| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
- test: remove findport dependency
- fix error message
- sockc: clean up: remove unused macro, reformat usage
- socks: clean up: reformat usage, add statics, spelling
- tlss: Fix wrong synopsis. Spotted by Stanley Lieber.
- tlss: Add option for certificate revocation lists.
- tlss: Refactor error handling.
- tls{s,c}: Refactor error handling. Update copyright date.
- tlsc: improve manpage
- README: Add description for httppc
- tests: Improve OpenSSL config for tests
- http_parser: Simplify lenght dependend string compare
- tests: Add files for certificate revocation list testing
- Makefile: Remove useless variable
- httpc: Improve error handing
- gitignore: add some non-tracking files
- Refactor makefiles
- httpc: fix spacing
- http: add comment and spacing
- tlsc.1: discribe -k and cleanup
- remove unused printf parameter
- add ftp client
- remove double include
- simplify envionment settings
- fix spacing
- simplify envitonment settings
- fix copyright comments
- simplify make
- simplify creation of tar balls
- add http server
- update gitignore
- simplify makefile
- update gitignore
- remove debug code
- Use LDLIBS for linked libraries
- Cleanup https
- Merge pull request #8 from jspricke/ldlibs
- remove useless make rules
- test: run with ksh and avoid ENOENT
- https: add content-length
- add comment
- https: handel Host: header
- https: default connection is closed
- https: simplify response code
- test: use default ksh shell
|
|
Changelog:
1.4.20
appindicator or ayatana-appindicator is now a requirement
NX, XDMCP and ST have been removed
Use -DWITH_FREERDP3=ON if you are using the FreeRDP master branch
libsodium is needed to build Remmina.
webkit2gtk3 is needed to build the WWW plugin.
-DWITH_KF5WALLET=ON is a new config option needed for the KWallet plugin (and the required kf5wallet libraries to build it).
News can be turned off with -DWITH_NEWS=OFF\
gtk-vnc is needed for the VNC plugin for GNOME and KVM, -DWITH_GVNC=ON
List of changes:
Mark appindicator as required !2290 @antenore
Disabling XDMCP, NX, and ST !2291 @antenore
Remove plugins/st,xdmcp,nx for submodule replacement !2292 @antenore
SSH tunnel MFA !2293 @antenore
Adding connection profiles menu into the toolbar !2295 @antenore
Resolve "Preferences buttons not working since v1.4.19" !2296 @antenore
Some X11 related functions cleanup
1.4.19
Use -DWITH_FREERDP3=ON if you are using the FreeRDP master branch
libsodium is needed to build Remmina.
webkit2gtk3 is needed to build the WWW plugin.
-DWITH_KF5WALLET=ON is a new config option needed for the KWallet plugin (and the required kf5wallet libraries to build it).
News can be turned off with -DWITH_NEWS=OFF\
gtk-vnc is needed for the VNC plugin for GNOME and KVM, -DWITH_GVNC=ON
appindicator or ayatana-appindicator is now a requirement
List of changes:
Fix Freerdp Git Revision !2277 (merged) @matty-r
UI improvements and cleanup !2278 (merged) @antenore
Desktop integration for the Remmina SNAP !2279 (merged) @antenore
Add process-control to the remmina snap !2276 (merged) @antenore
Adding SSH_AGENT support to the snap package !2280 (merged) @antenore
Adding option to disable smooth scrolling !2281 (merged) @antenore
Scrolled Viewport: use viewport_motion_handler as the only timeout indicator !2282 (merged) @cth451
Adding TCP redirection through rdp2tcp !2283 (merged) @antenore
Added setting for RDP number of reconnect attempts !2284 (merged) @antenore
Add RDP reconnect interrupt on window close, fix crash introduced with 7c13b918. Should fix #2079 !2286 (merged) @giox069
Removing GtkStatusIcon as deprecated !2285 (merged) @antenore
Adding advanced option to share multiple folders !2287 (merged) @antenore
Profile list grabs the focus when search is hidden !2288 (merged) @antenore
1.4.18
Use -DWITH_FREERDP3=ON if you are using the FreeRDP master branch
libsodium is needed to build Remmina.
webkit2gtk3 is needed to build the WWW plugin.
-DWITH_KF5WALLET=ON is a new config option needed for the KWallet plugin (and the required kf5wallet libraries to build it).
News can be turned off with -DWITH_NEWS=OFF\
gtk-vnc is needed for the VNC plugin for GNOME and KVM, -DWITH_GVNC=ON
List of changes:
[SNAP] Removing unsupported architectures !2268 @antenore
Try more shells as launcher if default isn't found !2269 @cirelli94
Minor fixes for v1.4.17 !2270 @antenore
SSH session improvements !2271 @antenore
Fixes - Auto-start file created on tray icon disabled !2272 @antenore
RDP: Remove older usage of ClientHostname @giox069
Fix libfreerdp version check @giox069
Explicitly set user resolution to a multiple of 4 !2273 @antenore
Code refactoring - ASAN exceptions !2274 @antenore
|
|
PKGREVISION -> 3
|
|
Seems the daemon writes no pid file unless explicitly told where.
Fixes PR 55244. PKGREVISION -> 1.
|
|
2.4.2
- BUG/MINOR: server-state: load SRV resolution only if params match the config
- BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled
- BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI
- MINOR: resolvers: Clean server in a dedicated function when removing a SRV item
- MINOR: resolvers: Remove server from named_servers tree when removing a SRV item
- BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status
- BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task()
- BUG/MINOR: server/cli: Fix locking in function processing "set server" command
- BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header
- BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check
- REGTESTS: fix maxconn update with agent-check
- MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules
- DOC: config: Add missing actions in "tcp-request session" documentation
- CLEANUP: dns: Remove a forgotten debug message
- BUG/MINOR: resolvers: Always attach server on matching record on resolution
- BUG/MINOR: resolvers: Reset server IP when no ip is found in the response
- MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response()
- BUG/MINOR: checks: return correct error code for srv_parse_agent_check
- BUILD: Makefile: fix linkage for Haiku.
- BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules
- BUG/MINOR: mqtt: Fix parser for string with more than 127 characters
- BUG/MINOR: mqtt: Support empty client ID in CONNECT message
- BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution
- DOC: config: use CREATE USER for mysql-check
- BUG/MINOR: stick-table: fix several printf sign errors dumping tables
- BUG/MINOR: peers: fix data_type bit computation more than 32 data_types
- DOC: stick-table: add missing documentation about gpt0 stored type
- BUG/MEDIUM: sock: make sure to never miss early connection failures
- BUG/MINOR: cli: fix server name output in "show fd"
- Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules"
- MINOR: http: implement http_get_scheme
- MEDIUM: http: implement scheme-based normalization
- MEDIUM: h1-htx: apply scheme-based normalization on h1 requests
- MEDIUM: h2: apply scheme-based normalization on h2 requests
- REGTESTS: add http scheme-based normalization test
|
|
deprecated go-package; no users in pkgsrc
|
|
RabbitMQ 3.8.19 is a maintenance release.
|
|
|
|
0.32.1
Increased timeout in ServiceInfo.request to handle loaded systems
It can take a few seconds for a loaded system to run the async_request coroutine when the event loop is busy, or the system is CPU bound (example being Home Assistant startup). We now add an additional _LOADED_SYSTEM_TIMEOUT (10s) to the run_coroutine_threadsafe calls to ensure the coroutine has the total amount of time to run up to its internal timeout (default of 3000ms).
Ten seconds is a bit large of a timeout; however, it is only used in cases where we wrap other timeouts. We now expect the only instance the run_coroutine_threadsafe result timeout will happen in a production circumstance is when someone is running a ServiceInfo.request() in a thread and another thread calls Zeroconf.close() at just the right moment that the future is never completed unless the system is so loaded that it is nearly unresponsive.
The timeout for run_coroutine_threadsafe is the maximum time a thread can cleanly shut down when zeroconf is closed out in another thread, which should always be longer than the underlying thread operation.
|
|
1.9.6 Change Log:
Added in the TLS 1.3 Cipher Suite from the RFC 8446 dated August 2018
Added support for Linux cooked capture v2, SLL2.
1.9.5 Changelog:
- New example showing how to process truncated DNS packets (examples/print_dns_truncated.py).
- Corrected typo in BGP.notification attribute.
- BGP.Update.Attribute.MPReachNLRI.SNPA now inherits from dpkt.Packet.
- Byteorder is now specified when packing GRE optional fields.
- Improvement to Radiotap class, supporting multi-byte and misaligned flags fields. Endianness is now enforced.
- Github issue template added for bug reporting.
- Compliance with flake8 formatting.
- asn1.py::utctime method now returns time in UTC, instead of local.
- Allow multiple InterfaceDescriptionBlocks with pcapng.Writer.
- SCTP decoder DATA chunk padding aligned to 4-bytes, and improved handling of .data field.
- IEEE80211 DELBA frame now works on big and little-endian architectures.
- Introduce compat.ntole which converts from network byte order to little-endian byte order, regardless of host endianness.
- Ethernet class now attempts to unpack the padding and trailer if present.
- Added anonymous property to cipher suites, which returns True if the cipher suite starts with 'anon'.
- Added pfs (Perfect Forward Secrecy) and aead (Authenticated Encryption with Additional Data) properties to cipher suites.
- Added old CHACHA20-POLY1305 related cipher suites to TLS CipherSuite list.
- Remove redundant num_compression_methods from TLSClientHello
- Testing improved from 90% coverage to over 99%.
|
|
Changes:
## 1.18.1 - 2021-07-04
### Additions
- [mangafox] add manga extractor (#1633)
- [mangasee] add chapter and manga extractors
- [mastodon] implement text-posts option (#1569, #1669)
- [seisoparty] add user and post extractors (#1635)
- implement conditional directories (#1394)
- add T format string conversion (#1646)
- document format string syntax
### Changes
- [twitter] set retweet_id for original retweets (#1481)
### Fixes
- [directlink] manually encode Referer URLs (#1647)
- [hiperdex] use domain from input URL
- [kemonoparty] fix username extraction (#1652)
- [kemonoparty] warn about missing DDoS-GUARD cookies
- [twitter] ensure guest tokens are returned as string (#1665)
- [webtoons] match arbitrary language codes (#1643)
- fix depth counter in UrlJob when specifying -g multiple times
## 1.18.0 - 2021-06-19
### Additions
- [foolfuuka] support `archive.wakarimasen.moe` (#1595)
- [mangadex] implement login with username & password (#1535)
- [mangadex] add extractor for a user's followed feed (#1535)
- [pixiv] support fetching privately followed users (#1628)
- implement conditional filenames (#1394)
- implement `filter` option for post processors (#1460)
- add `-T/--terminate` command-line option (#1399)
- add `-P/--postprocessor` command-line option (#1583)
### Changes
- [kemonoparty] update default filenames and archive IDs (#1514)
- [twitter] update default settings
- change `retweets` and `quoted` options from `true` to `false`
- change directory format for search results to the same as other extractors
- require an argument for `--clear-cache`
### Fixes
- [500px] update GraphQL queries
- [furaffinity] improve metadata extraction (#1630)
- [hitomi] update image URL generation (#1637)
- [idolcomplex] improve and fix pagination (#1594)
- [instagram] fix login (#1631)
- [instagram] update query hashes
- [mangadex] update to API v5 (#1535)
- [mangafox] improve URL pattern (#1608)
- [oauth] prevent exceptions when reporting errors (#1603)
- [philomena] fix tag escapes handling (#1629)
- [redgifs] update API server address (#1632)
- [sankaku] handle empty tags (#1617)
- [subscribestar] improve attachment filenames (#1609)
- [unsplash] update collections URL pattern (#1627)
- [postprocessor:metadata] handle dicts in `mode:tags` (#1598)
## 1.17.5 - 2021-05-30
### Additions
- [kemonoparty] add `metadata` option (#1548)
- [kemonoparty] add `type` metadata field (#1556)
- [mangapark] recognize v2.mangapark URLs (#1578)
- [patreon] extract user-defined `tags` (#1539)
- [pillowfort] implement login with username & password (#846)
- [pillowfort] add `inline` and `external` options (#846)
- [pixiv] implement `max-posts` option (#1558)
- [pixiv] add `metadata` option (#1551)
- [twitter] add `text-tweets` option (#570)
- [weibo] extend `retweets` option (#1542)
- [postprocessor:ugoira] support using the `image2` demuxer (#1550)
- [postprocessor:ugoira] add `repeat-last-frame` option (#1550)
- support `XDG_CONFIG_HOME` (#1545)
- implement `parent-skip` and `"skip": "terminate"` options (#1399)
### Changes
- [twitter] resolve `t.co` URLs in `content` (#1532)
### Fixes
- [500px] update query hashes (#1573)
- [aryion] find text posts in `recursive=false` mode (#1568)
- [imagebam] fix extraction of NSFW images (#1534)
- [imgur] update URL patterns (#1561)
- [manganelo] update domain to `manganato.com`
- [reactor] skip deleted/empty posts
- [twitter] add missing retweet media entities (#1555)
- fix ISO 639-1 code for Japanese (`jp` -> `ja`)
|
|
0.32.0
This release offers 100% line and branch coverage.
Made ServiceInfo first question QU
We want an immediate response when requesting with ServiceInfo by asking a QU question; most responders will not delay the response and respond right away to our question. This also improves compatibility with split networks as we may not have been able to see the response otherwise. If the responder has not multicast the record recently, it may still choose to do so in addition to responding via unicast
Reduces traffic when there are multiple zeroconf instances running on the network running ServiceBrowsers
If we don't get an answer on the first try, we ask a QM question in the event, we can't receive a unicast response for some reason
This change puts ServiceInfo inline with ServiceBrowser which also asks the first question as QU since ServiceInfo is commonly called from ServiceBrowser callbacks
Limited duplicate packet suppression to 1s intervals
Only suppress duplicate packets that happen within the same second. Legitimate queriers will retry the question if they are suppressed. The limit was reduced to one second to be in line with rfc6762
Made multipacket known answer suppression per interface
The suppression was happening per instance of Zeroconf instead of per interface. Since the same network can be seen on multiple interfaces (usually and wifi and ethernet), this would confuse the multi-packet known answer supression since it was not expecting to get the same data more than once
New ServiceBrowsers now request QU in the first outgoing when unspecified
https://datatracker.ietf.org/doc/html/rfc6762#section-5.4 When we start a ServiceBrowser and zeroconf has just started up, the known answer list will be small. By asking a QU question first, it is likely that we have a large known answer list by the time we ask the QM question a second later (current default which is likely too low but would be a breaking change to increase). This reduces the amount of traffic on the network, and has the secondary advantage that most responders will answer a QU question without the typical delay answering QM questions.
IPv6 link-local addresses are now qualified with scope_id
When a service is advertised on an IPv6 address where the scope is link local, i.e. fe80::/64 (see RFC 4007) the resolved IPv6 address must be extended with the scope_id that identifies through the "%" symbol the local interface to be used when routing to that address. A new API parsed_scoped_addresses() is provided to return qualified addresses to avoid breaking compatibility on the existing parsed_addresses().
Network adapters that are disconnected are now skipped
Fixed listeners missing initial packets if Engine starts too quickly
When manually creating a zeroconf.Engine object, it is no longer started automatically. It must manually be started by calling .start() on the created object.
The Engine thread is now started after all the listeners have been added to avoid a race condition where packets could be missed at startup.
Fixed answering matching PTR queries with the ANY query
Fixed lookup of uppercase names in the registry
If the ServiceInfo was registered with an uppercase name and the query was for a lowercase name, it would not be found and vice-versa.
Fixed unicast responses from any source port
Unicast responses were only being sent if the source port was 53, this prevented responses when testing with dig:
dig -p 5353 @224.0.0.251 media-12.local
The above query will now see a response
Fixed queries for AAAA records not being answered
Removed second level caching from ServiceBrowsers
The ServiceBrowser had its own cache of the last time it saw a service that was reimplementing the DNSCache and presenting a source of truth problem that lead to unexpected queries when the two disagreed.
Fixed server cache not being case-insensitive
If the server name had uppercase chars and any of the matching records were lowercase, and the server would not be found
Fixed cache handling of records with different TTLs
There should only be one unique record in the cache at a time as having multiple unique records will different TTLs in the cache can result in unexpected behavior since some functions returned all matching records and some fetched from the right side of the list to return the newest record. Instead we now store the records in a dict to ensure that the newest record always replaces the same unique record, and we never have a source of truth problem determining the TTL of a record from the cache.
Fixed ServiceInfo with multiple A records
If there were multiple A records for the host, ServiceInfo would always return the last one that was in the incoming packet, which was usually not the one that was wanted.
Fixed stale unique records expiring too quickly
Records now expire 1s in the future instead of instant removal.
tools.ietf.org/html/rfc6762#section-10.2 Queriers receiving a Multicast DNS response with a TTL of zero SHOULD NOT immediately delete the record from the cache, but instead record a TTL of 1 and then delete the record one second later. In the case of multiple Multicast DNS responders on the network described in Section 6.6 above, if one of the responders shuts down and incorrectly sends goodbye packets for its records, it gives the other cooperating responders one second to send out their own response to "rescue" the records before they expire and are deleted.
Fixed exception when unregistering a service multiple times
Added an AsyncZeroconfServiceTypes to mirror ZeroconfServiceTypes to zeroconf.asyncio
Fixed interface_index_to_ip6_address not skiping ipv4 adapters
Added async_unregister_all_services to AsyncZeroconf
Fixed services not being removed from the registry when calling unregister_all_services
There was a race condition where a query could be answered for a service in the registry, while goodbye packets which could result in a fresh record being broadcast after the goodbye if a query came in at just the right time. To avoid this, we now remove the services from the registry right after we generate the goodbye packet
Fixed zeroconf exception on load when the system disables IPv6
Fixed the QU bit missing from for probe queries
The bit should be set per datatracker.ietf.org/doc/html/rfc6762#section-8.1
Fixed the TC bit missing for query packets where the known answers span multiple packets
Fixed packets not being properly separated when exceeding maximum size
Ensure that questions that exceed the max packet size are moved to the next packet. This fixes DNSQuestions being sent in multiple packets in violation of: datatracker.ietf.org/doc/html/rfc6762#section-7.2
Ensure only one resource record is sent when a record exceeds _MAX_MSG_TYPICAL datatracker.ietf.org/doc/html/rfc6762#section-17
Fixed PTR questions asked in uppercase not being answered
Added Support for context managers in Zeroconf and AsyncZeroconf
Implemented an AsyncServiceBrowser to compliment the sync ServiceBrowser
Added async_get_service_info to AsyncZeroconf and async_request to AsyncServiceInfo
Implemented allowing passing in a sync Zeroconf instance to AsyncZeroconf
Fixed IPv6 setup under MacOS when binding to ""
Fixed ZeroconfServiceTypes.find not always cancels the ServiceBrowser
There was a short window where the ServiceBrowser thread could be left running after Zeroconf is closed because the .join() was never waited for when a new Zeroconf object was created
Fixed duplicate packets triggering duplicate updates
If TXT or SRV records update was already processed and then received again, it was possible for a second update to be called back in the ServiceBrowser
Fixed ServiceStateChange.Updated event happening for IPs that already existed
Fixed RFC6762 Section 10.2 paragraph 2 compliance
Reduced length of ServiceBrowser thread name with many types
Fixed empty answers being added in ServiceInfo.request
Fixed ServiceInfo not populating all AAAA records
Use get_all_by_details to ensure all records are loaded into addresses.
Only load A/AAAA records from the cache once in load_from_cache if there is a SRV record present
Move duplicate code that checked if the ServiceInfo was complete into its own function
Fixed a case where the cache list can change during iteration
Return task objects created by AsyncZeroconf
Traffic Reduction:
Added support for handling QU questions
Implements RFC 6762 sec 5.4: Questions Requesting Unicast Responses datatracker.ietf.org/doc/html/rfc6762#section-5.4
Implemented protect the network against excessive packet flooding
Additionals are now suppressed when they are already in the answers section
Additionals are no longer included when the answer is suppressed by known-answer suppression
Implemented multi-packet known answer supression
Implements datatracker.ietf.org/doc/html/rfc6762#section-7.2
Implemented efficient bucketing of queries with known answers
Implemented duplicate question suppression
http://datatracker.ietf.org/doc/html/rfc6762#section-7.3
Technically backwards incompatible:
Update internal version check to match docs (3.6+)
Python version earlier then 3.6 were likely broken with zeroconf already, however, the version is now explicitly checked.
Update python compatibility as PyPy3 7.2 is required
Backwards incompatible:
Drop oversize packets before processing them
Oversized packets can quickly overwhelm the system and deny service to legitimate queriers. In practice, this is usually due to broken mDNS implementations rather than malicious actors.
Guard against excessive ServiceBrowser queries from PTR records significantly lowerthan recommended
We now enforce a minimum TTL for PTR records to avoid ServiceBrowsers generating excessive queries refresh queries. Apple uses a 15s minimum TTL, however, we do not have the same level of rate limit and safeguards, so we use 1/4 of the recommended value.
RecordUpdateListener now uses async_update_records instead of update_record
This allows the listener to receive all the records that have been updated in a single transaction such as a packet or cache expiry.
update_record has been deprecated in favor of async_update_records A compatibility shim exists to ensure classes that use RecordUpdateListener as a base class continue to have update_record called, however, they should be updated as soon as possible.
A new method async_update_records_complete is now called on each listener when all listeners have completed processing updates and the cache has been updated. This allows ServiceBrowsers to delay calling handlers until they are sure the cache has been updated as its a common pattern to call for ServiceInfo when a ServiceBrowser handler fires.
The async_ prefix was chosen to make it clear that these functions run in the eventloop and should never do blocking I/O. Before 0.32+ these functions ran in a select() loop and should not have been doing any blocking I/O, but it was not clear to implementors that I/O would block the loop.
Pass both the new and old records to async_update_records
Pass the old_record (cached) as the value and the new_record (wire) to async_update_records instead of forcing each consumer to check the cache since we will always have the old_record when generating the async_update_records call. This avoids the overhead of multiple cache lookups for each listener.
|
|
3.6.1:
Modified
Support deprecated method_whitelist parameter in urllib3.util.retry.Retry for urllib3<1.26
Fix support of registered domains for INWX provider
Update mypy and use external types modules
|
|
v4.3.6
- FEATURE: New languages: Mongolian, Persian, Thai
- BUGFIX: Provide correct error description in "upload mode"
- BUGFIX: Allow adding torrents with relative save path
- BUGFIX: Fix main window turns blank after restoring from tray
- BUGFIX: Remove the lockfile on exit
- BUGFIX: Improve "Watched folders" feature
- BUGFIX: Keep sub-sorting order
- BUGFIX: Properly add torrent with new tags
- WINDOWS: NSIS: Update Japanese, Turkish, Hungarian, Swedish translation
|
|
No upstream ChangeLog.
|
|
No upstream ChangeLog.
|
|
No upstream ChangeLog.
|
|
Changes in version 0.4.6.6 - 2021-06-30
Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that
allows Tor to build correctly on older versions of GCC. You should
upgrade to this version if you were having trouble building Tor
0.4.6.5; otherwise, there is probably no need.
o Minor bugfixes (compilation):
- Fix a compilation error when trying to build Tor with a compiler
that does not support const variables in static initializers.
Fixes bug 40410; bugfix on 0.4.6.5.
- Suppress a strict-prototype warning when building with some
versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (testing):
- Enable the deterministic RNG for unit tests that covers the
address set bloomfilter-based API's. Fixes bug 40419; bugfix
on 0.3.3.2-alpha.
|
|
GitHub CLI 1.12.1
-----------------
* Fix bug where branchProtectionRule doesn't exist in enterprise 2.22
* fix repo create in org with license/ignore
GitHub CLI 1.12.0
-----------------
HELLO and welcome back to GitHub on the command line.
This is a pretty cool release.
gh browse
Taking inspiration from hub, we've added gh browse. This is a multipurpose
command for getting from your terminal to your browser.
My favorite use is to open up lines of code for sharing with others:
gh browse pkg/cmd/repo/garden/garden.go:520
You can also get directly to a repo's settings:
gh browse --settings
The command can do much more, check out gh browse -h!
We're also excited to shout out the contributors who made this new feature
possible, a group of students in the MinT program.
Add .gitignore and LICENSE when creating repositories
When creating a repository from scratch (gh repo create mycoolrepo), you can
now select from GitHub's .gitignore and LICENSE templates to include with the
new repository.
Connect via a unix socket
A new config value http_unix_socket can be configured to a local path to push
all of gh's traffic over a socket.
GitHub CLI 1.11.0
-----------------
* Add support for environment secrets
* run list: add "age" column and columns headers in output
* Add support for XDG Base Directory specification
Additionally, the default configuration location on Windows is now changed
from ~/.config/gh/ to %AppData%.
* Include number alongside the title in issue/pr view
GitHub CLI 1.10.0
-----------------
Improvements to JSON exporting
* Add gh repo list/view --json support
* Add gh release view --json support
* Fixes numerous issues with gh pr list/view --json support
+ fetching closed field
+ fetching date fields like createdAt or mergedAt
+ fetching files field
* Fix exporting milestone field for issues and PRs
* Add commits field to JSON export for PRs
* Show more than 100 comments in gh issue view --json comments
* Add shell completion for valid --json flag values
New Features
* Add gh repo fork --org option
* Allow passinggh alias set value via standard input
* Prompt for value in gh secret set
* Update gh api placeholder syntax to {owner}, {repo} to match GitHub API
documentation
* Extend our package repository to support Ubuntu Hirsute and Kali linux
|
|
deprecated go-package; no users in pkgsrc
|
|
|
|
|
|
Release v1.38.1
Backport 26430 and 26435 to v1.38.x.
|
|
|
|
3.8.18:
Bug fixes
Security vulnerability patch for CVE-2021-32719
|
|
|
|
|
|
|
|
This release contains refinements, improvements, and bug fixes.
|
|
because of py-autobahn
|
|
This still does not build for me.
Add comment on tor implementation project in rust.
|
|
Changes in version 0.4.6.5 - 2021-06-14
Tor 0.4.6.5 is the first stable release in its series. The 0.4.6.x
series includes numerous features and bugfixes, including a significant
improvement to our circuit timeout algorithm that should improve
observed client performance, and a way for relays to report when they are
overloaded.
This release also includes security fixes for several security issues,
including a denial-of-service attack against onion service clients,
and another denial-of-service attack against relays. Everybody should
upgrade to one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.
o Major bugfixes (security):
- Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
half-closed streams. Previously, clients failed to validate which
hop sent these cells: this would allow a relay on a circuit to end
a stream that wasn't actually built with it. Fixes bug 40389;
bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
003 and CVE-2021-34548.
o Major bugfixes (security, defense-in-depth):
- Detect more failure conditions from the OpenSSL RNG code.
Previously, we would detect errors from a missing RNG
implementation, but not failures from the RNG code itself.
Fortunately, it appears those failures do not happen in practice
when Tor is using OpenSSL's default RNG implementation. Fixes bug
40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
o Major bugfixes (security, denial of service):
- Resist a hashtable-based CPU denial-of-service attack against
relays. Previously we used a naive unkeyed hash function to look
up circuits in a circuitmux object. An attacker could exploit this
to construct circuits with chosen circuit IDs, to create
collisions and make the hash table inefficient. Now we use a
SipHash construction here instead. Fixes bug 40391; bugfix on
0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
- Fix an out-of-bounds memory access in v3 onion service descriptor
parsing. An attacker could exploit this bug by crafting an onion
service descriptor that would crash any client that tried to visit
it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
Glazunov from Google's Project Zero.
o Major features (control port, onion services):
- Add controller support for creating version 3 onion services with
client authorization. Previously, only v2 onion services could be
created with client authorization. Closes ticket 40084. Patch by
Neel Chauhan.
o Major features (directory authority):
- When voting on a relay with a Sybil-like appearance, add the Sybil
flag when clearing out the other flags. This lets a relay operator
know why their relay hasn't been included in the consensus. Closes
ticket 40255. Patch by Neel Chauhan.
o Major features (metrics):
- Relays now report how overloaded they are in their extrainfo
documents. This information is controlled with the
OverloadStatistics torrc option, and it will be used to improve
decisions about the network's load balancing. Implements proposal
328; closes ticket 40222.
o Major features (relay, denial of service):
- Add a new DoS subsystem feature to control the rate of client
connections for relays. Closes ticket 40253.
o Major features (statistics):
- Relays now publish statistics about the number of v3 onion
services and volume of v3 onion service traffic, in the same
manner they already do for v2 onions. Closes ticket 23126.
o Major bugfixes (circuit build timeout):
- Improve the accuracy of our circuit build timeout calculation for
60%, 70%, and 80% build rates for various guard choices. We now
use a maximum likelihood estimator for Pareto parameters of the
circuit build time distribution, instead of a "right-censored
estimator". This causes clients to ignore circuits that never
finish building in their timeout calculations. Previously, clients
were counting such unfinished circuits as having the highest
possible build time value, when in reality these circuits most
likely just contain relays that are offline. We also now wait a
bit longer to let circuits complete for measurement purposes,
lower the minimum possible effective timeout from 1.5 seconds to
10ms, and increase the resolution of the circuit build time
histogram from 50ms bin widths to 10ms bin widths. Additionally,
we alter our estimate Xm by taking the maximum of the top 10 most
common build time values of the 10ms histogram, and compute Xm as
the average of these. Fixes bug 40168; bugfix on 0.2.2.14-alpha.
- Remove max_time calculation and associated warning from circuit
build timeout 'alpha' parameter estimation, as this is no longer
needed by our new estimator from 40168. Fixes bug 34088; bugfix
on 0.2.2.9-alpha.
o Major bugfixes (signing key):
- In the tor-gencert utility, give an informative error message if
the passphrase given in `--create-identity-key` is too short.
Fixes bug 40189; bugfix on 0.2.0.1-alpha. Patch by Neel Chauhan.
o Minor features (bridge):
- We now announce the URL to Tor's new bridge status at
https://bridges.torproject.org/ when Tor is configured to run as a
bridge relay. Closes ticket 30477.
o Minor features (build system):
- New "make lsp" command to auto generate the compile_commands.json
file used by the ccls server. The "bear" program is needed for
this. Closes ticket 40227.
o Minor features (client):
- Clients now check whether their streams are attempting to re-enter
the Tor network (i.e. to send Tor traffic over Tor), and close
them preemptively if they think exit relays will refuse them for
this reason. See ticket 2667 for details. Closes ticket 40271.
o Minor features (command line):
- Add long format name "--torrc-file" equivalent to the existing
command-line option "-f". Closes ticket 40324. Patch by
Daniel Pinto.
o Minor features (command-line interface):
- Add build informations to `tor --version` in order to ease
reproducible builds. Closes ticket 32102.
- When parsing command-line flags that take an optional argument,
treat the argument as absent if it would start with a '-'
character. Arguments in that form are not intelligible for any of
our optional-argument flags. Closes ticket 40223.
- Allow a relay operator to list the ed25519 keys on the command
line by adding the `rsa` and `ed25519` arguments to the
--list-fingerprint flag to show the respective RSA and ed25519
relay fingerprint. Closes ticket 33632. Patch by Neel Chauhan.
o Minor features (compatibility):
- Remove an assertion function related to TLS renegotiation. It was
used nowhere outside the unit tests, and it was breaking
compilation with recent alpha releases of OpenSSL 3.0.0. Closes
ticket 40399.
o Minor features (control port, stream handling):
- Add the stream ID to the event line in the ADDRMAP control event.
Closes ticket 40249. Patch by Neel Chauhan.
o Minor features (dormant mode):
- Add a new 'DormantTimeoutEnabled' option to allow coarse-grained
control over whether the client ever becomes dormant from
inactivity. Most people won't need this. Closes ticket 40228.
- Add a new 'DormantTimeoutEnabled' option for coarse-grained
control over whether the client can become dormant from
inactivity. Most people won't need this. Closes ticket 40228.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/06/10.
o Minor features (logging):
- Edit heartbeat log messages so that more of them begin with the
string "Heartbeat: ". Closes ticket 40322; patch
from 'cypherpunks'.
- Change the DoS subsystem heartbeat line format to be more clear on
what has been detected/rejected, and which option is disabled (if
any). Closes ticket 40308.
- In src/core/mainloop/mainloop.c and src/core/mainloop/connection.c,
put brackets around IPv6 addresses in log messages. Closes ticket
40232. Patch by Neel Chauhan.
o Minor features (logging, diagnostic):
- Log decompression failures at a higher severity level, since they
can help provide missing context for other warning messages. We
rate-limit these messages, to avoid flooding the logs if they
begin to occur frequently. Closes ticket 40175.
o Minor features (onion services):
- Add a warning message when trying to connect to (no longer
supported) v2 onion services. Closes ticket 40373.
o Minor features (performance, windows):
- Use SRWLocks to implement locking on Windows. Replaces the
"critical section" locking implementation with the faster
SRWLocks, available since Windows Vista. Closes ticket 17927.
Patch by Daniel Pinto.
o Minor features (protocol, proxy support, defense in depth):
- Close HAProxy connections if they somehow manage to send us data
before we start reading. Closes another case of ticket 40017.
o Minor features (tests, portability):
- Port the hs_build_address.py test script to work with recent
versions of python. Closes ticket 40213. Patch from
Samanta Navarro.
o Minor features (vote document):
- Add a "stats" line to directory authority votes, to report various
statistics that authorities compute about the relays. This will
help us diagnose the network better. Closes ticket 40314.
o Minor bugfixes (build):
- The configure script now shows whether or not lzma and zstd have
been used, not just if the enable flag was passed in. Fixes bug
40236; bugfix on 0.4.3.1-alpha.
o Minor bugfixes (compatibility):
- Fix a failure in the test cases when running on the "hppa"
architecture, along with a related test that might fail on other
architectures in the future. Fixes bug 40274; bugfix
on 0.2.5.1-alpha.
o Minor bugfixes (compilation):
- Fix a compilation warning about unused functions when building
with a libc that lacks the GLOB_ALTDIRFUNC constant. Fixes bug
40354; bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto.
o Minor bugfixes (consensus handling):
- Avoid a set of bugs that could be caused by inconsistently
preferring an out-of-date consensus stored in a stale directory
cache over a more recent one stored on disk as the latest
consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha.
o Minor bugfixes (control, sandbox):
- Allow the control command SAVECONF to succeed when the seccomp
sandbox is enabled, and make SAVECONF keep only one backup file to
simplify implementation. Previously SAVECONF allowed a large
number of backup files, which made it incompatible with the
sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by
Daniel Pinto.
o Minor bugfixes (directory authorities, voting):
- Add a new consensus method (31) to support any future changes that
authorities decide to make to the value of bwweightscale or
maxunmeasuredbw. Previously, there was a bug that prevented the
authorities from parsing these consensus parameters correctly under
most circumstances. Fixes bug 19011; bugfix on 0.2.2.10-alpha.
o Minor bugfixes (ipv6):
- Allow non-SOCKSPorts to disable IPv4, IPv6, and PreferIPv4. Some
rare configurations might break, but in this case you can disable
NoIPv4Traffic and NoIPv6Traffic as needed. Fixes bug 33607; bugfix
on 0.4.1.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (key generation):
- Do not require a valid torrc when using the `--keygen` argument to
generate a signing key. This allows us to generate keys on systems
or users which may not run Tor. Fixes bug 40235; bugfix on
0.2.7.2-alpha. Patch by Neel Chauhan.
o Minor bugfixes (logging, relay):
- Emit a warning if an Address is found to be internal and tor can't
use it. Fixes bug 40290; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (metrics port):
- Fix a bug that made tor try to re-bind() on an already open
MetricsPort every 60 seconds. Fixes bug 40370; bugfix
on 0.4.5.1-alpha.
o Minor bugfixes (onion services, logging):
- Downgrade the severity of a few rendezvous circuit-related
warnings from warning to info. Fixes bug 40207; bugfix on
0.3.2.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (relay):
- Reduce the compression level for data streaming from HIGH to LOW.
This should reduce the CPU and memory burden for directory caches.
Fixes bug 40301; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (testing, BSD):
- Fix pattern-matching errors when patterns expand to invalid paths
on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by
Daniel Pinto.
o Code simplification and refactoring:
- Remove the orconn_ext_or_id_map structure and related functions.
(Nothing outside of unit tests used them.) Closes ticket 33383.
Patch by Neel Chauhan.
o Removed features:
- Remove unneeded code for parsing private keys in directory
documents. This code was only used for client authentication in v2
onion services, which are now unsupported. Closes ticket 40374.
- As of this release, Tor no longer supports the old v2 onion
services. They were deprecated last July for security, and support
will be removed entirely later this year. We strongly encourage
everybody to migrate to v3 onion services. For more information,
see https://blog.torproject.org/v2-deprecation-timeline . Closes
ticket 40266. (NOTE: We accidentally released an earlier version
of the 0.4.6.1-alpha changelog without this entry. Sorry for
the confusion!)
o Code simplification and refactoring (metrics, DoS):
- Move the DoS subsystem into the subsys manager, including its
configuration options. Closes ticket 40261.
o Documentation (manual):
- Move the ServerTransport* options to the "SERVER OPTIONS" section.
Closes issue 40331.
- Indicate that the HiddenServiceStatistics option also applies to
bridges. Closes ticket 40346.
- Move the description of BridgeRecordUsageByCountry to the section
"STATISTICS OPTIONS". Closes ticket 40323.
o Removed features (relay):
- Because DirPorts are only used on authorities, relays no longer
advertise them. Similarly, self-testing for DirPorts has been
disabled, since an unreachable DirPort is no reason for a relay
not to advertise itself. (Configuring a DirPort will still work,
for now.) Closes ticket 40282.
|
|
Now all tests pass.
|
|
|
|
py-magic-wormhole-mailbox-server-0.4.1
This repository holds the code for the main server that Magic-Wormhole
clients connect to. The server performs store-and-forward delivery
for small key-exchange and control messages. Bulk data is sent over
a direct TCP connection, or through a transit-relay.
Clients connect with WebSockets, for low-latency delivery in the
happy case where both clients are attached at the same time. Message
are stored to enable non-simultaneous clients to make forward
progress. The server uses a small SQLite database for persistence
(and clients will reconnect automatically, allowing the server to
be rebooted without losing state). An optional "usage DB" tracks
historical activity for status monitoring and operational maintenance.
|
|
|
|
py-magic-wormhole-transit-relay-0.2.1
This repository implements the Magic-Wormhole "Transit Relay", a
server that helps clients establish bulk-data transit connections
even when both are behind NAT boxes. Each side makes a TCP connection
to this server and presents a handshake. Two connections with
identical handshakes are glued together, allowing them to pretend
they have a direct connection.
This server used to be included in the magic-wormhole repository,
but was split out into a separate repo to aid deployment and
development.
|
|
|
|
|
|
FreeRADIUS 3.0.23
Feature improvements
* Update dictionary.aruba
* Add "set home_server state ... down" in order to mark the
home server as administratively down. Use "alive" to bring
it back to life.
* Add Post-Auth-Type "Client-Lost" which should make it easier
to log when clients stop responding.
* Add sites-available/totp as an example of how to use TOTP.
* Add %{mschap:Domain-Name}.
* Cache TLS messages in &session-state, for more debugging.
* Notes in eap configuration about TLS 1.0 / TLS 1.1, and setting
cipher_list = "DEFAULT@SECLEVEL=1"
* Added MANY warning messages about using TLS 1.3 with EAP.
In short, don't use it. Microsoft will support it in fall 2021.
Bug fixes
* Fix crash in some cases when home server is down, in debug mode.
* Fix (again) "read clients from SQL" functionality.
* Fix sql_map to return values in more situations.
* Silently ignore LEAP configuration instead of erroring out.
FreeRADIUS 3.0.22
Feature improvements
* Many new "unlang" documentation files. See "make docsite"
and then see build/docsite/freeradius-server/*/index.html
* Limited support for dynamic home servers. See proxy.conf
and doc/configuration/dynamic_home_servers.md
* Add support for prepend operator ^=. See "man unlang" for
for details.
* Added rlm_totp, for use with the Google Authenticator app.
See mods-available/totp.
* The default minimum TLS version is now TLS 1.2, as per RFC 8996.
Older versions can be allowed by setting tls_min_version, and
updating "cipher_list".
* Significantly improve the readability and contents of TLS
debug messages.
* Allow CoA and Disconnect messages over TLS sockets.
* Automatically set fragment size / MTU, so that PEAP/EAP-TLS
works, and no longer requires manual changes to the configuration.
* Allow "configurable_client_cert=yes" for EAP-TLS. This should
only be used for a "walled garden". See mods-available/eap
* Add TLS 1.2 support for EAP-Fast. Patches from Alex Clouter.
* Add ca_path_reload_interval option for tls. See mods-available/eap.
* Abfab-tls updates from Alejandro Perez.
* Add "tls_min_version" to ldap module configuration.
* We now support running policies when receiving a RadSec connection.
See sites-available/default, "New-TLS-Connection".
* Update TLS "ecdh_curve" code to allow for multiple curves.
* Allow delta CRLs.
* add rlm_sql_map, which can handle multiple columns from an SQL
query. See raddb/mods-available/sql_map.
* New xlat for setting status of rlm_always instances and new
resource-check example virtual server for manipulating control flow
in unlang policies based on status of some external resource.
Patches from Terry Burton.
* Update radmin to show more information about the home servers
using "show home_server list all".
* The default configuration now replies with EAP-Key-Name, if it
is available, and was requested.
* Include extensions in generated certificates.
* Ignore user-provided dhparams in FIPS mode.
Patch from Alexander Scheel.
* Remove native support for Cisco LEAP. It is insecure, and
should not be used. Proxying LEAP is still supported.
* Allow use of password preparation methods with rlm_eap_pwd.
Patch from Michael Braun.
* Many, many, improvements for DHCP from Nick Porter and Terry Burton.
* More RFC compliance for various corner cases of DHCP,
* Use DHCP-specific schemas.
* Add stored procedures for DHCP lease allocation
* Add support for DHCP-Decline.
* Added mods-available/dhcp_sql which is a DHCP-specific instance
of the SQL module.
* Treat DHCP Discover and Request differently for lease allocation times.
* Add support for PBKDF2 keys.
* Update dictionary.mikrotik, dictionary.aruba, dictionary.paloalto,
dictionary.juniper, dictionary.bskyb,
dictionary.alcatel.sr.
* Update default PostgreSQL schema to use "text" instead of
a fixed-size "varchar".
* Add radmin command "show client list verbose", which gives a lot
more information about each client.
* Add support for EAPS-AKA authentication to rlm_wimax.
* Add rlm_rest support for HTTP/2.
* Add REST-HTTP-Status-Code attribute holding HTTP status code.
* Add option to set http_negotiation in rlm_rest.
* Encode / decode NAS-Filter-Rule according to RFC 4849.
Inside of FreeRADIUS, each NAS-Filter-Rule just looks like
a string. But "on the wire", it follows RFC 4849.
See src/tests/unit/rfc4849.txt
* Allow attributes using old names in configuration files, SQL,
or modules to match attributes in the packet which use
new names.
* Allow querying IPv6 stats via FreeRADIUS-Stats-Client-IPv6-Address
and FreeRADIUS-Stats-Server-IPv6-Address
* Add warnings if there is no "real" User-Name to identify users.
* Add sample configuration to update Stripped-User-Name and/or
Class for user sessions. See sites-available/default
* Add configuration to suppress printing values for User-Name, etc.
See radiusd.conf, "suppress_secrets"
* Support dictionary.telrad, which is also in WiMAX format.
* PEAP 'proxy_tunneled_request_as_eap' is now configurable
at runtime with Proxy-Tunneled-Request-As-EAP.
* Debug output now lists client/server proposed TLS ciphers.
* Add support for TLS1.3, patches from Alexander Clouter
Bug fixes
* Fix long-term double free due to PCRE calling our "free"
function twice.
* Respect the "log_reject" configuration item in more places.
This lowers the number of "Login incorrect"
messages when "log_reject = no".
* Fix rpmbuild for Centos > 6. Patch from Matthew Newton.
* Run Post-Proxy-Type Fail... when all home servers are down.
* Note that rlm_replicate can only use UDP, and not TCP or TLS.
* DHCP pool lookup is now keyed by Client Identifier (Option 61) when
supplied by client, otherwise the hardware address is used. Compliant
with RFC 2132. This change will not affect existing systems on upgrade,
but new installations will use the new behavior.
Patch from Terry Burton.
* Fix minor spelling mistakes in man pages. Patch from
Alexander Scheel.
* Don't print invalid tags in rlm_cache, among other places.
* Do home_server failover immediately when an initial TCP / Radsec
connection fails.
* Port EAP-PWD constant time fixes from "master" branch. The issue
was verified by Mohamed Sabt, and a patch supplied by
Daniel De Almeida Braga.
* Clear error on SQLITE_BUSY to prevent memory leak in corner cases.
Patch from Nick Porter.
* Properly add SQL clients to virtual servers.
* Update documentation for cert generation. Patch from Alexander Scheel.
* Use better API when decoding DHCP packets, to avoid unnecessary work.
This improves performance noticeably.
* Parse locale-dependent dates.
* Strip out "-frecord-gcc-switches" from rlm_python3 configure build.
* Fix radiusd.conf ENV LD_PRELOAD function.
* Update the "sql" module so that it uses fewer handles for group selection,
which means that it is less likely to complain that the
connection pool is exhausted.
* Update the "sql" module to return "ok" when no rows have been updated
for accounting on/off.
* Make the "date" module handle UTC more consistently.
* Check for, and complain about, inconsistent use of tls_min_version
versus disable_tlsv1
* Fix "read client from SQL" code so that it properly ties clients
to a virtual server. Also document the behavior.
* Update / correct data types in dictionary.wimax
* Fix edge case in rlm_rest post decoder which could lead to the value of
a post attribute being lost in the case where the output buffer was completely
full after writing an attribute value, and more attributes needed to be encoded.
Reported by Adrian Smith.
* Fix leak with unknown attributes in detail reader.
* Fix parenting issues in rlm_yubikey.
* Update Mongo examples to be correct.
Notices
* CentOS 6, Debian 8 (Jessie) and Ubuntu 14 (Trusty) are EOL and no
longer supported. Docker files have been removed.
|
|
- bug fixes
- build system fixes
- code quality improvements
|
|
* OCaml 4.12 support
* fsmonitor improvements and Solaris support
* Color support in text UI, with a new preference, disabled by
NO_COLOR.
* Interactive profile selection in text UI, enabled by a new
preference.
* Working files are stored in the unison directory (typically
/.unison) rather than $HOME.
* Build cleanups, CI improvements, housekeeping
* Many bugfixes and minor improvements
|
|
and minor sync with net/unison
|
|
This is still the snapshot package, but since a release just happened,
at least catch it up for those following the snapshot.
Upstream changes since the last snapshot update are minor fixes, doc
regen, etc.
|
|
fastd is a very small VPN daemon which tunnels IP packets and Ethernet frames
over UDP. It supports various modern encryption and authentication schemes
and can be used in many different network topologies (1:1, 1:n, meshed).
|
|
2.4.1
- BUG/MEDIUM: ebtree: Invalid read when looking for dup entry
- BUG/MAJOR: server: prevent deadlock when using 'set maxconn server'
- BUILD/MINOR: opentracing: fixed build when using clang
- BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter
- BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response
- Revert "MEDIUM: http-ana: Deal with L7 retries in HTTP analysers"
- BUG/MINOR: http-ana: Send the right error if max retries is reached on L7 retry
- BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts
- MINOR: http-ana: Perform L7 retries because of status codes in response analyser
- MINOR: cfgparse: Fail when encountering extra arguments in macro
- DOC: intro: Fix typo in starter guide
- BUG/MINOR: server: Missing calloc return value check in srv_parse_source
- BUG/MINOR: peers: Missing calloc return value check in peers_register_table
- BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine
- BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture
- BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare
- BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy
- BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response
- BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule
- BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo
- BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list
- BUG/MINOR: http: Missing calloc return value check while parsing redirect rule
- BUG/MINOR: http: Missing calloc return value check in make_arg_list
- BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree
- CLEANUP: http-ana: Remove useless if statement about L7 retries
- BUG/MINOR: vars: Be sure to have a session to get checks variables
- DOC/MINOR: move uuid in the configuration to the right alphabetical order
- BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry
- MINOR: errors: allow empty va_args for diag variadic macro
- DOC: use the req.ssl_sni in examples
- BUILD: make tune.ssl.keylog available again
- BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future
- Revert "BUG/MINOR: opentracing: initialization after establishing daemon mode"
- BUG/MEDIUM: opentracing: initialization before establishing daemon and/or chroot mode
- BUG/MEDIUM: compression: Fix loop skipping unused blocks to get the next block
- BUG/MEDIUM: compression: Properly get the next block to iterate on payload
- BUG/MEDIUM: compression: Add a flag to know the filter is still processing data
- BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush()
- BUG/MINOR: pools: make DEBUG_UAF always write to the to-be-freed location
- MINOR: pools: do not maintain the lock during pool_flush()
- MINOR: pools: call malloc_trim() under thread isolation
- MEDIUM: pools: use a single pool_gc() function for locked and lockless
- BUG/MAJOR: pools: fix possible race with free() in the lockless variant
- CLEANUP: pools: remove now unused seq and pool_free_list
- BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded
- BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default
- CLEANUP: l7-retries: do not test the buffer before calling b_alloc()
- BUG/MINOR: resolvers: answser item list was randomly purged or errors
- MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item
- MEDIUM: resolvers: add a ref between servers and srv request or used SRV record
- BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs
- DOC: lua: Add a warning about buffers modification in HTTP
- BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id
- BUG/MEDIUM: server: extend thread-isolate over much of CLI 'add server'
- BUG/MEDIUM: server: clear dynamic srv on delete from proxy id/name trees
- BUG/MEDIUM: server: do not forget to generate the dynamic servers ids
- BUG/MINOR: server: do not keep an invalid dynamic server in px ids tree
- BUG/MEDIUM: server: do not auto insert a dynamic server in px addr_node
- BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE
- BUG/MINOR: ssl: use atomic ops to update global shctx stats
- BUG/MINOR: mworker: fix typo in chroot error message
- CLEANUP: global: remove unused definition of stopping_task[]
- BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue
- MINOR: backend: only skip LB when there are actual connections
- BUG/MINOR: mux-h1: do not skip the error response on bad requests
- BUG/MINOR: server: explicitly set "none" init-addr for dynamic servers
- MINOR: connection: add helper conn_append_debug_info()
- MINOR: mux-h2/trace: report a few connection-level info during h2_init()
- CLEANUP: mux-h2/traces: better align user messages
- BUG/MINOR: stats: make "show stat typed desc" work again
- MINOR: mux-h2: obey http-ignore-probes during the preface
- BUG/MINOR: mux-h2/traces: bring back the lost "rcvd H2 REQ" trace
- BUG/MINOR: mux-h2/traces: bring back the lost "sent H2 REQ/RES" traces
|
|
Also note self test status and upstream bug report URL.
|
|
Bump PKGREVISION
|
