UnrealIRCd 5.0.3.1
-------------------
This fixes a crash issue after REHASH in 5.0.3.
UnrealIRCd 5.0.3
-----------------
Fixes:
* Fix serious flood issue in labeled-response implementation.
* An IRCOp SQUIT'ing a far remote server may cause a broken link topology
* In channels that are +D (delayed join), PARTs were not shown correctly to
channel operators.
Enhancements:
* A new HISTORY command for history playback (```HISTORY #channel number-of-lines```)
which allows you to fetch more lines than the on-join history playback.
Of course, taking into account the set limits in the +H channel mode.
This command is one of the [two interfaces](https://www.unrealircd.org/docs/Channel_history#Ways_to_retrieve_history)
to [Channel history](https://www.unrealircd.org/docs/Channel_history).
* Two new [message tags](https://www.unrealircd.org/docs/Message_tags),
```unrealircd.org/userip``` and ```unrealircd.org/userhost```
which communicate the user@ip and real user@host to IRCOps.
Changes:
* Drop the draft/ prefix now that the IRCv3
[labeled-response](https://ircv3.net/specs/extensions/labeled-response.html)
specification is out of draft.
* The operclass permission ```immune:target-limit``` is now called
```immune:max-concurrent-conversations```, since it bypasses
[set::anti-flood::max-concurrent-conversations](https://www.unrealircd.org/docs/Set_block#set::anti-flood::max-concurrent-conversations).
For 99% of the users this change is not important, but it may be
if you use highly customized [operclass blocks](https://www.unrealircd.org/docs/Operclass_block)
Are you upgrading from UnrealIRCd 4.x to UnrealIRCd 5? If so,
then check out the *UnrealIRCd 5* release notes [further down](#unrealircd-5). At the
very least, check out [Upgrading from 4.x](https://www.unrealircd.org/docs/Upgrading_from_4.x).
Security
* Fix side channel vulnerability in ECDSA. Our bignum implementation is not
constant time/constant trace, so side channel attacks can retrieve the
blinded value, factor it (as it is smaller than RSA keys and not guaranteed
to have only large prime factors), and then, by brute force, recover the
key. Reported by Alejandro Cabrera Aldaya and Billy Brumley.
* Zeroize local variables in mbedtls_internal_aes_encrypt() and
mbedtls_internal_aes_decrypt() before exiting the function. The value of
these variables can be used to recover the last round key. To follow best
practice and to limit the impact of buffer overread vulnerabilities (like
Heartbleed) we need to zeroize them before exiting the function.
Issue reported by Tuba Yavuz, Farhaan Fowze, Ken (Yihang) Bai,
Grant Hernandez, and Kevin Butler (University of Florida) and
Dave Tian (Purdue University).
* Fix side channel vulnerability in ECDSA key generation. Obtaining precise
timings on the comparison in the key generation enabled the attacker to
learn leading bits of the ephemeral key used during ECDSA signatures and to
recover the private key. Reported by Jeremy Dubeuf.
* Catch failure of AES functions in mbedtls_ctr_drbg_random(). Uncaught
failures could happen with alternative implementations of AES. Bug
reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri,
Sectra.
Bugfix
* Remove redundant line for getting the bitlen of a bignum, since the variable
holding the returned value is overwritten a line after.
Found by irwir in #2377.
* Support mbedtls_hmac_drbg_set_entropy_len() and
mbedtls_ctr_drbg_set_entropy_len() before the DRBG is seeded. Before,
the initial seeding always reset the entropy length to the compile-time
default.
Changes
* Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx()
from the cipher abstraction layer. Fixes#2198.
* Clarify how the interface of the CTR_DRBG and HMAC modules relates to
NIST SP 800-90A. In particular CTR_DRBG requires an explicit nonce
to achieve a 256-bit strength if MBEDTLS_ENTROPY_FORCE_SHA256 is set.
Bullet 2.89 includes a new implementation of volumetric deformable objects and cloth based on the Finite Element Method, thanks to Xuchen Han. Two-way coupling between deformables and rigid/multi body is achieved using a unified constraint solver.
This release was rushed a bit so that we have a release that includes
numerous build fixes that have been merged since v1.1. Fedora's build
system started to encounter compilation issues that needed to be
addressed for their upcoming release, so that became our canary in the
coal mine this time around.
Other highlights:
- Meson support (hello fwupd!)
- Layout improvements/fixes and many, many code cleanups.
- New chips: MX25U25635F, MX25L51245G, GD25Q256D, M95M02-A125,
N25Q/MT25Q variants, W25Q128JW_DTR, AT25SF321, S25FL512S
- New programmers: National Instruments USB-845x, Tin Can Tools
Flyswatter/Flyswatter 2, STLINK V3, more Intel PCHs (Apollo Lake,
Cannon Lake variants, Ice Lake U)
- Reduced dependency on libusb0
- Syntax: Added --flash-name and --flash-size arguments to print
information about the flash chip
Please report issues, and as always thanks to all who have contributed.
Changelog:
3 December 2019: Wouter
- Fix#52: do not log transient network full errors unless higher
verbosity is set.
- Fix checkconf test for new error output string.
- tag for 4.2.4rc1 release.
27 November 2017 Jeroen
- Fix regressions in configparser.y
22 November 2019: Wouter
- Fix#48: Add make distclean that removes config.h made by configure.
And add maintainer-clean that removes bison and flex output.
18 November 2019: Wouter
- Detect fixed time memcmp for openssl 0.9.8 compatibility.
- Detect EC_KEY_new_by_curve_name for openssl 0.9.8.
- include limits.h for UINT_MAX.
- If no recvmmsg, dont use msg_flags member, but errno for error,
where our fallback function left it, msg_flags also does not exist
on some systems.
- Remove unused variable warning for portability.
14 November 2019: Wouter
- Fix checkconf test with filenames that sort in the same order.
- Tag for 4.2.3rc1. Branch master is 4.2.4 in development.
11 November 2019: Wouter
- Fix#44: document that remote-control is a top-level nsd.conf
attribute.
- Fix compile on OSX.
- Fix for #44: nicer top-level clause documentation.
22 October 2019: Jeroen
- Number of different UDP handlers has been reduced to one. recvmmsg
and sendmmsg implementations are now used on all platforms.
Compatible implementations are in place for systems that lack the
system calls.
- Socket options are now set in designated functions for easy reuse.
- Socket setup has been simplified for easy reuse.
- Configuration parser is now aware of the context in which an option
was specified.
21 October 2019: Wouter
- For #21 add
contrib/patch_for_s6_startup_and_other_service_supervisors.diff
that adds support for readiness notification with READY_FD from
Cameron Nemo.
17 October 2019: Jeroen
- Fix#40: Merge small fixes for confine-to-zone by Greg Bock.
15 October 2019: Jeroen
- For #39: Merge confine-to-zone feature contributes by Greg Bock.
26 September 2019: Wouter
- Fix#38: log address and failure reason with tls handshake errors,
squelches (the same as unbound) some unless high verbosity is used.
- Fixup clang analysis warning in xfrd_parse_received_xfr_packet
master dereference.
25 September 2019: Wouter
- The nsd.conf includes are sorted ascending, for include statements
with a '*' from glob.
16 September 2019: Wouter
- Fixup warnings during --disable-ipv6 compile.
- Fixup unit test executable to run without IPv6.
4 September 2019: Wouter
- Fix#35: excessive logging of ixfr failures, it stops the log when
fallback to axfr is possible. log is enabled at high verbosity.
2 September 2019: Wouter
- For #21: pidfile "" allows to run NSD without a pidfile, for
startup management tools like daemontools.
28 August 2019: Wouter
- In tests check for tls test tool availability.
Changelog:
Changes
[stable18] Fix cursor on disabled contenteditable divs (server#18961)
Bump style-loader from 1.1.2 to 1.1.3 (server#18982)
[stable18] Increase the timeout for app downloads (server#19025)
[stable18] Fix loaded controller check (server#19060)
[stable18] Allow to await the sidebar (server#19089)
[stable18] expose Argon2 options (as we did for bcrypt) (server#19094)
[stable18] fix multiselect actions for files (server#19108)
[stable18] Adjust filelist color handling to new dark theme value (server#19117)
[stable18] Reduce legacy event log level to debug (server#19118)
[stable18] New file menu needs to be above the filelist header (server#19119)
[stable18] Do not invert avatar colors when dark theme is enabled (server#19121)
[stable18] Use the target for file notifications (server#19149)
[stable18] Use correct appid for talk (server#19150)
[stable18] add hub bundle for easy installation on upgraded instances (server#19153)
[stable18] apps can have polyamorous relationships with bundles (server#19166)
[stable18] Use themed favicon-fb (server#19189)
[stable18] Fix "Call to undefined method OCA\\WorkflowEngine\\Entity\\File::t()" (server#19190)
[stable18] Fix query selector for inverted icons (server#19206)
[stable18] Do not encode contacts menu mailto links (server#19207)
[stable18] Give the sharing tab a unique id so it also opens properly on other languages (server#19212)
[stable18] WebcalRefreshJob: Fix reading refresh rate (server#19228)
[stable18] Make sure to catch php errors during job execution (server#19269)
[stable18] Center Buttons (server#19271)
[stable18] Use the l10n from settings (server#19277)
[stable18] Use proper andwhere clause (server#19278)
[stable18] Add move (and firstlogin) option to transferownership service (server#19279)
[stable18] for the DB ot pick an index specify the object_type (server#19283)
[stable18] owner transfer multiselect fixes (server#19291)
[stable18] Allow respecting PASSWORD_DEFAULT (server#19292)
[stable18] Keep the modification time during decryptFile (server#19297)
[stable18] Fix data Apache2 .htaccess typo (server#19302)
[stable18] Fix display of DTEND for multi-day all-day event (server#19308)
[stable18] do not overwrite global user auth credentials with empty values (server#19315)
[stable18] Fix occ maintenance:install database connect failure (server#19326)
[stable18] Fix event type (server#19330)
[stable18] Array access on int will fail on php7.4 (server#19332)
[stable18] Make sure the default share provider does not execute for other things (server#19334)
[stable18] Disable link shares of disabled users (server#19340)
[stable18] Prevent archieved download on secure view (server#19360)
[stable18] Log Flow activity (server#19396)
[stable18] Allow to serve static webm directly (server#19420)
18.0.1 final (server#19422)
[stable18] Allow to serve static mp4 directly (server#19428)
[stable18] Update master php testing versions (activity#417)
Update stable18 target versions (activity#418)
[stable18] Update master php testing versions (files_pdfviewer#164)
Update stable18 target versions (files_pdfviewer#165)
Update stable18 target versions (files_texteditor#194)
Update stable18 target versions (firstrunwizard#274)
Update stable18 target versions (logreader#313)
[stable18] Update master php testing versions (nextcloud_announcements#64)
Update stable18 target versions (nextcloud_announcements#65)
Update stable18 target versions (notifications#547)
[stable18] Add linting via github actions (notifications#555)
[stable18] Support Strict VoIP push notifications for iOS 13 SDK (notifications#565)
[stable18] Update master php testing versions (password_policy#93)
Update stable18 target versions (password_policy#94)
[stable18] Lint with github actions (photos#153)
[stable18] No more drone. Do it all on github actions (photos#158)
[stable18] Respect .noimage and .nomedia files (photos#160)
[stable18] added headers for your photos and favs (photos#172)
[stable18] Fix/actions (photos#174)
[stable18] Fix url escaping (photos#175)
[stable18] Use actions from tutorial (photos#181)
Update stable18 target versions (privacy#323)
Update stable18 target versions (recommendations#182)
Update stable18 target versions (serverinfo#170)
[stable18] Update master php testing versions (survey_client#104)
Update stable18 target versions (survey_client#105)
[stable18] GitHub actions/lint (viewer#368)
Fix url escaping (viewer#370)
[stable18] Adjust tests syntax & formatting (viewer#379)
[stable18] Use actions from tutorial (viewer#385)
[stable18] Revert "Fix url escaping" (viewer#396)
This will eventually need to be moved into the infrastructure once Swift
becomes more prevalent and we're able to handle any alternative layouts
that might be required.
Changes since 8.2.28:
-- Noteworthy changes in version 8.2.29 (2020-02-19)
o) Extbans have been implemented. Currently supported extbans:
Matching:
$a:<account> Matches users logged into a matching account.
$c:<channel> Matches users that are on the given channel. An additional
prefix of either @, %, or + can be specified to test for
certain channel privileges.
$o:<class> Matches IRC operators that have joined a class
matching the mask.
$r:<realname> Matches users with a matching realname.
$s:<server> Matches users that are connected to a server matching the mask.
$u:<modes> Matches users having the specified user modes set or not set.
$z:<certfp> Matches users having the given TLS certificate fingerprint.
Acting:
$j:<banmask> Prevents matching users from joining the channel.
$m:<banmask> Blocks messages from matching users. Users with voice
or above are not affected.
For more details, see help/extban.
o) Added 'channel::enable_extbans' configuration option. See doc/reference.conf
for more information.
o) For a full list of all changes in this release, see https://git.io/JvBca
other than x86, that is handled manually (mess!).
It should be better to fix autoconf stuff rather than source codes.
However, (1) it requires to regen configure script, and (2) apr 2.0
uses cmake.
Thanks to @est_suzume for analysis.
1.6.0:
Removed support for Django <= 1.10
Removed outdated files
Code alignments with other addons
Replace deprecated templatetag staticfiles against static.
Added management command filer_check to check the integrity of the database against the file system, and vice versa.
Add jQuery as AdminFileWidget Media dependency
Add rel="noopener noreferrer" for tab nabbing
Fixed an issue where a value error is raised when no folder is selected
Fixed search field overflow
1.5.0:
Added support for Django 2.2
Adapted test matrix
Adapted test structure and added fixes
Image viewer and screenshot tool for the LXQt desktop
Packaged in pkgsrc-wip by pin, as part of a broader effort toward
providing all of LXQt and associated utility applications.
PCManFM-Qt is the Qt port of PCManFM, the file manager of LXQt.
Packaged in pkgsrc-wip by pin, as part of a broader effort toward
providing all of LXQt and associated utility applications.
This is the core library of PCManFM-Qt.
Packaged in pkgsrc-wip by pin, as part of a broader effort toward
providing all of LXQt and associated utility applications. (Additional
portability fixes by myself on import to pkgsrc.)
This is a Qt5 terminal emulator for LXQt.
Packaged in pkgsrc-wip by pin and myself, as part of a broader effort
toward providing all of LXQt and associated utility applications.
This is a Qt5 terminal emulator widget for LXQt.
Packaged in pkgsrc-wip by pin and myself, as part of a broader effort
toward providing all of LXQt and associated utility applications.
(Additional portability fix by myself on import to pkgsrc.)
This is the core utility library for all LXQt components.
Packaged in pkgsrc-wip by pin, as part of a broader effort toward
providing all of LXQt and associated utility applications. General
reviews, feedback, and testing of such by gdt@, ng0@, and myself.
During the build, newly compiled applications are run and require libraries also
within the build area. At least on Darwin, these must be accessed via
LD_LIBRARY_PATH, which must be added to the meson build files to be included in
the appropriate commands.
