3.40.0 (2019-01-25)
- Official binaries are now linked against GnuTLS 3.6.6
3.40.0-rc2 (2019-01-22)
- Fix regression introduced in rc1 where adding files to queue creates extra server items if the connection was established through the Site Manager
3.40.0-rc1 (2019-01-18)
+ Added TLS 1.3 support by linking official binaries against GnuTLS 3.6.5
+ Refactored how sites and servers are being represented internally to fix issues trigged by renaming sites in the Site Manager
- Fix display of server names containing ampersands in several dialogs
- Fix regular expression filter in the quick search panel
- Fix a crash if files are added to the queue when there are already files for multiple different servers in the queue
- Fix a crash applying filters when there are no selected files and the focused item is past the new file count
- Fix a crash if emptying the queue while a directory creation item is active
- Fix a potential crash if FileZilla is being closed the moment a delayed dialog has already been created but before it is shown.
1. Security Fixes
It was possible to use symlinks and subrepositories to defeat
Mercurial's path-checking logic and write files outside a repository.
This has been fixed. Users on older versions can either disable
subrepositories with
[subrepos] allowed = false
in their configuration or by ensuring any cloned repositories don't
contain malicious symlinks.
2. New Features
'hg histedit' will now present a curses UI if curses is available
and 'ui.interface' or 'ui.interface.histedit' is set to 'curses'.
The 'sparse-revlog' delta strategy is enabled by default for
new repositories.
See hg help config.format.sparse-revlog for details.
3. Other Notable Features
New rewrite.update-timestamp=True option to update the commit
timestamp on history editing (e.g. amend.)
New ui.message-output=stderr option for scripting, which prevents
status messages from interleaved.
New rootglob: filename pattern for a glob that is rooted at
the root of the repository. See hg help patterns and hg help
hgignore for details. Some more reimplementation of ancestry
algorithms in Rust for better performance.
4. Backwards Compatibility Changes
Boolean options passed to the logtoprocess extension are now
formatted as "0" or "1" instead of "None", "False", or "True".
The logtoprocess extension no longer supports invalid "ui.log()"
arguments. A log message is always formatted and passed in to
the "$MSG1" environment variable.
5. Internal API Changes
Status messages may be sent to a dedicated stream depending on
configuration. Don't use "ui.status()", etc. as a shorthand
for conditional writes. Use "ui.write()" for data output. Add
'exthelper' class to simplify extension writing by allowing
functions, commands, and configitems to be registered via
annotations. The previous APIs are still available for use.
The extension hook "extsetup" without a 'ui' argument has been
deprecated, and will be removed in the next version. Add a 'ui'
argument to avoid the deprecation warning.
4.3.2:
Accepted a patch from Sylvain Marie (https://github.com/smarie): now the
decorator module can decorate generator functions by preserving their
being generator functions. Set `python_requires='>=2.6, !=3.0.*, !=3.1.*'`
in setup.py, as suggested by https://github.com/hugovk.
4.3.1:
Added a section "For the impatient" to the README, addressing an issue
raised by Amir Malekpour. Added support for Python 3.7. Now
the path to the decorator module appears in the tracebacks, as suggested
by an user at EuroPython 2018.
0.13.2:
Add a non-regression test, reporting that cloudpickle versions between 0.5.4 and 0.7 introduced a bug where global variables changes in a parent process between two calls to joblib.Parallel would not be propagated into the workers
0.13.1:
Memory now accepts pathlib.Path objects as location parameter. Also, a warning is raised if the returned backend is None while location is not None.
Make Parallel raise an informative RuntimeError when the active parallel backend has zero worker.
Make the DaskDistributedBackend wait for workers before trying to schedule work. This is useful in particular when the workers are provisionned dynamically but provisionning is not immediate (for instance using Kubernetes, Yarn or an HPC job queue).
libnice 0.1.15 (2018-12-27)
===========================
Add support for Regular Nomination
Removal of the global lock over all agents
Add method to compare candidate targets
Added optional Meson build system, future releases will remove autotools
Renamed all members of PseudoTcpState enum (compile-time API change)
Now drops all packets from addresses that have not been validated by an ICE check
Multiple improvements to ICE interoperability
Improved RFC compliance
Improved OC2007 compatibility mode alternate-server support
Changes since b132:
Beta #135 - 12.02.2019
- Click delay on repeated buttons is now lowered to better match real FT2
- Certain up/down buttons now inc/dec just like real FT2, e.g. if you hold it
down it will inc/dec semi-fast for a little bit, then faster (two-phased).
- Some scrollbars were supposed to scroll instantly with no delay
- No need to do 64-bit calc. in the scrollbar routines, reverted to 32-bit
- No need to do floating point operations on mouse coord scaling!
- Some minor things were changed to better match real FT2
- Code cleanup
Beta #134 - 11.02.2019
- Mouse position was incorrectly scaled in fullscreen mode (the coursor wouldn't
move in the correct speed in some cases).
- Code cleanup (now using assert.h macro, removed some unused variables/code)
Beta #133 - 08.02.2019
- Very minor optimization to the replayer rate calculation routine
- Code cleanup
Attempting to be as factual and dispassionate as possible, explain
more about what this is (last GPL version, not just a version that is
GPL), when the 9.06 release was, and why the package came to be.
This is a terse description of the new features added to readline-8.0 since
the release of readline-7.0.
New Features in Readline
a. Non-incremental vi-mode search (`N', `n') can search for a shell pattern, as
Posix specifies (uses fnmatch(3) if available).
b. There are new `next-screen-line' and `previous-screen-line' bindable
commands, which move the cursor to the same column in the next, or previous,
physical line, respectively.
c. There are default key bindings for control-arrow-key key combinations.
d. A negative argument (-N) to `quoted-insert' means to insert the next N
characters using quoted-insert.
e. New public function: rl_check_signals(), which allows applications to
respond to signals that readline catches while waiting for input using
a custom read function.
f. There is new support for conditionally testing the readline version in an
inputrc file, with a full set of arithmetic comparison operators available.
g. There is a simple variable comparison facility available for use within an
inputrc file. Allowable operators are equality and inequality; string
variables may be compared to a value; boolean variables must be compared to
either `on' or `off'; variable names are separated from the operator by
whitespace.
h. The history expansion library now understands command and process
substitution and extended globbing and allows them to appear anywhere in a
word.
i. The history library has a new variable that allows applications to set the
initial quoting state, so quoting state can be inherited from a previous
line.
j. Readline now allows application-defined keymap names; there is a new public
function, rl_set_keymap_name(), to do that.
k. The "Insert" keypad key, if available, now puts readline into overwrite
mode.
Changes from version 4.0.1 to version 4.0.2:
- Corrected minimal GMP version in the INSTALL file and the MPFR manual.
- Option -pedantic is now always removed from __GMP_CFLAGS (see INSTALL).
- Shared caches: cleanup; really detect lock failures (abort in this case).
- Improved MPFR manual. In particular, corrected/completed the
mpfr_get_str description in order to follow the historical behavior
and GMP's mpf_get_str function.
- Bug fixes (see ChangeLog file).
libopenmpt 0.4.3 (2019-02-11)
[Sec] Possible crash due to null-pointer access when doing a portamento from an OPL instrument to an empty instrument note map slot (r11348).
[Bug] libopenmpt did not compile on Apple platforms in C++17 mode.
IT: Various fixes for note-off + instrument number in Old Effects mode.
MO3: Import IT row highlights as written by MO3 2.4.1.2 or newer. Required for modules using modern tempo mode.
miniz: Update to v2.0.8 (2018-09-19).
stb_vorbis: Update to v1.15 (2019-02-07).
libopenmpt 0.4.2 (2019-01-22)
[Sec] DSM: Assertion failure during file parsing with debug STLs (r11209).
[Sec] J2B: Assertion failure during file parsing with debug STLs (r11216).
S3M: Allow volume change of OPL instruments after Note Cut.
libopenmpt 0.4.1 (2019-01-06)
[Bug] Binaries compiled for winold (Windows XP, Vista, 7, for CPUs without SSE2 support) did not actually work on CPUs without SSE2 support.
[Bug] libmodplug: Public symbols of the C++ API had visibility=hidden set on non-MSVC systems, which made them not publicly accessible.
[Bug] Project files for Windows 10 desktop builds on ARM and ARM64 (build/vs2017win10) were missing from Windows source package.
[Bug] MSVC project files in Windows source package lacked additional files required to build DLLs.
MO3: Apply playback changes based on “ModPlug-made” header flag.
minimp3: Update to commit e9df0760e94044caded36a55d70ab4152134adc5 (2018-12-23).
libopenmpt 0.4.0 (2018-12-23)
[New] libopenmpt now includes emulation of the OPL chip and thus plays OPL instruments in S3M, C67 and MPTM files. OPL chip emulation volume can be changed with the new ctl render.opl.volume_factor.
[New] libopenmpt now supports CDFM / Composer 670 module files.
[New] Autotools configure and plain Makefile now honor the variable CXXSTDLIB_PCLIBSPRIVATE which serves the sole purpose of listing the standard library (or libraries) required for static linking. The contents of this variable will be put in libopenmpt.pc Libs.private and used for nothing else. See \ref libopenmpt_c_staticlinking .
[New] foo_openmpt: foo_openmpt now also works on Windows XP.
[New] libopenmpt Emscripten builds now ship with MP3 support by default, based on minimp3 by Lion (github.com/lieff).
[New] libopenmpt: New ctl play.at_end can be used to change what happens when the song end is reached:
“fadeout”: Fades the module out for a short while. Subsequent reads after the fadeout will return 0 rendered frames. This is the default and identical to the behaviour in previous libopenmpt versions.
“continue”: Returns 0 rendered frames when the song end is reached. Subsequent reads will continue playing from the song start or loop start. This can be used for custom loop logic, such as loop auto-detection and longer fadeouts.
“stop”: Returns 0 rendered frames when the song end is reached. Subsequent reads will return 0 rendered frames.
[New] Add new metadata fields "originaltype" and "originaltype_long" which allow more clearly reflecting what is going on with converted formats like MO3 and GDM.
[New] Makefile CONFIG=emscripten now can generate WebAssembly via the additional option EMSCRIPTEN_TARGET=wasm.
[New] Compiling for DOS is now experimentally supported via DJGPP GCC 7.2 or later.
[Change] minimp3: Instead of the LGPL-2.1-licensed minimp3 by KeyJ, libopenmpt now uses the CC0-1.0-licensed minimp3 by Lion (github.com/lieff) as a fallback if libmpg123 is unavailable. The USE_MINIMP3 Makefile option is gone and minimp3 will be used automatically in the Makefile build system if libmpg123 is not available.
[Change] openmpt123: openmpt123 now rejects --output-type in --ui and --batch modes and also rejects --output in --render mode. These combinations of options really made no sense and were rather confusing.
[Change] Android NDK build system now uses libc++ (c++_shared) instead of GNU libstdc++ (gnustl_shared), as recommended by Android NDK r16b.
[Change] xmp-openmpt: openmpt-mpg123.dll is no longer optional and must be placed into the same directory as xmp-openmpt.dll.
[Change] in_openmpt: openmpt-mpg123.dll is no longer optional and must be placed either into the directory of the player itself or into the same directory as in_openmpt.dll. This is dependent on how the player loads its plugins. For WinAMP 5, openmpt-mpg123.dll needs to be in the directory which contains winamp.exe. in_openmpt.dll needs to be in the Plugins directory.
[Change] foo_openmpt: foo_openmpt is now packaged as a fb2k-component package for easier installation.
[Change] When building libopenmpt with MinGW-w64, it is now recommended to use the posix thread model (as opposed to the win32 threading model), because the former does support std::mutex while the latter does not. When building with win32 threading model with the Autotools build system, it is recommended to provide the mingw-std-threads package. Building libopenmpt with MinGW-w64 without any std::thread/std::mutex support is deprecated and support for such configurations will be removed in libopenmpt 0.5.
[Change] Makefile CONFIG=emscripten now has 4 EMSCRIPTEN_TARGET= settings: wasm generates WebAssembly, asmjs128m generates asm.js with a fixed size 128MB heap, asmjs generates asm.js with a fixed default size heap (as of Emscripten 1.38.11, this amounts to 16MB), js generates JavaScript with dynamic heap growth and with compatibility for older VMs.
[Change] libmodplug: Update public headers to libmodplug 0.8.8.5. This adds support for kind-of automatic MODPLUG_EXPORT decoration on Windows.
[Regression] Support for Clang 3.4, 3.5 has been removed.
[Regression] Building with Android NDK older than NDK r16b is not supported any more.
[Regression] Support for Emscripten versions older than 1.38.5 has been removed.
[Regression] Support for libmpg123 older than 1.14.0 has been removed.
[Regression] Using MediaFoundation to decode MP3 samples is no longer supported. Use libmpg123 or minimp3 instead.
[Regression] libmodplug: Support for emulating libmodplug 0.8.7 API/ABI has been removed.
[Bug] xmp-openmpt: Sample rate and number of output channels were not applied correctly when using per-file settings.
[Bug] Internal mixer state was not initialized properly when initially rendering in 44100kHz stereo format.
[Bug] openmpt123: Prevent libsdl2 and libsdl from being enabled at the same time because they conflict with each other.
[Bug] libmodplug: Setting SNDMIX_NORESAMPLING in the C++ API always resulted in linear interpolation instead of nearest neighbour
IT: In Compatible Gxx mode, allow sample changes next to a tone portamento effect if a previous sample has already stopped playing.
IT: Fix broken volume envelopes with negative values as found in breakdwn.it by Elysis.
MOD: Slides and delayed notes are executed on every repetition of a row with row delay (fixes “ode to protracker”).
XM: If the sustain point of the panning envelope is reached before key-off, it is never released.
XM: Do not default recall volume / panning for delayed instrument-less notes
XM :E60 loop bug was not considered in song length calucation.
S3M: Notes without instrument number use previous note’s sample offset.
Tighten M15 and MOD file rejection heuristics.
J2B: Ignore frequency limits from file header. Fixes Medivo.j2b, broken since libopenmpt-0.2.6401-beta17.
STM: More accurate tempo calculation.
STM: Better support for early format revisions (no such files have been found in the wild, though).
STM: Last character of sample name was missing.
SFX: Work around bad conversions of the “Operation Stealth” soundtrack by turning pattern breaks into note stops.
IMF: Filter cutoff was upside down and the cutoff range was too small.
ParamEq plugin center frequency was not limited correctly.
Keep track of active SFx macro during seeking.
The “note cut” duplicate note action did not volume-ramp the previously playing sample.
A song starting with non-existing patterns could not be played.
DSM: Support restart position and 16-bit samples.
DTM: Import global volume.
MOD: Support notes in octave 2, like in FastTracker 2 (fixes DOPE.MOD).
Do not apply Amiga playback heuristics to MOD files that have clearly been written with a PC tracker.
MPTM: More logical release node behaviour.
Subsong search is now less thorough. It could previously find many subsongs that are technically correct (unplayed rows at the beginning of patterns that have been jumped over due to pattern breaks), but so far no real-world module that would require such a thorough subsong detection was found. The old mechanism caused way more false positives than intended with real-world modules, though.
Restrict the unpacked size of compressed DMF, IT, MDL and MO3 samples to avoid huge allocations with malformed small files.
0.5.2
* Fixed Google Drive login, broken by Google's new 2-page login sequence
* Added support for Google Drive two-factor authentication
* Fixed access to SharePoint root folder (tdf#101385)
* Limited the maximal number of redirections to 20 (rhbz#1410197)
* Switched library implementation to C++11 (the API remains
C++98-compatible)
* Fixed build with boost >= 1.68.0 (#19)
* Fixed encoding of OAuth2 credentials
* Dropped cppcheck run from "make check". A new "make cppcheck" target
was created for it
* Added proper API symbol exporting
* Speeded up building of tests a bit
* Fixed a few issues found by coverity and cppcheck
if MANPATH is empty but the environment variable is respected, we won't
be able to find any man pages, because fish set it to PREFIX/share/fish/man
bump PKGREVISION
libcdr 0.1.5
* Drop outdated MSVC project files.
* Fix several issues found by oss-fuzz.
* Switch from --enable-werror to --disable-werror as configure default.
* Miscellaneous code cleanups.
Enigmail 2.0.9
Released 2018-10-09, works with Thunderbird 60.0.
Notable Changes
This release addresses a security issue and solves a few regression bugs.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.8
Released 2018-08-04, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses a security issue and solves a few regression bugs.
Bugs fixed:
A security issue has been fixed that allows an attacker to prepare a plain, unauthenticated HTML message in a way that it looks like it's signed and/or encrypted.
Check the full list of fixed defects.
Enigmail 2.0.7
Released 2018-06-13, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several critical security bugs.
Bugs fixed:
Spoofing of Email signatures I (CVE-2018-12020): GnuPG 2.2.8 fixed a security bug that allows remote attackers to spoof arbitrary email signatures via the embedded "--filename" parameter in OpenPGP literal data packets. This release of Enigmail prevents the exploit for all versions of GnuPG, i.e. also if GnuPG is not updated.
Spoofing of Email signatures II (CVE-2018-12019): The signature verification routine in Enigmail interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.
Mozilla crash bug 1423895: if Enigmail is installed on Thunderbird 60b7 together with the Add-Ons "CardBook", "QuickFolders" (and possibly other Add-Ons), then Thunderbird will crash as soon as an Enigmail-specific window is opened. This version implements a workaround for the Mozilla bug.
Enigmail 2.0.6
Released 2018-05-27, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses a vulnerability that would allow an attacker to make a victim respond to a partially encrypted message and thus reveal protected information.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.5
Released 2018-05-21, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release implements a fix that prevents any form of the Efail vulnerability and similar attacks. We recommend to upgrade to this version as soon as possible.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.4
Released 2018-05-16, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release implements two workarounds to prevent from Efail vulnerabilities. We recommend to upgrade to this version as soon as possible.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.3
Released 2018-05-08, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several defects, including a crash when accessing encrypted forwarded messages.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.2
Released 2018-04-12, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses some regressions found in version 2.0/2.0.1.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.1
Released 2018-04-02, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several defects found in version 2.0.
Bugs fixed:
S/MIME signing/encryption not working correctly, if Enigmail is not enabled for an account
Emails fail to decrypt if the sender address contains brackets
Autocrypt-headers may flip manually created per-recipient rules
The key manager does not load if no key on the keyring
Check the full list of fixed defects.
Enigmail 2.0
Released 2018-03-25, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
The Encryption and Signing buttons now work for both OpenPGP and S/MIME. Enigmail will chose between S/MIME or OpenPGP depending on whether the keys for all recipients are available for the respective standard.
Support for Pretty Easy Privacy (p≡p) is implemented in Enigmail. p≡p is active by default for new users.
Support for the Autocrypt standard, which is now enabled by default. If Enigmail is used in the "classical mode" (with p≡p disabled) then Autocrypt is enabled by default.
Support for Web Key Directory (WKD) is implemented. Enigmail will try to download unavailable keys during message composition from WKD. If you use GnuPG 2.2.x, and your provider supports the Web Key Service protocol, you can also use Enigmail to upload your key to WKD.
The message subject can now be encrypted and replaced with a dummy subject, following the Memory Hole standard for protected Email Headers.
The keys on the keyring are automatically refreshed from keyservers at an irregular interval.
Enigmail was turned into a "restartless" addon. That is, once you installed Enigmail 2.0, subsequent updates will be installed without needing to restart Thunderbird.
Keys are internally addressed using the fingerprint instead of the key ID.
The minimum GnuPG version supported is now 2.0.16.
Cygwin-versions of GnuPG are no longer supported.
Bugs fixed
Many bugs were fixed. Check the list of fixed defects.
Notmuch 0.28.1 (2019-02-01)
===========================
Build System
------------
`configure` no longer uses the special variable BASH, as this causes
problems on systems where /bin/sh is bash.
