++++++++++++++++++
- Added `upload_video` endpoint
- Fix quoted status checks in `html_for_tweet`
- Fix `html_for_tweet` method response when hashtag/mention is a substring of another
WebSocket++ is a header-only C++ library that implements RFC6455
The WebSocket Protocol. It allows integrating WebSocket client and
server functionality into C++ programs. It uses interchangeable
network transport modules, including one based on raw char buffers,
one based on C++ iostreams, and one based on Asio (either via Boost
or standalone). End users can write additional transport policies
to support other networking or event libraries as needed.
PowerDNS Recursor 4.0.4
=======================
Change highlights include:
- Check TSIG signature on IXFR (Security Advisory 2016-04)
- Don't parse spurious RRs in queries when we don't need them
(Security Advisory 2016-02)
- Add 'max-recursion-depth' to limit the number of internal recursion
- Wait until after daemonizing to start the RPZ and protobuf threads
- On RPZ customPolicy, follow the resulting CNAME
- Make the negcache forwarded zones aware
- Cache records for zones that were delegated to from a forwarded zone
- DNSSEC: don't go bogus on zero configured DSs
- DNSSEC: NSEC3 optout and Bogus insecure forward fixes
- DNSSEC: Handle CNAMEs at the apex of secure zones to other secure
zones
PowerDNS Recursor 4.0.3
=======================
Bug fixes
- Call gettag() for TCP queries
- Fix the use of an uninitialized filtering policy
- Parse query-local-address before lua-config-file
- Fix accessing an empty policyCustom, policyName from Lua
- ComboAddress: don't allow invalid ports
- Fix RPZ default policy not being applied over IXFR
- DNSSEC: Actually follow RFC 7646 §2.1
- Add boost context ldflags so freebsd builds can find the libs
- Ignore NS records in a RPZ zone received over IXFR
- Fix build with OpenSSL 1.1.0 final
- Don't validate when a Lua hook took the query
- Fix a protobuf regression (requestor/responder mix-up)
Additions and Enhancements
- Support Boost 1.61+ fcontext
- Add Lua binding for DNSRecord::d_place
PowerDNS Recursor 4.0.2
=======================
Bug fixes
- Set dq.rcode before calling postresolve
- Honor PIE flags.
- Fix build with LibreSSL, for which OPENSSL_VERSION_NUMBER is
irrelevant
- Don't shuffle CNAME records. (thanks to Gert van Dijk for the
extensive bug report!)
- Fix delegation-only
Additions and enhancements
- Respect the timeout when connecting to a protobuf server
- allow newDN to take a DNSName in; document missing methods
- expose SMN toString to lua
- Anonymize the protobuf ECS value as well (thanks to Kai Storbeck of
XS4All for finding this)
- Allow Lua access to the result of the Policy Engine decision, skip
RPZ, finish RPZ implementation
- Remove unused DNSPacket::d_qlen
- RPZ: Use query-local-address(6) by default (thanks to Oli Schacher
of switch.ch for the feature request)
- Move the root DNSSEC data to a header file
PowerDNS Recursor 4.0.1
=======================
Bug fixes
- Improve DNSSEC record skipping for non dnssec queries (Kees
Monshouwer)
- Don't validate zones from the local auth store, go one level down
while validating when there is a CNAME
- Don't go bogus on islands of security
- Check all possible chains for Insecures
- Don't go Bogus on a CNAME at the apex
- RPZ: default policy should also override local data RRs
- Fix a crash when the next name in a chained query is empty and
rec_control current-queries is invoked
Improvements
- OpenSSL 1.1.0 support (Christian Hofstaedtler)
- Fix warnings with gcc on musl-libc (James Taylor)
- Also validate on +DO
- Fail to start when the lua-dns-script does not exist
- Add more Netmask methods for Lua (Aki Tuomi)
- Validate DNSSEC for security polling
- Turn on root-nx-trust by default and log-common-errors=off
- Allow for multiple trust anchors per zone
- Fix compilation warning when building without Protobuf
PowerDNS Recursor 4.0.0
=======================
- Moved to C++ 2011, a cleaner more powerful version of C++ that has
allowed us to improve the quality of implementation in many places.
- Implemented dedicated infrastructure for dealing with DNS names that
is fully "DNS Native" and needs less escaping and unescaping.
- Switched to binary storage of DNS records in all places.
- Moved ACLs to a dedicated Netmask Tree.
- Implemented a version of RCU for configuration changes
- Instrumented our use of the memory allocator, reduced number of
malloc calls substantially.
- The Lua hook infrastructure was redone using LuaWrapper; old scripts
will no longer work, but new scripts are easier to write under the
new interface.
- DNSSEC processing: if you ask for DNSSEC records, you will get them.
- DNSSEC validation: if so configured, PowerDNS perform DNSSEC
validation of your answers.
- Completely revamped Lua scripting API that is "DNSName" native and
therefore far less error prone, and likely faster for most commonly
used scenarios.
- New asynchronous per-domain, per-ip address, query engine.
- RPZ (from file, over AXFR or IXFR) support.
- All caches can now be wiped on suffixes, because of canonical
ordering.
- Many, many more relevant performance metrics, including upstream
authoritative performance measurements.
- EDNS Client Subnet support, including cache awareness of
subnet-varying answers.
pkgsrc changes:
- Remove options for cryptopp and geoip (the latter to go into a
separate package).
- Clean up a lot of patches that do not seem to be needed anymore.
PowerDNS Authoritative Server 4.0.3
===================================
- Revert "In 'Bind2Backend::lookup()', use the 'zoneId' when we have it"
PowerDNS Authoritative Server 4.0.2
Security issues fixed:
- 2016-02: Crafted queries can cause abnormal CPU usage
- 2016-03: Denial of service via the web server
- 2016-04: Insufficient validation of TSIG signatures
- 2016-05: Crafted zone record can cause a denial of service
Other highlights:
- Don't parse spurious RRs in queries when we don't need them (Security
Advisory 2016-02)
- Don't exit if the webserver can't accept a connection (Security
Advisory 2016-03)
- Check TSIG signature on IXFR (Security Advisory 2016-04)
- Correctly check unknown record content size (Security Advisory
2016-05)
- ODBC backend: actually prepare statements
- Improve root-zone performance
- Plug memory leak in postgresql backend (Christian Hofstaedtler)
- calidns: Don't crash if we don't have enough 'unknown' queries
remaining
- Improve PacketCache cleaning (Kees Monshouwer)
- Bind backend: update status message on reload, keep the existing zone
on failure
- Fix TSIG for single thread distributor (Kees Monshouwer)
- Change default for any-to-tcp to yes (Kees Monshouwer)
- Don't look up the packet cache for TSIG-enabled queries
- Fix build with OpenSSL 1.1.0 final (Christian Hofstaedtler)
- pdnsutil: create-slave-zone accept multiple masters (Hannu Ylitalo)
PowerDNS Authoritative Server 4.0.1
===================================
Bug fixes
- Wait for the connection to the carbon server to be established
- Don't try to deallocate empty PG statements
- Send the correct response when queried for an NSEC directly (Kees
Monshouwer)
- Don't include bind files if length <= 2 or > sizeof(filename)
- Catch runtime_error when parsing a broken MNAME
Improvements
- Make DNSPacket return a ComboAddredd for local and remote (Aki Tuomi)
- OpenSSL 1.1.0 support (Christian Hofstaedtler)
- Fix typos in a logmessage and exception (Christian Hofsteadtler)
- pdnsutil: Remove checking of ctime and always diff the changes (Hannu
Ylitalo)
- dnsreplay: Only add Client Subnet stamp when asked
- Use toLogString() for ringAccount (Kees Monshouwer)
Additions
- Add limits to the size of received {A,I}XFR
- Add used filedescriptor statistic (Kees Monshouwer)
PowerDNS Authoritative Server 4.0.0
===================================
- Moved to C++ 2011, a cleaner more powerful version of C++ that has
allowed us to improve the quality of implementation in many places.
- Implemented dedicated infrastructure for dealing with DNS names that
is fully "DNS Native" and needs less escaping and unescaping.
- Due to this, the PowerDNS Authoritative Server can now serve
DNSSEC-enabled root-zones.
- All backends derived from the Generic SQL backend use prepared
statements.
- Both the server and pdns_control do the right thing when chroot'ed.
- Caches are now fully canonically ordered, which means entries can be
wiped on suffix in all places
- A revived and supported ODBC backend (godbc).
- A revived and supported LDAP backend (ldap).
- Support for CDS/CDNSKEY and RFC 7344 key-rollovers.
- Support for the ALIAS record.
- The webserver and API are no longer experimental.
- The API-path has moved to /api/v1
- DNSUpdate is no longer experimental.
- ECDSA (algorithm 13 and 14) supported without in-tree cryptographic
libraries (provided by OpenSSL).
- Experimental support for ed25519 DNSSEC signatures (when compiled with
libsodium support).
- Many new pdnsutil commands.
- GeoIP backend has gained many features, and can now e.g. run based on
explicit netmasks not present in the GeoIP databases
- Removed support for LMDB.
- Removed the Geo backened (use the improved GeoIP instead).
- pdnssec has been renamed to pdnsutil.
- Support for the PolarSSL/MbedTLS, Crypto++ and Botan cryptographic
libraries have been dropped in favor of the (faster) OpenSSL libcrypto
(except for GOST, which is still provided by Botan).
- ECDSA P256 SHA256 (algorithm 13) is now the default algorithm when
securing zones.
- The PowerDNS Authoritative Server now listens by default on all IPv6
addresses.
- Several superfluous queries have been dropped from the Generic SQL
backends.
- The INCEPTION, INCEPTION-WEEK and EPOCH SOA-EDIT metadata values are
marked as deprecated and will be removed in 4.1.0
This is a regularly scheduled stable release.
Resolved issues since v0.12.23:
#3884: lib/sync: Fix a race in unlocker logging
#3976: Links and log messages refer to https instead of http where possible
Also:
As of this release, symlinks are no longer supported on Windows.
The default number of parallel file processing routines per
folder is now two (previously one), and the number of simultaneously
outstanding network requests has been increased.
The GUI now contains buttons to pause or resume all folders
with a single action.
Changes in version 0.2.9.10 - 2017-03-01
Tor 0.2.9.10 backports a security fix for users who build Tor with
the --enable-expensive-hardening option. It also includes fixes for
some major issues affecting directory authorities, LibreSSL
compatibility, and IPv6 correctness.
The Tor 0.2.9.x release series is now marked as a long-term-support
series. We intend to backport security fixes to 0.2.9.x until at
least January of 2020.
o Major bugfixes (directory authority, 0.3.0.3-alpha):
- During voting, when marking a relay as a probable sybil, do not
clear its BadExit flag: sybils can still be bad in other ways
too. (We still clear the other flags.) Fixes bug 21108; bugfix
on 0.2.0.13-alpha.
o Major bugfixes (IPv6 Exits, backport from 0.3.0.3-alpha):
- Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
any IPv6 addresses. Instead, only reject a port over IPv6 if the
exit policy rejects that port on more than an IPv6 /16 of
addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
which rejected a relay's own IPv6 address by default. Fixes bug
21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
o Major bugfixes (parsing, also in 0.3.0.4-rc):
- Fix an integer underflow bug when comparing malformed Tor
versions. This bug could crash Tor when built with
--enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
0.2.9.8, which were built with -ftrapv by default. In other cases
it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
on 0.0.8pre1. Found by OSS-Fuzz.
o Minor features (directory authorities, also in 0.3.0.4-rc):
- Directory authorities now reject descriptors that claim to be
malformed versions of Tor. Helps prevent exploitation of
bug 21278.
- Reject version numbers with components that exceed INT32_MAX.
Otherwise 32-bit and 64-bit platforms would behave inconsistently.
Fixes bug 21450; bugfix on 0.0.8pre1.
o Minor features (geoip):
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
Country database.
o Minor features (portability, compilation, backport from 0.3.0.3-alpha):
- Autoconf now checks to determine if OpenSSL structures are opaque,
instead of explicitly checking for OpenSSL version numbers. Part
of ticket 21359.
- Support building with recent LibreSSL code that uses opaque
structures. Closes ticket 21359.
o Minor bugfixes (code correctness, also in 0.3.0.4-rc):
- Repair a couple of (unreachable or harmless) cases of the risky
comparison-by-subtraction pattern that caused bug 21278.
o Minor bugfixes (tor-resolve, backport from 0.3.0.3-alpha):
- The tor-resolve command line tool now rejects hostnames over 255
characters in length. Previously, it would silently truncate them,
which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
Patch by "junglefowl".
removed).
According the Changelog (only relevant entries for "lua" added/removed scripts):
o [NSE] Added 12 NSE scripts from 4 authors, bringing the total up to 552!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below:
+ cics-enum enumerates CICS transaction IDs, mapping to screens in TN3270
services. [Soldier of Fortran]
+ cics-user-enum brute-forces usernames for CICS users on TN3270 services.
[Soldier of Fortran]
+ fingerprint-strings will print the ASCII strings it finds in the service
fingerprints that Nmap shows for unidentified services. [Daniel Miller]
+ [GH#606] ip-geolocation-map-bing renders IP geolocation data as an image
via Bing Maps API. [Mak Kolybabi]
+ [GH#606] ip-geolocation-map-google renders IP geolocation data as an image
via Google Maps API. [Mak Kolybabi]
+ [GH#606] ip-geolocation-map-kml records IP geolocation data in a KML file
for import into other mapping software [Mak Kolybabi]
+ nje-pass-brute brute-forces the password to a NJE node, given a valid RHOST
and OHOST. Helpfully, nje-node-brute can now brute force both of those
values. [Soldier of Fortran]
+ [GH#557] ssl-cert-intaddr will search for private IP addresses in TLS
certificate fields and extensions. [Steve Benson]
+ tn3270-screen shows the login screen from mainframe TN3270 Telnet services,
including any hidden fields. The script is accompanied by the new tn3270
library. [Soldier of Fortran]
+ tso-enum enumerates usernames for TN3270 Telnet services. [Soldier of Fortran]
+ tso-brute brute-forces passwords for TN3270 Telnet services. [Soldier of Fortran]
+ vtam-enum brute-forces VTAM application IDs for TN3270 services.
[Soldier of Fortran]
o [NSE][GH#533] Removed ssl-google-cert-catalog, since Google shut off that
service at some point. Reported by Brian Morin.
o [NSE][GH#606] New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results. [Mak Kolybabi]
Upstream changes:
# mikutter 3.5.3
* sometimes UserList shows empty lines and they cause crashes by clicks
* unexpected behavior when TL timestamp is clicked in polluted environments
* support Ruby 2.4
* Ruby-GNOME2 3.1.1
Changelog:
NSD 4.1.15
Feb 16, 2017
Bugfixes
Fix nsd-control and ipv6 only.
Squelch zone transfer error address family not supported by protocol at low verbosity levels.
Fix#1195: Fix so that NSD fails on non-compliant values for Serial.
Fix to rename _t typedefs because POSIX reserves them.
Fix that nsec3 hash collisions only reported on verbosity level 3.
fixes and new functionality, made since iperf 3.1.5.
* User-visible changes
* Specifying --fq-rate or --no-fq-socket-pacing on a system where
these options are not supported now generate an error instead of a
warning. This change makes diagnosing issues related to pacing
more apparent.
* Fixed a bug where two recently-added diagnostic messages spammed
the JSON output on UDP tests.
3.24.1 (2017-02-21)
- Fixed rendering icons in the remote directory tree when DPI scaling is enabled on Windows Vista and some Windows 7 machines
- SFTP components have been updated and are now based on PuTTY 0.68
- Updated builtin pugixml to version 1.8
0.9.1 (2017-02-20)
+ Added a small helper function to fz::file to get the current position in the file
+ Added another version of fz::to_wstring_from_utf8 that takes a char buffer + length
- Fixed extraction of single-character tokens in fz::strtok
New Features:
- Flag uploads coming from G2 servents with a "[G2]" tag after IP address.
- Added alias support in sharing/querying.
- Made the "Clear completed" button in Downloads/Tools do something useful.
- Moved "Clear completed" button to the bottom right of the download pane.
- Remember fileinfo notebook tab number across sessions.
- Remember main notebook tab number across sessions, only restored after crash.
- Remember Gnet stats notebook tab number across sessions.
- Remember download info / tools notebook tab number across sessions.
Improvements:
- Added --cleanup to explicitly request for final memory cleanup sequence.
- Updated Italian translation.
- Updated GeoIP databases.
Bug Fixes:
- Leaf nodes could end-up being connected to more ultrapeers than configured.
- Fixed monitoring of alien threads, important when GTK file selector is used.
Under the Hood:
- Debian compatibility level changed from 4 to 5.
- Make sure we can deal with older pkg-config, which needs leading arguments.
- Use "embedded" symbols for xmalloc(), xfree() and friends.
- Added "query_trace" property to trace all queries which were searched.
- Moved halloc-based string functions like h_strdup() to dedicated hstrfn.c.
- Expanded search mask to 64 bits to be able to hold all digits and letters.
- Count aliased queries and hits from aliases.
- Pre-compute shared file media type at record creation time.
- Pass query limits to st_search() to avoid needless pattern matching.
- Added h_strsplit() and h_strsplit_set().
- Added strvec_append_with() to expand vector by appending another vector.
- crash_assert_logv(): don't call crash_mode() if assert failure was recorded.
- entropy_clock_time(): mix the entropy nonce through hashing for more diffusion.
- node_can_accept_connection(): only send headers back when handshaking.
- qrp_add_file(): optimized to avoid computing word length if not required.
- thread_stack_check_overflow(): ignore virtual addresses outside stack range.
- vmm_init_once(): ensure any shared library for stacktrace unwinding is loaded.
Changes:
1.31.0
------
* Better error message when local file status cannot be retrieved
(GH-836)
* Fix assertion failure in SimpleRandomizer::getRandomBytes
* Add option content-disposition-default-utf8
Patch from JimmyZ (GH-813)
This Python 3 module provides an DNS API for looking up DNS entries
from within Python 3 modules and applications. This module is a
simple, lightweight implementation.
**** 1.08 [unreleased]
Fix rt.cpan.org #120208
Unable to install 1.07 in local::lib environment
Feature rt.cpan.org #119679
Net::DNS::Nameserver: UpdateHandler for responding to UPDATE packets
Feature rt.cpan.org #75357
Net::DNS::Nameserver: optionmask (similar to headermask) added
to allow user to set EDNS CLIENT-SUBNET option in reply packet
Discontinue support for pre-5.6 perl
Remove pre-5.6 workarounds and outdated language features
Changelog:
* Changes in Wget 1.19.1
* Fix bugs, a regression, portability/build issues
* Add new option --retry-on-http-error
* Changes in Wget 1.19
* New option --use-askpass=COMMAND. Fetch user/password by calling
an external program.
* Use IDNA2008 (+ TR46 if available) through libidn2
* When processing a Metalink header, --metalink-index=<number> allows
to process the header's application/metalink4+xml files.
* When processing a Metalink file, --trust-server-names enables the
use of the destination file names specified in the Metalink file,
otherwise a safe destination file name is computed.
* When processing a Metalink file, enforce a safe destination path.
Remove any drive letter prefix under w32, i.e. 'C:D:file'. Call
libmetalink's metalink_check_safe_path() to prevent absolute,
relative, or home paths:
https://tools.ietf.org/html/rfc5854#section-4.1.2.1https://tools.ietf.org/html/rfc5854#section-4.2.8.3
* When processing a Metalink file, --directory-prefix=<prefix> sets
the top of the retrieval tree to prefix for Metalink downloads.
* When processing a Metalink file, reject downloaded files which don't
agree with their own metalink:size value:
https://tools.ietf.org/html/rfc5854#section-4.2.16
* When processing a Metalink file, with --continue resume partially
downloaded files and keep fully downloaded files even if they fail
the verification.
* When processing a Metalink file, create the parent directories of a
"path/file" destination file name:
https://tools.ietf.org/html/rfc5854#section-4.1.2.1https://tools.ietf.org/html/rfc5854#section-4.2.8.3
* On a recursive download, append a .tmp suffix to temporary files
that will be deleted after being parsed, and create them
readable/writable only by the owner.
* New make target 'check-valgrind'
* Fix several bugs
* Fix compatibility issues
