| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
more easily with the existing substituion in Makefile (which initially
had only been used for the Sunpro compiler).
|
|
|
|
|
|
2.1.2
- Initial implementation of a provider for PowerDNS
2.1.1
- Changes to testing framework
|
|
Changes:
version 2017.04.26
Core
* Introduce --keep-fragments for keeping fragments of fragmented download
on disk after download is finished
* [YoutubeDL] Fix output template for missing timestamp (#12796)
* [socks] Handle cases where credentials are required but missing
* [extractor/common] Improve HLS extraction (#12211)
- Extract m3u8 parsing to separate method
- Improve rendition groups extraction
- Build stream name according stream GROUP-ID
- Ignore reference to AUDIO group without URI when stream has no CODECS
- Use float for scaled tbr in _parse_m3u8_formats
* [utils] Add support for TTML styles in dfxp2srt
* [downloader/hls] No need to download keys for fragments that have been
already downloaded
* [downloader/fragment] Improve fragment downloading
- Resume immediately
- Don't concatenate fragments and decrypt them on every resume
- Optimize disk storage usage, don't store intermediate fragments on disk
- Store bookkeeping download state file
+ [extractor/common] Add support for multiple getters in try_get
+ [extractor/common] Add support for video of WebPage context in _json_ld
(#12778)
+ [extractor/common] Relax JWPlayer regular expression and remove
duplicate URLs (#12768)
Extractors
* [iqiyi] Fix extraction of Yule videos
* [vidio] Improve extraction and sort formats
+ [brightcove] Match only video elements with data-video-id attribute
* [iqiyi] Fix playlist detection (#12504)
- [azubu] Remove extractor (#12813)
* [porn91] Fix extraction (#12814)
* [vidzi] Fix extraction (#12793)
+ [amp] Extract error message (#12795)
+ [xfileshare] Add support for gorillavid.com and daclips.com (#12776)
* [instagram] Fix extraction (#12777)
+ [generic] Support Brightcove videos in <iframe> (#12482)
+ [brightcove] Support URLs with bcpid instead of playerID (#12482)
* [brightcove] Fix _extract_url (#12782)
+ [odnoklassniki] Extract HLS formats
version 2017.04.17
Extractors
* [limelight] Improve extraction LimelightEmbeddedPlayerFlash media embeds and
add support for channel and channelList embeds
* [generic] Extract multiple Limelight embeds (#12761)
+ [itv] Extract series metadata
* [itv] Fix RTMP formats downloading (#12759)
* [itv] Use native HLS downloader by default
+ [go90] Extract subtitles (#12752)
+ [go90] Extract series metadata (#12752)
version 2017.04.16
Core
* [YoutubeDL] Apply expand_path after output template substitution
+ [YoutubeDL] Propagate overridden meta fields to extraction results of type
url (#11163)
Extractors
+ [generic] Extract RSS entries as url_transparent (#11163)
+ [streamango] Add support for streamango.com (#12643)
+ [wsj:article] Add support for articles (#12558)
* [brightcove] Relax video tag embeds extraction and validate ambiguous embeds'
URLs (#9163, #12005, #12178, #12480)
+ [udemy] Add support for react rendition (#12744)
version 2017.04.15
Extractors
* [youku] Fix fileid extraction (#12741, #12743)
version 2017.04.14
Core
+ [downloader/hls] Add basic support for EXT-X-BYTERANGE tag (#10955)
+ [adobepass] Improve Comcast and Verison login code (#10803)
+ [adobepass] Add support for Verizon (#10803)
Extractors
+ [aenetworks] Add support for specials (#12723)
+ [hbo] Extract HLS formats
+ [go90] Add support for go90.com (#10127)
+ [tv2hu] Add support for tv2.hu (#10509)
+ [generic] Exclude URLs with xml ext from valid video URLs (#10768, #11654)
* [youtube] Improve HLS formats extraction
* [afreecatv] Fix extraction for videos with different key layout (#12718)
- [youtube] Remove explicit preference for audio-only and video-only formats in
order not to break sorting when new formats appear
* [canalplus] Bypass geo restriction
version 2017.04.11
Extractors
* [afreecatv] Fix extraction (#12706)
+ [generic] Add support for <object> YouTube embeds (#12637)
* [bbccouk] Treat bitrate as audio+video bitrate in media selector
+ [bbccouk] Skip unrecognized formats in media selector (#12701)
+ [bbccouk] Add support for https protocol in media selector (#12701)
* [curiositystream] Fix extraction (#12638)
* [adn] Update subtitle decryption key
* [chaturbate] Fix extraction (#12665, #12688, #12690)
|
|
This is a regularly scheduled stable release.
Resolved issues since v0.14.26:
#219: Devices can now have a list of allowed subnets (advanced config)
#234: The transfer rate units can now be changed by clicking on the value
#1819: UI text explaining "Introducer" is improved
#2267: Advanced config editor can now edit lists of things
#2519: Directories created for new folders now obey the user umask setting (on Unixes)
#4053: Incoming index updates are consistency checked better
|
|
|
|
|
|
on ruby18.
|
|
|
|
Minor bugfix commits, no changelog released.
|
|
# Addressable 2.5.1
- allow unicode normalization to be disabled for URI Template expansion
- removed duplicate test
|
|
This is maintenance release and please refer release announce in detail:
https://kb.isc.org/article/AA-01489.
|
|
This is maintenance release and please refer release announce in detail:
https://kb.isc.org/article/AA-01490.
|
|
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-12
IMAP dissector crash ([2]Bug 13466) [3]CVE-2017-7703
* [4]wnpa-sec-2017-13
WBMXL dissector infinite loop ([5]Bug 13477) [6]CVE-2017-7702
* [7]wnpa-sec-2017-14
NetScaler file parser infinite loop ([8]Bug 13478) [9]CVE-2017-7700
* [10]wnpa-sec-2017-15
RPCoRDMA dissector infinite loop ([11]Bug 13558) [12]CVE-2017-7705
* [13]wnpa-sec-2017-16
BGP dissector infinite loop ([14]Bug 13557) [15]CVE-2017-7701
* [16]wnpa-sec-2017-17
DOF dissector infinite loop ([17]Bug 13453) [18]CVE-2017-7704
* [19]wnpa-sec-2017-18
PacketBB dissector crash ([20]Bug 13559)
* [21]wnpa-sec-2017-19
SLSK dissector long loop ([22]Bug 13576)
* [23]wnpa-sec-2017-20
SIGCOMP dissector infinite loop ([24]Bug 13578)
* [25]wnpa-sec-2017-21
WSP dissector infinite loop ([26]Bug 13581)
The following bugs have been fixed:
* T30 FCF byte decoding masks DTC, CIG and NCS. ([27]Bug 1918)
* Wireshark gives decoding error during rnsap message dissection(SCCP
reassembly). ([28]Bug 3360)
* Added IEEE 802.15.4-2003 AES-CCM security modes
(packet-ieee802154). ([29]Bug 4912)
* Payload in 2 SCCP DT1 messages in the same frame isn't
(sub)dissected. ([30]Bug 11130)
* IEEE 802.15.4: an area of Payload IEs is dissected twice. ([31]Bug
13068)
* Qt UI: Wireshark crash when deleting IO graph string while it's in
editing mode. ([32]Bug 13234)
* Crash on exit due to an invalid frame data sequence state. ([33]Bug
13433)
* Access Violation using Lua dissector. ([34]Bug 13457)
* Some bytes ignored in every packet in NetScaler packet trace when
vmnames are included in packet headers. ([35]Bug 13459)
* VOIP RTP stream Find Reverse button doesn't work. ([36]Bug 13462)
* Lua dissector: ProtoField int&42; do not allow FT_HEX or FT_OCT,
crash when set to FT_HEX_DEC or FT_DEC_HEX. ([37]Bug 13484)
* GIOP LocateRequest v1.0 is improperly indicated as "malformed".
([38]Bug 13488)
* Bug in ZigBee - Zone Status Change Notification. ([39]Bug 13493)
* Packet exception in packet-ua3g and incomplete strings in
packet-noe. ([40]Bug 13502)
* Wrong BGP capability dissect. ([41]Bug 13521)
* Endpoint statistics column labels seem incorrect. ([42]Bug 13526)
* Strange automatic jump in packet details for a certain DNS response
packet. ([43]Bug 13533)
* When a Lua enum or bool preference is changed via context menu,
prefs_changed isn't called with Qt Wireshark. ([44]Bug 13536)
* IO Graph selects wrong packet or displays "Packet number x isn't
displayed". ([45]Bug 13537)
* tshark's -z endpoints,ip ignores optional filter. ([46]Bug 13538)
* SSL: Handshake type in Info column not always separated by comma.
([47]Bug 13539)
* libfuzzer: PEEKREMOTE dissector bug. ([48]Bug 13544)
* libfuzzer: packetBB dissector bug (packetbb.msg.addr.valuecustom).
([49]Bug 13545)
* libfuzzer: WSP dissector bug (wsp.header.x_wap_tod). ([50]Bug
13546)
* libfuzzer: MIH dissector bug. ([51]Bug 13547)
* libfuzzer: DNS dissector bug. ([52]Bug 13548)
* libfuzzer: WLCCP dissector bug. ([53]Bug 13549)
* libfuzzer: TAPA dissector bug. ([54]Bug 13553)
* libfuzzer: lapsat dissector bug. ([55]Bug 13554)
* libfuzzer: wassp dissector bug. ([56]Bug 13555)
* Illegal reassembly of GSM SMS packets. ([57]Bug 13572)
* SSH Dissector uses incorrect length for protocol field
(ssh.protocol). ([58]Bug 13574)
* NBAP malformed packet for short Binding ID. ([59]Bug 13577)
* libfuzzer: WSP dissector bug (wsp.header.x_up_1.x_up_proxy_tod).
([60]Bug 13579)
* libfuzzer: asterix dissector bug (asterix.021_230_RA). ([61]Bug
13580)
* RTPproxy dissector adds multi lines to info column. ([62]Bug 13582)
Updated Protocol Support
ASTERIX, BGP, BSSGP, BT AVRCP, BT HCI_CMD, BT HFP, BT PBAP, DNS, DOF,
EAPOL-MKA, GIOP, GSM SMS, HTTP, ICMP, IEEE 802.11, IEEE 802.15.4, IMAP,
ISIS LSP, iSNS, LAPSat, MIH, MySQL, NBAP, NBIFOM, PacketBB, PEEKREMOTE,
RPCoRDMA, RTPproxy, SCCP, SIGCOMP, SLSK, SSH, SSL, T.30, TAPA, UA3G,
WASSP, WBXML, WLCCP, WSP, and ZigBee ZCL IAS
|
|
This is a regularly scheduled stable release.
Resolved issues since v0.14.25:
#4035: Symlinks are now properly ignored on Windows.
#2344: Discovery errors are more clearly displayed in the GUI.
#3913: The language dropdown menu in the GUI is now correctly sorted.
Also:
When there are items that could not be synced, their full path is displayed in the GUI.
|
|
|
|
libnice 0.1.14 (2017-04-03)
===========================
Improved RFC compliance
Split verbose logs into a separate option
Numerous bug fixes
Use GnuTLS for hash functions
Implement NewReno in PseudoTCP
Requires GLib 2.44 GnuTLS 2.12
|
|
version.c on case-insensitive file systems.
Fixes build on Darwin in its out-of-the-box case-insensitive configuration.
|
|
|
|
- Minor bugfixes.
|
|
|
|
Changes:
15 March 2017: mitmproxy 2.0.1
* bump cryptography dependency
* bump pyparsing dependency
* HTTP/2: use header normalization from hyper-h2
21 February 2017: mitmproxy 2.0
* HTTP/2 is now enabled by default.
* Image ContentView: Parse images with Kaitai Struct (kaitai.io) instead of Pillow.
This simplifies installation, reduces binary size, and allows parsing in pure Python.
* Web: Add missing flow filters.
* Add transparent proxy support for OpenBSD.
* Check the mitmproxy CA for expiration and warn the user to regenerate it if necessary.
* Testing: Tremendous improvements, enforced 100% coverage for large parts of the
codebase, increased overall coverage.
* Enforce individual coverage: one source file -> one test file with 100% coverage.
* A myriad of other small improvements throughout the project.
* Numerous bugfixes.
26 December 2016: mitmproxy 1.0
* All mitmproxy tools are now Python 3 only! We plan to support Python 3.5 and higher.
* Web-Based User Interface: Mitmproxy now offically has a web-based user interface
called mitmweb. We consider it stable for all features currently exposed
in the UI, but it still misses a lot of mitmproxy’s options.
* Windows Compatibility: With mitmweb, mitmproxy is now useable on Windows.
We are also introducing an installer (kindly sponsored by BitRock) that
simplifies setup.
* Configuration: The config file format is now a single YAML file. In most cases,
converting to the new format should be trivial - please see the docs for
more information.
* Console: Significant UI improvements - including sorting of flows by
size, type and url, status bar improvements, much faster indentation for
HTTP views, and more.
* HTTP/2: Significant improvements, but is temporarily disabled by default
due to wide-spread protocol implementation errors on some large website
* WebSocket: The protocol implementation is now mature, and is enabled by
default. Complete UI support is coming in the next release. Hooks for
message interception and manipulation are available.
* A myriad of other small improvements throughout the project.
16 October 2016: mitmproxy 0.18
* Python 3 Compatibility for mitmproxy and pathod (Shadab Zafar, GSoC 2016)
* Major improvements to mitmweb (Clemens Brunner & Jason Hao, GSoC 2016)
* Internal Core Refactor: Separation of most features into isolated Addons
* Initial Support for WebSockets
* Improved HTTP/2 Support
* Reverse Proxy Mode now automatically adjusts host headers and TLS Server Name Indication
* Improved HAR export
* Improved export functionality for curl, python code, raw http etc.
* Flow URLs are now truncated in the console for better visibility
* New filters for TCP, HTTP and marked flows.
* Mitmproxy now handles comma-separated Cookie headers
* Merge mitmproxy and pathod documentation
* Mitmdump now sanitizes its console output to not include control characters
* Improved message body handling for HTTP messages:
.raw_content provides the message body as seen on the wire
.content provides the decompressed body (e.g. un-gzipped)
.text provides the body decompressed and decoded body
* New HTTP Message getters/setters for cookies and form contents.
* Add ability to view only marked flows in mitmproxy
* Improved Script Reloader (Always use polling, watch for whole directory)
* Use tox for testing
* Unicode support for tnetstrings
* Add dumpfile converters for mitmproxy versions 0.11 and 0.12
* Numerous bugfixes
|
|
Changes:
3.0.0 (2017-03-29)
------------------
**API Changes (Backward Incompatible)**
- Removed nghttp2 support. This support had rotted and was essentially
non-functional, so it has now been removed until someone has time to re-add
the support in a functional form.
- Attempts by the encoder to exceed the maximum allowed header table size via
dynamic table size updates (or the absence thereof) are now forbidden.
**API Changes (Backward Compatible)**
- Added a new ``InvalidTableSizeError`` thrown when the encoder does not
respect the maximum table size set by the user.
- Added a ``Decoder.max_allowed_table_size`` field that sets the maximum
allowed size of the decoder header table. See the documentation for an
indication of how this should be used.
**Bugfixes**
- Up to 25% performance improvement decoding HPACK-packed integers, depending
on the platform.
- HPACK now tolerates receiving multiple header table size changes in sequence,
rather than only one.
- HPACK now forbids header table size changes anywhere but first in a header
block, as required by RFC 7541 § 4.2.
- Other miscellaneous performance improvements.
2.3.0 (2016-08-04)
------------------
**Security Fixes**
- CVE-2016-6581: HPACK Bomb. This release now enforces a maximum value of the
decompressed size of the header list. This is to avoid the so-called "HPACK
Bomb" vulnerability, which is caused when a malicious peer sends a compressed
HPACK body that decompresses to a gigantic header list size.
This also adds a ``OversizedHeaderListError``, which is thrown by the
``decode`` method if the maximum header list size is being violated. This
places the HPACK decoder into a broken state: it must not be used after this
exception is thrown.
This also adds a ``max_header_list_size`` to the ``Decoder`` object. This
controls the maximum allowable decompressed size of the header list. By
default this is set to 64kB.
2.2.0 (2016-04-20)
------------------
**API Changes (Backward Compatible)**
- Added ``HeaderTuple`` and ``NeverIndexedHeaderTuple`` classes that signal
whether a given header field may ever be indexed in HTTP/2 header
compression.
- Changed ``Decoder.decode()`` to return the newly added ``HeaderTuple`` class
and subclass. These objects behave like two-tuples, so this change does not
break working code.
**Bugfixes**
- Improve Huffman decoding speed by 4x using an approach borrowed from nghttp2.
- Improve HPACK decoding speed by 10% by caching header table sizes.
2.1.1 (2016-03-16)
------------------
**Bugfixes**
- When passing a dictionary or dictionary subclass to ``Encoder.encode``, HPACK
now ensures that HTTP/2 special headers (headers whose names begin with
``:`` characters) appear first in the header block.
|
|
* restored --logfile support as a few people complained it vanished
The new logging code even makes the overall binary size smaller
on most platforms.
* BPF filter now trims garbage trailing the payload
OK, it's not garbage, but userland doesn't know some drivers append
FCS to it.
* install udev.so on supported platforms to fix segfaults.
* support NetBSD's RO_MSGFILTER socket option to reduce avoid context
switching for route(4) messages that don't interest us.
* support OpenBSD's ROUTE_MSGFILTER which does the same.
* Don't open sockets if just sending signals.
* HMAC-MD5 test's now check expectations in code rather than relying
on visual confirmation.
* added eloop-bench to test performance of eloop with available
polling mechanisms.
|
|
conflicts automajically, says wiz@
|
|
|
|
CUPS versions, and switch dependency away from cups15.
Update conflicts list.
|
|
Quote from release announce:
BIND 9.9.9-P8 addresses the security issues described in CVE-2017-3136,
CVE-2017-3137, and CVE-2017-3138, and updates the built-in trusted keys
for the root zone.
Quote from CHANGELOG:
--- 9.9.9-P8 released ---
4582. [security] 'rndc ""' could trigger a assertion failure in named.
(CVE-2017-3138) [RT #44924]
4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]
--- 9.9.9-P7 released ---
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
(CVE-2017-3137) [RT #44734]
4575. [security] DNS64 with "break-dnssec yes;" can result in an
assertion failure. (CVE-2017-3136) [RT #44653]
4564. [maint] Update the built in managed keys to include the
upcoming root KSK. [RT #44579]
|
|
Quote from release announce:
BIND 9.10.4-P8 addresses the security issues described in
CVE-2017-3136, CVE-2017-3137, and CVE-2017-3138, and updates the
built-in trusted keys for the root zone.
From CHANGELOG:
--- 9.10.4-P8 released ---
4582. [security] 'rndc ""' could trigger a assertion failure in named.
(CVE-2017-3138) [RT #44924]
4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]
--- 9.10.4-P7 released ---
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
(CVE-2017-3137) [RT #44734]
4575. [security] DNS64 with "break-dnssec yes;" can result in an
assertion failure. (CVE-2017-3136) [RT #44653]
4564. [maint] Update the built in managed keys to include the
upcoming root KSK. [RT #44579]
|
|
Problem found in a bulk build. Not bumping PKGREVISION since it
shouldn't change the binary package when it built.
|
|
* Requirements: Now depends on Kombu 4.0.2.
* Tasks: Fixed problem with JSON serialization of group
* Worker: Fixed JSON serialization issue when using inspect active and friends
* App: Fixed saferef errors when using signals
* Prefork: Fixed bug with pack requiring bytes argument on Python 2.7.5 and earlier
* Tasks: Saferepr did not handle unicode in bytestrings on Python 2
* Testing: Added new celery_worker_paremeters fixture.
* Tasks: Added new app argument to GroupResult.restore
This makes the restore method behave the same way as the GroupResult constructor.
* Tasks: Fixed type checking crash when task takes *args on Python 3
* Documentation and examples improvements
|
|
- Now depends on :mod:`amqp` 2.1.4
This new version takes advantage of TCP Keepalive settings on Linux,
making it better at detecting closed connections, also in failover
conditions.
- Redis: Priority was reversed so, e.g. priority 0 became priority 9.
|
|
|
|
Removes byte string comparison warnings when running under python -b.
Fix contributed by Jon Dufresne.
Linux version parsing broke when the version included a ‘+’ character (Issue 119).
Now sets default TCP settings for platforms that support them (e.g. Linux).
|
|
Changes:
version 2017.04.09
Extractors
+ [medici] Add support for medici.tv (#3406)
+ [rbmaradio] Add support for redbullradio.com URLs (#12687)
+ [npo:live] Add support for default URL (#12555)
* [mixcloud:playlist] Fix title, description and view count extraction (#12582)
+ [thesun] Add suport for thesun.co.uk (#11298, #12674)
+ [ceskateleveize:porady] Add support for porady (#7411, #12645)
* [ceskateleveize] Improve extraction and remove URL replacement hacks
+ [kaltura] Add support for iframe embeds (#12679)
* [airmozilla] Fix extraction (#12670)
* [wshh] Extract html5 entries and delegate to generic extractor (12676)
+ [raiplay] Extract subtitles
+ [xfileshare] Add support for vidlo.us (#12660)
+ [xfileshare] Add support for vidbom.com (#12661)
+ [aenetworks] Add more video URL regular expressions (#12657)
+ [odnoklassniki] Fix format sorting for 1080p quality
+ [rtl2] Add support for you.rtl2.de (#10257)
+ [vshare] Add support for vshare.io (#12278)
version 2017.04.03
Core
+ [extractor/common] Add censorship check for TransTelekom ISP
* [extractor/common] Move censorship checks to a separate method
Extractors
+ [discoveryvr] Add support for discoveryvr.com (#12578)
+ [tv5mondeplus] Add support for tv5mondeplus.com (#11386)
+ [periscope] Add support for pscp.tv URLs (#12618, #12625)
version 2017.04.02
Core
* [YoutubeDL] Return early when extraction of url_transparent fails
Extractors
* [rai] Fix and improve extraction (#11790)
+ [vrv] Add support for series pages
* [limelight] Improve extraction for audio only formats
* [funimation] Fix extraction (#10696, #11773)
+ [xfileshare] Add support for vidabc.com (#12589)
+ [xfileshare] Improve extraction and extract hls formats
+ [crunchyroll] Pass geo verifcation proxy
+ [cwtv] Extract ISM formats
+ [tvplay] Bypass geo restriction
+ [vrv] Add support for vrv.co
+ [packtpub] Add support for packtpub.com (#12610)
+ [generic] Pass base_url to _parse_jwplayer_data
+ [adn] Add support for animedigitalnetwork.fr (#4866)
+ [allocine] Extract more metadata
* [allocine] Fix extraction (#12592)
* [openload] Fix extraction
version 2017.03.26
Core
* Don't raise an error if JWPlayer config data is not a Javascript object
literal. _find_jwplayer_data now returns a dict rather than an str. (#12307)
* Expand environment variables for options representing paths (#12556)
+ [utils] Introduce expand_path
* [downloader/hls] Delegate downloading to ffmpeg immediately for live streams
Extractors
* [afreecatv] Fix extraction (#12179)
+ [atvat] Add support for atv.at (#5325)
+ [fox] Add metadata extraction (#12391)
+ [atresplayer] Extract DASH formats
+ [atresplayer] Extract HD manifest (#12548)
* [atresplayer] Fix login error detection (#12548)
* [franceculture] Fix extraction (#12547)
* [youtube] Improve URL regular expression (#12538)
* [generic] Do not follow redirects to the same URL
version 2017.03.24
Extractors
- [9c9media] Remove mp4 URL extraction request
+ [bellmedia] Add support for etalk.ca and space.ca (#12447)
* [channel9] Fix extraction (#11323)
* [cloudy] Fix extraction (#12525)
+ [hbo] Add support for free episode URLs and new formats extraction (#12519)
* [condenast] Fix extraction and style (#12526)
* [viu] Relax URL regular expression (#12529)
version 2017.03.22
Extractors
- [pluralsight] Omit module title from video title (#12506)
* [pornhub] Decode obfuscated video URL (#12470, #12515)
* [senateisvp] Allow https URL scheme for embeds (#12512)
|
|
* Use internal heimdal
Changelog:
Changes since 4.6.1:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 12721: Fix regression with "follow symlinks = no".
Changes since 4.6.0:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
directory.
o Ralph Boehme <slow@samba.org>
* BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
directory.
CHANGES SINCE 4.6.0rc4
======================
o Jeremy Allison <jra@samba.org>
* BUG 12592: Fix several issues found by covscan.
* BUG 12608: s3: smbd: Restart reading the incoming SMB2 fd when the send
queue is drained.
o Ralph Boehme <slow@samba.org>
* BUG 12427: vfs_fruit doesn't work with fruit:metadata=stream.
* BUG 12526: vfs_fruit: Only veto AppleDouble files if "fruit:resource" is
set to "file".
* BUG 12604: vfs_fruit: Enabling AAPL extensions must be a global switch.
o Volker Lendecke <vl@samba.org>
* BUG 12612: Re-enable token groups fallback.
o Stefan Metzmacher <metze@samba.org>
* BUG 9048: Samba4 ldap error codes.
* BUG 12557: gensec:spnego: Add debug message for the failed principal.
* BUG 12605: s3:winbindd: Fix endless forest trust scan.
* BUG 12612: winbindd: Find the domain based on the sid within
wb_lookupusergroups_send().
o Andreas Schneider <asn@samba.org>
* BUG 12557: s3:librpc: Handle gss_min in gse_get_client_auth_token()
correctly.
* BUG 12582: idmap_hash: Add a deprecation message, improve the idmap_hash
manpage.
* BUG 12592: Fix several issues found by covscan.
o Martin Schwenke <martin@meltin.net>
* BUG 12592: ctdb-logging: CID 1396883 Dereference null return value
(NULL_RETURNS).
CHANGES SINCE 4.6.0rc3
======================
o Jeremy Allison <jra@samba.org>
* BUG 12545: s3: rpc_server/mdssvc: Add attribute "kMDItemContentType".
* BUG 12572: s3: smbd: Don't loop infinitely on bad-symlink resolution.
o Ralph Boehme <slow@samba.org>
* BUG 12490: vfs_fruit: Correct Netatalk metadata xattr on FreeBSD.
* BUG 12536: s3/smbd: Check for invalid access_mask
smbd_calculate_access_mask().
* BUG 12591: vfs_streams_xattr: use fsp, not base_fsp.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12580: ctdb-common: Fix use-after-free error in comm_fd_handler().
* BUG 12595: build: Fix generation of CTDB manpages while creating tarball.
o Bryan Mason <bmason@redhat.com>
* BUG 12575: Modify smbspool_krb5_wrapper to just fall through to smbspool if
AUTH_INFO_REQUIRED is not set or is not "negotiate".
o Stefan Metzmacher <metze@samba.org>
* BUG 11830: s3:winbindd: Try a NETLOGON connection with noauth over NCACN_NP
against trusted domains.
* BUG 12262: 'net ads testjoin' and smb access fails after winbindd changed the
trust password.
* BUG 12585: librpc/rpc: fix regression in
NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping.
* BUG 12586: netlogon_creds_cli_LogonSamLogon doesn't work without
netr_LogonSamLogonEx.
* BUG 12587: winbindd child segfaults on connect to an NT4 domain.
* BUG 12588: s3:winbindd: Make sure cm_prepare_connection() only returns OK
with a valid tree connect.
* BUG 12598: winbindd (as member) requires kerberos against trusted ad domain,
while it shouldn't.
* BUG 12601: Backport pytalloc_GenericObject_reference() related changes to
4.6.
o Garming Sam <garming@catalyst.net.nz>
* BUG 12600: dbchecker: Stop ignoring linked cases where both objects are
alive.
o Andreas Schneider <asn@samba.org>
* BUG 12571: s3-vfs: Only walk the directory once in open_and_sort_dir().
o Martin Schwenke <martin@meltin.net>
* BUG 12589: CTDB statd-callout does not cause grace period when
CTDB_NFS_CALLOUT="".
* BUG 12595: ctdb-build: Fix RPM build.
CHANGES SINCE 4.6.0rc2
======================
o Jeremy Allison <jra@samba.org>
* BUG 12499: s3: vfs: dirsort doesn't handle opendir of "." correctly.
* BUG 12546: s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store
the same path as streams_xattr_recheck().
* BUG 12531: Make vfs_shadow_copy2 cope with server changing directories.
o Andrew Bartlett <abartlet@samba.org>
* BUG 12543: samba-tool: Correct handling of default value for use_ntvfs and
use_xattrs.
* BUG 12573: Samba < 4.7 does not know about compatibleFeatures and
requiredFeatures.
* BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a
rename.
o Ralph Boehme <slow@samba.org>
* BUG 12184: s3/rpc_server: Shared rpc modules loading.
* BUG 12520: Ensure global "smb encrypt = off" is effective.
* BUG 12524: s3/rpc_server: Move rpc_modules.c to its own subsystem.
* BUG 12541: vfs_fruit: checks wrong AAPL config state and so always uses
readdirattr.
o Volker Lendecke <vl@samba.org>
* BUG 12551: smbd: Fix "map acl inherit" = yes.
o Stefan Metzmacher <metze@samba.org>
* BUG 12398: Replication with DRSUAPI_DRS_CRITICAL_ONLY and
DRSUAPI_DRS_GET_ANC results in WERR_DS_DRA_MISSING_PARENT S
* BUG 12540: s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB
2.???" negprot.
o John Mulligan <jmulligan@nasuni.com>
* BUG 12542: docs: Improve description of "unix_primary_group" parameter in
idmap_ad manpage.
o Andreas Schneider <asn@samba.org>
* BUG 12552: waf: Do not install the unit test binary for krb5samba.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12547: ctdb-build: Install CTDB tests correctly from toplevel.
* BUG 12549: ctdb-common: ioctl(.. FIONREAD ..) returns an int value.
o Garming Sam <garming@catalyst.net.nz>
* BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a
rename.
o Uri Simchoni <uri@samba.org>
* BUG 12529: waf: Backport finding of pkg-config.
CHANGES SINCE 4.6.0rc1
======================
o Amitay Isaacs <amitay@gmail.com>
* BUG 12469: CTDB lock helper getting stuck trying to lock a record.
* BUG 12500: ctdb-common: Fix a bug in packet reading code for generic socket
I/O.
* BUG 12510: sock_daemon_test 4 crashes with SEGV.
* BUG 12513: ctdb-daemon: Remove stale eventd socket.
o Björn Jacke <bj@sernet.de>
* BUG 12535: vfs_default: Unlock the right file in copy chunk.
o Volker Lendecke <vl@samba.org>
* BUG 12509: messaging: Fix dead but not cleaned-up-yet destination sockets.
* BUG 12538: Backport winbind fixes.
o Stefan Metzmacher <metze@samba.org>
* BUG 12501: s3:winbindd: talloc_steal the extra_data in
winbindd_list_users_recv().
o Martin Schwenke <martin@meltin.net>
* BUG 12511: ctdb-takeover: Handle case where there are no RELEASE_IPs to
send.
* BUG 12512: ctdb-scripts: Fix remaining uses of "ctdb gratiousarp".
* BUG 12516: ctdb-scripts: /etc/iproute2/rt_tables gets populated with multiple
'default' entries.
|
|
Upstream changes:
mikutter 3.5.7
* support Ayanoniwa's icecream image (thanks @ahiru3net)
* associations against (undefined) was not invoked (thanks @moguno)
* custom Model :modified key which included MessageMixin was ignored
(thanks @moguno)
|
|
Bug fixes.
|
|
- Removed unnecessary import of pprint
|
|
1.3.5d - Released 15-Jan-2017
--------------------------------
- Bug 4283 - All FTP logins treated as anonymous logins again. This is a
regression of Bug#3307.
1.3.5c - Released 14-Jan-2017
--------------------------------
- Bug 4254 - SSH rekey during authentication can cause issues with clients.
- Bug 4257 - Recursive SCP uploads of multiple directories not handled properly.
- Bug 4259 - LIST returns different results for file, depending on path syntax.
- Bug 4255 - "AuthAliasOnly on" in server config breaks anonymous logins.
- Bug 4272 - CapabilitiesEngine directive not honored for <IfUser>/<IfGroup>
sections.
- Bug 4275 - Support OpenSSL 1.1.x API.
- Bug 4278 - Memory leak when mod_facl is used.
|
|
**** 1.09 March 24, 2017
Fix rt.cpan.org #120542
Fails tests when no "." in @INC
Feature rt.cpan.org #75357
Add mechanism to encode/decode EDNS option octet strings
|
|
is built into PHP. Bump resp. PKGREVISION.
|
|
Ride update.
|
|
1.0.1 Sunday March 26th 2017
- More tests
- Fix minimum Mojolicious version
|
|
ChangeLog:
2017/04/03 : 1.7.5
- BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
- BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
- BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
- BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
- DOC: fix parenthesis and add missing "Example" tags
- DOC: update the contributing file
- DOC: log-format/tcplog/httplog update
- MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
2017/03/27 : 1.7.4
- MINOR: config: warn when some HTTP rules are used in a TCP proxy
- BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
- BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
- BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
- BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
- BUG/MINOR: Fix "get map <map> <value>" CLI command
- BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
- BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
- BUG/MINOR: checks: attempt clean shutw for SSL check
- CONTRIB: tcploop: add limits.h to fix build issue with some compilers
- CONTRIB: tcploop: make it build on FreeBSD
- CONTRIB: tcploop: fix time format to silence build warnings
- CONTRIB: tcploop: report action 'K' (kill) in usage message
- CONTRIB: tcploop: fix connect's address length
- CONTRIB: tcploop: use the trash instead of NULL for recv()
- BUG/MEDIUM: listener: do not try to rebind another process' socket
- BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
- BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
- BUG/MEDIUM: connection: ensure to always report the end of handshakes
- BUG: payload: fix payload not retrieving arbitrary lengths
- BUG/MAJOR: http: fix typo in http_apply_redirect_rule
- MINOR: doc: 2.4. Examples should be 2.5. Examples
- BUG/MEDIUM: stream: fix client-fin/server-fin handling
- MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
- BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
- DOC/MINOR: Fix typos in proxy protocol doc
- DOC: Protocol doc: add checksum, TLV type ranges
- DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
- DOC: Protocol doc: add noop TLV
- MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
- BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
- MINOR: server: irrelevant error message with 'default-server' config file keyword.
- MINOR: doc: fix use-server example (imap vs mail)
- BUG/MEDIUM: tcp: don't require privileges to bind to device
- BUILD: make the release script use shortlog for the final changelog
- BUILD: scripts: fix typo in announce-release error message
|
|
Changes since 2.0.0:
- Added support for provider Glesys.
- Added provider for Memset DNS API.
- Update Namesilo provider with correct query param fixes.
- Use transip-api library from pypi.
|
|
Upstream changes:
mikutter 3.5.6
* crash when icons for extract tabs could not be accessed (thanks ahiru3net)
* remove unused code (thanks ahiru3net)
* support files with .jpeg extentions in image viewer (thanks moguno)
* change timing of argument evaluation on startup (thanks ahiru3net)
* fix warnings (thanks ahiru3net)
|
|
|
|
Summary of changes since dhcpcd-6.11.5:
* source file locations reworked:
dhcpcd source is in src
dhcpcd hooks are in hooks
compat is in compat
* README split into README.md and BUILDING.md
* internal routing is now protocol agnostic
* avoid using __packed and use compile time asserts instead
* addresses some alignment issues
* disable some ARP code on kernels which support RFC5227
* BSD IPv6 kernel settings are now updated to reflect dhcpcd config
* custom logger has been removed, syslog handles everything
as such, the --logfile option has been removed as well.
If you need better/earlier logging, get a better syslogger!
* distinfo and signed distinfo files are now available alongside
release taraballs from this point onwards
* default DBDIR has changed from /var/db to /var/db/dhcpcd
* /etc/dhcpcd.duid moves to DBDIR/duid
* /etc/dhcpcd.secret moves to DBDIR/secret
* lease file names have dhcpcd removed from them as they are now
inside a directory of the same name
* fixed issues with reject routes not working on some platforms
* improved nl80211 support on Linux for working out the SSID
* no longer request NTP by default in dhcpcd.conf
* fix detecting IPv6 DAD on OpenBSD
* remove custom Solaris DLPI filtering in favour of BPF
(note there seems to be a kernel issue where the DHCP
fd receives ARP's as well, the only side effect is
a noisy syslog)
* BPF filtering vastly improved so dhcpcd only wake up on
ARP or DHCP packets destined for it
* support for MUD URL (draft-ietf-opsawg-mud-05)
* if the kernel isn't doing DAD, don't insist on waiting for it
to actually do it
* fix a potential crash where the DHCP or ARP states could be
freed before the packet processing loop naturally breaks
* removed gateway and nogateway options
(these can be controlled by the nooption directive which
works for more than just gateways)
* removed ipv6ra_own and ipv6ra_own_default options
(these can be controled by the ipv6rs/noipv6rs directive)
* fix a memory leak on systems where posix_spawnattr_init
allocates memory by calling posix_spawnattr_destroy afterwards
* fix a crash receiving SIGUSR1
|
