| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Upgrading from 2.5 to 2.6
The following changes require your full attention because a manual intervention may be needed:
The name and location of the pullnews configuration file have changed. It is now pullnews.marks, located in pathdb when pullnews is run as the news user, or otherwise in the running user's home directory. This file was previously stored in .pullnews in the running user's home directory (even for the news user). If you use pullnews, you need to manually move and rename the configuration file; otherwise, it will no longer work. Note that the -c flag passed to pullnews allows to specify another configuration file, if need be.
The default location of the mailpost database directory has changed from pathtmp to pathdb. If you use mailpost without an explicitly specified database directory (using the -b flag), then you should manually move your current database files mailpost-msgid.dir and mailpost-msgid.pag from pathtmp to pathdb.
If you have been using TLS/SSL with nnrpd before, be aware that the default value of a few inn.conf parameters have changed: the server now decides the preferred cipher (instead of the client), and only TLS protocols are allowed (using the flawed SSLv2 and SSLv3 protocols is now disabled). If you want to change these settings, the respective tlspreferserverciphers and tlsprotocols parameters can be tuned to your needs.
The --with-kerberos configure flag used to add Kerberos v5 support has been renamed to --with-krb5.
The --with-berkeleydb configure flag used to add Berkeley DB support has been renamed to --with-bdb.
The --enable-ipv6 configure flag no longer exists. IPv6 is now unconditionally enabled, if available.
$HOME is no longer exported as an environment variable by innshellvars, innshellvars.tcl and the Perl module INN::Config. It was previously overriding the default user home directory with pathnews. If you use these scripts in your own scripts, you will have to take care of that change.
Owing to the implementation of RFC 4643 (AUTHINFO USER/PASS) in innd, if remote peers have to authenticate in order to feed articles, they now have to send a username (which was previously wrongly optional), before sending their password. The mandatory username, though currently unused by innd, can be whatever the remote peer wishes. In previous versions of INN, inncheck was already complaining when passwd.nntp contained an empty username associated with a password.
A manual review of authenticated feeds should then be done so as to ensure that they are properly working.
The Injection-Date: and Injection-Info: headers are now generated by nnrpd at injection time instead of the NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To: and X-Trace: headers. Local scripts that were using (for authentication, privacy, etc.) these now deprecated headers should be updated. Also note that the Path: header of locally posted articles can also contain the contents of the deprecated NNTP-Posting-Host: field.
The two addnntppostingdate and addnntppostinghost parameters in inn.conf have been respectively renamed to addinjectiondate and addinjectionpostinghost. innupgrade takes care of the modification only for inn.conf; a manual change will therefore be needed for readers.conf, if these parameters are overridden in this file.
The default values of a few inn.conf parameters have changed to make use of the vastly expanded storage and RAM commonly available today: datamovethreshold (from 8192 to 16384), msgidcachesize (from 16000 to 64000), overcachesize (from 64 to 128), and wireformat (now enabled by default).
The generation of status reports and performance timings are now also enabled by default: logstatus and nnrpdoverstats parameters, with a frequency of 10 minutes (status and timer parameters).
The default value of max-queue-size has changed from 5 to 20, and use-mmap now defaults to true for innfeed.conf.
Changes in 2.6.1
nnrpd now uses -0000 as the time zone for Date: and Injection-Date: header fields it generates. It was previously using +0000, wrongly systematically indicating a local time zone at Universal Time when localtime is set to false (which is the default) in readers.conf. The +0000 time zone will now be used only if localtime is set to true and UTC is really the local time zone of the server.
Julien Elie has implemented in nnrpd the new COMPRESS command described in draft-murchison-nntp-compress that extends the NNTP protocol to allow a connection to be effectively and efficiently compressed. News clients that also support that extension will be able to benefit from that bandwidth optimization and improvement in speed. Moreover, using COMPRESS is more secure than TLS-level compression, as far as authentication credentials are concerned.
The default value for the tlscompression parameter in inn.conf has changed. TLS-level compression is now disabled by default, to comply with the best current practices for a secure use of TLS in application protocols like NNTP. Using the new COMPRESS command is recommended.
The tlscompression parameter in inn.conf now also permits to disable TLS-level compression with OpenSSL 0.9.8. It previously had an effect only when OpenSSL 1.0.0 or later was used.
rnews no longer segfaults at startup when started setuid news. Thanks to Marcus Jodorf for the bug report.
Fixed slow nnrpd responses for a few NNTP commands. The TCP_NODELAY option was unconditionally set whereas only BSD/OS systems needed it. Thanks to Christian Mock for having discovered that.
Articles containing a Received: or a Posted: header field are no longer rejected by nnrpd at injection time.
Articles containing control characters or whitespace-only content lines in their headers are now rejected by nnrpd at injection time.
OpenSSL 1.1.0 support has been added to INN.
When an encryption layer is negotiated during a successful use of the STARTTLS command, or after a successful authentication using a SASL mechanism that negotiates an encryption layer, nnrpd now updates the permissions of the news client according to the new secure state of his connection (that is to say auth blocks in readers.conf using the require_ssl parameter are taken into account). Previously, only connections on a dedicated port (usually 563) were taking benefit from that parameter. Thanks to Steve Crook for the bug report.
When a data integrity layer was negotiated during a successful SASL authentication, nnrpd was wrongly reseting any knowledge obtained from the client, such as the current newsgroup and article number. This behaviour now applies only when an encryption layer is negotiated.
nntpsend now correctly waits until all of the child innxmit processes exit before it does. It was causing nntpsend to fail to work properly on systems that use systemd, because when it exits prematurely, systemd kills all of the processes it launched, including the innxmit processes. Thanks to Jonathan Kamens for the patch.
Update from GNU Libtool 2.4.2 to 2.4.6.
Other minor bug fixes and documentation improvements.
Changes in 2.6.0
The NNTP protocol requires a username to be sent before a password when authentication is used. innd was wrongly allowing only a password to be sent by authenticated peers. See the note above for more details.
The Lines: header is no longer generated by nnrpd at injection time.
The Injection-Date: header is now generated by nnrpd at injection time instead of the deprecated NNTP-Posting-Date: header, when addinjectiondate is set to true. Note that addnntppostingdate has been renamed to addinjectiondate in inn.conf.
The Injection-Info: header is now generated by nnrpd at injection time instead of the deprecated NNTP-Posting-Host: (when addinjectionpostinghost is set to true), X-Complaints-To: and X-Trace: headers. Note that addnntppostinghost has been renamed to addinjectionpostinghost in inn.conf. The Path: header of locally posted articles now also contains the contents of the NNTP-Posting-Host: header.
A new addinjectionpostingaccount parameter has been added in inn.conf. When set to true, the Injection-Info: header field contains an additional posting-account attribute that mentions the username assigned to the user at connection time or after authentication. The default value for this parameter is false.
A few headers are now considered as obsolete by nnrpd at injection time: NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To:, X-Trace:, Also-Control:, Article-Names:, Article-Updates:, and See-Also: headers.
Besides, nnrpd will similarly reject obsolete sendsys, senduuname and version control messages.
The presence of a Subject: header field beginning with cmsg no longer causes an article to be interpreted as a control message by nnrpd at injection time.
nnrpd no longer differentiates IHAVE from POST. Articles injected with IHAVE are now treated as though they were injected with POST. It means that if the previous behaviour of IHAVE was expected, innd should handle itself the connection instead of nnrpd.
The name of the pullnews configuration file is now pullnews.marks located in pathdb when pullnews is run as the news user, or otherwise in the running user's home directory. It was previously stored in .pullnews in the running user's home directory (even for the news user).
Fixed a leak of semaphores when using buffindexed. Thanks to Richard Kettlewell for having fixed the issue.
Building with Libtool is no longer optional. The --enable-libtool option to configure has been removed.
DESTDIR and non-root installs are now properly supported and documented in INSTALL. The make install, make update and make cert steps properly obey DESTDIR. Besides, it is no longer a requirement that the installation step be done by the superuser, as long as the user executing the install has supplied a DESTDIR value that points to a writable directory, and the person or process performing the install corrects the file ownerships when INN is installed on the system on which it's going to run. Thanks to James Ralston for this support.
When building INN with Berkeley DB, Cyrus SASL, Kerberos v5, OpenSSL, or zlib support, no longer add standard locations to compiler and linker include flags. Such default paths are now added only if explicitly given to one or more of the --with-bdb, --with-bdb-include, --with-bdb-lib, --with-sasl, --with-sasl-include, --with-sasl-lib, --with-krb5, --with-krb5-include, --with-krb5-lib, --with-openssl, --with-openssl-include, --with-openssl-lib, --with-zlib, --with-zlib-include, or --with-zlib-lib configure flags (the flags ending with -include and -lib are new in INN 2.6.0).
If the Berkeley DB, Cyrus SASL, Kerberos v5, or OpenSSL SSL and crypto libraries are found at configure time, INN will now be built with support for them unless respectively the --without-bdb, --without-sasl, --without-krb5, or --without-openssl flags are explicitly passed to configure.
Note that it was already the default behaviour for zlib support when Berkeley DB support was also enabled.
The configure flag --enable-reduced-depends has been added to request that library probes assume shared libraries are in use and dependencies of libraries should not be probed. It therefore tries to minimize the shared library dependencies of the resulting binaries on platforms with proper shared library dependencies. This is not enabled by default, and is of interest primarily to people building packages for distributions.
Building INN with Python support now requires the use of Python 2.2.0 or later as the distutils.sysconfig module used was introduced with Python 2.2.0.
The INN test suite driver is now fully synchronized with the upstream version of the C TAP Harness package maintained by Russ Allbery. Keeping the INN test suite driver up-to-date will be possible thanks to a new getc-tap-harness script in the support directory that automatically fetches the latest upstream changes.
Similarly, the new getrra-c-util script permits to keep most of the utility and portability functions synchronized with the upstream version of the rra-c-util package maintained by Russ Allbery.
Other minor bug fixes and documentation improvements.
|
|
to 17.1.0; devel/py-automat to 0.6.0; www/py-scrapy to 1.4.0
|
|
but quite a few handy improvements nonetheless.
Scrapy now supports anonymous FTP sessions with customizable user and
password via the new :setting:`FTP_USER` and :setting:`FTP_PASSWORD` settings.
And if you're using Twisted version 17.1.0 or above, FTP is now available
with Python 3.
There's a new :meth:`response.follow <scrapy.http.TextResponse.follow>` method
for creating requests; **it is now a recommended way to create Requests
in Scrapy spiders**. This method makes it easier to write correct
spiders; ``response.follow`` has several advantages over creating
``scrapy.Request`` objects directly:
* it handles relative URLs;
* it works properly with non-ascii URLs on non-UTF8 pages;
* in addition to absolute and relative URLs it supports Selectors;
for ``<a>`` elements it can also extract their href values.
|
|
Bug fixes.
|
|
Backward-incompatible changes:
* attrs will set the __hash__() method to None by default now. The way hashes were handled before was in conflict with Python’s specification. This may break some software although this breakage is most likely just surfacing of latent bugs. You can always make attrs create the __hash__() method using @attr.s(hash=True).
* Correspondingly, attr.ib‘s hash argument is None by default too and mirrors the cmp argument as it should.
Deprecations:
* attr.assoc() is now deprecated in favor of attr.evolve() and will stop working in 2018.
Changes:
Fix default hashing behavior. Now hash mirrors the value of cmp and classes are unhashable by default.
Added attr.evolve() that, given an instance of an attrs class and field changes as keyword arguments, will instantiate a copy of the given instance with the changes applied. evolve() replaces assoc(), which is now deprecated. evolve() is significantly faster than assoc(), and requires the class have an initializer that can take the field values as keyword arguments (like attrs itself can generate).
FrozenInstanceError is now raised when trying to delete an attribute from a frozen class.
Frozen-ness of classes is now inherited.
__attrs_post_init__() is now run if validation is disabled.
Added attr.validators.in_(options) that, given the allowed options, checks whether the attribute value is in it. This can be used to check constants, enums, mappings, etc.
Added attr.validators.and_() that composes multiple validators into one.
For convenience, the validator argument of @attr.s now can take a list of validators that are wrapped using and_().
Accordingly, attr.validators.optional() now can take a list of validators too.
Validators can now be defined conveniently inline by using the attribute as a decorator. Check out the examples to see it in action!
attr.Factory() now has a takes_self argument that makes the initializer to pass the partially initialized instance into the factory. In other words you can define attribute defaults based on other attributes.
Default factories can now also be defined inline using decorators. They are always passed the partially initialized instance.
Conversion can now be made optional using attr.converters.optional().
attr.make_class() now accepts the keyword argument bases which allows for subclassing.
Metaclasses are now preserved with slots=True.
|
|
* Add :meth:`~parsel.selector.SelectorList.get` and :meth:`~parsel.selector.SelectorList.getall`
methods as aliases for :meth:`~parsel.selector.SelectorList.extract_first`
and :meth:`~parsel.selector.SelectorList.extract` respectively
* Add default value parameter to :meth:`~parsel.selector.SelectorList.re_first` method
* Add :meth:`~parsel.selector.Selector.re_first` method to :class:`parsel.selector.Selector` class
* Bug fix: detect ``None`` result from lxml parsing and fallback with an empty document
* Rearrange XML/HTML examples in the selectors usage docs
|
|
This is feature release, expanding the capabilities of the decimals strategy.
* The new (optional) places argument allows you to generate decimals with a certain number of places (e.g. cents, thousandths, satoshis).
* If allow_infinity is None, setting min_bound no longer excludes positive infinity and setting max_value no longer excludes negative infinity.
* All of NaN, -Nan, sNaN, and -sNaN may now be drawn if allow_nan is True, or if allow_nan is None and min_value or max_value is None.
* min_value and max_value may be given as decimal strings, e.g. "1.234".
|
|
|
|
Included ucspi-ssl-0.70_ucspitls-0.6.patch (STARTTLS support)
originally designed and provided by Scott Gifford (FEH).
Added Certchain support for sslserver and sslclient (FEH).
Integration and added man-pages (FEH).
Synced with ucspi-tcp6-0.95.
Fixed integration bug in ssl_very.c.
Included patches from Peter Conrad.
Bug fix in sslserver. Several small
corrections.
Fix for large X509 serial numbers on x86 (tx. Peter Conrad).
SAN DNSname has precedence over CN in subject.
Re-edited man pages and rts tests.
Added IPv6 support (tx. to Felix von Leitner and Brandon Turner).
UI: Changed sslserver client cert call from '-i/-I' to '-z/-Z'
for compatibility reasons.
Added '-4/-6' support for client scripts.
Added output environment variables TCP6* for sslserver.
sslperl, sslhandle, and sslprint are not IPv6 ready yet.
Added IPv6 capabilities to sslhandle, sslprint, sslperl.
Changed verification of X.509 certs.
Removed obsolete socket_4 calls in sslserver.
Streamlined code with ucspi-tcp6-1.00.
Supplied new certs with customized SAN.
Make rts working (at least some how).
Added support for personalized client certs.
New option '-m' in sslserver, complementing '-z'.
CCAFILE='-' disables client cert request.
Added verbose log output for SSL connection informations.
Fixed wrongly nested CONNECT error code for sslclient.c
producing wrong warning messages while connecting to
an IPv4 address.
Added call of '-ldl' in ssl.lib.
Mitigation of SSL connection hanging during
coincident change of daylight-saving settings.
Fixed bug in sslserver's dnsip lookup in case of paranoid settings
and additonal existance of IPv6 AAAA records for incoming IPv4 connection.
Serveral fixes from 'troy@' included to cope with compiler errors and
to solve a bug in function getbitasaddress in ip4_bit.c (= ucspi-tcp6-1.02).
Reordered conf-* variables in main dir to allow easier generation of
packages (i.e. RPM). Fixed script to identify different HW architecture
and OS. This version works in 32 bit mode on Raspian Linux / RasPi 7.
Added ECDH capabilites (tx to Frank Bergmann for the patches).
Added compatibility with LibreSSL.
Fixed missing negative return call treatment from 'poll' (tx Frank Bergmann).
Tentative 'emake' fix for Gentoo build.
Added OpenSSL 1.1 tweaks -- works under Debian (9) 'Stretch'.
|
|
|
|
* New upstream release:
* merged Makefile patch
* update standards version, no change
* Remove pre-compiled .pyc for bzr plugin from Debian package,
and add python:Depends to Depends so that dh_python2 will install
maintainer script snippets. Unfortunately, this adds a completely
unnecessary dependency on python, which etckeeper does not need in
normal operation.
* Make etckeeper commit store metadata changes. The pre-commit
hook has always (and continues) to do that, but pre-commit is only
run when there are changes to tommit. This makes metadata-only
changes get committed.
* Move systemd files to /lib/systemd; /usr/lib/systemd is not used
on Debian.
* Optimised find for special and hard linked files.
Thanks, Rike-Benjamin Schuppner.
* Adjust when Pacman 5 calls etckeeper hooks.
Thanks, Tilman Blumenbach and Christian Hesse.
* Only run Pacman hooks when files in /etc have changed.
Thanks, Christian Hesse.
* Added systemd timer that can run etckeeper 10 minutes after boot, and also
daily. It's not enabled by default, partly because of overlap with the
cron job.
Thanks, Christian Hesse.
* Added support for pacmatic, contributed by nicolaichuk.
* bzr: make sure EMAIL is defined
Thanks, Serge E. Hallyn
* Fix Makefile version patterns to ignore non-native version number
(Antoine Beaupré)
* Support ~/.config/git/config when determining the author name and email.
Thanks, Richard Savio
* Added support for Arch's pacman package manager version 5.
Thanks, Tilman Blumenbach.
* Set HOME if it's not set, as is the case when using ubuntu's
update-manager.
* Move bash completion out of etc and into usr.
* Prepare upload to Debian unstable
* Fix Makefile version patterns to ignore non-native version number
* Fix lintian warnings:
* remove .pyc files on build
* install bash completions in standard location
* ignore missing debian/config file, we ask only on purge on purpose
* ignore full path for /usr/bin/etckeeper, we use it to stash it for
later
* Update to standards 3.9.6, no change
* Remove obsolete XS-Python-Version field
* Run debconf-updatepo, outdating a bunch of translations
* Use getent utility instead of perl. (Elan Ruusamäe)
* Initial FreeBSD support with pkgng plugin. (William Johansson)
* Fix README.md symlink in package (Sebastian Schmidt, Antoine Beaupré,
closes: #791566)
* Fix typo of GIT_COMMITTER_EMAIL.
* Update git URL in control file.
* Send yum pre-commit output to /dev/null
Thanks, Andrew Colin Kissa
* Set LANG=C internally when doing some operations that have
been reported to fail in other locales.
* Fix name of DNF plugin.
* Add --version
Thanks Andreas Wansner.
* New website, http://etckeeper.branchable.com/
* Add build-depends on dh-python.
* Added support for Fedora's DNF highlevel package manager.
Thanks, Peter Listiak and Petr Spacek.
* Add architecture info to dpkg list-installed. Closes: #768145
* Orphaned the Debian package.
|
|
|
|
fixes DoSses: CVE-2017-7478 CVE-2017-7479
fixes PR pkg/52044
relevant excerpt of ChangeLog:
OpenVPN Change Log
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
2017.05.11 -- Version 2.3.15
David Sommerseth (5):
dev-tools: Added script for updating copyright years in files
Update copyrights
docs: Further improve --reneg-bytes and SWEET32 information
git: Merge .gitignore files into a single file
Make --cipher/--auth none more explicit on the risks
Gert Doering (1):
Document --proto udp6, tcp6, etc.
Julien Muchembled (1):
Fix implicit declarations when HAVE_OPENSSL_ENGINE is unset
Steffan Karger (6):
Add missing includes in error.h
cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
Document that OpenVPN 2.3 does not check the CRL signature
Introduce and use secure_memzero() to erase secrets
Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)
Don't assert out on receiving too-large control packets (CVE-2017-7478)
2016.12.06 -- Version 2.3.14
Christian Hesse (1):
update year in copyright message
David Sommerseth (1):
Document the --auth-token option
Gert Doering (2):
Repair topology subnet on FreeBSD 11
Repair topology subnet on OpenBSD
Lev Stipakov (1):
Drop recursively routed packets
Selva Nair (4):
Support --block-outside-dns on multiple tunnels
When parsing '--setenv opt xx ..' make sure a third parameter is present
Map restart signals from event loop to SIGTERM during exit-notification wait
Correctly state the default dhcp server address in man page
Steffan Karger (1):
Clean up format_hex_ex()
2016.11.02 -- Version 2.3.13
Arne Schwabe (2):
Use AES ciphers in our sample configuration files and add a few modern 2.4 examples
Incorporate the Debian typo fixes where appropriate and make show_opt default message clearer
David Sommerseth (4):
t_client.sh: Make OpenVPN write PID file to avoid various sudo issues
t_client.sh: Add support for Kerberos/ksu
t_client.sh: Improve detection if the OpenVPN process did start during tests
t_client.sh: Add prepare/cleanup possibilties for each test case
Gert Doering (5):
Do not abort t_client run if OpenVPN instance does not start.
Fix t_client runs on OpenSolaris
make t_client robust against sudoers misconfiguration
add POSTINIT_CMD_suf to t_client.sh and sample config
Fix --multihome for IPv6 on 64bit BSD systems.
Ilya Shipitsin (1):
skip t_lpback.sh and t_cltsrv.sh if openvpn configured --disable-crypto
Lev Stipakov (2):
Exclude peer-id from pulled options digest
Fix compilation in pedantic mode
Samuli Seppänen (1):
Automatically cache expected IPs for t_client.sh on the first run
Steffan Karger (6):
Fix unittests for out-of-source builds
Make gnu89 support explicit
cleanup: remove code duplication in msg_test()
Update cipher-related man page text
Limit --reneg-bytes to 64MB when using small block ciphers
Add a revoked cert to the sample keys
2016.08.23 -- Version 2.3.12
Arne Schwabe (2):
Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it.
Move ASSERT so external-key with OpenSSL works again
David Sommerseth (3):
Only build and run cmocka unit tests if its submodule is initialized
Another fix related to unit test framework
Remove NOP function and callers
Dorian Harmans (1):
Add CHACHA20-POLY1305 ciphersuite IANA name translations.
Ivo Manca (1):
Plug memory leak in mbedTLS backend
Jeffrey Cutter (1):
Update contrib/pull-resolv-conf/client.up for no DOMAIN
Jens Neuhalfen (2):
Add unit testing support via cmocka
Add a test for auth-pam searchandreplace
Josh Cepek (1):
Push an IPv6 CIDR mask used by the server, not the pool's size
Leon Klingele (1):
Add link to bug tracker
Samuli Seppänen (2):
Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes
Clarify the fact that build instructions in README are for release tarballs
Selva Nair (4):
Make error non-fatal while deleting address using netsh
Make block-outside-dns work with persist-tun
Ignore SIGUSR1/SIGHUP during exit notification
Promptly close the netcmd_semaphore handle after use
Steffan Karger (4):
Fix polarssl / mbedtls builds
Don't limit max incoming message size based on c2->frame
Fix '--cipher none --cipher' crash
Discourage using 64-bit block ciphers
|
|
|
|
|
|
|
|
work for glob expressions, so multiple generic patterns would not be
reduced.
|
|
|
|
|
|
|
|
|
|
Pkgsrc changes:
Adapt PLIST.
Upstream changes:
1.18.2 2017-02-20
[Bug] #895: Fix a bug in server-mode concerning multiple interactive
auth steps (which were incorrectly responded to). Thanks to Dennis
Kaarsemaker for catch & patch.
[Bug] #713: (via #714 and #889) Don't pass initialization vectors
to PyCrypto when dealing with counter-mode ciphers; newer PyCrypto
versions throw an exception otherwise (older ones simply ignored
this parameter altogether). Thanks to @jmh045000 for report &
patches.
[Bug] #44: (via #891) SSHClient now gives its internal Transport
a handle on itself, preventing garbage collection of the client
until the session is closed. Without this, some code which returns
stream or transport objects without the client that generated
them, would result in premature session closure when the client
was GCd. Credit: @w31rd0 for original report, Omer Anson for the
patch.
[Bug] #862: (via #863) Avoid test suite exceptions on platforms
lacking errno.ETIME (which seems to be some FreeBSD and some
Windows environments.) Thanks to Sofian Brabez.
[Bug] #853: Tweak how RSAKey.__str__ behaves so it doesn't
cause TypeError under Python 3. Thanks to Francisco Couzo for
the report.
[Support] #866: (also #838) Remove an old test-related file we
don't support, and add PyPy to Travis-CI config. Thanks to
Pierce Lopez for the final patch and Pedro Rodrigues for an
earlier edition.
1.18.1 2016-12-12
[Bug] #859: (via #860) A tweak to the original patch implementing
#398 was not fully applied, causing calls to invoke_shell to
fail with AttributeError. This has been fixed. Patch credit:
Kirk Byers.
1.18.0 2016-12-09
[Feature] #398: Add an environment dict argument to
Client.exec_command (plus the lower level Channel.update_environment
and Channel.set_environment_variable methods) which implements
the env SSH message type. This means the remote shell environment
can be set without the use of VARNAME=value shell tricks,
provided the server's AcceptEnv lists the variables you need
to set. Thanks to Philip Lorenz for the pull request.
[Feature] #780: (also #779, and may help users affected by
#520) Add an optional timeout parameter to Transport.start_client
(and feed it the value of the configured connection timeout
when used within SSHClient.) This helps prevent situations
where network connectivity isn't timing out, but the remote
server is otherwise unable to service the connection in a timely
manner. Credit to @sanseihappa.
[Support] #819: Document how lacking gmp headers at install
time can cause a significant performance hit if you build
PyCrypto from source. (Most system-distributed packages already
have this enabled.)
[Support] #854: Fix incorrect docstring/param-list for
Transport.auth_gssapi_keyex so it matches the real signature.
Caught by @Score_Under.
[Support] #792: Minor updates to the README and demos; thanks to Alan Yee.
[Support] #801: Skip a Unix-only test when on Windows; thanks to Gabi Davar.
For pre-1.18.0 changes, see
http://www.paramiko.org/changelog.html
|
|
|
|
|
|
|
|
|
|
The package offers support for drawing tree diagrams, and is especially
suitable for linguistics use. It allows trees to be specified in a simple
bracket notation, automatically calculates branch sizes, and supports
both DVI/PostScript and PDF output by use of pict2e facilities.
|
|
|
|
|
|
- NEW: type coercion (#55)
- FIX: quotes in quotes and double quotes at begin of string (#47)
- FIX: catch null value in assignmen (#46)
- NEW: support for key:=file.json for reading object values from a file (#43)
- NEW: PPA contributed by Ross Duggan in #32
- FIX: "null" is now handled like we handle "true" and "false"; disable with -B
- NEW: more tests in the test suite
|
|
|
|
Fix incorrect output for some types of FAR or SEG references in the obj output format, and possibly other 16-bit output formats.
Fix the address in the list file for an instruction containing a TIMES directive.
Fix error with TIMES used together with an instruction which can vary in size, e.g. JMP.
Fix breakage on some uses of the DZ pseudo-op.
|
|
The 5.6.5 release was mostly a maintenance release. The release included two CVE fixes.
The first, CVE-2016-7420, was a procedural finding due to external build systems failing to define NDEBUG for release builds. The gap was the project's failure to tell users to define NDEBUG. The second, CVE-2016-7544, was a potential memory corruption on Windows platforms when using Microsoft compilers due to use of _malloca and _freea.
Due to CVE-2016-7420 and the possibility for an unwanted assert to egress data, users and distros are encouraged to recompile the library and all dependent programs.
|
|
|
|
* Recommend cron-daemon, rather than cron, as etckeeper only needs
cron.daily functionality. Closes: #762721
* Handle failure to commit in post-install, pre-install by showing a
warning, rather than propigating the error to apt.
This avoids breaking the apt run when eg, git is misconfigured and
cannot commit.
pre-install already did this when it was able to use debconf to display a
message, but now debconf is not used, and it always behaves this way.
Closes: #760011
* Ignore check-mk-agent-logwatch's FHS violating
/etc/check_mk/logwatch.state. Closes: #753903
* Only allow [-a-z_] in etckeeper commands to avoid any possible directory
traversal etc issues.
* update-ignore, uninit: Fix parsing of ignore files containing '\'
* Portability fixes. Thanks, Harald Dunkel.
* Add support for pushing to multiple remote repositories.
Thanks, Rouben.
* Fix handling of git ignores like dir/*
Thanks, Pim van den Berg
* Fix too broad matching of .gitignored files.
Closes: #732339
* Remove lvm/backup from default ignores, because lvm
documentation recommends backing that up, for use by
vgcfgrestore.
* Fix exporting of some git variables. Closes: #728583
* Fix git update-ignore syntax. Closes: #721873
* Avoid listing .gitignored files in .etckeeper file. Closes: #607665
Thanks, Zdenek Crha
* Fix hilarious typo hardcoding my name. Closes: #718425
* Guard git config calls. Closes: #717957
* Quote user and group names, in case one contains a space.
* Added support for the pacman package manager.
(Thanks, Tiago Stürmer Daitx)
* Use user.name and user.email from the .gitconfig file belonging to the
user who sued or sudoed to root, in preference to making up values for
that user.
* cron.daily: Fix typo in stale lockfile handling code.
Closes: #717908
* Deal with unix^wlinux portability nonsense.
|
|
|
|
* Add assertion that double-wide CAS target is aligned (msftc/x86[_64])
* Add configure --enable-gcov option (enable code coverage analysis)
* Code refactoring of gcc/powerpc.h to avoid code duplication
* Eliminate 'cast to long from void*' compiler warning in test_atomic
* Eliminate 'implicit declaration of close' warning in 'strict ANSI' mode
* Eliminate 'missing braces around initializer' gcc warning (hppa)
* Eliminate 'printf format specifies type void*' GCC pedantic warnings
* Eliminate 'value shift followed by expansion' false code defect warning
* Enable limited testing in Makefile.msft without Cygwin
* Fix (delete) comment for AO_and_full (x86)
* Fix block_all_signals compilation in 'strict ANSI' mode
* Fix missing .exe for test filenames in Makefile (MinGW)
* Fix missing printed value names (test_stack)
* Implement fetch-CAS for s390[x] (gcc)
* Move libraries version info to the beginning of Makefile.am
* Refine documentation in Makefile.msft how to run all tests (MS VC)
* Refine README about library downloading
* Rename doc/README.txt to doc/README_details.txt
* Support AIX/ppc (gcc)
* Support CFLAGS_EXTRA to pass extra user-defined compiler flags (make)
* Support n32 ABI for mips64
* Update shared libraries version info for 7.4.6+ (to 1:4:0)
* Use 'inline code' format for commands in README.md
* Use LLD and SCD instructions on mips64
* Workaround 'resource leak' false positives in AO_malloc, add_elements
* Workaround 'uninitialized memory use' MemorySanitizer warning (test_atomic)
Also, includes 7.2h changes
|
|
to 1.6.1. Added textproc/py-sphinxcontrib-websupport version 1.0.1
|
|
=====================================
Dependencies
------------
1.6b1
* (updated) latex output is tested with Ubuntu trusty's texlive packages (Feb.
2014) and earlier tex installations may not be fully compliant, particularly
regarding Unicode engines xelatex and lualatex
* (added) latexmk is required for ``make latexpdf`` on Unix-like platforms
Incompatible changes
--------------------
1.6b1
* 1061, 2336, 3235: Now generation of autosummary doesn't contain imported
members by default. Thanks to Luc Saffre.
* LaTeX ``\includegraphics`` command isn't overloaded: only ``\sphinxincludegraphics``
has the custom code to fit image to available width if oversized.
* The subclasses of ``sphinx.domains.Index`` should override ``generate()``
method. The default implementation raises NotImplementedError
* LaTeX positioned long tables horizontally centered, and short ones
flushed left (no text flow around table.) The position now defaults to center in
both cases, and it will obey Docutils 0.13 ``:align:`` option (refs 3415, 3377)
* option directive also allows all punctuations for the option name (refs: 3366)
* 3413: if :rst:dir:`literalinclude`'s ``:start-after:`` is used, make ``:lines:``
relative (refs 3412)
* ``literalinclude`` directive does not allow the combination of ``:diff:``
option and other options (refs: 3416)
* LuaLaTeX engine uses ``fontspec`` like XeLaTeX. It is advised ``latex_engine
= 'lualatex'`` be used only on up-to-date TeX installs (refs 3070, 3466)
* :confval:`latex_keep_old_macro_names` default value has been changed from
``True`` to ``False``. This means that some LaTeX macros for styling are
by default defined only with ``\sphinx..`` prefixed names. (refs: 3429)
* Footer "Continued on next page" of LaTeX longtable's now not framed (refs: 3497)
* 3529: The arguments of ``BuildEnvironment.__init__`` is changed
* 3082: Use latexmk for pdf (and dvi) targets (Unix-like platforms only)
* 3558: Emit warnings if footnotes and citations are not referenced. The
warnings can be suppressed by ``suppress_warnings``.
* latex made available (non documented) colour macros from a file distributed
with pdftex engine for Plain TeX. This is removed in order to provide better
support for multiple TeX engines. Only interface from ``color`` or
``xcolor`` packages should be used by extensions of Sphinx latex writer.
|
|
documentation into your Web application.
|
|
|
|
|
|
Snort 2.9 introduces the DAQ, or Data Acquisition library, for packet I/O. The
DAQ replaces direct calls to libpcap functions with an abstraction layer that
facilitates operation on a variety of hardware and software interfaces without
requiring changes to Snort. It is possible to select the DAQ type and mode
when invoking Snort to perform pcap readback or inline operation, etc. The
DAQ library may be useful for other packet processing applications and the
modular nature allows you to build new modules for other platforms.
|
|
Fixes a bug where a recently added module was not added to setup.py.
|
|
Here are major changes since 2.4:
* we've moved to github!
* Bryan Chan has contributed s390x support
* stacktrace capturing via libgcc's _Unwind_Backtrace was implemented
(for architectures with missing or broken libunwind).
* "emergency malloc" was implemented. Which unbreaks recursive calls
to malloc/free from stacktrace capturing functions (such us glib'c
backtrace() or libunwind on arm). It is enabled by
--enable-emergency-malloc configure flag or by default on arm when
--enable-stacktrace-via-backtrace is given. It is another fix for a
number common issues people had on platforms with missing or broken
libunwind.
* C++14 sized-deallocation is now supported (on gcc 5 and recent
clangs). It is off by default and can be enabled at configure time
via --enable-sized-delete. On GNU/Linux it can also be enabled at
run-time by either TCMALLOC_ENABLE_SIZED_DELETE environment variable
or by defining tcmalloc_sized_delete_enabled function which should
return 1 to enable it.
* we've lowered default value of transfer batch size to 512. Previous
value (bumped up in 2.1) was too high and caused performance
regression for some users. 512 should still give us performance
boost for workloads that need higher transfer batch size while not
penalizing other workloads too much.
* Brian Silverman's patch finally stopped arming profiling timer
unless profiling is started.
* Andrew Morrow has contributed support for obtaining cache size of the
current thread and softer idling (for use in MongoDB).
* we've implemented few minor performance improvements, particularly
on malloc fast-path.
|
|
|
|
Just minor bugfixes, see release notes:
https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES
|
|
|
|
This package contains the Apache Kafka input/output modules.
|
|
Version 8.27.0 [v8-stable] 2017-05-16
- imkafka: add module
- imptcp enhancements:
* optionally emit an error message if incoming messages are truncated
* optionally emit connection tracking message (on connection create and
close)
* add "maxFrameSize" parameter to specify the maximum size permitted
in octet-counted mode
* add parameter "discardTruncatedMsg" to permit truncation of
oversize messages
* improve octect-counted mode detection: if the octet count is larger
then the set frame size (or overly large in general), it is now
assumed that octet-stuffing mode is used. This probably solves a
number of issues seen in real deployments.
- imtcp enhancements:
* add parameter "discardTruncatedMsg" to permit truncation of
oversize messages
* add "maxFrameSize" parameter to specify the maximum size permitted
in octet-counted mode
- imfile bugfix: "file not found error" repeatedly being reported
for configured non-existing file.
- imfile: in inotify mode, add error message if configured file cannot
be found
- imfile: add parameter "fileNotFoundError" to optinally disable
"file not found" error messages
- core: replaced gethostbyname() with getaddrinfo() call
- omkafka: add "origin" field to stats output
- imuxsock: rate-limiting also uses process name
both for the actual limit procesing as well as warning messages emitted
- Added new module: KSI log signing ver. 1.2 (lmsig_ksi_ls12)
- rsylsog base functionality now builds on osx (Mac)
- build now works on solaris again
- imfile: fix cross-platform build issue
- bugfix core: segfault when no parser could parse message
- bugfix core: rate-limit internal messages when going to external log system
- bugfix core: when obtaining local hostname, a NULL pointer could be
accessed.
- bugfix core: on shutdown, stderr was written to, even if alrady closed
- bugfix core: perform MainqObj destruction only when not NULL already
- bugfix core: memory leak when internal messages not processed internally
- bugfix imptcp: potential overflow in octet count computation
when a very large octet count was specified, the counter could overflow
|
