# Contao core bundle change log
### 4.4.8 (2017-11-15)
* Prevent SQL injections in the back end search panel (see CVE-2017-16558).
* Support class named services in System::import() and System::importStatic()
(see #1176).
* Only show pretty error screens on Contao routes (see #1149).
# Contao listing bundle change log
### 4.4.8 (2017-11-15)
* Prevent SQL injections in the listing module (see CVE-2017-16558).
While MACHINE_ARCH can be earmv6hf on NetBSD, configure has to match
what config.guess outputs, which is armv6. For now, leave the old
earmv6/7 tokens, because this code inexplicably succeeded on earmv7hf.
With this, ocaml builds and builds a working unison, on earmv6hf
(RPI3).
https://git.finalrewind.org/feh/plain/ChangeLog
Tue, 07 Nov 2017 17:36:26 +0100 Daniel Friesel <derf+feh@finalrewind.org>
* Release v2.22.2
* Fix HTTPS certificate errors on some systems (broken in 2.22)
Tue, 07 Nov 2017 07:51:48 +0100 Daniel Friesel <derf+feh@finalrewind.org>
* Release v2.22.1
* Allow ~/.fehbg to be sourced (instead of executed) from other shell
scripts again (broken in 2.22)
Sat, 04 Nov 2017 14:55:38 +0100 Daniel Friesel <derf+feh@finalrewind.org>
* Release v2.22
* Add support for CURL_CA_BUNDLE environment variable when loading images
via HTTPS
* Fix ~/.fehbg not being updated when setting a wallpaper via menu
(broken in 2.21)
6.00 2017-11-14
Released 6.00 with default API for 6_0.
Legacy 5_0 API now released separately
Trace logging now includes content-type headers where appropriate
Deprecation warnings are now parsed to extract the message only
Improved boolean value handling in query string params - now accepts
true, false, \1, \0, or a JSON::PP::Boolean object
Handle removal of '.' from @INC in perl 5.26
2.075 14 Nov 2017
* Update zlib-src directory to use zlib 1.2.11
#123245: perl 5.26.1 is vulnerable to CVE-2016-9843, CVE-2016-9841, CVE-2016-9840, CVE-2016-9842
* Zlib.xs
Don't allow offset to be greater than length of buffer in crc32.
* Zlib.xs
Change my_zcalloc to use safecalloc.
The link, https://github.com/madler/zlib/issues/253, is the upstream report for the remaining
valgrind errors not already dealt with by 1.2.11. Using calloc in Zlib.xs for now as a workaround.
#121074: valgrind errors in the test suite
4.004 Sun Nov 12
* Fix build issues from C++ style comments
* Fixup build_requires
4.003 Sun Nov 12
* Fixup Devel::CheckLib usage
* Do not compress using Snappy if the buffer is larger 2**32
* Build fixes
4.004 Sun Nov 12
* Fix build issues from C++ style comments
* Fixup build_requires
4.003 Sun Nov 12
* Fixup Devel::CheckLib usage
* Do not compress using Snappy if the buffer is larger 2**32
* Build fixes
2.4.0:
[Feature]: Add a new passphrase kwarg to SSHClient.connect so users may disambiguate key-decryption passphrases from password-auth passwords. (This is a backwards compatible change; password will still pull double duty as a passphrase when passphrase is not given.)
[Support]: Drop Python 2.6 and Python 3.3 support; now only 2.7 and 3.4+ are supported. If you’re unable to upgrade from 2.6 or 3.3, please stick to the Paramiko 2.3.x (or below) release lines.
[Support]: Include LICENSE file in wheel archives.
[Support]: Updated the test suite & related docs/metadata/config to be compatible with pytest instead of using the old, custom, crufty unittest-based test.py.
This includes marking known-slow tests (mostly the SFTP ones) so they can be filtered out by inv test‘s default behavior; as well as other minor tweaks to test collection and/or display (for example, GSSAPI tests are collected, but skipped, instead of not even being collected by default as in test.py.)
[Support]: Update tearDown of client test suite to avoid hangs due to eternally blocking accept() calls on the internal server thread (which can occur when test code raises an exception before actually connecting to the server.)
pytest-relaxed provides 'relaxed' test discovery for pytest.
Has it ever felt strange to you that we put our tests in tests/, then name the
files test_foo.py, name the test classes TestFoo, and finally name the test
methods test_foo_bar? Especially when almost all of the code inside of tests/
is, well, tests?
This pytest plugin takes a page from the rest of Python, where you don't have
to explicitly note public module/class members, but only need to hint as to
which ones are private. By default, all files and objects pytest is told to
scan will be considered tests; to mark something as not-a-test, simply prefix
it with an underscore.
PHP 7.2.x builds upon 7.1.x, adding new features:
* Argument type declarations
* Object return type declarations
* Parameter Type Widening
* Trailing commas in list syntax
* Argon2 in password hash
* Libsodium as part of PHP Core
* Deprecated: __autoload, $php_errormsg, create_function(),
mbstring.func_overload, parse_str() without second argument,
gmp_random(), each(), assert(), $errcontext
* uniqid() patch to avoid usleep() integrated, 10000x improvement on NetBSD,
about 10x on Linux
0.8.7:
Corrected some issues with the Hungarian (hu_HU) providers, such as incorrectly capitalized company suffixes, street/road type names and place names.
The Hungarian locale's providers.job.job provider now returns Hungarian job names, taken from the Hungarian National Statistical Office (KSH)'s 2008 survey nomenclature of employment (FEOR '08).
Added he_IL locale.
Fix possible infinite loop in random_sample_unique.
Add aliases to make pt_BR address provider compatible with en_US.
Fix ResourceWarning in setup.py.
Update test requirements.
Changes since 2.4.45:
Mandatory prerequisites:
- Python 2.7.x
- pyasn1 0.3.7+ and pyasn1_modules 0.1.5+
Modules/
* removed unused code schema.c
Lib/
* ldap.__version__, ldap.__author__ and ldap.__license__ now
imported from new sub-module ldap.pkginfo also to setup.py
* Added safety assertion when importing _ldap:
ldap.pkginfo.__version__ must match _ldap.__version__
* removed stand-alone module dsml
* slapdtest.SlapdObject.restart() just restarts slapd
without cleaning any data
* Compability changes for pyasn1 0.3.x or newer
(thanks to Ilya Etingof and Christian Heimes)
* The methods SSSResponseControl.decodeControlValue() and
VLVResponseControl.decodeControlValue() now follow the coding
convention to use camel-cased ASN.1 name as class attribute name.
The old class names are still set for back-ward compability
but should not be used in new code because they might be removed
in a later release.
* removed SSSRequestControl from ldap.controls.KNOWN_RESPONSE_CONTROLS
Tests/
* added explicit reconnect tests for ReconnectLDAPObject
2.4:
security fix in the rebind() method of the Connection object (thanks Daniel)
fix for Sasl credentials in Python 3 (thanks Busuwe)
fixed bug when checking for equality in MockBase
added validator parameter to Server object for custom validators
attribute values are now validated in add/compare/modify operations in the Connection object
Python types can now be used in add/compare/modify operations
compatible with the pyasn1 library from version 0.1.8 up to latest (0.3.3 for now) version
fixed compatibility with Twisted on Windows on Python 2.7 (thanks Pmisik)
fixed paged_search behaviour in Reader object
fixed regression in MockBase (thanks Markus)
fixed invalid filter sequence in MockBase (thanks SignedBit)
added compatibility with Cython (thanks Pedro)
fixed auto_encode check in validate_attribute_value for unknown attrs (thanks CFelder)
don’t encode response_value as extended_response_to_dict expects a decoded value (thanks Matthias)
compatible with the pyasn1 library from version 0.1.8 up to latest (0.3.7 for now) version
added LDAPObjectDereferenceError exception
LDAPObjectDereferenceError is raised when an object tries to dereference itself in the Abstraction Layer (thanks Daniele)
async module renamed to asynchronous for compatibility with Python 3.7 (thank Barry)
long integer are properly checked in mocking strategies (thanks gregn610)
NUMERIC_TYPES includes long for Python 2
Pytest 3.2.4:
Bug Fixes
* Fix the bug where running with --pyargs will result in items with empty parent.nodeid if run from a different root directory.
* Fix issue with @pytest.parametrize if argnames was specified as keyword arguments.
* Strip whitespace from marker names when reading them from INI config.
* Show full context of doctest source in the pytest output, if the line number of failed example in the docstring is < 9
There is an important performance bug fix specific to NetBSD here,
which disable gfid2path by default. This features causes a huge
amount of different extended attributes to be created, and the
NetBSD implementation does not scale well with it.
In order to recover a server after the feature is disabled, stop
glusterfs daemones, disable extended attributes using extattrctl,
remove ${BRICK_ROOT}/.attribute/system/trusted.gfid2path.*
re-enable extended attributes and restart glusterfs.
1.5.3
Fixes
- Add warning about time on very low TTL's in doc/protocol.txt
- pledge privdropping support for OpenBSD
- make for loop more clear in logger watcher
- fix theoretical leak in process_bin_stat
- fix use of unitialized array in lru_maintainer
- -o no_hashexpand to disable hash table expansion
- fix chunked items set in binprot, read from ascii
New Features
- adds get and touch command for ascii protocol
1.5.2
Fixes
- fix more binary protocol documentation errors.
- fix segfault during 31b -> 32b hash table expand
- don't create hashtables larger than 32bit
- some non-user-facing code changes for supporting future features.
1.5.1
Fixes
- add max_connections stat to 'stats' output
- Drop sockets from obviously malicious command strings (HTTP/)
- stats cachedump: now more likely to show data
- memcached-tool: fix slab Full? column
- fix null pointer ref in logger for bin update cmd
- default to unix sockets for tests, make them much less flaky
- PARALLEL=9 make test -> runs prove in parallel
- fix flaky stats.t test
New Features
- --enable-seccomp compiles in options for strict privilege reduction
in linux. see output of -h for more information.
1.5.0
Fixes
- fix for musl libc: avoid huge stack allocation
New Features
- LRU crawler to background-reclaim memory. Mixed-TTL's and LRU
reordering leaves many holes, making it difficult to properly size
an instance.
- Segmented LRU. HOT/WARM/COLD and background processing should try
harder to keep semi-active items in memory for longer.
- Automated slab rebalancing. Avoiding slab stagnation as objects
change size over time.
- Faster hash table lookups with murmur3 algorithm (though it's been
so long this is now outdated again;)
- Reduce memory requirements per-item by a few bytes here and there
- Immediately close connections when hitting the connection limit,
instead of hanging until a spot opens up.
- Items larger than 512k (by default) are assembled by stacking
multiple chunks together. Now raising the item size above 1m doesn't
drop memory efficiency by spreading out slab classes.
1.4.39
Fixes
- fix for CVE-2017-9951
- save four bytes per item if client flags are 0
New Features
- If client flags are "0", no extra storage is used.
1.4.38
Fixes
- hot_max_age is now hot_max_factor - HOT is now limited to 20% of
COLD's age or 20% of total space, whichever comes first.
- sleep longer between slab move runs (1ms instead of 50us)
- automove script: improve algo, add basic test
- slab_rebal: delete busy items if stuck
- fix LRU maintainer thread slowdown in edge case
- fix rare long background thread pause in hash expansion
1.4.37
Fixes
- LRU crawler: avoid running infinitely.
- fix very old memory leak in ASCII multigets. (when using multiget
gets and keys after the first one are >255 characters)
- remove old slab mover example script.
- fix crash in page mover while using large items
- automover algo python script
- avoid segfault if idle_timeout value is missing.
- fix rare crash in LRU crawler
- sleep more aggressively in some threads
- don't overflow item refcount on get
- fix solaris compilation error
- usability fix for cache_memlimit command
- fix verbose print for idle-kicker
- disable refhang.t test due to flakiness
- fix ordering issue in conn dispatch (prevents potential hangups)
New Features
- LRU crawler scheduling improvements
1.4.36
- Fix refcount leak in LRU bump buf
1.4.35
Fixes
- init.d script status check routine
- Print with more-restricted format string to fix compiler warning
with gcc 7's -Wformat-truncation.
- Display HOT/WARM tail age in stats items
- Active items in HOT' flow to WARM (algorithm fix)
- Moves to WARM requires two hits overall (algorithm fix)
- LRU maintainer performance: per-class sleep scheduling
- Allow limiting the internal LRU crawler run length
- Stop using atomics for item refcount management (performance)
- Make the conn suffix list the same as item list (performance)
- Do LRU-bumps while already holding item lock (performance)
- Reduce add_iov() work for TCP connections (performance)
New Features
- "lru" command for setting LRU parameters at runtime
- Allow switching LRU algo's at runtime
I can't find a good changelog, but upstream changes seem to be fairly
minor.
A lot of local patches have been added to ensure compatibility with the
latest version of OCaml and lablgtk, and I have cleaned up the package
Makefile a little.
