| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
v0.6.3:
Fix homepage link registered with PyPi
SSH Host key checking
Updated junos.py to resolve RestrictedUser error
Close the channel when closing SSH session
invoke self.parse() to ensure errors, if any, have been detected before check in ok()
v0.6.2:
Migration to user selectors instead of select, allowing higher scale operations
improved netconf:base:1.1 parsing
Graceful exit on session close
|
|
|
|
Changes since 4.9.4:
* audit_logging: Remove debug log header and JSON Authentication:
prefix.
* Fix upgrade from 4.7 (or earlier) to 4.9.
* s3: lib: nmbname: Ensure we limit the NetBIOS name correctly.
CID: 1433607.
* smbd: uid: Don't crash if 'force group' is added to an existing
share connection.
* s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility
code.
* s3: SMB1 POSIX mkdir does case insensitive name lookup.
* s3:utils/smbget fix recursive download with empty source
directories.
* samba-tool drs showrepl: Do not crash if no dnsHostName found.
* s3:libsmb: cli_smb2_list() can sometimes fail initially on a
connection.
* join: Throw CommandError instead of Exception for simple errors.
* ldb: Avoid inefficient one-level searches.
* s3: libsmb: use smb2cli_conn_max_trans_size() in
cli_smb2_list().
* tldap: Avoid use after free errors.
* Fix idmap xid2sid cache churn.
* access_check_max_allowed() doesn't process "Owner Rights" ACEs.
* s3-smbd: Avoid assuming fsp is always intact after close_file
call.
* s3-vfs-fruit: Add close call.
* s3-smbd: Use fruit:model string for mDNS registration.
* s3-vfs: add glusterfs_fuse vfs module.
* printing: Check lp_load_printers() prior to pcap cache update.
* vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS)
ftruncate and fallocate.
* lib/audit_logging: Actually create talloc.
* netcmd/user: python[3]-gpgme unsupported and replaced by
python[3]-gpg.
* dns: Changing onelevel search for wildcard to subtree.
* samba-tool: Don't print backtrace on simple DNS errors.
* sambaundoguididx: Use the right escaped oder unescaped sam ldb
files.
* ctdb: Print locks latency in machinereadable stats.
* messages_dgm: Messaging gets stuck when pids are recycled.
* audit_logging: auth_json_audit required auth_json.
* man pages: Document prefork process model.
* CVE-2019-3824 ldb: Release ldb 1.4.6.
* s3:auth: ignore create_builtin_guests() failing without a valid
idmap configuration.
* s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC
without trusts.
* s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd
is not available.
* s4:server: Add support for 'smbcontrol samba shutdown' and
'smbcontrol <pid> debug/debuglevel'.
* Python: Ensure ldb.Dn can doesn't rencoded str with py2.
* vfs_glusterfs: Adapt to changes in libgfapi signatures.
* s3-vfs: Use ENOATTR in errno comparison for getxattr.
* notifyd: Fix SIGBUS on sparc.
* waf: Check for libnscd.
* s3:vfs: Correctly check if OFD locks should be enabled or not.
* lib/util: Count a trailing line that doesn't end in a newline.
* Recovery lock bug fixes.
* s3: net: Do not set NET_FLAGS_ANONYMOUS with -k.
* s3:libsmb: Honor disable_netbios option in smbsock_connect_send.
* vfs_fileid: Fix get_connectpath_ino.
* vfs_fileid: Fix fsname_norootdir algorithm.
|
|
Release 0.13.1
This release adds a minor feature to "flappclient": it now pays attention to
a pair of environment variables named $FOOLSCAP_TOR_CONTROL_PORT and
$FOOLSCAP_TOR_SOCKS_PORT. If set, the client will install a connection
handler that routes "tor:" -type FURLs through a Tor daemon at the given
ports (both of which are endpoint descriptors, e.g. "tcp:localhost:9050").
To use this, install the "tor" extra, like "pip install foolscap[tor]". If
this extra was not installed (e.g. "txtorcon" is not importable), the
environment variables will be ignored.
This release also improves the reliability of the unit test suite
(specifically test_reconnector) on slower systems.
Release 0.13.0
This release fixes compatibility with the latest Twisted-17.9.0 and changes
the way logfiles are encoded.
Foolscap's "flogtool" event-logging system can be configured to serialize log
events into "Incident Files". In previous versions, these were serialized
with the stdlib "pickle" module. However a recent change to Twisted's
"Failure" class made them unpickleable, causing Foolscap's unit test suite to
fail, and also affect applications which foolscap.logging.log.msg() with
Failures as arguments. And untrusted pickles were unsafe to load anyways.
This release replaces pickle with JSON, making it safe to use "flogtool"
utilities on untrusted incident files. All new incident files created by this
version will use JSON, and all tools (e.g. "flogtool dump") can only handle
JSON-based files.
This also resolves a problem with tox-2.9.0, which caused tests to not run at
all because nothing was installed into the test environment.
|
|
Twine is a utility for publishing Python packages on PyPI. It provides build
system independent uploads of source and binary distribution artifacts for both
new and existing projects.
|
|
0.13.1:
- Guard against some malformed messages from the server
|
|
Upstream changes:
Features
- Add local-zone type inform_redirect, which logs like type inform,
and redirects like type redirect.
- Perform canonical sort for 0x20 capsforid compare of replies,
this sorts rrsets in the authority and additional section before
comparison, so that out of order rrsets do not cause failure.
- Print query name with ip_ratelimit exceeded log lines.
Spaces instead of tabs in that log message.
- Print query name and IP address when domain rate limit exceeded.
Bug Fixes
- Fix #4224: auth_xfr_notify.rpl test broken due to typo
- Fix locking for libunbound context setup with broken port config.
- Fix case in which query timeout can result in marking delegation
as edns_lame_known.
- Set ub_ctx_set_tls call signature in ltrace config file for
libunbound in contrib/libunbound.so.conf.
- improve documentation for tls-service-key and forward-first.
- #10: fixed pkg-config operations, PKG_PROG_PKG_CONFIG moved out of
conditional section, fixes systemd builds, from Enrico Scholz.
- #9: For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks,
still supports the set_id_callback previous API. And for 1.1.0
no locking callbacks are needed.
- #8: Fix OpenSSL without ENGINE support compilation.
- Wipe TLS session key data from memory on exit.
- Fix that log-replies prints the correct name for local-alias
names, for names that have a CNAME in local-data configuration.
It logs the original query name, not the target of the CNAME.
- Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2.
- Fix that qname minimisation does not skip a label when missing
nameserver targets need to be fetched.
- Fix #4225: clients seem to erroneously receive no answer with
DNS-over-TLS and qname-minimisation.
- Note default for module-config in man page.
- Fix #13: Remove left-over requirements on OpenSSL >= 1.1.0 for
cert name matching, from man page.
- Fix capsforid canonical sort qsort callback.
- Fix pythonmod include and sockaddr_un ifdefs for compile on
Windows, and for libunbound.
- Fix the error for unknown module in module-config is understandable,
and explains it was not compiled in and where to see the list.
- In example.conf explain where to put cachedb module in module-config.
- In man page and example config explain that most modules have to
be listed at the start of module-config.
- Fix #4227: pair event del and add for libevent for tcp_req_info.
- Fix #4229: Unbound man pages lack information, about access-control
order and local zone tags, and elements in views.
- Fix #14: contrib/unbound.init: Fix wrong comparison judgment
before copying.
- Fix for python module on Windows, fix fopen.
- Remove memory leak on pythonmod python2 script file init.
- Remove swig gcc8 python function cast warnings, they are ignored.
- Print correct module that failed when module-config is wrong.
|
|
Pkgsrc changes:
* Update license to "mit", to track upstream.
Upstream changes:
* Change license to modern MIT license for compatibility with
GPLv2 software.
* src/fstrm_replay.c: For OpenBSD and Posix portability include
netinet/in.h and sys/socket.h to get struct sockaddr_in and the
AF_* defines respectively.
* Fix various compiler warnings.
|
|
|
|
Implementation of rsync with a BSD (ISC) license.
|
|
Add default-on nettle option.
Requested by Fabien in PR 54042, ok hannken@
|
|
3.41.1 (2019-03-06)
- Fix a regression introduced in 3.41.1 with slow FTP servers needlessly waiting for a bidirectional shutdown of the data connection during down
loads
3.41.0 (2019-03-06)
- MSW: Fix an issue with failing uploads due to the operating system not gracefully closing TCP connections contrary to the documented behavior
- MSW: Fix compilation flags for wxWidgets to no longer include useless XP compatibility
3.41.0-rc1 (2019-02-26)
- Fixed crash if adding a bookmark with the current connection not yet having a Site Manager entry
- Fixed a rare crash if closing FileZilla while a recursive chmod operation is still in progress
- Fixed a rare crash if starting directory comparison on an empty directory without logical parent
- Fixed a rare crash on changing the file list sort order when the focused item index has previously become invalid
- Restrict the maximum length of regular expressions in filter conditions due to bugs in some implementations of the C++ Standard Library causin
g crashes
- OS X: Fixed crash if the path of a file dropped on FileZilla cannot be obtained
- Fixed order in which directories helper tools and data files are searched for
- Fixed a rare crash if closing tab during an ongoing recursive directory deletion
|
|
|
|
Changes:
version 2019.03.09
Core
* [extractor/common] Use compat_etree_Element
+ [compat] Introduce compat_etree_Element
* [extractor/common] Fallback url to base URL for DASH formats
* [extractor/common] Do not fail on invalid data while parsing F4M manifest
in non fatal mode
* [extractor/common] Return MPD manifest as format's url meta field (#20242)
* [utils] Strip #HttpOnly_ prefix from cookies files (#20219)
Extractors
* [francetv:site] Relax video id regular expression (#20268)
* [toutv] Detect invalid login error
* [toutv] Fix authentication (#20261)
+ [urplay] Extract timestamp (#20235)
+ [openload] Add support for oload.space (#20246)
* [facebook] Improve uploader extraction (#20250)
* [bbc] Use compat_etree_Element
* [crunchyroll] Use compat_etree_Element
* [npo] Improve ISM extraction
* [rai] Improve extraction (#20253)
* [paramountnetwork] Fix mgid extraction (#20241)
* [libsyn] Improve extraction (#20229)
+ [youtube] Add more invidious instances to URL regular expression (#20228)
* [spankbang] Fix extraction (#20023)
* [espn] Extend URL regular expression (#20013)
* [sixplay] Handle videos with empty assets (#20016)
+ [vimeo] Add support for Vimeo Pro portfolio protected videos (#20070)
|
|
18.0.1
Fixes installation from source on non-unicode locales with Python 3.
There are no code changes in this release.
|
|
Wireshark 2.6.7 Release Notes
The following vulnerabilities have been fixed:
• wnpa-sec-2019-06[1] ASN.1 BER and related dissectors crash.
15447[2]. CVE-2019-9209[3].
• wnpa-sec-2019-07[4] TCAP dissector crash.
CVE-2019-9208[6].
• wnpa-sec-2019-08[7] RPCAP dissector crash.
The following bugs have been fixed:
• Alignment Lost after Editing Column.
• Crash on applying display filters or coloring rules on capture
files containing non-UTF-8 data.
• tshark outputs debug information.
• Feature request - HTTP, add the field "request URI" to response.
• randpkt should be distributed with the Windows installer.
• Memory leak with "-T ek" output format option.
• Display error in negative response time stats (gint displayed as
unsigned).
• _epl_xdd_init not found.
• Decoding of MEGACO/H.248 request shows the Remote descriptor as
"Local descriptor".
• Repeated NFS in Protocol Display field.
• RBM file dissector adds too many items to the tree, resulting in
aborting the program.
• Wireshark heap out-of-bounds read in infer_pkt_encap.
• Column width and hidden issues when switching profiles.
• GTPv1-C SGSN Context Response / Forward Relocation Request decode
GGSN address IPV6 issue.
• Lua Error on startup: init.lua: dofile has been disabled due to
running Wireshark as superuser.
• DICOM ASSOCIATE Accept: Protocol Version.
• Multiple out-of-bounds reads in NetScaler trace handling
(wiretap/netscaler.c).
• Wrong endianess when dissecting the "chain offset" in SMB2
protocol header.
• Memory leak in mate_grammar.lemon’s recolonize function.
|
|
|
|
- Add IPv6 DNS addresses using "netsh interface ipv6 add dns" command
- Add attempt-reconnect invocation
|
|
4.4.0:
- Restore bz2 import checks in compression module.
The checks were removed in celery/kombu-938 <https://github.com/celery/kombu/pull/938>_ due to assumption that it only affected Jython.
However, bz2 support can be missing in Pythons built without bz2 support.
- Fix regression that occurred in 4.3.0
when parsing Redis Sentinel master URI containing password.
- Handle the case when only one Redis Sentinel node is provided.
- Support SSL URL parameters correctly for rediss:// URIs.
- Revert celery/kombu-954 <https://github.com/celery/kombu/pull/954>_.
Instead bump the required redis-py dependency to 3.2.0
to include this fix andymccurdy/redis-py@4e1e748 <https://github.com/andymccurdy/redis-py/commit/4e1e74809235edc19e03edb79c97c80a3e4e9eca>_.
- Added support for broadcasting using a regular expression pattern
or a glob pattern to multiple Pidboxes.
|
|
2.4.2:
- Added support for the Cygwin platform
- Correct offset incrementation when parsing bitmaps.
- Consequent bitmaps are now parsed correctly.
Previously the bit counter was reset with every bit.
We now reset it once per 8 bits, when we consume the next byte.
|
|
2.2.1:
Bugfixes
Ignore case on punycode prefix check
Drop support for EOL Python 2.6
Improve sundry doc and README bits
|
|
### mate-user-share 1.22.0
* Translations update
* Use the same legal.xml file
* Initialize Travis CI support
|
|
Package is now compatible with dune 1.7.
Several backwards incompatible changes in version 3.0.0:
- sexp serialisers removed from main interface;
- macaddr module now in separate opam package;
- replace of_string/bytes functions with rresult types;
- use sexplib0 instead of the full sexp library;
- changes to function signatures.
Full details in the CHANGES.md file; there are also several minor changes.
|
|
|
|
|
|
winbindd has been started but not configured.
|
|
Changes:
2019.03.01
Core
+ [downloader/external] Add support for rate limit and retries for wget
* [downloader/external] Fix infinite retries for curl (#19303)
Extractors
* [npo] Fix extraction (#20084)
* [francetv:site] Extend video id regex (#20029, #20071)
+ [periscope] Extract width and height (#20015)
* [servus] Fix extraction (#19297)
* [bbccouk] Make subtitles non fatal (#19651)
* [metacafe] Fix family filter bypass (#19287)
|
|
18.0.0
Update bundled libzmq to 4.3.1 (fixes CVE-2019-6250)
Added proxy_steerable() and zmq.devices.ProxySteerable
Added bind_{in|out|mon}_to_random_port variants for proxy device methods
Performance improvements for sends with asyncio
Fix sending memoryviews/bytearrays with cffi backend
|
|
v19.0.0
-------
January 15, 2019
* add :func:`TorControlProtocol.when_disconnected` (will replace `.on_disconnect`)
* add `detach=` kwarg to :func:`Tor.create_onion_service`
* add `purpose=` kwarg to :func:`TorState.build_circuit`
|
|
Version 2.1 (January 12th, 2019)
Fixup release, correcting issues uncovered in the prior year.
Startup
Connect by default to Tor Browser's default port (9151) when it's available
Nyxrc color_override configuration values only worked if camel case (ticket)
'sqlite3.OperationalError' crash when ran with multiple users that share a home directory (ticket)
Process renaming could potentially crash (ticket)
Blank debug path caused us to crash (ticket)
Nyxrc password option for the controller credential (ticket)
Accept shorthand '--interface' arugments with a colon but no address (ticket)
Notification when connection information is unavailable (ticket)
When using python 3.x unable to run if distutils was unavailable (ticket)
Header
Right column of stats missing when using python 3.x
Graph
Removed confusing, unit-less 'measured' statistic
Connections
Geoip information unavailable for inbound connections
Dialog showing exit statistics crashed when no data was available (ticket)
More strictly scrub sensitive connection information (ticket)
Client and exit port usage dialogs counted each connection rather than unique clients and destinations (ticket)
Logging
Python3 crashed when dates are on year boundaries (ticket)
Configuration Editor
New tor configuration options crashed nyx when shown (ticket)
Errors when saving the configuration could result in a stacktrace (ticket)
Pressing 'esc' when editing values changed their value to 'none' (ticket)
Reset configuration option if set to an empty value
Interpreter
Line wrap content (ticket)
Large volume of content made the panel sluggish (ticket)
Curses
Resizing could crash the interface (ticket)
Implemented del key in editable text fields (ticket)
Website
Greatly expanded platforms available on the download page
Added 'How do I get started?' to the FAQ
Added 'Why can't I install with apt-get?' to the FAQ
Added 'Why can't I see Tor's connections?' to the FAQ
|
|
fping 4.2:
New features
* New option -x / --reachable to check if the number of reachable hosts is >= a certain number. Useful for example to implement connectivity-checks
Bugfixes and other changes
* Allow decimal numbers for '-t', '-i', '-p', and '-Q'
* Fix build with --disable-ipv6
* Fix hang with '-6', with ipv6 kernel module, but not loaded
* Assume '-6' if the binary is named 'fping6' (this is mostly for special embedded-distro use cases, and not meant to be used generally in place of compiling IPv6-only binary or using '-6'
* Get rid of warning "timeout (-t) value larger than period (-p) produces unexpected results"
|
|
|
|
Changes:
2.10.0
------
Features
- New hub pr list --format fields %pS and %pC for PR state and color
o %pS: "open", "draft", "merged", or "closed"
o %pC: green, gray, purple, or red
- Have commands with rich output respect the --color flag
o default: --color=auto
o --color is equivalent to --color=always
o --color=never disables color for TTYs
Fixes
- Make man pages parseable with whatis
- Make hub checkout work independently of remote refspec
|
|
|
|
Upstream changes:
mikutter 3.8.6
* backport yield_self for Ruby 2.4 and prior
* possible crash on too fast reply as @seibe
* extract pixiv images from OGP
* thanks Shibafu Midorino
|
|
Changes in Apache Libcloud 2.4.0
- Refuse installation with Python 2.6 and Python 3.3 (support was
already dropped in Libcloud 2.3.0)
- Support Python 3.7
- Cleanup various Python files
- Allow running tests with http_proxy set
Common
- [OpenStack] Document openstack_connection_kwargs method
- [OpenStack] Handle missing user email in OpenStackIdentityUser
Compute
- [ARM] Support OS disk size definition on node creation
- [Digital Ocean] Support floating IPs
- [Digital Ocean] Support attach/detach for floating IPs
- [Digital Ocean] Add ex_get_node_details
- [Digital Ocean] Add tags extra attribute to create_node
- [Dimension Data] Fix IndexError in list_images
- [EC2] Add AWS eu-west-3 (Paris) region
- [EC2] Add description to ex_authorize_security_group_ingress
- [EC2] Added script to automatically get EC2 instance sizes
- [EC2] Update instance sizes
- [EC2] Accept tags when create a snapshot
- [GCE] Expand Firewall options coverage
- [GCE] Expand network and subnetwork options coverage
- [GCE] Extend ex_create_address to allow internal ip creation
- [GCE] Allow shared VPC in managed instance group creation
- [GCE] Support disk_size parameter for boot disk when creating instance
- [GCE] Update public image projects list
- [GCE] Fix _find_zone_or_region for >500 instances
- [GCE] Allow routing_mode=None in ex_create_network
- [OpenStack] Implement Glance Image API v2
- [OpenStack] Fix spelling in ex_files description
- [OpenStack v2] Allow listing image members
- [OpenStack v2] Allow creating and accepting image members
- [OpenStack v2] Fix image members methods
- [OpenStack] Fix API doc for delete_floating_ip
- [OpenStack] Implement port attaching/detaching
- [OpenStack] Add methods for getting and creating ports
- [OpenStack] Add get_user method
- [OpenStack] Add ex_list_subnets to OpenStack_2_NodeDriver
- [OpenStack] The OpenStack_2_NodeDriver uses two connections
- [OpenStack] The OpenStack_2_NodeDriver /v2.0/networks instead of /os-networks
- [Scaleway] New Scaleway driver
- [Scaleway] Update Scaleway default API host
DNS
- [Google Cloud DNS] Document driver instantiation
Storage
- Update docstring for storage provider class
- [Azure Blob Storage] Allow filtering lists by prefix
- [Azure Blob Storage] Update driver documentation
- [Azure Blob Storage] Fix upload/download streams
- [Azure Blob Storage] Fix PageBlob headers
- [S3] Guess s3 upload content type
- [S3] Add Amazon S3 (cn-northwest-1) Storage Driver
Other
- Fixed spelling in 2.0 changes documentation
Changes in Apache Libcloud 2.3.0
- Drop support for Python 2.6 and Python 3.3
They're no longer supported, and the Python ecosystem is starting to
drop support: two of our test dependencies no longer support them.
- Made pytest-runner optional
Common
- Improve warning when CA_CERTS_PATH is incorrectly passed as a list
- Cleaned up and corrected third-party drivers documentation
- Modernized a few Python examples
- [OpenStack] Authentify with updated Identity API
Compute
- Fix "wait_until_running() method so it also works correctly and doesn't
append "None" to the addresses list if node has no IP address.
- [ARM] Fix checking for "location is None" in several functions
- [ARM] Fix error when using SSH key auth with Python 3
- [ARM] Fix API call on powerOff, understand PAUSED state
- [ARM] Delete VHDs more reliably in destroy_node(), raise exception on unhandled errors
- [ARM] Fix api version used to list and delete NICs
- [ARM] Allow faster list_nodes() with ex_fetch_power_state=False
- [ARM] Fix delete_old_vhd
- [ARM] Limit number of retries in destroy_node
- [ARM] Fix Retry-After header handling
- [CloudStack] Handle NICs without addresses
- [CloudStack] Add change size and restore
- [Digital Ocean] Add ex_enable_ipv6 in DigitalOcean_v2 driver
- [Digital Ocean] Add support for tags in list_nodes()
- [Digital Ocean] Add rebuild and resize commands
- [EC2] Add new x1.16xlarge and x1e.32xlarge instance type.
- [EC2] Add AWS EC2 c5 series
- [EC2] Add AWS EC2 M5 sizes
- [EC2] Update pricing information for EC2 instances.
- [EC2] Allow cn-north-1 even without pricing information
- [EC2] Fix EBS volume encryption
- [ECS Aliyun] Support modify_security_group_attributes
- [GCE] Allow adding labels to images
- [GCE] Allow adding license strings to images
- [GCE] Support GCE node labels.
- [GCE] Fix GCEList pagination.
- [GCE] Allow setting service account in instance templates
- [GCE] Add support for private IP addresses in GCE instance creation
- [GCE] Allow for use of shared network (VPC) and subnetwork
- [GCE] Add support for accelerators
- [ProfitBricks] Update driver and add support for the new API v4.
- [ProfitBricks] Fix list_snapshots() method
- [UpCloud] New driver for UpCloud
- [UpCloud] Use disk size and storage tier also when creating node from template
- [UpCloud] Allow to define hostname and username
- [UpCloud] Add pricing information to list_sizes
Storage
- Added Digital Ocean Spaces driver
- [Digital Ocean Spaces] Add support for AMS3 region
- [Digital Ocean Spaces] Add support for SGP1 region
- Fix a bug / regression which resulted in increased memory consumption when
using download_object method. This method would store whole object
content in memory even though there was no need for that.
This regression was introduced in 2.0.0 when we moved to using requests
library.
- Fix a regression with hash computation performance and memory usage on object
upload inadvertently introduced in 2.0.0 and make it more efficient.
|
|
Changes in version 0.3.5.8:
Tor 0.3.5.8 backports serveral fixes from later releases, including fixes
for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x
releases.
It also includes a fix for a medium-severity security bug affecting Tor
0.3.2.1-alpha and later. All Tor instances running an affected release
should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.
o Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can
put in the outbuf. Previously, KIST acted as though the outbuf
were empty, which could lead to the outbuf becoming too full. It
is possible that an attacker could exploit this bug to cause a Tor
client or relay to run out of memory and crash. Fixes bug 29168;
bugfix on 0.3.2.1-alpha. This issue is also being tracked as
TROVE-2019-001 and CVE-2019-8955.
o Major bugfixes (networking, backport from 0.4.0.2-alpha):
- Gracefully handle empty username/password fields in SOCKS5
username/password auth messsage and allow SOCKS5 handshake to
continue. Previously, we had rejected these handshakes, breaking
certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.
o Minor features (compilation, backport from 0.4.0.2-alpha):
- Compile correctly when OpenSSL is built with engine support
disabled, or with deprecated APIs disabled. Closes ticket 29026.
Patches from "Mangix".
o Minor features (geoip):
- Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
Country database. Closes ticket 29478.
o Minor features (testing, backport from 0.4.0.2-alpha):
- Treat all unexpected ERR and BUG messages as test failures. Closes
ticket 28668.
o Minor bugfixes (onion service v3, client, backport from 0.4.0.1-alpha):
- Stop logging a "BUG()" warning and stacktrace when we find a SOCKS
connection waiting for a descriptor that we actually have in the
cache. It turns out that this can actually happen, though it is
rare. Now, tor will recover and retry the descriptor. Fixes bug
28669; bugfix on 0.3.2.4-alpha.
o Minor bugfixes (IPv6, backport from 0.4.0.1-alpha):
- Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the
IPv6 socket was bound using an address family of AF_INET instead
of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from
Kris Katterjohn.
o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha):
- Update Cargo.lock file to match the version made by the latest
version of Rust, so that "make distcheck" will pass again. Fixes
bug 29244; bugfix on 0.3.3.4-alpha.
o Minor bugfixes (client, clock skew, backport from 0.4.0.1-alpha):
- Select guards even if the consensus has expired, as long as the
consensus is still reasonably live. Fixes bug 24661; bugfix
on 0.3.0.1-alpha.
o Minor bugfixes (compilation, backport from 0.4.0.1-alpha):
- Compile correctly on OpenBSD; previously, we were missing some
headers required in order to detect it properly. Fixes bug 28938;
bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (documentation, backport from 0.4.0.2-alpha):
- Describe the contents of the v3 onion service client authorization
files correctly: They hold public keys, not private keys. Fixes
bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".
o Minor bugfixes (logging, backport from 0.4.0.1-alpha):
- Rework rep_hist_log_link_protocol_counts() to iterate through all
link protocol versions when logging incoming/outgoing connection
counts. Tor no longer skips version 5, and we won't have to
remember to update this function when new link protocol version is
developed. Fixes bug 28920; bugfix on 0.2.6.10.
o Minor bugfixes (logging, backport from 0.4.0.2-alpha):
- Log more information at "warning" level when unable to read a
private key; log more information at "info" level when unable to
read a public key. We had warnings here before, but they were lost
during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (misc, backport from 0.4.0.2-alpha):
- The amount of total available physical memory is now determined
using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
when it is defined and a 64-bit variant is not available. Fixes
bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (onion services, backport from 0.4.0.2-alpha):
- Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
than one private key for a hidden service. Fixes bug 29040; bugfix
on 0.3.5.1-alpha.
- In hs_cache_store_as_client() log an HSDesc we failed to parse at
"debug" level. Tor used to log it as a warning, which caused very
long log lines to appear for some users. Fixes bug 29135; bugfix
on 0.3.2.1-alpha.
- Stop logging "Tried to establish rendezvous on non-OR circuit..."
as a warning. Instead, log it as a protocol warning, because there
is nothing that relay operators can do to fix it. Fixes bug 29029;
bugfix on 0.2.5.7-rc.
o Minor bugfixes (tests, directory clients, backport from 0.4.0.1-alpha):
- Mark outdated dirservers when Tor only has a reasonably live
consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.
o Minor bugfixes (tests, backport from 0.4.0.2-alpha):
- Detect and suppress "bug" warnings from the util/time test on
Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
- Do not log an error-level message if we fail to find an IPv6
network interface from the unit tests. Fixes bug 29160; bugfix
on 0.2.7.3-rc.
o Minor bugfixes (usability, backport from 0.4.0.1-alpha):
- Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate().
Some users took this phrasing to mean that the mentioned guard was
under their control or responsibility, which it is not. Fixes bug
28895; bugfix on Tor 0.3.0.1-alpha.
|
|
Update bind912 to 9.12.3pl4 (BIND 9.12.3-P4).
--- 9.12.3-P4 released ---
--- 9.12.3-P3 released (withdrawn) ---
5141. [security] Zone transfer controls for writable DLZ zones were
not effective as the allowzonexfr method was not being
called for such zones. (CVE-2019-6465) [GL #790]
--- 9.12.3-P2 released (withdrawn) ---
5118. [security] Named could crash if it is managing a key with
`managed-keys` and the authoritative zone is rolling
the key to an unsupported algorithm. (CVE-2018-5745)
[GL #780]
5110. [security] Named leaked memory if there were multiple Key Tag
EDNS options present. (CVE-2018-5744) [GL #772]
|
|
Update bind911 to 9.11.5pl4 (BIND 9.11.5-P4).
--- 9.11.5-P4 released ---
--- 9.11.5-P3 released (withdrawn) ---
5141. [security] Zone transfer controls for writable DLZ zones were
not effective as the allowzonexfr method was not being
called for such zones. (CVE-2019-6465) [GL #790]
--- 9.11.5-P2 released (withdrawn) ---
5118. [security] Named could crash if it is managing a key with
`managed-keys` and the authoritative zone is rolling
the key to an unsupported algorithm. (CVE-2018-5745)
[GL #780]
5110. [security] Named leaked memory if there were multiple Key Tag
EDNS options present. (CVE-2018-5744) [GL #772]
|
|
OpenVPN 2.4.7
- Fix subnet topology on NetBSD (2.4).
- add support for %lu in argv_printf and prevent ASSERT
- buffer_list: add functions documentation
- ifconfig-ipv6(-push): allow using hostnames
- Properly free tuntap struct on android when emulating persist-tun
- Add OpenSSL compat definition for RSA_meth_set_sign
- Add support for tls-ciphersuites for TLS 1.3
- Add better support for showing TLS 1.3 ciphersuites in --show-tls
- Use right function to set TLS1.3 restrictions in show-tls
- Add message explaining early TLS client hello failure
- Fallback to password authentication when auth-token fails
- systemd: extend CapabilityBoundingSet for auth_pam
- plugin: Export base64 encode and decode functions
- Add %d, %u and %lu tests to test_argv unit tests.
- Fix combination of --dev tap and --topology subnet across multiple platforms.
- Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
- preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)
- Minor reliability layer documentation fixes
- Resolves small IV_GUI_VER typo in the documentation.
- Clarify and expand management interface documentation
- Refactor NCP-negotiable options handling
- init.c: refine functions names and description
- interactive.c: fix usage of potentially uninitialized variable
- options.c: fix broken unary minus usage
- Remove extra token after #endif
- Fix error message when using RHEL init script
- man: correct a --redirection-gateway option flag
- Replace M_DEBUG with D_LOW as the former is too verbose
- Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
- Bump version of openvpn plugin argument structs to 5
- Move get system directory to a separate function
- Enable dhcp on tap adapter using interactive service
- Pass the hash without the DigestInfo header to NCryptSignHash()
- White-list pull-filter and script-security in interactive service
- Add Interactive Service developer documentation
- Detect TAP interfaces with root-enumerated hardware ID
- man: add security considerations to --compress section
- mbedtls: print warning if random personalisation fails
- Fix memory leak after sighup
- travis: add OpenSSL 1.1 Windows build
- Fix --disable-crypto build
- Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
- buffer_list_aggregate_separator(): simplify code
|
|
|
|
Introduce sasl option (disabled by default) to inconsistent
detection of cyrus-sasl between CMAKE and CC.
Reported by NISHIMURA Takeshi.
|
|
4.1.6:
Bug Fixes
Prevent more than one CNAME/SOA record in the same RRset
|
|
4.1.11
Since Spectre/Meltdown, system calls have become more expensive. This made exporting a very high number of protobuf messages costly, which is addressed in this release by reducing the number of sycalls per message.
Improvements
Add an option to export only responses over protobuf to the Lua protobufServer() directive.
Reduce systemcall usage in protobuf logging.
4.1.10
This release fixes a bug when trying to build PowerDNS Recursor with protobuf support disabled, thus this release is only relevant to people building PowerDNS Recursor from source and not if you’re installing it as a package from our repositories.
Bug Fixes
PowerDNS Recursor release 4.1.9 introduced a call to the Lua ipfilter() hook that required access to the DNS header, but the corresponding variable was only declared when protobuf support had been enabled.
4.1.9
This release fixes Security Advisory 2019-01 and Security Advisory 2019-02 that were recently discovered, affecting PowerDNS Recursor:
CVE-2019-3806, 2019-01: from 4.1.4 up to and including 4.1.8 ;
CVE-2019-3807, 2019-02: from 4.1.0 up to and including 4.1.8.
The issues are:
CVE-2019-3806, 2019-01: Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua ;
CVE-2019-3807, 2019-02: records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.
Improvements
Try another worker before failing if the first pipe was full
|
|
Changes:
version 2019.02.18
Extractors
* [tvp:website] Fix and improve extraction
+ [tvp] Detect unavailable videos
* [tvp] Fix description extraction and make thumbnail optional
+ [linuxacademy] Add support for linuxacademy.com (#12207)
* [bilibili] Update keys (#19233)
* [udemy] Extend URL regular expressions (#14330, #15883)
* [udemy] Update User-Agent and detect captcha (#14713, #15839, #18126)
* [noovo] Fix extraction (#19230)
* [rai] Relax URL regular expression (#19232)
+ [vshare] Pass Referer to download request (#19205, #19221)
+ [openload] Add support for oload.live (#19222)
* [imgur] Use video id as title fallback (#18590)
+ [twitch] Add new source format detection approach (#19193)
* [tvplayhome] Fix video id extraction (#19190)
* [tvplayhome] Fix episode metadata extraction (#19190)
* [rutube:embed] Fix extraction (#19163)
+ [rutube:embed] Add support private videos (#19163)
+ [soundcloud] Extract more metadata
+ [trunews] Add support for trunews.com (#19153)
+ [linkedin:learning] Extract chapter_number and chapter_id (#19162)
|
|
|
|
1.4.0:
- Build with Cython 0.29 in '3str' mode.
- Test with PyPy 6.0 on Windows.
- Add support for application-wide callbacks when Greenlet objects
are started.
- Fix consuming a single ready object using
next(gevent.iwait(objs)). Previously such a construction would
hang because iter was not called.
- Make gevent.iwait return an iterator that can now also be used as
a context manager. If you'll only be consuming part of the iterator,
use it in a with block to avoid leaking resources.
- Fix semaphores to immediately notify links if they are ready and
rawlink() is called. This behaves like Event and
AsyncEvent. Note that the order in which semaphore links are
called is not specified.
- Improve safety of handling exceptions during interpreter shutdown.
- Remove the deprecated ability to specify GEVENT_RESOLVER and
other importable settings as a path/to/a/package.module.item.
This had race conditions and didn't work with complicated resolver
implementations. Place the required package or module on sys.path
first.
- Reduce the chances that using the blocking monitor functionality
could result in apparently random SystemError:
Objects/tupleobject.c: bad argument to internal function.
- Refactored the gevent test runner and test suite to make them more
reusable. In particular, the tests are now run with python -m
gevent.tests.
- Make a monkey-patched socket.getaddrinfo return socket module
enums instead of plain integers for the socket type and address
family on Python 3.
- Make gevent's pywsgi server set the non-standard environment value
wsgi.input_terminated to True.
- Make gevent.util.assert_switches produce more informative messages
when the assertion fails.
- Python 2: If a gevent.socket was closed asynchronously (in a
different greenlet or a hub callback), AttributeError could result
if the socket was already in use. Now the correct socket.error
should be raised.
- Fix :meth:gevent.threadpool.ThreadPool.join raising a
UserWarning when using the libuv backend.
- Fix FileObjectPosix.seek raising OSError when it should have
been IOError on Python 2.
- Upgrade libuv from 1.23.2 to 1.24.0.
|
|
Change log:
* Translations update
* caja-share-bar: avoid deprecated 'g_type_class_add_private'
* drop obsolete configure option from distcheck
* Use make functions for HELP_LINGUAS
* adding help to transifex config
* disable deprecation warnings for distcheck
* file-share-properties.ui: avoid deprecated:
* update transifex config with branch specific resoures
|
|
|
|
We have sysutils/vultr, which (a) has a maintainer and (b) is newer.
|
