| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
0.9.2:
Unknown changes
|
|
# 2020-05-05 Version 2.1.0
Important notes:
* fix multiple CVEs: CVE-2020-11039, CVE-2020-11038, CVE-2020-11043, CVE-2020-11040, CVE-2020-11041,
CVE-2020-11019, CVE-2020-11017, CVE-2020-11018
* fix multiple leak and crash issues (#6129, #6128, #6127, #6110, #6081, #6077)
Noteworthy features and improvements:
* Fixed sound issues (#6043)
* New expert command line options /tune and /tune-list to modify all client
settings in a generic way.
* Fixes for smartcard cache, this improves compatibility of smartcard devices
with newer smartcard channel.
* Shadow server can now be instructed to listen to multiple interfaces.
* Improved server certificate support (#6052)
* Various fixes for wayland client (fullscreen, mouse wheel, ...)
* Fixed large mouse pointer support, now mouse pointers > 96x96 pixel are visible.
* USB redirection command line improvements (filter options)
* Various translation improvements for android and ios clients
For a complete and detailed change log since the last release candidate run:
git log 2.0.0..2.1.0
# 2020-04-09 Version 2.0.0
Important notes:
* fix multiple CVEs: CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526
* fix multiple other security related issues (#6005, #6006, #6007, #6008, #6009, #6010, #6011, #6012, #6013)
* sha256 is now used instead of sha1 to fingerprint certificates. This will
invalidate all hosts in FreeRDP known_hosts2 file and causes a prompt if a
new connection is established after the update
Noteworthy features and improvements:
* First version of the RDP proxy was added (#5372) - thanks to @kubistika
* Smartcard received some refactoring. Missing functions were added and input
validation was improved (#5884)
* A new option /cert that unifies all certificate related options (#5880)
The old options (cert-ignore, cert-deny, cert-name, cert-tofu) are still
available but marked as deprecated
* Support for Remote Assistance Protocol Version 2 [MS-RA]
* The DirectFB client was removed because it was unmaintained
* Unified initialization of OrderSupport
* Fix for licensing against Windows Server 2003
* Font smoothing is now enabled per default
* Flatpack support was added
* Smart scaling for Wayland using libcairo was added (#5215)
* Unified update->BeginPaint and update->EndPaint
* An image scaling API for software drawing was added
* Rail was updated to the latest spec version 28.0
* Support for H.264 in the shadow server is now detected at runtime
* Add mask=<value> option for /gfx and /gfx-h264 (#5771)
* Code reformatting (#5667)
* A new option /timeout was added to adjust the TCP ACK timeout (#5987)
For a complete and detailed change log since the last release candidate run:
git log 2.0.0-rc4..2.0.0
|
|
This is probably the most important of the Samba man pages, and it
should not have been excluded from the build without a detailed
explanation, "just to make the pkg build".
|
|
|
|
Update bind914 to 9.14.12 (BIND 9.14.12).
Note from release announce:
BIND 9.14.12 is the final planned release in the now End-of-Life (EOL)
9.14 branch.
--- 9.14.12 released ---
5395. [security] Further limit the number of queries that can be
triggered from a request. Root and TLD servers
are no longer exempt from max-recursion-queries.
Fetches for missing name server address records
are limited to 4 for any domain. (CVE-2020-8616)
[GL #1388]
5390. [security] Replaying a TSIG BADTIME response as a request could
trigger an assertion failure. (CVE-2020-8617)
[GL #1703]
5376. [bug] Fix ineffective DNS rebinding protection when BIND is
configured as a forwarding DNS server. Thanks to Tobias
Klein. [GL #1574]
5358. [bug] Inline master zones whose master files were touched
but otherwise unchanged and were subsequently reloaded
may have stopped re-signing. [GL !3135]
5357. [bug] Newly added RRSIG records with expiry times before
the previous earliest expiry times might not be
re-signed in time. This was a side effect of 5315.
[GL !3137]
|
|
Update bind911 to 9.11.19 (BIND 9.11.19).
--- 9.11.19 released ---
5404. [bug] 'named-checkconf -z' could incorrectly indicate
success if errors were found in one view but not in a
subsequent one. [GL #1807]
5398. [bug] Named could fail to restart if a zone with a double
quote (") in its name was added with 'rndc addzone'.
[GL #1695]
5395. [security] Further limit the number of queries that can be
triggered from a request. Root and TLD servers
are no longer exempt from max-recursion-queries.
Fetches for missing name server address records
are limited to 4 for any domain. (CVE-2020-8616)
[GL #1388]
5394. [cleanup] Named formerly attempted to change the effective UID and
GID in named_os_openfile(), which could trigger a
spurious log message if they were already set to the
desired values. This has been fixed. [GL #1042]
[GL #1090]
5390. [security] Replaying a TSIG BADTIME response as a request could
trigger an assertion failure. (CVE-2020-8617)
[GL #1703]
5387. [func] Warn about AXFR streams with inconsistent message IDs.
[GL #1674]
|
|
Pkgsrc changes:
* None.
Upstream changes:
This release fixes CVE-2020-12662 and CVE-2020-12663.
Bug Fixes:
- CVE-2020-12662 Unbound can be tricked into amplifying an incoming
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
used to make Unbound unresponsive.
|
|
####################### V 1.7.3.4:
Corrections:
Header of xiotermios_speed() declared parameter unsigned int instead of
speed_t, thus compiling failed on MacOS
Thanks to Joe Strout and others for reporting this bug.
Thanks to Andrew Childs and others for sending a patch.
Under certain circumstances, termios options of the first address were
applied to the second address, resulting in error
"Inappropriate ioctl for device"
This affected version 1.7.3.3 only.
Test: TERMIOS_PH_ALL
Thanks to Ivan J. for reporting this issue.
Socat failed to compile when no poll() system call was found by
configure.
Thanks to Jason White for sending a patch.
Due to use of SSL_CTX_clear_mode() Socat failed to compile on old
systems with, e.g., OpenSSL-0.9.8. Thanks to Simon Matter and Moritz B.
for reporting this problem and sending initial patches.
getaddrinfo() in IP4-SENDTO and IP6-SENDTO addresses failed with
"ai_socktype not supported" when protocol 6 was addressed.
The fix removes the possibility to use service names with SCTP.
Test: IP_SENDTO_6
Thanks to Sören for sending an initial patch.
Under certain circumstances, Socat printed the "socket ... is at EOF"
multiple times.
Test: MULTIPLE_EOF
Newer parts of test.sh used substitutions ${x,,*} or ${x^^*} that are
not implemented in older bash versions.
|
|
|
|
|
|
|
|
The "random" provider allows the use of randomness within Terraform
configurations. This is a logical provider, which means that it works entirely
within Terraform's logic, and doesn't interact with any other services.
|
|
The Local provider is used to manage local resources, such as files.
|
|
v2.62.0
FEATURES:
New Resource: aws_workspaces_workspace
ENHANCEMENTS:
resource/aws_appsync_resolver: Add cache_config configuration block
resource/aws_codebuild_project: Support git_submodules_config with GITHUB and GITHUB_ENTERPRISE source types
resource/aws_codebuild_project: Support SECRETS_MANAGER environment variable type
resource/aws_datasync_task: Support ONLY_FILES_TRANSFERRED value in verify_mode argument
resource/aws_iot_topic_rule: Add dynamodbv2 configuration block
resource/aws_iot_topic_rule: Add iot_analytics configuration block
resource/aws_iot_topic_rule: Add iot_events configuration block
resource/aws_iot_topic_rule: Add operation argument to dynamodb configuration block
resource/aws_iot_topic_rule: Add qos argument republish configuration block
BUG FIXES:
resource/aws_codebuild_project: Allow empty value ("") environment variables
resource/aws_security_group_rule: Prevent recreation when source_security_group_id refers to a security group across accounts
v2.61.0
FEATURES:
New Data Source: aws_ec2_coip_pool
New Data Source: aws_ec2_coip_pools
New Data Source: aws_ec2_local_gateway
New Data Source: aws_ec2_local_gateways
New Data Source: aws_ec2_local_gateway_route_table
New Data Source: aws_ec2_local_gateway_route_tables
New Resource: aws_ec2_transit_gateway_peering_attachment_accepter
ENHANCEMENTS:
data-source/aws_ebs_volume: Add multi_attach_enabled attribute
data-source/aws_efs_file_system: Add size_in_bytes attribute
data-source/aws_eip: Add customer_owned_ip and customer_owned_ipv4_pool attributes
data-source/aws_launch_template: add partition_number attribute
resource/aws_api_gateway_deployment: Add triggers argument
resource/aws_apigatewayv2_deployment: Add triggers argument
resource/aws_ebs_volume: Add multi_attach_enabled attribute
resource/aws_eip: Add customer_owned_ip attribute and customer_owned_ipv4_pool argument
resource/aws_glue_connection: Support KAFKA for connection_type argument
resource/aws_launch_template: add partition_number attribute
resource/aws_launch_template: add plan time validation to volume_type, spot_instance_type, ipv6_addresses, ipv4_addresses, private_ip_address`
resource/aws_workspaces_directory: Add output attributes for workspace_security_group_id, iam_role_id, registration_code, directory_name, directory_type, customer_user_name, alias, ip_group_ids and dns_ip_addresses
BUG FIXES:
resource/aws_workspaces_directory: Fixes error when removing tags
v2.60.0
NOTES:
provider: Region validation now automatically supports the new eu-south-1 (Europe (Milan)) region. For AWS operations to work in the new region, the region must be explicitly enabled as outlined in the AWS Documentation. When the region is not enabled, the Terraform AWS Provider will return errors during credential validation (e.g. error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid) or AWS operations will throw their own errors (e.g. data.aws_availability_zones.current: Error fetching Availability Zones: AuthFailure: AWS was not able to validate the provided access credentials).
provider: Ignore tags functionality across all data sources and resources (except aws_autoscaling_group) via the provider-level ignore_tags configuration block has been enabled and this functionality is no longer considered in preview.
FEATURES:
New Data Source: aws_backup_plan
New Data Source: aws_backup_selection
New Data Source: aws_backup_vault
New Data Source: aws_ec2_transit_gateway_peering_attachment
New Resource: aws_ec2_transit_gateway_peering_attachment
New Resource: aws_guardduty_organization_admin_account
New Resource: aws_guardduty_organization_configuration
ENHANCEMENTS:
data-source/aws_cloudtrail_service_account: Support eu-south-1 region
data-source/aws_ebs_volume: Add outpost_arn attribute
data-source/aws_elastic_beanstalk_hosted_zone: Support eu-south-1 region
data-source/aws_elb_hosted_zone_id: Add us-gov-east-1 and us-gov-west-1 region values
data-source/aws_elb_hosted_zone_id: Support eu-south-1 region
data-source/aws_elb_service_account: Support eu-south-1 region
data-source/aws_instance: Add outpost_arn attribute
data-source/aws_network_interface: Add outpost_arn attribute
data-source/aws_s3_bucket: Support eu-south-1 region for hosted_zone_id attribute
data-source/aws_subnet: Add outposts_arn attribute
provider: Support automatic region validation for eu-south-1
provider: Implement ignore tags functionality across all data sources and resources (except aws_autoscaling_group)
resource/aws_api_gateway_stage: Ignore NotFoundException error on destroy
resource/aws_db_snapshot: Support import
resource/aws_default_route_table: Add plan-time validation to cidr_block and ipv6_cidr_block arguments
resource/aws_default_route_table: Support import
resource/aws_dms_endpoint: Add kafka_settings configuration block and kafka to engine_name argument validation
resource/aws_ebs_volume: Add outpost_arn argument
resource/aws_elasticsearch_domain: Support customizable update timeout
resource/aws_glue_connection: Support MONGODB for connection_type argument
resource/aws_key_pair: Support tag-on-create
resource/aws_instance: Add outpost_arn attribute
resource/aws_mq_broker: Support import
resource/aws_network_interface: Add outpost_arn attribute
resource/aws_placement_group: Support tag-on-create
resource/aws_route_table: Add plan-time validation to cidr_block and ipv6_cidr_block arguments
resource/aws_route53_health_check: Support plan-time validation for reference_name argument
resource/aws_s3_bucket: Support eu-south-1 region for hosted_zone_id attribute
resource/aws_spot_fleet_request: Add launch_template_config configuration block (Support EC2 Launch Templates)
resource/aws_spot_fleet_request: Support import
resource/aws_storagegateway_gateway: Add gateway_vpc_endpoint argument
resource/aws_storagegateway_smb_file_share: Add path attribute
resource/aws_subnet: Add outposts_arn argument
resource/aws_wafregional_xss_match_set: Add plan-time validation for xss_match_tuple configuration block arguments
BUG FIXES:
data-source/aws_api_gateway_rest_api: Prevent error with VPC Endpoint configured APIs
resource/aws_appautoscaling_scheduled_action: Prevent error on refresh with multiple resources using the same scheduled action name
resource/aws_batch_job_queue: Prevent panic when ComputeEnvironmentOrder is updated outside Terraform
resource/aws_default_route_table: Proper tag on resource creation
resource/aws_efs_file_system: Prevent panic with empty lifecycle_policy configuration block
resource/aws_fsx_windows_file_system: Prevent panic when update includes self_managed_active_directory settings
resource/aws_glue_catalog_table: Prevent various panics with empty configuration blocks
resource/aws_kinesis_firehose_delivery_stream: Prevent panic with empty processing_configuration configuration block
resource/aws_kms_external_key: Prevent MalformedPolicyDocumentException errors on creation by retrying for up to 2 minutes to wait for IAM change propagation
resource/aws_kms_key: Prevent MalformedPolicyDocumentException errors on creation by retrying for up to 2 minutes to wait for IAM change propagation
resource/aws_lb_listener: Prevent panics on creation and refresh when API throttled
resource/aws_route53_zone: Prevent panic with APIs missing ChangeInfo during creation (best effort fix for LocalStack)
resource/aws_storagegateway_gateway: Perform multiple connectivity checks after activation to wait if the underlying server (e.g. EC2 Instance) is automatically rebooted
resource/aws_storagegateway_gateway: Retry 504 status code on activation
resource/aws_wafregional_xss_match_set: Prevent crash with xss_match_tuple configuration block since version 2.59.0
v2.59.0
@breathingdust breathingdust released this 24 days ago · 470 commits to master since this release
NOTES:
provider: Region validation now automatically supports the new af-south-1 (Africa (Cape Town)) region. For AWS operations to work in the new region, the region must be explicitly enabled as outlined in the AWS Documentation. When the region is not enabled, the Terraform AWS Provider will return errors during credential validation (e.g. error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid) or AWS operations will throw their own errors (e.g. data.aws_availability_zones.current: Error fetching Availability Zones: AuthFailure: AWS was not able to validate the provided access credentials). (#12715)
resource/aws_iam_user: The additional force_destroy behavior for handling signing certificates requires two additional IAM permissions (iam:ListSigningCertificates and iam:DeleteSigningCertificate). Restrictive IAM permissions for Terraform runs may require updates. (#10542)
resource/aws_rds_cluster: Due to recent API support for Aurora MySQL 5.7 and PostgreSQL Global Clusters which implemented the engine mode as provisioned instead of the previous global for Aurora MySQL 5.6, the resource now requires the DescribeGlobalClusters API call. Restrictive IAM permissions may require updates. (#12867)
FEATURES:
New Resource: aws_apigatewayv2_api_mapping (#9461)
New Resource: aws_apigatewayv2_vpc_link (#12577)
ENHANCEMENTS:
data_source/aws_acm_certificate: Add tags output (#11659)
data-source/aws_cloudtrail_service_account: Support af-south-1 region (#12967)
data-source/aws_elastic_beanstalk_hosted_zone: Support af-south-1 region (#12967)
data-source/aws_elb_hosted_zone_id: Support af-south-1 region (#12967)
data-source/aws_elb_service_account: Support af-south-1 region (#12967)
data-source/aws_s3_bucket: Support af-south-1 region for hosted_zone_id attribute (#12967)
provider: Support automatic region validation for af-south-1 (#12715)
resource/aws_apigatewayv2_api: Add cors_configuration, credentials_arn, route_key and target attributes (#12452)
resource/aws_appsync_graphql_api: Add log_config configuration block exclude_verbose_content argument (#12884)
resource/aws_config_configuration_recorder: Prevent error during deletion operation when resource is missing (#12734)
resource/aws_default_network_acl: Support import (#12924)
resource/aws_lambda_alias: Suppress differences for equivalent function_name argument values of name versus ARN (#12902)
resource/aws_network_acl_rule: Support import (#12921)
resource/aws_route: Add plan-time validation for destination_cidr_block and destination_ipv6_cidr_block arguments (#12890)
resource/aws_s3_bucket: Support af-south-1 region for hosted_zone_id attribute (#12967)
resource/aws_service_discovery_private_dns_namespace: Support import (#12929)
resource/aws_ssm_activation: Support import (#12933)
resource/aws_ssm_maintenance_window_target: Add plan-time validation to resource_type argument (#11783)
resource/aws_ssm_maintenance_window_target: Support import (#12935)
resource/aws_volume_attachment: Support import (#12948)
resource/aws_waf_ipset: Add plan-time validation for ip_set_descriptors configuration block arguments (#12775)
resource/aws_waf_sql_injection_match_set: Support import (#11657)
resource/aws_waf_xss_match_set: Add plan-time validation for xss_match_tuples configuration block arguments (#12777)
resource/aws_wafregional_web_acl: Add plan-time validation to various arguments (#12793)
BUG FIXES:
data-source/aws_launch_template: Prevent type error with network_interfaces associate_public_ip_address attribute (#12936)
resource/aws_glue_security_configuration: Prevent empty string KMS Key ARN in S3 Encryption settings (#12898)
resource/aws_iam_user: Ensure force_destroy argument removes signing certificates when enabled (#10542)
resource/aws_rds_cluster: Prevent unexpected global_cluster_identifier differences and deletion error with aurora-mysql and aurora-postgresql Global Cluster members (#12867)
resource/aws_route: Prevent not found after creation error with destination_ipv6_cidr_block set to ::0/0 (#12890)
Assets
2
v2.58.0
94d0642
Unverified
Compare
v2.58.0
@breathingdust breathingdust released this on 17 Apr · 589 commits to master since this release
FEATURES:
New Data Source: aws_regions (#12269)
New Resource: aws_apigatewayv2_deployment (#9245)
New Resource: aws_apigatewayv2_domain_name (#9391)
New Resource: aws_apigatewayv2_integration_response (#9365)
New Resource: aws_apigatewayv2_route (#8881)
New Resource: aws_apigatewayv2_route_response (#9373)
New Resource: aws_apigatewayv2_stage (#9232)
New Resource: aws_dms_event_subscription (#7170)
ENHANCEMENTS:
data-source/aws_dynamodb_table: Add replica attribute (initial support for Global Tables V2 (version 2019.11.21)) (#12342)
data-source/aws_instance: Exports volume_name for root_block_device (#12620)
resource/aws_backup_plan: Add rule configuration block copy_action configuration block (support cross region copy) (#11923)
resource/aws_cognito_identity_provider: Support plan-time validation for idp_identifiers, provider_name, and provider_type arguments (#10705)
resource/aws_dms_endpoint: Add elasticsearch_settings configuration block and elasticsearch to engine_name validation (support Elasticsearch endpoints) (#11792)
resource/aws_dms_endpoint: Add kinesis_settings configuration block and kinesis to engine_name validation (support Kinesis endpoints) (#8633)
resource/aws_dynamodb_table: Add replica configuration block (initial support for Global Tables V2 (version 2019.11.21)) (#12342)
resource/aws_ec2_client_vpn_endpoint: Allow two authentication_options configuration blocks (#12819)
resource/aws_instance: Allow changing root volume size without re-creating resource (#12620)
resource/aws_instance: Exports volume_name for root_block_device (#12620)
BUG FIXES:
resource/aws_dlm_lifecycle_policy: Ensure plan-time validation for times argument only allows 24 hour format (#12800)
Assets
2
v2.57.0
8c46f5f
Unverified
Compare
v2.57.0
@breathingdust breathingdust released this on 10 Apr · 712 commits to master since this release
BREAKING CHANGES:
provider: The configuration for the preview ignore tags functionality has been updated to include a wrapping configuration block. For example:
provider "aws" {
ignore_tags {
keys = ["TagKey1"]
}
}
FEATURES:
New Data Source: aws_cloudfront_distribution (#6468)
New Resource: aws_apigatewayv2_authorizer (#9228)
New Resource: aws_apigatewayv2_integration (#8949)
New Resource: aws_apigatewayv2_model (#8912)
ENHANCEMENTS:
data-source/aws_lambda_layer_version: Support plan-time validation for compatible_runtime argument dotnetcore3.1 value (support .NET Core 3.1) (#12712)
resource/aws_cloudhsm_v2_cluster: Support tag-on-create (#11683)
resource/aws_docdb_cluster: Add deletion_protection argument (#12650)
resource/aws_egress_only_internet_gateway: Add tags argument (#11568)
resource/aws_lambda_function: Support plan-time validation for runtime argument dotnetcore3.1 value (support .NET Core 3.1) (#12712)
resource/aws_lambda_layer_version: Support plan-time validation for compatible_runtimes argument dotnetcore3.1 value (support .NET Core 3.1) (#12712)
resource/aws_rds_global_cluster: Add aurora-postgresql to engine argument plan-time validation (#12401)
resource/aws_redshift_snapshot_copy_grant: Support resource import (#10350)
resource/aws_spot_fleet_request: Add tags argument (support tagging of Spot Fleet Request itself) (#12295)
resource/aws_spot_fleet_request: Support plan-time validation for launch_specification configuration block ebs_block_device volume_type, iam_instance_profile_arn, placement_tenancy, and root_block_device volume_type arguments (#12295)
resource/aws_spot_fleet_request: Support plan-time validation for allocation_strategy, instance_interruption_behaviour, and target_group_arns arguments (#12295)
service/ec2: Prevent eventual consistency errors tagging resources on creation (#12735)
BUG FIXES:
resource/aws_appautoscaling_policy: Fix error when importing DynamoDB Table Index policy (#11232)
resource/aws_db_instance: Allow creating read replica into RAM shared Subnet with VPC Security Group (#12700)
resource/aws_kms_key: Prevent eventual consistency related errors on creation (#12738)
resource/aws_lb_target_group: Automatically propose resource recreation for TCP protocol Target Groups when health_check configuration block interval, protocol, or timeout argument values are updated (#4568)
Assets
2
v2.56.0
02afaa6
Unverified
Compare
v2.56.0
@bflad bflad released this on 3 Apr · 813 commits to master since this release
NOTES:
resource/aws_emr_cluster: The bug fix in this release will potentially re-create EMR Clusters with multiple bootstrap actions, since bootstrap actions cannot be modified in place. To avoid re-creation, temporarily add the ignore_changes lifecycle configuration argument and/or update the order in your Terraform configuration.
ENHANCEMENTS:
data-source/aws_launch_template: Add hibernation_options attribute (#12492)
resource/aws_codepipeline: Adds cross-region action support (#12549)
resource/aws_dx_connection: Support 2Gbps and 5Gbps values in plan-time validation for bandwidth argument (#12559)
resource/aws_dx_lag: Support 2Gbps and 5Gbps values in plan-time validation for bandwidth argument (#12559)
resource/aws_elastic_transcoder_preset: Support plan-time validation for role argument (#12575)
resource/aws_kms_grant: Support resource import (#11991)
resource/aws_launch_template: Add hibernation_options configuration block (#12492)
BUG FIXES:
resource/aws_codedeploy_deployment_group: Fix blue_green_deployment_config updates for ECS (#11885)
resource/aws_emr_cluster: Now properly sets the order when multiple bootstrap actions are defined
resource/aws_kms_grant: Remove resource from Terraform state instead of error if removed outside Terraform (#12560)
resource/aws_s3_bucket: Prevent various panics with empty configuration blocks (#12614)
resource/aws_volume_attachment: Ensure any error is shown while waiting for volume to detach (#12596)
Assets
2
v2.55.0
3bef4e2
Unverified
Compare
v2.55.0
@gdavison gdavison released this on 27 Mar · 899 commits to master since this release
FEATURES:
New Resource: aws_ec2_availability_zone_group (#12400)
ENHANCEMENTS:
data-source/aws_availability_zone: Add all_availability_zones and filter arguments (#12400)
data-source/aws_availability_zone: Add group_name, network_border_group, and opt_in_status attributes (#12400)
data-source/aws_availability_zones: Add all_availability_zones and filter arguments (#12400)
data-source/aws_availability_zones: Add group_names attribute (#12400)
data-source/aws_ec2_transit_gateway_dx_gateway_attachement: Add filter and tags arguments (#12516)
data-source/aws_ec2_transit_gateway_vpn_attachment: Add filter and tags arguments (#12415)
data-source/aws_instance: Add metadata_options attribute (#12491)
data-source/aws_launch_template: Add filter and tags arguments (#12403)
data-source/aws_launch_template: Add metadata_options attribute (#12491)
data-source/aws_prefix_list: Add filter argument (#12416)
data-source/aws_vpc_endpoint_service: Add filter and tags arguments (#12404)
resource/aws_athena_workgroup: Add force_destroy argument (#12254)
resource/aws_cloudwatch_log_metric_filter: Support resource import (#11992)
resource/aws_flow_log: Add max_aggregation_interval argument (#12483)
resource/aws_instance: Add metadata_options configuration block (support IMDSv2) (#12491)
resource/aws_launch_template: Add metadata_options configuration block (support IMDSv2) (#12491)
resource/aws_msk_cluster: Add logging_info configuration block (support CloudWatch, Firehose, and S3 logging) (#12215)
resource/aws_mq_configuration: Support plan-time validation for engine_type argument (#11843)
resource/aws_route53_health_check: A dd plan-time validation to insufficient_data_health_status (#12305)
resource/aws_storagegateway_nfs_file_share: Add path attribute (#12530)
BUG FIXES:
resource/aws_db_instance: Allow restoring from snapshot into RAM shared Subnet with VPC Security Group (#12447)
resource/aws_mq_configuration: Remove extraneous ListTags API call during refresh (#11843)
resource/aws_neptune_cluster_instance: Add missing configuring-log-exports as allowed pending state (#12079)
resource/aws_route53_health_check: Do not recreate health check when using compressed ipv6 address
|
|
v0.12.25
NOTES:
backend/s3: Region validation now automatically supports the new af-south-1 (Africa (Cape Town)) region. For AWS operations to work in the new region, the region must be explicitly enabled as outlined in the AWS Documentation. When the region is not enabled, the Terraform S3 Backend will return errors during credential validation (e.g. error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid).
ENHANCEMENTS:
backend/s3: Support automatic region validation for af-south-1
backend/remote: Add support for force push to remote backend
BUG FIXES:
core: Destroy provisioners should not evaluate for_each expressions
core: Fix races in GetVariableValue
|
|
4.4.0
=======
- This version is officially supported on CPython 2.7,
3.5, 3.6, 3.7 & 3.8 and is also supported on PyPy2 & PyPy3.
- Kombu 4.6.7
- Task class definitions can have retry attributes
4.4.0rc5
========
- Kombu 4.6.7
- Events bootstep disabled if no events
- SQS - Reject on failure
- Add a concurrency model with ThreadPoolExecutor
- Add auto expiry for DynamoDB backend
- Store extending result in all backends
- Fix a race condition when publishing a very large chord header
- Improve docs and test matrix
4.4.0rc4
========
- Kombu 4.6.6
- Py-AMQP 2.5.2
- Python 3.8
- Numerious bug fixes
- PyPy 7.2
4.4.0rc3
========
- Kombu 4.6.4
- Billiard 3.6.1
- Py-AMQP 2.5.1
- Avoid serializing datetime
- Fix: (group() | group()) not equals single group
- Revert "Broker connection uses the heartbeat setting from app config.
- Additional file descriptor safety checks.
- fixed call for null args
- Added generic path for cache backend.
- Fix Nested group(chain(group)) fails
- Use self.run() when overriding __call__
- Fix termination of asyncloop
- Fix migrate task to work with both v1 and v2 of the message protocol.
- Updating task_routes config during runtime now have effect.
4.4.0rc2
========
- Many bugs and regressions fixed.
- Kombu 4.6.3
4.4.0rc1
========
- Python 3.4 drop
- Kombu 4.6.1
- Replace deprecated PyMongo methods usage
- Pass task request when calling update_state
- Fix bug in remaining time calculation in case of DST time change
- Fix missing task name when requesting extended result
- Fix `collections` import issue on Python 2.7
- handle `AttributeError` in base backend exception deserializer
- Make `AsynPool`'s `proc_alive_timeout` configurable
- AMQP Support for extended result
- Fix SQL Alchemy results backend to work with extended result
- Fix restoring of exceptions with required param
- Django: Re-raise exception if `ImportError` not caused by missing tasks
module
- Django: fixed a regression putting DB connections in invalid state when
`CONN_MAX_AGE != 0`
- Fixed `OSError` leading to lost connection to broker
- Fixed an issue with inspect API unable get details of Request
- Fix mogodb backend authentication
- Change column type for Extended Task Meta args/kwargs to LargeBinary
- Handle http_auth in Elasticsearch backend results
- Fix task serializer being ignored with `task_always_eager=True`
- Fix `task.replace` to work in `.apply() as well as `.apply_async()`
- Fix sending of `worker_process_init` signal for solo worker
- Fix exception message upacking
- Add delay parameter function to beat_schedule
- Multiple documentation updates
|
|
|
|
Changes in Apache Libcloud 3.0.0
Common
------
Make sure auth_user_info variable on the OpenStack identify connection class is populated when using auth version 3.x_password and 3.x_oidc_access_token.
[OpenStack] Update OpenStack identity driver so a custom project can be selected using domain_name keyword argument containing a project id.
Previously this argument value could only contain a project name, now the value will be checked against project name and id.
Compute
-------
[GCE] Update create_node() method so it throws an exception if node location can't be inferred and location is not specified by the user ( either by passing datacenter constructor argument or by passing location argument to the method).
[GCE] Update ex_get_disktype method so it works if zone argument is not set.
[GiG G8] Add new driver for GiG G8 provider (https://gig.tech/).
Add new at_exit_func argument to deploy_node() method. With this argument user can specify which function will be called before exiting with the created node in question if the deploy process has been canceled after the node has been created, but before the method has fully finished.
This comes handy since it simplifies various cleanup scenarios.
[OpenStack] Fix auto assignment of volume device when using device name auto in the attach_volume method.
[Kamatera] Add new driver for Kamatera provider (https://www.kamatera.com).
Storage
-------
Add new download_object_range and download_object_range_as_stream methods for downloading part of the object content (aka range downloads) to the base storage API.
Currently those methods are implemented for the local storage Azure Blobs, CloudFiles, S3 and any other provider driver which is based on the S3 one (such as Google Storage and DigitalOcean Spaces).
Add type annotations for the base storage API.
[Google Storage] Update the driver so it supports service account HMAC credentials.
There was a bug in the code where we used the user id length check to determine the account type and that code check didn't take service account HMAC credentials (which contain a longer string) into account.
DNS
---
Add type annotations for the base DNS API.
Container
---------
[Kubernetes] Add support for the client certificate and static token based authentication to the driver.
Add type annotations for the base container API.
|
|
|
|
v20.0.0:
I'm pleased to announce txtorcon 20.0.0. This fixes a few bugs and
officially deprecates Python 2 support.
* Use real GeoIP database or nothing (https://github.com/meejah/txtorcon/issues/250)
* Change abstract base classes import in preperation for Python 3.8
* Python 3.4 is no longer supported
* Python 2 is deprecated; all new code should be Python 3. Support
for Python 2 will be removed in a future release.
|
|
|
|
|
|
|
|
|
|
Upstream changes:
* 3.4.5 (2020/05/15)
- re-implement judgements of displaying tweets to avoid tweets from
following to non-following users in some case
- fix ng word judgements missed in some case
- implement '--record-all' option
|
|
Changes in version 0.4.3.5 - 2020-05-15
Tor 0.4.3.5 is the first stable release in the 0.4.3.x series. This
series adds support for building without relay code enabled, and
implements functionality needed for OnionBalance with v3 onion
services. It includes significant refactoring of our configuration and
controller functionality, and fixes numerous smaller bugs and
performance issues.
Per our support policy, we support each stable release series for nine
months after its first stable release, or three months after the first
stable release of the next series: whichever is longer. This means
that 0.4.3.x will be supported until around February 2021--later, if
0.4.4.x is later than anticipated.
Note also that support for 0.4.1.x is about to end on May 20 of this
year; 0.4.2.x will be supported until September 15. We still plan to
continue supporting 0.3.5.x, our long-term stable series, until
Feb 2022.
Below are the changes since 0.4.2.6. For a list of only the changes
since 0.4.3.4-rc, see the ChangeLog file.
o New system requirements:
- When building Tor, you now need to have Python 3 in order to run
the integration tests. (Python 2 is officially unsupported
upstream, as of 1 Jan 2020.) Closes ticket 32608.
o Major features (build system):
- The relay code can now be disabled using the --disable-module-relay
configure option. When this option is set, we also disable the
dirauth module. Closes ticket 32123.
- When Tor is compiled --disable-module-relay, we also omit the code
used to act as a directory cache. Closes ticket 32487.
o Major features (directory authority, ed25519):
- Add support for banning a relay's ed25519 keys in the approved-
routers file. This will help us migrate away from RSA keys in the
future. Previously, only RSA keys could be banned in approved-
routers. Resolves ticket 22029. Patch by Neel Chauhan.
o Major features (onion services):
- New control port commands to manage client-side onion service
authorization credentials. The ONION_CLIENT_AUTH_ADD command adds
a credential, ONION_CLIENT_AUTH_REMOVE deletes a credential, and
ONION_CLIENT_AUTH_VIEW lists the credentials. Closes ticket 30381.
- Introduce a new SocksPort flag, ExtendedErrors, to support more
detailed error codes in information for applications that support
them. Closes ticket 30382; implements proposal 304.
o Major features (proxy):
- In addition to its current supported proxy types (HTTP CONNECT,
SOCKS4, and SOCKS5), Tor can now make its OR connections through a
HAProxy server. A new torrc option was added to specify the
address/port of the server: TCPProxy <protocol> <host>:<port>.
Currently the only supported protocol for the option is haproxy.
Closes ticket 31518. Patch done by Suphanat Chunhapanya (haxxpop).
o Major bugfixes (security, denial-of-service):
- Fix a denial-of-service bug that could be used by anyone to
consume a bunch of CPU on any Tor relay or authority, or by
directories to consume a bunch of CPU on clients or hidden
services. Because of the potential for CPU consumption to
introduce observable timing patterns, we are treating this as a
high-severity security issue. Fixes bug 33119; bugfix on
0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
as TROVE-2020-002 and CVE-2020-10592.
o Major bugfixes (circuit padding, memory leak):
- Avoid a remotely triggered memory leak in the case that a circuit
padding machine is somehow negotiated twice on the same circuit.
Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
This is also tracked as TROVE-2020-004 and CVE-2020-10593.
o Major bugfixes (directory authority):
- Directory authorities will now send a 503 (not enough bandwidth)
code to clients when under bandwidth pressure. Known relays and
other authorities will always be answered regardless of the
bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.
o Major bugfixes (DoS defenses, bridges, pluggable transport):
- Fix a bug that was preventing DoS defenses from running on bridges
with a pluggable transport. Previously, the DoS subsystem was not
given the transport name of the client connection, thus failed to
find the GeoIP cache entry for that client address. Fixes bug
33491; bugfix on 0.3.3.2-alpha.
o Major bugfixes (networking):
- Correctly handle IPv6 addresses in SOCKS5 RESOLVE_PTR requests,
and accept strings as well as binary addresses. Fixes bug 32315;
bugfix on 0.3.5.1-alpha.
o Major bugfixes (onion service):
- Report HS circuit failure back into the HS subsystem so we take
appropriate action with regards to the client introduction point
failure cache. This improves reachability of onion services, since
now clients notice failing introduction circuits properly. Fixes
bug 32020; bugfix on 0.3.2.1-alpha.
o Minor feature (heartbeat, onion service):
- Add the DoS INTRODUCE2 defenses counter to the heartbeat DoS
message. Closes ticket 31371.
o Minor feature (sendme, flow control):
- Default to sending SENDME version 1 cells. (Clients are already
sending these, because of a consensus parameter telling them to do
so: this change only affects what clients would do if the
consensus didn't contain a recommendation.) Closes ticket 33623.
o Minor features (best practices tracker):
- Practracker now supports a --regen-overbroad option to regenerate
the exceptions file, but only to revise exceptions to be _less_
tolerant of best-practices violations. Closes ticket 32372.
o Minor features (configuration validation):
- Configuration validation can now be done by per-module callbacks,
rather than a global validation function. This will let us reduce
the size of config.c and some of its more cumbersome functions.
Closes ticket 31241.
o Minor features (configuration):
- If a configured hardware crypto accelerator in AccelName is
prefixed with "!", Tor now exits when it cannot be found. Closes
ticket 32406.
- We now use flag-driven logic to warn about obsolete configuration
fields, so that we can include their names. In 0.4.2, we used a
special type, which prevented us from generating good warnings.
Implements ticket 32404.
o Minor features (configure, build system):
- Output a list of enabled/disabled features at the end of the
configure process in a pleasing way. Closes ticket 31373.
o Minor features (continuous integration):
- Run Doxygen Makefile target on Travis, so we can learn about
regressions in our internal documentation. Closes ticket 32455.
- Stop allowing failures on the Travis CI stem tests job. It looks
like all the stem hangs we were seeing before are now fixed.
Closes ticket 33075.
o Minor features (controller):
- Add stream isolation data to STREAM event. Closes ticket 19859.
- Implement a new GETINFO command to fetch microdescriptor
consensus. Closes ticket 31684.
o Minor features (debugging, directory system):
- Don't crash when we find a non-guard with a guard-fraction value
set. Instead, log a bug warning, in an attempt to figure out how
this happened. Diagnostic for ticket 32868.
o Minor features (defense in depth):
- Add additional checks around tor_vasprintf() usage, in case the
function returns an error. Patch by Tobias Stoeckmann. Fixes
ticket 31147.
o Minor features (developer tools):
- Remove the 0.2.9.x series branches from git scripts (git-merge-
forward.sh, git-pull-all.sh, git-push-all.sh, git-setup-dirs.sh).
Closes ticket 32772.
- Add a check_cocci_parse.sh script that checks that new code is
parseable by Coccinelle. Add an exceptions file for unparseable
files, and run the script from travis CI. Closes ticket 31919.
- Call the check_cocci_parse.sh script from a 'check-cocci' Makefile
target. Closes ticket 31919.
- Add a rename_c_identifiers.py tool to rename a bunch of C
identifiers at once, and generate a well-formed commit message
describing the change. This should help with refactoring. Closes
ticket 32237.
- Add some scripts in "scripts/coccinelle" to invoke the Coccinelle
semantic patching tool with the correct flags. These flags are
fairly easy to forget, and these scripts should help us use
Coccinelle more effectively in the future. Closes ticket 31705.
o Minor features (diagnostic):
- Improve assertions and add some memory-poisoning code to try to
track down possible causes of a rare crash (32564) in the EWMA
code. Closes ticket 33290.
o Minor features (directory authorities):
- Directory authorities now reject descriptors from relays running
Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is
still allowed. Resolves ticket 32672. Patch by Neel Chauhan.
o Minor features (Doxygen):
- Update Doxygen configuration file to a more recent template (from
1.8.15). Closes ticket 32110.
- "make doxygen" now works with out-of-tree builds. Closes
ticket 32113.
- Make sure that doxygen outputs documentation for all of our C
files. Previously, some were missing @file declarations, causing
them to be ignored. Closes ticket 32307.
- Our "make doxygen" target now respects --enable-fatal-warnings by
default, and does not warn about items that are missing
documentation. To warn about missing documentation, run configure
with the "--enable-missing-doc-warnings" flag: doing so suspends
fatal warnings for doxygen. Closes ticket 32385.
o Minor features (git scripts):
- Add TOR_EXTRA_CLONE_ARGS to git-setup-dirs.sh for git clone
customisation. Closes ticket 32347.
- Add git-setup-dirs.sh, which sets up an upstream git repository
and worktrees for tor maintainers. Closes ticket 29603.
- Add TOR_EXTRA_REMOTE_* to git-setup-dirs.sh for a custom extra
remote. Closes ticket 32347.
- Call the check_cocci_parse.sh script from the git commit and push
hooks. Closes ticket 31919.
- Make git-push-all.sh skip unchanged branches when pushing to
upstream. The script already skipped unchanged test branches.
Closes ticket 32216.
- Make git-setup-dirs.sh create a master symlink in the worktree
directory. Closes ticket 32347.
- Skip unmodified source files when doing some existing git hook
checks. Related to ticket 31919.
o Minor features (IPv6, client):
- Make Tor clients tell dual-stack exits that they prefer IPv6
connections. This change is equivalent to setting the PreferIPv6
flag on SOCKSPorts (and most other listener ports). Tor Browser
has been setting this flag for some time, and we want to remove a
client distinguisher at exits. Closes ticket 32637.
o Minor features (portability, android):
- When building for Android, disable some tests that depend on $HOME
and/or pwdb, which Android doesn't have. Closes ticket 32825.
Patch from Hans-Christoph Steiner.
o Minor features (relay modularity):
- Split the relay and server pluggable transport config code into
separate files in the relay module. Disable this code when the
relay module is disabled. Closes part of ticket 32213.
- When the relay module is disabled, reject attempts to set the
ORPort, DirPort, DirCache, BridgeRelay, ExtORPort, or
ServerTransport* options, rather than ignoring the values of these
options. Closes part of ticket 32213.
- When the relay module is disabled, change the default config so
that DirCache is 0, and ClientOnly is 1. Closes ticket 32410.
o Minor features (release tools):
- Port our ChangeLog formatting and sorting tools to Python 3.
Closes ticket 32704.
o Minor features (testing):
- The unit tests now support a "TOR_SKIP_TESTCASES" environment
variable to specify a list of space-separated test cases that
should not be executed. We will use this to disable certain tests
that are failing on Appveyor because of mismatched OpenSSL
libraries. Part of ticket 33643.
- Detect some common failure cases for test_parseconf.sh in
src/test/conf_failures. Closes ticket 32451.
- Allow test_parseconf.sh to test expected log outputs for successful
configs, as well as failed configs. Closes ticket 32451.
- The test_parseconf.sh script now supports result variants for any
combination of the optional libraries lzma, nss, and zstd. Closes
ticket 32397.
- When running the unit tests on Android, create temporary files in
a subdirectory of /data/local/tmp. Closes ticket 32172. Based on a
patch from Hans-Christoph Steiner.
o Minor features (usability):
- Include more information when failing to parse a configuration
value. This should make it easier to tell what's going wrong when
a configuration file doesn't parse. Closes ticket 33460.
o Minor bugfix (relay, configuration):
- Warn if the ContactInfo field is not set, and tell the relay
operator that not having a ContactInfo field set might cause their
relay to get rejected in the future. Fixes bug 33361; bugfix
on 0.1.1.10-alpha.
o Minor bugfixes (bridges):
- Lowercase the configured value of BridgeDistribution before adding
it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.
o Minor bugfixes (build system):
- Fix "make autostyle" for out-of-tree builds. Fixes bug 32370;
bugfix on 0.4.1.2-alpha.
o Minor bugfixes (compiler compatibility):
- Avoid compiler warnings from Clang 10 related to the use of GCC-
style "/* falls through */" comments. Both Clang and GCC allow
__attribute__((fallthrough)) instead, so that's what we're using
now. Fixes bug 34078; bugfix on 0.3.1.3-alpha.
- Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix
on 0.4.0.3-alpha.
o Minor bugfixes (configuration handling):
- Make control_event_conf_changed() take in a config_line_t instead
of a smartlist of alternating key/value entries. Fixes bug 31531;
bugfix on 0.2.3.3-alpha. Patch by Neel Chauhan.
- Check for multiplication overflow when parsing memory units inside
configuration. Fixes bug 30920; bugfix on 0.0.9rc1.
- When dumping the configuration, stop adding a trailing space after
the option name when there is no option value. This issue only
affects options that accept an empty value or list. (Most options
reject empty values, or delete the entire line from the dumped
options.) Fixes bug 32352; bugfix on 0.0.9pre6.
- Avoid changing the user's value of HardwareAccel as stored by
SAVECONF, when AccelName is set but HardwareAccel is not. Fixes
bug 32382; bugfix on 0.2.2.1-alpha.
- When creating a KeyDirectory with the same location as the
DataDirectory (not recommended), respect the DataDirectory's
group-readable setting if one has not been set for the
KeyDirectory. Fixes bug 27992; bugfix on 0.3.3.1-alpha.
o Minor bugfixes (continuous integration):
- Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix
on 0.3.2.2-alpha.
o Minor bugfixes (controller protocol):
- When receiving "ACTIVE" or "DORMANT" signals on the control port,
report them as SIGNAL events. Previously we would log a bug
warning. Fixes bug 33104; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (controller):
- In routerstatus_has_changed(), check all the fields that are
output over the control port. Fixes bug 20218; bugfix
on 0.1.1.11-alpha.
o Minor bugfixes (developer tools):
- Allow paths starting with ./ in scripts/add_c_file.py. Fixes bug
31336; bugfix on 0.4.1.2-alpha.
o Minor bugfixes (dirauth module):
- Split the dirauth config code into a separate file in the dirauth
module. Disable this code when the dirauth module is disabled.
Closes ticket 32213.
- When the dirauth module is disabled, reject attempts to set the
AuthoritativeDir option, rather than ignoring the value of the
option. Fixes bug 32213; bugfix on 0.3.4.1-alpha.
o Minor bugfixes (embedded Tor):
- When starting Tor any time after the first time in a process,
register the thread in which it is running as the main thread.
Previously, we only did this on Windows, which could lead to bugs
like 23081 on non-Windows platforms. Fixes bug 32884; bugfix
on 0.3.3.1-alpha.
o Minor bugfixes (git scripts):
- Avoid sleeping before the last push in git-push-all.sh. Closes
ticket 32216.
- Forward all unrecognised arguments in git-push-all.sh to git push.
Closes ticket 32216.
o Minor bugfixes (key portability):
- When reading PEM-encoded key data, tolerate CRLF line-endings even
if we are not running on Windows. Previously, non-Windows hosts
would reject these line-endings in certain positions, making
certain key files hard to move from one host to another. Fixes bug
33032; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (logging):
- Stop truncating IPv6 addresses and ports in channel and connection
logs. Fixes bug 33918; bugfix on 0.2.4.4-alpha.
- Flush stderr, stdout, and file logs during shutdown, if supported
by the OS. This change helps make sure that any final logs are
recorded. Fixes bug 33087; bugfix on 0.4.1.6.
- Stop closing stderr and stdout during shutdown. Closing these file
descriptors can hide sanitiser logs. Fixes bug 33087; bugfix
on 0.4.1.6.
- If we encounter a bug when flushing a buffer to a TLS connection,
only log the bug once per invocation of the Tor process.
Previously we would log with every occurrence, which could cause
us to run out of disk space. Fixes bug 33093; bugfix
on 0.3.2.2-alpha.
- When logging a bug, do not say "Future instances of this warning
will be silenced" unless we are actually going to silence them.
Previously we would say this whenever a BUG() check failed in the
code. Fixes bug 33095; bugfix on 0.4.1.1-alpha.
o Minor bugfixes (onion services v2):
- Move a series of v2 onion service warnings to protocol-warning
level because they can all be triggered remotely by a malformed
request. Fixes bug 32706; bugfix on 0.1.1.14-alpha.
- When sending the INTRO cell for a v2 Onion Service, look at the
failure cache alongside timeout values to check if the intro point
is marked as failed. Previously, we only looked at the relay
timeout values. Fixes bug 25568; bugfix on 0.2.7.3-rc. Patch by
Neel Chauhan.
o Minor bugfixes (onion services v3):
- Remove a BUG() warning that would cause a stack trace if an onion
service descriptor was freed while we were waiting for a
rendezvous circuit to complete. Fixes bug 28992; bugfix
on 0.3.2.1-alpha.
- Relax severity of a log message that can appear naturally when
decoding onion service descriptors as a relay. Also add some
diagnostics to debug any future bugs in that area. Fixes bug
31669; bugfix on 0.3.0.1-alpha.
- Fix an assertion failure that could result from a corrupted
ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
bugfix on 0.3.3.1-alpha. This issue is also tracked
as TROVE-2020-003.
- Properly handle the client rendezvous circuit timeout. Previously
Tor would sometimes timeout a rendezvous circuit awaiting the
introduction ACK, and find itself unable to re-establish all
circuits because the rendezvous circuit timed out too early. Fixes
bug 32021; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (onion services):
- Do not rely on a "circuit established" flag for intro circuits but
instead always query the HS circuit map. This is to avoid sync
issue with that flag and the map. Fixes bug 32094; bugfix
on 0.3.2.1-alpha.
o Minor bugfixes (onion services, all):
- In cancel_descriptor_fetches(), use
connection_list_by_type_purpose() instead of
connection_list_by_type_state(). Fixes bug 32639; bugfix on
0.3.2.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (pluggable transports):
- When receiving a message on standard error from a pluggable
transport, log it at info level, rather than as a warning. Fixes
bug 33005; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (rust, build):
- Fix a syntax warning given by newer versions of Rust that was
creating problems for our continuous integration. Fixes bug 33212;
bugfix on 0.3.5.1-alpha.
o Minor bugfixes (scripts):
- Fix update_versions.py for out-of-tree builds. Fixes bug 32371;
bugfix on 0.4.0.1-alpha.
o Minor bugfixes (testing):
- Use the same code to find the tor binary in all of our test
scripts. This change makes sure we are always using the coverage
binary when coverage is enabled. Fixes bug 32368; bugfix
on 0.2.7.3-rc.
- Stop ignoring "tor --dump-config" errors in test_parseconf.sh.
Fixes bug 32468; bugfix on 0.4.2.1-alpha.
- Our option-validation tests no longer depend on specially
configured non-default, non-passing sets of options. Previously,
the tests had been written to assume that options would _not_ be
set to their defaults, which led to needless complexity and
verbosity. Fixes bug 32175; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (TLS bug handling):
- When encountering a bug in buf_read_from_tls(), return a "MISC"
error code rather than "WANTWRITE". This change might help avoid
some CPU-wasting loops if the bug is ever triggered. Bug reported
by opara. Fixes bug 32673; bugfix on 0.3.0.4-alpha.
o Deprecated features:
- Deprecate the ClientAutoIPv6ORPort option. This option was not
true "Happy Eyeballs", and often failed on connections that
weren't reliably dual-stack. Closes ticket 32942. Patch by
Neel Chauhan.
o Documentation:
- Provide a quickstart guide for a Circuit Padding Framework, and
documentation for researchers to implement and study circuit
padding machines. Closes ticket 28804.
- Add documentation in 'HelpfulTools.md' to describe how to build a
tag file. Closes ticket 32779.
- Create a high-level description of the long-term software
architecture goals. Closes ticket 32206.
- Describe the --dump-config command in the manual page. Closes
ticket 32467.
- Unite coding advice from this_not_that.md in torguts repo into our
coding standards document. Resolves ticket 31853.
o Removed features:
- Our Doxygen configuration no longer generates LaTeX output. The
reference manual produced by doing this was over 4000 pages long,
and generally unusable. Closes ticket 32099.
- The option "TestingEstimatedDescriptorPropagationTime" is now
marked as obsolete. It has had no effect since 0.3.0.7, when
clients stopped rejecting consensuses "from the future". Closes
ticket 32807.
- We no longer support consensus methods before method 28; these
methods were only used by authorities running versions of Tor that
are now at end-of-life. In effect, this means that clients,
relays, and authorities now assume that authorities will be
running version 0.3.5.x or later. Closes ticket 32695.
o Testing:
- Avoid conflicts between the fake sockets in tor's unit tests, and
real file descriptors. Resolves issues running unit tests with
GitHub Actions, where the process that embeds or launches the
tests has already opened a large number of file descriptors. Fixes
bug 33782; bugfix on 0.2.8.1-alpha. Found and fixed by
Putta Khunchalee.
- Add more test cases for tor's UTF-8 validation function. Also,
check the arguments passed to the function for consistency. Closes
ticket 32845.
- Improve test coverage for relay and dirauth config code, focusing
on option validation and normalization. Closes ticket 32213.
- Improve the consistency of test_parseconf.sh output, and run all
the tests, even if one fails. Closes ticket 32213.
- Run the practracker unit tests in the pre-commit git hook. Closes
ticket 32609.
o Code simplification and refactoring (channel):
- Channel layer had a variable length cell handler that was not used
and thus removed. Closes ticket 32892.
o Code simplification and refactoring (configuration):
- Immutability is now implemented as a flag on individual
configuration options rather than as part of the option-transition
checking code. Closes ticket 32344.
- Instead of keeping a list of configuration options to check for
relative paths, check all the options whose type is "FILENAME".
Solves part of ticket 32339.
- Our default log (which ordinarily sends NOTICE-level messages to
standard output) is now handled in a more logical manner.
Previously, we replaced the configured log options if they were
empty. Now, we interpret an empty set of log options as meaning
"use the default log". Closes ticket 31999.
- Remove some unused arguments from the options_validate() function,
to simplify our code and tests. Closes ticket 32187.
- Simplify the options_validate() code so that it looks at the
default options directly, rather than taking default options as an
argument. This change lets us simplify its interface. Closes
ticket 32185.
- Use our new configuration architecture to move most authority-
related options to the directory authority module. Closes
ticket 32806.
- When parsing the command line, handle options that determine our
"quiet level" and our mode of operation (e.g., --dump-config and
so on) all in one table. Closes ticket 32003.
o Code simplification and refactoring (controller):
- Create a new abstraction for formatting control protocol reply
lines based on key-value pairs. Refactor some existing control
protocol code to take advantage of this. Closes ticket 30984.
- Create a helper function that can fetch network status or
microdesc consensuses. Closes ticket 31684.
o Code simplification and refactoring (dirauth modularization):
- Remove the last remaining HAVE_MODULE_DIRAUTH inside a function.
Closes ticket 32163.
- Replace some confusing identifiers in process_descs.c. Closes
ticket 29826.
- Simplify some relay and dirauth config code. Closes ticket 32213.
o Code simplification and refactoring (mainloop):
- Simplify the ip_address_changed() function by removing redundant
checks. Closes ticket 33091.
o Code simplification and refactoring (misc):
- Make all the structs we declare follow the same naming convention
of ending with "_t". Closes ticket 32415.
- Move and rename some configuration-related code for clarity.
Closes ticket 32304.
- Our include.am files are now broken up by subdirectory.
Previously, src/core/include.am covered all of the subdirectories
in "core", "feature", and "app". Closes ticket 32137.
- Remove underused NS*() macros from test code: they make our tests
more confusing, especially for code-formatting tools. Closes
ticket 32887.
o Code simplification and refactoring (relay modularization):
- Disable relay_periodic when the relay module is disabled. Closes
ticket 32244.
- Disable relay_sys when the relay module is disabled. Closes
ticket 32245.
o Code simplification and refactoring (tool support):
- Add numerous missing dependencies to our include files, so that
they can be included in different reasonable orders and still
compile. Addresses part of ticket 32764.
- Fix some parts of our code that were difficult for Coccinelle to
parse. Related to ticket 31705.
- Fix some small issues in our code that prevented automatic
formatting tools from working. Addresses part of ticket 32764.
o Documentation (manpage):
- Alphabetize the Server and Directory server sections of the tor
manpage. Also split Statistics options into their own section of
the manpage. Closes ticket 33188. Work by Swati Thacker as part of
Google Season of Docs.
- Document the __OwningControllerProcess torrc option and specify
its polling interval. Resolves issue 32971.
- Split "Circuit Timeout" options and "Node Selection" options into
their own sections of the tor manpage. Closes tickets 32928 and
32929. Work by Swati Thacker as part of Google Season of Docs.
- Alphabetize the Client Options section of the tor manpage. Closes
ticket 32846.
- Alphabetize the General Options section of the tor manpage. Closes
ticket 32708.
- In the tor(1) manpage, reword and improve formatting of the
COMMAND-LINE OPTIONS and DESCRIPTION sections. Closes ticket
32277. Based on work by Swati Thacker as part of Google Season
of Docs.
- In the tor(1) manpage, reword and improve formatting of the FILES,
SEE ALSO, and BUGS sections. Closes ticket 32176. Based on work by
Swati Thacker as part of Google Season of Docs.
o Testing (Appveyor CI):
- In our Appveyor Windows CI, copy required DLLs to test and app
directories, before running tor's tests. This ensures that tor.exe
and test*.exe use the correct version of each DLL. This fix is not
required, but we hope it will avoid DLL search issues in future.
Fixes bug 33673; bugfix on 0.3.4.2-alpha.
- On Appveyor, skip the crypto/openssl_version test, which is
failing because of a mismatched library installation. Fix
for 33643.
o Testing (circuit, EWMA):
- Add unit tests for circuitmux and EWMA subsystems. Closes
ticket 32196.
o Testing (Travis CI):
- Remove a redundant distcheck job. Closes ticket 33194.
- Sort the Travis jobs in order of speed: putting the slowest jobs
first takes full advantage of Travis job concurrency. Closes
ticket 33194.
- Stop allowing the Chutney IPv6 Travis job to fail. This job was
previously configured to fast_finish (which requires
allow_failure), to speed up the build. Closes ticket 33195.
- When a Travis chutney job fails, use chutney's new "diagnostics.sh"
tool to produce detailed diagnostic output. Closes ticket 32792.
|
|
upstream changes:
-----------------
v1.5.0
This release changes the default location for the index database under
some circumstances. Two new flags can also be used to affect the
location of the configuration (-config) and database (-data)
separately. The old -home flag is equivalent to setting both of these
to the same directory. When no flags are given the following logic is
used to determine the data location:
If a database exists in the old default location, that location is
still used. This means existing installations are not affected by this
change.
If $XDG_DATA_HOME is set, use $XDG_DATA_HOME/syncthing.
If ~/.local/share/syncthing exists, use that location.
Use the old default location.
This logic is used on non-Windows, non-Mac platforms only. On Windows
and Mac the logic is unchanged.
Bugfixes:
#3808: gui: Number of days must be number flashes red then disappears
#5809: stdiscosrv failed to load keypair without proper error message
#6410: Wrong 30-days-interval in staggered versioning
#6430: Incorrect out-of-sync/locally changed status indication on folders
#6436: Revert Local Changes red button does not work correctly
#6440: Doesn't run monitor process when started with STNORESTART=1
#6450: LDAP auth doesn't handle LDAPS with certificate validation
#6487: Scan problem within single unignored subdirectory prevents bidirectional sync
Enhancements:
#4924: Move index db to $XDG_DATA_HOME/syncthing/
#5376: Improve LDAP authentication
#6384: Do auto upgrades early and synchronously on startup
#6416: Improve device status for "unused" devices
#6432: Deleted file that existed locally only reported as locally changed
#6437: Don't start browser when restarting after upgrade
Other issues:
#6471: Windows exe isn't properly version tagged
|
|
Drop it from the category and mark as broken
|
|
|
|
|
|
|
|
|
|
|
|
0.2.2:
* Fix use of xandikos.wsgi module in uwsgi.
|
|
|
|
|
|
|
|
The DVIPS= appears once with quotes and once without.
|
|
|
|
Bandwidth measurement tool for Nordic ISPs created by
The Swedish Internet Foundation (Internetstiftelsen).
|
|
0.2.0
Allow migration from Tor to Onionbalance by reading tor private keys directly using the ‘key’ directive in the YAML config file. Also update onionbalance-config to support that.
Improve onionbalance-config for v3 onions. Simplify the output directory (and change docs to reflect so) and the wizard suggestions.
0.1.9
Initial support for v3 onions!
|
|
|
|
19.0.1
- Fix TypeError during garbage collection
- Fix compilation with some C++ compilers
- Fixes in tests and examples
|
|
3.2.2:
Unknown changes
|
|
1.18.57
api-change:ec2: Update ec2 command to latest version
api-change:codeguru-reviewer: Update codeguru-reviewer command to latest version
api-change:kendra: Update kendra command to latest version
1.18.56
api-change:resourcegroupstaggingapi: Update resourcegroupstaggingapi command to latest version
api-change:sagemaker: Update sagemaker command to latest version
api-change:guardduty: Update guardduty command to latest version
1.18.55
api-change:ssm: Update ssm command to latest version
api-change:appconfig: Update appconfig command to latest version
api-change:logs: Update logs command to latest version
api-change:codebuild: Update codebuild command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:lightsail: Update lightsail command to latest version
api-change:route53: Update route53 command to latest version
1.18.54
api-change:codestar-connections: Update codestar-connections command to latest version
api-change:comprehendmedical: Update comprehendmedical command to latest version
1.18.53
api-change:ec2: Update ec2 command to latest version
api-change:ssm: Update ssm command to latest version
api-change:support: Update support command to latest version
1.18.52
api-change:s3control: Update s3control command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:apigateway: Update apigateway command to latest version
1.18.51
api-change:ssm: Update ssm command to latest version
api-change:efs: Update efs command to latest version
1.18.50
api-change:iot: Update iot command to latest version
api-change:lambda: Update lambda command to latest version
api-change:storagegateway: Update storagegateway command to latest version
api-change:schemas: Update schemas command to latest version
api-change:iotevents: Update iotevents command to latest version
api-change:mediaconvert: Update mediaconvert command to latest version
|
|
1.13.7
api-change:kendra: [botocore] Update kendra client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:codeguru-reviewer: [botocore] Update codeguru-reviewer client to latest version
1.13.6
api-change:sagemaker: [botocore] Update sagemaker client to latest version
api-change:guardduty: [botocore] Update guardduty client to latest version
api-change:resourcegroupstaggingapi: [botocore] Update resourcegroupstaggingapi client to latest version
1.13.5
api-change:ssm: [botocore] Update ssm client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:lightsail: [botocore] Update lightsail client to latest version
api-change:route53: [botocore] Update route53 client to latest version
api-change:appconfig: [botocore] Update appconfig client to latest version
api-change:logs: [botocore] Update logs client to latest version
1.13.4
api-change:codestar-connections: [botocore] Update codestar-connections client to latest version
api-change:comprehendmedical: [botocore] Update comprehendmedical client to latest version
1.13.3
api-change:support: [botocore] Update support client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
1.13.2
api-change:apigateway: [botocore] Update apigateway client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:s3control: [botocore] Update s3control client to latest version
1.13.1
api-change:efs: [botocore] Update efs client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
1.13.0
api-change:schemas: [botocore] Update schemas client to latest version
api-change:iot: [botocore] Update iot client to latest version
api-change:lambda: [botocore] Update lambda client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
api-change:iotevents: [botocore] Update iotevents client to latest version
feature:Exceptions: [botocore] Added support for parsing modeled exception fields.
api-change:mediaconvert: [botocore] Update mediaconvert client to latest version
|
|
1.16.7
api-change:kendra: Update kendra client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:codeguru-reviewer: Update codeguru-reviewer client to latest version
1.16.6
api-change:sagemaker: Update sagemaker client to latest version
api-change:guardduty: Update guardduty client to latest version
api-change:resourcegroupstaggingapi: Update resourcegroupstaggingapi client to latest version
1.16.5
api-change:ssm: Update ssm client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:lightsail: Update lightsail client to latest version
api-change:route53: Update route53 client to latest version
api-change:appconfig: Update appconfig client to latest version
api-change:logs: Update logs client to latest version
1.16.4
api-change:codestar-connections: Update codestar-connections client to latest version
api-change:comprehendmedical: Update comprehendmedical client to latest version
1.16.3
api-change:support: Update support client to latest version
api-change:ssm: Update ssm client to latest version
api-change:ec2: Update ec2 client to latest version
1.16.2
api-change:apigateway: Update apigateway client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:s3control: Update s3control client to latest version
1.16.1
api-change:efs: Update efs client to latest version
api-change:ssm: Update ssm client to latest version
1.16.0
api-change:schemas: Update schemas client to latest version
api-change:iot: Update iot client to latest version
api-change:lambda: Update lambda client to latest version
api-change:storagegateway: Update storagegateway client to latest version
api-change:iotevents: Update iotevents client to latest version
feature:Exceptions: Added support for parsing modeled exception fields.
api-change:mediaconvert: Update mediaconvert client to latest version
|
|
These PLIST files have been autogenerated by mk/haskell.mk using
HS_UPDATE_PLIST=yes during a bulk build. They will help to track changes
to the packages. The Haskell packages didn't have PLIST files because
their paths contained package hashes. These hashes are now determined by
mk/haskell.mk, which makes it easy to generate easy to read PLIST files.
|
|
|
|
|
