| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Version 1.0.1 Release Notes
============================
**Version 1.0.1 is the last release that supports Python 3.5**. All newer version will
require 3.6+ so that we can use formatting-strings and rely on dictionaries being ordered.
New features:
- added thermal distribution model and lineshape
- introduced a new argument ``max_nfev`` to uniformly specify the maximum number of function evalutions
**Please note: all other arguments (e.g., ``maxfev``, ``maxiter``, ...) will no longer be passed to the underlying
solver. A warning will be emitted stating that one should use ``max_nfev``.**
- the attribute ``call_kws`` was added to the ``MinimizerResult`` class and contains the keyword arguments that are
supplied to the solver in SciPy.
Bug fixes:
- fixes to the ``load`` and ``__setstate__`` methods of the Parameter class
- fixed failure of ModelResult.dump() due to missing attributes
- ``guess_from_peak`` function now also works correctly with decreasing x-values or when using
pandas
- the ``Parameter.set()`` method now correctly first updates the boundaries and then the value
Various:
- fixed typo for the use of expressions in the documentation
- removal of PY2-compatibility and unused code and improved test coverage
- removed deprecated ``isParameter`` function and automatic conversion of an ``uncertainties`` object
- inaccurate FWHM calculations were removed from built-in models, others labeled as estimates
- corrected spelling mistake for the Doniach lineshape and model
- removed unsupported/untested code for IPython notebooks in lmfit/ui/*
|
|
6.2.1
Fixed ostream support in sprintf
Fixed type detection when using implicit conversion to string_view and ostream operator<< inconsistently
|
|
|
|
0.3.1:
Unknown changes
|
|
v4-3-2: Deprecation Warning Enhancement
v4-3-1: Fixing the issue with exclude_path and hash calculations when dictionaries were inside iterables. https://github.com/seperman/deepdiff/issues/174
v4-3-0: adding exclude_obj_callback
v4-2-0: .json property is finally removed. Fix for Py3.10. Dropping support for EOL Python 3.4. Ignoring private keys when calculating hashes. For example init is not a part of hash calculation anymore. Fix for 166 Problem with comparing lists, with an boolean as element.
v4-0-9: Fixing the bug for hashing custom unhashable objects
v4-0-8: Adding ignore_nan_inequality for float('nan')
|
|
|
|
1.2.1:
- Fix segfault in ``Object.raw_name`` when not reached through a tree
- Internal: Use @ffi.def_extern instead of @ffi.callback
- Internal: callbacks code refactored
- Test suite completely switched to pytest
- New unit tests
- Documentation changes
Deprecations:
- Deprecate ``Repository.create_remote(...)``, use instead
``Repository.remotes.create(...)``
- Deprecate ``GIT_CREDTYPE_XXX`` contants, use ``GIT_CREDENTIAL_XXX`` instead.
|
|
|
|
Update clamav to 0.102.3.
## 0.102.3
ClamAV 0.102.3 is a bug patch release to address the following issues.
- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that
could cause a Denial-of-Service (DoS) condition. Improper bounds checking of
an unsigned variable results in an out-of-bounds read which causes a crash.
Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ
parsing vulnerability.
- [CVE-2020-3341](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3341):
Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that
could cause a Denial-of-Service (DoS) condition. Improper size checking of
a buffer used to initialize AES decryption routines results in an out-of-
bounds read which may cause a crash. Bug found by OSS-Fuzz.
- Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.
- Fix a couple of minor memory leaks.
- Updated libclamunrar to UnRAR 5.9.2.
|
|
0.8.0:
Unknown changes
|
|
|
|
3.7.7.1:
Unknown changes
|
|
v0.12:
Bug Fixes
Fix the mutation API to maintain elements count correctly
|
|
databases/py-redis
|
|
3.5.1:
Fix for HSET argument validation to allow any non-None key.
|
|
2.0.35:
- python3.8 compat
- Remove use of deprecated splittype and splithost
|
|
1.4.3 (2020-02-02)
------------------
Security Fixes
~~~~~~~~~~~~~~
- In Waitress version 1.4.2 a new regular expression was added to validate the
headers that Waitress receives to make sure that it matches RFC7230.
Unfortunately the regular expression was written in a way that with invalid
input it leads to catastrophic backtracking which allows for a Denial of
Service and CPU usage going to a 100%.
This was reported by Fil Zembowicz to the Pylons Project. Please see
https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc
for more information.
1.4.2 (2020-01-02)
------------------
Security Fixes
~~~~~~~~~~~~~~
- This is a follow-up to the fix introduced in 1.4.1 to tighten up the way
Waitress strips whitespace from header values. This makes sure Waitress won't
accidentally treat non-printable characters as whitespace and lead to a
potental HTTP request smuggling/splitting security issue.
Thanks to ZeddYu Lu for the extra test cases.
Please see the security advisory for more information:
https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4
CVE-ID: CVE-2019-16789
Bugfixes
~~~~~~~~
- Updated the regex used to validate header-field content to match the errata
that was published for RFC7230.
See: https://www.rfc-editor.org/errata_search.php?rfc=7230&eid=4189
1.4.1 (2019-12-24)
------------------
Security Fixes
~~~~~~~~~~~~~~
- Waitress did not properly validate that the HTTP headers it received were
properly formed, thereby potentially allowing a front-end server to treat a
request different from Waitress. This could lead to HTTP request
smuggling/splitting.
Please see the security advisory for more information:
https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4
CVE-ID: CVE-2019-16789
1.4.0 (2019-12-20)
------------------
Bugfixes
~~~~~~~~
- Waitress used to slam the door shut on HTTP pipelined requests without
setting the ``Connection: close`` header as appropriate in the response. This
is of course not very friendly. Waitress now explicitly sets the header when
responding with an internally generated error such as 400 Bad Request or 500
Internal Server Error to notify the remote client that it will be closing the
connection after the response is sent.
- Waitress no longer allows any spaces to exist between the header field-name
and the colon. While waitress did not strip the space and thereby was not
vulnerable to any potential header field-name confusion, it should have sent
back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273
Security Fixes
~~~~~~~~~~~~~~
- Waitress implemented a "MAY" part of the RFC7230
(https://tools.ietf.org/html/rfc7230#section-3.5) which states:
Although the line terminator for the start-line and header fields is
the sequence CRLF, a recipient MAY recognize a single LF as a line
terminator and ignore any preceding CR.
Unfortunately if a front-end server does not parse header fields with an LF
the same way as it does those with a CRLF it can lead to the front-end and
the back-end server parsing the same HTTP message in two different ways. This
can lead to a potential for HTTP request smuggling/splitting whereby Waitress
may see two requests while the front-end server only sees a single HTTP
message.
For more information I can highly recommend the blog post by ZeddYu Lu
https://blog.zeddyu.info/2019/12/08/HTTP-Smuggling-en/
Please see the security advisory for more information:
https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p
CVE-ID: CVE-2019-16785
- Waitress used to treat LF the same as CRLF in ``Transfer-Encoding: chunked``
requests, while the maintainer doesn't believe this could lead to a security
issue, this is no longer supported and all chunks are now validated to be
properly framed with CRLF as required by RFC7230.
- Waitress now validates that the ``Transfer-Encoding`` header contains only
transfer codes that it is able to decode. At the moment that includes the
only valid header value being ``chunked``.
That means that if the following header is sent:
``Transfer-Encoding: gzip, chunked``
Waitress will send back a 501 Not Implemented with an error message stating
as such, as while Waitress supports ``chunked`` encoding it does not support
``gzip`` and it is unable to pass that to the underlying WSGI environment
correctly.
Waitress DOES NOT implement support for ``Transfer-Encoding: identity``
eventhough ``identity`` was valid in RFC2616, it was removed in RFC7230.
Please update your clients to remove the ``Transfer-Encoding`` header if the
only transfer coding is ``identity`` or update your client to use
``Transfer-Encoding: chunked`` instead of ``Transfer-Encoding: identity,
chunked``.
Please see the security advisory for more information:
https://github.com/Pylons/waitress/security/advisories/GHSA-g2xc-35jw-c63p
CVE-ID: CVE-2019-16786
- While validating the ``Transfer-Encoding`` header, Waitress now properly
handles line-folded ``Transfer-Encoding`` headers or those that contain
multiple comma seperated values. This closes a potential issue where a
front-end server may treat the request as being a chunked request (and thus
ignoring the Content-Length) and Waitress using the Content-Length as it was
looking for the single value ``chunked`` and did not support comma seperated
values.
- Waitress used to explicitly set the Content-Length header to 0 if it was
unable to parse it as an integer (for example if the Content-Length header
was sent twice (and thus folded together), or was invalid) thereby allowing
for a potential request to be split and treated as two requests by HTTP
pipelining support in Waitress. If Waitress is now unable to parse the
Content-Length header, a 400 Bad Request is sent back to the client.
Please see the security advisory for more information:
https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6
|
|
1.8.0
* Remove requests 2.3 compatibility code
* Add release notes for reset function
* Add release note for session scoped mock
* Allow passing session as postiional argument
* Create bound method instead of a wrapper
* Added reset\_mock to \_RequestHistoryTracker and Adapter
* doc on session Mockers
* doc on nesting Mockers
* fix README.rst typo
* suggest Mocker for users unfamiliar with adapters
* update examples to mount adapter on 'mock://'
* fix global/session mock interactions and real\_http
* Added installation instructions
* Add release note for nested mocking
* fix redirects and mock nesting
* Mark IOReader object closed when using a stream
* Add the default response reason if not set
* Don't check that proxies are set in test
* Add StackOverflow tag to README
* Mention pytest fixture on the README
* Add background information to pytest doc
* docs: update examples to match Read the Docs
* Expose real\_http as a public property
* fix py27 error
* easier session scoped mock
|
|
Fix changing permission of files.
|
|
|
|
|
|
|
|
|
|
|
|
The second patch silence a warning on NetBSD.
|
|
|
|
upstream changes:
-----------------
2020-04-04 Florian Schlichting <fsfs@debian.org>
* LSID logins were removed from AWL, drop related bits in davical
2019-12-06 Florian Schlichting <fsfs@debian.org>
* use foreach() instead of deprecated each() (fixes #190)
* HTTP_REFERER will usually be unset for caldav requests, prevent "Undefined index" warnings
|
|
|
|
|
|
2020-03-23 Jean Delvare <jdelvare@suse.de>
Print type 33 name unconditionally.
Even if a type 33 structure is too short, we can still display its
type name as we do for all other structure types.
2020-03-23 Jean Delvare <jdelvare@suse.de>
Don't choke on invalid processor voltage.
If the processor voltage encoding has some of the reserved bits set
and none of the proper bits set, print it as "Unknown" instead of an
empty field.
2020-03-23 Jean Delvare <jdelvare@suse.de>
Fix the alignment of type 25 name.
No tabulation needed before DMI structure names.
|
|
|
|
None of the mentioned files actually exists.
|
|
|
|
|
|
1.8.3:
Bug Fixes
downgrade repetitive logging calls to debug
|
|
|
|
== 20200508 Release ==
-- Updates upon 20191115 release --
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
---- updated platforms ------------------------------------
ICL-U/Y D1 6-7e-5/80 00000046->00000078 Core Gen10 Mobile
---- removed platforms ------------------------------------
|
|
|
|
0.10.0
Python 2.6 and 3.3 have reached end-of-life and have been deprecated.
Fix race condition when clearing cached parsed expressions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The DVIPS= appears once with quotes and once without.
|
