| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Internationalization extension for SQLAlchemy models. Features:
* Stores translations in separate tables.
* Reflects translation table structures based on parent model table structure.
* Supports forcing of given locale.
* Good performance (uses proxy dicts and other advanced SQLAlchemy concepts for
performance optimization).
|
|
|
|
|
|
Changelog:
WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. (We don’t support older versions, so please update to 4.0.1 for the latest and greatest.)
WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Jouko Pynnonen. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues:
Three cross-site scripting issues that a contributor or author could use to compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbourn of the WordPress security team.
A cross-site request forgery that could be used to trick a user into changing their password.
An issue that could lead to a denial of service when passwords are checked. Reported by Javier Nieto Arevalo and Andres Rojas Guerrero.
Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. Reported by Ben Bidner (vortfu).
An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding). Reported by David Anderson.
WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Reported separately by Momen Bassel, Tanoy Bose, and Bojan Slavković of ManageWP.
Version 4.0.1 also fixes 23 bugs with 4.0, and we’ve made two hardening changes, including better validation of EXIF data we are extracting from uploaded photos. Reported by Chris Andrè Dale.
We appreciated the responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.
Download WordPress 4.0.1 or venture over to Dashboard -> Updates and simply click “Update Now”.
|
|
|
|
termstyle is a simple python library for adding coloured output to terminal
(console) programs. The definitions come from ECMA-048, the "Control Functions
for Coded Character Sets" standard.
|
|
|
|
Status:
Unadjusted glyphs: Unicode 7x73-9398
|
|
|
|
|
|
rednose is a nosetests plugin for adding colour (and readability) to nosetest
console results.
|
|
Patch from richard@.
|
|
|
|
|
|
|
|
www/py-google-api-python-client-py3.
The Google API Client for Python is a client library for accessing the Plus,
Moderator, and many other Google APIs. This is the python 3.x port of the
package.
|
|
|
|
Several small bugfixes related to six/py3 support.
|
|
|
|
|
|
validate-email-address is a package for Python that check if an email is valid,
properly formatted and really exists.
|
|
|
|
|
|
|
|
in PR pkg/48271. (There's a mysqld_safe switch to log to syslog,
which would also work around the problem, at the expense mutually
exclusivity with normal MySQL logging). Bump PKGREVISIONs.
|
|
|
|
install any shared libraries. Clean up Makefile. Update patch. DEPENDS on
py-logilab-common>=0.53.0 instead of using old bl3 file from that package.
2013-04-16 -- 0.24.3
* #124360 [py3.3]: Don't crash on 'yield from' nodes
* #123062 [pylint-brain]: Use correct names for keywords for urlparse
* #123056 [pylint-brain]: Add missing methods for hashlib
* #123068: Fix inference for generator methods to correctly handle yields
in lambdas.
* #123068: Make sure .as_string() returns valid code for yields in
expressions.
* #47957: Set literals are now correctly treated as inference leaves.
* #123074: Add support for inference of subscript operations on dict
literals.
2013-02-27 -- 0.24.2
* pylint-brain: more subprocess.Popen faking (see #46273)
* #109562 [jython]: java modules have no __doc__, causing crash
* #120646 [py3]: fix for python3.3 _ast changes which may cause crash
* #109988 [py3]: test fixes
2012-10-05 -- 0.24.1
* #106191: fix __future__ absolute import w/ From node
* #50395: fix function fromlineno when some decorator is splited on
multiple lines (patch by Mark Gius)
* #92362: fix pyreverse crash on relative import
* #104041: fix crash 'module object has no file_encoding attribute'
* #4294 (pylint-brain): bad inference on mechanize.Browser.open
* #46273 (pylint-brain): bad inference subprocess.Popen.communicate
2012-07-18 -- 0.24.0
* include pylint brain extension, describing some stuff not properly understood until then.
(#100013, #53049, #23986, #72355)
* #99583: fix raw_building.object_build for pypy implementation
* use `open` rather than `file` in scoped_nodes as 2to3 miss it
2011-12-08 -- 0.23.1
* #62295: avoid "OSError: Too many open files" by moving
.file_stream as a Module property opening the file only when needed
* Lambda nodes should have a `name` attribute
* only call transformers if modname specified
2011-10-07 -- 0.23.0
* #77187: ancestor() only returns the first class when inheriting
from two classes coming from the same module
* #76159: putting module's parent directory on the path causes problems
linting when file names clash
* #74746: should return empty module when __main__ is imported (patch by
google)
* #74748: getitem protocal return constant value instead of a Const node
(patch by google)
* #77188: support lgc.decorators.classproperty
* #77253: provide a way for user code to register astng "transformers"
using manager.register_transformer(callable) where callable will be
called after an astng has been built and given the related module node
as argument
2011-07-18 -- 0.22.0
* added column offset information on nodes (patch by fawce)
* #70497: Crash on AttributeError: 'NoneType' object has no attribute '_infer_name'
* #70381: IndendationError in import causes crash
* #70565: absolute imports treated as relative (patch by Jacek Konieczny)
* #70494: fix file encoding detection with python2.x
* py3k: __builtin__ module renamed to builtins, we should consider this to properly
build ast for builtin objects
2011-01-11 -- 0.21.1
* python3: handle file encoding; fix a lot of tests
* fix #52006: "True" and "False" can be assigned as variable in Python2x
* fix #8847: pylint doesn't understand function attributes at all
* fix #8774: iterator / generator / next method
* fix bad building of ast from living object w/ container classes
(eg dict, set, list, tuple): contained elements should be turned to
ast as well (not doing it will much probably cause crash later)
* somewhat fix #57299 and other similar issue: Exception when
trying to validate file using PyQt's PyQt4.QtCore module: we can't
do much about it but at least catch such exception to avoid crash
|
|
|
|
gcc 4.x versions, this appears to still be needed with gcc 4.8.4.
From John D. Baker
|
|
not install any shared libraries. Added ALTERNATIVES. Clean up Makefile.
DEPENDS on py-six and py-colorama (for Win32). Changes:
2014-11-05 -- 0.63.0
* drop compatibility with python <= 2.5 (#264017)
* fix textutils.py doctests for py3k
* produce a clearer exception when dot is not installed (#253516)
* make source python3-compatible (3.3+), without using 2to3. This
introduces a dependency on six (#265740)
* fix umessage header decoding on python 3.3 and newer (#149345)
* WARNING: the compat module no longer exports 'callable', 'izip', 'imap',
'chain', 'sum', 'enumerate', 'frozenset', 'reversed', 'sorted', 'max',
'relpath', 'InheritableSet', or any subprocess-related names.
2014-07-30 -- 0.62.1
* shellutils: restore py 2.5 compat by removing usage of class decorator
* pytest: drop broken --coverage option
* testlib: support for skipping whole test class and conditional skip, don't
run setUp for skipped tests
* configuration: load options in config file order (#185648)
2014-03-07 -- 0.62.0
* modutils: cleanup_sys_modules returns the list of cleaned modules
2014-02-11 -- 0.61.0
* pdf_ext: removed, it had no known users (CVE-2014-1838)
* shellutils: fix tempfile issue in Execute, and deprecate it
(CVE-2014-1839)
* pytest: use 'env' to run the python interpreter
* graph: ensure output is ordered on node and graph ids (#202314)
2013-16-12 -- 0.60.1
* modutils:
* don't propagate IOError when package's __init__.py file doesn't
exist (#174606)
* ensure file is closed, may cause pb depending on the interpreter, eg
pypy) (#180876)
* fix support for `extend_path` based nested namespace packages ;
Report and patch by John Johnson (#177651)
* fix some cases of failing python3 install on windows platform / cross
compilation (#180836)
2013-07-26 -- 0.60.0
* configuration: rename option_name method into option_attrname (#140667)
* deprecation: new DeprecationManager class (closes #108205)
* modutils:
- fix typo causing name error in python3 / bad message in python2
(#136037)
- fix python3.3 crash in file_from_modpath due to implementation
change of imp.find_module wrt builtin modules (#137244)
* testlib: use assertCountEqual instead of assertSameElements/assertItemsEqual
(deprecated), fixing crash with python 3.3 (#144526)
* graph: use codecs.open avoid crash when writing utf-8 data under python3
(#155138)
2013-04-16 -- 0.59.1
* graph: added pruning of the recursive search tree for detecting cycles in
graphs (closes #2469)
* testlib: check for generators in with_tempdir (closes #117533)
* registry:
- select_or_none should not silent ObjectNotFound exception
(closes #119819)
- remove 2 accidentally introduced tabs breaking python 3 compat
(closes #117580)
* fix umessages test w/ python 3 and LC_ALL=C (closes #119967, report and
patch by Ian Delaney)
2013-01-21 -- 0.59.0
* registry:
- introduce RegistrableObject base class, mandatory to make
classes automatically registrable, and cleanup code
accordingly
- introduce objid and objname methods on Registry instead of
classid function and inlined code plus other refactorings to allow
arbitrary objects to be registered, provided they inherit from new
RegistrableInstance class (closes #98742)
- deprecate usage of leading underscore to skip object registration, using
__abstract__ explicitly is better and notion of registered object 'name'
is now somewhat fuzzy
- use register_all when no registration callback defined (closes #111011)
* logging_ext: on windows, use colorama to display colored logs, if available (closes #107436)
* packaging: remove references to ftp at logilab
* deprecations: really check them
* packaging: steal spec file from fedora (closes #113099)
* packaging force python2.6 on rhel5 (closes #113099)
* packaging Update download and project urls (closes #113099)
* configuration: enhance merge_options function (closes #113458)
* decorators: fix @monkeypatch decorator contract for dark corner
cases such as monkeypatching of a callable instance: no more
turned into an unbound method, which was broken in python 3 and
probably not used anywhere (actually closes #104047).
2012-11-14 -- 0.58.3
* date: fix ustrftime() impl. for python3 (closes #82161, patch by Arfrever
Frehtes Taifersar Arahesis) and encoding detection for python2 (closes
#109740)
* other python3 code and test fixes (closes #104047)
* registry: Store.setdefault shouldn't raise RegistryNotFound (closes #111010)
* table: stop encoding to iso-8859-1, use unicode (closes #105847)
* setup: properly install additional files during build instead of install (closes #104045)
2012-07-30 -- 0.58.2
* modutils: fixes (closes #100757 and #100935)
2012-07-17 -- 0.58.1
* modutils, testlib: be more python implementation independant (closes #99493 and #99627)
2012-04-12 -- 0.58.0
* new `registry` module containing a backport of CubicWeb selectable objects registry (closes #84654)
* testlib: DocTestCase fix builtins pollution after doctest execution.
* shellutil: add argument to ``ProgressBar.update`` to tune cursor progression (closes #88981)
* deprecated: new DeprecationWrapper class (closes #88942)
2012-03-22 -- 0.57.2
* texutils: apply_units raise ValueError if string isn'nt valid (closes #88808)
* daemon: don't call putenv directly
* pytest: do not enable extra warning other than DeprecationWarning.
* testlib: DocTestCase fix builtins pollution after doctest execution.
* testlib: replace sys.exit with raise ImportError (closes: #84159)
* fix license in README
* add trove classifiers (tell about python 3 support for pypi)
2011-10-28 -- 0.57.1
* daemon: change $HOME after dropping privileges (closes #81297)
* compat: method_type for py3k use instance of the class to have a
real instance method (closes: #79268)
2011-10-12 -- 0.57.0
* only install unittest2 when python version < 2.7 (closes: #76068)
* daemon: make pidfile world-readable (closes #75968)
* daemon: remove unused(?) DaemonMixin class
* update compat module for callable() and method_type()
* decorators: fix monkeypatch py3k compat (closes #75290)
* decorators: provide a @cachedproperty decorator
2011-09-08 -- 0.56.2
* daemon: call initgroups/setgid before setuid (closes #74173)
* decorators: @monkeypatch should produce a method object (closes #73920)
* modutils: allow overriding of _getobj by suppressing mangling
2011-08-05 -- 0.56.1
* clcommands: #72450 --rc-file option doesn't work
2011-06-09 -- 0.56.0
* clcommands: make registration possible by class decoration
* date: new datetime/delta <-> seconds/days conversion function
* decorators: refactored @cached to allow usages such as
@cached(cacheattr='_cachename') while keeping bw compat
2011-04-01 -- 0.55.2
* new function for password generation in shellutils
* pyro_ext: allow to create a server without registering with a pyrons
2011-03-28 -- 0.55.1
* fix date.ustrftime break if year <= 1900
* fix graph.py incorrectly builds command lines using %s to call dot
* new functions to get UTC datetime / time
2011-02-18 -- 0.55.0
* new urllib2ext module providing a GSSAPI authentication handler, based on python-kerberos
* graph: test and fix ordered_nodes() [closes #60288]
* changelog: refactor ChangeLog class to ease overriding
* testlib: Fix tag handling for generator.
2011-01-12 -- 0.54.0
* dropped python 2.3 support
* daemon: we can now specify umask to daemonize function, and it return
different exit code according to the process
* pyro_ext: new ns_reregister function to ensure a name is still properly
registered in the pyro name server
* hg: new incoming/outgoing functions backward compatible with regards to
mercurial version (eg hg 1.6 and earlier)
* testlib/pytest: more deprecation and removed code. Still on the way to
unittest2
|
|
|
|
kamelderouiche@yahoo.com
|
|
|
|
Makes ANSI escape character sequences for producing colored terminal text and
cursor positioning work under MS Windows.
ANSI escape character sequences have long been used to produce colored terminal
text and cursor positioning on Unix and Macs. Colorama makes this work on
Windows, too, by wrapping stdout, stripping ANSI sequences it finds (which
otherwise show up as gobbledygook in your output), and converting them into the
appropriate win32 calls to modify the state of the terminal. On other platforms,
Colorama does nothing.
Colorama also provides some shortcuts to help generate ANSI sequences but works
fine in conjunction with any other ANSI sequence generation library, such as
Termcolor.
|
|
|
|
|
|
Snoopy sends every executed command to syslog.
|
|
|
|
|
|
|
|
Requested by Kai-Uwe Eckhardt.
Remove an incorrect comment.
Changes:
One of the mpfr_exp implementations uses a left shift on an integer
that can be negative: exps <<= 1; and this has an undefined behavior
according to the ISO C standard. In most cases, this will correspond
to a multiplication by 2, and the code will behave as expected
(this is why the bug hadn't been detected until now). But problems
may occur if a sanitizer is used (this is how this bug was detected)
or possibly in case of advanced optimizations, such as LTO. This
is fixed by the exp_2 patch.
The mpfr_fits_u*_p functions return 0 ("doesn't fit") instead of
non-zero ("fits") on negative arguments for which the rounding to
an integer in the given rounding mode is 0. This bug is fixed by
the fits-smallneg patch, which also updates the testcases.
Some tget_flt tests fail in environments where native C floating-point
division by zero is not supported, e.g. regarded as an error, such
as with Clang's sanitizer; some similar tests were already disabled
in such a case, but not all. The tset_ld test triggers a useless
overflow on a double. These problems are fixed by the clang-divby0
patch, which also disables constant division by zero on the native
C type double with Clang in order to avoid incorrect code.
The formatted output functions (mpfr_*printf) are incorrect on the
value 0 when using the alternative form (# flag), a positive
precision, and the g or G conversion specifier: there is one
additional trailing 0. The corresponding test is also incorrect
(explaining why the bug was not detected). These problems are fixed
by the printf-alt0 patch, which also provides some additional
related tests.
Only for applications using the custom interface: The mpfr_custom_init_set
macro has a typo in a variable name, which can yield incorrect
behavior if the second argument is not a simple expression. This
bug is fixed by the custom_init_set patch.
The build fails on li2.c with the GCC -Werror=return-type option
when logging has been enabled. This problem is fixed by the li2-return
patch.
The rounding of mpfr_exp can be incorrect for output precisions
larger than or equal to MPFR_EXP_THRESHOLD (several thousands of
bits; its value depends on the architecture). This bug is fixed by
the exp3 patch, which also provides a testcase.
This MPFR release fails to build with GMP 6 when the --with-gmp-build
configure option is used. The gmp6-compat patch fixes this
compatibility problem.
When dividing a very large number (near the maximum finite one, in
absolute value) by a very small number (near the minimum one, in
absolute value), an integer overflow occurs in the computation of
the exponent of the result, yielding undefined behavior, such as
the result 0 instead of infinity. This bug is fixed by the div-overflow
patch, which also provides a testcase.
The vasprintf.c source file contains incorrect assertions, which
may fail while the computation is valid; this can occur only when
outputting tiny numbers (very small exponents). These assertions
are fixed by the vasprintf patch, which also provides a testcase.
A buffer overflow may occur in mpfr_strtofr. This is due to incorrect
GMP documentation for mpn_set_str about the size of a buffer
(discussion; first fix in the GMP documentation). This bug is
present in the MPFR versions from 2.1.0 (adding mpfr_strtofr) to
this one, and can be detected by running "make check" in a 32-bit
ABI under GNU/Linux with alloca disabled (this is currently possible
by using the --with-gmp-build configure option where alloca has
been disabled in the GMP build). It is fixed by the strtofr patch.
|
|
XXX: This does not handle distribution patches.
|
|
|
|
* Version 3.2.20 (released 2014-11-10)
** libgnutls: Removed superfluous random generator refresh on every call
of gnutls_deinit(). That reduces load and usage of /dev/urandom.
** libgnutls: Corrected issue in export of ECC parameters to X9.63 format.
Reported by Sean Burford [GNUTLS-SA-2014-5].
** API and ABI modifications:
No changes since last version.
|
|
|
|
* Version 3.2.19 (released 2014-10-13)
** libgnutls: Fixes in the transparent import of PKCS #11 certificates.
Reported by Joseph Peruski.
** libgnutls: Fixed issue with unexpected non-fatal errors resetting the
handshake's hash buffer, in applications using the heartbeat extension
or DTLS. Reported by Joeri de Ruiter.
** libgnutls: fix issue in DTLS retransmission when session tickets
were in use; reported by Manuel Pégourié-Gonnard.
** libgnutls: Prevent abort() in library if getrusage() fails. Try to
detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work.
** guile: new 'set-session-server-name!' procedure; see the manual for
details.
** API and ABI modifications:
No changes since last version.
|
|
|
|
|
