Update samba4 package to 4.12.7.
==============================
Release Notes for Samba 4.12.7
September 18, 2020
==============================
This is a security release in order to address the following defect:
o CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon").
The following applies to Samba used as domain controller only (most
seriously the Active Directory DC, but also the classic/NT4-style DC).
Installations running Samba as a file server only are not directly
affected by this flaw, though they may need configuration changes to
continue to talk to domain controllers (see "file servers and domain
members" below).
The netlogon protocol contains a flaw that allows an authentication
bypass. This was reported and patched by Microsoft as CVE-2020-1472.
Since the bug is a protocol level flaw, and Samba implements the
protocol, Samba is also vulnerable.
However, since version 4.8 (released in March 2018), the default
behaviour of Samba has been to insist on a secure netlogon channel,
which is a sufficient fix against the known exploits. This default is
equivalent to having 'server schannel = yes' in the smb.conf.
Therefore versions 4.8 and above are not vulnerable unless they have
the smb.conf lines 'server schannel = no' or 'server schannel = auto'.
Samba versions 4.7 and below are vulnerable unless they have 'server
schannel = yes' in the smb.conf.
Note each domain controller needs the correct settings in its smb.conf.
Vendors supporting Samba 4.7 and below are advised to patch their
installations and packages to add this line to the [global] section if
their smb.conf file.
The 'server schannel = yes' smb.conf line is equivalent to Microsoft's
'FullSecureChannelProtection=1' registry key, the introduction of
which we understand forms the core of Microsoft's fix.
Some domains employ third-party software that will not work with a
'server schannel = yes'. For these cases patches are available that
allow specific machines to use insecure netlogon. For example, the
following smb.conf:
server schannel = yes
server require schannel:triceratops$ = no
server require schannel:greywacke$ = no
will allow only "triceratops$" and "greywacke$" to avoid schannel.
More details can be found here:
https://www.samba.org/samba/security/CVE-2020-1472.html
Update bind916 pacakge to 9.16.7.
--- 9.16.7 released ---
5501. [func] Log CDS/CDNSKEY publication. [GL #1748]
5500. [bug] Fix (non-)publication of CDS and CDNSKEY records.
[GL #2103]
5499. [func] Add '-P ds' and '-D ds' arguments to dnssec-settime.
[GL #1748]
5497. [bug] 'dig +bufsize=0' failed to disable EDNS. [GL #2054]
5496. [bug] Address a TSAN report by ensuring each rate limiter
object holds a reference to its task. [GL #2081]
5495. [bug] With query minimization enabled, named failed to
resolve ip6.arpa. names that had extra labels to the
left of the IPv6 part. [GL #1847]
5494. [bug] Silence the EPROTO syslog message on older systems.
[GL #1928]
5493. [bug] Fix off-by-one error when calculating new hash table
size. [GL #2104]
5492. [bug] Tighten LOC parsing to reject a period (".") and/or "m"
as a value. Fix handling of negative altitudes which are
not whole meters. [GL #2074]
5491. [bug] rbtversion->glue_table_size could be read without the
appropriate lock being held. [GL #2080]
5489. [bug] Named erroneously accepted certain invalid resource
records that were incorrectly processed after
subsequently being written to disk and loaded back, as
the wire format differed. Such records include: CERT,
IPSECKEY, NSEC3, NSEC3PARAM, NXT, SIG, TLSA, WKS, and
X25. [GL !3953]
5488. [bug] NTA code needed to have a weak reference on its
associated view to prevent the latter from being deleted
while NTA tests were being performed. [GL #2067]
5486. [func] Add 'rndc dnssec -checkds' command, which signals to
named that the DS record for a given zone or key has
been updated in the parent zone. [GL #1613]
Update bind911 package to 9.11.23.
--- 9.11.23 released ---
5497. [bug] 'dig +bufsize=0' failed to disable EDNS. [GL #2054]
5496. [bug] Address a TSAN report by ensuring each rate limiter
object holds a reference to its task. [GL #2081]
5492. [bug] Tighten LOC parsing to reject a period (".") and/or "m"
as a value. Fix handling of negative altitudes which are
not whole meters. [GL #2074]
5489. [bug] Named erroneously accepted certain invalid resource
records that were incorrectly processed after
subsequently being written to disk and loaded back, as
the wire format differed. Such records include: CERT,
IPSECKEY, NSEC3, NSEC3PARAM, NXT, SIG, TLSA, WKS, and
X25. [GL !3953]
5488. [bug] NTA code needed to have a weak reference on its
associated view to prevent the latter from being deleted
while NTA tests were being performed. [GL #2067]
* Use :tl for lower case PKGNAME.
Changelog:
v1.4.8
Adding timout option for RDP connections. !2091 @antenore
Avoid quickconnect to empty hostnames. Fixes#2240. !2092 @giox069
Using full paths instead of variables !2094 @antenore
Add support for quick connecting to RDP, VNC and SPICE from the command line !2093 @espentveit
Add SSH support to the protocol handler !2095 @espentveit
Restart SSH session when user has provided new username or password to allow for changing SSH user !2096 @espentveit
Use inline with AppStream 0.12 specification. !2097 @ghost1
Enabled GDK_SCROLL_SMOOTH for RDP/VNC !2098 @kenansun0
Some fixes for the RDP backend !2099 @pnowack
Trim white from ip addresses input into quick connect bar !2100 @daxkelson
Enhancing the SNAP info dialog box !2102 @antenore
Adding FreeRDP log level setting !2103 @antenore
Patron tally badge added to README !2090 @kingu
v1.4.7
Allow compilation with libwinpr (freerdp) pre commit 8c5d96784d !2083 @giox069
Bug fixing v1.4.6 !2082 @antenore
Spelling: Automatic negotiation !2084 @kingu
Spelling: GNOME Shell, opt-in desc, comments !2085 @kingu
Memory leaks fixes!2086 @antenore
RDP: Replacing deprecated freerdp function VeryfyCertificate !2087 @antenore
3.50.0 (2020-08-27)
- Minor fixes to Tardigrade integration
3.50.0-rc1 (2020-08-21)
+ Update Storj/Tardigrade integration, now based on the uplink-c library
- Fix layout issues in the Site Manager if switching protocol
- Restored natural sort option for file list sorting
3.49.1 (2020-07-15)
- Fixed selection changes not being reflected in the Site Manager in some circumstances
3.49.0 (2020-07-13)
- Fixed retrying initial connection attempts
3.49.0-rc1 (2020-07-07)
- MSW: Tab bar icons now scale on high-DPI displays
- The sizing and spacing of several dialogs has been improved on high-DPI displays
- MSW: Fix visual glitches when changing the selected site in the Site Manager
- When creating a new tab, the pane sizes are now inherited from the previous tab.
- macOS: Additional fixes for handling Cmd+V, Cmd+C and Cmd+X in text input controls
- Refactored internal settings and option handling
Features
- Add gh release commands for managing GitHub Releases
- Add gh pr checks command
- Add gh gist list/view/edit commands
- Improve resolving the base repository for all commands
- Additionally, gh pr create now prompts for where to push the current branch,
including an option to create a fork, instead of trying to guess the head
repository or automatically fork in the background.
- Add gh pr create --head <branch> flag to explicitly set the head branch for
automation and opt out of any forking/pushing functionality.
- Add gh config set prompt disabled config setting
- Add gh help environment help topic listing all supported environment
variables
- Add support for PAGER environment variable to enable a terminal pager program
such as less, also supported through the pager config option
- Add gh auth login --web flag
Bugs
- pr merge --squash: add pull request title to the commit subject
- pr create: prepend body defaults to the selected template
- repo view: do not HTML-escape output
- issue list: fix misalignment due to Unicode and emoji characters
- Fix terminal color display under various color schemes
- Fix zsh completion script
- Fix opening the web browser under WSL
While here fix the build on SunOS, based on patches in joyent/pkgsrc#266
from mrferda.
0.24.1 (2020-08-27)
- fz::to_integral can now handle strongly typed enum return types
0.24.0 (2020-08-21)
+ Added fz::equal_consttime
- fz::sprintf now works corrcetly if arguments are passed as (w)string_view
0.23.0 (2020-07-07)
+ Added reader/writer locks
- fz::mkdir can now return the the longest created path in case of partial failures
From upstream's release notes:
Major changes since 0.8.2:
- mostly bugfixes and performance improvements
New plugins:
- plugin_stats: write some statistics about currently active calls
- plugin_blacklist: new plugin to block UACs that cause excessive
failures during REGISTER attempts
Upgrade Notes 0.8.2 to 0.8.3:
- Merge the configuration file
Changes in version 0.4.4.5 - 2020-09-15
Tor 0.4.4.5 is the first stable release in the 0.4.4.x series. This
series improves our guard selection algorithms, adds v3 onion balance
support, improves the amount of code that can be disabled when running
without relay support, and includes numerous small bugfixes and
enhancements. It also lays the ground for some IPv6 features that
we'll be developing more in the next (0.4.5) series.
Per our support policy, we support each stable release series for nine
months after its first stable release, or three months after the first
stable release of the next series: whichever is longer. This means
that 0.4.4.x will be supported until around June 2021--or later, if
0.4.5.x is later than anticipated.
Note also that support for 0.4.2.x has just ended; support for 0.4.3
will continue until Feb 15, 2021. We still plan to continue supporting
0.3.5.x, our long-term stable series, until Feb 2022.
o Major features (Proposal 310, performance + security):
- Implements Proposal 310, "Bandaid on guard selection". Proposal
310 solves load-balancing issues with older versions of the guard
selection algorithm, and improves its security. Under this new
algorithm, a newly selected guard never becomes Primary unless all
previously sampled guards are unreachable. Implements
recommendation from 32088. (Proposal 310 is linked to the CLAPS
project researching optimal client location-aware path selections.
This project is a collaboration between the UCLouvain Crypto Group,
the U.S. Naval Research Laboratory, and Princeton University.)
o Major features (fallback directory list):
- Replace the 148 fallback directories originally included in Tor
0.4.1.4-rc (of which around 105 are still functional) with a list
of 144 fallbacks generated in July 2020. Closes ticket 40061.
o Major features (IPv6, relay):
- Consider IPv6-only EXTEND2 cells valid on relays. Log a protocol
warning if the IPv4 or IPv6 address is an internal address, and
internal addresses are not allowed. But continue to use the other
address, if it is valid. Closes ticket 33817.
- If a relay can extend over IPv4 and IPv6, and both addresses are
provided, it chooses between them uniformly at random. Closes
ticket 33817.
- Re-use existing IPv6 connections for circuit extends. Closes
ticket 33817.
- Relays may extend circuits over IPv6, if the relay has an IPv6
ORPort, and the client supplies the other relay's IPv6 ORPort in
the EXTEND2 cell. IPv6 extends will be used by the relay IPv6
ORPort self-tests in 33222. Closes ticket 33817.
o Major features (v3 onion services):
- Allow v3 onion services to act as OnionBalance backend instances,
by using the HiddenServiceOnionBalanceInstance torrc option.
Closes ticket 32709.
o Major bugfixes (NSS):
- When running with NSS enabled, make sure that NSS knows to expect
nonblocking sockets. Previously, we set our TCP sockets as
nonblocking, but did not tell NSS, which in turn could lead to
unexpected blocking behavior. Fixes bug 40035; bugfix
on 0.3.5.1-alpha.
o Major bugfixes (onion services, DoS):
- Correct handling of parameters for the onion service DoS defense.
Previously, the consensus parameters for the onion service DoS
defenses were overwriting the parameters set by the service
operator using HiddenServiceEnableIntroDoSDefense. Fixes bug
40109; bugfix on 0.4.2.1-alpha.
o Major bugfixes (stats, onion services):
- Fix a bug where we were undercounting the Tor network's total
onion service traffic, by ignoring any traffic originating from
clients. Now we count traffic from both clients and services.
Fixes bug 40117; bugfix on 0.2.6.2-alpha.
o Minor features (security):
- Channels using obsolete versions of the Tor link protocol are no
longer allowed to circumvent address-canonicity checks. (This is
only a minor issue, since such channels have no way to set ed25519
keys, and therefore should always be rejected for circuits that
specify ed25519 identities.) Closes ticket 40081.
o Minor features (bootstrap reporting):
- Report more detailed reasons for bootstrap failure when the
failure happens due to a TLS error. Previously we would just call
these errors "MISC" when they happened during read, and "DONE"
when they happened during any other TLS operation. Closes
ticket 32622.
o Minor features (client-only compilation):
- Disable more code related to the ext_orport protocol when
compiling without support for relay mode. Closes ticket 33368.
- Disable more of our self-testing code when support for relay mode
is disabled. Closes ticket 33370.
- Most server-side DNS code is now disabled when building without
support for relay mode. Closes ticket 33366.
o Minor features (code safety):
- Check for failures of tor_inet_ntop() and tor_inet_ntoa()
functions in DNS and IP address processing code, and adjust
codepaths to make them less likely to crash entire Tor instances.
Resolves issue 33788.
o Minor features (continuous integration):
- Run unit-test and integration test (Stem, Chutney) jobs with
ALL_BUGS_ARE_FATAL macro being enabled on Travis and Appveyor.
Resolves ticket 32143.
o Minor features (control port):
- If a ClientName was specified in ONION_CLIENT_AUTH_ADD for an
onion service, display it when we use ONION_CLIENT_AUTH_VIEW.
Closes ticket 40089. Patch by Neel Chauhan.
- Return a descriptive error message from the 'GETINFO status/fresh-
relay-descs' command on the control port. Previously, we returned
a generic error of "Error generating descriptor". Closes ticket
32873. Patch by Neel Chauhan.
o Minor features (defense in depth):
- Wipe more data from connection address fields before returning
them to the memory heap. Closes ticket 6198.
o Minor features (denial-of-service memory limiter):
- Allow the user to configure even lower values for the
MaxMemInQueues parameter. Relays now enforce a minimum of 64 MB,
when previously the minimum was 256 MB. On clients, there is no
minimum. Relays and clients will both warn if the value is set so
low that Tor is likely to stop working. Closes ticket 24308.
o Minor features (developer tooling):
- Add a script to help check the alphabetical ordering of option
names in the manual page. Closes ticket 33339.
- Refrain from listing all .a files that are generated by the Tor
build in .gitignore. Add a single wildcard *.a entry that covers
all of them for present and future. Closes ticket 33642.
- Add a script ("git-install-tools.sh") to install git hooks and
helper scripts. Closes ticket 33451.
o Minor features (directory authority):
- Authorities now recommend the protocol versions that are supported
by Tor 0.3.5 and later. (Earlier versions of Tor have been
deprecated since January of this year.) This recommendation will
cause older clients and relays to give a warning on startup, or
when they download a consensus directory. Closes ticket 32696.
o Minor features (directory authority, shared random):
- Refactor more authority-only parts of the shared-random scheduling
code to reside in the dirauth module, and to be disabled when
compiling with --disable-module-dirauth. Closes ticket 33436.
o Minor features (directory):
- Remember the number of bytes we have downloaded for each directory
purpose while bootstrapping, and while fully bootstrapped. Log
this information as part of the heartbeat message. Closes
ticket 32720.
o Minor features (entry guards):
- Reinstate support for GUARD NEW/UP/DOWN control port events.
Closes ticket 40001.
o Minor features (IPv6 support):
- Adds IPv6 support to tor_addr_is_valid(). Adds tests for the above
changes and tor_addr_is_null(). Closes ticket 33679. Patch
by MrSquanchee.
- Allow clients and relays to send dual-stack and IPv6-only EXTEND2
cells. Parse dual-stack and IPv6-only EXTEND2 cells on relays.
Closes ticket 33901.
o Minor features (linux seccomp2 sandbox, portability):
- Allow Tor to build on platforms where it doesn't know how to
report which syscall caused the linux seccomp2 sandbox to fail.
This change should make the sandbox code more portable to less
common Linux architectures. Closes ticket 34382.
- Permit the unlinkat() syscall, which some Libc implementations use
to implement unlink(). Closes ticket 33346.
o Minor features (logging):
- When trying to find our own address, add debug-level logging to
report the sources of candidate addresses. Closes ticket 32888.
o Minor features (onion service client, SOCKS5):
- Add 3 new SocksPort ExtendedErrors (F2, F3, F7) that reports back
new type of onion service connection failures. The semantics of
these error codes are documented in proposal 309. Closes
ticket 32542.
o Minor features (onion service v3):
- If a service cannot upload its descriptor(s), log why at INFO
level. Closes ticket 33400; bugfix on 0.3.2.1-alpha.
o Minor features (python scripts):
- Stop assuming that /usr/bin/python exists. Instead of using a
hardcoded path in scripts that still use Python 2, use
/usr/bin/env, similarly to the scripts that use Python 3. Fixes
bug 33192; bugfix on 0.4.2.
o Minor features (testing, architecture):
- Our test scripts now double-check that subsystem initialization
order is consistent with the inter-module dependencies established
by our .may_include files. Implements ticket 31634.
- Initialize all subsystems at the beginning of our unit test
harness, to avoid crashes due to uninitialized subsystems. Follow-
up from ticket 33316.
- Our "make check" target now runs the unit tests in 8 parallel
chunks. Doing this speeds up hardened CI builds by more than a
factor of two. Closes ticket 40098.
o Minor features (v3 onion services):
- Add v3 onion service status to the dumpstats() call which is
triggered by a SIGUSR1 signal. Previously, we only did v2 onion
services. Closes ticket 24844. Patch by Neel Chauhan.
o Minor features (windows):
- Add support for console control signals like Ctrl+C in Windows.
Closes ticket 34211. Patch from Damon Harris (TheDcoder).
o Minor bugfixes (control port, onion service):
- Consistently use 'address' in "Invalid v3 address" response to
ONION_CLIENT_AUTH commands. Previously, we would sometimes say
'addr'. Fixes bug 40005; bugfix on 0.4.3.1-alpha.
o Minor bugfixes (correctness, buffers):
- Fix a correctness bug that could cause an assertion failure if we
ever tried using the buf_move_all() function with an empty input
buffer. As far as we know, no released versions of Tor do this.
Fixes bug 40076; bugfix on 0.3.3.1-alpha.
o Minor bugfixes (directory authorities):
- Directory authorities now reject votes that arrive too late. In
particular, once an authority has started fetching missing votes,
it no longer accepts new votes posted by other authorities. This
change helps prevent a consensus split, where only some authorities
have the late vote. Fixes bug 4631; bugfix on 0.2.0.5-alpha.
o Minor bugfixes (git scripts):
- Stop executing the checked-out pre-commit hook from the pre-push
hook. Instead, execute the copy in the user's git directory. Fixes
bug 33284; bugfix on 0.4.1.1-alpha.
o Minor bugfixes (initialization):
- Initialize the subsystems in our code in an order more closely
corresponding to their dependencies, so that every system is
initialized before the ones that (theoretically) depend on it.
Fixes bug 33316; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (IPv4, relay):
- Check for invalid zero IPv4 addresses and ports when sending and
receiving extend cells. Fixes bug 33900; bugfix on 0.2.4.8-alpha.
o Minor bugfixes (IPv6, relay):
- Consider IPv6 addresses when checking if a connection is
canonical. In 17604, relays assumed that a remote relay could
consider an IPv6 connection canonical, but did not set the
canonical flag on their side of the connection. Fixes bug 33899;
bugfix on 0.3.1.1-alpha.
- Log IPv6 addresses on connections where this relay is the
responder. Previously, responding relays would replace the remote
IPv6 address with the IPv4 address from the consensus. Fixes bug
33899; bugfix on 0.3.1.1-alpha.
o Minor bugfixes (linux seccomp2 sandbox):
- Fix a regression on sandboxing rules for the openat() syscall. The
fix for bug 25440 fixed the problem on systems with glibc >= 2.27
but broke with versions of glibc. We now choose a rule based on
the glibc version. Patch from Daniel Pinto. Fixes bug 27315;
bugfix on 0.3.5.11.
- Makes the seccomp sandbox allow the correct syscall for opendir
according to the running glibc version. This fixes crashes when
reloading torrc with sandbox enabled when running on glibc 2.15 to
2.21 and 2.26. Patch from Daniel Pinto. Fixes bug 40020; bugfix
on 0.3.5.11.
o Minor bugfixes (logging, testing):
- Make all of tor's assertion macros support the ALL_BUGS_ARE_FATAL
and DISABLE_ASSERTS_IN_UNIT_TESTS debugging modes. (IF_BUG_ONCE()
used to log a non-fatal warning, regardless of the debugging
mode.) Fixes bug 33917; bugfix on 0.2.9.1-alpha.
- Remove surprising empty line in the INFO-level log about circuit
build timeout. Fixes bug 33531; bugfix on 0.3.3.1-alpha.
o Minor bugfixes (mainloop):
- Better guard against growing a buffer past its maximum 2GB in
size. Fixes bug 33131; bugfix on 0.3.0.4-rc.
o Minor bugfixes (onion service v3 client):
- Remove a BUG() warning that could occur naturally. Fixes bug
34087; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (onion service, logging):
- Fix a typo in a log message PublishHidServDescriptors is set to 0.
Fixes bug 33779; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (onion services v3):
- Avoid a non-fatal assertion failure in certain edge-cases when
opening an intro circuit as a client. Fixes bug 34084; bugfix
on 0.3.2.1-alpha.
o Minor bugfixes (protocol versions):
- Sort tor's supported protocol version lists, as recommended by the
tor directory specification. Fixes bug 33285; bugfix
on 0.4.0.1-alpha.
o Minor bugfixes (rate limiting, bridges, pluggable transports):
- On a bridge, treat all connections from an ExtORPort as remote by
default for the purposes of rate-limiting. Previously, bridges
would treat the connection as local unless they explicitly
received a "USERADDR" command. ExtORPort connections still count
as local if there is a USERADDR command with an explicit local
address. Fixes bug 33747; bugfix on 0.2.5.1-alpha.
o Minor bugfixes (refactoring):
- Lift circuit_build_times_disabled() out of the
circuit_expire_building() loop, to save CPU time when there are
many circuits open. Fixes bug 33977; bugfix on 0.3.5.9.
o Minor bugfixes (relay, self-testing):
- When starting up as a relay, if we haven't been able to verify
that we're reachable, only launch reachability tests at most once
a minute. Previously, we had been launching tests up to once a
second, which was needlessly noisy. Fixes bug 40083; bugfix
on 0.2.8.1-alpha.
o Minor bugfixes (relay, usability):
- Adjust the rules for when to warn about having too many
connections to other relays. Previously we'd tolerate up to 1.5
connections per relay on average. Now we tolerate more connections
for directory authorities, and raise the number of total
connections we need to see before we warn. Fixes bug 33880; bugfix
on 0.3.1.1-alpha.
o Minor bugfixes (SOCKS, onion service client):
- Detect v3 onion service addresses of the wrong length when
returning the F6 ExtendedErrors code. Fixes bug 33873; bugfix
on 0.4.3.1-alpha.
o Minor bugfixes (tests):
- Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run
on its own. Previously, it would exit with an error. Fixes bug
40099; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (v3 onion services):
- Remove a BUG() warning that could trigger in certain unlikely
edge-cases. Fixes bug 34086; bugfix on 0.3.2.1-alpha.
- Remove a BUG() that was causing a stacktrace when a descriptor
changed at an unexpected time. Fixes bug 28992; bugfix
on 0.3.2.1-alpha.
o Minor bugfixes (windows):
- Fix a bug that prevented Tor from starting if its log file grew
above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha.
o Code simplification and refactoring:
- Define and use a new constant TOR_ADDRPORT_BUF_LEN which is like
TOR_ADDR_BUF_LEN but includes enough space for an IP address,
brackets, separating colon, and port number. Closes ticket 33956.
Patch by Neel Chauhan.
- Merge the orconn and ocirc events into the "core" subsystem, which
manages or connections and origin circuits. Previously they were
isolated in subsystems of their own.
- Move LOG_PROTOCOL_WARN to app/config. Resolves a dependency
inversion. Closes ticket 33633.
- Move the circuit extend code to the relay module. Split the
circuit extend function into smaller functions. Closes
ticket 33633.
- Rewrite port_parse_config() to use the default port flags from
port_cfg_new(). Closes ticket 32994. Patch by MrSquanchee.
- Updated comments in 'scheduler.c' to reflect old code changes, and
simplified the scheduler channel state change code. Closes
ticket 33349.
- Refactor configuration parsing to use the new config subsystem
code. Closes ticket 33014.
- Move a series of functions related to address resolving into their
own files. Closes ticket 33789.
o Documentation:
- Replace most http:// URLs in our code and documentation with
https:// URLs. (We have left unchanged the code in src/ext/, and
the text in LICENSE.) Closes ticket 31812. Patch from Jeremy Rand.
- Document the limitations of using %include on config files with
seccomp sandbox enabled. Fixes documentation bug 34133; bugfix on
0.3.1.1-alpha. Patch by Daniel Pinto.
o Removed features:
- Our "check-local" test target no longer tries to use the
Coccinelle semantic patching tool parse all the C files. While it
is a good idea to try to make sure Coccinelle works on our C
before we run a Coccinelle patch, doing so on every test run has
proven to be disruptive. You can still run this tool manually with
"make check-cocci". Closes ticket 40030.
- Remove the ClientAutoIPv6ORPort option. This option attempted to
randomly choose between IPv4 and IPv6 for client connections, and
wasn't a true implementation of Happy Eyeballs. Often, this option
failed on IPv4-only or IPv6-only connections. Closes ticket 32905.
Patch by Neel Chauhan.
- Stop shipping contrib/dist/rc.subr file, as it is not being used
on FreeBSD anymore. Closes issue 31576.
o Testing:
- Add a basic IPv6 test to "make test-network". This test only runs
when the local machine has an IPv6 stack. Closes ticket 33300.
- Add test-network-ipv4 and test-network-ipv6 jobs to the Makefile.
These jobs run the IPv4-only and dual-stack chutney flavours from
test-network-all. Closes ticket 33280.
- Remove a redundant distcheck job. Closes ticket 33194.
- Run the test-network-ipv6 Makefile target in the Travis CI IPv6
chutney job. This job runs on macOS, so it's a bit slow. Closes
ticket 33303.
- Sort the Travis jobs in order of speed. Putting the slowest jobs
first takes full advantage of Travis job concurrency. Closes
ticket 33194.
- Stop allowing the Chutney IPv6 Travis job to fail. This job was
previously configured to fast_finish (which requires
allow_failure), to speed up the build. Closes ticket 33195.
- Test v3 onion services to tor's mixed IPv4 chutney network. And
add a mixed IPv6 chutney network. These networks are used in the
test-network-all, test-network-ipv4, and test-network-ipv6 make
targets. Closes ticket 33334.
- Use the "bridges+hs-v23" chutney network flavour in "make test-
network". This test requires a recent version of chutney (mid-
February 2020). Closes ticket 28208.
- When a Travis chutney job fails, use chutney's new "diagnostics.sh"
tool to produce detailed diagnostic output. Closes ticket 32792.
o Deprecated features (onion service v2):
- Add a deprecation warning for version 2 onion services. Closes
ticket 40003.
o Documentation (manual page):
- Add cross reference links and a table of contents to the HTML tor
manual page. Closes ticket 33369. Work by Swati Thacker as part of
Google Season of Docs.
- Alphabetize the Denial of Service Mitigation Options, Directory
Authority Server Options, Hidden Service Options, and Testing
Network Options sections of the tor(1) manual page. Closes ticket
33275. Work by Swati Thacker as part of Google Season of Docs.
- Refrain from mentioning nicknames in manpage section for MyFamily
torrc option. Resolves issue 33417.
- Updated the options set by TestingTorNetwork in the manual page.
Closes ticket 33778.
This is 2.51.3_rc1. It is believed to interoperate with 2.51.2 (no
wire protocol break), but this is not 100% certain.
Upstream changes relative to the last snapshot:
(not provided, probably many, mostly bugfixes)
A change since 2.51.2 caused a protocol break; this has been reverted.
Upstream NEWS relative to the last release:
Changes since 2.51.2:
* Some nontrivial changes to profile parsing (G.raud Meyer)
+ ’=’ has been considered whitespace until now: several
following chars are considered as only one; trailing chars are
discarded; any non emty sequence of char is splitting. This is
non standard and leads to confusion, for example -ignore==
’Name .*=*’ is valid when -ignore=’Name .*=*’ is not, and
worse -ignore=’Name *=’ is the same as -ignore=’Name *’. The
parser now takes just a single ’=’ as delimiter after the
option name. Other = characters are considered as part of the
value being assigned to the option.
* Numerous improvements to the text user-interface (G.raud Meyer)
+ New key-commands that restrict the display to a set of
"matching" items: ones that are offering to propagate changes
in a particular direction, conflicts, files to be merged,
etc., plus several more useful key-commands. Type "?" to
Unison to see all available commands.
6.7.0:
Reworked tests and finally applied
Improve documentation examples and snippets
Restore RobustChannel.default_exchange on reconnect
Improve the docs a bit
3.0.1:
This release fixes an issue with Basic.Reject requeue=False always being set to True
3.0.0:
This represents the first stable release of the 3.0 branch for pamqp. It is Python 3.6+ only and is focused on protocol correctness and completeness.
Changes
Bugfix for encoding of unsigned small integers being treated as signed small integers
Updated tests around timezone behavior issues
Update ruby-train-core package to 3.3.21.
3.3.21 (2020-09-14)
Merged Pull Requests
* Resolve test failures on Ruby 2.4 #632 (tas50)
* Update chefstyle requirement from 1.2.0 to 1.2.1 #631
(dependabot-preview[bot])
* Update Google gem versions for train #635 (lhasadreams)
* Switch from FILE to dir where we can #638 (tas50)
* Allow for docker-api 2.x #637 (tas50)
3.3.16 (2020-08-17)
Merged Pull Requests
* Fix spelling mistakes including misidentification of XenServer #628
(tas50)
* Remove 1.x branch config from Expeditor #622 (tas50)
* Speed up requires in non-omnibus Ruby installs #630 (tas50)
3.3.13 (2020-08-05)
Merged Pull Requests
* Update chefstyle requirement from 1.1.1 to 1.1.2 #619
(dependabot-preview[bot])
* Get the old integration tests closer to running #620 (tas50)
* Run Chefstyle on the oldest ruby we support #621 (tas50)
* Remove the redundant encoding comments #623 (tas50)
* Update chefstyle requirement from 1.1.2 to 1.1.3 #624
(dependabot-preview[bot])
* Avoid minor rubocop warning #626 (tas50)
* Update chefstyle requirement from 1.1.3 to 1.2.0 #627
(dependabot-preview[bot])
3.3.6 (2020-07-02)
Merged Pull Requests
* Fix incorrect error message when password is expired #616 (vsingh-msys)
* Properly detect macOS Big Sur as being platform mac_os_x #618 (tas50)
3.3.4 (2020-06-25)
Merged Pull Requests
* Add DragonflyBSD detection #614 (tecracer-theinen)
* Update chefstyle requirement from 1.1.0 to 1.1.1 #611
(dependabot-preview[bot])
* Fix SSH Connection reuse #613 (tecracer-theinen)
Update ruby-recog package to 2.3.14.
2.3.14 - 2020.08.07
Highlights:
* HTTP: Improved coverage of VNC related web services (#282)
* HTTP: Improved coverage and CPEs of SonicWall and Cisco Expressway (#283)
2.3.13 - 2020.08.03
Highlights:
* Improving coverage of Moxa devices (#280)
* Adding fingerprints for certain high volume services as observed by
Project Sonar (#280, #281)
* CPE: Improving the number of fingerprints and Project Sonar matches that
returned CPEs (#281)
2.3.12 - 2020.07.23
Highlights:
* HTTP: Additional SAP NetWeaver and Glassfish coverage and fixes (#279)
* FTP: Serv-U and Filezilla improvements (#279)
* CPE: Tweaks to vendor, service, and cpe-remap.yaml which resulted in much
better coverage for services frequently seen on the Internet. See PR for
stats. (#279)
2.3.11 - 2020.07.16
Highlights:
* HTTP: Adjust banner for $ProjectRevision (Treck TCP/IP) by Anderson Luan
(#272)
* HTTP: SAP Internet Graphics Server and Message Server fingerprints (#275)
* DNS: Windows Server 2008 SP2, performance and other coverage tweaks (#276)
* DNS: Avoid spoofed Microsoft DNS Server, add Debian Buster (#277)
* CPE: Correct CPE generating automation (#278)
2.3.10 - 2020.07.14
Highlights:
* SAP NetWeaver: Telnet and HTTP tweaks (#274)
2.3.9 - 2020.07.14
Highlights:
* Upgrade lxml, improve fingerprint readability (#268)
* New fingerprints and completed normalization by HD Moore (#269)
* New Database: favicons.xml (MD5 fingerprints for favicon.ico files) by HD
Moore (#270)
* HTTP: Project Sonar HTTP updates (including SAP Netweaver / Oracle) (#273)
Update ruby-net-ldap package to 0.16.3.
0.16.3 (2020-08-18)
* Add Net::LDAP::InvalidDNError #371
* Use require_relative instead of require #360
* Address some warnings and fix JRuby test omissions #365
* Bump rake dev dependency to 12.3 #359
* Enable rubocop in ci #251
* Enhance rubocop configuration and test syntax #344
* CI: Drop rbx-2, uninstallable #364
* Fix RuboCop warnings #312
* Fix wrong error class #305
* CONTRIBUTING.md: Repair link to Issues #309
* Make the generate() method more idiomatic... #326
* Make encode_sort_controls() more idiomatic... #327
* Make the instrument() method more idiomatic... #328
* Fix uninitialised Net::LDAP::LdapPduError #338
* README.rdoc: Use SVG build badge #310
* Update TravisCI config to inclue Ruby 2.7 #346
* add explicit ** to silence Ruby 2.7 warning #342
* Support parsing filters with attribute tags #345
* Bump rubocop development dependency version #336
* Add link to generated and hosted documentation on rubydoc #319
* Fix 'uninitialized constant Net::LDAP::PDU::LdapPduError' error #317
* simplify encoding logic: no more chomping required #362
Update ruby-dnsruby package to 1.61.4.
## v1.61.4
* Dnsruby::Name : document .punycode
* gemspec enhancement
* add yard build file
* fix create name include url special characters
* Fix uninitialized constant error when using via Rails
* Implement ECDSAP256SHA256 (13) / ECDSAP384SHA384 (14) algorithms for DNSKEY
* Reinitialize all IANA TAR keys with Dnssec.reset
Update ruby-amq-protocol package to 2.3.2.
## Changes between 2.3.1 and 2.3.2 (July 10th, 2020)
### Safer Encoding Handling When Serialising Message Properties and Headers
Contributed by @bbascarevic-tti.
2.5 Fri, 12 Apr 2019
core:
* linux: reload logger during daemonize to avoid issues like not listening http
daemon if logger has still not been used before starting the listener
* Fix#646: HTTP daemon not starting on CentOS 7
* revert dfcb64573e as now more generic fix has been implemented in a538abaed7
(tested on CentOS 6)
* win32: don't show service memory usage on OS not supporting GetProcessMemoryInfo
* Fix#601: Log URL for server target and log path for local target
* win32: add early stderr logging support for service
Just rename "fusioninventory-win32-service.rc.sample" removing ".sample" part
to enable this feature. This can be handy to investigate start service failures.
* Added support for HTTPD plugins
* Added Inventory HTTPD plugins to permit remote inventory request (disabled by default)
* Added Listener target to permit agent to only answer http requests
* Updated configuration to support HTTPD plugins dedicated configuration file
* Added fusioninventory-remoteinventory script to request agent with Inventory
HTTPD plugin enabled
* Fix HTTPD local address reuse
* Added SSL HTTPD plugins to support SSL in any server plugins
* Limit the reload target check to 30 seconds
* win32: report memory usage as Working Set Size (WSS) and Page File Usage (PFU)
* win32: revert handling service with callbacks. Even if Win32::Daemon proposes
the callbacks usage obsoletes the typical skeleton code, the callbacks usage
is known to leak memory and tests with latest Win32::Daemon shows that's true.
* win32: handle task run in a managed thread as this is more efficient than using
perl fork with thread emulation under win32 and preserve a little memory usage.
* win32: wait service control manager is ready before really starting the service
* logger: don't use File::stat module to just get logfile file size, better use -s
as File::stat module seems to fail in rare case.
inventory:
* Bump Inventory task version to 1.7
* Fix lspci command subsystem parsing
* Fix hponcfg.exe can output on stderr on win32 when not really usable
* Skip not working under win32 Generic::Users inventory
Also avoid error in log on /etc/passwd and /etc/group not found files
* Fix#601: Log deviceid as agentid and related target when running an inventory
* Fix#644: Make WORKGROUP inventory consistent
* Fix#541: Don't try to scan virtualbox VM in win32 users directories
* Updated pci.ids to 2019.04.12 version
* Updated usb.ids to 2019.03.20 version
netdiscovery/netinventory:
* Bump NetDiscovery task version to 2.9
* Bump NetInventory task version to 3.3
* Add Lancom in networking devices recognized by description parsing
* Fix#650: discard empty consumable level elements
* Fix#651: discard empty type element
* Add Netdisco export contrib script from Stoatwblr, see contrib/netdisco
* Fix#638: Fix Kyocera counters handling thanks to Stoatwblr
* Printers: assume -2 counter value means a WARNING level and report it
Thanks Stoatwblr for the deep investigation
* Add Oki printer support
* Add APC serialnumber support
* Fix#612: Enhanced Ubnt AccessPoint support
* Updated sysobject.ids (tagged fia-2.5 tag on github repository)
deploy:
* Bump Deploy task version to 2.8
* Fix#394: Check file parts source/mirror url to guaranty it ends with a slash
and trigger an error if it doesn't look like a valid URL.
collect:
* Bump Collect task version to 2.6
* WMI properties can now be a list of properties with comma or space as separator
2.4.3 Fri, 22 Feb 2019
core:
* fix some cases where a file handle was not closed
* win32: fix a handle leak case when agent was running as service
* Fix#637: Don't depend on GNU install during "make install" to support
more Unix systems
* daemon/service: reload target when the stat file has been updated by
another script to use the updated next run timeout
* For server target, server connection attempts are delayed from 60 seconds,
doubled at each new failed attempt, now until reaching max defined by delaytime
configuration parameter.
inventory:
* Bump Inventory task version to 1.6
* win32 antivirus support update:
- nicer product name report for ESET
- report expiration date for ESET
* Fix#582: Add other Acer monitors support
* Fix#687: Virtuozzo inventory task doesn't include first container
* Add few minor fix to virtuozzo containers inventory
* Fix LXC containers support to support recent LXC versions
* Fix#625: Container UUID is the same than host UUID
* Fix#624: Skip incomplete battery infos from dmidecode (seen on MacOS)
* Fix#631: Fix duplicated memory inventory on MacOS
* linux: fix storage size inventory
* linux: try to set storage serialnumber from mbr partition id or even
PV UUID when not found (hdparm missing or virtual drive)
* Fix#604: Only inventory Windows Store on recent win32 platforms
* Fix#596: Openstack container seen as Physical on win32
* Fix#593: Correct detection of machine type when /var/log/dmesg is too short
* Fix#583: Add BitDefender antivirus support
* Encrypted filesystems support added
* Updated pci.ids to 2019.02.20 version
* Updated usb.ids to 2019.01.17 version
netdiscovery/netinventory:
* Bump NetDiscovery task version to 2.8
* Bump NetInventory task version to 3.2
* Add BlueCoat proxy appliance serialnumber support
* win32: Support arp table check for NetDiscovery task
* Fix#634: Net::Ping version may not numeric with win32 installer
* Add Panasas PanFS support
* Add few HP/Compaq serialnumber cases support
* Fix#605: try 'ip neighbor show' if 'arp' is not available for netdiscovery
* Add UPS-MIB support for Riello, S2S & APC
* Components support added
* Updated sysobject.ids (tagged fia-2.4.3 tag on github repository)
2.4.2 Wed, 03 Oct 2018
core:
* Linux: fix agent not listening on http port when syslog logger is active
and Sys::Sylog module is too old
inventory:
* Bump Inventory task version to 1.5
* Fix physical memory error correction detection via WMI under win32
* Fix#299: Added UWP/APPX/Windows Store software inventory
* win32 antivirus detection enhanced support:
- add support for few antivirus base versions (defender, kaspersky,
EST, avira, MSE, McAfee, F-Secure)
- try to set license expiration date for F-Secure, kaspersky & avira
* Fix#442: kaspersky not fully recognized in russia
* Fix#501: wrong status was reported when windows defender was disabled
* Enhanced software inventory under Arch Linux
* Fix#453: under MacOS, skip XML DTD validation for software inventory as
parsing may fail if a proxy is enabled
* Fix#473: fix arch detection under MacOS
* Fix#475: fix video cards support under MacOS
* Fix#504: support non-standard ssh port to report local ssh server pubkey
* Updated pci.ids to 2018.10.02 version
* Updated usb.ids to 2018.08.15 version
deploy:
* Bump Deploy task version to 2.7
* Fix deployment of private packages: their downloaded parts were not
fully found when download were too long (closes: #542)
* Handle retention duration differently for p2p and not p2p files
* P2p files have a default retention of 3 days by default
* P2p files have a default retention of 3 times the target prolog delay
after download, parts retention is reset to the same delay for all file parts,
so the retention duration applies at the time parts has been downloaded
* P2p file parts are now cleaned up after job success if retention duration
is null
* Fix WinKeyNotEquals audit check to also be true when the registry key is
simply missing
* Add support to "startjob" key for failing deploy audit check to permit
to skip remaining checks when a failing condition makes them obsolete.
esx:
* Bump ESX task version to 2.4
* Support 2 ServiceTags case to cover chassis & lame board S/N inventory
* Updated AssetTag support
* fix wrong cpu core computation when only one package is available
netdiscovery/netinventory:
* Bump NetDiscovery task version to 2.7
* Bump NetInventory task version to 3.1
* Thanks to @QuickNerd357, Brocade devices will now show serial number and
firmware informations.
* Sanitize VLAN names. This fixes an issue with Cisco Small Business Switches.
* Get rid of unofficial Net::Ping::TimeStamp support to only use official
support if available. Net::Ping v2.67 is now mandatory to discover
devices thanks to timestamp ping.
* Fix#481: Add Synology NAS support
* Fix#480: Add CheckPoint support
* Fix#488: Update HP Printers support
* Updated LLDP/CDP connection match checks
* Updated sysobject.ids (tagged fia-2.4.2 tag on github repository)
collect:
* Bump Collect task version to 2.5
* Thanks to David Durieux, add support for dynamic pattern in registry key
collect under win32. The dynamic pattern is '**' to glob subkeys like in:
HKEY_USERS/**/Software/**/**/CurrentVersion
maintenance:
* Bump Maintenance task version to 1.1
* Disable Maintenance task if no maintenance module could be used
test suite:
* Make snmp walk tests faster
2.4.1 Fri, 29 Jun 2018
core:
* Update setup & FusionInventory::Agent::Version modules during make install
* Can set FusionInventory::Agent::Version module VERSION & COMMMENTS during
perl Makefile.PL configuration stage
* Normalized Target class APIs
* Register planned tasks at target level so target class can filter out
unsupported tasks
* Add Scheduler target support to be used at the same time than Server target
but more often to make maintenance other server target storage
* One scheduler target is created for each configured server target
* Scheduler target will trigger between one to 2 minutes
* Get rid of Time::Piece dependency
maintenance:
* New Maintenance v1.0 task
* Maintenance task handles quick server target storage cleanup to deploy
packages are really removed afetr their expiration time
* Task only supported by Scheduler target
inventory:
* Fix BSD Storages support
* Don't try to run dmidecode inventories if it returns no output
* Set Bios && Hardware from /sys/class/dmi on recent Linux when dmidecode is missing
* Add PowerSupplies support
* Add BSD batteries support
* Add UUID to LXD containers under Linux
* Fix#439: Wrong network interface speed under win32
* Fix#472: On MacOS, add monitors serial number when available
* Fix#479: No virtual machine memory under Proxmox
* Fix#485: Fix df output parsing under MacOS
* Fix#500: Add Acer monitor EDID id match
* Better SQL Server software inventory under win32
* Update Xen Server support
* Fix get-edid command output parsing, thanks to David Durieux
* Updated pci.ids to 2018.06.29 version
* Updated usb.ids to 2018.05.04 version
netdiscovery/netinventory:
* Bump NetDiscovery task version to 2.6
* Bump NetInventory task version to 3.0
* fusioninventory-netdiscovery & fusioninventory-netinventory scripts
now support '--port' and '--protocol' options for not standard snmp support.
* Fix RAM & CPU are missing from net inventory
* Fix MEMORY/RAM OID support
* Added support for HP Net Peripheral, involving better HP printers inventory
* Get Serial number & firmware version
* Fix total printed pages counter in many case
* Added total color pages counter support
* Don't assume colors table was read: fixes black toner detection on many HP printers
* Added Microtik devices support
* Enhanced Epson printers support, including model name, serial number and firmwares
* Updated LLDP support
* NetInventory task protocol upgrade to fix multithreading scheduling according to
upgrades done server-side.
* Fix discovery of devices with only ping responding and without found hostname. In
that case, we default the DNSHOSTNAME to the scanned ip.
* fix entity option in fusioninventory-netdiscovery script
* Get rid of nmap support for NetDiscovery task
* Add Zebra printer support
* Add QuesCom Appliance detection
* Add Linux Appliance template support
* Closes: #441,#519
* Update extmod function calls, thanks to Vadim Pisarev
* Add custom OID for Canon printer counters
* Updated sysobject.ids (tagged fia-2.4.1 tag on github repository)
deploy:
* Bump Deploy task version to 2.6
* Fix file retention support
* Add P2P peers caching to reduce peers discovery load in the meantime
* Reduced timeout for peer discovery and file parts downloading for P2P. This
efficiently limits the time passed to discover the local peers and disqualify
any busy or not responding peers in a more acceptable delay.
* For better P2P support, agent ajusts its 404 message to "Nothing found" when it
has nothing to share with other agents. So peers won't ask again and again for
any file part during 20 minutes by default.
2.4 Fri, 29 Dec 2017
core:
* Cleanup confdir use in task so using deprecated etc/softwares folder is no more
logged in journal
* Get rid of confdir setup in setup.pm
* Added "include" directive support while reading configuration file to make
configuration maintenance easy
* Update syslog name to fullname agent
* Get rid of List::Util & Proc::PID::File module dependencies
* Try to load more recent IDS database files if found in well-known places
* Fixed default daemon pid filename
* When --pidfile is used, don't permit to manually start daemon even in foreground
unless --pidfile parameter is different
* Makes --pidfile filename optional to compute a default one
* Check if we need to include libdir while daemonize
* Class refactoring: Get rid of discouraged 'use base' syntax in favor of lighter
'use parent' and as fields pragma is not used (see 'base' man)
* Logger refactoring: no more an Exporter based class to simplify its usage and
as Logger object should be commonly shared everywhere it is used.
* Fix command run to also time out while an alarm has been set
* Fix WMI calls to also time out under win32
* Few code refactoring
* remove devtom30 from maintainers
inventory:
* Bump Inventory task version to 1.4
* Fixed Provider program name in agent context
* Fixed HyperV VM issue while BIOSGUID is not defined
* Fix#349: Include last logged user as usual computer user on win32 platform
* Linux distro: Add support for reading os-release file and removing LSB support
* Fix Solaris drives df output parsing adding better zfs handling
* Make backend-collect-timeout working even while waiting on command output
* Support ASM filesystems on Oracle Grid
* Introduce getDeviceId() API on Inventory class so it returns task deviceid if set
or set a new deviceid (aka agentid or machineid) in case of remote inventory
* Fix#161: Support retrieving License software via WMI, including Office 2016
* Fix#364: [win32] Get antivirus version from software installation and get
Windows Defender version via WMI
* Added Windows 10 version support
* Updated pci.ids to 2017.12.20 version
* Updated usb.ids to 2017.12.28 version
netdiscovery/netinventory:
* Bump NetDiscovery & NetInventory task version to 2.5
* Added section support for MODEMS, SIMCARDS & FIRMWARES
* Added new detection algorithm based on exposed device supported MIB (sysORID list)
and/or sysObjectID
* Added support for HP iLO cards
* Added support for Digi devices with enhanced MODEMS, SIMCARDS & FIRMWARES support
* Updated sysobject.ids with a lot of new devices support
* Keep first MAC address found while discovering
* Try first to select MAC address from SNMP session during SNMP device scan
* Updated sysobject.ids (tagged fia-2.4 tag on github repository)
deploy:
* Bump Deploy task version to 2.5
* ddurieux fixed a regression introduced in 2.3.18 preventing to re-use known
good peer to download file parts.
esx:
* Bump ESX task version to 2.3
* Removed no more needed createFakeDeviceid() API
injector:
* Support --no-ssl-check option to avoid checking server SSL certificate
wmi-inventory:
* Added new task and script to permit agent-less inventory on win32 platform based
on remote WMI support.
The Amazon ECS Command Line Interface (CLI) is a command line tool for
Amazon Elastic Container Service (Amazon ECS) that provides high-level
commands to simplify creating, updating, and monitoring clusters and
tasks from a local development environment. The Amazon ECS CLI supports
Docker Compose, a popular open-source tool for defining and running
multi-container applications. Use the CLI as part of your everyday
development and testing cycle as an alternative to the AWS Management
Console or the AWS CLI.
While there is 1.9.0, it is only two days old and isn't in f-droid
yet. I am choosing to avoid new releases for a bit, on the theory
that it's better to let people other than pkgsrc users find any new
issues.
Tested with syncthing Android/f-droid 1.8.0.
Upstream changes:
bugfixes and minor enhanceements
adds the experimental copyRangeMethod config on folders, for use
on filesystems with copy-on-write support. Please see
https://docs.syncthing.net/advanced/folder-copyrangemethod.html
for details.
adds TCP hole punching, used to establish high performance TCP
connections in certain NAT scenarios where only relay or QUIC
connections could be used previously.
adds a configuration to file versioning for how often to run
cleanup. This defaults to once an hour, but is configurable from
very frequently to never.
0.28.4
Improved cache reaper performance significantly, thanks to J. Nick Koston.
Added ServiceListener to __all__ as it's part of the public API, thanks to Justin Nesselrotte.
0.28.3
Reduced a time an internal lock is held which should eliminate deadlocks in high-traffic networks, thanks to J. Nick Koston.
0.28.2
Stopped asking questions we already have answers for in cache, thanks to Paul Daumlechner.
Removed initial delay before querying for service info, thanks to Erik Montnemery.
Release v1.32.0
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
Remove stream from stalled lists on remove_stream.
Do not cancel RPC if send metadata size if larger than peer's limit.
Don't consider receiving non-OK status as an error for HTTP2.
Keepalive throttling.
Include the target_uri in "target uri is not valid" error messages.
Fix "cannot send compressed message large than 1024B" in cronet_transport.
Receive SETTINGS frame on clients before declaring subchannel READY.
Enabled GPR_ABSEIL_SYNC.
Experimental xDS v3 support.
C++
Upgrade bazel used for all tests to 2.2.0.
Remove test targets and test helper libraries from Makefile.
Fix repeated builds broken by re2's cmake.
Log the peer address of grpc_cli CallMethod RPCs to stderr.
Python
[gRPC Easy] GA: This release enables runtime import of .proto Files. (gRFC, PR) Together with support for simple stubs present since 1.29, this completes gRPC Easy. To start using these features, take a look at the example. If using simple stubs without runtime proto import, generated code must be regenerated with an up-to-date version of the grpcio-tools package.
[Aio] Graduation from experimental folder.
[Aio] Prevent call objects from outliving its parent channel or server.
[Aio] Add a fail-back polling mode for Windows+3.8+.
Raises an exception when port binding failed.
Implement compute_engine_channel_credentials in Python.
Fix bazel out directory when using external repo.
Version 3.70 (2019-10-15)
[NEW FEATURES]
* #361 Siemens Scalance switch support
* #365 Ciena Layer3 support
* #368 DOCSIS cable modem support
[ENHANCEMENTS]
* #350 ubiquiti version string cleanup (LBegnaud)
* #352 duplex support for ciscosb
* #353 report all vendor names in lowercase
* #353 sprinkle "use warnings" and "use strict" around
* #358 prefer checkpoint mib over net-snmp mib (earendilfr)
* #359 detect newer ios-xe using codenames (Christoph Neuhaus)
* #367 test using latest MIBs version dynamically
* #370 smarter Q-BRIDGE handling
* poe power usage & mac address for ciscosb
[BUG FIXES]
* #353 doc fixes: report all required mibs for each module as based on code
* #353 include fixes: don't include modules already imported from parent classes
* #355fix#252, don't think 6char devices names are mac addresses
* #363 clean return calls in code
* #364 strip newline from neoteris os_ver, fixes netdisco #647
Version 3.68 (2019-04-28)
[NEW FEATURES]
* initial support for redlion cellular routers (inphobia)
[ENHANCEMENTS]
* use pulsesecure mib in layer7::neoteris instead of juniper-ive
Version 3.67 (2019-04-20)
[NEW FEATURES]
* #323 initial Lenovo / cnos support (inphobia)
* #317#326 DOCSIS Head End support (Pyro3d)
[ENHANCEMENTS]
* add v3 Context update() tests for net-snmp 5.8+
* support INFO_TRACE and SNMP_TRACE environment variables for Debug
* #324 clean up exinda and add regression test
[BUG FIXES]
* #294 snmp::info should show full class used
* #297 perl 5.28 removal of "use vars"
* #306 fix incorrect interfaces for d-link
* #319 make fortinet return a useful interface name (inphobia)
* #320 improve duplicate interfaces() fixup
* #321 clean interface descriptions of null and trailing space
* #322#327 full fix for aerohive tests
* #325 lazy load legacy RFC1213-MIB only if needed
* #496 fix for aerohive wireless clients support (inphobia)
Version 3.66 (2019-03-24)
[NEW FEATURES]
* #316 add support for IS-IS routing protocol (pyro3d)
[ENHANCEMENTS]
* switch to Alien::SNMP for travis builds (ollyg)
[BUG FIXES]
* clarify MRO usage
Version 3.65 (2019-02-24)
[ENHANCEMENTS]
* #296 expand CiscoAgg to also include LACP (inphobia)
* #308 update VyOS enterprise OID
* #310 bring layer3::oneaccess up to date for oneos6. (inphobia)
* Add two more HP 2930F models (JeroenvIS)
[BUG FIXES]
* #295 make CiscoAgg return ifindex instead of bp_index (inphobia)
* more documentation fixes + whitespace cleanup in all files
0.60 Wed May 6 2020 "Dean Hamstead" <dean@fragfest.com.au>
- PR#25 GH#23 Fix get_attachments_metadata
- PR#24 GH#22 Fix get_attachments_metadata
0.59 Mon May 4 2020 "Dean Hamstead" <dean@fragfest.com.au>
- Worked around what appears to be a bug in PodChecker in perl 5.20
- Adjusted travis and dist.ini
- No functional changes
0.58 Thu Apr 30 2020 "Dean Hamstead" <dean@fragfest.com.au>
- RT118729 correct bug when "not set" is in textA
- PR#19 Report UA, URI, and better errors when you opt in. Thanks @melmothx
0.57 Tue Apr 28 2020 "Dean Hamstead" <dean@fragfest.com.au>
- PR#21 Add SLA and SLADisabled attributes which appeared in RT 4.4.3
1.91 Jun 24, 2020
- ls was not handling the queue size correctly in some
cases.
- Some file types were being incorrectly identified (bug
report and patch by balakine, #gh16).
- Some documentation typos corrected (reported by Felix
Ostmann, #gh15).
1.18 Fri 1 May 10:43:36 CEST 2020
- new: Dump: filterCodeOptimize setting to enable pcap filter optimizer
(requirement for long pcap filters, for instance). Off by default.
- update: copyright notice
syncthing builds with Go 1.15 but panics on startup, which is why my bulk
build has not found this. This will be fixed in the next upstream version.
Discussed with tnn@ and gdt@
* route: ensure IPv4LL routes come last in priority
* DHCP: fix many issues with extending the last lease
* privsep: don't read control group from config in privsep
* privsep: only the master process responds to signals
* privsep: use a socketpair for stderr/stdin rather than dupping /dev/null
* privsep: right limit stdin/stderr/stdout
* privsep: dumping a lease is now run in a sandbox
* options: check if kernel supports INET or INET6 before enabling default
* options: let clientid override a prior duid
* options: allow -1 to represent infinity for requested lease time
* dhcpcd: fix a crash initing a new interface after route overflow
* Linux: fix reading the IPv6 forwarding proc entry
This is slightly tricky because the license is BSDish with extra
terms, and I'd give even odds Debian is or isn't ok with it.
(I don't see any reason to set NO_*_ON_*.)
to match those of ucspi-tcp6 1.11.6, so:
- Fixed problem for sslserver binding to local IPv4 addresses. Improved
selection of IP addresses given the user flags -4/-6 and none.
- Improved sslclient's binding given several hostnames available in DNS.
- Fixed problem for tcpserver binding to local IPv4 addresses. Improved
selection of IP addresses given the user flags -4/-6 and none.
- Improved tcpclient's binding given several hostnames available in DNS.
- Again, changes for dns_ipq.c concerning return codes.
Should have only impact in case using DJB's qualification format.
- Documentation and man page fixes for DNS stub resolver.
- GCC 10 linker warning for external 'ipv4socket' solved.
This release is a patch specifically for the Ruby bindings, which adds two backported PRs:
Backport "Ruby: use absolute module name for request/response namespaces" to 1.31.x (#23830)
Backport "Copy channel args hash before appending ruby user agent" to 1.31.x (#23826)
As of 1.24, MATE requires GNU-specific msgfmt features. meta-pkgs/mate/
Makefile.common r. 1.10 expressed this tool dependency using
USE_BUILTIN.gettext=no, but this exposed pkgsrc gettext-libs in the
build environment as well, which some MATE packages then linked
against, but gettext-libs didn't end up being declared as a run-time
dependency, so binary package installations were broken (with the
workaround of manually installing the undeclared gettext-libs
dependency). Express this dependency differently, so GNU msgfmt is
used as a tool without exposing pkgsrc gettext-libs.
(The pkgsrc tooling infrastruture could be altered to provide a
distinct "gmsgfmt" tool, same with "gxgettext", and perhaps others.
Here I'm just immediately concerned with fixing this packaging issue.)
Addresses PR pkg/55503 by Jay Patel.
Update bind916 to 9.16.5 (BIND 9.16.5).
--- 9.16.5 released ---
5458. [bug] Prevent a theoretically possible NULL dereference caused
by a data race between zone_maintenance() and
dns_zone_setview_helper(). [GL #1627]
5455. [bug] named could crash when cleaning dead nodes in
lib/dns/rbtdb.c that were being reused. [GL #1968]
5454. [bug] Address a startup crash that occurred when the server
was under load and the root zone had not yet been
loaded. [GL #1862]
5453. [bug] named crashed on shutdown when a new rndc connection was
received during shutdown. [GL #1747]
5452. [bug] The "blackhole" ACL was accidentally disabled for client
queries. [GL #1936]
5451. [func] Add 'rndc dnssec -status' command. [GL #1612]
5449. [bug] Fix a socket shutdown race in netmgr udp. [GL #1938]
5448. [bug] Fix a race condition in isc__nm_tcpdns_send().
[GL #1937]
5447. [bug] IPv6 addresses ending in "::" could break YAML
parsing. A "0" is now appended to such addresses
in YAML output from dig, mdig, delv, and dnstap-read.
[GL #1952]
5446. [bug] The validator could fail to accept a properly signed
RRset if an unsupported algorithm appeared earlier in
the DNSKEY RRset than a supported algorithm. It could
also stop if it detected a malformed public key.
[GL #1689]
5444. [bug] 'rndc dnstap -roll <value>' did not limit the number of
saved files to <value>. [GL !3728]
5443. [bug] The "primary" and "secondary" keywords, when used
as parameters for "check-names", were not
processed correctly and were being ignored. [GL #1949]
5441. [bug] ${LMDB_CFLAGS} was missing from make/includes.in.
[GL #1955]
5440. [test] Properly handle missing kyua. [GL #1950]
5439. [bug] The DS RRset returned by dns_keynode_dsset() was used in
a non-thread-safe manner. [GL #1926]
NOTE: This is also an example how you replace a non-working version of a
module dependency with a working one, see the patch to go.mod.
v0.11.1
* Enable custom color themes with the GLAMOUR_STYLE environment variable #
1411
* Fix printing network error in case for failed HTTP requests #1382
* Fix creating gists from stdin with argument #1383
* Correctly report HTTP and Markdown errors in repo view #1403
* Automatically adapt Markdown rendering for light terminal backgrounds #1402
* Enable adding to GO_LDFLAGS without having to replace them all #1379
* gh pr command scriptability improvements #1373
* gh repo command scriptability improvements #1388
* Misc. scriptability improvements #1387
v0.11.0
* Add support for ?shell? aliases #1191
* Add --milestone and --mention filters to gh issue list #644
* Add --web flag to gh issue/pr list #1282
* Add gh api --silent flag to avoid printing HTTP response #1283
* Print issue/PR title in confirmation messages from gh issue close/reopen
and gh pr close/reopen #1337
* Scriptability improvements for gh issue list/view/create commands #1343
* gh pr checkout now prevents flag injection to git checkout via maliciously
crafted head branch name #1365
* gh pr checkout OWNER:BRANCH now avoids clashes with the default branch of a
repository #1365
* gh pr merge now gracefully handles when the merged branch is auto-deleted
on the server per repository settings #1279
* Avoid crash in gh issue close/reopen when issue number is invalid #1328
* Support hosts.yml existing while config.yml does not #1304
* Raise more informative filesystem path error after failing to read or
create the config file #1295
* Avoid warning about missing read:org OAuth scope if the authenticating
token has admin:org #1359
* Improve support for legacy issue and pull request template names #1366
* Document supported environment variables #1370
* Remove the -R, --repo flag mention from commands where it's not applicable
#1253
* Add VS Code example to gh config set documentation #1301
Update bind911 to 9.11.22 (BIND 9.11.22).
--- 9.11.22 released ---
5481. [security] "update-policy" rules of type "subdomain" were
incorrectly treated as "zonesub" rules, which allowed
keys used in "subdomain" rules to update names outside
of the specified subdomains. The problem was fixed by
making sure "subdomain" rules are again processed as
described in the ARM. (CVE-2020-8624) [GL #2055]
5480. [security] When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code
determining the number of bits in the PKCS#11 RSA public
key with a specially crafted packet. (CVE-2020-8623)
[GL #2037]
5476. [security] It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request.
(CVE-2020-8622) [GL #2028]
5475. [bug] Wildcard RPZ passthru rules could incorrectly be
overridden by other rules that were loaded from RPZ
zones which appeared later in the "response-policy"
statement. This has been fixed. [GL #1619]
5474. [bug] dns_rdata_hip_next() failed to return ISC_R_NOMORE
when it should have. [GL !3880]
5465. [func] Added fallback to built-in trust-anchors, managed-keys,
or trusted-keys if the bindkeys-file (bind.keys) cannot
be parsed. [GL #1235]
5463. [bug] Address a potential NULL pointer dereference when out of
memory in dnstap.c. [GL #2010]
5462. [bug] Move LMDB locking from LMDB itself to named. [GL #1976]
2.2.3:
Bugfixes
* Fix concurrent access to cache file when using tldextract in multiple threads
* Relocate version number, to avoid costly imports
* Catch `IndexError` caused by upstream punycode bug
* Drop support for EOL Python 3.4
* Explain warning better
1.18.123
api-change:storagegateway: Update storagegateway command to latest version
api-change:organizations: Update organizations command to latest version
api-change:ivs: Update ivs command to latest version
api-change:lakeformation: Update lakeformation command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version
1.18.122
api-change:codebuild: Update codebuild command to latest version
api-change:datasync: Update datasync command to latest version
api-change:securityhub: Update securityhub command to latest version
api-change:cognito-idp: Update cognito-idp command to latest version
api-change:identitystore: Update identitystore command to latest version
api-change:sesv2: Update sesv2 command to latest version
1.18.121
api-change:robomaker: Update robomaker command to latest version
api-change:elbv2: Update elbv2 command to latest version
api-change:acm-pca: Update acm-pca command to latest version
api-change:ecr: Update ecr command to latest version
api-change:acm: Update acm command to latest version
api-change:kinesis: Update kinesis command to latest version
api-change:elb: Update elb command to latest version
api-change:quicksight: Update quicksight command to latest version
1.18.120
api-change:license-manager: Update license-manager command to latest version
api-change:appstream: Update appstream command to latest version
api-change:sagemaker: Update sagemaker command to latest version
api-change:braket: Update braket command to latest version
api-change:ec2: Update ec2 command to latest version
1.18.119
api-change:rds: Update rds command to latest version
api-change:macie2: Update macie2 command to latest version
api-change:cognito-idp: Update cognito-idp command to latest version
api-change:appsync: Update appsync command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:braket: Update braket command to latest version
api-change:eks: Update eks command to latest version
1.18.118
api-change:transfer: Update transfer command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:fsx: Update fsx command to latest version
api-change:cloud9: Update cloud9 command to latest version
api-change:workspaces: Update workspaces command to latest version
api-change:iot: Update iot command to latest version
api-change:comprehend: Update comprehend command to latest version
api-change:lambda: Update lambda command to latest version
1.18.117
api-change:organizations: Update organizations command to latest version
api-change:lambda: Update lambda command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:s3: Update s3 command to latest version
enhancement:codeartifact login: Add support for --namespace parameter
1.18.116
api-change:savingsplans: Update savingsplans command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:glue: Update glue command to latest version
1.18.115
api-change:organizations: Update organizations command to latest version
api-change:sms: Update sms command to latest version
api-change:s3: Update s3 command to latest version
api-change:glue: Update glue command to latest version
1.18.114
api-change:ec2: Update ec2 command to latest version
api-change:personalize-runtime: Update personalize-runtime command to latest version
api-change:lex-models: Update lex-models command to latest version
api-change:lex-runtime: Update lex-runtime command to latest version
api-change:personalize: Update personalize command to latest version
api-change:personalize-events: Update personalize-events command to latest version
1.18.113
api-change:appsync: Update appsync command to latest version
api-change:resourcegroupstaggingapi: Update resourcegroupstaggingapi command to latest version
api-change:transcribe: Update transcribe command to latest version
api-change:sns: Update sns command to latest version
api-change:fsx: Update fsx command to latest version
1.18.112
api-change:health: Update health command to latest version
1.18.111
api-change:ssm: Update ssm command to latest version
1.18.110
api-change:chime: Update chime command to latest version
api-change:personalize-runtime: Update personalize-runtime command to latest version
api-change:wafv2: Update wafv2 command to latest version
api-change:storagegateway: Update storagegateway command to latest version
api-change:resourcegroupstaggingapi: Update resourcegroupstaggingapi command to latest version
1.18.109
api-change:servicecatalog: Update servicecatalog command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:guardduty: Update guardduty command to latest version
api-change:organizations: Update organizations command to latest version
api-change:resource-groups: Update resource-groups command to latest version
api-change:cloudfront: Update cloudfront command to latest version
api-change:sesv2: Update sesv2 command to latest version
api-change:kafka: Update kafka command to latest version
api-change:codebuild: Update codebuild command to latest version
1.18.108
api-change:ecr: Update ecr command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:firehose: Update firehose command to latest version
api-change:guardduty: Update guardduty command to latest version
api-change:resource-groups: Update resource-groups command to latest version
api-change:servicediscovery: Update servicediscovery command to latest version
1.18.107
api-change:imagebuilder: Update imagebuilder command to latest version
api-change:autoscaling: Update autoscaling command to latest version
api-change:medialive: Update medialive command to latest version
api-change:securityhub: Update securityhub command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:ivs: Update ivs command to latest version
api-change:rds: Update rds command to latest version
1.18.106
api-change:datasync: Update datasync command to latest version
api-change:dms: Update dms command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:frauddetector: Update frauddetector command to latest version
api-change:glue: Update glue command to latest version
api-change:ssm: Update ssm command to latest version
1.18.105
api-change:sagemaker: Update sagemaker command to latest version
api-change:mq: Update mq command to latest version
api-change:fsx: Update fsx command to latest version
api-change:frauddetector: Update frauddetector command to latest version
api-change:mediaconnect: Update mediaconnect command to latest version
api-change:macie2: Update macie2 command to latest version
api-change:kendra: Update kendra command to latest version
api-change:mediapackage: Update mediapackage command to latest version
api-change:cloudwatch: Update cloudwatch command to latest version
1.18.104
api-change:config: Update config command to latest version
api-change:fsx: Update fsx command to latest version
api-change:glue: Update glue command to latest version
api-change:workspaces: Update workspaces command to latest version
api-change:lightsail: Update lightsail command to latest version
api-change:directconnect: Update directconnect command to latest version
1.18.103
api-change:medialive: Update medialive command to latest version
api-change:quicksight: Update quicksight command to latest version
1.18.102
api-change:codeguruprofiler: Update codeguruprofiler command to latest version
1.18.101
api-change:rds: Update rds command to latest version
api-change:fms: Update fms command to latest version
api-change:codebuild: Update codebuild command to latest version
api-change:groundstation: Update groundstation command to latest version
api-change:frauddetector: Update frauddetector command to latest version
api-change:cloudfront: Update cloudfront command to latest version
api-change:ec2: Update ec2 command to latest version
1.18.100
api-change:elasticbeanstalk: Update elasticbeanstalk command to latest version
api-change:macie2: Update macie2 command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:connect: Update connect command to latest version
api-change:application-autoscaling: Update application-autoscaling command to latest version
api-change:appsync: Update appsync command to latest version
1.18.99
bugfix:codeartifact login: Fix issue with displaying expiration times
1.18.98
enhancement:codeartifact login: Add expiration duration support
enhancement:docs: Improve AWS CLI docs to include documentation strings for parameters in nested input structures
api-change:ivs: Update ivs command to latest version
1.14.46
api-change:lakeformation: [botocore] Update lakeformation client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
api-change:ivs: [botocore] Update ivs client to latest version
api-change:organizations: [botocore] Update organizations client to latest version
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
1.14.45
api-change:identitystore: [botocore] Update identitystore client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:cognito-idp: [botocore] Update cognito-idp client to latest version
api-change:datasync: [botocore] Update datasync client to latest version
api-change:sesv2: [botocore] Update sesv2 client to latest version
api-change:securityhub: [botocore] Update securityhub client to latest version
1.14.44
api-change:elbv2: [botocore] Update elbv2 client to latest version
api-change:quicksight: [botocore] Update quicksight client to latest version
api-change:kinesis: [botocore] Update kinesis client to latest version
api-change:ecr: [botocore] Update ecr client to latest version
api-change:acm: [botocore] Update acm client to latest version
api-change:robomaker: [botocore] Update robomaker client to latest version
api-change:elb: [botocore] Update elb client to latest version
api-change:acm-pca: [botocore] Update acm-pca client to latest version
1.14.43
api-change:braket: [botocore] Update braket client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:license-manager: [botocore] Update license-manager client to latest version
api-change:sagemaker: [botocore] Update sagemaker client to latest version
api-change:appstream: [botocore] Update appstream client to latest version
1.14.42
api-change:rds: [botocore] Update rds client to latest version
api-change:eks: [botocore] Update eks client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:macie2: [botocore] Update macie2 client to latest version
api-change:cognito-idp: [botocore] Update cognito-idp client to latest version
api-change:appsync: [botocore] Update appsync client to latest version
api-change:braket: [botocore] Update braket client to latest version
1.14.41
api-change:transfer: [botocore] Update transfer client to latest version
api-change:comprehend: [botocore] Update comprehend client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:fsx: [botocore] Update fsx client to latest version
api-change:workspaces: [botocore] Update workspaces client to latest version
api-change:lambda: [botocore] Update lambda client to latest version
api-change:iot: [botocore] Update iot client to latest version
api-change:cloud9: [botocore] Update cloud9 client to latest version
1.14.40
api-change:organizations: [botocore] Update organizations client to latest version
api-change:s3: [botocore] Update s3 client to latest version
api-change:lambda: [botocore] Update lambda client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.14.39
api-change:savingsplans: [botocore] Update savingsplans client to latest version
api-change:glue: [botocore] Update glue client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.14.38
api-change:sms: [botocore] Update sms client to latest version
api-change:organizations: [botocore] Update organizations client to latest version
api-change:glue: [botocore] Update glue client to latest version
api-change:s3: [botocore] Update s3 client to latest version
1.14.37
api-change:lex-runtime: [botocore] Update lex-runtime client to latest version
api-change:personalize: [botocore] Update personalize client to latest version
api-change:personalize-runtime: [botocore] Update personalize-runtime client to latest version
api-change:lex-models: [botocore] Update lex-models client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:personalize-events: [botocore] Update personalize-events client to latest version
1.14.36
api-change:fsx: [botocore] Update fsx client to latest version
api-change:appsync: [botocore] Update appsync client to latest version
api-change:sns: [botocore] Update sns client to latest version
api-change:resourcegroupstaggingapi: [botocore] Update resourcegroupstaggingapi client to latest version
api-change:transcribe: [botocore] Update transcribe client to latest version
1.14.35
api-change:health: [botocore] Update health client to latest version
1.14.34
api-change:ssm: [botocore] Update ssm client to latest version
1.14.33
api-change:resourcegroupstaggingapi: [botocore] Update resourcegroupstaggingapi client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
api-change:wafv2: [botocore] Update wafv2 client to latest version
api-change:chime: [botocore] Update chime client to latest version
api-change:personalize-runtime: [botocore] Update personalize-runtime client to latest version
1.14.32
api-change:organizations: [botocore] Update organizations client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:kafka: [botocore] Update kafka client to latest version
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
api-change:cloudfront: [botocore] Update cloudfront client to latest version
api-change:resource-groups: [botocore] Update resource-groups client to latest version
api-change:guardduty: [botocore] Update guardduty client to latest version
api-change:sesv2: [botocore] Update sesv2 client to latest version
1.14.31
api-change:resource-groups: [botocore] Update resource-groups client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:firehose: [botocore] Update firehose client to latest version
api-change:servicediscovery: [botocore] Update servicediscovery client to latest version
api-change:ecr: [botocore] Update ecr client to latest version
api-change:guardduty: [botocore] Update guardduty client to latest version
1.14.30
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:autoscaling: [botocore] Update autoscaling client to latest version
api-change:securityhub: [botocore] Update securityhub client to latest version
api-change:ivs: [botocore] Update ivs client to latest version
api-change:medialive: [botocore] Update medialive client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:imagebuilder: [botocore] Update imagebuilder client to latest version
1.14.29
api-change:glue: [botocore] Update glue client to latest version
api-change:datasync: [botocore] Update datasync client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:frauddetector: [botocore] Update frauddetector client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
api-change:dms: [botocore] Update dms client to latest version
1.14.28
api-change:mediaconnect: [botocore] Update mediaconnect client to latest version
api-change:sagemaker: [botocore] Update sagemaker client to latest version
api-change:kendra: [botocore] Update kendra client to latest version
api-change:fsx: [botocore] Update fsx client to latest version
api-change:frauddetector: [botocore] Update frauddetector client to latest version
api-change:mediapackage: [botocore] Update mediapackage client to latest version
api-change:macie2: [botocore] Update macie2 client to latest version
api-change:cloudwatch: [botocore] Update cloudwatch client to latest version
api-change:mq: [botocore] Update mq client to latest version
1.14.27
api-change:directconnect: [botocore] Update directconnect client to latest version
api-change:config: [botocore] Update config client to latest version
api-change:fsx: [botocore] Update fsx client to latest version
api-change:glue: [botocore] Update glue client to latest version
api-change:workspaces: [botocore] Update workspaces client to latest version
api-change:lightsail: [botocore] Update lightsail client to latest version
1.14.26
api-change:quicksight: [botocore] Update quicksight client to latest version
api-change:medialive: [botocore] Update medialive client to latest version
1.14.25
api-change:codeguruprofiler: [botocore] Update codeguruprofiler client to latest version
1.14.24
api-change:frauddetector: [botocore] Update frauddetector client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:groundstation: [botocore] Update groundstation client to latest version
api-change:fms: [botocore] Update fms client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:cloudfront: [botocore] Update cloudfront client to latest version
1.14.23
api-change:connect: [botocore] Update connect client to latest version
api-change:elasticbeanstalk: [botocore] Update elasticbeanstalk client to latest version
api-change:appsync: [botocore] Update appsync client to latest version
api-change:macie2: [botocore] Update macie2 client to latest version
api-change:application-autoscaling: [botocore] Update application-autoscaling client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.14.22
enhancement:examples: [botocore] Pull in latest examples from EFS.
1.14.21
api-change:ivs: [botocore] Update ivs client to latest version
1.17.46
api-change:lakeformation: Update lakeformation client to latest version
api-change:storagegateway: Update storagegateway client to latest version
api-change:ivs: Update ivs client to latest version
api-change:organizations: Update organizations client to latest version
api-change:servicecatalog: Update servicecatalog client to latest version
1.17.45
api-change:identitystore: Update identitystore client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:cognito-idp: Update cognito-idp client to latest version
api-change:datasync: Update datasync client to latest version
api-change:sesv2: Update sesv2 client to latest version
api-change:securityhub: Update securityhub client to latest version
1.17.44
api-change:elbv2: Update elbv2 client to latest version
api-change:quicksight: Update quicksight client to latest version
api-change:kinesis: Update kinesis client to latest version
api-change:ecr: Update ecr client to latest version
api-change:acm: Update acm client to latest version
api-change:robomaker: Update robomaker client to latest version
api-change:elb: Update elb client to latest version
api-change:acm-pca: Update acm-pca client to latest version
1.17.43
api-change:braket: Update braket client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:license-manager: Update license-manager client to latest version
api-change:sagemaker: Update sagemaker client to latest version
api-change:appstream: Update appstream client to latest version
1.17.42
api-change:rds: Update rds client to latest version
api-change:eks: Update eks client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:macie2: Update macie2 client to latest version
api-change:cognito-idp: Update cognito-idp client to latest version
api-change:appsync: Update appsync client to latest version
api-change:braket: Update braket client to latest version
1.17.41
api-change:transfer: Update transfer client to latest version
api-change:comprehend: Update comprehend client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:fsx: Update fsx client to latest version
api-change:workspaces: Update workspaces client to latest version
api-change:lambda: Update lambda client to latest version
api-change:iot: Update iot client to latest version
api-change:cloud9: Update cloud9 client to latest version
1.17.40
api-change:organizations: Update organizations client to latest version
api-change:s3: Update s3 client to latest version
api-change:lambda: Update lambda client to latest version
api-change:ec2: Update ec2 client to latest version
1.17.39
api-change:savingsplans: Update savingsplans client to latest version
api-change:glue: Update glue client to latest version
api-change:ec2: Update ec2 client to latest version
1.17.38
api-change:sms: Update sms client to latest version
api-change:organizations: Update organizations client to latest version
api-change:glue: Update glue client to latest version
api-change:s3: Update s3 client to latest version
1.17.37
api-change:lex-runtime: Update lex-runtime client to latest version
api-change:personalize: Update personalize client to latest version
api-change:personalize-runtime: Update personalize-runtime client to latest version
api-change:lex-models: Update lex-models client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:personalize-events: Update personalize-events client to latest version
1.17.36
api-change:fsx: Update fsx client to latest version
api-change:appsync: Update appsync client to latest version
api-change:sns: Update sns client to latest version
api-change:resourcegroupstaggingapi: Update resourcegroupstaggingapi client to latest version
api-change:transcribe: Update transcribe client to latest version
1.17.35
api-change:health: Update health client to latest version
1.17.34
api-change:ssm: Update ssm client to latest version
1.17.33
api-change:resourcegroupstaggingapi: Update resourcegroupstaggingapi client to latest version
api-change:storagegateway: Update storagegateway client to latest version
api-change:wafv2: Update wafv2 client to latest version
api-change:chime: Update chime client to latest version
api-change:personalize-runtime: Update personalize-runtime client to latest version
1.17.32
api-change:organizations: Update organizations client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:kafka: Update kafka client to latest version
api-change:servicecatalog: Update servicecatalog client to latest version
api-change:cloudfront: Update cloudfront client to latest version
api-change:resource-groups: Update resource-groups client to latest version
api-change:guardduty: Update guardduty client to latest version
api-change:sesv2: Update sesv2 client to latest version
1.17.31
api-change:resource-groups: Update resource-groups client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:firehose: Update firehose client to latest version
api-change:servicediscovery: Update servicediscovery client to latest version
api-change:ecr: Update ecr client to latest version
api-change:guardduty: Update guardduty client to latest version
1.17.30
api-change:ec2: Update ec2 client to latest version
api-change:autoscaling: Update autoscaling client to latest version
api-change:securityhub: Update securityhub client to latest version
api-change:ivs: Update ivs client to latest version
api-change:medialive: Update medialive client to latest version
api-change:rds: Update rds client to latest version
api-change:imagebuilder: Update imagebuilder client to latest version
1.17.29
api-change:glue: Update glue client to latest version
api-change:datasync: Update datasync client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:frauddetector: Update frauddetector client to latest version
api-change:ssm: Update ssm client to latest version
api-change:dms: Update dms client to latest version
1.17.28
api-change:mediaconnect: Update mediaconnect client to latest version
api-change:sagemaker: Update sagemaker client to latest version
api-change:kendra: Update kendra client to latest version
api-change:fsx: Update fsx client to latest version
api-change:frauddetector: Update frauddetector client to latest version
api-change:mediapackage: Update mediapackage client to latest version
api-change:macie2: Update macie2 client to latest version
api-change:cloudwatch: Update cloudwatch client to latest version
api-change:mq: Update mq client to latest version
1.17.27
api-change:directconnect: Update directconnect client to latest version
api-change:config: Update config client to latest version
api-change:fsx: Update fsx client to latest version
api-change:glue: Update glue client to latest version
api-change:workspaces: Update workspaces client to latest version
api-change:lightsail: Update lightsail client to latest version
1.17.26
api-change:quicksight: Update quicksight client to latest version
api-change:medialive: Update medialive client to latest version
1.17.25
api-change:codeguruprofiler: Update codeguruprofiler client to latest version
1.17.24
api-change:frauddetector: Update frauddetector client to latest version
api-change:rds: Update rds client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:groundstation: Update groundstation client to latest version
api-change:fms: Update fms client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:cloudfront: Update cloudfront client to latest version
1.17.23
api-change:connect: Update connect client to latest version
api-change:elasticbeanstalk: Update elasticbeanstalk client to latest version
api-change:appsync: Update appsync client to latest version
api-change:macie2: Update macie2 client to latest version
api-change:application-autoscaling: Update application-autoscaling client to latest version
api-change:ec2: Update ec2 client to latest version
1.17.22
enhancement:examples: Pull in latest examples from EFS.
1.17.21
api-change:ivs: Update ivs client to latest version
Tested on NetBSD-8/amd64 with local APs.
Upstream NEWS:
[bugfixes]
Improvements
Move Analytics & Improvements toggle to UniFi OS settings (applicable only for UniFi OS systems).
Disable DnsFilterAlert and IpReputationBlock events by default.
Add support for UXG-Pro.
Add Switch Port anomalies.
Add ability to report incorrect WiFi score.
Set default DTIM interval to 3.
Auto-backup should be enabled by default.
Disable Element Adopt on Connectivity Disable.
Improve logging for Hotspot RADIUS.
Improve power cycle behavior for USP Plug.
Improve logging errors.
Update translations.
Update LCM idle timeout.
Known issues
Error with FileNotFoundException message in logs is a false positive - will be fixed in future release.
Changes since 4.12.5
* BUG 14403: s3: libsmb: Fix SMB2 client rename bug to a Windows server.
* BUG 14424: dsdb: Allow "password hash userPassword schemes = CryptSHA256"
to work on RHEL7.
* BUG 14450: dbcheck: Allow a dangling forward link outside our known NCs.
* BUG 14426: lib/debug: Set the correct default backend loglevel to
MAX_DEBUG_LEVEL.
* BUG 14428: PANIC: Assert failed in get_lease_type().
* BUG 14422: util: Fix build on AIX by fixing the order of replace.h include.
* BUG 14355: srvsvc_NetFileEnum asserts with open files.
* BUG 14354: KDC breaks with DES keys still in the database and
msDS-SupportedEncryptionTypes 31 indicating support for it.
* BUG 14427: s3:smbd: Make sure vfs_ChDir() always sets
conn->cwd_fsp->fh->fd = AT_FDCWD.
* BUG 14428: PANIC: Assert failed in get_lease_type().
* BUG 14358: docs: Fix documentation for require_membership_of of
pam_winbind.conf.
* BUG 14444: ctdb-scripts: Use nfsconf utility for variable values in CTDB
NFS scripts.
* BUG 14425: s3:winbind:idmap_ad: Make failure to get attrnames for schema
mode fatal.
iperf 3.9
* Notable user-visible changes
* A --timestamps flag has been added, which prepends a timestamp to
each output line. An optional argument to this flag, which is a
format specification to strftime(3), allows for custom timestamp
formats.
* A --server-bitrate-limit flag has been added as a server-side
command-line argument. It allows a server to enforce a maximum
throughput rate; client connections that specify a higher bitrate
or exceed this bitrate during a test will be terminated. The
bitrate is expressed in bits per second, with an optional trailing
slash and integer count that specifies an averaging interval over
which to enforce the limit.
* A bug that caused increased CPU usage with the --bidir option has
been fixed.
* Notable developer-visible changes
* Fixed various minor memory leaks.
Changes:
0.9.4
-----
- Fix for showing the entry on the files page of submodules for bare
repositories, thanks kst!
- There is now a separate Atom feed for tags called "tags.xml". This should make
it easier to track only software releases if using an RSS/Atom reader.
- The ordering of tags are now by commit date (descending). So it will now sort
by most recent first. The previous behaviour was to sort alphabetically by tag
name, but many projects use numeric versions which don't sort in a useful/clear
order.
- For OpenBSD: remove unveil(2) for stagit-index, because unveil(2) has an
argument limit. Now more than ~128 repositories for the index are supported.
Per repository stagit will still use unveil(2).
Version 4.9.2
* mkdir: fixed exit code with -f option.
* ftp: made ftp:use-pret setting tri-boolean.
* get/mget/put/mput: don't try next files after error if cmd:fail-exit is true.
* get/mget: fixed -O option with remote URL and xfer:use-temp-file being true.
* mirror: disallow empty patterns; don't delete "..".
* mirror: fixed --on-change with --reverse.
* sftp: fixed a bug with truncated files when packets are reordered (finally).
Wireshark 3.2.6 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2020-10[1] Kafka dissector crash. Bug 16672[2].
CVE-2020-17498[3].
The following bugs have been fixed:
• Kafka dissector fails parsing FETCH responses. Bug 16623[4].
• Dissector for ASTERIX Category 001 / 210 does not recognize bit 1
as extension. Bug 16662[5].
• "invalid timestamp" for Systemd Journal Export Block. Bug
16664[6].
• Decoding Extended Emergency number list IE length. Bug 16668[7].
• Some macOS Bluetooth PacketLogger capture files aren’t recognized
as PacketLogger files (regression, bisected). Bug 16670[8].
• Short IMSIs (5 digits) lead to wrong decoding+warning. Bug
16676[9].
• Decoding of PFCP IE 'PFD Contents' results in "malformed packet".
Bug 16704[10].
• RFH2 Header with 32 or less bytes of NameValue will not parse out
that info. Bug 16733[11].
• CDP: Port ID TLV followed by Type 1009 TLV triggers [Malformed
Packet]. Bug 16742[12].
• tshark crashed when processing opcda. Bug 16746[13].
• tshark with --export-dicom gives “Segmentation fault (core
dumped)”. Bug 16748[14].
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ASTERIX, BSSAP, CDP, CoAP, DCERPC SPOOLSS, DCOM, DICOM, DVB-S2,
E.212, GBCS, GSM RR, GSM SMS, IEEE 802.11, Kafka, MQ, Nano, NAS 5GS,
NIS+, NR RRC, PacketLogger, PFCP, RTPS, systemd Journal, TDS, TN3270,
and TN5250
New and Updated Capture File Support
PacketLogger and pcapng
Changelog:
7 July 2020: Wouter
- Tag for 4.3.2rc1.
6 July 2020: Wouter
- Fix compile includes for xfr-inspect tool on FreeBSD.
- Add tpkg/run_vm.sh that runs test when in a virtual machine.
- Merge #112 from jaredmauch: log old and new serials when NSD
rejects an IXFR due to an old serial number.
- Fix bug034 test for vm test changes.
22 June 2020: Wouter
- Remove errno reset behaviour from sendmmsg and recvmmsg
replacement functions.
- Fix unit test for different nsd-control-setup -h exit code.
19 June 2020: Wouter
- Merge #108 from Nomis: Make the max-retry-time description clearer.
- Retry when udp send buffer is full to wait until buffer space is
available.
18 June 2020: Wouter
- Do not log EAGAIN errors for sendmmsg, to stop log spam on OpenBSD.
17 June 2020: Wouter
- Fix#107: nsd -v shows configure line, openssl version and libevent version.
27 May 2020: Wouter
- Fix unlink of pidfile warning if not possible due to permissions,
nsd can display the message at high verbosity levels.
- Update contrib/nsd.service for chown of nsd.log and /var/log in
ReadWritePaths.
- Removed contrib/nsd.service, example is too complicated and not
useful.
15 May 2020: Wouter
- Merge PR#102 from and0x000: add missing default in documentation
for drop-updates.
- Fix checkconf test for log-only-syslog option.
14 May 2020: Wouter
- Document default value for tcp-timeout.
13 May 2020: Jeroen
- Fix#99: Fix copying of socket properties with reuseport enabled.
24 April 2020: Wouter
- Fix#97: EDNS unknown version: query not in response.
21 April 2020: Wouter
- Fix#96: log-only-syslog: yes sets to only use syslog, fixes
that the default configuration and systemd results in duplicate
log messages.
20 April 2020: Wouter
- Fix#95: Removed make test check because tpkg not included in
release tarballs.
- Fix unused parameter compile warnings.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.6
- When Bftpd is run with the -n flag (no configuration file)
default ratio settings prevented files from downloading.
Samuel Hsu has patched Bftpd to assume no ratio ("") is
treated the same as "none" or no restrictions.
- Fixed potential overflow in buffer for directory listing.
- Used calloc() and single strlen() call to avoid having
a string without a NULL terminator mystring library.
Add bind916 version 9.16.5 package (BIND 9.16.5).
BIND, the Berkeley Internet Name Daemon. This package contains the BIND
9.16 release.
* New dnssec-policy statement to configure a key and signing policy for
zones, enabling automatic key regeneration and rollover.
* New network manager based on libuv.
* Added support for the new GeoIP2 geolocation API, libmaxminddb.
* Improved DNSSEC trust anchor configuration using the trust-anchors
statement, permitting configuration of trust anchors in DS as well as
DNSKEY format.
* YAML output for dig, mdig, and delv.
This hotfix release fixes an issue with block validation.
Bugfixes:
#6827: syncthing 1.6.1 -> 1.7.0 fails on "failed validating data"
v1.7.0
This release performs a database migration to optimize for clusters with
many devices.
Bugfixes:
#6552: panic: Stop called more than once on ... created by nat.Service
#6564: Closing an already removed connection causes GUI error message
#6646: Misleading error message when to be deleted dir contains receive-only changes
#6653: panic: nil pointer dereference in leveldb.(*DB).isClosed()
#6654: panic: runtime error: index out of range in processNeeded()
#6655: panic: nil pointer dereference in checkUpgrade()
#6679: QUIC listener is not added when default TCP port is unavailable
#6697: Malformed listen address causes hang on startup
#6706: Changing a folder in web UI removes introduced-by info
Enhancements:
#1830: "Folder path missing" when folder path is a junction
#4703: Suggest setting up auth on initial startup
#5910: Add Badger database backend for testing and consideration
#6372: Reduce database size by optimizing version list storage
Other issues:
#6608: Data race in Windows fs watcher tests
#6625: TestRequestRemoteRenameChanged is racy/flaky
Changes:
1.52.3
------
* Bug Fixes
* docs
* Disable smart typography (eg en-dash) in MANUAL.* and man page
(Nick Craig-Wood)
* Update install.md to reflect minimum Go version (Evan Harris)
* Update install from source instructions (Nick Craig-Wood)
* make_manual: Support SOURCE_DATE_EPOCH (Morten Linderud)
* log: Fix --use-json-log going to stderr not --log-file on Windows
(Nick Craig-Wood)
* serve dlna: Fix file list on Samsung Series 6+ TVs (Matteo Pietro Dazzi)
* sync: Fix deadlock with --track-renames-strategy modtime (Nick Craig-Wood)
* Cache
* Fix moveto/copyto remote:file remote:file2 (Nick Craig-Wood)
* Drive
* Stop using root_folder_id as a cache (Nick Craig-Wood)
* Make dangling shortcuts appear in listings (Nick Craig-Wood)
* Drop "Disabling ListR" messages down to debug (Nick Craig-Wood)
* Workaround and policy for Google Drive API (Dmitry Ustalov)
* FTP
* Add note to docs about home vs root directory selection (Nick Craig-Wood)
* Onedrive
* Fix reverting to Copy when Move would have worked (Nick Craig-Wood)
* Avoid comma rendered in URL in onedrive.md (Kevin)
* Pcloud
* Fix oauth on European region "eapi.pcloud.com" (Nick Craig-Wood)
* S3
* Fix bucket Region auto detection when Region unset in config (Nick Craig-Wood)
1.2.8 released
* validate UTF-8 encoding of client version strings from peers
* don't time out tracker announces as eagerly while resolving hostnames
* fix NAT-PMP shutdown issue
* improve hostname lookup by merging identical lookups
* fix network route enumeration for large routing tables
* fixed issue where pop_alerts() could return old, invalid alerts
* fix issue when receiving have-all message before the metadata
* don't leave lingering part files handles open
* disallow calling add_piece() during checking
* fix incorrect filename truncation at multi-byte character
* always announce listen port 1 when using a proxy
NEWS for rsync 3.2.3
Changes in this version:
BUG FIXES:
Fixed a bug in the xattr code that was freeing the wrong object when trying to cleanup the xattr list.
Fixed a bug in the xattr code that was not leaving room for the "rsync." prefix in some instances where it needed to be added.
Restored the ability to use ‑‑bwlimit=0 to specify no bandwidth limit. (It was accidentally broken in 3.2.2.)
Fix a bug when combining ‑‑delete-missing-args with ‑‑no-implied-dirs & ‑R where rsync might create the destination path of a missing arg. The code also avoids some superfluous warnings for nested paths of removed args.
Fixed an issue where hard-linked devices could cause the rdev_major value to get out of sync between the sender and the receiver, which could cause a device to get created with the wrong major value in its major,minor pair.
Rsync now complains about a missing ‑‑temp-dir before starting any file transfers.
A completely empty source arg is now a fatal error. This doesn't change the handling of implied dot-dir args such as "localhost:" and such.
ENHANCEMENTS:
Allow ‑‑max-alloc=0 to specify no limit to the alloc sanity check.
Allow ‑‑block-size=SIZE to specify the size using units (e.g. "100K").
The name of the id-0 user & group are now sent to the receiver along with the other user/group names in the transfer (instead of assuming that both sides have the same id-0 names).
Added the ‑‑stop-after=MINS and ‑‑stop-at=DATE_TIME options (with the ‑‑time-limit=MINS option accepted as an alias for ‑‑stop-after). This is an enhanced version of the time-limit patch from the patches repo.
Added the name converter daemon parameter to make it easier to convert user & group names inside a chrooted daemon module. This is based on the nameconverter patch with some improvements, including a tweak to the request protocol (so if you used this patch in the past, be sure to update your converter script to use newlines instead of null chars).
Added ‑‑crtimes (‑N) option for preserving the file's create time (I believe that this is macOS only at the moment).
Added ‑‑mkpath option to tell rsync that it should create a non-existing path component of the destination arg.
Added ‑‑stderr=errors|all|client to replace the ‑‑msgs2stderr and ‑‑no-msgs2stderr options (which are still accepted). The default use of stderr was changed to be ‑‑stderr=errors where all the processes that have stderr available output directly to stderr, which should help error messages get to the user more quickly, especially when doing a push (which includes local copying). This also allows rsync to exit quickly when a receiver failure occurs, since rsync doesn't need to try to keep the connection alive long enough for the fatal error to go from the receiver to the generator to the sender. The old default can be requested via ‑‑stderr=client. Also changed is that a non-default stderr mode is conveyed to the remote rsync (using the older option names) instead of requiring the user to use ‑‑remote-option (‑M) to tell the remote rsync what to do.
Added the ability to specify "@netgroup" names to the hosts allow and hosts deny daemon parameters. This is a finalized version of the netgroup-auth patch from the patches repo.
Rsync can now hard-link symlinks on FreeBSD due to it making ues of the linkat() function when it is available.
Output file+line info on out-of-memory & overflow errors while also avoiding the output of alternate build-dir path info that is not useful to the user.
Change configure to know that Cygwin supports Linux xattrs.
Improved the testsuite on FreeBSD & Cygwin.
Added some compatibility code for HPE NonStop platforms.
Improved the INSTALL.md info.
Added a few more suffixes to the default skip-compress list.
Improved configure's error handling to notify about several issues at once instead of one by one (for the newest optional features).
INTERNAL:
Use a simpler overflow check idiom in a few spots.
Use a C99 Flexible Array for a trailing variable-size filename in a struct (with a fallback to the old 1-char string kluge for older compilers).
Release v1.31.0
Core
The following new xDS functionality is added in this release:
Requests matching based on path (prefix, full path and safe regex) and headers.
Requests routing to multiple clusters based on weights.
The features supported in a given release are documented here.
Other changes:
Remove MAX_EPOLL_EVENTS_HANDLED_EACH_POLL_CALL to ensure timely processing of events.
Include the target name in top-level DNS error messages.
Remove xds-experimental URI scheme.
fix memory leak of grpc_resource_user_quota.
Store ref to the ExternalConnectivityWatcher in external_watchers_ map.
Update grpclb configuration with field "service_name".
Fix possible deadlock in RemoveExternalConnectivityWatcher.
Enable TLS 1.3 in the C-core and all wrapped languages.
Add message-size check before message decompression with ordering change.
Fix race condition caused by simultaneous updates on SSL server handshaker.
Add missing reset for ping clocks to avoid mistakenly sending GOAWAY frames due to 'too_many_pings'.
C++
Simplify makefile: Get rid of "install" rules with pure make, recommend cmake and bazel instead.
Replaced grpc::string with std::string.
Fix wrong version in gRPCConfigVersion.cmake and grpc++*.pc.
Python
[Aio] Support tuple and aio.Metadata interaction.
[Aio] Allows poller to bind to ephemeral loops in multiple threads.
[Aio] Hide init_grpc_aio and guard async API outside of AsyncIO context.
[Aio] Implement methods to access auth context and peer info.
Add protobuf as an "extras" dependency to grpcio package.
[Aio] Use Metadata type.
Avoid attribute error in del of _ChannelCallState.
Default wait_for_ready to True in simple stubs.
Propagate contextvars to auxiliary threads.
Simplify channel credentials in simple stubs.
1.5.0
Improvements
Use explicit flag for the specific version of c++ we are targeting.
Prevent a copy of a pool’s backends when selecting a server.
Bug Fixes
Fix compilation with h2o_socket_get_ssl_server_name().
Prevent a possible overflow via large Proxy Protocol values. (Valentei Sergey)
Avoid name clashes on Solaris derived systems.
Resize hostname to final size in getCarbonHostname(). (Aki Tuomi)
Fix compilation on OpenBSD/amd64.
Handle calling PacketCache methods on a nil object.
1.4.0
Improvements
Fix the default value of setMaxUDPOutstanding in the console’s help (phonedph1)
Add bindings for the noerrors and drops members of StatNode
Fix -Wshadow warnings (Aki Tuomi)
Fix typo: settting to setting (Chris Hofstaedtler)
Bug Fixes
Lowercase the name blocked by a SMT dynamic block
misc
Prefer the cipher suite from the server by default (DoH, DoT)
v0.6.8
Variety of small updates and bugfixes, but of note:
Support for namespace prefixes for XPath queries
edit-config parameter validation
Support for multiple RPC errors
API to get supported device types
Support for subtree filters with multiple top-level tags
19.0.2
- Regenerate Cython sources with 0.29.21 in sdists for compatibility with Python 3.9
- Handle underlying socket being closed in ZMQStream with warning instead of error
- Improvements to socket cleanup during process teardown
- Fix debug-builds on Windows
- Avoid importing ctypes during startup on Windows
- Documentation improvements
- Raise ``AttributeError`` instead of ``ZMQError(EINVAL)`` on attempts to read write-only attributes,
for compatibility with mocking
2.2.2
- BUG/MINOR: mux-fcgi: Don't url-decode the QUERY_STRING parameter anymore
- BUILD: tools: fix build with static only toolchains
- BUG/MINOR: debug: Don't dump the lua stack if it is not initialized
- BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status
- BUG/MAJOR: dns: don't treat Authority records as an error
- MEDIUM: lua: Add support for the Lua 5.4
- BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation
- BUG/MINOR: lua: Abort execution of actions that yield on a final evaluation
- BUG/MINOR: tcp-rules: Preserve the right filter analyser on content eval abort
- BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields
- BUG/MEDIUM: connection: Be sure to always install a mux for sync connect
- MINOR: connection: Preinstall the mux for non-ssl connect
- MINOR: stream-int: Be sure to have a mux to do sends and receives
- SCRIPTS: announce-release: add the link to the wiki in the announce messages
- BUG/MEDIUM: backend: always attach the transport before installing the mux
- BUG/MEDIUM: tcp-checks: always attach the transport before installing the mux
(pkgsrc)
- Add adhoc patch to make it build.
(upstream)
Changelog:
- Fix tweet sending on 32bit architectures. #795 Wtf.
- Fix a few spelling mistakes. #798
- Work around a GTK+ bug increasing the window size
when typing DMs. #796
- Prevent the list statuses page from automatically focusing
the delete button, potentially resulting in accidentally
deleted lists. #811
- Show a language selection context menu in the
compose text view. #812
- Added the Guninski patch for alloc from Qualys (CVE-2005-1513).
- dns_ipq (IP qualify) now with unified IPv4/IPv6 handling and evaluation
of DNS well-know names 'localhost' and 'ipv[4|6]-loopback' (RFC 6761).
- Fixed DNS lookup for IPv6 addresses. Adjusted DNS man pages.
Bump default BUILDLINK_API_DEPENDS, as all fehware requires this version.
This is the 1.30.2 release (gradius) of gRPC Core.
Please see the notes for the previous releases here:
https://github.com/grpc/grpc/releases. Please consult https://grpc.io/
for all information regarding this product.
This release is a patch specifically for the Ruby plugin to address
#23490
Ruby
Fix ruby protoc plugin when message is in another package
(#23501)
!! Configuration format was updated !!
With the 0.7.0 release, our configuration format was updated to
use YAML files. Baikal stores data in both the Specific and the
config folders. Keep this in mind when upgrading! We recommend that
you make a full backup of your data, as a safety measure.
0.7.1
-----
* Fixed user deletion
* Fixed upgrading from versions older than 0.6.1
* Re-added config option for base uri
* Ships with sabre/dav 4.1.0
0.7.0 (2020-05-31)
------------------
* New configuration format
* Added support for php 7.4
* REMOVED support for php 7.0
* Shows event count per calendar
* Shows contact count per address book
* Ships with sabre/dav 4.1.0
0.2.3
* Fix handling of WSGI - not all versions of start_response take
keyword arguments.
* Add --no-strict option for clients that don't follow
the spec.
version 2.82
Improve behaviour in the face of network interfaces which come
and go and change index. Thanks to Petr Mensik for the patch.
Convert hard startup failure on NETLINK_NO_ENOBUFS under qemu-user
to a warning.
Allow IPv6 addresses ofthe form [::ffff:1.2.3.4] in --dhcp-option.
Fix crash under heavy TCP connection load introduced in 2.81.
Thanks to Frank for good work chasing this down.
Change default lease time for DHCPv6 to one day.
Alter calculation of preferred and valid times in router
advertisements, so that these do not have a floor applied
of the lease time in the dhcp-range if this is not explicitly
specified and is merely the default.
3.3.28:
Added
Redesign of the release process using Azure Pipelines
Create a dedicated documentation on ReadTheDoc, refactor README.md into README.rst
Modified
Fix localzone provider to make it work with dnspython 2.x
Update easyname provider against the recent API changes
2.2.1
- BUG/MINOR: sample: Free str.area in smp_check_const_bool
- BUG/MINOR: sample: Free str.area in smp_check_const_meth
- BUG/MEDIUM: lists: add missing store barrier on MT_LIST_BEHEAD()
- BUG/MEDIUM: lists: add missing store barrier in MT_LIST_ADD/MT_LIST_ADDQ
- CONTRIB: da: fix memory leak in dummy function da_atlas_open()
- BUG/MEDIUM: mux-h2: Don't add private connections in available connection list
- BUG/MEDIUM: mux-fcgi: Don't add private connections in available connection list
- BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode
- BUG/MINOR: mux-fcgi: Handle empty STDERR record
- BUG/MINOR: mux-fcgi: Set conn state to RECORD_P when skipping the record padding
- BUG/MINOR: mux-fcgi: Set flags on the right stream field for empty FCGI_STDOUT
- BUG/MEDIUM: log: issue mixing sampled to not sampled log servers.
- BUG/MEDIUM: fcgi-app: fix memory leak in fcgi_flt_http_headers
- BUG/MEDIUM: server: resolve state file handle leak on reload
- BUG/MEDIUM: server: fix possibly uninitialized state file on close
- BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked
- BUILD: config: address build warning on raspbian+rpi4
- BUG/MAJOR: tasks: make sure to always lock the shared wait queue if needed
- BUILD: config: fix again bugs gcc warnings on calloc
- DOC: ssl: req_ssl_sni needs implicit TLS
- BUG/MEDIUM: arg: empty args list must be dropped
- BUG/MEDIUM: resolve: fix init resolving for ring and peers section.
- BUG/MAJOR: tasks: don't requeue global tasks into the local queue
- BUG/MAJOR: dns: Make the do-resolve action thread-safe
- BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed
- MEDIUM: htx: Add a flag on a HTX message when no more data are expected
- BUG/MINOR: htx: add two missing HTX_FL_EOI and remove an unexpected one
- BUG/MEDIUM: stream-int: Don't set MSG_MORE flag if no more data are expected
- BUG/MEDIUM: http-ana: Only set CF_EXPECT_MORE flag on data filtering
v1.11.4
IMPROVEMENTS:
Add resource for CSIDriver
Add resource for Pod Security Policies
Add data source for Pod and PVC
Add support for CSI volume type in persistent_volume resource
Add Kubernetes Job 'wait_for_completion' functionality
Support 'optional' flag for ConfigMap mounted as volume
Add specific error message when failing to load provider config
Support 'optional' on env valueFrom for secret key/configmap key
Skip tests for CSIDriver if cluster version is less than 1.16
Allow 'ttl_seconds_after_finished = 0' in kubernetes_job resource
Set service block to 'optional' for webhook configurations
0.12.29
BUG FIXES:
core: core: Prevent quadratic memory usage with large numbers of instances by not storing the complete resource state in each instance
Changes:
5.2
---
* Add Filter message to mitmdump (@sarthak212)
* Display TCP flows at flow list (@Jessonsotoventura, @nikitastupin, @mhils)
* Colorize JSON Contentview (@sarthak212)
* Fix console crash when entering regex escape character in half-open
string (@sarthak212)
* Integrate contentviews to TCP flow details (@nikitastupin)
* Added add-ons that enhance the performance of web application
scanners (@anneborcherding)
* Increase WebSocket message timestamp precision (@JustAnotherArchivist)
* Fix HTTP reason value on HTTP/2 reponses (@rbdixon)
* mitmweb: support wslview to open a web browser (@G-Rath)
* Fix dev version detection with parent git repo (@JustAnotherArchivist)
* Restructure examples and supported addons (@mhils)
* Certificate generation: mark SAN as critical if no CN is set (@mhils)
* Simplify Replacements with new ModifyBody addon (@mplattner)
* Rename SetHeaders addon to ModifyHeaders (@mplattner)
* mitmweb: "New -> File" menu option has been renamed to "Clear All"
(@yogeshojha)
* Add new MapRemote addon to rewrite URLs of requests (@mplattner)
* Add support for HTTP Trailers to the HTTP/2 protocol
(@sanlengjingvv and @Kriechi)
* Fix certificate runtime error during expire cleanup (@gorogoroumaru)
* Fixed the DNS Rebind Protection for secure support of IPv6 addresses
(@tunnelpr0)
* WebSockets: match the HTTP-WebSocket flow for the ~websocket filter
(@Kriechi)
* Fix deadlock caused by the "replay.client.stop" command (@gorogoroumaru)
* Add new MapLocal addon to serve local files instead of remote
resources (@mplattner and @mhils)
* Add minimal TCP interception and modification (@nikitastupin)
* Add new CheckSSLPinning addon to check SSL-Pinning on client (@su-vikas)
* Add a JSON dump script: write data into a file or send to an endpoint as
JSON (@emedvedev)
* Fix console output formatting (@sarthak212)
* Add example for proxy authentication using selenium
(@anneborcherding and @weichweich)
HAProxy 2.2.0 was released on 2020/07/07. It added 24 new commits
after version 2.2-dev12.
There were very few last-minute changes since dev12, just as I hoped,
that's pretty fine.
We're late by about 1 month compared to the initial planning, which is
not terrible and should be seen instead as an investment on the debugging
cycle since almost only bug fixes were merged during that period. In the
end you get a better version later.
While I was initially worried that this version didn't seem to contain
any outstanding changes, looking back in the mirror tells be it's another
awesome one instead:
- dynamic content emission:
- "http-request return" directive to build dynamic responses ;
- rewrite of headers (including our own) after the response ;
- dynamic error files (errorfiles can be used as templates to
deliver personalized pages)
- further improvements to TLS runtime certificates management:
- insertion of new certificates
- split of key and cert
- manipulation and creation of crt-lists
- even directories can be handled
And by the way now TLSv1.2 is set as the default minimum version.
- significant reduction of server-side resources by sharing idle
connection pools between all threads ; till 2.1 if you had 64 threads,
each of them had its own connections, so the reuse rate was lower, and
the idle connection count was very high. This is not the case anymore.
- health-checks were rewritten to all rely on tcp-check rules behind the
curtains. This allowed to get rid of all the dirt we had accumulate over
18 years and to write extensible checks. New ones are much easier to add.
In addition we now have http-checks which support header and body
addition, and which pass through muxes (HTTP/1 and HTTP/2).
- ring buffer creation with ability to forward any event to any log server
including over TCP. This means that it's now possible to log over a TCP
syslog server, and that adding new protocols should be fairly easy.
- further refined and improved debugging (symbols in panic dumps, malloc
debugging, more activity counters)
- the default security was improved. For example fork() is forbidden by
default, which will block against any potential code execution (and
will also block external checks by default unless explicitly unblocked).
- new performance improvements in the scheduler and I/O layers, reducing
the cost of I/O processing and overall latency. I've known from private
discussions that some noticed tremendous gains there.
I'm pretty sure there are many other things but I don't remember, I'm
looking at my notes. I'm aware that HaproxyTech will soon post an in-depth
review on the haproxy.com blog so just have a look there for all the details.
(edit: it's already there: https://www.haproxy.com/blog/announcing-haproxy-2-2/
).
There are three things I noted during the development of this version.
The first one is that with the myriad of new tools we're using to help
users and improve our code quality (discourse, travis, cirrus, oss-fuzz,
mailing-list etc), some people really found their role in the project and
are becoming more autonomous. This definitely scales much better and helps
me spend less time on things that are not directly connected to my code
activities, so thank you very much for this (Lukas, Tim, Ilya, Cyril).
The second one is that this is the first version that has been tortured
in production long before the release. And when I'm saying "tortured", I
really mean it, because several of us were suffering as well. But it
allowed to address very serious issues that would have been a nightmare
to debug and fix post-release. For this I really want to publicly thank
William Dauchy for all his work and involvement on this, and for all the
very detailed reports he's sent us. For me this is the proof that running
code early on very limited traffic is enough to catch unacceptable bugs
that will not hit you later. And this pays off because he will be able to
deploy 2.2 soon without sweating. Others might face bugs that were not in
the perimeter he tested, hehe :-) I really encourage anyone who can to do
this. I know it's not easy and can be risky, but with some organization
and good prod automation it's possible and is great. What's nice with
reporting bugs during development is that you have a safe version to roll
back to and it can take the time it takes to fix the bug, it's not a
problem! Please think about it and what it would imply for you to adopt
such a model, it's a real time saver and risk saver for your production.
The last one is that we started to use the -next branch to queue some
pending work (that was already merged) and that the principle of finishing
one version while we're starting to queue some work for the next one is
well accepted and will help really us. I'd like this to continue and grow
in importance.
Enough talking, now's time to download and update, and for me to leave to
have dinner :-)
Release 4.52
Bug Fixes
- Fix tests using wrong AWS credentials if AWS CLI is installed.
- Fix `AttributeError: module 'gslib' has no attribute 'USER_AGENT'`.
- Fix encoding error in `user_agent_helper`.
- Fix stdout ordering issue in hash command.
- Fix multithread race condition for cp/mv command when multiple operations are attempting to create the same directory.
- Fix OSError on interrupted rsync -d.
2.70.0
FEATURES:
* **New Resource:** `aws_ec2_client_vpn_authorization_rule`
* **New Resource:** `aws_ec2_client_vpn_route`
ENHANCEMENTS:
* resource/aws_launch_template: Add `default_version` argument (previously only an exported attribute)
* resource/aws_launch_template: Add `update_default_version` argument to set the launch template's default version to the latest version available on update
* resource/aws_organizations_organization: Support `BACKUP_POLICY` value in `enabled_policy_types` plan-time validation (Support Backup policies)
* resource/aws_organizations_policy: Support `BACKUP_POLICY` value in `type` plan-time validation (Support Backup policies)
fping 4.3
New features
Linux unprivileged ping support
Add SIGQUIT summary support similar to ping
Bugfixes and other changes
Corrected long option name of -s to --stats
Do not fail if using fping6 with -6 flag
Fail if interface binding (-I) does not work
Fix using option -4 when fping is compiled IPv4-only
Add Azure pipeline test build
GCC 10 compatibility fixes
Macos build fix
Fix xmt stats in Netdata output
Only increase num_alive if response is not a duplicate
Use line buffering for stdout
1.18.97
api-change:ebs: Update ebs command to latest version
api-change:sns: Update sns command to latest version
api-change:appmesh: Update appmesh command to latest version
api-change:sagemaker: Update sagemaker command to latest version
api-change:wafv2: Update wafv2 command to latest version
api-change:cloudhsmv2: Update cloudhsmv2 command to latest version
api-change:events: Update events command to latest version
api-change:alexaforbusiness: Update alexaforbusiness command to latest version
api-change:amplify: Update amplify command to latest version
api-change:secretsmanager: Update secretsmanager command to latest version
api-change:comprehend: Update comprehend command to latest version
1.18.96
api-change:organizations: Update organizations command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:ce: Update ce command to latest version
api-change:forecast: Update forecast command to latest version
1.18.95
api-change:efs: Update efs command to latest version
api-change:storagegateway: Update storagegateway command to latest version
api-change:lakeformation: Update lakeformation command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:glue: Update glue command to latest version
api-change:cloudfront: Update cloudfront command to latest version
1.18.94
api-change:iotsitewise: Update iotsitewise command to latest version
api-change:rds: Update rds command to latest version
api-change:quicksight: Update quicksight command to latest version
1.18.93
api-change:connect: Update connect command to latest version
api-change:elasticache: Update elasticache command to latest version
1.18.92
api-change:rds: Update rds command to latest version
api-change:appsync: Update appsync command to latest version
api-change:imagebuilder: Update imagebuilder command to latest version
api-change:codebuild: Update codebuild command to latest version
api-change:securityhub: Update securityhub command to latest version
api-change:chime: Update chime command to latest version
1.18.91
api-change:ec2: Update ec2 command to latest version
api-change:rds: Update rds command to latest version
api-change:codeguru-reviewer: Update codeguru-reviewer command to latest version
api-change:comprehendmedical: Update comprehendmedical command to latest version
api-change:ecr: Update ecr command to latest version
1.18.90
api-change:ec2: Update ec2 command to latest version
api-change:autoscaling: Update autoscaling command to latest version
api-change:codestar-connections: Update codestar-connections command to latest version
api-change:codeguruprofiler: Update codeguruprofiler command to latest version
1.18.89
api-change:sagemaker: Update sagemaker command to latest version
api-change:quicksight: Update quicksight command to latest version
api-change:cloudformation: Update cloudformation command to latest version
api-change:dms: Update dms command to latest version
api-change:cognito-idp: Update cognito-idp command to latest version
1.18.88
api-change:ec2: Update ec2 command to latest version
api-change:glue: Update glue command to latest version
1.18.87
api-change:fsx: Update fsx command to latest version
api-change:emr: Update emr command to latest version
api-change:amplify: Update amplify command to latest version
api-change:honeycode: Update honeycode command to latest version
api-change:codecommit: Update codecommit command to latest version
api-change:iam: Update iam command to latest version
api-change:backup: Update backup command to latest version
api-change:autoscaling: Update autoscaling command to latest version
api-change:organizations: Update organizations command to latest version
1.18.86
api-change:organizations: Update organizations command to latest version
api-change:mediatailor: Update mediatailor command to latest version
1.18.85
api-change:rds: Update rds command to latest version
api-change:rekognition: Update rekognition command to latest version
api-change:sqs: Update sqs command to latest version
api-change:emr: Update emr command to latest version
api-change:ec2: Update ec2 command to latest version
1.18.84
api-change:elasticache: Update elasticache command to latest version
api-change:medialive: Update medialive command to latest version
api-change:opsworkscm: Update opsworkscm command to latest version
api-change:ec2: Update ec2 command to latest version
1.18.83
api-change:rds: Update rds command to latest version
api-change:support: Update support command to latest version
api-change:route53: Update route53 command to latest version
api-change:mediaconvert: Update mediaconvert command to latest version
enchancement:codeartifact: Backport login command to AWS CLI v1
api-change:meteringmarketplace: Update meteringmarketplace command to latest version
api-change:sesv2: Update sesv2 command to latest version
api-change:ssm: Update ssm command to latest version
1.18.82
api-change:route53: Update route53 command to latest version
api-change:appmesh: Update appmesh command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:macie2: Update macie2 command to latest version
api-change:snowball: Update snowball command to latest version
1.18.81
api-change:lambda: Update lambda command to latest version
api-change:dataexchange: Update dataexchange command to latest version
api-change:qldb: Update qldb command to latest version
api-change:cloudfront: Update cloudfront command to latest version
api-change:autoscaling: Update autoscaling command to latest version
api-change:polly: Update polly command to latest version
1.18.80
api-change:appconfig: Update appconfig command to latest version
api-change:alexaforbusiness: Update alexaforbusiness command to latest version
api-change:cognito-idp: Update cognito-idp command to latest version
api-change:chime: Update chime command to latest version
api-change:iot: Update iot command to latest version
1.18.79
api-change:storagegateway: Update storagegateway command to latest version
api-change:apigateway: Update apigateway command to latest version
api-change:glue: Update glue command to latest version
api-change:cloudformation: Update cloudformation command to latest version
1.18.78
api-change:ecs: Update ecs command to latest version
api-change:iot-data: Update iot-data command to latest version
api-change:lex-models: Update lex-models command to latest version
api-change:imagebuilder: Update imagebuilder command to latest version
1.18.77
api-change:servicecatalog: Update servicecatalog command to latest version
api-change:macie2: Update macie2 command to latest version
api-change:compute-optimizer: Update compute-optimizer command to latest version
api-change:appconfig: Update appconfig command to latest version
api-change:dlm: Update dlm command to latest version
api-change:lightsail: Update lightsail command to latest version
api-change🛡️ Update shield command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:codeartifact: Update codeartifact command to latest version
1.18.76
api-change:transfer: Update transfer command to latest version
bugfix:config file: Improve config parsing to handle values with square brackets.
1.14.20
api-change:amplify: [botocore] Update amplify client to latest version
api-change:wafv2: [botocore] Update wafv2 client to latest version
api-change:ebs: [botocore] Update ebs client to latest version
api-change:events: [botocore] Update events client to latest version
api-change:sagemaker: [botocore] Update sagemaker client to latest version
api-change:cloudhsmv2: [botocore] Update cloudhsmv2 client to latest version
api-change:appmesh: [botocore] Update appmesh client to latest version
api-change:alexaforbusiness: [botocore] Update alexaforbusiness client to latest version
api-change:sns: [botocore] Update sns client to latest version
api-change:secretsmanager: [botocore] Update secretsmanager client to latest version
api-change:comprehend: [botocore] Update comprehend client to latest version
1.14.19
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:forecast: [botocore] Update forecast client to latest version
api-change:ce: [botocore] Update ce client to latest version
api-change:organizations: [botocore] Update organizations client to latest version
1.14.18
api-change:storagegateway: [botocore] Update storagegateway client to latest version
api-change:glue: [botocore] Update glue client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:lakeformation: [botocore] Update lakeformation client to latest version
api-change:efs: [botocore] Update efs client to latest version
api-change:cloudfront: [botocore] Update cloudfront client to latest version
1.14.17
api-change:quicksight: [botocore] Update quicksight client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:iotsitewise: [botocore] Update iotsitewise client to latest version
1.14.16
api-change:elasticache: [botocore] Update elasticache client to latest version
api-change:connect: [botocore] Update connect client to latest version
1.14.15
api-change:imagebuilder: [botocore] Update imagebuilder client to latest version
api-change:appsync: [botocore] Update appsync client to latest version
api-change:chime: [botocore] Update chime client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:securityhub: [botocore] Update securityhub client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
1.14.14
api-change:ecr: [botocore] Update ecr client to latest version
api-change:codeguru-reviewer: [botocore] Update codeguru-reviewer client to latest version
api-change:comprehendmedical: [botocore] Update comprehendmedical client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.14.13
api-change:codestar-connections: [botocore] Update codestar-connections client to latest version
api-change:codeguruprofiler: [botocore] Update codeguruprofiler client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:autoscaling: [botocore] Update autoscaling client to latest version
1.14.12
api-change:quicksight: [botocore] Update quicksight client to latest version
api-change:cognito-idp: [botocore] Update cognito-idp client to latest version
api-change:sagemaker: [botocore] Update sagemaker client to latest version
api-change:cloudformation: [botocore] Update cloudformation client to latest version
api-change:dms: [botocore] Update dms client to latest version
1.14.11
api-change:glue: [botocore] Update glue client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.14.10
api-change:iam: [botocore] Update iam client to latest version
api-change:organizations: [botocore] Update organizations client to latest version
api-change:backup: [botocore] Update backup client to latest version
api-change:emr: [botocore] Update emr client to latest version
api-change:fsx: [botocore] Update fsx client to latest version
api-change:amplify: [botocore] Update amplify client to latest version
api-change:codecommit: [botocore] Update codecommit client to latest version
api-change:honeycode: [botocore] Update honeycode client to latest version
api-change:autoscaling: [botocore] Update autoscaling client to latest version
1.14.9
api-change:mediatailor: [botocore] Update mediatailor client to latest version
api-change:organizations: [botocore] Update organizations client to latest version
1.14.8
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:emr: [botocore] Update emr client to latest version
api-change:rekognition: [botocore] Update rekognition client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:sqs: [botocore] Update sqs client to latest version
1.14.7
api-change:elasticache: [botocore] Update elasticache client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:opsworkscm: [botocore] Update opsworkscm client to latest version
api-change:medialive: [botocore] Update medialive client to latest version
1.14.6
api-change:support: [botocore] Update support client to latest version
api-change:mediaconvert: [botocore] Update mediaconvert client to latest version
api-change:meteringmarketplace: [botocore] Update meteringmarketplace client to latest version
api-change:route53: [botocore] Update route53 client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:sesv2: [botocore] Update sesv2 client to latest version
1.14.5
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:snowball: [botocore] Update snowball client to latest version
api-change:appmesh: [botocore] Update appmesh client to latest version
api-change:route53: [botocore] Update route53 client to latest version
api-change:macie2: [botocore] Update macie2 client to latest version
1.14.4
api-change:cloudfront: [botocore] Update cloudfront client to latest version
api-change:dataexchange: [botocore] Update dataexchange client to latest version
api-change:qldb: [botocore] Update qldb client to latest version
api-change:autoscaling: [botocore] Update autoscaling client to latest version
api-change:lambda: [botocore] Update lambda client to latest version
api-change:polly: [botocore] Update polly client to latest version
1.14.3
api-change:chime: [botocore] Update chime client to latest version
api-change:appconfig: [botocore] Update appconfig client to latest version
api-change:alexaforbusiness: [botocore] Update alexaforbusiness client to latest version
api-change:cognito-idp: [botocore] Update cognito-idp client to latest version
api-change:iot: [botocore] Update iot client to latest version
1.14.2
api-change:apigateway: [botocore] Update apigateway client to latest version
api-change:glue: [botocore] Update glue client to latest version
api-change:cloudformation: [botocore] Update cloudformation client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
1.14.1
api-change:lex-models: [botocore] Update lex-models client to latest version
api-change:imagebuilder: [botocore] Update imagebuilder client to latest version
api-change:iot-data: [botocore] Update iot-data client to latest version
api-change:ecs: [botocore] Update ecs client to latest version
1.14.0
api-change:macie2: [botocore] Update macie2 client to latest version
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
api-change:codeartifact: [botocore] Update codeartifact client to latest version
api-change:compute-optimizer: [botocore] Update compute-optimizer client to latest version
api-change🛡️ [botocore] Update shield client to latest version
api-change:lightsail: [botocore] Update lightsail client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:appconfig: [botocore] Update appconfig client to latest version
feature:SSO: [botocore] Added support for the SSO credential provider. This allows the SDK to retrieve temporary AWS credentials from a profile configured to use SSO credentials.
api-change:dlm: [botocore] Update dlm client to latest version
1.13.26
api-change:transfer: [botocore] Update transfer client to latest version
1.17.20
api-change:amplify: Update amplify client to latest version
api-change:wafv2: Update wafv2 client to latest version
api-change:ebs: Update ebs client to latest version
api-change:events: Update events client to latest version
api-change:sagemaker: Update sagemaker client to latest version
api-change:cloudhsmv2: Update cloudhsmv2 client to latest version
api-change:appmesh: Update appmesh client to latest version
api-change:alexaforbusiness: Update alexaforbusiness client to latest version
api-change:sns: Update sns client to latest version
api-change:secretsmanager: Update secretsmanager client to latest version
api-change:comprehend: Update comprehend client to latest version
1.17.19
api-change:ec2: Update ec2 client to latest version
api-change:forecast: Update forecast client to latest version
api-change:ce: Update ce client to latest version
api-change:organizations: Update organizations client to latest version
1.17.18
api-change:storagegateway: Update storagegateway client to latest version
api-change:glue: Update glue client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:lakeformation: Update lakeformation client to latest version
api-change:efs: Update efs client to latest version
api-change:cloudfront: Update cloudfront client to latest version
1.17.17
api-change:quicksight: Update quicksight client to latest version
api-change:rds: Update rds client to latest version
api-change:iotsitewise: Update iotsitewise client to latest version
1.17.16
api-change:elasticache: Update elasticache client to latest version
api-change:connect: Update connect client to latest version
1.17.15
api-change:imagebuilder: Update imagebuilder client to latest version
api-change:appsync: Update appsync client to latest version
api-change:chime: Update chime client to latest version
api-change:rds: Update rds client to latest version
api-change:securityhub: Update securityhub client to latest version
api-change:codebuild: Update codebuild client to latest version
1.17.14
api-change:ecr: Update ecr client to latest version
api-change:codeguru-reviewer: Update codeguru-reviewer client to latest version
api-change:comprehendmedical: Update comprehendmedical client to latest version
api-change:rds: Update rds client to latest version
api-change:ec2: Update ec2 client to latest version
1.17.13
api-change:codestar-connections: Update codestar-connections client to latest version
api-change:codeguruprofiler: Update codeguruprofiler client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:autoscaling: Update autoscaling client to latest version
1.17.12
api-change:quicksight: Update quicksight client to latest version
api-change:cognito-idp: Update cognito-idp client to latest version
api-change:sagemaker: Update sagemaker client to latest version
api-change:cloudformation: Update cloudformation client to latest version
api-change:dms: Update dms client to latest version
1.17.11
api-change:glue: Update glue client to latest version
api-change:ec2: Update ec2 client to latest version
1.17.10
api-change:iam: Update iam client to latest version
api-change:organizations: Update organizations client to latest version
api-change:backup: Update backup client to latest version
api-change:emr: Update emr client to latest version
api-change:fsx: Update fsx client to latest version
api-change:amplify: Update amplify client to latest version
api-change:codecommit: Update codecommit client to latest version
api-change:honeycode: Update honeycode client to latest version
api-change:autoscaling: Update autoscaling client to latest version
1.17.9
api-change:mediatailor: Update mediatailor client to latest version
api-change:organizations: Update organizations client to latest version
1.17.8
api-change:ec2: Update ec2 client to latest version
api-change:emr: Update emr client to latest version
api-change:rekognition: Update rekognition client to latest version
api-change:rds: Update rds client to latest version
api-change:sqs: Update sqs client to latest version
1.17.7
api-change:elasticache: Update elasticache client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:opsworkscm: Update opsworkscm client to latest version
api-change:medialive: Update medialive client to latest version
1.17.6
api-change:support: Update support client to latest version
api-change:mediaconvert: Update mediaconvert client to latest version
api-change:meteringmarketplace: Update meteringmarketplace client to latest version
api-change:route53: Update route53 client to latest version
api-change:ssm: Update ssm client to latest version
api-change:rds: Update rds client to latest version
api-change:sesv2: Update sesv2 client to latest version
1.17.5
api-change:ec2: Update ec2 client to latest version
api-change:snowball: Update snowball client to latest version
api-change:appmesh: Update appmesh client to latest version
api-change:route53: Update route53 client to latest version
api-change:macie2: Update macie2 client to latest version
1.17.4
api-change:cloudfront: Update cloudfront client to latest version
api-change:dataexchange: Update dataexchange client to latest version
api-change:qldb: Update qldb client to latest version
api-change:autoscaling: Update autoscaling client to latest version
api-change:lambda: Update lambda client to latest version
api-change:polly: Update polly client to latest version
1.17.3
api-change:chime: Update chime client to latest version
api-change:appconfig: Update appconfig client to latest version
api-change:alexaforbusiness: Update alexaforbusiness client to latest version
api-change:cognito-idp: Update cognito-idp client to latest version
api-change:iot: Update iot client to latest version
1.17.2
api-change:apigateway: Update apigateway client to latest version
api-change:glue: Update glue client to latest version
api-change:cloudformation: Update cloudformation client to latest version
api-change:storagegateway: Update storagegateway client to latest version
1.17.1
api-change:lex-models: Update lex-models client to latest version
api-change:imagebuilder: Update imagebuilder client to latest version
api-change:iot-data: Update iot-data client to latest version
api-change:ecs: Update ecs client to latest version
1.17.0
api-change:macie2: Update macie2 client to latest version
api-change:servicecatalog: Update servicecatalog client to latest version
api-change:codeartifact: Update codeartifact client to latest version
api-change:compute-optimizer: Update compute-optimizer client to latest version
api-change🛡️ Update shield client to latest version
api-change:lightsail: Update lightsail client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:appconfig: Update appconfig client to latest version
feature:SSO: Added support for the SSO credential provider. This allows the SDK to retrieve temporary AWS credentials from a profile configured to use SSO credentials.
api-change:dlm: Update dlm client to latest version
1.16.26
api-change:transfer: Update transfer client to latest version
pkgsrc changes:
- Remove patch-configure: applied upstream
Changes:
Changes in version 0.4.3.6 - 2020-07-09
Tor 0.4.3.6 backports several bugfixes from later releases, including
some affecting usability.
This release also fixes TROVE-2020-001, a medium-severity denial of
service vulnerability affecting all versions of Tor when compiled with
the NSS encryption library. (This is not the default configuration.)
Using this vulnerability, an attacker could cause an affected Tor
instance to crash remotely. This issue is also tracked as CVE-2020-
15572. Anybody running a version of Tor built with the NSS library
should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha
or later.
o Major bugfixes (NSS, security, backport from 0.4.4.2-alpha):
- Fix a crash due to an out-of-bound memory access when Tor is
compiled with NSS support. Fixes bug 33119; bugfix on
0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001
and CVE-2020-15572.
o Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha):
- Use the correct 64-bit printf format when compiling with MINGW on
Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.
o Minor bugfixes (client performance, backport from 0.4.4.1-alpha):
- Resume use of preemptively-built circuits when UseEntryGuards is set
to 0. We accidentally disabled this feature with that config
setting, leading to slower load times. Fixes bug 34303; bugfix
on 0.3.3.2-alpha.
o Minor bugfixes (compiler warnings, backport from 0.4.4.2-alpha):
- Fix a compiler warning on platforms with 32-bit time_t values.
Fixes bug 40028; bugfix on 0.3.2.8-rc.
o Minor bugfixes (linux seccomp sandbox, nss, backport from 0.4.4.1-alpha):
- Fix a startup crash when tor is compiled with --enable-nss and
sandbox support is enabled. Fixes bug 34130; bugfix on
0.3.5.1-alpha. Patch by Daniel Pinto.
o Minor bugfixes (logging, backport from 0.4.4.2-alpha):
- Downgrade a noisy log message that could occur naturally when
receiving an extrainfo document that we no longer want. Fixes bug
16016; bugfix on 0.2.6.3-alpha.
o Minor bugfixes (manual page, backport from 0.4.4.1-alpha):
- Update the man page to reflect that MinUptimeHidServDirectoryV2
defaults to 96 hours. Fixes bug 34299; bugfix on 0.2.6.3-alpha.
o Minor bugfixes (onion service v3, backport from 0.4.4.1-alpha):
- Prevent an assert() that would occur when cleaning the client
descriptor cache, and attempting to close circuits for a non-
decrypted descriptor (lacking client authorization). Fixes bug
33458; bugfix on 0.4.2.1-alpha.
o Minor bugfixes (portability, backport from 0.4.4.1-alpha):
- Fix a portability error in the configure script, where we were
using "==" instead of "=". Fixes bug 34233; bugfix on 0.4.3.5.
o Minor bugfixes (relays, backport from 0.4.4.1-alpha):
- Stop advertising incorrect IPv6 ORPorts in relay and bridge
descriptors, when the IPv6 port was configured as "auto". Fixes
bug 32588; bugfix on 0.2.3.9-alpha.
o Documentation (backport from 0.4.4.1-alpha):
- Fix several doxygen warnings related to imbalanced groups. Closes
ticket 34255.
Release v1.30.1
This release is a patch specifically for the Ruby bindings
Release v1.30.0
Core
This release adds an xDS URI scheme called xds. This is the stable version of the scheme xds-experimental that was introduced in v1.28.0. xds-experimental scheme will be removed in subsequent releases so you must switch to xds scheme instead. xds scheme is a client side implementation of xDSv2 APIs. This allows a gRPC client written in C++, Python, Ruby, PHP and C# to receive configuration from an xDSv2 API compatible server and use that configuration to load balance RPCs. In this release, only the virtual host matching, default path (“” or “/”) matching and cluster route action are supported. The features supported in a given release are documented here.
Remove unnamed typedef structs in src/core.
Support xDS via both xds and xds-experimental URI schemes.
Fix sorting of gRPCLB addresses when resolved via DNS.
Support local creds in grpc_cli.
Add some additional delay when sending pings without there being activity on receive side.
Added GRPC_TSAN_SUPPRESSED and GRPC_ASAN_SUPPRESSED.
Fail decompression when the gzip trailer is missing.
Include source address in tcp posix async connect errors.
Fix HTTP status conversion inconsistencies.
Add GRPC_ARG_HTTP_PROXY channel argument.
Include the query type and name in all c-ares DNS error messages.
Include the destination address in synchronous TCP connect errors.
Use aligned calculation to determine transport stream from call data.
Fixing bug with END_STREAM if header has continuations.
Fail writes when End of stream has been received.
C++
Fix missing include for std::string.
Don't override cmake cxx standard when already set by the user.
Grpc.Tools: Fix cpp paths in tools to match actual codegen.
TlsCredentialsOption API optimization.
Fixed MinGW 7.3.0 shared library compile and link issues.
Fix interceptor batch method FailHijackedRecvMessage for async APIs.
Python
Add Aio stream stream client interceptor support.
[Aio] Add AsyncIO support for Channelz.
Stop memory leak when Python channel is deallocated without invoking "close".
Expose ALTS client/server credentials in Python API.
[Aio] Stream Unary client interceptor.
[Aio] Make sync handlers runnable in AsyncIO server.
[Aio] Add AsyncIO support to grpcio-status.
[Aio] Implement the Unary Stream client interceptor.
Changes
0.10.1
======
gh api --paginate
-----------------
The api command now offers functionality to recursively fetch next
pages of results until all results have been fetched.
Fixes
-----
- Fix pr create not respecting template when editor was skipped #1243
- Fix pr checkout OWNER:BRANCH invocation setting up upstream configuration in
case maintainers are allowed to modify the pull request branch #1252
- Fix pr status not working in detached HEAD state #1155
- Do not output ANSI colour escape sequences from issue/pr/repo view if standard
output is redirected elsewhere #1187
- Improve error reporting and exit status for mistyped command names #1221
- Improve error reporting when someone might have forgotten to quote values with
spaces #1147
Tweaks
------
- Documentation improvements #1179#1204
- Added description text to Debian/RPM packages #1211
0.28.0
Improved Windows support when using socket errno checks.
Added support for passing text addresses to ServiceInfo.
Improved logging (includes fixing an incorrect logging call)
Improved Windows compatibility by using Adapter.index from ifaddr.
Improved Windows compatibility by stopping using socket.if_nameindex.
Fixed an OS X edge case which should also eliminate a memory leak.
Technically backwards incompatible:
ifaddr 0.1.7 or newer is required now.
It now includes its own vendored copy of Boto.
Release 4.51 (release date: 2020-03-26)
======================================
- Fixed file permissions for credstor2 and tracker files (#1002 and # 1005)
- Added a check to restrict the duration (-d option) for signurl command
to 12 hours if -u flag is used. (#1014)
- Updated rsync command to try patching before overwriting,
rather than checking ACL (#1016)
- Several documentation updates and clarifications.
Release 4.50 (release date: 2020-04-30)
======================================
- Switched to Using V4 signature as default for S3 (#981)
- Updated rsa library to release-4.0 (#992)
- Updated test script to install pyenv if missing for kokoro (#990)
- Fixed print ordering in kms set by using print instead of
text_util.print_to_fd (#974)
- Several documentation updates and clarifications (#969) (#987)
Release 4.49 (release date: 2020-03-26)
======================================
- Added support for service account impersonation for signurl.
- Fixed an issue with rsync throwing error when the destination url is a prefix of
an existing object.
- Several documentation updates and clarifications.
Release 4.48 (release date: 2020-02-28)
======================================
- Fixed special character handling in filenames on Windows with Python3.
- Fixed issue while transferring binary files from S3 with Python3.
- Fixed KMS tests, so that keys are created in the same region as their buckets.
- Several documentation updates and clarifications.
NEWS for rsync 3.2.2
BUG FIXES:
- Avoid a crash when a daemon module enables `transfer logging` without
setting a `log format` value.
- Fixed installing rsync-ssl script from an alternate build dir.
- Fixed the updating of configure.sh from an alternate build dir.
- Apple requires the asm function name to begin with an underscore.
- Avoid a test failure in the daemon test when --atimes is disabled.
ENHANCEMENTS:
- Allow the server side to restrict checksum & compression choices via the
same environment variables the client uses. The env vars can be divided
into "client list & server list" by the "`&`" char or the same list can
apply to both.
- Simplify how the negotiation environment variables apply when interacting
with an older rsync and also when a list contains only invalid names.
- Do not allow a negotiated checksum or compression choice of "none" unless
the user authorized it via an environment variable or command-line option.
- Added the `--max-alloc=SIZE` option to be able to override the memory
allocator's sanity-check limit. It defaults to 1G (as before) but the error
message when exceeding it specifically mentions the new option so that you
can differentiate an out-of-memory error from a failure of this limit. It
also allows you to specify the value via the RSYNC_MAX_ALLOC environment
variable.
- Add the "open atime" daemon parameter to allow a daemon to always enable or
disable the use of O_NOATIME (the default is to let the user control it).
- The default systemd config was changed to remove the `ProtectHome=on`
setting since rsync is often used to serve files in /home and /root and this
seemed a bit too strict. Feel free to use `systemctl edit rsync` to add
that restriction (or maybe `ProtectHome=read-only`), if you like. See the
3.2.0 NEWS for the other restrictions that were added compared to 3.1.3.
- The memory allocation functions now automatically check for a failure and
die when out of memory. This eliminated some caller-side check-and-die
code and added some missing sanity-checking of allocations.
- Put optimizations into their own list in the `--version` output.
- Improved the man page a bit more.
PACKAGING RELATED:
- Prepared the checksum code for an upcoming xxHash release that provides new
XXH3 (64-bit) & XXH128 (128-bit) checksum routines. These will not be
compiled into rsync until the xxhash v0.8.0 include files are installed on
the build host, and that release is a few weeks away at the time this was
written. So, if it's now the future and you have packaged and installed
xxhash-0.8.0-devel, a fresh rebuild of rsync 3.2.2 will give you the new
checksum routines. Just make sure that the new rsync package depends on
xxhash >= 0.8.0.
DEVELOPER RELATED:
- Moved the version number out of configure.ac into its own version.h file so
that we don't need to reconfigure just because the version number changes.
- Moved the daemon parameter list into daemon-parm.txt so that an awk script
can create the interrelated structs and accessors that loadparm.c needs.
v2.69.0
NOTES:
data-source/aws_availability_zones: The blacklisted_names and blacklisted_zone_ids arguments have been deprecated in preference for exclude_names and exclude_zone_ids respectively.
ENHANCEMENTS:
data-source/aws_availability_zones: Add exclude_names and exclude_zone_ids arguments
data-source/aws_elasticsearch_domain: Add advanced_security_options attribute
resource/aws_ecs_service: Increase delete retry timeout from 5 to 20 minutes
resource/aws_ecs_service: Support configurable delete timeout
resource/aws_elasticsearch_domain: Add advanced_security_options configuration block
resource/aws_sfn_state_machine: Add arn attribute
BUG FIXES:
resource/aws_autoscaling_group: Prevent unexpected differences in tags for Terraform 0.11 and earlier with boolean propagate_at_launch values
resource/aws_backup_selection: Correctly handle the associated backup plan being deleted outside Terraform
resource/aws_customer_gateway: Continue allowing 4-byte ASN values in bgp_asn argument
resource/aws_db_instance: Prevent schema version 1 upgrade panic on missing state
resource/aws_db_instance_role_association: Prevent immediate read after creation panic
resource/aws_efs_mount_target: Ensure empty string ("") validation in ip_address argument continues to work for Terraform 0.11 support
resource/aws_route53_record: Ensure old Route53 record is deleted when updating name argument
resource/aws_route53_record: Prevent errors when health_check_id argument is configured and updating set_identifier or type arguments
resource/aws_sfn_state_machine: Handle IAM Role eventual consistency on creation and wait for state machine deletion
resource/aws_spot_fleet_request: Increase default delete timeout to 15 minutes
resource/aws_wafv2_web_acl: Support additional nested and/or/not statement in rule statement and rule statement rate_based_statement attributes
Release: 0.8.0
* Fixed weak reference support in classes with ``__slots__``
* Added ``__bytes__`` to ``IPAddress`` for intuitive usage
* Added ``format()`` function to EUI
* Added ``IPNetwork.netmask`` property setter
* Added support for IABs in the ``40:D8:55`` OUI
* Drastically optimized ``spanning_cidr()``
* Fixed ``"x.x.x.x/x" in IPNetwork`` tests
* Added support for passing iterables of ``IPRange`` to ``IPSet`` and ``cidr_merge()``
Specific bug fixes addressed in this release
- N log N complexity instead of linear
- Efficiently creating a large IPSet from a list of IPRanges?
- Weak reference support
StatZone 1.0.3 (2020-07-06)
- Remove some unneeded seccomp related includes
- Validate architectures for seccomp
- Add seccomp support on i386, tested on glibc and musl
- Use __NR_ instead of SYS_ prefix in #if defined checks
Changes since 4.12.4
--------------------
* BUG 14301: Fix smbd panic on force-close share during async io.
* BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share
folder that contains incorrect symbols in any file name.
* BUG 14391: Fix DFS links.
* BUG 14310: Can't use DNS functionality after a Windows DC has been in
domain.
* BUG 14413: ldapi search to FreeIPA crashes.
* BUG 14396: Add net-ads-join dnshostname=fqdn option.
* BUG 14406: Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC.
* BUG 14386: docs-xml: Update list of posible VFS operations for
vfs_full_audit.
* BUG 14382: winbindd: Fix a use-after-free when winbind clients exit.
* BUG 14370: Client tools are not able to read gencache anymore.
Samba 4.12.4
============
o CVE-2020-10730:
A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
de-reference and further combinations with the LDAP paged_results feature can
give a use-after-free in Samba's AD DC LDAP server.
o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU.
o CVE-2020-10760:
The use of the paged_results or VLV controls against the Global Catalog LDAP
server on the AD DC will cause a use-after-free.
o CVE-2020-14303:
The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
further requests once it receives an empty (zero-length) UDP packet to
port 137.
For more details, please refer to the security advisories.
Changes since 4.12.3
--------------------
* BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
several seconds of CPU each.
* BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
and VLV combined.
* BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
server with paged_result or VLV.
* BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
AD DC nbt_server.
* BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
and VLV combined, ldb: Bump version to 2.1.4.
Upstream changes:
mikutter 4.0.6
* bundle pulseaudio plugin
* thanks to Shibafu Midorino
* backport a minor improvement from 4.1.0
(fix compatibility issue with pluggaloid 1.3.0 and later)
* configure: Fix fallout with disabling embedded config
* inet6: Add support for reporting Mobile IPv6 RA's
* inet6: Report RA Proxy flag if set
* BSD: Allow non NetBSD and OpenBSD to set IN6_IFF_AUTOCONF
* privsep: Don't handle any signals meant for the main process
* eloop: Try and survive a signal storm
* configure: add --with-eghook=foo
* dhcpcd: Add an option to poll the interface carrier state
* script: Make visible some link level parameters to lease dumping
* Linux: ignore unsupported interfaces by default, such as sit0
* Linux: support aarch64 for reading cpu info
* Linux: keep the generic netlink socket around to get ssid with privsep
* Linux: restore fix when no address is returned by getifaddrs(3)
* inet6: Don't regen temp addresses we didn't add
* privsep: Don't limit file writes if logging to a file
* DHCP6: Fix lease timings with nodelay option
Changes since 4.2.2:
* Released:
- 7th of April 2020
* Improvements:
- reduce the number of temporary memory allocations
- adjust NSEC TTLs to negative TTL
- Add more SQL schema files to packages and tarballs
- only log "No question section in packet" at Debug logging level
- do not update identical notified serials
- IXFR: only sign SOA in empty response for +DO queries
- Prepare the caches' buckets in advance
- Rework NetmaskTree for better CPU and memory efficiency.
- allow local-ipv6 until 4.4.0
- Add metrics about the size of our in-memory rings
- gpgsqlbackend: stop using prepared statements
- Enforce a strict maximum size for the packet and records caches
- API: optionally, do not return dnssec info in domain list
- zone file parser: Add a parameter to limit the number of "$GENERATE" steps
- api: avoid a large number of new database connections
- Emulate a buffered read in the pipe backend, ~3x faster
- LUA performance: register lua functions only once
- API: make max request/response body size configurable
- API: add edited_serial to Zone object
- Improve error when notification comes in for non-slave zone
- LUA record: rewrote the health checking system
* Bug fixes:
- avoid IXFR-in corruption when deltas come in close together (please see the
IXFR-in corruption upgrade notes)
- improve sql schema updates
- Fix NSECx for unpublished DNSKEYs properly
- emit correct NSEC/NSEC3 bitmaps in hidden key situations
- Refuse NSEC records with a bitmap length > 32
- YaHTTP: Support bracketed IPv6 addresses
- Make sure the default-publish-cds and default-publish-cdnskey options are
- respected for AXFR
- make sure records from LMDB backend end up in the right packet section
- Clear the TSIG algo between iterations in the API
- HTTP API: Allow DNAME in apex with SOA and NS records
- various memory/thread correctness fixes
- LUA view: do not crash on empty IP list
- REST API: accept headers without spaces
- on luaSynth exception, drain db output
- tinydnsbackend: limit timestamp-based TTLs
- Ensure that pdns can read pdns.conf when upgrading from an older package
- Ixfrdist: handle reading of empty files gracefully
- webserver: handle exceptions instead of SIGABRTing the world
* New features:
- add full option to "pdns_control show-config"
- Add "IO wait" and "steal" metrics on Linux
- API: add includerings option to statistics endpoint
- Add an extended status report in the bind backend
- add default-publish-{cds|cdnskey} options
- remotebackend: Support alsoNotifies, setFresh, getUnfreshSlaveInfos
- Add support for managing unpublished DNSSEC keys
- gmysql backend, add an option to send the SSL capability flag
- pdnsutil: offer to increase serial after edit-zone
* Removed features:
- remove goracle, lua, mydns, opendbx, oracle backends
- deprecate SOA autocomplete in pdnsutil check-zone
* misc.:
- remove the implicit 5->7 algorithm upgrade
- Make Lua mandatory for Auth
For complete and up-to-date changelog, see:
https://doc.powerdns.com/authoritative/changelog/4.3.html
pkgsrc notes:
~~~~~~~~~~~~~
The default options have changed since 4.2.2 a bit:
- option "lua" has been removed as LUA is now mandatory
- option "luarecords" has been added with default "on". When
not present in PKG_OPTIONS, LUA records support will be disabled.
Wireshark 3.2.5 Release Notes
What’s New
The Windows installers now ship with Npcap 0.9994. They previously
shipped with Npcap 0.9991.
The Windows installers now ship with USBPcap 1.5.4.0. They previously
shipped with USBPcap 1.5.3.0.
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2020-09[1] GVCP dissector infinite loop.
CVE-2020-15466[3].
The following bugs have been fixed:
• Add decryption support for QUIC IETF version 0xfaceb001 and
0xfaceb002.
• Windows Uninstall does not remove all files in Program Files.
• The "relative sequence number" is same as "raw sequence number"
when tcp.analyze_sequence_numbers:FALSE.
• Importing profiles from a different Windows PC fails.
• Decode as not working correctly with multiple user profiles.
• Wireshark can misdissect the HE Radiotap field if it’s ever
dissected one with any value unknown.
• Buildbot crash output: fuzz-2020-06-19-5981.pcap.
• Buildbot crash output: fuzz-2020-06-20-7665.pcap.
• mergecap man page contains invalid formatting.
Changes since 4.3.1:
* Released:
- 1st of July 2020
* Improvements:
- Defer the NOD lookup until after the response has been sent.
- CNAME loop detection.
* Bug fixes:
- Backport of CVE-2020-14196: Enforce webserver ACL.
- Copy the negative cache entry before validating it.
- Fix compilation of the ports event multiplexer.
- Fix the handling of DS queries for the root.
- Fix RPZ removals when an update has several deltas.
- Fix compilation on systems that do not define HOST_NAME_MAX.
- Fix build with gcc-10.Â
* misc.:
- Correct depth increments.
- Limit the TTL of RRSIG records as well
This package automatically enabled the "blacklist" option under recent
enough versions of NetBSD. However in NetBSD-current the "blacklist"
library has been replaced by the "blocklist" library which BIND currently
doesn't support. And as result the build failed with the default option
because the "blacklist" could not be found.
Change the option check to only enable this option under NetBSD if the
"blacklist" header file can be found. This fixes the build under
NetBSD-current with the default options.
The correct long term fixed would be:
* Wait for a BIND version which supports "blocklist" instead of "blacklist"
* Add "blocklist" as a package in "pkgsrc" with an appropriate "builtin.mk"
NEWS for rsync 3.2.1 (22 Jun 2020)
Protocol: 31 (unchanged)
Changes since 3.2.0:
BUG FIXES:
Fixed a potential build issue with the MD5 assembly-language code by removing some non-portable directives.
Use the preprocessor with the asm file to ensure that if the code is unneeded, it doesn't get built.
Avoid the stack getting set to executable when including the asm code.
Some improvements in the SIMD configure testing to try to avoid build issues, such as avoiding a clang++ core dump when ‑g is combined with ‑O2. Note that clang++ is quite buggy in this area, and it does still crash for some folks, so just use ‑‑disable-simd if you need to avoid their buggy compiler (since the configure test is apparently not finding all the compilers that will to crash and burn).
Fixed an issue in the md2man script when building from an alternate dir.
Disable ‑‑atimes on macOS (it apparently just ignores the atime change).
ENHANCEMENTS:
The use of ‑‑backup-dir=STR now implies ‑‑backup.
Added ‑‑zl=NUM as a short-hand for ‑‑compress-level=NUM.
Added ‑‑early-input=FILE option that allows the client to send some data to a daemon's (optional) "early exec" script on its stdin.
Mention atimes in the capabilities list that ‑‑version outputs.
Mention either "default protect-args" or "optional protect-args" in the ‑‑version capabilities depending on how rsync was configured.
Some info on optimizations is now elided from the ‑‑version capabilities since they aren't really user-facing capabilities. You can still see the info (plus the status of a couple extra optimizations) by repeating the ‑‑version option (e.g. ‑VV).
Updated various URLs to be https instead of http.
Some documentation improvements.
PACKAGING RELATED:
If you had to use ‑‑disable-simd for 3.2.0, you might want to try removing that and see if it will succeed or auto-disable. Some buggy clang++ compilers are still not auto disabled, though.
The MD5 asm code is now under its own configure flag (not shared with the SIMD setting), so if you have any issues compiling it, re-run configure with ‑‑disable-asm.
Merged the OLDNEWS.md file into NEWS.md.
NEWS for rsync 3.2.0 (19 Jun 2020)
Protocol: 31 (unchanged)
Changes since 3.1.3:
BUG FIXES:
Avoid a potential out-of-bounds read in daemon mode if argc can be made to become 0.
Fix the default list of skip-compress files for non-daemon transfers.
Fix xattr filter rules losing an 'x' attribute in a non-local transfer.
Avoid an error when a check for a potential fuzzy file happens to reference a directory.
Make the atomic-rsync helper script have a more consistent error-exit.
Make sure that a signal handler's use of exit_cleanup() calls _exit() instead of exit().
Various zlib fixes, including security fixes for CVE-2016-9843, CVE-2016-9842, CVE-2016-9841, and CVE-2016-9840.
Fixed an issue with ‑‑remove-source-files not removing a source symlink when combined with ‑‑copy-links.
Fixed a bug where the daemon would fail to write early fatal error messages to the client, such as refused or unknown command-line options.
Fixed the block-size validation logic when dealing with older protocols.
Some rrsync fixes and enhancements to handle the latest options.
Fixed a problem with the ‑‑link-dest|‑‑copy-dest code when ‑‑xattrs was specified along with multiple alternate-destination directories (it could possibly choose a bad file match while trying to find a better xattr match).
Fixed a couple bugs in the handling of files with the ‑‑sparse option.
Fixed a bug in the writing of the batch.sh file (w/‑‑write-batch) when the source & destination args were not last on the command-line.
Avoid a hang when an overabundance of messages clogs up all the I/O buffers.
Fixed a mismatch in the RSYNC_PID values put into the environment of pre-xfer exec and a post-xfer exec.
Fixed a crash in the ‑‑iconv code.
Fixed a rare crash in the popt_unalias() code.
ENHANCEMENTS:
Various checksum enhancements, including the optional use of openssl's MD4 & MD5 checksum algorithms, some x86-64 optimizations for the rolling checksum, some x86-64 optimizations for the (non-openssl) MD5 checksum, the addition of xxHash checksum support, and a negotiation heuristic that ensures that it is easier to add new checksum algorithms in the future. The environment variable RSYNC_CHECKSUM_LIST can be used to customize the preference order of the negotiation, or use ‑‑checksum-choice (‑‑cc) to force a choice.
Various compression enhancements, including the addition of zstd and lz4 compression algorithms and a negotiation heuristic that picks the best compression option supported by both sides. The environment variable RSYNC_COMPRESS_LIST can be used to customize the preference order of the negotiation, or use ‑‑compress-choice (‑‑zc) to force a choice.
Added a ‑‑debug=NSTR option that outputs details of the new negotiation strings (for checksums and compression). The first level just outputs the result of each negotiation on the client, level 2 outputs the values of the strings that were sent to and received from the server, and level 3 outputs all those values on the server side too (when the server was given the debug option).
The ‑‑debug=OPTS command-line option is no longer auto-forwarded to the remote rsync which allows for the client and server to have different levels of debug specified. This also allows for newer debug options to be specified, such as using ‑‑debug=NSTR to see the negotiated hash result, without having the command fail if the server version is too old to handle that debug item. Use ‑M‑‑debug=OPTS to send the options to the remote side.
Added the ‑‑atimes option based on the long-standing patch (just with some fixes that the patch has been needing).
Added ‑‑open-noatime option to open files using O_NOATIME.
Added the ‑‑write-devices option based on the long-standing patch.
Added openssl & preliminary gnutls support to the rsync-ssl script, which is now installed by default. This was unified with the old stunnel-rsync helper script to simplify packaging. Note that the script accepts the use of ‑‑type=gnutls for gnutls testing, but does not look for gnutls-cli on the path yet. The use of ‑‑type=gnutls will not work right until gnutls-cli no longer drops data.
Rsync was enhanced to set the RSYNC_PORT environment variable when running a daemon-over-rsh script. Its value is the user-specified port number (set via ‑‑port or an rsync:// URL) or 0 if the user didn't override the port.
Added the proxy protocol daemon parameter that allows your rsyncd to know the real remote IP when it is setup behind a proxy.
Added negated matching to the daemon's refuse options setting by using match strings that start with a ! (such as !compress*). This lets you refuse all options except for a particular approved list, for example. It also lets rsync refuse certain options by default (such as write-devices) while allowing the config to override that, as desired.
Added the early exec daemon parameter that runs a script before the transfer parameters are known, allowing some early setup based on module name.
Added status output in response to a signal (via both SIGINFO & SIGVTALRM).
Added ‑‑copy-as=USER option to give some extra security to root-run rsync commands into/from untrusted directories (such as backups and restores).
When resuming the transfer of a file in the ‑‑partial-dir, rsync will now update that partial file in-place instead of creating yet another tmp file copy. This requires both sender & receiver to be at least v3.2.0.
Added support for RSYNC_SHELL & RSYNC_NO_XFER_EXEC environment variables that affect the early, pre-xfer, and post-xfer exec rsync daemon parameters.
Optimize the ‑‑fuzzy ‑‑fuzzy heuristic to avoid the fuzzy directory scan until all other basis-file options are exhausted (such as ‑‑link-dest).
Have the daemon log include the normal-exit sent/received stats when the transfer exited with an error when possible (i.e. if it is the sender).
The daemon now locks its pid file (when configured to use one) so that it will not fail to start when the file exists but no daemon is running.
Various man page improvements, including some html representations (that aren't installed by default).
Made ‑V the short option for ‑‑version and improved its information.
Pass the ‑4 or ‑6 option to the ssh command, making it easier to type than ‑‑rsh='ssh ‑4' (or the ‑6 equivalent).
Added example config for rsyncd SSL proxy configs to rsyncd.conf.
More errors messages now mention if the error is coming from the sender or the receiver.
PACKAGING RELATED:
Add installed binary: /usr/bin/rsync-ssl
Add installed man page: /usr/man/man1/rsync-ssl.1
Tweak auxiliary doc file names, such as: README.md, INSTALL.md, & NEWS.md.
The rsync-ssl script wants to run openssl or stunnel4, so consider adding a dependency for one of those options (though it's probably fine to just let it complain about being unable to find the program and let the user decide if they want to install one or the other).
If you packaged rsync + rsync-ssl + rsync-ssl-daemon as separate packages, the rsync-ssl package is now gone (rsync-ssl should be considered to be mainstream now that Samba requires SSL for its rsync daemon).
Add build dependency for liblz4-dev, libxxhash-dev, libzstd-dev, and libssl-dev. These development libraries will give rsync extra compression algorithms, extra checksum algorithms, and allow use of openssl's crypto lib for (potentially) faster MD4/MD5 checksums.
Add build dependency for g++ or clang++ on x86_64 systems to enable the SIMD checksum optimizations.
Add build dependency for either python3-cmarkcfm or python3-commonmark to allow for patching of man pages or building a git release. This is not required for a release-tar build, since it comes with pre-built man pages. Note that cmarkcfm is faster than commonmark, but they generate the same data. The commonmark dependency is easiest to install since it's native python, and can even be installed via pip3 install ‑‑user commonmark if you want to just install it for the build user.
Remove yodl build dependency (if it was even listed before).
DEVELOPER RELATED:
Silenced some annoying warnings about major() & minor() by improving an autoconf include-file check.
Converted the man pages from yodl to markdown. They are now processed via a simple python3 script using the cmarkgfm or commonmark library. This should make it easier to package rsync, since yodl has gotten obscure.
Improved some configure checks to work better with strict C99 compilers.
Some perl building/packaging scripts were recoded into awk and python3.
Some defines in byteorder.h were changed into static inline functions that will help to ensure that the args don't get evaluated multiple times on "careful alignment" hosts.
Some code typos were fixed (as pointed out by a Fossies run).
get_iplayer 3.26 Release Notes
Changes in 3.26
* Restored download of programme credits - broken by BBC changes.
* Restored channel names to --pid-recursive-list output - broken by BBC
changes.
* Restored subtitle colours - broken by BBC changes.
* Media streams mislabelled as belonging to the defunct BBC Store are no
longer ignored - a few may contain valid content.
* Fixed hash initialisation in Pvr class (@praxilian)
* Added new --cuesheet-offset option (synonym: --tracklist-offset) that
can be used to apply a positive or negative offset to track times in
cue sheet or track list. If you find track times off by a consistent
amount after download, use --cuesheet-only with --cuesheet-offset=<n>
or --tracklist-only with --tracklist-offset=<n> (where n = offset in
seconds) to generate a new cue sheet or track list with adjusted track
times.
* The default value of the --thumbnail-size option is now 1920, which
downloads a 1920x1080 image. The previous default was 192, which
downloaded a 192x108 image. This larger default size should work
better on TVs and larger devices, but it will still scale down for
smaller devices and media manager software.
* If you have added --thumbnail-size to your preferences, it will
continue to be used.
* This change will add ~200KB to the size of tagged output files,
compared to the previous default.
* If you wish to restore the previous default thumbnail size:
get_iplayer --prefs-add --thumbnail-size=192
* Thumbnail size is now automatically limited to 1280 when
--thumbnail-square is used, in order to avoid distorted images.
* The @wrt atom in metadata tags (iTunes: Composer field) is now set to
"BBC Sounds" for radio programmes. The value is still set to "BBC
iPlayer" for TV programmes.
* The --tag-utf8 option is now ignored and will be removed in the next
release. It hasn't served any useful purpose for some time. To remove
it from your preferences if necessary:
get_iplayer --prefs-del --tag-utf8
* The minimum version of Perl nominally required for get_iplayer is now
5.16, in line with recent changes in requirements for the Mojolicious
module. This requirement is not yet enforced in get_iplayer code since
some combinations of older Perl and Mojolicious versions will still
work. This only concerns Linux users doing manual installations, and
who for some reason attempt to install new versions of Mojolicious
with obsolete versions of Perl, so it is unlikely to apply to you.
* get_iplayer previously allowed a PVR run to continue even if the
previous run might still be active, as long as 12 hours had elapsed
since the previous run was launched, on the presumption that after 12
hours the previous run must be hung. That is no longer the case.
* If an invalid (e.g., due to disk write error) PVR lockfile is
found, get_iplayer deletes the lockfile and exits with an error
and an instruction for you to check if get_iplayer PVR is already
running before restarting.
* If a valid PVR lockfile is found and the previous run is still
active, get_iplayer will now always exit with an error regardless
of whether or not 12 hours has elapsed. It now prints the process
ID associated with the running PVR so that you can check the
process status if necessary.
* get_iplayer is not prone to hanging as it sometimes was when it
relied on rtmpdump and ffmpeg for downloading, so this change
should have little effect on you. One possible exception is if
you try to use get_iplayer in Windows Subsystem for Linux v1 (WSL
1), where AtomicParsley always hangs and thus hangs every PVR
run. Don't use get_iplayer on WSL 1. AtomicParsley does work with
WSL 2.
v2.68.0:
FEATURES:
New Data Source: aws_efs_access_points
New Resource: aws_wafv2_web_acl_logging_configuration
ENHANCEMENTS:
data-soruce/aws_ami: Add arn attribute
data-source/aws_customer_gateway: Add arn attribute
data-source/aws_ebs_snapshot: Add arn attribute
data-source/aws_vpc_endpoint: Add arn attribute
data-source/aws_vpc_endpoint_service: Add arn attribute
data-source/aws_vpn_gateway: Add arn attribute
resource/aws_ami: Add arn attribute and plan-time validations to architecture, volume_type and virtualization_type arguments
resource/aws_ami_copy: Add arn attribute
resource/aws_ami_from_instance: Add arn attribute
resource/aws_customer_gateway: Add arn attribute and plan-time validations for bgp_asn, ip_address, and type arguments
resource/aws_default_network_acl: Add arn attribute and plan-time validations for ingress and egress configuration block arguments
resource/aws_ebs_snapshot: Add arn attribute
resource/aws_ebs_snapshot: Support resource import
resource/aws_ebs_snapshot_copy: Add arn attribute
resource/aws_ec2_traffic_mirror_session: Add arn attribute
resource/aws_ecs_service: Support deployment_controller configuration block type argument value of EXTERNAL (support external deployments)
resource/aws_ecs_task_definition: Add efs_volume_configuration configuration block authorization_config, transit_encryption, and transit_encryption_port arguments (support EFS Access Points and transit encryption)
resource/aws_elasticsearch_domain: Ultrawarm can now be enabled without re-creating the resource
resource/aws_glue_catalog_database: Add arn attribute
resource/aws_iot_policy: Support resource import
resource/aws_iot_topic_rule: Add error_action configuration block
resource/aws_network_acl: Add arn attribute and plan-time validations for ingress and egress configuration block arguments
resource/aws_placement_group: Add arn attribute
resource/aws_ses_receipt_filter: Add arn attribute and plan-time validations for all arguments
resource/aws_vpn_connection: Add arn attribute
resource/aws_vpc_endpoint: Add arn attribute
resource/aws_vpc_endpoint_service: Add arn attribute
resource/aws_vpn_gateway: Add arn attribute
BUG FIXES:
resource/aws_batch_compute_environment: Ensure desired_vcpus is fully optional and wait for updates
resource/aws_batch_compute_environment: Remove resource from Terraform state when not found instead of returning error
resource/aws_cloudtrail: Properly configure single event_selector with no data_resource and read_write_type of ReadOnly or WriteOnly
resource/aws_cloudtrail: Prevent InvalidEventSelectorsException error when removing all event_selector configuration
resource/aws_default_route_table: Validate CIDR blocks for misalignment before attempting to create the route to ensure Terraform can read the information after EC2 API canonicalization
resource/aws_default_route_table: Ensure empty string ("") validation in cidr_block and ipv6_cidr_block arguments continues to work for Terraform 0.11 support
resource/aws_ecs_service: Add plan-time validation and prevent panics with empty type argument in ordered_placement_strategy configuration block
resource/aws_ecs_task_definition: Prevent showing API ordering differences in container_definitions environment variables during update plans
resource/aws_elasticsearch_domain: Ensure empty string ("") validation in ebs_options volume_type argument continues to work for Terraform 0.11 support
resource/aws_iot_policy: Ensure name argument updates recreate the resource
resource/aws_route: Validate CIDR blocks for misalignment before attempting to create the route to ensure Terraform can read the information after EC2 API canonicalization
resource/aws_route: Ensure empty string ("") validation in destination_cidr_block and destination_ipv6_cidr_block arguments continues to work for Terraform 0.11 support
resource/aws_route_table: Validate CIDR blocks for misalignment before attempting to create the route to ensure Terraform can read the information after EC2 API canonicalization
resource/aws_route_table: Ensure empty string ("") validation in cidr_block and ipv6_cidr_block arguments continues to work for Terraform 0.11 support
resource/aws_spot_fleet_request: Prevent crash with missing placement information
resource/aws_vpc_endpoint: Skip ModifyVpcEndpoint API call on tags only updates
resource/aws_vpc_endpoint: Wait for acceptance when auto_accept is enabled
resource/aws_wafv2_web_acl: Prevent unexpected UpdateWebACL API errors on tags only updates
v0.12.28:
BUG FIXES:
build: build the 0.12 version of Terraform with Go 1.12.13, rather than 0.13 Terraform's 1.14.2
v0.12.27:
BUG FIXES:
backend/remote: fix panic when there's a connection error to the remote backend
Instead:
1. Package makefiles including their own options.mk
2. Packages say "SUBST_CLASSES+=djberrno" to get the hack, if needed
3. Packages adjust SUBST_FILES.djberrno, if needed
Should fix bulk build failures due to multiple inclusions of options.mk
and/or incorrect definitions of DJB_ERRNO_HACK.
Approved during the freeze by wiz@.
05/20/2020 Version 4.3.3
- Increase cache buffers size to accomodate VLAN edits (#594)
- Correct L2 header length to correct IP header offset (#583)
- Fix warnings from gcc version 10 (#580)
- Heap Buffer Overflow in randomize_iparp (#579)
- Use after free in get_ipv6_next (#578)
- Heap Buffer Overflow in git_ipv6_next (#576)
- Call pcap_freecode() on pcap_compile() (#572)
- Increase max snaplen to 262144 (#571)
- Fix divide by zero in fuzzing (#570)
- Unique IP repeats at very high iteration counts (#566)
- Fails to compile on FreeBSD amd64 13.0 (#558)
- Heap Buffer Overflow in do_checksum (#556) (#577)
- Attempt to correct corrupt pcap files, if possible (#557)
- Fix GCC v10 warnings (#555)
- Remove some duplicated SOURCES entries (#551)
- Expand /dev/bpfX hard limit to fix macOS Mojave (#550)
- Implement --loopdelay-ms when using --loop=0 (#546)
- Heap overflow packet2tree and get_l2len (#530)
03/12/2019 Version 4.3.2
- CVE-2019-8381 memory access in do_checksum() (#538)
- CVE-2019-8376 NULL pointer dereference get_layer4_v6() (#537)
- CVE-2019-8377 NULL pointer dereference get_ipv6_l4proto() (#536)
- Rename Ethereal to Wireshark (#545)
12/27/2018 Version 4.3.1
- Fix checkspell detected typos (#531)
11/10/2018 Version 4.3.0
- Fix maxOS TOS checksum failure (#524)
- TCP sequence edits seeding (#514)
- Fix issues identifed by Codacy (#493)
- CVE-2018-18408 use-after-free in post_args (#489)
- CVE-2018-18407 heap-buffer-overflow csum_replace4 (#488)
- CVE-2018-17974 heap-buffer-overflow dlt_en10mb_encode (#486)
- CVE-2018-17580 heap-buffer-overflow fast_edit_packet (#485)
- CVE-2018-17582 heap-buffer-overflow in get_next_packet (#484)
- Out-of-tree build (#482)
- CVE-2018-13112 heap-buffer-overflow in get_l2len (#477 dup #408)
- Closing stdin on pipe (#479)
- Second pcap file hangs on multiplier option (#472)
- Jumbo frame support for fragroute option (#466)
- TCP sequence edit ACK corruption (#451)
- TCP sequence number edit initial SYN packet should have zero ACK (#450)
- Travis CI build fails due to new build images (#432)
- Upgrade libopts to 5.18.12 to address version build issues (#430)
- Add ability to change tcp SEQ/ACK numbers (#425)
- Hang using loop and netmap options (#424)
- tcpprep -S not working for large cache files (#423)
- Unable to tcprewrite range of ports with --portmap (#422)
- --maxsleep broken for values less than 1000 (#421)
- -T flag breaks traffic replay timing (#419)
- Respect 2nd packet timing (#418)
- Avoid non-blocking behaviour when using STDIN (#416)
- pcap containing >1020 packets produces invalid cache file (#415)
- manpage typos (#413)
- Fails to open tap0 on Zephyr (#411)
- Heap-buffer-overflow in get_l2protocol (#410)
- Heap-buffer-overflow in packet2tree (#409)
- Heap-buffer-overflow in get_l2len (#408)
- Heap-buffer-overflow in flow_decode (#407)
- Rewrite zero IP total length field to match the actual packet length (#406)
- Stack-buffer-overflow in tcpcapinfo (#405)
- tcpprep --include option does not exclude (#404)
- Negative-size-param memset in dlt_radiotap_get_80211 (#402)
- tcpeplay --verbose option not working (#398)
- Fix replay when using --with-testnic (#178)
Update ruby-twitter to 7.0.0.
7.0.0
* Add Twitter::DirectMessageEvent (@FabienChaynes)
* Create Twitter::DirectMessageEvent with media (@FabienChaynes)
* Support for DM welcome messages (@FabienChaynes)
* Support for closing Twitter::Streaming::Connection (@okkez)
* Add Twitter::REST::Client#create_direct_message_event (@cyu)
* Add Twitter::REST::Client#premium_search
* Add Twitter::REST::AccountActivity
* Update all direct message methods to return Twitter::DirectMessageEvent
(@flikglick)
* Correctly handle different Twitter::Error::AlreadyRetweeted error messages
(@knu)
* Fix proxy setting sample (@nicklegr)
* Add Active Support presence methods on Twitter::NullObject (@davebrace)
* Upload GIFs over 5MB in chunks (@wild_dmitry)
* Track rate limit when searching tweets (@dsalahutdinov1)
* Add quote_count and reply_count attributes to Twitter::Tweet
* Drop support for Ruby 2.0, 2.1, and 2.2
Updaet ntp4 to 4.2.8p14.
pkgsrc changes:
* Incorporate several changes from NetBSD base.
* few pkglint fixes.
Quote from release announce:
NTP 4.2.8p14 (Harlan Stenn <stenn@ntp.org>, 2020 Mar 03)
Focus: Security, Bug fixes, enhancements.
Severity: MEDIUM
This release fixes three vulnerabilities: a bug that causes causes an ntpd
instance that is explicitly configured to override the default and allow
ntpdc (mode 7) connections to be made to a server to read some uninitialized
memory; fixes the case where an unmonitored ntpd using an unauthenticated
association to its servers may be susceptible to a forged packet DoS attack;
and fixes an attack against a client instance that uses a single
unauthenticated time source. It also fixes 46 other bugs and addresses
4 other issues.
