Take maintainership.
Upstream changelog:
2020-07-22 - Version 2.3
- honggfuzz.h - split run_t into substructs
- clang-format options in .clang-format
- added missing mutex initializers
- removed unncessary comparisons to 'true' and 'false'
- improved NetBSD compatibility
- removed unnecessary memory fences (speed ups)
- faster searching through the binary for const 4/8-byte values
- removed unnecessary includes with iwyu
- libhfnetdriver - general improvements around local socket fuzzing and timeouts
2020-04-24 - Version 2.2
- Added 8bitcnt instrumentation - use hfuzz-cc/hfuzz-8bitcnt-(gcc|clang) for that
- PC-guard instrumentation now uses edge counting
- --experimental_const_feedback is now set to true by default
- additional string instrumentation wrappers: glib, lcms
- additional mutators: splicing, changing ascii numbers
- additional integer comparison instrumentation (adding integers to the dynamic dictionary)
- fixed linking with ld.lld
- removed `sanitizer-coverage-prune-blocks` from hfuzz-cc.c
- most mutators have now either overwrite or insert versions
- fixed memory barriers in libhfuzz/
- implemented skip_factor which dictates how often a given input is fuzzed
- lowered the default timeout to 1 second
- honggfuzz now uses microseconds, instead of milliseconds across the code
- added some new functions to libhfcommon/files
- enabled more aggressive inlining in hfuzz-cc/
- fixed compilation dependency under MacOS X
2020-03-03 - Version 2.1
- string/int comparison enabled for targets built with *SAN, but w/o hfuzz-cc
- Parallel work made faster by using faster ATOMIC constructs (check first, then update)
- Implement --experimental_const_feedback - const string/integer feedback (used as an additional dictionary)
- Sanitizer report files are "better"-deleted (i.e. based on PID and not TID)
- New patches for fuzzing added (e.g. for bind-9.16.0/9.15.7)
- Buffered output enabled in display.c
- Some functions moved from per-arch arch.c to common subproc.c
- Compilation under MacOS X 10.15 (Catalina) is now supported
- Added suport for bfd/binutils-2.33
2019-12-07 - Version 2.0
- Coverage-based corpus minimizer with '-M'
- QEmu mode: coverage feedback for Linux binaries
- *SAN sanitizer stack-parsing improved for Linux and for POSIX
- Move signal functionality to libhfcommon/
- Fixed Android builds with newer unwind and capstone
- NetDriver: more functionality - e.g. specifying custom addresses and custom tmpfs mount points
- Examples: for /usr/bin/file, newer ISC Bind patch, improved OpenSSL code
2019-05-22 - Version 1.9
- Don't include netdriver if not needed
- Updated examples (bind/openssl)
- Add missing TEMP_FAILURE_RETRY() wrappers
- Add additional _HF_STATE_DYNAMIC_SWITCH_TO_MAIN state
2019-02-23 - Version 1.8
- Native support for NetBSD
- Multiple smaller changes wrt threading - e.g. introducing the signal thread
- Removed the support for -p (pid fuzzing), honggfuzz net driver, or persistent fuzzing mode should be used instead
- Reimplementation of memory comparison routines, now verified with glibc's test-suite
- Improved hfuzz-cc/clang/gcc - e.g. for the MacOSX platform, also using -fno-sanitize=fuzzer if -fsanitize=fuzzer is specified, + some samba code wrappers
- Examples: new corpora for some of those, new patch for ISC Bind (9.13.5)
Changes since 20.2.1:
Emit notes about redundant != assignments, as well as those that
overwrite each other.
For packages that set DISTINFO_FILE to their own distinfo file, don't
check that file twice.
- Import hints/darwin.sh patch from open pull request.
- The fenv test program in Configure caused warnings for not including
headers for printf() and exit(), causing the script to consider
fenv.h unusable.
Note that Big Sur identifies as 10.16 on Intel Macs, but as 11.0 on
Apple Silicon (ARM).
Numerous enhancements and bug fixes since 1.9, including:
Elimited refernce file size limits
SAM header API
On-the-fly indexing
Improved Amazon S3 interface
This package contains a patch for recent libcurl not in the upstream release
Remove nonportable strip option "--strip-unneeded".
POSIX strip doesn't support options.
Bump PKGREVISION because the different strip algorithm affects platforms
with support for "--strip-unneeded".
Python 3.8.5 final
Security
bpo-41304: Fixes python3x._pth being ignored on Windows, caused by the fix for bpo-29778 (CVE-2020-15801).
bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest(…).
Core and Builtins
bpo-41295: Resolve a regression in CPython 3.8.4 where defining “__setattr__” in a multi-inheritance setup and calling up the hierarchy chain could fail if builtins/extension types were involved in the base types.
Library
bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing.
bpo-39017: Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).
Documentation
bpo-37703: Updated Documentation to comprehensively elaborate on the behaviour of gather.cancel()
Build
bpo-41302: Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux distributions. Patch by Felix Yan.
macOS
bpo-40741: Update macOS installer to use SQLite 3.32.3.
IDLE
bpo-41300: Save files with non-ascii chars. Fix regression released in 3.9.0b4 and 3.8.4.
Initial bootstrap builds of pkg_install don't use libarchive. Guarding
this function (as other places are) with #ifndef BOOTSTRAP prevents
'implicit declaration of archive_...()' warnings on FreeBSD 12 and Xcode
beta, which due to -Werror broke the bootstrap.
- v5-0-1: Bug fix to not apply format to non numbers.
- v5-0-0: Introducing the Delta object, Improving Numpy support, Fixing tuples comparison when ignore_order=True, Dramatically improving the results when ignore_order=True by running in passes, Introducing pretty print view, deep_distance, purge, progress logging, cache and truncate_datetime.
- v4-3-3: Adds support for datetime.time
v1.4.1
* Patch release for Python 3.8 `importlib_metadata` support.
v1.4
* Python 3.8 support.
* ``jsonpickle.encode`` now supports the standard ``indent``
and ``separators`` arguments, and passes them through to the
active JSON backend library.
* We now include a custom handler for `array.array` objects.
* Dict key order is preserved when pickling dictionaries on Python3.
* Improved serialization of dictionaries with non-string keys.
Previously, using an enum that was both the key and a value in
a dictionary could end up with incorrect references to other
objects. The references are now properly maintained for dicts
with object keys that are also referenced in the dict's values.
* Improved serialization of pandas.Series objects.
v1.3
* Improved round tripping of default dicts.
* Better support for cyclical references when encoding with
``unpicklable=False``.
Version 2.8
Features
esptool.py image_info now prints a summary of segment memory types (IRAM, DRAM, etc) based on the address range.
esptool.py write_flash will warn if it looks like a bootloader binary is built for ESP32-S2 or another newer chip (support for flashing ESP32-S2 will be added in a future version.)
Bug Fixes
Removed ESP8266 SDK & ESP-IDF dependencies when building the flasher stub binaries. Previously the SDKs were used to include some register address macros, only. This removes any uncertainty about whether the flasher stub binary is a derived work of either SDK. The flasher stub binary itself is the same as the binary in v2.7.
Fixed minor issues running esptool automated tests on macOS.
Minor flake8 fixes including compatibility with newer flake8 versions.
ESP32 Only
Features
Support detection of new ESP32 silicon revisions
New esptool.py elf2image --min-rev X option allows creating a .bin file which only supports a minimum ESP32 silicon revision.
Bugfixes
Fix burning custom MAC with espefuse.py when 3/4 Coding Scheme is set
0.17.2:
- Added an option to pass environment variables to ``Environment``
- ``Project(...).path`` exists now
- Support for Python 3.9
- A few bugfixes
Redis 6.0.6
===========
Upgrade urgency MODERATE: several bugs with moderate impact are fixed here.
The most important issues are listed here:
* Fix crash when enabling CLIENT TRACKING with prefix
* EXEC always fails with EXECABORT and multi-state is cleared
* RESTORE ABSTTL won't store expired keys into the db
* redis-cli better handling of non-pritable key names
* TLS: Ignore client cert when tls-auth-clients off
* Tracking: fix invalidation message on flush
* Notify systemd on Sentinel startup
* Fix crash on a misuse of STRALGO
* Few fixes in module API
* Fix a few rare leaks (STRALGO error misuse, Sentinel)
* Fix a possible invalid access in defrag of scripts (unlikely to cause real harm)
New features:
* LPOS command to search in a list
* Use user+pass for MIGRATE in redis-cli and redis-benchmark in cluster mode
* redis-cli support TLS for --pipe, --rdb and --replica options
* TLS: Session caching configuration support
In (some) sandboxed environments, this would fail to build due to a
series of failures relating to setup requirements. It prefers py-pip,
so simply explicitly make that a TOOL_DEPENDS.
