Changelog:
Server
Over 50 fixes were merged in the server.
Improve text: 'you have now' -> 'you now have (server#6464)
Fix initializing paged search under some circumstances (server#6502)
LDAP: simplify returning the homePath (server#6509)
Fix sharer name overlap with filename (server#6524)
Allow to close sidebar for text files (server#6525)
Fix quota new endpoint 12 (server#6527)
Pass new value to triggerChange (server#6528)
Throw 101 when an empty group string is provided (server#6547)
Contacts menu privacy (server#6554)
Add color-border variable (server#6649)
Do not stop on scss compilation failure (server#6661)
Don't pass User object when uid string is expected (server#6674)
Navigate to the root directory when showing the main filelist (server#6689)
Fix LDAP User deletion (cleanup) (server#6699)
Update aws sdk + s3 improvements (server#6737)
Dont run invalid path repair step when upgrading from 11.0.5.2 and
later (server#6743)
Fix language when trying to change password (server#6751)
Fix postgresql tests (server#6792)
Also use configured 'cache_path' for new chunking (server#6814)
Set s3 part size to 500mb (server#6815)
Fix contacts menu for IE11 (server#6823)
Still trigger conflict resolution for existing entries when
the curre (server#6847)
Propagate multipart upload exception when aborting upload (server#6855)
Allow to migrate from 10.0.3.3 (server#6878)
Timespan check (server#6896)
Do not log WebDAV maintenance mode exception (server#6908)
Don't reset quota (server#6910)
Backport of translation string fixes (server#6935)
Fix class name in exception logger plugin (server#6942)
Allow quota of 0 again (server#6943)
Fix uninitialized variable $this->params (server#6944)
Don't add a LIKE condition when it's not needed (server#6945)
Fix undefined offset warning when using '/' as external storage
root (server#6946)
Fix page title not changed (server#6987)
Better readability for text on log in page which is directly on
backgrounds (server#7028)
Translate Grant Access (server#7040)
Use fopen directly when reading objects from s3 (server#7079)
Improve mimetype detection for object storages (server#7081)
Fix seeking on object storage (server#7082)
Hide spinner for initial install (server#7095)
Ensure uid for calendar objects is unique (server#7096)
Revert "Only allow colons in db host for IPv6 addresses (server#7102)
Theme flow redirection page (server#7114)
Fix icon for security settings (server#7116)
If for some reason the json can't be decoded it is not cached (server#7118)
Improve performance of UserMountCache with external storage
folders (server#7120)
{J,CS}SResourceLocator: account for symlinks in app path server#7170)
Fix s3 download and touch (server#7186)
Touch opertation on object storage, don't create the file cache entry
to early (server#7207)
Allow migration from upcoming 10.0.4 ownCloud release (server#7245)
CSSResourceLocator: handle SCSS in apps outside root (server#7257)
only replace permission popupmenu (server#7259)
Fix accesslist when a user has an ID only containting 0-9 (server#7262)
Update CRL due to files_frommail (server#7277)
Only in case of $currentAccess the array uses the id as index (server#7328)
Other
Add aws sdk (3rdparty#69)
Don't send emails to disabled users (activity#202)
Add an option to disable emails completly (activity#206)
Make sure the mountPoint property is public before using it
(files_accesscontrol#79)
Allow to playback m4v files (files_videoplayer#43)
Fix notifications order (notifications#93)
2018 01 01
- Added new flag -wn (--weld-nested-containers) which addresses these issues:
RT #123749: Problem with promises;
RT #119970: opening token stacking strange behavior;
RT #81853: Can't stack block braces
- Fixed RT #114359: Missparsing of "print $x ** 0.5;
- Deactivated the --check-syntax flag for better security. It will be
ignored if set.
- Corrected minimum perl version from 5.004 to 5.008 based on perlver
report. The change is required for coding involving wide characters.
- For certain severe errors, the source file will be copied directly to the
output without formatting. These include ending in a quote, ending in a
here doc, and encountering an unidentified character.
1.0045 2017-12-31 12:40:52 PST
[BUG FIXES]
- Protect WrapCGI against SIGCHLD handlers #596
[IMPROVEMENTS]
- Set Content-Length to 0 in XSendfile middleware #602
- Document options for XSendfile middleware
- Remove #foo file for testing that was causing issues on Win32 systems #599
- Add 103 Early Hints to Plack::Handler::CGI
1.9751 [2018-01-02]
- in macOS/OSX/Darwin, use __has_builtin() check also for utimensat(),
can cause errors like
"HiRes.xs:1474:16: error: unrecognized platform name macOS"
[rt.cpan.org #123994]
(oversight from 1.9749)
- do not define TIME_HIRES_STAT/d_hires_stat if none was found, instead
of defining it to be zero, which case has no implementation in hrstatns()
(thanks to Nigel Horne)
- in t/utime.t try to divine if the filesystem of the tempfiles has been
mounted with the 'noatime' option, which can prohibit updating the
access time timestamp. Also document this in HiRes.pm.
(thanks to Nigel Horne, original analysis by Slaven Rezic)
- synchronize the constant lists in HiRes.pm:@EXPORT_OK
and Makefile.PL:doConstants and regenerate fallback/const-c.inc
and fallback/const-xs.inc, this fixes Perl 5.6.2 issue with
d_futimens not allegedly being a valid macro in t/utime.t
(using Perl 5.26.1 for the regenerating, not 5.6.2)
(thanks to Nigel Horne)
- in t/utime.t define a nop sub done_testing for ancient Perls
(like Perl 5.6.2)
- in Perl 5.6.2 a bogus warning
"Use of uninitialized value in subroutine entry"
is issued from t/alarm.t: add a comment documenting that
1.0.1:
Bug fix
* Duplicate rate limits applied via application limits
1.0.0:
Improved documentation for handling ip addresses for applications behind proxiues
Execute rate limits for decorated routes in decorator instead of before_request
Bug Fix
* Python 3.5 Errors
* RATELIMIT_KEY_PREFIX configuration constant not used
* Can't use dynamic limit in default_limits
* Retry-After header always zero when using key prefix
Bugfixes:
Fixed a regression in Django 1.11 that added newlines between MultiWidget’s subwidgets.
Fixed incorrect class-based model index name generation for models with quoted db_table.
Fixed incorrect foreign key constraint name for models with quoted db_table.
Fixed a regression in caching of a GenericForeignKey when the referenced model instance uses more than one level of multi-table inheritance.
It compares the license file from the package with the available licenses
in licenses/ and shows the diff to the best match.
This will hopefully make it easier for package authors to include the
LICENSE variable in the package Makefile. This variable being missing is
one of the most frequent error messages from pkglint (4187 out of 20044).
This reduces the number of pkglint errors for this package, since all
remaining patches are properly commented now.
No functional change, except for a smaller binary package.
* editheader extension: The implementation of header modifications is
heavily updated. Although the functionality has not changed, the
underlying code was updated to address several static analysis
warnings, runtime integer arithmetic warnings (Clang), and to match
updates in the Dovecot stream API.
+ variables extension: Made the maximum scope and variable size
configurable.
+ subaddress: Support multiple recipient_delimiters.
- enotify extension: mailto method: Fixed parsing of mailto URI with
only a header part.
- enotify plugin: mailto method: Make sure the "From:" header is set to
a usable address and not "(null)".
- Fixed writing address headers to outgoing messages. Sometimes headers
were MIME-encoded twice, yielding invalid results.
Some of the larger changes:
* Various setting changes, see https://wiki2.dovecot.org/Upgrading/2.3
* Logging rewrite started: Logging is now based on hierarchical events.
This makes it possible to do various things, like: 1) giving
consistent log prefixes, 2) enabling debug logging with finer
granularity, 3) provide logs in more machine readable formats
(e.g. json). Everything isn't finished yet, especially a lot of the
old logging code still needs to be translated to the new way.
* Statistics rewrite started: Stats are now based on (log) events.
It's possible to gather statistics about any event that is logged.
See http://wiki2.dovecot.org/Statistics for details
* ssl_dh setting replaces the old generated ssl-parameters.dat
* IMAP: When BINARY FETCH finds a broken mails, send [PARSE] error
instead of [UNKNOWNCTE]
* Linux: core dumping via PR_SET_DUMPABLE is no longer enabled by
default due to potential security reasons (found by cPanel Security
Team).
+ Added support for SMTP submission proxy server, which includes
support for BURL and CHUNKING extension.
+ LMTP rewrite. Supports now CHUNKING extension and mixing of
local/proxy recipients.
+ auth: Support libsodium to add support for ARGON2I and ARGON2ID
password schemes.
+ auth: Support BLF-CRYPT password scheme in all platforms
+ auth: Added LUA scripting support for passdb/userdb.
See https://wiki2.dovecot.org/AuthDatabase/Lua
- Input streams are more reliable now when there are errors or when
the maximum buffer size is reached. Previously in some situations
this could have caused Dovecot to try to read already freed memory.
- Output streams weren't previously handling failures when writing a
trailer at the end of the stream. This mainly affected encrypt and
zlib compress ostreams, which could have silently written truncated
files if the last write happened to fail (which shouldn't normally
have ever happened).
- virtual plugin: Fixed panic when fetching mails from virtual
mailboxes with IMAP BINARY extension.
- doveadm-server: Fix potential hangs with SSL connections
- doveadm proxy: Reading commands' output from v2.2.33+ servers could
have caused the output to be corrupted or caused a crash.
- Many other smaller fixes
Lua support no longer optional.
PowerDNS Recursor 4.1.0
===========================================================
- Improved DNSSEC support
- Improved documentation
- Improved RPZ support
- Improved EDNS Client Subnet support
- Support for Botan 2.x (and removal of support for Botan 1.10)
- SNMP support
- Lua engine has gained access to more parts of the recursor
- CPU affinity can now be specified
- TCP Fast Open support
- New performance metrics
Full changelog:
https://doc.powerdns.com/recursor/changelog/4.1.html
PowerDNS Recursor 4.0.7
===========================================================
- Insufficient validation of DNSSEC signatures (CVE-2017-15090)
- Cross-Site Scripting in the web interface (CVE-2017-15092)
- Configuration file injection in the API (CVE-2017-15093)
- Memory leak in DNSSEC parsing (CVE-2017-15094)
Bug fixes
- Update rec_control manpage
- Check in the detected OpenSSL/libcrypto for ECDSA
- Make more specific Netmasks < to less specific ones
- Fix validation at the exact RRSIG inception or expiration time
- Lowercase all outgoing qnames when lowercase-outgoing is set
- Fix libatomic detection on ppc64
- Edit configname definition to include the 'config-name' argument
Improvements
- Extract nested exception from Luawrapper
- Use explicit yes for default-enabled settings
- Throw an error when lua-conf-file can't be loaded
- get-remote-ring's "other" report should only have two items.
- PowerDNS sdig does not truncate trailing bits of EDNS Client Subnet
mask
- Only increase no-packet-error on the first read
- Add support for Botan 2.x
- Add more information to recursor cache dumps
- Fix typo in two log messages
- Add help text on autodetecting systemd support
- Be more resilient with broken auths
- Remove pdns.PASS and pdns.TRUNCATE
- Improve dnsbulktest experience in travis for more robustness
- Create socket-dir from init-script
- b.root renumbering, effective 2017-10-24
- Don't retry security polling too often when it fails
PowerDNS Authoritative Server 4.1.0
===========================================================
- Improved performance: 400% speedup in some scenarios
- Crypto API: DNSSEC fully configurable via RESTful API
- Improved documentation
- Database related improvements
- Enhanced tooling
- Support for TCP Fast Open
- Support for non-local bind
- Support for Botan 2.x (and removal of support for Botan 1.10)
- Our packages now ship with PKCS #11 support.
- Recursor passthrough removal
Full changelog:
https://doc.powerdns.com/authoritative/changelog/4.1.html
PowerDNS Authoritative Server 4.0.5
===========================================================
Fixes
- Fix for missing check on API operations (CVE-2017-15091)
- Bindbackend: do not corrupt data supplied by other backends in
getAllDomains
- API: prevent sending nameservers list and zone-level NS in rrsets
- gpgsql: make statement names actually unique
- Fix remotebackend params
- Fix godbc query logging
- For create-slave-zone, actually add all slaves, and not only first n
times
- Fix a regression in axfr-rectify + test
- When making a netmask from a comboaddress, we neglected to zero the
port
- Fix libatomic detection on ppc64
- Catch DNSName exception in the Zoneparser
- Publish inactive KSK/CSK as CDNSKEY/CDS
- Handle AFSDB record separately due to record structure.
- Treat requestor's payload size lower than 512 as equal to 512
- Correctly purge entries from the caches after a transfer
- Handle a signing pipe worker dying with work still pending
- Ignore SOA-EDIT for PRESIGNED zones.
- Check return value for all getTSIGKey calls.
Improvements
- Fix ldap-strict autoptr feature, including a test
- mydnsbackend: Add getAllDomains
- Stubresolver: Use only recursor setting if given
- LuaWrapper: Allow embedded NULs in strings received from Lua
- sdig: Clarify that the ednssubnet option takes "subnet/mask"
- Tests: Ensure all required tools are available
- PowerDNS sdig does not truncate trailing bits of EDNS Client Subnet
mask
- LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace
- Add support for Botan 2.x
- Ship ldapbackend schema files in tarball
- Collection of schema changes
- Fix typo in two log messages
- Add help text on autodetecting systemd support
- Use a unique pointer for bind backend's d_of
- Fix some of the issues found by @jpmens
Upstream changes:
3.3.2 (2018/01/02)
- support build on pkgsrc-2017Q4 (vala-0.38.1 and later)
- try to show images only if Content-Type is image/*
- update to mbedTLS-2.4.2
- implement --timeout-image option
This version drops support for MongoDB 2.4 and adds support
for MongoDB 3.6 features:
- New struct mongoc_change_stream_t to watch a collection for changes.
- New struct mongoc_client_session_t represents a MongoDB 3.6 session,
which supports causal consistency: you are guaranteed to read your writes
and to perform monotonic reads, even when reading from secondaries or in
a sharded cluster.
- New functions that accept flexible options as a BSON document. These
accept a "sessionId" option and any future options. In addition, the
two new "update" functions accept the "arrayFilters" option that is new
in MongoDB 3.6:
- mongoc_collection_insert_one
- mongoc_collection_insert_many
- mongoc_collection_update_one
- mongoc_collection_update_many
- mongoc_collection_replace_one
- mongoc_collection_delete_one
- mongoc_collection_delete_many
- mongoc_client_command_with_opts
- mongoc_database_command_with_opts
- mongoc_collection_command_with_opts
- mongoc_client_find_databases_with_opts
- mongoc_client_get_database_names_with_opts
- mongoc_collection_create_bulk_operation_with_opts
- mongoc_collection_find_indexes_with_opts
- mongoc_database_find_collections_with_opts
- mongoc_database_get_collection_names_with_opts
- New URI option "retryWrites=true" safely and automatically retries certain
write operations if the server is a MongoDB 3.6 replica set or sharded
cluster.
- Support for MongoDB OP_MSG wire protocol.
Additional changes not specific to MongoDB 3.6:
- Support for mongodb+srv URIs to query DNS for SRV and TXT records that
configure the connection to MongoDB.
- Support LibreSSL with CMake build
- The "minPoolSize" URI option is deprecated: it's confusing and not useful.
Bug fixes:
- mongoc_bulk_operation_execute did not always initialize "reply".
- Fix C99 pedantic warnings.
- Fix Autotools syntax for OpenBSD and any platform lacking stdint.h.
- Fix Android NDK incompatibilities.
- Fix a one-byte write past the end of a buffer in bson_decimal128_to_string.
- Avoid reading past the end of a string that contains UTF-8 multibyte NIL.
- Fix some pedantic warnings in C99 mode.
Provided by ITOU (Sunagawa) Keiki in PR 52833.
Changes: only SVN commit list found, see
http://trac.netlabs.org/kbuild/timeline but this version is needed
to build Virtualbox.
macholib 1.9
Features:
* Add definition for ``macholib.mach_o.reloc_type_generic``, which
was used in code but never defined.
* Add LICENSE file
* Added "--help" option for "python -m macholib"
* Added function ``macholib.MachO.lc_str_value`` which should
help in decoding value of ``macholib.mach_o.lc_str``. Those
values are offsets in the data of a load command, the function
will return the actually value as a byte string.
Bug fixes:
* Pull request 15: Fix typo in thread_command class
- We started shipping JGit 4.5.3.201708160445-r in Gradle 4.4. Some of
the non-shaded JGit resources leaked into the gradleApi() dependency
and caused problems in some builds. We now shade all of JGit's
resources.
- Some builds using Kotlin DSL had problems applying the build-scan
plugin in Gradle 4.4. We've updated to kotlin-dsl 0.13.2.
- Gradle 4.4 contained changes to internal APIs that broke the popular
Nebula dependency lock plugin. This release restores binary
compatibility for that plugin.
DEPRECATIONS/CHANGES:
- AppRole Case Sensitivity: In prior versions of Vault, `list` operations
against AppRole roles would require preserving case in the role name, even
though most other operations within AppRole are case-insensitive with
respect to the role name. This has been fixed; existing roles will behave as
they have in the past, but new roles will act case-insensitively in these
cases.
- Token Auth Backend Roles parameter types: For `allowed_policies` and
`disallowed_policies` in role definitions in the token auth backend, input
can now be a comma-separated string or an array of strings. Reading a role
will now return arrays for these parameters.
- Transit key exporting: You can now mark a key in the `transit` backend as
`exportable` at any time, rather than just at creation time; however, once
this value is set, it still cannot be unset.
- PKI Secret Backend Roles parameter types: For `allowed_domains` and
`key_usage` in role definitions in the PKI secret backend, input
can now be a comma-separated string or an array of strings. Reading a role
will now return arrays for these parameters.
- SSH Dynamic Keys Method Defaults to 2048-bit Keys: When using the dynamic
key method in the SSH backend, the default is now to use 2048-bit keys if no
specific key bit size is specified.
- Consul Secret Backend lease handling: The `consul` secret backend can now
accept both strings and integer numbers of seconds for its lease value. The
value returned on a role read will be an integer number of seconds instead
of a human-friendly string.
- Unprintable characters not allowed in API paths: Unprintable characters are
no longer allowed in names in the API (paths and path parameters), with an
extra restriction on whitespace characters. Allowed characters are those
that are considered printable by Unicode plus spaces.
FEATURES:
- Transit Backup/Restore: The `transit` backend now supports a backup
operation that can export a given key, including all key versions and
configuration, as well as a restore operation allowing import into another
Vault.
- gRPC Database Plugins: Database plugins now use gRPC for transport,
allowing them to be written in other languages.
- Nomad Secret Backend: Nomad ACL tokens can now be generated and revoked
using Vault.
- TLS Cert Auth Backend Improvements: The `cert` auth backend can now
match against custom certificate extensions via exact or glob matching, and
additionally supports max_ttl and periodic token toggles.
IMPROVEMENTS:
- auth/cert: Support custom certificate constraints
- auth/cert: Support setting `max_ttl` and `period`
- audit/file: Setting a file mode of `0000` will now disable Vault from
automatically `chmod`ing the log file
- auth/github: The legacy MFA system can now be used with the GitHub auth
backend
- auth/okta: The legacy MFA system can now be used with the Okta auth backend
- auth/token: `allowed_policies` and `disallowed_policies` can now be specified
as a comma-separated string or an array of strings
- command/server: The log level can now be specified with `VAULT_LOG_LEVEL`
- core: Period values from auth backends will now be checked and applied to the
TTL value directly by core on login and renewal requests
- database/mongodb: Add optional `write_concern` parameter, which can be set
during database configuration. This establishes a session-wide write
concern for the lifecycle of the mount
- http: Request path containing non-printable characters will return 400 - Bad
Request
- mfa/okta: Filter a given email address as a login filter, allowing operation
when login email and account email are different
- plugins: Make Vault more resilient when unsealing when plugins are
unavailable
- secret/pki: `allowed_domains` and `key_usage` can now be specified
as a comma-separated string or an array of strings
- secret/ssh: Allow 4096-bit keys to be used in dynamic key method
- secret/consul: The Consul secret backend now uses the value of `lease` set
on the role, if set, when renewing a secret.
- storage/mysql: Don't attempt database creation if it exists, which can help
under certain permissions constraints
BUG FIXES:
- api/status (enterprise): Fix status reporting when using an auto seal
- auth/approle: Fix case-sensitive/insensitive comparison issue
- auth/cert: Return `allowed_names` on role read
- auth/ldap: Fix incorrect control information being sent
- core: Fix seal status reporting when using an autoseal
- core: Add creation path to wrap info for a control group token
- core: Fix potential panic that could occur using plugins when a node
transitioned from active to standby
- core: Fix memory ballooning when a connection would connect to the cluster
port and then go away -- redux!
- core: Replace recursive token revocation logic with depth-first logic, which
can avoid hitting stack depth limits in extreme cases
- core: When doing a read on configured audited-headers, properly handle case
insensitivity
- core/pkcs11 (enterprise): Fix panic when PKCS#11 library is not readable
- database/mysql: Allow the creation statement to use commands that are not yet
supported by the prepare statement protocol
- plugin/auth-gcp: Fix IAM roles when using `allow_gce_inference`
- Generate Zip64 format .zip files when the output is greater than
or equal to 4 GiB.
- Improved gzip options processing and return code compatibility
- Some bug fixes
