Changelog:
Tomcat 8.5.15 (markt)
General
Add: Allow to exclude JUnit test classes using the build property test.exclude and document the property in BUILDING.txt. (rjung)
Catalina
Fix: Review those places where Tomcat re-encodes a URI or URI component and ensure that that correct encoding (path differs from query string) is applied and that the encoding is applied consistently. (markt)
Fix: Avoid a NullPointerException when reading attributes for a initialised HTTP connector where TLS is enabled. (markt)
Fix: Always quote the hostName of an SSLHostConfig element when using it as part of the JMX object name to avoid errors that prevent the associated TLS connector from starting if a wild card hostName is configured (because * is a reserved character for JMX object names). (markt)
Code: Start to switch to using Charset rather than String to store encoding configuration settings to reduce the number of places the associated Charset needs to be looked up. (markt)
Fix: Use a more reliable mechanism for the DefaultServlet when determining if the current request is for custom error page or not. (markt)
Fix: Ensure that when the Default or WebDAV servlets process an error dispatch that the error resource is processed via the doGet() method irrespective of the method used for the original request that triggered the error. (markt)
Fix: If a static custom error page is specified that does not exist or cannot be read, ensure that the intended error status is returned rather than a 404 or 403. (markt)
Fix: When the WebDAV servlet is configured and an error dispatch is made to a custom error page located below WEB-INF, ensure that the target error page is displayed rather than a 404 response. (markt)
Add: 61047: Add MIME mapping for woff2 fonts in the default web.xml. Patch provided by Justin Williamson. (violetagg)
Fix: Correct the logic that selects the encoding to use to decode the query string in the SSIServletExternalResolver so that the useBodyEncodingForURI attribute of the Connector is correctly taken into account. (markt)
Fix: Within the Expires filter, make the content type value specified with the ExpiresByType parameter, case insensitive. (markt)
Coyote
Fix: When a TrustManager is configured that does not support certificateVerificationDepth only log a warning about that lack of support when certificateVerificationDepth has been explicitly set. (markt)
Fix: 60970: Extend the fix for large headers to push requests. (markt)
Fix: Do not include a Date header in HTTP/2 responses with status codes less than 200. (markt)
Jasper
Fix: When no BOM is present and an encoding is detected, do not skip the bytes used to detect the encoding since they are not part of a BOM. (markt)
Update: 61057: Update to Eclipse JDT Compiler 4.6.3. (violetagg)
Fix: 61065: Ensure that once the class is resolved by javax.el.ImportHandler#resolveClass it will be cached with the proper name. (violetagg)
WebSocket
Fix: 61003: Ensure the flags for reading/writing in o.a.t.websocket.AsyncChannelWrapperSecure are correctly reset even if some exceptions occurred during processing. (markt/violetagg)
Web Applications
Add: Add documents for maxIdleTime attribute to Channel Receiver docs. (kfujino)
Other
Add: Modify the Ant build script used to publish to a Maven repository so that it no longer requires artifacts to be GPG signed. This is make it possible for the CI system to upload snapshot builds to the ASF Maven repository. (markt)
Code: Review i18n property files, remove unnecessary escaping and consistently use [...] to delimit inserted values. (markt)
release in progress Tomcat 8.5.14 (markt)
Catalina
Fix: 59825: Log a message that lists the components in the processing chain that do not support async processing when a call to ServletRequest.startAsync() fails. (markt)
Fix: 60926: Ensure o.a.c.core.ApplicationContextFacade#setSessionTimeout will invoke the correct method when running Tomcat with security manager. (markt)
Update: Update the early access Servlet 4.0 API implementation to reflect the change in method name from getPushBuilder() to newPushBuilder(). (markt)
Fix: Correct a regression in the X to comma refactoring that broke JMX operations that take parameters. (markt)
Fix: Avoid a NullPointerException when reading attributes for a running HTTP connector where TLS is not enabled. (markt)
Fix: 60940: Improve the handling of the META-INF/ and META-INF/MANIFEST.MF entries for Jar files located in /WEB-INF/lib when running a web application from a packed WAR file. (markt)
Fix: Pre-load the ExceptionUtils class. Since the class is used extensively in error handling, it is prudent to pre-load it to avoid any failure to load this class masking the true problem during error handling. (markt)
Fix: Avoid potential NullPointerExceptions related to access logging during shutdown, some of which have been observed when running the unit tests. (markt)
Fix: When there is no javax.servlet.WriteListener registered then a call to javax.servlet.ServletOutputStream#isReady will return false instead of throwing IllegalStateException. (violetagg)
Fix: When there is no javax.servlet.ReadListener registered then a call to javax.servlet.ServletInputStream#isReady will return false instead of throwing IllegalStateException. (violetagg)
Coyote
Fix: Align cipher configuration parsing with current OpenSSL master. (markt)
Fix: 60970: Fix infinite loop if application tries to write a large header to the response when using HTTP/2. (markt)
Jasper
Fix: 60925: Improve the handling of access to properties defined by interfaces when a BeanELResolver is used under a SecurityManager. (markt)
jdbc-pool
Code: Refactor the creating a constructor for a proxy class to reduce duplicate code. (kfujino)
Fix: In StatementFacade, the method call on the statements that have been closed throw SQLException rather than NullPointerException. (kfujino)
Other
Fix: Correct comments about Java 8 in Jre8Compat. Patch provided by fibbers via Github. (violetagg)
Fix: 60932: Correctly escape single quotes when used in i18n messages. Based on a patch by Michael Osipov. (markt)
Fix: Update the custom Ant task that integrates with the Symantec code signing service to use the now mandatory 2-factor authentication. (markt)
Changelog:
Tomcat 8.0.44 (violetagg)
General
Add: Allow to exclude JUnit test classes using the build property test.exclude and document the property in BUILDING.txt. (rjung)
Catalina
Fix: 60940: Improve the handling of the META-INF/ and META-INF/MANIFEST.MF entries for Jar files located in /WEB-INF/lib when running a web application from a packed WAR file. (markt)
Fix: Pre-load the ExceptionUtils class. Since the class is used extensively in error handling, it is prudent to pre-load it to avoid any failure to load this class masking the true problem during error handling. (markt)
Fix: Review those places where Tomcat re-encodes a URI or URI component and ensure that that correct encoding (path differs from query string) is applied and that the encoding is applied consistently. (markt)
Fix: Use a more reliable mechanism for the DefaultServlet when determining if the current request is for custom error page or not. (markt)
Fix: Ensure that when the Default or WebDAV servlets process an error dispatch that the error resource is processed via the doGet() method irrespective of the method used for the original request that triggered the error. (markt)
Fix: If a static custom error page is specified that does not exist or cannot be read, ensure that the intended error status is returned rather than a 404 or 403. (markt)
Fix: When the WebDAV servlet is configured and an error dispatch is made to a custom error page located below WEB-INF, ensure that the target error page is displayed rather than a 404 response. (markt)
Add: 61047: Add MIME mapping for woff2 fonts in the default web.xml. Patch provided by Justin Williamson. (violetagg)
Fix: Correct the logic that selects the encoding to use to decode the query string in the SSIServletExternalResolver so that the useBodyEncodingForURI attribute of the Connector is correctly taken into account. (markt)
Fix: 61072: Respect the documentation statements that allow using the platform default secure random for session id generation. (remm)
Fix: Correct the javadoc for o.a.c.connector.CoyoteAdapter#parseSessionCookiesId. Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg)
Jasper
Fix: 60925: Improve the handling of access to properties defined by interfaces when a BeanELResolver is used under a SecurityManager. (markt)
Update: 61057: Update to Eclipse JDT Compiler 4.6.3. (violetagg)
Fix: 61065: Ensure that once the class is resolved by javax.el.ImportHandler#resolveClass it will be cached with the proper name. (violetagg)
WebSocket
Fix: 61003: Ensure the flags for reading/writing in o.a.t.websocket.AsyncChannelWrapperSecure are correctly reset even if some exceptions occurred during processing. (markt/violetagg)
Web applications
Add: Document test.threads option in BUILDING.txt. (kkolinko, rjung)
Add: Add documents for maxIdleTime attribute to Channel Receiver docs. (kfujino)
jdbc-pool
Code: Refactor the creating a constructor for a proxy class to reduce duplicate code. (kfujino)
Fix: In StatementFacade, the method call on the statements that have been closed throw SQLException rather than NullPointerException. (kfujino)
Other
Fix: Correct comments about Java 8 in Jre8Compat. Patch provided by fibbers via Github. (violetagg)
Fix: 60932: Correctly escape single quotes when used in i18n messages. Based on a patch by Michael Osipov. (markt)
Fix: Update the custom Ant task that integrates with the Symantec code signing service to use the now mandatory 2-factor authentication. (markt)
Changelog:
Tomcat 7.0.78 (violetagg)
General
add Allow to exclude JUnit test classes using the build property test.exclude and document the property in BUILDING.txt. (rjung)
Catalina
fix Review those places where Tomcat re-encodes a URI or URI component and ensure that that correct encoding (path differs from query string) is applied and that the encoding is applied consistently. (markt)
fix Use a more reliable mechanism for the DefaultServlet when determining if the current request is for custom error page or not. (markt)
fix Ensure that when the Default or WebDAV servlets process an error dispatch that the error resource is processed via the doGet() method irrespective of the method used for the original request that triggered the error. (markt)
fix If a static custom error page is specified that does not exist or cannot be read, ensure that the intended error status is returned rather than a 404. (markt)
fix When the WebDAV servlet is configured and an error dispatch is made to a custom error page located below WEB-INF, ensure that the target error page is displayed rather than a 404 response. (markt)
add 61047: Add MIME mapping for woff2 fonts in the default web.xml. Patch provided by Justin Williamson. (violetagg)
fix Correct the logic that selects the encoding to use to decode the query string in the SSIServletExternalResolver so that the useBodyEncodingForURI attribute of the Connector is correctly taken into account. (markt)
fix 61072: Respect the documentation statements that allow using the platform default secure random for session id generation. (remm)
fix Correct the javadoc for o.a.c.connector.CoyoteAdapter#parseSessionCookiesId. Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg)
Jasper
fix 60925: Improve the handling of access to properties defined by interfaces when a BeanELResolver is used under a SecurityManager. (markt)
WebSocket
fix 61003: Ensure the flags for reading/writing in o.a.t.websocket.AsyncChannelWrapperSecure are correctly reset even if some exceptions occurred during processing. (markt/violetagg)
Web applications
add Document the property test.excludePerformance in BUILDING.txt. (rjung)
add Add documents for maxIdleTime attribute to Channel Receiver docs. (kfujino)
jdbc-pool
code Refactor the creating a constructor for a proxy class to reduce duplicate code. (kfujino)
fix In StatementFacade, the method call on the statements that have been closed throw SQLException rather than NullPointerException. (kfujino)
Other
fix Correct comments about Java 8 in Jre8Compat. Patch provided by fibbers via Github. (violetagg)
fix 60932: Correctly escape single quotes when used in i18n messages. Based on a patch by Michael Osipov. (markt)
Release Notes
HPLIP 3.17.4 - This release has the following changes:
Added Support for the Following New Printers:
- HP LaserJet Managed Flow MFP E77822z Printer
- HP LaserJet Managed MFP E77822dn Printer
- HP LaserJet Managed Flow MFP E77825z Printer
- HP LaserJet Managed MFP E77825dn Printer
- HP LaserJet Managed Flow MFP E77830z Printer
- HP LaserJet Managed MFP E77830dn Printer
- HP LaserJet Managed Flow MFP E87640z Printer
- HP LaserJet Managed MFP E87640dn Printer
- HP LaserJet Managed Flow MFP E87650z Printer
- HP LaserJet Managed MFP E87650dn Printer
- HP LaserJet Managed Flow MFP E87660z Printer
- HP LaserJet Managed MFP E87660dn Printer
- HP LaserJet Managed Flow MFP E82540z Printer
- HP LaserJet Managed MFP E82540dn Printer
- HP LaserJet Managed Flow MFP E82550z Printer
- HP LaserJet Managed MFP E82550dn Printer
- HP LaserJet Managed Flow MFP E82560z Printer
- HP LaserJet Managed MFP E82560dn Printer
- HP LaserJet Managed Flow MFP E72525z Printer
- HP LaserJet Managed MFP E72525dn Printer
- HP LaserJet Managed Flow MFP E72530z Printer
- HP LaserJet Managed MFP E72530dn Printer
- HP LaserJet Managed Flow MFP E72535z Printer
- HP LaserJet Managed MFP E72535dn Printer
- HP LaserJet Pro M203d Printer
- HP LaserJet Pro MFP M130a Printer
- HP LaserJet Pro MFP M130nw Printer
- HP LaserJet Pro MFP M130fn Printer
- HP LaserJet Pro MFP M130fw Printer
- HP LaserJet Pro MFP M227d Printer
- HP LaserJet Pro MFP M227fdn Printer
- HP LaserJet Ultra MFP M230 sdn Printer
Added support for the following new Distro's:
- Debian 8.7
- Linux Mint 18.1
Launchpad fixes:
1656348 - cups Filter Failed with HP Laserjet
1649550 - HP OfficeJet Pro 7740:no tray choice
1648954 - Encapsulator.cpp send 10000 bytes of 0X00 to the Printer
before real PCL commands
1521134 - hpps has no error handling
Known Issues:
1. Page orientation not changing for post script documents from evince.
2. Edge to Edge Not supported
3. Fax check box is enable for M227d device even it does not support
Upstream changes:
Major features
Highlights
MDL-55611 - New Course overview dashboard block featuring timeline of events
MDL-58220 - Make use of OAuth 2 services to allow users to authenticate with Google G-Suite or Microsoft Office accounts and manage files from associated drives
MDL-39913 - New Assignment setting for restricting submission file types
MDL-4782 - "Stealth mode" for resources/activities in a course - not displayed on the course page but available for students
MDL-40759 - New Font Awesome icon font for all icons in Moodle
For teachers
MDL-58138 - Activity completion settings for setting activity completion defaults and bulk editing of completion requirements
MDL-48771 - Quiz activity: Option to delete multiple questions
MDL-53814 - Quiz activity: Question type icons are displayed in the quiz manual grading overview
MDL-55459 - Assignment activity: Annotated PDF comments are collapsible
MDL-23919 - Database activity: The setting "Required entries" is now an activity completion condition
MDL-57769 - Topic and weeks course formats: After a course is created, sections can be added and removed only from the course page (it is no longer possible to have "orphaned" activities)
MDL-46929, MDL-57456, MDL-57457 - Forum posts, glossary entries and book chapters may be tagged
MDL-56251 - For courses in weekly format, a new course setting allows for the course end date to be calculated automatically
MDL-47354 - Allow the page size in the Single view report to be configurable
Backup and restore
MDL-34859 - Add site defaults for all restore settings, improve UI around "Overwrite course configuration" select
MDL-40838 - Allow to restore non-default enrollment methods without restoring users
MDL-57769 - When restoring/importing big courses in Weeks and Topics formats into small existing courses ajust the number of sections automatically
For administrators
Please read carefully: Possible issues that may affect you in Moodle 3.3
MDL-46375 - Support for storing files not on the local drive (there are no open-source solutions at the moment, developer's help is required to implement custom cloud storage)
MDL-55528, MDL-58280 - New document converter plugin type allows alternatives to unoconv, such as the Google Drive converter
MDL-55980 - Run individual scheduled tasks from web interface
MDL-57896 - CLI wrapper for get_config() and set_config() methods
MDL-57789 - Use Cache-Control: immutable when serving files
MDL-37765 - New capability to bypass access restrictions, separated from capability to view hidden activities
MDL-57913 - Convert external database authentication synchronisation to scheduled task
Plugins removal and deprecation
The repository Skydrive is deprecated; please migrate to the newer OneDrive repository
The Dashboard block Course overview is replaced with a new block Course overview which is a different plugin. If you want to use the old block, you need to download and install it from https://moodle.org/plugins/block_course_overview
Mobile app support
MDL-57410 - Allow admins to add new external links to pages in the main menu of the Mobile app
MDL-57408 - Add new settings for allowing renaming strings in the Mobile app
MDL-49423 - Add new settings for disabling Mobile app functionalities
MDL-57759 - Allow offline attempts via the Mobile app in the lesson module
MDL-57162 - Support Native App install banners for Android as well as iOS for the mobile app
Other improvements
MDL-33483 - Google Docs repository: Save Doc files in different formats to RTF
MDL-42266 - Improve the list of maximum file size options for file uploads
MDL-51853 - Calendar subscriptions from imported files should be editable
MDL-41729 - Add ability to change passwords for users using Shibboleth
MDL-57572, MDL-57570, MDL-57355 - Redis and static caches performance improvements if igbinary library is installed
MDL-56808 - SCORM module: Performance improvements when running SCORM 1.2 packages
MDL-57686 - Add support for PDO databases in external database authentication
MDL-57638 - RSS Block: RSS feeds are more heavily cached and correctly respect skip values
For developers
MDL-55528 - New plugin type 'fileconverter' for file conversions, unoconv is now a plugin that can be replaced with scalable commercial solutions (see File Converters)
MDL-40759 - Font Awesome icon font is used for all icons in Moodle (see Moodle icons)
MDL-46375 - Support for storing files not on the local drive is implemented by allowing to override functionality of file_storage and stored_file classes (see File System API)
MDL-12689 - Convert all authentication plugins to use settings.php (see upgrade.txt)
MDL-53978 - Add extra plugin callbacks for every major stage of page render (see commit)
MDL-58138 - Course modules may provide additional callbacks to participate in bulk editing of activities completion rules in a course
MDL-58220 - Better office integration
MDL-45584 - Multiple caches can be instantiated with the same definition but with different identifiers
MDL-57769 - Course formats: Attribute 'numsections' was removed from topics and weeks, other course formats may want to implement similar changes
MDL-55956 - Priority field for the calendar events allowing to specify the priority of overrides
MDL-58566 - New methods for retrieving calendar events
MDL-55941 - New element to select first name of first/last names is implemented in tablelib or can be used by developers elsewhere (template)
MDL-56519 - Lint behat .feature files
MDL-57273 - New classes (core\persistent, core\form\persistent, core\external\exporter, \core\external\persistent_exporter) used to represent a data-model and export that data in a standard format for webservices (previously was used in competencies) (see Persistent form, Persistent, Exporter)
MDL-57490 - Removed several legacy JS functions from javascript-static.js
MDL-57690 - mcore YUI rollup is no longer included on every single Moodle page (see [forum post])
Due to the critical nature of issue 41230 we have decided to patch the 2016.11.5 packages with P.R.41244. This issue affects all calls to a salt-minion if there is an ipv6 nameserver set on the minion's host. The patched packages on repo.saltstack.com will divert from the v2016.11.5 tag and pypi packages due to the additional PR applied to the packages.
Bug fixes.
Incompatible Changes
- fping and fping6 unification
- Option -n, not the same as -d anymore
- Discarding of late packets
- No restrictions by default
- Default interval (-i) changed from 25ms to 10ms
New features
- Unified 'fping' and 'fping6' into one binary
- Long option names for all options
- IPv6 enabled by default
- New option -4 to force IPv4
- New option -6 to force IPv6
- Keep original name if a hostname is given with -n/--name
- Option -d/--rdns now always does a rdns-lookup, even for names, as '-n' was doing until now
- Enforce -t timeout on reply packets, by discarding late packets
- Auto-adjust timeout for -c/-C/-l mode to value of -p
Bugfixes and other changes
- -i/-p restrictions disabled by default (enable with --enable-safe-limits)
- Default interval -i changed from 25ms to 10ms
- Fix compatibility issue with GNU Hurd
- A C99 compiler is now required
- Option parsing with optparse (https://github.com/skeeto/optparse)
- New changelog file format
Upgrading from 2.5 to 2.6
The following changes require your full attention because a manual intervention may be needed:
The name and location of the pullnews configuration file have changed. It is now pullnews.marks, located in pathdb when pullnews is run as the news user, or otherwise in the running user's home directory. This file was previously stored in .pullnews in the running user's home directory (even for the news user). If you use pullnews, you need to manually move and rename the configuration file; otherwise, it will no longer work. Note that the -c flag passed to pullnews allows to specify another configuration file, if need be.
The default location of the mailpost database directory has changed from pathtmp to pathdb. If you use mailpost without an explicitly specified database directory (using the -b flag), then you should manually move your current database files mailpost-msgid.dir and mailpost-msgid.pag from pathtmp to pathdb.
If you have been using TLS/SSL with nnrpd before, be aware that the default value of a few inn.conf parameters have changed: the server now decides the preferred cipher (instead of the client), and only TLS protocols are allowed (using the flawed SSLv2 and SSLv3 protocols is now disabled). If you want to change these settings, the respective tlspreferserverciphers and tlsprotocols parameters can be tuned to your needs.
The --with-kerberos configure flag used to add Kerberos v5 support has been renamed to --with-krb5.
The --with-berkeleydb configure flag used to add Berkeley DB support has been renamed to --with-bdb.
The --enable-ipv6 configure flag no longer exists. IPv6 is now unconditionally enabled, if available.
$HOME is no longer exported as an environment variable by innshellvars, innshellvars.tcl and the Perl module INN::Config. It was previously overriding the default user home directory with pathnews. If you use these scripts in your own scripts, you will have to take care of that change.
Owing to the implementation of RFC 4643 (AUTHINFO USER/PASS) in innd, if remote peers have to authenticate in order to feed articles, they now have to send a username (which was previously wrongly optional), before sending their password. The mandatory username, though currently unused by innd, can be whatever the remote peer wishes. In previous versions of INN, inncheck was already complaining when passwd.nntp contained an empty username associated with a password.
A manual review of authenticated feeds should then be done so as to ensure that they are properly working.
The Injection-Date: and Injection-Info: headers are now generated by nnrpd at injection time instead of the NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To: and X-Trace: headers. Local scripts that were using (for authentication, privacy, etc.) these now deprecated headers should be updated. Also note that the Path: header of locally posted articles can also contain the contents of the deprecated NNTP-Posting-Host: field.
The two addnntppostingdate and addnntppostinghost parameters in inn.conf have been respectively renamed to addinjectiondate and addinjectionpostinghost. innupgrade takes care of the modification only for inn.conf; a manual change will therefore be needed for readers.conf, if these parameters are overridden in this file.
The default values of a few inn.conf parameters have changed to make use of the vastly expanded storage and RAM commonly available today: datamovethreshold (from 8192 to 16384), msgidcachesize (from 16000 to 64000), overcachesize (from 64 to 128), and wireformat (now enabled by default).
The generation of status reports and performance timings are now also enabled by default: logstatus and nnrpdoverstats parameters, with a frequency of 10 minutes (status and timer parameters).
The default value of max-queue-size has changed from 5 to 20, and use-mmap now defaults to true for innfeed.conf.
Changes in 2.6.1
nnrpd now uses -0000 as the time zone for Date: and Injection-Date: header fields it generates. It was previously using +0000, wrongly systematically indicating a local time zone at Universal Time when localtime is set to false (which is the default) in readers.conf. The +0000 time zone will now be used only if localtime is set to true and UTC is really the local time zone of the server.
Julien Elie has implemented in nnrpd the new COMPRESS command described in draft-murchison-nntp-compress that extends the NNTP protocol to allow a connection to be effectively and efficiently compressed. News clients that also support that extension will be able to benefit from that bandwidth optimization and improvement in speed. Moreover, using COMPRESS is more secure than TLS-level compression, as far as authentication credentials are concerned.
The default value for the tlscompression parameter in inn.conf has changed. TLS-level compression is now disabled by default, to comply with the best current practices for a secure use of TLS in application protocols like NNTP. Using the new COMPRESS command is recommended.
The tlscompression parameter in inn.conf now also permits to disable TLS-level compression with OpenSSL 0.9.8. It previously had an effect only when OpenSSL 1.0.0 or later was used.
rnews no longer segfaults at startup when started setuid news. Thanks to Marcus Jodorf for the bug report.
Fixed slow nnrpd responses for a few NNTP commands. The TCP_NODELAY option was unconditionally set whereas only BSD/OS systems needed it. Thanks to Christian Mock for having discovered that.
Articles containing a Received: or a Posted: header field are no longer rejected by nnrpd at injection time.
Articles containing control characters or whitespace-only content lines in their headers are now rejected by nnrpd at injection time.
OpenSSL 1.1.0 support has been added to INN.
When an encryption layer is negotiated during a successful use of the STARTTLS command, or after a successful authentication using a SASL mechanism that negotiates an encryption layer, nnrpd now updates the permissions of the news client according to the new secure state of his connection (that is to say auth blocks in readers.conf using the require_ssl parameter are taken into account). Previously, only connections on a dedicated port (usually 563) were taking benefit from that parameter. Thanks to Steve Crook for the bug report.
When a data integrity layer was negotiated during a successful SASL authentication, nnrpd was wrongly reseting any knowledge obtained from the client, such as the current newsgroup and article number. This behaviour now applies only when an encryption layer is negotiated.
nntpsend now correctly waits until all of the child innxmit processes exit before it does. It was causing nntpsend to fail to work properly on systems that use systemd, because when it exits prematurely, systemd kills all of the processes it launched, including the innxmit processes. Thanks to Jonathan Kamens for the patch.
Update from GNU Libtool 2.4.2 to 2.4.6.
Other minor bug fixes and documentation improvements.
Changes in 2.6.0
The NNTP protocol requires a username to be sent before a password when authentication is used. innd was wrongly allowing only a password to be sent by authenticated peers. See the note above for more details.
The Lines: header is no longer generated by nnrpd at injection time.
The Injection-Date: header is now generated by nnrpd at injection time instead of the deprecated NNTP-Posting-Date: header, when addinjectiondate is set to true. Note that addnntppostingdate has been renamed to addinjectiondate in inn.conf.
The Injection-Info: header is now generated by nnrpd at injection time instead of the deprecated NNTP-Posting-Host: (when addinjectionpostinghost is set to true), X-Complaints-To: and X-Trace: headers. Note that addnntppostinghost has been renamed to addinjectionpostinghost in inn.conf. The Path: header of locally posted articles now also contains the contents of the NNTP-Posting-Host: header.
A new addinjectionpostingaccount parameter has been added in inn.conf. When set to true, the Injection-Info: header field contains an additional posting-account attribute that mentions the username assigned to the user at connection time or after authentication. The default value for this parameter is false.
A few headers are now considered as obsolete by nnrpd at injection time: NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To:, X-Trace:, Also-Control:, Article-Names:, Article-Updates:, and See-Also: headers.
Besides, nnrpd will similarly reject obsolete sendsys, senduuname and version control messages.
The presence of a Subject: header field beginning with cmsg no longer causes an article to be interpreted as a control message by nnrpd at injection time.
nnrpd no longer differentiates IHAVE from POST. Articles injected with IHAVE are now treated as though they were injected with POST. It means that if the previous behaviour of IHAVE was expected, innd should handle itself the connection instead of nnrpd.
The name of the pullnews configuration file is now pullnews.marks located in pathdb when pullnews is run as the news user, or otherwise in the running user's home directory. It was previously stored in .pullnews in the running user's home directory (even for the news user).
Fixed a leak of semaphores when using buffindexed. Thanks to Richard Kettlewell for having fixed the issue.
Building with Libtool is no longer optional. The --enable-libtool option to configure has been removed.
DESTDIR and non-root installs are now properly supported and documented in INSTALL. The make install, make update and make cert steps properly obey DESTDIR. Besides, it is no longer a requirement that the installation step be done by the superuser, as long as the user executing the install has supplied a DESTDIR value that points to a writable directory, and the person or process performing the install corrects the file ownerships when INN is installed on the system on which it's going to run. Thanks to James Ralston for this support.
When building INN with Berkeley DB, Cyrus SASL, Kerberos v5, OpenSSL, or zlib support, no longer add standard locations to compiler and linker include flags. Such default paths are now added only if explicitly given to one or more of the --with-bdb, --with-bdb-include, --with-bdb-lib, --with-sasl, --with-sasl-include, --with-sasl-lib, --with-krb5, --with-krb5-include, --with-krb5-lib, --with-openssl, --with-openssl-include, --with-openssl-lib, --with-zlib, --with-zlib-include, or --with-zlib-lib configure flags (the flags ending with -include and -lib are new in INN 2.6.0).
If the Berkeley DB, Cyrus SASL, Kerberos v5, or OpenSSL SSL and crypto libraries are found at configure time, INN will now be built with support for them unless respectively the --without-bdb, --without-sasl, --without-krb5, or --without-openssl flags are explicitly passed to configure.
Note that it was already the default behaviour for zlib support when Berkeley DB support was also enabled.
The configure flag --enable-reduced-depends has been added to request that library probes assume shared libraries are in use and dependencies of libraries should not be probed. It therefore tries to minimize the shared library dependencies of the resulting binaries on platforms with proper shared library dependencies. This is not enabled by default, and is of interest primarily to people building packages for distributions.
Building INN with Python support now requires the use of Python 2.2.0 or later as the distutils.sysconfig module used was introduced with Python 2.2.0.
The INN test suite driver is now fully synchronized with the upstream version of the C TAP Harness package maintained by Russ Allbery. Keeping the INN test suite driver up-to-date will be possible thanks to a new getc-tap-harness script in the support directory that automatically fetches the latest upstream changes.
Similarly, the new getrra-c-util script permits to keep most of the utility and portability functions synchronized with the upstream version of the rra-c-util package maintained by Russ Allbery.
Other minor bug fixes and documentation improvements.
but quite a few handy improvements nonetheless.
Scrapy now supports anonymous FTP sessions with customizable user and
password via the new :setting:`FTP_USER` and :setting:`FTP_PASSWORD` settings.
And if you're using Twisted version 17.1.0 or above, FTP is now available
with Python 3.
There's a new :meth:`response.follow <scrapy.http.TextResponse.follow>` method
for creating requests; **it is now a recommended way to create Requests
in Scrapy spiders**. This method makes it easier to write correct
spiders; ``response.follow`` has several advantages over creating
``scrapy.Request`` objects directly:
* it handles relative URLs;
* it works properly with non-ascii URLs on non-UTF8 pages;
* in addition to absolute and relative URLs it supports Selectors;
for ``<a>`` elements it can also extract their href values.
Backward-incompatible changes:
* attrs will set the __hash__() method to None by default now. The way hashes were handled before was in conflict with Python’s specification. This may break some software although this breakage is most likely just surfacing of latent bugs. You can always make attrs create the __hash__() method using @attr.s(hash=True).
* Correspondingly, attr.ib‘s hash argument is None by default too and mirrors the cmp argument as it should.
Deprecations:
* attr.assoc() is now deprecated in favor of attr.evolve() and will stop working in 2018.
Changes:
Fix default hashing behavior. Now hash mirrors the value of cmp and classes are unhashable by default.
Added attr.evolve() that, given an instance of an attrs class and field changes as keyword arguments, will instantiate a copy of the given instance with the changes applied. evolve() replaces assoc(), which is now deprecated. evolve() is significantly faster than assoc(), and requires the class have an initializer that can take the field values as keyword arguments (like attrs itself can generate).
FrozenInstanceError is now raised when trying to delete an attribute from a frozen class.
Frozen-ness of classes is now inherited.
__attrs_post_init__() is now run if validation is disabled.
Added attr.validators.in_(options) that, given the allowed options, checks whether the attribute value is in it. This can be used to check constants, enums, mappings, etc.
Added attr.validators.and_() that composes multiple validators into one.
For convenience, the validator argument of @attr.s now can take a list of validators that are wrapped using and_().
Accordingly, attr.validators.optional() now can take a list of validators too.
Validators can now be defined conveniently inline by using the attribute as a decorator. Check out the examples to see it in action!
attr.Factory() now has a takes_self argument that makes the initializer to pass the partially initialized instance into the factory. In other words you can define attribute defaults based on other attributes.
Default factories can now also be defined inline using decorators. They are always passed the partially initialized instance.
Conversion can now be made optional using attr.converters.optional().
attr.make_class() now accepts the keyword argument bases which allows for subclassing.
Metaclasses are now preserved with slots=True.
* Add :meth:`~parsel.selector.SelectorList.get` and :meth:`~parsel.selector.SelectorList.getall`
methods as aliases for :meth:`~parsel.selector.SelectorList.extract_first`
and :meth:`~parsel.selector.SelectorList.extract` respectively
* Add default value parameter to :meth:`~parsel.selector.SelectorList.re_first` method
* Add :meth:`~parsel.selector.Selector.re_first` method to :class:`parsel.selector.Selector` class
* Bug fix: detect ``None`` result from lxml parsing and fallback with an empty document
* Rearrange XML/HTML examples in the selectors usage docs
This is feature release, expanding the capabilities of the decimals strategy.
* The new (optional) places argument allows you to generate decimals with a certain number of places (e.g. cents, thousandths, satoshis).
* If allow_infinity is None, setting min_bound no longer excludes positive infinity and setting max_value no longer excludes negative infinity.
* All of NaN, -Nan, sNaN, and -sNaN may now be drawn if allow_nan is True, or if allow_nan is None and min_value or max_value is None.
* min_value and max_value may be given as decimal strings, e.g. "1.234".
Included ucspi-ssl-0.70_ucspitls-0.6.patch (STARTTLS support)
originally designed and provided by Scott Gifford (FEH).
Added Certchain support for sslserver and sslclient (FEH).
Integration and added man-pages (FEH).
Synced with ucspi-tcp6-0.95.
Fixed integration bug in ssl_very.c.
Included patches from Peter Conrad.
Bug fix in sslserver. Several small
corrections.
Fix for large X509 serial numbers on x86 (tx. Peter Conrad).
SAN DNSname has precedence over CN in subject.
Re-edited man pages and rts tests.
Added IPv6 support (tx. to Felix von Leitner and Brandon Turner).
UI: Changed sslserver client cert call from '-i/-I' to '-z/-Z'
for compatibility reasons.
Added '-4/-6' support for client scripts.
Added output environment variables TCP6* for sslserver.
sslperl, sslhandle, and sslprint are not IPv6 ready yet.
Added IPv6 capabilities to sslhandle, sslprint, sslperl.
Changed verification of X.509 certs.
Removed obsolete socket_4 calls in sslserver.
Streamlined code with ucspi-tcp6-1.00.
Supplied new certs with customized SAN.
Make rts working (at least some how).
Added support for personalized client certs.
New option '-m' in sslserver, complementing '-z'.
CCAFILE='-' disables client cert request.
Added verbose log output for SSL connection informations.
Fixed wrongly nested CONNECT error code for sslclient.c
producing wrong warning messages while connecting to
an IPv4 address.
Added call of '-ldl' in ssl.lib.
Mitigation of SSL connection hanging during
coincident change of daylight-saving settings.
Fixed bug in sslserver's dnsip lookup in case of paranoid settings
and additonal existance of IPv6 AAAA records for incoming IPv4 connection.
Serveral fixes from 'troy@' included to cope with compiler errors and
to solve a bug in function getbitasaddress in ip4_bit.c (= ucspi-tcp6-1.02).
Reordered conf-* variables in main dir to allow easier generation of
packages (i.e. RPM). Fixed script to identify different HW architecture
and OS. This version works in 32 bit mode on Raspian Linux / RasPi 7.
Added ECDH capabilites (tx to Frank Bergmann for the patches).
Added compatibility with LibreSSL.
Fixed missing negative return call treatment from 'poll' (tx Frank Bergmann).
Tentative 'emake' fix for Gentoo build.
Added OpenSSL 1.1 tweaks -- works under Debian (9) 'Stretch'.
* New upstream release:
* merged Makefile patch
* update standards version, no change
* Remove pre-compiled .pyc for bzr plugin from Debian package,
and add python:Depends to Depends so that dh_python2 will install
maintainer script snippets. Unfortunately, this adds a completely
unnecessary dependency on python, which etckeeper does not need in
normal operation.
* Make etckeeper commit store metadata changes. The pre-commit
hook has always (and continues) to do that, but pre-commit is only
run when there are changes to tommit. This makes metadata-only
changes get committed.
* Move systemd files to /lib/systemd; /usr/lib/systemd is not used
on Debian.
* Optimised find for special and hard linked files.
Thanks, Rike-Benjamin Schuppner.
* Adjust when Pacman 5 calls etckeeper hooks.
Thanks, Tilman Blumenbach and Christian Hesse.
* Only run Pacman hooks when files in /etc have changed.
Thanks, Christian Hesse.
* Added systemd timer that can run etckeeper 10 minutes after boot, and also
daily. It's not enabled by default, partly because of overlap with the
cron job.
Thanks, Christian Hesse.
* Added support for pacmatic, contributed by nicolaichuk.
* bzr: make sure EMAIL is defined
Thanks, Serge E. Hallyn
* Fix Makefile version patterns to ignore non-native version number
(Antoine Beaupré)
* Support ~/.config/git/config when determining the author name and email.
Thanks, Richard Savio
* Added support for Arch's pacman package manager version 5.
Thanks, Tilman Blumenbach.
* Set HOME if it's not set, as is the case when using ubuntu's
update-manager.
* Move bash completion out of etc and into usr.
* Prepare upload to Debian unstable
* Fix Makefile version patterns to ignore non-native version number
* Fix lintian warnings:
* remove .pyc files on build
* install bash completions in standard location
* ignore missing debian/config file, we ask only on purge on purpose
* ignore full path for /usr/bin/etckeeper, we use it to stash it for
later
* Update to standards 3.9.6, no change
* Remove obsolete XS-Python-Version field
* Run debconf-updatepo, outdating a bunch of translations
* Use getent utility instead of perl. (Elan Ruusamäe)
* Initial FreeBSD support with pkgng plugin. (William Johansson)
* Fix README.md symlink in package (Sebastian Schmidt, Antoine Beaupré,
closes: #791566)
* Fix typo of GIT_COMMITTER_EMAIL.
* Update git URL in control file.
* Send yum pre-commit output to /dev/null
Thanks, Andrew Colin Kissa
* Set LANG=C internally when doing some operations that have
been reported to fail in other locales.
* Fix name of DNF plugin.
* Add --version
Thanks Andreas Wansner.
* New website, http://etckeeper.branchable.com/
* Add build-depends on dh-python.
* Added support for Fedora's DNF highlevel package manager.
Thanks, Peter Listiak and Petr Spacek.
* Add architecture info to dpkg list-installed. Closes: #768145
* Orphaned the Debian package.
fixes DoSses: CVE-2017-7478 CVE-2017-7479
fixes PR pkg/52044
relevant excerpt of ChangeLog:
OpenVPN Change Log
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
2017.05.11 -- Version 2.3.15
David Sommerseth (5):
dev-tools: Added script for updating copyright years in files
Update copyrights
docs: Further improve --reneg-bytes and SWEET32 information
git: Merge .gitignore files into a single file
Make --cipher/--auth none more explicit on the risks
Gert Doering (1):
Document --proto udp6, tcp6, etc.
Julien Muchembled (1):
Fix implicit declarations when HAVE_OPENSSL_ENGINE is unset
Steffan Karger (6):
Add missing includes in error.h
cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
Document that OpenVPN 2.3 does not check the CRL signature
Introduce and use secure_memzero() to erase secrets
Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)
Don't assert out on receiving too-large control packets (CVE-2017-7478)
2016.12.06 -- Version 2.3.14
Christian Hesse (1):
update year in copyright message
David Sommerseth (1):
Document the --auth-token option
Gert Doering (2):
Repair topology subnet on FreeBSD 11
Repair topology subnet on OpenBSD
Lev Stipakov (1):
Drop recursively routed packets
Selva Nair (4):
Support --block-outside-dns on multiple tunnels
When parsing '--setenv opt xx ..' make sure a third parameter is present
Map restart signals from event loop to SIGTERM during exit-notification wait
Correctly state the default dhcp server address in man page
Steffan Karger (1):
Clean up format_hex_ex()
2016.11.02 -- Version 2.3.13
Arne Schwabe (2):
Use AES ciphers in our sample configuration files and add a few modern 2.4 examples
Incorporate the Debian typo fixes where appropriate and make show_opt default message clearer
David Sommerseth (4):
t_client.sh: Make OpenVPN write PID file to avoid various sudo issues
t_client.sh: Add support for Kerberos/ksu
t_client.sh: Improve detection if the OpenVPN process did start during tests
t_client.sh: Add prepare/cleanup possibilties for each test case
Gert Doering (5):
Do not abort t_client run if OpenVPN instance does not start.
Fix t_client runs on OpenSolaris
make t_client robust against sudoers misconfiguration
add POSTINIT_CMD_suf to t_client.sh and sample config
Fix --multihome for IPv6 on 64bit BSD systems.
Ilya Shipitsin (1):
skip t_lpback.sh and t_cltsrv.sh if openvpn configured --disable-crypto
Lev Stipakov (2):
Exclude peer-id from pulled options digest
Fix compilation in pedantic mode
Samuli Seppänen (1):
Automatically cache expected IPs for t_client.sh on the first run
Steffan Karger (6):
Fix unittests for out-of-source builds
Make gnu89 support explicit
cleanup: remove code duplication in msg_test()
Update cipher-related man page text
Limit --reneg-bytes to 64MB when using small block ciphers
Add a revoked cert to the sample keys
2016.08.23 -- Version 2.3.12
Arne Schwabe (2):
Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it.
Move ASSERT so external-key with OpenSSL works again
David Sommerseth (3):
Only build and run cmocka unit tests if its submodule is initialized
Another fix related to unit test framework
Remove NOP function and callers
Dorian Harmans (1):
Add CHACHA20-POLY1305 ciphersuite IANA name translations.
Ivo Manca (1):
Plug memory leak in mbedTLS backend
Jeffrey Cutter (1):
Update contrib/pull-resolv-conf/client.up for no DOMAIN
Jens Neuhalfen (2):
Add unit testing support via cmocka
Add a test for auth-pam searchandreplace
Josh Cepek (1):
Push an IPv6 CIDR mask used by the server, not the pool's size
Leon Klingele (1):
Add link to bug tracker
Samuli Seppänen (2):
Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes
Clarify the fact that build instructions in README are for release tarballs
Selva Nair (4):
Make error non-fatal while deleting address using netsh
Make block-outside-dns work with persist-tun
Ignore SIGUSR1/SIGHUP during exit notification
Promptly close the netcmd_semaphore handle after use
Steffan Karger (4):
Fix polarssl / mbedtls builds
Don't limit max incoming message size based on c2->frame
Fix '--cipher none --cipher' crash
Discourage using 64-bit block ciphers
Pkgsrc changes:
Adapt PLIST.
Upstream changes:
1.18.2 2017-02-20
[Bug] #895: Fix a bug in server-mode concerning multiple interactive
auth steps (which were incorrectly responded to). Thanks to Dennis
Kaarsemaker for catch & patch.
[Bug] #713: (via #714 and #889) Don't pass initialization vectors
to PyCrypto when dealing with counter-mode ciphers; newer PyCrypto
versions throw an exception otherwise (older ones simply ignored
this parameter altogether). Thanks to @jmh045000 for report &
patches.
[Bug] #44: (via #891) SSHClient now gives its internal Transport
a handle on itself, preventing garbage collection of the client
until the session is closed. Without this, some code which returns
stream or transport objects without the client that generated
them, would result in premature session closure when the client
was GCd. Credit: @w31rd0 for original report, Omer Anson for the
patch.
[Bug] #862: (via #863) Avoid test suite exceptions on platforms
lacking errno.ETIME (which seems to be some FreeBSD and some
Windows environments.) Thanks to Sofian Brabez.
[Bug] #853: Tweak how RSAKey.__str__ behaves so it doesn't
cause TypeError under Python 3. Thanks to Francisco Couzo for
the report.
[Support] #866: (also #838) Remove an old test-related file we
don't support, and add PyPy to Travis-CI config. Thanks to
Pierce Lopez for the final patch and Pedro Rodrigues for an
earlier edition.
1.18.1 2016-12-12
[Bug] #859: (via #860) A tweak to the original patch implementing
#398 was not fully applied, causing calls to invoke_shell to
fail with AttributeError. This has been fixed. Patch credit:
Kirk Byers.
1.18.0 2016-12-09
[Feature] #398: Add an environment dict argument to
Client.exec_command (plus the lower level Channel.update_environment
and Channel.set_environment_variable methods) which implements
the env SSH message type. This means the remote shell environment
can be set without the use of VARNAME=value shell tricks,
provided the server's AcceptEnv lists the variables you need
to set. Thanks to Philip Lorenz for the pull request.
[Feature] #780: (also #779, and may help users affected by
#520) Add an optional timeout parameter to Transport.start_client
(and feed it the value of the configured connection timeout
when used within SSHClient.) This helps prevent situations
where network connectivity isn't timing out, but the remote
server is otherwise unable to service the connection in a timely
manner. Credit to @sanseihappa.
[Support] #819: Document how lacking gmp headers at install
time can cause a significant performance hit if you build
PyCrypto from source. (Most system-distributed packages already
have this enabled.)
[Support] #854: Fix incorrect docstring/param-list for
Transport.auth_gssapi_keyex so it matches the real signature.
Caught by @Score_Under.
[Support] #792: Minor updates to the README and demos; thanks to Alan Yee.
[Support] #801: Skip a Unix-only test when on Windows; thanks to Gabi Davar.
For pre-1.18.0 changes, see
http://www.paramiko.org/changelog.html
The package offers support for drawing tree diagrams, and is especially
suitable for linguistics use. It allows trees to be specified in a simple
bracket notation, automatically calculates branch sizes, and supports
both DVI/PostScript and PDF output by use of pict2e facilities.
- NEW: type coercion (#55)
- FIX: quotes in quotes and double quotes at begin of string (#47)
- FIX: catch null value in assignmen (#46)
- NEW: support for key:=file.json for reading object values from a file (#43)
- NEW: PPA contributed by Ross Duggan in #32
- FIX: "null" is now handled like we handle "true" and "false"; disable with -B
- NEW: more tests in the test suite
Fix incorrect output for some types of FAR or SEG references in the obj output format, and possibly other 16-bit output formats.
Fix the address in the list file for an instruction containing a TIMES directive.
Fix error with TIMES used together with an instruction which can vary in size, e.g. JMP.
Fix breakage on some uses of the DZ pseudo-op.
The 5.6.5 release was mostly a maintenance release. The release included two CVE fixes.
The first, CVE-2016-7420, was a procedural finding due to external build systems failing to define NDEBUG for release builds. The gap was the project's failure to tell users to define NDEBUG. The second, CVE-2016-7544, was a potential memory corruption on Windows platforms when using Microsoft compilers due to use of _malloca and _freea.
Due to CVE-2016-7420 and the possibility for an unwanted assert to egress data, users and distros are encouraged to recompile the library and all dependent programs.
