9.16.32 (2022-08-17)
Notes for BIND 9.16.32
Feature Changes
* The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically
disabled on systems where they are disallowed by the security policy
(e.g. Red Hat Enterprise Linux 9). Primary zones using those algorithms
need to be migrated to new algorithms prior to running on these systems,
as graceful migration to different DNSSEC algorithms is not possible when
RSASHA1 is disallowed by the operating system. [GL #3469]
* Log messages related to fetch limiting have been improved to provide more
complete information. Specifically, the final counts of allowed and
spilled fetches are now logged before the counter object is destroyed.
[GL #3461]
Bug Fixes
* Non-dynamic zones that inherit dnssec-policy from the view or options
blocks were not marked as inline-signed and therefore never scheduled to
be re-signed. This has been fixed. [GL #3438]
* The old max-zone-ttl zone option was meant to be superseded by the
max-zone-ttl option in dnssec-policy; however, the latter option was not
fully effective. This has been corrected: zones no longer load if they
contain TTLs greater than the limit configured in dnssec-policy. For
zones with both the old max-zone-ttl option and dnssec-policy configured,
the old option is ignored, and a warning is generated. [GL #2918]
* rndc dumpdb -expired was fixed to include expired RRsets, even if
stale-cache-enable is set to no and the cache-cleaning time window has
passed. [GL #3462]
The package changed with the addition of its libepoll-shim dependency.
Otherwise, we can get:
ERROR: libepoll-shim>=0.0.20210418 is not installed; can't buildlink files.
0.39.0
Technically backwards incompatible:
Switch to using async_timeout for timeouts
Significantly reduces the number of asyncio tasks that are created when using ServiceInfo or AsyncServiceInfo
0.2.0
Added an option to include IP-less adapters, thanks to memory
Fixed a bug where an interface's name was bytes, not str, on Windows
Added an implementation of netifaces.interfaces() (available through ifaddr.netifaces.interfaces())
Added type hints
Backwards incompatible/breaking changes:
Dropped Python 3.6 support
Twisted 22.4.0 (2022-04-11)
===========================
Features
--------
- twisted.python.failure.Failure tracebacks now capture module information, improving compatibility with the Raven Sentry client.
- twisted.python.failure.Failure objects are now compatible with dis.distb, improving compatibility with post-mortem debuggers.
Bugfixes
- twisted.internet.interfaces.IReactorSSL.listenSSL now has correct type annotations.
- twisted.internet.test.test_glibbase.GlibReactorBaseTests now passes.
Conch
-----
Features
- twisted.conch.ssh now supports using RSA keys with SHA-2 signatures (RFC 8332) when acting as a server. The rsa-sha2-512 and rsa-sha2-256 public key signature algorithms are automatically preferred over ssh-rsa if the client advertises support for them; the actual public keys do not need to change.
- twisted.conch.ssh now has an alternative Ed25519 implementation using PyNaCl, in order to support platforms that lack OpenSSL >= 1.1.1b. The new "conch_nacl" extra has the necessary dependency.
Web
---
Features
- Twisted is now compatible with h2 4.x.x.
Bugfixes
- twisted.web.http had several several defects in HTTP request parsing that could permit HTTP request smuggling. It now disallows signed Content-Length headers, forbids illegal characters in chunked extensions, forbids a ``0x`` prefix to chunk lengths, and only strips spaces and horizontal tab characters from header values. These changes address CVE-2022-24801 and GHSA-c2jg-hw38-jrqq.
Mail
----
Bugfixes
- twisted.mail.pop3.APOPCredentials is now correctly marked as implementing twisted.cred.credentials.IUsernamHashedPassword, rather than IUsernamePassword.
Trial
-----
Features
- `trial --until-failure --jobs=N` now reports the number of each test pass as it begins.
Bugfixes
- twisted.trial.unittest.TestCase now discards cleanup functions after running them. Notably, this prevents them from being run an ever growing number of times with `trial -u ...`.
Twisted 22.2.0 (2022-03-01)
===========================
Bugfixes
- twisted.internet.gireactor.PortableGIReactor.simulate and twisted.internet.gtk2reactor.PortableGtkReactor.simulate no longer raises TypeError when there are no delayed called. This was a regression introduced with the migration to Python 3 in which the builtin `min` function no longer accepts `None` as an argument.
- twisted.conch.ssh.transport.SSHTransportBase now disconnects the remote peer if the
SSH version string is not sent in the first 4096 bytes.
GHSA-rv6r-3f5q-9rgx)
Improved Documentation
- Add type annotations for twisted.web.http.Request.getHeader.
Deprecations and Removals
- Support for Python 3.6, which is EoL as of 2021-09-04, has been deprecated.
Replace patch+sed with just sed.
### 2022.07.18
* Allow users to specify encoding in each config files by [Lesmiscore](https://github.com/Lesmiscore)
* Discard infodict from memory if no longer needed
* Do not allow extractors to return `None`
* Do not load system certificates when `certifi` is used
* Fix rounding of integers in format table
* Improve chapter sanitization
* Skip some fixup if remux/recode is needed by [Lesmiscore](https://github.com/Lesmiscore)
* Support `--no-progress` for `--wait-for-video`
* Fix bug in [612f2be](612f2be5d3)
* [outtmpl] Add alternate form `h` for HTML escaping
* [aes] Add multiple padding modes in CBC by [elyse0](https://github.com/elyse0)
* [extractor/common] Passthrough `errnote=False` to parsers
* [extractor/generic] Remove HEAD request
* [http] Ensure the file handle is always closed
* [ModifyChapters] Modify duration in infodict
* [options] Fix aliases to `--config-location`
* [utils] Fix `get_domain`
* [build] Consistent order for lazy extractors by [lamby](https://github.com/lamby)
* [build] Fix architecture suffix of executables by [odo2063](https://github.com/odo2063)
* [build] Improve `setup.py`
* [update] Do not check `_update_spec` when up to date
* [update] Prepare to remove Python 3.6 support
* [compat] Let PyInstaller detect _legacy module
* [devscripts/update-formulae] Do not change dependency section
* [test] Split download tests so they can be more easily run in CI
* [docs] Improve docstring of `download_ranges` by [FirefoxMetzger](https://github.com/FirefoxMetzger)
* [docs] Improve issue templates
* [build] Fix bug in [6d916fe](6d916fe709)
* [cleanup, utils] Refactor parse_codecs
* [cleanup] Misc fixes and cleanup
* [extractor/acfun] Add extractors by [lockmatrix](https://github.com/lockmatrix)
* [extractor/Audiodraft] Add extractors by [Ashish0804](https://github.com/Ashish0804), [fstirlitz](https://github.com/fstirlitz)
* [extractor/cellebrite] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/detik] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/hytale] Add extractor by [llamasblade](https://github.com/llamasblade), [pukkandan](https://github.com/pukkandan)
* [extractor/liputan6] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/mocha] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/rtl.lu] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/rtvsl] Add extractor by [iw0nderhow](https://github.com/iw0nderhow), [pukkandan](https://github.com/pukkandan)
* [extractor/StarTrek] Add extractor by [scy](https://github.com/scy)
* [extractor/syvdk] Add extractor by [misaelaguayo](https://github.com/misaelaguayo)
* [extractor/theholetv] Add extractor by [dosy4ev](https://github.com/dosy4ev)
* [extractor/TubeTuGraz] Add extractor by [Ferdi265](https://github.com/Ferdi265), [pukkandan](https://github.com/pukkandan)
* [extractor/tviplayer] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/wetv] Add extractors by [elyse0](https://github.com/elyse0)
* [extractor/wikimedia] Add extractor by [EhtishamSabir](https://github.com/EhtishamSabir), [pukkandan](https://github.com/pukkandan)
* [extractor/youtube] Fix duration check for post-live manifestless mode
* [extractor/youtube] More metadata for storyboards by [ftk](https://github.com/ftk)
* [extractor/bigo] Fix extractor by [Lesmiscore](https://github.com/Lesmiscore)
* [extractor/BiliIntl] Fix subtitle extraction by [MinePlayersPE](https://github.com/MinePlayersPE)
* [extractor/crunchyroll] Improve `_VALID_URL`
* [extractor/fifa] Fix extractor by [ischmidt20](https://github.com/ischmidt20)
* [extractor/instagram] Fix post/story extractors by [pritam20ps05](https://github.com/pritam20ps05), [pukkandan](https://github.com/pukkandan)
* [extractor/iq] Set language correctly for Korean subtitles
* [extractor/MangoTV] Fix subtitle languages
* [extractor/Netverse] Improve playlist extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/philharmoniedeparis] Fix extractor by [sqrtNOT](https://github.com/sqrtNOT)
* [extractor/Trovo] Fix extractor by [u-spec-png](https://github.com/u-spec-png)
* [extractor/twitch] Support storyboards for VODs by [ftk](https://github.com/ftk)
* [extractor/WatchESPN] Improve `_VALID_URL` by [IONECarter](https://github.com/IONECarter), [dirkf](https://github.com/dirkf)
* [extractor/WSJArticle] Fix video id extraction by [sqrtNOT](https://github.com/sqrtNOT)
* [extractor/Ximalaya] Fix extractors by [lockmatrix](https://github.com/lockmatrix)
* [cleanup, extractor/youtube] Fix tests by [sheerluck](https://github.com/sheerluck)
### 2022.06.29
* Fix `--downloader native`
* Fix `section_end` of clips
* Fix playlist error handling
* Sanitize `chapters`
* [extractor] Fix `_create_request` when headers is None
* [extractor] Fix empty `BaseURL` in MPD
* [ffmpeg] Write full output to debug on error
* [hls] Warn user when trying to download live HLS
* [options] Fix `parse_known_args` for `--`
* [utils] Fix inconsistent default handling between HTTP and HTTPS requests by [coletdjnz](https://github.com/coletdjnz)
* [build] Draft release until complete
* [build] Fix release tag commit
* [build] Standalone x64 builds for MacOS 10.9 by [StefanLobbenmeier](https://github.com/StefanLobbenmeier)
* [update] Ability to set a maximum version for specific variants
* [compat] Fix `compat.WINDOWS_VT_MODE`
* [compat] Remove deprecated functions from core code
* [compat] Remove more functions
* [cleanup, extractor] Reduce direct use of `_downloader`
* [cleanup] Consistent style for file heads
* [cleanup] Fix some typos by [crazymoose77756](https://github.com/crazymoose77756)
* [cleanup] Misc fixes and cleanup
* [extractor/Scrolller] Add extractor by [LunarFang416](https://github.com/LunarFang416)
* [extractor/ViMP] Add playlist extractor by [FestplattenSchnitzel](https://github.com/FestplattenSchnitzel)
* [extractor/fuyin] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/livestreamfails] Add extractor by [nomevi](https://github.com/nomevi)
* [extractor/premiershiprugby] Add extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/steam] Add broadcast extractor by [HobbyistDev](https://github.com/HobbyistDev)
* [extractor/youtube] Mark videos as fully watched by [Brett824](https://github.com/Brett824)
* [extractor/CWTV] Extract thumbnail by [ischmidt20](https://github.com/ischmidt20)
* [extractor/ViMP] Add thumbnail and support more sites by [FestplattenSchnitzel](https://github.com/FestplattenSchnitzel)
* [extractor/dropout] Support cookies and login only as needed by [pingiun](https://github.com/pingiun), [pukkandan](https://github.com/pukkandan)
* [extractor/ertflix] Improve `_VALID_URL`
* [extractor/lbry] Use HEAD request for redirect URL by [flashdagger](https://github.com/flashdagger)
* [extractor/mediaset] Improve `_VALID_URL`
* [extractor/npr] Implement [e50c350](e50c3500b4) differently
* [extractor/tennistv] Rewrite extractor by [pukkandan](https://github.com/pukkandan), [zenerdi0de](https://github.com/zenerdi0de)
Changes:
0.51
====
Geomyidae v0.51 brcon2022 release.
I am happy to announce the geomyidae v0.51 brcon2022 release.
Thanks to everyone having contributed! It was much fun at the geomyidae
hackathon! I wish to repeat it.
Changes:
* Splice(1) speedup has been implemented on Linux for sending files.
* CPU usage is reduced by 80% and throughput increased by 20%.
* Was done at the geomyidae hackathon.
* New escaping in gph has been implemented. See below for description.
* Was done at the geomyidae hackathon.
* New external project for geomyidae CGI REST handling.
* git://bitreich.org/libgcgi
* Was done at the geomyidae hackathon.
* Add gph major-mode file for emacs.
* FreeBSD rc.d is now added.
* NetBSD compile options added to the Makefile.
* OpenBSD rc.d script has been fixed for 7.1 release.
## New Escaping
THIS IS IMPORTANT FOR EVERYONE!
The gph format has been changed, to simplify things in the future.
In the past, the escape for some line to not be interpreted was
ttext is here
becomes
text is here
This has changed. All lines beginning with t are now not escaped anymore.
The new escape way is:
[|text is here
becomes
text is here
In every gph script you already had to check for any line beginning with
'['. Now the already illegal case of an empty item type is reused for
escaping in gph.
This will make life easier for newcomers and oldcomers.
So be sure to change all escaping after the upgrade.
Changelog:
This release adds the zone verification support from the CreDNS code.
There are also some bug fixes in the ixfr out code.
Zone verification can start a verifier program that reads the new zone
data. It can reject the update. Or process the new zone data. The intent
is for a DNSSEC verifier to inspect the zone before it is passed on with
zone transfer or served to clients.
The zone verification can be enabled with enable: yes in the verify
section in nsd.conf. You can then list the interfaces the NSD listens on
while the verifier is active, so it can send queries for the new zone
contents. With verify-zones: yes zones are verified by default. The
command that is executed can be set with the verifier: ldns-verify-zone
option. With verifier-count the max number of concurrent verifiers can
be set. With the verifier-feed-zone: yes option the zone can be input
on stdin to the verifier program. A timeout to stop the verifier can be
set with the verifier-timeout option.
Per zone options can also be set for a pattern or for a zone, for zone
verification. With verify-zone the zone verification can be enabled
per zone. The verifier can be set per zone. And the verifier-feed-zone
and verifier-timeout options can be controlled per zone.
FEATURES:
Port zone-verification from CreDNS to NSD4.
BUG FIXES:
Fix static analyzer reports on ixfrcreate temp file.
Fixup wrong ixfrcreate fread return check.
- Fixed bug in dns_txt evaluation for long TXT records -> RDATA labels
not respected.
- Fixed generation of SPF and DKIM records in tinydns due to missing
labels in RDATA.
- The maximal TXT label-len is 255 throughout.
- Fixed man page of dnscache referencing outdated EDNS0 disabling.
- Added script to extract pubkey from keyfile to be used for DKIM records.
- Fixed wrong response to PTR query of ::1 -> ip6-loopback.
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
Features
- Merge #718: Introduce infra-cache-max-rtt option to config max
retransmit timeout.
Bug Fixes
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
- Fix verbose EDE error printout.
- Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
- For windows crosscompile, fix setting the IPV6_MTU socket option
equivalent (IPV6_USER_MTU); allows cross compiling with latest
cross-compiler versions.
- Merge PR 714: Avoid treat normal hosts as unresponsive servers.
And fixup the lock code.
- iana portlist update.
- Update documentation for 'outbound-msg-retry:'.
- Tests for ghost domain fixes.
The builtin heimdal no longer builds and it's unclear how it can possibly
work as it uses functions that do not exist anywhere. Also fix some SunOS
build issues.
I'm not convinced this won't break builds that use heimdal but will keep an
eye out for failures.
Wireshark 3.6.7
Bug Fixes
The following bugs have been fixed:
• Multiple Files preference "Create new file automatically…after"
[time] working incorrectly Issue 16783[2].
• get_filter Lua function doesn’t return the filter Issue 17188[3].
• Dissector bug, protocol HTTP failed assertion "saved_layers_len <
500" with chunked/multipart Issue 18130[4].
• Wrong EtherCAT bit label (possible dissector bug) Issue 18132[5].
• UDP packets falsely marked as "malformed packet" Issue 18136[6].
• TLS certificate parser with filter crash Issue 18155[7].
• Incorrect type for the IEC 60870 APDU appears in packet details
pane Issue 18167[8].
• NHRP Problem Issue 18181[9].
• EtherCAT CoE header unknown type Issue 18220[10].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
BGP, DTLS, EtherCAT, EtherCAT Mailbox, HTTP, IEC 104, MEGACO, NHRP,
PPPoE, QUIC, RTCP, Signal PDU, SOME/IP, and X509IF
It is a common protocol and nghttp2 is a comparatively cheap dependency
that most people already have installed since it is default enabled in
curl and nodejs.
