Briefly, 2.51 is current, 2.48 is old but not ridiculously so, and
2.32 and 2.40 are likely not in use. Point out that old versions are
present because unison does not interoperate across versions.
* NetBSD: Can be build without ARP support but listen to kernel DaD
* ND6: Removed NA support from SMALL builds
* ND6: Remove and warn about NA on OS's other than NetBSD and Linux
* script: tmp files are removed for systems without open_memstream(3)
* configure: open_memstream(3) detected on recent glibc
* DHCP: Avoid duplicate read of UDP socket when BPF is also open
* IP: Avoid adding address if already exists on OS other than Linux
* IP6: Avoid adding address is already exists on Solaris
* route: Fixed a NULL de-reference error on static routes
* DHCP6: Move to REQUEST if any IA has no-binding in REWNEW/REBIND
* DragonFlyBSD: Now compiles and works for
* IP: Accept packets with IP header options
Changes:
The feature-bind branch is still not ready, so here's more bug-fixes and
pull requests merged.
Please consider donating (https://rakshasa.github.io/rtorrent/donate.html)
to help fund the development of this client.
* Close log files when reusing a name. (pyroscope)
* Increased max timeout for tracker requests.
* Set max piece size 512mb.
* Switch to C++11 MRT RNG for random bytes. (lps-rocks)
* Added support for openssl 1.1.
* Fix honoring throttle.min_peers* settings in rtorrent. (chros)
* Improved failed tracker bencode parsing. (chros)
* Added example rtorrent.rc. (g0tmi1k)
* Added a temporary name filter. (Toff)
* Added 'log.close' command.
* Added 'd.tracker_announce.force' command.
* Added 'event.system.startup_done/shutdown' commands/events. (chros)
* Added 'd.custom.if_z' command. (pyroscope)
* Added 'd.multicall.filtered' command. (pyroscope)
* Added 'event.view.hide/show' commands. (pyroscope)
Changes:
* Fixes for UTF-8 encoding of CSV output
* Ensure the UTC ISO8601 date includes a Z offset
* Fix calculation of uploads to perform per size
* Pre-allocate upload data, but allow to disable pre-allocation, for memory limited devices
* Support using --csv-delimiter with --csv-header
* Redesigned Python API
* Add option to exclude servers, and allow --server and --exclude to be specified multiple times
* Address Exception issues
* Print errors to stderr
* Remove deprecated speedtest_cli.py
* Handle malformed XML responses
* Ensure --share works with --csv
* Fix SSL communication during latency tests on python 2.6 and older
* Handle error where latitude and longitude from config are invalid
* Ensure we are utilizing the context created by HTTPSConnection, or falling back to ssl.
* Automatically resolve .best property
* Pass Content-Length header with POST requests
* Fix install instructions with git clone
* Add functionality for single threaded testing
* Add debug support to show if a URL request resulted in a redirect
* Add the python version to the version output
* Switch from platform.system to platform.platform when building the User-Agent header
* Don't pass server_hostname to ssl.wrap_socket
* ensure ERROR doesn't print an empty string
* Fix SSL support on Python2.4 and Python2.5
This is a re-import of net/unison, but with all paths changed from
"unison" to "unison-2.48". This way, you can install it in parallel
with unison2.51. Run unison-2.48 with "-addversionno" to run
the appropriate unison binary on the other side.
Unison is a file-synchronization tool for Unix and Windows. It allows
two replicas of a collection of files and directories to be stored
on different hosts (or different disks on the same host), modified
separately, and then brought up to date by propagating the changes
in each replica to the other.
This package contains the outdated 2.48 release.
Pkgsrc changes:
* Adapt to patches adopted upstream.
Upstream changes:
* bugfix: Manage verification paths for OpenSSL >= 1.1.0
Thanks Marco Davids
* bugfix #4106: find the SDK on MacOS X <= 10.6
Thanks Bill Cole
* bugfix #4155: ldns-config contains never used variables
Thanks Petr Men#ík
* bugfix #4221: drill -x crashes with malformed IPv4 address
Thanks Oleksandr Tymoshenko
* bugfix #3437: CDS & CDNSKEY RRsets should be signed with the KSK
Thanks Tony Finch
* bugfix #1566, #1568, #1569, #1570: Potential NULL Dereferences
Thanks Bill Parker
* bugfix #1260: Anticipate strchr returning NULL on unfound char
Thanks Stephan Zeisberg
* bugfix #1257: Free after reallocing to 0 size
Thanks Stephan Zeisberg
* bugfix #1256: Check parse limit before t increment
Thanks Stephan Zeisberg
* bugfix #1245: Only one signature per RRset needs to be valid with
ldns-verify-zone. Thanks Emil Natan.
* ldns-notify can use all supported hash algorithms with -y.
* bugfix #1209: make install ldns.pc file
Thanks Oleksandr Natalenko
* bugfix #1218: Only chase DS if signer is parent of owner.
Thanks Emil Natan
* bugfix #617: Retry WKS service and protocol names lower case.
Thanks Siali Yan
* Spelling errors in binaries and man pages
Thanks Andreas Schulze
* removed duplicate condition in ldns_udp_send_query.
* ldns_wire2pkt: fix null pointer dereference if pkt allocation fails
and fix memory leak with more EDNS sections
Thanks Jan Vcelak
* bugfix #1399: ldns_pkt2wire() Python binding is broken.
Thanks James Raftery
* ED25519 and ED448 support. Default is to autodetect support in
OpenSSL. Disable with --disable-ed25519 and --disable-ed448.
* ldns-notify: can have IPv6 address as argument.
* Fix time sensitive TSIG compare vulnerability.
* Fix that ldns-testns ignores sigpipe.
* Fix that ldns-notify sets the query RR as question RR, this
removes the wrong TTL and 0 rdata from the packet printout.
* Allow -T flag to be used together with drill -x
* Python bindings compile with swig 4.0
Thanks Jitka Plesníková
* bugfix #4248: drill -DT fails for CNAME domain
Thanks Thom Wiggers
* bugfix #4214: Various fixes and leaks found by coverity.
Thanks Petr Men#ík
* Feature #3394: An -I option to ldns-notify to specify a source
IP address to send to notify from. Thanks Geert Hendrickx
* Bugfix #279: New API functions ldns_udp_connect2,
ldns_tcp_connect2, ldns_udp_bgsend2 and ldns_tcp_bgsend2,
that return -1 on failure and allow socket number 0
to be returned too. Thanks Joerg Sonnenberger
* Bugfix #1447: More verbose reporting of chasing problems with
ldns-verify-zone. Thanks Stephane Guedon
* OpenSSL engine support with ldns-signzone.
See also https://penzin.net/ldns-signzone/
Many thanks Vadim Penzin.
* Various improvements found with shellcheck.
Thanks Jeffrey Walton
* PR #36 Update manpage of ldns-notify to mention algorithm
support with TSIG. Thanks Anand Buddhdev
* Compile warnings with signed char input to to_lower()
and is_digit() with NetBSD. Thanks Håvard Eidnes
* Missing Makefile.PL in DNS-LDNS perl module contribution.
Thanks Jaap Akkerhuis
* ARP now supports many requests
* Routing tables now use Red-Black Trees
* Script variables are no longer allocated manually
* DHCP addresses are added with vltime of the lease time and pltime
of the rebind time (Linux only)
Changes:
2.12.3
------
* Allow hub use within GitHub Actions by specifying GITHUB_USER
* Show friendlier error message when GITHUB_TOKEN is set, but fetching
the current user fails
Backport upstream commit 106948d996d74bf5ff7e3511f35eefea0a90561f
(except setup.py change) to fix support with py-wsproto 0.13.0 and newer.
PKGREVISION++
The Paho Python Client provides a client class with support for both
MQTT v3.1 and v3.1.1 on Python 2.7 or 3.x. It also provides some
helper functions to make publishing one off messages to an MQTT server
very straightforward.
Packaged in wip by Kamel Derouiche.
Changes:
Fix building against LibreSSL (#284, #486, #570)
Fix building against mbedTLS (#115, #528)
Fix torrents ETA calculation (#522)
Fix cross-compilation issues caused by miniupnpc configuration test (#475)
Qt Client
Fix bad downloaded percentage in DetailsDialog (#547)
Web Client
Fix tracker error XSS in inspector (CVE pending; found by Rory McNamara of Gotham Digital Science)
Fix torrent name HTML-escaping in trackers inspector tab
(nb4 because wip is nb4)
Eclipse Mosquitto is an open source (EPL/EDL licensed) message broker that
implements the MQTT protocol versions 3.1 and 3.1.1 MQTT provides a
lightweight method of carrying out messaging using a publish/subscribe model.
This makes it suitable for "Internet of Things" messaging such as with low power
sensors or mobile devices such as phones, embedded computers or
microcontrollers like the Arduino.
3.43.0 (2019-06-27)
! Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands.
- Added a second layer of authentication to the update mechanism
3.43.0-rc2 (2019-06-21)
- Rebuilt against libfilezilla 0.17.1
3.43.0-rc1 (2019-06-19)
- macOS: Minimum required macOS version has been increased to 10.11 (El Capitan)
- *nix: Official Linux binaries are now built for Debian 10 (Buster)
- Building FileZilla now requires a C++17 compiler
- Building and running FileZilla now depends on libfilezilla >= 0.17.0 (https://lib.filezilla-project.org/)
- When using SFTP, fix fallback to password authentication on a server refusing a password-protected key
- Fix HTTP proxy support
- *nix: Improve resolution of program icon
0.17.1 (2019-06-21)
+ Added support for detached signatures
- Fixed crash if using the system trust store
0.17.0 (2019-06-17)
+ libfilezilla now requires C++17
+ Changed a lot of functions to use std::string_view
+ Added fz::socket_layer as base class for layers on top of sockets
+ Added fz::tls_layer, a Transport Layer Security layer, requiring GnuTLS 3.5.7 or later
+ Added fz::translate for gettext-style translatable strings. GNU Gettext is now a built-time (but not runtime) dependency
+ Added fz::bitscan and fz::bitscan_reverse to get the index of least and most significant bit set
+ Added fz::logger_interface as a base for logging system
- *nix: Small speed-up of fz::local_filesys through the use of fstatat()
Upstream changes:
mikutter 3.9.1
* print Mastodon server domains with Numeronym shortening method
as respect to iMast
* [mastodon] icon is not shown on Messages replied by user even if
"Show lock icon on protected Tweets" is enabled in display preference
* [mastodon] create tabs for home timeline, mentions, and LTL on
creating account
* make '=' etc. usable as implemented in Yukari
* [modelviewer] modelviewer_models filter, that enumerates specs of Models
that have viewer definitions
Changes:
1.9.0
-----
### Additions
- Support for
- `erolord` (#326)
- Add login support for `instagram` (#195)
- Add `--no-download` and `extractor.*.download` disable file downloads (#220)
- Add `-A/--abort` to specify the number of consecutive download skips before
aborting
- Interpret `-1` as infinite retries (#300)
- Implement custom log message formats per log-level (#304)
- Implement an `mtime` post-processor that sets file modification times
according to metadata fields (#332)
- Implement a `twitter.content` option to enable tweet text extraction
(#333, #338)
- Enable `date-min/-max/-format` options for `tumblr` (#337)
### Changes
- Set file modification times according to their `Last-Modified` header when
downloading (#236, #277)
- Use `--no-mtime` or `downloader.*.mtime` to disable this behavior
- Duplicate download URLs are no longer silently ignored (controllable with
`extractor.*.image-unique`)
- Deprecate `--abort-on-skip`
### Fixes
- Retry downloads on OpenSSL exceptions (#324)
- Ignore unavailable pins on `sexcom` instead of raising an exception (#325)
- Use Firefox's SSL/TLS ciphers to prevent Cloudflare CAPTCHAs (#342)
- Improve folder name matching on `deviantart` (#343)
- Forward cookies to `youtube-dl` to allow downloading private videos
- Miscellaneous fixes for `35photo`, `500px`, `newgrounds`, `simplyhentai`
- Added --release-check option to check for new releases
- If used on the command line (get_iplayer --release-check) an immediate check is made.
- If added to preferences (get_iplayer --prefs-add --release-check) a weekly check is made. The modification time on the "release_check" file in your profile directory is used to determine when a check is due.
- Accesses release feeds from GitHub repositories.
- get_iplayer is NOT automatically updated with --release-check . It only prints a message notifying you that a new release is available.
- Added --cuesheet and --cuesheet-only options to download track information in the form of a cue sheet (.cue file).
- Applies to radio programmes only. Only useful with radio programmes that publish track lists on BBC site.
- You cannot assume cue sheets to be accurate since track data is often wrong. You must correct cue sheets as needed if you use them to play back or edit downloaded programmes.
- get_iplayer makes no attempt to identify air breaks between tracks. You must set track end times manually if you use cue sheets to edit downloaded programmes.
- You will need to add a UTF-8 BOM (byte order mark) to cue sheets so that non-ASCII characters are displayed properly in some applications, e.g., foobar2000. This can be done with any capable text editor, or in the Notepad "Save" dialog with Encoding = "UTF-8 with BOM" (Windows 10) or Encoding = "UTF-8" (Windows 7).
- --subs-embed now implies --subs-mono. If you use --subs-embed, you no longer need to use --subs-mono.
- Embedded subtitles are rendered in a single colour, so this change ensures that embedded subtitles have leading hyphens to denote changes of speaker.
- This change also ensures that the external SRT file is formatted the same as the embedded subtitles. If you wish to create an external SRT file with colour subtitles along with embedded subtitles, use --subtitles-only --no-subs-embed --no-subs-mono --overwrite to re-download colour subtitles and replace the SRT file.
- Added --metadata=json option to create metadata file in JSON format (.json file). Content is the same as default XML-format metadata files (produced by --metadata without format value specified).
- Added --pid-recursive-type option to limit recursive downloads to programmes of specified type (radio or tv) when series includes both radio and TV programmes. Option value is not reflected in listings from --pid-recursive-list, nor is it applied when only downloading auxiliary resources (e.g., --metadata-only). Requires --pid-recursive.
- Added <sesortx> substitution parameter. See definition in Substitution Parameters. This parameter provides an additional option for constructing sortable file names with --file-prefix.
- The --pid option can no longer be saved in the default options file, where it could break subsequent downloads. It can still be saved in presets and used with --pvr-queue.
- The installer-supplied wrapper script that launches a standalone Web PVR Manager server has been renamed from get_iplayer.cgi to get_iplayer_cgi (macOS) and from get_iplayer.cgi.cmd to get_iplayer_cgi.cmd (Windows).
- Implemented a workaround for a deficiency in Windows Perl that caused "Wide character in print" warnings.
- Implemented a workaround to avoid Can't locate object method "subtitles_available" error when using --pid-recursive with --subtitles or --subtitles-only with mixed TV/radio series.
- Fixed a bug that caused the channel name to be tagged as "BBC iPlayer" when downloading individual programmes with --pid.
- Fixed a bug that caused downloads to fail when using default settings if the only available version of a radio programme was "podcastX" (where X = 2,3,...).
Wireshark 3.0.3 Release Notes
What is Wireshark?
Wireshark is the world’s most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
What’s New
• The Windows installers now ship with Qt 5.12.4. They previously
shipped with Qt 5.12.3.
• The Windows installers now ship with Npcap 0.996. They previously
shipped with Npcap 0.995.
• The macOS installer now ships with Qt 5.12.4. It previously
shipped with Qt 5.12.1.
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2019-20[1] ASN.1 BER and related dissectors crash. Bug
15870[2]. CVE-2019-13619[3].
The following bugs have been fixed:
• "ninja install" installs help/faq.py instead of help/faq.txt. Bug
15543[4].
• In Wireshark 3.0, encrypted DOCSIS PDU packets no longer match
the filter "eth.dst". Bug 15731[5].
• Developer’s Guide section 3.9 "Contribute your changes" should
incorporate or link "Writing a good commit message" from the
Wiki. Bug 15752[6].
• RSL dissector bugs in presence of optional IEs. Bug 15789[7].
• The "Media Attribute Value" field is missed in rtcp SDP
dissection (packet-sdp.c). Bug 15791[8].
• BTLE doesn’t properly detect start fragment of L2CAP PDUs. Bug
15807[9].
• Wi-SUN FAN decoder error, Channel Spacing and Reserved fields are
swapped. Bug 15821[10].
• tshark: Display filter error message references "-d" when it
should reference "-Y". Bug 15825[11].
• Open "protocol" preferences …<U+200B> does not work for protocol in
subtree. Bug 15836[12].
• Problems with sshdump "Error by extcap pipe: sh: sudo: command
not found". Bug 15845[13].
• editcap won’t change encapsulation type when writing pcap format.
Bug 15873[14].
• ITU-T G.8113.1 MPLS-TP OAM CC,LMM,LMR,DMM and DMR are not seen in
the 3.0.2. Bug 15887[15].
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
AERON, ASN.1, BTLE, CUPS, DNS, DOCSIS, DPNSS, GSM RLC/MAC, HiQnet,
ISO 14443, ISObus VT, LDAP, MAC LTE, MIME multipart, MPLS, MQ, RSL,
SDP, SMB, TNEF, and Wi-SUN
New and Updated Capture File Support
Ascend
New and Updated Capture Interfaces support
There is no new or updated capture file support in this release.
Update bind911 to 9.11.9.
--- 9.11.9 released ---
5260. [bug] dnstap-read was producing malformed output for large
packets. [GL #1093]
5258. [func] Added support for the GeoIP2 API from MaxMind,
when BIND is compiled using "configure --with-geoip2".
The legacy GeoIP API can be enabled by using
"configure --with-geoip" instead. These options
cannot be used together.
Certain geoip ACL settings that were available with
legacy GeoIP are not available when using GeoIP2.
See the ARM for details. [GL #182]
5257. [bug] Some statistics data was not being displayed.
Add shading to the zone tables. [GL #1030]
5256. [bug] Ensure that glue records are included in root
priming responses if "minimal-responses" is not
set to "yes". [GL #1092]
5255. [bug] Errors encountered while reloading inline-signing
zones could be ignored, causing the zone content to
be left in an incompletely updated state rather than
reverted. [GL #1109]
5253. [port] Support platforms that don't define ULLONG_MAX.
[GL #1098]
5249. [bug] Fix a possible underflow in recursion clients
statistics when hitting recursive clients
soft quota. [GL #1067]
Update bind914 to 9.14.4.
--- 9.14.4 released ---
5260. [bug] dnstap-read was producing malformed output for large
packets. [GL #1093]
5258. [func] Added support for the GeoIP2 API from MaxMind,
when BIND is compiled using "configure --with-geoip2".
The legacy GeoIP API can be enabled by using
"configure --with-geoip" instead. These options
cannot be used together.
Certain geoip ACL settings that were available with
legacy GeoIP are not available when using GeoIP2.
See the ARM for details. [GL #182]
5257. [bug] Some statistics data was not being displayed.
Add shading to the zone tables. [GL #1030]
5256. [bug] Ensure that glue records are included in root
priming responses if "minimal-responses" is not
set to "yes". [GL #1092]
5255. [bug] Errors encountered while reloading inline-signing
zones could be ignored, causing the zone content to
be left in an incompletely updated state rather than
reverted. [GL #1109]
5254. [func] Collect metrics to report to the statistics-channel
DNSSEC signing operations (dnssec-sign) and refresh
operations (dnssec-refresh) per zone and per keytag.
[GL #513]
5253. [port] Support platforms that don't define ULLONG_MAX.
[GL #1098]
5251. [bug] Statistics were broken in x86 Windows builds.
[GL #1081]
5249. [bug] Fix a possible underflow in recursion clients
statistics when hitting recursive clients
soft quota. [GL #1067]
* More strict POSIX shell support
* Interfaces have an implicit metric of 0 unless specified
* Inline comments are stripped from nameserver and domain entries
- redirect stdout to /dev/null to avoid duplicating output that is already
logged to a file
- use load_rc_config after setting defaults in order to allow overriding
them in the local rc.conf
from David Brownlee
syncthingandroid is ready on https://f-droid.org/
upstream changes:
-----------------
Important notes
This release does not interoperate with Syncthing 0.14.45 or older.
This release adds QUIC with NAT traversal as a new transport protocol. TCP
is usually more performant and remains the preferred way of connection when
possible.
This release adds automatic crash reporting. See
https://docs.syncthing.net/users/crashrep.html for details.
This release makes large / variable block size the only available mode of
operation; small / fixed blocks are deprecated. See
https://docs.syncthing.net/advanced/folder-uselargeblocks.html for details.
This release reverts the version naming change in #4586 (v1.1.4). Versions
are now named with the time of their archiving, and the file modification
time is unchanged when archiving. An exception to this is the "Trashcan"
versioner which does not modify the name - instead it does set the file
modification time the time of archiving.
Bugfixes
#4170: panic: bug: ClusterConfig called on closed or nonexistent connection
#5609: Filesystem watching failed when parent folder is not listable
#5652: Connection error after closing failed items list and opening another list
#5765: Verioner cleanup looks at the wrong time
#5766: Support bundle doesn't include errors list, instead printing an error
#5770: Scan failure blocks "Rescan" button
#5777: Spurious need to "revert" nonexistent changes with Receive Only folder on Android
#5780: Panic when folder disappears while scanning
#5781: Shutdown takes too long, triggering fmut deadlock panic
#5791: Puller complains about invalid filenames which are long gone
Enhancements
#959: Automatic error log sending to dev. team
#3345: Show last connection error per discovered address
#5377: Use of QUIC for transport
#5631: Dockerfile ENTRYPOINT doesn't pass along extra arguments from "docker run"
#5697: Handle fatal watch errors gracefully
#5774: WebUI table column widths broken on narrow displays
Other issues
#5760: Dead link in README.md
#5796: TestPullInvalidIgnoredSR/SO is flaky
3.8 Stable
New features
* Remote assistance to temporarily grant encrypted ntopng access to remote
parties
* Custom URLs and IP addresses mappings to traffic categories
* Continuous traffic recording
* User activities logging
* Extended chart metrics
Improvements
* Alerts
* Improved InfluxDB support
* Handles slow and aborted queries
* Uses authentication
* Adds RADIUS and HTTP authenticators
* Options to allow users login via RADIUS and HTTP
* Lua 5.3 support
* Improved performance
* Better memory management
* Native support for 64-bit integers
* Native support for bitwise operations
* Adds the new libmaxminddb geolocation library
* Storage utilization indicators
* Global storage indicator to show the disk used by each interface
* Per-interface storage indicator to show the disk used to store timeseries and flows
* Support for Sonicwall PEN field names
* Option to disable LDAP referrals
* Requests and configures Keepalive support for ZMQ sockets
* Three-way-handshake detection
* Adds SNMP mac addresses to the search function
nEdge
* Implement nEdge policies test page
* Implement device presets
* DNS
Fixes
* Fixes missing flows dump on shutdown
* HTTP dissection fixes
* SNMP
* Properly handles endianness over ZMQ
Changes:
2.12.2
------
* Improve `pull-request` push target detection for `git config push.default`
is "upstream", but when the current branch does not have upstream
configuration
3.7:
iperf 3.6 adds the --bidir flag for bidirectional tests, includes some minor enhancements, and fixes a number of bugs. More details can be found in the release notes.
Note: Documentation for the --bidir flag was inadvertently omitted from the manual page. This will be fixed in a future release.
3.6:
iperf 3.6 adds the --extra-data and --repeating-payload options and fixes some minor bugs.
3.5:
iperf 3.5 fixes a bug that could over-count data transfers (and hence measured bitrate).
3.4:
iperf 3.4 fixes a number of minor bugs and adds a few enhancements.
3.3:
New minor release of iperf 3.3, fixing a number of minor bugs.
3.2:
New minor release of iperf 3.2, with new features, bugfixes, and enhancements.
Upstream changes:
1.7.0 2016-12-20
* Fix lookup of relative names in ldns_resolver_search.
* bugfix #548: Double free for answers > 4096 in ldns_resolver_send_pkt
* Follow CNAME's when tracing with drill (TODO dnssec trace)
* Fix#551 change Regent to Copyright holder in BSD license in
some of the headings of the file, to match the opensource.org
BSD license.
* -e option makes ldns-compare-zones exit with status code 2 on difference
* Filter out specified RR types with ldns-read-zone -e and -E options
* bugfix #563: Correct DNSKEY from DSA private key. Thanks Peter Koch.
* bugfix #562: ldns-keygen match DSA key maximum size with library.
And check keysizes with all algorithms. Thanks Peter Koch.
* ldns-verify-zone accepts only one single zonefile as argument.
* bugfix #573: ldns-keygen write private keys with mode 0600.
Thanks Leon Weber
* Fix configure to make ldns compile with LibreSSL 2.0
* drill now also accepts dig style -y option
(-y <[algo:]name:key> i.s.o. -y <name:key[:algo]>)
* OPENPGPKEY draft rr types. Enable with: --enable-rrtype-openpgpkey
* bugfix #608: Correct comment about escaped characters
* CDS and CDNSKEY rr type from RFC 7344.
--enable-rrtype-cds configure option removed
* fix: Memory leak in ldns_pkt_rr_list_by_name()
Thanks Johannes Naab
* fix: Memory leak in ldns_dname2buffer_wire_compress()
Thanks Max Liebkies
* bugfix #613: Allow tab as whitespace too in last rdata field of types
of variable length. Thanks Xiali Yan
* bugfix: strip trailing whitespace from $ORIGIN lines in zone files
* Let ldns-keygen output .ds files only for KSK keys
* Parse RFC7218 TLSA mnemonics, but do not output them
* Let ldns-dane use SPKI as the default selector i.s.o. Cert
* bugfix: Fit left over NSEC3s once more before adding empty non
terminals. Thanks Stuart Browne
* bugfix #605: Determine default trust anchor location at compile time
Thanks Peter Koch
* bugfix #697: Double free with ldns-dane create
Thanks Carsten Strotmann
* bugfix #623: Do not redefine bool type and boolean values
Thanks Jakob Petsovits
* bugfix #570: Add TLSA, CDS, CDNSKEY and OPENPGPKEY RR types to ldnsx
Thanks Shussain
* bugfix #575: ldns_pkt_clone() does not copy timestamp field
Thanks Calle Dybedahl
* bugfix #584: ldns-update fixes. Send update to port 53, bring manpage
in sync with the usage text, and don't alter the ldns_resolver passed
to ldns_update_soa_zone_mname(). Created a ldns_resolver_clone()
function in the process. Thanks Nicholas Riley.
* bugfix #633: ldns_pkt_clone() parameter isn't const.
Thanks Jakop Petsovits
* bugfix: ldns-dane manpage correction
Thanks Erwin Lansing
* Spelling fixes. Thanks Andreas Schulze
* Hyphen used as minus in manpages. Thanks Andreas Schulze.
* RFC7553 RR Type URI is supported by default.
* Fix ECDSA signature generation, do not omit leading zeroes.
* bugfix: Get rid of superfluous newline in ldns-keyfetcher
Thanks Jan-Piet Mens
* bugfix: -U option to ldns-signzone to sign with every algorithm
Thanks Guido Kroon
* const function parameters whenever possible.
Thanks Ray Bellis
* bugfix #725: allow RR-types on the type bitmap window border
Thanks Pieter Lexis
* bugfix #726: 2 typos in drill manpage.
Thanks Hugo Lombard
* Add type CSYNC support, RFC 7477.
* Prepare for ED25519, ED448 support: todo convert* routines in
dnssec.h, once openssl has support for signing with these algorithms.
The dns algorithm number is not yet allocated. These features are
not fully implemented yet, openssl (1.1) does not support the
algorithms enough to generate keys and sign and verify with them.
* Fix _answerfrom comment in ldns_struct_pkt.
* Fix drill axfr ipv4/ipv6 queries.
* Fix comment referring to mk_query in packet.h to pkt_query_new.
* Fix description of QR flag in packet.h.
* Fix for openssl 1.1.0 API changes.
* Remove commented out macro. Thanks Thiago Farina
* bugfix #641: Include install-sh in .gitignore
* bugfix #825: Module import breaks with newer SWIG versions.
Thanks Christoph Egger
* bugfix #796 - #792: Fix miscellaneous compiler warning issues.
Thanks Ngie Cooper
* bugfix #769: Add support for :: in an IPv6 address
Thanks Hajimu UMEMOTO
* bugfix #760: Detect superfluous text in presentation format
Thanks Xiali Yan
* bugfix #708: warnings and errors with xcode 6.1/7.0
* bugfix #754: Memory leak in ldns_str2rdf_ipseckey
Thanks Xiali Yan
* bugfix #661: Fail NSEC3 signing when NSEC domainname length
would overflow. Thanks Jan-Piet Mens.
* bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys.
Thanks Harald Jenny
* bugfix #680: ldns fails to reject invalidly formatted
RFC 7553 URI RRs. Thanks Robert Edmonds
* bugfix #678: Use poll i.s.o. select to support > 1024 fds
Thanks William King
* Use OpenSSL DANE functions for verification (unless explicitly
disabled with --disable-dane-ta-usage).
* Bumb .so version
* Include OPENPGPKEY RR type by default
* rdata processing for SMIMEA RR type
* Fix crash in displaying TLSA RR's.
Thanks Andreas Schulze
* Update ldns-key2ds man page to mention GOST and SHA384 hash
functions. Thanks Harald Jenny
* Add sha384 and sha512 tsig algorithm. Thanks Michael Weiser
* Clarify data ownership with consts for tsig parameters.
Thanks Michael Weiser
* bugfix: Fix detection of DSA support with OpenSSL >= 1.1.0
* bugfix #1160: Provide sha256 for release tarballs
* --enable-gost-anyway compiles GOST support with OpenSSL >= 1.1.0
even when the GOST engine is not available.
Changes in 3.20
Fixed a bug in v3.19 that caused a "Can't use an undefined value as an ARRAY reference" error when using --pid-recursive or --pid-recursive-list with programmes that have no available episodes
Fixed a bug in v3.19 that prevented Windows users from viewing and editing PVR searches in the Web PVR Manager.
EDIT: If you find that BBC Scotland programmes of interest are missing from search results, force all available BBC Scotland programmes to be indexed and cached with (ignore any 404 errors):
get_iplayer --refresh --refresh-include="BBC Scotland" --refresh-limit=30
v3.20 was released soon after v3.19, which was withdrawn. See the get_iplayer 3.19 release notes for other recent changes.
Changes in 3.19
Fixed a bug that caused one-off PVR searches created with --pvr-queue to be deleted when run with --test (thanks @wiehe).
Replaced BBC Two Scotland with BBC Scotland in programme indexing. If a cache update extends back before the week of 2019-02-18, it will produce errors because a BBC Scotland schedule does not exist for earlier dates. The error can be ignored. EDIT: If you find that BBC Scotland programmes of interest are missing from search results, force all available BBC Scotland programmes to be indexed and cached with (ignore any 404 errors):
get_iplayer --refresh --refresh-include="BBC Scotland" --refresh-limit=30
Adapted --pid-recursive and --pid-recursive-list functionality for the change in layout of programme episode lists on the iPlayer site. The switch to series-by-series listings for many programmes meant that get_iplayer would only display episodes from the earliest series listed. This almost exclusively affected CBBC and CBeebies programmes, but could affect any programme.
The episode ordering with --pid-recursive and --pid-recursive-list is now always oldest to newest (as determined by the order of the listings on the iPlayer site). This ensures a consistent order regardless of the source of the episode lists, and it is generally consistent with how search results are ordered by default. Use --sort-reverse to list episodes from newest to oldest.
Added <senumx> substitution parameter to format series and episode numbers as ##x## instead of s##e## as with <senum>. As with <senum>, <senumx> may be absent.
Added --expires-after option for use with --expires-before to bracket searches based on programme expiration date.
Added --pid-index option. The programme index cache is no longer used by default with --pid, whether in a PVR search or from the command line. For an indexed programme, the cache entry provides a backup source of basic metadata, but it is not required. If you notice incomplete metadata or output file names with missing components, use --pid-index to ensure the cache is updated and used with --pid. This would only be of help with indexed programmes from the past 30 days.
Added --no-merge-versions option. get_iplayer now attempts to merge media streams from programme versions with the same name and duration (e.g., editorial and editorial2). There are some extremely rare cases where you may not want to do so because broken streams may be included in the result due to problems with BBC metadata. In that case, use --no-merge-versions to prevent merging and pick out the specific version you want with --versions.
Performed final removal of --hls-hq-audio, --no-dash-remux and --stream-http options
Changes in 3.18
Fixed a bug that caused unnecessary cache updates when --refresh-future was used.
Fixed a bug that prevented a stale cache from being updated with --pvr when first PVR search was PID-based. EDIT: This change will refresh both TV and radio programme index caches when PID-based PVR searches are used, even if --type=radio is not defined in preferences or the PVR searches. This is to ensure availability of at least minimal metadata for indexed programmes found with PID-based PVR searches. If you want to avoid ever indexing any radio programmes, delete the radio.cache file in your profile directory and use --refresh-exclude-groups-radio=local,regional,national to exclude all radio stations from indexing. You will have a radio.cache file, but it will contain no entries.
Added --hls-lq-audio option to download lower-quality audio with HLS video streams. Use this if 320k audio is too rich for your diet. You will get the same audio as DASH streams (128k or 96k, depending on the stream).
Added --available-before option for use with --available-since to bracket searches based on programme availability date.
The --no-subtitles option on the command line will now override all --subs-{embed,mono,raw,required} options saved in preferences. Those options no longer imply --subtitles (Web PVR: "Download subtitles" in "Recording" tab), which is now required with any of them.
get_iplayer no longer looks for a local options file under the current working directory (in ./.get_iplayer/options). That could cause problems when using --profile-dir while working in user's home directory if a default profile directory had been created. Use a preset instead. EDIT: This functionality was never documented and thus you are extremely unlikely to be affected by its removal.
The --test option will only show lists of matching episodes with PVR searches and --pid-recursive. Download and parsing of media stream data will only occur with --test if --get or standalone --pid is specified.
Changes to substitution parameters:
Added <sebcast>, <sebcastdate>, <sebcasttime>, <sesort>. See definitions in Substitution Parameters. These parameters provide additional options for constructing sortable file names with --file-prefix.
A value for <episodenum> must now be found in programme metadata in order for <senum> to be populated. A value of "1" is no longer synthesised for some TV programmes. A value of "1" is still synthesised for <seriesnum> if <episodenum> is populated and no series number is found in programme metadata.
The episode number prepended to <episode> is now zero-padded to 2 digits. This is reflected in the default output file prefix. EDIT: If you use the default file prefix and you mistakenly use --force for a programme you do not wish to re-download, or you mistakenly attempt to re-download a programme you already have that has been removed from your download history, it is likely that you will end up with a duplicate because the zero-padding generates a different file name (assuming an episode number is present). To revert to the previous default file prefix without zero-padding, use:
get_iplayer --prefs-add --file-prefix="<name> - <episodenum. ><episodeshort> <pid> <version>"
If you use a custom file prefix that contains <episode>, replace it with <episodenum. ><episodeshort> to achieve the same effect.
Conditional separators can now be used as suffixes. See example in Filenames and Directories.
The functionality of the options below has been removed. The options are now ignored and will be completely removed in the next release. A warning message will be printed if any of these options is found in your preferences.
--hls-hq-audio: Now essentially useless and could lead to audio sync problems.
--no-dash-remux: If you prefer DASH media streams for some reason you can no longer produce potentially unusable output files, at the cost of some extra time in post-processing downloads.
--stream-http: get_iplayer will now automatically look for HTTP media playlist URLs if no HTTPS URLs are found.
You can remove these obsolete options from your preferences (whether or not they are actually defined) with:
get_iplayer --prefs-del --hls-hq-audio --no-dash-remux --stream-http
A get_iplayer profile directory (containing programme index caches, pvr searches, preset definitions, download history) can now be shared between Windows and Linux/BSD/macOS. get_iplayer on all platforms now processes any CRLF line endings (default for text files on Windows) when reading files from the profile directory. Files will still be written with native line endings (CRLF on Windows, LF on other platforms), so different files may have different line endings if you share them between platforms. This also means that the "download_history" file will have mixed line endings if written on different platforms. The different line endings shouldn't affect get_iplayer, but be aware of them if editing those files directly.
If you only use get_iplayer on Windows, or only on Linux/BSD/macOS, you should notice no difference.
Warning for Linux/BSD/macOS users: This only works with get_iplayer 3.18 or higher. Once you have CRLF line endings in your files, you cannot use get_iplayer versions before 3.18 unless you first change all line endings in all files to LF and then never again write to those files in Windows.
Upstream changes (including 3.9.0-alpha ones):
New features of mikutter 3.9
* Mastodon plugin
* Support for UI scaling
* World account can be assigned to shortcut key
* Reorder World accounts
* Non-PNG image support for Skin
* Generic Model viewer
* Quick Step
* PulseAudio
* Reorgenize gem dependencies
* and more..
Version 2.2.10:
BUG FIXES
Fix multiple security issues. See http://freeradius.org/security/fuzzer-2017.html
FR-GV-207 Avoid zero-length malloc() in data2vp().
FR-GV-206 correct decoding of option 60.
FR-GV-205 check for "too long" WiMAX options.
FR-GV-204 free VP if decoding fails, so we don't leak memory.
FR-GV-203 fix memory leak when using decode_tlv().
FR-GV-202 check for "too long" attributes.
FR-GV-201 check input/output length in make_secret().
FR-AD-001 Use strncmp() instead of memcmp() for bounded data.
Disable in-memory TLS session caches due to OpenSSL API issues.
Allow issuer_cert to be empty.
Look for extensions using correct index.
Fix types.
Work around OpenSSL 1.0.2 problems, which cause failures in TLS-based EAP methods.
Revert RedHat contributed bug which removes run-time checks for OpenSSL consistency.
Allow OCSP responder URL to be later in the packet
Catch empty subject and non-existent issuer cert in OCSP
Allow non-FIPS for MD5
3.0.19:
FEATURE IMPROVEMENTS
Update dictionary.cisco.
Update sqlippool to allow for stored procedures with PostgreSQL. This increases performance substantially Patch from Nathan Ward.
Re-added "show client config" command to radmin.
Cleaned up mods-available/sql example so that it is easier to understand.
Added pfSense dictionary.
Update dictionary.h3c
Update elasticsearch/logstash config for v6.7.0.
EAP-PWD security fixes from Mathy Vanhoef. See http://freeradius.org/security/.
BUG FIXES
Update dynamic_client module and server core so that the functionality works. This has been broken since at least v2.
Fix crash in sqlippool due to escaping changes Patch from Nathan Ward.
Fix systemd notify, watchdog and unit files
Fix erroneous length check in EAP-FAST.
Update documentation to remove old "ignore_null" configuration.
Fix default POD port. Should be 3799.
Correctly encode vendor-specific "encrypted" attributes
3.0.18:
FEATURE IMPROVEMENTS
cleanup_delay can now be 30 seconds. This helps with proxies that have packet loss.
Do-Not-Respond policies can now be set in the "post-auth" section.
Encode / Decode ADSL Forum DHCP options.
Fix module ordering issues. e.g. when "sqlippool" needs "sql". See the "instantiate" section of radiusd.conf.
Add Big Switch dictionary.
Add sql_session_start policy (raddb/policy.d/accounting) This minimizes race conditions when using Simultaneous-Use Patch from Philippe Wooding.
For rlm_perl, all variables are now tainted by default. See raddb/mods-available/perl, and the "perl_flags" configuration item. This change should only affect people who are using variables in insecure ways.
Allow "sqlcounter" module to be listed in "post-auth".
Add support for IPv6 attributes in SQL.
The server is better at handling fail-over for outbound RadSec and TCP connections.
The server is now more aggressive about retrying failed outbound RadSec and TCP connections.
Add TLS-Session-Version and TLS-Session-Cipher-Suite to the "session_state" list.
Add expansion for Radsec connections. "%{listen:TLS-...}" for TLS-Client-Cert-* and TLS-Cert-* attributes.
Add notes on running "ldapsearch" using the parameters from the LDAP module.
"ipaddr" attributes can now be cast to "integer" type attributes in an "update" section.
Move main thread queue to using atomic queues. This should help with contention in high load scenarios.
Add "recv_buff" setting to listeners. For more details, see sites-available/default.
The sqlippool module can now use attributes other than "Pool-Name" to assign IP pools. The "Pool-Name" attribute is still the default.
The "unpack" expansion can now unpack substrings. See mods-available/unpack for documentation and examples.
The preprocess module now does "ciscvo_vsa_hack" for Eltex-AVPair. Vendors SHOULD NOT USE THAT KIND OF ATTRIBUTE.
Allow for <instance>-LDAP-UserDN. See mods-available/ldap for more information.
Add sanitizing of control list for moonshot.
Update rlm_sql_mysql to be compatible with MySQL 8 Fixes https://bugs.launchpad.net/bugs/1795310.
Allow logging of only Access-Accept or Access-Reject messages See radiusd.conf, "auth_accept" and "auth_reject".
Removed Connect-Rate comparison. It was unused and broken.
Add dictionary.infinera.
RPMs can now change raddb location with rpmbuild parameter --define '_sysconfdir /etc'.
OpenDirectory module now points to Apple documentation for help with build and configuration.
Use OpenSSL HMAC functions instead of local ones.
Some SQL modules can now use "auto_escape" to escape unsafe strings See mods-config/sql/main/mysql/queries.conf.
Add wispr2date conversion in mods-available/date.
Implement dictionary-based handling in rlm_python.
Add support for SKIP LOCKED in sqlippool. This can improve performance by an order of magnitude or more. See raddb/mods-config/sql/ippool/*/queries.conf
Updated Debian packages to allow for libssl1.1
Allow PSK and certificates at the same time Except for TLS 1.3 which does not support that.
Update Debian packages for newer releases
Update docker scripts.
Add crypt xlat.
MySQL connections can now skip verifying the server certificate.
Add better mechanism to detect MariaDB (Old MySQL).
Add RFC 7532 "bang path" support for realms
Update dictionary.ukerna documentation.
Add support for systemd service and watchdogs
Check for openss/rand.h, and allow building without OpenSSL engine.
The default PosgtreSQL queries now use "ON CONFLICT" to better deal with issues. This requires PostgreSQL 9.5 or later. Please use a recent version of PostgreSQL, or edit the default queries to remove "ON CONFLICT".
BUG FIXES
The session-state list is no longer cleaned in the inner-tunnel. This lets the outer Access-Reject section access session-state.
Fix typo in lock initialization for TLS sockets Found by Sergio NNX.
Add check for crash when home server down
Add username key for postauth table.
Better libpcap checks, when the header files or libraries are missing.
Allow building with old versions of OpenSSL
Allow non-FreeRADIUS State attributes to be used with the "session-state" list. i.e. State length != 16.
Be more aggressive about cleaning up zombie children when running in debug mode.
Use LTDL_DEEPBIND, which fixes issues with Oracle libraries exporting LDAP API functions.
unlock files when asked to unlock them.
return error instead of asserting in map code.
Don't write 0 bytes to SSL.
Remove "expiry_time IS NULL" from allocate_update query.
Various dictionary cleanups and consistency checks
rlm_python has stronger thread locking to prevent reported issues. Performance may be affected.
Don't allow Message-Authenticator to overflow past the end of a large packet.
Fix crash in sqlippool when SQL server goes away
Typos in man pages. Patch from Nikolai Kondrashov
Check for correct OpenSSL version in vulnerability list. Patch from Christian Hesse.
Fix crash with CoA packets/
Fix crash in rlm_exec with CoA.
Print errors while parsing the log config, and don't quit when deprecated log settings are found.
Fix DHCP encoder xlat so that it can be used with a list of attributes. It previously only encoded the first member of the list, and now encodes all members.
The "expr" module now skips more whitespace.
Remove internal FreeRADIUS-Response-Delay attributes from attr_filter Access-Reject.
Don't send junk to redis when maximum args reached.
Small updates to IPv6 for accounting schema
Fix OpenDirectory integration in rlm_mschap.
Fix slow memory leak with dynamic clients.
Don't artificially truncate debug output for long strings.
Fix memory leak in EAP-PWD.
Fix crash in "hints" file with Fall-Through = yes.
Fix crash / timer issues with many CoA packets.
Fix attr_filter so that it does not treat vendor attributes of number 26 as Vendor-Specific.
Fix reconnect correctly in rlm_sql_mysql.
Fix rlm_cache to properly use Cache-TTL < 0
Fix rare occurance of bad xlat expansion.
Check for rare race condition when a proxy reply arrives too late.
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause licence
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
Release v1.22.0
Core
building upb as part of cmake build is not necessary (for v1.22.x).
Convert TraceFlags in the hot path to DebugTraceFlags.
Fix a bug where POST_RECV_MESSAGE was not being triggered.
Adjust the order of IOMgr timer initialization and comment of grpc_timer::heap_index.
C++
use bazel wrapper for "bazel" invocations in grpc workspace.
Add method to validate service config json.
Update comment on ssl hostname override.
Rename root certificate bundle in gRPC-C++ pod.
Changes:
2019.07.02
----------
Core
+ [utils] Introduce random_user_agent and use as default User-Agent (#21546)
Extractors
+ [vevo] Add support for embed.vevo.com URLs (#21565)
+ [openload] Add support for oload.biz (#21574)
* [xiami] Update API base URL (#21575)
* [yourporn] Fix extraction (#21585)
+ [acast] Add support for URLs with episode id (#21444)
+ [dailymotion] Add support for DM.player embeds
* [soundcloud] Update client id
18.0.2
- Compatibility with Python 3.8 prerelease by regenerating Cython sources
with Cython 0.29.10.
- Fix language_level=2 in Cython sources, for compatibility with Cython 0.30
- Show missing path for ENOENT errors on ipc connections.
Changes:
Fixes:
- hub pull-request: Avoid crash when the current branch is pushed to a
non-GitHub remote
- BROWSER environment variable now supports values with spaces in them
(must be shell-quoted)
- hub help: support man appearing in a path that has spaces
- Docs: mention that comma-separated lists must not have spaces
Changes:
1.8.7
-----
Additions:
- Support for
- `vanillarock` (#254)
- `nsfwalbum` (#287)
- `artist` and `tags` metadata for `hentaicafe` (#238)
- `description` metadata for `instagram` (#310)
- Format string option to replace a substring with another
- `R<old>/<new>/` (#318)
Changes:
- Delete empty archives created by the `zip` post-processor (#316)
Fixes:
- Handle `hitomi` Game CG galleries correctly (#321)
- Miscellaneous fixes for `deviantart`, `hitomi`, `pururin`, `kissmanga`,
`keenspot`, `mangoxo`, `imagefap`
Changes:
20190627
--------
Extractors
+ [go] Add support for disneynow.com (#21528)
* [mixer:vod] Relax URL regular expression (#21531, #21536)
* [drtv] Relax URL regular expression
* [fusion] Fix extraction (#17775, #21269)
- [nfb] Remove extractor (#21518)
+ [beeg] Add support for api/v6 v2 URLs (#21511)
+ [brightcove:new] Add support for playlists (#21331)
+ [openload] Add support for oload.life (#21495)
* [vimeo:channel,group] Make title extraction non fatal
* [vimeo:likes] Implement extrator in terms of channel extractor (#21493)
+ [pornhub] Add support for more paged video sources
+ [pornhub] Add support for downloading single pages and search pages (#15570)
* [pornhub] Rework extractors (#11922, #16078, #17454, #17936)
+ [youtube] Add another signature function pattern
* [tf1] Fix extraction (#21365, #21372)
* [crunchyroll] Move Accept-Language workaround to video extractor since
it causes playlists not to list any videos
* [crunchyroll:playlist] Fix and relax title extraction (#21291, #21443)
This inadvertently opened up the named process to more privileges than
necessary and could be considered a security risk. This may affect chroot
support, adding back in support for that will need to be done carefully.
Bump PKGREVISIONs.
The server side public license, used by databases/mongodb (version 4),
appears to be incompatible with ubiquiti-license. Also,
databases/mongodb does not build on platforms where net/unifi works
(e.g., netbsd-8 amd64).
* OpenBSD: compiles again
* BSD: Check RTM lengths incase of kernel issues
* DHCP6: Don't stop even when last router goes away
* DHCP6: Fix inform from RA
* hostname: Fix short hostname check
Previously, an IPv6 split tunnel with a /128 request would result in a
default tunnel, rather than a specific route. Correctly set the default
route if we request a /0.
If `which ip` returns something on a non-Linux OS, it's an unrelated
tool that won't work for routing configuration; don't try to set IPROUTE
on another OS. This should fix the macOS issue discovered at:
<https://github.com/dlenski/openconnect/issues/132#issuecomment-470475009>
Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.1
- Fixed duplicate error message when user tries to
sign in with invalid username.
- Make sure user can change username before
successfully authenticating.
- Fix error message when "type" command is not
given a parameter.
- Make sure we do not return multiple error
codes when an account is disabled.
- Do not drop connection to client when
selected account is disabled.
- Make sure when accounts are disabled/denied, they print the
proper reason (set in the config file) back to the client
Upstream changes:
* quickstep
* crash on a retweet tab in Tweet details tabs when non-Twitter World
is selected
* pass application name to notify-send
* thanks Shibafu Midorino
* improve performance of toot cache
* crash on Fav'ed from Mastodon World when Current World is not
fav'ed account
Update bind914 to 9.14.3 (BIND 9.14.3).
--- 9.14.3 released ---
5244. [security] Fixed a race condition in dns_dispatch_getnext()
that could cause an assertion failure if a
significant number of incoming packets were
rejected. (CVE-2019-6471) [GL #942]
5243. [bug] Fix a possible race between dispatcher and socket
code in a high-load cold-cache resolver scenario.
[GL #943]
5242. [bug] In relaxed qname minimizatiom mode, fall back to
normal resolution when encountering a lame
delegation, and use _.domain/A queries rather
than domain/NS. [GL #1055]
5241. [bug] Fix Ed448 private and public key ASN.1 prefix blobs.
[GL #225]
5240. [bug] Remove key id calculation for RSAMD5. [GL #996]
5238. [bug] Fix a possible deadlock in TCP code. [GL #1046]
5237. [bug] Recurse to find the root server list with 'dig +trace'.
[GL #1028]
5234. [port] arm: just use the compiler's default support for
yield. [GL #981]
Update bind912 to 9.12.4pl2 (BIND 9.12.4-P2).
--- 9.12.4-P2 released ---
5244. [security] Fixed a race condition in dns_dispatch_getnext()
that could cause an assertion failure if a
significant number of incoming packets were
rejected. (CVE-2019-6471) [GL #942]
Update bind911 to 9.11.8 (BIND 9.11.8).
--- 9.11.8 released ---
5244. [security] Fixed a race condition in dns_dispatch_getnext()
that could cause an assertion failure if a
significant number of incoming packets were
rejected. (CVE-2019-6471) [GL #942]
5241. [bug] Fix Ed448 private and public key ASN.1 prefix blobs.
[GL #225]
5237. [bug] Recurse to find the root server list with 'dig +trace'.
[GL #1028]
- fixed bug in tinydns-data with false translation of IPv6|v4 addresses
for MX records.
- fixed bug in dnsip abending while evaluating IPv6 addresses.
- fixed alignment bug in dd.c for dd6 (tx vise).
- fixed bug in dns_nd.c for IPv6; dnsfilter is working now for IPv4 and IPv6
(tx vise).
- dns_ip, dns_mx, dns_txt, and dns_name return now number of answers given
(fehQlibs-12).
- libsodium compatibility checked and verified.
- dns_ip, dns_cname, dns_txt, dns_name and dns_mx
return now the number of DNS answers received
unlike the number of bytes for the given output.
- Added convenience routines for forthcoming s/qmail.
- Added ia4_fmt, ia6_fmt and dns_cname (for *qmail).
- Changed dns_transmit lookup time constants.
Release Notes for Samba 4.10.5
This is a security release in order to address the following defects:
o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server
(dnsserver))
o CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches))
Details
=======
o CVE-2019-12435:
An authenticated user can crash the Samba AD DC's RPC server process via a
NULL pointer dereference.
o CVE-2019-12436:
An user with read access to the directory can cause a NULL pointer
dereference using the paged search control.
For more details and workarounds, please refer to the security advisories.
stagit generates .gph geomyidae pages for a Git repository, and
supports the following features:
- Log of all commits from HEAD.
- Log and diffstat per commit.
- Show file tree with line numbers.
- Show references: local branches and tags.
- Detect README and LICENSE file from HEAD and link it as a page.
- Detect submodules (.gitmodules file) from HEAD and link it as a page.
- Atom feed log (atom.xml).
- Make index page for multiple repositories with stagit-gopher-index.
- After generating the pages (relatively slow) serving the files is very fast,
simple and requires little resources (because the content is static), only
a geomyidae Gopher server is required.
In RT 4 when edit_ticket() is invoked but the ticket is not modified an empty
response is sent. Gracefully treat it as a successfull operation.
PKGREVISION++
SFTP stands for SSH File Transfer Protocol and is a method of
transferring files between machines over a secure, encrypted
connection (as opposed to regular FTP, which functions over an
insecure connection). The security in SFTP comes through its
integration with SSH, which provides an encrypted transport layer over
which the SFTP commands are executed.
Net::SFTP::Foreign is a Perl client for the SFTP version 3 as
defined in the SSH File Transfer Protocol IETF draft, which can be
found at http://www.openssh.org/txt/draft-ietf-secsh-filexfer-02.txt
This implementation uses an external OpenSSH-compatible program.
Packaged in wip by Angel M. Adames.
Upstream changes:
Features
- add type CAA to libpyunbound (accessing libunbound from python).
- Fix#17: Add python module example from Jan Janak, that is a
plugin for the Unbound DNS resolver to resolve DNS records in
multicast DNS [RFC 6762] via Avahi. The plugin communicates
with Avahi via DBus. The comment section at the beginning of
the file contains detailed documentation.
- travis build file.
- PR #16: XoT support, AXFR over TLS, turn it on with
master: <ip>#<authname> in unbound.conf. This uses TLS to
download the AXFR (or IXFR).
Bug Fixes
- Fix for #4233: guard use of NDEBUG, so that it can be passed in
CFLAGS into configure.
- Add log message, at verbosity 4, that says the query is encrypted
with TLS, if that is enabled for the query.
- Fix#4239: set NOTIMPL when deny-any is enabled, for RFC8482.
- Fix#4240: Fix whitespace cleanup in example.conf.
- Fix that tls-session-ticket-keys: "" on its own in unbound.conf
disables the tls session ticker key calls into the OpenSSL API.
- Fix crash if tls-servic-pem not filled in when necessary.
- Fix auth-zone NSEC3 response for empty nonterminals with exact
match nsec3 records.
- Fix for out of bounds integers, thanks to OSTIF audit. It is in
allocation debug code.
- Fix for auth zone nsec3 ent fix for wildcard nodata.
- Move goto label in answer_from_cache to the end of the function
where it is more visible.
- Fix auth-zone NSEC3 response for wildcard nodata answers,
include the closest encloser in the answer.
- Fix spelling error in log output for event method.
- Fix to reinit event structure for accepted TCP (and TLS) sockets.
- Fix to use event_assign with libevent for thread-safety.
- verbose information about auth zone lookup process, also lookup
start, timeout and fail.
- Fix to wipe ssl ticket keys from memory with explicit_bzero,
if available.
- Fix that auth zone uses correct network type for sockets for
SOA serial probes. This fixes that probes fail because earlier
probe addresses are unreachable.
- Fix that auth zone fails over to next master for timeout in tcp.
- Squelch SSL read and write connection reset by peer and broken pipe
messages. Verbosity 2 and higher enables them.
- Update python documentation for init_standard().
- Typos.
- Fix tls write event for read state change to re-call SSL_write and
not resume the TLS handshake.
- Better braces in if statement in TCP fastopen code.
- iana portlist updated.
- Scrub RRs from answer section when reusing NXDOMAIN message for
subdomain answers.
- For harden-below-nxdomain: do not consider a name to be non-exitent
when message contains a CNAME record.
- Fix wrong query name in local zone redirect answers with a CNAME,
the copy of the local alias is in unpacked form.
- contrib/fastrpz.patch updated for code changes, and with git diff.
- Fix#29: Solaris 11.3 and missing symbols be64toh, htobe64.
- Fix#30: AddressSanitizer finding in lookup3.c. This sets the
hash function to use a slower but better auditable code that does
not read beyond array boundaries. This makes code better security
checkable, and is better for security. It is fixed to be slower,
but not read outside of the array.
- Fix edns-subnet locks, in error cases the lock was not unlocked.
- Fix doxygen output error on readme markdown vignettes.
- Squelch log messages from tcp send about connection reset by peer.
They can be enabled with verbosity at higher values for diagnosing
network connectivity issues.
- Attempt to fix malformed tcp response.
- Fix#31: swig 4.0 and python module.
- Note that so-reuseport at extreme load is better turned off,
otherwise queries are not distributed evenly, on Linux 4.4.x.
- Fix that spoolbuf is not used to store tcp pipelined response
between mesh send and callback end.
- Fix double file close in tcp pipelined response code.
- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
- Fix to guard _OPENBSD_SOURCE from redefinition.
- Fix that fixes the Fix that spoolbuf is not used to store tcp
pipelined response between mesh send and callback end, this fixes
error cases that did not use the correct spoolbuf.
- Fix that fixes the Fix that spoolbuf is not used to store tcp
pipelined response between mesh send and callback end, this fixes
error cases that did not use the correct spoolbuf.
- Fix another spoolbuf storage code point, in prefetch.
pkgsrc changes:
- remove patch for totoridipjp (removed in upstream too)
- remove patch for upstream ticket #1323 (integrated in 3.9)
Upstream changes (from "new features of mikutter 3.9"):
* Mastodon plugin
* Support for UI scaling
* World account can be assigned to shortcut key
* Reorder World accounts
* Non-PNG image support for Skin
* Generic Model viewer
* Quick Step
* PulseAudio
* Reorgenize gem dependencies
Upstream pull request log:
https://github.com/twitter/twitter-text/pull/265
* New v3.json config file with emojiParsingEnabled config option. When
true, twitter-text will parse and discount emoji supported by the
twemoji library (see https://github.com/twitter/twemoji). The length
of these emoji will be the default weight (200 or two characters) even
if they contain multiple code points combined by zero-width
joiners. This means that emoji with skin tone and gender modifiers no
longer count as more characters than those without such modifiers.
All 4 implementations updated to reflect this change in counting.
* Updates known gTLDs to recognize recent additions by IANA (#261)
Upstream changes (from CHANGELOG.md):
# Addressable 2.6.0
- added `tld=` method to allow assignment to the public suffix
- most `heuristic_parse` patterns are now case-insensitive
- `heuristic_parse` handles more `file://` URI variations
- fixes bug in `heuristic_parse` when uri starts with digit
- fixes bug in `request_uri=` with query strings
- fixes template issues with `nil` and `?` operator
- `frozen_string_literal` pragmas added
- minor performance improvements in regexps
- fixes to eliminate warnings
Changes:
2.12.0
------
## Features
* Add `hub pr show [<number>]` command to open a pull request in the browser
* Add `hub api --paginate` option to automatically fetch all pages of results
* Add `hub pull-request --no-maintainer-edits` flag to disallow project
maintainers being able to push to your branch
* `hub issue -M` can now accept milestone names instead of just numbers
* Abort `hub pull-request` with a helpful error message if the current branch
wasn't pushed to a git remote
* Drop support for legacy `hub.http-clone` git config value
## Fixes
* Fix querying git configuration when GIT_TRACE is used
* Support detached HEAD if `hub pull-request --head` was passed
* Fix newline in `hub create` error message
* Ensure HTTP connection reuse across API calls
1.16.178
api-change:guardduty: Update guardduty command to latest version
api-change:appmesh: Update appmesh command to latest version
api-change:elasticache: Update elasticache command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.177
api-change:servicecatalog: Update servicecatalog command to latest version
1.16.176
api-change:sagemaker: Update sagemaker command to latest version
1.16.175
api-change:personalize-runtime: Update personalize-runtime command to latest version
api-change:codecommit: Update codecommit command to latest version
api-change:personalize: Update personalize command to latest version
api-change:personalize-events: Update personalize-events command to latest version
api-change:codebuild: Update codebuild command to latest version
1.16.174
api-change:ec2: Update ec2 command to latest version
1.16.173
api-change:ecs: Update ecs command to latest version
api-change:dynamodb: Update dynamodb command to latest version
api-change:logs: Update logs command to latest version
api-change:ssm: Update ssm command to latest version
api-change:guardduty: Update guardduty command to latest version
api-change:mediaconnect: Update mediaconnect command to latest version
api-change:organizations: Update organizations command to latest version
api-change:ses: Update ses command to latest version
1.16.172
api-change:glue: Update glue command to latest version
1.16.171
api-change:storagegateway: Update storagegateway command to latest version
api-change:iam: Update iam command to latest version
api-change:s3: Update s3 command to latest version
api-change:elasticache: Update elasticache command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.170
api-change:rds: Update rds command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.169
api-change:iotanalytics: Update iotanalytics command to latest version
api-change:rds: Update rds command to latest version
api-change:iotevents-data: Update iotevents-data command to latest version
api-change:codecommit: Update codecommit command to latest version
api-change:rds-data: Update rds-data command to latest version
api-change:kafka: Update kafka command to latest version
api-change:pinpoint-email: Update pinpoint-email command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version
api-change:iotevents: Update iotevents command to latest version
1.16.168
api-change:dlm: Update dlm command to latest version
api-change:securityhub: Update securityhub command to latest version
api-change:ssm: Update ssm command to latest version
api-change:rds: Update rds command to latest version
api-change:iotthingsgraph: Update iotthingsgraph command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.167
api-change:robomaker: Update robomaker command to latest version
api-change:transcribe: Update transcribe command to latest version
api-change:storagegateway: Update storagegateway command to latest version
api-change:rds: Update rds command to latest version
api-change:groundstation: Update groundstation command to latest version
api-change:sts: Update sts command to latest version
api-change:pinpoint-email: Update pinpoint-email command to latest version
api-change:waf: Update waf command to latest version
api-change:chime: Update chime command to latest version
1.16.166
api-change:codedeploy: Update codedeploy command to latest version
api-change:mediastore-data: Update mediastore-data command to latest version
api-change:opsworkscm: Update opsworkscm command to latest version
1.16.165
api-change:ec2: Update ec2 command to latest version
api-change:waf-regional: Update waf-regional command to latest version
1.16.164
api-change:apigateway: Update apigateway command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:budgets: Update budgets command to latest version
api-change:efs: Update efs command to latest version
api-change:devicefarm: Update devicefarm command to latest version
api-change:worklink: Update worklink command to latest version
api-change:rds: Update rds command to latest version
1.16.163
api-change:alexaforbusiness: Update alexaforbusiness command to latest version
api-change:datasync: Update datasync command to latest version
1.16.162
api-change:kafka: Update kafka command to latest version
api-change:mediapackage-vod: Update mediapackage-vod command to latest version
api-change:meteringmarketplace: Update meteringmarketplace command to latest version
1.16.161
api-change:appstream: Update appstream command to latest version
1.16.160
api-change:medialive: Update medialive command to latest version
api-change:s3: Update s3 command to latest version
1.16.159
api-change:ec2: Update ec2 command to latest version
api-change:codepipeline: Update codepipeline command to latest version
api-change:rds: Update rds command to latest version
api-change:transcribe: Update transcribe command to latest version
api-change:mediapackage: Update mediapackage command to latest version
1.16.158
api-change:storagegateway: Update storagegateway command to latest version
api-change:comprehend: Update comprehend command to latest version
api-change:chime: Update chime command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.157
api-change:datasync: Update datasync command to latest version
api-change:lambda: Update lambda command to latest version
api-change:iotanalytics: Update iotanalytics command to latest version
1.16.156
api-change:glue: Update glue command to latest version
api-change:sts: Update sts command to latest version
1.16.155
api-change:sagemaker: Update sagemaker command to latest version
api-change:kinesisanalytics: Update kinesisanalytics command to latest version
api-change:eks: Update eks command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version
api-change:kinesisanalyticsv2: Update kinesisanalyticsv2 command to latest version
1.16.154
api-change:alexaforbusiness: Update alexaforbusiness command to latest version
api-change:storagegateway: Update storagegateway command to latest version
api-change:ssm: Update ssm command to latest version
api-change:appsync: Update appsync command to latest version
1.9.168
api-change:appmesh: [botocore] Update appmesh client to latest version
api-change:elasticache: [botocore] Update elasticache client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:guardduty: [botocore] Update guardduty client to latest version
1.9.167
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
1.9.166
api-change:sagemaker: [botocore] Update sagemaker client to latest version
1.9.165
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:personalize-runtime: [botocore] Update personalize-runtime client to latest version
api-change:codecommit: [botocore] Update codecommit client to latest version
api-change:personalize-events: [botocore] Update personalize-events client to latest version
api-change:personalize: [botocore] Update personalize client to latest version
1.9.164
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.163
api-change:ecs: [botocore] Update ecs client to latest version
api-change:organizations: [botocore] Update organizations client to latest version
api-change:logs: [botocore] Update logs client to latest version
api-change:dynamodb: [botocore] Update dynamodb client to latest version
api-change:guardduty: [botocore] Update guardduty client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
api-change:ses: [botocore] Update ses client to latest version
api-change:mediaconnect: [botocore] Update mediaconnect client to latest version
1.9.162
api-change:glue: [botocore] Update glue client to latest version
1.9.161
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
api-change:s3: [botocore] Update s3 client to latest version
api-change:elasticache: [botocore] Update elasticache client to latest version
api-change:iam: [botocore] Update iam client to latest version
1.9.160
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:rds: [botocore] Update rds client to latest version
1.9.159
api-change:iotevents-data: [botocore] Update iotevents-data client to latest version
api-change:iotevents: [botocore] Update iotevents client to latest version
api-change:pinpoint-email: [botocore] Update pinpoint-email client to latest version
api-change:iotanalytics: [botocore] Update iotanalytics client to latest version
api-change:codecommit: [botocore] Update codecommit client to latest version
api-change:rds-data: [botocore] Update rds-data client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
api-change:kafka: [botocore] Update kafka client to latest version
1.9.158
api-change:ssm: [botocore] Update ssm client to latest version
api-change:securityhub: [botocore] Update securityhub client to latest version
api-change:iotthingsgraph: [botocore] Update iotthingsgraph client to latest version
api-change:dlm: [botocore] Update dlm client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.157
api-change:groundstation: [botocore] Update groundstation client to latest version
api-change:transcribe: [botocore] Update transcribe client to latest version
api-change:chime: [botocore] Update chime client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:waf: [botocore] Update waf client to latest version
api-change:pinpoint-email: [botocore] Update pinpoint-email client to latest version
api-change:robomaker: [botocore] Update robomaker client to latest version
api-change:sts: [botocore] Update sts client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
1.9.156
api-change:mediastore-data: [botocore] Update mediastore-data client to latest version
api-change:codedeploy: [botocore] Update codedeploy client to latest version
api-change:opsworkscm: [botocore] Update opsworkscm client to latest version
1.9.155
api-change:waf-regional: [botocore] Update waf-regional client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.154
api-change:efs: [botocore] Update efs client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:apigateway: [botocore] Update apigateway client to latest version
api-change:worklink: [botocore] Update worklink client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
api-change:devicefarm: [botocore] Update devicefarm client to latest version
api-change:budgets: [botocore] Update budgets client to latest version
1.9.153
api-change:datasync: [botocore] Update datasync client to latest version
api-change:alexaforbusiness: [botocore] Update alexaforbusiness client to latest version
1.9.152
api-change:kafka: [botocore] Update kafka client to latest version
api-change:meteringmarketplace: [botocore] Update meteringmarketplace client to latest version
api-change:mediapackage-vod: [botocore] Update mediapackage-vod client to latest version
1.9.151
api-change:appstream: [botocore] Update appstream client to latest version
1.9.150
api-change:medialive: [botocore] Update medialive client to latest version
api-change:s3: [botocore] Update s3 client to latest version
1.9.149
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:transcribe: [botocore] Update transcribe client to latest version
api-change:mediapackage: [botocore] Update mediapackage client to latest version
api-change:codepipeline: [botocore] Update codepipeline client to latest version
enhancement:Environment Variables: [botocore] Ignore env var credentials is values are empty
api-change:rds: [botocore] Update rds client to latest version
1.9.148
api-change:comprehend: [botocore] Update comprehend client to latest version
api-change:chime: [botocore] Update chime client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.147
api-change:datasync: [botocore] Update datasync client to latest version
api-change:iotanalytics: [botocore] Update iotanalytics client to latest version
api-change:lambda: [botocore] Update lambda client to latest version
1.9.146
api-change:glue: [botocore] Update glue client to latest version
api-change:sts: [botocore] Update sts client to latest version
1.9.145
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
api-change:eks: [botocore] Update eks client to latest version
api-change:sagemaker: [botocore] Update sagemaker client to latest version
api-change:kinesisanalytics: [botocore] Update kinesisanalytics client to latest version
api-change:kinesisanalyticsv2: [botocore] Update kinesisanalyticsv2 client to latest version
1.9.144
api-change:appsync: [botocore] Update appsync client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
api-change:alexaforbusiness: [botocore] Update alexaforbusiness client to latest version
1.12.168
api-change:appmesh: Update appmesh client to latest version
api-change:elasticache: Update elasticache client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:guardduty: Update guardduty client to latest version
1.12.167
api-change:servicecatalog: Update servicecatalog client to latest version
1.12.166
api-change:sagemaker: Update sagemaker client to latest version
1.12.165
api-change:codebuild: Update codebuild client to latest version
api-change:personalize-runtime: Update personalize-runtime client to latest version
api-change:codecommit: Update codecommit client to latest version
api-change:personalize-events: Update personalize-events client to latest version
api-change:personalize: Update personalize client to latest version
1.12.164
api-change:ec2: Update ec2 client to latest version
1.12.163
api-change:ecs: Update ecs client to latest version
api-change:organizations: Update organizations client to latest version
api-change:logs: Update logs client to latest version
api-change:dynamodb: Update dynamodb client to latest version
api-change:guardduty: Update guardduty client to latest version
api-change:ssm: Update ssm client to latest version
api-change:ses: Update ses client to latest version
api-change:mediaconnect: Update mediaconnect client to latest version
1.12.162
api-change:glue: Update glue client to latest version
1.12.161
api-change:ec2: Update ec2 client to latest version
api-change:storagegateway: Update storagegateway client to latest version
api-change:s3: Update s3 client to latest version
api-change:elasticache: Update elasticache client to latest version
api-change:iam: Update iam client to latest version
1.12.160
api-change:ec2: Update ec2 client to latest version
api-change:rds: Update rds client to latest version
1.12.159
api-change:iotevents-data: Update iotevents-data client to latest version
api-change:iotevents: Update iotevents client to latest version
api-change:pinpoint-email: Update pinpoint-email client to latest version
api-change:iotanalytics: Update iotanalytics client to latest version
api-change:codecommit: Update codecommit client to latest version
api-change:rds-data: Update rds-data client to latest version
api-change:rds: Update rds client to latest version
api-change:servicecatalog: Update servicecatalog client to latest version
api-change:kafka: Update kafka client to latest version
1.12.158
api-change:ssm: Update ssm client to latest version
api-change:securityhub: Update securityhub client to latest version
api-change:iotthingsgraph: Update iotthingsgraph client to latest version
api-change:dlm: Update dlm client to latest version
api-change:rds: Update rds client to latest version
api-change:ec2: Update ec2 client to latest version
1.12.157
api-change:groundstation: Update groundstation client to latest version
api-change:transcribe: Update transcribe client to latest version
api-change:chime: Update chime client to latest version
api-change:rds: Update rds client to latest version
api-change:waf: Update waf client to latest version
api-change:pinpoint-email: Update pinpoint-email client to latest version
api-change:robomaker: Update robomaker client to latest version
api-change:sts: Update sts client to latest version
api-change:storagegateway: Update storagegateway client to latest version
1.12.156
api-change:mediastore-data: Update mediastore-data client to latest version
api-change:codedeploy: Update codedeploy client to latest version
api-change:opsworkscm: Update opsworkscm client to latest version
1.12.155
api-change:waf-regional: Update waf-regional client to latest version
api-change:ec2: Update ec2 client to latest version
1.12.154
api-change:efs: Update efs client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:apigateway: Update apigateway client to latest version
api-change:worklink: Update worklink client to latest version
api-change:rds: Update rds client to latest version
api-change:servicecatalog: Update servicecatalog client to latest version
api-change:devicefarm: Update devicefarm client to latest version
api-change:budgets: Update budgets client to latest version
1.12.153
api-change:datasync: Update datasync client to latest version
api-change:alexaforbusiness: Update alexaforbusiness client to latest version
1.12.152
api-change:kafka: Update kafka client to latest version
api-change:meteringmarketplace: Update meteringmarketplace client to latest version
api-change:mediapackage-vod: Update mediapackage-vod client to latest version
1.12.151
api-change:appstream: Update appstream client to latest version
1.12.150
api-change:medialive: Update medialive client to latest version
api-change:s3: Update s3 client to latest version
1.12.149
api-change:ec2: Update ec2 client to latest version
api-change:transcribe: Update transcribe client to latest version
api-change:mediapackage: Update mediapackage client to latest version
api-change:codepipeline: Update codepipeline client to latest version
enhancement:Environment Variables: Ignore env var credentials is values are empty
api-change:rds: Update rds client to latest version
1.12.148
api-change:comprehend: Update comprehend client to latest version
api-change:chime: Update chime client to latest version
api-change:storagegateway: Update storagegateway client to latest version
api-change:ec2: Update ec2 client to latest version
1.12.147
api-change:datasync: Update datasync client to latest version
api-change:iotanalytics: Update iotanalytics client to latest version
api-change:lambda: Update lambda client to latest version
1.12.146
api-change:glue: Update glue client to latest version
api-change:sts: Update sts client to latest version
1.12.145
api-change:servicecatalog: Update servicecatalog client to latest version
api-change:eks: Update eks client to latest version
api-change:sagemaker: Update sagemaker client to latest version
api-change:kinesisanalytics: Update kinesisanalytics client to latest version
api-change:kinesisanalyticsv2: Update kinesisanalyticsv2 client to latest version
1.12.144
api-change:appsync: Update appsync client to latest version
api-change:storagegateway: Update storagegateway client to latest version
api-change:ssm: Update ssm client to latest version
api-change:alexaforbusiness: Update alexaforbusiness client to latest version
Changelog:
Knot DNS 2.8.2 (2019-06-05)
===========================
Features:
---------
- New blocking mode for zone event triggers in knotc
- New weighted records mode in the module geoip (Thanks to Conrad Hoffmann)
- Module noudp allows UDP allow rate configuration
Improvements:
-------------
- NSEC3 salt lifetime can be set to infinity
- New 'running' zone event status in the knotc output
- Knotc in the forced mode returns failure also if zone check emits any warning
- Ignoring PMTU information for IPv4/UDP via IP_PMTUDISC_OMIT (Thanks to Daisuke Higashi)
- Various improvements in the documentation
Bugfixes:
---------
- Broken setting of CPU affinity for UDP workers
- Unexpected results with the geoip subnet mode
- Sometimes insufficient zone adjusting
- Incoherent DNSKEY RRSIG lifetimes in SKR
- Confusing output from keymgr if an error occurs during KSR generation
- Non-functional changeset history depth limitation in kjournalprint
- Wrong processing of multiple $INCLUDE directives #646
Changelog:
4.2.0
================
FEATURES:
- Print IP address when bind socket fails with error.
- Fix#4249: The option hide-identity: yes stops NSD from responding
with the hostname for chaos class queries. Implements the RFC4829
security considerations.
- Patch to add support for TCP Fast Open, from Sara
Dickinson (Sinodun).
- Patch to add support for tls service on a specified tls port,
from Sara Dickinson (Sinodun).
- Use travis for build check, initial unit test and clang analysis.
BUG FIXES:
- Fix to delete unused zparser.default_apex member.
- Fix that the TLS handshake routine sets the correct event to
continue when done.
- Fix that TLS renegotiation calls the read and write routines again
with the same parameters when the desired event has been satisfied.
- Fix that TCP Fastopen has better error message and supports OSX.
- Fix to avoid buffer alloc with global buffer in tls write handler.
- Fix to initialize event structure when accepting TCP connection.
- Disable TLS1.0, TLS1.1 and weak ciphers, enable
CIPHER_SERVER_PREFERENCE, patch from Andreas Schulze.
- further setup ssl ctx after the keys are loaded, for ECDH.
- TLS OCSP stapling support, enabled with tls-service-ocsp: filename,
patch from Andreas Schulze.
- Fix#10: Fix memory leaks caused by duplicate rr and include
instructions.
- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
4.1.27
================
FEATURES:
- Deny ANY with only one RR in response, by default. Patch from
Daisuke Higashi. The deny-any statement in nsd.conf sets ANY
queries over UDP to be further moved to TCP as well.
Also no additional section processing for type ANY, reducing
the response size.
- Fix#4215: on-the-fly change of TSIG keys with patch from Igor, adds
nsd-control print_tsig, update_tsig, add_tsig, assoc_tsig
and del_tsig. These changes are gone after reload, edit the
config file (or a file included from it) to make changes that
last after restart.
BUG FIXES:
- Fix#4213: disable-ipv6 and dnstap compile error.
- Fix to reduce region_log_stats if condition, this removes a
debug statement.
- Fix for FreeBSD port with dnstap enabled.
- Fix to remove unused code.
- Fix#6: nsd-control-setup: Change validity time to a shorter
period (<2038).
- Fix unused definition in header remote.h.
- Fix#4236: IPV4_MINIMAL_RESPONSE_SIZE=1480 is slightly too big.
- Fix#4235: IP_PMTUDISC_OMIT on IPv4/UDP sockets.
- Fixed radtree_insert memory leak.
- Fixed access recycled variable.
1.8.20
- BUG/MAJOR: listener: Make sure the listener exist before using it.
- BUG/MINOR: listener: keep accept rate counters accurate under saturation
- BUG/MEDIUM: logs: Only attempt to free startup_logs once.
- BUG/MEDIUM: 51d: fix possible segfault on deinit_51degrees()
- BUG/MINOR: ssl: fix warning about ssl-min/max-ver support
- MEDIUM: threads: Use __ATOMIC_SEQ_CST when using the newer atomic API.
- BUG/MEDIUM: threads/fd: do not forget to take into account epoll_fd/pipes
- BUG/MAJOR: spoe: Fix initialization of thread-dependent fields
- BUG/MAJOR: stats: Fix how huge POST data are read from the channel
- BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts
- BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites
- DOC: The option httplog is no longer valid in a backend.
- BUG/MAJOR: checks: segfault during tcpcheck_main
- BUILD: makefile: work around an old bug in GNU make-3.80
- MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf()
- BUILD: makefile: fix build of IPv6 header on aix51
- BUILD: makefile: add _LINUX_SOURCE_COMPAT to build on AIX-51
- BUILD: Makefile: disable shared cache on AIX 5.1
- BUG/MINOR: cli: correctly handle abns in 'show cli sockets'
- MINOR: cli: start addresses by a prefix in 'show cli sockets'
- BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on release.
- BUILD: use inttypes.h instead of stdint.h
- BUILD: connection: fix naming of ip_v field
- BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity
- BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the stream
- BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented messages
- BUG/MINOR: threads: fix the process range of thread masks
- MINOR: lists: Implement locked variations.
- BUG/MEDIUM: lists: Properly handle the case we're removing the first elt.
- BUG/MEDIUM: list: fix the rollback on addq in the locked liss
- BUG/MEDIUM: list: fix LIST_POP_LOCKED's removal of the last pointer
- BUG/MEDIUM: list: add missing store barriers when updating elements and head
- MINOR: list: make the delete and pop operations idempotent
- BUG/MEDIUM: list: correct fix for LIST_POP_LOCKED's removal of last element
- BUG/MEDIUM: list: fix again LIST_ADDQ_LOCKED
- BUG/MEDIUM: list: fix incorrect pointer unlocking in LIST_DEL_LOCKED()
- MAJOR: listener: do not hold the listener lock in listener_accept()
- BUG/MEDIUM: listener: use a self-locked list for the dequeue lists
- BUG/MEDIUM: listener: make sure the listener never accepts too many conns
- BUILD/MINOR: listener: Silent a few signedness warnings.
- MINOR: skip get_gmtime where tm is unused
- BUG/MAJOR: http_fetch: Get the channel depending on the keyword used
- BUG/MEDIUM: maps: only try to parse the default value when it's present
- BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR
- BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP rules
- BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
- BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
- BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet handler
1.8.19
- DOC: ssl: Clarify when pre TLSv1.3 cipher can be used
- DOC: ssl: Stop documenting ciphers example to use
- BUG/MINOR: spoe: do not assume agent->rt is valid on exit
- BUG/MINOR: lua: initialize the correct idle conn lists for the SSL sockets
- BUG/MEDIUM: spoe: initialization depending on nbthread must be done last
- BUG/MEDIUM: server: initialize the idle conns list after parsing the config
- BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck
- BUG/MAJOR: stream: avoid double free on unique_id
- BUG/MINOR: config: Reinforce validity check when a process number is parsed
1.8.18
- DOC: http-request cache-use / http-response cache-store expects cache name
- BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key
- BUG/MEDIUM: ssl: Disable anti-replay protection and set max data with 0RTT.
- DOC: Be a bit more explicit about allow-0rtt security implications.
- BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file
- BUG/MINOR: backend: don't use url_param_name as a hint for BE_LB_ALGO_PH
- BUG/MINOR: backend: balance uri specific options were lost across defaults
- BUG/MINOR: backend: BE_LB_LKUP_CHTREE is a value, not a bit
- BUG/MINOR: stick_table: Prevent conn_cur from underflowing
- BUG/MINOR: server: don't always trust srv_check_health when loading a server state
- BUG/MINOR: check: Wake the check task if the check is finished in wake_srv_chk()
- BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages
- DOC: mention the effect of nf_conntrack_tcp_loose on src/dst
- MINOR: h2: add a bit-based frame type representation
- MINOR: h2: declare new sets of frame types
- BUG/MINOR: mux-h2: CONTINUATION in closed state must always return GOAWAY
- BUG/MINOR: mux-h2: headers-type frames in HREM are always a connection error
- BUG/MINOR: mux-h2: make it possible to set the error code on an already closed stream
- BUG/MINOR: hpack: return a compression error on invalid table size updates
- DOC: nbthread is no longer experimental.
- BUG/MINOR: spoe: corrected fragmentation string size
- BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit
- SCRIPTS: add the slack channel URL to the announce script
- SCRIPTS: add the issue tracker URL to the announce script
- BUG/MINOR: stream: don't close the front connection when facing a backend error
- MINOR: xref: Add missing barriers.
- BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window update
- BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions
- BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams
- BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing the connection
- MINOR: stream-int: expand the flags to 32-bit
- MINOR: stream-int: add a new flag to mention that we want the connection to be killed
- MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection
- BUG/MEDIUM: mux-h2: do not close the connection on aborted streams
- BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free().
- BUG/MINOR: config: fix bind line thread mask validation
- BUG/MAJOR: config: verify that targets of track-sc and stick rules are present
- BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes
- BUG/MINOR: config: make sure to count the error on incorrect track-sc/stick rules
pkgsrc changes:
- Add options.mk in order to be able to select between `gnutls' and
`openssl'. However, no defaults are changed: `openssl' is
considered experimental by upstream at the moment.
- Remove dependency to mozilla-rootcerts (default gnutls/openssl
certificates are now honored instead, should be part of
Makefile,-r1.41 commit, sorry!)
Changes:
2.60.3
======
- Fix clobbering of the thread-default main context after certificate
verification failure during async handshakes since 2.60.1 (#85)
- Fix GTlsDatabase initialization failures in OpenSSL backend due to
uninitialized memory use
- Fix minor leak of ALPN protocols
2.60.2
======
- OpenSSL backend now defaults to system trust store (#62)
- Fix client auth failure error with GnuTLS 3.6.7 (#70)
As of version 3.41, Filezilla now requires 64-bit atomic integer ops,
handle accordingly. (XXX: Filezilla will presumably also break on other
architectures as a result, e.g. macppc.)
2.60.1 - April 1, 2019
======================
- Improve reliability of client auth failure tests (#66)
- Fix excessive CPU usage after sync handshake (#69)
2.60.0.1 - March 12, 2019
=========================
- Fix build with OpenSSL pkg-config unavailable (Nirbheek Chauhan)
2.60.0 - March 11, 2019
=======================
This is the first stable release featuring the new OpenSSL backend. Please be
advised that this new backend is still experimental and known to not work on
some systems, including Debian. Linux distributions are encouraged to stick to
the default build options, where OpenSSL is not yet enabled.
- Fix build with GnuTLS disabled (Nirbheek Chauhan)
- Fix build on Windows (Chun-Wei Fan)
2.59.92 - March 4, 2019
=======================
- Many OpenSSL backend fixes for Windows (Nirbheek Chauhan)
- GnuTLS: reject sync operations during handshake to avoid deadlocks (#46)
- Temporarily disable DTLS and OpenSSL tests due to #49 and #54
2.59.91 - February 18, 2019
===========================
- Update OpenSSL SSL struct when certificate is changed (#55, Fredrik Ternerot)
- Fix tests build when GnuTLS is disabled (#59)
- Remove Fedora-specific PROFILE=SYSTEM default cipher list (#61)
- Fix some problems with the connection tests (Fredrik Ternerot)
2.59.90 - February 4, 2019
==========================
This release adds an OpenSSL backend, obsoleting the glib-openssl project.
Credit to all the contributors to the glib-openssl project, especially
Ignacio Casal Quinteiro. Also thanks to Xavier Claessens for helping with the
transition.
The OpenSSL backend seems to be mature, though it is less well-tested for
desktop usage than the GnuTLS backend. It will remain disabled by default at
build time due to the GPL-incompatible nature of the OpenSSL license -- and the
GPLv2-incompatible nature of the Apache license that will be used by future
versions of OpenSSL -- and because the GnuTLS backend is sufficient for Linux
distros.
Use the OpenSSL backend if you are building an embedded system where
(GPLv2+ or LGPLv3+) dependencies are unacceptable (e.g. nettle or GMP, both
dependencies of GnuTLS) and you are OK with the GPL-incompatible OpenSSL
license. If the OpenSSL backend is enabled at build time, you should probably
disable build of the GnuTLS backend, or it will take precedence over the OpenSSL
backend at runtime. For example, you could configure with:
$ mkdir build && cd build
$ meson -Dgnutls=disabled -Dopenssl=enabled ..
2.59.2 - January 7, 2019
========================
- Add support for application layer protocol negotiation (#47, Scott Hutton)
2.59.1 - November 11, 2018
==========================
This release removes the gnutls-pkcs11 backend, which was disabled in 2.57.2,
due to lack of any feedback whatsoever regarding its disablement. If you think
it is still useful to you, given that the normal gnutls backend now supports
PKCS#11, speak up now.
This release also includes several changes to properly support TLS 1.3.
Other changes:
- Perform certificate verification during, not after, TLS handshake
- Dramatically improve the reliability of the non-DTLS tests. (DTLS is still having problems.)
- Regenerate test certificates to prepare for OpenSSL support
- Several meson build system improvements to prepare for OpenSSL support
2.58.0 - September 2, 2018
==========================
- Updated translations
2.57.92 - August 27, 2018
=========================
- Revert fixes for #4 and #6 due to regression (#43)
- Fix installed tests (Sébastien Bacher, !7)
2.57.90 - August 12, 2018
=========================
- Properly check for server errors in connection tests (#4)
- Perform certificate verification during, not after, TLS handshake (#6)
- Avoid trailing dots in SNI hostnames (#11)
- Send fallback SCSV with fallback connection attempts
- Fail unsafe rehandshake attempts initiated by API request
2.57.3 - July 16, 2018
======================
- Fix memory leaks when calling g_tls_connection_gnutls_get_certificate()
- Use .so for modules on macOS instead of dylib (Nirbheek Chauhan)
- Fix build with MSVCC (Nirbheek Chauhan)
2.57.2 - May 21, 2018
=====================
This release disables build of the gnutls-pkcs11 backend by default. Please
direct any complaints to https://gitlab.gnome.org/GNOME/glib-networking/issues/7
- Several meson build system improvements
(#794978, #795043, and #795982, Xavier Claessens and Nirbheek Chauhan)
2.57.1 - April 16, 2018
=======================
- Use GnuTLS system trust and remove build option to specify cert bundle (#753260)
- Fix criticals when child streams outlast the parent GTlsConnection (#792219)
- Fix crash when setting client cert without private key (#793712)
- Update tests for compatibility with GnuTLS 3.6.2 (#794286)
- Never install GIO modules outside build prefix (#794358)
- Don't install test files if installed tests are disabled (#794372)
- Fix build with -Dpkcs11=false (#794292, Tom Schoonjans)
- Allow building as meson subproject (#794709, Mathieu Duponchelle)
- g_tls_certificate_verify() no longer manually verifies certificate
activation/expiration time, matching the current behavior of
g_tls_database_verify_chain().
0.7.0:
[ENHANCEMENT] Multiprocess exposition speed boost
[ENHANCEMENT] optimize openmetrics text parsing (~4x perf)
[ENHANCEMENT] Add python3.7 support
[ENHANCEMENT] Change exemplar length limit to be only for label names+values
[BUGFIX] Disable gcCollector for pypy
At least on RT 4 blank lines can be present at the end of the search response,
backport upstream commit bb07009c4f62dd2ac393aab82fded6424eead82f to address
that.
Bump PKGREVISION
1.22.1 - 2019-06-03
- Fix segfault with ADC client connections
1.22 - 2019-04-30
- Add 'b' and 'B' keys to connections tab (Daniel Kamil Kozar)
- Add 'max_ul_per_user' setting to support multiple upload slots per user (Daniel Kamil Kozar)
- Add support for TLS ALPN (Denys Smirnov)
- Fix build against ncurses with separate libtinfo (Lars Wendler)
* Version 2.0.25
- The example IP address for network probes didn't work on Windows.
The example configuration file has been updated and the fallback
resolver IP is now used when no netprobe address has been configured.
* Version 2.0.24
- The query log now includes the time it took to complete the
transaction, the name of the resolver that sent the response and if
the response was served from the cache. Thanks to Ferdinand Holzer for
his help!
- The list of resolvers, sorted by latency, is now printed after all
the resolvers have been probed.
- The "fastest" load-balancing strategy has been renamed to "first".
- On Windows, a nul byte is sent to the netprobe address. This is
required to check for connectivity on this platform. Thanks to Mathias
Berchtold.
- The Malwaredomainlist URL was updated to directly parse the host
list. Thanks to Encrypted.Town.
- The Python script to generate lists of blacklisted domains is now
compatible both with Python 2 and Python 3. Thanks to Simon R.
- A warning is now displayed for DoH is requested but the server
doesn't speak HTTP/2.
- A crash with loaded-balanced sets of cloaked names was fixed.
Thanks to @inkblotadmirer for the report.
- Resolvers are now tried in random order to avoid favoring the first
ones at startup.
Note that mongodb does not build, and hence this was tested with mongodb 3.4.4.
This is a minor update, from .23. Upstream does not apear to publish
change information, and this is opaque proprietary software.
3.2.6:
Added provider specific dependency to setup.py
Futher pylint and python3 import
Pylint
Add gratisdns provider
3.2.5:
Update appveyor.yml
Update test_route53.py
Update CONTRIBUTING.md
Fix configuration of route53 tests
Update test running instructions to include top-level directory
Fix line too long
Use the logger.warning instead of the logger.warn shortcut
Skip dnsimple accounts without a plan
upstream changes:
-----------------
Bugfixes
#4613: Progress emitter doesn't start from config change if disabled at startup
#5338: Version restore not possible with custom versioning path set
#5421: WebGui: Locally Changed Items vanish when clicking 10|25|50
#5578: Filesystem watcher error when watching disk root directory on Windows
#5641: Syncthing gets stuck in a high CPU "Failed Files" state - Possibly a symlink issue?
#5649: Checking block content on unexpected request results doesn't work for the last block
#5654: Incorrect file info passed as argument to delete existing dir/symlink
#5704: Failure to fsync() files should not be fatal
Enhancements
#1634: Use copy instead of rename for version folder on other file systems
#4531: GUI folder/device status rows should handle longer values nicer
#4586: Versioner file tagging is inconsistent
#4631: In-GUI restoration should be possible from trashcan versioner
#5419: File versioning across drives
#5659: Old sync errors should not linger while retrying
Other issues
#5505: Leaking goroutines through model and leveldb
#5706: Spurious test failures on Windows
v1.10.2-stable
==============
Bug fixes:
- #6495 Event queue memory leak in server cleanup
- #6471 Unable to stop core retry loop in config app
- #6460 TLS memory leak on Linux server when using client
- #6407 Enterprise config app shows auto-config elements
- #6403 Mouse cursor movement drifts over time
- #6392 Hostname alert shows unnecessarily on every open
- #6373 Compile fails on BSD Unix with dl error
Enhancements:
- #6485 Readme for master branch with download help
- #6475 Change master branch to current version
- #6470 CI solution with on-demand containers
- #6397 Remember last server used in Auto Config
- #6375 Support for Qt 5.11 framework on Windows
1.3.2
This new version adds better compilation compatibility with a wider
range of system versions and improvements to the whitelist extension
(acl_wl).
Note: 1.3.1 was exactly the same as 1.3.0 but fixes a version number
problem only...
Changes:
1.8.5
-----
### Additions
- Support for
- `keenspot` (#223)
- `sankakucomplex` (#258)
- `folders` option for `deviantart` to add a list of containing folders to
each file's metadata (#276)
- `captcha` option for `kissmanga` and `readcomiconline` to control CAPTCHA
handling (#279)
- `filename` metadata for files downloaded with youtube-dl (#291)
### Changes
- Adjust `wallhaven` extractors to new page layout:
- use API and add `api-key` option
- removed traditional login support
- Provide original filenames for `patreon` downloads (#268)
- Use e-hentai.org or exhentai.org depending on input URL (#278)
### Fixes
- Fix pagination over `sankaku` popular listings (#265)
- Fix folder and collection extraction on `deviantart` (#271)
- Detect "AreYouHuman" redirects on `readcomiconline` (#279)
- Miscellaneous fixes for `hentainexus`, `livedoor`, `ngomik`
rt allows you to interact with an RT server over HTTP, and offers
an interface to RT's functionality that is better-suited to automation
and integration with other tools.
Release v1.21.2
This is the 1.21.2 patch release for the PHP extension only. Please do not use this release for other language.
PkgSrc:
Fix linking with c-ares.
pypiserver is a minimal PyPI compatible server for pip or easy_install. It is
based on bottle and serves packages from regular directories. Wheels, bdists,
eggs and accompanying PGP-signatures can be uploaded either with pip,
setuptools, twine, pypi-uploader, or simply copied with scp.
freediameter (1.3.0)
Many thanks to Thomas Klausner for his contribution of several important extensions.
freediameter (1.2.1) UNRELEASED; urgency=low
* New extension: rt_randomize (load-balancing on possible destinations)
* New contrib: Gx extension.
* rt_redirect.fdx and rt_load_balance.fdx improvement: use a hash table. Thanks Thomas.
* New hook HOOK_MESSAGE_SENDING to give a last chance to edit messages before they are sent.
This will be mostly used for enforcing interoperability constraints on non-compliant peers.
* Simplified log output. Old output can be recovered with DEBUG_WITH_META build option.
* Updated the internal counters for finer control on the load.
* Fixes in message expiry mechanism.
* Bug fixes in error messages generation and various parts.
* Improvements on shutdown sequence handling.
* Improvements to the dict_dcca_* extensions.
* Improved default CMake configuration.
* Improved build for MacOSX
* Fixes for a few newer operating systems compatibility.
* Fixed default secure Diameter port number 5868 instead of5658 (errata of RFC 6733)
-- Sebastien Decugis <sdecugis@freediameter.net> Sat, 30 Jan 2016 23:38:03 +0800
Release v1.21.1
This is the 1.21.1 patch release of gRPC Core. This patch is for gRPC-Python only. gRPC Python pkgs for 1.21.0 release could not be uploaded to PyPi due to the issue 19105.
Release v1.21.1
This is the 1.21.1 patch release of gRPC Core. This patch is for gRPC-Python only. gRPC Python pkgs for 1.21.0 release could not be uploaded to PyPi.
pkgsrc changes:
- pull upstream patch for ticket #1323
(insert newline to each attached image URL)
Upstream changelog:
mikutter 3.8.8
* <>& in Twitter messages are not converted from HTML entity references
* thanks cob odo
* keep world account settings even if restoring account fails
on loading the world
* pluggaloid 1.1.2
3.42.1 (2019-06-08)
- OS X: Fix a compatibility issue with macOS 10.13
3.42.0 (2019-05-02)
- Fixed a potential crash if the first-launch welcome dialog is shown at an inopportune moment
- Fixed display of subject and issuer details in the certificate verification dialogs with some certificates
- Official binaries are now built againt GnuTLS 3.6.7, minimum required GnuTLS version to build FileZilla is now 3.5.7
3.42.0-rc1 (2019-04-26)
- Switching from using a master password to not saving passwords at all no longer requires entering the master password
- *nix: Fixed support for internationalized domain names on systems having AI_IDN when using SFTP
- Fixed an assertion after importing a manipulated queue file
- When importing sites, any imported passwords are now immediately protected/deleted depending on the password protection settings
- The ability to import Site Manager entries from antique FileZilla 2, last updated over a dozen years ago, has been removed
3.42.0-beta1 (2019-04-21)
- Building and running FileZilla now depends on libfilezilla >= 0.16.0 (https://lib.filezilla-project.org/)
- Limit the maximum length of site, bookmark and filter names to prevent display issues and crashes due to some operating systems badly handling long texts
- When displaying message boxes, insert zero-width spaces into long unbroken words to prevent display issues and crashes due to some operating systems badly handling long texts
- Fix crash in the external IP address resolver
- Fix some assertions if a server sends bad file sizes
- Large refactoring of the socket code
- The thread pool from libfilezilla is now used for all worker threads
ok gdt
Bugfixes
#5332: Duplicate Files Names in Out of Sync List
#5456: Folder marked as "Up to Date" with failed items
#5578: Filesystem Watcher Error on v1.1.0
#5624: Simple Syncthing invocations take a long time to run
#5676: Systemd circular dependency prevents startup
#5531: Flush to database based on size instead of entries
#5571: Dir/symlink updates overwrite conflicts & unscanned files
#5599: Default folder in v1.1.0 isn’t created with useLargeBlocks = true
#5482: minHomeDiskFreePct is still present in fresh configs
#5493: Monitor bug: TERM signaling not passed to syncthing process
#5557: Hashing performance degradation when using large blocks
Enhancements
#1223: Mention license in "About" dialog
#5554: Unnecessary time precision in pendingFolder/pendingDevice config entries
#4921: Syncthing should guard against running old versions with new config
#5065: Add support for TLS1.3
#5346: Systemd unit should declare after=multiuser.target
#5560: Change "Introduced by" icon
#5569: Outdated copyright notes in "About" dialog
#5365: .desktop files: desktop-entry-lacks-keywords-entry
#5445: User/group ownership following parent dir
Other issues:
#1101: Syncthing has no easter eggs
#5480: Better describe exposed volumes in our Docker image
#5077: TestWatchIgnore is flaky (OpenBSD (-current) Test failed)
#5246: TestParentDeletion fails on OpenBSD
#5311: Update prometheus/common/expfmt to pass tests on go1.11
#5454: build.go setup problems with gomodules
#5495: Dockerhub Docker builds fail continously
#5515: Missing string from Transifex
API Changes
Change #5479 introduces the new copyOwnershipFromParent folder
configuration option. The default, false, matches the old behavior of
not copying ownership information.
Since change #5405, large (variable size) blocks are enabled by default for newly created folders.
3.0.2:
What’s New
• The Windows installers now ship with Qt 5.12.3. They previously
shipped with Qt 5.12.1.
• The Windows installers now ship with Npcap 0.995. They previously
shipped with Npcap 0.992.
• The macOS packages are now notarized[1].
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2019-19[2] Wireshark dissection engine crash. Bug
15778[3].
The following bugs have been fixed:
• Add (IETF) QUIC Dissector. Bug 13881[4].
• Wireshark Hangs on startup initializing external capture plugins.
Bug 14657[5].
• [oss-fuzz] ERROR: Adding ospf.v3.prefix.options.nu would put more
than 1000000 items in the tree — possible infinite loop. Bug
14978[6].
• Wireshark can call extcap with empty multicheck argument. Bug
15065[7].
• CMPv2 KUR message disection gives unexpected value for
serialNumber under OldCertId fields. Bug 15154[8].
• "(Git Rev Unknown from unknown)" in version string for official
tarball. Bug 15544[9].
• External extcap does not get all arguments sometimes. Bug
15586[10].
• Help file doesn’t display for extcap interfaces. Bug 15592[11].
• Buildbot crash output: randpkt-2019-03-14-4670.pcap. Bug
15604[12].
• Building only libraries on windows fails due to CLEAN_C_FILES
empty. Bug 15662[13].
• Statistics→Conversations→TCP→Follow Stream - incorrect behavior.
Bug 15672[14].
• Wrong NTP timestamp for RTCP XR RR packets (hf_rtcp_xr_timestamp
field). Bug 15687[15].
• ws_pipe: leaks pipe handles on errors. Bug 15689[16].
• Build issue in Wireshark - 3.0.1 on RHEL6. Bug 15706[17].
• ISAKMP: Segmentation fault with non-hex string for IKEv1
Decryption Table Initiator Cookie. Bug 15709[18].
• extcap: non-boolean call arguments can be appended without value
on selector Reload. Bug 15725[19].
• Incorrectly interpreted format of MQTT PUBLISH payload data. Bug
15738[20].
• print.c: Memory leak in ek_check_protocolfilter. Bug 15758[21].
• IETF QUIC dissector incorrectly parses retry packet. Bug
15764[22].
• Bacnet(app): fix wrong value for id 183 (logging-device →
logging-object). Bug 15767[23].
• The SMB2 code to look up decryption keys by session ID assumes
it’s running on a little-endian machine. Bug 15772[24].
• tshark -G folders leaves mmdbresolve process behind. Bug
15777[25].
• Dissector bug, protocol TLS - failed assertion "data". Bug
15780[26].
• WSMP : header_opt_ind field is not correctly set.
Release v1.21.0
Core
Service Config Changes to set channel in transient failure on invalid service config.
Add a backup poller to c-ares resolver to take better advantage of c-ares query timeout/retry logic.
Pass WSA_FLAG_NO_HANDLE_INHERIT flag to the WSASocketA() to avoid handle leaking on the Windows in case of using CreateProcess() on the server.
Add fallback-at-startup into xds.
Retire the GRPC_ARENA_INIT_STRATEGY env variable.
Fix gevent segfault with C-Ares as DNS resolver.
Explicitly call getsockname after accept for unix sockets to get the sun_path.
RBE Windows c-core build.
Loosen the dependency on the googleapis-common-protos-types gem.
pick_first: don't go into TRANSIENT_FAILURE upon empty update when in IDLE.
Add guard to the tv_nsec field of gpr_now return value.
Re-enable ALPN check in gRPC C core SSL stack.
C++
Global config variables migration.
Make cc_grpc_library compatible with native proto_library and cc_proto_library rules.
Add alarm in callback streaming test.
Make C++ Channel Interceptors work for lame channels.
libnice 0.1.16 (2019-05-09)
===========================
Add API to make it easier to implement ICE trickle
Add async closing of agent, to cleanly close TURN allocations
Add Google non-standard NOMINATION STUN attribute
Fix tests on Windows
Fix some racy tests
pkgsrc change: remove "USE_CWRAPPERS=no".
--- 9.14.2 released ---
5233. [bug] Negative trust anchors did not work with "forward only;"
to validating resolvers. [GL #997]
5231. [protocol] Add support for displaying CLIENT-TAG and SERVER-TAG.
[GL #960]
5229. [protocol] Enforce known SSHFP fingerprint lengths. [GL #852]
5228. [cleanup] If trusted-keys and managed-keys are configured
simultaneously for the same name, the key cannot
be rolled automatically. This configuration now
logs a warning. [GL #868]
5224. [bug] Only test provide-ixfr on TCP streams. [GL #991]
5223. [bug] Fixed a race in the filter-aaaa plugin accessing
the hash table. [GL #1005]
5222. [bug] 'delv -t ANY' could leak memory. [GL #983]
5221. [test] Enable parallel execution of system tests on
Windows. [GL !4101]
5220. [cleanup] Refactor the isc_stat structure to take advantage
of stdatomic. [GL !1493]
5219. [bug] Fixed a race in the filter-aaaa plugin that could
trigger a crash when returning an instance object
to the memory pool. [GL #982]
5218. [bug] Conditionally include <dlfcn.h>. [GL #995]
5217. [bug] Restore key id calculation for RSAMD5. [GL #996]
5216. [bug] Fetches-per-zone counter wasn't updated correctly
when doing qname minimization. [GL #992]
5215. [bug] Change #5124 was incomplete; named could still
return FORMERR instead of SERVFAIL in some cases.
[GL #990]
5214. [bug] win32: named now removes its lock file upon shutdown.
[GL #979]
5213. [bug] win32: Eliminated a race which allowed named.exe running
as a service to be killed prematurely during shutdown.
[GL #978]
5211. [bug] Allow out-of-zone additional data to be included
in authoritative responses if recursion is allowed
and "minimal-responses" is disabled. This behavior
was inadvertently removed in change #4605. [GL #817]
5210. [bug] When dnstap is enabled and recursion is not
available, incoming queries are now logged
as "auth". Previously, this depended on whether
recursion was requested by the client, not on
whether recursion was available. [GL #963]
5209. [bug] When update-check-ksk is true, add_sigs was not
considering offline keys, leaving record sets signed
with the incorrect type key. [GL #763]
5208. [test] Run valid rdata wire encodings through totext+fromtext
and tofmttext+fromtext methods to check these methods.
[GL #899]
5207. [test] Check delv and dig TTL values. [GL #965]
5206. [bug] Delv could print out bad TTLs. [GL #965]
5205. [bug] Enforce that a DS hash exists. [GL #899]
5204. [test] Check that dns_rdata_fromtext() produces a record that
will be accepted by dns_rdata_fromwire(). [GL #852]
5203. [bug] Enforce whether key rdata exists or not in KEY,
DNSKEY, CDNSKEY and RKEY. [GL #899]
5202. [bug] <dns/ecs.h> was missing ISC_LANG_ENDDECLS. [GL #976]
5190. [bug] Ignore trust anchors using disabled algorithms.
[GL #806]
Update bind911 to 9.11.7, this is maintenance releases.
--- 9.11.7 released ---
5233. [bug] Negative trust anchors did not work with "forward only;"
to validating resolvers. [GL #997]
5232. [bug] Fix a high-load race/crash in isc_socket_cancel().
[GL #834]
5231. [protocol] Add support for displaying CLIENT-TAG and SERVER-TAG.
[GL #960]
5229. [protocol] Enforce known SSHFP fingerprint lengths. [GL #852]
5228. [cleanup] If trusted-keys and managed-keys are configured
simultaneously for the same name, the key cannot
be rolled automatically. This configuration now
logs a warning. [GL #868]
5224. [bug] Only test provide-ixfr on TCP streams. [GL #991]
5222. [bug] 'delv -t ANY' could leak memory. [GL #983]
5221. [test] Enable parallel execution of system tests on
Windows. [GL !4101]
5218. [bug] Conditionally include <dlfcn.h>. [GL #995]
5214. [bug] win32: named now removes its lock file upon shutdown.
[GL #979]
5213. [bug] win32: Eliminated a race which allowed named.exe running
as a service to be killed prematurely during shutdown.
[GL #978]
5210. [bug] When dnstap is enabled and recursion is not
available, incoming queries are now logged
as "auth". Previously, this depended on whether
recursion was requested by the client, not on
whether recursion was available. [GL #963]
5209. [bug] When update-check-ksk is true, add_sigs was not
considering offline keys, leaving record sets signed
with the incorrect type key. [GL #763]
5208. [test] Run valid rdata wire encodings through totext+fromtext
and tofmttext+fromtext methods to check these methods.
[GL #899]
5207. [test] Check delv and dig TTL values. [GL #965]
5205. [bug] Enforce that a DS hash exists. [GL #899]
5204. [test] Check that dns_rdata_fromtext() produces a record that
will be accepted by dns_rdata_fromwire(). [GL #852]
5203. [bug] Enforce whether key rdata exists or not in KEY,
DNSKEY, CDNSKEY and RKEY. [GL #899]
5197. [bug] dig could die in best effort mode on multiple SIG(0)
records. Similarly on multiple OPT and multiple TSIG
records. [GL #920]
5194. [bug] Enforce non empty ZOMEMD hash. [GL #899]
5193. [bug] EID and NIMLOC failed to do multi-line output
correctly. [GL #899]
5192. [bug] configure --fips-mode failed. [GL #946]
5191. [port] Darwin: dlzexternal/driver.so was not building.
[GL #948]
5189. [cleanup] Remove revoked root DNSKEY from bind.keys. [GL #945]
5187. [test] Set time zone before running any tests in dnstap_test.
[GL #940]
5185. [bug] PKCS11 build could fail if ECDSA is not supported.
[GL #935]
5184. [bug] Missing unlocks in sdlz.c. [GL #936]
5182. [bug] Fix a high-load race/crash in handling of
isc_socket_close() in resolver. [GL #834]
5180. [bug] delv now honors the operating system's preferred
ephemeral port range. [GL #925]
5179. [cleanup] Replace some vague type declarations with the more
specific dns_secalg_t and dns_dsdigest_t.
Thanks to Tony Finch. [GL !1498]
5178. [bug] Handle EDQUOT (disk quota) and ENOSPC (disk full)
errors when writing files. [GL #902]
5176. [tests] Remove a dependency on libxml in statschannel system
test. [GL #926]
5175. [bug] Fixed a problem with file input in dnssec-keymgr,
dnssec-coverage and dnssec-checkds when using
python3. [GL #882]
5174. [doc] Tidy dnssec-keygen manual. [GL !1557]
5172. [bug] nsupdate now honors the operating system's preferred
ephemeral port range. [GL #905]
5170. [test] Added --with-dlz-filesystem to feature-test. [GL !1587]
5168. [test] Do not crash on shutdown when RPZ fails to load. Also,
keep previous version of the database if RPZ fails to
load. [GL #813]
5167. [bug] nxdomain-redirect could sometimes lookup the wrong
redirect name. [GL #892]
