Changes:
version 2017.10.29
Core
* [extractor/common] Prefix format id for audio only HLS formats
+ [utils] Add support for zero years and months in parse_duration
Extractors
* [egghead] Fix extraction (#14388)
+ [fxnetworks] Extract series metadata (#14603)
+ [younow] Add support for younow.com (#9255, #9432, #12436)
* [dctptv] Fix extraction (#14599)
* [youtube] Restrict embed regex (#14600)
* [vimeo] Restrict iframe embed regex (#14600)
* [soundgasm] Improve extraction (#14588)
- [myvideo] Remove extractor (#8557)
+ [nbc] Add support for classic-tv videos (#14575)
+ [vrtnu] Add support for cookies authentication and simplify (#11873)
+ [canvas] Add support for vrt.be/vrtnu (#11873)
* [twitch:clips] Fix title extraction (#14566)
+ [ndtv] Add support for sub-sites (#14534)
* [dramafever] Fix login error message extraction
+ [nick] Add support for more nickelodeon sites (no, dk, se, ch, fr, es, pt,
ro, hu) (#14553)
Changes:
1.0.0
-----
- Add `--cookies' option to load further cookies from a file
- Remove `kisscomic' module, image links on the site are dead
- Remove `yonkouprod' module, every manga chapter on the site were removed
- Add thread extractor to `warosu' module
- Add extractor for ranking lists to `pixiv' module
- Add extractors for "Popular" images to `booru' module
- Add `--filter' option to allow image filtering via Python expressions
- Rename `--images' and `--chapters' options to `--range' and `--chapter-range'
- Misc bug fixes and improvements
Upstream changes:
- use ruby-gtk2 3.1.9 (thanks @Phenomer)
- activity plugin crash problem
- MIKUTTER_CONFROOT environment for Gemfile was dealt differently
from mikutter itself
Changes in version 0.3.1.8:
Tor 0.3.1.7 is the second stable release in the 0.3.1 series.
It includes several bugfixes, including a bugfix for a crash issue
that had affected relays under memory pressure. It also adds
a new directory authority, Bastet.
o Directory authority changes:
- Add "Bastet" as a ninth directory authority to the default list.
- The directory authority "Longclaw" has changed its IP address.
o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
- Fix a timing-based assertion failure that could occur when the
circuit out-of-memory handler freed a connection's output buffer.
o Minor features (directory authorities, backport from 0.3.2.2-alpha):
- Remove longclaw's IPv6 address, as it will soon change. Authority
IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
3/8 directory authorities with IPv6 addresses, but there are also
52 fallback directory mirrors with IPv6 addresses.
o Minor features (geoip):
- Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
Country database.
o Minor bugfixes (compilation, backport from 0.3.2.2-alpha):
- Fix a compilation warning when building with zstd support on
32-bit platforms.
o Minor bugfixes (compression, backport from 0.3.2.2-alpha):
- Handle a pathological case when decompressing Zstandard data when
the output buffer size is zero.
o Minor bugfixes (directory authority, backport from 0.3.2.1-alpha):
- Remove the length limit on HTTP status lines that authorities can
send in their replies.
o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
- Avoid a possible double close of a circuit by the intro point on
error of sending the INTRO_ESTABLISHED cell.
o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
- Clear the address when node_get_prim_orport() returns early.
o Minor bugfixes (unit tests, backport from 0.3.2.2-alpha):
- Fix additional channelpadding unit test failures by using mocked
time instead of actual time for all tests.
gRPC is a modern, open source remote procedure call (RPC) framework
that can run anywhere. It enables client and server applications to
communicate transparently, and makes it easier to build connected
systems.
**** 1.13 Oct 18, 2017
Feature IDN query support
Queries for domain names containing non-ASCII characters are
now possible on Unicode platforms using CPAN Net::LibIDN2
Without that change the nmap configure script checks for `lua_isyield'
symbol (appeared on Lua 5.3), and for LUA_VERSION_DEFAULT != 53
(pkgsrc by default set LUA_VERSION_DEFAULT to 52) it will just
silently use its internal version.
Set LUA_VERSIONS_ACCEPTED to 53 to avoid that.
Fix PR pkg/52624 reported by Patrick Mackey.
Bump PKGREVISION.
Twisted 17.9.0:
Features
--------
- twisted.python.failure.Failure is now a new-style class which subclasses
BaseException.
- twisted.internet.posixbase.PosixReactorBase.adoptStreamPort and
twisted.internet.posixbase.PosixReactorBase.adoptStreamConnection now support
AF_UNIX SOCK_STREAM sockets.
-
- t.protocol.policies.TimeoutMixin.setTimeout and
t.protocol.policies.TimeoutProtocol.cancelTimeout (used in
t.protocol.policies.TimeoutFactory) no longer raise a
t.internet.error.AlreadyCancelled exception when calling them for an already
cancelled timeout.
- twisted.web.template.flatten now supports coroutines that yield Deferreds.
- twisted.web.client.HTTPConnectionPool passes the repr() of the endpoint to
the client protocol factory, and the protocol factory adds that to its own
repr(). This makes logs more useful.
- Python 3.6 is now supported
Bugfixes
--------
- twisted.python.logfile.BaseLogFile and subclasses now always open the file in
binary mode, and will process text as UTF-8.
- The `ssl:` endpoint now accepts `certKey` PEM files without trailing
newlines.
- Logger.__init__ sets the namespace to "<unknown>" instead of raising KeyError
when unable to determine the namespace from the calling context.
- twisted.internet._win32serialport updated to support pySerial 3.x and dropped
pySerial 2.x support.
- twisted.python.rebuild now works on Python 3.
- twisted.web.server.Request.notifyFinish will now once again promptly notify
applications of client disconnection (assuming that the client doesn't send a
large amount of pipelined request data) rather than waiting for the timeout;
this fixes a bug introduced in Twisted 16.3.0.
- twisted.web.guard.HTTPAuthSessionWrapper configured with
DigestCredentialFactory now works on both Python 2 and 3.
- Detect when we’re being run using “-m twisted” or “-m twisted.trial” and use
it to build an accurate usage message.
- twisted.protocols.tls.TLSMemoryBIOProtocol now allows unregisterProducer to
be called when no producer is registered, bringing it in line with other
transports.
- twisted.web web servers no longer print tracebacks when they timeout clients
that do not respond to TLS CLOSE_NOTIFY messages.
- twisted.mail.imap4 now works on Python 3.
- twisted.python.shortcut now works on Python 3 in Windows.
- Fix traceback forwarding with inlineCallbacks on python 3.
- twisted.mail.imap4.MessageSet now treats * as larger than every message ID,
leading to more consistent and robust behavior.
- The following plugins can now be used on Python 3 with twistd: dns, inetd,
portforward, procmon, socks, and words.
- twisted.internet._win32serialport now uses serial.serialutil.to_bytes() to
provide bytes in Python 3.
- twisted.internet.reactor.spawnProcess() now does not fail on Python 3 in
Windows if passed a bytes-encoded path argument.
- twisted.protocols.ident now works on Python 3.
- Ignore PyPy's implementation differences in base object class.
- twisted.python.test.test_setup now passes with setuptools 36.2.1
- twisted.internet._win32serialport SerialPort._clearCommError() no longer
raises AttributeError
- twisted.trial.unittest.SynchronousTestCase and
twisted.trial.unittest.TestCase now always run their tearDown methods, even
when a test method fails with an exception. They also flush all errors logged
by a test method before running another, ensuring the logged errors are
associated with their originating test method.
- Updating fast_xml to version 1.1.24.
- Updating p1_utils to version 1.0.10.
- Updating stringprep to version 1.0.10.
- Compatibility with R19.3+
- XEP-0084 (User Avatar) support
Upstream changes:
- support an error response when the account is locked (thanks @sushi514)
- add an environment variable MIKUTTER_CONFROOT
- sweep legacy code
1.51 2017-10-11
- Added the following missing methods for IPv6 lookups to the pure Perl
implementation: name_by_addr_v6, name_by_name_v6, org_by_addr_v6, and
org_by_name_v6. Reported by Earl Killian. GitHub #28.
A native Ruby implementation of the SMB Protocol Family. It currently
supports MS-SMB and MS-SMB2. This library currently include both a
client level, and packet level support. A user can aprse and
manipulate raw SMB packets, or simply use the simple client to perform
SMB operations. See the Wiki for more information on this porject's
long-term goals, style guide, and developer tips.
Patches from Juoni Malinen and Mathy Vanhoef.
Fixes:
- CVE-2017-13077
- CVE-2017-13078
- CVE-2017-13079
- CVE-2017-13080
- CVE-2017-13081
- CVE-2017-13082
- CVE-2017-13086
- CVE-2017-13087
- CVE-2017-13088
Tested by leot, thanks!
Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
Do not reinstall TK to the driver during Reassociation Response frame
processing if the first attempt of setting the TK succeeded. This avoids
issues related to clearing the TX/RX PN that could result in reusing
same PN values for transmitted frames (e.g., due to CCM nonce reuse and
also hitting replay protection on the receiver) and accepting replayed
frames on RX side.
This issue was introduced by the commit
0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
authenticator') which allowed wpa_ft_install_ptk() to be called multiple
times with the same PTK. While the second configuration attempt is
needed with some drivers, it must be done only if the first attempt
failed.
Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
Track the current GTK and IGTK that is in use and when receiving a
(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
not install the given key if it is already in use. This prevents an
attacker from trying to trick the client into resetting or lowering the
sequence counter associated to the group key.
Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
Mode cases
This extends the protection to track last configured GTK/IGTK value
separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
corner case where these two different mechanisms may get used when the
GTK/IGTK has changed and tracking a single value is not sufficient to
detect a possible key reconfiguration.
Subject: [PATCH 4/8] Prevent installation of an all-zero TK
Properly track whether a PTK has already been installed to the driver
and the TK part cleared from memory. This prevents an attacker from
trying to trick the client into installing an all-zero TK.
This fixes the earlier fix in commit
ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
driver in EAPOL-Key 3/4 retry case') which did not take into account
possibility of an extra message 1/4 showing up between retries of
message 3/4.
Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
The Authenticator state machine path for PTK rekeying ended up bypassing
the AUTHENTICATION2 state where a new ANonce is generated when going
directly to the PTKSTART state since there is no need to try to
determine the PMK again in such a case. This is far from ideal since the
new PTK would depend on a new nonce only from the supplicant.
Fix this by generating a new ANonce when moving to the PTKSTART state
for the purpose of starting new 4-way handshake to rekey PTK.
Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
Do not try to reconfigure the same TPK-TK to the driver after it has
been successfully configured. This is an explicit check to avoid issues
related to resetting the TX/RX packet number. There was already a check
for this for TPK M2 (retries of that message are ignored completely), so
that behavior does not get modified.
For TPK M3, the TPK-TK could have been reconfigured, but that was
followed by immediate teardown of the link due to an issue in updating
the STA entry. Furthermore, for TDLS with any real security (i.e.,
ignoring open/WEP), the TPK message exchange is protected on the AP path
and simple replay attacks are not feasible.
As an additional corner case, make sure the local nonce gets updated if
the peer uses a very unlikely "random nonce" of all zeros.
Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
request
Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
Mode Response if WNM-Sleep Mode has not been used') started ignoring the
response when no WNM-Sleep Mode Request had been used during the
association. This can be made tighter by clearing the used flag when
successfully processing a response. This adds an additional layer of
protection against unexpected retransmissions of the response frame.
Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
The driver is expected to not report a second association event without
the station having explicitly request a new association. As such, this
case should not be reachable. However, since reconfiguring the same
pairwise or group keys to the driver could result in nonce reuse issues,
be extra careful here and do an additional state check to avoid this
even if the local driver ends up somehow accepting an unexpected
Reassociation Response frame.
- Revert "Move gdbus-codegen users to py-glib2-tools by including
glib2/buildtools.mk" 1f764df
- while here change to TOOL_DEPENDS
- switch from py-glib2-tools to glib2-tools
3.5.0
Features / Improvements
* Allow 'full_text' param when getting direct messages
* Explicitly return api code when parsing error
* Remove deprecated function and clean up codes
Bug Fixes
* update_status: first positional argument should be 'status'
* Fix "TypeError: Can't convert 'bytes' object to str implicitly"
* Fix duplicate raise in auth.py
This is a regularly scheduled stable release.
Resolved issues:
#4357: Removing paused folders no longer triggers a crash.
#4360: Add further security related HTTP headers
#4375: Improve info level logging in some cases
#4377: Improve GUI tooltips in chromium based browsers
#4382: Hide temporary files on Windows
#4387: Add -device-id command line switch
In addition, failure to upgrade folder markers from file to directory type is
no longer fatal.
Pkgsrc changes:
* None.
Upstream changes:
Features:
* Set trust-anchor-signaling default to yes
* Fix#1440: [dnscrypt] client nonce cache.
* Fix#1435: Please allow UDP to be disabled separately upstream and
downstream.
Bug fixes:
* Fix that looping modules always stop the query, and don't pass
control.
* Fix unbound-host to report error for DNSSEC state of failed lookups.
* Spelling fixes, from Josh Soref.
* Fix#1400: allowing use of global cache on ECS-forwarding unless
always-forward.
* use a cachedb answer even if it's "expired" when serve-expired is yes
(patch from Jinmei Tatuya).
* trigger refetching of the answer in that case (this will bypass
cachedb lookup)
* allow storing a 0-TTL answer from cachedb in the in-memory message
cache when serve-expired is yes
* Fix DNSCACHE_STORE_ZEROTTL to be bigger than 0xffff.
* Log name of looping module
* Fix#1450: Generate again patch contrib/aaaa-filter-iterator.patch
(by Danilo G. Baio).
* Fix param unused warning for windows exportsymbol compile.
* Use RCODE from A query on DNS64 synthesized answer.
* Fix trust-anchor-signaling works in libunbound.
* Fix spelling in unbound-control man page.
Upstream changes:
Quagga 1.2.2
Upstream did not publsh NEWS -- basically bug fixes
Quagga 1.2.1
bug fixes and minor improvements
Quagga 1.2.0
This is a feature release, for testing or more adventurous
users. More conservative users may wish to stay with an older
release. This release contains:
Next-Hop Resolution Protocol support from Timo Teräs
BGP Large Community support, thanks to Job Snijders and Keyur Patel
BGP session establishment reworked, for speed and reliability
BGP route-advertisement timer interval default lowered, to 3s for eBGP and 1s for iBGP.
BGP Connect retries made more aggressive, with lower retry timer and a slower-ramping backoff.
Quagga 1.1.1
bug and security fixes
There is a known regression with IPv6 BGP sessions, see Bugzilla #870.
Quagga 1.1.0
This is a release with a number of new features, and many bug fixes.
Notably:
Greatly improved nexthop resolution for recursive routes. (Cumulus)
Event driven nexthop resolution for BGP (Cumulus)
Route tags support (Piotr Chytła, Packet Consulting)
Transport of TE related metrics over OSPF, IS-IS (Olivier Dugeon, Orange)
IPv6 Multipath for zebra and BGP (Ayan Banerjee, Cumulus)
This release also changed the default of 'link-detect' state,
controlling whether zebra will respond to link-state events and
consider an interface to be down when link is down. To retain
current the behavior save your config before updating, otherwise
remove the 'link-detect' flag from your config prior to
updating. There is also a new global 'default link-detect (on|off)'
flag to configure the global default.
Quagga 1.0.20161017
zebra IPv6 RA and BGP MRT dump security fixes
* Fixed handling RA's from multiple routers
* Fixed changing to a better route based on gateway
* IPv6 default route is now deleted when config is not persistent
* Use hmac(3) if available in libc to reduce binary size
