pkgsrc changes:
- remove a patch applied to upstream
- pull a post 3.4.2 fix for detection of sixel support
Upstream changes:
* 3.4.2 (2020/02/01)
Support monochrome terminal.
Implement --no-color option.
Add --no-image option (past --noimg is still valid)
Show an icon mark on non-sixel-capable terminal.
Autodetect if terminal supports sixel or not.
Release v1.27.0
Core
fix build with OpenSSL1.1.1+ on Windows.
Add a new submodule libuv v1.34.0.
grpclb: Add support for balancer telling client to enter fallback mode.
Bare bones of the libuv EventManager.
Allow default use of system root certs on Android.
C++
Backport: Fix regression in MSVC runtime flag (for v1.27.x).
Add Support for Full Chain Callbacks - experimental namespace.
Improve documentation for building with CMake.
Conditionally enable OPENSSL_NO_ASM for Visual Studio.
Allow gRPC_INSTALL with module providers.
Add Findc-ares.cmake module.
Census client filter: use current span and tags.
Improve & update BUILDING.md.
Twisted 19.10.0:
Features
- twisted.trial.successResultOf, twisted.trial.failureResultOf, and
twisted.trial.assertNoResult accept coroutines as well as Deferreds.
Bugfixes
- Fixed circular import in twisted.trial.reporter, introduced in Twisted 16.0.0.
- The POP3 server implemented by twisted.mail.pop3 now accepts passwords that contain spaces.
- Incoming HTTP/2 connections will now not time out if they persist for longer than one minute.
- The serial extra now requires pywin32 on Windows enabling use of twisted.internet.serialport without specifying the windows_platform extra.
Bugfixes
- twisted.conch.ssh.keys now correctly writes the "iqmp" parameter in serialized RSA private keys as q^-1 mod p rather than p^-1 mod q.
Features
- twisted.web.server.Request will now use twisted.web.server.Site.getContentFile, if it exists, to get a file into which to write request content. If getContentFile is not provided by the site, it will fall back to the previous behavior of using io.BytesIO for small requests and tempfile.TemporaryFile for large ones.
Bugfixes
- twisted.web.client.FileBodyProducer will now stop producing when the Deferred returned by FileBodyProducer.startProducing is cancelled.
- The HTTP/2 server implementation now enforces TCP flow control on control frame messages and times out clients that send invalid data without reading responses. This closes CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora.
Twisted 19.7.0:
Features
- The callable argument to twisted.internet.task.deferLater() is no longer required.
- Twisted's minimum Cryptography requirement is now 2.5.
- twisted.internet.utils.getProcessOutputAndValue now accepts `stdinBytes` to write to the child process's standard input.
- Add new twisted.logger.capturedLogs context manager for capturing observed log events in tests.
- twisted.internet.base.PluggableResolverMixin, which implements the pluggable resolver interfaces for easier re-use in other reactors, has been factored out of ReactorBase.
- The PyPI page for Twisted has been enhanced to include more information and useful links.
Bugfixes
- twisted.internet.endpoints is now importable on Windows when pywin32 is not installed.
- twisted.conch.ssh now generates correct keys when using hmac-sha2-512 with SHA1 based KEX algorithms.
- twisted.internet.iocpreactor.abstract.FileHandle no longer duplicates/looses outgoing data when .write() is called in rapid succession with large payloads
- twisted.application.backoffPolicy will not fail on connection attempts > 1750 with default settings.
- Trial on Python 3 will now properly re-raise ImportErrors that occur during the import of a module, rather than saying the module doesn't exist.
- twisted.internet.process does not fail on import when the process has more than 1024 file descriptors opened.
- Add the stackLevel keyword argument to twisted.logger.STDLibLogObserver._findCaller to fix an incompatibility with Python 3.8.
Improved Documentation
- Fix the incorrect docstring for twisted.python.components.Componentized.addComponent which stated that the function returned a list of interfaces, even though the function doesn't actually do so.
Deprecations and Removals
- twisted.test.proto_helpers has moved to twisted.internet.testing. twisted.test.proto_helpers has been deprecated.
- twisted.protocols.mice, deprecated since Twisted 16.0, has been removed.
- twisted.conch.insults.client and twisted.conch.insults.colors, deprecated since Twisted 10.1, have been removed.
- The __version__ attribute of Twisted submodules that were previously packaged separately, deprecated since Twisted 16.0, has been removed.
- Python 3.4 is no longer supported.
- twisted.python.compat.OrderedDict, an alias for collections.OrderedDict and deprecated since Twisted 15.5, has been removed.
Bugfixes
- t.c.ssh.connection.SSHConnection now fails channels that are in the process of opening when the connection is lost.
Features
- twisted.web.tap, the module that is run by `twist web`, now accepts --display-tracebacks to render tracebacks on uncaught exceptions.
Bugfixes
- twisted.web.http.Request.write after the channel is disconnected will no longer raise AttributeError.
- twisted.web.client.Agent.request() and twisted.web.client.ProxyAgent.request() now produce TypeError when the method argument is not bytes, rather than failing to generate the request.
- twisted.web.http.HTTPChannel no longer raises TypeError internally when receiving a line-folded HTTP header on Python 3.
- All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters. This mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this vulnerability.
- twisted.web.server.Site's instance variable displayTracebacks is now set to False by default.
Improved Documentation
- twisted.web.iweb.IRequest's "prepath" and "postpath" attributes, which have existed for a long time, are now documented.
- The documented type of t.w.iweb.IRequest's "method" and "uri" attributes on Python 3 has been corrected to match the implementation.
- t.w.iweb.IRequest's "args" attribute is now correctly documented to be bytes.
- The API documentation of twisted.web.iweb.IRequest and twisted.web.http.Request has been updated and extended to match the implementation.
Deprecations and Removals
- Passing a path argument to twisted.web.resource.Resource.putChild which is not of type bytes is now deprecated. In the future, passing a non-bytes argument to putChild will return an error.
- Passing --notracebacks/-n to twisted.web.tap, the module that is run by `twist web`, is now deprecated due to traceback rendering being disabled by default.
Features
- twisted.words.protocols.jabber.xmlstream.TLSInitiatingInitializer and twisted.words.protocols.jabber.client.XMPPClientFactory now take an optional configurationForTLS for customizing certificate options for StartTLS.
Bugfixes
- twisted.words.protocols.jabber.xmlstream.TLSInitiatingInitializer now properly verifies the server's certificate against platform CAs and the stream's domain, mitigating CVE-2019-12855.
Bugfixes
- twisted.names.client.Resolver will no longer infinite loop if it cannot bind a UDP port to use for resolving.
Twisted 19.2.0:
This is the final release that will support Python 3.4.
Features
- twisted.internet.ssl.CertificateOptions now uses 32 random bytes instead of an MD5 hash for the ssl session identifier context.
- DeferredLock and DeferredSemaphore can be used as asynchronous context
managers on Python 3.5+.
- t.i.b.BaseConnector has custom __repr__
- twisted.internet.ssl.optionsForClientTLS now supports validating IP addresses from the certificate subjectAltName
- Twisted's minimum Cryptography requirement is now 2.5.
Bugfixes
- twisted.web.proxy.ReverseProxyResource fixed documentation and example snippet
- twisted.python.failure.Failure.getTracebackObject now returns traceback objects whose frames can be passed into traceback.print_stack for better debugging of where the exception came from.
- twisted.internet.ssl.KeyPair.generate: No longer generate 1024-bit RSA keys by default. Anyone who generated a key with this method using the default value should move to replace it immediately.
- The message of twisted.internet.error.ConnectionAborted is no longer truncated.
- twisted.enterprise.adbapi.ConnectionPool.connect now logs only the dbapiName and not the connection arguments, which may contain credentials
- twisted.python.runtime.Platform.supportsINotify no longer considers the result of isDocker for its own result.
Improved Documentation
- The documentation for the the twisted.internet.interfaces.IConsumer, IProducer, and IPullProducer interfaces is more detailed.
- The errback example in the docstring of twisted.logger.Logger.failure has been corrected.
- The sample code in the "Twisted Web In 60 Seconds" tutorial runs on Python 3.
Features
- twisted.conch.ssh.keys can now read private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8.
Bugfixes
- Conch now uses pyca/cryptography for Diffie-Hellman key generation and agreement.
Features
- twisted.web.client.HostnameCachingHTTPSPolicy was added as a new contextFactory option. The policy caches a specified number of twisted.internet.interfaces.IOpenSSLClientConnectionCreator instances to to avoid the cost of instantiating a connection creator for multiple requests to the same host.
Bugfixes
- twisted.web.http.Request.cookies, twisted.web.http.HTTPChannel.writeHeaders, and twisted.web.http_headers.Headers were all vulnerable to header injection attacks. They now replace linear whitespace ('\r', '\n', and '\r\n') with a single space. twisted.web.http.Reqeuest.cookies also replaces semicolons (';') with a single space.
- twisted.web.client.Request and twisted.web.client.HTTPClient were both vulnerable to header injection attacks. They now replace linear whitespace ('\r', '\n', and '\r\n') with a single space.
Features
- twisted.names.dns now has IRecord implementations for the SSHFP and TSIG record types.
* Version 2.0.39
- The Firefox Local DoH service didn't properly work in version 2.0.38;
this has been fixed. Thanks to Simon Brand for the report!
* Version 2.0.38
- Entries from lists (forwarding, blacklists, whitelists) now support
inline comments.
- Reliability improvement: queries over UDP are retried after a timeout
instead of solely relying on the client.
- Reliability improvement: during temporary network outages, cached records
are now served even if they are stale.
- Bug fix: SOCKS proxies and DNS relays can be combined.
- New feature: multiple fallback resolvers are now supported (see the
new `fallback_resolvers` option. Note that `fallback_resolver` is
still supported for backward compatibility).
- Windows: the service can be installed with a configuration file
stored separately from the application.
- Security (affecting DoH): precompiled binaries of dnscrypt-proxy 2.0.37 are
built using Go 1.13.7 that fixes a TLS certificate parsing issue present in
previous versions of the compiler.
Changes:
0.4.2.6
-------
This is the second stable release in the 0.4.2.x series. It backports
several bugfixes from 0.4.3.1-alpha, including some that had affected
the Linux seccomp2 sandbox or Windows services. If you're running with
one of those configurations, you'll probably want to upgrade;
otherwise, you should be fine with 0.4.2.5.
o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha):
- Correct how we use libseccomp. Particularly, stop assuming that
rules are applied in a particular order or that more rules are
processed after the first match. Neither is the case! In
libseccomp <2.4.0 this lead to some rules having no effect.
libseccomp 2.4.0 changed how rules are generated, leading to a
different ordering, which in turn led to a fatal crash during
startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by
Peter Gerber.
- Fix crash when reloading logging configuration while the
experimental sandbox is enabled. Fixes bug 32841; bugfix on
0.4.1.7. Patch by Peter Gerber.
o Minor bugfixes (correctness checks, backport from 0.4.3.1-alpha):
- Use GCC/Clang's printf-checking feature to make sure that
tor_assertf() arguments are correctly typed. Fixes bug 32765;
bugfix on 0.4.1.1-alpha.
o Minor bugfixes (logging, crash, backport from 0.4.3.1-alpha):
- Avoid a possible crash when trying to log a (fatal) assertion
failure about mismatched magic numbers in configuration objects.
Fixes bug 32771; bugfix on 0.4.2.1-alpha.
o Minor bugfixes (testing, backport from 0.4.3.1-alpha):
- When TOR_DISABLE_PRACTRACKER is set, do not apply it to the
test_practracker.sh script. Doing so caused a test failure. Fixes
bug 32705; bugfix on 0.4.2.1-alpha.
- When TOR_DISABLE_PRACTRACKER is set, log a notice to stderr when
skipping practracker checks. Fixes bug 32705; bugfix
on 0.4.2.1-alpha.
o Minor bugfixes (windows service, backport from 0.4.3.1-alpha):
- Initialize the publish/subscribe system when running as a windows
service. Fixes bug 32778; bugfix on 0.4.1.1-alpha.
o Testing (backport from 0.4.3.1-alpha):
- Turn off Tor's Sandbox in Chutney jobs, and run those jobs on
Ubuntu Bionic. Turning off the Sandbox is a work-around, until we
fix the sandbox errors in 32722. Closes ticket 32240.
- Re-enable the Travis CI macOS Chutney build, but don't let it
prevent the Travis job from finishing. (The Travis macOS jobs are
slow, so we don't want to have it delay the whole CI process.)
Closes ticket 32629.
o Testing (continuous integration, backport from 0.4.3.1-alpha):
- Use zstd in our Travis Linux builds. Closes ticket 32242.
build with qt5 5.14
All frameworks
Port from QRegExp to QRegularExpression
Port from qrand to QRandomGenerator
Fix compilation with Qt 5.15 (e.g. endl is now Qt::endl,
QHash insertMulti now requires using QMultiHash...)
Attica
Don't use a verified nullptr as a data source
Support multiple children elements in comment elements
Set a proper agent string for Attica requests
Baloo
Correctly report if baloo_file is unavailable
Check cursor_open return value
Initialise QML monitor values
Move URL parsing methods from kioslave to query object
Breeze Icons
Change XHTML icon to be a purple HTML icon
Merge headphones and zigzag in the center
Add application/x-audacity-project icon
Add 32px preferences-system
Add application/vnd.apple.pkpass icon
icon for ktimetracker using the PNG in the app repo, to be replaced
with real breeze SVG
add kipi icon, needs redone as a breeze theme svg [or just kill off kipi]
Extra CMake Modules
[android] Fix apk install target
Support PyQt5 compiled with SIP 5
Framework Integration
Remove ColorSchemeFilter from KStyle
KDE Doxygen Tools
Display fully qualified class/namespace name as page header
KCalendarCore
Improve README.md to have an Introduction section
Make incidence geographic coordinate also accessible as a property
Fix RRULE generation for timezones
KCMUtils
Deprecate KCModuleContainer
KCodecs
Fix invalid cast to enum by changing the type to int rather than enum
KCompletion
Deprecate KPixmapProvider
[KHistoryComboBox] Add method to set an icon provider
KConfig
kconfig EBN transport protocol cleanup
Expose getter to KConfigWatcher's config
Fix writeFlags with KConfigCompilerSignallingItem
Add a comment pointing to the history of Cut and Delete sharing a shortcut
KConfigWidgets
Rename "Configure Shortcuts" to "Configure Keyboard Shortcuts"
KContacts
Align ECM and Qt setup with Frameworks conventions
Specify ECM dependency version as in any other framework
KCoreAddons
Add KPluginMetaData::supportsMimeType
[KAutoSaveFile] Use QUrl::path() instead of toLocalFile()
Unbreak build w/ PROCSTAT: add missing impl. of KProcessList::processInfo
[KProcessList] Optimize KProcessList::processInfo
[KAutoSaveFile] Improve the comment in tempFileName()
Fix KAutoSaveFile broken on long path
KDeclarative
[KeySequenceHelper] Grab actual window when embedded
Add optional subtitle to grid delegate
[QImageItem/QPixmapItem] Don't lose precision during calculation
KFileMetaData
Partial fix for accentuated characters in file name on Windows
Remove unrequired private declarations for taglibextractor
Partial solution to accept accentuated characters on windows
xattr: fix crash on dangling symlinks
KIconThemes
Set breeze as default theme when reading from configuration file
Deprecate the top-level IconSize() function
Fix centering scaled icons on high dpi pixmaps
KImageFormats
pic: Fix Invalid-enum-value undefined behaviour
KIO
[KFilePlacesModel] Fix supported scheme check for devices
Embed protocol data also for Windows version of trash ioslave
Adding support for mounting KIOFuse URLs for applications that don't use KIO
Add truncation support to FileJob
Deprecate KUrlPixmapProvider
Deprecate KFileWidget::toolBar
[KUrlNavigator] Add RPM support to krarc:
KFilePlaceEditDialog: fix crash when editing the Trash place
Add button to open the folder in filelight to view more details
Show more details in warning dialog shown before starting a
privileged operation
KDirOperator: Use a fixed line height for scroll speed
Additional fields such as deletion time and original path are now
shown in the file properties dialog
KFilePlacesModel: properly parent tagsLister to avoid memleak.
HTTP ioslave: call correct base class in virtual_hook(). The
base of HTTP ioslave is TCPSlaveBase, not SlaveBase
Ftp ioslave: fix 4 character time interpreted as year
Re-add KDirOperator::keyPressEvent to preserve BC
Use QStyle for determining icon sizes
Kirigami
ActionToolBar: Only show the overflow button if there are visible
items in the menu
Don't build and install app templates on android
Don't hardcode the margin of the CardsListView
Add support for custom display components to Action
Let the other components grow if there's more things on the header
Remove dynamic item creation in DefaultListItemBackground
reintroduce the collapse button
Show application window icon on AboutPage
KItemModels
Add KColumnHeadersModel
KJS
Added tests for Math.exp()
Added tests for various assignment operators
Test special cases of multiplicate operators (*, / and %)
KNewStuff
Ensure the dialog title is correct with an uninitialised engine
Don't show the info icon on the big preview delegate
Support archive installs with adoption commands
Send along the config name with requests
KPeople
Expose enum to the metaobject compiler
KQuickCharts
Also correct the shader header files
Correct license headers for shaders
KService
Deprecate KServiceTypeProfile
KTextEditor
Add "line-count" property to the ConfigInterface
Avoid unwanted horizontal scrolling
KWayland
[plasmashell] Update docs for panelTakesFocus to make it generic
[plasmashell] Add signal for panelTakesFocus changing
KXMLGUI
KActionCollection: provide a changed() signal as a replacement for removed()
Adjust keyboard shortcut configuration window's title
NetworkManagerQt
Manager: add support for AddAndActivateConnection2
cmake: Consider NM headers as system includes
Sync Utils::securityIsValid with NetworkManager
Plasma Framework
[ToolTip] Round position
Enable wheel events on Slider {}
Sync QWindow flag WindowDoesNotAcceptFocus to wayland plasmashell interface
[calendar] Check out of bounds array access in QLocale lookup
[Plasma Dialog] Use QXcbWindowFunctions for setting window types Qt
WindowFlags doesn't know
[PC3] Complete plasma progress bar animation
[PC3] Only show progress bar indicator when the ends won't overlap
[RFC] Fix Display Configuration icon margins
[ColorScope] Work with plain QObjects again
[Breeze Desktop Theme] Add monochrome user-desktop icon
Remove default width from PlasmaComponents3.Button
[PC3 ToolButton] Have the label take into account complementary color schemes
Added background colors to active and inactive icon view
QQC2StyleBridge
[ToolTip] Round position
Update size hint when font changes
Solid
Display first / in mounted storage access description
Ensure mounted nfs filesystems matches their fstab declared counterpart
Sonnet
The signal done is deprecated in favour of spellCheckDone, now correctly emitted
Syntax Highlighting
LaTeX: fix brackets in some commands
TypeScript: add "bigint" primitive type
Python: improve numbers, add octals, binaries and "breakpoint" keyword
SELinux: add "glblub" keyword and update permissions list
Several enhancements to gitolite syntax definition
* INET6: Support a /128 prefix advertised via RA
* BSD: More address validation from route(4) messages
* DHCP: Fix a potential segfault on DaD failure
* IPv4LL: Fix a potential segfault when dropping IPv4LL addresses
pkglint -r --network --only "migrate"
As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
Update isc-dhcp4, isc-dhclient4, isc-dhcpd4 and isc-dhcrelay4 to 4.4.2.
pkgsrc change: change LICENSE to mpl-2.0.
Here is quote of RELNOTES:
Internet Systems Consortium DHCP Distribution
Version 4.4.2
22 January 2020
Release Notes
NEW FEATURES
Please note that that ISC DHCP is now licensed under the Mozilla Public License,
MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
license terms.
While release 4.4.2 is primarily a maintenance release that addresses a number
of defects, it does introduce a few new features:
- Keama - Keama is a migration utility that assists in converting ISC DHCP
server configuration files to Kea configuration files. It is found in the
keama subdirectory and includes a README.md file with instructions on how
to build it as well as a manpage on its usage.
- Two new server parameters related to ping checking were added:
1. ping-cltt-secs which allows the user to specify the number of seconds
that must elapse since CLTT before a ping check is conducted.
2. ping-timeout-ms which allows the user to specify the amount of time the
server waits for a ping-check response in milliseconds rather than in
seconds.
In general, the areas of focus for ISC DHCP 4.4 were:
1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries
Dynamic DNS Improvements:
- We added three new server configuration parameters which influence DDNS
conflict resolution:
1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
to mitigate issues with non-compliant clients in dual stack environments.
2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
requirement of DNS conflict resolution.
3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
allow unguarded DNS entries to be overwritten in certain cases
- The server now honors update-static-leases parameter for static DHCPv6
hosts.
dhclient Improvements:
- We've added three command line parameters to dhclient:
1. --prefix-len-hint - directs dhclient to use the given length as
the prefix length hint when requesting prefixes
2. --decline-wait-time - instructs the client to wait the given number
of seconds after declining an IPv4 address before issuing a discover
3. --address-prefix-len - specifies the prefix length passed by dhclient
into the client script (via the environment variable ip6_prefixlen) with
each IPv6 address. We added this parameter because we have changed the
default value from 64 to 128 in order to be compliant with RFC3315bis
draft (-09, page 64) and RFC5942, Section 4, point 1.
**WARNING**: The new default value of 128 may not be backwardly compatible
with your environment. If you are operating without a router, such as
between VMs on a host, you may find they cannot see each other with prefix
length of 128. In such cases, you'll need to either provide routing or use
the command line parameter to set the value to 64. Alternatively you may
change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN
in includes/site.h.
- dhclient will now generate a DHCPv6 DECLINE message when the client script
indicates a DAD failure
Dynamic shared library support:
Configure script, configure.ac+lt, which supports libtool is now provided
with the source tar ball. This script can be used to configure ISC DHCP
to build with libtool and thus use dynamic shared libraries.
Other Highlights:
- The server now supports dhcp-cache-threshold for DHCPv6 operations
- The server now supports DHPv6 address allocation based on EUI-64 DUIDs
- Experimental support for alternate relay port in the both the server
and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)
Update bind914 to 9.14.10 (BIND 9.14.10).
pkgsrc change: update HOMEPAGE to use https URL.
--- 9.14.10 released ---
5339. [bug] With some libmaxminddb versions, named could erroneously
match an IP address not belonging to any subnet defined
in a given GeoIP2 database to one of the existing
entries in that database. [GL #1552]
5338. [bug] Fix line spacing in `rndc secroots`.
Thanks to Tony Finch. [GL !2478]
5337. [func] 'named -V' now reports maxminddb and protobuf-c
versions. [GL !2686]
Update bind911 to 9.11.15 (BIND 9.11.15).
--- 9.11.15 released ---
5339. [bug] With some libmaxminddb versions, named could erroneously
match an IP address not belonging to any subnet defined
in a given GeoIP2 database to one of the existing
entries in that database. [GL #1552]
5338. [bug] Fix line spacing in `rndc secroots`.
Thanks to Tony Finch. [GL !2478]
5337. [func] 'named -V' now reports maxminddb and protobuf-c
versions. [GL !2686]
Wireshark 3.2.1 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2020-01[1] WASSP dissector crash. Bug 16324[2].
CVE-2020-7044[3].
The following bugs have been fixed:
• Incorrect parsing of USB CDC packets. Bug 14587[4].
• Wireshark fails to create directory if parent directory does not
yet exist. Bug 16143[5].
• Buildbot crash output: randpkt-2019-11-30-22633.pcap. Bug
16240[6].
• Closing Flow Graph closes (crashes) main GUI window. Bug
16260[7].
• Wireshark interprets websocket frames after HTTP handshake in a
wrong way. Bug 16274[8].
• A-bis/OML: IPA Destination IP Address attribute contains inverted
value (endianness). Bug 16282[9].
• wiretap/log3gpp.c: 2 * leap before looking ?. Bug 16283[10].
• Opening shell terminal prints Wireshark: Permission denied. Bug
16284[11].
• h264: SPS frame_crop_right_offset shown in UI as
frame_crop_left_offset. Bug 16285[12].
• BGP: update of "Sub-TLV Length" by draft-ietf-idr-tunnel-encaps.
Bug 16294[13].
• SPNEGO+GSS-API+Kerberos+ap-options dissection produces "Unknown
Bit(s)" expert message. Bug 16301[14].
• USB Audio feature unit descriptor is incorrectly dissected. Bug
16305[15].
• Compiling the .y files fails with Berkeley YACC. Bug 16306[16].
• PDB files in Windows installer. Bug 16307[17].
• NAS-5GS 5GS network feature support lacks MCSI, EMCN3 two fields
(octet 4). Bug 16310[18].
• Option to change “Packet List” columns header right click pop-up
menu behavior. Bug 16317[19].
• DLT: Dissector does not parse multiple DLT messages in single UDP
packet. Bug 16321[20].
• ISAKMP Dissection: Enhance Source id and Destination ID field of
GDOI SA TEK payload for non IP ID type. Bug 16233[21].
• DOIP: Typo in "identifcation request messages". Bug 16325[22].
• Toolbar "?" help button - no text/help displayed. Bug 16327[23].
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
802.11 Radiotap, ASN.1 BER, BGP, DLT, DOIP, GSM A RR, GSM A-bis/OML,
H264, HTTP, IEC 60870-5-104, IEEE 802.11, IPv4, ISAKMP, NAS 5GS,
rtnetlink, SIP, TIPC, USB Audio, USB CDC, and WASSP
New and Updated Capture File Support
3gpp phone log
Changes:
2.14.0
------
Features:
* New command: `hub issue update` #2432
* New command: `hub issue transfer` #2363
* Support git flag `hub version --build-options` #2440
* Refuse to follow HTTP 301/302 redirects for non-GET requests #2442
Fixes:
* Fix `hub help <cmd>` on Windows #2384
* Ensure that `grep` command is being used in shell completions #2390
* Consult global `git config color.ui` setting when `--color=auto` #2378
Improvements:
* Print more user-friendly HTTP 40x errors #2446
* Enable debugging file uploads via `HUB_VERBOSE=1 hub release create -a <file>`
* Improve parsing malformed YAML config files #2380
Update samba4 to 4.11.5.
==============================
Release Notes for Samba 4.11.5
January 21, 2020
==============================
This is a security release in order to address the following defects:
o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
o CVE-2019-14907: Crash after failed character conversion at log level 3 or
above.
o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
=======
Details
=======
o CVE-2019-14902:
The implementation of ACL inheritance in the Samba AD DC was not complete,
and so absent a 'full-sync' replication, ACLs could get out of sync between
domain controllers.
o CVE-2019-14907:
When processing untrusted string input Samba can read past the end of the
allocated buffer when printing a "Conversion error" message to the logs.
o CVE-2019-19344:
During DNS zone scavenging (of expired dynamic entries) there is a read of
memory after it has been freed.
Overview of changes in EtherApe 0.9.18 (Sunday, June 3, 2018):
EtherApe now is a pure GTK 3 application, with canvas supplied by GooCanvas
(https://wiki.gnome.org/Projects/GooCanvas).
While GooCanvas itself is in maintenance mode, is still the simpler canvas
library available and with an API almost identical to gnome-canvas, too!
Longer term, EtherApe ui should be completely redesigned and modernized,
but this is for another day.
Changes summary:
* EtherApe ported to GTK3 using GooCanvas instead of the obsolete
GnomeCanvas.
Overview of changes in EtherApe 0.9.17 (Thursday, April 5, 2018):
This is a bugfix release, because a bug made 0.9.16 still runtime-dependent
on gnomeui and other gnome 2 libraries.
Changes summary:
* EtherApe now requires Gtk 2.24
* fixed a bug making libglade load gnome2 libraries
* Sometimes node/links windows were freezing.
Overview of changes in EtherApe 0.9.16 (Sunday, January 14, 2018):
Several distributions are phasing out Gnome 2 libraries and EtherApe needs
to update as well.
Unfortunately, this mean dropping support for older distributions, for
example CENTOS 5 and 6. At this time the EtherApe executable can still be
built for those distributions, but not the project as a whole.
This is an interim release, where the only Gnome 2 component is
gnome-canvas. Apart of that, EtherApe is now a GTK2 application.
Work is underway to replace gnome-canvas with another component.
Documentation is now based on yelp-tools instead of Scroolkeeper/Rarian.
Many thanks to Patrick Matthäi for packaging EtherApe for Debian and
helping to keep this tool current.
Changes summary:
* require only gnome-canvas, not gnome-ui. Based on the work of
Arch Linux packager bgyorgy (Balló György). Thanks!
* migrate from deprecated gnome-doc-utils to yelp-tools.
Unfortunately this change rules out older distributions
* updated German translation, thanks to Chris Leick
Overview of changes in EtherApe 0.9.15 (Friday, February 10, 2017):
The central node ring setting now accepts multiple node specifiers
(separated by any combination of spaces and/or commas), and also
now understands glob syntax, so you can put for example
10.0.0.0/24, *.mydomain.tld, somehost.otherdomain.tld
and it will do what you'd expect.
There is now a compile-time configure option ('--with-c-ares',
disabled by default) to enable DNS resolution via the c-ares
library, supplanting EtherApe's built-in multithreaded
gethostbyaddr(3)-based resolver. This is a fully non-blocking DNS
library and thus has potential for better performance while using
only a single background resolver thread, but also means that
name-lookup is strictly DNS-based, and will thus not take
/etc/hosts, NIS, or other name services into account.
There is a slightly backwards-incompatible change in the syntax of
the node-position file used with the '-P' flag added in release
0.9.14. It now uses the same CIDR notation plus hostname-globbing
syntax used by the central node ring setting (instead of POSIX
regular expressions). This provides simpler and more consistent
syntax with essentially the same real-world utility, but may
require some small changes to existing node-position files. Some
examples:
Old (regex) New (CIDR+glob)
=============== ===============
172.16.2.[0-9]* 172.16.2.0/24
.*.mydomain.com *.mydomain.com
fe80:.* fe80::/16
Additionally, each line of the node-position file may now include
multiple such node-matching patterns (separated by spaces and/or
commas as with the central node ring setting), so a single line
might look like:
*.mydomain.com, 10.0.0.0/24 3
(to put all nodes matching the given domain or CIDR range into
column 3).
As a security feature (privilege separation), packet-capture
operations are now isolated in a separate background process. The
new '-Z' flag can be used to specify a user to run the main
(foreground) process as.
Changes summary:
* New option to use c-ares for DNS resolution.
* Multiple node/subnets and glob syntax now supported for central
node ring.
* Node-matching syntax for '-P' flag's file now uses CIDR
notation and hostname-globbing instead of regexes.
* Multiple patterns can now be given on a single line of the
node-position ('-P') file.
* The columnar-layout ('-P') code has been changed to re-adjust
the spacing of nodes within a column when the number of nodes
decreases. The 10-column limit has also been removed.
* The background-image feature introduced in 0.9.14 can now be
turned off via a preference check-box.
* The background of the protocol legend is now black so that
lighter colors (e.g. yellow) are more readable.
* There is now an option to display packet-capture statistics
from libpcap in the main window (hover the mouse over them for
an explanation in the status bar).
* The show/hide state of the toolbar, protocol legend, and status
bar are now preserved along with other preferences in the
user's config file.
* New '-Z' flag (or '--relinquish-privileges') can be used to run
most processing as an unprivileged user.
Overview of changes in EtherApe 0.9.14 (Saturday February 06, 2016):
EtherApe now users the system /etc/services file instead of its own.
While this change make some customizations a bit harder, it guarantees an
up-to-date services file.
Note to packagers: /etc/etherape is not needed anymore.
Central node option now undestands CIDR notation, allowing for a central
ring of nodes, thanks to Zev Weiss.
Static background image, courtesy of Glenn Feunteun.
Nodes can be optionally arranged as columns, thanks to David Goldfarb.
Changes summary:
* autoconf updated to 2.69
* fixed incorrect WLAN control frames decoding
* fix UTF-8 encoding of several files, thanks to StrPt.
* read system services file instead of EtherApe one, thanks to Zev Weiss.
* fix race condition on exit, thanks to Zev Weiss
* central ring option, thanks to Zev Weiss
* tweaks to preference windows to better work with tiling managers,
thanks to Zev Weiss.
* static background image (Glenn Feunteun)
* arrange nodes in 'columns' (David Goldfarb)
Overview of changes in EtherApe 0.9.13 (Sun May 05, 2013):
Central node option, useful for displaying routers or proxies.
Translations and documentation updates, plus some fixes.
Changes summary:
* Optional central node, based on work of Javier Fernandez-Sanguino
Peña.
* re-enabled full-screen mode, thanks to nrvale0
* Updated spanish translation, thanks to Javier Fernandez-Sanguino
Peña.
* Added German translation, and fixed typos, thanks to Chris Leick.
* Updated documentation.
Add ruby-train-winrm version 0.2.6 package.
Train WinRM
Allows applictaions using Train to speak to Windows using Remote Management;
handles authentication, cacheing, and SDK dependency management.
Add ruby-winrm-fs version 1.3.4 package.
File system operations over Windows Remote Management (WinRM) for Ruby
Ruby library for file system operations via Windows Remote Management.
Add ruby-winrm version 2.3.4 package.
Windows Remote Management (WinRM) for Ruby
This is a SOAP library that uses the functionality in Windows Remote
Management(WinRM) to call native object in Windows. This includes, but is
not limited to, running batch scripts, powershell scripts and fetching WMI
variables. For more information on WinRM, please visit Microsoft's WinRM
site (http://msdn.microsoft.com/en-us/library/aa384426.aspx).
As of version 2.0, this gem retains the WinRM name but all powershell calls
use the more modern Powershell Remoting Protocol (PSRP)
(https://msdn.microsoft.com/en-us/library/dd357801.aspx) for initializing
runspace pools as well as creating and processing powershell pipelines.
