9.18.16 (2023-06-21)
Security release:
- CVE-2023-2828
- CVE-2023-2911
6192. [security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
6188. [performance] Reduce memory consumption by allocating properly
sized send buffers for stream-based transports.
[GL #4038]
6186. [bug] Fix a 'clients-per-query' miscalculation bug. When the
'stale-answer-enable' options was enabled and the
'stale-answer-client-timeout' option was enabled and
larger than 0, named was taking two places from the
'clients-per-query' limit for each client and was
failing to gradually auto-tune its value, as configured.
[GL #4074]
6185. [func] Add "ClientQuota" statistics channel counter, which
indicates the number of the resolver's spilled queries
due to reaching the clients per query quota. [GL !7978]
6183. [bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
6182. [cleanup] Remove configure checks for epoll, kqueue and
/dev/poll. [GL #4098]
6181. [func] The "tkey-dhkey" option has been deprecated; a
warning will be logged when it is used. In a future
release, Diffie-Hellman TKEY mode will be removed.
[GL #3905]
6180. [bug] The session key object could be incorrectly added
to multiple different views' keyrings. [GL #4079]
6179. [bug] Fix an interfacemgr use-after-free error in
zoneconf.c:isself(). [GL #3765]
6176. [test] Add support for using pytest & pytest-xdist to
execute the system test suite. [GL #3978]
6174. [bug] BIND could get stuck on reconfiguration when a
'listen' statement for HTTP is removed from the
configuration. That has been fixed. [GL #4071]
6173. [bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
6165. [bug] Fix a logic error in dighost.c which could call the
dighost_shutdown() callback twice and cause problems
if the callback function was not idempotent. [GL #4039]
pkgsrc change: reduce pkglint warnings.
9.16.42 (2023-06-21)
Security release:
- CVE-2023-2828
- CVE-2023-2911
6192. [security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
6183. [bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
6173. [bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
Lexicon v3.12.0
Added
Add duckdns provider (experimental support)
Add dnsservices provider
Add flexibleengine provider
Official support for Python 3.11
Modified
Upgrade API version used for azure provider
Various fixes for documentation
Fix check for extra dependencies
2022-12-24: Ver 0.3-9
* Replace "sprintf()" in C.
* Replace some ".pbd_env" from function arguments.
* Add suppress messages to demo.
2022-10-16: Ver 0.3-8
* Fix "strict-types" and "deprecated-non-prototype" warnings.
* Fix "if() conditions comparing class() to string".
2022-02-04: Ver 0.3-7
* Make a copy of './inst/zmq_copyright/*' to './src/zmqsrc'.
* Add ZeroMQ authors to DESCRIPTION file.
2021-10-25: Ver 0.3-6
* Change configure.ac for autoconf-2.71
* Change tests to local in-process (inter-thread) communication transport
"zmq_inproc".
2021-04-17: Ver 0.3-6
* Check and add "libzmq>=4.3.0" and "-DENABLE_DRAFTS=ON" options.
* Add more ZMQ socket options up to libzmq 4.3.4 (may not stable).
2021-02-27: Ver 0.3-6
* Add more ZMQ socket options.
* Add timeout for connection in tests.
2021-02-09: Ver 0.3-5
* Update "conf.sub" and "conf.guess" from CRAN.
2020-12-13: Ver 0.3-4
* Change "http://" to "https://".
2020-09-07: Ver 0.3-4
* Fix warning 'char* strncpy(char*, const char*, size_t)' output truncated
due to "-Werror=stringop-truncation" by gcc 8.3.1
* Fix a "buf[1]" in zmq.send() call in "R_zmq_sendrecv.r"
2019-07-27: Ver 0.3-4
* For osx, change "install.libs.R" and "zzz.r.in" for staged installation.
2019-07-10: Ver 0.3-4
* Roll back to (R >= 3.5.0).
* Change detection of ZeroMQ library version to "4.2.2" from "4.0.4".
* Roll detection of ZeroMQ library version to "4.0.4".
* Block ZeroMQ library version "4.1.6".
2019-05-03: Ver 0.3-4
* Add "StagedInstall: FALSE" to DESCRIPTION to turn off WARNING in macos.
2019-04-26: Ver 0.3-4
* Revmoe "^M" from "src/zmqsrc/src/condition_variable.hpp".
2019-04-01: Ver 0.3-4
* Support REQ/REP sockets in sendfile/recvfile functions.
2019-02-18: Ver 0.3-4
* Add "R/R_zmq_transfers.r" for transferfing files and directories.
* Add importFrom utils for zip and unzip.
* Remove "-Werror" from "src/zmqsrc/configure" to pass "R CMD check".
2019-02-17: Ver 0.3-4
* Register "R_zmq_send_file" and "R_zmq_recv_file" in "src/zzz.c".
* Fix Windows binary files transfer problems.
Changes since 4.18.2
--------------------
o Ralph Boehme <slow@samba.org>
* BUG 15375: Symlinks to files can have random DOS mode information in a
directory listing.
* BUG 15378: vfs_fruit might cause a failing open for delete.
o Volker Lendecke <vl@samba.org>
* BUG 15361: winbind recurses into itself via rpcd_lsad.
* BUG 15366: wbinfo -u fails on ad dc with >1000 users.
o Stefan Metzmacher <metze@samba.org>
* BUG 15338: DS ACEs might be inherited to unrelated object classes.
* BUG 15362: a lot of messages: get_static_share_mode_data:
get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND.
* BUG 15374: aes256 smb3 encryption algorithms are not allowed in
smb3_sid_parse().
o Andreas Schneider <asn@samba.org>
* BUG 15360: Setting veto files = /.*/ break listing directories.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15363: "samba-tool domain provision" does not run interactive mode if
no arguments are given.
o Nathaniel W. Turner <nturner@exagrid.com>
* BUG 15325: dsgetdcname: assumes local system uses IPv4.
Upstream changes:
* 3.6.4 (2023/06/11)
- switch an image loader to stb_image instead of libjpeg, libpng, and giflib
- support OpenSSL for SSL/TLS libraries
- fix builds on OpenBSD/amd64 and Ubuntu 22.04
SOAP-WSDL provides a SOAP client with WSDL support.
This module is not recommended for new application development. Please
use XML::Compile::SOAP or SOAP::Lite instead if possible.
This module has a large number of known bugs and is not being actively
developed. This 3.0 release is intended to update the module to pass
tests on newer Perls. This is a service to existing applications
already dependent on this module.
SOAP-WSDL provides a SOAP client with WSDL support.
This module is not recommended for new application development. Please
use XML::Compile::SOAP or SOAP::Lite instead if possible.
This module has a large number of known bugs and is not being actively
developed. This 3.0 release is intended to update the module to pass
tests on newer Perls. This is a service to existing applications
already dependent on this module.
New features
- Considerably refined the app packaging strategy, introducing support for more
architectures and other advancements 📦 (see #246 for additional details)
- Added button to clear all the current search filters quickly in inspect page
- Added Swedish translation 🇸🇪 (#213)
Improvements
- Updated most of the existing translations to v1.2:
- German 🇩🇪 (#191)
- Spanish 🇪🇸 (#203)
- Persian 🇮🇷 (#193)
- Korean 🇰🇷 (#205)
- Polish 🇵🇱 (#244)
- Romanian 🇷🇴 (#241)
- Russian 🇷🇺 (#187)
- Turkish 🇹🇷 (#192)
- Ukrainian 🇺🇦 (#216)
- Chinese 🇨🇳 (#214)
- Renamed "Administrative entity" to "Autonomous System name" to avoid
confusion
- Improved filter columns relative width to avoid the "Application protocol"
label being cut when displayed in Swedish
- Footer URLs have been updated to include links to Sniffnet's official website
and GitHub Sponsor page
- Updated docs including installation instruction for Arch Linux (#185)
- Minor improvements to packets and bytes number format
- Minor improvements to:
- code readability (#248)
- docs (#235)
Fixes
- Various issues have been fixed by the refined packaging strategy (#199, #220,
#223, #224, #225, #242)
- Solved a minor problem that caused flags to be slightly misaligned in inspect
page table
The dependency was to ensure the runtime presence of tcprules(1),
described at HOMEPAGE thus:
Optional but indispensible: ucspi-tcp6 to build the cdb to control
incoming connections for sslserver using tcprules coming with the
ucspi-tcp6 package. Older versions of ucspi-tcp can be used as well,
but don't provide neither IPv4 CIDR nor IPv6 capabilities. The
generated cdb however, is binary compatible among all versions.
Depending on either of net/ucspi-tcp{,6} here was complicating the
dependency graph in exchange for... still getting in the way of other
packages installing what they need (e.g. mail/bincimap). Trust the
sysadmin to notice if they don't already have tcprules and decide what
to install in that case.
Almost all uses, if not all of them, are wrong, according to the
semantics of BUILD_DEPENDS (packages built for target available for
use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for
host available for use _as_ tools at build-time).
No change to BUILD_DEPENDS as used correctly inside buildlink3.
As proposed on tech-pkg:
https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html
Nmap 7.94 [2023-05-19]
o Zenmap and Ndiff now use Python 3! Thanks to the many contributors who made
this effort possible:
+ [Zenmap] Updated Zenmap to Python 3 and PyGObject. [Jakub Kulík]
+ [Ndiff] Updated Ndiff to Python 3. [Brian Quigley]
+ Additional Python 3 update fixes by Sam James, Daniel Miller. Special thanks
to those who opened Python 3-related issues and pull requests: Eli
Schwartz, Romain Leonard, Varunram Ganesh, Pavel Zhukov, Carey Balboa,
Hasan Aliyev, and others.
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.71 to the latest version 1.75. It
includes dozens of performance improvements, bug fixes and feature
enhancements described at https://npcap.com/changelog.
o Nmap now prints vendor names based on MAC address for MA-S (24-bit), MA-M
(28-bit), and MA-L (36-bit) registrations instead of the fixed 3-byte MAC
prefix used previously for lookups.
o Added partial silent-install support to the Nmap Windows
installer. It previously didn't offer silent mode (/S) because the
free/demo version of Npcap Windoes packet capturing driver that it
needs and ships with doesn't include a silent installer. Now with
the /S option, Nmap checks whether Npcap is already installed
(either the free version or OEM) and will silently install itself if
so. This is similar to how the Wireshark installer works and is
particularly helpful for organizations that want to fully automate
their Nmap (and Npcap) deployments. See
https://nmap.org/nmap-silent-install for more details.
o Lots of profile-guided memory and processing improvements for Nmap, including
OS fingerprint matching, probe matching and retransmission lookups for large
hostgroups, and service name lookups. Overhauled Nmap's string interning and
several other startup-related procedures to speed up start times, especially
for scans using OS detection. [Daniel Miller]
o Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD. Added 22 fingerprints,
bringing the new total to 5700!
o [NSE] Added the tftp-version script which requests a
nonexistent file from a TFTP server and matches the error message
to a database of known software. [Mak Kolybabi]
o [Ncat] Ncat can now accept "connections" from multiple UDP hosts in
listen mode with the --keep-open option. This also enables --broker and
--chat via UDP. [Daniel Miller]
o Upgraded OpenSSL binaries (for the Windows builds and for
RPM's) to version 3.0.8. This resolves some CVE's (CVE-2022-3602;
CVE-2022-3786) which don't impact Nmap proper since it doesn't do
certificate validation, but could possibly impact Ncat when the
--ssl-verify option is used.
o Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
o Removed the bogus OpenSSL message from the Windows Nmap
executable which looked like "NSOCK ERROR ssl_init_helper(): OpenSSL
legacy provider failed to load." We actually already have the legacy
provider built-in to our OpenSSL builds, and that's why loading the
external one fails.
o UDP port scan (-sU) and version scan (-sV) now both use the same
data source, nmap-service-probes, for data payloads. Previously, the
nmap-payloads file was used for port scan. Port scan responses will be used
to kick-start the version matching process. [Daniel Miller]
o Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption. The
DTLSSessionReq probe has had its rarity lowered to 2 to allow it to be sent
sooner in the scan. [Daniel Miller]
o [Ncat] Ncat in listen mode with --udp --ssl will use DTLS to secure incoming
connections. [Daniel Miller]
o Handle Internationalized Domain Names (IDN) like Яндекс.рф on
platforms where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
o [Ncat] Addressed an issue from the Debian bug tracker
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969314) regarding data
received immediately after a SOCKS CONNECT response. Ncat can now be
correctly used in the ProxyCommand option of OpenSSH.
o Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted DNS
server responses, reported by Philippe Antoine.
o [NSE] Fix mpint packing in ssh2 library, which was causing OpenSSH
errors like "ssh_dispatch_run_fatal: bignum is negative" [Sami Loone]
o Updates to the Japanese manpage translation by Taichi Kotake.
o [Ncat] Dramatically speed up Ncat transfers on
Windows by avoiding a 125ms wait for every read from
STDIN. [scriptjunkie]
o [Windows] Periodically reset the system idle timer to keep the
system from going to sleep while scans are in process. This only affects port
scans and OS detection scans, since NSE and version scan do not rely on
timing data to adjust speed.
o Updated the Nmap Public Source License (NPSL) to Version 0.95. This
just clarifies that the derivative works definition and all other
license clauses only apply to parties who choose to accept the
license in return for the special rights granted (such as Nmap
redistribution rights). If a party can do everything they need to
using copyright provisions outside of this license such as fair use,
we support that and aren't trying to claim any control over their
work. Versions of Nmap released under previous versions of the NPSL
may also be used under the NPSL 0.95 terms.
o Avoid storing many small strings from IPv4 OS detection results in the global
string_pool. These were effectively leaked after a host is done being
scanned, since string_pool allocations are not freed until Nmap quits.
for a non-default PKG_SYSCONFBASE
We do not at this point install pam files automatically.
And PKG_SYSCONFBASE/pam.d is not being looked at, so don't
bother installing anything there.
What's New
- Support for nested aliases
- repo set-default --view can now be called without a repo argument
What's Changed
- Color control and sensible defaults in modern terminals
- Fix windows crash by bumping wincred
- Update browser package to avoid Windows crash
- release upload sanitizes asset filenames prior to uploading
- pr status uses lighter API in supported environments
- All commands start up time improvements
- More commands use latin matching filter
- pr create respects GH_REPO env variable
- Do not fall back to legacy template if template selector returns nil
2.8.0
- MINOR: compression: Improve the way Vary header is added
- BUILD: makefile: search for SSL_INC/wolfssl before SSL_INC
- MINOR: init: pre-allocate kernel data structures on init
- DOC: install: add details about WolfSSL
- BUG/MINOR: ssl_sock: add check for ha_meth
- BUG/MINOR: thread: add a check for pthread_create
- BUILD: init: print rlim_cur as regular integer
- DOC: install: specify the minimum openssl version recommended
- CLEANUP: mux-quic: remove unneeded fields in qcc
- MINOR: mux-quic: remove nb_streams from qcc
- MINOR: quic: fix stats naming for flow control BLOCKED frames
- BUG/MEDIUM: mux-quic: only set EOI on FIN
- BUG/MEDIUM: threads: fix a tiny race in thread_isolate()
- DOC: config: fix rfc7239 converter examples
- DOC: quic: remove experimental status for QUIC
- CLEANUP: mux-quic: rename functions for mux_ops
- CLEANUP: mux-quic: rename internal functions
- BUG/MINOR: mux-h2: refresh the idle_timer when the mux is empty
- DOC: config: Fix bind/server/peer documentation in the peers section
- BUILD: Makefile: use -pthread not -lpthread when threads are enabled
- CLEANUP: doc: remove 21 totally obsolete docs
- DOC: install: mention the common strict-aliasing warning on older compilers
- DOC: install: clarify a few points on the wolfSSL build method
- MINOR: quic: Add QUIC connection statistical counters values to "show quic"
- EXAMPLES: update the basic-config-edge file for 2.8
- MINOR: quic/cli: clarify the "show quic" help message
- MINOR: version: mention that it's LTS now.
RabbitMQ 3.11.17
Core Server
Bug Fixes
Fixed two quorum queue federation issues.
Nodes that had a large number of quorum queues could observe accumulation of Erlang processes
under significant load.
Nodes could hang when recovering classic queue indices during boot.
As of 6418, nodes refuse
to start if the definitions file cannot be parsed as valid JSON.
Now this also applies to nodes that were configure to skip definition import if the input file(s) has changed
using the definitions.skip_if_unchanged setting.
Enhancements
Reduce CPU footprint of quorum queue metric emission in clusters with a lot of quorum queues.
Management Plugin
Bug Fixes
The plugin reported the interface its listener(s) were bound to incorrectly.
Enhancements
It is now possible to change default queue type for a virtual host using the
PUT /api/vhosts/{name} endpoint.
Web STOMP Plugin
Bug Fixes
The plugin reported the interface its listener(s) were bound to incorrectly.
Web MQTT Plugin
Bug Fixes
The plugin reported the interface its listener(s) were bound to incorrectly.
Debian Package
Bug Fixes
Make-based source package builds were failing in an offline environment.
RPM Package
Bug Fixes
Make-based source package builds were failing in an offline environment.
Dependency Upgrades
CSV parser used by CLI tools was upgraded to 3.0.5