Adolf Belka [Sat, 23 Apr 2022 21:26:41 +0000 (23:26 +0200)]
powertop: Update to version 2.14
- Update from v2.10 to 2.14
- added ./autogen.sh to create configure file
- Update of rootfile
- Changelog
No changelog provided anywhere. For details of changes see commits in the github
repository - https://github.com/fenrus75/powertop/commits/master
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sat, 23 Apr 2022 21:26:13 +0000 (23:26 +0200)]
pcre2: Update to version 10.40
- Update from 10.39 to 10.40
- Update of rootfile
- Changelog
Version 10.40 15-April-2022
1. Merged patch from @carenas (GitHub #35, 7db87842) to fix pcre2grep incorrect
handling of multiple passes.
2. Merged patch from @carenas (GitHub #36, dae47509) to fix portability issue
in pcre2grep with buffered fseek(stdin).
3. Merged patch from @carenas (GitHub #37, acc520924) to fix tests when -S is
not supported.
4. Revert an unintended change in JIT repeat detection.
5. Merged patch from @carenas (GitHub #52, b037bfa1) to fix build on GNU Hurd.
6. Merged documentation and comments patches from @carenas (GitHub #47).
7. Merged patch from @carenas (GitHub #49) to remove obsolete JFriedl test code
from pcre2grep.
8. Merged patch from @carenas (GitHub #48) to fix CMake install issue #46.
9. Merged patch from @carenas (GitHub #53) fixing NULL checks in matching and
substituting.
10. Add null_subject and null_replacement modifiers to pcre2test.
11. Add check for NULL subject to POSIX regexec() function.
12. Add check for NULL replacement to pcre2_substitute().
13. For the subject arguments of pcre2_match(), pcre2_dfa_match(), and
pcre2_substitute(), and the replacement argument of the latter, if the pointer
is NULL and the length is zero, treat as an empty string. Apparently a number
of applications treat NULL/0 in this way.
14. Added support for Bidi_Class and a number of binary Unicode properties,
including Bidi_Control.
15. Fix some minor issues raised by clang sanitize.
16. Very minor code speed up for maximizing character property matches.
17. A number of changes to script matching for \p and \P:
(a) Script extensions for a character are now coded as a bitmap instead of
a list of script numbers, which should be faster and does not need a
loop.
(b) Added the syntax \p{script:xxx} and \p{script_extensions:xxx} (synonyms
sc and scx).
(c) Changed \p{scriptname} from being the same as \p{sc:scriptname} to being
the same as \p{scx:scriptname} because this change happened in Perl at
release 5.26.
(d) The standard Unicode 4-letter abbreviations for script names are now
recognized.
(e) In accordance with Unicode and Perl's "loose matching" rules, spaces,
hyphens, and underscores are ignored in property names, which are then
matched independent of case.
18. The Python scripts in the maint directory have been refactored. There are
now three scripts that generate pcre2_ucd.c, pcre2_ucp.h, and pcre2_ucptables.c
(which is #included by pcre2_tables.c). The data lists that used to be
duplicated are now held in a single common Python module.
19. On CHERI, and thus Arm's Morello prototype, pointers are represented as
hardware capabilities, which consist of both an integer address and additional
metadata, meaning they are twice the size of the platform's size_t type, i.e.
16 bytes on a 64-bit system. The ovector member of heapframe happens to only be
8 byte aligned, and so computing frame_size ended up with a multiple of 8 but
not 16. Whilst the first frame was always suitably aligned, this then
misaligned the frame that follows, resulting in an alignment fault when storing
a pointer to Fecode at the start of match. Patch to fix this issue by Jessica
Clarke PR#72.
20. Added -LP and -LS listing options to pcre2test.
21. A user discovered that the library names in CMakeLists.txt for MSVC
debugger (PDB) files were incorrect - perhaps never tried for PCRE2?
22. An item such as [Aa] is optimized into a caseless single character match.
When this was quantified (e.g. [Aa]{2}) and was also the last literal item in a
pattern, the optimizing "must be present for a match" character check was not
being flagged as caseless, causing some matches that should have succeeded to
fail.
23. Fixed a unicode properrty matching issue in JIT. The character was not
fully read in caseless matching.
24. Fixed an issue affecting recursions in JIT caused by duplicated data
transfers.
25. Merged patch from @carenas (GitHub #96) which fixes some problems with
pcre2test and readline/readedit:
* Use the right header for libedit in FreeBSD with autoconf
* Really allow libedit with cmake
* Avoid using readline headers with libedit
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 12 Apr 2022 10:34:11 +0000 (12:34 +0200)]
ipvsadm: Update to version 1.31
- Update from 1.29 to 1.31
- Update of rootfile not required
- Changelog
Version 1.31
In ipvsadm(8) add using nft or an eBPF program to set a packet mark
Add --pe sip option in ipvsadm(8) man page
ipvsadm: allow tunneling with gre encapsulation
Merge branch 'GUE-encap'
ipvsadm: allow tunneling with gue encapsulation
ipvsadm: convert options to unsigned long long
Version 1.30
Merge: ipvsadm: Document/add support for fo/ovf/mh schedulers
Add support for mh scheduler
Document support of ovf scheduler
Document support of fo scheduler
libipvs: fix some buffer sizes
libipvs: discrepancy with libnl genlmsg_put
ipvsadm: catch the original errno from netlink answer
Version 1.29
ipvsadm: new attributes for sync daemon
ipvsadm: support 64-bit stats and rates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 12 Apr 2022 10:34:28 +0000 (12:34 +0200)]
keepalived: Update to version 2.2.7
- Update from 2.2.4 to 2.2.7
- Update of rootfile
- Changelog
Release 2.2.7 brings lots of improvements and fix some minor issues reported. It add
some new VRRP features as well. Stability has been even more extended.
New
ipvs: Add support to twos scheduler.
vrrp: Add vrf option for unicast without specifying an interface.
vrrp: Add option unicast_fault_no_peer. Previously if unicast_src_ip (or any
other unicast option) was specified, but no unicast peers were
configured, then the VRRP instance would operate in multicast mode. A
user has identified that, due to automatic configuration generation,
they could have a configuration that should operate in unicast mode,
but that no unicast peers were configured. In this case, they did not
want the VRRP instance to revert to multicast mode. In order to
maintain backward compatibility, keepalived can’t simply change to not
allowing no unicast peers. Instead, this commit adds the configuration
option “unicast_fault_no_peer”, which if specified causes the VRRP
instance to go to fault state if no unicast peers are configured.
vrrp: Allow specification of multicast address to be used.
vrrp: Add vrf option to static and vrrp routes.
vrrp: Add option to resend vrrp states on fifos after reload. Since
keepalived restarts FIFOs scripts it is managing when a reload occurs,
it can be helpful to send the VRRP instance and group states after a
reload. This commit adds option fifo_write_vrrp_states_on_reload to do
that, and it means that what is written to the FIFOs with default
configuration does not change.
vrrp: Allow duplication of VRIDs on an interface with unicast peers. If two
VRRP instances are using unicast peers and there is no overlap of
unicast peers between the vrrp instances, then the vrrp instances can
use the same VRIDs.
global: Don’t assume running as user root.
systemd: Add keepalived-non-root.service systemd service file.
keepalived-non-root.service allows keepalived to be run as a non
root user, but with specific added capabilities to allow all the
functionality that keepalived needs.
Improvements
vrrp: Stop receiving any data on garp and ndisc sockets. This is a send-only
channel.
vrrp: Open gratuitous ARP socket as an ARP socket rather than RARP. Now that
the receiving of packets on the garp socket has been stopped, we can
open the socket with the correct type of binding, and we won’t have a
queue of received messages build up.
vrrp: Extend cBPF filtering code to support standard definition.
vrrp: Optimise nftables configuration to limit some rules to macvlans. If we
are moving messages that have been generated on a macvlan, we nftables
rules can be optimised to restrict them to macvlan interfaces.
vrrp: Drop ICMPV6 Router Solicitation messages from vmac interfaces. When we
create a vmac interface, a short time afterwards the kernel sends a
router solicition message with the source MAC address of the vmac
interface. The problem is that this will upset snooping switches if
the VRRP instance is in backup state. Furthermore, we can’t simply
move the packet onto the underlying interface since the ICMPV6 payload
also contains the MAC address of the vmac interface. We can’t just
change the MAC address in the ICMPV6 message, since there is also a
checksum which would need to be recalculated. The only solution at the
moment is to drop the packet. This shouldn’t be a problem since the
underlying interface should have sent a Router solicitation message
when it came up.
vrrp: Add option to specify MAC address for VMACs.
vrrp: Don’t lose some configuration faults. The following errors were being
detected in vrrp_complete_instance() and the VRRP instance was then
supposed to be put into fault state since it couldn’t operate.
However, the need to go to fault state was subsequently being lost.
The configuration errors that were being lost were: (a) Configuring
use of a VMAC on a non Ethernet interface (b) Attempting to use
multicast on an interface that doesn’t support it (c) Using an ipvlan
without a source IP address (d) ipvlan address family not matching
VRRP isntance’s (e) VRID conflicts on an interface which could be
deleted an recreated on a different interface (f) An interface
specified for a VIP is the same as the VRRP instance’s VMAC or another
VRRP instance’s VMAC. This improvement ensures that the VRRP instance
will be put into, and remain in, fault state, since it cannot
successfully operate. As can be seen from the list of circumstances
above, they were very unlikely to occur, but were possible.
vrrp: Bind IPv6 socket to multicast address. Previously IPv6 sockets were
being bound to the ::1 address, since trying to bind to the multicast
address was failing. The reason for failing has now been discovered to
be that the scope_id needed to be set (i.e. the interface index),
since the multicast addresses that we use are link-local multicast
addresses. This improvement now sets the scope_id, so the socket can
successfully be bound to the multicast address.
vrrp: Set IPV6_MULTICAST_ALL on IPv6 sockets if available.
vrrp: Some SNMP extension and improvements: - Correct FastOpenNoCookie and
L3Mdev variable types - Don’t write multicast address to SNMP when
using unicast. - Don’t write unconfigured LVS sync daemon address to
SNMP. - Define and use SNMP_TruthValue. - Define and use
SNMP_InetAddressType. - Correct reporting accept mode for VRRPv3 SNMP.
vrrp: Misc DBus improvements (Opening, logging, data_dir, policy, …)
vrrp: Handle VMAC’s interface changing on reload properly.
vrrp: If accept traffic for VIPs changes on reload, update firewall.
vrrp: Stop going to backup if reload IPv6 and change vmac_xmit_base.
vrrp: Add add/prepend/append options to static and virtual routes. The
kernel by default prepends routes, whereas the ip (iproute2) utility
be default adds routes (adding a route does not allow duplicates
whereas appending or prepending does). keepalived previously has not
set the flags relating to this, and so has always prepended routes.
This means that duplicate routes could be created.
lib: Update Red Black tree code to Linux 5.15-rc4.
script: Extend sample_notify_fifo.sh.
doc: Misc documentation updates.
docker: Upate docker file.
init: Init handling extensions. Make parent process exit with meaningful
status on error. Ensure systemd is not notified of successful start if
failed. fix building without systemd notify suport.
bfd: handle unexpected closure of pipe to checker and vrrp processes. If the
parent process abnormally terminates and then the BFD process
terminates due to PDEATHSIG before the vrrp or checker processes
terminate, the vrrp and checker processes can get a read error on the
pipes used to communicate with the BFD process.
bfd: make BFD work when IPv6 disabled on system.
Fixes
lib: Fix calculating CLOCK_REALTIME and CLOCK_MONOTONIC offsets.
lib: scheduler: Handle cancelling timer thread on ready queue. The timer
thread on the ready queue, if cancelled, was corrupting the read
list_head, since it assumed it was on a red black tree.
snap: Fix building snaps.
ipvs: Fix building with glibc prior to v2.19 (released 2014).
bfd: Handle interface down/address missing when keepalived starts. This
resolves a segfault, and also makes bfd retry once per minute to create
send socket if it cannot do so due to no address to bind to on an
interface.
vrrp: Fix unicast with interface in a VRF domain.
vrrp: Fix moving excess VIPs to eVIPs, by properly handling vip_cnt.
vrrp: Fix configured IPv6 multicast addresses with VMACs. Using different
multicast addresses with IPv6 on the same interface without using
VMACs is only supported if the kernel supports IPV6_MULTICAST_ALL
(from Linux v4.20).
vrrp: Fix checking for unicast with VMAC/ipvlan and no peers.
vrrp: Fix checking if have unicast ppers if unicast_ttl specified.
vrrp: Don’t segfault if duplicate VMAC name, but ignore second name.
vrrp: Don’t delete and recreate VMAC on reload if only VRID has changed.
There seems to be an issue deleting and then immediately recreating a
VMAC on the same interface. This commit therefore simply changes the
MAC address if the only change is the VRID.
vrrp: Fix nftables config if VMAC interface changed on reload.
vrrp: Don’t segfault if don’t have permission for ARP/NDISC socket.
vrrp: Fix IPv6 with vmac_xmit_base.
vrrp: fix disabling vmac-xmit-base with VRRPv3 IPv6 use_vmac.
vrrp: Fix specifying user/group for vrrp_scripts.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sat, 23 Apr 2022 21:26:55 +0000 (23:26 +0200)]
procps: Update to version v4.0.0
- Update from v3.3.16 to v4.0.0
- added --disable-static to ./configure to remove static libs from rootfile
- Update of rootfile
- Changed lib name. Ran ./make.sh find-dependencies. No dependencies on old libraries
- Changelog
procps-ng-4.0.0
* Rename pwait to pidwait
* free: Add committed line option merge #25
* free: Fix -h --si combined options issue #133, #223
* free: Fix first column justification issue #229, #204, #206, Debian #1001689
* free: Better spacing for Chinese language issue #213
* library: renamed to libproc-2 and reset to 0:0:0
* library: add support for accessing smaps_rollup issue #112, #201
* library: add support for accessing autogroups
* library: add support for LIBPROC_HIDE_KERNEL env var merge #147
* library: add support for cpu utilization to pids i/f
* pkill: Check for lt- variants of program name issue #192
* pgrep: Add newline after regex error message merge #91
* pgrep: Fix selection where uid/gid > 2^31 merge !146
* pgrep: Select on cgroup v2 paths issue #168
* ps: Add OOM and OOMADJ fields issue #198
* ps: Add IO Accounting fields issue #184
* ps: Add PSS and USS fields issue #112
* ps: Add two new autogroup fields
* ps: Ignore SIGURG merge !142
* slabtop: Don't combine d and o options issue #160
* sysctl: Add support for systemd glob patterns issue #191
* sysctl: Check resolved path to be under /proc/sys issue #179
* sysctl: return non-zero if EINVAL return for write merge #76
* sysctl.conf.5: Note max line length issue #77
* top: added LOGID similar to 3.3.13 ps LUID
* top: added EXE identical to 3.3.17 ps EXE
* top: exploit some library smaps_rollup provisions issue #112
* top: added four new IO accounting fields issue #184
* top: 'F' key is now a new forest view 'focus' toggle
* top: summary area memory lines can print two abreast
* top: added two new autogroup fields
* top: added long versions of command line options
* top: added cpu utilization & 2 time related fields
* top: the time related fields can now be user scaled
* uptime: print short/pretty format correctly issue #217
* vmstat: add -y option to remove first line merge !72
procps-ng-3.3.17
* library: Incremented to 8:3:0
(no removals or additions, internal changes only)
* all: properly handle utf8 cmdline translations issue #176
* kill: Pass int to signalled process merge #32
* pgrep: Pass int to signalled process merge #32
* pgrep: Check sanity of SG_ARG_MAX issue #152
* pgrep: Add older than selection merge #79
* pidof: Quiet mode merge #83
* pidof: show worker threads Redhat #1803640
* ps.1: Mention stime alias issue #164
* ps: check also match on truncated 16 char comm names
* ps: Add exe output option Redhat #1399206
* pwait: New command waits for a process merge #97
* sysctl: Match systemd directory order Debian #950788
* sysctl: Document directory order Debian #951550
* top: ensure config file backward compatibility Debian #951335
* top: add command line 'e' for symmetry with 'E' issue #165
* top: add '4' toggle for two abreast cpu display issue #172
* top: add '!' toggle for combining multiple cpus
* top: fix potential SEGV involving -p switch merge #114
* vmstat: Wide mode gives wider proc columns merge #48
* watch: Add environment variable for interval merge #62
* watch: Add no linewrap option issue #182
* watch: Support more colors merge #106,#109
* free,uptime,slabtop: complain about extra ops issue #181
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 5 Apr 2022 13:47:47 +0000 (15:47 +0200)]
pango: Update to version 1.50.6
- Update from 1.50.4 to 1.50.6
- Update of rootfile
- Changelog
Overview of changes in 1.50.6, 19-03-2022
- Drop hb-glib dependency
- Fix test font configuration
- Maintain order in pango_attr_list_change
- Fix a use-after-free in pango_attr_list_change
Overview of changes in 1.50.5, 03-03-2022
* Fix compiler warnings
* Enable cairo by default
* pango-view: Show more baselines
* layout: Handle baselines
* Windows: build cleanups
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Thu, 21 Apr 2022 07:51:45 +0000 (09:51 +0200)]
samba: Update to version 4.16.0
- Update from version 4.15.5 to 4.16.0
- Update of rootfile
- perl-JSON now added to samba requirements. Additional patch combined with this on for
install of perl-JSON
- Changelog
Release Notes for Samba 4.16.0
NEW FEATURES/CHANGES
New samba-dcerpcd binary to provide DCERPC in the member server setup
In order to make it much easier to break out the DCERPC services
from smbd, a new samba-dcerpcd binary has been created.
samba-dcerpcd can be used in two ways. In the normal case without
startup script modification it is invoked on demand from smbd or
winbind --np-helper to serve DCERPC over named pipes. Note that
in order to run in this mode the smb.conf [global] section has
a new parameter "rpc start on demand helpers = [true|false]".
This parameter is set to "true" by default, meaning no changes to
smb.conf files are needed to run samba-dcerpcd on demand as a named
pipe helper.
It can also be used in a standalone mode where it is started
separately from smbd or winbind but this requires changes to system
startup scripts, and in addition a change to smb.conf, setting the new
[global] parameter "rpc start on demand helpers = false". If "rpc
start on demand helpers" is not set to false, samba-dcerpcd will
refuse to start in standalone mode.
Note that when Samba is run in the Active Directory Domain Controller
mode the samba binary that provides the AD code will still provide its
normal DCERPC services whilst allowing samba-dcerpcd to provide
services like SRVSVC in the same way that smbd used to in this
configuration.
The parameters that allowed some smbd-hosted services to be started
externally are now gone (detailed below) as this is now the default
setting.
samba-dcerpcd can also be useful for use outside of the Samba
framework, for example, use with the Linux kernel SMB2 server ksmbd or
possibly other SMB2 server implementations.
Heimdal-8.0pre used for Samba Internal Kerberos, adds FAST support
Samba has since Samba 4.0 included a snapshot of the Heimdal Kerberos
implementation. This snapshot has now been updated and will closely
match what will be released as Heimdal 8.0 shortly.
This is a major update, previously we used a snapshot of Heimdal from
2011, and brings important new Kerberos security features such as
Kerberos request armoring, known as FAST. This tunnels ticket
requests and replies that might be encrypted with a weak password
inside a wrapper built with a stronger password, say from a machine
account.
In Heimdal and MIT modes Samba's KDC now supports FAST, for the
support of non-Windows clients.
Windows clients will not use this feature however, as they do not
attempt to do so against a server not advertising domain Functional
Level 2012. Samba users are of course free to modify how Samba
advertises itself, but use with Windows clients is not supported "out
of the box".
Finally, Samba also uses a per-KDC, not per-realm 'cookie' to secure part of
the FAST protocol. A future version will align this more closely with
Microsoft AD behaviour.
If FAST needs to be disabled on your Samba KDC, set
kdc enable fast = no
in the smb.conf.
Certificate Auto Enrollment
Certificate Auto Enrollment allows devices to enroll for certificates from
Active Directory Certificate Services. It is enabled by Group Policy.
To enable Certificate Auto Enrollment, Samba's group policy will need to be
enabled by setting the smb.conf option `apply group policies` to Yes. Samba
Certificate Auto Enrollment depends on certmonger, the cepces certmonger
plugin, and sscep. Samba uses sscep to download the CA root chain, then uses
certmonger paired with cepces to monitor the host certificate templates.
Certificates are installed in /var/lib/samba/certs and private keys are
installed in /var/lib/samba/private/certs.
Ability to add ports to dns forwarder addresses in internal DNS backend
The internal DNS server of Samba forwards queries non-AD zones to one or more
configured forwarders. Up until now it has been assumed that these forwarders
listen on port 53. Starting with this version it is possible to configure the
port using host:port notation. See smb.conf for more details. Existing setups
are not affected, as the default port is 53.
CTDB changes
* The "recovery master" role has been renamed "leader"
Documentation and logs now refer to "leader".
The following ctdb tool command names have changed:
recmaster -> leader
setrecmasterrole -> setleaderrole
Command output has changed for the following commands:
status
getcapabilities
The "[legacy] -> recmaster capability" configuration option has been
renamed and moved to the cluster section, so this is now:
[cluster] -> leader capability
* The "recovery lock" has been renamed "cluster lock"
Documentation and logs now refer to "cluster lock".
The "[cluster] -> recovery lock" configuration option has been
deprecated and will be removed in a future version. Please use
"[cluster] -> cluster lock" instead.
If the cluster lock is enabled then traditional elections are not
done and leader elections use a race for the cluster lock. This
avoids various conditions where a node is elected leader but can not
take the cluster lock. Such conditions included:
- At startup, a node elects itself leader of its own cluster before
connecting to other nodes
- Cluster filesystem failover is slow
The abbreviation "reclock" is still used in many places, because a
better abbreviation eludes us (i.e. "clock" is obvious bad) and
changing all instances would require a lot of churn. If the
abbreviation "reclock" for "cluster lock" is confusing, please
consider mentally prefixing it with "really excellent".
* CTDB now uses leader broadcasts and an associated timeout to
determine if an election is required
The leader broadcast timeout can be configured via new configuration
option
[cluster] -> leader timeout
This specifies the number of seconds without leader broadcasts
before a node calls an election. The default is 5.
REMOVED FEATURES
Older SMB1 protocol SMBCopy command removed
SMB is a nearly 30-year old protocol, and some protocol commands that
while supported in all versions, have not seen widespread use.
One of those is SMBCopy, a feature for a server-side copy of a file.
This feature has been so unmaintained that Samba has no testsuite for
it.
The SMB1 command SMB_COM_COPY (SMB1 command number 0x29) was
introduced in the LAN Manager 1.0 dialect and it was rendered obsolete
in the NT LAN Manager dialect.
Therefore it has been removed from the Samba smbd server.
We do note that a fully supported and tested server-side copy is
present in SMB2, and can be accessed with "scopy" subcommand in
smbclient)
SMB1 server-side wildcard expansion removed
Server-side wildcard expansion is another feature that sounds useful,
but is also rarely used and has become problematic - imposing extra
work on the server (both in terms of code and CPU time).
In actual OS design, wildcard expansion is handled in the local shell,
not at the remote server using SMB wildcard syntax (which is not shell
syntax).
In Samba 4.16 the ability to process file name wildcards in requests
using the SMB1 commands SMB_COM_RENAME (SMB1 command number 0x7),
SMB_COM_NT_RENAME (SMB1 command number 0xA5) and SMB_COM_DELETE (SMB1
command number 0x6) has been removed.
SMB1 protocol has been deprecated, particularly older dialects
We take this opportunity to remind that we have deprecated and
disabled by default, but not removed, the whole SMB1 protocol since
Samba 4.11. If needed for security purposes or code maintenance we
will continue to remove older protocol commands and dialects that are
unused or have been replaced in more modern SMB1 versions.
We specifically deprecate the older dialects older than "NT LM 0.12"
(also known as "NT LANMAN 1.0" and "NT1").
Please note that "NT LM 0.12" is the dialect used by software as old
as Windows 95, Windows NT and Samba 2.0, so this deprecation applies
to DOS and similar era clients.
We do reassure that that 'simple' operation of older clients than
these (eg DOS) will, while untested, continue for the near future, our
purpose is not to cripple use of Samba in unique situations, but to
reduce the maintaince burden.
Eventually SMB1 as a whole will be removed, but no broader change is
announced for 4.16.
In the rare case where the above changes cause incompatibilities,
users requiring support for these features will need to use older
versions of Samba.
No longer using Linux mandatory locks for sharemodes
smbd mapped sharemodes to Linux mandatory locks. This code in the Linux kernel
was broken for a long time, and is planned to be removed with Linux 5.15. This
Samba release removes the usage of mandatory locks for sharemodes and the
"kernel share modes" config parameter is changed to default to "no". The Samba
VFS interface is kept, so that file-system specific VFS modules can still use
private calls for enforcing sharemodes.
smb.conf changes
Parameter Name Description Default
-------------- ----------- -------
kernel share modes New default No
dns forwarder Changed
rpc_daemon Removed
rpc_server Removed
rpc start on demand helpers Added true
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Thu, 21 Apr 2022 19:31:30 +0000 (21:31 +0200)]
git: Update to version 2.36.0
- Update from 2.35.1 to 2.36.0
- Update of rootfile
- Changelog
2.36 Release Notes
These are too long to include here. To see the details go to the following link
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.36.0.txt
2.35.3.txt Release Notes
This release merges up the fixes that appear in v2.35.3.
2.35.2 Release Notes
This release merges up the fixes that appear in v2.30.3,
v2.31.2, v2.32.1, v2.33.2 and v2.34.2 to address the security
issue CVE-2022-24765; see the release notes for these versions
for details.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 12 Apr 2022 10:35:26 +0000 (12:35 +0200)]
stunnel: Update to version 5.63
- Update from version 5.62 to 5.63
- Update of rootfile not required
- Changelog
Version 5.63, 2022.03.15
* Security bugfixes
- OpenSSL DLLs updated to version 3.0.2.
* New features
- Updated stunnel.spec to support bash completion
* Bugfixes
- Fixed possible PRNG initialization crash (thx to Gleydson Soares).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 12 Apr 2022 10:35:10 +0000 (12:35 +0200)]
stress: Update to version 1.0.5
- Update from version 1.0.4 to 1.0.5
- Update of rootfile not required
- Changelog
Version 1.0.5
* Added CI test for GitHub.
* Migrated manpage system to txt2man.
* Modernized system install.
* Set right permissions to source code.
* Updated README and added a CONTRIBUTING file.
* Other minor changes and improvements.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 12 Apr 2022 10:34:58 +0000 (12:34 +0200)]
strace: Update to version 5.17
- Update from 5.14 to 5.17
- Update of rootfile not required
- Changelog
Noteworthy changes in release 5.17 (2022-03-26)
* Improvements
* Added 64-bit LoongArch architecture support.
* Extended personality designation syntax of syscall specification expressions
to support all@pers and %class@pers.
* Enhanced rejection of invalid syscall numbers in syscall specification
expressions.
* Implemented decoding of set_mempolicy_home_node syscall, introduced
in Linux 5.17.
* Implemented decoding of IFLA_GRO_MAX_SIZE and TCA_ACT_IN_HW_COUNT netlink
attributes.
* Implemented decoding of PR_SET_VMA operation of prctl syscall.
* Implemented decoding of siginfo_t.si_pkey field.
* Implemented decoding of LIRC ioctl commands.
* Updated lists of FAN_*, IORING_*, IOSQE_*, KEY_*, KVM_*, MODULE_INIT_*,
TCA_ACT_*, and *_MAGIC constants.
* Updated lists of ioctl commands from Linux 5.17.
Noteworthy changes in release 5.16 (2022-01-10)
* Improvements
* Implemented --secontext=mismatch option to find mismatches in SELinux
contexts.
* Implemented decoding of futex_waitv syscall introduced in Linux 5.16.
* Implemented decoding of BPF_LINK_GET_NEXT_ID and BPF_LINK_GET_FD_BY_ID bpf
syscall commands.
* Enhanced decoding of BPF_MAP_CREATE, BPF_PROG_TEST_RUN, and BPF_PROG_LOAD
bpf syscall commands.
* Enhanced decoding of BTRFS_IOC_FS_INFO ioctl command.
* Updated lists of AUDIT_*, BPF_*, BTRFS_*, DEVCONF_*, FAN_*, ETH_P_*,
IPV4_DEVCONF_*, KVM_*, NDA_*, SO_*, and V4L2_* constants.
* Updated lists of ioctl commands from Linux 5.16.
* Bug fixes
* Fixed build for older Android.
Noteworthy changes in release 5.15 (2021-12-01)
* Improvements
* Implemented --strings-in-hex=non-ascii-chars option for using hexadecimal
numbers instead of octal ones in escape sequences in the output strings.
* Implemented --decode-pids=comm option (and its alias -Y) for printing
command names for PIDs.
* Implemented --decode-pids=pidns as an alias to --pidns-translation option.
* Implemented printing of current working directory when AT_FDCWD constant
is used with --decode-fds=path option enabled.
* Improved printing of syscall names in places where the associated
AUDIT_ARCH_* value is present (ptrace PTRACE_GET_SYSCALL_INFO request,
SIGSYS siginfo_t).
* Implemented decoding of process_mrelease syscall, introduced in Linux 5.15.
* Implemented decoding of SECCOMP_GET_NOTIF_SIZES operation of seccomp
syscall.
* Implemented decoding of HDIO_*, KD*, and SECCOMP_* ioctl commands.
* Implemented decoding of RTM_NEWCACHEREPORT, RTM_{NEW,DEL,GET}NEXTHOP,
and RTM_{NEW,GET}STATS NETLINK_ROUTE netlink messages.
* Implemented decoding of AF_ALG, AF_IEEE802154, AF_MCTP, AF_NFC, AF_QIPCRTR,
AF_RRPC, AF_VSOCK, and AF_XDP socket addresses.
* Implemented decoding of AF_BRIDGE and AF_MCTP protocols for IFLA_AF_SPEC
netlink attribute.
* Implemented decoding of IFLA_BR_MCAST_QUERIER_STATE, IFLA_BR_MULTI_BOOLOPT,
IFLA_INET6_RA_MTU, IFLA_INFO_SLAVE_DATA, and IFLA_VFINFO_LIST netlink
attributes.
* Enhanced decoding of io_uring_register and times syscalls.
* Enhanced IFLA_BR_FORWARD_DELAY, IFLA_BR_MAX_AGE, IFLA_EXT_MASK,
IFLA_PROTINFO, *_INTVL, and *_TIMER netlink attribute decoding.
* Enhanced decoding of AF_IPX and AF_NETLINK socket addresses.
* Updated lists o AF_*, ARPHRD_*, BTRFS_*, DEVCONF_*, DM_*, ETH_P_*,
FAN_REPORT_*, IORING_*, MOVE_MOUNT_*, MPOL_*, PACKET_*, RTM_*, SO_*,
and XFRM_MSG_* constants.
* Updated lists of ioctl commands from Linux 5.15.
* Bug fixes
* Fixed printing of struct bpf_prog_info.map_ids array.
* Fixed behaviour of "dev", "pidfd", and "socket" arguments of the --print-fds
option to no longer imply the "path" argument.
* Fixed insufficient buffer size used for network interface name printing,
that previously led to assertions on attempts of printing interface names
that require quoting, for example, names longer than 4 characters in -xx
mode (addresses RHBZ bug #2028146).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 12 Apr 2022 10:34:42 +0000 (12:34 +0200)]
lcdproc: Update to version 0.5.9
- Update from version 0.5.7 (2016) to 0.5.9 (2017)
- Update of rootfile
- This patch brings lcdproc up to date with the most recent release.
- Although there are no new releases there are continuing ongoing commits and issue fixes
being done in the repository with the last commit being in Dec 2021.
Not sure why no new releases are being done. It looks like any of the commits that fix
issuse people have raised have to be patched by the interested people.
- Changelog
0.5.9
This is mostly a code cleanup, bugfix and maintainance release.
Drivers supporting new hardware or additional functionality
HD44780 connection type "serial" supports Portwell EZIO-100 and EZIO-300
HD44780 connection type "gpio" supports dual controller displays.
This connection type is now a full replacement for the obsolete "rpi"
connection type.
Removed configure flags
enable-permissive-menu-goto is replaced by a setting in LCDd.conf
enable-seamless-hbars is now selected by drivers that need it automatically
Other important changes
The build system now specifies the language as C99.
API: drivers need to include "shared/report.h" instead of "report.h"
libftdi1 is used if it is available instead of obsolete libftdi
display update interval is selectable from LCDd.conf
0.5.8
New drivers
futaba: for Futaba TOSD-5711BB VFDisplay commonly used on Elonex Artisan,
Fujitsu Scaleo E and FIC Spectra Media Centre PCs
linux_input: supporting event devices from the linux input subsystem
Olimex_MOD_LCD1x9: for Olimex MOD-LCD1x9
yard2LCD: for yard2
New connection types for hd44780 driver
lcm162 is a differently wired 8 bit connection type used on Nextgate NSA
network appliances
gpio is using the linux sysfs gpio interface to control a display in
4-bit mode. To build this sub-driver you need
libugpio, which is a new dependency
for lcdproc.
Obsolete connection types for hd44780 driver
The following connection types are obsolete and probably won't get bug
and security fixes:
raspberrypi: use the gpio connection type instead
piplate: use the gpio connection type together with the gpio-mcp23s08
kernel module.
pifacecad: use the gpio connection type together with the gpio-mcp23s08
kernel module.
i2c: support for this sub-driver might continue for the users of
non-linux operating systems. On linux systems it is recommended to
use the gpio connection type together with the gpio-pcf857x kernel
module.
Drivers supporting new hardware or additional functionality
icp_a106 now also supports A125 displays
NoritakeVFD added some non-essential features
Other important changes
Development of lcdproc moved to github.
Some internal data structures have changed. If you have custom LCDd
drivers, you will need to recompile them against the new version. Of
course submitting such drivers in pull requests is appreciated.
For a detailed list of bug fixes, see the ChangeLog.md included in the
distribution archive.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 12 Apr 2022 10:33:58 +0000 (12:33 +0200)]
ipset: Update to version 7.15
- Update from 7.11 to 7.15
- Update of rootfile
- Changelog
7.15
Kernel part changes
netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt()
7.14
Userspace changes
Add missing function to libipset.map and bump library version
Kernel part changes
64bit division isn't allowed on 32bit, replace it with shift
7.13
Userspace changes
When parsing protocols by number, do not check it in /etc/protocols.
Add missing hunk to patch "Allow specifying protocols by number"
Kernel part changes
Limit the maximal range of consecutive elements to add/delete fix
7.12
Userspace changes
Allow specifying protocols by number
Fix example in ipset.8 manpage
tests: add tests ipset to nftables
add ipset to nftables translation infrastructur
lib: Detach restore routine from parser
lib: split parser from command execution
Fix patch "Parse port before trying by service name"
Kernel part changes
Limit the maximal range of consecutive elements to add/delete
Backport "netfilter: use nfnetlink_unicast()"
Backport "netfilter: nfnetlink: consolidate callback type"
Backport "netfilter: nfnetlink: add struct nfnl_info and pass it to
callbacks"
Backport "netfilter: add helper function to set up the nfnetlink header
and use it"
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 5 Apr 2022 13:47:30 +0000 (15:47 +0200)]
harfbuzz: Update to version 4.2.0
- Update from 3.4.0 to 4.2.0
- Update of rootfile
- Changelog
Overview of changes leading to 4.2.0
Wednesday, March 30, 2022
- Source code reorganization, splitting large hb-ot-layout files into smaller,
per-subtable ones under OT/Layout/*. Code for more tables will follow suit in
later releases. (Garret Rieger, Behdad Esfahbod)
- Revert Indic shaper change in previous release that broke some fonts and
instead make per-syllable restriction of “GSUB” application limited to
script-specific Indic features, while applying them and discretionary
features in one go. (Behdad Esfahbod)
- Fix decoding of private in gvar table. (Behdad Esfahbod)
- Fix handling of contextual lookups that delete too many glyphs. (Behdad Esfahbod)
- Make “morx” deleted glyphs don’t block “GPOS” application. (Behdad Esfahbod)
- Various build fixes. (Chun-wei Fan, Khaled Hosny)
- New API
+hb_set_next_many() (Andrew John)
Overview of changes leading to 4.1.0
Wednesday, March 23, 2022
- Various OSS-Fuzz fixes. (Behdad Esfahbod)
- Make fallback vertical-origin match FreeType’s. (Behdad Esfahbod)
- Treat visible viramas like dependent vowels in USE shaper. (David Corbett)
- Apply presentation forms features and discretionary features in one go in
Indic shaper, which seems to match Uniscribe and CoreText behaviour.
(Behdad Esfahbod, David Corbett)
- Various bug fixes.
- New API
+hb_set_add_sorted_array() (Andrew John)
Overview of changes leading to 4.0.1
Friday, March 11, 2022
- Update OpenType to AAT mappings for “hist” and “vrtr” features.
(Florian Pircher)
- Update IANA Language Subtag Registry to 2022-03-02. (David Corbett)
- Update USE shaper to allow any non-numeric tail in a symbol cluster, and
remove obsolete data overrides. (David Corbett)
- Fix handling of baseline variations to return correctly scaled values.
(Matthias Clasen)
- A new experimental hb_subset_repack_or_fail() to repack an array of objects,
eliminating offset overflows. The API is not available unless HarfBuzz is
built with experimental APIs enabled. (Qunxin Liu)
- New experimental API
+hb_link_t
+hb_object_t
+hb_subset_repack_or_fail()
Overview of changes leading to 4.0.0
Tuesday, March 1, 2022
- New public API to create subset plan and gather information on things like
glyph mappings in the final subset. The plan can then be passed on to perform
the subsetting operation. (Garret Rieger)
- Draw API for extracting glyph shapes have been extended and finalized and is
no longer an experimental API. The draw API supports glyf, CFF and CFF2
glyph outlines tables, and applies variation settings set on the font as well
as synthetic slant. The new public API is not backward compatible with the
previous, non-public, experimental API. (Behdad Esfahbod)
- The hb-view tool will use HarfBuzz draw API to render the glyphs instead of
cairo-ft when compiled with Cairo 1.17.5 or newer, setting HB_DRAW
environment variable to 1 or 0 will force using or not use the draw API,
respectively. (Behdad Esfahbod)
- The hb-shape and hb-view tools now default to using HarfBuzz’s own font
loading functions (ot) instead of FreeType ones (ft). They also have a new
option, --font-slant, to apply synthetic slant to the font. (Behdad Esfahbod)
- HarfBuzz now supports more than 65535 (the OpenType limit) glyph shapes and
metrics. See https://github.com/be-fonts/boring-expansion-spec/issues/6 and
https://github.com/be-fonts/boring-expansion-spec/issues/7 for details.
(Behdad Esfahbod)
- New API to get the dominant horizontal baseline tag for a given script.
(Behdad Esfahbod)
- New API to get the baseline positions from the font, and synthesize missing
ones. As well as new API to get font metrics and synthesize missing ones.
(Matthias Clasen)
- Improvements to finding dependencies on Windows when building with Visual
Studio. (Chun-wei Fan)
- New buffer flag, HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT, that must be set
during shaping for HB_GLYPH_FLAG_UNSAFE_TO_CONCAT flag to be reliably
produced. This is to limit the performance hit of producing this flag to when
it is actually needed. (Behdad Esfahbod)
- Documentation improvements. (Matthias Clasen)
- New API
- General:
+HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT
+hb_var_num_t
- Draw:
+hb_draw_funcs_t
+hb_draw_funcs_create()
+hb_draw_funcs_reference()
+hb_draw_funcs_destroy()
+hb_draw_funcs_is_immutable()
+hb_draw_funcs_make_immutable()
+hb_draw_move_to_func_t
+hb_draw_funcs_set_move_to_func()
+hb_draw_line_to_func_t
+hb_draw_funcs_set_line_to_func()
+hb_draw_quadratic_to_func_t
+hb_draw_funcs_set_quadratic_to_func()
+hb_draw_cubic_to_func_t
+hb_draw_funcs_set_cubic_to_func()
+hb_draw_close_path_func_t
+hb_draw_funcs_set_close_path_func()
+hb_draw_state_t
+HB_DRAW_STATE_DEFAULT
+hb_draw_move_to()
+hb_draw_line_to()
+hb_draw_quadratic_to()
+hb_draw_cubic_to()
+hb_draw_close_path()
+hb_font_get_glyph_shape_func_t
+hb_font_funcs_set_glyph_shape_func()
+hb_font_get_glyph_shape()
- OpenType layout
+HB_OT_LAYOUT_BASELINE_TAG_IDEO_FACE_CENTRAL
+HB_OT_LAYOUT_BASELINE_TAG_IDEO_EMBOX_CENTRAL
+hb_ot_layout_get_horizontal_baseline_tag_for_script()
+hb_ot_layout_get_baseline_with_fallback()
- Metrics:
+hb_ot_metrics_get_position_with_fallback()
- Subset:
+hb_subset_plan_t
+hb_subset_plan_create_or_fail()
+hb_subset_plan_reference()
+hb_subset_plan_destroy()
+hb_subset_plan_set_user_data()
+hb_subset_plan_get_user_data()
+hb_subset_plan_execute_or_fail()
+hb_subset_plan_unicode_to_old_glyph_mapping()
+hb_subset_plan_new_to_old_glyph_mapping()
+hb_subset_plan_old_to_new_glyph_mapping()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 5 Apr 2022 13:48:00 +0000 (15:48 +0200)]
poppler: Update to version 22.04.0
- Update from 22.02.0 to 22.04.0
- Update of rootfile
- Changelog
Release 22.04.0:
core:
* Fix underline sometimes being drawn only partially
* Fix Adobe Reader not reading some of the contents we write correctly
* Fix code that workarounds some broken-ish files
* FoFiTrueType: Parse CFF2 fonts too
* FoFiTrueType: Support cmap types 2 and 13
* Fix a few small memory leaks
* code improvements
qt:
* Handle SaveAs named action
* Annotations: don't change the text color when changing the font
utils:
* pdftotext: print creation and modification date when using htmlmeta param
glib:
* Fix returning internal data of temporary strings
cpp:
* Fix code incompatibility with MSVC
build system:
* poppler internal library is no longer forced to static on MSVC
* Error out if iconv is not available and the cpp frontend is enabled
* Require FreeType 2.8
Release 22.03.0:
core:
* Signature: Fix finding Signatures that are in Pages not not in the global the Forms object
* Signature: Improve getting the path to the firefox certificate database
* Splash: Fix rendering of some joints. Issue #1212
* Fix get_poppler_localdir for relocatable Windows builds
* Minor code improvements
qt:
* Minor code improvements
utils:
* pdfimages: Fix the wrong Stream being passed for drawMaskedImage
build system:
* Small code improvements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sat, 23 Apr 2022 11:17:16 +0000 (13:17 +0200)]
fribidi: Update to version 1.0.12
- Update from 1.0.11 to 1.0.12
- Update of rootfile not required
- Changelog
Overview of changes between 1.0.11 and 1.0.12
* Various fuzzing fixes.
- Looking at the details in the commits it looks like fribidi's use of the word fuzzing
fixes basically means bug fixes. Included are fixes for a segmentation violation and a
stack buffer overflow
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sat, 23 Apr 2022 21:25:58 +0000 (23:25 +0200)]
pciutils: Update to version 3.8.0
- Update from 3.7.0 to 3.8.0
- Update of rootfile
- Changelog
* Released as 3.8.0.
* Filters can now match devices based on partially specified
class code and also on the programming interface.
* Reporting of link speeds, power limits, and virtual function tags
has been updated to the current PCIe specification.
* We decode the Data Object Exchange capability.
* Bus mapping mode works in non-zero domains.
* pci_fill_info() can fetch more fields: bridge bases, programming
interface, revision, subsystem vendor and device ID, OS driver,
and also parent bridge. Internally, the implementation was rewritten,
significantly reducing the number of corner cases to be handled.
* The Windows port was revived and greatly improved by Pali Rohár.
It requires less magic to compile. More importantly, it runs on both
old and recent Windows systems (see README.Windows for details).
* Added a new Windows back-end using the cfgmgr32 interface.
It does not provide direct access to the configuration space,
but basic information about the device is reported via pci_fill_info().
For back-ends of this type, we now provide an emulated read-only
config space.
* If the configuration space is not readable for some reason
(e.g., the cfgmgr32 back-end, but also badly implemented sleep mode
of some devices), lspci prints only information provided by the OS.
* The Hurd back-end was greatly improved thanks to Joan Lledó.
* Various minor bug fixes and improvements.
* We officially require a working C99 compiler. Sorry, MSVC.
* As usually, updated pci.ids to the current snapshot of the database.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Peter Müller [Mon, 18 Apr 2022 19:49:32 +0000 (19:49 +0000)]
efibootmgr: Update to 17
Full changelog as per https://github.com/rhboot/efibootmgr/releases/tag/17:
various CI updates
Make.defaults: fix pkg-config invocation for LDFLAGS
make_linux_load_option(): add some more efi_error() calls
Change the default partition choice.
Don't set LIBEFIBOOT_REPORT_GPT_ERRORS=1
Make it easier to build with a devel branch of efivar
efibootmgr -e: improve parsing for efivar-36 compat
Fix an invalid free()
Propogate verbosity to libefivar 36's internal logging facility
Add a bit more logging
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Peter Müller [Mon, 18 Apr 2022 20:40:41 +0000 (20:40 +0000)]
SSH: do not send spoofable TCP keep alive messages
By default, both SSH server and client rely on TCP-based keep alive
messages to detect broken sessions, which can be spoofed rather easily
in order to keep a broken session opened (and vice versa).
Since we rely on SSH-based keep alive messages, which are not vulnerable
to this kind of tampering, there is no need to double-check connections
via TCP keep alive as well.
This patch thereof disables using TCP keep alive for both SSH client and
server scenario. For usability reasons, a timeout of 5 minutes (10
seconds * 30 keep alive messages = 300 seconds) will be used for both
client and server configuration, as 60 seconds were found to be too
short for unstable connectivity scenarios.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
This release switches scp(1) from using the legacy scp/rcp protocol
to using the SFTP protocol by default.
Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.
This creates one area of potential incompatibility: scp(1) when using
the SFTP protocol no longer requires this finicky and brittle quoting,
and attempts to use it may cause transfers to fail. We consider the
removal of the need for double-quoting shell characters in file names
to be a benefit and do not intend to introduce bug-compatibility for
legacy scp/rcp in scp(1) when using the SFTP protocol.
Another area of potential incompatibility relates to the use of remote
paths relative to other user's home directories, for example -
"scp host:~user/file /tmp". The SFTP protocol has no native way to
expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later
support a protocol extension "expand-path@openssh.com" to support
this.
In case of incompatibility, the scp(1) client may be instructed to use
the legacy scp/rcp using the -O flag.
New features
------------
* ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
exchange method by default ("sntrup761x25519-sha512@openssh.com").
The NTRU algorithm is believed to resist attacks enabled by future
quantum computers and is paired with the X25519 ECDH key exchange
(the previous default) as a backstop against any weaknesses in
NTRU Prime that may be discovered in the future. The combination
ensures that the hybrid exchange offers at least as good security
as the status quo.
We are making this change now (i.e. ahead of cryptographically-
relevant quantum computers) to prevent "capture now, decrypt
later" attacks where an adversary who can record and store SSH
session ciphertext would be able to decrypt it once a sufficiently
advanced quantum computer is available.
* sftp-server(8): support the "copy-data" extension to allow server-
side copying of files/data, following the design in
draft-ietf-secsh-filexfer-extensions-00. bz2948
* sftp(1): add a "cp" command to allow the sftp client to perform
server-side file copies.
Bugfixes
--------
* ssh(1), sshd(8): upstream: fix poll(2) spin when a channel's output
fd closes without data in the channel buffer. bz3405 and bz3411
* sshd(8): pack pollfd array in server listen/accept loop. Could
cause the server to hang/spin when MaxStartups > RLIMIT_NOFILE
* ssh-keygen(1): avoid NULL deref via the find-principals and
check-novalidate operations. bz3409 and GHPR#307 respectively.
* scp(1): fix a memory leak in argument processing. bz3404
* sshd(8): don't try to resolve ListenAddress directives in the sshd
re-exec path. They are unused after re-exec and parsing errors
(possible for example if the host's network configuration changed)
could prevent connections from being accepted.
* sshd(8): when refusing a public key authentication request from a
client for using an unapproved or unsupported signature algorithm
include the algorithm name in the log message to make debugging
easier.
Portability
-----------
* sshd(8): refactor platform-specific locked account check, fixing
an incorrect free() on platforms with both libiaf and shadow
passwords (probably only Unixware) GHPR#284,
* ssh(1), sshd(8): Fix possible integer underflow in scan_scaled(3)
parsing of K/M/G/etc quantities. bz#3401.
* sshd(8): provide killpg implementation (mostly for Tandem NonStop)
GHPR#301.
* Check for missing ftruncate prototype. GHPR#301
* sshd(8): default to not using sandbox when cross compiling. On most
systems poll(2) does not work when the number of FDs is reduced
with setrlimit, so assume it doesn't when cross compiling and we
can't run the test. bz#3398.
* sshd(8): allow ppoll_time64 in seccomp sandbox. Should fix sandbox
violations on some (at least i386 and armhf) 32bit Linux platforms.
bz#3396.
* Improve detection of -fzero-call-used-regs=all support in
configure script.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Peter Müller [Mon, 18 Apr 2022 20:53:35 +0000 (20:53 +0000)]
lynis: Update to 3.0.7
Full changelog as retrieved from https://cisofy.com/changelog/lynis/#307:
- MALW-3290 - Show status of malware components
- OS detection for RHEL 6 and Funtoo Linux
- Added service manager openrc
- DBS-1804 - Added alias for MariaDB
- FINT-4316 - Support for newer Ubuntu versions
- MALW-3280 - Added Trend Micro malware agent
- NETW-3200 - Allow unknown number of spaces in modprobe blacklists
- PKGS-7320 - Support for Garuda Linux and arch-audit
- Several improvements for busybox shell
- Russian translation of Lynis extended
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.16.28/doc/arm/html/notes.html#notes-for-bind-9-16-28
"Notes for BIND 9.16.28
New Features
Add a new configuration option reuseport to disable load balancing
on sockets in situations where processing of Response Policy Zones
(RPZ), Catalog Zones, or large zone transfers can cause service
disruptions. See the BIND 9 ARM for more detail. [GL #3249]
Bug Fixes
Invalid dnssec-policy definitions, where the defined keys did not
cover both KSK and ZSK roles for a given algorithm, were being
accepted. These are now checked, and the dnssec-policy is rejected
if both roles are not present for all algorithms in use. [GL #3142]
Handling of TCP write timeouts has been improved to track the
timeout for each TCP write separately, leading to a faster
connection teardown in case the other party is not reading the data.
[GL #3200]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Security #4889: ftp: SEGV at flow cleanup due to protocol confusion
Security #5025: ftp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input
Security #5028: smtp: GetLine function buffers data indefinitely if 0x0a was not found in the frag'd input
Security #5253: Infinite loop in JsonFTPLogger
Feature #4644: pthreads: set minimum stack size
Bug #4466: dataset file not written when run as user
Bug #4678: Configuration test mode succeeds when reference.config file contains invalid content
Bug #4745: Absent app-layer protocol is always enabled by default
Bug #4819: tcp: insert_data_normal_fail can hit without triggering memcap
Bug #4823: conf: quadratic complexity
Bug #4825: pppoe decoder fails when protocol identity field is only 1 byte
Bug #4827: packetpool: packets in pool may have capture method ReleasePacket callbacks set
Bug #4838: af-packet: cluster_id is not used when trying to set fanout support
Bug #4878: datasets: memory leak in 5.0.x
Bug #4887: dnp3: buffer over read in logging base64 empty objects
Bug #4891: protodetect: SMB vs TLS protocol detection in midstream
Bug #4893: TFTP: memory leak due to missing detect state
Bug #4895: Memory leak with signature using file_data and NFS
Bug #4897: profiling: Invalid performance counter when using sampling
Bug #4901: eve: memory leak related to dns
Bug #4932: smtp: smtp transaction not logged if no email is present
Bug #4955: stream: too aggressive pruning in lossy streams
Bug #4957: SMTP assertion triggered
Bug #4959: suricatasc loop if recv returns no data
Bug #4961: dns: transaction not created when z-bit set
Bug #4963: Run stream reassembly on both directions upon receiving a FIN packet
Bug #5058: dns: probing/parser can return error when it should return incomplete
Bug #5063: Not keyword matches in Kerberos requests
Bug #5096: output: timestamp missing usecs on Arm 32bit + Musl
Bug #5099: htp: server personality radix handling issue
Bug #5101: defrag: policy config can setup radix incorrectly
Bug #5103: Application log cannot to be re-opened when running as non-root user
Bug #5105: iprep: cidr support can set up radix incorrectly
Bug #5107: detect/iponly: rule parsing does not always apply netmask correctly
Bug #5109: swf: coverity warning
Bug #5115: detect/ip_proto: inconsistent behavior when specifying protocol by string
Bug #5117: detect/iponly: mixing netblocks can lead to FN/FP
Bug #5119: smb: excessive CPU utilization and higher packet processing latency due to excessive calls to Vec::extend_from_slice()
Bug #5137: smb: excessive memory use during file transfer
Bug #5150: nfs: Integer underflow in NFS
Bug #5157: xbits: noalert is allowed in rule language with other commands
Bug #5164: iprep: use_cnt can get desynchronized (SIGABRT)
Bug #5171: detect/iponly: non-cidr netmask settings can lead incorrect radix tree
Bug #5193: SSL : over allocation for certificates
Bug #5213: content:"22 2 22"; is parsed without error
Bug #5227: 5.0.x: SMB: Wrong buffer being checked for possible overflow.
Bug #5251: smb: integer underflows and overflows
Task #5006: libhtp 0.5.40"
Additionally, I moved the 'suricata' patch files into a separate directory.
Apart from some line numbers, nothing else was changed.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Viewer
Support file/dir macros from mc.ect for standalone viewer (#4150)
Misc
Minimal version of "check" utility is 0.9.10.
Code cleanup (#4270, #4330)
Support Shift+Fn keys for KiTTY (#4325)
Filehighlight:
graphical formats: avif, jp2, jxl, heic, heif, psb, psd (#4328)
Markdown (#4351)
Fixes
FTBFS with ncurses build with --disable-widec (#4200)
There is no exit on Ubuntu PPC64 big endian (#3887)
Segfault on change panel mode (#4323)
Accelerator conflict in Left/Right? menu (#4284)
move a lot of files across filesystems is slow (#4287)
mc.ext: wrong order of rules: general matches are made before more specific ones (#4273)
mc.ext: compressed man pages are shown unformatted (#4272)
ext.d/misc.sh: invoking /bin/cat on systems that have no /bin/cat (like NixOS) (#4298)
mcedit: errors in syntax definitions (#4286)
VFS: FISH: when uploading a symbolic link, it creates both the link and its target (#4281)
VFS: SFTP: timestamps are not preserved for uploaded symlink (#4285)
VFS: EXTFS: incorrect test of isoinfo (#4326)
Typo in skin files (#3146)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
in kernel 5.15.32 the driver for ATH9K wlan cards is unstable.
This is one of the most used cards so we need this update before
releasing core167 final.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Thu, 21 Apr 2022 19:30:42 +0000 (19:30 +0000)]
kernel: Do not enforce "integrity" mode of LSM
LSM was found to render firmware flashing unusable, and patching out LSM
functionality for all features needed (such as /dev/io, direct memory
access and probably raw PCI access for older cards), this would
effectively render much of LSM's functionality useless as well.
For the time being, we do ship LSM, but do not enforce any protection
mode. Users hence can run it in "integrity" or even "confidentiality"
mode by custom commands; hopefully, we will be able to revert this
change at a future point.
Acked-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Peter Müller [Tue, 19 Apr 2022 13:57:35 +0000 (13:57 +0000)]
linux: Disable LSM for /dev/io port access
flashrom needs access to /dev/io ports for flashing firmware, a
functionality we cannot cease to support. Therefore, LSM constraints are
disabled for ioport.c, hopefully permitting us to keep it enabled.
Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 13 Apr 2022 17:07:56 +0000 (19:07 +0200)]
borgbackup: Update to version 1.2.0
- Update from 1.1.17 to 1.2.0
- Update of rootfile
- v2 version has x86_64 replaced by xxxMACHINExxx in the rootfile
- borgbackup now requires the python module pkgconfig, installed as a set with this patch
- Changelog
Compatibility notes:
dropped support / testing for older Pythons, minimum requirement is 3.8. In
case your OS does not provide Python >= 3.8, consider using our binary,
which does not need an external Python interpreter. Or continue using
borg 1.1.x, which is still supported.
freeing repository space only happens when “borg compact” is invoked.
mount: the default for --numeric-ids is False now (same as borg extract)
borg create --noatime is deprecated. Not storing atime is the default
behaviour now (use --atime if you want to store the atime).
list: corrected mix-up of “isomtime” and “mtime” formats. Previously,
“isomtime” was the default but produced a verbose human format, while
“mtime” produced a ISO-8601-like format. The behaviours have been swapped
(so “mtime” is human, “isomtime” is ISO-like), and the default is now
“mtime”. “isomtime” is now a real ISO-8601 format (“T” between date and
time, not a space).
create/recreate --list: file status for all files used to get announced
AFTER the file (with borg < 1.2). Now, file status is announced BEFORE the
file contents are processed. If the file status changes later (e.g. due to
an error or a content change), the updated/final file status will be
printed again.
removed deprecated-since-long stuff (deprecated since):
command “borg change-passphrase” (2017-02), use “borg key …”
option “--keep-tag-files” (2017-01), use “--keep-exclude-tags”
option “--list-format” (2017-10), use “--format”
option “--ignore-inode” (2017-09), use “--files-cache” w/o “inode”
option “--no-files-cache” (2017-09), use “--files-cache=disabled”
removed BORG_HOSTNAME_IS_UNIQUE env var. to use borg you must implement one
of these 2 scenarios:
the combination of FQDN and result of uuid.getnode() must be unique
and stable (this should be the case for almost everybody, except
when having duplicate FQDN and MAC address or all-zero MAC address)
if you are aware that 1) is not the case for you, you must set
BORG_HOST_ID env var to something unique.
exit with 128 + signal number, #5161. if you have scripts expecting rc == 2
for a signal exit, you need to update them to check for >= 128.
Fixes:
diff: reduce memory consumption, fix is_hardlink_master, #6295
compact: fix / improve freeable / freed space log output
derive really freed space from quota use before/after, #5679
do not say “freeable”, but “maybe freeable” (based on hint, unsure)
fix race conditions in internal SaveFile function, #6306 #6028
implement internal safe_unlink (was: truncate_and_unlink) function more
safely: usually it does not truncate any more, only under “disk full”
circumstances and only if there is only one hardlink. see:
https://github.com/borgbackup/borg/discussions/6286
Other changes:
info: use a pre12-meta cache to accelerate stats for borg < 1.2 archives.
the first time borg info is invoked on a borg 1.1 repo, it can take a
rather long time computing and caching some stats values for 1.1 archives,
which borg 1.2 archives have in their archive metadata structure. be
patient, esp. if you have lots of old archives. following invocations are
much faster due to the cache. related change: add archive name to
calc_stats progress display.
docs:
add borg 1.2 upgrade notes, #6217
link to borg placeholders and borg patterns help
init: explain the encryption modes better
clarify usage of patternfile roots
put import-tar docs into same file as export-tar docs
explain the difference between a path that ends with or without a slash,
#6297
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 13 Apr 2022 08:00:20 +0000 (10:00 +0200)]
wio.cgi: Remove code lines that are commented out
- These lines were introduced with another patch related to removing IPFire start/stop
capability from wio
- The lines were introduced in commented out form and so are doing nothing.
- It looks like they were added as part of a debugging or investigation work on wio
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Adolf Belka [Wed, 13 Apr 2022 08:00:19 +0000 (10:00 +0200)]
wio.pl: Fix bug 12799 - Remove code scanning for all potential IP's on RED interface
- The lines to scan the red interface were introduced at the time of a patch to remove
the IPFire start/stop function from wio. These lines are not related to that change
but were included in the patch with no commit message. The same lines were also added
into wio.cgi in the same patch set but in that case the lines were all commented out.
- These lines look like they were most likely added to the code for investigation or
debugging purposes. Looking at the lines in wio.pl the results obtained are not
used elsewhere in wio for obtaining info on the status of the red interface. Deleting
the lines did not affect anything related to the scanning, setup or monitoring of
systems by wio.
- The lines were wasting space but generally not creating a huge impact on pertformance.
On my production system it scans my red and comes up with a list of 1022 IP's because
of the subnet my ISP uses - xxx.yy.216.0/20
- Scanning those 1022 IP's and sorting them takes my system about 3 seconds. Without
sorting it is around the same level.
- In Bug#12799 the originator has an ISP that is using a private network that has a
defined subnet of 10.0.0.0/8 This is 16,777,214 IP's to be scanned. Even without sorting
my system would end up taking around 13 hours to do that. The bug originator found that
on certain machines that he had IPFire on wio just never stopped scanning.
- As these lines just seem to collect a large amount of IP's on red that are not related
to the actual running red IP, as there was no commit message related to their
introduction and as removing the lines on vm's running dhcp and static red interfaces
and also on my running production system for 4 weeks has shown no impact on the
monitoring capability this patch is being submitted to remove these lines from wio
Fixes: Bug#12799 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Adolf Belka [Tue, 12 Apr 2022 10:35:40 +0000 (12:35 +0200)]
tshark: Update to version 3.6.3
- Update from 3.4.7 to 3.6.3
- Update of rootfile
- find-dependencies run due to sobump - nothing reported
- Changelog - a range of changes including many bug fixes and several vulnerabilities
Wireshark 3.6.3 Release Notes
Bug Fixes
• Fuzz job crash output: fuzz-2022-01-19-7399.pcap Issue 17894[1].
• TLS dissector incorrectly reports JA3 values Issue 17942[2].
• "Wiki Protocol page" in packet details menu is broken - wiki
pages not migrated to GitLab? Issue 17944[3].
• Dissector bug, protocol PFCP display Flow Description IE value
error in Additional Flow Description of PFD Management Request
Message Issue 17951[4].
• Bluetooth: Fails to open Log file for SCO connection Issue
17964[5].
• Fuzz job crash output: fuzz-2022-03-07-10896.pcap Issue 17984[6].
• libwiretap: Save as ERF causes segmentation fault Issue 17989[7].
• HTTP server returning multiple early hints shows too many
responses in "Follow HTTP Stream" Issue 18006[8].
New and Updated Features
Updated Protocol Support
CSN.1, HTTP, IEEE 802.11, NTLM SSP, PFCP, PKTLOG, SSDP, TLS, and USB
HID
New and Updated Capture File Support
pcap and pcapng
Wireshark 3.6.2 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2022-01[1] RTMPT dissector infinite loop. Issue
17813[2].
• wnpa-sec-2022-02[3] Large loops in multiple dissectors. Issue
17829[4], Issue 17842[5], Issue 17847[6], Issue 17855[7], Issue
17891[8], Issue 17925[9], Issue 17926[10], Issue 17931[11], Issue
17932[12], Issue 17933[13].
• wnpa-sec-2022-03[14] PVFS dissector crash. Issue 17840[15].
• wnpa-sec-2022-04[16] CSN.1 dissector crash. Issue 17882[17].
• wnpa-sec-2022-05[18] CMS dissector crash. Issue 17935[19].
The following bugs have been fixed:
• Support for GSM SMS TPDU in HTTP2 body Issue 17784[20].
• Wireshark 3.6.1 broke the ABI by removing ws_log_default_writer
from libwsutil Issue 17822[21].
• Fedora RPM package build failing with RPATH of /usr/local/lib64
Issue 17830[22].
• macos-setup.sh: ftp.pcre.org no longer exists Issue 17834[23].
• nmap.org/npcap → npcap.com: domain/URL change Issue 17838[24].
• MPLS ECHO FEC stack change TLV not dissected correctly Issue
17868[25].
• Attempting to open a systemd journal export file segfaults Issue
17875[26].
• Dissector bug on 802.11ac packets Issue 17878[27].
• The Info column shows only one NGAP/S1AP packet of several
packets inside an SCTP packet Issue 17886[28].
• Uninstalling Wireshark 3.6.1 on Windows 10 fails to remove the
installation directory because it doesn’t remove the User’s Guide
subdirectory and all its contents. Issue 17898[29].
• 3.6 doesn’t build without zlib Issue 17899[30].
• SIP Statistics no longer properly reporting method type
accounting Issue 17904[31].
• Fuzz job crash output: fuzz-2022-01-26-6940.pcap Issue 17909[32].
• SCTP retransmission detection broken for the first data chunk of
each association with relative TSN Issue 17917[33].
• “Show In Folder” doesn’t work correctly for filenames with spaces
Issue 17927[34].
New and Updated Features
Updated Protocol Support
AMP, ASN.1 PER, ATN-ULCS, BGP, BP, CFLOW, CMS, CSN.1, GDSDB, GSM RP,
GTP, HTTP3, IEEE 802.11 Radiotap, IPDC, ISAKMP, Kafka, MP2T, MPEG
PES, MPEG SECT, MPLS ECHO, NGAP, NTLMSSP, OpenFlow 1.4, OpenFlow 1.5,
P_MUL, PN-RT, PROXY, PTP, PVFS, RSL, RTMPT, rtnetlink, S1AP, SCTP,
Signal PDU, SIP, TDS, USB, WAP, and ZigBee ZCL
New and Updated Capture File Support
BLF and libpcap
Wireshark 3.6.1 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2021-17[1] RTMPT dissector infinite loop. Issue
17745[2]. CVE-2021-4185[3].
• wnpa-sec-2021-18[4] BitTorrent DHT dissector infinite loop. Issue
17754[5]. CVE-2021-4184[6].
• wnpa-sec-2021-19[7] pcapng file parser crash. Issue 17755[8].
CVE-2021-4183[9].
• wnpa-sec-2021-20[10] RFC 7468 file parser infinite loop. Issue
17801[11]. CVE-2021-4182[12].
• wnpa-sec-2021-21[13] Sysdig Event dissector crash.
CVE-2021-4181[14].
• wnpa-sec-2021-22[15] Kafka dissector infinite loop. Issue
17811[16].
The following bugs have been fixed:
• Allow sub-second timestamps in hexdumps Issue 15562[17].
• GRPC: An unnecessary empty Protobuf tree item is displayed if the
GRPC message body length is 0 Issue 17675[18].
• Can’t install "ChmodBPF.pkg" or "Add Wireshark to the system
path.pkg" on M1 MacBook Air Monterey without Rosetta 2 Issue
17757[19].
• TECMP: LIN Payload is cut off by 1 byte Issue 17760[20].
• Wireshark crashes if a 64 bit field of type BASE_CUSTOM is
applied as a column Issue 17762[21].
• Command line option "-o console.log.level" causes wireshark and
tshark to exit on start Issue 17763[22].
• Setting WIRESHARK_LOG_LEVEL=debug breaks interface capture Issue
17764[23].
• Unable to build without tshark Issue 17766[24].
• IEEE 802.11 action frames are not getting parsed and always seen
as malformed Issue 17767[25].
• IEC 60870-5-101 link address field is 1 byte, but should have
configurable length of 0,1 or 2 bytes Issue 17775[26].
• dfilter: 'tcp.port not in {1}' crashes Wireshark Issue 17785[27].
New and Updated Features
• The 'console.log.level' preference was removed in Wireshark
3.6.0. This release adds an '-o console.log.level:'
backward-compatibilty option on the CLI that maps to the new
logging sub-system. Note that this does not have bitmask
semantics and does not correspond to any actual preference. It is
just a transition mechanism for users that were relying on this
CLI option and will be removed in the future. To see the new
diagnostic output options consult the manpages or the output of
'--help'.
Updated Protocol Support
ANSI A I/F, AT, BitTorrent DHT, FF, GRPC, IEC 101/104, IEEE 802.11,
IEEE 802.11 Radiotap, IPsec, Kafka, QUIC, RTMPT, RTSP, SRVLOC, Sysdig
Event, and TECMP
New and Updated Capture File Support
BLF and RFC 7468
Wireshark 3.6.0 Release Notes
Many improvements have been made. See the “New and Updated Features”
section below for more details. You might want to pay particular
attention to the display filter syntax updates.
New and Updated Features
The following features are new (or have been significantly updated)
since version 3.6.0rc3:
• The macOS Intel packages now ship with Qt 5.15.3 and require
macOS 10.13 or later.
The following features are new (or have been significantly updated)
since version 3.6.0rc2:
• Display filter set elements must now be comma-separated. See
below for more details.
The following features are new (or have been significantly updated)
since version 3.6.0rc1:
• The display filter expression “a != b” now has the same meaning
as “!(a == b)”.
The following features are new (or have been significantly updated)
since version 3.5.0:
• Nothing of note.
The following features are new (or have been significantly updated)
since version 3.4.0:
• Several changes have been made to the display filter syntax:
• The expression “a != b” now always has the same meaning as
“!(a == b)”. In particular this means filter expressions with
multi-value fields like “ip.addr != 1.1.1.1” will work as
expected (the result is the same as typing “ip.src != 1.1.1.1 and
ip.dst != 1.1.1.1”). This avoids the contradiction (a == b and a
!= b) being true.
• It is possible to use the syntax “a ~= b” or “a any_ne b” to
recover the previous (inconsistent with "==") logic for not
equal.
• Literal strings can now be specified using raw string syntax,
identical to raw strings in the Python programming language. This
can be used to avoid the complexity of using two levels of
character escapes with regular expressions.
• Set elements must now be separated using a comma. A filter
such as http.request.method in {"GET" "HEAD"} must be written as
… in {"GET", "HEAD"}. Whitespace is not significant. The
previous use of whitespace as separator is deprecated and will be
removed in a future version.
• Support for the syntax "a not in b" with the same meaning as
"not a in b" has been added.
• Packaging updates:
• A macOS Arm 64 (Apple Silicon) package is now available.
• The macOS Intel packages now ship with Qt 5.15.3 and require
macOS 10.13 or later.
• The Windows installers now ship with Npcap 1.55.
• A 64-bit Windows PortableApps package is now available.
• TCP conversations now support a completeness criteria, which
facilitates the identification of TCP streams having any of
opening or closing handshakes, a payload, in any combination. It
can be accessed with the new tcp.completeness filter.
• Protobuf fields that are not serialized on the wire or otherwise
missing in capture files can now be displayed with default values
by setting the new “add_default_value” preference. The default
values might be explicitly declared in “proto2” files, or false
for bools, first value for enums, zero for numeric types.
• Wireshark now supports reading Event Tracing for Windows (ETW). A
new extcap named ETW reader is created that now can open an etl
file, convert all events in the file to DLT_ETW packets and write
to a specified FIFO destination. Also, a new packet_etw dissector
is created to dissect DLT_ETW packets so Wireshark can display
the DLT_ETW packet header, its message and packet_etw dissector
calls packet_mbim sub_dissector if its provider matches the MBIM
provider GUID.
• “Follow DCCP stream” feature to filter for and extract the
contents of DCCP streams.
• Wireshark now supports dissecting RTP packets with OPUS payloads.
• Importing captures from text files based on regular expressions
is now possible. By specifying a regex capturing a single packet
including capturing groups for relevant fields a textfile can be
converted to a libpcap capture file. Supported data encodings are
plain-hexadecimal, -octal, -binary and base64. Also the timestamp
format now allows the second-fractions to be placed anywhere in
the timestamp and it will be stored with nanosecond instead of
microsecond precision.
• The RTP Player has been significatnly redesigned and improved.
See Playing VoIP Calls[1] and RTP Player Window[2] in the User’s
Guide for more details.
• The RTP Player can play many streams in row.
• The UI is more responsive.
• The RTP Player maintains playlist and other tools can add and
remove streams to and from it.
• Every stream can be muted or routed to the left or right
channel for replay.
• The option to save audio has been moved from the RTP Analysis
dialog to the RTP Player. The RTP Player also saves what was
played, and it can save in multichannel .au or .wav.
• The RTP Player is now accessible from the Telephony › RTP ›
RTP Player menu.
• The VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP
Player, SIP Flows) are non-modal and can stay opened on
background.
• The same tools are provided across all dialogs (Prepare
Filter, Analyse, RTP Player …)
• The “Follow Stream” dialog is now able to follow SIP calls based
on their Call-ID value.
• The “Follow Stream” dialog’s YAML output format has been updated
to add timestamps and peers information For more details see
Following Protocol Streams[3] in the User’s Guide.
• IP fragments between public IPv4 addresses are now reassembled
even if they have different VLAN IDs. Reassembly of IP fragments
where one endpoint is a private (RFC 1918 section 3) or
link-local (RFC 3927) IPv4 address continues to take the VLAN ID
into account, as those addresses can be reused. To revert to the
previous behavior and not reassemble fragments with different
VLAN IDs, turn on the “Enable stricter conversation tracking
heuristics” top level protocol preference.
• USB Link Layer reassembly has been added, which allows hardware
captures to be analyzed at the same level as software captures.
• TShark can now export TLS session keys with the
--export-tls-session-keys option.
• Wireshark participated in the Google Season of Docs 2020 and the
User’s Guide has been extensively updated.
• The “RTP Stream Analysis” dialog CSV export format was slightly
changed. The first line of the export contains column titles as
in other CSV exports.
• Wireshark now supports the Turkish language.
• The settings in the “Import from Hex Dump” dialog is now stored
in a profile import_hexdump.json file.
• Analyze › Reload Lua Plugins has been improved to properly
support FileHandler.
• The “RTP Stream Analysis” and “IAX2 Stream Analysis” dialogs now
show correct calculation mean jitter calculations.
• RTP streams are now created based on Skinny protocol messages in
addition to other types of messages.
• The “VoIP Calls Flow Sequence” window shows more information
about various Skinny messages.
• Initial support for building Wireshark on Windows using GCC and
MinGW-w64 has been added. See README.msys2 in the sources for
more information.
New File Format Decoding Support
Vector Informatik Binary Log File (BLF)
New Protocol Support
5G Lawful Interception (5GLI), Bluetooth Link Manager Protocol (BT
LMP), Bundle Protocol version 7 (BPv7), Bundle Protocol version 7
Security (BPSec), CBOR Object Signing and Encryption (COSE), E2
Application Protocol (E2AP), Event Tracing for Windows (ETW), EXtreme
extra Eth Header (EXEH), High-Performance Connectivity Tracer
(HiPerConTracer), ISO 10681, Kerberos SPAKE, Linux psample protocol,
Local Interconnect Network (LIN), Microsoft Task Scheduler Service,
O-RAN E2AP, O-RAN fronthaul UC-plane (O-RAN), Opus Interactive Audio
Codec (OPUS), PDU Transport Protocol, R09.x (R09), RDP Dynamic
Channel Protocol (DRDYNVC), RDP Graphic pipeline channel Protocol
(EGFX), RDP Multi-transport (RDPMT), Real-Time Publish-Subscribe
Virtual Transport (RTPS-VT), Real-Time Publish-Subscribe Wire
Protocol (processed) (RTPS-PROC), Shared Memory Communications (SMC),
Signal PDU, SparkplugB, State Synchronization Protocol (SSyncP),
Tagged Image File Format (TIFF), TP-Link Smart Home Protocol, UAVCAN
DSDL, UAVCAN/CAN, UDP Remote Desktop Protocol (RDPUDP), Van Jacobson
PPP compression (VJC), World of Warcraft World (WOWW), and X2 xIRI
payload (xIRI)
Updated Protocol Support
Too many protocols have been updated to list here.
New and Updated Capture File Support
Vector Informatik Binary Log File (BLF)
Wireshark 3.4.9 Release Notes
Bug Fixes
• TShark PDML output embeds "proto" elements within other "proto"
elements Issue 10588[1].
• Filter expressions comparing against single-octet hex strings
where the hex digit string equals a protocol name don’t work
Issue 12810[2].
• AMQP 0.9: dissector fails to handle Content-Body frame split
across TCP packets Issue 14217[3].
• IEEE 802.15.4: Missing check on "PAN ID Present" bit of the
Multipurpose Frame Control field Issue 17496[4].
• Wireshark ignored some character in filename when exporting SMB
objects. Issue 17530[5].
• tshark -z credentials: assertion failed: (allocator→in_scope)
Issue 17576[6].
• IS-IS Extended IP Reachability Prefix-SID not decoded properly
Issue 17610[7].
• Error when reloading lua plugins with a capture file loaded via a
custom lua file handler Issue 17615[8].
• Absolute time UTC field filters are constructed incorrectly,
don’t match the packet Issue 17617[9].
• GUI freezes when clicking on large (non-capture) file in File
chooser Issue 17620[10].
• Crash after selecting a different profile while capturing Issue
17622[11].
• BT-DHT reports malformed packets that are actually uTP on same
connection Issue 17626[12].
Updated Protocol Support
AMQP, Aruba IAP, BGP, BT-DHT, CoAP, DCERPC SPOOLSS, Diameter, EPL,
GSM A-bis OML, GSM A-I/F COMMON, GSM SIM, IEEE 1905.1a, IEEE
802.15.4, IMAP, InfiniBand, ISIS LSP, ISObus VT, JPEG, MP2T,
NORDIC_BLE, QUIC, RTCP, SDP, SMB, TWAMP-Control, USB HID, and VSS
Monitoring
New and Updated Capture File Support
CAM Inspector, Ixia IxVeriWave, pcapng, and USBDump
Wireshark 3.4.8 Release Notes
Bug Fixes
• Dissector bug reported for Bluetooth Cycling Power Measurement
characteristic for extreme angles value Issue 17505[1].
• vcruntime140_1.dll deleted on Wireshark update/install Issue
17506[2].
• Raknet Addresses are incorrectly identified. Issue 17509[3].
• Editcap saving files as ethernet when specifying '-T
ieee-802-11-*' Issue 17520[4].
• CoAP dissector confuses Content-Format with Accept Issue
17536[5].
Updated Protocol Support
BT ATT, BT LE LL, CoAP, DLM3, GSM SIM, iLBC, and RakNet
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:20 +0000 (13:18 +0200)]
python3-urllib3: Update to version 1.26.9
- Update from 1.26.7 to 1.26.9
- Update of rootfile
- Changelog
1.26.9 (2022-03-16)
* Changed ``urllib3[brotli]`` extra to favor installing Brotli libraries that are still
receiving updates like ``brotli`` and ``brotlicffi`` instead of ``brotlipy``.
This change does not impact behavior of urllib3, only which dependencies are installed.
* Fixed a socket leaking when ``HTTPSConnection.connect()`` raises an exception.
* Fixed ``server_hostname`` being forwarded from ``PoolManager`` to ``HTTPConnectionPool``
when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL.
1.26.8 (2022-01-07)
* Added extra message to ``urllib3.exceptions.ProxyError`` when urllib3 detects that
a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP.
* Added a mention of the size of the connection pool when discarding a connection due to the pool being full.
* Added explicit support for Python 3.11.
* Deprecated the ``Retry.MAX_BACKOFF`` class property in favor of ``Retry.DEFAULT_MAX_BACKOFF``
to better match the rest of the default parameter names. ``Retry.MAX_BACKOFF`` is removed in v2.0.
* Changed location of the vendored ``ssl.match_hostname`` function from ``urllib3.packages.ssl_match_hostname``
to ``urllib3.util.ssl_match_hostname`` to ensure Python 3.10+ compatibility after being repackaged
by downstream distributors.
* Fixed absolute imports, all imports are now relative.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:19 +0000 (13:18 +0200)]
python3-typing-extensions: Update to version 4.1.1
- Update from 4.0.1 to 4.1.1
- Update of rootfile
- Changelog
# Release 4.1.1 (February 13, 2022)
- Fix importing `typing_extensions` on Python 3.7.0 and 3.7.1. Original
patch by Nikita Sobolev (@sobolevn).
# Release 4.1.0 (February 12, 2022)
- Runtime support for PEP 646, adding `typing_extensions.TypeVarTuple`
and `typing_extensions.Unpack`.
- Add interaction of `Required` and `NotRequired` with `__required_keys__`,
`__optional_keys__` and `get_type_hints()`. Patch by David Cabot (@d-k-bo).
- Runtime support for PEP 675 and `typing_extensions.LiteralString`.
- Add `Never` and `assert_never`. Backport from bpo-46475.
- `ParamSpec` args and kwargs are now equal to themselves. Backport from
bpo-46676. Patch by Gregory Beauregard (@GBeauregard).
- Add `reveal_type`. Backport from bpo-46414.
- Runtime support for PEP 681 and `typing_extensions.dataclass_transform`.
- `Annotated` can now wrap `ClassVar` and `Final`. Backport from
bpo-46491. Patch by Gregory Beauregard (@GBeauregard).
- Add missed `Required` and `NotRequired` to `__all__`. Patch by
Yuri Karabas (@uriyyo).
- The `@final` decorator now sets the `__final__` attribute on the
decorated object to allow runtime introspection. Backport from
bpo-46342.
- Add `is_typeddict`. Patch by Chris Moradi (@chrismoradi) and James
Hilton-Balfe (@Gobot1234).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:18 +0000 (13:18 +0200)]
python3-tomli: Update to version 2.0.1
- Update from 2.0.0 to 2.0.1
- Update of rootfile
- Changelog
2.0.1
Improve
Make bundling easier by using relative imports internally and adding
license and copyright notice to source files.
Make error messages more uniform
Raise a friendly TypeError for wrong file mode
Allow parse_float to return objects having the append attr
Eagerly raise an error if parse_float returns an illegal type
Packaging
Move from pytest testing framework to unittest and remove python-dateutil
test dependency. Tests now only require Python interpreter.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:17 +0000 (13:18 +0200)]
python3-setuptools: Update to version 62.0.0
- Update from 59.5.0 to 62.0.0
- Update of rootfile
- Changelog
v62.0.0
Breaking Changes
* #3151: Made ``setup.py develop --user`` install to the user site packages directory even if it is disabled in the current interpreter.
Changes
* #3153: When resolving requirements use both canonical and normalized names -- by :user:`ldaniluk`
* #3167: Honor unix file mode in ZipFile when installing wheel via ``install_as_egg`` -- by :user:`delijati`
Misc
* #3088: Fixed duplicated tag with the ``dist-info`` command.
* #3247: Fixed problem preventing ``readme`` specified as dynamic in ``pyproject.toml``
from being dynamically specified in ``setup.py``.
v61.3.1
Misc
* #3233: Included missing test file ``setupcfg_examples.txt`` in ``sdist``.
* #3233: Added script that allows developers to download ``setupcfg_examples.txt`` prior to
running tests. By caching these files it should be possible to run the test suite
offline.
v61.3.0
Changes
* #3229: Disabled automatic download of ``trove-classifiers`` to facilitate reproducibility.
Misc
* #3229: Updated ``pyproject.toml`` validation via ``validate-pyproject`` v0.7.1.
* #3229: New internal tool made available for updating the code responsible for
the validation of ``pyproject.toml``.
This tool can be executed via ``tox -e generate-validation-code``.
v61.2.0
Changes
* #3215: Ignored a subgroup of invalid ``pyproject.toml`` files that use the ``[project]``
table to specify only ``requires-python`` (**transitional**).
.. warning::
Please note that future releases of setuptools will halt the build process
if a ``pyproject.toml`` file that does not match doc:`the PyPA Specification
<PyPUG:specifications/declaring-project-metadata>` is given.
* #3215: Updated ``pyproject.toml`` validation, as generated by ``validate-pyproject==0.6.1``.
* #3218: Prevented builds from erroring if the project specifies metadata via
``pyproject.toml``, but uses other files (e.g. ``setup.py``) to complement it,
without setting ``dynamic`` properly.
.. important::
This is a **transitional** behaviour.
Future releases of ``setuptools`` may simply ignore externally set metadata
not backed by ``dynamic`` or even halt the build with an error.
* #3224: Merge changes from pypa/distutils@e1d5c9b1f6
Documentation changes
* #3217: Fixed typo in ``pyproject.toml`` example in Quickstart -- by :user:`pablo-cardenas`.
Misc
* #3223: Fixed missing requirements with environment markers when
``optional-dependencies`` is set in ``pyproject.toml``.
v61.1.1
Misc
* #3212: Fixed missing dependencies when running ``setup.py install``.
Note that calling ``setup.py install`` directly is still deprecated and
will be removed in future versions of ``setuptools``.
Please check the release notes for :ref:`setup_install_deprecation_note`.
v61.1.0
Deprecations
* #3206: Changed ``setuptools.convert_path`` to an internal function that is not exposed
as part of setuptools API.
Future releases of ``setuptools`` are likely to remove this function.
Changes
* #3202: Changed behaviour of auto-discovery to not explicitly expand ``package_dir``
for flat-layouts and to not use relative paths starting with ``./``.
* #3203: Prevented ``pyproject.toml`` parsing from overwriting
``dist.include_package_data`` explicitly set in ``setup.py`` with default
value.
* #3208: Added a warning for non existing files listed with the ``file`` directive in
``setup.cfg`` and ``pyproject.toml``.
* #3208: Added a default value for dynamic ``classifiers`` in ``pyproject.toml`` when
files are missing and errors being ignored.
* #3211: Disabled auto-discovery when distribution class has a ``configuration``
attribute (e.g. when the ``setup.py`` script contains ``setup(...,
configuration=...)``). This is done to ensure extension-only packages created
with ``numpy.distutils.misc_util.Configuration`` are not broken by the safe
guard
behaviour to avoid accidental multiple top-level packages in a flat-layout.
.. note::
Users that don't set ``packages``, ``py_modules``, or ``configuration`` are
still likely to observe the auto-discovery behavior, which may halt the
build if the project contains multiple directories and/or multiple Python
files directly under the project root.
To disable auto-discovery please explicitly set either ``packages`` or
``py_modules``. Alternatively you can also configure :ref:`custom-discovery`.
v61.0.0
Deprecations
* #3068: Deprecated ``setuptools.config.read_configuration``,
``setuptools.config.parse_configuration`` and other functions or classes
from ``setuptools.config``.
Users that still need to parse and process configuration from ``setup.cfg`` can
import a direct replacement from ``setuptools.config.setupcfg``, however this
module is transitional and might be removed in the future
(the ``setup.cfg`` configuration format itself is likely to be deprecated in the future).
Breaking Changes
* #2894: If you purposefully want to create an *"empty distribution"*, please be aware
that some Python files (or general folders) might be automatically detected and
included.
Projects that currently don't specify both ``packages`` and ``py_modules`` in their
configuration and contain extra folders or Python files (not meant for distribution),
might see these files being included in the wheel archive or even experience
the build to fail.
You can check details about the automatic discovery (and how to configure a
different behaviour) in :doc:`/userguide/package_discovery`.
* #3067: If the file ``pyproject.toml`` exists and it includes project
metadata/config (via ``[project]`` table or ``[tool.setuptools]``),
a series of new behaviors that are not backward compatible may take place:
- The default value of ``include_package_data`` will be considered to be ``True``.
- Setuptools will attempt to validate the ``pyproject.toml`` file according
to PEP 621 specification.
- The values specified in ``pyproject.toml`` will take precedence over those
specified in ``setup.cfg`` or ``setup.py``.
Changes
* #2887: **[EXPERIMENTAL]** Added automatic discovery for ``py_modules`` and ``packages``
-- by :user:`abravalheri`.
Setuptools will try to find these values assuming that the package uses either
the *src-layout* (a ``src`` directory containing all the packages or modules),
the *flat-layout* (package directories directly under the project root),
or the *single-module* approach (an isolated Python file, directly under
the project root).
The automatic discovery will also respect layouts that are explicitly
configured using the ``package_dir`` option.
For backward-compatibility, this behavior will be observed **only if both**
``py_modules`` **and** ``packages`` **are not set**.
(**Note**: specifying ``ext_modules`` might also prevent auto-discover from
taking place)
If setuptools detects modules or packages that are not supposed to be in the
distribution, please manually set ``py_modules`` and ``packages`` in your
``setup.cfg`` or ``setup.py`` file.
If you are using a *flat-layout*, you can also consider switching to
*src-layout*.
* #2887: **[EXPERIMENTAL]** Added automatic configuration for the ``name`` metadata
-- by :user:`abravalheri`.
Setuptools will adopt the name of the top-level package (or module in the case
of single-module distributions), **only when** ``name`` **is not explicitly
provided**.
Please note that it is not possible to automatically derive a single name when
the distribution consists of multiple top-level packages or modules.
* #3066: Added vendored dependencies for :pypi:`tomli`, :pypi:`validate-pyproject`.
These dependencies are used to read ``pyproject.toml`` files and validate them.
* #3067: **[EXPERIMENTAL]** When using ``pyproject.toml`` metadata,
the default value of ``include_package_data`` is changed to ``True``.
* #3068: **[EXPERIMENTAL]** Add support for ``pyproject.toml`` configuration
(as introduced by :pep:`621`). Configuration parameters not covered by
standards are handled in the ``[tool.setuptools]`` sub-table.
In the future, existing ``setup.cfg`` configuration
may be automatically converted into the ``pyproject.toml`` equivalent before taking effect
(as proposed in #1688). Meanwhile users can use automated tools like
:pypi:`ini2toml` to help in the transition.
Please note that the legacy backend is not guaranteed to work with
``pyproject.toml`` configuration.
-- by :user:`abravalheri`
* #3125: Implicit namespaces (as introduced in :pep:`420`) are now considered by default
during :doc:`package discovery </userguide/package_discovery>`, when
``setuptools`` configuration and project metadata are added to the
``pyproject.toml`` file.
To disable this behaviour, use ``namespaces = False`` when explicitly setting
the ``[tool.setuptools.packages.find]`` section in ``pyproject.toml``.
This change is backwards compatible and does not affect the behaviour of
configuration done in ``setup.cfg`` or ``setup.py``.
* #3152: **[EXPERIMENTAL]** Added support for ``attr:`` and ``cmdclass`` configurations
in ``setup.cfg`` and ``pyproject.toml`` when ``package_dir`` is implicitly
found via auto-discovery.
* #3178: Postponed importing ``ctypes`` when hiding files on Windows.
This helps to prevent errors in systems that might not have ``libffi`` installed.
* #3179: Merge with pypa/distutils@267dbd25ac
Documentation changes
* #3172: Added initial documentation about configuring ``setuptools`` via ``pyproject.toml``
(using standard project metadata).
Misc
* #3065: Refactored ``setuptools.config`` by separating configuration parsing (specific
to the configuration file format, e.g. ``setup.cfg``) and post-processing
(which includes directives such as ``file:`` that can be used across different
configuration formats).
v60.10.0
Changes
* #2971: Deprecated upload_docs command, to be removed in the future.
* #3137: Use samefile from stdlib, supported on Windows since Python 3.2.
* #3170: Adopt nspektr (vendored) to implement Distribution._install_dependencies.
Documentation changes
* #3144: Added documentation on using console_scripts from setup.py, which was previously only shown in setup.cfg -- by :user:`xhlulu`
* #3148: Added clarifications about ``MANIFEST.in``, that include links to PyPUG docs
and more prominent mentions to using a revision control system plugin as an
alternative.
* #3148: Removed mention to ``pkg_resources`` as the recommended way of accessing data
files, in favour of importlib.resources.
Additionally more emphasis was put on the fact that *package data files* reside
**inside** the *package directory* (and therefore should be *read-only*).
Misc
* #3120: Added workaround for intermittent failures of backend tests on PyPy.
These tests now are marked with `XFAIL
<https://docs.pytest.org/en/stable/how-to/skipping.html>`_, instead of erroring
out directly.
* #3124: Improved configuration for :pypi:`rst-linker` (extension used to build the
changelog).
* #3133: Enhanced isolation of tests using virtual environments - PYTHONPATH is not leaking to spawned subprocesses -- by :user:`befeleme`
* #3147: Added options to provide a pre-built ``setuptools`` wheel or sdist for being
used during tests with virtual environments.
Paths for these pre-built distribution files can now be set via the environment
variables: ``PRE_BUILT_SETUPTOOLS_SDIST`` and ``PRE_BUILT_SETUPTOOLS_WHEEL``.
v60.9.3
Misc
* #3093: Repaired automated release process.
v60.9.2
Misc
* #3035: When loading distutils from the vendored copy, rewrite ``__name__`` to ensure consistent importing from inside and out.
v60.9.1
Misc
* #3102: Prevent vendored importlib_metadata from loading distributions from older importlib_metadata.
* #3103: Fixed issue where string-based entry points would be omitted.
* #3107: Bump importlib_metadata to 4.11.1 addressing issue with parsing requirements in egg-info as found in PyPy.
v60.9.0
Changes
* #2876: In the build backend, allow single config settings to be supplied.
* #2993: Removed workaround in distutils hack for get-pip now that pypa/get-pip#137 is closed.
* #3085: Setuptools no longer relies on ``pkg_resources`` for entry point handling.
* #3098: Bump vendored packaging to 21.3.
* Removed bootstrap script.
v60.8.2
Misc
* #3091: Make ``concurrent.futures`` import lazy in vendored ``more_itertools``
package to a avoid importing threading as a side effect (which caused
`gevent/gevent#1865 <https://github.com/gevent/gevent/issues/1865>`__).
-- by :user:`maciejp-ro`
v60.8.1
Misc
* #3084: When vendoring jaraco packages, ensure the namespace package is converted to a simple package to support zip importer.
v60.8.0
Changes
* #3085: Setuptools now vendors importlib_resources and importlib_metadata and jaraco.text. Setuptools no longer relies on pkg_resources for ensure_directory nor parse_requirements.
v60.7.1
Misc
* #3072: Remove lorem_ipsum from jaraco.text when vendored.
v60.7.0
Changes
* #3061: Vendored jaraco.text and use line processing from that library in pkg_resources.
Misc
* #3070: Avoid AttributeError in easy_install.create_home_path when sysconfig.get_config_vars values are not strings.
v60.6.0
Changes
* #3043: Merge with pypa/distutils@bb018f1ac3 including consolidated behavior in sysconfig.get_platform (pypa/distutils#104).
* #3057: Don't include optional ``Home-page`` in metadata if no ``url`` is specified. -- by :user:`cdce8p`
* #3062: Merge with pypa/distutils@b53a824ec3 including improved support for lib directories on non-x64 Windows builds.
Documentation changes
* #2897: Added documentation about wrapping ``setuptools.build_meta`` in a in-tree
custom backend. This is a :pep:`517`-compliant way of dynamically specifying
build dependencies (e.g. when platform, OS and other markers are not enough).
-- by :user:`abravalheri`
* #3034: Replaced occurrences of the defunct distutils-sig mailing list with pointers
to GitHub Discussions.
-- by :user:`ashemedai`
* #3056: The documentation has stopped suggesting to add ``wheel`` to
:pep:`517` requirements -- by :user:`webknjaz`
Misc
* #3054: Used Py3 syntax ``super().__init__()`` -- by :user:`imba-tjd`
v60.5.4
Misc
* #3009: Remove filtering of distutils warnings.
* #3031: Suppress distutils replacement when building or testing CPython.
v60.5.3
Misc
* #3026: Honor sysconfig variables in easy_install.
v60.5.2
Misc
* #2993: In _distutils_hack, for get-pip, simulate existence of setuptools.
v60.5.1
Misc
* #2918: Correct support for Python 3 native loaders.
v60.5.0
Changes
* #2990: Set the ``.origin`` attribute of the ``distutils`` module to the module's ``__file__``.
v60.4.0
Changes
* #2839: Removed ``requires`` sorting when installing wheels as an egg dir.
* #2953: Fixed a bug that easy install incorrectly parsed Python 3.10 version string.
* #3006: Fixed startup performance issue of Python interpreter due to imports of
costly modules in ``_distutils_hack`` -- by :user:`tiran`
Documentation changes
* #2674: Added link to additional resources on packaging in Quickstart guide
* #3008: "In-tree" Sphinx extension for "favicons" replaced with ``sphinx-favicon``.
* #3008: SVG images (logo, banners, ...) optimised with the help of the ``scour``
package.
Misc
* #2862: Added integration tests that focus on building and installing some packages in
the Python ecosystem via ``pip`` -- by :user:`abravalheri`
* #2952: Modified "vendoring" logic to keep license files.
* #2968: Improved isolation for some tests that where inadvertently using the project
root for builds, and therefore creating directories (e.g. ``build``, ``dist``,
``*.egg-info``) that could interfere with the outcome of other tests
-- by :user:`abravalheri`.
* #2968: Introduced new test fixtures ``venv``, ``venv_without_setuptools``,
``bare_venv`` that rely on the ``jaraco.envs`` package.
These new test fixtures were also used to remove the (currently problematic)
dependency on the ``pytest_virtualenv`` plugin.
* #2968: Removed ``tmp_src`` test fixture. Previously this fixture was copying all the
files and folders under the project root, including the ``.git`` directory,
which is error prone and increases testing time.
Since ``tmp_src`` was used to populate virtual environments (installing the
version of ``setuptools`` under test via the source tree), it was replaced by
the new ``setuptools_sdist`` and ``setuptools_wheel`` fixtures (that are build
only once per session testing and can be shared between all the workers for
read-only usage).
v60.3.1
Misc
* #3002: Suppress AttributeError when detecting get-pip.
v60.3.0
Changes
* #2993: In _distutils_hack, bypass the distutils exception for pip when get-pip is being invoked, because it imports setuptools.
Misc
* #2989: Merge with pypa/distutils@788cc159. Includes fix for config vars missing from sysconfig.
v60.2.0
Changes
* #2974: Setuptools now relies on the Python logging infrastructure to log messages. Instead of using ``distutils.log.*``, use ``logging.getLogger(name).*``.
* #2987: Sync with pypa/distutils@2def21c5d74fdd2fe7996ee4030ac145a9d751bd, including fix for missing get_versions attribute (#2969), more reliance on sysconfig from stdlib.
Misc
* #2962: Avoid attempting to use local distutils when the presiding version of Setuptools on the path doesn't have one.
* #2983: Restore 'add_shim' as the way to invoke the hook. Avoids compatibility issues between different versions of Setuptools with the distutils local implementation.
v60.1.1
Misc
* #2980: Bypass distutils loader when setuptools module is no longer available on sys.path.
v60.1.0
Changes
* #2958: In distutils_hack, only add the metadata finder once. In ensure_local_distutils, rely on a context manager for reliable manipulation.
* #2963: Merge with pypa/distutils@a5af364910. Includes revisited fix for pypa/distutils#15 and improved MinGW/Cygwin support from pypa/distutils#77.
v60.0.5
Misc
* #2960: Install schemes fall back to default scheme for headers.
v60.0.4
Misc
* #2954: Merge with pypa/distutils@eba2bcd310. Adds platsubdir to config vars available for substitution.
v60.0.3
Misc
* #2940: Avoid KeyError in distutils hack when pip is imported during ensurepip.
v60.0.2
Misc
* #2938: Select 'posix_user' for the scheme unless falling back to stdlib, then use 'unix_user'.
v60.0.1
Misc
* #2944: Add support for extended install schemes in easy_install.
v60.0.0
Breaking Changes
* #2896: Setuptools once again makes its local copy of distutils the default. To override, set SETUPTOOLS_USE_DISTUTILS=stdlib.
v59.8.0
Changes
* #2935: Merge pypa/distutils@460b59f0e68dba17e2465e8dd421bbc14b994d1f.
v59.7.0
Changes
* #2930: Require Python 3.7
v59.6.0
Changes
* #2925: Merge with pypa/distutils@92082ee42c including introduction of deprecation warning on Version classes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:16 +0000 (13:18 +0200)]
python3-setuptools-scm: Update to version 6.4.2
- Update from version 6.3.2 to 6.4.2
- Update rootfile
- Changelog
v6.4.2
* fix #671 : NoReturn is not avaliable in painfully dead python 3.6
v6.4.1
* fix regression #669: restore get_version signature
* fix #668: harden the selftest for distribution extras
v6.4.0
* compatibility adjustments for setuptools >58
* only put minimal setuptools version into toml extra to warn people with old
strict pins
* coorectly handle hg-git self-use
* better mercurial detection
* modernize packaging setup
* python 3.10 support
* better handling of setuptools install command deprecation
* consider ``pyproject.tomls`` when running as command
* use list in git describe command to avoid shell expansions while supporting
both windows and posix
* add ``--strip-dev`` flag to ``python -m setuptools_scm`` to print the next
guessed version cleanly
* ensure no-guess-dev will fail on bad tags instead of generating invalid
versions
* ensure we use utc everywhere to avoid confusion
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:15 +0000 (13:18 +0200)]
python3-setuptools-rust: Update to version 1.2.0
- Update from 1.1.2 to 1.2.0
- Update of rootfile
- Changelog
## 1.2.0 (2022-03-22)
### Packaging
- Drop support for Python 3.6. [#209]
### Added
- Add support for `kebab-case` executable names. [#205]
- Add support for custom cargo profiles. [#216]
### Fixed
- Fix building macOS arm64 wheel with cibuildwheel. [#217]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:14 +0000 (13:18 +0200)]
python3-semantic-version: Update to version 2.9.0
- Update from 2.8.5 to 2.9.0
- Update of rootfile
- Changelog
2.9.0 (2022-02-06)
*New:*
* Add support for Django 3.1, 3.2, 4.0
* Add support for Python 3.7 / 3.8 / 3.9 / 3.10
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:13 +0000 (13:18 +0200)]
python3-s3transfer: Update to version 0.5.2
- Update from 0.5.0 to 0.5.2
- Update of rootfile
- Changelog
There is no changelog in the source tarball or in PyPi or in the github repository.
To see the changes you have to read through the individual commits in the github
repository.
https://github.com/boto/s3transfer/commits/develop
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:12 +0000 (13:18 +0200)]
python3-pytz: Update to version 2022.1
- Update from 2021.3 to 2022.1
- Update of rootfile
- Changelog
pytz 2022.1 with the 2022a timezone database has been released. There are no code
changes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:11 +0000 (13:18 +0200)]
python3-jmespath: Update to version 1.0.0
- Update from 0.10.0 to 1.0.0
- Update of rootfile
- Changelog
This python module does not have a changelog in its source file or on its PyPi page
or on its github page.
To see what changes have occurred you have to look at the individual commits in github
https://github.com/jmespath/jmespath.py/commits/develop
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:10 +0000 (13:18 +0200)]
python3-flit: Update to version 3.7.1
- Update from 3.6.0 to 3.7.1
- Update of rootfile
- Changelog
Version 3.7.1
Fix building packages which need execution to get the version number, and
have a relative import in __init__.py (PR #531).
Version 3.7
Support for external data files such as man pages or Jupyter extension
support files (PR #510).
Project names are now lowercase in wheel filenames and .dist-info folder
names, in line with the specifications (PR #498).
Improved support for bootstrapping a Python environment, e.g. for downstream
packagers (PR #511). flit_core.wheel is usable with python -m to create
wheels before the build tool is available, and flit_core sdists also
include a script to install itself from a wheel before installer is available.
Use newer importlib APIs, fixing some deprecation warnings (PR #499).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:09 +0000 (13:18 +0200)]
python3-click: Update to version 8.1.2
- Update from 8.0.3 to 8.1.2
- Update of rootfile
- Changelog
Version 8.1.2
- Fix error message for readable path check that was mixed up with the
executable check. :pr:`2236`
- Restore parameter order for ``Path``, placing the ``executable``
parameter at the end. It is recommended to use keyword arguments
instead of positional arguments. :issue:`2235`
Version 8.1.1
- Fix an issue with decorator typing that caused type checking to
report that a command was not callable. :issue:`2227`
Version 8.1.0
- Drop support for Python 3.6. :pr:`2129`
- Remove previously deprecated code. :pr:`2130`
- ``Group.resultcallback`` is renamed to ``result_callback``.
- ``autocompletion`` parameter to ``Command`` is renamed to
``shell_complete``.
- ``get_terminal_size`` is removed, use
``shutil.get_terminal_size`` instead.
- ``get_os_args`` is removed, use ``sys.argv[1:]`` instead.
- Rely on :pep:`538` and :pep:`540` to handle selecting UTF-8 encoding
instead of ASCII. Click's locale encoding detection is removed.
:issue:`2198`
- Single options boolean flags with ``show_default=True`` only show
the default if it is ``True``. :issue:`1971`
- The ``command`` and ``group`` decorators can be applied with or
without parentheses. :issue:`1359`
- The ``Path`` type can check whether the target is executable.
:issue:`1961`
- ``Command.show_default`` overrides ``Context.show_default``, instead
of the other way around. :issue:`1963`
- Parameter decorators and ``@group`` handles ``cls=None`` the same as
not passing ``cls``. ``@option`` handles ``help=None`` the same as
not passing ``help``. :issue:`#1959`
- A flag option with ``required=True`` requires that the flag is
passed instead of choosing the implicit default value. :issue:`1978`
- Indentation in help text passed to ``Option`` and ``Command`` is
cleaned the same as using the ``@option`` and ``@command``
decorators does. A command's ``epilog`` and ``short_help`` are also
processed. :issue:`1985`
- Store unprocessed ``Command.help``, ``epilog`` and ``short_help``
strings. Processing is only done when formatting help text for
output. :issue:`2149`
- Allow empty str input for ``prompt()`` when
``confirmation_prompt=True`` and ``default=""``. :issue:`2157`
- Windows glob pattern expansion doesn't fail if a value is an invalid
pattern. :issue:`2195`
- It's possible to pass a list of ``params`` to ``@command``. Any
params defined with decorators are appended to the passed params.
:issue:`2131`.
- ``@command`` decorator is annotated as returning the correct type if
a ``cls`` argument is used. :issue:`2211`
- A ``Group`` with ``invoke_without_command=True`` and ``chain=False``
will invoke its result callback with the group function's return
value. :issue:`2124`
- ``to_info_dict`` will not fail if a ``ParamType`` doesn't define a
``name``. :issue:`2168`
- Shell completion prioritizes option values with option prefixes over
new options. :issue:`2040`
- Options that get an environment variable value using
``autoenvvar_prefix`` treat an empty value as ``None``, consistent
with a direct ``envvar``. :issue:`2146`
Version 8.0.4
- ``open_file`` recognizes ``Path("-")`` as a standard stream, the
same as the string ``"-"``. :issue:`2106`
- The ``option`` and ``argument`` decorators preserve the type
annotation of the decorated function. :pr:`2155`
- A callable default value can customize its help text by overriding
``__str__`` instead of always showing ``(dynamic)``. :issue:`2099`
- Fix a typo in the Bash completion script that affected file and
directory completion. If this script was generated by a previous
version, it should be regenerated. :issue:`2163`
- Fix typing for ``echo`` and ``secho`` file argument.
:issue:`2174, 2185`
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:08 +0000 (13:18 +0200)]
python3-charset-vomalizer: Update to version 2.0.12
- Update from 2.0.10 to 2.0.12
- Update of rootfile
- Changelog
## [2.0.12]
### Fixed
- ASCII miss-detection on rare cases (PR #170)
## [2.0.11]
### Added
- Explicit support for Python 3.11 (PR #164)
### Changed
- The logging behavior have been completely reviewed, now using only TRACE and
DEBUG levels (PR #163 #165)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:07 +0000 (13:18 +0200)]
python3-botocore: Update to version 1.24.37
- Update from 1.23.21 to 1.24.37
- Update of rootfile
- Changelog
1.24.37
api-change:mediaconvert: AWS Elemental MediaConvert SDK has added support for the pass-through of WebVTT styling to WebVTT outputs, pass-through of KLV metadata to supported formats, and improved filter support for processing 444/RGB content.
api-change:wafv2: Add a new CurrentDefaultVersion field to ListAvailableManagedRuleGroupVersions API response; add a new VersioningSupported boolean to each ManagedRuleGroup returned from ListAvailableManagedRuleGroups API response.
api-change:mediapackage-vod: This release adds ScteMarkersSource as an available field for Dash Packaging Configurations. When set to MANIFEST, MediaPackage will source the SCTE-35 markers from the manifest. When set to SEGMENTS, MediaPackage will source the SCTE-35 markers from the segments.
1.24.36
api-change:apigateway: ApiGateway CLI command get-usage now includes usagePlanId, startDate, and endDate fields in the output to match documentation.
api-change:personalize: This release provides tagging support in AWS Personalize.
api-change:pi: Adds support for DocumentDB to the Performance Insights API.
api-change:events: Update events client to latest version
api-change:docdb: Added support to enable/disable performance insights when creating or modifying db instances
api-change:sagemaker: Amazon Sagemaker Notebook Instances now supports G5 instance types
1.24.35
bugfix:Proxy: Fix failure case for IP proxy addresses using TLS-in-TLS. boto/botocore#2652
api-change:config: Add resourceType enums for AWS::EMR::SecurityConfiguration and AWS::SageMaker::CodeRepository
api-change:panorama: Added Brand field to device listings.
api-change:lambda: This release adds new APIs for creating and managing Lambda Function URLs and adds a new FunctionUrlAuthType parameter to the AddPermission API. Customers can use Function URLs to create built-in HTTPS endpoints on their functions.
api-change:kendra: Amazon Kendra now provides a data source connector for Box. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-box.html
1.24.34
api-change:securityhub: Added additional ASFF details for RdsSecurityGroup AutoScalingGroup, ElbLoadBalancer, CodeBuildProject and RedshiftCluster.
api-change:fsx: Provide customers more visibility into file system status by adding new "Misconfigured Unavailable" status for Amazon FSx for Windows File Server.
api-change:s3control: Documentation-only update for doc bug fixes for the S3 Control API docs.
api-change:datasync: AWS DataSync now supports Amazon FSx for OpenZFS locations.
1.24.33
api-change:iot: AWS IoT - AWS IoT Device Defender adds support to list metric datapoints collected for IoT devices through the ListMetricValues API
api-change:servicecatalog: This release adds ProvisioningArtifictOutputKeys to DescribeProvisioningParameters to reference the outputs of a Provisioned Product and deprecates ProvisioningArtifactOutputs.
api-change:sms: Revised product update notice for SMS console deprecation.
api-change:proton: SDK release to support tagging for AWS Proton Repository resource
enhancement:AWSCRT: Upgrade awscrt version to 0.13.8
1.24.32
api-change:connect: This release updates these APIs: UpdateInstanceAttribute, DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically enable/disable multi-party conferencing using attribute type MULTI_PARTY_CONFERENCING on the specified Amazon Connect instance.
1.24.31
api-change:cloudcontrol: SDK release for Cloud Control API in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD
api-change:pinpoint-sms-voice-v2: Amazon Pinpoint now offers a version 2.0 suite of SMS and voice APIs, providing increased control over sending and configuration. This release is a new SDK for sending SMS and voice messages called PinpointSMSVoiceV2.
api-change:workspaces: Added APIs that allow you to customize the logo, login message, and help links in the WorkSpaces client login page. To learn more, visit https://docs.aws.amazon.com/workspaces/latest/adminguide/customize-branding.html
api-change:route53-recovery-cluster: This release adds a new API "ListRoutingControls" to list routing control states using the highly reliable Route 53 ARC data plane endpoints.
api-change:databrew: This AWS Glue Databrew release adds feature to support ORC as an input format.
api-change:auditmanager: This release adds documentation updates for Audit Manager. The updates provide data deletion guidance when a customer deregisters Audit Manager or deregisters a delegated administrator.
api-change:grafana: This release adds tagging support to the Managed Grafana service. New APIs: TagResource, UntagResource and ListTagsForResource. Updates: add optional field tags to support tagging while calling CreateWorkspace.
1.24.30
api-change:iot-data: Update the default AWS IoT Core Data Plane endpoint from VeriSign signed to ATS signed. If you have firewalls with strict egress rules, configure the rules to grant you access to data-ats.iot.[region].amazonaws.com or data-ats.iot.[region].amazonaws.com.cn.
api-change:ec2: This release simplifies the auto-recovery configuration process enabling customers to set the recovery behavior to disabled or default
api-change:fms: AWS Firewall Manager now supports the configuration of third-party policies that can use either the centralized or distributed deployment models.
api-change:fsx: This release adds support for modifying throughput capacity for FSx for ONTAP file systems.
api-change:iot: Doc only update for IoT that fixes customer-reported issues.
1.24.29
api-change:organizations: This release provides the new CloseAccount API that enables principals in the management account to close any member account within an organization.
1.24.28
api-change:medialive: This release adds support for selecting a maintenance window.
api-change:acm-pca: Updating service name entities
1.24.27
api-change:ec2: This is release adds support for Amazon VPC Reachability Analyzer to analyze path through a Transit Gateway.
api-change:ssm: This Patch Manager release supports creating, updating, and deleting Patch Baselines for Rocky Linux OS.
api-change:batch: Bug Fix: Fixed a bug where shapes were marked as unboxed and were not serialized and sent over the wire, causing an API error from the service.
1.24.26
api-change:lambda: Adds support for increased ephemeral storage (/tmp) up to 10GB for Lambda functions. Customers can now provision up to 10 GB of ephemeral storage per function instance, a 20x increase over the previous limit of 512 MB.
api-change:config: Added new APIs GetCustomRulePolicy and GetOrganizationCustomRulePolicy, and updated existing APIs PutConfigRule, DescribeConfigRule, DescribeConfigRuleEvaluationStatus, PutOrganizationConfigRule, DescribeConfigRule to support a new feature for building AWS Config rules with AWS CloudFormation Guard
api-change:transcribe: This release adds an additional parameter for subtitling with Amazon Transcribe batch jobs: outputStartIndex.
1.24.25
api-change:redshift: This release adds a new [--encrypted | --no-encrypted] field in restore-from-cluster-snapshot API. Customers can now restore an unencrypted snapshot to a cluster encrypted with AWS Managed Key or their own KMS key.
api-change:ebs: Increased the maximum supported value for the Timeout parameter of the StartSnapshot API from 60 minutes to 4320 minutes. Changed the HTTP error code for ConflictException from 503 to 409.
api-change:gamesparks: Released the preview of Amazon GameSparks, a fully managed AWS service that provides a multi-service backend for game developers.
api-change:elasticache: Doc only update for ElastiCache
api-change:transfer: Documentation updates for AWS Transfer Family to describe how to remove an associated workflow from a server.
api-change:auditmanager: This release updates 1 API parameter, the SnsArn attribute. The character length and regex pattern for the SnsArn attribute have been updated, which enables you to deselect an SNS topic when using the UpdateSettings operation.
api-change:ssm: Update AddTagsToResource, ListTagsForResource, and RemoveTagsFromResource APIs to reflect the support for tagging Automation resources. Includes other minor documentation updates.
1.24.24
api-change:location: Amazon Location Service now includes a MaxResults parameter for GetDevicePositionHistory requests.
api-change:polly: Amazon Polly adds new Catalan voice - Arlet. Arlet is available as Neural voice only.
api-change:lakeformation: The release fixes the incorrect permissions called out in the documentation - DESCRIBE_TAG, ASSOCIATE_TAG, DELETE_TAG, ALTER_TAG. This trebuchet release fixes the corresponding SDK and documentation.
api-change:ecs: Documentation only update to address tickets
api-change:ce: Added three new APIs to support tagging and resource-level authorization on Cost Explorer resources: TagResource, UntagResource, ListTagsForResource. Added optional parameters to CreateCostCategoryDefinition, CreateAnomalySubscription and CreateAnomalyMonitor APIs to support Tag On Create.
1.24.23
api-change:ram: Document improvements to the RAM API operations and parameter descriptions.
api-change:ecr: This release includes a fix in the DescribeImageScanFindings paginated output.
api-change:quicksight: AWS QuickSight Service Features - Expand public API support for group management.
api-change:chime-sdk-meetings: Add support for media replication to link multiple WebRTC media sessions together to reach larger and global audiences. Participants connected to a replica session can be granted access to join the primary session and can switch sessions with their existing WebRTC connection
api-change:mediaconnect: This release adds support for selecting a maintenance window.
1.24.22
enhancement:jmespath: Add env markers to get working version of jmespath for python 3.6
api-change:glue: Added 9 new APIs for AWS Glue Interactive Sessions: ListSessions, StopSession, CreateSession, GetSession, DeleteSession, RunStatement, GetStatement, ListStatements, CancelStatement
1.24.21
enhancement:Dependency: Added support for jmespath 1.0
api-change:amplifybackend: Adding the ability to customize Cognito verification messages for email and SMS in CreateBackendAuth and UpdateBackendAuth. Adding deprecation documentation for ForgotPassword in CreateBackendAuth and UpdateBackendAuth
api-change:acm-pca: AWS Certificate Manager (ACM) Private Certificate Authority (CA) now supports customizable certificate subject names and extensions.
api-change:ssm-incidents: Removed incorrect validation pattern for IncidentRecordSource.invokedBy
api-change:billingconductor: This is the initial SDK release for AWS Billing Conductor. The AWS Billing Conductor is a customizable billing service, allowing you to customize your billing data to match your desired business structure.
api-change:s3outposts: S3 on Outposts is releasing a new API, ListSharedEndpoints, that lists all endpoints associated with S3 on Outpost, that has been shared by Resource Access Manager (RAM).
1.24.20
api-change:robomaker: This release deprecates ROS, Ubuntu and Gazbeo from RoboMaker Simulation Service Software Suites in favor of user-supplied containers and Relaxed Software Suites.
api-change:dataexchange: This feature enables data providers to use the RevokeRevision operation to revoke subscriber access to a given revision. Subscribers are unable to interact with assets within a revoked revision.
api-change:ec2: Adds the Cascade parameter to the DeleteIpam API. Customers can use this parameter to automatically delete their IPAM, including non-default scopes, pools, cidrs, and allocations. There mustn't be any pools provisioned in the default public scope to use this parameter.
api-change:cognito-idp: Updated EmailConfigurationType and SmsConfigurationType to reflect that you can now choose Amazon SES and Amazon SNS resources in the same Region.
enhancement:AWSCRT: Upgrade awscrt extra to 0.13.5
api-change:location: New HERE style "VectorHereExplore" and "VectorHereExploreTruck".
api-change:ecs: Documentation only update to address tickets
api-change:keyspaces: Fixing formatting issues in CLI and SDK documentation
api-change:rds: Various documentation improvements
1.24.19
api-change:kendra: Amazon Kendra now provides a data source connector for Slack. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-slack.html
api-change:timestream-query: Amazon Timestream Scheduled Queries now support Timestamp datatype in a multi-measure record.
enhancement:Stubber: Added support for modeled exception fields when adding errors to a client stub. Implements boto/boto3`#3178 <https://github.com/boto/botocore/issues/3178>`__.
api-change:elasticache: Doc only update for ElastiCache
api-change:config: Add resourceType enums for AWS::ECR::PublicRepository and AWS::EC2::LaunchTemplate
1.24.18
api-change:outposts: This release adds address filters for listSites
api-change:lambda: Adds PrincipalOrgID support to AddPermission API. Customers can use it to manage permissions to lambda functions at AWS Organizations level.
api-change:secretsmanager: Documentation updates for Secrets Manager.
api-change:connect: This release adds support for enabling Rich Messaging when starting a new chat session via the StartChatContact API. Rich Messaging enables the following formatting options: bold, italics, hyperlinks, bulleted lists, and numbered lists.
api-change:chime: Chime VoiceConnector Logging APIs will now support MediaMetricLogs. Also CreateMeetingDialOut now returns AccessDeniedException.
1.24.17
api-change:transcribe: Documentation fix for API StartMedicalTranscriptionJobRequest, now showing min sample rate as 16khz
api-change:transfer: Adding more descriptive error types for managed workflows
api-change:lexv2-models: Update lexv2-models client to latest version
1.24.16
api-change:comprehend: Amazon Comprehend now supports extracting the sentiment associated with entities such as brands, products and services from text documents.
1.24.15
api-change:eks: Introducing a new enum for NodeGroup error code: Ec2SubnetMissingIpv6Assignment
api-change:keyspaces: Adding link to CloudTrail section in Amazon Keyspaces Developer Guide
api-change:mediaconvert: AWS Elemental MediaConvert SDK has added support for reading timecode from AVCHD sources and now provides the ability to segment WebVTT at the same interval as the video and audio in HLS packages.
1.24.14
api-change:chime-sdk-meetings: Adds support for Transcribe language identification feature to the StartMeetingTranscription API.
api-change:ecs: Amazon ECS UpdateService API now supports additional parameters: loadBalancers, propagateTags, enableECSManagedTags, and serviceRegistries
api-change:migration-hub-refactor-spaces: AWS Migration Hub Refactor Spaces documentation update.
1.24.13
api-change:synthetics: Allow custom handler function.
api-change:transfer: Add waiters for server online and offline.
api-change:devops-guru: Amazon DevOps Guru now integrates with Amazon CodeGuru Profiler. You can view CodeGuru Profiler recommendations for your AWS Lambda function in DevOps Guru. This feature is enabled by default for new customers as of 3/4/2022. Existing customers can enable this feature with UpdateEventSourcesConfig.
api-change:macie: Amazon Macie Classic (macie) has been discontinued and is no longer available. A new Amazon Macie (macie2) is now available with significant design improvements and additional features.
api-change:ec2: Documentation updates for Amazon EC2.
api-change:sts: Documentation updates for AWS Security Token Service.
api-change:connect: This release updates the *InstanceStorageConfig APIs so they support a new ResourceType: REAL_TIME_CONTACT_ANALYSIS_SEGMENTS. Use this resource type to enable streaming for real-time contact analysis and to associate the Kinesis stream where real-time contact analysis segments will be published.
1.24.12
api-change:greengrassv2: Doc only update that clarifies Create Deployment section.
api-change:fsx: This release adds support for data repository associations to use root ("/") as the file system path
api-change:kendra: Amazon Kendra now suggests spell corrections for a query. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/query-spell-check.html
api-change:appflow: Launching Amazon AppFlow Marketo as a destination connector SDK.
api-change:timestream-query: Documentation only update for SDK and CLI
1.24.11
api-change:gamelift: Minor updates to address errors.
api-change:cloudtrail: Add bytesScanned field into responses of DescribeQuery and GetQueryResults.
api-change:athena: This release adds support for S3 Object Ownership by allowing the S3 bucket owner full control canned ACL to be set when Athena writes query results to S3 buckets.
api-change:keyspaces: This release adds support for data definition language (DDL) operations
api-change:ecr: This release adds support for tracking images lastRecordedPullTime.
1.24.10
api-change:mediapackage: This release adds Hybridcast as an available profile option for Dash Origin Endpoints.
api-change:rds: Documentation updates for Multi-AZ DB clusters.
api-change:mgn: Add support for GP3 and IO2 volume types. Add bootMode to LaunchConfiguration object (and as a parameter to UpdateLaunchConfigurationRequest).
api-change:kafkaconnect: Adds operation for custom plugin deletion (DeleteCustomPlugin) and adds new StateDescription field to DescribeCustomPlugin and DescribeConnector responses to return errors from asynchronous resource creation.
1.24.9
api-change:finspace-data: Add new APIs for managing Users and Permission Groups.
api-change:amplify: Add repositoryCloneMethod field for hosting an Amplify app. This field shows what authorization method is used to clone the repo: SSH, TOKEN, or SIGV4.
api-change:fsx: This release adds support for the following FSx for OpenZFS features: snapshot lifecycle transition messages, force flag for deleting file systems with child resources, LZ4 data compression, custom record sizes, and unsetting volume quotas and reservations.
api-change:fis: This release adds logging support for AWS Fault Injection Simulator experiments. Experiment templates can now be configured to send experiment activity logs to Amazon CloudWatch Logs or to an S3 bucket.
api-change:route53-recovery-cluster: This release adds a new API option to enable overriding safety rules to allow routing control state updates.
api-change:amplifyuibuilder: We are adding the ability to configure workflows and actions for components.
api-change:athena: This release adds support for updating an existing named query.
api-change:ec2: This release adds support for new AMI property 'lastLaunchedTime'
api-change:servicecatalog-appregistry: AppRegistry is deprecating Application and Attribute-Group Name update feature. In this release, we are marking the name attributes for Update APIs as deprecated to give a heads up to our customers.
1.24.8
api-change:elasticache: Doc only update for ElastiCache
api-change:panorama: Added NTP server configuration parameter to ProvisionDevice operation. Added alternate software fields to DescribeDevice response
1.24.7
api-change:route53: SDK doc update for Route 53 to update some parameters with new information.
api-change:databrew: This AWS Glue Databrew release adds feature to merge job outputs into a max number of files for S3 File output type.
api-change:transfer: Support automatic pagination when listing AWS Transfer Family resources.
api-change:s3control: Amazon S3 Batch Operations adds support for new integrity checking capabilities in Amazon S3.
api-change:s3: This release adds support for new integrity checking capabilities in Amazon S3. You can choose from four supported checksum algorithms for data integrity checking on your upload and download requests. In addition, AWS SDK can automatically calculate a checksum as it streams data into S3
api-change:fms: AWS Firewall Manager now supports the configuration of AWS Network Firewall policies with either centralized or distributed deployment models. This release also adds support for custom endpoint configuration, where you can choose which Availability Zones to create firewall endpoints in.
api-change:lightsail: This release adds support to delete and create Lightsail default key pairs that you can use with Lightsail instances.
api-change:autoscaling: You can now hibernate instances in a warm pool to stop instances without deleting their RAM contents. You can now also return instances to the warm pool on scale in, instead of always terminating capacity that you will need later.
1.24.6
api-change:transfer: The file input selection feature provides the ability to use either the originally uploaded file or the output file from the previous workflow step, enabling customers to make multiple copies of the original file while keeping the source file intact for file archival.
api-change:lambda: Lambda releases .NET 6 managed runtime to be available in all commercial regions.
api-change:textract: Added support for merged cells and column header for table response.
1.24.5
api-change:translate: This release enables customers to use translation settings for formality customization in their synchronous translation output.
api-change:wafv2: Updated descriptions for logging configuration.
api-change:apprunner: AWS App Runner adds a Java platform (Corretto 8, Corretto 11 runtimes) and a Node.js 14 runtime.
1.24.4
api-change:imagebuilder: This release adds support to enable faster launching for Windows AMIs created by EC2 Image Builder.
api-change:customer-profiles: This release introduces apis CreateIntegrationWorkflow, DeleteWorkflow, ListWorkflows, GetWorkflow and GetWorkflowSteps. These apis are used to manage and view integration workflows.
api-change:dynamodb: DynamoDB ExecuteStatement API now supports Limit as a request parameter to specify the maximum number of items to evaluate. If specified, the service will process up to the Limit and the results will include a LastEvaluatedKey value to continue the read in a subsequent operation.
1.24.3
api-change:transfer: Properties for Transfer Family used with SFTP, FTP, and FTPS protocols. Display Banners are bodies of text that can be displayed before and/or after a user authenticates onto a server using one of the previously mentioned protocols.
api-change:gamelift: Increase string list limit from 10 to 100.
api-change:budgets: This change introduces DescribeBudgetNotificationsForAccount API which returns budget notifications for the specified account
1.24.2
api-change:iam: Documentation updates for AWS Identity and Access Management (IAM).
api-change:redshift: SDK release for Cross region datasharing and cost-control for cross region datasharing
api-change:evidently: Add support for filtering list of experiments and launches by status
api-change:backup: AWS Backup add new S3_BACKUP_OBJECT_FAILED and S3_RESTORE_OBJECT_FAILED event types in BackupVaultNotifications events list.
1.24.1
api-change:ec2: Documentation updates for EC2.
api-change:budgets: Adds support for auto-adjusting budgets, a new budget method alongside fixed and planned. Auto-adjusting budgets introduces new metadata to configure a budget limit baseline using a historical lookback average or current period forecast.
api-change:ce: AWS Cost Anomaly Detection now supports SNS FIFO topic subscribers.
api-change:glue: Support for optimistic locking in UpdateTable
api-change:ssm: Assorted ticket fixes and updates for AWS Systems Manager.
1.24.0
api-change:appflow: Launching Amazon AppFlow SAP as a destination connector SDK.
feature:Parser: Adding support for parsing int/long types in rest-json response headers.
api-change:rds: Adds support for determining which Aurora PostgreSQL versions support Babelfish.
api-change:athena: This release adds a subfield, ErrorType, to the AthenaError response object in the GetQueryExecution API when a query fails.
1.23.54
api-change:ssm: Documentation updates for AWS Systems Manager.
1.23.53
api-change:cloudformation: This SDK release adds AWS CloudFormation Hooks HandlerErrorCodes
api-change:lookoutvision: This release makes CompilerOptions in Lookout for Vision's StartModelPackagingJob's Configuration object optional.
api-change:pinpoint: This SDK release adds a new paramater creation date for GetApp and GetApps Api call
api-change:sns: Customer requested typo fix in API documentation.
api-change:wafv2: Adds support for AWS WAF Fraud Control account takeover prevention (ATP), with configuration options for the new managed rule group AWSManagedRulesATPRuleSet and support for application integration SDKs for Android and iOS mobile apps.
1.23.52
api-change:cloudformation: This SDK release is for the feature launch of AWS CloudFormation Hooks.
1.23.51
api-change:kendra: Amazon Kendra now provides a data source connector for Amazon FSx. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-fsx.html
api-change:apprunner: This release adds support for App Runner to route outbound network traffic of a service through an Amazon VPC. New API: CreateVpcConnector, DescribeVpcConnector, ListVpcConnectors, and DeleteVpcConnector. Updated API: CreateService, DescribeService, and UpdateService.
api-change:s3control: This release adds support for S3 Batch Replication. Batch Replication lets you replicate existing objects, already replicated objects to new destinations, and objects that previously failed to replicate. Customers will receive object-level visibility of progress and a detailed completion report.
api-change:sagemaker: Autopilot now generates an additional report with information on the performance of the best model, such as a Confusion matrix and Area under the receiver operating characteristic (AUC-ROC). The path to the report can be found in CandidateArtifactLocations.
1.23.50
api-change:auditmanager: This release updates 3 API parameters. UpdateAssessmentFrameworkControlSet now requires the controls attribute, and CreateAssessmentFrameworkControl requires the id attribute. Additionally, UpdateAssessmentFramework now has a minimum length constraint for the controlSets attribute.
api-change:synthetics: Adding names parameters to the Describe APIs.
api-change:ssm-incidents: Update RelatedItem enum to support SSM Automation
api-change:events: Update events client to latest version
enhancement:Lambda Request Header: Adding request header for Lambda recursion detection.
1.23.49
api-change:athena: You can now optionally specify the account ID that you expect to be the owner of your query results output location bucket in Athena. If the account ID of the query results bucket owner does not match the specified account ID, attempts to output to the bucket will fail with an S3 permissions error.
api-change:rds: updates for RDS Custom for Oracle 12.1 support
api-change:lakeformation: Add support for calling Update Table Objects without a TransactionId.
1.23.48
api-change:ec2: adds support for AMIs in Recycle Bin
api-change:robomaker: The release deprecates the use various APIs of RoboMaker Deployment Service in favor of AWS IoT GreenGrass v2.0.
api-change:meteringmarketplace: Add CustomerAWSAccountId to ResolveCustomer API response and increase UsageAllocation limit to 2500.
api-change:rbin: Add EC2 Image recycle bin support.
1.23.47
api-change:emr: Update emr client to latest version
api-change:personalize: Adding minRecommendationRequestsPerSecond attribute to recommender APIs.
enhancement:Request headers: Adding request headers with retry information.
api-change:appflow: Launching Amazon AppFlow Custom Connector SDK.
api-change:dynamodb: Documentation update for DynamoDB Java SDK.
api-change:iot: This release adds support for configuring AWS IoT logging level per client ID, source IP, or principal ID.
api-change:comprehend: Amazon Comprehend now supports sharing and importing custom trained models from one AWS account to another within the same region.
api-change:ce: Doc-only update for Cost Explorer API that adds INVOICING_ENTITY dimensions
api-change:fis: Added GetTargetResourceType and ListTargetResourceTypesAPI actions. These actions return additional details about resource types and parameters that can be targeted by FIS actions. Added a parameters field for the targets that can be specified in experiment templates.
api-change:es: Allows customers to get progress updates for blue/green deployments
api-change:glue: Launch Protobuf support for AWS Glue Schema Registry
api-change:elasticache: Documentation update for AWS ElastiCache
1.23.46
api-change:appconfigdata: Documentation updates for AWS AppConfig Data.
api-change:athena: This release adds a field, AthenaError, to the GetQueryExecution response object when a query fails.
api-change:appconfig: Documentation updates for AWS AppConfig
api-change:cognito-idp: Doc updates for Cognito user pools API Reference.
api-change:secretsmanager: Feature are ready to release on Jan 28th
api-change:sagemaker: This release added a new NNA accelerator compilation support for Sagemaker Neo.
1.23.45
api-change:ec2: X2ezn instances are powered by Intel Cascade Lake CPUs that deliver turbo all core frequency of up to 4.5 GHz and up to 100 Gbps of networking bandwidth
api-change:kafka: Amazon MSK has updated the CreateCluster and UpdateBrokerStorage API that allows you to specify volume throughput during cluster creation and broker volume updates.
api-change:connect: This release adds support for configuring a custom chat duration when starting a new chat session via the StartChatContact API. The default value for chat duration is 25 hours, minimum configurable value is 1 hour (60 minutes) and maximum configurable value is 7 days (10,080 minutes).
api-change:amplify: Doc only update to the description of basicauthcredentials to describe the required encoding and format.
api-change:opensearch: Allows customers to get progress updates for blue/green deployments
1.23.44
api-change:frauddetector: Added new APIs for viewing past predictions and obtaining prediction metadata including prediction explanations: ListEventPredictions and GetEventPredictionMetadata
api-change:ebs: Documentation updates for Amazon EBS Direct APIs.
api-change:codeguru-reviewer: Added failure state and adjusted timeout in waiter
api-change:securityhub: Adding top level Sample boolean field
api-change:sagemaker: API changes relating to Fail steps in model building pipeline and add PipelineExecutionFailureReason in PipelineExecutionSummary.
1.23.43
api-change:fsx: This release adds support for growing SSD storage capacity and growing/shrinking SSD IOPS for FSx for ONTAP file systems.
api-change:efs: Update efs client to latest version
api-change:connect: This release adds support for custom vocabularies to be used with Contact Lens. Custom vocabularies improve transcription accuracy for one or more specific words.
api-change:guardduty: Amazon GuardDuty expands threat detection coverage to protect Amazon Elastic Kubernetes Service (EKS) workloads.
1.23.42
api-change:route53-recovery-readiness: Updated documentation for Route53 Recovery Readiness APIs.
1.23.41
enhancement:Exceptions: ProxyConnectionError previously provided the full proxy URL. User info will now be appropriately masked if needed.
api-change:mediaconvert: AWS Elemental MediaConvert SDK has added support for 4K AV1 output resolutions & 10-bit AV1 color, the ability to ingest sidecar Dolby Vision XML metadata files, and the ability to flag WebVTT and IMSC tracks for accessibility in HLS.
api-change:transcribe: Add support for granular PIIEntityTypes when using Batch ContentRedaction.
1.23.40
api-change:guardduty: Amazon GuardDuty findings now include remoteAccountDetails under AwsApiCallAction section if instance credential is exfiltrated.
api-change:connect: This release adds tagging support for UserHierarchyGroups resource.
api-change:mediatailor: This release adds support for multiple Segment Delivery Configurations. Users can provide a list of names and URLs when creating or editing a source location. When retrieving content, users can send a header to choose which URL should be used to serve content.
api-change:fis: Added action startTime and action endTime timestamp fields to the ExperimentAction object
api-change:ec2: C6i, M6i and R6i instances are powered by a third-generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz
1.23.39
api-change:macie2: This release of the Amazon Macie API introduces stricter validation of requests to create custom data identifiers.
api-change:ec2-instance-connect: Adds support for ED25519 keys. PushSSHPublicKey Availability Zone parameter is now optional. Adds EC2InstanceStateInvalidException for instances that are not running. This was previously a service exception, so this may require updating your code to handle this new exception.
1.23.38
api-change:ivs: This release adds support for the new Thumbnail Configuration property for Recording Configurations. For more information see https://docs.aws.amazon.com/ivs/latest/userguide/record-to-s3.html
api-change:storagegateway: Documentation update for adding bandwidth throttling support for S3 File Gateways.
api-change:location: This release adds the CalculateRouteMatrix API which calculates routes for the provided departure and destination positions. The release also deprecates the use of pricing plan across all verticals.
api-change:cloudtrail: This release fixes a documentation bug in the description for the readOnly field selector in advanced event selectors. The description now clarifies that users omit the readOnly field selector to select both Read and Write management events.
api-change:ec2: Add support for AWS Client VPN client login banner and session timeout.
1.23.37
enhancement:Configuration: Adding support for defaults_mode configuration. The defaults_mode will be used to determine how certain default configuration options are resolved in the SDK.
1.23.36
api-change:config: Update ResourceType enum with values for CodeDeploy, EC2 and Kinesis resources
api-change:application-insights: Application Insights support for Active Directory and SharePoint
api-change:honeycode: Added read and write api support for multi-select picklist. And added errorcode field to DescribeTableDataImportJob API output, when import job fails.
api-change:ram: This release adds the ListPermissionVersions API which lists the versions for a given permission.
api-change:lookoutmetrics: This release adds a new DeactivateAnomalyDetector API operation.
1.23.35
api-change:pinpoint: Adds JourneyChannelSettings to WriteJourneyRequest
api-change:lexv2-runtime: Update lexv2-runtime client to latest version
api-change:nimble: Amazon Nimble Studio now supports validation for Launch Profiles. Launch Profiles now report static validation results after create/update to detect errors in network or active directory configuration.
api-change:glue: This SDK release adds support to pass run properties when starting a workflow run
api-change:ssm: AWS Systems Manager adds category support for DescribeDocument API
api-change:elasticache: AWS ElastiCache for Redis has added a new Engine Log LogType in LogDelivery feature. You can now publish the Engine Log from your Amazon ElastiCache for Redis clusters to Amazon CloudWatch Logs and Amazon Kinesis Data Firehose.
1.23.34
api-change:lexv2-models: Update lexv2-models client to latest version
api-change:elasticache: Doc only update for ElastiCache
api-change:honeycode: Honeycode is releasing new APIs to allow user to create, delete and list tags on resources.
api-change:ec2: Hpc6a instances are powered by a third-generation AMD EPYC processors (Milan) delivering all-core turbo frequency of 3.4 GHz
api-change:fms: Shield Advanced policies for Amazon CloudFront resources now support automatic application layer DDoS mitigation. The max length for SecurityServicePolicyData ManagedServiceData is now 8192 characters, instead of 4096.
api-change:pi: This release adds three Performance Insights APIs. Use ListAvailableResourceMetrics to get available metrics, GetResourceMetadata to get feature metadata, and ListAvailableResourceDimensions to list available dimensions. The AdditionalMetrics field in DescribeDimensionKeys retrieves per-SQL metrics.
1.23.33
api-change:finspace-data: Documentation updates for FinSpace.
api-change:rds: This release adds the db-proxy event type to support subscribing to RDS Proxy events.
api-change:ce: Doc only update for Cost Explorer API that fixes missing clarifications for MatchOptions definitions
api-change:kendra: Amazon Kendra now supports advanced query language and query-less search.
api-change:workspaces: Introducing new APIs for Workspaces audio optimization with Amazon Connect: CreateConnectClientAddIn, DescribeConnectClientAddIns, UpdateConnectClientAddIn and DeleteConnectClientAddIn.
api-change:iotevents-data: This release provides documentation updates for Timer.timestamp in the IoT Events API Reference Guide.
api-change:ec2: EC2 Capacity Reservations now supports RHEL instance platforms (RHEL with SQL Server Standard, RHEL with SQL Server Enterprise, RHEL with SQL Server Web, RHEL with HA, RHEL with HA and SQL Server Standard, RHEL with HA and SQL Server Enterprise)
1.23.32
api-change:ec2: New feature: Updated EC2 API to support faster launching for Windows images. Optimized images are pre-provisioned, using snapshots to launch instances up to 65% faster.
api-change:compute-optimizer: Adds support for new Compute Optimizer capability that makes it easier for customers to optimize their EC2 instances by leveraging multiple CPU architectures.
api-change:lookoutmetrics: This release adds FailureType in the response of DescribeAnomalyDetector.
api-change:databrew: This SDK release adds support for specifying a Bucket Owner for an S3 location.
api-change:transcribe: Documentation updates for Amazon Transcribe.
1.23.31
api-change:medialive: This release adds support for selecting the Program Date Time (PDT) Clock source algorithm for HLS outputs.
1.23.30
api-change:ec2: This release introduces On-Demand Capacity Reservation support for Cluster Placement Groups, adds Tags on instance Metadata, and includes documentation updates for Amazon EC2.
api-change:mediatailor: This release adds support for filler slate when updating MediaTailor channels that use the linear playback mode.
api-change:opensearch: Amazon OpenSearch Service adds support for Fine Grained Access Control for existing domains running Elasticsearch version 6.7 and above
api-change:iotwireless: Downlink Queue Management feature provides APIs for customers to manage the queued messages destined to device inside AWS IoT Core for LoRaWAN. Customer can view, delete or purge the queued message(s). It allows customer to preempt the queued messages and let more urgent messages go through.
api-change:es: Amazon OpenSearch Service adds support for Fine Grained Access Control for existing domains running Elasticsearch version 6.7 and above
api-change:mwaa: This release adds a "Source" field that provides the initiator of an update, such as due to an automated patch from AWS or due to modification via Console or API.
api-change:appsync: AppSync: AWS AppSync now supports configurable batching sizes for AWS Lambda resolvers, Direct AWS Lambda resolvers and pipeline functions
1.23.29
api-change:cloudtrail: This release adds support for CloudTrail Lake, a new feature that lets you run SQL-based queries on events that you have aggregated into event data stores. New APIs have been added for creating and managing event data stores, and creating, running, and managing queries in CloudTrail Lake.
api-change:iot: This release adds an automatic retry mechanism for AWS IoT Jobs. You can now define a maximum number of retries for each Job rollout, along with the criteria to trigger the retry for FAILED/TIMED_OUT/ALL(both FAILED an TIMED_OUT) job.
api-change:ec2: This release adds a new API called ModifyVpcEndpointServicePayerResponsibility which allows VPC endpoint service owners to take payer responsibility of their VPC Endpoint connections.
api-change:snowball: Updating validation rules for interfaces used in the Snowball API to tighten security of service.
api-change:lakeformation: Add new APIs for 3rd Party Support for Lake Formation
api-change:appstream: Includes APIs for App Entitlement management regarding entitlement and entitled application association.
api-change:eks: Amazon EKS now supports running applications using IPv6 address space
api-change:quicksight: Multiple Doc-only updates for Amazon QuickSight.
api-change:ecs: Documentation update for ticket fixes.
api-change:sagemaker: Amazon SageMaker now supports running training jobs on ml.g5 instance types.
api-change:glue: Add Delta Lake target support for Glue Crawler and 3rd Party Support for Lake Formation
1.23.28
api-change:rekognition: This release introduces a new field IndexFacesModelVersion, which is the version of the face detect and storage model that was used when indexing the face vector.
api-change:s3: Minor doc-based updates based on feedback bugs received.
enhancement:JSONFileCache: Add support for __delitem__ in JSONFileCache
api-change:s3control: Documentation updates for the renaming of Glacier to Glacier Flexible Retrieval.
1.23.27
api-change:sagemaker: The release allows users to pass pipeline definitions as Amazon S3 locations and control the pipeline execution concurrency using ParallelismConfiguration. It also adds support of EMR jobs as pipeline steps.
api-change:rds: Multiple doc-only updates for Relational Database Service (RDS)
api-change:mediaconvert: AWS Elemental MediaConvert SDK has added strength levels to the Sharpness Filter and now permits OGG files to be specified as sidecar audio inputs.
api-change:greengrassv2: This release adds the API operations to manage the Greengrass role associated with your account and to manage the core device connectivity information. Greengrass V2 customers can now depend solely on Greengrass V2 SDK for all the API operations needed to manage their fleets.
api-change:detective: Added and updated API operations to support the Detective integration with AWS Organizations. New actions are used to manage the delegated administrator account and the integration configuration.
1.23.26
api-change:nimble: Amazon Nimble Studio adds support for users to upload files during a streaming session using NICE DCV native client or browser.
api-change:chime-sdk-messaging: The Amazon Chime SDK now supports updating message attributes via channel flows
api-change:imagebuilder: Added a note to infrastructure configuration actions and data types concerning delivery of Image Builder event messages to encrypted SNS topics. The key that's used to encrypt the SNS topic must reside in the account that Image Builder runs under.
api-change:workmail: This release allows customers to change their email monitoring configuration in Amazon WorkMail.
api-change:transfer: Property for Transfer Family used with the FTPS protocol. TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session.
api-change:lookoutmetrics: This release adds support for Causal Relationships. Added new ListAnomalyGroupRelatedMetrics API operation and InterMetricImpactDetails API data type
api-change:mediaconnect: You can now use the Fujitsu-QoS protocol for your MediaConnect sources and outputs to transport content to and from Fujitsu devices.
api-change:qldb: Amazon QLDB now supports journal exports in JSON and Ion Binary formats. This release adds an optional OutputFormat parameter to the ExportJournalToS3 API.
1.23.25
api-change:customer-profiles: This release adds an optional parameter, ObjectTypeNames to the PutIntegration API to support multiple object types per integration option. Besides, this release introduces Standard Order Objects which contain data from third party systems and each order object belongs to a specific profile.
api-change:sagemaker: This release adds a new ContentType field in AutoMLChannel for SageMaker CreateAutoMLJob InputDataConfig.
api-change:forecast: Adds ForecastDimensions field to the DescribeAutoPredictorResponse
api-change:securityhub: Added new resource details objects to ASFF, including resources for Firewall, and RuleGroup, FirewallPolicy Added additional details for AutoScalingGroup, LaunchConfiguration, and S3 buckets.
api-change:location: Making PricingPlan optional as part of create resource API.
api-change:redshift: This release adds API support for managed Redshift datashares. Customers can now interact with a Redshift datashare that is managed by a different service, such as AWS Data Exchange.
api-change:apigateway: Documentation updates for Amazon API Gateway
api-change:devops-guru: Adds Tags support to DescribeOrganizationResourceCollectionHealth
api-change:imagebuilder: This release adds support for importing and exporting VM Images as part of the Image Creation workflow via EC2 VM Import/Export.
api-change:datasync: AWS DataSync now supports FSx Lustre Locations.
api-change:finspace-data: Make dataset description optional and allow s3 export for dataviews
1.23.24
api-change:secretsmanager: Documentation updates for Secrets Manager
1.23.23
api-change:lexv2-models: Update lexv2-models client to latest version
api-change:network-firewall: This release adds support for managed rule groups.
api-change:route53-recovery-control-config: This release adds tagging supports to Route53 Recovery Control Configuration. New APIs: TagResource, UntagResource and ListTagsForResource. Updates: add optional field tags to support tagging while calling CreateCluster, CreateControlPanel and CreateSafetyRule.
api-change:ec2: Adds waiters support for internet gateways.
api-change:sms: This release adds SMS discontinuation information to the API and CLI references.
api-change:route53domains: Amazon Route 53 domain registration APIs now support filtering and sorting in the ListDomains API, deleting a domain by using the DeleteDomain API and getting domain pricing information by using the ListPrices API.
api-change:savingsplans: Adds the ability to specify Savings Plans hourly commitments using five digits after the decimal point.
1.23.22
api-change:lookoutvision: This release adds new APIs for packaging an Amazon Lookout for Vision model as an AWS IoT Greengrass component.
api-change:sagemaker: This release added a new Ambarella device(amba_cv2) compilation support for Sagemaker Neo.
api-change:comprehendmedical: This release adds a new set of APIs (synchronous and batch) to support the SNOMED-CT ontology.
api-change:health: Documentation updates for AWS Health
api-change:logs: This release adds AWS Organizations support as condition key in destination policy for cross account Subscriptions in CloudWatch Logs.
api-change:outposts: This release adds the UpdateOutpost API.
api-change:support: Documentation updates for AWS Support.
api-change:iot: This release allows customer to enable caching of custom authorizer on HTTP protocol for clients that use persistent or Keep-Alive connection in order to reduce the number of Lambda invocations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Thu, 14 Apr 2022 08:21:12 +0000 (10:21 +0200)]
openvpn: Update to version 2.5.6
- Update from version 2.5.4 to 2.5.6
- Update of rootfile not required
- No changes related to ciphers or options
- Source tarball changed from .xz to .gz as for version 2.5.6 the xz options was not
available. Raised on Openvpn forum but response was that they also didn't know why xz
option was not available but they thought it was not a big deal as the gz version is
only slightly larger.
- Changelog
Overview of changes in 2.5.6
User-visible Changes
update copyright year to 2022
New features
new plugin (sample-plugin/defer/multi-auth.c) to help testing with multiple
parallel plugins that succeed/fail in direct/deferred mode
various build improvements (github actions etc)
upgrade pkcs11-helper to release 1.28.4
Bugfixes
CVE-2022-0547 see
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
If openvpn is configured with multiple authentication plugins and more than
one plugin tries to do deferred authentication, the result is not
well-defined - creating a possible authentication bypass.
In this situation the server process will now abort itself with a clear log
message. Only one plugin is allowed to do deferred authentication.
Fix "--mtu-disc maybe|yes" on Linux
Due to configure/syshead.h/#ifdef confusion, the code in question was not
compiled-in since a long time. Fixed. Trac: #1452
Fix $common_name variable passed to scripts when username-as-common-name is
in effect.
This was not consistently set - sometimes, OpenVPN exported the username,
sometimes the common name from the client cert. Fixed. Trac: #1434
Fix potential memory leaks in add_route() and add_route_ipv6().
Apply connect-retry backoff only to one side of the connection in p2p mode.
Without that fix/enhancement, two sides could end up only sending packets
when the other end is not ready. Trac: #1010, #1384
remove unused sitnl.h file
clean up msvc build files, remove unused MSVC build .bat files
repair "--inactive" handling with a 'bytes' parameter larger than 2 Gbytes
due to integer overflow, this ended up being "0" on Linux, but on Windows
with MSVC it ends up being "always 2 Gbyte", both not doing what is
requested. Trac: #1448
repair handling of EC certificates on Windows with pkcs11-helper
(wrong compile-time defines for OpenSSL 1.1.1)
Documentation
documentation improvements related to DynDNS. Trac: #1417
clean up documentation for --proto and related options
rebuild rst docs if input files change (proper dependency handling)
Overview of changes in 2.5.5
User-visible Changes
SWEET32/64bit cipher deprecation change was postponed to 2.7
Windows: use network address for emulated DHCP server as default this
enables use of a /30 subnet, which is needed when connecting to OpenVPN Cloud.
require EC support in windows builds (this means it's no longer possible to
build a Windows OpenVPN binary with an OpenSSL lib without EC support)
New features
Windows build: use CFG and Spectre mitigations on MSVC builds
bring back OpenSSL config loading to Windows builds. OpenSSL config is
loaded from %installdir%\ssl\openssl.cnf (typically:
c:\program files\openvpn\ssl\openssl.cnf) if it exists.
This is important for some hardware tokens which need special OpenSSL
config for correct operation. Trac #1296
Bugfixes
Windows build: enable EKM
Windows build: improve various vcpkg related build issues
Windows build: fix regression related to non-writeable status files
(Trac #1430)
Windows build: fix regression that broke OpenSSL EC support
Windows build: fix "product version" display (2.5..4 -> 2.5.4)
Windows build: fix regression preventing use of PKCS12 files
improve "make check" to notice if "openvpn --show-cipher" crashes
improve argv unit tests
ensure unit tests work with mbedTLS builds without BF-CBC ciphers
include "--push-remove" in the output of "openvpn --help"
fix error in iptables syntax in example firewall.sh script
fix "resolvconf -p" invocation in example "up" script
fix "common_name" environment for script calls when
"--username-as-common-name" is in effect (Trac #1434)
Documentation
move "push-peer-info" documentation from "server options" to "client"
(where it belongs)
correct "foreign_option_{n}" typo in manpage
update IRC information in CONTRIBUTING.rst (libera.chat)
README.down-root: fix plugin module name
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 14 Apr 2022 08:20:57 +0000 (10:20 +0200)]
bird: Update to version 2.0.9
- Update from version 2.0.8 to 2.0.9
- Update of rootfile not required
- Changelog
Version 2.0.9 (2022-02-09)
o BGP: Flowspec validation procedure
o Babel: MAC authentication support
o Routing table configuration blocks
o Optional prefix trie in routing table for faster LPM/interval queries
o CLI: New 'show route in <prefix>' command
o Filter: Faster (16-way) prefix sets
o Filter: MPLS label route attribute
o Filter: Operators to pick community components
o Filter: Operators to find minimum and maximum element of lists
o BGP: New 'free bind' option
o BGP: Log route updates that were changed to withdraws
o BGP: Improved 'invalid next hop' error reporting
o OSPF: Allow ifaces with host address as unnumbered PtP or PtMP ifaces
o OSPF: All packets on PtP networks should be sent to AllSPFRouters address
o Scripts for apkg-powered upstream packaging for deb and rpm
o Support for Blake2s and Blake2b hash functions
o Security keys / passwords can be entered in hexadecimal digits
o Memory statistics split into Effective and Overhead
o Linux: New option 'netlink rx buffer' to specify netlink socket buffer size
o BSD: Assume onlink flag on ifaces with only host addresses
o Many bugfixes
Notes:
- For OSPF on PtP network, BIRD now sends all packets to multicast AllSPFRouters
address (as required in RFC 2328 8.1). This likely breaks setups with multiple
neighbors on a network configured as PtP, which worked in previous versions.
Such links should be configured as PtMP.
- Since Linux 5.3, netlink socket can be flooded by route cache entries during
route table scan. This version mitigates that issue by using strict netlink
filtering.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Triggered by Bug #12846 - in this context I noticed that vnstat had been updated to version 2.9.
For details see:
https://humdi.net/vnstat/CHANGES
"2.9 / 23-Jan-2022
- Fixed
- RescanDatabaseOnSave configuration option wasn't being read from the
configuration file resulting in the feature always being enabled
- Hourly graph image output using large fonts didn't correctly fade out
the x-axis line for hours not having data available
- New
- Add --alert for producing output and/or specific exit status when
configured condition and transfer limit is exceeded, can also be used
for "quota remaining" type of queries depending on used parameters
- Add configuration option InterfaceMatchMethod which allows configuring
the possibility of specifying an interface for database queries by using
its alias instead of system provided interface name, enabled by default
to support case insensitive matching of the beginning of interface
aliases (vnstat and vnstati)
- Image output file extension allows selecting the used image file format
as long as the used LibGD supports it, PNG is no longer the only option
- Add configuration option HourlyGraphMode for changing the output mode
of the graph, 0 = 24 hour sliding window (default, as in previous
releases), 1 = graph begins from midnight
- Add mode parameter for -hg / --hoursgraph options for overriding the
HourlyGraphMode configuration option setting from the command line
- Add vertical line to image output hourly graph to visualize midnight
- Add -t / --timestamp options to daemon for enabling timestamps to prints
when the daemon is running in the foreground attached to a terminal
- Accept ; as comment character in configuration file in addition to #
- Comment out keywords which are using default values with ; character in
provided configuration file and --showconfig output
2.8 / 4-Sep-2021
- Fixed
- Using a combination of --live and --json wasn't flushing stdout after
each line resulting in buffered output if the output was being piped
- Image output would fail to show the last line bar graph in list outputs
if EstimateStyle was 0, BarColumnShowsRate was 1 and the last line had a
higher traffic rate than other lines
- Image output didn't correctly horizontally align the "no data available"
message in 5 minute graph depending on the width of the image
- Image output related configuration warnings could get shown when image
output wasn't being used
- Warnings of mismatches between image output and data retention
configuration didn't provide relevant details for solving the issues
- BandwidthDetection was being used for tun interfaces even when the
Linux kernel had the information hardcoded to 10 Mbit regardless of the
used real interface, interface specific MaxBW will now be used instead
or MaxBandwidth as fallback
- Configured interface specific MaxBW values were getting overridden by
BandwidthDetection when something could be detected
- Image output horizontal rx/tx bars often had one pixel too much width in
the tx section resulting in slightly wrong ratio getting shown
- Top days list wasn't always sorting entries with exactly the same traffic
sum using ascending date
- 64bitInterfaceCounters with value -2 always assumed 32-bit on Linux
systems until a 64-bit value was seen if kernel headers weren't available
when binaries were built
- New
- Add the possibility of specifying an interface without using the
-i / --iface options (vnstat and vnstati)
- The daemon can discover added interfaces from the database without
requiring a restart, configurable with option RescanDatabaseOnSave
- Add configuration option UseUTC for using UTC as timezone for database
entries instead of following the system timezone configuration
- --iflist uses user configured interface specific MaxBW values in the
output when available instead of showing only the kernel provided
information when detected
- Add configuration option AlwaysAddNewInterfaces to expose the daemon
--alwaysadd command line option which gains an optional mode parameter
- Image output uses LibGD filled arc bug workaround only for LibGD
versions that are known to be broken
- Image output example cgi (examples/vnstat.cgi) improvements
- Automatically lists all monitored interfaces instead of requiring the
list to be filled manually, server name in page title comes from
hostname command by default
- Provides links for most available images to more detailed or longer
versions of each image
- Allows direct interface specific page access with /interfacename suffix
for the cgi if the used httpd supports PATH_INFO
- Page auto refresh can be enabled with configurable interval"
Please note:
As mentioned above, the default values in 2.9 are commented out. I have reversed this
by adding a simple 'sed' command to the lfs file.
Another possibility would have been to extend the existing sed commands. If this
is desired differently, please report.
As - nearly - always: running here with no seen problems...
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
projects / ipfire-2.x.git / log
