Release v1.41.0
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
De-experimentalize XdsCredentials and XdsServerCredentials API.
xDS: Remove environmental variable guard for security.
xDS Security: Use new way to fetch certificate provider plugin instance config.
xDS server serving status: Use a struct to allow more fields to be added in the future.
Annotate impl/codegen with IWYU pragmas.
Update submodule envoy-api to origin/main.
Upgrade third_party/protobuf to v3.17.3.
update submodule boringssl-with-bazel with origin/master-with-bazel.
Delete libuv-iomgr implementation and GRPC_UV build option.
Allow access to Google API regional endpoints via Google Default Credentials.
Remove GPR_*_TLS macros except PTHREAD.
Limit initial window size increases and per-stream window delta.
C++
Bump version to v1.41.0-pre1.
De-experimentalize XdsServerBuilder.
C++ opencensus filter: Fix point of creating context for overall call.
Flag grpc++_test library testonly.
Add note on officially supported platforms.
Open census call attempt span name and attribute changes
Open census call attempt span name and attribute changes.
C#
Backport 27382 to v1.41.x.
[csharp] Fix error loading library grpc_csharp_ext.*.dll on windows with non-ASCII encoding.
Annotate copied Content native lib items with package id to enable customization.
Objective-C
Objective-C: Fix issue with creating a Unix file socket.
Python
Use manylinux_2_17 instead of manylinux_2_24 tag for manylinux2014 aarch64 wheels.
Add Python 3.10 drop 3.5.
[Aio] Remove custom IO manager support.
Overview of changes in 2.5.4
============================
Bugfixes
--------
- fix prompting for password on windows console if stderr redirection
is in use - this breaks 2.5.x on Win11/ARM, and might also break
on Win11/adm64 when released.
- fix setting MAC address on TAP adapters (--lladdr) to use sitnl
(was overlooked, and still used "ifconfig" calls)
- various improvements for man page building (rst2man/rst2html etc)
- minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on
at least one platform strictly checking this)
- fix minor memory leak under certain conditions in add_route() and
add_route_ipv6()
User-visible Changes
--------------------
- documentation improvements
- copyright updates where needed
- better error reporting when win32 console access fails
New features
------------
- also build man page on Windows builds
2021/10/04 : 2.4.6
- BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release
2021/10/01 : 2.4.5
- MINOR: lua: Add a flag on lua context to know the yield capability at run time
- BUG/MINOR: lua: Yield in channel functions only if lua context can yield
- BUG/MINOR: lua: Don't yield in channel.append() and channel.set()
- BUG/MINOR: stream: Don't release a stream if FLT_END is still registered
- BUG/MEDIUM: http-ana: Reset channels analysers when returning an error
- BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set
- BUG/MINOR: filters: Set right FLT_END analyser depending on channel
- BUG/MINOR: systemd: ExecStartPre must use -Ws
- BUG/MEDIUM: mux-h1: Remove "Upgrade:" header for requests with payload
- MINOR: htx: Skip headers with no value when adding a header list to a message
- CLEANUP: mux-h1: Remove condition rejecting upgrade requests with payload
- BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached
- BUG/MINOR: compat: make sure __WORDSIZE is always defined
- CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools()
- MINOR: pools: automatically disable malloc_trim() with external allocators
- MINOR: pools: use mallinfo2() when available instead of mallinfo()
- BUG/MAJOR: mux-h1: Don't eval input data if an error was reported
- BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check
- DOC: management: certificate files must be sanitized before injection
- BUG/MINOR: connection: prevent null deref on mux cleanup task allocation
- BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc
- BUG/MINOR: cli/payload: do not search for args inside payload
- BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set
- BUILD: tools: get the absolute path of the current binary on NetBSD.
- MINOR: tools: add FreeBSD support to get_exec_path()
- MINOR: proc: setting the process to produce a core dump on FreeBSD.
- BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING
- BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef
- BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef
- IMPORT: slz: silence a build warning with -Wundef
- BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef
- BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER
- BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL
- BUILD: tools: properly guard __GLIBC__ with defined()
- BUG/MINOR: vars: improve accuracy of the rules used to check expression validity
- MINOR: sample: add missing ARGC_ entries
- BUG/MINOR: vars: properly set the argument parsing context in the expression
- BUG/MINOR: vars: truncate the variable name in error reports about scope.
- BUG/MINOR: vars: do not talk about global section in CLI errors for set-var
- BUILD: fix dragonfly build again on __read_mostly
- BUILD: compiler: fixed a missing test on defined(__GNUC__)
- BUILD: halog: fix a -Wundef warning on non-glibc systems
- BUILD: threads: fix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl
- BUG/MINOR: server: allow 'enable health' only if check configured
- BUG/MEDIUM: leastconn: fix rare possibility of divide by zero
- BUG/MINOR: h1-htx: Fix a typo when request parser is reset
- BUG/MINOR: http-ana: increment internal_errors counter on response error
- MINOR: server: implement a refcount for dynamic servers
- MINOR: global: define MODE_STOPPING
- BUG/MINOR: server: do not use refcount in free_server in stopping mode
- MINOR: server: return the next srv instance on free_server
- BUG/MINOR: stats: use refcount to protect dynamic server on dump
- BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer
- BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data
- BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM
- MINOR: stream-int: Set CO_RFL transient/persistent flags apart in si_cs_rcv()
- MINOR: htx: Add an HTX flag to know when a message is fragmented
- MINOR: htx: Add a function to know if the free space wraps
- BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary
- MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf
- BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers"
- DOC: peers: fix doc "enable" statement on "peers" sections
- MINOR: Makefile: add MEMORY_POOLS to the list of DEBUG_xxx options
- BUG/MEDIUM: lua: fix wakeup condition from sleep()
- BUG/MAJOR: lua: use task_wakeup() to properly run a task once
- MINOR: arg: Be able to forbid unresolved args when building an argument list
- BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing
- BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input
- MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue()
GNU Wget2 is the successor of GNU Wget, a file and recursive website
downloader. Designed and written from scratch it wraps around
libwget, that provides the basic functions needed by a web client.
Wget2 works multi-threaded and uses many features to allow fast
operation.
Changelog:
1.36.0
Changes
-------
* Update wslay
* Bump Windows build dependencies
* Bump android build dependencies
* Fix segfault when time_t is 64bit on 32bit arch
Patch from Natanael Copa
bug 1666
* Updates the make_bash_completion script to Python3.
Patch from sleepymac
bug 1672
* Prevent corrupt downloads after app and/or system crash
Patch from Ali MJ Al-Nasrawy
bug 1644
* Reset sessionDownloadLength and sessionUploadLength on download start
bug 1486
* AppleTLS: Add TLSv1.3 support
- Adaptation to skalibs-2.11.0.0.
- minidentd removed.
- Full client certificate support.
- Full SNI support, including server-side.
- s6-ucspitls[cd] -v2 now logs whether TLS is activated or not.
Complete client certificate and SNI support now make the TLS part of
s6-networking a fully viable replacement of stunnel and other similar
TLS tunneling tools.
3.9.7:
All Components
All bytecode is now compiled using the +deterministic compiler flag. This should eliminate the capture of some irrelevant build environment attributes in produced artifacts, improve consistency between builds, and reduce the file level diff between release artifacts.
Core Server
Enhancements
Classic queue shutdown now uses a much higher timeout (up to 10 minutes instead of 30 seconds).
In environments with many queues (especially mirrored queues) and many consumers this means that the chance of queue indices rebuilding after node restart is now substantially lower.
Prometheus Plugin
Enhancements
More configurability for metrics exposed via the Prometheus endpoint.
Shovel Plugin
Bug Fixes
Shovel URIs could be logged with credentials in some scenarios.
3.9.6:
Core Server
Bug Fixes
TLS information delivered in Proxy protocol header is now attached to connection metrics as if it was provided by a non-proxying client.
max_message_size had a one-off error in the validator.
mirroring_sync_batch_size was incorrectly validated as if it represented batch size in bytes. It represents batch size in number of messages, so the new default hard cap is now 1M (a very high number that's impractical)
Stream Plugin
Bug Fixes
Offset parameters were not stored correctly in some cases.
Partitions list order is now stable.
When stream clients close connections abruptly, publisher and consumer metrics get cleaned up correctly.
Management Plugin
Enhancements
Stream publishers are now listed on the individual stream page.
Counters have been added to the tiles of several sections on detail pages.
3.9.5:
Core Server
Bug Fixes
Virtual host metadata (description, tags) was not imported from definitions.
Reduced unnecessary debug logging from streams.
AWS Peer Discovery Plugin
Enhancements
AWS API calls are now retried multiple times.
Contributed by AWS.
Management Plugin
Enhancements
PUT /api/vhosts/{name} now can update metadata (tags and descriptions) for existing virtual hosts.
3.9.4:
Core Server
Enhancements
New Prometheus metrics for alarms
Nodes will now use four more environment variables, if set: RABBITMQ_DEFAULT_USER (overrides default_user in rabbitmq.conf), RABBITMQ_DEFAULT_PASS (overrides default_pass), RABBITMQ_DEFAULT_VHOST (overrides default_vhost) and RABBITMQ_ERLANG_COOKIE (sets shared authentication secret value). These variables are not recommended to be used in production but can be the only realistic option in some environment, such as service containers, ECS, and so on. Most users should continue using rabbitmq.conf and a securely generated local cookie file.
Definitions now can be imported from different sources, including those provided by plugins. Original local filesystem source is still supported in a backwards-compatible way.
3.9.3:
Core Server
Bug Fixes
Queues that had messages with per-message TTL in them could fail to recover their indices after a restart.
JSON logging could fail with an exception when a logged event included epoch-based timestamp value.
JSON logging now uses integers (as opposed to floats) to represent epoch-based timestamps
Enhancements
RabbitMQ application no longer reports the stopping event to systemd. This was counterproductive when the application was stopped but the runtime (Erlang VM) was kept running, e.g. via rabbitmqctl stop_app or by the pause minority partition handling strategy.
Now systemd service monitoring will recognize a node as stopped only when the runtime is stopped, which is usually the behavior operators expect.
3.9.2:
CLI Tools
Bug Fixes
rabbitmq-upgrade drain and rabbitmq-upgrade revive now log warning and info level instead of alert.
Shovel Plugin
Bug Fixes
Multiple Shovels could be started in some cases involving node restarts of failures.
Federation Plugin
Bug Fixes
Multiple Federation links could be started in some cases involving node restarts of failures.
3.9.1:
Core Server
Bug Fixes
Clients that used global QoS prefetch (deprecated as of 3.9.0) ran into an exception when acknowledging deliveries.
Improved resiliency of stream coordinator in certain conditions.
Nodes failed to start when hostname contained non-ASCII (broader Unicode) characters.
CLI Tools
Bug Fixes
rabbitmq-diagnostics stream_status fails with an exception when the --tracking option was used.
rabbitmq-diagnostics stream_status used an outdated documentation guide link.
RabbitMQ Erlang Client
Bug Fixes
New releases of the client are again published to Hex.pm.
connection_timeout was adjusted to avoid a confusing warning.
Corrected a typo in direct connection net tick time adjustment.
3.9.0:
Streams
Erlang 24 Support
Kubernetes
Logging in JSON
Impacket v0.9.23:
Library improvements
Support connect timeout with SMBTransport
Speeding up DcSync
Fixed Python3 issue when serving SOCKS5 requests
Moved docker container to Python 3.8
Added basic GitHub Actions workflow
Fixed Path Traversal vulnerabilities in smbserver.py - CVE-2021-31800
Fixed POST request processing in httprelayserver.py
Added cat command to smbclient.py
Added new features to the LDAP Interactive Shell to facilitate AD exploitation
Python 3.9 support
Examples improvements
addcomputer.py:
Enable the machine account created via SAMR
getST.py:
Added exploit for CVE-2020-17049 - Kerberos Bronze Bit attack
Compute NTHash and AESKey for the Bronze Bit attack automatically
ntlmrelayx.py:
Fixed target parsing error
wmipersist.py:
Fixed filterBinding error
Added PowerShell option for semi-interactive shells in dcomexec.py, smbexec.py and wmiexec.py
Added new parameter to select COMVERSION in dcomexec.py, wmiexec.py, wmipersist.py and wmiquery.py
New examples
Get-GPPPassword.py: This example extracts and decrypts Group Policy Preferences passwords using streams for treating files instead of mounting shares. Additionally, it can parse GPP XML files offline
smbpasswd.py: This script is an alternative to smbpasswd tool and intended to be used for changing expired passwords remotely over SMB (MSRPC-SAMR)
This package (which hasn't had a subsequent release from upstream) will
no longer build when being treated as a "module" by recent Go versions
(and related pkgsrc definitions). It seems non-trivial to address this
(simply trying to add go.mod and such then leads to other errors, e.g.,
recent Go objecting to API versioning practices in code bundled by
upstream), so to get this building again for now, use the old "package"
approach instead.
--- 9.16.21 released ---
5711. [bug] "map" files exceeding 2GB in size failed to load due to
a size comparison that incorrectly treated the file size
as a signed integer. [GL #2878]
5710. [port] win32: incorrect parentheses resulted in the wrong
sizeof() tests being used to pick the appropriate
Windows atomic operations for the object's size.
[GL #2891]
5709. [cleanup] Enum values throughout the code have been updated
to use the terms "primary" and "secondary" instead of
"master" and "slave", respectively. [GL #1944]
5708. [bug] The thread-local isc_tid_v variable was not properly
initialized when running BIND 9 as a Windows Service,
leading to a crash on startup. [GL #2837]
5705. [bug] Change #5686 altered the internal memory structure of
zone databases, but neglected to update the MAPAPI value
for zone files in "map" format. This caused named to
attempt to load incompatible map files, triggering an
assertion failure on startup. The MAPAPI value has now
been updated, so named rejects outdated files when
encountering them. [GL #2872]
5704. [bug] Change #5317 caused the EDNS TCP Keepalive option to be
ignored inadvertently in client requests. It has now
been fixed and this option is handled properly again.
[GL #1927]
5701. [bug] named-checkconf failed to detect syntactically invalid
values of the "key" and "tls" parameters used to define
members of remote server lists. [GL #2461]
5700. [bug] When a member zone was removed from a catalog zone,
journal files for the former were not deleted.
[GL #2842]
5699. [func] Data structures holding DNSSEC signing statistics are
now grown and shrunk as necessary upon key rollover
events. [GL #1721]
5698. [bug] When a DNSSEC-signed zone which only has a single
signing key available is migrated to use KASP, that key
is now treated as a Combined Signing Key (CSK).
[GL #2857]
5696. [protocol] Support for HTTPS and SVCB record types has been added.
(This does not include ADDITIONAL section processing for
these record types, only basic support for RR type
parsing and printing.) [GL #1132]
5694. [bug] Stale data in the cache could cause named to send
non-minimized queries despite QNAME minimization being
enabled. [GL #2665]
5691. [bug] When a dynamic zone was made available in another view
using the "in-view" statement, running "rndc freeze"
always reported an "already frozen" error even though
the zone was successfully frozen. [GL #2844]
5690. [func] dnssec-signzone now honors Predecessor and Successor
metadata found in private key files: if a signature for
an RRset generated by the inactive predecessor exists
and does not need to be replaced, no additional
signature is now created for that RRset using the
successor key. This enables dnssec-signzone to gradually
replace RRSIGs during a ZSK rollover. [GL #1551]
Changes in version 0.0.11 - 2019-06-21:
- Update my e-mail address.
- Change the obfs4 behavior for handling handshake failure to be more
uniform. Thanks to Sergey Frolov for assistance.
- Bump the version of the utls fork.
Changes in version 0.0.10 - 2019-04-12:
- Disable behavior distinctive to crypto/tls when using utls.
- Bump the version of the utls fork.
Changes in version 0.0.9 - 2019-02-05:
- Various meek_lite code cleanups and bug fixes.
- Bug 29077: uTLS for ClientHello camouflage (meek_lite).
- More fixes to HTTP Basic auth.
- (meek_lite) Pin the certificate chain public keys for the default
Tor Browser Azure bridge (meek_lite).
Release 4.68 (release date: 2021-09-14)
=======================================
Bug Fixes
------------------
- Improve content type inference for some common extensions.
- Copy Content-Encoding from first object in compose command.
- Support generation querying for ls command.
Other Changes
------------------
- Add a message encouraging py3 upgrade.
- Update mock library version.
- Several documentation updates and clarifications.
Release 4.67 (release date: 2021-08-16)
=======================================
Bug Fixes
------------------
- Update pyu2f to latest version to fix a security key reauth bug
Other Changes
------------------
- Several documentation updates and clarifications.
Release 4.66 (release date: 2021-07-29)
=======================================
New Features
------------------
- Onboard mTLS support with AIP-4114 for gsutil
Other Changes
------------------
- Several documentation updates and clarifications.
Release 4.65 (release date: 2021-07-02)
=======================================
New Features
------------------
- Add gsutil support for Public Access Prevention
Bug Fixes
------------------
- Fix raising-bad-type yapf errors.
Other Changes
------------------
- Link fix pointing to CGC docs again .
- Backfill some small doc changes
- Small text tweak
- Update CHECKSUM and VERSION for 4.64 release.
- Update CHANGES.md for 4.64 release.
- Delete encryption addhelp page
- Putting cl/381035251 into github
- Backfill cl/381932961
Release 4.64 (release date: 2021-06-18)
=======================================
Bug Fixes
------------------
- None
Other Changes
------------------
- Link fix pointing to CGC docs.
Release 4.63 (release date: 2021-06-09)
=======================================
Bug Fixes
------------------
- Update warning text on KMS access denied
- Make ** to represent zero or more folders for cloud urls
- Raise error if final destination path ends with a delimiter.
Other Changes
------------------
- Fix flaky test for rm using preconditions
- Fix pyenv issue for macOS
- Fix rewrite tests
- Remove unused progress callback.
- Several documentation updates and clarifications.
Release 4.62 (release date: 2021-05-13)
=======================================
New Features
------------------
- Add ignore-existing option for rsync .
- Show satisifiesPZS info in bucket info listing (ls -Lb).
- Support composite uploads with KMS.
- Enforce custom endpoints through multipart copies and complex downloads.
Bug Fixes
------------------
- rm will continue on object 404s.
- Update boto submodule to include a fix for integrity checks with KMS.
- iam ch is now case-insensitive for public members and member types.
- Support skipping integrity checks in daisy chain transfers.
- Ensure the correct content-length is provided for incomplete downloads.
- Fix daisy chain for windows.
- Fix stats crashing because of nanosecs in custom-time.
- Delete connections after fork.
- Patch md5 import for compliance on Red Hat FIPS mode distributions.
- Handle case where there are too many slashes after CloudUrl scheme.
- Allow specifying object generations in compose.
- Raise error in setmeta if no headers are provided.
- Fix encoding issue for rfc822 messages.
- Fix StreamExhausted Error handling for Resumable uploads.
- Fix wildcard ** bug.
- Fix alignment of ls -l output.
- Fix newlines around lists.
Other Changes
------------------
- Fix sonatype errors.
- gslib: boto\_util: implement a HasUserSpecifiedGsHost() helper.
- Adding warning to rsync if streams or named paths are included in a folder.
- Improve parallelism warnings.
- Several documentation updates and clarifications.
Release 4.61 (release date: 2021-04-06)
=======================================
Bug Fixes
------------------
- Update to RSA v4.5.
- CopyHelper accepts kms check bypass.
Other Changes
------------------
- Doc updates.
Release 4.60 (release date: 2021-03-11)
=======================================
Bug Fixes
------------------
- Fixed proxy connections when using the GCS XML API.
- Improve reliability when multiple instances of gsutil transfer to the same destination.
Other Changes
------------------
- Remove TravisCI and update "check for CI" references to use GitHub CI.
- Several documentation updates and clarifications.
Release 4.59 (release date: 2021-02-10)
======================================
New Features
------------------
- Add ignore-existing option for rsync .
- Show satisifiesPZS info in bucket info listing (ls -Lb) .
Bug Fixes
------------------
- Register integration test failures in kokoro script .
Other Changes
------------------
- Use respectful code .
- Several documentation updates and clarifications.
Release 4.58 (release date: 2021-01-21)
======================================
Bug Fixes
------------------
- Fix more occurrences of encodestring/decodestring
- Ignore the .github directory for updates
- Make signurl use generation information.
- Fix UnicodeEncodeError in Python2 for help metadata command
- Open files in non-append mode to make stripe functionality work in Lustre file systems
- Persist request reason header for resumable uploads and downloads.
- improve upload speed significantly when it runs on Windows
- Add perf-trace-token support for resumable uploads.
- Improve error message when a bucket's name collides with another.
- Fix formatting for empty CORS JSON document
Other Changes
------------------
- Several documentation updates and clarifications.
- Add CI checks for Python 3.8
Release 4.57 (release date: 2020-12-08)
======================================
Bug Fixes
------------------
- Remove Unicode character from config command that was causing Python 2 issues.
- Sync docs with web.
Release 4.56 (release date: 2020-12-03)
======================================
New Features
------------------
- mTLS/DCA Authentication
- Add GitHub Actions CI
Bug Fixes
------------------
- Delete the projects.py help topic
- Format fix for cp.py
Release 4.55 (release date: 2020-11-12)
======================================
Bug Fixes
------------------
- Prevent trailing spaces in json output of iam get
- Fix deprecation warnings due to invalid escape sequences.
- Use is_alive in favour of isAlive for Python 3.9 compatibility.
- Fix for base64.{encode/decode}string in python 3.9
Other Changes
------------------
- Several documentation updates and clarifications.
Release 4.54 (release date: 2020-10-22)
======================================
New Features
------------------
- Add userProject support to signurl
Bug Fixes
------------------
- Explicitly set multiprocessing start method to 'fork'
- Headers can now be removed
- Fix CommandException.informational attribute error
- Fix broken signurl error message.
Other Changes
------------------
- Warn when disabling parallel composite uploads for KMS encryption.
- Handle SAML reauth challenge.
- Several documentation updates and clarifications.
0.14.0
------
* Added `responses.matchers`.
* Moved `responses.json_params_matcher` to `responses.matchers.json_params_matcher`
* Moved `responses.urlencoded_params_matcher` to
`responses.matchers.urlencoded_params_matcher`
* Added `responses.matchers.query_param_matcher`. This matcher allows you
to match query strings with a dictionary.
* Added `auto_calculate_content_length` option to `responses.add()`. When
enabled, this option will generate a `Content-Length` header
based on the number of bytes in the response body.
(v1.6.3) Input field improvements: highlight domain name in URLs, hide default Gemini scheme if narrow, selecting all text, retain focus in background. Fixed bugs: delay when splitting the view; initial split view background; line break modifier affecting all input fields; potential hang when aborting a connection.
(v1.6.4) UTF-8 text files can be viewed in the app regardless of file extension. Added ENABLE_RESIZE_DRAW build option. Fixed bugs: cursor positioning and text insertion around variation selectors; "Unknown Status Code" in Page Information; network requests getting stuck before anything is sent; possible crash when clicking on sidebar items; freeze after a network request is cancelled (OpenBSD); page contents not reflowing during window resize.
(v1.6.5) Audio init errors are no longer fatal. Fixed tab button appearance, cursor movement regression, right-clicking on sidebar tab buttons, crash with KMSDRM video driver, and minor text rendering artifacts.
version 2.86
Handle DHCPREBIND requests in the DHCPv6 server code.
Thanks to Aichun Li for spotting this omission, and the initial
patch.
Fix bug which caused dnsmasq to lose track of processes forked
to handle TCP DNS connections under heavy load. The code
checked that at least one free process table slot was
available before listening on TCP sockets, but didn't take
into account that more than one TCP connection could
arrive, so that check was not sufficient to ensure that
there would be slots for all new processes. It compounded
this error by silently failing to store the process when
it did run out of slots. Even when this bug is triggered,
all the right things happen, and answers are still returned.
Only under very exceptional circumstances, does the bug
manifest itself: see
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/014976.html
Thanks to Tijs Van Buggenhout for finding the conditions under
which the bug manifests itself, and then working out
exactly what was going on.
Major rewrite of the DNS server and domain handling code.
This should be largely transparent, but it drastically
improves performance and reduces memory foot-print when
configuring large numbers domains of the form
local=/adserver.com/
or
local=/adserver.com/#
Lookup times now grow as log-to-base-2 of the number of domains,
rather than greater than linearly, as before.
The change makes multiple addresses associated with a domain work
address=/example.com/1.2.3.4
address=/example.com/5.6.7.8
It also handles multiple upstream servers for a domain better; using
the same try/retry algorithms as non domain-specific servers. This
also applies to DNSSEC-generated queries.
Finally, some of the oldest and gnarliest code in dnsmasq has had
a significant clean-up. It's far from perfect, but it _is_ better.
Revise resource handling for number of concurrent DNS queries. This
used to have a global limit, but that has a problem when using
different servers for different upstream domains. Queries which are
routed by domain to an upstream server which is not responding will
build up and trigger the limit, which breaks DNS service for
all other domains which could be handled by other servers. The
change is to make the limit per server-group, where a server group
is the set of servers configured for a particular domain. In the
common case, where only default servers are declared, there is
no effective change.
Improve efficiency of DNSSEC. The sharing point for DNSSEC RR data
used to be when it entered the cache, having been validated. After
that queries requiring the KEY or DS records would share the cached
values. There is a common case in dual-stack hosts that queries for
A and AAAA records for the same domain are made simultaneously.
If required keys were not in the cache, this would result in two
requests being sent upstream for the same key data (and all the
subsequent chain-of-trust queries.) Now we combine these requests
and elide the duplicates, resulting in fewer queries upstream
and better performance. To keep a better handle on what's
going on, the "extra" logging mode has been modified to associate
queries and answers for DNSSEC queries in the same way as ordinary
queries. The requesting address and port have been removed from
DNSSEC logging lines, since this is no longer strictly defined.
Connection track mark based DNS query filtering. Thanks to
Etan Kissling for implementing this It extends query filtering
support beyond what is currently possible
with the `--ipset` configuration option, by adding support for:
1) Specifying allowlists on a per-client basis, based on their
associated Linux connection track mark.
2) Dynamic configuration of allowlists via Ubus.
3) Reporting when a DNS query resolves or is rejected via Ubus.
4) DNS name patterns containing wildcards.
Disallowed queries are not forwarded; they are rejected
with a REFUSED error code.
Allow smaller than 64 prefix lengths in synth-domain, with caveats.
--synth-domain=1234:4567::/56,example.com is now valid.
Make domains generated by --synth-domain appear in replies
when in authoritative mode.
Ensure CAP_NET_ADMIN capability is available when
conntrack is configured. Thanks to Yick Xie for spotting
the lack of this.
When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are
given a directory as argument, define the order in which
files within that directory are read (alphabetical order
of filename). Thanks to Ed Wildgoose for the initial patch
and motivation for this.
Changes:
7.0.3
-----
* CVE-2021-39214: Fix request smuggling vulnerabilities reported by @chinchila
* Expose TLS 1.0 as possible minimum version on older pyOpenSSL releases
* Fix compatibility with Python 3.10
7.0.2
-----
* Fix a WebSocket crash introduced in 7.0.1
7.0.1
-----
* Performance: Re-use OpenSSL contexts to enable TLS session resumption
* Disable HTTP/2 CONNECT for Secure Web Proxies to fix compatibility with
Firefox
* Use local IP address as certificate subject if no other info is available
* Make it possible to return multiple chunks for HTTP stream modification
* Don't send WebSocket CONTINUATION frames when the peer does not send any
* Fix HTTP stream modify example.
* Fix a crash caused by no-op assignments to `Server.address`
* Fix a crash when encountering invalid certificates
* Fix a crash when pressing the Home/End keys in some screens
* Fix a crash when reading corrupted flow dumps
* Fix multiple crashes on flow export
* Fix a bug where ASGI apps did not see the request body
* Minor documentation improvements
Release v1.40.0
Core
Update Envoy API to the latest version (2021-07-30).
Enable retries by default.
Add opentelemetry as a submodule for latest xDS API.
Pointing the protobuf submodule to the new URL.
Remove BUILD.gn.
Prevent race causing early-destruction of grpc_winsocket object when creating a TCP connection.
TLS Security Connector: Add an always-fail-handshaker when certificates are not ready.
Enable layering checks in the Bazel build.
Support user provided "scope" in JWT and GDC.
C++
C++ opencensus filter: Fix point of creating context for overall call.
Open census call attempt span name and attribute changes
Open census filter: Use new internal stats API and record retry stats.
Add OpenCensus measures and views for retries.
Python
Add retry example for gRPC Python.
Remove Python 2.7 binary wheel generations.
[Aio][fix] catch application exception in request iterators.
3.7.0
Added
Add the Vercel provider (formerly known as Zeit)
Add the OpenShift Cloud Infrastructure (OCI) DNS provider
Modified
Keep old Zeit provider for compatibility purpose with deprecation notices
Support multiple domain statuses for Joker provider
Both mef and jperkin have reported broken builds for ncgopher
after rust update to 1.54.0
I've contacted upstream and they have updated the dependencies
but, no new release.
https://github.com/jansc/ncgopher/issues/35
The package builds fine on my 9.99.88 amd64 now.
4.1.0 (2021-08-15)
------------------
- Remove last dependency on `six`
- Use `platformdirs` instead of the `appsdirs` dependency
- Pass digest method when signing timestamp node
- Fix settings context manager when an exception is raised
- Don't render decimals using scientific notation
- Remove dependency on `defusedxml` (deprecated)
- Improve handling of str values for Duration
Changes since 4.13.10
* BUG 14769: smbd panic on force-close share during offload write.
* BUG 14731: Fix returned attributes on fake quota file handle and avoid
hitting the VFS.
* BUG 14783: smbd "deadtime" parameter doesn't work anymore.
* BUG 14787: net conf list crashes when run as normal user.
* BUG 14607: Work around special SMB2 READ response behavior of NetApp Ontap
7.3.7.
* BUG 14793: Start the SMB encryption as soon as possible.
* BUG 14792: Winbind should not start if the socket path for the privileged
pipe is too long.
Add option to disable afp session timeouts.
Fix setting of phase1 addresses on NetBSD.
Send replies to client when printing to prompt more data to be sent.
ok markd@.
