ios.pm: filter license registration timestamp
fnrancid: filter oscillating md5-keys
par.c: fix misplaced pointer deref
3.6
rancid.pm: ipaddrval() if IPv6 prefix length is missing, simply set 128.
*login: in_proc must be global in expect_after. had trouble reproducing
the original error, but this should be the correct fix.
xlogin: escape the * in lastprompt - Mattieu Beretti
*login: change handling of ssh key-related prompts to one line at a time
to eliminate timing-related problem.
alogin: login() eat one line at a time
a10login: remove the aflex-specific stuff. This is the wrong way to
do this and it doesn't work properly anyway.
control_rancid: create <group>/configs if it does not exist
hrancid: use rancid.pm (removes code duplication)
rancid.pm: check for existence of functions for given device type after
loading the modules for the type. return failure if any are missing.
par: add -FH options
rancid.types.conf, iosshtech.pm: Add device type ciscoshtech for
example purposes
acos.pm: filter trailing WS & recognize incomplete/invalid command
error in basicFilter()
acos.pm: filter trailing WS in ShowAflex()
acos.pm: 'show vlan' is 'show vlans' in ACOS 4.x.
acos.pm: Add cmd 'show partition-config all' for ACOS 4.x, where
'show running-config all-partitions' does not work.
acos.pm: recognize invalid cmd error in ShowRunningConfig() and filter
the config size comment
fnlogin: missing "end" to exit global mode for -[csx] - Richard Goode
plogin: add -m & -M
rancid.pm: missing variable initialization
nxos.pm: fix bug in recognizing the end of an access-list
hlogin: set tty init options when there is no controlling tty and set
set the term width to 132 when there is no controlling tty and for -[sc]
so that the hp device does not wrap lines.
ios.pm: also filter IPv6 PDP addresses - Reuben Farrelly
ios.pm: evaluation license periods are displayed differently
lg: Add show interface optics
iosxr.pm: More useless FPD messages
junos.pm: handle a transient cmd protocol failure seen in show version
control_rancid: use git ls-files instead of git status for .gitignore
and <group>/rancid.conf
fnrancid: fix formatting around removal of private-keys
bigip.pm: filter snmpv3 oscillating auth-password-encrypted
iosxr.pm: filter useless FPD upgrade message
=============
Features:
---------
- Added generic EDNS code for registering known EDNS option codes,
bypassing the cache response stage and uniquifying mesh states. Four
EDNS option lists were added to module_qstate
(module_qstate.edns_opts_*) to store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store)
that control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
functions can be called just before replying with local data or Chaos,
replying from cache, replying with SERVFAIL, replying with a resolved
query, sending a query to a nameserver. The functions can inspect the
available data and maybe change response/query related data (i.e. append
EDNS options).
- Updated Python module for the above.
- Updated Python documentation.
- Added views functionality.
- Added qname-minimisation-strict config option.
- Patch that resolves CNAMEs entered in local-data conf statements that
point to data on the internet.
- serve-expired config option: serve expired responses with TTL 0.
- .gitattributes line for githubs code language display.
- log-identity: config option to set sys log identity.
- Added stub-ssl-upstream and forward-ssl-upstream options.
- Added local-zones and local-data bulk addition and removal
functionality in unbound-control (local_zones, local_zones_remove,
local_datas and local_datas_remove).
- g.root-servers.net has AAAA address.
Bug Fixes:
----------
- Fix#836: unbound could echo back EDNS options in an error response.
- Fix#838: 1.5.10 cannot be built on Solaris, undefined PATH_MAX.
- Fix#839: Memory grows unexpectedly with large RPZ files.
- Fix#840: infinite loop in unbound_munin_ plugin on unowned lockfile.
- Fix#841: big local-zone's make it consume large amounts of memory.
- Fix dnstap relaying "random" messages instead of resolver/forwarder
responses.
- Fix Nits for 1.5.10.
- Fix#1117: spelling errors, from Robert Edmonds.
- iana portlist update.
- fix memoryleak logfile when in debug mode.
- Re-fix #839 from view commit overwrite.
- Fixup const void cast warning.
- Removed patch comments from acllist.c and msgencode.c
- Added documentation doc/CNAME-basedRedirectionDesignNotes.pdf
- Fix#1125: unbound could reuse an answer packet incorrectly for
clients with different EDNS parameters.
- Fix#1118: libunbound.pc sets strange Libs, Libs.private values.
- Added Requires line to libunbound.pc
- Fix#1130: whitespace in example.conf.in more consistent.
- suppress compile warning in lex files.
- init lzt variable, for older gcc compiler warnings.
- fix --enable-dsa to work, instead of copying ecdsa enable.
- Fix DNSSEC validation of query type ANY with DNAME answers.
- Fixup query_info local_alias init.
- Ported tests for local_cname unit test to testbound framework.
- Fix#1134: unbound-control set_option -- val-override-date: -1 works
immediately to ignore datetime, or back to 0 to enable it again. The --
is to ignore the '-1' as an option flag.
- Patch for server.num.zero_ttl stats for count of expired replies.
- Fix failure to build on arm64 with no sbrk.
- Set OpenSSL security level to 0 when using aNULL ciphers.
- configure detects ssl security level API function in the autoconf
manner. Every function on its own, so that other libraries (eg.
LibreSSL) can develop their API without hindrance.
- Fix#1154: segfault when reading config with duplicate zones.
- Note that for harden-below-nxdomain the nxdomain must be secure, this
means nsec3 with optout is insufficient.
- Fix#1155: test status code of unbound-control in 04-checkconf, not
the status code from the tee command.
- Fix#1158: reference RFC 8020 "NXDOMAIN: There Really Is Nothing
Underneath" for the harden-below-nxdomain option.
- patch from Dag-Erling Smorgrav that removes code that relies on sbrk().
- Make access-control-tag-data RDATA absolute. This makes the RDATA
origin consistent between local-data and access-control-tag-data.
- Fix NSEC ENT wildcard check. Matching wildcard does not have to be a
subdomain of the NSEC owner.
- QNAME minimisation uses QTYPE=A, therefore always check cache for this
type in harden-below-nxdomain functionality.
- Added unit test for QNAME minimisation + harden below nxdomain synergy.
- Fix that with openssl 1.1 control-use-cert: no uses less cpu, by using
no encryption over the unix socket.
- hyphen as minus fix.
- Fix#1170: document that 'inform' local-zone uses local-data.
- Fix#1173: differ local-zone type deny from unset tag_actions element.
- Add DSA support for OpenSSL 1.1.0
- Fix remote control without cert for LibreSSL
- Fix downcast warnings from visual studio in sldns code
Updating during the freeze since the previous version stopped
working for me since the availability of this version.
Changes:
This is an extra bugfix release to fix issues introduced in v0.14.14.
Resolved issues:
#3829: Receiving 'invalid subpath' errors on syncthing-inotify full folder sync trigger
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* Arbitrary file deletion on Windows. ([1]Bug 13217)
The following bugs have been fixed:
* Saving all exported objects (SMB/SMB2) results in out of physical
memory. ([2]Bug 11133)
* Export HTTP Objects - Single file shows as multiple files in 2.0.2.
([3]Bug 12230)
* Follow Stream and graph buttons remain greyed out in conversation
window. ([4]Bug 12893)
* Dicom list of tags in element of VR=AT not properly decoded.
([5]Bug 13077)
* Malformed Packet: BGP Update (withdraw) message. ([6]Bug 13146)
* Install fail on macOS Sierra (error PKInstallErrorDomain Code=112).
([7]Bug 13152)
* GTP: "Create PDP Context response" message shows back-off timer as
malformed when included in the response. ([8]Bug 13153)
* ICMP dissector fails to properly detect timestamps. ([9]Bug 13161)
* RLC misdissection. ([10]Bug 13162)
* Text2pcap on Windows produces corrupt output when writing the
capture file to the standard output. ([11]Bug 13165)
* HTML escaping of quotes in error message. ([12]Bug 13178)
* TShark doesn't respect protocols.display_hidden_proto_items
setting. ([13]Bug 13192)
* RPC/RDMA dissector should exit when frame is not RPC-over-RDMA.
([14]Bug 13195)
* Some RPC-over-RDMA frames are not recognized as RPC-over-RDMA.
([15]Bug 13196)
* RPC-over-RDMA frames with chunk lists are "Malformed". ([16]Bug
13197)
* TShark fails to pass RPC-over-RDMA frames to RPC subdissector.
([17]Bug 13198)
* Adding a DOF DPS Identity Secret, session Key, or Mode Template
causes Wireshark to crash. ([18]Bug 13209)
* Wireshark shows "MS Video Source Request" in a RTCP packet as
"Malformed". ([19]Bug 13212)
Updated Protocol Support
BGP, BOOTP/DHCP, BTLE, DICOM, DOF, Echo, GTP, ICMP, Radiotap, RLC, RPC
over RDMA, RTCP, SMB, TCP, UFTP4, and VXLAN
Bug #5592 - Some keys don't work for macOS Sierra clients
Bug #5186 - Cursor stuck on client when using multi-DPI server
Bug #5722 - Malformed serial key in registry will crash GUI on startup
Bug #5752 - Tab order is incorrect on Settings dialog
Enhancement #5699 - Unified installers on macOS
Feature #4836 - macOS Sierra build
Bug #5680 - Server crashes when disconnecting SSL clients
Bug #5626 - Build fails using Xcode 8 and macOS SDK 10.12
Feature #5657 - Trial version support
Feature #5707 - User upgrade statistics
This is an extra bugfix release to fix issues discovered in the upgrade from 0.14.13 to 0.14.14.
Resolved issues:
#3804: Inotify no longer triggers "invalid subpath" error
#3802: Symlinks are not deleted on upgrade
Coursera provides a variety of massive open online courses (MOOC)
covering many different topics. This script makes it easier to batch
download lecture resources (e.g., videos, ppt, etc) for Coursera classes.
Given one or more class names and account credentials, it obtains week
and class names from the lectures page, and then downloads the related
materials into appropriately named files and directories.
Upstream changes:
New features of mikutter 3.5
* Model
* resources handled on mikutter are now wrapped as Model
* third party plugins can also add own Models
* timelines can print any Models other than tweet messages
* new Models are added in standard plugins
* user icons can be taken via Message#icon
* any images like user icons, tab icons, skins, and attached images
are handled as PhotoModel instance like Plugin::Photo::Photo
* direct messages gets own Model and are now drawn as timeline using
MiraclePainter
* Intent
* Capability to select which plugins to be used to open URLs
* Extract tab
* DirectMessage is added as a new data source
* Configuration
* style configuration of timelines per Models
* mikutter command
* added "Open" command to issue Intent
* activity
* added named arg "children:" to Plugin#activity
* and more
This is a security release recommended for all users.
Two distinct security vulnerabilities have been corrected in this
release. Either would let a remote attacker, controlling a device
that is already accepted by Syncthing, perform arbitrary reads and
writes to files outside the configured folders.
The first issue is that path validation was lacking in several
places, resulting in Syncthing accepting index entries for files
like "../../foo", thus resulting in a path above the configured
folder.
The second issue is that where path validation was correct, symlinks
could be used to trick Syncthing. An attacker could create a symlink
"foo -> ../../" and then request the contents of "foo/something",
again escaping the constraints of the folder.
Syncing symlinks between v0.14.14 and previous versions will not
work.
This is due to the fix to the above issue. Normal files and
directories will sync fine. To continue syncing symlinks, both
sides must be upgraded to v0.14.14.
Further resolved issues:
#3753: The build no longer requires Go 1.7.
#3769: The wording in the GUI around "last file received" is
now clearer.
v 3.6.1
Bug fixes in custom HTTP methods.
Support for PEM files in SSL truststore / keystore configuration.
JS and CSS file content rendered with correct syntax highlighting.
v 3.6
#46#47 Added support for custom HTTP methods.
#48#50 option to ignore all SSL certificate warnings.
#49 GET now supports body.
Build moved to Gradle.
* Release 0.12.5 (07-Dec-2016)
** Connection Status Reporting
This release adds an object named `ConnectionInfo`, which encapsulates
information about a connection (both progress while being established, and
the outcome once connected). This includes which connection hint was
successful, what happened with the other hints, which handlers were used for
each, and when the connection was made or lost. To get one of these, use
`tub.getConnectionInfoForFURL(furl)` any time after `getReference()` is
called, or `rref.getConnectionInfo()` after it resolves. #267
It also adds `ReconnectionInfo`, a similar object for Reconnectors. These
capture the state of reconnection process (trying, established, waiting), and
will provide a `ConnectionInfo` for the most recent (possibly successful)
connection attempt. The API is `reconnector.getReconnectionInfo()`. #268
For details, see "Connection Progress/Status" and "Reconnector Status" in
`doc/using-foolscap.rst`.
** Connection Handler API Changes
To support `ConnectionInfo`, the Connection Handler API was changed.
The one backwards-incompatible change was that the `hint_to_endpoint()`
method now takes a third argument, to update the status as the handler makes
progress. External handler functions will need to be modified to accept this
new argument, and applications which use them should declare a dependency
upon the latest Foolscap version, to avoid runtime breakage.
Several backwards-compatible changes were made too: handlers can provide a
`describe()` method (which feeds `ConnectionInfo.connectionHandlers`), and
they can now set a special attribute on any exception they raise, to further
influence the status string.
In addition, the `tor.control_endpoint_maker()` handler now accepts an
optional second argument, which causes the maker function to be called with a
additional `update_status` argument. This backwards-compatible change allows
the maker function to influence the `ConnectionInfo` status too.
The Tor connection handler was enhanced to report distinct statuses for the
different phases of connection: launching a new copy of Tor, connecting to an
existing Tor daemon, etc.
** Minor Fixes
Foolscap-0.12.0 broke `flappserver create`, causing the command to hang
rather than exiting cleanly (although the flappserver directory itself was
probably created properly). This release finally fixes it. #271
Many of these definitely do not depend on readline.
So there must be a different underlying problem, and that
should be tracked down instead of papering over it.
Changes in version 0.2.8.11 - 2016-12-08
Tor 0.2.8.11 backports fixes for additional portability issues that
could prevent Tor from building correctly on OSX Sierra, or with
OpenSSL 1.1. Affected users should upgrade; others can safely stay
with 0.2.8.10.
o Minor bugfixes (portability):
- Avoid compilation errors when building on OSX Sierra. Sierra began
to support the getentropy() and clock_gettime() APIs, but created
a few problems in doing so. Tor 0.2.9 has a more thorough set of
workarounds; in 0.2.8, we are just using the /dev/urandom and mach
monotonic time interfaces. Fixes bug 20865. Bugfix
on 0.2.8.1-alpha.
o Minor bugfixes (portability, backport from 0.2.9.5-alpha):
- Fix compilation with OpenSSL 1.1 and less commonly-used CPU
architectures. Closes ticket 20588.
===========================
Bugfixes:
---------
- Double free when failed to apply zone journal
- Zone bootstrap retry interval not preserved upon zone reload
- DNSSEC related records not flushed if not signed
- False semantic checks warning about incorrect type in NSEC bitmap
- Memory leak in kzonecheck
Improvements:
-------------
- All zone names are fully-qualified in log
Features:
---------
- New kjournalprint utility
Knot DNS 2.3.2 (2016-11-04)
===========================
Bugfixes:
---------
- Incorrect %s expansion for the root zone
- Failed to refresh not existing slave zone after restart
- Immediate zone refresh upon restart if refresh already scheduled
- Early zone transfer after restart if transfer already scheduled
- Not ignoring empty non-terminal parents during delegation lookup
- CD bit preservation in responses
- Compilation error on GNU/kFreeBSD
- Server crash after double zone-commit if journal error
Improvements:
-------------
- Speed-up of knotc if control operation and known socket
- Zone purge operation purges also zone timers
Features:
---------
- Simple modules don't require empty configuration section
- New zone journal path configuration option
- New timeout configuration option for module dnsproxy
Upstream relnotes:
Changes for 4.3.27
==================
Fixes for CGI acknowledgements and NK/criticalview web redirects.
Xymon should now properly check for lack of SSLv3 (or v2) support at compile-
time and exclude the openssl options as needed.
Completely empty directories (on Windows) are no longer considered errors.
Changes for 4.3.26
==================
This is mostly a bug fix release for javascript issues on the info and
trends pages, along with the enable / disable CGI. Several browsers had
difficulty with the new CSP rules introduced in 4.3.25.
XYMWEBREFRESH is now used as the default refresh interval for dynamic
status pages and various other xymongen destinations. Non-svcstatus
pages can be overridden by altering the appropriate *_header template
files, but svcstatus refresh interval uses this value. (default: 60s)
Set in xymonserver.cfg(5).
Incoming test names are now restricted to alphanumeric characters, colons
dashes, underscores, and slashes. Slashes and colons may be restricted in
a future release.
Unconfigured (ghost) host names are now restricted to alphanumerics, colons,
commas, periods, dashes, and underscores. It is strongly recommended to use only
valid hostnames and DNS components in servers names.
Files matched multiple times by logfetch in the client config retrieved
from config-local.cfg (such as a file matching multiple globs) will now only
be scanned once and only use the ignore/trigger rules from its first entry.
(Note: A future version of Xymon may combine all matching rules for a file together.)
CLASS groupings in analysis.cfg and alerts.cfg will now reliably work for
hosts with a CLASS override in hosts.cfg. Previous, this class was not used
in favor of the class type sent in on any specific client message.
==========
FEATURES:
- Fix#1132 for SERVFAIL zones perform backoff, and remembers the
timeout on next startup.
BUG FIXES:
- Fix null memcpy for radixtree with single link element.
- Robust fix against missing master in tcp_open for xfrd.
- Fix wildcards in include: config statements with chroot enabled.
- suppress compile warning in lex files.
- Fix to try every master once, then wait for timeout or notify.
- Save backoff timeout into xfrd.state file, this file has a higher
version number now. Old files are skipped silently (causes
refresh) and created as new files upon exit.
- Fix restart of zone transfers when new config becomes available.
From Christian Sturm via PR pkg/51693
pkgsrc changes:
- Change MAINTAINER to a more suitable email address
Changes:
Changes in version 0.2.8.10 - 2016-12-02
Tor 0.2.8.10 backports a fix for a bug that would sometimes make clients
unusable after they left standby mode. It also backports fixes for
a few portability issues and a small but problematic memory leak.
o Major bugfixes (client reliability, backport from 0.2.9.5-alpha):
- When Tor leaves standby because of a new application request, open
circuits as needed to serve that request. Previously, we would
potentially wait a very long time. Fixes part of bug 19969; bugfix
on 0.2.8.1-alpha.
o Major bugfixes (client performance, backport from 0.2.9.5-alpha):
- Clients now respond to new application stream requests immediately
when they arrive, rather than waiting up to one second before
starting to handle them. Fixes part of bug 19969; bugfix
on 0.2.8.1-alpha.
o Minor bugfixes (portability, backport from 0.2.9.6-rc):
- Work around a bug in the OSX 10.12 SDK that would prevent us from
successfully targeting earlier versions of OSX. Resolves
ticket 20235.
o Minor bugfixes (portability, backport from 0.2.9.5-alpha):
- Fix implicit conversion warnings under OpenSSL 1.1. Fixes bug
20551; bugfix on 0.2.1.1-alpha.
o Minor bugfixes (relay, backport from 0.2.9.5-alpha):
- Work around a memory leak in OpenSSL 1.1 when encoding public
keys. Fixes bug 20553; bugfix on 0.0.2pre8.
o Minor features (geoip):
- Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2
Country database.
Here is quote from NEWS file and please refer it in detail.
---
NTP 4.2.8p9 (Harlan Stenn <stenn@ntp.org>, 2016/11/21)
Focus: Security, Bug fixes, enhancements.
Severity: HIGH
In addition to bug fixes and enhancements, this release fixes the
following 1 high- (Windows only), 2 medium-, 2 medium-/low, and
5 low-severity vulnerabilities, and provides 28 other non-security
fixes and improvements:
new packages. Most of which are the remaining modules of the Tryton
platform which weren't packaged. The others are dependencies of the new
modules. This was tested on FreeBSD and is based in large part on Richard
Palo's (richard@) work. This is the most recent release of the Tryton
platform, version 4.2. There's a very large list of changes from the 3.8
series we have in pkgsrc. If you're interested, those functional changes
can be found here:
http://www.tryton.org/posts/new-tryton-release-42.htmlhttp://www.tryton.org/posts/new-tryton-release-40.html
Solves:
/usr/libexec/binutils225/elf/ld.gold: error: cannot find -lreadline
The missing specification is obvious on DragonFly because there's
no publically accessible version of readline in base.
Upstream changes:
* fix a bunch of deprecated warnings by recent ruby-gnome2 gdk_pixbuf2 update
* partially fixed in the past version but fixed more properly
* also make this work with gdk_pixbuf2 gem 3.0.8 and prior
* crash by --profile option with newer ruby-prof
v0.14.131
This is a minor release recommended for all users.
Resolved issues:
#33946: CPU usage when scanning is improved.
#24722: Writing config and .stignore files on filesystems
without chmod support should now work.
#3758: Language selector stays above the bottom bar.
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-58
Profinet I/O long loop. ([2]Bug 12851)
* [3]wnpa-sec-2016-59
AllJoyn crash. ([4]Bug 12953)
* [5]wnpa-sec-2016-60
OpenFlow crash. ([6]Bug 13071)
* [7]wnpa-sec-2016-61
DCERPC crash. ([8]Bug 13072)
* [9]wnpa-sec-2016-62
DTN infinite loop. ([10]Bug 13097)
The Windows PortableApps packages were susceptible to a [11]DLL
hijacking flaw.
The following bugs have been fixed:
* TCP: nextseq incorrect if TCP_MAX_UNACKED_SEGMENTS exceeded & FIN
true. ([12]Bug 12579)
* SMPP schedule_delivery_time displayed wrong in Wireshark 2.1.0.
([13]Bug 12632)
* Upgrading to latest version uninstalls Microsoft Visual C++
redistributable. ([14]Bug 12712)
* dmg for OS X does not install man pages. ([15]Bug 12746)
* Fails to compile against Heimdal 1.5.3. ([16]Bug 12831)
* TCP: Next sequence number off by one when sending payload in SYN
packet (e.g. TFO). ([17]Bug 12838)
* Follow TCP Stream shows duplicate stream data. ([18]Bug 12855)
* Dissection engine falsely asserts that EIGRP packet's checksum is
incorrect. ([19]Bug 12982)
* IEEE 802.15.4 frames erroneously handed over to ZigBee dissector.
([20]Bug 12984)
* Capture Filter Bookmark Inactive in Capture Options page. ([21]Bug
12986)
* CLNP dissector does not parse ER NPDU properly. ([22]Bug 12993)
* SNMP trap bindings for NON scalar OIDs. ([23]Bug 13013)
* BGP LS Link Protection Type TLV (1093) decoding. ([24]Bug 13021)
* Application crash sorting column for tcp.window_size_scalefactor up
and down. ([25]Bug 13023)
* ZigBee Green Power add key during execution. ([26]Bug 13031)
* Malformed AMPQ packets for session.expected and session.confirmed
fields. ([27]Bug 13037)
* Wireshark 2.2.1 crashes when attempting to merge pcap files.
([28]Bug 13060)
* [IS-637A] SMS - Teleservice layer parameter --> IA5 encoded text is
not correctly displayed. ([29]Bug 13065)
*
* Failure to dissect USB Audio feature unit descriptors missing the
iFeature field. ([30]Bug 13085)
* MSISDN not populated/decoded in JSON GTP-C decoding. ([31]Bug
13086)
* E212: 3 digits MNC are identified as 2 digits long if they end with
a 0. ([32]Bug 13092)
* Exception with last unknown Cisco AVP available in a SCCRQ message.
([33]Bug 13103)
* TShark stalls on FreeBSD if androiddump is present. ([34]Bug 13104)
* Dissector skips DICOM command. ([35]Bug 13110)
* UUID (FT_GUID) filtering isn't working. ([36]Bug 13121)
* Manufacturer name resolution fail. ([37]Bug 13126)
* packet-sdp.c allocates transport_info->encoding_name from wrong
memory pool. ([38]Bug 13127)
* Payload type name for dynamic payload is wrong for reverse RTP
channels. ([39]Bug 13132)
Updated Protocol Support
6LoWPAN, AllJoyn, AMPQ, ANSI IS-637 A, BGP, CLNP, DCERPC, DICOM, DTN,
E.212, EIGRP, ERF, GVSP, IEEE 802.11, IEEE 802.15.4, IP, ISO-8583,
Kerberos, L2TP, LACP, MAC LTE, OpenFlow, Profinet I/O, RTPS, SCTP, SDP,
Skype, SMPP, SNA, SNMP, SPNEGO, TCP, USB Audio, XML, and ZigBee
Twisted Core 16.6.0 (2016-11-17)
================================
Features
--------
- The twist script can now be run by invoking python -m twisted.
(#8657)
- twisted.protocols.sip has been ported to Python 3. (#8669)
- twisted.persisted.dirdbm has been ported to Python 3. (#8888)
Bugfixes
--------
- twisted.internet.defer.Deferred now implements send, not __send__,
which means that it is now a conforming generator. (#8861)
- The IOCP reactor no longer transmits the contents of uninitialized
memory when writing large amounts of data. (#8870)
- Deferreds awaited/yielded from in a
twisted.internet.defer.ensureDeferred wrapped coroutine will now
properly raise exceptions. Additionally, it more closely models
asyncio.ensure_future and will pass through Deferreds. (#8878)
- Deferreds that are paused or chained on other Deferreds will now
return a result when yielded/awaited in a twisted.internet.defer
.ensureDeferred-wrapped coroutine, instead of returning the
Deferred it was chained to. (#8890)
Improved Documentation
----------------------
- twisted.test.proto_helpers is now explicitly covered by the
compatibility policy. (#8857)
Other
-----
- #8281, #8823, #8862
Twisted Conch 16.6.0 (2016-11-17)
=================================
Features
--------
- twisted.conch.ssh.keys supports ECDSA keys (#8798)
- scripts/ckeygen can now generate ecdsa keys. (#8828)
- ckeygen has been ported to Python 3 (#8855)
Deprecations and Removals
-------------------------
- twisted.conch.ssh no longer uses gmpy, if available. gmpy is
unmaintained, does not have binary wheels for any platforms, and an
alternative for higher performance is available in the form of
PyPy. (#8079)
Twisted Web 16.6.0 (2016-11-17)
===============================
Features
--------
- twisted.web.server.Site's HTTP/2 server support now emits vastly
fewer WINDOW_UPDATE frames than previously. (#8681)
Bugfixes
--------
- twisted.web.Agent now tolerates receiving unexpected status codes
in the 100 range by discarding them, which is what RFC 7231
recommends doing. (#8885)
- twisted.web._http.H2Stream's getHost and getPeer implementations
now actually return the host and peer instead of None. (#8893)
Twisted Words 16.6.0 (2016-11-17)
=================================
Features
--------
- twisted.words.protocols.irc has been ported to Python 3 (#6320)
Upstream changes:
* 3.3.0 (2016/11/25)
* switch to using mbedTLS rather than libcurl
* implement --full-url and --progress options
* remove --sixel-cmd option
* remove support of PHP version
* add support characters that cannot be converted to EUC-JP/JIS
* improve image quality and speed etc.
This is a minor release recommended for all users.
Resolved issues:
#3737: A data race in the code that caused test failures, and possibly other inconsitencies, has been resolved.
#3241: Links in warning messages are now clickable in the GUI.
#3711: Files are now synced to disk before committed to database, to avoid possible inconsistencies if a power failure occurs during syncing.
#3724: Log entries now mention folder by label in addition to the ID.
In addition:
The default folder now has the folder ID "default" again, simplifying initial setup.
Retries for misconfigured relay setups are slowed down somewhat to be kinder on our relay pool infrastructure.
Lexicon provides a way to manipulate DNS records on multiple DNS
providers in a standardized way. Lexicon has a CLI but it can
also be used as a python library.
Update DEPENDS
Upstream changes:
4.01041 2016-11-19
- hack dist.ini to get POD and README back into the distribution O_o
4.01040 2016-11-19
- added trait WrapResult (returns both the HTTP response, with rate limit
accessors, and the decoded JSON response)
- rename placeholder :category to :slug with backwards compatibility to
match Twitter's documentation
- add attachment_url parameter to update method
- add links to Twitter API docs
4.01030 2016-11-18
- cleaned up Net::Twitter::Error and documented stack_trace and stack_frame
methods
- Add method upload_status (ghathwar on Github)
Upstream changes:
* bug in obfuscation of account information
* revert behaviors of a mention in Extended Tweets as 3.3.12
* timelines not drawn in the screen are not freed
* use gtk2 3.1.0
* update po file
* zh_TW
ChangeLog for wpa_supplicant (and also _gui):
2016-10-02 - v2.6
* fixed WNM Sleep Mode processing when PMF is not enabled
[http://w1.fi/security/2015-6/] (CVE-2015-5310)
* fixed EAP-pwd last fragment validation
[http://w1.fi/security/2015-7/] (CVE-2015-5315)
* fixed EAP-pwd unexpected Confirm message processing
[http://w1.fi/security/2015-8/] (CVE-2015-5316)
* fixed WPS configuration update vulnerability with malformed passphrase
[http://w1.fi/security/2016-1/] (CVE-2016-4476)
* fixed configuration update vulnerability with malformed parameters set
over the local control interface
[http://w1.fi/security/2016-1/] (CVE-2016-4477)
* fixed TK configuration to the driver in EAPOL-Key 3/4 retry case
* extended channel switch support for P2P GO
* started to throttle control interface event message bursts to avoid
issues with monitor sockets running out of buffer space
* mesh mode fixes/improvements
- generate proper AID for peer
- enable WMM by default
- add VHT support
- fix PMKID derivation
- improve robustness on various exchanges
- fix peer link counting in reconnect case
- improve mesh joining behavior
- allow DTIM period to be configured
- allow HT to be disabled (disable_ht=1)
- add MESH_PEER_ADD and MESH_PEER_REMOVE commands
- add support for PMKSA caching
- add minimal support for SAE group negotiation
- allow pairwise/group cipher to be configured in the network profile
- use ieee80211w profile parameter to enable/disable PMF and derive
a separate TX IGTK if PMF is enabled instead of using MGTK
incorrectly
- fix AEK and MTK derivation
- remove GTKdata and IGTKdata from Mesh Peering Confirm/Close
- note: these changes are not fully backwards compatible for secure
(RSN) mesh network
* fixed PMKID derivation with SAE
* added support for requesting and fetching arbitrary ANQP-elements
without internal support in wpa_supplicant for the specific element
(anqp[265]=<hexdump> in "BSS <BSSID>" command output)
* P2P
- filter control characters in group client device names to be
consistent with other P2P peer cases
- support VHT 80+80 MHz and 160 MHz
- indicate group completion in P2P Client role after data association
instead of already after the WPS provisioning step
- improve group-join operation to use SSID, if known, to filter BSS
entries
- added optional ssid=<hexdump> argument to P2P_CONNECT for join case
- added P2P_GROUP_MEMBER command to fetch client interface address
* P2PS
- fix follow-on PD Response behavior
- fix PD Response generation for unknown peer
- fix persistent group reporting
- add channel policy to PD Request
- add group SSID to the P2PS-PROV-DONE event
- allow "P2P_CONNECT <addr> p2ps" to be used without specifying the
default PIN
* BoringSSL
- support for OCSP stapling
- support building of h20-osu-client
* D-Bus
- add ExpectDisconnect()
- add global config parameters as properties
- add SaveConfig()
- add VendorElemAdd(), VendorElemGet(), VendorElemRem()
* fixed Suite B 192-bit AKM to use proper PMK length
(note: this makes old releases incompatible with the fixed behavior)
* improved PMF behavior for cases where the AP and STA has different
configuration by not trying to connect in some corner cases where the
connection cannot succeed
* added option to reopen debug log (e.g., to rotate the file) upon
receipt of SIGHUP signal
* EAP-pwd: added support for Brainpool Elliptic Curves
(with OpenSSL 1.0.2 and newer)
* fixed EAPOL reauthentication after FT protocol run
* fixed FTIE generation for 4-way handshake after FT protocol run
* extended INTERFACE_ADD command to allow certain type (sta/ap)
interface to be created
* fixed and improved various FST operations
* added 80+80 MHz and 160 MHz VHT support for IBSS/mesh
* fixed SIGNAL_POLL in IBSS and mesh cases
* added an option to abort an ongoing scan (used to speed up connection
and can also be done with the new ABORT_SCAN command)
* TLS client
- do not verify CA certificates when ca_cert is not specified
- support validating server certificate hash
- support SHA384 and SHA512 hashes
- add signature_algorithms extension into ClientHello
- support TLS v1.2 signature algorithm with SHA384 and SHA512
- support server certificate probing
- allow specific TLS versions to be disabled with phase2 parameter
- support extKeyUsage
- support PKCS #5 v2.0 PBES2
- support PKCS #5 with PKCS #12 style key decryption
- minimal support for PKCS #12
- support OCSP stapling (including ocsp_multi)
* OpenSSL
- support OpenSSL 1.1 API changes
- drop support for OpenSSL 0.9.8
- drop support for OpenSSL 1.0.0
* added support for multiple schedule scan plans (sched_scan_plans)
* added support for external server certificate chain validation
(tls_ext_cert_check=1 in the network profile phase1 parameter)
* made phase2 parser more strict about correct use of auth=<val> and
autheap=<val> values
* improved GAS offchannel operations with comeback request
* added SIGNAL_MONITOR command to request signal strength monitoring
events
* added command for retrieving HS 2.0 icons with in-memory storage
(REQ_HS20_ICON, GET_HS20_ICON, DEL_HS20_ICON commands and
RX-HS20-ICON event)
* enabled ACS support for AP mode operations with wpa_supplicant
* EAP-PEAP: fixed interoperability issue with Windows 2012r2 server
("Invalid Compound_MAC in cryptobinding TLV")
* EAP-TTLS: fixed success after fragmented final Phase 2 message
* VHT: added interoperability workaround for 80+80 and 160 MHz channels
* WNM: workaround for broken AP operating class behavior
* added kqueue(2) support for eloop (CONFIG_ELOOP_KQUEUE)
* nl80211:
- add support for full station state operations
- do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
- add NL80211_ATTR_PREV_BSSID with Connect command
- fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
unencrypted EAPOL frames
* added initial MBO support; number of extensions to WNM BSS Transition
Management
* added support for PBSS/PCP and P2P on 60 GHz
* Interworking: add credential realm to EAP-TLS identity
* fixed EAPOL-Key Request Secure bit to be 1 if PTK is set
* HS 2.0: add support for configuring frame filters
* added POLL_STA command to check connectivity in AP mode
* added initial functionality for location related operations
* started to ignore pmf=1/2 parameter for non-RSN networks
* added wps_disabled=1 network profile parameter to allow AP mode to
be started without enabling WPS
* wpa_cli: added action script support for AP-ENABLED and AP-DISABLED
events
* improved Public Action frame addressing
- add gas_address3 configuration parameter to control Address 3
behavior
* number of small fixes
ChangeLog for wpa_supplicant
2016-10-02 - v2.6
* fixed WNM Sleep Mode processing when PMF is not enabled
[http://w1.fi/security/2015-6/] (CVE-2015-5310)
* fixed EAP-pwd last fragment validation
[http://w1.fi/security/2015-7/] (CVE-2015-5315)
* fixed EAP-pwd unexpected Confirm message processing
[http://w1.fi/security/2015-8/] (CVE-2015-5316)
* fixed WPS configuration update vulnerability with malformed passphrase
[http://w1.fi/security/2016-1/] (CVE-2016-4476)
* fixed configuration update vulnerability with malformed parameters set
over the local control interface
[http://w1.fi/security/2016-1/] (CVE-2016-4477)
* fixed TK configuration to the driver in EAPOL-Key 3/4 retry case
* extended channel switch support for P2P GO
* started to throttle control interface event message bursts to avoid
issues with monitor sockets running out of buffer space
* mesh mode fixes/improvements
- generate proper AID for peer
- enable WMM by default
- add VHT support
- fix PMKID derivation
- improve robustness on various exchanges
- fix peer link counting in reconnect case
- improve mesh joining behavior
- allow DTIM period to be configured
- allow HT to be disabled (disable_ht=1)
- add MESH_PEER_ADD and MESH_PEER_REMOVE commands
- add support for PMKSA caching
- add minimal support for SAE group negotiation
- allow pairwise/group cipher to be configured in the network profile
- use ieee80211w profile parameter to enable/disable PMF and derive
a separate TX IGTK if PMF is enabled instead of using MGTK
incorrectly
- fix AEK and MTK derivation
- remove GTKdata and IGTKdata from Mesh Peering Confirm/Close
- note: these changes are not fully backwards compatible for secure
(RSN) mesh network
* fixed PMKID derivation with SAE
* added support for requesting and fetching arbitrary ANQP-elements
without internal support in wpa_supplicant for the specific element
(anqp[265]=<hexdump> in "BSS <BSSID>" command output)
* P2P
- filter control characters in group client device names to be
consistent with other P2P peer cases
- support VHT 80+80 MHz and 160 MHz
- indicate group completion in P2P Client role after data association
instead of already after the WPS provisioning step
- improve group-join operation to use SSID, if known, to filter BSS
entries
- added optional ssid=<hexdump> argument to P2P_CONNECT for join case
- added P2P_GROUP_MEMBER command to fetch client interface address
* P2PS
- fix follow-on PD Response behavior
- fix PD Response generation for unknown peer
- fix persistent group reporting
- add channel policy to PD Request
- add group SSID to the P2PS-PROV-DONE event
- allow "P2P_CONNECT <addr> p2ps" to be used without specifying the
default PIN
* BoringSSL
- support for OCSP stapling
- support building of h20-osu-client
* D-Bus
- add ExpectDisconnect()
- add global config parameters as properties
- add SaveConfig()
- add VendorElemAdd(), VendorElemGet(), VendorElemRem()
* fixed Suite B 192-bit AKM to use proper PMK length
(note: this makes old releases incompatible with the fixed behavior)
* improved PMF behavior for cases where the AP and STA has different
configuration by not trying to connect in some corner cases where the
connection cannot succeed
* added option to reopen debug log (e.g., to rotate the file) upon
receipt of SIGHUP signal
* EAP-pwd: added support for Brainpool Elliptic Curves
(with OpenSSL 1.0.2 and newer)
* fixed EAPOL reauthentication after FT protocol run
* fixed FTIE generation for 4-way handshake after FT protocol run
* extended INTERFACE_ADD command to allow certain type (sta/ap)
interface to be created
* fixed and improved various FST operations
* added 80+80 MHz and 160 MHz VHT support for IBSS/mesh
* fixed SIGNAL_POLL in IBSS and mesh cases
* added an option to abort an ongoing scan (used to speed up connection
and can also be done with the new ABORT_SCAN command)
* TLS client
- do not verify CA certificates when ca_cert is not specified
- support validating server certificate hash
- support SHA384 and SHA512 hashes
- add signature_algorithms extension into ClientHello
- support TLS v1.2 signature algorithm with SHA384 and SHA512
- support server certificate probing
- allow specific TLS versions to be disabled with phase2 parameter
- support extKeyUsage
- support PKCS #5 v2.0 PBES2
- support PKCS #5 with PKCS #12 style key decryption
- minimal support for PKCS #12
- support OCSP stapling (including ocsp_multi)
* OpenSSL
- support OpenSSL 1.1 API changes
- drop support for OpenSSL 0.9.8
- drop support for OpenSSL 1.0.0
* added support for multiple schedule scan plans (sched_scan_plans)
* added support for external server certificate chain validation
(tls_ext_cert_check=1 in the network profile phase1 parameter)
* made phase2 parser more strict about correct use of auth=<val> and
autheap=<val> values
* improved GAS offchannel operations with comeback request
* added SIGNAL_MONITOR command to request signal strength monitoring
events
* added command for retrieving HS 2.0 icons with in-memory storage
(REQ_HS20_ICON, GET_HS20_ICON, DEL_HS20_ICON commands and
RX-HS20-ICON event)
* enabled ACS support for AP mode operations with wpa_supplicant
* EAP-PEAP: fixed interoperability issue with Windows 2012r2 server
("Invalid Compound_MAC in cryptobinding TLV")
* EAP-TTLS: fixed success after fragmented final Phase 2 message
* VHT: added interoperability workaround for 80+80 and 160 MHz channels
* WNM: workaround for broken AP operating class behavior
* added kqueue(2) support for eloop (CONFIG_ELOOP_KQUEUE)
* nl80211:
- add support for full station state operations
- do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
- add NL80211_ATTR_PREV_BSSID with Connect command
- fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
unencrypted EAPOL frames
* added initial MBO support; number of extensions to WNM BSS Transition
Management
* added support for PBSS/PCP and P2P on 60 GHz
* Interworking: add credential realm to EAP-TLS identity
* fixed EAPOL-Key Request Secure bit to be 1 if PTK is set
* HS 2.0: add support for configuring frame filters
* added POLL_STA command to check connectivity in AP mode
* added initial functionality for location related operations
* started to ignore pmf=1/2 parameter for non-RSN networks
* added wps_disabled=1 network profile parameter to allow AP mode to
be started without enabling WPS
* wpa_cli: added action script support for AP-ENABLED and AP-DISABLED
events
* improved Public Action frame addressing
- add gas_address3 configuration parameter to control Address 3
behavior
* number of small fixes
# GStreamer 1.10 Release Notes
**GStreamer 1.10.0 was released on 1st November 2016.**
The GStreamer team is proud to announce a new major feature release in the
stable 1.x API series of your favourite cross-platform multimedia framework!
As always, this release is again packed with new features, bug fixes and other
improvements.
See [https://gstreamer.freedesktop.org/releases/1.10/][latest] for the latest
version of this document.
*Last updated: Tuesday 1 Nov 2016, 15:00 UTC [(log)][gitlog]*
[latest]: https://gstreamer.freedesktop.org/releases/1.10/
[gitlog]: https://cgit.freedesktop.org/gstreamer/www/log/src/htdocs/releases/1.10/release-notes-1.10.md
## Introduction
The GStreamer team is proud to announce a new major feature release in the
stable 1.x API series of your favourite cross-platform multimedia framework!
As always, this release is again packed with new features, bug fixes and other
improvements.
## Highlights
- Several convenience APIs have been added to make developers' lives easier
- A new `GstStream` API provides applications a more meaningful view of the
structure of streams, simplifying the process of dealing with media in
complex container formats
- Experimental `decodebin3` and `playbin3` elements which bring a number of
improvements which were hard to implement within `decodebin` and `playbin`
- A new `parsebin` element to automatically unpack and parse a stream, stopping
just short of decoding
- Experimental new `meson`-based build system, bringing faster build and much
better Windows support (including for building with Visual Studio)
- A new `gst-docs` module has been created, and we are in the process of moving
our documentation to a markdown-based format for easier maintenance and
updates
- A new `gst-examples` module has been create, which contains example
GStreamer applications and is expected to grow with many more examples in
the future
- Various OpenGL and OpenGL|ES-related fixes and improvements for greater
efficiency on desktop and mobile platforms, and Vulkan support on Wayland was
also added
- Extensive improvements to the VAAPI plugins for improved robustness and
efficiency
- Lots of fixes and improvements across the board, spanning RTP/RTSP, V4L2,
Bluetooth, audio conversion, echo cancellation, and more!
## Major new features and changes
### Noteworthy new API, features and other changes
#### Core API additions
##### Receive property change notifications via bus messages
New API was added to receive element property change notifications via
bus messages. So far, applications had to connect a callback to an element's
`notify::property-name` signal via the GObject API, which was inconvenient for
at least two reasons: one had to implement a signal callback function, and that
callback function would usually be called from one of the streaming threads, so
one had to marshal (send) any information gathered or pending requests to the
main application thread which was tedious and error-prone.
Enter [`gst_element_add_property_notify_watch()`][notify-watch] and
[`gst_element_add_property_deep_notify_watch()`][deep-notify-watch] which will
watch for changes of a property on the specified element, either only for this
element or recursively for a whole bin or pipeline. Whenever such a
property change happens, a `GST_MESSAGE_PROPERTY_NOTIFY` message will be posted
on the pipeline bus with details of the element, the property and the new
property value, all of which can be retrieved later from the message in the
application via [`gst_message_parse_property_notify()`][parse-notify]. Unlike
the GstBus watch functions, this API does not rely on a running GLib main loop.
The above can be used to be notified asynchronously of caps changes in the
pipeline, or volume changes on an audio sink element, for example.
[notify-watch]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstElement.html#gst-element-add-property-notify-watch
[deep-notify-watch]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstElement.html#gst-element-add-property-deep-notify-watch
[parse-notify]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstMessage.html#gst-message-parse-property-notify
##### GstBin "deep" element-added and element-removed signals
GstBin has gained `"deep-element-added"` and `"deep-element-removed"` signals
which makes it easier for applications and higher-level plugins to track when
elements are added or removed from a complex pipeline with multiple sub-bins.
`playbin` makes use of this to implement the new `"element-setup"` signal which
can be used to configure elements as they are added to `playbin`, just like the
existing `"source-setup"` signal which can be used to configure the source
element created.
##### Error messages can contain additional structured details
It is often useful to provide additional, structured information in error,
warning or info messages for applications (or higher-level elements) to make
intelligent decisions based on them. To allow this, error, warning and info
messages now have API for adding arbitrary additional information to them
using a `GstStructure`:
[`GST_ELEMENT_ERROR_WITH_DETAILS`][element-error-with-details] and
corresponding API for the other message types.
This is now used e.g. by the new [`GST_ELEMENT_FLOW_ERROR`][element-flow-error]
API to include the actual flow error in the error message, and the
[souphttpsrc element][souphttpsrc-detailed-errors] to provide the HTTP
status code, and the URL (if any) to which a redirection has happened.
[element-error-with-details]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstElement.html#GST-ELEMENT-ERROR-WITH-DETAILS:CAPS
[element-flow-error]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstElement.html#GST-ELEMENT-FLOW-ERROR:CAPS
[souphttpsrc-detailed-errors]: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/tree/ext/soup/gstsouphttpsrc.c?id=60d30db912a1aedd743e66b9dcd2e21d71fbb24f#n1318
##### Redirect messages have official API now
Sometimes, elements need to redirect the current stream URL and tell the
application to proceed with this new URL, possibly using a different
protocol too (thus changing the pipeline configuration). Until now, this was
informally implemented using `ELEMENT` messages on the bus.
Now this has been formalized in the form of a new `GST_MESSAGE_REDIRECT` message.
A new redirect message can be created using [`gst_message_new_redirect()`][new-redirect].
If needed, multiple redirect locations can be specified by calling
[`gst_message_add_redirect_entry()`][add-redirect] to add further redirect
entries, all with metadata, so the application can decide which is
most suitable (e.g. depending on the bitrate tags).
[new-redirect]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstMessage.html#gst-message-new-redirect
[add-redirect]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstMessage.html#gst-message-add-redirect-entry
##### New pad linking convenience functions that automatically create ghost pads
New pad linking convenience functions were added:
[`gst_pad_link_maybe_ghosting()`][pad-maybe-ghost] and
[`gst_pad_link_maybe_ghosting_full()`][pad-maybe-ghost-full] which were
previously internal to GStreamer have now been exposed for general use.
The existing pad link functions will refuse to link pads or elements at
different levels in the pipeline hierarchy, requiring the developer to
create ghost pads where necessary. These new utility functions will
automatically create ghostpads as needed when linking pads at different
levels of the hierarchy (e.g. from an element inside a bin to one that's at
the same level in the hierarchy as the bin, or in another bin).
[pad-maybe-ghost]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstPad.html#gst-pad-link-maybe-ghosting
[pad-maybe-ghost-full]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstPad.html#gst-pad-link-maybe-ghosting-full
##### Miscellaneous
Pad probes: IDLE and BLOCK probes now work slightly differently in pull mode,
so that push and pull mode have opposite scenarios for idle and blocking probes.
In push mode, it will block with some data type and IDLE won't have any data.
In pull mode, it will block _before_ getting a buffer and will be IDLE once some
data has been obtained. ([commit][commit-pad-probes], [bug][bug-pad-probes])
[commit-pad-probes]: https://cgit.freedesktop.org/gstreamer/gstreamer/commit/gst/gstpad.c?id=368ee8a336d0c868d81fdace54b24431a8b48cbf
[bug-pad-probes]: https://bugzilla.gnome.org/show_bug.cgi?id=761211
[`gst_parse_launch_full()`][parse-launch-full] can now be made to return a
`GstBin` instead of a top-level pipeline by passing the new
`GST_PARSE_FLAG_PLACE_IN_BIN` flag.
[parse-launch-full]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/gstreamer-GstParse.html#gst-parse-launch-full
The default GStreamer debug log handler can now be removed before
calling `gst_init()`, so that it will never get installed and won't be active
during initialization.
A new [`STREAM_GROUP_DONE` event][stream-group-done-event] was added. In some
ways it works similar to the `EOS` event in that it can be used to unblock
downstream elements which may be waiting for further data, such as for example
`input-selector`. Unlike `EOS`, further data flow may happen after the
`STREAM_GROUP_DONE` event though (and without the need to flush the pipeline).
This is used to unblock input-selector when switching between streams in
adaptive streaming scenarios (e.g. HLS).
[stream-group-done-event]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstEvent.html#gst-event-new-stream-group-done
The `gst-launch-1.0` command line tool will now print unescaped caps in verbose
mode (enabled by the -v switch).
[`gst_element_call_async()`][call-async] has been added as convenience API for
plugin developers. It is useful for one-shot operations that need to be done
from a thread other than the current streaming thread. It is backed by a
thread-pool that is shared by all elements.
[call-async]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstElement.html#gst-element-call-async
Various race conditions have been fixed around the `GstPoll` API used by e.g.
`GstBus` and `GstBufferPool`. Some of these manifested themselves primarily
on Windows.
`GstAdapter` can now keep track of discontinuities signalled via the `DISCONT`
buffer flag, and has gained [new API][new-adapter-api] to track PTS, DTS and
offset at the last discont. This is useful for plugins implementing advanced
trick mode scenarios.
[new-adapter-api]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer-libs/html/GstAdapter.html#gst-adapter-pts-at-discont
`GstTestClock` gained a new [`"clock-type"` property][clock-type-prop].
[clock-type-prop]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer-libs/html/GstTestClock.html#GstTestClock--clock-type
#### GstStream API for stream announcement and stream selection
New stream listing and stream selection API: new API has been added to
provide high-level abstractions for streams ([`GstStream`][stream-api])
and collections of streams ([`GstStreamCollections`][stream-collection-api]).
##### Stream listing
A [`GstStream`][stream-api] contains all the information pertinent to a stream,
such as stream id, caps, tags, flags and stream type(s); it can represent a
single elementary stream (e.g. audio, video, subtitles, etc.) or a container
stream. This will depend on the context. In a decodebin3/playbin3 one
it will typically be elementary streams that can be selected and unselected.
A [`GstStreamCollection`][stream-collection-api] represents a group of streams
and is used to announce or publish all available streams. A GstStreamCollection
is immutable - once created it won't change. If the available streams change,
e.g. because a new stream appeared or some streams disappeared, a new stream
collection will be published. This new stream collection may contain streams
from the previous collection if those streams persist, or completely new ones.
Stream collections do not yet list all theoretically available streams,
e.g. other available DVD angles or alternative resolutions/bitrate of the same
stream in case of adaptive streaming.
New events and messages have been added to notify or update other elements and
the application about which streams are currently available and/or selected.
This way, we can easily and seamlessly let the application know whenever the
available streams change, as happens frequently with digital television streams
for example. The new system is also more flexible. For example, it is now also
possible for the application to select multiple streams of the same type
(e.g. in a transcoding/transmuxing scenario).
A [`STREAM_COLLECTION` message][stream-collection-msg] is posted on the bus
to inform the parent bin (e.g. `playbin3`, `decodebin3`) and/or the application
about what streams are available, so you no longer have to hunt for this
information at different places. The available information includes number of
streams of each type, caps, tags etc. Bins and/or the application can intercept
the message synchronously to select and deselect streams before any data is
produced - for the case where elements such as the demuxers support the new
stream API, not necessarily in the parsebin compatibility fallback case.
Similarly, there is also a [`STREAM_COLLECTION` event][stream-collection-event]
to inform downstream elements of the available streams. This event can be used
by elements to aggregate streams from multiple inputs into one single collection.
The `STREAM_START` event was extended so that it can also contain a GstStream
object with all information about the current stream, see
[`gst_event_set_stream()`][event-set-stream] and
[`gst_event_parse_stream()`][event-parse-stream].
[`gst_pad_get_stream()`][pad-get-stream] is a new utility function that can be
used to look up the GstStream from the `STREAM_START` sticky event on a pad.
[stream-api]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/gstreamer-GstStream.html
[stream-collection-api]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/gstreamer-GstStreamCollection.html
[stream-collection-msg]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstMessage.html#gst-message-new-stream-collection
[stream-collection-event]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstEvent.html#gst-event-new-stream-collection
[event-set-stream]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstEvent.html#gst-event-set-stream
[event-parse-stream]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstEvent.html#gst-event-parse-stream
[pad-get-stream]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstPad.html#gst-pad-get-stream
##### Stream selection
Once the available streams have been published, streams can be selected via
their stream ID using the new `SELECT_STREAMS` event, which can be created
with [`gst_event_new_select_streams()`][event-select-streams]. The new API
supports selecting multiple streams per stream type. In the future, we may also
implement explicit deselection of streams that will never be used, so
elements can skip these and never expose them or output data for them in the
first place.
The application is then notified of the currently selected streams via the
new `STREAMS_SELECTED` message on the pipeline bus, containing both the current
stream collection as well as the selected streams. This might be posted in
response to the application sending a `SELECT_STREAMS` event or when
`decodebin3` or `playbin3` decide on the streams to be initially selected without
application input.
[event-select-streams]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gstreamer/html/GstEvent.html#gst-event-new-select-streams
##### Further reading
See further below for some notes on the new elements supporting this new
stream API, namely: `decodebin3`, `playbin3` and `parsebin`.
More information about the new API and the new elements can also be found here:
- GStreamer [stream selection design docs][streams-design]
- Edward Hervey's talk ["The new streams API: Design and usage"][streams-talk] ([slides][streams-slides])
- Edward Hervey's talk ["Decodebin3: Dealing with modern playback use cases"][db3-talk] ([slides][db3-slides])
[streams-design]: https://cgit.freedesktop.org/gstreamer/gstreamer/tree/docs/design/part-stream-selection.txt
[streams-talk]: https://gstconf.ubicast.tv/videos/the-new-gststream-api-design-and-usage/
[streams-slides]: https://gstreamer.freedesktop.org/data/events/gstreamer-conference/2016/Edward%20Hervey%20-%20The%20New%20Streams%20API%20Design%20and%20Usage.pdf
[db3-talk]: https://gstconf.ubicast.tv/videos/decodebin3-or-dealing-with-modern-playback-use-cases/
[db3-slides]: https://gstreamer.freedesktop.org/data/events/gstreamer-conference/2015/Edward%20Hervey%20-%20decodebin3.pdf
#### Audio conversion and resampling API
The audio conversion library received a completely new and rewritten audio
resampler, complementing the audio conversion routines moved into the audio
library in the [previous release][release-notes-1.8]. Integrating the resampler
with the other audio conversion library allows us to implement generic
conversion much more efficiently, as format conversion and resampling can now
be done in the same processing loop instead of having to do it in separate
steps (our element implementations do not make use of this yet though).
The new audio resampler library is a combination of some of the best features
of other samplers such as ffmpeg, speex and SRC. It natively supports S16, S32,
F32 and F64 formats and uses optimized x86 and neon assembly for most of its
processing. It also has support for dynamically changing sample rates by incrementally
updating the filter tables using linear or cubic interpolation. According to
some benchmarks, it's one of the fastest and most accurate resamplers around.
The `audioresample` plugin has been ported to the new audio library functions
to make use of the new resampler.
[release-notes-1.8]: https://gstreamer.freedesktop.org/releases/1.8/
#### Support for SMPTE timecodes
Support for SMPTE timecodes was added to the GStreamer video library. This
comes with an abstraction for timecodes, [`GstVideoTimeCode`][video-timecode]
and a [`GstMeta`][video-timecode-meta] that can be placed on video buffers for
carrying the timecode information for each frame. Additionally there is
various API for making handling of timecodes easy and to do various
calculations with them.
A new plugin called [`timecode`][timecode-plugin] was added, that contains an
element called `timecodestamper` for putting the timecode meta on video frames
based on counting the frames and another element called `timecodewait` that
drops all video (and audio) until a specific timecode is reached.
Additionally support was added to the Decklink plugin for including the
timecode information when sending video out or capturing it via SDI, the
`qtmux` element is able to write timecode information into the MOV container,
and the `timeoverlay` element can overlay timecodes on top of the video.
More information can be found in the [talk about timecodes][timecode-talk] at
the GStreamer Conference 2016.
[video-timecode]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gst-plugins-base-libs/html/gst-plugins-base-libs-gstvideo.html#GstVideoTimeCode
[video-timecode-meta]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gst-plugins-base-libs/html/gst-plugins-base-libs-gstvideometa.html#gst-buffer-add-video-time-code-meta
[timecode-plugin]: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/tree/gst/timecode
[timecode-talk]: https://gstconf.ubicast.tv/videos/smpte-timecodes-in-gstreamer/
#### GStreamer OpenMAX IL plugin
The last gst-omx release, 1.2.0, was in July 2014. It was about time to get
a new one out with all the improvements that have happened in the meantime.
From now on, we will try to release gst-omx together with all other modules.
This release features a lot of bugfixes, improved support for the Raspberry Pi
and in general improved support for zerocopy rendering via EGL and a few minor
new features.
At this point, gst-omx is known to work best on the Raspberry Pi platform but
it is also known to work on various other platforms. Unfortunately, we are
not including configurations for any other platforms, so if you happen to use
gst-omx: please send us patches with your configuration and code changes!
### New Elements
#### decodebin3, playbin3, parsebin (experimental)
This release features new decoding and playback elements as experimental
technology previews: `decodebin3` and `playbin3` will soon supersede the
existing `decodebin` and `playbin` elements. We skipped the number 2 because
it was already used back in the 0.10 days, which might cause confusion.
Experimental technology preview means that everything should work fine already,
but we can't guarantee there won't be minor behavioural changes in the
next cycle. In any case, please test and report any problems back.
Before we go into detail about what these new elements improve, let's look at
the new [`parsebin`][parsebin] element. It works similarly to `decodebin` and
`decodebin3`, only that it stops one step short and does not plug any actual
decoder elements. It will only plug parsers, tag readers, demuxers and
depayloaders. Also note that parsebin does not contain any queueing element.
[`decodebin3`'s][decodebin3] internal architecture is slightly different from
the existing `decodebin` element and fixes many long-standing issues with our
decoding engine. For one, data is now fed into the internal `multiqueue` element
*after* it has been parsed and timestamped, which means that the `multiqueue`
element now has more knowledge and is able to calculate the interleaving of the
various streams, thus minimizing memory requirements and doing away with magic
values for buffering limits that were conceived when videos were 240p or 360p.
Anyone who has tried to play back 4k video streams with decodebin2
will have noticed the limitations of that approach. The improved timestamp
tracking also enables `multiqueue` to keep streams of the same type (audio,
video) aligned better, making sure switching between streams of the same type
is very fast.
Another major improvement in `decodebin3` is that it will no longer decode
streams that are not being used. With the old `decodebin` and `playbin`, when
there were 8 audio streams we would always decode all 8 streams even
if 7 were not actually used. This caused a lot of CPU overhead, which was
particularly problematic on embedded devices. When switching between streams
`decodebin3` will try hard to re-use existing decoders. This is useful when
switching between multiple streams of the same type if they are encoded in the
same format.
Re-using decoders is also useful when the available streams change on the fly,
as might happen with radio streams (chained Oggs), digital television
broadcasts, when adaptive streaming streams change bitrate, or when switching
gaplessly to the next title. In order to guarantee a seamless transition, the
old `decodebin2` would plug a second decoder for the new stream while finishing
up the old stream. With `decodebin3`, this is no longer needed - at least not
when the new and old format are the same. This will be particularly useful
on embedded systems where it is often not possible to run multiple decoders
at the same time, or when tearing down and setting up decoders is fairly
expensive.
`decodebin3` also allows for multiple input streams, not just a single one.
This will be useful, in the future, for gapless playback, or for feeding
multiple external subtitle streams to decodebin/playbin.
`playbin3` uses `decodebin3` internally, and will supercede `playbin`.
It was decided that it would be too risky to make the old `playbin` use the
new `decodebin3` in a backwards-compatible way. The new architecture
makes it awkward, if not impossible, to maintain perfect backwards compatibility
in some aspects, hence `playbin3` was born, and developers can migrate to the
new element and new API at their own pace.
All of these new elements make use of the new `GstStream` API for listing and
selecting streams, as described above. `parsebin` provides backwards
compatibility for demuxers and parsers which do not advertise their streams
using the new API yet (which is most).
The new elements are not entirely feature-complete yet: `playbin3` does not
support so-called decodersinks yet where the data is not decoded inside
GStreamer but passed directly for decoding to the sink. `decodebin3` is missing
the various `autoplug-*` signals to influence which decoders get autoplugged
in which order. We're looking to add back this functionality, but it will probably
be in a different way, with a single unified signal and using GstStream perhaps.
For more information on these new elements, check out Edward Hervey's talk
[*decodebin3 - dealing with modern playback use cases*][db3-talk]
[parsebin]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gst-plugins-base-plugins/html/gst-plugins-base-plugins-parsebin.html
[decodebin3]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gst-plugins-base-plugins/html/gst-plugins-base-plugins-decodebin3.html
[db3-talk]: https://gstconf.ubicast.tv/videos/decodebin3-or-dealing-with-modern-playback-use-cases/
#### LV2 ported from 0.10 and switched from slv2 to lilv2
The LV2 wrapper plugin has been ported to 1.0 and moved from using the
deprecated slv2 library to its replacement liblv2. We support sources and
filter elements. lv2 is short for *Linux Audio Developer's Simple Plugin API
(LADSPA) version 2* and is an open standard for audio plugins which includes
support for audio synthesis (generation), digital signal processing of digital
audio, and MIDI. The new lv2 plugin supersedes the existing LADSPA plugin.
#### WebRTC DSP Plugin for echo-cancellation, gain control and noise suppression
A set of new elements ([webrtcdsp][webrtcdsp], [webrtcechoprobe][webrtcechoprobe])
based on the WebRTC DSP software stack can now be used to improve your audio
voice communication pipelines. They support echo cancellation, gain control,
noise suppression and more. For more details you may read
[Nicolas' blog post][webrtc-blog-post].
[webrtcdsp]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gst-plugins-bad-plugins/html/gst-plugins-bad-plugins-webrtcdsp.html
[webrtcechoprobe]: https://gstreamer.freedesktop.org/data/doc/gstreamer/head/gst-plugins-bad-plugins/html/gst-plugins-bad-plugins-webrtcechoprobe.html
[webrtc-blog-post]: https://ndufresne.ca/2016/06/gstreamer-echo-canceller/
#### Fraunhofer FDK AAC encoder and decoder
New encoder and decoder elements wrapping the Fraunhofer FDK AAC library have
been added (`fdkaacdec`, `fdkaacdec`). The Fraunhofer FDK AAC encoder is
generally considered to be a very high-quality AAC encoder, but unfortunately
it comes under a non-free license with the option to obtain a paid, commercial
license.
### Noteworthy element features and additions
#### Major RTP and RTSP improvements
- The RTSP server and source element, as well as the RTP jitterbuffer now support
remote clock synchronization according to [RFC7273][https://tools.ietf.org/html/rfc7273].
- Support for application and profile specific RTCP packets was added.
- The H265/HEVC payloader/depayloader is again in sync with the final RFC.
- Seeking stability of the RTSP source and server was improved a lot and
runs stably now, even when doing scrub-seeking.
- The RTSP server received various major bugfixes, including for regressions that
caused the IP/port address pool to not be considered, or NAT hole punching
to not work anymore. [Bugzilla #766612][https://bugzilla.gnome.org/show_bug.cgi?id=766612]
- Various other bugfixes that improve the stability of RTP and RTSP, including
many new unit / integration tests.
#### Improvements to splitmuxsrc and splitmuxsink
- The splitmux element received reliability and error handling improvements,
removing at least one deadlock case. `splitmuxsrc` now stops cleanly at the end
of the segment when handling seeks with a stop time. We fixed a bug with large
amounts of downstream buffering causing incorrect out-of-sequence playback.
- `splitmuxsrc` now has a `"format-location"` signal to directly specify the list
of files to play from.
- `splitmuxsink` can now optionally send force-keyunit events to upstream
elements to allow splitting files more accurately instead of having to wait
for upstream to provide a new keyframe by itself.
#### OpenGL/GLES improvements
##### iOS and macOS (OS/X)
- We now create OpenGL|ES 3.x contexts on iOS by default with a fallback to
OpenGL|ES 2.x if that fails.
- Various zerocopy decoding fixes and enhancements with the
encoding/decoding/capturing elements.
- libdispatch is now used on all Apple platforms instead of GMainLoop, removing
the expensive poll()/pthread_*() overhead.
##### New API
- `GstGLFramebuffer` - for wrapping OpenGL frame buffer objects. It provides
facilities for attaching `GstGLMemory` objects to the necessary attachment
points, binding and unbinding and running a user-supplied function with the
framebuffer bound.
- `GstGLRenderbuffer` (a `GstGLBaseMemory` subclass) - for wrapping OpenGL
render buffer objects that are typically used for depth/stencil buffers or
for color buffers where we don't care about the output.
- `GstGLMemoryEGL` (a `GstGLMemory` subclass) - for combining `EGLImage`s with a GL
texture that replaces `GstEGLImageMemory` bringing the improvements made to the
other `GstGLMemory` implementations. This fixes a performance regression in
zerocopy decoding on the Raspberry Pi when used with an updated gst-omx.
##### Miscellaneous improvements
- `gltestsrc` is now usable on devices/platforms with OpenGL 3.x and OpenGL|ES
and has completed or gained support for new patterns in line with the
existing ones in `videotestsrc`.
- `gldeinterlace` is now available on devices/platforms with OpenGL|ES
implementations.
- The dispmanx backend (used on the Raspberry Pi) now supports the
`gst_video_overlay_set_window_handle()` and
`gst_video_overlay_set_render_rectangle()` functions.
- The `gltransformation` element now correctly transforms mouse coordinates (in
window space) to stream coordinates for both perspective and orthographic
projections.
- The `gltransformation` element now detects if the
`GstVideoAffineTransformationMeta` is supported downstream and will efficiently
pass its transformation downstream. This is a performance improvement as it
results in less processing being required.
- The wayland implementation now uses the multi-threaded safe event-loop API
allowing correct usage in applications that call wayland functions from
multiple threads.
- Support for native 90 degree rotations and horizontal/vertical flips
in `glimagesink`.
#### Vulkan
- The Vulkan elements now work under Wayland and have received numerous
bugfixes.
#### QML elements
- `qmlglsink` video sink now works on more platforms, notably, Windows, Wayland,
and Qt's eglfs (for embedded devices with an OpenGL implementation) including
the Raspberry Pi.
- New element `qmlglsrc` to record a QML scene into a GStreamer pipeline.
#### KMS video sink
- New element `kmssink` to render video using Direct Rendering Manager
(DRM) and Kernel Mode Setting (KMS) subsystems in the Linux
kernel. It is oriented to be used mostly in embedded systems.
#### Wayland video sink
- `waylandsink` now supports the wl_viewporter extension allowing
video scaling and cropping to be delegated to the Wayland
compositor. This extension is also been made optional, so that it can
also work on current compositors that don't support it. It also now has
support for the video meta, allowing zero-copy operations in more
cases.
#### DVB improvements
- `dvbsrc` now has better delivery-system autodetection and several
new parameter sanity-checks to improve its resilience to configuration
omissions and errors. Superfluous polling continues to be trimmed down,
and the debugging output has been made more consistent and precise.
Additionally, the channel-configuration parser now supports the new dvbv5
format, enabling `dvbbasebin` to automatically playback content transmitted
on delivery systems that previously required manual description, like ISDB-T.
#### DASH, HLS and adaptivedemux
- HLS now has support for Alternate Rendition audio and video tracks. Full
support for Alternate Rendition subtitle tracks will be in an upcoming release.
- DASH received support for keyframe-only trick modes if the
`GST_SEEK_FLAG_TRICKMODE_KEY_UNITS` flag is given when seeking. It will
only download keyframes then, which should help with high-speed playback.
Changes to skip over multiple frames based on bandwidth and other metrics
will be added in the near future.
- Lots of reliability fixes around seek handling and bitrate switching.
#### Bluetooth improvements
- The `avdtpsrc` element now supports metadata such as track title, artist
name, and more, which devices can send via AVRCP. These are published as
tags on the pipeline.
- The `a2dpsink` element received some love and was cleaned up so that it
actually works after the initial GStreamer 1.0 port.
#### GStreamer VAAPI
- All the decoders have been split, one plugin feature per codec. So
far, the available ones, depending on the driver, are:
`vaapimpeg2dec`, `vaapih264dec`, `vaapih265dec`, `vaapivc1dec`, `vaapivp8dec`,
`vaapivp9dec` and `vaapijpegdec` (which already was split).
- Improvements when mapping VA surfaces into memory. It now differentiates
between negotiation caps and allocations caps, since the allocation
memory for surfaces may be bigger than one that is going to be
mapped.
- `vaapih265enc` now supports constant bitrate mode (CBR).
- Since several VA drivers are unmaintained, we decide to keep a whitelist
with the va drivers we actually test, which is mostly the i915 and to a lesser
degree gallium from the mesa project. Exporting the environment variable
`GST_VAAPI_ALL_DRIVERS` disables the whitelist.
- Plugin features are registered at run-time, according to their support by
the loaded VA driver. So only the decoders and encoder supported by the
system are registered. Since the driver can change, some dependencies are
tracked to invalidate the GStreamer registry and reload the plugin.
- `dmabuf` importation from upstream has been improved, gaining performance.
- `vaapipostproc` now can negotiate buffer transformations via caps.
- Decoders now can do I-frame only reverse playback. This decodes I-frames
only because the surface pool is smaller than the required by the GOP to show all the
frames.
- The upload of frames onto native GL textures has been optimized too, keeping
a cache of the internal structures for the offered textures by the sink.
#### V4L2 changes
- More pixels formats are now supported
- Decoder is now using `G_SELECTION` instead of the deprecated `G_CROP`
- Decoder now uses the `STOP` command to handle EOS
- Transform element can now scale the pixel aspect ratio
- Colorimetry support has been improved even more
- We now support the `OUTPUT_OVERLAY` type of video node in v4l2sink
#### Miscellaneous
- `multiqueue`'s input pads gained a new `"group-id"` property which
can be used to group input streams. Typically one will assign
different id numbers to audio, video and subtitle streams for
example. This way `multiqueue` can make sure streams of the same
type advance in lockstep if some of the streams are unlinked and the
`"sync-by-running-time"` property is set. This is used in
decodebin3/playbin3 to implement almost-instantaneous stream
switching. The grouping is required because different downstream
paths (audio, video, etc.) may have different buffering/latency
etc. so might be consuming data from multiqueue with a slightly
different phase, and if we track different stream groups separately
we minimize stream switching delays and buffering inside the
`multiqueue`.
- `alsasrc` now supports ALSA drivers without a position for each
channel, this is common in some professional or industrial hardware.
- `libvpx` based decoders (`vp8dec` and `vp9dec`) now create multiple threads on
computers with multiple CPUs automatically.
- `rfbsrc` - used for capturing from a VNC server - has seen a lot of
debugging. It now supports the latest version of the RFB
protocol and uses GIO everywhere.
- `tsdemux` can now read ATSC E-AC-3 streams.
- New `GstVideoDirection` video orientation interface for rotating, flipping
and mirroring video in 90° steps. It is implemented by the `videoflip` and
`glvideoflip` elements currently.
- It is now possible to give `appsrc` a duration in time, and there is now a
non-blocking try-pull API for `appsink` that returns NULL if nothing is
available right now.
- `x264enc` has support now for chroma-site and colorimetry settings
- A new JPEG2000 parser element was added, and the JPEG2000 caps were cleaned
up and gained more information needed in combination with RTP and various
container formats.
- Reverse playback support for `videorate` and `deinterlace` was implemented
- Various improvements everywhere for reverse playback and `KEY_UNITS` trick mode
- New cleaned up `rawaudioparse` and `rawvideoparse` elements that replace the
old `audioparse` and `videoparse` elements. There are compatibility element
factories registered with the old names to allow existing code to continue
to work.
- The Decklink plugin gained support for 10 bit video SMPTE timecodes, and
generally got many bugfixes for various issues.
- New API in `GstPlayer` for setting the multiview mode for stereoscopic
video, setting an HTTP/RTSP user agent and a time offset between audio and
video. In addition to that, there were various bugfixes and the new
gst-examples module contains Android, iOS, GTK+ and Qt example applications.
- `GstBin` has new API for suppressing various `GstElement` or `GstObject`
flags that would otherwise be affected by added/removed child elements. This
new API allows `GstBin` subclasses to handle for themselves if they
should be considered a sink or source element, for example.
- The `subparse` element can handle WebVTT streams now.
- A new `sdpsrc` element was added that can read an SDP from a file, or get it
as a string as property and then sets up an RTP pipeline accordingly.
### Plugin moves
No plugins were moved this cycle. We'll make up for it next cycle, promise!
### Rewritten memory leak tracer
GStreamer has had basic functionality to trace allocation and freeing of
both mini-objects (buffers, events, caps, etc.) and objects in the form of the
internal `GstAllocTrace` tracing system. This API was never exposed in the
1.x API series though. When requested, this would dump a list of objects and
mini-objects at exit time which had still not been freed at that point,
enabled with an environment variable. This subsystem has now been removed
in favour of a new implementation based on the recently-added tracing framework.
Tracing hooks have been added to trace the creation and destruction of
GstObjects and mini-objects, and a new tracer plugin has been written using
those new hooks to track which objects are still live and which are not. If
GStreamer has been compiled against the libunwind library, the new leaks tracer
will remember where objects were allocated from as well. By default the leaks
tracer will simply output a warning if leaks have been detected on `gst_deinit()`.
If the `GST_LEAKS_TRACER_SIG` environment variable is set, the leaks tracer
will also handle the following UNIX signals:
- `SIGUSR1`: log alive objects
- `SIGUSR2`: create a checkpoint and print a list of objects created and
destroyed since the previous checkpoint.
Unfortunately this will not work on Windows due to no signals, however.
If the `GST_LEAKS_TRACER_STACK_TRACE` environment variable is set, the leaks
tracer will also log the creation stack trace of leaked objects. This may
significantly increase memory consumption however.
New `MAY_BE_LEAKED` flags have been added to GstObject and GstMiniObject, so
that objects and mini-objects that are likely to stay around forever can be
flagged and blacklisted from the leak output.
To give the new leak tracer a spin, simply call any GStreamer application such
as `gst-launch-1.0` or `gst-play-1.0` like this:
GST_TRACERS=leaks gst-launch-1.0 videotestsrc num-buffers=10 ! fakesink
If there are any leaks, a warning will be raised at the end.
It is also possible to trace only certain types of objects or mini-objects:
GST_TRACERS="leaks(GstEvent,GstMessage)" gst-launch-1.0 videotestsrc num-buffers=10 ! fakesink
This dedicated leaks tracer is much much faster than valgrind since all code is
executed natively instead of being instrumented. This makes it very suitable
for use on slow machines or embedded devices. It is however limited to certain
types of leaks and won't catch memory leaks when the allocation has been made
via plain old `malloc()` or `g_malloc()` or other means. It will also not trace
non-GstObject GObjects.
The goal is to enable leak tracing on GStreamer's Continuous-Integration and
testing system, both for the regular unit tests (make check) and media tests
(gst-validate), so that accidental leaks in common code paths can be detected
and fixed quickly.
For more information about the new tracer, check out Guillaume Desmottes's
["Tracking Memory Leaks"][leaks-talk] talk or his [blog post][leaks-blog] about
the topic.
[leaks-talk]: https://gstconf.ubicast.tv/videos/tracking-memory-leaks/
[leaks-blog]: https://blog.desmottes.be/?post/2016/06/20/GStreamer-leaks-tracer
### GES and NLE changes
- Clip priorities are now handled by the layers, and the GESTimelineElement
priority property is now deprecated and unused
- Enhanced (de)interlacing support to always use the `deinterlace` element
and expose needed properties to users
- Allow reusing clips children after removing the clip from a layer
- We are now testing many more rendering formats in the gst-validate
test suite, and failures have been fixed.
- Also many bugs have been fixed in this cycle!
### GStreamer validate changes
This cycle has been focused on making GstValidate more than just a validating
tool, but also a tool to help developers debug their GStreamer issues. When
reporting issues, we try to gather as much information as possible and expose
it to end users in a useful way. For an example of such enhancements, check out
Thibault Saunier's [blog post](improving-debugging-gstreamer-validate) about
the new Not Negotiated Error reporting mechanism.
Playbin3 support has been added so we can run validate tests with `playbin3`
instead of playbin.
We are now able to properly communicate between `gst-validate-launcher` and
launched subprocesses with actual IPC between them. That has enabled the test
launcher to handle failing tests specifying the exact expected issue(s).
[improving-debugging-gstreamer-validate]: https://blogs.s-osg.org/improving-debugging-gstreamer-validate/
### gst-libav changes
gst-libav uses the recently released ffmpeg 3.2 now, which brings a lot of
improvements and bugfixes from the ffmpeg team in addition to various new
codec mappings on the GStreamer side and quite a few bugfixes to the GStreamer
integration to make it more robust.
## Build and Dependencies
### Experimental support for Meson as build system
#### Overview
We have have added support for building GStreamer using the
[Meson build system][meson]. This is currently experimental, but should work
fine at least on Linux using the gcc or clang toolchains and on Windows using
the MingW or MSVC toolchains.
Autotools remains the primary build system for the time being, but we hope to
someday replace it and will steadily work towards that goal.
More information about the background and implications of all this and where
we're hoping to go in future with this can be found in [Tim's mail][meson-mail]
to the gstreamer-devel mailing list.
For more information on Meson check out [these videos][meson-videos] and also
the [Meson talk][meson-gstconf] at the GStreamer Conference.
Immediate benefits for Linux users are faster builds and rebuilds. At the time
of writing the Meson build of GStreamer is used by default in GNOME's jhbuild
system.
The Meson build currently still lacks many of the fine-grained configuration
options to enable/disable specific plugins. These will be added back in due
course.
Note: The meson build files are not distributed in the source tarballs, you will
need to get GStreamer from git if you want try it out.
[meson]: http://mesonbuild.com/
[meson-mail]: https://lists.freedesktop.org/archives/gstreamer-devel/2016-September/060231.html
[meson-videos]: http://mesonbuild.com/videos.html
[meson-gstconf]: https://gstconf.ubicast.tv/videos/gstreamer-development-on-windows-ans-faster-builds-everywhere-with-meson/
#### Windows Visual Studio toolchain support
Windows users might appreciate being able to build GStreamer using the MSVC
toolchain, which is not possible using autotools. This means that it will be
possible to debug GStreamer and applications in Visual Studio, for example.
We require VS2015 or newer for this at the moment.
There are two ways to build GStreamer using the MSVC toolchain:
1. Using the MSVC command-line tools (`cl.exe` etc.) via Meson's "ninja" backend.
2. Letting Meson's "vs2015" backend generate Visual Studio project files that
can be opened in Visual Studio and compiled from there.
This is currently only for adventurous souls though. All the bits are in place,
but support for all of this has not been merged into GStreamer's cerbero build
tool yet at the time of writing. This will hopefully happen in the next cycle,
but for now this means that those wishing to compile GStreamer with MSVC will
have to get their hands dirty.
There are also no binary SDK builds using the MSVC toolchain yet.
For more information on GStreamer builds using Meson and the Windows toolchain
check out Nirbheek Chauhan's blog post ["Building and developing GStreamer using Visual Studio"][msvc-blog].
[msvc-blog]: http://blog.nirbheek.in/2016/07/building-and-developing-gstreamer-using.html
### Dependencies
#### gstreamer
libunwind was added as an optional dependency. It is used only for debugging
and tracing purposes.
The `opencv` plugin in gst-plugins-bad can now be built against OpenCV
version 3.1, previously only 2.3-2.5 were supported.
#### gst-plugins-ugly
- `mpeg2dec` now requires at least libmpeg2 0.5.1 (from 2008).
#### gst-plugins-bad
- `gltransformation` now requires at least graphene 1.4.0.
- `lv2` now plugin requires at least lilv 0.16 instead of slv2.
### Packaging notes
Packagers please note that the `gst/gstconfig.h` public header file in the
GStreamer core library moved back from being an architecture dependent include
to being architecture independent, and thus it is no longer installed into
`$(libdir)/gstreamer-1.0/include/gst` but into the normal include directory
where it lives happily ever after with all the other public header files. The
reason for this is that we now check whether the target supports unaligned
memory access based on predefined compiler macros at compile time instead of
checking it at configure time.
## Platform-specific improvements
### Android
#### New universal binaries for all supported ABIs
We now provide a "universal" tarball to allow building apps against all the
architectures currently supported (x86, x86-64, armeabi, armeabi-v7a,
armeabi-v8a). This is needed for building with recent versions of the Android
NDK which defaults to building against all supported ABIs. Use [the Android
player example][android-player-example-build] as a reference for the required
changes.
[android-player-example-build]: https://cgit.freedesktop.org/gstreamer/gst-examples/commit/playback/player/android?id=a5cdde9119f038a1eb365aca20faa9741a38e788
#### Miscellaneous
- New `ahssrc` element that allows reading the hardware sensors, e.g. compass
or accelerometer.
### macOS (OS/X) and iOS
- Support for querying available devices on OS/X via the GstDeviceProvider
API was added.
- It is now possible to create OpenGL|ES 3.x contexts on iOS and use them in
combination with the VideoToolbox based decoder element.
- many OpenGL/GLES improvements, see OpenGL section above
### Windows
- gstconfig.h: Always use dllexport/import on Windows with MSVC
- Miscellaneous fixes to make libs and plugins compile with the MVSC toolchain
- MSVC toolchain support (see Meson section above for more details)
## New Modules for Documentation, Examples, Meson Build
Three new git modules have been added recently:
### gst-docs
This is a new module where we will maintain documentation in the markdown
format.
It contains the former gstreamer.com SDK tutorials which have kindly been made
available by Fluendo under a Creative Commons license. The tutorials have been
reviewed and updated for GStreamer 1.x and will be available as part of the
[official GStreamer documentation][doc] going forward. The old gstreamer.com
site will then be shut down with redirects pointing to the updated tutorials.
Some of the existing docbook XML-formatted documentation from the GStreamer
core module such as the *Application Development Manual* and the *Plugin
Writer's Guide* have been converted to markdown as well and will be maintained
in the gst-docs module in future. They will be removed from the GStreamer core
module in the next cycle.
This is just the beginning. Our goal is to provide a more cohesive documentation
experience for our users going forward, and easier to create and maintain
documentation for developers. There is a lot more work to do, get in touch if
you want to help out.
If you encounter any problems or spot any omissions or outdated content in the
new documentation, please [file a bug in bugzilla][doc-bug] to let us know.
We will probably release gst-docs as a separate tarball for distributions to
package in the next cycle.
[doc]: http://gstreamer.freedesktop.org/documentation/
[doc-bug]: https://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer&component=documentation
### gst-examples
A new [module][examples-git] has been added for examples. It does not contain
much yet, currently it only contains a small [http-launch][http-launch] utility
that serves a pipeline over http as well as various [GstPlayer playback frontends][puis]
for Android, iOS, Gtk+ and Qt.
More examples will be added over time. The examples in this repository should
be more useful and more substantial than most of the examples we ship as part
of our other modules, and also written in a way that makes them good example
code. If you have ideas for examples, let us know.
No decision has been made yet if this module will be released and/or packaged.
It probably makes sense to do so though.
[examples-git]: https://cgit.freedesktop.org/gstreamer/gst-examples/tree/
[http-launch]: https://cgit.freedesktop.org/gstreamer/gst-examples/tree/network/http-launch/
[puis]: https://cgit.freedesktop.org/gstreamer/gst-examples/tree/playback/player
### gst-build
[gst-build][gst-build-git] is a new meta module to build GStreamer using the
new Meson build system. This module is not required to build GStreamer with
Meson, it is merely for convenience and aims to provide a development setup
similar to the existing `gst-uninstalled` setup.
gst-build makes use of Meson's [subproject feature][meson-subprojects] and sets
up the various GStreamer modules as subprojects, so they can all be updated and
built in parallel.
This module is still very new and highly experimental. It should work at least
on Linux and Windows (OS/X needs some build fixes). Let us know of any issues
you encounter by popping into the `#gstreamer` IRC channel or by
[filing a bug][gst-build-bug].
This module will probably not be released or packaged (does not really make sense).
[gst-build-git]: https://cgit.freedesktop.org/gstreamer/gst-build/tree/
[gst-build-bug]: https://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer&component=gst-build
[meson-subprojects]: https://github.com/mesonbuild/meson/wiki/Subprojects
## Contributors
Aaron Boxer, Aleix Conchillo Flaqué, Alessandro Decina, Alexandru Băluț, Alex
Ashley, Alex-P. Natsios, Alistair Buxton, Allen Zhang, Andreas Naumann, Andrew
Eikum, Andy Devar, Anthony G. Basile, Arjen Veenhuizen, Arnaud Vrac, Artem
Martynovich, Arun Raghavan, Aurélien Zanelli, Barun Kumar Singh, Bernhard
Miller, Brad Lackey, Branko Subasic, Carlos Garcia Campos, Carlos Rafael
Giani, Christoffer Stengren, Daiki Ueno, Damian Ziobro, Danilo Cesar Lemes de
Paula, David Buchmann, Dimitrios Katsaros, Duncan Palmer, Edward Hervey,
Emmanuel Poitier, Enrico Jorns, Enrique Ocaña González, Fabrice Bellet,
Florian Zwoch, Florin Apostol, Francisco Velazquez, Frédéric Bertolus, Fredrik
Fornwall, Gaurav Gupta, George Kiagiadakis, Georg Lippitsch, Göran Jönsson,
Graham Leggett, Gregoire Gentil, Guillaume Desmottes, Gwang Yoon Hwang, Haakon
Sporsheim, Haihua Hu, Havard Graff, Heinrich Fink, Hoonhee Lee, Hyunjun Ko,
Iain Lane, Ian, Ian Jamison, Jagyum Koo, Jake Foytik, Jakub Adam, Jan
Alexander Steffens (heftig), Jan Schmidt, Javier Martinez Canillas, Jerome
Laheurte, Jesper Larsen, Jie Jiang, Jihae Yi, Jimmy Ohn, Jinwoo Ahn, Joakim
Johansson, Joan Pau Beltran, Jonas Holmberg, Jonathan Matthew, Jonathan Roy,
Josep Torra, Julien Isorce, Jun Ji, Jürgen Slowack, Justin Kim, Kazunori
Kobayashi, Kieran Bingham, Kipp Cannon, Koop Mast, Kouhei Sutou, Kseniia, Kyle
Schwarz, Kyungyong Kim, Linus Svensson, Luis de Bethencourt, Marcin Kolny,
Marcin Lewandowski, Marianna Smidth Buschle, Mario Sanchez Prada, Mark
Combellack, Mark Nauwelaerts, Martin Kelly, Matej Knopp, Mathieu Duponchelle,
Mats Lindestam, Matthew Gruenke, Matthew Waters, Michael Olbrich, Michal Lazo,
Miguel París Díaz, Mikhail Fludkov, Minjae Kim, Mohan R, Munez, Nicola Murino,
Nicolas Dufresne, Nicolas Huet, Nikita Bobkov, Nirbheek Chauhan, Olivier
Crête, Paolo Pettinato, Patricia Muscalu, Paulo Neves, Peng Liu, Peter
Seiderer, Philippe Normand, Philippe Renon, Philipp Zabel, Pierre Lamot, Piotr
Drąg, Prashant Gotarne, Raffaele Rossi, Ray Strode, Reynaldo H. Verdejo
Pinochet, Santiago Carot-Nemesio, Scott D Phillips, Sebastian Dröge, Sebastian
Rasmussen, Sergei Saveliev, Sergey Borovkov, Sergey Mamonov, Sergio Torres
Soldado, Seungha Yang, sezero, Song Bing, Sreerenj Balachandran, Stefan Sauer,
Stephen, Steven Hoving, Stian Selnes, Thiago Santos, Thibault Saunier, Thijs
Vermeir, Thomas Bluemel, Thomas Jones, Thomas Klausner, Thomas Scheuermann,
Tim-Philipp Müller, Ting-Wei Lan, Tom Schoonjans, Ursula Maplehurst, Vanessa
Chipirras Navalon, Víctor Manuel Jáquez Leal, Vincent Penquerc'h, Vineeth TM,
Vivia Nikolaidou, Vootele Vesterblom, Wang Xin-yu (王昕宇), William Manley,
Wim Taymans, Wonchul Lee, Xabier Rodriguez Calvar, Xavier Claessens, xlazom00,
Yann Jouanin, Zaheer Abbas Merali
... and many others who have contributed bug reports, translations, sent
suggestions or helped testing.
## Bugs fixed in 1.10
More than [750 bugs][bugs-fixed-in-1.10] have been fixed during
the development of 1.10.
This list does not include issues that have been cherry-picked into the
stable 1.8 branch and fixed there as well, all fixes that ended up in the
1.8 branch are also included in 1.10.
This list also does not include issues that have been fixed without a bug
report in bugzilla, so the actual number of fixes is much higher.
[bugs-fixed-in-1.10]: https://bugzilla.gnome.org/buglist.cgi?bug_status=RESOLVED&bug_status=VERIFIED&classification=Platform&limit=0&list_id=164074&order=bug_id&product=GStreamer&query_format=advanced&resolution=FIXED&target_milestone=1.8.1&target_milestone=1.8.2&target_milestone=1.8.3&target_milestone=1.8.4&target_milestone=1.9.1&target_milestone=1.9.2&target_milestone=1.9.90&target_milestone=1.10.0
## Stable 1.10 branch
After the 1.10.0 release there will be several 1.10.x bug-fix releases which
will contain bug fixes which have been deemed suitable for a stable branch,
but no new features or intrusive changes will be added to a bug-fix release
usually. The 1.10.x bug-fix releases will be made from the git 1.10 branch,
which is a stable branch.
### 1.10.0
1.10.0 was released on 1st November 2016.
## Known Issues
- iOS builds with iOS 6 SDK and old C++ STL. You need to select iOS 6 instead
of 7 or 8 in your projects settings to be able to link applications.
[Bug #766366](https://bugzilla.gnome.org/show_bug.cgi?id=766366)
- Code signing for Apple platforms has some problems currently, requiring
manual work to get your application signed. [Bug #771860](https://bugzilla.gnome.org/show_bug.cgi?id=771860)
- Building applications with Android NDK r13 on Windows does not work. Other
platforms and earlier/later versions of the NDK are not affected.
[Bug #772842](https://bugzilla.gnome.org/show_bug.cgi?id=772842)
- The new leaks tracer may deadlock the application (or exhibit other undefined
behaviour) when `SIGUSR` handling is enabled via the `GST_LEAKS_TRACER_SIG`
environment variable. [Bug #770373](https://bugzilla.gnome.org/show_bug.cgi?id=770373)
- vp8enc crashes on 32 bit Windows, but was working fine in 1.6. 64 bit Windows is unaffected.
[Bug #763663](https://bugzilla.gnome.org/show_bug.cgi?id=763663)
## Schedule for 1.12
Our next major feature release will be 1.12, and 1.11 will be the unstable
development version leading up to the stable 1.12 release. The development
of 1.11/1.12 will happen in the git master branch.
The plan for the 1.12 development cycle is yet to be confirmed, but it is
expected that feature freeze will be around early/mid-January,
followed by several 1.11 pre-releases and the new 1.12 stable release
in March.
1.12 will be backwards-compatible to the stable 1.10, 1.8, 1.6, 1.4, 1.2 and
1.0 release series.
- - -
*These release notes have been prepared by Olivier Crête, Sebastian Dröge,
Nicolas Dufresne, Edward Hervey, Víctor Manuel Jáquez Leal, Tim-Philipp
Müller, Reynaldo H. Verdejo Pinochet, Arun Raghavan, Thibault Saunier,
Jan Schmidt, Wim Taymans, Matthew Waters*
*License: [CC BY-SA 4.0](http://creativecommons.org/licenses/by-sa/4.0/)*
This is a minor release recommended for all users.
Resolved issues
#1015: Introducers can now remove devices that they introduced
#3726: Syncthing now correctly reconnects to staticly configured relays
#3718: strelaysrv: No longer crashes with "panic: send on closed channel"
#3682: strelaysrv: Binding to a specific address now works better
#3710: Folder information in the GUI now uses icons and tooltips
* IDNA 2008 support is now available if the "idna" module has been
installed and IDNA 2008 is requested. The default IDNA behavior
is still IDNA 2003. The new IDNA codec mechanism is currently
only useful for direct calls to dns.name.from_text() or
dns.name.from_unicode(), but in future releases it will be
deployed throughout dnspython, e.g. so that you can read a
masterfile with an IDNA 2008 codec in force.
* By default, dns.name.to_unicode() is not strict about which
version of IDNA the input complies with. Strictness can be
requested by using one of the strict IDNA codecs.
* Add AVC RR support.
* Some problems with newlines in various output modes have been
addressed.
* dns.name.to_text() now returns text and not bytes on Python 3.x
* More miscellaneous fixes for the Python 2/3 codeline merge.
---------------------------------
0.35 2016/11/03 08:30:00
- Minor POD updates.
- Added catastrophic failure protection to _croak_or_return() by adding
local $SIG{PIPE} = "IGNORE"; before connection termination logic. Limits
the scope to just this one code block.
0.34 2016/07/27 08:30:00
- BEHAVIOR CHANGE - Added fix_supported() as a way to make corrections to
supported(). Editing the returned hash reference of _help() no longer
works! This new method does both additions & removals.
- BEHAVIOUR CHANGE - Modified _mfmt() & _mdtm() to be able to handle localtime
vs gmtime based on changes to how PreserveTimestamp work. As an alternate
way, the behavior can be overriden by a new $local_flag option. The
default behavior is still GMT time. See the POD for a description of how
PreserveTimestamp now works.
- Made POD clarification & other comment updates.
- Increased TRACE_MOD from 5 to 10 blocks.
- Added BEGIN block to detect if IPv6 support is possible. It does this by
asking IO::Socket::SSL instead of reinventing the wheel.
- Moved the generation of the Debug log header info for CPAN support to BEGIN
as well so that this info gets centralized instead of repeated.
- Added Domain/Family as a new option for choosing IPv4 vs IPv6.
- Added OverrideHELP => -1 option to use FEAT instead, when HELP is broken!
- Updated quot() to recognize that MLSD also requires a data channel.
Also improved the disable HELP logic used here.
- Broke up _feat() into _feat() & feat(). Also added feat() to the POD.
Done since under some circumstances the feature list can be dynamic!
Also changed logic on how to tell if OPTS is supported or not.
Finally drops HELP from the list of FEAT commands returned if OverrideHELP
was used.
- Rewrote _help() to make it less confusing. Adding OverrideHELP=>-1 made it
clear it was too messy to support ongoing. Much more understandable now.
Also made it more reliable to get the list of site commands supported.
- Fixed PreserveTimestamp bug in transfer() & xtransfer().
- Added new option xWait for use by xput() & xtransfer(). Some servers won't
honor the rename of the scratch file to it's final name without instituting
a delay. So this option allows you to specify one.
- README - Added more notes about turning on/off SSL logging. Newer
versions allow for dynamic turning on/off. Also updated comments on the
naming of the trace logs.
- t/10-complex.t - Changes to the main test script!
* Now uses fix_supported() in it's is_file() tests since these test cases
hit some lies told by some servers!
* Fixed so it's main logs are named after this test program like the other
test cases do.
* Added new test to verify if the MDTM command correctly uses GMT time
instead of local time. (Assumes MFMT will use the same time zone!) Did
this test early enough so that the last connection used the correct
PreserveTimestamp settings for tests depending on it!
* Added xWait of 1 second to deal with problem FTP/S servers that require
a wait for the xput & xtransfer tests to work.
- t/05-readonly.t - Renamed 05-simple to 05-readonly to more acurately
describe the types of tests this test script does! Updated in MANIFEST &
README as well.
---------------------------
version 2.76
Include 0.0.0.0/8 in DNS rebind checks. This range
translates to hosts on the local network, or, at
least, 0.0.0.0 accesses the local host, so could
be targets for DNS rebinding. See RFC 5735 section 3
for details. Thanks to Stephen R旦ttger for the bug report.
Enhance --add-subnet to allow arbitrary subnet addresses.
Thanks to Ed Barsley for the patch.
Respect the --no-resolv flag in inotify code. Fixes bug
which caused dnsmasq to fail to start if a resolv-file
was a dangling symbolic link, even of --no-resolv set.
Thanks to Alexander Kurtz for spotting the problem.
Fix crash when an A or AAAA record is defined locally,
in a hosts file, and an upstream server sends a reply
that the same name is empty. Thanks to Edwin T旦r旦k for
the patch.
Fix failure to correctly calculate cache-size when
reading a hosts-file fails. Thanks to Andr辿 Gl端pker
for the patch.
Fix wrong answer to simple name query when --domain-needed
set, but no upstream servers configured. Dnsmasq returned
REFUSED, in this case, when it should be the same as when
upstream servers are configured - NOERROR. Thanks to
Allain Legacy for spotting the problem.
Return REFUSED when running out of forwarding table slots,
not SERVFAIL.
Add --max-port configuration. Thanks to Hans Dedecker for
the patch.
Add --script-arp and two new functions for the dhcp-script.
These are "arp" and "arp-old" which announce the arrival and
removal of entries in the ARP or nieghbour tables.
Extend --add-mac to allow a new encoding of the MAC address
as base64, by configurting --add-mac=base64
Add --add-cpe-id option.
Don't crash with divide-by-zero if an IPv6 dhcp-range
is declared as a whole /64.
(ie xx::0 to xx::ffff:ffff:ffff:ffff)
Thanks to Laurent Bendel for spotting this problem.
Add support for a TTL parameter in --host-record and
--cname.
Add --dhcp-ttl option.
Add --tftp-mtu option. Thanks to Patrick McLean for the
initial patch.
Check return-code of inet_pton() when parsing dhcp-option.
Bad addresses could fail to generate errors and result in
garbage dhcp-options being sent. Thanks to Marc Branchaud
for spotting this.
Fix wrong value for EDNS UDP packet size when using
--servers-file to define upstream DNS servers. Thanks to
Scott Bonar for the bug report.
Move the dhcp_release and dhcp_lease_time tools from
contrib/wrt to contrib/lease-tools.
Add dhcp_release6 to contrib/lease-tools. Many thanks
to Sergey Nechaev for this code.
To avoid filling logs in configurations which define
many upstream nameservers, don't log more that 30 servers.
The number to be logged can be changed as SERVERS_LOGGED
in src/config.h.
Swap the values if BC_EFI and x86-64_EFI in --pxe-service.
These were previously wrong due to an error in RFC 4578.
If you're using BC_EFI to boot 64-bit EFI machines, you
will need to update your config.
Add ARM32_EFI and ARM64_EFI as valid architectures in
--pxe-service.
Fix PXE booting for UEFI architectures. Modify PXE boot
sequence in this case to force the client to talk to dnsmasq
over port 4011. This makes PXE and especially proxy-DHCP PXE
work with these archictectures.
Workaround problems with UEFI PXE clients. There exist
in the wild PXE clients which have problems with PXE
boot menus. To work around this, when there's a single
--pxe-service which applies to client, then that target
will be booted directly, rather then sending a
single-item boot menu.
Many thanks to Jarek Polok, Michael Kuron and Dreamcat4
for their work on the long-standing UEFI PXE problem.
Subtle change in the semantics of "basename" in
--pxe-service. The historical behaviour has always been
that the actual filename downloaded from the TFTP server
is <basename>.<layer> where <layer> is an integer which
corresponds to the layer parameter supplied by the client.
It's not clear what the function of the "layer"
actually is in the PXE protocol, and in practise layer
is always zero, so the filename is <basename>.0
The new behaviour is the same as the old, except when
<basename> includes a file suffix, in which case
the layer suffix is no longer added. This allows
sensible suffices to be used, rather then the
meaningless ".0". Only in the unlikely event that you
have a config with a basename which already has a
suffix, is this an incompatible change, since the file
downloaded will change from name.suffix.0 to justy
name.suffix
This is a minor release recommended for all users.
Resolved issues:
#36236: Display of global and local state is clearer, especially in the presence of ignores.
#36471: GUI does not show "failed items" unless there are items that have failed.
Also:
Fixes to questionmark and asterisk handling in ignore patterns.
Build script can create a snap file.
"Black" theme re-added.
Debugging options for deadlocks.
Twisted Core 16.5.0 (2016-10-28)
================================
Features
--------
- Added twisted.internet.defer.Deferred.addTimeout method to enable
timeouts of deferreds. (#5786)
- Perspective Broker (the twisted.spread package) has been ported to
Python 3 (#7598)
- 'yield from' can now be used on Deferreds inside generators, when
the generator is wrapped with
twisted.internet.defer.ensureDeferred. (#8087)
- twisted.internet.asyncioreactor has been added, which is a Twisted
reactor on top of Python 3.4+'s native asyncio reactor. It can be
selected by passing "--reactor=asyncio" to Twisted tools (twistd,
Trial, etc) on platforms that support it (Python 3.4+). (#8367)
- twisted.python.zippath now works on Windows with Python 3. (#8747)
- twisted.internet.cfreactor is ported to Python 3 and supported on
2.7 and 3.5+. (#8838)
Bugfixes
--------
- twisted.internet.test.test_iocp and twisted.internet.test.test_tcp
have been fixed to work under Python 3 with the Windows IOCP
reactor (#8631)
- Arguments to processes on Windows are now passed mbcs-encoded
arguments. This prevents process-related tests from hanging on
Windows with Python 3. (#8735)
- Client and server TLS connections made via the client TLS endpoint
and the server SSL endpoint, as well as any other code that uses
twisted.internet.ssl.CertificateOptions, no longer accept 3DES-
based cipher suites by default, to defend against SWEET32. (#8781)
- twisted.logger.jsonFileLogObserver no longer emits non-JSON
tracebacks into its file; additionally,
twisted.logger.formatEventAsClassicLogText now includes traceback
information for the log event it formats. (#8858)
- twisted.python.version now exports a version of Incremental that is
16.10.1 or higher, making t.p.v.Version package name comparisons
case-insensitive. (#8863)
- twisted.python.reflect.safe_str encodes unicode as ascii with
backslashreplace error handling on Python 2. (#8864)
Improved Documentation
----------------------
- The twisted.internet.interfaces.IProtocol.dataReceived() method
takes one parameter of type bytes. This has been clarified in the
doc string. (#8763)
Deprecations and Removals
-------------------------
- twisted.python.constants is deprecated in preference to constantly
on PyPI, which is the same code rolled into its own package.
(#7351)
- twisted.python.dist3 has been made private API. (#8761)
- When the source code is checked out, bin/trial is no longer in the
tree. Developers working on the Twisted source code itself should
either (1) run all tests under tox, or (2) run 'python setup.py
develop' to install trial before running any tests. (#8765)
- twisted.protocols.gps, deprecated since Twisted 15.2, has been
removed. (#8787)
Other
-----
- #4926, #7868, #8209, #8214, #8271, #8308, #8324, #8348, #8367,
#8377, #8378, #8379, #8380, #8381, #8383, #8385, #8387, #8388,
#8389, #8391, #8392, #8393, #8394, #8397, #8406, #8410, #8412,
#8413, #8414, #8421, #8425, #8426, #8430, #8432, #8434, #8435,
#8437, #8438, #8439, #8444, #8451, #8452, #8453, #8454, #8456,
#8457, #8459, #8462, #8463, #8465, #8468, #8469, #8479, #8482,
#8483, #8486, #8490, #8493, #8494, #8496, #8497, #8498, #8499,
#8501, #8503, #8504, #8507, #8508, #8510, #8513, #8514, #8515,
#8516, #8517, #8520, #8521, #8522, #8523, #8524, #8527, #8528,
#8529, #8531, #8532, #8534, #8536, #8537, #8538, #8543, #8544,
#8548, #8552, #8553, #8554, #8555, #8557, #8560, #8563, #8565,
#8568, #8569, #8572, #8573, #8574, #8580, #8581, #8582, #8586,
#8589, #8590, #8592, #8593, #8598, #8603, #8604, #8606, #8609,
#8615, #8616, #8617, #8618, #8619, #8621, #8622, #8624, #8627,
#8628, #8630, #8632, #8634, #8640, #8644, #8645, #8646, #8647,
#8662, #8664, #8666, #8668, #8671, #8672, #8677, #8678, #8684,
#8691, #8702, #8705, #8706, #8716, #8719, #8724, #8725, #8727,
#8734, #8741, #8749, #8752, #8754, #8755, #8756, #8757, #8758,
#8767, #8773, #8776, #8779, #8780, #8785, #8788, #8789, #8790,
#8792, #8793, #8799, #8808, #8817, #8839, #8845, #8852
Twisted Conch 16.5.0 (2016-10-28)
=================================
Features
--------
- SSH key fingerprints can be generated using base64 encoded SHA256
hashes. (#8701)
Bugfixes
--------
- SSHUserAuthServer does not crash on keyboard interactive
authentication when running on Python 3 (#8771)
- twisted.conch.insults.insults.ServerProtocol no longer corrupts a
client's display when attempting to set the cursor position, and
its ECMA-48 terminal manipulation works on Python 3. (#8803)
Other
-----
- #8495, #8511, #8715, #8851
Twisted Mail 16.5.0 (2016-10-28)
================================
Deprecations and Removals
-------------------------
- twisted.mail.protocols.DomainSMTP and DomainESMTP, deprecated since
2003, have been removed. (#8772)
Other
-----
- #6289, #8525, #8786, #8830
Twisted Names 16.5.0 (2016-10-28)
=================================
No significant changes have been made for this release.
Other
-----
- #8625, #8663
Twisted Pair 16.5.0 (2016-10-28)
================================
Features
--------
- twisted.pair has been ported to Python 3 (#8744)
Twisted Web 16.5.0 (2016-10-28)
===============================
Bugfixes
--------
- twisted.web.client.HTTPConnectionPool and anything that uses it,
like twisted.web.client.Agent, have had their logic for resuming
transports changed so that transports are resumed after state
machine transitions are complete, rather than before. This change
allows the HTTP client infrastructure to work with alternative HTTP
implementations such as HTTP/2 which may be able to deliver a
complete response synchronously when producing is resumed. (#8720)
Other
-----
- #8519, #8530, #8629, #8707, #8777, #8778, #8844
Twisted Words 16.5.0 (2016-10-28)
=================================
No significant changes have been made for this release.
Other
-----
- #8360, #8460
v0.9.2.3
Notes:
This release is required for Syncthing daemon version 0.14.6 or newer. Older version of Syncthing-GTK will not connect to new Syncthing daemon.
v0.9.2.2
New:
Added Brazilian Portuguese translation (thanks to @robsonsobral)
Support for folder labels in notifications (thanks to @acolomb)
Fixes:
Not sending 'Host' header breaks Syncthing >=v0.14.6
Crash on start with some Windows installations (thanks @Palatis)
===========================
Bugfixes:
---------
- Missing glue records in some responses
- Knsupdate prompt printing on non-terminal
- Mismatch between configuration policy item names and documentation
- Segfault on OS X (Sierra)
Improvements:
-------------
- Significant speed-up of conf-commit and conf-diff operations (in most cases)
- New EDNS Client Subnet libknot API
- Better semantic-checks error messages
Features:
---------
- Print TLS certificate hierarchy in kdig verbose mode
- New +subnet alias for +client
- New mod-whoami and mod-noudp modules
- New zone-purge control command
- New log-queries and log-responses options for mod-dnstap
Bug #4041 UHD/4K DPI scaling broken on Windows servers
Bug #4420 When XRandR adds a screen, it is inaccessible
Bug #5603 Activation notification depends on existence of /etc/os-release
Bug #5624 Update notification sometimes requests a downgrade
Bug #5329 Current date is shown for build date in the about dialog
Bug #5640 Synergy branding is inconsistent across platforms
Enhancement #5617 Remove redundant plugin infrastructure
Enhancement #5627 Move SSL certificate generation to main window
Enhancement #5628 Move SSL implementation into core binary
Enhancement #5629 Move activation from wizard into new dialog window
From Kai-Uwe Eckhardt in PR 51576.
OpenConnect v7.07 (PGP signature) — 2016-07-11
More fixes for OpenSSL 1.1 build.
Support Juniper "Post Sign-in Message".
Add --protocol option.
Fix ChaCha20-Poly1305 cipher suite to reflect final standard.
Add ability to disable IPv6 support via library API.
Set groups appropriately when using setuid().
Automatic DTLS MTU detection.
Support SSL client certificate authentication with Juniper servers.
Revamp SSL certificate validation for OpenSSL and stop supporting OpenSSL older than 0.9.8.
Fix handling of multiple DNS search domains with Network Connect.
Fix handling of large configuration packets for Network Connect.
Enable SNI when built with OpenSSL (1.0.1g or later).
Add --resolve and --local-hostname options to command line.
From Kai-Uwe Eckhardt in PR 51576.
Changes:
rewrite resolv.conf parsing master
avoid multiple "domain" entries in resolv.conf
fix comment
OSX - Fix split DNS when doing split routing
Enable resolvconf on FreeBSD too
The PyDNS provides a module for performing DNS queries from python
applications. It was originally based on Guido van Rossum's DNS library
code, but has drifted further and further away from it over time.
This is a different DNS module to net/py-dns (dnspython).
gandicli is a command line interface for the Gandi.net services. It can
be used to buying and managing domains, web applications, virtual
machines or SSL certificates.
v0.14.9
Resolved issues:
#3651: Documentation PDFs are fixed.
#3638: German localisation is improved. (As are a couple of others as I forgot to update them the last release.)
#3619: Browser error on first startup doesn't happen as easily anymore.
#3664: Syncthing compiles in Go versions older than 1.7 again.
#3577: Adding folder using Long UNC path no longer causes stack overflow (but don't do that, it's not necessary).
v0.14.8
This is a minor release recommended for all users.
The main change here is to handle issues with the new SHA256 implementation introduced in 0.14.7. When using the monitor process (which is the default) crashes will be detected and the new hashing package disabled. A manual selection can also be forced by setting the environment variable STHASHING to either minio (the new package) or standard (the default Go package).
Resolved issues:
#3613: The monitor process now detects crashes due to the new hashing package and disables it on subsequent launch.
#3614: The two hash packages are benchmarked on startup and the fastest on is selected.
#3588: Folders are now correctly shown as out of sync when they miss only deleted files.
#3578: UPnP handling is corrected in the case where more than one router is detected.
#3639: Patterns with terminal slash (e.g., "dir/") now correctly ignore directory contents.
* Remove an useless patch
Changelog:
NSD 4.1.13
Sep 27, 2016
Features
multi-master-check: yes can be used to check all masters for the last version, using the higher version from the configured masters, from Manabu Sonoda.
Support RR type OPENPGPKEY from RFC 7929.
Can config key algorithms with the digest name, eg. 'sha256'.
configure --disable-radix-tree for about 15% lower memory usage.
for type SRV add A/AAAA to the additional section (if possible), just like we already do for type MX.
more extensible edns option handling.
Bugfixes
Fix compile warnings about unused result from write and strtol. and signcompare in minmax retrytime.
Fix#812: fix that make depend fails after distribution.
Fix#817: xfrd update failed loop.
Add robustness against unallocated data in nsec3 trees.
Fix README spelling error of BSD license (reported by Joerg Jung).
Fix multimaster for not tried full zone transfer for a expired zone.
Fix#827: fix compile with openssl 1.1.0 with api=1.1.0.
* Change tarball to released one
Changelog:
Version 1.3.3 (2016-10-01):
- Support longer tweets in a few more places
- Properly escape ampersand characters in user mentions to fix
GtkLabel warnings about wrong escape characters in tooltips
- Fix tweet length calculations for whitespace-only tweets
- Check for duplicated entries in media arrays. This is apparently a
problem on Twitter's side but led to crashes in Corebird (see #627)
- Use the correct nsfw status of a tweet, i.e. the one that can
actually show images.
- Fix a crash when sending a tweet with multiple images attached
- Fix tweet length calculation of quote tweets. This previously led to
tweets getting rejected by the server even though Corebird claimed
they were fine. See #628
Version 1.3.2 (2016-09-25):
- Cope with the tweet length changes introduced by Twitter
- Fix a problem with malformed media URLs
ENet's purpose is to provide a relatively thin, simple and robust network
communication layer on top of UDP (User Datagram Protocol). The primary
feature it provides is optional reliable, in-order delivery of packets.
ENet is NOT intended to be a general purpose high level networking library
that handles authentication, lobbying, server discovery, compression,
encryption and other high level, often application level or dependent tasks.
1.3.2
- The description for org_by_name incorrectly directed people to
use name_by_addr rather than name_by_name.
- Previously GeoIP.country_names was populated from
GeoIP_country_name in the libGeoIP C API. Some versions of the
libGeoIP include non-ASCII ISO-8859-1 characters in these names,
causing encoding errors under Python. When installed under
Python 3, this API now uses UTF-8 country names to populate
this dict.
1.3.1
- Strings with non-ASCII characters would throw a UTF-8 decoding
error. In Python 3, all strings from the database are in UTF-8
and using set_charset to set the character set to something
other than UTF-8 will throw an ValueError exception.
1.3.0
- Python 3 support and significant code cleanup.
- The methods name_by_addr, name_by_addr_v6, name_by_name, and
name_by_name_v6 were added for ISP, Org, and ASNum lookups.
- Portability fixes.
- Expose GEOIP_MMAP_CACHE from the C library.
- Unit tests were added.
1.2.9
- Packaging fix. PyPI-only release.
1.2.8
- Remove unused code.
- Fix low memory error handling and refcount issues on error
reported by Matt Domsch
1.2.7
- Add example test_netspeedcell.py
* Release 0.12.4 (27-Sep-2016)
** Improvements
The TCP connection-hint handler can now accept square-bracket-wrapped IPv6
addresses in colon-hex format. You can produce FURLs with such hints by doing
this:
tub.setLocation("tcp:[2001:0DB8:f00e:eb00::1]:9900")
Foolscap Tubs have been using the IPv6-capable `HostnameEndpoint` since
0.11.0, so this completes the IPv6 support. Note that there are no provisions
for automatically detecting the host's IPv6 addresses: applications that wish
to use addresses (instead of hostnames) must discover those addresses on
their own. #155
A new `tor.control_endpoint_maker()` handler function was added, which is
just like `tor.control_endpoint()` but accepts a callable function, which
will be invoked only when a `tor:` hint is encountered. The function can
return a Deferred which yields the control endpoint. This allows lazy
launching of a Tor daemon, which can also be shared with other application
needs, such as listening on an Onion service. #270
Based on a PR by Jussi Sallinen.
1.6.9 2016-01-11
- Fix a regression introduced in version 1.6.8, which caused
GeoIP_database_info to erroneously return NULL.
1.6.8 2016-01-11
- Allow compilation on older systems by relaxing the autoconf and automake
minimum versions. Thank you, Jose Rubio!
- Avoid potential problems in multi-threaded environments by consistently using
pread() rather than read().
- Fix various small issues reported by clang's static analyser.
1.6.7 2015-10-30
- Fixed a MSVC parser stack overflow when parsing `regionName.c` and
`timeZone.c`. Fix by elliotlo. GitHub #64.
- Updated region codes and timezones.
- When using `GEOIP_MEMORY_CACHE` with an invalid database file, the search
tree traversal could attempt to read memory outside of the memory allocated
for the memory cache, resulting in a segmentation fault. A check was added
to ensure that the traversal code does not try to read beyond the end of the
file, whether in memory, memory mapped, or on disk.
- Previously the return values from file reads were ignored. We now check
these values to ensure that there were no errors.
1.6.6 2015-07-28
- Replaced usage of deprecated fileno, read, and lseek on Visual Studio 2005+
with their ISO C++ conformant replacements.
- A warning about using a double as a float was fixed.
- Fixed segfault when doing a lookup on an empty database.
- Fixed a memcheck error from valgrind in the `_check_mtime`
function.
- Fixed `_check_mtime` to check the return value of `gettimeofday` rather than
just assuming it worked.
1.6.5 2015-02-25
- A segmentation fault in `geoiplookup` was fixed when the utility was passed
an invalid database.
- Additional validation was added for validation of the size used in the
creation of the index cache.
- Changed the code to only look up country codes by using functions which
ensure that we do not try to look past the end of an array.
1.6.4 2015-01-12
- Update Fips codes
- Several issues with the MinGW build were fixed.
- Use a constructor in pread.c to ensure the critical section is always
initialized.
- Added missing include of `io.h` on Windows.
- Fixed `configure` warning that `'missing' script is too old or missing`.
- Previously `nmake /f Makefile.vc clean` would fail on Windows. This was
fixed.
- Obsolete win32 and NetWare make files were removed.
- Numerous documentation updates.
1.6.3 2014-10-29
- Added a GEOIP_SILENCE flag. Include this flag when calling GeoIP_open to
prevent any messages from being written to stderr.
- Mitigate a possible race condition when running under threads in the
GeoIP_cleanup function.
- Added some recommendations to the docs on using this library in a
threaded application.
- Fixed some bugs discovered by coverity, including failure to check some
system call return values and making sure all strings are
null-terminated.
1.6.2 2014-07-08
- Two files required for building on Win32 were missing from the 1.6.1
release. These files were added. There are no changes affecting other
platforms.
1.6.1 2014-06-26
- Improve Win32 support
- Update FIPS codes
1.6.0 2013-10-29
- Remove geoipupdate
1.5.2 2013-10-29
- Update region and time zones
- Fix benchmark script
- Remove autogenerated files ltmain.sh, man/geoip*.1
- Explain how to download free geolite databases in the README.md and
GeoIP.conf.default
- geoipupdate returns 1 on error 0 on success instead of the error code
- README is replaced by README.md
- Add support for OS X Mavericks
1.5.1 2013-05-14
- Update time_zone for Ontario, Canada
- geoiplookup and geoiplookup6 exit code is 0 when user asked for help
- Added -h option to geoiplookup6
- Do not load the database file if nodes and file size do not make
sense.
- Keep README and man pages in pure ascii.
- It doesn't make sense to use GEOIP_INDEX_MODE with small databases
like GEOIP_COUNTRY_EDITION. Instead of undefined behaviour we handle
it silently as GEOIP_MEMORY_MODE
- Update FIPS codes for Greece
1.5.0 2013-02-21
- Rename custom_directory to GeoIP_custom_directory.
- Make sure the database match the requested type. This is helpful for
Databases with the same default name and the general geoiplookup form
(geoiplookup without a specific database)
- apps/geoiplookup6.c use the ipnum instead of the hostname for lookups.
- Use configure.ac instead of configure.in
- Region lookup is a bit faster
- Add pkg-config file
- Updates required to build a Windows DLL under MinGW
- Make API thread safe
- geoiplookup's default charset is UTF8
-l change the charset back to iso8859-1
- geoipupdate skips \r otherwise it might be part of the last
product_id
- Update time zones
- Update Region codes
- Remove the unused CITYCONFIDENCE* database types
- bootstrap rebuilds ltmain.sh
- Update README.OSX for Lion
- Change Macedonia to Macedonia, The Former Yugoslav Republic of
- Add region_name to geoiplookup GEOIP_CITY_EDITION_REV1
- Add region_name to geoiplookup GEOIP_CITY_EDITION_REV0
- Add a --disable-data-files option. This allows you to build and install
the library without having a data/GeoIP.dat file. This is useful when
building the library from a checkout of the source tree, rather than a
tarball
- Add GEOIP_ACCURACYRADIUS_EDITION and GEOIP_ACCURACYRADIUS_EDITION_V6
- Add more database types GEOIP_COUNTRYCONF_EDITION,
GEOIP_CITYCONF_EDITION, GEOIP_REGIONCONF_EDITION and
GEOIP_POSTALCONF_EDITION
- Fix default filenames for GEOIP_NETSPEED_EDITION_REV1 and
GEOIP_NETSPEED_EDITION_REV1_V6
Changes in version 0.2.8.9 - 2016-10-17
Tor 0.2.8.9 backports a fix for a security hole in previous versions
of Tor that would allow a remote attacker to crash a Tor client,
hidden service, relay, or authority. All Tor users should upgrade to
this version, or to 0.2.9.4-alpha. Patches will be released for older
versions of Tor.
o Major features (security fixes, also in 0.2.9.4-alpha):
- Prevent a class of security bugs caused by treating the contents
of a buffer chunk as if they were a NUL-terminated string. At
least one such bug seems to be present in all currently used
versions of Tor, and would allow an attacker to remotely crash
most Tor instances, especially those compiled with extra compiler
hardening. With this defense in place, such bugs can't crash Tor,
though we should still fix them as they occur. Closes ticket
20384 (TROVE-2016-10-001).
o Minor features (geoip):
- Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2
Country database.
## Changes Between 1.5.x and 1.6.0 (Apr 4th, 2016)
### amq-protocol Update
Minimum `amq-protocol` version is now `2.0.1`.
### Provide More Details in TCP Connection Failure Exception
Contributed by Neil Hooey.
GH issue: [#222](https://github.com/ruby-amqp/amqp/issues/222).
### Ensures frameset is cleared after an unhandled exception
Ensures frameset is cleared after an unhandled exception.
This avoids confusing exceptions such as
```
undefined method `method_class' for #<AMQ::Protocol::BodyFrame:0x0000001e8a60b0>
```
Contributed by Michael Lutsiuk.
GH issue: [#218](https://github.com/ruby-amqp/amqp/issues/218)
ok pettai@
Changes:
Nmap 7.30 [2016-09-29]
Integrated all 12 of your IPv6 OS fingerprint submissions from June to September. No new groups, but several classifications were strengthened, especially Windows localhost and OS X. [Daniel Miller]
[NSE] Added 7 NSE scripts, from 3 authors, bringing the total up to 541! They are all listed at https://nmap.org/nsedoc/, and the summaries are below (authors are listed in brackets):
[GH#369] coap-resources grabs the list of available resources from CoAP endpoints. [Mak Kolybabi]
fox-info retrieves detailed version and configuration info from Tridium Niagara Fox services. [Stephen Hilt]
ipmi-brute performs authentication brute-forcing on IPMI services. [Claudiu Perta]
ipmi-cipher-zero checks IPMI services for Cipher Zero support, which allows connection without a password. [Claudiu Perta]
ipmi-version retrieves protocol version and authentication options from ASF-RMCP (IPMI) services. [Claudiu Perta]
[GH#352] mqtt-subscribe connects to a MQTT broker, subscribes to topics, and lists the messages received. [Mak Kolybabi]
pcworx-info retrieves PLC model, firmware version, and date from Phoenix Contact PLCs. [Stephen Hilt]
Upgraded Npcap, our new Windows packet capturing driver/library, from version to 0.09 to 0.10r2. This includes many bug fixes, with a particular on emphasis on concurrency issues discovered by running hundreds of Nmap instances at a time. More details are available from https://github.com/nmap/npcap/releases. [Yang Luo, Daniel Miller, Fyodor]
New service probes and match lines for DTLS, IPMI-RMCP, MQTT, PCWorx, ProConOS, and Tridium Fox, [Stephen Hilt, Mak Kolybabi, Daniel Miller]
Improved some output filtering to remove or escape carriage returns ('\r') that could allow output spoofing by overwriting portions of the screen. Issue reported by Adam Rutherford. [Daniel Miller]
[NSE] Fixed a few bad Lua patterns that could result in denial of service due to excessive backtracking. [Adam Rutherford, Daniel Miller]
Fixed a discrepancy between the number of targets selected with -iR and the number of hosts scanned, resulting in output like "Nmap done: 1033 IP addresses" when the user specified -iR 1000. [Daniel Miller]
Fixed a bug in port specification parsing that could cause extraneous 'T', 'U', 'S', and 'P' characters to be ignored when they should have caused an error. [David Fifield]
[GH#543] Restored compatibility with LibreSSL, which was lost in adding library version checks for OpenSSL 1.1. [Wonko7]
[Zenmap] Fixed a bug in the Compare Scans window of Zenmap on OS X resulting in this message instead of Ndiff output:
ImportError: dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.7/lib-dynload/datetime.so, 2): no suitable image found. Did find:
/Applications/Zenmap.app/Contents/Resources/lib/python2.7/lib-dynload/datetime.so: mach-o, but wrong architecture
Reported by Kyle Gustafson. [Daniel Miller]
[NSE] Fixed a bug in ssl-enum-ciphers and ssl-dh-params which caused them to not output TLSv1.2 info with DHE ciphersuites or others involving ServerKeyExchange messages. [Daniel Miller]
[NSE] Added X509v3 extension parsing to NSE's sslcert code. ssl-cert now shows the Subject Alternative Name extension; all extensions are shown in the XML output. [Daniel Miller]
Nmap 7.25BETA2 [2016-09-01]
[GH#376] Windows binaries are now code-signed with our "Insecure.Com LLC" SHA256 certificate. This should give our users extra peace-of-mind and avoid triggering Microsoft's ever-increasing security warnings.
[NSE] Upgraded NSE to Lua 5.3, adding bitwise operators, integer data type, a utf8 library, and native binary packing and unpacking functions. Removed bit library, added bits.lua, replaced base32, base64, and bin libraries. [Patrick Donnelly]
[NSE] Added 2 NSE scripts, bringing the total up to 534! They are both listed at https://nmap.org/nsedoc/, and the summaries are below:
oracle-tns-version decodes the version number from Oracle Database Server's TNS listener. [Daniel Miller]
clock-skew analyzes and reports clock skew between Nmap and services that report timestamps, grouping hosts with similar skews. [Daniel Miller]
Integrated all of your service/version detection fingerprints submitted from January to April (578 of them). The signature count went up 2.2% to 10760. We now detect 1122 protocols, from elasticsearch, fhem, and goldengate to ptcp, resin-watchdog, and siemens-logo. [Daniel Miller]
Upgraded Npcap, our new Windows packet capturing driver/library, from version 0.07-r17 to 0.09. This includes many improvements you can read about at https://github.com/nmap/npcap/releases.
[Nsock][GH#148] Added the new IOCP Nsock engine which uses the Windows Overlapped I/O API to improve performance of version scan and NSE against many targets on Windows. [Tudor Emil Coman]
[GH#376] Windows binaries are now code-signed with our "Insecure.Com LLC" SHA256 certificate. This should give our users extra peace-of-mind and avoid triggering Microsoft's ever-increasing security warnings.
Various performance improvements for large-scale high-rate scanning, including increased ping host groups, faster probe matching, and ensuring data types can handle an Internet's-worth of targets. [Tudor Emil Coman]
[NSE] Added the oracle-tns-version NSE script which decodes the version number from Oracle Database Server's TNS listener. https://nmap.org/nsedoc/scripts/oracle-tns-version.html [Daniel Miller]
[NSE] Added the clock-skew NSE script which analyzes and reports clock skew between Nmap and services that report timestamps, grouping hosts with similar skews. https://nmap.org/nsedoc/scripts/clock-skew.html [Daniel Miller]
[Zenmap] Long-overdue Spanish language translation has been added! Muy bien! [Vincent Dumont, Marta Garcia De La Paz, Paulino Calderon, Patricio Castagnaro]
[Zenmap][GH#449] Fix a crash when closing Zenmap due to a read-only zenmap.conf. User will be warned that config cannot be saved and that they should fix the file permissions. [Daniel Miller]
[NSE] Fix a crash when parsing TLS certificates that OpenSSL doesn't support, like DH certificates or corrupted certs. When this happens, ssl-enum-ciphers will label the ciphersuite strength as "unknown." Reported by Bertrand Bonnefoy-Claudet. [Daniel Miller]
[NSE][GH#531] Fix two issues in sslcert.lua that prevented correct operations against LDAP services when version detection or STARTTLS were used. [Tom Sellers]
[Zenmap] Long-overdue Spanish language translation has been added! Muy bien! [Vincent Dumont, Marta Garcia De La Paz, Paulino Calderon, Patricio Castagnaro]
[GH#426] Remove a workaround for lack of selectable pcap file descriptors on Windows, which required including pcap-int.h and locking us to a single version of libpcap. The new method, using WaitForSingleObject should work with all versions of both WinPcap and Npcap. [Daniel Miller]
[NSE][GH#234] Added a --script-timeout option for limiting run time for every individual NSE script. [Abhishek Singh]
[Ncat][GH#444] Added a -z option to Ncat. Just like the -z option in traditional netcat, it can be used to quickly check the status of a port. Port ranges are not supported since we recommend a certain other tool for port scanning. [Abhishek Singh]
Fix checking of Npcap/WinPcap presence on Windows so that "nmap -A" and "nmap" with no options result in the same behaviors as on Linux (and no crashes) [Daniel Miller]
[NSE] ssl-enum-ciphers will now warn about 64-bit block ciphers in CBC mode, which are vulnerable to the SWEET32 attack.
[NSE][GH#117] tftp-enum now only brute-forces IP-address-based Cisco filenames when the wordlist contains "{cisco}". Previously, custom wordlists would still end up sending these extra 256 requests. [Sriram Raghunathan]
[GH#472] Avoid an unnecessary assert failure in timing.cc when printing estimated completion time. Instead, we'll output a diagnostic error message:
Timing error: localtime(n) is NULL
where "n" is some number that is causing problems. [Jean-Guilhem Nousse]
[NSE][GH#519] Removed the obsolete script ip-geolocation-geobytes. [Paulino Calderon]
[NSE] Added 9 new fingerprints for script http-default-accounts. (Motorola AP, Lantronix print server, Dell iDRAC6, HP StorageWorks, Zabbix, Schneider controller, Xerox printer, Citrix NetScaler, ESXi hypervisor) [nnposter]
[NSE] Completed a refresh and validation of almost all fingerprints for script http-default-accounts. Also improved the script speed. [nnposter]
[GH#98] Added support for decoys in IPv6. Earlier we supported decoys only in IPv4. [Abhishek Singh]
Various performance improvements for large-scale high-rate scanning, including increased ping host groups, faster probe matching, and ensuring data types can handle an Internet's-worth of targets. [Tudor Emil Coman]
[GH#484] Allow Nmap to compile on some older Red Hat distros that disable EC crypto support in OpenSSL. [Jeroen Roovers, Vincent Dumont]
[GH#439] Nmap now supports OpenSSL 1.1.0-pre5 and previous versions. [Vincent Dumont]
[Ncat] Fix a crash ("add_fdinfo() failed.") when --exec was used with --ssl and --max-conns, due to improper accounting of file descriptors. [Daniel Miller]
FTP Bounce scan: improved some edge cases like anonymous login without password, 500 errors used to indicate port closed, and timeouts for LIST command. Also fixed a 1-byte array overrun (read) when checking for privileged ports. [Daniel Miller]
[GH#140] Allow target DNS names up to 254 bytes. We previously imposed an incorrect limit of 64 bytes in several parts of Nmap. [Vincent Dumont]
[NSE] The hard limit on number of concurrently running scripts can now increase above 1000 to match a high user-set --min-parallelism value. [Tudor Emil Coman]
[NSE] Solved a memory corruption issue that would happen if a socket connect operation produced an error immediately, such as Network Unreachable. The event handler was throwing a Lua error, preventing Nsock from cleaning up properly, leaking events. [Abhishek Singh, Daniel Miller]
[NSE] Added the datetime library for performing date and time calculations, and as a helper to the clock-skew script.
[GH#103][GH#364] Made Nmap's parallel reverse DNS resolver more robust, fully handling truncated replies. If a response is too long, we now fall back to using the system resolver to answer it. [Abhishek Singh]
[Zenmap][GH#279] Added a legend for the Topography window. [Suraj Hande]
Nmap 7.25BETA1 [2016-07-15]
Nmap now ships with and uses Npcap, our new packet sniffing library for Windows. It's based on WinPcap (unmaintained for years), but uses modern Windows APIs for better performance. It also includes security improvements and many bug fixes. See http://npcap.org. And it enables Nmap to perform SYN scans and OS detection against localhost, which we haven't been able to do on Windows since Microsoft removed the raw sockets API in 2003. [Yang Luo, Daniel Miller, Fyodor]
[NSE] Added 6 NSE scripts, from 5 authors, bringing the total up to 533! They are all listed at https://nmap.org/nsedoc/, and the summaries are below (authors are listed in brackets):
clamav-exec detects ClamAV servers vulnerable to unauthorized clamav command execution. [Paulino Calderon]
http-aspnet-debug detects ASP.NET applications with debugging enabled. [Josh Amishav-Zlatin]
http-internal-ip-disclosure determines if the web server leaks its internal IP address when sending an HTTP/1.0 request without a Host header. [Josh Amishav-Zlatin]
[GH#304] http-mcmp detects mod_cluster Management Protocol (MCMP) and dumps its configuration. [Frank Spierings]
[GH#365] sslv2-drown detects vulnerability to the DROWN attack, including CVE-2016-0703 and CVE-2016-0704 that enable fast attacks on OpenSSL. [Bertrand Bonnefoy-Claudet]
vnc-title logs in to VNC servers and grabs the desktop title, geometry, and color depth. [Daniel Miller]
Integrated all of your IPv4 OS fingerprint submissions from January to April (539 of them). Added 98 fingerprints, bringing the new total to 5187. Additions include Linux 4.4, Android 6.0, Windows Server 2016, and more. [Daniel Miller]
Integrated all 31 of your IPv6 OS fingerprint submissions from January to June. The classifier added 2 groups and expanded several others. Several Apple OS X groups were consolidated, reducing the total number of groups to 93. [Daniel Miller]
Update oldest supported Windows version to Vista (Windows 6.0). This enables the use of the poll Nsock engine, which has significant performance and accuracy advantages. Windows XP users can still use Nmap 7.12, available from https://nmap.org/dist/?C=M&O=D [Daniel Miller]
[NSE] Fix a crash that happened when trying to print the percent done of 0 NSE script threads:
timing.cc:710 bool ScanProgressMeter::printStats(double, const timeval*): Assertion 'ltime' failed.
This would happen if no scripts were scheduled in a scan phase and the user pressed a key or specified a short --stats-every interval. Reported by Richard Petrie. [Daniel Miller]
[GH#283][Nsock] Avoid "unknown protocol:0" debug messages and an "Unknown address family 0" crash on Windows and other platforms that do not set the src_addr argument to recvfrom for TCP sockets. [Daniel Miller]
Retrieve the correct network prefix length for an adapter on Windows. If more than one address was configured on an adapter, the same prefix length would be used for both. This incorrect behavior is still used on Windows XP and earlier. Reported by Niels Bohr. [Daniel Miller]
Changed libdnet-stripped to avoid bailing completely when an interface is encountered with an unsupported hardware address type. Caused "INTERFACES: NONE FOUND!" bugs in Nmap whenever Linux kernel added new hardware address types. [Daniel Miller]
Improved service detection of Docker and fixed a bug in the output of docker-version script. [Tom Sellers]
Fix detection of Microsoft Terminal Services (RDP). Our improved TLS service probes were matching on port 3389 before our specific Terminal Services probe, causing the port to be labeled as "ssl/unknown". Reported by Josh Amishav-Zlatin.
[NSE] Update to enable smb-os-discovery to augment version detection for certain SMB related services using data that the script discovers. [Tom Sellers]
Improved version detection and descriptions for Microsoft and Samba SMB services. Also addresses certain issues with OS identification. [Tom Sellers]
[NSE] ssl-enum-ciphers will give a failing score to any server with an RSA certificate whose public key uses an exponent of 1. It will also cap the score of an RC4-ciphersuite handshake at C and output a warning referencing RFC 7465. [Daniel Miller]
[NSE] Refactored some SSLv2 functionality into a new library, sslv2.lua . [Daniel Miller]
[GH#399] Zenmap's authorization wrapper now uses an AppleScript method for privilege escalation on OS X, avoiding the deprecated AuthorizationExecuteWithPrivileges method previously used. [Vincent Dumont]
[GH#454] The OS X binary package is distributed in a .dmg disk image that now features an instructive background image. [Vincent Dumont]
[GH#420] Our OS X build system now uses gtk-mac-bundler and jhbuild to provide all dependencies. We no longer use Macports for this purpose. [Vincent Dumont]
[GH#345][Zenmap] On Windows, save Zenmap's stderr output to a writeable location (%LOCALAPPDATA%\zenmap.exe.log or %TEMP%\zenmap.exe.log) instead of next to the zenmap.exe executable. This avoids a warning message when closing Zenmap if it produced any stderr output. [Daniel Miller]
[GH#379][NSE] Fix http-iis-short-name-brute to report non vulnerable hosts. Reported by alias1. [Paulino Calderon]
[NSE][GH#371] Fix mysql-audit by adding needed library requires to the mysql-cis.audit file. The script would fail with "Failed to load rulebase" message. [Paolo Perego]
[NSE][GH#362] Added support for LDAP over udp to ldap-rootdse.nse. Also added version detection and information extraction to match the new LDAP LDAPSearchReq and LDAPSearchReqUDP probes. [Tom Sellers]
[GH#354] Added new version detection Probes for LDAP services, LDAPSearchReq and LDAPSearchReqUDP. The second is Microsoft Active Directory specific. The Probes will elicit responses from target services that allow better finger -printing and information extraction. Also added nmap-payload entry for detecting LDAP on udp. [Tom Sellers]
[NSE] More VNC updates: Support for VeNCrypt and Tight auth types, output of authentication sub-types in vnc-info, and all zero-authentication types are recognized and reported. [Daniel Miller]
Changes:
2016/08/30 : 1.6.9
- DOC: Updated 51Degrees readme.
- BUG/MAJOR: stream: properly mark the server address as unset on connect retry
- BUG/MINOR: payload: fix SSLv2 version parser
- MINOR: cli: allow the semi-colon to be escaped on the CLI
2016/08/14 : 1.6.8
- BUG/MEDIUM: lua: the function txn_done() from sample fetches can crash
- BUG/MEDIUM: lua: the function txn_done() from action wrapper can crash
- BUG/MINOR: peers: Fix peers data decoding issue
- DOC: lua: remove old functions
- BUG/MEDIUM: lua: somme HTTP manipulation functions are called without valid requests
- BUG/MEDIUM: stream-int: completely detach connection on connect error
- DOC: minor typo fixes to improve HTML parsing by haproxy-dconv
- BUILD: make proto_tcp.c compatible with musl library
- BUG/MAJOR: compression: initialize avail_in/next_in even during flush
- BUG/MEDIUM: samples: make smp_dup() always duplicate the sample
- MINOR: sample: implement smp_is_safe() and smp_make_safe()
- MINOR: sample: provide smp_is_rw() and smp_make_rw()
- BUG/MAJOR: server: the "sni" directive could randomly cause trouble
- BUG/MEDIUM: stick-tables: do not fail on string keys with no allocated size
- BUG/MEDIUM: stick-table: properly convert binary samples to keys
- MINOR: sample: use smp_make_rw() in upper/lower converters
- BUG/MINOR: peers: some updates are pushed twice after a resync.
- BUG/MINOR: peers: empty chunks after a resync.
- BUG/MAJOR: stick-counters: possible crash when using sc_trackers with wrong table
2016/07/13 : 1.6.7
- MINOR: new function my_realloc2 = realloc + free upon failure
- CLEANUP: fixed some usages of realloc leading to memory leak
- Revert "BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()"
- BUG/MEDIUM: dns: fix alignment issues in the DNS response parser
- BUG/MINOR: Fix endiness issue in DNS header creation code
http://freeradius.org/version2.html
The 2.2.x release series is now End Of Life. Only security fixes will be applied to 2.2.x.
Fix Tunnel-Password crash from home server. Found by Denis Andzakovic.
Fix timer issue when proxying.
Update EAP-TTLS so that MPPE keys are correctly calculated with TLSv1.2.
Always delete MS-MPPE-* from the TTLS inner tunnel. This allows TTLS / EAP-MSCHAPv2 to work.
Don't fall through in empty "case" statements. Fixes#1274.
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-56
The Bluetooth L2CAP dissector could crash. ([2]Bug 12825)
* [3]wnpa-sec-2016-57
The NCP dissector could crash. ([4]Bug 12945)
The following bugs have been fixed:
* Flow Graph colored data arrows. ([5]Bug 12065)
* Capture File Properties under Statistics Grayed Out after Stopping
a Capture. ([6]Bug 12071)
* Qt: Hidden columns displayed during live capture. ([7]Bug 12377)
* Unable to save changes to coloring rules. ([8]Bug 12814)
* Bad description for NBSS error code 0x81. ([9]Bug 12835)
* Live capture from USBPcap fails immediately. ([10]Bug 12846)
* Cannot decrypt EAP-TTLS traffic (not recognized as conversation).
([11]Bug 12879)
* Export packet dissections Option disabled after capturing traffic.
([12]Bug 12898)
* Failure to open file named with Chinese or other multibyte
characters. ([13]Bug 12900)
* k12 text file format causes errors. ([14]Bug 12903)
* File | File Set | List Files dialog is blank. ([15]Bug 12904)
* Decoding/Display of an INAP CONNECT message goes wrong for the
Destination Routing Address part. ([16]Bug 12911)
* TLS padding extension dissector length parsing bug. ([17]Bug 12922)
* Diameter dictionary bugs. ([18]Bug 12927)
* File open from menu bar with filter in place causes Wireshark to
crash. ([19]Bug 12929)
* Unable to capture USBPcap trace using tshark with extcap built.
([20]Bug 12949)
* P1 dissector fails a TVB assertion. ([21]Bug 12976)
* Multiple PortableApps instances can once again be run at the same
time.
Updated Protocol Support
6LowPAN, BT L2CAP, CIP, DCOM IRemUnknown, Diameter, DMP, EAP, ISUP,
NBT, NCP, NetFlow, SSL / TLS, and U3V
New and Updated Capture File Support
Ascend, and K12
Upstream changes:
* 3.2.2 (2016/09/25)
* switch to libcurl instead of glib-networking
* implement --post and --ciphers options
* support display of extended_tweet
* 3.2.1 (2016/04/24)
* implement --filter and --record options
* implement editing NG words
* reflect 'don't show Retweets by this user' settings
* add support for thumbnail of Shindan-maker
* print Unicode foreign letters
* compressed display of continuous RTs and favs
Upstream changes:
* update po files
* tco: Ruby2.3 warnings on extracting URLs due to Kernel.#timeout call
* remove notice on Net::ReadTimeout
* stop use of obsolete Gdk::Pixbuf.new
Changes:
version 2016.10.07
Extractors
+ [iprima] Detect geo restriction
* [facebook] Fix video extraction (#10846)
+ [commonprotocols] Support direct MMS links (#10838)
+ [generic] Add support for multiple vimeo embeds (#10862)
+ [nzz] Add support for nzz.ch (#4407)
+ [npo] Detect geo restriction
+ [npo] Add support for 2doc.nl (#10842)
+ [lego] Add support for lego.com (#10369)
+ [tonline] Add support for t-online.de (#10376)
* [techtalks] Relax URL regular expression (#10840)
* [youtube:live] Extend URL regular expression (#10839)
+ [theweatherchannel] Add support for weather.com (#7188)
+ [thisoldhouse] Add support for thisoldhouse.com (#10837)
+ [nhl] Add support for wch2016.com (#10833)
* [pornoxo] Use JWPlatform to improve metadata extraction
version 2016.10.02
Core
* Fix possibly lost extended attributes during post-processing
+ Support pyxattr as well as python-xattr for --xattrs and
--xattr-set-filesize (#9054)
Extractors
+ [jwplatform] Support DASH streams in JWPlayer
+ [jwplatform] Support old-style JWPlayer playlists
+ [byutv:event] Add extractor
* [periscope:user] Fix extraction (#10820)
* [dctp] Fix extraction (#10734)
+ [instagram] Extract video dimensions (#10790)
+ [tvland] Extend URL regular expression (#10812)
+ [vgtv] Add support for tv.aftonbladet.se (#10800)
- [aftonbladet] Remove extractor
* [vk] Fix timestamp and view count extraction (#10760)
+ [vk] Add support for running and finished live streams (#10799)
+ [leeco] Recognize more Le Sports URLs (#10794)
+ [instagram] Extract comments (#10788)
+ [ketnet] Extract mzsource formats (#10770)
* [limelight:media] Improve HTTP formats extraction
version 2016.09.27
Core
+ Add hdcore query parameter to akamai f4m formats
+ Delegate HLS live streams downloading to ffmpeg
+ Improved support for HTML5 subtitles
Extractors
+ [vk] Add support for dailymotion embeds (#10661)
* [promptfile] Fix extraction (#10634)
* [kaltura] Speed up embed regular expressions (#10764)
+ [npo] Add support for anderetijden.nl (#10754)
+ [prosiebensat1] Add support for advopedia sites
* [mwave] Relax URL regular expression (#10735, #10748)
* [prosiebensat1] Fix playlist support (#10745)
+ [prosiebensat1] Add support for sat1gold sites (#10745)
+ [cbsnews:livevideo] Fix extraction and extract m3u8 formats
+ [brightcove:new] Add support for live streams
* [soundcloud] Generalize playlist entries extraction (#10733)
+ [mtv] Add support for new URL schema (#8169, #9808)
* [einthusan] Fix extraction (#10714)
+ [twitter] Support Periscope embeds (#10737)
+ [openload] Support subtitles (#10625)
version 2016.09.24
Core
+ Add support for watchTVeverywhere.com authentication provider based MSOs for
Adobe Pass authentication (#10709)
Extractors
+ [soundcloud:playlist] Provide video id for early playlist entries (#10733)
+ [prosiebensat1] Add support for kabeleinsdoku (#10732)
* [cbs] Extract info from thunder videoPlayerService (#10728)
* [openload] Fix extraction (#10408)
+ [ustream] Support the new HLS streams (#10698)
+ [ooyala] Extract all HLS formats
+ [cartoonnetwork] Add support for Adobe Pass authentication
+ [soundcloud] Extract license metadata
+ [fox] Add support for Adobe Pass authentication (#8584)
+ [tbs] Add support for Adobe Pass authentication (#10642, #10222)
+ [trutv] Add support for Adobe Pass authentication (#10519)
+ [turner] Add support for Adobe Pass authentication
version 2016.09.19
Extractors
+ [crunchyroll] Check if already authenticated (#10700)
- [twitch:stream] Remove fallback to profile extraction when stream is offline
* [thisav] Improve title extraction (#10682)
* [vyborymos] Improve station info extraction
version 2016.09.18
Core
+ Introduce manifest_url and fragments fields in formats dictionary for
fragmented media
+ Provide manifest_url field for DASH segments, HLS and HDS
+ Provide fragments field for DASH segments
* Rework DASH segments downloader to use fragments field
+ Add helper method for Wowza Streaming Engine formats extraction
Extractors
+ [vyborymos] Add extractor for vybory.mos.ru (#10692)
+ [xfileshare] Add title regular expression for streamin.to (#10646)
+ [globo:article] Add support for multiple videos (#10653)
+ [thisav] Recognize HTML5 videos (#10447)
* [jwplatform] Improve JWPlayer detection
+ [mangomolo] Add support for Mangomolo embeds
+ [toutv] Add support for authentication (#10669)
* [franceinter] Fix upload date extraction
* [tv4] Fix HLS and HDS formats extraction (#10659)
* Fixed octal and hex string parsing in options.
* Ignore bogus RTM_DELADDR on FreeBSD when the interface goes down.
* Several statically sized buffers have been removed and replaced
with dynamically sized ones where we have no real idea of what
the size will be.
* Reverse IPv4 route removal order.
* Improved handling of Netlink messages on Linux.
* Poll for tentative link-local addresses if needed.
* Added --small configure directive to reduce binary size
* Allow DHCPv6, IPv4lL and authentication to be compiled out
* dhcpcd requries the interface to be up when considering link status
* Add support for ifa_addrflags in getifaddrs(3)
* Add support for ifam_addrflags and ifam_pid from route(4)
* If T1 or T2 are not set in DHCPv6 messages, use a default from the
lowest pltime instead of the expiration time.
* Validate lease before moving to REQUEST when both ends use
rapid commit.
* If lease validation fails, don't restart the DISCOVER phase if
we're already in it.
- Create a pkg-config file for libunbound in contrib.
- TCP Fast open.
- Finegrained localzone control with define-tag, access-control-tag,
access-control-tag-action, access-control-tag-data, local-zone-tag, and
local-zone-override. And added types always_transparent, always_refuse,
always_nxdomain with that.
- If more than half of tcp connections are in use, a shorter timeout
is used (200 msec, vs 2 minutes) to pressure tcp for new connects.
- [bugzilla: 787 ] Fix#787: outgoing-interface netblock/64 ipv6
option to use linux freebind to use 64bits of entropy for every query
with random local part.
- For #787: prefer-ip6 option for unbound.conf prefers to send
upstream queries to ipv6 servers.
- Add default root hints for IPv6 E.ROOT-SERVERS.NET, 2001:500:a8::e.
- keep debug symbols in windows build.
Bug Fixes:
----------
- [bugzilla: 778 ] Fix unbound 1.5.9: -h segfault (null deref).
- Fix unbound-anchor.exe file location defaults to Program Files with
(x86) appended.
- Fix to not ignore return value of chown() in daemon startup.
- Better help text from -h.
- [bugzilla: 773 ] Fix Non-standard Python location build failure with
pyunbound.
- Improve threadsafety for openssl 0.9.8 ecdsa dnssec signatures.
- Revert fix for NetworkService account on windows due to breakage it
causes.
- Fix that windows install will not overwrite existing service.conf
file (and ignore gui config choices if it exists).
- And delete service.conf.shipped on uninstall.
- In unbound.conf directory: dir immediately changes to that
directory, so that include: file below that is relative to that
directory. With chroot, make the directory an absolute path inside chroot.
- do not delete service.conf on windows uninstall.
- document directory immediate fix and allow EXECUTABLE syntax in it
on windows.
- Fix directory: fix for unbound-checkconf, it restores cwd.
- Use QTYPE=A for QNAME minimisation.
- Keep track of number of time-outs when performing QNAME
minimisation. Stop minimising when number of time-outs for a QNAME/QTYPE
pair is more than three.
- [bugzilla: 775 ] Fix unbound-host and unbound-anchor crash on
windows, ignore null delete for wsaevent.
- Fix spelling in freebind option man page text.
- Fix windows link of ssl with crypt32.
- [bugzilla: 779 ] Fix Union casting is non-portable.
- [bugzilla: 780 ] Fix MAP_ANON not defined in HP-UX 11.31.
- [bugzilla: 781 ] Fix prealloc() is an HP-UX system library call.
- Decrease dp attempts at each QNAME minimisation iteration
- [bugzilla: 784 ] Fix Build configure assumess that having getpwnam
means there is endpwent function available.
- Updated repository with newer flex and bison output.
- Fix static compile on windows missing gdi32.
- Fix dynamic link of anchor-update.exe on windows.
- Fix detect of mingw for MXE package build.
- Fixes for 64bit windows compile.
- [bugzilla: 788 ] Fix for nettle 3.0: Failed to build with Nettle >=
3.0 and --with-libunbound-only --with-nettle.
- Fixed unbound.doxygen for 1.8.11.
- [bugzilla: 798 ] Fix Client-side TCP fast open fails (Linux).
- [bugzilla: 801 ] Fix missing error condition handling in
daemon_create_workers().
- [bugzilla: 802 ] Fix workaround for function parameters that are
"unused" without log_assert.
- [bugzilla: 803 ] Fix confusing (and incorrect) code comment in
daemon_cleanup().
- [bugzilla: 806 ] Fix wrong comment removed.
- use sendmsg instead of sendto for TFO.
- [bugzilla: 807 ] Fix workaround for possible some "unused" function
parameters in test code.
- Note that OPENPGPKEY type is RFC 7929.
- [bugzilla: 804 ] Fix#804: unbound stops responding after outage.
Fixes queries that attempt to wait for an empty list of subqueries.
- Fix for #804: lower num_target_queries for iterator also for failed
lookups.
- [bugzilla: 820 ] Fix set sldns_str2wire_rr_buf() dual meaning len
parameter in each iteration in find_tag_datas().
- [bugzilla: 777 ] Fix OpenSSL 1.1.0 compatibility.
- RFC 7958 is now out, updated docs for unbound-anchor.
- Fix for compile without warnings with openssl 1.1.0.
- [bugzilla: 826 ] Fix refuse_non_local could result in a broken response.
- iana portlist update.
- Fix compile with openssl 1.1.0 with api=1.1.0.
- [bugzilla: 829 ] Fix doc of sldns_wire2str_rdata_buf() return value
has an off-by-one typo.
- Fix incomplete prototypes reported by Dag-Erling Smørgrav.
- [bugzilla: 828 ] Fix missing type in access-control-tag-action
redirect results in NXDOMAIN.
- Take configured minimum TTL into consideration when reducing TTL to
original TTL from RRSIG.
- [bugzilla: 831 ] Fix workaround for spurious fread_chk warning
against petal.c
- Silenced flex-generated sign-unsigned warning print with gcc
diagnostic pragma.
- Fix for new splint on FreeBSD. Fix cast for sockaddr_un.sun_len.
- fix potential memory leak in daemon/remote.c and nullpointer
dereference in validator/autotrust.
- [bugzilla: 883 ] Fix error for duplicate local zone entry.
- [bugzilla: 835 ] Fix --disable-dsa with nettle verify.
v0.14.7
This is a minor release recommended for all users.
Improvements in this release include faster (i.e., less CPU intensive)
hashing on some Intel and ARM64 CPU:s, a more refined dark theme,
CORS headers in the API, and an updated set of default discovery
servers.
Resolved issues since v0.14.6:
#3596: Deadlock no longer occurs on device removal
Make sure the configure script finds the ping or ping6 command on NetBSD, don't
rely on /sbin being in $path of the builder.
Not sure if similar change is needed for other $OPSYS.
Add a comment to patch-ad explaining why some plugins are disabled here.
2016/04/18:
linux/netfilter: fix compile time detection of iptables version >= 1.4.3
2016/03/08:
linux/netfilter: do not add MASQUERADE rule if ports are equals
2016/02/19:
set IPv6 Hop limit to 10
fix HOST: header of event notifications in IPv6
be more compliant on 64bit machines : ui4 in [0;2^32-1]
1.0.0
=====
- Only version changed
0.99.0
======
- Fix build on OS X
All contributors to this release:
- Tomasz Pajor <tomek@polishgeeks.com>
- Jens Georg <mail@jensge.org>
0.20.18
=======
- Retry description URL on failure.
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=694450
All contributors to this release:
- Jens Georg <mail@jensge.org>
- Jozef Šiška <jozef.siska@streamunlimited.com>
0.20.17
=======
- Update autogen.sh from GNOME template
- Cache user agents by IP
- Remove intltool
- Use newTargetValue in light example
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=653894
- https://bugzilla.gnome.org/show_bug.cgi?id=763945
- https://bugzilla.gnome.org/show_bug.cgi?id=764050
All contributors to this release:
- Jens Georg <mail@jensge.org>
- Philip Withnall <philip@tecnocode.co.uk>
0.20.16
=======
- Don't hardcode python path in gupnp-binding-tool
- Check for IFA_FLAGS to not bind ourselves to a recent kernel version
- Add missing m4 files
- Fix issues with introspection
- Make GUPnPServiceAction boxed
- Some JavaScript examples
- Distribute VAPI file in tarball
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=760217
- https://bugzilla.gnome.org/show_bug.cgi?id=760430
- https://bugzilla.gnome.org/show_bug.cgi?id=761265
All contributors to this release:
- Jens Georg <mail@jensge.org>
- Ting-Wei Lan <lantw@src.gnome.org>
0.20.15
=======
- Remove gnome-common
- Fix issue with gupnp_service_signals_autoconnect() blocking endlessly.
- Fix return type for BIN_HEX.
- Update some m4 macros.
- Fix typos in API docs.
NetworkManager context manager:
- Fix use-after-free issue.
- Fix various static code analysis findings.
Netlink context manager:
- Use proper macros for RTM_*ADDRESS messages.
- Use device name from netlink.
- Add possibility to dump received netlink packets for debugging.
- Fix issues with losing contexts after DHCP renew happens.
- Some style fixes.
Added/updated dependencies:
- GSSDP >= 0.14.13
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=736365
- https://bugzilla.gnome.org/show_bug.cgi?id=741257
- https://bugzilla.gnome.org/show_bug.cgi?id=750936
- https://bugzilla.gnome.org/show_bug.cgi?id=752490
- https://bugzilla.gnome.org/show_bug.cgi?id=759000
All contributors to this release:
- Jens Georg <mail@jensge.org>
- Debarshi Ray <debarshir@gnome.org>
- Olivier Crête <olivier.crete@collabora.com>
- Guillaume Marquebielle <guillaume.marquebielle@parrot.com>
- Bastien Nocera <hadess@hadess.net>
0.20.14
=======
Changes since 0.20.13:
Added/updated dependencies:
GLib 2.0 >= 2.40.0
- Simplify UUID handling.
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=743072
- https://bugzilla.gnome.org/show_bug.cgi?id=744221
All contributors to this release:
- Jens Georg <mail@jensge.org>
0.99.0
======
- Don't leak arp lookup symbol
- Minor documentation updates
All contributors to this release:
- Jens Georg <mail@jensge.org>
0.14.16
=======
- Fill the interface index for bionic.
- Remove unused include.
- Fix interface lookup on Win32
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=762455
- https://bugzilla.gnome.org/show_bug.cgi?id=765688
- https://bugzilla.gnome.org/show_bug.cgi?id=765709
All contributors to this release:
- Aurélien Chabot <aurelien.chabot@parrot.com>
- Jens Georg <mail@jensge.org>
- Florian Zwoch <fzwoch@gmail.com>
0.14.15
=======
- Actually use the TTL that was set by the user
- Use if_nametoindex instead of IOCTL when available
- Implement a User Agent cache based on SSDP packages
- Fix potential strncpy overflow
- Add missing m4 macros
- Disable PKTINFO on OS X
- Do not leak host_addr in clients.
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=653894
- https://bugzilla.gnome.org/show_bug.cgi?id=762324
- https://bugzilla.gnome.org/show_bug.cgi?id=764677
All contributors to this release:
- Jens Georg <mail@jensge.org>
- Philip Withnall <philip.withnall@collabora.co.uk>
- Philip Withnall <philip@tecnocode.co.uk>
0.14.14
=======
- Fix warning if the IP address is not known.
- Fix issue with discovery.
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=760702
All contributors to this release:
- Jens Georg <mail@jensge.org>
- Philip Withnall <philip@tecnocode.co.uk>
0.14.13
=======
- Make "host-ip" of GSSDPClient a construction property to give the caller the
chance to bypass the IP autodetection during client creation.
All contributors to this release:
- Jens Georg <mail@jensge.org>
0.14.12.1
=========
- Update m4 macros from autoconf-archive.
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=758778
All contributors to this release:
- Jens Georg <mail@jensge.org>
0.14.12
=======
- Fix issues with names of loopback device on *BSD.
- Move gtest code one level up and examples to their own folder.
- Fix a possible NULL derefence in gssdp-device-sniffer.
- Remove use of gnome-common for building.
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=743070
All contributors to this release:
- Jens Georg <mail@jensge.org>
- Thomas Klausner <tk@giga.or.at>
Changes in version 0.2.8.8 - 2016-09-23
Tor 0.2.8.8 fixes two crash bugs present in previous versions of the
0.2.8.x series. Relays running 0.2.8.x should upgrade, as should users
who select public relays as their bridges.
o Major bugfixes (crash):
- Fix a complicated crash bug that could affect Tor clients
configured to use bridges when replacing a networkstatus consensus
in which one of their bridges was mentioned. OpenBSD users saw
more crashes here, but all platforms were potentially affected.
Fixes bug 20103; bugfix on 0.2.8.2-alpha.
o Major bugfixes (relay, OOM handler):
- Fix a timing-dependent assertion failure that could occur when we
tried to flush from a circuit after having freed its cells because
of an out-of-memory condition. Fixes bug 20203; bugfix on
0.2.8.1-alpha. Thanks to "cypherpunks" for help diagnosing
this one.
o Minor feature (fallback directories):
- Remove broken fallbacks from the hard-coded fallback directory
list. Closes ticket 20190; patch by teor.
o Minor features (geoip):
- Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2
Country database.
Version 1.12.0 (29 Sep 2016)
Daniel Stenberg (29 Sep 2016)
- RELEASE-NOTES: 1.12.0
- [David Drysdale brought this change]
ares-test-misc: test ares_create_query with escaped trailing dot
- ares_create_query: avoid single-byte buffer overwrite
... when the name ends with an escaped dot.
CVE-2016-5180
Bug: https://c-ares.haxx.se/adv_20160929.html
- ares_library_initialized.3: added
- make: bump CARES_VERSION_INFO for release
David Drysdale (29 Sep 2016)
- man: update ares_init_options.3
Daniel Stenberg (29 Sep 2016)
- ares_library_init.3: corrected the ares_library_init_mem proto
- README.md: remove space from link
- README: link to the correct c-ares badge!
Reported-by: David Hotham
Fixes#63
- docs: minor formatting edits
- ares_destroy.3: formatting polish
- ares_init.3: split the init docs into two separate man pages
- SECURITY: point to the vulnerabilities page now
- RELEASE-NOTES: synced with daa7235b1a5
- ares_create_query.3: edit language
Tried to make the man page more readable.
David Drysdale (26 Sep 2016)
- test: fix gMock to work with gcc >= 6.x
Taken from:
https://github.com/google/googletest/issues/705#issuecomment-235067917
Daniel Stenberg (26 Sep 2016)
- [Brad House brought this change]
headers: remove checks for and defines of variable sizes
... they're not really used and by avoiding them in the ares_build.h
output we make the public header less dependent on data sizes.
David Drysdale (24 Sep 2016)
- api: add ARES_OPT_NOROTATE optmask value
Fix up a couple of problems with configuring whether c-ares rotates
between different name servers between requests.
Firstly, ares_save_options() returns (in *optmask) the value of
(channel->optmask & ARES_OPT_ROTATE), which doesn't necessarily
indicate whether the channel is or is not actually doing rotation.
This can be confusing/incorrect if:
- the channel was originally configured without ARES_OPT_ROTATE
(so it appears that the channel is not rotating)
- the /etc/resolv.conf file includes the 'rotate' option
(so the channel is actually performing rotation).
Secondly, it is not possible to reliably configure a channel
to not-rotate; leaving off ARES_OPT_ROTATE is not enough, since
a 'rotate' option in /etc/resolv.conf will turn it on again.
Therefore:
- add an ARES_OPT_NOROTATE optmask value to allow explicit
configuration of no-rotate behaviour
- in ares_save_options(), report the value of channel->rotate
as exactly one of (optmask & ARES_OPT_ROTATE) or
(optmask & ARES_OPT_NOROTATE).
In terms of back-compatibility:
- existing apps that set ARES_OPT_ROTATE will continue to rotate,
and to have ARES_OPT_ROTATE reported back from ares_save_options()
- existing apps that don't set ARES_OPT_ROTATE will continue to
use local config/defaults to decide whether to rotate, and will
now get ARES_OPT_ROTATE or ARES_OPT_NOROTATE reported back from
ares_save_options() rather than 0.
- ares_init_options: only propagate init failures from options
Commit 46bb820be3a8 ("ares_init_options: don't lose init failure")
changed init behaviour so that earlier errors in initialization
weren't lost. In particular, if the user passes in specific
options but they are not applied (e.g. because of an allocation
failure), that failure needs to be reported back to the user; this
also applies when duplicating a channel with ares_dup().
However, other initialization failures can be ignored and
overridden -- in particular, if init_by_resolv_conf() or
init_by_environment() fail, then falling back to default values
is OK.
So only preserve failures from the init_by_options() stage, not
from all initialization stages.
Fixes issue 60.
- test: Force reinstall of libtool on OSX
Travis build environment appears to have changed.
- test: Add valgrind build variant
- test: Add null pointer to gtest args
GoogleTest assumes that there is a null pointer in argv[argc],
so make it look like that. Without this change, tests run with
command-line arguments get memory errors under valgrind/ASAN.
Daniel Stenberg (21 Aug 2016)
- AUTHOR: maybe gitgub isn't really an author =)
- AUTHORS: added contributors from the git log
- LICENSE.md: add a stand-alone license file
Just the MIT license used in the top the source files moved out to a
stand-alone file for easier reference and discovery.
- README: added "CII best practices" badge
- SECURITY.md: suggested "security process" for the project
David Drysdale (17 Aug 2016)
- test: Add Clang static analysis build to Travis
Run scan-build over the library source code, but skip the
tests. Needs a later Clang install in Travis
- test: more info on how to run fuzz testing
- test: make fuzzer driver code C not C++
- test: fuzzer mode for AFL's persistent mode
When fuzzing with AFL, if the LLVM-based instrumentation is
used (via the afl-clang-fast wrapper), then it is possible to
have a single execution of the fuzzer program iterate multiple
times over the fuzzing entrypoint (similar to libFuzzer's normal
mode of execution) with different data. This is much (e.g. 10x)
faster.
Add code to support this, by checking whether __AFL_LOOP is
defined at compile-time.
Also, shift the code to effectively be C rather than C++.
- test: simplify deps for fuzzer entrypoint
No need to depend on the rest of the test code (ares-test.h) for
the fuzzer entrypoint; this makes the entrypoint slightly simpler
to build with LLVM's libFuzzer.
Also shift the code to effectively be C rather than C++
- test: disable MinGW tests
The test binary built in the MinGW build is failing for some
reason. It works for me when I build locally, so I'm guessing
it's down to some sort of AppVeyor environment issue.
Disable for now.
Daniel Stenberg (16 Aug 2016)
- read_tcp_data: remove superfluous NULL check
CID 56884 by Coverity. The pointer is already derefenced before this
point so it can't be NULL here anyway.
- web: http => https
GitHub (20 Jul 2016)
- [David Drysdale brought this change]
Merge pull request #59 from fuze/master
Update msvc_ver.inc for VS2015 Update 3
- [Chris Araman brought this change]
Update msvc_ver.inc
support Visual Studio 2015 Update 3
David Drysdale (2 May 2016)
- Fix trailing comment for #endif
Daniel Stenberg (30 Apr 2016)
- email: use Gisle's "new" address
David Drysdale (18 Apr 2016)
- test: drop superfluous fuzz inputs
Where there are multiple fuzz input files that only differ in
the first two bytes (the query ID), just keep the first such
file.
svante karlsson (15 Apr 2016)
- Update msvc_ver.inc
support Visual Studio 2015 Update 2
David Drysdale (31 Mar 2016)
- test: Run fuzzcheck.sh in Travis build
- test: add fuzzing check script to tests
Add a test script that runs the fuzzing command over the
corpus of DNS packets. This doesn't actually do any fuzzing
(it just runs them as inputs without generating any variations)
but it does ensure that the fuzzing entrypoint is still working.
- test: allow multiple files in aresfuzz command line
If no arguments are specified, use stdin as input.
Otherwise treat each argument as a filename and feed
its contents to the fuzz entrypoint.
- test: Add corpus of DNS packets
For fuzz testing it is useful to start from a corpus of valid
packets, so fill out the test/fuzzinput/ directory with a bunch
of inputs.
These packets were generated by temporarily modifying the c-ares
process_answer() function to save off any incoming response messages.
- test: Add utility to show DNS packet from file
- [nordsturm brought this change]
Fix nsort initialization
Author: Alexander Drachevskiy
http://c-ares.haxx.se/mail/c-ares-archive-2014-07/0004.shtmlhttp://c-ares.haxx.se/mail/c-ares-archive-2014-07/0014.shtml
- test: Check setting nsort=0 option is respected
- test: Update fuzzing function prototype
libFuzzer changed expected return type from void to int
in LLVM 3.8.
- Explicitly clear struct servent before use
On a build where MSAN has been manually set up (which involves
using an MSAN-instrumented version of the standard C++ library, see
https://github.com/google/sanitizers/wiki/MemorySanitizerLibcxxHowTo)
there's a warning about use of uninitialized memory here. It
might be a false positive, but the fix is trivial so include it.
- test: for AF_UNSPEC, return CNAME only for AAAA, but valid A record
Also shuffle expected responses rsp6/rsp4 into the order they will occur.
- [Chris Araman brought this change]
msvc_ver.inc: support Visual Studio 2015 Update 1
- build: commonize MSVC version detection
Remove the need to copy/paste version number mapping between
Makefile.msvc and test/Makefile.msvc.
- test: Use different name in live test
- test: Only pass unused args to GoogleTest
- ahost.c: add cast to fix C++ compile
If ahost.c is force-compiled as C++ the missing cast from
(void *) to (char **) is problematic.
- ares_library_cleanup: reset ares_realloc too
Otherwise a subsequent use of the library might use a previous
incarnation's realloc() implementation.
Daniel Stenberg (9 Mar 2016)
- [Brad House brought this change]
configure: check if tests can get built before enabled
The current approach for disabling tests is not a good solution because
it forces you to pass --disable-tests, rather than auto-detect if your
system can support the tests in the first place. Many (most?) systems
do not have C++11. This also causes issues when chain-building c-ares,
the hosting system needs to be updated to support passing this
additional flag if necessary, it doesn't seem reasonable to add this
requirement which breaks compatibility.
This change auto-detects if the system can build the tests and
automatically disable them if it cannot. If you pass --enable-tests to
configure and the system cannot build them either due to lack of system
support, or because cross-compilation is being used, it will throw an
appropriate error since the user indicated they really did want the
tests.
David Drysdale (3 Mar 2016)
- [Viktor Szakats brought this change]
Makefile.m32: add support for CROSSPREFIX
- [Viktor Szakats brought this change]
Makefile.m32: add support for extra flags
Allow specification of CARES_{LD,C}FLAG_EXTRAS envvars
for mingw
- test: Build with MinGW on AppVeyor
- test: avoid in6addr_* constants
These aren't available on MinGW, so use explicit addresses instead.
- test: add missing #includes for dns-proto.cc
- [Gregor Jasny brought this change]
Fix man page typos detected by Lintian
Daniel Stenberg (19 Feb 2016)
- configure: acknowledge --disable-tests
Fixes#44
- AUTHORS: added contributors from the 1.11.0 release
- bump: start working on the next version
Version 1.11.0 (19 Feb 2016)
Daniel Stenberg (19 Feb 2016)
- RELEASE-NOTES: final edits for 1.11.0
David Drysdale (15 Feb 2016)
- ares_dup.3: remove mention of nonexistent function
ares_dup_options() doesn't exist, so don't document it.
- test: skip repeated build steps
Top-level buildconf/configure now triggers for the
test/ subdir too, so don't need to do explicitly.
- test: namespaces unavailable when cross-compiling
Daniel Stenberg (13 Feb 2016)
- configure: only run configure in test when NOT cross-compiling
... as the tests won't run cross-compiled anyway
David Drysdale (13 Feb 2016)
- test: prefer ON_CALL to EXPECT_CALL to reduce flakes
For UDP tests, there's a chance of a retry. EXPECT_CALL only
expects a single request to arrive at the server; ON_CALL allows
for a UDP retry and repeats the same answer.
Note that ON_CALL and EXPECT_CALL can't be mixed in the same
test, and that tests that have a varied sequence of responses
for the same repeated request still have to use EXPECT_CALL.
Daniel Stenberg (13 Feb 2016)
- configure: run configure in 'test' too
Having the test dir completely stand-alone causes too many issues for
users and devs. It still needs to be built specifically.
- configure: build silently by default
- buildconf: run test/buildconf too if present
- test/configure: build silently by default
- [Gregor Jasny brought this change]
dist: Distribute README.md
Closes#42
Version 1.11.0 (11 Feb 2016)
Daniel Stenberg (11 Feb 2016)
- Makefile.am: distribute the test dir too
- RELEASE-NOTES: synced with 385582bd14b68a
- [Nicolas \"Pixel\" Noble brought this change]
ares_win32_init: make LoadLibrary work when using UNICODE too
Closes#17
David Drysdale (11 Feb 2016)
- Use "resolve" as synonym of "dns" in nsswitch.conf
Modern Linux systems may have libnss_resolve from systemd as the
resolver, which is then configured in /etc/nsswitch.conf with
the "resolve" keyword rather than "dns".
Fixes#33
- ares_set_socket_callback: make manpage match code
The code in ares_process.c that invokes the socket creation/connection
callback only checks for rc < 0, not for standard ares error codes.
- Merge pull request #36 from AGWA-forks/master
Add ares_set_socket_configure_callback()
- test: Update init tests to match behaviour
Unreadable config files are now treated the same way
as absent config files.
- [Fedor Indutny brought this change]
Ignore `fopen` errors to use default values
After 46bb820be3a83520e70e6c5f0c5133253fcd69cd `init_by_resolv_conf`
errors are no longer swallowed in `ares_init_options`. This has exposed
a previously unknown bug in `lookups` initialization code.
If there is no lookup configuration in `resolv.conf`,
`init_by_resolv_conf` will attempt to read it from other files available
on the system. However, some of these files may have restricted
permissions (like `600`), which will lead to `EACCESS` errno, which in
turn is handled like a fatal error by `init_by_resolv_conf`.
However, it sounds illogical that this error should be handled as a
fatal. There is a `init_by_defaults` call that overrides `lookups` with
default value, and certainly possible absence of lookup information is
the reason why this function exists in a first place!
I suggest handling any `fopen` errors as non-fatal ones, allowing to
pick up the `lookups` value from different config files, or to pick up
default value.
Andrew Ayer (9 Feb 2016)
- Document callback type in man page for ares_set_socket_callback
- Add ares_set_socket_configure_callback()
This function sets a callback that is invoked after the socket is
created, but before the connection is established. This is an ideal
time to customize various socket options.
David Drysdale (9 Feb 2016)
- test: ares_set_socket_callback failure behaviour
- test: Check ares_parse_txt_reply_ext() entrypoint
- [Fedor Indutny brought this change]
txt: introduce `ares_parse_txt_reply_ext`
Introduce `ares_txt_ext` structure with an extra `record_start`
field, which indicates a start of a new TXT record, thus allowing to
differentiate the chunks in the same record, from a chunks in a
different record.
Introduce a new API method: `ares_parse_txt_reply_ext` that works with
this kind of struct.
- doc: Update missed repo references
- doc: Update docs on contributing
- test: Run command line tools in Travis
Do a quick execution of each of the command line tools
in the continuous integration build, so that any (say)
sanitizer failures show up.
- acountry: drop inert test
If ver_1 is true, then z0 and z1 must both be 'z', and so
(z0 != 'z' && z1 != 'z') can never be true.
CID 56879, pointed out by Coverity.
- doc: update badge locations to master repo
- test: Enable maintainer mode + debug in Travis
- test: Add an iOS build target
- test: Ignore SIGPIPE in tests
- test: More initialization tests
- test: Improve containerized test mechanism
Aim is to ensure that code coverage information can escape the
container. To do this:
- Enter a new mount namespace too, so that we can...
- Bind mount the expected source directory into the container
- Share memory with the sub-process so coverage information is
shared too.
- test: Make contained tests easier to write
- test: Add framework for containerized testing
On Linux we can potentially use user and UTS namespaces to run a test
in a pseudo-container with:
- arbitrary filesystem (e.g. /etc/resolv.conf, /etc/nsswitch.conf, /etc/hosts)
- arbitrary hostname/domainname.
Include a first pass at the framework code to allow this, along with a
first test case that uses the container.
- test: Use a longer timeout for less flakiness
Having occasional test failures from timeout before multiple
queries can complete, so up the default timeout for the test
from 100ms to 1500ms.
- test: Make failure tests more robust
Different platforms will do different numbers of allocations
in the processing of a given API call; just check that the
return code is either success or ENOMEM, and free off any
returned state in the former case.
Also cope with ECONNREFUSED as well as ENOTFOUND.
- test: Get test code building under Windows
- Initial nmake file based off library nmake file
- Cast socket call arguments to (char *)
- Use wrapper sclose() that maps to closesocket() or close()
- Build a config.h indicating presence of headers
- Conditionally include netdb.h
- Remove unnecessary include of sys/socket.h
- Force longer bitmask for allocation failure tracking
- Call WSAStartup() / WSACleanup() in main()
- Set TCP_NODELAY for mock server
- Turn on tests in AppVeyor build
- test: Disable tests that manipulate env on Windows
- test: Move file lists into Makefile.inc
In preparation for a Win32 build of the test suite.
- test: Add a simple multi-server test
Check rotate option does something
- test: Allow for multiple mock servers
- Update the MockServer to allow separate specification of
UDP and TCP ports
- Have an array of mock servers listening on consecutive
sets of ports.
- Rename Process(fd) to ProcessFD(fd) to avoid confusion.
- Initialize channel by using the new ares_set_servers_ports()
entrypoint, so multiple ports on the same loopback address
can be used.
- test: Update test for set/get_servers variants
Ports are significant in the _ports_ variant functions, so update test to cope.
- test: Make GetNameServers() utility function port-aware
Also make it generally available.
- test: more testing, including of internal static functions
- test: more tests, especially fallback processing
- Make mock server listen on UDP + TCP in parallel.
- Test UDP->TCP fallback on truncation
- Test EDNS->no-EDNS fallback
- Test some environment init options
- Test nonsense reply
test: short response
- test: more tests, particularly of initialization
- test: Run mock tests over both TCP and UDP
With the exception of a few tests that make use of the timed
retry aspect of UDP.
- test: Run mock tests over both IPv4 and IPv6
- test: Add more tests for edge cases
- test: more nooks and crannies of pton functions
- test: More tests for PTR parsing
- test: Use of HOSTALIAS environment variable
- test: Add RAII utility classes for testing
- TempFile holds specific contents
- EnvValue sets an environment variable
- test: More search domain scenarios
- test: Remove duplicate flags from Makefile.am
- test: Make test code leak-free
- test: More tests
- test use of sortlist
- test gethostbyname(AF_UNSPEC)
- test: Test ares_gethostbyname_file()
- test: Add more tests of ares_getnameinfo()
- test: Tweak tests, add alloc failure test
- test: Test init with options
- test: More tests
- ares_inet_net_pton() variants
- ares_getsock() variants
- test: Expose ProcessWork() function
- test: More parsing tests
Including:
- Split each parse function test set out into separate files.
- Add an allocation failure test for each parsing function.
- Add error check test for each parsing function.
- test: Add various additional tests
- test: More tests
Include tests of internal functions, based on the value of the
CARES_SYMBOL_HIDING macro; need to configure the library with
--disable-symbol-hiding to enable these tests.
- test: Allow command line override of mock server port
- test: Add README.md documentation
- test: Temporarily avoid latest Python requests package
Currently get error from Travis on this install step, and downgrading one
version appears to fix the problem.
"Could not find any downloads that satisfy the requirement pyOpenSSL>=0.13
(from requests[security])"
- test: Add AppVeyor config file for Windows build
- test: Add configuration for a Travis build
Cover Linux & OSX on the container infrastructure, but install
a later G++ to satisfy the tests' need for C++11.
Use a build matrix to include a variety of build variants:
- ASAN
- UBSAN
- LSAN
- Coverage via coveralls.io
test: invoke ASAN and coverage in Travis build
Also shift to use explicit build matrix
test: Use coveralls.io for coverage tracking
test: Add a build with UBSAN
Also expand and re-order the setting of environment variables
for easier modification.
test: Add LSAN build to Travis config
- test: Add initial unit tests for c-ares library
The tests are written in C++11, using the GoogleTest and GoogleMock
frameworks. They have their own independent autoconf setup, so that
users of the library need not have a C++ compiler just to get c-ares
working (however, the test/configure.ac file does assume the use of
a shared top-level m4/ directory). However, this autoconf setup has
only been tested on Linux and OSX so far.
Run with "./arestest", or "./arestest -v" to see extra debug info.
The GoogleTest options for running specific tests are also
available (e.g. "./arestest --gtest_filter=*Live*").
The tests are nowhere near complete yet (currently hitting around
60% coverage as reported by gcov), but they do include examples
of a few different styles of testing:
- There are live tests (ares-test-live.cc), which assume that the
current machine has a valid DNS setup and connection to the
internet; these tests issue queries for real domains but don't
particularly check what gets returned. The tests will fail on
an offline machine.
- There a few mock tests (ares-test-mock.cc) that set up a fake DNS
server and inject its port into the c-ares library configuration.
These tests allow specific response messages to be crafted and
injected, and so are likely to be used for many more tests in
future.
- To make this generation/injection easier, the dns-proto.h file
includes C++ helper classes for building DNS packets.
- Other library entrypoints that don't require network activity
(e.g. ares_parse_*_reply) are tested directly.
- There are few tests of library-internal functions that are not
normally visible to API users (in ares-test-internal.cc).
- A couple of the tests use a helper method of the test fixture to
inject memory allocation failures, using the earlier change to the
library to allow override of malloc/realloc/free.
- There is also an entrypoint to allow Clang's libfuzzer to drive
the packet parsing code in ares_parse_*_reply, together with a
standalone wrapper for it (./aresfuzz) to allow use of afl-fuzz
for further fuzz testing.
- test: Add local copy of GoogleMock/GoogleTest 1.7.0
Don't check in gtest/m4 files, as they are unused and interfere
with the top-level configure process.
- doc: Show build badges in README.md
Note that these URLs will need to be updated if/when the test branch
gets pulled into the master repo/branch.
- doc: Convert README to README.md
Gives better display on GitHub
- doc: Update in preparation for next release
Assume 1.11.0 is next (as there are various API additions).
Also add myself to AUTHORS.
- build: Allow header compilation by Windows C++ compiler
- build: Expose whether symbol hiding is on
Adding the CARES_SYMBOL_HIDING definition allows the test suite to
detect whether internal symbols are available or not.
- build: Add autoconf macros for C++11 code using pthreads
Pull in testing macros from the GNU autoconf archive to allow
configure scripts to test for and setup use of a C++11 compiler
(AX_CXX_COMPILE_STDCXX_11) and the pthreads library (AX_PTHREAD).
Note that these macros are not used by the main library autoconf,
just by the tests (which share the same m4/ directory).
- build: Add a code coverage option
Configure with:
./configure --enable-code-coverage
Show coverage output with:
make code-coverage-capture
Built on m4/ax_code_coverage.m4 from the GNU autoconf archive
to provide the macros to check for presence of gcov + lcov;
upstream macro modified to:
- Remove use of $(AM_DEFAULT_VERBOSITY) , as earlier versions of
autoconf (such as the one used by default on Travis) do not have this.
- Rather than automatically defining CODE_COVERAGE_RULES to be a set
of makefile rules that use ifeq/endif (which is GNU make-specific),
instead only define CODE_COVERAGE_RULES if coverages is turned on,
and in that case don't use conditionals in the makefile.
- api: Add entrypoints to allow use of per-server ports
Add user-visible entrypoints ares_{get,set}_servers_ports(3), which
take struct ares_addr_port_node rather than struct ares_addr_node.
This structure includes a UDP and TCP port number; if this is set
to zero, the channel-wide port values are used as before.
Similarly, add a new ares_set_servers_ports_csv(3) entrypoint, which
is analogous to ares_set_servers(3) except it doesn't ignore any
specified port information; instead, any per-server specified port
is used as both the UDP and TCP port for that server.
The internal struct ares_addr is extended to hold the UDP/TCP ports,
stored in network order, with the convention that a value of zero
indicates that the channel-wide UDP/TCP port should be used.
For the internal implementation of ares_dup(3), shift to use the
_ports() version of the get/set functions, so port information is
transferred correctly to the new channel.
Update manpages, and add missing ares_set_servers_csv to the lists
while we're at it
- api: Add ares_set_sortlist(3) entrypoint
Allow explicit configuration of the channel's sortlist, by
specifying a string in the same format as the equivalent
/etc/resolv.conf option.
This allows library users to perform the same configuration
that is available via /etc/resolv.conf, but without needing
to change that file.
- api: Allow injection of user-specified malloc/free functions
Add a new ares_library_init_mem() initialization function for the
library which allows the library user to specify their own malloc,
realloc & free equivalents for use library-wide.
Store these function pointers in library-wide global variables,
defaulting to libc's malloc(), realloc() and free().
Change all calls to malloc, realloc and free to use the function pointer
instead. Also ensure that ares_strdup() is always available
(even if the local environment includes strdup(3)), and change the
library code to always use it.
Convert calls to calloc() to use ares_malloc() + memset
- api: Add option to expose some internal functions
Purely for testing, add --enable-expose-statics option to configure
which converts some static internal functions to be externally visible.
- api: Expose the ares_library_initialized() function
- ahost: Allow repeated -s <domain> options
This also removes a potential leak where later -s options would
replace earlier ones without freeing the relevant string.
- Mark unhittable lines
Add comments for the benefit of the lcov tool, marking
lines that cannot be hit. Typically these are fall-back
protection arms that are already covered by earlier checks,
and so it's not worth taking out the unhittable code (in case
someone changes the code between the two places in future).
- ares_set_servers_csv.3: make return type match code
- bitncmp: update comment to match code behaviour
- ares_striendstr: fix so non-NULL return can happen
This looks to have been broken since it was first introduced in 2005 in
commit aba0b775ea30 ("Added ares_getnameinfo which mimics the
getnameinfo API")
- config_sortlist: free any existing sortlist on (re)alloc failure
If we get an allocation failure on 2nd or later entry in the sortlist, the
code would return ENOMEM but still leave the initial entries allocated.
Ensure that *sortlist is set to NULL whenever ENOMEM is returned.
- ares_dup: clear new channel on failure
If the attempt to transfer IPv6 servers from the old to the new channel
fails, the previous code would still return a channel to the user even though
an error return code was generated. This makes it likely that users would
leak the channel, so explicitly clear the channel in this case.
- ares_init_options: don't lose init failure
If (say) init_by_options() fails, the subsequent call to
init_by_defaults() was overwriting the return code with
success. Still call init_by_defaults() regardless, but track
its return value separately
- ares_gethostbyname: don't leak valid-but-empty hostent
If an AF_UNSPEC query gets a valid response to its AAAA query,
but which has no IPv6 addresses in it, then the code chains on to
a A record query. However, the hostent from the AAAA response
was being leaked along the way (because it gets replaced before
the follow-on end_hquery() invocation).
- ares_parse_txt_reply: propagate errors from per-substring loop
If we get an allocation failure when processing a particular substring in a
TXT record, that failure is silently lost; fix that by propagating errors from
the inner loop to the outer loop.
- process_answer: fix things up correctly when removing EDNS option
When a server rejects an EDNS-equipped request, we retry without
the EDNS option. However, in TCP mode, the 2-byte length prefix was
being calculated wrong -- it was built from the answer length rather than
the length of the original request.
Also, it is theoretically possible that the call to realloc() might change
the data pointed to; to allow for this, qbuf also needs updating.
(Both these fixes were actually included in a patchset sent on the mailing
list in Oct 2012, but were included with other functional changes that
didn't get merged:
http://c-ares.haxx.se/mail/c-ares-archive-2012-10/0004.shtml)
- ares__read_line: clear buf pointer on realloc failure
- ares_expand_name: check for valid bits in label length
The top two bits of the label length indicate whether this is a
label length (00) or an index to a name elsewhere in the message
(11). RFC1035 4.1.4 says that the other possible values for the
top two bits (01, 10) are reserved for future use.
Daniel Stenberg (23 Jan 2016)
- [Gregor Jasny brought this change]
Fix typos detected by lintian
Closes#32
- [Gregor Jasny brought this change]
Distribute all man pages
- README.cares: s/I/Daniel
... and add a pointer to an existing version of the original area 1.1.1
package.a
- read_tcp_data: don't try to use NULL pointer after malloc failure
CID 56884, pointed out by Coverity. We really should make this function
return an error code so that a malloc() failure can return back a major
failure.
- configure_socket: explicitly ignore return code
CID 56889 in Coverity pointed out the return code from setsocknonblock()
is ignored, and this added typecast to (void) makes it explicit.
- ahost: check the select() return code
Fixes CID 137189, pointed out by Coverity
David Drysdale (18 Jan 2016)
- Fix buildconf on platforms using glibtoolize
Commit c49a87eea538 changed buildconf to only check for
libtoolize, but missed a line
- Don't exit loop early leaving uninitialized entries
Update for commit affc63cba875d.
The original patch from Gregor Jasny did not have the break
statement; I incorrectly added it to prevent continuing the loop.
However, the later entries in the array would then be left
uninitialized, causing problems for later cleanup.
So fix to match Gregor's original patch, with apologies.
Daniel Stenberg (18 Jan 2016)
- buildconf: remove check for libtool, it only requires libtoolize
David Drysdale (17 Jan 2016)
- [Gregor Jasny brought this change]
Use libresolv to initialize cares on iPhone targets
On iPhone targets like iOS, watchOS or tvOS the file
/etc/resolv.conf cannot be used to configure cares.
Instead the resolver library is queried for configuration
values.
CC: Yury Kirpichev <ykirpichev@yandex-team.ru>
Daniel Stenberg (17 Jan 2016)
- README: updated to new repo URL
David Drysdale (14 Jan 2016)
- [Lei Shi brought this change]
Fixing slow DNS lookup issue
This patch is fixing the dns lookup issue due to dummy dns information
of a disconnected adapter(in my case is a bluetooth adapter). I changed
the dns lookup policy to try GetNetworkParams first because the
GetNetworkParams provides the most reliable dns information (lots of
checks were done by system). I also filter out inoperable adapter in
DNS_AdaptersAddresses in case GetNetworkParams fail.
- Merge pull request #30 from p-push/vs-2015
Support Visual Studio 2015
Oleg Pudeyev (3 Jan 2016)
- [Gisle Vanem brought this change]
Support Visual Studio 2015
David Drysdale (11 Nov 2015)
- [Andrew Andkjar brought this change]
added another version case to Makefile.msvc
nmake version 11.00.61030.0 resolves to CC_VERS_NUM = 110
- Merge pull request #26 from bitbouncer/vs-2013
added define for visual studio 2013
svante karlsson (25 Jun 2015)
- added define for visual studio 2013
Jakub Hrozek (6 Nov 2014)
- ares__read_line: free buf on realloc failure
- Destroy options if ares_save_options fails
It's possible that, if ares_save_options failed, the opts structure
would contain some allocated memory. Calling ares_destroy_options in
this case is safe, because ares_save_options zeroes out the memory
initially.
- [David Drysdale brought this change]
Continue loop if space for hostname not large enough
When attempting to build a search domain from the local hostname
(used as a fallback when no other methods have given a search
domain), the code doubles the buffer size on each loop iteration.
However, the loop previously had a WHILE_FALSE terminator so the continue
statement exited the loop rather than going round again.
Daniel Stenberg (30 Oct 2014)
- ares_getnameinfo.3: there is no ares_getaddrinfo
David Drysdale (30 Sep 2014)
- [Gregor Jasny brought this change]
Prevent tmpbuf from overrunning
Fix Coverity error CID 56886.
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
- [Gregor Jasny brought this change]
Re-start loop if select fails
Fix Coverity error CID 56882
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
- [Gregor Jasny brought this change]
Free temporary variable in error path
Fix Coverity CID 56890
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
- [Gregor Jasny brought this change]
Fix integer shift overflow if both tcp_socket and udp_socket are set
The problem occurs if at the start of the loop the sockindex is at the
last valid ARES_GETSOCK_MAXNUM position. If then both udp_socket and
tcp_socket are valid, sockindex gets incremented for UDP first and
points one entry behind the array for the tcp block.
So the fix is to check after every increment of sockindex if it is still
valid.
Fix Coverity error CID 56878
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
- [Gregor Jasny brought this change]
Null check before dereference
Fix Coverity error CID 56880
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
Jakub Hrozek (28 Jul 2014)
- [Gisle Vanem brought this change]
Comment in ares_ipv6.h
David Drysdale (25 Jul 2014)
- CONTRIBUTING: add file to indicate mailing list is preferred
- Add -t u option to ahost
Add an option to allow specification of the AF_UNSPEC
address family.
Jakub Hrozek (24 Jul 2014)
- host_callback: Fall back to AF_INET on searching with AF_UNSPEC
Previously, when an ares_gethostbyname() searched with AF_UNSPEC and the
first AF_INET6 call only returned CNAMEs, the host_callback never
retried AF_INET.
This patch makes sure than on ARES_SUCCESS, the result of AF_INET6 is
taken as authoritative only if the result contains some addresses.
- [David Drysdale brought this change]
Move memset call below platform-specific declarations
A GitHub commenter [1] says that my recent change to ahost.c has
problems compiling on Windows + C89 platforms.
[1] https://github.com/bagder/c-ares/commit/ee22246507c9#commitcomment-6587616
- [David Drysdale brought this change]
Update ahost man page to describe -s option.
Commit ee22246507c9 added the -s <domain> option to the
ahost command, but neglected to update the man page to
describe it.
Also fix typo in description of -t option.
- ares_parse_soa_reply: Do not leak rr_name on allocation failure
If ares_malloc_data failed, already allocated rr_name would go out of
scope.
- [David Drysdale brought this change]
Don't override explicitly specified search domains
Only set search domains from /etc/resolv.conf if there isn't a value
already present in the channel.
- [David Drysdale brought this change]
Allow specification of search domain in ahost
Add the "-s domain" command line option to override the search
domains.
Daniel Stenberg (12 May 2014)
- Revert "ares_parse_aaaa_reply: fix leak when reply contains 1 alias and no address"
This reverts commit 440110b303fdbfadb3ad53d30eeb98cc45d70451.
- [Frederic Germain brought this change]
ares_parse_aaaa_reply: fix leak when reply contains 1 alias and no address
- [Doug Kwan brought this change]
ares_build.h: fix building on 64-bit powerpc
There are two issues.
1. gcc actually does not use __ppc__ and __ppc64__ but __PPC__ and
__PPC64__. The tests of __ILP32__ and __LP64__ are sufficient for gcc.
2. clang defines __GNU__ and defines both __ppc64__ and __ppc__ when
targeting ppc64. This makes CARES_SIZEOF_LONG to be 4 on a ppc64 system
when building with clang.
My patch is two change the order of the checks so that we check the
64-bit case first.
- refresh: updated now with automake 1.14
- [David Drysdale brought this change]
single_domain: Invalid memory access for empty string input
We noticed a small buglet in ares_search() when it gets an empty string
as input -- the single_domain() utility function in ares_search.c
accesses invalid memory (before the start of the string).
Guenter Knauf (31 Aug 2013)
- Fixed warning 'type specifier missing'.
Daniel Stenberg (30 Aug 2013)
- [Tor Arntsen brought this change]
ares_rules.h: CARES_SIZEOF_LONG doesn't exist anymore, don't test for it
It was removed in f19387dd72432
- nowarn: use <limits.h> instead of configure for size of long
This makes the header file much more multi-arch friendly and can be used
as-is with both 32 bit and 64 bit builds.
- timeoffset: made static and private
ares__timeoffset() was only used once within this single source file
- timeadd: make static
ares__timeadd() was only ever used from within the same source
Yang Tse (18 Jul 2013)
- xc-am-iface.m4: comments refinement
- configure: fix 'subdir-objects' distclean related issue
See XC_AMEND_DISTCLEAN comments for details.
- configure: automake 1.14 compatibility tweak (use XC_AUTOMAKE)
- xc-am-iface.m4: provide XC_AUTOMAKE macro
Daniel Stenberg (12 May 2013)
- gitignore: ignore all ares_*pdf but also CHANGES.dist
- bump: start working towards 1.10.1
--- 9.10.4-P3 released ---
4468. [bug] Address ECS option handling issues. [RT #43191]
Note: Only the parts required to restore
interoperation with ECS clients have been
included in this security release. The full
fix is included in BIND 9.10.5.
4467. [security] It was possible to trigger a assertion when rendering
a message. (CVE-2016-2776) [RT #43139]
Bug #2765 - A letter appears on macOS clients when the spacebar is pressed
Bug #3241 - Windows UAC disconnects clients when elevated
Bug #4740 - Linux client crashes with "Assertion '!m_open' failed"
Bug #4879 - Memory leak caused by IpcReader
Bug #5373 - Tab behaves like shift tab on client
Bug #5502 - Copy and paste from server to client doesn't work
Enhancement #123 - Option to disable clipboard sharing
Enhancement #3305 - Media key support on macOS
Enhancement #4323 - Make automatic elevation on Windows optional
Changelog:
Release 2.2.3 August 8th 2016
SyncEngine: Fix detection of backup (#5104)
Fix bug with overriding URL in config (#5016)
Sharing: Fix bug with file names containing percent encodes (#5042, #5043)
Sharing: Permissions for federated shares on servers >=9.1 (#4996, #5001)
Overlays: Fix issues with file name casing on OS X and Windows
Windows: Skip symlinks and junctions again (#5019)
Only accept notification API Capability if endpoint is OCS-enabled (#5034)
Fix windows HiDPI (#4994)
SocketAPI: Use different pipe name to avoid unusual delay (#4977)
Tray: Add minimal mode as workaround and testing tool for Linux issues (#4985, #4990)
owncloudcmd: Fix --exclude regression #4979
Small memleak: Use the full file stat destructors (#4992)
Fix small QAction memleak (#5008)
Fix crash on shutting down during propagation (#4979)
Decrease memory usage during sync (#4979)
Fix a deadlock when shutting down during discovery (#4993)
Setup csync logging earlier to get all log output (#4991)
Enable Shibboleth debug view with OWNCLOUD_SHIBBOLETH_DEBUG env
Release 2.2.2 June 21st 2016
Excludes: Don't redundantly add the same exclude files (#4967, #4988)
Excludes: Only log if the pattern was really logged. (#4989)
Release 2.2.1 June 6th 2016
Fix out of memory error when too many uploads happen (#4611)
Fix display errors in progress display (#4803, #4856)
LockWatcher: Remember to upload files after they become unlocked (#4865)
Fix overlay icons for files with umlauts (#4884)
Certs: Re-ask for different cert after rejection (#4898, #4911)
Progress: Don't count items without propagation jobs (#4856, #4910)
Utility: Fix for the translation of minutes, second (#4855)
SyncEngine: invalid the blacklist entry when the rename destination change
Several fixes to speed up reconnect after connection changes
Updater: Fix small memory leak
Linux: Revert forced HiDPI detection settings (#4840, #4861)
Release 2.2.0 May 12th 2016
Overlay icons: Refactoring - mainly for performance improvements
Improved error handling with Sync Journal on USB storages (#4632)
Sharing Completion: Improved UI of completion in sharing from desktop. (#3737)
Show server notifications on the client (#3733)
Improved Speed with small files by dynamic parallel request count (#4529)
LockWatcher: Make sure to sync files after apps released exclusive locks on Windows.
Improved handling of Win32 file locks and network files
Workaround Ubuntu 16.04 tray icon bug (#4693)
Removed the Alias field from the folder definition (#4695)
Improved netrc parser (#4691)
Improved user notifications about ignored files and conflicts (#4761, #3222)
Add warnings for old server versions (#4523)
Enable tranportation checksums if the server supports based on server capabilities (#3735)
Default Chunk-size changed to 10MB (#4354)
Documentation Improvements, ie. about overlay icons
Translation fixes
Countless other bugfixes
Sqlite Update to recent version
Update of QtKeyChain to support Windows credential store
http://bugzilla.gnome.org/show_bug.cgi?id=648606
require minimally gnutls 2.2.0 for use of currently used functions
since the recent gnutls update, deprecated => obsoleted
fixes build for now, discussing with wiz@ seems reasonable later
to update to the gnome3 version and, if necessary, adding back vino2.
3.21.0 (2016-08-23)
! Fixed a string format vulnerability introduced in 3.20.0-rc1 when listing directories using SFTP
+ SFTP: Added support for AES-GCM ciphers as implemented in OpenSSH
+ OS X: Ctrl+Tab and Ctrl+Shift+Tab can now be used to switch forward and backward between opened tabs
- Reduced time between TCP keepalive packets to 15 minutes on supporting platforms
- Fixed saving of directory listing filters with an attribute condition
3.20.1 (2016-08-03)
- Fixed rename file exists action on downloads
- Fixed possible crash if disabling log abbreviation
- Official binaries now link against a patched version of GnuTLS so that a better error message can be printed on broken servers that send malformed certificate chains
3.20.0 (2016-07-27)
+ Display error message if entering a non-existing path on local file search
+ Building and running FileZilla now depends on libfilezilla >= 0.6.1 (https://lib.filezilla-project.org/).
3.20.0-rc1 (2016-07-20)
+ Added compatibility for filenames with leading or trailing whitespace if using SFTP
+ Building and running FileZilla now depends on libfilezilla >= 0.6.0 (https://lib.filezilla-project.org/).
+ Building and running FileZilla now depends on GnuTLS 3.4.0 or higher
- Fixed regression introduced in 3.19.0-rc1, reconnecting again uses the last used remote directory instead of the initial default remote directory
- Fixed crash if creating a new site via the bookmarks dialog
- Queuing remote directories for transfer no longer exits comparison mode
- Fixed a rare crash using FTP over TLS if the control connection fails at the same time the data connection gets established
- Entering invalid regular expressions in filter and search conditions now shows an error message
- Fixed title of search dialog
- Stricter certificate chain validation to supplement the Tofu model
- *nix: Fix initial size of Site Manager dialog with some GTK versions
Still using xorg-server-1.17.2 for now.
The proper release of TigerVNC 1.7.0 is now available. Lots of
changes have been made since the last release, but the highlights
are:
Multi-threaded decoder in the FLTK viewer
Windows Vista/2008 is now the minimum requirement
Improved SSH integration in the Java viewer
Fine grained lock down of Xvnc parameters
Compatibility with Xorg 1.18
Lots of packaging fixes
Better compatibility with Vino, both in the FLTK and Java viewer
Twisted Core 16.4.1 (2016-09-07)
================================
Features
--------
- Client and server TLS connections made via the client TLS endpoint
and the server SSL endpoint, as well as any other code that uses
twisted.internet.ssl.CertificateOptions, now support ChaCha20
ciphers when available from the OpenSSL on the system. (#8760)
Bugfixes
--------
- Client and server TLS connections made via the client TLS endpoint
and the server SSL endpoint, as well as any other code that uses
twisted.internet.ssl.CertificateOptions, no longer accept 3DES-
based cipher suites by default, to defend against SWEET32. (#8781)
