npupnp is an UPnP library derived from the venerable pupnp, based
on its 1.6.x branch (around 1.6.25).
Main modifications:
- Support multiple network interfaces
- Support multiple root devices (already in the late pupnp versions).
- Use libcurl for HTTP client functions.
c-ares version 1.18.1 - Oct 27 2021
Bug fixes:
ares_getaddrinfo() would return ai_addrlen of 16 for ipv6
adddresses rather than the sizeof(struct sockaddr_in6)
c-ares version 1.18.0 - Oct 25 2021
Changes:
Add support for URI(Uniform Resource Identifier) records via
ares_parse_uri_reply()
Provide ares_nameser.h as a public interface as needed by NodeJS
Update URLs from c-ares.haxx.se to c-ares.org
During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so
that the search process will continue to the next domain in
the search.
Turn ares_gethostbyname() into a wrapper for ares_getaddrinfo()
as they followed very similar code paths and ares_gethostbyaddr()
has some more desirable features such as priority sorting and
parallel queries for AF_UNSPEC.
ares_getaddrinfo() now contains a name element in the address
info structure as the last element. This is not an API or ABI
break due to the structure always being internally allocated
and it being the last element.
ares_parse_a_reply() and ares_parse_aaaa_reply() were nearly
identical, those now use the same helper functions for parsing
rather than having their own code.
RFC6761 Section 6.3 says "localhost" lookups need to be special
cased to return loopback addresses, and not forward queries to
recursive dns servers. On Windows this now returns all loopback
addresses, on other systems it returns 127.0.0.1 or ::1 always,
and will never forward a request for "localhost" to outside
DNS servers.
Haiki: port
Bug fixes:
add build to .gitignore
z/OS minor update, add missing semicolon in ares_init.c
Fix building when latest ax_code_coverage.m4 is imported
Work around autotools 'error: too many loops' and other newer
autotools import related bugs.
MinGW cross builds need advapi32 link as lower case
Cygwin build fix due to containing both socket.h and winsock2.h
ares_expand_name should allow underscores (_) as SRV records
legitimately use them
Allow '/' as a valid character for a returned name for CNAME
in-addr.arpa delegation
ares_getaddrinfo() was not honoring HOSTALIASES
ares_getaddrinfo() had some test cases disabled due to a bug
in the test framework itself which has now been resolved
--- 9.11.36 released ---
5736. [security] The "lame-ttl" option is now forcibly set to 0. This
effectively disables the lame server cache, as it could
previously be abused by an attacker to significantly
degrade resolver performance. (CVE-2021-25219)
[GL #2899]
5716. [bug] Multiple library names were mistakenly passed to the
krb5-config utility when ./configure was invoked with
the --with-gssapi=[/path/to/]krb5-config option. This
has been fixed by invoking krb5-config separately for
each required library. [GL #2866]
This release contains security fix.
--- 9.16.22 released ---
5736. [security] The "lame-ttl" option is now forcibly set to 0. This
effectively disables the lame server cache, as it could
previously be abused by an attacker to significantly
degrade resolver performance. (CVE-2021-25219)
[GL #2899]
5724. [bug] Address a potential deadlock when checking zone content
consistency. [GL #2908]
5723. [bug] Change 5709 broke backward compatibility for the
"check-names master ..." and "check-names slave ..."
options. This has been fixed. [GL #2911]
5720. [contrib] Old-style DLZ drivers that had to be enabled at
build-time have been marked as deprecated. [GL #2814]
5719. [func] The "map" zone file format has been marked as
deprecated. [GL #2882]
5717. [func] The "cache-file" option, which was documented as "for
testing purposes only" and not to be used, has been
removed. [GL #2903]
5716. [bug] Multiple library names were mistakenly passed to the
krb5-config utility when ./configure was invoked with
the --with-gssapi=[/path/to/]krb5-config option. This
has been fixed by invoking krb5-config separately for
each required library. [GL #2866]
5715. [func] Add a check for ports specified in "*-source(-v6)"
options clashing with a global listening port. Such a
configuration was already unsupported, but it failed
silently; it is now treated as an error. [GL #2888]
5714. [bug] Remove the "adjust interface" mechanism which was
responsible for setting up listeners on interfaces when
the "*-source(-v6)" address and port were the same as
the "listen-on(-v6)" address and port. Such a
configuration is no longer supported; under certain
timing conditions, that mechanism could prevent named
from listening on some TCP ports. This has been fixed.
[GL #2852]
5712. [doc] Add deprecation notice about removing native PKCS#11
support in the next major BIND 9 release. [GL #2691]
Changes in version 0.4.6.8 - 2021-10-26
This version fixes several bugs from earlier versions of Tor. One
highlight is a fix on how we track DNS timeouts to report general
relay overload.
o Major bugfixes (relay, overload state):
- Relays report the general overload state for DNS timeout errors
only if X% of all DNS queries over Y seconds are errors. Before
that, it only took 1 timeout to report the overload state which
was just too low of a threshold. The X and Y values are 1% and 10
minutes respectively but they are also controlled by consensus
parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories for October 2021. Closes
ticket 40493.
o Minor features (testing):
- On a testing network, relays can now use the
TestingMinTimeToReportBandwidth option to change the smallest
amount of time over which they're willing to report their observed
maximum bandwidth. Previously, this was fixed at 1 day. For
safety, values under 2 hours are only supported on testing
networks. Part of a fix for ticket 40337.
- Relays on testing networks no longer rate-limit how frequently
they are willing to report new bandwidth measurements. Part of a
fix for ticket 40337.
- Relays on testing networks now report their observed bandwidths
immediately from startup. Previously, they waited until they had
been running for a full day. Closes ticket 40337.
o Minor bugfix (onion service):
- Do not flag an HSDir as non-running in case the descriptor upload
or fetch fails. An onion service closes pending directory
connections before uploading a new descriptor which can thus lead
to wrongly flagging many relays and thus affecting circuit building
path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha.
- Improve logging when a bad HS version is given. Fixes bug 40476;
bugfix on 0.4.6.1-alpha.
o Minor bugfix (CI, onion service):
- Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500;
bugfix on 0.3.2.1-alpha.
o Minor bugfixes (compatibility):
- Fix compatibility with the most recent Libevent versions, which no
longer have an evdns_set_random_bytes() function. Because this
function has been a no-op since Libevent 2.0.4-alpha, it is safe
for us to just stop calling it. Fixes bug 40371; bugfix
on 0.2.1.7-alpha.
o Minor bugfixes (onion service, TROVE-2021-008):
- Only log v2 access attempts once total, in order to not pollute
the logs with warnings and to avoid recording the times on disk
when v2 access was attempted. Note that the onion address was
_never_ logged. This counts as a Low-severity security issue.
Fixes bug 40474; bugfix on 0.4.5.8.
The new gh codespace commands allow creating, listing, connecting to, and otherwise managing your codespaces.
# list your codespaces
$ gh codespace list
# create a new codespace
$ gh codespace create --repo cli/cli
# start an interactive shell within a codespace
$ gh codespace ssh
What's new:
- Add repo delete command
- Add run cancel command
- Add gpg-key management commands
- Support logging in to github.localhost
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts...):
net/radsecproxy/distinfo
The following distfiles could not be fetched (fetched conditionally?):
./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
Pkgsrc changes:
* None.
Upstream changes:
2021-10-25 1.9.1
Misc:
- OpenSSL 3.0 compatibility (#70)
Bug Fixes:
- Fix refused startup with openssl <1.1 (#82)
- Fix compiler issue for Fedora 33 on s390x (#84)
- Fix small memory leak in config parser
- Fix lazy certificate check when connecting to TLS servers
- Fix connect is aborted if first host in list has invalid certificate
- Fix setstacksize for glibc 2.34 (#91)
- Fix system defaults/settings for TLS version not honored (#92)
Upstream changes:
1.6.1:
fix python27, broken in 1.6.0
1.6.0:
- Big performance improvement when receiving large payloads,
particularly for SSL. Closes#571,
- Add basic MQTT v5 support to the subscribe and publish helper
functions. Closes#575.
- Changed default TLS version to 1.2 instead of 1.0.
- Remove _out_packet_mutex and _current_out_packet_mutex and convert
the _out_packet queue use to thread safe (simplifies the internals)
- Callbacks can now be applied to client instances using decorators.
- The `rc` parameter in the `on_disconnect` callback now has
meaningful values in the case of an error. Closes#441.
- Remove periodic retry checks for outgoing messages with QoS>0. This
means that outgoing messages will only be retried on the client
reconnecting to the server. They will *not* be retried when the client
is still connected.
- MQTTMessageInfo.wait_for_publish() and
MQTTMessageInfo.is_published() will now raise exceptions if called
when the publish call produced an error. Closes#550.
- Raise exceptions when attempting to set MQTT v5 properties to
forbidden values. Closes#586.
- PUBACK messages are now sent to the broker only after the on_message
callback has - Add timeout to
MQTTMessageInfo:wait_for_publish().returned.
- Add timeout to MQTTMessageInfo:wait_for_publish().
- Removed ancient Mosquitto compatibility class.
bugfixes
3.9.8:
Core Server
Bug Fixes
* When the mandatory flag was used when publishing to classic queues,
but publisher confirms were not, channels memory usage would grow indefinitely.
* `rabbitmq-diagnostics memory_breakdown` failed to read memory of connection
reader, writer and channel processes.
* In some environments, Stream replicas advertised IP addresses that could not be reached by cluster peers
(eg. IP addresses behind a NAT in a Docker deployment). RabbitMQ node hostnames are now advertised as well
so that other peers can resolve them to get an externally visible IP address.
v1.3.0 - Oct 15, 2020
- Add HTTPSTAT_METRICS_ONLY env.
If set to true, httpstat will only output metrics in json format,
this is useful if you want to parse the data instead of reading it.
0.998 (05 Dec 2015)
- bugfix: correctly handle V4MAPPED (v4 in v6) addresses, the
original v6 prefix was wrong. Thanks to Alex Lasoriti for
finding the issue
- bugfix: sometimes IP4-based datasets gave false positives when
an IP6 dataset were present, and it was also possible to have
false positive in IP6 datasets. Both has been fixed.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 6.0
- Make extended passive mode respect the PASSIVE_PORTS variable
in the bftpd configuration file. Previously random ports
would be assigned.
- Minor code clean-up in mystrings library to avoid calculating
string length multiple times.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.9
- Fixed output of directory listing so that file size is right-justified
which makes output look cleaner.
Fix suggested by uomo ukko.
- Addressed some compiler warnings. Make sure we bail out
of situations even if they should never realisticaly return
an error.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.8
- Many spelling errors in source code and documentation found and
fixed by Jens of Fossies (fossies.org). Applied spelling corrections.
- Removed mark-up and special characters from COPYING, README, and INSTALL
files.
- Fixed file size reporting on 32-bit ARM architecture when files are
large (greater than 2GB).
Problem and fix reported by uomo ukko.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.7
- A malicious client could cause a buffer overflow with
a lot of EPSV commands sent in a row. We now close
the pasv socket before each new use to avoid accumulating
more than 1023.
Thanks to Shisong Qin for reporting this issue and suggesting
a fix.
1.3.7c
+ Fix memory disclosure to RADIUS servers by mod_radius (Issue #1284).
+ PCRE expressions with capture groups were not being handled properly
(Issue #1300).
1.3.7b
+ Fixed occasional segfaults with FTPS data transfers using TLSv1.3, when
session tickets cannot be decrypted (Issue #1063).
+ Passive transfers fail unexpectedly due to use of SO_REUSEPORT socket
option (Issue #1171).
+ Implemented support for Redis 6.x AUTH semantics (Issue #1070).
+ Fixed memory use-after-free issue in mod_sftp which can cause unexpected
login/authentication issues.
+ Fixed SQL syntax regression for some generated SQL statements
(Issue #1149).
+ Fixed "Corrupted MAC on inptut" errors when SFTP uses the
umac-64@openssh.com digest (Issue #1111).
1.3.7a
+ Fix build-time regression when using the --localstatedir configure option.
1.3.7
+ Support the SOURCE_DATE_EPOCH environment variable, for reproducible
builds (Issue #1038).
1.3.7rc4
+ Implemented support for configuring certificate options for LDAP
connections using SSL/TLS.
+ Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).
+ Fixed handling of IPv6 addresses in From directives (Issue #682).
+ Added -b and -n command-line options to ftptop.
+ Ignore supplemental groups when run as non-root user (Issue #808).
+ Use re-entrant versions of time functions where available (Issue #983).
+ New Configuration Directives
BanOptions
The BanOptions directive is used to tune mod_ban behavior, such as
creating ban entries that match/apply to all <VirtualHost> sections.
See doc/contrib/mod_ban.html#BanOptions for more details.
LDAPUseSASL
The LDAPUseSASL directive configures a list of SASL authentication
mechanisms to use, when using the LDAPBindDN to bind to the LDAP
server. See doc/contrib/mod_ldap.html#LDAPUseSASL for details.
LogOptions
The LogOptions directive is used to modify the default logging format
for ProFTPD syslog, debug, and module logging. See
doc/modules/mod_log.html#LogOptions for more information.
SQLKeepAlive
The SQLKeepAlive directive configures a periodic "keepalive" query
for ensuring the connection between mod_sql and the backend database
server. See doc/contrib/mod_sql.html#SQLKeepAlive for more information.
+ Changed Configuration Directives
LDAPServer
The LDAPServer directive now supports configuring the trusted CA
file, client certificate and key files, SSL ciphers, and verification
policies for LDAP connections. See doc/contrib/mod_ldap.html#LDAPServer
for more details.
TraceOptions
The TraceOptions directive now supports a "Timestamp" option, for
disabling inclusion of timestamps in Trace logs.
+ Developer notes
When MaxLoginAttempts is reach, the POST_CMD_ERR/LOG_CMD_ERR command
handler phases will now run. This allows interested modules, such
as mod_exec and others, to react to these events (Issue #718).
1.3.7rc3
+ Fixed regression in directory listing latency (Issue #863).
+ Fixed use-after-free vulnerability during data transfers (Issue #903).
+ Addressed out-of-bounds read in mod_cap by removing bundled libcap, and
relying solely on the system-provided libcap (Issue #902). Note that
building ProFTPD from source will *not* automatically include the
mod_cap module, unless the libcap library is available.
+ mod_sftp now supports OpenSSH-specific private host keys (Issue #793).
Newer versions of OpenSSH ssh-keygen(1) automatically generate private
keys formatted with this OpenSSH-specific format.
+ mod_sftp now supports Ed25519 keys (Bug #4221).
+ mod_sftp now supports RSA SHA-2 publickey signatures, per RFC 8332
(Issue #907).
+ mod_tls now honors client-provided SNI as part of the TLS handshake,
for implementing name-based virtual hosts via TLS SNI.
+ Changed Configuration Directives
LogFormat %{transfer-port}
The LogFormat directive supports a %{transfer-port} variable for
logging the selected data transfer port.
SFTPOptions NoExtensionNegotiation
The mod_sftp module now supports SSH extension negotations (RFC 8332).
If there any issues with this support, it can be disabled using:
SFTPOptions NoExtensionNegotiation
SQLAuthTypes bcrypt
The mod_sql_passwd module now supports bcrypt-encrypted passwords.
This can be enabled using:
SQLAuthTypes bcrypt
in your mod_sql configuration. See doc/contrib/mod_sql_password.html
for more information.
TLSOption IgnoreSNI
The TLSOption directive now supports an "IgnoreSNI" setting, to
tell mod_tls to ignore/not use any SNI, provided by the client in the
TLS handshake, for determining any name-based virtual hosts. See
doc/contrib/mod_tls.html#TLSOption for more details.
+ Added API
FSIO pread(2), pwrite(2) (Issue#317)
1.3.7rc2
+ Fixed pre-authentication remote denial-of-service issue (Issue #846,
CVE-2019-18217).
1.3.7rc1
+ RootRevoke is now on by default, meaning that once authentication succeeds,
all root privileges are dropped by default, unless the UserOwner directive
(which requires root privileges) is used (Bug#4241).
+ The mod_ident module is no longer automatically built by default.
To include the mod_ident module in the build, it must be explicitly
requested via --enable-ident or --with-shared=mod_ident.
This means that configuration files using the IdentLookups directive
will now want to using an enclosing <IfModule> section, like so:
<IfModule mod_ident.c>
IdentLookups off
</IfModule>
+ The mod_tls module now performs basic sanity checks of configured TLS
files on startup (Issue#491).
+ The mod_deflate module now supports MODE Z data transfers when TLS
is used (Issue#505).
+ The mod_xfer module now supports the RANG FTP command; see
https://tools.ietf.org/html/draft-bryan-ftp-range-08 (Issue#351).
+ The ftpasswd script now supports a --change-home option, for changing
the home directory of a user in an AuthUserFile (Issue#566).
+ The ftpasswd script supports deleting a user from a group (Issue#620).
+ Refactored the LogFormat handling code so that it is not longer
duplicated by mod_log, mod_sql, etc. The new Jot API is the common API
to be used by modules for LogFormat variables and logging.
+ Generated new DH parameters for mod_sftp, mod_tls.
+ New Configuration Directives
AuthFileOptions
The mod_auth_file module supports a configuration directive for disabling
its requirement for secure permissions on configured
AuthUserFile/AuthGroupFile. See
doc/modules/mod_auth_file.html#AuthFileOptions for information.
RedisLogOnEvent
The mod_redis module can be configured to log JSON messages based on
specified events (Issue#392). See the
doc/modules/mod_redis.html#RedisLogOnEvent documentation for details.
RedisOptions
The mod_redis module now implements a RedisOptions directive, for tuning
some of the module behavior (Issue#477). The
doc/modules/mod_redis.html#RedisOptions documentation has more details.
RedisSentinel
The mod_redis module now supports use of Redis Sentinels (Issue#396);
see doc/modules/mod_redis.html#RedisSentinel.
+ Changed Configuration Directives
AllowForeignAddress class-name
The AllowForeignAddress directive supports a Class name, for finer-grained
control over which clients are allowed to use foreign/mismatching IP
addresses for transfers. See
doc/modules/mod_core.html#AllowForeignAddress for more information.
ExecEnviron %b
The ExecEnviron directive has been fixed to properly resolve the %b
LogFormat variable (Issue#515).
RedisServer db-index (Issue#550)
The mod_redis module can now be configured to select a database index
via the RedisServer directive (Issue#550). See the
doc/modules/mod_redis.html#RedisServer documentation for details.
RewriteMap idnatrans
The mod_rewrite module can now support rewriting `idn` to `idna`
formats (Issue#231). See the doc/modules/mod_rewrite#RewriteMap for
details on how to do so.
RootRevoke on
The RootRevoke directive is now enabled by default (Bug#4241). This
makes for more secure configurations/sessions out-of-the-box. See
doc/modules/mod_auth.html#RootRevoke for more information.
SFTPCiphers, SFTPDigests
Some weak algorithms are now disabled by default in mod_sftp (Bug#4279).
These algorithms, if need be, can be explicitly enabled by configuration;
they are just not enabled automatically. For list of the algorithms
affected, see doc/contrib/mod_sftp.html#SFTPCiphers,
doc/contrib/mod_sftp.html#SFTPDigests.
SFTPOptions IncludeSFTPTimes
The SFTOptions directive of mod_sftp now supports an option for explicitly
including the timestamps of files when SFTP protocol 4 and higher are
used, even if the SFTP client did not request these timestamps. This
works around a bug in the popular Rebex SFTP library; see
doc/contrib/mod_sftp.html#SFTPOptions for details.
TLSProtocol TLSv1.3
The mod_tls module, and its TLSProtocol directive, now support TLSv1.3
(Issue#536). See doc/contrib/mod_tls.html#TLSProtocol for more
information.
TLSServerCipherPreference
The TLSServerCipherPreference directive is now enabled by default.
See doc/contrib/mod_tls.html#TLSServerCipherPrefrence.
TLSStaplingOptions NoFakeTryLater
Some TLS clients have trouble with the "fake" OCSP response that mod_tls
might stable, when the client requested stapled OCSP responses and
mod_tls is unable to contact the OCSP responder. Use this option to
disable such fake responses (Issue#518):
TLSStaplingOptions NoFakeTryLater
See doc/contrib/mod_tls.html#TLSStaplingOptions for details.
+ Removed Configuration Directives
The following directives have been removed:
GroupPassword
LoginPasswordPrompt
TransferPriority
1.9.7.2
Performance Regression Fix
1.9.7
- Moved the project documentation from Read the Docs(RST) to github.io(MarkDown)
- Added a new mechanism for creating bit-sized field definitions in the protocol parsers (Packet.\_\_bit_fields\_\_)
- Added pretty printing capability aka Packet.pprint(), Packet.\_\_pprint_funcs\_\_
- Added documentation on developing protocol parsers in dpkt (creating_parsers.md)
- Added a universal pcap+pcapng reader (dpkt.pcap.UniversalReader)
- Improved TLS ClientHello and ServerHello parsing: return an "Unknown" ciphersuite instead of raising an exception, add codes for rfc8701, GREASE ciphersutes
- Added function to get IP protocol name
- Modified Packet.\_\_getitem\_\_() and added Packet.\_\_contains\_\_() to address the nested protocol layers
- Fixed payload length interpretation in AH decoder
- Improved handling of invalid chunks in HTTP and SCTP
- Fixed decoding of IPv6 fragments after the 1st fragment
- Support rfc3540 nonce sum flag in TCP
7.1.1:
Changelog
Fix transition xml name in lifecycleconfig
Remove nose tests and move to python unittest
Use unquote_plus() to decode url encoded value.
Ignore cert addition if custom httpclient is passed
use f-string wherever possible
Raise ValueError instead of returning in ChainedProvider
Wireshark 3.4.9 Release Notes
Bug Fixes
The following bugs have been fixed:
• TShark PDML output embeds "proto" elements within other "proto"
elements Issue 10588[1].
• Filter expressions comparing against single-octet hex strings
where the hex digit string equals a protocol name don’t work
Issue 12810[2].
• AMQP 0.9: dissector fails to handle Content-Body frame split
across TCP packets Issue 14217[3].
• IEEE 802.15.4: Missing check on "PAN ID Present" bit of the
Multipurpose Frame Control field Issue 17496[4].
• Wireshark ignored some character in filename when exporting SMB
objects. Issue 17530[5].
• tshark -z credentials: assertion failed: (allocator→in_scope)
Issue 17576[6].
• IS-IS Extended IP Reachability Prefix-SID not decoded properly
Issue 17610[7].
• Error when reloading lua plugins with a capture file loaded via a
custom lua file handler Issue 17615[8].
• Absolute time UTC field filters are constructed incorrectly,
don’t match the packet Issue 17617[9].
• GUI freezes when clicking on large (non-capture) file in File
chooser Issue 17620[10].
• Crash after selecting a different profile while capturing Issue
17622[11].
• BT-DHT reports malformed packets that are actually uTP on same
connection Issue 17626[12].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
AMQP, Aruba IAP, BGP, BT-DHT, CoAP, DCERPC SPOOLSS, Diameter, EPL,
GSM A-bis OML, GSM A-I/F COMMON, GSM SIM, IEEE 1905.1a, IEEE
802.15.4, IMAP, InfiniBand, ISIS LSP, ISObus VT, JPEG, MP2T,
NORDIC_BLE, QUIC, RTCP, SDP, SMB, TWAMP-Control, USB HID, and VSS
Monitoring
New and Updated Capture File Support
CAM Inspector, Ixia IxVeriWave, pcapng, and USBDump
pkgsrc changes:
- Take MAINTAINERship
Changes:
(Manually filled to only highlight major changes)
1.22.x
------
- Added support for `kubectl debug' ephemeral containers
(compatible with old API)
1.21.x
------
- Update kubectl kustomize to 4.0.5
- Default Container Annotation: Pod with multiple containers can use
kubectl.kubernetes.io/default-container annotation to have a container
preselected for kubectl commands. More can be read in KEP-2227.
Changes since 4.13.11
---------------------
* BUG 14806: Address a signifcant performance regression in database access
in the AD DC since Samba 4.12.
* BUG 14807: Fix performance regression in lsa_LookupSids3/LookupNames4 since
Samba 4.9 by using an explicit database handle cache.
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ.
* BUG 14818: Address flapping samba_tool_drs_showrepl test.
* BUG 14819: Address flapping dsdb_schema_attributes test.
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ.
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ.
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ.
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ.
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ.
* BUG 14784: Fix CTDB flag/status update race conditions.
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ.
3.8.0 - 04/10/2021
Modified
transip provider is deprecated and not maintained anymore, it will be replaced soon by a new transip provider build on top of the TransIP v6 REST API
Deleted
transip provider is not part of the full dns-lexicon extra, you need to install explicitly the transip extra instead
3.7.1 - 04/10/2021
Modified
Allow to use newer versions of cryptography
Fix doc about unit tests
Release v1.41.0
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
De-experimentalize XdsCredentials and XdsServerCredentials API.
xDS: Remove environmental variable guard for security.
xDS Security: Use new way to fetch certificate provider plugin instance config.
xDS server serving status: Use a struct to allow more fields to be added in the future.
Annotate impl/codegen with IWYU pragmas.
Update submodule envoy-api to origin/main.
Upgrade third_party/protobuf to v3.17.3.
update submodule boringssl-with-bazel with origin/master-with-bazel.
Delete libuv-iomgr implementation and GRPC_UV build option.
Allow access to Google API regional endpoints via Google Default Credentials.
Remove GPR_*_TLS macros except PTHREAD.
Limit initial window size increases and per-stream window delta.
C++
Bump version to v1.41.0-pre1.
De-experimentalize XdsServerBuilder.
C++ opencensus filter: Fix point of creating context for overall call.
Flag grpc++_test library testonly.
Add note on officially supported platforms.
Open census call attempt span name and attribute changes
Open census call attempt span name and attribute changes.
C#
Backport 27382 to v1.41.x.
[csharp] Fix error loading library grpc_csharp_ext.*.dll on windows with non-ASCII encoding.
Annotate copied Content native lib items with package id to enable customization.
Objective-C
Objective-C: Fix issue with creating a Unix file socket.
Python
Use manylinux_2_17 instead of manylinux_2_24 tag for manylinux2014 aarch64 wheels.
Add Python 3.10 drop 3.5.
[Aio] Remove custom IO manager support.
Overview of changes in 2.5.4
============================
Bugfixes
--------
- fix prompting for password on windows console if stderr redirection
is in use - this breaks 2.5.x on Win11/ARM, and might also break
on Win11/adm64 when released.
- fix setting MAC address on TAP adapters (--lladdr) to use sitnl
(was overlooked, and still used "ifconfig" calls)
- various improvements for man page building (rst2man/rst2html etc)
- minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on
at least one platform strictly checking this)
- fix minor memory leak under certain conditions in add_route() and
add_route_ipv6()
User-visible Changes
--------------------
- documentation improvements
- copyright updates where needed
- better error reporting when win32 console access fails
New features
------------
- also build man page on Windows builds
2021/10/04 : 2.4.6
- BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release
2021/10/01 : 2.4.5
- MINOR: lua: Add a flag on lua context to know the yield capability at run time
- BUG/MINOR: lua: Yield in channel functions only if lua context can yield
- BUG/MINOR: lua: Don't yield in channel.append() and channel.set()
- BUG/MINOR: stream: Don't release a stream if FLT_END is still registered
- BUG/MEDIUM: http-ana: Reset channels analysers when returning an error
- BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set
- BUG/MINOR: filters: Set right FLT_END analyser depending on channel
- BUG/MINOR: systemd: ExecStartPre must use -Ws
- BUG/MEDIUM: mux-h1: Remove "Upgrade:" header for requests with payload
- MINOR: htx: Skip headers with no value when adding a header list to a message
- CLEANUP: mux-h1: Remove condition rejecting upgrade requests with payload
- BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached
- BUG/MINOR: compat: make sure __WORDSIZE is always defined
- CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools()
- MINOR: pools: automatically disable malloc_trim() with external allocators
- MINOR: pools: use mallinfo2() when available instead of mallinfo()
- BUG/MAJOR: mux-h1: Don't eval input data if an error was reported
- BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check
- DOC: management: certificate files must be sanitized before injection
- BUG/MINOR: connection: prevent null deref on mux cleanup task allocation
- BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc
- BUG/MINOR: cli/payload: do not search for args inside payload
- BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set
- BUILD: tools: get the absolute path of the current binary on NetBSD.
- MINOR: tools: add FreeBSD support to get_exec_path()
- MINOR: proc: setting the process to produce a core dump on FreeBSD.
- BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING
- BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef
- BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef
- IMPORT: slz: silence a build warning with -Wundef
- BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef
- BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER
- BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL
- BUILD: tools: properly guard __GLIBC__ with defined()
- BUG/MINOR: vars: improve accuracy of the rules used to check expression validity
- MINOR: sample: add missing ARGC_ entries
- BUG/MINOR: vars: properly set the argument parsing context in the expression
- BUG/MINOR: vars: truncate the variable name in error reports about scope.
- BUG/MINOR: vars: do not talk about global section in CLI errors for set-var
- BUILD: fix dragonfly build again on __read_mostly
- BUILD: compiler: fixed a missing test on defined(__GNUC__)
- BUILD: halog: fix a -Wundef warning on non-glibc systems
- BUILD: threads: fix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl
- BUG/MINOR: server: allow 'enable health' only if check configured
- BUG/MEDIUM: leastconn: fix rare possibility of divide by zero
- BUG/MINOR: h1-htx: Fix a typo when request parser is reset
- BUG/MINOR: http-ana: increment internal_errors counter on response error
- MINOR: server: implement a refcount for dynamic servers
- MINOR: global: define MODE_STOPPING
- BUG/MINOR: server: do not use refcount in free_server in stopping mode
- MINOR: server: return the next srv instance on free_server
- BUG/MINOR: stats: use refcount to protect dynamic server on dump
- BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer
- BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data
- BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM
- MINOR: stream-int: Set CO_RFL transient/persistent flags apart in si_cs_rcv()
- MINOR: htx: Add an HTX flag to know when a message is fragmented
- MINOR: htx: Add a function to know if the free space wraps
- BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary
- MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf
- BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers"
- DOC: peers: fix doc "enable" statement on "peers" sections
- MINOR: Makefile: add MEMORY_POOLS to the list of DEBUG_xxx options
- BUG/MEDIUM: lua: fix wakeup condition from sleep()
- BUG/MAJOR: lua: use task_wakeup() to properly run a task once
- MINOR: arg: Be able to forbid unresolved args when building an argument list
- BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing
- BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input
- MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue()
GNU Wget2 is the successor of GNU Wget, a file and recursive website
downloader. Designed and written from scratch it wraps around
libwget, that provides the basic functions needed by a web client.
Wget2 works multi-threaded and uses many features to allow fast
operation.
Changelog:
1.36.0
Changes
-------
* Update wslay
* Bump Windows build dependencies
* Bump android build dependencies
* Fix segfault when time_t is 64bit on 32bit arch
Patch from Natanael Copa
bug 1666
* Updates the make_bash_completion script to Python3.
Patch from sleepymac
bug 1672
* Prevent corrupt downloads after app and/or system crash
Patch from Ali MJ Al-Nasrawy
bug 1644
* Reset sessionDownloadLength and sessionUploadLength on download start
bug 1486
* AppleTLS: Add TLSv1.3 support
- Adaptation to skalibs-2.11.0.0.
- minidentd removed.
- Full client certificate support.
- Full SNI support, including server-side.
- s6-ucspitls[cd] -v2 now logs whether TLS is activated or not.
Complete client certificate and SNI support now make the TLS part of
s6-networking a fully viable replacement of stunnel and other similar
TLS tunneling tools.
3.9.7:
All Components
All bytecode is now compiled using the +deterministic compiler flag. This should eliminate the capture of some irrelevant build environment attributes in produced artifacts, improve consistency between builds, and reduce the file level diff between release artifacts.
Core Server
Enhancements
Classic queue shutdown now uses a much higher timeout (up to 10 minutes instead of 30 seconds).
In environments with many queues (especially mirrored queues) and many consumers this means that the chance of queue indices rebuilding after node restart is now substantially lower.
Prometheus Plugin
Enhancements
More configurability for metrics exposed via the Prometheus endpoint.
Shovel Plugin
Bug Fixes
Shovel URIs could be logged with credentials in some scenarios.
3.9.6:
Core Server
Bug Fixes
TLS information delivered in Proxy protocol header is now attached to connection metrics as if it was provided by a non-proxying client.
max_message_size had a one-off error in the validator.
mirroring_sync_batch_size was incorrectly validated as if it represented batch size in bytes. It represents batch size in number of messages, so the new default hard cap is now 1M (a very high number that's impractical)
Stream Plugin
Bug Fixes
Offset parameters were not stored correctly in some cases.
Partitions list order is now stable.
When stream clients close connections abruptly, publisher and consumer metrics get cleaned up correctly.
Management Plugin
Enhancements
Stream publishers are now listed on the individual stream page.
Counters have been added to the tiles of several sections on detail pages.
3.9.5:
Core Server
Bug Fixes
Virtual host metadata (description, tags) was not imported from definitions.
Reduced unnecessary debug logging from streams.
AWS Peer Discovery Plugin
Enhancements
AWS API calls are now retried multiple times.
Contributed by AWS.
Management Plugin
Enhancements
PUT /api/vhosts/{name} now can update metadata (tags and descriptions) for existing virtual hosts.
3.9.4:
Core Server
Enhancements
New Prometheus metrics for alarms
Nodes will now use four more environment variables, if set: RABBITMQ_DEFAULT_USER (overrides default_user in rabbitmq.conf), RABBITMQ_DEFAULT_PASS (overrides default_pass), RABBITMQ_DEFAULT_VHOST (overrides default_vhost) and RABBITMQ_ERLANG_COOKIE (sets shared authentication secret value). These variables are not recommended to be used in production but can be the only realistic option in some environment, such as service containers, ECS, and so on. Most users should continue using rabbitmq.conf and a securely generated local cookie file.
Definitions now can be imported from different sources, including those provided by plugins. Original local filesystem source is still supported in a backwards-compatible way.
3.9.3:
Core Server
Bug Fixes
Queues that had messages with per-message TTL in them could fail to recover their indices after a restart.
JSON logging could fail with an exception when a logged event included epoch-based timestamp value.
JSON logging now uses integers (as opposed to floats) to represent epoch-based timestamps
Enhancements
RabbitMQ application no longer reports the stopping event to systemd. This was counterproductive when the application was stopped but the runtime (Erlang VM) was kept running, e.g. via rabbitmqctl stop_app or by the pause minority partition handling strategy.
Now systemd service monitoring will recognize a node as stopped only when the runtime is stopped, which is usually the behavior operators expect.
3.9.2:
CLI Tools
Bug Fixes
rabbitmq-upgrade drain and rabbitmq-upgrade revive now log warning and info level instead of alert.
Shovel Plugin
Bug Fixes
Multiple Shovels could be started in some cases involving node restarts of failures.
Federation Plugin
Bug Fixes
Multiple Federation links could be started in some cases involving node restarts of failures.
3.9.1:
Core Server
Bug Fixes
Clients that used global QoS prefetch (deprecated as of 3.9.0) ran into an exception when acknowledging deliveries.
Improved resiliency of stream coordinator in certain conditions.
Nodes failed to start when hostname contained non-ASCII (broader Unicode) characters.
CLI Tools
Bug Fixes
rabbitmq-diagnostics stream_status fails with an exception when the --tracking option was used.
rabbitmq-diagnostics stream_status used an outdated documentation guide link.
RabbitMQ Erlang Client
Bug Fixes
New releases of the client are again published to Hex.pm.
connection_timeout was adjusted to avoid a confusing warning.
Corrected a typo in direct connection net tick time adjustment.
3.9.0:
Streams
Erlang 24 Support
Kubernetes
Logging in JSON
Impacket v0.9.23:
Library improvements
Support connect timeout with SMBTransport
Speeding up DcSync
Fixed Python3 issue when serving SOCKS5 requests
Moved docker container to Python 3.8
Added basic GitHub Actions workflow
Fixed Path Traversal vulnerabilities in smbserver.py - CVE-2021-31800
Fixed POST request processing in httprelayserver.py
Added cat command to smbclient.py
Added new features to the LDAP Interactive Shell to facilitate AD exploitation
Python 3.9 support
Examples improvements
addcomputer.py:
Enable the machine account created via SAMR
getST.py:
Added exploit for CVE-2020-17049 - Kerberos Bronze Bit attack
Compute NTHash and AESKey for the Bronze Bit attack automatically
ntlmrelayx.py:
Fixed target parsing error
wmipersist.py:
Fixed filterBinding error
Added PowerShell option for semi-interactive shells in dcomexec.py, smbexec.py and wmiexec.py
Added new parameter to select COMVERSION in dcomexec.py, wmiexec.py, wmipersist.py and wmiquery.py
New examples
Get-GPPPassword.py: This example extracts and decrypts Group Policy Preferences passwords using streams for treating files instead of mounting shares. Additionally, it can parse GPP XML files offline
smbpasswd.py: This script is an alternative to smbpasswd tool and intended to be used for changing expired passwords remotely over SMB (MSRPC-SAMR)
This package (which hasn't had a subsequent release from upstream) will
no longer build when being treated as a "module" by recent Go versions
(and related pkgsrc definitions). It seems non-trivial to address this
(simply trying to add go.mod and such then leads to other errors, e.g.,
recent Go objecting to API versioning practices in code bundled by
upstream), so to get this building again for now, use the old "package"
approach instead.
--- 9.16.21 released ---
5711. [bug] "map" files exceeding 2GB in size failed to load due to
a size comparison that incorrectly treated the file size
as a signed integer. [GL #2878]
5710. [port] win32: incorrect parentheses resulted in the wrong
sizeof() tests being used to pick the appropriate
Windows atomic operations for the object's size.
[GL #2891]
5709. [cleanup] Enum values throughout the code have been updated
to use the terms "primary" and "secondary" instead of
"master" and "slave", respectively. [GL #1944]
5708. [bug] The thread-local isc_tid_v variable was not properly
initialized when running BIND 9 as a Windows Service,
leading to a crash on startup. [GL #2837]
5705. [bug] Change #5686 altered the internal memory structure of
zone databases, but neglected to update the MAPAPI value
for zone files in "map" format. This caused named to
attempt to load incompatible map files, triggering an
assertion failure on startup. The MAPAPI value has now
been updated, so named rejects outdated files when
encountering them. [GL #2872]
5704. [bug] Change #5317 caused the EDNS TCP Keepalive option to be
ignored inadvertently in client requests. It has now
been fixed and this option is handled properly again.
[GL #1927]
5701. [bug] named-checkconf failed to detect syntactically invalid
values of the "key" and "tls" parameters used to define
members of remote server lists. [GL #2461]
5700. [bug] When a member zone was removed from a catalog zone,
journal files for the former were not deleted.
[GL #2842]
5699. [func] Data structures holding DNSSEC signing statistics are
now grown and shrunk as necessary upon key rollover
events. [GL #1721]
5698. [bug] When a DNSSEC-signed zone which only has a single
signing key available is migrated to use KASP, that key
is now treated as a Combined Signing Key (CSK).
[GL #2857]
5696. [protocol] Support for HTTPS and SVCB record types has been added.
(This does not include ADDITIONAL section processing for
these record types, only basic support for RR type
parsing and printing.) [GL #1132]
5694. [bug] Stale data in the cache could cause named to send
non-minimized queries despite QNAME minimization being
enabled. [GL #2665]
5691. [bug] When a dynamic zone was made available in another view
using the "in-view" statement, running "rndc freeze"
always reported an "already frozen" error even though
the zone was successfully frozen. [GL #2844]
5690. [func] dnssec-signzone now honors Predecessor and Successor
metadata found in private key files: if a signature for
an RRset generated by the inactive predecessor exists
and does not need to be replaced, no additional
signature is now created for that RRset using the
successor key. This enables dnssec-signzone to gradually
replace RRSIGs during a ZSK rollover. [GL #1551]
Changes in version 0.0.11 - 2019-06-21:
- Update my e-mail address.
- Change the obfs4 behavior for handling handshake failure to be more
uniform. Thanks to Sergey Frolov for assistance.
- Bump the version of the utls fork.
Changes in version 0.0.10 - 2019-04-12:
- Disable behavior distinctive to crypto/tls when using utls.
- Bump the version of the utls fork.
Changes in version 0.0.9 - 2019-02-05:
- Various meek_lite code cleanups and bug fixes.
- Bug 29077: uTLS for ClientHello camouflage (meek_lite).
- More fixes to HTTP Basic auth.
- (meek_lite) Pin the certificate chain public keys for the default
Tor Browser Azure bridge (meek_lite).
Release 4.68 (release date: 2021-09-14)
=======================================
Bug Fixes
------------------
- Improve content type inference for some common extensions.
- Copy Content-Encoding from first object in compose command.
- Support generation querying for ls command.
Other Changes
------------------
- Add a message encouraging py3 upgrade.
- Update mock library version.
- Several documentation updates and clarifications.
Release 4.67 (release date: 2021-08-16)
=======================================
Bug Fixes
------------------
- Update pyu2f to latest version to fix a security key reauth bug
Other Changes
------------------
- Several documentation updates and clarifications.
Release 4.66 (release date: 2021-07-29)
=======================================
New Features
------------------
- Onboard mTLS support with AIP-4114 for gsutil
Other Changes
------------------
- Several documentation updates and clarifications.
Release 4.65 (release date: 2021-07-02)
=======================================
New Features
------------------
- Add gsutil support for Public Access Prevention
Bug Fixes
------------------
- Fix raising-bad-type yapf errors.
Other Changes
------------------
- Link fix pointing to CGC docs again .
- Backfill some small doc changes
- Small text tweak
- Update CHECKSUM and VERSION for 4.64 release.
- Update CHANGES.md for 4.64 release.
- Delete encryption addhelp page
- Putting cl/381035251 into github
- Backfill cl/381932961
Release 4.64 (release date: 2021-06-18)
=======================================
Bug Fixes
------------------
- None
Other Changes
------------------
- Link fix pointing to CGC docs.
Release 4.63 (release date: 2021-06-09)
=======================================
Bug Fixes
------------------
- Update warning text on KMS access denied
- Make ** to represent zero or more folders for cloud urls
- Raise error if final destination path ends with a delimiter.
Other Changes
------------------
- Fix flaky test for rm using preconditions
- Fix pyenv issue for macOS
- Fix rewrite tests
- Remove unused progress callback.
- Several documentation updates and clarifications.
Release 4.62 (release date: 2021-05-13)
=======================================
New Features
------------------
- Add ignore-existing option for rsync .
- Show satisifiesPZS info in bucket info listing (ls -Lb).
- Support composite uploads with KMS.
- Enforce custom endpoints through multipart copies and complex downloads.
Bug Fixes
------------------
- rm will continue on object 404s.
- Update boto submodule to include a fix for integrity checks with KMS.
- iam ch is now case-insensitive for public members and member types.
- Support skipping integrity checks in daisy chain transfers.
- Ensure the correct content-length is provided for incomplete downloads.
- Fix daisy chain for windows.
- Fix stats crashing because of nanosecs in custom-time.
- Delete connections after fork.
- Patch md5 import for compliance on Red Hat FIPS mode distributions.
- Handle case where there are too many slashes after CloudUrl scheme.
- Allow specifying object generations in compose.
- Raise error in setmeta if no headers are provided.
- Fix encoding issue for rfc822 messages.
- Fix StreamExhausted Error handling for Resumable uploads.
- Fix wildcard ** bug.
- Fix alignment of ls -l output.
- Fix newlines around lists.
Other Changes
------------------
- Fix sonatype errors.
- gslib: boto\_util: implement a HasUserSpecifiedGsHost() helper.
- Adding warning to rsync if streams or named paths are included in a folder.
- Improve parallelism warnings.
- Several documentation updates and clarifications.
Release 4.61 (release date: 2021-04-06)
=======================================
Bug Fixes
------------------
- Update to RSA v4.5.
- CopyHelper accepts kms check bypass.
Other Changes
------------------
- Doc updates.
Release 4.60 (release date: 2021-03-11)
=======================================
Bug Fixes
------------------
- Fixed proxy connections when using the GCS XML API.
- Improve reliability when multiple instances of gsutil transfer to the same destination.
Other Changes
------------------
- Remove TravisCI and update "check for CI" references to use GitHub CI.
- Several documentation updates and clarifications.
Release 4.59 (release date: 2021-02-10)
======================================
New Features
------------------
- Add ignore-existing option for rsync .
- Show satisifiesPZS info in bucket info listing (ls -Lb) .
Bug Fixes
------------------
- Register integration test failures in kokoro script .
Other Changes
------------------
- Use respectful code .
- Several documentation updates and clarifications.
Release 4.58 (release date: 2021-01-21)
======================================
Bug Fixes
------------------
- Fix more occurrences of encodestring/decodestring
- Ignore the .github directory for updates
- Make signurl use generation information.
- Fix UnicodeEncodeError in Python2 for help metadata command
- Open files in non-append mode to make stripe functionality work in Lustre file systems
- Persist request reason header for resumable uploads and downloads.
- improve upload speed significantly when it runs on Windows
- Add perf-trace-token support for resumable uploads.
- Improve error message when a bucket's name collides with another.
- Fix formatting for empty CORS JSON document
Other Changes
------------------
- Several documentation updates and clarifications.
- Add CI checks for Python 3.8
Release 4.57 (release date: 2020-12-08)
======================================
Bug Fixes
------------------
- Remove Unicode character from config command that was causing Python 2 issues.
- Sync docs with web.
Release 4.56 (release date: 2020-12-03)
======================================
New Features
------------------
- mTLS/DCA Authentication
- Add GitHub Actions CI
Bug Fixes
------------------
- Delete the projects.py help topic
- Format fix for cp.py
Release 4.55 (release date: 2020-11-12)
======================================
Bug Fixes
------------------
- Prevent trailing spaces in json output of iam get
- Fix deprecation warnings due to invalid escape sequences.
- Use is_alive in favour of isAlive for Python 3.9 compatibility.
- Fix for base64.{encode/decode}string in python 3.9
Other Changes
------------------
- Several documentation updates and clarifications.
Release 4.54 (release date: 2020-10-22)
======================================
New Features
------------------
- Add userProject support to signurl
Bug Fixes
------------------
- Explicitly set multiprocessing start method to 'fork'
- Headers can now be removed
- Fix CommandException.informational attribute error
- Fix broken signurl error message.
Other Changes
------------------
- Warn when disabling parallel composite uploads for KMS encryption.
- Handle SAML reauth challenge.
- Several documentation updates and clarifications.
0.14.0
------
* Added `responses.matchers`.
* Moved `responses.json_params_matcher` to `responses.matchers.json_params_matcher`
* Moved `responses.urlencoded_params_matcher` to
`responses.matchers.urlencoded_params_matcher`
* Added `responses.matchers.query_param_matcher`. This matcher allows you
to match query strings with a dictionary.
* Added `auto_calculate_content_length` option to `responses.add()`. When
enabled, this option will generate a `Content-Length` header
based on the number of bytes in the response body.
(v1.6.3) Input field improvements: highlight domain name in URLs, hide default Gemini scheme if narrow, selecting all text, retain focus in background. Fixed bugs: delay when splitting the view; initial split view background; line break modifier affecting all input fields; potential hang when aborting a connection.
(v1.6.4) UTF-8 text files can be viewed in the app regardless of file extension. Added ENABLE_RESIZE_DRAW build option. Fixed bugs: cursor positioning and text insertion around variation selectors; "Unknown Status Code" in Page Information; network requests getting stuck before anything is sent; possible crash when clicking on sidebar items; freeze after a network request is cancelled (OpenBSD); page contents not reflowing during window resize.
(v1.6.5) Audio init errors are no longer fatal. Fixed tab button appearance, cursor movement regression, right-clicking on sidebar tab buttons, crash with KMSDRM video driver, and minor text rendering artifacts.
version 2.86
Handle DHCPREBIND requests in the DHCPv6 server code.
Thanks to Aichun Li for spotting this omission, and the initial
patch.
Fix bug which caused dnsmasq to lose track of processes forked
to handle TCP DNS connections under heavy load. The code
checked that at least one free process table slot was
available before listening on TCP sockets, but didn't take
into account that more than one TCP connection could
arrive, so that check was not sufficient to ensure that
there would be slots for all new processes. It compounded
this error by silently failing to store the process when
it did run out of slots. Even when this bug is triggered,
all the right things happen, and answers are still returned.
Only under very exceptional circumstances, does the bug
manifest itself: see
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/014976.html
Thanks to Tijs Van Buggenhout for finding the conditions under
which the bug manifests itself, and then working out
exactly what was going on.
Major rewrite of the DNS server and domain handling code.
This should be largely transparent, but it drastically
improves performance and reduces memory foot-print when
configuring large numbers domains of the form
local=/adserver.com/
or
local=/adserver.com/#
Lookup times now grow as log-to-base-2 of the number of domains,
rather than greater than linearly, as before.
The change makes multiple addresses associated with a domain work
address=/example.com/1.2.3.4
address=/example.com/5.6.7.8
It also handles multiple upstream servers for a domain better; using
the same try/retry algorithms as non domain-specific servers. This
also applies to DNSSEC-generated queries.
Finally, some of the oldest and gnarliest code in dnsmasq has had
a significant clean-up. It's far from perfect, but it _is_ better.
Revise resource handling for number of concurrent DNS queries. This
used to have a global limit, but that has a problem when using
different servers for different upstream domains. Queries which are
routed by domain to an upstream server which is not responding will
build up and trigger the limit, which breaks DNS service for
all other domains which could be handled by other servers. The
change is to make the limit per server-group, where a server group
is the set of servers configured for a particular domain. In the
common case, where only default servers are declared, there is
no effective change.
Improve efficiency of DNSSEC. The sharing point for DNSSEC RR data
used to be when it entered the cache, having been validated. After
that queries requiring the KEY or DS records would share the cached
values. There is a common case in dual-stack hosts that queries for
A and AAAA records for the same domain are made simultaneously.
If required keys were not in the cache, this would result in two
requests being sent upstream for the same key data (and all the
subsequent chain-of-trust queries.) Now we combine these requests
and elide the duplicates, resulting in fewer queries upstream
and better performance. To keep a better handle on what's
going on, the "extra" logging mode has been modified to associate
queries and answers for DNSSEC queries in the same way as ordinary
queries. The requesting address and port have been removed from
DNSSEC logging lines, since this is no longer strictly defined.
Connection track mark based DNS query filtering. Thanks to
Etan Kissling for implementing this It extends query filtering
support beyond what is currently possible
with the `--ipset` configuration option, by adding support for:
1) Specifying allowlists on a per-client basis, based on their
associated Linux connection track mark.
2) Dynamic configuration of allowlists via Ubus.
3) Reporting when a DNS query resolves or is rejected via Ubus.
4) DNS name patterns containing wildcards.
Disallowed queries are not forwarded; they are rejected
with a REFUSED error code.
Allow smaller than 64 prefix lengths in synth-domain, with caveats.
--synth-domain=1234:4567::/56,example.com is now valid.
Make domains generated by --synth-domain appear in replies
when in authoritative mode.
Ensure CAP_NET_ADMIN capability is available when
conntrack is configured. Thanks to Yick Xie for spotting
the lack of this.
When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are
given a directory as argument, define the order in which
files within that directory are read (alphabetical order
of filename). Thanks to Ed Wildgoose for the initial patch
and motivation for this.
Changes:
7.0.3
-----
* CVE-2021-39214: Fix request smuggling vulnerabilities reported by @chinchila
* Expose TLS 1.0 as possible minimum version on older pyOpenSSL releases
* Fix compatibility with Python 3.10
7.0.2
-----
* Fix a WebSocket crash introduced in 7.0.1
7.0.1
-----
* Performance: Re-use OpenSSL contexts to enable TLS session resumption
* Disable HTTP/2 CONNECT for Secure Web Proxies to fix compatibility with
Firefox
* Use local IP address as certificate subject if no other info is available
* Make it possible to return multiple chunks for HTTP stream modification
* Don't send WebSocket CONTINUATION frames when the peer does not send any
* Fix HTTP stream modify example.
* Fix a crash caused by no-op assignments to `Server.address`
* Fix a crash when encountering invalid certificates
* Fix a crash when pressing the Home/End keys in some screens
* Fix a crash when reading corrupted flow dumps
* Fix multiple crashes on flow export
* Fix a bug where ASGI apps did not see the request body
* Minor documentation improvements
Release v1.40.0
Core
Update Envoy API to the latest version (2021-07-30).
Enable retries by default.
Add opentelemetry as a submodule for latest xDS API.
Pointing the protobuf submodule to the new URL.
Remove BUILD.gn.
Prevent race causing early-destruction of grpc_winsocket object when creating a TCP connection.
TLS Security Connector: Add an always-fail-handshaker when certificates are not ready.
Enable layering checks in the Bazel build.
Support user provided "scope" in JWT and GDC.
C++
C++ opencensus filter: Fix point of creating context for overall call.
Open census call attempt span name and attribute changes
Open census filter: Use new internal stats API and record retry stats.
Add OpenCensus measures and views for retries.
Python
Add retry example for gRPC Python.
Remove Python 2.7 binary wheel generations.
[Aio][fix] catch application exception in request iterators.
3.7.0
Added
Add the Vercel provider (formerly known as Zeit)
Add the OpenShift Cloud Infrastructure (OCI) DNS provider
Modified
Keep old Zeit provider for compatibility purpose with deprecation notices
Support multiple domain statuses for Joker provider
Both mef and jperkin have reported broken builds for ncgopher
after rust update to 1.54.0
I've contacted upstream and they have updated the dependencies
but, no new release.
https://github.com/jansc/ncgopher/issues/35
The package builds fine on my 9.99.88 amd64 now.
4.1.0 (2021-08-15)
------------------
- Remove last dependency on `six`
- Use `platformdirs` instead of the `appsdirs` dependency
- Pass digest method when signing timestamp node
- Fix settings context manager when an exception is raised
- Don't render decimals using scientific notation
- Remove dependency on `defusedxml` (deprecated)
- Improve handling of str values for Duration
Changes since 4.13.10
* BUG 14769: smbd panic on force-close share during offload write.
* BUG 14731: Fix returned attributes on fake quota file handle and avoid
hitting the VFS.
* BUG 14783: smbd "deadtime" parameter doesn't work anymore.
* BUG 14787: net conf list crashes when run as normal user.
* BUG 14607: Work around special SMB2 READ response behavior of NetApp Ontap
7.3.7.
* BUG 14793: Start the SMB encryption as soon as possible.
* BUG 14792: Winbind should not start if the socket path for the privileged
pipe is too long.
Add option to disable afp session timeouts.
Fix setting of phase1 addresses on NetBSD.
Send replies to client when printing to prompt more data to be sent.
ok markd@.
Upstream changes:
0.98 2021-03-22
- document how to use buckets with dots, Signature V4, and HTTPS together
- fix Net::Amazon::S3::Client::Object::exists (#94)
- improve compatibility with DigitalOcean Spaces (#95)
0.97 2020-10-09
- presigned object access uri supports also PUT/DELETE methods (#89)
0.96 2020-10-07
- Signature V4 didn't work properly for services on non-standard port (issue #88)
0.95 2020-10-06
- bugfix release, with new test coverage
- small cleanups
0.94 2020-09-27
- fix undefined method call in still untested methods (thanks Russell Jenkins)
0.93 2020-09-27
- fix syntax failures on perl < v5.22 (thanks cpantesters)
0.92 2020-09-26
- misc cleanups, more tests
- Net::Amazon::S3::Client now can be constructed with same arguments as Net::Amazon::S3
- Support explicit ACL in bucket/object/upload creation
- Support set_acl on Client::Bucket / Client::Object (issue #83)
- Add support for bucket/object tagging (issue #44)
* Noteworthy changes in release 1.21.2 (2021-09-07)
** Support for autoconf 2.71
** Fix a double free in FTP when using an absolute path
** Release tarballs no longer have a dependency on Python.
** --page-requisites will now also download links marked as "alternate
stylesheet" or "icon"
