Version 0.17
------------
Drop Python 2 support. Tag Python 3.10 support.
Migrate CI to GitHub actions. Add ``pypy3`` to matrix.
Tests: implement ``--skip-exe`` via custom ``pytest`` marker.
Documentation: point Anaconda users to ``conda-forge/python-graphviz``.
Move type hints from docstrings to type annotations. Improve doctests.
Examples: standardize import convention and modernize.
Re-render example notebooks with Graphviz 2.46.1.
1.1.2
- Fix a potential crash due to a reference counting error when Python
subclasses of ``greenlet.greenlet`` were deallocated. The crash
became more common on Python 3.10; on earlier versions, silent
memory corruption could result.
- Fix a leak of a list object when the last reference to a greenlet
was deleted from some other thread than the one to which it
belonged. For this to work correctly, you must call a greenlet API
like ``getcurrent()`` before the thread owning the greenlet exits:
this is a long-standing limitation that can also lead to the leak of
a thread's main greenlet if not called; we hope to lift this
limitation. Note that in some cases this may also fix leaks of
greenlet objects themselves.
- Python 3.10: Tracing or profiling into a spawned greenlet didn't
work as expected.
Release v1.41.0
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
De-experimentalize XdsCredentials and XdsServerCredentials API.
xDS: Remove environmental variable guard for security.
xDS Security: Use new way to fetch certificate provider plugin instance config.
xDS server serving status: Use a struct to allow more fields to be added in the future.
Annotate impl/codegen with IWYU pragmas.
Update submodule envoy-api to origin/main.
Upgrade third_party/protobuf to v3.17.3.
update submodule boringssl-with-bazel with origin/master-with-bazel.
Delete libuv-iomgr implementation and GRPC_UV build option.
Allow access to Google API regional endpoints via Google Default Credentials.
Remove GPR_*_TLS macros except PTHREAD.
Limit initial window size increases and per-stream window delta.
C++
Bump version to v1.41.0-pre1.
De-experimentalize XdsServerBuilder.
C++ opencensus filter: Fix point of creating context for overall call.
Flag grpc++_test library testonly.
Add note on officially supported platforms.
Open census call attempt span name and attribute changes
Open census call attempt span name and attribute changes.
C#
Backport 27382 to v1.41.x.
[csharp] Fix error loading library grpc_csharp_ext.*.dll on windows with non-ASCII encoding.
Annotate copied Content native lib items with package id to enable customization.
Objective-C
Objective-C: Fix issue with creating a Unix file socket.
Python
Use manylinux_2_17 instead of manylinux_2_24 tag for manylinux2014 aarch64 wheels.
Add Python 3.10 drop 3.5.
[Aio] Remove custom IO manager support.
This defaults to WRKSRC and allows packages that aren't primarily
written in rust, but have a rust component that needs to be built, to
support the correct operation of cargo within their source tree.
It's already added to bootstrap tools by mk, and adding it here actually
has the opposite effect of what's intended. It seems to confuse the
tools infrastructure and defer its dependency, i.e. until it's too late,
causing "digest: not found" errors if it's not already installed.
Protocol Buffers v3.18.1
Python
Update setup.py to reflect that we now require at least Python 3.5
Performance fix for DynamicMessage: force GetRaw() to be inlined
Overview of changes in 2.5.4
============================
Bugfixes
--------
- fix prompting for password on windows console if stderr redirection
is in use - this breaks 2.5.x on Win11/ARM, and might also break
on Win11/adm64 when released.
- fix setting MAC address on TAP adapters (--lladdr) to use sitnl
(was overlooked, and still used "ifconfig" calls)
- various improvements for man page building (rst2man/rst2html etc)
- minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on
at least one platform strictly checking this)
- fix minor memory leak under certain conditions in add_route() and
add_route_ipv6()
User-visible Changes
--------------------
- documentation improvements
- copyright updates where needed
- better error reporting when win32 console access fails
New features
------------
- also build man page on Windows builds
Changes with Apache 2.4.50
*) SECURITY: CVE-2021-41773: Path traversal and file disclosure
vulnerability in Apache HTTP Server 2.4.49 (cve.mitre.org)
A flaw was found in a change made to path normalization in
Apache HTTP Server 2.4.49. An attacker could use a path
traversal attack to map URLs to files outside the expected
document root.
If files outside of the document root are not protected by
"require all denied" these requests can succeed. Additionally
this flaw could leak the source of interpreted files like CGI
scripts.
This issue is known to be exploited in the wild.
This issue only affects Apache 2.4.49 and not earlier versions.
Credits: This issue was reported by Ash Daulton along with the
cPanel Security Team
*) SECURITY: CVE-2021-41524: null pointer dereference in h2 fuzzing
(cve.mitre.org)
While fuzzing the 2.4.49 httpd, a new null pointer dereference
was detected during HTTP/2 request processing,
allowing an external source to DoS the server. This requires a
specially crafted request.
The vulnerability was recently introduced in version 2.4.49. No
exploit is known to the project.
Credits: Apache httpd team would like to thank LI ZHI XIN from
NSFocus Security Team for reporting this issue.
*) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in
the uri-path when it's preceded by a dot.
*) mod_md: when MDMessageCmd for a 'challenge-setup:<type>:<dnsname>'
fails (!= 0 exit), the renewal process is aborted and an error is
reported for the MDomain. This provides scripts that distribute
information in a cluster to abort early with bothering an ACME
server to validate a dns name that will not work. The common
retry logic will make another attempt in the future, as with
other failures.
Fixed a bug when adding private key specs to an already working
MDomain, see <https://github.com/icing/mod_md/issues/260>.
*) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they
had no hostname ("unix:/...").
*) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could
run into an assertion which terminated (and restarted) the child process where
the task was running. Eventually, all OCSP responses were collected, but not
in the way that things are supposed to work.
See also <https://bz.apache.org/bugzilla/show_bug.cgi?id=65567>.
The bug was possibly triggered when more than one OCSP status needed updating
at the same time. For example for several renewed certificates after a server
reload.
*) mod_rewrite: Fix UDS ("unix:") scheme for
*) event mpm: Correctly count active child processes in parent process if
child process dies due to MaxConnectionsPerChild.
*) mod_http2: when a server is restarted gracefully, any idle h2 worker
threads are shut down immediately.
Also, change OpenSSL API use for deprecations in OpenSSL 3.0.
Adds all other, never proposed code changes to make a clean
sync of http2 sources.
*) mod_dav: Correctly handle errors returned by dav providers on REPORT
requests.
*) core: do not install core input/output filters on secondary
connections.
*) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection()
and use it to prevent that failures in running the pre_connection
hook cause crashes afterwards.
*) mod_speling: Add CheckBasenameMatch.
Python 3.10
Summary – Release highlights
New syntax features:
PEP 634, Structural Pattern Matching: Specification
PEP 635, Structural Pattern Matching: Motivation and Rationale
PEP 636, Structural Pattern Matching: Tutorial
bpo-12782, Parenthesized context managers are now officially allowed.
New features in the standard library:
PEP 618, Add Optional Length-Checking To zip.
Interpreter improvements:
PEP 626, Precise line numbers for debugging and other tools.
New typing features:
PEP 604, Allow writing union types as X | Y
PEP 613, Explicit Type Aliases
PEP 612, Parameter Specification Variables
Important deprecations, removals or restrictions:
PEP 644, Require OpenSSL 1.1.1 or newer
PEP 632, Deprecate distutils module.
PEP 623, Deprecate and prepare for the removal of the wstr member in PyUnicodeObject.
PEP 624, Remove Py_UNICODE encoder APIs
PEP 597, Add optional EncodingWarning
Django 3.2.8 fixes two bugs in 3.2.7.
Bugfixes
Fixed a bug in Django 3.2 that caused incorrect links on read-only fields in the admin.
Fixed a regression in Django 3.2 that caused incorrect selection of items across all pages when actions were placed both on the top and bottom of the admin change-list view.
This package contains a perl module to access mmap.
The Sys::Mmap module uses the POSIX mmap call to map in a file as a
Perl variable. Memory access by mmap may be shared between threads or
forked processes, and may be a disc file that has been mapped into
memory. Sys::Mmap depends on your operating system supporting UNIX or
POSIX.1b mmap, of course.
Noteworthy changes in version 2.2.31 (2021-09-15)
-------------------------------------------------
* agent: Fix a regression in GET_PASSPHRASE.
* scd: Fix an assertion failure in close_pcsc_reader.
* scd: Add support for PC/SC in "GETINFO reader_list".
Noteworthy changes in version 2.2.30 (2021-08-26)
-------------------------------------------------
* gpg: Extended gpg-check-pattern to support accept rules,
conjunctions, and case-sensitive matching.
* agent: New option --pinentry-formatted-passphrase.
* agent: New option --check-sym-passphrase-pattern.
* agent: Use the sysconfdir for the pattern files.
* agent: Add "checkpin" inquiry for use by pinentry.
* wkd: Fix client issue with leading or trailing spaces in
user-ids.
* Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry.
* Under Windows use LOCAL_APPDATA for the socket directory.
Noteworthy changes in version 2.2.29 (2021-07-04)
-------------------------------------------------
* Fix regression in 2.2.28 for Yubikey NEO.
* Change the default keyserver to keyserver.ubuntu.com. This is a
temporary change due to the shutdown of the SKS keyserver pools.
* gpg: Let --fetch-key return an exit code on failure.
* dirmngr: Fix regression in KS_GET for mail address pattern.
* Add fallback in case the Windows console can't cope with Unicode.
* Improve initialization of SPR532 in the CCID driver and make the
driver more robust.
* Make test suite work in presence of a broken Libgcrypt
installation.
* Make configure option --disable-ldap work again.
Noteworthy changes in version 2.2.28 (2021-06-10)
-------------------------------------------------
* gpg: Auto import keys specified with --trusted-keys.
* gpg: Allow decryption w/o public key but with correct card
inserted.
* gpg: Allow fingerprint based lookup with --locate-external-key.
* gpg: Lookup a missing public key of the current card via LDAP.
* gpg: New option --force-sign-key.
* gpg: Use a more descriptive password prompt for symmetric
decryption.
* gpg: Do not use the self-sigs-only option for LDAP keyserver
imports.
* gpg: Keep temp files when opening images via xdg-open.
* gpg: Fix mailbox based search via AKL keyserver method.
* gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver.
* gpg: Allow ECDH with a smartcard returning only the x-coordinate.
* gpgsm: New option --ldapserver as an alias for --keyserver. Note
that configuring servers in gpgsm and gpg is deprecated; please
use the dirmngr configuration options.
* gpgsm: Support AES-GCM decryption.
* gpgsm: Support decryption of password protected files.
* gpgsm: Lock keyboxes also during a search to fix lockups on
Windows.
* agent: Skip unknown unknown ssh curves seen on
cards.
* scdaemon: New option --pcsc-shared.
* scdaemon: Backport PKCS#15 card support from GnuPG 2.3
* scdaemon: Fix CCID driver for SCM SPR332/SPR532.
* scdaemon: Fix possible PC/SC removed card problem.
* scdaemon: Fix unblock PIN by a Reset Code with KDF.
* scdaemon: Support compressed points.
* scdaemon: Prettify S/N for Yubikeys and fix reading for early
Yubikey 5 tokens.
* dirmngr: New option --ldapserver to avoid the need for the
separate dirmngr_ldapservers.conf file.
* dirmngr: The dirmngr_ldap wrapper has been rewritten to properly
support ldap-over-tls and starttls for X.509 certificates and
CRLs.
* dirmngr: OpenPGP LDAP keyservers may now also be configured using
the same syntax as used for X.509 and CRL LDAP servers. This
avoids the former cumbersome quoting rules and adds a flexible set
of flags to control the connection.
* dirmngr: The "ldaps" scheme of an OpenPGP keyserver URL is now
interpreted as ldap-with-starttls on port 389. To use the
non-standardized ldap-over-tls the new LDAP configuration method
of the new attribute "gpgNtds" needs to be used.
* dirmngr: Return the fingerprint as search result also for LDAP
OpenPGP keyservers. This requires the modernized LDAP schema.
* dirmngr: An OpenPGP LDAP search by a mailbox now ignores revoked
keys.
* gpgconf: Make runtime changes with non-default homedir work.
* gpgconf: Do not translate an empty string to the PO file's meta
data.
* gpgconf: Fix argv overflow if --homedir is used.
* gpgconf: Return a new pseudo option "compliance_de_vs".
* gpgtar: Fix file size computation under Windows.
* Full Unicode support for the Windows command line.
* Fix problem with Windows Job objects and auto start of our
daemons.
* i18n: In German always use "Passwort" instead of "Passphrase" in
prompts.
