| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Do not install legacy headers any longer. The modular-xorg meta package
builds without them now.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Bump version
|
|
The X server stopped supporting this a long time ago.
|
|
|
|
The X server stopped supporting this extension a long time ago.
Bump version.
|
|
It is optional, and the X server stopped supporting the extension
a long time ago.
Bump PKGREVISION.
|
|
|
|
0.7.1:
Fix: calling `setUp` and `tearDown` in parameterized classes
|
|
v2.5:
Fix to sanitize abbreviated months from icu
typo in RU locale in abbreviation for January
Fix lint errors for flake8 v3.5.0
Add a constant for start hour
Add 'secs' and 'mins' into base units
Remove unused dependency on future
|
|
|
|
1.31.0
* Add Python 3 Train unit tests
* Add local bindep.txt
* Cap Bandit below 1.6.0 and update Sphinx requirement
* update git.openstack.org to opendev
* OpenDev Migration Patch
* Dropping the py35 testing
* Update master for stable/stein
* Delete repeated param description
* add python 3.7 unit test job
1.30.1
* Use template for lower-constraints
* Change openstack-dev to openstack-discuss
1.30.0
* Update sphinx logging to not use app object
* Removed older version of python added 3.5
* Update doc/conf.py to avoid warnings with sphinx 1.8
* add lib-forward-testing-python3 test job
* fix wrong link
* add python 3.6 unit test job
* import zuul job settings from project-config
* Update reno for stable/rocky
1.29.0
* Remove unnecessary py27 testenv
* Switch to stestr
* fix tox python3 overrides
* Trivial: Update pypi url to new url
* Trivial: Update pypi url to new url
* set default python to python3
* add lower-constraints job
* Updated from global requirements
* Update links in README
* Update reno for stable/queens
* Updated from global requirements
* Updated from global requirements
* Follow the new PTI for document build
1.28.0
* Updated from global requirements
* Remove -U from pip install
* Avoid tox\_install.sh for constraints support
* add bandit to pep8 job
* move doc requirements to doc/requirements.txt
* Remove setting of version/release from releasenotes
* Updated from global requirements
|
|
3.9.4:
Resolved issues
* Prevent ``key_to_english`` from creating invalid data when fed with
keys of length not multiple of 8.
* Fix blocking RSA signing/decryption when key has very small factor.
|
|
|
|
|
|
|
|
|
|
|
|
ArviZ (pronounced "AR-vees") is a Python package for exploratory
analysis of Bayesian models. Includes functions for posterior
analysis, model checking, comparison and diagnostics.
|
|
Switch to use ".tar.xz" distfiles instead of ".tar.bz2".
No functional change.
|
|
|
|
Unused in pkgsrc, and the server side support code was removed 11 years
ago.
|
|
Not used by anything in pkgsrc, server side support was removed
11 years ago.
Bump version.
|
|
xdpyinfo compiles without it, and the server side support code was
removed 11 years ago.
Bump PKGREVISION.
|
|
xscreensaver compiles without it, and the server side support code was
removed 11 years ago.
Bump PKGREVISION.
|
|
xset compiles without it, and the server side support code was
removed 11 years ago.
Bump PKGREVISION.
|
|
The cmake script checks for it, but it's not actually used anywhere.
Bump PKGREVISION.
|
|
The configure script checks for it, but it's not actually used anywhere
Bump PKGREVISION.
|
|
It is not actually used. Bump PKGREVISION.
|
|
|
|
1.19.1:
Computes the --modules-folder & friends paths based on the cwd.
Stores the sha512 in the cache even when not provided by the server.
Uses the right Node binary when using yarn-path.
1.19.0:
Fixes a potential vulnerability regarding how the build artifacts are stored
1.18.0:
Suggests using the Yarn 2 development trunk on PnP-enabled projects
Preserves linked packages when calling yarn create
Fixes the offline mirror filenames when using Verdaccio
Fixes using link:. to refer to the package folder
Runs the prepare lifecycle of git dependencies even if NODE_ENV is set to production.
Fixes the postversion lifecycle method not being called when using --no-git-tag-version.
Ignores potentially large vscode keys in package.json to avoid E2BIG errors.
Enforces https for the Yarn and npm registries.
Adds support for reading yarnPath from v2-produced .yarnrc.yml files.
|
|
v6.13.1:
fix(fund): support funding string shorthand
should not publish tap-snapshot folder
Add preliminary WSL support for npm and npx
print quick audit report for human output
v6.13.0:
add fund command
delete ps1 files on package removal
update supported node list to remove v6.0, v6.1, v9.0 - v9.2
v6.12.1:
add node v13 as a supported version
Fix regression in lockfile repair for sub-deps
resolve circular dependency in pack.js
v6.12.0:
Now npm ci runs prepare scripts for git dependencies, and respects the --no-optional argument. Warnings for engine mismatches are printed again. Various other fixes and cleanups.
|
|
Add patches to xymon from the xymon code repository to fix compatibility
issues in 4.3.29.
Upstream changelog:
Changes for 4.3.29
==================
Several buffer overflow security issues have been resolved, as well as
a potential XSS attack on certain CGI interfaces. Although the ability
to exploit is limited, all users are urged to upgrade.
The assigned CVE numbers are:
CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486
In addition, revisions have been made to a number of places throughout
the code to convert the most common sprintf statements to snprintf for
safer processing, which should reduce the impact of similar parsing.
Additional work on this will continue in the future.
The affected CGIs are:
history.c (overflow of histlogfn) = CVE-2019-13451
reportlog.c (overflow of histlogfn) = CVE-2019-13452
csvinfo.c (overflow of dbfn) = CVE-2019-13273
csvinfo.c (reflected XSS) = CVE-2019-13274
acknowledge.c (overflow of msgline) = CVE-2019-13455
appfeed.c (overflow of errtxt) = CVE-2019-13484
history.c (overflow of selfurl) = CVE-2019-13485
svcstatus.c (overflow of errtxt) = CVE-2019-13486
We would like to thank the University of Cambridge Computer Security
Incident Response Team for their assistance in reporting and helping
resolve these issues.
Additional Changes:
On Linux, a few additional tmpfs volumes are ignored by default
on new (or unmodified) installs. This includes /run/user/<uid>,
which is a transient, per-session tmpfs on some systems. To re-
enable monitoring for this (if you are running services under
a user with a login session), you may need to edit the analysis.cfg(5)
file.
After upgrade, these partitions will no longer be alerted on or
tracked, and their associated RRD files may also be removed:
/run/user/<uid> (but NOT /run)
/dev (but NOT /dev/shm)
/sys/fs/cgroup
/lib/init/rw
The default hard limit for an incoming message has been raised from
10MB to 64MB
The secure apache config snippet no longer requires a xymongroups file
to be present (and module loaded), since it's not used by default. This
will not affect existing installs.
A --no-cpu-listing option has been added to xymond_client to suppress the
'top' output in cpu test status messages.
The conversation used in SMTP checks has been adjusted to perform a proper
"EHLO" greeting against servers, using the host string 'xymonnet'. If the
string needs to be adjusted, however, see protocols.cfg(5)
"Actual" memory usage (as a percentage) may be >100% on some platforms
in certain situations. This alone will not be tagged as "invalid" data
and should be graphed in RRD.
|
|
|
|
|
|
|
|
+ ImageMagick-7.0.9.5, calibre-4.4, cbindgen-0.10.0, glib2-2.62.3,
libffi-3.3, libntlm-1.5, modular-xorg-server-1.20.6, pcre2-10.34,
py-parsedatetime-2.5, py-setuptools-42.0.0, tigervnc-1.10.0,
x264-devel-20191123.
|
|
|
|
Version 8.16.2 'Carbon' (LTS):
Notable changes
deps: upgrade openssl sources to 1.0.2s
Version 8.16.1 'Carbon' (LTS):
Notable changes
This is a security release.
Node.js, as well as many other implementations of HTTP/2, have been found
vulnerable to Denial of Service attacks.
See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for more information.
Vulnerabilities fixed:
CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
CVE-2019-9513 “Resource Loop”: The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
CVE-2019-9515 “Settings Flood”: The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.
CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU, potentially leading to a denial of service.
Version 8.16.0 'Carbon' (LTS):
Notable Changes
n-api:
add API for asynchronous functions
mark thread-safe function as stable
|
|
Version 10.17.0 'Dubnium' (LTS):
Notable changes
crypto:
- add support for chacha20-poly1305 for AEAD
- increase maxmem range from 32 to 53 bits
deps:
- update npm to 6.11.3
- upgrade openssl sources to 1.1.1d
dns: remove dns.promises experimental warning
fs: remove experimental warning for fs.promises
http: makes response.writeHead return the response
http2: makes response.writeHead return the response
n-api:
- make func argument of napi_create_threadsafe_function optional
- mark version 5 N-APIs as stable
- implement date object
process: add --unhandled-rejections flag
stream:
- implement Readable.from async iterator utility
- make Symbol.asyncIterator support stable
|
|
|
|
|
|
|
