0.17.0
Added
Add httpx.MockTransport(), allowing to mock out a transport using pre-determined responses.
Add httpx.HTTPTransport() and httpx.AsyncHTTPTransport() default transports.
Add mount API support, using httpx.Client(mounts=...).
Add chunk_size parameter to iter_raw(), iter_bytes(), iter_text().
Add keepalive_expiry parameter to httpx.Limits() configuration.
Add repr to httpx.Cookies to display available cookies.
Add support for params=<tuple> (previously only params=<list> was supported).
Fixed
Add missing raw_path to ASGI scope.
Tweak create_ssl_context defaults to use trust_env=True.
Properly URL-escape WSGI PATH_INFO.
Properly set default ports in WSGI transport.
Properly encode slashes when using base_url.
Properly map exceptions in request.aclose().
0.15.2
Backwards Compatibility Notes
ZstdCompressor.multi_compress_to_buffer() and
ZstdDecompressor.multi_decompress_to_buffer() are no longer
available when linking against a system zstd library. These
experimental features are only available when building against the
bundled single file zstd C source file distribution.
Changes
setup.py now recognizes a ZSTD_EXTRA_COMPILER_ARGS
environment variable to specify additional compiler arguments
to use when compiling the C backend.
PyPy build and test coverage has been added to CI.
Added CI jobs for building against external zstd library.
Wheels supporting macOS ARM/M1 devices are now being produced.
References to Python 2 have been removed from the in-repo Debian packaging
code.
Significant work has been made on a Rust backend. It is currently feature
complete but not yet optimized. We are not yet shipping the backend as part
of the distributed wheels until it is more mature.
The .pyi type annotations file has replaced various default argument
values with ....
0.103.1 (2021-01-31)
ClamAV 0.103.1 is a patch release with the following fixes and improvements.
Notable changes
* Added a new scan option to alert on broken media (graphics) file formats.
This feature mitigates the risk of malformed media files intended to
exploit vulnerabilities in other software. At present media validation
exists for JPEG, TIFF, PNG, and GIF files. To enable this feature, set
AlertBrokenMedia yes in clamd.conf, or use the --alert-broken-media option
when using clamscan. These options are disabled by default in this patch
release, but may be enabled in a subsequent release. Application
developers may enable this scan option by enabling
CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit field.
* Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG typing behavior.
BMP and JPEG 2000 files will continue to detect as CL_TYPE_GRAPHICS
because ClamAV does not yet have BMP or JPEG 2000 format checking
capabilities.
Bug fixes
* Fixed PNG parser logic bugs that caused an excess of parsing errors and
fixed a stack exhaustion issue affecting some systems when scanning PNG
files. PNG file type detection was disabled via signature database update
for ClamAV version 0.103.0 to mitigate the effects from these bugs.
* Fixed an issue where PNG and GIF files no longer work with Target:5
graphics signatures if detected as CL_TYPE_PNG/GIF rather than as
CL_TYPE_GRAPHICS. Target types now support up to 10 possible file types
to make way for additional graphics types in future releases.
* Fixed clamonacc's --fdpass option.
* File descriptor passing (or "fd-passing") is a mechanism by which
clamonacc and clamdscan may transfer an open file to clamd to scan, even
if clamd is running as a non-privileged user and wouldn't otherwise have
read-access to the file. This enables clamd to scan all files without
having to run clamd as root. If possible, clamd should never be run as
root so as to mitigate the risk in case clamd is somehow compromised while
scanning malware.
* Interprocess file descriptor passing for clamonacc was broken since
version 0.102.0 due to a bug introduced by the switch to curl for
communicating with clamd. On Linux, passing file descriptors from one
process to another is handled by the kernel, so we reverted clamonacc to
use standard system calls for socket communication when fd passing is
enabled.
* Fixed a clamonacc stack corruption issue on some systems when using an
older version of libcurl. Patch courtesy of Emilio Pozuelo Monfort.
* Allow clamscan and clamdscan scans to proceed even if the realpath lookup
failed. This alleviates an issue on Windows scanning files hosted on
file- systems that do not support the GetMappedFileNameW() API such as on
ImDisk RAM-disks.
* Fixed freshclam --on-update-execute=EXIT_1 temporary directory cleanup
issue.
* clamd's log output and VirusEvent now provide the scan target's file path
instead of a file descriptor. The clamd socket API for submitting a scan
by FD-passing doesn't include a file path, this feature works by looking
up the file path by file descriptor. This feature works on Mac and Linux
but is not yet implemented for other UNIX operating systems. FD-passing
is not available for Windows.
* Fixed an issue where freshclam database validation didn't work correctly
when run in daemon mode on Linux/Unix.
Other improvements
* Scanning JPEG, TIFF, PNG, and GIF files will no longer return "parse"
errors when file format validation fails. Instead, the scan will alert
with the "Heuristics.Broken.Media" signature prefix and a descriptive
suffix to indicate the issue, provided that the "alert broken media"
feature is enabled.
* GIF format validation will no longer fail if the GIF image is missing the
trailer byte, as this appears to be a relatively common issue in otherwise
functional GIF files.
* Added a TIFF dynamic configuration (DCONF) option, which was missing.
This will allow us to disable TIFF format validation via signature
database update in the event that it proves to be problematic. This
feature already exists for many other file types.
Acknowledgements
The ClamAV team thanks the following individuals for their code submissions:
Emilio Pozuelo Monfort
pkgsrc change: use standard PECL site as MASTER_SITES.
Mon, Feb 22, 2021 - Xdebug 3.0.3
Fixed bugs:
- Fixed issue #1930: No local variables with trigger and xdebug_break()
- Fixed issue #1931: xdebug_info() output misses configuration
settings if phpinfo() has been called
- Fixed issue #1932: One line in multi-line string concatenation is
not covered
- Fixed issue #1940: Wrong type used for showing GC Stats reports
Add ruby-redmine41 (Redmine) package version 4.1.1 based
on wip/ruby-redmine.
Redmine 4.1.1 (2020-04-06)
* Security: these 2 releases include several security fixes, including
a fix for a persistent XSS vulnerability in Textile formatting, so
upgrading as soon as possible is recommanded.
Redmine 4.1.0 (2019-12-20)
Main improvements:
* New permissions
* Issue list improvements
* Issue history tabs
* Allow pasting screenshots from clipboard
* Query system for Projects page
* Bookmarks and recently used projects in the project jump box
* Custom fields visibility
* CSV Import for Time Entries
pkgsrc change: switch to use devel/ruby-redmine/redmine.mk.
0.4.1 (2020-10-04)
No release note but here are changes from commit log.
* fixes#1502 update fails cause by custom field.
* Add ca & es translations.
* fix for redmine > 4.0 where user attribute is needed for new TimeEntry.
pkgsrc change: switch to use devel/ruby-redmine/redmine.mk.
2.14.0 (2021-01-27)
* Merged #220: fixed drag & drop behavior.
2.13.0 (2020-09-26)
* Replaced node-sass with sass.
* Resolved issues with inline-svg function in Node 14.x.
2.12.1 (2020-08-11)
Fixes:
* Fixed#204 - missing context menu icons in Easy WBS plugin.
2.12.0 (2020-08-01)
Fixes:
* Fixed#196 and #199: text wrapping in certain column types.
* Merged #203: fixed pagination overlapping wiki content.
2.11.0 (2020-05-08)
Fixes:
* Fixed#179: full screen mode issues when using redmine_wysiwyg_editor
plugin.
* Fixed#177: changed styling for icon-only buttons to resolve weird
behavior on hover.
* Fixed checkbox cell padding when issue table borders are enabled.
* Added table icon to jstoolbar styles.
* Added new .inline-flex class.
New:
* Added $icon-width variable.
* Added margin in some places like after buttons, avatars.
* Changed tooltip background to black.
* Changed top menu styles.
* Restored $color-priorities variable, false by default.
* Added parse-length($value, $side) function for extracting length/width
from margin/padding/border.
* Refactored icons code.
* Improved styles for RedmineUP plugins (Agile, Checklists, CRM, Tags).
* Improved vertical alignment of certain form elements.
* Improved styles for sortable elements.
* Improved styles for Redmine Banner plugin. #189.
* The most notable change in this release is custom styles for Redmine Agile
plugin. It can be disabled by setting $agile-board-customize: false in
your custom variables file.
Overhaul ruby-redmine packge. It is still 4.0.7, latest 4.0 series.
* Introduce "redmine.mk" to support Redmine 4.1.
- RM_VERSION_DEFAULT select default Redmine release (40 or 41).
- RM_VER is set to current Redmine release (40 or 41).
* Now PKGNAME contains ${RM_VER}, such as ruby26-redmine40-4.0.7.
* Update proper gems in this package.
* Remove Gemfile.lock for safety update path.
Rails 6.1.3 (February 17, 2021)
[ActionPack]
* Re-define routes when not set correctly via inheritance.
*John Hawthorn*
[ActiveRecord]
* Fix the MySQL adapter to always set the right collation and charset
to the connection session.
*Rafael Mendonça França*
* Fix MySQL adapter handling of time objects when prepared statements
are enabled.
*Rafael Mendonça França*
* Fix scoping in enum fields using conditions that would generate
an IN clause.
*Ryuta Kamizono*
* Skip optimised #exist? query when #include? is called on a relation
with a having clause
Relations that have aliased select values AND a having clause that
references an aliased select value would generate an error when
#include? was called, due to an optimisation that would generate
call #exists? on the relation instead, which effectively alters
the select values of the query (and thus removes the aliased select
values), but leaves the having clause intact. Because the having
clause is then referencing an aliased column that is no longer
present in the simplified query, an ActiveRecord::InvalidStatement
error was raised.
An sample query affected by this problem:
Author.select('COUNT(*) as total_posts', 'authors.*')
.joins(:posts)
.group(:id)
.having('total_posts > 2')
.include?(Author.first)
This change adds an addition check to the condition that skips the
simplified #exists? query, which simply checks for the presence of
a having clause.
Fixes#41417
*Michael Smart*
* Increment postgres prepared statement counter before making a
prepared statement, so if the statement is aborted without Rails
knowledge (e.g., if app gets kill -9d during long-running query or
due to Rack::Timeout), app won't end up in perpetual crash state for
being inconsistent with Postgres.
*wbharding*, *Martin Tepper*
