3.24.1 (2017-02-21)
- Fixed rendering icons in the remote directory tree when DPI scaling is enabled on Windows Vista and some Windows 7 machines
- SFTP components have been updated and are now based on PuTTY 0.68
- Updated builtin pugixml to version 1.8
0.9.1 (2017-02-20)
+ Added a small helper function to fz::file to get the current position in the file
+ Added another version of fz::to_wstring_from_utf8 that takes a char buffer + length
- Fixed extraction of single-character tokens in fz::strtok
New Features:
- Flag uploads coming from G2 servents with a "[G2]" tag after IP address.
- Added alias support in sharing/querying.
- Made the "Clear completed" button in Downloads/Tools do something useful.
- Moved "Clear completed" button to the bottom right of the download pane.
- Remember fileinfo notebook tab number across sessions.
- Remember main notebook tab number across sessions, only restored after crash.
- Remember Gnet stats notebook tab number across sessions.
- Remember download info / tools notebook tab number across sessions.
Improvements:
- Added --cleanup to explicitly request for final memory cleanup sequence.
- Updated Italian translation.
- Updated GeoIP databases.
Bug Fixes:
- Leaf nodes could end-up being connected to more ultrapeers than configured.
- Fixed monitoring of alien threads, important when GTK file selector is used.
Under the Hood:
- Debian compatibility level changed from 4 to 5.
- Make sure we can deal with older pkg-config, which needs leading arguments.
- Use "embedded" symbols for xmalloc(), xfree() and friends.
- Added "query_trace" property to trace all queries which were searched.
- Moved halloc-based string functions like h_strdup() to dedicated hstrfn.c.
- Expanded search mask to 64 bits to be able to hold all digits and letters.
- Count aliased queries and hits from aliases.
- Pre-compute shared file media type at record creation time.
- Pass query limits to st_search() to avoid needless pattern matching.
- Added h_strsplit() and h_strsplit_set().
- Added strvec_append_with() to expand vector by appending another vector.
- crash_assert_logv(): don't call crash_mode() if assert failure was recorded.
- entropy_clock_time(): mix the entropy nonce through hashing for more diffusion.
- node_can_accept_connection(): only send headers back when handshaking.
- qrp_add_file(): optimized to avoid computing word length if not required.
- thread_stack_check_overflow(): ignore virtual addresses outside stack range.
- vmm_init_once(): ensure any shared library for stacktrace unwinding is loaded.
Changes:
1.31.0
------
* Better error message when local file status cannot be retrieved
(GH-836)
* Fix assertion failure in SimpleRandomizer::getRandomBytes
* Add option content-disposition-default-utf8
Patch from JimmyZ (GH-813)
This Python 3 module provides an DNS API for looking up DNS entries
from within Python 3 modules and applications. This module is a
simple, lightweight implementation.
**** 1.08 [unreleased]
Fix rt.cpan.org #120208
Unable to install 1.07 in local::lib environment
Feature rt.cpan.org #119679
Net::DNS::Nameserver: UpdateHandler for responding to UPDATE packets
Feature rt.cpan.org #75357
Net::DNS::Nameserver: optionmask (similar to headermask) added
to allow user to set EDNS CLIENT-SUBNET option in reply packet
Discontinue support for pre-5.6 perl
Remove pre-5.6 workarounds and outdated language features
Changelog:
* Changes in Wget 1.19.1
* Fix bugs, a regression, portability/build issues
* Add new option --retry-on-http-error
* Changes in Wget 1.19
* New option --use-askpass=COMMAND. Fetch user/password by calling
an external program.
* Use IDNA2008 (+ TR46 if available) through libidn2
* When processing a Metalink header, --metalink-index=<number> allows
to process the header's application/metalink4+xml files.
* When processing a Metalink file, --trust-server-names enables the
use of the destination file names specified in the Metalink file,
otherwise a safe destination file name is computed.
* When processing a Metalink file, enforce a safe destination path.
Remove any drive letter prefix under w32, i.e. 'C:D:file'. Call
libmetalink's metalink_check_safe_path() to prevent absolute,
relative, or home paths:
https://tools.ietf.org/html/rfc5854#section-4.1.2.1https://tools.ietf.org/html/rfc5854#section-4.2.8.3
* When processing a Metalink file, --directory-prefix=<prefix> sets
the top of the retrieval tree to prefix for Metalink downloads.
* When processing a Metalink file, reject downloaded files which don't
agree with their own metalink:size value:
https://tools.ietf.org/html/rfc5854#section-4.2.16
* When processing a Metalink file, with --continue resume partially
downloaded files and keep fully downloaded files even if they fail
the verification.
* When processing a Metalink file, create the parent directories of a
"path/file" destination file name:
https://tools.ietf.org/html/rfc5854#section-4.1.2.1https://tools.ietf.org/html/rfc5854#section-4.2.8.3
* On a recursive download, append a .tmp suffix to temporary files
that will be deleted after being parsed, and create them
readable/writable only by the owner.
* New make target 'check-valgrind'
* Fix several bugs
* Fix compatibility issues
================================
Features
--------
- Added a new interface,
twisted.internet.interfaces.IHostnameResolver, which is an
improvement to twisted.internet.interfaces.IResolverSimple that
supports resolving multiple addresses as well as resolving IPv6
addresses. This is a native, asynchronous, Twisted analogue to
getaddrinfo. (bug-4362)
- twisted.web.client.Agent now uses HostnameEndpoint internally; as a
consequence, it now supports IPv6, as well as making connections
faster and more reliably to hosts that have more than one DNS name.
(bug-6712)
- twisted.internet.ssl.CertificateOptions now has the new constructor
argument 'raiseMinimumTo', allowing you to increase the minimum TLS
version to this version or Twisted's default, whichever is higher.
The additional new constructor arguments 'lowerMaximumSecurityTo'
and 'insecurelyLowerMinimumTo' allow finer grained control over
negotiated versions that don't honour Twisted's defaults, for
working around broken peers, at the cost of reducing the security
of the TLS it will negotiate. (bug-6800)
- twisted.internet.ssl.CertificateOptions now sets the OpenSSL
context's mode to MODE_RELEASE_BUFFERS, which will free the
read/write buffers on idle TLS connections to save memory. (bug-8247)
- trial --help-reactors will only list reactors which can be
imported. (bug-8745)
- twisted.internet.endpoints.HostnameEndpoint now uses the passed
reactor's implementation of
twisted.internet.interfaces.IReactorPluggableResolver to resolve
hostnames rather than its own deferToThread/getaddrinfo wrapper;
this makes its hostname resolution pluggable via a public API.
(bug-8922)
- twisted.internet.reactor.spawnProcess now does not emit a
deprecation warning on Unicode arguments. It will encode Unicode
arguments down to bytes using the filesystem encoding on UNIX and
Python 2 on Windows, and pass Unicode through unchanged on Python 3
on Windows. (bug-8941)
- twisted.trial._dist.test.test_distreporter now works on Python 3.
(bug-8943)
Bugfixes
--------
- trial --help-reactors will now display iocp and win32er reactors
with Python 3. (bug-8745)
- twisted.logger._flatten.flattenEvent now handles log_format being
None instead of assuming the value is always a string. (bug-8860)
- twisted.protocol.ftp is now Python 3 compatible (bug-8865)
- twisted.names.client.Resolver can now resolve names with IPv6 DNS
servers. (bug-8877)
- twisted.application.internet.ClientService now waits for existing
connections to disconnect before trying to connect again when
restarting. (bug-8899)
- twisted.internet.unix.Server.doRead and
twisted.internet.unix.Client.doRead no longer fail if recvmsg's
ancilliary data contains more than one file descriptor. (bug-8911)
- twist on Python 3 now correctly prints the help text when given no
plugin to run. (bug-8918)
- twisted.python.sendmsg.sendmsg no longer segfaults on Linux +
Python 2. (bug-8969)
- IHandshakeListener providers connected via SSL4ClientEndpoint will
now have their handshakeCompleted methods called. (bug-8973)
- The twist script now respects the --reactor option. (bug-8983)
- Fix crash when using SynchronousTestCase with Warning object which
does not store a string as its first argument (like
libmysqlclient). (bug-9005)
- twisted.python.compat.execfile() does not open files with the
deprecated 'U' flag on Python 3. (bug-9012)
Deprecations and Removals
-------------------------
- twisted.internet.ssl.CertificateOption's 'method' constructor
argument is now deprecated, in favour of the new 'raiseMinimumTo',
'lowerMaximumSecurityTo', and 'insecurelyLowerMinimumTo' arguments.
(bug-6800)
- twisted.protocols.telnet (not to be confused with the supported
twisted.conch.telnet), deprecated since Twisted 2.5, has been
removed. (bug-8925)
- twisted.application.strports.parse, as well as the deprecated
default arguments in strports.service/listen, deprecated since
Twisted 10.2, has been removed. (bug-8926)
- twisted.web.client.getPage and twisted.web.client.downloadPage have
been deprecated in favour of https://pypi.org/project/treq and
twisted.web.client.Agent. (bug-8960)
- twisted.internet.defer.timeout is deprecated in favor of
twisted.internet.defer.Deferred.addTimeout (bug-8971)
Use portend to monitor TCP ports for bound or unbound states.
For example, to wait for a port to be occupied, timing out after 3 seconds::
portend.occupied('www.pkgsrc.org', 80, timeout=3)
Or to wait for a port to be free, timing out after 5 seconds::
portend.free('::1', 80, timeout=5)
The portend may also be executed directly. If the function succeeds, it
returns nothing and exits with a status of 0. If it fails, it prints a
message and exits with a status of 1. For example::
python -m portend localhost:31923 free
(exits immediately)
python -m portend -t 1 localhost:31923 occupied
(one second passes)
Port 31923 not bound on localhost.
--------------------------
***
*** Monday, February 6, 2017 -- Dante v1.4.2
***
o Support new version of libminiupnp. Patch from Michele Testa
<themike@libero.it.example.com>
o Fix memory bug in the client that would lead to a crash when resolving
hostnames on certain platforms.
Diagnosis and patch from Jeremie Courreges-Anglas
<jca@wxcvbn.org.example.org>. Thank you.
o A new environment variable has been added to aid application
compatibility with socksify: SOCKS_FORCE_BLOCKING_CONNECT.
See the socksify manpage for more information.
o Fixed bug in configure that broke compilation with rpmbuild on
newer Linux versions. Multiple bug reports received, thanks
to everyone that reported this problem.
o Add glibc-devel as Dante rpm requirement. Requires entry for
librt, used by socksify. Suggested by <ealogar@gmail.com.example.com>.
Also needed for libdl.so.
o Various NetBSD configure and server related fixes.
Thanks to Anthony Howe <achowe@snert.com.example.com> for bug
reports and testing.
o Corrected srchost values in examples/sockd.conf.
Thanks to Danesh Pajoh, Babak <Babak.DaneshPajoh@gwl.ca.example.com>
for bug report.
o Various build fixes, affecting RHEL 7 and potentially other platforms.
Thanks to Thomas Petazzoni <thomas.petazzoni@free-electrons.com.example.com>
for submitting related patch.
o Updates to hostid/TCP_IPA code to use newer API version.
o Added check for OpenBSD getpwnam_shadow().
o Added workaround for __FD_ELT() fortify related bug in recent glibc
versions.
----------------------------------
Release 1.1.3:
- The RTT measurement on Win32 is now on a par with that of Unix, i.e.
the precision is in the order of 10 microseconds.
- bing has been made more portable. You should have fewer problems
compiling bing 1.1.3 on your platform.
- bing now displays Mbps or Kbps as most sensible.
Release 1.1.2:
- All the icmp specific code has been put in the "mod_icmp" module.
The bing core accesses this code via the interface defined in
"mod_icmp.h".
- The files layout has been modified to accomodate the Unix/Win32
duality. This layout is not yet really satisfactory.
- The code has been "cleaned". The process if far from being
finished yet (imho).
- Pierre added two options '-u' and 'f'
- bing now supports multiple hosts on the command line, not only two.
- Also read the ChangeLog.
-----------------------------------
Version 1.6.3 (2016-12-21)
o Large BGP communities
o BFD authentication (MD5, SHA1)
o SHA1 and SHA2 authentication for RIP and OSPF
o Improved documentation
o Several bug fixes
Version 1.6.2 (2016-09-29)
o Fixes serious bug introduced in the previous version
Version 1.6.1 (2016-09-22)
o Support for IPv6 ECMP
o Better handling of IPv6 tentative addresses
o Several updates and fixes in Babel protocol
o Filter: New !~ operator
o Filter: ASN ranges in bgpmask
o KRT: New kernel protocol option 'metric'
o KRT: New route attribute 'krt_scope'
o Improved BIRD help messages
o Fixes memory leak in BGP multipath
o Fixes handling of empty path segments in BGP AS_PATH
o Several bug fixes
Version 1.6.0 (2016-04-29)
o Major RIP protocol redesign
o New Babel routing protocol
o BGP multipath support
o KRT: Add support for plenty of kernel route metrics
o KRT: Allow more than 256 routing tables
o Static: Allow to specify attributes for static routes
o Static: Support for BFD controlled static routes
o FreeBSD: Setup password for BGP MD5 authentication
o IO: Remove socket number limit
o Plenty of bug fixes
Upgrade notes:
For RIP, most protocol options were moved to interface blocks.
Version 1.5.0 (2015-04-20)
o Major OSPF protocol redesign.
o OSPFv2 multi-instance extension (RFC 6549).
o BGP AS-wide unique router ID (RFC 6286).
o BGP enhanced route refresh (RFC 7313).
o Link state support in BGP.
o Latency tracking and internal watchdog.
o Uses high port range for BFD on BSD.
o Increase max symbol length to 64.
o Allows to define unnamed protocols from templates.
o Fixes two serious bugs in BGP.
o Several bugfixes and minor improvements.
o Several minor option changes:
- OSPF: Protocol-wide 'instance id' option added.
- BGP: Parameters to option 'neighbor' extended.
- BGP: Separate option 'interface' added.
- BGP: Option 'start delay time' renamed to 'connect delay time'.
- BGP: Option 'route limit' deprecated.
Upgrade notes:
For OSPF, there are deep internal changes, but user-visible changes
are limited to log messages and minor changes in formatting of command
output.
For BGP, version 1.5.0 is essentially a minor release. There are two
deprecated options ('start delay time' and 'route limit') and some
minor formatting changes.
--------------------------
Explicit ChangeLog not found, but diff between source may say
following changes.
2.17
----
usage: arping [ -0aAbdDeFpPqrRuUv ] [ -w <us> ]
-w Time to wait between pings, in microseconds.
-W Same as -w, but in floating point seconds.
2.18
----
usage: arping [ -0aAbdDeFpPqrRuUv ] [ -w <sec> ]
-w sec Specify a timeout before ping exits regardless of how many
packets have been sent or received.
-W sec Time to wait between pings.
-----------------------------------
Changes for 1.33
- Add tcp_port_state_ttl() function for export from nmap xml results. Thanks to @matrix.
- Document fixes thanks to @zOrg1331
Changes for 1.32
- Updated website: https://github.com/modernistik/Nmap-Parser
- Eliminate global variables %D - thanks to bonsaiviking
Security Fixes
* If a server is configured with a response policy zone (RPZ) that
rewrites an answer with local data, and is also configured for
DNS64 address mapping, a NULL pointer can be read triggering a
server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
* named could mishandle authority sections with missing RRSIGs,
triggering an assertion failure. This flaw is disclosed in
CVE-2016-9444. [RT #43632]
* named mishandled some responses where covering RRSIG records were
returned without the requested data, resulting in an assertion
failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
* named incorrectly tried to cache TKEY records which could trigger
an assertion failure when there was a class mismatch. This flaw is
disclosed in CVE-2016-9131. [RT #43522]
* It was possible to trigger assertions when processing responses
containing answers of type DNAME. This flaw is disclosed in
CVE-2016-8864. [RT #43465]
* It was possible to trigger an assertion when rendering a message
using a specially crafted request. This flaw is disclosed in
CVE-2016-2776. [RT #43139]
* Calling getrrsetbyname() with a non- absolute name could trigger an
infinite recursion bug in lwresd or named with lwres configured if,
when combined with a search list entry from resolv.conf, the
resulting name is too long. This flaw is disclosed in
CVE-2016-2775. [RT #42694]
Feature Changes
* None.
Porting Changes
* None.
Bug Fixes
* A synthesized CNAME record appearing in a response before the
associated DNAME could be cached, when it should not have been.
This was a regression introduced while addressing CVE-2016-8864.
[RT #44318]
* Windows installs were failing due to triggering UAC without the
installation binary being signed.
* A race condition in rbt/rbtdb was leading to INSISTs being
triggered.
Security Fixes
* If a server is configured with a response policy zone (RPZ) that
rewrites an answer with local data, and is also configured for
DNS64 address mapping, a NULL pointer can be read triggering a
server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
* named could mishandle authority sections with missing RRSIGs,
triggering an assertion failure. This flaw is disclosed in
CVE-2016-9444. [RT #43632]
* named mishandled some responses where covering RRSIG records were
returned without the requested data, resulting in an assertion
failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
* named incorrectly tried to cache TKEY records which could trigger
an assertion failure when there was a class mismatch. This flaw is
disclosed in CVE-2016-9131. [RT #43522]
* It was possible to trigger assertions when processing responses
containing answers of type DNAME. This flaw is disclosed in
CVE-2016-8864. [RT #43465]
* Added the ability to specify the maximum number of records
permitted in a zone (max-records #;). This provides a mechanism to
block overly large zone transfers, which is a potential risk with
slave zones from other parties, as described in CVE-2016-6170. [RT
#42143]
* It was possible to trigger an assertion when rendering a message
using a specially crafted request. This flaw is disclosed in
CVE-2016-2776. [RT #43139]
* Calling getrrsetbyname() with a non absolute name could trigger an
infinite recursion bug in lwresd or named with lwres configured if,
when combined with a search list entry from resolv.conf, the
resulting name is too long. This flaw is disclosed in
CVE-2016-2775. [RT #42694]
New Features
* named now provides feedback to the owners of zones which have trust
anchors configured (trusted-keys, managed-keys, dnssec-validation
auto; and dnssec-lookaside auto;) by sending a daily query which
encodes the keyids of the configured trust anchors for the zone.
This is controlled by trust-anchor-telemetry and defaults to yes.
* A new tcp-only option has been added to server clauses, to indicate
that UDP should not be used when sending queries to a specified IP
address or prefix.
Feature Changes
* The built in mangaged keys for the global root zone have been
updated to include the upcoming key signing key (keyid 20326).
* The ISC DNSSEC Lookaside Validation (DLV) service is scheduled to
be disabled in 2017. A warning is now logged when named is
configured to use this service, either explicitly or via
dnssec-lookaside auto;. [RT #42207]
* If an ACL is specified with an address prefix in which the prefix
length is longer than the address portion (for example,
192.0.2.1/8), named will now log a warning. In future releases this
will be a fatal configuration error. [RT #43367]
Bug Fixes
* A synthesized CNAME record appearing in a response before the
associated DNAME could be cached, when it should not have been.
This was a regression introduced while addressing CVE-2016-8864.
[RT #44318]
* Named could deadlock there were multiple changes to NSEC/NSEC3
parameters for a zone being processed at the same time. [RT #42770]
* Named could trigger a assertion when sending notify messages. [RT
#44019]
* Fixed a crash when calling rndc stats on some Windows builds: some
Visual Studio compilers generate code that crashes when the "%z"
printf() format specifier is used. [RT #42380]
* Windows installs were failing due to triggering UAC without the
installation binary being signed.
* A change in the internal binary representation of the RBT database
node structure enabled a race condition to occur (especially when
BIND was built with certain compilers or optimizer settings),
leading to inconsistent database state which caused random
assertion failures. [RT #42380]
* Referencing a nonexistent zone in a response-policy statement could
cause an assertion failure during configuration. [RT #43787]
* rndc addzone could cause a crash when attempting to add a zone with
a type other than master or slave. Such zones are now rejected. [RT
#43665]
* named could hang when encountering log file names with large
apparent gaps in version number (for example, when files exist
called "logfile.0", "logfile.1", and "logfile.1482954169"). This is
now handled correctly. [RT #38688]
* If a zone was updated while named was processing a query for
nonexistent data, it could return out-of-sync NSEC3 records causing
potential DNSSEC validation failure. [RT #43247]
* named could crash when loading a zone which had RRISG records whose
expiry fields were far enough apart to cause an integer overflow
when comparing them. [RT #40571]
* The arpaname and named-rrchecker commands were not installed into
the correct prefix/bin directory. [RT #42910]
* When receiving a response from an authoritative server with a TTL
value of zero, named> will now only use that response once, to
answer the currently active clients that were waiting for it.
Previously, such response could be cached and reused for up to one
second. [RT #42142]
* named-checkconf now checks the rate-limit clause for correctness.
[RT #42970]
* Corrected a bug in the rndc control channel that could allow a read
past the end of a buffer, crashing named. Thanks to Lian Yihan for
reporting this error.
Maintenance
* The built-in root hints have been updated to include IPv6 addresses
for B.ROOT-SERVERS.NET (2001:500:84::b), E.ROOT-SERVERS.NET
(2001:500:a8::e) and G.ROOT-SERVERS.NET (2001:500:12::d0d).
0.14.23
This is a hotfix release recommended for all users.
Resolved issues:
#3970: Syncthing restarts when started manually and auto upgrading
0.14.22
This is a regular periodic release withdrawn because of an issue with automatic upgrade.
Resolved issues:
#3935: Leading and trailing spaces are no longer stripped in the GUI password field
#3908: The GUI shows remaining amount of data to sync per folder.
#3933: There should no longer be empty entries in the global log
#3938: Weak hashing is now by default only enabled when it makes sense from a performance point of view.
Also:
This release introduces the the ability to choose between stable and candidate
releases for auto upgrades.
Wireshark 2.2.4 Release Notes
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-01
The ASTERIX dissector could go into an infinite loop. ([2]Bug
13344)
* [3]wnpa-sec-2017-02
The DHCPv6 dissector could go into a large loop. ([4]Bug 13345)
The following bugs have been fixed:
* TCP reassembly: tcp.reassembled_in is not set in first packet.
([5]Bug 3264)
* Duplicated Interfaces instances while refreshing. ([6]Bug 11553)
* Time zone name needs to be converted to UTF-8 on Windows. ([7]Bug
11785)
* Crash on fast local interface changes. ([8]Bug 12263)
* Please align columns in tshark's output. ([9]Bug 12502)
* Display data rate fields for VHT rates invalid with BCC modulation.
([10]Bug 12859)
* plugin_if_get_ws_info causes Access Violation if called during
rescan. ([11]Bug 12973)
* SMTP BDAT dissector not reverting to command-code after DATA.
([12]Bug 13030)
* Wireshark fails to recognize V6 DBS Etherwatch capture files.
([13]Bug 13093)
* Runtime Error when try to merge .pcap files (Wireshark crashes).
([14]Bug 13175)
* PPP BCP BPDU size reports not header size, but all data underneath
and its header size in UI. ([15]Bug 13188)
* In-line UDP checksum bytes in 6LoWPAN IPHC are swapped. ([16]Bug
13233)
* Uninitialized memcmp on data in daintree-sna.c. ([17]Bug 13246)
* Crash when dissect WDBRPC Version 2 protocol with Dissect unknown
program numbers enabled. ([18]Bug 13266)
* Contents/Resources/bin directory isn't in the app bundle after
installation. ([19]Bug 13270)
* Regression: IEEE17221 (AVDECC) decoded as IEEE1722 (AVB
Transportation Protocol). ([20]Bug 13274)
* Can't decode packets captured with OpenBSD enc(4) encapsulating.
([21]Bug 13279)
* UDLD flags are at other end of octet. ([22]Bug 13280)
* MS-WSP dissector no longer works since commit
8c2fa5b5cf789e6d0d19cd0dd34479d0203d177a. ([23]Bug 13299)
* TBCD string decoded wrongly in MAP ATI message. ([24]Bug 13316)
* Filter Documentation: The tilde (~) operator is not documented.
([25]Bug 13320)
* VoIP Flow Sequence Causes Application Crash. ([26]Bug 13329)
Updated Protocol Support
6LoWPAN, DVB-CI, ENC, GSM MAP, IEEE 1722, IEEE 1722.1, ISAKMP, MS-WSP,
PPP, QUIC, Radiotap, RPC, SMTP, TCP, UCD, and UDLD
New and Updated Capture File Support
Daintree SNA, and DBS Etherwatch
