| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
2022.11.11
* Merge youtube-dl: Upto [commit/de39d12](https://github.com/ytdl-org/youtube-dl/commit/de39d128)
* Backport SSL configuration from Python 3.10
* Do more processing in `--flat-playlist`
* Fix `--list` options not implying `-s` in some cases
* Fix end time of clips
* Fix for `formats=None`
* Write API params in debug head
* [outtmpl] Ensure ASCII in json and add option for Unicode
* [SponsorBlock] Add `type` field, obey `--retry-sleep extractor`, relax duration check for large segments
* [SponsorBlock] **Support `chapter` category**
* [ThumbnailsConvertor] Fix filename escaping
* [ModifyChapters] Handle the entire video being marked for removal
* [embedthumbnail] Fix thumbnail name in mp3
* [downloader/fragment] HLS download can continue without first fragment
* [cookies] Improve `LenientSimpleCookie`
* [jsinterp] Improve separating regex
* [extractor/common] Fix `fatal=False` for `_search_nuxt_data`
* [extractor/common] Improve `_generic_title`
* [extractor/common] Fix `json_ld` type checks
* [extractor/generic] Separate embed extraction into own function
* [extractor/generic:quoted-html] Add extractor
* [extractor/unsupported] Raise error on known DRM-only sites
* [utils] `js_to_json`: Improve escape handling
* [utils] `strftime_or_none`: Workaround Python bug on Windows
* [utils] `traverse_obj`: Always return list when branching, allow `re.Match` objects
* [build, test] Harden workflows' security
* [build] `py2exe`: Migrate to freeze API
* [build] Create `armv7l` and `aarch64` releases
* [build] Make linux binary truly standalone using `conda`
* [build] Replace `set-output` with `GITHUB_OUTPUT`
* [update] Use error code `100` for update errors
* [compat] Fix `shutils.move` in restricted ACL mode on BSD
* [docs, devscripts] Document `pyinst`'s argument passthrough
* [test] Allow `extract_flat` in download tests
* [cleanup] Misc fixes and cleanup
* [extractor/aeon] Add extractor
* [extractor/agora] Add extractors
* [extractor/camsoda] Add extractor
* [extractor/cinetecamilano] Add extractor
* [extractor/deuxm] Add extractors
* [extractor/genius] Add extractors
* [extractor/japandiet] Add extractors
* [extractor/listennotes] Add extractor
* [extractor/nos.nl] Add extractor
* [extractor/oftv] Add extractors
* [extractor/podbayfm] Add extractor
* [extractor/qingting] Add extractor
* [extractor/screen9] Add extractor
* [extractor/swearnet] Add extractor
* [extractor/YleAreena] Add extractor
* [extractor/zeenews] Add extractor
* [extractor/youtube:tab] **Update tab handling for redesign**
* Channel URLs download all uploads of the channel as multiple playlists, separated by tab
* [extractor/youtube] Differentiate between no comments and disabled comments
* [extractor/youtube] Extract `concurrent_view_count` for livestreams
* [extractor/youtube] Fix `duration` for premieres
* [extractor/youtube] Fix `live_status`
* [extractor/youtube] Ignore incomplete data error for comment replies
* [extractor/youtube] Improve chapter parsing from description
* [extractor/youtube] Mark videos as fully watched
* [extractor/youtube] Update piped instances
* [extractor/youtube] Update playlist metadata extraction for new layout
* [extractor/youtube:tab] Fix video metadata from tabs
* [extractor/youtube:tab] Let `approximate_date` return timestamp
* [extractor/americastestkitchen] Fix extractor
* [extractor/bbc] Support onion domains
* [extractor/bilibili] Add chapters and misc cleanup
* [extractor/bilibili] Fix BilibiliIE and Bangumi extractors
* [extractor/bitchute] Better error for geo-restricted videos
* [extractor/bitchute] Improve `BitChuteChannelIE`
* [extractor/bitchute] Simplify extractor
* [extractor/cda] Support login through API
* [extractor/crunchyroll] Beta is now the only layout
* [extractor/detik] Avoid unnecessary extraction
* [extractor/doodstream] Remove extractor
* [extractor/dplay] Add MotorTrendOnDemand extractor
* [extractor/epoch] Support videos without data-trailer
* [extractor/fox] Extract thumbnail
* [extractor/foxnews] Add `FoxNewsVideo` extractor
* [extractor/hotstar] Add season support
* [extractor/hotstar] Refactor v1 API calls
* [extractor/iprima] Make json+ld non-fatal
* [extractor/iq] Increase phantomjs timeout
* [extractor/kaltura] Support playlists
* [extractor/lbry] Authenticate with cookies
* [extractor/livestreamfails] Support posts
* [extractor/mlb] Add `MLBArticle` extractor
* [extractor/mxplayer] Improve extractor
* [extractor/niconico] Always use HTTPS for requests
* [extractor/nzherald] Support new video embed
* [extractor/odnoklassniki] Support boosty.to embeds
* [extractor/paramountplus] Update API token
* [extractor/reddit] Add fallback format
* [extractor/redgifs] Fix extractors
* [extractor/redgifs] Refresh auth token for 401
* [extractor/rumble] Add HLS formats and extract more metadata
* [extractor/sbs] Improve `_VALID_URL`
* [extractor/skyit] Fix extractors
* [extractor/stripchat] Fix hostname for HLS stream
* [extractor/stripchat] Improve error message
* [extractor/telegram] Add playlist support and more metadata
* [extractor/Tnaflix] Fix for HTTP 500
* [extractor/tubitv] Better DRM detection
* [extractor/tvp] Update extractors
* [extractor/twitcasting] Fix `data-movie-playlist` extraction
* [extractor/twitter] Add onion site to `_VALID_URL`
* [extractor/twitter] Add Spaces extractor and GraphQL API
* [extractor/twitter] Support multi-video posts
* [extractor/uktvplay] Fix `_VALID_URL`
* [extractor/viu] Support subtitles of on-screen text
* [extractor/VK] Fix playlist URLs
* [extractor/vlive] Extract `release_timestamp`
* [extractor/voot] Improve `_VALID_URL`
* [extractor/wordpress:mb.miniAudioPlayer] Add embed extractor
* [extractor/YoutubeWebArchive] Improve metadata extraction
* [extractor/zee5] Improve `_VALID_URL`
* [extractor/zenyandex] Fix extractors
|
|
New features:
- New shortcut: 'G' to edit current URL
- Gemini TLS client certificate support
|
|
Pkgsrc changes:
* Update cargo-depends.mk, update checksums.
Upstream changes:
## 0.12.0 "Brutalism and Gardening"
Released 2022-11-10.
Bug Fixes
* Remove a stray newline in summary output.
## 0.12.0-rc1
Released 2022-11-02.
Breaking Changes
* Restructured the TAL configuration in response to the dropped requirement
to opt into the ARIN TAL.
Routinator will now use the bundled RIR TALs directly unless told otherwise
by the new `--no-rir-tals` command line and config option. The additional
bundled TALs can be added via the new `--tal` command line and config
option. Additionally, the TAL directory can still be used via the
`--extra-tals-dir` option. The `tal-dir` option has been removed but will
still be accepted *and ignored* in the config file only.
The `init` command has been removed. ([#796])
* Changed the default configuration option for `unsafe-vrps` to `accept`
and removed all logging or mentioning of unsafe VRPs in this case.
([#761])
* Setting the `rsync-timeout` option to 0 now disables the rsync timeout.
([#798])
* Refactored error handling. Routinator now logs the reason why an object
failed verification or was otherwise rejected. ([#755])
* Removed the deprecated `rrdp-disable-gzip` configuration option.
([#769])
New
* The new `limit-v4-len` and `limit-v6-len` command line and config file
options allow limiting the length of IPv4 and IPv6 prefixes,
respectively, to be included in the VRP data set. ([#810])
* The new `rrdp-fallback` command line and config file option
allows specifying the circumstances under which a failed RRDP fetch
should result in using rsync instead. Supported polices are `never` for
never falling back to using rsync, `stale` for the current behavior of
falling back when RRDP has failed for some time, and `new` to only fall
back for repositories where RRDP has never worked before. ([#799])
* In the extended `jsonext` output format, the information for VRPs and
router keys derived from RPKI data has gained a new member `"tal"` that
shows the name of the TAL this object was published under. ([#765])
* The log output to files, stderr, and the `/log` HTTP endpoint now
includes the log level of the message to make it more clear how
important the message really is. ([#797])
* The RTR client metrics have been extended by three new values allowing
to track the time since last cache reset and the number of reset and
serial queries. Like all RTR client metrics, these new values are only
available if enable explicitly via the `rtr-client-metrics` config option.
([#800])
* TCP keepalive is now enabled for RRDP connections. The keepalive
duration can be configured via the new command line and config file option
`rrdp-tcp-keepalive`. ([#801])
Bug Fixes
* Fixed an issue in error handling in the RRDP collector that causes
Routinator to exit if it encountered malformed Base 64 in RRDP snapshot
and delta files. (Found by Donika Mirdita and Haya Shulman. Assigned
[CVE-2022-3029].) ([#784])
* Fixed an issue where RRDP snapshots and deltas with a status code other
than 200 OK were accepted and processed. ([#802])
* Changed how Routinator deals with files in the store that cannot be
parsed. These will now be ignored and the publication point stored in
them considered not available. ([#803])
* When piping output from the `vrps` command into something else, a broken
pipe will not lead to an error message any more. ([#807])
* Fixed various issues with the calculation of RTR metrics. ([#811])
Other Changes
* The minimal required Rust version has been increased to 1.60. ([#792])
* The default Docker image now listens on both port 8323 and 9556 for HTTP
requests. ([#809])
[#755]: https://github.com/NLnetLabs/routinator/pull/755
[#761]: https://github.com/NLnetLabs/routinator/pull/761
[#765]: https://github.com/NLnetLabs/routinator/pull/765
[#769]: https://github.com/NLnetLabs/routinator/pull/769
[#783]: https://github.com/NLnetLabs/routinator/pull/784
[#792]: https://github.com/NLnetLabs/routinator/pull/792
[#796]: https://github.com/NLnetLabs/routinator/pull/796
[#797]: https://github.com/NLnetLabs/routinator/pull/797
[#798]: https://github.com/NLnetLabs/routinator/pull/798
[#799]: https://github.com/NLnetLabs/routinator/pull/799
[#800]: https://github.com/NLnetLabs/routinator/pull/800
[#801]: https://github.com/NLnetLabs/routinator/pull/801
[#802]: https://github.com/NLnetLabs/routinator/pull/802
[#803]: https://github.com/NLnetLabs/routinator/pull/803
[#807]: https://github.com/NLnetLabs/routinator/pull/807
[#809]: https://github.com/NLnetLabs/routinator/pull/809
[#810]: https://github.com/NLnetLabs/routinator/pull/810
[#811]: https://github.com/NLnetLabs/routinator/pull/811
|
|
1.4.1
IMPROVEMENTS
* Add support for Python 3.9
* Add support for Python 3.10
* Drop support for Python 2.7, 3.4, and 3.5
* Convert python scripts to entry_points.
* Migrate CI from travis to GitHub actions.
* Add options to output filter to set timestamps.
* Remove dependency on unittest2.
BUGFIXES
* Fix tests with testtools >= 2.5.0.
* Mark rawstrings as such, fixing warnings.
|
|
|
|
|
|
|
|
Text-based interface for Mastodon with vim-inspired keybindings and
support for shellout for editing text or viewing media.
|
|
Upstream changes:
* 3.5.4 (2022/11/08)
- implement --force-sixel option
- fix printf bug when --progress is specified
|
|
|
|
Change to lablgkt3.
Drop MAKE_JOBS_SAFE because the issue was fixed upstream.
## Changes in 2.53.0
Released 2022-11-07
* OCaml >= 4.08 is required to build unison.
* unison can be built with (unreleased) OCaml 5.
* Change GUI to use GTK3 (via lablgtk3) instead of GTK2 (via lablgtk2)
* Add support for syncing extended attributes.
* Add support for syncing ACLs.
* On Windows, add the ability to build unison as a hybrid
application (GUI application attached to a text console) by
defining UI_WINOS=hybrid (see src/Makefile). Add this to CI.
(Doing this for non-Windows is unnecessary as all applications,
both GUI and non-GUI, are always executed with a connection to
stdout/stderr. GUI-only applications (ie, no stdout/stderr) is a
Windows-only concept.)
* Notable bugfixes
- Merge results are stored in archive more accurately.
- Windows `\\?\` paths now work correctly (including `\\?\Volume{GUID}\` paths).
* CI changes
- The macOS binaries are properly signed.
- Add workaround for bugs in the github CI Windows builds, one of
which resulted in the 2.52.1 GUI version failing, in the Windows
CI build artifacts. (This does not affect platforms other than
Windows, and may not affect other Windows builds.)
* Changes that should not affect behavior
- Clean up a variety of unmaintained and unused bits, mainly
build-related.
- OCaml's Unix library is now extensively used also on
Windows. This allowed removal of large amount of
Windows-specific OCaml and mainly C code.
|
|
v3.1.0
======
Require Python 3.7 or later.
v3.0.0
======
Removed legacy aliases ``wait_for_occupied_port``
and ``wait_for_free_port``.
v2.7.2
======
Packaging refresh.
v2.7.1
======
Fix host/port order.
v2.7.0
======
Refresh package. Require Python 3.6 or later.
|
|
|
|
pkgsrc changes:
---------------
* Add patch to include sys/socket.h on FreeBSD.
* Fix alignment in buildlink3.mk (thanks to pkglint).
* Bump revision.
|
|
|
|
No upstream ChangeLog.
|
|
No upstream ChangeLog.
|
|
No upstream ChangeLog.
|
|
4.0.9
Miscellaneous:
* CloudTrail: describe_trails() now returns the correct (MultiRegion) trails
* CloudWatch:tag_resource() now allows tagting new Alarms that didn't have tags yet
* EC2: create_instances() now supports the `IamInstanceProfile`-parameter
* EC2: describe_route_tables() now supports the `route.vpc-peering-connection-id`-filter
* EC2: modify_vpc_attribute() now supports the enableNetworkAddressUsageMetrics-attribute
* S3: delete_objects() now works against the JS SDK v3.197.0
|
|
|
|
Wireshark 4.0.1 Release Notes
What’s New
We do not ship official 32-bit Windows packages for Wireshark 4.0 and
later. If you need to use Wireshark on that platform, we recommend
using the latest 3.6 release. Issue 17779[1]
• The Windows installers now ship with Qt 5.12.2. They previously
shipped with Qt 6.2.3.
Bug Fixes
The following bugs have been fixed:
• Comparing a boolean field against 1 always succeeds on big-endian
machines. Issue 12236[2].
• Qt: MaxMind GeoIP columns not added to Endpoints table. Issue
18320[3].
• Fuzz job crash output: fuzz-2022-10-04-7131.pcap. Issue 18402[4].
• The RTP player might not play audio on Windows. Issue 18413[5].
• Wireshark 4.0 breaks display filter expression with > sign. Issue
18418[6].
• Capture filters not working when using SSH capture and dumpcap.
Issue 18420[7].
• Packet diagram field values are not terminated. Issue 18428[8].
• Packet bytes not displayed completely if scrolling. Issue
18438[9].
• Fuzz job crash output: fuzz-2022-10-13-7166.pcap. Issue
18467[10].
• Decoding bug H.245 userInput Signal. Issue 18468[11].
• CFDP dissector doesn’t handle \"destination filename\" only.
Issue 18495[12].
• Home page capture button doesn’t pop up capture options dialog.
Issue 18506[13].
• Missing dot in H.248 protocol name. Issue 18513[14].
• Missing dot for protocol H.264 in protocol column. Issue
18524[15].
• Fuzz job crash output: fuzz-2022-10-23-7240.pcap. Issue
18534[16].
New and Updated Features
Removed Features and Support
• The experimental display filter syntax for literals using angle
brackets <…> that was introduced in Wireshark 4.0.0 has been
removed. For byte arrays a colon prefix can be used instead. See
the User’s Guide[17] for details.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ASN.1 PER, CFDP, Diameter, DirectPlay, F5 Ethernet Trailer, GTP,
H.223, H.248, H.264, H.265, IEEE 802.11, IPv4, MBIM, O-RAN FH CUS,
PFCP, RTCP, SCTP, SMB, TCP, and TRANSUM
New and Updated Capture File Support
BLF
New File Format Decoding Support
There is no new or updated file format support in this release.
|
|
3.11.7 - 26/10/2022
Modified
Fix easyname provider (update action)
|
|
Release v1.50.1
All
Fix Bazel 4 support and objc bazel tests on python3.9
Release v1.50.0
Core
Derive EventEngine from std::enable_shared_from_this.
Revert "Revert "[chttp2] fix stream leak with queued flow control update and absence of writes
[chttp2] fix stream leak with queued flow control update and absence of writes.
Remove gpr_codegen.
client_channel: allow LB policy to communicate update errors to resolver.
FaultInjection: Fix random number generation.
C++
OpenCensus Plugin: Add measure and views for started RPCs.
C#
Grpc.Tools: Parse warnings from libprotobuf.
Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN.
Grpc.Tools document AdditionalImportDirs.
Fix OutputOptions and GrpcOutputOptions.
Python
Support Python 3.11.
|
|
Bandcamp-dl 0.0.13
Minor bugfix update and requirements version bump.
In some cases a track may fail to download if the album release or track release date is missing, an additional fallback has been added in this case, now it will default to when the track was released on Bandcamp specifically if no other metadata is found.
|
|
4.0.8
General:
* Unpins the werkzeug-dependency - Moto now works with werkzeug==2.2.2
* Fixes the Docker-build to run on M1 Macbooks.
New Services:
* ServiceQuotas:
* get_service_quota()
* list_aws_default_service_quotas()
New Methods:
* CloudFront: list_invalidations()
* RDS: modify_db_cluster()
Miscellaneous:
* Lambda:delete_function() - fixed an issue where the wrong Function would be deleted when providing a qualifier
* ECR:put_image() now removes any existing images that have the provided tag
* IAM:detach_user/group/role_policy() now throws the correct error message when the policy is not attached in the first place
* S3:list_object_versions(): Fix delimiter to take prefix into account
* S3: Now closes file handles as early as possible when deleting files/multipart uploads
* Sagamaker:describe_training_job() now throws the correct exception when trying to explain a non-existing job
|
|
1.26.1
api-change:accessanalyzer: This release adds support for six new resource types in IAM Access Analyzer to help you easily identify public and cross-account access to your AWS resources. Updated service API, documentation, and paginators.
api-change:location: Added new map styles with satellite imagery for map resources using HERE as a data provider.
api-change:mediatailor: This release is a documentation update
api-change:rds: Relational Database Service - This release adds support for exporting DB cluster data to Amazon S3.
api-change:workspaces: This release adds new enums for supporting Workspaces Core features, including creating Manual running mode workspaces, importing regular Workspaces Core images and importing g4dn Workspaces Core images.
1.26.0
api-change:acm-pca: AWS Private Certificate Authority (AWS Private CA) now offers usage modes which are combination of features to address specific use cases.
api-change:batch: This release adds support for AWS Batch on Amazon EKS.
api-change:datasync: Added support for self-signed certificates when using object storage locations; added BytesCompressed to the TaskExecution response.
api-change:sagemaker: SageMaker Inference Recommender now supports a new API ListInferenceRecommendationJobSteps to return the details of all the benchmark we create for an inference recommendation job.
feature:Endpoints: Implemented new endpoint ruleset system to dynamically derive endpoints and settings for services
|
|
1.25.1
api-change:accessanalyzer: [botocore] This release adds support for six new resource types in IAM Access Analyzer to help you easily identify public and cross-account access to your AWS resources. Updated service API, documentation, and paginators.
api-change:location: [botocore] Added new map styles with satellite imagery for map resources using HERE as a data provider.
api-change:mediatailor: [botocore] This release is a documentation update
api-change:rds: [botocore] Relational Database Service - This release adds support for exporting DB cluster data to Amazon S3.
api-change:workspaces: [botocore] This release adds new enums for supporting Workspaces Core features, including creating Manual running mode workspaces, importing regular Workspaces Core images and importing g4dn Workspaces Core images.
1.25.0
feature:Endpoints: [botocore] Implemented new endpoint ruleset system to dynamically derive endpoints and settings for services
api-change:acm-pca: [botocore] AWS Private Certificate Authority (AWS Private CA) now offers usage modes which are combination of features to address specific use cases.
api-change:batch: [botocore] This release adds support for AWS Batch on Amazon EKS.
api-change:datasync: [botocore] Added support for self-signed certificates when using object storage locations; added BytesCompressed to the TaskExecution response.
api-change:sagemaker: [botocore] SageMaker Inference Recommender now supports a new API ListInferenceRecommendationJobSteps to return the details of all the benchmark we create for an inference recommendation job.
|
|
|
|
0.6.0
feature:Python: Dropped support for Python 3.6
0.5.2
enhancement:s3: Added support for flexible checksums when uploading or downloading objects.
0.5.1
enhancement:Python: Officially add Python 3.10 support
0.5.0
feature:Python: Dropped support for Python 2.7
|
|
|
|
1.28.1
api-change:accessanalyzer: This release adds support for six new resource types in IAM Access Analyzer to help you easily identify public and cross-account access to your AWS resources. Updated service API, documentation, and paginators.
api-change:location: Added new map styles with satellite imagery for map resources using HERE as a data provider.
api-change:mediatailor: This release is a documentation update
api-change:rds: Relational Database Service - This release adds support for exporting DB cluster data to Amazon S3.
api-change:workspaces: This release adds new enums for supporting Workspaces Core features, including creating Manual running mode workspaces, importing regular Workspaces Core images and importing g4dn Workspaces Core images.
1.28.0
feature:Endpoints: Implemented new endpoint ruleset system to dynamically derive endpoints and settings for services
api-change:acm-pca: AWS Private Certificate Authority (AWS Private CA) now offers usage modes which are combination of features to address specific use cases.
api-change:batch: This release adds support for AWS Batch on Amazon EKS.
api-change:datasync: Added support for self-signed certificates when using object storage locations; added BytesCompressed to the TaskExecution response.
api-change:sagemaker: SageMaker Inference Recommender now supports a new API ListInferenceRecommendationJobSteps to return the details of all the benchmark we create for an inference recommendation job.
|
|
|
|
GitHub CLI 2.18.1
Replace spaces with tabs in mixed whitespace string
pr create: Fix regression in non-interactive mode
GitHub CLI 2.18.0
New Commands and Flags:
- cs rebuild
- ssh-key delete
- gpg-key delete
- release delete: new --cleanup-tag flag
- isssue/pr comment: new --edit-last flag
- pr diff: new --web flag
|
|
Twisted 22.8.0 (2022-09-06)
===========================
Twisted 22.8.0rc1 release candidate was released on 2022-08-28 and there are
no changes between the release candidate and the final release.
Features
--------
- twisted.internet.defer.maybeDeferred will now schedule a coroutine result as asynchronous operation and return a Deferred that fires with the result of the coroutine.
- Twisted now works with Cryptography versions 37 and above, and as a result, its minimum TLS protocol version has been upgraded to TLSv1.2.
Bugfixes
--------
- ``twisted.internet.base.DelayedCall.__repr__`` will no longer raise ``AttributeError`` if the ``DelayedCall`` was created before debug mode was enabled. As a side-effect, ``twisted.internet.base.DelayedCall.creator`` is now defined as ``None`` in cases where previously it was undefined.
- twisted.internet.iocpreactor.udp now properly re-queues its listener when there is a failure condition on the read from the socket.
- twisted.internet.defer.inlineCallbacks no longer causes confusing StopIteration tracebacks to be added to the top of tracebacks originating in triggered callbacks
- The typing of twisted.internet.task.react no longer constrains the type of argv.
- `ContextVar.reset()` now works correctly inside `inlineCallbacks` functions and coroutines.
- Implement twisted.python.failure._Code.co_positions for compatibility with Python 3.11.
- twisted.pair.tuntap._TUNSETIFF and ._TUNGETIFF values are now correct parisc, powerpc and sparc architectures.
Improved Documentation
----------------------
- The release process documentation was updated to include information about
doing a security release.
- The development and policy documentation pages were moved into the same
directory that is now placed inside the documentation root directory.
Deprecations and Removals
-------------------------
- Python 3.6 is no longer supported.
Twisted 22.4.0 was the last version with support for Python 3.6.
Conch
-----
Bugfixes
~~~~~~~~
- twisted.conch.checkers.UNIXAuthorizedKeysFiles now uses the filesystem encoding to decode usernames before looking them up in the password database, so it works on Python 3.
- twisted.conch.ssh.SSHSession.request_env no longer gives a warning if the session does not implement ISessionSetEnv.
- The cftp command line (and `twisted.conch.scripts.cftp.SSHSession.extReceived`) no longer raises an unhandled error when receiving data on stderr from the server.
Web
---
Features
~~~~~~~~
- twisted.web.template.renderElement now combines consecutive, sychronously-available bytes up to a fixed size limit into a single string to pass to ``IRequest.write`` instead of passing them all separately. This greatly reduces the number of chunks in the response.
Mail
----
Bugfixes
~~~~~~~~
- twisted.mail.maildir.MaildirMessage now use byte header to avoid incompatibility with the FileMessage which writes bytes not strings lines to a message file
Words
-----
Bugfixes
~~~~~~~~
- twisted.words.protocols.irc.IRCClient now splits overly long NOTICEs and NOTICEs containing \n before sending.
Names
-----
Bugfixes
~~~~~~~~
- twisted.names.dns logs unparsable messages rather than generating a Failure instance
Trial
-----
Features
~~~~~~~~
- ``trial --jobs=N --exitfirst`` is now supported.
Bugfixes
~~~~~~~~
- `trial --jobs=N --until-failure ...` now reports the correct number of tests run after each iteration.
- ``trial -jN ...`` will now pass errors and failures to ``IReporter`` methods as instances of ``WorkerException`` instead of ``str``.
|
|
4.17.2 (2022/10-25)
o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
unwrap_des() and unwrap_des3() routines of Heimdal (included
in Samba).
https://www.samba.org/samba/security/CVE-2022-3437.html
o CVE-2022-3592: A malicious client can use a symlink to escape the exported
directory.
https://www.samba.org/samba/security/CVE-2022-3592.html
Changes since 4.17.1
--------------------
o Volker Lendecke <vl@samba.org>
* BUG 15207: CVE-2022-3592.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15134: CVE-2022-3437.
|
|
7.1.2
fix documentation display composing
fget_object(): add progress support
Updating documentation links to new URLs
list_objects: fix parsing user metadata as per MinIO server
|
|
Changes since 4.17.0
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15174: smbXsrv_connection_shutdown_send result leaked.
* BUG 15182: Flush on a named stream never completes.
* BUG 15195: Permission denied calling SMBC_getatr when file not exists.
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
* BUG 15191: pytest: add file removal helpers for TestCaseInTempDir.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later.
over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
o Ralph Boehme <slow@samba.org>
* BUG 15182: Flush on a named stream never completes.
o Volker Lendecke <vl@samba.org>
* BUG 15151: vfs_gpfs silently garbles timestamps > year 2106.
o Gary Lockyer <gary@catalyst.net.nz>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
o Stefan Metzmacher <metze@samba.org>
* BUG 15200: multi-channel socket passing may hit a race if one of the
involved processes already existed.
* BUG 15201: memory leak on temporary of struct imessaging_post_state and
struct tevent_immediate on struct imessaging_context (in
rpcd_spoolss and maybe others).
o Noel Power <noel.power@suse.com>
* BUG 15205: Since popt1.19 various use after free errors using result of
poptGetArg are now exposed.
o Anoop C S <anoopcs@samba.org>
* BUG 15192: Remove special case for O_CREAT in SMB_VFS_OPENAT from
vfs_glusterfs.
o Andreas Schneider <asn@samba.org>
* BUG 15169: GETPWSID in memory cache grows indefinetly with each NTLM auth.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
==============================
Release Notes for Samba 4.17.0
September 13, 2022
==============================
This is the first stable release of the Samba 4.17 release series.
Please read the release notes carefully before upgrading.
NEW FEATURES/CHANGES
====================
SMB Server performance improvements
-----------------------------------
The security improvements in recent releases
(4.13, 4.14, 4.15, 4.16), mainly as protection against symlink races,
caused performance regressions for meta data heavy workloads.
With 4.17 the situation improved a lot again:
- Pathnames given by a client are devided into dirname and basename.
The amount of syscalls to validate dirnames is reduced to 2 syscalls
(openat, close) per component. On modern Linux kernels (>= 5.6) smbd
makes use of the openat2() syscall with RESOLVE_NO_SYMLINKS,
in order to just use 2 syscalls (openat2, close) for the whole dirname.
- Contended path based operations used to generate a lot of unsolicited
wakeup events causing thundering herd problems, which lead to masive
latencies for some clients. These events are now avoided in order
to provide stable latencies and much higher throughput of open/close
operations.
Configure without the SMB1 Server
---------------------------------
It is now possible to configure Samba without support for
the SMB1 protocol in smbd. This can be selected at configure
time with either of the options:
--with-smb1-server
--without-smb1-server
By default (without either of these options set) Samba
is configured to include SMB1 support (i.e. --with-smb1-server
is the default). When Samba is configured without SMB1 support,
none of the SMB1 code is included inside smbd except the minimal
stub code needed to allow a client to connect as SMB1 and immediately
negotiate the selected protocol into SMB2 (as a Windows server also
allows).
None of the SMB1-only smb.conf parameters are removed when
configured without SMB1, but these parameters are ignored by
the smbd server. This allows deployment without having to change
an existing smb.conf file.
This option allows sites, OEMs and integrators to configure Samba
to remove the old and insecure SMB1 protocol from their products.
Note that the Samba client libraries still support SMB1 connections
even when Samba is configured as --without-smb1-server. This is
to ensure maximum compatibility with environments containing old
SMB1 servers.
Bronze bit and S4U support now also with MIT Kerberos 1.20
----------------------------------------------------------
In 2020 Microsoft Security Response Team received another Kerberos-related
report. Eventually, that led to a security update of the CVE-2020-17049,
Kerberos KDC Security Feature Bypass Vulnerability, also known as a ‘Bronze
Bit’. With this vulnerability, a compromised service that is configured to use
Kerberos constrained delegation feature could tamper with a service ticket that
is not valid for delegation to force the KDC to accept it.
With the release of MIT Kerberos 1.20, Samba AD DC is able able to mitigate the
‘Bronze Bit’ attack. MIT Kerberos KDC's KDB (Kerberos Database Driver) API was
changed to allow passing more details between KDC and KDB components. When built
against MIT Kerberos, Samba AD DC supports MIT Kerberos 1.19 and 1.20 versions
but 'Bronze Bit' mitigation is provided only with MIT Kerberos 1.20.
In addition to fixing the ‘Bronze Bit’ issue, Samba AD DC now fully supports
S4U2Self and S4U2Proxy Kerberos extensions.
Note the default (Heimdal-based) KDC was already fixed in 2021,
see https://bugzilla.samba.org/show_bug.cgi?id=14642
Resource Based Constrained Delegation (RBCD) support
----------------------------------------------------
Samba AD DC built with MIT Kerberos 1.20 offers RBCD support now. With MIT
Kerberos 1.20 we have complete RBCD support passing Sambas S4U testsuite.
samba-tool delegation got the 'add-principal' and 'del-principal' subcommands
in order to manage RBCD.
To complete RBCD support and make it useful to Administrators we added the
Asserted Identity [1] SID into the PAC for constrained delegation. This is
available for Samba AD compiled with MIT Kerberos 1.20.
Note the default (Heimdal-based) KDC does not support RBCD yet.
[1] https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
Customizable DNS listening port
-------------------------------
It is now possible to set a custom listening port for the builtin DNS service,
making easy to host another DNS on the same system that would bind to the
default port and forward the domain-specific queries to Samba using the custom
port. This is the opposite configuration of setting a forwarder in Samba.
It makes possible to use another DNS server as a front and forward to Samba.
Dynamic DNS updates may not be proxied by the front DNS server when forwarding
to Samba. Dynamic DNS update proxying depends on the features of the other DNS
server used as a front.
CTDB changes
------------
* When Samba is configured with both --with-cluster-support and
--systemd-install-services then a systemd service file for CTDB will
be installed.
* ctdbd_wrapper has been removed. ctdbd is now started directly from
a systemd service file or init script.
* The syntax for the ctdb.tunables configuration file has been
relaxed. However, trailing garbage after the value, including
comments, is no longer permitted. Please see ctdb-tunables(7) for
more details.
Operation without the (unsalted) NT password hash
-------------------------------------------------
When Samba is configured with 'nt hash store = never' then Samba will
no longer store the (unsalted) NT password hash for users in Active
Directory. (Trust accounts, like computers, domain controllers and
inter-domain trusts are not impacted).
In the next version of Samba the default for 'nt hash store' will
change from 'always' to 'auto', where it will follow (behave as 'nt
hash store = never' when 'ntlm auth = disabled' is set.
Security-focused deployments of Samba that have eliminated NTLM from
their networks will find setting 'ntlm auth = disabled' with 'nt hash
store = always' as a useful way to improve compliance with
best-practice guidance on password storage (which is to always use an
interated hash).
Note that when 'nt hash store = never' is set, then arcfour-hmac-md5
Kerberos keys will not be available for users who subsequently change
their password, as these keys derive their values from NT hashes. AES
keys are stored by default for all deployments of Samba with Domain
Functional Level 2008 or later, are supported by all modern clients,
and are much more secure.
Finally, also note that password history in Active Directory is stored
in nTPwdHistory using a series of NT hash values. Therefore the full
password history feature is not available in this mode.
To provide some protection against password re-use previous Kerberos
hash values (the current, old and older values are already stored) are
used, providing a history length of 3.
There is one small limitation of this workaround: Changing the
sAMAccountName, userAccountControl or userPrincipalName of an account
can cause the Kerberos password salt to change. This means that after
*both* an account rename and a password change, only the current
password will be recognised for password history purposes.
Python API for smbconf
----------------------
Samba's smbconf library provides a generic frontend to various
configuration backends (plain text file, registry) as a C library. A
new Python wrapper, importable as 'samba.smbconf' is available. An
additional module, 'samba.samba3.smbconf', is also available to enable
registry backend support. These libraries allow Python programs to
read, and optionally write, Samba configuration natively.
JSON support for smbstatus
--------------------------
It is now possible to print detailed information in JSON format in
the smbstatus program using the new option --json. The JSON output
covers all the existing text output including sessions, connections,
open files, byte-range locks, notifies and profile data with all
low-level information maintained by Samba in the respective databases.
Protected Users security group
------------------------------
Samba AD DC now includes support for the Protected Users security
group introduced in Windows Server 2012 R2. The feature reduces the
attack surface of user accounts by preventing the use of weak
encryption types. It also mitigates the effects of credential theft by
limiting credential lifetime and scope.
The protections are intended for user accounts only, and service or
computer accounts should not be added to the Protected Users
group. User accounts added to the group are granted the following
security protections:
* NTLM authentication is disabled.
* Kerberos ticket-granting tickets (TGTs) encrypted with RC4 are
not issued to or accepted from affected principals. Tickets
encrypted with AES, and service tickets encrypted with RC4, are
not affected by this restriction.
* The lifetime of Kerberos TGTs is restricted to a maximum of four
hours.
* Kerberos constrained and unconstrained delegation is disabled.
If the Protected Users group is not already present in the domain, it
can be created with 'samba-tool group add'. The new '--special'
parameter must be specified, with 'Protected Users' as the name of the
group. An example command invocation is:
samba-tool group add 'Protected Users' --special
or against a remote server:
samba-tool group add 'Protected Users' --special -H ldap://dc1.example.com -U Administrator
The Protected Users group is identified in the domain by its having a
RID of 525. Thus, it should only be created with samba-tool and the
'--special' parameter, as above, so that it has the required RID
to function correctly.
REMOVED FEATURES
================
LanMan Authentication and password storage removed from the AD DC
-----------------------------------------------------------------
The storage and authentication with LanMan passwords has been entirely
removed from the Samba AD DC, even when "lanman auth = yes" is set.
smb.conf changes
================
Parameter Name Description Default
-------------- ----------- -------
dns port New default 53
fruit:zero_file_id New default yes
nt hash store New parameter always
smb1 unix extensions Replaces "unix extensions"
volume serial number New parameter -1
winbind debug traceid New parameter no
|
|
1.3.1:
Bug fixes
|
|
libtorrent-2.0.8
fix uTP streams timing out instead of closing cleanly
add write_torrent_file_buf() overload for generating .torrent files
add create_torrent::generate_buf() function to generate into a buffer
fix copy_file when the file ends with a sparse region
uTP performance, fix packet loss when sending is stalled
fix trackers being stuck after session pause/resume
fix bug in hash_picker with empty files
uTP performance, prevent premature timeouts/resends
add option to not memory map files below a certain size
settings_pack now returns default values when queried for missing settings
fix copy_file fall-back when SEEK_HOL/SEEK_DATA is not supported
improve error reporting from file copy and move
tweak pad file placement to match reference implementation (tail-padding)
uTP performance, more lenient nagle's algorithm to always allow one outstanding undersized packet
uTP performance, piggy-back held back undersized packet with ACKs
uTP performance, don't send redundant deferred ACKs
support incoming SOCKS5 packets with hostnames as source address, for UDP trackers
ignore duplicate network interface change notifications on linux
fix total_want/want accounting when forcing a recheck
fix merging metadata with magnet links added on top of existing torrents
add torrent_flag to default all file priorities to dont_download
fix &so= feature in magnet links
improve compatibility of SOCKS5 UDP ASSOCIATE
fix madvise range for flushing cache in mmap_storage
open files with no_cache set in O_SYNC mode
|
|
pkgsrc changes:
* Fix NetBSD rc.d script that cannot have previously worked.
* Use readline support instead of hardcoding editline, and fix buildlink
variables that cannot have previously worked.
* Enable nghttp2 support.
1.7.2
Released: 14th of June 2022
* Improvements
Scan the UDP buckets only when we have outstanding queries
Only allocate the health-check mplexer when needed
Add Lua bindings to access the DNS payload as a string
* Bug Fixes
Fix invalid proxy protocol payload on a DoH TC to TCP retry
Fix a crash on a invalid protocol in DoH forwarded-for header
Add missing descriptions for prometheus metrics
1.7.1
Released: 25th of April 2022
* Improvements
Remove the leak warning with GnuTLS >= 3.7.3
Fix compilation with OpenSSL 3.0.0
Docker images: remove capability requirements
Docker image: install ca-certificates
Work around a compiler bug seen on OpenBSD/amd64 using clang-13
Stop using the now deprecated and useless std::binary_function
Add a ‘getAddressAndPort()’ method to DOHFrontend and TLSFrontend objects
* Bug Fixes
Fix the health-check timeout for outgoing DoH connections
Set Server Name Indication on outgoing TLS connections (DoT, DoH)
Fix the latency-count metric
Fix a use-after-free in case of a network error in the middle of a XFR query
Properly use eBPF when the DynBlock is not set
Fix ‘inConfigCheck()’
Use the correct outgoing protocol in our ring buffers
Raise the number of entries in a packet cache to at least 1
Fix wrong eBPF values (qtype, counter) being inserted for qnames
The check interval applies to health-check, not timeouts
1.7.0
Released: 17th of January 2022
* Bug Fixes
Test the correct member in DynBlockRatioRule::warningRatioExceeded (Doug Freed)
1.7.0-rc1
Released: 22nd of December 2021
* Improvements
Reuse and save the TLS session tickets in DoT healthchecks
* Bug Fixes
Fix a double-free when a DoH cross-protocol response is dropped
Check the size of the query when re-sending a DoH query
1.7.0-beta2
Released: 29th of November 2021
* Improvements
Add a function to know how many TLS sessions are currently cached
Warn that GnuTLS 3.7.x leaks memory when validating certs
Add a function to set the UDP recv/snd buffer sizes
Add ‘showWebserverConfig’
* Bug Fixes
Fix a memory leak when reusing TLS tickets for outgoing connections
Fix compiler/static analyzer warnings
Fix Lua parameters bound checks
Add missing visibility attribute on dnsdist_ffi_dnsquestion_get_qname_hash
1.7.0-beta1
Released: 16th of November 2021
* New Features
Implement filesystem pinning for eBPF maps, drop and truncate via XDP (Pierre Grié)
Add range support for dynamic blocks
Add the ability to retain select capabilities at runtime
* Improvements
Read as many DoH responses as possible before yielding
Stop over-allocating for DoH queries
Support DoT, DoH and DNSCrypt transports for protobuf and dnstap
Use the same outgoing TCP connection for different clients
Convert make_pair to emplace (Rosen Penev)
Add syslog identifier to service file
Get rid of make_pair (Rosen Penev)
Use make_unique instead of new (Rosen Penev)
Handle existing EDNS content for SetMacAddrAction/SetEDNSOptionAction
* Bug Fixes
Keep watching idle DoH backend connections
Fix the cleaning of TCP, DoT and DoH connections to the backend
Properly handle I/O exceptions in the health checker
NetmaskTree: Drop the ‘noexcept’ qualifier on the TreeNode ctor
Fix build without nghttp2
Remove debug print line flooding logs (Eugen Mayer)
Credentials: EVP_PKEY_CTX_set1_scrypt_salt() takes an unsigned char*
1.7.0-alpha2
Released: 19th of October 2021
* New Features
Add lua support for SetEDNSOptionAction
Rule for basing decisions on outstanding queries in a pool (phonedph1)
* Improvements
Disable TLS renegotiation, release buffers for outgoing TLS
Don’t create SSLKEYLOGFILE files with wide permissions
Update existing tags when calling setTagAction and setTagResponseAction
Fix the unit tests to handle v4-only or v6-only connectivity
* Improve the coverage of the outgoing DoH code
Allow skipping arbitrary EDNS options when computing packet hash
Add incoming and outgoing protocols to grepq
Allow setting the block reason from the SMT callback
Clear the UDP states of TCP-only backends
Replace shared by unique ptrs, reduce structs size
* Bug Fixes
Better handling of outgoing DoH workers
Properly cache UDP queries passed to a TCP/DoT/DoH backend
Use per-thread credentials for GnuTLS client connections
Only set recursion protection once we know we do not return
1.7.0-alpha1
Released: 23rd of September 2021
* New Features
Implementation of DoH between dnsdist and the backend
Implement cross-protocol queries, including outgoing DNS over TLS
Add support for Lua per-thread FFI rules and actions
Add FFI functions to spoof multiple raw values
Add support for range-based lookups into a Key-Value store
Implement SpoofSVCAction to return SVC responses
* Improvements
Don’t look up the LMDB dbi by name for every query
Move to hashed passwords for the web interface
Fix ‘temporary used in loop’ warnings reported by g++ 11.1.0
Skip some memory allocations in client mode to reduce memory usage
Support multiple ip addresses for dnsdist-resolver lua script (Wim)
Make DNSDist XFR aware when transfer is finished (Dimitrios Mavrommatis)
Do not report latency metrics of down upstream servers (Holger Hoffstätte)
Carry the exact incoming protocol (Do53, DNSCrypt, DoT, DoH) in DQ
Implement ‘reload()’ to rotate Log(Response)Action’s log file
Document that setECSOverride has its drawbacks (Andreas Jakum)
Convert dnsdist and the recursor to LockGuarded
Handle waiting for a descriptor to become readable OR writable
Clean up a bit of “cast from type […] casts away qualifiers” warnings
Reorganize the IDState and Rings fields to reduce memory usage
* Bug Fixes
Catch FDMultiplexerException in IOStateHandler’s destructor
Resizing LMDB map size while there might be open transactions is unsafe
Ignore TCAction over TCP
Stop raising the number of TCP workers to the number of TCP binds
Handle exception raised in IOStateGuard’s destructor
1.6.1
Released: 15th of September 2021
* New Features
Add the missing DOHFronted::loadNewCertificatesAndKeys()
Implement a web endpoint to get metrics for only one pool
* Bug Fixes
Set the dnstap/protobuf transport to TCP for DoH queries
Backport a missing mutex header
Properly handle ECS for queries with ancount or nscount > 0
Catch FDMultiplexerException in IOStateHandler’s destructor
Fix outstanding counter issue on TCP error
1.6.0
Released: 11th of May 2021
1.5.2
Released: 10th of May 2021
* Bug Fixes
Fix a crash when a DoH responses map is updated at runtime
Fix SNI on resumed sessions by acknowledging the name sent by the client
Fix the DNSName move assignment operator
Fix a typo in prometheus metrics dnsdist_frontend_tlshandshakefailures #9728 (AppliedPrivacy)
Make: two fixes
Fix eBPF filtering of long qnames
Fix a hang when removing a server with more than one socket
Fix Dynamic Block RCode rules messing up the queries count
Fix EDNS in ServFail generated when no server is available
Prevent a crash with DynBPF objects in client mode
Add missing getEDNSOptions and getDO bindings for DNSResponse
1.6.0-rc2
Released: 4th of May 2021
* Improvements
Make the backend queryLoad and dropRate values atomic
* Bug Fixes
Fix missing locks in DNSCrypt certificates management
Only use eBPF for “drop” actions, clean up more often
1.6.0-rc1
Released: 20th of April 2021
* Improvements
Replace pthread_rwlock with std::shared_mutex
Also disable PMTU for v6
* Bug Fixes
Lua: don’t destroy keys during table iteration
Add missing getEDNSOptions and getDO bindings for DNSResponse
Fix some issues reported by Thread Sanitizer
1.6.0-alpha3
Released: 29th of March 2021
* Improvements
Set OpenSSL to release buffers when idle, saves 35 kB per connection
Unify certificate reloading syntaxes
Disable TLS renegotiation by default
* Improve TCP connection reuse, add metrics
Using DATA to report memory usage is unreliable, start using RES instead, as it seems reliable and relevant
Add a metric for TCP listen queue full events
Enable sharding by default, greater pipe buffer sizes
Add limits for cached TCP connections, metrics
* Bug Fixes
Fix the handling of DoH queries with a non-zero ID
Fix the TCP connect timeout, add metrics
1.6.0-alpha2
Released: 4th of March 2021
* New Features
Add option to spoofRawAction to spoof multiple answers (Sander Hoentjen)
Add ‘spoof’ and ‘spoofRaw’ Lua bindings
* Improvements
Make NetmaskTree::fork() a bit easier to understand
Do not update the TCP error counters on idle states
Bind __tostring instead of toString for Lua, so that conversion to string works automatically (Aki Tuomi)
* Bug Fixes
Remove forgotten debug line in the web server
Create TCP worker threads before acceptors ones
Prevent a crash with DynBPF objects in client mode
Fix several bugs in the TCP code path, add unit tests
Fix size check during trailing data addition, regression tests
Clean up expired entries from all the packet cache’s shards
1.6.0-alpha1
Released: 2nd of February 2021
* New Features
Add per-thread Lua FFI load-balancing policies
Implement Lua custom web endpoints
Implement TCP out-of-order
Add support for incoming Proxy Protocol
Add SkipCacheResponseAction
* Improvements
Use more of systemd’s sandboxing options when available
Add an option to allow sub-paths for DoH
Prioritize ChaCha20-Poly1305 when client does (Sukhbir Singh)
Start all TCP worker threads on startup
Use protozero for Protocol Buffer operations
Speed up the round robin policy
Avoid unnecessary allocations and copies with DNSName::toDNSString()
Get rid of allocations in the packet cache’s fast path
Fix the DNSName move assignment operator
Don’t copy the policy for every query
UUID: Use the non-cryptographic variant of the boost::uuid
Use an eBPF filter for Dynamic blocks when available
Limit the number of concurrent console and web connections
Add prometheus metrics for top Dynamic Blocks entries
Add per connection queries count and duration stats for DoH
Add Lua bindings to get a server’s latency
Wrap more FILE objects in smart pointers
Set the default EDNS buffer size on generated answers to 1232
Add support for FreeBSD’s SO_REUSEPORT_LB
Accept string in DNSDistPacketCache:expungeByName
DNSName: add toDNSString convenience function
Skip EDNS Cookies in the packet cache
Add the query payload size to the verbose log over TCP
Add the response code in the packet cache dump
Add an optional name to rules
Add the ability to set ACL from a file (Matti Hiljanen)
Add a Lua binding for the number of queries dropped by a server
Move to c++17
Fix warnings on autoconf 2.70
Reduce diff to upstream yahttp, fixing a few CodeQL reports
Handle syslog facility as string, document the numerical one
Deprecate parameters to webserver(), add ‘statsRequireAuthentication’ parameter
Add a counter for queries truncated because of a rule
Replace offensive terms in our code and documentation
Use aligned atomics to prevent false sharing
Unify non-terminal actions as SetXXXAction()
Accept a NMG to fill DynBlockRulesGroup ranges
Silence clang 12 warning
Fix a few warnings reported by clang’s static analyzer and cppcheck
* Bug Fixes
Fix a crash when a DoH responses map is updated at runtime
Fix SNI on resumed sessions by acknowledging the name sent by the client
Use toStringWithPort instead of manual addr/port concat (Mischan Toosarani-Hausberger)
Force a reconnection when a downstream transitions to the UP state (Nuitari, Stephane Bakhos)
Handle EINTR in DelayPipe
Handle empty DNSNames in grepq()
Make: two fixes
Fix eBPF filtering of long qnames
* Improve const-correctness of Lua bindings (Georgeto)
Fix a hang when removing a server with more than one socket
Appease clang++ 12 ASAN on MacOS
Bunch of signed vs unsigned warnings
Send a NotImp answer on empty (qdcount=0) queries
Don’t apply QPS to backend server on cache hits
Fix EDNS in ServFail generated when no server is available
* Removals
Rename topRule() and friends
Remove useless second argument for SpoofAction
|
|
rsync 3.2.7 (20 Oct 2022)
BUG FIXES:
- Fixed the client-side validating of the remote sender's filtering behavior.
- More fixes for the "unrequested file-list name" name, including a copy of
"/" with `--relative` enabled and a copy with a lot of related paths with
`--relative` enabled (often derived from a `--files-from` list).
- When rsync gets an unpack error on an ACL, mention the filename.
- Avoid over-setting sanitize_paths when a daemon is serving "/" (even if
"use chroot" is false).
ENHANCEMENTS:
- Added negotiated daemon-auth support that allows a stronger checksum digest
to be used to validate a user's login to the daemon. Added SHA512, SHA256,
and SHA1 digests to MD5 & MD4. These new digests are at the highest priority
in the new daemon-auth negotiation list.
- Added support for the SHA1 digest in file checksums. While this tends to be
overkill, it is available if someone really needs it. This overly-long
checksum is at the lowest priority in the normal checksum negotiation list.
See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST`
environment var for how to customize this.
- Improved the xattr hash table to use a 64-bit key without slowing down the
key's computation. This should make extra sure that a hash collision doesn't
happen.
- If the `--version` option is repeated (e.g. `-VV`) then the information is
output in a (still readable) JSON format. Client side only.
- The script `support/json-rsync-version` is available to get the JSON style
version output from any rsync. The script accepts either text on stdin
**or** an arg that specifies an rsync executable to run with a doubled
`--version` option. If the text we get isn't already in JSON format, it is
converted. Newer rsync versions will provide more complete json info than
older rsync versions. Various tweaks are made to keep the flag names
consistent across versions.
- The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset"
so that rsync can use chroot when it works and a sanitized copy when chroot
is not supported (e.g., for a non-root daemon). Explicitly setting the
parameter to true or false (on or off) behaves the same way as before.
- The `--fuzzy` option was optimized a bit to try to cut down on the amount of
computations when considering a big pool of files. The simple heuristic from
Kenneth Finnegan resuled in about a 2x speedup.
- If rsync is forced to use protocol 29 or before (perhaps due to talking to an
rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync
now interprets this value as an unsigned integer so that a current year past
2038 can continue to be represented. This does mean that years prior to 1970
cannot be represented in an older protocol, but this trade-off seems like the
right choice given that (1) 2038 is very rapidly approaching, and (2) newer
protocols support a much wider range of old and new dates.
- The rsync client now treats an empty destination arg as an error, just like
it does for an empty source arg. This doesn't affect a `host:` arg (which is
treated the same as `host:.`) since the arg is not completely empty. The use
of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the
prior behavior of treating an empty destination arg as a ".".
PACKAGING RELATED:
- The checksum code now uses openssl's EVP methods, which gets rid of various
deprecation warnings and makes it easy to support more digest methods. On
newer systems, the MD4 digest is marked as legacy in the openssl code, which
makes openssl refuse to support it via EVP. You can choose to ignore this
and allow rsync's MD4 code to be used for older rsync connections (when
talking to an rsync prior to 3.0.0) or you can choose to configure rsync to
tell openssl to enable legacy algorithms (see below).
- A simple openssl config file is supplied that can be installed for rsync to
use. If you install packaging/openssl-rsync.cnf to a public spot (such as
`/etc/ssl/openssl-rsync.cnf`) and then run configure with the option
`--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the
configured path in the OPENSSL_CONF environment variable (when the variable
is not already set). This will enable openssl's MD4 code for rsync to use.
- The packager may wish to include an explicit "use chroot = true" in the top
section of their supplied /etc/rsyncd.conf file if the daemon is being
installed to run as the root user (though rsync should behave the same even
with the value unset, a little extra paranoia doesn't hurt).
- I've noticed that some packagers haven't installed support/nameconvert for
users to use in their chrooted rsync configs. Even if it is not installed
as an executable script (to avoid a python3 dependency) it would be good to
install it with the other rsync-related support scripts.
- It would be good to add support/json-rsync-version to the list of installed
support scripts.
|
|
2.0.8
Prefer using create_default_ssl_context (second try, now backwards compatible)
2.0.7
Revert "Prefer using create_default_ssl_context"
2.0.3
fix: import distutils after setuptools (compat with setuptools/65.3.0) by @sandrotosi in #168
Vendor llhttp as submodule and update it to v6.0.10
2.0.2
Urlencode spaces in query string, like requests does
2.0.1
Always URLencode data parameter if it is dict type
2.0.0
Replace http_parser with llhttp
|
|
22.10.1 (2022-10-14)
====================
Features
--------
- Update bundled libuv to 1.44.2.
22.08.0 (2022-10-08)
====================
Features
--------
- Windows: Test and provide binary wheels for PyPy3.7.
Note that there may be issues with subprocesses, signals, and it may
be slow.
- Upgrade embedded c-ares to 1.18.1.
- Upgrade bundled libuv to 1.42.0 from 1.40.0.
- Added preliminary support for Python 3.11 (rc2 and later).
Some platforms may or may not have binary wheels at this time.
.. important:: Support for legacy versions of Python, including 2.7
and 3.6, will be ending soon. The
maintenance burden has become too great and the
maintainer's time is too limited.
Ideally, there will be a release of gevent compatible
with a final release of greenlet 2.0 that still
supports those legacy versions, but that may not be
possible; this may be the final release to support them.
:class:`gevent.threadpool.ThreadPool` can now optionally expire idle
threads. This is used by default in the implicit thread pool used for
DNS requests and other user-submitted tasks; other uses of a
thread-pool need to opt-in to this.
Bugfixes
--------
- Truly disable the effects of compiling with ``-ffast-math``.
|
|
Pkgsrc changes:
Github and pkglint fixes.
Changes from NEWS:
## GNU ZRTP 4.6.6 ##
Small fix in zrtp/crypto/zrtpDh.cpp to fix a small memory leak.
## GNU ZRTP 4.6.5 ##
Cleanup compiler flags, reduce visibility for Android build,
check some buffer length. No functional enhancements, no changes
in API.
## GNU ZRTP 4.6.4 ##
Some fixes to slience Windows C/C++ compiler, fix a few include
statements when using openSSL, small fixes to check disclosure
flag. Reset valid flags when adding a new cache record to avoid
wrong security message.
## GNU ZRTP 4.6.3 ##
A small fix inside the ZRTP main module to ignore malformed
DH1 packets and avoid an NULL pointer access.
## GNU ZRTP 4.6.2 ##
A small fix in the ZrtpCWrapper to fix an issue within 4.6.1
;-)
## GNU ZRTP 4.6.1 ##
A small fix in the ZrtpCWrapper to initialize and use the ZRTP
master instance in case of multi-stream usage. Does not affect
the main ZRTP usage, only projects that use the wrapper such
as PJSIP or Gstreamer projects.
These project should re-compile if they use the multi-stream
feature.
## GNU ZRTP 4.6.0 ##
Only a small add-on to the code to implement handling of the
disclosure flag. See RFC6189, chapter 11 for more details
about the disclosure flag.
Because the API changed, thus it's necessary to recompile
applications that use the new library version.
## GNU ZRTP 4.5.0 ##
Added a new SAS algorithm 'B32E' that uses 32 Unicode Emoji
code points instead of 32 ASCII characters. Application that
are able to display Emojis may use this new SAS algorithm to
display nice Emojis instead of 'boring' ASCII letters and
digits.
Some technical details:
* the 32 selected emojis are easily distinguishable, known to
everyone, not offending etc, and use standard Unicode code
points
* select colored emojis that look good on white and on black
backgrounds (most emojis look good on white only)
* select emojis that are available on iOS, Android, Mac OS X
(Windows not checked)
* the resulting SAS string is UTF-8 encoded, suitable for most
platforms except Java.
To use the codes for Java the application needs to translate the
UTF-8 encoding into UTF-16 encoding. Because most of the emojis
are Unicode supplementary characters the UTF-8 to UTF-16 conversion
must generate the necessary UTF-16 surrogate pairs.
To support the UTF-8 / UTF-16 conversion the common directory
contains conversion functions that I extracted from ICU C/C++
library source.
Because the API changed, thus it's necessary to recompile
applications that use the new library version.
|
|
|
|
Termscp is a feature rich terminal file transfer and explorer, with support for
SCP/SFTP/FTP/S3. So basically is a terminal utility with an TUI to connect to a
remote server to retrieve and upload files and to interact with the local file
system.
|
|
0.39.2
Performance improvements for parsing incoming packet data
|
|
1.5.1:
- ENH: add extremely basic /health endpoint
- FIX: docker tests in cicd
- MAINT: Replace usage of deprecated inspect.getargspec
- MAINT: Add traefik/ and auth/ dirs to gitignore
- MAINT: Fix typos in README
|
|
|
|
Take MAINTAINER.
|
