The Evolve Extension extends the "changeset evolution" features of
Mercurial core. It provides a set of commands to easily mutate history as
well as the topics extension.
Several error paths in this library would fail to unlock libX11 when
they returned, which would eventually cause the client to deadlock.
This release fixes that bug.
Adam Jackson (1):
libXxf86misc 1.0.4
Alan Coopersmith (3):
Strip trailing whitespace
configure: Drop AM_MAINTAINER_MODE
autogen.sh: Honor NOCONFIGURE=1
Egbert Eich (1):
Add missing UnlockDisplay() and SyncHandle() to some error paths.
Fixes a 25+-year-old bug in correctly filling in the ::root member of
the ScreenSaverNotify event.
Adam Jackson (1):
libXScrnSaver 1.2.3
Alan Coopersmith (3):
Copy root field from wire event into root, not window, of Xlib event
configure: Drop AM_MAINTAINER_MODE
autogen.sh: Honor NOCONFIGURE=1
Daniel Martin (1):
Fix typo in man page: XScreenSaverSaverRegister()
Emil Velikov (1):
autogen.sh: use quoted string variables
Mihail Konev (1):
autogen: add default patch prefix
Peter Hutterer (1):
autogen.sh: use exec instead of waiting for configure to finish
ontains some tiny bugfixes sitting in git unreleased for too long.
Adam Jackson (1):
libXinerama 1.1.4
Emil Velikov (1):
autogen.sh: use quoted string variables
Michael Joost (1):
Remove fallback for _XEatDataWords, require libX11 1.6 for it
Mihail Konev (1):
autogen: add default patch prefix
Peter Hutterer (1):
autogen.sh: use exec instead of waiting for configure to finish
Tobias Stoeckmann (1):
libXinerama: Set number of screens to 0 on error
Notable changes since 0.9.15:
- Python 3 support
- fallocate and sparse support in whisper-create
- Support FADVISE_RANDOM for create/update/update_many
- Add update-storage-times.py - a tool to change storage schemas for
whisper files and update the data. Threaded to vastly improve speed
over whisper-auto-resize.py
- Add optional destinationPath for rrd2whisper
- Add json output to whisper-diff.py script
- Add whisper-set-xfilesfactor.py utility
- whisper-fetch: add –time-format option
- Numerous bug fixes
SUNDIALS is a SUite of Nonlinear and DIfferential/ALgebraic equation
Solvers. It consists of the following six solvers: CVODE, solves
initial value problems for ordinary differential equation (ODE)
systems; CVODES, solves ODE systems and includes sensitivity analysis
capabilities (forward and adjoint); ARKODE, solves initial value ODE
problems with additive Runge-Kutta methods, include support for IMEX
methods; IDA, solves initial value problems for differential-algebraic
equation (DAE) systems; IDAS, solves DAE systems and includes
sensitivity analysis capabilities (forward and adjoint); KINSOL,
solves nonlinear algebraic systems.
Upstream changes:
WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.
Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues.
Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were:
Taxonomy: Improve cache handling for term queries.
Posts, Post Types: Clear post password cookie when logging out.
Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.
Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first.
Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.
Changelog:
Fixed
Fixed broken website loading for Chinese users with accessibility enabled (Bug 1471824)
Fix missing content on the New Tab Page and the Home section of the Preferences page (Bug 1471375)
Fixed loss of bookmarks under rare circumstances when upgrading from Firefox 60 (Bug 1472127)
Improved playback of Twitch 1080p video streams (Bug 1469257)
Web pages no longer lose focus when a browser popup window is opened (Bug 1471415)
Fixed launching of downloads without a file extension on Windows (Bug 1465458)
Re-allowed downloading files from FTP sites via the "Save Link As" option when linked from HTTP pages (Bug 1470295)
Fixed extensions being unable to override the default homepage in certain situations (Bug 1466846)
general:
* Fix generate_sample() (used by OmegaScript $truncate and omindex) to return
an empty sample instead of throwing an exception when the requested sample
size is less than the size of the truncation indicator string. Patch from
Addy. Fixes https://trac.xapian.org/ticket/754 reported by Gaurav Arora.
indexers:
* Check for the HTML5 doctype or legacy doctype declaration and use default
charset UTF-8 if either is present. Previously we always used ISO-8859-1,
which is correct for older HTML versions, but not for HTML5.
* omindex:
+ When running commands without going through the shell, emulate shell exit
codes 127 (for command not found) and 126 (for other cases where we fail to
run the command). This means the "missing filter" handling should now work
properly for such commands. Noted by Gaurav Arora.
+ Index POD files despite minor formatting errors. We now pass
--errors=stderr to pod2text so that minor formatting errors don't prevent
us from indexing a file. (It may seem that --errors=none is a better
option, but for podlators < 4.11 that results in an ERRATA section in the
generated text version which we then end up indexing; 4.11 fixed that but
we can't assume that's in use). Reported by Gaurav Arora.
* omindex:
+ Check file size before calling libmagic to get the mime type, since
reading the file size is a much cheaper check and we can skip the
libmagic test if the file is empty or larger than the specified
maximum size. Patch from caiyulun.
* scriptindex:
+ Avoid some unnecessary copying of Action objects by making use of C++11
features.
+ Consistently send errors to stderr - some were sent to stdout.
Patch from Gaurav Arora.
+ Add new "hextobin" action. Based on a patch from Gaurav Arora.
+ Warn about non-integer arg to hash.
+ Fix hash action without an argument, which was failing with an assertion.
Based on a patch by Gaurav Arora: https://github.com/xapian/xapian/pull/189
+ Reject 'hash' with argument < 6. The hashing truncates and then adds a
6 character hash of the removed part, so can't produce a result shorter
than 6 characters. Patch from Gaurav Arora.
+ Look for alphanumerics when parsing index actions. None of the current
index actions contain digits, but we give more helpful error messages this
way.
+ Deprecate allowing spaces around = in scripts. This was never documented
as supported, and leads to a missing argument quietly swallowing the next
action rather than using an empty value or giving an error. Reported by
Gaurav Arora in https://github.com/xapian/xapian/pull/182
+ In boolean and unique actions, add a colon between prefix and term when
the term starts with a colon. This means the mapping is reversible, and
matches what omega actually does in this case when it tries to reverse the
mapping. Thanks to Andy Chilton for pointing out this corner case.
+ Add parsedate and valuepacked actions. Together these assist adding date
values for sorting and date range filtering. Based on a patch from Gaurav
Arora.
+ Use DB_RETRY_LOCK to wait if the database is already in use rather than
sleeping for a second and retrying. On most platforms this means we make a
blocking request for the lock, and even on platforms where that's not
supported, we now sleep and retry inside libxapian, and without having to
throw and catch an exception each time.
* scriptindex:
+ Reject index scripts with multiple "unique" actions. We don't handle this
case sensibly, and it doesn't seem like it really has a use, so better to
give an error for people who do this inadvertently.
omega:
* $freq: Speed up some cases by avoiding throwing and catching an exception
when we know the MSet has no term frequency information.
* $sort: New OmegaScript command which does a string sort on an OmegaScript
list, with u (unique) and r (reverse) options.
* $cond: New OmegaScript conditional multi-way conditional. Inspired by LISP's
COND, this provides a neater way to write a cascade of $if checks.
* $switch: New OmegaScript multi-way conditional which provides an even neater
way to write a cascade of $if{$eq{X,VALUE1},$if{$eq{X,VALUE2},...}}.
* $subdb and $subid: New commands which report the subdatabase name and the
docid in that subdatabase.
+ $termprefix and $unprefix: New OmegaScript commands which expose the existing
code inside omega for splitting up a term.
* Use str() to convert time_t to string, which is simpler code and faster than
using snprintf().
* New $seterror command to set the error message. Implemented by Gaurav Arora.
* Make $highlight more efficient. Patch from Vivek Pal.
templates:
* query: Use $prettyurl for the URL shown at the end of each match (previously
we only used it on the URL shown as a fallback when the document has no
title). Split off from changes by Vivek Pal in
https://github.com/xapian/xapian/pull/161
API:
* API classes now support C++11 move semantics when using a compiler which
we are confident supports them (currently compilers which define
__cplusplus >= 201103 plus a special check for MSVC 2015 or later).
C++11 move semantics provide a clean and efficient way for threaded code to
hand-off Xapian objects to worker threads, but in this case it's very
unhelpful for availability of these semantics to vary by compiler as it
quietly leads to a build with non-threadsafe behaviour. To address this,
user code can #define XAPIAN_MOVE_SEMANTICS before #include <xapian.h> to
force this on, and will then get a compilation failure if the compiler lacks
suitable support.
* MSet::snippet():
+ We were only escaping output for HTML/XML in some cases, which would
potentially allow HTML to be injected into output (this has been assigned
CVE-2018-0499).
+ Include certain leading non-word characters in snippets. Previously we
started the snippet at the start of the first actual word, but there are
various cases where including non-word characters in front of the actual
word adds useful context or otherwise aids comprehension. Reported by
Robert Stepanek in https://github.com/xapian/xapian/pull/180
* Add MSetIterator::get_sort_key() method. The sort key has always been
available internally, but wasn't exposed via the public API before, which
seems like an oversight as the collapse key has long been available.
Reported by 张少华 on xapian-discuss.
* Database::compact():
+ Allow Compactor::resolve_duplicate_metadata() implementations to delete
entries. Previously if an implementation returned an empty string this
would result in a user meta-data entry with an empty value, which isn't
normally achievable (empty meta-data values aren't stored), and so will
cause odd behaviour. We now handle an empty returned value by interpreting
it in the natural way - it means that the merged result is to not set a
value for that key in the output database.
+ Since 1.3.5 compacting a WritableDatabase with uncommitted changes throws
Xapian::InvalidOperationError when compacting to a single-file glass
database. This release adds similar checks for chert and when compacting
to a multiple-file glass database.
+ In the unlikely event that the total number of documents or the total
length of all documents overflow when trying to compact a multi-database,
we throw an exception. This is now a DatabaseError exception instead of a
const char* exception (a hang-over from before this code was turned into a
public API in the library).
* Document::remove_term(): Handle removing term at current TermIterator
position - previously the underlying iterator was invalidated, leading to
undefined behaviour (typically a segmentation fault). Reported by Gaurav
Arora.
* TermIterator::get_termfreq() now always returns an exact answer. Previously
for multi-databases we approximated the result, which is probably either a
hang-over from when this method was used during Enquire::get_eset(), or else
due to a thinking that this method would be used in that situation (it
certainly is not now). If the user creates a TermIterator object and asks it
for term frequencies then we really should give them the correct answer - it
isn't hugely costly and the documentation doesn't warn that it might be
approximated.
* QueryParser::parse_query():
+ Now adds a colon after the prefix when prefixing a boolean term which
starts with a colon. This means the mapping is reversible, and matches
what omega actually does in this case when it tries to reverse the mapping.
Thanks to Andy Chilton for pointing out this corner case.
+ The parser now makes use of newer features in the lemon parser generator to
make parsing faster and use less memory.
* Enquire::get_mset(): Fix bug with get_mset(0, 0, X) when X > 0 which was
causing an attempt to access an element in an empty vector. Reported by
sielicki in #xapian.
* Stem:
+ Add Indonesian stemming algorithm.
+ Small optimisations to almost all stemming algorithms.
* Stopper:
+ Add Indonesian stopword list.
+ The installed version of the Finnish stopword list now has one word per
line. Previously it had several space-separated words on some lines, which
works with C++'s std::istream_iterator but may be inconvenient for use from
some other languages.
+ The installed versions of stopword lists are now sorted in byte order
rather than whatever collation order is specified by LC_COLLATE or similar
at build time. This makes the build more reproducible, and also may be
more efficient for loading into some data structures.
* WritableDatabase::replace_document(term, doc): Check for last_docid wrapping
when used on a sharded database.
* Database::locked(): Consistently throw FeatureUnavailableError on platforms
where we can't test for a database lock without trying to take it.
Previously GNU Hurd threw DatabaseLockError while platforms where we don't
use fcntl() locking at all threw UnimplementedError.
* Database and WritableDatabase constructors: Fix handling of entries for
disabled backends in stub database files to throw FeatureUnavailableError
instead of DatabaseError.
* Database::get_value_lower_bound() now works correctly for sharded databases.
Previously it returned the empty string if any shard had no values in the
specified slot.
* PostingIterator was failing to keep an internal reference to the parent
Database object for sharded databases.
* ValueIterator::skip_to() and check() had an off-by-one error in their docid
calculations in some cases with sharded databases.
* Add Database::get_total_length() method. Previously you had to calculate
this from get_avlength() and get_doccount(), taking into account rounding
issues. But even then you couldn't reliably get the exact value when total
length is large since a double's mantissa has more limited precision than an
unsigned long long.
* Add Xapian::iterator_rewound() for bidirectional iterators, to test if the
iterator is at the start (useful for testing whether we're done when
iterating backwards).
* DatabaseOpeningError exceptions now provide errno via get_error_string()
rather than turning it into a string and including it in the exception
message.
* WritableDatabase::replace_document(): when passed a Document object which
came from a database and has unmodified values, we used to always read
those values into a memory structure. Now we only do this if the document
is being replaced to the same document ID which it came from, which should
make other cases a bit more efficient.
* Enquire::get_eset(): When approximating term frequencies we now round to the
nearest integer - previously we always rounded down.
matcher:
* OP_VALUE_*: When a value slot's lower and upper bound are equal, we know
that exactly how many documents the subquery can match (either 0 or those
bounds). This also avoids a division by zero which previously happened
when trying to calculate the estimate.
* Speed up sorting by keys. Use string::compare() to avoid having to call
operator< if operator> returns false.
* Fix clamping of maxitems argument to get_mset() - it was being clamped
to db.get_doccount(), now it's clamped to db.get_doccount() - first. In
practice this doesn't actually seem to cause any issues.
* If a match time limit is in effect, when it expires we now clamp
check_at_least to first + maxitems instead of to maxitems. In practice this
also doesn't seem to actually cause any issues (at least we've failed to
construct a testcase where it actually makes an observable difference).
* Fix percentages when only some shards have positions. If the final shard
didn't have positions this would lead to under-counting the total number leaf
of subqueries which would lead to incorrect positional calculations (and a
division by zero if the top level of the query was positional. This bug was
introduced in 1.4.3.
* OP_NEAR: Fix "phantom positions", where OP_NEAR would think a term without
positional information occurred at position 1 if it had the lowest term
frequency amongst the OP_NEAR's subqueries.
* Fix termfreq used in weight calculations for a term occurring more than once
in the query. Previously the termfreq for such terms was multiplied by the
number of different query positions they appeared at.
* OP_SYNONYM: We use the doclength upper bound for the wdf upper bound of a
synonym - now we avoid fetching it twice when the doclength upper bound is
explicitly needed.
* Short-cut init() when factor is 0 in most Weight subclasses. This indicates
the object is for the term-independent weight contribution, which is always 0
for most schemes, so there's no point fetching any stats or doing any
calculations. This fixes a divide by zero for TfIdfWeight, detected by
UBSan.
* OP_OR: Fix bug which caused orcheck1 to fail once hooked up to run with the
inmemory backend.
* Iterating of positions has been sped up, which means phrase matching is now
faster (by a little over 5% in some simple tests).
* Fix use after free of QueryOptimiser hint in certain cases involving
multiple databases only some of which have positional information.
This bug was introduced by changes in xapian-core 1.4.3. Fixes#752,
reported and analysed by Robert Stepanek.
* An unweighted OP_AND_MAYBE is now optimised to just its left branch - the
other branch or branches only contribute weight, so can be completely ignored
when the operator is unweighted.
glass backend:
* Fix glass freelist bug when changes to a new database which didn't modify the
termlist table were committed. In this corner case, a block which had been
allocated to be the root block in the termlist table was leaked. This was
largely harmless, except that it was detected by Database::check() and caused
it to report an error. Reported by Antoine Beaupré and David Bremner.
* Fix glass freelist bug with cancel_transaction(). The freelist wasn't
reset to how it was before the transaction, resulting in leaked blocks.
This was largely harmless, except that it was detected by Database::check()
and caused it to report an error.
* Improve the per-term wdf upper bound. Previously we used min(cf(term),
wdf_upper_bound(db)) which is tight for any terms which attain that
upper bound, and also for terms with termfreq == 1 (the latter are common
in the database (e.g. 66% for a database of wikipedia), but probably
much less common in searches). When termfreq > 1 we now use
max(first_wdf(term), cf(term) - first_wdf(term)), which means terms with
termfreq == 2 will also attain their bound (another 11% for the same
database) while terms with higher termfreq but below the global bound will
get a tighter bound.
* Fix Database::locked() on single-file glass db to just return false (such
databases can't be opened as a WritableDatabase so there can't be a write
lock). Previously this failed with: "DatabaseLockError: Unable to get write
lock on /flintlock: Testing lock"
* Fix compaction when both the input and output are specified as a file
descriptor. Previously this threw an exception due to an overeager check
that destination != source.
* Use O_TRUNC when compacting to single file. If the output already exists but
is larger than our output we don't want to just overwrite the start of it.
This case also used to result in confusing compaction percentages.
* Enable glass's "open_nearby_postlist" optimisation (which especially helps
large wildcard queries) for writable databases without any uncommitted
changes as well.
* Make get_unique_terms() more efficient for glass. We approximate
get_unique_terms() by the length of the termlist (which counts boolean terms
too) but clamp this to be no larger than the document length. Since we need
to open the termlist to get its length, it makes more sense to get the
document length from that termlist for no extra cost rather than looking it
up in the postlist table.
* Database::check() now checks document lengths against the stored document
length lower and upper bounds. Patch from Uppinder Chugh. Fixes
https://trac.xapian.org/ticket/617.
* Fix bogus handling of most-recently-read value slot statistics. It seems
that we get lucky and this can't actually cause a problem in practice due
to another layer of caching above, but if nothing else it's a bug waiting to
happen.
* If we fail to create the directory for a new database because the path
already exists, the exception now reports EEXIST as the errno value rather
than whatever errno value happened to be set from an earlier library call.
remote backend:
* xapian-tcpsrv --one-shot no longer forks. We need fork to handle multiple
concurrent connections, but when handling a single connection forking just
adds overhead and potentially complicates process management for our caller.
This aligns with the behaviour under __WIN32__ where we use threads instead
of forking, and service the connection from the main thread with --one-shot.
* Fix repeat call to ValueIterator::check() on the same docid to not always
set valid to true for remote backend.
inmemory backend:
* Fix repeat call to ValueIterator::check() on the same docid to not always
set valid to true for inmemory backend.
* Use binary chop instead of linear search in all places where we're searching
for a term or document - we weren't taking advantage of the sorted order
everywhere.
tools:
* xapian-delve:
+ Document values can contain binary data, so escape them by default for
output. Other options now supported are to decode as a packed integer
(like omindex uses for last modified), decode using
Xapian::sortable_unserialise(), and to show the raw form (which was the
previous behaviour).
+ Report current database revision.
* xapian-inspect:
+ Report entry count when opening table
+ Support inspecting single file DBs via a new --table option (which can also
be used with a non-single-file DB instead of specifying the path to the
table).
+ Add "first" and "last" commands which jump to the first/last entry in the
current table respectively.
+ "until" now counts and reports the number of entries advanced by.
+ Document "until" with no arguments - this advances to the end of the table,
but wasn't mentioned in the help.
+ Commands "goto" and "until" which take a key as an argument now expect the
key in the same escaped form that's used for display. This makes it much
simpler to interact with tables with binary keys.
+ Fix to expect .glass not .DB extension of glass tables.
* Version 3.6.2 (released 2018-02-16)
** libgnutls: When verifying against a self signed certificate ignore issuer.
That is, ignore issuer when checking the issuer's parameters strength, resolving
issue #347 which caused self signed certificates to be additionally marked as of
insufficient security level.
** libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data
MTU calculation now, it correctly accounts for the fixed overhead due to
padding (as 1 byte), while at the same time considers the rest of the
padding as part of data MTU.
** libgnutls: Address issue of loading of all PKCS#11 modules on startup
on systems with a PKCS#11 trust store (as opposed to a file trust store).
Introduced a multi-stage initialization which loads the trust modules, and
other modules are deferred for the first pure PKCS#11 request.
** libgnutls: The SRP authentication will reject any parameters outside
RFC5054. This protects any client from potential MitM due to insecure
parameters. That also brings SRP in par with the RFC7919 changes to
Diffie-Hellman.
** libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters
for SRP authentication.
** libgnutls: Addressed issue in the accelerated code affecting interoperability
with versions of nettle >= 3.4.
** libgnutls: Addressed issue in the AES-GCM acceleration under aarch64.
** libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by
Vitezslav Cizek).
** srptool: the --create-conf option no longer includes 1024-bit parameters.
** p11tool: Fixed the deletion of objects in batch mode.
** API and ABI modifications:
gnutls_srp_8192_group_generator: Added
gnutls_srp_8192_group_prime: Added
* Version 3.6.1 (released 2017-10-21)
** libgnutls: Fixed interoperability issue with openssl when safe renegotiation was
used. Resolves gitlab issue #259.
** libgnutls: gnutls_x509_crl_sign, gnutls_x509_crt_sign,
gnutls_x509_crq_sign, were modified to sign with a better algorithm than
SHA1. They will now sign with an algorithm that corresponds to the security
level of the signer's key.
** libgnutls: gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign()
accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That will signal
the function to auto-detect an appropriate hash algorithm to use.
** libgnutls: Removed support for signature algorithms using SHA2-224 in TLS.
TLS 1.3 no longer uses SHA2-224 and it was never a widespread algorithm
in TLS 1.2. As such, no reason to keep supporting it.
** libgnutls: Refuse to use client certificates containing disallowed
algorithms for a session. That reverts a change on 3.5.5, which allowed
a client to use DSA-SHA1 due to his old DSA certificate, without requiring him
to enable DSA-SHA1 (and thus make it acceptable for the server's certificate).
The previous approach was to allow a smooth move for client infrastructure
after the DSA algorithm became disabled by default, and is no longer necessary
as DSA is now being universally deprecated.
** libgnutls: Refuse to resume a session which had a different SNI advertised. That
improves RFC6066 support in server side. Reported by Thomas Klute.
** p11tool: Mark all generated objects as sensitive by default.
** p11tool: added options --sign-params and --hash. This allows testing
signature with multiple algorithms, including RSA-PSS.
** API and ABI modifications:
No changes since last version.
Improve update-gemspec.rb script which handles OVERRIDE_GEMSPEC.
When overriding depending versions, clear completely old dependencies.
Previously, it replace first dependency only and it cause incomplete
ruby gem's dependency in a few case.
0.23.12 (stable)
* Fix compile error when PKCS#11 GNU calling convention is enabled [PR#160]
* Fix getauxval() and secure_getenv() emulation on macOS and FreeBSD [PR#167]
* Build and test fixes on macOS [PR#162, PR#168]
0.23.11 (stable)
* trust: Add extractor for edk2/cacerts.bin [PR#139]
* modules: Add option to control module visibility from proxy [PR#140]
* trust: Prevent trust module being loaded by proxy module [PR#142]
* library: Use dedicated locale object for printing error [PR#148]
* Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly [PR#134]
* Improve const correctness for P11KitUri [PR#152]
* PKCS#11 URI scheme comparison is now case insensitive [PR#156]
* Build and test fixes [PR#151, PR#149, PR#141, PR#138, PR#135]
