Changes:
2018.12.09
----------
Core
* [YoutubeDL] Keep session cookies in cookie file between runs
* [YoutubeDL] Recognize session cookies with expired set to 0 (#12929)
Extractors
+ [teachable] Add support for teachable platform sites (#5451, #18150, #18272)
+ [aenetworks] Add support for historyvault.com (#18460)
* [imgur] Improve gallery and album detection and extraction (#9133, #16577,
#17223, #18404)
* [iprima] Relax URL regular expression (#18453)
* [hotstar] Fix video data extraction (#18386)
* [ard:mediathek] Fix title and description extraction (#18349, #18371)
* [xvideos] Switch to HTTPS (#18422, #18427)
+ [lecturio] Add support for lecturio.com (#18405)
+ [nrktv:series] Add support for extra materials
* [nrktv:season,series] Fix extraction (#17159, #17258)
* [nrktv] Relax URL regular expression (#18304, #18387)
* [yourporn] Fix extraction (#18424, #18425)
* [tbs] Fix info extraction (#18403)
+ [gamespot] Add support for review URLs
Changes:
2.6.1
-----
- Fix using git aliases for git 2.20
- Add support for passing multiple --message options for compatibility
with git
- Allow the %h token in HostName value read from ssh config
Upstream changes:
Version 3.63 (2018-11-25)
[ENHANCEMENTS]
* #280 update to retrieve Aerohive serial
* #271 update os_ver for Alcatel-Lucent (stromsoe)
[BUG FIXES]
* #273 remove old ADTRAN modules not in netdisco-mibs
Upstream changes:
1.19 Nov 14, 2018
Show structure of EDNS options using Perl-like syntax.
Fix rt.cpan.org #127557
Net::DNS::Resolver::Base should use 3 args open
Fix rt.cpan.org #127182
Incorrect logic can cause DNS search to emit fruitless queries.
0.14.54
Bugfixes:
#5348: Web GUI doesn't work in older browsers
0.14.53
Bugfixes:
#4738: File restore doesn't work on one folder
#4780: Logging debugging flags stay after disabling all debug facilities in the web UI
#5267: Disabling the minimum disk free space check on folders doesn't work
#5270: panic: interface conversion: interface {} is map[string]string, not map[string]interface {}
#5291: panic: runtime error: index out of range
#5294: Removed devices do not influnce the list of locally needed files
#5296: strelaypoolsrv, cmd/ursrv: Google maps issue in the GUI
#5299: panic: bug: unknown device should already have been rejected
#5323: Files not deleted properly when one side has ignore permissions set
Enhancements:
#1347: Directory auto-complete should be case-insensitive
#3439: Ship .desktop files
#4000: Add "select all" / "deselect all" to folder and device sharing dialogs
#4480: Should show indication of local files/directories that can't be scanned for whatever reason
#5256: Upgrade SSL Certificate to use modern cipher
Other issues:
#5247: cmd/stdiscosrv: test suite sometimes seg faults on OpenBSD
#5280: Update to the new prometheus client API
v1.20: 20NOV2018
Added support for socks5 protocol (Eugene Protozanov)
New probing method:
Before, probes were tried in order, repeating on the
same probe as long it returned PROBE_AGAIN before
moving to the next one. This means a probe which
requires a lot of data (i.e. returne PROBE_AGAIN for
a long time) could prevent sucessful matches from
subsequent probes. The configuration file needed to
take that into account.
Now, all probes are tried each time new data is
found. If any probe matches, use it. If at least one
probe requires more data, wait for more. If all
probes failed, connect to the last one. So the only
thing to know when writing the configuration file is
that 'anyprot' needs to be last.
Test suite heavily refactored; `t` uses `test.cfg`
to decide which probes to test and all setup is
automatic; probes get tested with 'fast' (entire
first message in one packet) and 'slow' (one byte at
a time); when SNI/ALPN are defined, all combinations
are tested.
Old 'tls' probe removed, 'sni_alpn' probe renamed as 'tls'.
You'll need to change 'sni_alpn' to 'tls' in
your configuration file, if ever you used it.
Pkgsrc changes:
* Re-position configure diff.
Upstream changes:
Features
- Add fast-server-permil and fast-server-num options.
- Deprecate low-rtt and low-rtt-permil options.
- Change fast-server-num default to 3.
- Fix#4154: make ECS_MAX_TREESIZE configurable, with
the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options.
- Fix#4190: Please create a "ANY" deny option, adds the option
deny-any: yes in unbound.conf. This responds with an empty message
to queries of type ANY.
- Fix#4126: RTT_band too low on VSAT links with 600+ms latency,
adds the option unknown-server-time-limit to unbound.conf that
can be increased to avoid the problem.
- Add min-client-subnet-ipv6 and min-client-subnet-ipv4 options.
- Support SO_REUSEPORT_LB in FreeBSD 12 with the so-reuseport: yes
option in unbound.conf.
- Add unbound-control view_local_datas command, like local_datas.
Bug Fixes
- dnscrypt.c removed sizeof to get array bounds.
- Fix testlock code to set noreturn on error routine.
- Remove unused variable from contrib fastrpz/rpz.c and
remove unused diagnostic pragmas that themselves generate warnings
- clang analyze test is used only when assertions are enabled.
- Squelch EADDRNOTAVAIL errors when the interface goes away,
this omits 'can't assign requested address' errors unless
verbosity is set to a high value.
- Set default for so-reuseport to no for FreeBSD. It is enabled
by default for Linux and DragonFlyBSD. The setting can
be configured in unbound.conf to override the default.
- iana port update.
- Squelch log of failed to tcp initiate after TCP Fastopen failure.
- Fix#4192: unbound-control-setup generates keys not readable by
group.
- check that the dnstap socket file can be opened and exists, print
error if not.
- Add markdel function to ECS slabhash.
- Limit ECS scope returned to client to the scope used for caching.
- Fix#4191: NXDOMAIN vs SERVFAIL during dns64 PTR query.
- Fix#4141: More randomness to rrset-roundrobin.
- Fix#4132: Openness/closeness of RANGE intervals in rpl files.
- remade makefile dependencies.
- Fix#4152: Logs shows wrong time when using log-time-ascii: yes.
- Scrub NS records from NXDOMAIN responses to stop fragmentation
poisoning of the cache.
- Scrub NS records from NODATA responses as well.
- Add patch from Jan Vcelak for pythonmod,
add sockaddr_storage getters, add support for query callbacks,
allow raw address access via comm_reply and update API documentation.
- Removed compile warnings in pythonmod sockaddr routines.
- With ./configure --with-pyunbound --with-pythonmodule
PYTHON_VERSION=3.6 or with 2.7 unbound can compile and unit tests
succeed for the python module.
- pythonmod logs the python error and traceback on failure.
- ignore debug python module for test in doxygen output.
- review fixes for python module.
- Fix#4209: Crash in libunbound when called from getdns.
- auth zone zonefiles can be in a chroot, the chroot directory
components are removed before use.
- Fix that empty zonefile means the zonefile is not set and not used.
- Fix to not set GLOB_NOSORT so the unbound.conf include: files are
sorted and in a predictable order.
- Fix#4193: Fix that prefetch failure does not overwrite valid cache
entry with SERVFAIL.
- Fix DNS64 to not store intermediate results in cache, this avoids
other threads from picking up the wrong data. The module restores
the previous no_cache_store setting when the the module is finished.
- Fix#4208: 'stub-no-cache' and 'forward-no-cache' not work.
- New and better fix for Fix#4193: Fix that prefetch failure does
not overwrite valid cache entry with SERVFAIL.
- auth-zone give SERVFAIL when expired, fallback activates when
expired, and this is documented in the man page.
- stat count SERVFAIL downstream auth-zone queries for expired zones.
- Put new logos into windows installer.
- Fix windows compile for new rrset roundrobin fix.
- Update contrib fastrpz patch for latest release.
- Fix chroot auth-zone fix to remove chroot prefix.
- windows icon updated.
0.13.0:
- Remove all introspection logic for `progress` callback introduced in 0.12
- `progress` callback only accept 3 arguments again
- Introduce `progress4` parameter which accepts the peername as 4th argument
Wireshark 2.6.5 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2018-51[1] The Wireshark dissection engine could crash.
Bug 14466[2]. CVE-2018-19625[3].
• wnpa-sec-2018-52[4] The DCOM dissector could crash. Bug 15130[5].
CVE-2018-19626[6].
• wnpa-sec-2018-53[7] The LBMPDM dissector could crash. Bug
15132[8]. CVE-2018-19623[9].
• wnpa-sec-2018-54[10] The MMSE dissector could go into an infinite
loop. Bug 15250[11]. CVE-2018-19622[12].
• wnpa-sec-2018-55[13] The IxVeriWave file parser could crash. Bug
15279[14]. CVE-2018-19627[15].
• wnpa-sec-2018-56[16] The PVFS dissector could crash. Bug
15280[17]. CVE-2018-19624[18].
• wnpa-sec-2018-57[19] The ZigBee ZCL dissector could crash. Bug
15281[20]. CVE-2018-19628[21].
The following bugs have been fixed:
• VoIP Calls dialog doesn’t include RTP stream when preparing a
filter. Bug 13440[22].
• Wireshark installs on macOS with permissions for
/Library/Application Support/Wireshark that are too restrictive.
Bug 14335[23].
• Closing Enabled Protocols dialog crashes wireshark. Bug
14349[24].
• Unable to Export Objects → HTTP after sorting columns. Bug
14545[25].
• DNS Response to NS query shows as malformed packet. Bug
14574[26].
• Encrypted Alerts corresponds to a wrong selection in the packet
bytes pane. Bug 14712[27].
• Wireshark crashes/asserts with Qt 5.11.1 and assert/debugsymbols
enabled. Bug 15014[28].
• ESP will not decode since 2.6.2 - works fine in 2.4.6 or 2.4.8.
Bug 15056[29].
• text2pcap generates malformed packets when TCP, UDP or SCTP
headers are added together with IPv6 header. Bug 15194[30].
• Wireshark tries to decode EAP-SIM Pseudonym Identity. Bug
15196[31].
• Infinite read loop when extcap exits with error and error
message. Bug 15205[32].
• MATE unable to extract fields for PDU. Bug 15208[33].
• Malformed Packet: SV. Bug 15224[34].
• OPC UA Max nesting depth exceeded for valid packet. Bug
15226[35].
• TShark 2.6 does not print GeoIP information. Bug 15230[36].
• ISUP (ANSI) packets malformed in WS versions later than 2.4.8.
Bug 15236[37].
• Handover candidate enquire message not decoded. Bug 15237[38].
• TShark piping output in a cmd or PowerShell prompt stops working
when GeoIP is enabled. Bug 15248[39].
• ICMPv6 with routing header incorrectly placed. Bug 15270[40].
• IEEE 802.11 Vendor Specific fixed fields display as malformed
packets. Bug 15273[41].
• text2pcap -4 and -6 option should require -i as well. Bug
15275[42].
• text2pcap direction sensitivity does not affect dummy ethernet
addresses. Bug 15287[43].
• MLE security suite display incorrect. Bug 15288[44].
• Message for incorrect IPv4 option lengths is incorrect. Bug
15290[45].
• TACACS+ dissector does not properly reassemble large accounting
messages. Bug 15293[46].
• NLRI of S-PMSI A-D BGP route not being displayed. Bug 15307[47].
Updated Protocol Support
BGP, DCERPC, DCOM, DNS, EAP, ESP, GSM A BSSMAP, IEEE 802.11, IEEE
802.11 Radiotap, IPv4, IPv6, ISUP, LBMPDM, LISP, MLE, MMSE, OpcUa,
PVFS, SLL, SSL/TLS, SV, TACACS+, TCAP, Wi-SUN, XRA, and ZigBee ZCL
New and Updated Capture File Support
3GPP TS 32.423 Trace and IxVeriWave
New and Updated Capture Interfaces support
sshdump
[5.6.4]
Dedicated host cancel, cancel-guests, list-guests
added createDate and modifyDate parameters to sg rule-list
Fixed slcli subnet list
Fixed documentation link in image manager
Added description to slcli order
[5.6.3]
Updated urllib3 and requests libraries due to CVE-2018-18074
Fixed an ordering bug
Updated release process and fab-file
[5.6.0]
Support for Reserved Capacity
slcli vs capacity create
slcli vs capacity create-guest
slcli vs capacity create-options
slcli vs capacity detail
slcli vs capacity list
Fix post_uri parameter name on docstring
Fixed suspend cloud server order.
Update to use click 7
Add export/import capabilities to/from IBM Cloud Object Storage to the image manager as well as the slcli.
Wireshark 2.6.4 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2018-47[1]
• MS-WSP dissector crash. Bug 15119[2]. CVE-2018-18227[3].
• wnpa-sec-2018-48[4]
• Steam IHS Discovery dissector memory leak. Bug 15171[5].
CVE-2018-18226[6].
• wnpa-sec-2018-49[7]
• CoAP dissector crash. Bug 15172[8]. CVE-2018-18225[9].
• wnpa-sec-2018-50[10]
• OpcUA dissector crash. CVE-2018-12086[11].
The following bugs have been fixed:
• HTTP2 dissector decodes first SSL record only. Bug 11173[12].
• Undocumented sub-option for -N option in man page and tshark -N
help. Bug 14826[13].
• Mishandling of Port Control Protocol option padding. Bug
14950[14].
• MGCP: parameter lines are case-insensitive. Bug 15008[15].
• Details of 2nd sub-VSA in bundled RADIUS VSA are incorrect. Bug
15073[16].
• Heuristic DPLAY dissector fails to recognize DPLAY packets. Bug
15092[17].
• gsm_rlcmac_dl dissector exception. Bug 15112[18].
• dfilter_buttons file under user-created profile. Bug 15114[19].
• Filter buttons disappear when using pre-2.6 profile. Bug
15121[20].
• PROFINET Information element AM_DeviceIdentification in Asset
Management Info block is decoded wrongly. Bug 15140[21].
• Hw dest addr column shows incorrect address. Bug 15144[22].
• Windows dumpcap -i TCP@<ip-address> fails on pcapng stream. Bug
15149[23].
• Wildcard expansion doesn’t work on Windows 10 for command-line
programs in cmd.exe or PowerShell. Bug 15151[24].
• SSL Reassembly Error New fragment past old data limits. Bug
15158[25].
Updated Protocol Support
ASN.1 PER, Bluetooth HCI_SCO, CoAP, DPLAY, IEEE 802.11, Kafka,
Message Analyzer, MGCP, MS-WSP, Netmon, OpcUa, PCP, PNIO, RADIUS,
Steam IHS Discovery, and TLS
Bugfixes:
#5130: "Revert Local Changes" button stays when the file causing it is deleted
#5194: Unscanned/conflicting files are overwritten/removed in niche cases
#5226: Watcher fails due to filepath.EvalSymlinks error (FindFirstFile)
#5233: Folder restart can leave several folder instances running
#5249: Impossible to change device name from web UI
Enhancements:
#2497: CheckFolderHealth wakes up disk at index exchange
#3616: Disable GUI and make API available on unix socket
#5142: "Support bundle" download
#5193: Should exit with code zero when run with -help
#5236: Consider moving to Fork-Awesome or another free font
3.39.0 (2018-11-30)
- Fix timestamps of newly created empty files on the server if the option to preserve timestamps is set
3.39.0-rc1 (2018-11-23)
+ The down button on the keyboard now opens the quickconnect history dropdown menu if the quickconnect bar has the input focus
+ The down button on the keyboard now opens the search options if the quick search dialog has the input focus
- Refactored how close notifications were handled in the network code
- Fixed saving of the 'not equal' and 'less than' conditions for size filters
- Fixed regular expression filters not respecting the case-sensitivity checkbox in all situations
- Restore context menu item to delete file in local file search
3.38.1 (2018-10-27)
- Fixed crash if transferring three or more files in parallel when speed limits are enabled
3.38.0 (2018-10-26)
- Updated translations
3.38.0-rc1 (2018-10-19)
+ Refreshing remote file list while holding Ctrl now clears the remote directory cache for the current server
+ Changed default logon type if creating a new site in the Site Manager
- Fixed state of controls in the Site Manager when creating a new site after the previously viewed site has been predefined
- Fixed dragging remote files to queue
- Building and running FileZilla now depends on libfilezilla >= 0.15.0 (https://lib.filezilla-project.org/)
- Improve compatibility with GnuTLS 3.6.x
- Fix building with automake >= 1.16.0
3.37.4 (2018-09-04)
- MSW: Fix regression introduced in 3.37.3 with moving files locally using drag&drop
3.37.3 (2018-09-28)
- Fix issues with directory creation when uploading many files in parallel
- macOS: Fix crashes if dragging more than one file
- macOS: Opt out of Dark Mode
3.37.1 (2018-09-21)
- Local path is no longer forgotten when leaving synchronized browsing mode
3.37.0 (2018-09-17)
- Fix remote target path if uploading files through the search dialog
3.37.0-rc1 (2018-09-10)
+ Use a cache for the system trust store to speed up connecting establishment on systems with huge certificate revocation lists in the system trust store
- Fixed bug in GnuTLS causing crashes on connection establishment
- Fixed enabled state of controls in the Site Manager if switching to a protocol not supporting the previously selected logontype
0.15.1 (2018-11-22)
+ Add argument to fz::strtok to return empty tokens
- Fix compatibility issue with Nettle < 3.3
- Fix fz::random_bytes on MinGW
- Fix memory leak in fz::buffer
0.15.0 (2018-10-19)
+ libfilezilla now depends on Nettle >= 3.1
+ Added fz::sha512, fz::sha256, fz::sha1 and fz::md5 hash functions
+ Added fz::hash_accumulator
+ Added fz::hmac_sha256 HMAC function
+ Added asymmetric encryption scheme using X25519
+ Added signature scheme using Ed25519
- Changed and documented semantics of the return value of fz::remove_file, removing a non-existing file is not an error
0.14.0 (2018-10-04)
+ Added fz::equal_insensitive_ascii
+ Added insensitive_ascii parameter to fz::starts_with and fz::ends_with
- Fixed namespace of to_wstring in wx glue
0.13.2 (2018-09-21)
- Fix regression in fz::shared_value::clear
- Fix parsing of URIs without path
0.13.1 (2018-09-10)
+ Made fz::scoped_lock movable
- Fix a few compiler warnings
Recursor 4.1.8
Crafted query can cause a denial of service (CVE-2018-16855)
Recursor 4.1.7
Revert ‘Keep the EDNS status of a server on FormErr with EDNS’
Refuse queries for all meta-types
Recursor 4.1.6
Revert “rec: Authority records in AA=1 CNAME answer are authoritative”.
Recursor 4.1.5
PowerDNS Security Advisory 2018-04 (CVE-2018-10851)
PowerDNS Security Advisory 2018-06 (CVE-2018-14626)
PowerDNS Security Advisory 2018-07 (CVE-2018-14644)
Improvements
Add pdnslog to lua configuration scripts (Chris Hofstaedtler)
Fix compilation with libressl 2.7.0+
Export outgoing ECS value and server ID in protobuf (if any)
Switch to devtoolset 7 for el6
Allow the signature inception to be off by a number of seconds (Kees Monshouwer)
Bug Fixes
Crafted answer can cause a denial of service (CVE-2018-10851)
Packet cache pollution via crafted query (CVE-2018-14626)
Crafted query for meta-types can cause a denial of service (CVE-2018-14644)
Delay the creation of rpz threads until we have dropped privileges
Cleanup the netmask trees used for the ecs index on removals
Make sure that the ecs scope from the auth is < to the source
Authority records in aa=1 cname answer are authoritative
Avoid a memory leak in catch-all exception handler
Don’t require authoritative answers for forward-recurse zones
Release memory in case of error in the openssl ecdsa constructor
Convert a few uses to toLogString to print DNSName’s that may be empty in a safer manner
Avoid a crash on DEC Alpha systems
Clear all caches on (N)TA changes
4.1.5:
This release fixes the following security advisories:
* PowerDNS Security Advisory 2018-03 (CVE-2018-10851)
* PowerDNS Security Advisory 2018-05 (CVE-2018-14626)
Improvements
* Apply alias scopemask after chasing
* Release memory in case of error in the openssl ecdsa constructor
* Switch to devtoolset 7 for el6
Bug Fixes
* Fix compilation with libressl 2.7.0+
* Actually truncate truncated responses
* Crafted zone record can cause a denial of service (CVE-2018-10851, PowerDNS Security Advisory 2018-03)
* Packet cache pollution via crafted query (CVE-2018-14626, PowerDNS Security Advisory 2018-05)
=============================
Release Notes for Samba 4.9.3
November 27, 2018
=============================
This is a security release in order to address the following defects:
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
o CVE-2018-16857 (Bad password count in AD DC not always effective)
=======
Details
=======
o CVE-2018-14629:
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
o CVE-2018-16841:
When configured to accept smart-card authentication, Samba's KDC will call
talloc_free() twice on the same memory if the principal in a validly signed
certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate.
talloc is robust against further corruption from a double-free with
talloc_free() and directly calls abort(), terminating the KDC process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16851:
During the processing of an LDAP search before Samba's AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16852:
During the processing of an DNS zone in the DNS management DCE/RPC server,
the internal DNS server or the Samba DLZ plugin for BIND9, if the
DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
property is set, the server will follow a NULL pointer and terminate.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16853:
A user in a Samba AD domain can crash the KDC when Samba is built in the
non-default MIT Kerberos configuration.
With this advisory we clarify that the MIT Kerberos build of the Samba
AD DC is considered experimental. Therefore the Samba Team will not
issue security patches for this configuration.
o CVE-2018-16857:
AD DC Configurations watching for bad passwords (to restrict brute forcing
of passwords) in a window of more than 3 minutes may not watch for bad
passwords at all.
For more details and workarounds, please refer to the security advisories.
ChangeLog:
Released version 1.8.13 with the following main changes :
- MINOR: systemd: consider exit status 143 as successful
- BUG/MINOR: ssl: properly ref-count the tls_keys entries
- MINOR: mux: add a "show_fd" function to dump debugging information for "show fd"
- MINOR: h2: implement a basic "show_fd" function
- BUG/MINOR: h2: remove accidental debug code introduced with show_fd function
- MINOR: h2: keep a count of the number of conn_streams attached to the mux
- MINOR: h2: add the mux and demux buffer lengths on "show fd"
- BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in excess
- BUG/MEDIUM: h2: never leave pending data in the output buffer on close
- BUG/MEDIUM: h2: make sure the last stream closes the connection after a timeout
- BUG/MINOR: http: Set brackets for the unlikely macro at the right place
- BUILD: Generate sha256 checksums in publish-release
- MINOR: debug: Add check for CO_FL_WILL_UPDATE
- MINOR: debug: Add checks for conn_stream flags
- BUG/MEDIUM: threads: Fix the exit condition of the thread barrier
- MINOR: h2: add the error code and the max/last stream IDs to "show fd"
- BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full
- BUG/MEDIUM: stats: don't ask for more data as long as we're responding
- BUG/MINOR: servers: Don't make "server" in a frontend fatal.
- BUG/MEDIUM: threads/sync: use sched_yield when available
- BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever
- BUG/MINOR: config: stick-table is not supported in defaults section
- BUG/MINOR: threads: Handle nbthread == MAX_THREADS.
- BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS
- MINOR: threads: move "nbthread" parsing to hathreads.c
- BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number
- MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed
- SCRIPTS: git-show-backports: add missing quotes to "echo"
Released version 1.8.14 with the following main changes :
- BUG/MEDIUM: servers: check the queues once enabling a server
- BUG/MEDIUM: queue: prevent a backup server from draining the proxy's connections
- MINOR: dns: fix wrong score computation in dns_get_ip_from_response
- MINOR: dns: new DNS options to allow/prevent IP address duplication
- BUG/MEDIUM: lua: possible CLOSE-WAIT state with '\n' headers
- MINOR: threads: Introduce double-width CAS on x86_64 and arm.
- BUG/MEDIUM: threads: fix the double CAS implementation for ARMv7
- MINOR: threads: add more consistency between certain variables in no-thread case
- BUG/MEDIUM: threads: fix the no-thread case after the change to the sync point
- MEDIUM: hathreads: implement a more flexible rendez-vous point
- BUG/MEDIUM: cli: make "show fd" thread-safe
- BUG/MINOR: ssl: empty connections reported as errors.
- BUG/MEDIUM: ssl: fix missing error loading a keytype cert from a bundle.
- BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error.
- BUG/MINOR: map: fix map_regm with backref
- DOC: dns: explain set server ... fqdn requires resolver
- DOC: ssl: Use consistent naming for TLS protocols
- BUG/MEDIUM: lua: socket timeouts are not applied
- BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates
- BUG/MEDIUM: cli/threads: protect some server commands against concurrent operations
- DOC: Fix spelling error in configuration doc
- BUG/MEDIUM: unix: provide a ->drain() function
- BUG/MINOR: lua: Bad HTTP client request duration.
- BUG/MEDIUM: mux_pt: dereference the connection with care in mux_pt_wake()
- BUG/MEDIUM: lua: reset lua transaction between http requests
- BUG/MEDIUM: hlua: Make sure we drain the output buffer when done.
- BUG/MAJOR: thread: lua: Wrong SSL context initialization.
- BUG/MEDIUM: hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0.
- BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and server state file
- BUG/MEDIUM: ECC cert should work with TLS < v1.2 and openssl >= 1.1.1
- MINOR: thread: implement HA_ATOMIC_XADD()
- BUG/MINOR: stream: use atomic increments for the request counter
- BUG/MEDIUM: session: fix reporting of handshake processing time in the logs
- BUG/MEDIUM: h2: fix risk of memory leak on malformated wrapped frames
- BUG/MINOR: dns: check and link servers' resolvers right after config parsing
- BUG/MINOR: http/threads: atomically increment the error snapshot ID
- BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors
- BUG/MAJOR: kqueue: Don't reset the changes number by accident.
- BUG/MINOR: server: Crash when setting FQDN via CLI.
- DOC: Fix typos in lua documentation
- BUG/MEDIUM: patterns: fix possible double free when reloading a pattern list
- BUG/MINOR: tools: fix set_net_port() / set_host_port() on IPv4
- BUG/MINOR: cli: make sure the "getsock" command is only called on connections
- BUG/CRITICAL: hpack: fix improper sign check on the header index value
c-ares version 1.15.0:
Changes:
- Add ares_init_options() configurability for path to resolv.conf file
- Ability to exclude building of tools (adig, ahost, acountry) in CMake
- Android: Support for domain search suffix
- Report ARES_ENOTFOUND for .onion domain names as per RFC7686
Bug fixes:
- AIX build fix for trying to include both nameser_compat.h and onameser_compat.h
- Windows: Improve DNS suffixes extracting from WinNT registry
- Fix modern GCC warnings
- Apply the IPv6 server blacklist to all nameserver sources, not just Windows
- Fix warnings emitted by MSVC when using -W4
- Prevent changing name servers while queries are outstanding
- Harden and rationalize c-ares timeout computation
- Distribute ares_android.h
- ares_set_servers_csv() on failure should not leave channel in a bad state
- Add missing docs to distribution
Changes:
Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.0
- Added more checks to places where we are mapping a file
or checking for symbolic links. Should avoid trying to
operating on invalid path names or broken symlinks.
Issue reported by Xu.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.9
- Several checks added to chdir() and other
return codes to make sure syscalls are all returning
properly. Patch provided by Zhouyang Jia.
- Fixed some compiler warnings due to unused or
oddly indented code.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.8
- Fixed potential double-free bug during Bftpd shutdown.
- Fixed potential unititalized variable.
Thanks to Alex for reporting these bugs.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.7
- Fixed memory leak in rename function.
Thanks to Alex for reporting this bug.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.6
- Avoid memory corruption when reading config file by initalizing memory.
- Make sure CHROOT is default option, even if it is not specified
in the config file.
Thanks for Anton Yuzhaninov for providing the above two fixes.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 4.5
- Avoid potential buffer underflow in main.c
Thanks to Andreas for pointing out this problem.
Changelog:
* The value for netprobe_timeout was read from the command-line, but not from the configuration file any more. This is a regression introduced in the previous version, that has been fixed.
* The default value for netprobe timeouts has been raised to 60 seconds.
* A hash of the body is added to query parameters when sending DoH queries with the POST method in order to work around badly configured proxies.
pkgsrc changes:
- Remove patches/patch-aa, no longer needed (config.h is now
included and HAVE_DECL_BSWAP64 is now properly checked)
- perl is needed in the test phase and at runtime, add it to USE_TOOLS
- Remove no longer needed dependency to p5-IO-tty
- Add support for the test target (and REPLACE_PERL test target scripts)
Changes:
1.3.2
-----
* Platform support:
* Explicitly enable binding to both IPv4 and IPv6 addresses.
(Giel van Schijndel)
* Restore perl 5.8.8 support for RHEL5. (Alexander Chernyakhovsky)
* Make tests detect UTF-8 locale with a helper executable. (John Hood)
* Don't print /etc/motd on IllumOS. (John Hood)
* Print {,/var}/run/motd.dynamic on Ubuntu. (John Hood)
* Fix build on Haiku. (Adrien Destugues)
* Disable unicode-later-combining.test for tmux 2.4.
This fixes build failures. (John Hood)
* Bug fixes:
* In tests, explicitly set 80x24 tmux window, for newer versions
of tmux. (John Hood)
* Work around JuiceSSH rendering bug. (John Hood)
* Do not move cursor for SCROLL UP and SCROLL DOWN--
fixes an issue with tmux 2.4. (John Hood)
Discussed with <agc>, thanks!
pkgsrc changes:
- Update MASTER_SITES to avoid MASTER_SITE_DEBIAN
Changes:
2018-11-19 torsocks 2.3.0
* Fix a bunch of stuff in the wrapper script, #24967
* gethostbyaddr_r: always assign result
* log: Remove log line when logging is stopped
* gethostbyaddr_r: Don't put garbage in data->hostname
* gethostbyaddr_r: Populate h_addrtype field
* log: Avoid crash or file corruption when closing logs
* connect: Always pass .onion IP cookie to connection object
* Merge remote-tracking branch 'yawning/bug23715'
* Make torsocks always connect to the configured Tor port
* test: Make getpeername test connect to moria1
* socks5: Always use ATYP 0x03 for CONNECT command
* Merge remote-tracking branch 'upstream/master'
* doc: Clarify the libc limitation in README
* accept4: Initialize libc symbol early
* Bug 23715: Support memfd_create(2).
* test: Detect if tor is running in test_fd_passing
* No tab in the README
* Merge remote-tracking branch 'debian/bugfix/typo-subsytem'
* Merge remote-tracking branch 'debian/bugfix/typo-catched'
* Merge remote-tracking branch 'debian/bugfix/typo-conect'
* doc: Add autogen.sh step to README
* Add a -q/--quiet to torsocks
* tests: Add a check for a running Tor
* Make cpp conditional for definition of handle_mmap match use
* utils: Add useful function for later use
* man: Some words were missing
* Remove clang warnings
* Add missing quotes to variable in torsocks.in
* Fix check_addr() to return either 0 or 1
* Ignore stderr for getcap command
* syscall: Add seccomp, gettimeofday, clock_gettime, fork
* Fix typo: conect -> connect.
* Fix typo: subsytem -> subsystem.
* Fix typo: catched -> caught.
Changes:
1.6.0
-----
- Add wallhaven extractor
- Add yuki extractor
- Add a ytdl (youtube-dl) downloader to download media via youtube-dl
(Unfortunately at the moment youtube-dl package is not a multipackage (we do
not have py{27,34,35,37}-youtube-dl so this will work only if youtube-dl was
built with the same PYTHON_VERSION_DEFAULT of gallery-dl))
- Add '--no-check-certificate' command-line option
- Misc bug fixes and improvements
Changes:
Geomyidae v0.34 Release »Above the Oceans«
------------------------------------------
I am proud to announce the v0.34 release of geomyidae!
It is named »Above the Oceans«, because it is released 11km above the Atlantic
Ocean. I can't see whales from here.
Why a new release in such a short time?
In geomyidae v0.33 is a nasty listening bug, so do not use it.
What has changed from v0.33 v0.34:
* There is finally a multi-listening implementation, which allows constant
behaviour of IPv6 and IPv4 across all platforms, including the BSDs.
# bind to 0.0.0.0 and :: on port 7070
geomyidae -b $(pwd) -p 7070 -d
# bind to :: only on port 7070
geomyidae -6 -b $(pwd) -p 7070 -d
# bind to the IPv4 address of some interface only
geomyidae -4 -b $(pwd) -i google.com
# bind to IPv6 and IPv4 of many interfaces
geomyidae -b $(pwd) -i google.com -i google.de -i nsa.gov
Geomyidae v0.33 Release
-----------------------
I am proud to announce the v0.33 release of geomyidae!
What has changed:
* More links for geomyidae resources.
* Fixes in error messages. They now show useful messages.
* Do not exit on SIGHUP. (Fix for OpenBSD startup.)
* Fix of some memory leaks.
* Relative path support in gph files!
* This will make portable CGI applications easier possible.
* This is now possible:
[1|Some Cool Menu|../cool/menu|server|port]
* Fix to set the gph replacement port.
* Fix some IPv6 binding issues.
* Some separate binding for BSDs is still in the works.
* Manpage has been beautified.
* '/' is now stripped from base path.
I want to thank all contributors! You are making gopher better!
