0.5.2
* Fixed Google Drive login, broken by Google's new 2-page login sequence
* Added support for Google Drive two-factor authentication
* Fixed access to SharePoint root folder (tdf#101385)
* Limited the maximal number of redirections to 20 (rhbz#1410197)
* Switched library implementation to C++11 (the API remains
C++98-compatible)
* Fixed build with boost >= 1.68.0 (#19)
* Fixed encoding of OAuth2 credentials
* Dropped cppcheck run from "make check". A new "make cppcheck" target
was created for it
* Added proper API symbol exporting
* Speeded up building of tests a bit
* Fixed a few issues found by coverity and cppcheck
1.0.3
=====
- meson build fixes
- Fix running sniffer from meson build
- Fix issue on OS X when socket is destroyed after suspend
- Fix a memory leak in the device sniffer
- Fix a crash when sending a SSDP message after clearing the custom headers
- Use utsname.release for Server: header
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gssdp/issues/1
- https://bugzilla.gnome.org/show_bug.cgi?id=794340
4.3.0:
- Added Python 3.7 support.
- Avoid caching queues which are declared with a TTL.
Queues that are declared with a TTL are now also be excluded from the
in-memory cache in case they expire between publishes on the same channel.
- Added an index to the Message table for the SQLAlchemy transport.
The index allows to effectively sorting the table by the message's timestamp.
- Added a timeout that limits the amount of time we retry
to reconnect to a transport.
- :class:celery.asynchronous.hub.Hub is now reentrant.
This allows calling :func:celery.bin.celery.main to revive a worker in
the same process after rescuing from shutdown (:class:SystemExit).
- Queues now accept string exchange names as arguments as documented.
Tests were added to avoid further regressions.
- Specifying names for broadcast queues now work as expected.
Previously, named broadcast queues did not create multiple queues per worker.
They incorrectly declared the named queue which resulted in one queue per
fanout exchange, thus missing the entire point of a fanout exchange.
The behavior is now matched to unnamed broadcast queues.
- When initializing the Redis transport in conjunction with gevent
restore all unacknowledged messages to queue.
- Allow :class:kombu.simple.SimpleQueue to pass queue_arguments to Queue object.
This allows :class:kombu.simple.SimpleQueue to connect to RabbitMQ queues with
custom arguments like 'x-queue-mode'='lazy'.
- Add support for 'rediss' scheme for secure Redis connections.
The rediss scheme defaults to the least secure form, as
there is no suitable default location for ca_certs. The recommendation
would still be to follow the documentation and specify broker_use_ssl if
coming from celery.
- Added the Azure Storage Queues transport.
The transport is implemented on top of Azure Storage
Queues. This offers a simple but scalable and low-cost PaaS
transport for Celery users in Azure. The transport is intended to be
used in conjunction with the Azure Block Blob Storage backend.
- Added the Azure Service Bus transport.
The transport is implemented on top of Azure Service Bus and
offers PaaS support for more demanding Celery workloads in Azure.
The transport is intended to be used in conjunction with the Azure
CosmosDB backend.
- Drop remaining mentions of Jython support completely.
- When publishing messages to the Pidbox, retry if an error occurs.
- Fix infinite loop in :method:kombu.asynchronous.hub.Hub.create_loop.
- Worker shutdown no longer duplicates messages when using the SQS broker.
- When using the SQS broker, prefer boto's default region before our hardcoded default.
- Fixed closing of shared redis sockets which previously caused Celery to hang.
- the Pyro_ transport (:mod:kombu.transport.pyro) now works with
recent Pyro versions. Also added a Pyro Kombu Broker that this transport
needs for its queues.
- Handle non-base64-encoded SQS messages.
- Move the handling of Sentinel failures to the redis library itself.
Previously, Redis Sentinel worked only if the first node's sentinel
service in the URI was up. A server outage would have caused downtime.
- When using Celery and the pickle serializer with binary data as part of the
payload, UnicodeDecodeError would be raised as the content was not utf-8.
We now replace on errors.
- Allow setting :method:boto3.sqs.create_queue Attributes via transport_options.
- Fixed infinite loop when entity.channel is replaced by revive() on connection
drop.
- Added optional support for Brotli compression.
- When using the SQS broker, FIFO queues with names that ended with the 'f' letter
were incorrectly parsed. This is now fixed.
- Added optional support for LZMA compression.
- Added optional support for ZStandard compression.
- Require py-amqp 2.4.0 as the minimum version.
- The value of DISABLE_TRACEBACKS environment variable is now respected on debug, info
and warning logger level.
2.4.1:
- To avoid breaking the API basic_consume() now returns the consumer tag
instead of a tuple when nowait is True.
- Fix crash in basic_publish when broker does not support connection.blocked
capability.
- read_frame() is now Python 3 compatible for large payloads.
- Support float read_timeout/write_timeout.
- Always treat SSLError timeouts as socket timeouts.
- Treat EWOULDBLOCK as timeout.
This fixes a regression on Windows from 2.4.0.
Upstream changes:
mikutter 3.8.5
* update URLs of mikutter Web
* [photo-support] reddit
* thanks cob odo
* possible crash on receiving notifications
* thanks ncaq net
* happy new year
* use oEmbed API to get Gyazo images
* thanks Shibuya Rin
1.16.102
api-change:appstream: Update appstream command to latest version
api-change:mediapackage: Update mediapackage command to latest version
api-change:codebuild: Update codebuild command to latest version
1.16.101
api-change:ecs: Update ecs command to latest version
api-change:discovery: Update discovery command to latest version
api-change:dlm: Update dlm command to latest version
1.16.100
api-change:gamelift: Update gamelift command to latest version
api-change🇪🇸 Update es command to latest version
api-change:robomaker: Update robomaker command to latest version
api-change:medialive: Update medialive command to latest version
1.16.99
api-change:fsx: Update fsx command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.98
api-change🛡️ Update shield command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version
1.16.97
api-change:codecommit: Update codecommit command to latest version
api-change:workspaces: Update workspaces command to latest version
api-change:ecs: Update ecs command to latest version
api-change:application-autoscaling: Update application-autoscaling command to latest version
1.16.96
api-change:devicefarm: Update devicefarm command to latest version
api-change:mediaconnect: Update mediaconnect command to latest version
api-change:codecommit: Update codecommit command to latest version
api-change:medialive: Update medialive command to latest version
1.16.95
api-change:logs: Update logs command to latest version
api-change:ecr: Update ecr command to latest version
api-change:sms-voice: Update sms-voice command to latest version
api-change:elbv2: Update elbv2 command to latest version
api-change:rds: Update rds command to latest version
api-change:codebuild: Update codebuild command to latest version
1.16.94
api-change:acm-pca: Update acm-pca command to latest version
api-change:apigatewaymanagementapi: Update apigatewaymanagementapi command to latest version
api-change:worklink: Update worklink command to latest version
1.16.93
api-change:ssm: Update ssm command to latest version
api-change:dms: Update dms command to latest version
api-change:fms: Update fms command to latest version
api-change:discovery: Update discovery command to latest version
api-change:appstream: Update appstream command to latest version
1.16.92
api-change:glue: Update glue command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.91
api-change:rekognition: Update rekognition command to latest version
api-change:lightsail: Update lightsail command to latest version
api-change:lambda: Update lambda command to latest version
api-change:pinpoint: Update pinpoint command to latest version
1.16.90
api-change:dynamodb: Update dynamodb command to latest version
api-change:backup: Update backup command to latest version
api-change:ce: Update ce command to latest version
1.9.92
api-change:appstream: [botocore] Update appstream client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:mediapackage: [botocore] Update mediapackage client to latest version
1.9.91
api-change:discovery: [botocore] Update discovery client to latest version
api-change:ecs: [botocore] Update ecs client to latest version
api-change:dlm: [botocore] Update dlm client to latest version
1.9.90
api-change🇪🇸 [botocore] Update es client to latest version
api-change:medialive: [botocore] Update medialive client to latest version
api-change:gamelift: [botocore] Update gamelift client to latest version
api-change:robomaker: [botocore] Update robomaker client to latest version
1.9.89
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:fsx: [botocore] Update fsx client to latest version
1.9.88
api-change🛡️ [botocore] Update shield client to latest version
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.87
api-change:ecs: [botocore] Update ecs client to latest version
api-change:application-autoscaling: [botocore] Update application-autoscaling client to latest version
api-change:workspaces: [botocore] Update workspaces client to latest version
api-change:codecommit: [botocore] Update codecommit client to latest version
1.9.86
api-change:devicefarm: [botocore] Update devicefarm client to latest version
api-change:codecommit: [botocore] Update codecommit client to latest version
api-change:medialive: [botocore] Update medialive client to latest version
api-change:mediaconnect: [botocore] Update mediaconnect client to latest version
1.9.85
api-change:logs: [botocore] Update logs client to latest version
api-change:elbv2: [botocore] Update elbv2 client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:sms-voice: [botocore] Update sms-voice client to latest version
api-change:ecr: [botocore] Update ecr client to latest version
1.9.84
api-change:worklink: [botocore] Update worklink client to latest version
api-change:apigatewaymanagementapi: [botocore] Update apigatewaymanagementapi client to latest version
api-change:acm-pca: [botocore] Update acm-pca client to latest version
1.9.83
api-change:appstream: [botocore] Update appstream client to latest version
api-change:discovery: [botocore] Update discovery client to latest version
api-change:dms: [botocore] Update dms client to latest version
api-change:fms: [botocore] Update fms client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
1.9.82
api-change:glue: [botocore] Update glue client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.81
api-change:lightsail: [botocore] Update lightsail client to latest version
api-change:lambda: [botocore] Update lambda client to latest version
api-change:pinpoint: [botocore] Update pinpoint client to latest version
api-change:rekognition: [botocore] Update rekognition client to latest version
1.9.80
api-change:dynamodb: [botocore] Update dynamodb client to latest version
api-change:ce: [botocore] Update ce client to latest version
api-change:backup: [botocore] Update backup client to latest version
https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4225
* Sometimes qname-minimisation needs to be (temporarily) reverted.
* DNS-over-TLS would interact with qname-minimisation and would erroneously
echo back the query buffer instead of the answer.
Bump PKGREVISION.
1.12.92
api-change:appstream: Update appstream client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:mediapackage: Update mediapackage client to latest version
1.12.91
api-change:discovery: Update discovery client to latest version
api-change:ecs: Update ecs client to latest version
api-change:dlm: Update dlm client to latest version
1.12.90
api-change🇪🇸 Update es client to latest version
api-change:medialive: Update medialive client to latest version
api-change:gamelift: Update gamelift client to latest version
api-change:robomaker: Update robomaker client to latest version
1.12.89
api-change:ec2: Update ec2 client to latest version
api-change:fsx: Update fsx client to latest version
1.12.88
api-change🛡️ Update shield client to latest version
api-change:servicecatalog: Update servicecatalog client to latest version
api-change:ec2: Update ec2 client to latest version
1.12.87
api-change:ecs: Update ecs client to latest version
api-change:application-autoscaling: Update application-autoscaling client to latest version
api-change:workspaces: Update workspaces client to latest version
api-change:codecommit: Update codecommit client to latest version
1.12.86
api-change:devicefarm: Update devicefarm client to latest version
api-change:codecommit: Update codecommit client to latest version
api-change:medialive: Update medialive client to latest version
api-change:mediaconnect: Update mediaconnect client to latest version
1.12.85
api-change:logs: Update logs client to latest version
api-change:elbv2: Update elbv2 client to latest version
api-change:rds: Update rds client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:sms-voice: Update sms-voice client to latest version
api-change:ecr: Update ecr client to latest version
1.12.84
api-change:worklink: Update worklink client to latest version
api-change:apigatewaymanagementapi: Update apigatewaymanagementapi client to latest version
api-change:acm-pca: Update acm-pca client to latest version
1.12.83
api-change:appstream: Update appstream client to latest version
api-change:discovery: Update discovery client to latest version
api-change:dms: Update dms client to latest version
api-change:fms: Update fms client to latest version
api-change:ssm: Update ssm client to latest version
1.12.82
api-change:glue: Update glue client to latest version
api-change:ec2: Update ec2 client to latest version
1.12.81
api-change:lightsail: Update lightsail client to latest version
api-change:lambda: Update lambda client to latest version
api-change:pinpoint: Update pinpoint client to latest version
api-change:rekognition: Update rekognition client to latest version
1.12.80
api-change:dynamodb: Update dynamodb client to latest version
api-change:ce: Update ce client to latest version
api-change:backup: Update backup client to latest version
Upstream changelog:
* Changes in Wget 1.20.1
** --xattr is no longer default since it introduces privacy issues.
** --xattr saves the Referer as scheme/host/port, user/pw/path/query/fragment
are no longer saved to prevent privacy issues.
** --xattr saves the Original URL without user/password to prevent
privacy issues.
* Changes in Wget 1.20
** Add new option `--retry-on-host-error` to treat local errors as
transient and hence Wget will retry to download the file after
a brief waiting period.
** Fixed multiple potential resource leaks as found by static analysis
** Wget will now not create an empty wget-log file when running with
-q and -b switches together
** When compiled using the GnuTLS >= 3.6.3, Wget now has support for TLSv1.3
** Now there is support for using libpcre2 for regex pattern matching
** When downloading over FTP recursively, one can now use the
--{accept,reject}-regex switches to fine-tune the downloaded files
** Building Wget from the git sources now requires autoconf 2.63 or above.
Building from the Tarballs works as it used to.
Changes:
version 2019.02.08
Core
* [utils] Improve JSON-LD regular expression (#18058)
* [YoutubeDL] Fallback to ie_key of matching extractor while making
download archive id when no explicit ie_key is provided (#19022)
Extractors
+ [malltv] Add support for mall.tv (#18058, #17856)
+ [spankbang:playlist] Add support for playlists (#19145)
* [spankbang] Extend URL regular expression
* [trutv] Fix extraction (#17336)
* [toutv] Fix authentication (#16398, #18700)
* [pornhub] Fix tags and categories extraction (#13720, #19135)
* [pornhd] Fix formats extraction
+ [pornhd] Extract like count (#19123, #19125)
* [radiocanada] Switch to the new media requests (#19115)
+ [teachable] Add support for courses.workitdaily.com (#18871)
- [vporn] Remove extractor (#16276)
+ [soundcloud:pagedplaylist] Add ie and title to entries (#19022, #19086)
+ [drtuber] Extract duration (#19078)
* [soundcloud] Fix paged playlists extraction, add support for albums and update client id
* [soundcloud] Update client id
* [drtv] Improve preference (#19079)
+ [openload] Add support for openload.pw and oload.pw (#18930)
+ [openload] Add support for oload.info (#19073)
* [crackle] Authorize media detail request (#16931)
version 2019.01.30.1
Core
* [postprocessor/ffmpeg] Fix avconv processing broken in #19025 (#19067)
version 2019.01.30
Core
* [postprocessor/ffmpeg] Do not copy Apple TV chapter tracks while embedding
subtitles (#19024, #19042)
* [postprocessor/ffmpeg] Disable "Last message repeated" messages (#19025)
Extractors
* [yourporn] Fix extraction and extract duration (#18815, #18852, #19061)
* [drtv] Improve extraction (#19039)
+ Add support for EncryptedUri videos
+ Extract more metadata
* Fix subtitles extraction
+ [fox] Add support for locked videos using cookies (#19060)
* [fox] Fix extraction for free videos (#19060)
+ [zattoo] Add support for tv.salt.ch (#19059)
* IPv4LL: Fixed build with this disabled
* IPv4LL: Remember last address between carrier resets
* BSD: Fixed initial link infos reported as LINK_STATE_UNKNOWN
* FreeBSD: Avoid panicing kernel for IPv6 prefix routes
3.7.0:
- Fixes for cursoring API endpoints
- Improve html_for_tweet() parsing
- Documentation cleanup
- Documentation for cursor's return_pages keyword argument
- Update links to Twitter API in documentation
- Added create_metadata endpoint
- Raise error for when cursor is not provided a callable
3.6.0:
- Improve replacing of entities with links in html_for_tweet()
- Update classifiers for PyPI
3.5.0:
- Added support for "symbols" in Twython.html_for_tweet()
- Added support for extended tweets in Twython.html_for_tweet()
- You can now check progress of video uploads to Twitter when using Twython.upload_video()
Changes:
1.7.0
-----
- Added support for:
- `photobucket` (#117)
- `hentaifox` (#160)
- `tsumino` (#161)
- Added the ability to dynamically generate extractors based on a user's
config file for
- `mastodon` instances (#144)
- `foolslide` based sites
- `foolfuuka` based archives
- Added an extractor for `behance` collections (#157)
- Added login support for `luscious` (#159) and `tsumino` (#161)
- Added an option to stop downloading if the `exhentai` image limit is
exceeded (#141)
- Fixed extraction issues for `behance` and `mangapark`
Upstream changes:
This release contains the DNS Flag Day changes for Unbound. See the
reference here, https://dnsflagday.net/ . Or this presentation:
https://indico.dns-oarc.net/event/29/contributions/662/attachments/634/1063/EDNS_Flag_Day_-_OARC29.pdf
. The EDNS timeouts are not used to fallback to nonEDNS queries.
Features
- log-tag-queryreply: yes in unbound.conf tags the log-queries and
log-replies in the log file for easier log filter maintenance.
- ip-ratelimit-factor of 1 allows all traffic through, instead of the
previous blocking everything.
- Fix#4206: support openssl 1.0.2 for TLS hostname verification,
alongside the 1.1.0 and later support that is already there.
- Add contrib/unbound-fuzzme.patch from Jacob Hoffman-Andrews,
the patch adds a program used for fuzzing.
- streamtcp option -a send queries consecutively and prints answers
as they arrive.
- out-of-order processing for TCP and TLS.
- Add stream-wait-size: 4m config option to limit the maximum
memory used by waiting tcp and tls stream replies. This avoids
a denial of service where these replies use up all of the memory.
- unbound-control stats has mem.streamwait that counts TCP and TLS
waiting result buffers.
- Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites
options for unbound.conf.
- Patch for TLS session resumption from Manabu Sonoda,
enable with tls-session-ticket-keys in unbound.conf.
- ub_ctx_set_tls call for libunbound that enables DoT for the machines
set with ub_ctx_set_fwd. Patch from Florian Obser.
Bug Fixes
- Fix that unbound-checkconf does not complains if the config file
is not placed inside the chroot.
- Refuse to start with no ports.
- Remove clang analysis warnings.
- Patch for typo in unbound.conf man page.
- Fix icon, no ragged edges and nicer resolutions available, for eg.
Win 7 and Windows 10 display.
- cache-max-ttl also defines upperbound of initial TTL in response.
- Fix config parser memory leaks.
- Fix for FreeBSD port make with dnscrypt and dnstap enabled.
- Fixup openssl 1.0.2 compile
- Fix for crash in dns64 module if response is null.
- On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN,
and server tcp fastopen is enabled at compile time.
- Document interaction between the tls-upstream option in the server
section and forward-tls-upstream option in the forward-zone sections.
- Fix syntax in comment of local alias processing.
- Fix NSEC3 record that is returned in wildcard replies from
auth-zone zones with NSEC3 and wildcards.
- Log query name for looping module errors.
- For caps-for-id fallback, use the whitelist to avoid timeout
starting a fallback sequence for it.
- increase mesh max activation count for capsforid long fetches.
- Fix for #4219: secondaries not updated after serial change, unbound
falls back to AXFR after IXFR gives several timeout failures.
- Fix that auth zone after IXFR fallback tries the same master.
- Fix for IXFR fallback to reset counter when IXFR does not timeout.
- Newer aclocal and libtoolize used for generating configure scripts,
aclocal 1.16.1 and libtoolize 2.4.6.
- Fix unit test for python 3.7 new keyword 'async'.
- clang analysis fixes, assert arc4random buffer in init,
no check for already checked delegation pointer in iterator,
in testcode check for NULL packet matches, in perf do not copy
from NULL start list when growing capacity. Adjust host and file
only when present in test header read to please checker. In
testcode for unknown macro operand give zero result. Initialise the
passed argv array in test code. In test code add EDNS data
segment copy only when nonempty.
- Patch from Florian Obser fixes some compiler warnings:
include mini_event.h to have a prototype for mini_ev_cmp
include edns.h to have a prototype for apply_edns_options
sldns_wire2str_edns_keepalive_print is only called in the wire2str,
module declare it static to get rid of compiler warning:
no previous prototype for function
infra_find_ip_ratedata() is only called in the infra module,
declare it static to get rid of compiler warning:
no previous prototype for function
do not shadow local variable buf in authzone
auth_chunks_delete and az_nsec3_findnode are only called in the
authzone module, declare them static to get rid of compiler warning:
no previous prototype for function...
copy_rrset() is only called in the respip module, declare it
static to get rid of compiler warning:
no previous prototype for function 'copy_rrset'
no need for another variable "r"; gets rid of compiler warning:
declaration shadows a local variable in libunbound.c
no need for another variable "ns"; gets rid of compiler warning:
declaration shadows a local variable in iterator.c
- Moved includes and make depend.
- updated contrib/fastrpz.patch to cleanly diff.
- remove compile warnings from libnettle compile.
- output of newer lex 2.6.1 and bison 3.0.5.
- Set build system for added call in the libunbound API.
- List example config for root zone copy locally hosted with auth-zone
as suggested from draft-ietf-dnsop-7706-bis-02. But with updated
B root address.
- Fixed spelling of tls-ciphers option in example.conf.
- Added support for parsing natively lines with ':' (colons) within
environment variables for tcprules.
- Fixed bug in tcprules abending with certain with IPv4/CIDR addresses.
- New installation PREFIX is now 'net' (and not 'host').
Changes
3.7.1
Restored support for Java 8.
3.7.0
#71 Added support for empty passwords for BASIC and DIGEST auth.
#72 Ability to edit URL encoded body parameter.
#73 Zip distribution build was generating wrong format.
3.6.2
XML formatting now uses jxmlfmt.
Built using Java 10. Requires Java 10 to run.
Overall changes:
CMake now is the default build system, Autotools were removed.
In addition to TravisCI, all commits are now build-tested by AppVeyorCI.
LibVNCServer/LibVNCClient:
Numerous build fixes for Visual Studio compilers to the extent that
one can now build the project with these. The needed changes for
successfully running stuff will be implemented in 0.9.13.
Fixed building for Android and added build instructions.
Removed the unused PolarSSL wrapper.
Updated the bundled noVNC to latest release 1.0.0.
Allowed to use global LZO library instead of miniLZO.
LibVNCClient:
Support for OpenSSL 1.1.x.
Support for overriding the default rectangle decode handlers (with
hardware-accelerated ones for instance) thanks to Balazs Ludmany.
vnc2mpg updated.
Added support for X509 server certificate verification as part of the
handshake process thanks to Simon Waterman.
Added a TRLE decoder thanks to Wiki Wang.
Included Tight decoding optimizations from TurboVNC thanks to DRC.
Ported the SDL viewer from SDL 1.2 to SDL 2.0.
Numerous security fixes.
Added support for custom auth handlers in order to support additional
security types.
LibVNCServer:
Websockets rework to remove obsolete code thanks to Andreas Weigel.
Ensured compatibility with gtk-vnc 0.7.0+ thanks to Micha K pie .
The built-in webserver now sends correct MIME type for Javascript.
Numerous memory management issues fixed.
Made the TightVNC-style file transfer more stable.
Changelog:
Knot DNS 2.7.6 (2019-01-23)
===========================
Improvements:
-------------
- Zone status also shows when the zone load is scheduled
- Server workers status also shows background workers utilization
- Default control timeout for knotc was increased to 10 seconds
- Pkg-config files contain auxiliary variable with library filename
Bugfixes:
---------
- Configuration commit or server reload can drop some pending zone events
- Nonempty zone journal is created even though it's disabled #635
- Zone is completely re-signed during empty dynamic update processing
- Server can crash when storing a big zone difference to the journal
- Failed to link on FreeBSD 12 with Clang
Knot DNS 2.7.5 (2019-01-07)
===========================
Features:
---------
- Keymgr supports NSEC3 salt handling
Improvements:
-------------
- Zone history in journal is dropped apon AXFR-like zone update
- Libdnssec is no longer linked against libm #628
- Libdnssec is explicitly linked against libpthread if PKCS #11 enabled #629
- Better support for libknot packaging in Python
- Manually generated KSK is 'ready' by default
- Kdig supports '+timeout' as an alias for '+time'
- Kdig supports '+nocomments' option
- Kdig no longer prints empty lines between retries
- Kdig returns failure if operations not successfully resolved#632
- Fixed repeating of the 'KSK submission, waiting for confirmation' log
- Various improvements in documentation, Dockerfile, and tests
Bugfixes:
---------
- Knotc fails to unset huge configuration section
- Kjournalprint sometimes fails to display zone journal content
- Improper timing of ZSK removal during ZSK rollover
- Missing UTC time zone indication in the 'iso' keymgr list output
- A race condition in the online signing module
Knot DNS 2.7.4 (2018-11-13)
===========================
Features:
---------
- Added SNI configuration for TLS in kdig (Thanks to Alexander Schultz)
Improvements:
-------------
- Added warning log when DNSSEC events not successfully scheduled
- New semantic check on timer values in keymgr
- DS query no longer asks other addresses if got a negative answer
- Reintroduced 'rollover' configuration option for CDS/CDNSKEY publication
- Extended logging for zone loading
- Various documentation improvements
Bugfixes:
---------
- Failed to import module configuration #613
- Improper Cflags value in libknot.pc if built with embedded LMDB #615
- IXFR doesn't fall back to AXFR if malformed reply
- DNSSEC events not correctly scheduled for empty zone updates
- During algorithm rollover old keys get removed before DS TTL expires #617
- Maximum zone's RRSIG TTL not considered during algorithm rollover #620
Knot DNS 2.7.3 (2018-10-11)
===========================
Features:
---------
- New queryacl module for query access control
- Configurable answer rrset rotation #612
- Configurable NSEC bitmap in online signing
Improvements:
-------------
- Better error logging for KASP DB operations #601
- Some documentation improvements
Bugfixes:
---------
- Keymgr "list" output doesn't show key size for ECDSA algorithms #602
- Failed to link statically with embedded LMDB
- Configuration commit causes zone reload for all zones
- The statistics module overlooks TSIG record in a request
- Improper processing of an AXFR-style-IXFR response consisting of one-record messages
- Race condition in online signing during key rollover #600
- Server can crash if geoip module is enabled in the geo mode
Knot DNS 2.7.2 (2018-08-29)
===========================
Improvements:
-------------
- Keymgr list command displays also key size
- Kjournalprint displays total occupied size in the debug mode
- Server doesn't stop if failed to load a shared module from the module directory
- Libraries libcap-ng, pthread, and dl are linked selectively if needed
Bugfixes:
---------
- Sometimes incorrect result from dnssec_nsec_bitmap_contains (libdnssec)
- Server can crash when loading zone file difference and zone-in-journal is set
- Incorrect treatment of specific queries in the module RRL
- Failed to link module Cookies as a shared library
Knot DNS 2.7.1 (2018-08-14)
===========================
Improvements:
-------------
- Added zone wire size information to zone loading log message
- Added debug log message for each unsuccessful remote address operation
- Various improvements for packaging
Bugfixes:
---------
- Incompatible handling of RRSIG TTL value when creating a DNS message
- Incorrect RRSIG TTL value in zone differences and knotc zone operation outputs
- Default configure prefix is ignored
Knot DNS 2.7.0 (2018-08-03)
===========================
Features:
---------
- New DNS Cookies module and related '+cookie' kdig option
- New module for response tailoring according to client's subnet or geographic location
- General EDNS Client Subnet support in the server
- OSS-Fuzz integration (Thanks to Jonathan Foote)
- New '+ednsopt' kdig option (Thanks to Jan Včelák)
- Online Signing support for automatic key rollover
- Non-normal file (e.g. pipe) loading support in zscanner #542
- Automatic SOA serial incrementation if non-empty zone difference
- New zone file load option for ignoring zone file's SOA serial
- New build-time option for alternative malloc specification
- Structured logging for DNSSEC key submission event
- Empty QNAME support in kdig
Improvements:
-------------
- Various library and server optimizations
- Reduced memory consumption of outgoing IXFR processing
- Linux capabilities use overhaul #546 (Thanks to Robert Edmonds)
- Online Signing properly signs delegations and CNAME records
- CDS/CDNSKEY rrset is signed with KSK instead of ZSK
- DNSSEC-related records are ignored when loading zone difference with signing enabled
- Minimum allowed RSA key length was increased to 1024
- Removed explicit dependency on Nettle
Bugfixes:
---------
- Possible uninitialized address buffer use in zscanner
- Possible index overflow during multiline record parsing in zscanner
- kdig +tls sometimes consumes 100 % CPU #561
- Single-Type Signing doesn't work with single ZSK key #566
- Zone not flushed after re-signing during zone load #594
- Server crashes when committing empty zone transaction
- Incoming IXFR with on-slave signing sometimes leads to memory corruption #595
Compatibility:
--------------
- Removed obsolete RRL configuration
- Removed obsolete module names 'mod-online-sign' and 'mod-synth-record'
- Removed obsolete 'ixfr-from-differences' configuration option
- Removed old journal migration
- Removed module rosedb
Knot DNS 2.6.9 (2018-08-14)
===========================
Improvements:
-------------
- Added zone wire size to zone loading log message
- Added debug log message for each unsuccessful remote address operation
Bugfixes:
---------
- Zone not flushed after re-signing during zone load #594
- Server crashes when committing empty zone transaction
- Incoming IXFR with on-slave signing sometimes leads to memory corruption #595
Knot DNS 2.6.8 (2018-07-10)
===========================
Features:
---------
- New 'import-pkcs11' command in keymgr
Improvements:
-------------
- Unixtime serial policy mimics Bind – increment if lower #593
Bugfixes:
---------
- Creeping memory consuption upon server reload #584
- Kdig incorrectly detects QNAME if 'notify' is a prefix
- Server crashes when zone sign fails #587
- CSK->KZSK rollover retires CSK early #588
- Server crashes when zone expires during outgoing multi-message transfer
- Kjournalprint doesn't convert zone name argument to lower-case
- Cannot switch to a previously used ksk-shared dnssec policy #589
Knot DNS 2.6.7 (2018-05-17)
===========================
Features:
---------
- Added 'dateserial' (YYYYMMDDnn) serial policy configuration (Thanks to Wolfgang Jung)
Improvements:
-------------
- Trailing data indication from the packet parser (libknot)
- Better configuration check for a problematical option combination
Bugfixes:
---------
- Incomplete configuration option item name check
- Possible buffer overflow in 'knot_dname_to_str' (libknot)
- Module dnsproxy doesn't preserve letter case of QNAME
- Module dnsproxy duplicates OPT and TSIG in the non-fallback mode
Knot DNS 2.6.6 (2018-04-11)
===========================
Features:
---------
- New EDNS option counters in the statistics module
- New '+orphan' filter for the 'zone-purge' operation
Improvements:
-------------
- Reduced memory consuption of disabled statistics metrics
- Some spelling fixes (Thanks to Daniel Kahn Gillmor)
- Server no longer fails to start if MODULE_DIR doesn't exist
- Configuration include doesn't fail if empty wildcard match
- Added a configuration check for a problematical option combination
Bugfixes:
---------
- NSEC3 chain not re-created when SOA minimum TTL changed
- Failed to start server if no template is configured
- Possibly incorrect SOA serial upon changed zone reload with DNSSEC signing
- Inaccurate outgoing zone transfer size in the log message
- Invalid dname compression if empty question section
- Missing EDNS in EMALF responses
Knot DNS 2.6.5 (2018-02-12)
===========================
Features:
---------
- New 'zone-notify' command in knotc
- Kdig uses '@server' as a hostname for TLS authenticaion if '+tls-ca' is set
Improvements:
-------------
- Better heap memory trimming for zone operations
- Added proper polling for TLS operations in kdig
- Configuration export uses stdout as a default output
- Simplified detection of atomic operations
- Added '--disable-modules' configure option
- Small documentation updates
Bugfixes:
---------
- Zone retransfer doesn't work well if more masters configured
- Kdig can leak or double free memory in corner cases
- Inconsistent error outputs from dynamic configuration operations
- Failed to generate documentation on OpenBSD
Knot DNS 2.6.4 (2018-01-02)
===========================
Features:
---------
- Module synthrecord allows multiple 'network' specification
- New CSK handling support in keymgr
Improvements:
-------------
- Allowed configuration for infinite zsk lifetime
- Increased performance and security of the module synthrecord
- Signing changeset is stored into journal even if 'zonefile-load' is whole
Bugfixes:
---------
- Unintentional zone re-sign during reload if empty NSEC3 salt
- Inconsistent zone names in journald structured logs
- Malformed outgoing transfer for big zone with TSIG
- Some minor DNSSEC-related issues
Knot DNS 2.6.3 (2017-11-24)
===========================
Bugfixes:
---------
- Wrong detection of signing scheme rollover
Knot DNS 2.6.2 (2017-11-23)
===========================
Features:
---------
- CSK algorithm rollover and (KSK, ZSK) <-> CSK rollover support
Improvements:
-------------
- Allowed explicit configuration for infinite ksk lifetime
- Proper error messages instead of unclear error codes in server log
- Better support for old compilers
Bugfixes:
---------
- Unexpected reply for DS query with an owner below a delegation point
- Old dependencies in the pkg-config file
Knot DNS 2.6.1 (2017-11-02)
===========================
Features:
---------
- NSEC3 Opt-Out support in the DNSSEC signing
- New CDS/CDNSKEY publish configuration option
Improvements:
-------------
- Simplified DNSSEC log message with DNSKEY details
- +tls-hostname in kdig implies +tls-ca if neither +tls-ca nor +tls-pin is given
- New documentation sections for DNSSEC key rollovers and shared keys
- Keymgr no longer prints useless algorithm number for generated key
- Kdig prints unknown RCODE in a numeric format
- Better support for LLVM libFuzzer
Bugfixes:
---------
- Faulty DNAME semantic check if present in the zone apex and NSEC3 is used
- Immediate zone flush not scheduled during the zone load event
- Server crashes upon dynamic zone addition if a query module is loaded
- Kdig fails to connect over TLS due to SNI is set to server IP address
- Possible out-of-bounds memory access at the end of the input
- TCP Fast Open enabled by default in kdig breaks TLS connection
Knot DNS 2.6.0 (2017-09-29)
===========================
Features:
---------
- On-slave (inline) signing support
- Automatic DNSSEC key algorithm rollover
- Ed25519 algorithm support in DNSSEC (requires GnuTLS 3.6.0)
- New 'journal-content' and 'zonefile-load' configuration options
- keymgr tries to run as user/group set in the configuration
- Public-only DNSSEC key import into KASP DB via keymgr
- NSEC3 resalt and parent DS query events are persistent in timer DB
- New processing state for a response suppression within a query module
- Enabled server side TCP Fast Open if supported
- TCP Fast Open support in kdig
Improvements:
-------------
- Better record owner compression if related to the previous rdata dname
- NSEC(3) chain is no longer recomputed whole on every update
- Remove inconsistent and unnecessary quoting in log files
- Avoiding of overlapping key rollovers at a time
- More DNSSSEC-related semantic checks
- Extended timestamp format in keymgr
Bugfixes:
---------
- Incorrect journal free space computation causing inefficient space handling
- Interface-automatic broken on Linux in the presence of asymmetric routing
pkgsrc changes:
* Add logic to generate man page via pre-install target instead of
generating it manually
Changes:
### Changes since v2.7
* New `hub api` command for scripting with GitHub API
<https://github.com/github/hub/pull/2016>
* Re-implement CLI flag parsing so that `--message <MSG>` is equivalent to
`--message=<MSG>` <https://github.com/github/hub/pull/2008>
* Re-implement `make man-pages` in Go instead of Ruby
<https://github.com/github/hub/pull/1990>
* `issue create --label` is now `issue create --labels` to align with
existing documentation
* Output crash debugging information on stderr instead of stdout
* Build improvements:
- respect environment LDFLAGS
- strip the build path from resulting executable
- enable reproducible builds with SOURCE_DATE_EPOCH
Upstream changes:
0.41 2018/12/20 08:30:00
- Fixed supported() to say HELP isn't supported if OverriedHELP was used.
Wasn't doing this in 100% of the logic paths.
- Fixed nlst/list bug when filter patterns & callbacks were both in use.
The results of the end callback wasn't having the pattern applied to filter
the results. Patterns are now applied to filter things before & after the
callback is called, where before it was only done before the callback was
called.
- Fixed nlst/list to both call _common_list() instead of having list do both.
- The DebugLogFile option now turns autoflush on when the log file is opened.
I was loosing the log file contents on certain types of errors when
autoflush was turned off making it difficult to troubleshoot issues.
- Tweaked the ccc() hack slightly. Also the above log file fix seems to have
stabilized the CCC hack when the logs are turned on when it works. Though
some servers sometimes throw "Unexpeced EOF" errors after executing the CCC.
So I put in a couple of sleeps for 1 second each & the command became even
more stable. Suggesting that the "Unexpected EOF" errors were caused by
timing issues.
- Added uput2() method to deal with the problem that uput() can't always
tell you the actual name of the file on the FTPS server and you really need
to know that filename. (slow)
- Rewrote the uput() POD to reflect what the command actually does instead
of what it's supposed to do. Different servers implemented it differently.
- Tweaked the depreciated "useSSL" option to make it easier to remove in
the future.
- Minor tweaks to _help() & supported() dealing with OverrideHELP & _help()
can now include disabled commands in it's hash. (The key's value is 0 if
disabled. Else non-zero if a supported command.) Before it just silently
tossed disabled commands.
- Added mlsd() - List of files in machine readable format.
- Added mlst() - Get file details in machine readable foramt.
- Added parse_mlsx() to parse the returned values of mlsd() & mlst().
- Modified size() to have option of using MLST as an alternate way to get a
file's size.
- Modified is_dir() & is_file() to be able to use MLST as the prefered way
to do these tests. Falls back on original tests if MLST isn't supported
or doesn't have the TYPE feature enabled.
- Redesigned all the test cases from scratch! Rather than choose one of 3
huge scripts to run, everything has been replaced by a lot of smaller test
cases. Makes it much simpler to verify everything is working without the
need for messy complex code or having to carefully examine log files
afterwards.
- The test cases no longer uses the depreciated "useSSL" option. They use
the "SSL_version" option instead.
- t/test-helper/helper1234.pm, new helper module to centralize the asking
of questions and to share the answers between all the test cases. So
that "make test" only prompts you a single time for your server info.
- No longer uses environment variables to "remember" answers. Now uses
a dynamically built config file of options selected. Just have to
answer the questions the 1st time run via "make test".
- MANIFEST - Added all the new test cases and removed the old ones.
- Updated the LISCENSE file to say 2018 (from 2017)
- Update the README file to say 2018 (from 2017) Then completly rewrote it.
Changes in version 0.0.8 - 2019-01-20:
- Bug 24793: Send the correct authorization HTTP header for basic auth.
- (meek_lite) Explicitly set Content-Length to zero when there is no
data to send.
- Added optional support for building as a Go 1.11 module. Patch by
mvdan.
- Change the canonical upstream repo location to gitlab.
Changelog:
2019/01/08 : 1.8.17
- BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify()
- MINOR: mux-h2: only increase the connection window with the first update
- BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than the max
- BUG/MEDIUM: server: Also copy "check-sni" for server templates.
- MINOR: lb: allow redispatch when using consistent hash
- MINOR: stream/cli: fix the location of the waiting flag in "show sess all"
- MINOR: stream/cli: report more info about the HTTP messages on "show sess all"
- BUG/MEDIUM: cli: make "show sess" really thread-safe
- BUG/MINOR: lua: Return an error if a legacy HTTP applet doesn't send anything
- BUG/MINOR: lua: bad args are returned for Lua actions
- BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred
- BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used
2018/12/21 : 1.8.16
- BUG/MINOR: logs: leave startup-logs global and not per-thread
- BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response()
- BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns error
2018/12/13 : 1.8.15
- MINOR: threads: Make sure threads_sync_pipe is initialized before using it.
- DOC: clarify force-private-cache is an option
- BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2
- BUG/MINOR: backend: check that the mux installed properly
- BUG/MEDIUM: buffers: Make sure we don't wrap in buffer_insert_line2/replace2.
- MEDIUM: ssl: add support for ciphersuites option for TLSv1.3
- BUG/MEDIUM: Cur/CumSslConns counters not threadsafe.
- BUG/MINOR: checks: queues null-deref
- BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM.
- BUG/MEDIUM: stream: don't crash on out-of-memory
- BUILD: ssl: fix null-deref warning in ssl_fc_cipherlist_str sample fetch
- BUILD: ssl: fix another null-deref warning in ssl_sock_switchctx_cbk()
- BUILD: stick-table: make sure not to fail on task_new() during initialization
- BUILD: peers: check allocation error during peers_init_sync()
- DOC: Fix a few typos
- BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous point
- BUG/MEDIUM: threads: make sure threads_want_sync is marked volatile
- BUILD: compiler: add a new statement "__unreachable()"
- MINOR: lua: all functions calling lua_yieldk() may return
- BUILD: lua: silence some compiler warnings about potential null derefs (#2)
- BUILD: lua: silence some compiler warnings after WILL_LJMP
- CLEANUP: stick-tables: Remove unneeded double (()) around conditional clause
- BUILD: Makefile: add a "make opts" target to simply show the build options
- BUILD: Makefile: speed up compiler options detection
- BUILD: Makefile: silence an option conflict warning with clang
- MINOR: server: Use memcpy() instead of strncpy().
- MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80.
- MINOR: peers: use defines instead of enums to appease clang.
- DOC: fix reference to map files in MAINTAINERS
- BUILD: compiler: rename __unreachable() to my_unreachable()
- BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF.
- BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent.
- BUILD: Makefile: add the new ERR variable to force -Werror
- BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB).
- BUG/MINOR: cache: Wrong usage of shctx_init().
- BUG/MINOR: ssl: Wrong usage of shctx_init().
- DOC: cache: Missing information about "total-max-size"
- BUG/MINOR: only mark connections private if NTLM is detected
- BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic
- BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer
- BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe
- BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn
- BUG/MEDIUM: Make sure stksess is properly aligned.
- BUG/MINOR: config: Copy default error messages when parsing of a backend starts
- BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field
- BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id
- BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name
- BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed
- BUG/MINOR: lb-map: fix unprotected update to server's score
- BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR.
- BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation
- BUG/MINOR: mux-h2: refrain from muxing during the preface
- BUG/MINOR: mux-h2: advertise a larger connection window size
- BUILD: compression: fix build error with DEFAULT_MAXZLIBMEM
- BUILD: threads: fix minor build warnings when threads are disabled
- MINOR: stats: report the number of active jobs and listeners in "show info"
- MINOR: servers: Free [idle|safe|priv]_conns on exit.
- DOC: clarify that check-sni needs an argument.
- DOC: refer to check-sni in the documentation of sni
- BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name
- BUG: dns: Prevent out-of-bounds read in dns_read_name()
- BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()
- BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response()
- BUG: dns: Fix off-by-one write in dns_validate_dns_response()
- DOC: Update configuration doc about the maximum number of stick counters.
- DOC: restore note about "independant" typo
- DOC: Fix typos in README and CONTRIBUTING
- DOC: Fix typos in different subsections of the documentation
- DOC: fix a few typos in the documentation
- Fix GNU/Hurd build.
- Discover vpnc-script in default packaged location on FreeBSD/OpenBSD.
- Support split-exclude routes for GlobalProtect.
- Fix GnuTLS builds without libtasn1.
- Fix DTLS support with OpenSSL 1.1.1+.
- Add Cisco-compatible DTLSv1.2 support.
- Invoke script with reason=attempt-reconnect before doing so.
* OpenBSD: works alongside slaacd(8)
* NetBSD: sets SO_RERROR on to detect receive socket overflow
* BSD: route improvements to avoid listening for own changes
* Linux: use NETLINK_BROADCAST_ERROR
* BSD: avoid late address deletion messages by testing address existance
* IP6: implement IP6 address sharing
* BSD: catch UP/DOWN events when interfaces does support media changes
* IPv4LL: remember old address when carrier is lost
3.0.0
* Padding bytes are now properly validated when reading xdr values. According
to the XDR spec, padding must be zeros.
* Use activemodel and activesuport 5.2
maradns-2.0.16:
This is the stable release of MaraDNS. A very minor security update was made.
Deadwood updated to 3.2.12
maradns-2.0.15:
This is the stable release of MaraDNS. No security updates were done in this release.
Deadwood updated to 3.2.11
maradns-2.0.14:
This is the stable release of MaraDNS. No security updates were done in this release.
Deadwood updated to 3.2.10
Changes:
2.7.1
-----
* Respect chosen Enterprise host on `hub init -g`
* Ensure consistent order of options when prompted to choose between
multiple configured GitHub hosts
* Ensure alphabetical sort of `hub issue labels` output
* Improve contrast of label text vs. its background color
* Various documentation formatting tweaks
