| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
net/bind916: SunOS build fix
Revisions pulled up:
- net/bind916/distinfo 1.31
- net/bind916/patches/patch-lib_isc_unix_socket.c 1.7
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Thu Feb 17 15:37:26 UTC 2022
Modified Files:
pkgsrc/net/bind916: distinfo
pkgsrc/net/bind916/patches: patch-lib_isc_unix_socket.c
Log Message:
bind916: fix builds on Solaris derivates
A patch fixing SunOS builds was lost during a recent update, restore
it. (And s/SmartOS/SunOS/ in comment, this doesn't just affect SmartOS,
reproduced and fixed on OmniOS. This package also fails to build on
Linux, but that's another issue entirely.) Addresses PR pkg/56716 from
Russell Hansen.
|
|
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.136-1.137
- net/samba4/distinfo 1.72
---
Module Name: pkgsrc
Committed By: gdt
Date: Tue Jan 25 19:25:01 UTC 2022
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
net/samba4: Add upstream bug report URL
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jan 31 13:45:12 UTC 2022
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: udpate to 4.13.17
===============================
Release Notes for Samba 4.13.17
January 31, 2022
===============================
This is a security release in order to address the following defects:
o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
Changes since 4.13.16
---------------------
o Ralph Boehme <slow@samba.org>
* BUG 14914: CVE-2021-44142
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14950: CVE-2022-0336
|
|
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.135
- net/samba4/distinfo 1.71
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jan 10 14:11:16 UTC 2022
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.13.16
===============================
Release Notes for Samba 4.13.16
January 10, 2022
===============================
This is a security release in order to address the following defects:
o CVE-2021-43566: mkdir race condition allows share escape in Samba 4.x.
https://www.samba.org/samba/security/CVE-2021-43566.html
=======
Details
=======
o CVE-2021-43566:
All versions of Samba prior to 4.13.16 are vulnerable to a malicious
client using an SMB1 or NFS symlink race to allow a directory to be
created in an area of the server file system not exported under the
share definition. Note that SMB1 has to be enabled, or the share
also available via NFS in order for this attack to succeed.
Clients that have write access to the exported part of the file system
under a share via SMB1 unix extensions or NFS can create symlinks that
can race the server by renaming an existing path and then replacing it
with a symlink. If the client wins the race it can cause the server to
create a directory under the new symlink target after the exported
share path check has been done. This new symlink target can point to
anywhere on the server file system. The authenticated user must have
permissions to create a directory under the target directory of the
symlink.
This is a difficult race to win, but theoretically possible. Note that
the proof of concept code supplied wins the race only when the server
is slowed down and put under heavy load. Exploitation of this bug has
not been seen in the wild.
Changes since 4.13.15
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 13979: CVE-2021-43566: mkdir race condition allows share escape in Samba 4.x
|
|
Release 1.1.5
This release is a minor bug fix release, and includes some improvements to the CMake logic that should make incorporating nanomsg into larger projects easier.
Release 1.1.4
This release is primarily a bug-fix release for Windows platforms, but it also adds support for building on Android.
The main change in this release is a fix for the IPC transport on Windows, which was subject to crashing if the remote peer breaks messages into smaller pieces. As some other SP implementations do this to avoid data copies, this fix is very important.
A fix for leaking handles on Windows is included.
Support for compilation on Android using the NDK and the bundled cmake and toolchain file from Android is now present.
Release 1.1.3
This is the last planned release for nanomsg. (New effort is focued on the NNG project -- see github.com/nanomsg/nng for details.)
The following changes are present:
CMake exported target, easing inclusion in larger projects (see demos/CMakeLists.txt for an example)
Windows no longer uses a single fixed TCP port for eventfd (this should improve reliability)
Fix for an assertion failure in efd_unsignal
The ABI version is separate from the library version now.
Fixed a crash when calling nn_term without first opening a socket.
Fix for building Windows tests on case-sensitive file systems.
CI/CD improvements: switch to CircleCI, and use CodeCov for coverage analysis.
Release 1.1.2
This is just a very minor compilation fix for version 1.1.1.
Version 1.1.1 did not compile on Linux, but this version will.
Release 1.1.1
** THIS RELEASE HAS A COMPILE BUG ON LINUX. Use 1.1.2 INSTEAD **
This is a bug fix release for 1.1.0.
Two main issues are resolved:
nanomsg no longer wakes up every 100 msec even when no I/O is pending
Some users noticed that nanomsg was performing wakeups regardless of
whether I/O was available or not. This had a detrimental effect on power usage.
nanomsg no longer crashes when accept fails on Windows
In some circumstances an outstanding accept() operation that got aborted
(for example due to the socket closing) could wind up crashing the application.
This was a race, and it is closed now.
We also fixed a few compilation warnings on Windows.
Release 1.1.0
This release is primarily a bug fix release for nanomsg, and rolls up a number of stability improvements, particularly for the inproc transport. A port to support Windows Subsystem for Linux is provided as well. There are no changes to the ABI.
|
|
|
|
|
|
let's hope this code isn't a pile of buffer overflows...
|
|
|
|
Adapted from Boyd Lynn Gerber.
|
|
This release contain security fixes.
===============================
Release Notes for Samba 4.13.15
December 15, 2021
===============================
This is the latest stable release of the Samba 4.13 release series.
Important Notes
===============
There have been a few regressions in the security release 4.13.14:
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
PLEASE [RE-]READ!
The instructions have been updated and some workarounds
initially adviced for 4.13.14 are no longer required and
should be reverted in most cases.
o BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become
un-deletable. While this release should fix this bug, it is
adviced to have a look at the bug report for more detailed
information, see https://bugzilla.samba.org/show_bug.cgi?id=14902.
Changes since 4.13.14
---------------------
o Andrew Bartlett <abartlet@samba.org>
* BUG 14656: Spaces incorrectly collapsed in ldb attributes.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
* BUG 14902: User with multiple spaces (eg Fred<space><space>Nurk) become un-
deletable.
o Ralph Boehme <slow@samba.org>
* BUG 14922: Kerberos authentication on standalone server in MIT realm
broken.
o Alexander Bokovoy <ab@samba.org>
* BUG 14903: Support for ROLE_IPA_DC is incomplete.
o Stefan Metzmacher <metze@samba.org>
* BUG 14899: winbindd doesn't start when "allow trusted domains" is off.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
|
|
|
|
`prettyping` runs the standard `ping` in the background and parses its
output, showing the ping responses in a *graphical* way at the terminal
(by using colors and Unicode characters).
`prettyping` is written in `bash` and `awk`, and is reported to work on
many different systems and different versions of `awk`.
|
|
- SNI wildcarding support in s6-tlsd-io.
- New sbearssl_*_set_tain(n)_g convenience macros.
- Bugfixes.
|
|
- Bugfixes.
|
|
5.0.9:
- Append to _used_channel_ids in _used_channel_ids
|
|
5.0.8
=====
- Reduce memory usage of Connection
- Add additional error handling around code where an OSError
may be raised on failed connections. Fixes
5.0.7
=====
- Remove dependency to case
- Bugfix: not closing socket after server disconnect
|
|
|
|
We've made a significant change to gh's extension system. Now, extension
authors can work in a precompiled language like Go and ship pre-compiled
binaries of their extensions via release assets.
To get started, run gh extension create.
The gh repo create command now has distinct usages for creating a repository
from scratch and creating one from a local git repository.
Create a new repository on GitHub from scratch and clone it locally with
$ gh repo create myrepo --public --clone
Upload an existing local repository with
$ gh repo create myrepo --source=path/to/repo --public
Other new features
- Add command gh auth setup-git for setting up gh-cli as git cred helper
- Add gh config list
- Add new flag gh secret set --no-store to print the encoded secret
- Adding release download for.zip and .tar.gz archives
- gh repo rename
|
|
3.8.6 (2021-12-17)
Merged Pull Requests
* Use ssh config file by default #713 (Vasu1105)
|
|
2.3.22 (2021-12-15)
Highlights:
* Many fingerprint contributions and an enhancement that adds the ability to
use filesystem-based examples (Thanks Rumble Discovery @hdm, @lpar,
@pbarry25) (#382)
* Fingerprints:
- Add new dhcp_vendor_class (Thanks @modoyle-r7) (#356)
- Improve Proxmox fingerprinting (Thanks @jvoisin) (#377)
- Add JARM for Synology DSM7.0 (Thanks @jvoisin) (#378)
- Add more JARM for Synology DSM 6.2.x & 7.0 (Thanks @tsellers-r7 for
enumerating the settings) (#379)
- Add missing parameters on x509.subject examples (#380)
- Simplify many regular expressions (Thanks to @jvoisin for the initial
proposal) (#381)
- Fix telnet banners pattern for compatibility with recog-java (#385,
#387)
* BUG: Fix maximum repetition size to be compatible with Go's regex
requirements. This was brought to our attention by @hdm. (#372)
* CPE: Updates using the current NIST database. (#388)
* Tooling: Add fingerprint path to recog_verify output (#376)
|
|
Update log4j version to 2.16.0 (CVE-2021-45046).
|
|
Upstream NEWS:
* Restore OCaml compat to before 4.02
* dune/opam improvements/fixes
* Improve GTK UI by using GtkTreeView
* Add support for syncing symlinks on Windows (NTFS)
* Improve ssh support on Windows (hide Windows console in GUI mode)
* Many bugfixes and minor improvements
|
|
Upstream changes are very minor. (This is a 2.51.5 release
candidate.)
|
|
pkgsrc changes:
- Avoid to use ERR both as an enum (for `Err' string message) and ERR as
curses(3) constant via err SUBST class
- Add libretls as dependency in order to build with TLS support
Changes:
1.05
----
- Add support to yank URIs with selection/clipboard manager
1.04
----
- Add support for TLS for gophers:// URL
- Several bug fixes and improvements
|
|
Changes since 0.9.6 (copied from ChangeLog):
* version 0.9.8
- removed support for ruli
- lots of internal refactoring to make sipsak compile with -fno-common (>= gcc-10)
* version 0.9.7
- added new option -E which overrules SRV result
- added new option -J to take ha1 instead of password
- dont retransmit on reliable transports
- added --disable-ips configure option which allows to compile the oldstyle --numeric behavior
- added new option -k only available with TLS support
- added 'star' as special word for the contact option -C
- fixed overwritting of outbound proxy if domainname is an IP; thanks to Alexander Litvak
- added option -Z to modify SIP_T1 at run time
- added syslog support
- enabled -c parameter for Inivte mode
- added new options for TLS (ca-cert, client-cert, ignore-cert-failure)
Note: these options are only available as long options
- added option to ignore TLS certificate verification errors
- added option -k, --local-ip
- added SHA-256 as a possible algorithm for digest authentication
|
|
Changes in version 0.4.6.9 - 2021-12-15
This version fixes several bugs from earlier versions of Tor. One important
piece is the removal of DNS timeout metric from the overload general signal.
See below for more details.
o Major bugfixes (relay, overload):
- Don't make Tor DNS timeout trigger an overload general state.
These timeouts are different from DNS server timeout. They have to
be seen as timeout related to UX and not because of a network
problem. Fixes bug 40527; bugfix on 0.4.6.1-alpha.
o Minor feature (reproducible build):
- The repository can now build reproducible tarballs which adds the
build command "make dist-reprod" for that purpose. Closes
ticket 26299.
o Minor features (compilation):
- Give an error message if trying to build with a version of
LibreSSL known not to work with Tor. (There's an incompatibility
with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of
their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes
ticket 40511.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on December 15, 2021.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/12/15.
o Minor bugfixes (compilation):
- Fix our configuration logic to detect whether we had OpenSSL 3:
previously, our logic was reversed. This has no other effect than
to change whether we suppress deprecated API warnings. Fixes bug
40429; bugfix on 0.3.5.13.
o Minor bugfixes (relay):
- Reject IPv6-only DirPorts. Our reachability self-test forces
DirPorts to be IPv4, but our configuration parser allowed them to
be IPv6-only, which led to an assertion failure. Fixes bug 40494;
bugfix on 0.4.5.1-alpha.
o Documentation (man, relay):
- Missing "OverloadStatistics" in tor.1 manpage. Fixes bug 40504;
bugfix on 0.4.6.1-alpha.
|
|
1.14.0
Features
Merge 401: RPZ triggers. This add additional RPZ triggers, unbound supports a full set of rpz triggers, and this now includes nsdname, nsip and clientip triggers. Also actions are fully supported, and this now includes the tcp-only action.
Merge 519: Support for selective enabling tcp-upstream for stub/forward zones.
Merge PR 514, from ziollek: Docker environment for run tests.
Support using system-wide crypto policies.
Fix that --with-ssl can use "/usr/include/openssl11" to pass the location of a different openssl version.
Merged 41 from Moritz Schneider: made outbound-msg-retry configurable.
Implement RFC8375: Special-Use Domain 'home.arpa.'.
Merge PR 555 from fobser: Allow interface names as scope-id in IPv6 link-local addresses.
Bug Fixes
Add test tool readzone to .gitignore.
Merge 521: Update mini_event.c.
Merge 523: fix: free() call more than once with the same pointer.
For 519: note stub-tcp-upstream and forward-tcp-upstream in the example configuration file.
For 519: yacc and lex. And fix python bindings, and test program unbound-dnstap-socket.
For 519: fix comments for doxygen.
Fix to print error from unbound-anchor for writing to the key file, also when not verbose.
For 514: generate configure.
Fix for 431: Squelch permission denied errors for udp connect, and udp send, they are visible at higher verbosity settings.
Fix zonemd verification of key that is not in DNS but in the zone and needs a chain of trust.
zonemd, fix order of bogus printout string manipulation.
Fix to support harden-algo-downgrade for ZONEMD dnssec checks.
Merge PR 528 from fobser: Make sldns_str2wire_svcparam_buf() static.
Fix 527: not sending quad9 cert to syslog (and may be more).
Fix sed script in ssldir split handling.
Fix 529: Fix: log_assert does nothing if UNBOUND_DEBUG is undefined.
Fix 531: Fix: passed to proc after free.
Fix 536: error: RPZ: name of record (drop.spamhaus.org.rpz.local.) to insert into RPZ.
Fix the stream wait stream_wait_count_lock and http2 buffer locks setup and desetup from race condition.
Fix RPZ locks. Do not unlock zones lock if requested and rpz find zone does not find the zone. Readlock the clientip that is found for ipbased triggers. Unlock the nsdname zone lock when done. Unlock zone and ip in rpz nsip and nsdname callback. Unlock authzone and localzone if clientip found in rpz worker call.
Fix compile warning in libunbound for listen desetup routine.
Fix asynclook unit test for setup of lockchecks before log.
Fix 533: Negative responses get cached even when setting cache-max-negative-ttl: 1
Fix tcp fastopen failure when disabled, try normal connect instead.
Fix 538: Fix subnetcache statistics.
Small fixes for 41: changelog, conflicts resolved, processQueryResponse takes an iterator env argument like other functions in the iterator, no colon in string for set_option, and some whitespace style, to make it similar to the rest.
Fix for 41: change outbound retry to int to fix signed comparison warnings.
Fix root_anchor test to check with new icannbundle date.
Fix initialisation errors reported by gcc sanitizer.
Fix lock debug code for gcc sanitizer reports.
Fix more initialisation errors reported by gcc sanitizer.
Fix crosscompile on windows to work with openssl 3.0.0 the link with ws2_32 needs -l:libssp.a for __strcpy_chk. Also copy results from lib64 directory if needed.
For crosscompile on windows, detect 64bit stackprotector library.
Fix crosscompile shell syntax.
Fix crosscompile windows to use libssp when it exists.
For the windows compile script disable gost.
Fix that on windows, use BIO_set_callback_ex instead of deprecated BIO_set_callback.
Fix crosscompile script for the shared build flags.
Fix to add example.conf note for outbound-msg-retry.
Fix chaos replies to have truncation for short message lengths, or long reply strings.
Fix to protect custom regional create against small values.
Fix 552: Unbound assumes index.html exists on RPZ host.
Fix that forward-zone name is documented as the full name of the zone. It is not relative but a fully qualified domain name.
Fix analyzer review failure in rpz action override code to not crash on unlocking the local zone lock.
Fix to remove unused code from rpz resolve client and action function.
Merge 565: unbound.service.in: Disable ProtectKernelTunables again.
Fix for 558: fix loop in comm_point->tcp_free when a comm_point is reclaimed more than once during callbacks.
Fix for 558: clear the UB_EV_TIMEOUT bit before adding an event.
Improve EDNS option handling, now also works for synthesised responses such as local-data and server.id CH TXT responses.
Merge PR 570 from rex4539: Fix typos.
Fix for 570: regen aclocal.m4, fix configure.ac for spelling.
Fix to make python module opt_list use opt_list_in.
Fix 574: unbound-checkconf reports fatal error if interface names are used as value for interfaces:
Fix 574: Review fixes for it.
Fix 576: [FR] UB_* error codes in unbound.h
Fix 574: Review fix for spelling.
Fix to remove git tracking and ci information from release tarballs.
iana portlist update.
Merge PR 511 from yan12125: Reduce unnecessary linking.
Merge PR 493 from Jaap: Fix generation of libunbound.pc.
Merge PR 562 from Willem: Reset keepalive per new tcp session.
Merge PR 522 from sibeream: memory management violations fixed.
Merge PR 530 from Shchelk: Fix: dereferencing a null pointer.
Fix 454: listen_dnsport.c:825: error: ‘IPV6_TCLASS’ undeclared.
Fix 574: Review fixes for size allocation.
Fix doc/unbound.doxygen to remove obsolete tag warning.
|
|
Changelog:
Version 3.1.4
Features:
+ mod-dnstap: added 'responses-with-queries' configuration option (Thanks
to Robert Edmonds)
Improvements:
+ knotd: DNSSEC keys are logged in sorted order by timestamp
+ mod-cookies: added statistics counter for dropped queries due to the
slip limit
+ mod-dnstap: restored the original query QNAME case #773 (Thanks to
Robert Edmonds)
+ configure: improved compatibility of some scripts on macOS and BSDs
+ doc: updates on DNSSEC signing
Bugfixes:
+ knotd: server can crash when receiving queries with NSID EDNS flag #774
(Thanks to Romain Labolle)
+ knotd: server crashes on reload when no interfaces configured #770
+ knotd: ZONEMD without DNSSEC not handled correctly
+ knotd: generated catalog zone not updated on config reload #772
+ knotd: zone catalog not verified before its interpretation
+ knotd: ds-push fails to update the parent zone if a CNAME exists for a
non-terminal node
Version 3.1.3
Monday, October 18, 2021
Improvements:
+ knotd: added simple error logging to orphaned zone purge
+ knotd: allow manual public-only keys for unused algorithm
+ kdig: send ALPN when using DoT or XoT #769
+ doc: various fixes and improvements #767
Bugfixes:
+ knotd: catalog backup doesn't preserve version of the catalog
implementation
+ knotd: NOTIFY is scheduled even when DNSSEC signing is up-to-date
+ knotd: server can crash when zone difference is inconsistent upon cold
start
+ knotd: zone not bootstrapped when zone file load failed due to an error
+ knotd: broken AXFR with knot as slave and dnsmasq as master (Thanks to
Daniel Gr?ber)
+ knotd: journal not able to free up space when zone-in-journal present
and zonefile written
+ mod-stats: missing protocol counters for TCP over XDP
+ kzonesign: input zone name not lower-cased
Version 3.1.2
Features:
+ knotd: new policy configuration for postponing complete deletion of
previous keys
+ keymgr: new optional pretty mode (-b) of listing keys
+ kdig: added support for TCP keepopen #503
Improvements:
+ knotd: configuration item values can contain UTF-8 characters
+ knotd: added configuration check for database storage writability
+ knotd: better error reporting if zone is empty
+ knotd: smaller journal database chunks in order to mitigate LMDB
fragmentation
+ knotd/kxdpgun: CAP_SYS_RESOURCE capability no longer needed for XDP on
Linux >= 5.11
Bugfixes:
+ knotd: incomplete NSEC3 proof in response to opt-outed empty
non-terminal
+ knotd: wrong SOA serial handling when enabling signing on already
existing secondary zone
+ knotd: defective ZONEMD verification error reporting when loading zone
#759
+ knotd: server can crash when reloading catalog zone #761
+ knotd: DNSSEC validation doesn't work when only NSEC3 chain changes
+
knotd: DNSSEC validation doesn't check if empty non-terminal over
non-opt-outed
delegation isn't opt-outed too
+ knotd: ZONEMD generation doesn't cause flushing zone to disk #758
+ knotd: incorrect evaluation of ACL deny rule in combination with TSIG
+ knotd: failed DS-check is replaned even if no key is ready
+ kdig: abort when query times out #763
+ libzscanner: missing output overflow check in the SVCB parsing
Compatibility:
+ keymgr: parameter -d is marked deprecated in favor of new parameter -D
+ kjournalprint: parameter -n is marked deprecated in favor of new
parameter -x
Version 3.1.1
Improvements:
+ keymgr: import-bind sets publish and active timers to now if missing
timers #747
+ mod-rrl: added QNAME, which triggered an action, to log messages #757
+ systemd: added environment variable for setting maximum configuration
DB size
Bugfixes:
+ knotd: adding RRSIGs to a signed zone can lead to redundant RRSIGs for
some NSEC(3)s
+ knotd: code not compiled correctly for ARM on Fedora >= 33
+ knotd: server can crash when opening catalog DB on startup
+ knotd: incorrect catalog update counts in logs
+ knotd: journal discontinuity and zone-in-journal result in incorrectly
calculated journal occupation
+ kdig: +noall does not filter out AUTHORITY comment #749
+ tests: journal unit test not passing if memory page size is different
from 4096
Reverts:
+ libzscanner: reverted "omitted TTL value is correctly set to the last
explicitly stated value (RFC 1035)" #751
|
|
Fixes install on systems where PKGMANDIR is share/man.
|
|
5.9.8
Improvements
Fix code blocks formatting of The Solution section docs
Add retry decorator to documentation
Updated utility docs
Add Exceptions to Documentation
Forces specific encoding on XMLRPC requests
Add sensor data to hardware
Ignoring f-string related messages for tox for now
Fix account events
Improved loadbal details
Fix initialized accountmanger
Fix hw billing reports 0 items
Update API docs link and remove travisCI mention
Fix errors with vs bandwidth
Add Item names to vs billing report
Mapping is now in collections.abc
fix vs placementgroup list
fixed up snapshot-notification cli commands
New Commands
loadbal l7policies
slcli loadbal l7policies --protocol-id
slcli loadbal l7policies
Snapshot notify
slcli file|block snapshot-set-notification
slcli file|block snapshot-get-notification-status
|
|
0.37.0
Technically backwards incompatible:
Adding a listener that does not inherit from RecordUpdateListener now logs an error
The NotRunningException exception is now thrown when Zeroconf is not running
Before this change the consumer would get a timeout or an EventLoopBlocked
exception when calling ServiceInfo.*request when the instance had already been shutdown
or had failed to startup.
The EventLoopBlocked exception is now thrown when a coroutine times out
Previously concurrent.futures.TimeoutError would have been raised
instead. This is never expected to happen during normal operation.
|
|
Aleri Kaisattera (1):
[liveleak] Remove extractor (closes #17625, closes #24222) (#29331)
Logan B (1):
[umg:de] Update GraphQL API URL (#29304)
Remita Amine (1):
[periscope] pass referer to HLS requests(closes #29419)
Sergey M (1):
[README.md] Update MSVC 2010 redist URL (closes #29222)
Sergey M․ (9):
[nrk] Switch psapi URL to https (closes #29344)
[youtube] Workaround for get_video_info request (refs #29333)
[youtube] Make get_video_info processing more robust (closes #29333)
[curiositystream:collection] Extend _VALID_URL (closes #26326, closes #29117)
[pornhub] Dismiss tbr extracted from download URLs (closes #28927)
[pornhub] Detect geo restriction
[pornhub] Add support for pornhubthbh7ap3u.onion
[ChangeLog] Actualize [ci skip]
release 2021.12.17
Tianyi Shi (1):
[bilibili] Strip uploader name (#29202)
bopol (2):
[youtube] Update invidious instance list (#29281)
[peertube] only call description endpoint if necessary (#29383)
kikuyan (4):
[orf:tvthek] Add support for MPD formats (closes #28672) (#29236)
[appleconnect] Fix extraction (#29208)
[egghead] Add support for app.egghead.io (closes #28404) (#29303)
[postprocessor/ffmpeg] Show ffmpeg output on error (refs #22680) (#29336)
lanegramling (1):
[youtube] Update signature function patterns (closes #30363) (#30366)
|
|
Also adapt the dependencies to not support python 2.7.
|
|
|
|
Overview of changes in 2.5.5
============================
User-visible Changes
--------------------
- SWEET32/64bit cipher deprecation change was postponed to 2.7
- Windows: use network address for emulated DHCP server as default
this enables use of a /30 subnet, which is needed when connecting
to OpenVPN Cloud.
- require EC support in windows builds
(this means it's no longer possible to build a Windows OpenVPN binary
with an OpenSSL lib without EC support)
New features
------------
- Windows build: use CFG and Spectre mitigations on MSVC builds
- bring back OpenSSL config loading to Windows builds.
OpenSSL config is loaded from %installdir%\SSL\openssl.cfg
(typically: c:\program files\openvpn\SSL\openssl.cfg) if it exists.
This is important for some hardware tokens which need special
OpenSSL config for correct operation.
Bugfixes
--------
- Windows build: enable EKM
- Windows build: improve various vcpkg related build issues
- Windows build: fix regression related to non-writeable status files
- Windows build: fix regression that broke OpenSSL EC support
- Windows build: fix "product version" display (2.5..4 -> 2.5.4)
- Windows build: fix regression preventing use of PKCS12 files
- improve "make check" to notice if "openvpn --show-cipher" crashes
- improve argv unit tests
- ensure unit tests work with mbedTLS builds without BF-CBC ciphers
- include "--push-remove" in the output of "openvpn --help"
- fix error in iptables syntax in example firewall.sh script
- fix "resolvconf -p" invocation in example "up" script
- fix "common_name" environment for script calls when
"--username-as-common-name" is in effect
Documentation
-------------
- move "push-peer-info" documentation from "server options" to "client"
(where it belongs)
- correct "foreign_option_{n}" typo in manpage
- update IRC information in CONTRIBUTING.rst (libera.chat)
- README.down-root: fix plugin module name
|
|
The most important update, which caused crashes in previous version:
23 August 2021: Wouter
- Fix #189: nsd 4.3.7 crash answer_delegation: Assertion
`query->delegation_rrset' failed.
Rest of the (long) Changelog here:
https://github.com/NLnetLabs/nsd/blob/NSD_4_3_9_REL/doc/ChangeLog
|
|
|
|
Upstream changes:
--- 9.16.24 released ---
5773. [func] Change the message when accepting TCP connection has
failed to say "Accepting TCP connection failed" and
change the log level for ISC_R_NOTCONNECTED, ISC_R_QUOTA
and ISC_R_SOFTQUOTA results codes from ERROR to INFO.
[GL #2700]
5768. [bug] dnssec-dsfromkey failed to omit revoked keys. [GL #853]
5764. [bug] dns_sdlz_putrr failed to process some valid resource
records. [GL #3021]
5762. [bug] Fix a "named" crash related to removing and restoring a
`catalog-zone` entry in the configuration file and
running `rndc reconfig`. [GL #1608]
5758. [bug] mdig now honors the operating system's preferred
ephemeral port range. [GL #2374]
5757. [test] Replace sed in nsupdate system test with awk to
construct the nsupdate command. The sed expression
was not reliably changing the ttl. [GL #3003]
|
|
Bombadillo is a non-web (Gopher, Gemini, Finger, etc) browser for the
terminal.
Bombadillo features a full terminal user interface, vim-like keybindings,
document pager, configurable settings, and a robust command selection.
|
|
|
|
21.12.0 (2021-12-11)
====================
Features
--------
- Update autoconf files for Apple Silicon Macs. Note that while there
are reports of compiling gevent on Apple Silicon Macs now, this is
*not* a tested configuration. There may be some remaining issues with
CFFI on some systems as well.
See :issue:`1721`.
- Build and upload CPython 3.10 binary manylinux wheels.
Unfortunately, this required us to stop building and uploading CPython
2.7 binary manylinux wheels. Binary wheels for 2.7 continue to be
available for Windows and macOS.
See :issue:`1822`.
- Test and distribute musllinux_1_1 wheels.
See :issue:`1837`.
- Update the tested versions of PyPy2 and PyPy3. For PyPy2, there should
be no user visible changes, but for PyPy3, support has moved from
Python 3.6 to Python 3.7.
See :issue:`1843`.
Bugfixes
--------
- Try to avoid linking to two different Python runtime DLLs on Windows.
See :issue:`1814`.
- Stop compiling manylinux wheels with ``-ffast-math.`` This was
implicit in ``-Ofast``, but could alter the global state of the
process. Analysis and fix thanks to Ilya Konstantinov.
See :issue:`1820`.
- Fix hanging the interpreter on shutdown if gevent monkey patching
occurred on a non-main thread in Python 3.9.8 and above. (Note that
this is not a recommended practice.)
See :issue:`1839`.
|
|
3.8.5 (2021-12-03)
Merged Pull Requests
* Update chefstyle requirement from 2.0.7 to 2.0.8 #702 (dependabot[bot])
* Update chefstyle requirement from 2.0.8 to 2.1.1 #706 (dependabot[bot])
* Fix ruby 2.5 test #711 (Vasu1105)
* Adds ssh_config_file option. #709 (Vasu1105)
|
|
|
|
|
|
Overview
Fix for log4j
Notification re-work.
Real-time traffic updates from Gateway (UDM/UXG).
Improve system performance.
Improve application latency.
Improvements
Add "Optimize IoT WiFi connectivity" field for WiFi configuration.
Add WiFi interference chart.
Add WiFi settings to the Hotspot form.
Add WPA3 support for UDM Base. (Requires 1.11 or newer UDM FW)
Add status section to display options in Topology.
Add default firewall rule to allow UniFi Talk traffic. (only when the application is configured)
Add local gateway domain name as DNS entry.
Add power source options to the USW-Flex property panel.
Allow enabling VPN on existing networks.
Adjust property panel table column styling.
Adjust displaying wired experience.
Improve WAN failover notifications.
Improve application (startup) stability.
Improve dashboard AP dropdown styling for smaller screens.
Improve clients table sorting.
Disable WiFi Legacy Support if Auto-optimize is enabled.
Disable edit for default Switch Ports.
Disable WiFi Data Rate settings if Network Auto-Optimize is enabled.
Enable multicast block if Auto-optimize is enabled, and there are more than 10 APs assigned to SSID.
Clean up daily DPI statistics based on statistics data retention setting.
Show correct memory usage values in the device panel.
Display device name in forget device modal title.
Non-network devices will report pending adoption status.
Change Data Rate Control slider color if minimum is selected.
Preload Time-Series data from DB to reduce Latency of Dashboard API.
Update settings app name and version copy.
Update Traffic & Security main page.
Update Adopt button and property-panel tabs.
Update translations across the Application to match UniFi terminology.
Update default DTIM period to 1 for 2.4GHz Radio.
Remove "Disable CCK Rates" and "Send beacons at 1Mbps" from minimum rate controls.
Remove PoE Detection/Duplex from property side panels.
Remove Tags from the application.
Hide speed test on WAN2 for USG.
Change “Beta” to “UniFi Labs”.
Clean up Notifications based on Statistics Data Retention settings.
Consolidate multiple device firmware update notifications into one.
Check device status more frequently during active admin sessions.
Provide client usage over the last 24 hours in the endpoint.
Implement UniFi Device Client property panel.
Rename field translation for UniFi Device property panel.
Bugfixes
Add missing profile radius toast messages.
Add missing UniFi clients in the clients page.
Add missing device statuses to device filters.
Add missing translation for USG Secondary Internet form.
Add migration to update invalid hostname from UniFi OS.
Fix issue where Peak Upload / Download Usage was reversed in Internet Settings.
Fix device Isolation feature not working on UDM-Pro-SE consoles.
Fix Backup is not respecting retention settings for Notifications and DPI statistics.
Fix network selection modal during U-LTE-Pro adoption process.
Fix adoption issues for U-LTE devices.
Fix issue where user could see "Trouble Page" when going to WiFi AI.
Fix unable to remove an administrator from sites on self-hosted applications.
Fix issue when USP-Plug physical toggle couldn’t be switched.
Fix issue where device uptime was incorrect.
Fix client count not reflected correctly on the dashboard.
Fix backup import from SD card on Cloud Key G2 Plus console.
Fix cyclical device disconnecting/reconnecting.
Fix devices with special states are not shown on the device page.
Fix sorting issues in various locations.
Fix device identification information not updated.
Fix configuration error when static WAN does not specify router address.
Fix WiFi experience feedback form cannot be submitted without comment.
Fix graph missing when opening ISP panel.
Fix timeout delay when deleting objects from the remote access portal.
Fix restoring from backup.
Fix MAC ID Filter list crashing.
Fix topology property panel crash.
Fix Display ISP name instead of the port name.
Fix “Copy Configuration” options.
Fix AP Groups Validation.
Fix USG speed test not working.
Fix newly adopted switches not having default night mode configuration.
Fix issue with duplicated VPN clients.
Fix Uplink Monitor Type selection indicator.
Fix Device Firmware Schedule list.
Fix typos in Settings.
Fix dashboard ISP text and clients table styling issues.
Fix styling for device manage section.
Fix download logs not working on self-installed Applications.
Fix logging to Ubiquiti Account in Settings.
Fix dropdown labels in Firewall Rules form.
Fix page crash in Threat Management when selecting specific dates.
Fix scrolling for scrollable tables.
Fix Display Option "Restore Default" functionality.
Fix WiFi Band validation if some Devices have reached the SSID limit.
Fix WAN form validation - Router field is required for Static connection.
Fix false-positive WAN failover notifications.
Fix which ethernet port is being advertised in UDM discovery.
Fix showing offline devices as wireless on Topology.
Fix page crash when opening WiFiman results.
Fix WiFi Scan table SSID's.
Fix navigation issue from device ports overview.
Fix text overflowing in topology.
Fix issue where WAN1's IP was used instead of active WAN.
Fix DHCP AutoScale feature on UXG.
Fix MAC Authorization form.
Fix DNS resolution not working on LTE failover with Content Filtering enabled
Fix missing IPS/VPN translations.
Fix the product line URL in the property panel.
Fix background color for UniFi Device Application link.
Fix style for Client page display options, list only APs for device options.
Remove disabled property from Fast Roaming toggle in WiFi settings.
Log only new connections in Port Forward firewall rules.
Disable logging in the default WAN_OUT firewall rules.
Show correct version in device identification.
Omit LTE IP from IP/subnet check in the network form.
Dashboard side panel styling updates.
No blocked_sta provisioned for low-resource models.
Email notification does not have Adopt button.
Tweak USW-Flex topology image.
Client property panel styling fixes.
Correct AP list for link aggregation.
Create correct links for the port edit form.
Show correct client status in grid view.
Show only relevant fields for the USG dashboard.
Show correct traffic amount in the dashboard for USG.
Sync client icons for Table and Property Panel.
Truncate actionable text that exceeds 30 characters.
Do not display negative uptime.
Update time format when changing 24/12h setting.
Update Table headers to correctly display GHz.
Use preferred time zone for AP Client history.
Prevent dashboard WAN tabs stretching.
Prevent Remote Access from being enabled on 32-bit systems where it is unsupported.
Load UniFi translations in Topology.
Clean up obsolete unsupported devices toast message.
Remove debug terminal & jumbo frames/flow control from UDM.
|
|
2.0.12 (2021-12-01)
* Use the correct message ID in SMB2/3 responses>
* Remove the now unused message_id attribute from
RubySMB::Server::ServerClient.
|
|
|
|
Wireshark 3.6.0 Release Notes
What’s New
Many improvements have been made. See the “New and Updated Features”
section below for more details. You might want to pay particular
attention to the display filter syntax updates.
New and Updated Features
The following features are new (or have been significantly updated)
since version 3.6.0rc3:
• The macOS Intel packages now ship with Qt 5.15.3 and require
macOS 10.13 or later.
The following features are new (or have been significantly updated)
since version 3.6.0rc2:
• Display filter set elements must now be comma-separated. See
below for more details.
The following features are new (or have been significantly updated)
since version 3.6.0rc1:
• The display filter expression “a != b” now has the same meaning
as “!(a == b)”.
The following features are new (or have been significantly updated)
since version 3.5.0:
• Nothing of note.
The following features are new (or have been significantly updated)
since version 3.4.0:
• Several changes have been made to the display filter syntax:
• The expression “a != b” now always has the same meaning as
“!(a == b)”. In particular this means filter expressions with
multi-value fields like “ip.addr != 1.1.1.1” will work as
expected (the result is the same as typing “ip.src != 1.1.1.1 and
ip.dst != 1.1.1.1”). This avoids the contradiction (a == b and a
!= b) being true.
• It is possible to use the syntax “a ~= b” or “a any_ne b” to
recover the previous (inconsistent with "==") logic for not
equal.
• Literal strings can now be specified using raw string syntax,
identical to raw strings in the Python programming language. This
can be used to avoid the complexity of using two levels of
character escapes with regular expressions.
• Set elements must now be separated using a comma. A filter
such as http.request.method in {"GET" "HEAD"} must be written as
…<U+200B> in {"GET", "HEAD"}. Whitespace is not significant. The
previous use of whitespace as separator is deprecated and will be
removed in a future version.
• Support for the syntax "a not in b" with the same meaning as
"not a in b" has been added.
• Packaging updates:
• A macOS Arm 64 (Apple Silicon) package is now available.
• The macOS Intel packages now ship with Qt 5.15.3 and require
macOS 10.13 or later.
• The Windows installers now ship with Npcap 1.55.
• A 64-bit Windows PortableApps package is now available.
• TCP conversations now support a completeness criteria, which
facilitates the identification of TCP streams having any of
opening or closing handshakes, a payload, in any combination. It
can be accessed with the new tcp.completeness filter.
• Protobuf fields that are not serialized on the wire or otherwise
missing in capture files can now be displayed with default values
by setting the new “add_default_value” preference. The default
values might be explicitly declared in “proto2” files, or false
for bools, first value for enums, zero for numeric types.
• Wireshark now supports reading Event Tracing for Windows (ETW). A
new extcap named ETW reader is created that now can open an etl
file, convert all events in the file to DLT_ETW packets and write
to a specified FIFO destination. Also, a new packet_etw dissector
is created to dissect DLT_ETW packets so Wireshark can display
the DLT_ETW packet header, its message and packet_etw dissector
calls packet_mbim sub_dissector if its provider matches the MBIM
provider GUID.
• “Follow DCCP stream” feature to filter for and extract the
contents of DCCP streams.
• Wireshark now supports dissecting RTP packets with OPUS payloads.
• Importing captures from text files based on regular expressions
is now possible. By specifying a regex capturing a single packet
including capturing groups for relevant fields a textfile can be
converted to a libpcap capture file. Supported data encodings are
plain-hexadecimal, -octal, -binary and base64. Also the timestamp
format now allows the second-fractions to be placed anywhere in
the timestamp and it will be stored with nanosecond instead of
microsecond precision.
• The RTP Player has been significatnly redesigned and improved.
See Playing VoIP Calls[1] and RTP Player Window[2] in the User’s
Guide for more details.
• The RTP Player can play many streams in row.
• The UI is more responsive.
• The RTP Player maintains playlist and other tools can add and
remove streams to and from it.
• Every stream can be muted or routed to the left or right
channel for replay.
• The option to save audio has been moved from the RTP Analysis
dialog to the RTP Player. The RTP Player also saves what was
played, and it can save in multichannel .au or .wav.
• The RTP Player is now accessible from the Telephony › RTP ›
RTP Player menu.
• The VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP
Player, SIP Flows) are non-modal and can stay opened on
background.
• The same tools are provided across all dialogs (Prepare
Filter, Analyse, RTP Player …<U+200B>)
• The “Follow Stream” dialog is now able to follow SIP calls based
on their Call-ID value.
• The “Follow Stream” dialog’s YAML output format has been updated
to add timestamps and peers information For more details see
Following Protocol Streams[3] in the User’s Guide.
• IP fragments between public IPv4 addresses are now reassembled
even if they have different VLAN IDs. Reassembly of IP fragments
where one endpoint is a private (RFC 1918 section 3) or
link-local (RFC 3927) IPv4 address continues to take the VLAN ID
into account, as those addresses can be reused. To revert to the
previous behavior and not reassemble fragments with different
VLAN IDs, turn on the “Enable stricter conversation tracking
heuristics” top level protocol preference.
• USB Link Layer reassembly has been added, which allows hardware
captures to be analyzed at the same level as software captures.
• TShark can now export TLS session keys with the
--export-tls-session-keys option.
• Wireshark participated in the Google Season of Docs 2020 and the
User’s Guide has been extensively updated.
• The “RTP Stream Analysis” dialog CSV export format was slightly
changed. The first line of the export contains column titles as
in other CSV exports.
• Wireshark now supports the Turkish language.
• The settings in the “Import from Hex Dump” dialog is now stored
in a profile import_hexdump.json file.
• Analyze › Reload Lua Plugins has been improved to properly
support FileHandler.
• The “RTP Stream Analysis” and “IAX2 Stream Analysis” dialogs now
show correct calculation mean jitter calculations.
• RTP streams are now created based on Skinny protocol messages in
addition to other types of messages.
• The “VoIP Calls Flow Sequence” window shows more information
about various Skinny messages.
• Initial support for building Wireshark on Windows using GCC and
MinGW-w64 has been added. See README.msys2 in the sources for
more information.
New File Format Decoding Support
Vector Informatik Binary Log File (BLF)
New Protocol Support
5G Lawful Interception (5GLI), Bluetooth Link Manager Protocol (BT
LMP), Bundle Protocol version 7 (BPv7), Bundle Protocol version 7
Security (BPSec), CBOR Object Signing and Encryption (COSE), E2
Application Protocol (E2AP), Event Tracing for Windows (ETW), EXtreme
extra Eth Header (EXEH), High-Performance Connectivity Tracer
(HiPerConTracer), ISO 10681, Kerberos SPAKE, Linux psample protocol,
Local Interconnect Network (LIN), Microsoft Task Scheduler Service,
O-RAN E2AP, O-RAN fronthaul UC-plane (O-RAN), Opus Interactive Audio
Codec (OPUS), PDU Transport Protocol, R09.x (R09), RDP Dynamic
Channel Protocol (DRDYNVC), RDP Graphic pipeline channel Protocol
(EGFX), RDP Multi-transport (RDPMT), Real-Time Publish-Subscribe
Virtual Transport (RTPS-VT), Real-Time Publish-Subscribe Wire
Protocol (processed) (RTPS-PROC), Shared Memory Communications (SMC),
Signal PDU, SparkplugB, State Synchronization Protocol (SSyncP),
Tagged Image File Format (TIFF), TP-Link Smart Home Protocol, UAVCAN
DSDL, UAVCAN/CAN, UDP Remote Desktop Protocol (RDPUDP), Van Jacobson
PPP compression (VJC), World of Warcraft World (WOWW), and X2 xIRI
payload (xIRI)
Updated Protocol Support
Too many protocols have been updated to list here.
New and Updated Capture File Support
Vector Informatik Binary Log File (BLF)
|
|
|
|
|
