3.24.0 (2017-01-13)
- Fixed a possible crash if sending FTP commands fails during a directory listing operation
- *nix: Fixed a scrolling issue in the message log if wxWidgets is built against GTK3
3.24.0-rc1 (2017-01-06)
+ The context menu for remote file search results now has a "Copy URL(s) to clipboard" item
+ Alt+number can now be used to switch between tabs in addition to Ctrl+number
+ SFTP hostkey fingerprints are now also shown as base64 encoded SHA256 hashes to match the new format displayed by OpenSSH
- Errors at the end of SFTP transfers now correctly result in transfer failures instead
- Cancelling synchronized browsing questions no longer prevents further directory changes
- Fix display issues for the filter conditions dialog
- Fix deleting multiple extensions on the filetype page in the settings
- OS X: Do not open dialogs while already processing an event, e.g. while a context menu is open
Changelog:
Version 1.4.1 (2017-01-08)
- Lower the required gspell version to 1.0
- Work around a binding problem in the gtk+ 3.18 vapi of vala 0.30
Version 1.4 (2017-01-06)
- Images in quoted tweets now look more like they actually belong to
the quoted tweet instead of the quoting tweet.
- Allow deleting tweets from the tweet info page and not just from
timelines.
- Fix the user completion not showing all possible results
- Focus the already opened window for an account if the account gets
selected in the accounts popover
- Avoid window resizing when typing in the Direct Message text box
- Add 'q' accelerator to tweet rows for quoting
- Add spellchecking. This add a dependency to gspell
- Increase gtk+ dependency to 3.18 to get rid of some workarounds.
- Increase avatar size in profiles and slightly overlap them over the
banner. Also, always show the full banner.
- Fix completion popup positioning under Wayland
- Add experimental meson build files
- Fix some videos not playing correctly
- Add a minimal video progress indicator to the video dialog
- Fix the retweet/favorite count updating in the tweet info page
--- 9.9.9-P5 released ---
4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
in responses resulting in SERVFAIL being returned.
[RT #43779]
4528. [bug] Only set the flag bits for the i/o we are waiting
for on EPOLLERR or EPOLLHUP. [RT #43617]
4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534]
4517. [security] Named could mishandle authority sections that were
missing RRSIGs triggering an assertion failure.
(CVE-2016-9444) [RT # 43632]
4510. [security] Named mishandled some responses where covering RRSIG
records are returned without the requested data
resulting in a assertion failure. (CVE-2016-9147)
[RT #43548]
4508. [security] Named incorrectly tried to cache TKEY records which
could trigger a assertion failure when there was
a class mismatch. (CVE-2016-9131) [RT #43522]
--- 9.10.4-P5 released ---
4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
in responses resulting in SERVFAIL being returned.
[RT #43779]
4528. [bug] Only set the flag bits for the i/o we are waiting
for on EPOLLERR or EPOLLHUP. [RT #43617]
4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534]
4517. [security] Named could mishandle authority sections that were
missing RRSIGs triggering an assertion failure.
(CVE-2016-9444) [RT # 43632]
4510. [security] Named mishandled some responses where covering RRSIG
records are returned without the requested data
resulting in a assertion failure. (CVE-2016-9147)
[RT #43548]
4508. [security] Named incorrectly tried to cache TKEY records which
could trigger a assertion failure when there was
a class mismatch. (CVE-2016-9131) [RT #43522]
This is a regularly scheduled bugfix and improvement release recommended for all users.
Resolved issues:
#3846: Changing bandwidth rate limits now takes effect immediately without restart.
#3859: The event log (-audit) can now be directed to stderr for piping into another program.
#3584: A panic on folder listing at startup has been fixed.
#3857: On Windows, we now make sure to never descend into directory symlinks.
#3819: When a folder is deleted, the .stfolder marker is also removed. The ignore file and .stversions directory are retained, if present.
#3839: Several scenarios where a device would get stuck with "not a directory" errors are now handled again.
#3861: Third party copyrights in the about box are now more up to date.
Also:
Hashing performance has been improved again, after it was inadvertently reduced in v0.4.17.
ChangeLog:
2016/12/25 : 1.6.11
- BUILD: contrib: fix ip6range build on Centos 7
- BUG/MINOR: cli: fix pointer size when reporting data/transport layer name
- BUG/MINOR: cli: dequeue from the proxy when changing a maxconn
- BUG/MINOR: cli: wake up the CLI's task after a timeout update
- BUG/MINOR: freq-ctr: make swrate_add() support larger values
- BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos
- BUG/MAJOR: stream: fix session abort on resource shortage
- BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect
- BUG/MEDIUM: variables: some variable name can hide another ones
- BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full
- MINOR: applet: Count number of (active) applets
- MINOR: task: Rename run_queue and run_queue_cur counters
- BUG/MEDIUM: stream: Save unprocessed events for a stream
- BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled
- BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2)
- BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW
- DOC: lua: section declared twice
- DOC: fix small typo in fe_id (backend instead of frontend)
- BUG/MINOR: lua: memory leak executing tasks
- BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake
- BUG/MEDIUM: ssl: avoid double free when releasing bind_confs
- BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled
- BUG/MEDIUM: ssl: for a handshake when server-side SNI changes
- BUG/MINOR: systemd: potential zombie processes
2016/11/20 : 1.6.10
- BUG/MINOR: Fix OSX compilation errors
- BUG/MINOR: displayed PCRE version is running release
- MINOR: show Built with PCRE version
- MINOR: show Running on zlib version
- MINOR: Add fe_req_rate sample fetch
- MEDIUM: make SO_REUSEPORT configurable
- BUG/MINOR: vars: use sess and not s->sess in action_store()
- BUG/MINOR: vars: make smp_fetch_var() more robust against misuses
- BUG/MINOR: vars: smp_fetch_var() doesn't depend on HTTP but on the session
- BUG/MINOR: ssl: Check malloc return code
- BUG/MINOR: ssl: prevent multiple entries for the same certificate
- BUG/MINOR: systemd: make the wrapper return a non-null status code on error
- BUG/MINOR: systemd: always restore signals before execve()
- BUG/MINOR: systemd: check return value of calloc()
- MINOR: systemd: report it when execve() fails
- BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed
- BUILD: protocol: fix some build errors on OpenBSD
- BUILD: log: iovec requires to include sys/uio.h on OpenBSD
- BUILD: tcp: do not include netinet/ip.h for IP_TTL
- BUILD: checks: remove the last strcat and eliminate a warning on OpenBSD
- BUILD: poll: remove unused hap_fd_isset() which causes a warning with clang
- MINOR: cfgparse: few memory leaks fixes.
- MINOR: build: Allow linking to device-atlas library file
- DOC: Fix typo in description of `-st` parameter in man page
- BUG/MEDIUM: peers: on shutdown, wake up the appctx, not the stream
- BUG/MEDIUM: peers: fix use after free in peer_session_create()
- BUG/MEDIUM: systemd-wrapper: return correct exit codes
- BUG/MEDIUM: srv-state: properly restore the DRAIN state
- BUG/MINOR: srv-state: allow to have both CMAINT and FDRAIN flags
- BUG/MEDIUM: servers: properly propagate the maintenance states during startup
- BUG: vars: Fix 'set-var' converter because of a typo
- BUG/MEDIUM: channel: bad unlikely macro
- CLEANUP: lua: move comment
- CLEANUP: lua: control executed twice
- CLEANUP: ssl: Fix bind keywords name in comments
- DOC: ssl: Use correct wording for ca-sign-pass
- BUG/MINOR: stick-table: handle out-of-memory condition gracefully
- BUG/MEDIUM: connection: check the control layer before stopping polling
- BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory
- CONTRIB: initiate a debugging suite to make debugging easier
- BUG/MINOR: cli: properly decrement ref count on tables during failed dumps
- BUG/MEDIUM: lua: In some case, the return of sample-fetche is ignored
# Addressable 2.5.0
- dropping support for Ruby 1.9
- adding support for Ruby 2.4 preview
- add support for public suffixes and tld; first runtime dependency
- hostname escaping should match RFC; underscores in hostnames no longer escaped
- paths beginning with // and missing an authority are now considered invalid
- validation now also takes place after setting a path
- handle backslashes in authority more like a browser for `heuristic_parse`
- unescaped backslashes in host now raise an `InvalidURIError`
- `merge!`, `join!`, `omit!` and `normalize!` don't disable deferred validation
- `heuristic_parse` now trims whitespace before parsing
- host parts longer than 63 bytes will be ignored and not passed to libidn
- normalized values always encoded as UTF-8
* Update buildlink3.mk
* Update HOMEPAGE and MASTER_SITES
Changelog:
0.9.11:
Overall changes:
LibVNCServer/LibVNCClient development now uses continous intregration, provided by TravisCI.
LibVNCClient:
Now initializes libgcrypt before use if the application did not do it. Fixes a crash when connection to Mac hosts (#45).
Various fixes that result in more stable handling of malicious or broken servers.
Removed broken and unmaintained H264 decoding.
Some documentation fixes.
Added hooks to WriteToTLS() for optional protection by mutex.
LibVNCServer:
Stability fixes for the WebSocket implementation.
Replaced SHA1 implementation with the one from RFC 6234.
The built-in HTTP server does not allow directory traversals anymore.
The built-in HTTP now sends correct MIME types for CSS and SVG.
Added support for systemd socket activation.
Made it possible to get autoPort behavior with either ipv4 or ipv6 disabled.
Fixed starting of an onHold-client in threaded mode.
0.9.10:
Overall changes:
Moved the whole project from sourceforge to https://libvnc.github.io/.
Cleaned out the autotools build system which now uses autoreconf.
Updated noVNC HTML5 client to latest version.
Split out x11vnc sources into separate repository at https://github.com/LibVNC/x11vnc
Split out vncterm sources into separate repository at https://github.com/LibVNC/vncterm
Split out VisualNaCro sources into separate repository at https://github.com/LibVNC/VisualNaCro
Merged Debian patches.
LibVNCServer/LibVNCClient:
Fixed some security-related buffer overflow cases.
Added compatibility headers to make LibVNCServer/LibVNCClient build on native Windows 8.
Update LZO to version 2.07, fixing CVE-2014-4607.
LibVNCServer:
Merged patches from KDE/krfb.
Can now do IPv6 without IPv4.
Fixed a use-after-free issue in scale.c.
Updated provided by reezer (maintainer) in PR pkg/51745
Changes in version 0.2.9.8 - 2016-12-19
Tor 0.2.9.8 is the first stable release of the Tor 0.2.9 series.
The Tor 0.2.9 series makes mandatory a number of security features
that were formerly optional. It includes support for a new shared-
randomness protocol that will form the basis for next generation
hidden services, includes a single-hop hidden service mode for
optimizing .onion services that don't actually want to be hidden,
tries harder not to overload the directory authorities with excessive
downloads, and supports a better protocol versioning scheme for
improved compatibility with other implementations of the Tor protocol.
And of course, there are numerous other bugfixes and improvements.
This release also includes a fix for a medium-severity issue (bug
21018 below) where Tor clients could crash when attempting to visit a
hostile hidden service. Clients are recommended to upgrade as packages
become available for their systems.
Below are listed the changes since Tor 0.2.8.11. For a list of
changes since 0.2.9.7-rc, see the ChangeLog file.
o New system requirements:
- When building with OpenSSL, Tor now requires version 1.0.1 or
later. OpenSSL 1.0.0 and earlier are no longer supported by the
OpenSSL team, and should not be used. Closes ticket 20303.
- Tor now requires Libevent version 2.0.10-stable or later. Older
versions of Libevent have less efficient backends for several
platforms, and lack the DNS code that we use for our server-side
DNS support. This implements ticket 19554.
- Tor now requires zlib version 1.2 or later, for security,
efficiency, and (eventually) gzip support. (Back when we started,
zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was
released in 2003. We recommend the latest version.)
o Deprecated features:
- A number of DNS-cache-related sub-options for client ports are now
deprecated for security reasons, and may be removed in a future
version of Tor. (We believe that client-side DNS caching is a bad
idea for anonymity, and you should not turn it on.) The options
are: CacheDNS, CacheIPv4DNS, CacheIPv6DNS, UseDNSCache,
UseIPv4Cache, and UseIPv6Cache.
- A number of options are deprecated for security reasons, and may
be removed in a future version of Tor. The options are:
AllowDotExit, AllowInvalidNodes, AllowSingleHopCircuits,
AllowSingleHopExits, ClientDNSRejectInternalAddresses,
CloseHSClientCircuitsImmediatelyOnTimeout,
CloseHSServiceRendCircuitsImmediatelyOnTimeout,
ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup,
UseNTorHandshake, and WarnUnsafeSocks.
- The *ListenAddress options are now deprecated as unnecessary: the
corresponding *Port options should be used instead. These options
may someday be removed. The affected options are:
ControlListenAddress, DNSListenAddress, DirListenAddress,
NATDListenAddress, ORListenAddress, SocksListenAddress,
and TransListenAddress.
o Major bugfixes (parsing, security, new since 0.2.9.7-rc):
- Fix a bug in parsing that could cause clients to read a single
byte past the end of an allocated region. This bug could be used
to cause hardened clients (built with --enable-expensive-hardening)
to crash if they tried to visit a hostile hidden service. Non-
hardened clients are only affected depending on the details of
their platform's memory allocator. Fixes bug 21018; bugfix on
0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
2016-12-002 and as CVE-2016-1254.
o Major features (build, hardening):
- Tor now builds with -ftrapv by default on compilers that support
it. This option detects signed integer overflow (which C forbids),
and turns it into a hard-failure. We do not apply this option to
code that needs to run in constant time to avoid side-channels;
instead, we use -fwrapv in that code. Closes ticket 17983.
- When --enable-expensive-hardening is selected, stop applying the
clang/gcc sanitizers to code that needs to run in constant time.
Although we are aware of no introduced side-channels, we are not
able to prove that there are none. Related to ticket 17983.
o Major features (circuit building, security):
- Authorities, relays, and clients now require ntor keys in all
descriptors, for all hops (except for rare hidden service protocol
cases), for all circuits, and for all other roles. Part of
ticket 19163.
- Authorities, relays, and clients only use ntor, except for
rare cases in the hidden service protocol. Part of ticket 19163.
o Major features (compilation):
- Our big list of extra GCC warnings is now enabled by default when
building with GCC (or with anything like Clang that claims to be
GCC-compatible). To make all warnings into fatal compilation
errors, pass --enable-fatal-warnings to configure. Closes
ticket 19044.
- Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS to automatically
turn on C and POSIX extensions. (Previously, we attempted to do
this on an ad hoc basis.) Closes ticket 19139.
o Major features (directory authorities, hidden services):
- Directory authorities can now perform the shared randomness
protocol specified by proposal 250. Using this protocol, directory
authorities generate a global fresh random value every day. In the
future, this value will be used by hidden services to select
HSDirs. This release implements the directory authority feature;
the hidden service side will be implemented in the future as part
of proposal 224. Resolves ticket 16943; implements proposal 250.
o Major features (downloading, random exponential backoff):
- When we fail to download an object from a directory service, wait
for an (exponentially increasing) randomized amount of time before
retrying, rather than a fixed interval as we did before. This
prevents a group of Tor instances from becoming too synchronized,
or a single Tor instance from becoming too predictable, in its
download schedule. Closes ticket 15942.
o Major features (resource management):
- Tor can now notice it is about to run out of sockets, and
preemptively close connections of lower priority. (This feature is
off by default for now, since the current prioritizing method is
yet not mature enough. You can enable it by setting
"DisableOOSCheck 0", but watch out: it might close some sockets
you would rather have it keep.) Closes ticket 18640.
o Major features (single-hop "hidden" services):
- Add experimental HiddenServiceSingleHopMode and
HiddenServiceNonAnonymousMode options. When both are set to 1,
every hidden service on that Tor instance becomes a non-anonymous
Single Onion Service. Single Onions make one-hop (direct)
connections to their introduction and rendezvous points. One-hop
circuits make Single Onion servers easily locatable, but clients
remain location-anonymous. This is compatible with the existing
hidden service implementation, and works on the current Tor
network without any changes to older relays or clients. Implements
proposal 260, completes ticket 17178. Patch by teor and asn.
o Major features (subprotocol versions):
- Tor directory authorities now vote on a set of recommended
"subprotocol versions", and on a set of required subprotocol
versions. Clients and relays that lack support for a _required_
subprotocol version will not start; those that lack support for a
_recommended_ subprotocol version will warn the user to upgrade.
This change allows compatible implementations of the Tor protocol(s)
to exist without pretending to be 100% bug-compatible with
particular releases of Tor itself. Closes ticket 19958; implements
part of proposal 264.
o Major bugfixes (circuit building):
- Hidden service client-to-intro-point and service-to-rendezvous-
point circuits use the TAP key supplied by the protocol, to avoid
epistemic attacks. Fixes bug 19163; bugfix on 0.2.4.18-rc.
o Major bugfixes (download scheduling):
- Avoid resetting download status for consensuses hourly, since we
already have another, smarter retry mechanism. Fixes bug 8625;
bugfix on 0.2.0.9-alpha.
- If a consensus expires while we are waiting for certificates to
download, stop waiting for certificates.
- If we stop waiting for certificates less than a minute after we
started downloading them, do not consider the certificate download
failure a separate failure. Fixes bug 20533; bugfix
on 0.2.0.9-alpha.
- When using exponential backoff in test networks, use a lower
exponent, so the delays do not vary as much. This helps test
networks bootstrap consistently. Fixes bug 20597; bugfix on 20499.
o Major bugfixes (exit policies):
- Avoid disclosing exit outbound bind addresses, configured port
bind addresses, and local interface addresses in relay descriptors
by default under ExitPolicyRejectPrivate. Instead, only reject
these (otherwise unlisted) addresses if
ExitPolicyRejectLocalInterfaces is set. Fixes bug 18456; bugfix on
0.2.7.2-alpha. Patch by teor.
o Major bugfixes (hidden services):
- Allow Tor clients with appropriate controllers to work with
FetchHidServDescriptors set to 0. Previously, this option also
disabled descriptor cache lookup, thus breaking hidden services
entirely. Fixes bug 18704; bugfix on 0.2.0.20-rc. Patch by "twim".
- Clients now require hidden services to include the TAP keys for
their intro points in the hidden service descriptor. This prevents
an inadvertent upgrade to ntor, which a malicious hidden service
could use to distinguish clients by consensus version. Fixes bug
20012; bugfix on 0.2.4.8-alpha. Patch by teor.
o Major bugfixes (relay, resolver, logging):
- For relays that don't know their own address, avoid attempting a
local hostname resolve for each descriptor we download. This
will cut down on the number of "Success: chose address 'x.x.x.x'"
log lines, and also avoid confusing clock jumps if the resolver
is slow. Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha.
o Minor features (port flags):
- Add new flags to the *Port options to give finer control over which
requests are allowed. The flags are NoDNSRequest, NoOnionTraffic,
and the synthetic flag OnionTrafficOnly, which is equivalent to
NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic. Closes enhancement
18693; patch by "teor".
o Minor features (build, hardening):
- Detect and work around a libclang_rt problem that would prevent
clang from finding __mulodi4() on some 32-bit platforms, and thus
keep -ftrapv from linking on those systems. Closes ticket 19079.
- When building on a system without runtime support for the runtime
hardening options, try to log a useful warning at configuration
time, rather than an incomprehensible warning at link time. If
expensive hardening was requested, this warning becomes an error.
Closes ticket 18895.
o Minor features (client, directory):
- Since authorities now omit all routers that lack the Running and
Valid flags, we assume that any relay listed in the consensus must
have those flags. Closes ticket 20001; implements part of
proposal 272.
o Minor features (code safety):
- In our integer-parsing functions, ensure that the maximum value we
allow is no smaller than the minimum value. Closes ticket 19063;
patch from "U+039b".
o Minor features (compilation, portability):
- Compile correctly on MacOS 10.12 (aka "Sierra"). Closes
ticket 20241.
o Minor features (config):
- Warn users when descriptor and port addresses are inconsistent.
Mitigates bug 13953; patch by teor.
o Minor features (controller):
- Allow controllers to configure basic client authorization on
hidden services when they create them with the ADD_ONION controller
command. Implements ticket 15588. Patch by "special".
- Fire a STATUS_SERVER controller event whenever the hibernation
status changes between "awake"/"soft"/"hard". Closes ticket 18685.
- Implement new GETINFO queries for all downloads that use
download_status_t to schedule retries. This allows controllers to
examine the schedule for pending downloads. Closes ticket 19323.
o Minor features (development tools, etags):
- Teach the "make tags" Makefile target how to correctly find
"MOCK_IMPL" function definitions. Patch from nherring; closes
ticket 16869.
o Minor features (directory authority):
- After voting, if the authorities decide that a relay is not
"Valid", they no longer include it in the consensus at all. Closes
ticket 20002; implements part of proposal 272.
- Directory authorities now only give the Guard flag to a relay if
they are also giving it the Stable flag. This change allows us to
simplify path selection for clients. It should have minimal effect
in practice, since >99% of Guards already have the Stable flag.
Implements ticket 18624.
- Directory authorities now write their v3-status-votes file out to
disk earlier in the consensus process, so we have a record of the
votes even if we abort the consensus process. Resolves
ticket 19036.
o Minor features (fallback directory list, new since 0.2.9.7-rc):
- Replace the 81 remaining fallbacks of the 100 originally
introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177
fallbacks (123 new, 54 existing, 27 removed) generated in December
2016. Resolves ticket 20170.
o Minor features (hidden service):
- Stop being so strict about the payload length of "rendezvous1"
cells. We used to be locked in to the "TAP" handshake length, and
now we can handle better handshakes like "ntor". Resolves
ticket 18998.
o Minor features (infrastructure, time):
- Tor now includes an improved timer backend, so that we can
efficiently support tens or hundreds of thousands of concurrent
timers, as will be needed for some of our planned anti-traffic-
analysis work. This code is based on William Ahern's "timeout.c"
project, which implements a "tickless hierarchical timing wheel".
Closes ticket 18365.
- Tor now uses the operating system's monotonic timers (where
available) for internal fine-grained timing. Previously we would
look at the system clock, and then attempt to compensate for the
clock running backwards. Closes ticket 18908.
o Minor features (logging):
- Add a set of macros to check nonfatal assertions, for internal
use. Migrating more of our checks to these should help us avoid
needless crash bugs. Closes ticket 18613.
- Provide a more useful warning message when configured with an
invalid Nickname. Closes ticket 18300; patch from "icanhasaccount".
- When dumping unparseable router descriptors, optionally store them
in separate files, named by digest, up to a configurable size
limit. You can change the size limit by setting the
MaxUnparseableDescSizeToLog option, and disable this feature by
setting that option to 0. Closes ticket 18322.
o Minor features (performance):
- Change the "optimistic data" extension from "off by default" to
"on by default". The default was ordinarily overridden by a
consensus option, but when clients were bootstrapping for the
first time, they would not have a consensus to get the option
from. Changing this default saves a round-trip during startup.
Closes ticket 18815.
o Minor features (relay, usability):
- When the directory authorities refuse a bad relay's descriptor,
encourage the relay operator to contact us. Many relay operators
won't notice this line in their logs, but it's a win if even a few
learn why we don't like what their relay was doing. Resolves
ticket 18760.
o Minor features (security, TLS):
- Servers no longer support clients that lack AES ciphersuites.
(3DES is no longer considered an acceptable cipher.) We believe
that no such Tor clients currently exist, since Tor has required
OpenSSL 0.9.7 or later since 2009. Closes ticket 19998.
o Minor features (testing):
- Disable memory protections on OpenBSD when performing our unit
tests for memwipe(). The test deliberately invokes undefined
behavior, and the OpenBSD protections interfere with this. Patch
from "rubiate". Closes ticket 20066.
- Move the test-network.sh script to chutney, and modify tor's test-
network.sh to call the (newer) chutney version when available.
Resolves ticket 19116. Patch by teor.
- Use the lcov convention for marking lines as unreachable, so that
we don't count them when we're generating test coverage data.
Update our coverage tools to understand this convention. Closes
ticket 16792.
- Our link-handshake unit tests now check that when invalid
handshakes fail, they fail with the error messages we expected.
- Our unit testing code that captures log messages no longer
prevents them from being written out if the user asked for them
(by passing --debug or --info or --notice or --warn to the "test"
binary). This change prevents us from missing unexpected log
messages simply because we were looking for others. Related to
ticket 19999.
- The unit tests now log all warning messages with the "BUG" flag.
Previously, they only logged errors by default. This change will
help us make our testing code more correct, and make sure that we
only hit this code when we mean to. In the meantime, however,
there will be more warnings in the unit test logs than before.
This is preparatory work for ticket 19999.
- The unit tests now treat any failure of a "tor_assert_nonfatal()"
assertion as a test failure.
- We've done significant work to make the unit tests run faster.
o Minor features (testing, ipv6):
- Add the hs-ipv6 chutney target to make test-network-all's IPv6
tests. Remove bridges+hs, as it's somewhat redundant. This
requires a recent chutney version that supports IPv6 clients,
relays, and authorities. Closes ticket 20069; patch by teor.
- Add the single-onion and single-onion-ipv6 chutney targets to
"make test-network-all". This requires a recent chutney version
with the single onion network flavors (git c72a652 or later).
Closes ticket 20072; patch by teor.
o Minor features (Tor2web):
- Make Tor2web clients respect ReachableAddresses. This feature was
inadvertently enabled in 0.2.8.6, then removed by bugfix 19973 on
0.2.8.7. Implements feature 20034. Patch by teor.
o Minor features (unix domain sockets):
- When configuring a unix domain socket for a SocksPort,
ControlPort, or Hidden service, you can now wrap the address in
quotes, using C-style escapes inside the quotes. This allows unix
domain socket paths to contain spaces. Resolves ticket 18753.
o Minor features (user interface):
- Tor now supports the ability to declare options deprecated, so
that we can recommend that people stop using them. Previously, this
was done in an ad-hoc way. There is a new --list-deprecated-options
command-line option to list all of the deprecated options. Closes
ticket 19820.
o Minor features (virtual addresses):
- Increase the maximum number of bits for the IPv6 virtual network
prefix from 16 to 104. In this way, the condition for address
allocation is less restrictive. Closes ticket 20151; feature
on 0.2.4.7-alpha.
o Minor bug fixes (circuits):
- Use the CircuitBuildTimeout option whenever
LearnCircuitBuildTimeout is disabled. Previously, we would respect
the option when a user disabled it, but not when it was disabled
because some other option was set. Fixes bug 20073; bugfix on
0.2.4.12-alpha. Patch by teor.
o Minor bugfixes (build):
- The current Git revision when building from a local repository is
now detected correctly when using git worktrees. Fixes bug 20492;
bugfix on 0.2.3.9-alpha.
o Minor bugfixes (relay address discovery):
- Stop reordering IP addresses returned by the OS. This makes it
more likely that Tor will guess the same relay IP address every
time. Fixes issue 20163; bugfix on 0.2.7.1-alpha, ticket 17027.
Reported by René Mayrhofer, patch by "cypherpunks".
o Minor bugfixes (memory allocation):
- Change how we allocate memory for large chunks on buffers, to
avoid a (currently impossible) integer overflow, and to waste less
space when allocating unusually large chunks. Fixes bug 20081;
bugfix on 0.2.0.16-alpha. Issue identified by Guido Vranken.
o Minor bugfixes (bootstrap):
- Remember the directory server we fetched the consensus or previous
certificates from, and use it to fetch future authority
certificates. This change improves bootstrapping performance.
Fixes bug 18963; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (circuits):
- Make sure extend_info_from_router() is only called on servers.
Fixes bug 19639; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (client, fascistfirewall):
- Avoid spurious warnings when ReachableAddresses or FascistFirewall
is set. Fixes bug 20306; bugfix on 0.2.8.2-alpha.
o Minor bugfixes (client, unix domain sockets):
- Disable IsolateClientAddr when using AF_UNIX backed SocksPorts as
the client address is meaningless. Fixes bug 20261; bugfix
on 0.2.6.3-alpha.
o Minor bugfixes (code style):
- Fix an integer signedness conversion issue in the case conversion
tables. Fixes bug 19168; bugfix on 0.2.1.11-alpha.
o Minor bugfixes (compilation):
- Build correctly on versions of libevent2 without support for
evutil_secure_rng_add_bytes(). Fixes bug 19904; bugfix
on 0.2.5.4-alpha.
- When building with Clang, use a full set of GCC warnings.
(Previously, we included only a subset, because of the way we
detected them.) Fixes bug 19216; bugfix on 0.2.0.1-alpha.
- Detect Libevent2 functions correctly on systems that provide
libevent2, but where libevent1 is linked with -levent. Fixes bug
19904; bugfix on 0.2.2.24-alpha. Patch from Rubiate.
- Run correctly when built on Windows build environments that
require _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha.
o Minor bugfixes (configuration):
- When parsing quoted configuration values from the torrc file,
handle Windows line endings correctly. Fixes bug 19167; bugfix on
0.2.0.16-alpha. Patch from "Pingl".
o Minor bugfixes (directory authority):
- Authorities now sort the "package" lines in their votes, for ease
of debugging. (They are already sorted in consensus documents.)
Fixes bug 18840; bugfix on 0.2.6.3-alpha.
- Die with a more useful error when the operator forgets to place
the authority_signing_key file into the keys directory. This
avoids an uninformative assert & traceback about having an invalid
key. Fixes bug 20065; bugfix on 0.2.0.1-alpha.
- When allowing private addresses, mark Exits that only exit to
private locations as such. Fixes bug 20064; bugfix
on 0.2.2.9-alpha.
- When parsing a detached signature, make sure we use the length of
the digest algorithm instead of a hardcoded DIGEST256_LEN in
order to avoid comparing bytes out-of-bounds with a smaller digest
length such as SHA1. Fixes bug 19066; bugfix on 0.2.2.6-alpha.
o Minor bugfixes (getpass):
- Defensively fix a non-triggerable heap corruption at do_getpass()
to protect ourselves from mistakes in the future. Fixes bug
19223; bugfix on 0.2.7.3-rc. Bug found by Guido Vranken, patch
by nherring.
o Minor bugfixes (guard selection):
- Don't mark guards as unreachable if connection_connect() fails.
That function fails for local reasons, so it shouldn't reveal
anything about the status of the guard. Fixes bug 14334; bugfix
on 0.2.3.10-alpha.
- Use a single entry guard even if the NumEntryGuards consensus
parameter is not provided. Fixes bug 17688; bugfix
on 0.2.5.6-alpha.
o Minor bugfixes (hidden services):
- Increase the minimum number of internal circuits we preemptively
build from 2 to 3, so a circuit is available when a client
connects to another onion service. Fixes bug 13239; bugfix
on 0.1.0.1-rc.
- Allow hidden services to run on IPv6 addresses even when the
IPv6Exit option is not set. Fixes bug 18357; bugfix
on 0.2.4.7-alpha.
- Stop logging intro point details to the client log on certain
error conditions. Fixed as part of bug 20012; bugfix on
0.2.4.8-alpha. Patch by teor.
- When deleting an ephemeral hidden service, close its intro points
even if they are not completely open. Fixes bug 18604; bugfix
on 0.2.7.1-alpha.
- When configuring hidden services, check every hidden service
directory's permissions. Previously, we only checked the last
hidden service. Fixes bug 20529; bugfix on 0.2.6.2-alpha.
o Minor bugfixes (IPv6, testing):
- Check for IPv6 correctly on Linux when running test networks.
Fixes bug 19905; bugfix on 0.2.7.3-rc; patch by teor.
o Minor bugfixes (Linux seccomp2 sandbox):
- Add permission to run the sched_yield() and sigaltstack() system
calls, in order to support versions of Tor compiled with asan or
ubsan code that use these calls. Now "sandbox 1" and
"--enable-expensive-hardening" should be compatible on more
systems. Fixes bug 20063; bugfix on 0.2.5.1-alpha.
o Minor bugfixes (logging):
- Downgrade a harmless log message about the
pending_entry_connections list from "warn" to "info". Mitigates
bug 19926.
- Log a more accurate message when we fail to dump a microdescriptor.
Fixes bug 17758; bugfix on 0.2.2.8-alpha. Patch from Daniel Pinto.
- When logging a directory ownership mismatch, log the owning
username correctly. Fixes bug 19578; bugfix on 0.2.2.29-beta.
- When we are unable to remove the bw_accounting file, do not warn
if the reason we couldn't remove it was that it didn't exist.
Fixes bug 19964; bugfix on 0.2.5.4-alpha. Patch from pastly.
o Minor bugfixes (memory leak):
- Fix a series of slow memory leaks related to parsing torrc files
and options. Fixes bug 19466; bugfix on 0.2.1.6-alpha.
- Avoid a small memory leak when informing worker threads about
rotated onion keys. Fixes bug 20401; bugfix on 0.2.6.3-alpha.
- Fix a small memory leak when receiving AF_UNIX connections on a
SocksPort. Fixes bug 20716; bugfix on 0.2.6.3-alpha.
- When moving a signed descriptor object from a source to an
existing destination, free the allocated memory inside that
destination object. Fixes bug 20715; bugfix on 0.2.8.3-alpha.
- Fix a memory leak and use-after-free error when removing entries
from the sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on
0.2.5.5-alpha. Patch from "cypherpunks".
- Fix a small, uncommon memory leak that could occur when reading a
truncated ed25519 key file. Fixes bug 18956; bugfix
on 0.2.6.1-alpha.
o Minor bugfixes (option parsing):
- Count unix sockets when counting client listeners (SOCKS, Trans,
NATD, and DNS). This has no user-visible behavior changes: these
options are set once, and never read. Required for correct
behavior in ticket 17178. Fixes bug 19677; bugfix on
0.2.6.3-alpha. Patch by teor.
o Minor bugfixes (options):
- Check the consistency of UseEntryGuards and EntryNodes more
reliably. Fixes bug 20074; bugfix on 0.2.4.12-alpha. Patch
by teor.
- Stop changing the configured value of UseEntryGuards on
authorities and Tor2web clients. Fixes bug 20074; bugfix on
commits 51fc6799 in 0.1.1.16-rc and acda1735 in 0.2.4.3-alpha.
Patch by teor.
o Minor bugfixes (relay):
- Ensure relays don't make multiple connections during bootstrap.
Fixes bug 20591; bugfix on 0.2.8.1-alpha.
- Do not try to parallelize workers more than 16x without the user
explicitly configuring us to do so, even if we do detect more than
16 CPU cores. Fixes bug 19968; bugfix on 0.2.3.1-alpha.
o Minor bugfixes (testing):
- The test-stem and test-network makefile targets now depend only on
the tor binary that they are testing. Previously, they depended on
"make all". Fixes bug 18240; bugfix on 0.2.8.2-alpha. Based on a
patch from "cypherpunks".
- Allow clients to retry HSDirs much faster in test networks. Fixes
bug 19702; bugfix on 0.2.7.1-alpha. Patch by teor.
- Avoid a unit test failure on systems with over 16 detectable CPU
cores. Fixes bug 19968; bugfix on 0.2.3.1-alpha.
- Let backtrace tests work correctly under AddressSanitizer:
disable ASAN's detection of segmentation faults while running
test_bt.sh, so that we can make sure that our own backtrace
generation code works. Fixes bug 18934; bugfix
on 0.2.5.2-alpha. Patch from "cypherpunks".
- Fix the test-network-all target on out-of-tree builds by using the
correct path to the test driver script. Fixes bug 19421; bugfix
on 0.2.7.3-rc.
- Stop spurious failures in the local interface address discovery
unit tests. Fixes bug 20634; bugfix on 0.2.8.1-alpha; patch by
Neel Chauhan.
- Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has
removed the ECDH ciphers which caused the tests to fail on
platforms which use it. Fixes bug 20460; bugfix on 0.2.8.1-alpha.
- The tor_tls_server_info_callback unit test no longer crashes when
debug-level logging is turned on. Fixes bug 20041; bugfix
on 0.2.8.1-alpha.
o Minor bugfixes (time):
- Improve overflow checks in tv_udiff and tv_mdiff. Fixes bug 19483;
bugfix on all released tor versions.
- When computing the difference between two times in milliseconds,
we now round to the nearest millisecond correctly. Previously, we
could sometimes round in the wrong direction. Fixes bug 19428;
bugfix on 0.2.2.2-alpha.
o Minor bugfixes (Tor2web):
- Prevent Tor2web clients from running hidden services: these services
are not anonymous due to the one-hop client paths. Fixes bug
19678. Patch by teor.
o Minor bugfixes (user interface):
- Display a more accurate number of suppressed messages in the log
rate-limiter. Previously, there was a potential integer overflow
in the counter. Now, if the number of messages hits a maximum, the
rate-limiter doesn't count any further. Fixes bug 19435; bugfix
on 0.2.4.11-alpha.
- Fix a typo in the passphrase prompt for the ed25519 identity key.
Fixes bug 19503; bugfix on 0.2.7.2-alpha.
o Code simplification and refactoring:
- Remove redundant declarations of the MIN macro. Closes
ticket 18889.
- Rename tor_dup_addr() to tor_addr_to_str_dup() to avoid confusion.
Closes ticket 18462; patch from "icanhasaccount".
- Split the 600-line directory_handle_command_get function into
separate functions for different URL types. Closes ticket 16698.
o Documentation:
- Add module-level internal documentation for 36 C files that
previously didn't have a high-level overview. Closes ticket 20385.
- Correct the IPv6 syntax in our documentation for the
VirtualAddrNetworkIPv6 torrc option. Closes ticket 19743.
- Correct the minimum bandwidth value in torrc.sample, and queue a
corresponding change for torrc.minimal. Closes ticket 20085.
- Fix spelling of "--enable-tor2web-mode" in the manpage. Closes
ticket 19153. Patch from "U+039b".
- Module-level documentation for several more modules. Closes
tickets 19287 and 19290.
- Document the --passphrase-fd option in the tor manpage. Fixes bug
19504; bugfix on 0.2.7.3-rc.
- Document the default PathsNeededToBuildCircuits value that's used
by clients when the directory authorities don't set
min_paths_for_circs_pct. Fixes bug 20117; bugfix on 0.2.4.10-alpha.
Patch by teor, reported by Jesse V.
- Fix manual for the User option: it takes a username, not a UID.
Fixes bug 19122; bugfix on 0.0.2pre16 (the first version to have
a manpage!).
- Fix the description of the --passphrase-fd option in the
tor-gencert manpage. The option is used to pass the number of a
file descriptor to read the passphrase from, not to read the file
descriptor from. Fixes bug 19505; bugfix on 0.2.0.20-alpha.
o Removed code:
- We no longer include the (dead, deprecated) bufferevent code in
Tor. Closes ticket 19450. Based on a patch from "U+039b".
o Removed features:
- Remove support for "GET /tor/bytes.txt" DirPort request, and
"GETINFO dir-usage" controller request, which were only available
via a compile-time option in Tor anyway. Feature was added in
0.2.2.1-alpha. Resolves ticket 19035.
- There is no longer a compile-time option to disable support for
TransPort. (If you don't want TransPort, just don't use it.) Patch
from "U+039b". Closes ticket 19449.
o Testing:
- Run more workqueue tests as part of "make check". These had
previously been implemented, but you needed to know special
command-line options to enable them.
- We now have unit tests for our code to reject zlib "compression
bombs". (Fortunately, the code works fine.)
Version 1.0.10
- Use stun 1.0.9
- Use fast_tls 1.0.9
Version 1.0.9
- Use p1_utils 1.0.6
- Make sure esip_codec isn't compiled to native code
- Update fast_tls and stun
This is a hotfix release to fix connectivity issues between 0.14.17 and previous Syncthing releases.
Resolved issues:
#3855: Connections to older Syncthing versions are no longer closed due to unmarshalling message: proto: wrong wireType = 2 for field BlockIndexes.
Changelog:
Add SHA256 support for server cert hashes.
Enable DHE ciphers for Cisco DTLS.
Increase initial oNCP configuration buffer size.
Reopen CONIN$ when stdin is redirected on Windows.
Improve support for point-to-point routing on Windows.
Check for non-resumed DTLS sessions which may indicate a MiTM attack.
Add TUNIDX environment variable on Windows.
Fix compatibility with Pulse Secure 8.2R5.
Fix IPv6 support in Solaris.
Support DTLS automatic negotiation.
Support --key-password for GnuTLS PKCS#11 PIN.
Support automatic DTLS MTU detection with OpenSSL.
Drop support for combined GnuTLS/OpenSSL build.
Update OpenSSL to allow TLSv1.2, improve compatibility options.
Remove --no-cert-check option. It was being (mis)used.
Fix OpenSSL support for PKCS#11 EC keys without public key.
Support for final OpenSSL 1.1 release.
Fix polling/retry on "tun" socket when buffers full.
Fix AnyConnect server-side MTU setting.
Fix ESP replay detection.
Allow build with LibreSSL (for fetishists only; do not use this as DTLS is broken).
Add certificate torture test suite.
Support PKCS#11 PIN via pin-value= and --key-password for OpenSSL.
Fix integer overflow issues with ESP packet replay detection.
Add --pass-tos option as in OpenVPN.
Support rôle selection form in Juniper VPN.
Support DER-format certificates, add certificate format torture tests.
For OpenSSL >= 1.0.2, fix certificate validation when only an intermediate CA is specified with the --cafile option.
Support Juniper "Pre Sign-in Message".
3.23.0.2 (2016-12-06)
Bugfixes and minor changes:
Key file paths entered in the Site Manager are now saved to corresponding server entries in the transfer queue
MSW: Work around a bug in wxWidgets causing bad icons in the remote directory tree due to wxImageList::GetBitmap errorneously stripping the alpha channel from images
Allow relative paths and environment variables in the "Cache directory" setting.
3.23.0.1 (2016-12-06)
Bugfixes and minor changes:
Work around a bug in wxWidgets that has been causing a virtually infinite loop when deleting toolbar buttons
3.23.0 (2016-12-05)
Bugfixes and minor changes:
Speed up icon scaling and cache scaled icons for faster subsequent loading. The cache directory can be changed through fzdefaults.xml using the "Cache directory" setting
OS X: Fixed icon display on high-DPI displays in a few more dialogs
Loading a corrupted layout.xml or search.xml no longer shows an error message, these files are now silently overwritten
MSW: Fixed a regression where UNC paths where not handled correctly as config location in fzdefaults.xml
3.23.0-rc1 (2016-11-28)
New features:
New high-resolution icons
Improvements to the sizing of icons and other user interface elements on high-DPI displays. For technical reasons, existing theme settings have been reverted to their default values. They can be changed again in the settings dialog.
Make use of the Unix.ownername and Unix.groupname facts for MLSD if available
Bugfixes and minor changes:
The bookmarks menu updates again after changing global bookmarks
Adding a site to the Site Manager as part of adding a site-specific bookmark no longer fails if sitemanager.xml does not yet exist
Strip byte order marks at the beginning of directory listings
Add an option to filezilla.xml to control cache ttl
3.22.2.2 (2016-11-01)
Bugfixes and minor changes:
Fixed trimming of FEAT response lines leading to incorrectly detected server features
3.22.2.1 (2016-11-01)
Bugfixes and minor changes:
OS X: Rebuilt to work around a nasty bug in XCode: Even when linking with -Wl,-no-weak-imports it links against functions not available on older OS X versions
Fixed a crash on exotic servers only implementing factless MLST/MLSD
3.22.2 (2016-11-01)
Bugfixes and minor changes:
Tuned appearance of progress bar in transfer queue
3.22.2-rc2 (2016-10-28)
Bugfixes and minor changes:
SFTP: Renaming a file or directory where the new name already refers to a directory no longer moves the file into this directory.
Fix regression from -rc1 with custom ports in the quickconnect bar
Fix regression from -rc1 parsing the EPSV reply
3.22.2-rc1 (2016-10-25)
New features:
Building and running FileZilla now depends on libfilezilla >= 0.8.0 (https://lib.filezilla-project.org/).
Bugfixes and minor changes:
Non-existing key files are no longer silently dropped from the SFTP page in the settings dialog
Further abbreviate log output if transferring files using SFTP
Generic proxy usernames and passwords containing non-ASCII characters are again handled correctly
Fixed an assertion if Ctrl+A is pressed in an empty file list
*nix: Fixed color of status message in the message log
*nix, OS X: Fixed an assertion adding files to the queue after having selected a large range of items
*nix, OS X: Fixed an assertion due to a timing issue when renaming local files
3.22.1 (2016-10-03)
Bugfixes and minor changes:
OS X: Work around a nasty bug in XCode where programs explicitly compiled for older versions of OS X were silently pulling in features exclusive to the new version, resulting in crashes at runtime
Fixed a potential crash when using SFTP
3.22.0 (2016-10-01)
Bugfixes and minor changes:
Bookmarks with the "Directory comparison" checkbox set now work correctly
MSW: Fix background clearing issue on the size format settings page
MSW: Toggling the log timestamp option no longer results in wrong log colors
Fix for premature queue completion action
3.22.0-rc1 (2016-09-24)
New features:
Directory listing filters can now be exported and imported
Added the "not all" filter match type to filter out all items not matching all conditions
Added the "not all" search match type to search for all items not matching all conditions
Building and running FileZilla now depends on libfilezilla >= 0.7.0 (https://lib.filezilla-project.org/).
Building and running FileZilla now depends on GnuTLS >= 3.4.15
Bugfixes and minor changes:
Speed up creation of socket and file i/o threads through the use of a thread pool
Replace invalid characters in filenames when calculating the local filename for editing remote files
The updater can now handle HTTPS servers that redirect to other HTTPS servers
SFTP: Try password based login if a password-protected keyfile is rejected by the server instead of failing the login
MSW: Tee shell extension now supports long paths on Windows 10
2016-11-28 - libfilezilla 0.9.0 released
New features:
Added parameter to fz::to_integral to specify which value is
returned on error.
Added fz::remove_file
Added fz::hex_encode and fz::hex_decode
2016-10-25 - libfilezilla 0.8.0 released
New features:
Added fz::str_toupper_ascii to complement fz::str_tolower_ascii
Added fz::trim and fz::trimmed for removing leading and trailing
whitespace from string
Added fz::str_is_ascii
Bugfixes and minor changes:
Fixed zero-padding for x and X string format conversion specifiers
2016-10-03 - libfilezilla 0.7.1 released
Bugfixes and minor changes:
OS X: Work around a nasty bug in XCode where programs explicitly
compiled for older versions of OS X were silently pulling in
features exclusive to the new version, resulting in crashes at
runtime
MSW: Fix detection of thread creation failures
**** 1.07 December 29, 2016
Fix rt.cpan.org #118598/#108908
Serious Makefile.PL issues
"make install" now suppressed if pre-1.01 version detected
Fix rt.cpan.org #115558
Net::DNS::Nameserver does not allow EDNS replies
Fix rt.cpan.org #114917
Net::DNS::ZoneFile fails to parse mixed case mnemonics
Fix rt.cpan.org #114876
Use of uninitialized value in lc at MSWin32.pm line 77
Fix rt.cpan.org #114819
Net::DNS fails to compile with taint checks enabled
* Update HOMEPAGE
Chagnelog:
aria2 1.30.0
============
Release Note
------------
This release fixes several bugs. See Changes below for detailed bug
fixes. This release adds an ability to expand `${HOME}` to user's
home directory in several options. It would be useful when used in
configuration file. -S option against torrent file now prints out DHT
nodes.
Changes
-------
* mingw: Use sqlite 3.15.2
* Fix bug that --disable-websocket causes build error
* Fix bug that lower bound of optimize-concurrent-downloads becomes 1
GH-798
* Print DHT nodes with -S option
GH-795
* Take into account address family when resolving DHT node address
GH-794
* Allow block device file to -i option
GH-785
* Expand `${HOME}` to user's home directory in several options
The following options implement this substitution:
* --ca-certificate
* --certificate
* --dht-file-path
* --dht-file-path6
* --dir
* --input-file
* --load-cookies
* --log
* --metalink-file
* --netrc-path
* --on-bt-download-complete
* --on-download-complete
* --on-download-error
* --on-download-start
* --on-download-stop
* --on-download_pause
* --out
* --private-key
* --rpc-certificate
* --rpc-private-key
* --save-cookies
* --save-session
* --server-stat-if
* --server-stat-of
* --torrent-file
GH-780
* Document that libaria2 is not thread safe
GH-775
* configure: Use pkg-config to find libs whenever possible
Use pkg-config to find cppunit, libxml2 and expat. All those
libraries provide pkg-config files, and in all of those cases the
pkg-config macro is superior to the custom macros used currently.
The advantages of pkg-config files include:
- Explicit static linking support via --static. Currently, e.g.
'xml2-config --libs' prints all libraries needed for static
linking when doing dynamic linking unnecessary, resulting in
unnecessary direct deps.
- Better cross-build support. You don't have to build the additional
*-config tools for target.
- Better multilib support. Per-ABI pkgconfig directories are
commonly supported while packages usually fail to look for
per-CHOST *-config variants.
- Better override support. The current macros allow little to no
result overrides, the pkg-config macros let you pass FOO_CFLAGS
and FOO_LIBS manually.
- Cleaner version checks. The code used in libxml.m4 is really
creepy.
Patch from Michał Górny
GH-773
* WinTLS: Rewrite writeData
We re-wrote WinTLSSession::writeData. The major points are:
* Buffer is now preallocated once handshake is finished.
Previously, they are allocated each time when we send one TLS
record.
* Schannel uses header, body and trailer for each secBuffer. Now we
send them off at once using WSASend which is windows counterpart
of sendv. Previously, we do memmove if some of them are
truncated.
* We don't try to send application data in
WinTLSSession::closeConnection, since semantically we need same
application data used to create TLS record before. Using 0 length
data to finish sending buffered data looks like a hack.
GH-772
This is a normally scheduled feature and bugfix release.
Resolved issues:
#3689: Panics caused by corrupt on disk database are now better explained in the panic message.
#3817: Statically configured device addresses without port number now correctly defaults to port 22000 again.
#3829: Inotify clients no longer cause 'invalid subpath' errors to be displayed.
New and improved functionality:
#215: Folders can now be paused.
#2679: "Master" folders are now called "send only" in order to standardize on a terminology of sending and receiving changes.
#3407: Pausing devices and folders now persists across restarts.
#3527: A rolling checksum is used to identify and reuse blocks that have moved within a file.
#3790: Syncthing allows setting the type-of-service field on outgoing packets, configured by the advanced setting "trafficClass".
#3809: Which device introduced another device is now visible in the GUI.
Upstream changes:
# mikutter 3.5.0
Changes from alpha2
* update po translations
* cannot open URLs if Entity info is not sent by Twitter
* crash on clicking timestamp in message detail view
* crash with Ruby 2.1
# mikutter 3.5.0-alpha2
* deprecated warnings against continuation
* crash on changing keybind of mikutter commands
* remove unnecessary Model display settings
* print not only username but also screenname in Activity
* print post user for related resources in Tweet Activity
* omit permanent link to Tweet in Tweet Activity
* Resoerver no longer creates unnecesary Thread
ios.pm: filter license registration timestamp
fnrancid: filter oscillating md5-keys
par.c: fix misplaced pointer deref
3.6
rancid.pm: ipaddrval() if IPv6 prefix length is missing, simply set 128.
*login: in_proc must be global in expect_after. had trouble reproducing
the original error, but this should be the correct fix.
xlogin: escape the * in lastprompt - Mattieu Beretti
*login: change handling of ssh key-related prompts to one line at a time
to eliminate timing-related problem.
alogin: login() eat one line at a time
a10login: remove the aflex-specific stuff. This is the wrong way to
do this and it doesn't work properly anyway.
control_rancid: create <group>/configs if it does not exist
hrancid: use rancid.pm (removes code duplication)
rancid.pm: check for existence of functions for given device type after
loading the modules for the type. return failure if any are missing.
par: add -FH options
rancid.types.conf, iosshtech.pm: Add device type ciscoshtech for
example purposes
acos.pm: filter trailing WS & recognize incomplete/invalid command
error in basicFilter()
acos.pm: filter trailing WS in ShowAflex()
acos.pm: 'show vlan' is 'show vlans' in ACOS 4.x.
acos.pm: Add cmd 'show partition-config all' for ACOS 4.x, where
'show running-config all-partitions' does not work.
acos.pm: recognize invalid cmd error in ShowRunningConfig() and filter
the config size comment
fnlogin: missing "end" to exit global mode for -[csx] - Richard Goode
plogin: add -m & -M
rancid.pm: missing variable initialization
nxos.pm: fix bug in recognizing the end of an access-list
hlogin: set tty init options when there is no controlling tty and set
set the term width to 132 when there is no controlling tty and for -[sc]
so that the hp device does not wrap lines.
ios.pm: also filter IPv6 PDP addresses - Reuben Farrelly
ios.pm: evaluation license periods are displayed differently
lg: Add show interface optics
iosxr.pm: More useless FPD messages
junos.pm: handle a transient cmd protocol failure seen in show version
control_rancid: use git ls-files instead of git status for .gitignore
and <group>/rancid.conf
fnrancid: fix formatting around removal of private-keys
bigip.pm: filter snmpv3 oscillating auth-password-encrypted
iosxr.pm: filter useless FPD upgrade message
=============
Features:
---------
- Added generic EDNS code for registering known EDNS option codes,
bypassing the cache response stage and uniquifying mesh states. Four
EDNS option lists were added to module_qstate
(module_qstate.edns_opts_*) to store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store)
that control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
functions can be called just before replying with local data or Chaos,
replying from cache, replying with SERVFAIL, replying with a resolved
query, sending a query to a nameserver. The functions can inspect the
available data and maybe change response/query related data (i.e. append
EDNS options).
- Updated Python module for the above.
- Updated Python documentation.
- Added views functionality.
- Added qname-minimisation-strict config option.
- Patch that resolves CNAMEs entered in local-data conf statements that
point to data on the internet.
- serve-expired config option: serve expired responses with TTL 0.
- .gitattributes line for githubs code language display.
- log-identity: config option to set sys log identity.
- Added stub-ssl-upstream and forward-ssl-upstream options.
- Added local-zones and local-data bulk addition and removal
functionality in unbound-control (local_zones, local_zones_remove,
local_datas and local_datas_remove).
- g.root-servers.net has AAAA address.
Bug Fixes:
----------
- Fix#836: unbound could echo back EDNS options in an error response.
- Fix#838: 1.5.10 cannot be built on Solaris, undefined PATH_MAX.
- Fix#839: Memory grows unexpectedly with large RPZ files.
- Fix#840: infinite loop in unbound_munin_ plugin on unowned lockfile.
- Fix#841: big local-zone's make it consume large amounts of memory.
- Fix dnstap relaying "random" messages instead of resolver/forwarder
responses.
- Fix Nits for 1.5.10.
- Fix#1117: spelling errors, from Robert Edmonds.
- iana portlist update.
- fix memoryleak logfile when in debug mode.
- Re-fix #839 from view commit overwrite.
- Fixup const void cast warning.
- Removed patch comments from acllist.c and msgencode.c
- Added documentation doc/CNAME-basedRedirectionDesignNotes.pdf
- Fix#1125: unbound could reuse an answer packet incorrectly for
clients with different EDNS parameters.
- Fix#1118: libunbound.pc sets strange Libs, Libs.private values.
- Added Requires line to libunbound.pc
- Fix#1130: whitespace in example.conf.in more consistent.
- suppress compile warning in lex files.
- init lzt variable, for older gcc compiler warnings.
- fix --enable-dsa to work, instead of copying ecdsa enable.
- Fix DNSSEC validation of query type ANY with DNAME answers.
- Fixup query_info local_alias init.
- Ported tests for local_cname unit test to testbound framework.
- Fix#1134: unbound-control set_option -- val-override-date: -1 works
immediately to ignore datetime, or back to 0 to enable it again. The --
is to ignore the '-1' as an option flag.
- Patch for server.num.zero_ttl stats for count of expired replies.
- Fix failure to build on arm64 with no sbrk.
- Set OpenSSL security level to 0 when using aNULL ciphers.
- configure detects ssl security level API function in the autoconf
manner. Every function on its own, so that other libraries (eg.
LibreSSL) can develop their API without hindrance.
- Fix#1154: segfault when reading config with duplicate zones.
- Note that for harden-below-nxdomain the nxdomain must be secure, this
means nsec3 with optout is insufficient.
- Fix#1155: test status code of unbound-control in 04-checkconf, not
the status code from the tee command.
- Fix#1158: reference RFC 8020 "NXDOMAIN: There Really Is Nothing
Underneath" for the harden-below-nxdomain option.
- patch from Dag-Erling Smorgrav that removes code that relies on sbrk().
- Make access-control-tag-data RDATA absolute. This makes the RDATA
origin consistent between local-data and access-control-tag-data.
- Fix NSEC ENT wildcard check. Matching wildcard does not have to be a
subdomain of the NSEC owner.
- QNAME minimisation uses QTYPE=A, therefore always check cache for this
type in harden-below-nxdomain functionality.
- Added unit test for QNAME minimisation + harden below nxdomain synergy.
- Fix that with openssl 1.1 control-use-cert: no uses less cpu, by using
no encryption over the unix socket.
- hyphen as minus fix.
- Fix#1170: document that 'inform' local-zone uses local-data.
- Fix#1173: differ local-zone type deny from unset tag_actions element.
- Add DSA support for OpenSSL 1.1.0
- Fix remote control without cert for LibreSSL
- Fix downcast warnings from visual studio in sldns code
Updating during the freeze since the previous version stopped
working for me since the availability of this version.
Changes:
This is an extra bugfix release to fix issues introduced in v0.14.14.
Resolved issues:
#3829: Receiving 'invalid subpath' errors on syncthing-inotify full folder sync trigger
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* Arbitrary file deletion on Windows. ([1]Bug 13217)
The following bugs have been fixed:
* Saving all exported objects (SMB/SMB2) results in out of physical
memory. ([2]Bug 11133)
* Export HTTP Objects - Single file shows as multiple files in 2.0.2.
([3]Bug 12230)
* Follow Stream and graph buttons remain greyed out in conversation
window. ([4]Bug 12893)
* Dicom list of tags in element of VR=AT not properly decoded.
([5]Bug 13077)
* Malformed Packet: BGP Update (withdraw) message. ([6]Bug 13146)
* Install fail on macOS Sierra (error PKInstallErrorDomain Code=112).
([7]Bug 13152)
* GTP: "Create PDP Context response" message shows back-off timer as
malformed when included in the response. ([8]Bug 13153)
* ICMP dissector fails to properly detect timestamps. ([9]Bug 13161)
* RLC misdissection. ([10]Bug 13162)
* Text2pcap on Windows produces corrupt output when writing the
capture file to the standard output. ([11]Bug 13165)
* HTML escaping of quotes in error message. ([12]Bug 13178)
* TShark doesn't respect protocols.display_hidden_proto_items
setting. ([13]Bug 13192)
* RPC/RDMA dissector should exit when frame is not RPC-over-RDMA.
([14]Bug 13195)
* Some RPC-over-RDMA frames are not recognized as RPC-over-RDMA.
([15]Bug 13196)
* RPC-over-RDMA frames with chunk lists are "Malformed". ([16]Bug
13197)
* TShark fails to pass RPC-over-RDMA frames to RPC subdissector.
([17]Bug 13198)
* Adding a DOF DPS Identity Secret, session Key, or Mode Template
causes Wireshark to crash. ([18]Bug 13209)
* Wireshark shows "MS Video Source Request" in a RTCP packet as
"Malformed". ([19]Bug 13212)
Updated Protocol Support
BGP, BOOTP/DHCP, BTLE, DICOM, DOF, Echo, GTP, ICMP, Radiotap, RLC, RPC
over RDMA, RTCP, SMB, TCP, UFTP4, and VXLAN
Bug #5592 - Some keys don't work for macOS Sierra clients
Bug #5186 - Cursor stuck on client when using multi-DPI server
Bug #5722 - Malformed serial key in registry will crash GUI on startup
Bug #5752 - Tab order is incorrect on Settings dialog
Enhancement #5699 - Unified installers on macOS
Feature #4836 - macOS Sierra build
Bug #5680 - Server crashes when disconnecting SSL clients
Bug #5626 - Build fails using Xcode 8 and macOS SDK 10.12
Feature #5657 - Trial version support
Feature #5707 - User upgrade statistics
This is an extra bugfix release to fix issues discovered in the upgrade from 0.14.13 to 0.14.14.
Resolved issues:
#3804: Inotify no longer triggers "invalid subpath" error
#3802: Symlinks are not deleted on upgrade
Coursera provides a variety of massive open online courses (MOOC)
covering many different topics. This script makes it easier to batch
download lecture resources (e.g., videos, ppt, etc) for Coursera classes.
Given one or more class names and account credentials, it obtains week
and class names from the lectures page, and then downloads the related
materials into appropriately named files and directories.
Upstream changes:
New features of mikutter 3.5
* Model
* resources handled on mikutter are now wrapped as Model
* third party plugins can also add own Models
* timelines can print any Models other than tweet messages
* new Models are added in standard plugins
* user icons can be taken via Message#icon
* any images like user icons, tab icons, skins, and attached images
are handled as PhotoModel instance like Plugin::Photo::Photo
* direct messages gets own Model and are now drawn as timeline using
MiraclePainter
* Intent
* Capability to select which plugins to be used to open URLs
* Extract tab
* DirectMessage is added as a new data source
* Configuration
* style configuration of timelines per Models
* mikutter command
* added "Open" command to issue Intent
* activity
* added named arg "children:" to Plugin#activity
* and more
This is a security release recommended for all users.
Two distinct security vulnerabilities have been corrected in this
release. Either would let a remote attacker, controlling a device
that is already accepted by Syncthing, perform arbitrary reads and
writes to files outside the configured folders.
The first issue is that path validation was lacking in several
places, resulting in Syncthing accepting index entries for files
like "../../foo", thus resulting in a path above the configured
folder.
The second issue is that where path validation was correct, symlinks
could be used to trick Syncthing. An attacker could create a symlink
"foo -> ../../" and then request the contents of "foo/something",
again escaping the constraints of the folder.
Syncing symlinks between v0.14.14 and previous versions will not
work.
This is due to the fix to the above issue. Normal files and
directories will sync fine. To continue syncing symlinks, both
sides must be upgraded to v0.14.14.
Further resolved issues:
#3753: The build no longer requires Go 1.7.
#3769: The wording in the GUI around "last file received" is
now clearer.
v 3.6.1
Bug fixes in custom HTTP methods.
Support for PEM files in SSL truststore / keystore configuration.
JS and CSS file content rendered with correct syntax highlighting.
v 3.6
#46#47 Added support for custom HTTP methods.
#48#50 option to ignore all SSL certificate warnings.
#49 GET now supports body.
Build moved to Gradle.
* Release 0.12.5 (07-Dec-2016)
** Connection Status Reporting
This release adds an object named `ConnectionInfo`, which encapsulates
information about a connection (both progress while being established, and
the outcome once connected). This includes which connection hint was
successful, what happened with the other hints, which handlers were used for
each, and when the connection was made or lost. To get one of these, use
`tub.getConnectionInfoForFURL(furl)` any time after `getReference()` is
called, or `rref.getConnectionInfo()` after it resolves. #267
It also adds `ReconnectionInfo`, a similar object for Reconnectors. These
capture the state of reconnection process (trying, established, waiting), and
will provide a `ConnectionInfo` for the most recent (possibly successful)
connection attempt. The API is `reconnector.getReconnectionInfo()`. #268
For details, see "Connection Progress/Status" and "Reconnector Status" in
`doc/using-foolscap.rst`.
** Connection Handler API Changes
To support `ConnectionInfo`, the Connection Handler API was changed.
The one backwards-incompatible change was that the `hint_to_endpoint()`
method now takes a third argument, to update the status as the handler makes
progress. External handler functions will need to be modified to accept this
new argument, and applications which use them should declare a dependency
upon the latest Foolscap version, to avoid runtime breakage.
Several backwards-compatible changes were made too: handlers can provide a
`describe()` method (which feeds `ConnectionInfo.connectionHandlers`), and
they can now set a special attribute on any exception they raise, to further
influence the status string.
In addition, the `tor.control_endpoint_maker()` handler now accepts an
optional second argument, which causes the maker function to be called with a
additional `update_status` argument. This backwards-compatible change allows
the maker function to influence the `ConnectionInfo` status too.
The Tor connection handler was enhanced to report distinct statuses for the
different phases of connection: launching a new copy of Tor, connecting to an
existing Tor daemon, etc.
** Minor Fixes
Foolscap-0.12.0 broke `flappserver create`, causing the command to hang
rather than exiting cleanly (although the flappserver directory itself was
probably created properly). This release finally fixes it. #271
Many of these definitely do not depend on readline.
So there must be a different underlying problem, and that
should be tracked down instead of papering over it.
Changes in version 0.2.8.11 - 2016-12-08
Tor 0.2.8.11 backports fixes for additional portability issues that
could prevent Tor from building correctly on OSX Sierra, or with
OpenSSL 1.1. Affected users should upgrade; others can safely stay
with 0.2.8.10.
o Minor bugfixes (portability):
- Avoid compilation errors when building on OSX Sierra. Sierra began
to support the getentropy() and clock_gettime() APIs, but created
a few problems in doing so. Tor 0.2.9 has a more thorough set of
workarounds; in 0.2.8, we are just using the /dev/urandom and mach
monotonic time interfaces. Fixes bug 20865. Bugfix
on 0.2.8.1-alpha.
o Minor bugfixes (portability, backport from 0.2.9.5-alpha):
- Fix compilation with OpenSSL 1.1 and less commonly-used CPU
architectures. Closes ticket 20588.
===========================
Bugfixes:
---------
- Double free when failed to apply zone journal
- Zone bootstrap retry interval not preserved upon zone reload
- DNSSEC related records not flushed if not signed
- False semantic checks warning about incorrect type in NSEC bitmap
- Memory leak in kzonecheck
Improvements:
-------------
- All zone names are fully-qualified in log
Features:
---------
- New kjournalprint utility
Knot DNS 2.3.2 (2016-11-04)
===========================
Bugfixes:
---------
- Incorrect %s expansion for the root zone
- Failed to refresh not existing slave zone after restart
- Immediate zone refresh upon restart if refresh already scheduled
- Early zone transfer after restart if transfer already scheduled
- Not ignoring empty non-terminal parents during delegation lookup
- CD bit preservation in responses
- Compilation error on GNU/kFreeBSD
- Server crash after double zone-commit if journal error
Improvements:
-------------
- Speed-up of knotc if control operation and known socket
- Zone purge operation purges also zone timers
Features:
---------
- Simple modules don't require empty configuration section
- New zone journal path configuration option
- New timeout configuration option for module dnsproxy
Upstream relnotes:
Changes for 4.3.27
==================
Fixes for CGI acknowledgements and NK/criticalview web redirects.
Xymon should now properly check for lack of SSLv3 (or v2) support at compile-
time and exclude the openssl options as needed.
Completely empty directories (on Windows) are no longer considered errors.
Changes for 4.3.26
==================
This is mostly a bug fix release for javascript issues on the info and
trends pages, along with the enable / disable CGI. Several browsers had
difficulty with the new CSP rules introduced in 4.3.25.
XYMWEBREFRESH is now used as the default refresh interval for dynamic
status pages and various other xymongen destinations. Non-svcstatus
pages can be overridden by altering the appropriate *_header template
files, but svcstatus refresh interval uses this value. (default: 60s)
Set in xymonserver.cfg(5).
Incoming test names are now restricted to alphanumeric characters, colons
dashes, underscores, and slashes. Slashes and colons may be restricted in
a future release.
Unconfigured (ghost) host names are now restricted to alphanumerics, colons,
commas, periods, dashes, and underscores. It is strongly recommended to use only
valid hostnames and DNS components in servers names.
Files matched multiple times by logfetch in the client config retrieved
from config-local.cfg (such as a file matching multiple globs) will now only
be scanned once and only use the ignore/trigger rules from its first entry.
(Note: A future version of Xymon may combine all matching rules for a file together.)
CLASS groupings in analysis.cfg and alerts.cfg will now reliably work for
hosts with a CLASS override in hosts.cfg. Previous, this class was not used
in favor of the class type sent in on any specific client message.
==========
FEATURES:
- Fix#1132 for SERVFAIL zones perform backoff, and remembers the
timeout on next startup.
BUG FIXES:
- Fix null memcpy for radixtree with single link element.
- Robust fix against missing master in tcp_open for xfrd.
- Fix wildcards in include: config statements with chroot enabled.
- suppress compile warning in lex files.
- Fix to try every master once, then wait for timeout or notify.
- Save backoff timeout into xfrd.state file, this file has a higher
version number now. Old files are skipped silently (causes
refresh) and created as new files upon exit.
- Fix restart of zone transfers when new config becomes available.
From Christian Sturm via PR pkg/51693
pkgsrc changes:
- Change MAINTAINER to a more suitable email address
Changes:
Changes in version 0.2.8.10 - 2016-12-02
Tor 0.2.8.10 backports a fix for a bug that would sometimes make clients
unusable after they left standby mode. It also backports fixes for
a few portability issues and a small but problematic memory leak.
o Major bugfixes (client reliability, backport from 0.2.9.5-alpha):
- When Tor leaves standby because of a new application request, open
circuits as needed to serve that request. Previously, we would
potentially wait a very long time. Fixes part of bug 19969; bugfix
on 0.2.8.1-alpha.
o Major bugfixes (client performance, backport from 0.2.9.5-alpha):
- Clients now respond to new application stream requests immediately
when they arrive, rather than waiting up to one second before
starting to handle them. Fixes part of bug 19969; bugfix
on 0.2.8.1-alpha.
o Minor bugfixes (portability, backport from 0.2.9.6-rc):
- Work around a bug in the OSX 10.12 SDK that would prevent us from
successfully targeting earlier versions of OSX. Resolves
ticket 20235.
o Minor bugfixes (portability, backport from 0.2.9.5-alpha):
- Fix implicit conversion warnings under OpenSSL 1.1. Fixes bug
20551; bugfix on 0.2.1.1-alpha.
o Minor bugfixes (relay, backport from 0.2.9.5-alpha):
- Work around a memory leak in OpenSSL 1.1 when encoding public
keys. Fixes bug 20553; bugfix on 0.0.2pre8.
o Minor features (geoip):
- Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2
Country database.
Here is quote from NEWS file and please refer it in detail.
---
NTP 4.2.8p9 (Harlan Stenn <stenn@ntp.org>, 2016/11/21)
Focus: Security, Bug fixes, enhancements.
Severity: HIGH
In addition to bug fixes and enhancements, this release fixes the
following 1 high- (Windows only), 2 medium-, 2 medium-/low, and
5 low-severity vulnerabilities, and provides 28 other non-security
fixes and improvements:
new packages. Most of which are the remaining modules of the Tryton
platform which weren't packaged. The others are dependencies of the new
modules. This was tested on FreeBSD and is based in large part on Richard
Palo's (richard@) work. This is the most recent release of the Tryton
platform, version 4.2. There's a very large list of changes from the 3.8
series we have in pkgsrc. If you're interested, those functional changes
can be found here:
http://www.tryton.org/posts/new-tryton-release-42.htmlhttp://www.tryton.org/posts/new-tryton-release-40.html
Solves:
/usr/libexec/binutils225/elf/ld.gold: error: cannot find -lreadline
The missing specification is obvious on DragonFly because there's
no publically accessible version of readline in base.
Upstream changes:
* fix a bunch of deprecated warnings by recent ruby-gnome2 gdk_pixbuf2 update
* partially fixed in the past version but fixed more properly
* also make this work with gdk_pixbuf2 gem 3.0.8 and prior
* crash by --profile option with newer ruby-prof
v0.14.131
This is a minor release recommended for all users.
Resolved issues:
#33946: CPU usage when scanning is improved.
#24722: Writing config and .stignore files on filesystems
without chmod support should now work.
#3758: Language selector stays above the bottom bar.
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-58
Profinet I/O long loop. ([2]Bug 12851)
* [3]wnpa-sec-2016-59
AllJoyn crash. ([4]Bug 12953)
* [5]wnpa-sec-2016-60
OpenFlow crash. ([6]Bug 13071)
* [7]wnpa-sec-2016-61
DCERPC crash. ([8]Bug 13072)
* [9]wnpa-sec-2016-62
DTN infinite loop. ([10]Bug 13097)
The Windows PortableApps packages were susceptible to a [11]DLL
hijacking flaw.
The following bugs have been fixed:
* TCP: nextseq incorrect if TCP_MAX_UNACKED_SEGMENTS exceeded & FIN
true. ([12]Bug 12579)
* SMPP schedule_delivery_time displayed wrong in Wireshark 2.1.0.
([13]Bug 12632)
* Upgrading to latest version uninstalls Microsoft Visual C++
redistributable. ([14]Bug 12712)
* dmg for OS X does not install man pages. ([15]Bug 12746)
* Fails to compile against Heimdal 1.5.3. ([16]Bug 12831)
* TCP: Next sequence number off by one when sending payload in SYN
packet (e.g. TFO). ([17]Bug 12838)
* Follow TCP Stream shows duplicate stream data. ([18]Bug 12855)
* Dissection engine falsely asserts that EIGRP packet's checksum is
incorrect. ([19]Bug 12982)
* IEEE 802.15.4 frames erroneously handed over to ZigBee dissector.
([20]Bug 12984)
* Capture Filter Bookmark Inactive in Capture Options page. ([21]Bug
12986)
* CLNP dissector does not parse ER NPDU properly. ([22]Bug 12993)
* SNMP trap bindings for NON scalar OIDs. ([23]Bug 13013)
* BGP LS Link Protection Type TLV (1093) decoding. ([24]Bug 13021)
* Application crash sorting column for tcp.window_size_scalefactor up
and down. ([25]Bug 13023)
* ZigBee Green Power add key during execution. ([26]Bug 13031)
* Malformed AMPQ packets for session.expected and session.confirmed
fields. ([27]Bug 13037)
* Wireshark 2.2.1 crashes when attempting to merge pcap files.
([28]Bug 13060)
* [IS-637A] SMS - Teleservice layer parameter --> IA5 encoded text is
not correctly displayed. ([29]Bug 13065)
*
* Failure to dissect USB Audio feature unit descriptors missing the
iFeature field. ([30]Bug 13085)
* MSISDN not populated/decoded in JSON GTP-C decoding. ([31]Bug
13086)
* E212: 3 digits MNC are identified as 2 digits long if they end with
a 0. ([32]Bug 13092)
* Exception with last unknown Cisco AVP available in a SCCRQ message.
([33]Bug 13103)
* TShark stalls on FreeBSD if androiddump is present. ([34]Bug 13104)
* Dissector skips DICOM command. ([35]Bug 13110)
* UUID (FT_GUID) filtering isn't working. ([36]Bug 13121)
* Manufacturer name resolution fail. ([37]Bug 13126)
* packet-sdp.c allocates transport_info->encoding_name from wrong
memory pool. ([38]Bug 13127)
* Payload type name for dynamic payload is wrong for reverse RTP
channels. ([39]Bug 13132)
Updated Protocol Support
6LoWPAN, AllJoyn, AMPQ, ANSI IS-637 A, BGP, CLNP, DCERPC, DICOM, DTN,
E.212, EIGRP, ERF, GVSP, IEEE 802.11, IEEE 802.15.4, IP, ISO-8583,
Kerberos, L2TP, LACP, MAC LTE, OpenFlow, Profinet I/O, RTPS, SCTP, SDP,
Skype, SMPP, SNA, SNMP, SPNEGO, TCP, USB Audio, XML, and ZigBee
Twisted Core 16.6.0 (2016-11-17)
================================
Features
--------
- The twist script can now be run by invoking python -m twisted.
(#8657)
- twisted.protocols.sip has been ported to Python 3. (#8669)
- twisted.persisted.dirdbm has been ported to Python 3. (#8888)
Bugfixes
--------
- twisted.internet.defer.Deferred now implements send, not __send__,
which means that it is now a conforming generator. (#8861)
- The IOCP reactor no longer transmits the contents of uninitialized
memory when writing large amounts of data. (#8870)
- Deferreds awaited/yielded from in a
twisted.internet.defer.ensureDeferred wrapped coroutine will now
properly raise exceptions. Additionally, it more closely models
asyncio.ensure_future and will pass through Deferreds. (#8878)
- Deferreds that are paused or chained on other Deferreds will now
return a result when yielded/awaited in a twisted.internet.defer
.ensureDeferred-wrapped coroutine, instead of returning the
Deferred it was chained to. (#8890)
Improved Documentation
----------------------
- twisted.test.proto_helpers is now explicitly covered by the
compatibility policy. (#8857)
Other
-----
- #8281, #8823, #8862
Twisted Conch 16.6.0 (2016-11-17)
=================================
Features
--------
- twisted.conch.ssh.keys supports ECDSA keys (#8798)
- scripts/ckeygen can now generate ecdsa keys. (#8828)
- ckeygen has been ported to Python 3 (#8855)
Deprecations and Removals
-------------------------
- twisted.conch.ssh no longer uses gmpy, if available. gmpy is
unmaintained, does not have binary wheels for any platforms, and an
alternative for higher performance is available in the form of
PyPy. (#8079)
Twisted Web 16.6.0 (2016-11-17)
===============================
Features
--------
- twisted.web.server.Site's HTTP/2 server support now emits vastly
fewer WINDOW_UPDATE frames than previously. (#8681)
Bugfixes
--------
- twisted.web.Agent now tolerates receiving unexpected status codes
in the 100 range by discarding them, which is what RFC 7231
recommends doing. (#8885)
- twisted.web._http.H2Stream's getHost and getPeer implementations
now actually return the host and peer instead of None. (#8893)
Twisted Words 16.6.0 (2016-11-17)
=================================
Features
--------
- twisted.words.protocols.irc has been ported to Python 3 (#6320)
Upstream changes:
* 3.3.0 (2016/11/25)
* switch to using mbedTLS rather than libcurl
* implement --full-url and --progress options
* remove --sixel-cmd option
* remove support of PHP version
* add support characters that cannot be converted to EUC-JP/JIS
* improve image quality and speed etc.
This is a minor release recommended for all users.
Resolved issues:
#3737: A data race in the code that caused test failures, and possibly other inconsitencies, has been resolved.
#3241: Links in warning messages are now clickable in the GUI.
#3711: Files are now synced to disk before committed to database, to avoid possible inconsistencies if a power failure occurs during syncing.
#3724: Log entries now mention folder by label in addition to the ID.
In addition:
The default folder now has the folder ID "default" again, simplifying initial setup.
Retries for misconfigured relay setups are slowed down somewhat to be kinder on our relay pool infrastructure.
Lexicon provides a way to manipulate DNS records on multiple DNS
providers in a standardized way. Lexicon has a CLI but it can
also be used as a python library.
Update DEPENDS
Upstream changes:
4.01041 2016-11-19
- hack dist.ini to get POD and README back into the distribution O_o
4.01040 2016-11-19
- added trait WrapResult (returns both the HTTP response, with rate limit
accessors, and the decoded JSON response)
- rename placeholder :category to :slug with backwards compatibility to
match Twitter's documentation
- add attachment_url parameter to update method
- add links to Twitter API docs
4.01030 2016-11-18
- cleaned up Net::Twitter::Error and documented stack_trace and stack_frame
methods
- Add method upload_status (ghathwar on Github)
Upstream changes:
* bug in obfuscation of account information
* revert behaviors of a mention in Extended Tweets as 3.3.12
* timelines not drawn in the screen are not freed
* use gtk2 3.1.0
* update po file
* zh_TW
ChangeLog for wpa_supplicant (and also _gui):
2016-10-02 - v2.6
* fixed WNM Sleep Mode processing when PMF is not enabled
[http://w1.fi/security/2015-6/] (CVE-2015-5310)
* fixed EAP-pwd last fragment validation
[http://w1.fi/security/2015-7/] (CVE-2015-5315)
* fixed EAP-pwd unexpected Confirm message processing
[http://w1.fi/security/2015-8/] (CVE-2015-5316)
* fixed WPS configuration update vulnerability with malformed passphrase
[http://w1.fi/security/2016-1/] (CVE-2016-4476)
* fixed configuration update vulnerability with malformed parameters set
over the local control interface
[http://w1.fi/security/2016-1/] (CVE-2016-4477)
* fixed TK configuration to the driver in EAPOL-Key 3/4 retry case
* extended channel switch support for P2P GO
* started to throttle control interface event message bursts to avoid
issues with monitor sockets running out of buffer space
* mesh mode fixes/improvements
- generate proper AID for peer
- enable WMM by default
- add VHT support
- fix PMKID derivation
- improve robustness on various exchanges
- fix peer link counting in reconnect case
- improve mesh joining behavior
- allow DTIM period to be configured
- allow HT to be disabled (disable_ht=1)
- add MESH_PEER_ADD and MESH_PEER_REMOVE commands
- add support for PMKSA caching
- add minimal support for SAE group negotiation
- allow pairwise/group cipher to be configured in the network profile
- use ieee80211w profile parameter to enable/disable PMF and derive
a separate TX IGTK if PMF is enabled instead of using MGTK
incorrectly
- fix AEK and MTK derivation
- remove GTKdata and IGTKdata from Mesh Peering Confirm/Close
- note: these changes are not fully backwards compatible for secure
(RSN) mesh network
* fixed PMKID derivation with SAE
* added support for requesting and fetching arbitrary ANQP-elements
without internal support in wpa_supplicant for the specific element
(anqp[265]=<hexdump> in "BSS <BSSID>" command output)
* P2P
- filter control characters in group client device names to be
consistent with other P2P peer cases
- support VHT 80+80 MHz and 160 MHz
- indicate group completion in P2P Client role after data association
instead of already after the WPS provisioning step
- improve group-join operation to use SSID, if known, to filter BSS
entries
- added optional ssid=<hexdump> argument to P2P_CONNECT for join case
- added P2P_GROUP_MEMBER command to fetch client interface address
* P2PS
- fix follow-on PD Response behavior
- fix PD Response generation for unknown peer
- fix persistent group reporting
- add channel policy to PD Request
- add group SSID to the P2PS-PROV-DONE event
- allow "P2P_CONNECT <addr> p2ps" to be used without specifying the
default PIN
* BoringSSL
- support for OCSP stapling
- support building of h20-osu-client
* D-Bus
- add ExpectDisconnect()
- add global config parameters as properties
- add SaveConfig()
- add VendorElemAdd(), VendorElemGet(), VendorElemRem()
* fixed Suite B 192-bit AKM to use proper PMK length
(note: this makes old releases incompatible with the fixed behavior)
* improved PMF behavior for cases where the AP and STA has different
configuration by not trying to connect in some corner cases where the
connection cannot succeed
* added option to reopen debug log (e.g., to rotate the file) upon
receipt of SIGHUP signal
* EAP-pwd: added support for Brainpool Elliptic Curves
(with OpenSSL 1.0.2 and newer)
* fixed EAPOL reauthentication after FT protocol run
* fixed FTIE generation for 4-way handshake after FT protocol run
* extended INTERFACE_ADD command to allow certain type (sta/ap)
interface to be created
* fixed and improved various FST operations
* added 80+80 MHz and 160 MHz VHT support for IBSS/mesh
* fixed SIGNAL_POLL in IBSS and mesh cases
* added an option to abort an ongoing scan (used to speed up connection
and can also be done with the new ABORT_SCAN command)
* TLS client
- do not verify CA certificates when ca_cert is not specified
- support validating server certificate hash
- support SHA384 and SHA512 hashes
- add signature_algorithms extension into ClientHello
- support TLS v1.2 signature algorithm with SHA384 and SHA512
- support server certificate probing
- allow specific TLS versions to be disabled with phase2 parameter
- support extKeyUsage
- support PKCS #5 v2.0 PBES2
- support PKCS #5 with PKCS #12 style key decryption
- minimal support for PKCS #12
- support OCSP stapling (including ocsp_multi)
* OpenSSL
- support OpenSSL 1.1 API changes
- drop support for OpenSSL 0.9.8
- drop support for OpenSSL 1.0.0
* added support for multiple schedule scan plans (sched_scan_plans)
* added support for external server certificate chain validation
(tls_ext_cert_check=1 in the network profile phase1 parameter)
* made phase2 parser more strict about correct use of auth=<val> and
autheap=<val> values
* improved GAS offchannel operations with comeback request
* added SIGNAL_MONITOR command to request signal strength monitoring
events
* added command for retrieving HS 2.0 icons with in-memory storage
(REQ_HS20_ICON, GET_HS20_ICON, DEL_HS20_ICON commands and
RX-HS20-ICON event)
* enabled ACS support for AP mode operations with wpa_supplicant
* EAP-PEAP: fixed interoperability issue with Windows 2012r2 server
("Invalid Compound_MAC in cryptobinding TLV")
* EAP-TTLS: fixed success after fragmented final Phase 2 message
* VHT: added interoperability workaround for 80+80 and 160 MHz channels
* WNM: workaround for broken AP operating class behavior
* added kqueue(2) support for eloop (CONFIG_ELOOP_KQUEUE)
* nl80211:
- add support for full station state operations
- do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
- add NL80211_ATTR_PREV_BSSID with Connect command
- fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
unencrypted EAPOL frames
* added initial MBO support; number of extensions to WNM BSS Transition
Management
* added support for PBSS/PCP and P2P on 60 GHz
* Interworking: add credential realm to EAP-TLS identity
* fixed EAPOL-Key Request Secure bit to be 1 if PTK is set
* HS 2.0: add support for configuring frame filters
* added POLL_STA command to check connectivity in AP mode
* added initial functionality for location related operations
* started to ignore pmf=1/2 parameter for non-RSN networks
* added wps_disabled=1 network profile parameter to allow AP mode to
be started without enabling WPS
* wpa_cli: added action script support for AP-ENABLED and AP-DISABLED
events
* improved Public Action frame addressing
- add gas_address3 configuration parameter to control Address 3
behavior
* number of small fixes
ChangeLog for wpa_supplicant
2016-10-02 - v2.6
* fixed WNM Sleep Mode processing when PMF is not enabled
[http://w1.fi/security/2015-6/] (CVE-2015-5310)
* fixed EAP-pwd last fragment validation
[http://w1.fi/security/2015-7/] (CVE-2015-5315)
* fixed EAP-pwd unexpected Confirm message processing
[http://w1.fi/security/2015-8/] (CVE-2015-5316)
* fixed WPS configuration update vulnerability with malformed passphrase
[http://w1.fi/security/2016-1/] (CVE-2016-4476)
* fixed configuration update vulnerability with malformed parameters set
over the local control interface
[http://w1.fi/security/2016-1/] (CVE-2016-4477)
* fixed TK configuration to the driver in EAPOL-Key 3/4 retry case
* extended channel switch support for P2P GO
* started to throttle control interface event message bursts to avoid
issues with monitor sockets running out of buffer space
* mesh mode fixes/improvements
- generate proper AID for peer
- enable WMM by default
- add VHT support
- fix PMKID derivation
- improve robustness on various exchanges
- fix peer link counting in reconnect case
- improve mesh joining behavior
- allow DTIM period to be configured
- allow HT to be disabled (disable_ht=1)
- add MESH_PEER_ADD and MESH_PEER_REMOVE commands
- add support for PMKSA caching
- add minimal support for SAE group negotiation
- allow pairwise/group cipher to be configured in the network profile
- use ieee80211w profile parameter to enable/disable PMF and derive
a separate TX IGTK if PMF is enabled instead of using MGTK
incorrectly
- fix AEK and MTK derivation
- remove GTKdata and IGTKdata from Mesh Peering Confirm/Close
- note: these changes are not fully backwards compatible for secure
(RSN) mesh network
* fixed PMKID derivation with SAE
* added support for requesting and fetching arbitrary ANQP-elements
without internal support in wpa_supplicant for the specific element
(anqp[265]=<hexdump> in "BSS <BSSID>" command output)
* P2P
- filter control characters in group client device names to be
consistent with other P2P peer cases
- support VHT 80+80 MHz and 160 MHz
- indicate group completion in P2P Client role after data association
instead of already after the WPS provisioning step
- improve group-join operation to use SSID, if known, to filter BSS
entries
- added optional ssid=<hexdump> argument to P2P_CONNECT for join case
- added P2P_GROUP_MEMBER command to fetch client interface address
* P2PS
- fix follow-on PD Response behavior
- fix PD Response generation for unknown peer
- fix persistent group reporting
- add channel policy to PD Request
- add group SSID to the P2PS-PROV-DONE event
- allow "P2P_CONNECT <addr> p2ps" to be used without specifying the
default PIN
* BoringSSL
- support for OCSP stapling
- support building of h20-osu-client
* D-Bus
- add ExpectDisconnect()
- add global config parameters as properties
- add SaveConfig()
- add VendorElemAdd(), VendorElemGet(), VendorElemRem()
* fixed Suite B 192-bit AKM to use proper PMK length
(note: this makes old releases incompatible with the fixed behavior)
* improved PMF behavior for cases where the AP and STA has different
configuration by not trying to connect in some corner cases where the
connection cannot succeed
* added option to reopen debug log (e.g., to rotate the file) upon
receipt of SIGHUP signal
* EAP-pwd: added support for Brainpool Elliptic Curves
(with OpenSSL 1.0.2 and newer)
* fixed EAPOL reauthentication after FT protocol run
* fixed FTIE generation for 4-way handshake after FT protocol run
* extended INTERFACE_ADD command to allow certain type (sta/ap)
interface to be created
* fixed and improved various FST operations
* added 80+80 MHz and 160 MHz VHT support for IBSS/mesh
* fixed SIGNAL_POLL in IBSS and mesh cases
* added an option to abort an ongoing scan (used to speed up connection
and can also be done with the new ABORT_SCAN command)
* TLS client
- do not verify CA certificates when ca_cert is not specified
- support validating server certificate hash
- support SHA384 and SHA512 hashes
- add signature_algorithms extension into ClientHello
- support TLS v1.2 signature algorithm with SHA384 and SHA512
- support server certificate probing
- allow specific TLS versions to be disabled with phase2 parameter
- support extKeyUsage
- support PKCS #5 v2.0 PBES2
- support PKCS #5 with PKCS #12 style key decryption
- minimal support for PKCS #12
- support OCSP stapling (including ocsp_multi)
* OpenSSL
- support OpenSSL 1.1 API changes
- drop support for OpenSSL 0.9.8
- drop support for OpenSSL 1.0.0
* added support for multiple schedule scan plans (sched_scan_plans)
* added support for external server certificate chain validation
(tls_ext_cert_check=1 in the network profile phase1 parameter)
* made phase2 parser more strict about correct use of auth=<val> and
autheap=<val> values
* improved GAS offchannel operations with comeback request
* added SIGNAL_MONITOR command to request signal strength monitoring
events
* added command for retrieving HS 2.0 icons with in-memory storage
(REQ_HS20_ICON, GET_HS20_ICON, DEL_HS20_ICON commands and
RX-HS20-ICON event)
* enabled ACS support for AP mode operations with wpa_supplicant
* EAP-PEAP: fixed interoperability issue with Windows 2012r2 server
("Invalid Compound_MAC in cryptobinding TLV")
* EAP-TTLS: fixed success after fragmented final Phase 2 message
* VHT: added interoperability workaround for 80+80 and 160 MHz channels
* WNM: workaround for broken AP operating class behavior
* added kqueue(2) support for eloop (CONFIG_ELOOP_KQUEUE)
* nl80211:
- add support for full station state operations
- do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
- add NL80211_ATTR_PREV_BSSID with Connect command
- fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
unencrypted EAPOL frames
* added initial MBO support; number of extensions to WNM BSS Transition
Management
* added support for PBSS/PCP and P2P on 60 GHz
* Interworking: add credential realm to EAP-TLS identity
* fixed EAPOL-Key Request Secure bit to be 1 if PTK is set
* HS 2.0: add support for configuring frame filters
* added POLL_STA command to check connectivity in AP mode
* added initial functionality for location related operations
* started to ignore pmf=1/2 parameter for non-RSN networks
* added wps_disabled=1 network profile parameter to allow AP mode to
be started without enabling WPS
* wpa_cli: added action script support for AP-ENABLED and AP-DISABLED
events
* improved Public Action frame addressing
- add gas_address3 configuration parameter to control Address 3
behavior
* number of small fixes
# GStreamer 1.10 Release Notes
**GStreamer 1.10.0 was released on 1st November 2016.**
The GStreamer team is proud to announce a new major feature release in the
stable 1.x API series of your favourite cross-platform multimedia framework!
As always, this release is again packed with new features, bug fixes and other
improvements.
See [https://gstreamer.freedesktop.org/releases/1.10/][latest] for the latest
version of this document.
*Last updated: Tuesday 1 Nov 2016, 15:00 UTC [(log)][gitlog]*
[latest]: https://gstreamer.freedesktop.org/releases/1.10/
[gitlog]: https://cgit.freedesktop.org/gstreamer/www/log/src/htdocs/releases/1.10/release-notes-1.10.md
## Introduction
The GStreamer team is proud to announce a new major feature release in the
stable 1.x API series of your favourite cross-platform multimedia framework!
As always, this release is again packed with new features, bug fixes and other
improvements.
## Highlights
- Several convenience APIs have been added to make developers' lives easier
- A new `GstStream` API provides applications a more meaningful view of the
structure of streams, simplifying the process of dealing with media in
complex container formats
- Experimental `decodebin3` and `playbin3` elements which bring a number of
improvements which were hard to implement within `decodebin` and `playbin`
- A new `parsebin` element to automatically unpack and parse a stream, stopping
just short of decoding
- Experimental new `meson`-based build system, bringing faster build and much
better Windows support (including for building with Visual Studio)
- A new `gst-docs` module has been created, and we are in the process of moving
our documentation to a markdown-based format for easier maintenance and
updates
- A new `gst-examples` module has been create, which contains example
GStreamer applications and is expected to grow with many more examples in
the future
- Various OpenGL and OpenGL|ES-related fixes and improvements for greater
efficiency on desktop and mobile platforms, and Vulkan support on Wayland was
also added
- Extensive improvements to the VAAPI plugins for improved robustness and
efficiency
- Lots of fixes and improvements across the board, spanning RTP/RTSP, V4L2,
Bluetooth, audio conversion, echo cancellation, and more!
## Major new features and changes
### Noteworthy new API, features and other changes
#### Core API additions
##### Receive property change notifications via bus messages
New API was added to receive element property change notifications via
bus messages. So far, applications had to connect a callback to an element's
`notify::property-name` signal via the GObject API, which was inconvenient for
at least two reasons: one had to implement a signal callback function, and that
callback function would usually be called from one of the streaming threads, so
one had to marshal (send) any information gathered or pending requests to the
main application thread which was tedious and error-prone.
Enter [`gst_element_add_property_notify_watch()`][notify-watch] and
[`gst_element_add_property_deep_notify_watch()`][deep-notify-watch] which will
watch for changes of a property on the specified element, either only for this
element or recursively for a whole bin or pipeline. Whenever such a
property change happens, a `GST_MESSAGE_PROPERTY_NOTIFY` message will be posted
on the pipeline bus with details of the element, the property and the new
property value, all of which can be retrieved later from the message in the
application via [`gst_message_parse_property_notify()`][parse-notify]. Unlike
the GstBus watch functions, this API does not rely on a running GLib main loop.
The above can be used to be notified asynchronously of caps changes in the
pipeline, or volume changes on an audio sink element, for example.
[notify-watch]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstElement.html#gst-element-add-property-notify-watch
[deep-notify-watch]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstElement.html#gst-element-add-property-deep-notify-watch
[parse-notify]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstMessage.html#gst-message-parse-property-notify
##### GstBin "deep" element-added and element-removed signals
GstBin has gained `"deep-element-added"` and `"deep-element-removed"` signals
which makes it easier for applications and higher-level plugins to track when
elements are added or removed from a complex pipeline with multiple sub-bins.
`playbin` makes use of this to implement the new `"element-setup"` signal which
can be used to configure elements as they are added to `playbin`, just like the
existing `"source-setup"` signal which can be used to configure the source
element created.
##### Error messages can contain additional structured details
It is often useful to provide additional, structured information in error,
warning or info messages for applications (or higher-level elements) to make
intelligent decisions based on them. To allow this, error, warning and info
messages now have API for adding arbitrary additional information to them
using a `GstStructure`:
[`GST_ELEMENT_ERROR_WITH_DETAILS`][element-error-with-details] and
corresponding API for the other message types.
This is now used e.g. by the new [`GST_ELEMENT_FLOW_ERROR`][element-flow-error]
API to include the actual flow error in the error message, and the
[souphttpsrc element][souphttpsrc-detailed-errors] to provide the HTTP
status code, and the URL (if any) to which a redirection has happened.
[element-error-with-details]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstElement.html#GST-ELEMENT-ERROR-WITH-DETAILS:CAPS
[element-flow-error]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstElement.html#GST-ELEMENT-FLOW-ERROR:CAPS
[souphttpsrc-detailed-errors]: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/tree/ext/soup/gstsouphttpsrc.c?id=60d30db912a1aedd743e66b9dcd2e21d71fbb24f#n1318
##### Redirect messages have official API now
Sometimes, elements need to redirect the current stream URL and tell the
application to proceed with this new URL, possibly using a different
protocol too (thus changing the pipeline configuration). Until now, this was
informally implemented using `ELEMENT` messages on the bus.
Now this has been formalized in the form of a new `GST_MESSAGE_REDIRECT` message.
A new redirect message can be created using [`gst_message_new_redirect()`][new-redirect].
If needed, multiple redirect locations can be specified by calling
[`gst_message_add_redirect_entry()`][add-redirect] to add further redirect
entries, all with metadata, so the application can decide which is
most suitable (e.g. depending on the bitrate tags).
[new-redirect]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstMessage.html#gst-message-new-redirect
[add-redirect]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstMessage.html#gst-message-add-redirect-entry
##### New pad linking convenience functions that automatically create ghost pads
New pad linking convenience functions were added:
[`gst_pad_link_maybe_ghosting()`][pad-maybe-ghost] and
[`gst_pad_link_maybe_ghosting_full()`][pad-maybe-ghost-full] which were
previously internal to GStreamer have now been exposed for general use.
The existing pad link functions will refuse to link pads or elements at
different levels in the pipeline hierarchy, requiring the developer to
create ghost pads where necessary. These new utility functions will
automatically create ghostpads as needed when linking pads at different
levels of the hierarchy (e.g. from an element inside a bin to one that's at
the same level in the hierarchy as the bin, or in another bin).
[pad-maybe-ghost]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstPad.html#gst-pad-link-maybe-ghosting
[pad-maybe-ghost-full]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstPad.html#gst-pad-link-maybe-ghosting-full
##### Miscellaneous
Pad probes: IDLE and BLOCK probes now work slightly differently in pull mode,
so that push and pull mode have opposite scenarios for idle and blocking probes.
In push mode, it will block with some data type and IDLE won't have any data.
In pull mode, it will block _before_ getting a buffer and will be IDLE once some
data has been obtained. ([commit][commit-pad-probes], [bug][bug-pad-probes])
[commit-pad-probes]: https://cgit.freedesktop.org/gstreamer/gstreamer/commit/gst/gstpad.c?id=368ee8a336d0c868d81fdace54b24431a8b48cbf
[bug-pad-probes]: https://bugzilla.gnome.org/show_bug.cgi?id=761211
[`gst_parse_launch_full()`][parse-launch-full] can now be made to return a
`GstBin` instead of a top-level pipeline by passing the new
`GST_PARSE_FLAG_PLACE_IN_BIN` flag.
[parse-launch-full]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/gstreamer-GstParse.html#gst-parse-launch-full
The default GStreamer debug log handler can now be removed before
calling `gst_init()`, so that it will never get installed and won't be active
during initialization.
A new [`STREAM_GROUP_DONE` event][stream-group-done-event] was added. In some
ways it works similar to the `EOS` event in that it can be used to unblock
downstream elements which may be waiting for further data, such as for example
`input-selector`. Unlike `EOS`, further data flow may happen after the
`STREAM_GROUP_DONE` event though (and without the need to flush the pipeline).
This is used to unblock input-selector when switching between streams in
adaptive streaming scenarios (e.g. HLS).
[stream-group-done-event]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstEvent.html#gst-event-new-stream-group-done
The `gst-launch-1.0` command line tool will now print unescaped caps in verbose
mode (enabled by the -v switch).
[`gst_element_call_async()`][call-async] has been added as convenience API for
plugin developers. It is useful for one-shot operations that need to be done
from a thread other than the current streaming thread. It is backed by a
thread-pool that is shared by all elements.
[call-async]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstElement.html#gst-element-call-async
Various race conditions have been fixed around the `GstPoll` API used by e.g.
`GstBus` and `GstBufferPool`. Some of these manifested themselves primarily
on Windows.
`GstAdapter` can now keep track of discontinuities signalled via the `DISCONT`
buffer flag, and has gained [new API][new-adapter-api] to track PTS, DTS and
offset at the last discont. This is useful for plugins implementing advanced
trick mode scenarios.
[new-adapter-api]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer-libs/html/GstAdapter.html#gst-adapter-pts-at-discont
`GstTestClock` gained a new [`"clock-type"` property][clock-type-prop].
[clock-type-prop]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer-libs/html/GstTestClock.html#GstTestClock--clock-type
#### GstStream API for stream announcement and stream selection
New stream listing and stream selection API: new API has been added to
provide high-level abstractions for streams ([`GstStream`][stream-api])
and collections of streams ([`GstStreamCollections`][stream-collection-api]).
##### Stream listing
A [`GstStream`][stream-api] contains all the information pertinent to a stream,
such as stream id, caps, tags, flags and stream type(s); it can represent a
single elementary stream (e.g. audio, video, subtitles, etc.) or a container
stream. This will depend on the context. In a decodebin3/playbin3 one
it will typically be elementary streams that can be selected and unselected.
A [`GstStreamCollection`][stream-collection-api] represents a group of streams
and is used to announce or publish all available streams. A GstStreamCollection
is immutable - once created it won't change. If the available streams change,
e.g. because a new stream appeared or some streams disappeared, a new stream
collection will be published. This new stream collection may contain streams
from the previous collection if those streams persist, or completely new ones.
Stream collections do not yet list all theoretically available streams,
e.g. other available DVD angles or alternative resolutions/bitrate of the same
stream in case of adaptive streaming.
New events and messages have been added to notify or update other elements and
the application about which streams are currently available and/or selected.
This way, we can easily and seamlessly let the application know whenever the
available streams change, as happens frequently with digital television streams
for example. The new system is also more flexible. For example, it is now also
possible for the application to select multiple streams of the same type
(e.g. in a transcoding/transmuxing scenario).
A [`STREAM_COLLECTION` message][stream-collection-msg] is posted on the bus
to inform the parent bin (e.g. `playbin3`, `decodebin3`) and/or the application
about what streams are available, so you no longer have to hunt for this
information at different places. The available information includes number of
streams of each type, caps, tags etc. Bins and/or the application can intercept
the message synchronously to select and deselect streams before any data is
produced - for the case where elements such as the demuxers support the new
stream API, not necessarily in the parsebin compatibility fallback case.
Similarly, there is also a [`STREAM_COLLECTION` event][stream-collection-event]
to inform downstream elements of the available streams. This event can be used
by elements to aggregate streams from multiple inputs into one single collection.
The `STREAM_START` event was extended so that it can also contain a GstStream
object with all information about the current stream, see
[`gst_event_set_stream()`][event-set-stream] and
[`gst_event_parse_stream()`][event-parse-stream].
[`gst_pad_get_stream()`][pad-get-stream] is a new utility function that can be
used to look up the GstStream from the `STREAM_START` sticky event on a pad.
[stream-api]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/gstreamer-GstStream.html
[stream-collection-api]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/gstreamer-GstStreamCollection.html
[stream-collection-msg]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstMessage.html#gst-message-new-stream-collection
[stream-collection-event]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstEvent.html#gst-event-new-stream-collection
[event-set-stream]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstEvent.html#gst-event-set-stream
[event-parse-stream]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstEvent.html#gst-event-parse-stream
[pad-get-stream]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstPad.html#gst-pad-get-stream
##### Stream selection
Once the available streams have been published, streams can be selected via
their stream ID using the new `SELECT_STREAMS` event, which can be created
with [`gst_event_new_select_streams()`][event-select-streams]. The new API
supports selecting multiple streams per stream type. In the future, we may also
implement explicit deselection of streams that will never be used, so
elements can skip these and never expose them or output data for them in the
first place.
The application is then notified of the currently selected streams via the
new `STREAMS_SELECTED` message on the pipeline bus, containing both the current
stream collection as well as the selected streams. This might be posted in
response to the application sending a `SELECT_STREAMS` event or when
`decodebin3` or `playbin3` decide on the streams to be initially selected without
application input.
[event-select-streams]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstEvent.html#gst-event-new-select-streams
##### Further reading
See further below for some notes on the new elements supporting this new
stream API, namely: `decodebin3`, `playbin3` and `parsebin`.
More information about the new API and the new elements can also be found here:
- GStreamer [stream selection design docs][streams-design]
- Edward Hervey's talk ["The new streams API: Design and usage"][streams-talk] ([slides][streams-slides])
- Edward Hervey's talk ["Decodebin3: Dealing with modern playback use cases"][db3-talk] ([slides][db3-slides])
[streams-design]: https://cgit.freedesktop.org/gstreamer/gstreamer/tree/docs/design/part-stream-selection.txt
[streams-talk]: https://gstconf.ubicast.tv/videos/the-new-gststream-api-design-and-usage/
[streams-slides]: https://gstreamer.freedesktop.org/data/events/gstreamer-conference/2016/Edward%20Hervey%20-%20The%20New%20Streams%20API%20Design%20and%20Usage.pdf
[db3-talk]: https://gstconf.ubicast.tv/videos/decodebin3-or-dealing-with-modern-playback-use-cases/
[db3-slides]: https://gstreamer.freedesktop.org/data/events/gstreamer-conference/2015/Edward%20Hervey%20-%20decodebin3.pdf
#### Audio conversion and resampling API
The audio conversion library received a completely new and rewritten audio
resampler, complementing the audio conversion routines moved into the audio
library in the [previous release][release-notes-1.8]. Integrating the resampler
with the other audio conversion library allows us to implement generic
conversion much more efficiently, as format conversion and resampling can now
be done in the same processing loop instead of having to do it in separate
steps (our element implementations do not make use of this yet though).
The new audio resampler library is a combination of some of the best features
of other samplers such as ffmpeg, speex and SRC. It natively supports S16, S32,
F32 and F64 formats and uses optimized x86 and neon assembly for most of its
processing. It also has support for dynamically changing sample rates by incrementally
updating the filter tables using linear or cubic interpolation. According to
some benchmarks, it's one of the fastest and most accurate resamplers around.
The `audioresample` plugin has been ported to the new audio library functions
to make use of the new resampler.
[release-notes-1.8]: https://gstreamer.freedesktop.org/releases/1.8/
#### Support for SMPTE timecodes
Support for SMPTE timecodes was added to the GStreamer video library. This
comes with an abstraction for timecodes, [`GstVideoTimeCode`][video-timecode]
and a [`GstMeta`][video-timecode-meta] that can be placed on video buffers for
carrying the timecode information for each frame. Additionally there is
various API for making handling of timecodes easy and to do various
calculations with them.
A new plugin called [`timecode`][timecode-plugin] was added, that contains an
element called `timecodestamper` for putting the timecode meta on video frames
based on counting the frames and another element called `timecodewait` that
drops all video (and audio) until a specific timecode is reached.
Additionally support was added to the Decklink plugin for including the
timecode information when sending video out or capturing it via SDI, the
`qtmux` element is able to write timecode information into the MOV container,
and the `timeoverlay` element can overlay timecodes on top of the video.
More information can be found in the [talk about timecodes][timecode-talk] at
the GStreamer Conference 2016.
[video-timecode]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gst-plugins-base-libs/html/gst-plugins-base-libs-gstvideo.html#GstVideoTimeCode
[video-timecode-meta]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gst-plugins-base-libs/html/gst-plugins-base-libs-gstvideometa.html#gst-buffer-add-video-time-code-meta
[timecode-plugin]: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/tree/gst/timecode
[timecode-talk]: https://gstconf.ubicast.tv/videos/smpte-timecodes-in-gstreamer/
#### GStreamer OpenMAX IL plugin
The last gst-omx release, 1.2.0, was in July 2014. It was about time to get
a new one out with all the improvements that have happened in the meantime.
From now on, we will try to release gst-omx together with all other modules.
This release features a lot of bugfixes, improved support for the Raspberry Pi
and in general improved support for zerocopy rendering via EGL and a few minor
new features.
At this point, gst-omx is known to work best on the Raspberry Pi platform but
it is also known to work on various other platforms. Unfortunately, we are
not including configurations for any other platforms, so if you happen to use
gst-omx: please send us patches with your configuration and code changes!
### New Elements
#### decodebin3, playbin3, parsebin (experimental)
This release features new decoding and playback elements as experimental
technology previews: `decodebin3` and `playbin3` will soon supersede the
existing `decodebin` and `playbin` elements. We skipped the number 2 because
it was already used back in the 0.10 days, which might cause confusion.
Experimental technology preview means that everything should work fine already,
but we can't guarantee there won't be minor behavioural changes in the
next cycle. In any case, please test and report any problems back.
Before we go into detail about what these new elements improve, let's look at
the new [`parsebin`][parsebin] element. It works similarly to `decodebin` and
`decodebin3`, only that it stops one step short and does not plug any actual
decoder elements. It will only plug parsers, tag readers, demuxers and
depayloaders. Also note that parsebin does not contain any queueing element.
[`decodebin3`'s][decodebin3] internal architecture is slightly different from
the existing `decodebin` element and fixes many long-standing issues with our
decoding engine. For one, data is now fed into the internal `multiqueue` element
*after* it has been parsed and timestamped, which means that the `multiqueue`
element now has more knowledge and is able to calculate the interleaving of the
various streams, thus minimizing memory requirements and doing away with magic
values for buffering limits that were conceived when videos were 240p or 360p.
Anyone who has tried to play back 4k video streams with decodebin2
will have noticed the limitations of that approach. The improved timestamp
tracking also enables `multiqueue` to keep streams of the same type (audio,
video) aligned better, making sure switching between streams of the same type
is very fast.
Another major improvement in `decodebin3` is that it will no longer decode
streams that are not being used. With the old `decodebin` and `playbin`, when
there were 8 audio streams we would always decode all 8 streams even
if 7 were not actually used. This caused a lot of CPU overhead, which was
particularly problematic on embedded devices. When switching between streams
`decodebin3` will try hard to re-use existing decoders. This is useful when
switching between multiple streams of the same type if they are encoded in the
same format.
Re-using decoders is also useful when the available streams change on the fly,
as might happen with radio streams (chained Oggs), digital television
broadcasts, when adaptive streaming streams change bitrate, or when switching
gaplessly to the next title. In order to guarantee a seamless transition, the
old `decodebin2` would plug a second decoder for the new stream while finishing
up the old stream. With `decodebin3`, this is no longer needed - at least not
when the new and old format are the same. This will be particularly useful
on embedded systems where it is often not possible to run multiple decoders
at the same time, or when tearing down and setting up decoders is fairly
expensive.
`decodebin3` also allows for multiple input streams, not just a single one.
This will be useful, in the future, for gapless playback, or for feeding
multiple external subtitle streams to decodebin/playbin.
`playbin3` uses `decodebin3` internally, and will supercede `playbin`.
It was decided that it would be too risky to make the old `playbin` use the
new `decodebin3` in a backwards-compatible way. The new architecture
makes it awkward, if not impossible, to maintain perfect backwards compatibility
in some aspects, hence `playbin3` was born, and developers can migrate to the
new element and new API at their own pace.
All of these new elements make use of the new `GstStream` API for listing and
selecting streams, as described above. `parsebin` provides backwards
compatibility for demuxers and parsers which do not advertise their streams
using the new API yet (which is most).
The new elements are not entirely feature-complete yet: `playbin3` does not
support so-called decodersinks yet where the data is not decoded inside
GStreamer but passed directly for decoding to the sink. `decodebin3` is missing
the various `autoplug-*` signals to influence which decoders get autoplugged
in which order. We're looking to add back this functionality, but it will probably
be in a different way, with a single unified signal and using GstStream perhaps.
For more information on these new elements, check out Edward Hervey's talk
[*decodebin3 - dealing with modern playback use cases*][db3-talk]
[parsebin]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gst-plugins-base-plugins/html/gst-plugins-base-plugins-parsebin.html
[decodebin3]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gst-plugins-base-plugins/html/gst-plugins-base-plugins-decodebin3.html
[db3-talk]: https://gstconf.ubicast.tv/videos/decodebin3-or-dealing-with-modern-playback-use-cases/
#### LV2 ported from 0.10 and switched from slv2 to lilv2
The LV2 wrapper plugin has been ported to 1.0 and moved from using the
deprecated slv2 library to its replacement liblv2. We support sources and
filter elements. lv2 is short for *Linux Audio Developer's Simple Plugin API
(LADSPA) version 2* and is an open standard for audio plugins which includes
support for audio synthesis (generation), digital signal processing of digital
audio, and MIDI. The new lv2 plugin supersedes the existing LADSPA plugin.
#### WebRTC DSP Plugin for echo-cancellation, gain control and noise suppression
A set of new elements ([webrtcdsp][webrtcdsp], [webrtcechoprobe][webrtcechoprobe])
based on the WebRTC DSP software stack can now be used to improve your audio
voice communication pipelines. They support echo cancellation, gain control,
noise suppression and more. For more details you may read
[Nicolas' blog post][webrtc-blog-post].
[webrtcdsp]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gst-plugins-bad-plugins/html/gst-plugins-bad-plugins-webrtcdsp.html
[webrtcechoprobe]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gst-plugins-bad-plugins/html/gst-plugins-bad-plugins-webrtcechoprobe.html
[webrtc-blog-post]: https://ndufresne.ca/2016/06/gstreamer-echo-canceller/
#### Fraunhofer FDK AAC encoder and decoder
New encoder and decoder elements wrapping the Fraunhofer FDK AAC library have
been added (`fdkaacdec`, `fdkaacdec`). The Fraunhofer FDK AAC encoder is
generally considered to be a very high-quality AAC encoder, but unfortunately
it comes under a non-free license with the option to obtain a paid, commercial
license.
### Noteworthy element features and additions
#### Major RTP and RTSP improvements
- The RTSP server and source element, as well as the RTP jitterbuffer now support
remote clock synchronization according to [RFC7273][https://tools.ietf.org/html/rfc7273].
- Support for application and profile specific RTCP packets was added.
- The H265/HEVC payloader/depayloader is again in sync with the final RFC.
- Seeking stability of the RTSP source and server was improved a lot and
runs stably now, even when doing scrub-seeking.
- The RTSP server received various major bugfixes, including for regressions that
caused the IP/port address pool to not be considered, or NAT hole punching
to not work anymore. [Bugzilla #766612][https://bugzilla.gnome.org/show_bug.cgi?id=766612]
- Various other bugfixes that improve the stability of RTP and RTSP, including
many new unit / integration tests.
#### Improvements to splitmuxsrc and splitmuxsink
- The splitmux element received reliability and error handling improvements,
removing at least one deadlock case. `splitmuxsrc` now stops cleanly at the end
of the segment when handling seeks with a stop time. We fixed a bug with large
amounts of downstream buffering causing incorrect out-of-sequence playback.
- `splitmuxsrc` now has a `"format-location"` signal to directly specify the list
of files to play from.
- `splitmuxsink` can now optionally send force-keyunit events to upstream
elements to allow splitting files more accurately instead of having to wait
for upstream to provide a new keyframe by itself.
#### OpenGL/GLES improvements
##### iOS and macOS (OS/X)
- We now create OpenGL|ES 3.x contexts on iOS by default with a fallback to
OpenGL|ES 2.x if that fails.
- Various zerocopy decoding fixes and enhancements with the
encoding/decoding/capturing elements.
- libdispatch is now used on all Apple platforms instead of GMainLoop, removing
the expensive poll()/pthread_*() overhead.
##### New API
- `GstGLFramebuffer` - for wrapping OpenGL frame buffer objects. It provides
facilities for attaching `GstGLMemory` objects to the necessary attachment
points, binding and unbinding and running a user-supplied function with the
framebuffer bound.
- `GstGLRenderbuffer` (a `GstGLBaseMemory` subclass) - for wrapping OpenGL
render buffer objects that are typically used for depth/stencil buffers or
for color buffers where we don't care about the output.
- `GstGLMemoryEGL` (a `GstGLMemory` subclass) - for combining `EGLImage`s with a GL
texture that replaces `GstEGLImageMemory` bringing the improvements made to the
other `GstGLMemory` implementations. This fixes a performance regression in
zerocopy decoding on the Raspberry Pi when used with an updated gst-omx.
##### Miscellaneous improvements
- `gltestsrc` is now usable on devices/platforms with OpenGL 3.x and OpenGL|ES
and has completed or gained support for new patterns in line with the
existing ones in `videotestsrc`.
- `gldeinterlace` is now available on devices/platforms with OpenGL|ES
implementations.
- The dispmanx backend (used on the Raspberry Pi) now supports the
`gst_video_overlay_set_window_handle()` and
`gst_video_overlay_set_render_rectangle()` functions.
- The `gltransformation` element now correctly transforms mouse coordinates (in
window space) to stream coordinates for both perspective and orthographic
projections.
- The `gltransformation` element now detects if the
`GstVideoAffineTransformationMeta` is supported downstream and will efficiently
pass its transformation downstream. This is a performance improvement as it
results in less processing being required.
- The wayland implementation now uses the multi-threaded safe event-loop API
allowing correct usage in applications that call wayland functions from
multiple threads.
- Support for native 90 degree rotations and horizontal/vertical flips
in `glimagesink`.
#### Vulkan
- The Vulkan elements now work under Wayland and have received numerous
bugfixes.
#### QML elements
- `qmlglsink` video sink now works on more platforms, notably, Windows, Wayland,
and Qt's eglfs (for embedded devices with an OpenGL implementation) including
the Raspberry Pi.
- New element `qmlglsrc` to record a QML scene into a GStreamer pipeline.
#### KMS video sink
- New element `kmssink` to render video using Direct Rendering Manager
(DRM) and Kernel Mode Setting (KMS) subsystems in the Linux
kernel. It is oriented to be used mostly in embedded systems.
#### Wayland video sink
- `waylandsink` now supports the wl_viewporter extension allowing
video scaling and cropping to be delegated to the Wayland
compositor. This extension is also been made optional, so that it can
also work on current compositors that don't support it. It also now has
support for the video meta, allowing zero-copy operations in more
cases.
#### DVB improvements
- `dvbsrc` now has better delivery-system autodetection and several
new parameter sanity-checks to improve its resilience to configuration
omissions and errors. Superfluous polling continues to be trimmed down,
and the debugging output has been made more consistent and precise.
Additionally, the channel-configuration parser now supports the new dvbv5
format, enabling `dvbbasebin` to automatically playback content transmitted
on delivery systems that previously required manual description, like ISDB-T.
#### DASH, HLS and adaptivedemux
- HLS now has support for Alternate Rendition audio and video tracks. Full
support for Alternate Rendition subtitle tracks will be in an upcoming release.
- DASH received support for keyframe-only trick modes if the
`GST_SEEK_FLAG_TRICKMODE_KEY_UNITS` flag is given when seeking. It will
only download keyframes then, which should help with high-speed playback.
Changes to skip over multiple frames based on bandwidth and other metrics
will be added in the near future.
- Lots of reliability fixes around seek handling and bitrate switching.
#### Bluetooth improvements
- The `avdtpsrc` element now supports metadata such as track title, artist
name, and more, which devices can send via AVRCP. These are published as
tags on the pipeline.
- The `a2dpsink` element received some love and was cleaned up so that it
actually works after the initial GStreamer 1.0 port.
#### GStreamer VAAPI
- All the decoders have been split, one plugin feature per codec. So
far, the available ones, depending on the driver, are:
`vaapimpeg2dec`, `vaapih264dec`, `vaapih265dec`, `vaapivc1dec`, `vaapivp8dec`,
`vaapivp9dec` and `vaapijpegdec` (which already was split).
- Improvements when mapping VA surfaces into memory. It now differentiates
between negotiation caps and allocations caps, since the allocation
memory for surfaces may be bigger than one that is going to be
mapped.
- `vaapih265enc` now supports constant bitrate mode (CBR).
- Since several VA drivers are unmaintained, we decide to keep a whitelist
with the va drivers we actually test, which is mostly the i915 and to a lesser
degree gallium from the mesa project. Exporting the environment variable
`GST_VAAPI_ALL_DRIVERS` disables the whitelist.
- Plugin features are registered at run-time, according to their support by
the loaded VA driver. So only the decoders and encoder supported by the
system are registered. Since the driver can change, some dependencies are
tracked to invalidate the GStreamer registry and reload the plugin.
- `dmabuf` importation from upstream has been improved, gaining performance.
- `vaapipostproc` now can negotiate buffer transformations via caps.
- Decoders now can do I-frame only reverse playback. This decodes I-frames
only because the surface pool is smaller than the required by the GOP to show all the
frames.
- The upload of frames onto native GL textures has been optimized too, keeping
a cache of the internal structures for the offered textures by the sink.
#### V4L2 changes
- More pixels formats are now supported
- Decoder is now using `G_SELECTION` instead of the deprecated `G_CROP`
- Decoder now uses the `STOP` command to handle EOS
- Transform element can now scale the pixel aspect ratio
- Colorimetry support has been improved even more
- We now support the `OUTPUT_OVERLAY` type of video node in v4l2sink
#### Miscellaneous
- `multiqueue`'s input pads gained a new `"group-id"` property which
can be used to group input streams. Typically one will assign
different id numbers to audio, video and subtitle streams for
example. This way `multiqueue` can make sure streams of the same
type advance in lockstep if some of the streams are unlinked and the
`"sync-by-running-time"` property is set. This is used in
decodebin3/playbin3 to implement almost-instantaneous stream
switching. The grouping is required because different downstream
paths (audio, video, etc.) may have different buffering/latency
etc. so might be consuming data from multiqueue with a slightly
different phase, and if we track different stream groups separately
we minimize stream switching delays and buffering inside the
`multiqueue`.
- `alsasrc` now supports ALSA drivers without a position for each
channel, this is common in some professional or industrial hardware.
- `libvpx` based decoders (`vp8dec` and `vp9dec`) now create multiple threads on
computers with multiple CPUs automatically.
- `rfbsrc` - used for capturing from a VNC server - has seen a lot of
debugging. It now supports the latest version of the RFB
protocol and uses GIO everywhere.
- `tsdemux` can now read ATSC E-AC-3 streams.
- New `GstVideoDirection` video orientation interface for rotating, flipping
and mirroring video in 90° steps. It is implemented by the `videoflip` and
`glvideoflip` elements currently.
- It is now possible to give `appsrc` a duration in time, and there is now a
non-blocking try-pull API for `appsink` that returns NULL if nothing is
available right now.
- `x264enc` has support now for chroma-site and colorimetry settings
- A new JPEG2000 parser element was added, and the JPEG2000 caps were cleaned
up and gained more information needed in combination with RTP and various
container formats.
- Reverse playback support for `videorate` and `deinterlace` was implemented
- Various improvements everywhere for reverse playback and `KEY_UNITS` trick mode
- New cleaned up `rawaudioparse` and `rawvideoparse` elements that replace the
old `audioparse` and `videoparse` elements. There are compatibility element
factories registered with the old names to allow existing code to continue
to work.
- The Decklink plugin gained support for 10 bit video SMPTE timecodes, and
generally got many bugfixes for various issues.
- New API in `GstPlayer` for setting the multiview mode for stereoscopic
video, setting an HTTP/RTSP user agent and a time offset between audio and
video. In addition to that, there were various bugfixes and the new
gst-examples module contains Android, iOS, GTK+ and Qt example applications.
- `GstBin` has new API for suppressing various `GstElement` or `GstObject`
flags that would otherwise be affected by added/removed child elements. This
new API allows `GstBin` subclasses to handle for themselves if they
should be considered a sink or source element, for example.
- The `subparse` element can handle WebVTT streams now.
- A new `sdpsrc` element was added that can read an SDP from a file, or get it
as a string as property and then sets up an RTP pipeline accordingly.
### Plugin moves
No plugins were moved this cycle. We'll make up for it next cycle, promise!
### Rewritten memory leak tracer
GStreamer has had basic functionality to trace allocation and freeing of
both mini-objects (buffers, events, caps, etc.) and objects in the form of the
internal `GstAllocTrace` tracing system. This API was never exposed in the
1.x API series though. When requested, this would dump a list of objects and
mini-objects at exit time which had still not been freed at that point,
enabled with an environment variable. This subsystem has now been removed
in favour of a new implementation based on the recently-added tracing framework.
Tracing hooks have been added to trace the creation and destruction of
GstObjects and mini-objects, and a new tracer plugin has been written using
those new hooks to track which objects are still live and which are not. If
GStreamer has been compiled against the libunwind library, the new leaks tracer
will remember where objects were allocated from as well. By default the leaks
tracer will simply output a warning if leaks have been detected on `gst_deinit()`.
If the `GST_LEAKS_TRACER_SIG` environment variable is set, the leaks tracer
will also handle the following UNIX signals:
- `SIGUSR1`: log alive objects
- `SIGUSR2`: create a checkpoint and print a list of objects created and
destroyed since the previous checkpoint.
Unfortunately this will not work on Windows due to no signals, however.
If the `GST_LEAKS_TRACER_STACK_TRACE` environment variable is set, the leaks
tracer will also log the creation stack trace of leaked objects. This may
significantly increase memory consumption however.
New `MAY_BE_LEAKED` flags have been added to GstObject and GstMiniObject, so
that objects and mini-objects that are likely to stay around forever can be
flagged and blacklisted from the leak output.
To give the new leak tracer a spin, simply call any GStreamer application such
as `gst-launch-1.0` or `gst-play-1.0` like this:
GST_TRACERS=leaks gst-launch-1.0 videotestsrc num-buffers=10 ! fakesink
If there are any leaks, a warning will be raised at the end.
It is also possible to trace only certain types of objects or mini-objects:
GST_TRACERS="leaks(GstEvent,GstMessage)" gst-launch-1.0 videotestsrc num-buffers=10 ! fakesink
This dedicated leaks tracer is much much faster than valgrind since all code is
executed natively instead of being instrumented. This makes it very suitable
for use on slow machines or embedded devices. It is however limited to certain
types of leaks and won't catch memory leaks when the allocation has been made
via plain old `malloc()` or `g_malloc()` or other means. It will also not trace
non-GstObject GObjects.
The goal is to enable leak tracing on GStreamer's Continuous-Integration and
testing system, both for the regular unit tests (make check) and media tests
(gst-validate), so that accidental leaks in common code paths can be detected
and fixed quickly.
For more information about the new tracer, check out Guillaume Desmottes's
["Tracking Memory Leaks"][leaks-talk] talk or his [blog post][leaks-blog] about
the topic.
[leaks-talk]: https://gstconf.ubicast.tv/videos/tracking-memory-leaks/
[leaks-blog]: https://blog.desmottes.be/?post/2016/06/20/GStreamer-leaks-tracer
### GES and NLE changes
- Clip priorities are now handled by the layers, and the GESTimelineElement
priority property is now deprecated and unused
- Enhanced (de)interlacing support to always use the `deinterlace` element
and expose needed properties to users
- Allow reusing clips children after removing the clip from a layer
- We are now testing many more rendering formats in the gst-validate
test suite, and failures have been fixed.
- Also many bugs have been fixed in this cycle!
### GStreamer validate changes
This cycle has been focused on making GstValidate more than just a validating
tool, but also a tool to help developers debug their GStreamer issues. When
reporting issues, we try to gather as much information as possible and expose
it to end users in a useful way. For an example of such enhancements, check out
Thibault Saunier's [blog post](improving-debugging-gstreamer-validate) about
the new Not Negotiated Error reporting mechanism.
Playbin3 support has been added so we can run validate tests with `playbin3`
instead of playbin.
We are now able to properly communicate between `gst-validate-launcher` and
launched subprocesses with actual IPC between them. That has enabled the test
launcher to handle failing tests specifying the exact expected issue(s).
[improving-debugging-gstreamer-validate]: https://blogs.s-osg.org/improving-debugging-gstreamer-validate/
### gst-libav changes
gst-libav uses the recently released ffmpeg 3.2 now, which brings a lot of
improvements and bugfixes from the ffmpeg team in addition to various new
codec mappings on the GStreamer side and quite a few bugfixes to the GStreamer
integration to make it more robust.
## Build and Dependencies
### Experimental support for Meson as build system
#### Overview
We have have added support for building GStreamer using the
[Meson build system][meson]. This is currently experimental, but should work
fine at least on Linux using the gcc or clang toolchains and on Windows using
the MingW or MSVC toolchains.
Autotools remains the primary build system for the time being, but we hope to
someday replace it and will steadily work towards that goal.
More information about the background and implications of all this and where
we're hoping to go in future with this can be found in [Tim's mail][meson-mail]
to the gstreamer-devel mailing list.
For more information on Meson check out [these videos][meson-videos] and also
the [Meson talk][meson-gstconf] at the GStreamer Conference.
Immediate benefits for Linux users are faster builds and rebuilds. At the time
of writing the Meson build of GStreamer is used by default in GNOME's jhbuild
system.
The Meson build currently still lacks many of the fine-grained configuration
options to enable/disable specific plugins. These will be added back in due
course.
Note: The meson build files are not distributed in the source tarballs, you will
need to get GStreamer from git if you want try it out.
[meson]: http://mesonbuild.com/
[meson-mail]: https://lists.freedesktop.org/archives/gstreamer-devel/2016-September/060231.html
[meson-videos]: http://mesonbuild.com/videos.html
[meson-gstconf]: https://gstconf.ubicast.tv/videos/gstreamer-development-on-windows-ans-faster-builds-everywhere-with-meson/
#### Windows Visual Studio toolchain support
Windows users might appreciate being able to build GStreamer using the MSVC
toolchain, which is not possible using autotools. This means that it will be
possible to debug GStreamer and applications in Visual Studio, for example.
We require VS2015 or newer for this at the moment.
There are two ways to build GStreamer using the MSVC toolchain:
1. Using the MSVC command-line tools (`cl.exe` etc.) via Meson's "ninja" backend.
2. Letting Meson's "vs2015" backend generate Visual Studio project files that
can be opened in Visual Studio and compiled from there.
This is currently only for adventurous souls though. All the bits are in place,
but support for all of this has not been merged into GStreamer's cerbero build
tool yet at the time of writing. This will hopefully happen in the next cycle,
but for now this means that those wishing to compile GStreamer with MSVC will
have to get their hands dirty.
There are also no binary SDK builds using the MSVC toolchain yet.
For more information on GStreamer builds using Meson and the Windows toolchain
check out Nirbheek Chauhan's blog post ["Building and developing GStreamer using Visual Studio"][msvc-blog].
[msvc-blog]: http://blog.nirbheek.in/2016/07/building-and-developing-gstreamer-using.html
### Dependencies
#### gstreamer
libunwind was added as an optional dependency. It is used only for debugging
and tracing purposes.
The `opencv` plugin in gst-plugins-bad can now be built against OpenCV
version 3.1, previously only 2.3-2.5 were supported.
#### gst-plugins-ugly
- `mpeg2dec` now requires at least libmpeg2 0.5.1 (from 2008).
#### gst-plugins-bad
- `gltransformation` now requires at least graphene 1.4.0.
- `lv2` now plugin requires at least lilv 0.16 instead of slv2.
### Packaging notes
Packagers please note that the `gst/gstconfig.h` public header file in the
GStreamer core library moved back from being an architecture dependent include
to being architecture independent, and thus it is no longer installed into
`$(libdir)/gstreamer-1.0/include/gst` but into the normal include directory
where it lives happily ever after with all the other public header files. The
reason for this is that we now check whether the target supports unaligned
memory access based on predefined compiler macros at compile time instead of
checking it at configure time.
## Platform-specific improvements
### Android
#### New universal binaries for all supported ABIs
We now provide a "universal" tarball to allow building apps against all the
architectures currently supported (x86, x86-64, armeabi, armeabi-v7a,
armeabi-v8a). This is needed for building with recent versions of the Android
NDK which defaults to building against all supported ABIs. Use [the Android
player example][android-player-example-build] as a reference for the required
changes.
[android-player-example-build]: https://cgit.freedesktop.org/gstreamer/gst-examples/commit/playback/player/android?id=a5cdde9119f038a1eb365aca20faa9741a38e788
#### Miscellaneous
- New `ahssrc` element that allows reading the hardware sensors, e.g. compass
or accelerometer.
### macOS (OS/X) and iOS
- Support for querying available devices on OS/X via the GstDeviceProvider
API was added.
- It is now possible to create OpenGL|ES 3.x contexts on iOS and use them in
combination with the VideoToolbox based decoder element.
- many OpenGL/GLES improvements, see OpenGL section above
### Windows
- gstconfig.h: Always use dllexport/import on Windows with MSVC
- Miscellaneous fixes to make libs and plugins compile with the MVSC toolchain
- MSVC toolchain support (see Meson section above for more details)
## New Modules for Documentation, Examples, Meson Build
Three new git modules have been added recently:
### gst-docs
This is a new module where we will maintain documentation in the markdown
format.
It contains the former gstreamer.com SDK tutorials which have kindly been made
available by Fluendo under a Creative Commons license. The tutorials have been
reviewed and updated for GStreamer 1.x and will be available as part of the
[official GStreamer documentation][doc] going forward. The old gstreamer.com
site will then be shut down with redirects pointing to the updated tutorials.
Some of the existing docbook XML-formatted documentation from the GStreamer
core module such as the *Application Development Manual* and the *Plugin
Writer's Guide* have been converted to markdown as well and will be maintained
in the gst-docs module in future. They will be removed from the GStreamer core
module in the next cycle.
This is just the beginning. Our goal is to provide a more cohesive documentation
experience for our users going forward, and easier to create and maintain
documentation for developers. There is a lot more work to do, get in touch if
you want to help out.
If you encounter any problems or spot any omissions or outdated content in the
new documentation, please [file a bug in bugzilla][doc-bug] to let us know.
We will probably release gst-docs as a separate tarball for distributions to
package in the next cycle.
[doc]: http://gstreamer.freedesktop.org/documentation/
[doc-bug]: https://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer&component=documentation
### gst-examples
A new [module][examples-git] has been added for examples. It does not contain
much yet, currently it only contains a small [http-launch][http-launch] utility
that serves a pipeline over http as well as various [GstPlayer playback frontends][puis]
for Android, iOS, Gtk+ and Qt.
More examples will be added over time. The examples in this repository should
be more useful and more substantial than most of the examples we ship as part
of our other modules, and also written in a way that makes them good example
code. If you have ideas for examples, let us know.
No decision has been made yet if this module will be released and/or packaged.
It probably makes sense to do so though.
[examples-git]: https://cgit.freedesktop.org/gstreamer/gst-examples/tree/
[http-launch]: https://cgit.freedesktop.org/gstreamer/gst-examples/tree/network/http-launch/
[puis]: https://cgit.freedesktop.org/gstreamer/gst-examples/tree/playback/player
### gst-build
[gst-build][gst-build-git] is a new meta module to build GStreamer using the
new Meson build system. This module is not required to build GStreamer with
Meson, it is merely for convenience and aims to provide a development setup
similar to the existing `gst-uninstalled` setup.
gst-build makes use of Meson's [subproject feature][meson-subprojects] and sets
up the various GStreamer modules as subprojects, so they can all be updated and
built in parallel.
This module is still very new and highly experimental. It should work at least
on Linux and Windows (OS/X needs some build fixes). Let us know of any issues
you encounter by popping into the `#gstreamer` IRC channel or by
[filing a bug][gst-build-bug].
This module will probably not be released or packaged (does not really make sense).
[gst-build-git]: https://cgit.freedesktop.org/gstreamer/gst-build/tree/
[gst-build-bug]: https://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer&component=gst-build
[meson-subprojects]: https://github.com/mesonbuild/meson/wiki/Subprojects
## Contributors
Aaron Boxer, Aleix Conchillo Flaqué, Alessandro Decina, Alexandru Băluț, Alex
Ashley, Alex-P. Natsios, Alistair Buxton, Allen Zhang, Andreas Naumann, Andrew
Eikum, Andy Devar, Anthony G. Basile, Arjen Veenhuizen, Arnaud Vrac, Artem
Martynovich, Arun Raghavan, Aurélien Zanelli, Barun Kumar Singh, Bernhard
Miller, Brad Lackey, Branko Subasic, Carlos Garcia Campos, Carlos Rafael
Giani, Christoffer Stengren, Daiki Ueno, Damian Ziobro, Danilo Cesar Lemes de
Paula, David Buchmann, Dimitrios Katsaros, Duncan Palmer, Edward Hervey,
Emmanuel Poitier, Enrico Jorns, Enrique Ocaña González, Fabrice Bellet,
Florian Zwoch, Florin Apostol, Francisco Velazquez, Frédéric Bertolus, Fredrik
Fornwall, Gaurav Gupta, George Kiagiadakis, Georg Lippitsch, Göran Jönsson,
Graham Leggett, Gregoire Gentil, Guillaume Desmottes, Gwang Yoon Hwang, Haakon
Sporsheim, Haihua Hu, Havard Graff, Heinrich Fink, Hoonhee Lee, Hyunjun Ko,
Iain Lane, Ian, Ian Jamison, Jagyum Koo, Jake Foytik, Jakub Adam, Jan
Alexander Steffens (heftig), Jan Schmidt, Javier Martinez Canillas, Jerome
Laheurte, Jesper Larsen, Jie Jiang, Jihae Yi, Jimmy Ohn, Jinwoo Ahn, Joakim
Johansson, Joan Pau Beltran, Jonas Holmberg, Jonathan Matthew, Jonathan Roy,
Josep Torra, Julien Isorce, Jun Ji, Jürgen Slowack, Justin Kim, Kazunori
Kobayashi, Kieran Bingham, Kipp Cannon, Koop Mast, Kouhei Sutou, Kseniia, Kyle
Schwarz, Kyungyong Kim, Linus Svensson, Luis de Bethencourt, Marcin Kolny,
Marcin Lewandowski, Marianna Smidth Buschle, Mario Sanchez Prada, Mark
Combellack, Mark Nauwelaerts, Martin Kelly, Matej Knopp, Mathieu Duponchelle,
Mats Lindestam, Matthew Gruenke, Matthew Waters, Michael Olbrich, Michal Lazo,
Miguel París Díaz, Mikhail Fludkov, Minjae Kim, Mohan R, Munez, Nicola Murino,
Nicolas Dufresne, Nicolas Huet, Nikita Bobkov, Nirbheek Chauhan, Olivier
Crête, Paolo Pettinato, Patricia Muscalu, Paulo Neves, Peng Liu, Peter
Seiderer, Philippe Normand, Philippe Renon, Philipp Zabel, Pierre Lamot, Piotr
Drąg, Prashant Gotarne, Raffaele Rossi, Ray Strode, Reynaldo H. Verdejo
Pinochet, Santiago Carot-Nemesio, Scott D Phillips, Sebastian Dröge, Sebastian
Rasmussen, Sergei Saveliev, Sergey Borovkov, Sergey Mamonov, Sergio Torres
Soldado, Seungha Yang, sezero, Song Bing, Sreerenj Balachandran, Stefan Sauer,
Stephen, Steven Hoving, Stian Selnes, Thiago Santos, Thibault Saunier, Thijs
Vermeir, Thomas Bluemel, Thomas Jones, Thomas Klausner, Thomas Scheuermann,
Tim-Philipp Müller, Ting-Wei Lan, Tom Schoonjans, Ursula Maplehurst, Vanessa
Chipirras Navalon, Víctor Manuel Jáquez Leal, Vincent Penquerc'h, Vineeth TM,
Vivia Nikolaidou, Vootele Vesterblom, Wang Xin-yu (王昕宇), William Manley,
Wim Taymans, Wonchul Lee, Xabier Rodriguez Calvar, Xavier Claessens, xlazom00,
Yann Jouanin, Zaheer Abbas Merali
... and many others who have contributed bug reports, translations, sent
suggestions or helped testing.
## Bugs fixed in 1.10
More than [750 bugs][bugs-fixed-in-1.10] have been fixed during
the development of 1.10.
This list does not include issues that have been cherry-picked into the
stable 1.8 branch and fixed there as well, all fixes that ended up in the
1.8 branch are also included in 1.10.
This list also does not include issues that have been fixed without a bug
report in bugzilla, so the actual number of fixes is much higher.
[bugs-fixed-in-1.10]: https://bugzilla.gnome.org/buglist.cgi?bug_status=RESOLVED&bug_status=VERIFIED&classification=Platform&limit=0&list_id=164074&order=bug_id&product=GStreamer&query_format=advanced&resolution=FIXED&target_milestone=1.8.1&target_milestone=1.8.2&target_milestone=1.8.3&target_milestone=1.8.4&target_milestone=1.9.1&target_milestone=1.9.2&target_milestone=1.9.90&target_milestone=1.10.0
## Stable 1.10 branch
After the 1.10.0 release there will be several 1.10.x bug-fix releases which
will contain bug fixes which have been deemed suitable for a stable branch,
but no new features or intrusive changes will be added to a bug-fix release
usually. The 1.10.x bug-fix releases will be made from the git 1.10 branch,
which is a stable branch.
### 1.10.0
1.10.0 was released on 1st November 2016.
## Known Issues
- iOS builds with iOS 6 SDK and old C++ STL. You need to select iOS 6 instead
of 7 or 8 in your projects settings to be able to link applications.
[Bug #766366](https://bugzilla.gnome.org/show_bug.cgi?id=766366)
- Code signing for Apple platforms has some problems currently, requiring
manual work to get your application signed. [Bug #771860](https://bugzilla.gnome.org/show_bug.cgi?id=771860)
- Building applications with Android NDK r13 on Windows does not work. Other
platforms and earlier/later versions of the NDK are not affected.
[Bug #772842](https://bugzilla.gnome.org/show_bug.cgi?id=772842)
- The new leaks tracer may deadlock the application (or exhibit other undefined
behaviour) when `SIGUSR` handling is enabled via the `GST_LEAKS_TRACER_SIG`
environment variable. [Bug #770373](https://bugzilla.gnome.org/show_bug.cgi?id=770373)
- vp8enc crashes on 32 bit Windows, but was working fine in 1.6. 64 bit Windows is unaffected.
[Bug #763663](https://bugzilla.gnome.org/show_bug.cgi?id=763663)
## Schedule for 1.12
Our next major feature release will be 1.12, and 1.11 will be the unstable
development version leading up to the stable 1.12 release. The development
of 1.11/1.12 will happen in the git master branch.
The plan for the 1.12 development cycle is yet to be confirmed, but it is
expected that feature freeze will be around early/mid-January,
followed by several 1.11 pre-releases and the new 1.12 stable release
in March.
1.12 will be backwards-compatible to the stable 1.10, 1.8, 1.6, 1.4, 1.2 and
1.0 release series.
- - -
*These release notes have been prepared by Olivier Crête, Sebastian Dröge,
Nicolas Dufresne, Edward Hervey, Víctor Manuel Jáquez Leal, Tim-Philipp
Müller, Reynaldo H. Verdejo Pinochet, Arun Raghavan, Thibault Saunier,
Jan Schmidt, Wim Taymans, Matthew Waters*
*License: [CC BY-SA 4.0](http://creativecommons.org/licenses/by-sa/4.0/)*
This is a minor release recommended for all users.
Resolved issues
#1015: Introducers can now remove devices that they introduced
#3726: Syncthing now correctly reconnects to staticly configured relays
#3718: strelaysrv: No longer crashes with "panic: send on closed channel"
#3682: strelaysrv: Binding to a specific address now works better
#3710: Folder information in the GUI now uses icons and tooltips
* IDNA 2008 support is now available if the "idna" module has been
installed and IDNA 2008 is requested. The default IDNA behavior
is still IDNA 2003. The new IDNA codec mechanism is currently
only useful for direct calls to dns.name.from_text() or
dns.name.from_unicode(), but in future releases it will be
deployed throughout dnspython, e.g. so that you can read a
masterfile with an IDNA 2008 codec in force.
* By default, dns.name.to_unicode() is not strict about which
version of IDNA the input complies with. Strictness can be
requested by using one of the strict IDNA codecs.
* Add AVC RR support.
* Some problems with newlines in various output modes have been
addressed.
* dns.name.to_text() now returns text and not bytes on Python 3.x
* More miscellaneous fixes for the Python 2/3 codeline merge.
---------------------------------
0.35 2016/11/03 08:30:00
- Minor POD updates.
- Added catastrophic failure protection to _croak_or_return() by adding
local $SIG{PIPE} = "IGNORE"; before connection termination logic. Limits
the scope to just this one code block.
0.34 2016/07/27 08:30:00
- BEHAVIOR CHANGE - Added fix_supported() as a way to make corrections to
supported(). Editing the returned hash reference of _help() no longer
works! This new method does both additions & removals.
- BEHAVIOUR CHANGE - Modified _mfmt() & _mdtm() to be able to handle localtime
vs gmtime based on changes to how PreserveTimestamp work. As an alternate
way, the behavior can be overriden by a new $local_flag option. The
default behavior is still GMT time. See the POD for a description of how
PreserveTimestamp now works.
- Made POD clarification & other comment updates.
- Increased TRACE_MOD from 5 to 10 blocks.
- Added BEGIN block to detect if IPv6 support is possible. It does this by
asking IO::Socket::SSL instead of reinventing the wheel.
- Moved the generation of the Debug log header info for CPAN support to BEGIN
as well so that this info gets centralized instead of repeated.
- Added Domain/Family as a new option for choosing IPv4 vs IPv6.
- Added OverrideHELP => -1 option to use FEAT instead, when HELP is broken!
- Updated quot() to recognize that MLSD also requires a data channel.
Also improved the disable HELP logic used here.
- Broke up _feat() into _feat() & feat(). Also added feat() to the POD.
Done since under some circumstances the feature list can be dynamic!
Also changed logic on how to tell if OPTS is supported or not.
Finally drops HELP from the list of FEAT commands returned if OverrideHELP
was used.
- Rewrote _help() to make it less confusing. Adding OverrideHELP=>-1 made it
clear it was too messy to support ongoing. Much more understandable now.
Also made it more reliable to get the list of site commands supported.
- Fixed PreserveTimestamp bug in transfer() & xtransfer().
- Added new option xWait for use by xput() & xtransfer(). Some servers won't
honor the rename of the scratch file to it's final name without instituting
a delay. So this option allows you to specify one.
- README - Added more notes about turning on/off SSL logging. Newer
versions allow for dynamic turning on/off. Also updated comments on the
naming of the trace logs.
- t/10-complex.t - Changes to the main test script!
* Now uses fix_supported() in it's is_file() tests since these test cases
hit some lies told by some servers!
* Fixed so it's main logs are named after this test program like the other
test cases do.
* Added new test to verify if the MDTM command correctly uses GMT time
instead of local time. (Assumes MFMT will use the same time zone!) Did
this test early enough so that the last connection used the correct
PreserveTimestamp settings for tests depending on it!
* Added xWait of 1 second to deal with problem FTP/S servers that require
a wait for the xput & xtransfer tests to work.
- t/05-readonly.t - Renamed 05-simple to 05-readonly to more acurately
describe the types of tests this test script does! Updated in MANIFEST &
README as well.
---------------------------
version 2.76
Include 0.0.0.0/8 in DNS rebind checks. This range
translates to hosts on the local network, or, at
least, 0.0.0.0 accesses the local host, so could
be targets for DNS rebinding. See RFC 5735 section 3
for details. Thanks to Stephen R旦ttger for the bug report.
Enhance --add-subnet to allow arbitrary subnet addresses.
Thanks to Ed Barsley for the patch.
Respect the --no-resolv flag in inotify code. Fixes bug
which caused dnsmasq to fail to start if a resolv-file
was a dangling symbolic link, even of --no-resolv set.
Thanks to Alexander Kurtz for spotting the problem.
Fix crash when an A or AAAA record is defined locally,
in a hosts file, and an upstream server sends a reply
that the same name is empty. Thanks to Edwin T旦r旦k for
the patch.
Fix failure to correctly calculate cache-size when
reading a hosts-file fails. Thanks to Andr辿 Gl端pker
for the patch.
Fix wrong answer to simple name query when --domain-needed
set, but no upstream servers configured. Dnsmasq returned
REFUSED, in this case, when it should be the same as when
upstream servers are configured - NOERROR. Thanks to
Allain Legacy for spotting the problem.
Return REFUSED when running out of forwarding table slots,
not SERVFAIL.
Add --max-port configuration. Thanks to Hans Dedecker for
the patch.
Add --script-arp and two new functions for the dhcp-script.
These are "arp" and "arp-old" which announce the arrival and
removal of entries in the ARP or nieghbour tables.
Extend --add-mac to allow a new encoding of the MAC address
as base64, by configurting --add-mac=base64
Add --add-cpe-id option.
Don't crash with divide-by-zero if an IPv6 dhcp-range
is declared as a whole /64.
(ie xx::0 to xx::ffff:ffff:ffff:ffff)
Thanks to Laurent Bendel for spotting this problem.
Add support for a TTL parameter in --host-record and
--cname.
Add --dhcp-ttl option.
Add --tftp-mtu option. Thanks to Patrick McLean for the
initial patch.
Check return-code of inet_pton() when parsing dhcp-option.
Bad addresses could fail to generate errors and result in
garbage dhcp-options being sent. Thanks to Marc Branchaud
for spotting this.
Fix wrong value for EDNS UDP packet size when using
--servers-file to define upstream DNS servers. Thanks to
Scott Bonar for the bug report.
Move the dhcp_release and dhcp_lease_time tools from
contrib/wrt to contrib/lease-tools.
Add dhcp_release6 to contrib/lease-tools. Many thanks
to Sergey Nechaev for this code.
To avoid filling logs in configurations which define
many upstream nameservers, don't log more that 30 servers.
The number to be logged can be changed as SERVERS_LOGGED
in src/config.h.
Swap the values if BC_EFI and x86-64_EFI in --pxe-service.
These were previously wrong due to an error in RFC 4578.
If you're using BC_EFI to boot 64-bit EFI machines, you
will need to update your config.
Add ARM32_EFI and ARM64_EFI as valid architectures in
--pxe-service.
Fix PXE booting for UEFI architectures. Modify PXE boot
sequence in this case to force the client to talk to dnsmasq
over port 4011. This makes PXE and especially proxy-DHCP PXE
work with these archictectures.
Workaround problems with UEFI PXE clients. There exist
in the wild PXE clients which have problems with PXE
boot menus. To work around this, when there's a single
--pxe-service which applies to client, then that target
will be booted directly, rather then sending a
single-item boot menu.
Many thanks to Jarek Polok, Michael Kuron and Dreamcat4
for their work on the long-standing UEFI PXE problem.
Subtle change in the semantics of "basename" in
--pxe-service. The historical behaviour has always been
that the actual filename downloaded from the TFTP server
is <basename>.<layer> where <layer> is an integer which
corresponds to the layer parameter supplied by the client.
It's not clear what the function of the "layer"
actually is in the PXE protocol, and in practise layer
is always zero, so the filename is <basename>.0
The new behaviour is the same as the old, except when
<basename> includes a file suffix, in which case
the layer suffix is no longer added. This allows
sensible suffices to be used, rather then the
meaningless ".0". Only in the unlikely event that you
have a config with a basename which already has a
suffix, is this an incompatible change, since the file
downloaded will change from name.suffix.0 to justy
name.suffix
This is a minor release recommended for all users.
Resolved issues:
#36236: Display of global and local state is clearer, especially in the presence of ignores.
#36471: GUI does not show "failed items" unless there are items that have failed.
Also:
Fixes to questionmark and asterisk handling in ignore patterns.
Build script can create a snap file.
"Black" theme re-added.
Debugging options for deadlocks.
