Release v1.20.0
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
Fix bug in CFStream endpoint.
Fix a NULL deref in tcp_client_windows.cc.
Avoid using grpc_core::Executor when the background poller is available.
Update the c-ares submodule to the 1.15 release.
Remove unnecessary hack which causes data races.
Fix Potentially Dangerous Typo - locked function being run outside of combiner.
Trace log the status of every c-ares lookup; cleanup error handling.
Add SPIFFE security stack to gRPC .
Nuking the poll-cv polling engine.
Backport 18201 to fix "symbol not found: _ares_library_init" error in Bazel on MacOS build.
Run run_after_write closures in h2 once write action is done.
Transition into state CONNECTING when we start name resolution.
Support "darwin_x86_64" CPU in cares.BUILD.
Move grpc_shutdown internals to a detached thread.
Fix c-ares on Windows "DNS resolution failure" triggered by logging.
Disable c-ares on Android.
C++
Global Interceptor Registration allowed only once.
cmake fix: builds disabled by CODEGEN=OFF should not be installed.
cmake: when cross-compiling, the host grpc_cpp_plugin should be used.
* build: latest gmake-3 works once more
* build: exits on error in a subdir
* BSD: PF_LINK sockets now closed when no longer needed
* BSD: Fix detecting interface for scoped routes
* Solaris: Many, many, many fixes - pretty much works now
* script: Allow "" to mean /dev/null
* script: Add static routers and routes to env
* DHCP: outbound interface is no longer dictated with IP_PKTINFO
* DHCP: BPF sockets now closed when no longer needed
* DHCPv6: Allow nooption dhcp6_unicast to work
* DHCPv6: Don't spam syslog if we always get the same error
* route: Log pid which deleted routes of interest
Changes:
version 2019.04.17
Extractors
* [openload] Randomize User-Agent (closes#20688)
+ [openload] Add support for oladblock domains (#20471)
* [adn] Fix subtitle extraction (#12724)
+ [aol] Add support for localized websites
+ [yahoo] Add support GYAO episode URLs
+ [yahoo] Add support for streaming.yahoo.co.jp (#5811, #7098)
+ [yahoo] Add support for gyao.yahoo.co.jp
* [aenetworks] Fix history topic extraction and extract more formats
+ [cbs] Extract smpte and vtt subtitles
+ [streamango] Add support for streamcherry.com (#20592)
+ [yourporn] Add support for sxyprn.com (#20646)
* [mgtv] Fix extraction (#20650)
* [linkedin:learning] Use urljoin for form action URL (#20431)
+ [gdc] Add support for kaltura embeds (#20575)
* [dispeak] Improve mp4 bitrate extraction
* [kaltura] Sanitize embed URLs
* [jwplatfom] Do not match manifest URLs (#20596)
* [aol] Restrict URL regular expression and improve format extraction
+ [tiktok] Add support for new URL schema (#20573)
+ [stv:player] Add support for player.stv.tv (#20586)
Changelog:
Knot DNS 2.8.1 (2019-04-09)
===========================
Improvements:
-------------
- Possible zone transaction is aborted by zone events to avoid inconsistency
- Added log message if no persistent config DB is available during 'conf-begin'
- New environment setting 'KNOT_VERSION_FORMAT=release' for extended version suppression
- Various improvements in the documentation
Bugfixes:
---------
- Broken NSEC3-wildcard-nonexistence proof after NSEC3 re-salt
- Glue records under delegation are sometimes signed
- RRL doesn't work correctly on big-endian architectures
- NSEC3 not re-salted during AXFR refresh
- Failed to sign new zone contents if added dynamically #641
- NSEC3 opt-out signing doesn't work in some cases
- Broken NSEC3 chain after adding new sub-delegations
- Redundant SOA RRSIG on slave if RRSIG TTL changed on master
- Sometimes confusing log error message for NOTIFY event
- Improper include for LMDB #638
Knot DNS 2.8.0 (2019-03-05)
===========================
Features:
---------
- New offline-KSK mode of operation
- Configurable multithreaded DNSSEC signing for large zones
- Extended ACL configuration for dynamic updates
- New knotc trigger 'zone-key-rollover' for immediate DNSKEY rollover
- Added support for OPENPGPKEY, CSYNC, SMIMEA, and ZONEMD RR types
- New 'double-ds' option for CDS/CDNSKEY publication
Improvements:
-------------
- Significant speed-up of zone updates
- Knotc supports force option in the interactive mode
- Copy-on-write support for QP-trie (Thanks to Tony Finch)
- Unified and more efficient LMDB layer for journal, timer, and KASP databases
- DS check event is re-planned according to KASP even when purged timers
- Module DNS Cookies supports explicit Server Secret configuration
- Zone mtime is verified against full-precision timestamp (Thanks to Daniel Kahn Gillmor)
- Extended logging (loaded SOA serials, refresh duration, tiny cleanup)
- Relaxed fixed-length condition for DNSSEC key ID
- Extended semantic checks for DNAME and NS RR types
- Added support for FreeBSD's SO_REUSEPORT_LB
- Improved performance of geoip module
- Various improvements in the documentation
Compatibility:
--------------
- Changed configuration default for 'cds-cdnskey-publish' to 'rollover'
- Journal DB format changes are not downgrade-compatible
- Keymgr no longer prints DS for algorithm SHA-1
Unfortunately the .orig file is also installed, add a post-install:
target to clean `*.orig' left.
Bump PKGREVISION
(Accidentally uncommitted in the previous commit, sorry!)
Changes 2.17.7, 2018-07-12
--------------------------
From: Martin Sechny, shenk.sk
* update to HTML 5 template in bin/mrtg, checked by HTML+CSS W3C validator
* corrected style in HTML template: color with background-color
(workaround for missing text color property in mrtg.cfg)
Changes 2.17.6, 2014-12-02
--------------------------
From: tobi
* add --descr=ifname option to indexmaker
* fix parsing of global option in cfgmaker
* add dcn id to cfgmaker (baed on input from Pawel Golaszeswski)
From: Steve Alligood <steve@betterlinux.com>
* make sure threshval does not get clobberd
Changes 2.17.5, 2012-04-26
--------------------------
From: Pavel Gulchouck <gul@gul.kiev.ua>
* fix for kmg option coredump
Changes:
2.11.2
------
* Avoid crash in hub remote argument parsing
* Fix hub -C mydir merge <URL> by propagating global git arguments to Before/
After chains
* Preserve tilde ~ character in man pages
2.11.1
------
* Fix non-draft pull requests for certain repositories
2.11.0
------
* Create draft pull requests with hub pull-request --draft
Draft pull requests are considered work in progress: they don't
automatically request others for review and they are not mergeable while in
their draft state.
2.10.2
------
* Fix compatibility with git when run with no arguments: hub --git-dir=.git
* Fix issue/PR --format %L output in no-color mode
2.10.1
------
* Fix writing over existing cache files in hub api
* Allow repository names that start with a - character
* List api among custom hub commands in help
pkgsrc changes:
- Configuration files and man pages were accidentally installed
in etc/ and share/man. Add a SUBST_SED in order to avoid hard-coded
paths and install bash completions in share/bash_completions.d.
Changes:
1.8.2
=====
Additions
---------
- Support for
- `pixnet` (#177)
- `wikiart` (#179)
- `mangoxo` (#184)
- `yaplog` (#190)
- `livedoor` (#190)
- Login support for `mangoxo` (#184) and `twitter` (#214)
Changes
-------
- Increased required `Requests` version to 2.11.0
Fixes
-----
- Improved image quality on `reactor` sites (#210)
- Support `imagebam` galleries with more than 100 images (#219)
- Updated Cloudflare bypass code
Release Notes for Samba 4.10.2
This is a security release in order to address the following defects:
o CVE-2019-3870 (World writable files in Samba AD DC private/ dir)
o CVE-2019-3880 (Save registry file outside share as unprivileged user)
Details
o CVE-2019-3870:
During the provision of a new Active Directory DC, some files in the private/
directory are created world-writable.
o CVE-2019-3880:
Authenticated users with write permission can trigger a symlink traversal to
write or detect files outside the Samba share.
For more details and workarounds, please refer to the security advisories.
Changes since 4.10.1:
* BUG 13834: CVE-2019-3870: pysmbd: Ensure a zero umask is set for
smbd.mkdir().
* BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of
SaveKey/RestoreKey.
pkgsrc changes:
- Adjust test related definition
- Remove no longer needed patches
Changes:
1.7.3.3:
--------
Corrections:
Makefile.in did not specify dependencies of filan on vsnprintf_r.o
and snprinterr.o
Added definition of FILAN_OBJS
Thanks to Craig Leres, Clayton Shotwell, and Chris Packham for
providing patches.
configure option --enable-msglevel did not work with numbers
The autoconf mechanism for determining SHIFT_OFFSET did not work when
cross compiling.
Thanks to Max Freisinger from Gentoo for sending a patch.
Socat still depended on obsolete gethostbyname() function, thus
compiling with MUSL libc failed.
Problem reported by Kennedy33.
The async signal safe diagnostic system used FDs 3 and 4 internally, so
use of appropriate fdin or fdout led to failures.
Test: DIAG_FDIN
Problem reported by Onur Sentürk.
The socket based mechanism for passing messages and signal information
from signal handler to process could reach and kill the wrong process.
Introduces functions diag_sock_pair(), diag_fork()
Thanks to Darren Zhao for analysing and reporting this problem.
Option ipv6-join-group did not work because it was applied in the wrong
phase
Test: UDP6MULTICAST_UNIDIR
Thanks to Angus Gratton for sending a patch.
Setting ispeed and ospeed failed for some serial devices because the
two settings were applied with two different get/set cycles, Thanks to
Alexandre Fenyo for providing an initial patch.
However, the actual fix is part of a conceptual change of the termios
module that aims for applying all changes in a single tcsetaddr call.
Fixes FreeBSD Bug 198441
Termios options TAB0,TAB1,TAB2,TAB3, and XTABS did not have an effect.
Thanks to Alan Walters for reporting this bug.
Substituted cumbersom ISPEED_OFFSET mechanism for cfsetispeed() calls
With TCP6-LISTEN and the other passive IPv6 addresses the range option
just failed: due to a bug in the syntax parser and two more bugs in
the xiocheckrange_ip6() function.
The syntax has now been changed from "[::1/128]" to "[::1]/128"!
Thanks Leah Neukirchen for sending an initial fix.
For name resolution Socat only checked the first character of the host
name to decide if it is an IPv4 address. This was not RFC conform. This
fix removes the possibility for use of IPv4 addresses with IPv6, e.g.
TCP6:127.0.0.1:80
Thanks to Nicolas Fournil for reporting this issue.
Print a useful error message when single character options appear to be
merged in Socat invocation
Test: SOCCAT_OPT_HINT
Fixed some docu typos.
Thanks to Travis Wellman, Thomas <tjps636>, Dan Kenigsberg,
Julian Zinn, and Simon Matter
Porting:
OpenSSL functions TLS1_client_method() and similar are
deprecated. Socat now uses recommended TLS_client_method(). The old
functions and dependend option openssl-method can still be
used when configuring socat with --enable-openssl-method
Shell scripts in socat distribution are now headed with:
#! /usr/bin/env bash
to make them better portable to systems without /bin/bash
Thanks to Maya Rashish for sending a patch
RES_AAONLY, RES_PRIMARY are deprecated. You can still enable them with
configure option --enable-res-deprecated.
New versions of OpenSSL preset SSL_MODE_AUTO_RETRY which may hang socat.
Solution: clear SSL_MODE_AUTO_RETRY when it is set.
Renamed configure.in to configure.ac and set an appropriate symlink for
older environments.
Related Gentoo bug 426262: Warning on configure.in
Thanks to Francesco Turco for reporting that warning.
Fixed new IPv6 range code for platforms without s6_addr32 component.
Testing:
test.sh: Show a warning when phase-1 (insecure phase) of a security
test fails
OpenSSL tests failed on actual Linux distributions. Measures:
Increased key lengths from 768 to 1024 bits
Added test.sh option -C to delete temp certs from prevsious runs
Provide DH-parameter in certificate in PEM
OpenSSL s_server option -verify 0 must be omitted
OpenSSL authentication method aNULL no longer works
Failure of cipher aNULL is not a failure
Failure of methods SSL3 and SSL23 is desired
test.sh depended on ifconfig and netstat utilities which are no longer
available in some distributions. test.sh now checks for and prefers
ip and ss.
Thanks to Ruediger Meier for reporting this problem.
More corrections to test.sh:
Language settings could still influence test results
netstat was still required
Suppress usleep deprecated messag
Force use of IPv4 with some certificates
Set timeout for UDPxMAXCHILDREN tests
Git:
Added missing Config/Makefile.DragonFly-2-8-2,
Config/config.DragonFly-2-8-2.h
Removed testcert.conf (to be generated by test.sh)
Cosmetics:
Simplified handling of missing termios defines.
New features:
Permit combined -d options as -dd etc.
It appears that the buffer overflow issue referred to is the same in
both 1.20.2 and 1.20.3 (they had to fix the fix).
Upstream changelog:
* Changes in Wget 1.20.3
** Fixed a buffer overflow vulnerability
* Changes in Wget 1.20.2
** NTLM authentication will retry under certain cases
** Fixed a buffer overflow vulnerability
Changes:
version 2019.04.07
Core
+ [downloader/external] Pass rtmp_conn to ffmpeg
Extractors
+ [ruutu] Add support for audio podcasts (#20473, #20545)
+ [xvideos] Extract all thumbnails (#20432)
+ [platzi] Add support for platzi.com (#20562)
* [dvtv] Fix extraction (#18514, #19174)
+ [vrv] Add basic support for individual movie links (#19229)
+ [bfi:player] Add support for player.bfi.org.uk (#19235)
* [hbo] Fix extraction and extract subtitles (#14629, #13709)
* [youtube] Extract srv[1-3] subtitle formats (#20566)
* [adultswim] Fix extraction (#18025)
* [teamcoco] Fix extraction and add suport for subdomains (#17099, #20339)
* [adn] Fix subtitle compatibility with ffmpeg
* [adn] Fix extraction and add support for positioning styles (#20549)
* [vk] Use unique video id (#17848)
* [newstube] Fix extraction
* [rtl2] Actualize extraction
+ [adobeconnect] Add support for adobeconnect.com (#20283)
+ [gaia] Add support for authentication (#14605)
+ [mediasite] Add support for dashed ids and named catalogs (#20531)
4.3.0:
- Added support for broadcasting using a regular expression pattern
or a glob pattern to multiple Pidboxes.
- Added support for PEP 420 namespace packages.
- Added :setting:acks_on_failure_or_timeout as a setting instead of
a task only option.
- Added the :signal:task_received signal.
- Fixed a crash of our CLI that occurred for everyone using Python < 3.6.
- Fixed a crash that occurred when using the Redis result backend
while the :setting:result_expires is set to None.
- Added support the DNS seedlist connection format for the MongoDB result backend.
- Bump the minimum eventlet version to 0.24.1.
- Replace the msgpack-python package with msgpack.
- Allow scheduling error handlers which are not registered tasks in the current
worker.
- Additional fixes and enhancements to the SSL support of
the Redis broker and result backend.
4.5.0:
- The Redis transport now supports a custom separator for keys.
- When the SQS server returns a timeout we ignore it and keep trying
instead of raising an error.
- Properly declare async support for the Qpid transport.
1.21 - 2019-03-26
- Switch to libmaxminddb for GeoIP lookups
- Replaced 'geoip_cc4' and 'geoip_cc6' settings with a single 'geoip_cc'
- Mark already queued or shared files in search and file browser (Daniel Kamil Kozar)
- Add 'download_shared' setting (Daniel Kamil Kozar)
- Add 'show_free_slots' setting (Daniel Kamil Kozar)
- Add support for the "Free Slots" ADC extension
1.19.1
------
Python
* Backport "Add the missing grpc_cfstream dependency" to v1.19.x.
1.19.0
------
Python
* grpc_prefork(): check grpc_is_initialized before creating execctx.
* [gRPC] Enable Python 3 for Bazel to Run Tests.
* Escalate the failure of protoc execution.
* Remove dependency of grpc.framework.foundation.callable_util.
1.18.0
------
Python
* Servers are no longer guaranteed to automatically shutdown when garbage
collected. Applications must explicitly invoke grpc.Server.stop() to
shutdown the server and release its resources. This aligns server behavior
with the grpc.Channel.close() semantics introduced in v1.12.0.
* Add python API to retrieve library version. (#17580)
* Add Watch method to health check service. (#17597)
* Refactor server deallocation. (#17444)
* Add grpcio-status extension package. (#17490)
* Add gRPC Python Example: Metadata. (#17485)
* New abort with grpc.Status API. (#17481)
* Update urllib3 to avoid security vulnerability. (#17476)
* Add License to Python tarball. (#17411)
* Revert "Strip manylinux1 binary wheels". (#17412)
* Surface exceptions from Cython to Python as much as possible. (#16971)
* Add logging.basicConfig() for example servers. (#17322)
* Channelz Python wrapper implementation. (#17266)
* Fix Python blocking interceptors facing RpcError. (#17317)
* Raise the exception while credential initialization. (#17281)
1.17.1
------
Python
* Update urllib3 version number to avoid security vulnerability. (#17477)
* Revert stripping manylinux1 binary wheels to fix bad checksum of .so file.
(#17415)
1.17.0
------
Python
* Update Python documentation. (#17194)
* Migrate tests from Python 3.4 to Python 3.7. (#16995)
* Add wait-for-ready option. (#16919)
* The new gRPC Python documentation generator. (#17074)
* Allow gpr compatibility mode to be disabled in the Python build. (#16916)
* Fix logging issues introduced due to root logger being configured by gRPC.
(#17091)
* Add support for utf-8 error messages. (#16946)
* Ensure libboringssl.a is always built for Python. (#17049)
* Add python example to show the use of channel options. (#16924)
* Add type checking for channel args. (#16864)
* Strip manylinux1 binary wheels. (#16836)
1.16.1
------
This is 1.16.1 patch release for gRPC-Python.
Please see the notes for the previous releases here: https://github.com/grpc/
grpc/releases. Please consult https://grpc.io/ for all information regarding
this product.
This prerelease contains refinements, improvements, and bug fixes.
* Python: Fixed the issue where calls to logging.basicConfig() in various
modules added a handler to the root logger. This also fixes "No handlers
could be found" message in some cases. (#17064)
1.16.0
------
Python
* Fix SSL channel credential when an argument is None. (#16640)
* Bazel: Fix python BUILD rules. (#16561)
1.15.1
------
Python
* Added experimental support for client-side fork on Linux and Mac by setting
the environment variable GRPC_ENABLE_FORK_SUPPORT=1. Applications may fork
with active RPCs, as long as no user threads are currently invoking gRPC
library methods. In-progress RPCs continue in the parent process, and the
child process may use gRPC by creating new channels. (#16264)
* Improve PyPy compatibility. (#16364)
* Fix segmentation fault caused by channel.close() when used with
connectivity-state subscriptions. (#16296)
* Add server reflection guide for Python. See https://github.com/grpc/grpc/
blob/master/doc/python/server_reflection.md.
* Add Cython functionality to directly wrap grpc_arg. (#16192, #16197)
1.14.2
------
* Python: Segmentation fault caused by channel.close() when used with
connectivity-state subscriptions. (#16296)
1.14.1
------
If you are using version 1.14.0, please upgrade to this patch. A fix for issue
#15889 is reverted in this patch. The fix may cause memory corruption is some
corner cases. We advise not to use release 1.14.0.
1.14.0
------
Python
* Explicitly check conformance of handlers added to a gRPC server to
grpc.GenericRpcHandler type. (#15689)
* Expose SERVICE_NAME field from reflection and health checking services. (#
16153)
* Explicitly close channels in examples via the Channel.close API. (#15725)
+ Please note that gRPC requires explicit closure of Channel objects via
a with block or directly invoking the Channel.close API to ensure
resources are appropriately released.
* Official Python 3.7 binary wheels for Windows (x64), macOS, and Linux (x86
and x64) are now available. (#15632)
* Optimize blocking intercepted response-unary calls to use the blocking API
and not rely on a future underneath. (#14639)
NTP 4.2.8p13 2019-03-07
This release fixes a bug that allows an attacker with access to an
explicitly trusted source to send a crafted malicious mode 6 (ntpq)
packet that can trigger a NULL pointer dereference, crashing ntpd.
It also provides 17 other bugfixes and 1 other improvement.
NTP 4.2.8p12 2018-04-09
This release fixes a "hole" in the noepeer capability introduced to ntpd
in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
ntpq and ntpdc. It also provides 26 other bugfixes, and 4 other improvements.
NTP 4.2.8p11 2018-02-27
This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity
vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and
provides 65 other non-security fixes and improvements.
The upstream Makefile.in fails to express a dependency. However,
instead of the usual situation where a -j1 build works and a parallel
build sometimes fails, the -j1 build reliably fails and a -j4 or -j10
occasionally works.
* Startup is now way faster, especially when using DoH servers.
* A new action: CLOAK is logged when queries are being cloaked.
* A cloaking rule can now map to multiple IPv4 and IPv6 addresses, with load-balancing.
* New option: refused_code_in_responses to return (or not) a REFUSED code on blacklisted queries. This is disabled by default, in order to work around a bug in Android Pie.
* Time-based restrictions are now properly handled in the generate-domains-blacklist.py script.
* Other improvements have been made to the generate-domains-blacklist.py script.
* The Windows service is now installed as NT AUTHORITY\NetworkService.
0.6.0:
[ENHANCEMENT] Better exceptions on exposition failure
[BUGFIX] Fix deadlock in gcCollector, metrics are now different
[BUGFIX] Fix thread leak in Python 3.7
[BUGFIX] Make the format strings compatible with Python 2.6
[BUGFIX] parser: ensure samples are of type Sample
Release v1.19.1
Core
Backport 18201 to fix "symbol not found: _ares_library_init" error in C++ Bazel build on MacOS.
Python
Backport "Add the missing grpc_cfstream dependency" to v1.19.x.
Release v1.19.0
Core
Fix c-ares on Windows "DNS resolution failure" triggered by logging.
Disable c-ares on Android.
Ignore reserved bit in WINDOW_UPDATE frame.
Set c-ares as the default resolver.
Add period at end of metadata.google.internal to prevent unnecessary DNS lookups.
Decrease verbosity of ALTS platform check to avoid a spam log message.
Fix windows localhost address sorting bug.
Re-enable c-ares as the default resolver; but don't turn on SRV queries.
Remove filters from subchannel args.
C++
Register for cq avalanching when interceptors are going to be run.
Add a caching interceptor to the keyvaluestore example.
Enable per-channel subchannel pool.
Fix build with bazel 0.21.
Switch the default DNS resolver from native to c-ares.
Modifying semantics for GetSendMessage and GetSerializedSendMessage. Also adding ModifySendMessage.
Add interceptor methods to fail recv msg for hijacked rpcs and set recv message to nullptr on failure.
Add interceptor method to fail hijacked send messages and get status on POST_SEND_MESSAGE.
New Experimental Interception API - GetSendMessage and GetSerializedSendMessage.
C#
Upgrade System.Interactive.Async to 3.2.0.
Refactor ServerServiceDefinition and move it to Grpc.Core.Api nuget.
Allow passing null implementation to generated BindService overload using ServiceBinderBase.
Move public types needed for server implementation to Grpc.Core.Api.
Objective-C
Disable c-ares on iOS.
Added support for tvOS.
Fixing a few thread safety issues in gRPC Objective-C library.
Rolling out new API for gRPC Objective-C library.
Python
grpc_prefork(): check grpc_is_initialized before creating execctx.
[gRPC] Enable Python 3 for Bazel to Run Tests.
Escalate the failure of protoc execution.
Remove dependency of grpc.framework.foundation.callable_util.
Ruby
Disable service config resolution with c-ares by default, for now.
Ruby: refactor init/shutdown logic to avoid using atexit; fix windows.
Ruby tooling: respect user toolchain overrides.
- Added dualstack handling for servers applying the
pseudo IP address ':0' on call (common now for all servers).
- Tailored TLS error handling for EAGAIN end error codes.
- Rewrote IPv4 CIDR address evaluation for rules.
- Added dual-stack capabilities for tcpserver applying the
pseudo IP address ':0' on call (common now for all servers).
- Rewrote IPv4 CIDR address evaluation for rules.
- MacOS has already function wait -> waiter (in rblsmtpd).
This module provides an alternative API to NetAddr::IP that aims to address
the biggest problems with that module's API, as well as adding some additional
features.
Release Notes for Samba 4.10.0
This is the first stable release of the Samba 4.10 release series.
Please read the release notes carefully before upgrading.
NEW FEATURES/CHANGES
====================
GPO Improvements
----------------
A new 'samba-tool gpo backup' command has been added that can export a
set of Group Policy Objects from a domain in a generalised XML format.
A corresponding 'samba-tool gpo restore' command has been added to
rebuild the Group Policy Objects from the XML after generalization.
(The administrator needs to correct the values of XML entities between
the backup and restore to account for the change in domain).
KDC prefork
-----------
The KDC now supports the pre-fork process model and worker processes will be
forked for the KDC when the pre-fork process model is selected for samba.
Prefork 'prefork children'
--------------------------
The default value for this smdb.conf parameter has been increased from 1 to
4.
Netlogon prefork
----------------
DCERPC now supports pre-forked NETLOGON processes. The netlogon processes are
pre-forked when the prefork process model is selected for samba.
Offline domain backups
----------------------
The 'samba-tool domain backup' command has been extended with a new 'offline'
option. This safely creates a backup of the local DC's database directly from
disk. The main benefits of an offline backup are it's quicker, it stores more
database details (for forensic purposes), and the samba process does not have
to be running when the backup is made. Refer to the samba-tool help for more
details on using this command.
Group membership statistics
---------------------------
A new 'samba-tool group stats' command has been added. This provides summary
information about how the users are spread across groups in your domain.
The 'samba-tool group list --verbose' command has also been updated to include
the number of users in each group.
Paged results LDAP control
--------------------------
The behaviour of the paged results control (1.2.840.113556.1.4.319, RFC2696)
has been changed to more closely match Windows servers, to improve memory
usage. Paged results may be used internally (or is requested by the user) by
LDAP libraries or tools that deal with large result sizes, for example, when
listing all the objects in the database.
Previously, results were returned as a snapshot of the database but now,
some changes made to the set of results while paging may be reflected in the
responses. If strict inter-record consistency is required in answers (which is
not possible on Windows with large result sets), consider avoiding the paged
results control or alternatively, it might be possible to enforce restrictions
using the LDAP filter expression.
For further details see https://wiki.samba.org/index.php/Paged_Results
Prefork process restart
-----------------------
The pre-fork process model now restarts failed processes. The delay between
restart attempts is controlled by the "prefork backoff increment" (default = 10)
and "prefork maximum backoff" (default = 120) smbd.conf parameters. A linear
back off strategy is used with "prefork backoff increment" added to the
delay between restart attempts up until it reaches "prefork maximum backoff".
Using the default sequence the restart delays (in seconds) are:
0, 10, 20, ..., 120, 120, ...
Standard process model
----------------------
When using the standard process model samba forks a new process to handle ldap
and netlogon connections. Samba now honours the 'max smbd processes' smb.conf
parameter. The default value of 0, indicates there is no limit. The limit
is applied individually to netlogon and ldap. When the process limit is
exceeded Samba drops new connections immediately.
python3 support
---------------
This is the first release of Samba which has full support for Python 3.
Samba 4.10 still has support for Python 2, however, Python 3 will be used by
default, i.e. 'configure' & 'make' will execute using python3.
To build Samba with python2 you *must* set the 'PYTHON' environment variable
for both the 'configure' and 'make' steps, i.e.
'PYTHON=python2 ./configure'
'PYTHON=python2 make'
This will override the python3 default.
Alternatively, it is possible to produce Samba Python bindings for both
Python 2 and Python 3. To do so, specify '--extra-python=/usr/bin/python2'
as part of the 'configure' command. Note that python3 will still be used as
the default in this case.
Note that Samba 4.10 supports Python 3.4 onwards.
Future Python support
---------------------
Samba 4.10 will be the last release that comes with full support for
Python 2. Unfortunately, the Samba Team doesn't have the resources to support
both Python 2 and Python 3 long-term.
Samba 4.11 will not have any runtime support for Python 2. This means if
you use Python 2 bindings it is time to migrate to Python 3 now.
If you are building Samba using the '--disable-python' option (i.e. you're
excluding all the run-time Python support), then this will continue to work
on a system that supports either python2 or python3.
Also note that Samba 4.11 will most likely only support Python 3.6 onwards.
JSON logging
------------
Authentication messages now contain the Windows Event Id "eventId" and logon
type "logonType". The supported event codes and logon types are:
Event codes:
4624 Successful logon
4625 Unsuccessful logon
Logon Types:
2 Interactive
3 Network
8 NetworkCleartext
The version number for Authentication messages is now 1.1, changed from 1.0
Password change messages now contain the Windows Event Id "eventId", the
supported event Id's are:
4723 Password changed
4724 Password reset
The version number for PasswordChange messages is now 1.1, changed from 1.0
Group membership change messages now contain the Windows Event Id "eventId",
the supported event Id's are:
4728 A member was added to a security enabled global group
4729 A member was removed from a security enabled global group
4732 A member was added to a security enabled local group
4733 A member was removed from a security enabled local group
4746 A member was added to a security disabled local group
4747 A member was removed from a security disabled local group
4751 A member was added to a security disabled global group
4752 A member was removed from a security disabled global group
4756 A member was added to a security enabled universal group
4757 A member was removed from a security enabled universal group
4761 A member was added to a security disabled universal group
4762 A member was removed from a security disabled universal group
The version number for GroupChange messages is now 1.1, changed from 1.0. Also
A GroupChange message is generated when a new user is created to log that the
user has been added to their primary group.
The leading "JSON <message type>:" and source file prefix of the JSON formatted
log entries has been removed to make the parsing of the JSON log messages
easier. JSON log entries now start with 2 spaces followed by an opening brace
i.e. " {"
SMBv2 samba-tool support
------------------------
On previous releases, some samba-tool commands would not work against a remote
DC that had SMBv1 disabled. SMBv2 support has now been added for samba-tool.
The affected commands are 'samba-tool domain backup|rename' and the
'samba-tool gpo' set of commands.
New glusterfs_fuse VFS module
-----------------------------
The new vfs_glusterfs_fuse module improves performance when Samba
accesses a glusterfs volume mounted via FUSE (Filesystem in Userspace
as part of the Linux kernel). It achieves that by leveraging a
mechanism to retrieve the appropriate case of filenames by querying a
specific extended attribute in the filesystem. No extra configuration
is required to use this module, only glusterfs_fuse needs to be set in
the "vfs objects" parameter. Further details can be found in the
vfs_glusterfs_fuse(8) manpage. This new vfs_glusterfs_fuse module does
not replace the existing vfs_glusterfs module, it just provides an
additional, alternative mechanism to access a Gluster volume.
REMOVED FEATURES
================
MIT Kerberos build of the AD DC
-------------------------------
While not removed, the MIT Kerberos build of the Samba AD DC is still
considered experimental. Because Samba will not issue security
patches for this configuration, such builds now require the explicit
configure option: --with-experimental-mit-ad-dc
For further details see
https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
samba_backup
------------
The samba_backup script has been removed. This has now been replaced by the
'samba-tool domain backup offline' command.
SMB client Python bindings
--------------------------
The SMB client python bindings are now deprecated and will be removed in future
Samba releases. This will only affects users that may have used the Samba
Python bindings to write their own utilities, i.e. users with a custom Python
script that includes the line 'from samba import smb'.
- added pseudo IP address ':0' for servers to allow simultaneous binding
to both IPv4 and IPv6. Disregard of unresponsive DNS servers for query.
- Quadratic lookup scheme for dns_transmit.c (tx. Joseph Tam).
- Fixed missing IP address for client rejection in log (tx. Bob Dodds).
0.10.6
- Improved documentation.
- Improved installation requirements for py3
- ConnectionError's raised by responses now indicate which request
path/method failed to match a mock.
- test_responses.py is no longer part of the installation targets.
Changes:
1.8.0
-----
### Added
- Support for:
- `weibo`
- `pururin` (#174)
- `fashionnove` (#175)
- `shopify` sites in general (#175)
- Snap packaging (#169, #170, #187, #188)
- Automatic Cloudflare DDoS protection bypass
- Extractor and Job information for logging format strings
- `dynastyscans` image and search extractors (#163)
- `deviantart` scraps extractor (#168)
- `artstation` extractor for artwork listings (#172)
- `smugmug` video support and improved image format selection (#183)
### Changed
- More metadata for `nhentai` galleries
- Combined `myportfolio` extractors into one
- Renamed `name` metadata field to `filename` and removed the original `filename` field
- Simplified and improved internal data structures
- Optimized creation of child extractors
### Fixed
- Filter empty `tumblr` URLs (#165)
- Filter ads and improve connection speed on `hentaifoundry`
- Show proper error messages if `luscious` galleries are unavailable
- Miscellaneous issues on `mangahere`, `ngomik`, `simplyhentai`, `imgspice`
### Removed
- `seaotterscans`
3.3.1:
- Fix issue with empty xsd:import statements on Python 2.7
3.3.0:
- Extend the force_https flag to also force loading xsd files from https when
a http url is encountered from a https domain
- Fix handling recursive xsd imports when the url's are enforced from http to
https.
- Fix reference attribute when using the Binary Security Token
- Add support for the WSAM namespace
3.2.0:
- Fix abstract message check for NoneType before attempting to access parts
- Improve support for 'Chameleon' XSD schemas
- Fix resolving qualified references
- Fix issue with duplicate soap:body tags when multiple parts used
- Fix Choice with unbound Any element
- Add xsd_ignore_sequence_order flag
- Add support for timestamp token in WSS headers
- Accept strings for xsd.DateTime
3.1.0:
- Fix SSL issue on with TornadoAsyncTransport
- Fix passing strict keyword in XML loader
- Update documentation
3.0.0:
This is a major release, and contains a number of backwards incompatible
changes to the API.
- Refactor the settings logic in Zeep. All settings are now configured using
the zeep.settings.Settings() class.
- Allow control of defusedxml settings via zeep.Settings
- Add ability to set specific http headers for each call
- Skip the xsd:annotation element in the all:element
- Add Settings.force_https as option so that it can be disabled
- Strip spaces from QName's when parsing xsd's
- Fix DateTime parsing when only a date is returned
- Fix handling of nested optional any elements
- Check if part exists before trying to delete it
v0.6.3:
Fix homepage link registered with PyPi
SSH Host key checking
Updated junos.py to resolve RestrictedUser error
Close the channel when closing SSH session
invoke self.parse() to ensure errors, if any, have been detected before check in ok()
v0.6.2:
Migration to user selectors instead of select, allowing higher scale operations
improved netconf:base:1.1 parsing
Graceful exit on session close
Changes since 4.9.4:
* audit_logging: Remove debug log header and JSON Authentication:
prefix.
* Fix upgrade from 4.7 (or earlier) to 4.9.
* s3: lib: nmbname: Ensure we limit the NetBIOS name correctly.
CID: 1433607.
* smbd: uid: Don't crash if 'force group' is added to an existing
share connection.
* s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility
code.
* s3: SMB1 POSIX mkdir does case insensitive name lookup.
* s3:utils/smbget fix recursive download with empty source
directories.
* samba-tool drs showrepl: Do not crash if no dnsHostName found.
* s3:libsmb: cli_smb2_list() can sometimes fail initially on a
connection.
* join: Throw CommandError instead of Exception for simple errors.
* ldb: Avoid inefficient one-level searches.
* s3: libsmb: use smb2cli_conn_max_trans_size() in
cli_smb2_list().
* tldap: Avoid use after free errors.
* Fix idmap xid2sid cache churn.
* access_check_max_allowed() doesn't process "Owner Rights" ACEs.
* s3-smbd: Avoid assuming fsp is always intact after close_file
call.
* s3-vfs-fruit: Add close call.
* s3-smbd: Use fruit:model string for mDNS registration.
* s3-vfs: add glusterfs_fuse vfs module.
* printing: Check lp_load_printers() prior to pcap cache update.
* vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS)
ftruncate and fallocate.
* lib/audit_logging: Actually create talloc.
* netcmd/user: python[3]-gpgme unsupported and replaced by
python[3]-gpg.
* dns: Changing onelevel search for wildcard to subtree.
* samba-tool: Don't print backtrace on simple DNS errors.
* sambaundoguididx: Use the right escaped oder unescaped sam ldb
files.
* ctdb: Print locks latency in machinereadable stats.
* messages_dgm: Messaging gets stuck when pids are recycled.
* audit_logging: auth_json_audit required auth_json.
* man pages: Document prefork process model.
* CVE-2019-3824 ldb: Release ldb 1.4.6.
* s3:auth: ignore create_builtin_guests() failing without a valid
idmap configuration.
* s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC
without trusts.
* s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd
is not available.
* s4:server: Add support for 'smbcontrol samba shutdown' and
'smbcontrol <pid> debug/debuglevel'.
* Python: Ensure ldb.Dn can doesn't rencoded str with py2.
* vfs_glusterfs: Adapt to changes in libgfapi signatures.
* s3-vfs: Use ENOATTR in errno comparison for getxattr.
* notifyd: Fix SIGBUS on sparc.
* waf: Check for libnscd.
* s3:vfs: Correctly check if OFD locks should be enabled or not.
* lib/util: Count a trailing line that doesn't end in a newline.
* Recovery lock bug fixes.
* s3: net: Do not set NET_FLAGS_ANONYMOUS with -k.
* s3:libsmb: Honor disable_netbios option in smbsock_connect_send.
* vfs_fileid: Fix get_connectpath_ino.
* vfs_fileid: Fix fsname_norootdir algorithm.
Release 0.13.1
This release adds a minor feature to "flappclient": it now pays attention to
a pair of environment variables named $FOOLSCAP_TOR_CONTROL_PORT and
$FOOLSCAP_TOR_SOCKS_PORT. If set, the client will install a connection
handler that routes "tor:" -type FURLs through a Tor daemon at the given
ports (both of which are endpoint descriptors, e.g. "tcp:localhost:9050").
To use this, install the "tor" extra, like "pip install foolscap[tor]". If
this extra was not installed (e.g. "txtorcon" is not importable), the
environment variables will be ignored.
This release also improves the reliability of the unit test suite
(specifically test_reconnector) on slower systems.
Release 0.13.0
This release fixes compatibility with the latest Twisted-17.9.0 and changes
the way logfiles are encoded.
Foolscap's "flogtool" event-logging system can be configured to serialize log
events into "Incident Files". In previous versions, these were serialized
with the stdlib "pickle" module. However a recent change to Twisted's
"Failure" class made them unpickleable, causing Foolscap's unit test suite to
fail, and also affect applications which foolscap.logging.log.msg() with
Failures as arguments. And untrusted pickles were unsafe to load anyways.
This release replaces pickle with JSON, making it safe to use "flogtool"
utilities on untrusted incident files. All new incident files created by this
version will use JSON, and all tools (e.g. "flogtool dump") can only handle
JSON-based files.
This also resolves a problem with tox-2.9.0, which caused tests to not run at
all because nothing was installed into the test environment.
Twine is a utility for publishing Python packages on PyPI. It provides build
system independent uploads of source and binary distribution artifacts for both
new and existing projects.
Upstream changes:
Features
- Add local-zone type inform_redirect, which logs like type inform,
and redirects like type redirect.
- Perform canonical sort for 0x20 capsforid compare of replies,
this sorts rrsets in the authority and additional section before
comparison, so that out of order rrsets do not cause failure.
- Print query name with ip_ratelimit exceeded log lines.
Spaces instead of tabs in that log message.
- Print query name and IP address when domain rate limit exceeded.
Bug Fixes
- Fix#4224: auth_xfr_notify.rpl test broken due to typo
- Fix locking for libunbound context setup with broken port config.
- Fix case in which query timeout can result in marking delegation
as edns_lame_known.
- Set ub_ctx_set_tls call signature in ltrace config file for
libunbound in contrib/libunbound.so.conf.
- improve documentation for tls-service-key and forward-first.
- #10: fixed pkg-config operations, PKG_PROG_PKG_CONFIG moved out of
conditional section, fixes systemd builds, from Enrico Scholz.
- #9: For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks,
still supports the set_id_callback previous API. And for 1.1.0
no locking callbacks are needed.
- #8: Fix OpenSSL without ENGINE support compilation.
- Wipe TLS session key data from memory on exit.
- Fix that log-replies prints the correct name for local-alias
names, for names that have a CNAME in local-data configuration.
It logs the original query name, not the target of the CNAME.
- Fix#4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2.
- Fix that qname minimisation does not skip a label when missing
nameserver targets need to be fetched.
- Fix#4225: clients seem to erroneously receive no answer with
DNS-over-TLS and qname-minimisation.
- Note default for module-config in man page.
- Fix#13: Remove left-over requirements on OpenSSL >= 1.1.0 for
cert name matching, from man page.
- Fix capsforid canonical sort qsort callback.
- Fix pythonmod include and sockaddr_un ifdefs for compile on
Windows, and for libunbound.
- Fix the error for unknown module in module-config is understandable,
and explains it was not compiled in and where to see the list.
- In example.conf explain where to put cachedb module in module-config.
- In man page and example config explain that most modules have to
be listed at the start of module-config.
- Fix#4227: pair event del and add for libevent for tcp_req_info.
- Fix#4229: Unbound man pages lack information, about access-control
order and local zone tags, and elements in views.
- Fix#14: contrib/unbound.init: Fix wrong comparison judgment
before copying.
- Fix for python module on Windows, fix fopen.
- Remove memory leak on pythonmod python2 script file init.
- Remove swig gcc8 python function cast warnings, they are ignored.
- Print correct module that failed when module-config is wrong.
Pkgsrc changes:
* Update license to "mit", to track upstream.
Upstream changes:
* Change license to modern MIT license for compatibility with
GPLv2 software.
* src/fstrm_replay.c: For OpenBSD and Posix portability include
netinet/in.h and sys/socket.h to get struct sockaddr_in and the
AF_* defines respectively.
* Fix various compiler warnings.
3.41.1 (2019-03-06)
- Fix a regression introduced in 3.41.1 with slow FTP servers needlessly waiting for a bidirectional shutdown of the data connection during down
loads
3.41.0 (2019-03-06)
- MSW: Fix an issue with failing uploads due to the operating system not gracefully closing TCP connections contrary to the documented behavior
- MSW: Fix compilation flags for wxWidgets to no longer include useless XP compatibility
3.41.0-rc1 (2019-02-26)
- Fixed crash if adding a bookmark with the current connection not yet having a Site Manager entry
- Fixed a rare crash if closing FileZilla while a recursive chmod operation is still in progress
- Fixed a rare crash if starting directory comparison on an empty directory without logical parent
- Fixed a rare crash on changing the file list sort order when the focused item index has previously become invalid
- Restrict the maximum length of regular expressions in filter conditions due to bugs in some implementations of the C++ Standard Library causin
g crashes
- OS X: Fixed crash if the path of a file dropped on FileZilla cannot be obtained
- Fixed order in which directories helper tools and data files are searched for
- Fixed a rare crash if closing tab during an ongoing recursive directory deletion
Wireshark 2.6.7 Release Notes
The following vulnerabilities have been fixed:
• wnpa-sec-2019-06[1] ASN.1 BER and related dissectors crash.
15447[2]. CVE-2019-9209[3].
• wnpa-sec-2019-07[4] TCAP dissector crash.
CVE-2019-9208[6].
• wnpa-sec-2019-08[7] RPCAP dissector crash.
The following bugs have been fixed:
• Alignment Lost after Editing Column.
• Crash on applying display filters or coloring rules on capture
files containing non-UTF-8 data.
• tshark outputs debug information.
• Feature request - HTTP, add the field "request URI" to response.
• randpkt should be distributed with the Windows installer.
• Memory leak with "-T ek" output format option.
• Display error in negative response time stats (gint displayed as
unsigned).
• _epl_xdd_init not found.
• Decoding of MEGACO/H.248 request shows the Remote descriptor as
"Local descriptor".
• Repeated NFS in Protocol Display field.
• RBM file dissector adds too many items to the tree, resulting in
aborting the program.
• Wireshark heap out-of-bounds read in infer_pkt_encap.
• Column width and hidden issues when switching profiles.
• GTPv1-C SGSN Context Response / Forward Relocation Request decode
GGSN address IPV6 issue.
• Lua Error on startup: init.lua: dofile has been disabled due to
running Wireshark as superuser.
• DICOM ASSOCIATE Accept: Protocol Version.
• Multiple out-of-bounds reads in NetScaler trace handling
(wiretap/netscaler.c).
• Wrong endianess when dissecting the "chain offset" in SMB2
protocol header.
• Memory leak in mate_grammar.lemon’s recolonize function.
4.4.0:
- Restore bz2 import checks in compression module.
The checks were removed in celery/kombu-938 <https://github.com/celery/kombu/pull/938>_ due to assumption that it only affected Jython.
However, bz2 support can be missing in Pythons built without bz2 support.
- Fix regression that occurred in 4.3.0
when parsing Redis Sentinel master URI containing password.
- Handle the case when only one Redis Sentinel node is provided.
- Support SSL URL parameters correctly for rediss:// URIs.
- Revert celery/kombu-954 <https://github.com/celery/kombu/pull/954>_.
Instead bump the required redis-py dependency to 3.2.0
to include this fix andymccurdy/redis-py@4e1e748 <4e1e748092>_.
- Added support for broadcasting using a regular expression pattern
or a glob pattern to multiple Pidboxes.
2.4.2:
- Added support for the Cygwin platform
- Correct offset incrementation when parsing bitmaps.
- Consequent bitmaps are now parsed correctly.
Previously the bit counter was reset with every bit.
We now reset it once per 8 bits, when we consume the next byte.
Package is now compatible with dune 1.7.
Several backwards incompatible changes in version 3.0.0:
- sexp serialisers removed from main interface;
- macaddr module now in separate opam package;
- replace of_string/bytes functions with rresult types;
- use sexplib0 instead of the full sexp library;
- changes to function signatures.
Full details in the CHANGES.md file; there are also several minor changes.
Version 2.1 (January 12th, 2019)
Fixup release, correcting issues uncovered in the prior year.
Startup
Connect by default to Tor Browser's default port (9151) when it's available
Nyxrc color_override configuration values only worked if camel case (ticket)
'sqlite3.OperationalError' crash when ran with multiple users that share a home directory (ticket)
Process renaming could potentially crash (ticket)
Blank debug path caused us to crash (ticket)
Nyxrc password option for the controller credential (ticket)
Accept shorthand '--interface' arugments with a colon but no address (ticket)
Notification when connection information is unavailable (ticket)
When using python 3.x unable to run if distutils was unavailable (ticket)
Header
Right column of stats missing when using python 3.x
Graph
Removed confusing, unit-less 'measured' statistic
Connections
Geoip information unavailable for inbound connections
Dialog showing exit statistics crashed when no data was available (ticket)
More strictly scrub sensitive connection information (ticket)
Client and exit port usage dialogs counted each connection rather than unique clients and destinations (ticket)
Logging
Python3 crashed when dates are on year boundaries (ticket)
Configuration Editor
New tor configuration options crashed nyx when shown (ticket)
Errors when saving the configuration could result in a stacktrace (ticket)
Pressing 'esc' when editing values changed their value to 'none' (ticket)
Reset configuration option if set to an empty value
Interpreter
Line wrap content (ticket)
Large volume of content made the panel sluggish (ticket)
Curses
Resizing could crash the interface (ticket)
Implemented del key in editable text fields (ticket)
Website
Greatly expanded platforms available on the download page
Added 'How do I get started?' to the FAQ
Added 'Why can't I install with apt-get?' to the FAQ
Added 'Why can't I see Tor's connections?' to the FAQ
fping 4.2:
New features
* New option -x / --reachable to check if the number of reachable hosts is >= a certain number. Useful for example to implement connectivity-checks
Bugfixes and other changes
* Allow decimal numbers for '-t', '-i', '-p', and '-Q'
* Fix build with --disable-ipv6
* Fix hang with '-6', with ipv6 kernel module, but not loaded
* Assume '-6' if the binary is named 'fping6' (this is mostly for special embedded-distro use cases, and not meant to be used generally in place of compiling IPv6-only binary or using '-6'
* Get rid of warning "timeout (-t) value larger than period (-p) produces unexpected results"
Changes:
2.10.0
------
Features
- New hub pr list --format fields %pS and %pC for PR state and color
o %pS: "open", "draft", "merged", or "closed"
o %pC: green, gray, purple, or red
- Have commands with rich output respect the --color flag
o default: --color=auto
o --color is equivalent to --color=always
o --color=never disables color for TTYs
Fixes
- Make man pages parseable with whatis
- Make hub checkout work independently of remote refspec
Upstream changes:
mikutter 3.8.6
* backport yield_self for Ruby 2.4 and prior
* possible crash on too fast reply as @seibe
* extract pixiv images from OGP
* thanks Shibafu Midorino
Changes in Apache Libcloud 2.4.0
- Refuse installation with Python 2.6 and Python 3.3 (support was
already dropped in Libcloud 2.3.0)
- Support Python 3.7
- Cleanup various Python files
- Allow running tests with http_proxy set
Common
- [OpenStack] Document openstack_connection_kwargs method
- [OpenStack] Handle missing user email in OpenStackIdentityUser
Compute
- [ARM] Support OS disk size definition on node creation
- [Digital Ocean] Support floating IPs
- [Digital Ocean] Support attach/detach for floating IPs
- [Digital Ocean] Add ex_get_node_details
- [Digital Ocean] Add tags extra attribute to create_node
- [Dimension Data] Fix IndexError in list_images
- [EC2] Add AWS eu-west-3 (Paris) region
- [EC2] Add description to ex_authorize_security_group_ingress
- [EC2] Added script to automatically get EC2 instance sizes
- [EC2] Update instance sizes
- [EC2] Accept tags when create a snapshot
- [GCE] Expand Firewall options coverage
- [GCE] Expand network and subnetwork options coverage
- [GCE] Extend ex_create_address to allow internal ip creation
- [GCE] Allow shared VPC in managed instance group creation
- [GCE] Support disk_size parameter for boot disk when creating instance
- [GCE] Update public image projects list
- [GCE] Fix _find_zone_or_region for >500 instances
- [GCE] Allow routing_mode=None in ex_create_network
- [OpenStack] Implement Glance Image API v2
- [OpenStack] Fix spelling in ex_files description
- [OpenStack v2] Allow listing image members
- [OpenStack v2] Allow creating and accepting image members
- [OpenStack v2] Fix image members methods
- [OpenStack] Fix API doc for delete_floating_ip
- [OpenStack] Implement port attaching/detaching
- [OpenStack] Add methods for getting and creating ports
- [OpenStack] Add get_user method
- [OpenStack] Add ex_list_subnets to OpenStack_2_NodeDriver
- [OpenStack] The OpenStack_2_NodeDriver uses two connections
- [OpenStack] The OpenStack_2_NodeDriver /v2.0/networks instead of /os-networks
- [Scaleway] New Scaleway driver
- [Scaleway] Update Scaleway default API host
DNS
- [Google Cloud DNS] Document driver instantiation
Storage
- Update docstring for storage provider class
- [Azure Blob Storage] Allow filtering lists by prefix
- [Azure Blob Storage] Update driver documentation
- [Azure Blob Storage] Fix upload/download streams
- [Azure Blob Storage] Fix PageBlob headers
- [S3] Guess s3 upload content type
- [S3] Add Amazon S3 (cn-northwest-1) Storage Driver
Other
- Fixed spelling in 2.0 changes documentation
Changes in Apache Libcloud 2.3.0
- Drop support for Python 2.6 and Python 3.3
They're no longer supported, and the Python ecosystem is starting to
drop support: two of our test dependencies no longer support them.
- Made pytest-runner optional
Common
- Improve warning when CA_CERTS_PATH is incorrectly passed as a list
- Cleaned up and corrected third-party drivers documentation
- Modernized a few Python examples
- [OpenStack] Authentify with updated Identity API
Compute
- Fix "wait_until_running() method so it also works correctly and doesn't
append "None" to the addresses list if node has no IP address.
- [ARM] Fix checking for "location is None" in several functions
- [ARM] Fix error when using SSH key auth with Python 3
- [ARM] Fix API call on powerOff, understand PAUSED state
- [ARM] Delete VHDs more reliably in destroy_node(), raise exception on unhandled errors
- [ARM] Fix api version used to list and delete NICs
- [ARM] Allow faster list_nodes() with ex_fetch_power_state=False
- [ARM] Fix delete_old_vhd
- [ARM] Limit number of retries in destroy_node
- [ARM] Fix Retry-After header handling
- [CloudStack] Handle NICs without addresses
- [CloudStack] Add change size and restore
- [Digital Ocean] Add ex_enable_ipv6 in DigitalOcean_v2 driver
- [Digital Ocean] Add support for tags in list_nodes()
- [Digital Ocean] Add rebuild and resize commands
- [EC2] Add new x1.16xlarge and x1e.32xlarge instance type.
- [EC2] Add AWS EC2 c5 series
- [EC2] Add AWS EC2 M5 sizes
- [EC2] Update pricing information for EC2 instances.
- [EC2] Allow cn-north-1 even without pricing information
- [EC2] Fix EBS volume encryption
- [ECS Aliyun] Support modify_security_group_attributes
- [GCE] Allow adding labels to images
- [GCE] Allow adding license strings to images
- [GCE] Support GCE node labels.
- [GCE] Fix GCEList pagination.
- [GCE] Allow setting service account in instance templates
- [GCE] Add support for private IP addresses in GCE instance creation
- [GCE] Allow for use of shared network (VPC) and subnetwork
- [GCE] Add support for accelerators
- [ProfitBricks] Update driver and add support for the new API v4.
- [ProfitBricks] Fix list_snapshots() method
- [UpCloud] New driver for UpCloud
- [UpCloud] Use disk size and storage tier also when creating node from template
- [UpCloud] Allow to define hostname and username
- [UpCloud] Add pricing information to list_sizes
Storage
- Added Digital Ocean Spaces driver
- [Digital Ocean Spaces] Add support for AMS3 region
- [Digital Ocean Spaces] Add support for SGP1 region
- Fix a bug / regression which resulted in increased memory consumption when
using download_object method. This method would store whole object
content in memory even though there was no need for that.
This regression was introduced in 2.0.0 when we moved to using requests
library.
- Fix a regression with hash computation performance and memory usage on object
upload inadvertently introduced in 2.0.0 and make it more efficient.
Changes in version 0.3.5.8:
Tor 0.3.5.8 backports serveral fixes from later releases, including fixes
for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x
releases.
It also includes a fix for a medium-severity security bug affecting Tor
0.3.2.1-alpha and later. All Tor instances running an affected release
should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.
o Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can
put in the outbuf. Previously, KIST acted as though the outbuf
were empty, which could lead to the outbuf becoming too full. It
is possible that an attacker could exploit this bug to cause a Tor
client or relay to run out of memory and crash. Fixes bug 29168;
bugfix on 0.3.2.1-alpha. This issue is also being tracked as
TROVE-2019-001 and CVE-2019-8955.
o Major bugfixes (networking, backport from 0.4.0.2-alpha):
- Gracefully handle empty username/password fields in SOCKS5
username/password auth messsage and allow SOCKS5 handshake to
continue. Previously, we had rejected these handshakes, breaking
certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.
o Minor features (compilation, backport from 0.4.0.2-alpha):
- Compile correctly when OpenSSL is built with engine support
disabled, or with deprecated APIs disabled. Closes ticket 29026.
Patches from "Mangix".
o Minor features (geoip):
- Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
Country database. Closes ticket 29478.
o Minor features (testing, backport from 0.4.0.2-alpha):
- Treat all unexpected ERR and BUG messages as test failures. Closes
ticket 28668.
o Minor bugfixes (onion service v3, client, backport from 0.4.0.1-alpha):
- Stop logging a "BUG()" warning and stacktrace when we find a SOCKS
connection waiting for a descriptor that we actually have in the
cache. It turns out that this can actually happen, though it is
rare. Now, tor will recover and retry the descriptor. Fixes bug
28669; bugfix on 0.3.2.4-alpha.
o Minor bugfixes (IPv6, backport from 0.4.0.1-alpha):
- Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the
IPv6 socket was bound using an address family of AF_INET instead
of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from
Kris Katterjohn.
o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha):
- Update Cargo.lock file to match the version made by the latest
version of Rust, so that "make distcheck" will pass again. Fixes
bug 29244; bugfix on 0.3.3.4-alpha.
o Minor bugfixes (client, clock skew, backport from 0.4.0.1-alpha):
- Select guards even if the consensus has expired, as long as the
consensus is still reasonably live. Fixes bug 24661; bugfix
on 0.3.0.1-alpha.
o Minor bugfixes (compilation, backport from 0.4.0.1-alpha):
- Compile correctly on OpenBSD; previously, we were missing some
headers required in order to detect it properly. Fixes bug 28938;
bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (documentation, backport from 0.4.0.2-alpha):
- Describe the contents of the v3 onion service client authorization
files correctly: They hold public keys, not private keys. Fixes
bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".
o Minor bugfixes (logging, backport from 0.4.0.1-alpha):
- Rework rep_hist_log_link_protocol_counts() to iterate through all
link protocol versions when logging incoming/outgoing connection
counts. Tor no longer skips version 5, and we won't have to
remember to update this function when new link protocol version is
developed. Fixes bug 28920; bugfix on 0.2.6.10.
o Minor bugfixes (logging, backport from 0.4.0.2-alpha):
- Log more information at "warning" level when unable to read a
private key; log more information at "info" level when unable to
read a public key. We had warnings here before, but they were lost
during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (misc, backport from 0.4.0.2-alpha):
- The amount of total available physical memory is now determined
using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
when it is defined and a 64-bit variant is not available. Fixes
bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (onion services, backport from 0.4.0.2-alpha):
- Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
than one private key for a hidden service. Fixes bug 29040; bugfix
on 0.3.5.1-alpha.
- In hs_cache_store_as_client() log an HSDesc we failed to parse at
"debug" level. Tor used to log it as a warning, which caused very
long log lines to appear for some users. Fixes bug 29135; bugfix
on 0.3.2.1-alpha.
- Stop logging "Tried to establish rendezvous on non-OR circuit..."
as a warning. Instead, log it as a protocol warning, because there
is nothing that relay operators can do to fix it. Fixes bug 29029;
bugfix on 0.2.5.7-rc.
o Minor bugfixes (tests, directory clients, backport from 0.4.0.1-alpha):
- Mark outdated dirservers when Tor only has a reasonably live
consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.
o Minor bugfixes (tests, backport from 0.4.0.2-alpha):
- Detect and suppress "bug" warnings from the util/time test on
Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
- Do not log an error-level message if we fail to find an IPv6
network interface from the unit tests. Fixes bug 29160; bugfix
on 0.2.7.3-rc.
o Minor bugfixes (usability, backport from 0.4.0.1-alpha):
- Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate().
Some users took this phrasing to mean that the mentioned guard was
under their control or responsibility, which it is not. Fixes bug
28895; bugfix on Tor 0.3.0.1-alpha.
Update bind912 to 9.12.3pl4 (BIND 9.12.3-P4).
--- 9.12.3-P4 released ---
--- 9.12.3-P3 released (withdrawn) ---
5141. [security] Zone transfer controls for writable DLZ zones were
not effective as the allowzonexfr method was not being
called for such zones. (CVE-2019-6465) [GL #790]
--- 9.12.3-P2 released (withdrawn) ---
5118. [security] Named could crash if it is managing a key with
`managed-keys` and the authoritative zone is rolling
the key to an unsupported algorithm. (CVE-2018-5745)
[GL #780]
5110. [security] Named leaked memory if there were multiple Key Tag
EDNS options present. (CVE-2018-5744) [GL #772]
Update bind911 to 9.11.5pl4 (BIND 9.11.5-P4).
--- 9.11.5-P4 released ---
--- 9.11.5-P3 released (withdrawn) ---
5141. [security] Zone transfer controls for writable DLZ zones were
not effective as the allowzonexfr method was not being
called for such zones. (CVE-2019-6465) [GL #790]
--- 9.11.5-P2 released (withdrawn) ---
5118. [security] Named could crash if it is managing a key with
`managed-keys` and the authoritative zone is rolling
the key to an unsupported algorithm. (CVE-2018-5745)
[GL #780]
5110. [security] Named leaked memory if there were multiple Key Tag
EDNS options present. (CVE-2018-5744) [GL #772]
OpenVPN 2.4.7
- Fix subnet topology on NetBSD (2.4).
- add support for %lu in argv_printf and prevent ASSERT
- buffer_list: add functions documentation
- ifconfig-ipv6(-push): allow using hostnames
- Properly free tuntap struct on android when emulating persist-tun
- Add OpenSSL compat definition for RSA_meth_set_sign
- Add support for tls-ciphersuites for TLS 1.3
- Add better support for showing TLS 1.3 ciphersuites in --show-tls
- Use right function to set TLS1.3 restrictions in show-tls
- Add message explaining early TLS client hello failure
- Fallback to password authentication when auth-token fails
- systemd: extend CapabilityBoundingSet for auth_pam
- plugin: Export base64 encode and decode functions
- Add %d, %u and %lu tests to test_argv unit tests.
- Fix combination of --dev tap and --topology subnet across multiple platforms.
- Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
- preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)
- Minor reliability layer documentation fixes
- Resolves small IV_GUI_VER typo in the documentation.
- Clarify and expand management interface documentation
- Refactor NCP-negotiable options handling
- init.c: refine functions names and description
- interactive.c: fix usage of potentially uninitialized variable
- options.c: fix broken unary minus usage
- Remove extra token after #endif
- Fix error message when using RHEL init script
- man: correct a --redirection-gateway option flag
- Replace M_DEBUG with D_LOW as the former is too verbose
- Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
- Bump version of openvpn plugin argument structs to 5
- Move get system directory to a separate function
- Enable dhcp on tap adapter using interactive service
- Pass the hash without the DigestInfo header to NCryptSignHash()
- White-list pull-filter and script-security in interactive service
- Add Interactive Service developer documentation
- Detect TAP interfaces with root-enumerated hardware ID
- man: add security considerations to --compress section
- mbedtls: print warning if random personalisation fails
- Fix memory leak after sighup
- travis: add OpenSSL 1.1 Windows build
- Fix --disable-crypto build
- Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
- buffer_list_aggregate_separator(): simplify code
4.1.11
Since Spectre/Meltdown, system calls have become more expensive. This made exporting a very high number of protobuf messages costly, which is addressed in this release by reducing the number of sycalls per message.
Improvements
Add an option to export only responses over protobuf to the Lua protobufServer() directive.
Reduce systemcall usage in protobuf logging.
4.1.10
This release fixes a bug when trying to build PowerDNS Recursor with protobuf support disabled, thus this release is only relevant to people building PowerDNS Recursor from source and not if you’re installing it as a package from our repositories.
Bug Fixes
PowerDNS Recursor release 4.1.9 introduced a call to the Lua ipfilter() hook that required access to the DNS header, but the corresponding variable was only declared when protobuf support had been enabled.
4.1.9
This release fixes Security Advisory 2019-01 and Security Advisory 2019-02 that were recently discovered, affecting PowerDNS Recursor:
CVE-2019-3806, 2019-01: from 4.1.4 up to and including 4.1.8 ;
CVE-2019-3807, 2019-02: from 4.1.0 up to and including 4.1.8.
The issues are:
CVE-2019-3806, 2019-01: Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua ;
CVE-2019-3807, 2019-02: records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.
Improvements
Try another worker before failing if the first pipe was full
1.4.0:
- Build with Cython 0.29 in '3str' mode.
- Test with PyPy 6.0 on Windows.
- Add support for application-wide callbacks when Greenlet objects
are started.
- Fix consuming a single ready object using
next(gevent.iwait(objs)). Previously such a construction would
hang because iter was not called.
- Make gevent.iwait return an iterator that can now also be used as
a context manager. If you'll only be consuming part of the iterator,
use it in a with block to avoid leaking resources.
- Fix semaphores to immediately notify links if they are ready and
rawlink() is called. This behaves like Event and
AsyncEvent. Note that the order in which semaphore links are
called is not specified.
- Improve safety of handling exceptions during interpreter shutdown.
- Remove the deprecated ability to specify GEVENT_RESOLVER and
other importable settings as a path/to/a/package.module.item.
This had race conditions and didn't work with complicated resolver
implementations. Place the required package or module on sys.path
first.
- Reduce the chances that using the blocking monitor functionality
could result in apparently random SystemError:
Objects/tupleobject.c: bad argument to internal function.
- Refactored the gevent test runner and test suite to make them more
reusable. In particular, the tests are now run with python -m
gevent.tests.
- Make a monkey-patched socket.getaddrinfo return socket module
enums instead of plain integers for the socket type and address
family on Python 3.
- Make gevent's pywsgi server set the non-standard environment value
wsgi.input_terminated to True.
- Make gevent.util.assert_switches produce more informative messages
when the assertion fails.
- Python 2: If a gevent.socket was closed asynchronously (in a
different greenlet or a hub callback), AttributeError could result
if the socket was already in use. Now the correct socket.error
should be raised.
- Fix :meth:gevent.threadpool.ThreadPool.join raising a
UserWarning when using the libuv backend.
- Fix FileObjectPosix.seek raising OSError when it should have
been IOError on Python 2.
- Upgrade libuv from 1.23.2 to 1.24.0.
Change log:
* Translations update
* caja-share-bar: avoid deprecated 'g_type_class_add_private'
* drop obsolete configure option from distcheck
* Use make functions for HELP_LINGUAS
* adding help to transifex config
* disable deprecation warnings for distcheck
* file-share-properties.ui: avoid deprecated:
* update transifex config with branch specific resoures
Changes:
2.9.0
-----
Features
- Add support for hub ci-status --format <FORMAT> string
- Add hub create --remote-name <REMOTE> flag
- Allow passing in a raw request body via hub api --input <FILE>
- Cache HTTP 4xx (except 403) server responses in hub api --cache
Fixes
- Ensure consistent ordering of hub ci-status -v results
- Avoid crashing on invalid GitHub hostname
- Fix parsing empty string within command-line arguments
2.8.4
-----
- Add hub api -H flag to set HTTP request headers
- Add hub api -i flag to output HTTP response headers
- Change how hub api deals with HTTP errors:
- HTTP response is now printed on stdout regardless of HTTP status
- No longer print an extra newline after HTTP response body
- No more Error: HTTP {STATUS} message on stderr
- hub exits with status 22 instead of 1
- Fix hub execution under WSL (Windows Subsystem for Linux)
0MQ version 4.3.1 stable:
* CVE-2019-6250: A vulnerability has been found that would allow attackers to
direct a peer to jump to and execute from an address indicated by the
attacker.
This issue has been present since v4.2.0. Older releases are not affected.
NOTE: The attacker needs to know in advance valid addresses in the peer's
memory to jump to, so measures like ASLR are effective mitigations.
NOTE: this attack can only take place after authentication, so peers behind
CURVE/GSSAPI are not vulnerable to unauthenticated attackers.
See https://github.com/zeromq/libzmq/issues/3351 for more details.
Thanks to Guido Vranken for uncovering the issue and providing the fix!
* Note for packagers: as pkg-config's Requires.private is now used to properly
propagate dependencies for static builds, the libzmq*-dev or zeromq-devel or
equivalent package should now depend on the libfoo-dev or foo-devel packages
of all the libraries that zmq is linked against, or pkg-config --libs libzmq
will fail due to missing dependencies on end users machines.
0MQ version 4.3.0 stable:
* The following DRAFT APIs have been marked as STABLE and will not change
anymore:
- ZMQ_MSG_T_SIZE context option (see doc/zmq_ctx_get.txt)
- ZMQ_THREAD_AFFINITY_CPU_ADD and ZMQ_THREAD_AFFINITY_CPU_REMOVE (Posix only)
context options, to add/remove CPUs to the affinity set of the I/O threads.
See doc/zmq_ctx_set.txt and doc/zmq_ctx_get.txt for details.
- ZMQ_THREAD_NAME_PREFIX (Posix only) context option, to add a specific
integer prefix to the background threads names, to easily identify them.
See doc/zmq_ctx_set.txt and doc/zmq_ctx_get.txt for details.
- ZMQ_GSSAPI_PRINCIPAL_NAMETYPE and ZMQ_GSSAPI_SERVICE_PRINCIPAL_NAMETYPE
socket options, for the corresponding GSSAPI features. Additional
definitions for principal name types:
- ZMQ_GSSAPI_NT_HOSTBASED
- ZMQ_GSSAPI_NT_USER_NAME
- ZMQ_GSSAPI_NT_KRB5_PRINCIPAL
See doc/zmq_gssapi.txt for details.
- ZMQ_BINDTODEVICE socket option (Linux only), which will bind the
socket(s) to the specified interface. Allows to use Linux VRF, see:
https://www.kernel.org/doc/Documentation/networking/vrf.txt
NOTE: requires the program to be ran as root OR with CAP_NET_RAW
- zmq_timers_* APIs. These functions can be used for cross-platforms timed
callbacks. See doc/zmq_timers.txt for details.
- The following socket monitor events:
- ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL: unknown errors during handshake.
- ZMQ_EVENT_HANDSHAKE_SUCCEEDED: Handshake completed with authentication.
- ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL: Protocol errors with peers or ZAP.
- ZMQ_EVENT_HANDSHAKE_FAILED_AUTH: Failed authentication requests.
See doc/zmq_socket_monitor.txt for more details and error codes.
- zmq_stopwatch_intermediate which returns the time elapsed without stopping
the stopwatch.
- zmq_proxy_steerable command 'STATISTICS' to retrieve stats about the amount
of messages and bytes sent and received by the proxy.
See doc/zmq_proxy_steerable.txt for more information.
* The build-time configuration option to select the poller has been split, and
new API_POLLER (CMake) and --with-api-poller (autoconf) options will now
determine what system call is used to implement the zmq_poll/zmq_poller APIs.
The previous POLLER and --with-poller options now only affects the
internal I/O thread. In case API_POLLER is not specified, the behaviour keeps
backward compatibility intact and will be the same as with previous releases.
* The non-default "poll" poller for the internal I/O thread (note: NOT for the
zmq_poll/zmq_poller user APIs!) has been disabled on Windows as WSAPoll does
not report connection failures. For more information see:
- https://daniel.haxx.se/blog/2012/10/10/wsapoll-is-broken/
- https://curl.haxx.se/mail/lib-2012-10/0038.html
- https://bugs.python.org/issue16507
* New epoll implementation for Windows, using the following implementation:
https://github.com/piscisaureus/wepoll/tree/v1.5.4
To use this, select "epoll" as the poller option in the build system.
Note for distributors: the wepoll source code is embedded and distributed.
It is licensed under the BSD-2-Clause and thus it is compatible with LGPL-3.0.
Note that, if selected at build time, the license text must be distributed
with the binary in accordance to the license terms. A copy can be found at:
external/wepoll/license.txt
* The pre-made Visual Studio solutions file are deprecated, and users are
encouraged to use the CMake solution generation feature instead.
* New DRAFT (see NEWS for 4.2.0) socket options:
- ZMQ_ROUTER_NOTIFY to deliver a notification when a peer connects and/or
disconnects in the form of a routing id plus a zero-length frame.
- ZMQ_MULTICAST_LOOP to control whether the data sent should be looped back
on local listening sockets for UDP multicast sockets (ZMQ_RADIO).
See doc/zmq_setsockopt.txt and doc/zmq_getsockopt.txt for details.
* New perf tool, perf/benchmark_radix_tree, to measure the performance of the
different internal implementations of the trie algorithm used to track
subscriptions. Requires a compiler that supports C++11.
* New autoconf flag "--enable-force-CXX98-compat" which will force -std=gnu++98
and, if the compiler supports them (clang++ at the moment), it will also add
-Wc++98-compat -Wc++98-compat-pedantic so that compatibility with C++98 can
be tested.
* Many, many coding style, duplication and static analysis improvements.
* Many, many improvements to the CMake build system, especially on Windows.
* Many, many improvements to unit tests.
3.40.0 (2019-01-25)
- Official binaries are now linked against GnuTLS 3.6.6
3.40.0-rc2 (2019-01-22)
- Fix regression introduced in rc1 where adding files to queue creates extra server items if the connection was established through the Site Manager
3.40.0-rc1 (2019-01-18)
+ Added TLS 1.3 support by linking official binaries against GnuTLS 3.6.5
+ Refactored how sites and servers are being represented internally to fix issues trigged by renaming sites in the Site Manager
- Fix display of server names containing ampersands in several dialogs
- Fix regular expression filter in the quick search panel
- Fix a crash if files are added to the queue when there are already files for multiple different servers in the queue
- Fix a crash applying filters when there are no selected files and the focused item is past the new file count
- Fix a crash if emptying the queue while a directory creation item is active
- Fix a potential crash if FileZilla is being closed the moment a delayed dialog has already been created but before it is shown.
libnice 0.1.15 (2018-12-27)
===========================
Add support for Regular Nomination
Removal of the global lock over all agents
Add method to compare candidate targets
Added optional Meson build system, future releases will remove autotools
Renamed all members of PseudoTcpState enum (compile-time API change)
Now drops all packets from addresses that have not been validated by an ICE check
Multiple improvements to ICE interoperability
Improved RFC compliance
Improved OC2007 compatibility mode alternate-server support
0.5.2
* Fixed Google Drive login, broken by Google's new 2-page login sequence
* Added support for Google Drive two-factor authentication
* Fixed access to SharePoint root folder (tdf#101385)
* Limited the maximal number of redirections to 20 (rhbz#1410197)
* Switched library implementation to C++11 (the API remains
C++98-compatible)
* Fixed build with boost >= 1.68.0 (#19)
* Fixed encoding of OAuth2 credentials
* Dropped cppcheck run from "make check". A new "make cppcheck" target
was created for it
* Added proper API symbol exporting
* Speeded up building of tests a bit
* Fixed a few issues found by coverity and cppcheck
1.0.3
=====
- meson build fixes
- Fix running sniffer from meson build
- Fix issue on OS X when socket is destroyed after suspend
- Fix a memory leak in the device sniffer
- Fix a crash when sending a SSDP message after clearing the custom headers
- Use utsname.release for Server: header
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gssdp/issues/1
- https://bugzilla.gnome.org/show_bug.cgi?id=794340
4.3.0:
- Added Python 3.7 support.
- Avoid caching queues which are declared with a TTL.
Queues that are declared with a TTL are now also be excluded from the
in-memory cache in case they expire between publishes on the same channel.
- Added an index to the Message table for the SQLAlchemy transport.
The index allows to effectively sorting the table by the message's timestamp.
- Added a timeout that limits the amount of time we retry
to reconnect to a transport.
- :class:celery.asynchronous.hub.Hub is now reentrant.
This allows calling :func:celery.bin.celery.main to revive a worker in
the same process after rescuing from shutdown (:class:SystemExit).
- Queues now accept string exchange names as arguments as documented.
Tests were added to avoid further regressions.
- Specifying names for broadcast queues now work as expected.
Previously, named broadcast queues did not create multiple queues per worker.
They incorrectly declared the named queue which resulted in one queue per
fanout exchange, thus missing the entire point of a fanout exchange.
The behavior is now matched to unnamed broadcast queues.
- When initializing the Redis transport in conjunction with gevent
restore all unacknowledged messages to queue.
- Allow :class:kombu.simple.SimpleQueue to pass queue_arguments to Queue object.
This allows :class:kombu.simple.SimpleQueue to connect to RabbitMQ queues with
custom arguments like 'x-queue-mode'='lazy'.
- Add support for 'rediss' scheme for secure Redis connections.
The rediss scheme defaults to the least secure form, as
there is no suitable default location for ca_certs. The recommendation
would still be to follow the documentation and specify broker_use_ssl if
coming from celery.
- Added the Azure Storage Queues transport.
The transport is implemented on top of Azure Storage
Queues. This offers a simple but scalable and low-cost PaaS
transport for Celery users in Azure. The transport is intended to be
used in conjunction with the Azure Block Blob Storage backend.
- Added the Azure Service Bus transport.
The transport is implemented on top of Azure Service Bus and
offers PaaS support for more demanding Celery workloads in Azure.
The transport is intended to be used in conjunction with the Azure
CosmosDB backend.
- Drop remaining mentions of Jython support completely.
- When publishing messages to the Pidbox, retry if an error occurs.
- Fix infinite loop in :method:kombu.asynchronous.hub.Hub.create_loop.
- Worker shutdown no longer duplicates messages when using the SQS broker.
- When using the SQS broker, prefer boto's default region before our hardcoded default.
- Fixed closing of shared redis sockets which previously caused Celery to hang.
- the Pyro_ transport (:mod:kombu.transport.pyro) now works with
recent Pyro versions. Also added a Pyro Kombu Broker that this transport
needs for its queues.
- Handle non-base64-encoded SQS messages.
- Move the handling of Sentinel failures to the redis library itself.
Previously, Redis Sentinel worked only if the first node's sentinel
service in the URI was up. A server outage would have caused downtime.
- When using Celery and the pickle serializer with binary data as part of the
payload, UnicodeDecodeError would be raised as the content was not utf-8.
We now replace on errors.
- Allow setting :method:boto3.sqs.create_queue Attributes via transport_options.
- Fixed infinite loop when entity.channel is replaced by revive() on connection
drop.
- Added optional support for Brotli compression.
- When using the SQS broker, FIFO queues with names that ended with the 'f' letter
were incorrectly parsed. This is now fixed.
- Added optional support for LZMA compression.
- Added optional support for ZStandard compression.
- Require py-amqp 2.4.0 as the minimum version.
- The value of DISABLE_TRACEBACKS environment variable is now respected on debug, info
and warning logger level.
2.4.1:
- To avoid breaking the API basic_consume() now returns the consumer tag
instead of a tuple when nowait is True.
- Fix crash in basic_publish when broker does not support connection.blocked
capability.
- read_frame() is now Python 3 compatible for large payloads.
- Support float read_timeout/write_timeout.
- Always treat SSLError timeouts as socket timeouts.
- Treat EWOULDBLOCK as timeout.
This fixes a regression on Windows from 2.4.0.
Upstream changes:
mikutter 3.8.5
* update URLs of mikutter Web
* [photo-support] reddit
* thanks cob odo
* possible crash on receiving notifications
* thanks ncaq net
* happy new year
* use oEmbed API to get Gyazo images
* thanks Shibuya Rin
1.16.102
api-change:appstream: Update appstream command to latest version
api-change:mediapackage: Update mediapackage command to latest version
api-change:codebuild: Update codebuild command to latest version
1.16.101
api-change:ecs: Update ecs command to latest version
api-change:discovery: Update discovery command to latest version
api-change:dlm: Update dlm command to latest version
1.16.100
api-change:gamelift: Update gamelift command to latest version
api-change🇪🇸 Update es command to latest version
api-change:robomaker: Update robomaker command to latest version
api-change:medialive: Update medialive command to latest version
1.16.99
api-change:fsx: Update fsx command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.98
api-change🛡️ Update shield command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version
1.16.97
api-change:codecommit: Update codecommit command to latest version
api-change:workspaces: Update workspaces command to latest version
api-change:ecs: Update ecs command to latest version
api-change:application-autoscaling: Update application-autoscaling command to latest version
1.16.96
api-change:devicefarm: Update devicefarm command to latest version
api-change:mediaconnect: Update mediaconnect command to latest version
api-change:codecommit: Update codecommit command to latest version
api-change:medialive: Update medialive command to latest version
1.16.95
api-change:logs: Update logs command to latest version
api-change:ecr: Update ecr command to latest version
api-change:sms-voice: Update sms-voice command to latest version
api-change:elbv2: Update elbv2 command to latest version
api-change:rds: Update rds command to latest version
api-change:codebuild: Update codebuild command to latest version
1.16.94
api-change:acm-pca: Update acm-pca command to latest version
api-change:apigatewaymanagementapi: Update apigatewaymanagementapi command to latest version
api-change:worklink: Update worklink command to latest version
1.16.93
api-change:ssm: Update ssm command to latest version
api-change:dms: Update dms command to latest version
api-change:fms: Update fms command to latest version
api-change:discovery: Update discovery command to latest version
api-change:appstream: Update appstream command to latest version
1.16.92
api-change:glue: Update glue command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.91
api-change:rekognition: Update rekognition command to latest version
api-change:lightsail: Update lightsail command to latest version
api-change:lambda: Update lambda command to latest version
api-change:pinpoint: Update pinpoint command to latest version
1.16.90
api-change:dynamodb: Update dynamodb command to latest version
api-change:backup: Update backup command to latest version
api-change:ce: Update ce command to latest version
1.9.92
api-change:appstream: [botocore] Update appstream client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:mediapackage: [botocore] Update mediapackage client to latest version
1.9.91
api-change:discovery: [botocore] Update discovery client to latest version
api-change:ecs: [botocore] Update ecs client to latest version
api-change:dlm: [botocore] Update dlm client to latest version
1.9.90
api-change🇪🇸 [botocore] Update es client to latest version
api-change:medialive: [botocore] Update medialive client to latest version
api-change:gamelift: [botocore] Update gamelift client to latest version
api-change:robomaker: [botocore] Update robomaker client to latest version
1.9.89
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:fsx: [botocore] Update fsx client to latest version
1.9.88
api-change🛡️ [botocore] Update shield client to latest version
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.87
api-change:ecs: [botocore] Update ecs client to latest version
api-change:application-autoscaling: [botocore] Update application-autoscaling client to latest version
api-change:workspaces: [botocore] Update workspaces client to latest version
api-change:codecommit: [botocore] Update codecommit client to latest version
1.9.86
api-change:devicefarm: [botocore] Update devicefarm client to latest version
api-change:codecommit: [botocore] Update codecommit client to latest version
api-change:medialive: [botocore] Update medialive client to latest version
api-change:mediaconnect: [botocore] Update mediaconnect client to latest version
1.9.85
api-change:logs: [botocore] Update logs client to latest version
api-change:elbv2: [botocore] Update elbv2 client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:sms-voice: [botocore] Update sms-voice client to latest version
api-change:ecr: [botocore] Update ecr client to latest version
1.9.84
api-change:worklink: [botocore] Update worklink client to latest version
api-change:apigatewaymanagementapi: [botocore] Update apigatewaymanagementapi client to latest version
api-change:acm-pca: [botocore] Update acm-pca client to latest version
1.9.83
api-change:appstream: [botocore] Update appstream client to latest version
api-change:discovery: [botocore] Update discovery client to latest version
api-change:dms: [botocore] Update dms client to latest version
api-change:fms: [botocore] Update fms client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
1.9.82
api-change:glue: [botocore] Update glue client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.81
api-change:lightsail: [botocore] Update lightsail client to latest version
api-change:lambda: [botocore] Update lambda client to latest version
api-change:pinpoint: [botocore] Update pinpoint client to latest version
api-change:rekognition: [botocore] Update rekognition client to latest version
1.9.80
api-change:dynamodb: [botocore] Update dynamodb client to latest version
api-change:ce: [botocore] Update ce client to latest version
api-change:backup: [botocore] Update backup client to latest version
https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4225
* Sometimes qname-minimisation needs to be (temporarily) reverted.
* DNS-over-TLS would interact with qname-minimisation and would erroneously
echo back the query buffer instead of the answer.
Bump PKGREVISION.
1.12.92
api-change:appstream: Update appstream client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:mediapackage: Update mediapackage client to latest version
1.12.91
api-change:discovery: Update discovery client to latest version
api-change:ecs: Update ecs client to latest version
api-change:dlm: Update dlm client to latest version
1.12.90
api-change🇪🇸 Update es client to latest version
api-change:medialive: Update medialive client to latest version
api-change:gamelift: Update gamelift client to latest version
api-change:robomaker: Update robomaker client to latest version
1.12.89
api-change:ec2: Update ec2 client to latest version
api-change:fsx: Update fsx client to latest version
1.12.88
api-change🛡️ Update shield client to latest version
api-change:servicecatalog: Update servicecatalog client to latest version
api-change:ec2: Update ec2 client to latest version
1.12.87
api-change:ecs: Update ecs client to latest version
api-change:application-autoscaling: Update application-autoscaling client to latest version
api-change:workspaces: Update workspaces client to latest version
api-change:codecommit: Update codecommit client to latest version
1.12.86
api-change:devicefarm: Update devicefarm client to latest version
api-change:codecommit: Update codecommit client to latest version
api-change:medialive: Update medialive client to latest version
api-change:mediaconnect: Update mediaconnect client to latest version
1.12.85
api-change:logs: Update logs client to latest version
api-change:elbv2: Update elbv2 client to latest version
api-change:rds: Update rds client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:sms-voice: Update sms-voice client to latest version
api-change:ecr: Update ecr client to latest version
1.12.84
api-change:worklink: Update worklink client to latest version
api-change:apigatewaymanagementapi: Update apigatewaymanagementapi client to latest version
api-change:acm-pca: Update acm-pca client to latest version
1.12.83
api-change:appstream: Update appstream client to latest version
api-change:discovery: Update discovery client to latest version
api-change:dms: Update dms client to latest version
api-change:fms: Update fms client to latest version
api-change:ssm: Update ssm client to latest version
1.12.82
api-change:glue: Update glue client to latest version
api-change:ec2: Update ec2 client to latest version
1.12.81
api-change:lightsail: Update lightsail client to latest version
api-change:lambda: Update lambda client to latest version
api-change:pinpoint: Update pinpoint client to latest version
api-change:rekognition: Update rekognition client to latest version
1.12.80
api-change:dynamodb: Update dynamodb client to latest version
api-change:ce: Update ce client to latest version
api-change:backup: Update backup client to latest version
Upstream changelog:
* Changes in Wget 1.20.1
** --xattr is no longer default since it introduces privacy issues.
** --xattr saves the Referer as scheme/host/port, user/pw/path/query/fragment
are no longer saved to prevent privacy issues.
** --xattr saves the Original URL without user/password to prevent
privacy issues.
* Changes in Wget 1.20
** Add new option `--retry-on-host-error` to treat local errors as
transient and hence Wget will retry to download the file after
a brief waiting period.
** Fixed multiple potential resource leaks as found by static analysis
** Wget will now not create an empty wget-log file when running with
-q and -b switches together
** When compiled using the GnuTLS >= 3.6.3, Wget now has support for TLSv1.3
** Now there is support for using libpcre2 for regex pattern matching
** When downloading over FTP recursively, one can now use the
--{accept,reject}-regex switches to fine-tune the downloaded files
** Building Wget from the git sources now requires autoconf 2.63 or above.
Building from the Tarballs works as it used to.
Changes:
version 2019.02.08
Core
* [utils] Improve JSON-LD regular expression (#18058)
* [YoutubeDL] Fallback to ie_key of matching extractor while making
download archive id when no explicit ie_key is provided (#19022)
Extractors
+ [malltv] Add support for mall.tv (#18058, #17856)
+ [spankbang:playlist] Add support for playlists (#19145)
* [spankbang] Extend URL regular expression
* [trutv] Fix extraction (#17336)
* [toutv] Fix authentication (#16398, #18700)
* [pornhub] Fix tags and categories extraction (#13720, #19135)
* [pornhd] Fix formats extraction
+ [pornhd] Extract like count (#19123, #19125)
* [radiocanada] Switch to the new media requests (#19115)
+ [teachable] Add support for courses.workitdaily.com (#18871)
- [vporn] Remove extractor (#16276)
+ [soundcloud:pagedplaylist] Add ie and title to entries (#19022, #19086)
+ [drtuber] Extract duration (#19078)
* [soundcloud] Fix paged playlists extraction, add support for albums and update client id
* [soundcloud] Update client id
* [drtv] Improve preference (#19079)
+ [openload] Add support for openload.pw and oload.pw (#18930)
+ [openload] Add support for oload.info (#19073)
* [crackle] Authorize media detail request (#16931)
version 2019.01.30.1
Core
* [postprocessor/ffmpeg] Fix avconv processing broken in #19025 (#19067)
version 2019.01.30
Core
* [postprocessor/ffmpeg] Do not copy Apple TV chapter tracks while embedding
subtitles (#19024, #19042)
* [postprocessor/ffmpeg] Disable "Last message repeated" messages (#19025)
Extractors
* [yourporn] Fix extraction and extract duration (#18815, #18852, #19061)
* [drtv] Improve extraction (#19039)
+ Add support for EncryptedUri videos
+ Extract more metadata
* Fix subtitles extraction
+ [fox] Add support for locked videos using cookies (#19060)
* [fox] Fix extraction for free videos (#19060)
+ [zattoo] Add support for tv.salt.ch (#19059)
* IPv4LL: Fixed build with this disabled
* IPv4LL: Remember last address between carrier resets
* BSD: Fixed initial link infos reported as LINK_STATE_UNKNOWN
* FreeBSD: Avoid panicing kernel for IPv6 prefix routes
3.7.0:
- Fixes for cursoring API endpoints
- Improve html_for_tweet() parsing
- Documentation cleanup
- Documentation for cursor's return_pages keyword argument
- Update links to Twitter API in documentation
- Added create_metadata endpoint
- Raise error for when cursor is not provided a callable
3.6.0:
- Improve replacing of entities with links in html_for_tweet()
- Update classifiers for PyPI
3.5.0:
- Added support for "symbols" in Twython.html_for_tweet()
- Added support for extended tweets in Twython.html_for_tweet()
- You can now check progress of video uploads to Twitter when using Twython.upload_video()
Changes:
1.7.0
-----
- Added support for:
- `photobucket` (#117)
- `hentaifox` (#160)
- `tsumino` (#161)
- Added the ability to dynamically generate extractors based on a user's
config file for
- `mastodon` instances (#144)
- `foolslide` based sites
- `foolfuuka` based archives
- Added an extractor for `behance` collections (#157)
- Added login support for `luscious` (#159) and `tsumino` (#161)
- Added an option to stop downloading if the `exhentai` image limit is
exceeded (#141)
- Fixed extraction issues for `behance` and `mangapark`
Upstream changes:
This release contains the DNS Flag Day changes for Unbound. See the
reference here, https://dnsflagday.net/ . Or this presentation:
https://indico.dns-oarc.net/event/29/contributions/662/attachments/634/1063/EDNS_Flag_Day_-_OARC29.pdf
. The EDNS timeouts are not used to fallback to nonEDNS queries.
Features
- log-tag-queryreply: yes in unbound.conf tags the log-queries and
log-replies in the log file for easier log filter maintenance.
- ip-ratelimit-factor of 1 allows all traffic through, instead of the
previous blocking everything.
- Fix#4206: support openssl 1.0.2 for TLS hostname verification,
alongside the 1.1.0 and later support that is already there.
- Add contrib/unbound-fuzzme.patch from Jacob Hoffman-Andrews,
the patch adds a program used for fuzzing.
- streamtcp option -a send queries consecutively and prints answers
as they arrive.
- out-of-order processing for TCP and TLS.
- Add stream-wait-size: 4m config option to limit the maximum
memory used by waiting tcp and tls stream replies. This avoids
a denial of service where these replies use up all of the memory.
- unbound-control stats has mem.streamwait that counts TCP and TLS
waiting result buffers.
- Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites
options for unbound.conf.
- Patch for TLS session resumption from Manabu Sonoda,
enable with tls-session-ticket-keys in unbound.conf.
- ub_ctx_set_tls call for libunbound that enables DoT for the machines
set with ub_ctx_set_fwd. Patch from Florian Obser.
Bug Fixes
- Fix that unbound-checkconf does not complains if the config file
is not placed inside the chroot.
- Refuse to start with no ports.
- Remove clang analysis warnings.
- Patch for typo in unbound.conf man page.
- Fix icon, no ragged edges and nicer resolutions available, for eg.
Win 7 and Windows 10 display.
- cache-max-ttl also defines upperbound of initial TTL in response.
- Fix config parser memory leaks.
- Fix for FreeBSD port make with dnscrypt and dnstap enabled.
- Fixup openssl 1.0.2 compile
- Fix for crash in dns64 module if response is null.
- On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN,
and server tcp fastopen is enabled at compile time.
- Document interaction between the tls-upstream option in the server
section and forward-tls-upstream option in the forward-zone sections.
- Fix syntax in comment of local alias processing.
- Fix NSEC3 record that is returned in wildcard replies from
auth-zone zones with NSEC3 and wildcards.
- Log query name for looping module errors.
- For caps-for-id fallback, use the whitelist to avoid timeout
starting a fallback sequence for it.
- increase mesh max activation count for capsforid long fetches.
- Fix for #4219: secondaries not updated after serial change, unbound
falls back to AXFR after IXFR gives several timeout failures.
- Fix that auth zone after IXFR fallback tries the same master.
- Fix for IXFR fallback to reset counter when IXFR does not timeout.
- Newer aclocal and libtoolize used for generating configure scripts,
aclocal 1.16.1 and libtoolize 2.4.6.
- Fix unit test for python 3.7 new keyword 'async'.
- clang analysis fixes, assert arc4random buffer in init,
no check for already checked delegation pointer in iterator,
in testcode check for NULL packet matches, in perf do not copy
from NULL start list when growing capacity. Adjust host and file
only when present in test header read to please checker. In
testcode for unknown macro operand give zero result. Initialise the
passed argv array in test code. In test code add EDNS data
segment copy only when nonempty.
- Patch from Florian Obser fixes some compiler warnings:
include mini_event.h to have a prototype for mini_ev_cmp
include edns.h to have a prototype for apply_edns_options
sldns_wire2str_edns_keepalive_print is only called in the wire2str,
module declare it static to get rid of compiler warning:
no previous prototype for function
infra_find_ip_ratedata() is only called in the infra module,
declare it static to get rid of compiler warning:
no previous prototype for function
do not shadow local variable buf in authzone
auth_chunks_delete and az_nsec3_findnode are only called in the
authzone module, declare them static to get rid of compiler warning:
no previous prototype for function...
copy_rrset() is only called in the respip module, declare it
static to get rid of compiler warning:
no previous prototype for function 'copy_rrset'
no need for another variable "r"; gets rid of compiler warning:
declaration shadows a local variable in libunbound.c
no need for another variable "ns"; gets rid of compiler warning:
declaration shadows a local variable in iterator.c
- Moved includes and make depend.
- updated contrib/fastrpz.patch to cleanly diff.
- remove compile warnings from libnettle compile.
- output of newer lex 2.6.1 and bison 3.0.5.
- Set build system for added call in the libunbound API.
- List example config for root zone copy locally hosted with auth-zone
as suggested from draft-ietf-dnsop-7706-bis-02. But with updated
B root address.
- Fixed spelling of tls-ciphers option in example.conf.
