gRPC is a modern, open source remote procedure call (RPC) framework
that can run anywhere. It enables client and server applications to
communicate transparently, and makes it easier to build connected
systems.
**** 1.13 Oct 18, 2017
Feature IDN query support
Queries for domain names containing non-ASCII characters are
now possible on Unicode platforms using CPAN Net::LibIDN2
Without that change the nmap configure script checks for `lua_isyield'
symbol (appeared on Lua 5.3), and for LUA_VERSION_DEFAULT != 53
(pkgsrc by default set LUA_VERSION_DEFAULT to 52) it will just
silently use its internal version.
Set LUA_VERSIONS_ACCEPTED to 53 to avoid that.
Fix PR pkg/52624 reported by Patrick Mackey.
Bump PKGREVISION.
Twisted 17.9.0:
Features
--------
- twisted.python.failure.Failure is now a new-style class which subclasses
BaseException.
- twisted.internet.posixbase.PosixReactorBase.adoptStreamPort and
twisted.internet.posixbase.PosixReactorBase.adoptStreamConnection now support
AF_UNIX SOCK_STREAM sockets.
-
- t.protocol.policies.TimeoutMixin.setTimeout and
t.protocol.policies.TimeoutProtocol.cancelTimeout (used in
t.protocol.policies.TimeoutFactory) no longer raise a
t.internet.error.AlreadyCancelled exception when calling them for an already
cancelled timeout.
- twisted.web.template.flatten now supports coroutines that yield Deferreds.
- twisted.web.client.HTTPConnectionPool passes the repr() of the endpoint to
the client protocol factory, and the protocol factory adds that to its own
repr(). This makes logs more useful.
- Python 3.6 is now supported
Bugfixes
--------
- twisted.python.logfile.BaseLogFile and subclasses now always open the file in
binary mode, and will process text as UTF-8.
- The `ssl:` endpoint now accepts `certKey` PEM files without trailing
newlines.
- Logger.__init__ sets the namespace to "<unknown>" instead of raising KeyError
when unable to determine the namespace from the calling context.
- twisted.internet._win32serialport updated to support pySerial 3.x and dropped
pySerial 2.x support.
- twisted.python.rebuild now works on Python 3.
- twisted.web.server.Request.notifyFinish will now once again promptly notify
applications of client disconnection (assuming that the client doesn't send a
large amount of pipelined request data) rather than waiting for the timeout;
this fixes a bug introduced in Twisted 16.3.0.
- twisted.web.guard.HTTPAuthSessionWrapper configured with
DigestCredentialFactory now works on both Python 2 and 3.
- Detect when we’re being run using “-m twisted” or “-m twisted.trial” and use
it to build an accurate usage message.
- twisted.protocols.tls.TLSMemoryBIOProtocol now allows unregisterProducer to
be called when no producer is registered, bringing it in line with other
transports.
- twisted.web web servers no longer print tracebacks when they timeout clients
that do not respond to TLS CLOSE_NOTIFY messages.
- twisted.mail.imap4 now works on Python 3.
- twisted.python.shortcut now works on Python 3 in Windows.
- Fix traceback forwarding with inlineCallbacks on python 3.
- twisted.mail.imap4.MessageSet now treats * as larger than every message ID,
leading to more consistent and robust behavior.
- The following plugins can now be used on Python 3 with twistd: dns, inetd,
portforward, procmon, socks, and words.
- twisted.internet._win32serialport now uses serial.serialutil.to_bytes() to
provide bytes in Python 3.
- twisted.internet.reactor.spawnProcess() now does not fail on Python 3 in
Windows if passed a bytes-encoded path argument.
- twisted.protocols.ident now works on Python 3.
- Ignore PyPy's implementation differences in base object class.
- twisted.python.test.test_setup now passes with setuptools 36.2.1
- twisted.internet._win32serialport SerialPort._clearCommError() no longer
raises AttributeError
- twisted.trial.unittest.SynchronousTestCase and
twisted.trial.unittest.TestCase now always run their tearDown methods, even
when a test method fails with an exception. They also flush all errors logged
by a test method before running another, ensuring the logged errors are
associated with their originating test method.
- Updating fast_xml to version 1.1.24.
- Updating p1_utils to version 1.0.10.
- Updating stringprep to version 1.0.10.
- Compatibility with R19.3+
- XEP-0084 (User Avatar) support
Upstream changes:
- support an error response when the account is locked (thanks @sushi514)
- add an environment variable MIKUTTER_CONFROOT
- sweep legacy code
1.51 2017-10-11
- Added the following missing methods for IPv6 lookups to the pure Perl
implementation: name_by_addr_v6, name_by_name_v6, org_by_addr_v6, and
org_by_name_v6. Reported by Earl Killian. GitHub #28.
A native Ruby implementation of the SMB Protocol Family. It currently
supports MS-SMB and MS-SMB2. This library currently include both a
client level, and packet level support. A user can aprse and
manipulate raw SMB packets, or simply use the simple client to perform
SMB operations. See the Wiki for more information on this porject's
long-term goals, style guide, and developer tips.
Patches from Juoni Malinen and Mathy Vanhoef.
Fixes:
- CVE-2017-13077
- CVE-2017-13078
- CVE-2017-13079
- CVE-2017-13080
- CVE-2017-13081
- CVE-2017-13082
- CVE-2017-13086
- CVE-2017-13087
- CVE-2017-13088
Tested by leot, thanks!
Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
Do not reinstall TK to the driver during Reassociation Response frame
processing if the first attempt of setting the TK succeeded. This avoids
issues related to clearing the TX/RX PN that could result in reusing
same PN values for transmitted frames (e.g., due to CCM nonce reuse and
also hitting replay protection on the receiver) and accepting replayed
frames on RX side.
This issue was introduced by the commit
0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
authenticator') which allowed wpa_ft_install_ptk() to be called multiple
times with the same PTK. While the second configuration attempt is
needed with some drivers, it must be done only if the first attempt
failed.
Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
Track the current GTK and IGTK that is in use and when receiving a
(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
not install the given key if it is already in use. This prevents an
attacker from trying to trick the client into resetting or lowering the
sequence counter associated to the group key.
Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
Mode cases
This extends the protection to track last configured GTK/IGTK value
separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
corner case where these two different mechanisms may get used when the
GTK/IGTK has changed and tracking a single value is not sufficient to
detect a possible key reconfiguration.
Subject: [PATCH 4/8] Prevent installation of an all-zero TK
Properly track whether a PTK has already been installed to the driver
and the TK part cleared from memory. This prevents an attacker from
trying to trick the client into installing an all-zero TK.
This fixes the earlier fix in commit
ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
driver in EAPOL-Key 3/4 retry case') which did not take into account
possibility of an extra message 1/4 showing up between retries of
message 3/4.
Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
The Authenticator state machine path for PTK rekeying ended up bypassing
the AUTHENTICATION2 state where a new ANonce is generated when going
directly to the PTKSTART state since there is no need to try to
determine the PMK again in such a case. This is far from ideal since the
new PTK would depend on a new nonce only from the supplicant.
Fix this by generating a new ANonce when moving to the PTKSTART state
for the purpose of starting new 4-way handshake to rekey PTK.
Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
Do not try to reconfigure the same TPK-TK to the driver after it has
been successfully configured. This is an explicit check to avoid issues
related to resetting the TX/RX packet number. There was already a check
for this for TPK M2 (retries of that message are ignored completely), so
that behavior does not get modified.
For TPK M3, the TPK-TK could have been reconfigured, but that was
followed by immediate teardown of the link due to an issue in updating
the STA entry. Furthermore, for TDLS with any real security (i.e.,
ignoring open/WEP), the TPK message exchange is protected on the AP path
and simple replay attacks are not feasible.
As an additional corner case, make sure the local nonce gets updated if
the peer uses a very unlikely "random nonce" of all zeros.
Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
request
Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
Mode Response if WNM-Sleep Mode has not been used') started ignoring the
response when no WNM-Sleep Mode Request had been used during the
association. This can be made tighter by clearing the used flag when
successfully processing a response. This adds an additional layer of
protection against unexpected retransmissions of the response frame.
Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
The driver is expected to not report a second association event without
the station having explicitly request a new association. As such, this
case should not be reachable. However, since reconfiguring the same
pairwise or group keys to the driver could result in nonce reuse issues,
be extra careful here and do an additional state check to avoid this
even if the local driver ends up somehow accepting an unexpected
Reassociation Response frame.
- Revert "Move gdbus-codegen users to py-glib2-tools by including
glib2/buildtools.mk" 1f764df
- while here change to TOOL_DEPENDS
- switch from py-glib2-tools to glib2-tools
3.5.0
Features / Improvements
* Allow 'full_text' param when getting direct messages
* Explicitly return api code when parsing error
* Remove deprecated function and clean up codes
Bug Fixes
* update_status: first positional argument should be 'status'
* Fix "TypeError: Can't convert 'bytes' object to str implicitly"
* Fix duplicate raise in auth.py
This is a regularly scheduled stable release.
Resolved issues:
#4357: Removing paused folders no longer triggers a crash.
#4360: Add further security related HTTP headers
#4375: Improve info level logging in some cases
#4377: Improve GUI tooltips in chromium based browsers
#4382: Hide temporary files on Windows
#4387: Add -device-id command line switch
In addition, failure to upgrade folder markers from file to directory type is
no longer fatal.
Pkgsrc changes:
* None.
Upstream changes:
Features:
* Set trust-anchor-signaling default to yes
* Fix#1440: [dnscrypt] client nonce cache.
* Fix#1435: Please allow UDP to be disabled separately upstream and
downstream.
Bug fixes:
* Fix that looping modules always stop the query, and don't pass
control.
* Fix unbound-host to report error for DNSSEC state of failed lookups.
* Spelling fixes, from Josh Soref.
* Fix#1400: allowing use of global cache on ECS-forwarding unless
always-forward.
* use a cachedb answer even if it's "expired" when serve-expired is yes
(patch from Jinmei Tatuya).
* trigger refetching of the answer in that case (this will bypass
cachedb lookup)
* allow storing a 0-TTL answer from cachedb in the in-memory message
cache when serve-expired is yes
* Fix DNSCACHE_STORE_ZEROTTL to be bigger than 0xffff.
* Log name of looping module
* Fix#1450: Generate again patch contrib/aaaa-filter-iterator.patch
(by Danilo G. Baio).
* Fix param unused warning for windows exportsymbol compile.
* Use RCODE from A query on DNS64 synthesized answer.
* Fix trust-anchor-signaling works in libunbound.
* Fix spelling in unbound-control man page.
Upstream changes:
Quagga 1.2.2
Upstream did not publsh NEWS -- basically bug fixes
Quagga 1.2.1
bug fixes and minor improvements
Quagga 1.2.0
This is a feature release, for testing or more adventurous
users. More conservative users may wish to stay with an older
release. This release contains:
Next-Hop Resolution Protocol support from Timo Teräs
BGP Large Community support, thanks to Job Snijders and Keyur Patel
BGP session establishment reworked, for speed and reliability
BGP route-advertisement timer interval default lowered, to 3s for eBGP and 1s for iBGP.
BGP Connect retries made more aggressive, with lower retry timer and a slower-ramping backoff.
Quagga 1.1.1
bug and security fixes
There is a known regression with IPv6 BGP sessions, see Bugzilla #870.
Quagga 1.1.0
This is a release with a number of new features, and many bug fixes.
Notably:
Greatly improved nexthop resolution for recursive routes. (Cumulus)
Event driven nexthop resolution for BGP (Cumulus)
Route tags support (Piotr Chytła, Packet Consulting)
Transport of TE related metrics over OSPF, IS-IS (Olivier Dugeon, Orange)
IPv6 Multipath for zebra and BGP (Ayan Banerjee, Cumulus)
This release also changed the default of 'link-detect' state,
controlling whether zebra will respond to link-state events and
consider an interface to be down when link is down. To retain
current the behavior save your config before updating, otherwise
remove the 'link-detect' flag from your config prior to
updating. There is also a new global 'default link-detect (on|off)'
flag to configure the global default.
Quagga 1.0.20161017
zebra IPv6 RA and BGP MRT dump security fixes
* Fixed handling RA's from multiple routers
* Fixed changing to a better route based on gateway
* IPv6 default route is now deleted when config is not persistent
* Use hmac(3) if available in libc to reduce binary size
Release 0.12.7:
This is a minor bugfix release to help Tahoe-LAFS.
It depends upon a newer version of I2P, which should handle Tahoe storage
servers that listen on I2P sockets (the Tahoe executable makes an outbound
connection to the local I2P daemon, however it then accepts inbound TLS
connections on that same socket, which confuses the TLS negotiation because
both sides appear to be "clients", and TLS requires exactly one "client" and
one "server").
It also fixes a minor Tub shutdown behavior to let unit tests work more
reliably.
XDR is an open data format, specified in RFC 4506. This library
provides a way to read and write XDR data from Ruby. It can read/write
all of the primitive XDR types and also provides facilities to define
readers for the compound XDR types (enums, structs and unions).
1.11.166
api-change:redshift: Update redshift command to latest version
1.11.165
api-change:kinesisanalytics: Update kinesisanalytics command to latest version
api-change:route53domains: Update route53domains command to latest version
1.11.164
api-change:ssm: Update ssm command to latest version
api-change:ec2: Update ec2 command to latest version
1.11.163
api-change:cloudhsm: Update cloudhsm command to latest version
1.11.162
api-change:route53: Update route53 command to latest version
api-change:organizations: Update organizations command to latest version
api-change:mturk: Update mturk command to latest version
api-change:codebuild: Update codebuild command to latest version
api-change:appstream: Update appstream command to latest version
1.7.24
api-change:redshift: Update redshift client to latest version
1.7.23
api-change:route53domains: Update route53domains client to latest version
api-change:kinesisanalytics: Update kinesisanalytics client to latest version
1.7.22
api-change:ssm: Update ssm client to latest version
api-change:ec2: Update ec2 client to latest version
1.7.21
api-change:cloudhsm: Update cloudhsm client to latest version
1.7.20
api-change:organizations: Update organizations client to latest version
api-change:route53: Update route53 client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:mturk: Update mturk client to latest version
api-change:appstream: Update appstream client to latest version
A compiler bug causes incorrect compilation of the NetBSD-specific
code in cpu_sysctl.c. This results in a crash shortly after startup if
the machine has 2 or more CPUs.
Disable optimisation in netsnmp_cpu_arch_load() only.
This works around the problem reported in PR pkg/50939.
