3.33.0:
This release supports strategy inference for more field types in Django models() - you can now omit an argument for Date, Time, Duration, Slug, IP Address, and UUID fields.
Strategy generation for fields with grouped choices now selects choices from each group, instead of selecting from the group names.
IPython 6.2.1:
IPython 6.2.1 ships with two minor fixes leading to no completions when using Jedi 0.11+, and crash on some linux system with virtualenv
IPython 6.2:
IPython 6.2 contains all the bugs fixes and features available in IPython 5.5, like built in progress bar support, and system-wide configuration
v36.6.0:
* Added setuptools.build_meta module, an implementation of PEP-517 for Setuptools-defined packages.
* Added dist_info command for producing dist_info metadata.
A Ruby binding to the state-of-the-art Networking and Cryptography
library by Daniel J. Bernstein. This is NOT Google Native Client. This
is a crypto library.
historic focus is autocompletion, but does static analysis for now as well.
Jedi is fast and is very well tested. It understands Python on a deeper level
than all other static analysis frameworks for Python.
Jedi has support for two different goto functions. It's possible to search for
related names and to list all names in a Python file and infer them. Jedi
understands docstrings and you can use Jedi autocompletion in your REPL as
well.
for different Python versions (in multiple Python versions). Parso is also
able to list multiple syntax errors in your python file.
Parso has been battle-tested by jedi. It was pulled out of jedi to be useful
for other projects as well.
Parso consists of a small API to parse Python and analyse the syntax tree.
A native Ruby implementation of the SMB Protocol Family. It currently
supports MS-SMB and MS-SMB2. This library currently include both a
client level, and packet level support. A user can aprse and
manipulate raw SMB packets, or simply use the simple client to perform
SMB operations. See the Wiki for more information on this porject's
long-term goals, style guide, and developer tips.
BinData provides a declarative way to read and write structured binary
data. This means the programmer specifies what the format of the
binary data is, and BinData works out how to read and write data in
this format. It is an easier (and more readable) alternative to ruby's
#pack and #unpack methods. BinData makes it easy to create new data
types. It supports all the common primitive datatypes that are found
in structured binary data formats. Support for dependent and variable
length fields is built in.
pkgsrc changes:
- Take MAINTAINERship
- No need to redefine WRKSRC, NFCI.
Changes:
0.9.6.5
-------
- Translators/SpellChecker: add a simple wrapper for aspell/hunspell (only used
via `-e spell|aspell|hunspell' option, for the moment no DEPENDS was added for
it and if aspell or hunspell isn't installed this feature can not be used
(trans will print an error message about that)).
- Implement DESTDIR support
- Translators/GoogleTranslate: preserve alternative translations even if
dictionary information exists
- Translate: add support for basic authentication for HTTP proxies
- Misc improvements and bug fixies
1.1.0:
Features
* Waitress now has a __main__ and thus may be called with python -mwaitress
Bugfixes
* Waitress no longer allows lowercase HTTP verbs. This change was made to fall in line with most HTTP servers.
* When receiving non-ascii bytes in the request URL, waitress will no longer abruptly close the connection, instead returning a 400 Bad Request.
Patches from Juoni Malinen and Mathy Vanhoef.
Fixes:
- CVE-2017-13077
- CVE-2017-13078
- CVE-2017-13079
- CVE-2017-13080
- CVE-2017-13081
- CVE-2017-13082
- CVE-2017-13086
- CVE-2017-13087
- CVE-2017-13088
Tested by leot, thanks!
Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
Do not reinstall TK to the driver during Reassociation Response frame
processing if the first attempt of setting the TK succeeded. This avoids
issues related to clearing the TX/RX PN that could result in reusing
same PN values for transmitted frames (e.g., due to CCM nonce reuse and
also hitting replay protection on the receiver) and accepting replayed
frames on RX side.
This issue was introduced by the commit
0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
authenticator') which allowed wpa_ft_install_ptk() to be called multiple
times with the same PTK. While the second configuration attempt is
needed with some drivers, it must be done only if the first attempt
failed.
Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
Track the current GTK and IGTK that is in use and when receiving a
(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
not install the given key if it is already in use. This prevents an
attacker from trying to trick the client into resetting or lowering the
sequence counter associated to the group key.
Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
Mode cases
This extends the protection to track last configured GTK/IGTK value
separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
corner case where these two different mechanisms may get used when the
GTK/IGTK has changed and tracking a single value is not sufficient to
detect a possible key reconfiguration.
Subject: [PATCH 4/8] Prevent installation of an all-zero TK
Properly track whether a PTK has already been installed to the driver
and the TK part cleared from memory. This prevents an attacker from
trying to trick the client into installing an all-zero TK.
This fixes the earlier fix in commit
ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
driver in EAPOL-Key 3/4 retry case') which did not take into account
possibility of an extra message 1/4 showing up between retries of
message 3/4.
Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
The Authenticator state machine path for PTK rekeying ended up bypassing
the AUTHENTICATION2 state where a new ANonce is generated when going
directly to the PTKSTART state since there is no need to try to
determine the PMK again in such a case. This is far from ideal since the
new PTK would depend on a new nonce only from the supplicant.
Fix this by generating a new ANonce when moving to the PTKSTART state
for the purpose of starting new 4-way handshake to rekey PTK.
Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
Do not try to reconfigure the same TPK-TK to the driver after it has
been successfully configured. This is an explicit check to avoid issues
related to resetting the TX/RX packet number. There was already a check
for this for TPK M2 (retries of that message are ignored completely), so
that behavior does not get modified.
For TPK M3, the TPK-TK could have been reconfigured, but that was
followed by immediate teardown of the link due to an issue in updating
the STA entry. Furthermore, for TDLS with any real security (i.e.,
ignoring open/WEP), the TPK message exchange is protected on the AP path
and simple replay attacks are not feasible.
As an additional corner case, make sure the local nonce gets updated if
the peer uses a very unlikely "random nonce" of all zeros.
Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
request
Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
Mode Response if WNM-Sleep Mode has not been used') started ignoring the
response when no WNM-Sleep Mode Request had been used during the
association. This can be made tighter by clearing the used flag when
successfully processing a response. This adds an additional layer of
protection against unexpected retransmissions of the response frame.
Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
The driver is expected to not report a second association event without
the station having explicitly request a new association. As such, this
case should not be reachable. However, since reconfiguring the same
pairwise or group keys to the driver could result in nonce reuse issues,
be extra careful here and do an additional state check to avoid this
even if the local driver ends up somehow accepting an unexpected
Reassociation Response frame.
