Unison is a file-synchronization tool for Unix and Windows. It allows
two replicas of a collection of files and directories to be stored
on different hosts (or different disks on the same host), modified
separately, and then brought up to date by propagating the changes
in each replica to the other.
pkgsrc changes:
- use https for MASTER_SITES and HOMEPAGE
- depends on a patched ruby-gnome2-gtk
Upstream changes:
mikutter 3.6.7
* explicitly use stable gtk2 gem 3.2.1 due to regressions of newer version
* twitter: updates of timeline by REST API didn't work
* modify_world didn't work
* thanks Akira Ouchi
Switch default GUI from gtk3 to qt5. See What's New below for "why".
What’s New
Wireshark 2.6 is the last release that will support the legacy (GTK+)
user interface. It will not be supported or available in Wireshark
3.0.
Many user interface improvements have been made. See the “New and
Updated Features” section below for more details.
Bug Fixes
The following bugs have been fixed:
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])
New and Updated Features
The following features are new (or have been significantly updated)
since version 2.5.0:
• HTTP Request sequences are now supported.
• Wireshark now supports MaxMind DB files. Support for GeoIP and
GeoLite Legacy databases has been removed.
• The Windows packages are now built using Microsoft Visual Studio
2017.
• The IP map feature (the “Map” button in the “Endpoints” dialog)
has been removed.
The following features are new (or have been significantly updated)
since version 2.4.0:
• Display filter buttons can now be edited, disabled, and removed
via a context menu directly from the toolbar
• Drag & Drop filter fields to the display filter toolbar or edit
to create a button on the fly or apply the filter as a display
filter.
• Application startup time has been reduced.
• Some keyboard shortcut mix-ups have been resolved by assigning
new shortcuts to Edit → Copy methods.
• TShark now supports color using the --color option.
• The "matches" display filter operator is now case-insensitive.
• Display expression (button) preferences have been converted to a
UAT. This puts the display expressions in their own file.
Wireshark still supports preference files that contain the old
preferences, but new preference files will be written without the
old fields.
• SMI private enterprise numbers are now read from the
“enterprises.tsv” configuration file.
• The QUIC dissector has been renamed to Google QUIC (quic →
gquic).
• The selected packet number can now be shown in the Status Bar by
enabling Preferences → Appearance → Layout → Show selected packet
number.
• File load time in the Status Bar is now disabled by default and
can be enabled in Preferences → Appearance → Layout → Show file
load time.
• Support for the G.729A codec in the RTP Player is now added via
the bcg729 library.
• Support for hardware-timestamping of packets has been added.
• Improved NetMon .cap support with comments, event tracing,
network filter, network info types and some Message Analyzer
exported types.
• The personal plugins folder on Linux/Unix is now
~/.local/lib/wireshark/plugins.
• TShark can print flow graphs using -z flow…
• Capinfos now prints SHA256 hashes in addition to RIPEMD160 and
SHA1. MD5 output has been removed.
• The packet editor has been removed. (This was a GTK+ only
experimental feature.)
• Support BBC micro:bit Bluetooth profile
• The Linux and UNIX installation step for Wireshark will now
install headers required to build plugins. A pkg-config file is
provided to help with this (see “doc/plugins.example” for
details). Note you must still rebuild all plugins between minor
releases (X.Y).
• The Windows installers and packages now ship with Qt 5.9.4.
• The generic data dissector can now uncompress zlib compressed
data.
• DNS Stats now supports service level statistics.
• DNS filters for retransmissions and unsolicited responses have
been added.
• The “tcptrace” TCP Stream graph now shows duplicate ACKS and zero
window advertisements.
• The membership operator now supports ranges, allowing display
filters such as tcp.port in {4430..4434} to be expressed. See the
User’s Guide, chapter Building display filter expressions for
details.
New Protocol Support
ActiveMQ Artemis Core Protocol, AMT (Automatic Multicast Tunneling),
AVSP (Arista Vendor Specific Protocol), Bluetooth Mesh, Broadcom tags
(Broadcom Ethernet switch management frames), CAN-ETH, CVS password
server, Excentis DOCSIS31 XRA header, F1 Application Protocol,
F5ethtrailer, FP Mux, GRPC (gRPC), IEEE 1905.1a, IEEE 802.11ax (High
Efficiency WLAN (HEW)), IEEE 802.15.9 IEEE Recommended Practice for
Transport of Key Management Protocol (KMP) Datagrams, IEEE 802.3br
Frame Preemption Protocol, ISOBUS, LoRaTap, LoRaWAN, Lustre
Filesystem, Lustre Network, Nano / RaiBlocks Cryptocurrency Protocol
(UDP), Network Functional Application Platform Interface (NFAPI)
Protocol, New Radio Radio Link Control protocol, New Radio Radio
Resource Control protocol, NR (5G) MAC protocol, NXP 802.15.4 Sniffer
Protocol, Object Security for Constrained RESTful Environments
(OSCORE), PFCP (Packet Forwarding Control Protocol), Protobuf
(Protocol Buffers), QUIC (IETF), RFC 4108 Using CMS to Protect
Firmware Packages, Session Multiplex Protocol, SolarEdge monitoring
protocol, Steam In-Home Streaming Discovery Protocol, Tibia, TWAMP
and OWAMP, Wi-Fi Device Provisioning Protocol, and Wi-SUN FAN
Protocol
Updated Protocol Support
Too many protocols have been updated to list here.
New and Updated Capture File Support
Microsoft Network Monitor
New and Updated Capture Interfaces support
LoRaTap
v1.19: 20JAN2018
Added 'syslog_facility' configuration option to
specify where to log.
TLS now supports SNI and ALPN (Travis Burtrum),
including support for Let's Encrypt challenges
(Jonathan McCrohan)
ADB probe. (Mike Frysinger)
Added per-protocol 'fork' option. (Oleg Oshmyan)
Added chroot option. (Mike Frysinger)
A truckload of bug fixes and documentation
improvements (Various contributors)
3.32.0 (2018-04-02)
+ Further SFTP performance improvements
3.32.0-rc1 (2018-03-23)
+ The Site Manager no longer shows controls not applicable to the selected protocol
+ Dynamically disable menu items if the used protocal does not support the corresponding functionality
+ Speed up listing large directories over SFTP
- Fix state of case sensitivity checkbox in the filter edit dialog if no filter has been selected
Notable changes since 1.7.2:
- Requires protobuf>=3.5.0
- Exec_ctx has been made a thread_local, and is no longer to be passed
as a function parameter.
- LB policies request re-resolution without shutting down
- On server, include receiving HTTP/2 settings in handshake timeout
- C++ headers are moved from include/grpc++ to include/grpcpp. Headers
in include/grpc++ are deprecated
- Experimental gRPC-C++ Cocoapods podspec
- Several features of core have been removed from the surface or GPR
API: grpc_alarm, gpr_join_host_port, gpr_cmdline, gpr_subprocess,
gpr_tls, gpr_avl, and gpr_thd
- Add core underpinnings for TLS session ticket support
- Experimental support for configurable retries
Changes in libsoup from 2.62.0 to 2.62.1:
* Fix digest authentication with encoded URIs
[#794208, Claudio Saavedra]
* Avoid unaligned memory accesses in WebSocket implementation
[#794421, Rolf Eike Beer]
* Use base domain to decide if cookies are third-party
[#792130, Michael Catanzaro]
* Fix crash under soup_socket_new()
[#762138, Milan Crha]
OpenVPN 2.4.6
management: Warn if TCP port is used without password
Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4
Fix potential double-free() in Interactive Service (CVE-2018-9336)
preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst)
manpage: improve description of --status and --status-version
Make return code external tls key match docs
Delete the IPv6 route to the "connected" network on tun close
Management: warn about password only when the option is in use
Avoid overflow in wakeup time computation
Add missing #ifdef SSL_OP_NO_TLSv1_1/2
Check for more data in control channel
Upstream changes:
mikutter 3.6.6
* some README contents were obsolete
* tweets fetched via userstream were not in extended_mode
* account registration per tutorial stalled in some case
* gtk: window roll commands whose visible attribute was false was
shown on the toolbar
* gtk2 3.2.4
* a command to switch to a specific account didn't work
The GStreamer team is proud to announce a new major feature release of your favourite cross-platform multimedia framework!
The 1.14 release series adds new features on top of the previous 1.12 series and is part of the API and ABI-stable 1.x release series of the GStreamer multimedia framework.
Highlights:
WebRTC support: real-time audio/video streaming to and from web browsers
Experimental support for the next-gen royalty-free AV1 video codec
Video4Linux: encoding support, stable element names and faster device probing
Support for the Secure Reliable Transport (SRT) video streaming protocol
RTP Forward Error Correction (FEC) support (ULPFEC)
RTSP 2.0 support in rtspsrc and gst-rtsp-server
ONVIF audio backchannel support in gst-rtsp-server and rtspsrc
playbin3 gapless playback and pre-buffering support
tee, our stream splitter/duplication element, now does allocation query aggregation which is important for efficient data handling and zero-copy
QuickTime muxer has a new prefill recording mode that allows file import in Adobe Premiere and FinalCut Pro while the file is still being written.
rtpjitterbuffer fast-start mode and timestamp offset adjustment smoothing
souphttpsrc connection sharing, which allows for connection reuse, cookie sharing, etc.
nvdec: new plugin for hardware-accelerated video decoding using the NVIDIA NVDEC API
Adaptive DASH trick play support
ipcpipeline: new plugin that allows splitting a pipeline across multiple processes
Major gobject-introspection annotation improvements for large parts of the library API
GStreamer C# bindings have been revived and seen many updates and fixes
The externally-maintained GStreamer Rust bindings have many usability improvements and cover most of the API now
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2018-15
The MP4 dissector could crash. ([2]Bug 13777)
* [3]wnpa-sec-2018-16
The ADB dissector could crash. ([4]Bug 14460)
* [5]wnpa-sec-2018-17
The IEEE 802.15.4 dissector could crash. ([6]Bug 14468)
* [7]wnpa-sec-2018-18
The NBAP dissector could crash. ([8]Bug 14471)
* [9]wnpa-sec-2018-19
The VLAN dissector could crash. ([10]Bug 14469)
* [11]wnpa-sec-2018-20
The LWAPP dissector could crash. ([12]Bug 14467)
* [13]wnpa-sec-2018-21
The TCP dissector could crash. ([14]Bug 14472)
* [15]wnpa-sec-2018-22
The CQL dissector could to into an infinite loop. ([16]Bug 14530)
* [17]wnpa-sec-2018-23
The Kerberos dissector could crash. ([18]Bug 14576)
* [19]wnpa-sec-2018-24
Multiple dissectors and other modules could leak memory. The TN3270
([20]Bug 14480), ISUP ([21]Bug 14481), LAPD ([22]Bug 14482), SMB2
([23]Bug 14483), GIOP ([24]Bug 14484), ASN.1 ([25]Bug 14485), MIME
multipart ([26]Bug 14486), H.223 ([27]Bug 14487), and PCP ([28]Bug
14488) dissectors were susceptible along with Wireshark and TShark
([29]Bug 14489).
The following bugs have been fixed:
* TRANSUM doesn't account for DNS retries in the Request Spread.
([30]Bug 14210)
* BGP: IPv6 NLRI is received with Add-path ID, then Wireshark is not
able to decode the packet correctly. ([31]Bug 14241)
* Lua script calling Ethernet dissector runs OK in 1.12.4 but crashes
in later releases. ([32]Bug 14293)
* PEEKREMOTE dissector lacks 80mhz support, short preamble support
and spatial streams encoding. ([33]Bug 14452)
* Statistics > UDP Multicast Streams > [Copy|Save as..] is broken.
([34]Bug 14477)
* Typo error in enumeration value of speech version identifier.
([35]Bug 14528)
* In "Unsaved packets" dialog one can NOT use keyboard to choose
"Continue without Saving". ([36]Bug 14531)
* WCCP logical error in CHECK_LENGTH_ADVANCE_OFFSET macros. ([37]Bug
14538)
* Buildbot crash output: fuzz-2018-03-19-19114.pcap. ([38]Bug 14544)
* alloca() used in wsutil/getopt_long.c without <alloca.h> inclusion.
([39]Bug 14552)
* HP-UX HP ANSI C requires -Wp,-H200000 flag to compile. ([40]Bug
14554)
* Makefile.in uses non-portable "install" command. ([41]Bug 14555)
* HP-UX HP ANSI C doesn't support assigning {} to a variable in
epan/app_mem_usage.c. ([42]Bug 14556)
* PPP in SSTP, HDLC framing not parsed properly. ([43]Bug 14559)
* Using the DIAMETER dictionary causes the standard input to be
closed when the dictionary is read. ([44]Bug 14577)
Updated Protocol Support
6LoWPAN, ADB, BGP, CQL, DNS, Ethernet, GIOP, GSM BSSMAP, H.223, IEEE
802.11, IEEE 802.11 Radiotap, IEEE 802.15.4, ISUP, Kerberos, LAPD,
LWAPP, MIME multipart, MP4, NBAP, NORDIC_BLE, PCP, PEEKREMOTE, S1AP,
SMB2, SSTP, T.30, TCP, TN3270, TRANSUM, VLAN, WCCP, and WSP
2.56.0 - March 20, 2018
=======================
- Updated translations
2.55.90 - February 12, 2018
===========================
- Fix unit tests when SSLv3 is unavailable (#782853)
- Allow static linking (#791100, Xavier Claessens)
- Fix issues found by coverity (#792402, Philip Withnall)
- Remove TLS build option; it is now mandatory
- Try to ensure that GnuTLS is only initialized if TLS is actually used
- Update use of GObject to follow current best practices
- Use XDG_CURRENT_DESKTOP to determine which proxy module to load
2.55.2 - December 13, 2017
==========================
* Fix glib-pacrunner.service installation directory
[#790367, Michael Catanzaro]
* Updated translations: Hebrew, Indonesian, Spanish
2.55.1 - November 13, 2017
==========================
* Implement DTLS support [#697908, Philip Withnall and Olivier Crête]
* Fix using different client certs for different connections
[#781578, Martin Pitt]
* Port to Meson build system [#786639, Iñigo Martínez]
* Updated translations: Catalan (Valencian), Croatian, Czech, German,
Greek, Norwegian bokmål, Persian, Slovenian
Bugfixes:
#2571: Replacing a directory with a symlink or vice versa is buggy
#4573: Inaccessible files during scan are marked as deleted
#4616: Send only folder out of sync due to ignored items
#4627: A file deleted from all nodes may exist in the "out of sync" list
#4745: Relay server doesn’t make outgoing HTTPS requests from its bind address
#4759: List of out of sync items from remote device is not displayed
#4762: Fails to create folder root directory on Windows
#4764: Env var for db metadata in help text differs from code
#4778: Doesn't connect when multiple remote devices are using the same relay
#4799: Scan on absolute path creates incorrect absolute duplicate file infos
#4806: Panic in FS watcher in FreeBSD 8.3
Changes in libsoup from 2.61.91 to 2.62.0:
* Updated translations.
Changes in libsoup from 2.61.90 to 2.61.91:
* Add limit to header length to avoid DOS attacks
[#792173, Michele Dionisio]
* Update the public-suffix list.
[Claudio Saavedra]
* Revert "cookie-jar: use base domain to decide if cookie is third party"
[#792130, Claudio Saavedra]
Changes in libsoup from 2.61.2 to 2.61.90:
* Various improvements to the WebSocket implementation
[#792113, Italo Guerrieri]
* cookie-jar: use base domain to decide if cookie is third party
[#792130, Michael Catanzaro]
* Add new API to create a new connection from a SoupSession
[#792212, Carlos Garcia Campos]
* soup-headers: accept any 3 digit number as message status code
[#792124, Carlos Garcia Campos]
Changes in libsoup from 2.61.1 to 2.61.2:
* session: don't request Keep-Alive for upgraded connections
[#788723, Lionel Landwerlin]
1.8.7:
- BUG/MAJOR: cache: always initialize newly created objects
- MINOR: servers: Support alphanumeric characters for the server templates names
1.8.6:
- BUG/MINOR: lua: the function returns anything
- BUG/MINOR: lua funtion hlua_socket_settimeout don't check negative values
- BUILD/MINOR: fix build when USE_THREAD is not defined
- MINOR: cli/threads: make "show fd" report thread_sync_io_handler instead of "unknown"
- MINOR: cli: make "show fd" report the mux and mux_ctx pointers when available
- BUILD/MINOR: cli: fix a build warning introduced by last commit
- BUG/MINOR: hpack: fix harmless use of uninitialized value in hpack_dht_insert
- CLEANUP: h2: rename misleading h2c_stream_close() to h2s_close()
- MINOR: h2: provide and use h2s_detach() and h2s_free()
- BUG/MAJOR: h2: remove orphaned streams from the send list before closing
- MINOR: h2: always call h2s_detach() in h2_detach()
- MINOR: h2: fuse h2s_detach() and h2s_free() into h2s_destroy()
- BUG/MEDIUM: h2/threads: never release the task outside of the task handler
- BUG/MEDIUM: h2: don't consider pending data on detach if connection is in error
- BUILD/MINOR: threads: always export thread_sync_io_handler()
- BUG/MEDIUM: h2: always add a stream to the send or fctl list when blocked
- BUG/MINOR: checks: check the conn_stream's readiness and not the connection
- BUG/MINOR: email-alert: Set the mailer port during alert initialization
- BUG/MINOR: cache: fix "show cache" output
- BUG/MINOR: fd: Don't clear the update_mask in fd_insert.
- BUG/MAJOR: cache: fix random crashes caused by incorrect delete() on non-first blocks
- BUG/MINOR: spoe: Initialize variables used during conf parsing before any check
- BUG/MINOR: spoe: Don't release the context buffer in .check_timeouts callbaclk
1.8.5:
- BUG/MINOR: threads: fix missing thread lock labels for 1.8
- BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as unrecovarable.
- BUG/MEDIUM: ssl: Shutdown the connection for reading on SSL_ERROR_SYSCALL
- BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st
- BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe
- BUG/MEDIUM: http: Switch the HTTP response in tunnel mode as earlier as possible
- BUG/MEDIUM: ssl/sample: ssl_bc_* fetch keywords are broken.
- DOC: lua: new prototype for function "register_action()"
- DOC: cfgparse: Warn on option (tcp|http)log in backend
- BUG/MINOR: debug/pools: properly handle out-of-memory when building with DEBUG_UAF
- MINOR: debug/pools: make DEBUG_UAF also detect underflows
- BUG/MINOR: h2: Set the target of dbuf_wait to h2c
- MINOR: stats: display the number of threads in the statistics.
- BUG/MEDIUM: h2: always consume any trailing data after end of output buffers
- BUG/MEDIUM: buffer: Fix the wrapping case in bo_putblk
- BUG/MEDIUM: buffer: Fix the wrapping case in bi_putblk
- Revert "BUG/MINOR: send-proxy-v2: string size must include ('\0')"
- MINOR: systemd: Add section for SystemD sandboxing to unit file
- MINOR: systemd: Add SystemD's Protect*= options to the unit file
- MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file
- MINOR/BUILD: fix Lua build on Mac OS X
- BUILD/MINOR: fix Lua build on Mac OS X (again)
- BUG/MINOR: session: Fix tcp-request session failure if handshake.
- CLEANUP: .gitignore: Ignore binaries from the contrib directory
- BUG/MINOR: unix: Don't mess up when removing the socket from the xfer_sock_list.
- BUG/MEDIUM: h2: also arm the h2 timeout when sending
- BUG/MINOR: cli: Fix a crash when passing a negative or too large value to "show fd"
- CLEANUP: ssl: Remove a duplicated #include
- CLEANUP: cli: Remove a leftover debug message
- BUG/MINOR: cli: Fix a typo in the 'set rate-limit' usage
- BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc
- BUG/MINOR: force-persist and ignore-persist only apply to backends
- BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is stopping
- BUG/MEDIUM: threads/unix: Fix a deadlock when a listener is temporarily disabled
- BUG/MAJOR: threads/queue: Fix thread-safety issues on the queues management
- BUG/MINOR: dns: don't downgrade DNS accepted payload size automatically
- BUG/MINOR: seemless reload: Fix crash when an interface is specified.
- BUG/MINOR: cli: Fix a crash when sending a command with too many arguments
- BUILD: ssl: Fix build with OpenSSL without NPN capability
- BUG/MINOR: spoa-example: unexpected behavior for more than 127 args
- BUG/MINOR: lua: return bad error messages
- BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers
- BUG/MINOR: tcp-check: use the server's service port as a fallback
- BUG/MEDIUM: threads/queue: wake up other threads upon dequeue
- MINOR: log: stop emitting alerts when it's not possible to write on the socket
- BUILD/BUG: enable -fno-strict-overflow by default
- DOC: log: more than 2 log servers are allowed
- DOC: don't suggest using http-server-close
- BUG/MEDIUM: h2: properly account for DATA padding in flow control
- BUG/MINOR: h2: ensure we can never send an RST_STREAM in response to an RST_STREAM
- BUG/MINOR: listener: Don't decrease actconn twice when a new session is rejected
0.12.22:
- proper usage of config property inside objects.
- dump user defined types with handler functions (can be used to override dump
of built-in types).
0.12.21:
- Dispatching custom objects, slots supported.
0.12.20:
- better version handling
- display summary on pypi
- non disclosed intermediate release to polish pypi output
2018.01.11 Version 3.0.16 has been released.
The focus of this release is stability.
Feature Improvements
* rlm_python now supports multiple lists. From #2031.
* Add trust router re-keying. From #2007.
* Add support for Samba / AD LDAP schema See doc/schemas/ldap/samba/README.txt
and doc/schemas/ldap/samba/.
* Add "tls_min_version" and "tls_max_version" to EAP module for Debian OpenSSL
issues.
* Better documentation for client certificates in PEAP and TTLS: it usually
doesn't work. Fixes#2068.
* Distinguish login failure from AD unavailable. Fixes#2069.
* Update RH spec files. Fixes#2070.
* Run Post-Proxy-Type if all home servers are dead Fixes#2072.
* Print offending IP addresses when EAP sessions come from two upstream home
servers, and rate-limit the messages.
* Minor packaging updates.
* Better documentation for rlm_rest.
* EAP-FAST now has it's own "cipher_list", so that it is easier to configure.
* EAP-FAST now forcibly disables TLS1.2, until such time as we implement
the new keying mechanism from TLS1.2.
* Add documentation for allow_expired_crl.
* Update Debian logrotation. #2093 and #2101.
* DHCP relay can now drop responses. #2095.
* rlm_sqlippool can now assign Delegated-IPv6-Prefix It also now can assign
any IPv4 or IPv6 address Based on patches from maximumG. #2094 See
raddb/mods-available/sqlippool for changes.
* radeapclient can now use EAP-SIM-Ki to dynamically create the necessary
triplets.
* Explain why many LDAP connections are closed Fixes#1969.
* Debian build / package issues fixed by Matthew Newton.
* dictionary.patton updates from Brice Schaffner. Fixes#2137.
* Added scripts to build "inner-server.pem", and updated mods-config/inner-eap
and certs/README to match.
* Added provisions for using an external CA. See raddb/certs/.
* Include dhcpclient binary in freeradius-dhcp debian packge.
Bug Fixes
* Bind the lifetime of program name and python path to the module FR-AD-002
(redone).
* Pass correct statement length into sqlite3_prepare[_v2] FR-AD-003 (redone).
* Allow 100-Continue responses with additional headers in rlm_rest.
* fix corner case where detail files were not being locked correctly.
* Fix (SQL-Group == "%{...}") checks, and same for LDAP-Group Fixes#1947.
* Clean up exfile code. Which should help to avoid issues with reading / writing
100's of detail files.
* Fix build for winbind. Patch from Alex Clouter.
* Fix checkrad for Mikrotik. Patch from Muchael Ducharme.
* Fix home server stats lookup. Patch from Phil Mayers.
* Add libjson-c3 as an optional dependency.
* Require LTB OpenLDAP on CentOS / Redhat, to avoid linking against NSS,
which breaks the server. Fixes#2040.
* rlm_python fixes. Fixes#2041.
* Typos in "man" pages. Fixes#2045.
* Expand "next" in %{%{...}:-%{...}}. Fixes#2048.
* Don't add TLS attributes twice. Fixes#2050.
* Fix memory allocation in rlm_rest. Fixes#2051.
* Update trustrouter for new API. Fixes#2059.
* Fix SQLite issues on FreeBSD. Fixes#2060.
* Don't do debug logging of bad passwords. Fixes#2064.
* More graceful handling of "die" in rlm_perl. Fixes#2073.
* Fix occasional crash when using cisco_accounting_username_bug = yes.
* EAP-FAST fixes from Isaac Boukris #2078, #2076, and #2082, #2126.
* DHCP fixes, relay, #2092, add run-time check, #2028.
* Decode multiple RADIUS packets at a time in highly loaded RadSec connections. Patch from Jan Tomasek. #2106.
* TunnelPassword is not "single value" in LDAP schema Fixes#2061.
* sql log now opens the expanded filename, not the input one This was
a regression introduced in 3.0.15.
* Remove unnecessary UNIQUE constrain in Oracle schemas.
* Fix SSL thread and locking issues when modules also use SSL Fixes#2125 and
#2129.
* Re-add dhcpclient "raw packet" changes. Patches from Nicolas Chaigne and
Matthew Newton. Fixes#2155.
0.9.0
- Support for Python 3.7
- Support streaming responses for BaseResponse
- Support custom patch targets for mock
- Fix unicode support for passthru urls
- Fix support for unicode in domain names and tlds
* udev: uses the logerr framework
* BSD: fix segfault when IPv6 addresses exist and carrier changes
* dhcp6: fix a null termination overflow on status messages
* options: static routes can be setup in global context again
* routes: dhcpcd added host routes are now reported correctly
pkgsrc changes:
- py-h11 and py-requests are no longer needed, delete them from
DEPENDS (`h11' is no more used while `requests' is only an extra
dependency)
Changes:
05 April 2018: mitmproxy 3.0.4
* Fix an issue that caused mitmproxy to not retry HTTP requests on timeout.
* Misc bug fixes and improvements
This package explicitly avoids C99-isms and fails to build in C99 mode with
older compilers, even though it works fine with newer compilers that default
to C99 mode. So, we need to explicitly request XPG4_2 if and only if the
compiler does not default to C99, and must not require C99.
New Features
- Add FFI version of gettag().
Improvements
- Add the option to set the AXFR timeout for RPZs.
- IXFR: correct behavior of dealing with DNS Name with multiple
records and speed up IXFR transaction.
- Add RPZ statistics endpoint to the API.
Bug Fixes
- Retry loading RPZ zones from server when they fail initially.
- Fix ECS-based cache entry refresh code.
- Fix ECS-specific NS AAAA not being returned from the cache.
1.14.69
api-change🇪🇸 Update es command to latest version
api-change:apigateway: Update apigateway command to latest version
api-change:cloudfront: Update cloudfront command to latest version
1.14.68
api-change:connect: Update connect command to latest version
api-change:acm: Update acm command to latest version
1.14.67
api-change:ssm: Update ssm command to latest version
api-change:cloudformation: Update cloudformation command to latest version
api-change:alexaforbusiness: Update alexaforbusiness command to latest version
api-change:greengrass: Update greengrass command to latest version
1.14.66
api-change:sts: Update sts command to latest version
api-change:iam: Update iam command to latest version
api-change:mturk: Update mturk command to latest version
1.14.65
api-change:acm: Update acm command to latest version
1.14.64
api-change:dynamodb: Update dynamodb command to latest version
1.14.63
api-change:rds: Update rds command to latest version
1.6.22
api-change:cloudfront: [botocore] Update cloudfront client to latest version
api-change:apigateway: [botocore] Update apigateway client to latest version
api-change🇪🇸 [botocore] Update es client to latest version
1.6.21
api-change:connect: [botocore] Update connect client to latest version
api-change:acm: [botocore] Update acm client to latest version
1.6.20
api-change:greengrass: [botocore] Update greengrass client to latest version
api-change:cloudformation: [botocore] Update cloudformation client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
api-change:alexaforbusiness: [botocore] Update alexaforbusiness client to latest version
1.6.19
api-change:mturk: [botocore] Update mturk client to latest version
api-change:sts: [botocore] Update sts client to latest version
api-change:iam: [botocore] Update iam client to latest version
1.6.18
api-change:acm: [botocore] Update acm client to latest version
1.9.22
api-change:cloudfront: Update cloudfront client to latest version
api-change:apigateway: Update apigateway client to latest version
api-change🇪🇸 Update es client to latest version
1.9.21
api-change:connect: Update connect client to latest version
api-change:acm: Update acm client to latest version
1.9.20
api-change:greengrass: Update greengrass client to latest version
api-change:cloudformation: Update cloudformation client to latest version
api-change:ssm: Update ssm client to latest version
api-change:alexaforbusiness: Update alexaforbusiness client to latest version
1.9.19
api-change:mturk: Update mturk client to latest version
api-change:sts: Update sts client to latest version
api-change:iam: Update iam client to latest version
1.9.18
api-change:acm: Update acm client to latest version
7.70:
We're excited to make our first Nmap release of 2018--version 7.70! It
includes hundreds of new OS and service fingerprints, 9 new NSE scripts
(for a total of 588), a much-improved version of our Npcap windows packet
capturing library/driver, and service detection improvements to make -sV
faster and more accurate.
Many fixes including:
* Restored cache updating, which was broken by changes to BBC web
sites. If you find search results missing programmes from the week
of 19 Feb, rebuild your cache with --rebuild-cache to fill any
holes.
* Fixed a bug that generated incorrect schedule URLs (used for cache
refresh) for the first calendar week of 2018 (and some future
years). (@welwood08)
* Added support for setproctitle(3)
* Kernel RA is no longer disabled when IPv6 is disabled in dhcpcd
* DHCPv6 PD is no longer stopped if no Routers are found
* If the DHCP leased address is deleted, enter the reboot state
* DHCPv6 unicast is no longer performed when not in master mode
* dhcpcd will now detect netlink/route socket overflows ad re-sync
Version 3.53 (2018-03-22)
[NEW FEATURES]
* #12 add Cisco PortFast support via CiscoStpExtensions::i_faststart_enabled
[ENHANCEMENTS]
* Report serial/version on Netgear FSM (paecker)
* Add test harness and expand developer test coverage
* Add back the base (RFC) MIBs for when net-snmp does not have them builtin
[BUG FIXES]
* Fix AUTOLOAD / can() bug that could result in DESTROY being redefined and
dynamic methods not being added to the symbol table.
- Updating fast_tls to version 1.0.21.
- Updating p1_utils to version 1.0.11.
- Fix compilation with rebar3
- Fix warning about deprecated random
- Fix typo in README
- Updating fast_xml to version 1.1.29.
- Updating p1_utils to version 1.0.11.
- Updating stringprep to version 1.0.11.
- Fix compilation with rebar3
- Add new namespace from XEP-0398
- Update for changes in fast_xml
- Make mk_text() append original text
New maintenance releases in the 9.9, 9.10, 9.11, and 9.12 branches of
BIND are now available.
Release notes can be found with the releases or in the ISC Knowledge Base:
9.9.12: https://kb.isc.org/article/AA-01596/0/9.9.12-Notes.html
9.10.7: https://kb.isc.org/article/AA-01595/0/9.10.7-Notes.html
9.11.3: https://kb.isc.org/article/AA-01597/0/9.11.3-Notes.html
9.12.1: https://kb.isc.org/article/AA-01598/0/9.12.1-Notes.html
Users who are migrating an existing BIND configuration to these new
versions should take special note of two changes in the behavior
of the "update-policy" statement which slightly change the behavior
of two update-policy options.
The first such change is discussed in greater length in the BIND
Operational Notification issued today:
https://kb.isc.org/article/AA-01599/update-policy-local-was-named-misleadingly
The second change to update-policy behavior concerns this change:
"update-policy rules that otherwise ignore the name field now
require that it be set to "." to ensure that any type list present
is properly interpreted. Previously, if the name field was omitted
from the rule declaration but a type list was present, it wouldn't
be interpreted as expected."
which is a correction to an ambiguous case that was previously allowed,
but which was capable of causing unexpected results when accidentally
applied. The new requirement eliminates is intended to eliminate the
confusion, which previously caused some operators to misapply security
policies. However, due to the new requirement, named configuration
files that relied on the previous behavior will no longer be accepted.
These changes should not affect most operators, even those using
"update-policy" to define Dynamic DNS permissions, but we would like
to draw your attention to them so that operators are informed about
the new behaviors.
New maintenance releases in the 9.9, 9.10, 9.11, and 9.12 branches of
BIND are now available.
Release notes can be found with the releases or in the ISC Knowledge Base:
9.9.12: https://kb.isc.org/article/AA-01596/0/9.9.12-Notes.html
9.10.7: https://kb.isc.org/article/AA-01595/0/9.10.7-Notes.html
9.11.3: https://kb.isc.org/article/AA-01597/0/9.11.3-Notes.html
9.12.1: https://kb.isc.org/article/AA-01598/0/9.12.1-Notes.html
Users who are migrating an existing BIND configuration to these new
versions should take special note of two changes in the behavior
of the "update-policy" statement which slightly change the behavior
of two update-policy options.
The first such change is discussed in greater length in the BIND
Operational Notification issued today:
https://kb.isc.org/article/AA-01599/update-policy-local-was-named-misleadingly
The second change to update-policy behavior concerns this change:
"update-policy rules that otherwise ignore the name field now
require that it be set to "." to ensure that any type list present
is properly interpreted. Previously, if the name field was omitted
from the rule declaration but a type list was present, it wouldn't
be interpreted as expected."
which is a correction to an ambiguous case that was previously allowed,
but which was capable of causing unexpected results when accidentally
applied. The new requirement eliminates is intended to eliminate the
confusion, which previously caused some operators to misapply security
policies. However, due to the new requirement, named configuration
files that relied on the previous behavior will no longer be accepted.
These changes should not affect most operators, even those using
"update-policy" to define Dynamic DNS permissions, but we would like
to draw your attention to them so that operators are informed about
the new behaviors.
Changes:
1.3.2
-----
* Added extractors for `artstation` albums, challenges and search results
* Improved URL and metadata extraction for `hitomi`and `nhentai`
* Fixed page transitions for `danbooru` API results (#82)
youtube-dl 2018.03.20:
Core
[extractor/common] Improve thumbnail extraction for HTML5 entries
Generalize XML manifest processing code and improve XSPF parsing
[extractor/common] Add _download_xml_handle
[extractor/common] Add support for relative URIs in _parse_xspf
Extractors
[7plus] Extract series metadata
[9now] Bypass geo restriction
[cbs] Skip unavailable assets
[canalc2] Add support for HTML5 videos
[ceskatelevize] Add support for iframe embeds
[prosiebensat1] Add support for galileo.tv
[generic] Add support for xfileshare embeds
[bilibili] Switch to v2 playurl API
[bilibili] Fix and improve extraction
[heise] Improve extraction
[instagram] Fix user videos extraction
version 2.79
Fix parsing of CNAME arguments, which are confused by extra spaces.
Thanks to Diego Aguirre for spotting the bug.
Where available, use IP_UNICAST_IF or IPV6_UNICAST_IF to bind
upstream servers to an interface, rather than SO_BINDTODEVICE.
Thanks to Beniamino Galvani for the patch.
Always return a SERVFAIL answer to DNS queries without the
recursion desired bit set, UNLESS acting as an authoritative
DNS server. This avoids a potential route to cache snooping.
Add support for Ed25519 signatures in DNSSEC validation.
No longer support RSA/MD5 signatures in DNSSEC validation,
since these are not secure. This behaviour is mandated in
RFC-6944.
Fix incorrect error exit code from dhcp_release6 utility.
Thanks Gaudenz Steinlin for the bug report.
Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC
time validation when --dnssec-no-timecheck is in use.
Note that this is an incompatible change from earlier releases.
Allow more than one --bridge-interface option to refer to an
interface, so that we can use
--bridge-interface=int1,alias1
--bridge-interface=int1,alias2
as an alternative to
--bridge-interface=int1,alias1,alias2
Thanks to Neil Jerram for work on this.
Fix for DNSSEC with wildcard-derived NSEC records.
It's OK for NSEC records to be expanded from wildcards,
but in that case, the proof of non-existence is only valid
starting at the wildcard name, *.<domain> NOT the name expanded
from the wildcard. Without this check it's possible for an
attacker to craft an NSEC which wrongly proves non-existence.
Thanks to Ralph Dolmans for finding this, and co-ordinating
the vulnerability tracking and fix release.
CVE-2017-15107 applies.
Remove special handling of A-for-A DNS queries. These
are no longer a significant problem in the global DNS.
http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf
Thanks to Mattias Hellström for the initial patch.
Fix failure to delete dynamically created dhcp options
from files in -dhcp-optsdir directories. Thanks to
Lindgren Fredrik for the bug report.
Add to --synth-domain the ability to create names using
sequential numbers, as well as encodings of IP addresses.
For instance,
--synth-domain=thekelleys.org.uk,192.168.0.50,192.168.0.70,internal-*
creates 21 domain names of the form
internal-4.thekelleys.org.uk over the address range given, with
internal-0.thekelleys.org.uk being 192.168.0.50 and
internal-20.thekelleys.org.uk being 192.168.0.70
Thanks to Andy Hawkins for the suggestion.
Tidy up Crypto code, removing workarounds for ancient
versions of libnettle. We now require libnettle 3.
The areas of focus for ISC DHCP 4.4 were:
1. Dynamic DNS additions
2. dhclient improvements
3. Support for dynamic shared libraries
Dynamic DNS Improvements:
- We added three new server configuration parameters which influence DDNS
conflict resolution:
1. ddns-dual-stack-mixed-mode - alters DNS conflict resolution behavior
to mitigate issues with non-compliant clients in dual stack environments.
2. ddns-guard-id-must-match - relaxes the DHCID RR client id matching
requirement of DNS conflict resolution.
3. ddns-other-guard-is-dynamic - alters dual-stack-mixed-mode behavior to
allow unguarded DNS entries to be overwritten in certain cases
- The server now honors update-static-leases parameter for static DHCPv6
hosts.
dhclient Improvements:
- We've added three command line parameters to dhclient:
1. --prefix-len-hint - directs dhclient to use the given length as
the prefix length hint when requesting prefixes
2. --decline-wait-time - instructs the client to wait the given number
of seconds after declining an IPv4 address before issuing a discover
3. --address-prefix-len - specifies the prefix length passed by dhclient
into the client script (via the environment variable ip6_prefixlen) with
each IPv6 address. We added this parameter because we have changed the
default value from 64 to 128 in order to be compliant with RFC3315bis
draft (-09, page 64) and RFC5942, Section 4, point 1.
**WARNING**: The new default value of 128 may not be backwardly compatible
with your environment. If you are operating without a router, such as
between VMs on a host, you may find they cannot see each other with prefix
length of 128. In such cases, you'll need to either provide routing or use
the command line parameter to set the value to 64. Alternatively you may
change the default at compile time by setting DHCLIENT_DEFAULT_PREFIX_LEN
in includes/site.h.
- dhclient will now generate a DHCPv6 DECLINE message when the client script
indicates a DAD failure
Dynamic shared library support:
Configure script, configure.ac+lt, which supports libtool is now provided
with the source tar ball. This script can be used to configure ISC DHCP
to build with libtool and thus use dynamic shared libraries.
Other Highlights:
- The server now supports dhcp-cache-threshold for DHCPv6 operations
- The server now supports DHPv6 address allocation based on EUI-64 DUIDs
- Experimental support for alternate relay port in the both the server
and relay for IPv4, IPv6 and 4o6 (see: draft-ietf-dhc-relay-port-10.txt)
For information on how to install, configure and run this software, as
well as how to find documentation and report bugs, please consult the
README file.
ISC DHCP uses standard GNU configure for installation. Please review the
output of "./configure --help" to see what options are available.
The system has only been tested on Linux, FreeBSD, and Solaris, and may not
work on other platforms. Please report any problems and suggested fixes to
<dhcp-users@isc.org>.
ISC DHCP is open source software maintained by Internet Systems
Consortium. This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com).
Changes since 4.4.0 (New Features)
- none
Changes since 4.4.0 (Bug Fixes)
- A delayed-ack value of 0 (the default), now correctly disables the delayed
feature. A change in 4.4.0 prohibited lease updates marking leases active
from be written to the lease file when delayed-ack is 0. This in turn,
caused servers to lose active lease assignments upon restart.
[ISC-Bugs #47141]
! Option reference count was not correctly decremented in error path
when parsing buffer for options. Reported by Felix Wilhelm, Google
Security Team.
[ISC-Bugs #47140]
CVE: CVE-2018-5733
! Corrected an issue where large sized 'X/x' format options were causing
option handling logic to overwrite memory when expanding them to human
readable form. Reported by Felix Wilhelm, Google Security Team.
[ISC-Bugs #47139]
CVE: CVE-2018-5732
version 3.52 (2018-03-19)
[ENHANCEMENTS]
* set fallback for nonmatching interfaces in Cumulus class
* better interface naming for Ubiquiti
* modify mock utility to work under a perlbrew environment
version 3.50 (2018-03-14)
[ENHANCEMENTS]
* #198 Add Support for Gigamon devices
[BUG FIXES]
* #226 Avaya VSP devices - no ifAlias
* #227 Remove bogus can() check in _set()
* Fix SNMP::Info::IEEE802dot3ad when more than 1 LAG
Pkgsrc changes:
* Add libunbound.pc to PLIST.
Upstream changes:
Features
- auth-zone provides a way to configure RFC7706 from unbound.conf,
eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
fallback-enabled: yes and masters or a zonefile with data.
- Aggressive use of NSEC implementation. Use cached NSEC records to
generate NXDOMAIN, NODATA and positive wildcard answers.
- Accept tls-upstream in unbound.conf, the ssl-upstream keyword is
also recognized and means the same. Also for tls-port,
tls-service-key, tls-service-pem, stub-tls-upstream and
forward-tls-upstream.
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
from Manu Bretelle.
This option allows handling multiple cert/key pairs while only
distributing some of them.
In order to reliably match a client magic with a given key without
strong assumption as to how those were generated, we need both key and
cert. Likewise, in order to know which ES version should be used.
On the other hand, when rotating a cert, it can be desirable to only
serve the new cert but still be able to handle clients that are still
using the old certs's public key.
The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
publish the cert as part of the DNS's provider_name's TXT answer.
- Update B root ipv4 address.
- make ip-transparent option work on OpenBSD.
- Fix#2801: Install libunbound.pc.
- ltrace.conf file for libunbound in contrib.
- Fix#3598: Fix swig build issue on rhel6 based system.
configure --disable-swig-version-check stops the swig version check.
Bug Fixes
- Fix#1749: With harden-referral-path: performance drops, due to
circular dependency in NS and DS lookups.
- [dnscrypt] prevent dnscrypt-secret-key, dnscrypt-provider-cert
duplicates
- Better documentation for cache-max-negative-ttl.
- Fixed libunbound manual typo.
- Fix#1949: [dnscrypt] make provider name mismatch more obvious.
- Fix#2031: Double included headers
- Document that errno is left informative on libunbound config read
fail.
- iana port update.
- Fix#1913: ub_ctx_config is under circumstances thread-safe.
- Fix#2362: TLS1.3/openssl-1.1.1 not working.
- Fix#2034 - Autoconf and -flto.
- Fix#2141 - for libsodium detect lack of entropy in chroot, print
a message and exit.
- Fix#2492: Documentation libunbound.
- Fix#2882: Unbound behaviour changes (wrong) when domain-insecure is
set for stub zone. It no longer searches for DNSSEC information.
- Fix#3299 - forward CNAME daisy chain is not working
- Fix link failure on OmniOS.
- Check whether --with-libunbound-only is set when using --with-nettle
or --with-nss.
- Fix qname-minimisation documentation (A QTYPE, not NS)
- Fix that DS queries with referral replies are answered straight
away, without a repeat query picking the DS from cache.
The correct reply should have been an answer, the reply is fixed
by the scrubber to have the answer in the answer section.
- Fix that expiration date checks don't fail with clang -O2.
- Fix queries being leaked above stub when refetching glue.
- Copy query and correctly set flags on REFUSED answers when cache
snooping is not allowed.
- make depend: code dependencies updated in Makefile.
- Fix#3397: Fix that cachedb could return a partial CNAME chain.
- Fix#3397: Fix that when the cache contains an unsigned DNAME in
the middle of a cname chain, a result without the DNAME could
be returned.
- Fix that unbound-checkconf -f flag works with auto-trust-anchor-file
for startup scripts to get the full pathname(s) of anchor file(s).
- Print fatal errors about remote control setup before log init,
so that it is printed to console.
- Use NSEC with longest ce to prove wildcard absence.
- Only use *.ce to prove wildcard absence, no longer names.
- Fix unfreed locks in log and arc4random at exit of unbound.
- Fix lock race condition in dns cache dname synthesis.
- Fix#3451: dnstap not building when you have a separate build dir.
And removed protoc warning, set dnstap.proto syntax to proto2.
- Added tests with wildcard expanded NSEC records (CVE-2017-15105 test)
- Unit test for auth zone https url download.
- tls-cert-bundle option in unbound.conf enables TLS authentication.
- Fixes for clang static analyzer, the missing ; in
edns-subnet/addrtree.c after the assert made clang analyzer
produce a failure to analyze it.
- Fix#3505: Documentation for default local zones references
wrong RFC.
- Fix#3494: local-zone noview can be used to break out of the view
to the global local zone contents, for queries for that zone.
- Fix for more maintainable code in localzone.
- more robust cachedump rrset routine.
- Save wildcard RRset from answer with original owner for use in
aggressive NSEC.
- Fixup contrib/fastrpz.patch so that it applies.
- Fix compile without threads, and remove unused variable.
- Fix compile with staticexe and python module.
- Fix nettle compile.
- Fix to check define of DSA for when openssl is without deprecated.
- iana port update.
- Fix#3582: Squelch address already in use log when reuseaddr option
causes same port to be used twice for tcp connections.
- Reverted fix for #3512, this may not be the best way forward;
although it could be changed at a later time, to stay similar to
other implementations.
- Fix for windows compile.
- Fixed contrib/fastrpz.patch, even though this already applied
cleanly for me, now also for others.
- patch to log creates keytag queries, from A. Schulze.
- patch suggested by Debian lintian: allow to -> allow one to, from
A. Schulze.
- Attempt to remove warning about trailing whitespace.
- Added documentation for aggressive-nsec: yes.
pkgsrc change:
* update HOMEPAGE.
* LICENSE is apache-2.0 for netaddr 2.x.
Version 2.x
A complete rewrite and totally incompatible with 1.x. My main motivation now
is to reduce bug reports resulting from the poor code quality of 1.x.
2.0.1 2016/08/08
o Update changelog for missing latest version …
o in case of running on busybox the external command don't set -i argument
o detect if it's running in busybox
o Fixing test running:
* development dependencies
* adding pry-byebug for being able to debug
o Adding set_cap check
2.0.2 2018/03/06
o Improved readability + exception set to sting prob
o Fixed tests after adding setcap check feature
o Changed Gemfile source to use https
o Correct the gem version...
o Use port from location uri for http redirection. Reset start_time on
redirect request
0.3.2 2018/01/02
* Stop overly eager rescue in `connect_parse_response`
* fixed connection problem when authorization provided
* Remove space between method call and parentheses.
Changes Between 1.7.0 and 1.8.0 (Jan 2nd, 2018)
* Ruby 2.4 Warnings Squashed
Contributed by utilum.
GitHub issues: #233, #229.
* amq-protocol Update
Minimum amq-protocol version is now 2.2.0.
OpenVPN 2.4.5:
reload HTTP proxy credentials when moving to the next connection profile
Allow learning iroutes with network made up of all 0s (only if netbits < 8)
mbedtls: fix typ0 in comment
manpage: fix simple typ0
Treat dhcp-option DNS6 and DNS identical
show the right string for key-direction
Fix typo in error message: "optione" -> "option"
lz4: Fix confused version check
lz4: Fix broken builds when pkg-config is not present but system library is
Remove references to keychain-mcd in Changes.rst
lz4: Rebase compat-lz4 against upstream v1.7.5
systemd: Add and ship README.systemd
Update copyright to include 2018 plus company name change
man: Add .TQ groff support macro
man: Reword --management to prefer unix sockets over TCP
OpenSSL: check EVP_PKEY key types before returning the pkey
Remove warning on pushed tun-ipv6 option.
Fix removal of on-link prefix on windows with netsh
travis-ci: add brew cache, remove ccache
travis-ci: modify openssl build script to support openssl-1.1.0
autoconf: Fix engine checks for openssl 1.1
Cast time_t to long long in order to print it.
Fix build with LibreSSL
Check whether in pull_mode before warning about previous connection blocks
Avoid illegal memory access when malformed data is read from the pipe
Fix missing check for return value of malloc'd buffer
Return NULL if GetAdaptersInfo fails
Use RSA_meth_free instead of free
Bring cryptoapi.c upto speed with openssl 1.1
Add SSL_CTX_get_max_proto_version() not in openssl 1.0
TLS v1.2 support for cryptoapicert -- RSA only
Refactor get_interface_metric to return metric and auto flag separately
Ensure strings read from registry are null-terminated
Make most registry values optional
Use lowest metric interface when multiple interfaces match a route
Adapt to RegGetValue brokenness in Windows 7
Fix format spec errors in Windows builds
Local functions are not supported in MSVC. Bummer.
Mixing wide and regular strings in concatenations is not allowed in MSVC.
RtlIpv6AddressToStringW() and RtlIpv4AddressToStringW() require mstcpip.h
Simplify iphlpapi.dll API calls
Fix local #include to use quoted form
Document ">PASSWORD:Auth-Token" real-time message
Fix typo in "verb" command examples
Uniform swprintf() across MinGW and MSVC compilers
MSVC meta files added to .gitignore list
openvpnserv: Add support for multi-instances
Document missing OpenVPN states
make struct key * argument of init_key_ctx const
buffer_list_aggregate_separator(): add unit tests
Add --tls-cert-profile option.
Use P_DATA_V2 for server->client packets too
Fix memory leak in buffer unit tests
buffer_list_aggregate_separator(): update list size after aggregating
buffer_list_aggregate_separator(): don't exceed max_len
buffer_list_aggregate_separator(): prevent 0-byte malloc
Fix types around buffer_list_push(_data)
ssl_openssl: fix compiler warning by removing getbio() wrapper
travis: use clang's -fsanitize=address to catch more bugs
Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
Add support for TLS 1.3 in --tls-version-{min, max}
Plug memory leak if push is interrupted
Fix format errors when cross-compiling for Windows
Log pre-handshake packet drops using D_MULTI_DROPPED
Enable stricter compiler warnings by default
Get rid of ax_check_compile_flag.m4
mbedtls: don't use API deprecated in mbed 2.7
Warn if tls-version-max < tls-version-min
Don't throw fatal errors from create_temp_file()
Fix '--bind ipv6only'
New I/O for Ruby (nio4r): cross-platform asynchronous I/O primitives for
scalable network clients and servers. Modeled after the Java NIO API, but
simplified for ease-of-use.
nio4r provides an abstract, cross-platform stateful I/O selector API for Ruby.
I/O selectors are the heart of "reactor"-based event loops, and monitor
multiple I/O objects for various types of readiness, e.g. ready for reading or
writing.
Generic connection pooling for Ruby.
MongoDB has its own connection pool. ActiveRecord has its own connection pool.
This is a generic connection pool that can be used with anything, e.g. Redis,
Dalli and other Ruby network clients.
**WARNING**: Don't ever use `Timeout.timeout` in your Ruby code or you will see
occasional silent corruption and mysterious errors. The Timeout API is unsafe
and cannot be used correctly, ever. Use proper socket timeout options as
exposed by Net::HTTP, Redis, Dalli, etc.
- Add testenv that ensures lexicon still works even if an optional
library is missing.
- Add Sakura Cloud DNS provider
- Add Gehirn Infrastructure Service DNS provider
Bugfixes:
#4560: Windows - External File Versioning Command path requires \ instead of \
#4659: panic: bug: removed more than added
#4680: Ignore pattern beginning with "#" does not match subpaths
#4689: Ignore patterns in web UI aren't reloaded if only comments change
#4701: Global is different from local state when ignoring files
Other issues:
#4687: basicfs_watch_tests are flaky
#4737: Remove KCP
pkgsrc changes:
* explicitly depends on json_pure gem as per Gemfile
* remove patches that has been integrated in upstream
Upstream changes:
mikutter 3.6.5
* world: on serializing World Model, change format to JSON to use
functions of Diva
* show an active account name in tooltip when mouse hovers on
World Shifter icon
* logo image in Form DSL about dialog widget was not shown in some case
* avoid warning caused by use of a deprecated constant
* follows and followers are not taken properly so that notifications
of follow and remove didn't work
* form DLS options were not in order
* Twitter: time of direct messages in the Activity tab was shown in UTC
* clear search timeline if blank is specified in the search box
* update description of requirements in README by assuming use of bundler
* twitpic images were not shown in some case
===========================
Bugfixes:
---------
- Unintentional zone re-sign during reload if empty NSEC3 salt
- Inconsistent zone names in journald structured logs
- Malformed outgoing transfer for big zone with TSIG
- Unexpected reply for DS query with an owner below a delegation point
- Old dependencies in the pkg-config file
[...]
Only new Features & Security fixes of the previous updates are shown below
For a complete of all Improvements & Bugfixes, see:
https://gitlab.labs.nic.cz/knot/knot-dns/blob/2.5/NEWS
Knot DNS 2.5.3 (2017-07-14)
===========================
Features:
---------
- CSK rollover support for Single-Type Signing Scheme
[...]
Knot DNS 2.5.2 (2017-06-23)
===========================
Security:
---------
- CVE-2017-11104: Improper TSIG validity period check can allow TSIG forgery (Thanks to Synacktiv!)
Knot DNS 2.5.0 (2017-06-05)
===========================
Features:
---------
- KASP database switched from JSON files to LMDB database
- KSK rollover support using CDNSKEY and CDS in the automatic DNSSEC signing
- Dynamic module loading support with proper module API
- Journal can store full zone contents (not only differences)
- Zone freeze/thaw support
- Updated knotc zone-status output with optional column filters
- New '[no]crypto' option in kdig
- New keymgr implementation reflecting KASP database changes
- New pykeymgr for JSON-based KASP database migration
- Removed obsolete knot1to2 utility
===========================
Security:
---------
- Improper TSIG validity period check can allow TSIG forgery (Thanks to Synacktiv!)
Bugfixes:
---------
- Corner case journal fixes (huge changesets, OpenWRT operation)
Knot DNS 2.4.4 (2017-06-05)
===========================
Improvements:
-------------
- Improved error handling in kjournalprint
Bugfixes:
---------
- Zone flush not replanned upon unsuccessful flush
- Journal inconsistency after deleting deleted zone
- Zone events not rescheduled upon server reload (Thanks to Mark Warren)
- Unreliable LMDB mapsize detection in kjournalprint
- Some minor issues found by AddressSanitizer
Knot DNS 2.4.3 (2017-04-11)
===========================
Improvements:
-------------
- New 'journal-db-mode' optimization configuration option
- The default TSIG algorithm for utilities input is HMAC-SHA256
- Implemented sensible default EDNS(0) padding policy (Thanks to D. K. Gillmor)
- Added some more semantic checks on the knotc configuration operations
Bugfixes:
---------
- Missing 'zone' keyword in the YAML output
- Missing trailing dot in the keymgr DS owner output
- Journal logs 'invalid parameter' in several cases
- Some minor journal-related problems
Knot DNS 2.4.2 (2017-03-23)
===========================
Features:
---------
- Zscanner can store record comments placed on the same line
- Knotc status extension with version, configure, and workers parameters
Improvements:
-------------
- Significant incoming XFR speed-up in the case of many zones
Bugfixes:
---------
- Double OPT RR insertion when a global module returns KNOT_STATE_FAIL
- User-driven zscanner parsing logic inconsistency
- Lower serial at master doesn't trigger any errors
- Queries with too long DNAME substitution do not return YXDOMAIN response
- Incorrect elapsed time in the DDNS log
- Failed to process forwarded DDNS request with TSIG
Knot DNS 2.4.1 (2017-02-10)
===========================
Improvements:
-------------
- Speed-up of rdata addition into a huge rrset
- Introduce check of minumum timeout for next refresh
- Dnsproxy module can forward all queries without local resolving
Bugfixes:
--------
- Transfer of a huge rrset goes into an infinite loop
- Huge response over TCP contains useless TC bit instead of SERVFAIL
- Failed to build utilities with disabled daemon
- Memory leaks during keys removal
- Rough TSIG packet reservation causes early truncation
- Minor out-of-bounds string termination write in rrset dump
- Server crash during stop if failed to open timers DB
- Failed to compile on OS X older than Sierra
- Poor minimum UDP-max-size configuration check
- Failed to receive one-record-per-message IXFR-style AXFR
- Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message
Knot DNS 2.4.0 (2017-01-18)
===========================
- Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message
Knot DNS 2.4.0 (2017-01-18)
===========================
Bugfixes:
--------
- False positive semantic-check warning about invalid bitmap in NSEC
- Unnecessary SOA queries upon notify with up to date serial
- Timers for expired zones are reset on reload
- Zone doesn't expire when the server is down
- Failed to handle keys with duplicate keytags
- Per zone module and global module insconsistency
- Obsolete online signing module configuration
- Malformed output from kjournalprint
- Redundant SO_REUSEPORT activation on the TCP socket
- Failed to use higher number of background workers
Improvements:
-------------
- Lower memory consumption with qp-trie
- Zone events and zone timers improvements
- Print all zone names in the FQDN format
- Simplified query module interface
- Shared TCP connection between SOA query and transfer
- Response Rate Limiting as a module with statistics support
- Key filters in keymgr
Features:
---------
- New unified LMDB-based zone journal
- Server statistics support
- New statistics module for traffic measuring
- Automatic deletion of retired DNSSEC keys
- New control logging category
version 3.49 (2018-03-03)
[ENHANCEMENTS]
* Better Layer3::Cumulus interface naming
[BUG FIXES]
* Use GitHub for MIBs download for testing, instead of sf.net
version 3.48 (2018-03-03)
[ENHANCEMENTS]
* Add Layer3::Cumulus for Cumulus Networks devices
0.40 2018/02/26 08:30:00
- Updated the copyright to 2018.
- Updated README to reference the new FTPSSL_SSL_VER environment variable for
the test case prompts. (t/*.t) Also fixed several typos in this file.
- BugId 124570 asked for "_mdtm()" to allow for dates from 1999 & earlier.
- Made the same BugId change in t/10-complex.t
Changes in version 0.3.2.10 - 2018-03-03
Tor 0.3.2.10 is the second stable release in the 0.3.2 series. It
backports a number of bugfixes, including important fixes for security
issues.
It includes an important security fix for a remote crash attack
against directory authorities, tracked as TROVE-2018-001.
Additionally, it backports a fix for a bug whose severity we have
upgraded: Bug 24700, which was fixed in 0.3.3.2-alpha, can be remotely
triggered in order to crash relays with a use-after-free pattern. As
such, we are now tracking that bug as TROVE-2018-002 and
CVE-2018-0491, and backporting it to earlier releases. This bug
affected versions 0.3.2.1-alpha through 0.3.2.9, as well as version
0.3.3.1-alpha.
This release also backports our new system for improved resistance to
denial-of-service attacks against relays.
This release also fixes several minor bugs and annoyances from
earlier releases.
Relays running 0.3.2.x SHOULD upgrade to one of the versions released
today, for the fix to TROVE-2018-002. Directory authorities should
also upgrade. (Relays on earlier versions might want to update too for
the DoS mitigations.)
Changes:
1.3.0
-----
* Added `--proxy` to explicitly specify a proxy server (#76)
* Added options to customize archive ID formats and undefined replacement
fields
* Changed various archive ID formats to improve their behavior for favorites
/ bookmarks / etc.
* Affected modules are `deviantart`, `flickr`, `tumblr`, `pixiv` and
all ...boorus
* Improved `sankaku` and `idolcomplex` support by
* respecting `page` and `next` URL parameters (#79)
* bypassing the page-limit for unauthenticated users
* Improved `directlink` metadata by properly unquoting it
* Fixed `pixiv` ugoira extraction (#78)
* Fixed miscellaneous extraction issues for `mangastream` and `tumblr`
* Removed `yeet`, `chronos`, `coreimg`, `hosturimage`, `imageontime`,
`img4ever`, `imgmaid`, `imgupload`
1.14.50
api-change:ec2: Update ec2 command to latest version
api-change:events: Update events command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version
api-change:storagegateway: Update storagegateway command to latest version
api-change:ssm: Update ssm command to latest version
1.14.49
api-change:application-autoscaling: Update application-autoscaling command to latest version
1.14.48
api-change:ecr: Update ecr command to latest version
1.6.3
api-change:ssm: [botocore] Update ssm client to latest version
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
api-change:events: [botocore] Update events client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.6.2
api-change:application-autoscaling: [botocore] Update application-autoscaling client to latest version
1.6.1
api-change:ecr: [botocore] Update ecr client to latest version
1.6.0
enhancement:Stubber: [botocore] Added the ability to add items to response metadata with the stubber.
api-change:sts: [botocore] Update sts client to latest version
api-change:route53: [botocore] Update route53 client to latest version
feature:s3: [botocore] Default to virtual hosted addressing regardless of signature version
1.9.3
api-change:ssm: Update ssm client to latest version
api-change:servicecatalog: Update servicecatalog client to latest version
api-change:events: Update events client to latest version
api-change:storagegateway: Update storagegateway client to latest version
api-change:ec2: Update ec2 client to latest version
1.9.2
api-change:application-autoscaling: Update application-autoscaling client to latest version
1.9.1
api-change:ecr: Update ecr client to latest version
1.9.0
enhancement:Stubber: Added the ability to add items to response metadata with the stubber.
api-change:sts: Update sts client to latest version
api-change:route53: Update route53 client to latest version
feature:s3: Default to virtual hosted addressing regardless of signature version
c-ares version 1.14.0:
Changes:
android: Introduce new ares_library_init_android() call for Oreo support
Bug fixes:
Fix patch for CVE-2017-1000381 to not be overly aggressive
win32: Preserve DNS server order returned by Windows when sorting and exclude DNS servers in legacy subnets
win32: Support most recent Visual Studio 2017
gethostbyaddr should fail with ECANCELLED not ENOTFOUND when ares_cancel is called
win32: Exclude legacy ipv6 subnets
android: Applications compiled for Oreo can no longer use __system_property_get and must use Java calls to retrieve DNS servers
win32: Force use of ANSI functions
CMake minimum version is now 3.1
ares_gethostbyname.3: fix callback status values
docs: Document WSAStartup requirement
Fix a typo in init_by_resolv_conf
Android JNI code leaks local references in some cases
Force using the ANSI versions of WinAPI functions
Changes since 4.3.6
!- Plugged a socket descriptor leak in OMAPI, that can occur when there is
data pending to be written to an OMAPI connection, when the connection
is closed by the reader.
[ISc-Bugs #46767]
! Corrected an issue where large sized 'X/x' format options were causing
option handling logic to overwrite memory when expanding them to human
readable form. Reported by Felix Wilhelm, Google Security Team.
[ISC-Bugs #47139]
CVE: CVE-2018-5732
! Option reference count was not correctly decremented in error path
when parsing buffer for options. Reported by Felix Wilhelm, Google
Security Team.
[ISC-Bugs #47140]
CVE: CVE-2018-5733
I'd like to install net/samba4 and net/freeradius on the same server.
But devel/talloc on which net/freeradius depends conflicts bundled talloc
library used in net/samba.
net/samba also should use devel/talloc package.
Bump PKGREVISION.
it seems that configure cannot detect IP_PKTINFO correctly
because of using SOL_IP. SOL_IP is not defined on *BSD.
And on netbsd, struct ip_pktinfo has no ipi_spec_dst.
From Ryo Shimizu.
PKGREVISION++
hub is a command line tool that wraps git in order to extend it
with extra features and commands that make working with GitHub
easier.
$ hub clone rtomayko/tilt
# expands to:
$ git clone git://github.com/rtomayko/tilt.git
hub is best aliased as `git', so you can type `git <command>' in the
shell and get all the usual hub features.
New Features
- Add configuration option to disable IP_BIND_ADDRESS_NO_PORT
Improvements
- Handle bracketed IPv6 addresses without ports
Bug Fixes
- Make dnsdist dynamic truncate do right thing on TCP/IP.
- Add missing QPSAction
- Don't create a Remote Logger in client mode.
- Use libsodium's CFLAGS, we might need them to find the includes.
- Keep the TCP connection open on cache hit, generated answers.
- Add the missing <sys/time.h> include to mplexer.hh for struct timeval.
- Sort the servers based on their 'order' after it has been set.
- Quiet unused variable warning on macOS (Chris Hofstaedtler).
- Fix the outstanding counter when an exception is raised.
- Do not connect the snmpAgent from a dnsdist client.
