Upstream changes:
Version 0.81 (2013-04-08)
* Correct reverseName() for IPv6 addresses, so IP('::1').reverseName() returns correct.
* Add network mask awareness to v46map()
* Fix Python 3 errors in IPSet class
* Make IPSet base class be object when MutableSet isn't available, fixing
errors in Python 2.5
Version 0.80 (2013-03-26)
------------
* Drop support of Python older than 2.4
* Python 3 does not need 2to3 conversion anymore (same code base)
* Fix adding of non-adjacent networks:
192.168.0.0/24 + 192.168.255.0/24 made 192.168.0.0/23
* Fix adding networks that don't create a valid subnet:
192.168.1.0/24 + 192.168.2.0/24 made 192.168.1.0/23
* Fix adding with an IPv6 address where .int() was < 32 bits made IPy believe it
was an IPv4 address:
::ffff:0/112 + ::1:0:0/112 made 255.255.0.0/111
* Add support of IPSets
* Add support for subtracting a network range
* Prevent IPv4 and IPv6 ranges from saying they contain each other
* Add a .v46map() method to convert mapped address ranges
such as IP('::ffff:192.168.1.1'); RFC 4291
* Change sort order to more natural:
IPv4 before IPv6; less-specific prefixes first (/0 before /32)
Version 0.76 (2013-03-19)
-------------------------
* ip == other and ip != other doesn't fail with an exception anymore if other
is not a IP object
* Add IP.get_mac() method: get the 802.3 MAC address from IPv6 RFC 2464
address.
* Fix IP('::/0')[0]: return an IPv6 instead of an IPv4 address
2014/07/25 : 1.5.3
- DOC: fix typo in Unix Socket commands
- BUG/MEDIUM: connection: fix memory corruption when building a proxy
v2 header
- BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
- DOC: mention that Squid correctly responds 400 to PPv2 header
- BUG/MINOR: http: base32+src should use the big endian version of base32
- BUG/MEDIUM: connection: fix proxy v2 header again!
Some parts are ported to python-3, but most parts not, so leave
it disabled for now.
Twisted Core 14.0.0 (2014-05-08)
================================
Features
--------
- twisted.internet.interfaces.IUDPTransport - and that interface's
implementations in Twisted - now supports enabling broadcasting.
(#454)
- trial's TestCase will now report a test method as an error if that
test method is a generator function, preventing an issue when a
user forgets to decorate a test method with defer.inlineCallbacks,
causing the test method to not run. (#3917)
- twisted.positioning, a new API for positioning systems such as GPS,
has been added. It comes with an implementation of NMEA, the most
common wire protocol for GPS devices. It will supersede
twisted.protoocols.gps. (#3926)
- The new interface twisted.internet.interfaces.IStreamClientEndpoint
StringParserWithReactor will supply the reactor to its
parseStreamClient method, passed along from
twisted.internet.endpoints.clientFromString. (#5069)
- IReactorUDP.listenUDP, IUDPTransport.write and
IUDPTransport.connect now accept ipv6 address literals. (#5086)
- A new API, twisted.internet.ssl.optionsForClientTLS, allows clients
to specify and verify the identity of the peer they're communicating
with. When used with the service_identity library from PyPI, this
provides support for service identity verification from RFC 6125, as
well as server name indication from RFC 6066. (#5190)
- Twisted's TLS support now provides a way to ask for user-configured
trust roots rather than having to manually configure such
certificate authority certificates yourself.
twisted.internet.ssl.CertificateOptions now accepts a new argument,
trustRoot, which combines verification flags and trust sources, as
well as a new function that provides a value for that argument,
twisted.internet.ssl.platformTrust, which allows using the trusted
platform certificate authorities from OpenSSL for certificate
verification. (#5446)
- Constants are now comparable/orderable based on the order in which
they are defined. (#6523)
- "setup.py install" and "pip install" now work on Python 3.3,
installing the subset of Twisted that has been ported to Python 3.
(#6539)
- twisted.internet.ssl.CertificateOptions now supports ECDHE for
servers by default on pyOpenSSL 0.14 and later, if the underlying
versions of cryptography.io and OpenSSL support it. (#6586)
- twisted.internet.ssl.CertificateOptions now allows the user to set
acceptable ciphers and uses secure ones by default. (#6663)
- The Deferred returned by
twisted.internet.defer.DeferredFilesystemLock.deferUntilLocked can
now be cancelled. (#6720)
- twisted.internet.ssl.CertificateOptions now enables TLSv1.1 and
TLSv1.2 by default (in addition to TLSv1.0) if the underlying
version of OpenSSL supports these protocol versions. (#6772)
- twisted.internet.ssl.CertificateOptions now supports Diffie-Hellman
key exchange. (#6799)
- twisted.internet.ssl.CertificateOptions now disables TLS
compression to avoid CRIME attacks and, for servers, uses server
preference to choose the cipher. (#6801)
- SSL server endpoint string descriptions now support the
specification of Diffie-Hellman key exchange parameter files.
(#6924)
- twisted.python.reflect.requireModule was added to handle
conditional imports of python modules and work around pyflakes
warnings of unused imports code. (#7014)
Bugfixes
--------
- If a ProcessProtocol.processExited method raised an exception a
broken process handler would be left in the global process state
leading to errors later on. This has been fixed and now an error
will be logged instead. (#5151)
- Twisted now builds on Solaris. Note that lacking a Buildbot slave
(see http://buildbot.twistedmatrix.com/boxes-supported) Solaris is
not a supported Twisted platform. (#5728)
- twisted.internet.utils is now correctly installed on Python 3.
(#6929)
- twisted.python.threadpool.ThreadPool no longer starts new workers
when its pool size is changed while the pool is not running.
(#7011)
Improved Documentation
----------------------
- Twisted now uses the Sphinx documentation generator for its
narrative documentation, which means that the source format for
narrative documentation has been converted to ReStructuredText.
(#4500)
- The Sphinx documentation is now also configured to allow
intersphinx links to standard library documentation. (#4582)
- The docstring for twisted.internet.task.react now better documents
the main parameter (#6071)
- The writing standard now explicitly mandates the usage of
ungendered pronouns. (#6858)
Deprecations and Removals
-------------------------
- test_import.py was removed as it was redundant. (#2053)
- Support for versions of pyOpenSSL older than 0.10 has been removed.
Affected users should upgrade pyOpenSSL. (#5014)
- twisted.internet.interfaces.IStreamClientEndpointStringParser is
now deprecated in favor of twisted.internet.interfaces.IStreamClien
tEndpointStringParserWithReactor. (#5069)
- unsignedID and setIDFunction, previously part of
twisted.python.util and deprecated since 13.0, have now been
removed. (#6707)
- FTPClient.changeDirectory was deprecated in 8.2 and is now removed.
(#6759)
- twisted.internet.stdio.StandardIO.closeStdin, an alias for
loseWriteConnection only available on POSIX and deprecated since
2.1, has been removed. (#6785)
- twisted.python.reflect.getcurrent is now deprecated and must not be
used. twisted.python.reflect.isinst is now deprecated in favor of
the built-in isinstance. (#6859)
Other
-----
- #1822, #5929, #6239, #6537, #6565, #6614, #6632, #6690, #6784,
#6792, #6795, #6821, #6843, #6846, #6854, #6856, #6857, #6872,
#6892, #6902, #6906, #6922, #6926, #6936, #6941, #6942, #6943,
#6944, #6945, #6946, #6948, #6979, #7001, #7049, #7051, #7094,
#7098
Twisted Conch 14.0.0 (2014-05-08)
=================================
Improved Documentation
----------------------
- The docstring for twisted.conch.ssh.userauth.SSHUserAuthClient is
now clearer on how the preferredOrder instance variable is handled.
(#6850)
Other
-----
- #6696, #6807, #7054
Twisted Lore 14.0.0 (2014-05-08)
================================
Deprecations and Removals
-------------------------
- twisted.lore is now deprecated in favor of Sphinx. (#6907)
Other
-----
- #6998
Twisted Mail 14.0.0 (2014-05-08)
================================
Improved Documentation
----------------------
- twisted.mail.alias now has full API documentation. (#6637)
- twisted.mail.tap now has full API documentation. (#6648)
- twisted.mail.maildir now has full API documentation. (#6651)
- twisted.mail.pop3client now has full API documentation. (#6653)
- twisted.mail.protocols now has full API documentation. (#6654)
- twisted.mail.pop now has full API documentation. (#6666)
- twisted.mail.relay and twisted.mail.relaymanager now have full API
documentation. (#6739)
- twisted.mail.pop3client public classes now appear as part of the
twisted.mail.pop3 API. (#6761)
Other
-----
- #6696
Twisted Names 14.0.0 (2014-05-08)
=================================
Features
--------
- twisted.names.root.Resolver now accepts a resolverFactory argument,
which makes it possible to control how root.Resolver performs
iterative queries to authoritative nameservers. (#6095)
- twisted.names.dns.Message now has a repr method which shows only
those instance flags, fields and sections which are set to non-
default values. (#6847)
- twisted.names.dns.Message now support rich comparison. (#6848)
Bugfixes
--------
- twisted.names.server.DNSServerFactory now responds with messages
whose flags and fields are reset to their default values instead of
copying these from the request. This means that AD and CD flags,
and EDNS OPT records in the request are no longer mirrored back to
the client. (#6645)
Improved Documentation
----------------------
- twisted.names now has narrative documentation showing how to create
a custom DNS server. (#6864)
- twisted.names.server now has full API documentation. (#6886)
- twisted.names now has narrative documentation explaining how to use
its client APIs. (#6925)
- twisted.names now has narrative documentation and examples showing
how to perform reverse DNS lookups. (#6969)
Other
-----
- #5675, #6222, #6672, #6696, #6887, #6940, #6975, #6990
Twisted News 14.0.0 (2014-05-08)
================================
No significant changes have been made for this release.
Other
-----
- #6991
Twisted Pair 14.0.0 (2014-05-08)
================================
Features
--------
- twisted.pair.tuntap now has complete test coverage, basic
documentation, and works without the difficult-to-find system
bindings it used to require. (#6169)
Other
-----
- #6898, #6931, #6993
Twisted Runner 14.0.0 (2014-05-08)
==================================
No significant changes have been made for this release.
Other
-----
- #6992
Twisted Web 14.0.0 (2014-05-08)
===============================
Features
--------
- twisted.web.http.proxiedLogFormatter can now be used with
twisted.web.http.HTTPFactory (and subclasses) to record X
-Forwarded-For values to the access log when the HTTP server is
deployed behind a reverse proxy. (#1468)
- twisted.web.client.Agent now uses
twisted.internet.ssl.CertificateOptions for SSL/TLS and benefits
from its continuous improvements. (#6893)
Bugfixes
--------
- twisted.web.client.Agent now correctly manage flow-control on
pooled connections, and therefore requests will no longer hang
sometimes when deliverBody is not called synchronously within the
callback on Request. (#6751)
- twisted.web.client.Agent now verifies that the provided server
certificate in a TLS connection is trusted by the platform. (#7042)
- When requesting an HTTPS URL with twisted.web.client.Agent, the
hostname of the presented certificate will be checked against the
requested hostname; mismatches will now result in an error rather
than a man-in-the-middle opportunity for attackers. This may break
existing code that incorrectly depended on insecure behavior, but
such code was erroneous and should be updated. (#4888)
Other
-----
- #5004, #6881, #6956
Twisted Words 14.0.0 (2014-05-08)
=================================
Bugfixes
--------
- twisted.words.protocols.jabber.sasl_mechansisms.DigestMD5 now works
with unicode arguments. (#5066)
Other
-----
- #6696
NEWS for rsync 3.1.1 (22 Jun 2014)
Protocol: 31 (unchanged)
Changes since 3.1.0:
BUG FIXES:
- If the receiver gets bogus filenames from the sender (an unexpected
leading slash or a ".." infix dir), exit with an error. This prevents a
malicious sender from trying to inject filenames that would affect an
area outside the destination directories.
- Fixed a failure to remove the partial-transfer temp file when interrupted
(and rsync is not saving the partial files).
- Changed the chown/group/xattr-set order to avoid losing some security-
related xattr info (that would get cleared by a chown).
- Fixed a bug in the xattr-finding code that could make a non-root-run
receiver not able to find some xattr numbers.
- Fixed a bug in the early daemon protocol where a timeout failed to be
honored (e.g. if the remote side fails to send us the initial protocol
greeting).
- Fixed unintended inclusion of commas in file numbers in the daemon log.
- We once again send the 'f' sub-flag (of -e) to the server side so it
knows that we can handle incremental-recursion directory errors properly
in older protocols.
- Fixed an issue with too-aggressive keep-alive messages causing a problem
for older rsync versions early in the transfer.
- Fixed an incorrect message about backup-directory-creation when using
--dry-run and the backup dir is not an absolute path.
- Fixed a bug where a failed deletion and/or a failed sender-side removal
would not affect the exit code.
- Fixed a bug that caused a failure when combining --delete-missing-args
with --xattrs and/or --acls.
- Fixed a strange dir_depth assertion error that was caused by empty-dir
removals and/or duplicate files in the transfer.
- Fixed a problem with --info=progress2's output stats where rsync would
only update the stats at the end of each file's transfer. It now uses
the data that is flowing for the current file, making the stats more
accurate and less jumpy.
- Fixed an itemize bug that affected the combo of --link-dest, -X, and -n.
- Fixed a problem with delete messages not appearing in the log file when
the user didn't use --verbose.
- Improve chunked xattr reading for OS X.
- Removed an attempted hard-link xattr optimization that was causing a
transfer failure. This removal is flagged in the compatibility code, so
if a better fix can be discovered, we have a way to flip it on again.
- Fixed a bug when the receiver is not configured to be able to hard link
symlimks/devices/special-file items but the sender sent some of these
items flagged as hard-linked.
- We now generate a better error if the buffer overflows in do_mknod().
- Fixed a problem reading more than 16 ACLs on some OSes.
- Fixed the reading of the secrets file to avoid an infinite wait when
the username is missing.
- Fixed a parsing problem in the --usermap/--groupmap options when using
MIN-MAX numbers.
- Switched Cygwin back to using socketpair "pipes" to try to speed it up.
- Added knowledge of a few new options to rrsync.
ENHANCEMENTS:
- Tweaked the temp-file naming when --temp-dir=DIR is used: the temp-file
names will not get a '.' prepended.
- Added support for a new-compression idiom that does not compress all the
matching data in a transfer. This can help rsync to use less cpu when a
transfer has a lot of matching data, and also makes rsync compatible with
a non-bundled zlib. See the --new-compress and --old-compress options in
the manpage.
- Added the support/rsync-no-vanished wrapper script.
- Made configure more prominently mention when we failed to find yodl (in
case the user wants to be able to generate manpages from *.yo files).
- Have manpage mention how a daemon's max-verbosity setting affects info
and debug options. Also added more clarification on backslash removals
for excludes that contain wildcards.
- Have configure check if for the attr lib (for getxattr) for those systems
that need to link against it explicitly.
- Change the early dir-creation logic to only use that idiom in an
inc-recursive copy that is preserving directory times. e.g. using
--omit-dir-times will avoid these early directories being created.
- Fix a bug in cmp_time() that would return a wrong result if the 2 times
differed by an amount greater than what a time_t can hold.
DEVELOPER RELATED:
- We now include an example systemd file (in packaging/systemd).
- Tweaked configure to make sure that any intended use of the included popt
and/or zlib code is put early in the CFLAGS.
The most important change in this release is that TLS version negotiation is no longer used unless it's explicitly turned on in the configuration files, thus reverting back to the 2.3.2 behaviour as interoperability issues were encountered in 2.3.3. Other notable changes include addition of SSL library version reporting, fixing of SOCKSv5 authentication logic and making serial env exporting consistent between OpenSSL and PolarSSL. This release also contains a number of other bug fixes and small enhancements.
mk/krb5.buildlink3.mk.
It prevent link libcrypt twice with PREFER_PKGSRC=openssl.
Fix was provided Chuck Silvers via private e-mail about two weeks ago and
I've confirmed the problem.
Bump PKGREVISION.
Upstream changes:
2.1.0
Changelog:
* New feature: Filter::matches() can do simple filtering on entry sets (supported: equals, contain, begin, end, any; NOT, AND, OR. Filtering is simple based on regexp, no schema checks and matchRules yet!)
* Fixed minor bugs in Filter, LDAP and Entry class
* Util::split_attribute_string(): Added support for extended match operators from filters
* Util::split_attribute_string(): Added support for delimeter retrieval
======
- Fixed remaining bug in ``maybe_declare`` for ``auto_delete`` exchanges.
- MongoDB: Creating a channel now properly evaluates a connection (Issue #363).
3.0.20
======
- Reverts change in 3.0.17 where ``maybe_declare`` caches the declaration
of auto_delete queues and exchanges.
- Redis: Fixed race condition when using gevent and the channel is closed.
1.5.2
-----
Two extra important issues were discovered since 1.5.1 which were fixed
in 1.5.2. The first one can cause some sample fetch combinations to fail
together in a same expression, and one artificial case (but totally
useless) may even crash the process. The second one is an incomplete
fix in 1.5-dev23 for the request body forwarding. Hash-based balancing
algorithms and http-send-name-header may fail if a request contains
a body which starts to be forwarded before the contents are used.
A few other bugs were fixed, and the max syslog line length is now
configurable per logger.
1.5.1
-----
Version 1.5.1 fixes a few bugs from 1.5.0 among which a really annoying
one which can cause some file descriptor leak when dealing with clients
which disappear from the net, resulting in the impossibility to accept
new connections after some time.
1.5.0
-----
1.5 expands 1.4 with many new features and performance improvements,
including native SSL support on both sides with SNI/NPN/ALPN and OCSP
stapling, IPv6 and UNIX sockets are supported everywhere, full HTTP
keep-alive for better support of NTLM and improved efficiency in
static farms, HTTP/1.1 compression (deflate, gzip) to save bandwidth,
PROXY protocol versions 1 and 2 on both sides, data sampling on
everything in request or response, including payload, ACLs can use
any matching method with any input sample maps and dynamic ACLs
updatable from the CLI stick-tables support counters to track
activity on any input sample custom format for logs, unique-id,
header rewriting, and redirects, improved health checks (SSL,
scripted TCP, check agent, ...), much more scalable configuration
supports hundreds of thousands of backends and certificates without
sweating.
Full changelog for the 1.5 branch:
http://www.haproxy.org/download/1.5/src/CHANGELOG
* If just given a domain and no search list, make the search list the domain
* Skip arpping directives if we have a profile but not parsing one
* Allow the request of a DHCPv6 address or prefix, a prefix length must be
specified
* Add the ability to dump DHCPv6 leases
* Improve startup with regards to carrier checking and adding a link-local
IPv6 address
* Start the correct interface reference for added devices
* Support
http://datatracker.ietf.org/doc/draft-ietf-dhc-dhcpv6-stateful-issues-06
via the ia_pd_mix option
* Fix link handling where kernel reported flags in LINK_UP may not be
valid when we actually process them
* Fix defining new options in dhcpcd.conf and requesting them
* Fix a potential segfault when reloading configurations
* Print user defined options via -V
* Add support for RFC6603, Prefix Exclude option
* When requesting a IA_PD and another IA type, create a psuedo interface
to handle the IA_PD
* Handle truncated DHCPv6 saved leases
* FIX: at getting tab order, unwanted non-existet tab may be created.
* FIX: properly handle mentions to multiple accounts.
* CHANGE: colorize rule of metions for tweets with multi accounts.
*
