c-ares version 1.14.0:
Changes:
android: Introduce new ares_library_init_android() call for Oreo support
Bug fixes:
Fix patch for CVE-2017-1000381 to not be overly aggressive
win32: Preserve DNS server order returned by Windows when sorting and exclude DNS servers in legacy subnets
win32: Support most recent Visual Studio 2017
gethostbyaddr should fail with ECANCELLED not ENOTFOUND when ares_cancel is called
win32: Exclude legacy ipv6 subnets
android: Applications compiled for Oreo can no longer use __system_property_get and must use Java calls to retrieve DNS servers
win32: Force use of ANSI functions
CMake minimum version is now 3.1
ares_gethostbyname.3: fix callback status values
docs: Document WSAStartup requirement
Fix a typo in init_by_resolv_conf
Android JNI code leaks local references in some cases
Force using the ANSI versions of WinAPI functions
Changes since 4.3.6
!- Plugged a socket descriptor leak in OMAPI, that can occur when there is
data pending to be written to an OMAPI connection, when the connection
is closed by the reader.
[ISc-Bugs #46767]
! Corrected an issue where large sized 'X/x' format options were causing
option handling logic to overwrite memory when expanding them to human
readable form. Reported by Felix Wilhelm, Google Security Team.
[ISC-Bugs #47139]
CVE: CVE-2018-5732
! Option reference count was not correctly decremented in error path
when parsing buffer for options. Reported by Felix Wilhelm, Google
Security Team.
[ISC-Bugs #47140]
CVE: CVE-2018-5733
I'd like to install net/samba4 and net/freeradius on the same server.
But devel/talloc on which net/freeradius depends conflicts bundled talloc
library used in net/samba.
net/samba also should use devel/talloc package.
Bump PKGREVISION.
it seems that configure cannot detect IP_PKTINFO correctly
because of using SOL_IP. SOL_IP is not defined on *BSD.
And on netbsd, struct ip_pktinfo has no ipi_spec_dst.
From Ryo Shimizu.
PKGREVISION++
hub is a command line tool that wraps git in order to extend it
with extra features and commands that make working with GitHub
easier.
$ hub clone rtomayko/tilt
# expands to:
$ git clone git://github.com/rtomayko/tilt.git
hub is best aliased as `git', so you can type `git <command>' in the
shell and get all the usual hub features.
New Features
- Add configuration option to disable IP_BIND_ADDRESS_NO_PORT
Improvements
- Handle bracketed IPv6 addresses without ports
Bug Fixes
- Make dnsdist dynamic truncate do right thing on TCP/IP.
- Add missing QPSAction
- Don't create a Remote Logger in client mode.
- Use libsodium's CFLAGS, we might need them to find the includes.
- Keep the TCP connection open on cache hit, generated answers.
- Add the missing <sys/time.h> include to mplexer.hh for struct timeval.
- Sort the servers based on their 'order' after it has been set.
- Quiet unused variable warning on macOS (Chris Hofstaedtler).
- Fix the outstanding counter when an exception is raised.
- Do not connect the snmpAgent from a dnsdist client.
Torsocks allows you to use most applications in a safe way with
Tor. It ensures that DNS requests are handled safely and explicitly
rejects any traffic other then TCP from the application you're
using.
Torsocks is an ELF shared library that is loaded before all others.
The library overrides every needed Internet communication libc
function calls such as connect(2) or gethostbyname(3).
This process is transparent to the user and if torsocks detects
any communication that can't go through the Tor network such as
UDP traffic for instance, the connection is denied. If, in some
way, there is no way for torsocks to provide the Tor anonymity
guarantee with your application, torsocks will force the application
to quit and stop everything.
Originally packaged in pkgsrc-wip by <wiz>, with some improvements by Ben
Gergely and further updates and improvements by myself.
pkgsrc changes:
- Sync DEPENDS with upstream setup.py
- Update DESCR to reflect current reality
Changes:
23 February 2018: mitmproxy 3.0
* Fix a quote-related issue affecting the mitmproxy console command prompt
22 February 2018: mitmproxy 3.0
Major Changes
-------------
* Commands: A consistent, typed mechanism that allows addons to expose
actions to users.
* Options: A typed settings store for use by mitmproxy and addons.
* Shift most of mitmproxy's own functionality into addons.
* Major improvements to mitmproxy console, including an almost complete
rewrite of the user interface, integration of commands, key bindings, and
multi-pane layouts.
* Major Improvements to mitmproxy’s web interface, mitmweb. (Matthew Shao,
Google Summer of Code 2017)
* Major Improvements to mitmproxy’s content views and protocol layers (Ujjwal
Verma, Google Summer of Code 2017)
* Faster JavaScript and CSS beautifiers. (Ujjwal Verma)
Minor Changes
-------------
* Vastly improved JavaScript test coverage (Matthew Shao)
* Options editor for mitmweb (Matthew Shao)
* Static web-based flow viewer (Matthew Shao)
* Request streaming for HTTP/1.x and HTTP/2 (Ujjwal Verma)
* Implement more robust content views using Kaitai Struct (Ujjwal Verma)
* Protobuf decoding now works without protoc being installed on the host
system (Ujjwal Verma)
* PNG, GIF, and JPEG can now be parsed without Pillow, which simplifies
mitmproxy installation and moves parsing from unsafe C to pure Python
(Ujjwal Verma)
* Add parser for ICO files (Ujjwal Verma)
* Migrate WebSockets implementation to wsproto. This reduces code size and
adds WebSocket compression support. (Ujjwal Verma)
* Add “split view” to split mitmproxy’s UI into two separate panes.
* Add key binding viewer and editor
* Add a command to spawn a preconfigured Chrome browser instance from
mitmproxy
* Fully support mitmproxy under the Windows Subsystem for Linux (WSL), work
around display errors
* Add XSS scanner addon (@ddworken)
* Add ability to toggle interception (@mattweidner)
* Numerous documentation improvements (@pauloromeira, @rst0git, @rgerganov,
@fulldecent, @zhigang1992, @F1ashhimself, @vinaydargar, @jonathanrfisher1,
@BasThomas, @LuD1161, @ayamamori, @TomTasche)
* Add filters for websocket flows (@s4chin)
* Make it possible to create a response to CONNECT requests in http_connect
(@mengbiping)
* Redirect stdout in scripts to ctx.log.warn (@nikofil)
* Fix a crash when clearing the event log (@krsoninikhil)
* Store the generated certificate for each flow (@dlenski)
* Add --keep-host-header to retain the host header in reverse proxy mode
(@krsoninikhil)
* Fix setting palette options (@JordanLoehr)
* Fix a crash with brotli encoding (@whackashoe)
* Provide certificate installation instructions on mitm.it (@ritiek)
* Fix a bug where we did not properly fall back to IPv4 when IPv6 is
unavailable (@titeuf87)
* Fix transparent mode on IPv6-enabled macOS systems (@Ga-ryo)
* Fix handling of HTTP messages with multiple Content-Length headers
(@surajt97)
* Fix IPv6 authority form parsing in CONNECT requests (@r1b)
* Fix event log display in mitmweb (@syahn)
* Remove private key from PKCS12 file in ~/.mitmproxy (@ograff).
* Add LDAP as a proxy authentication backend (@charlesdhdt)
* Use mypy to check the whole codebase (@iharsh234)
* Fix a crash when duplicating flows (@iharsh234)
* Fix testsuite when the path contains a “.” (@felixonmars)
* Store proxy authentication with flows (@lymanZerga11)
* Match ~d and ~u filters against pretty_host (@dequis)
* Update WBXML content view (@davidpshaw)
* Handle HEAD requests for mitm.it to support Chrome in transparent mode on
iOS (@tomlabaude)
* Update dns spoofing example to use --keep-host-header (@krsoninikhil)
* Call error handler on HTTPException (@tarnacious)
* Make it possible to remove TLS from upstream HTTP connections
* Update to pyOpenSSL 17.5, cryptography 2.1.4, and OpenSSL 1.1.0g
* Make it possible to retroactively increase log verbosity.
* Make logging from addons thread-safe
* Tolerate imports in user scripts that match hook names (`from mitmproxy
import log`)
* Update mitmweb to React 16, which brings performance improvements
* Fix a bug where reverting duplicated flows crashes mitmproxy
* Fix a bug where successive requests are sent to the wrong host after a
request has been redirected.
* Fix a bug that binds outgoing connections to the wrong interface
* Fix a bug where custom certificates are ignored in reverse proxy mode
* Fix import of flows that have been created with mitmproxy 0.17
* Fix formatting of (IPv6) IP addresses in a number of places
* Fix replay for HTTP/2 flows
* Decouple mitmproxy version and flow file format version
* Fix a bug where “mitmdump -nr” does not exit automatically
* Fix a crash when exporting flows to curl
* Fix formatting of sticky cookies
* Improve script reloading reliability by polling the filesystem instead of
using watchdog
* Fix a crash when refreshing Set-Cookie headers
* Add connection indicator to mitmweb to alert users when the proxy server
stops running
* Add support for certificates with cyrillic domains
* Simplify output of mitmproxy --version
* Add Request.make to simplify request creation in scripts
* Pathoc: Include a host header on CONNECT requests
* Remove HTML outline contentview (#2572)
* Remove Python and Locust export (#2465)
* Remove emojis from tox.ini because flake8 cannot parse that. :(
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2018-05
The IEEE 802.11 dissector could crash. [2]Bug 14442,
[3]CVE-2018-7335
* [4]wnpa-sec-2018-06
Multiple dissectors could go into large infinite loops. All ASN.1
BER dissectors ([5]Bug 14444), along with the DICOM ([6]Bug 14411),
DMP ([7]Bug 14408), LLTD ([8]Bug 14419), OpenFlow ([9]Bug 14420),
RELOAD ([10]Bug 14445), RPCoRDMA ([11]Bug 14449), RPKI-Router
([12]Bug 14414), S7COMM ([13]Bug 14423), SCCP ([14]Bug 14413),
Thread ([15]Bug 14428), Thrift ([16]Bug 14379), USB ([17]Bug
14421), and WCCP ([18]Bug 14412) dissectors were susceptible.
* [19]wnpa-sec-2018-07
The UMTS MAC dissector could crash. [20]Bug 14339,
[21]CVE-2018-7334
* [22]wnpa-sec-2018-08
The DOCSIS dissector could crash. [23]Bug 14446, [24]CVE-2018-7337
* [25]wnpa-sec-2018-09
The FCP dissector could crash. [26]Bug 14374, [27]CVE-2018-7336
* [28]wnpa-sec-2018-10
The SIGCOMP dissector could crash. [29]Bug 14398, [30]CVE-2018-7320
* [31]wnpa-sec-2018-11
The pcapng file parser could crash. [32]Bug 14403,
[33]CVE-2018-7420
* [34]wnpa-sec-2018-12
The IPMI dissector could crash. [35]Bug 14409, [36]CVE-2018-7417
* [37]wnpa-sec-2018-13
The SIGCOMP dissector could crash. [38]Bug 14410, [39]CVE-2018-7418
* [40]wnpa-sec-2018-14
The NBAP disssector could crash. [41]Bug 14443, [42]CVE-2018-7419
The following bugs have been fixed:
* Change placement of "double chevron" in Filter Toolbar to eliminate
overlap. ([43]Bug 14121)
* AutoScroll does not work. ([44]Bug 14257)
* BOOTP/DHCP: malformed packet -> when user class option (77) is
present. ([45]Bug 14312)
* GET MAX LUN wLength decoded as big-endian - USB Mass Storage.
([46]Bug 14360)
* Unable to create Filter Expression Button for a yellow filter.
([47]Bug 14369)
* Buildbot crash output: fuzz-2018-01-28-15874.pcap. ([48]Bug 14371)
* NetScaler RPC segmentation fault / stack overflow. ([49]Bug 14399)
* [oss-fuzz] #6028 RPC_NETLOGON: Direct-leak in g_malloc
(generate_hash_key). ([50]Bug 14407)
* Newline "\n" in packet list field increase line height for all
rows. ([51]Bug 14424)
* ieee80211-radio.c preamble duration calculation not correct.
([52]Bug 14439)
* DIS: Malformed packet in SISO-STD-002 transmitter. ([53]Bug 14441)
Updated Protocol Support
ASN.1 BER, BOOTP/DHCP, DCE RPC NETLOGON, DICOM, DIS, DMP, DOCSIS, EPL,
FCP, GSM A RR, HSRP, IAX2, IEEE 802.11, Infiniband, IPMI, IPv6, LDAP,
LLTD, NBAP, NetScaler RPC, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router,
S7COMM, SCCP, SIGCOMP, Thread, Thrift, TLS/SSL, UMTS MAC, USB, USB Mass
Storage, and WCCP
New and Updated Capture File Support
pcap pcapng
New features:
Allow trusting all subject alternative names (SAN) in a certificate if the current hostname matches the certificate
Bugfixes and minor changes:
OS X: Fix file lists becoming inresponsive when a file rename edit box is discarded by clicking to the right of the last column in the file list
Fix rare crash during directory removal
Fix rare crash in the transfer queue
version 3.46 (2018-02-17)
[ENHANCEMENTS]
* Add method to get err-disable cause for interfaces on Cisco
version 3.45 (2018-02-14)
[ENHANCEMENTS]
* Enable Layer3::Foundry for Brocade VDX platform
[BUG FIXES]
* #222#238#239 handle BayStack switches with port index 128 (zoeloe)
version 3.44 (2018-02-12)
[ENHANCEMENTS]
* Improve F10 OS version detection (laelly)
* Better IPv6 prefix derivation
version 3.43 (2018-02-02)
[BUG FIXES]
* Fix identification of Brocade CES
version 3.42 (2018-02-02)
[ENHANCEMENTS]
* IPv6 Prefix Length support via IPv6::ipv6_addr_prefixlength
[BUG FIXES]
* Fix test for updated snmplabs.com data
version 3.41 (2018-02-01)
[BUG FIXES]
* Fixes to distriution metadata
version 3.40 (2018-01-28)
[ENHANCEMENTS]
* #240 Support for CheckPoint devies through SNMP
* #240 Cisco SB switches fixup
* #244 Add Adtran support
* #241 Vyatta/VyOS support
* #246 Nexus VRF support (works with Netdisco)
* #244 Improve Juniper model reporting
* #240 Improve H3C reporting
[BUG FIXES]
* #243 Nexus additional debug lines should be hidden
**** 1.15 Feb 9, 2018
GOST R 34.11-94 hash algorithm: end of life 1st Jan 2018
per sunset clause in successor standard GOST R 34.11-2012.
Digest::GOST removed from the recommended module metadata,
but will still be used if available.
Changelog:
4.1.20
================
BUG FIXES:
- Fix memory leak in zone file read of unknown rr formatted RRs.
- Fix memory leak when rehashing nsec3 after axfr or zonefile read,
in the selectively allocated precompiled nsec3 hashes.
Upstream changes:
mikutter 3.6.4
* modify implementation of Reserver to suppress warning messages
* fix crash in multiselect when options without body were passed
(thanks @ahiru)
* fix crash on "mikutter.rb spec" due to uninitialized Delayer
(thanks: @moguno)
17.0.0
Add zmq.Socket.send_serialized() and zmq.Socket.recv_serialized() for sending/receiving messages with custom serialization.
Add zmq.Socket.copy_threshold and zmq.COPY_THRESHOLD. Messages smaller than this are always copied, regardless of copy=False, to avoid overhead of zero-copy bookkeeping on small messages.
Added visible deprecation warnings to bundled tornado IOLoop. Tornado eventloop integration shouldn’t be used without a proper tornado install since pyzmq 14.
Allow pyzmq asyncio/tornado integration to run without installing zmq_poll() implementation. The following methods and classes are deprecated and no longer required:
- zmq.eventloop.ioloop.install()
- zmq.eventloop.ioloop.IOLoop
- zmq.asyncio.install()
- zmq.asyncio.ZMQEventLoop
Set RPATH correctly when building on macOS.
Compatibility fixes with tornado 5.0.dev (may not be quite enough for 5.0 final, which is not yet released as of pyzmq 17).
Draft support for CLIENT-SERVER routing_id and group.
Remove patches/patch-aa: code no longer used
Fix Makefile.unix: from FreeBSD ports
Add documentation to package
Add rcd script
Changes:
--------
19.10.2017
Releasing as 0.8.11
Minor bugfixes / improvements:
! Fixed: deadlock on insufficient resources
! Fixed: race condition in ssl_plugin
! Fixed: minor memory leak on configuration reload
! Fixed: recursion detection was not working
! Fixed: %n for IPv6 in logging terminates log record
! Fixed: reverse PTR validation (required for dnsauth)
! Fixed: error on external 0.0.0.0 for NOIPV6 (light version)
+ Better support for IPv6 in ftppr
25.06.2017
Releasing as 0.8.10
!Fix: parent proxy can be used in some cases where it shouldn't
!Fix: bandlimiters may not work for older connections on configuration reload
01.02.2017
Releasing as 0.8.9
!Fix: tcppm may fail if used with parent proxy
16.12.2016
Releasing as 0.8.8
!! Fix resolver for non-compressed reply parsing (on mixed-case sensitive resolvers)
! Fix plugins export on OpenWatcom compiler (light version)
! Fix SOCKSv5 parent over IPv6 network
04.09.2016
Releasing as 0.8.7
! Fix 'daemon' command for Linux
! Fix 'extip' redirections 00009 errors
! Fix counters for older Win platforms
! Resolve logging race conditions
! attempt to fix pam_auth race conditions
! FTP proxy workaround for broken gethostname() on some libc limplementations
! authcache IP matching corrected
! fix SOCKSv5 BIND/UDP ASSOC
! use setreuid/setregid instead of setuid / setgid
- OpenWatcom makefiles for Windows
- -u2 support for proxy
- support %i in logformat
- force/noforce configuration commands to disconnect / do not disconnect clients if nolonger match ACL after configuration change
- support longer external passwords
Lite version of Windows binaries is switched to OpenWatcom. It will hopefully remove int64-related msvcrt.dll issues on old Windows versions.
07.03.2016
Releasing as 0.8.6
! Fix: random 00012 errors in some configurations
02.03.2016
Releasing as 0.8.5
!Fix: mutex was used prior to initialization on 'log' command processing
28.02.2016
Releasing as 0.8.4
+ Build PamPlugin on *nix
- stacksize and -S options, stacksize defaults changed for FreeBSD
- extip redirection type added
! SSL plugin fix to correct handling of certificates path
! fixed random errors on IPv6 connect
26.01.2016
Releasing as 0.8.3
! fixed: use SASIZE() instead of sizeof() in connect() for FreeBSD compatibility
3proxy-0.8.3-lite.zip - Windows binaries, Lite version compatible with old Windows versions
3proxy-0.8.3.zip / 3proxy-0.8.3-x64.zip - 32/64 Windows binraries, compatible with Windows Vista / 2008 server and above
23.01.2016
Releasing as 0.8.2
!! Fix transparent flag not reset after keep-alive connection, can lead to DoS by authenticated user.
! Do not use SO_REUSEADDR by default (leads to random 00013 errors under some glibc versions)
! Use SASIZE() instead of sizeof() in bind() for FreeBSD compatibility
23.01.2016
Releasing as 0.7.1.4
!! Fix transparent flag not reset after keep-alive connection, can lead to
DoS from authenticated user.
21.01.2016
Releasing as 0.8.1
!!Fix: destination IP may be not checked against ACL
19.01.2016
Releasing as 0.8.0
+ IPv6 support
- back connect support
- name resolution over TCP, parent proxy support for dnspr
! multiple race conditions fixed
! reduced memory usage
! Generate Forwarded: header instead of X-Forwarded-For:
! Default name resolution is non-blocking in *nix
Read HowTo for new functionality description
Update from 0.7 is recommended if you use 3proxy under high load
12.01.2016
Releasing as 0.8-pre
+ IPv6 support
- Connect back (reverse connect) proxy
- DNS requests redirection via parent proxy over TCP (including UDP->TCP mapping)
- SSLPlugin for TLS/SSL traffic decryption
- multiple race conditions fixed on configuration reload
15.09.2015
Releasing as 0.7.1.3
! traffic displayed incorrectly
! archiver doesn't add suffix if logname contains macro
! fix potential race condition on configuration reload
! fix FTP over HTTP authentication15.09.2015
Releasing as 0.7.1.3
! traffic displayed incorrectly
! archiver doesn't add suffix if logname contains macro
! fix potential race condition on configuration reload
! fix FTP over HTTP authentication15.09.2015
Releasing as 0.7.1.3
! traffic displayed incorrectly
! archiver doesn't add suffix if logname contains macro
! fix potential race condition on configuration reload
! fix FTP over HTTP authentication15.09.2015
Releasing as 0.7.1.3
! traffic displayed incorrectly
! archiver doesn't add suffix if logname contains macro
! fix potential race condition on configuration reload
! fix FTP over HTTP authentication15.09.2015
Releasing as 0.7.1.3
! traffic displayed incorrectly
! archiver doesn't add suffix if logname contains macro
! fix potential race condition on configuration reload
! fix FTP over HTTP authentication15.09.2015
Releasing as 0.7.1.3
! traffic displayed incorrectly
! archiver doesn't add suffix if logname contains macro
! fix potential race condition on configuration reload
! fix FTP over HTTP authentication15.09.2015
Releasing as 0.7.1.3
! traffic displayed incorrectly
! archiver doesn't add suffix if logname contains macro
! fix potential race condition on configuration reload
! fix FTP over HTTP authentication15.09.2015
Releasing as 0.7.1.3
! traffic displayed incorrectly
! archiver doesn't add suffix if logname contains macro
! fix potential race condition on configuration reload
! fix FTP over HTTP authentication15.09.2015
Releasing as 0.7.1.3
! traffic displayed incorrectly
! archiver doesn't add suffix if logname contains macro
! fix potential race condition on configuration reload
! fix FTP over HTTP authentication
- Backport: forbid label compression in alias wire format
- Include unistd.h for chroot(2) et al.
- Auth: fix out of bounds exception in caa processing
- Add the missing include to mplexer.hh for struct timeval
- Auth: init openssl and libsodium before chrooting in pdnsutil
- Auth: always bind the results array after executing a mysql statement
- Ldap: fix getdomaininfo() to set this as di.backend
- Ldapbackend: fix listing zones incl. axfr
- Ixfr: correct behavior of dealing with dns name with multiple records
Bugfixes:
#4634: Panic when connecting to device with auto accept and paused folders
#4636: List of files needed on remote is not wrapped at word boundaries
#4644: Impossible to run non-release builds without deadlock detectors
#4649: UTF-8 normalization does not work correctly on ZFS.
#4654: Upgrade system shows an error on RCs in some cases
#4657: Sparse files with zero blocks are not closed when pulling
#4668: Remote device out of sync items shows "0 items, ~0 B"
Enhancements:
#2599: GUI for .stversion restoration
#4499: Log entries showing IP addresses should show connection type
#4628: Set background priority / niceness
Other issues:
#4567: Arguments to fs.CreateSymlink are mixed up
#4618: More scalable global discovery
#4653: lib/model test fails with "ThreadSanitizer failed to allocate 0x200000 (2097152) bytes" with Go 1.9.2
#4663: Spurious "é" in GUI
#4706: Should clean out generated testdata in lib/model/testdata
Changes:
1.2.0
-----
* Added support for:
- `paheal` (#69)
- `komikcast` (#70)
- `subapics` (#70)
* Added `--download-archive` to record downloaded files in an archive file
* Added `--write-log` to write logging output to a file
* Added a filetype check on download completion to fix incorrectly assigned filename extensions (#63)
* Added the `tumblr:...` pseudo URI scheme to support custom domains for Tumblr blogs (#71)
* Added fallback URLs for `tumblr` images (#64)
* Added support for `reddit`-hosted images (#68)
* Improved the input file format by allowing comments and per-URL options
* Fixed OAuth 1.0 signature generation for Python 3.3 and 3.4 (#75)
* Fixed smaller issues for `luscious`, `hentai2read`, `hentaihere` and `imgur`
* Removed the `batoto` module
1.14.40
api-change:gamelift: Update gamelift command to latest version
api-change:mediaconvert: Update mediaconvert command to latest version
1.14.39
api-change:appsync: Update appsync command to latest version
api-change:lex-models: Update lex-models command to latest version
1.14.38
api-change:route53: Update route53 command to latest version
api-change:glacier: Update glacier command to latest version
1.14.37
api-change:cognito-idp: Update cognito-idp command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:rds: Update rds command to latest version
api-change:guardduty: Update guardduty command to latest version
api-change:kms: Update kms command to latest version
1.14.36
api-change:lex-runtime: Update lex-runtime command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:lex-models: Update lex-models command to latest version
1.14.35
api-change:budgets: Update budgets command to latest version
api-change:gamelift: Update gamelift command to latest version
api-change:ds: Update ds command to latest version
api-change:mediastore: Update mediastore command to latest version
api-change:appstream: Update appstream command to latest version
api-change:dynamodb: Update dynamodb command to latest version
api-change:medialive: Update medialive command to latest version
api-change:dms: Update dms command to latest version
1.5.30
api-change:mediaconvert: [botocore] Update mediaconvert client to latest version
api-change:gamelift: [botocore] Update gamelift client to latest version
1.5.29
api-change:appsync: [botocore] Update appsync client to latest version
api-change:lex-models: [botocore] Update lex-models client to latest version
1.5.28
api-change:glacier: [botocore] Update glacier client to latest version
api-change:route53: [botocore] Update route53 client to latest version
1.5.27
api-change:guardduty: [botocore] Update guardduty client to latest version
api-change:cognito-idp: [botocore] Update cognito-idp client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:kms: [botocore] Update kms client to latest version
1.5.26
api-change:lex-runtime: [botocore] Update lex-runtime client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:lex-models: [botocore] Update lex-models client to latest version
1.5.25
api-change:ds: [botocore] Update ds client to latest version
api-change:appstream: [botocore] Update appstream client to latest version
api-change:medialive: [botocore] Update medialive client to latest version
api-change:budgets: [botocore] Update budgets client to latest version
api-change:gamelift: [botocore] Update gamelift client to latest version
api-change:dynamodb: [botocore] Update dynamodb client to latest version
api-change:dms: [botocore] Update dms client to latest version
api-change:mediastore: [botocore] Update mediastore client to latest version
1.8.44
api-change:mediaconvert: Update mediaconvert client to latest version
api-change:gamelift: Update gamelift client to latest version
1.8.43
api-change:appsync: Update appsync client to latest version
api-change:lex-models: Update lex-models client to latest version
1.8.42
api-change:glacier: Update glacier client to latest version
api-change:route53: Update route53 client to latest version
1.8.41
api-change:guardduty: Update guardduty client to latest version
api-change:cognito-idp: Update cognito-idp client to latest version
api-change:rds: Update rds client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:kms: Update kms client to latest version
1.8.40
api-change:lex-runtime: Update lex-runtime client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:lex-models: Update lex-models client to latest version
1.8.39
api-change:ds: Update ds client to latest version
api-change:appstream: Update appstream client to latest version
api-change:medialive: Update medialive client to latest version
api-change:budgets: Update budgets client to latest version
api-change:gamelift: Update gamelift client to latest version
api-change:dynamodb: Update dynamodb client to latest version
api-change:dms: Update dms client to latest version
api-change:mediastore: Update mediastore client to latest version
1.8.4
- BUG/MEDIUM: h2: properly handle the END_STREAM flag on empty DATA frames
- BUILD: ssl: silence a warning when building without NPN nor ALPN support
- BUG/MEDIUM: ssl: cache doesn't release shctx blocks
- BUG/MINOR: lua: Fix default value for pattern in Socket.receive
- DOC: lua: Fix typos in comments of hlua_socket_receive
- BUG/MEDIUM: lua: Fix IPv6 with separate port support for Socket.connect
- BUG/MINOR: lua: Fix return value of Socket.settimeout
- MINOR: dns: Handle SRV record weight correctly.
- BUG/MEDIUM: mworker: execvp failure depending on argv[0]
- MINOR: hathreads: add support for gcc < 4.7
- BUILD/MINOR: ancient gcc versions atomic fix
- BUG/MEDIUM: stream: properly handle client aborts during redispatch
- DOC: clarify the scope of ssl_fc_is_resumed
- CONTRIB: debug: fix a few flags definitions
- BUG/MINOR: poll: too large size allocation for FD events
- BUG/MEDIUM: peers: fix expire date wasn't updated if entry is modified remotely.
- MINOR: servers: Don't report duplicate dyncookies for disabled servers.
- MINOR: global/threads: move cpu_map at the end of the global struct
- MINOR: threads: add a MAX_THREADS define instead of LONGBITS
- MINOR: global: add some global activity counters to help debugging
- MINOR: threads/fd: Use a bitfield to know if there are FDs for a thread in the FD cache
- BUG/MEDIUM: threads/polling: Use fd_cache_mask instead of fd_cache_num
- BUG/MEDIUM: fd: maintain a per-thread update mask
- MINOR: fd: add a bitmask to indicate that an FD is known by the poller
- BUG/MEDIUM: epoll/threads: use one epoll_fd per thread
- BUG/MEDIUM: kqueue/threads: use one kqueue_fd per thread
- BUG/MEDIUM: threads/mworker: fix a race on startup
- BUG/MINOR: mworker: only write to pidfile if it exists
- MINOR: threads: Fix build when we're not compiling with threads.
- BUG/MINOR: threads: always set an owner to the thread_sync pipe
- BUG/MEDIUM: threads/server: Fix deadlock in srv_set_stopping/srv_set_admin_flag
- BUG/MEDIUM: checks: Don't try to release undefined conn_stream when a check is freed
- BUG/MINOR: kqueue/threads: Don't forget to close kqueue_fd[tid] on each thread
- MINOR: threads: Use __decl_hathreads instead of #ifdef/#endif
- BUILD: epoll/threads: Add test on MAX_THREADS to avoid warnings when complied without threads
- BUILD: kqueue/threads: Add test on MAX_THREADS to avoid warnings when complied without threads
- CLEANUP: sample: Fix comment encoding of sample.c
- CLEANUP: sample: Fix outdated comment about sample casts functions
- BUG/MINOR: sample: Fix output type of c_ipv62ip
- CLEANUP: Fix typo in ARGT_MSK6 comment
- BUG/MINOR: cli: use global.maxsock and not maxfd to list all FDs
- BUG/MINOR: threads: Update labels array because of changes in lock_label enum
- BUG/MINOR: epoll/threads: only call epoll_ctl(DEL) on polled FDs
- BUG/MEDIUM: spoe: Always try to receive or send the frame to detect shutdowns
- BUG/MEDIUM: spoe: Allow producer to read and to forward shutdown on request side
- BUG/MINOR: time/threads: ensure the adjusted time is always correct
- BUG/MEDIUM: standard: Fix memory leak in str2ip2()
- MINOR: init: emit warning when -sf/-sd cannot parse argument
- DOC: Describe routing impact of using interface keyword on bind lines
- DOC: Mention -Ws in the list of available options
- BUG/MINOR: config: don't emit a warning when global stats is incompletely configured
This package provides high level R wrapper functions to easily utilize
ZeroMQ. We mainly focus on interactive client/server programming
frameworks. A few wrapper functions compatible with 'rzmq' are also
provided.
Upstream changes:
mikutter 3.6.3
* "reply" of mikutter commands doesn't appear in non Twitter Worlds
* crashed on registrating already registered World again
* fix use of deperecated methods of Pango (thanks: akkiesoft)
v2.3.5
======
- Try and force glibc to cache zoneinfo files in an attempt to work around
glibc parsing vulnerability. Thanks to Kingcope.
- Only report CHMOD in SITE HELP if it's enabled. Thanks to Martin Schwenke
<martin@meltin.net>.
- Some simple fixes and cleanups from Thorsten Brehm <tbrehm@dspace.de>.
- Only advertise "AUTH SSL" if one of SSLv2, SSLv3 is enabled. Thanks to
steve willing <eiji-gravion@hotmail.com>.
- Handle connect() failures properly. Thanks to Takayuki Nagata
<tnagata@redhat.com>.
- Add stronger checks for the configuration error of running with a writeable
root directory inside a chroot(). This may bite people who carelessly turned
on chroot_local_user but such is life.
v3.0.0
======
- Update vsf_findlibs.sh to work on Ubuntu 11.10+
- Make listen mode the default.
- Add -Werror to build flags.
- Fix missing "const" in ssl.c
- Add seccompsandbox.c to support a seccomp filter sandbox; works against Ubuntu
12.04 ABI.
- Rearrange ftppolicy.c a bit so the syscall list is easily comparable with
seccompsandbox.c
- Rename deprecated "sandbox" to "ptrace_sandbox".
- Add a few more state checks to the privileged helper processes.
- Add tunable "seccomp_sandbox", default on.
- Use hardened build flags. Distros of course override these and provide their
own build flags but no harm in showing how it could be done.
- Retry creating a PASV socket upon port reuse race between bind() and listen(),
patch from Ralph Wuerthner <ralph.wuerthner@de.ibm.com>.
- Don't die() if recv() indicates a closed remote connection. Problem report
on a Windows client from Herbert van den Bergh,
<herbert.van.den.bergh@oracle.com>.
- Add new config setting "allow_writeable_chroot" to help people in a bit of
a spot with the v2.3.5 defensive change. Only applies to non-anonymous.
- Remove a couple of fixed things from BUGS.
- strlen() trunction fix -- no particular impact.
- Apply some tidyups from mmoufid@yorku.ca.
(vsftpd-3.0.0-pre1)
- Fix delete_failed_uploads if there is a timeout. Report from Alejandro
Hernández Hdez <aalejandrohdez@gmail.com>.
- Fix other data channel bugs such as failure to log failure upon timeout.
- Use exit codes a bit more consistently.
- Fix bad interaction between SSL and trans_chunk_size.
- Redo data timeout to fire properly for SSL sessions.
- Redo idle timeout to fire properly for SSL sessions.
- Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing.
- Use 10 minutes as a max linger time just in case an alarm gets lost.
(vsftpd-3.0.0-pre2)
- Change PR_SET_NO_NEW_PRIVS define, from Kees Cook.
- Add AES128-SHA to default SSL cipher suites for FileZilla compatibility.
Unfortunately the default vsftpd SSL confiuration still doesn't fully work
with FileZilla, because FileZilla has a data connection security problem:
no client certificate presentation and no session reuse. At least the error
message is now very clear.
- Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst
a data transfer is in progress.
- Fix delete_failed_uploads for anonymous sessions.
- Don't listen for urgent data if the control connection is SSL, due to possible
protocol synchronization issues.
v3.0.1
======
- Fix some seccomp related build errors on certain CentOS and Debian versions.
- Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort()
opens and maps /proc/meminfo but only for larger item counts?
- Seccomp filter sandbox: deny socket() gracefully for text_userdb_names.
- Fix various NULL crashes with nonsensical config settings. Noted by Tianyin Xu
<tixu@cs.ucsd.edu>.
- Force cast to unsigned char in is* char functions.
- Fix harmless integer issues in strlist.c.
- Started on a (possibly ill-advised?) crusade to compile cleanly with
Wconversion. Decided to suspend the effort half-way through.
v3.0.2
======
- One more seccomp policy fix: mremap (denied).
- Support STOU with no filename, uses a STOU. prefix.
v3.0.3
======
- Increase VSFTP_AS_LIMIT to 200MB; various reports.
- Make the PWD response more RFC compliant; report from Barry Kelly
<barry@modeltwozero.com>.
- Remove the trailing period from EPSV response to work around BT Internet
issues; report from Tim Bishop <tdb@mirrorservice.org>.
- Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
<mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
- Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
probably have a different distro / libc / etc. and there are multiple reports.
- Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
this case gracefully. Report from Vasily Averin <vvs@odin.com>.
- List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
- Make some compile-time SSL defaults (such as correct client shutdown
handling) stricter.
- Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
- Kill the FTP session if we see HTTP protocol commands, to avoid
cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
- Kill the FTP session if we see session re-use failure. A report from
Tim Kosse <tim.kosse@filezilla-project.org>.
(vsftpd-3.0.3pre1)
- Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
- Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
- Minor SSL logging improvements.
- Un-default tunable_strict_ssl_write_shutdown again. We still have
tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
upload integrity.
(vsftpd-3.0.3pre2)
Upstream changes:
mikutter 3.6.2
* update translations
* cannot send a carsh report but gets Segmentation Fault on crash
during a Gtk event callback
* crash when plugins written for 3.4 and prior try to access nonexistent
images
* crash on opening a URL using an external browser on Windows
gcs-oauth2-boto-plugin is a Python application whose purpose is to behave as an
auth plugin for the boto auth plugin framework for use with OAuth 2.0
credentials for the Google Cloud Platform. This plugin is compatible with both
user accounts and service accounts, and its functionality is essentially a
wrapper around oauth2client with the addition of automatically caching tokens
for the machine in a thread- and process-safe fashion.
Part of PR pkg/52941.
1.8.3:
- BUG/MEDIUM: h2: properly handle and report some stream errors
- BUG/MEDIUM: h2: improve handling of frames received on closed streams
- DOC/MINOR: configuration: typo, formatting fixes
- BUG/MEDIUM: h2: ensure we always know the stream before sending a reset
- BUG/MEDIUM: mworker: don't close stdio several time
- MINOR: don't close stdio anymore
- BUG/MEDIUM: http: don't automatically forward request close
- BUG/MAJOR: hpack: don't return direct references to the dynamic headers table
- MEDIUM: h2: prepare a graceful shutdown when the frontend is stopped
1.8.2:
- BUG/MINOR: action: Don't check http capture rules when no id is defined
- BUG/MAJOR: hpack: don't pretend large headers fit in empty table
- BUG/MINOR: ssl: support tune.ssl.cachesize 0 again
- BUG/MEDIUM: mworker: also close peers sockets in the master
- BUG/MEDIUM: ssl engines: Fix async engines fds were not considered to fix fd limit automatically.
- BUG/MEDIUM: checks: a down server going to maint remains definitely stucked on down state.
- BUG/MEDIUM: peers: set NOLINGER on the outgoing stream interface
- BUG/MEDIUM: h2: fix handling of end of stream again
- MINOR: mworker: Update messages referencing exit-on-failure
- MINOR: mworker: Improve wording in `void mworker_wait()`
- CONTRIB: halog: Add help text for -s switch in halog program
- BUG/MEDIUM: email-alert: don't set server check status from a email-alert task
- BUG/MEDIUM: threads/vars: Fix deadlock in register_name
- MINOR: systemd: remove comment about HAPROXY_STATS_SOCKET
- DOC: notifications: add precisions about thread usage
- BUG/MEDIUM: lua/notification: memory leak
- MINOR: conn_stream: add new flag CS_FL_RCV_MORE to indicate pending data
- BUG/MEDIUM: stream-int: always set SI_FL_WAIT_ROOM on CS_FL_RCV_MORE
- BUG/MEDIUM: h2: automatically set CS_FL_RCV_MORE when the output buffer is full
- BUG/MEDIUM: h2: enable recv polling whenever demuxing is possible
- BUG/MEDIUM: h2: work around a connection API limitation
- BUG/MEDIUM: h2: debug incoming traffic in h2_wake()
- MINOR: h2: store the demux padding length in the h2c struct
- BUG/MEDIUM: h2: support uploading partial DATA frames
- MINOR: h2: don't demand that a DATA frame is complete before processing it
- BUG/MEDIUM: h2: don't switch the state to HREM before end of DATA frame
- BUG/MEDIUM: h2: don't close after the first DATA frame on tunnelled responses
- BUG/MEDIUM: http: don't disable lingering on requests with tunnelled responses
- BUG/MEDIUM: h2: fix stream limit enforcement
- BUG/MINOR: stream-int: don't try to receive again after receiving an EOS
- BUG: MAJOR: lb_map: server map calculation broken
- BUG: MINOR: http: don't check http-request capture id when len is provided
- BUILD/MINOR: Makefile : enabling USE_CPU_AFFINITY
- BUG/MEDIUM: mworker: Set FD_CLOEXEC flag on log fd
- DOC/MINOR: intro: typo, wording, formatting fixes
- MINOR: netscaler: respect syntax
- MINOR: netscaler: remove the use of cip_magic only used once
- MINOR: netscaler: rename cip_len to clarify its uage
- BUG/MEDIUM: netscaler: use the appropriate IPv6 header size
- BUG/MAJOR: netscaler: address truncated CIP header detection
- CONTRIB: iprange: Fix compiler warning in iprange.c
- CONTRIB: halog: Fix compiler warnings in halog.c
- BUG/MINOR: h2: properly report a stream error on RST_STREAM
- MINOR: mux: add flags to describe a mux's capabilities
- MINOR: stream-int: set flag SI_FL_CLEAN_ABRT when mux supports clean aborts
- BUG/MEDIUM: stream: don't consider abortonclose on muxes which close cleanly
- MINOR: netscaler: check in one-shot if buffer is large enough for IP and TCP header
- MEDIUM: netscaler: do not analyze original IP packet size
- MEDIUM: netscaler: add support for standard NetScaler CIP protocol
- BUG/MEDIUM: checks: a server passed in maint state was not forced down.
- BUG/MEDIUM: lua: fix crash when using bogus mode in register_service()
- MINOR: http: adjust the list of supposedly cacheable methods
- MINOR: http: update the list of cacheable status codes as per RFC7231
- MINOR: http: start to compute the transaction's cacheability from the request
- BUG/MINOR: http: do not ignore cache-control: public
- BUG/MINOR: http: properly detect max-age=0 and s-maxage=0 in responses
- BUG/MINOR: cache: do not force the TX_CACHEABLE flag before checking cacheability
- MINOR: http: add a function to check request's cache-control header field
- BUG/MEDIUM: cache: do not try to retrieve host-less requests from the cache
- BUG/MEDIUM: cache: replace old object on store
- BUG/MEDIUM: cache: respect the request cache-control header
- BUG/MEDIUM: cache: don't cache the response on no-cache="set-cookie"
- BUG/MAJOR: connection: refine the situations where we don't send shutw()
- BUG/MEDIUM: checks: properly set servers to stopping state on 404
2.5.0:
- Fix AnyType value rendering by guessing the xsd type for the value
- Fix AnySimpleType.xmlvalue() not implemented exception
- Add __dir__ method to value objects returned by Zeep
- Don't require content for 201 and 202 status codes
- Fix wheel package by cleaning the build directory correctly
- Handle Nil values on complexType with SimpleContent elements
- Add Client.namespaces method to list all namespaces available
- Improve support for auto-completion
Changes since 3.1.2:
SECURITY FIXES:
- Fixed a buffer overrun in the protocol's handling of xattr names and
ensure that the received name is null terminated.
- Fix an issue with --protect-args where the user could specify the arg in
the protected-arg list and short-circuit some of the arg-sanitizing code.
BUG FIXES:
- Don't output about a new backup dir without appropriate info verbosity.
- Fixed some issues with the sort functions in support/rsyncstats script.
- Added a way to specify daemon config lists (e.g. users, groups, etc) that
contain spaces (see "auth users" in the latest rsyncd.conf manpage).
- If a backup fails (e.g. full disk) rsync exits with an error.
- Fixed a problem with a doubled --fuzzy option combined with --link-dest.
- Avoid invalid output in the summary if either the start or end time had
an error.
- We don't allow a popt alias to affect the --daemon or --server options.
- Fix daemon exclude code to disallow attribute changes in addition to
disallowing transfers.
- Don't force nanoseconds to match if a non-transferred, non-checksummed
file only passed the quick-check w/o comparing nanosecods.
ENHANCEMENTS:
- Added the ability for rsync to compare nanosecond times in its file-check
comparisons, and added support nanosecond times on Mac OS X.
- Added a short-option (-@) for --modify-window.
- Added the --checksum-choice=NAME[,NAME] option to choose the checksum
algorithms.
- Added hashing of xattr names (with using -X) to improve the handling of
files with large numbers of xattrs.
- Added a way to filter xattr names using include/exclude/filter rules (see
the --xattrs option in the manpage for details).
- Added "daemon chroot|uid|gid" to the daemon config (in addition to the
old chroot|uid|gid settings that affect the daemon's transfer process).
- Added "syslog tag" to the daemon configuration.
- Some manpage improvements.
DEVELOPER RELATED:
- Tweak the "make" output when yodl isn't around to create the man pages.
- Changed an obsolete autoconf compile macro.
- Support newer yodl versions when converting man pages.
* hooks: remove use of local builtin for better portability
* Fix build issue when `__GNUC__ <= 2` (thanks to Chris Hathhorn)
* dhcpcd: don't log errors working out carrier for departed interfaces
* ipv4: allow configuration of static broadcast address
* if: don't set MTU during interface discovery
* if: don't activate non matching interfaces to commandline ones
* configure: make `--includedir=/usr/src/foo` work
* eloop-bench: fix hangs when using a large number of cycles
* dhcp: don't bind when we've just probed an address to inform
### 1.12.4
The fourth 1.12 bug-fix release (1.12.4) was released on 7 December 2017.
This release only contains bugfixes and it should be safe to update from 1.12.x.
#### Major bugfixes in 1.12.4
- Dozens of fixes for various issues detected with the help of Google's OSS-Fuzz
project: https://github.com/google/oss-fuzz
Details to be found there in the bug tracker
- Performance regressions with registering debug categories after gst_init()
were fixed
- Regression with seeking back to 0 in souphttpsrc was fixed
- Regression with header rewriting in flacparse was fixed
- Regression with playbin/playsink leaking sinks was fixed
- Inconsistencies with DROPPED/HANDLED handling in pad probe handlers are fixed
- gst_bin_iterate_sorted() always returns sources last now, as documented
- gst_query_writable_structure() will never return NULL, for consistency with events
- Removal of metas from gst_buffer_meta_foreach() works correctly now
- OpenJPEG plugin builds with OpenJPEG >= 2.3
- CDIO plugin builds with CDIO >= 1.0
- gstreamer-vaapi works correctly with libva 1.0
- gst-libav was updated to ffmpeg 3.3.5
- Various fixes for memory leaks, deadlocks and crashes in all modules
- ... and many, many more!
Changes in libsoup from 2.60.2 to 2.60.3:
* heap-buffer-overflow in soup_ntlm_parse_challenge()
[#788037, Milan Crha]
* session: don't request Keep-Alive for upgraded connections
[#788723, Lionel Landwerlin]
* soup-headers: accept any 3 digit number as message status code
[#792124, Carlos Garcia Campos]
3.30.0 (2018-01-08)
- Add additional logging if autoupdate mechanism fails
3.30.0-rc1 (2017-12-29)
+ In the search dialog local files can now be deleted or opened
+ The root node in the remote directory tree is now expanded by default
- Fix uploading from search dialog
- Fix formatting of filename in rename dialog
- MSW: Fix installer crash if an update installation is started with the updated version having been installed
From DESCR:
This Python module allows you to create TCP connections through a SOCKS proxy
without any special effort.
This is needed as one of the dependencies of py-gsutil, as noted in
PR pkg/52941.
1.14.30
api-change:budgets: Update budgets command to latest version
1.14.29
api-change:glue: Update glue command to latest version
api-change:transcribe: Update transcribe command to latest version
1.14.28
api-change:sagemaker: Update sagemaker command to latest version
1.14.27
api-change:ec2: Update ec2 command to latest version
api-change:autoscaling-plans: Update autoscaling-plans command to latest version
1.14.26
api-change:application-autoscaling: Update application-autoscaling command to latest version
api-change:rds: Update rds command to latest version
api-change:autoscaling-plans: Update autoscaling-plans command to latest version
1.14.25
api-change:lambda: Update lambda command to latest version
1.14.24
api-change:glue: Update glue command to latest version
1.14.23
api-change:elb: Update elb command to latest version
api-change:elbv2: Update elbv2 command to latest version
api-change:ssm: Update ssm command to latest version
api-change:rds: Update rds command to latest version
1.14.22
api-change:kms: Update kms command to latest version
1.14.21
api-change:ds: Update ds command to latest version
1.14.20
api-change:discovery: Update discovery command to latest version
api-change:codedeploy: Update codedeploy command to latest version
api-change:route53: Update route53 command to latest version
1.14.19
api-change:snowball: Update snowball command to latest version
api-change:ssm: Update ssm command to latest version
api-change:inspector: Update inspector command to latest version
1.14.18
api-change:rds: Update rds command to latest version
1.14.17
api-change:workspaces: Update workspaces command to latest version
1.14.16
api-change:ecs: Update ecs command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:sagemaker: Update sagemaker command to latest version
api-change:inspector: Update inspector command to latest version
1.14.15
api-change:ec2: Update ec2 command to latest version
api-change:kinesisanalytics: Update kinesisanalytics command to latest version
api-change:codebuild: Update codebuild command to latest version
1.14.14
api-change:config: Update config command to latest version
api-change:iot: Update iot command to latest version
1.5.20
======
- api-change:``budgets``: [``botocore``] Update budgets client to
latest version
1.5.19
======
- api-change:``glue``: [``botocore``] Update glue client to latest
version
- api-change:``transcribe``: [``botocore``] Update transcribe client
to latest version
1.5.18
======
- api-change:``sagemaker``: [``botocore``] Update sagemaker client to
latest version
1.5.17
======
- api-change:``ec2``: [``botocore``] Update ec2 client to latest
version
- api-change:``autoscaling-plans``: [``botocore``] Update
autoscaling-plans client to latest version
1.5.16
======
- api-change:``application-autoscaling``: [``botocore``] Update
application-autoscaling client to latest version
- api-change:``autoscaling-plans``: [``botocore``] Update
autoscaling-plans client to latest version
- api-change:``rds``: [``botocore``] Update rds client to latest
version
1.5.15
======
- api-change:``lambda``: [``botocore``] Update lambda client to latest
version
- enhancement:cloudformation get_template template body ordering:
[``botocore``] fixesboto/boto3#1378
1.5.14
======
- api-change:``glue``: [``botocore``] Update glue client to latest
version
1.5.13
======
- api-change:``ssm``: [``botocore``] Update ssm client to latest
version
- api-change:``elbv2``: [``botocore``] Update elbv2 client to latest
version
- api-change:``rds``: [``botocore``] Update rds client to latest
version
- api-change:``elb``: [``botocore``] Update elb client to latest
version
1.5.12
======
- api-change:``kms``: [``botocore``] Update kms client to latest
version
1.5.11
======
- api-change:``ds``: [``botocore``] Update ds client to latest version
1.5.10
======
- api-change:``route53``: [``botocore``] Update route53 client to
latest version
- api-change:``discovery``: [``botocore``] Update discovery client to
latest version
- api-change:``codedeploy``: [``botocore``] Update codedeploy client
to latest version
1.5.9
=====
- api-change:``ssm``: [``botocore``] Update ssm client to latest
version
- api-change:``inspector``: [``botocore``] Update inspector client to
latest version
- api-change:``snowball``: [``botocore``] Update snowball client to
latest version
1.5.8
=====
- api-change:``rds``: [``botocore``] Update rds client to latest
version
1.5.7
=====
- api-change:``workspaces``: [``botocore``] Update workspaces client
to latest version
1.5.6
=====
- api-change:``ecs``: [``botocore``] Update ecs client to latest
version
- api-change:``ec2``: [``botocore``] Update ec2 client to latest
version
- api-change:``inspector``: [``botocore``] Update inspector client to
latest version
- api-change:``sagemaker``: [``botocore``] Update sagemaker client to
latest version
1.5.5
=====
- api-change:``ec2``: [``botocore``] Update ec2 client to latest
version
- enhancement:Paginator: [``botocore``] Added paginator support for
lambda list aliases operation.
- api-change:``kinesisanalytics``: [``botocore``] Update
kinesisanalytics client to latest version
- api-change:``codebuild``: [``botocore``] Update codebuild client to
latest version
1.5.4
=====
- api-change:``iot``: [``botocore``] Update iot client to latest
version
- api-change:``config``: [``botocore``] Update config client to latest
version
1.8.34
======
- api-change:``budgets``: Update budgets client to latest version
1.8.33
======
- api-change:``glue``: Update glue client to latest version
- api-change:``transcribe``: Update transcribe client to latest
version
1.8.32
======
- api-change:``sagemaker``: Update sagemaker client to latest version
1.8.31
======
- api-change:``ec2``: Update ec2 client to latest version
- api-change:``autoscaling-plans``: Update autoscaling-plans client to
latest version
1.8.30
======
- api-change:``application-autoscaling``: Update
application-autoscaling client to latest version
- api-change:``autoscaling-plans``: Update autoscaling-plans client to
latest version
- api-change:``rds``: Update rds client to latest version
1.8.29
======
- api-change:``lambda``: Update lambda client to latest version
- enhancement:cloudformation get_template template body ordering:
fixesboto/boto3#1378
1.8.28
======
- api-change:``glue``: Update glue client to latest version
1.8.27
======
- api-change:``ssm``: Update ssm client to latest version
- api-change:``elbv2``: Update elbv2 client to latest version
- api-change:``rds``: Update rds client to latest version
- api-change:``elb``: Update elb client to latest version
1.8.26
======
- api-change:``kms``: Update kms client to latest version
1.8.25
======
- api-change:``ds``: Update ds client to latest version
1.8.24
======
- api-change:``route53``: Update route53 client to latest version
- api-change:``discovery``: Update discovery client to latest version
- api-change:``codedeploy``: Update codedeploy client to latest
version
1.8.23
======
- api-change:``ssm``: Update ssm client to latest version
- api-change:``inspector``: Update inspector client to latest version
- api-change:``snowball``: Update snowball client to latest version
1.8.22
======
- api-change:``rds``: Update rds client to latest version
1.8.21
======
- api-change:``workspaces``: Update workspaces client to latest
version
1.8.20
======
- api-change:``ecs``: Update ecs client to latest version
- api-change:``ec2``: Update ec2 client to latest version
- api-change:``inspector``: Update inspector client to latest version
- api-change:``sagemaker``: Update sagemaker client to latest version
1.8.19
======
- api-change:``ec2``: Update ec2 client to latest version
- enhancement:Paginator: Added paginator support for lambda list
aliases operation.
- api-change:``kinesisanalytics``: Update kinesisanalytics client to
latest version
- api-change:``codebuild``: Update codebuild client to latest version
1.8.18
======
- api-change:``iot``: Update iot client to latest version
- api-change:``config``: Update config client to latest version
Improvements
- Don't process records for another class than IN
Bug Fixes
- Correctly handle ancestor delegation NSEC{,3} for children.
(CVE-2018-1000003)
- Fix the computation of the closest encloser for positive answers.
- Pass the correct buffer size to arecvfrom().
- Fix to make primeHints threadsafe, otherwise there's a small chance
on startup that the root-server IPs will be incorrect.
- Don't validate signature for "glue" CNAME, since anything else than
the initial CNAME can't be considered authoritative.
Release Notes for BIND Version 9.9.11-P1
Introduction
This document summarizes changes since BIND 9.9.11.
BIND 9.9.11-P1 addresses the security issue described in CVE-2017-3145.
Download
The latest versions of BIND 9 software can always be found at
http://www.isc.org/downloads/. There you will find additional
information about each release, source code, and pre-compiled versions
for Microsoft Windows operating systems.
New DNSSEC Root Key
ICANN is in the process of introducing a new Key Signing Key (KSK) for
the global root zone. BIND has multiple methods for managing DNSSEC
trust anchors, with somewhat different behaviors. If the root key is
configured using the managed-keys statement, or if the pre-configured
root key is enabled by using dnssec-validation auto, then BIND can keep
keys up to date automatically. Servers configured in this way should
have begun the process of rolling to the new key when it was published
in the root zone in July 2017. However, keys configured using the
trusted-keys statement are not automatically maintained. If your server
is performing DNSSEC validation and is configured using trusted-keys,
you are advised to change your configuration before the root zone
begins signing with the new KSK. This is currently scheduled for
October 11, 2017.
This release includes an updated version of the bind.keys file
containing the new root key. This file can also be downloaded from
https://www.isc.org/bind-keys .
Windows XP No Longer Supported
As of BIND 9.9.11, Windows XP is no longer a supported platform for
BIND, and Windows XP binaries are no longer available for download from
ISC.
Security Fixes
* Addresses could be referenced after being freed during resolver
processing, causing an assertion failure. The chances of this
happening were remote, but the introduction of a delay in
resolution increased them. (The delay will be addressed in an
upcoming maintenance release.) This bug is disclosed in
CVE-2017-3145. [RT #46839]
* An error in TSIG handling could permit unauthorized zone transfers
or zone updates. These flaws are disclosed in CVE-2017-3142 and
CVE-2017-3143. [RT #45383]
* The BIND installer on Windows used an unquoted service path, which
can enable privilege escalation. This flaw is disclosed in
CVE-2017-3141. [RT #45229]
* With certain RPZ configurations, a response with TTL 0 could cause
named to go into an infinite query loop. This flaw is disclosed in
CVE-2017-3140. [RT #45181]
Feature Changes
* Threads in named are now set to human-readable names to assist
debugging on operating systems that support that. Threads will have
names such as "isc-timer", "isc-sockmgr", "isc-worker0001", and so
on. This will affect the reporting of subsidiary thread names in ps
and top, but not the main thread. [RT #43234]
* DiG now warns about .local queries which are reserved for Multicast
DNS. [RT #44783]
Bug Fixes
* Fixed a bug that was introduced in an earlier development release
which caused multi-packet AXFR and IXFR messages to fail validation
if not all packets contained TSIG records; this caused
interoperability problems with some other DNS implementations. [RT
#45509]
* Semicolons are no longer escaped when printing CAA and URI records.
This may break applications that depend on the presence of the
backslash before the semicolon. [RT #45216]
* AD could be set on truncated answer with no records present in the
answer and authority sections. [RT #45140]
End of Life
BIND 9.9 (Extended Support Version) will be supported until at least
June, 2018. https://www.isc.org/downloads/software-support-policy/
Release Notes for BIND Version 9.10.6-P1
Introduction
This document summarizes changes since BIND 9.10.6.
BIND 9.10.6-P1 addresses the security issue described in CVE-2017-3145.
Download
The latest versions of BIND 9 software can always be found at
http://www.isc.org/downloads/. There you will find additional
information about each release, source code, and pre-compiled versions
for Microsoft Windows operating systems.
New DNSSEC Root Key
ICANN is in the process of introducing a new Key Signing Key (KSK) for
the global root zone. BIND has multiple methods for managing DNSSEC
trust anchors, with somewhat different behaviors. If the root key is
configured using the managed-keys statement, or if the pre-configured
root key is enabled by using dnssec-validation auto, then BIND can keep
keys up to date automatically. Servers configured in this way should
have begun the process of rolling to the new key when it was published
in the root zone in July 2017. However, keys configured using the
trusted-keys statement are not automatically maintained. If your server
is performing DNSSEC validation and is configured using trusted-keys,
you are advised to change your configuration before the root zone
begins signing with the new KSK. This is currently scheduled for
October 11, 2017.
This release includes an updated version of the bind.keys file
containing the new root key. This file can also be downloaded from
https://www.isc.org/bind-keys .
Windows XP No Longer Supported
As of BIND 9.10.6, Windows XP is no longer a supported platform for
BIND, and Windows XP binaries are no longer available for download from
ISC.
Security Fixes
* Addresses could be referenced after being freed during resolver
processing, causing an assertion failure. The chances of this
happening were remote, but the introduction of a delay in
resolution increased them. (The delay will be addressed in an
upcoming maintenance release.) This bug is disclosed in
CVE-2017-3145. [RT #46839]
* An error in TSIG handling could permit unauthorized zone transfers
or zone updates. These flaws are disclosed in CVE-2017-3142 and
CVE-2017-3143. [RT #45383]
* The BIND installer on Windows used an unquoted service path, which
can enable privilege escalation. This flaw is disclosed in
CVE-2017-3141. [RT #45229]
* With certain RPZ configurations, a response with TTL 0 could cause
named to go into an infinite query loop. This flaw is disclosed in
CVE-2017-3140. [RT #45181]
Feature Changes
* dig +ednsopt now accepts the names for EDNS options in addition to
numeric values. For example, an EDNS Client-Subnet option could be
sent using dig +ednsopt=ecs:.... Thanks to John Worley of Secure64
for the contribution. [RT #44461]
* Threads in named are now set to human-readable names to assist
debugging on operating systems that support that. Threads will have
names such as "isc-timer", "isc-sockmgr", "isc-worker0001", and so
on. This will affect the reporting of subsidiary thread names in ps
and top, but not the main thread. [RT #43234]
* DiG now warns about .local queries which are reserved for Multicast
DNS. [RT #44783]
Bug Fixes
* Fixed a bug that was introduced in an earlier development release
which caused multi-packet AXFR and IXFR messages to fail validation
if not all packets contained TSIG records; this caused
interoperability problems with some other DNS implementations. [RT
#45509]
* Semicolons are no longer escaped when printing CAA and URI records.
This may break applications that depend on the presence of the
backslash before the semicolon. [RT #45216]
* AD could be set on truncated answer with no records present in the
answer and authority sections. [RT #45140]
End of Life
The end of life for BIND 9.10 is yet to be determined but will not be
before BIND 9.12.0 has been released for 6 months.
https://www.isc.org/downloads/software-support-policy/
Version 1.0.21
- Updating fast_tls to version 1.0.20.
- Updating stun to version 1.0.20.
Version 1.0.20
- Updating stun to version 1.0.19.
- Updating fast_tls to version 1.0.19.
Version 1.0.19
- Updating stun to version 1.0.18.
- Updating fast_tls to version 71250ae.
- Support SNI for TLS connections
Version 1.0.20
- Updating fast_tls to version 1.0.20.
Version 1.0.19
- Updating fast_tls to version 1.0.19.
Version 1.0.18
- Updating fast_tls to version 71250ae.
- Fix compilation warnings
Changes:
version 2018.01.14
Extractors
* [youtube] Fix live streams extraction (#15202)
* [wdr] Bypass geo restriction
* [wdr] Rework extractors (#14598)
+ [wdr] Add support for wdrmaus.de/elefantenseite (#14598)
+ [gamestar] Add support for gamepro.de (#3384)
* [viafree] Skip rtmp formats (#15232)
+ [pandoratv] Add support for mobile URLs (#12441)
+ [pandoratv] Add support for new URL format (#15131)
+ [ximalaya] Add support for ximalaya.com (#14687)
+ [digg] Add support for digg.com (#15214)
* [limelight] Tolerate empty pc formats (#15150, #15151, #15207)
* [ndr:embed:base] Make separate formats extraction non fatal (#15203)
+ [weibo] Add extractor (#15079)
+ [ok] Add support for live streams
* [canalplus] Fix extraction (#15072)
* [bilibili] Fix extraction (#15188)
version 2018.01.07
Core
* [utils] Fix youtube-dl under PyPy3 on Windows
* [YoutubeDL] Output python implementation in debug header
Extractors
+ [jwplatform] Add support for multiple embeds (#15192)
* [mitele] Fix extraction (#15186)
+ [motherless] Add support for groups (#15124)
* [lynda] Relax URL regular expression (#15185)
* [soundcloud] Fallback to avatar picture for thumbnail (#12878)
* [youku] Fix list extraction (#15135)
* [openload] Fix extraction (#15166)
* [lynda] Skip invalid subtitles (#15159)
* [twitch] Pass video id to url_result when extracting playlist (#15139)
* [rtve.es:alacarta] Fix extraction of some new URLs
* [acast] Fix extraction (#15147)
version 2017.12.31
Core
+ [extractor/common] Add container meta field for formats extracted
in _parse_mpd_formats (#13616)
+ [downloader/hls] Use HTTP headers for key request
* [common] Use AACL as the default fourcc when AudioTag is 255
* [extractor/common] Fix extraction of DASH formats with the same
representation id (#15111)
Extractors
+ [slutload] Add support for mobile URLs (#14806)
* [abc:iview] Bypass geo restriction
* [abc:iview] Fix extraction (#14711, #14782, #14838, #14917, #14963, #14985,
#15035, #15057, #15061, #15071, #15095, #15106)
* [openload] Fix extraction (#15118)
- [sandia] Remove extractor
- [collegerama] Remove extractor
+ [mediasite] Add support for sites based on Mediasite Video Platform (#5428,
#11185, #14343)
+ [ufctv] Add support for ufc.tv (#14520)
* [pluralsight] Fix missing first line of subtitles (#11118)
* [openload] Fallback on f-page extraction (#14665, #14879)
* [vimeo] Improve password protected videos extraction (#15114)
* [aws] Fix canonical/signed headers generation on python 2 (#15102)
Upstream changes:
mikutter 3.6.1
* happy new year
* honor iPhone X
* require Diva gem 0.3.1 or later
* JSON exported Time was not in iso8601 format
* Spell to update user profile (thanks shibafu528)
* fix typo (thanks akkiesoft)
* twitter: crash when using World other than Twitter due to wrong assumption
that User#idname was always defined
* openimg: sporadic crash when opening images
version 4.2.3 stable:
* API change: previously ZMQ_POLLOUT on a ZMQ_ROUTER socket returned always
true due to how the type works. When ZMQ_ROUTER_MANDATORY is set, sending
fails when the peer is not available, but ZMQ_POLLOUT always returns true
anyway, which does not make sense. Now when ZMQ_ROUTER_MANDATORY is set,
ZMQ_POLLOUT on a ZMQ_ROUTER will return true only if at least one peer is
available.
Given ZMQ_POLLOUT with ZMQ_ROUTER was not usable at all previously, we do
not consider this a breakage warranting a major or minor version increase.
* ZMQ_IDENTITY has been renamed to ZMQ_ROUTING_ID and ZMQ_CONNECT_RID has been
renamed to ZMQ_CONNTECT_ROUTING_ID to disambiguate. ZMQ_IDENTITY and
ZMQ_CONNECT_RID are still available to keep backward compatibility, and will
be removed in a future release after further advance notice.
* DRAFT API change: zmq_poller_wait, zmq_poller_wait_all and zmq_poller_poll
have been changed to be inline with other existing APIs that have a timeout
to return EAGAIN instead of ETIMEDOUT as the errno value.
* Existing non-DRAFT socket types ZMQ_REP/REQ, ZMQ_ROUTER/DEALER and
ZMQPUB/SUB, that were previously declared deprecated, have been reinstated
as stable and supported.
* Tweetnacl: add support for, and use preferably if available, getrandom() as
a simpler and less error-prone alternative to /dev/urandom on OSes where it
is available (eg: Linux 3.18 with glibc 2.25).
* Curve: all remaining traces of debug output to console are now removed, and
new DRAFT events are available to properly debug CURVE, PLAIN, GSSAPI and
ZAP events and failures. See below for details on the new events.
* New DRAFT (see NEWS for 4.2.0) socket options:
- ZMQ_GSSAPI_PRINCIPAL_NAMETYPE and ZMQ_GSSAPI_SERVICE_PRINCIPAL_NAMETYPE, for
the corresponding GSSAPI features. Additional definitions for principal
name types:
- ZMQ_GSSAPI_NT_HOSTBASED
- ZMQ_GSSAPI_NT_USER_NAME
- ZMQ_GSSAPI_NT_KRB5_PRINCIPAL
See doc/zmq_gssapi.txt for details.
- ZMQ_BINDTODEVICE (Linux only), which will bind the socket(s) to the
specified interface. Allows to use Linux VRF, see:
https://www.kernel.org/doc/Documentation/networking/vrf.txt
NOTE: requires the program to be ran as root OR with CAP_NET_RAW
- ZMQ_ZAP_ENFORCE_DOMAIN, enables strict RFC 27 compatibility mode and makes
the ZAP Domain mandatory when using security. See:
https://rfc.zeromq.org/spec:27/ZAP
See doc/zmq_setsockopt.txt and doc/zmq_getsockopt.txt for details.
* New DRAFT (see NEWS for 4.2.0) context options:
- ZMQ_THREAD_AFFINITY_CPU_ADD and ZMQ_THREAD_AFFINITY_CPU_REMOVE (Posix only),
to add and remove CPUs to the affinity set of the I/O threads. Useful to pin
the background threads to specific CPUs.
- ZMQ_THREAD_NAME_PREFIX (Posix only), to add a specific integer prefix to the
background threads names, to easily identify them for debugging purposes.
See doc/zmq_ctx_set.txt and doc/zmq_ctx_get.txt for details.
* New DRAFT (see NEWS for 4.2.0) message property name definitions to facilitate
the use of zmq_msg_gets:
- ZMQ_MSG_PROPERTY_ROUTING_ID
- ZMQ_MSG_PROPERTY_SOCKET_TYPE
- ZMQ_MSG_PROPERTY_USER_ID
- ZMQ_MSG_PROPERTY_PEER_ADDRESS
See doc/zmq_msg_gets.txt for details.
* New DRAFT (see NEWS for 4.2.0) API zmq_socket_get_peer_state, to be used to
query the state of a specific peer (via routing-id) of a ZMQ_ROUTER socket.
* New DRAFT (see NEWS for 4.2.0) Socket Monitor events:
- ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL, unknown system error and returns errno
- ZMQ_EVENT_HANDSHAKE_SUCCEEDED, handshake was successful
- ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL, protocol errors between peers or server
and ZAP handler. Returns one of ZMQ_PROTOCOL_ERROR_* - see manpage for list
- ZMQ_EVENT_HANDSHAKE_FAILED_AUTH, failed authentication, returns ZAP status
These events trigger when the ZMTP security mechanism handshake is
completed or failed. See doc/zmq_socket_monitor.txt for more information.
* New DRAFT (see NEWS for 4.2.0) zmq_proxy_steerable command 'STATISTICS' to
retrieve stats about the amount of messages and bytes sent and received by
the proxy. See doc/zmq_proxy_steerable.txt for more information.
* Add new autoconf --disable-libunwind option to stop building with libunwind
even if it is available.
* Add new autoconf --disable-Werror option to avoid building with the Werror
flag.
* Use pkg-config as the first method for finding and building with external
optional dependencies such as libnorm, libpgm and gssapi.
* On Posix platform where the feature is available, name the ZMQ background
threads to simplify debugging: "ZMQbg/<num_thread>"
* Improve performance of zmq_poller_* (and zmq_poll and zmq_proxy when building
with DRAFT APIs enabled).
* The TCP unit tests have been refactored to bind and connect to random ports
rather than hard-coded ones, to allow running tests in parallel.
There are 6 exceptions where it is necessary to use an hard-coded port to
test specific code paths that would not be exercised when binding to a
wildcard port. These are listed in tests/testutil.hpp so that distributions
can easily patch them if they wish to and so that they can be unique across
all the tests, allowing parallel runs.
The IPC unit tests have been changed as well to use unique socket file names
per test, where before there were some clashes.
* Fixed 2349 - fix building with libsodium when using CMake
* Fixed 2334 - do not assert when tuning socket options fails due to network
errors, but simply retry again when connecting or send a socket monitor
ZMQ_EVENT_ACCEPT_FAILED event when binding
* Fixed 2341 - fix source files path in VS2015 solution
* Fixed 2344 - Note that on Windows with VS2012 it is mandatory to increase
the default stack size to at least 2MB
* Fixed 2348 - ZMQ_ROUTER send with ZMQ_ROUTER_MANDATORY can be stuck in case of
network problem
* Fixed 2358 - occasional abort on zmq_connect on Windows
* Fixed 2370 - zmq_curve_keypair should return an error on failure rather
than ignoring them and always returning 0
* Fixed 2452 - __STDC_LIMIT_MACROS before precompiled headers causes VC++
warning
* Fixed 2457 - fix building with libsodium in Visual Studio solutions
* Fixed 2466 - add const qualifier to internal and public API that does not
modify parameters
* Fixed 2471 - do more checks for OOM conditions when dynamic allocations is
used
* Fixed 2476 - assertion causes abort after ZAP stop at shutdown
* Fixed 2479 - improve zmq_poller performance on Windows
* Fixed 2481 - potential memory leaks due to ZMTP handshake failures
* Fixed 2531 - ZMQ_GSSAPI_PRINCIPAL sockopt has no effect on client side
* Fixed 2535 - add BUILD_SHARED and BUILD_STATIC options to CMake, both on by
default, to toggle shared and static library builds
* Fixed 2537 - use SYSTEM_CLOCK on OSX and CLOCK_MONOTONIC elsewhere for
internal timers to avoid races
* Fixed 2540 - new zmq_poller used by zmq_poll without DRAFTs
* Fixed 2552 - Fix WITH_DOC CMake build to avoid checking for asciidoc if the
option is disabled
* Fixed 2567 - Memory leak in REP socket handling
* Fixed 2579 - Compilation issue on Windows with CMake + ninja
* Fixed 2588 - SIGBUS under 64-bit SunOS Sparc
* Fixed 2590 - crash when using ZMQ_IMMEDIATE and ZMQ_LINGER to non-zero
* Fixed 2601 - XPUB_MANUAL subscriptions not removed on peer term
* Fixed 2602 - intermittent memory leak for ZMQ_REQ/REP send/recv
* Fixed 2608 - CURVE server (connect) fails when client rebinds
* Fixed 2610 - print backtraces in mutual exclusion to avoid mixing
different traces
* Fixed 2621 - add missing CMake files to distributable tarball
* Fixed 2630 - improve compatibility with OpenBSD w.r.t. IPV6_V6ONLY
* Fixed 2638 - note in INSTALL that when using Windows builds on Linux with
Wine it is necessary to increase the minimum TCP buffers
* Fixed 2632 - Fix file descriptor leak when using Tweetnacl (internal NACL
implementation) instead of Libsodium, and fix race condition when using
multiple ZMQ contexts with Tweetnacl
* Fixed 2681 - Possible buffer overflow in CURVE mechanism handshake.
NOTE: this was protected by an assert previously, so there is no security
risk.
* Fixed 2704 - test_sockopt_hwm fails occasionally on Windows
* Fixed 2701 - pgm build via cmake doesn't link libzmq with libpgm
* Fixed 2711 - ZAP handler communication errors should be handled consistently
* Fixed 2723 - assertion in src\select.cpp:111 or hang on zmq_ctx_destroy on
Windows
* Fixed 2728 - fix support O_CLOEXEC when building with CMake
* Fixed 2761 - improve compatibility with TrueOS (FreeBSD 12)
* Fixed 2764 - do not unlink IPC socket files when closing a socket to avoid
race conditions
* Fixed 2770 - support lcov 1.13 and newer
* Fixed 2787 - add libiphlpapi to PKGCFG_LIBS_PRIVATE for static mingw builds
* Fixed 2788 - document that adding -DZMQ_STATIC is required for Windows
static builds with Mingw
* Fixed 2789 - description of zmq_atomic_counter_value return value is cloned
from zmq_atomic_counter_new
* Fixed 2791 - fix building with DRAFT APIs on CentOS 6
* Fixed 2794 - router_t methods should not allocate memory for lookup in
outpipes
* Fixed 2809 - optimize select() usage on Windows
* Fixed 2816 - add CMake and autoconf check for accept4, as it is not
available on old Linux releases, and fallback to accept + FD_CLOEXEC
* Fixed 2824 - ZMQ_REQ socket does not report ZMQ_POLLOUT when ZMQ_REQ_RELAXED
is set
* Fixed 2827 - add support for Haiku
* Fixed 2840 - fix building with VS2008
* Fixed 2845 - correct the ZMQ_LINGER documentation to accurately reflect that
the default value is -1 (infinite). It never was 30 second in any released
version, it was only changed briefly and then changed back, but the manpage
was not reverted.
* Fixed 2861 - CMake/MSVC: export ZMQ_STATIC when needed.
Changes:
1.1.2
-----
* Added support for:
* `puremashiro` (#66)
* `idolcomplex`
* Added an option to filter reblogs on `tumblr` (#61)
* Added OAuth user authentication for `tumblr` (#65)
* Added support for `slideshare` mobile URLs (#67)
* Improved pagination for various ...booru sites to work around page limits
* Fixed chapter information parsing for certain manga on `kissmanga` (#58) and `batoto` (#60)
Changelog:
## Bug Fixes
The following bugs have been fixed:
wnpa-sec-2018-01
Multiple dissectors could crash. (Bug 14253) CVE-2018-5336
wnpa-sec-2018-03
The IxVeriWave file parser could crash. (Bug 14297) CVE-2018-5334
wnpa-sec-2018-04
The WCP dissector could crash. (Bug 14251) CVE-2018-5335
Prior to this release dumpcap enabled the Linux kernel's BPF JIT compiler
via the net.core.bpf_jit_enable sysctl. This could make systems
more vulnerable to Spectre variant 1 (CVE-2017-5753) and this feature
has been removed (Bug 14313).
Some keyboard shortcut mix-up has been resolved by assigning
new shortcuts to Edit -> Copy methods.
Remote interfaces are not saved. (Bug 8557)
Additional grouping in Expert Information dialog. (Bug 11753)
First start with non-empty extcap folder after install or reboot
hangs at "initializing tap listeners". (Bug 12845)
Can't hide expert categories in Expert Information. (Bug 13831)
Expert info dialog should have "Collapse All"/"Expand All" options.
(Bug 13842)
SIP Statistics extract does not work. (Bug 13942)
Service Response Time - SCSI dialog crashes. (Bug 14144)
Wireshark & Tshark 2.4.2 core dumps with segmentation fault. (Bug 14194)
SSH remote capture promiscuous mode. (Bug 14237)
SOCKS pseudo header displays incorrect Version value. (Bug 14262)
Only first variable of list is dissected in NTP Control request
message. (Bug 14268)
NTP Authenticator field dissection fails if padding is used. (Bug 14269)
BSSAP packet dissector issue - BSSAP_UPLINK_TUNNEL_REQUEST message.
(Bug 14289)
"[Malformed Packet]" for Mobile IP (MIP) protocol. (Bug 14292)
There is a potential buffer underflow in File_read_line function in
epan/wslua/wslua_file.c file. (Bug 14295)
Saving a temporary capture file may not result in the temporary
file being removed. (Bug 14298)
## Updated Protocol Support
Bluetooth, BSSAP, BT ATT, BT HCI, BT SMP, MIP, NTP, SCTP, SOCKS, UDS, and WCP
Bugfixes:
#1845: Files on deduplicated NTFS volumes are ignored by scanner
#4590: Path completion in new folder dialog does not work anymore
#4593: Fd leak when temp file cannot be truncated
#4605: Panic: runtime error related to KCP
Enhancements:
#2644: UI for debug levels and log access
#4369: GUI should indicate which files are out of sync on remote devices
#4400: Keep enough counters and state in the database to avoid initial database traversal
#4515: Should understand “socks” in addition to “socks5” in proxy URLs
Other issues:
#4407: Contribute kcp-go changes/features and/or fix tests
#4585: Update vendored github.com/minio/sha256-simd for AVX512 support
#4615: Update vendored x/sys/unix for dragonfly
Tor 0.3.2.9 is the first stable release in the 0.3.2 series.
The 0.3.2 series includes our long-anticipated new onion service
design, with numerous security features. (For more information, see
our blog post at https://blog.torproject.org/fall-harvest.) We also
have a new circuit scheduler algorithm for improved performance on
relays everywhere (see https://blog.torproject.org/kist-and-tell),
along with many smaller features and bugfixes.
gsutil is a Python application that lets you access Google Cloud Storage and
Amazon S3 from the command line. You can use gsutil to do a wide range of
bucket and object management tasks, including:
* Creating and deleting buckets
* Uploading, downloading, and deleting objects
* Listing buckets and objects
* Moving, copying, and renaming objects
* Editing object and bucket ACLs
The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.
There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
- Register pubsub#multi-items feature and add pubsub#max_items
field to meta-data
- Mention try_subtag/2 in the README
- Fix formatting in API.md
- New function: xmpp:try_subtag/2
- Make pretty printer understand jid records
- Support XEP-0184: Message Delivery Receipts
- Improve pretty printer and sub-elements processing
- Add PubSub error condition: 'precondition-not-met'
- pubsub_publish_options.xdata: Reject 'secret'
- Allow empty URIs in xmpp_uri:check/1
- Update muc#roominfo form and add validation for
'muc#room*_pubsub' fields
- Introduce xmpp_uri module
3.7.2
- Bug fix in the HTTP auth backend
3.7.1
- Bug fixes
3.7.0
- Minimum required Erlang version is now 19.3
- Automation-friendly cluster formation
- Distributed management plugin, including minor breaking HTTP API changes.
- Simpler, ini-style configuration format
- Per-vhost limits
- Operator policies
- Topic-based authorisation
- Cross-protocol Shovel (currently supports AMQP 0.9.1 and AMQP 1.0)
- Command-line tools are extensible via plugins
- Message store multi-tenancy
- Proxy protocol support
- Web STOMP no longer supports WebSocket emulation
- Java and .NET client releases no longer track RabbitMQ server releases
- .NET client now supports .NET Core.
- Management plugin extensions now must target Cowboy 2.0
- Java client for RabbitMQ HTTP API
Changelog:
Bug Fixes
The following bugs have been fixed:
wnpa-sec-2017-47
The IWARP_MPA dissector could crash. (Bug 14236)
wnpa-sec-2017-48
The NetBIOS dissector could crash. (Bug 14249)
wnpa-sec-2017-49
The CIP Safety dissector could crash. (Bug 14250)
"tshark -G ?" doesn't provide expected help. (Bug 13984)
File loading is very slow with TRANSUM dissector enabled. (Bug 14094)
packet-knxnetip.c:936: bad bitmask ?. (Bug 14115)
packet-q931.c:1306: bad compare ?. (Bug 14116)
SSL Dissection bug. (Bug 14117)
Wireshark crashes when exporting various files to .csv, txt and other
'non-capture file' formats. (Bug 14128)
RLC reassembly doesn't work for RLC over UDP heuristic dissector.
Bug 14129)
HTTP Object export fails with long extension (possibly query string).
(Bug 14130)
3GPP Civic Address not displayed in Packet Details. (Bug 14131)
Wireshark prefers packet.dll in System32\\Npcap over the one in
System32. (Bug 14134)
PEEKREMOTE dissector does not decode 11ac MCS rates properly. (Bug 14136)
Visual Studio Community Edition 2015 lacks tools named in developer
guide. (Bug 14147)
TCP: Malformed data with Riverbed Probe option. (Bug 14150)
Wireshark Crash when trying to use Preferences | Advanced. (Bug 14157)
Right click on SMB2 Message ID and then Apply as Column causes Runtime
Error. (Bug 14169)
Return [Enter] should apply change (Column title - Button Label
toolbars). (Bug 14191)
Wireshark crashes if "rip.display_routing_domain" is set to TRUE in
preferences file. (Bug 14197)
Entry point inflatePrime not found for androiddump.exe and
randpktdump.exe. (Bug 14207)
BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not
able to decode the packet correctly. (Bug 14241)
Wrong SSL decryption when using EXTENDED MASTER SECRET and Client
certificate request (mutual authentication). (Bug 14243)
Frame direction isn't always set if it comes from the pcapng record
header rather than the packet pseudo-header. (Bug 14245)
Updated Protocol Support
3GPP NAS, BGP, CIP Safety, DTLS, IEEE 802.11 Radio, IWARP_MPA,
KNXnet/IP, LCSAP, MQTT, NetBIOS, PEEKREMOTE, Q.931, RIP, RLC, SIP,
SSL/TLS, TCP, and TRANSUM
Lua support no longer optional.
PowerDNS Recursor 4.1.0
===========================================================
- Improved DNSSEC support
- Improved documentation
- Improved RPZ support
- Improved EDNS Client Subnet support
- Support for Botan 2.x (and removal of support for Botan 1.10)
- SNMP support
- Lua engine has gained access to more parts of the recursor
- CPU affinity can now be specified
- TCP Fast Open support
- New performance metrics
Full changelog:
https://doc.powerdns.com/recursor/changelog/4.1.html
PowerDNS Recursor 4.0.7
===========================================================
- Insufficient validation of DNSSEC signatures (CVE-2017-15090)
- Cross-Site Scripting in the web interface (CVE-2017-15092)
- Configuration file injection in the API (CVE-2017-15093)
- Memory leak in DNSSEC parsing (CVE-2017-15094)
Bug fixes
- Update rec_control manpage
- Check in the detected OpenSSL/libcrypto for ECDSA
- Make more specific Netmasks < to less specific ones
- Fix validation at the exact RRSIG inception or expiration time
- Lowercase all outgoing qnames when lowercase-outgoing is set
- Fix libatomic detection on ppc64
- Edit configname definition to include the 'config-name' argument
Improvements
- Extract nested exception from Luawrapper
- Use explicit yes for default-enabled settings
- Throw an error when lua-conf-file can't be loaded
- get-remote-ring's "other" report should only have two items.
- PowerDNS sdig does not truncate trailing bits of EDNS Client Subnet
mask
- Only increase no-packet-error on the first read
- Add support for Botan 2.x
- Add more information to recursor cache dumps
- Fix typo in two log messages
- Add help text on autodetecting systemd support
- Be more resilient with broken auths
- Remove pdns.PASS and pdns.TRUNCATE
- Improve dnsbulktest experience in travis for more robustness
- Create socket-dir from init-script
- b.root renumbering, effective 2017-10-24
- Don't retry security polling too often when it fails
PowerDNS Authoritative Server 4.1.0
===========================================================
- Improved performance: 400% speedup in some scenarios
- Crypto API: DNSSEC fully configurable via RESTful API
- Improved documentation
- Database related improvements
- Enhanced tooling
- Support for TCP Fast Open
- Support for non-local bind
- Support for Botan 2.x (and removal of support for Botan 1.10)
- Our packages now ship with PKCS #11 support.
- Recursor passthrough removal
Full changelog:
https://doc.powerdns.com/authoritative/changelog/4.1.html
PowerDNS Authoritative Server 4.0.5
===========================================================
Fixes
- Fix for missing check on API operations (CVE-2017-15091)
- Bindbackend: do not corrupt data supplied by other backends in
getAllDomains
- API: prevent sending nameservers list and zone-level NS in rrsets
- gpgsql: make statement names actually unique
- Fix remotebackend params
- Fix godbc query logging
- For create-slave-zone, actually add all slaves, and not only first n
times
- Fix a regression in axfr-rectify + test
- When making a netmask from a comboaddress, we neglected to zero the
port
- Fix libatomic detection on ppc64
- Catch DNSName exception in the Zoneparser
- Publish inactive KSK/CSK as CDNSKEY/CDS
- Handle AFSDB record separately due to record structure.
- Treat requestor's payload size lower than 512 as equal to 512
- Correctly purge entries from the caches after a transfer
- Handle a signing pipe worker dying with work still pending
- Ignore SOA-EDIT for PRESIGNED zones.
- Check return value for all getTSIGKey calls.
Improvements
- Fix ldap-strict autoptr feature, including a test
- mydnsbackend: Add getAllDomains
- Stubresolver: Use only recursor setting if given
- LuaWrapper: Allow embedded NULs in strings received from Lua
- sdig: Clarify that the ednssubnet option takes "subnet/mask"
- Tests: Ensure all required tools are available
- PowerDNS sdig does not truncate trailing bits of EDNS Client Subnet
mask
- LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace
- Add support for Botan 2.x
- Ship ldapbackend schema files in tarball
- Collection of schema changes
- Fix typo in two log messages
- Add help text on autodetecting systemd support
- Use a unique pointer for bind backend's d_of
- Fix some of the issues found by @jpmens
Upstream changes:
3.3.2 (2018/01/02)
- support build on pkgsrc-2017Q4 (vala-0.38.1 and later)
- try to show images only if Content-Type is image/*
- update to mbedTLS-2.4.2
- implement --timeout-image option
Unsorted entries in PLIST files have generated a pkglint warning for at
least 12 years. Somewhat more recently, pkglint has learned to sort
PLIST files automatically. Since pkglint 5.4.23, the sorting is only
done in obvious, simple cases. These have been applied by running:
pkglint -Cnone,PLIST -Wnone,plist-sort -r -F
The actual cleanup has been done by pkglint:
* Added missing identifier comments
* Replaced ${PKGMANDIR} with a simple man, since the infrastructure does
all the magic for PLISTs
This has been a pkglint warning for several years now, and pkglint can even
fix it automatically. And it did for this commit.
Only in lang/mercury, two passes of autofixing were necessary because there
were nested variables.
* dhcp: when unicasting on L3, unicast on L2 as well
* dhcp: when rebooting, don't set cidaddr
* dhcp6: don't listen on IPv6 addresses when not using DHCPv6
* dhcp: only set probe state when probing (fixes REBOOT reason)
* linux: use IFA_F_NOPREFIXROUTE for IPv4 addresses
* ipv6: disable kernel RA if interface is active
* hooks: set protocol to link for link layer events
Bugfixes:
#4353: Symlinks as folder root broken on Windows
#4475: Discovering new files in a deleted directory does not resurrect the directory
#4561: "Panic: interface conversion: *errors.errorString is not net.Error" after restart
Enhancements:
#2299: Auto-accept shared folders from trusted devices
#4406: Empty directories in .stversions should be removed
#4476: Human readable errors on attempted deletion of non-empty directory
#4542: Support OneDrive folders on recent Windows 10
#4543: Add confirmation on Remove Folder / Device button
Changelog:
NSD 4.1.19
Dec 11, 2017
Bugfixes
* ignore fallthrough compiler warning in flex EOF rule.
* Fix warnings emitted by clang for --enable-packed. Alignment is
not a problem for x86_64, don't enable packed when the platform
requires aligned access.
* Fix spelling error in xfr-inspect.
* Fix 3392: Fix regression in 4.1.18 for notify lists with ip4 and ip6
targets.
* Add test for support of -Wno-address-of-packed-member for --enable-packed.
NSD 4.1.18
Nov 30, 2017
Features
* xfr-inspect, it is not installed, it prints xfr files from /tmp made
with 'make xfr-inspect' in the source dir.
* retry timeout between sending notifies dropped from 15 to 3 sec.
* NSD sends 16 notifies simultaneously.
* configure --enable-packed reduces memory usage, at expense of unaligned
reads. Saves about 17%.
* Save memory by selectively allocate precompiled nsec3 hashes, saves
about 16% memory.
* make ip-transparent option work on OpenBSD.
* Save about 2% memory by changing usage count size in name tree.
* Fix#2871: Increase number of sockets for xfrd transfers.
Bugfixes
* Fix gcc 7.1.1 warnings.
* Fix writev compile warning on FreeBSD.
* Fix#1446: A corrupted zone file "propagates" to good ones.
* nsd-control zonestatus prints wait time between attempts, for zones
that are in that waiting time.
* Fix collision printout of nsec3 to print name, hash and reverse.
* Fix#1567: Change crit to err log level for gettimeofday failure.
Add defines for compile without syslog.
* Fix crash for DS query when parent and child zones both configured
in nsd.conf and parent zone has not loaded properly.
Proposed by Nils Ratusznik in June on tech-pkg. In short, the rules are
from 2012; they are too outdated to be useful.
No one spoke up for keeping the package. If you want to bring it back,
feel free to do so, after updating it.
**** 1.14 Dec 15, 2017
Fix rt.cpan.org #123702
'use base' should not be used in packages with several
subpackages defined
Fix rt.cpan.org #123676
Net::DNS::Nameserver malformed message on big axfr
Changes:
2017.12.28
----------
Extractors
+ [internazionale] Add support for internazionale.it (#14973)
* [playtvak] Relax video regular expression and make description optional
(#15037)
+ [filmweb] Add support for filmweb.no (#8773, #10368)
+ [23video] Add support for 23video.com
+ [espn] Add support for fivethirtyeight.com (#6864)
+ [umg:de] Add support for universal-music.de (#11582, #11584)
+ [espn] Add support for espnfc and extract more formats (#8053)
* [youku] Update ccode (#14880)
+ [openload] Add support for oload.stream (#15070)
* [youku] Fix list extraction (#15065)
2017.12.23
----------
Core
* [extractor/common] Move X-Forwarded-For setup code into _request_webpage
+ [YoutubeDL] Add support for playlist_uploader and playlist_uploader_id in
output template (#11427, #15018)
+ [extractor/common] Introduce uploader, uploader_id and uploader_url
meta fields for playlists (#11427, #15018)
* [downloader/fragment] Encode filename of fragment being removed (#15020)
+ [utils] Add another date format pattern (#14999)
Extractors
+ [kaltura] Add another embed pattern for entry_id
+ [7plus] Add support for 7plus.com.au (#15043)
* [animeondemand] Relax login error regular expression
+ [shahid] Add support for show pages (#7401)
+ [youtube] Extract uploader, uploader_id and uploader_url for playlists
(#11427, #15018)
* [afreecatv] Improve format extraction (#15019)
+ [cspan] Add support for audio only pages and catch page errors (#14995)
+ [mailru] Add support for embed URLs (#14904)
* [crunchyroll] Future-proof XML element checks (#15013)
* [cbslocal] Fix timestamp extraction (#14999, #15000)
* [discoverygo] Correct TTML subtitle extension
* [vk] Make view count optional (#14979)
* [disney] Skip Apple FairPlay formats (#14982)
* [voot] Fix format extraction (#14758)
2017.12.14
----------
Core
* [postprocessor/xattr] Clarify NO_SPACE message (#14970)
* [downloader/http] Return actual download result from real_download (#14971)
Extractors
+ [itv] Extract more subtitles and duration
* [itv] Improve extraction (#14944)
+ [byutv] Add support for geo restricted videos
* [byutv] Fix extraction (#14966, #14967)
+ [bbccouk] Fix extraction for 320k HLS streams
+ [toutv] Add support for special video URLs (#14179)
* [discovery] Fix free videos extraction (#14157, #14954)
* [tvnow] Fix extraction (#7831)
+ [nickelodeon:br] Add support for nickelodeon brazil websites (#14893)
* [nick] Improve extraction (#14876)
* [tbs] Fix extraction (#13658)
Changes:
1.1.1
-----
* Added support for:
`slideshare` - <https://www.slideshare.net/> (#54)
* Added pool- and post-extractors for `sankaku`
* Added OAuth user authentication for `deviantart`
* Updated `luscious` to support `members.luscious.net` URLs (#55)
* Updated `mangahere` to use their new domain name (mangahere.cc) and mobile URLs
* Updated `gelbooru` to not be restricted to the first 20,000 images (#56)
* Fixed extraction issues for `nhentai` and `khinsider`
Upstream change:
mikutter 3.6.0
* World
* Twitter functions are now implemented as a plugin
* Service is no longer available, so the World plugin provides an equivalent
of Service
* Spell
* Form DSL
* generalized modules for settings etc. so make it possible to use it
in Dialog etc.
* photo select
* select images
* label
* link (Model viewer)
* Dialog DSL/dialog method
* universal interface for plugins to show a dialog box
* no dependencies on Gtk
* Photo Model
* preserve image URLs for multiple sizes and use a proper larger size
one for requested image
* new setting in config for the maxinum number of tweets in timelines
* settings
* tree structure in side menu by "settings" block
* improve drawing speed for settings with many items
* appearance settings for PostBox and World Shifter
* requires Ruby 2.3 and later
* gems for mikutter project
* use Diva gem
* new gem derived from mikutter
* replacement of Retriever, mikutter still provides Retriever compatible
interfaces
* Delayer Deferred 2
* async/await
pkgsrc changes:
- DEPENDS on ruby-idn gem
Upstream changes:
https://github.com/twitter/twitter-text/blob/master/rb/CHANGELOG.md
## [2.1] - 2017-12-20
### Added
- This CHANGELOG.md file
### Changed
- Top-level namespace changed from `Twitter` to `Twitter::TwitterText`. This
resolves a namespace collision with the popular
[twitter gem](https://github.com/sferik/twitter). This is considered
a breaking change, so the version has been bumped to 2.1. This fixes
issue [#221](https://github.com/twitter/twitter-text/issues/221),
"NoMethodError Exception: undefined method `[]' for nil:NilClasswhen
using gem in rails app"
## [2.0.2] - 2017-12-18
### Changed
- Resolved issue
[#211](https://github.com/twitter/twitter-text/issues/211), "gem
breaks, asset file is a dangling symlink"
- config files, tld_lib.yml files now copied into the right place
- Rakefile now included `prebuild`, `clean` tasks
(no changelog for 2.0; 2.0.1 changes are mentioned in the 2.0.2 entry)
* Quiet type conversion warnings by adding const to one of the logging
functions
* Don't confuse the C preprocessor by converting one arg into two.
Fixes build on NetBSD/8.0 with SSP.
Bump PKGREVISION.
1.14.13
api-change:mediastore-data: Update mediastore-data command to latest version
api-change:route53: Update route53 command to latest version
api-change:apigateway: Update apigateway command to latest version
1.14.12
api-change:cloudwatch: Update cloudwatch command to latest version
1.5.3
api-change:route53: [botocore] Update route53 client to latest version
api-change:apigateway: [botocore] Update apigateway client to latest version
api-change:mediastore-data: [botocore] Update mediastore-data client to latest version
1.5.2
bugfix:presigned-url: [botocore] Fixes a bug where content-type would be set on presigned requests for query services.
api-change:cloudwatch: [botocore] Update cloudwatch client to latest version
1.8.17
api-change:route53: Update route53 client to latest version
api-change:apigateway: Update apigateway client to latest version
api-change:mediastore-data: Update mediastore-data client to latest version
1.8.16
bugfix:presigned-url: Fixes a bug where content-type would be set on presigned requests for query services.
api-change:cloudwatch: Update cloudwatch client to latest version
1.14.11
api-change:appstream: Update appstream command to latest version
1.14.10
api-change:apigateway: Update apigateway command to latest version
api-change:ses: Update ses command to latest version
bugfix:s3: Fixes a bug where calling the CLI from a context that has no stdin resulted in every command failing instead of only commands that required stdin.
1.14.9
api-change:codedeploy: Update codedeploy command to latest version
bugfix:sagemaker-runtime: Renamed the runtime.sagemaker service to sagemaker-runtime to be more consistent with existing services. The old service name is now aliased to sagemaker-runtime to maintain backwards compatibility.
api-change:workmail: Update workmail command to latest version
1.5.1
api-change:appstream: [botocore] Update appstream client to latest version
1.5.0
bugfix:Filters: Fixes a bug where parameters passed to resource collections could be mutated after the collections were created.
api-change:ses: [botocore] Update ses client to latest version
enhancement:credentials: [botocore] Moved the JSONFileCache from the CLI into botocore so that it can be used without importing from the cli.
feature:botocore dependency: Update dependency strategy to always take a floor on the most recent version of botocore. This means whenever there is a release of botocore, boto3 will release as well to account for the new version of botocore.
api-change:apigateway: [botocore] Update apigateway client to latest version
1.8.15
api-change:appstream: Update appstream client to latest version
1.8.14
api-change:ses: Update ses client to latest version
enhancement:credentials: Moved the JSONFileCache from the CLI into botocore so that it can be used without importing from the cli.
api-change:apigateway: Update apigateway client to latest version
1.8.13
api-change:codedeploy: Update codedeploy client to latest version
bugfix:sagemaker-runtime: Renamed the runtime.sagemaker service to sagemaker-runtime to be more consistent with existing services. The old service name is now aliased to sagemaker-runtime to maintain backwards compatibility.
bugfix:Stubber: This change makes the error handling more verbose in the case where a stubbed method has been called, but the Stubber is not expecting a call.
api-change:workmail: Update workmail client to latest version
- Updating fast_xml to version 1.1.25.
- Add support for NS_MAM_2
- Improve handling of pubsub requests
- Add support for RFC 7622
- Allow multiple text element inside stanza/stream_error
From Changelog:
* Remove blinking cursor from UI
Gerrit Renker <renker@ualberta.ca>
* Treat multicast packets as incoming, rather than incoming (IPv4) or not at
all (IPv6).
Andreas Schwab <schwab@linux-m68k.org>
* Minor fixes to the man page
* Man page documentation of -t mode.
* Compile time warning fixes.
Markus Koschany <apo@gambaru.de>
* Added text output mode (-t option)
Roman Hoog Antink <rha@open.ch> (originally by Patrik Bless)
* Fix for memory leak when DNS resolution is turned off
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677141
Olivier Allard-Jacquin <olivieraj@free.fr>
* Various typos in the UI
Gerben Roest <g.roest@grepit.nl>
* Documentation fixes
A. Costa <agcosta@gis.net> (via Debian)
* Fix for armeb specific bug
Lennert Buytenhek <buytenh+debian@wantstofly.org> (via Debian)
* Fix frozen order drives line totals crazy.
Max Alekseyev <relf@os2.ru> (via Debian)
* Fix for crash on arm.
Joey Hess <joeyh@debian.org> (via Debian)
* Fixed behaviour of "-b" option.
Eric Cooper <ecc@cmu.edu> (via Debian)
* Support for PFLOG Interfaces
Richard Tóth <risko@iklub.sk>
* Support for IPv6
* Fix for performance issue with address hashing
* Fix for failing link address detection for GNU/kfreebsd
* Multiple portability fixes
Mats Erik Andersson <mats.andersson@gisladisker.se>
* Improved behaviour of sort in sent/recv only mode
Damián Viano <des@debian.org>
* FreeBSD compilation fix
* IPv6 reverse resolution
Frédéric Perrin <frederic.perrin@resel.fr>
* Improved IPv6 code (removed s6_addr32 dependency)
* Fixed support for DLT_NULL
Scott Bertilson <ssb@umn.edu>
* Typo in usage message
* Workaround for PuTTY issue (https://bugzilla.redhat.com/show_bug.cgi?id=546032)
* Updates to licence text (change in FSF address)
* Avoid an assertion failure if an "invalid" (as in outside of IPv4 or IPv6)
address family is encountered (Red Hat bugs #839750, #847124, #868065, #961236
and #1007434)
* enable building iftop with more recent versions of autoconf/automake
* patch to remove compile time warnings
* Fix to avoid system call in text mode wherever possible.
Robert Scheck <robert@fedoraproject.org>
* Attempt to detect if interface is actually up when doing autodetection.
* Fixed segfault when selecting interfaces with empty MAC address (e.g. gprs
interface on Nokia N900)
Graham Inggs <graham@nerve.org.za>
* Avoid autodetecting wmaster interfaces
* Experimental support for IEEE802_11 radiotap interfaces (DLT 127)
* Fixed segfault / hang when supplying multiple -i options
* Added missing docs for -m option.
- no upstream activity for 4 years
- net/ruby-twitter gem includes the same functionality
- the only consumer net/ruby-tw no longer requires this gem
(switched to using userstream in twitter gem)
Changes:
1.1.0
-----
* Added the `-r/--limit-rate` command-line option to set a maximum download
rate
* Added the `--sleep` command-line option to specify the number of seconds
to sleep before each download
* Updated `gelbooru` to no longer use their now disabled API
* Fixed SWF extraction for `sankaku` (#52)
* Fixed extraction issues for `hentai2read` and `khinsider`
* Removed the deprecated `--images` and `--chapters` options
* Removed the `mangazuki` module
Major new features in 1.8:
- JSON stats
- server templates
- dynamic cookies
- per-certificate "bind" configuration
- pipelined and asynchronous SPOE
- seamless reloads
- PCRE2 support
- hard-stop-after
- support for OpenSSL asynchronous crypto engines
- replacement of the systemd-wrapper with a new master-worker model
- DNS autonomous resolver
- DNS SRV records
- configurable severity output on the CLI
- TLS 1.3 with support for Early-Data (AKA 0-RTT) on both sides
- multi-thread support
- HTTP/2 support
- small objects cache
For full changelog in 1.8, see:
http://www.haproxy.org/download/1.8/src/CHANGELOG
* Mark routes as set by RA/DHCP in Linux
* Don't flush prefix routes/routers if kernel does not support RA
* Remove OpenBSD route labels
* dhcp: improve errors around UDP checksum failure
* dhcp: announce existing addresses before rebooting
* bpf: rework loop so that we can close/reopen fd inside and abort
* ipv6nd: don't handle NA/RA for non active interfaces
* dhcp6: listen on all addresses in non master mode
* dhcpcd-run-hooks: set protocol in dhcpcd, don't guess
* Ensure that xid is unique across all interfaces
* dhcp6: redirect message to interface which uses the xid
* bsd: strip scope from LL addresses when detecting their addition
* ipv6nd: fix address lifetime overflow on carrier up
* dhcp6: fix confirmation of lease on carrier up
* eloop: fix signal catching before eloop is started on Linux
Highlights:
* get_iplayer no longer lists all programmes when invoked without a
search argument. If you wish to list all programmes, you must now
explicitly specify a wildcard search: get_iplayer ".*" - note the
quotes. The Web PVR Manager does that by default. Also remember to
use --refresh for ad hoc cache updates.
* get_iplayer no longer automatically attempts to add higher-quality
audio to "hls" mode downloads (functionality introduced in v3.03).
Some output files were being produced with audio and video out of
sync. get_iplayer should never produce output worse that what is
offered by iPlayer, so that functionality is now optional. Use the
new --hls-hq-audio option to enable it, and heed the warning that
you may need to edit your output files to sync audio and video. The
--no-hq-audio option is now ignored and will be removed in the next
release. If you added it to your preferences, remove it now with
get_iplayer --prefs-del --no-hq-audio. (@notnac)
* Added --audio-only option to download only the audio stream for a
TV programme. It is intended to enable users with visual
impairments to skip downloading the video stream for programmes
with audio description, but it can be used for any programme. It
does not work with "hls" modes, however, so do not try to use it
with --tvmode=hlshd, for example. Use of --audio-only also enables
--force so that you can re-download a different audio track for a
previously-downloaded TV programme. That will also produce an
additional entry in your download history for the audio file.
Audio-only downloads produce .m4a files.
* Web PVR: Updated to support HTTPS URLs for Quick URL recording. The
BBC has begun redirecting iPlayer episode pages to secure
equivalents, and Web PVR limitations have required changing
"https:" to "http:" for pages used in the Quick URL box. This did
not affect the CLI or recording from search results in Web PVR.
* Added support for World Service programme PIDs beginning with "w".
These WS programmes released since 11 Aug could not be downloaded
because their PIDs were not recognised by get_iplayer.
https://github.com/get-iplayer/get_iplayer/wiki/releasenotes
This project implements a simple STUN server and client on Windows, Linux,
and Solaris. The STUN protocol (Simple Traversal of UDP through NATs) is
described in the IETF RFC 3489.
This catches up with the project which has apparently moved
to github.com. With it comes fixes for two known CVEs (CVE-2016-6160,
CVE-2017-6429). There is otherwise a large set of changes,
see the release history on github for the details.
The license changed to gnu-gpl-v3, LICENSE setting added.
Changes in version 0.3.1.9 - 2017-12-01:
Tor 0.3.1.9 backports important security and stability fixes from the
0.3.2 development series. All Tor users should upgrade to this
release, or to another of the releases coming out today.
o Major bugfixes (security, backport from 0.3.2.6-alpha):
- Fix a denial of service bug where an attacker could use a
malformed directory object to cause a Tor instance to pause while
OpenSSL would try to read a passphrase from the terminal. (Tor
instances run without a terminal, which is the case for most Tor
packages, are not impacted.) Fixes bug 24246; bugfix on every
version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
Found by OSS-Fuzz as testcase 6360145429790720.
- Fix a denial of service issue where an attacker could crash a
directory authority using a malformed router descriptor. Fixes bug
24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
and CVE-2017-8820.
- When checking for replays in the INTRODUCE1 cell data for a
(legacy) onion service, correctly detect replays in the RSA-
encrypted part of the cell. We were previously checking for
replays on the entire cell, but those can be circumvented due to
the malleability of Tor's legacy hybrid encryption. This fix helps
prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
and CVE-2017-8819.
o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
- Fix a use-after-free error that could crash v2 Tor onion services
when they failed to open circuits while expiring introduction
points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
also tracked as TROVE-2017-013 and CVE-2017-8823.
o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
- When running as a relay, make sure that we never build a path
through ourselves, even in the case where we have somehow lost the
version of our descriptor appearing in the consensus. Fixes part
of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
as TROVE-2017-012 and CVE-2017-8822.
- When running as a relay, make sure that we never choose ourselves
as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
- Fix an issue causing DNS to fail on high-bandwidth exit nodes,
making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
identifying and finding a workaround to this bug and to Moritz,
Arthur Edelstein, and Roger for helping to track it down and
analyze it.
o Minor features (bridge):
- Bridges now include notice in their descriptors that they are
bridges, and notice of their distribution status, based on their
publication settings. Implements ticket 18329. For more fine-
grained control of how a bridge is distributed, upgrade to 0.3.2.x
or later.
o Minor features (directory authority, backport from 0.3.2.6-alpha):
- Add an IPv6 address for the "bastet" directory authority. Closes
ticket 24394.
o Minor features (geoip):
- Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
Country database.
o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
- Avoid unnecessary calls to directory_fetches_from_authorities() on
relays, to prevent spurious address resolutions and descriptor
rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
bugfix on in 0.2.8.1-alpha.
o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
- Fix unused variable warnings in donna's Curve25519 SSE2 code.
Fixes bug 22895; bugfix on 0.2.7.2-alpha.
o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
- When a circuit is marked for close, do not attempt to package any
cells for channels on that circuit. Previously, we would detect
this condition lower in the call stack, when we noticed that the
circuit had no attached channel, and log an annoying message.
Fixes bug 8185; bugfix on 0.2.5.4-alpha.
o Minor bugfixes (onion service, backport from 0.3.2.5-alpha):
- Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
so it matches dir-spec.txt. Fixes bug 24262; bugfix
on 0.3.1.1-alpha.
o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
- Avoid a crash when transitioning from client mode to bridge mode.
Previously, we would launch the worker threads whenever our
"public server" mode changed, but not when our "server" mode
changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
1.14.1
api-change:ssm: Update ssm command to latest version
api-change:waf: Update waf command to latest version
api-change:lightsail: Update lightsail command to latest version
api-change:autoscaling: Update autoscaling command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:resource-groups: Update resource-groups command to latest version
api-change:waf-regional: Update waf-regional command to latest version
1.8.5
api-change:autoscaling: Update autoscaling client to latest version
api-change:waf: Update waf client to latest version
api-change:waf-regional: Update waf-regional client to latest version
api-change:resource-groups: Update resource-groups client to latest version
api-change:ssm: Update ssm client to latest version
api-change:lightsail: Update lightsail client to latest version
api-change:ec2: Update ec2 client to latest version
Bonjour provides service advertising and discovery on the local
network via multicast DNS. These files use SWIG to provide a Python
interface for use by applications to interact with Bonjour.through
mDNSResponder.
1.12.2
api-change:mediastore: Update mediastore command to latest version
api-change:mediastore-data: Update mediastore-data command to latest version
api-change:medialive: Update medialive command to latest version
api-change:mediaconvert: Update mediaconvert command to latest version
api-change:mediapackage: Update mediapackage command to latest version
1.8.2
api-change:mediapackage: Update mediapackage client to latest version
api-change:medialive: Update medialive client to latest version
api-change:mediastore: Update mediastore client to latest version
api-change:mediaconvert: Update mediaconvert client to latest version
api-change:mediastore-data: Update mediastore-data client to latest version
1.8.1
bugfix:Credentials: Fixes a bug causing cached credentials to break in the CLI on Windows.
api-change:acm: Update acm client to latest version
1.8.0
api-change:rekognition: Update rekognition client to latest version
api-change:emr: Update emr client to latest version
api-change:xray: Update xray client to latest version
feature:Credentials: When creating an assume role profile, you can now specify a credential source outside of the config file using the credential_source key.
api-change🛡️ Update shield client to latest version
api-change:cloudformation: Update cloudformation client to latest version
feature:Credentials: When creating an assume role profile, you can now specify another assume role profile as the source. This allows for chaining assume role calls.
api-change:codebuild: Update codebuild client to latest version
feature:credentials: Adds support for the process credential provider, allowing users to specify a process to call to get credentials.
api-change:apigateway: Update apigateway client to latest version
api-change:storagegateway: Update storagegateway client to latest version
enhancement:Response: Allow reads of zero on streaming bodies
Changelog:
- Increase maximum tweet length to 280 characters
- Increase maximum name length to 50 characters and improve
certain parts of the UI to cope better with longer names
- Fix the emoji button not showing up in the compose window
- Update translations
Changes:
1.0.2
-----
* Added an option to set a custom user-agent string
* Improved retry behavior for failed HTTP requests
* Improved `seiga` by providing better metadata and getting more than the
latest 200 images
* Improved `tumblr` by adding support for all post types, scanning for inline
images and following external links] (#48)
* Fixed extraction issues for `hbrowse`, `khinsider` and `senmanga`
2017/11/21 (1.1)
* Add facility to add HTTP *Basic* Auth
* Require LWP::Protocol::https to be installed
(hey, it's 2017, we can assume that https is available....)
This implicitly fixes bug 118475 "XML::RPC not reporting error if https connection requested but LWP::Protocol::https not installed"
* Implement recommended patch for #75078 "autodetection of XML datatyp <i4> for string of digits starting with 0"
2017/11/21 (1.0) Rene "cavac" Schickbauer
* First release by me for this module
* Integrate/Merge changes from XML::RPC::CustomUA
(and deprecate CustomUA module at the same time)
2.54.1
======
* gnutls: Fix using different client certs for different connections
[#781578, Martin Pitt]
* Updated translations: Catalan (Valencian), Greek, Persian
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-42
BT ATT dissector crash ([2]Bug 14049) [3]CVE-2017-15192
* [4]wnpa-sec-2017-43
MBIM dissector crash ([5]Bug 14056) [6]CVE-2017-15193
* [7]wnpa-sec-2017-44
DMP dissector crash ([8]Bug 14068) [9]CVE-2017-15191
The following bugs have been fixed:
* Wireshark crash when end capturing with "Update list of packets in
real-time" option off. ([10]Bug 13024)
* Diameter service response time statistics broken in 2.2.4. ([11]Bug
13442)
* Some Infiniband Connect Req fields are not decoded correctly.
([12]Bug 13997)
* wireshark-2.4.1/epan/dissectors/packet-dmp.c:1034: sanity check in
wrong place ?. ([13]Bug 14016)
* [oss-fuzz] ASAN: 232 byte(s) leaked in 4 allocation(s). ([14]Bug
14025)
* [oss-fuzz] ASAN: 47 byte(s) leaked in 1 allocation(s). ([15]Bug
14032)
* RTP Analysis "save as CSV" saves twice the forward stream, if two
streams are selected. ([16]Bug 14040)
* Cannot Apply Bitmask to Long Unsigned. ([17]Bug 14063)
Updated Protocol Support
BT ATT, DCERPC, DMP, E.212, H.248, InfiniBand, MBIM, RPC, and WSP
2017-11-06 - FileZilla Client 3.29.0 released
Bugfixes and minor changes:
Fix activity indicators not working after the update check has been run
2017-10-31 - FileZilla Client 3.29.0-rc1 released
New features:
Added new quick search filter to file lists, accessed through Ctrl+F
FTP over TLS: Mismatched hostnames are now highlighted in red in the certificate verification dialog
Filters using regular expressions can now be case-insensitive
Bugfixes and minor changes:
Explicitly wait for the settings to be written to disk before removing the backup file to prevent loss of data in case of system crashes
