| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Overview of changes leading to 1.3.2
Wednesday, September 27, 2016
====================================
- Fix build of hb-coretext on older OS X versions.
|
|
Unknown
|
|
|
|
NEWS for the Nettle 3.3 release
This release fixes a couple of bugs, and improves resistance
to side-channel attacks on RSA and DSA private key operations.
Changes in behavoir:
* Invalid private RSA keys, with an even modulo, are now
rejected by rsa_private_key_prepare. (Earlier versions
allowed such keys, even if results of using them were bogus).
Nettle applications are required to call
rsa_private_key_prepare and check the return value, before
using any other RSA private key functions; failing to do so
may result in crashes for invalid private keys. As a
workaround for versions of Gnutls which don't use
rsa_private_key_prepare, additional checks for even moduli
are added to the rsa_*_tr functions which are used by all
recent versions of Gnutls.
* Ignore bit 255 of the x coordinate of the input point to
curve25519_mul, as required by RFC 7748. To differentiate at
compile time, curve25519.h defines the constant
NETTLE_CURVE25519_RFC7748.
Security:
* RSA and DSA now use side-channel silent modular
exponentiation, to defend against attacks on the private key
from evil processes sharing the same processor cache. This
attack scenario is of particular relevance when running an
HTTPS server on a virtual machine, where you don't know who
you share the cache hardware with.
(Private key operations on elliptic curves were already
side-channel silent).
Bug fixes:
* Fix sexp-conv crashes on invalid input. Reported by Hanno
Böck.
* Fix out-of-bounds read in des_weak_p. Fixed by Nikos
Mavrogiannopoulos.
* Fix a couple of formally undefined shift operations,
reported by Nikos Mavrogiannopoulos.
* Fix compilation with c89. Reported by Henrik Grubbström.
New features:
* New function memeql_sec, for side-channel silent comparison
of two memory areas.
Miscellaneous:
* Building the public key support of nettle now requires GMP
version 5.0 or later (unless --enable-mini-gmp is used).
* Filenames of windows DLL libraries now include major number
only. So the dll names change at the same time as the
corresponding soname on ELF platforms. Fixed by Nikos
Mavrogiannopoulos.
* Eliminate most pointer-signedness warnings. In the process,
the strings representing expression type for sexp_interator
functions were changed from const uint8_t * to const char *.
These functions are undocumented, and it doesn't change the
ABI on any platform I'm aware of.
The shared library names are libnettle.so.6.3 and
libhogweed.so.4.3, with sonames still libnettle.so.6 and
libhogweed.so.4. It is intended to be fully binary compatible
with nettle-3.1.
|
|
|
|
Changes in release 0.30.2:
* Add support for OpenSSL 1.1.x (Kurt Roeckx).
* Fix PKCS#11 support under GnuTLS 3.x.
- PKCS#11 API no longer supported with GnuTLS 2.x
|
|
|
|
- avformat/avidec: Check nb_streams in read_gab2_sub()
- avformat/avidec: Remove ancient assert
- avfilter/vf_colorspace: fix range for output colorspace option
- lavc/mediacodecdec_h264: fix SODB escaping
- avcodec/nvenc: fix const options for hevc gpu setting
- avformat/avidec: Fix memleak with dv in avi
- lavc/movtextdec.c: Avoid infinite loop on invalid data.
- avcodec/ansi: Check dimensions
- avcodec/cavsdsp: use av_clip_uint8() for idct
- avformat/movenc: Check packet in mov_write_single_packet() too
- avformat/movenc: Factor check_pkt() out
- avformat/utils: fix timebase error in avformat_seek_file()
- avcodec/g726: Add missing ADDB output mask
- avcodec/avpacket: clear side_data_elems
- avformat/movenc: Check first DTS similar to dts difference
- avcodec/ccaption_dec: Use simple array instead of AVBuffer
- avcodec/svq3: Reintroduce slice_type
- avformat/mov: Fix potential integer overflow in mov_read_keys
- swscale/swscale_unscaled: Try to fix Rgb16ToPlanarRgb16Wrapper() with slices
- swscale/swscale_unscaled: Fix packed_16bpc_bswap() with slices
- avformat/avidec: Fix infinite loop in avi_read_nikon()
- lavf/utils: Avoid an overflow for huge negative durations.
- avformat/hls: Fix handling of EXT-X-BYTERANGE streams over 2GB
- lavc/avpacket: Fix undefined behaviour, do not pass a null pointer to memcpy().
- lavc/mjpegdec: Do not skip reading quantization tables.
- cmdutils: fix implicit declaration of SetDllDirectory function
|
|
|
|
1.5.2 - 2016-09-26
~~~~~~~~~~~~~~~~~~
* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2j.
|
|
|
|
v28.1.0
-------
* #803: Bump certifi to 2016.9.26.
v28.0.0
-------
* #733: Do not search excluded directories for packages.
This introduced a backwards incompatible change in ``find_packages()``
so that ``find_packages(exclude=['foo']) == []``, excluding subpackages of ``foo``.
Previously, ``find_packages(exclude=['foo']) == ['foo.bar']``,
even though the parent ``foo`` package was excluded.
* #795: Bump certifi.
* #719: Suppress decoding errors and instead log a warning
when metadata cannot be decoded.
v27.3.1
-------
* #790: In MSVC monkeypatching, explicitly patch each
function by name in the target module instead of inferring
the module from the function's ``__module__``. Improves
compatibility with other packages that might have previously
patched distutils functions (i.e. NumPy).
v27.3.0
-------
* #794: In test command, add installed eggs to PYTHONPATH
when invoking tests so that subprocesses will also have the
dependencies available. Fixes `tox 330
<https://github.com/tox-dev/tox/issues/330>`_.
* #795: Update vendored pyparsing 2.1.9.
|
|
|
|
Version 0.13.1
==============
*released on 30 September 2016*
- Fix a bug that would completely break collection discovery.
Version 0.13.0
==============
*released on 29 September 2016*
- Python 2 is no longer supported at all. See :gh:`219`.
- Config sections are now checked for duplicate names. This also means that you
cannot have a storage section ``[storage foo]`` and a pair ``[pair foo]`` in
your config, they have to have different names. This is done such that
console output is always unambigous. See :gh:`459`.
- Custom commands can now be used for conflict resolution during sync. See
:gh:`127`.
- :storage:`http` now completely ignores UIDs. This avoids a lot of unnecessary
down- and uploads.
|
|
|
|
Patch #326 - 2016/09/25
updated appdata file (report by Richard Hughes).
improve discussion of the different terminal emulations provided by xterm in the manual page.
add examples of setting the icon title with/without the window title in the manual (Debian #833984).
correct a limit-check when using a numeric value for extended Booleans e.g., *fullscreen:3 rather than a name such as *fullscreen:never.
add action allow-bold-fonts
improved formatting fixes for manual page, using script to find mismatches in spelling of resources, actions and menu entries.
improve documentation of logging resources.
fix a special case of flickering cursor by adding GraphicsExpose to the list of event types that should not trigger making the mouse cursor visible (patch by Joe Peterson).
correct initialization of line-drawing in VT52-mode, overlooked in changes for patch #297 (report/patch by Ben Wiley Sittler).
minor clarification of form-feed versus line-feed in ctlseqs.ms (suggested by David Kemper).
amend fix for Debian #738794 to restore a check for missing characters which are not combining characters. Also fill in a corresponding special case for TrueType fonts (Debian #827905).
|
|
|
|
idea and mdc2 patents expired, so enable them by default.
rc5 looks like it might be expired as well, but I didn't find
anything relevant on that topic, so I left it alone.
Bump PKGREVISION.
|
|
See
https://opensource.org/licenses/sisslpl
|
|
|
|
Remove sun-iss-license, same license, but OSI is fine with it, so no
"-license" needed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
pdftotext output of PDF included in package, whitespace-edited and
page numbers and ^L removed.
|
|
|
|
|
|
https://opensource.org/licenses/IPL-1.0
|
|
v0.14.7
This is a minor release recommended for all users.
Improvements in this release include faster (i.e., less CPU intensive)
hashing on some Intel and ARM64 CPU:s, a more refined dark theme,
CORS headers in the API, and an updated set of default discovery
servers.
Resolved issues since v0.14.6:
#3596: Deadlock no longer occurs on device removal
|
|
|
|
|
|
The LICENSE tag is correct.
|
|
|
|
|
|
|
|
|
|
switch the use of nops (most likely used to eliminate hazards too) to
ehb/ssnop. nop doesn't eliminate hazards on a superscalar MIPS CPU.
probably helps the report of vague problems on loongson2f.
|
|
comment for the patch.
note: the choice of o32 for this package is questionable, and defaulting
to n32 on gcc/config.gcc instead is probably the right thing, this package
won't run on platforms that use o32, and the n32 linker can't handle the
o32 objects apparently - it dies with "not enough GOT space for local GOT
entries" (PR toolchain/51521).
defaulting to n32 will allow deleting this patch, but I won't make the
transition because I can't get further in the build and hit a compile
assertion about MTYPE not matching CEXT (double float in my case), similar
to GCC bug #20633.
|
|
fixes build for 32bit when passing USE_64 (which is questionable)...
in pkgsrc we declare all mips64* platforms as 64bit, and use USE_64.
However, netbsd/mips64 is using a 32bit ABI, so it is akin to passing
USE_64=1 for 32bit.
perhaps not declaring it a 64bit platform is correct, but this package
is one of the only few using this logic, and it's unfeasible to have
correct logic for 32bit/64bit.
this package has considerably more logic for USE_64 than for USE_NSS_64,
so to avoid inadvertent damage to other platforms, retain the USE_64=1
logic.
feel free to object to this option in the discussion on tech-pkg.
|
|
|
|
This is a regularly-scheduled bugfix release.
annotate: correct output in some merge cases (issue5360)
crecord: properly handle files with No newline at eof (issue5268)
grep: rewrite help to better document current (confusing) behavior
|
|
|
|
Asio 1.10.8
* Added compatibility with OpenSSL 1.1.0.
* Fixed out-of-bounds iterator use in `asio::connect()` when the
`connect_condition` returns an end iterator.
* Added a workaround for a move detection problem on MSVC 2015 Update 2.
* Changed a workaround that was previously added for broken Windows firewalls
to only bind to 127.0.0.1 if `getsockname` reports 0.0.0.0.
* Added call to `SSL_COMP_free_compression_methods` to fix two memory leaks
reported at shutdown, for OpenSSL versions >= 1.0.2 and < 1.1.0.
* Fixed `use_future` compile error encountered on some standard library
implementations, by changing `std::allocator<void>` use to a non-void
template parameter.
* Enabled use of native `getaddrinfo` by default on Apple OSes, rather than
emulation in terms of `getipnodebyname`.
Asio 1.10.7
* Added support for Windows 8.1 Store apps.
* Fixed macro multiple definition error on Microsoft Visual Studio 2015.
* Changed Asio's SSL wrapper to respect OpenSSL's `OPENSSL_NO_SSL3` feature
test `#define`.
* Changed Asio's SSL wrapper to use OpenSSL's new `SSL_CTX_clear_chain_certs`
function, if available.
* Suppressed a clang 3.6+ warning about unused typedefs.
* Regenerated certificates used by SSL examples.
* Fixed buffer sizes passed to `strncat` in the `getaddrinfo` emulation and in
the SSL wrapper's password handling.
* Changed Windows backend to use non-macro `CreateEventW` rather than
`CreateEvent`.
|
|
pass optimizing flags (like default netbsd setup), just act as if
we passed --disable-asm, as opposed to passing it for netbsd/arm.
- now other operating systems that don't optimize won't fail here.
- if someone does pass optimization, he benefits from it
- I don't have to define another case in the Makefile for MIPS
|
|
|
