[announce] but what about *second* skarnet.org November 2023 release?

From: Laurent Bercot <ska-skaware_at_skarnet.org>
Date: Mon, 20 Nov 2023 04:07:56 +0000


  New versions of some skarnet.org packages are available.
  This is mostly a bugfix release, addressing the problems that were
reported since the big release two weeks ago.

  Despite that, s6-dns got a minor version bump because the fixes
needed an additional interface; and s6-networking got a major bump,
because it needed an interface change. Nothing that *should* impact
you, the changes are pretty innocuous; but see below.

skalibs- (release)
s6- (release)
s6-dns- (minor)
s6-networking- (major)
tipidee- (minor)

  * skalibs-

  This release is important if you want the fixes in s6-dns: the
ipv6 parsing code has been revamped.


  * s6-

  It's only a bugfix, but you want to grab this version, because the
bug was impactful (s6-svscanctl -an not working as intended).


  * s6-dns-

  - The parsing of /etc/hosts now ignores link-local addresses instead
of refusing to process the whole file.
  - New interface to only process /etc/hosts if a client requires it.


  * s6-networking-

  - s6-tlsc-io has changed interfaces; now it's directly usable from a
terminal. This change should be invisible unless you were using
s6-tlsc-io without going through s6-tlsc (which, until now, there was
no reason to do).
  - s6-tcpserverd now logs "accept" and "reject" instead of "allow" and
"deny", this terminology now being reserved to s6-tcpserver-access.
  - The -h option to s6-tcpclient and s6-tcpserver-access has changed
semantics. Previously it was used to require a DNS lookup, and was
ever specified since it was the default (with -H disabling DNS lookups).
Now it means that DNS lookups must be preceded by a lookup in the
hosts database.
  - A new pair of options, -J|-j, are accepted by s6-tlsc-io and
s6-tlsd-io, and by extension the whole TLS chain of tools. -J means that
s6-tls[cd]-io should exit nonzero with an error message if the peer
to send a close_notify before closing the connection; -j, which is the
default, means ignore it and exit normally.
  - The TLS tunnels work as intended in more corner cases and
pathological situations.


  * tipidee-

  - Bugfixes.
  - New configuration options: "log x-forwarded-for", to log the contents
of the X-Forwarded-For header, if any, along with the request; and
"global executable_means_cgi", to treat any executable file as a CGI
script (which is useful when you control the document hierarchy, but
dangerous when it's left to third-party content manager programs).


  As always, bug-reports welcome.

Received on Mon Nov 20 2023 - 05:07:56 CET

This archive was generated by hypermail 2.4.0 : Mon Nov 20 2023 - 05:08:27 CET