Closed
Conversation
strlcpy already defined in Darwin (Apple) and *BSDs. Added LICENSE information.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 24, 2017
license. Submitted by Thomas Merkel in #11. Bump PKGREVISION for the LICENSE change.
Collaborator
|
Committed, thanks! |
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jan 3, 2018
PowerDNS Authoritative Server 4.1.0 =========================================================== - Improved performance: 400% speedup in some scenarios - Crypto API: DNSSEC fully configurable via RESTful API - Improved documentation - Database related improvements - Enhanced tooling - Support for TCP Fast Open - Support for non-local bind - Support for Botan 2.x (and removal of support for Botan 1.10) - Our packages now ship with PKCS #11 support. - Recursor passthrough removal Full changelog: https://doc.powerdns.com/authoritative/changelog/4.1.html PowerDNS Authoritative Server 4.0.5 =========================================================== Fixes - Fix for missing check on API operations (CVE-2017-15091) - Bindbackend: do not corrupt data supplied by other backends in getAllDomains - API: prevent sending nameservers list and zone-level NS in rrsets - gpgsql: make statement names actually unique - Fix remotebackend params - Fix godbc query logging - For create-slave-zone, actually add all slaves, and not only first n times - Fix a regression in axfr-rectify + test - When making a netmask from a comboaddress, we neglected to zero the port - Fix libatomic detection on ppc64 - Catch DNSName exception in the Zoneparser - Publish inactive KSK/CSK as CDNSKEY/CDS - Handle AFSDB record separately due to record structure. - Treat requestor's payload size lower than 512 as equal to 512 - Correctly purge entries from the caches after a transfer - Handle a signing pipe worker dying with work still pending - Ignore SOA-EDIT for PRESIGNED zones. - Check return value for all getTSIGKey calls. Improvements - Fix ldap-strict autoptr feature, including a test - mydnsbackend: Add getAllDomains - Stubresolver: Use only recursor setting if given - LuaWrapper: Allow embedded NULs in strings received from Lua - sdig: Clarify that the ednssubnet option takes "subnet/mask" - Tests: Ensure all required tools are available - PowerDNS sdig does not truncate trailing bits of EDNS Client Subnet mask - LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace - Add support for Botan 2.x - Ship ldapbackend schema files in tarball - Collection of schema changes - Fix typo in two log messages - Add help text on autodetecting systemd support - Use a unique pointer for bind backend's d_of - Fix some of the issues found by @jpmens
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Feb 18, 2018
Changes since 2.05.1:
Artistic Style 3.1 (January 2018)
* Add new options "project", "project=####", and "project=none" (#11).
* Add new options, "break-return-type" and "break-return-type-decl"
(358, 286, 205, 16).
* Add new options, "attach-return-type" and "attach-return-type-decl"
(358, 286, 205, 16).
* Add new option "style=ratliff", as an alternate name for banner style.
* Add new environment variable ARTISTIC_STYLE_PROJECT_OPTIONS (#11).
* Add multiple extensions to the command line file paths option.
* Improve recognition of unary + and - when using pad-oper.
* Change the Windows default options file location from USERPROFILE to
APPDATA.
* Change options file input to accept UTF-16, or UTF-8 with a BOM (or
signature).
* Change "unsigned short" data type to c++11 "char16_t".
* Change translations for new project options file.
* Fix utf8LengthFromUtf16() calculation being less than the actual
length.
* Fix multiply followed by a dereference for "align-pointer=type".
* Fix recognition of a uniform class initializer in a base class
initialization (#441).
* Fix indentation of "volatile" keyword not used in a method definition
(#450).
* Fix indentation of "final" keyword not used in a method definition
(#450).
* Fix indentation of compound literals in an argument list (#456).
* Fix indentation of trailing return type method following a constructor
(#463).
* Fix space padding of closing brace before a dot (#468).
* Fix Objective-C to allow for "Extern C" statements in the source files
(#443, 444, 446).
* Fix Objective-C to allow for method definitions without a specified
return type (#447).
* Fix Objective-C to allow for method definitions with multiple param
types.
* Fix Objective-C to replace tabbed padding with a space.
* Fix Objective-C formatting of line-end comments with
"unpad-return-type".
* Fix Objective-C "align-method-colon" to ignore ternary (?) operators.
* Fix C# base class constructor indentation (#459).
* Fix C# indentation of method declaration containing a colon (#465)
* Fix C/C++ to allow "interface" as a non-keyword (#445).
* Fix Java to allow "default" as a non-switch keyword.
* Fix line ends initialization if no line end has been read.
* Fix Java build from including ASLocalizer in the shared library.
* Fix to check for AStyleWx line tags after C style comments.
* Fix boundary conditions and other errors discovered by fuzzing.
* Refactoring:
* Extract method isNumericVariable() in ASFormatter class.
* Extract method isTopLevel() in ASBeautifier class.
* Extract method fileExists() in Console class.
* Rename ASEncoding variable from "utf8_16" to "encode".
* Rename ASBeautifier vector from squareBracketDepthStack to
parenDepthStack.
* Combine style options in ASOptions class to avoid compiler
limits.
Artistic Style 3.0.1 (May 2017)
* Fix crash caused by certain class initializer formats (#435).
* Fix "final" identifier not being recognized as a pre-command header
(#433).
* Fix recognition of certain rvalue reference variables.
Artistic Style 3.0 (April 2017)
* Add new option "indent-after-parens" (#396, 152, 108, 79).
* Add new option "attach-closing-while" (#177).
* Add "style=run-in" as an alternative for "style=horstmann".
* Add "break-closing-braces" to "style=stroustrup" (#267).
* Add formatting for C++11 trailing return type methods.
* Add new class ASPeekStream using RAII to allow early method returns.
* Change affected variable names to new AStyle terminology.
* Change some vector push_back() statements to emplace_back().
* Fix memory leak when using "indent-preproc-define".
* Fix sometimes splitting an r-value reference when "pad-oper" is used.
* Fix in-statement-indent brace check not always checking a brace
(#421).
* Fix formatting of C# get/set and add/remove when braces are attached
(#430).
* Fix formatting of C# generic constraints (#430).
* Fix padding of C# null conditional operator.
* Fix attach-inlines to not attach a brace followed by a run-in comment.
* Fix not always breaking lines after "add-braces" (#341).
* Fix unpadding the "in" in a foreach statement (#386).
* Fix boundary conditions discovered by american fuzzy lop fuzzer
(#370).
* Refactoring:
* Replace NULL with C++11 nullptr.
* Rename Utf8_16 class to ASEncoding.
* Move ASConsole constructor and destructor from inline to
non-inline.
* Move console error stream (cerr) from global to ASConsole class.
* Move ASConsole pointer in ASOptions from global to a class
member.
* Move findHeader and findOperator methods from ASBeautifier to
ASBase.
* Minor changes from PVS-Studio analyzer.
* Minor changes from clang-tidy.
Artistic Style 2.06 (December 2016)
* Add new bracket style option "style=mozilla".
* Add new option "break-one-line-headers" (#33, 64, 367).
* Add new option "indent-continuation".
* Add new option "pad-comma" (#100).
* Add removing spaces before a comma (#100).
* Add new Objective-C options "pad-return-type" (-xq) and
"unpad-return-type" (-xr).
* Add new Objective-C options "pad-param-type" (-xS) and
"unpad-param-type" (-xs).
* Add formatting of C++14 single-quote digit separators (#337).
* Add indentation for CORBA IDL module statement (#414).
* Add translations for Bulgarian, Estonian, Greek, Hungarian, Norwegian,
and Romanian.
* Remove lineend option from formatCinToCout function.
* Improve align-method-colon and apply to Objective-C method calls.
* Improve recognition of header guards in preprocessor statements.
* Improve recognition of C++11 uniform initializer brackets (#381, 411,
415).
* Improve the processing of quoted strings and verbatim strings.
* Change align-method-colon short first line to align on the longest
line instead of the first line.
* Change to not break empty one line brackets to support new
"break-one-line-headers".
* Change add-brackets to not add to one line blocks to support new
"break-one-line-headers".
* Change add-brackets to not add to one line statements in support new
"break-one-line-headers".
* Fix not recognizing an escaped space character within a quote (#403).
* Fix not recognizing "else" brackets as COMMAND_TYPE (#400).
* Fix attaching "if" statements to a #else preprocessor directive
(#356).
* Fix not clearing global variables for a new file (#364).
* Fix not recognizing an rvalue reference in a template (#404).
* Fix breaking a line when processing the first line of a file (#400).
* Fix breaking a line in an exponential (#392).
* Fix indentation of an "enum" without following brackets (#401, 384).
* Fix indentation of arguments using preceding commas (#355).
* Fix indentation of Pico style one line blocks.
* Fix not padding header for "new" or "delete" followed by parens.
* Fix template variable not being cleared at end of a statement (#380).
* Fix "close-templates" to only close ending angle brackets (#375).
* Fix pad-oper to not pad a + or - following an open bracket (#378).
* Fix C# to recognize "using" as a header.
* Fix C# to always recognize "forever" as a header.
* Fix Pico style not always computing the indentation for one line
blocks.
* Fix indentation of Objective-C @interface statement (#333).
* Fix assert error when Objective-C "@" is followed by whitespace.
* Fix end of line comments for "pad-method-prefix" and
"unpad-method-prefix".
* Fix end of line comments for "pad-method-colon".
* Refactoring:
* Consolidate scattered ASFormatter conditional statements into a
padParenObjC method.
* Remove BracketMode STROUSTRUP_MODE and change it to LINUX_MODE.
* Remove ASBase methods from being inlined as class definitions.
* Replace C char arrays in astyle_main.cpp with C++ strings.
* Return language translation as a mutable variable.
* Portability changes for additional compiler support (#352).
* Minor changes based on results of the Clang-Tidy.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Feb 24, 2018
Changes since 2.05.1:
Artistic Style 3.1 (January 2018)
* Add new options "project", "project=####", and "project=none" (#11).
* Add new options, "break-return-type" and "break-return-type-decl"
(358, 286, 205, 16).
* Add new options, "attach-return-type" and "attach-return-type-decl"
(358, 286, 205, 16).
* Add new option "style=ratliff", as an alternate name for banner style.
* Add new environment variable ARTISTIC_STYLE_PROJECT_OPTIONS (#11).
* Add multiple extensions to the command line file paths option.
* Improve recognition of unary + and - when using pad-oper.
* Change the Windows default options file location from USERPROFILE to
APPDATA.
* Change options file input to accept UTF-16, or UTF-8 with a BOM (or
signature).
* Change "unsigned short" data type to c++11 "char16_t".
* Change translations for new project options file.
* Fix utf8LengthFromUtf16() calculation being less than the actual
length.
* Fix multiply followed by a dereference for "align-pointer=type".
* Fix recognition of a uniform class initializer in a base class
initialization (#441).
* Fix indentation of "volatile" keyword not used in a method definition
(#450).
* Fix indentation of "final" keyword not used in a method definition
(#450).
* Fix indentation of compound literals in an argument list (#456).
* Fix indentation of trailing return type method following a constructor
(#463).
* Fix space padding of closing brace before a dot (#468).
* Fix Objective-C to allow for "Extern C" statements in the source files
(#443, 444, 446).
* Fix Objective-C to allow for method definitions without a specified
return type (#447).
* Fix Objective-C to allow for method definitions with multiple param
types.
* Fix Objective-C to replace tabbed padding with a space.
* Fix Objective-C formatting of line-end comments with
"unpad-return-type".
* Fix Objective-C "align-method-colon" to ignore ternary (?) operators.
* Fix C# base class constructor indentation (#459).
* Fix C# indentation of method declaration containing a colon (#465)
* Fix C/C++ to allow "interface" as a non-keyword (#445).
* Fix Java to allow "default" as a non-switch keyword.
* Fix line ends initialization if no line end has been read.
* Fix Java build from including ASLocalizer in the shared library.
* Fix to check for AStyleWx line tags after C style comments.
* Fix boundary conditions and other errors discovered by fuzzing.
* Refactoring:
* Extract method isNumericVariable() in ASFormatter class.
* Extract method isTopLevel() in ASBeautifier class.
* Extract method fileExists() in Console class.
* Rename ASEncoding variable from "utf8_16" to "encode".
* Rename ASBeautifier vector from squareBracketDepthStack to
parenDepthStack.
* Combine style options in ASOptions class to avoid compiler
limits.
Artistic Style 3.0.1 (May 2017)
* Fix crash caused by certain class initializer formats (#435).
* Fix "final" identifier not being recognized as a pre-command header
(#433).
* Fix recognition of certain rvalue reference variables.
Artistic Style 3.0 (April 2017)
* Add new option "indent-after-parens" (#396, 152, 108, 79).
* Add new option "attach-closing-while" (#177).
* Add "style=run-in" as an alternative for "style=horstmann".
* Add "break-closing-braces" to "style=stroustrup" (#267).
* Add formatting for C++11 trailing return type methods.
* Add new class ASPeekStream using RAII to allow early method returns.
* Change affected variable names to new AStyle terminology.
* Change some vector push_back() statements to emplace_back().
* Fix memory leak when using "indent-preproc-define".
* Fix sometimes splitting an r-value reference when "pad-oper" is used.
* Fix in-statement-indent brace check not always checking a brace
(#421).
* Fix formatting of C# get/set and add/remove when braces are attached
(#430).
* Fix formatting of C# generic constraints (#430).
* Fix padding of C# null conditional operator.
* Fix attach-inlines to not attach a brace followed by a run-in comment.
* Fix not always breaking lines after "add-braces" (#341).
* Fix unpadding the "in" in a foreach statement (#386).
* Fix boundary conditions discovered by american fuzzy lop fuzzer
(#370).
* Refactoring:
* Replace NULL with C++11 nullptr.
* Rename Utf8_16 class to ASEncoding.
* Move ASConsole constructor and destructor from inline to
non-inline.
* Move console error stream (cerr) from global to ASConsole class.
* Move ASConsole pointer in ASOptions from global to a class
member.
* Move findHeader and findOperator methods from ASBeautifier to
ASBase.
* Minor changes from PVS-Studio analyzer.
* Minor changes from clang-tidy.
Artistic Style 2.06 (December 2016)
* Add new bracket style option "style=mozilla".
* Add new option "break-one-line-headers" (#33, 64, 367).
* Add new option "indent-continuation".
* Add new option "pad-comma" (#100).
* Add removing spaces before a comma (#100).
* Add new Objective-C options "pad-return-type" (-xq) and
"unpad-return-type" (-xr).
* Add new Objective-C options "pad-param-type" (-xS) and
"unpad-param-type" (-xs).
* Add formatting of C++14 single-quote digit separators (#337).
* Add indentation for CORBA IDL module statement (#414).
* Add translations for Bulgarian, Estonian, Greek, Hungarian, Norwegian,
and Romanian.
* Remove lineend option from formatCinToCout function.
* Improve align-method-colon and apply to Objective-C method calls.
* Improve recognition of header guards in preprocessor statements.
* Improve recognition of C++11 uniform initializer brackets (#381, 411,
415).
* Improve the processing of quoted strings and verbatim strings.
* Change align-method-colon short first line to align on the longest
line instead of the first line.
* Change to not break empty one line brackets to support new
"break-one-line-headers".
* Change add-brackets to not add to one line blocks to support new
"break-one-line-headers".
* Change add-brackets to not add to one line statements in support new
"break-one-line-headers".
* Fix not recognizing an escaped space character within a quote (#403).
* Fix not recognizing "else" brackets as COMMAND_TYPE (#400).
* Fix attaching "if" statements to a #else preprocessor directive
(#356).
* Fix not clearing global variables for a new file (#364).
* Fix not recognizing an rvalue reference in a template (#404).
* Fix breaking a line when processing the first line of a file (#400).
* Fix breaking a line in an exponential (#392).
* Fix indentation of an "enum" without following brackets (#401, 384).
* Fix indentation of arguments using preceding commas (#355).
* Fix indentation of Pico style one line blocks.
* Fix not padding header for "new" or "delete" followed by parens.
* Fix template variable not being cleared at end of a statement (#380).
* Fix "close-templates" to only close ending angle brackets (#375).
* Fix pad-oper to not pad a + or - following an open bracket (#378).
* Fix C# to recognize "using" as a header.
* Fix C# to always recognize "forever" as a header.
* Fix Pico style not always computing the indentation for one line
blocks.
* Fix indentation of Objective-C @interface statement (#333).
* Fix assert error when Objective-C "@" is followed by whitespace.
* Fix end of line comments for "pad-method-prefix" and
"unpad-method-prefix".
* Fix end of line comments for "pad-method-colon".
* Refactoring:
* Consolidate scattered ASFormatter conditional statements into a
padParenObjC method.
* Remove BracketMode STROUSTRUP_MODE and change it to LINUX_MODE.
* Remove ASBase methods from being inlined as class definitions.
* Replace C char arrays in astyle_main.cpp with C++ strings.
* Return language translation as a mutable variable.
* Portability changes for additional compiler support (#352).
* Minor changes based on results of the Clang-Tidy.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Feb 27, 2018
Changes: 1.20.1 ------ - libcupsfilters: Silenced warning when using CUPS < 2.x by eliminating the use of a recently introduced CUPS library function (Bugzilla bug #1421). - braille: Fix some missing options on indexv4. Thanks to Samuel Thibault for this patch (Pull request #21). - braille: Fix disabling margins on indexv4 in graphic mode. Thanks to Samuel Thibault for this patch (Pull request #20). - braille: Fix installation of brftopagedbrf. Thanks to Samuel Thibault for this patch (Pull request #18, Issue #17). - cups-browsed: Fixed crash when CUPS reports a print queue without "device-uri" attribute when cups-browsed polls a list of local CUPS queues (Issue #16). 1.20.0 ------ - libcupsfilters: Let the PPD generator prefer the English translation file from CUPS for the human-readable strings in the PPD files. - libcupsfilters: The PPD generator lists all page sizes with human-readable names now, including proprietary names of the printer. - cups-browsed, driverless: Fixed get-printer-attributes call on driverless printers for generating the PPD, explicitly requesting the media-col-database attribute as otherwise borderless page sizes do not appear. - libcupsfilters: Fixed loading option/choice strings lists from driverless printers for PPD file generation. Especially proprietary media types appear correctly now. - libcupsfilters: Completed color space support in the PPD generator: Added DeviceGray/RGB/CMYK, default to 8 bit for SRGB and to 16 bit for AdobeRGB, avoid duplicate listings of the same color space. 1.19.0 ------ - libcupsfilters: Let the PPD generator add the options "Print Optimization", "Print Rendering Intent" and "Print Scaling" if appropriate IPP attributes are found. - libcupsfilters: Let the PPD generator read out the maximum of info about color spaces and this way not only reliably the correct choices are added to the ColorModel option but also the maximum supported bit depth (8 or 16 bit) is used. - libcupsfilters: Overtaken new features from CUPS' PPD generator: Presets, Finishing Templates, and extraction of media sizes from "media-col-database" - libcupsfilters: Improvements on header of generated PPDs: use cups-filters version number, "drvless.ppd" PCFileName, APSupplies and cupsChargeInfoURI from CUPS. - libcupsfilters: Let the PPD generator use the IPP string tables in the translation files of CUPS 2.3.x or newer (English strings only). Let all options in the PPD have human-readable option and choice names. In case of CUPS 2.2.x or older (or if the CUPS translation are missing) we fall back to internal tables. - cups-browsed: Improved debug output when checking IPP attributes of IPP printers. - .gitignore: Ignore also core files. - cups-browsed: Support use of PPD files generated by CUPS for IPP Printers. Works only if the the local queue created by cups-browsed replaces a temporary queue from CUPS. Configurable via "UseCUPSGeneratedPPDs" directive in cups-browsed.conf. 1.18.0 ------ - braille: Add support for page-ranges option. Thanks to Samuel Thibault for this patch (Pull request #12). - braille: Fix supporting docx and LO file names with spaces. Thanks to Samuel Thibault for this patch (Pull request #11). - .gitignore: Updated and cleaned up. - Build system: Make sure that "make dist" always includes all files of the repository, plus the files generated by ./autogen.sh, independent of the system configuration and the used ./configure options. - pdftoijs, pdftoopvp: Build pdftoijs and pdftoopvp only on demand (via "--enable-ijs" and "--enable-opvp" on the ./configure command line). There are actually no known printer drivers using these filters. If no one complains about the missing filters they will get completely removed. - Build system: Set default path for pdftops to /usr/bin/pdftops also for cross-compiling (Bug #1417). - cups-browsed: Set "printer-location" as an attribute and not as an option when creating/updating a CUPS queue (Bug #1413). - braille: Fix handling non-printable characters in BRF files. Thanks to Samuel Thibault for this patch. - braille: Fix printing backslashes in BRF files. Thanks to Samuel Thibault for this patch. - braille: use application/vnd.cups-brf instead of text/vnd.cups-brf. Thanks to Samuel Thibault for this patch. - braille: Make sure liblouis emits pure BRF output. Thanks to Samuel Thibault for this patch. - braille: Spaces at the head of lines were not getting embossed, because bash would eat them in the read command. IFS allows to avoid the issue. Thanks to Samuel Thibault for this patch. - gstoraster: Emit proper error message if Ghostscript is missing. Thanks to Peter De Wachter (pdewacht at gmail dot com) for the patch (Bug #1415). - braille: Old bash does not like quotes, like in '$(("123" + 0))'. Removed unneeded quotes. Thanks to Samuel Thibault for this patch. - braille: Index V5 embossers are compatible with the V4 protocol so we do not need driver changes, we just need to advertise the support. Thanks to Samuel Thibault for this patch.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 23, 2018
Upstream changes:
0.43 Sat Apr 21 15:39:09 2018
- pull request #16 - strip down list of prerequisites to modules that are safe to use high on
the CPAN river (thanks karenetheridge)
0.42 Fri Apr 20 23:42:41 2018
- rt 125136 - reinstate 5.8 compat by not using // operator in the new unc test (thanks SREZIC)
- pull request #14 - Add .gitignore. (thanks jkeenan)
- pull request #13 - File::Find::Rule is used in the test suite but not named as a prequisite in Makefile.PL. (thanks jkeenan)
0.41 Thu Apr 19 15:58:12 2018
- Issue #10 and #8: fix Makefile.PL; add github metadata (thanks karenetheridge and chorny)
- Issue #11: Fix the test failure described in RT#123964 (thanks tomhukins and SREZIC)
- Issue #9: Fixes for Windows (thanks chorny)
- rt 124324 - fix v0.40 changelog date (thanks ANDK)
- rt 124151 - pathrm with force on should guard against absolute paths (thanks chorny)
- rt 124423 - have fcopy() work around File::Copy::copy() bug rt132866 (thanks DROLSKY)
- Issue #12 and rt 124166 - set umask for reliability (thanks teoric and ether)
- rt 43328 - add ULC test to verify pathmk() w/ ULC (thanks willi.weikum and LouisStrous)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 6, 2018
3.0.1 Sat 5 May 20:50:14 2018
- GH #11: fix version declaration on 5.8 (thanks, Grinnz)
3.0.0 Sat 5 May 18:10:16 2018
- breaking change:
- the behaviour of UNIVERSAL methods like $native->can and
$native->isa is now defined as being the same as when autobox
is not enabled rather than "undefined". (technically, this
still falls under the rubric of "undefined", but the switch
from "don't know" to "don't" could break buggy code, so bump
for safety)
- add DOES to the list of non-autoboxed methods
- switch to SemVer i.e. 2.86 (v2.860.0) -> 3.0.0 (v3.0.0)
- upgrade ppport.h from 3.35 -> 3.42
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 6, 2018
1.53 2018-05-02
- Add support for decoding template files via ENCODING constructor arg
[github #11]
- Docs cleanup: replace indirect-object style examples and use class method
style constructor calls in the POD docs
- Docs cleanup: remove hard tabs from POD, replace dated, unfair synopsis
[github #5], convert "THANKS" section to a POD list
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 20, 2018
2018-08-18 -- 0.8.6
* Fixed: Bad/NULL .hostText.afterLast when parsing certain rather pathologic
but well-formed URIs with empty host (e.g. "//:%aa@") (GitHub #15)
Thanks to Kurt Schwehr for the report!
* Fixed: Fix uriRemoveBaseUri for case where scheme, host name,
IPvFuture address or path segments of the source address were
string prefixes of the related counterpart in the base URI.
Thanks to Yang Yu for the patch! (GitHub #19, #20)
* Fixed: Make UriStringToUnixFilename and UriStringToWindowsFilename
support minimal representation a la RFC 8089, e.g. file:/bin/bash
(compare to file:///bin/bash with three slashes) (GitHub #12, #14)
Thanks to Zane van Iperen for the report!
* Fixed: Documentation typos (GitHub #10, #11)
Thanks to Graham Percival!
* Improved: Made API docs of uriRemoveBaseUri more clear
(related to GitHub #19)
* Soname: 1:22:0
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 20, 2018
Release 2.2.6 Sun August 12 2018
Bug fixes:
#170 #206 Avoid doing arithmetic with NULL pointers in XML_GetBuffer
#204 #205 Fix 2.2.5 regression with suspend-resume while parsing
a document like '<root/>'
Other changes:
#165 #168 Autotools: Fix docbook-related configure syntax error
#166 Autotools: Avoid grep option `-q` for Solaris
#167 Autotools: Support
./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
#159 #167 Autotools: Support DOCBOOK_TO_MAN command which produces
xmlwf.1 rather than XMLWF.1; also covers case insensitive
file systems
#181 Autotools: Drop -rpath option passed to libtool
#188 Autotools: Detect and deny SGML docbook2man as ours is XML
#188 Autotools/CMake: Support command db2x_docbook2man as well
#174 CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
#184 #185 CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
#207 #208 CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
both defaulting to OFF
#175 CMake: Prefer check_symbol_exists over check_function_exists
#176 CMake: Create the same pkg-config file as with GNU Autotools
#178 #179 CMake: Use GNUInstallDirs module to set proper defaults for
install directories
#208 CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
#180 Windows: Fix compilation of test suite for Visual Studio 2008
#131 #173 #202 Address compiler warnings
#187 #190 #200 Fix miscellaneous typos
Version info bumped from 7:7:6 to 7:8:6
Release 2.2.5 Tue October 31 2017
Bug fixes:
#8 If the parser runs out of memory, make sure its internal
state reflects the memory it actually has, not the memory
it wanted to have.
#11 The default handler wasn't being called when it should for
a SYSTEM or PUBLIC doctype if an entity declaration handler
was registered.
#137 #138 Fix a case of mistakenly reported parsing success where
XML_StopParser was called from an element handler
#162 Function XML_ErrorString was returning NULL rather than
a message for code XML_ERROR_INVALID_ARGUMENT
introduced with release 2.2.1
Other changes:
#106 xmlwf: Add argument -N adding notation declarations
#75 #106 Test suite: Resolve expected failure cases where xmlwf
output was incomplete
#127 Windows: Fix test suite compilation
#126 #127 Windows: Fix compilation for Visual Studio 2012
Windows: Upgrade shipped project files to Visual Studio 2017
#33 #132 tests: Mass-fix compilation for XML_UNICODE_WCHAR_T
#129 examples: Fix compilation for XML_UNICODE_WCHAR_T
#130 benchmark: Fix compilation for XML_UNICODE_WCHAR_T
#144 xmlwf: Fix compilation for XML_UNICODE_WCHAR_T; still needs
Windows or MinGW for 2-byte wchar_t
#9 Address two Clang Static Analyzer false positives
#59 Resolve troublesome macros hiding parser struct membership
and dereferencing that pointer
#6 Resolve superfluous internal malloc/realloc switch
#153 #155 Improve docbook2x-man detection
#160 Undefine NDEBUG in the test suite (rather than rejecting it)
#161 Address compiler warnings
Version info bumped from 7:6:6 to 7:7:6
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 21, 2018
0.40 25th July 2018 - improve --extra-opts error handling (#18) - fix handling named arguments (#17) - Allow negation of command line arguments using '--no'-prefix (#13) - Fix plugin-name processing in ALRM handler. (#12) - Fixed regex in plugin_exit() that handles hyphen for LONGOUTPUT (#11) - Support LONGTEXT output in plugin_exit (#10) - convert empty perfdata values to 'U' (daku3649 #5) - fix output when there is only long plugin output (pdugas)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Sep 23, 2018
## 3.2018.0812 / 2018-08-12 * Added `.xsd` extension to `text/xml`. [#10][] * Added `.js` and `.mjs` extensions to `text/ecmascript` and `text/javascript`. [#11][] * Added `.ipa` extension to `application/octet-stream`. [#12][] * Moved extensions `.markdown` and `.md` and added `.mkd` extension to `text/markdown`. [#13][] * Because of a bug found with mime-types 3 before 3.2.1, this version requires mime-types 3.1 or later to manage data. * Updated the IANA media registry entries as of release date. The biggest major change here is the addition of the `font/` top-level media type. * MIME type changes not introduced by pull requests will no longer be individually tracked. * Clarified that the YAML editable format is not shipped with the Ruby gem for size considerations.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Sep 23, 2018
0.2.17 (2018-02-09) * Land #9, remove use of 'fun' keyword * Land #10, add rand_country 0.2.18 (2018-04-12) * Land #11, ranges for rand_base and rand_text_* 0.2.19 (2018-04-18) * Land #13, add text encryption / encoding wrappers 0.2.20 (2018-04-18) * Land #14, remove RC4/SHA256 support * Land #12, bump ruby deps 0.2.21 (2018-06-13) * Land #16, simplify shuffle_a implementation * Land #17, speedup to_mixed_case_array * Land #18, use single regular expression for strict case * Land #19, remove unnecessary gsub regex to remove newline * Land #21, add SHA2 digest wrappers
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Oct 23, 2018
pkgsrc changes: - Add a dependency to www/libpsl - Add a patch to adjust running of the tests (otherwise because `APACHE_HTTPD' is defined to `no' a `no' program will be executed but will fail because no `no' program is usually available) Changes: Changes in libsoup from 2.64.1 to 2.64.2: * TLD tests updated (Claudio Saavedra) * Updated translations: Serbian Changes in libsoup from 2.63.92 to 2.64.1: * Many fixes to the meson build system (which, by the way, is NOT official yet) (#13, Tomas Popela) * Updated translations: Belarusian. Changes in libsoup from 2.63.92 to 2.64.0: * Many fixes to the meson build system [#7, #8, #9, #11, Tomas Popela] * Updated translations: Brazilian Portuguese, Galician, Hungarian, Latvian, Danish. Changes in libsoup from 2.63.91 to 2.63.92: * Make sure that XMLRPC tests build in Debian too [Claudio Saavedra] * Distribute missing meson files [Claudio Saavedra] * Some fixes to the meson build files [Claudio Saavedra] * Updated Korean and Swedish translations Changes in libsoup from 2.63.90 to 2.63.91: * Simplify soup_hosts_matches_host() [Claudio Saavedra] * Add new tests for trailing dots in domain names [Claudio Saavedra] * Updated Turkish translation Changes in libsoup from 2.63.2 to 2.63.90: * Set default cookie path for NULL origins [#1, Adrian Perez de Castro] * Fixes to GObject-introspection [bgo#794787, Corentin Noël] * Use atomic-refcounting in classes that are not using GObject-refcounting [bgo#785110, Edward Hervey] * Many Coverity-found code fixes [bgo#781771, Milan Crha] * Bail out on cookie-jar calls with empty hostnames [#3, Michael Catanzaro] * Fixes to the simple-httpd example [#2, Mooffie] * Updated translations: Chinese (Taiwan), Catalan Note: from now onwards bgo# references bugs in GNOME Bugzilla and # issues in GNOME gitlab. Changes in libsoup from 2.63.1 to 2.63.2: * Many fixes to the meson build system support [#795324, #782410, Tomas Popela, Jan Alexander Steffens] * Fixes to xmlrpc-server test with PHP >= 7.2 and related [#795111, #782410 Jan Alexander Steffens] * Fix critical warning in SoupSocket [Carlos Garcia Campos] * Updated translations: Romanian, Friulian, Slovenian, Czech, Spanish, Indonesian, Chinese (China).
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Nov 24, 2018
Upstream changes: 0.74 2018-09-23 23:41:10Z - fix init_arg when used in combination with an underscored attribute read from the config file (Andreas Koenig, github #11)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Dec 1, 2018
2.10.1: (stable) * signal_impl::clear(): Don't clear the slot list during signal emission, to prevent a segfault. And add a test for this. (Kjell Ahlstedt) Bug #784550 (Andrejs Hanins) * slot_base::set_parent(): Create a dummy slot_rep if necessary (Kjell Ahlstedt) Bug #167714 (Gerald Britton) * Avoid compiler warnings from function pointer conversions (Kjell Ahlstedt) Issue #1 (sharkcz) (Kjell Ahlstedt) Issue #8 (db0451) Build: * Make --disable-benchmark work. (Christophe Lermytte) Bug #774732 * Replace the Visual Studio project files with MSVC NMake project files Add MSVC_NMake/README.txt for Visual Studio builds (Chun-wei Fan) Pull request #11 Documentation: * signal_base: Warn against deletion during emission (Kjell Ahlstedt) Bug #167714 (Gerald Britton) * Update links in README, configure.ac, libsigcplusplus.doap (Kjell Ahlstedt)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Dec 2, 2018
3.30.1 - fix nasty misrendering of inode-directory-symbolic 3.30.0 - audio-speakers-symbolic rendering glitch (issue #11) - *starred-symbolic 2px outline as per guidelines (issue #7) 3.29.90 - symbolic fingerprint, smartcard reader devices - emoji category icons in symbolic form - render script improvements by Sam Hewitt - general cleanup and maintenance by Sam - SIM status icons (symbolic) - system-log-out-symbolic - screen sharing status (issue #3) - thicked strokes for *starred-symbolic (issue #4) - iput-gaming and application-games consistent (Sam) - bluetooth rendering fix (Sam) - application-x-appliance alignment (Sam) - tab-new, application-x-executable improvements (Sam) - user-bookmarks metaphor (Sam) - general grid alignment fixes by Sam - SVG filesize optimalizations by Sam
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jan 29, 2019
Changelog: Knot DNS 2.7.6 (2019-01-23) =========================== Improvements: ------------- - Zone status also shows when the zone load is scheduled - Server workers status also shows background workers utilization - Default control timeout for knotc was increased to 10 seconds - Pkg-config files contain auxiliary variable with library filename Bugfixes: --------- - Configuration commit or server reload can drop some pending zone events - Nonempty zone journal is created even though it's disabled #635 - Zone is completely re-signed during empty dynamic update processing - Server can crash when storing a big zone difference to the journal - Failed to link on FreeBSD 12 with Clang Knot DNS 2.7.5 (2019-01-07) =========================== Features: --------- - Keymgr supports NSEC3 salt handling Improvements: ------------- - Zone history in journal is dropped apon AXFR-like zone update - Libdnssec is no longer linked against libm #628 - Libdnssec is explicitly linked against libpthread if PKCS #11 enabled #629 - Better support for libknot packaging in Python - Manually generated KSK is 'ready' by default - Kdig supports '+timeout' as an alias for '+time' - Kdig supports '+nocomments' option - Kdig no longer prints empty lines between retries - Kdig returns failure if operations not successfully resolved #632 - Fixed repeating of the 'KSK submission, waiting for confirmation' log - Various improvements in documentation, Dockerfile, and tests Bugfixes: --------- - Knotc fails to unset huge configuration section - Kjournalprint sometimes fails to display zone journal content - Improper timing of ZSK removal during ZSK rollover - Missing UTC time zone indication in the 'iso' keymgr list output - A race condition in the online signing module Knot DNS 2.7.4 (2018-11-13) =========================== Features: --------- - Added SNI configuration for TLS in kdig (Thanks to Alexander Schultz) Improvements: ------------- - Added warning log when DNSSEC events not successfully scheduled - New semantic check on timer values in keymgr - DS query no longer asks other addresses if got a negative answer - Reintroduced 'rollover' configuration option for CDS/CDNSKEY publication - Extended logging for zone loading - Various documentation improvements Bugfixes: --------- - Failed to import module configuration #613 - Improper Cflags value in libknot.pc if built with embedded LMDB #615 - IXFR doesn't fall back to AXFR if malformed reply - DNSSEC events not correctly scheduled for empty zone updates - During algorithm rollover old keys get removed before DS TTL expires #617 - Maximum zone's RRSIG TTL not considered during algorithm rollover #620 Knot DNS 2.7.3 (2018-10-11) =========================== Features: --------- - New queryacl module for query access control - Configurable answer rrset rotation #612 - Configurable NSEC bitmap in online signing Improvements: ------------- - Better error logging for KASP DB operations #601 - Some documentation improvements Bugfixes: --------- - Keymgr "list" output doesn't show key size for ECDSA algorithms #602 - Failed to link statically with embedded LMDB - Configuration commit causes zone reload for all zones - The statistics module overlooks TSIG record in a request - Improper processing of an AXFR-style-IXFR response consisting of one-record messages - Race condition in online signing during key rollover #600 - Server can crash if geoip module is enabled in the geo mode Knot DNS 2.7.2 (2018-08-29) =========================== Improvements: ------------- - Keymgr list command displays also key size - Kjournalprint displays total occupied size in the debug mode - Server doesn't stop if failed to load a shared module from the module directory - Libraries libcap-ng, pthread, and dl are linked selectively if needed Bugfixes: --------- - Sometimes incorrect result from dnssec_nsec_bitmap_contains (libdnssec) - Server can crash when loading zone file difference and zone-in-journal is set - Incorrect treatment of specific queries in the module RRL - Failed to link module Cookies as a shared library Knot DNS 2.7.1 (2018-08-14) =========================== Improvements: ------------- - Added zone wire size information to zone loading log message - Added debug log message for each unsuccessful remote address operation - Various improvements for packaging Bugfixes: --------- - Incompatible handling of RRSIG TTL value when creating a DNS message - Incorrect RRSIG TTL value in zone differences and knotc zone operation outputs - Default configure prefix is ignored Knot DNS 2.7.0 (2018-08-03) =========================== Features: --------- - New DNS Cookies module and related '+cookie' kdig option - New module for response tailoring according to client's subnet or geographic location - General EDNS Client Subnet support in the server - OSS-Fuzz integration (Thanks to Jonathan Foote) - New '+ednsopt' kdig option (Thanks to Jan Včelák) - Online Signing support for automatic key rollover - Non-normal file (e.g. pipe) loading support in zscanner #542 - Automatic SOA serial incrementation if non-empty zone difference - New zone file load option for ignoring zone file's SOA serial - New build-time option for alternative malloc specification - Structured logging for DNSSEC key submission event - Empty QNAME support in kdig Improvements: ------------- - Various library and server optimizations - Reduced memory consumption of outgoing IXFR processing - Linux capabilities use overhaul #546 (Thanks to Robert Edmonds) - Online Signing properly signs delegations and CNAME records - CDS/CDNSKEY rrset is signed with KSK instead of ZSK - DNSSEC-related records are ignored when loading zone difference with signing enabled - Minimum allowed RSA key length was increased to 1024 - Removed explicit dependency on Nettle Bugfixes: --------- - Possible uninitialized address buffer use in zscanner - Possible index overflow during multiline record parsing in zscanner - kdig +tls sometimes consumes 100 % CPU #561 - Single-Type Signing doesn't work with single ZSK key #566 - Zone not flushed after re-signing during zone load #594 - Server crashes when committing empty zone transaction - Incoming IXFR with on-slave signing sometimes leads to memory corruption #595 Compatibility: -------------- - Removed obsolete RRL configuration - Removed obsolete module names 'mod-online-sign' and 'mod-synth-record' - Removed obsolete 'ixfr-from-differences' configuration option - Removed old journal migration - Removed module rosedb Knot DNS 2.6.9 (2018-08-14) =========================== Improvements: ------------- - Added zone wire size to zone loading log message - Added debug log message for each unsuccessful remote address operation Bugfixes: --------- - Zone not flushed after re-signing during zone load #594 - Server crashes when committing empty zone transaction - Incoming IXFR with on-slave signing sometimes leads to memory corruption #595 Knot DNS 2.6.8 (2018-07-10) =========================== Features: --------- - New 'import-pkcs11' command in keymgr Improvements: ------------- - Unixtime serial policy mimics Bind – increment if lower #593 Bugfixes: --------- - Creeping memory consuption upon server reload #584 - Kdig incorrectly detects QNAME if 'notify' is a prefix - Server crashes when zone sign fails #587 - CSK->KZSK rollover retires CSK early #588 - Server crashes when zone expires during outgoing multi-message transfer - Kjournalprint doesn't convert zone name argument to lower-case - Cannot switch to a previously used ksk-shared dnssec policy #589 Knot DNS 2.6.7 (2018-05-17) =========================== Features: --------- - Added 'dateserial' (YYYYMMDDnn) serial policy configuration (Thanks to Wolfgang Jung) Improvements: ------------- - Trailing data indication from the packet parser (libknot) - Better configuration check for a problematical option combination Bugfixes: --------- - Incomplete configuration option item name check - Possible buffer overflow in 'knot_dname_to_str' (libknot) - Module dnsproxy doesn't preserve letter case of QNAME - Module dnsproxy duplicates OPT and TSIG in the non-fallback mode Knot DNS 2.6.6 (2018-04-11) =========================== Features: --------- - New EDNS option counters in the statistics module - New '+orphan' filter for the 'zone-purge' operation Improvements: ------------- - Reduced memory consuption of disabled statistics metrics - Some spelling fixes (Thanks to Daniel Kahn Gillmor) - Server no longer fails to start if MODULE_DIR doesn't exist - Configuration include doesn't fail if empty wildcard match - Added a configuration check for a problematical option combination Bugfixes: --------- - NSEC3 chain not re-created when SOA minimum TTL changed - Failed to start server if no template is configured - Possibly incorrect SOA serial upon changed zone reload with DNSSEC signing - Inaccurate outgoing zone transfer size in the log message - Invalid dname compression if empty question section - Missing EDNS in EMALF responses Knot DNS 2.6.5 (2018-02-12) =========================== Features: --------- - New 'zone-notify' command in knotc - Kdig uses '@server' as a hostname for TLS authenticaion if '+tls-ca' is set Improvements: ------------- - Better heap memory trimming for zone operations - Added proper polling for TLS operations in kdig - Configuration export uses stdout as a default output - Simplified detection of atomic operations - Added '--disable-modules' configure option - Small documentation updates Bugfixes: --------- - Zone retransfer doesn't work well if more masters configured - Kdig can leak or double free memory in corner cases - Inconsistent error outputs from dynamic configuration operations - Failed to generate documentation on OpenBSD Knot DNS 2.6.4 (2018-01-02) =========================== Features: --------- - Module synthrecord allows multiple 'network' specification - New CSK handling support in keymgr Improvements: ------------- - Allowed configuration for infinite zsk lifetime - Increased performance and security of the module synthrecord - Signing changeset is stored into journal even if 'zonefile-load' is whole Bugfixes: --------- - Unintentional zone re-sign during reload if empty NSEC3 salt - Inconsistent zone names in journald structured logs - Malformed outgoing transfer for big zone with TSIG - Some minor DNSSEC-related issues Knot DNS 2.6.3 (2017-11-24) =========================== Bugfixes: --------- - Wrong detection of signing scheme rollover Knot DNS 2.6.2 (2017-11-23) =========================== Features: --------- - CSK algorithm rollover and (KSK, ZSK) <-> CSK rollover support Improvements: ------------- - Allowed explicit configuration for infinite ksk lifetime - Proper error messages instead of unclear error codes in server log - Better support for old compilers Bugfixes: --------- - Unexpected reply for DS query with an owner below a delegation point - Old dependencies in the pkg-config file Knot DNS 2.6.1 (2017-11-02) =========================== Features: --------- - NSEC3 Opt-Out support in the DNSSEC signing - New CDS/CDNSKEY publish configuration option Improvements: ------------- - Simplified DNSSEC log message with DNSKEY details - +tls-hostname in kdig implies +tls-ca if neither +tls-ca nor +tls-pin is given - New documentation sections for DNSSEC key rollovers and shared keys - Keymgr no longer prints useless algorithm number for generated key - Kdig prints unknown RCODE in a numeric format - Better support for LLVM libFuzzer Bugfixes: --------- - Faulty DNAME semantic check if present in the zone apex and NSEC3 is used - Immediate zone flush not scheduled during the zone load event - Server crashes upon dynamic zone addition if a query module is loaded - Kdig fails to connect over TLS due to SNI is set to server IP address - Possible out-of-bounds memory access at the end of the input - TCP Fast Open enabled by default in kdig breaks TLS connection Knot DNS 2.6.0 (2017-09-29) =========================== Features: --------- - On-slave (inline) signing support - Automatic DNSSEC key algorithm rollover - Ed25519 algorithm support in DNSSEC (requires GnuTLS 3.6.0) - New 'journal-content' and 'zonefile-load' configuration options - keymgr tries to run as user/group set in the configuration - Public-only DNSSEC key import into KASP DB via keymgr - NSEC3 resalt and parent DS query events are persistent in timer DB - New processing state for a response suppression within a query module - Enabled server side TCP Fast Open if supported - TCP Fast Open support in kdig Improvements: ------------- - Better record owner compression if related to the previous rdata dname - NSEC(3) chain is no longer recomputed whole on every update - Remove inconsistent and unnecessary quoting in log files - Avoiding of overlapping key rollovers at a time - More DNSSSEC-related semantic checks - Extended timestamp format in keymgr Bugfixes: --------- - Incorrect journal free space computation causing inefficient space handling - Interface-automatic broken on Linux in the presence of asymmetric routing
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 6, 2019
3.0.1: The Windows installers now ship with Npcap 0.992. They previously shipped with Npcap 0.99-r9. Bug Fixes The following vulnerabilities have been fixed: wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895. wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899. wnpa-sec-2019-11 IEEE 802.11 dissector infinite loop. Bug 15553. CVE-2019-10897. wnpa-sec-2019-12 GSUP dissector infinite loop. Bug 15585. CVE-2019-10898. wnpa-sec-2019-13 Rbm dissector infinite loop. Bug 15612. CVE-2019-10900. wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894. wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896. wnpa-sec-2019-16 TSDNS dissector crash. Bug 15619. CVE-2019-10902. wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901. wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903. The following bugs have been fixed: [oss-fuzz] UBSAN: shift exponent 34 is too large for 32-bit type 'guint32' (aka 'unsigned int') in packet-ieee80211.c:15534:49. Bug 14770. [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type 'int' in packet-couchbase.c:1674:37. Bug 15439. Duplicated TCP SEQ field in ICMP packets. Bug 15533. Wrong length in dhcpv6 NTP Server suboption results in "Malformed Packet" and breaks further dissection. Bug 15542. Wireshark’s speaker-to-MaxMind is burning up the CPU. Bug 15545. GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug 15549. Import hexdump dummy Ethernet header generation ignores direction indication. Bug 15561. %T not supported for timestamps. Bug 15565. LWM2M: resource with \r\n badly shown. Bug 15572. When selecting BSSAP in 'Decode As' for a SCCP payload, it uses BSSAP+ which is not the same protocol. Bug 15578. Possible buffer overflow in function ssl_md_final for crafted SSL 3.0 sessions. Bug 15599. Windows console log output delay. Bug 15605. Syslog dissector processes the UTF-8 BOM incorrectly. Bug 15607. NFS/NLM: Wrong lock byte range in the "Info" column. Bug 15608. randpkt -r causes segfault when count > 1. Bug 15627. Tshark export to ElasticSearch (-Tek) fails with Bad json_dumper state: illegal transition. Bug 15628. Packets with metadata but no data get the Protocol Info column overwritten. Bug 15630. BGP MP_REACH_NLRI AFI: Layer-2 VPN, SAFI: EVPN - Label stack not decoded. Bug 15631. Buildbot crash output: fuzz-2019-03-23-1789.pcap. Bug 15634. Typo: broli → brotli. Bug 15647. Wrong dissection of GTPv2 MM Context Used NAS integrity protection algorithm. Bug 15648. Windows CHM (help file) title displays quoted HTML characters. Bug 15656. Unable to load 3rd party plugins not signed by Wireshark’s codesigning certificate. Bug 15667. 3.0.0: Many user interface improvements have been made. See the “New and Updated Features” section below for more details. Support for a number of legacy features and libraries has been removed. See the “Removed Features and Support” section below for more details. Bug Fixes The following bugs have been fixed: Data following a TCP ZeroWindowProbe is marked as retransmission and not passed to subdissectors (Bug 15427) Lua Error on startup: init.lua: dofile has been disabled due to running Wireshark as superuser (Bug 15489). Text and Image columns were handled incorrectly for TDS 7.0 and 7.1. (Bug 3098) Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419) The following features are new (or have been significantly updated) since version 3.0.0rc1: The IP map feature (the “Map” button in the “Endpoints” dialog) has been added back in a modernized form (Bug 14693). The macOS package now ships with Qt 5.12.1. Previously it shipped with Qt 5.9.7. The macOS package requires version 10.12 or later. If you’re running an older version of macOS, please use Wireshark 2.6. The following features are new (or have been significantly updated) since version 2.9.0: Wireshark now supports the Swedish and Ukrainian languages. Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be configured at Preferences, RSA Keys. The build system now produces reproducible builds (Bug 15163). The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt 5.12.0. The following features are new (or have been significantly updated) since version 2.6.0: The Windows .exe installers now ship with Npcap instead of WinPcap. Besides being actively maintained (by the nmap project), Npcap brings support for loopback capture and 802.11 WiFi monitor mode capture (if supported by the NIC driver). Conversation timestamps are supported for UDP/UDP-Lite protocols TShark now supports the -G elastic-mapping option which generates an ElasticSearch mapping file. The “Capture Information” dialog has been added back (Bug 12004). The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default. The TCP dissector gained a new “Reassemble out-of-order segments” preference to fix dissection and decryption issues in case TCP segments are received out-of-order. See the User’s Guide, chapter TCP Reassembly for details. Decryption support for the new WireGuard dissector (Bug 15011, requires Libgcrypt 1.8). The BOOTP dissector has been renamed to DHCP. With the exception of “bootp.dhcp”, the old “bootp.*” display filter fields are still supported but may be removed in a future release. The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” display filter fields are supported but may be removed in a future release. Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now be copied from other profiles using a button in the corresponding configuration dialogs. APT-X has been renamed to aptX. When importing from hex dump, it’s now possible to add an ExportPDU header with a payload name. This calls the specific dissector directly without lower protocols. The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH connection. Dumpcap now supports the -a packets:NUM and -b packets:NUM options. Wireshark now includes a “No Reassembly” configuration profile. Wireshark now supports the Russian language. The build system now supports AppImage packages. The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt 5.9.7. Support for DTLS and TLS decryption using pcapng files that embed a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug 15252). The editcap utility gained a new --inject-secrets option to inject an existing TLS Key Log file into a pcapng file. A new dfilter function string() has been added. It allows the conversion of non-string fields to strings so string functions (as contains and matches) can be used on them. The Bash test suite has been replaced by one based on Python unittest/pytest. The custom window title can now show file path of the capture file and it has a conditional separator. Removed Features and Support The legacy (GTK+) user interface has been removed and is no longer supported. The portaudio library is no longer needed due to the removal of GTK+. Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported. Wireshark requires GLib 2.32 or later. Wireshark requires GnuTLS 3.2 or later as optional dependency. Building Wireshark requires Python 3.4 or newer, Python 2.7 is unsupported. Building Wireshark requires CMake. Autotools is no longer supported. TShark’s -z compare option was removed. Building with Cygwin is no longer supported on Windows.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 19, 2019
3.0.1: The Windows installers now ship with Npcap 0.992. They previously shipped with Npcap 0.99-r9. Bug Fixes The following vulnerabilities have been fixed: wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895. wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899. wnpa-sec-2019-11 IEEE 802.11 dissector infinite loop. Bug 15553. CVE-2019-10897. wnpa-sec-2019-12 GSUP dissector infinite loop. Bug 15585. CVE-2019-10898. wnpa-sec-2019-13 Rbm dissector infinite loop. Bug 15612. CVE-2019-10900. wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894. wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896. wnpa-sec-2019-16 TSDNS dissector crash. Bug 15619. CVE-2019-10902. wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901. wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903. The following bugs have been fixed: [oss-fuzz] UBSAN: shift exponent 34 is too large for 32-bit type 'guint32' (aka 'unsigned int') in packet-ieee80211.c:15534:49. Bug 14770. [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type 'int' in packet-couchbase.c:1674:37. Bug 15439. Duplicated TCP SEQ field in ICMP packets. Bug 15533. Wrong length in dhcpv6 NTP Server suboption results in "Malformed Packet" and breaks further dissection. Bug 15542. Wireshark’s speaker-to-MaxMind is burning up the CPU. Bug 15545. GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug 15549. Import hexdump dummy Ethernet header generation ignores direction indication. Bug 15561. %T not supported for timestamps. Bug 15565. LWM2M: resource with \r\n badly shown. Bug 15572. When selecting BSSAP in 'Decode As' for a SCCP payload, it uses BSSAP+ which is not the same protocol. Bug 15578. Possible buffer overflow in function ssl_md_final for crafted SSL 3.0 sessions. Bug 15599. Windows console log output delay. Bug 15605. Syslog dissector processes the UTF-8 BOM incorrectly. Bug 15607. NFS/NLM: Wrong lock byte range in the "Info" column. Bug 15608. randpkt -r causes segfault when count > 1. Bug 15627. Tshark export to ElasticSearch (-Tek) fails with Bad json_dumper state: illegal transition. Bug 15628. Packets with metadata but no data get the Protocol Info column overwritten. Bug 15630. BGP MP_REACH_NLRI AFI: Layer-2 VPN, SAFI: EVPN - Label stack not decoded. Bug 15631. Buildbot crash output: fuzz-2019-03-23-1789.pcap. Bug 15634. Typo: broli → brotli. Bug 15647. Wrong dissection of GTPv2 MM Context Used NAS integrity protection algorithm. Bug 15648. Windows CHM (help file) title displays quoted HTML characters. Bug 15656. Unable to load 3rd party plugins not signed by Wireshark’s codesigning certificate. Bug 15667. 3.0.0: Many user interface improvements have been made. See the “New and Updated Features” section below for more details. Support for a number of legacy features and libraries has been removed. See the “Removed Features and Support” section below for more details. Bug Fixes The following bugs have been fixed: Data following a TCP ZeroWindowProbe is marked as retransmission and not passed to subdissectors (Bug 15427) Lua Error on startup: init.lua: dofile has been disabled due to running Wireshark as superuser (Bug 15489). Text and Image columns were handled incorrectly for TDS 7.0 and 7.1. (Bug 3098) Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419) The following features are new (or have been significantly updated) since version 3.0.0rc1: The IP map feature (the “Map” button in the “Endpoints” dialog) has been added back in a modernized form (Bug 14693). The macOS package now ships with Qt 5.12.1. Previously it shipped with Qt 5.9.7. The macOS package requires version 10.12 or later. If you’re running an older version of macOS, please use Wireshark 2.6. The following features are new (or have been significantly updated) since version 2.9.0: Wireshark now supports the Swedish and Ukrainian languages. Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be configured at Preferences, RSA Keys. The build system now produces reproducible builds (Bug 15163). The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt 5.12.0. The following features are new (or have been significantly updated) since version 2.6.0: The Windows .exe installers now ship with Npcap instead of WinPcap. Besides being actively maintained (by the nmap project), Npcap brings support for loopback capture and 802.11 WiFi monitor mode capture (if supported by the NIC driver). Conversation timestamps are supported for UDP/UDP-Lite protocols TShark now supports the -G elastic-mapping option which generates an ElasticSearch mapping file. The “Capture Information” dialog has been added back (Bug 12004). The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default. The TCP dissector gained a new “Reassemble out-of-order segments” preference to fix dissection and decryption issues in case TCP segments are received out-of-order. See the User’s Guide, chapter TCP Reassembly for details. Decryption support for the new WireGuard dissector (Bug 15011, requires Libgcrypt 1.8). The BOOTP dissector has been renamed to DHCP. With the exception of “bootp.dhcp”, the old “bootp.*” display filter fields are still supported but may be removed in a future release. The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” display filter fields are supported but may be removed in a future release. Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now be copied from other profiles using a button in the corresponding configuration dialogs. APT-X has been renamed to aptX. When importing from hex dump, it’s now possible to add an ExportPDU header with a payload name. This calls the specific dissector directly without lower protocols. The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH connection. Dumpcap now supports the -a packets:NUM and -b packets:NUM options. Wireshark now includes a “No Reassembly” configuration profile. Wireshark now supports the Russian language. The build system now supports AppImage packages. The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt 5.9.7. Support for DTLS and TLS decryption using pcapng files that embed a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug 15252). The editcap utility gained a new --inject-secrets option to inject an existing TLS Key Log file into a pcapng file. A new dfilter function string() has been added. It allows the conversion of non-string fields to strings so string functions (as contains and matches) can be used on them. The Bash test suite has been replaced by one based on Python unittest/pytest. The custom window title can now show file path of the capture file and it has a conditional separator. Removed Features and Support The legacy (GTK+) user interface has been removed and is no longer supported. The portaudio library is no longer needed due to the removal of GTK+. Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported. Wireshark requires GLib 2.32 or later. Wireshark requires GnuTLS 3.2 or later as optional dependency. Building Wireshark requires Python 3.4 or newer, Python 2.7 is unsupported. Building Wireshark requires CMake. Autotools is no longer supported. TShark’s -z compare option was removed. Building with Cygwin is no longer supported on Windows.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jun 8, 2019
Upstream changes: 2.04 2019-05-24 - Add a partial workaround for "Bizarre copy" errors (GH #11) that come when attempting to look at arguments in the call stack. This is only a partial fix as there are cases that can lead to a SEGV. Ultimately this needs to be fixed in the Perl core. See https://rt.perl.org/Public/Bug/Display.html?id=131046 for relevant discussion. Fixed by pali. GH #21.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jun 11, 2019
2.60.1 - April 1, 2019 ====================== - Improve reliability of client auth failure tests (#66) - Fix excessive CPU usage after sync handshake (#69) 2.60.0.1 - March 12, 2019 ========================= - Fix build with OpenSSL pkg-config unavailable (Nirbheek Chauhan) 2.60.0 - March 11, 2019 ======================= This is the first stable release featuring the new OpenSSL backend. Please be advised that this new backend is still experimental and known to not work on some systems, including Debian. Linux distributions are encouraged to stick to the default build options, where OpenSSL is not yet enabled. - Fix build with GnuTLS disabled (Nirbheek Chauhan) - Fix build on Windows (Chun-Wei Fan) 2.59.92 - March 4, 2019 ======================= - Many OpenSSL backend fixes for Windows (Nirbheek Chauhan) - GnuTLS: reject sync operations during handshake to avoid deadlocks (#46) - Temporarily disable DTLS and OpenSSL tests due to #49 and #54 2.59.91 - February 18, 2019 =========================== - Update OpenSSL SSL struct when certificate is changed (#55, Fredrik Ternerot) - Fix tests build when GnuTLS is disabled (#59) - Remove Fedora-specific PROFILE=SYSTEM default cipher list (#61) - Fix some problems with the connection tests (Fredrik Ternerot) 2.59.90 - February 4, 2019 ========================== This release adds an OpenSSL backend, obsoleting the glib-openssl project. Credit to all the contributors to the glib-openssl project, especially Ignacio Casal Quinteiro. Also thanks to Xavier Claessens for helping with the transition. The OpenSSL backend seems to be mature, though it is less well-tested for desktop usage than the GnuTLS backend. It will remain disabled by default at build time due to the GPL-incompatible nature of the OpenSSL license -- and the GPLv2-incompatible nature of the Apache license that will be used by future versions of OpenSSL -- and because the GnuTLS backend is sufficient for Linux distros. Use the OpenSSL backend if you are building an embedded system where (GPLv2+ or LGPLv3+) dependencies are unacceptable (e.g. nettle or GMP, both dependencies of GnuTLS) and you are OK with the GPL-incompatible OpenSSL license. If the OpenSSL backend is enabled at build time, you should probably disable build of the GnuTLS backend, or it will take precedence over the OpenSSL backend at runtime. For example, you could configure with: $ mkdir build && cd build $ meson -Dgnutls=disabled -Dopenssl=enabled .. 2.59.2 - January 7, 2019 ======================== - Add support for application layer protocol negotiation (#47, Scott Hutton) 2.59.1 - November 11, 2018 ========================== This release removes the gnutls-pkcs11 backend, which was disabled in 2.57.2, due to lack of any feedback whatsoever regarding its disablement. If you think it is still useful to you, given that the normal gnutls backend now supports PKCS#11, speak up now. This release also includes several changes to properly support TLS 1.3. Other changes: - Perform certificate verification during, not after, TLS handshake - Dramatically improve the reliability of the non-DTLS tests. (DTLS is still having problems.) - Regenerate test certificates to prepare for OpenSSL support - Several meson build system improvements to prepare for OpenSSL support 2.58.0 - September 2, 2018 ========================== - Updated translations 2.57.92 - August 27, 2018 ========================= - Revert fixes for #4 and #6 due to regression (#43) - Fix installed tests (Sébastien Bacher, !7) 2.57.90 - August 12, 2018 ========================= - Properly check for server errors in connection tests (#4) - Perform certificate verification during, not after, TLS handshake (#6) - Avoid trailing dots in SNI hostnames (#11) - Send fallback SCSV with fallback connection attempts - Fail unsafe rehandshake attempts initiated by API request 2.57.3 - July 16, 2018 ====================== - Fix memory leaks when calling g_tls_connection_gnutls_get_certificate() - Use .so for modules on macOS instead of dylib (Nirbheek Chauhan) - Fix build with MSVCC (Nirbheek Chauhan) 2.57.2 - May 21, 2018 ===================== This release disables build of the gnutls-pkcs11 backend by default. Please direct any complaints to https://gitlab.gnome.org/GNOME/glib-networking/issues/7 - Several meson build system improvements (#794978, #795043, and #795982, Xavier Claessens and Nirbheek Chauhan) 2.57.1 - April 16, 2018 ======================= - Use GnuTLS system trust and remove build option to specify cert bundle (#753260) - Fix criticals when child streams outlast the parent GTlsConnection (#792219) - Fix crash when setting client cert without private key (#793712) - Update tests for compatibility with GnuTLS 3.6.2 (#794286) - Never install GIO modules outside build prefix (#794358) - Don't install test files if installed tests are disabled (#794372) - Fix build with -Dpkcs11=false (#794292, Tom Schoonjans) - Allow building as meson subproject (#794709, Mathieu Duponchelle) - g_tls_certificate_verify() no longer manually verifies certificate activation/expiration time, matching the current behavior of g_tls_database_verify_chain().
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 25, 2019
Changes in dconf 0.32.0 ======================= - No changes since 0.31.92 Changes in dconf 0.31.92 ======================== - bin: Add an option to ignore changes to locked keys during load (Tomasz Miąsko; #1; !43) - tests: Use more concise key and value (Tomasz Miąsko; #1; !43) - tests: shm: fix pwrite wrapper with -D_FILE_OFFSET_BITS=64 (Ben Wolsieffer; !37) - tests: replace usage of dlsym with separate modules containing functions that need to be mocked out (Daniel Playfair Cal; !37) - tests: Avoid using real system bus during tests (Tomasz Miąsko; #51; !45) Changes in dconf 0.31.2 ======================= - Bin: rewrite dconf utility in C. Updates are no longer conditional on the mtime of the database directory and files. Help information is shown on erroneous usage, but not otherwise. (Tomasz Miąsko; !39) - build: Make dconf client vapi file installation optional, and thus the Vala dependency optional (still built by default) (Tomasz Miąsko; !40) - bin: Add a new database directory argument for the update command (Tomasz Miąsko, Takao Fujiwara; !39, !41) Changes in dconf 0.31.1 ======================= - Engine: Fix memory leak when subscribing to a path. (Guido Günther; !25) - CI: Always store test artifacts so we always get code coverage results. (Philip Withnall; !32) - Sort output of list and dump commands. (Tomasz Miąsko; !31) - Tests: Add integration tests for dconf and dconf-service running within a separate D-Bus session and clean XDG_RUNTIME_DIR and XDG_CONFIG_HOME. (Tomasz Miąsko; !31) - Engine: Coalesce pending writes into a single changeset. (Tomasz Miąsko; !30) - Consistently validate the number of arguments. Add optional directory argument for update command. (Tomasz Miąsko; !33) - Tests: Add further integration tests (Tomasz Miąsko; !33) - Check mtimes of files when updating databases. (Marek Kasik; !27; #11) - Indicate update failure with non-zero exit code. Consistently handle invalid configuration in update. (Tomasz Miąsko; !34; #42) - Replace Bugzilla by Gitlab URL in DOAP file. (Andre Klapper) - Tests: Add test for key paths locked in system databases (Tomasz Miąsko; !35)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Oct 4, 2019
Changelog:
Version 2.46.0
- The following are highlights compared to the 2.44.x series. For
full details, please see the release notes for the 2.45.x series.
- All of librsvg.so is now implemented in Rust! That is, except for a
very thin wrapper over the public API functions. Hopefully we can
remove this wrapper when Cargo gets some more features around
controlling the linking step. This release requires at least Rust 1.34.
- Librsvg now comes with a Rust crate that can be used from Rust
applications. See librsvg_crate/examples. This Rust API is
designed to be idiomatic; if you want a Rust binding to the shared
library instead, please use the "rsvg-rs" crate from crates.io.
- The following API functions are new in the C library:
rsvg_handle_get_intrinsic_dimensions()
rsvg_handle_render_document()
rsvg_handle_render_layer()
rsvg_handle_render_element()
rsvg_handle_get_geometry_for_layer()
rsvg_handle_get_geometry_for_element()
Correspondingly, there is a new chapter in the documentation, called
"Recommendations for Applications". These new APIs conform better
with the web platform's idea of how SVG sizing/positioning should
work. Applications should now find it easier to scale and render
SVGs in a single call, instead of having to obtain image dimensions
first.
- A bunch of functions have been deprecated but are still available:
- rsvg_handle_write()/close() are deprecated in favor of the
stream functions. Unfortunately the write()/close() pair
require buffering the entire document, in case it is a .svgz
compressed file; the streaming functions do not have this
problem.
- Functions that return RsvgDimensionData and RsvgPositionData are
deprecated, since they just use integers instead of floating
point numbers. They are replaced with the _get_geometry_*()
functions above.
- The library is a lot more strict now in terms of detecting that the
API functions are called in the correct order. For example, calling
rsvg_handle_get_dimensions() before rsvg_handle_close() will now
emit a critical warning.
- Librsvg is gradually moving towards using code from Mozilla's Servo.
We haven't quite gotten rid of libcroco and libxml2 yet, but this is
in progress.
- Many thanks to all the people who participated in the long cycle for
2.45. Having the whole library's functionality in Rust is a big
accomplishment!
Version 2.45.92
- #496 - Ensure all lengths and angles parse as finite numbers
- #497 - Don't panic on paths with all-invalid commands
- #500 - Added additional SVG blend-modes for the feBlend filter primitive (Andargor)
- Some changes in the build structure to allow for faster builds.
Version 2.45.91
- The documentation has a new chapter, Recommendations for Applications.
- #451 - Make rsvg-convert detect images larger than pixman's limit.
- #410 - Update introspection annotations.
- #449 - librsvg_crate: Make cancellable arguments consistent with gio-rs
- librsvg_crate: Take all gio arguments as IsA<SomeGioType> generics
- Updated Rust crates to avoid duplicates (Bastien Orivel)
Version 2.45.90
- New API functions:
rsvg_handle_render_document()
rsvg_handle_render_layer()
rsvg_handle_render_element()
rsvg_handle_get_geometry_for_layer()
rsvg_handle_get_geometry_for_element()
CairoRenderer in the librsvg_crate has corresponding functions
as well.
- Fix builds with gettext ≥ 0.20 (Ting-Wei Lan).
- If the C API is called out of order, downgrade hard panics to
g_critical() to cope with incorrect/old applications that called
rsvg_handle_get_dimensions() before rsvg_handle_close().
- API reference documentation is much improved.
Version 2.45.8
- This version requires at least Rust 1.34.
- #485 - Fix build on Rust earlier than 1.36 (Kleis Auke Wolthuizen).
- More polishing of the Windows build (Chun-wei Fan).
- Update gtk-rs and dependent crates (Bastien Orivel)
Version 2.45.7
- Fix #463 - Don't panic if an SVG has character data outside the
first element.
- Fix #467: Don't panic when there's an xi:include fallback with no
parent element. Thanks to Bastien Orivel for running afl-fuzz
on librsvg.
- Fix #471: Fix blurry semi-opaque objects when rendering with a
scaled transformation. Thanks to the gnome-games people for
isolating a test case and to Evgeniy Reizner for providing a more
minimal one.
- Fix #481: Don't ignore the first x/y/dx/dy in text/tspan elements if
there is more than one position specified.
- #452 - In librsvg_crate, SvgHandle now has a ::has_element_with_id()
method.
- rsvg-convert now catches the case where the SVG has no dimensions.
- Replaced the Visual Studio build infrastructure for NMake
(Chun-wei Fan).
- This version no longer contains the rsvg-view program, so librsvg no
longer depends on GTK. Please see
https://people.gnome.org/~federico/blog/removing-rsvg-view.html for
the rationale behind this change.
- The poly element no longer supports "verts" as an alias for the
"points" attribute. The "verts" name was only used in SVG pre-1.0,
and we had been cargo-culting that name ever since.
- We now use more machinery from Mozilla Servo, in this case the
markup5ever and rust-selectors crates. This is in line with
gradually replacing libcroco with a Rust-only CSS machinery.
- Lots and lots of refactoring and cleanups: use the rctree crate
instead of our own tree representation; remove interior mutability
in element structs; make the gradients and patterns code less
repetitive (Paolo Borelli).
- Update some dependencies (Bastien Orivel).
- New section in COMPILING.md about cross-compilation to Windows using
mingw (Takuro Ashie)
- Fix static linking and Windows builds (Kleis Auke Wolthuizen).
Version 2.45.6
- Librsvg now requires Rust 1.30.0 or later.
- Librsvg now requires Cairo 1.16.0 or later. Thanks to
Julian Sparber for keeping up with cairo-rs API changes.
- This version introduces librsvg_crate, an idiomatic Rust crate for
using librsvg from Rust programs directly, without using GObject
machinery. This API is subject to change, but you can start using
it now in an experimental fashion. Thanks to Paolo Borelli and
Jordan Petridis for fine-tuning this new API.
- All of the librsvg internals are now in Rust! The C code is just a
thin wrapper over Rust functions.
- The internals library has been converted to Rust 2018 (Jordan Petridis).
- Within librsvg_crate, there is a new infrastructure for doing
reftests in Rust, that does not depend on PNG reference files. See
librsvg_crate/tests for details.
- This release introduces the following new APIs:
rsvg_handle_get_intrinsic_dimensions(),
rsvg_handle_get_geometry_for_element().
- Parsing of the "style" attribute, which has a plain list of CSS
property declarations, is now done with rust-cssparser.
- CSS selector matching should be marginally faster than before.
- Fix Visual Studio builds (Chun-wei Fan).
- Fix #11 - Respect the "direction" property for bidirectional text (Khaled Hosny).
- Fix #295 - Ensure the initial viewport fits into temporary surfaces for compositing
- Fix #425 - Don't fail parsing if the system's locale is broken (Paolo Borelli).
- Fix #438, #443 - Don't create intermediate raster surfaces unless
absolutely needed. This was causing blurred output for SVGs from
Inkscape and Illustrator, since they include an "enable-background"
property even when there are no filters in use. Thanks to Julian
Sparber, Jordan Petridis, Zeeshan Ali for doing a huge "git bisect"
to find the cause of this bug.
- Fix #443 - Fix blurry output when enable-background is used without filters.
- Fix #455 - Fix rounding error on i386 (Olivier Tilloy).
- Check for Cairo errors when constructing paths.
Version 2.45.5
- At build time, you can now pass $CARGO and $RUSTC environment
variables if you need to override the default Rust toolchain.
Please see COMPILING.md for details. (Tobias Kortkamp)
- Fix #405 - In the gdk-pixbuf loader, don't crash if the write()
function doesn't receive a GError.
- Fix #268 - Remove the comp-op property; it's not in SVG 1.1 nor SVG 2.
- Fix #415 - register RsvgHandleFlags and the RsvgError enum values in
a thread-safe fashion (Sebastian Dröge).
- All of the library's non-GObject functionality is implemented in
Rust now.
- Update the cairo crate (Kornel Lesiński).
- Clean up the loading code paths (Paolo Borelli).
- Updated compilation docs for Debian (Jordan Petridis)
- Updated parts of the reference documentation.
Version 2.45.4
- Brown paper bag release, my apologies.
- Fix #402 - Fix the library's soname. Thanks to Gabriele Balducci
for reporting it, and Kalev Lember for fixing it.
Version 2.45.3
- Big news! All the real work in the library is now implemented in
Rust. The public API is implemented in C, but most it calls
immediately into the Rust code. Special thanks to Paolo Borelli and
Carlos Martín Nieto for making this possible.
- rsvg_handle_set_base_uri() now really assumes that it is passed a
URI. Previously it would try to differentiate between real URIs,
and absolute or relative file paths. If this breaks your code
(i.e. you are passing a filename, not a URI), please tell us so we
can restore the old behavior!
- Fix #395 - Don't panic in feMorphology if it ends up with a negative
scaling transformation.
- Fix #398 - Detect circular references in gradients.
- Match the Firefox/Chrome behavior on gradients and patterns with
circular references for fallbacks (Paolo Borelli).
- Fixes for Rust 1.30 and below (Jordan Petridis).
- Lots and lots of refactoring (Paolo Borelli, Federico Mena).
Version 2.45.2
- rsvg_cleanup() is now deprecated. This was only meant to be called
from code to be checked by Valgrind. Leak checkers may show
reachable memory from libxml2; real memory leaks should still be
reported, of course. (Kornel Lesiński).
- As an experimental change, librsvg no longer calls xmlInitParser()
from libxml2. Please tell us if this causes problems for
multithreaded programs.
- Added g_warning()s to ensure the API is called in the correct
sequence.
- The text handling code has been completely refactored and
simplified. This will allow us to implement the x/y/dx/dy
properties for multiple glyphs in the future. Please report any
problems you experience in text rendering.
- Fix #385 - Don't crash if there is no rsvg_handle_write() before
rsvg_handle_close().
- Fix #391 - Avoid undefined behavior when casting opaque pointers
(Jordan Petridis).
- Fix crash when a linear RGB filter is followed by an SRGB filter
(Ivan Molodetskikh).
- Fix #393 - Stack overflow when freeing thousands of sibling elements.
- Fix positioning of adjacent <tspan> elements.
- All the toplevel loading and drawing code is implemented in Rust now.
- Pixbuf conversion code is in Rust now (Paolo Borelli).
- Cleanups in the code for XML processing, markers, attributes (Paolo
Borelli).
- Many build/link fixes (Jordan Petridis).
- Cleanups in the code that calls libxml2 (Kornel Lesiński).
Version 2.45.1
- New public API, rsvg_handle_get_geometry_sub(), to get the exact
geometry of an element. The functions
rsvg_handle_get_position_sub() and rsvg_handle_get_dimensions_sub()
are deprecated now; these returned incomplete data with integer
coordinates (Julian Sparber).
- rsvg_handle_write() and rsvg_handle_close() are now deprecated in
favor of the functions which use a GInputStream. The former need to
buffer the entire SVG data first; the latter don't need buffering.
- Librsvg no longer tries to load XML entities which reference
external resources, either parameter or general entities, declared
in the DTD. This never worked properly, and it is better to do so
via the xi:include mechanism. Also, unparsed external entities with
a notation are not really supported in SVG; it has its own <image>
element and similar for that purpose. Only internal general
entities are supported now, for example:
<!ENTITY foo "<some xml here>">
<!ENTITY bar "some text here">
- Started support for localized error messages (Daniel García Moreno).
- Ported to Rust: loading code, XML processing code, data: URL parsing,
- Many code cleanups and refactorings, courtesy of Paolo Borelli.
- Fix undefined behavior in casts (Jordan Petridis).
- Cairo/Rust API updates by Julian Sparber.
- configure.ac cleanups by Maya Rashish.
Version 2.45.0
- Librsvg now requires Rust 1.27.
- Librsvg now requires Cairo 1.15.12.
- Fix building when srcdir != builddir (Mathieu Bridon).
- Fix #339 - Panic in filters with primitiveUnits="objectBoundingBox"
on zero-sized elements (Ivan Molodetskikh).
- Fix #335 - Don't panic if the toplevel node is not <svg>.
- Fixes from fuzz testing (Ivan Molodetskikh): don't panic when the
feConvolveMatrix kernel is not set; fix upper bounds in filter pixel
getters.
- Fix #337 - Don't panic with "em" or "ex" units in the font-size property.
- Fix #338 - Don't panic when an image element doesn't have
width/height attributes.
- Fix #340 - Don't panic when a marker has a zero-sized viewBox attribute.
- Fix #341 - Don't infinite-loop with cyclic pattern references.
- Fix #342 - Don't crash if a <use> node references one of its ancestors.
- Special thanks to Ivan Molodetskikh for doing a fuzz-testing run for
this round.
- Fix #344 - Don't panic when a viewBox has overflowing numbers.
- Fix #345 - Fix panics due to bad path parsing and overflows in
surface size.
- Updates to the CI infrastructure and the build documentation (Jordan
Petridis).
- Cleanups and refactoring (Paolo Borelli, Linus Unnebäck, Federico Mena).
- Fix #343 - Handle child being in error in feComponentTransfer.
- Fix #346 - Handle filter primitives producing errors.
- Fix #347 - Regression in computation of text element extents.
- Fix #348 - Fix incorrect font sizing.
- Fix #349 - Don't panic when loading an external image that is bigger
than Cairo's limits.
- Fix - rsvg_handle_get_dimensions_sub() no longer panics if passed a
nonexistent fragment identifier.
- Fix 32-bit builds (Jordan Petridis).
- Fix #256 - Correctly match the systemLanguage attribute with the
user's locale.
- Fix #320 - Parse xml:lang correctly.
- Fix #334 - Don't modify the caller's cairo_t state during rendering.
- Fix #349 - Don't panic if we get a "data:" URI with empty data.
- Fix #352 - Don't panic on getting a very large "order" for
feConvolveMatrix (Ivan Molodetskikh).
- Fix #363 - Don't drop spaces around <tspan> elements.
- Fix #365 - rsvg-convert now uses pixel units for SVG output, instead
of points. This requires cairo 1.15.12 (Antonio Ospite).
- Fix #358, #366 - tweaks to have the test suite pass on i386 and
non-x86_64 platforms (Simon McVittie, Federico Mena).
- Fix #368 - With RSVG_LOG=1, librsvg will now report when SVGs have
references to nonexistent elements, to aid debugging (for example,
in an xlink:href attribute).
- Fix #371 - rsvg-convert was positioning extracted elements
incorrectly when using the -w/-h options together with --export-id.
- Fix #372 - Mis-rendering in small arc segments.
- Fix #373 - Rendering of gradients for horizontal/vertical stroked
lines with gradientUnits="userSpaceOnUse".
- Fix a couple of memory leaks in the error paths of the GdkPixbuf
loader (Benedikt Heine).
- Allow reference tests with a small difference to pass without
breaking the build (Simon McVittie).
- CSS processing code is now in Rust, although it still calls libcroco
to do the parsing.
- XML processing code is partially moved to Rust, although it still
calls libxml2 for the XML parsing.
- Special thanks to Alex Crichton for ensuring that MacOS builds work.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 18, 2020
0.238 2020-02-07
. Move the prerequisite Test::More from being a runtime prerequisite
to a test time / build time prerequisite (PR #11, by Haarg)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 6, 2020
Changelog:
Notable Changes in NSS 3.52
Bug 1603628 - Update NSS to support PKCS #11 v3.0.
Bug 1623374 - Support new PKCS #11 v3.0 Message Interface for AES-GCM and ChaChaPoly.
Bug 1612493 - Integrate AVX2 ChaCha20, Poly1305, and ChaCha20Poly1305 from HACL*.
Bugs fixed in NSS 3.52
Bug 1633498 - Fix unused variable 'getauxval' error on iOS compilation.
Bug 1630721 - Add Softoken functions for FIPS.
Bug 1630458 - Fix problem of GYP MSVC builds not producing debug symbol files.
Bug 1629663 - Add IKEv1 Quick Mode KDF.
Bug 1629661 - MPConfig calls in SSL initialize policy before NSS is initialized.
Bug 1629655 - Support temporary session objects in ckfw.
Bug 1629105 - Add PKCS11 v3.0 functions to module debug logger.
Bug 1626751 - Fix error in generation of fuzz32 docker image after updates.
Bug 1625133 - Fix implicit declaration of function 'getopt' error.
Bug 1624864 - Allow building of gcm-arm32-neon on non-armv7 architectures.
Bug 1624402 - Fix compilation error in Firefox Android.
Bug 1624130 - Require CK_FUNCTION_LIST structs to be packed.
Bug 1624377 - Fix clang warning for unknown argument '-msse4'.
Bug 1623374 - Support new PKCS #11 v3.0 Message Interface for AES-GCM and ChaChaPoly.
Bug 1623184 - Fix freebl_cpuid for querying Extended Features.
Bug 1622555 - Fix argument parsing in lowhashtest.
Bug 1620799 - Introduce NSS_DISABLE_GCM_ARM32_NEON to build on arm32 without NEON support.
Bug 1619102 - Add workaround option to include both DTLS and TLS versions in DTLS supported_versions.
Bug 1619056 - Update README: TLS 1.3 is not experimental anymore.
Bug 1618915 - Fix UBSAN issue in ssl_ParseSessionTicket.
Bug 1618739 - Don't assert fuzzer behavior in SSL_ParseSessionTicket.
Bug 1617968 - Update Delegated Credentials implementation to draft-07.
Bug 1617533 - Update HACL* dependencies for libintvector.h
Bug 1613238 - Add vector accelerated SHA2 for POWER 8+.
Bug 1612493 - Integrate AVX2 ChaCha20, Poly1305, and ChaCha20Poly1305 from HACL*.
Bug 1612281 - Maintain PKCS11 C_GetAttributeValue semantics on attributes that lack NSS database columns.
Bug 1612260 - Add Wycheproof RSA test vectors.
Bug 1608250 - broken fipstest handling of KI_len.
Bug 1608245 - Consistently handle NULL slot/session.
Bug 1603801 - Avoid dcache pollution from sdb_measureAccess().
Bug 1603628 - Update NSS to support PKCS #11 v3.0.
Bug 1561637 - TLS 1.3 does not work in FIPS mode.
Bug 1531906 - Fix overzealous assertion when evicting a cached sessionID or using external cache.
Bug 1465613 - Fix issue where testlib makefile build produced extraneous object files.
Bug 1619959 - Properly handle multi-block SEED ECB inputs.
Bug 1630925 - Guard all instances of NSSCMSSignedData.signerInfo to avoid a CMS crash
Bug 1571677 - Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name
Compatibility
NSS 3.52 shared libraries are backward compatible with all older NSS 3.x
shared libraries. A program linked with older NSS 3.x shared libraries
will work with NSS 3.52 shared libraries without recompiling or relinking.
Furthermore, applications that restrict their use of NSS APIs to the functions
listed in NSS Public Functions will remain compatible with future versions
of the NSS shared libraries.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 17, 2020
Update ruby-crass to 1.0.6. 1.0.6 (2020-01-12) ------------------ * Number values are now limited to a maximum of `Float::MAX` and a minimum of negative `Float::MAX`. (#11) * Added project metadata to the gemspec. (#9 - @orien) 1.0.5 (2019-10-15) ------------------ * Removed test files from the gem. [@t-richards - #8][8] [8]:rgrove/crass#8 1.0.4 (2018-04-08) ------------------ * Fixed whitespace warnings. (#7 - @yahonda)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jul 13, 2020
### All Platforms - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161)) - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334)) - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122)) - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371)) - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212)) - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386)) - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250)) - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184)) - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737)) - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27)) - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297)) - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405)) - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861)) - Change torrent location even if no data move is needed ([#35](transmission/transmission#35)) - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741)) - Update the resume file before running scripts ([#825](transmission/transmission#825)) - Make multiscrape limits adaptive ([#837](transmission/transmission#837)) - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822)) - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765)) - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294)) - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446)) - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570)) - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24)) - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312)) - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56)) - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347)) - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191)) - Switch to submodules to manage (most of) third-party dependencies - Fail installation on Windows if UCRT is not installed ### Mac Client - Bump minimum macOS version to 10.10 - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788)) - Remove Growl support, notification center is always used ([#387](transmission/transmission#387)) - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600)) - Transition to ARC ([#336](transmission/transmission#336)) - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11)) - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51)) - Add flat variants of status icons for message log ([#134](transmission/transmission#134)) - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429)) - Update file icon when file name changes ([#37](transmission/transmission#37)) - Update translations ### GTK+ Client - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Add AppData file ([#224](transmission/transmission#224)) - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449)) - Update file icon when its name changes ([#37](transmission/transmission#37)) - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647)) - Update translations, add new translations for Portuguese (Portugal) ### Qt Client - Bump minimum Qt version to 5.2 - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269)) - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877)) - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234)) - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262)) - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Reduce torrent properties (file tree) memory usage - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411)) - Improve UI look on hi-dpi displays (YMMV) - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861)) - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian ### Daemon - Use libsystemd instead of libsystemd-daemon (TRAC-5921) - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795)) - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487)) ### Web Client - Fix tracker error XSS in inspector (CVE-?) - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031) - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180)) - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384)) - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146)) - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956)) - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351)) - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367)) ### Utils - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609)) - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247)) - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767)) - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840))
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 3, 2020
net/transmission-gtk: security update net/transmission-qt: security update net/transmission: security update Revisions pulled up: - net/transmission-gtk/Makefile 1.46 - net/transmission-gtk/PLIST 1.2 - net/transmission-qt/Makefile 1.54 - net/transmission/Makefile 1.27 - net/transmission/Makefile.common 1.10 - net/transmission/PLIST 1.4 - net/transmission/distinfo 1.16 - net/transmission/patches/patch-qt_qtr.pro 1.7 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Mon Jul 13 13:01:02 UTC 2020 Modified Files: pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo pkgsrc/net/transmission-gtk: Makefile PLIST pkgsrc/net/transmission-qt: Makefile pkgsrc/net/transmission/patches: patch-qt_qtr.pro Log Message: transmission*: update to 3.00 ### All Platforms - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161)) - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334)) - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122)) - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371)) - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212)) - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386)) - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250)) - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184)) - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737)) - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27)) - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297)) - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405)) - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861)) - Change torrent location even if no data move is needed ([#35](transmission/transmission#35)) - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741)) - Update the resume file before running scripts ([#825](transmission/transmission#825)) - Make multiscrape limits adaptive ([#837](transmission/transmission#837)) - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822)) - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765)) - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294)) - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446)) - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570)) - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24)) - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312)) - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56)) - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347)) - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191)) - Switch to submodules to manage (most of) third-party dependencies - Fail installation on Windows if UCRT is not installed ### Mac Client - Bump minimum macOS version to 10.10 - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788)) - Remove Growl support, notification center is always used ([#387](transmission/transmission#387)) - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600)) - Transition to ARC ([#336](transmission/transmission#336)) - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11)) - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51)) - Add flat variants of status icons for message log ([#134](transmission/transmission#134)) - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429)) - Update file icon when file name changes ([#37](transmission/transmission#37)) - Update translations ### GTK+ Client - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Add AppData file ([#224](transmission/transmission#224)) - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449)) - Update file icon when its name changes ([#37](transmission/transmission#37)) - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647)) - Update translations, add new translations for Portuguese (Portugal) ### Qt Client - Bump minimum Qt version to 5.2 - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269)) - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877)) - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234)) - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262)) - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Reduce torrent properties (file tree) memory usage - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411)) - Improve UI look on hi-dpi displays (YMMV) - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861)) - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian ### Daemon - Use libsystemd instead of libsystemd-daemon (TRAC-5921) - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795)) - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487)) ### Web Client - Fix tracker error XSS in inspector (CVE-?) - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031) - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180)) - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384)) - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146)) - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956)) - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351)) - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367)) ### Utils - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609)) - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247)) - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767)) - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840)) To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Sat Jul 25 20:20:05 UTC 2020 Modified Files: pkgsrc/net/transmission-qt: Makefile Log Message: transmission-qt: needs gcc 7.x (for <optional>) Reported and tested by spz. To generate a diff of this commit: cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Sep 2, 2020
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Sep 7, 2020
3.65 2020-09-01 sbeck
- NEW CODE(s)
3.64 2020-06-02 sbeck
- NEW CODE(s)
- Fixed bug deleting retired codes
The delete_code function failed if you tried to delete a retired
code. This is now fixed. GitHub #12
3.63 2020-03-01 sbeck
- NEW CODE(s)
NOTE: no code changes on 2019-12-01 so no release made at that
time.
- Fixed a retired code
3.62 2019-08-29 sbeck
- NEW CODE(s)
- Fixed tests
Tests were not working correctly since the previous version. This is
now fixed.
- Fixed error messages
Many of the error messages were inconsistent or completely wrong
(due to cut-and-paste errors). They have been fixed.
- Fixed some return codes
The name2code and code2name functions returned 1 in the case of an
error in some situations instead of undef (which was the documented
value).
- Removed unnecessary dependencies
A number of modules were included as test dependencies that are only
used by the author when preparing releases. These have been removed
as dependencies. Petr Pisar on GitHub #11
3.61 2019-06-01 sbeck
- NEW CODE(s)
- Converted tests to use Test::Inter
Now uses the same module to do tests as all my other modules.
3.60 2019-03-01 sbeck
- NEW CODE(s)
3.59 2018-12-03 sbeck
- NEW CODE(s)
- Removed travis file from the tarball
The tarball had a .travis.yml file in it that wasn't in the MANIFEST
file. Since the MANIFEST file is automatically generated by the perl
mkmanifest tool, since it didn't see the .travis.yml file, I have
excluded it from the tarball. Reported by Mohammad S Anwar on GitHub
(#10)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Sep 7, 2020
0.14 2020-08-16 - Require DateTime 1.45, which added a year_length() method that this package is now using. Reported by Slaven Rezić. GH #11. 0.13 2020-08-15 - Added support for a few more incomplete formats, YYYYMMDDThhmmZ, YYYY-MM-DDThh:mmZ, YYYYDDDThhmm, YYYY-DDDThh:mm. Includes a patch from Stuart Browne. Fixed GH #3. 0.12 2020-08-15 - Fixed handling of ISO week parsing in some years. Reported by Kent Fredric. GH #6. - This release includes changes from 0.09-0.11 trial releases to switch from Params::Validate and Params::ValidationCompiler. Relevant release notes from those trial releases are repeated here for clarity. - Replace Params::Validate with Params::ValidationCompiler. - Fixed a bug introduced in 0.09 where calling parse_datetime() as a class method with some formats would throw an exception. - Add a format_datetime() method, which makes this class play nicer with DateTime.pm. Implemented by Doug Bell. jhoblitt/DateTime-Format-ISO8601#2 - Add support for the `YYYY-MM-DDThh:mm:ss.ss[+-]hh` and `YYYYMMDDThhmmss.ss[+-]hh` formats. Implemented by Thomas Klausner. jhoblitt/DateTime-Format-ISO8601#3 0.11 2020-07-26 (TRIAL RELEASE) - Replace Params::Validate with Params::ValidationCompiler. 0.10 2020-07-25 (TRIAL RELEASE) - Fixed a bug introduced in 0.09 where calling parse_datetime() as a class method with some formats would throw an exception. 0.09 2020-07-25 (TRIAL RELEASE) - Add a format_datetime() method, which makes this class play nicer with DateTime.pm. Implemented by Doug Bell. jhoblitt/DateTime-Format-ISO8601#2 - Add support for the `YYYY-MM-DDThh:mm:ss.ss[+-]hh` and `YYYYMMDDThhmmss.ss[+-]hh` formats. Implemented by Thomas Klausner. jhoblitt/DateTime-Format-ISO8601#3
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Sep 10, 2020
Pkgsrc changes:
* Added a patch to cope with fromStatT on NetBSD
* Added a patch to cope with docker client default settings (build
also on NetBSD)
Upstream changes:
1.5.3 (August 27th, 2020)
NOTE:
All security content from 1.5.2, 1.5.1, 1.4.5, 1.4.4, 1.3.9, 1.3.8,
1.2.6, and 1.2.5 has been made fully open source, and the git tags for
1.5.3, 1.4.6, 1.3.10, and 1.2.7 will build correctly for open source
users.
BUG FIXES:
* auth/aws: Made header handling for IAM authentication more robust
* secrets/ssh: Fixed a bug with role option for SSH signing algorithm
to allow more than RSA signing
## 1.5.1
CHANGES:
* pki: The tidy operation will now remove revoked certificates if the
parameter `tidy_revoked_certs` is set to `true`. This will result in
certificate entries being immediately removed, as opposed to
awaiting until its NotAfter time. Note that this only affects
certificates that have been already
revoked. [[GH-9609](https://github.com/hashicorp/vault/pull/9609)]
IMPROVEMENTS:
* auth/jwt: Add support for fetching groups and user information from
G Suite during
authentication. [[GH-9574](https://github.com/hashicorp/vault/pull/9574)]
* secrets/openldap: Add "ad" schema that allows the engine to
correctly rotate AD
passwords. [[GH-9740](https://github.com/hashicorp/vault/pull/9740)]
* ui: Wrap TTL option on transit engine export action is updated to a
new component.
[[GH-9632](https://github.com/hashicorp/vault/pull/9632)]
BUG FIXES:
* secrets/gcp: Ensure that the IAM policy version is appropriately set
after a roleset's bindings have
changed. [[GH-9603](https://github.com/hashicorp/vault/pull/9603)]
* replication (enterprise): Fix status API output incorrectly stating
replication is in `idle` state.
* core: Fix panic when printing over-long info fields at startup
[[GH-9681](https://github.com/hashicorp/vault/pull/9681)]
## 1.5.0
### July 21st, 2020
CHANGES:
* storage/raft: The storage configuration now accepts a new
`max_entry_size` config that will limit the total size in bytes of
any entry committed via raft. It defaults to `"1048576"`
(1MiB). [[GH-9027](https://github.com/hashicorp/vault/pull/9027)]
* token: Token creation with custom token ID via `id` will no longer
allow periods (`.`) as part of the input string.
The final generated token value may contain periods, such as the
`s.` prefix for service token
indication. [[GH-8646](https://github.com/hashicorp/vault/pull/8646/files)]
* token: Token renewals will now return token policies within the
`token_policies` , identity policies within `identity_policies`, and
the full policy set within
`policies`. [[GH-8535](https://github.com/hashicorp/vault/pull/8535)]
* cubbyhole: Reject reads and writes to an empty ("")
path. [[GH-8971](https://github.com/hashicorp/vault/pull/8971)]
* core: Remove the addition of newlines to parsed configuration when
using integer/boolean values
[[GH-8928](https://github.com/hashicorp/vault/pull/8928)]
* audit: Token TTL and issue time are now provided in the auth portion
of audit logs. [[GH-9091](https://github.com/hashicorp/vault/pull/9091)]
IMPROVEMENTS:
* audit: Replication status requests are no longer
audited. [[GH-8877](https://github.com/hashicorp/vault/pull/8877)]
* audit: Added mount_type field to requests and
responses. [[GH-9167](https://github.com/hashicorp/vault/pull/9167)]
* auth/aws: Add support for Web Identity credentials
[[GH-7738](https://github.com/hashicorp/vault/pull/7738)]
* auth/jwt: Support users that are members of more than 200 groups on Azure
[[GH-120](https://github.com/hashicorp/vault-plugin-auth-jwt/pull/120)]
* auth/kubernetes: Allow disabling `iss` validation
[[GH-91](https://github.com/hashicorp/vault-plugin-auth-kubernetes/pull/91)]
* core: Add the Go version used to build a Vault binary to the server message
output. [[GH-9078](https://github.com/hashicorp/vault/pull/9078)]
* core: Added Password Policies for user-configurable password generation
[[GH-8637](https://github.com/hashicorp/vault/pull/8637)]
* core: New telemetry metrics covering token counts, token creation, KV
secret counts, lease
creation. [[GH-9239](https://github.com/hashicorp/vault/pull/9239)]
[[GH-9250](https://github.com/hashicorp/vault/pull/9250)]
[[GH-9244](https://github.com/hashicorp/vault/pull/9244)]
[[GH-9052](https://github.com/hashicorp/vault/pull/9052)]
* cli: Support reading TLS parameters from file for the `vault operator raft
join` command. [[GH-9060](https://github.com/hashicorp/vault/pull/9060)]
* plugin: Add SDK method, `Sys.ReloadPlugin`, and CLI command, `vault plugin
reload`, for reloading
plugins. [[GH-8777](https://github.com/hashicorp/vault/pull/8777)]
* plugin (enterprise): Add a scope field to plugin reload, which when global,
reloads the plugin anywhere in a
cluster. [[GH-9347](https://github.com/hashicorp/vault/pull/9347)]
* sdk/framework: Support accepting TypeFloat parameters over the API
[[GH-8923](https://github.com/hashicorp/vault/pull/8923)]
* secrets/aws: Add iam_groups parameter to role create/update
[[GH-8811](https://github.com/hashicorp/vault/pull/8811)]
* secrets/database: Add static role rotation for MongoDB Atlas database
plugin
[[GH-11](https://github.com/hashicorp/vault-plugin-database-mongodbatlas/pull/11)]
* secrets/database: Add static role rotation for MSSQL database plugin
[[GH-9062](https://github.com/hashicorp/vault/pull/9062)]
* secrets/database: Allow InfluxDB to use insecure TLS without cert bundle
[[GH-8778](https://github.com/hashicorp/vault/pull/8778)]
* secrets/gcp: Support BigQuery dataset ACLs in absence of IAM endpoints
[[GH-78](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/78)]
* secrets/pki: Allow 3072-bit RSA keys
[[GH-8343](https://github.com/hashicorp/vault/pull/8343)]
* secrets/ssh: Add a CA-mode role option to specify signing algorithm
[[GH-9096](https://github.com/hashicorp/vault/pull/9096)]
* secrets/transit: Transit requests that make use of keys now include a new
field `key_version` in their responses
[[GH-8775](https://github.com/hashicorp/vault/pull/8775)]
* secrets/transit: Improving transit batch encrypt and decrypt latencies
[[GH-9100](https://github.com/hashicorp/vault/pull/9100)]
* sentinel: Add a sentinel config section, and "additional_enabled_modules",
a list of Sentinel modules that may be imported in addition to the
defaults.
* ui: Update TTL picker styling on SSH secret engine
[[GH-8891](https://github.com/hashicorp/vault/pull/8891)]
* ui: Only render the JWT input field of the Vault login form on mounts
configured for JWT auth
[[GH-8952](https://github.com/hashicorp/vault/pull/8952)]
* cli: Add a new subcommand, `vault monitor`, for tailing server logs in the
console. [[GH-8477](https://github.com/hashicorp/vault/pull/8477)]
* ui: Add replication dashboards. Improve replication management
workflows. [[GH-8705]](https://github.com/hashicorp/vault/pull/8705).
BUG FIXES:
* agent: Restart template server when it shuts down
[[GH-9200](https://github.com/hashicorp/vault/pull/9200)]
* auth/oci: Fix issue where users of the Oracle Cloud Infrastructure (OCI)
auth method could not authenticate when the plugin backend was mounted at a
non-default path.
[[GH-7](https://github.com/hashicorp/vault-plugin-auth-oci/pull/7)]
* core: Extend replicated cubbyhole fix in 1.4.0 to cover case where a
performance primary is also a DR primary
[[GH-9148](https://github.com/hashicorp/vault/pull/9148)]
* secrets/aws: Fix issue where performance standbys weren't able to generate
STS credentials after an IAM access key rotation in AWS and root IAM
credential update in Vault
[[GH-9186](https://github.com/hashicorp/vault/pull/9186)]
* secrets/database: Fix issue where rotating root database credentials while
Vault's storage backend is unavailable causes Vault to lose access to the
database [[GH-8782](https://github.com/hashicorp/vault/pull/8782)]
* secrets/database: Fix issue that prevents performance standbys from
connecting to databases after a root credential rotation
[[GH-9129](https://github.com/hashicorp/vault/pull/9129)]
* secrets/gcp: Fix issue were updates were not being applied to the
`token_scopes` of a roleset.
[[GH-90](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/90)]
* secrets/kv: Return the value of delete_version_after when reading
kv/config, even if it is set to the default.
[[GH-42](https://github.com/hashicorp/vault-plugin-secrets-kv/pull/42)]
* ui: Add Toggle component into core addon so it is available in KMIP and
other Ember Engines.
[[GH-8913]](https://github.com/hashicorp/vault/pull/8913)
* ui: Disallow max versions value of large than 9999999999999999 on kv2
secrets engine. [[GH-9242](https://github.com/hashicorp/vault/pull/9242)]
## 1.4.3 (TBD)
IMPROVEMENTS:
* auth/aws: Add support for Web Identity credentials
[[GH-9251](https://github.com/hashicorp/vault/pull/9251)]
* core: Add the Go version used to build a Vault binary to the server message
output. [[GH-9078](https://github.com/hashicorp/vault/pull/9078)]
* secrets/database: Add static role rotation for MongoDB Atlas database
plugin [[GH-9311](https://github.com/hashicorp/vault/pull/9311)]
* ui: Link to the Vault Changelog in the UI footer
[[GH-9216](https://github.com/hashicorp/vault/pull/9216)]
BUG FIXES:
* auth/oci: Fix issue where users of the Oracle Cloud Infrastructure (OCI)
auth method could not authenticate when the plugin backend was mounted at a
non-default path. [[GH-9278](https://github.com/hashicorp/vault/pull/9278)]
* replication: The issue causing cubbyholes in namespaces on performance
secondaries to not work, which was fixed in 1.4.0, was still an issue when
the primary was both a performance primary and DR primary.
* secrets/aws: Fix issue where performance standbys weren't able to generate
STS credentials after an IAM access key rotation in AWS and root IAM
credential update in Vault
[[GH-9207](https://github.com/hashicorp/vault/pull/9207)]
* secrets/database: Fix issue that prevents performance standbys from
connecting to databases after a root credential rotation
[[GH-9208](https://github.com/hashicorp/vault/pull/9208)]
* secrets/gcp: Fix issue were updates were not being applied to the
`token_scopes` of a roleset.
[[GH-9277](https://github.com/hashicorp/vault/pull/9277)]
## 1.4.2 (May 21st, 2020)
SECURITY:
* core: Proxy environment variables are now redacted before being logged, in
case the URLs include a username:password. This vulnerability,
CVE-2020-13223, is fixed in 1.3.6 and 1.4.2, but affects 1.4.0 and 1.4.1,
as well as older versions of Vault
[[GH-9022](https://github.com/hashicorp/vault/pull/9022)]
* secrets/gcp: Fix a regression in 1.4.0 where the system TTLs were being
used instead of the configured backend TTLs for dynamic service
accounts. This vulnerability is CVE-2020-12757.
[[GH-85](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/85)]
IMPROVEMENTS:
* storage/raft: The storage stanza now accepts `leader_ca_cert_file`,
`leader_client_cert_file`, and `leader_client_key_file` parameters to read
and parse TLS certificate information from paths on disk.
Existing non-path based parameters will continue to work, but their values
will need to be provided as a single-line string with newlines delimited by
`\n`. [[GH-8894](https://github.com/hashicorp/vault/pull/8894)]
* storage/raft: The `vault status` CLI command and the `sys/leader` API now
contain the committed and applied raft indexes.
[[GH-9011](https://github.com/hashicorp/vault/pull/9011)]
BUG FIXES:
* auth/aws: Fix token renewal issues caused by the metadata changes in 1.4.1
[[GH-8991](https://github.com/hashicorp/vault/pull/8991)]
* auth/ldap: Fix 1.4.0 regression that could result in auth failures when
LDAP auth config includes upndomain.
[[GH-9041](https://github.com/hashicorp/vault/pull/9041)]
* secrets/ad: Forward rotation requests from standbys to active clusters
[[GH-66](https://github.com/hashicorp/vault-plugin-secrets-ad/pull/66)]
* secrets/database: Prevent generation of usernames that are not allowed by
the MongoDB Atlas API
[[GH-9](https://github.com/hashicorp/vault-plugin-database-mongodbatlas/pull/9)]
* secrets/database: Return an error if a manual rotation of static account
credentials fails [[GH-9035](https://github.com/hashicorp/vault/pull/9035)]
* secrets/openldap: Forward all rotation requests from standbys to active
clusters [[GH-9028](https://github.com/hashicorp/vault/pull/9028)]
* secrets/transform (enterprise): Fix panic that could occur when accessing
cached template entries, such as a requests that accessed templates
directly or indirectly from a performance standby node.
* serviceregistration: Fix a regression for Consul service registration that
ignored using the listener address as the redirect address unless api_addr
was provided. It now properly uses the same redirect address as the one
used by Vault's Core object.
[[GH-8976](https://github.com/hashicorp/vault/pull/8976)]
* storage/raft: Advertise the configured cluster address to the rest of the
nodes in the raft cluster. This fixes an issue where a node advertising
0.0.0.0 is not using a unique hostname.
[[GH-9008](https://github.com/hashicorp/vault/pull/9008)]
* storage/raft: Fix panic when multiple nodes attempt to join the cluster at
once. [[GH-9008](https://github.com/hashicorp/vault/pull/9008)]
* sys: The path provided in `sys/internal/ui/mounts/:path` is now
namespace-aware. This fixes an issue with `vault kv` subcommands that had
namespaces provided in the path returning permission denied all the time.
[[GH-8962](https://github.com/hashicorp/vault/pull/8962)]
* ui: Fix snowman that appears when namespaces have more than one period
[[GH-8910](https://github.com/hashicorp/vault/pull/8910)]
## 1.4.1 (April 30th, 2020)
CHANGES:
* auth/aws: The default set of metadata fields added in 1.4.1 has been
changed to `account_id` and `auth_type`
[[GH-8783](https://github.com/hashicorp/vault/pull/8783)]
* storage/raft: Disallow `ha_storage` to be specified if `raft` is set as the
`storage` type. [[GH-8707](https://github.com/hashicorp/vault/pull/8707)]
IMPROVEMENTS:
* auth/aws: The set of metadata stored during login is now configurable
[[GH-8783](https://github.com/hashicorp/vault/pull/8783)]
* auth/aws: Improve region selection to avoid errors seen if the account
hasn't enabled some newer AWS regions
[[GH-8679](https://github.com/hashicorp/vault/pull/8679)]
* auth/azure: Enable login from Azure VMs with user-assigned identities
[[GH-33](https://github.com/hashicorp/vault-plugin-auth-azure/pull/33)]
* auth/gcp: The set of metadata stored during login is now configurable
[[GH-92](https://github.com/hashicorp/vault-plugin-auth-gcp/pull/92)]
* auth/gcp: The type of alias name used during login is now configurable
[[GH-95](https://github.com/hashicorp/vault-plugin-auth-gcp/pull/95)]
* auth/ldap: Improve error messages during LDAP operation failures
[[GH-8740](https://github.com/hashicorp/vault/pull/8740)]
* identity: Add a batch delete API for identity entities
[[GH-8785]](https://github.com/hashicorp/vault/pull/8785)
* identity: Improve performance of logins when no group updates are needed
[[GH-8795]](https://github.com/hashicorp/vault/pull/8795)
* metrics: Add `vault.identity.num_entities` metric
[[GH-8816]](https://github.com/hashicorp/vault/pull/8816)
* secrets/kv: Allow `delete-version-after` to be reset to 0 via the CLI
[[GH-8635](https://github.com/hashicorp/vault/pull/8635)]
* secrets/rabbitmq: Improve error handling and reporting
[[GH-8619](https://github.com/hashicorp/vault/pull/8619)]
* ui: Provide One Time Password during Operation Token generation process
[[GH-8630]](https://github.com/hashicorp/vault/pull/8630)
BUG FIXES:
* auth/okta: Fix MFA regression (introduced in
[GH-8143](https://github.com/hashicorp/vault/pull/8143)) from 1.4.0
[[GH-8807](https://github.com/hashicorp/vault/pull/8807)]
* auth/userpass: Fix upgrade value for `token_bound_cidrs` being ignored due
to incorrect key provided
[[GH-8826](https://github.com/hashicorp/vault/pull/8826/files)]
* config/seal: Fix segfault when seal block is removed
[[GH-8517](https://github.com/hashicorp/vault/pull/8517)]
* core: Fix an issue where users attempting to build Vault could receive Go
module checksum errors
[[GH-8770](https://github.com/hashicorp/vault/pull/8770)]
* core: Fix blocked requests if a SIGHUP is issued during a long-running
request has the state lock held.
Also fixes deadlock that can happen if `vault debug` with the config target
is ran during this time.
[[GH-8755](https://github.com/hashicorp/vault/pull/8755)]
* core: Always rewrite the .vault-token file as part of a `vault login` to
ensure permissions and ownership are set correctly
[[GH-8867](https://github.com/hashicorp/vault/pull/8867)]
* database/mongodb: Fix context deadline error that may result due to retry
attempts on failed commands
[[GH-8863](https://github.com/hashicorp/vault/pull/8863)]
* http: Fix superflous call messages from the http package on logs caused by
missing returns after `respondError` calls
[[GH-8796](https://github.com/hashicorp/vault/pull/8796)]
* namespace (enterprise): Fix namespace listing to return `key_info` when a
scoping namespace is also provided.
* seal/gcpkms: Fix panic that could occur if all seal parameters were
provided via environment variables
[[GH-8840](https://github.com/hashicorp/vault/pull/8840)]
* storage/raft: Fix memory allocation and incorrect metadata tracking issues
with snapshots [[GH-8793](https://github.com/hashicorp/vault/pull/8793)]
* storage/raft: Fix panic that could occur if `disable_clustering` was set to
true on Raft storage cluster
[[GH-8784](https://github.com/hashicorp/vault/pull/8784)]
* storage/raft: Handle errors returned from the API during snapshot
operations [[GH-8861](https://github.com/hashicorp/vault/pull/8861)]
* sys/wrapping: Allow unwrapping of wrapping tokens which contain nil data
[[GH-8714](https://github.com/hashicorp/vault/pull/8714)]
## 1.4.0 (April 7th, 2020)
CHANGES:
* cli: The raft configuration command has been renamed to list-peers to avoid
confusion.
FEATURES:
* **Kerberos Authentication**: Vault now supports Kerberos authentication
using a SPNEGO token.
Login can be performed using the Vault CLI, API, or agent.
* **Kubernetes Service Discovery**: A new Kubernetes service discovery
feature where, if configured, Vault will tag Vault pods with their current
health status. For more, see
[#8249](https://github.com/hashicorp/vault/pull/8249).
* **MongoDB Atlas Secrets**: Vault can now generate dynamic credentials for
both MongoDB Atlas databases as well as the [Atlas programmatic
interface]
(https://docs.atlas.mongodb.com/tutorial/manage-programmatic-access/).
* **OpenLDAP Secrets Engine**: We now support password management of existing
OpenLDAP user entries. For more, see [#8360]
(https://github.com/hashicorp/vault/pull/8360/).
* **Redshift Database Secrets Engine**: The database secrets engine now
supports static and dynamic secrets for the Amazon Web Services (AWS)
Redshift service.
* **Service Registration Config**: A newly introduced `service_registration`
configuration stanza, that allows for service registration to be configured
separately from the storage backend. For more, see [#7887]
(https://github.com/hashicorp/vault/pull/7887/).
* **Transform Secrets Engine (Enterprise)**: A new secrets engine that
handles secure data transformation and tokenization against provided input
value.
* **Integrated Storage**: Promoted out of beta and into general availability
for both open-source and enterprise workloads.
IMPROVEMENTS:
* agent: add option to force the use of the auth-auth token, and ignore the
Vault token in the request
[[GH-8101](https://github.com/hashicorp/vault/pull/8101)]
* api: Restore and fix DNS SRV Lookup
[[GH-8520](https://github.com/hashicorp/vault/pull/8520)]
* audit: HMAC http_raw_body in audit log; this ensures that large
authenticated Prometheus metrics responses get replaced with short HMAC
values [[GH-8130](https://github.com/hashicorp/vault/pull/8130)]
* audit: Generate-root, generate-recovery-token, and
generate-dr-operation-token requests and responses are now
audited. [[GH-8301](https://github.com/hashicorp/vault/pull/8301)]
* auth/aws: Reduce the number of simultaneous STS client credentials needed
[[GH-8161](https://github.com/hashicorp/vault/pull/8161)]
* auth/azure: subscription ID, resource group, vm and vmss names are now
stored in alias metadata
[[GH-30](https://github.com/hashicorp/vault-plugin-auth-azure/pull/30)]
* auth/jwt: Additional OIDC callback parameters available for CLI logins
[[GH-80](https://github.com/hashicorp/vault-plugin-auth-jwt/pull/80) &
[GH-86](https://github.com/hashicorp/vault-plugin-auth-jwt/pull/86)]
* auth/jwt: Bound claims may be optionally configured using globs
[[GH-89](https://github.com/hashicorp/vault-plugin-auth-jwt/pull/89)]
* auth/jwt: Timeout during OIDC CLI login if process doesn't complete within
2 minutes
[[GH-97](https://github.com/hashicorp/vault-plugin-auth-jwt/pull/97)]
* auth/jwt: Add support for the `form_post` response mode
[[GH-98](https://github.com/hashicorp/vault-plugin-auth-jwt/pull/98)]
* auth/jwt: add optional client_nonce to authorization flow
[[GH-104](https://github.com/hashicorp/vault-plugin-auth-jwt/pull/104)]
* auth/okta: Upgrade okta sdk lib, which should improve handling of groups
[[GH-8143](https://github.com/hashicorp/vault/pull/8143)]
* aws: Add support for v2 of the instance metadata service (see [issue
7924](https://github.com/hashicorp/vault/issues/7924) for all linked PRs)
* core: Separate out service discovery interface from storage interface to allow
new types of service discovery not coupled to storage
[[GH-7887](https://github.com/hashicorp/vault/pull/7887)]
* core: Add support for telemetry option `metrics_prefix`
[[GH-8340](https://github.com/hashicorp/vault/pull/8340)]
* core: Entropy Augmentation can now be used with AWS KMS and Vault Transit
seals
* core: Allow tls_min_version to be set to TLS 1.3
[[GH-8305](https://github.com/hashicorp/vault/pull/8305)]
* cli: Incorrect TLS configuration will now correctly fail
[[GH-8025](https://github.com/hashicorp/vault/pull/8025)]
* identity: Allow specifying a custom `client_id` for identity tokens
[[GH-8165](https://github.com/hashicorp/vault/pull/8165)]
* metrics/prometheus: improve performance with high volume of metrics updates
[[GH-8507](https://github.com/hashicorp/vault/pull/8507)]
* replication (enterprise): Fix race condition causing clusters with high
throughput writes to sometimes fail to enter streaming-wal mode
* replication (enterprise): Secondary clusters can now perform an extra gRPC
call to all nodes in a primary
cluster in an attempt to resolve the active node's address
* replication (enterprise): The replication status API now outputs
`last_performance_wal`, `last_dr_wal`, and `connection_state` values
* replication (enterprise): DR secondary clusters can now be recovered by the
`replication/dr/secondary/recover` API
* replication (enterprise): We now allow for an alternate means to create a
Disaster Recovery token, by using a batch token that is created with an ACL
that allows for access to one or more of the DR endpoints.
* secrets/database/mongodb: Switched internal MongoDB driver to mongo-driver
[[GH-8140](https://github.com/hashicorp/vault/pull/8140)]
* secrets/database/mongodb: Add support for x509 client authorization to
MongoDB [[GH-8329](https://github.com/hashicorp/vault/pull/8329)]
* secrets/database/oracle: Add support for static credential rotation
[[GH-26](https://github.com/hashicorp/vault-plugin-database-oracle/pull/26)]
* secrets/consul: Add support to specify TLS options per Consul backend
[[GH-4800](https://github.com/hashicorp/vault/pull/4800)]
* secrets/gcp: Allow specifying the TTL for a service key
[[GH-54](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/54)]
* secrets/gcp: Add support for rotating root keys
[[GH-53](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/53)]
* secrets/gcp: Handle version 3 policies for Resource Manager IAM requests
[[GH-77](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/77)
* secrets/nomad: Add support to specify TLS options per Nomad backend
[[GH-8083](https://github.com/hashicorp/vault/pull/8083)]
* secrets/ssh: Allowed users can now be templated with identity information
[[GH-7548](https://github.com/hashicorp/vault/pull/7548)]
* secrets/transit: Adding RSA3072 key support
[[GH-8151](https://github.com/hashicorp/vault/pull/8151)]
* storage/consul: Vault returns now a more descriptive error message when
only a client cert or a client key has been provided
[[GH-4930]](https://github.com/hashicorp/vault/pull/8084)
* storage/raft: Nodes in the raft cluster can all be given possible leader
addresses for them to continuously try and join one of them, thus
automating the process of join to a greater extent
[[GH-7856](https://github.com/hashicorp/vault/pull/7856)]
* storage/raft: Fix a potential deadlock that could occur on leadership
transition [[GH-8547](https://github.com/hashicorp/vault/pull/8547)]
* storage/raft: Refresh TLS keyring on snapshot restore
[[GH-8546](https://github.com/hashicorp/vault/pull/8546)]
* storage/etcd: Bumped etcd client API SDK
[[GH-7931](https://github.com/hashicorp/vault/pull/7931) &
[GH-4961](https://github.com/hashicorp/vault/pull/4961) &
[GH-4349](https://github.com/hashicorp/vault/pull/4349) &
[GH-7582](https://github.com/hashicorp/vault/pull/7582)]
* ui: Make Transit Key actions more prominent
[[GH-8304](https://github.com/hashicorp/vault/pull/8304)]
* ui: Add Core Usage Metrics
[[GH-8347](https://github.com/hashicorp/vault/pull/8347)]
* ui: Add refresh Namespace list on the Namespace dropdown, and redesign of
Namespace dropdown menu
[[GH-8442](https://github.com/hashicorp/vault/pull/8442)]
* ui: Update transit actions to codeblocks & automatically encode plaintext
unless indicated [[GH-8462](https://github.com/hashicorp/vault/pull/8462)]
* ui: Display the results of transit key actions in a modal window
[[GH-8462](https://github.com/hashicorp/vault/pull/8575)]
* ui: Transit key version styling updates & ability to copy key from dropdown
[[GH-8480](https://github.com/hashicorp/vault/pull/8480)]
BUG FIXES:
* agent: Fix issue where TLS options are ignored for agent template feature
[[GH-7889](https://github.com/hashicorp/vault/pull/7889)]
* auth/jwt: Use lower case role names for `default_role` to match the `role`
case convention
[[GH-100](https://github.com/hashicorp/vault-plugin-auth-jwt/pull/100)]
* auth/ldap: Fix a bug where the UPNDOMAIN parameter was wrongly used to
lookup the group membership of the given user
[[GH-6325]](https://github.com/hashicorp/vault/pull/8333)
* cli: Support autocompletion for nested mounts
[[GH-8303](https://github.com/hashicorp/vault/pull/8303)]
* cli: Fix CLI namespace autocompletion
[[GH-8315](https://github.com/hashicorp/vault/pull/8315)]
* identity: Fix incorrect caching of identity token JWKS responses
[[GH-8412](https://github.com/hashicorp/vault/pull/8412)]
* metrics/stackdriver: Fix issue that prevents the stackdriver metrics
library to create unnecessary stackdriver descriptors
[[GH-8073](https://github.com/hashicorp/vault/pull/8073)]
* replication: Fix issue causing cubbyholes in namespaces on performance
secondaries to not work.
* replication (enterprise): Unmounting a dynamic secrets backend could
sometimes lead to replication errors. Change the order of operations to
prevent that.
* seal (enterprise): Fix seal migration when transactional seal wrap backend
is in use.
* secrets/database/influxdb: Fix potential panic if connection to the
InfluxDB database cannot be established
[[GH-8282](https://github.com/hashicorp/vault/pull/8282)]
* secrets/database/mysql: Ensures default static credential rotation
statements are used
[[GH-8240](https://github.com/hashicorp/vault/pull/8240)]
* secrets/database/mysql: Fix inconsistent query parameter names: {{name}} or
{{username}} for different queries. Now it allows for either for backwards
compatibility [[GH-8240](https://github.com/hashicorp/vault/pull/8240)]
* secrets/database/postgres: Fix inconsistent query parameter names: {{name}}
or {{username}} for different queries. Now it allows for either for
backwards compatibility
[[GH-8240](https://github.com/hashicorp/vault/pull/8240)]
* secrets/pki: Support FQDNs in DNS Name
[[GH-8288](https://github.com/hashicorp/vault/pull/8288)]
* storage/raft: Allow seal migration to be performed on Vault clusters using
raft storage [[GH-8103](https://github.com/hashicorp/vault/pull/8103)]
* telemetry: Prometheus requests on standby nodes will now return an error
instead of forwarding the request to the active node
[[GH-8280](https://github.com/hashicorp/vault/pull/8280)]
* ui: Fix broken popup menu on the transit secrets list page
[[GH-8348](https://github.com/hashicorp/vault/pull/8348)]
* ui: Update headless Chrome flag to fix `yarn run test:oss`
[[GH-8035](https://github.com/hashicorp/vault/pull/8035)]
* ui: Update CLI to accept empty strings as param value to reset
previously-set values
* ui: Fix bug where error states don't clear when moving between action tabs
on Transit [[GH-8354](https://github.com/hashicorp/vault/pull/8354)]
## 1.3.6 (May 21st, 2020)
SECURITY:
* core: proxy environment variables are now redacted before being logged, in
case the URLs include a username:password. This vulnerability,
CVE-2020-13223, is fixed in 1.3.6 and 1.4.2, but affects 1.4 and 1.4.1, as
well as older versions of Vault
[[GH-9022](https://github.com/hashicorp/vault/pull/9022)
BUG FIXES:
* auth/aws: Fix token renewal issues caused by the metadata changes in 1.3.5
[[GH-8991](https://github.com/hashicorp/vault/pull/8991)]
* replication: Fix mount filter bug that allowed replication filters to hide
local mounts on a performance secondary
## 1.3.5 (April 28th, 2020)
CHANGES:
* auth/aws: The default set of metadata fields added in 1.3.2 has been
changed to `account_id` and `auth_type`
[[GH-8783](https://github.com/hashicorp/vault/pull/8783)]
IMPROVEMENTS:
* auth/aws: The set of metadata stored during login is now configurable
[[GH-8783](https://github.com/hashicorp/vault/pull/8783)]
## 1.3.4 (March 19th, 2020)
SECURITY:
* A vulnerability was identified in Vault and Vault Enterprise such that,
under certain circumstances, an Entity's Group membership may
inadvertently include Groups the Entity no longer has permissions to. This
vulnerability, CVE-2020-10660, affects Vault and Vault Enterprise versions
0.9.0 and newer, and is fixed in 1.3.4.
[[GH-8606](https://github.com/hashicorp/vault/pull/8606)]
* A vulnerability was identified in Vault Enterprise such that, under certain
circumstances, existing nested-path policies may give access to Namespaces
created after-the-fact. This vulnerability, CVE-2020-10661, affects Vault
Enterprise versions 0.11 and newer, and is fixed in 1.3.4.
## 1.3.3 (March 5th, 2020)
BUG FIXES:
* approle: Fix excessive locking during tidy, which could potentially block
new approle logins for long enough to cause an outage
[[GH-8418](https://github.com/hashicorp/vault/pull/8418)]
* cli: Fix issue where Raft snapshots from standby nodes created an empty
backup file [[GH-8097](https://github.com/hashicorp/vault/pull/8097)]
* identity: Fix incorrect caching of identity token JWKS responses
[[GH-8412](https://github.com/hashicorp/vault/pull/8412)]
* kmip: role read now returns tls_client_ttl
* kmip: fix panic when templateattr not provided in rekey request
* secrets/database/influxdb: Fix potential panic if connection to the
InfluxDB database cannot be established
[[GH-8282](https://github.com/hashicorp/vault/pull/8282)]
* storage/mysql: Fix potential crash when using MySQL as coordination for
high availability [[GH-8300](https://github.com/hashicorp/vault/pull/8300)]
* storage/raft: Fix potential crash when using Raft as coordination for high
availability [[GH-8356](https://github.com/hashicorp/vault/pull/8356)]
* ui: Fix missing License menu item
[[GH-8230](https://github.com/hashicorp/vault/pull/8230)]
* ui: Fix bug where default auth method on login is defaulted to auth method
that is listing-visibility=unauth instead of "other"
[[GH-8218](https://github.com/hashicorp/vault/pull/8218)]
* ui: Fix bug where KMIP details were not shown in the UI Wizard
[[GH-8255](https://github.com/hashicorp/vault/pull/8255)]
* ui: Show Error messages on Auth Configuration page when you hit permission
errors [[GH-8500](https://github.com/hashicorp/vault/pull/8500)]
* ui: Remove duplicate form inputs for the GitHub config
[[GH-8519](https://github.com/hashicorp/vault/pull/8519)]
* ui: Correct HMAC capitalization
[[GH-8528](https://github.com/hashicorp/vault/pull/8528)]
* ui: Fix danger message in DR
[[GH-8555](https://github.com/hashicorp/vault/pull/8555)]
* ui: Fix certificate field for LDAP config
[[GH-8573](https://github.com/hashicorp/vault/pull/8573)]
## 1.3.2 (January 22nd, 2020)
SECURITY:
* When deleting a namespace on Vault Enterprise, in certain circumstances,
the deletion process will fail to revoke dynamic secrets for a mount in
that namespace. This will leave any dynamic secrets in remote systems
alive and will fail to clean them up. This vulnerability, CVE-2020-7220,
affects Vault Enterprise 0.11.0 and newer.
IMPROVEMENTS:
* auth/aws: Add aws metadata to identity alias
[[GH-7985](https://github.com/hashicorp/vault/pull/7985)]
* auth/kubernetes: Allow both names and namespaces to be set to "*"
[[GH-78](https://github.com/hashicorp/vault-plugin-auth-kubernetes/pull/78)]
BUG FIXES:
* auth/azure: Fix Azure compute client to use correct base URL
[[GH-8072](https://github.com/hashicorp/vault/pull/8072)]
* auth/ldap: Fix renewal of tokens without configured policies that are
generated by an LDAP login
[[GH-8072](https://github.com/hashicorp/vault/pull/8072)]
* auth/okta: Fix renewal of tokens without configured policies that are
generated by an Okta login
[[GH-8072](https://github.com/hashicorp/vault/pull/8072)]
* core: Fix seal migration error when attempting to migrate from auto unseal
to shamir [[GH-8172](https://github.com/hashicorp/vault/pull/8172)]
* core: Fix seal migration config issue when migrating from auto unseal to
auto unseal [[GH-8172](https://github.com/hashicorp/vault/pull/8172)]
* plugin: Fix issue where a plugin unwrap request potentially used an expired
token [[GH-8058](https://github.com/hashicorp/vault/pull/8058)]
* replication: Fix issue where a forwarded request from a performance/standby
node could run into a timeout
* secrets/database: Fix issue where a manual static role rotation could
potentially panic [[GH-8098](https://github.com/hashicorp/vault/pull/8098)]
* secrets/database: Fix issue where a manual root credential rotation request
is not forwarded to the primary node
[[GH-8125](https://github.com/hashicorp/vault/pull/8125)]
* secrets/database: Fix issue where a manual static role rotation request is
not forwarded to the primary node
[[GH-8126](https://github.com/hashicorp/vault/pull/8126)]
* secrets/database/mysql: Fix issue where special characters for a MySQL
password were encoded
[[GH-8040](https://github.com/hashicorp/vault/pull/8040)]
* ui: Fix deleting namespaces
[[GH-8132](https://github.com/hashicorp/vault/pull/8132)]
* ui: Fix Error handler on kv-secret edit and kv-secret view pages
[[GH-8133](https://github.com/hashicorp/vault/pull/8133)]
* ui: Fix OIDC callback to check storage
[[GH-7929](https://github.com/hashicorp/vault/pull/7929)].
* ui: Change `.box-radio` height to min-height to prevent overflow issues
[[GH-8065](https://github.com/hashicorp/vault/pull/8065)]
## 1.3.1 (December 18th, 2019)
IMPROVEMENTS:
* agent: Add ability to set `exit-after-auth` via the CLI
[[GH-7920](https://github.com/hashicorp/vault/pull/7920)]
* auth/ldap: Add a `request_timeout` configuration option to prevent
connection requests from hanging
[[GH-7909](https://github.com/hashicorp/vault/pull/7909)]
* auth/kubernetes: Add audience to tokenreview API request for Kube
deployments where issuer is not Kube.
[[GH-74](https://github.com/hashicorp/vault/pull/74)]
* secrets/ad: Add a `request_timeout` configuration option to prevent
connection requests from hanging
[[GH-59](https://github.com/hashicorp/vault-plugin-secrets-ad/pull/59)]
* storage/postgresql: Add support for setting `connection_url` from
enviornment variable `VAULT_PG_CONNECTION_URL`
[[GH-7937](https://github.com/hashicorp/vault/pull/7937)]
* telemetry: Add `enable_hostname_label` option to telemetry stanza
[[GH-7902](https://github.com/hashicorp/vault/pull/7902)]
* telemetry: Add accept header check for prometheus mime type
[[GH-7958](https://github.com/hashicorp/vault/pull/7958)]
BUG FIXES:
* agent: Fix issue where Agent exits before all templates are rendered when
using and `exit_after_auth`
[[GH-7899](https://github.com/hashicorp/vault/pull/7899)]
* auth/aws: Fixes region-related issues when using a custom `sts_endpoint` by
adding a `sts_region` parameter
[[GH-7922](https://github.com/hashicorp/vault/pull/7922)]
* auth/token: Fix panic when getting batch tokens on a performance standby
from a role that does not exist
[[GH-8027](https://github.com/hashicorp/vault/pull/8027)]
* core: Improve warning message for lease TTLs
[[GH-7901](https://github.com/hashicorp/vault/pull/7901)]
* identity: Fix identity token panic during invalidation
[[GH-8043](https://github.com/hashicorp/vault/pull/8043)]
* plugin: Fix a panic that could occur if a mount/auth entry was unable to
mount the plugin backend and a request that required the system view to be
retrieved was made
[[GH-7991](https://github.com/hashicorp/vault/pull/7991)]
* replication: Add `generate-public-key` endpoint to list of allowed
endpoints for existing DR secondaries
* secrets/gcp: Fix panic if bindings aren't provided in roleset
create/update.
[[GH-56](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/56)]
* secrets/pki: Prevent generating certificate on performance standby when
storing
[[GH-7904](https://github.com/hashicorp/vault/pull/7904)]
* secrets/transit: Prevent restoring keys to new names that are sub paths
[[GH-7998](https://github.com/hashicorp/vault/pull/7998)]
* storage/s3: Fix a bug in configurable S3 paths that was preventing use of
S3 as a source during `operator migrate` operations
[[GH-7966](https://github.com/hashicorp/vault/pull/7966)]
* ui: Ensure secrets with a period in their key can be viewed and copied
[[GH-7926](https://github.com/hashicorp/vault/pull/7926)]
* ui: Fix status menu after demotion
[[GH-7997](https://github.com/hashicorp/vault/pull/7997)]
* ui: Fix select dropdowns in Safari when running Mojave
[[GH-8023](https://github.com/hashicorp/vault/pull/8023)]
## 1.3 (November 14th, 2019)
CHANGES:
* Secondary cluster activation: There has been a change to the way that
activating performance and DR secondary clusters works when using public
keys for encryption of the parameters rather than a wrapping token. This
flow was experimental and never documented. It is now officially supported
and documented but is not backwards compatible with older Vault releases.
* Cluster cipher suites: On its cluster port, Vault will no longer advertise
the full TLS 1.2 cipher suite list by default. Although this port is only
used for Vault-to-Vault communication and would always pick a strong
cipher, it could cause false flags on port scanners and other security
utilities that assumed insecure ciphers were being used. The previous
behavior can be achieved by setting the value of the (undocumented)
`cluster_cipher_suites` config flag to `tls12`.
* API/Agent Renewal behavior: The API now allows multiple options for how it
deals with renewals. The legacy behavior in the Agent/API is for the renewer
(now called the lifetime watcher) to exit on a renew error, leading to a
reauthentication. The new default behavior is for the lifetime watcher to
ignore 5XX errors and simply retry as scheduled, using the existing lease
duration. It is also possible, within custom code, to disable renewals
entirely, which allows the lifetime watcher to simply return when it
believes it is time for your code to renew or reauthenticate.
FEATURES:
* **Vault Debug**: A new top-level subcommand, `debug`, is added that allows
operators to retrieve debugging information related to a particular Vault
node. Operators can use this simple workflow to capture triaging
information, which can then be consumed programmatically or by support and
engineering teams. It has the abilitity to probe for config, host,
metrics, pprof, server status, and replication status.
* **Recovery Mode**: Vault server can be brought up in recovery mode to
resolve outages caused due to data store being in bad state. This is a
privileged mode that allows `sys/raw` API calls to perform surgical
corrections to the data tore. Bad storage state can be caused by
bugs. However, this is usually observed when known (and fixed) bugs are
hit by older versions of Vault.
* **Entropy Augmentation (Enterprise)**: Vault now supports sourcing entropy
from external source for critical security parameters. Currently an HSM
that supports PKCS#11 is the only supported source.
* **Active Directory Secret Check-In/Check-Out**: In the Active Directory
secrets engine, users or applications can check out a service account for
use, and its password will be rotated when it's checked back in.
* **Vault Agent Template**: Vault Agent now supports rendering templates
containing Vault secrets to disk, similar to Consul Template
[[GH-7652](https://github.com/hashicorp/vault/pull/7652)]
* **Transit Key Type Support**: Signing and verification is now supported
with the P-384 (secp384r1) and P-521 (secp521r1) ECDSA curves
[[GH-7551](https://github.com/hashicorp/vault/pull/7551)] and encryption
and decryption is now supported via AES128-GCM96
[[GH-7555](https://github.com/hashicorp/vault/pull/7555)]
* **SSRF Protection for Vault Agent**: Vault Agent has a configuration
option to require a specific header before allowing requests
[[GH-7627](https://github.com/hashicorp/vault/pull/7627)]
* **AWS Auth Method Root Rotation**: The credential used by the AWS auth
method can now be rotated, to ensure that only Vault knows the credentials
it is using [[GH-7131](https://github.com/hashicorp/vault/pull/7131)]
* **New UI Features**: The UI now supports managing users and groups for the
Userpass, Cert, Okta, and Radius auth methods.
* **Shamir with Stored Master Key**: The on disk format for Shamir seals has
changed, allowing for a secondary cluster using Shamir downstream from a
primary cluster using Auto
Unseal. [[GH-7694](https://github.com/hashicorp/vault/pull/7694)]
* **Stackdriver Metrics Sink**: Vault can now send metrics to
[Stackdriver](https://cloud.google.com/stackdriver/). See the
[configuration
documentation](https://www.vaultproject.io/docs/config/index.html) for
details. [[GH-6957](https://github.com/hashicorp/vault/pull/6957)]
* **Filtered Paths Replication (Enterprise)**: Based on the predecessor
Filtered Mount Replication, Filtered Paths Replication allows now
filtering of namespaces in addition to mounts.
* **Token Renewal via Accessor**: Tokens can now be renewed via the accessor
value through the new `auth/token/renew-accessor` endpoint if the caller's
token has permission to access that endpoint.
* **Improved Integrated Storage (Beta)**: Improved raft write performance,
added support for non-voter nodes, along with UI support for: using raft
storage, joining a raft cluster, and downloading and restoring a
snapshot.
IMPROVEMENTS:
* agent: Add ability to set the TLS SNI name used by Agent
[[GH-7519](https://github.com/hashicorp/vault/pull/7519)]
* agent & api: Change default renewer behavior to ignore 5XX errors
[[GH-7733](https://github.com/hashicorp/vault/pull/7733)]
* auth/jwt: The redirect callback host may now be specified for CLI logins
[[GH-71](https://github.com/hashicorp/vault-plugin-auth-jwt/pull/71)]
* auth/jwt: Bound claims may now contain boolean values
[[GH-73](https://github.com/hashicorp/vault-plugin-auth-jwt/pull/73)]
* auth/jwt: CLI logins can now open the browser when running in WSL
[[GH-77](https://github.com/hashicorp/vault-plugin-auth-jwt/pull/77)]
* core: Exit ScanView if context has been cancelled
[[GH-7419](https://github.com/hashicorp/vault/pull/7419)]
* core: re-encrypt barrier and recovery keys if the unseal key is updated
[[GH-7493](https://github.com/hashicorp/vault/pull/7493)]
* core: Don't advertise the full set of TLS 1.2 cipher suites on the cluster
port, even though only strong ciphers were used
[[GH-7487](https://github.com/hashicorp/vault/pull/7487)]
* core (enterprise): Add background seal re-wrap
* core/metrics: Add config parameter to allow unauthenticated sys/metrics
access. [[GH-7550](https://github.com/hashicorp/vault/pull/7550)]
* metrics: Upgrade DataDog library to improve performance
[[GH-7794](https://github.com/hashicorp/vault/pull/7794)]
* replication (enterprise): Write-Ahead-Log entries will not duplicate the
data belonging to the encompassing physical entries of the transaction,
thereby improving the performance and storage capacity.
* replication (enterprise): Added more replication metrics
* replication (enterprise): Reindex process now compares subpages for a more
accurate indexing process.
* replication (enterprise): Reindex API now accepts a new `skip_flush`
parameter indicating all the changes should not be flushed while the tree
is locked.
* secrets/aws: The root config can now be read
[[GH-7245](https://github.com/hashicorp/vault/pull/7245)]
* secrets/database/cassandra: Add ability to skip verfication of connection
[[GH-7614](https://github.com/hashicorp/vault/pull/7614)]
* secrets/gcp: Fix panic during rollback if the roleset has been deleted
[[GH-52](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/52)]
* storage/azure: Add config parameter to Azure storage backend to allow
specifying the ARM endpoint
[[GH-7567](https://github.com/hashicorp/vault/pull/7567)]
* storage/cassandra: Improve storage efficiency by eliminating unnecessary
copies of value data
[[GH-7199](https://github.com/hashicorp/vault/pull/7199)]
* storage/raft: Improve raft write performance by utilizing FSM Batching
[[GH-7527](https://github.com/hashicorp/vault/pull/7527)]
* storage/raft: Add support for non-voter nodes
[[GH-7634](https://github.com/hashicorp/vault/pull/7634)]
* sys: Add a new `sys/host-info` endpoint for querying information about
the host [[GH-7330](https://github.com/hashicorp/vault/pull/7330)]
* sys: Add a new set of endpoints under `sys/pprof/` that allows profiling
information to be extracted
[[GH-7473](https://github.com/hashicorp/vault/pull/7473)]
* sys: Add endpoint that counts the total number of active identity entities
[[GH-7541](https://github.com/hashicorp/vault/pull/7541)]
* sys: `sys/seal-status` now has a `storage_type` field denoting what type
of storage the cluster is configured to use
* sys: Add a new `sys/internal/counters/tokens` endpoint, that counts the
total number of active service token accessors in the shared token
storage.
[[GH-7541](https://github.com/hashicorp/vault/pull/7541)]
* sys/config: Add a new endpoint under `sys/config/state/sanitized` that
returns the configuration state of the server. It excludes config values
from `storage`, `ha_storage`, and `seal` stanzas and some values
from `telemetry` due to potential sensitive entries in those fields.
* ui: when using raft storage, you can now join a raft cluster, download a
snapshot, and restore a snapshot from the UI
[[GH-7410](https://github.com/hashicorp/vault/pull/7410)]
* ui: clarify when secret version is deleted in the secret version history
dropdown [[GH-7714](https://github.com/hashicorp/vault/pull/7714)]
BUG FIXES:
* agent: Fix a data race on the token value for inmemsink
[[GH-7707](https://github.com/hashicorp/vault/pull/7707)]
* api: Fix Go API using lease revocation via URL instead of body
[[GH-7777](https://github.com/hashicorp/vault/pull/7777)]
* api: Allow setting a function to control retry behavior
[[GH-7331](https://github.com/hashicorp/vault/pull/7331)]
* auth/gcp: Fix a bug where region information in instance groups names could
cause an authorization attempt to fail
[[GH-74](https://github.com/hashicorp/vault-plugin-auth-gcp/pull/74)]
* cli: Fix a bug where a token of an unknown format (e.g. in ~/.vault-token)
could cause confusing error messages during `vault login`
[[GH-7508](https://github.com/hashicorp/vault/pull/7508)]
* cli: Fix a bug where the `namespace list` command with JSON formatting
always returned an empty object
[[GH-7705](https://github.com/hashicorp/vault/pull/7705)]
* cli: Command timeouts are now always specified solely by the
`VAULT_CLIENT_TIMEOUT`
value. [[GH-7469](https://github.com/hashicorp/vault/pull/7469)]
* core: Don't allow registering a non-root zero TTL token lease. This is
purely defense in depth as the lease would be revoked immediately anyways,
but there's no real reason to allow registration.
[[GH-7524](https://github.com/hashicorp/vault/pull/7524)]
* identity (enterprise): Fixed identity case sensitive loading in secondary
cluster [[GH-7327](https://github.com/hashicorp/vault/pull/7327)]
* identity: Ensure only replication primary stores the identity case
sensitivity state
[[GH-7820](https://github.com/hashicorp/vault/pull/7820)]
* raft: Fixed VAULT_CLUSTER_ADDR env being ignored at startup
[[GH-7619](https://github.com/hashicorp/vault/pull/7619)]
* secrets/pki: Don't allow duplicate SAN names in issued certs
[[GH-7605](https://github.com/hashicorp/vault/pull/7605)]
* sys/health: Pay attention to the values provided for `standbyok` and
`perfstandbyok` rather than simply using their presence as a key to flip on
that behavior [[GH-7323](https://github.com/hashicorp/vault/pull/7323)]
* ui: using the `wrapped_token` query param will work with `redirect_to` and
will automatically log in as intended
[[GH-7398](https://github.com/hashicorp/vault/pull/7398)]
* ui: fix an error when initializing from the UI using PGP keys
[[GH-7542](https://github.com/hashicorp/vault/pull/7542)]
* ui: show all active kv v2 secret versions even when `delete_version_after`
is configured [[GH-7685](https://github.com/hashicorp/vault/pull/7685)]
* ui: Ensure that items in the top navigation link to pages that users have
access to [[GH-7590](https://github.com/hashicorp/vault/pull/7590)]
## 1.2.4 (November 7th, 2019)
SECURITY:
* In a non-root namespace, revocation of a token scoped to a non-root
namespace did not trigger the expected revocation of dynamic secret leases
associated with that token. As a result, dynamic secret leases in non-root
namespaces may outlive the token that created them. This vulnerability,
CVE-2019-18616, affects Vault Enterprise 0.11.0 and newer.
* Disaster Recovery secondary clusters did not delete already-replicated data
after a mount filter has been created on an upstream Performance secondary
cluster. As a result, encrypted secrets may remain replicated on a Disaster
Recovery secondary cluster after application of a mount filter excluding
those secrets from replication. This vulnerability, CVE-2019-18617, affects
Vault Enterprise 0.8 and newer.
* Update version of Go to 1.12.12 to fix Go bug golang.org/issue/34960 which
corresponds to CVE-2019-17596.
CHANGES:
* auth/aws: If a custom `sts_endpoint` is configured, Vault Agent and the
CLI should provide the corresponding region via the `region` parameter
(which already existed as a CLI parameter, and has now been added to
Agent). The automatic region detection added to the CLI and Agent in 1.2
has been removed.
IMPROVEMENTS:
* cli: Ignore existing token during CLI login
[[GH-7508](https://github.com/hashicorp/vault/pull/7508)]
* core: Log proxy settings from environment on startup
[[GH-7528](https://github.com/hashicorp/vault/pull/7528)]
* core: Cache whether we've been initialized to reduce load on storage
[[GH-7549](https://github.com/hashicorp/vault/pull/7549)]
BUG FIXES:
* agent: Fix handling of gzipped responses
[[GH-7470](https://github.com/hashicorp/vault/pull/7470)]
* cli: Fix panic when pgp keys list is empty
[[GH-7546](https://github.com/hashicorp/vault/pull/7546)]
* cli: Command timeouts are now always specified solely by the
`VAULT_CLIENT_TIMEOUT`
value. [[GH-7469](https://github.com/hashicorp/vault/pull/7469)]
* core: add hook for initializing seals for migration
[[GH-7666](https://github.com/hashicorp/vault/pull/7666)]
* core (enterprise): Migrating from one auto unseal method to another never
worked on enterprise, now it does.
* identity: Add required field `response_types_supported` to identity token
`.well-known/openid-configuration` response
[[GH-7533](https://github.com/hashicorp/vault/pull/7533)]
* identity: Fixed nil pointer panic when merging entities
[[GH-7712](https://github.com/hashicorp/vault/pull/7712)]
* replication (Enterprise): Fix issue causing performance standbys nodes
disconnecting when under high loads.
* secrets/azure: Fix panic that could occur if client retries timeout
[[GH-7793](https://github.com/hashicorp/vault/pull/7793)]
* secrets/database: Fix bug in combined DB secrets engine that can result in
writes to static-roles endpoints timing out
[[GH-7518](https://github.com/hashicorp/vault/pull/7518)]
* secrets/pki: Improve tidy to continue when value is nil
[[GH-7589](https://github.com/hashicorp/vault/pull/7589)]
* ui (Enterprise): Allow kv v2 secrets that are gated by Control Groups to
be viewed in the UI
[[GH-7504](https://github.com/hashicorp/vault/pull/7504)]
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Sep 20, 2020
CHANGES IN mime VERSION 0.9 MINOR CHANGES o Added the MIME type for .jsonp files (thanks, @clabornd, #11). CHANGES IN mime VERSION 0.8 MINOR CHANGES o Added the MIME type for .scss files (thanks, @cpsievert, #10).
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Nov 15, 2020
Upstream changes: === Version 1.001 (2020-11-05) lib/PDF/Table.pm fix edge case where no borders led to no rules [GH 55]. t/manifest.t, t/pod.t Make author-only (AUTHOR_TESTING=1). ref [GH 61] lib/PDF/Table.pm, t/pod.t POD change =head5 to =head4, to look better and stop older POD checkers from complaining (in t/pod.t). Also minimum Test::Pod version 1.52 (was 1.00). ref [GH 61]. examples/sample1.pl, t/lib/TestData.pm, INFO/Deprecated, lib/PDF/Table.pm Replace deprecated setting names by current names in the POD, examples, and t-tests. After November 2022, settings names (args) with a leading dash (hyphen) will no longer be permitted. === Version 1.000 (2020-11-03) INFO/Deprecated, INFO/Table.html, lib/PDF/Table.pm Final cleanup of POD and generation of HTML documentation, and listing of all deprecated setting names. t/lib/PDFAPI2Mock.pm add linedash dummy call so t tests can run. lib/PDF/Table.pm, MANIFEST, examples/border_rules.pl, util/3_examples.pl Old "borders" was vertical and horizontal rules PLUS outside rules (frame). Separate into "borders" (outside) and "rules" (inside). Add border_rules.pl example to illustrate. examples/chess.pl with DejaVu-Sans, can use chess piece images .github/worksflows/test.yml, README.md minor fixes in README to make lint run happily, stop checking Table.html. examples/*.pl Allow -A or -B on the command line (case insensitive) to override PDFpref file (if any) setting. This speeds up testing for PDF::API2 vs PDF::Builder (default). lib/PDF/Table.pm, INFO/Deprecated, INFO/Table.html, MANIFEST, examples/chess.pl, t/PDF-Table.t, t/lib/PDFAPI2Mock.pm, util/3_examples.pl Clean up handling of minimum and maximum cell widths (min_w and max_w). Clean up handling of background and foreground colors. Add chess.pl example to show off color handling. Update t-tests for slight coordinate changes. Add row_props (row properties) similar to column_props, to set things on a per-row basis. If the table spills over to a new page, and next_y and/or next_h was NOT given, issue a warning and for a default use 90% of the media height for next_y and 80% for next_h (ref ticket #11). This should be better than using the (start_)y and (start_)h values for the table. Add new, more consistent aliases for a number of settings (ref ticket #13). The old setting names are still available for at least TWO YEARS, after which, they will be REMOVED. Over the next two years you should update your code to use the new setting names. The settings involved are: 'start_y' is now 'y' 'start_h' is now 'h' 'row_height' is now 'min_rh' 'background_color' is now 'bg_color' 'background_color_odd' is now 'bg_color_odd' 'background_color_even' is now 'bg_color_even' 'font_color' is now 'fg_color' 'font_color_odd' is now 'fg_color_odd' 'font_color_even' is now 'fg_color_even' 'font_underline' is now 'underline' 'lead' is now 'leading' These are listed in INFO/Deprecated. In the near future, the examples and t-tests will be updated to use the new setting names. Ship with Table.html (documentation) in INFO/. Update MANIFEST. Remove 010_fonts.pl from the util/3_examples.pl list. I'm still not sure why it should be in the examples -- basically, it shows that UTF-8 doesn't work with core fonts, but that's already a documented limitation (in PDF::Builder). 010_fonts.pl is still in the examples/ directory, if anyone wants to play with it. Add INFO/Deprecated to list names and interfaces scheduled to be removed in the future (at least 2 years). MANIFEST updated. Split out older Changes list into INFO/Changes_2019. MANIFEST updated. Increase default cell padding to 2pt. See documentation "COMPATIBILITY" for how to get the old behavior (0pt padding). t/Basics.t, t/Colspan.t, t/PDF-Table.t expected write locations updated. examples/colspan.pl and examples/header.pl were widened slightly to accommodate the padding. Make "odd/even" row consistent with or without a header (repeated or not), particularly when a table is split across pages, and when a row itself is split in such a case. See documentation "COMPATIBILITY" for how to get the old behavior. Header 'repeat' default changed from 0 (no) to 1 (yes), as most of the time a user will want to repeat any header on each new page. Suppress repeating a header with a value of 0. See documentation "COMPATIBILITY" for how to get the old behavior. Currently, PDF::Table is shipped to use the new behaviors, with as much compatibility as possible with existing code (see $compat_mode in Table.pm). Unless you have need to use the old behaviors for existing code, we suggest that you leave $compat_mode as 0, use the 'compatibility' setting, or individually set the flags, to make use of the new behaviors. Also use the new settings names, unless there is a need for compatibility in existing code. Eventually, use of the old names will produce warnings, and later, error messages, but the old behaviors should be available for a long time. You should examine your existing code and plan to update it over time. Initialize %arg entries (defaults) so no uninitialized errors. #57 reported by Larry Leszczynski (larryl) for text_block() along with PR. Minor build process cleanup Minor spelling and typo fixes in POD and examples
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Dec 3, 2020
* Version 3.7.0 (released 2020-12-02) ** libgnutls: Depend on nettle 3.6 (!1322). ** libgnutls: Added a new API that provides a callback function to retrieve missing certificates from incomplete certificate chains (#202, #968, #1100). ** libgnutls: Added a new API that provides a callback function to output the complete path to the trusted root during certificate chain verification (#1012). ** libgnutls: OIDs exposed as gnutls_datum_t no longer account for the terminating null bytes, while the data field is null terminated. The affected API functions are: gnutls_ocsp_req_get_extension, gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension (#805). ** libgnutls: Added a new set of API to enable QUIC implementation (#826, #849, #850). ** libgnutls: The crypto implementation override APIs deprecated in 3.6.9 are now no-op (#790). ** libgnutls: Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support (!1161). ** libgnutls: Support for padlock has been fixed to make it work with Zhaoxin CPU (#1079). ** libgnutls: The maximum PIN length for PKCS #11 has been increased from 31 bytes to 255 bytes (#932). ** API and ABI modifications: gnutls_x509_trust_list_set_getissuer_function: Added gnutls_x509_trust_list_get_ptr: Added gnutls_x509_trust_list_set_ptr: Added gnutls_session_set_verify_output_function: Added gnutls_record_encryption_level_t: New enum gnutls_handshake_read_func: New callback type gnutls_handshake_set_read_function: New function gnutls_handshake_write: New function gnutls_handshake_secret_func: New callback type gnutls_handshake_set_secret_function: New function gnutls_alert_read_func: New callback type gnutls_alert_set_read_function: New function gnutls_crypto_register_cipher: Deprecated; no-op gnutls_crypto_register_aead_cipher: Deprecated; no-op gnutls_crypto_register_mac: Deprecated; no-op gnutls_crypto_register_digest: Deprecated; no-op
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Dec 28, 2020
Changes since v4.5.0:
wolfSSL Release 4.6.0 (December 22, 2020)
Release 4.6.0 of wolfSSL embedded TLS has bug fixes and new features including:
New Feature Additions
New Build Options
* wolfSSL now enables linux kernel module support. Big news for Linux kernel
module developers with crypto requirements! wolfCrypt and wolfSSL are now
loadable as modules in the Linux kernel, providing the entire libwolfssl
API natively to other kernel modules. For the first time on Linux, the
entire TLS protocol stack can be loaded as a module, allowing fully
kernel-resident TLS/DTLS endpoints with in-kernel handshaking.
(--enable-linuxkm, --enable-linuxkm-defaults, --with-linux-source)
(https://www.wolfssl.com/loading-wolfssl-into-the-linux-kernel/)
* Build tests and updated instructions for use with Apple’s A12Z chipset
(https://www.wolfssl.com/preliminary-cryptographic-benchmarks-on-new-apple-a12z-bionic-platform/)
* Expansion of wolfSSL SP math implementation and addition of
--enable-sp-math-all build option
* Apache httpd w/TLS 1.3 support added
* Sniffer support for TLS 1.3 and AES CCM
* Support small memory footprint build with only TLS 1.3 and PSK without
code for (EC)DHE and certificates
New Hardware Acceleration
* Added support for NXP DCP (i.MX RT1060/1062) crypto co-processor
* Add Silicon Labs hardware acceleration using SL SE Manager
New Algorithms
* RC2 ECB/CBC added for use with PKCS#12 bundles
* XChaCha and the XChaCha20-Poly1305 AEAD algorithm support added
Misc
* Added support for 802.11Q VLAN frames to sniffer
* Added OCSP function wolfSSL_get_ocsp_producedDate
* Added API to set CPU ID flags cpuid_select_flags, cpuid_set_flag,
cpuid_clear_flag
* New DTLS/TLS non-blocking Secure Renegotiation example added to server.c
and client.c
Fixes
Math Library
* Fix mp_to_unsigned_bin_len out of bounds read with buffers longer than
maximum MP
* Fix for fp_read_radix_16 out of bounds read
* Fix to add wrapper for new timing resistant wc_ecc_mulmod_ex2 function
version in HW ECC acceleration
* Handle an edge case with RSA-PSS encoding message to hash
Compatibility Layer Fixes
* Fix for setting serial number wolfSSL_X509_set_serialNumber
* Fix for setting ASN1 time not before / not after with WOLFSSL_X509
* Fix for order of components in issuer name when using X509_sign
* Fix for compatibility layer API DH_compute_key
* EVP fix incorrect block size for GCM and buffer up AAD for
encryption/decryption
* EVP fix for AES-XTS key length return value and fix for string compare
calls
* Fix for mutex freeing during RNG failure case with EVP_KEY creation
* Non blocking use with compatibility layer BIOs in TLS connections
Build Configuration
* Fix for custom build with WOLFSSL_USER_MALLOC defined
* ED448 compiler warning on Intel 32bit systems
* CURVE448_SMALL build fix for 32bit systems with Curve448
* Fix to build SP math with IAR
* CMake fix to only set ranlib arguments for Mac, and for stray typo of
, -> ;
* Build with --enable-wpas=small fix
* Fix for building fips ready using openssl extra
* Fixes for building with Microchip (min/max and undef SHA_BLOCK_SIZE)
* FIx for NO_FILESYSTEM build on Windows
* Fixed SHA256 support for IMX-RT1060
* Fix for ECC key gen with NO_TFM_64BIT
Sniffer
* Fixes for sniffer when using static ECC keys. Adds back TLS v1.2 static
ECC key fallback detection and fixes new ECC RNG requirement for timing
resistance
* Fix for sniffer with SNI enabled to properly handle WOLFSSL_SUCCESS error
code in ProcessClientHello
* Fix for sniffer using HAVE_MAX_FRAGMENT in "certificate" type message
* Fix build error with unused "ret" when building with WOLFSSL_SNIFFER_WATCH.
* Fix to not treat cert/key not found as error in myWatchCb and
WOLFSSL_SNIFFER_WATCH.
* Sniffer fixes for handling TCP out-of-range sequence number
* Fixes SSLv3 use of ECDH in sniffer
PKCS
* PKCS#11 fix to generate ECC key for decrypt/sign or derive
* Fix for resetting internal variables when parsing a malformed PKCS#7
bundle with PKCS7_VerifySignedData()
* Verify the extracted public key in wc_PKCS7_InitWithCert
* Fix for internal buffer size when using decompression with PKCS#7
Misc
* Pin the C# verify callback function to keep from garbage collection
* DH fixes for when public key is owned and free’d after a handshake
* Fix for TLS 1.3 early data packets
* Fix for STM32 issue with some Cube HAL versions and STM32 example timeout
* Fix mmCAU and LTC hardware mutex locking to prevent double lock
* Fix potential race condition with CRL monitor
* Fix for possible malformed encrypted key with 3DES causing negative length
* AES-CTR performance fixed with AES-NI
Improvements/Optimizations
SP and Math
* mp_radix_size adjustment for leading 0
* Resolve implicit cast warnings with SP build
* Change mp_sqr to return an error if the result won't fit into the fixed
length dp
* ARM64 assembly with clang improvements, clang doesn't always handle use of
x29 (FP or Frame Pointer) in inline assembly code correctly - reworked
sp_2048_sqr_8 to not use x29
* SP mod exp changed to support exponents of different lengths
* TFM div: fix initial value of size in q so clamping doesn't OOB read
* Numerous stack depth improvements with --enable-smallstack
* Improve cache resistance with Base64 operations
TLS 1.3
* TLS 1.3 wolfSSL_peek want read return addition
* TLS 1.3: Fix P-521 algorithm matching
PKCS
* Improvements and refactoring to PKCS#11 key look up
* PKCS #11 changes for signing and loading RSA public key from private
* check PKCS#7 SignedData private key is valid before using it
* check PKCS#7 VerifySignedData content length against total bundle size
to avoid large malloc
Compatibility Layer
* EVP add block size for more ciphers in wolfSSL_EVP_CIPHER_block_size()
* Return long names instead of short names in wolfSSL_OBJ_obj2txt()
* Add additional OpenSSL compatibility functions to update the version of
Apache httpd supported
* add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
Builds
* Cortex-M SP ASM support for IAR 6.70
* STM Cube pack support (IDE/STM32Cube)
* Build option --enable-aesgcm=4bit added for AES-GCM GMULT using 4 bit
table
* Xilinx IDE updates to allow XTIME override for Xilinx, spelling fixes in
Xilinx README.md, and add Xilinx SDK printf support
* Added ED448 to the "all" options and ED448 check key null argument sanity
check
* Added ARC4, 3DES, nullcipher, BLAKE2, BLAKE2s, XChaCha, MD2, and MD4 to
the “all” options
* Added an --enable-all-crypto option, to enable only the wolfCrypt features
of --enable-all, combinable with --enable-cryptonly
* Added the ability to selectively remove features from --enable-all and
--enable-all-crypto using specific --disable- options
* Use Intel intrinsics with Windows for RDSEED and RDRAND
(thanks to dr-m from MariaDB)
* Add option to build with WOLFSSL_NO_CLIENT_AUTH
* Updated build requirements for wolfSSH use to be less restrictive
* lighttpd support update for v1.4.56
* Added batch file to copy files to ESP-IDF folders and resolved warnings
when using v4.0 ESP-IDF
* Added --enable-stacksize=verbose, showing at a glance the stack high water
mark for each subtest in testwolfcrypt
ECC
* Performance increase for ECC verify only, using non constant time SP modinv
* During ECC verify add validation of r and s before any use
* Always use safe add and dbl with ECC
* Timing resistant scalar multiplication updated with use of Joye double-add
ladder
* Update mp_jacobi function to reduce stack and increase performance for
base ECC build
* Reduce heap memory use with wc_EccPrivateKeyDecode, Improvement to
ECC wc_ecc_sig_to_rs and wc_ecc_rs_raw_to_sig to reduce memory use (avoid the mp_int)
* Improve StoreECC_DSA_Sig bounds checking
OCSP
* OCSP improvement to handle extensions in singleResponse
* support for OCSP request/response for multiple certificates
* OCSP Must Staple option added to require OCSP stapling response
* Add support for id-pkix-ocsp-nocheck extension
Misc
* Additional code coverage added for ECC and RSA, PKCS#7, 3DES, EVP and
Blake2b operations
* DTLS MTU: check MTU on write
* Refactor hash sig selection and add the macros WOLFSSL_STRONGEST_HASH_SIG
(picks the strongest hash) and WOLFSSL_ECDSA_MATCH_HASH (will pick the
hash to match the ECC curve)
* Strict certificate version allowed from client, TLS 1.2 / 1.3 can not
accept client certificates lower than version 3
* wolfSSL_get_ciphers_compat(), skip the fake indicator ciphers like the
renegotiation indication and the quantum-safe hybrid
* When parsing session ticket, check TLS version to see whether they are
version compatible
* Additional sanity check for invalid ASN1 padding on integer type
* Adding in ChaCha20 streaming feature with Mac and Intel assembly build
* Sniffer build with --enable-oldtls option on
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jan 4, 2021
Change to the OpenPrinting fork of apple/cups, e.g., that fork already contains - dnssd patch patch-config-scripts_cups-dnssd.m4 - freebsd patch patch-cups_getifaddrs-internal.h - libtool patch patch-af apple/cups#4947 was fixed in both. Changes in CUPS v2.3.3op1 ------------------------- - The automated test suite can now be activated using `make test` for consistency with other projects and CI environments - the old `make check` continues to work as well, and the previous test server behavior can be accessed by running `make testserver`. - ippeveprinter now supports multiple icons and strings files. - ippeveprinter now uses the system's FQDN with Avahi. - ippeveprinter now supports Get-Printer-Attributes on "/". - ippeveprinter now uses a deterministic "printer-uuid" value. - ippeveprinter now uses system sounds on macOS for Identify-Printer. - Updated ippfind to look for files in "~/Desktop" on Windows. - Updated ippfind to honor `SKIP-XXX` directives with `PAUSE`. - Updated IPP Everywhere support to work around printers that only advertise color raster support but really also support grayscale (Issue #1) - ipptool now supports DNS-SD URIs like `ipps://My%20Printer._ipps._tcp.local` (Issue #5) - The scheduler now allows root backends to have world read permissions but not world execute permissions (Issue #21) - Failures to bind IPv6 listener sockets no longer cause errors if IPv6 is disabled on the host (Issue #25) - The SNMP backend now supports the HP and Ricoh vendor MIBs (Issue #28) - The scheduler no longer includes a timestamp in files it writes (Issue #29) - The systemd service names are now "cups.service" and "cups-lpd.service" (Issue #30, Issue #31) - The scheduler no longer adds the local hostname to the ServerAlias list (Issue #32) - Added `LogFileGroup` directive in "cups-files.conf" to control the group owner of log files (Issue #34) - Added `--with-max-log-size` configure option (Issue #35) - Added `--enable-sync-on-close` configure option (Issue #37) - Added `--with-error-policy` configure option (Issue #38) - IPP Everywhere PPDs could have an "unknown" default InputSlot (Issue #44) - The `httpAddrListen` function now uses a listen backlog of 128. - Added USB quirks (Apple issue #5789, #5823, #5831) - Fixed IPP Everywhere v1.1 conformance issues in ippeveprinter. - Fixed DNS-SD name collision support in ippeveprinter. - Fixed compiler and code analyzer warnings. - Fixed TLS support on Windows. - Fixed ippfind sub-type searches with Avahi. - Fixed the default hostname used by ippeveprinter on macOS. - Fixed resolution of local IPP-USB printers with Avahi. - Fixed coverity issues (Issue #2) - Fixed `httpAddrConnect` issues (Issue #3) - Fixed web interface device URI issue (Issue #4) - Fixed lp/lpr "printer/class not found" error reporting (Issue #6) - Fixed xinetd support for LPD clients (Issue #7) - Fixed libtool build issue (Issue #11) - Fixed a memory leak in the scheduler (Issue #12) - Fixed a potential integer overflow in the PPD hashing code (Issue #13) - Fixed output-bin and print-quality handling issues (Issue #18) - Fixed PPD options getting mapped to odd IPP values like "tray---4" (Issue #23) - Fixed remote access to the cupsd.conf and log files (Issue #24) - Fixed the automated test suite when running in certain build/CI environments (Issue #25) - Fixed a logging regression caused by a previous change for Apple issue #5604 (Issue #25) - Fixed fax phone number handling with GNOME (Issue #40) - Fixed potential rounding error in rastertopwg filter (Issue #41) - Fixed the "uri-security-supported" value from the scheduler (Issue #42) - Fixed IPP backend crash bug with "printer-alert" values (Issue #43) - Removed old Solaris inetconv(1m) reference in cups-lpd man page (Issue #46) - Fixed default options that incorrectly use the "custom" prefix (Issue #48) - Fixed a memory leak when resolving DNS-SD URIs (Issue #49) - Fixed systemd status reporting by adopting the notify interface (Issue #51) - Fixed crash in rastertopwg (Apple issue #5773) - Fixed cupsManualCopies values in IPP Everywhere PPDs (Apple issue #5807)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jan 10, 2021
Mon Sep 28, 2020 - v1.1.0 - Add non-value option support. Resolves Issue #11
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jan 29, 2021
@thep thep released this Jan 29, 2021 Fix wrong key listing in byte trie (Issue #9, Thanks @legale for the report.) Fix cross-compiling issue caused by AC_FUNC_MALLOC (Issue #11, Thanks @vmchale for the report.) Fix isspace() arg problem on NetBSD. (Personal mail, Thanks Sean for the report; PR #8, Thanks @obache for an individual pull request.) Fix some documentations. Really use TRIE_CHAR_TERM in TrieChar string termination. Changing TRIE_CHAR_TERM definition now won't break the code. Fix Windows build issue by avoiding <unistd.h> include. (Partially addressing PR #15, Thanks @fanc999 for first raising this.) [New APIs] Add serialization of the trie into memory buffer. (PR #12, Thanks @KOLANICH for the contribution.)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Feb 6, 2021
* Set new HOMEPAGE and MASTER_SITES.
Changelog:
Changes in release neon 0.31.2, 20th June 2020
Fix ne_md5_read_ctx() with OpenSSL on big-endian architectures.
Fix GCC 10 warning in PKCS#11 build.
Fix OpenSSL build w/o deprecated APIs (Rosen Penev).
Fix unnecessary MD5 test for non-Digest auth (Sebastian Reschke).
Fix hang on SSL connection close with IIS (issue #11).
Fix ar, ranlib detection when cross-compiling (Sergei Trofimovich).
Changes in release neon 0.31.1, 17th April 2020
ADMIN: The neon website has moved to https://notroj.github.io/neon/
Restore ne_md5_read_ctx() in OpenSSL build.
Fix gcc warnings on Ubuntu (Jan-Marek Glogowski).
Fix various spelling mistakes in docs and headers (thanks to FOSSIES).
Fix ne_asctime_parse() (Eugenij-W).
Fix build with LibreSSL (Juan RP).
Changes in release neon 0.31.0, 24th March 2020
Interface changes:
none, API and ABI backwards-compatible with 0.27.x and later
New interfaces and features:
add more gcc “nonnull” attributes to ne_request_* functions.
for OpenSSL builds, ne_md5 code uses the OpenSSL implementation
add NE_SESSFLAG_SHAREPOINT session flag which enables workarounds< for RFC non-compliance issues in Sharepoint (thanks to Jan-Marek Glogowski and Giuseppe Castagno)
ne_uri.h: add ne_path_escapef() in support of above
ne_207.h: add ne_207_set_flags() likewise in support of above
API clarification:
ne_version_match() behaviour now matches actual 0.27+ ABI history
Bug fixes:
fixes for OpenSSL 1.1.1 and TLSv1.3 support
fix crash with GnuTLS in client cert support (Henrik Holst)
fix possible crash in ne_set_request_flag()
fix build with libxml2 2.9.10 and later
fix handling lock timeouts >LONG_MAX (Giuseppe Castagno)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Feb 13, 2021
0.1.16 (2021-02-12) * Land #11, Remove tainted calls
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Feb 27, 2021
-Add autoreload on dir content change (#11)
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Mar 6, 2021
Update HOMEPAGE, from author in PR 56041. 1.4.1 Fixed a memory overflow bug while reading files from the command line, using a patch from David Tardon, which was passed on by UsernameRandomlyGenerated. [#56] #sf-patch-3 1.4.0 Added Regression tests for basic functionality, based on old custom scripts. Regression tests confirming fixes for previously fixed issues: #14, #19. Changed Removed one check for . and .. when traversing a directory tree. #12 Regenerated config file parser. Updated the safe filter to translate new lines, carriage returns, and tabs into underscores. #9 #11 #17 Fixed The examples in detox.1 no longer say -c when they mean -f. #30 The command synopsis in detox.1 and inline-detox.1 no longer adds a dash before the sequence and configfile. #30 1.3.3 Fix version identifier in detox binary. 1.3.2 Fixed Table based UTF-8 translation no longer mangles characters. [#14] 1.3.1 Fixed Merged fix for Debian #861537, written by Vasily Kolobkov, passed on by Zenaan Harkness, Quentin Guittard, and Joao Eriberto Mota Filho. This addresses an issue with detox generating malformed characters during translation. #14 1.3.0 Migrated from configure.in and Makefile.in to the full autoconf suite. [#1] Remove detox_path.h, in favor of command line defines. [#1] Removed libpopt support. [#2] Fixed the way inline-detox is generated. [#6] Merged parse_option_*.[ch] and file*.[ch]. [#1, #2, #6] Added --inline as an option to detox, to enable inline mode on the main binary. [#6]
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Mar 9, 2021
Upstream changes:
Moodle 3.10.2 release notes
Releases > Moodle 3.10.2 release notes
Release date: 8 March 2021
Here is the full list of fixed issues in 3.10.2.
Contents
1 General fixes and improvements
2 Accessibility improvements
3 Security fixes
4 See also
General fixes and improvements
MDL-67959 - The default group icon should not be displayed when there is no group picture
MDL-67515 - Uninstalled plugin breaks the custom lang tool if it had some strings customised
MDL-66979 - Switch all the Behat testing to the new W3C drivers
MDL-70535 - VideoJS language doesn't fallback to en
MDL-68970 - Pages during a quiz attempt should not be cached, so forwards/back do not lead to errors
MDL-57020 - Unable to delete scales which are no longer used
MDL-70268 - Dropbox repository requires log on to work - which fails
MDL-46256 - count_words returns too few words when dealing with html tags
MDL-70048 - Dropbox Search API: /files/search is being retired in favor of /files/search_v2
MDL-69867 - Marking workflow display wrong current grade if using scales
MDL-70736 - Unable to load Marking Guide Templates
MDL-70796 - Moodle word count does not match other software
MDL-69101 - Essay question: "Accepted file types" and other new fields are not supported in Moodle XML file
MDL-70377 - When reviewing an attempt as a teacher $string['saved'] {$a} not replaced
MDL-43697 - Archived badges are restored during course restore
MDL-70676 - Workshop assessment aspect with no grade is unusable
MDL-70631 - Poor performance of zip_packer::extract_to_pathname()
MDL-70648 - Editing a calendar event of type category and removing the category results in an error
MDL-68958 - Undefined variable: href when creating IMSCP
MDL-70339 - Activity chooser does not honour external tool icons
MDL-56772 - File picker:Right align table column headers, in RTL mode (theme:boost)
MDL-70513 - Quiz manual grading page should warn if you try to leave with unsaved data
MDL-70705 - Multilang Filters not applied to Recent blog entries block Blog entry titles
MDL-70552 - Notification of submissions are not sent for anonymous feedback
MDL-70574 - Cloze multianswer question leaks percentage if with decimal
MDL-66932 - Grade percentage display in Gradebook should be LTR, in RTL mode
MDL-70585 - Downloaded course content unbrowseable for some activity names
MDL-70912 - Cannot access H5P content bank popup in Atto editor within mod_data textarea
MDL-70264 - badges/oauth2callback.php should be removed and replaced by admin/oauth2callback.php
MDL-67974 - Badge expiry error and missing expired stamp
MDL-67494 - Course/activity calendar events are deleted when the teacher who created them requests their data to be deleted
MDL-70995 - Group names not formatted in course participants filter
MDL-69883 - Unable to scroll beyond 50 conversations in Messages tool
MDL-69097 - Language filters aren't correctly applied in "Whole forum grading"
Accessibility improvements
MDL-70169 - Login page accessibility issues
MDL-70288 - Checkbox and advanced checkbox elements can have duplicate labels
MDL-70173 - Dashboard accessibility issues
MDL-65390 - Accessibility #11 Content appears above “show more” button
MDL-59782 - Question bank highlight of last added question is wrong in boost
MDL-70172 - Site home page accessibility issues
Security fixes
Details of any security issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Mar 30, 2021
Changelog: Bugs fixed in NSS 3.63: * Bug 1697380 - Make a clang-format run on top of helpful contributions. * Bug 1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * Bug 1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * Bug 1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * Bug 1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * Bug 1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * Bug 1694214 - tstclnt can't enable middlebox compat mode. * Bug 1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * Bug 1685880 - Minor fix to prevent unused variable on early return. * Bug 1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * Bug 1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * Bug 1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * Bug 1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * Bug 1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * Bug 1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * Bug 1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * Bug 1687822 - Turn off Websites trust bit for the “Staat der Nederlanden Root CA - G3” root cert in NSS. * Bug 1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008’. * Bug 1694291 - Tracing fixes for ECH.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 16, 2021
Bugs fixed in NSS 3.65: * Bug 1709654 - Update for NetBSD configuration. * Bug 1709750 - Disable HPKE test when fuzzing. * Bug 1566124 - Optimize AES-GCM for ppc64le. * Bug 1699021 - Add AES-256-GCM to HPKE. * Bug 1698419 - ECH -10 updates. * Bug 1692930 - Update HPKE to final version. * Bug 1707130 - NSS should use modern algorithms in PKCS#12 files by default. * Bug 1703936 - New coverity/cpp scanner errors. * Bug 1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * Bug 1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * Bug 1705119 - Deadlock when using GCM and non-thread safe tokens.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 25, 2021
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jun 1, 2021
(https://cran.r-project.org/web/packages/pkgKitten/news.html) Changes in version 0.2.1 (2021-02-22) A small documentation error was corrected (David Dalpiaz in #15). A new option ‘bunny’ adds support for roxygen2. Continuous integration now use run.sh from r-ci. Changes in version 0.2.0 (2020-09-27) Continuous Integration uses the updated BSPM-based script on Travis and with GitHub Actions (Dirk in #11 plus earlier commits). A new default NAMESPACE file is now installed (Dirk in #12). A package documentation website was added (Dirk in #13). Call tinytest::puppy if installed and not opted out (Dirk in #14).
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jul 7, 2021
Upstream changes:
version 2.21: Fri 28 May 12:01:00 CEST 2021
Changes:
- application/octet-stream is better for .dat [issue #11, Даша Федорова]
- add video/webm which Google forgot to register [issue #12, Brent Laabs]
- add image/webp which Google registered too late [issue #12, Brent Laabs]
version 2.20: Thu 22 Apr 12:48:35 CEST 2021
Fixes:
- problems with PAUSE cause the previous release to show-up in
the wrong location. Let's hope this release solves it.
Changes:
- heif/heic/heifs/heics/hif fix [issue #9, Даша Федорова]
- no 'and' and 'or' extensions [issue #9, Даша Федорова]
- application/octet-stream is better for .bin [issue #10, Даша Федорова]
version 2.19: Fri 16 Apr 11:47:10 CEST 2021
Improvements:
- update with the newest data from IANA and Apache httpd
Changes:
- mp4 preference is video/mp4 [issue #5, Даша Федорова]
- yt preference is video/vnd.youtube.yt [issue #6, Даша Федорова]
- 3gp and 3gpp preference is video/3gpp [issue #7, Даша Федорова]
version 2.18: Wed 9 Dec 10:29:46 CET 2020
Improvements:
- update with newest data
Changes:
- Mojo 6.0 changed types() into mapping() [Dmitry Latin]
- Mojo 7.94 adds experimental file_type()
- Mojo 7.94 adds experimental content_type()
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Aug 8, 2021
Changelog:
Version 3.1.0
Monday, August 2, 2021
Features:
+ knotd: automatic zone catalog generation based on actual configuration
+ knotd: zone catalog supports configuration groups
+ knotd: support for ZONEMD validation and generation
+ knotd: basic support for TCP over XDP processing
+ knotd: configuration option for enabling IP route check in the XDP mode
+ knotd: support for epoll (Linux) and kqueue (*BSD, macOS) socket
polling
+ knotd: extended EDNS error (EDE) is added to the response if
appropriate
+ knotd: DNSSEC operation with extra ready public-only KSK is newly
allowed
+ knotd: new zone backup/restore filters for more variable component
specification
+ knotd: adaptive systemd service start timeout and new zone loading
status #733
+ knotd: configuration option for enabling TCP Fast Open on outbound
communication
+ knotd: when the server starts, zone NOTIFY is send only if not sent
already
+ knotc: zone reload with the force flag triggers reload of the zone and
its modules
+ libs: support for parsing and dumping SVCB and HTTPS resource records
+ kdig: support for TCP Fast Open along with DoT/DoH #549
+ kxdpgun: basic support for DNS over TCP processing
+ kxdpgun: current traffic statistics can be printed using a USR1 signal
+ python: new libknot/probe API wrapper
Improvements:
+ knotd: PID file is created even in the foreground mode
+ knotd: more robust and enhanced zone data backup and restore operations
+ knotd: maximum length of an XFR message is limited to 16 KiB for better
compression
+ knotd: maximum CNAME/DNAME chain depth per reply was decreased from 20
to 5
+ knotd: improved performance of processing domain names with many short
labels
+ knotd: adaptive limit on the number of LMDB readers to avoid problems
with many workers
+ knotd: TTL of generated NSEC(3) records is set to min(SOA TTL, SOA
minimum)
+ knotd: TTL of generated NSEC3PARAM is equal to TTL of NSEC3 records
+ knotd: maximum TCP segment size is restricted to 1220 octets on Linux #
468
+ knotc: various improvements in error reporting
+ knotc: default control timeout is infinity in the blocking mode
+ dnssec: dnskey generator tries to return a key with a unique keytag
+ kxdpgun: RLIMIT_MEMLOCK is increased only if not high enough
+ kxdpgun: RTNETLINK is used for getting network information instead of
the ip command
Bugfixes:
+ knotd: DNAME not applied more than once to resolve the query #714
+ knotd: root zone not correctly purged from the journal
+ kzonecheck: incorrect check for opt-outed empty non-terminal nodes
+ libzscanner: wrong error line number
+ libzscanner: broken multiline rdata processing if an error occurs
+ mod-geoip: NXDOMAIN is responded instead of NODATA #745
+ make: build fails with undefined references if building using slibtool
#722
Packaging:
+ knotd: systemd service reload uses 'kill -HUP' instead of 'knotc
reload'
+ kxdpgun: new library dependency libmnl
+ mod-dnstap: new package separate from the knot package
+ mod-geoip: new package separate from the knot package
Compatibility:
+ configure: option '--enable-xdp=yes' means use an external libbpf if
available
or use the embedded one
+ libzsanner: omitted TTL value is correctly set to the last explicitly
stated value (RFC 1035)
+ knotc: zone restore from an old backup (3.0.x) requires forced
operation
+ knotd: configuration option 'server.listen-xdp' is replaced with
'xdp.listen'
+ knotd: zone file loading with automatic SOA serial incrementation newly
requires having full zone in the journal
+ knotd: obsolete configuration options 'zone.disable-any',
'server.tcp-handshake-timeout'
are silently ignored
+ knotd: obsolete configuration options 'zone.max-zone-size',
'zone.max-journal-depth',
'zone.max-journal-usage', 'zone.max-refresh-interval',
'zone.min-refresh-interval' 'server.max-ipv4-udp-payload',
'server.max-ipv6-udp-payload', 'server.max-udp-payload',
'server.tcp-reply-timeout', 'server.max-tcp-clients' are ignored
+ knotd: obsolete default template options 'template.journal-db',
'template.kasp-db', 'template.timer-db',
'template.max-journal-db-size', 'template.journal-db-mode',
'template.max-timer-db-size', 'template.max-kasp-db-size' are
ignored
Version 3.0.8
Friday, July 16, 2021
Features:
+ knotc: new command for loading DNSSEC keys without dropping all RRSIGs
when re-signing
+ knotd: new policy configuration option for disabling some DNSSEC safety
features #741
+ mod-geoip: new dnssec and policy configuration options
Bugfixes:
+ knotd: early KSK removal during a KSK rollover if automatic KSK
submission check
is enabled and DNSKEY TTL is lower than the corresponding DS TTL
+ knotd: failed to generate a new DNSKEY if previously generated shared
key not available
+ knotd: periodical error logging when a PKCS #11 keystore failed to
initialize #742
+ knotd: zone commit doesn't check for missing SOA record
Version 3.0.7
Wednesday, June 16, 2021
Features:
+ knotd: new configuration policy option for CDS digest algorithm setting
#738
+ keymgr: new command for primary SOA serial manipulation in on-secondary
signing mode
Improvements:
+ knotd: improved algorithm rollover to shorten the last step of old
RRSIG publication
Bugfixes:
+ knotd: zone is flushed upon server start, despite DNSSEC signing is
up-to-date
+ knotd: wildcard nonexistence is proved on empty-non-terminal query
+ knotd: redundant wildcard proof for non-authoritative data in a reply
+ knotd: missing wildcard proofs in a wildcard-cname loop reply
+ knotd: incorrectly synthesized CNAME owner from a wildcard record #715
+ knotd: zone-in-journal changeset ignores journal-max-usage limit #736
+ knotd: incorrect processing of zone-in-journal changeset with SOA
serial 0
+ knotd: broken initialization of processing workers if SO_REUSEPORT(_LB)
not available
+ kjournalprint: reported journal usage is incorrect #736
+ keymgr: cannot parse algorithm name ed448 #739
+ keymgr: default key size not set properly
+ kdig: failed to process huge DoH responses
+ libknot/probe: some corner-case bugs
Version 3.0.6
Wednesday, May 12, 2021
Features:
+ mod-probe: new module for simple traffic logging (Python API not yet
included)
Improvements:
+ keymgr: new mode for listing zones with at least one key stored
+ keymgr: the pregenerate command accepts optional timestamp-from
parameter
+ kzonecheck: accept '-' as substitution for standard input #727
+ knotd: print an error when unable to change owner of a logging file
+ knotd: new warning log if no interface is configured
+ knotd: new signing policy check for NSEC3 iterations higher than 20
+ knotd: don't allow backup to/restore from the DB storage directory
+ Various code (mostly zone backup/restore), tests, and documentation
improvements
Bugfixes:
+ knotd: secondary fails to load zone file if HTTPS or SVCB record is
present #725
+ knotd: (KSK roll-over) new KSK is not signing DNSKEY long enough before
DS submission
+ knotd: (KSK roll-over) old KSK uselessly published after roll-over
finished
+ knotd: malformed address in TCP-related logs when listening on a UNIX
socket
+ knotd: server responds FORMERR instead of BADTIME if TSIG signed time
is zero #730
+ modules: incorrect local and remote addresses in the XDP mode
+ modules: failed to read configuration from a section without
identifiers
+ mod-synthrecord: queries on synthesized empty-non-terminals not
answered with NODATA
+ keymgr: confusing error if del-all-old command fails
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
strlcpy already defined in Darwin (Apple) and *BSDs. Added LICENSE information.