5.9.7
Improvements
Fixed some doc block issues when generating HTML
Updates to the Release workflow for publishing to test pypi
Adding in CodeQL Analysis
Create SECURITY.md
Fix the network space is empty on subnet detail
Prevents SLCLI_VERSION environment variable from breaking things
Refactor loadbal order-options
slcli server create-options dal13 Error
New Commands
add new feature on vlan cli
Release v1.42.0
Core
Update RDS parsing for use on servers.
Upgrade Abseil to LTS 20210324, Patch 2.
Upgrade bazel to 4.2.1 (LTS), upgrade bazel toolchain to 4.1.0.
Remove old backwards compatibility cronet compression workaround code.
EventEngine Test Suite: Timers.
EventEngine::Closure.
OpenCensusCallTracer: Move context generation to StartTransportStreamOpBatch.
Fix client idle filter.
allow connectivity state watching to work on lame channels.
grpclb: implement subchannel caching.
xds: change CSDS to populate new generic_xds_configs field.
C++
Describe support-levels for undocumented supported platforms.
C#
Fix link error when building app with Xamarin.iOS.
C#: metadata.Get and GetAll should accept uppercase keys.
Fix use-after-free metadata corruption in C# when receiving response headers for streaming response calls.
Objective-C
[objc] GRPCErrorCode enum base type to int32_t.
[objc] Adding lightweight generic to GPRCCallOptions's initialMetadata prop .
[objc] GRPCMetadataDictionary convenient typedef.
[objc] Switch to proto forward declare for gRPC codegen plugin.
Python
Add Aspects to Bazel py_proto_library and py_grpc_library Rules.
[Aio] Add add_done_callback/done/cancelled methods to ServicerContext.
[Aio] Correct the typing of input metadata.
Address leak when using request stream interceptors
Catch ExecuteBatchError in _consume_request_iterator.
[Aio] Resolve deprecated warnings from asyncio.
Create Bazel gevent test harness.
Add python_requires >=3.6 to grpcio-* packages.
fix: use == instead of is when comparing with a certain types of literals.
python: fix type annotation for the _metadata field.
Ruby
ruby: add arm64 darwin support.
ruby: build native Darwin gems using rake-compiler-dock.
Summary for 4.99.1 tcpdump release:
Source code:
Squelch some compiler warnings
ICMP: Update the snapend for some nested IP packets.
MACsec: Update the snapend thus the ICV field is not payload
for the caller.
EIGRP: Fix packet header fields
SMB: Disable printer by default in CMake builds
OLSR: Print the protocol name even if the packet is invalid
MSDP: Print ": " before the protocol name
ESP: Remove padding, padding length and next header from the buffer
DHCPv6: Update the snapend for nested DHCPv6 packets
OpenFlow 1.0: Get snapend right for nested frames.
TCP: Update the snapend before decoding a MPTCP option
Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks
ForCES: Refine SPARSEDATA-TLV length check.
ASCII/hex: Use nd_trunc_longjmp() in truncation cases
GeoNet: Add a ND_TCHECK_LEN() call
Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES().
BGP: Fix overwrites of global 'astostr' temporary buffer
ARP: fix overwrites of static buffer in q922_string().
Frame Relay: have q922_string() handle errors better.
Building and testing:
Rebuild configure script when building release
Fix "make clean" for out-of-tree autotools builds
CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH.
Documentation:
man: Update a reference as www.cifs.org is gone. [skip ci]
man: Update DNS sections
Solaris:
Fix a compile error with Sun C
Summary for 4.99.0 tcpdump release
Improve the contents, wording and formatting of the man page.
Print unsupported link-layer protocol packets in hex.
Add support for new network protocols and DLTs: Arista, Autosar SOME/IP,
Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand
(IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch
Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS,
ZigBee Encapsulation Protocol (ZEP).
Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP,
ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS,
NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD,
VXLAN-GPE.
User interface:
Make SLL2 the default for Linux "any" pseudo-device.
Add --micro and --nano shorthands.
Add --count to print a counter only instead of decoding.
Add --print, to cause packet printing even with -w.
Add support for remote capture if libpcap supports it.
Display the "wireless" flag and connection status.
Flush the output packet buffer on a SIGUSR2.
Add the snapshot length to the "reading from file ..." message.
Fix local time printing (DST offset in timestamps).
Allow -C arguments > 2^31-1 GB if they can fit into a long.
Handle very large -f files by rejecting them.
Report periodic stats only when safe to do so.
Print the number of packets captured only as often as necessary.
With no -s, or with -s 0, don't specify the snapshot length with newer
versions of libpcap.
Improve version and usage message printing.
Building and testing:
Install into bindir, not sbindir.
autoconf: replace --with-system-libpcap with --disable-local-libpcap.
Require the compiler to support C99.
Better detect and use various C compilers and their features.
Add CMake as the second build system.
Make out-of-tree builds more reliable.
Use pkg-config to detect libpcap if available.
Improve Windows support.
Add more tests and improve the scripts that run them.
Test both with "normal" and "x87" floating-point.
Eliminate dependency on libdnet.
FreeBSD:
Print a proper error message about monitor mode VAP.
Use libcasper if available.
Fix failure to capture on RDMA device.
Include the correct capsicum header.
Source code:
Start the transition to longjmp() for packet truncation handling.
Introduce new helper functions, including GET_*(), nd_print_protocol(),
nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others.
Put integer signedness right in many cases.
Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix
alignment issues, especially on SPARC.
Fix many C compiler, Coverity, UBSan and cppcheck warnings.
Fix issues detected with AddressSanitizer.
Remove many workarounds for older compilers and OSes.
Add a sanity check on packet header length.
Add and remove plenty of bounds checks.
Clean up pcap_findalldevs() call to find the first interface.
Use a short timeout, rather than immediate mode, for text output.
Handle DLT_ENC files *not* written on the same OS and byte-order host.
Add, and use, macros to do locale-independent case mapping.
Use a table instead of getprotobynumber().
Get rid of ND_UNALIGNED and ND_TCHECK().
Make roundup2() generally available.
Resync SMI list against Wireshark.
Fix many typos.
Summary for 1.10.1 libpcap release (so far!)
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
Add more information in "interface disappeared" error messages, in
the hopes of trying to figure out the cause.
Treat ERROR_DEVICE_REMOVED as "device was removed".
Indicate in the error message which "device was removed" error
occurred.
Report the Windows error status if PacketSendPacket() fails.
Use %lu for ULONGs in error message formats.
Don't treat the inability to find airpcap.dll as an error.
Ignore spurious error reports by Microsoft Surface mobile
telephony modem driver
rpcap:
Clean up error checking and error messages for server address
lookup.
Summary for 1.10.0 libpcap release
Add support for capturing on DPDK devices
Label most APIs by the first release in which they're available
Fix some memory leaks, including in pcap_compile()
Add pcap_datalink_val_to_description_or_dlt()
Handle the pcap private data in a fashion that makes fewer
assumptions about memory layouts (might fix GitHub issue #940
on ARM)
Fix some thread safety issues
pcap_findalldevs(): don't sort interfaces by unit number
Always return a list of supported time-stamp types, even if only
host time stamps are supported
Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
Report the DLT description in error messages
Add pcap_init() for first-time initialization and global option
setting; it's not required, but may be used
Remove (unused) SITA support
Capture file reading:
Correctly handle pcapng captures with more than one IDB with a
snspshot length greater than the supported maximum
Capture file writing:
Create the file in pcap_dump_open_append() if it doesn't exist
Packet filtering:
Fix "unknown ether proto 'aarp'"
Add a new filter "ifindex" for DLT_LINUX_SLL2 files on all
platforms and live Linux captures
Add a hack to the optimizer to try to catch certain optimizer
loops (should prevent GitHub issue #112)
Show special Linux BPF offsets symbolically in bpf_image() and
bpf_dump()
Added support for ICMPv6 types 1-4 as tokens with names
Remove undocumented and rather old "ether proto" protocols
Catch invalid IPv4 addresses in filters
Don't assume ARM supports unaligned accesses
Security and other issues found by analysis:
Fix various security issues reported by Charles Smith at Tangible
Security
Fix various security issues reported by Include Security
Fix some issues found by cppcheck.
Add some overflow checks in the optimizer
rpcap:
Support rpcap-over-TLS
Redo protocol version negotiation to avoid problems with old
servers (it still works with servers using the old negotiation,
as well as servers not supporting negotiation)
Error handling cleanups
Add some new authentication libpcap error codes for specific
errors
Fix some inetd issues in rpcapd
Fix rpcapd core dumps with invalid configuration file
On UN*X, don't have rpcapd tell the client why authentication
failed, so a brute-force attacker can't distinguish between
"unknown user name" and "known user name, wrong password"
Allow rpcapd to rebind more rapidly (GitHub issue #765)
Documentation:
Improve man pages, including adding backward compatibility notes
Building and testing:
Require, and assume, some level of C99 support in the C compiler
Require Visual Studio 2015 or later if using Visual Studio
Fix configure script issues, including with libnl on Linux
Fix CMake issues
Squelch complaints from Bison about "%define api.pure" being
deprecated
Fix compilation of pcap-tc.c
Linux:
Require PF_PACKET support, and kernel 2.6.27 or later
Handle systems without AF_INET or AF_UNIX socket support
Get rid of Wireless Extensions for turning monitor mode on
Proper memory sync for PACKET_MMAP (may prevent GitHub issue
#898)
Drop support for libnl 1 and 2.
Return error on interface going away, but not if it just went
down but is still present
Set socket protocol only after packet ring configured,
reducing bogus packet drop reports
Get ifdrop stats from sysfs.
When adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special metadata
offset), to preserve references to metadata; see
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
Report a warning for unknown ARPHRD types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Add support for DSA data link types
For raw USB bus capture, use the snapshot length to set the
buffer size, and set the len field to reflect the length
in the URB (GitHub issue #808)
With a timeout of zero, wait indefinitely
Clean up support for some non-GNU libc C libraries
Add DLT_LINUX_SLL2 for cooked-mode captures
Probe CONFIGURATION descriptor of connected USB devices
Treat EPERM on ethtool ioctls as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
macOS:
Cope with getting EPWROFF from SIOCGIFMEDIA
Treat EPERM on SIOCGIFMEDIA as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
Treat ENXIO when reading packets as meaning "the interface
was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
FreeBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
NetBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
OpenBSD:
Treat EIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
DragonFly BSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Solaris:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
AIX:
Fix loading of BPF kernel extension
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Windows:
Make the snapshot length work even if pcap_setfilter()
isn't called
Fix compilation on Cygwin/MSYS
Add pcap_handle(), and deprecate pcap_fileno()
Report PCAP_ERROR_NO_SUCH_DEVICE for a non-existent device
Return an appropriate error message for device removed or
device unusable due to a suspend/resume
Report a warning for unknown NdisMedium types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Clean up building DLL
Handle CRT mismatch for pcap_dump_fopen()
Map NdisMediumWirelessWan to DLT_RAW
Add AirPcap support in a module, rather than using
WinPcap/Npcap's support for it
Report the system error for PacketSetHwFilter() failures
Add support for getting and setting packet time stamp types
with Npcap
Have pcap_init() allow selecting whether the API should use
local code page strings or UTF-8 strings (including error
messages)
Haiku:
Add capture support
TigerVNC 1.12.0 is now available. Lots of changes have been made
since the last release, but the highlights are:
* The native viewer now supports full screen over a subset of
monitors (e.g. 2 out of 3), and reacts properly to monitors
being added or removed
* Recent server history in the native viewer
* The native viewer now has an option to reconnect if the connection
is dropped
* Translations are now enabled on Windows and macOS for the native
viewer
* The native viewer now respects the system security policy¹
Better handling of accented keys in the Java viewer
* The Unix servers can now listen to both a Unix socket and a
TCP port at the same time
* The network code in both the servers and the native viewer has
been restructured to give a more responsive experience
* The vncserver service now correctly handles settings set to
"0"
* Fixed the clipboard Unicode handling in both the native viewer
and the servers
* Support for pointer "warping" in Xvnc and the native viewer,
enabling e.g. FPS games
3.9.9
Core Server
Bug Fixes
Fixed an issue where node monitor could produce a false network partition when
one of the cluster members was restarted
Message store resiliency improvements
Reduced log noise in certain scenarios where a new queue leader is elected
Queue leader rebalancing now logs less
Enhancements
cluster_formation.target_cluster_size_hint is a new configuration setting that can be used to specify expected initial cluster size.
This can be used by features, plugins or tools that expect a certain minimum number of clusters nodes
to join during initial cluster formation
Prometheus Plugin
Enhancements
Metric rendering efficiency improvements (mostly latency)
Bug Fixes
TLS-enabled Prometheus endpoint listener port was not correctly stored internally
Management Plugin
Bug Fixes
Persistent message count is now displayed correctly on individual queue pages
Restore compatibility with IE 11
Consistent Hashing Exchange Plugin
Bug Fixes
Corrected deletion of duplicate bindings between an exchange and a queue
Contributed by @FalconerTC
Dependency Upgrades
Ra was upgraded to 2.0.2
Osiris was upgraded to 1.2.3
22.3.0
======
Fixes:
- Fix `strlcpy` compilation issues on alpine, freebsd.
Adds new build-time dependency on `packaging`.
- In event-loop integration: warn instead of raise when triggering callback on a socket whose context has been closed.
- Bundled libzmq in wheels backport a patch to avoid crashes
due to inappropriate closing of libsodium's random generator
when using CurveZMQ.
Changes:
- New ResourceWarnings when contexts and sockets are closed by garbage collection,
which can be a source of hangs and leaks (matches open files)
22.2.1
======
Fix bundling of wepoll on Windows.
22.2.0
======
New features:
- IPC support on Windows:
where available (64bit Windows wheels and bundled libzmq when compiling from source, via wepoll),
IPC should work on appropriate Windows versions.
- Nicer reprs of contexts and sockets
- Memory allocated by `recv(copy=False)` is no longer read-only
- asyncio: Always reference current loop instead of attaching to the current loop at instantiation time.
This fixes e.g. contexts and/or sockets instantiated prior to a call to `asyncio.run`.
- ssh: `$PYZMQ_PARAMIKO_HOST_KEY_POLICY` can be used to set the missing host key policy,
e.g. `AutoAdd`.
Fixes:
- Fix memory corruption in gevent integration
- Fix `memoryview(zmq.Frame)` with cffi backend
- Fix threadsafety issue when closing sockets
Changes:
- pypy Windows wheels are 64b-only, following an update in cibuildwheel 2.0
- deprecate `zmq.utils.jsonapi` and remove support for non-stdlib json implementations in `send/recv_json`.
Custom serialization methods should be used instead.
22.1.0
======
New features:
- asyncio: experimental support for Proactor eventloop if tornado 6.1 is available
by running a selector in a background thread.
Fixes:
- Windows: fix type of `socket.FD` option in win-amd64
- asyncio: Cancel timers when using HWM with async Sockets
Other changes:
- Windows: update bundled libzmq dll URLs for Windows.
Windows wheels no longer include concrt140.dll.
- adopt pre-commit for formatting, linting
22.0.3
======
- Fix fork-safety bug in garbage collection thread (regression in 20.0)
when using subprocesses.
- Start uploading universal wheels for ARM Macs.
22.0.2
======
- Add workaround for bug in DLL loading for Windows wheels with conda Python >= 3.8
22.0.1
======
- Fix type of ``Frame.bytes`` for non-copying recvs with CFFI backend (regression in 21.0)
- Add manylinux wheels for pypy
22.0.0
======
This is a major release due to changes in wheels and building on Windows.
Code changes from 21.0 are minimal.
- Some typing fixes
- Bump bundled libzmq to 4.3.4
- Strip unused symbols in manylinux wheels, resulting in dramatically smaller binaries.
This matches behavior in v20 and earlier.
- Windows CPython wheels bundle public libzmq binary builds,
instead of building libzmq as a Python Extension.
This means they include libsodium for the first time.
- Our own implementation of bundling libzmq into pyzmq on Windows is removed,
instead relying on delvewheel (or installations putting dlls on %PATH%) to bundle dependency dlls.
- The (new in 21.0) Windows wheels for PyPy likely require the Windows vcredist package.
This may have always been the case, but the delvewheel approach doesn't seem to work.
- Windows + PyPy is now the only remaining case where a wheel has libzmq built as an Extension.
All other builds ship libzmq built using its own tooling,
which should result in better, more stable builds.
21.0.2
======
- Fix wheels on macOS older than 10.15 (sets MACOSX_DEPLOYMENT_TARGET to 10.9, matching wheel ABI tag).
21.0.1
======
pyzmq-21.0.1 only changes CI configuration for Windows wheels (built with VS2017 instead of VS2019),
fixing compatibility with some older Windows on all Pythons
and removing requirement of VC++ redistributable package on latest Windows and Python < 3.8.
There still appears to be a compatibility issue with Windows 7 that will be fixed ASAP.
Until then, you can pin ``pip install pyzmq<21``.
There are no changes from 21.0.0 for other platforms.
21.0
====
pyzmq 21 is a major version bump because of dropped support for old Pythons and some changes in packaging.
CPython users should not face major compatibility issues if installation works at all :)
PyPy users may see issues with the new implementation of send/recv.
If you do, please report them!
The big changes are:
- drop support for Python 3.5. Python >= 3.6 is required
- mypy type stubs, which should improve static analysis of pyzmq,
especially for dynamically defined attributes such as zmq constants.
These are new! Let us know if you find any issues.
- support for zero-copy and sending bufferables with cffi backend.
This is experimental! Please report issues.
- More wheels!
- linux-aarch64 on Python 3.7-3.9
- wheels for pypy36, 37 on Linux and Windows (previously just mac)
We've totally redone the wheel-building setup, so let us know if you start seeing instalation issues!
Packaging updates:
- Require Python >= 3.6, required for good type annotation support
- Wheels for macOS no longer build libzmq as a Python Extension,
instead 'real' libzmq is built and linked to libsodium,
bundled with delocate.
This matches the longstanding behavior of Linux wheels,
and should result in better performance.
- Add manylinux wheels for linux-aarch64. These bundle an older version of libzmq than the rest.
- Build wheels for python3.8, 3.9 with manylinux2010 instead of manylinux1.
Wheels for older Pythons will still be built on manylinux1.
- rework cffi backend in setup.py
- All wheels are built on GitHub Actions (most with cibuildwheel) instead of Min's laptop (finally!).
New features:
- zero-copy support in CFFI backend (``send(copy=False)`` now does something).
- Support sending any buffer-interface-providing objects in CFFI backend.
Bugs fixed:
- Errors during teardown of asyncio Sockets
- Missing MSVCP140.dll in Python 3.9 wheels on Windows,
causing vcruntime-redist package to be required to use the Python 3.9 wheels for pyzmq 20.0
20.0
====
20.0 is a major version bump because of dropped support for old Pythons and some changes in packaging,
but there are only small changes for users with relatively recent versions of Python.
Packaging updates:
- Update bundled libzmq to 4.3.3
- Drop support for Python < 3.5 (all versions of Python < 3.6 are EOL at time of release)
- Require setuptools to build from source
- Require Cython 0.29 to build from version control (sdists still ship .c files, so will never need Cython)
- Respect $PKG_CONFIG env for finding libzmq when building from source
New features:
- :meth:`.Socket.bind` and :meth:`.Socket.connect` can now be used as context managers.
Fixes:
- Better error when libzmq is bundled and fails to be loaded.
- Hold GIL while calling ``zmq_curve_`` functions, which may fix apparent threadsafety issues.
libzmq 4.3.4
New DRAFT (see NEWS for 4.2.0) socket option:
ZMQ_PRIORITY will set the SO_PRIORITY socket option on the underlying
sockets. Only supported on Linux.
See doc/zmq_setsockopt.txt and doc/zmq_getsockopt.txt for details.
Fixed 4113 - compilation errors on kFreeBSD and GNU/Hurd
Fixed 4086 - excessive amount of socket files left behind in Windows TMP
directory
Fixed 4108 - regression that breaks using IPv6 link-local addresses on Linux
Fixed 4078 - compilation errors on Android
Fixed 4074 - compilation error with ulibc and libbsd
Fixed 4060 - stack overflow on Windows x64
Fixed 4051 - various compilation errors on Windows ARM 32bit
Fixed 4043 - various compilation warnings with XCode
Fixed 4038 - return value of zmq_ctx_get changed unintentionally
libzmq 4.3.3
Security advisories:
CVE-2020-15166: Denial-of-Service on CURVE/ZAP-protected servers by
unauthenticated clients.
If a raw TCP socket is opened and connected to an endpoint that is fully
configured with CURVE/ZAP, legitimate clients will not be able to exchange
any message. Handshakes complete successfully, and messages are delivered to
the library, but the server application never receives them.
For more information see the security advisory:
GHSA-25wp-cf8g-938m
Stack overflow on server running PUB/XPUB socket (CURVE disabled).
The PUB/XPUB subscription store (mtrie) is traversed using recursive
function calls. In the remove (unsubscription) case, the recursive calls are
NOT tail calls, so even with optimizations the stack grows linearly with the
length of a subscription topic. Topics are under the control of remote
clients - they can send a subscription to arbitrary length topics. An
attacker can thus cause a server to create an mtrie sufficiently large such
that, when unsubscribing, traversal will cause a stack overflow.
For more information see the security advisory:
GHSA-qq65-x72m-9wr8
Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP.
Messages with metadata are never processed by PUB sockets, but the metadata
is kept referenced in the PUB object and never freed.
For more information see the security advisory:
GHSA-4p5v-h92w-6wxw
Memory leak in client induced by malicious server(s) without CURVE/ZAP.
When a pipe processes a delimiter and is already not in active state but
still has an unfinished message, the message is leaked.
For more information see the security advisory:
GHSA-wfr2-29gj-5w87
Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled).
By crafting a packet which is not valid ZMTP v2/v3, and which has two
messages larger than 8192 bytes, the decoder can be tricked into changing
the recorded size of the 8192 bytes static buffer, which then gets overflown
by the next message. The content that gets written in the overflown memory
is entirely decided by the sender.
For more information see the security advisory:
GHSA-fc3w-qxf5-7hp6
Note for packagers: an external, self-contained sha1 library is now
included in the source tree under external/sha1/ - it is licensed
under BSD-3-Clause and thus it is fully compatible with libzmq's
license.
It is only used if WebSockets support is enabled, and if neither GnuTLS nor
NSS are available.
Note for packagers: an internal reimplementation of strlcpy is now included,
for wider platform compatibility.
libbsd can be used and is enabled by default if available instead of the
internal implementation, for better security maintenance in distros.
Note for packagers: ZeroMQConfig.cmake is now installed in the arch-dependent
subdirectory - eg: /usr/lib/x86_64-linux-gnu/cmake/
New DRAFT (see NEWS for 4.2.0) socket type:
ZMQ_CHANNEL is a thread-safe alternative to ZMQ_PAIR.
See doc/zmq_socket.txt for details.
New DRAFT (see NEWS for 4.2.0) socket option:
ZMQ_ONLY_FIRST_SUBSCRIBE will cause only the first part of a multipart
message to be processed as a subscribe/unsubscribe message, and the rest
will be forwarded as user data to the application.
ZMQ_RECONNECT_STOP will cause a connecting socket to stop trying to
reconnect in specific circumstances. See the manpage for details.
ZMQ_HELLO_MSG to set a message that will be automatically sent to a new
connection.
ZMQ_DISCONNECT_MSG to set a message that will be automatically received when
a peer disconnects.
See doc/zmq_setsockopt.txt and doc/zmq_getsockopt.txt for details.
New DRAFT (see NEWS for 4.2.0) zmq_ctx_get_ext/zmq_ctx_set_ext APIs were added
to allow enhancing the context options with variable data inputs.
See doc/zmq_ctx_get_ext.txt and doc/zmq_ctx_set_ext.txt for details.
New DRAFT (see NEWS for 4.2.0) transport options WS and WSS added for support
of WebSockets (and secure WebSockets via TLS) via the ZWS 2.0 protocol.
WSS requires the GnuTLS library for TLS support. ZMQ_WSS_ specific socket
options were added to support TLS.
WebSockets support is disabled by default if DRAFT APIs are disabled.
New DRAFT (see NEWS for 4.2.0) socket type, PEER, which is thread safe and a
related zmq_connect_peer function which atomically and thread-safely connects
and returns a routing-id.
New DRAFT (see NEWS for 4.2.0) zmq_msg_init_buffer API was added to allow
the construction of a message by copying from an existing buffer.
New DRAFT (see NEWS for 4.2.0) zmq_poller_size API was added to allow querying
the number of sockets/fds registered in a zmq_poller.
ZMTP 3.1 peers will receive subscribe/cancel on PUB/SUB via commands rather
than using the first byte of the payload.
zmq_z85_decode now checks that the input string's length is at least 5 characters
and always a multiple of 5 as per API specification.
Fixed 3566 - malformed CURVE message can cause memory leak
Fixed 3567 - missing ZeroMQ_INCLUDE_DIR in ZeroMQConfig.cmake when only
static lib is built
Fixed 3576 - CURVE plaintext secrets now stored in libsodium's secure memory
Fixed 3588 - install debug libraries for debug msvc builds with CMake
Fixed 3591 - incorrect ZMQ_MAX_SOCKETS default value in doc
Fixed 3594 - fixed stream_engine use after free due to concurrent heartbeats
Fixed 3586 - error when compiling with MinGW due to usage of MS-specific
__except keyword
Fixed 3603 - fixed CMake build on SL6.9
Fixed 3607 - added scripts to ease performance graph generation
Fixed 3608 - fix for IPv4 mapping not supported in DragonFlyBSD
Fixed 3636 - added ENABLE_PRECOMPILED CMake option to fix build with Ninja
Fixed 2862 - UDP engine aborts on networking-related errors from socket
syscalls
Fixed 3656 - segfault on sending data from XSUB to XPUB
Fixed 3646 - static-only test run fails
Fixed 3668 - fixed CMAKE_CXX_FLAGS_* regexes on MSVC
Fixed 110 - do not include winsock2.h in public zmq.h header
Fixed 3683 - allow "configure --disable-maintainer-mode"
Fixed 3686 - fix documentation about sockets blocking on send operations
Fixed 3323 - fix behavior of ZMQ_CONFLATE on PUB sockets
Fixed 3698 - fix build on IBM i/PASE/os400
Fixed 3705 - zero-sized messages cause assertion when glibc assertion are on
Fixed 3713 - remove dependency on math library by avoiding std::ceil
Fixed 3694 - build targeting Windows XP is broken
Fixed 3691 - added support for IPC on Windows 10 via AF_UNIX
Fixed 3725 - disable by default test that requires sudo on CMake
Fixed 3727 - fix zmq_poller documentation example
Fixed 3729 - do not check for FD_OOB when using WSAEventSelect on Windows
Fixed 3738 - allow renaming the library in CMake
Fixed 1808 - use AF_UNIX instead of TCP for the internal socket on Windows 10
Fixed 3758 - fix pthread_set_affinity detection in CMake
Fixed 3769 - fix undefined behaviour in array.hpp
Fixed 3772 - fix compiling under msys2-mingw
Fixed 3775 - add -latomic to the private libs flag in pkg-config if needed
Fixed 3778 - fix documentation of zmq_poller's thread safety
Fixed 3792 - do not allow creation of new sockets after zmq_ctx_shutdown
Fixed 3805 - improve performance of CURVE by reducing copies
Fixed 3814 - send subscribe/cancel as commands to ZMTP 3.1 peers
Fixed 3847 - fix building without PGM and NORM
Fixed 3849 - install .cmake file in arch-dependent subdirectory
Fixed 4005 - allow building on Windows ARM/ARM64
Changelog:
### 2021.11.10.1
* Temporarily disable MacOS Build
### 2021.11.10
* [youtube] **Fix throttling by decrypting n-sig**
* Merging extractors from [haruhi-dl](https://git.sakamoto.pl/laudom/haruhi-dl) by [selfisekai](https://github.com/selfisekai)
* [extractor] Add `_search_nextjs_data`
* [tvp] Fix extractors
* [tvp] Add TVPStreamIE
* [wppilot] Add extractors
* [polskieradio] Add extractors
* [radiokapital] Add extractors
* [polsatgo] Add extractor by [selfisekai](https://github.com/selfisekai), [sdomi](https://github.com/sdomi)
* Separate `--check-all-formats` from `--check-formats`
* Approximate filesize from bitrate
* Don't create console in `windows_enable_vt_mode`
* Fix bug in `--load-infojson` of playlists
* [minicurses] Add colors to `-F` and standardize color-printing code
* [outtmpl] Add type `link` for internet shortcut files
* [outtmpl] Add alternate forms for `q` and `j`
* [outtmpl] Do not traverse `None`
* [fragment] Fix progress display in fragmented downloads
* [downloader/ffmpeg] Fix vtt download with ffmpeg
* [ffmpeg] Detect presence of setts and libavformat version
* [ExtractAudio] Rescale --audio-quality correctly by [CrypticSignal](https://github.com/CrypticSignal), [pukkandan](https://github.com/pukkandan)
* [ExtractAudio] Use `libfdk_aac` if available by [CrypticSignal](https://github.com/CrypticSignal)
* [FormatSort] `eac3` is better than `ac3`
* [FormatSort] Fix some fields' defaults
* [generic] Detect more json_ld
* [generic] parse jwplayer with only the json URL
* [extractor] Add keyword automatically to SearchIE descriptions
* [extractor] Fix some errors being converted to `ExtractorError`
* [utils] Add `join_nonempty`
* [utils] Add `jwt_decode_hs256` by [Ashish0804](https://github.com/Ashish0804)
* [utils] Create `DownloadCancelled` exception
* [utils] Parse `vp09` as vp9
* [utils] Sanitize URL when determining protocol
* [test/download] Fallback test to `bv`
* [docs] Minor documentation improvements
* [cleanup] Improvements to error and debug messages
* [cleanup] Minor fixes and cleanup
* [3speak] Add extractors by [Ashish0804](https://github.com/Ashish0804)
* [AmazonStore] Add extractor by [Ashish0804](https://github.com/Ashish0804)
* [Gab] Add extractor by [u-spec-png](https://github.com/u-spec-png)
* [mediaset] Add playlist support by [nixxo](https://github.com/nixxo)
* [MLSScoccer] Add extractor by [Ashish0804](https://github.com/Ashish0804)
* [N1] Add support for nova.rs by [u-spec-png](https://github.com/u-spec-png)
* [PlanetMarathi] Add extractor by [Ashish0804](https://github.com/Ashish0804)
* [RaiplayRadio] Add extractors by [frafra](https://github.com/frafra)
* [roosterteeth] Add series extractor
* [sky] Add `SkyNewsStoryIE` by [ajj8](https://github.com/ajj8)
* [youtube] Fix sorting for some videos
* [youtube] Populate `thumbnail` with the best "known" thumbnail
* [youtube] Refactor itag processing
* [youtube] Remove unnecessary no-playlist warning
* [youtube:tab] Add Invidious list for playlists/channels by [rhendric](https://github.com/rhendric)
* [Bilibili:comments] Fix infinite loop by [u-spec-png](https://github.com/u-spec-png)
* [ceskatelevize] Fix extractor by [flashdagger](https://github.com/flashdagger)
* [Coub] Fix media format identification by [wlritchi](https://github.com/wlritchi)
* [crunchyroll] Add extractor-args `language` and `hardsub`
* [DiscoveryPlus] Allow language codes in URL
* [imdb] Fix thumbnail by [ozburo](https://github.com/ozburo)
* [instagram] Add IOS URL support by [u-spec-png](https://github.com/u-spec-png)
* [instagram] Improve login code by [u-spec-png](https://github.com/u-spec-png)
* [Instagram] Improve metadata extraction by [u-spec-png](https://github.com/u-spec-png)
* [iPrima] Fix extractor by [stanoarn](https://github.com/stanoarn)
* [itv] Add support for ITV News by [ajj8](https://github.com/ajj8)
* [la7] Fix extractor by [nixxo](https://github.com/nixxo)
* [linkedin] Don't login multiple times
* [mtv] Fix some videos by [Sipherdrakon](https://github.com/Sipherdrakon)
* [Newgrounds] Fix description by [u-spec-png](https://github.com/u-spec-png)
* [Nrk] Minor fixes by [fractalf](https://github.com/fractalf)
* [Olympics] Fix extractor by [u-spec-png](https://github.com/u-spec-png)
* [piksel] Fix sorting
* [twitter] Do not sort by codec
* [viewlift] Add cookie-based login and series support by [Ashish0804](https://github.com/Ashish0804), [pukkandan](https://github.com/pukkandan)
* [vimeo] Detect source extension and misc cleanup by [flashdagger](https://github.com/flashdagger)
* [vimeo] Fix ondemand videos and direct URLs with hash
* [vk] Fix login and add subtitles by [kaz-us](https://github.com/kaz-us)
* [VLive] Add upload_date and thumbnail by [Ashish0804](https://github.com/Ashish0804)
* [VRT] Fix login by [pgaig](https://github.com/pgaig)
* [Vupload] Fix extractor by [u-spec-png](https://github.com/u-spec-png)
* [wakanim] Add support for MPD manifests by [nyuszika7h](https://github.com/nyuszika7h)
* [wakanim] Detect geo-restriction by [nyuszika7h](https://github.com/nyuszika7h)
* [ZenYandex] Fix extractor by [u-spec-png](https://github.com/u-spec-png)
FreeRADIUS 3.0.25
Feature improvements
* Better debug output when proxying is disabled
* Updates to support PostgreSQL 14
Bug fixes
* Add `correct_escapes` back into default configuration
* Fix undeclared variable with some compile options
* Quiet erroneous debug output
* Fix segfault when proxying to zombie home server
* Fix resolving values to enum strings in rlm_rest
* Fix printing raw values rather than enum strings in rlm_couchbase
FreeRADIUS 3.0.24
Feature improvements
* Add sanitizer options to configure script.
* Log information needed by Wireshark to decode TLS sessions.
* Allow more liberal SQL commands in rlm_sql_map.
* Update dictionary.apc, dictionary.h3c
* Add new Acct-Status-Type Subsystem-On and Subsystem-Off.
See dictionary.iana and
https://freeradius.org/rfc/acct_status_type_subsystem.html
* Add reject_unknown_intermediate_ca. See mods-available/eap
* Add dynamic loading of certificates via TLS-Session-Cert-File.
See raddb/certs/realms/README.md
* Add Server Name Indication (SNI) for outbound RadSec connections.
See raddb/sites-available/tls, and the home server tls configuration.
* Support SNI for inbound RadSec connections. Certificates will
be loaded from "realm_dir" in the "tls" section. SNI will be
cached in the TLS-Server-Name-Indication attribute.
* Preliminary support for haproxy "PROXY" protocol.
See sites-available/tls, "proxy_protocol" and doc/antora/modules/howto/pages/protocols/proxy/
* Generate parse errors in more circumstances when we know that the
configuration is wrong.
* Add "weeklycounter" to sample sqlcounter configuration
* Add certificate attributes to the request list, even if the certificates
have expired.
* The Simultaneous-Use code is now IPv6 aware, and can deal with
NAS-IPv6-Address.
* Add dictionary.cambium
Bug fixes
* Fix crash in trustrouter module. Patch from Alejandro Perez
* Fix crash in state handling.
* Don't alter global options in redhat logrotate scripts.
* EAP-FAST will print errors and continue, rather than exiting
when OpenSSL fails various internal sanity checks.
* Allow admin to manually change core limits, even when core limits
are disabled. Patch from Antonio Torres.
* Fix chunked rlm_rest HTTP body.
Patch from Nathan Ward.
* Many fixes around the SQL ippool queries.conf and schema.
Patches from Jorge Periera.
* Fix MySQL stored procedures.
* Rework connection pool management for corner cases.
* Final fix for double free.
* Fix sqlcounter wrong memory free.
* Accept slow writes from proxies over TCP, which allows the
server to make more progress when it receives partial packets.
* Add 'weeklycounter' for rlm_sqlcounter.
* Outbound proxying over TCP / TLS is better able to deal with
partial TCP reads, and has fewer issues with slow networks.
* Fix wrong data-type of Acct-Delay-Time in rlm_unix.
* Fix EAP-FAST PAC lifetime calculation.
* Print correct encoded packet length when debugging
v4.3.9
- BUGFIX: Fix "no action" option on torrent double click (Jose M. Abuin)
- BUGFIX: Fix broken behavior of "priority by shown file order" (Chocobo1)
- WEBUI: Fix WebUI crash when tracker URL is invalid (Chocobo1)
- WEBUI: Revert "WebUI: group trackers by hostname" (Chocobo1)
- WINDOWS: Remove Windows Vista support from manifest (xavier2k6)
- WINDOWS: NSIS: Update Korean, Indonesian and Traditional Chinese translation (JungHee Lee, Faisal Al-Munawar Fathur Rahman, SiderealArt)
Changes since 4.13.13
---------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* CVE-2020-25722
o Andrew Bartlett <abartlet@samba.org>
* CVE-2020-25718
* CVE-2020-25719
* CVE-2020-25721
* CVE-2020-25722
o Ralph Boehme <slow@samba.org>
* CVE-2020-25717
o Alexander Bokovoy <ab@samba.org>
* CVE-2020-25717
o Samuel Cabrero <scabrero@samba.org>
* CVE-2020-25717
o Nadezhda Ivanova <nivanova@symas.com>
* CVE-2020-25722
o Stefan Metzmacher <metze@samba.org>
* CVE-2016-2124
* CVE-2020-25717
* CVE-2020-25719
* CVE-2020-25722
* CVE-2021-23192
* CVE-2021-3738
* ldb: version 2.2.3
o Andreas Schneider <asn@samba.org>
* CVE-2020-25719
o Joseph Sutton <josephsutton@catalyst.net.nz>
* CVE-2020-17049
* CVE-2020-25718
* CVE-2020-25719
* CVE-2020-25721
* CVE-2020-25722
* MS CVE-2020-17049
Changes since 4.13.12
---------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 14868: rodc_rwdc test flaps.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14836: Python ldb.msg_diff() memory handling failure.
* BUG 14845: "in" operator on ldb.Message is case sensitive.
* BUG 14848: Release LDB 2.3.1 for Samba 4.14.9.
* BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED.
* BUG 14874: Allow special chars like "@" in samAccountName when generating
the salt.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Isaac Boukris <iboukris@gmail.com>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Viktor Dukhovni <viktor@twosigma.com>
* BUG 12998: Fix transit path validation.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Luke Howard <lukeh@padl.com>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Stefan Metzmacher <metze@samba.org>
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o David Mulder <dmulder@suse.com>
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Andreas Schneider <asn@samba.org>
* BUG 14870: Prepare to operate with MIT krb5 >= 1.20.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14645: rpcclient NetFileEnum and net rpc file both cause lock order
violation: brlock.tdb, share_entries.tdb.
* BUG 14836: Python ldb.msg_diff() memory handling failure.
* BUG 14845: "in" operator on ldb.Message is case sensitive.
* BUG 14848: Release LDB 2.3.1 for Samba 4.14.9.
* BUG 14868: rodc_rwdc test flaps.
* BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED.
* BUG 14874: Allow special chars like "@" in samAccountName when generating
the salt.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Nicolas Williams <nico@twosigma.com>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
Impacket v0.9.24 (October 2021):
1. Library improvements
* Fixed WMI objects parsing
* Added the RpcAddPrinterDriverEx method and related structures to [MS-RPRN]: Print System Remote Protocol
* Initial implementation of [MS-PAR]: Print System Asynchronous Remote Protocol
* Complying MS-RPCH with HTTP/1.1
* Added return of server time in case of Kerberos error
2. Examples improvements
* [getST.py](examples/getST.py):
* Added support for a custom additional ticket for S4U2Proxy
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Added Negotiate authentication support to the HTTP server
* Added anonymous session handling in the HTTP server
* Fixed error in ldapattack.py when trying to escalate with machine account
* Added the implementation of AD CS attack
* Disabled the anonymous logon in the SMB server
* [psexec.py](examples/psexec.py):
* Fixed decoding problems on multi bytes characters
* [reg.py](examples/reg.py):
* Implemented ADD and DELETE functionalities
* [secretsdump.py](examples/secretsdump.py):
* Speeding up NTDS parsing
* [smbclient.py](examples/smbclient.py):
* Added 'mget' command which allows the download of multiple files
* Handling empty search count in FindFileBothDirectoryInfo
* [smbpasswd.py](examples/smbpasswd.py):
* Added the ability to change a user's password providing NTLM hashes
* [smbserver.py](examples/smbserver.py):
* Added NULL SMBv2 client connection handling
* Hardened path checks and Added TID checks
* Added SMB2 support to QUERY_INFO Request and Enabled SMB_COM_FLUSH method
* Added missing constant and structure for the QUERY_FS Information Level SMB_QUERY_FS_DEVICE_INFO
* [wmipersist.py](examples/wmipersist.py):
* Fixed VBA script execution and improved error checking
3. New examples
* [rbcd.py](examples/rbcd.py): Example script for handling the msDS-AllowedToActOnBehalfOfOtherIdentity property of a target computer
Move this over from pkgsrc-wip.
Introducing `Routinator 3000,' RPKI relying party software written
in Rust. If you have any feedback, we would love to hear from you.
Don't hesitate to create an issue on Github or post a message on
our RPKI mailing list. You can lean more about Routinator and RPKI
technology by reading our documentation on Read the Docs.
Version 0.18.7 (10 Mar 2021)
----------------------------
* join() waiting when cancelled fix, also issue #37
Version 0.18.4 (20 Nov 2019)
----------------------------
* handle time.time() not making progress. fixing `#26`_ (SomberNight)
* handle SOCKSError in _connect_one (SomberNight)
* add SOCKSRandomAuth: Jeremy Rand
Version 0.18.3 (19 May 2019)
----------------------------
* minor bugfix release, fixing `#22`_
* make JSON IDs independent across sessions, make websockets dependency optional (SomberNight)
Packaged for wip by nikita
Yt-dlp is a youtube-dl fork with additional features and fixes.
The main focus of this project is adding new features and patches
while also keeping up to date with the original project.
Some of the new features are:
* SponsorBlock API integration
* Format Sorting
* youtube improvements
* obtain cookies from browser
* split video by chapters into files
* multi-threaded fragment downloads
* new and fixed/improved extractors
* subtitle extraction from manifests
* multiple paths and output templates
* portable configuration
* new options
* plugin extractors
* differences in default behavior
2.4.8
- CLEANUP: server: always include the storage for SSL settings
- CLEANUP: sample: rename sample_conv_var2smp() to *_sint
- CLEANUP: sample: uninline sample_conv_var2smp_str()
- MINOR: sample: provide a generic var-to-sample conversion function
- BUG/MEDIUM: sample: properly verify that variables cast to sample
- BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames
- DOC: configuration: add clarification on escaping in keyword arguments
- MINOR: initcall: Rename __GLOBL and __GLOBL1.
- BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back
- BUG/MINOR: sample: Fix 'fix_tag_value' sample when waiting for more data
- BUG/MEDIUM: cpuset: fix cpuset size for FreeBSD
- BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error
- Revert "CLEANUP: server: always include the storage for SSL settings"
- BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors
- BUG/MAJOR: dns: tcp session can remain attached to a list after a free
- BUG/MAJOR: dns: attempt to lock globaly for msg waiter list instead of use barrier
- MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero
- BUG/MEDIUM: resolver: make sure to always use the correct hostname length
- BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records
- MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero
- BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix
- BUG/MEDIUM: resolvers: use correct storage for the target address
- MINOR: resolvers: merge address and target into a union "data"
- BUG/MAJOR: resolvers: add other missing references during resolution removal
- BUILD: resolvers: avoid a possible warning on null-deref
- BUG/MEDIUM: resolvers: always check a valid item in query_list
- BUG/MAJOR: buf: fix varint API post- vs pre- increment
- BUG/MINOR: task: do not set TASK_F_USR1 for no reason
- BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame
- BUG/MEDIUM: lua: fix memory leaks with realloc() on non-glibc systems
- MINOR: memprof: report the delta between alloc and free on realloc()
- MINOR: memprof: add one pointer size to the size of allocations
- BUILD: fix compilation on NetBSD
- BUG/MINOR: backend: fix improper insert in avail tree for always reuse
- BUILD: atomic: fix build on mac/arm64
- BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed
- BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released
- CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records()
- CLEANUP: always initialize the answer_list
- CLEANUP: resolvers: simplify resolv_link_resolution() regarding requesters
- CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT
- MEDIUM: resolvers: use a kill list to preserve the list consistency
- MEDIUM: resolvers: remove the last occurrences of the "safe" argument
- BUG/MEDIUM: resolvers: Don't recursively perform requester unlink
- BUG/MEDIUM: resolvers: Track api calls with a counter to free resolutions
- MINOR: halog: Add -qry parameter allowing to preserve the query string in -uX
- DOC: halog: Move the `-qry` parameter into the correct section in help text
- MINOR: halog: Rename -qry to -query
- CLEANUP: halog: Use consistent indentation in help()
- BUG/MINOR: halog: Add missing newlines in die() messages
- MINOR: halog: Add support for extracting captures using -hdr
- BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration
- BUG/MINOR: http: Authorization value can have multiple spaces after the scheme
- BUG/MEDIUM: stream-int: Block reads if channel cannot receive more data
- BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags
- BUG/MINOR: sample: fix backend direction flags consecutive to last fix
- DOC: config: Fix alphabetical order of fc_* samples
- BUILD/MINOR: cpuset freebsd build fix
- MINOR: stream: Improve dump of bogus streams
- DOC/peers: some grammar fixes for peers 2.1 spec
- SCRIPTS: git-show-backports: re-enable file-based filtering
Upstream release notes:
v2.5.0
Enhancement:
- resource/vultr_kubernetes: New resource that allows for deployment of VKE
clusters 165
- resource/vultr_kubernetes_node_pools: New resource that allows for
deployment of node pools to existing VKE Cluster165
v2.4.2
Bug Fix:
- resource/load_balancer: added missing region and ssl_redirect values from
being set 163
v2.4.1
Enhancement:
- resource/instance: increased default timeout for create/update from 20 to
60 minutes 160
v2.4.0
Enhancement:
- resource/instance: add marketplace support with image_id 150
- resource/bare_metal: add marketplace support with image_id 150
- datasource/applications: adds marketplace support 150
- Add openBSD to builds 155
Bug Fix:
- resource/bare_metal: fix importer 157
- Doc updates 152 146 147
Dependency:
- updated terraform-plugin-sdk to v2.6.0 -> v2.7.0 149
- updated govultr to v2.5.1 -> v2.7.1 150
v2.3.3
Enhancement:
- resource/instance: adding wait if a plan is being upgrade 144
v2.3.2
Enhancement:
- resource/instance: allow plan changes to do in-place upgrades 142
v2.3.1
Bug Fix:
- resource/bare_metal: fix type issue on v6_network_size 140
- resource/bare_metal: fix missing mac_address definition in scheme 140
v2.3.0
IMPROVEMENTS:
- resource/vultr_instances: allow the configuration of backups_schedule
- resource/vultr_load_balancers: add support for new LB features
private_network and firewall_rules 137
- resource/vultr_iso: support detaching during deletion 131 Thanks
@johnrichardrinehart
- resource/vultr_instances: private_network_ids are now tracked in statefile
- resource/vultr_block_storage: new field added mount_id 135
- resource/vultr_plans: new field added disk_count 135
Dependency:
- updated terraform-plugin-sdk to v2.4.0 -> v2.6.0 134
- updated govultr to v2.3.1 -> v2.5.1 135
Deprecation:
- resources/vultr_instance: the enable_private_network field has been
deprecated in favor of private_network_ids
0.15.0
------
* Added `responses.PassthroughResponse` and
`reponses.BaseResponse.passthrough`. These features make building passthrough
responses more compatible with dynamcially generated response objects.
* Removed the unused ``_is_redirect()`` function from responses internals.
* Added `responses.matchers.request_kwargs_matcher`. This matcher allows you
to match additional request arguments like `stream`.
* Added `responses.matchers.multipart_matcher`. This matcher allows you
to match request body and headers for ``multipart/form-data`` data
* Added `responses.matchers.query_string_matcher`. This matcher allows you
to match request query string, similar to `responses.matchers.query_param_matcher`.
* Added `responses.matchers.header_matcher()`. This matcher allows you to match
request headers. By default only headers supplied to `header_matcher()` are checked.
You can make header matching exhaustive by passing `strict_match=True` to `header_matcher()`.
* Changed all matchers output message in case of mismatch. Now message is aligned
between Python2 and Python3 versions
* Deprecate ``stream`` argument in ``Response`` and ``CallbackResponse``
* Added Python 3.10 support
