change:``connect``: GetMetricDataV2 API: Update to include Contact Lens Conversational Analytics Metrics
* api-change:``es``: Regex Validation on the ElasticSearch Engine Version attribute
* api-change:``lexv2-models``: Update lexv2-models command to latest version
* api-change:``m2``: Allows UpdateEnvironment to update the environment to 0 host capacity. New GetSignedBluinsightsUrl API
* api-change:``snowball``: Adds support for RACK_5U_C. This is the first AWS Snow Family device designed to meet U.S. Military Ruggedization Standards (MIL-STD-810H) with 208 vCPU device in a portable, compact 5U, half-rack width form-factor.
* api-change:``translate``: Added DOCX word document support to TranslateDocument API
1.29.4
======
* enhancement:dependency: Support PyYAML 6.0
* api-change:``codeartifact``: Doc only update for AWS CodeArtifact
* api-change:``docdb``: Added major version upgrade option in ModifyDBCluster API
* api-change:``ec2``: Add Nitro TPM support on DescribeInstanceTypes
* api-change:``glue``: Adding new supported permission type flags to get-unfiltered endpoints that callers may pass to indicate support for enforcing Lake Formation fine-grained access control on nested column attributes.
* api-change:``ivs``: This release provides the flexibility to configure what renditions or thumbnail qualities to record when creating recording configuration.
* api-change:``lakeformation``: Adds supports for ReadOnlyAdmins and AllowFullTableExternalDataAccess. Adds NESTED_PERMISSION and NESTED_CELL_PERMISSION to SUPPORTED_PERMISSION_TYPES enum. Adds CREATE_LF_TAG on catalog resource and ALTER, DROP, and GRANT_WITH_LF_TAG_EXPRESSION on LF Tag resource.
1.29.3
======
* api-change:``cognito-idp``: API model updated in Amazon Cognito
* api-change:``connect``: Add support for deleting Queues and Routing Profiles.
* api-change:``datasync``: Added LunCount to the response object of DescribeStorageSystemResourcesResponse, LunCount represents the number of LUNs on a storage system resource.
* api-change:``dms``: Enhanced PostgreSQL target endpoint settings for providing Babelfish support.
* api-change:``ec2``: This release adds support for the C7gn and Hpc7g instances. C7gn instances are powered by AWS Graviton3 processors and the fifth-generation AWS Nitro Cards. Hpc7g instances are powered by AWS Graviton 3E processors and provide up to 200 Gbps network bandwidth.
* api-change:``fsx``: Amazon FSx for NetApp ONTAP now supports SnapLock, an ONTAP feature that enables you to protect your files in a volume by transitioning them to a write once, read many (WORM) state.
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``mediatailor``: Adds categories to MediaTailor channel assembly alerts
* api-change:``personalize``: This release provides ability to customers to change schema associated with their datasets in Amazon Personalize
* api-change:``proton``: This release adds support for deployment history for Proton provisioned resources
* api-change:``s3``: S3 Inventory now supports Object Access Control List and Object Owner as available object metadata fields in inventory reports.
* api-change:``sagemaker``: Amazon SageMaker Canvas adds WorkspeceSettings support for CanvasAppSettings
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
1.29.2
======
* api-change:``cognito-idp``: API model updated in Amazon Cognito
1.29.1
======
* api-change:``dms``: Releasing DMS Serverless. Adding support for PostgreSQL 15.x as source and target endpoint. Adding support for DocDB Elastic Clusters with sharded collections, PostgreSQL datatype mapping customization and disabling hostname validation of the certificate authority in Kafka endpoint settings
* api-change:``glue``: This release enables customers to create new Apache Iceberg tables and associated metadata in Amazon S3 by using native AWS Glue CreateTable operation.
* api-change:``logs``: Add CMK encryption support for CloudWatch Logs Insights query result data
* api-change:``medialive``: This release enables the use of Thumbnails in AWS Elemental MediaLive.
* api-change:``mediatailor``: The AWS Elemental MediaTailor SDK for Channel Assembly has added support for EXT-X-CUE-OUT and EXT-X-CUE-IN tags to specify ad breaks in HLS outputs, including support for EXT-OATCLS, EXT-X-ASSET, and EXT-X-CUE-OUT-CONT accessory tags.
1.29.0
======
* api-change:``ec2``: Add Nitro Enclaves support on DescribeInstanceTypes
* api-change:``location``: This release adds support for authenticating with Amazon Location Service's Places & Routes APIs with an API Key. Also, with this release developers can publish tracked device position updates to Amazon EventBridge.
* api-change:``outposts``: Added paginator support to several APIs. Added the ISOLATED enum value to AssetState.
* api-change:``quicksight``: This release includes below three changes: small multiples axes improvement, field based coloring, removed required trait from Aggregation function for TopBottomFilter.
* api-change:``rds``: Updates Amazon RDS documentation for creating DB instances and creating Aurora global clusters.
* feature:configuration: Configure the endpoint URL in the shared configuration file or via an environment variable for a specific AWS service or all AWS services.
1.28.8
======
* api-change:``codecatalyst``: [``botocore``] This release adds support for updating and deleting spaces and projects in Amazon CodeCatalyst. It also adds support for creating, getting, and deleting source repositories in CodeCatalyst projects.
* api-change:``connectcases``: [``botocore``] This release adds the ability to assign a case to a queue or user.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``route53resolver``: [``botocore``] This release adds support for Route 53 On Outposts, a new feature that allows customers to run Route 53 Resolver and Resolver endpoints locally on their Outposts.
* api-change:``s3``: [``botocore``] Improve performance of S3 clients by simplifying and optimizing endpoint resolution.
* api-change:``sagemaker-featurestore-runtime``: [``botocore``] Cross account support for SageMaker Feature Store
* api-change:``sagemaker``: [``botocore``] Cross account support for SageMaker Feature Store
* api-change:``securitylake``: [``botocore``] Adding support for Tags on Create and Resource Tagging API.
* api-change:``transcribe``: [``botocore``] Added API argument --toxicity-detection to startTranscriptionJob API, which allows users to view toxicity scores of submitted audio.
1.28.7
======
* enhancement:AWSCRT: [``botocore``] Upgrade awscrt version to 0.16.26
* api-change:``savingsplans``: [``botocore``] Savings Plans endpoints update
1.28.6
======
* api-change:``cloudformation``: [``botocore``] SDK and documentation updates for GetTemplateSummary API (unrecognized resources)
* api-change:``ec2``: [``botocore``] Amazon EC2 documentation updates.
* api-change:``grafana``: [``botocore``] Amazon Managed Grafana now supports grafanaVersion update for existing workspaces with UpdateWorkspaceConfiguration API. DescribeWorkspaceConfiguration API additionally returns grafanaVersion. A new ListVersions API lists available versions or, if given a workspaceId, the versions it can upgrade to.
* api-change:``medical-imaging``: [``botocore``] General Availability (GA) release of AWS Health Imaging, enabling customers to store, transform, and analyze medical imaging data at petabyte-scale.
* api-change:``ram``: [``botocore``] This release adds support for securely sharing with AWS service principals.
* api-change:``ssm-sap``: [``botocore``] Added support for SAP Hana High Availability discovery (primary and secondary nodes) and Backint agent installation with SSM for SAP.
* api-change:``wafv2``: [``botocore``] Added the URI path to the custom aggregation keys that you can specify for a rate-based rule.
1.28.5
======
* api-change:``codeguru-security``: [``botocore``] Documentation updates for CodeGuru Security.
* api-change:``connect``: [``botocore``] GetMetricDataV2 API: Update to include Contact Lens Conversational Analytics Metrics
* api-change:``es``: [``botocore``] Regex Validation on the ElasticSearch Engine Version attribute
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``m2``: [``botocore``] Allows UpdateEnvironment to update the environment to 0 host capacity. New GetSignedBluinsightsUrl API
* api-change:``snowball``: [``botocore``] Adds support for RACK_5U_C. This is the first AWS Snow Family device designed to meet U.S. Military Ruggedization Standards (MIL-STD-810H) with 208 vCPU device in a portable, compact 5U, half-rack width form-factor.
* api-change:``translate``: [``botocore``] Added DOCX word document support to TranslateDocument API
1.28.4
======
* api-change:``codeartifact``: [``botocore``] Doc only update for AWS CodeArtifact
* api-change:``docdb``: [``botocore``] Added major version upgrade option in ModifyDBCluster API
* api-change:``ec2``: [``botocore``] Add Nitro TPM support on DescribeInstanceTypes
* api-change:``glue``: [``botocore``] Adding new supported permission type flags to get-unfiltered endpoints that callers may pass to indicate support for enforcing Lake Formation fine-grained access control on nested column attributes.
* api-change:``ivs``: [``botocore``] This release provides the flexibility to configure what renditions or thumbnail qualities to record when creating recording configuration.
* api-change:``lakeformation``: [``botocore``] Adds supports for ReadOnlyAdmins and AllowFullTableExternalDataAccess. Adds NESTED_PERMISSION and NESTED_CELL_PERMISSION to SUPPORTED_PERMISSION_TYPES enum. Adds CREATE_LF_TAG on catalog resource and ALTER, DROP, and GRANT_WITH_LF_TAG_EXPRESSION on LF Tag resource.
1.28.3
======
* api-change:``cognito-idp``: [``botocore``] API model updated in Amazon Cognito
* api-change:``connect``: [``botocore``] Add support for deleting Queues and Routing Profiles.
* api-change:``datasync``: [``botocore``] Added LunCount to the response object of DescribeStorageSystemResourcesResponse, LunCount represents the number of LUNs on a storage system resource.
* api-change:``dms``: [``botocore``] Enhanced PostgreSQL target endpoint settings for providing Babelfish support.
* api-change:``ec2``: [``botocore``] This release adds support for the C7gn and Hpc7g instances. C7gn instances are powered by AWS Graviton3 processors and the fifth-generation AWS Nitro Cards. Hpc7g instances are powered by AWS Graviton 3E processors and provide up to 200 Gbps network bandwidth.
* api-change:``fsx``: [``botocore``] Amazon FSx for NetApp ONTAP now supports SnapLock, an ONTAP feature that enables you to protect your files in a volume by transitioning them to a write once, read many (WORM) state.
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``mediatailor``: [``botocore``] Adds categories to MediaTailor channel assembly alerts
* api-change:``personalize``: [``botocore``] This release provides ability to customers to change schema associated with their datasets in Amazon Personalize
* api-change:``proton``: [``botocore``] This release adds support for deployment history for Proton provisioned resources
* api-change:``s3``: [``botocore``] S3 Inventory now supports Object Access Control List and Object Owner as available object metadata fields in inventory reports.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Canvas adds WorkspeceSettings support for CanvasAppSettings
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
1.28.2
======
* bugfix:s3: [``botocore``] Fix s3 presigned URLs for operations with query components
* api-change:``cognito-idp``: [``botocore``] API model updated in Amazon Cognito
1.28.1
======
* api-change:``dms``: [``botocore``] Releasing DMS Serverless. Adding support for PostgreSQL 15.x as source and target endpoint. Adding support for DocDB Elastic Clusters with sharded collections, PostgreSQL datatype mapping customization and disabling hostname validation of the certificate authority in Kafka endpoint settings
* api-change:``glue``: [``botocore``] This release enables customers to create new Apache Iceberg tables and associated metadata in Amazon S3 by using native AWS Glue CreateTable operation.
* api-change:``logs``: [``botocore``] Add CMK encryption support for CloudWatch Logs Insights query result data
* api-change:``medialive``: [``botocore``] This release enables the use of Thumbnails in AWS Elemental MediaLive.
* api-change:``mediatailor``: [``botocore``] The AWS Elemental MediaTailor SDK for Channel Assembly has added support for EXT-X-CUE-OUT and EXT-X-CUE-IN tags to specify ad breaks in HLS outputs, including support for EXT-OATCLS, EXT-X-ASSET, and EXT-X-CUE-OUT-CONT accessory tags.
1.28.0
======
* enhancement:configprovider: [``botocore``] Always use shallow copy of session config value store for clients
* feature:configuration: [``botocore``] Configure the endpoint URL in the shared configuration file or via an environment variable for a specific AWS service or all AWS services.
* bugfix:configprovider: [``botocore``] Fix bug when deep copying config value store where overrides were not preserved
* api-change:``ec2``: [``botocore``] Add Nitro Enclaves support on DescribeInstanceTypes
* api-change:``location``: [``botocore``] This release adds support for authenticating with Amazon Location Service's Places & Routes APIs with an API Key. Also, with this release developers can publish tracked device position updates to Amazon EventBridge.
* api-change:``outposts``: [``botocore``] Added paginator support to several APIs. Added the ISOLATED enum value to AssetState.
* api-change:``quicksight``: [``botocore``] This release includes below three changes: small multiples axes improvement, field based coloring, removed required trait from Aggregation function for TopBottomFilter.
* api-change:``rds``: [``botocore``] Updates Amazon RDS documentation for creating DB instances and creating Aurora global clusters.
1.31.8
======
* api-change:``codecatalyst``: This release adds support for updating and deleting spaces and projects in Amazon CodeCatalyst. It also adds support for creating, getting, and deleting source repositories in CodeCatalyst projects.
* api-change:``connectcases``: This release adds the ability to assign a case to a queue or user.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``route53resolver``: This release adds support for Route 53 On Outposts, a new feature that allows customers to run Route 53 Resolver and Resolver endpoints locally on their Outposts.
* api-change:``s3``: Improve performance of S3 clients by simplifying and optimizing endpoint resolution.
* api-change:``sagemaker-featurestore-runtime``: Cross account support for SageMaker Feature Store
* api-change:``sagemaker``: Cross account support for SageMaker Feature Store
* api-change:``securitylake``: Adding support for Tags on Create and Resource Tagging API.
* api-change:``transcribe``: Added API argument --toxicity-detection to startTranscriptionJob API, which allows users to view toxicity scores of submitted audio.
1.31.7
======
* enhancement:AWSCRT: Upgrade awscrt version to 0.16.26
* api-change:``savingsplans``: Savings Plans endpoints update
1.31.6
======
* api-change:``cloudformation``: SDK and documentation updates for GetTemplateSummary API (unrecognized resources)
* api-change:``ec2``: Amazon EC2 documentation updates.
* api-change:``grafana``: Amazon Managed Grafana now supports grafanaVersion update for existing workspaces with UpdateWorkspaceConfiguration API. DescribeWorkspaceConfiguration API additionally returns grafanaVersion. A new ListVersions API lists available versions or, if given a workspaceId, the versions it can upgrade to.
* api-change:``medical-imaging``: General Availability (GA) release of AWS Health Imaging, enabling customers to store, transform, and analyze medical imaging data at petabyte-scale.
* api-change:``ram``: This release adds support for securely sharing with AWS service principals.
* api-change:``ssm-sap``: Added support for SAP Hana High Availability discovery (primary and secondary nodes) and Backint agent installation with SSM for SAP.
* api-change:``wafv2``: Added the URI path to the custom aggregation keys that you can specify for a rate-based rule.
1.31.5
======
* api-change:``codeguru-security``: Documentation updates for CodeGuru Security.
* api-change:``connect``: GetMetricDataV2 API: Update to include Contact Lens Conversational Analytics Metrics
* api-change:``es``: Regex Validation on the ElasticSearch Engine Version attribute
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``m2``: Allows UpdateEnvironment to update the environment to 0 host capacity. New GetSignedBluinsightsUrl API
* api-change:``snowball``: Adds support for RACK_5U_C. This is the first AWS Snow Family device designed to meet U.S. Military Ruggedization Standards (MIL-STD-810H) with 208 vCPU device in a portable, compact 5U, half-rack width form-factor.
* api-change:``translate``: Added DOCX word document support to TranslateDocument API
1.31.4
======
* api-change:``codeartifact``: Doc only update for AWS CodeArtifact
* api-change:``docdb``: Added major version upgrade option in ModifyDBCluster API
* api-change:``ec2``: Add Nitro TPM support on DescribeInstanceTypes
* api-change:``glue``: Adding new supported permission type flags to get-unfiltered endpoints that callers may pass to indicate support for enforcing Lake Formation fine-grained access control on nested column attributes.
* api-change:``ivs``: This release provides the flexibility to configure what renditions or thumbnail qualities to record when creating recording configuration.
* api-change:``lakeformation``: Adds supports for ReadOnlyAdmins and AllowFullTableExternalDataAccess. Adds NESTED_PERMISSION and NESTED_CELL_PERMISSION to SUPPORTED_PERMISSION_TYPES enum. Adds CREATE_LF_TAG on catalog resource and ALTER, DROP, and GRANT_WITH_LF_TAG_EXPRESSION on LF Tag resource.
1.31.3
======
* api-change:``cognito-idp``: API model updated in Amazon Cognito
* api-change:``connect``: Add support for deleting Queues and Routing Profiles.
* api-change:``datasync``: Added LunCount to the response object of DescribeStorageSystemResourcesResponse, LunCount represents the number of LUNs on a storage system resource.
* api-change:``dms``: Enhanced PostgreSQL target endpoint settings for providing Babelfish support.
* api-change:``ec2``: This release adds support for the C7gn and Hpc7g instances. C7gn instances are powered by AWS Graviton3 processors and the fifth-generation AWS Nitro Cards. Hpc7g instances are powered by AWS Graviton 3E processors and provide up to 200 Gbps network bandwidth.
* api-change:``fsx``: Amazon FSx for NetApp ONTAP now supports SnapLock, an ONTAP feature that enables you to protect your files in a volume by transitioning them to a write once, read many (WORM) state.
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``mediatailor``: Adds categories to MediaTailor channel assembly alerts
* api-change:``personalize``: This release provides ability to customers to change schema associated with their datasets in Amazon Personalize
* api-change:``proton``: This release adds support for deployment history for Proton provisioned resources
* api-change:``s3``: S3 Inventory now supports Object Access Control List and Object Owner as available object metadata fields in inventory reports.
* api-change:``sagemaker``: Amazon SageMaker Canvas adds WorkspeceSettings support for CanvasAppSettings
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
1.31.2
======
* bugfix:s3: Fix s3 presigned URLs for operations with query components
* api-change:``cognito-idp``: API model updated in Amazon Cognito
1.31.1
======
* api-change:``dms``: Releasing DMS Serverless. Adding support for PostgreSQL 15.x as source and target endpoint. Adding support for DocDB Elastic Clusters with sharded collections, PostgreSQL datatype mapping customization and disabling hostname validation of the certificate authority in Kafka endpoint settings
* api-change:``glue``: This release enables customers to create new Apache Iceberg tables and associated metadata in Amazon S3 by using native AWS Glue CreateTable operation.
* api-change:``logs``: Add CMK encryption support for CloudWatch Logs Insights query result data
* api-change:``medialive``: This release enables the use of Thumbnails in AWS Elemental MediaLive.
* api-change:``mediatailor``: The AWS Elemental MediaTailor SDK for Channel Assembly has added support for EXT-X-CUE-OUT and EXT-X-CUE-IN tags to specify ad breaks in HLS outputs, including support for EXT-OATCLS, EXT-X-ASSET, and EXT-X-CUE-OUT-CONT accessory tags.
1.31.0
======
* api-change:``ec2``: Add Nitro Enclaves support on DescribeInstanceTypes
* api-change:``location``: This release adds support for authenticating with Amazon Location Service's Places & Routes APIs with an API Key. Also, with this release developers can publish tracked device position updates to Amazon EventBridge.
* api-change:``outposts``: Added paginator support to several APIs. Added the ISOLATED enum value to AssetState.
* api-change:``quicksight``: This release includes below three changes: small multiples axes improvement, field based coloring, removed required trait from Aggregation function for TopBottomFilter.
* api-change:``rds``: Updates Amazon RDS documentation for creating DB instances and creating Aurora global clusters.
* bugfix:configprovider: Fix bug when deep copying config value store where overrides were not preserved
* enhancement:configprovider: Always use shallow copy of session config value store for clients
* feature:configuration: Configure the endpoint URL in the shared configuration file or via an environment variable for a specific AWS service or all AWS services.
==============================
Release Notes for Samba 4.18.5
July 19, 2023
==============================
This is a security release in order to address the following defects:
o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously
crafted request can trigger an out-of-bounds read in winbind
and possibly crash it.
https://www.samba.org/samba/security/CVE-2022-2127.html
o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain
Controllers where SMB2 packet signing is mandatory.
https://www.samba.org/samba/security/CVE-2023-3347.html
o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
Spotlight can be triggered by an unauthenticated attacker by
issuing a malformed RPC request.
https://www.samba.org/samba/security/CVE-2023-34966.html
o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
Spotlight can be used by an unauthenticated attacker to
trigger a process crash in a shared RPC mdssvc worker process.
https://www.samba.org/samba/security/CVE-2023-34967.html
o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
side absolute path of shares and files and directories in
search results.
https://www.samba.org/samba/security/CVE-2023-34968.html
Changes since 4.18.4
--------------------
o Ralph Boehme <slow@samba.org>
* BUG 15072: CVE-2022-2127.
* BUG 15340: CVE-2023-34966.
* BUG 15341: CVE-2023-34967.
* BUG 15388: CVE-2023-34968.
* BUG 15397: CVE-2023-3347.
o Volker Lendecke <vl@samba.org>
* BUG 15072: CVE-2022-2127.
o Stefan Metzmacher <metze@samba.org>
* BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
Changes since 4.18.3
--------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15404: Backport --pidl-developer fixes.
o Samuel Cabrero <scabrero@samba.org>
* BUG 14030: Named crashes on DLZ zone update.
o Björn Jacke <bj@sernet.de>
* BUG 2312: smbcacls and smbcquotas do not check // before the server.
o Volker Lendecke <vl@samba.org>
* BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers.
* BUG 15391: smbclient leaks fds with showacls.
* BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem.
o Stefan Metzmacher <metze@samba.org>
* BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and
causes test timeouts.
o Noel Power <noel.power@suse.com>
* BUG 15384: net ads lookup (with unspecified realm) fails.
o Christof Schmitt <cs@samba.org>
* BUG 15381: Register Samba processes with GPFS.
o Andreas Schneider <asn@samba.org>
* BUG 15390: Python tarfile extraction needs change to avoid a warning
(CVE-2007-4559 mitigation).
* BUG 15398: The winbind child segfaults when listing users with `winbind
scan trusted domains = yes`.
o Jones Syue <jonessyue@qnap.com>
* BUG 15383: Remove comments about deprecated 'write cache size'.
* BUG 15403: smbget memory leak if failed to download files recursively.
9.18.17 released
6206. [bug] Add shutdown checks in dns_catz_dbupdate_callback() to
avoid a race with dns_catz_shutdown_catzs(). [GL #4171]
6205. [bug] Restore support to read legacy HMAC-MD5 K file pairs.
[GL #4154]
6204. [bug] Use NS records for relaxed QNAME-minimization mode.
This reduces the number of queries named makes when
resolving, as it allows the non-existence of NS RRsets
at non-referral nodes to be cached in addition to the
referrals that are normally cached. [GL #3325]
6200. [bug] Fix nslookup erroneously reporting a timeout when the
input is delayed. [GL #4044]
6199. [bug] Improve HTTP Connection: header protocol conformance
in the statistics channel. [GL #4126]
6198. [func] Remove the holes in the isc_result_t enum to compact
the isc_result tables. [GL #4149]
6197. [bug] Fix a data race between the dns_zone and dns_catz
modules when registering/unregistering a database
update notification callback for a catalog zone.
[GL #4132]
6196. [cleanup] Report "permission denied" instead of "unexpected error"
when trying to update a zone file on a read-only file
system. Thanks to Midnight Veil. [GL #4134]
6193. [bug] Fix a catz db update notification callback registration
logic error, which could crash named when receiving an
AXFR update for a catalog zone while the previous update
process of the catalog zone was already running.
[GL #4136]
6166. [func] Retry without DNS COOKIE on FORMERR if it appears that
the FORMERR was due to the presence of a DNS COOKIE
option. [GL #4049]
* OpenBSD: add RTM_DESYNC to route(4) filter.
* Linux: fix disabling of kernel RA autoconf
* Linux: Improve learning IPv6 address flags
* Linux: risc-v fix vendor error
* Linux: consider IFF_LOWER_UP and !IFF_DORMANT for LINK_UP
* BSD: When we get RTM_NEWADDR the interface must have IFF_UP
* BSD: Fix non INET6 builds
* DHCP: Don't enforce the message came port 67
* privsep: Allow zero length messages through
* dhcpcd: deal with HANGUP and EPIPE better
* dhcpcd: Fix waitip address family
* privsep: Check if we have a root process before sending it stuff
* privsep: Only unlink control sockets if we created them
* common: Improve valid_domain and check correct return
* common: Allow hwaddr_ntoa to print an empty string
* privsep: Send only what we have put in the buffer to script env
Never miss a ceritificate expiration because you forgot to monitor ir.
This Nagios plugins checks certificate validity for a VirtualHost list
dumped from the local Apache configuration.
3.65.0 (2023-07-10)
+ Comparative search can now also be used if sorted by path
- Fixed an issue in comparative search in directories with uppercase letters
3.65.0-rc1 (2023-06-29)
- Fixed potential crashes
- Updated to libfilezilla 0.44.0
0.44.0 (2023-06-28)
+ Exportable hash accumulator state
+ Add for RSA key support for JWS
+ JWT creation
+ Conversion functions from X.509 private keys to JWK
- Added logging when certificate is untrusted by system trust store
0.43.0 (2023-05-26)
+ Added fz::tls_layer::generate_cert_from_csr
- fz::event_loop performance improvements when timers are in use
Dnspython 2.4.0 is now available on PyPI. See What’s New! Thank
you to all the contributors to this release. Special thanks to
Jakob Schlyter for writing zone signing code and also refactoring
the DNSSEC code to allow new algorithms to be added more easily.
Dnspython 2.4.0 requires Python 3.8 or later. Also note that this
release drops support for curio and requests (DoH is now done
exclusively with httpx).
v4.10.0
Changes:
message_t::rebuild with string argument, like the constructor
Add DRAFT socket options for libzmq 4.3.2-4
Add function for adding file descriptor to poller_t
Fix noexcept warnings
Disambiguation from other max functions
iperf-3.14 2023-07-07
---------------------
* Notable user-visible changes
* A memory allocation hazard was fixed. For
more information see:
https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc
* JSON output was improved, such as print JSON numbers as signed,
the exit code when doing JSON output was
fixed, and client_api was fixed so that it still
returns an error code when JSON is enabled. Also,
duplicate fields when using multiple streams was removed from the
JSON output.
* Prevent UDP packet count and operations overflow.
* Statistics are fixed when --omit is used.
* Developer-visible changes
* CI builds and tests using GitHub actions have been added
* A fix for Android "unable to create a new stream error" was added
* Support for Voice Admit DSCP code point from RFC 5865 was added
* A fix for preventing a crash when RSA public key path doesn't
exist was fixed
Wireshark 4.0.7 Release Notes
What’s New
We do not ship official 32-bit Windows packages for Wireshark 4.0 and
later. If you need to use Wireshark on that platform, we recommend
using the latest 3.6 release. Issue 17779[1]
If you’re running Wireshark on macOS and upgraded to macOS 13 from an
earlier version, you might have to open and run the “Uninstall
ChmodBPF” package, then open and run “Install ChmodBPF” in order to
reset the ChmodBPF Launch Daemon. Issue 18734[2].
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2023-21[3] Kafka dissector crash. Issue 19105[4].
• wnpa-sec-2023-22[5] iSCSI dissector crash. Issue 19164[6].
The following bugs have been fixed:
• Crash when (re)loading a capture file after renaming a dfilter
macro. Issue 13753[7].
• Moving a column deselects selected packet and moves to beginning
of packet list. Issue 16251[8].
• If you set the default interface in the preferences, it doesn’t
work with TShark. Issue 16593[9].
• Severe performance issues in Follow → Save As raw workflow. Issue
17313[10].
• TShark doesn’t support the tab character as an aggregator
character in \"-T fields\" Issue 18002[11].
• On Windows clicking on a link in the 'Software Update' window
launches, now unsupported, MS Internet Explorer. Issue 18488[12].
• Wireshark 4.x.x on Win10-x64 crashes after saving a file with a
name already in use. Issue 18679[13].
• NAS-5GS Operator-defined Access Category: Multiple Criteria
values not displayed in dissected packet display. Issue
18941[14].
• Server Hello Packet Invisible - during 802.1x Authentication-
from Wireshark App Version 4.0.3 (v4.0.3-0-gc552f74cdc23) &
above. Issue 19071[15].
• TShark reassembled data is incomplete/truncated. Issue 19107[16].
• CQL protocol parsing issues with `Result` frames from open source
Cassandra. Issue 19119[17].
• TLS 1.3 second Key Update doesn’t work. Issue 19120[18].
• HTTP2 dissector reports an assertion error on large data frames.
Issue 19121[19].
• epan: Single letter hostnames aren’t displayed correctly. Issue
19137[20].
• BLF: CAN-FD-Message format is missing a field. Issue 19146[21].
• BLF: last parameter of LIN-Message is not mandatory (BUGFIX)
Issue 19147[22].
• PPP IPv6CP: Incorrect payload length warning. Issue 19149[23].
• INSTALL file needs to be updated for Debian. Issue 19167[24].
• Some RTP streams make Wireshark crash when trying to play stream.
Issue 19170[25].
• Wrong ordering in OpenFlow 1.0 Datapath unique ID. Issue
19172[26].
• Incorrect mask in RTCP slice picture ID. Issue 19182[27].
• Dissection error in AMQP 1.0. Issue 19191[28].
New and Updated Features
There are no new or updated features in this release.
Removed Features and Support
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
9P, AMQP, BGP, CQL, DHCPFO, EAP, GlusterFS, GSM MAP, HTTP2, iSCSI,
Kafka, Kerberos, NAN, NAS-5GS, OCP.1, OpenFlow 1.0, PDCP-NR, PEAP,
PPPoE, RSL, RTCP, rtnetlink, and XMPP
0.2.1
v2 codebase now uses Cryptodome instead of the deprecated PyCrypto library.
v3 codebase is now more flexible when it comes to requiring a live consensus. This should increase the reachability of Onionbalance in scenarios where the network is having trouble establishing a new consensus.
v3 support for connecting to the control port through a Unix socket. Patch by Peter Tripp.
Introduce status socket support for v3 onions. Patch by vporton.
Sending a SIGHUP signal now reloads the v3 config. Patch by Peter Chung.
Ping, but with a graph.
Comes with the following super-powers:
- Graph the ping time for multiple hosts
- Graph the execution time for commands via the --cmd flag
- Custom colours
0.12.1 - Released on 06/07/2023
- Issue 169: Local working directory can now be specified in connection form
and be saved into bookmarks.
- Issue 188: The breadcrumbs path is not fallbacked after a failed enter into
the directory
- SMB support is now a feature (you can build rust without default features to
disable smb).
- If SSH connection timeout is 0, the connection won't timeout.
0.12.0 - Released on 16/05/2023
- Change file permissions: you can now change file permissions easily with the
permissions popup pressing Z in the explorer.
- Issue 172
- SMB protocol: Support for SMB protocol has been added thanks to the
remotefs-smb library and the pavao project. You may notice that the
interface is quiet different between Windows and Linux/MacOs/BSD due to the
fact that SMB is natively supported on Windows systems.
- Issue 182
- Issue 153: show a loading message when loading directory's content
- Issue 176: debug log is now written to CACHE_DIR
- Issue 173: allow unknown fields in ssh2 configuration file
- Issue 175: don't prompt for password if a ssh key is set for that host
- Fixed an issue that didn't use the User specified in ssh2-config
- NS violating CurveDNS protocol don't impede name resolution anymore.
- tinydns-edit 'add' recognizes now IPv6 addresses upon call for NS and
MX records.
- Updates to tinydns-edit.8 man file and straightening the docs for
libsodium use.
1.3.7f
-------
1.3.7e
-------
+ Ensure that mod_sftp algorithms work properly when OpenSSL 3.x is used.
1.3.7d
-------
+ Improved consistency/support for name-based virtual hosts.
+ Fixed crashes due to very long lines in AuthGroupFiles (Issue #1321).
Changelog:
Version 3.2.8
Improvements:
kdig: malformed messages are parsed and printed using a best-effort approach
python: new dname from wire initialization
Bugfixes:
knotd: missing outgoing NOTIFY upon refresh if one of more primaries is up-to-date
knotd: journal loop detection can prevent zone from loading
knotd: cryptic error message when journal is full #842
knotd: failed to query catalog zone over UDP
configure: libngtcp2 check wrongly requires version 0.13.0 instead of 0.13.1
Version 3.2.7
Features:
knotd: new configuration option for preserving incoming IXFR changeset history (see 'zone.ixfr-by-one')
Improvements:
knotd: journal ensures the stored changeset's SOA serials are strictly increasing
knotd: more effective handling of zero KNOT_ZONE_LOAD_TIMEOUT_SEC environment value
knotd, kdig: incoming transfer fails if a message has the TC bit set
knotd, kjournalprint: store or print the timestamp of changeset creation
kxdpgun: load only necessary number of queries (Thanks to Petr Špaček)
kxdpgun: print ratio of sent vs. requested queries (Thanks to Petr Špaček)
kxdpgun: print percentages as floats (Thanks to Petr Špaček)
kjournalprint: ability to print a changeset loop
kjournalprint: added changset serials information to '-z -d' output
packaging: RHEL9 requires libxdp like fedora since RHEL 9.2 #844
doc: various improvements
Bugfixes:
knotd: journal loading can get stuck in a multi-changeset loop
knotd: missing RCU lock when reading zone through the control interface
knotd: server start D-Bus signaling doesn't work well if the zone file is missing, catalog zones are used, or in the async-start mode
knotd: test suite fails on 32bit architectures on musl 1.2 and newer #843
knotd: failed to process zero-length messages over QUIC
libs: compilation with embedded ngtcp2 fails if there is another ngtcp2 in the path
Version 3.2.6
Improvements:
libs: upgraded embedded libngtcp2 to 0.13.1
libs: added support for building on Cygwin and MSYS (Thanks to Christopher Ng)
mod-dnstap: improved precision of stored time values
kdig: added option for EDNS EXPIRE (see '+expire') #836
kdig: extended description of SOA timers in the multiline mode
kdig: reduced latency of TLS communication
libknot: added EDE codes 28 and 29
doc: various improvements
Bugfixes:
knotd: generated catalog zone not updated upon server reload #834
knotd: failed to check shared module configuration
knotd: missing RCU registration of the statistics thread (Thanks to Qin Longfei)
knotd: server logs failed to send QUIC packets in the XDP mode
libs: inconsistent transformation of IPv4-Compatible IPv6 Addresses
utils: failed to load configuration if dnstap module is enabled #831
libknot: missing include string.h
Changelog:
This release adds a script for bash autocompletion for nsd-control. Also
nsd-control can be configured to use unencrypted operation also when
compiled without openssl. There is also a systemd service unit example
file contributed. The dnstap log service can be contacted over TCP, with
the dnstap-ip: ip option. It is also possible to use TLS, with
dnstap-tls, it is enabled by default, and can be configured with the
dnstap-server-name, dnstap-cert-bundle, dnstap-client-key-file and
dnstap-client-cert-file options. The configure option
--enable-root-server is obsolete, it is no longer used and defaults to
on. In addition, the build file should support multicore build with
flex and bison more easily.
FEATURES:
Merge #263: Add bash autocompletion script for nsd-control.
Fix#267: Allow unencrypted local operation of nsd-control.
Merge #269 from Fale: Add systemd service unit.
Fix#271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
dnstap over TLS, default enabled. Configured with the
options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
dnstap-tls-client-key-file and dnstap-tls-client-cert-file.
BUG FIXES:
Fix#239: -Wincompatible-pointer-types warning in remote.c.
Fix configure for -Wstrict-prototypes.
Fix#262: Zone(s) not synchronizing properly via TLS.
Fix for #262: More error logging for SSL read failures for zone
transfers.
Merge #265: Fix C99 compatibility issue.
Fix#266: Fix build with --without-ssl.
Fix for #267: neater variable definitions.
Fix#270: reserved identifier violation.
Fix to clean more memory on exit of dnstap collector.
Fix dnstap to not check socket path when using IP address.
Fix to compile without ssl with dnstap-tls code.
Dnstap tls code fixes.
Fix include brackets for ssl.h include statements, instead of quotes.
Fix static analyzer warning about nsd_event_method initialization.
Fix#273: Large TXT record breaks AXFR.
Fix ixfr create from adding too many record types.
Fix cirrus script for submit to coverity scan to libtoolize
the configure script components config.guess and config.sub.
Fix readme status badge links.
make depend.
Fix for build to run flex and bison before compiling code that needs
the headers.
Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h.
For #279: Note that autoreconf -fi creates the configure script
and also the needed auxiliary files, for autoconf 2.69 and 2.71.
Fix unused variable warning in unit test, from clang compile.
Fix#240: Prefix messages originating from verifier.
Fix#275: Drop unnecessary root server checks.
yt-dlp 2023.07.06
Important changes
Security: [CVE-2023-35934] Fix Cookie leak
--add-header Cookie: is deprecated and auto-scoped to input URL domains
Cookies are scoped when passed to external downloaders
Add cookies field to info.json and deprecate http_headers.Cookie
Core changes
Allow extractors to mark formats as potentially DRM
Bugfix for b4e0d75848e9447cee2cd3646ce54d4744a7ff56 by pukkandan
Change how Cookie headers are handled by Grub4K
Prevent Cookie leaks on HTTP redirect by coletdjnz
formats: Fix best fallback for storyboards by pukkandan
outtmpl: Pad playlist_index etc even when with internal formatting by pukkandan
utils: clean_podcast_url: Handle protocol in redirect URL by pukkandan
Extractor changes
abc: Fix extraction
AdultSwim: Extract subtitles from m3u8
crunchyroll: music: Fix _VALID_URL
Douyin: Fix extraction from webpage by bashonly
googledrive: Fix source format extraction
kick: Fix _VALID_URL by bashonly
qdance: Add extractor
sbs: Python 3.7 compat by pukkandan
stacommu: Add extractors
twitter
Fix unauthenticated extraction
spaces: Fix extraction
vidlii: Handle relative URLs by pukkandan
vk: VKPlay, VKPlayLive: Add extractors
youtube
Add extractor-arg formats by pukkandan
Avoid false DRM detection
Fix comments' is_favorited
Ignore incomplete data for comment threads by default
Process post_live over 2 hours by pukkandan
stories: Remove
tab: Support shorts-only playlists
Downloader changes
aria2c: Add --no-conf by pukkandan
external: Scope cookies by bashonly, coletdjnz
http: Avoid infinite loop when no data is received by pukkandan
Misc. changes
Add CodeQL workflow
cleanup: Miscellaneous: 337734d by pukkandan
docs: Minor fixes by pukkandan
make_changelog: Skip reverted commits by pukkandan
Croc is a tool that allows any two computers to simply and securely transfer
files and folders. Croc may be the only CLI file-transfer tool that does all
of the following:
- Allows any two computers to transfer data (using a relay)
- Provides end-to-end encryption (using PAKE)
- Enables easy cross-platform transfers (Windows, Linux, Mac)
- Allows multiple file transfers
- Allows resuming transfers that are interrupted
- Local server or port-forwarding not needed
- IPv6-first with IPv4 fallback
- Can use proxy, like Tor
2.8.1
- BUG/MINOR: stats: Fix Lua's `get_stats` function
- BUG/MINOR: stream: do not use client-fin/server-fin with HTX
- BUG/MINOR: quic: Possible crash when SSL session init fails
- CONTRIB: Add vi file extensions to .gitignore
- BUG/MINOR: spoe: Only skip sending new frame after a receive attempt
- DOC: quic: fix misspelled tune.quic.socket-owner
- DOC: config: fix jwt_verify() example using var()
- DOC: config: fix rfc7239 converter examples (again)
- BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line
- BUG/MINOR: proxy: add missing interface bind free in free_proxy
- BUG/MINOR: proxy/server: free default-server on deinit
- BUG/MEDIUM: hlua: Use front SC to detect EOI in HTTP applets' receive functions
- BUG/MINOR: peers: Improve detection of config errors in peers sections
- REG-TESTS: stickiness: Delay haproxys start to properly resolv variables
- BUG/MINOR: ssl: log message non thread safe in SSL Hanshake failure
- BUG/MINOR: quic: Wrong encryption level flags checking
- BUG/MINOR: quic: Address inversion in "show quic full"
- BUG/MINOR: server: inherit from netns in srv_settings_cpy()
- BUG/MINOR: namespace: missing free in netns_sig_stop()
- BUG/MINOR: quic: Missing initialization (packet number space probing)
- BUG/MINOR: quic: Possible crash in quic_conn_prx_cntrs_update()
- BUG/MINOR: quic: Possible endless loop in quic_lstnr_dghdlr()
- BUG/MEDIUM: mworker: increase maxsock with each new worker
- BUG/MINOR: quic: ticks comparison without ticks API use
- DOC: Add tune.h2.be.* and tune.h2.fe.* options to table of contents
- DOC: Add tune.h2.max-frame-size option to table of contents
- REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages
- DOC: Attempt to fix dconv parsing error for tune.h2.fe.initial-window-size
- BUG/MINOR: http_ext: fix if-none regression in forwardfor option
- BUG/MINOR: mworker: leak of a socketpair during startup failure
- BUG/MINOR: quic: Prevent deadlock with CID tree lock
- BUG/MEDIUM: quic: error checking buffer large enought to receive the retry tag
- BUG/MINOR: config: fix stick table duplicate name check
- BUG/MINOR: quic: Missing random bits in Retry packet header
- BUG/MINOR: quic: Wrong Retry paquet version field endianess
- BUG/MINOR: quic: Wrong endianess for version field in Retry token
- IMPORT: slz: implement a synchronous flush() operation
- MINOR: compression/slz: add support for a pure flush of pending bytes
- BUILD: debug: avoid a build warning related to epoll_wait() in debug code
- MINOR: quic: Move QUIC encryption level structure definition
- MINOR: quic: Move packet number space related functions
- MINOR: quic: Reduce the maximum length of TLS secrets
- CLEANUP: quic: Remove server specific about Initial packet number space
3.10.8 (2023-06-23)
Merged Pull Requests
* Fix cannot find a UUID when connect using train with local transport
inside docker container #747 (Vasu1105)
ntopng 5.6
Breakthroughs
Add XL license
Add support Rocky9
Add support to Kafka
Increased max num of exporters
Introduce nTap support
Introduce support to ClickHouse Cluster
Rework Historical Chart Page
Rework pages using VueJS and moving towards responsive client
Improvements
Handle allowed networks for unprivileged users
Improve multitenancy support
Improve thread names
Improve mac formatting
Improve top host sites adding reset method
Improve pcap upload
Improve ports formatting
Improve handling for Cisco NBAR collection
Improve source style
Improve Linux OS detection
Improve Engaged Time Report in Chart
Improve passive DNS hosty resolution
Improve alerts reports
Improve OPNsense installation instruction
Improve host report
Improve support to NDPI_TCP_ISSUES flow risk
Improve layout
Improve ICMP flow handling
Lowered memory consumption due to alert score
Rework pro code directories
Rework lua code
Rework flow aggregation
Rework capabilities support
Socket code cleanup
Use API to build interface report
Update rrd calculations
Update JP localization (courtesy of Yoshihiro Ishikawa)
Changes
Add logo to package
Add missing deps
Add link to host
Add options to send report by email
Add Report class and example
Add internal server error on health/interfaces doc api
Add support for external (REST) host alerts
Add various help and parameters
Add script to create a pdf report from historical API data
Add NXLOG/Active Directory documentation
Add reload button in various pages
Add third party resources
Add flow exporter ips to observation points
Add support for the python API documentation
Add forced offline variable to mantain the --offline option
Add support for Lua host engaged alerts using timeout
Add observation points ts
Add HTTP server in flow details
Add token-based authentication https://www.ntop.org/guides/ntopng/advanced_features/authentication.html?highlight=token#token-based-authentication
Add Flow Risk (Bitmap) Filter in alerts
Add make targets for pip package Updated package classes
Add L7 information in flow object adding
Add CodeQL workflow for GitHub code scanning
Add modal-download-file component and add export timeseries png picture button
Add critical and emergency status to alerts
Add oneway TCP flows counters
Add support for nDPI network handling in flows
Add -n 4 for name resolution
Add IMAP/POP stats
Add Stratosphere Labs Blacklist support
Add support d3v7
Add Requires for RH9 (redhat-lsb-core is deprecated)
Add interfaces stats api and refactor the others health api
Add support to application protocol and master protocol
Add CIDR support in Historical Flows
Add new Aggregated Flows page
Add new Alerts Analysis page
Add support for estimating the number of TCP contacted servers with no reply
Add new Ports Analysis page
Add detection of periodic flows and exported it as flow risk in both flows and alerts
Add REST API to get DB columns and info
Add ability to query alerts from Python
Add Zoom streams handling
Add various checks
Add IP-in-IP decapsulation
Add Host Rules page (possiblity to trigger alerts based on timeseries)
Add the ability to analyze a pcap without creating a new interface
Add Windows timezone handling
Change table definition
Cleanup file names
Disabled host serialization
Enlarged the number of local networks to 1024
Increased upload size to 25 MB
Implement custom script check
Implement support of host filtering with TX traffic sent
Implement unresponsive peers host report
Implement count of incoming tx peers with TCP flows unanswered
Move ts business logic in ts_rest_utils.lua
Patch for handling nicely clock drift at startup
Remove obsolete autogen commands On Linux stay with g++ unless asnitizer is used
Remove REST API v0 (discontinued since ntopng 4.2)
Remove no more used severity
Refactor range-picker query_presets
Rework host packets page and removed dscp page
Rework host ports implementation
Rework Historical class
Rework OPNsense plugin package build
Self test fixes and improvements
Update documentation
Update REST API
Update bootstrap table css
Update various pages to vuejs
Update counter scaling (no gauge)
Update response in service disabled case
nEdge
Add support to multi LAN and fixes DHCP service error
Add VLAN and multi WAN support to nedge
Add routing_policy to nedge configuration callback
Fix netplan configuration error
Update vlan trunk doc
Fix
Df columns error management, table export formatted with % and column reordering now working
Fix missing openssl dependency from MacOS
Fix clang
Fix host sankey minor issues
Fix hyperlinks to historical charts not working
Fix hyperlinks not working correctly
Fix Regex escape
Fix application name resolution on aggregated views
Fix RRD driver for step calaculation
Fix visual bugs with master and app proto
Fix various interface page minor bugs
Fix shortened labels
Fix default sort not working
Fix influxdb retention not updated
Fix name and size of charts
Fix vlan label not mapped
Fix for FreeBSD configure
Fix ip resolution not updating the name
Fix discrepancy in Traffic Calculation (Interface Chart)
Fix measurement units not uniform
Fix crash swap
Fix bug that reported wrong DNS information
Fix build process with opnsense/plugins
Fix validators regexps
Fix ICMP emtropy report Improved HTTP flows report
Fix Telegram Reported alerts contain HTML
Fix multi-series Charts are Unreadable in Dark Mode
Fix invalid reverse host resolution that caused hosts to be labelled with wrong symbolic name
Fix delete obsoleted code from page-stats
Fix for circular dependency js
Fix overlay not working
Fix due to changes to nDPI ALPN handling
Fix CSS Inconsistency Across Browsers
Fix Deep copy also for array of objects
Fix missing modules
Fix NAT handling with nprobe
Fix initialization crash
Removed multiple load from tables
ZMQ encryption key is now reported in hex to avoid escape problems
nDPI 4.6
New Features
New support for custom BPF protocol definition using nBPF (see example/protos.txt)
Improved dissection performance
Added fuzzing all over
New Supported Protocols and Services
Add protocol detection for:
Activision
AliCloud server access
AVAST
CryNetwork
Discord
EDNS
Elasticsearch
FastCGI
Kismet
Line App and Line VoIP calls
Meraki Cloud
Munin
NATPMP
Syncthing
TP-LINK Smart Home
TUYA LAN
SoftEther VPN
Tailscale
TiVoConnect
Improvements
Improve protocol detection for:
Anydesk
Bittorrent (fix confidence, detection over TCP)
DNS, add ability to decode DNS PTR records used for reverse address resolution
DTLS (handle certificate fragments)
Facebook Voip calls
FastCGI (dissect PARAMS)
FortiClient (update default ports)
Zoom
Add Zoom screen share detection
Add detection of Zoom peer-to-peer flows in STUN
Hangout/Duo Voip calls detection, optimize lookups in the protocol tree
HTTP
Handling of HTTP-Proxy and HTTP-Connect
HTTP subclassification
Check for empty/missing user-agent in HTTP
IRC (credentials check)
Jabber/XMPP
Kerberos (support for Krb-Error messages)
LDAP
MGCP
MONGODB (avoid false positives)
Postgres
POP3
QUIC (support for 0-RTT packets received before the initial)
Snapchat Voip calls
SIP
SNMP
SMB (support for messages split into multiple TCP segments)
SMTP (support for X-ANONYMOUSTLS command)
STUN
SKYPE (improve detection over UDP, remove detection over TCP)
Teamspeak3 (License/Weblist detection)
Threema Messenger
TINC (avoid processing SYN packets)
TLS
improve reassembler
handling of ALPN(s) and subclassification
ignore invalid Content Type values
WindowsUpdate
Add flow risk:
NDPI_HTTP_OBSOLETE_SERVER
NDPI_MINOR_ISSUES (generic/relevant information about issues found on traffic)
NDPI_HTTP_OBSOLETE_SERVER (Apache and nginx are supported)
NDPI_PERIODIC_FLOW (reserved bit to be used by apps based on nDPI)
NDPI_TCP_ISSUES
Improve detection of WebShell and PHP code in HTTP URLs that is reported via flow risk
Improve DGA detection
Improve AES-NI check
Improve nDPI JSON serialization
Improve export/print of L4 protocol information
Improve connection refused detection
Add statistics for Patricia tree, Ahocarasick automa, LRU cache
Add a generic (optional and configurable) expiration logic in LRU caches
Add RTP stream type in flow metadata
LRU cache is now IPv6 aware
Tools
ndpiReader
Add support for Linux Cooked Capture v2
Fix packet dissection (CAPWAP and TSO)
Fix Discarded bytes statistics
Fixes
Fix classification by-port
Fix exclusion of DTLS protocol
Fix undefined-behaviour in ahocorasick callback
Fix infinite loop when a custom rule has port 65535
Fix undefined-behavior when setting empty user-agent
Fix infinite loop in DNS dissector (due to an integer overflow)
Fix JSON export of IPv6 addresses
Fix memory corruptions in Bittorrent, HTTP, SoftEther, Florensia, QUIC, IRC, TFTP dissectors
Fix stop of extra dissection in HTTP, Bittorrent, Kerberos
Fix signed integer overflow in ASN1/BER dissector
Fix char/uchar bug in ahocorasick
Fix endianess in IP-Port lookup
Fix FastCGI memory allocation issue
Fix metadata extraction in NAT-PMP
Fix invalid unidirectional traffic alert for unidirectional protocols (e.g. sFlow)
Misc
Support for Rocky Linux 9
Enhance fuzzers to test nDPI configurations, memory allocation failures, serialization/deserialization, algorithms and data structures
GitHub Actions: update to Node.js 16
Size of LRU caches is now configurable
3.12.1
Core Server
Bug Fixes
Declaration of a classic queue could run into an exception.
Classic queues v1 (CQv1) that had a backlog of messages stored by 3.9 and earlier versions
could run into an exception during queue index recovery after an upgrade to 3.10.x or any later series.
CQv2 and queues without a backlog were not affected.
Contributed by @gomoripeti (CloudAMQP).
Nodes that had a large number of quorum queues could observe accumulation of Erlang processes
under significant load.
Feature flag discovery on a newly added node could discover an incomplete inventory of feature flags.
Feature flag discovery operations will now be retried multiple times in case of network failures.
Nodes in clusters that had quorum queues and non-mirrored classic queues on stopped (or failed) nodes
could run into an exception.
The same exception could affect rabbitmqctl list_queues.
Proxy Protocol v2 LOCAL packets were not supported.
Enhancements
When a quorum queue does not find its local replica data files on boot, it will now log
a warning.
Management Plugin
Bug Fixes
An attempt to clear limits of a non-existent virtual host failed with a 500 status code.
Enhacements
Management UI will now display node maintenance status.
Contributed by @SimonUnge (AWS).
The "Queues" tab in the UI was renamed to "Queue and Streams" to better reflect
its contents.
New HTTP API endpoints for quorum queue replica management, equivalent to
the rabbitmq-queues commands that manage replicas.
POST /api/queues/quorum/{vhost}/{name}/replicas/add
DELETE /api/queues/quorum/{vhost}/{name}/replicas/remove
POST /api/queues/quorum/replicas/on/{node}/grow
DELETE /api/queues/quorum/replicas/on/{node}/shrink
Stream Plugin
Bug Fixes
Stream client connections that authenticated using x.509 certificates
failed.
OAuth 2 Plugin
Bug Fixes
Only set OAuth 2 client's CA certificate file setting when it is defined.
Enhancements
The plugin will now accept JWT tokens without a scope. Such tokens would only be useful when the plugin
is used exclusively for authentication and not authorization.
oauth2 is now an accepted alias for the OAuth 2 authentication and authorization backend:
auth_backends.1 = oauth2
Previously the only option for OAuth 2 was using a full module name,
rabbit_auth_backend_oauth2.
STOMP Plugin
Bug Fixes
STOMP plugin log entries had an extra line feed character.
Dependency Upgrades
ra was upgraded to 2.6.2
osiris was upgraded from 1.5.1 to 1.6.0
2023.6.22
Core changes
Fix bug in db3ad8a67661d7b234a6954d9c6a4a9b1749f5eb by pukkandan
Improve --download-sections by pukkandan
Support negative time-ranges
Add *from-url to obey time-ranges in URL
Indicate filesize approximated from tbr better by pukkandan
Extractor changes
Support multiple _VALID_URLs
dplay: GlobalCyclingNetworkPlus: Add extractor
dropout: Fix season extraction
motherless: Add gallery support, fix groups
nebula: Fix extractor
rheinmaintv: Add extractor
youtube
Add ios to default clients used by pukkandan
IOS is affected neither by 403 nor by nsig so helps mitigate them preemptively
IOS also has higher bit-rate 'premium' formats though they are not labeled as such
Improve description parsing performance
Improve nsig function name extraction by pukkandan
Workaround 403 for android formats by pukkandan
Misc. changes
Revert "Add automatic duplicate issue detection" by pukkandan
cleanup
9.18.16 (2023-06-21)
Security release:
- CVE-2023-2828
- CVE-2023-2911
6192. [security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
6188. [performance] Reduce memory consumption by allocating properly
sized send buffers for stream-based transports.
[GL #4038]
6186. [bug] Fix a 'clients-per-query' miscalculation bug. When the
'stale-answer-enable' options was enabled and the
'stale-answer-client-timeout' option was enabled and
larger than 0, named was taking two places from the
'clients-per-query' limit for each client and was
failing to gradually auto-tune its value, as configured.
[GL #4074]
6185. [func] Add "ClientQuota" statistics channel counter, which
indicates the number of the resolver's spilled queries
due to reaching the clients per query quota. [GL !7978]
6183. [bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
6182. [cleanup] Remove configure checks for epoll, kqueue and
/dev/poll. [GL #4098]
6181. [func] The "tkey-dhkey" option has been deprecated; a
warning will be logged when it is used. In a future
release, Diffie-Hellman TKEY mode will be removed.
[GL #3905]
6180. [bug] The session key object could be incorrectly added
to multiple different views' keyrings. [GL #4079]
6179. [bug] Fix an interfacemgr use-after-free error in
zoneconf.c:isself(). [GL #3765]
6176. [test] Add support for using pytest & pytest-xdist to
execute the system test suite. [GL #3978]
6174. [bug] BIND could get stuck on reconfiguration when a
'listen' statement for HTTP is removed from the
configuration. That has been fixed. [GL #4071]
6173. [bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
6165. [bug] Fix a logic error in dighost.c which could call the
dighost_shutdown() callback twice and cause problems
if the callback function was not idempotent. [GL #4039]
pkgsrc change: reduce pkglint warnings.
9.16.42 (2023-06-21)
Security release:
- CVE-2023-2828
- CVE-2023-2911
6192. [security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
6183. [bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
6173. [bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
Lexicon v3.12.0
Added
Add duckdns provider (experimental support)
Add dnsservices provider
Add flexibleengine provider
Official support for Python 3.11
Modified
Upgrade API version used for azure provider
Various fixes for documentation
Fix check for extra dependencies
2022-12-24: Ver 0.3-9
* Replace "sprintf()" in C.
* Replace some ".pbd_env" from function arguments.
* Add suppress messages to demo.
2022-10-16: Ver 0.3-8
* Fix "strict-types" and "deprecated-non-prototype" warnings.
* Fix "if() conditions comparing class() to string".
2022-02-04: Ver 0.3-7
* Make a copy of './inst/zmq_copyright/*' to './src/zmqsrc'.
* Add ZeroMQ authors to DESCRIPTION file.
2021-10-25: Ver 0.3-6
* Change configure.ac for autoconf-2.71
* Change tests to local in-process (inter-thread) communication transport
"zmq_inproc".
2021-04-17: Ver 0.3-6
* Check and add "libzmq>=4.3.0" and "-DENABLE_DRAFTS=ON" options.
* Add more ZMQ socket options up to libzmq 4.3.4 (may not stable).
2021-02-27: Ver 0.3-6
* Add more ZMQ socket options.
* Add timeout for connection in tests.
2021-02-09: Ver 0.3-5
* Update "conf.sub" and "conf.guess" from CRAN.
2020-12-13: Ver 0.3-4
* Change "http://" to "https://".
2020-09-07: Ver 0.3-4
* Fix warning 'char* strncpy(char*, const char*, size_t)' output truncated
due to "-Werror=stringop-truncation" by gcc 8.3.1
* Fix a "buf[1]" in zmq.send() call in "R_zmq_sendrecv.r"
2019-07-27: Ver 0.3-4
* For osx, change "install.libs.R" and "zzz.r.in" for staged installation.
2019-07-10: Ver 0.3-4
* Roll back to (R >= 3.5.0).
* Change detection of ZeroMQ library version to "4.2.2" from "4.0.4".
* Roll detection of ZeroMQ library version to "4.0.4".
* Block ZeroMQ library version "4.1.6".
2019-05-03: Ver 0.3-4
* Add "StagedInstall: FALSE" to DESCRIPTION to turn off WARNING in macos.
2019-04-26: Ver 0.3-4
* Revmoe "^M" from "src/zmqsrc/src/condition_variable.hpp".
2019-04-01: Ver 0.3-4
* Support REQ/REP sockets in sendfile/recvfile functions.
2019-02-18: Ver 0.3-4
* Add "R/R_zmq_transfers.r" for transferfing files and directories.
* Add importFrom utils for zip and unzip.
* Remove "-Werror" from "src/zmqsrc/configure" to pass "R CMD check".
2019-02-17: Ver 0.3-4
* Register "R_zmq_send_file" and "R_zmq_recv_file" in "src/zzz.c".
* Fix Windows binary files transfer problems.
Changes since 4.18.2
--------------------
o Ralph Boehme <slow@samba.org>
* BUG 15375: Symlinks to files can have random DOS mode information in a
directory listing.
* BUG 15378: vfs_fruit might cause a failing open for delete.
o Volker Lendecke <vl@samba.org>
* BUG 15361: winbind recurses into itself via rpcd_lsad.
* BUG 15366: wbinfo -u fails on ad dc with >1000 users.
o Stefan Metzmacher <metze@samba.org>
* BUG 15338: DS ACEs might be inherited to unrelated object classes.
* BUG 15362: a lot of messages: get_static_share_mode_data:
get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND.
* BUG 15374: aes256 smb3 encryption algorithms are not allowed in
smb3_sid_parse().
o Andreas Schneider <asn@samba.org>
* BUG 15360: Setting veto files = /.*/ break listing directories.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15363: "samba-tool domain provision" does not run interactive mode if
no arguments are given.
o Nathaniel W. Turner <nturner@exagrid.com>
* BUG 15325: dsgetdcname: assumes local system uses IPv4.
Upstream changes:
* 3.6.4 (2023/06/11)
- switch an image loader to stb_image instead of libjpeg, libpng, and giflib
- support OpenSSL for SSL/TLS libraries
- fix builds on OpenBSD/amd64 and Ubuntu 22.04
SOAP-WSDL provides a SOAP client with WSDL support.
This module is not recommended for new application development. Please
use XML::Compile::SOAP or SOAP::Lite instead if possible.
This module has a large number of known bugs and is not being actively
developed. This 3.0 release is intended to update the module to pass
tests on newer Perls. This is a service to existing applications
already dependent on this module.
SOAP-WSDL provides a SOAP client with WSDL support.
This module is not recommended for new application development. Please
use XML::Compile::SOAP or SOAP::Lite instead if possible.
This module has a large number of known bugs and is not being actively
developed. This 3.0 release is intended to update the module to pass
tests on newer Perls. This is a service to existing applications
already dependent on this module.
New features
- Considerably refined the app packaging strategy, introducing support for more
architectures and other advancements 📦 (see #246 for additional details)
- Added button to clear all the current search filters quickly in inspect page
- Added Swedish translation 🇸🇪 (#213)
Improvements
- Updated most of the existing translations to v1.2:
- German 🇩🇪 (#191)
- Spanish 🇪🇸 (#203)
- Persian 🇮🇷 (#193)
- Korean 🇰🇷 (#205)
- Polish 🇵🇱 (#244)
- Romanian 🇷🇴 (#241)
- Russian 🇷🇺 (#187)
- Turkish 🇹🇷 (#192)
- Ukrainian 🇺🇦 (#216)
- Chinese 🇨🇳 (#214)
- Renamed "Administrative entity" to "Autonomous System name" to avoid
confusion
- Improved filter columns relative width to avoid the "Application protocol"
label being cut when displayed in Swedish
- Footer URLs have been updated to include links to Sniffnet's official website
and GitHub Sponsor page
- Updated docs including installation instruction for Arch Linux (#185)
- Minor improvements to packets and bytes number format
- Minor improvements to:
- code readability (#248)
- docs (#235)
Fixes
- Various issues have been fixed by the refined packaging strategy (#199, #220,
#223, #224, #225, #242)
- Solved a minor problem that caused flags to be slightly misaligned in inspect
page table
The dependency was to ensure the runtime presence of tcprules(1),
described at HOMEPAGE thus:
Optional but indispensible: ucspi-tcp6 to build the cdb to control
incoming connections for sslserver using tcprules coming with the
ucspi-tcp6 package. Older versions of ucspi-tcp can be used as well,
but don't provide neither IPv4 CIDR nor IPv6 capabilities. The
generated cdb however, is binary compatible among all versions.
Depending on either of net/ucspi-tcp{,6} here was complicating the
dependency graph in exchange for... still getting in the way of other
packages installing what they need (e.g. mail/bincimap). Trust the
sysadmin to notice if they don't already have tcprules and decide what
to install in that case.
Almost all uses, if not all of them, are wrong, according to the
semantics of BUILD_DEPENDS (packages built for target available for
use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for
host available for use _as_ tools at build-time).
No change to BUILD_DEPENDS as used correctly inside buildlink3.
As proposed on tech-pkg:
https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html
Nmap 7.94 [2023-05-19]
o Zenmap and Ndiff now use Python 3! Thanks to the many contributors who made
this effort possible:
+ [Zenmap] Updated Zenmap to Python 3 and PyGObject. [Jakub Kulík]
+ [Ndiff] Updated Ndiff to Python 3. [Brian Quigley]
+ Additional Python 3 update fixes by Sam James, Daniel Miller. Special thanks
to those who opened Python 3-related issues and pull requests: Eli
Schwartz, Romain Leonard, Varunram Ganesh, Pavel Zhukov, Carey Balboa,
Hasan Aliyev, and others.
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.71 to the latest version 1.75. It
includes dozens of performance improvements, bug fixes and feature
enhancements described at https://npcap.com/changelog.
o Nmap now prints vendor names based on MAC address for MA-S (24-bit), MA-M
(28-bit), and MA-L (36-bit) registrations instead of the fixed 3-byte MAC
prefix used previously for lookups.
o Added partial silent-install support to the Nmap Windows
installer. It previously didn't offer silent mode (/S) because the
free/demo version of Npcap Windoes packet capturing driver that it
needs and ships with doesn't include a silent installer. Now with
the /S option, Nmap checks whether Npcap is already installed
(either the free version or OEM) and will silently install itself if
so. This is similar to how the Wireshark installer works and is
particularly helpful for organizations that want to fully automate
their Nmap (and Npcap) deployments. See
https://nmap.org/nmap-silent-install for more details.
o Lots of profile-guided memory and processing improvements for Nmap, including
OS fingerprint matching, probe matching and retransmission lookups for large
hostgroups, and service name lookups. Overhauled Nmap's string interning and
several other startup-related procedures to speed up start times, especially
for scans using OS detection. [Daniel Miller]
o Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD. Added 22 fingerprints,
bringing the new total to 5700!
o [NSE] Added the tftp-version script which requests a
nonexistent file from a TFTP server and matches the error message
to a database of known software. [Mak Kolybabi]
o [Ncat] Ncat can now accept "connections" from multiple UDP hosts in
listen mode with the --keep-open option. This also enables --broker and
--chat via UDP. [Daniel Miller]
o Upgraded OpenSSL binaries (for the Windows builds and for
RPM's) to version 3.0.8. This resolves some CVE's (CVE-2022-3602;
CVE-2022-3786) which don't impact Nmap proper since it doesn't do
certificate validation, but could possibly impact Ncat when the
--ssl-verify option is used.
o Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
o Removed the bogus OpenSSL message from the Windows Nmap
executable which looked like "NSOCK ERROR ssl_init_helper(): OpenSSL
legacy provider failed to load." We actually already have the legacy
provider built-in to our OpenSSL builds, and that's why loading the
external one fails.
o UDP port scan (-sU) and version scan (-sV) now both use the same
data source, nmap-service-probes, for data payloads. Previously, the
nmap-payloads file was used for port scan. Port scan responses will be used
to kick-start the version matching process. [Daniel Miller]
o Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption. The
DTLSSessionReq probe has had its rarity lowered to 2 to allow it to be sent
sooner in the scan. [Daniel Miller]
o [Ncat] Ncat in listen mode with --udp --ssl will use DTLS to secure incoming
connections. [Daniel Miller]
o Handle Internationalized Domain Names (IDN) like Яндекс.рф on
platforms where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
o [Ncat] Addressed an issue from the Debian bug tracker
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969314) regarding data
received immediately after a SOCKS CONNECT response. Ncat can now be
correctly used in the ProxyCommand option of OpenSSH.
o Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted DNS
server responses, reported by Philippe Antoine.
o [NSE] Fix mpint packing in ssh2 library, which was causing OpenSSH
errors like "ssh_dispatch_run_fatal: bignum is negative" [Sami Loone]
o Updates to the Japanese manpage translation by Taichi Kotake.
o [Ncat] Dramatically speed up Ncat transfers on
Windows by avoiding a 125ms wait for every read from
STDIN. [scriptjunkie]
o [Windows] Periodically reset the system idle timer to keep the
system from going to sleep while scans are in process. This only affects port
scans and OS detection scans, since NSE and version scan do not rely on
timing data to adjust speed.
o Updated the Nmap Public Source License (NPSL) to Version 0.95. This
just clarifies that the derivative works definition and all other
license clauses only apply to parties who choose to accept the
license in return for the special rights granted (such as Nmap
redistribution rights). If a party can do everything they need to
using copyright provisions outside of this license such as fair use,
we support that and aren't trying to claim any control over their
work. Versions of Nmap released under previous versions of the NPSL
may also be used under the NPSL 0.95 terms.
o Avoid storing many small strings from IPv4 OS detection results in the global
string_pool. These were effectively leaked after a host is done being
scanned, since string_pool allocations are not freed until Nmap quits.
for a non-default PKG_SYSCONFBASE
We do not at this point install pam files automatically.
And PKG_SYSCONFBASE/pam.d is not being looked at, so don't
bother installing anything there.
What's New
- Support for nested aliases
- repo set-default --view can now be called without a repo argument
What's Changed
- Color control and sensible defaults in modern terminals
- Fix windows crash by bumping wincred
- Update browser package to avoid Windows crash
- release upload sanitizes asset filenames prior to uploading
- pr status uses lighter API in supported environments
- All commands start up time improvements
- More commands use latin matching filter
- pr create respects GH_REPO env variable
- Do not fall back to legacy template if template selector returns nil
