# pkgsrc changes
No OWNDIR needed for daemon's HOME
Add Perl path to LDFLAGS only when it is needed (snmp support)
List INSTALLATION_DIRS explicitly
Set PKG_SYSCONFSUBDIR, so that README.conf actually gets installed
Since editline is fully functional, avoid linking against the GPLv3 readline
# upstream changes
Numerous small changes, see ChangeLog.
gh is GitHub on the command line, and it's now available in beta.
It brings pull requests, issues, and other GitHub concepts to the
terminal next to where you are already working with git and your code.
Update bind911 to 9.11.20, fixing CVE-2020-8619.
--- 9.11.20 released ---
5437. [bug] Fix a data race in lib/dns/resolver.c:log_formerr().
[GL #1808]
5434. [security] It was possible to trigger an INSIST in
lib/dns/rbtdb.c:new_reference() with a particular zone
content and query patterns. (CVE-2020-8619) [GL #1111]
[GL #1718]
5433. [test] Prevent the resolver system test for change #5395
(max-recursion-queries) from failing on systems without
IPv6 support. [GL #1873]
5428. [bug] Clean up GSSAPI resources in nsupdate only after taskmgr
has been destroyed. Thanks to Petr Menšík. [GL !3316]
5427. [bug] Fix a regression in address/prefix length checking that
should have been a warning instead of an error.
[GL #1849]
5415. [test] Address race in dnssec system test that led to
test failures. [GL #1852]
5413. [test] Address race in autosign system test that led to
test failures. [GL #1852]
5412. [bug] 'provide-ixfr no;' failed to return up-to-date responses
when the serial was greater than or equal to the
current serial. [GL #1714]
5409. [performance] When looking up NSEC3 data in a zone database, skip the
check for empty non-terminal nodes; the NSEC3 tree does
not have any. [GL #1834]
5408. [protocol] Print Extended DNS Errors if present in OPT record.
[GL #1835]
5405. [bug] 'named-checkconf -p' could include spurious text in
server-addresses statements due to an uninitialized DSCP
value. [GL #1812]
0.10.15
- Added `assert_call_count` to improve ergonomics around ensuring a mock was called.
- Fix incorrect handling of paths with query strings.
- Add Python 3.9 support to CI matrix.
Features
Add L3 switching features for USW-Pro series.
Improvements
Add support for MongoDB 3.6.
Auto-optimize enables Wi-Fi AI.
Prioritize busy times in Wi-Fi AI logic.
Update Hotspot 2.0 for WFA requirements.
Add VHT160 option for Japan.
Show client icons on DPI and statistics pages.
Improve SSID validation.
Improve support for USP Plug.
Allow adopting UBB only if both devices are connected.
Allow changing VHT mode for 5GHz radio on UBB.
Adjust speed test statistics to longer intervals.
Add LTS notifications.
Add Analytics & Improvements opt-in modal which is displayed post upgrade.
Add description of SNMPv3 security options.
Allow sending test emails via Cloud Email service.
Make timezones dropdown searchable.
Update IANA timezone database.
Update inter-VLAN routing Network form.
Remove OP mode from Port Profiles.
Add MAC column to Insights/Known Clients.
Update available IDS/IPS categories to lessen false positives and improve resource use.
Rename UDM-Beacon to UAP-BeaconHD.
Improve Property Panel for USW Leaf.
Handle LCM sync event notifications on UDM.
Support U-LTE on UDM devices.
Support WAN failover for UDM devices.
Add UDM boot sound checkbox.
Various fixes and improvements in Beta Settings.
Various performance improvements.
Update translations and add missing events.
Known issues
Don't remind me button for LTS notifications doesn't function properly.
Blocking countries in map is not working, workaround is using the classic settings.
Incorrect DPI Statistics.
This allows rust-bin and rust to coexist in bulk builds (for testing, etc),
but the packages still may not be installed at the same time.
rust.mk as a solution for picking the correct rust variant was suggested
by gdt@. It is intended to be included directly by packages that do not
use cargo.mk, and indirectly by packages that do use cargo.mk.
rust.mk provides one user-settable variable:
RUST_TYPE
as before, whether to bootstrap rust from source or use
official binaries. may be "src" or "bin"
And two package-settable variables:
RUST_REQ
the minimum version of Rust required by the package.
defaults to "1.20.0"
RUST_RUNTIME
whether Rust is a runtime dependency, may be "yes" or "no"
Update ruby-xdr to 3.0.1.
3.0.1
Added
* Add encoding parameter to Union#to_xdr
((#7)[https://github.com/stellar/ruby-xdr/pull/7]).
Fixed
* Padding bytes are now properly validated when reading xdr values.
According to the XDR spec, padding must be zeros.
* Version 2.0.44
- More updates to the set of block lists, thanks again to IceCodeNew.
- Netprobes and listening sockets are now ignored when the `-list`,
`-list-all`, `-show-certs` or `-check` command-line switches are used.
- `tls_client_auth` was renamed to `doh_client_x509_auth`. A section
with the previous name is temporarily ignored if empty, but will error
out if not.
- Unit tests are now working on 32-bit systems. Thanks to Will Elwood
and @lifenjoiner.
v2.66.0
FEATURES:
New Data Source: aws_wafv2_rule_group
New Resource: aws_wafv2_rule_group
BUG FIXES:
resource/aws_autoscaling_group: Allow on_demand_base_capacity to be set to 0
resource/aws_autoscaling_group: Add Computed field to instances_distribution and it's sub-fields on_demand_allocation_strategy, on_demand_base_capacity, on_demand_percentage_above_base_capacity, and spot_allocation_strategy
resource/aws_autoscaling_group: Remove Default field from instances_distribution sub-fields on_demand_allocation_strategy, on_demand_percentage_above_base_capacity, and spot_allocation_strategy
resource/aws_batch_job_definition: Prevent differences when no command is specified in container properties
resource/aws_instance: Continue supporting empty string ("") private_ip argument
*5.8*
snmplib:
- TLS/DTLS fixes
- fix usm keychanges for new algorithms and longer keylengths
- IP address formatting fixes
- BUG: 2592: from Stuart Kendrick - increase MAXTC to 16384
- add new sha2 auth protocols
- Restore AES-192 and AES-256 privacy protocols - from
draft-blumenthal-aes-usm-04 (precursor to RFC 3826)
- Use OIDs from http://www.snmp.com/eso/esoConsortiumMIB.txt
- Some code borrowed from PATCH 1346, thanks to
Alexander Ivanov and Vladimir Sukhorukov.
- BUG: 2622: Fix excessive indents in log file
- new config tokens:
- sendMessageMaxSize
- disableSNMPv1 / disableSNMPv2c
- new api for dynamic debug log level (netsnmp_set_debug_log_level)
snmpd:
- SNMP-TARGET-MIB: Fix snmpTargetAddrTAddress
- Com2sec and com2sec6 SOURCE values may deny sources as well as
permit.
- allow trap sinks to set Target-MIB characteristics (name, tag, profile)
- add source addr/port option to trapsink/trap2sink/informsink
- packet filtering by source ip (enableSourceFiltering/filtersource)
- several getbulk handling improvements
- several new APIs introduced for run-time configuration of agent:
- netsnmp_vacm_simple_usm_add/del
- usm_create_usmUser_*
- netsnmp_udp_com2SecEntry_create/netsnmp_udp_com2SecList_remove
- netsnmp_agent_listen_on to open agent port
Win32:
- Add support for the DTLS-UDP and TLS-TCP transports
scripts:
- A new 'checkbandwidth' script to check host min/max bandwidth
snmptranslate:
- Introduce bulk translation mode The special argument "-" causes
snmptranslate to enter bulk translation mode, in which it expects
one OID per line. Whitespace is treated as the end of the OID, and
only that portion of the line is replaced, meaning that this can be
used to translate, e.g., "snmpwalk" output without the proper MIBs
loaded: snmptranslate -m all -OX < numeric.txt > symbolic.txt
building:
- Add Travis and Appveyor CI support
- IPv6 support is now compiled by default. If you need an IPv4-only
agent, use --disable-ipv6.
- Fixed/improved support for several non-Linux platforms
- Many fixes found by Coverity anf Fortify scans
Changes:
1.52.1
------
* Bug Fixes
* lib/file: Fix SetSparse on Windows 7 which fixes downloads of
files > 250MB (Nick Craig-Wood)
* build
* Update go.mod to go1.14 to enable -mod=vendor build (Nick Craig-Wood)
* Remove quicktest from Dockerfile (Nick Craig-Wood)
* Build Docker images with GitHub actions (Matteo Pietro Dazzi)
* Update Docker build workflows (Nick Craig-Wood)
* Set user_allow_other in /etc/fuse.conf in the Docker image
(Nick Craig-Wood)
* Fix xgo build after go1.14 go.mod update (Nick Craig-Wood)
* docs
* Add link to source and modified time to footer of every
page (Nick Craig-Wood)
* Remove manually set dates and use git dates instead (Nick Craig-Wood)
* Minor tense, punctuation, brevity and positivity changes for the
home page (edwardxml)
* Remove leading slash in page reference in footer when present
(Nick Craig-Wood)
* Note commands which need obscured input in the docs (Nick Craig-Wood)
* obscure: Write more help as we are referencing it elsewhere
(Nick Craig-Wood)
* VFS
* Fix OS vs Unix path confusion - fixes ChangeNotify on Windows
(Nick Craig-Wood)
* Drive
* Fix missing items when listing using --fast-list / ListR
(Nick Craig-Wood)
* Putio
* Fix panic on Object.Open (Cenk Alti)
* S3
* Fix upload of single files into buckets without create permission
(Nick Craig-Wood)
* Fix --header-upload (Nick Craig-Wood)
* Tardigrade
* Fix listing bug by upgrading to v1.0.7
* Set UserAgent to rclone (Caleb Case)
iperf 3.8.1 2020-06-10
----------------------
* Notable user-visible changes
* A regression with "make install", where the libiperf shared
library files were not getting installed, has been fixed.
iperf 3.8 2020-06-08
--------------------
* Notable user-visible changes
* Profiled libraries and binaries are no longer built by default.
* A minimal Dockerfile has been added.
* A bug with burst mode and unlimited rate has been fixed
* Configuring with the --enable-static-bin flag will now cause
a statically-linked iperf3 binary to be built.
* Configuring with the --without-sctp flag will now prevent SCTP
from being auto-detected. This flag allows building a
static binary (see above item) on a CentOS system with SCTP
installed, because no static SCTP libraries are available.
* Clock skew between the iperf3 client and server will no longer
skew the computation of jitter during UDP tests.
* A possible buffer overflow in the authentication feature has been
fixed. This was only relevant when configuration authentication
using the libiperf3 API, and did not affect command-line usage.
Various other improvements and fixes in this area were also made.
* Notable developer-visible changes
* The embedded version of cJSON has been updated to 1.3.17.
* Some server authentication functions have been added to the API.
* API access has been added to the connection timeout parameter.
* Tests for some authentication functions have been added.
* Various compiler errors and warnings have been fixed.
Overview of changes in 3.36.0
=============================
* Updated translations:
Finnish
Kurdish (Sorani)
Overview of changes in 3.35.90
==============================
* Bugs fixed:
!41 Polish some rough edges in the Meson build
!43 build: Remove AC_ISC_POSIX
!44 build: Remove AC_HEADER_STDC
!45 kerberos-identity-manager: Remove unused signal handler ID
#43 daemon, dbus: Enable checking if a provider type is supported
* Updated translations:
Croatian
English (British)
Japanese
Malay
Overview of changes in 3.35.3
=============================
* Remove Pocket (!18)
* Bugs fixed:
!36 Drop the priv pointer from the GObject instance structures
!37 Port away from deprecated GLib API like g_memove and g_get_current_time
!39 webview: Port to JSCValue
!40 Use the G_DECLARE_* macros to reduce GObject boilerplate
#83 Add Exchange and Last.fm icons
* Updated translations:
Galician
Russian
Overview of changes in 3.35.1
=============================
* Bugs fixed:
#8 icons: Unbreak providers without any visual identity
* Updated translations:
Basque
Catalan
Traditional Chinese (Taiwan)
Czech
Danish
Dutch
Finnish
French
Friulian
Galician
German
Greek
Hungarian
Indonesian
Italian
Japanese
Korean
Latvian
Lithuanian
Persian
Polish
Portuguese (Brazilian)
Punjabi
Romanian
Serbian
Slovak
Slovenian
Spanish
Swedish
Turkish
Overview of changes in 3.33.91
==============================
* Support Fedora Account System (#26)
* Bugs fixed:
!21 owncloud: Use "Nextcloud", not "ownCloud", in user-visible errors
!23 build: Allow building with gettext ≥ 0.20
!26 webview: Make it more flexible in terms of its size
!28 kerberos: Use GTask's task data slot to leverage the compiler
!29 daemon: Return a D-Bus error if AddAccount fails to list all providers
!30 kerberos: Use GTask's task data slot to leverage the compiler
#73 build: Support the use of g_autolist with GoaObject
764157 Port to GTask from GSimpleAsyncResult
* Updated translations:
Basque
Czech
German
Indonesian
Karbi
Lithuanian
Polish
Romanian
Spanish
Swedish
Overview of changes in 3.32.0
=============================
* Updated translations:
Basque
Finnish
Gaelic (Scottish)
Icelandic
Overview of changes in 3.31.90
==============================
* Bugs fixed:
!17 icons: Replace PNGs with SVGs and add symbolics
!19 google: Only request the email field when getting the user's identity
796095 alarm: Refresh Kerberos tickets after a suspended system is resumed
* Updated translations:
Afrikaans
French
Japanese
Kabyle
Overview of changes in 3.31.3
=============================
* Remove Todoist
* Bugs fixed:
!14 build: Don't define _POSIX_PTHREAD_SEMANTICS and _REENTRANT
!15 identity: Port away from deprecated g_type_class_add_private
764157 Port to GTask from GSimpleAsyncResult
* Updated translations:
Belarusian
Esperanto
Estonian
Malayalam
Overview of changes in 3.30.0
=============================
* Updated translations:
Arabic
Overview of changes in 3.29.91
==============================
* Bugs fixed:
!2 build: Fix #FooObject style links
!8 Remove additional unnecessary GDestroyNotify casts
#10 build: Silence warning about _FORTIFY_SOURCE requiring optimization
Overview of changes in 3.29.4
=============================
* Bugs fixed:
!2 Port to meson build system
* Updated translations:
Occitan
Overview of changes in 3.29.1
=============================
* Remove Telepathy support (795322)
* Updated translations:
Simplified Chinese
Czech
StatZone 1.0.2 (2020-06-10)
- Use CLOCK_REALTIME if CLOCK_MONOTONIC is not available
- Remove unneeded <sys/select.h> include
- Define _GNU_SOURCE in CMakeLists.txt to avoid cluttering source files
- Allow the openat and write syscalls, they are used on glibc systems
- No need to set HAVE_SECCOMP to 1, defining it is enough
- Introduce the displaySummary() function, and use it to print summary
- Move elapsed time calculation in the displaySummary() function
- Add a signal handler for SIGINFO, to display progression on
supported platforms
- Do not use intermediate variable to calculate elapsed time
- Remove now useless runtime member from the results structure
3.48.1 (2020-05-18)
- If FileZilla is configured to restore open tabs on startup, the directory trees no longer shrink in size
3.48.1-rc1 (2020-05-12)
! MSW: The settings directory is now initially created with tight permissions restricted to the user's account. Previously the directory could have had inherited too wide permissions if a custom location outside the user's profile directory had been preconfigured.
+ Redesigned certificate dialog
+ During directory comparison and comparative search, Ctrl+Shift+A can now be used to select only the highlighted files
- Fixed import of settings
- Fixed local file editing if the option to track local file changes had been disabled
- Fixes to storing associations
3.48.0 (2020-04-27)
! Custom associations for file extensions containing spaces were not saved correctly
3.48.0-rc1 (2020-04-20)
+ Overhaul of file associations for editing files. The setting to inherit system associations has been removed. When first editing a type of file with no default editor set, a dialog is shown asking which editor to use. The system associatio, if it exists, is a choice in this dialog.
- SFTP: Re-added support for AES-GCM which was accidentally removed in 3.46.1
- Fixes for comparative search leaving the program in an inconsistent state when closing the dialog during an ongoing search
- Building and running FileZilla now depends on libfilezilla >= 0.20.0 (https://lib.filezilla-project.org/)
0.22.0 (2020-05-12)
+ Added a flag to fz::file to allow creation of files with permissions only granting the current user access
+ Added fz::mkdir to create local directories, optionally recursive and with permissions to only grant the current user access to the final directory
- MSW: Improvements handling directory reparse points
- Lengthen partial certificate chains in fz::tls_info to include any found trust anchor if using the system trust store
- Mark self-signed certificates in the in fz::x509_certificate
- Fix constructing fz::uri from default-constructed string_view
0.21.0 (2020-04-20)
+ macOS: fz::spawn_detached_process can now start application bundles
+ Changed arguments of fz::local_filesys::get_next_file to be consistent with fz::local_filesys::get_file_info
- Improved error detection for fz::spawn_detached-process on *nix systems that support the pipe2 syscall with O_CLOEXEC
0.1.7
Fixed Python 3 compatibility in the examples
Exposed network interface indexes in Adapter.index
Added the license file to distributions on PyPI
Fixed Illumos/Solaris compatibility
Set up universal wheels, ifaddr will have both source and wheel distributions on PyPI from now on
# 2020-05-20 Version 2.1.1
Important notes:
* CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
* CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to uninitialized value
* CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
* Enforce synchronous legacy RDP encryption count (#6156)
* Fixed some leaks and crashes missed in 2.1.0
* Removed dynamic channel listener limits
* Lots of resource cleanup fixes (clang sanitizers)
* A couple of performance improvements
* Various small annoyances eliminated (typos, prefilled username for windows client, ...)
v1.6.1
This is a fixup release on 1.6.0 in order to restore the auto upgrade
critera broken in 1.5.0.
Bugfixes:
* #6701: Syncthing 1.5.0+ auto upgrades even with auto upgrades disabled
in config
v1.6.0
This release performs a database schema migration, and adds the
BlockPullOrder, DisableFsync and MaxConcurrentWrites folder
options to the configuration schema.
The LocalChangeDetected event no longer has the action set to
added for new files, instead showing modified for all local file
changes.
Bugfixes:
* #3876: Removing and re-adding a folder may cause data loss
* #5731: 100% CPU every minute on watch setup retry
* #6268: Out of sync panel layout overflows
* #6557: Folder error repeatedly set and unset
* #6559: Deadlock on folder unsubscribe
* #6576: Versioning params in config flip flop in order
* #6578: Allow rescan at folder state "Local Additions"
* #6583: Distributed deadlock on request
* #6604: Docker healthcheck fails when run in host network
Enhancements:
* #5224: Accept new connections in place of old ones when appropriate
* #6530: Add "Pause All"/"Resume All" button for devices
* #6541: Limit number of concurrent writes while syncing
Other issues:
* #6575: Incomprehensible error message: 'directory is not empty; files
within are probably ignored on connected devices only'
* #6584: A field in a structure is sometimes protected by Mutex, but
sometimes unprotected.
* Version 2.0.43
- Built-in support for DNS64 translation has been implemented.
(Contributed by Sergey Smirnov, thanks!)
- Connections to DoH servers can be authenticated using TLS client
certificates (Contributed by Kevin O'Sullivan, thanks!)
- Multiple stamps are now allowed for a single server in resolvers
and relays lists.
- Android: the time zone for log files is now set to the system
time zone.
- Quite a lot of updates and additions have been made to the
example domain block lists. Thanks to `IceCodeNew`!
- Cached configuration files can now be temporarily used if
they are out of date, but bootstraping is impossible. Contributed by
`lifenjoiner`, thanks!
- Precompiled macOS binaries are now notarized.
- `generate-domains-blacklists` now tries to deduplicate entries
clobbered by wildcard rules. Thanks to `Huhni`!
- `generate-domains-blacklists` can now directly write lists to a
file with the `-o` command-line option.
- cache files are now downloaded as the user the daemon will be running
as. This fixes permission issues at startup time.
- Forwarded queries are now subject to global timeouts, and can be
forced to use TCP.
- The `ct` parameter has been removed from DoH queries, as Google doesn't
require it any more.
- Service installation is now supported on FreeBSD.
- When stored into a file, service logs now only contain data from the most
recent launch. This can be changed with the new `log_file_latest` option.
1.18.75
api-change:servicediscovery: Update servicediscovery command to latest version
api-change🛡️ Update shield command to latest version
1.18.74
api-change:apigateway: Update apigateway command to latest version
api-change:elasticbeanstalk: Update elasticbeanstalk command to latest version
api-change:cloudfront: Update cloudfront command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version
api-change:personalize-runtime: Update personalize-runtime command to latest version
api-change:sagemaker-runtime: Update sagemaker-runtime command to latest version
api-change:personalize: Update personalize command to latest version
api-change:pinpoint: Update pinpoint command to latest version
1.18.73
api-change:mediapackage-vod: Update mediapackage-vod command to latest version
api-change:meteringmarketplace: Update meteringmarketplace command to latest version
api-change:lightsail: Update lightsail command to latest version
api-change:ssm: Update ssm command to latest version
api-change:ec2: Update ec2 command to latest version
1.18.72
api-change:mediaconvert: Update mediaconvert command to latest version
api-change:iam: Update iam command to latest version
api-change:directconnect: Update directconnect command to latest version
api-change:glue: Update glue command to latest version
api-change🇪🇸 Update es command to latest version
api-change:elasticache: Update elasticache command to latest version
1.18.71
api-change:guardduty: Update guardduty command to latest version
1.18.70
api-change:sagemaker: Update sagemaker command to latest version
api-change:emr: Update emr command to latest version
api-change:fsx: Update fsx command to latest version
api-change:worklink: Update worklink command to latest version
api-change:kms: Update kms command to latest version
api-change:athena: Update athena command to latest version
1.18.69
api-change:workmail: Update workmail command to latest version
api-change:kafka: Update kafka command to latest version
api-change:marketplace-catalog: Update marketplace-catalog command to latest version
api-change:qldb-session: Update qldb-session command to latest version
1.18.68
api-change:guardduty: Update guardduty command to latest version
api-change:elbv2: Update elbv2 command to latest version
1.13.25
api-change🛡️ [botocore] Update shield client to latest version
api-change:servicediscovery: [botocore] Update servicediscovery client to latest version
1.13.24
api-change:cloudfront: [botocore] Update cloudfront client to latest version
api-change:pinpoint: [botocore] Update pinpoint client to latest version
api-change:personalize-runtime: [botocore] Update personalize-runtime client to latest version
api-change:sagemaker-runtime: [botocore] Update sagemaker-runtime client to latest version
api-change:elasticbeanstalk: [botocore] Update elasticbeanstalk client to latest version
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
api-change:apigateway: [botocore] Update apigateway client to latest version
api-change:personalize: [botocore] Update personalize client to latest version
1.13.23
api-change:ssm: [botocore] Update ssm client to latest version
api-change:lightsail: [botocore] Update lightsail client to latest version
api-change:meteringmarketplace: [botocore] Update meteringmarketplace client to latest version
api-change:mediapackage-vod: [botocore] Update mediapackage-vod client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.13.22
api-change:elasticache: [botocore] Update elasticache client to latest version
api-change:iam: [botocore] Update iam client to latest version
api-change:directconnect: [botocore] Update directconnect client to latest version
api-change🇪🇸 [botocore] Update es client to latest version
api-change:glue: [botocore] Update glue client to latest version
api-change:mediaconvert: [botocore] Update mediaconvert client to latest version
1.13.21
api-change:guardduty: [botocore] Update guardduty client to latest version
1.13.20
api-change:fsx: [botocore] Update fsx client to latest version
api-change:kms: [botocore] Update kms client to latest version
api-change:sagemaker: [botocore] Update sagemaker client to latest version
api-change:athena: [botocore] Update athena client to latest version
api-change:worklink: [botocore] Update worklink client to latest version
api-change:emr: [botocore] Update emr client to latest version
1.13.19
api-change:marketplace-catalog: [botocore] Update marketplace-catalog client to latest version
api-change:kafka: [botocore] Update kafka client to latest version
api-change:qldb-session: [botocore] Update qldb-session client to latest version
api-change:workmail: [botocore] Update workmail client to latest version
1.13.18
api-change:guardduty: [botocore] Update guardduty client to latest version
api-change:elbv2: [botocore] Update elbv2 client to latest version
1.16.25
api-change🛡️ Update shield client to latest version
api-change:servicediscovery: Update servicediscovery client to latest version
1.16.24
api-change:cloudfront: Update cloudfront client to latest version
api-change:pinpoint: Update pinpoint client to latest version
api-change:personalize-runtime: Update personalize-runtime client to latest version
api-change:sagemaker-runtime: Update sagemaker-runtime client to latest version
api-change:elasticbeanstalk: Update elasticbeanstalk client to latest version
api-change:servicecatalog: Update servicecatalog client to latest version
api-change:apigateway: Update apigateway client to latest version
api-change:personalize: Update personalize client to latest version
1.16.23
api-change:ssm: Update ssm client to latest version
api-change:lightsail: Update lightsail client to latest version
api-change:meteringmarketplace: Update meteringmarketplace client to latest version
api-change:mediapackage-vod: Update mediapackage-vod client to latest version
api-change:ec2: Update ec2 client to latest version
1.16.22
api-change:elasticache: Update elasticache client to latest version
api-change:iam: Update iam client to latest version
api-change:directconnect: Update directconnect client to latest version
api-change🇪🇸 Update es client to latest version
api-change:glue: Update glue client to latest version
api-change:mediaconvert: Update mediaconvert client to latest version
1.16.21
api-change:guardduty: Update guardduty client to latest version
1.16.20
api-change:fsx: Update fsx client to latest version
api-change:kms: Update kms client to latest version
api-change:sagemaker: Update sagemaker client to latest version
api-change:athena: Update athena client to latest version
api-change:worklink: Update worklink client to latest version
api-change:emr: Update emr client to latest version
1.16.19
api-change:marketplace-catalog: Update marketplace-catalog client to latest version
api-change:kafka: Update kafka client to latest version
api-change:qldb-session: Update qldb-session client to latest version
api-change:workmail: Update workmail client to latest version
1.16.18
api-change:guardduty: Update guardduty client to latest version
api-change:elbv2: Update elbv2 client to latest version
v3.3.24
Fixed create and update operations for GoDaddy if CAA records are present
v3.3.23
Add initial support for UltraDNS provider Signed-off-by
remove hetzner special handling from dehydrated.default.sh as it's not supported anymore
2.1.6
- Revert "BUG/MEDIUM: connections: force connections cleanup on server changes"
- SCRIPTS: publish-release: pass -n to gzip to remove timestamp
- BUG/MINOR: peers: fix internal/network key type mapping.
- BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua action
- BUG/MEDIUM: http-htx: Duplicate error messages as raw data instead of string
- BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del operations
- BUG/MEDIUM: contrib/prometheus-exporter: Properly set flags to dump metrics
- BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
- BUG/MINOR: init: -x can have a parameter starting with a dash
- BUG/MINOR: init: -S can have a parameter starting with a dash
- BUG/MEDIUM: mworker: fix the reload with an -- option
- BUG/MINOR: ssl: fix a trash buffer leak in some error cases
- BUG/MINOR: mworker: fix a memleak when execvp() failed
2.1.5
- BUG/MINOR: protocol_buffer: Wrong maximum shifting.
- MINOR: ssl: improve the errors when a crt can't be open
- BUG/MINOR: ssl/cli: memory leak in 'set ssl cert'
- BUG/MINOR: ssl: memleak of the struct cert_key_and_chain
- BUG/MINOR: connection: always send address-less LOCAL PROXY connections
- BUG/MINOR: peers: Incomplete peers sections should be validated.
- DOC: hashing: update link to hashing functions
- MINOR: version: Show uname output in display_version()
- DOC: Improve documentation on http-request set-src
- BUG/MINOR: ssl: default settings for ssl server options are not used
- BUG/MEDIUM: http-ana: Handle NTLM messages correctly.
- BUG/MINOR: tools: fix the i386 version of the div64_32 function
- BUG/MINOR: http: make url_decode() optionally convert '+' to SP
- DOC: option logasap does not depend on mode
- MEDIUM: memory: make pool_gc() run under thread isolation
- MINOR: contrib: make the peers wireshark dissector a plugin
- BUG/MINOR: check: Update server address and port to execute an external check
- MINOR: checks: Add a way to send custom headers and payload during http chekcs
- BUG/MINOR: checks: Respect the no-check-ssl option
- BUG/MEDIUM: server/checks: Init server check during config validity check
- BUG/MINOR: checks: chained expect will not properly wait for enough data
- BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function
- BUG/MINOR: mux-fcgi: Be sure to have a connection as session's origin to use it
- BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream
- BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream
- BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam
- BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam
- BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream
- BUG/MEDIUM: listener: mark the thread as not stuck inside the loop
- MINOR: threads: export the POSIX thread ID in panic dumps
- BUG/MINOR: debug: properly use long long instead of long for the thread ID
- BUG/MEDIUM: shctx: really check the lock's value while waiting
- BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock
- MINOR: stream: report the list of active filters on stream crashes
- MINOR: haproxy: export run_poll_loop
- MINOR: tools: add new function dump_addr_and_bytes()
- MINOR: tools: add resolve_sym_name() to resolve function pointers
- MINOR: debug: use resolve_sym_name() to dump task handlers
- MINOR: cli: make "show fd" rely on resolve_sym_name()
- MEDIUM: debug: add support for dumping backtraces of stuck threads
- MINOR: debug: call backtrace() once upon startup
- BUILD: Makefile: include librt before libpthread
- MINOR: wdt: do not depend on USE_THREAD
- MINOR: debug: report the number of entries in the backtrace
- MINOR: debug: improve backtrace() on aarch64 and possibly other systems
- MINOR: debug: use our own backtrace function on clang+x86_64
- MINOR: debug: dump the whole trace if we can't spot the starting point
- BUILD: tools: unbreak resolve_sym_name() on non-GNU platforms
- BUILD: tools: rely on __ELF__ not USE_DL to enable use of dladdr()
- BUILD: Makefile: add linux-musl to TARGET
- REGTEST: ssl: test the client certificate authentication
- REGTEST: http-rules: Require PCRE or PCRE2 option to run map_redirect script
- Revert "BUG/MINOR: connection: always send address-less LOCAL PROXY connections"
- Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections"
- BUG/MINOR: checks/server: use_ssl member must be signed
- BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks
- BUG/MINOR: checks: Remove a warning about http health checks
- BUG/MEDIUM: mux_fcgi: Free the FCGI connection at the end of fcgi_release()
- BUG/MEDIUM: mux-fcgi: Fix wrong test on FCGI_CF_KEEP_CONN in fcgi_detach()
- BUG/MEDIUM: connections: force connections cleanup on server changes
- BUG/MEDIUM: h1: Don't compare host and authority if only h1 headers are parsed
- BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id()
- CLEANUP: connections: align function declaration
- BUG/MINOR: sample: Set the correct type when a binary is converted to a string
- BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS()
- BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}()
- BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT
- BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur
- BUG/MINOR: http-ana: fix NTLM response parsing again
- BUG/MEDIUM: http_ana: make the detection of NTLM variants safer
- BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered
- BUG/MINOR: pools: use %u not %d to report pool stats in "show pools"
- BUG/MINOR: pollers: remove uneeded free in global init
- BUG/MINOR: soft-stop: always wake up waiting threads on stopping
- BUILD: select: only declare existing local labels to appease clang
- BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry.
- BUG/MEDIUM: stream: Only allow L7 retries when using HTTP.
- BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt()
- BUG/MAJOR: mux-fcgi: Stop sending loop if FCGI stream is blocked for any reason
- BUG/MEDIUM: ring: write-lock the ring while attaching/detaching
- BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified
- BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable
- DOC: retry-on can only be used with mode http
- DOC/MINOR: halog: Add long help info for ic flag
- DOC: SPOE is no longer experimental
- BUG/MINOR: logs: prevent double line returns in some events.
- REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used
- BUG/MEDIUM: logs: fix trailing zeros on log message.
- BUG/MINOR: lua: Add missing string length for lua sticktable lookup
- BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf
Changes since 4.2.1:
* Released:
- 9th of April 2020
* New Features:
- api: add includerings option to statistics endpoint
* Improvements:
- cache: strictly enforce maximum size, and improve cleanup routine
* Bug Fixes:
- fix records ending up in wrong packet section
- avoid IXFR-in corruption when deltas come in close together.
Please see the IXFR-in corruption upgrade notes
- fix out-of-bound access for zero length "serialized" string when
using lmdbbackend.
- bind backend: pthread_mutex_t should be inited and destroyed and not be copied
* Reference:
- https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.2.2
Update ruby-recog to 2.3.8.
2.3.8 (2020-06-03)
Highlights:
* MariaDB and MySQL fingerprint improvements (#264, #267)
* Multiple fingerprint and consistency improvements by HD Moore (#260, #266)
* Kyocera Printer fingerprint improvements (#262)
5.67
Unbreak the KNSQuick::Engine::changedEntries functionality
5.68
Fix clicking thumb-only delegate
Fix scrolling on the EntryDetails page
Don't double delete CommentsModel
Cover also the qtquick plugin in the installed categories file
Use the right translation catalog to show translations
Fix the KNSQuick Dialog's close title and basic layout
5.69
Fix layout in DownloadItemsSheet
[QtQuick dialog] Port to UrlBUtton and hide when there's no URL
Switch to using Kirigami's ShadowedRectangle
Fix update scenarios with no explicit downloadlink selected
5.70
KNewStuff: Fix file path and process call
KNewStuff: port from KRun::runApplication to KIO::ApplicationLauncherJob
Replace Vokoscreen with VokoscreenNG
Introduce more user-visible error reporting for installations
Update ruby-connection_pool to 2.2.3.
2.2.3
------
- Pool now throws `ConnectionPool::TimeoutError` on timeout. [#130]
- Use monotonic clock present in all modern Rubies [Tero Tasanen, #109]
- Remove code hacks necessary for JRuby 1.7
- Expose wrapped pool from ConnectionPool::Wrapper [Thomas Lecavelier, #113]
v2.65.0
ENHANCEMENTS:
resource/aws_acm_certificate: Add status attribute
resource/aws_directory_servicedirectory: Add availability_zones attribute to vpc_settings block
resource/aws_directory_servicedirectory: Add availability_zones attribute to connect_settings block
resource/aws_directory_servicedirectory: Add plan time validation to customer_dns_ips in connect_settings block
resource/aws_ec2_client_vpn_endpoint: Add arn attribute and plan time validation to root_certificate_chain_arn (in authentication_options block), client_cidr_block, and server_certificate_arn
resource/aws_instance: Add plan time validation to volume_type(in ebs_block_device and root_block_device blocks), private_ip, ipv6_addresses, and tenancy
resource/aws_lb_listener_rule: Add support for multiple, weighted target groups in forward rules
resource/aws_lb_listener: Add support for multiple, weighted target groups in default actions
resource/aws_workspaces_ip_group: Add plan-time validation for rules.source
BUG FIXES:
resource/aws_acm_certificate: Detect AMAZON_ISSUED type validation_method value directly from API response instead of custom logic
resource/aws_acm_certificate: Increase deletion retries from 10 minutes to 20 minutes (better support API Gateway Custom Domain deletion)
resource/aws_apigatewayv2_stage: Prevent perpetual plan differences with default_route_settings.logging_level argument for HTTP APIs
resource/aws_appmesh_route: Allow configuration of spec http_route action weighted_target weight argument to be 0
resource/aws_autoscaling_group: Prevent crash with tags argument containing boolean values in Terraform 0.11 and earlier
resource/aws_dynamodb_table: Prevent multiple replica creation/deletion errors
resource/aws_instance: Prevent perpetual plan differences, forcing replacement, with ebs_block_device configuration blocks
resource/aws_kinesis_firehose_delivery_stream: Correctly set kinesis_source_configuration during import to prevent resource recreation
resource/aws_ses_configuration_set: Prevent Provider produced inconsistent result after apply errors during creation or import
resource/aws_workspaces_ip_group: Remove resource from state if deleted outside of Terraform
* Restore dumping leases from stdin
* auth: Only accept RECONFIGURE messages from LL addresses
* auth: Access the RDM monotonic counter file via privsep
* ARP: call arp_announced() when cancelling it
* BSD: fwip(4) interfaces are now ignored by default
* privsep: Ensure IPC buffers are large enough to carry messages
* privsep: Only open RAW sockets for the needed protocols
* privsep: Fix indirect ioctls returning data
* privsep: wait for processes on SIGCHLD rather than when sent a STOP cmd
* eloop: just use ppoll/pollts(2), falling back to pselect(2)
1.2.7 released
* add set_alert_fd in python binding, to supersede set_alert_notify
* fix bug in part files > 2 GiB
* add function to clear the peer list for a torrent
* fix resume data functions to save/restore more torrent flags
* limit number of concurrent HTTP announces
* fix queue position for force_rechecking a torrent that is not auto-managed
* improve rate-based choker documentation, and minor tweak
* undeprecate upnp_ignore_nonrouters (but refering to devices on our subnet)
* increase default tracker timeout
* retry failed socks5 server connections
* allow UPnP lease duration to be changed after device discovery
* fix IPv6 address change detection on Windows
Release v1.29.1
PHP
PHP: Fix include path for boringssl in windows build
Objective-C
--grpc_out: protoc-gen-grpc: Plugin killed by signal 6.
Release v1.29.0
Core
Move decompression into gRPC Core.
Introduce CFRunLoop based iomgr.
Add option for logging keepalive pings.
Clamp the receive flow control window size to ((1 << 31) - 1).
CallCredentials debug string API.
C++
Append to CMAKE_MODULE_PATH instead of replacing it.
Clean way to enable C and C++ standards in cmake.
Autogenerate build.yaml equivalent from bazel BUILD metadata (with bazel query xml).
This code was very complicated and easily broke, for example when termcap is
builtin but curses is not, resulting in circular dependencies.
Such core packages should default to a safe set of build options, unless they
can be reliably added to PKG_SUGGESTED_OPTIONS, to avoid a miserable first
experience for users running on older or quirky platforms.
c-ares version 1.16.1
Security:
* Prevent possible use-after-free and double-free in ares_getaddrinfo() if ares_destroy() is called prior to ares_getaddrinfo() completing. Reported by Jann Horn at Google Project Zero.
Changes:
* Allow TXT records on CHAOS qclass. Used for retriving things like version.bind, version.server, authoris.bind, hostname.bind, and id.server.
Bug fixes:
* Fix Windows Unicode incompatibilities with ares_getaddrinfo()
* Silence false cast-align compiler warnings due to valid casts of struct sockaddr to struct sockaddr_in and struct sockaddr_in6.
* MacOS should use libresolv for retrieving DNS servers, like iOS
* CMake build system should populate the INCLUDE_DIRECTORIES property of installed targets
* Correct macros in use for the ares_getaddrinfo.3 man page
There was build problem after pkg-config was aded to USE_TOOLS if
PKG_DEVELOPER is enabled, causing WRKDIR reference.
Fix method is dirty (or quick) hack.
There was build problem after pkg-config was aded to USE_TOOLS if
PKG_DEVELOPER is enabled, causing WRKDIR reference.
Fix method is dirty (or quick) hack.
The null provider is a rather-unusual provider that has constructs that
intentionally do nothing. This may sound strange, and indeed these constructs
do not need to be used in most cases, but they can be useful in various
situations to help orchestrate tricky behavior or work around limitations.
v2.64.0
ENHANCEMENTS:
data-source/aws_directory_service_directory: connect_settings connect_ips attribute now set
resource/aws_directory_service_directory: connect_settings connect_ips attribute now set
resource/aws_iot_topic_rule: Add step_functions configuration block
resource/aws_ses_event_destination: Support resource import
BUG FIXES:
data-source/aws_elasticsearch_domain: processing is now correctly set
resource/aws_acm_certificate: Update pending DNS validation record creation time from 1 minute to 5 minutes (better support for certificates with high amount of Subject Alternative Names)
resource/aws_api_gateway_method_settings: settings now properly set
resource/aws_autoscaling_group: Ignore ordering differences for tags argument (prevent unexpected differences from version 2.63.0)
resource/aws_codebuild_project: Enable drift detection for environment_variable argument
resource/aws_codebuild_project: Prevent inconsistent final plan errors with source configuration block
resource/aws_ecs_task_definition: Ensure efs_volume_configuration changes are properly detected
resource/aws_lb_cookie_stickiness_policy: cookie_expiration_policy now properly set
resource/aws_lightsail_instance: ram_size now properly set
resource/aws_load_balancer_backend_server_policy: instance_port now properly set
resource/aws_load_balancer_listener_policy: load_balancer_port now properly set
resource/aws_opsworks_application: environment secure now properly set
resource/aws_security_group_rule: Correctly set description after state refresh when source_security_group_id refers to a security group across accounts
resource/aws_ses_active_receipt_rule_set: Recreate resource when destroyed outside of Terraform
resource/aws_ses_event_destination: Correctly refresh entire resource state (prevent unexpected differences from version 2.63.0 and properly perform drift detection)
resource/aws_ses_receipt_rule: Recreate resource when destroyed outside of Terraform
resource/aws_sns_topic: Attributes of type schema.TypeInt are now correctly set
v0.12.26
ENHANCEMENTS:
backend/remote: Can now accept -target options when creating a plan using remote operations, if supported by the target server. (Server-side support for this in Terraform Cloud and Terraform Enterprise will follow in forthcoming releases of each.)
cli: A special new lifecycle mode for provider plugins where they are assumed to be controlled by an external process outside of Terraform. This is for automated provider plugin testing only, and is not an end-user feature.
pkgsrc changes:
- Update patches due file renames
Changes:
1.52.0
------
Special thanks to Martin Michlmayr for proof reading and correcting all
the docs and Edward Barker for helping re-write the front page.
* New backends
* Tardigrade backend for use with storj.io (Caleb Case)
* Union re-write to have multiple writable remotes (Max Sum)
* Seafile for Seafile server (Fred @creativeprojects)
* New commands
* backend: command for backend specific commands (see backends)
(Nick Craig-Wood)
* cachestats: Deprecate in favour of `rclone backend stats cache:`
(Nick Craig-Wood)
* dbhashsum: Deprecate in favour of `rclone hashsum DropboxHash` (Nick Craig-Wood)
* New Features
* Add `--header-download` and `--header-upload` flags for setting
HTTP headers when uploading/downloading (Tim Gallant)
* Add `--header` flag to add HTTP headers to every HTTP transaction
(Nick Craig-Wood)
* Add `--check-first` to do all checking before starting transfers
(Nick Craig-Wood)
* Add `--track-renames-strategy` for configurable matching criteria for
`--track-renames` (Bernd Schoolmann)
* Add `--cutoff-mode` hard,soft,catious (Shing Kit Chan & Franklyn Tackitt)
* Filter flags (eg `--files-from -`) can read from stdin (fishbullet)
* Add `--error-on-no-transfer` option (Jon Fautley)
* Implement `--order-by xxx,mixed` for copying some small and some big
files (Nick Craig-Wood)
* Allow `--max-backlog` to be negative meaning as large as possible
(Nick Craig-Wood)
* Added `--no-unicode-normalization` flag to allow Unicode filenames to
remain unique (Ben Zenker)
* Allow `--min-age`/`--max-age` to take a date as well as a duration
(Nick Craig-Wood)
* Add rename statistics for file and directory renames (Nick Craig-Wood)
* Add statistics output to JSON log (reddi)
* Make stats be printed on non-zero exit code (Nick Craig-Wood)
* When running `--password-command` allow use of stdin (Sébastien Gross)
* Stop empty strings being a valid remote path (Nick Craig-Wood)
* accounting: support WriterTo for less memory copying (Nick Craig-Wood)
* build
* Update to use go1.14 for the build (Nick Craig-Wood)
* Add `-trimpath` to release build for reproduceable builds
(Nick Craig-Wood)
* Remove GOOS and GOARCH from Dockerfile (Brandon Philips)
* config
* Fsync the config file after writing to save more reliably
(Nick Craig-Wood)
* Add `--obscure` and `--no-obscure` flags to `config create`/`update`
(Nick Craig-Wood)
* Make `config show` take `remote:` as well as `remote` (Nick Craig-Wood)
* copyurl: Add `--no-clobber` flag (Denis)
* delete: Added `--rmdirs` flag to delete directories as well (Kush)
* filter: Added `--files-from-raw` flag (Ankur Gupta)
* genautocomplete: Add support for fish shell (Matan Rosenberg)
* log: Add support for syslog LOCAL facilities (Patryk Jakuszew)
* lsjson: Add `--hash-type` parameter and use it in lsf to speed up
hashing (Nick Craig-Wood)
* rc
* Add `-o`/`--opt` and `-a`/`--arg` for more structured input
(Nick Craig-Wood)
* Implement `backend/command` for running backend specific commands
remotely (Nick Craig-Wood)
* Add `mount/mount` command for starting `rclone mount` via the
API (Chaitanya)
* rcd: Add Prometheus metrics support (Gary Kim)
* serve http
* Added a `--template` flag for user defined markup (calistri)
* Add Last-Modified headers to files and directories (Nick Craig-Wood)
* serve sftp: Add support for multiple host keys by repeating `--key` flag
(Maxime Suret)
* touch: Add `--localtime` flag to make `--timestamp` localtime not UTC
(Nick Craig-Wood)
* Bug Fixes
* accounting
* Restore "Max number of stats groups reached" log line (Michał Matczuk)
* Correct exitcode on Transfer Limit Exceeded flag. (Anuar Serdaliyev)
* Reset bytes read during copy retry (Ankur Gupta)
* Fix race clearing stats (Nick Craig-Wood)
* copy: Only create empty directories when they don't exist on the remote
(Ishuah Kariuki)
* dedupe: Stop dedupe deleting files with identical IDs (Nick Craig-Wood)
* oauth
* Use custom http client so that `--no-check-certificate` is honored by
oauth token fetch (Mark Spieth)
* Replace deprecated oauth2.NoContext (Lars Lehtonen)
* operations
* Fix setting the timestamp on Windows for multithread copy
(Nick Craig-Wood)
* Make rcat obey `--ignore-checksum` (Nick Craig-Wood)
* Make `--max-transfer` more accurate (Nick Craig-Wood)
* rc
* Fix dropped error (Lars Lehtonen)
* Fix misplaced http server config (Xiaoxing Ye)
* Disable duplicate log (ElonH)
* serve dlna
* Cds: don't specify childCount at all when unknown (Dan Walters)
* Cds: use modification time as date in dlna metadata (Dan Walters)
* serve restic: Fix tests after restic project removed vendoring
(Nick Craig-Wood)
* sync
* Fix incorrect "nothing to transfer" message using `--delete-before`
(Nick Craig-Wood)
* Only create empty directories when they don't exist on the remote
(Ishuah Kariuki)
* Mount
* Add `--async-read` flag to disable asynchronous reads (Nick Craig-Wood)
* Ignore `--allow-root` flag with a warning as it has been removed upstream
(Nick Craig-Wood)
* Warn if `--allow-non-empty` used on Windows and clarify docs
(Nick Craig-Wood)
* Constrain to go1.13 or above otherwise bazil.org/fuse fails to compile
(Nick Craig-Wood)
* Fix fail because of too long volume name (evileye)
* Report 1PB free for unknown disk sizes (Nick Craig-Wood)
* Map more rclone errors into file systems errors (Nick Craig-Wood)
* Fix disappearing cwd problem (Nick Craig-Wood)
* Use ReaddirPlus on Windows to improve directory listing performance (Nick Craig-Wood)
* Send a hint as to whether the filesystem is case insensitive or not (Nick Craig-Wood)
* Add rc command `mount/types` (Nick Craig-Wood)
* Change maximum leaf name length to 1024 bytes (Nick Craig-Wood)
* VFS
* Add `--vfs-read-wait` and `--vfs-write-wait` flags to control time
waiting for a sequential read/write (Nick Craig-Wood)
* Change default `--vfs-read-wait` to 20ms (it was 5ms and not configurable)
(Nick Craig-Wood)
* Make `df` output more consistent on a rclone mount. (Yves G)
* Report 1PB free for unknown disk sizes (Nick Craig-Wood)
* Fix race condition caused by unlocked reading of Dir.path (Nick Craig-Wood)
* Make File lock and Dir lock not overlap to avoid deadlock (Nick Craig-Wood)
* Implement lock ordering between File and Dir to eliminate deadlocks
(Nick Craig-Wood)
* Factor the vfs cache into its own package (Nick Craig-Wood)
* Pin the Fs in use in the Fs cache (Nick Craig-Wood)
* Add SetSys() methods to Node to allow caching stuff on a node
(Nick Craig-Wood)
* Ignore file not found errors from Hash in Read.Release (Nick Craig-Wood)
* Fix hang in read wait code (Nick Craig-Wood)
* Local
* Speed up multi thread downloads by using sparse files on Windows
(Nick Craig-Wood)
* Implement `--local-no-sparse` flag for disabling sparse files
(Nick Craig-Wood)
* Implement `rclone backend noop` for testing purposes (Nick Craig-Wood)
* Fix "file not found" errors on post transfer Hash calculation
(Nick Craig-Wood)
* Cache
* Implement `rclone backend stats` command (Nick Craig-Wood)
* Fix Server Side Copy with Temp Upload (Brandon McNama)
* Remove Unused Functions (Lars Lehtonen)
* Disable race tests until bbolt is fixed (Nick Craig-Wood)
* Move methods used for testing into test file (greatroar)
* Add Pin and Unpin and canonicalised lookup (Nick Craig-Wood)
* Use proper import path go.etcd.io/bbolt (Robert-André Mauchin)
* Crypt
* Calculate hashes for uploads from local disk (Nick Craig-Wood)
* This allows crypted Jottacloud uploads without using local disk
* This means crypted s3/b2 uploads will now have hashes
* Added `rclone backend decode`/`encode` commands to replicate functionality
of `cryptdecode` (Anagh Kumar Baranwal)
* Get rid of the unused Cipher interface as it obfuscated the code
(Nick Craig-Wood)
* Azure Blob
* Implement streaming of unknown sized files so `rcat` is now supported
(Nick Craig-Wood)
* Implement memory pooling to control memory use (Nick Craig-Wood)
* Add `--azureblob-disable-checksum` flag (Nick Craig-Wood)
* Retry `InvalidBlobOrBlock` error as it may indicate block concurrency
problems (Nick Craig-Wood)
* Remove unused `Object.parseTimeString()` (Lars Lehtonen)
* Fix permission error on SAS URL limited to container (Nick Craig-Wood)
* B2
* Add support for `--header-upload` and `--header-download` (Tim Gallant)
* Ignore directory markers at the root also (Nick Craig-Wood)
* Force the case of the SHA1 to lowercase (Nick Craig-Wood)
* Remove unused `largeUpload.clearUploadURL()` (Lars Lehtonen)
* Box
* Add support for `--header-upload` and `--header-download` (Tim Gallant)
* Implement About to read size used (Nick Craig-Wood)
* Add token renew function for jwt auth (David Bramwell)
* Added support for interchangeable root folder for Box backend (Sunil Patra)
* Remove unnecessary iat from jws claims (David)
* Drive
* Follow shortcuts by default, skip with `--drive-skip-shortcuts`
(Nick Craig-Wood)
* Implement `rclone backend shortcut` command for creating shortcuts
(Nick Craig-Wood)
* Added `rclone backend` command to change `service_account_file` and
`chunk_size` (Anagh Kumar Baranwal)
* Fix missing files when using `--fast-list` and `--drive-shared-with-me`
(Nick Craig-Wood)
* Fix duplicate items when using `--drive-shared-with-me` (Nick Craig-Wood)
* Extend `--drive-stop-on-upload-limit` to respond to
`teamDriveFileLimitExceeded`. (harry)
* Don't delete files with multiple parents to avoid data loss
(Nick Craig-Wood)
* Server side copy docs use default description if empty (Nick Craig-Wood)
* Dropbox
* Make error insufficient space to be fatal (harry)
* Add info about required redirect url (Elan Ruusamäe)
* Fichier
* Add support for `--header-upload` and `--header-download` (Tim Gallant)
* Implement custom pacer to deal with the new rate limiting (buengese)
* FTP
* Fix lockup when using concurrency limit on failed connections
(Nick Craig-Wood)
* Fix lockup on failed upload when using concurrency limit (Nick Craig-Wood)
* Fix lockup on Close failures when using concurrency limit (Nick Craig-Wood)
* Work around pureftp sending spurious 150 messages (Nick Craig-Wood)
* Google Cloud Storage
* Add support for `--header-upload` and `--header-download` (Nick Craig-Wood)
* Add `ARCHIVE` storage class to help (Adam Stroud)
* Ignore directory markers at the root (Nick Craig-Wood)
* Googlephotos
* Make the start year configurable (Daven)
* Add support for `--header-upload` and `--header-download` (Tim Gallant)
* Create feature/favorites directory (Brandon Philips)
* Fix "concurrent map write" error (Nick Craig-Wood)
* Don't put an image in error message (Nick Craig-Wood)
* HTTP
* Improved directory listing with new template from Caddy project (calisro)
* Jottacloud
* Implement `--jottacloud-trashed-only` (buengese)
* Add support for `--header-upload` and `--header-download` (Tim Gallant)
* Use `RawURLEncoding` when decoding base64 encoded login token (buengese)
* Implement cleanup (buengese)
* Update docs regarding cleanup, removed remains from old auth, and added
warning about special mountpoints. (albertony)
* Mailru
* Describe 2FA requirements (valery1707)
* Onedrive
* Implement `--onedrive-server-side-across-configs` (Nick Craig-Wood)
* Add support for `--header-upload` and `--header-download` (Tim Gallant)
* Fix occasional 416 errors on multipart uploads (Nick Craig-Wood)
* Added maximum chunk size limit warning in the docs (Harry)
* Fix missing drive on config (Nick Craig-Wood)
* Make error `quotaLimitReached` to be fatal (harry)
* Opendrive
* Add support for `--header-upload` and `--header-download` (Tim Gallant)
* Pcloud
* Added support for interchangeable root folder for pCloud backend
(Sunil Patra)
* Add support for `--header-upload` and `--header-download` (Tim Gallant)
* Fix initial config "Auth state doesn't match" message (Nick Craig-Wood)
* Premiumizeme
* Add support for `--header-upload` and `--header-download` (Tim Gallant)
* Prune unused functions (Lars Lehtonen)
* Putio
* Add support for `--header-upload` and `--header-download` (Nick Craig-Wood)
* Make downloading files use the rclone http Client (Nick Craig-Wood)
* Fix parsing of remotes with leading and trailing / (Nick Craig-Wood)
* Qingstor
* Make `rclone cleanup` remove pending multipart uploads older than 24h
(Nick Craig-Wood)
* Try harder to cancel failed multipart uploads (Nick Craig-Wood)
* Prune `multiUploader.list()` (Lars Lehtonen)
* Lint fix (Lars Lehtonen)
* S3
* Add support for `--header-upload` and `--header-download` (Tim Gallant)
* Use memory pool for buffer allocations (Maciej Zimnoch)
* Add SSE-C support for AWS, Ceph, and MinIO (Jack Anderson)
* Fail fast multipart upload (Michał Matczuk)
* Report errors on bucket creation (mkdir) correctly (Nick Craig-Wood)
* Specify that Minio supports URL encoding in listings (Nick Craig-Wood)
* Added 500 as retryErrorCode (Michał Matczuk)
* Use `--low-level-retries` as the number of SDK retries
(Aleksandar Janković)
* Fix multipart abort context (Aleksandar Jankovic)
* Replace deprecated `session.New()` with `session.NewSession()`
(Lars Lehtonen)
* Use the provided size parameter when allocating a new memory pool
(Joachim Brandon LeBlanc)
* Use rclone's low level retries instead of AWS SDK to fix listing retries
(Nick Craig-Wood)
* Ignore directory markers at the root also (Nick Craig-Wood)
* Use single memory pool (Michał Matczuk)
* Do not resize buf on put to memBuf (Michał Matczuk)
* Improve docs for `--s3-disable-checksum` (Nick Craig-Wood)
* Don't leak memory or tokens in edge cases for multipart upload
(Nick Craig-Wood)
* Seafile
* Implement 2FA (Fred)
* SFTP
* Added `--sftp-pem-key` to support inline key files (calisro)
* Fix post transfer copies failing with 0 size when using
`set_modtime=false` (Nick Craig-Wood)
* Sharefile
* Add support for `--header-upload` and `--header-download` (Tim Gallant)
* Sugarsync
* Add support for `--header-upload` and `--header-download` (Tim Gallant)
* Swift
* Add support for `--header-upload` and `--header-download` (Nick Craig-Wood)
* Fix cosmetic issue in error message (Martin Michlmayr)
* Union
* Implement multiple writable remotes (Max Sum)
* Fix server-side copy (Max Sum)
* Implement ListR (Max Sum)
* Enable ListR when upstreams contain local (Max Sum)
* WebDAV
* Add support for `--header-upload` and `--header-download` (Tim Gallant)
* Fix `X-OC-Mtime` header for Transip compatibility (Nick Craig-Wood)
* Report full and consistent usage with `about` (Yves G)
* Yandex
* Add support for `--header-upload` and `--header-download` (Tim Gallant)
Changelog:
Monday, May 25, 2020
Bugfixes:
Old ZSK can be withdrawn too early during a ZSK rollover if maximum zone TTL is computed automatically
Server responds SERVFAIL to ANY queries on empty non-terminal nodes
Improvements:
Also module onlinesign returns minimized responses to ANY queries
Linking against libcap-ng can be disabled via a configure option
1.18.67
api-change:quicksight: Update quicksight command to latest version
api-change:macie: Update macie command to latest version
api-change:elasticache: Update elasticache command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:dlm: Update dlm command to latest version
api-change:ssm: Update ssm command to latest version
1.18.66
api-change:iotsitewise: Update iotsitewise command to latest version
api-change:autoscaling: Update autoscaling command to latest version
1.18.65
api-change:codebuild: Update codebuild command to latest version
api-change:s3: Update s3 command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:synthetics: Update synthetics command to latest version
1.18.64
api-change:codedeploy: Update codedeploy command to latest version
api-change:securityhub: Update securityhub command to latest version
api-change:chime: Update chime command to latest version
api-change:medialive: Update medialive command to latest version
api-change:backup: Update backup command to latest version
api-change:application-autoscaling: Update application-autoscaling command to latest version
api-change:appmesh: Update appmesh command to latest version
1.18.63
api-change:health: Update health command to latest version
bugfix:s3: Mute warnings for not restored glacier deep archive objects if --ignore-glacier-warnings option enabled. Fixes#4039
api-change:transcribe: Update transcribe command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:chime: Update chime command to latest version
1.18.62
api-change:qldb: Update qldb command to latest version
api-change:ecs: Update ecs command to latest version
api-change:dynamodb: Update dynamodb command to latest version
api-change:macie2: Update macie2 command to latest version
api-change:chime: Update chime command to latest version
api-change:ec2: Update ec2 command to latest version
1.18.61
api-change:ecr: Update ecr command to latest version
api-change:glue: Update glue command to latest version
api-change:cloudformation: Update cloudformation command to latest version
api-change:sts: Update sts command to latest version
1.18.60
api-change:imagebuilder: Update imagebuilder command to latest version
api-change:ec2: Update ec2 command to latest version
1.18.59
api-change:elasticache: Update elasticache command to latest version
api-change:macie2: Update macie2 command to latest version
1.18.58
api-change:iotsitewise: Update iotsitewise command to latest version
api-change:workmail: Update workmail command to latest version
1.13.17
api-change:elasticache: [botocore] Update elasticache client to latest version
api-change:dlm: [botocore] Update dlm client to latest version
api-change:quicksight: [botocore] Update quicksight client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:macie: [botocore] Update macie client to latest version
1.13.16
api-change:autoscaling: [botocore] Update autoscaling client to latest version
api-change:iotsitewise: [botocore] Update iotsitewise client to latest version
1.13.15
api-change:synthetics: [botocore] Update synthetics client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:s3: [botocore] Update s3 client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.13.14
api-change:backup: [botocore] Update backup client to latest version
api-change:codedeploy: [botocore] Update codedeploy client to latest version
api-change:securityhub: [botocore] Update securityhub client to latest version
api-change:chime: [botocore] Update chime client to latest version
api-change:medialive: [botocore] Update medialive client to latest version
api-change:application-autoscaling: [botocore] Update application-autoscaling client to latest version
api-change:appmesh: [botocore] Update appmesh client to latest version
1.13.13
api-change:transcribe: [botocore] Update transcribe client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:health: [botocore] Update health client to latest version
api-change:chime: [botocore] Update chime client to latest version
1.13.12
api-change:chime: [botocore] Update chime client to latest version
api-change:qldb: [botocore] Update qldb client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:ecs: [botocore] Update ecs client to latest version
api-change:dynamodb: [botocore] Update dynamodb client to latest version
api-change:macie2: [botocore] Update macie2 client to latest version
1.13.11
api-change:sts: [botocore] Update sts client to latest version
api-change:ecr: [botocore] Update ecr client to latest version
api-change:glue: [botocore] Update glue client to latest version
api-change:cloudformation: [botocore] Update cloudformation client to latest version
1.13.10
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:imagebuilder: [botocore] Update imagebuilder client to latest version
1.13.9
api-change:elasticache: [botocore] Update elasticache client to latest version
api-change:macie2: [botocore] Update macie2 client to latest version
1.13.8
api-change:workmail: [botocore] Update workmail client to latest version
api-change:iotsitewise: [botocore] Update iotsitewise client to latest version
enchancement:Endpoints: [botocore] Improved endpoint resolution for clients with unknown regions
1.16.17
api-change:elasticache: Update elasticache client to latest version
api-change:dlm: Update dlm client to latest version
api-change:quicksight: Update quicksight client to latest version
api-change:ssm: Update ssm client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:macie: Update macie client to latest version
1.16.16
api-change:autoscaling: Update autoscaling client to latest version
api-change:iotsitewise: Update iotsitewise client to latest version
1.16.15
api-change:synthetics: Update synthetics client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:s3: Update s3 client to latest version
api-change:ec2: Update ec2 client to latest version
1.16.14
api-change:backup: Update backup client to latest version
api-change:codedeploy: Update codedeploy client to latest version
api-change:securityhub: Update securityhub client to latest version
api-change:chime: Update chime client to latest version
api-change:medialive: Update medialive client to latest version
api-change:application-autoscaling: Update application-autoscaling client to latest version
api-change:appmesh: Update appmesh client to latest version
1.16.13
api-change:transcribe: Update transcribe client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:health: Update health client to latest version
api-change:chime: Update chime client to latest version
1.16.12
api-change:chime: Update chime client to latest version
api-change:qldb: Update qldb client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:ecs: Update ecs client to latest version
api-change:dynamodb: Update dynamodb client to latest version
api-change:macie2: Update macie2 client to latest version
1.16.11
api-change:sts: Update sts client to latest version
api-change:ecr: Update ecr client to latest version
api-change:glue: Update glue client to latest version
api-change:cloudformation: Update cloudformation client to latest version
1.16.10
api-change:ec2: Update ec2 client to latest version
api-change:imagebuilder: Update imagebuilder client to latest version
1.16.9
api-change:elasticache: Update elasticache client to latest version
api-change:macie2: Update macie2 client to latest version
1.16.8
api-change:workmail: Update workmail client to latest version
api-change:iotsitewise: Update iotsitewise client to latest version
enchancement:Endpoints: Improved endpoint resolution for clients with unknown regions
This had a SUBST block to fix /usr/share to ${PREFIX}/share. It was
doing this to files where the pattern didn't match, and also missed
fixin up /usr/bin. Split into a bin and a share SUBST, and loosen the
regexp (specifically, to match /syncthing rather than just
/syncthing-gtk). Tested to basically work on NetBSD 8. Desktop files
etc. appear much better than before.
(Found by newish SUBST noop check.)
0.26.3
Improved readability of logged incoming data.
Threads are given unique names now to aid debugging.
Fixed a regression where get_service_info() called within a listener add_service method would deadlock, timeout and incorrectly return None.
This module allows you to perform IP subnet calculations, there is support for
both IPv4 and IPv6 CIDR notation.
This is required by dane(1) from security/sshfp.
dnspython is a DNS toolkit for Python. It supports almost all record types. It
can be used for queries, zone transfers, and dynamic updates. It supports TSIG
authenticated messages and EDNS0.
dnspython provides both high and low level access to DNS. The high level
classes perform queries for data of a given name, type, and class, and return
an answer set. The low level classes allow direct manipulation of DNS zones,
messages, names, and records.
0.8.0:
[FEATURE] Added ASGI application
[FEATURE] Add support for parsing timestamps in Prometheus exposition format.
[FEATURE] Add target_info to registries
[ENHANCEMENT] Handle empty and slashes in label values for pushgateway
[ENHANCEMENT] Various updates for latest OpenMetrics draft spec
[ENHANCEMENT] Add HELP output for auto-created metrics
[ENHANCEMENT] Use mmap.PAGESIZE constant as value for first read.
[ENHANCEMENT] Add __repr__ method to metric objects, make them debug friendly.
[ENHANCEMENT] Add observability check to metrics
[BUGFIX] Fix urlparse in python >= 3.7.6
[BUGFIX] Cleaning up name before appending unit on name
[BUGFIX] Allow for OSError on Google App Engine
ntopng 4.0:
Breakthroughs
* Plugins engine to tap into flows, hosts and other network elements
* Migration to Bootstrap 4 and Font Awesome 5 for a renewed ntopng look-and-feel with light and dark themes
* Processes and containers monitoring thanks to the eBPF integration via libebpfflow https://github.com/ntop/libebpfflow
* Active monitoring of hosts ICMP/ICMPv6/HTTP/HTTPS Round Trip Times (RTT)
New features
* X.509 client certificate authentication
* ERSPAN transparent ethernet bridging
* Webhook export module for exporting alarms
* Identifications of the hosts in broadcast domain
* Category Lists editor to manage ip/domain lists
* Handling of PEN fields from nProbe
* Added anomalous flows to the looking glass
* Visibility of ICMP port-unreachable flows IPv4
* TCP states filtering (est., connecting, closed and rst)
* Ability to serialize local hosts in the broadcast domain via MAC address
* Japanese, portugese/brazilian localization
* Added process memory, cpu load, InfluxDB, Redis status pages and charts
* Implement ntopng Plugins, self contained modules to extend the ntopng functionalities
* Implement ZMQ/Suricata companion interface
* SSL traffic analysis and alerts via JA3 fingerprint, unsafe ciphers detection
* SSH traffic analysis and alerts via HASSH fingerprint
* Host traffic profile generation via the (MUD) Manufacturer Usage Descriptor
* Experimental Prometheus timeseries export
* Introduce the System interface to manage system wide settings and status
* Read events from Suricata and generate alerts
* SNMP network topology visualization
* Automatic ntopng update check and upgrade
* Calculate host anomaly score and trigger alerts when it exceeds a threshold
* Add ability to extract timeseries data with a click
* Initial Marketplace droplet using Fabric
* Alerts on duplex status change on SNMP interface
Improvements
* View interfaces are now optimized for big networks and use less memory
* Systemd macros are now used to start/restart the ntopng services
* Handles n2disk traffic extractions from recording processes non managed by ntopng
* Interface in/out now available also for non PF_RING interfaces (read from /proc)
* Automatic InfluxDB rollup support
* MDNS discovery improvements
* Rework of the alerts engine and api for efficient engaged alerts triggering
* Faster ZMQ communication to nProbe thanks to the implementation of a binary TLV format
* Stats update for ZMQ interfaces is now based on the idle/active flows timeout
* Timeseries export improvements via queues, detect if InfluxDB is down and stop the export
* Implemented reusable Lua engine to reduce the overhead of periodic scripts
* Improve Lua error handling
* Exclude certain categories from Elephant/Long lived flows alerts
nEdge
* Ability to set up port forwarding
* Support for Ubuntu 18.04
* Fix users and other prefs deleted during nEdge data reset
* Japanese localization
* Block unsupported L3 protocols (currently only ARP and IPv4 are supported)
* DNS mapping port to avoid conflicts with system programs
Fixes
* Fixed export to mysql on shutdown in case of Pcap file in community mode
* Fixed failing SYN-scan detection
* Fixed ZMQ decompression errors with large templates
* Fixed possible XSS in login.lua referer param and `runtime.lua`
* Update geolocation due to changes in the library usage policy
* Fixes to support browsers dark mode
* Option `--zmq-encryption-key <pub key>` can be used with `-I <endpoint>` to encrypt data hi hierarchical mode
* Fixed nIndex missing data while performing some queries and throughput calculation
nDPI 3.2:
New Features
* New API calls
* Protocol detection: ndpi_is_protocol_detected
* Categories: ndpi_load_categories_file / ndpi_load_category
* JSON/TLV serialization: ndpi_serialize_string_boolean / ndpi_serialize_uint32_boolean
* Patricia tree: ndpi_load_ipv4_ptree
* Module initialization: ndpi_init_detection_module / ndpi_finalize_initalization
* Base64 encoding: ndpi_base64_encode
* JSON exprot: ndpi_flow2json
* Print protocol: ndpi_get_l4_proto_name / ndpi_get_l4_proto_info
* Libfuzz integration
* Implemented Community ID hash (API call ndpi_flowv6_flow_hash and ndpi_flowv4_flow_hash)
* Detection of RCE in HTTP GET requests via PCRE
* Integration of the libinjection library to detect SQL injections and XSS type attacks in HTTP requests
New Supported Protocols and Services
* TLS
* Added ALPN support
* Added export of supported version in TLS header
* Added Telnet dissector with metadata extraction
* Added Zabbix dissector
* Added POP3/IMAP metadata extraction
* Added FTP user/password extraction
* Added NetBIOS metadata extraction
* Added Kerberos metadata extraction
* Implemented SQL Injection and XSS attack detection
* Host-based detection improvements and changes
* Added Microsoft range
* Added twitch.tv website
* Added brasilbandalarga.com.br and .eaqbr.com.br as EAQ
* Added 20.180.0.0/14, 20.184.0.0/13 range as Skype
* Added 52.84.0.0/14 range as Amazon
* Added ^pastebin.com
* Changed 13.64.0.0/11 range from Skype to Microsoft
* Refreshed Whatsapp server list, added *whatsapp-*.fbcdn.net IPs
* Added public DNSoverHTTPS servers
Improvements
* Reworked and improved the TLS dissector
* Reworked Kerberos dissector
* Improved DNS response decoding
* Support for DNS continuous flow dissection
* Improved Python bindings
* Improved Ethereum support
* Improved categories detection with streaming and HTTP
* Support for IP-based detection to compute the application protocol
* Renamed protocol 104 to IEC60870 (more meaningful)
* Added failed authentication support with FTP
* Renamed DNSoverHTTPS to handle bot DoH and DoT
* Implemented stacked DPI decoding
* Improvements for CapWAP and Bloomberg
* Improved SMB dissection
* Improved SSH dissection
* Added capwap support
* Modified API signatures for ndpi_ssl_version2str / ndpi_detection_giveup
* Removed ndpi_pref_http_dont_dissect_response / ndpi_pref_dns_dont_dissect_response (replaced by ndpi_extra_dissection_possible)
Fixes
* Fixed memory invalid access in SMTP and leaks in TLS
* Fixed a few memory leaks
* Fixrd invalid memory access in a few protocol dissectors (HTTP, memcached, Citrix, STUN, DNS, Amazon Video, TLS, Viber)
* Fixed IPv6 address format across the various platforms/distributions
* Fixed infinite loop in ndpi_workflow_process_packet
* Fixed SHA1 certificate detection
* Fixed custom protocol detection
* Fixed SMTP dissection (including email)
* Fixed Telnet dissection and invalid password report
* Fixed invalid category matching in HTTP
* Fixed Skype and STUN false positives
* Fixed SQL Injection detection
* Fixed invalid SMBv1 detection
* Fixed SSH dissection
* Fixed ndpi_ssl_version2str
* Fixed ndpi_extra_dissection_possible
* Fixed out of bounds read in ndpi_match_custom_category
Misc
* ndpiReader
* CSV output enhancements
* Added tunnelling decapsulation
* Improved HTTP reporting
nDPI 3.0:
New Features
* nDPI now reports the protocol ASAP even when specific fields have not yet been dissected because such packets have not yet been observed. This is important for inline applications that can immediately act on traffic. Applications that need full dissection need to call the new API function ndpi_extra_dissection_possible() to check if metadata dissection has been completely performed or if there is more to read before declaring it completed.
* TLS (formerly identified as SSL in nDPI v2.x) is now dissected more deeply, certificate validity is extracted as well certificate SHA-1.
* nDPIreader can now export data in CSV format with option `-C`
* Implemented Sequence of Packet Length and Time (SPLT) and Byte Distribution (BD) as specified by Cisco Joy (https://github.com/cisco/joy). This allows malware activities on encrypted TLS streams. Read more at https://blogs.cisco.com/security/detecting-encrypted-malware-traffic-without-decryption
* Available as library and in `ndpiReader` with option `-J`
* Promoted usage of protocol categories rather than protocol identifiers in order to classify protocols. This allows application protocols to be clustered in families and thus better managed by users/developers rather than using hundred of protocols unknown to most of the people.
* Added Inter-Arrival Time (IAT) calculation used to detect protocol misbehaviour (e.g. slow-DoS detection)
* Added data analysis features for computign metrics such as entropy, average, stddev, variance on a single and consistent place that will prevent when possible. This should ease traffic analysis on monitoring/security applications. New API calls have been implemented such as ndpi_data_XXX() to handle these calculations.
* Initial release of Python bindings available under nDPI/python.
* Implemented search of human readable strings for promoting data exfiltration detection
* Available as library and in `ndpiReader` with option `-e`
* Fingerprints
* JA3 (https://github.com/salesforce/ja3)
* HASSH (https://github.com/salesforce/hassh)
* DHCP
* Implemented a library to serialize/deserialize data in both Type-Length-Value (TLV) and JSON format
* Used by nProbe/ntopng to exchange data via ZMQ
New Supported Protocols and Services
* DTLS (i.e. TLS over UDP)
* Hulu
* TikTok/Musical.ly
* WhatsApp Video
* DNSoverHTTPS
* Datasaver
* Line protocol
* Google Duo and Hangout merged
* WireGuard VPN
* IMO
* Zoom.us
Improvements
* TLS
* Organizations
* Ciphers
* Certificate analysis
* Added PUBLISH/SUBSCRIBE methods to SIP
* Implemented STUN cache to enhance matching of STUN-based protocols
* Dissection improvements
* Viber
* WhatsApp
* AmazonVideo
* SnapChat
* FTP
* QUIC
* OpenVPN support for UDP-based VPNs
* Facebook Messenger mobile
* Various improvements for STUN, Hangout and Duo
* Added new categories: CUSTOM_CATEGORY_ANTIMALWARE, NDPI_PROTOCOL_CATEGORY_MUSIC, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_CATEGORY_SHOPPING, NDPI_PROTOCOL_CATEGORY_PRODUCTIVITY and NDPI_PROTOCOL_CATEGORY_FILE_SHARING
* Added NDPI_PROTOCOL_DANGEROUS classification
Fixes
* Fixed the dissection of certain invalid DNS responses
* Fixed Spotify dissection
* Fixed false positives with FTP and FTP_DATA
* Fix to discard STUN over TCP flows
* Fixed MySQL dissector
* Fix category detection due to missing initialization
* Fix DNS rsp_addr missing in some tiny responses
* Various hardening fixes
v2.63.0
FEATURES:
New Data Source: aws_efs_access_point
New Data Source: aws_wafv2_ip_set
New Data Source: aws_wafv2_regex_pattern_set
New Resource: aws_efs_access_point
New Resource: aws_efs_file_system_policy
New Resource: aws_wafv2_ip_set
New Resource: aws_wafv2_regex_pattern_set
ENHANCEMENTS:
resource/aws_ssm_document: Add document_version attribute
data-source/aws_ram_resource_share: Add owning_account_id attribute
data-source/aws_lb: Add ip_address_type attribute
data-source/aws_lb_target_group: Add load_balancing_algorithm_type attribute
data-source/aws_rds_cluster: backtrack_window attribute now available
resource/aws_codebuild_webhook: Support COMMIT_MESSAGE value in filter types
resource/aws_cognito_identity_pool_roles_attachment: Add import support
resource/aws_ecs_service: Add force_new_deployment argument
resource/aws_ecs_service: Support in-place updates for ordered_placement_strategy and placement_constraints
resource/aws_eks_node_group: Add force_update_version argument
resource/aws_glue_connection: Add arn argument
resource/aws_iot_topic_rule: Add tags argument
BUG FIXES:
resource/aws_ssm_activation: expired now properly set
resource/aws_redshift_security_group: The resource is now importable
resource/cloudwatch_log_metric_filter: metric_transformation default_value now properly set
data-source/aws_db_instance: auto_minor_version_upgrade attribute now properly set
resource/aws_autoscaling_group: tags propagate_at_launch attribute now properly set
resource/aws_eks_node_group: Only pass release_version value during UpdateNodegroupVersion if changed
resource/aws_network_acl: Fix issue with updating subnet associations returning InvalidAssociationID.NotFound
Changelog:
Version 2.9.4
Tuesday, May 5, 2020
Improvements:
ANY query over UDP is always answered with one RRSet + possible RRSIG instead of truncated reply
Server tries to resolve CNAME record generated by geoip module (Thanks to Conrad Hoffmann)
Earlier OCSP validity check in kdig certificate verification (Thanks to Alexander Schultz)
Module onlinesign allows KSK + ZSK mode
Server control listen backlog limit was increased to 5
Zone signing event is always re-scheduled even after a signing error
Extended error checks and tiny enhancements in kjournalprint
kdig logs a more detailed error message when failed to acquire a remote address
Some documentation improvements
Bugfixes:
Server can crash when zone update fails due to exceeded zone size limit
keymgr 'share' command doesn't work
Shared KSK doesn't work with an initial key
Self-created RRSIGs are still cryptographically verified in some unnecessary cases
Changed NSEC3PARAM not correctly detected during zone update
NSEC(3) chain not fixed if affected by zone udpate
knotc orphan purge doesn't work on journal
Online signing configured along with DNSSEC signing can cause MDB_BAD_RSLOT error during server reload
Zone journal access can stuck if mismanaged zone serial
Concurrently added and removed same records in a DDNS message are not properly handled
Zone check logs error instead of warning after a first error occured
New in 1.0.22:
* Add File_seekable
* Rework some routines to fix holes in error checking and potential mem…
* Fix File_read when the current location is not zero
* Add File_flush
* Add File_tell
Wireshark 3.2.4 Release Notes
What’s New
The Windows installers now ship with Qt 5.12.8. They previously
shipped with Qt 5.12.6.
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2020-08[1] A dissector went awry.
The following bugs have been fixed:
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
New and Updated Capture File Support
There is no new or updated capture file support in this release.
These packages are susceptible to bugs when confronted with non-ASCII
characters.
See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94182.
It takes some time to analyze and fix these individually, therefore they
are only marked as "needs work".
out with
runtime error: file /usr/pkg/share/xsl/docbook/lib/lib.xsl line 58 element choose
xsltApplySequenceConstructor: A potential infinite template recursion was detected.
# 2020-05-05 Version 2.1.0
Important notes:
* fix multiple CVEs: CVE-2020-11039, CVE-2020-11038, CVE-2020-11043, CVE-2020-11040, CVE-2020-11041,
CVE-2020-11019, CVE-2020-11017, CVE-2020-11018
* fix multiple leak and crash issues (#6129, #6128, #6127, #6110, #6081, #6077)
Noteworthy features and improvements:
* Fixed sound issues (#6043)
* New expert command line options /tune and /tune-list to modify all client
settings in a generic way.
* Fixes for smartcard cache, this improves compatibility of smartcard devices
with newer smartcard channel.
* Shadow server can now be instructed to listen to multiple interfaces.
* Improved server certificate support (#6052)
* Various fixes for wayland client (fullscreen, mouse wheel, ...)
* Fixed large mouse pointer support, now mouse pointers > 96x96 pixel are visible.
* USB redirection command line improvements (filter options)
* Various translation improvements for android and ios clients
For a complete and detailed change log since the last release candidate run:
git log 2.0.0..2.1.0
# 2020-04-09 Version 2.0.0
Important notes:
* fix multiple CVEs: CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526
* fix multiple other security related issues (#6005, #6006, #6007, #6008, #6009, #6010, #6011, #6012, #6013)
* sha256 is now used instead of sha1 to fingerprint certificates. This will
invalidate all hosts in FreeRDP known_hosts2 file and causes a prompt if a
new connection is established after the update
Noteworthy features and improvements:
* First version of the RDP proxy was added (#5372) - thanks to @kubistika
* Smartcard received some refactoring. Missing functions were added and input
validation was improved (#5884)
* A new option /cert that unifies all certificate related options (#5880)
The old options (cert-ignore, cert-deny, cert-name, cert-tofu) are still
available but marked as deprecated
* Support for Remote Assistance Protocol Version 2 [MS-RA]
* The DirectFB client was removed because it was unmaintained
* Unified initialization of OrderSupport
* Fix for licensing against Windows Server 2003
* Font smoothing is now enabled per default
* Flatpack support was added
* Smart scaling for Wayland using libcairo was added (#5215)
* Unified update->BeginPaint and update->EndPaint
* An image scaling API for software drawing was added
* Rail was updated to the latest spec version 28.0
* Support for H.264 in the shadow server is now detected at runtime
* Add mask=<value> option for /gfx and /gfx-h264 (#5771)
* Code reformatting (#5667)
* A new option /timeout was added to adjust the TCP ACK timeout (#5987)
For a complete and detailed change log since the last release candidate run:
git log 2.0.0-rc4..2.0.0
This is probably the most important of the Samba man pages, and it
should not have been excluded from the build without a detailed
explanation, "just to make the pkg build".
Update bind914 to 9.14.12 (BIND 9.14.12).
Note from release announce:
BIND 9.14.12 is the final planned release in the now End-of-Life (EOL)
9.14 branch.
--- 9.14.12 released ---
5395. [security] Further limit the number of queries that can be
triggered from a request. Root and TLD servers
are no longer exempt from max-recursion-queries.
Fetches for missing name server address records
are limited to 4 for any domain. (CVE-2020-8616)
[GL #1388]
5390. [security] Replaying a TSIG BADTIME response as a request could
trigger an assertion failure. (CVE-2020-8617)
[GL #1703]
5376. [bug] Fix ineffective DNS rebinding protection when BIND is
configured as a forwarding DNS server. Thanks to Tobias
Klein. [GL #1574]
5358. [bug] Inline master zones whose master files were touched
but otherwise unchanged and were subsequently reloaded
may have stopped re-signing. [GL !3135]
5357. [bug] Newly added RRSIG records with expiry times before
the previous earliest expiry times might not be
re-signed in time. This was a side effect of 5315.
[GL !3137]
Update bind911 to 9.11.19 (BIND 9.11.19).
--- 9.11.19 released ---
5404. [bug] 'named-checkconf -z' could incorrectly indicate
success if errors were found in one view but not in a
subsequent one. [GL #1807]
5398. [bug] Named could fail to restart if a zone with a double
quote (") in its name was added with 'rndc addzone'.
[GL #1695]
5395. [security] Further limit the number of queries that can be
triggered from a request. Root and TLD servers
are no longer exempt from max-recursion-queries.
Fetches for missing name server address records
are limited to 4 for any domain. (CVE-2020-8616)
[GL #1388]
5394. [cleanup] Named formerly attempted to change the effective UID and
GID in named_os_openfile(), which could trigger a
spurious log message if they were already set to the
desired values. This has been fixed. [GL #1042]
[GL #1090]
5390. [security] Replaying a TSIG BADTIME response as a request could
trigger an assertion failure. (CVE-2020-8617)
[GL #1703]
5387. [func] Warn about AXFR streams with inconsistent message IDs.
[GL #1674]
Pkgsrc changes:
* None.
Upstream changes:
This release fixes CVE-2020-12662 and CVE-2020-12663.
Bug Fixes:
- CVE-2020-12662 Unbound can be tricked into amplifying an incoming
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
used to make Unbound unresponsive.
####################### V 1.7.3.4:
Corrections:
Header of xiotermios_speed() declared parameter unsigned int instead of
speed_t, thus compiling failed on MacOS
Thanks to Joe Strout and others for reporting this bug.
Thanks to Andrew Childs and others for sending a patch.
Under certain circumstances, termios options of the first address were
applied to the second address, resulting in error
"Inappropriate ioctl for device"
This affected version 1.7.3.3 only.
Test: TERMIOS_PH_ALL
Thanks to Ivan J. for reporting this issue.
Socat failed to compile when no poll() system call was found by
configure.
Thanks to Jason White for sending a patch.
Due to use of SSL_CTX_clear_mode() Socat failed to compile on old
systems with, e.g., OpenSSL-0.9.8. Thanks to Simon Matter and Moritz B.
for reporting this problem and sending initial patches.
getaddrinfo() in IP4-SENDTO and IP6-SENDTO addresses failed with
"ai_socktype not supported" when protocol 6 was addressed.
The fix removes the possibility to use service names with SCTP.
Test: IP_SENDTO_6
Thanks to Sören for sending an initial patch.
Under certain circumstances, Socat printed the "socket ... is at EOF"
multiple times.
Test: MULTIPLE_EOF
Newer parts of test.sh used substitutions ${x,,*} or ${x^^*} that are
not implemented in older bash versions.
The "random" provider allows the use of randomness within Terraform
configurations. This is a logical provider, which means that it works entirely
within Terraform's logic, and doesn't interact with any other services.
v2.62.0
FEATURES:
New Resource: aws_workspaces_workspace
ENHANCEMENTS:
resource/aws_appsync_resolver: Add cache_config configuration block
resource/aws_codebuild_project: Support git_submodules_config with GITHUB and GITHUB_ENTERPRISE source types
resource/aws_codebuild_project: Support SECRETS_MANAGER environment variable type
resource/aws_datasync_task: Support ONLY_FILES_TRANSFERRED value in verify_mode argument
resource/aws_iot_topic_rule: Add dynamodbv2 configuration block
resource/aws_iot_topic_rule: Add iot_analytics configuration block
resource/aws_iot_topic_rule: Add iot_events configuration block
resource/aws_iot_topic_rule: Add operation argument to dynamodb configuration block
resource/aws_iot_topic_rule: Add qos argument republish configuration block
BUG FIXES:
resource/aws_codebuild_project: Allow empty value ("") environment variables
resource/aws_security_group_rule: Prevent recreation when source_security_group_id refers to a security group across accounts
v2.61.0
FEATURES:
New Data Source: aws_ec2_coip_pool
New Data Source: aws_ec2_coip_pools
New Data Source: aws_ec2_local_gateway
New Data Source: aws_ec2_local_gateways
New Data Source: aws_ec2_local_gateway_route_table
New Data Source: aws_ec2_local_gateway_route_tables
New Resource: aws_ec2_transit_gateway_peering_attachment_accepter
ENHANCEMENTS:
data-source/aws_ebs_volume: Add multi_attach_enabled attribute
data-source/aws_efs_file_system: Add size_in_bytes attribute
data-source/aws_eip: Add customer_owned_ip and customer_owned_ipv4_pool attributes
data-source/aws_launch_template: add partition_number attribute
resource/aws_api_gateway_deployment: Add triggers argument
resource/aws_apigatewayv2_deployment: Add triggers argument
resource/aws_ebs_volume: Add multi_attach_enabled attribute
resource/aws_eip: Add customer_owned_ip attribute and customer_owned_ipv4_pool argument
resource/aws_glue_connection: Support KAFKA for connection_type argument
resource/aws_launch_template: add partition_number attribute
resource/aws_launch_template: add plan time validation to volume_type, spot_instance_type, ipv6_addresses, ipv4_addresses, private_ip_address`
resource/aws_workspaces_directory: Add output attributes for workspace_security_group_id, iam_role_id, registration_code, directory_name, directory_type, customer_user_name, alias, ip_group_ids and dns_ip_addresses
BUG FIXES:
resource/aws_workspaces_directory: Fixes error when removing tags
v2.60.0
NOTES:
provider: Region validation now automatically supports the new eu-south-1 (Europe (Milan)) region. For AWS operations to work in the new region, the region must be explicitly enabled as outlined in the AWS Documentation. When the region is not enabled, the Terraform AWS Provider will return errors during credential validation (e.g. error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid) or AWS operations will throw their own errors (e.g. data.aws_availability_zones.current: Error fetching Availability Zones: AuthFailure: AWS was not able to validate the provided access credentials).
provider: Ignore tags functionality across all data sources and resources (except aws_autoscaling_group) via the provider-level ignore_tags configuration block has been enabled and this functionality is no longer considered in preview.
FEATURES:
New Data Source: aws_backup_plan
New Data Source: aws_backup_selection
New Data Source: aws_backup_vault
New Data Source: aws_ec2_transit_gateway_peering_attachment
New Resource: aws_ec2_transit_gateway_peering_attachment
New Resource: aws_guardduty_organization_admin_account
New Resource: aws_guardduty_organization_configuration
ENHANCEMENTS:
data-source/aws_cloudtrail_service_account: Support eu-south-1 region
data-source/aws_ebs_volume: Add outpost_arn attribute
data-source/aws_elastic_beanstalk_hosted_zone: Support eu-south-1 region
data-source/aws_elb_hosted_zone_id: Add us-gov-east-1 and us-gov-west-1 region values
data-source/aws_elb_hosted_zone_id: Support eu-south-1 region
data-source/aws_elb_service_account: Support eu-south-1 region
data-source/aws_instance: Add outpost_arn attribute
data-source/aws_network_interface: Add outpost_arn attribute
data-source/aws_s3_bucket: Support eu-south-1 region for hosted_zone_id attribute
data-source/aws_subnet: Add outposts_arn attribute
provider: Support automatic region validation for eu-south-1
provider: Implement ignore tags functionality across all data sources and resources (except aws_autoscaling_group)
resource/aws_api_gateway_stage: Ignore NotFoundException error on destroy
resource/aws_db_snapshot: Support import
resource/aws_default_route_table: Add plan-time validation to cidr_block and ipv6_cidr_block arguments
resource/aws_default_route_table: Support import
resource/aws_dms_endpoint: Add kafka_settings configuration block and kafka to engine_name argument validation
resource/aws_ebs_volume: Add outpost_arn argument
resource/aws_elasticsearch_domain: Support customizable update timeout
resource/aws_glue_connection: Support MONGODB for connection_type argument
resource/aws_key_pair: Support tag-on-create
resource/aws_instance: Add outpost_arn attribute
resource/aws_mq_broker: Support import
resource/aws_network_interface: Add outpost_arn attribute
resource/aws_placement_group: Support tag-on-create
resource/aws_route_table: Add plan-time validation to cidr_block and ipv6_cidr_block arguments
resource/aws_route53_health_check: Support plan-time validation for reference_name argument
resource/aws_s3_bucket: Support eu-south-1 region for hosted_zone_id attribute
resource/aws_spot_fleet_request: Add launch_template_config configuration block (Support EC2 Launch Templates)
resource/aws_spot_fleet_request: Support import
resource/aws_storagegateway_gateway: Add gateway_vpc_endpoint argument
resource/aws_storagegateway_smb_file_share: Add path attribute
resource/aws_subnet: Add outposts_arn argument
resource/aws_wafregional_xss_match_set: Add plan-time validation for xss_match_tuple configuration block arguments
BUG FIXES:
data-source/aws_api_gateway_rest_api: Prevent error with VPC Endpoint configured APIs
resource/aws_appautoscaling_scheduled_action: Prevent error on refresh with multiple resources using the same scheduled action name
resource/aws_batch_job_queue: Prevent panic when ComputeEnvironmentOrder is updated outside Terraform
resource/aws_default_route_table: Proper tag on resource creation
resource/aws_efs_file_system: Prevent panic with empty lifecycle_policy configuration block
resource/aws_fsx_windows_file_system: Prevent panic when update includes self_managed_active_directory settings
resource/aws_glue_catalog_table: Prevent various panics with empty configuration blocks
resource/aws_kinesis_firehose_delivery_stream: Prevent panic with empty processing_configuration configuration block
resource/aws_kms_external_key: Prevent MalformedPolicyDocumentException errors on creation by retrying for up to 2 minutes to wait for IAM change propagation
resource/aws_kms_key: Prevent MalformedPolicyDocumentException errors on creation by retrying for up to 2 minutes to wait for IAM change propagation
resource/aws_lb_listener: Prevent panics on creation and refresh when API throttled
resource/aws_route53_zone: Prevent panic with APIs missing ChangeInfo during creation (best effort fix for LocalStack)
resource/aws_storagegateway_gateway: Perform multiple connectivity checks after activation to wait if the underlying server (e.g. EC2 Instance) is automatically rebooted
resource/aws_storagegateway_gateway: Retry 504 status code on activation
resource/aws_wafregional_xss_match_set: Prevent crash with xss_match_tuple configuration block since version 2.59.0
v2.59.0
@breathingdust breathingdust released this 24 days ago · 470 commits to master since this release
NOTES:
provider: Region validation now automatically supports the new af-south-1 (Africa (Cape Town)) region. For AWS operations to work in the new region, the region must be explicitly enabled as outlined in the AWS Documentation. When the region is not enabled, the Terraform AWS Provider will return errors during credential validation (e.g. error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid) or AWS operations will throw their own errors (e.g. data.aws_availability_zones.current: Error fetching Availability Zones: AuthFailure: AWS was not able to validate the provided access credentials). (#12715)
resource/aws_iam_user: The additional force_destroy behavior for handling signing certificates requires two additional IAM permissions (iam:ListSigningCertificates and iam:DeleteSigningCertificate). Restrictive IAM permissions for Terraform runs may require updates. (#10542)
resource/aws_rds_cluster: Due to recent API support for Aurora MySQL 5.7 and PostgreSQL Global Clusters which implemented the engine mode as provisioned instead of the previous global for Aurora MySQL 5.6, the resource now requires the DescribeGlobalClusters API call. Restrictive IAM permissions may require updates. (#12867)
FEATURES:
New Resource: aws_apigatewayv2_api_mapping (#9461)
New Resource: aws_apigatewayv2_vpc_link (#12577)
ENHANCEMENTS:
data_source/aws_acm_certificate: Add tags output (#11659)
data-source/aws_cloudtrail_service_account: Support af-south-1 region (#12967)
data-source/aws_elastic_beanstalk_hosted_zone: Support af-south-1 region (#12967)
data-source/aws_elb_hosted_zone_id: Support af-south-1 region (#12967)
data-source/aws_elb_service_account: Support af-south-1 region (#12967)
data-source/aws_s3_bucket: Support af-south-1 region for hosted_zone_id attribute (#12967)
provider: Support automatic region validation for af-south-1 (#12715)
resource/aws_apigatewayv2_api: Add cors_configuration, credentials_arn, route_key and target attributes (#12452)
resource/aws_appsync_graphql_api: Add log_config configuration block exclude_verbose_content argument (#12884)
resource/aws_config_configuration_recorder: Prevent error during deletion operation when resource is missing (#12734)
resource/aws_default_network_acl: Support import (#12924)
resource/aws_lambda_alias: Suppress differences for equivalent function_name argument values of name versus ARN (#12902)
resource/aws_network_acl_rule: Support import (#12921)
resource/aws_route: Add plan-time validation for destination_cidr_block and destination_ipv6_cidr_block arguments (#12890)
resource/aws_s3_bucket: Support af-south-1 region for hosted_zone_id attribute (#12967)
resource/aws_service_discovery_private_dns_namespace: Support import (#12929)
resource/aws_ssm_activation: Support import (#12933)
resource/aws_ssm_maintenance_window_target: Add plan-time validation to resource_type argument (#11783)
resource/aws_ssm_maintenance_window_target: Support import (#12935)
resource/aws_volume_attachment: Support import (#12948)
resource/aws_waf_ipset: Add plan-time validation for ip_set_descriptors configuration block arguments (#12775)
resource/aws_waf_sql_injection_match_set: Support import (#11657)
resource/aws_waf_xss_match_set: Add plan-time validation for xss_match_tuples configuration block arguments (#12777)
resource/aws_wafregional_web_acl: Add plan-time validation to various arguments (#12793)
BUG FIXES:
data-source/aws_launch_template: Prevent type error with network_interfaces associate_public_ip_address attribute (#12936)
resource/aws_glue_security_configuration: Prevent empty string KMS Key ARN in S3 Encryption settings (#12898)
resource/aws_iam_user: Ensure force_destroy argument removes signing certificates when enabled (#10542)
resource/aws_rds_cluster: Prevent unexpected global_cluster_identifier differences and deletion error with aurora-mysql and aurora-postgresql Global Cluster members (#12867)
resource/aws_route: Prevent not found after creation error with destination_ipv6_cidr_block set to ::0/0 (#12890)
Assets
2
v2.58.0
94d0642
Unverified
Compare
v2.58.0
@breathingdust breathingdust released this on 17 Apr · 589 commits to master since this release
FEATURES:
New Data Source: aws_regions (#12269)
New Resource: aws_apigatewayv2_deployment (#9245)
New Resource: aws_apigatewayv2_domain_name (#9391)
New Resource: aws_apigatewayv2_integration_response (#9365)
New Resource: aws_apigatewayv2_route (#8881)
New Resource: aws_apigatewayv2_route_response (#9373)
New Resource: aws_apigatewayv2_stage (#9232)
New Resource: aws_dms_event_subscription (#7170)
ENHANCEMENTS:
data-source/aws_dynamodb_table: Add replica attribute (initial support for Global Tables V2 (version 2019.11.21)) (#12342)
data-source/aws_instance: Exports volume_name for root_block_device (#12620)
resource/aws_backup_plan: Add rule configuration block copy_action configuration block (support cross region copy) (#11923)
resource/aws_cognito_identity_provider: Support plan-time validation for idp_identifiers, provider_name, and provider_type arguments (#10705)
resource/aws_dms_endpoint: Add elasticsearch_settings configuration block and elasticsearch to engine_name validation (support Elasticsearch endpoints) (#11792)
resource/aws_dms_endpoint: Add kinesis_settings configuration block and kinesis to engine_name validation (support Kinesis endpoints) (#8633)
resource/aws_dynamodb_table: Add replica configuration block (initial support for Global Tables V2 (version 2019.11.21)) (#12342)
resource/aws_ec2_client_vpn_endpoint: Allow two authentication_options configuration blocks (#12819)
resource/aws_instance: Allow changing root volume size without re-creating resource (#12620)
resource/aws_instance: Exports volume_name for root_block_device (#12620)
BUG FIXES:
resource/aws_dlm_lifecycle_policy: Ensure plan-time validation for times argument only allows 24 hour format (#12800)
Assets
2
v2.57.0
8c46f5f
Unverified
Compare
v2.57.0
@breathingdust breathingdust released this on 10 Apr · 712 commits to master since this release
BREAKING CHANGES:
provider: The configuration for the preview ignore tags functionality has been updated to include a wrapping configuration block. For example:
provider "aws" {
ignore_tags {
keys = ["TagKey1"]
}
}
FEATURES:
New Data Source: aws_cloudfront_distribution (#6468)
New Resource: aws_apigatewayv2_authorizer (#9228)
New Resource: aws_apigatewayv2_integration (#8949)
New Resource: aws_apigatewayv2_model (#8912)
ENHANCEMENTS:
data-source/aws_lambda_layer_version: Support plan-time validation for compatible_runtime argument dotnetcore3.1 value (support .NET Core 3.1) (#12712)
resource/aws_cloudhsm_v2_cluster: Support tag-on-create (#11683)
resource/aws_docdb_cluster: Add deletion_protection argument (#12650)
resource/aws_egress_only_internet_gateway: Add tags argument (#11568)
resource/aws_lambda_function: Support plan-time validation for runtime argument dotnetcore3.1 value (support .NET Core 3.1) (#12712)
resource/aws_lambda_layer_version: Support plan-time validation for compatible_runtimes argument dotnetcore3.1 value (support .NET Core 3.1) (#12712)
resource/aws_rds_global_cluster: Add aurora-postgresql to engine argument plan-time validation (#12401)
resource/aws_redshift_snapshot_copy_grant: Support resource import (#10350)
resource/aws_spot_fleet_request: Add tags argument (support tagging of Spot Fleet Request itself) (#12295)
resource/aws_spot_fleet_request: Support plan-time validation for launch_specification configuration block ebs_block_device volume_type, iam_instance_profile_arn, placement_tenancy, and root_block_device volume_type arguments (#12295)
resource/aws_spot_fleet_request: Support plan-time validation for allocation_strategy, instance_interruption_behaviour, and target_group_arns arguments (#12295)
service/ec2: Prevent eventual consistency errors tagging resources on creation (#12735)
BUG FIXES:
resource/aws_appautoscaling_policy: Fix error when importing DynamoDB Table Index policy (#11232)
resource/aws_db_instance: Allow creating read replica into RAM shared Subnet with VPC Security Group (#12700)
resource/aws_kms_key: Prevent eventual consistency related errors on creation (#12738)
resource/aws_lb_target_group: Automatically propose resource recreation for TCP protocol Target Groups when health_check configuration block interval, protocol, or timeout argument values are updated (#4568)
Assets
2
v2.56.0
02afaa6
Unverified
Compare
v2.56.0
@bflad bflad released this on 3 Apr · 813 commits to master since this release
NOTES:
resource/aws_emr_cluster: The bug fix in this release will potentially re-create EMR Clusters with multiple bootstrap actions, since bootstrap actions cannot be modified in place. To avoid re-creation, temporarily add the ignore_changes lifecycle configuration argument and/or update the order in your Terraform configuration.
ENHANCEMENTS:
data-source/aws_launch_template: Add hibernation_options attribute (#12492)
resource/aws_codepipeline: Adds cross-region action support (#12549)
resource/aws_dx_connection: Support 2Gbps and 5Gbps values in plan-time validation for bandwidth argument (#12559)
resource/aws_dx_lag: Support 2Gbps and 5Gbps values in plan-time validation for bandwidth argument (#12559)
resource/aws_elastic_transcoder_preset: Support plan-time validation for role argument (#12575)
resource/aws_kms_grant: Support resource import (#11991)
resource/aws_launch_template: Add hibernation_options configuration block (#12492)
BUG FIXES:
resource/aws_codedeploy_deployment_group: Fix blue_green_deployment_config updates for ECS (#11885)
resource/aws_emr_cluster: Now properly sets the order when multiple bootstrap actions are defined
resource/aws_kms_grant: Remove resource from Terraform state instead of error if removed outside Terraform (#12560)
resource/aws_s3_bucket: Prevent various panics with empty configuration blocks (#12614)
resource/aws_volume_attachment: Ensure any error is shown while waiting for volume to detach (#12596)
Assets
2
v2.55.0
3bef4e2
Unverified
Compare
v2.55.0
@gdavison gdavison released this on 27 Mar · 899 commits to master since this release
FEATURES:
New Resource: aws_ec2_availability_zone_group (#12400)
ENHANCEMENTS:
data-source/aws_availability_zone: Add all_availability_zones and filter arguments (#12400)
data-source/aws_availability_zone: Add group_name, network_border_group, and opt_in_status attributes (#12400)
data-source/aws_availability_zones: Add all_availability_zones and filter arguments (#12400)
data-source/aws_availability_zones: Add group_names attribute (#12400)
data-source/aws_ec2_transit_gateway_dx_gateway_attachement: Add filter and tags arguments (#12516)
data-source/aws_ec2_transit_gateway_vpn_attachment: Add filter and tags arguments (#12415)
data-source/aws_instance: Add metadata_options attribute (#12491)
data-source/aws_launch_template: Add filter and tags arguments (#12403)
data-source/aws_launch_template: Add metadata_options attribute (#12491)
data-source/aws_prefix_list: Add filter argument (#12416)
data-source/aws_vpc_endpoint_service: Add filter and tags arguments (#12404)
resource/aws_athena_workgroup: Add force_destroy argument (#12254)
resource/aws_cloudwatch_log_metric_filter: Support resource import (#11992)
resource/aws_flow_log: Add max_aggregation_interval argument (#12483)
resource/aws_instance: Add metadata_options configuration block (support IMDSv2) (#12491)
resource/aws_launch_template: Add metadata_options configuration block (support IMDSv2) (#12491)
resource/aws_msk_cluster: Add logging_info configuration block (support CloudWatch, Firehose, and S3 logging) (#12215)
resource/aws_mq_configuration: Support plan-time validation for engine_type argument (#11843)
resource/aws_route53_health_check: A dd plan-time validation to insufficient_data_health_status (#12305)
resource/aws_storagegateway_nfs_file_share: Add path attribute (#12530)
BUG FIXES:
resource/aws_db_instance: Allow restoring from snapshot into RAM shared Subnet with VPC Security Group (#12447)
resource/aws_mq_configuration: Remove extraneous ListTags API call during refresh (#11843)
resource/aws_neptune_cluster_instance: Add missing configuring-log-exports as allowed pending state (#12079)
resource/aws_route53_health_check: Do not recreate health check when using compressed ipv6 address
v0.12.25
NOTES:
backend/s3: Region validation now automatically supports the new af-south-1 (Africa (Cape Town)) region. For AWS operations to work in the new region, the region must be explicitly enabled as outlined in the AWS Documentation. When the region is not enabled, the Terraform S3 Backend will return errors during credential validation (e.g. error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid).
ENHANCEMENTS:
backend/s3: Support automatic region validation for af-south-1
backend/remote: Add support for force push to remote backend
BUG FIXES:
core: Destroy provisioners should not evaluate for_each expressions
core: Fix races in GetVariableValue
4.4.0
=======
- This version is officially supported on CPython 2.7,
3.5, 3.6, 3.7 & 3.8 and is also supported on PyPy2 & PyPy3.
- Kombu 4.6.7
- Task class definitions can have retry attributes
4.4.0rc5
========
- Kombu 4.6.7
- Events bootstep disabled if no events
- SQS - Reject on failure
- Add a concurrency model with ThreadPoolExecutor
- Add auto expiry for DynamoDB backend
- Store extending result in all backends
- Fix a race condition when publishing a very large chord header
- Improve docs and test matrix
4.4.0rc4
========
- Kombu 4.6.6
- Py-AMQP 2.5.2
- Python 3.8
- Numerious bug fixes
- PyPy 7.2
4.4.0rc3
========
- Kombu 4.6.4
- Billiard 3.6.1
- Py-AMQP 2.5.1
- Avoid serializing datetime
- Fix: (group() | group()) not equals single group
- Revert "Broker connection uses the heartbeat setting from app config.
- Additional file descriptor safety checks.
- fixed call for null args
- Added generic path for cache backend.
- Fix Nested group(chain(group)) fails
- Use self.run() when overriding __call__
- Fix termination of asyncloop
- Fix migrate task to work with both v1 and v2 of the message protocol.
- Updating task_routes config during runtime now have effect.
4.4.0rc2
========
- Many bugs and regressions fixed.
- Kombu 4.6.3
4.4.0rc1
========
- Python 3.4 drop
- Kombu 4.6.1
- Replace deprecated PyMongo methods usage
- Pass task request when calling update_state
- Fix bug in remaining time calculation in case of DST time change
- Fix missing task name when requesting extended result
- Fix `collections` import issue on Python 2.7
- handle `AttributeError` in base backend exception deserializer
- Make `AsynPool`'s `proc_alive_timeout` configurable
- AMQP Support for extended result
- Fix SQL Alchemy results backend to work with extended result
- Fix restoring of exceptions with required param
- Django: Re-raise exception if `ImportError` not caused by missing tasks
module
- Django: fixed a regression putting DB connections in invalid state when
`CONN_MAX_AGE != 0`
- Fixed `OSError` leading to lost connection to broker
- Fixed an issue with inspect API unable get details of Request
- Fix mogodb backend authentication
- Change column type for Extended Task Meta args/kwargs to LargeBinary
- Handle http_auth in Elasticsearch backend results
- Fix task serializer being ignored with `task_always_eager=True`
- Fix `task.replace` to work in `.apply() as well as `.apply_async()`
- Fix sending of `worker_process_init` signal for solo worker
- Fix exception message upacking
- Add delay parameter function to beat_schedule
- Multiple documentation updates
Changes in Apache Libcloud 3.0.0
Common
------
Make sure auth_user_info variable on the OpenStack identify connection class is populated when using auth version 3.x_password and 3.x_oidc_access_token.
[OpenStack] Update OpenStack identity driver so a custom project can be selected using domain_name keyword argument containing a project id.
Previously this argument value could only contain a project name, now the value will be checked against project name and id.
Compute
-------
[GCE] Update create_node() method so it throws an exception if node location can't be inferred and location is not specified by the user ( either by passing datacenter constructor argument or by passing location argument to the method).
[GCE] Update ex_get_disktype method so it works if zone argument is not set.
[GiG G8] Add new driver for GiG G8 provider (https://gig.tech/).
Add new at_exit_func argument to deploy_node() method. With this argument user can specify which function will be called before exiting with the created node in question if the deploy process has been canceled after the node has been created, but before the method has fully finished.
This comes handy since it simplifies various cleanup scenarios.
[OpenStack] Fix auto assignment of volume device when using device name auto in the attach_volume method.
[Kamatera] Add new driver for Kamatera provider (https://www.kamatera.com).
Storage
-------
Add new download_object_range and download_object_range_as_stream methods for downloading part of the object content (aka range downloads) to the base storage API.
Currently those methods are implemented for the local storage Azure Blobs, CloudFiles, S3 and any other provider driver which is based on the S3 one (such as Google Storage and DigitalOcean Spaces).
Add type annotations for the base storage API.
[Google Storage] Update the driver so it supports service account HMAC credentials.
There was a bug in the code where we used the user id length check to determine the account type and that code check didn't take service account HMAC credentials (which contain a longer string) into account.
DNS
---
Add type annotations for the base DNS API.
Container
---------
[Kubernetes] Add support for the client certificate and static token based authentication to the driver.
Add type annotations for the base container API.
v20.0.0:
I'm pleased to announce txtorcon 20.0.0. This fixes a few bugs and
officially deprecates Python 2 support.
* Use real GeoIP database or nothing (https://github.com/meejah/txtorcon/issues/250)
* Change abstract base classes import in preperation for Python 3.8
* Python 3.4 is no longer supported
* Python 2 is deprecated; all new code should be Python 3. Support
for Python 2 will be removed in a future release.
Upstream changes:
* 3.4.5 (2020/05/15)
- re-implement judgements of displaying tweets to avoid tweets from
following to non-following users in some case
- fix ng word judgements missed in some case
- implement '--record-all' option
Changes in version 0.4.3.5 - 2020-05-15
Tor 0.4.3.5 is the first stable release in the 0.4.3.x series. This
series adds support for building without relay code enabled, and
implements functionality needed for OnionBalance with v3 onion
services. It includes significant refactoring of our configuration and
controller functionality, and fixes numerous smaller bugs and
performance issues.
Per our support policy, we support each stable release series for nine
months after its first stable release, or three months after the first
stable release of the next series: whichever is longer. This means
that 0.4.3.x will be supported until around February 2021--later, if
0.4.4.x is later than anticipated.
Note also that support for 0.4.1.x is about to end on May 20 of this
year; 0.4.2.x will be supported until September 15. We still plan to
continue supporting 0.3.5.x, our long-term stable series, until
Feb 2022.
Below are the changes since 0.4.2.6. For a list of only the changes
since 0.4.3.4-rc, see the ChangeLog file.
o New system requirements:
- When building Tor, you now need to have Python 3 in order to run
the integration tests. (Python 2 is officially unsupported
upstream, as of 1 Jan 2020.) Closes ticket 32608.
o Major features (build system):
- The relay code can now be disabled using the --disable-module-relay
configure option. When this option is set, we also disable the
dirauth module. Closes ticket 32123.
- When Tor is compiled --disable-module-relay, we also omit the code
used to act as a directory cache. Closes ticket 32487.
o Major features (directory authority, ed25519):
- Add support for banning a relay's ed25519 keys in the approved-
routers file. This will help us migrate away from RSA keys in the
future. Previously, only RSA keys could be banned in approved-
routers. Resolves ticket 22029. Patch by Neel Chauhan.
o Major features (onion services):
- New control port commands to manage client-side onion service
authorization credentials. The ONION_CLIENT_AUTH_ADD command adds
a credential, ONION_CLIENT_AUTH_REMOVE deletes a credential, and
ONION_CLIENT_AUTH_VIEW lists the credentials. Closes ticket 30381.
- Introduce a new SocksPort flag, ExtendedErrors, to support more
detailed error codes in information for applications that support
them. Closes ticket 30382; implements proposal 304.
o Major features (proxy):
- In addition to its current supported proxy types (HTTP CONNECT,
SOCKS4, and SOCKS5), Tor can now make its OR connections through a
HAProxy server. A new torrc option was added to specify the
address/port of the server: TCPProxy <protocol> <host>:<port>.
Currently the only supported protocol for the option is haproxy.
Closes ticket 31518. Patch done by Suphanat Chunhapanya (haxxpop).
o Major bugfixes (security, denial-of-service):
- Fix a denial-of-service bug that could be used by anyone to
consume a bunch of CPU on any Tor relay or authority, or by
directories to consume a bunch of CPU on clients or hidden
services. Because of the potential for CPU consumption to
introduce observable timing patterns, we are treating this as a
high-severity security issue. Fixes bug 33119; bugfix on
0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
as TROVE-2020-002 and CVE-2020-10592.
o Major bugfixes (circuit padding, memory leak):
- Avoid a remotely triggered memory leak in the case that a circuit
padding machine is somehow negotiated twice on the same circuit.
Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
This is also tracked as TROVE-2020-004 and CVE-2020-10593.
o Major bugfixes (directory authority):
- Directory authorities will now send a 503 (not enough bandwidth)
code to clients when under bandwidth pressure. Known relays and
other authorities will always be answered regardless of the
bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.
o Major bugfixes (DoS defenses, bridges, pluggable transport):
- Fix a bug that was preventing DoS defenses from running on bridges
with a pluggable transport. Previously, the DoS subsystem was not
given the transport name of the client connection, thus failed to
find the GeoIP cache entry for that client address. Fixes bug
33491; bugfix on 0.3.3.2-alpha.
o Major bugfixes (networking):
- Correctly handle IPv6 addresses in SOCKS5 RESOLVE_PTR requests,
and accept strings as well as binary addresses. Fixes bug 32315;
bugfix on 0.3.5.1-alpha.
o Major bugfixes (onion service):
- Report HS circuit failure back into the HS subsystem so we take
appropriate action with regards to the client introduction point
failure cache. This improves reachability of onion services, since
now clients notice failing introduction circuits properly. Fixes
bug 32020; bugfix on 0.3.2.1-alpha.
o Minor feature (heartbeat, onion service):
- Add the DoS INTRODUCE2 defenses counter to the heartbeat DoS
message. Closes ticket 31371.
o Minor feature (sendme, flow control):
- Default to sending SENDME version 1 cells. (Clients are already
sending these, because of a consensus parameter telling them to do
so: this change only affects what clients would do if the
consensus didn't contain a recommendation.) Closes ticket 33623.
o Minor features (best practices tracker):
- Practracker now supports a --regen-overbroad option to regenerate
the exceptions file, but only to revise exceptions to be _less_
tolerant of best-practices violations. Closes ticket 32372.
o Minor features (configuration validation):
- Configuration validation can now be done by per-module callbacks,
rather than a global validation function. This will let us reduce
the size of config.c and some of its more cumbersome functions.
Closes ticket 31241.
o Minor features (configuration):
- If a configured hardware crypto accelerator in AccelName is
prefixed with "!", Tor now exits when it cannot be found. Closes
ticket 32406.
- We now use flag-driven logic to warn about obsolete configuration
fields, so that we can include their names. In 0.4.2, we used a
special type, which prevented us from generating good warnings.
Implements ticket 32404.
o Minor features (configure, build system):
- Output a list of enabled/disabled features at the end of the
configure process in a pleasing way. Closes ticket 31373.
o Minor features (continuous integration):
- Run Doxygen Makefile target on Travis, so we can learn about
regressions in our internal documentation. Closes ticket 32455.
- Stop allowing failures on the Travis CI stem tests job. It looks
like all the stem hangs we were seeing before are now fixed.
Closes ticket 33075.
o Minor features (controller):
- Add stream isolation data to STREAM event. Closes ticket 19859.
- Implement a new GETINFO command to fetch microdescriptor
consensus. Closes ticket 31684.
o Minor features (debugging, directory system):
- Don't crash when we find a non-guard with a guard-fraction value
set. Instead, log a bug warning, in an attempt to figure out how
this happened. Diagnostic for ticket 32868.
o Minor features (defense in depth):
- Add additional checks around tor_vasprintf() usage, in case the
function returns an error. Patch by Tobias Stoeckmann. Fixes
ticket 31147.
o Minor features (developer tools):
- Remove the 0.2.9.x series branches from git scripts (git-merge-
forward.sh, git-pull-all.sh, git-push-all.sh, git-setup-dirs.sh).
Closes ticket 32772.
- Add a check_cocci_parse.sh script that checks that new code is
parseable by Coccinelle. Add an exceptions file for unparseable
files, and run the script from travis CI. Closes ticket 31919.
- Call the check_cocci_parse.sh script from a 'check-cocci' Makefile
target. Closes ticket 31919.
- Add a rename_c_identifiers.py tool to rename a bunch of C
identifiers at once, and generate a well-formed commit message
describing the change. This should help with refactoring. Closes
ticket 32237.
- Add some scripts in "scripts/coccinelle" to invoke the Coccinelle
semantic patching tool with the correct flags. These flags are
fairly easy to forget, and these scripts should help us use
Coccinelle more effectively in the future. Closes ticket 31705.
o Minor features (diagnostic):
- Improve assertions and add some memory-poisoning code to try to
track down possible causes of a rare crash (32564) in the EWMA
code. Closes ticket 33290.
o Minor features (directory authorities):
- Directory authorities now reject descriptors from relays running
Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is
still allowed. Resolves ticket 32672. Patch by Neel Chauhan.
o Minor features (Doxygen):
- Update Doxygen configuration file to a more recent template (from
1.8.15). Closes ticket 32110.
- "make doxygen" now works with out-of-tree builds. Closes
ticket 32113.
- Make sure that doxygen outputs documentation for all of our C
files. Previously, some were missing @file declarations, causing
them to be ignored. Closes ticket 32307.
- Our "make doxygen" target now respects --enable-fatal-warnings by
default, and does not warn about items that are missing
documentation. To warn about missing documentation, run configure
with the "--enable-missing-doc-warnings" flag: doing so suspends
fatal warnings for doxygen. Closes ticket 32385.
o Minor features (git scripts):
- Add TOR_EXTRA_CLONE_ARGS to git-setup-dirs.sh for git clone
customisation. Closes ticket 32347.
- Add git-setup-dirs.sh, which sets up an upstream git repository
and worktrees for tor maintainers. Closes ticket 29603.
- Add TOR_EXTRA_REMOTE_* to git-setup-dirs.sh for a custom extra
remote. Closes ticket 32347.
- Call the check_cocci_parse.sh script from the git commit and push
hooks. Closes ticket 31919.
- Make git-push-all.sh skip unchanged branches when pushing to
upstream. The script already skipped unchanged test branches.
Closes ticket 32216.
- Make git-setup-dirs.sh create a master symlink in the worktree
directory. Closes ticket 32347.
- Skip unmodified source files when doing some existing git hook
checks. Related to ticket 31919.
o Minor features (IPv6, client):
- Make Tor clients tell dual-stack exits that they prefer IPv6
connections. This change is equivalent to setting the PreferIPv6
flag on SOCKSPorts (and most other listener ports). Tor Browser
has been setting this flag for some time, and we want to remove a
client distinguisher at exits. Closes ticket 32637.
o Minor features (portability, android):
- When building for Android, disable some tests that depend on $HOME
and/or pwdb, which Android doesn't have. Closes ticket 32825.
Patch from Hans-Christoph Steiner.
o Minor features (relay modularity):
- Split the relay and server pluggable transport config code into
separate files in the relay module. Disable this code when the
relay module is disabled. Closes part of ticket 32213.
- When the relay module is disabled, reject attempts to set the
ORPort, DirPort, DirCache, BridgeRelay, ExtORPort, or
ServerTransport* options, rather than ignoring the values of these
options. Closes part of ticket 32213.
- When the relay module is disabled, change the default config so
that DirCache is 0, and ClientOnly is 1. Closes ticket 32410.
o Minor features (release tools):
- Port our ChangeLog formatting and sorting tools to Python 3.
Closes ticket 32704.
o Minor features (testing):
- The unit tests now support a "TOR_SKIP_TESTCASES" environment
variable to specify a list of space-separated test cases that
should not be executed. We will use this to disable certain tests
that are failing on Appveyor because of mismatched OpenSSL
libraries. Part of ticket 33643.
- Detect some common failure cases for test_parseconf.sh in
src/test/conf_failures. Closes ticket 32451.
- Allow test_parseconf.sh to test expected log outputs for successful
configs, as well as failed configs. Closes ticket 32451.
- The test_parseconf.sh script now supports result variants for any
combination of the optional libraries lzma, nss, and zstd. Closes
ticket 32397.
- When running the unit tests on Android, create temporary files in
a subdirectory of /data/local/tmp. Closes ticket 32172. Based on a
patch from Hans-Christoph Steiner.
o Minor features (usability):
- Include more information when failing to parse a configuration
value. This should make it easier to tell what's going wrong when
a configuration file doesn't parse. Closes ticket 33460.
o Minor bugfix (relay, configuration):
- Warn if the ContactInfo field is not set, and tell the relay
operator that not having a ContactInfo field set might cause their
relay to get rejected in the future. Fixes bug 33361; bugfix
on 0.1.1.10-alpha.
o Minor bugfixes (bridges):
- Lowercase the configured value of BridgeDistribution before adding
it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.
o Minor bugfixes (build system):
- Fix "make autostyle" for out-of-tree builds. Fixes bug 32370;
bugfix on 0.4.1.2-alpha.
o Minor bugfixes (compiler compatibility):
- Avoid compiler warnings from Clang 10 related to the use of GCC-
style "/* falls through */" comments. Both Clang and GCC allow
__attribute__((fallthrough)) instead, so that's what we're using
now. Fixes bug 34078; bugfix on 0.3.1.3-alpha.
- Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix
on 0.4.0.3-alpha.
o Minor bugfixes (configuration handling):
- Make control_event_conf_changed() take in a config_line_t instead
of a smartlist of alternating key/value entries. Fixes bug 31531;
bugfix on 0.2.3.3-alpha. Patch by Neel Chauhan.
- Check for multiplication overflow when parsing memory units inside
configuration. Fixes bug 30920; bugfix on 0.0.9rc1.
- When dumping the configuration, stop adding a trailing space after
the option name when there is no option value. This issue only
affects options that accept an empty value or list. (Most options
reject empty values, or delete the entire line from the dumped
options.) Fixes bug 32352; bugfix on 0.0.9pre6.
- Avoid changing the user's value of HardwareAccel as stored by
SAVECONF, when AccelName is set but HardwareAccel is not. Fixes
bug 32382; bugfix on 0.2.2.1-alpha.
- When creating a KeyDirectory with the same location as the
DataDirectory (not recommended), respect the DataDirectory's
group-readable setting if one has not been set for the
KeyDirectory. Fixes bug 27992; bugfix on 0.3.3.1-alpha.
o Minor bugfixes (continuous integration):
- Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix
on 0.3.2.2-alpha.
o Minor bugfixes (controller protocol):
- When receiving "ACTIVE" or "DORMANT" signals on the control port,
report them as SIGNAL events. Previously we would log a bug
warning. Fixes bug 33104; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (controller):
- In routerstatus_has_changed(), check all the fields that are
output over the control port. Fixes bug 20218; bugfix
on 0.1.1.11-alpha.
o Minor bugfixes (developer tools):
- Allow paths starting with ./ in scripts/add_c_file.py. Fixes bug
31336; bugfix on 0.4.1.2-alpha.
o Minor bugfixes (dirauth module):
- Split the dirauth config code into a separate file in the dirauth
module. Disable this code when the dirauth module is disabled.
Closes ticket 32213.
- When the dirauth module is disabled, reject attempts to set the
AuthoritativeDir option, rather than ignoring the value of the
option. Fixes bug 32213; bugfix on 0.3.4.1-alpha.
o Minor bugfixes (embedded Tor):
- When starting Tor any time after the first time in a process,
register the thread in which it is running as the main thread.
Previously, we only did this on Windows, which could lead to bugs
like 23081 on non-Windows platforms. Fixes bug 32884; bugfix
on 0.3.3.1-alpha.
o Minor bugfixes (git scripts):
- Avoid sleeping before the last push in git-push-all.sh. Closes
ticket 32216.
- Forward all unrecognised arguments in git-push-all.sh to git push.
Closes ticket 32216.
o Minor bugfixes (key portability):
- When reading PEM-encoded key data, tolerate CRLF line-endings even
if we are not running on Windows. Previously, non-Windows hosts
would reject these line-endings in certain positions, making
certain key files hard to move from one host to another. Fixes bug
33032; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (logging):
- Stop truncating IPv6 addresses and ports in channel and connection
logs. Fixes bug 33918; bugfix on 0.2.4.4-alpha.
- Flush stderr, stdout, and file logs during shutdown, if supported
by the OS. This change helps make sure that any final logs are
recorded. Fixes bug 33087; bugfix on 0.4.1.6.
- Stop closing stderr and stdout during shutdown. Closing these file
descriptors can hide sanitiser logs. Fixes bug 33087; bugfix
on 0.4.1.6.
- If we encounter a bug when flushing a buffer to a TLS connection,
only log the bug once per invocation of the Tor process.
Previously we would log with every occurrence, which could cause
us to run out of disk space. Fixes bug 33093; bugfix
on 0.3.2.2-alpha.
- When logging a bug, do not say "Future instances of this warning
will be silenced" unless we are actually going to silence them.
Previously we would say this whenever a BUG() check failed in the
code. Fixes bug 33095; bugfix on 0.4.1.1-alpha.
o Minor bugfixes (onion services v2):
- Move a series of v2 onion service warnings to protocol-warning
level because they can all be triggered remotely by a malformed
request. Fixes bug 32706; bugfix on 0.1.1.14-alpha.
- When sending the INTRO cell for a v2 Onion Service, look at the
failure cache alongside timeout values to check if the intro point
is marked as failed. Previously, we only looked at the relay
timeout values. Fixes bug 25568; bugfix on 0.2.7.3-rc. Patch by
Neel Chauhan.
o Minor bugfixes (onion services v3):
- Remove a BUG() warning that would cause a stack trace if an onion
service descriptor was freed while we were waiting for a
rendezvous circuit to complete. Fixes bug 28992; bugfix
on 0.3.2.1-alpha.
- Relax severity of a log message that can appear naturally when
decoding onion service descriptors as a relay. Also add some
diagnostics to debug any future bugs in that area. Fixes bug
31669; bugfix on 0.3.0.1-alpha.
- Fix an assertion failure that could result from a corrupted
ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
bugfix on 0.3.3.1-alpha. This issue is also tracked
as TROVE-2020-003.
- Properly handle the client rendezvous circuit timeout. Previously
Tor would sometimes timeout a rendezvous circuit awaiting the
introduction ACK, and find itself unable to re-establish all
circuits because the rendezvous circuit timed out too early. Fixes
bug 32021; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (onion services):
- Do not rely on a "circuit established" flag for intro circuits but
instead always query the HS circuit map. This is to avoid sync
issue with that flag and the map. Fixes bug 32094; bugfix
on 0.3.2.1-alpha.
o Minor bugfixes (onion services, all):
- In cancel_descriptor_fetches(), use
connection_list_by_type_purpose() instead of
connection_list_by_type_state(). Fixes bug 32639; bugfix on
0.3.2.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (pluggable transports):
- When receiving a message on standard error from a pluggable
transport, log it at info level, rather than as a warning. Fixes
bug 33005; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (rust, build):
- Fix a syntax warning given by newer versions of Rust that was
creating problems for our continuous integration. Fixes bug 33212;
bugfix on 0.3.5.1-alpha.
o Minor bugfixes (scripts):
- Fix update_versions.py for out-of-tree builds. Fixes bug 32371;
bugfix on 0.4.0.1-alpha.
o Minor bugfixes (testing):
- Use the same code to find the tor binary in all of our test
scripts. This change makes sure we are always using the coverage
binary when coverage is enabled. Fixes bug 32368; bugfix
on 0.2.7.3-rc.
- Stop ignoring "tor --dump-config" errors in test_parseconf.sh.
Fixes bug 32468; bugfix on 0.4.2.1-alpha.
- Our option-validation tests no longer depend on specially
configured non-default, non-passing sets of options. Previously,
the tests had been written to assume that options would _not_ be
set to their defaults, which led to needless complexity and
verbosity. Fixes bug 32175; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (TLS bug handling):
- When encountering a bug in buf_read_from_tls(), return a "MISC"
error code rather than "WANTWRITE". This change might help avoid
some CPU-wasting loops if the bug is ever triggered. Bug reported
by opara. Fixes bug 32673; bugfix on 0.3.0.4-alpha.
o Deprecated features:
- Deprecate the ClientAutoIPv6ORPort option. This option was not
true "Happy Eyeballs", and often failed on connections that
weren't reliably dual-stack. Closes ticket 32942. Patch by
Neel Chauhan.
o Documentation:
- Provide a quickstart guide for a Circuit Padding Framework, and
documentation for researchers to implement and study circuit
padding machines. Closes ticket 28804.
- Add documentation in 'HelpfulTools.md' to describe how to build a
tag file. Closes ticket 32779.
- Create a high-level description of the long-term software
architecture goals. Closes ticket 32206.
- Describe the --dump-config command in the manual page. Closes
ticket 32467.
- Unite coding advice from this_not_that.md in torguts repo into our
coding standards document. Resolves ticket 31853.
o Removed features:
- Our Doxygen configuration no longer generates LaTeX output. The
reference manual produced by doing this was over 4000 pages long,
and generally unusable. Closes ticket 32099.
- The option "TestingEstimatedDescriptorPropagationTime" is now
marked as obsolete. It has had no effect since 0.3.0.7, when
clients stopped rejecting consensuses "from the future". Closes
ticket 32807.
- We no longer support consensus methods before method 28; these
methods were only used by authorities running versions of Tor that
are now at end-of-life. In effect, this means that clients,
relays, and authorities now assume that authorities will be
running version 0.3.5.x or later. Closes ticket 32695.
o Testing:
- Avoid conflicts between the fake sockets in tor's unit tests, and
real file descriptors. Resolves issues running unit tests with
GitHub Actions, where the process that embeds or launches the
tests has already opened a large number of file descriptors. Fixes
bug 33782; bugfix on 0.2.8.1-alpha. Found and fixed by
Putta Khunchalee.
- Add more test cases for tor's UTF-8 validation function. Also,
check the arguments passed to the function for consistency. Closes
ticket 32845.
- Improve test coverage for relay and dirauth config code, focusing
on option validation and normalization. Closes ticket 32213.
- Improve the consistency of test_parseconf.sh output, and run all
the tests, even if one fails. Closes ticket 32213.
- Run the practracker unit tests in the pre-commit git hook. Closes
ticket 32609.
o Code simplification and refactoring (channel):
- Channel layer had a variable length cell handler that was not used
and thus removed. Closes ticket 32892.
o Code simplification and refactoring (configuration):
- Immutability is now implemented as a flag on individual
configuration options rather than as part of the option-transition
checking code. Closes ticket 32344.
- Instead of keeping a list of configuration options to check for
relative paths, check all the options whose type is "FILENAME".
Solves part of ticket 32339.
- Our default log (which ordinarily sends NOTICE-level messages to
standard output) is now handled in a more logical manner.
Previously, we replaced the configured log options if they were
empty. Now, we interpret an empty set of log options as meaning
"use the default log". Closes ticket 31999.
- Remove some unused arguments from the options_validate() function,
to simplify our code and tests. Closes ticket 32187.
- Simplify the options_validate() code so that it looks at the
default options directly, rather than taking default options as an
argument. This change lets us simplify its interface. Closes
ticket 32185.
- Use our new configuration architecture to move most authority-
related options to the directory authority module. Closes
ticket 32806.
- When parsing the command line, handle options that determine our
"quiet level" and our mode of operation (e.g., --dump-config and
so on) all in one table. Closes ticket 32003.
o Code simplification and refactoring (controller):
- Create a new abstraction for formatting control protocol reply
lines based on key-value pairs. Refactor some existing control
protocol code to take advantage of this. Closes ticket 30984.
- Create a helper function that can fetch network status or
microdesc consensuses. Closes ticket 31684.
o Code simplification and refactoring (dirauth modularization):
- Remove the last remaining HAVE_MODULE_DIRAUTH inside a function.
Closes ticket 32163.
- Replace some confusing identifiers in process_descs.c. Closes
ticket 29826.
- Simplify some relay and dirauth config code. Closes ticket 32213.
o Code simplification and refactoring (mainloop):
- Simplify the ip_address_changed() function by removing redundant
checks. Closes ticket 33091.
o Code simplification and refactoring (misc):
- Make all the structs we declare follow the same naming convention
of ending with "_t". Closes ticket 32415.
- Move and rename some configuration-related code for clarity.
Closes ticket 32304.
- Our include.am files are now broken up by subdirectory.
Previously, src/core/include.am covered all of the subdirectories
in "core", "feature", and "app". Closes ticket 32137.
- Remove underused NS*() macros from test code: they make our tests
more confusing, especially for code-formatting tools. Closes
ticket 32887.
o Code simplification and refactoring (relay modularization):
- Disable relay_periodic when the relay module is disabled. Closes
ticket 32244.
- Disable relay_sys when the relay module is disabled. Closes
ticket 32245.
o Code simplification and refactoring (tool support):
- Add numerous missing dependencies to our include files, so that
they can be included in different reasonable orders and still
compile. Addresses part of ticket 32764.
- Fix some parts of our code that were difficult for Coccinelle to
parse. Related to ticket 31705.
- Fix some small issues in our code that prevented automatic
formatting tools from working. Addresses part of ticket 32764.
o Documentation (manpage):
- Alphabetize the Server and Directory server sections of the tor
manpage. Also split Statistics options into their own section of
the manpage. Closes ticket 33188. Work by Swati Thacker as part of
Google Season of Docs.
- Document the __OwningControllerProcess torrc option and specify
its polling interval. Resolves issue 32971.
- Split "Circuit Timeout" options and "Node Selection" options into
their own sections of the tor manpage. Closes tickets 32928 and
32929. Work by Swati Thacker as part of Google Season of Docs.
- Alphabetize the Client Options section of the tor manpage. Closes
ticket 32846.
- Alphabetize the General Options section of the tor manpage. Closes
ticket 32708.
- In the tor(1) manpage, reword and improve formatting of the
COMMAND-LINE OPTIONS and DESCRIPTION sections. Closes ticket
32277. Based on work by Swati Thacker as part of Google Season
of Docs.
- In the tor(1) manpage, reword and improve formatting of the FILES,
SEE ALSO, and BUGS sections. Closes ticket 32176. Based on work by
Swati Thacker as part of Google Season of Docs.
o Testing (Appveyor CI):
- In our Appveyor Windows CI, copy required DLLs to test and app
directories, before running tor's tests. This ensures that tor.exe
and test*.exe use the correct version of each DLL. This fix is not
required, but we hope it will avoid DLL search issues in future.
Fixes bug 33673; bugfix on 0.3.4.2-alpha.
- On Appveyor, skip the crypto/openssl_version test, which is
failing because of a mismatched library installation. Fix
for 33643.
o Testing (circuit, EWMA):
- Add unit tests for circuitmux and EWMA subsystems. Closes
ticket 32196.
o Testing (Travis CI):
- Remove a redundant distcheck job. Closes ticket 33194.
- Sort the Travis jobs in order of speed: putting the slowest jobs
first takes full advantage of Travis job concurrency. Closes
ticket 33194.
- Stop allowing the Chutney IPv6 Travis job to fail. This job was
previously configured to fast_finish (which requires
allow_failure), to speed up the build. Closes ticket 33195.
- When a Travis chutney job fails, use chutney's new "diagnostics.sh"
tool to produce detailed diagnostic output. Closes ticket 32792.
upstream changes:
-----------------
v1.5.0
This release changes the default location for the index database under
some circumstances. Two new flags can also be used to affect the
location of the configuration (-config) and database (-data)
separately. The old -home flag is equivalent to setting both of these
to the same directory. When no flags are given the following logic is
used to determine the data location:
If a database exists in the old default location, that location is
still used. This means existing installations are not affected by this
change.
If $XDG_DATA_HOME is set, use $XDG_DATA_HOME/syncthing.
If ~/.local/share/syncthing exists, use that location.
Use the old default location.
This logic is used on non-Windows, non-Mac platforms only. On Windows
and Mac the logic is unchanged.
Bugfixes:
#3808: gui: Number of days must be number flashes red then disappears
#5809: stdiscosrv failed to load keypair without proper error message
#6410: Wrong 30-days-interval in staggered versioning
#6430: Incorrect out-of-sync/locally changed status indication on folders
#6436: Revert Local Changes red button does not work correctly
#6440: Doesn't run monitor process when started with STNORESTART=1
#6450: LDAP auth doesn't handle LDAPS with certificate validation
#6487: Scan problem within single unignored subdirectory prevents bidirectional sync
Enhancements:
#4924: Move index db to $XDG_DATA_HOME/syncthing/
#5376: Improve LDAP authentication
#6384: Do auto upgrades early and synchronously on startup
#6416: Improve device status for "unused" devices
#6432: Deleted file that existed locally only reported as locally changed
#6437: Don't start browser when restarting after upgrade
Other issues:
#6471: Windows exe isn't properly version tagged
0.2.0
Allow migration from Tor to Onionbalance by reading tor private keys directly using the ‘key’ directive in the YAML config file. Also update onionbalance-config to support that.
Improve onionbalance-config for v3 onions. Simplify the output directory (and change docs to reflect so) and the wizard suggestions.
0.1.9
Initial support for v3 onions!
1.18.57
api-change:ec2: Update ec2 command to latest version
api-change:codeguru-reviewer: Update codeguru-reviewer command to latest version
api-change:kendra: Update kendra command to latest version
1.18.56
api-change:resourcegroupstaggingapi: Update resourcegroupstaggingapi command to latest version
api-change:sagemaker: Update sagemaker command to latest version
api-change:guardduty: Update guardduty command to latest version
1.18.55
api-change:ssm: Update ssm command to latest version
api-change:appconfig: Update appconfig command to latest version
api-change:logs: Update logs command to latest version
api-change:codebuild: Update codebuild command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:lightsail: Update lightsail command to latest version
api-change:route53: Update route53 command to latest version
1.18.54
api-change:codestar-connections: Update codestar-connections command to latest version
api-change:comprehendmedical: Update comprehendmedical command to latest version
1.18.53
api-change:ec2: Update ec2 command to latest version
api-change:ssm: Update ssm command to latest version
api-change:support: Update support command to latest version
1.18.52
api-change:s3control: Update s3control command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:apigateway: Update apigateway command to latest version
1.18.51
api-change:ssm: Update ssm command to latest version
api-change:efs: Update efs command to latest version
1.18.50
api-change:iot: Update iot command to latest version
api-change:lambda: Update lambda command to latest version
api-change:storagegateway: Update storagegateway command to latest version
api-change:schemas: Update schemas command to latest version
api-change:iotevents: Update iotevents command to latest version
api-change:mediaconvert: Update mediaconvert command to latest version
1.13.7
api-change:kendra: [botocore] Update kendra client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:codeguru-reviewer: [botocore] Update codeguru-reviewer client to latest version
1.13.6
api-change:sagemaker: [botocore] Update sagemaker client to latest version
api-change:guardduty: [botocore] Update guardduty client to latest version
api-change:resourcegroupstaggingapi: [botocore] Update resourcegroupstaggingapi client to latest version
1.13.5
api-change:ssm: [botocore] Update ssm client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:lightsail: [botocore] Update lightsail client to latest version
api-change:route53: [botocore] Update route53 client to latest version
api-change:appconfig: [botocore] Update appconfig client to latest version
api-change:logs: [botocore] Update logs client to latest version
1.13.4
api-change:codestar-connections: [botocore] Update codestar-connections client to latest version
api-change:comprehendmedical: [botocore] Update comprehendmedical client to latest version
1.13.3
api-change:support: [botocore] Update support client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.13.2
api-change:apigateway: [botocore] Update apigateway client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:s3control: [botocore] Update s3control client to latest version
1.13.1
api-change:efs: [botocore] Update efs client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
1.13.0
api-change:schemas: [botocore] Update schemas client to latest version
api-change:iot: [botocore] Update iot client to latest version
api-change:lambda: [botocore] Update lambda client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
api-change:iotevents: [botocore] Update iotevents client to latest version
feature:Exceptions: [botocore] Added support for parsing modeled exception fields.
api-change:mediaconvert: [botocore] Update mediaconvert client to latest version
1.16.7
api-change:kendra: Update kendra client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:codeguru-reviewer: Update codeguru-reviewer client to latest version
1.16.6
api-change:sagemaker: Update sagemaker client to latest version
api-change:guardduty: Update guardduty client to latest version
api-change:resourcegroupstaggingapi: Update resourcegroupstaggingapi client to latest version
1.16.5
api-change:ssm: Update ssm client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:lightsail: Update lightsail client to latest version
api-change:route53: Update route53 client to latest version
api-change:appconfig: Update appconfig client to latest version
api-change:logs: Update logs client to latest version
1.16.4
api-change:codestar-connections: Update codestar-connections client to latest version
api-change:comprehendmedical: Update comprehendmedical client to latest version
1.16.3
api-change:support: Update support client to latest version
api-change:ssm: Update ssm client to latest version
api-change:ec2: Update ec2 client to latest version
1.16.2
api-change:apigateway: Update apigateway client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:s3control: Update s3control client to latest version
1.16.1
api-change:efs: Update efs client to latest version
api-change:ssm: Update ssm client to latest version
1.16.0
api-change:schemas: Update schemas client to latest version
api-change:iot: Update iot client to latest version
api-change:lambda: Update lambda client to latest version
api-change:storagegateway: Update storagegateway client to latest version
api-change:iotevents: Update iotevents client to latest version
feature:Exceptions: Added support for parsing modeled exception fields.
api-change:mediaconvert: Update mediaconvert client to latest version
These PLIST files have been autogenerated by mk/haskell.mk using
HS_UPDATE_PLIST=yes during a bulk build. They will help to track changes
to the packages. The Haskell packages didn't have PLIST files because
their paths contained package hashes. These hashes are now determined by
mk/haskell.mk, which makes it easy to generate easy to read PLIST files.
Changes:
20200508
--------
Core
* [downloader/http] Request last data block of exact remaining size
* [downloader/http] Finish downloading once received data length matches
expected
* [extractor/common] Use compat_cookiejar_Cookie for _set_cookie to always
ensure cookie name and value are bytestrings on python 2 (#23256, #24776)
+ [compat] Introduce compat_cookiejar_Cookie
* [utils] Improve cookie files support
+ Add support for UTF-8 in cookie files
* Skip malformed cookie file entries instead of crashing (invalid entry
length, invalid expires at)
Extractors
* [youtube] Improve signature cipher extraction (#25187, #25188)
* [iprima] Improve extraction (#25138)
* [uol] Fix extraction (#22007)
+ [orf] Add support for more radio stations (#24938, #24968)
* [dailymotion] Fix typo
- [puhutv] Remove no longer available HTTP formats (#25124)
StatZone is a DNS zone file analyzer targeted at TLD zones.
After analyzing a zone, it returns counts for: IPv4 and IPv6 glue records,
NS records (total and uniques), DS records, DNSSEC signed domains, IDNs
domains, and total number of domains.
The free DB-IP IP to ASN Lite database is a subset of the IP to ISP
database with reduced coverage and accuracy distributed under the Creative
Commons Attribution License.
v3.3.22
Additional security to prevent unexpected DNS change
prevent merge issues
make the pylint happy
some more pylint fixes
Fix lint
Finish the new implementation
Fix lint
v3.3.21
With apologies to the linter
Update and fix tests
Fix lint
v3.3.20
Fix lint error
Adding a new hetzner provider compatible with dns.hetzner.com
0.2.0:
* Fix <calendar-data> subelement filtering.
* Skip non-calendar files for calendar-query operations.
* Switch to using aiohttp rather than uWSGI.
* Query component's SUMMARY in ICalendarFile.describe().
* Add /metrics support.
* Drop support for Python 3.4, add support for 3.8.
Bug fixes:
6622 Language files not updated during build
6611 Mismatched TLS SHA fingerprint types
6608 TLS certificate is not created on Windows
6593 Non-ASCII characters replaced with ? on client
4288 Using print screen key also sends alt key
4 Quote chars broken on US-International keyboard
Enhancements:
6632 Support for building with LibreSSL
6396 Black and white icons for macOS toolbar
pkgsrc changes:
- remove leftover (should be done on 3.3.0) from Makefile
- explicitly specify required versions of vala and glib2 per README.md
Upstream changes:
* 3.4.4 (2020/05/01)
fix unexpected exit on receiving SIGWINCH on Linux.
adjust drawing of contiguous retweets.
extend timeout to determine SIXEL support.
change behavior of --token option.
misc modifications around logs.
Update ruby-dnsruby to 1.61.3.
pkgsrc changes
* Add missing dependency to net/ruby-addressable.
* add "USE_LANGUAGES= # none".
No release note is available but a several bug fixes.
Update ruby-amq-protocol to 2.3.1.
## Changes between 2.3.0 and 2.3.1 (April 8th, 2020)
### Support for connection.update-secret
Used together with the `rabbitmq-auth-backend-oauth2` plugin.
### Squashed a gemspec Warning
GitHub issue: [ruby-amqp/amq-protocol#75](https://github.com/ruby-amqp/amq-protocol/issues/75).
Impacket is a collection of Python classes for working with network
protocols. Impacket is mostly focused on providing low-level
programmatic access to the packets, however some protocols (for
instance NMB and SMB) are implemented in a higher level as a
foundation for other protocols. Packets can be constructed from
scratch, as well as parsed from raw data, and the object oriented
API makes it simple to work with deep hierarchies of protocols.
Impacket is most useful when used together with a packet capture
utility or package such as Pcapy, an object oriented Python extension
for capturing network packets.
In an Active Directory domain, a lot of interesting information can be
retrieved via LDAP by any authenticated user (or machine). This makes
LDAP an interesting protocol for gathering information in the recon
phase of a pentest of an internal network. A problem is that data from
LDAP often is not available in an easy to read format.
ldapdomaindump is a tool which aims to solve this problem, by
collecting and parsing information available via LDAP and outputting
it in a human readable HTML format, as well as machine readable json
and csv/tsv/greppable files.
The tool was designed with the following goals in mind:
- Easy overview of all users/groups/computers/policies in the domain
- Authentication both via username and password, as with NTLM hashes
(requires ldap3 >=1.3.1)
- Possibility to run the tool with an existing authenticated
connection to an LDAP service, allowing for integration with
relaying tools such as impackets ntlmrelayx
The tool outputs several files containing an overview of objects in
the domain:
- domain_groups: List of groups in the domain
- domain_users: List of users in the domain
- domain_computers: List of computer accounts in the domain
- domain_policy: Domain policy such as password requirements and
lockout policy
- domain_trusts: Incoming and outgoing domain trusts, and their
properties
As well as two grouped files:
- domain_users_by_group: Domain users per group they are member of
- domain_computers_by_os: Domain computers sorted by Operating System
dnspython is a DNS toolkit for Python. It supports almost all record
types. It can be used for queries, zone transfers, and dynamic
updates. It supports TSIG authenticated messages and EDNS0.
dnspython provides both high and low level access to DNS. The high
level classes perform queries for data of a given name, type, and
class, and return an answer set. The low level classes allow direct
manipulation of DNS zones, messages, names, and records.
dnspython is a utility to work with DNS, /etc/hosts is thus not
used. For simple forward DNS lookups, it's better to use
socket.gethostbyname().
dnspython originated at Nominum where it was developed to facilitate
the testing of DNS software.
