Update bind914 to 9.14.3 (BIND 9.14.3).
--- 9.14.3 released ---
5244. [security] Fixed a race condition in dns_dispatch_getnext()
that could cause an assertion failure if a
significant number of incoming packets were
rejected. (CVE-2019-6471) [GL #942]
5243. [bug] Fix a possible race between dispatcher and socket
code in a high-load cold-cache resolver scenario.
[GL #943]
5242. [bug] In relaxed qname minimizatiom mode, fall back to
normal resolution when encountering a lame
delegation, and use _.domain/A queries rather
than domain/NS. [GL #1055]
5241. [bug] Fix Ed448 private and public key ASN.1 prefix blobs.
[GL #225]
5240. [bug] Remove key id calculation for RSAMD5. [GL #996]
5238. [bug] Fix a possible deadlock in TCP code. [GL #1046]
5237. [bug] Recurse to find the root server list with 'dig +trace'.
[GL #1028]
5234. [port] arm: just use the compiler's default support for
yield. [GL #981]
Update bind912 to 9.12.4pl2 (BIND 9.12.4-P2).
--- 9.12.4-P2 released ---
5244. [security] Fixed a race condition in dns_dispatch_getnext()
that could cause an assertion failure if a
significant number of incoming packets were
rejected. (CVE-2019-6471) [GL #942]
Update bind911 to 9.11.8 (BIND 9.11.8).
--- 9.11.8 released ---
5244. [security] Fixed a race condition in dns_dispatch_getnext()
that could cause an assertion failure if a
significant number of incoming packets were
rejected. (CVE-2019-6471) [GL #942]
5241. [bug] Fix Ed448 private and public key ASN.1 prefix blobs.
[GL #225]
5237. [bug] Recurse to find the root server list with 'dig +trace'.
[GL #1028]
- fixed bug in tinydns-data with false translation of IPv6|v4 addresses
for MX records.
- fixed bug in dnsip abending while evaluating IPv6 addresses.
- fixed alignment bug in dd.c for dd6 (tx vise).
- fixed bug in dns_nd.c for IPv6; dnsfilter is working now for IPv4 and IPv6
(tx vise).
- dns_ip, dns_mx, dns_txt, and dns_name return now number of answers given
(fehQlibs-12).
- libsodium compatibility checked and verified.
- dns_ip, dns_cname, dns_txt, dns_name and dns_mx
return now the number of DNS answers received
unlike the number of bytes for the given output.
- Added convenience routines for forthcoming s/qmail.
- Added ia4_fmt, ia6_fmt and dns_cname (for *qmail).
- Changed dns_transmit lookup time constants.
Release Notes for Samba 4.10.5
This is a security release in order to address the following defects:
o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server
(dnsserver))
o CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches))
Details
=======
o CVE-2019-12435:
An authenticated user can crash the Samba AD DC's RPC server process via a
NULL pointer dereference.
o CVE-2019-12436:
An user with read access to the directory can cause a NULL pointer
dereference using the paged search control.
For more details and workarounds, please refer to the security advisories.
stagit generates .gph geomyidae pages for a Git repository, and
supports the following features:
- Log of all commits from HEAD.
- Log and diffstat per commit.
- Show file tree with line numbers.
- Show references: local branches and tags.
- Detect README and LICENSE file from HEAD and link it as a page.
- Detect submodules (.gitmodules file) from HEAD and link it as a page.
- Atom feed log (atom.xml).
- Make index page for multiple repositories with stagit-gopher-index.
- After generating the pages (relatively slow) serving the files is very fast,
simple and requires little resources (because the content is static), only
a geomyidae Gopher server is required.
In RT 4 when edit_ticket() is invoked but the ticket is not modified an empty
response is sent. Gracefully treat it as a successfull operation.
PKGREVISION++
SFTP stands for SSH File Transfer Protocol and is a method of
transferring files between machines over a secure, encrypted
connection (as opposed to regular FTP, which functions over an
insecure connection). The security in SFTP comes through its
integration with SSH, which provides an encrypted transport layer over
which the SFTP commands are executed.
Net::SFTP::Foreign is a Perl client for the SFTP version 3 as
defined in the SSH File Transfer Protocol IETF draft, which can be
found at http://www.openssh.org/txt/draft-ietf-secsh-filexfer-02.txt
This implementation uses an external OpenSSH-compatible program.
Packaged in wip by Angel M. Adames.
Upstream changes:
Features
- add type CAA to libpyunbound (accessing libunbound from python).
- Fix#17: Add python module example from Jan Janak, that is a
plugin for the Unbound DNS resolver to resolve DNS records in
multicast DNS [RFC 6762] via Avahi. The plugin communicates
with Avahi via DBus. The comment section at the beginning of
the file contains detailed documentation.
- travis build file.
- PR #16: XoT support, AXFR over TLS, turn it on with
master: <ip>#<authname> in unbound.conf. This uses TLS to
download the AXFR (or IXFR).
Bug Fixes
- Fix for #4233: guard use of NDEBUG, so that it can be passed in
CFLAGS into configure.
- Add log message, at verbosity 4, that says the query is encrypted
with TLS, if that is enabled for the query.
- Fix#4239: set NOTIMPL when deny-any is enabled, for RFC8482.
- Fix#4240: Fix whitespace cleanup in example.conf.
- Fix that tls-session-ticket-keys: "" on its own in unbound.conf
disables the tls session ticker key calls into the OpenSSL API.
- Fix crash if tls-servic-pem not filled in when necessary.
- Fix auth-zone NSEC3 response for empty nonterminals with exact
match nsec3 records.
- Fix for out of bounds integers, thanks to OSTIF audit. It is in
allocation debug code.
- Fix for auth zone nsec3 ent fix for wildcard nodata.
- Move goto label in answer_from_cache to the end of the function
where it is more visible.
- Fix auth-zone NSEC3 response for wildcard nodata answers,
include the closest encloser in the answer.
- Fix spelling error in log output for event method.
- Fix to reinit event structure for accepted TCP (and TLS) sockets.
- Fix to use event_assign with libevent for thread-safety.
- verbose information about auth zone lookup process, also lookup
start, timeout and fail.
- Fix to wipe ssl ticket keys from memory with explicit_bzero,
if available.
- Fix that auth zone uses correct network type for sockets for
SOA serial probes. This fixes that probes fail because earlier
probe addresses are unreachable.
- Fix that auth zone fails over to next master for timeout in tcp.
- Squelch SSL read and write connection reset by peer and broken pipe
messages. Verbosity 2 and higher enables them.
- Update python documentation for init_standard().
- Typos.
- Fix tls write event for read state change to re-call SSL_write and
not resume the TLS handshake.
- Better braces in if statement in TCP fastopen code.
- iana portlist updated.
- Scrub RRs from answer section when reusing NXDOMAIN message for
subdomain answers.
- For harden-below-nxdomain: do not consider a name to be non-exitent
when message contains a CNAME record.
- Fix wrong query name in local zone redirect answers with a CNAME,
the copy of the local alias is in unpacked form.
- contrib/fastrpz.patch updated for code changes, and with git diff.
- Fix#29: Solaris 11.3 and missing symbols be64toh, htobe64.
- Fix#30: AddressSanitizer finding in lookup3.c. This sets the
hash function to use a slower but better auditable code that does
not read beyond array boundaries. This makes code better security
checkable, and is better for security. It is fixed to be slower,
but not read outside of the array.
- Fix edns-subnet locks, in error cases the lock was not unlocked.
- Fix doxygen output error on readme markdown vignettes.
- Squelch log messages from tcp send about connection reset by peer.
They can be enabled with verbosity at higher values for diagnosing
network connectivity issues.
- Attempt to fix malformed tcp response.
- Fix#31: swig 4.0 and python module.
- Note that so-reuseport at extreme load is better turned off,
otherwise queries are not distributed evenly, on Linux 4.4.x.
- Fix that spoolbuf is not used to store tcp pipelined response
between mesh send and callback end.
- Fix double file close in tcp pipelined response code.
- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
- Fix to guard _OPENBSD_SOURCE from redefinition.
- Fix that fixes the Fix that spoolbuf is not used to store tcp
pipelined response between mesh send and callback end, this fixes
error cases that did not use the correct spoolbuf.
- Fix that fixes the Fix that spoolbuf is not used to store tcp
pipelined response between mesh send and callback end, this fixes
error cases that did not use the correct spoolbuf.
- Fix another spoolbuf storage code point, in prefetch.
pkgsrc changes:
- remove patch for totoridipjp (removed in upstream too)
- remove patch for upstream ticket #1323 (integrated in 3.9)
Upstream changes (from "new features of mikutter 3.9"):
* Mastodon plugin
* Support for UI scaling
* World account can be assigned to shortcut key
* Reorder World accounts
* Non-PNG image support for Skin
* Generic Model viewer
* Quick Step
* PulseAudio
* Reorgenize gem dependencies
Upstream pull request log:
https://github.com/twitter/twitter-text/pull/265
* New v3.json config file with emojiParsingEnabled config option. When
true, twitter-text will parse and discount emoji supported by the
twemoji library (see https://github.com/twitter/twemoji). The length
of these emoji will be the default weight (200 or two characters) even
if they contain multiple code points combined by zero-width
joiners. This means that emoji with skin tone and gender modifiers no
longer count as more characters than those without such modifiers.
All 4 implementations updated to reflect this change in counting.
* Updates known gTLDs to recognize recent additions by IANA (#261)
Upstream changes (from CHANGELOG.md):
# Addressable 2.6.0
- added `tld=` method to allow assignment to the public suffix
- most `heuristic_parse` patterns are now case-insensitive
- `heuristic_parse` handles more `file://` URI variations
- fixes bug in `heuristic_parse` when uri starts with digit
- fixes bug in `request_uri=` with query strings
- fixes template issues with `nil` and `?` operator
- `frozen_string_literal` pragmas added
- minor performance improvements in regexps
- fixes to eliminate warnings
Changes:
2.12.0
------
## Features
* Add `hub pr show [<number>]` command to open a pull request in the browser
* Add `hub api --paginate` option to automatically fetch all pages of results
* Add `hub pull-request --no-maintainer-edits` flag to disallow project
maintainers being able to push to your branch
* `hub issue -M` can now accept milestone names instead of just numbers
* Abort `hub pull-request` with a helpful error message if the current branch
wasn't pushed to a git remote
* Drop support for legacy `hub.http-clone` git config value
## Fixes
* Fix querying git configuration when GIT_TRACE is used
* Support detached HEAD if `hub pull-request --head` was passed
* Fix newline in `hub create` error message
* Ensure HTTP connection reuse across API calls
1.16.178
api-change:guardduty: Update guardduty command to latest version
api-change:appmesh: Update appmesh command to latest version
api-change:elasticache: Update elasticache command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.177
api-change:servicecatalog: Update servicecatalog command to latest version
1.16.176
api-change:sagemaker: Update sagemaker command to latest version
1.16.175
api-change:personalize-runtime: Update personalize-runtime command to latest version
api-change:codecommit: Update codecommit command to latest version
api-change:personalize: Update personalize command to latest version
api-change:personalize-events: Update personalize-events command to latest version
api-change:codebuild: Update codebuild command to latest version
1.16.174
api-change:ec2: Update ec2 command to latest version
1.16.173
api-change:ecs: Update ecs command to latest version
api-change:dynamodb: Update dynamodb command to latest version
api-change:logs: Update logs command to latest version
api-change:ssm: Update ssm command to latest version
api-change:guardduty: Update guardduty command to latest version
api-change:mediaconnect: Update mediaconnect command to latest version
api-change:organizations: Update organizations command to latest version
api-change:ses: Update ses command to latest version
1.16.172
api-change:glue: Update glue command to latest version
1.16.171
api-change:storagegateway: Update storagegateway command to latest version
api-change:iam: Update iam command to latest version
api-change:s3: Update s3 command to latest version
api-change:elasticache: Update elasticache command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.170
api-change:rds: Update rds command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.169
api-change:iotanalytics: Update iotanalytics command to latest version
api-change:rds: Update rds command to latest version
api-change:iotevents-data: Update iotevents-data command to latest version
api-change:codecommit: Update codecommit command to latest version
api-change:rds-data: Update rds-data command to latest version
api-change:kafka: Update kafka command to latest version
api-change:pinpoint-email: Update pinpoint-email command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version
api-change:iotevents: Update iotevents command to latest version
1.16.168
api-change:dlm: Update dlm command to latest version
api-change:securityhub: Update securityhub command to latest version
api-change:ssm: Update ssm command to latest version
api-change:rds: Update rds command to latest version
api-change:iotthingsgraph: Update iotthingsgraph command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.167
api-change:robomaker: Update robomaker command to latest version
api-change:transcribe: Update transcribe command to latest version
api-change:storagegateway: Update storagegateway command to latest version
api-change:rds: Update rds command to latest version
api-change:groundstation: Update groundstation command to latest version
api-change:sts: Update sts command to latest version
api-change:pinpoint-email: Update pinpoint-email command to latest version
api-change:waf: Update waf command to latest version
api-change:chime: Update chime command to latest version
1.16.166
api-change:codedeploy: Update codedeploy command to latest version
api-change:mediastore-data: Update mediastore-data command to latest version
api-change:opsworkscm: Update opsworkscm command to latest version
1.16.165
api-change:ec2: Update ec2 command to latest version
api-change:waf-regional: Update waf-regional command to latest version
1.16.164
api-change:apigateway: Update apigateway command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:budgets: Update budgets command to latest version
api-change:efs: Update efs command to latest version
api-change:devicefarm: Update devicefarm command to latest version
api-change:worklink: Update worklink command to latest version
api-change:rds: Update rds command to latest version
1.16.163
api-change:alexaforbusiness: Update alexaforbusiness command to latest version
api-change:datasync: Update datasync command to latest version
1.16.162
api-change:kafka: Update kafka command to latest version
api-change:mediapackage-vod: Update mediapackage-vod command to latest version
api-change:meteringmarketplace: Update meteringmarketplace command to latest version
1.16.161
api-change:appstream: Update appstream command to latest version
1.16.160
api-change:medialive: Update medialive command to latest version
api-change:s3: Update s3 command to latest version
1.16.159
api-change:ec2: Update ec2 command to latest version
api-change:codepipeline: Update codepipeline command to latest version
api-change:rds: Update rds command to latest version
api-change:transcribe: Update transcribe command to latest version
api-change:mediapackage: Update mediapackage command to latest version
1.16.158
api-change:storagegateway: Update storagegateway command to latest version
api-change:comprehend: Update comprehend command to latest version
api-change:chime: Update chime command to latest version
api-change:ec2: Update ec2 command to latest version
1.16.157
api-change:datasync: Update datasync command to latest version
api-change:lambda: Update lambda command to latest version
api-change:iotanalytics: Update iotanalytics command to latest version
1.16.156
api-change:glue: Update glue command to latest version
api-change:sts: Update sts command to latest version
1.16.155
api-change:sagemaker: Update sagemaker command to latest version
api-change:kinesisanalytics: Update kinesisanalytics command to latest version
api-change:eks: Update eks command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version
api-change:kinesisanalyticsv2: Update kinesisanalyticsv2 command to latest version
1.16.154
api-change:alexaforbusiness: Update alexaforbusiness command to latest version
api-change:storagegateway: Update storagegateway command to latest version
api-change:ssm: Update ssm command to latest version
api-change:appsync: Update appsync command to latest version
1.9.168
api-change:appmesh: [botocore] Update appmesh client to latest version
api-change:elasticache: [botocore] Update elasticache client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:guardduty: [botocore] Update guardduty client to latest version
1.9.167
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
1.9.166
api-change:sagemaker: [botocore] Update sagemaker client to latest version
1.9.165
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:personalize-runtime: [botocore] Update personalize-runtime client to latest version
api-change:codecommit: [botocore] Update codecommit client to latest version
api-change:personalize-events: [botocore] Update personalize-events client to latest version
api-change:personalize: [botocore] Update personalize client to latest version
1.9.164
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.163
api-change:ecs: [botocore] Update ecs client to latest version
api-change:organizations: [botocore] Update organizations client to latest version
api-change:logs: [botocore] Update logs client to latest version
api-change:dynamodb: [botocore] Update dynamodb client to latest version
api-change:guardduty: [botocore] Update guardduty client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
api-change:ses: [botocore] Update ses client to latest version
api-change:mediaconnect: [botocore] Update mediaconnect client to latest version
1.9.162
api-change:glue: [botocore] Update glue client to latest version
1.9.161
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
api-change:s3: [botocore] Update s3 client to latest version
api-change:elasticache: [botocore] Update elasticache client to latest version
api-change:iam: [botocore] Update iam client to latest version
1.9.160
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:rds: [botocore] Update rds client to latest version
1.9.159
api-change:iotevents-data: [botocore] Update iotevents-data client to latest version
api-change:iotevents: [botocore] Update iotevents client to latest version
api-change:pinpoint-email: [botocore] Update pinpoint-email client to latest version
api-change:iotanalytics: [botocore] Update iotanalytics client to latest version
api-change:codecommit: [botocore] Update codecommit client to latest version
api-change:rds-data: [botocore] Update rds-data client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
api-change:kafka: [botocore] Update kafka client to latest version
1.9.158
api-change:ssm: [botocore] Update ssm client to latest version
api-change:securityhub: [botocore] Update securityhub client to latest version
api-change:iotthingsgraph: [botocore] Update iotthingsgraph client to latest version
api-change:dlm: [botocore] Update dlm client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.157
api-change:groundstation: [botocore] Update groundstation client to latest version
api-change:transcribe: [botocore] Update transcribe client to latest version
api-change:chime: [botocore] Update chime client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:waf: [botocore] Update waf client to latest version
api-change:pinpoint-email: [botocore] Update pinpoint-email client to latest version
api-change:robomaker: [botocore] Update robomaker client to latest version
api-change:sts: [botocore] Update sts client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
1.9.156
api-change:mediastore-data: [botocore] Update mediastore-data client to latest version
api-change:codedeploy: [botocore] Update codedeploy client to latest version
api-change:opsworkscm: [botocore] Update opsworkscm client to latest version
1.9.155
api-change:waf-regional: [botocore] Update waf-regional client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.154
api-change:efs: [botocore] Update efs client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:apigateway: [botocore] Update apigateway client to latest version
api-change:worklink: [botocore] Update worklink client to latest version
api-change:rds: [botocore] Update rds client to latest version
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
api-change:devicefarm: [botocore] Update devicefarm client to latest version
api-change:budgets: [botocore] Update budgets client to latest version
1.9.153
api-change:datasync: [botocore] Update datasync client to latest version
api-change:alexaforbusiness: [botocore] Update alexaforbusiness client to latest version
1.9.152
api-change:kafka: [botocore] Update kafka client to latest version
api-change:meteringmarketplace: [botocore] Update meteringmarketplace client to latest version
api-change:mediapackage-vod: [botocore] Update mediapackage-vod client to latest version
1.9.151
api-change:appstream: [botocore] Update appstream client to latest version
1.9.150
api-change:medialive: [botocore] Update medialive client to latest version
api-change:s3: [botocore] Update s3 client to latest version
1.9.149
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:transcribe: [botocore] Update transcribe client to latest version
api-change:mediapackage: [botocore] Update mediapackage client to latest version
api-change:codepipeline: [botocore] Update codepipeline client to latest version
enhancement:Environment Variables: [botocore] Ignore env var credentials is values are empty
api-change:rds: [botocore] Update rds client to latest version
1.9.148
api-change:comprehend: [botocore] Update comprehend client to latest version
api-change:chime: [botocore] Update chime client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.9.147
api-change:datasync: [botocore] Update datasync client to latest version
api-change:iotanalytics: [botocore] Update iotanalytics client to latest version
api-change:lambda: [botocore] Update lambda client to latest version
1.9.146
api-change:glue: [botocore] Update glue client to latest version
api-change:sts: [botocore] Update sts client to latest version
1.9.145
api-change:servicecatalog: [botocore] Update servicecatalog client to latest version
api-change:eks: [botocore] Update eks client to latest version
api-change:sagemaker: [botocore] Update sagemaker client to latest version
api-change:kinesisanalytics: [botocore] Update kinesisanalytics client to latest version
api-change:kinesisanalyticsv2: [botocore] Update kinesisanalyticsv2 client to latest version
1.9.144
api-change:appsync: [botocore] Update appsync client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
api-change:alexaforbusiness: [botocore] Update alexaforbusiness client to latest version
1.12.168
api-change:appmesh: Update appmesh client to latest version
api-change:elasticache: Update elasticache client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:guardduty: Update guardduty client to latest version
1.12.167
api-change:servicecatalog: Update servicecatalog client to latest version
1.12.166
api-change:sagemaker: Update sagemaker client to latest version
1.12.165
api-change:codebuild: Update codebuild client to latest version
api-change:personalize-runtime: Update personalize-runtime client to latest version
api-change:codecommit: Update codecommit client to latest version
api-change:personalize-events: Update personalize-events client to latest version
api-change:personalize: Update personalize client to latest version
1.12.164
api-change:ec2: Update ec2 client to latest version
1.12.163
api-change:ecs: Update ecs client to latest version
api-change:organizations: Update organizations client to latest version
api-change:logs: Update logs client to latest version
api-change:dynamodb: Update dynamodb client to latest version
api-change:guardduty: Update guardduty client to latest version
api-change:ssm: Update ssm client to latest version
api-change:ses: Update ses client to latest version
api-change:mediaconnect: Update mediaconnect client to latest version
1.12.162
api-change:glue: Update glue client to latest version
1.12.161
api-change:ec2: Update ec2 client to latest version
api-change:storagegateway: Update storagegateway client to latest version
api-change:s3: Update s3 client to latest version
api-change:elasticache: Update elasticache client to latest version
api-change:iam: Update iam client to latest version
1.12.160
api-change:ec2: Update ec2 client to latest version
api-change:rds: Update rds client to latest version
1.12.159
api-change:iotevents-data: Update iotevents-data client to latest version
api-change:iotevents: Update iotevents client to latest version
api-change:pinpoint-email: Update pinpoint-email client to latest version
api-change:iotanalytics: Update iotanalytics client to latest version
api-change:codecommit: Update codecommit client to latest version
api-change:rds-data: Update rds-data client to latest version
api-change:rds: Update rds client to latest version
api-change:servicecatalog: Update servicecatalog client to latest version
api-change:kafka: Update kafka client to latest version
1.12.158
api-change:ssm: Update ssm client to latest version
api-change:securityhub: Update securityhub client to latest version
api-change:iotthingsgraph: Update iotthingsgraph client to latest version
api-change:dlm: Update dlm client to latest version
api-change:rds: Update rds client to latest version
api-change:ec2: Update ec2 client to latest version
1.12.157
api-change:groundstation: Update groundstation client to latest version
api-change:transcribe: Update transcribe client to latest version
api-change:chime: Update chime client to latest version
api-change:rds: Update rds client to latest version
api-change:waf: Update waf client to latest version
api-change:pinpoint-email: Update pinpoint-email client to latest version
api-change:robomaker: Update robomaker client to latest version
api-change:sts: Update sts client to latest version
api-change:storagegateway: Update storagegateway client to latest version
1.12.156
api-change:mediastore-data: Update mediastore-data client to latest version
api-change:codedeploy: Update codedeploy client to latest version
api-change:opsworkscm: Update opsworkscm client to latest version
1.12.155
api-change:waf-regional: Update waf-regional client to latest version
api-change:ec2: Update ec2 client to latest version
1.12.154
api-change:efs: Update efs client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:apigateway: Update apigateway client to latest version
api-change:worklink: Update worklink client to latest version
api-change:rds: Update rds client to latest version
api-change:servicecatalog: Update servicecatalog client to latest version
api-change:devicefarm: Update devicefarm client to latest version
api-change:budgets: Update budgets client to latest version
1.12.153
api-change:datasync: Update datasync client to latest version
api-change:alexaforbusiness: Update alexaforbusiness client to latest version
1.12.152
api-change:kafka: Update kafka client to latest version
api-change:meteringmarketplace: Update meteringmarketplace client to latest version
api-change:mediapackage-vod: Update mediapackage-vod client to latest version
1.12.151
api-change:appstream: Update appstream client to latest version
1.12.150
api-change:medialive: Update medialive client to latest version
api-change:s3: Update s3 client to latest version
1.12.149
api-change:ec2: Update ec2 client to latest version
api-change:transcribe: Update transcribe client to latest version
api-change:mediapackage: Update mediapackage client to latest version
api-change:codepipeline: Update codepipeline client to latest version
enhancement:Environment Variables: Ignore env var credentials is values are empty
api-change:rds: Update rds client to latest version
1.12.148
api-change:comprehend: Update comprehend client to latest version
api-change:chime: Update chime client to latest version
api-change:storagegateway: Update storagegateway client to latest version
api-change:ec2: Update ec2 client to latest version
1.12.147
api-change:datasync: Update datasync client to latest version
api-change:iotanalytics: Update iotanalytics client to latest version
api-change:lambda: Update lambda client to latest version
1.12.146
api-change:glue: Update glue client to latest version
api-change:sts: Update sts client to latest version
1.12.145
api-change:servicecatalog: Update servicecatalog client to latest version
api-change:eks: Update eks client to latest version
api-change:sagemaker: Update sagemaker client to latest version
api-change:kinesisanalytics: Update kinesisanalytics client to latest version
api-change:kinesisanalyticsv2: Update kinesisanalyticsv2 client to latest version
1.12.144
api-change:appsync: Update appsync client to latest version
api-change:storagegateway: Update storagegateway client to latest version
api-change:ssm: Update ssm client to latest version
api-change:alexaforbusiness: Update alexaforbusiness client to latest version
Changelog:
Knot DNS 2.8.2 (2019-06-05)
===========================
Features:
---------
- New blocking mode for zone event triggers in knotc
- New weighted records mode in the module geoip (Thanks to Conrad Hoffmann)
- Module noudp allows UDP allow rate configuration
Improvements:
-------------
- NSEC3 salt lifetime can be set to infinity
- New 'running' zone event status in the knotc output
- Knotc in the forced mode returns failure also if zone check emits any warning
- Ignoring PMTU information for IPv4/UDP via IP_PMTUDISC_OMIT (Thanks to Daisuke Higashi)
- Various improvements in the documentation
Bugfixes:
---------
- Broken setting of CPU affinity for UDP workers
- Unexpected results with the geoip subnet mode
- Sometimes insufficient zone adjusting
- Incoherent DNSKEY RRSIG lifetimes in SKR
- Confusing output from keymgr if an error occurs during KSR generation
- Non-functional changeset history depth limitation in kjournalprint
- Wrong processing of multiple $INCLUDE directives #646
Changelog:
4.2.0
================
FEATURES:
- Print IP address when bind socket fails with error.
- Fix#4249: The option hide-identity: yes stops NSD from responding
with the hostname for chaos class queries. Implements the RFC4829
security considerations.
- Patch to add support for TCP Fast Open, from Sara
Dickinson (Sinodun).
- Patch to add support for tls service on a specified tls port,
from Sara Dickinson (Sinodun).
- Use travis for build check, initial unit test and clang analysis.
BUG FIXES:
- Fix to delete unused zparser.default_apex member.
- Fix that the TLS handshake routine sets the correct event to
continue when done.
- Fix that TLS renegotiation calls the read and write routines again
with the same parameters when the desired event has been satisfied.
- Fix that TCP Fastopen has better error message and supports OSX.
- Fix to avoid buffer alloc with global buffer in tls write handler.
- Fix to initialize event structure when accepting TCP connection.
- Disable TLS1.0, TLS1.1 and weak ciphers, enable
CIPHER_SERVER_PREFERENCE, patch from Andreas Schulze.
- further setup ssl ctx after the keys are loaded, for ECDH.
- TLS OCSP stapling support, enabled with tls-service-ocsp: filename,
patch from Andreas Schulze.
- Fix#10: Fix memory leaks caused by duplicate rr and include
instructions.
- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
4.1.27
================
FEATURES:
- Deny ANY with only one RR in response, by default. Patch from
Daisuke Higashi. The deny-any statement in nsd.conf sets ANY
queries over UDP to be further moved to TCP as well.
Also no additional section processing for type ANY, reducing
the response size.
- Fix#4215: on-the-fly change of TSIG keys with patch from Igor, adds
nsd-control print_tsig, update_tsig, add_tsig, assoc_tsig
and del_tsig. These changes are gone after reload, edit the
config file (or a file included from it) to make changes that
last after restart.
BUG FIXES:
- Fix#4213: disable-ipv6 and dnstap compile error.
- Fix to reduce region_log_stats if condition, this removes a
debug statement.
- Fix for FreeBSD port with dnstap enabled.
- Fix to remove unused code.
- Fix#6: nsd-control-setup: Change validity time to a shorter
period (<2038).
- Fix unused definition in header remote.h.
- Fix#4236: IPV4_MINIMAL_RESPONSE_SIZE=1480 is slightly too big.
- Fix#4235: IP_PMTUDISC_OMIT on IPv4/UDP sockets.
- Fixed radtree_insert memory leak.
- Fixed access recycled variable.
1.8.20
- BUG/MAJOR: listener: Make sure the listener exist before using it.
- BUG/MINOR: listener: keep accept rate counters accurate under saturation
- BUG/MEDIUM: logs: Only attempt to free startup_logs once.
- BUG/MEDIUM: 51d: fix possible segfault on deinit_51degrees()
- BUG/MINOR: ssl: fix warning about ssl-min/max-ver support
- MEDIUM: threads: Use __ATOMIC_SEQ_CST when using the newer atomic API.
- BUG/MEDIUM: threads/fd: do not forget to take into account epoll_fd/pipes
- BUG/MAJOR: spoe: Fix initialization of thread-dependent fields
- BUG/MAJOR: stats: Fix how huge POST data are read from the channel
- BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts
- BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites
- DOC: The option httplog is no longer valid in a backend.
- BUG/MAJOR: checks: segfault during tcpcheck_main
- BUILD: makefile: work around an old bug in GNU make-3.80
- MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf()
- BUILD: makefile: fix build of IPv6 header on aix51
- BUILD: makefile: add _LINUX_SOURCE_COMPAT to build on AIX-51
- BUILD: Makefile: disable shared cache on AIX 5.1
- BUG/MINOR: cli: correctly handle abns in 'show cli sockets'
- MINOR: cli: start addresses by a prefix in 'show cli sockets'
- BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on release.
- BUILD: use inttypes.h instead of stdint.h
- BUILD: connection: fix naming of ip_v field
- BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity
- BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the stream
- BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented messages
- BUG/MINOR: threads: fix the process range of thread masks
- MINOR: lists: Implement locked variations.
- BUG/MEDIUM: lists: Properly handle the case we're removing the first elt.
- BUG/MEDIUM: list: fix the rollback on addq in the locked liss
- BUG/MEDIUM: list: fix LIST_POP_LOCKED's removal of the last pointer
- BUG/MEDIUM: list: add missing store barriers when updating elements and head
- MINOR: list: make the delete and pop operations idempotent
- BUG/MEDIUM: list: correct fix for LIST_POP_LOCKED's removal of last element
- BUG/MEDIUM: list: fix again LIST_ADDQ_LOCKED
- BUG/MEDIUM: list: fix incorrect pointer unlocking in LIST_DEL_LOCKED()
- MAJOR: listener: do not hold the listener lock in listener_accept()
- BUG/MEDIUM: listener: use a self-locked list for the dequeue lists
- BUG/MEDIUM: listener: make sure the listener never accepts too many conns
- BUILD/MINOR: listener: Silent a few signedness warnings.
- MINOR: skip get_gmtime where tm is unused
- BUG/MAJOR: http_fetch: Get the channel depending on the keyword used
- BUG/MEDIUM: maps: only try to parse the default value when it's present
- BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR
- BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP rules
- BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
- BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
- BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet handler
1.8.19
- DOC: ssl: Clarify when pre TLSv1.3 cipher can be used
- DOC: ssl: Stop documenting ciphers example to use
- BUG/MINOR: spoe: do not assume agent->rt is valid on exit
- BUG/MINOR: lua: initialize the correct idle conn lists for the SSL sockets
- BUG/MEDIUM: spoe: initialization depending on nbthread must be done last
- BUG/MEDIUM: server: initialize the idle conns list after parsing the config
- BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck
- BUG/MAJOR: stream: avoid double free on unique_id
- BUG/MINOR: config: Reinforce validity check when a process number is parsed
1.8.18
- DOC: http-request cache-use / http-response cache-store expects cache name
- BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key
- BUG/MEDIUM: ssl: Disable anti-replay protection and set max data with 0RTT.
- DOC: Be a bit more explicit about allow-0rtt security implications.
- BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file
- BUG/MINOR: backend: don't use url_param_name as a hint for BE_LB_ALGO_PH
- BUG/MINOR: backend: balance uri specific options were lost across defaults
- BUG/MINOR: backend: BE_LB_LKUP_CHTREE is a value, not a bit
- BUG/MINOR: stick_table: Prevent conn_cur from underflowing
- BUG/MINOR: server: don't always trust srv_check_health when loading a server state
- BUG/MINOR: check: Wake the check task if the check is finished in wake_srv_chk()
- BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages
- DOC: mention the effect of nf_conntrack_tcp_loose on src/dst
- MINOR: h2: add a bit-based frame type representation
- MINOR: h2: declare new sets of frame types
- BUG/MINOR: mux-h2: CONTINUATION in closed state must always return GOAWAY
- BUG/MINOR: mux-h2: headers-type frames in HREM are always a connection error
- BUG/MINOR: mux-h2: make it possible to set the error code on an already closed stream
- BUG/MINOR: hpack: return a compression error on invalid table size updates
- DOC: nbthread is no longer experimental.
- BUG/MINOR: spoe: corrected fragmentation string size
- BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit
- SCRIPTS: add the slack channel URL to the announce script
- SCRIPTS: add the issue tracker URL to the announce script
- BUG/MINOR: stream: don't close the front connection when facing a backend error
- MINOR: xref: Add missing barriers.
- BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window update
- BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions
- BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams
- BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing the connection
- MINOR: stream-int: expand the flags to 32-bit
- MINOR: stream-int: add a new flag to mention that we want the connection to be killed
- MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection
- BUG/MEDIUM: mux-h2: do not close the connection on aborted streams
- BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free().
- BUG/MINOR: config: fix bind line thread mask validation
- BUG/MAJOR: config: verify that targets of track-sc and stick rules are present
- BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes
- BUG/MINOR: config: make sure to count the error on incorrect track-sc/stick rules
pkgsrc changes:
- Add options.mk in order to be able to select between `gnutls' and
`openssl'. However, no defaults are changed: `openssl' is
considered experimental by upstream at the moment.
- Remove dependency to mozilla-rootcerts (default gnutls/openssl
certificates are now honored instead, should be part of
Makefile,-r1.41 commit, sorry!)
Changes:
2.60.3
======
- Fix clobbering of the thread-default main context after certificate
verification failure during async handshakes since 2.60.1 (#85)
- Fix GTlsDatabase initialization failures in OpenSSL backend due to
uninitialized memory use
- Fix minor leak of ALPN protocols
2.60.2
======
- OpenSSL backend now defaults to system trust store (#62)
- Fix client auth failure error with GnuTLS 3.6.7 (#70)
As of version 3.41, Filezilla now requires 64-bit atomic integer ops,
handle accordingly. (XXX: Filezilla will presumably also break on other
architectures as a result, e.g. macppc.)
