The Dark Mod is free and open-source software first-person stealth
video game, inspired by the Thief series by Looking Glass Studios.
The game provides the basic framework and tools – engine, assets,
models, an editor – for more than 100 fan-made missions, including
several multi-mission campaigns.
* fixed comparison of BUILDLINK_API_DEPENDS against commit hashes
in go-properties-map and go-paths-helper, as some dependencies
have no Gihub releases or versioning at all
* go-properties-map now links properly to arduino-builder, one
less build error.
Changes:
1.47.0
------
* New backends
* Backend for Koofr cloud storage service. (jaKa)
* New Features
* Resume downloads if the reader fails in copy (Nick Craig-Wood)
* this means rclone will restart transfers if the source has an error
* this is most useful for downloads or cloud to cloud copies
* Use `--fast-list` for listing operations where it won't use more memory
(Nick Craig-Wood)
* this should speed up the following operations on remotes which
support `ListR`
* `dedupe`, `serve restic` `lsf`, `ls`, `lsl`, `lsjson`, `lsd`,
`md5sum`, `sha1sum`, `hashsum`, `size`, `delete`, `cat`, `settier`
* use `--disable ListR` to get old behaviour if required
* Make `--files-from` traverse the destination unless `--no-traverse` is
set (Nick Craig-Wood)
* this fixes `--files-from` with Google drive and excessive API use in
general.
* Make server side copy account bytes and obey `--max-transfer`
(Nick Craig-Wood)
* Add `--create-empty-src-dirs` flag and default to not creating empty
dirs (ishuah)
* Add client side TLS/SSL flags `--ca-cert`/`--client-cert`/`--client-key`
(Nick Craig-Wood)
* Implement `--suffix-keep-extension` for use with `--suffix`
(Nick Craig-Wood)
* build:
* Switch to semvar compliant version tags to be go modules compliant
(Nick Craig-Wood)
* Update to use go1.12.x for the build (Nick Craig-Wood)
* serve dlna: Add connection manager service description to improve
compatibility (Dan Walters)
* lsf: Add 'e' format to show encrypted names and 'o' for original IDs
(Nick Craig-Wood)
* lsjson: Added `--files-only` and `--dirs-only` flags (calistri)
* rc: Implement operations/publiclink the equivalent of `rclone link`
(Nick Craig-Wood)
* Bug Fixes
* accounting: Fix total ETA when `--stats-unit bits` is in effect
(Nick Craig-Wood)
* Bash TAB completion
* Use private custom func to fix clash between rclone and kubectl
(Nick Craig-Wood)
* Fix for remotes with underscores in their names (Six)
* Fix completion of remotes (Florian Gamböck)
* Fix autocompletion of remote paths with spaces (Danil Semelenov)
* serve dlna: Fix root XML service descriptor (Dan Walters)
* ncdu: Fix display corruption with Chinese characters (Nick Craig-Wood)
* Add SIGTERM to signals which run the exit handlers on unix
(Nick Craig-Wood)
* rc: Reload filter when the options are set via the rc (Nick Craig-Wood)
* VFS / Mount
* Fix FreeBSD: Ignore Truncate if called with no readers and already the
correct size (Nick Craig-Wood)
* Read directory and check for a file before mkdir (Nick Craig-Wood)
* Shorten the locking window for vfs/refresh (Nick Craig-Wood)
* Azure Blob
* Enable MD5 checksums when uploading files bigger than the "Cutoff"
(Dr.Rx)
* Fix SAS URL support (Nick Craig-Wood)
* B2
* Allow manual configuration of backblaze downloadUrl (Vince)
* Ignore already_hidden error on remove (Nick Craig-Wood)
* Ignore malformed `src_last_modified_millis` (Nick Craig-Wood)
* Drive
* Add `--skip-checksum-gphotos` to ignore incorrect checksums on Google
Photos (Nick Craig-Wood)
* Allow server side move/copy between different remotes. (Fionera)
* Add docs on team drives and `--fast-list` eventual consistency (Nestar47)
* Fix imports of text files (Nick Craig-Wood)
* Fix range requests on 0 length files (Nick Craig-Wood)
* Fix creation of duplicates with server side copy (Nick Craig-Wood)
* Dropbox
* Retry blank errors to fix long listings (Nick Craig-Wood)
* FTP
* Add `--ftp-concurrency` to limit maximum number of connections
(Nick Craig-Wood)
* Google Cloud Storage
* Fall back to default application credentials (marcintustin)
* Allow bucket policy only buckets (Nick Craig-Wood)
* HTTP
* Add `--http-no-slash` for websites with directories with no slashes
(Nick Craig-Wood)
* Remove duplicates from listings (Nick Craig-Wood)
* Fix socket leak on 404 errors (Nick Craig-Wood)
* Jottacloud
* Fix token refresh (Sebastian Bünger)
* Add device registration (Oliver Heyme)
* Onedrive
* Implement graceful cancel of multipart uploads if rclone is interrupted
(Cnly)
* Always add trailing colon to path when addressing items, (Cnly)
* Return errors instead of panic for invalid uploads (Fabian Möller)
* S3
* Add support for "Glacier Deep Archive" storage class (Manu)
* Update Dreamhost endpoint (Nick Craig-Wood)
* Note incompatibility with CEPH Jewel (Nick Craig-Wood)
* SFTP
* Allow custom ssh client config (Alexandru Bumbacea)
* Swift
* Obey Retry-After to enable OVH restore from cold storage
(Nick Craig-Wood)
* Work around token expiry on CEPH (Nick Craig-Wood)
* WebDAV
* Allow IsCollection property to be integer or boolean (Nick Craig-Wood)
* Fix race when creating directories (Nick Craig-Wood)
* Fix About/df when reading the available/total returns 0 (Nick Craig-Wood)
SECURITY:
* Given: (a) performance replication is enabled; (b) performance standbys are
in use on the performance replication secondary cluster; and (c) mount
filters are in use, if a mount that was previously available to a secondary
is updated to be filtered out, although the data would be removed from the
secondary cluster, the in-memory cache of the data would not be purged on
the performance standby nodes. As a result, the previously-available data
could still be read from memory if it was ever read from disk, and if this
included mount configuration data this could result in token or lease
issuance. The issue is fixed in this release; in prior releases either an
active node changeover (such as a step-down) or a restart of the standby
nodes is sufficient to cause the performance standby nodes to clear their
cache. A CVE is in the process of being issued; the number is
CVE-2019-11075.
* Roles in the JWT Auth backend using the OIDC login flow (i.e. role_type of
“oidc”) were not enforcing bound_cidrs restrictions, if any were configured
for the role. This issue did not affect roles of type “jwt”.
CHANGES:
* auth/jwt: Disallow logins of role_type "oidc" via the `/login` path [JWT-38]
* core/acl: New ordering defines which policy wins when there are multiple
inexact matches and at least one path contains `+`. `+*` is now illegal in
policy paths. The previous behavior simply selected any matching
segment-wildcard path that matched. [GH-6532]
* replication: Due to technical limitations, mounting and unmounting was not
previously possible from a performance secondary. These have been resolved,
and these operations may now be run from a performance secondary.
IMPROVEMENTS:
* agent: Allow AppRole auto-auth without a secret-id [GH-6324]
* auth/gcp: Cache clients to improve performance and reduce open file usage
* auth/jwt: Bounds claims validiation will now allow matching the received
claims against a list of expected values [JWT-41]
* secret/gcp: Cache clients to improve performance and reduce open file usage
* replication: Mounting/unmounting/remounting/mount-tuning is now supported
from a performance secondary cluster
* ui: Suport for authentication via the RADIUS auth method [GH-6488]
* ui: Navigating away from secret list view will clear any page-specific
filter that was applied [GH-6511]
* ui: Improved the display when OIDC auth errors [GH-6553]
BUG FIXES:
* agent: Allow auto-auth to be used with caching without having to define any
sinks [GH-6468]
* agent: Disallow some nonsensical config file combinations [GH-6471]
* auth/ldap: Fix CN check not working if CN was not all in uppercase [GH-6518]
* auth/jwt: The CLI helper for OIDC logins will now open the browser to the correct
URL when running on Windows [JWT-37]
* auth/jwt: Fix OIDC login issue where configured TLS certs weren't being used [JWT-40]
* auth/jwt: Fix an issue where the `oidc_scopes` parameter was not being included in
the response to a role read request [JWT-35]
* core: Fix seal migration case when migrating to Shamir and a seal block
wasn't explicitly specified [GH-6455]
* core: Fix unwrapping when using namespaced wrapping tokens [GH-6536]
* core: Fix incorrect representation of required properties in OpenAPI output
[GH-6490]
* core: Fix deadlock that could happen when using the UI [GH-6560]
* identity: Fix updating groups removing existing members [GH-6527]
* identity: Properly invalidate group alias in performance secondary [GH-6564]
* identity: Use namespace context when loading entities and groups to ensure
merging of duplicate entries works properly [GH-6563]
* replication: Fix performance standby election failure [GH-6561]
* replication: Fix mount filter invalidation on performance standby nodes
* replication: Fix license reloading on performance standby nodes
* replication: Fix handling of control groups on performance standby nodes
* replication: Fix some forwarding scenarios with request bodies using
performance standby nodes [GH-6538]
* secret/gcp: Fix roleset binding when using JSON [GCP-27]
* secret/pki: Use `uri_sans` param in when not using CSR parameters [GH-6505]
* storage/dynamodb: Fix a race condition possible in HA configurations that could
leave the cluster without a leader [GH-6512]
* ui: Fix an issue where in production builds OpenAPI model generation was
failing, causing any form using it to render labels with missing fields [GH-6474]
* ui: Fix issue nav-hiding when moving between namespaces [GH-6473]
* ui: Secrets will always show in the nav regardless of access to cubbyhole [GH-6477]
* ui: fix SSH OTP generation [GH-6540]
* ui: add polyfill to load UI in IE11 [GH-6567]
* ui: Fix issue where some elements would fail to work properly if using ACLs
with segment-wildcard paths (`/+/` segments) [GH-6525]
IMPROVEMENTS:
* builder/alicloud: Improve error message for conflicting images name [GH-7415]
* builder/amazon-chroot: Allow users to specify custom block device mapping
[GH-7370]
* builder/ansible: Documentation fix explaining how to use ansible 2.7 + winrm
[GH-7461]
* builder/azure-arm: specify zone resilient image from config [GH-7211]
* builder/docker: Add support for windows containers [GH-7444]
* builder/openstack: Allow both ports and networks in openstack builder
[GH-7451]
* builder/openstack: Expose force_delete for openstack builder [GH-7395]
* builder/OpenStack: Support Application Credential Authentication [GH-7300]
* builder/virtualbox: Add validation for 'none' communicator. [GH-7419]
* builder/virtualbox: create ephemeral SSH key pair for build process [GH-7287]
* core: Add functionality to marshal a Template to valid Packer JSON [GH-7339]
* core: Allow user variables to be interpreted within the variables section
[GH-7390]
* core: Incorporate the go-getter to handle downloads [GH-6999]
* core: Lock Packer VNC ports using a lock file to prevent collisions [GH-7422]
* core: Print VerifyChecksum log for the download as ui.Message output
[GH-7387]
* core: Users can now set provisioner timeouts [GH-7466]
* core: Switch to using go mod for managing dependencies [GH-7270]
* core: Select a new VNC port if initial port is busy [GH-7423]
* post-processor/googlecompute-export: Set network project id to builder
[GH-7359]
* post-processor/vagrant-cloud: support for the vagrant builder [GH-7397]
* post-processor/Vagrant: Option to ignore SSL verification when using on-
premise vagrant cloud [GH-7377]
* postprocessor/amazon-import: Support S3 and AMI encryption. [GH-7396]
* provisioner/shell provisioner/windows-shell: allow to specify valid exit
codes [GH-7385]
* core: Filter sensitive variables out of the ui as well as the logs
[GH-7462]
BUG FIXES:
* builder/alibaba: Update to latest Alibaba Cloud official image to fix
acceptance tests [GH-7375]
* builder/amazon-chroot: Fix building PV images and where mount_partition is
set [GH-7337]
* builder/amazon: Fix http_proxy env var regression [GH-7361]
* builder/azure: Fix: Power off before taking snapshot (windows) [GH-7464]
* builder/hcloud: Fix usage of freebsd64 rescue image [GH-7381]
* builder/vagrant: windows : fix docs and usage [GH-7416] [GH-7417]
* builder/vmware-esxi: properly copy .vmxf files in remote vmx builds [GH-7357]
* core: fix bug where Packer didn't pause in debug on certain linux platforms.
[GH-7352]
* builder/amazon: Fix bug copying encrypted images between regions [GH-7342]
BACKWARDS INCOMPATIBILITIES:
* builder/amazon: Change `temporary_security_group_source_cidr` to
`temporary_security_group_source_cidrs` and allow it to accept a list of
strings. [GH-7450]
* builder/amazon: If users do not pass any encrypt setting, retain any initial
encryption setting of the AMI. [GH-6787]
* builder/docker: Update docker's default config to use /bin/sh instead of
/bin/bash [GH-7106]
* builder/hyperv: Change option names cpu->cpus and ram_size->memory to bring
naming in line with vmware and virtualbox builders [GH-7447]
* builder/oracle-classic: Remove default ssh_username from oracle classic
builder, but add note to docs with oracle's default user. [GH-7446]
* builder/scaleway: Renamed attribute api_access_key to organization_id.
[GH-6983]
* Change clean_image name and clean_ami_name to a more general clean_resource
name for Googlecompute, Azure, and AWS builders. [GH-7456]
* core/post-processors: Change interface for post-processors to allow an
overridable default for keeping input artifacts. [GH-7463]
Notable changes in version 0.4.0.4-rc - 2019-04-11
Tor 0.4.0.4-rc is the first release candidate in its series; it fixes
several bugs from earlier versions, including some that had affected
stability, and one that prevented relays from working with NSS.
o Major bugfixes (NSS, relay):
- When running with NSS, disable TLS 1.2 ciphersuites that use
SHA384 for their PRF. Due to an NSS bug, the TLS key exporters for
these ciphersuites don't work -- which caused relays to fail to
handshake with one another when these ciphersuites were enabled.
Fixes bug 29241; bugfix on 0.3.5.1-alpha.
o Minor features (bandwidth authority):
- Make bandwidth authorities ignore relays that are reported in the
bandwidth file with the flag "vote=0". This change allows us to
report unmeasured relays for diagnostic reasons without including
their bandwidth in the bandwidth authorities' vote. Closes
ticket 29806.
- When a directory authority is using a bandwidth file to obtain the
bandwidth values that will be included in the next vote, serve
this bandwidth file at /tor/status-vote/next/bandwidth. Closes
ticket 21377.
o Minor features (circuit padding):
- Stop warning about undefined behavior in the probability
distribution tests. Float division by zero may technically be
undefined behavior in C, but it's well defined in IEEE 754.
Partial backport of 29298. Closes ticket 29527; bugfix
on 0.4.0.1-alpha.
o Minor features (dormant mode):
- Add a DormantCanceledByStartup option to tell Tor that it should
treat a startup event as cancelling any previous dormant state.
Integrators should use this option with caution: it should only be
used if Tor is being started because of something that the user
did, and not if Tor is being automatically started in the
background. Closes ticket 29357.
o Minor features (geoip):
- Update geoip and geoip6 to the April 2 2019 Maxmind GeoLite2
Country database. Closes ticket 29992.
o Minor features (NSS, diagnostic):
- Try to log an error from NSS (if there is any) and a more useful
description of our situation if we are using NSS and a call to
SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241.
o Minor bugfixes (security):
- Fix a potential double free bug when reading huge bandwidth files.
The issue is not exploitable in the current Tor network because
the vulnerable code is only reached when directory authorities
read bandwidth files, but bandwidth files come from a trusted
source (usually the authorities themselves). Furthermore, the
issue is only exploitable in rare (non-POSIX) 32-bit architectures,
which are not used by any of the current authorities. Fixes bug
30040; bugfix on 0.3.5.1-alpha. Bug found and fixed by
Tobias Stoeckmann.
- Verify in more places that we are not about to create a buffer
with more than INT_MAX bytes, to avoid possible OOB access in the
event of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and
fixed by Tobias Stoeckmann.
o Minor bugfixes (bootstrap reporting):
- During bootstrap reporting, correctly distinguish pluggable
transports from plain proxies. Fixes bug 28925; bugfix
on 0.4.0.1-alpha.
o Minor bugfixes (C correctness):
- Fix an unlikely memory leak in consensus_diff_apply(). Fixes bug
29824; bugfix on 0.3.1.1-alpha. This is Coverity warning
CID 1444119.
o Minor bugfixes (circuitpadding testing):
- Minor tweaks to avoid rare test failures related to timers and
monotonic time. Fixes bug 29500; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (directory authorities):
- Actually include the bandwidth-file-digest line in directory
authority votes. Fixes bug 29959; bugfix on 0.4.0.2-alpha.
o Minor bugfixes (pluggable transports):
- Restore old behavior when it comes to discovering the path of a
given Pluggable Transport executable file. A change in
0.4.0.1-alpha had broken this behavior on paths containing a
space. Fixes bug 29874; bugfix on 0.4.0.1-alpha.
o Minor bugfixes (TLS protocol):
- When classifying a client's selection of TLS ciphers, if the
client ciphers are not yet available, do not cache the result.
Previously, we had cached the unavailability of the cipher list
and never looked again, which in turn led us to assume that the
client only supported the ancient V1 link protocol. This, in turn,
was causing Stem integration tests to stall in some cases. Fixes
bug 30021; bugfix on 0.2.4.8-alpha.
o Code simplification and refactoring:
- Introduce a connection_dir_buf_add() helper function that detects
whether compression is in use, and adds a string accordingly.
Resolves issue 28816.
- Refactor handle_get_next_bandwidth() to use
connection_dir_buf_add(). Implements ticket 29897.
Add bareos-clientonly
Fixes included here:
fix NetBSD port
support scsi-crypto option
disable NDMP as some RPC marshalling is missing in the base system
clear hw crypto key on close (scsi-crypto module)
make tapealert check more often (tapealert module)
provide a chio-changer script
- patch-routersploit_core_exploit_payloads.py was missing a `.' in
import_module() leading to not able to find installed encoders
- the payload semantic was accidentally changed (from `<architecture>/<payload>'
to `payloads.<architecture>.<payload>'), readjust it as it was originally
Thanks to Marcin Bury for the review!
The 1.5.4 release is from January 2017, and no longer builds against
current qt5. In particular, tef_xml.cc fails. I am dithering between
hoping for a new release and commenting tef_xml out of the build, and
am parking the in-progress work here.
Stone Soup 0.23.2 (20190330)
----------------------------
Bugfix Release
--------------
* Various seed-related bugfixes and improvements:
- Seed input now supports pasting, and is autofilled from the last game.
- The seed input box now has an extra digit.
- The game seed is saved correctly and will no longer show as 0 for games
started after this fix.
- Seed stability for floating point calculations: for most configuration the
main dungeon should remain unchanged, but 32 bit systems (and 32-bit builds)
should now be much more stable, among others. Slime will likely differ.
- Seed stability for rc options: certain rc options affected the generation
of some layouts, leading to divergent seeds.
* AK starts will no longer crash when exiting the abyss in pregen games.
* Gozag bribe branch in pregen games now works correctly when entering a
previously unvisited level.
* Meatsprint is now difficult again.
* 37 other bugfixes and improvements in total.