* What is new in gsl-2.7:
** fixed doc bug for gsl_histogram_min_bin (lhcsky at 163.com)
** fixed bug #60335 (spmatrix test failure, J. Lamb)
** fixed bug #36577
** clarified documentation on interpolation accelerators (V. Krishnan)
** fixed bug #45521 (erroneous GSL_ERROR_NULL in ode-initval2, thanks to M. Sitte)
** fixed doc bug #59758
** fixed bug #58202 (rstat median for n=5)
** added support for native C complex number types in gsl_complex
when using a C11 compiler
** upgraded to autoconf 2.71, automake 1.16.3, libtool 2.4.6
** updated exponential fitting example for nonlinear least squares
** added banded LU decomposition and solver (gsl_linalg_LU_band)
** New functions added to the library:
- gsl_matrix_norm1
- gsl_spmatrix_norm1
- gsl_matrix_complex_conjtrans_memcpy
- gsl_linalg_QL: decomp, unpack
- gsl_linalg_complex_QR_* (thanks to Christian Krueger)
- gsl_vector_sum
- gsl_matrix_scale_rows
- gsl_matrix_scale_columns
- gsl_multilarge_linear_matrix_ptr
- gsl_multilarge_linear_rhs_ptr
- gsl_spmatrix_dense_add (renamed from gsl_spmatrix_add_to_dense)
- gsl_spmatrix_dense_sub
- gsl_linalg_cholesky_band: solvem, svxm, scale, scale_apply
- gsl_linalg_QR_UD: decomp, lssolve
- gsl_linalg_QR_UU: decomp, lssolve, QTvec
- gsl_linalg_QR_UZ: decomp
- gsl_multifit_linear_lcurvature
- gsl_spline2d_eval_extrap
** bug fix in checking vector lengths in gsl_vector_memcpy (dieggsy@pm.me)
** made gsl_sf_legendre_array_index() inline and documented
gsl_sf_legendre_nlm()
1.5.5
new features
Add support for new architecture loongarch (#1173)
Fixed version of random interleaving of benchmark repetitions (#1163, fixing #1051)
Easier comparison of results across families (#1168#1166#1165#1164)
fixes
Fix perf counter argument parsing (#1160)
internal cleanup
Drop warning to satisfy clang's -Wunused-but-set-variable diag (#1174)
Enable some sanitizer builds in github actions (#1167#1171)
Fix memory leak in test (#1169)
Version 1.20, 2021-06-17
* New bucket cache
The bucket cache support has been rewritten from scratch. The new
bucket cache code provides for significant speed up of search
operations.
* Change mmap prereading strategy
Pre-reading of the memory mapper regions, introduced in version 1.19
can be advantageous only when doing intensive look-ups on a read-only
database. It degrades performance otherwise, especially if doing
multiple inserts. Therefore, this version introduces a new flag
to gdbm_open: GDBM_PREREAD. When given, it enables pre-reading of
memory mapped regions.
See https://github.com/Perl/perl5/issues/18884 for details.
Exiv2 v0.27.4 Features
bmff support (.CR3, .AVIF, .HEIC, .HIF, .JXL/bmff) files.
Rewrite 0.27 bash test scripts in python.
Support for Exif 2.32 and DNG 1.6.
Crowdin Localisation Support
Completion of Image Metadata and Exiv2 Architecture https://clanmills.com/exiv2/book/
Improved documentation.
Various minor bugs and fixes.
RC3 issued to deal with 12 security issues. After 18 months without a CVE, we were attacked between RC2 and GM.
Security policy defined and published on GitHub.
16 base ANSI colors can be specified by their names
fzf --color fg:3,fg+:11
fzf --color fg:yellow,fg+:bright-yellow
Fix bug where --read0 not properly displaying long lines
Features
Postfix completions
Postfix completions are a new style of completions that can save
you time by inserting more complex pieces of commonly-written code.
All of the results end with !. This feature was added experimentally
in gopls/v0.6.10 and is now enabled by default.
New commands: List known packages and add import
These commands can be used to manually list available packages to
import and then add an import to your file. They are currently not
used by any known clients, but they will be made available through
the Command Palette in VS Code in the next VS Code Go release.
Improvements
Memory usage
Improved trimming of the ASTs of dependency packages results in
reduced memory usage, especially for projects with many dependencies.
This may result in some hard-to-diagnose bugs that we're not yet
aware of, so please report any surprising behavior via
https://golang.org/issues/new.
Concurrent with the release of GnuCash 4.6 we're pleased to also release a new version of the companion Help and Tutorial and Concepts Guide
Between 4.5 and 4.6, the following bugfixes were accomplished:
Bug 798178 - : Wrong Color in Scheduled Transactions Window text
Bug 798217 - minor mistakes in Tutorial and Concepts guide
The following fixes and improvements were not associated with bug reports:
Update ch_invest.xml
Help/C: New screenshots, remove unused images, and image optimization
New help/de/figures/Main-window-callouts + helper files
Add ENTITY vers-last-2 for reference of major changes
Make calibre optional in cmake
Create Github actions to replace TravisCI
Fixes reference to Help Manual
Help: link Setup for Online Transactions in C, de
Help: Replace most <literallayout> by <screen>
Help pt: Add missing xmlns:xi parameters
Replace most <literallayout> by <screen>; <screen> uses Monospace while <literallayout> keeps the default (proportional) font
Backport of improvements from de/Help_ch_GUIMenus.xml
Added new menu items
Corrected the order of menu items
Removed duplicate descriptions
insert <accel>-Tags
Update PACKAGE_URL of configure.ac
xmlformat all docs
EEC became EU decades ago, but we had still references
Several fixes of shortcuts in C and pt
Check for " >" to avoid unwanted wraps
Add xmlformat incl. configuration
Improve the wiki link in the note for translators
The GnuCash development team announces GnuCash 4.6, the sixth release in the stable 4.x series
Between 4.5 and 4.6, the following bugfixes were accomplished:
Bug 648335 - Display Created Transactions setting
Add a preference for the 'Review Created Transactions' setting in the 'Since Last Run' dialog so that the default can be specified.
Bug 743753 - Nearest in time security price selection is incorrect in reports
Add new price source - 'nearest before report date' will ignore prices *after* report date.
Bug 743999 - Deleting a digit from an existing number greater than four digits in length generates an error message.
Because the grouping is off. Checking grouping on input is pointless so just ignore the grouping separator when parsing number input.
Bug 753283 - Current Selection Highlight Lost After Transaction Edit in Scheduled Transaction Window
Bug 787813 - Price change from editing a transaction not reflected in pricedb.
Bug 794877 - Intro text of "Online Banking Setup" is outdated
Bug 795804 - Extremely slow save
Only update the status bar when the percentage changes by at least 1% because running the mainloop is expensive on macOS and Microsoft Windows. This speeds up all operations that run the progress bar with overly-fine resolution.
Bug 796761 - Newline (char(10)) is inserted into the end of the string if copy & paste text from excel into the description field of transaction
Bug 797787 - Feature request: preference setting to open new tabs adjacent to currently active tab
tests preference; if enabled then new tab inserted after current. if disabled then new tab is at the end.
Bug 797928 - Since last run asks for security price when no shares traded
Bug 798093 - Changing the symbol/abbreviation of a security after the trading account was created breaks GnuCash.(Reopened)
Bug 798133 - Gnucash crash when any custom action is entered
Bug 798144 - Reconciliation uses different number than entered
If a number was pasted into the balance end value with a currency symbol the number would silently fail on evaluate and cause the wrong value to be used. With previous changes to the GNCAmountEdit widget a warning symbol will indicate a validation error and prevents going forward.
Bug 798148 - "Accounts" page Present (USD) column uses future prices
Bug 798151 - Value entry box not tied to associated transaction in Since Last Run assistant
Bug 798156 - glib 2.68.0 breaks gnucash
Bug 798159 - Keyboard shortcut bug in 'manage document link'
Bug 798162 - Type Ahead Initialization Problem
Bug 798170 - Unbound variable: gnc-budget-lookup when running saved report Budget Report via gnucash-cli
Bug 798177 - Price of new stock transactions not saved in price database
Bug 798186 - Incorrect result editting account in register when overtyping a part selection.
Bug 798188 - The Invoice Editor -> Printable Invoice toolbar button crashes on Windows
Bug 798196 - not building with Boost 1.76
Bug 798199 - Pasting invalid value in date column crashes GnuCash
Bug 798202 - Register input ignores theme on KDE rendering black text on black background
Bug 798203 - g_assert fault while reversing transaction
Bug 798204 - Creation of Imbalance Accounts
Bug 798212 - right-click the down-arrow in the date register changes focus to first split
The following fixes and improvements were not associated with bug reports:
Improve transaction sorting on effective num field so that alpha charachters and numbers larger than 1 billion will be ordered. Ordering is now numeric for leading numbers (so that 9 sorts before 10) and lexical beginning with the first non-numeric character. Note that if one of the values begins with an alpha character ordering will be entirely lexical. Lexical sorting is localized; as in the rest of GnuCash only standard ASCII numbers (codepoints U+0030 - U+0039) are treated as numbers.
Add import preferences for the difference in time considered when matching an existing transaction to an imported one. A difference less than the matching-date-threshold raises the score of the match; a difference greater than match-date-not-threshold lowers the score.
Add experimental report "IFRS weighted-average cost basis report". This is a work-in-progress to help calculate the cost basis of securities priced in a foreign currency.
[income-gst-statement] amend headers post Brexit. UK left EU, therefore VAT headers have now changed.
Plug a bunch of memory leaks.
Change how the print_info is obtained for the register: Currently the register sets up some 'print_info' values using the default account but if the register is a stock register they should be obtained from a parent account with a currency.
Change monetary value for gnc_default_share_print_info: Share values are not currencies so set the monetary value to 0 for the GNCPrintAmountInfo
Parse the register monetary cells for a currency symbol: Add the ability to strip the currency symbol from a registry monetary cell if it is pasted with one so it can be validated.
SKR-49 Account Template: Add codes 4500-4504, drop a duplicate, correct code 0674.
[gnc-plugin-page-register] Disable reverse on blank split
Make balancing transactions with trading accounts easier by removing and recalculating all trading splits. This ensures that there will be only one trading split pair per exchange and relieves the user of having to adjust the trading splits to match the accounting splits.
Don't bother scrubbing for orphans if there's no transaction currency. If it found one it would try to create an orphan account with no currency which will crash later.
[chartjs] upgrade chartjs to 2.9.4. Fixes CVE-2020-7746
[report-core] disallow define-report with incomplete export info. If exporting is allowed, 'export-types and 'export-thunk must both be defined.
[test-engine-extras] augment book data generators
ignore .vscode folder
Reorder and relabel price source list for better coherence
Python Bindings: Provide a deprecated GncPriceDB.lookup_latest_before_t64 to avoid breaking user scripts.
Update gnucash_core.py with gnc-pricedb function name change
Change some functions to use const gnc_commodity for gnc_pricedb
Reformat schedule transaction source files for white space
Add depreciation warnings for the removal of individual option tool tips
Remove individual tool tips from radio button options
Removes the function gnc_option_permissible_value_description
ESC key was not working on load of Scheduled Transaction Editor
[budget.scm] show correct tooltip for report option
[html-acct-table] Remove unused 'pre-adjusting balances option
Bugfix: export-code for category-barchart reports would fail.
This stems from trying to handle file-name when calling export code. Export code no longer require file-name, The export-code returns a string in the html-document object instead. Remove all file-name handling in reports. No backward compatibility issues because most users would not copy a GnuCash >=4.6 report code onto a <4.5 installation.
[gnucash-cli] improve discoverability of export-type. Formerly, selecting --export-type EXT would dump the cryptic "Report REPORTNAME has no export code". Modify to hint the user on acceptable reports with export-code.
New API
[report-utilities] Functions to dump splits in whole book:
gnc:dump-book - splits grouped by account
gnc:dump-all-transactions - splits grouped by transaction
gnc:dump-split - dumps single split
Rename a couple of gnc-pricedb functions that have not been used:
gnc_pricedb_lookup_latest_before_t64 to gnc_pricedb_lookup_nearest_before_t64
gnc_pricedb_lookup_latest_before_any_currency_t64 to gnc_pricedb_lookup_nearest_before_any_currency_t64
Add retrieval functions for price before the date given:
gnc_pricedb_convert_balance_nearest_before_price_t64 that retrieves the balance using the last price dated before a specified date like today for the preset value.
gnc_pricedb_get_nearest_before_price does the retrieval.
Deprecations
gnc:get-start-next-year
gnc:get-end-next-year
gnc:get-start-next-month
gnc:get-end-next-month
gnc:get-start-next-quarter
nc:get-end-next-quarter
gnc:get-one-month-ago
gnc:get-one-month-ahead
gnc:account-code-less-p
gnc:account-name-less-p
IPython 7.25
============
IPython 7.21 is a minor release that contains a singe bugfix, which is highly
recommended for all users of ipdb, ipython debugger %debug magic and similar.
Issuing commands like ``where`` from within the debugger would reset the
local variables changes made by the user. It is interesting to look at the root
cause of the issue as accessing an attribute (``frame.f_locals``) would trigger
this side effects.
Thanks in particular to the patience from the reporters at D.E. Shaw for their
initial bug report that was due to a similar coding oversight in an extension,
and who took time to debug and narrow down the problem.
3.0.19:
Fixes:
- Make the flush method of the vt100 output implementation re-entrant (fixes an
issue when using aiogevent).
- Fix off-by-one in `FormattedTextControl` mouse logic.
- Run `print_container` always in a thread (avoid interfering with possible
event loop).
- Make sphinx autodoc generation platform agnostic (don't import Windows stuff
when generating Sphinx docs).
pkgsrc change: Fix segfault under aarch64 from ryoon for comms/asterisk16.
-----
The Asterisk Development Team would like to announce the release
of Asterisk 18.5.0.
The release of Asterisk 18.5.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-29446 - app_confbridge: New ConfKick application
(Reported by N A)
* ASTERISK-29440 - app_confbridge: Allow ConfBridge answer to
be suppressed
(Reported by N A)
* ASTERISK-29431 - Minimum and maximum dialplan functions
(Reported by N A)
* ASTERISK-29439 - func_volume: Volume function can't be read
(Reported by N A)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-29475 - SayNumber triggers WARNING if caller hangs
up during application execution
(Reported by N A)
* ASTERISK-29404 - Consolidate res_pjsip_messaging fixes for
domain name
(Reported by George Joseph)
* ASTERISK-29441 - Core reload making TCP endpoints go offline
(Reported by Luke Escude)
* ASTERISK-28237 - "FRACK!, Failed assertion bad magic number"
happens when unsubscribe an application from an event source
(Reported by Lucas Tardioli Silveira)
* ASTERISK-28393 - Multidomain support issue
(Reported by Andrea Sannucci)
* ASTERISK-29433 - res_rtp_asterisk: Server reflexive
candidates use incorrect raddr for RTCP
(Reported by Chris)
* ASTERISK-29397 - pjsip: Asterisk isn't tolerant of RFC8760 UASs
(Reported by George Joseph)
* ASTERISK-24601 - [patch]Missing RFC4235 tags and attributes
in PJSIP NOTIFY event: dialog XML body
(Reported by Marco Paland)
* ASTERISK-29370 - chan_sip does not recognize
application/hook-flash
(Reported by N A)
* ASTERISK-29377 - cpool_release_pool "double free or
corruption (out)"
(Reported by Robert Sutton)
* ASTERISK-29372 - file.c switch does not account for flash
events
(Reported by N A)
* ASTERISK-29358 - chan_pjsip: Trace message for progress is
output even if frame is not queued
(Reported by Michael Maier)
* ASTERISK-29407 - chan_local: Filtering audio formats should
not occur on removed streams
(Reported by Joshua C. Colp)
* ASTERISK-29030 - res_rtp_asterisk: Additional RTP-frame (with
wrong SSRC) gets inserted when switching from progress to
established
(Reported by Matthias Hensler)
Improvements made in this release:
-----------------------------------
* ASTERISK-29450 - Allow setting channel variables using
Originate application
(Reported by N A)
* ASTERISK-29459 - Missing configuration from PJSIP to SIP
conversion script
(Reported by N A)
* ASTERISK-29460 - Recognize application/hook-flash in PJSIP
(Reported by N A)
* ASTERISK-29434 - Asterisk reveals pjproject version in STUN packets
(Reported by Jeremy Lain??)
* ASTERISK-29349 - Silent voicemail option is not completely silent
(Reported by N A)
* ASTERISK-29380 - Add Flash AMI event to handle flash events
(Reported by N A)
For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-18.5.0
Thank you for your continued support of Asterisk!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-announce/attachments/20210624/fe9defa9/attachment.html>
Previous message (by thread): [asterisk-announce] Asterisk 16.19.0 Now Available
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the asterisk-announce mailing list
ver 0.22.9 (2021/06/23)
* database
- simple: load all .mpdignore files of all parent directories
* tags
- fix "readcomments" and "readpicture" on remote files with ID3 tags
* decoder
- ffmpeg: support the tags "sort_album", "album-sort", "artist-sort"
- ffmpeg: fix build failure with FFmpeg 3.4
* Android
- fix auto-start on boot in Android 8 or later
* Windows
- fix build failure with SQLite
Changes in version 0.4.6.5 - 2021-06-14
Tor 0.4.6.5 is the first stable release in its series. The 0.4.6.x
series includes numerous features and bugfixes, including a significant
improvement to our circuit timeout algorithm that should improve
observed client performance, and a way for relays to report when they are
overloaded.
This release also includes security fixes for several security issues,
including a denial-of-service attack against onion service clients,
and another denial-of-service attack against relays. Everybody should
upgrade to one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.
o Major bugfixes (security):
- Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
half-closed streams. Previously, clients failed to validate which
hop sent these cells: this would allow a relay on a circuit to end
a stream that wasn't actually built with it. Fixes bug 40389;
bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
003 and CVE-2021-34548.
o Major bugfixes (security, defense-in-depth):
- Detect more failure conditions from the OpenSSL RNG code.
Previously, we would detect errors from a missing RNG
implementation, but not failures from the RNG code itself.
Fortunately, it appears those failures do not happen in practice
when Tor is using OpenSSL's default RNG implementation. Fixes bug
40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
o Major bugfixes (security, denial of service):
- Resist a hashtable-based CPU denial-of-service attack against
relays. Previously we used a naive unkeyed hash function to look
up circuits in a circuitmux object. An attacker could exploit this
to construct circuits with chosen circuit IDs, to create
collisions and make the hash table inefficient. Now we use a
SipHash construction here instead. Fixes bug 40391; bugfix on
0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
- Fix an out-of-bounds memory access in v3 onion service descriptor
parsing. An attacker could exploit this bug by crafting an onion
service descriptor that would crash any client that tried to visit
it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
Glazunov from Google's Project Zero.
o Major features (control port, onion services):
- Add controller support for creating version 3 onion services with
client authorization. Previously, only v2 onion services could be
created with client authorization. Closes ticket 40084. Patch by
Neel Chauhan.
o Major features (directory authority):
- When voting on a relay with a Sybil-like appearance, add the Sybil
flag when clearing out the other flags. This lets a relay operator
know why their relay hasn't been included in the consensus. Closes
ticket 40255. Patch by Neel Chauhan.
o Major features (metrics):
- Relays now report how overloaded they are in their extrainfo
documents. This information is controlled with the
OverloadStatistics torrc option, and it will be used to improve
decisions about the network's load balancing. Implements proposal
328; closes ticket 40222.
o Major features (relay, denial of service):
- Add a new DoS subsystem feature to control the rate of client
connections for relays. Closes ticket 40253.
o Major features (statistics):
- Relays now publish statistics about the number of v3 onion
services and volume of v3 onion service traffic, in the same
manner they already do for v2 onions. Closes ticket 23126.
o Major bugfixes (circuit build timeout):
- Improve the accuracy of our circuit build timeout calculation for
60%, 70%, and 80% build rates for various guard choices. We now
use a maximum likelihood estimator for Pareto parameters of the
circuit build time distribution, instead of a "right-censored
estimator". This causes clients to ignore circuits that never
finish building in their timeout calculations. Previously, clients
were counting such unfinished circuits as having the highest
possible build time value, when in reality these circuits most
likely just contain relays that are offline. We also now wait a
bit longer to let circuits complete for measurement purposes,
lower the minimum possible effective timeout from 1.5 seconds to
10ms, and increase the resolution of the circuit build time
histogram from 50ms bin widths to 10ms bin widths. Additionally,
we alter our estimate Xm by taking the maximum of the top 10 most
common build time values of the 10ms histogram, and compute Xm as
the average of these. Fixes bug 40168; bugfix on 0.2.2.14-alpha.
- Remove max_time calculation and associated warning from circuit
build timeout 'alpha' parameter estimation, as this is no longer
needed by our new estimator from 40168. Fixes bug 34088; bugfix
on 0.2.2.9-alpha.
o Major bugfixes (signing key):
- In the tor-gencert utility, give an informative error message if
the passphrase given in `--create-identity-key` is too short.
Fixes bug 40189; bugfix on 0.2.0.1-alpha. Patch by Neel Chauhan.
o Minor features (bridge):
- We now announce the URL to Tor's new bridge status at
https://bridges.torproject.org/ when Tor is configured to run as a
bridge relay. Closes ticket 30477.
o Minor features (build system):
- New "make lsp" command to auto generate the compile_commands.json
file used by the ccls server. The "bear" program is needed for
this. Closes ticket 40227.
o Minor features (client):
- Clients now check whether their streams are attempting to re-enter
the Tor network (i.e. to send Tor traffic over Tor), and close
them preemptively if they think exit relays will refuse them for
this reason. See ticket 2667 for details. Closes ticket 40271.
o Minor features (command line):
- Add long format name "--torrc-file" equivalent to the existing
command-line option "-f". Closes ticket 40324. Patch by
Daniel Pinto.
o Minor features (command-line interface):
- Add build informations to `tor --version` in order to ease
reproducible builds. Closes ticket 32102.
- When parsing command-line flags that take an optional argument,
treat the argument as absent if it would start with a '-'
character. Arguments in that form are not intelligible for any of
our optional-argument flags. Closes ticket 40223.
- Allow a relay operator to list the ed25519 keys on the command
line by adding the `rsa` and `ed25519` arguments to the
--list-fingerprint flag to show the respective RSA and ed25519
relay fingerprint. Closes ticket 33632. Patch by Neel Chauhan.
o Minor features (compatibility):
- Remove an assertion function related to TLS renegotiation. It was
used nowhere outside the unit tests, and it was breaking
compilation with recent alpha releases of OpenSSL 3.0.0. Closes
ticket 40399.
o Minor features (control port, stream handling):
- Add the stream ID to the event line in the ADDRMAP control event.
Closes ticket 40249. Patch by Neel Chauhan.
o Minor features (dormant mode):
- Add a new 'DormantTimeoutEnabled' option to allow coarse-grained
control over whether the client ever becomes dormant from
inactivity. Most people won't need this. Closes ticket 40228.
- Add a new 'DormantTimeoutEnabled' option for coarse-grained
control over whether the client can become dormant from
inactivity. Most people won't need this. Closes ticket 40228.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/06/10.
o Minor features (logging):
- Edit heartbeat log messages so that more of them begin with the
string "Heartbeat: ". Closes ticket 40322; patch
from 'cypherpunks'.
- Change the DoS subsystem heartbeat line format to be more clear on
what has been detected/rejected, and which option is disabled (if
any). Closes ticket 40308.
- In src/core/mainloop/mainloop.c and src/core/mainloop/connection.c,
put brackets around IPv6 addresses in log messages. Closes ticket
40232. Patch by Neel Chauhan.
o Minor features (logging, diagnostic):
- Log decompression failures at a higher severity level, since they
can help provide missing context for other warning messages. We
rate-limit these messages, to avoid flooding the logs if they
begin to occur frequently. Closes ticket 40175.
o Minor features (onion services):
- Add a warning message when trying to connect to (no longer
supported) v2 onion services. Closes ticket 40373.
o Minor features (performance, windows):
- Use SRWLocks to implement locking on Windows. Replaces the
"critical section" locking implementation with the faster
SRWLocks, available since Windows Vista. Closes ticket 17927.
Patch by Daniel Pinto.
o Minor features (protocol, proxy support, defense in depth):
- Close HAProxy connections if they somehow manage to send us data
before we start reading. Closes another case of ticket 40017.
o Minor features (tests, portability):
- Port the hs_build_address.py test script to work with recent
versions of python. Closes ticket 40213. Patch from
Samanta Navarro.
o Minor features (vote document):
- Add a "stats" line to directory authority votes, to report various
statistics that authorities compute about the relays. This will
help us diagnose the network better. Closes ticket 40314.
o Minor bugfixes (build):
- The configure script now shows whether or not lzma and zstd have
been used, not just if the enable flag was passed in. Fixes bug
40236; bugfix on 0.4.3.1-alpha.
o Minor bugfixes (compatibility):
- Fix a failure in the test cases when running on the "hppa"
architecture, along with a related test that might fail on other
architectures in the future. Fixes bug 40274; bugfix
on 0.2.5.1-alpha.
o Minor bugfixes (compilation):
- Fix a compilation warning about unused functions when building
with a libc that lacks the GLOB_ALTDIRFUNC constant. Fixes bug
40354; bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto.
o Minor bugfixes (consensus handling):
- Avoid a set of bugs that could be caused by inconsistently
preferring an out-of-date consensus stored in a stale directory
cache over a more recent one stored on disk as the latest
consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha.
o Minor bugfixes (control, sandbox):
- Allow the control command SAVECONF to succeed when the seccomp
sandbox is enabled, and make SAVECONF keep only one backup file to
simplify implementation. Previously SAVECONF allowed a large
number of backup files, which made it incompatible with the
sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by
Daniel Pinto.
o Minor bugfixes (directory authorities, voting):
- Add a new consensus method (31) to support any future changes that
authorities decide to make to the value of bwweightscale or
maxunmeasuredbw. Previously, there was a bug that prevented the
authorities from parsing these consensus parameters correctly under
most circumstances. Fixes bug 19011; bugfix on 0.2.2.10-alpha.
o Minor bugfixes (ipv6):
- Allow non-SOCKSPorts to disable IPv4, IPv6, and PreferIPv4. Some
rare configurations might break, but in this case you can disable
NoIPv4Traffic and NoIPv6Traffic as needed. Fixes bug 33607; bugfix
on 0.4.1.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (key generation):
- Do not require a valid torrc when using the `--keygen` argument to
generate a signing key. This allows us to generate keys on systems
or users which may not run Tor. Fixes bug 40235; bugfix on
0.2.7.2-alpha. Patch by Neel Chauhan.
o Minor bugfixes (logging, relay):
- Emit a warning if an Address is found to be internal and tor can't
use it. Fixes bug 40290; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (metrics port):
- Fix a bug that made tor try to re-bind() on an already open
MetricsPort every 60 seconds. Fixes bug 40370; bugfix
on 0.4.5.1-alpha.
o Minor bugfixes (onion services, logging):
- Downgrade the severity of a few rendezvous circuit-related
warnings from warning to info. Fixes bug 40207; bugfix on
0.3.2.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (relay):
- Reduce the compression level for data streaming from HIGH to LOW.
This should reduce the CPU and memory burden for directory caches.
Fixes bug 40301; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (testing, BSD):
- Fix pattern-matching errors when patterns expand to invalid paths
on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by
Daniel Pinto.
o Code simplification and refactoring:
- Remove the orconn_ext_or_id_map structure and related functions.
(Nothing outside of unit tests used them.) Closes ticket 33383.
Patch by Neel Chauhan.
o Removed features:
- Remove unneeded code for parsing private keys in directory
documents. This code was only used for client authentication in v2
onion services, which are now unsupported. Closes ticket 40374.
- As of this release, Tor no longer supports the old v2 onion
services. They were deprecated last July for security, and support
will be removed entirely later this year. We strongly encourage
everybody to migrate to v3 onion services. For more information,
see https://blog.torproject.org/v2-deprecation-timeline . Closes
ticket 40266. (NOTE: We accidentally released an earlier version
of the 0.4.6.1-alpha changelog without this entry. Sorry for
the confusion!)
o Code simplification and refactoring (metrics, DoS):
- Move the DoS subsystem into the subsys manager, including its
configuration options. Closes ticket 40261.
o Documentation (manual):
- Move the ServerTransport* options to the "SERVER OPTIONS" section.
Closes issue 40331.
- Indicate that the HiddenServiceStatistics option also applies to
bridges. Closes ticket 40346.
- Move the description of BridgeRecordUsageByCountry to the section
"STATISTICS OPTIONS". Closes ticket 40323.
o Removed features (relay):
- Because DirPorts are only used on authorities, relays no longer
advertise them. Similarly, self-testing for DirPorts has been
disabled, since an unreachable DirPort is no reason for a relay
not to advertise itself. (Configuring a DirPort will still work,
for now.) Closes ticket 40282.
This repository holds the code for the main server that Magic-Wormhole
clients connect to. The server performs store-and-forward delivery
for small key-exchange and control messages. Bulk data is sent over
a direct TCP connection, or through a transit-relay.
Clients connect with WebSockets, for low-latency delivery in the
happy case where both clients are attached at the same time. Message
are stored to enable non-simultaneous clients to make forward
progress. The server uses a small SQLite database for persistence
(and clients will reconnect automatically, allowing the server to
be rebooted without losing state). An optional "usage DB" tracks
historical activity for status monitoring and operational maintenance.
This repository implements the Magic-Wormhole "Transit Relay", a
server that helps clients establish bulk-data transit connections
even when both are behind NAT boxes. Each side makes a TCP connection
to this server and presents a handshake. Two connections with
identical handshakes are glued together, allowing them to pretend
they have a direct connection.
This server used to be included in the magic-wormhole repository,
but was split out into a separate repo to aid deployment and
development.
2.3.0 (June 14, 2021)
---------------------
Add -p flag to enchant.
Allow personal wordlist APIs (enchant_pwl_*) to take -1 as the length of the
word, as the enchant_dict_* APIs already allowed.
Add documentation to enchant_provider.h.
Make Aspell the default backend for English locales it supports, as it is
much quicker than Hunspell in this case and achieves slightly better
results.
Require nuspell version 4.1.0 or later.
2020-10-27: Hitch 1.7.0 released. This introduces support for PROXYv2 in --proxy-proxy mode,
adds new command line switches for various settings, and fixes a bug relating to an imbalance
in worker process load distribution, among other things. See the changelog for more information.
2020-08-31: Hitch 1.6.1 released. Fixes an issue in the PROXYv2 handling where we sometimes would
transmit the wrong 'verify' status for client certificate verification. (changelog)
v2.4.3
A bug fix for the bug fix, and a couple other bug fixes, including one security
fix for PHP sites. We think all users should upgrade after giving it a whirl in
their test environments. Please note some changes in this patch:
* In reverse_proxy, the max_idle_conns_per_host option has been removed
(both Caddyfile and JSON). This may be a breaking change for a few of you,
but it only breaks configs that relied on a bug. Instead of silently
failing, you will get an error if you continue using the property. For
Caddyfile, we basically renamed the property to
keepalive_idle_conns_per_host. In JSON, we simply removed the property, and
you should instead set keep_alive/max_idle_conns_per_host if you weren't
already. Previously, the Caddyfile subdirective set both MaxConnsPerHost
and MaxIdleConnsPerHost, which was confusing; and the JSON properties
overwrote each other, so one was removed.
* Security patch in the FastCGI transport that now sanitizes paths against
directory traversal outside the site root.
* Fix canonicalization redirects in file_server. v2.4.2 introduced a bugfix
for these redirects when used inside handle_path (i.e. rewriting
the path by stripping a prefix), but caused a regression for many other use
cases. This release includes a proper fix for all known, tested cases.
Basically: these redirects are not issued if the filename of a path was
rewritten internally.
v2.4.2
A few enhancements and bug fixes. Thanks to all who contributed to this
release!
