pkgsrc changes:
- Remove PYTHON_VERSIONS_INCOMPATIBLE, Python 3.x is now supported too
- Take MAINTAINERship
Changes:
- Upstream doesn't provide changelog (and CHANGELOG file just reference to
commit messages). According skimming of commit messages mostly bugfixes and
improvements.
Changes:
2.12.3
------
* Allow hub use within GitHub Actions by specifying GITHUB_USER
* Show friendlier error message when GITHUB_TOKEN is set, but fetching
the current user fails
Backport upstream commit 106948d996d74bf5ff7e3511f35eefea0a90561f
(except setup.py change) to fix support with py-wsproto 0.13.0 and newer.
PKGREVISION++
1.0.8 (13 Jul 19)
~~~~~~~~~~~~~~~~~
* Accept as many selectors as the file format allows.
This relaxes the fix for CVE-2019-12900 from 1.0.7
so that bzip2 allows decompression of bz2 files that
use (too) many selectors again.
* Fix handling of large (> 4GB) files on Windows.
* Cleanup of bzdiff and bzgrep scripts so they don't use
any bash extensions and handle multiple archives correctly.
* There is now a bz2-files testsuite at
https://sourceware.org/git/bzip2-tests.git
1.0.7 (27 Jun 19)
~~~~~~~~~~~~~~~~~
* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH
* bzip2: Fix return value when combining --test,-t and -q.
* bzip2recover: Fix buffer overflow for large argv[0]
* bzip2recover: Fix use after free issue with outFile (CVE-2016-3189)
* Make sure nSelectors is not out of range (CVE-2019-12900)
The software hasn't been updated since 2002 and is probably full
of security problems. Two packages were using it. (gpsdrive has a
newer version in wip.)
2.38.1 (stable)
===
- Fix OOM in JPEG2000 loader [Ivan A. Melnikov, #107]
- Fix thumbnailing of animated GIFs [Debarshi Ray, #99]
- Multiple improvements to the GIF loader [Robert Ancell, !24, !28, !30, #22, #69
- Fix build on Windows/MSYS2 [Christoph Reiter, !29]
- Fix soname versioning on macOS [Christoph Reiter, !23]
- Cross-compilation fixes for Android [Matthew Waters, #64]
- Fix building modules on macOS [Ignacio Casal Quinteiro, !18 and !19]
- Fix introspection generation [Iain Lane, #92]
- Fix error handling in PNG loader [Debarshi Ray, !16]
- Improve reproducibility of the build [Chris Lamb, !15]
- Speed up saving PNG files [Brion Vibber, #90]
- Add variables in the pkg-config files for binary utilities [Emmanuele Bassi, #88]
- Build fixes [Emmanuele Bassi, #88]
2.38.0 (stable)
===
- Documentation fixes
2.37.92 (release candidate)
===
- Ensure that GdkPixbuf's storage is safely handled [Federico Mena Quintero]
- Add test case for buffer overflow in pixdata loader [Bastien Nocera, #57]
2.37.0 (development)
===
- Rework relocation support for loaders cache on Windows [Christoph Reiter, #776081]
- Properly install test data [Emmanuele Bassi, Jeremy Bicha, #795527, #795210]
- Plug a memory leak when using GBytes [Vitaly Kirsanov, #787626]
- Fix introspection annotations [Iñaki García Etxebarria, #789935]
- Fix documentation building with X11 disabled [Quentin Glidic, #794872]
- Drop Autotools build and move to Meson [Emmanuele Bassi]
- Fix OOB error when dithering [Bert Pauline, #748211]
- Drop the MMX assembly optimizations for pixops [Emmanuele Bassi]
- Improve compatibility for the post-install script [Brendan L, #795705]
- Expose the dimensions of the original image from GdkPixbufLoader [Debarshi Ray, #778517]
- Improve thumbnailer implementation [Debarshi Ray, #778517]
- Make X11 a dependency if the `x11` build option is enabled [Emmanuele Bassi, #77]
- Generate separate introspection data for GdkPixdata API [Emmanuele Bassi, #72]
- Deprecate GDK_INTERP_HYPER [Emmanuele Bassi, #3]
- Avoid a deprecation warning with recent libjasper [Emmanuele Bassi, #73]
- Fix build on macOS [Emmanuele Bassi, !5]
- Fix build with Visual Studio [Chun-wei Fan, !8]
- Fix cross-compilation of Windows build on Linux [Benjamin Gilbert, !10]
Not used in pkgsrc, needs quite unmaintained jasper library with lots
of security problems, and is harder to keep working with meson version
of gdk-pixbuf2.
v0.14.0: 2019-06-21
- Display ABLABELs for URLs and Private Objects
- Allow vcard selections to be aborted explicitly
- Unify edit and source subcommands
- Merge export and show subcommands
- Turn template export into a seperate command
- Require python >= 3.5
- Add html documentation (generated with sphinx)
- Add man page (generated with sphinx)
v1.4.1
bug: Fix data corruption in niche use cases by @terrelln (#1659)
bug: Fuzz legacy modes, fix uncovered bugs by @terrelln (#1593, #1594, #1595)
bug: Fix out of bounds read by @terrelln (#1590)
perf: Improve decode speed by ~7% @mgrice (#1668)
perf: Slightly improved compression ratio of level 3 and 4 (ZSTD_dfast) by @cyan4973 (#1681)
perf: Slightly faster compression speed when re-using a context by @cyan4973 (#1658)
perf: Improve compression ratio for small windowLog by @cyan4973 (#1624)
perf: Faster compression speed in high compression mode for repetitive data by @terrelln (#1635)
api: Add parameter to generate smaller dictionaries by @tyler-tran (#1656)
cli: Recognize symlinks when built in C99 mode by @felixhandte (#1640)
cli: Expose cpu load indicator for each file on -vv mode by @ephiepark (#1631)
cli: Restrict read permissions on destination files by @chungy (#1644)
cli: zstdgrep: handle -f flag by @felixhandte (#1618)
cli: zstdcat: follow symlinks by @vejnar (#1604)
doc: Remove extra size limit on compressed blocks by @felixhandte (#1689)
doc: Fix typo by @yk-tanigawa (#1633)
doc: Improve documentation on streaming buffer sizes by @cyan4973 (#1629)
build: CMake: support building with LZ4 @leeyoung624 (#1626)
build: CMake: install zstdless and zstdgrep by @leeyoung624 (#1647)
build: CMake: respect existing uninstall target by @j301scott (#1619)
build: Make: skip multithread tests when built without support by @michaelforney (#1620)
build: Make: Fix examples/ test target by @sjnam (#1603)
build: Meson: rename options out of deprecated namespace by @lzutao (#1665)
build: Meson: fix build by @lzutao (#1602)
build: Visual Studio: don't export symbols in static lib by @scharan (#1650)
build: Visual Studio: fix linking by @absotively (#1639)
build: Fix MinGW-W64 build by @myzhang1029 (#1600)
misc: Expand decodecorpus coverage by @ephiepark (#1664)
As we pass the half-way point of 2019, it’s time for MAME 0.211,
with all the excitement that brings. In this release, SGI Indy and
MIPS RC2030 workstations have been promoted to working. This is a
major milestone in RISC workstation emulation. If you’re feeling
nostalgic, why not try one of them out, and install IRIX or RISC/os,
respectively? This release also includes better support for the
China Education Computer Apple II derivatives, along with a
preliminary software list. This opens a window to Chinese classroom
technology in the late ’80s and early ’90s. Speaking of software
lists, we’ve added over five hundred cleanly cracked Apple II
software titles, and imported a whole lot of ZX Spectrum cassette
images.
Looking away from computer emulation for a moment, Game & Watch
preservation keeps progressing, with the addition of Ball (the
earliest Game & Watch release) and the panorama screen version of
Donkey Kong Jr. The Gaelco/Salter Pro Cycle Tele Cardioline exercise
system has been promoted to working, and the Pro Stepper system
has been added. System 573 MP3 audio has been greatly improved in
this release, and support has been added for more Bally pinball
sound boards. ClawGrip added example programs from the V.R.
Technologies VT03 software development kit. Gemcrush, a rare brick
breaking arcade game, has been added in this release.
There are lots of other improvements, including a fix for the fatal
error when switching away from MAME in Direct3D full-screen mode.
1.0.14
[feature] [template]
The n filter is now supported in the <%page> tag. This allows a template to omit the default expression filters throughout a whole template, for those cases where a template-wide filter needs to have default filtering disabled. Pull request courtesy Martin von Gagern.
[bug] [exceptions]
Fixed issue where the correct file URI would not be shown in the template-formatted exception traceback if the template filename were not known. Additionally fixes an issue where stale filenames would be displayed if a stack trace alternated between different templates. Pull request courtesy Martin von Gagern.
4.8.0:
This release focuses on making it easier to customize Beautiful Soup's
input mechanism (the TreeBuilder) and output mechanism (the Formatter).
* You can customize the TreeBuilder object by passing keyword
arguments into the BeautifulSoup constructor. Those keyword
arguments will be passed along into the TreeBuilder constructor.
The main reason to do this right now is to change how which
attributes are treated as multi-valued attributes (the way 'class'
is treated by default). You can do this with the
'multi_valued_attributes' argument.
* The role of Formatter objects has been greatly expanded. The Formatter
class now controls the following:
- The function to call to perform entity substitution. (This was
previously Formatter's only job.)
- Which tags should be treated as containing CDATA and have their
contents exempt from entity substitution.
- The order in which a tag's attributes are output.
- Whether or not to put a '/' inside a void element, e.g. '<br/>' vs '<br>'
All preexisting code should work as before.
* Added a new method to the API, Tag.smooth(), which consolidates
multiple adjacent NavigableString elements.
* ' (which is valid in XML, XHTML, and HTML 5, but not HTML 4) is always
recognized as a named entity and converted to a single quote.
2.2.1
Changes:
Fix: tests, support for newer versions of pytest
Fix: tests, disable test with drf dependency for older python versions
2.2.0
Changes:
Fix: removing wrongly released text_tags template
Fix: graph_models, support for Python <3.6
Improvement: ForeignKeySearchInput, wrap media files in static()
Improvement: UniqField, added tests
Improvement: dumpscript, fix orm_item_locator to use dateutil
Improvement: graph_models, added argument to change arrow_shape
The Paho Python Client provides a client class with support for both
MQTT v3.1 and v3.1.1 on Python 2.7 or 3.x. It also provides some
helper functions to make publishing one off messages to an MQTT server
very straightforward.
Packaged in wip by Kamel Derouiche.
Changes:
Fix building against LibreSSL (#284, #486, #570)
Fix building against mbedTLS (#115, #528)
Fix torrents ETA calculation (#522)
Fix cross-compilation issues caused by miniupnpc configuration test (#475)
Qt Client
Fix bad downloaded percentage in DetailsDialog (#547)
Web Client
Fix tracker error XSS in inspector (CVE pending; found by Rory McNamara of Gotham Digital Science)
Fix torrent name HTML-escaping in trackers inspector tab
(nb4 because wip is nb4)
Eclipse Mosquitto is an open source (EPL/EDL licensed) message broker that
implements the MQTT protocol versions 3.1 and 3.1.1 MQTT provides a
lightweight method of carrying out messaging using a publish/subscribe model.
This makes it suitable for "Internet of Things" messaging such as with low power
sensors or mobile devices such as phones, embedded computers or
microcontrollers like the Arduino.
NEWS for the Nettle 3.5.1 release
The Nettle-3.5.1 corrects a packaging mistake in Nettle-3.5.
The new directory x86_64/sha_ni were missing in the tar file,
breaking x86_64 builds with --enable-fat, and producing worse
performance than promised for builds with --enable-x86-sha-ni.
Also a few unused in-progress assembly files were accidentally
included in the tar file.
These problems are corrected in Nettle-3.5.1. There are no
other changes, and also the library version numbers are
unchanged.
NEWS for the Nettle 3.5 release
This release adds a couple of new features and optimizations,
and deletes or deprecates a few obsolete features. It is *not*
binary (ABI) compatible with earlier versions. Except for
deprecations listed below, it is intended to be fully
source-level (API) compatible with Nettle-3.4.1.
The shared library names are libnettle.so.7.0 and
libhogweed.so.5.0, with sonames libnettle.so.7 and
libhogweed.so.5.
Changes in behavior:
* Nettle's gcm_crypt will now call the underlying block cipher
to process more than one block at a time. This is not a
change to the documented behavior, but unfortunately breaks
assumptions accidentally made in GnuTLS, up to and including
version 3.6.1.
New features:
* Support for CFB8 (Cipher Feedback Mode, processing a single
octet per block cipher operation), contributed by Dmitry
Eremin-Solenikov.
* Support for CMAC (RFC 4493), contributed by Nikos
Mavrogiannopoulos.
* Support for XTS mode, contributed by Simo Sorce.
Optimizations:
* Improved performance of the x86_64 AES implementation using
the aesni instructions. Gives a large speedup for operations
processing multiple blocks at a time (including CTR mode,
GCM mode, and CBC decrypt, but *not* CBC encrypt).
* Improved performance for CTR mode, for the common case of
16-byte block size. Pass more data at a time to underlying
block cipher, and fill the counter blocks more efficiently.
Extension to also handle GCM mode efficiently contributed
by Nikos Mavrogiannopoulos.
* New x86_64 implementation of sha1 and sha256, for processors
supporting the sha_ni instructions. Speedup of 3-5 times on
affected processors.
* Improved parameters for the precomputation of tables used
for ecc signatures. Roughly 10%-15% speedup of the ecdsa
sign operation using the secp_256r1, secp_384r1 and
secp_521r1 curves, and 25% speedup of ed25519 sign
operation, benchmarked on x86_64. Table sizes unchanged,
around 16 KB per curve.
* In ARM fat builds, automatically select Neon implementation
of Chacha, where possible. Contributed by Yuriy M.
Kaminskiy.
Deleted features:
* The header file des-compat.h and everything declared therein
has been deleted, as announced earlier. This file provided a
subset of the old libdes/ssleay/openssl interface for DES
and triple-DES. DES is still supported, via the functions
declared in des.h.
* Functions using the old struct aes_ctx have been marked as
deprecated. Use the fixed key size interface instead, e.g.,
struct aes256_ctx, introduced in Nettle-3.0.
* The header file nettle-stdint.h, and corresponding autoconf
tests, have been deleted. Nettle now requires that the
compiler/libc provides <stdint.h>.
Miscellaneous:
* Support for big-endian ARM systems, contributed by Michael
Weiser.
* The programs aesdata, desdata, twofishdata, shadata and
gcmdata are no longer built by default. Makefile
improvements contributed by Jay Foad.
* The "example" program examples/eratosthenes.c has been
deleted.
* The contents of hash context structs, and the deprecated
aes_ctx struct, have been reorganized, to enable later
optimizations.
The shared library names are libnettle.so.7.0 and
libhogweed.so.5.0.
4.27 Thu Jun 27 22:43:44 CEST 2019
- linux aio backend almost complete rewritten to work around its
limitations.
- epoll backend now mandatory for linux aio backend.
- fail assertions more aggressively on invalid fd's detected
in the event loop, do not just silently fd_kill in case of
user error.
- ev_io_start/ev_io_stop now verify the watcher fd using
a syscall when EV_VERIFY is 2 or higher.
4.26 (EV only)
- update to libecb 0x00010006.
- new experimental linux aio backend (linux 4.18+).
- removed redundant 0-ptr check in ev_once.
- updated/extended ev_set_allocator documentation.
- replaced EMPTY2 macro by array_needsize_noinit.
- minor code cleanups.
- epoll backend now uses epoll_create1 also after fork.
3.43.0 (2019-06-27)
! Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands.
- Added a second layer of authentication to the update mechanism
3.43.0-rc2 (2019-06-21)
- Rebuilt against libfilezilla 0.17.1
3.43.0-rc1 (2019-06-19)
- macOS: Minimum required macOS version has been increased to 10.11 (El Capitan)
- *nix: Official Linux binaries are now built for Debian 10 (Buster)
- Building FileZilla now requires a C++17 compiler
- Building and running FileZilla now depends on libfilezilla >= 0.17.0 (https://lib.filezilla-project.org/)
- When using SFTP, fix fallback to password authentication on a server refusing a password-protected key
- Fix HTTP proxy support
- *nix: Improve resolution of program icon
