1.3.7f
-------
1.3.7e
-------
+ Ensure that mod_sftp algorithms work properly when OpenSSL 3.x is used.
1.3.7d
-------
+ Improved consistency/support for name-based virtual hosts.
+ Fixed crashes due to very long lines in AuthGroupFiles (Issue #1321).
Changelog:
Version 3.2.8
Improvements:
kdig: malformed messages are parsed and printed using a best-effort approach
python: new dname from wire initialization
Bugfixes:
knotd: missing outgoing NOTIFY upon refresh if one of more primaries is up-to-date
knotd: journal loop detection can prevent zone from loading
knotd: cryptic error message when journal is full #842
knotd: failed to query catalog zone over UDP
configure: libngtcp2 check wrongly requires version 0.13.0 instead of 0.13.1
Version 3.2.7
Features:
knotd: new configuration option for preserving incoming IXFR changeset history (see 'zone.ixfr-by-one')
Improvements:
knotd: journal ensures the stored changeset's SOA serials are strictly increasing
knotd: more effective handling of zero KNOT_ZONE_LOAD_TIMEOUT_SEC environment value
knotd, kdig: incoming transfer fails if a message has the TC bit set
knotd, kjournalprint: store or print the timestamp of changeset creation
kxdpgun: load only necessary number of queries (Thanks to Petr Špaček)
kxdpgun: print ratio of sent vs. requested queries (Thanks to Petr Špaček)
kxdpgun: print percentages as floats (Thanks to Petr Špaček)
kjournalprint: ability to print a changeset loop
kjournalprint: added changset serials information to '-z -d' output
packaging: RHEL9 requires libxdp like fedora since RHEL 9.2 #844
doc: various improvements
Bugfixes:
knotd: journal loading can get stuck in a multi-changeset loop
knotd: missing RCU lock when reading zone through the control interface
knotd: server start D-Bus signaling doesn't work well if the zone file is missing, catalog zones are used, or in the async-start mode
knotd: test suite fails on 32bit architectures on musl 1.2 and newer #843
knotd: failed to process zero-length messages over QUIC
libs: compilation with embedded ngtcp2 fails if there is another ngtcp2 in the path
Version 3.2.6
Improvements:
libs: upgraded embedded libngtcp2 to 0.13.1
libs: added support for building on Cygwin and MSYS (Thanks to Christopher Ng)
mod-dnstap: improved precision of stored time values
kdig: added option for EDNS EXPIRE (see '+expire') #836
kdig: extended description of SOA timers in the multiline mode
kdig: reduced latency of TLS communication
libknot: added EDE codes 28 and 29
doc: various improvements
Bugfixes:
knotd: generated catalog zone not updated upon server reload #834
knotd: failed to check shared module configuration
knotd: missing RCU registration of the statistics thread (Thanks to Qin Longfei)
knotd: server logs failed to send QUIC packets in the XDP mode
libs: inconsistent transformation of IPv4-Compatible IPv6 Addresses
utils: failed to load configuration if dnstap module is enabled #831
libknot: missing include string.h
Changelog:
This release adds a script for bash autocompletion for nsd-control. Also
nsd-control can be configured to use unencrypted operation also when
compiled without openssl. There is also a systemd service unit example
file contributed. The dnstap log service can be contacted over TCP, with
the dnstap-ip: ip option. It is also possible to use TLS, with
dnstap-tls, it is enabled by default, and can be configured with the
dnstap-server-name, dnstap-cert-bundle, dnstap-client-key-file and
dnstap-client-cert-file options. The configure option
--enable-root-server is obsolete, it is no longer used and defaults to
on. In addition, the build file should support multicore build with
flex and bison more easily.
FEATURES:
Merge #263: Add bash autocompletion script for nsd-control.
Fix#267: Allow unencrypted local operation of nsd-control.
Merge #269 from Fale: Add systemd service unit.
Fix#271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
dnstap over TLS, default enabled. Configured with the
options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
dnstap-tls-client-key-file and dnstap-tls-client-cert-file.
BUG FIXES:
Fix#239: -Wincompatible-pointer-types warning in remote.c.
Fix configure for -Wstrict-prototypes.
Fix#262: Zone(s) not synchronizing properly via TLS.
Fix for #262: More error logging for SSL read failures for zone
transfers.
Merge #265: Fix C99 compatibility issue.
Fix#266: Fix build with --without-ssl.
Fix for #267: neater variable definitions.
Fix#270: reserved identifier violation.
Fix to clean more memory on exit of dnstap collector.
Fix dnstap to not check socket path when using IP address.
Fix to compile without ssl with dnstap-tls code.
Dnstap tls code fixes.
Fix include brackets for ssl.h include statements, instead of quotes.
Fix static analyzer warning about nsd_event_method initialization.
Fix#273: Large TXT record breaks AXFR.
Fix ixfr create from adding too many record types.
Fix cirrus script for submit to coverity scan to libtoolize
the configure script components config.guess and config.sub.
Fix readme status badge links.
make depend.
Fix for build to run flex and bison before compiling code that needs
the headers.
Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h.
For #279: Note that autoreconf -fi creates the configure script
and also the needed auxiliary files, for autoconf 2.69 and 2.71.
Fix unused variable warning in unit test, from clang compile.
Fix#240: Prefix messages originating from verifier.
Fix#275: Drop unnecessary root server checks.
yt-dlp 2023.07.06
Important changes
Security: [CVE-2023-35934] Fix Cookie leak
--add-header Cookie: is deprecated and auto-scoped to input URL domains
Cookies are scoped when passed to external downloaders
Add cookies field to info.json and deprecate http_headers.Cookie
Core changes
Allow extractors to mark formats as potentially DRM
Bugfix for b4e0d75848e9447cee2cd3646ce54d4744a7ff56 by pukkandan
Change how Cookie headers are handled by Grub4K
Prevent Cookie leaks on HTTP redirect by coletdjnz
formats: Fix best fallback for storyboards by pukkandan
outtmpl: Pad playlist_index etc even when with internal formatting by pukkandan
utils: clean_podcast_url: Handle protocol in redirect URL by pukkandan
Extractor changes
abc: Fix extraction
AdultSwim: Extract subtitles from m3u8
crunchyroll: music: Fix _VALID_URL
Douyin: Fix extraction from webpage by bashonly
googledrive: Fix source format extraction
kick: Fix _VALID_URL by bashonly
qdance: Add extractor
sbs: Python 3.7 compat by pukkandan
stacommu: Add extractors
twitter
Fix unauthenticated extraction
spaces: Fix extraction
vidlii: Handle relative URLs by pukkandan
vk: VKPlay, VKPlayLive: Add extractors
youtube
Add extractor-arg formats by pukkandan
Avoid false DRM detection
Fix comments' is_favorited
Ignore incomplete data for comment threads by default
Process post_live over 2 hours by pukkandan
stories: Remove
tab: Support shorts-only playlists
Downloader changes
aria2c: Add --no-conf by pukkandan
external: Scope cookies by bashonly, coletdjnz
http: Avoid infinite loop when no data is received by pukkandan
Misc. changes
Add CodeQL workflow
cleanup: Miscellaneous: 337734d by pukkandan
docs: Minor fixes by pukkandan
make_changelog: Skip reverted commits by pukkandan
Croc is a tool that allows any two computers to simply and securely transfer
files and folders. Croc may be the only CLI file-transfer tool that does all
of the following:
- Allows any two computers to transfer data (using a relay)
- Provides end-to-end encryption (using PAKE)
- Enables easy cross-platform transfers (Windows, Linux, Mac)
- Allows multiple file transfers
- Allows resuming transfers that are interrupted
- Local server or port-forwarding not needed
- IPv6-first with IPv4 fallback
- Can use proxy, like Tor
2.8.1
- BUG/MINOR: stats: Fix Lua's `get_stats` function
- BUG/MINOR: stream: do not use client-fin/server-fin with HTX
- BUG/MINOR: quic: Possible crash when SSL session init fails
- CONTRIB: Add vi file extensions to .gitignore
- BUG/MINOR: spoe: Only skip sending new frame after a receive attempt
- DOC: quic: fix misspelled tune.quic.socket-owner
- DOC: config: fix jwt_verify() example using var()
- DOC: config: fix rfc7239 converter examples (again)
- BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line
- BUG/MINOR: proxy: add missing interface bind free in free_proxy
- BUG/MINOR: proxy/server: free default-server on deinit
- BUG/MEDIUM: hlua: Use front SC to detect EOI in HTTP applets' receive functions
- BUG/MINOR: peers: Improve detection of config errors in peers sections
- REG-TESTS: stickiness: Delay haproxys start to properly resolv variables
- BUG/MINOR: ssl: log message non thread safe in SSL Hanshake failure
- BUG/MINOR: quic: Wrong encryption level flags checking
- BUG/MINOR: quic: Address inversion in "show quic full"
- BUG/MINOR: server: inherit from netns in srv_settings_cpy()
- BUG/MINOR: namespace: missing free in netns_sig_stop()
- BUG/MINOR: quic: Missing initialization (packet number space probing)
- BUG/MINOR: quic: Possible crash in quic_conn_prx_cntrs_update()
- BUG/MINOR: quic: Possible endless loop in quic_lstnr_dghdlr()
- BUG/MEDIUM: mworker: increase maxsock with each new worker
- BUG/MINOR: quic: ticks comparison without ticks API use
- DOC: Add tune.h2.be.* and tune.h2.fe.* options to table of contents
- DOC: Add tune.h2.max-frame-size option to table of contents
- REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages
- DOC: Attempt to fix dconv parsing error for tune.h2.fe.initial-window-size
- BUG/MINOR: http_ext: fix if-none regression in forwardfor option
- BUG/MINOR: mworker: leak of a socketpair during startup failure
- BUG/MINOR: quic: Prevent deadlock with CID tree lock
- BUG/MEDIUM: quic: error checking buffer large enought to receive the retry tag
- BUG/MINOR: config: fix stick table duplicate name check
- BUG/MINOR: quic: Missing random bits in Retry packet header
- BUG/MINOR: quic: Wrong Retry paquet version field endianess
- BUG/MINOR: quic: Wrong endianess for version field in Retry token
- IMPORT: slz: implement a synchronous flush() operation
- MINOR: compression/slz: add support for a pure flush of pending bytes
- BUILD: debug: avoid a build warning related to epoll_wait() in debug code
- MINOR: quic: Move QUIC encryption level structure definition
- MINOR: quic: Move packet number space related functions
- MINOR: quic: Reduce the maximum length of TLS secrets
- CLEANUP: quic: Remove server specific about Initial packet number space
3.10.8 (2023-06-23)
Merged Pull Requests
* Fix cannot find a UUID when connect using train with local transport
inside docker container #747 (Vasu1105)
ntopng 5.6
Breakthroughs
Add XL license
Add support Rocky9
Add support to Kafka
Increased max num of exporters
Introduce nTap support
Introduce support to ClickHouse Cluster
Rework Historical Chart Page
Rework pages using VueJS and moving towards responsive client
Improvements
Handle allowed networks for unprivileged users
Improve multitenancy support
Improve thread names
Improve mac formatting
Improve top host sites adding reset method
Improve pcap upload
Improve ports formatting
Improve handling for Cisco NBAR collection
Improve source style
Improve Linux OS detection
Improve Engaged Time Report in Chart
Improve passive DNS hosty resolution
Improve alerts reports
Improve OPNsense installation instruction
Improve host report
Improve support to NDPI_TCP_ISSUES flow risk
Improve layout
Improve ICMP flow handling
Lowered memory consumption due to alert score
Rework pro code directories
Rework lua code
Rework flow aggregation
Rework capabilities support
Socket code cleanup
Use API to build interface report
Update rrd calculations
Update JP localization (courtesy of Yoshihiro Ishikawa)
Changes
Add logo to package
Add missing deps
Add link to host
Add options to send report by email
Add Report class and example
Add internal server error on health/interfaces doc api
Add support for external (REST) host alerts
Add various help and parameters
Add script to create a pdf report from historical API data
Add NXLOG/Active Directory documentation
Add reload button in various pages
Add third party resources
Add flow exporter ips to observation points
Add support for the python API documentation
Add forced offline variable to mantain the --offline option
Add support for Lua host engaged alerts using timeout
Add observation points ts
Add HTTP server in flow details
Add token-based authentication https://www.ntop.org/guides/ntopng/advanced_features/authentication.html?highlight=token#token-based-authentication
Add Flow Risk (Bitmap) Filter in alerts
Add make targets for pip package Updated package classes
Add L7 information in flow object adding
Add CodeQL workflow for GitHub code scanning
Add modal-download-file component and add export timeseries png picture button
Add critical and emergency status to alerts
Add oneway TCP flows counters
Add support for nDPI network handling in flows
Add -n 4 for name resolution
Add IMAP/POP stats
Add Stratosphere Labs Blacklist support
Add support d3v7
Add Requires for RH9 (redhat-lsb-core is deprecated)
Add interfaces stats api and refactor the others health api
Add support to application protocol and master protocol
Add CIDR support in Historical Flows
Add new Aggregated Flows page
Add new Alerts Analysis page
Add support for estimating the number of TCP contacted servers with no reply
Add new Ports Analysis page
Add detection of periodic flows and exported it as flow risk in both flows and alerts
Add REST API to get DB columns and info
Add ability to query alerts from Python
Add Zoom streams handling
Add various checks
Add IP-in-IP decapsulation
Add Host Rules page (possiblity to trigger alerts based on timeseries)
Add the ability to analyze a pcap without creating a new interface
Add Windows timezone handling
Change table definition
Cleanup file names
Disabled host serialization
Enlarged the number of local networks to 1024
Increased upload size to 25 MB
Implement custom script check
Implement support of host filtering with TX traffic sent
Implement unresponsive peers host report
Implement count of incoming tx peers with TCP flows unanswered
Move ts business logic in ts_rest_utils.lua
Patch for handling nicely clock drift at startup
Remove obsolete autogen commands On Linux stay with g++ unless asnitizer is used
Remove REST API v0 (discontinued since ntopng 4.2)
Remove no more used severity
Refactor range-picker query_presets
Rework host packets page and removed dscp page
Rework host ports implementation
Rework Historical class
Rework OPNsense plugin package build
Self test fixes and improvements
Update documentation
Update REST API
Update bootstrap table css
Update various pages to vuejs
Update counter scaling (no gauge)
Update response in service disabled case
nEdge
Add support to multi LAN and fixes DHCP service error
Add VLAN and multi WAN support to nedge
Add routing_policy to nedge configuration callback
Fix netplan configuration error
Update vlan trunk doc
Fix
Df columns error management, table export formatted with % and column reordering now working
Fix missing openssl dependency from MacOS
Fix clang
Fix host sankey minor issues
Fix hyperlinks to historical charts not working
Fix hyperlinks not working correctly
Fix Regex escape
Fix application name resolution on aggregated views
Fix RRD driver for step calaculation
Fix visual bugs with master and app proto
Fix various interface page minor bugs
Fix shortened labels
Fix default sort not working
Fix influxdb retention not updated
Fix name and size of charts
Fix vlan label not mapped
Fix for FreeBSD configure
Fix ip resolution not updating the name
Fix discrepancy in Traffic Calculation (Interface Chart)
Fix measurement units not uniform
Fix crash swap
Fix bug that reported wrong DNS information
Fix build process with opnsense/plugins
Fix validators regexps
Fix ICMP emtropy report Improved HTTP flows report
Fix Telegram Reported alerts contain HTML
Fix multi-series Charts are Unreadable in Dark Mode
Fix invalid reverse host resolution that caused hosts to be labelled with wrong symbolic name
Fix delete obsoleted code from page-stats
Fix for circular dependency js
Fix overlay not working
Fix due to changes to nDPI ALPN handling
Fix CSS Inconsistency Across Browsers
Fix Deep copy also for array of objects
Fix missing modules
Fix NAT handling with nprobe
Fix initialization crash
Removed multiple load from tables
ZMQ encryption key is now reported in hex to avoid escape problems
nDPI 4.6
New Features
New support for custom BPF protocol definition using nBPF (see example/protos.txt)
Improved dissection performance
Added fuzzing all over
New Supported Protocols and Services
Add protocol detection for:
Activision
AliCloud server access
AVAST
CryNetwork
Discord
EDNS
Elasticsearch
FastCGI
Kismet
Line App and Line VoIP calls
Meraki Cloud
Munin
NATPMP
Syncthing
TP-LINK Smart Home
TUYA LAN
SoftEther VPN
Tailscale
TiVoConnect
Improvements
Improve protocol detection for:
Anydesk
Bittorrent (fix confidence, detection over TCP)
DNS, add ability to decode DNS PTR records used for reverse address resolution
DTLS (handle certificate fragments)
Facebook Voip calls
FastCGI (dissect PARAMS)
FortiClient (update default ports)
Zoom
Add Zoom screen share detection
Add detection of Zoom peer-to-peer flows in STUN
Hangout/Duo Voip calls detection, optimize lookups in the protocol tree
HTTP
Handling of HTTP-Proxy and HTTP-Connect
HTTP subclassification
Check for empty/missing user-agent in HTTP
IRC (credentials check)
Jabber/XMPP
Kerberos (support for Krb-Error messages)
LDAP
MGCP
MONGODB (avoid false positives)
Postgres
POP3
QUIC (support for 0-RTT packets received before the initial)
Snapchat Voip calls
SIP
SNMP
SMB (support for messages split into multiple TCP segments)
SMTP (support for X-ANONYMOUSTLS command)
STUN
SKYPE (improve detection over UDP, remove detection over TCP)
Teamspeak3 (License/Weblist detection)
Threema Messenger
TINC (avoid processing SYN packets)
TLS
improve reassembler
handling of ALPN(s) and subclassification
ignore invalid Content Type values
WindowsUpdate
Add flow risk:
NDPI_HTTP_OBSOLETE_SERVER
NDPI_MINOR_ISSUES (generic/relevant information about issues found on traffic)
NDPI_HTTP_OBSOLETE_SERVER (Apache and nginx are supported)
NDPI_PERIODIC_FLOW (reserved bit to be used by apps based on nDPI)
NDPI_TCP_ISSUES
Improve detection of WebShell and PHP code in HTTP URLs that is reported via flow risk
Improve DGA detection
Improve AES-NI check
Improve nDPI JSON serialization
Improve export/print of L4 protocol information
Improve connection refused detection
Add statistics for Patricia tree, Ahocarasick automa, LRU cache
Add a generic (optional and configurable) expiration logic in LRU caches
Add RTP stream type in flow metadata
LRU cache is now IPv6 aware
Tools
ndpiReader
Add support for Linux Cooked Capture v2
Fix packet dissection (CAPWAP and TSO)
Fix Discarded bytes statistics
Fixes
Fix classification by-port
Fix exclusion of DTLS protocol
Fix undefined-behaviour in ahocorasick callback
Fix infinite loop when a custom rule has port 65535
Fix undefined-behavior when setting empty user-agent
Fix infinite loop in DNS dissector (due to an integer overflow)
Fix JSON export of IPv6 addresses
Fix memory corruptions in Bittorrent, HTTP, SoftEther, Florensia, QUIC, IRC, TFTP dissectors
Fix stop of extra dissection in HTTP, Bittorrent, Kerberos
Fix signed integer overflow in ASN1/BER dissector
Fix char/uchar bug in ahocorasick
Fix endianess in IP-Port lookup
Fix FastCGI memory allocation issue
Fix metadata extraction in NAT-PMP
Fix invalid unidirectional traffic alert for unidirectional protocols (e.g. sFlow)
Misc
Support for Rocky Linux 9
Enhance fuzzers to test nDPI configurations, memory allocation failures, serialization/deserialization, algorithms and data structures
GitHub Actions: update to Node.js 16
Size of LRU caches is now configurable
3.12.1
Core Server
Bug Fixes
Declaration of a classic queue could run into an exception.
Classic queues v1 (CQv1) that had a backlog of messages stored by 3.9 and earlier versions
could run into an exception during queue index recovery after an upgrade to 3.10.x or any later series.
CQv2 and queues without a backlog were not affected.
Contributed by @gomoripeti (CloudAMQP).
Nodes that had a large number of quorum queues could observe accumulation of Erlang processes
under significant load.
Feature flag discovery on a newly added node could discover an incomplete inventory of feature flags.
Feature flag discovery operations will now be retried multiple times in case of network failures.
Nodes in clusters that had quorum queues and non-mirrored classic queues on stopped (or failed) nodes
could run into an exception.
The same exception could affect rabbitmqctl list_queues.
Proxy Protocol v2 LOCAL packets were not supported.
Enhancements
When a quorum queue does not find its local replica data files on boot, it will now log
a warning.
Management Plugin
Bug Fixes
An attempt to clear limits of a non-existent virtual host failed with a 500 status code.
Enhacements
Management UI will now display node maintenance status.
Contributed by @SimonUnge (AWS).
The "Queues" tab in the UI was renamed to "Queue and Streams" to better reflect
its contents.
New HTTP API endpoints for quorum queue replica management, equivalent to
the rabbitmq-queues commands that manage replicas.
POST /api/queues/quorum/{vhost}/{name}/replicas/add
DELETE /api/queues/quorum/{vhost}/{name}/replicas/remove
POST /api/queues/quorum/replicas/on/{node}/grow
DELETE /api/queues/quorum/replicas/on/{node}/shrink
Stream Plugin
Bug Fixes
Stream client connections that authenticated using x.509 certificates
failed.
OAuth 2 Plugin
Bug Fixes
Only set OAuth 2 client's CA certificate file setting when it is defined.
Enhancements
The plugin will now accept JWT tokens without a scope. Such tokens would only be useful when the plugin
is used exclusively for authentication and not authorization.
oauth2 is now an accepted alias for the OAuth 2 authentication and authorization backend:
auth_backends.1 = oauth2
Previously the only option for OAuth 2 was using a full module name,
rabbit_auth_backend_oauth2.
STOMP Plugin
Bug Fixes
STOMP plugin log entries had an extra line feed character.
Dependency Upgrades
ra was upgraded to 2.6.2
osiris was upgraded from 1.5.1 to 1.6.0
2023.6.22
Core changes
Fix bug in db3ad8a67661d7b234a6954d9c6a4a9b1749f5eb by pukkandan
Improve --download-sections by pukkandan
Support negative time-ranges
Add *from-url to obey time-ranges in URL
Indicate filesize approximated from tbr better by pukkandan
Extractor changes
Support multiple _VALID_URLs
dplay: GlobalCyclingNetworkPlus: Add extractor
dropout: Fix season extraction
motherless: Add gallery support, fix groups
nebula: Fix extractor
rheinmaintv: Add extractor
youtube
Add ios to default clients used by pukkandan
IOS is affected neither by 403 nor by nsig so helps mitigate them preemptively
IOS also has higher bit-rate 'premium' formats though they are not labeled as such
Improve description parsing performance
Improve nsig function name extraction by pukkandan
Workaround 403 for android formats by pukkandan
Misc. changes
Revert "Add automatic duplicate issue detection" by pukkandan
cleanup
9.18.16 (2023-06-21)
Security release:
- CVE-2023-2828
- CVE-2023-2911
6192. [security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
6188. [performance] Reduce memory consumption by allocating properly
sized send buffers for stream-based transports.
[GL #4038]
6186. [bug] Fix a 'clients-per-query' miscalculation bug. When the
'stale-answer-enable' options was enabled and the
'stale-answer-client-timeout' option was enabled and
larger than 0, named was taking two places from the
'clients-per-query' limit for each client and was
failing to gradually auto-tune its value, as configured.
[GL #4074]
6185. [func] Add "ClientQuota" statistics channel counter, which
indicates the number of the resolver's spilled queries
due to reaching the clients per query quota. [GL !7978]
6183. [bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
6182. [cleanup] Remove configure checks for epoll, kqueue and
/dev/poll. [GL #4098]
6181. [func] The "tkey-dhkey" option has been deprecated; a
warning will be logged when it is used. In a future
release, Diffie-Hellman TKEY mode will be removed.
[GL #3905]
6180. [bug] The session key object could be incorrectly added
to multiple different views' keyrings. [GL #4079]
6179. [bug] Fix an interfacemgr use-after-free error in
zoneconf.c:isself(). [GL #3765]
6176. [test] Add support for using pytest & pytest-xdist to
execute the system test suite. [GL #3978]
6174. [bug] BIND could get stuck on reconfiguration when a
'listen' statement for HTTP is removed from the
configuration. That has been fixed. [GL #4071]
6173. [bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
6165. [bug] Fix a logic error in dighost.c which could call the
dighost_shutdown() callback twice and cause problems
if the callback function was not idempotent. [GL #4039]
pkgsrc change: reduce pkglint warnings.
9.16.42 (2023-06-21)
Security release:
- CVE-2023-2828
- CVE-2023-2911
6192. [security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
6183. [bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
6173. [bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
Lexicon v3.12.0
Added
Add duckdns provider (experimental support)
Add dnsservices provider
Add flexibleengine provider
Official support for Python 3.11
Modified
Upgrade API version used for azure provider
Various fixes for documentation
Fix check for extra dependencies
2022-12-24: Ver 0.3-9
* Replace "sprintf()" in C.
* Replace some ".pbd_env" from function arguments.
* Add suppress messages to demo.
2022-10-16: Ver 0.3-8
* Fix "strict-types" and "deprecated-non-prototype" warnings.
* Fix "if() conditions comparing class() to string".
2022-02-04: Ver 0.3-7
* Make a copy of './inst/zmq_copyright/*' to './src/zmqsrc'.
* Add ZeroMQ authors to DESCRIPTION file.
2021-10-25: Ver 0.3-6
* Change configure.ac for autoconf-2.71
* Change tests to local in-process (inter-thread) communication transport
"zmq_inproc".
2021-04-17: Ver 0.3-6
* Check and add "libzmq>=4.3.0" and "-DENABLE_DRAFTS=ON" options.
* Add more ZMQ socket options up to libzmq 4.3.4 (may not stable).
2021-02-27: Ver 0.3-6
* Add more ZMQ socket options.
* Add timeout for connection in tests.
2021-02-09: Ver 0.3-5
* Update "conf.sub" and "conf.guess" from CRAN.
2020-12-13: Ver 0.3-4
* Change "http://" to "https://".
2020-09-07: Ver 0.3-4
* Fix warning 'char* strncpy(char*, const char*, size_t)' output truncated
due to "-Werror=stringop-truncation" by gcc 8.3.1
* Fix a "buf[1]" in zmq.send() call in "R_zmq_sendrecv.r"
2019-07-27: Ver 0.3-4
* For osx, change "install.libs.R" and "zzz.r.in" for staged installation.
2019-07-10: Ver 0.3-4
* Roll back to (R >= 3.5.0).
* Change detection of ZeroMQ library version to "4.2.2" from "4.0.4".
* Roll detection of ZeroMQ library version to "4.0.4".
* Block ZeroMQ library version "4.1.6".
2019-05-03: Ver 0.3-4
* Add "StagedInstall: FALSE" to DESCRIPTION to turn off WARNING in macos.
2019-04-26: Ver 0.3-4
* Revmoe "^M" from "src/zmqsrc/src/condition_variable.hpp".
2019-04-01: Ver 0.3-4
* Support REQ/REP sockets in sendfile/recvfile functions.
2019-02-18: Ver 0.3-4
* Add "R/R_zmq_transfers.r" for transferfing files and directories.
* Add importFrom utils for zip and unzip.
* Remove "-Werror" from "src/zmqsrc/configure" to pass "R CMD check".
2019-02-17: Ver 0.3-4
* Register "R_zmq_send_file" and "R_zmq_recv_file" in "src/zzz.c".
* Fix Windows binary files transfer problems.