| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Note upstream's unusual stance on people building from the repo.
|
|
|
|
Python 3.7.10
Security
bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator.
bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values.
bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
bpo-42051: The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. This should not affect users as entity declarations are not used in regular plist files.
bpo-40791: Add volatile to the accumulator variable in hmac.compare_digest, making constant-time-defeating optimizations less likely.
Library
bpo-42103: InvalidFileException and RecursionError are now the only errors caused by loading malformed binary Plist file (previously ValueError and TypeError could be raised in some specific cases).
bpo-41976: Fixed a bug that was causing ctypes.util.find_library() to return None when triying to locate a library in an environment when gcc>=9 is available and ldconfig is not. Patch by Pablo Galindo
Documentation
bpo-17140: Add documentation for the multiprocessing.pool.ThreadPool class.
Tests
bpo-42794: Update test_nntplib to use offical group name of news.aioe.org for testing. Patch by Dong-hee Na.
bpo-41944: Tests for CJK codecs no longer call eval() on content received via HTTP.
|
|
Python 3.6.13 final
Security
bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator.
bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values.
bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
bpo-42051: The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. This should not affect users as entity declarations are not used in regular plist files.
bpo-40791: Add volatile to the accumulator variable in hmac.compare_digest, making constant-time-defeating optimizations less likely.
Core and Builtins
bpo-35560: Fix an assertion error in format() in debug build for floating point formatting with “n” format, zero padding and small width. Release build is not impacted. Patch by Karthikeyan Singaravelan.
Library
bpo-42103: InvalidFileException and RecursionError are now the only errors caused by loading malformed binary Plist file (previously ValueError and TypeError could be raised in some specific cases).
Tests
bpo-42794: Update test_nntplib to use offical group name of news.aioe.org for testing. Patch by Dong-hee Na.
bpo-41944: Tests for CJK codecs no longer call eval() on content received via HTTP.
|
|
|
|
1.9.1: Ludovic Rousseau
16 February 2021
- Do not (possibly) lock a reader if allocating hCard fails
- Fix a hang in SCardTransmit()
- Do not report an error if the wrong interface is used by the driver
- Update reader state when a card is removed during an exchange
- readerfactory: Make sure a freed Reader Context is not accessed
- PHSetProtocol(): supports T=0&1 cards on T=0 reader
- hotplug-libusb:
. support CCIDCLASSDRIVER
. add interface name to reader name
. remove obsolete libhal scheme
- Some other minor improvements
|
|
security/py-google-auth
|
|
1.26.1
Documentation
fix a typo in the user guide (avaiable -> available)
Bug Fixes
revert workload identity federation support
1.26.0
Features
workload identity federation support
|
|
Version 20.12.2
Dependencies
Fix uvloop to 0.14 because 0.15 drops Python 3.6 support
Remove old chardet requirement, add in hard multidict requirement
|
|
2.1.3
* I `blue <https://blue.readthedocs.io/en/latest/>`_ it!
|
|
Version 4.7.1
Fix threading issue introduced in 4.7
|
|
|
|
2021-02-13 Paul Hardy <unifoundry@unifoundry.com>
* 210205_Unifoundry_Memorandum.pdf: added legal memorandum.
* font/Makefile:
- Updated copyright for 2021.
- Changed unifontpic input to Unifont sample set glyphs.
* font/plane00csur/
- plane00csur-spaces.hex: Added U+0020 space glyph.
- plane00csur.hex: Fixed U+EB63 (Savannah bug 59763).
* font/ttfsrc/Makefile: updated copyright for 2021.
|
|
|
|
|
|
WABT (we pronounce it "wabbit") is a suite of tools for WebAssembly.
These tools are intended for use in (or for development of) toolchains
or other systems that want to manipulate WebAssembly files. Unlike
the WebAssembly spec interpreter (which is written to be as simple,
declarative and "speccy" as possible), they are written in C/C++
and designed for easier integration into other systems. Unlike
Binaryen these tools do not aim to provide an optimization platform
or a higher-level compiler target; instead they aim for full fidelity
and compliance with the spec (e.g. 1:1 round-trips with no changes
to instructions).
|
|
|
|
|
|
|
|
- Bugfixes.
- Handshake timeout now also works with the libtls backend.
- The SNI server name is now exported after the handshake in the
SSL_TLS_SNI_SERVERNAME variable.
|
|
|
|
- Bugfixes.
|
|
|
|
- By default, if now propagates its child exit code when it exits.
- backtick now propagates failure by default; its options have slightly
different semantics (-i becomes default, new -x introduced).
pkgsrc changes:
- Add manual pages by flexibeast.
|
|
|
|
- Bugfixes.
|
|
|
|
|
|
SQL Relay 1.8.0
This release mainly lays the groundwork for some future features, including a generic import/export framework. Some notable progress was also made on the JDBC driver, though it's still not finished. The most significant (finshed) new feature is an aes128 password encryption module.
There are some bugfixes as well. A long-standing issue with postgresql that could cause results from multiple open cursors to get confused has been resolved. A subtle error that could cause counting of bind variables on the client-side to hang has been fixed. A long-standing, but apparently obscure, issue that could cause tables from other MySQL schemas to be included in a "show tables" command has been fixed. As well as various other issues.
Full ChangeLog follows:
unattended tests
added sqlrresultsetdomnode class to c++ client API
fixed datedelimiters parameter
added support for SQLParamOptions with SQLUINTEGER arguments
sqlr-import detects uppercase .CSV suffix now
fixed a csv number-detection but in sqlr-import
fixed a delete[] of a const in sqlr-import
it's possible to specify a commitcount of 0 with sqlr-import now
moved sqlrimportxml/csv classes into libsqlrclient
moved sqlrexportxml/csv classes into libsqlrclient
csv import/export is consistent now
added some event methods to sqlrexport
migrated parsedatetime functions to rudiments datetime class
different postgresql cursors use different stmtNames now
sqlrimportcsv can create a primary key that's not in the CSV now
sqlrexportcsv quotes 12+ digit numbers now
fixed subtle, count-related issues when validating bind variables on the client side, that could cause a hang
added an aes128 pwdenc module
applied a patch to fix a crash in the debug logger (missing "%s")
added a tweak to getsitearchdir.rb to fix incorrect lib/lib64 reporting on some centos x64 systems
fixed mysql getColumnList to distinquish proper db/schema
SQL Relay 1.7.0
This release adds 2 significant features: support for the PostgreSQL client-server protocol, and a "replay" module to help automatically recover from deadlocks and lock-timeouts, but also has the usual assortment of minor bugfixes and internal changes.
Full ChangeLog follows:
added postgresql protocol module
updated postgresql connection module to get column info pre-execute
fixed postgresql connection module type oid bug
added tag filter/moduledata
added moduledata(s)::closeResultSet()/endTransaction()/endSession()
mysql protocol returns empty lobs correctly now (not as nulls)
configure replaces -lfbclient with -lgds on freebsd/firebird-2.0.3
fixed a bug that could cause sqlr-stop to try to kill pid 0
fixed unixodbc detection on solaris 11.4
added configure test for PQdescribePrepared
test improvements
documentation improvements
split sqlrelay-crash directive into its own module
deprecated drop-in replacement libraries in favor of protocol support
fixed various mysql 4.x bugs
sqlr-status creates statistics on heap now instead of stack, to work on platforms with a small default ulimit stack
mysql stored procedure test is bypassed for older mysql
tls test is bypassed for older openssl
added NULL handoff socket workaround
improved shutdown/crash handlers for sqlr-listener/connection
fixed hang when more-than-one address was specified in the instance:addresses attribute
*_null used instead of *_unset on PHP 7.4
SQL Relay 1.6.0
This release mainly addresses some recently discovered regressions, but also adds some internal features that required the minor version to be bumped.
ChangeLog follows:
added begin, commit, rollback events
fixed array_init() calls for php-7.3
integrated my_bool fix for mysql 8.0.1+
mysql sslmode=require/prefer + bad sslca/sslcapath generates warning rather than error now (like the mysql cli)
refactored various routines that parse bind variables out of queries
added bindvariabledelimiters config option to define supported bind variable delimiters
added fakeinputbindvariablesunicodestrings config option
added bind variable delimiters config methods to c++ api
replay trigger can now run a query (eg. "show engine innodb status") and log the reslits to a file when a replay condition occurs
replay trigger doesn't log/replay selects by defalit now (but this is configurable)
updated normalize translation to support queries containing binary data
fixed a backslash-escape bug in the normalize translation
refactored some sqlrclient api private methods
refactored various bind-manipliation/detection methods
sqlr-listener creates tmpdir now on start, if it doesn't exist (because this is often in /run, which is often a tmpfs)
postgresql connection modlie forces re-fetch of column data after execute now
everything uses charstring::isYes/isNo now, instead of direct comparisons against "yes" or "no"
fixed subtle sqlexecdirect bug
fixed subtle sqlserver max-varchar bind length bug
fixed various subtle sqlserver bugs where column-info isn't valid until after execute
odbc connection modlie sets column precision = column length if column precision = -1
when using odbc on front and back end, the object type works in SQLTables now
reslit set translations work with "show databases/tables/etc." queries with an ODBC backend now
increased oid buffer sizes in postgresql connection
fixed typemangling->tablemangling typo in postgresql connection - tablemangling sholid work without typemangling now
fixed a '...\\''...' parsing bug
non-odbc connection modlies now return odbc-compatible(ish) table lists
client info is no longer reset during endSession
fixed a bug that colid cause sqlite "show tables like '...'" to crash
fixed odbc unicode nlil user/password bug
fixed PyString_AsString for python 3.<3
fixed bug that caused some MSSQL lobs to sometimes be returned as nlils when using ODBC on the backend
fixed bug that caused some MSSQL date fields to get returned as garbage
fixed a few older sqlrclient compatibility bugs
fixed SQLFetch parameter type mismatch in ODBC api
removed a non-c++17-compliant "register" from custom_nw logger
added support for nodejs 12
SQLDriverConnect can take an inline DSN now
fixed odbc maxcolumncount=-1 crash
odbc, db2, and informix set bind format error now
|
|
Rudiments 1.3.1
This patch release fixes a bug in the rpm spec file and a missing library dependency in the link command for librudiments-apache.
Rudiments 1.3.0
This release mainly featured integration of code from other projects. The remnants of the old firstworks project "stencil" have been merged in, as well as some MVC base classes from other projects. Some date-time parsing code from SQL Relay has been pushed down into the datetime class.
There are some new features as well - most notably an encryption framework and aes128 class. There are also sax/dom parsers for CSV, ini, and java-style properties files as well, similar to the xml/json sax/dom classes.
The logger classes have been refactored a bit, in back-incompatible ways. Thus the minor version bump.
Full ChangeLog follows:
unattended tests
added support for escaping single/double-quotes to templateengine
migrated in clasess from stencil project
added librudiments-apache
added \r\n support when parsing CSVs
integrated MVC base classes from other projects
added inisax/inidom and propsax/propdom classes
added cronschedule class
added logger start/end methods
logger string-write works like printf now
logger indent uses uint32_t now
removed some unused logger::write() methods
added a log level to the logger class
process::spawn()'s forked child exits if exec() fails now
charstring::replace() methods are null-safe now
migrated datetime::parse() and datetime::formatAs() from sqlrelay
csvsax accepts empty (or all whitespace) files now
logger::write() is null-safe now
base64encode is whitespace-safe now
added support for 5-part dates and day-month-year 4-part dates
added datetime::getWeekOfYear
added file::extension
added directory::createTemporaryDirectory
added directory::removeTree
added encryption interface
added aes128 encryption
added charstring::startsWith/endsWith
Rudiments 1.2.2
This is a minor bug-fix release. ChangeLog follows:
fixed another long-standing charstring::httpEscape bug
-Wno-deprecated-declarations is now included if possible
added configure tests for RB_HALT/AUTOBOOT (enums on solaris 11.4)
certificate tests use sha1 if sha256 is unavailable
filedescriptor::pvt->_lstnr is initialzed to NULL in clone operation now
listener::listen() safely handles non pollin/out events now
removed waitForChildren() from shutdown/crash handlers
sigsuspend() fails if errno!=EINTR now instead of whether it returns -1
filtered out -Wl,-Bsymbolic-functions -Wl,-z,relro from krb5-config
Rudiments 1.2.1
This is a minor bug-fix release. ChangeLog follows:
charstring::isYes includes "on" and charstring::isNo includes "off"
tabs are url-encoded correctly now
"unsafe" characters are url-encoded now
httpEscape uses character::isAlphanumeric now (to improve perforamnce)
some file-descriptor-passing tweaks for modern FreeBSD
fixed some json parsing bugs
updated default_md=sha256 in ca.cnf to generate ca.pem in tests
fixed a possible double-free in listener::cleanUp
Rudiments 1.2.0
This release adds a few minor features, and fixes a few minor bugs...
The jsonsax/dom classes handle escaping correctly now.
The url class features a getError() method which returns more detailed error information than the error class. For example, if there's a protocol error, as opposed to an operating-system-level error, then url::getError() returns it.
A sha256 class has been added. The sha1, sha256, and md5 classes now prefer to use libcrypto implementations, if they are available, as they might be hardware accelerated, but fall back to internal implementations if they are not available.
hash::getHash() returns binary data now, for all hashes. Previously sha1/256 returned binary data and md5 returned a string.
charstring::hexEncode()/hexDecode(), and charstring::before()/between()/after() methods have been added to the charstring class.
The url class now supports setting the user agent and other headers for http urls. It also supports making http POST requests.
The various container classes (linkedlist, avltree, dictionary, etc.) all support remove/clearAnd(Array)Delete methods. The removeAnd(Array)Delete methods remove the node from the container and delete the value stored in the node as well. The clearAnd(Array)Delete methods operate similarly, removing all nodes.
|
|
|
|
Changes:
new extensions and minor bug fixes
|
|
|
|
Release notes:
https://github.com/get-iplayer/get_iplayer/wiki/release320to329#release327
|
|
|
|
bitlbee-facebook-1.2.2 (2021-02-13):
- Fix id assertion in fb_api_cb_publish_mst()
- Increase sync_interval from 5 to 1440 ("The action attempted has been
deemed abusive or is otherwise disallowed")
- Bump the FB_ORCA_AGENT version once again
|
|
Using setusercontext(3) makes per-user tmp work. Fixes PR 55765.
|
|
Redo v. 1.14: might as well make it explicitly accept anything, for
clarity.
|
|
print/tex-pslatex went from version 2009 to version 1.3, so adjust
accordingly. (This new pattern will accept the old versioning, but
the change log suggests that's viable.)
|
|
the MIPSSIM target machine. Its only supported in NetBSD-current as of today
15 feb 2021. Other OSs or earlier versions of NetBSD are not affected.
|
|
development purposes.
|
|
|
|
version 1.2.0
* API changes:
- libwebp:
encode.h: add a qmin / qmax range for quality factor (cwebp adds -qrange)
* lossless encoder improvements
* SIMD support for Wasm builds
* add xcframeworkbuild.sh, supports Mac Catalyst builds
* import fuzzers from oss-fuzz & chromium
* webpmux: add an '-set loop <value>' option
* toolchain updates and bug fixes
|
|
v0.15
New Features
Add support for Python 3.10 and more tests
Make __repr__ more similar to other mapping types
Misc
Minor docs and CI fixes
|
|
|
|
v0.15.1
Bug Fixes
Fix a segfault issue when a Cython protocol is de-referencing itself from Context.run() callbacks
|
|
3.19.5
When IOS_INSTALL_COMBINED is enabled and the Xcode generator is used, it is now possible to initiate an install or package creation by running cmake --install or cpack from the command line. When using the Xcode new build system, these are the only supported methods due to a limitation of Xcode. Initiating these operations by building the install or package targets in Xcode is only supported when using the legacy build system.
The framework handling introduced in 3.19.0 as part of supporting Xcode’s Link Binaries With Libraries build phase broke the ability to switch between device and simulator builds without reconfiguring. That capability has now been restored.
|
|
|
|
Changes in version 0.4.5.6 - 2021-02-15
The Tor 0.4.5.x release series is dedicated to the memory of Karsten
Loesing (1979-2020), Tor developer, cypherpunk, husband, and father.
Karsten is best known for creating the Tor metrics portal and leading
the metrics team, but he was involved in Tor from the early days. For
example, while he was still a student he invented and implemented the
v2 onion service directory design, and he also served as an ambassador
to the many German researchers working in the anonymity field. We
loved him and respected him for his patience, his consistency, and his
welcoming approach to growing our community.
This release series introduces significant improvements in relay IPv6
address discovery, a new "MetricsPort" mechanism for relay operators
to measure performance, LTTng support, build system improvements to
help when using Tor as a static library, and significant bugfixes
related to Windows relay performance. It also includes numerous
smaller features and bugfixes.
|
|
|
