From 1367c11e1ee44d9e19daa50e1d015365bae17354 Mon Sep 17 00:00:00 2001 From: Andy Green Date: Thu, 15 Apr 2021 16:55:07 +0000 Subject: [PATCH] v4.2.0 release --- CMakeLists.txt | 6 ++-- READMEs/README.tls-sessions.md | 4 +-- changelog | 53 ++++++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 947d51e35..3e92feaa4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -373,8 +373,8 @@ set(PACKAGE "libwebsockets") set(CPACK_RPM_PACKAGE_LICENSE "MIT") set(CPACK_PACKAGE_NAME "${PACKAGE}") set(CPACK_PACKAGE_VERSION_MAJOR "4") -set(CPACK_PACKAGE_VERSION_MINOR "1") -set(CPACK_PACKAGE_VERSION_PATCH_NUMBER "99") +set(CPACK_PACKAGE_VERSION_MINOR "2") +set(CPACK_PACKAGE_VERSION_PATCH_NUMBER "0") set(CPACK_PACKAGE_VERSION_PATCH "${CPACK_PACKAGE_VERSION_PATCH_NUMBER}-${LWS_BUILD_HASH}") set(CPACK_PACKAGE_RELEASE 1) @@ -383,7 +383,7 @@ set(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSIO set(CPACK_PACKAGE_VENDOR "andy@warmcat.com") set(CPACK_PACKAGE_CONTACT "andy@warmcat.com") set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "${PACKAGE} ${CPACK_PACKAGE_VERSION}") -set(SOVERSION "17") +set(SOVERSION "18") if(NOT CPACK_GENERATOR) if(UNIX) set(CPACK_GENERATOR "TGZ") diff --git a/READMEs/README.tls-sessions.md b/READMEs/README.tls-sessions.md index be2249553..1c2920949 100644 --- a/READMEs/README.tls-sessions.md +++ b/READMEs/README.tls-sessions.md @@ -89,7 +89,7 @@ caution. RFC5246 says write session IDs to stable storage. The issue is that while in process memory the session object is relatively -secure compared to ensitive secrets and tls library data already in process +secure compared to sensitive secrets and tls library data already in process memory. But when serialized to, eg, some external, unencrypted medium, the accessibility @@ -102,4 +102,4 @@ serialize any session in the cache associated with a vhost/host/port tuple, and to preload any available session into a vhost session cache by describing the endpoint hostname and port. -The session saving and loading apis aren't supported for mbedtls yet. \ No newline at end of file +The session saving and loading apis aren't supported for mbedtls yet. diff --git a/changelog b/changelog index f424759e5..5debeb60e 100644 --- a/changelog +++ b/changelog @@ -1,6 +1,59 @@ Changelog --------- +v4.2.0 +====== + + - Sai coverage upgrades, 495 builds on 27 platforms, including OSX M1, + Xenial, Bionic and Focal Ubuntu, Debian Sid and Buster on both 32 and + 64-bit OS, and NetBSD, Solaris, FreeBSD, Windows, ESP32. + Ctest run on more scenarios including all LWS_WITH_DISTRO_RECOMMENDED. + More tests use valgrind if available on platform. + - RFC7231 date and time parsing and retry-after wired up to lws_retry + - `LWS_WITH_SUL_DEBUGGING` checks that no sul belonging to Secure Streams + and wsi objects are left registered on destruction + - Netlink monitoring on Linux dynamically tracks interface address and + routing changes, and immediately closes connections on invalidated + routes. + - RFC6724 DNS results sorting over ipv4 + ipv6 results, according to + available dynamic route information + - Support new event library, sdevent (systemd native loop), via + `LWS_WITH_SDEVENT` + - Reduce .rodata cost of role structs by making them sparse + - Additional Secure Streams QA tests and runtime state transition + validation + - SMD-over-ss-proxy documentation and helpers to simplify forwarding + - SSPC stream buffering at proxy and client set from policy by streamtype + - Trigger Captive Portal Detection if DNS resolution fails + - Switch all logs related to wsi and Secure Streams to use unique, + descriptive tags instead of pointers (which may be reallocated) + - Use NOITCE logging for Secure Streams and wsi lifecycle logging using + tags + - Update SSPC serialization to include versioning on initial handshake, + and pass client pid to proxy so related objects are tagged with it + - Enable errors on -Wconversion pedantic type-related build issues + throughout the lws sources and upgrade every affected cast. + - Windows remove WSA event implementation and replace with WSAPoll, with + a pair of UDP sockets instead of pipe() for `lws_cancel_service()` + - `lws_strcmp_wildcard()` helper that understand "x*", "x*y", "x*y*" etc + - `LWS_WITH_PLUGINS_BUILTIN` cmake option just builds plugins into the main + library image directly + - Secure Streams proxy supports policy for flow control between proxy and + clients + - libressl also supported along with boringssl, wolfssl + - prepared for openssl v3 compatibility, for main function and GENCRYPTO + - Fault injection apis can confirm operation of 48 error paths and counting + - `LWS_WITH_SYS_METRICS` keeps stats and reports them to user-defined + function, compatible with openmetrics + - windows platform knows how to prepare openssl with system trust store certs + - `LWS_WITH_SYS_CONMON` allows selected client connections to make precise + measurements of connection performance and DNS results, and report them in a struct + - New native support for uloop event loop (OpenWRT loop) + - More options around JWT + - Support TLS session caching and reuse by default, on both OpenSSL and + mbedtls + - Many fixes and improvements... + v4.1.0 ======