| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
5.26.2:
Security
[CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)
A crafted regular expression could cause a heap buffer write overflow, with control over the bytes written.
[CVE-2018-6798] Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)
Matching a crafted locale dependent regular expression could cause a heap buffer read overflow and potentially information disclosure.
[CVE-2018-6913] heap-buffer-overflow in S_pack_rec
pack() could cause a heap buffer write overflow with a large item count.
Assertion failure in Perl__core_swash_init (utf8.c)
Control characters in a supposed Unicode property name could cause perl to crash. This has been fixed.
Updated Modules and Pragmata
Module::CoreList has been upgraded from version 5.20170922_26 to 5.20180414_26.
PerlIO::via has been upgraded from version 0.16 to 0.17.
Term::ReadLine has been upgraded from version 1.16 to 1.17.
Unicode::UCD has been upgraded from version 0.68 to 0.69.
Selected Bug Fixes
The readpipe() built-in function now checks at compile time that it has only one parameter expression, and puts it in scalar context, thus ensuring that it doesn't corrupt the stack at runtime.
Fixed a use after free bug in pp_list introduced in Perl 5.27.1.
Parsing a sub definition could cause a use after free if the sub keyword was followed by whitespace including newlines (and comments).
The tokenizer now correctly adjusts a parse pointer when skipping whitespace in an ${identifier} construct.
Accesses to ${^LAST_FH} no longer assert after using any of a variety of I/O operations on a non-glob.
sort now performs correct reference counting when aliasing $a and $b, thus avoiding premature destruction and leakage of scalars if they are re-aliased during execution of the sort comparator.
Some convoluted kinds of regexp no longer cause an arithmetic overflow when compiled.
Fixed a duplicate symbol failure with -flto -mieee-fp builds. pp.c defined _LIB_VERSION which -lieee already defines.
A NULL pointer dereference in the S_regmatch() function has been fixed.
Failures while compiling code within other constructs, such as with string interpolation and the right part of s///e now cause compilation to abort earlier.
|
|
0.33.2:
Added support for universal wheels.
Fixed usage of template0 and template1 with postgres database functions.
|
|
SQLAlchemy release 1.2.7:
Release 1.2.7 includes some dialect-specific fixes as well as a small number of SQL and ORM related fixes.
|
|
1.841 2 Apr 2018
* #124944 allow ppport.h-less builds in core
|
|
- Added support for SQLite's new ON CONFLICT clause, which is modelled
on the syntax used by Postgresql and will be available in SQLite
3.24.0 and onward.
- Added better support for using common table expressions and a
cleaner way of implementing recursive CTEs, both of which are also
tested with integration tests (as opposed to just checking the
generated SQL).
- Modernized the CI environment to utilize the latest MariaDB
features, so we can test window functions and CTEs with MySQL (when
available).
- Reorganized and unified the feature-flags in the test suite.
|
|
- Added ValuesList for representing values lists.
- DateTimeField, DateField and TimeField will parse formatted-string
before sending to the database. Previously this only occurred when
reading values from the database.
|
|
|
|
|
|
|
|
- Smarter handling of model-graph when dealing with compound queries
(union, intersect, etc).
- If the same column-name is selected multiple times, first value
wins.
- If ModelSelect.switch() is called without any arguments, default to
the query's model.
- Fix issue where cloning a ModelSelect query did not result in the
joins being cloned.
|
|
=== Bug fixes
Engine::
- Harden periodically check to avoid endless flush loop
Ingest::
- Don't allow referencing the pattern bank name in the pattern bank
Java High Level REST Client::
- Bulk processor#awaitClose to close scheduler
Java Low Level REST Client::
- REST client: hosts marked dead for the first time should not be
immediately retried
Network::
- Cross-cluster search and default connections can get crossed
Percolator::
- Fixed bug when non percolator docs end up in the search hits
- Fixed a msm accounting error that can occur during analyzing a
percolator query
- Fix more query extraction bugs.
- Fix some query extraction bugs.
Plugins::
- Plugins: Fix native controller confirmation for non-meta plugin
Search::
- Propagate ignore_unmapped to inner_hits
Settings::
- Archive unknown or invalid settings on updates
|
|
3.14.0
======
Features
--------
- Add one() function to the ResultSet API
- Create an utility function to fetch concurrently many keys from the
same replica
- Allow filter queries with fields that have an index managed outside
of cqlengine
- Twisted SSL Support
- Support IS NOT NULL operator in cqlengine
Other
-----
- Fix Broken Links in Docs
- Reevaluate MONKEY_PATCH_LOOP in test codebase
- Remove CASS_SERVER_VERSION and replace it for CASSANDRA_VERSION in
tests
- Refactor CASSANDRA_VERSION to a some kind of version object
- Log warning when driver configures an authenticator, but server does
not request authentication
- Warn users when using the deprecated
Session.default_consistency_level
- Add DSE smoke test to OSS driver tests
- Document long compilation times and workarounds
- Improve error for batch WriteTimeouts
- Deprecate ResultSet indexing
3.13.0
======
Features
--------
- cqlengine: LIKE filter operator
- Support cassandra.query.BatchType with cqlengine BatchQuery
Bug Fixes
---------
- AttributeError: 'NoneType' object has no attribute 'add_timer'
- Support retry_policy in PreparedStatement
- __del__ method in Session is throwing an exception
- LZ4 import issue with recent versions
- ResponseFuture._connection can be None when returning request_id
- ResultSet.was_applied doesn't support batch with LWT statements
Other
-----
- cqlengine: avoid warning when unregistering connection on shutdown
- Fix DeprecationWarning of log.warn
- Fix example_mapper.py for python3
- Possible deadlock on cassandra.concurrent.execute_concurrent
- Add some known deprecated warnings for 4.x
- Remove copyright dates from copyright notices
- Remove "Experimental" tag from execution profiles documentation
- request_timer metrics descriptions are slightly incorrect
- Remove "Experimental" tag from cqlengine connections documentation
- Set in documentation default consistency for operations is LOCAL_ONE
|
|
4.2.0:
Publish py.typed flag for type hinting analyzers (mypy etc).
|
|
2.5:
- abstract layer now handles auxiliary classes
- pwdLAstSet in AD is valid for 0 and -1
- fixed extend.novell.get_universal_password
- entryUUID is properly validated in search filters
- custom attribute formatters are properly applied when parsing the search filter
- REUSABLE strategy now honours credentials when changed in the original connection
- add operation doesn't change passed attribute dict anymore
- missing entry's attribute return False when searching instead of raising an exception
- fixed ad_timestamp evaluation for integers
- wrong exception raised when user name is empty in simple binding
- exception is raised if size limit is exceed when searchin in mocking strategies with raise_exceptions=True
- fixed validator for novell guid
- fixed validator for openldap EntryUUID
- fixed validator for AD objectGUID, now follows MS-DTYP
- fixed formatter for AD objectGUID
- fixed exception when adding binary values
- added escape_rdn_chars() to ldap3.utils.dn for safe checking untrusted input while building DNs
- fixed search for binary values in mock strategies
- fixed exception with unicode chars in subfilters for python 2
- connection.extend.paged_search() doens't miss the last entries anymore when size limit is exceeded for the search on the server
- validators are not applied when loading data from json dump in Mock strategies
- additional validator to check for erroneous bytes to string conversion in Python 3
- additional formatter and validator to check for generalizedtime with 0 year
- added ADDITIONAL_CLIENT_ENCODINGS parameter
- fixed AD dir_sync extended operation
- ad_unlock_account works properly
- added Microsoft security descriptor control
- fixed search in mock strategies when raise_exceptions=True
- formatters never raise exceptions but returns the raw_value when unable to format
- fixed comtrols duplication in paged search
|
|
|
|
3.22.0:
Added constants:
SQLITE_DBCONFIG_TRIGGER_EQP, SQLITE_DBCONFIG_MAX
SQLITE_READONLY_CANTINIT, SQLITE_ERROR_RETRY, SQLITE_ERROR_MISSING_COLLSEQ, SQLITE_READONLY_DIRECTORY
|
|
|
|
- pwiz tool will capture column defaults defined as part of the
table schema.
- Fixed a misleading error message.
- Ensure reuse_if_open parameter has effect on pooled databases.
- Added support for on update/delete when migrating foreign-key.
- Fixed bug in SQL generation for subqueries in aliased functions.
|
|
|
|
SQLiteC++ offers an encapsulation arround the native C APIs of SQLite,
with a few intuitive and well documented C++ class. It is designed
using the Resource Acquisition Is Initialization (RAII) idom, and
throwing exceptions in case of SQLite errors (exept in destructors,
where assert() are used instead). Each SQLiteC++ object must be
constructed with a valid SQLite database connection, and then is
always valid until destroyed.
|
|
2.3.6:
Single bug fix that ws a possible security issue so I have pushed a version out.
Fix order of arguments in SQLWriteFileDSN.c, fix unwanted free() in iusql.c
Add pkg-config files
|
|
|
|
(this is the upgrade from 4.06 to 4.06.1)
|
|
|
|
This is LGPL MariaDB client library that can be used to connect to MySQL
or MariaDB.
|
|
SQLite Release 3.23.1:
Fix two problems in the new LEFT JOIN strength reduction optimization.
Fix misbehavior of the FTS5 xBestIndex method.
Fix a harmless reference to an uninitialized virtual machine register.
Fix the CLI so that it builds with -DSQLITE_UNTESTABLE
Fix the eval.c extension so that it works with PRAGMA empty_result_callbacks=ON.
Fix the generate_series virtual table so that it correctly returns no rows if any of its constraints are NULL.
Performance enhancements in the parser.
|
|
- Compatibility with Sphinx 1.7.0
- Ensure a change stream uses the proper session id while iterating
- Fix a rare crash in pooled mode when a replica set member was
disconnected
|
|
Upstream changes:
1.58 2018-03-28
- Switched to a production version.
1.57_01 2018-03-21
- Made it an error to fetch attributes from a statement
handle whose database handle is inactive (ribasushi++)
|
|
Upstream changes:
0.52 - 2018-04-05, H.Merijn Brand
* Dot-in-inc (cpantesters) - I missed two
|
|
6.2.0
------------------
- cleanup for SSL Context
- Add X-Pack clients to -py
- Adding Gzip support for capacity constrained networks
- ``_routing`` in bulk action has been deprecated in ES. Introduces a
breaking change if you use ``routing`` as a field in your documents.
6.1.1
------------------
- Updates to SSLContext logic to make it easier to use and have saner
defaults.
- Doc updates
6.1.0
------------------
- Bad release
|
|
=== Enhancements
Highlighting::
- Limit analyzed text for highlighting (improvements)
Recovery::
- Require translogUUID when reading global checkpoint
=== Bug fixes
Core::
- Remove special handling for _all in nodes info
Engine::
- Avoid class cast exception from index writer
- Maybe die before failing engine
- Never block on key in `LiveVersionMap#pruneTombstones`
Ingest::
- Continue registering pipelines after one pipeline parse failure.
Java High Level REST Client::
- REST high-level client: encode path parts
Packaging::
- Delay path expansion on Windows
Percolator::
- Fix percolator query analysis for function_score query
- Improved percolator's random candidate query duel test
Snapshot/Restore::
- Fix NPE when using deprecated Azure settings
Stats::
- Fix AdaptiveSelectionStats serialization bug
|
|
value, as recommended by Elasticsearch docs (improves performance, avoids locking lags).
|
|
native lib for the current platform rather than a list of preselected ones. Makes it possible to bind to non-localhost on platforms like NetBSD and SunOS.
|
|
|
|
No upstream changes, just dealing with new files caused to be installed
by the new version of jbuilder.
|
|
3.2.2
- Added support for passing Model classes to the returning() method
when you intend to return all columns for the given model.
- Fixed a bug when using user-defined sequences, and the underlying
sequence already exists.
- Added drop_sequences parameter to drop_table() method which allows
you to conditionally drop any user-defined sequences when dropping
the table.
3.2.1
- If both mysql-python and pymysql libraries are installed, Peewee
will use pymysql by default.
- Added new module playhouse.mysql_ext which includes
MySQLConnectorDatabase, a database implementation that works with
the mysql-connector driver.
- Added new field to ColumnMetadata class which captures a database
column's default value. ColumnMetadata is returned by
Database.get_columns().
- Added documentation on making Peewee async.
3.2.0
- Potentially backwards-incompatible change: Field.coerce renamed to
Field.adapt.
3.1.6
- Added rekey() method to SqlCipher database for changing encryption
key and documentation for set_passphrase() method.
- Added convert_values parameter to ArrayField constructor, which will
cause the array values to be processed using the underlying
data-type's conversion logic.
- Fixed unreported bug using TimestampField with sub-second
resolutions.
- Fixed bug where options were not being processed when calling
drop_table().
- Some fixes and improvements to signals extension.
|
|
Version 2.8.3
-------------
- Fixed bug where cursor.description was an emtpy tuple instead of None for
non-SELECT statements
Version 2.8.2
-------------
- Make sure pysqlite compiles with Visual Studio, which does not support C99
- Switch to sqlite3_open_v2. The flags parameter is now exposed. You can use it
to modify the behaviour of the opened database connection, for example
opening a database file in read-only mode or enable URI mode.
Version 2.8.1
-------------
BUG FIXES
- Fixed multiple refcount problems.
IMPROVEMENTS
- Added versionchanged about changed transaction behaviour wrt DDL statements
to documentation.
- I was informed by Roger Binns that FTS5 is not stable yet. The amalgamation
is now built with FTS3 and FTS4 instead.
Version 2.8.0
-------------
NEW FEATURES
- No new features, but tons of bugfixes. These mean that things now work that
didn't before:
- Transactional DDL now works
- You can use SAVEPOINTs now
BUILD PROCESS
- Python 2.7.x is now required. If trying to use it with Python 3, print a
useful error message. Integrated all fixes from the sqlite3 module in Python
2.7.10.
MAJOR IMPROVEMENTS
- Completety got rid of statement parsing. We now use SQLite functions to
determine if a statement modifies the database or not. If a statement
modifies the database, then we implicitly start a transaction. For backwards
compatibility reasons, we do NOT implicitly start a transaction if we
encounter a DDL statement.
You can, however, now have transactional DDL if you want to:
cur = con.cursor()
cur.execute("begin")
cur.execute("create table foo(bar)")
con.rollback()
This also means that people can now finally use SAVEPOINTS.
- Use sqlite3_get_autocommit() to determine if we are within a transaction
instead of trying to be smart.
- Switch to v2 statement API. This simplified the code and will increase
stability.
MINOR IMPROVEMENTS
- You can use unicode strings as index for Row objects.
BUGFIXES
- Fixed a regression: statements should not be reset after a commit.
GENERAL CLEANUP AND DEPRECATIONS
- Since december 2005, row_factory is a feature of the Connection class
instead of the Cursor class.
- DEPRECATE converters and adapters.
- DEPRECATE text_factory.
- Remove compatibility workarounds for old Python versions.
- Remove workarounds for old SQLite versions.
- Remove apsw related code.
Version 2.7.0
-------------
NEW FEATURES
- The limit functionality of SQLite is now wrapped.
BUILD PROCESS
- Instead of fts3, build fts5 extension when using amalgamation.
- use pkg-config for finding SQLite if available
- Removed the download/unpacking of SQLite amalgamation files.
IMPROVEMENTS
- Use toc.db file from the SQLite web site and a custom script to make sure
that we have all integer constants mapped to Python.
- Use Travis CI
- Added Trove classifier to make sure Python 3 users do not accidentally
try to install it.
BUGFIXES
- Fix for parsing fractional second part of timestamps.
- Fixed bug where when using converters, empty strings ended up as None
on the Python side.
- SQLite can cope with text with embedded NUL. We can now, too.
- many others
|
|
- Fix a critical AOF bug when fsync policy set to "always"
- Latency monitor could report wrong latencies under certain conditions.
- AOF rewriting could fail when a backgronud rewrite is triggered and
at the same time the AOF is switched on/off.
- Redis Cluster crash-recovery safety improved.
- Other smaller fixes (check commnits).
- Redis Cluster has now the ability to configure certain slaves so that
they'll never attempt a failover.
- Keyspace notifications API in modules.
- RM_Call() is now faster by reusing the same client.
- Tracking of the percentage of keys already logically expired but yet
not evicted.
|
|
SQLite Release 3.23.0:
Add the sqlite3_serialize() and sqlite3_deserialize() interfaces when the SQLITE_ENABLE_DESERIALIZE compile-time option is used.
Recognize TRUE and FALSE as constants. (For compatibility, if there exist columns named "true" or "false", then the identifiers refer to the columns rather than Boolean constants.)
Support operators IS TRUE, IS FALSE, IS NOT TRUE, and IS NOT FALSE.
Added the SQLITE_DBSTATUS_CACHE_SPILL option to sqlite3_db_status() for reporting the number of cache spills that have occurred.
The "alternate-form-2" flag ("!") on the built-in printf implementation now causes string substitutions to measure the width and precision in characters instead of bytes.
If the xColumn method in a virtual table implementation returns an error message using sqlite3_result_error() then give that error message preference over internally-generated messages.
Added the -A command-line option to the CLI to make it easier to manage SQLite Archive files.
Add support for INSERT OR REPLACE, INSERT OR IGNORE, and UPDATE OR REPLACE in the Zipfile virtual table.
Enhance the sqlite3changeset_apply() interface so that it is hardened against attacks from deliberately corrupted changeset objects.
Added the sqlite3_normalize() extension function.
Query optimizer enhancements:
Improve the omit-left-join optimization so that it works in cases where the right-hand table is UNIQUE but not necessarily NOT NULL.
Improve the push-down optimization so that it works for many LEFT JOINs.
Add the LEFT JOIN strength reduction optimization that converts a LEFT JOIN into an ordinary JOIN if there exist terms in the WHERE clause that would prevent the extra all-NULL row of the LEFT JOIN from appearing in the output set.
Avoid unnecessary writes to the sqlite_sequence table when an AUTOINCREMENT table is updated with an rowid that is less than the maximum.
Bug fixes:
Fix the parser to accept valid row value syntax.
Fix the query planner so that it takes into account dependencies in the arguments to table-valued functions in subexpressions in the WHERE clause.
Fix incorrect result with complex OR-connected WHERE and STAT4.
Fix potential corruption in indexes on expressions due to automatic datatype conversions.
Assertion fault in FTS4.
Incorrect result on the less-than operator in row values.
Always interpret non-zero floating-point values as TRUE, even if the integer part is zero.
Fix an issue in the fsdir(PATH) table-valued function to the fileio.c extension, that caused a segfault if the fsdir() table was used as the inner table of a join.
Issue an error rather instead of an assertion-fault or null-pointer dereference when the sqlite_master table is corrupted so that the sqlite_sequence table root page is really a btree-index page.
Fix the ANALYZE command so that it computes statistics on tables whose names begin with "sqlite".
Additional fixes for issues detected by OSSFuzz:
Fix a possible infinite loop on VACUUM for corrupt database files.
Disallow parameters in the WITH clause of triggers and views.
Fix a potential memory leak in row value processing.
Improve the performance of the replace() SQL function for cases where there are many substitutions on megabyte-sized strings, in an attempt to avoid OSSFuzz timeouts during testing.
Provide an appropriate error message when the sqlite_master table contains a CREATE TABLE AS statement. Formerly this caused either an assertion fault or null pointer dereference. Problem found by OSSFuzz on the GDAL project.
Incorrect assert() statement removed.
Fix a problem with using the LIKE optimization on an INTEGER PRIMARY KEY.
|
|
OpenLDAP 2.4.46 Release (2018/03/22)
Fixed libldap connection delete callbacks when TLS fails to start
Fixed libldap to not reuse tls_session if TLS hostname check fails
Fixed libldap cross-compiling with OpenSSL 1.1
Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method
Fixed libldap MozNSS CA certificate hash matching
Fixed libldap MozNSS with PEM certs when also using an NSS cert db
Fixed libldap MozNSS initialization
Fixed libldap GnuTLS with GNUTLS_E_AGAIN
Fixed libldap memory leak with cancel operations
Fixed slapd Eventlog registry key creation on 64-bit Windows
Fixed slapd to maintain SSF across SASL binds
Fixed slapd syncrepl deadlock when updating cookie
Fixed slapd syncrepl callback to always be last in the stack
Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens
Fixed slapd CSN queue processing
Fixed slapd-ldap TLS connection timeout with high latency connections
Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set
Fixed slapd-mdb with an optimization for long lived read transactions
Fixed slapd-meta assert when olcDbRewrite is modified
Fixed slapd-sock with LDAP_MOD_INCREMENT operations
Fixed slapo-accesslog cleanup to only occur on failed operations
Fixed slapo-dds entryTTL to actually decrease as per RFC 2589
Fixed slapo-syncprov memory leak with delete operations
Fixed slapo-syncprov to not clear pending operation when checkpointing
Fixed slapo-syncprov to correctly record contextCSN values in the accesslog
Fixed slapo-syncprov not to log checkpoints to accesslog db
Fixed slapo-syncprov to process changes from this SID on REFRESH
Fixed slapo-syncprov session log parsing to not block other operations
Build Environment
Fixed Windows build with newer MINGW version
Fixed compiler warnings and removed unused variables
Contrib
Fixed ldapc++ Control structure
Documentation
Delete stub manpage for back-ldbm
Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism
Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only
Fixed slapd-config(5) typo for olcTLSCipherSuite
Fixed slapo-syncprov(5) indexing requirements
|
|
0.33.1:
Fixed EncryptedType for Oracle padding attack
|
|
Release 1.2.6 includes a variety of fixes including a connection-pool related issue which could cause a connection to be added to the pool without all of the "connect" event handlers being called.
|
|
ok wiz@ for committing during freeze
|
|
Reset PKGREVISION by updates of all ruby*-base packages.
|
|
- Minor bug fixes.
|
|
Ride update.
|
|
0.07049 - 2018-03-21
- Fix tests when the path to perl has spaces in it (GH#19)
- Inline String::CamelCase::wordsplit() due to RT#123030
- Get enum values from DBD::Pg if it's new enough
- Remove dependency on DBIx::Class::IntrospectableM2M
0.07048_01 - 2018-02-23
- Convert from Module::Install to ExtUtils::MakeMaker + Distar (GH#17)
|
|
0.51 - 2018-03-24, H.Merijn Brand
* Dot-in-inc (cpantesters)
0.50 - 2018-03-21, H.Merijn Brand
* Explain more about header folding
* It's 2017
* BOM handling
* Some documentation enhancements
* Ignore DBI_DSN if it is not CSV
* It's 2018
* Test with perl-5.26, DBI-1.641, SQL::Statement-1.412, and
Text::CSV_XS-1.35
|
|
Add missing dependency.
|
|
- Fix compilation with rebar3
|
