RabbitMQ 3.6.1 is a maintenance release that includes a fix for
CVE-2015-8786, a vulnerability in RabbitMQ management plugin.
Server
- Purging a lazy queue could result in an exception
- Ensure epmd is running before starting RabbitMQ node on Windows
- Channel error could make broker unreachable
- (Automatic) deletion of an auto-delete queue could lead
to blocked channels
- During (from scratch) queue sync, queue master node didn't respect
mirror alarm state. With large data sets this could drive mirror
node out of memory.
- Changing password for users with non-standard (think broker
configuration) password hashing function, for example, those migrated
from 3.5.x releases, didn't update effective hashing function.
- Heavy and/or prolonged rabbitmqctl use could exhaust Erlang VM atom table
- "Min masters" queue master location strategy could result in an error.
- Fixed a race condition in pause_minority handling mode.
- Significantly reduce possibility of a race condition when an exchange
is deleted and immediately re-declared, e.g. by a federation link.
- amq.rabbitmq.log messages now have information about originating
node in message headers
- scripts/rabbitmq-env now works with GNU sed 4.2.2
- Exceptions in VM memory use calculator no longer affect broker startup
- Direct Reply-to capability is now advertised to clients
- Paths with non-ASCII characters on Windows are now handled
- Configurable number of TCP connection acceptors
- rabbitmqctl cluster_status now includes cluster-wide resource alarm status
- Windows installer no longer jumps over installation log
- Improved rabbitmqctl reset error messages
- More unsigned field data types are supported.
Federation Plugin
- Significantly reduce possibility of a race condition when an exchange
is deleted and immediately re-declared, e.g. by a federation link
Management plugin
- CVE-2015-8786: user-provided query parameters lengths_age and
lengths_incr had no validation and could be used to exhaust server
resources.
- Password hashing function is now included in exported definitions
- Internet Explorer (9+) compatibility restored
- Internet Explorer 11 compatibility fixes
- When policy fails to be created with invalid paramaters a sensible
error message will be displayed.
Federation Management plugin
- Federation link form now includes more settings (that are exchange-
and queue-federation specific)
* The test system can now run the tests without requiring dnspython
to be installed.
* The 64-bit version of Python on Windows has sys.maxint set to
2^31-1, yet passes 2^63-1 as the "unspecified bound" value in
slices. This is a bug in Python as the documentation says the
unspecified bound value should be sys.maxint. We now cope with
this.
* When reading from a masterfile, if the first content line
started with leading whitespace, we raised an ugly exception
instead of doing the right thing, namely using the zone origin as
the name.
* Added dns.zone.to_text() convenience method.
* The /etc/resolv.conf setting "options rotate" is now understood
by the resolver. If present, the resolver will shuffle the
nameserver list each time dns.resolver.query() is called. Thanks
to underrun for the patch. Note that you don't want to add
"options rotate" to your /etc/resolv.conf if your system's
resolver library does not understand it. In this case, just set
resolver.rotate = True by hand.
* Escaping of Unicode has been corrected. Previously we escaped
and then converted to Unicode, but the right thing to do is
convert to Unicode, then escape. Also, characters > 0x7f should
NOT be escaped in Unicode mode.
* dns.rdtypes.ANY.DNSKEY now has helpers functions to convert
between the numeric form of the flags and a set of human-friendly
strings.
* RRSIGs did not respect relativization settings in to_text().
* dns/rdtypes/IN/APL.py: The APL from_wire() method did not accept an
rdata length of 0 as valid.
* dns/ipv6.py: Add is_mapped()
* dns/reversename.py: Lookup IPv6 mapped IPv4 addresses in the v4
reverse namespace.
* dns/zone.py: Do not put back an unescaped token. This was
causing escape processing for domain names to break.
* dns/message.py: Making a response didn't work correctly if the
query was signed with TSIG and we knew the key.
* dns/query.py: Fix problems with the IXFR state machine which caused
long diffs to fail.
- avoid 409 Conflict when running 01api.t
- use README.md for tests
- The non-arrayref forms of enum and duck_type have been deprecated
- Fix some warnings about line endings from perl critic, add a missing
abstract to DeleteMultipleObjects.
- Merge fix for calculate of etags.
- Merge multipart upload aborting change.
- Fixed for enums in recent versions of Moose.
- Moose 2.1100 deprecates the non-arrayref form of enum.
- Fixed the bug with listing multipart uploaded files
- Added a test case demonstrating how listing a bucket fails when
trying to list a multipart-uploaded file
- Added support for cache-control header
- Add documentation for server-side encryption
- Support server side encryption
- adding support for multipart upload aborting
- Allow 'value' property to be ScalarRef
- fix synopsis for s3cl sync_up
Build with "on the fly" gzip compression since it's mentioned in DESCR.
Changelog:
4.4
- Fixed potential buffer overflow when
expanding symbolic link file names.
4.3
- Clarified license (COPYING file)
- Fixed compiler warning with regards to
pointer-to-integer cast.
4.2
- Improved user checking code to avoid locking out
valid users from the system.
(Thanks to Lauri Kasanen for reporting this bug
and supplying a patch.)
4.1
- Added checks to crypt() calls to prevent
operating on NULL pointer.
(Thanks to Lauri Kasanen for reporting this bug.)
4.0
- Added patch from Thomas Cort to make Bftpd
compile on NetBSD.
3.9
- Adjusted Makefile to allow for easy access to
non-default compiler options. Alternative compiler
can be used by running "make CC=compilername".
- Zhenbo Xu reported several potential memory
bugs which could cause Bftpd if the operating
system is out of memory. Also reported a memory
leak. Checks are now in place to prevent crashes
and the memory leak has been plugged.
- Added MINIX-specific configuration file which
should allow Bftpd to run smoothly and without
additional configuration on MINIX.
- Merged MINIX porting code into mainline Bftpd
so we can work with one, unified code base.
3.8
- Fixed bug in user tracking which could result
in corrupted times on 64-bit systems.
- When Bftpd is compiled with a "prefix" (which
is the default behaviour) the Bftpd will
check both /etc/bftpd.conf AND PREFIX/etc/bftpd.conf
when trying to find its configuration file.
This should avoid requiring the admin to pass
the location of the config file on the command line.
pkgsrc changes:
o Add a patch in order to also honor ffmpeg[23] and ffprobe[23].
Noticed by Adrien Fernandes.
Changes:
2016.03.01:
[webofstories] Tolerate malforder og:title (Closes#8417)
[zdf] Ignore hls manifests that use https (closes#8665)
[mdr] Fix extraction (Closes#8702)
[rtve.es:live] Fix extraction
[*] other misc bug fixes and improvements
2016.02.27:
[xfileshare] Add support for powerwatch (Closes#8628)
[facebook] Support mobile URLs (closes#8638)
[uStudio] Add new extractor
[space] Remove extractor (Closes#8662) - Now uses ooyala embed
[vidzi] Fix extraction
[videomega] Fix extraction (closes#7606)
[bokecc] Add new extractor (#2336)
[imdb] Recognize 1080p formats (Closes#8677)
[tnaflixnetwork:embed] Add extractor
[dplay] add support for it.dplay.com and dplay.dk
[dplay] Add support for dplay.no
[*] other misc bug fixes and improvements
Changelog:
Version 1.2 (2016-02-29)
Changelog:
- Inline media and avatars are no longer cached on disk
- Videos now indicate download progress showing a preview thumbnail
with a circular progress overlay
- We download higher-resolution avatars on HiDPI displays now
- The build system usage has seen a major refactoring an cleanup,
thanks to Rico Tzschichholz
- The sidebar is now at the top and dark
- Favorites now us a heart icon
- Sending tweets is now cancellable (e.g. when multiple images
are attached, in which case it might take a while)
- Inline media are now displayed "full-size", scaled to the
current window size.
- Instagram videos are now correctly marked as videos, instead
of was images
- If you have GTK+ >= 3.19, there's now a GtkShortcutsWindow
accessible from the app menuexplaining the various keyboard
shortcuts. Note that Corebird still compiles and runs with
GTK+ 3.16
- The big "add media" button in the compose window has been
replaced with a regular text button. The added images are
scaled down and displayed below it
- You can quote your own tweets now
- The settings dialog now contains a setting to hide
"inappropriate content", and it is enabled by default.
- The file selection dialog in the compose window now keeps
you from selecting files > 3MB.
Version 1.1 (2015-09-30)
Changelog:
- Tweets now get hidden/shown more correctly
- Corebird now saves an application-wide list of snippets that you can use to
insert common phrases or longer unicode emoticons. It can be found in the
application settings in the "Snippets" tab.
- Corebird now supports showing quote tweets in timelines as well as creating
quote tweets. This replaces the old "Quote" item for tweets which would
simply copy the original tweet's text.
- Media links and trailing hashtags can now be hidden via the "Tweets" tab in
the application settings.
- Profiles can now also show followers and followees
- Twitter removed the 140 char limit on Direct Messages and so did we
- Lots of other small enhancments and bug fixes
Version 1.0.1 (2015-07-17)
nothing...
Version 1.0 (2015-03-19)
- All dialogs now use client-side decrations if the environment dictates it, otherwise they fall back to server-side decorations. Note that the compose dialog is an exception, since we use the client-side decorations there also for progress indication (and other things in the future).
- Many layout updates
- The compose window now allows for up to 4 pictures to be uploaded.
- We now save additional information about the account which makes it possible for blocked users to be actually blocked, i.e. streamed tweets won't appear in your timeline anymore.
- When (un)following someone, we now also correctly show/hide their retweets in the stream.
- The DM page now sorts threads with unread messages first.
- The @handle completion known from the compose window is now also available when composing Direct Messages, as well as in the account settings for the description.
- Everything app-specific should now be hidpi ready, the only thing missing are assets loaded from Twitter directly, i.e. avatars and media.
- Notifications should now get withdrawn whenever it makes sense, i.e. if you read a Direct Message before dismissing the notification, it should get withdrawn automatically.
- The hover buttons moved to a right-click menu on every tweet.
- Plurals are properly localized.
- We now also respect muted users (even though there's no UI to mute someone)
- A user's verification status is now also shown in the tweet info page.
- Everything should now work when the user's @handle (aka screen_name) changes.
- Switching to the same page (i.e. going to a profile from the profile page) now works much better, including the swipe transition as well as proper equality checking.
- Invalid inline media (file size too big, 404, ...) should now be properly detected and reacted upon (i.e. remove the widget in the stream, add the link back).
- Underlines in @handles are now properly displayed in the app menu (i.e. the "open account" submenu)
- Animated gifs from Twitter are now also handled (just like other videos).
- Tweets in timelines are now single-click activated. This unifies the behavior with all other lists in the application. Since this interferes with certain user behaviors, there's a setting to switch back to double-click activation.
- Based on a user's protection status, we now disable (or hide) retweet buttons of tweets.
Upstream changes:
1.19 August 26, 2015
! #106665 Correct the version manually, no autoversioning, and the maintainer screwed up
1.18 August 25, 2015
! Fix a couple of cases where undefined values were being passed to functions [github/redhotpenguin]
! Do not set content_length for compressed request [github/bor]
! Add test for check return of send_receive(), add titles for some tests [github/bor]
1.17 July 30, 2015
! #106051 Fix utf8 encoding for CGI test (thanks cpan/ETHER for tips)
1.16 July 23, 2015
! Fix empty release. Note to self - do not release code when wife is in early labor
1.15 July 21, 2015
+ Preventing "billion laughs" exponential entity expansion attack [github/thilo-fester]
2.7.0 (2016-02-14):
* Remove sexplib.syntax, type_conv deps and camlp4 transitive dependency
* Add ppx_sexp_conv dependency
* Require OCaml 4.02.2+
* Add `Ipaddr.Prefix.subset`, `Ipaddr.V4.Prefix.subset` and `Ipaddr.V6.subset`
predicates to test containment of subnets (#52 from @seliopou)
2.6.1 (2015-02-20):
* Fix findlib requires in oasis to restore pre-4.02.1 compatibility
2.6.0 (2015-02-19):
* Change IPv6 link-local address prefix from fe80::/10 to fe80::/64. (#39)
* Remove type bytes = string alias (potentially breaking)
* Turn on -safe-string (#41)
* {V4,V6}.to_bytes_raw now uses Bytes.t rather than string (potentially breaking)
* Add multicast MAC conversions from RFC 1112 and RFC 2464
* Add to_domain_name conversions to DNS label lists (in-addr.arpa and ip6.arpa)
* Add V6.interface_routers, V6.site_routers, and V6.Prefix.solicited_node
* Add V6.link_address_of_mac to convert a MAC into a link local IP address
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-01
DLL hijacking vulnerability. [2]CVE-2016-2521
* [3]wnpa-sec-2016-03
DNP dissector infinite loop. ([4]Bug 11938) [5]CVE-2016-2523
* [6]wnpa-sec-2016-10
RSL dissector crash. ([7]Bug 11829) [8]CVE-2016-2530
[9]CVE-2016-2531
* [10]wnpa-sec-2016-11
LLRP dissector crash. ([11]Bug 12048) [12]CVE-2016-2532
* [13]wnpa-sec-2016-14
GSM A-bis OML dissector crash. ([14]Bug 11825)
* [15]wnpa-sec-2016-15
ASN.1 BER dissector crash. ([16]Bug 12106)
* [17]wnpa-sec-2016-18
ASN.1 BER dissector crash. ([18]Bug 11822)
The following bugs have been fixed:
* Questionable calling of ethernet dissector by encapsulating
protocol dissectors. ([19]Bug 9933)
* Improper RPC reassembly ([20]Bug 11913)
* GTPv1 Dual Stack with one static and one Dynamic IP. ([21]Bug
11945)
* Failed to parse M3AP IE (TNL information). ([22]Bug 12070)
* Wrong interpretation of Instance ID value in OSPFv3 packet.
([23]Bug 12072)
* MP2T Dissector does parse RTP properly in 2.0.1. ([24]Bug 12099)
* editcap does not adjust time for frames with absolute timestamp 0 <
t < 1 secs. ([25]Bug 12116)
Windows installers and PortableApps® packages are now dual signed using
SHA-1 and SHA-256 in order to comply with [26]Microsoft Authenticode
policy. Windows 7 and Windows Server 2008 R2 users should ensure that
[27]update 3123479 is installed. Windows Vista and Windows Server 2008
users should ensure that [28]hotfix 2763674 is installed.
Updated Protocol Support
ASN.1 BER, BATADV, DNP3, E100, EIGRP, GSM A DTAP, GSM SMS, GTP, HiQnet,
InfiniBand, LLRP, M3AP, MP2T, NFS, OSPF, RoHC, RPC, RSL, TRILL, VXLAN,
and X.509AF
The default stable version is 2.0.2.
Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. It uses GTK+, a graphical user interface
library, and libpcap, a packet capture and filtering library.
The Wireshark distribution also comes with TShark, which is a
line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the
same dissection, capture-file reading and writing, and packet filtering
code as Wireshark, and with editcap, which is a program to read capture
files and write the packets from that capture file, possibly in a
different capture file format, and with some packets possibly removed
from the capture.
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-01
DLL hijacking vulnerability. [2]CVE-2016-2521
* [3]wnpa-sec-2016-02
ASN.1 BER dissector crash. ([4]Bug 11828) [5]CVE-2016-2522
* [6]wnpa-sec-2016-03
DNP dissector infinite loop. ([7]Bug 11938) [8]CVE-2016-2523
* [9]wnpa-sec-2016-04
X.509AF dissector crash. ([10]Bug 12002) [11]CVE-2016-2524
* [12]wnpa-sec-2016-05
HTTP/2 dissector crash. ([13]Bug 12077) [14]CVE-2016-2525
* [15]wnpa-sec-2016-06
HiQnet dissector crash. ([16]Bug 11983) [17]CVE-2016-2526
* [18]wnpa-sec-2016-07
3GPP TS 32.423 Trace file parser crash. ([19]Bug 11982)
[20]CVE-2016-2527
* [21]wnpa-sec-2016-08
LBMC dissector crash. ([22]Bug 11984) [23]CVE-2016-2528
* [24]wnpa-sec-2016-09
iSeries file parser crash. ([25]Bug 11985) [26]CVE-2016-2529
* [27]wnpa-sec-2016-10
RSL dissector crash. ([28]Bug 11829) [29]CVE-2016-2530
[30]CVE-2016-2531
* [31]wnpa-sec-2016-11
LLRP dissector crash. ([32]Bug 12048) [33]CVE-2016-2532
* [34]wnpa-sec-2016-12
Ixia IxVeriWave file parser crash. ([35]Bug 11795)
* [36]wnpa-sec-2016-13
IEEE 802.11 dissector crash. ([37]Bug 11818)
* [38]wnpa-sec-2016-14
GSM A-bis OML dissector crash. ([39]Bug 11825)
* [40]wnpa-sec-2016-15
ASN.1 BER dissector crash. ([41]Bug 12106)
* [42]wnpa-sec-2016-16
SPICE dissector large loop. ([43]Bug 12151)
* [44]wnpa-sec-2016-17
NFS dissector crash.
* [45]wnpa-sec-2016-18
ASN.1 BER dissector crash. ([46]Bug 11822)
The following bugs have been fixed:
* HTTP 302 decoded as TCP when "Allow subdissector to reassemble TCP
streams" option is enabled. ([47]Bug 9848)
* Questionable calling of ethernet dissector by encapsulating
protocol dissectors. ([48]Bug 9933)
* [Qt & Legacy & probably TShark too] Delta Time Conversation column
is empty. ([49]Bug 11559)
* extcap: abort when validating capture filter for DLT 147. ([50]Bug
11656)
* Missing columns in Qt Flow Graph. ([51]Bug 11710)
* Interface list doesn't show well when the list is very long.
([52]Bug 11733)
* Unable to use saved Capture Filters in Qt UI. ([53]Bug 11836)
* extcap: Capture interface options snaplen, buffer and promiscuous
not being used. ([54]Bug 11865)
* Improper RPC reassembly ([55]Bug 11913)
* GTPv1 Dual Stack with one static and one Dynamic IP. ([56]Bug
11945)
* Wireshark 2.0.1 MPLS dissector not decoding payload when control
word is present in pseudowire. ([57]Bug 11949)
* "...using this filter" turns white (not green or red). Plus
dropdown arrow does nothing. ([58]Bug 11950)
* EIGRP field eigrp.ipv4.destination does not show the correct
destination. ([59]Bug 11953)
* tshark -z conv,type[,filter] swapped frame / byte values from / to
columns. ([60]Bug 11959)
* The field name nstrace.tcpdbg.tcpack should be
nstrace.tcpdbg.tcprtt. ([61]Bug 11964)
* 6LoWPAN IPHC traffic class not decompressed correctly. ([62]Bug
11971)
* Crash with snooping NFS file handles. ([63]Bug 11972)
* 802.11 dissector fails to decrypt some broadcast messages. ([64]Bug
11973)
* Wireshark hangs when adding a new profile. ([65]Bug 11979)
* Issues when closing the application with a running capture without
packets. ([66]Bug 11981)
* New Qt UI lacks ability to step through multiple TCP streams with
Analyze > Follow > TCP Stream. ([67]Bug 11987)
* GTK: plugin_if_goto_frame causes Access Violation if called before
capture file is loaded. ([68]Bug 11989)
* Wireshark 2.0.1 crash on start. ([69]Bug 11992)
* Wi-Fi 4-way handshake 4/4 is displayed as 2/4. ([70]Bug 11994)
* ACN: acn.dmx.data has incorrect type. ([71]Bug 11999)
* editcap packet comment won't add multiple comments. ([72]Bug 12007)
* DICOM Sequences no longer able to be expanded. ([73]Bug 12011)
* Wrong TCP stream when port numbers are reused. ([74]Bug 12022)
* SSL decryption fails in presence of a Client certificate. ([75]Bug
12042)
* LUA: TVBs backing a data source is freed too early. ([76]Bug 12050)
* PIM: pim.group filter have the same name for IPv4 and IPv6.
([77]Bug 12061)
* Failed to parse M3AP IE (TNL information). ([78]Bug 12070)
* Wrong interpretation of Instance ID value in OSPFv3 packet.
([79]Bug 12072)
* MP2T Dissector does parse RTP properly in 2.0.1. ([80]Bug 12099)
* editcap does not adjust time for frames with absolute timestamp 0 <
t < 1 secs. ([81]Bug 12116)
* Guard Interval is not consistent between Radiotap & wlan_radio.
([82]Bug 12123)
* Calling dumpcap -i- results in access violation. ([83]Bug 12143)
* Qt: Friendly Name and Interface Name columns should not be
editable. ([84]Bug 12146)
* PPTP GRE call ID not always decoded. ([85]Bug 12149)
* Interface list does not show device description anymore. ([86]Bug
12156)
* Find Packet does not highlight the matching tree item or packet
bytes. ([87]Bug 12157)
* "total block length ... is too large" error when opening pcapng
file with multiple SHB sections. ([88]Bug 12167)
* http.request.full_uri is malformed if an HTTP Proxy is used.
([89]Bug 12176)
* SNMP dissector fails at msgSecurityParameters with long length
encoding. ([90]Bug 12181)
Windows installers and PortableApps® packages are now dual signed using
SHA-1 and SHA-256 in order to comply with [91]Microsoft Authenticode
policy. Windows 7 and Windows Server 2008 R2 users should ensure that
[92]update 3123479 is installed. Windows Vista and Windows Server 2008
users should ensure that [93]hotfix 2763674 is installed.
Updated Protocol Support
6LoWPAN, ACN, ASN.1 BER, BATADV, DICOM, DNP3, DOCSIS INT-RNG-REQ, E100,
EIGRP, GSM A DTAP, GSM SMS, GTP, HiQnet, HTTP, HTTP/2, IEEE 802.11,
IKEv2, InfiniBand, IPv4, IPv6, LBMC, LLRP, M3AP, MAC LTE, MP2T, MPLS,
NFS, NS Trace, OSPF, PIM, PPTP, RLC LTE, RoHC, RPC, RSL, SNMP, SPICE,
SSL, TCP, TRILL, VXLAN, WaveAgent, and X.509AF
New and Updated Capture File Support
3GPP TS 32.423 Trace, iSeries, Ixia IxVeriWave, pcap, and pcapng
===========================
Bugfixes:
---------
- DNSSEC: Allow import of duplicate private key into the KASP
- DNSSEC: Avoid duplicate NSEC for Wildcard No Data answer
- Fix server crash when an incomming transfer is in progress and reload is issued
- Fix socket polling when configured with many interfaces and threads
- Fix compilation against Nettle 3.2
Improvements:
-------------
- Select correct source address for UDP messages recieved on ANY address
- Extend documentation of knotc commands
Knot DNS 2.1.0 (2016-01-14)
===========================
Features:
---------
- Per-thread UDP socket binding using SO_REUSEPORT on Linux
- Support for dynamic configuration database
- DNSSEC: Support for cryptographic tokens via PKCS #11 interface
- DNSSEC: Experimental support for online signing
Improvements:
-------------
- Support for zone file name patterns
- Configurable location of zone timer database
- Non-blocking network operations and better timeout handling
- Caching of Critical configuration values for better performance
- Logging of ACL failures
- RRL: Add rate-limit-slip zero support to drop all responses
- RRL: Document behavior for different rate-limit-slip options
- kdig: Warning instead of error on TSIG validation failure
- Cleanup of support libraries interfaces (libknot, libzscanner, libdnssec)
- Remove possibly insecure server control over a network socket
- Remove implementation limit for the number of network interfaces
Bugfixes:
---------
- synth-record module: Fix application of default configuration options
- TSIG: Allow compressed TSIG name when forwarding DDNS updates
- Schedule zone bootstrap after slave zone fails to load from disk
Sayaka is a light-weight terminal specific twitter client which
supports userstream and sixel graphics etc.
There are two variants (PHP based version and and Vala based version)
in the sayaka distribution and this package uses the newer Vala based one.
Upstream changes:
* cannot preview instagram pictures
* twitter authentication on the first startup didn't work with
some library version
Remarks:
OAuth::RequestToken#build_authorize_url is broken in the latest
oauth gem 0.5.0:
https://github.com/oauth-xx/oauth-ruby/pull/108
pkgsrc changes:
o Take the MAINTAINERship
Changes:
2016.02.22:
o [animeondemand] Add extractor (#8518)
o [noz] Add new extractor
o [screenjunkies] Add new extractor
o [arte:magazine] Add extractor
o Misc bug fixes and improvements.
IO::Socket provides a way to set a timeout on the socket, but the
timeout will be used only for connection, not for reading/writing
operations.
This module provides a way to set a timeout on read/write operations
on an IO::Socket instance, or any IO::Socket::* modules, like
IO::Socket::INET.
This VNC client makes use of the net/gtk-vnc library, providing a client
implemented with the Gtk+ toolkit. It is part of the DeforaOS desktop
environment.
* Save the initial working directory and change to it just before
running any scripts.
This avoids scripts putting files accidently where they shouldn't.
* Strip trailing dot from search and domain names.
* man page improvements.
Do not update xserver used, still 1.17.2.
Release notes:
TigerVNC 1.6.0 is now available. This release is mostly about fixing
various bugs and polishing existing features, but there are some
notable new things:
* Multi-head support in the Java viewer
* Better certificate handling in the Java viewer, including host
name verification
Upstream changes:
v0.4.6
* Fix multiple RPC error generation
* Add support for cancel-commit and persist param
* Add more examples
v0.4.5
* Add Huawei device support
* Add cli command support for hpcomware v7 devices
* Add H3C support, Support H3C CLI,Action,Get_bulk,Save,Rollback,etc.
* Add alcatel lucent support
* Rewrite multiple error handling
* Add coveralls support, with shield in README.md
* Set severity level to higher when multiple
* Simplify logging and multi-error reporting
* Keep stacktrace of errors
* Check for known hosts on hostkey_verify only
* Add check for device sending back null error_text
* Fix RPC.raise_mode
* Specifying hostkey_verify=False should not load_known_hosts
* Check the correct field on rpc-error element
v0.4.3
* Nexus exec_command operation
* Allow specifying multiple cmd elements in Cisco Nexus
* Update rpc for nested rpc-errors
* Prevent race condition in threading
* Prevent hanging in session close
v0.4.2
* Support for paramiko ProxyCommand via ~/.ssh/config parsing
* Add Juniper-specific commit operations
* Add Huawei devices support
* Tests/Travis support
* ioproc transport support for Juniper devices
* Update Cisco CSR device handler
* Many minor and major fixes
Upstream changes:
1.3.1:
* Bugfix: Not to suppress exception under Config util context manager.
1.3.0:
* Feature add: support "private" and "dynamic" database access #301#458.
* Feature enhancements:
- Support for Feature Velocity releases #442
- Multiple RPC support #338#453
- Merged Table/View pull requests from user. #441
- Facts gathering to raise only warning in case of exception #459
* Bugfixes:
- Raise RpcTimeoutError in commit_check #437
- Config load not throwing RpcTimeoutError #443#444
- Prevented AttributeError upon XML comment #448#447
- Facts gathering fix for QFX and other specific software releases #450#463
1.2.3:
* Bugfixes:
- Software upgrade for multi RE and multi VC #429
- single chassis (EX8208 1EA-2RE) software installation was broken.
- Facts gathering on VMx & Qfabric #313
- SCP & SW progress to print proper log messages #422, #421
- TXP facts broken #417
- Prefer explicitly defined ssh_private_key_file to sshconfig #418
* Feature ehnancements:
- Implement context manager for Device #433
- JSON as format option to RPC calls for Junos >= 14.2
- Merged Table/View pull requests from users.
1.2.2:
* Bugfixes:
- Suppress paramiko logger warnings #363
- A few places warnings similar to
No handlers could be found for logger "paramiko.transport"
would be displayed.
- Device password setter did not work #400
- dev.password = 'newpass'
- Facts gather for EX8200 standalone failing #402
- JSON dump of RPC XML failing when contents include XML comment #406
- SCP logger not enabled by default #362
1.2.1:
* Bugfixes:
- Unable to use get() multiple times with Tables
- Add increased timeout value for remote_checksum
- Ability to set options in CfgTable definition
- Domain Fact
- Put RPC inside try block
- Search inherited version of config
- Update support of swver fact for Junos 15.1
1.2.0:
* New features:
* Enhanced exception handling:
* XML Normalization Support:
* OpTables normalization
* Mixed Mode Virtual Chassis Upgrade Support
* Add sync, force_sync, full, detail to Config.commit(),
* Configuration Table Support
* Support for SSH ProxyCommand in SCP
* Set minimum paramiko version to 1.15.2
* Bugfixes:
- Facts
- MX Virtual Chassis
- All physical RE's are now accounted for in facts in the
format Device-RE => 'RE1-RE0'
- Master fact is same format as other VC systems.
- Domain
- Domain lookup now checks configuration first before attempting
to parse /etc/resolv.conf or /var/etc/resolv.conf
- 2RE
- Fixed false positive of 2RE on vc_capable systems
- StartShell root user
- Utils.start_shell now supports the user root
- utils.fs multiple RE support
- Fixed bug affecting multiple RE systems
- OpTables loading from XML files and objects
- OpTables were not properly loading when passing in a XML
file path or lxml object
1.1.2:
* Bugfixes:
- onbox Device()
1.1.1:
* Bugfixes:
- Device _auth_user overwritten after device open.
This was breaking SCP
1.1.0:
* New features:
* Enhanced Exception Handling
* Per execution timeout
* Serialization of Junos facts
* Composite table key support for missing XPATH
* Regex support for View boolean values
* OS Install force-host
* Added display_xml_rpc command
* ncclient proxycommand support
* Added support for pipe (union) operator in Table keys
* Format optional for configuration strings
* Bugfixes:
* JSON Output
- Views that had compound keys failed to dump.
- RPC command output failed to dump.
* FutureWarning
- Config utility would output a FutureWarning
1.0.2:
* Bugfixes:
* XML Templates not properly loading
* Templates without a file extension no longer assumed to be XML
Interoperation with syncthing-android is still very important, but
some have told me that they use syncthing among POSIXish systems
without android as a replacement for rsync/unison, more or less. Keep
the notion of deferring major upgrades to stay in sync with f-droid.
(This is in no way a complaint about the previous minor upgrade, which
was most welcome; it just caused me to look at this and notice my
previous text was too strong.)
CVS: ----------------------------------------------------------------------
CVS: CVSROOT cvs.NetBSD.org:/cvsroot
CVS: please use "PR category/123" to have the commitmsg appended to PR 123
v0.12.19
- Return "No such object in the index" when /rest/db/file gets
called on something that doesn't exist (@calmh)
- Swap the corsMiddleware and the csrfMiddleware to the unauthenticated
OPTIONS requests are first processed. (@letiemble)
- Report versioning usage in usage report (@calmh)
Changes:
v0.16
-----
* Completely revised HTTP2 implementation based on hyper-h2 (Thomas
Kriechbaumer)
* Export flows as cURL command, Python code or raw HTTP (Shadab Zafar)
* Fixed compatibility with the Android Emulator (Will Coster)
* Script Reloader: Inline scripts are reloaded automatically if modified
(Matthew Shao)
* Inline script hooks for TCP mode (Michael J. Bazzinotti)
* Add default ciphers to support iOS9 App Transport Security (Jorge
Villacorta)
* Basic Authentication for mitmweb (Guillem Anguera)
* Exempt connections from interception based on TLS Server Name Indication
(David Weinstein)
* Provide Python Wheels for faster installation
* Numerous bugfixes and minor improvements
Changes:
2.1.0 (2016-02-02)
------------------
**API Changes (Backward Compatible)**
- Added new ``InvalidTableIndex`` exception, a subclass of
``HPACKDecodingError``.
- Instead of throwing ``IndexError`` when encountering invalid encoded integers
HPACK now throws ``HPACKDecodingError``.
- Instead of throwing ``UnicodeDecodeError`` when encountering headers that are
not UTF-8 encoded, HPACK now throws ``HPACKDecodingError``.
- Instead of throwing ``IndexError`` when encountering invalid table offsets,
HPACK now throws ``InvalidTableIndex``.
- Added ``raw`` flag to ``decode``, allowing ``decode`` to return bytes instead
of attempting to decode the headers as UTF-8.
**Bugfixes**
- ``memoryview`` objects are now used when decoding HPACK, improving the
performance by avoiding unnecessary data copies.
The following security issues are fixed with this update:
* Resolve buffer overflow when handling "config" file requests (CVE-2016-2054)
* Restrict "config" files to regular files inside the $XYMONHOME/etc/ directory
(symlinks disallowed) (CVE-2016-2055). Also, require that the initial filename
end in '.cfg' by default
* Resolve shell command injection vulnerability in useradm and chpasswd CGIs
(CVE-2016-2056)
* Tighten permissions on the xymond BFQ used for message submission to restrict
access to the xymon user and group. It is now 0620. (CVE-2016-2057)
* Restrict javascript execution in current and historical status messages by
the addition of appropriate Content-Security-Policy headers to prevent XSS
attacks. (CVE-2016-2058)
* Fix CVE-2015-1430, a buffer overflow in the acknowledge.cgi script.
Thank you to Mark Felder for noting the impact and Martin Lenko
for the original patch.
* Mitigate CVE-2014-6271 (bash 'Shell shock' vulnerability) by
eliminating the shell script CGI wrappers
Please refer to
https://sourceforge.net/projects/xymon/files/Xymon/4.3.25/Changes/download
for further information on fixes and new features.
Baïkal 0.3.1 is now the recommended version of Baïkal. This release
fixes the most reported issues with Baikal, and also:
Upgrades sabre/dav from version 1.8 to 3.1.
Supports PHP 7.
Makes the minimum PHP version 5.5.
Adds support for calendar/addressbook export.
Adds support for WebDAV-Sync.
Upgrade instructions are here:
http://sabre.io/baikal/upgrade/
* Improve dailymotion embed detection
* strip http urls in smil manifest
* Improve base url construction
* Pass mpd base url to _parse_mpd_formats
* Allow bestvideo+bestaudio for any extractor
* Add direct mpd url test
* Improve multifeed videos extraction
Upstream changes:
* post by shotcut keys didn't work on certain conditions
* selected characters of tweet by mouse drag were not shown correctly
in some case
pkgsrc changes:
- remove unnecesary OVERRIDE_GEMSPEC for ruby-http
- add a new OVERRIDE_GEMSPEC for equalizer-0.0.11
(briefly tested with net/ruby-tw)
No CHANGELOG.md entry (and no announcement) in upstream.
(one notable change in github is "Update http dependency to ~> 1.0")
96.0.0 (2016/2/10)
Breaking Changes
Google App Engine
Google App Engine components updated to 1.9.32. Please visit the following release notes for details: Python - https://cloud.google.com/appengine/docs/python/release-notes Java - https://cloud.google.com/appengine/docs/java/release-notes
The gcloud preview app gen-config command now offers to automatically update the runtime field in app.yaml if necessary.
IAM
The gcloud beta iam command group has launched.
Emulators
The Pub/Sub emulator now supports Gzip-encoded requests.
Google Compute Engine
The gcloud compute copy-files|scp commands on Windows now treat path arguments with a drive prefix as local files.
Configurations
The config configurations delete command now takes multiple configuration names.
Containers
kubectl is updated to v1.1.7.
Bugfix on the gcloud container clusters get-credentials when run from a client without edit permissions.
Misc. Changes
The default floating point output format precision is 6. Exponent notation is used for abs(n) < 1e-04 and abs(n) >= 1e+09.
The arrow and page up/down/home/end keys now work in the Windows help pager.
95.0.0 (2016/2/3)
Breaking Changes
Use gcloud compute networks create --mode=legacy to create non-subnet networks.
Google Compute Engine
gcloud compute copy-files and gcloud compute ssh on Windows now use standard PuTTY plink.exe, pscp.exe and putty.exe. A standalone winkeygen.exe generates PuTTY and ssh compatible keys. The Windows PuTTY executables are up to date at version 0.66.
Google Compute Engine subnets
Added gcloud compute networks subnets.
Added --mode flag to gcloud compute networks create.
Added --subnet flag to gcloud compute instances create and gcloud compute instance-templates create.
Added --local-traffic-selector flag to gcloud compute vpn-tunnels create.
Google App Engine
Added support for streaming logs when the use_cloud_build=1 property is set.
Moved the nodejs install script into the docker image.
Projects
gcloud projects update|undelete|delete have been moved to beta.
gcloud --format
Added nested table formatting by --format="table(field1,listField2:format=FORMAT-STRING)" where FORMAT-STRING can be any format (json, table, ...). Try: gcloud compute instances list --format="table[box](name, disks:format='table[no-heading](deviceName:sort=1, kind)')"
Added list field aggregation formatting (similar to nested formatting) by --format="table(listField2:format=FORMAT-STRING)". When the main table has no columns each nested format is aggregated into a single list. Try: gcloud compute instances list --format="table(disks:format='table[box](deviceName:sort=1, kind)')"
94.0.0 (2016/1/27)
Google Compute Engine
Added gcloud alpha compute url-maps list-cache-invalidations command.
Google App Engine
Google App Engine components updated to 1.9.31. Please visit the following release notes for details: Python - https://cloud.google.com/appengine/docs/python/release-notes Java - https://cloud.google.com/appengine/docs/java/release-notes
Added --runtime flag to gcloud preview app gen-config to specify a runtime when a directory identifies as multiple runtimes. This flag can be used in conjunction with --custom.
Google Container Engine
gcloud container cluster describe and list commands now notify the user when their cluster versions are about to go out of support or are unsupported.
Google Cloud Logging
gcloud beta logging write and gcloud beta logging logs delete commands now use the V2beta1 API. The gcloud beta logging write command now uses the global resource descriptor (which translates to "custom.googleapis.com" service in V1).
Cloud Dataproc
gcloud beta dataproc clusters create now supports --tags and --metadata flags to set instance tags and metadata on all instances in the Dataproc cluster.
PubSub Emulator
A new --host flag can be used to specify the address the emulator should bind as. The flag can be left unspecified, set to "localhost", a hostname, or an explicit IP address.
Projects
Added commands get-iam-policy, set-iam-policy, add-iam-policy-binding, and remove-iam-policy-binding for the gcloud beta projects surface.
Added the gcloud projects list command that can be used to list projects.
93.0.0 (2016/1/20)
kubectrl upgraded to 1.1.4.
gcloud beta dataproc cluster create now supports --properties flag to set properties for installed packages.
Datastore emulator's DATASTORE_LOCAL_HOST environment variable changed to DATASTORE_EMULATOR_HOST.
gcloud source repos clone now supports --dry-run flag to show equivalent git command.
92.0.0 (2016/1/13)
Because of the rollback of 91.0.0, this release contains all of the changes from 91.0.0 in addition to the changes listed below.
Breaking Changes
gcloud preview app deploy
Changed deployments to set the deployed versions to receive all traffic for their modules by default.
To keep the old behavior (traffic split remains the same), use the --no-promote flag or run gcloud config set app/promote_by_default true.
Note that your old versions are still running, and must be stopped manually. This behavior will change in a future release.
Removed deprecated --set-default flag. Please use --promote instead.
gcloud preview app deploy: Removed deprecated --env-vars flag.
The output of the gcloud preview app modules list command has been changed to include the traffic split percentage instead of the 'default version' field.
Removed deprecated gcloud preview app modules cancel-deployment command.
This command is no longer necessary due to recent improvements in the Deployment API.
Removed deprecated gcloud preview app modules download command.
This command is no longer necessary due to recent improvements in the Deployment API.
Removed deprecated gcloud preview app run command. Please use dev_appserver.py instead.
Changed behavior of the --zone/-z flag in the gcloud dns record-sets command group. This flag can no longer precede the command. For instance, gcloud dns record-sets -z=mz list will not work, but gcloud dns record-sets list -z=mz will.
Changed --password-file option for sql instances set-root-password; password now does not include trailing newline from password file. This matches the documented behavior, but not the previous behavior. (Fixes https://code.google.com/p/google-cloud-sdk/issues/detail?id=419)
Removed meta/active_configuration from the results of gcloud config list since it is not a property that can be set. You can continue to use the gcloud config configurations commands to view and manage your configurations.
Cloud SDK
Added gcloud config proxy settings. Users can configure gcloud to use a proxy via the following settings:
gcloud config proxy/address
gcloud config proxy/password
gcloud config proxy/port
gcloud config proxy/type
gcloud config proxy/username
Added alpha and beta components to Debian packages.
Removed unused config properties: app/hosted_registry, app/host, app/admin_host, app/api_host.
Google Cloud Logging
Migrated to v2beta1 API release.
Moved gcloud beta logging sinks commands to v2beta1.
Added gcloud beta logging resource-descriptors command to display supported resources from various services.
Added gcloud beta logging read command to retrieve log entries using filters.
Google Container Engine
Added gcloud container clusters resize for resizing Container Engine clusters.
Added notifications when node upgrades are available to gcloud container cluster describe and list commands.
Google App Engine
Fixed bug where initial deployments using --image-url failed.
Changed gcloud preview app modules set_default command to use the App Engine Admin API.
Changed gcloud preview app modules list command to use the App Engine Admin API.
---------------------
2015-05-28 wimpunk
* [r183] ., release: Removing unneeded release directory
2015-03-23 wimpunk
* [r182] ddclient: Reverting to the old perl requirements like
suggested in #75
The new requirements were added when adding support for cloudflare. By the
simple fix suggested by Roy Tam we could revert the requirements which make
ddclient back usable on CentOS and RHEL.
* [r181] ddclient: ddclient: made json optional
As suggested in pull 7 on github by @abelbeck and @Bugsbane it is
better to make the
use of JSON related to the use of cloudflare.
* [r180] ddclient: ddclient: reindenting cloudflare
Indenting cloudflare according to the vim tags
* [r179] ddclient: ddclient: correction after duckdns merge
Correcting duckdns configuration after commit r178
* [r178] ddclient: Added simple support for Duckdns www.duckdns.org
Patch provided by gkranis on github.
Merge branch 'gkranis'
2015-03-21 wimpunk
* [r177] README.md: Added duckDNS to the README.md
* [r176] sample-etc_rc.d_init.d_ddclient.ubuntu: update ubuntu init.d script
Merge pull request #9 from gottaloveit/master
* [r175] Changelog, Changelog.old: Renamed Changelog to
Changelog.old
Avoiding conflicts on case insensitive filesystems
* [r174] ddclient: Add missing config line for CloudFlare
Merge pull request #19 from shikasta-net/fixes
* [r173] ddclient: Merge pull request #22 from reddyr/patch-1
loopia.se changed the "Current Address:" output string to "Current IP
Address:"
* [r172] ddclient: fixed missing ) for cloudflare service hash
Merge pull request #16 from adepretis/master
2015-01-20 wimpunk
* [r171] README.md, ddclient, sample-etc_ddclient.conf: Adding
support for google domain
Patch gently provided through github on
https://github.com/wimpunk/ddclient/pull/13
2014-10-08 wimpunk
* [r170] README.md, ddclient, sample-etc_ddclient.conf: Added
support for Cloudflare and multi domain support for namecheap
Pull request #7 from @roberthawdon
See https://github.com/wimpunk/ddclient/pull/7 for more info.
2014-09-09 wimpunk
* [r169] ddclient: Bugfix: allowing long username-password
combinations
Patch provided by @dirdi through github.
2014-08-20 wimpunk
* [r166] ddclient: Fixing bug #72: Account info revealed during
noip update
* [r165] ddclient: Interfaces can be named almost anything on
modern systems.
Patch provided by Stephen Couchman through github
2014-06-30 wimpunk
* [r164] ddclient: Only delete A RR, not any RR for the FQDN
Make the delete command specific to A RRs. This prevents ddclient
from deleting other RRs unrelated to the dynamic address, but on the
same FQDN. This can be specifically a problem with KEY RRs when using
SIG(0) instead of symmetric keys.
Reported by: Wellie Chao
Bug report: http://sourceforge.net/p/ddclient/bugs/71/Fixes#71
2014-06-02 wimpunk
* [r163] README.md, ddclient: Adding support for nsupdate.
Patch provided by Daniel Roethlisberger <daniel@roe.ch> through
github.
2014-04-29 wimpunk
* [r162] README.md, README.ssl, ddclient: Removed revision
information
Revision information isn't very usable when switching to git.
2014-03-20 wimpunk
* [r161] README.md, README.ssl, ddclient,
sample-etc_rc.d_init.d_ddclient.alpine: Added Alpine Linux init
script
Patch send by Tal on github.
* [r160] RELEASENOTE: Corrected release note
2013-12-26 wimpunk
* [r159] release/readme.txt: Commiting updated release information
* [r158] README.md, RELEASENOTE: Committing release notes and
readme information to trunk
--------------
Explicit ChangeLog not found, but diff src tells two options are
added, -Q and -V, ( -V vlan -Q priority )
-Q pri 802.1p priority to set. Should be used with 802.1Q (-V).
Defaults to 0.
-V num 802.1Q tag to add. Defaults to no VLAN tag.
-------------------
lft 3.71 / WhoB 3.71
----------------------
- WhoB: Autodetect input from STDIN (pipe) without '-f -'
- WhoB: Redirect some extraneous output to STDERR
lft 3.7 / WhoB 3.7
----------------------
- Added support for 4-byte ASNs
- Added support for whob reading bulk input from stdin using '-f -'
lft 3.6 / WhoB 3.6
----------------------
- Added support for 4-byte ASNs
lft 3.5 / WhoB 3.5
----------------------
- Roy T. provided DNS speed-ups
- Added GraphViz output option with -g
lft 3.35 / WhoB 3.5
----------------------
- Roy T. provided some clean-ups to avoid double free()s
- Bug fixes only
lft 3.33 / WhoB 3.5
----------------------
- Fixed free(sess->hostname) bug (segfault on unresolvable hostname)
- Improved error hanlding of pcap failures related to data link type
- Kurt's FreeBSD fix for pcap snprintf
- Bug fixes only
lft 3.32 / WhoB 3.5
----------------------
- Added support for several encapsulating protocols such as PPP
- no other changes
non-bloking descriptor after a poll(), don't loop forever on EAGAIN
as poll() may return POLLIN for a descriptor which doesn't have data
to be read. Bump PKGREVISION.
While there add user-destdir support.
ocaml.mk. It was becoming more trouble than it was worth: only a minority
of packages used it, and it only made Makefiles more confusing.
(I've left out some packages: these will be updated forthwith)
[youtube] added vcodec/acodec/abr for multiple itags
[utils] Add more items to mimetype2ext (#8293)
[utils] Reorder items in mimetype2ext alphabetically
[youtube] Prefer info from YouTube than _formats (#8293)
[common] Keep full codec name from m3u8 manifests
[facebook] Add shortcut and reformat _VALID_URL
[facebook:post] Add extractor (Closes#8321)
[vevo] extract all formats and bypass geo restriction
[vevo] extract metadata and formats from api if videoinfo is empty
[cspan] Fix clip/prog id extraction (#8317)
[vevo] fallback to youtube video only if vevo video is geo restricted
[cspan] Extract from path when no qualities (Closes#8317)
[instagram] Make description optional (Closes#8326)
[daum.net] Fixes#8331
[extractor/common] Auto calculate tbr when missing
[spankbang] Fix formats extraction
[spankbang] Fix title extraction (Closes#8329)
[extractor/common] detect media playlist in _extract_m3u8_formats
[cbsnews] extract all formats
[cbsnews] Remove unused import
[utils] fix dfxp2srt text extraction(fixes#8055)
[ndr:embed:base] Add missing ext for m3u8
[ok] Add support for mobile URLs (Closes#8345)
[bbc] Add another title regex (Closes#8340)
[bbc] Add another description regex
[bbc] Add test for #8147
[ffmpeg] fix adding metadata when using m3u8_native(fixes#8350)
[youtube:user] Require 'https?://' in the url (fixes#8356)
[azubu] Add extractor for live streams (closes#8343)
[cspan] Unescape path (Closes#8365)
[extractor/common] Restrict checks when auto calculating tbr
[espn] Improve video id extraction (Closes#8368)
[daum] Fix copy-paste mistake
[daum] Fix add view_count, comment_count to test
[daum.net] Move the request to ClipInfoXml.do
[daum.net] Support VodPlayer.swf URLs (closes#8173)
[daum] Add 'thumbnail' to all _TESTS
[facebook] Support alternative webpage form
[youtube] Move decrypt_sig out of _parse_dash_manifest
[daum.net] Support for playlists, user channels
[downloader/f4m] Prefer bootstrap url attribute over inline bootstrap
[matchtv] Add extractor (Closes#8313)
[options] Add missing closing parenthesis
[common] _parse_dash_manifest() from youtube.py
[downloader/fragment] Do not report total bytes estimation and eta
[downloader/f4m] Add live stream flag to context
[common] Modify _parse_dash_manifest for use in Facebook
[downloader/fragment] Remove superfluous whitespace
[facebook] Add support for DASH manifests
[youtube] Pass self._formats to _parse_dash_manifest
[common] Fix for youtube
[common] Prefer the manifest than formats_dict in determining codecs
[downloader/f4m] Do not update fragment list while test
[youtube] Remove '(v|a)codec': 'none' entries
[common] Rename to namespace
[common] Remove unused arguments
[common] Add _extract_dash_manifest_formats
[facebook] Add md5 for the test case with DASH
[generic] Add support for Limelight API
[limelight] fix format sorting and make m3u8 and f4m extraction
[npo] Add extension for m3u8
[viidea] Skip download for the test case requiring ffmpeg
[vgtv] Fix test_VGTV_2
[screenwavemedia] Fix HLS extension and test_TeamFour
[tv2] Fix test_TV2
[senateisvp] Fix test_SenateISVP and test_SenateISVP_1
[nrktv] Fix _TESTS
[nbc] Use NBC's id and fix _TESTS
[nba] Add ext for hls formats and fix test_NBA
[schooltv] Add extractor for SchoolTV playlists
[schooltv] Improve video id regex
[Gamekings] Fix url from .tv to .nl
[letv] Fix LetvCloud extraction
[Gamekings] Fix viewing of old videos
[youtube] Use authentication for entry list base extractor (Closes#8380)
[youtube] Filter duplicates in playlists base extractor
[test_youtube_lists] Fix TestYoutubeLists.test_youtube_course
[test_subtitles] Fix TestRaiSubtitles
[xuite] Replace the test case with my uploaded one
[FFmpegSubtitlesConvertorPP] delete old subtitle files (fixes#8382)
[youtube] Use 'orderedSet' instead of 'set' to preserve the order
[gamekings] Add MD5 back
[gamekings] add_ie
[gamekings] Stricter checks
[acast] Fix extraction
[acast] Remove ACastBaseIE
[allocine] Fix extraction of test_allocine_1 and update tests
[bpb] Fix extraction and update tests
[allocine] Use xpath_element
[vidzi] Fix extraction
[vidzi] Fix _TESTS
[YoutubeDL] Do not override ie_key in url_transparent
[kickstarter] Eliminate the warning message and add_ie
[kickstarter] Fix title and test_kickstarter
[daum] PEP8
[daum] Do not match a single URL with multiple info extractors
[daum] Update test_daum_1
[daum.net:user] Match more URLs (#1952)
[vk:uservideos] Improve _VALID_URL (Closes#8389)
[test_YoutubeDL] Fix test_youtube_format_selection
[ffmpeg] fix adding metadata when using --hls-prefer-native(#8350)
[utils] dfxp2srt: make TTMLPElementParser inherit from object
[cbsnews] add support for live videos(fixes#7010)
[srgssr] use flv as ext for rtmp formats
[README.md] Clarify unavailable sequences in output format
[kuwo] Check for georestriction
[generic] extract m3u8 formats when mpegurl content type detected
[youtube] fix subtitle extraction(fixes#8415)
[youtube] fix subtitle order
[test_subtitles] update youtube subtitles tests
[arte.tv:+7] Fix extraction (fixes#8427)
v0.12.17
- Handle null case for invalid ng-model value (#2392, @tpng)
- Use dialer in relay checks (#2732, @AudriusButkevicius)
Plus some minor line shuffling for pkglint
* GnuTLS: compatibility with GnuTLS-3.4.2
* Nethttpd_plex: the post_add_hook was not called by accident
(since OCamlnet-4); this is now fixed.
* Nethtml: new option case_sensitive
* GnuTLS: initializing the library on-demand. This avoids that
/dev/random is kept open all the time since program start, and
works around incompatibilities with Netplex. (Thomas Calderon
found the problem.)
* GnuTLS: setting DH parameters on certificates (this was forgotten in
previous releases). (Thomas Calderon found the problem.)
* GnuTLS: supporting GnuTLS versions where SRP is disabled.
Supporting GnuTLS-3.4.
* OpenBSD build: fix linker option (Christopher Zimmermann)
* Equeue: There is a new method request_proxy_notification,
which is only used by Uq_engines.qseq_engine (but unfortunately
needs to appear in the public type of the object). This new
method permits that chains of Uq_engines.qseq_engine pairs
can now be arbitrarily long without consuming too much memory
and without the danger of getting stack overflows.
This fixes issues where notification chains got too long. In
particular, we saw a stack overflow when retrieving a video
stream via HTTP. The stream was sent with many chunks, resulting
in a long Uq_engines.qseq_engine chain.
Implementers of engines can simply define request_proxy_notification
as no-ops.
* Nethttp.set_content_range: this function generated an incorrect
header (the "bytes" word was missing). (Török Edwin)
* _oasis is generated from _oasis.in
* Netplex: the Netplex socket directory has a different default
if not specified in the config file.
* Netshm: the POSIX specifier has now two args
* IPv6: automatically enabled if there is a global IPv6 address
* Unicode tables: Moved them to a separate netunidata library.
This library needs to be linked in for getting access to the
tables (this is no longer the default).
* Renamings: Http_client, Ftp_client etc. => Nethttp_client,
Netftp_client
Mimestring => Netmime_string
Xdr => Netxdr
* Netmime: moved functions to Netmime_header and Netmime_channels
* Netmech_scram: Removed the check that passwords only consist of
ASCII chars. The user can now call Netsaslprep.saslprep.
* Removed: rpc-auth-dh, nethttpd-for-netcgi2
* Http_client: the authentication mechanisms are now encapsulated
in a first-class module HTTP_MECHANISM. So far, there is Digest
authentication in this form. The signature of HTTP_MECHANISM
is similar to SASL_MECHANISM.
Another visible change is that the insecure Basic authentication
is no longer enabled for non-TLS-secured connections. This can be
changed back by setting flags, though.
Some fixes in the design improve Digest authentication for proxy
connections.
* Netpop: implementating SASL authentication for POP3. Moved Netpop
into netclient.
* Netsmtp: implementing SASL authentication for SMTP. Moved Netsmtp
into netclient.
* Adding a framework for SASL, and a number of mechanisms
(PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1).
* fcgi/scgi/ajp connectors: exporting a handle_connection function,
and unifying existing such functions (Christopher Zimmermann)
* adding support for modular cryptography (symmetric ciphers and
digests)
* SCRAM is now implemented with the new crypto providers
* removing dependency on Cryptokit
* removed library netgssapi; now part of netsys/netstring
* removed library netmech-scram; now part of netstring
Ocamlnet-4 adds:
- new library netgss-system
- new library nettls-gnutls
- removed equeue-ssl and rpc-ssl
- X.500 modules Netasn1, Netdn, Netx509
- Crypto definitions Netsys_crypto_types, Netsys_crypto
- TLS modules Netsys_tls, Nettls_support
- Support for SASL and GSSAPI
- Moved many functions from Uq_engines to new modules in
the equeue library (Uq_client, Uq_server, Uq_multiplex,
Uq_transfer)
Changes:
####################### V 1.7.3.1:
security:
Socat security advisory 8
A stack overflow in vulnerability was found that can be triggered when
command line arguments (complete address specifications, host names,
file names) are longer than 512 bytes.
Successful exploitation might allow an attacker to execute arbitrary
code with the privileges of the socat process.
This vulnerability can only be exploited when an attacker is able to
inject data into socat's command line.
A vulnerable scenario would be a CGI script that reads data from clients
and uses (parts of) this data as hostname for a Socat invocation.
Test: NESTEDOVFL
Credits to Takumi Akiyama for finding and reporting this issue.
Socat security advisory 7
MSVR-1499
In the OpenSSL address implementation the hard coded 1024 bit DH p
parameter was not prime. The effective cryptographic strength of a key
exchange using these parameters was weaker than the one one could get by
using a prime p. Moreover, since there is no indication of how these
parameters were chosen, the existence of a trapdoor that makes possible
for an eavesdropper to recover the shared secret from a key exchange
that uses them cannot be ruled out.
Futhermore, 1024bit is not considered sufficiently secure.
Fix: generated a new 2048bit prime.
Thanks to Santiago Zanella-Beguelin and Microsoft Vulnerability
Research (MSVR) for finding and reporting this issue.
* Release 0.10.1 (21-Jan-2015)
** Packaging Fixes
This release fixes a version-string management failure when the "log
publisher" feature was used in a tree built from a release tarball (rather
than from a git checkout). This caused a unit test failure, as well as
operational failures when using `flogtool tail`. Thanks to Ramakrishnan
Muthukrishnan (vu3rdd) for the catch and the patch. (#248)
Changelog:
=============================
Release Notes for Samba 4.3.4
January 12, 2016
=============================
This is the latest stable release of Samba 4.3.
Changes since 4.3.3:
--------------------
o Michael Adam <obnox@samba.org>
* BUG 11619: doc: Fix a typo in the smb.conf manpage, explanation of idmap
config.
* BUG 11647: s3:smbd: Fix a corner case of the symlink verification.
o Jeremy Allison <jra@samba.org>
* BUG 11624: s3: libsmb: Correctly initialize the list head when keeping a
list of primary followed by DFS connections.
* BUG 11625: Reduce the memory footprint of empty string options.
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 11659: Update lastLogon and lastLogonTimestamp.
o Ralph Boehme <slow@samba.org>
* BUG 11065: vfs_fruit: Enable POSIX directory rename semantics.
* BUG 11466: Copying files with vfs_fruit fails when using vfs_streams_xattr
without stream prefix and type suffix.
* BUG 11645: smbd: Make "hide dot files" option work with "store dos
attributes = yes".
o Günther Deschner <gd@samba.org>
* BUG 11639: lib/async_req: Do not install async_connect_send_test.
o Stefan Metzmacher <metze@samba.org>
* BUG 11394: Crash: Bad talloc magic value - access after free.
o Rowland Penny <repenny241155@gmail.com>
* BUG 11613: samba-tool: Fix uncaught exception if no fSMORoleOwner
attribute is given.
o Karolin Seeger <kseeger@samba.org>
* BUG 11619: docs: Fix some typos in the idmap backend section.
* BUG 11641: docs: Fix typos in man vfs_gpfs.
o Uri Simchoni <uri@samba.org>
* BUG 11649: smbd: Do not disable "store dos attributes" on-the-fly.
[downloader/common] report_retry: Don't crash when retries is infinite
[cbsnews] Extract subtitles
[cbsnews] Simplify subtitles extraction and fix test
[arte:future] Fix extraction
[arte:future] Make duplicated test matching only
[arte:cinema] Add extractor
[nuevo] Generalize nuevo extractor and add support for trollvids
[nuevo] Simplify nuevo extractors
[ruleporn] Add new extractor
[nuevo] Improve thumbnail extraction
[ruleporn] Rework in terms of nuevo
[lovehomeporn] Add extractor
[SVTPlay] Add subtitle support
[svt] Improve subtitles extraction and add test
[options] Clarify language tags
[kanalplay] Use IETF language tag
[drtv] Use IETF language tag
Previously there were at least 5 different ways MACHINE_ARCH could be set,
some statically and some at run time, and in many cases these settings
differed, leading to issues at pkg_add time where there was conflict
between the setting encoded into the package and that used by pkg_install.
Instead, move to a single source of truth where the correct value based on
the host and the chosen (or default) ABI is determined in the bootstrap
script. The value can still be overridden in mk.conf if necessary, e.g.
for cross-compiling.
ABI is now set by default and if unset a default is calculated based on
MACHINE_ARCH. This fixes some OS, e.g. Linux, where the wrong default was
previously chosen.
As a result of the refactoring there is no need for LOWER_ARCH, with
references to it replaced by MACHINE_ARCH. SPARC_TARGET_ARCH is also
removed.
@PKG_SYSCONFDIR@ with hardcoded paths to /usr/pkg, possibly due to SUBST_STAGE
being set to post-patch. Revert that change, move SUBST_STAGE to
pre-configure, and perform some minor cleanup while here.
Bump PKGREVISION of all packages, ignoring pkglint's error that this shouldn't
be done in Makefile.common.
