dnspython is a DNS toolkit for Python. It provides both high and low
level access to DNS. The high level classes perform queries for data
of a given name, type, and class, and return an answer set. The low
level classes allow direct manipulation of DNS zones, messages, names,
and records.
This is the python-2.x version of the module.
2.6.4
- BUG/MINOR: ssl/cli: error when the ca-file is empty
- BUG/MAJOR: mworker: fix infinite loop on master with no proxies.
2.6.3
- BUG/MINOR: sockpair: wrong return value for fd_send_uxst()
- Revert "BUG/MINOR: peers: set the proxy's name to the peers section name"
- DEBUG: fd: split the fd check
- MEDIUM: resolvers: continue startup if network is unavailable
- BUG/MINOR: mworker: PROC_O_LEAVING used but not updated
- BUG/MEDIUM: mux-quic: fix missing EOI flag to prevent streams leaks
- MINOR: quic: Congestion control architecture refactoring
- MEDIUM: quic: Cubic congestion control algorithm implementation
- MINOR: quic: New "quic-cc-algo" bind keyword
- BUG/MINOR: quic: loss time limit variable computed but not used
- MINOR: quic: Stop looking for packet loss asap
- BUG/MAJOR: quic: Useless resource intensive loop qc_ackrng_pkts()
- MINOR: quic: Send packets as much as possible from qc_send_app_pkts()
- BUG/MEDIUM: queue/threads: limit the number of entries dequeued at once
- MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups
- BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions
- BUG/MINOR: mux-quic: prevent crash if conn released during IO callback
- CLEANUP: mux-quic: remove useless app_ops is_active callback
- BUG/MINOR: mux-quic: do not free conn if attached streams
- MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer
- BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload
- BUG/MINOR: peers: Use right channel flag to consider the peer as connected
- BUG/MEDIUM: dns: Properly initialize new DNS session
- BUG/MINOR: backend: Don't increment conn_retries counter too early
- MINOR: server: Constify source server to copy its settings
- REORG: server: Export srv_settings_cpy() function
- BUG/MEDIUM: proxy: Perform a custom copy for default server settings
- MINOR: peers: Add a warning about incompatible SSL config for the local peer
- BUG/MINOR: quic: Missing in flight ack eliciting packet counter decrement
- BUG/MEDIUM: quic: Floating point exception in cubic_root()
- BUILD: http: silence an uninitialized warning affecting gcc-5
- BUG/MINOR: quic: Avoid sending truncated datagrams
- BUG/MINOR: ring/cli: fix a race condition between the writer and the reader
- BUG/MEDIUM: sink: Set the sink ref for forwarders created during ring parsing
- BUG/MINOR: sink: fix a race condition between the writer and the reader
- BUG/MINOR: quic: do not reject datagrams matching minimum permitted size
- BUG/MINOR: quic: Missing Initial packet dropping case
- MINOR: quic: explicitely ignore sendto error
- BUG/MEDIUM: quic: break out of the loop in quic_lstnr_dghdlr
- CLEANUP: assorted typo fixes in the code and comments
- BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h
- BUG/MEDIUM: quic: Wrong packet length check in qc_do_rm_hp()
- MINOR: quic: Too much useless traces in qc_build_frms()
- BUG/MEDIUM: quic: Missing AEAD TAG check after removing header protection
- CLEANUP: mux-quic: remove loop on sending frames
- BUG/MEDIUM: quic: always remove the connection from the accept list on close
- BUG/MEDIUM: poller: use fd_delete() to release the poller pipes
- BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq()
- BUILD: stconn: fix build warning at -O3 about possible null sc
- BUILD: debug: silence warning on gcc-5
- BUG/MINOR: quic: Possible infinite loop in quic_build_post_handshake_frames()
- BUG/MEDIUM: ring: fix too lax 'size' parser
- BUG/MINOR: quic: memleak on wrong datagram receipt
- MINOR: stick-table: Add table_expire() and table_idle() new converters
- BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names
- MINOR: applet: add a function to reset the svcctx of an applet
- BUG/MEDIUM: cli: always reset the service context between commands
- BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle
- BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized
- BUG/MAJOR: log-forward: Fix ssl layer not initialized on bind even if configured
# NEWS for rsync 3.2.5 (14 Aug 2022)
## Changes in this version:
### SECURITY FIXES:
- Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include recursive
names that should have been excluded by the sender. These extra safety
checks only require the receiver rsync to be updated. When dealing with an
untrusted sending host, it is safest to copy into a dedicated destination
directory for the remote content (i.e. don't copy into a destination
directory that contains files that aren't from the remote host unless you
trust the remote host). Fixes CVE-2022-29154.
- A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).
### BUG FIXES:
- Fixed the handling of filenames specified with backslash-quoted wildcards
when the default remote-arg-escaping is enabled.
- Fixed the configure check for signed char that was causing a host that
defaults to unsigned characters to generate bogus rolling checksums. This
made rsync send mostly literal data for a copy instead of finding matching
data in the receiver's basis file (for a file that contains high-bit
characters).
- Lots of manpage improvements, including an attempt to better describe how
include/exclude filters work.
- If rsync is compiled with an xxhash 0.8 library and then moved to a system
with a dynamically linked xxhash 0.7 library, we now detect this and disable
the XX3 hashes (since these routines didn't stabilize until 0.8).
### ENHANCEMENTS:
- The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the
extra file-list safety checking (should that be required).
### PACKAGING RELATED:
- A note to those wanting to patch older rsync versions: the changes in this
release requires the quoted argument change from 3.2.4. Then, you'll want
every single code change from 3.2.5 since there is no fluff in this release.
- The build date that goes into the manpages is now based on the developer's
release date, not on the build's local-timezone interpretation of the date.
### DEVELOPER RELATED:
- Configure now defaults GETGROUPS_T to gid_t when cross compiling.
- Configure now looks for the bsd/string.h include file in order to fix the
build on a host that has strlcpy() in the main libc but not defined in the
main string.h file.
0.6.0 - 2022-08-19
Added
-Added support for tracing using IPv6 for tcp (#191)
-Added -R (--multipath-strategy) flag to allow setting the Equal Cost
Multi-path Routing strategy and added support for the dublin traceroute
strategies for IPv4/udp (#158)
-Added zoom-able chart showing round trip times for all hops in a trace (#209)
-Added --udp and --tcp flags as shortcuts to -p udp and -p tcp respectively
(#205)
Changed
-Gray out hops which did not update in the current round (#216)
After 4.0:
No longer updated. Please check the commits.
Version 4.0.0
=============
- doc: uppdate README
- core: add support for CAA queries
- core: add support for getaddrinfo()
- doc: update README
- core: add ability to use the system installed c-ares
- misc: set version to 4.0.0
- test: remove TTL tests
- core: update c-ares and use a submodule
- core: drop bundled c-ares version
- misc: drop tasks.py
Version 3.2.0
=============
- misc: add Python 3.9 classifier
- core: drop py3.5 from CI and documentation
- ci: run tests in Python 3.9
- ci: fix SDK path in appveyor
- ci: fix VS linker in appveyor
- ci: update python installer script in appveyor
- misc: add compiled windows dll to gitignore
- test: skip SOA non-ascii test due to changes in remote host
- test: fix broken chunked TXT test due to changes in remote host
- test: skip ANY test due to problems with mac
- ci: add action to release wheels to PyPi
- ci: drop AppVeyor
- ci: don't fail fast
- ci: stop testing on Travis
- test: add generic way to check for a CI
- test: relax check
- test: try to avoid spurious CI failures
- ci: test all platforms on GH actions
- ci: build wheels on GH Actions
- build: fix build error on macOS
- ci: explicitly set Python versions to build wheels for
- ci: update cibuildwheel
- ci: re-add IDNA test
Version 3.1.1
=============
- ffi: new style callbacks
Version 3.1.0
=============
- misc: add Python 3.8 classifier
- (origin/master, origin/HEAD) build: use Travis to build Python Wheels
- ci: use GH Actions to test on macOS
- ci: run tests in Python 3.8 too
- test: remove no longer valid test
- test: remove empty test
- errno: return str from errno.strerror
- core: fix crash when processing .onion queries
- test: fix test_query_txt_multiple_chunked
- doc: fix path of _version.py file
- core: fix support for ARES_OPT_LOOKUPS option
- build: add cygwin support
- core: fix struct in6_addr alignment
- misc: simplify non-ascii txt test example
- core: fix long TXT record with non-ascii bytes
- build: remove extra add_include_dir line on linux
- build: fix testing manylinux wheels
Version 3.0.0
=============
(changes since version 2.x)
- core: drop C backend in favor of CFFI
- core: drop Python < 3.5 support
- core: use None instead of -1 for default values
- core: add support for ANY queries
- core: automagically encode query names with IDNA
- core: add support for ares_search
Version 3.0.0b5
===============
- core: add support for ares_search
Version 3.0.0b4
===============
- core: give better errors descriptions for AresError
- test: add IDNA test using the query() API
- cffi: simplify destroying ares channel
Version 3.0.0b3
===============
- core: reorganize package
- core: automagically encode query names with IDNA
Version 3.0.0b2
===============
- errno: fix errorcode dictionary
Version 3.0.0b1
===============
- core: add support for ANY queries
- cffi: fix memory leak
Version 3.0.0b0
===============
- core: drop C backend
- core: drop Python < 3.5 support
- core: use None instead of -1 for default values
- core: set TTL to -1 when we cannot parse it
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
Upgrade Abseil to LTS 20220623.0 . (#30155)
Call: Send cancel op down the stack even when no ops are sent. (#30004)
FreeBSD system roots implementation. (#29436)
xDS: Workaround to get gRPC clients working with istio. (#29841)
Python
Set Correct Platform Tag in Wheels on Mac OS with Python 3.10. (#29857)
[Aio] Ensure Core channel closes when deallocated. (#29797)
[Aio] Fix the wait_for_termination return value. (#29795)
Ruby
Make the gem build on TruffleRuby. (#27660)
Support for prebuilt Ruby binary on x64-mingw-ucrt platform. (#29684)
[Ruby] Add ruby_abi_version to exported symbols. (#28976)
Objective-C
First developer preview of XCFramework binary distribution via Cocoapod (#28749).
This brings in significant speed up to local compile time and includes support for Apple Silicon build.
The following binary pods are made available for ObjC V1 & V2 API
gRPC-XCFramework (source pod gRPC)
gRPC-ProtoRPC-XCFramework (source pod gRPC-ProtoRPC)
The following platforms and architectures are included
ios: armv7, arm64 for device. arm64, i386, x86_64 for simulator
macos: x86_64 (Intel), arm64 (Apple Silicon)
23.2.1
Improvements:
- First release with wheels for Python 3.11 (thanks cibuildwheel!).
- linux aarch64 wheels now bundle the same libzmq (4.3.4) as all other builds,
thanks to switching to native arm builds on CircleCI.
Fixes:
- Some type annotation fixes in devices.
9.16.32 (2022-08-17)
Notes for BIND 9.16.32
Feature Changes
* The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically
disabled on systems where they are disallowed by the security policy
(e.g. Red Hat Enterprise Linux 9). Primary zones using those algorithms
need to be migrated to new algorithms prior to running on these systems,
as graceful migration to different DNSSEC algorithms is not possible when
RSASHA1 is disallowed by the operating system. [GL #3469]
* Log messages related to fetch limiting have been improved to provide more
complete information. Specifically, the final counts of allowed and
spilled fetches are now logged before the counter object is destroyed.
[GL #3461]
Bug Fixes
* Non-dynamic zones that inherit dnssec-policy from the view or options
blocks were not marked as inline-signed and therefore never scheduled to
be re-signed. This has been fixed. [GL #3438]
* The old max-zone-ttl zone option was meant to be superseded by the
max-zone-ttl option in dnssec-policy; however, the latter option was not
fully effective. This has been corrected: zones no longer load if they
contain TTLs greater than the limit configured in dnssec-policy. For
zones with both the old max-zone-ttl option and dnssec-policy configured,
the old option is ignored, and a warning is generated. [GL #2918]
* rndc dumpdb -expired was fixed to include expired RRsets, even if
stale-cache-enable is set to no and the cache-cleaning time window has
passed. [GL #3462]
The package changed with the addition of its libepoll-shim dependency.
Otherwise, we can get:
ERROR: libepoll-shim>=0.0.20210418 is not installed; can't buildlink files.
0.39.0
Technically backwards incompatible:
Switch to using async_timeout for timeouts
Significantly reduces the number of asyncio tasks that are created when using ServiceInfo or AsyncServiceInfo
0.2.0
Added an option to include IP-less adapters, thanks to memory
Fixed a bug where an interface's name was bytes, not str, on Windows
Added an implementation of netifaces.interfaces() (available through ifaddr.netifaces.interfaces())
Added type hints
Backwards incompatible/breaking changes:
Dropped Python 3.6 support
Twisted 22.4.0 (2022-04-11)
===========================
Features
--------
- twisted.python.failure.Failure tracebacks now capture module information, improving compatibility with the Raven Sentry client.
- twisted.python.failure.Failure objects are now compatible with dis.distb, improving compatibility with post-mortem debuggers.
Bugfixes
- twisted.internet.interfaces.IReactorSSL.listenSSL now has correct type annotations.
- twisted.internet.test.test_glibbase.GlibReactorBaseTests now passes.
Conch
-----
Features
- twisted.conch.ssh now supports using RSA keys with SHA-2 signatures (RFC 8332) when acting as a server. The rsa-sha2-512 and rsa-sha2-256 public key signature algorithms are automatically preferred over ssh-rsa if the client advertises support for them; the actual public keys do not need to change.
- twisted.conch.ssh now has an alternative Ed25519 implementation using PyNaCl, in order to support platforms that lack OpenSSL >= 1.1.1b. The new "conch_nacl" extra has the necessary dependency.
Web
---
Features
- Twisted is now compatible with h2 4.x.x.
Bugfixes
- twisted.web.http had several several defects in HTTP request parsing that could permit HTTP request smuggling. It now disallows signed Content-Length headers, forbids illegal characters in chunked extensions, forbids a ``0x`` prefix to chunk lengths, and only strips spaces and horizontal tab characters from header values. These changes address CVE-2022-24801 and GHSA-c2jg-hw38-jrqq.
Mail
----
Bugfixes
- twisted.mail.pop3.APOPCredentials is now correctly marked as implementing twisted.cred.credentials.IUsernamHashedPassword, rather than IUsernamePassword.
Trial
-----
Features
- `trial --until-failure --jobs=N` now reports the number of each test pass as it begins.
Bugfixes
- twisted.trial.unittest.TestCase now discards cleanup functions after running them. Notably, this prevents them from being run an ever growing number of times with `trial -u ...`.
Twisted 22.2.0 (2022-03-01)
===========================
Bugfixes
- twisted.internet.gireactor.PortableGIReactor.simulate and twisted.internet.gtk2reactor.PortableGtkReactor.simulate no longer raises TypeError when there are no delayed called. This was a regression introduced with the migration to Python 3 in which the builtin `min` function no longer accepts `None` as an argument.
- twisted.conch.ssh.transport.SSHTransportBase now disconnects the remote peer if the
SSH version string is not sent in the first 4096 bytes.
GHSA-rv6r-3f5q-9rgx)
Improved Documentation
- Add type annotations for twisted.web.http.Request.getHeader.
Deprecations and Removals
- Support for Python 3.6, which is EoL as of 2021-09-04, has been deprecated.
Replace patch+sed with just sed.
### 2022.07.18
* Allow users to specify encoding in each config files by [Lesmiscore](https://github.com/Lesmiscore)
* Discard infodict from memory if no longer needed
* Do not allow extractors to return `None`
* Do not load system certificates when `certifi` is used
* Fix rounding of integers in format table
* Improve chapter sanitization
* Skip some fixup if remux/recode is needed by [Lesmiscore](https://github.com/Lesmiscore)
* Support `--no-progress` for `--wait-for-video`
* Fix bug in [612f2be](612f2be5d3)
* [outtmpl] Add alternate form `h` for HTML escaping
* [aes] Add multiple padding modes in CBC by [elyse0](https://github.com/elyse0)
* [extractor/common] Passthrough `errnote=False` to parsers
* [extractor/generic] Remove HEAD request
* [http] Ensure the file handle is always closed
* [ModifyChapters] Modify duration in infodict
* [options] Fix aliases to `--config-location`
* [utils] Fix `get_domain`
* [build] Consistent order for lazy extractors by [lamby](https://github.com/lamby)
* [build] Fix architecture suffix of executables by [odo2063](https://github.com/odo2063)
* [build] Improve `setup.py`
* [update] Do not check `_update_spec` when up to date
* [update] Prepare to remove Python 3.6 support
* [compat] Let PyInstaller detect _legacy module
* [devscripts/update-formulae] Do not change dependency section
* [test] Split download tests so they can be more easily run in CI
* [docs] Improve docstring of `download_ranges` by [FirefoxMetzger](https://github.com/FirefoxMetzger)
* [docs] Improve issue templates
* [build] Fix bug in [6d916fe](6d916fe709)
* [cleanup, utils] Refactor parse_codecs
* [cleanup] Misc fixes and cleanup
* [extractor/acfun] Add extractors by [lockmatrix](https://github.com/lockmatrix)
* [extractor/Audiodraft] Add extractors by [Ashish0804](https://github.com/Ashish0804), [fstirlitz](https://github.com/fstirlitz)
* [extractor/cellebrite] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/detik] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/hytale] Add extractor by [llamasblade](https://github.com/llamasblade), [pukkandan](https://github.com/pukkandan)
* [extractor/liputan6] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/mocha] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/rtl.lu] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/rtvsl] Add extractor by [iw0nderhow](https://github.com/iw0nderhow), [pukkandan](https://github.com/pukkandan)
* [extractor/StarTrek] Add extractor by [scy](https://github.com/scy)
* [extractor/syvdk] Add extractor by [misaelaguayo](https://github.com/misaelaguayo)
* [extractor/theholetv] Add extractor by [dosy4ev](https://github.com/dosy4ev)
* [extractor/TubeTuGraz] Add extractor by [Ferdi265](https://github.com/Ferdi265), [pukkandan](https://github.com/pukkandan)
* [extractor/tviplayer] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/wetv] Add extractors by [elyse0](https://github.com/elyse0)
* [extractor/wikimedia] Add extractor by [EhtishamSabir](https://github.com/EhtishamSabir), [pukkandan](https://github.com/pukkandan)
* [extractor/youtube] Fix duration check for post-live manifestless mode
* [extractor/youtube] More metadata for storyboards by [ftk](https://github.com/ftk)
* [extractor/bigo] Fix extractor by [Lesmiscore](https://github.com/Lesmiscore)
* [extractor/BiliIntl] Fix subtitle extraction by [MinePlayersPE](https://github.com/MinePlayersPE)
* [extractor/crunchyroll] Improve `_VALID_URL`
* [extractor/fifa] Fix extractor by [ischmidt20](https://github.com/ischmidt20)
* [extractor/instagram] Fix post/story extractors by [pritam20ps05](https://github.com/pritam20ps05), [pukkandan](https://github.com/pukkandan)
* [extractor/iq] Set language correctly for Korean subtitles
* [extractor/MangoTV] Fix subtitle languages
* [extractor/Netverse] Improve playlist extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/philharmoniedeparis] Fix extractor by [sqrtNOT](https://github.com/sqrtNOT)
* [extractor/Trovo] Fix extractor by [u-spec-png](https://github.com/u-spec-png)
* [extractor/twitch] Support storyboards for VODs by [ftk](https://github.com/ftk)
* [extractor/WatchESPN] Improve `_VALID_URL` by [IONECarter](https://github.com/IONECarter), [dirkf](https://github.com/dirkf)
* [extractor/WSJArticle] Fix video id extraction by [sqrtNOT](https://github.com/sqrtNOT)
* [extractor/Ximalaya] Fix extractors by [lockmatrix](https://github.com/lockmatrix)
* [cleanup, extractor/youtube] Fix tests by [sheerluck](https://github.com/sheerluck)
### 2022.06.29
* Fix `--downloader native`
* Fix `section_end` of clips
* Fix playlist error handling
* Sanitize `chapters`
* [extractor] Fix `_create_request` when headers is None
* [extractor] Fix empty `BaseURL` in MPD
* [ffmpeg] Write full output to debug on error
* [hls] Warn user when trying to download live HLS
* [options] Fix `parse_known_args` for `--`
* [utils] Fix inconsistent default handling between HTTP and HTTPS requests by [coletdjnz](https://github.com/coletdjnz)
* [build] Draft release until complete
* [build] Fix release tag commit
* [build] Standalone x64 builds for MacOS 10.9 by [StefanLobbenmeier](https://github.com/StefanLobbenmeier)
* [update] Ability to set a maximum version for specific variants
* [compat] Fix `compat.WINDOWS_VT_MODE`
* [compat] Remove deprecated functions from core code
* [compat] Remove more functions
* [cleanup, extractor] Reduce direct use of `_downloader`
* [cleanup] Consistent style for file heads
* [cleanup] Fix some typos by [crazymoose77756](https://github.com/crazymoose77756)
* [cleanup] Misc fixes and cleanup
* [extractor/Scrolller] Add extractor by [LunarFang416](https://github.com/LunarFang416)
* [extractor/ViMP] Add playlist extractor by [FestplattenSchnitzel](https://github.com/FestplattenSchnitzel)
* [extractor/fuyin] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/livestreamfails] Add extractor by [nomevi](https://github.com/nomevi)
* [extractor/premiershiprugby] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/steam] Add broadcast extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/youtube] Mark videos as fully watched by [Brett824](https://github.com/Brett824)
* [extractor/CWTV] Extract thumbnail by [ischmidt20](https://github.com/ischmidt20)
* [extractor/ViMP] Add thumbnail and support more sites by [FestplattenSchnitzel](https://github.com/FestplattenSchnitzel)
* [extractor/dropout] Support cookies and login only as needed by [pingiun](https://github.com/pingiun), [pukkandan](https://github.com/pukkandan)
* [extractor/ertflix] Improve `_VALID_URL`
* [extractor/lbry] Use HEAD request for redirect URL by [flashdagger](https://github.com/flashdagger)
* [extractor/mediaset] Improve `_VALID_URL`
* [extractor/npr] Implement [e50c350](e50c3500b4) differently
* [extractor/tennistv] Rewrite extractor by [pukkandan](https://github.com/pukkandan), [zenerdi0de](https://github.com/zenerdi0de)
Changes:
0.51
====
Geomyidae v0.51 brcon2022 release.
I am happy to announce the geomyidae v0.51 brcon2022 release.
Thanks to everyone having contributed! It was much fun at the geomyidae
hackathon! I wish to repeat it.
Changes:
* Splice(1) speedup has been implemented on Linux for sending files.
* CPU usage is reduced by 80% and throughput increased by 20%.
* Was done at the geomyidae hackathon.
* New escaping in gph has been implemented. See below for description.
* Was done at the geomyidae hackathon.
* New external project for geomyidae CGI REST handling.
* git://bitreich.org/libgcgi
* Was done at the geomyidae hackathon.
* Add gph major-mode file for emacs.
* FreeBSD rc.d is now added.
* NetBSD compile options added to the Makefile.
* OpenBSD rc.d script has been fixed for 7.1 release.
## New Escaping
THIS IS IMPORTANT FOR EVERYONE!
The gph format has been changed, to simplify things in the future.
In the past, the escape for some line to not be interpreted was
ttext is here
becomes
text is here
This has changed. All lines beginning with t are now not escaped anymore.
The new escape way is:
[|text is here
becomes
text is here
In every gph script you already had to check for any line beginning with
'['. Now the already illegal case of an empty item type is reused for
escaping in gph.
This will make life easier for newcomers and oldcomers.
So be sure to change all escaping after the upgrade.
Changelog:
This release adds the zone verification support from the CreDNS code.
There are also some bug fixes in the ixfr out code.
Zone verification can start a verifier program that reads the new zone
data. It can reject the update. Or process the new zone data. The intent
is for a DNSSEC verifier to inspect the zone before it is passed on with
zone transfer or served to clients.
The zone verification can be enabled with enable: yes in the verify
section in nsd.conf. You can then list the interfaces the NSD listens on
while the verifier is active, so it can send queries for the new zone
contents. With verify-zones: yes zones are verified by default. The
command that is executed can be set with the verifier: ldns-verify-zone
option. With verifier-count the max number of concurrent verifiers can
be set. With the verifier-feed-zone: yes option the zone can be input
on stdin to the verifier program. A timeout to stop the verifier can be
set with the verifier-timeout option.
Per zone options can also be set for a pattern or for a zone, for zone
verification. With verify-zone the zone verification can be enabled
per zone. The verifier can be set per zone. And the verifier-feed-zone
and verifier-timeout options can be controlled per zone.
FEATURES:
Port zone-verification from CreDNS to NSD4.
BUG FIXES:
Fix static analyzer reports on ixfrcreate temp file.
Fixup wrong ixfrcreate fread return check.
- Fixed bug in dns_txt evaluation for long TXT records -> RDATA labels
not respected.
- Fixed generation of SPF and DKIM records in tinydns due to missing
labels in RDATA.
- The maximal TXT label-len is 255 throughout.
- Fixed man page of dnscache referencing outdated EDNS0 disabling.
- Added script to extract pubkey from keyfile to be used for DKIM records.
- Fixed wrong response to PTR query of ::1 -> ip6-loopback.
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
Features
- Merge #718: Introduce infra-cache-max-rtt option to config max
retransmit timeout.
Bug Fixes
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
- Fix verbose EDE error printout.
- Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
- For windows crosscompile, fix setting the IPV6_MTU socket option
equivalent (IPV6_USER_MTU); allows cross compiling with latest
cross-compiler versions.
- Merge PR 714: Avoid treat normal hosts as unresponsive servers.
And fixup the lock code.
- iana portlist update.
- Update documentation for 'outbound-msg-retry:'.
- Tests for ghost domain fixes.
The builtin heimdal no longer builds and it's unclear how it can possibly
work as it uses functions that do not exist anywhere. Also fix some SunOS
build issues.
I'm not convinced this won't break builds that use heimdal but will keep an
eye out for failures.
Wireshark 3.6.7
Bug Fixes
The following bugs have been fixed:
• Multiple Files preference "Create new file automatically…after"
[time] working incorrectly Issue 16783[2].
• get_filter Lua function doesn’t return the filter Issue 17188[3].
• Dissector bug, protocol HTTP failed assertion "saved_layers_len <
500" with chunked/multipart Issue 18130[4].
• Wrong EtherCAT bit label (possible dissector bug) Issue 18132[5].
• UDP packets falsely marked as "malformed packet" Issue 18136[6].
• TLS certificate parser with filter crash Issue 18155[7].
• Incorrect type for the IEC 60870 APDU appears in packet details
pane Issue 18167[8].
• NHRP Problem Issue 18181[9].
• EtherCAT CoE header unknown type Issue 18220[10].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
BGP, DTLS, EtherCAT, EtherCAT Mailbox, HTTP, IEC 104, MEGACO, NHRP,
PPPoE, QUIC, RTCP, Signal PDU, SOME/IP, and X509IF
It is a common protocol and nghttp2 is a comparatively cheap dependency
that most people already have installed since it is default enabled in
curl and nodejs.
2.6.2
- MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames
- BUG/MINOR: ssl: Do not look for key in extra files if already in pem
- BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created
- BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch
- MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD
- BUG/MEDIUM: ssl/fd: unexpected fd close using async engine
- BUILD: Makefile: Add Lua 5.4 autodetect
- CI: re-enable gcc asan builds
- MINOR: fd: Add BUG_ON checks on fd_insert()
- BUG/MINOR: peers/config: always fill the bind_conf's argument
- BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule
- BUG/MINOR: http-act: Properly generate 103 responses when several rules are used
- BUG/MINOR: peers: fix possible NULL dereferences at config parsing
- BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo
- MINOR: http: Add function to get port part of a host
- MINOR: http: Add function to detect default port
- BUG/MEDIUM: h1: Improve authority validation for CONNCET request
- MINOR: http-htx: Use new HTTP functions for the scheme based normalization
- BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream
- REGTEESTS: filters: Fix CONNECT request in random-forwarding script
- BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer
- BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state
- BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send
- MEDIUM: mworker: set the iocb of the socketpair without using fd_insert()
- BUG/MINOR: quic: Missing acknowledgments for trailing packets
- BUG/MINOR: quic: Wrong reuse of fulfilled dgram RX buffer
- BUG/MAJOR: quic: Big RX dgrams leak when fulfilling a buffer
- BUG/MAJOR: quic: Big RX dgrams leak with POST requests
- BUILD: quic+h3: 32-bit compilation errors fixes
- BUG/MINOR: quic: Dropped packets not counted (with RX buffers full)
- MINOR: quic: Add new stats counter to diagnose RX buffer overrun
- MINOR: quic: Duplicated QUIC_RX_BUFSZ definition
- MINOR: task: Add tasklet_wakeup_after()
- MINOR: quic: Improvements for the datagrams receipt
- MINOR: quic: Increase the QUIC connections RX buffer size (upto 64Kb)
- MINOR: ncbuf: implement ncb_is_fragmented()
- BUG/MINOR: mux-quic: do not signal FIN if gap in buffer
- MINOR: h3: add h3c pointer into h3s instance
- MINOR: h3: handle errors on HEADERS parsing/QPACK decoding
- MINOR: qpack: properly handle invalid dynamic table references
- CLEANUP: h2: Typo fix in h2_unsubcribe() traces
- BUG/MEDIUM: mux-quic: fix server chunked encoding response
- BUG/MINOR: quic: fix closing state on NO_ERROR code sent
- BUG/MEDIUM: cli/threads: make "show threads" more robust on applets
- BUG/MINOR: debug: enter ha_panic() only once
- BUG/MEDIUM: tools: avoid calling dlsym() in static builds
- BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX
- BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2)
- MINOR: resolvers: resolvers_destroy() deinit and free a resolver
- BUG/MINOR: resolvers: shut off the warning for the default resolvers
- BUG/MINOR: ssl: allow duplicate certificates in ca-file directories
- BUG/MINOR: tools: fix statistical_prng_range()'s output range
- BUG/MINOR: quic: do not send CONNECTION_CLOSE_APP in initial/handshake
- BUG/MINOR: mworker/cli: relative pid prefix not validated anymore
- BUG/MAJOR: mux_quic: fix invalid PROTOCOL_VIOLATION on POST data overlap
- BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload
- BUILD: add detection for unsupported compiler models
- BUG/MEDIUM: stconn: Only reset connect expiration when processing backend side
- BUILD: quic: fix anonymous union for gcc-4.4
- BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible
2.72.1 - June 29, 2022
======================
- Discard empty proxy environment variables (#189)
2.72.0 - March 22, 2022
=======================
- Fix proxy tests (#186)
- GnuTLS: use IANA-style ciphersuite names with GnuTLS 3.7.4 (!202)
- Windows build fixes (!206, !207, Chun-wei Fan)
- meson devenv (!208, Xavier Claessens)
- Updated translations
2.72.beta - February 11, 2022
=============================
- Add environment variable proxy resolver (#162)
- OpenSSL: fix uninitialized memory use (!201, Daniel Kolesa)
2.72.alpha - January 6, 2022
============================
- OpenSSL: fix unsafe error handling (!187, Patrick Griffis)
- Correctly load libsoup DLL on Windows (!190, Chun-wei Fan)
- OpenSSL: use system trust on Windows (!192, Francesco Conti)
- GnuTLS: fix TLS 1.3 ciphersuite names, should use underscores (!194)
- OpenSSL: fail when appropriate if Must-Staple extension is set (!197)
- Improve failure of tls-unique channel binding requests (!198, Ruslan Marchenko)
- Do not fill SNI extension with IP address (!200, Matteo Biggio)
2.70.1 - December 6, 2021
=========================
- Fix crashes when handshake is cancelled (#97, #176)
- OpenSSL: fix spurious certificate expired verification errors (#179)
- GnuTLS: Fix tests on 32-bit systems (!188, Simon McVittie)
- GnuTLS: Fix crash when invalid priority string is forced (!189)
2.70.0 - September 16, 2021
===========================
- Updated translations
2.70.rc - September 3, 2021
===========================
- gnutls: revert AuthorityInformationAccess implementation for now (#160)
- gnutls: fix use of non-default GTlsDatabases, Geary crash on startup (#169)
- openssl: remove openssl-util (!181)
- gnutls: fix leak in g_tls_certificate_gnutls_copy (!182, Patrick Griffis)
- gnutls: Unbreak GTLS_GNUTLS_CHECK_VERSION (!185)
2.70.beta - August 12, 2021
===========================
- gnutls: Ensure that PKCS #11 pins are NUL terminated (!178, Patrick Griffis)
- openssl: Restore OCSP support (!179, !180, Patrick Griffis)
2.70.alpha - July 2, 2021
=========================
- Fix TLS channel bindings tests (#164)
- Require OpenSSL 1.0.2 (#166)
- Fix threadsafety issue in certificate verification (!148)
- dlopen libsoup for performing HTTP requests (!149, Patrick Griffis)
- Implement new get_negotiated_protocol vfunc (!150)
- Implement new protocol version and ciphersuite name accessors (!151)
- OpenSSL: use system keychain on macOS (!154)
- OpenSSL: add DTLS support, plus many related improvements (!155, Ole André Vadla Ravnås)
- Implement new GTlsCertificate details APIs (!156, !165, Ross Wollman)
- GnuTLS: improve error handling for PIN failures (!158, Patrick Griffis)
- GnuTLS: expose PIN type on PIN requests (!159, Patrick Griffis)
- GnuTLS: check cancellable in pull timeout callback (!160)
- Add support for Android (!162, Ole André Vadla Ravnås)
- Improve automation of test certificate creation (!167, !168, !169, Patrick Griffis)
- GnuTLS: use GnuTLS to implement all channel bindings (!172)
- GnuTLS: rework certificate verification to use TLS session (!173)
- GnuTLS: improve peer identity verification (!176)
- Bring back automatic downloading of missing intermediate certificates (not fixed, may go away again)
2.68.1 - April 22, 2021
=======================
- Fix threadsafety issue in certificate verification (!148)
- Temporarily remove support for downloading missing intermediate certificates with GnuTLS 3.7 (#160)
2.68.0 - March 19, 2021
=======================
- Fix double free in GnuTLS client certificate request code (!147)
2.68.rc - March 12, 2021
========================
- Improve heuristic for returning G_TLS_ERROR_CERTIFICATE_REQUIRED
- Fix check for certain handshake failure conditions
2.68.alpha - January 7, 2021
============================
- Download and validate missing intermediate certificates (requires GnuTLS 3.7) (#96)
- OpenSSL backend now uses system crypto policy (#106)
- Remove use of g_assert in testsuite (#137)
- Restore support for old versions of OpenSSL (#156)
- Implement TLS channel bindings API (!139, Ruslan Marchenko)
- Implement PKCS#11 API (!140, Patrick Griffis)
- Update testsuite for Fedora 33 crypto policy (!141)
- Fix NULL dereference in g_tls_connection_base_read_message (!144, Vladimir D. Seleznev)
- Fix a couple code issues found by Coverity
2.66.0 - September 11, 2020
===========================
- Updated translations
2.65.90 - August 6, 2020
========================
- Many fixes to OpenSSL backend (!128, Ruslan Marchenko)
2.65.1 - July 2, 2020
=====================
- Fix peer-certificate[-errors] props set too soon (#127)
- Implement ALPN for OpenSSL backend (!126, Ruslan Marchenko)
- Fix Windows build (!127, Cun-wei Fan)
pkgsrc changes:
- Remove hopefully no longer needed patch-fdname.c, Solaris support should be
now properly handled by upstream too
Changes:
1.7.4.3
-------
Fixes the TCP_INFO issue that broke building on non-Linux platforms. Furthermore,
building on AIX works again. A few more corrections and improvements have been
added.
1.7.4.2
-------
Fixes a lot of bugs, e.g., for options -r and -R.
1.23 - 2022-05-30 - ncdc-1.23.tar.gz
Bump minimum glib version to 2.32
Re-open GeoIP database on SIGUSR1
Add tls_policy=force setting
Fix TLS on Verlihub
Various minor language fixes
Add workaround rare compiler bug for aarch64
3.60.1 (2022-06-01)
- Fixed a regression drag-moving local files
3.60.0 (2022-05-27)
- SFTP: Fixed error handling if reading from child process fails
- Fixed transfers following recursive operations not starting if the connection limit has been set to 1 in the Site Manager
3.60.0-rc1 (2022-05-19)
+ macOS: Remote files can now be dragged into Finder
- Fixed file change detection when editing files
0.38.1 (2022-07-20)
+ fz::aio_waitable now also accepts event handlers in addition to aio_waiter
- Split fz::process::kill into separate stop and kill functions
0.38.0 (2022-07-08)
+ Added readers and writers for asynchronous disk I/O operating on a buffer pool
+ Added fz::current_username()
+ Added fz::event_handler::stop_add_timer
+ Added overload for fz::event_handler::add_timer that takes a deadline
+ Added fz::file::set_modification_time
+ Added fz::get_network_interfaces
+ *nix: fz::socket can now accept Unix-domain sockets, added fz::socket::send_fd and fz::socke::read_fd
- *nix: When impersonating, limit supplementary groups to NGROUPS_MAX
Changes since 4.16.2
--------------------
* BUG 15099: Using vfs_streams_xattr and deleting a file causes a panic.
* BUG 14986: Add support for bind 9.18.
* BUG 15076: logging dsdb audit to specific files does not work.
* BUG 14979: Problem when winbind renews Kerberos.
* BUG 15095: Samba with new lorikeet-heimdal fails to build on gcc 12.1 in
developer mode.
* BUG 15105: Crash in streams_xattr because fsp->base_fsp->fsp_name is NULL.
* BUG 15118: Crash in rpcd_classic - NULL pointer deference in
mangle_is_mangled().
* BUG 15100: smbclient commands del & deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS.
* BUG 15120: Fix check for chown when processing NFSv4 ACL.
* BUG 15082: The pcap background queue process should not be stopped.
* BUG 15097: testparm: Fix typo in idmap rangesize check.
* BUG 15106: net ads info returns LDAP server and LDAP server name as null.
* BUG 15108: ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link.
* BUG 15090: CTDB child process logging does not work as expected.
Changes since 4.16.1
--------------------
* BUG 15042: Use pathref fd instead of io fd in vfs_default_durable_cookie.
* BUG 15069: vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
file had been deleted.
* BUG 15087: netgroups support removed.
* BUG 14674: net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server.
* BUG 15062: Update from 4.15 to 4.16 breaks discovery of [homes] on
standalone server from Win and IOS.
* BUG 15071: waf produces incorrect names for python extensions with Python
3.11.
* BUG 15075: smbclient -E doesn't work as advertised.
* BUG 15071: waf produces incorrect names for python extensions with Python
3.11.
* BUG 15081: The samba background daemon doesn't refresh the printcap cache
on startup.
* BUG 14443: Out-by-4 error in smbd read reply max_send clamp..
Changes since 4.16.0
--------------------
* BUG 14831: Share and server swapped in smbget password prompt.
* BUG 15022: Durable handles won't reconnect if the leased file is written
to.
* BUG 15023: rmdir silently fails if directory contains unreadable files and
hide unreadable is yes.
* BUG 15038: SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on
renamed file handle.
* BUG 8731: Need to describe --builtin-libraries= better (compare with
--bundled-libraries).
* BUG 14957: vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback.
* BUG 15035: shadow_copy2 fails listing snapshotted dirs with
shadow:fixinodes.
* BUG 15046: PAM Kerberos authentication incorrectly fails with a clock skew
error.
* BUG 15041: Username map - samba erroneously applies unix group memberships
to user account entries.
* BUG 14951: KVNO off by 100000.
* BUG 15027: Uninitialized litemask in variable in vfs_gpfs module.
* BUG 15055: vfs_gpfs recalls=no option prevents listing files.
* BUG 15054: smbd doesn't handle UPNs for looking up names.
9.6.31 (2022-07-20)
5917. [bug] Update ifconfig.sh script as is miscomputed interface
identifiers when destroying interfaces. [GL #3061]
5915. [bug] Detect missing closing brace (}) and computational
overflows in $GENERATE directives. [GL #3429]
5913. [bug] Fix a race between resolver query timeout and
validation in resolver.c:validated(). Remove
resolver.c:maybe_destroy() as it is no loger needed.
[GL #3398]
5909. [bug] The server-side destination port was missing from dnstap
captures of client traffic. [GL #3309]
5905. [bug] When the TCP connection would be closed/reset between
the connect/accept and the read, the uv_read_start()
return value would be unexpected and cause an assertion
failure. [GL #3400]
5903. [bug] When named checks that the OPCODE in a response matches
that of the request, if there is a mismatch named logs
an error. Some of those error messages incorrectly
used RCODE instead of OPCODE to lookup the nemonic.
This has been corrected. [GL !6420]
The script that un-installs the configuration content placed under the
PKG_SYSCONFDIR wasn't removing one of the files that's installed. (This
had been incorrect since it was added to the installation script back
in 2017.)
Separately, simplify the previous changes I made to fix installation of
configuration files to PKG_SYSCONFDIR. I had used redundancy to force
certain directories necessary for startup to be present and populated,
but the pre-existing code in the scripts had almost all of it covered,
just not the creation of the directories themselves and a single file.
libtorrent-2.0.7
fix issue in use of copy_file_range() on linux
avoid open-file race in the file_view_pool
fix issue where stop-when-ready would not close files
fix issue with duplicate hybrid torrent via separate v1 and v2 magnet links
added new function to load torrent files, load_torrent_*()
support sync_file_range() on linux
fix issue in write_torrent_file() when file size is exactly piece size
fix file_num_blocks() and file_num_pieces() for empty files
add new overload to make_magnet_uri()
add missing protocol version to tracker_reply_alert and tracker_error_alert
fix privilege issue with SetFileValidData()
add asynchronous overload of torrent_handle::add_piece()
default to a single hashing thread, for full checks
Fix bug when checking files and the first piece is invalid
As well as changes merged in from the 1.2.x branch:
fixed tracker connections spinning when hostname lookups stall
fixed error in pkg-config file generation in Jamfile
improve backwards compatibility with loading magnet link resume files
fix bind-to-device for tracker announces and UPnP
rename peer_tos setting to peer_dscp
fix bdecode support for large strings (>= 100 MB)
v1.47.1
Core
[Backport] Using string rep for status-time
[Backport] Tell MSVC to build grpc with utf-8
[Backport] Ring hash: fix picker propagation bug in xds_cluster_manager policy
Changes:
1.06
----
- Fix build with TLS support disabled
- Add support for more DEC function keys for ui_ti
- Add application key support for ui_ti
- Prevent zombie processes for non-modal plumbing
v4.4.3.1
- BUGFIX: Fix broken translations (sledgehammer999)
v4.4.3
- BUGFIX: Correctly handle changing of temp save path (glassez)
- BUGFIX: Fix storage in SQLite (glassez)
- BUGFIX: Correctly apply content layout when "Skip hash check" is enabled (glassez)
- BUGFIX: Don't corrupt IDs of v2 torrents (glassez)
- BUGFIX: Reduce the number of hashing threads by default (improves hashing speed on HDDs) (summer)
- BUGFIX: Prevent the "update dialog" from blocking input on other windows (summer)
- BUGFIX: Add trackers in exported .torrent files (glassez)
- BUGFIX: Fix wrong GUI behavior in "Optional IP address to bind to" setting (Chocobo1)
- WEBUI: Fix WebUI crash due to missing tags from config (An0n)
- WEBUI: Show correct location path (Chocobo1)
- MACOS: Fix main window freezing after opening a files dialog (glassez)
v4.4.2
- FEATURE: Allow to limit max memory working set size (glassez)
- BUGFIX: Fix UI crash when torrent is in a non-existent category (Kevin Cox)
- BUGFIX: Correctly handle changing of global save paths (glassez)
- BUGFIX: Disable performance alert (Chocobo1)
- BUGFIX: Prevent loading resume data with inconsistent ID (glassez)
- BUGFIX: Properly handle metadata download for an existing torrent (glassez)
- BUGFIX: Prevent crash when open torrent destination folder (glassez)
- WINDOWS: NSIS: Update Spanish, Spanish International and French translations(Juanjo Jiménez, RqndomHax)
v4.4.1
- FEATURE: Restore all torrent settings to the torrent's main context menu (thalieht)
- FEATURE: Add confirmation for enabling Auto TMM from context menu (thalieht)
- FEATURE: Add tooltip to Automatic Torrent Management context menu action (thalieht)
- FEATURE: Add Select All/None buttons in new torrent dialog (thalieht)
- BUGFIX: Keep "torrent info" alive while generate .torrent file (glassez)
- BUGFIX: Correctly handle Auto TMM in Torrent Files Watcher (glassez)
- BUGFIX: Correctly track the root folder name change (glassez)
- BUGFIX: Various fixes to the moving torrent code (glassez)
- BUGFIX: Update the torrent's download path field when changing category (thalieht)
- BUGFIX: Correctly handle received metadata (glassez)
- BUGFIX: Store hybrid torrents using legacy filenames (glassez)
- BUGFIX: Open correct directory when clicked on Browse button (glassez)
- BUGFIX: Fix crash when shutting down and clicing on system tray icon (Chocobo1)
- BUGFIX: Fix "Free space on disk" in new torrent dialog (thalieht)
- BUGFIX: Optimize completed files handling (Prince Gupta)
- BUGFIX: Migrate proxy settings (sledgehammer999)
- BUGFIX: Try to recover missing categories (glassez)
- WEBUI: WebAPI: fix wrong key used for categories (Chocobo1)
- WEBUI: Remove hack for outdated IE 6 browser (Chocobo1)
- RSS: Correctly handle XML parsing errors (glassez)
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
Features
- Fix#704: [FR] Statistics counter for number of outgoing UDP queries
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
command.
Bug Fixes
- makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
- Fix for edns client subnet to respect not looking in its cache when
instructed to do so (e.g., prefetch).
- Merge PR #688: Rpz url notify issue.
- Note in the unbound.conf text that NOTIFY is allowed from the url:
addresses for auth and rpz zones.
- Remove unused LDNS function check for GOST Engine unloading.
- Fix for loading locally stored zones that have lines with blanks or
blanks and comments.
- Fix#663: use after free issue with edns options.
- Clarify -v flag manpage entry (#705)
- Fix test program dohclient close to use portability routine.
- Show the output of the exact .rpl run that failed with 'make test'.
- Fix for cached 0 TTL records to not trigger prefetching when
serve-expired-client-timeout is set.
- Add debug option to the mini_tdir.sh test code.
- Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
- Allow fallback to the parent side when MAX_TARGET_NX is reached.
This will also allow MAX_TARGET_NX more NXDOMAINs.
- iana portlist update.
- Fix detection of libz on windows compile with static option.
- Fix compile warning for windows compile.
- Merge PR #706: NXNS fallback.
- From #706: Cached NXDOMAIN does not increase the target nx
responses.
- From #706: Don't generate parent side queries if we already
have the lame records in cache.
- From #706: When a lame address is the best choice, don't try to
generate target queries when the missing targets are all lame.
- Merge PR #671 from Petr Men\u0161ík: Disable ED25519 and ED448 in FIPS
mode on openssl3.
- Merge PR #660 from Petr Men\u0161ík: Sha1 runtime insecure.
- For #660: formatting, less verbose logging, add EDE information.
- Fix for correct openssl error when adding windows CA certificates to
the openssl trust store.
- Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
- Reintroduce documentation and more EDE support for
val_sigcrypt.c::dnskeyset_verify_rrset_sig.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
5.2.7
=====
- Fix packaging issue which causes poetry 1.2b1 and above to fail install Celery
5.2.6
=====
- load_extension_class_names - correct module_name
5.2.5
=====
**This release was yanked due to a regression caused by the PR below**
- Use importlib instead of deprecated pkg_resources
5.2.4
=====
- Expose more debugging information when receiving unknown tasks
5.2.4
Allow getting recoverable_connection_errors without an active transport.
Prevent KeyError: ‘purelib’ by removing INSTALLED_SCHEME hack from setup.py.
Revert “try pining setuptools
Fix issue 789: Async http code not allowing for proxy config
Fix The incorrect times of retrying.
Set redelivered property for Celery with Redis
Remove use of OrderedDict in various places
Warn about missing hostname only when default one is available
All supported versions of Python define __package__.
Added global_keyprefix support for pubsub clients
try pytest 7
Add an option to not base64-encode SQS messages.
Fix SQS extract_task_name message reference.
5.1.1
=====
- Use AF_UNSPEC for name resolution
5.1.0
=====
- Improve performance of _get_free_channel_id, fix channel max bug
- Document memoryview usage, minor frame_writer.write_frame refactor
- Start dropping python 3.6
- Added experimental __slots__ to some classes
- Relaxed vine version for upcoming release.
- Upgraded topytest 7
pkgsrc changes:
- Follow upstream requirements for py-cryptography (previously a workaround was
added in order to avoid possible too new py-cryptography that was not yet
present in pkgsrc)
Changes:
8.1.1
-----
* Support specifying the local address for outgoing connections
* Fix a bug where an excess empty chunk has been sent for chunked HEAD request.
* Drop pkg_resources dependency.
* Fix huge (>65kb) http2 responses corrupted.
* Remove overambitious assertions in the HTTP state machine,
fix some error handling.
Changes:
## v1.58.1 - 2022-04-29
* Bug Fixes
* build: Update github.com/billziss-gh to github.com/winfsp
(Nick Craig-Wood)
* filter: Fix timezone of `--min-age`/`-max-age` from UTC to local as
documented (Nick Craig-Wood)
* rc/js: Correct RC method names (Sơn Trần-Nguyễn)
* docs
* Fix some links to command pages (albertony)
* Add `--multi-thread-streams` note to `--transfers`. (Zsolt Ero)
* Mount
* Fix `--devname` and fusermount: unknown option 'fsname' when mounting
via rc (Nick Craig-Wood)
* VFS
* Remove wording which suggests VFS is only for mounting (Nick Craig-Wood)
* Dropbox
* Fix retries of multipart uploads with incorrect_offset error
(Nick Craig-Wood)
* Google Cloud Storage
* Use the s3 pacer to speed up transactions (Nick Craig-Wood)
* pacer: Default the Google pacer to a burst of 100 to fix gcs pacing
(Nick Craig-Wood)
* Jottacloud
* Fix scope in token request (albertony)
* Netstorage
* Fix unescaped HTML in documentation (Nick Craig-Wood)
* Make levels of headings consistent (Nick Craig-Wood)
* Add support contacts to netstorage doc (Nil Alexandrov)
* Onedrive
* Note that sharepoint also changes web files (.html, .aspx) (GH)
* Putio
* Handle rate limit errors (Berkan Teber)
* Fix multithread download and other ranged requests (rafma0)
* S3
* Add ChinaMobile EOS to provider list (GuoXingbin)
* Sync providers in config description with providers (Nick Craig-Wood)
* SFTP
* Fix OpenSSH 8.8+ RSA keys incompatibility (KARBOWSKI Piotr)
* Note that Scaleway C14 is deprecating SFTP in favor of S3
(Adrien Rey-Jarthon)
* Storj
* Fix bucket creation on Move (Nick Craig-Wood)
* WebDAV
* Don't override Referer if user sets it (Nick Craig-Wood)
## v1.58.0 - 2022-03-18
* New backends
* Akamai Netstorage (Nil Alexandrov)
* Seagate Lyve, SeaweedFS, Storj, RackCorp via s3 backend
* Storj (renamed from Tardigrade - your old config files will continue
working)
* New commands
* bisync - experimental bidirectional cloud sync
(Ivan Andreev, Chris Nelson)
* New Features
* build
* Add `windows/arm64` build (`rclone mount` not supported yet)
(Nick Craig-Wood)
* Raise minimum go version to go1.15 (Nick Craig-Wood)
* config: Allow dot in remote names and improve config editing (albertony)
* dedupe: Add quit as a choice in interactive mode (albertony)
* dlna: Change icons to the newest ones. (Alain Nussbaumer)
* filter: Add [`{{ regexp }}` syntax] to pattern matches (Nick Craig-Wood)
* fshttp: Add prometheus metrics for HTTP status code (Michał Matczuk)
* hashsum: Support creating hash from data received on stdin (albertony)
* librclone
* Allow empty string or null input instead of empty json object
(albertony)
* Add support for mount commands (albertony)
* operations: Add server-side moves to stats (Ole Frost)
* rc: Allow user to disable authentication for web gui (negative0)
* tree: Remove obsolete `--human` replaced by global `--human-readable`
(albertony)
* version: Report correct friendly-name for newer Windows 10/11 versions (albertony)
* Bug Fixes
* build
* Fix ARM architecture version in .deb packages after nfpm change
(Nick Craig-Wood)
* Hard fork `github.com/jlaffaye/ftp` to fix
`go get github.com/rclone/rclone` (Nick Craig-Wood)
* oauthutil: Fix crash when webrowser requests `/robots.txt`
(Nick Craig-Wood)
* operations: Fix goroutine leak in case of copy retry (Ankur Gupta)
* rc:
* Fix `operations/publiclink` default for `expires` parameter
(Nick Craig-Wood)
* Fix missing computation of `transferQueueSize` when summing up
statistics group (Carlo Mion)
* Fix missing `StatsInfo` fields in the computation of the group sum
(Carlo Mion)
* sync: Fix `--max-duration` so it doesn't retry when the duration is
exceeded (Nick Craig-Wood)
* touch: Fix issue where a directory is created instead of a file
(albertony)
* Mount
* Add `--devname` to set the device name sent to FUSE for mount
display (Nick Craig-Wood)
* VFS
* Add `vfs/stats` remote control to show statistics (Nick Craig-Wood)
* Fix `failed to _ensure cache internal error: downloaders is nil error`
(Nick Craig-Wood)
* Fix handling of special characters in file names (Bumsu Hyeon)
* Local
* Fix hash invalidation which caused errors with local crypt mount
(Nick Craig-Wood)
* Crypt
* Add `base64` and `base32768` filename encoding options
(Max Sum, Sinan Tan)
* Azure Blob
* Implement `--azureblob-upload-concurrency` parameter to speed
uploads (Nick Craig-Wood)
* Remove 100MB upper limit on `chunk_size` as it is no longer
needed (Nick Craig-Wood)
* Raise `--azureblob-upload-concurrency` to 16 by default (Nick Craig-Wood)
* Fix crash with SAS URL and no container (Nick Craig-Wood)
* Compress
* Fix crash if metadata upload failed (Nick Craig-Wood)
* Fix memory leak (Nick Craig-Wood)
* Drive
* Added `--drive-copy-shortcut-content` (Abhiraj)
* Disable OAuth OOB flow (copy a token) due to Google deprecation
(Nick Craig-Wood)
* See the deprecation note at
https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html#disallowed-oob.
* Add `--drive-skip-dangling-shortcuts` flag (Nick Craig-Wood)
* When using a link type `--drive-export-formats` shows all doc types
(Nick Craig-Wood)
* Dropbox
* Speed up directory listings by specifying 1000 items in a chunk
(Nick Craig-Wood)
* Save an API request when at the root (Nick Craig-Wood)
* Fichier
* Implemented About functionality (Gourav T)
* FTP
* Add `--ftp-ask-password` to prompt for password when needed
(Borna Butkovic)
* Google Cloud Storage
* Add missing regions (Nick Craig-Wood)
* Disable OAuth OOB flow (copy a token) due to Google deprecation
(Nick Craig-Wood)
* Googlephotos
* Disable OAuth OOB flow (copy a token) due to Google deprecation
(Nick Craig-Wood)
* Hasher
* Fix crash on object not found (Nick Craig-Wood)
* Hdfs
* Add file (Move) and directory move (DirMove) support (Andy Jackson)
* HTTP
* Improved recognition of URL pointing to a single file (albertony)
* Jottacloud
* Change API used by recursive list (ListR) (Kim)
* Add support for Tele2 Cloud (Fredric Arklid)
* Koofr
* Add Digistorage service as a Koofr provider. (jaKa)
* Mailru
* Fix int32 overflow on arm32 (Ivan Andreev)
* Onedrive
* Add config option for oauth scope `Sites.Read.All` (Charlie Jiang)
* Minor optimization of quickxorhash (Isaac Levy)
* Add `--onedrive-root-folder-id` flag (Nick Craig-Wood)
* Do not retry on `400 pathIsTooLong` error (ctrl-q)
* Pcloud
* Add support for recursive list (ListR) (Niels van de Weem)
* Fix pre-1970 time stamps (Nick Craig-Wood)
* S3
* Use `ListObjectsV2` for faster listings (Felix Bünemann)
* Fallback to `ListObject` v1 on unsupported providers
(Nick Craig-Wood)
* Use the `ETag` on multipart transfers to verify the transfer was
OK (Nick Craig-Wood)
* Add `--s3-use-multipart-etag` provider quirk to disable this on
unsupported providers (Nick Craig-Wood)
* New Providers
* RackCorp object storage (bbabich)
* Seagate Lyve Cloud storage (Nick Craig-Wood)
* SeaweedFS (Chris Lu)
* Storj Shared gateways (Márton Elek, Nick Craig-Wood)
* Add Wasabi AP Northeast 2 endpoint info (lindwurm)
* Add `GLACIER_IR` storage class (Yunhai Luo)
* Document `Content-MD5` workaround for object-lock enabled buckets
(Paulo Martins)
* Fix multipart upload with `--no-head` flag (Nick Craig-Wood)
* Simplify content length processing in s3 with download url
(Logeshwaran Murugesan)
* SFTP
* Add rclone to list of supported `md5sum`/`sha1sum` commands to look for
(albertony)
* Refactor so we only have one way of running remote commands
(Nick Craig-Wood)
* Fix timeout on hashing large files by sending keepalives
(Nick Craig-Wood)
* Fix unecessary seeking when uploading and downloading files
(Nick Craig-Wood)
* Update docs on how to create `known_hosts` file (Nick Craig-Wood)
* Storj
* Rename tardigrade backend to storj backend (Nick Craig-Wood)
* Implement server side Move for files (Nick Craig-Wood)
* Update docs to explain differences between s3 and this backend
(Elek, Márton)
* Swift
* Fix About so it shows info about the current container only
(Nick Craig-Wood)
* Union
* Fix treatment of remotes with `//` in (Nick Craig-Wood)
* Fix deadlock when one part of a multi-upload fails (Nick Craig-Wood)
* Fix eplus policy returned nil (Vitor Arruda)
* Yandex
* Add permanent deletion support (deinferno)
## v1.57.0 - 2021-11-01
* New backends
* Sia: for Sia decentralized cloud
(Ian Levesque, Matthew Sevey, Ivan Andreev)
* Hasher: caches hashes and enable hashes for backends that don't support
them (Ivan Andreev)
* New commands
* lsjson --stat: to get info about a single file/dir and `operations/stat`
api (Nick Craig-Wood)
* config paths: show configured paths (albertony)
* New Features
* about: Make human-readable output more consistent with other commands
(albertony)
* build
* Use go1.17 for building and make go1.14 the minimum supported
(Nick Craig-Wood)
* Update Go to 1.16 and NDK to 22b for Android builds (x0b)
* config
* Support hyphen in remote name from environment variable (albertony)
* Make temporary directory user-configurable (albertony)
* Convert `--cache-dir` value to an absolute path (albertony)
* Do not override MIME types from OS defaults (albertony)
* docs
* Toc styling and header levels cleanup (albertony)
* Extend documentation on valid remote names (albertony)
* Mention make for building and cmount tag for macos (Alex Chen)
* ...and many more contributions to numerous to mention!
* fs: Move with `--ignore-existing` will not delete skipped files
(Nathan Collins)
* hashsum
* Treat hash values in sum file as case insensitive (Ivan Andreev)
* Don't put `ERROR` or `UNSUPPORTED` in output (Ivan Andreev)
* lib/encoder: Add encoding of square brackets (Ivan Andreev)
* lib/file: Improve error message when attempting to create dir on
nonexistent drive on windows (albertony)
* lib/http: Factor password hash salt into options with default
(Nolan Woods)
* lib/kv: Add key-value database api (Ivan Andreev)
* librclone
* Add `RcloneFreeString` function (albertony)
* Free strings in python example (albertony)
* log: Optionally print pid in logs (Ivan Andreev)
* ls: Introduce `--human-readable` global option to print human-readable
sizes (albertony)
* ncdu: Introduce key `u` to toggle human-readable (albertony)
* operations: Add `rmdirs -v` output (Justin Winokur)
* serve sftp
* Generate an ECDSA server key as well as RSA (Nick Craig-Wood)
* Generate an Ed25519 server key as well as ECDSA and RSA (albertony)
* serve docker
* Allow to customize proxy settings of docker plugin (Ivan Andreev)
* Build docker plugin for multiple platforms (Thomas Stachl)
* size: Include human-readable count (albertony)
* touch: Add support for touching files in directory, with recursive
option, filtering and `--dry-run`/`-i` (albertony)
* tree: Option to print human-readable sizes removed in favor of global
option (albertony)
* Bug Fixes
* lib/http
* Fix bad username check in single auth secret provider (Nolan Woods)
* Fix handling of SSL credentials (Nolan Woods)
* serve ftp: Ensure modtime is passed as UTC always to fix timezone
oddities (Nick Craig-Wood)
* serve sftp: Fix generation of server keys on windows (albertony)
* serve docker: Fix octal umask (Ivan Andreev)
* Mount
* Enable rclone to be run as mount helper direct from the fstab
(Ivan Andreev)
* Use procfs to validate mount on linux (Ivan Andreev)
* Correctly daemonize for compatibility with automount (Ivan Andreev)
* VFS
* Ensure names used in cache path are legal on current OS (albertony)
* Ignore `ECLOSED` when truncating file handles to fix intermittent bad
file descriptor error (Nick Craig-Wood)
* Local
* Refactor default OS encoding out from local backend into shared encoder
lib (albertony)
* Crypt
* Return wrapped object even with `--crypt-no-data-encryption`
(Ivan Andreev)
* Fix uploads with `--crypt-no-data-encryption` (Nick Craig-Wood)
* Azure Blob
* Add `--azureblob-no-head-object` (Tatsuya Noyori)
* Box
* Make listings of heavily used directories more reliable (Nick Craig-Wood)
* When doing cleanup delete as much as possible (Nick Craig-Wood)
* Add `--box-list-chunk` to control listing chunk size (Nick Craig-Wood)
* Delete items in parallel in cleanup using `--checkers` threads
(Nick Craig-Wood)
* Add `--box-owned-by` to only show items owned by the login passed
(Nick Craig-Wood)
* Retry `operation_blocked_temporary` errors (Nick Craig-Wood)
* Chunker
* Md5all must create metadata if base hash is slow (Ivan Andreev)
* Drive
* Speed up directory listings by constraining the API listing using the
current filters (fotile96, Ivan Andreev)
* Fix buffering for single request upload for files smaller than
`--drive-upload-cutoff` (YenForYang)
* Add `-o config` option to `backend drives` to make config for all shared
drives (Nick Craig-Wood)
* Dropbox
* Add `--dropbox-batch-commit-timeout` to control batch timeout
(Nick Craig-Wood)
* Filefabric
* Make backoff exponential for error_background to fix errors
(Nick Craig-Wood)
* Fix directory move after API change (Nick Craig-Wood)
* FTP
* Enable tls session cache by default (Ivan Andreev)
* Add option to disable tls13 (Ivan Andreev)
* Fix timeout after long uploads (Ivan Andreev)
* Add support for precise time (Ivan Andreev)
* Enable CI for ProFtpd, PureFtpd, VsFtpd (Ivan Andreev)
* Googlephotos
* Use encoder for album names to fix albums with control characters
(Parth Shukla)
* Jottacloud
* Implement `SetModTime` to support modtime-only changes (albertony)
* Improved error handling with `SetModTime` and corrupt files in general
(albertony)
* Add support for `UserInfo` (`rclone config userinfo`) feature (albertony)
* Return direct download link from `rclone link` command (albertony)
* Koofr
* Create direct share link (Dmitry Bogatov)
* Pcloud
* Add sha256 support (Ken Enrique Morel)
* Premiumizeme
* Fix directory listing after API changes (Nick Craig-Wood)
* Fix server side move after API change (Nick Craig-Wood)
* Fix server side directory move after API changes (Nick Craig-Wood)
* S3
* Add support to use CDN URL to download the file (Logeshwaran)
* Add AWS Snowball Edge to providers examples (r0kk3rz)
* Use a combination of SDK retries and rclone retries (Nick Craig-Wood)
* Fix IAM Role for Service Account not working and other auth problems
(Nick Craig-Wood)
* Fix `shared_credentials_file` auth after reverting incorrect fix
(Nick Craig-Wood)
* Fix corrupted on transfer: sizes differ 0 vs xxxx with Ceph
(Nick Craig-Wood)
* Seafile
* Fix error when not configured for 2fa (Fred)
* SFTP
* Fix timeout when doing MD5SUM of large file (Nick Craig-Wood)
* Swift
* Update OCI URL (David Liu)
* Document OVH Cloud Archive (HNGamingUK)
* Union
* Fix rename not working with union of local disk and bucket based remote
(Nick Craig-Wood)
## v1.56.2 - 2021-10-01
* Bug Fixes
* serve http: Re-add missing auth to http service (Nolan Woods)
* build: Update golang.org/x/sys to fix crash on macOS when compiled with
go1.17 (Herby Gillot)
* FTP
* Fix deadlock after failed update when concurrency=1 (Ivan Andreev)
## v1.56.1 - 2021-09-19
* Bug Fixes
* accounting: Fix maximum bwlimit by scaling scale max token bucket size
(Nick Craig-Wood)
* rc: Fix speed does not update in core/stats (negative0)
* selfupdate: Fix `--quiet` option, not quite quiet (yedamo)
* serve http: Fix `serve http` exiting directly after starting (Cnly)
* build
* Apply gofmt from golang 1.17 (Ivan Andreev)
* Update Go to 1.16 and NDK to 22b for android/any (x0b)
* Mount
* Fix `--daemon` mode (Ivan Andreev)
* VFS
* Fix duplicates on rename (Nick Craig-Wood)
* Fix crash when truncating a just uploaded object (Nick Craig-Wood)
* Fix issue where empty dirs would build up in cache meta dir (albertony)
* Drive
* Fix instructions for auto config (Greg Sadetsky)
* Fix lsf example without drive-impersonate (Greg Sadetsky)
* Onedrive
* Handle HTTP 400 better in PublicLink (Alex Chen)
* Clarification of the process for creating custom client_id
(Mariano Absatz)
* Pcloud
* Return an early error when Put is called with an unknown size
(Nick Craig-Wood)
* Try harder to delete a failed upload (Nick Craig-Wood)
* S3
* Add Wasabi's AP-Northeast endpoint info (hota)
* Fix typo in s3 documentation (Greg Sadetsky)
* Seafile
* Fix 2fa config state machine (Fred)
* SFTP
* Remove spurious error message on `--sftp-disable-concurrent-reads`
(Nick Craig-Wood)
* Sugarsync
* Fix initial connection after config re-arrangement (Nick Craig-Wood)
Release v1.47.0 Latest
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Announcement
gRPC C++ 1.47.0 is the first release requiring C++14 (proposal). For those who cannot upgrade to C++14 right now, you can use gRPC C++ 1.46.x in the meantime and gRPC C++ 1.46.x will be maintained by having fixes for critical bugs (P0) and security fixes until 2023-06-01.
Core
xDS: Workaround to get gRPC clients working with istio
Bump core version to 25.0.0 for upcoming release.
Initial support for Haiku.
Add NetBSD support (Community-supported).
server: per-rpc backend metric reporting.
Remove C# implementation (individual packages will continue to be maintained through v2.46.x patches or moved to grpc-dotnet).
C++
Expose NoOpCertificateVerifier to C++.
RouteGuide example: Abort if database file not found.
C#
C#: Suppress CS8981 in generated source.
Python
Set Correct Platform Tag in Wheels on Mac OS with Python 3.10
Removed manylinux2010 python artifacts.
Allow grpcio to be built against system abseil-cpp.
[Python] Add an UDS example.
Ruby
Backport "Support for prebuilt Ruby binary on x64-mingw-ucrt platform
Upgrade ruby rake-compiler-dock images (and stop building ruby gem artifacts on mac, in favor of rake-compile-dock darwin builds).
Other
Downgrade io_bazel_rules_go to v0.27.0 restore Bazel 3.x support.
upstream changes:
-----------------
v1.20.3
Bugfixes:
#8369: Shared device names are missing from "Edit Folder -> Sharing"
#8376: Chrome Autofill Breaks Authentication
#8386: Ignore patterns with wildcard and non-ASCII characters don't work as expected
Enhancements:
#8393: Warn if two devices are introducers to each other
v1.20.2
Bugfixes:
#7289: TCP port 0 is announced in the LAN beacon
#8314: https://relays.syncthing.net/endpoint contains non-valid URLs with spaces
#8355: Upgrading from v1.19.2 to v1.20.x now requires chmod for syncing files
Enhancements:
#8264: Include default ignore patterns in the GUI's advanced configuration editor
#8310: Indicate folders / devices where the remote end is paused.
Updated in wip by Paolo Vincenzo Olivo.
Remove upstreamed patches.
2021-01-10 (0.6.3) Volker Gropp <bwmng(at)gropp.org>
* remove outdated copyright and email
* Merge pull request #25 from fweimer/patch-1 AC_QEF_C_NORETURN: Include
<stdlib.h> for exit
* Merge pull request #27 from ofalk/master Fix potential write to unallocated
memory.
* Merge pull request #28 from vgropp/#2-fix-csv-bits feat: #2 output bits in csv
* Merge pull request #29 from vgropp/#2-fix-csv-bits fix(doc): #2 output bits
in csv
* Merge pull request #32 from vgropp/new-netstat-#5 feat: add support for newer
(2016+) linux netstat #5
2019-01-01 14:50 (0.6.2) Volker Gropp <bwmng(at)gropp.org>
* Merge pull request #22 from vgropp/issue-#13 to fix windows build
* Merge pull request #20 from dreibh/master CSV file output: fix for timestamp
inaccuracy and Y-2038 problem
* Merge pull request #21 from vgropp/travisci add travisci
* Merge pull request #17 from Himura2la/master Add the started time in "sum"
mode
* Merge pull request #18 from Himura2la/fix-dynamic Fix DYNAMIC and ANSIOUT in
config
* Merge pull request #10 from SoapGentoo/fixes Use `static inline` instead of
`inline`
* Merge pull request #9 from adventureloop/master Always fflush the pipe
* Merge pull request #7 from samueloph/fsf_address_clean Update FSF address
* Merge pull request #6 from samueloph/master Fix typos
* fix nan and inf values on fast refresh (fixes debian bug #532331)
23.2.0
Improvements:
- Use `zmq.Event` enums in `parse_monitor_message` for nicer reprs
Fixes:
- Fix building bundled libzmq with `ZMQ_DRAFT_API=1`
- Fix subclassing `zmq.Context` with additional arguments in the constructor.
Subclasses may now have full control over the signature,
rather than purely adding keyword-only arguments
- Typos and other small fixes
Wireshark 3.6.6 Release Notes
What’s New
Note: This is the last release branch with support for 32-bit Windows.
Updates will no longer be available after May 22, 2024 for that
platform. Issue 17779[1]
The Windows installers now ship with Npcap 1.60. They previously
shipped with Npcap 1.55.
Bug Fixes
The following bugs have been fixed:
• TLS: RSA decryption fails with Extended Master Secret and
renegotiation Issue 18059[2].
• "dfilter" file on Windows adds carriage returns, and requires
line feeds Issue 18082[3].
• Npcap bundled version needs a bump to v1.60 for Windows 11
compatibility Issue 18084[4].
• "Browse" button in Prefs/Name Resolution/MaxMind crashes
Wireshark on macOS Issue 18088[5].
• TFTP: some packets are not recognized as TFTP packets with 3.6.5
Issue 18122[6].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
DTLS, F5 Capture Information, F5 Ethernet Trailer, FlexRay, MBIM,
TFTP, TLS, and ZigBee ZCL
2.6.1
- BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails
- BUG/MINOR: ssl_ckch: Free error msg if commit changes on a CA/CRL entry fails
- BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified
- BUG/MEDIUM: ssl_ckch: Don't delete CA/CRL entry if it is being modified
- BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry
- BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a CA/CRL entry
- BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases
- BUG/MEDIUM: ssl_ckch: Rework 'commit ssl ca-file' to handle full buffer cases
- BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases
- BUG/MEDIUM: httpclient: Don't remove HTX header blocks before duplicating them
- BUG/MEDIUM: httpclient: Rework CLI I/O handler to handle full buffer cases
- MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs
- MEDIUM: httpclient: Don't close CLI applet at the end of a response
- REGTESTS: abortonclose: Add a barrier to not mix up log messages
- REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients
- BUG/MINOR: ssl_ckch: Use right type for old entry in show_crlfile_ctx
- BUG/MINOR: ssl_ckch: Dump CRL transaction only once if show command yield
- BUG/MINOR: ssl_ckch: Dump CA transaction only once if show command yield
- BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield
- BUG/MINOR: ssl_ckch: Init right field when parsing "commit ssl crl-file" cmd
- BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler
- BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cafile I/O handler
- BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_crlfile I/O handler
- REGTESTS: http_abortonclose: Extend supported versions
- REGTESTS: restrict_req_hdr_names: Extend supported versions
- BUILD: compiler: implement unreachable for older compilers too
- BUG/MEDIUM: mailers: Set the object type for check attached to an email alert
- BUG/MINOR: trace: Test server existence for health-checks to get proxy
- BUG/MINOR: checks: Properly handle email alerts in trace messages
- REGTESTS: healthcheckmail: Update the test to be functionnal again
- REGTESTS: healthcheckmail: Relax health-check failure condition
- BUG/MINOR: h3: fix frame type definition
- BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs
- BUG/MINOR: server: do not enable DNS resolution on disabled proxies
- BUG/MINOR: cli/stats: add missing trailing LF after "show info json"
- BUG/MEDIUM: mux-quic: fix flow control connection Tx level
- BUG/MINOR: mux-quic: fix memleak on frames rejected by transport
- BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration
- BUG/MEDIUM: stconn: Don't wakeup applet for send if it won't consume data
- BUG/MEDIUM: cli: Notify cli applet won't consume data during request processing
- BUG/MEDIUM: mux-quic: fix segfault on flow-control frame cleanup
- BUG/MINOR: qpack: support header litteral name decoding
- MINOR: qpack: add comments and remove a useless trace
- BUG/MINOR: h3/qpack: deal with too many headers
- BUG/BUILD: h3: fix wrong label name
- BUG/MINOR: quic: Stop hardcoding Retry packet Version field
- BUG/MINOR: quic: Wrong PTO calculation
- BUG/MINOR: task: fix thread assignment in tasklet_kill()
- BUG/MEDIUM: stream: Properly handle destructive client connection upgrades
- MINOR: stream: Rely on stconn flags to abort stream destructive upgrade
- BUG/MINOR: log: Properly test connection retries to fix dontlog-normal option
- BUG/MINOR: quic: Unexpected half open connection counter wrapping
- BUG/MINOR: quic_stats: Duplicate "quic_streams_data_blocked_bidi" field name
- BUG/MINOR: quic: purge conn Rx packet list on release
- BUG/MINOR: quic: free rejected Rx packets
- BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list
- BUG/MINOR: quic: Acknowledgement must be forced during handshake
- BUG/MEDIUM: mworker: use default maxconn in wait mode
- REGTESTS: ssl: add the same cert for client/server
camlp4 is an outdated way to build packages with caml and does not work
with pkgsrc ocaml versions for more than a year.
Remove camlp4 and all packages using it.
Ok jaapb@
Deprecate support for Python 3.6
Add option --download-sections to download video partially
Chapter regex and time ranges are accepted (Eg: --download-sections *1:10-2:20)
Add option --alias
Add option --lazy-playlist to process entries as they are received
Add option --retry-sleep
Add slicing notation to --playlist-items
Adds support for negative indices and step
Add -I as alias for --playlist-index
Makes --playlist-start, --playlist-end, --playlist-reverse, --no-playlist-reverse redundant
--config-location - to provide options interactively
[build] Add Linux standalone builds
[update] Self-restart after update
Merge youtube-dl: Upto commit/8a158a9
Add --no-update
Allow extractors to specify section_start/end for clips
Do not print progress to stderr with -q
Ensure pre-processor errors do not block video download
Fix --simulate --max-downloads
Improve error handling of bad config files
Return an error code if update fails
Fix bug in 3a408f9
[ExtractAudio] Allow conditional conversion
[ModifyChapters] Fix repeated removal of small segments
[ThumbnailsConvertor] Allow conditional conversion
[cookies] Detect profiles for cygwin/BSD by moench-tegeder
[dash] Show fragment count with --live-from-start by flashdagger
[extractor] Add _search_json by coletdjnz, pukkandan
[extractor] Add default parameter to _search_json by coletdjnz, pukkandan
[extractor] Add dev option --load-pages
[extractor] Handle json_ld with multiple @types
[extractor] Import _ALL_CLASSES lazily
[extractor] Recognize src attribute from HTML5 media elements by Lesmiscore
[extractor/generic] Revert e6ae51c
[f4m] Bugfix
[ffmpeg] Check version lazily
[jsinterp] Some optimizations and refactoring by dirkf, pukkandan
[utils] Improve performance using functools.cache
[utils] Send HTTP/1.1 ALPN extension by coletdjnz
[utils] ExtractorError: Fix exc_info
[utils] ISO3166Utils: Add EU and AP
[utils] Popen: Refactor to use contextmanager
[utils] locked_file: Fix for PyPy on Windows
[update] Expose more functionality to API
[update] Use .git folder to distinguish source/unknown
[build] Fix updating homebrew formula
[compat] Add functools.cached_property
[test] Fix FakeYDL signatures by coletdjnz
[docs] Improvements
[cleanup, ExtractAudio] Refactor
[cleanup, downloader] Refactor report_progress
[cleanup, extractor] Refactor _download_... methods
[cleanup, extractor] Rename extractors.py to _extractors.py
[cleanup, utils] Don't use kwargs for format_field
[cleanup, build] Refactor
[cleanup, docs] Re-indent "Usage and Options" section
[cleanup] Deprecate YoutubeDL.parse_outtmpl
[cleanup] Misc fixes and cleanup by Lesmiscore, MrRawes, christoph-heinrich, flashdagger, gamer191, kwconder, pukkandan
[extractor/DailyWire] Add extractors by HobbyistDev, pukkandan
[extractor/fourzerostudio] Add extractors by Lesmiscore
[extractor/GoogleDrive] Add folder extractor by evansp, pukkandan
[extractor/MirrorCoUK] Add extractor by LunarFang416, pukkandan
[extractor/atscaleconfevent] Add extractor by Ashish0804
[extractor/freetv] Add extractor by elyse0
[extractor/ixigua] Add Extractor by HobbyistDev
[extractor/kicker.de] Add extractor by HobbyistDev
[extractor/netverse] Add extractors by HobbyistDev, pukkandan
[extractor/playsuisse] Add extractor by pukkandan, sbor23
[extractor/substack] Add extractor by elyse0
[extractor/youtube] Support downloading clips
[extractor/youtube] Add innertube_host and innertube_key extractor args by coletdjnz
[extractor/youtube] Add warning for PostLiveDvr
[extractor/youtube] Bring back _extract_chapters_from_description
[extractor/youtube] Extract comment_count from webpage
[extractor/youtube] Fix :ytnotifications extractor by coletdjnz
[extractor/youtube] Fix initial player response extraction by coletdjnz, pukkandan
[extractor/youtube] Fix live chat for videos with content warning by coletdjnz
[extractor/youtube] Make signature extraction non-fatal
[extractor/youtube:tab] Detect videoRenderer in _post_thread_continuation_entries
[extractor/BiliIntl] Fix metadata extraction
[extractor/BiliIntl] Fix subtitle extraction by HobbyistDev
[extractor/FranceCulture] Fix extractor by aurelg, pukkandan
[extractor/PokemonSoundLibrary] Remove extractor by Lesmiscore
[extractor/StreamCZ] Fix extractor by adamanldo, dirkf
[extractor/WatchESPN] Support free videos and BAM_DTC by ischmidt20
[extractor/animelab] Remove extractor by gamer191
[extractor/bloomberg] Change playback endpoint by m4tu4g
[extractor/ccc] Extract view_count by vkorablin
[extractor/crunchyroll:beta] Fix extractor after API change by Burve, tejing1
[extractor/curiositystream] Get auth_token from cookie by mnn
[extractor/digitalconcerthall] Fix extractor by ZhymabekRoman
[extractor/dropbox] Extract the correct mountComponent
[extractor/dropout] Login is not mandatory
[extractor/duboku] Fix for hostname change by mozbugbox
[extractor/espn] Add WatchESPN extractor by ischmidt20, pukkandan
[extractor/expressen] Fix extractor by aejdl
[extractor/foxnews] Update embed extraction by elyse0
[extractor/ina] Fix extractor by elyse0
[extractor/iwara:user] Make paging better by Lesmiscore
[extractor/jwplatform] Look for data-video-jw-id
[extractor/lbry] Update livestream API by flashdagger
[extractor/mediaset] Improve _VALID_URL
[extractor/naver] Add navernow extractor by ping
[extractor/niconico:series] Fix extractor by sqrtNOT
[extractor/npr] Use stream url from json-ld by r5d
[extractor/pornhub] Extract uploader_id field by Lesmiscore
[extractor/radiofrance] Add more radios by bubbleguuum
[extractor/rumble] Detect JS embed
[extractor/rumble] Extract subtitles by fstirlitz
[extractor/southpark] Add southpark.lat extractor by darkxex
[extractor/spotify:show] Fix extractor
[extractor/tiktok] Detect embeds
[extractor/tiktok] Extract SIGI_STATE by dirkf, pukkandan, sulyi
[extractor/tver] Fix extractor by Lesmiscore
[extractor/vevo] Fix extractor by Lesmiscore
[extractor/yahoo:gyao] Fix extractor
[extractor/zattoo] Fix live streams by miseran
[extractor/zdf] Improve format sorting by elyse0
GitHub CLI 2.12.1
* pr merge: fix merge queue API access for PAT consumers by
* Use go-gh repository.ParseWithHost
* Use go-gh for SSH hostname alias translation
GitHub CLI 2.12.0
* pr merge: add merge queue support
The merge queue feature is currently in beta and available to only some
repositories, but if a base branch has merge queue enabled, gh pr merge
will add any pull request targeting that branch to the associated merge
queue instead of attempting to immediately merge it.
* codespace edit: add ability to interactively choose a codespace
* repo list: fix compatibility with GHES older than v3.3
* repo edit: fix interactive mode compatibility with GHES older than v3.3
* pr create: allow forking of repositories with "internal" visibility
* auth logout: remove confirmation prompt
* repo create: fix "git init" instructions for paths that have spaces
* codespace create: update prebuild availability status display
* Clean up progress indicator if codespace fails to start
* Extract LiveshareSession interface
pkgsrc changes:
- Now needs Python>=3.9 per upstream
- Further relax py-cryptography needs (seems to runs fine also with older
py-cryptography) because in pkgsrc we do not have yet cryptography>=36.
Changes:
## 15 May 2022: mitmproxy 8.1.0
* Mostly a Bug fix release
* DNS support
* Mitmproxy now requires Python 3.9 or above.
## 19 March 2022: mitmproxy 8.0.0
### Major Changes
* Major improvements to the web interface
* Event hooks can now be async
* New `tls_{established,failed}_{client,server}` event hooks to record
negotiation success/failure
### Security Fixes
* CVE-2022-24766: Fix request smuggling vulnerability reported by @zeyu2001
netop is a terminal command line interface that can customize the filter
network traffic rule.
Features
-Use the bpf rule filter
-Multi-rule switching
-Real-time rate
-Total traffic
-Response UI
-Resource occupation is small, rust Written
-Support docker deployment
Bug fixes:
Double lines when pasting text from Linux to Windows
Address issues with modifiers and dead keys
Fix compilation issues for FreeBSD
Memory leaks in language sync and TLS functionality
Memory leaks in copy/paste and drag and drop functionality
Disable drag and drop by default
Changes in version 0.4.7.8 - 2022-06-17
This version fixes several bugfixes including a High severity security issue
categorized as a Denial of Service. Everyone running an earlier version
should upgrade to this version.
o Major bugfixes (congestion control, TROVE-2022-001):
- Fix a scenario where RTT estimation can become wedged, seriously
degrading congestion control performance on all circuits. This
impacts clients, onion services, and relays, and can be triggered
remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
bug 40626; bugfix on 0.4.7.5-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on June 17, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/06/17.
o Minor bugfixes (linux seccomp2 sandbox):
- Allow the rseq system call in the sandbox. This solves a crash
issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
40601; bugfix on 0.3.5.11.
o Minor bugfixes (logging):
- Demote a harmless warn log message about finding a second hop to
from warn level to info level, if we do not have enough
descriptors yet. Leave it at notice level for other cases. Fixes
bug 40603; bugfix on 0.4.7.1-alpha.
- Demote a notice log message about "Unexpected path length" to info
level. These cases seem to happen arbitrarily, and we likely will
never find all of them before the switch to arti. Fixes bug 40612;
bugfix on 0.4.7.5-alpha.
o Minor bugfixes (relay, logging):
- Demote a harmless XOFF log message to from notice level to info
level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.
2.6.0
- DOC: Fix formatting in configuration.txt to fix dconv
- CLEANUP: tcpcheck: Remove useless test on the stream-connector in tcpcheck_main
- CLEANUP: muxes: Consider stream's sd as defined in .show_fd callback functions
- MINOR: quic: Ignore out of packet padding.
- CLEANUP: quic: Useless QUIC_CONN_TX_BUF_SZ definition
- CLEANUP: quic: No more used handshake output buffer
- MINOR: quic: QUIC transport parameters split.
- MINOR: quic: Transport parameters dump
- DOC: quic: Update documentation for QUIC Retry
- MINOR: quic: Tunable "max_idle_timeout" transport parameter
- MINOR: quic: Tunable "initial_max_streams_bidi" transport parameter
- MINOR: quic: Clarifications about transport parameters value
- MINOIR: quic_stats: add QUIC connection errors counters
- BUG/MINOR: quic: Largest RX packet numbers mixing
- MINOR: quic_stats: Add transport new counters (lost, stateless reset, drop)
- DOC: quic: Documentation update for QUIC
- MINOR: quic: Connection TX buffer setting renaming.
- MINOR: h3: Add a statistics module for h3
- MINOR: quic: Send STOP_SENDING frames if mux is released
- MINOR: quic: Do not drop packets with RESET_STREAM frames
- BUG/MINOR: qpack: fix buffer API usage on prefix integer encoding
- BUG/MINOR: qpack: support bigger prefix-integer encoding
- BUG/MINOR: h3: do not report bug on unknown method
- SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs
- SCRIPTS: make publish-release try to launch make-releases-json
- MINOR: htx: add an unchecked version of htx_get_head_blk()
- BUILD: htx: use the unchecked version of htx_get_head_blk() where needed
- BUILD: quic: use inttypes.h instead of stdint.h
- DOC: internal: remove totally outdated diagrams
- DOC: remove the outdated ROADMAP file
- DOC: add maintainers for QUIC and HTTP/3
- MINOR: h3: define h3 trace module
- MINOR: h3: add traces on frame recv
- MINOR: h3: add traces on frame send
- MINOR: h3: add traces on h3s init/end
- EXAMPLES: remove completely outdated acl-content-sw.cfg
- BUILD: makefile: reorder objects by build time
- DOC: fix a few spelling mistakes in the docs
- BUG/MEDIUM: peers/cli: fix "show peers" crash
- CLEANUP: peers/cli: stop misusing the appctx local variable
- CLEANUP: peers/cli: make peers_dump_peer() take an appctx instead of an stconn
- BUG/MINOR: peers: set the proxy's name to the peers section name
- MINOR: server: indicate when no address was expected for a server
- BUG/MINOR: peers: detect and warn on init_addr/resolvers/check/agent-check
- DOC: peers: indicate that some server settings are not usable
- DOC: peers: clarify when entry expiration date is renewed.
- DOC: peers: fix port number and addresses on new peers section format
- DOC: gpc/gpt: add commments of gpc/gpt array definitions on stick tables.
- DOC: install: update supported OpenSSL versions in the INSTALL doc
- MINOR: ncbuf: adjust ncb_data with NCBUF_NULL
- BUG/MINOR: h3: fix frame demuxing
- BUG/MEDIUM: h3: fix H3_EXCESSIVE_LOAD when receiving H3 frame header only
- BUG/MINOR: quic: Fix QUIC_EV_CONN_PRSAFRM event traces
- CLEANUP: quic: remove useless check on local UNI stream reception
- BUG/MINOR: qpack: do not consider empty enc/dec stream as error
- DOC: intro: adjust the numbering of paragrams to keep the output ordered
- MINOR: version: mention that it's LTS now.
Changelog:
Version 3.1.8
Thursday, April 28, 2022
Features:
+ knotd: optional automatic ACL for XFR and NOTIFY (see
'remote.automatic-acl')
+ knotd: new soft zone semantic check mode for allowing defective zone
loading
+ knotc: added zone transfer freeze state to the zone status output
Improvements:
+ knotd: added configuration check for serial policy of generated
catalogs
Bugfixes:
+ knotd/libknot: the server can crash when validating a malformed TSIG
record
+ knotd: outgoing zone transfer freeze not preserved during server reload
+ knotd: catalog UPDATE not processed if previous UPDATE processing not
finished #790
+ knotd: zone refresh not started if planned during server reload
+ knotd: generated catalogs can be queried over UDP
+ knotd/utils: failed to open LMDB database if too many stale slots
occupy the lock table
Version 3.1.7
Wednesday, March 30, 2022
Features:
+ knotd: new configuration items for restricting minimum and maximum zone
expire and retry intervals (see 'zone.expire-min-interval',
'zone.expire-max-interval', 'zone.retry-min-interval',
'zone.retry-max-interval') #785
+ knotc: added catalog information to zone status
Improvements:
+ knotd: better warning message if SOA serial comparison failed when
loading from zone file
+ knotc: zone status shows all zone events when frozen
+ keymgr: better error message is returned when importing SKR with
insufficient permissions
+ kdig: transfer status is also printed if failed
Bugfixes:
+ knotd: incomplete implementation of the Offline KSK mode in the IXFR
and DDNS processing
+ knotd: catalog zone accepts duplicate members via UPDATE #786
+ knotd: server crashes if catalog database contains orphaned member
zones
+ knotd: old journal is scraped when restoring just the zone file
+ knotd: some planned zone events can be lost during server reload
+ knotd: frozen zone gets thawed during server reload
+ knsupdate: missing section names in the show output
+ knsupdate: inappropriate log message if called from a script
Version 3.1.6
Tuesday, February 8, 2022
Features:
+ knotd: optional D-Bus notifications for significant server and zone
events (see 'server.dbus-event')
+ knotd: new submission configuration option for delayed KSK
post-activation (see 'submission.parent-delay')
+ knotc: new commands for outgoing XFR freeze (see 'zone-xfr-freeze' and
'zone-xfr-thaw')
+ kzonesign: added multithreaded DNSSEC validation mode (see '--verify')
Improvements:
+ kdig: trailing data in reply packet is accepted with a warning
+ kdig: XFR responses are checked if SOA owners match
+ knotd: failed remote operations are logged as info instead of debug
+ knsec3hash: added alternative and more natural parameter semantics
+ knsupdate: interactive mode is newly based on library Editline
+ Dockerfile: added UID argument to facilitate the use of unprivileged
container #783
+ doc: various fixes and improvements
Bugfixes:
+ libknot: inaccurate KNOT_DNAME_TXT_MAXLEN constant value #781
+ knotd: propagation delay not considered before DS push
+ knotd: excessive refresh retry delay when a few early attemps fail
+ knotd: duplicate KSK submission log message during a KSK rollover
+ kdig: dname letter case not preserved in XFR and Dnstap outputs
+ mod-cookies: missing server cookie in responses over TCP
Version 3.1.5
Monday, December 20, 2021
Features:
+ knotd: optional outgoing TCP connection pool for faster communication
with remotes (see 'server.remote-pool-limit' and
'server.remote-pool-timeout')
+ knotd: optional unreachable remote tracking to avoid zone events
clogging (see 'server.remote-retry-delay')
+ knotd: new ZONEMD generation mode for the record removal from the zone
apex #760 (see 'zone.zonemd-generate: remove')
+ mod-dnsproxy: new source address match option (see
'mod-dnsproxy.address')
+ scripts/probe_dump: simple mod-probe client
Improvements:
+ knotd: DS push sets DS TTL equal to DNSKEY TTL
+ knotd: extended zone purge error logging
+ knotd: zone file parsing error message was extended by the file name
+ knotd: improved debug log message when TCP timeout is reached
+ knotd: new configuration check for using the default number of NSEC3
iterations
+ knotd: new configuration check for insufficient RRSIG refresh time
+ mod-geoip: configuration check newly verifies the module configuration
file #778
+ kdig: option +notimeout or +timeout=0 is interpreted as infinity
+ kdig: option +noretry is interpreted as zero retries
+ python/probe: more detailed default output format
+ doc: many spelling fixes (Thanks to Josh Soref)
+ doc: various fixes and improvements
Bugfixes:
+ knotd: imperfect TCP connection closing in the XDP mode
+ knotd: TCP reset packets are wrongly checked for ackno in the XDP mode
+ knotd: only first zone name is logged for multi-zone control operations
#776
+ knotd: minor memory leak when full zone update fails to write to
journal
+ knotc: configuration check doesn't check a configuration database
+ mod-dnstap: incorrect QNAME case restore in some corner cases (Thanks
to Robert Edmonds) #777
Changelog:
6 May 2022: Wouter
- Merge #209: IXFR out
This adds IXFR out functionality to NSD. NSD can copy IXFRs from
upstream to downstream clients, or create IXFRs from zonefiles.
The options store-ixfr: yes and create-ixfr: yes can be used to
turn this on. Default is turned off. The options ixfr-number and
ixfr-size can be used to tune the number of IXFR transfers and
total data size stored. This is configured per zone, the IXFRs
are served to the hosts that are allowed to perform zone transfers.
And if TSIG is configured, signed with the same key. The content
is stored to file if a zonefile is configured for the zone, in
the zonefile.ixfr and zonefile.ixfr.2, .. files. They contain
readable text format. The number of IXFRs is num.rixfr in
statistics output, also per zone if per zone statistics are enabled.
If offline, nsd-checkzone -i can create ixfr files.
NSD already supports requesting IXFRs, this addition allows NSD
to serve IXFR transfers to clients.
NSD stops responding with NOTIMPL to IXFR requests, also for zones
that do not have IXFR enabled. The clients gets a full zone reply
or a status reply if the serial is up to date.
- set version to 4.5.0 for feature change.
- Tag for 4.5.0rc1 release. It became the 4.5.0 release on 13 May 2022.
14 April 2022: Wouter
- Update cirrus script FreeBSD version.
25 March 2022: Wouter
- Fix spelling error in comment in svcbparam_lookup_key.
2 March 2022: Wouter
- Fix code analyzer zero divide warning.
- Fix code analyzer large value with assertion.
- Fix another code analyzer zero divide warning.
- Fix code analyzer warning about uninitialized temp storage in loop.
10 February 2022: Wouter
- Tag for 4.4.0rc1 release. This became 4.4.0 release on 17 Feb 2022,
the code repository continues with version 4.4.1.
9 February 2022: Wouter
- Fix unit tests for nds-control-setup exit code and the
xfrd-tcp-max default.
7 February 2022: Wouter
- Merge #207 Sync nsd-control-setup with unbound-control-setup to
generate certificates with SANs.
28 January 2022: Wouter
- Fix#206: build with --without-ssl fails.
27 January 2022: Wouter
- current code branch continues as version 4.4.0, because of added
feature.
26 January 2022: Wouter
- Merge #193: Lower memory usage of the XFRD process by default.
Instead of preallocating all elements, they are allocated when used.
There are options for managing the memory usage, defaults are the
same as before. xfrd-tcp-max sets the number of sockets for tcp
connections that xfrd can make to download zone contents. And
xfrd-tcp-pipeline the number of simultaneous transfers over the
same connection.
12 January 2022: Wouter
- Fix to document nsd-checkzone -p in the man page for nsd-checkzone.
7 January 2022: Wouter
- Fix to change file mode before changing file owner for the
nsd-control unix socket file.
3 January 2022: Wouter
- Merge #204 from jonathangray: correct some spelling mistakes.
15 December 2021: Wouter
- Fix#200: nsd-checkzone succeeds even with incorrect serial in SOA
record.
2 December 2021: Wouter
- Fix socket_partitioning unit test for FreeBSD.
- Fix SVCB test to work around older dig with drill.
- Fix unit test to not syslog setlogin failures.
