Security Fixes:
EPT: Fix crash observed when Ghostscript fails to produce useful output. This was particularly noticeable when Ghostscript was not installed. This crash could be used to cause denial of service.
PNG: With libpng 1.6.X, avoid a crash while copying a PNG with a "known incorrect ICC profile". This crash could be used to cause denial of service.
Bug fixes:
Build: Fix cross-compilation for MinGW64 on Linux build machine.
Build: configure FreeType test no longer insists that <freetype/freetype.h> can be included.
CMS profile: Only delete the CMS transform if it is non-null. Fixes assersion observed when lcms returned a null profile and GraphicsMagick attempted to deallocate it.
Drawing: Improve error handling logic so that drawing returns quickly on pixel access errors rather than plowing on ahead. This avoids problems with SVGs which take seemingly forever to render.
Drawing via C/C++ APIs: BevelJoin no longer causes a MVG parsing error.
EPT: Fix crash observed when Ghostscript fails to produce useful output. This was particularly noticeable when Ghostscript was not installed.
OpenMP: Revert use of omp_set_dynamic() since it caused performance issues when using GCC's GOMP implementation and the number of threads to use is specified.
EXIF profile: Support the SubjectArea EXIF tag.
MIFF writer: PseudoClass format was written incorrectly for depth greater than 8.
MIFF writer: RLE compressed format used inverted alpha from the other subformats and contrary to the MIFF specification.
MIFF reader: Fixes Fixes to be able to read MIFF written by ImageMagick 6.X, including DirectClass grayscale images (except for RLE compressed).
Mosaic: Fixed unsigned underflow problem with -mosaic when page offset is negative and exceeds image width or height, resulting in assertions, out of memory errors, or pixel cache limit errors.
PDF: Consistently initialize Image page width and height to image width and height. While general to all of GraphicsMagick, this change is to assure that the PDF writer computes page dimensioning consistently. PDF page dimensioning was wrong if the image had been resized with -geometry "100%".
PAM: Fix MAXVAL scaling when reading PAM images. PAM was only working correctly for images with 256 or 64k levels.
PNM: PGM "P2" format writer wrote bad output for 8-bit depth.
PNG: With libpng 1.6.X, avoid a crash while copying a PNG with a "known incorrect ICC profile".
PNG: Q8 GM build now correctly reads 16-bit PNG files.
TIFF writer: Try to avoid writing more than 32k strips per image by increasing rows-per-strip since some programs fail to read images with more than 32k strips per image.
TIM reader: PSX TIM reports 8-bit depth (rather than 16).
TTF font rendering: Improve FreeType rendering error logic so that rendering returns immediately on pixel access errors rather than plowing on ahead.
TTF font rendering: Support rendering UTF-8 up to 21-bit code points. Was only supporting 16-bit code points.
Wand API: DrawSetStrokeDashArray() / DrawGetStrokeDashArray(), fix failure to work properly due to this code path never being tested.
Windows Ghostscript: 64-bit GraphicsMagick no longer requires both 32-bit and 64-bit builds of Ghostscript to be installed in order to read Postscript and PDF formats.
XPM reader: Reported depth now depends on the colormap rather than always claiming to be 16-bit.
New Features:
JPEG: Add support for writing 'XMP' profile.
PNM: As a simple non-standard extension to the standard PNM and PAM formats, support writing and reading 32-bit sample depth. Writing such files is only supported by the Q32 build although they may be read by any build.
WebP: Now supports reading and writing Google's WebP format. This feature is not currently supported by the Windows Visual Studio build.
discussion; set it back to emacs22, which was chosen on purpose.
emacs24 takes longer to build than the entire intended time budget for
this package.
Bump version.
Version 0.2.9-dev
-----------------
Released on December 28th, 2013
- Fixes anonymous user assignment.
- Fixes localization in Python 3.
Version 0.2.8
-------------
Released on December 21st 2013
- Support login via authorization header. This allows login via Basic Auth, for
example. Useful in an API presentation context.
- Ability to override user ID method name. This is useful if the ID getter is
named differently than the default.
- Session data is now only read when the user is requested. This can be
beneficial for cookie and caching control when differenting between
requests that use user information for rendering and ones where all users
(including anonymous) get the same result (e.g. static pages)
- BREAKING: User *must* always be accessed through the ``current_user``
local. This breaks any previous direct access to ``_request_ctx.top.user``.
This is because user is not loaded until current_user is accessed.
- Fixes unnecessary access to the session when the user is anonymous
and session protection is active.
see https://github.com/maxcountryman/flask-login/issues/120
- Fixes issue where order dependency of applying the login manager
before dependent applications was required.
see https://github.com/mattupstate/flask-principal/issues/22
- Fixes Python 3 ``UserMixin`` hashing.
- Fixes incorrect documentation.
Version 0.9.4
-------------
Released 2013/12/20
- Bugfix for csrf module when form has a prefix
- Compatible support for wtforms2
- Remove file API for FileField
**1.6.2** (2013-12-26)
======================
Minor changes & compatibility fixes
* Re-tuned the :attr:`~passlib.ifc.PasswordHash.default_rounds`
values for all of the hashes.
* Added the new :doc:`bcrypt_sha256 <lib/passlib.hash.bcrypt_sha256>` hash,
which wraps BCrypt using SHA256 in order to work around
BCrypt's password size limitations (:issue:`43`).
* :doc:`passlib.hash.bcrypt <lib/passlib.hash.bcrypt>`:
Added support for the `bcrypt <https://pypi.python.org/pypi/bcrypt>`_
library as one of the possible bcrypt backends that will be
used if available. (:issue:`49`)
* :mod:`passlib.ext.django`: Passlib's Django extension
(and it's related hashes and unittests) have been updated to
handle some minor API changes in Django 1.5-1.6. They should
now be compatible with Django 1.2 and up. (:issue:`50`)
This needs more work but at least allows the package to be built. However,
it segfaults when you try to compose a message. It looks like there are
issues with format strings.
Update DEPENDS
Upstream changes:
1.004002 - 2013-12-31
- fix type inflation in threads when types are inserted by manually
stringifying the type first (like Type::Tiny)
- add undefer_all to Sub::Defer
1.004001 - 2013-12-27
- fix repository links in pod
- add missing changelog entry regarding strictures to 1.004000 release
1.004000 - 2013-12-26
- strictures will now be applied to modules using Moo just as if they
included "use strictures" directly. This means that strictures extra
checks will now apply to code in checkouts.
- fix handling of type inflation when used with threads
- don't include meta method when consuming Mouse roles
- inhale Moose roles for has attr => ( handles => "RoleName" )
- provide useful error if attribute defined as required but with
init_arg => undef
- document that BUILDARGS isn't called when there are no attributes
- omit sub imported before use Moo from Moose method inflation
- check for FOREIGNBUILDARGS only once per class instead of on each
instantiation
- take advantage of XS predicates from newer versions of Class::XSAccessor
- always try to load superclasses and roles, and only fall back on the
heuristic of checking for subs if the file doesn't exist
- fix handling of attributes with names that aren't valid identifiers
- Quoted subs now preserve the package and pragmas from their calling code
- the official Moo git repository has moved to the Moose organization on
GitHub: https://github.com/moose/Moo
Noteworthy changes in version 1.6.0 (2013-12-16)
------------------------------------------------
* Removed the long deprecated gcry_ac interface. Thus Libgcrypt is
not anymore ABI compatible to previous versions if they used the ac
interface.
* Removed the module register subsystem.
* The deprecated message digest debug macros have been removed. Use
gcry_md_debug instead.
* Removed deprecated control codes.
* Improved performance of most cipher algorithms as well as for the
SHA family of hash functions.
* Added support for the IDEA cipher algorithm.
* Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
* Added limited support for the GOST 28147-89 cipher algorithm.
* Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
hash algorithms.
* Added a random number generator to directly use the system's RNG.
Also added an interface to prefer the use of a specified RNG.
* Added support for the SCRYPT algorithm.
* Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
secret keys. See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
* Added support for Deterministic DSA as per RFC-6969.
* Added support for curve Ed25519.
* Added a scatter gather hash convenience function.
* Added several MPI amd SEXP helper functions.
* Added support for negative numbers to gcry_mpi_print,
gcry_mpi_aprint and gcry_mpi_scan.
* The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
deprecated. Use GCRY_PK_ECC if you need an algorithm id.
* Changed gcry_pk_genkey for "ecc" to only include the curve name and
not the parameters. The flag "param" may be used to revert this.
* Added a feature to globally disable selected hardware features.
* Added debug helper functions.
* "git diff -- ':(icase)makefile'" was unnecessarily rejected at the
command line parser.
* "git cat-file --batch-check=ok" did not check the existence of
the named object.
* "git am --abort" sometimes complained about not being able to write
a tree with an 0{40} object in it.
* Two processes creating loose objects at the same time could have
failed unnecessarily when the name of their new objects started
with the same byte value, due to a race condition.
Also contains typofixes, documentation updates and trivial code clean-ups
Update DEPENDS
Upstream changes:
0.12 Fri, 01 Nov 2013
* Fix detection when loaded during global destruction by checking B::main_cv
instead of B::main_start
* Bump Sub::Exporter::Progressive dependency to fix loading in global
destruction
0.11 Wed, 03 Apr 2013
* Fix upgrading from version 0.09 or older
0.10 Tue, 26 Mar 2013
* Rewrite pure-perl implementation in terms of B::main_start
(greatly simplifies code)
* Fix pure-perl behavior under $^C (RT#78619))
* Separate XS portion into a compiler-optional dependency
Devel::GlobalDestruction::XS
Remove the patch which included into src upstream
Upstream changes:
1.002000 - 2013-12-10
- allow specifying by caller level, as well as specifying file, line,
and version
1.001001 2013-03-25
- fix NAME in Makefile.PL (RT#84207)
Release 3.1.1 - 2013/12/29
--------------------------
Improvements
^^^^^^^^^^^^
* [deb] Refined Groonga packages for Debian policy. [groonga-dev,01930]
[Suggested by Hideki Yamane]
* [deb] Dropped Debian 6.0 (squeeze) support.
* [deb] Dropped Ubuntu 10.04 (lucid) support.
* Supported :doc:`/reference/functions/geo_in_rectangle` in the whole world.
* Supported error report when failed to casting invalid value of geo point type.
* Exported some macros which is used for accessing pseudo column names.
[groonga-dev,1999] [Suggested by whombx]
* [doc] Refined drilldown documentation. [Reported by @Yahppo]
* Supported :doc:`/reference/functions/between` function which is used for
filtering the column value in specific range.
* [doc] Updated Travis CI envrinment information. [Patch by cosmo0920]
* [rpm][fedora] Dropped Fedora 19.
* [rpm][fedora] Supported Fedora 20.
* [doc] Updated "Groonga" notation. [Patch by cosmo0920] [GitHub#122, #123, #124, #125, #125, #126, #127, #128, #129, #130, #131, #131, #132, #133, #134]
Fixes
^^^^^
* [munin] Fixed the wrong port number which is specified for GQTP.
* [geo_in_circle] Fixed a bug that if you specify "LONGITUDExLATITUDE" as
the 3rd argument of :doc:`/reference/functions/geo_in_circle`, Groonga crashes.
Thanks
^^^^^^
* Hideki Yamane
* whombx
* @Yappo
* cosmo0920
